From 48e7093846ea7ba9f5da4eaab254a6d26a5849a1 Mon Sep 17 00:00:00 2001 From: Michael Sprengel Date: Mon, 18 Dec 2023 15:45:07 +0100 Subject: [PATCH] Add data ingestion mechanism --- .github/workflows/data_ingestion.yml | 37 +- .gitignore | 1 + container/Containerfile | 19 + container/conf/apt/apt.conf | 9 + container/conf/apt/sources.list | 7 + src/data_ingestion.sh | 15 + src/prepare_ingestion_container.sh | 15 + tmp/ingest-debsec/debian/CVE/list | 702763 ++++++++++++++++++++++ tmp/ingest-debsec/gardenlinux/CVE/list | 2 + tmp/ingest-debsrc/apt.conf | 9 + tmp/ingest-debsrc/sources.list | 7 + 11 files changed, 702878 insertions(+), 6 deletions(-) create mode 100644 .gitignore create mode 100644 container/Containerfile create mode 100644 container/conf/apt/apt.conf create mode 100644 container/conf/apt/sources.list create mode 100755 src/data_ingestion.sh create mode 100755 src/prepare_ingestion_container.sh create mode 100644 tmp/ingest-debsec/debian/CVE/list create mode 100644 tmp/ingest-debsec/gardenlinux/CVE/list create mode 100644 tmp/ingest-debsrc/apt.conf create mode 100644 tmp/ingest-debsrc/sources.list diff --git a/.github/workflows/data_ingestion.yml b/.github/workflows/data_ingestion.yml index 12ef536..62266ad 100644 --- a/.github/workflows/data_ingestion.yml +++ b/.github/workflows/data_ingestion.yml @@ -1,13 +1,38 @@ name: Data ingestion on: ["push", "workflow_dispatch"] jobs: - test: + data_ingestion: environment: glvd-data-ingestion name: data ingestion runs-on: ubuntu-latest + + env: + PGHOST: "${{ vars.PGHOST }}" + PGPORT: ${{ vars.PGPORT }} + PGUSER: ${{ vars.PGUSER }} + PGPASSWORD: ${{ secrets.PGPASSWORD }} + PGDATABASE: ${{ vars.PGDATABASE }} + steps: - - run: | - echo "${{ vars.PGDATABASE }}" - echo "${{ vars.PGHOST }}" - echo "${{ vars.PGPORT }}" - echo "${{ vars.PGUSER }}" \ No newline at end of file + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Build image for data ingestion container + id: build + uses: docker/build-push-action@v5 + with: + context: . + file: container/Containerfile + load: true + + - name: Run modified glvd container for data ingestion + run: > + docker run + --network host + --rm + --env PGHOST="$PGHOST" + --env PGPORT="$PGPORT" + --env PGUSER="$PGUSER" + --env PGPASSWORD="$PGPASSWORD" + --env PGDATABASE="$PGDATABASE" + ${{ steps.build.outputs.imageid }} \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..06a44e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +container/tmp/* \ No newline at end of file diff --git a/container/Containerfile b/container/Containerfile new file mode 100644 index 0000000..96ea65a --- /dev/null +++ b/container/Containerfile @@ -0,0 +1,19 @@ +# Base Image +FROM ghcr.io/gardenlinux/glvd:edge + +# Ru +RUN mkdir -p /opt/glvd-data-ingestion/ingest-debsrc && \ + mkdir -p /opt/glvd-data-ingestion/ingest-debsec + +# Copy temporary build files for container to the container +COPY conf/ /opt/glvd-data-ingestion/ingest-debsrc + +# Copy ingestion scripts into the container +Copy src/data_ingestion.sh /usr/local/bin/data_ingestion + +# Run some commands +RUN APT_CONFIG=/opt/glvd-data-ingestion/ingest-debsrc/apt.conf apt-get update + +# Adjust entrypoint and command +ENTRYPOINT /bin/bash +CMD /usr/local/bin/data_ingestion \ No newline at end of file diff --git a/container/conf/apt/apt.conf b/container/conf/apt/apt.conf new file mode 100644 index 0000000..db19b60 --- /dev/null +++ b/container/conf/apt/apt.conf @@ -0,0 +1,9 @@ +Acquire::Retries "3"; +Dir "/opt/glvd-data-ingestion/ingest-debsrc/"; +Dir::Etc::parts "/dev/null"; +Dir::Etc::Preferences "/dev/null"; +Dir::Etc::PreferencesParts "/dev/null"; +Dir::Etc::sourcelist "/opt/glvd-data-ingestion/ingest-debsrc/sources.list"; +Dir::Etc::sourceparts "/dev/null"; +Dir::Etc::trusted "/usr/share/keyrings/debian-archive-keyring.gpg"; +Dir::State "/opt/glvd-data-ingestion/ingest-debsrc/"; \ No newline at end of file diff --git a/container/conf/apt/sources.list b/container/conf/apt/sources.list new file mode 100644 index 0000000..90590e5 --- /dev/null +++ b/container/conf/apt/sources.list @@ -0,0 +1,7 @@ +deb-src https://deb.debian.org/debian bookworm main non-free-firmware +deb-src https://deb.debian.org/debian bookworm-updates main non-free-firmware +deb-src https://deb.debian.org/debian bookworm-proposed-updates main non-free-firmware +deb-src https://deb.debian.org/debian bookworm-backports main non-free-firmware +deb-src https://deb.debian.org/debian-security bookworm-security main non-free-firmware +deb-src https://deb.debian.org/debian trixie main non-free-firmware +deb-src [trusted=yes] https://repo.gardenlinux.io/gardenlinux 1337.0 main \ No newline at end of file diff --git a/src/data_ingestion.sh b/src/data_ingestion.sh new file mode 100755 index 0000000..34006d2 --- /dev/null +++ b/src/data_ingestion.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# --------- +# Ingest NVD data +#glvd-data ingest-nvd + +# --------- +# Ingest CVE lists +glvd-data ingest-debsec debian /opt/glvd/ingest-debsec/debian +glvd-data ingest-debsec gardenlinux /opt/glvd/ingest-debsec/gardenlinux + +# --------- +# Ingest Debian sources +glvd-data ingest-debsrc debian trixie /mnt/ingest-debsrc/lists/deb.debian.org_debian_dists_trixie_main_source_Sources +glvd-data ingest-debsrc gardenlinux 1336.0 /mnt/ingest-debsrc/lists/repo.gardenlinux.io_gardenlinux_dists_1337.0_main_source_Sources \ No newline at end of file diff --git a/src/prepare_ingestion_container.sh b/src/prepare_ingestion_container.sh new file mode 100755 index 0000000..b570e23 --- /dev/null +++ b/src/prepare_ingestion_container.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +# Preparation +apt update +apt install -y wget + +# Data Ingestion: Deb Sec +mkdir -p container/tmp/ingest-debsec/debian/CVE +mkdir -p container/tmp/ingest-debsec/gardenlinux/CVE +wget https://salsa.debian.org/security-tracker-team/security-tracker/-/raw/master/data/CVE/list?ref_type=heads -O container/tmp/ingest-debsec/debian/CVE/list +cp -a data/CVE/list container/tmp/ingest-debsec/gardenlinux/CVE/list + +# Data Ingestion: Deb Src +mkdir -p container/tmp/ingest-debsrc/ +cp -a container/conf/apt/* container/tmp/ingest-debsrc/ \ No newline at end of file diff --git a/tmp/ingest-debsec/debian/CVE/list b/tmp/ingest-debsec/debian/CVE/list new file mode 100644 index 0000000..9f7e66f --- /dev/null +++ b/tmp/ingest-debsec/debian/CVE/list @@ -0,0 +1,702763 @@ +CVE-2023-37544 + NOT-FOR-US: Apache Pulsar +CVE-2023-6977 (This vulnerability enables malicious users to read sensitive files on ...) + NOT-FOR-US: mlflow +CVE-2023-6976 (This vulnerability is capable of writing arbitrary files into arbitrar ...) + NOT-FOR-US: mlflow +CVE-2023-6975 (A malicious user could use this issue to get command execution on the ...) + NOT-FOR-US: mlflow +CVE-2023-6974 (A malicious user could use this issue to access internal HTTP(s) serve ...) + NOT-FOR-US: mlflow +CVE-2023-6930 (EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthentica ...) + NOT-FOR-US: EuroTel ETL3100 +CVE-2023-6929 (EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure ...) + NOT-FOR-US: EuroTel ETL3100 +CVE-2023-6928 (EuroTel ETL3100 versions v01c01 and v01x37 does not limit the number o ...) + NOT-FOR-US: EuroTel ETL3100 +CVE-2023-6689 (A successful CSRF attack could force the user to perform state changin ...) + NOT-FOR-US: EFACEC +CVE-2023-50835 (Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Adv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50707 (Through the exploitation of active user sessions, an attacker could se ...) + NOT-FOR-US: EFACEC +CVE-2023-50706 (A user without administrator permissions with access to the UC500 wind ...) + NOT-FOR-US: UC500 windows system +CVE-2023-50705 (An attacker could create malicious requests to obtain sensitive inform ...) + NOT-FOR-US: UC500 windows system +CVE-2023-50704 (An attacker could construct a URL within the application that causes a ...) + NOT-FOR-US: UC500 windows system +CVE-2023-50703 (An attacker with network access could perform a man-in-the-middle (Mit ...) + NOT-FOR-US: UC500 windows system +CVE-2023-50466 (An authenticated command injection vulnerability in Weintek cMT2078X e ...) + NOT-FOR-US: Weintek cMT2078X easyweb Web +CVE-2023-49812 (Authorization Bypass Through User-Controlled Key vulnerability in J.N. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49164 (Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49147 (An issue was discovered in PDF24 Creator 11.14.0. The configuration of ...) + NOT-FOR-US: PDF24 Creator +CVE-2023-49004 (An issue in D-Link DIR-850L v.B1_FW223WWb01 allows a remote attacker t ...) + NOT-FOR-US: D-Link +CVE-2023-48764 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48738 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48327 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47707 (IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2023-47706 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...) + NOT-FOR-US: IBM +CVE-2023-47705 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authent ...) + NOT-FOR-US: IBM +CVE-2023-47704 (IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text ha ...) + NOT-FOR-US: IBM +CVE-2023-47703 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2023-47702 (IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2023-47267 (An issue discovered in TheGreenBow Windows Enterprise Certified VPN Cl ...) + NOT-FOR-US: TheGreenBow +CVE-2023-47161 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) + NOT-FOR-US: IBM +CVE-2023-47146 (IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive ...) + NOT-FOR-US: IBM +CVE-2023-46624 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45887 (DS Wireless Communication (DWC) with DWC_VERSION_3 and DWC_VERSION_11 ...) + NOT-FOR-US: DS Wireless Communication (DWC) +CVE-2023-45172 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2023-42940 (A session rendering issue was addressed with improved session tracking ...) + NOT-FOR-US: Apple +CVE-2023-42013 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) + NOT-FOR-US: IBM +CVE-2023-42012 (An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3 ...) + NOT-FOR-US: IBM +CVE-2023-38126 (Softing edgeAggregator Restore Configuration Directory Traversal Remot ...) + NOT-FOR-US: Softing edgeAggregator +CVE-2023-37982 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35883 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6945 (A vulnerability has been found in SourceCodester Online Student Manage ...) + NOT-FOR-US: SourceCodester Online Student Management System +CVE-2023-6944 + NOT-FOR-US: Red Hat Developer Hub (RHDH) +CVE-2023-6932 (A use-after-free vulnerability in the Linux kernel's ipv4: igmp compon ...) + - linux + [bookworm] - linux 6.1.66-1 + NOTE: https://git.kernel.org/linus/e2b706c691905fe78468c361aaabc719d0a496f1 (6.7-rc4) +CVE-2023-6931 (A heap out-of-bounds write vulnerability in the Linux kernel's Perform ...) + - linux + NOTE: https://git.kernel.org/linus/382c27f4ed28f803b1f1473ac2d8db0afc795a1b (6.7-rc5) +CVE-2023-6913 (A session hijacking vulnerability has been detected in the Imou Life a ...) + NOT-FOR-US: Imou Life application +CVE-2023-6730 (Deserialization of Untrusted Data in GitHub repository huggingface/tra ...) + NOT-FOR-US: Transformers +CVE-2023-6711 (Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 th ...) + NOT-FOR-US: Hitachi +CVE-2023-6280 (An XXE (XML External Entity) vulnerability has been detected in 52Nort ...) + NOT-FOR-US: 52North WPS +CVE-2023-50376 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50272 (A potential security vulnerability has been identified in HPE Integrat ...) + NOT-FOR-US: HPE +CVE-2023-49706 (Defective request context handling in Self Service in LinOTP 3.x befor ...) + NOT-FOR-US: LinOTP +CVE-2023-49489 (Reflective Cross Site Scripting (XSS) vulnerability in KodeExplorer ve ...) + NOT-FOR-US: kalcaddle KodExplorer +CVE-2023-49006 (Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version ...) + - phpsysinfo 3.4.3-1 + NOTE: https://huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/ + NOTE: https://github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45 (v3.4.3) +CVE-2023-46804 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46803 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46266 (An attacker can send a specially crafted request which could lead to l ...) + NOT-FOR-US: Avalanche +CVE-2023-46265 (An unauthenticated could abuse a XXE vulnerability in the Smart Device ...) + NOT-FOR-US: Avalanche +CVE-2023-46264 (An unrestricted upload of file with dangerous type vulnerability exist ...) + NOT-FOR-US: Avalanche +CVE-2023-46263 (An unrestricted upload of file with dangerous type vulnerability exist ...) + NOT-FOR-US: Avalanche +CVE-2023-46262 (An unauthenticated attacked could send a specifically crafted web requ ...) + NOT-FOR-US: Ivanti +CVE-2023-46261 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46260 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46259 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46258 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46257 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46225 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46224 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46223 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46222 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46221 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46220 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46217 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-46216 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-45105 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44991 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43870 (When installing the Net2 software a root certificate is installed into ...) + NOT-FOR-US: Paxton +CVE-2023-43826 (Apache Guacamole 1.5.3 and older do not consistently ensure that value ...) + - guacamole-client + NOTE: https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 +CVE-2023-41727 (An attacker sending specially crafted data packets to the Mobile Devic ...) + NOT-FOR-US: Avalanche +CVE-2023-41648 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40602 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in D ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38481 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38478 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37390 (Deserialization of Untrusted Data vulnerability in Themesflat Themesfl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34382 (Deserialization of Untrusted Data vulnerability in weDevs Dokan \u2013 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34027 (Deserialization of Untrusted Data vulnerability in Rajnish Arora Recen ...) + NOT-FOR-US: WordPress plugin +CVE-2019-25158 (A vulnerability has been found in pedroetb tts-api up to 2.1.4 and cla ...) + NOT-FOR-US: pedroetb tts-api +CVE-2023-50762 (When processing a PGP/MIME payload that contains digitally signed text ...) + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50762 +CVE-2023-50761 (The signature of a digitally signed S/MIME email message may optionall ...) + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-50761 +CVE-2023-6862 (A use-after-free was identified in the `nsDNSService::Init`. This iss ...) + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6862 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6862 +CVE-2023-6873 (Memory safety bugs present in Firefox 120. Some of these bugs showed e ...) + - firefox 121.0-1 + - thunderbird + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6873 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6873 +CVE-2023-6864 (Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thun ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6864 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6864 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6864 +CVE-2023-6863 (The `ShutdownObserver()` was susceptible to potentially undefined beha ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6863 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6863 +CVE-2023-6872 (Browser tab titles were being leaked by GNOME to system logs. This cou ...) + - firefox 121.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6872 +CVE-2023-6871 (Under certain conditions, Firefox did not display a warning when a use ...) + - firefox 121.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6871 +CVE-2023-6870 (Applications which spawn a Toast notification in a background thread m ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6870 +CVE-2023-6869 (A `<dialog>` element could have been manipulated to paint content o ...) + - firefox 121.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6869 +CVE-2023-6868 (In some instances, the user-agent would allow push requests which lack ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6868 +CVE-2023-6861 (The `nsWindow::PickerOpen(void)` method was susceptible to a heap buff ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6861 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6861 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6861 +CVE-2023-6867 (The timing of a button click causing a popup to disappear was approxim ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6867 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6867 +CVE-2023-6860 (The `VideoBridge` allowed any content process to use textures produced ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6860 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6860 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6860 +CVE-2023-6866 (TypedArrays can be fallible and lacked proper exception handling. This ...) + - firefox 121.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6866 +CVE-2023-6859 (A use-after-free condition affected TLS socket creation when under mem ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6859 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6859 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6859 +CVE-2023-6858 (Firefox was susceptible to a heap buffer overflow in `nsTextFragment` ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6858 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6858 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6858 +CVE-2023-6857 (When resolving a symlink, a race may occur where the buffer passed to ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6857 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6857 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6857 +CVE-2023-6865 (`EncryptingOutputStream` was susceptible to exposing uninitialized dat ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6865 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6865 +CVE-2023-6856 (The WebGL `DrawElementsInstanced` method was susceptible to a heap buf ...) + - firefox 121.0-1 + - firefox-esr 115.6.0esr-1 + - thunderbird 1:115.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6856 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/#CVE-2023-6856 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/#CVE-2023-6856 +CVE-2023-6135 (Multiple NSS NIST curves were susceptible to a side-channel attack kno ...) + - nss 2:3.95-1 (bug #1059054) + - firefox 121.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/#CVE-2023-6135 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1853908 (not public) + NOTE: Fixed via: https://bugzilla.mozilla.org/show_bug.cgi?id=1861728 + NOTE: https://hg.mozilla.org/projects/nss/rev/e68b42b773657000078d104aaccbe26e71a1e0be + NOTE: Fixed via: https://bugzilla.mozilla.org/show_bug.cgi?id=1863605 + NOTE: https://hg.mozilla.org/projects/nss/rev/39f0db972e9d4803f386585bc4d8858ad6f019b8 +CVE-2023-49734 (An authenticated Gamma user has the ability to create a dashboard and ...) + NOT-FOR-US: Apache Superset +CVE-2023-49736 (A where_in JINJA macro allows users to specify a quote, which combined ...) + NOT-FOR-US: Apache Superset +CVE-2023-46104 (Uncontrolled resource consumption can be triggered by authenticated at ...) + NOT-FOR-US: Apache Superset +CVE-2023-XXXX [RUSTSEC-2023-0074] + - rust-zerocopy + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0074.html + NOTE: https://github.com/google/zerocopy/issues/716 +CVE-2023-6940 (with only one user interaction(download a malicious config), attackers ...) + NOT-FOR-US: mlflow +CVE-2023-6488 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6355 (Incorrect selection of fuse values in the Controller 7000 platform all ...) + NOT-FOR-US: Gallagher +CVE-2023-6315 (Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all p ...) + NOT-FOR-US: FPWin Pro +CVE-2023-6314 (Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previ ...) + NOT-FOR-US: FPWin Pro +CVE-2023-5432 (The Jquery news ticker plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5413 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49821 (Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat \ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49819 (Deserialization of Untrusted Data vulnerability in Gordon B\xf6hme, An ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49763 (Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49761 (Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Prod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49760 (Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49759 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49163 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49155 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49153 (Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49148 (Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48781 (Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkR ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48778 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48773 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48772 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Preve ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48769 (Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bub ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48768 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48751 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47754 (Missing Authorization vulnerability in Clever plugins Delete Duplicate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47558 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47506 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46686 (A reliance on untrusted inputs in a security decision could be exploit ...) + NOT-FOR-US: Gallagher +CVE-2023-46212 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46154 (Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44982 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-42015 (IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, ...) + NOT-FOR-US: IBM +CVE-2023-41967 (Sensitive information uncleared after debug/power state transition in ...) + NOT-FOR-US: Gallagher +CVE-2023-40691 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + NOT-FOR-US: IBM +CVE-2023-34168 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33331 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2019-25157 (A vulnerability was found in Ethex Contracts. It has been classified a ...) + NOT-FOR-US: Ethex Contracts +CVE-2014-125107 (A vulnerability was found in Corveda PHPSandbox 1.3.4 and classified a ...) + NOT-FOR-US: Corveda PHPSandbox +CVE-2023-6927 (A flaw was found in Keycloak. This issue may allow an attacker to stea ...) + NOT-FOR-US: Keycloak +CVE-2023-6920 + REJECTED +CVE-2023-6911 (Multiple WSO2 products have been identified as vulnerable due to impro ...) + NOT-FOR-US: WSO2 +CVE-2023-6817 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/317eb9685095678f2c9f5a8189de698c5354316a (6.7-rc5) +CVE-2023-6778 (Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/cle ...) + NOT-FOR-US: ClearML Open Source Server +CVE-2023-6691 (Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code inje ...) + NOT-FOR-US: Cambium ePMP Force +CVE-2023-6295 (The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6289 (The Swift Performance Lite WordPress plugin before 2.3.6.15 does not p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6272 (The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6222 (IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6203 (The Events Calendar WordPress plugin before 6.2.8.1 discloses the cont ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6077 (The Slider WordPress plugin before 3.5.12 does not ensure that posts t ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6065 (The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn' ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5949 (The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5886 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5882 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5348 (The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5005 (The Autocomplete Location field Contact Form 7 WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2023-51385 (In ssh in OpenSSH before 9.6, OS command injection might occur if a us ...) + - openssh 1:9.6p1-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2 + NOTE: https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a (V_9_6_P1) +CVE-2023-51384 (In ssh-agent in OpenSSH before 9.6, certain destination constraints ca ...) + - openssh 1:9.6p1-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/2 + NOTE: https://github.com/openssh/openssh-portable/commit/881d9c6af9da4257c69c327c4e2f1508b2fa754b (V_9_6_P1) +CVE-2023-50372 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4724 (The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4311 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49855 (Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Men ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49854 (Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49853 (Cross-Site Request Forgery (CSRF) vulnerability in PayTR \xd6deme ve E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49844 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerf ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49843 (Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First O ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49840 (Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Curr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48766 (Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48762 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetEleme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48755 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler tea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47806 (Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47789 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47787 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47741 (IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser cl ...) + NOT-FOR-US: IBM +CVE-2023-46617 (Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46177 (IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to t ...) + NOT-FOR-US: IBM +CVE-2023-39509 (A command injection vulnerability exists in Bosch IP cameras that allo ...) + NOT-FOR-US: Bosch IP cameras +CVE-2023-35867 (An improper handling of a malformed API answer packets to API clients ...) + NOT-FOR-US: Bosch +CVE-2023-33214 (Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox \u201 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32728 (The Zabbix Agent 2 item key smart.disk.get does not sanitize its param ...) + TODO: check +CVE-2023-32727 (An attacker who has the privilege to configure Zabbix items can use fu ...) + TODO: check +CVE-2023-32726 (The vulnerability is caused by improper check for check if RDLENGTH do ...) + TODO: check +CVE-2023-32725 (The website configured in the URL widget will receive a session cookie ...) + TODO: check +CVE-2023-32230 (An improper handling of a malformed API request to an API server in Bo ...) + NOT-FOR-US: Bosch +CVE-2023-46447 [Rogue Session Attack in AsyncSSH] + - python-asyncssh + NOTE: https://terrapin-attack.com/ +CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, found in O ...) + - dropbear (bug #1059001) + - erlang 1:25.3.2.8+dfsg-1 (bug #1059002) + - golang-go.crypto (bug #1059003) + - jsch (ChaCha20-Poly1305 support introduced in 0.1.61; *-EtM support introduced in 0.1.58) + - libssh (bug #1059004) + - libssh2 (bug #1059005) + [bookworm] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) + [bullseye] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) + [buster] - libssh2 (ChaCha20-Poly1305 and CBC-EtM support not present) + - openssh 1:9.6p1-1 + - paramiko (bug #1059006) + - proftpd-dfsg (bug #1059144) + - proftpd-mod-proxy + - putty 0.80-1 + - python-asyncssh (bug #1059007) + - tinyssh (bug #1059058) + - trilead-ssh2 + NOTE: https://terrapin-attack.com/ + NOTE: https://www.openwall.com/lists/oss-security/2023/12/18/3 + NOTE: dropbear: https://github.com/mkj/dropbear/commit/6e43be5c7b99dbee49dc72b6f989f29fdd7e9356 + NOTE: Erlang/OTP: https://github.com/erlang/otp/commit/ee67d46285394db95133709cef74b0c462d665aa (OTP-24.3.4.15, OTP-25.3.2.8, OTP-26.2.1) + NOTE: golang.org/x/crypto/ssh: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg + NOTE: golang.org/x/crypto/ssh: https://github.com/golang/go/issues/64784 + NOTE: golang.org/x/crypto/ssh: https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d (v0.17.0) + NOTE: jsch: https://github.com/mwiede/jsch/issues/457 + NOTE: jsch: https://github.com/norrisjeremy/jsch/commit/6214da974286a8b94a95f4cf6cec96e972ffd370 (jsch-0.2.15) + NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/4cef5e965a46e9271aed62631b152e4bd23c1e3c (libssh-0.10.6) + NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/0870c8db28be9eb457ee3d4f9a168959d9507efd (libssh-0.10.6) + NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/5846e57538c750c5ce67df887d09fa99861c79c6 (libssh-0.10.6) + NOTE: libssh: https://gitlab.com/libssh/libssh-mirror/-/commit/89df759200d31fc79fbbe213d8eda0d329eebf6d (libssh-0.10.6) + NOTE: libssh2: https://github.com/libssh2/libssh2/issues/1290 + NOTE: libssh2: https://github.com/libssh2/libssh2/pull/1291 + NOTE: libssh2: https://github.com/libssh2/libssh2/commit/d34d9258b8420b19ec3f97b4cc5bf7aa7d98e35a + NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2 + NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1) + NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337 + NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760 + NOTE: proftpd: https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682 (v1.3.9rc2) + NOTE: proftpd: https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b (v1.3.8b) + NOTE: proftpd-mod-proxy: https://github.com/Castaglia/proftpd-mod_proxy/issues/257 + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9e099151574885f3c717ac10a633a9218db8e7bb (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=f2e7086902b3605c96e54ef9c956ca7ab000010e (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=9fcbb86f715bc03e58921482efe663aa0c662d62 (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=244be5412728a7334a2d457fbac4e0a2597165e5 (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=58fc33a155ad496bdcf380fa6193302240a15ae9 (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=0b00e4ce26d89cd010e31e66fd02ac77cb982367 (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=fdc891d17063ab26cf68c74245ab1fd9771556cb (0.80) + NOTE: PuTTY: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=b80a41d386dbfa1b095c17bd2ed001477f302d46 (0.80) + NOTE: asyncssh: https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55 + NOTE: asyncssh: https://github.com/ronf/asyncssh/commit/0bc73254f41acb140187e0c89606311f88de5b7b (v2.14.2) + NOTE: tinyssh: https://github.com/janmojzis/tinyssh/issues/81 +CVE-2023-41314 (The api /api/snapshot and /api/get_log_file would allow unauthenticate ...) + NOT-FOR-US: Apache Doris +CVE-2023-6909 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) + NOT-FOR-US: mlflow +CVE-2023-6908 (A vulnerability, which was classified as problematic, was found in DFI ...) + NOT-FOR-US: DFIRKuiper Kuiper +CVE-2023-6907 (A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2 ...) + NOT-FOR-US: codelyfe Stupid Simple CMS +CVE-2023-6906 (A vulnerability, which was classified as critical, was found in Totoli ...) + NOT-FOR-US: Totolink +CVE-2023-6905 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Jahastech NxFilter +CVE-2023-6904 (A vulnerability classified as problematic was found in Jahastech NxFil ...) + NOT-FOR-US: Jahastech NxFilter +CVE-2023-6903 (A vulnerability classified as critical has been found in Netentsec NS- ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-6483 (The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as ...) + NOT-FOR-US: ADiTaaS (Allied Digital Integrated Tool-as-a-Service) +CVE-2023-50981 (ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows atta ...) + - libcrypto++ + NOTE: https://github.com/weidai11/cryptopp/issues/1249 +CVE-2023-50980 (gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to ...) + - libcrypto++ + NOTE: https://github.com/weidai11/cryptopp/issues/1248 + TODO: check details about mitigation applied, but issue in per se "unfixed" +CVE-2023-50979 (Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during ...) + - libcrypto++ + NOTE: https://github.com/weidai11/cryptopp/issues/1247 +CVE-2023-50976 (Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authoriz ...) + NOT-FOR-US: Redpanda +CVE-2023-6902 (A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2 ...) + NOT-FOR-US: Stupid Simple CMS +CVE-2023-6901 (A vulnerability, which was classified as critical, was found in codely ...) + NOT-FOR-US: Stupid Simple CMS +CVE-2023-6900 (A vulnerability, which was classified as critical, has been found in r ...) + NOT-FOR-US: rmountjoy92 DashMachine +CVE-2023-6899 (A vulnerability classified as problematic was found in rmountjoy92 Das ...) + NOT-FOR-US: rmountjoy92 DashMachine +CVE-2023-6898 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-6896 (A vulnerability was found in SourceCodester Simple Image Stack Website ...) + NOT-FOR-US: SourceCodester Simple Image Stack Website +CVE-2023-50271 (A potential security vulnerability has been identified with HP-UX Syst ...) + NOT-FOR-US: HP-UX System Management Homepage (SMH) +CVE-2023-49834 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX \u20 ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-49824 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Produ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49816 (Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solution ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49775 (Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV I ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49769 (Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49751 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Blo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6895 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) + NOT-FOR-US: Hikvision Intercom Broadcasting System +CVE-2023-6894 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) + NOT-FOR-US: Hikvision Intercom Broadcasting System +CVE-2023-6893 (A vulnerability was found in Hikvision Intercom Broadcasting System 3. ...) + NOT-FOR-US: Hikvision Intercom Broadcasting System +CVE-2023-6891 (A vulnerability has been found in PeaZip 9.4.0 and classified as probl ...) + NOT-FOR-US: PeaZip +CVE-2023-6888 (A vulnerability classified as critical was found in PHZ76 RtspServer 1 ...) + NOT-FOR-US: PHZ76 RtspServer +CVE-2023-6887 (A vulnerability classified as critical has been found in saysky Forest ...) + NOT-FOR-US: ForestBlog +CVE-2023-6886 (A vulnerability was found in xnx3 wangmarket 6.1. It has been rated as ...) + NOT-FOR-US: xnx3 wangmarket +CVE-2023-6885 (A vulnerability was found in Tongda OA 2017 up to 11.10. It has been d ...) + NOT-FOR-US: Tongda OA +CVE-2023-50965 (In MicroHttpServer (aka Micro HTTP Server) through 4398570, _ReadStati ...) + NOT-FOR-US: MicroHttpServer +CVE-2023-50784 (A buffer overflow in websockets in UnrealIRCd 6.1.0 through 6.1.3 befo ...) + - unrealircd (bug #515130) +CVE-2023-6890 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-6889 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-6853 (A vulnerability classified as critical was found in kalcaddle KodExplo ...) + NOT-FOR-US: kalcaddle KodExplorer +CVE-2023-6852 (A vulnerability classified as critical has been found in kalcaddle Kod ...) + NOT-FOR-US: kalcaddle KodExplorer +CVE-2023-6851 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) + NOT-FOR-US: kalcaddle KodExplorer +CVE-2023-6850 (A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It h ...) + NOT-FOR-US: kalcaddle KodExplorer +CVE-2023-6559 (The MW WP Form plugin for WordPress is vulnerable to arbitrary file de ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6849 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) + NOT-FOR-US: kalcaddle kodbox +CVE-2023-6848 (A vulnerability was found in kalcaddle kodbox up to 1.48. It has been ...) + NOT-FOR-US: kalcaddle kodbox +CVE-2023-50728 (octokit/webhooks is a GitHub webhook events toolset for Node.js. Start ...) + NOT-FOR-US: octokit/webhooks (GitHub webhook events toolset for Node.js) +CVE-2023-50469 (Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discov ...) + NOT-FOR-US: Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 +CVE-2023-50266 (Bazarr manages and downloads subtitles. In version 1.2.4, the proxy me ...) + NOT-FOR-US: Bazarr +CVE-2023-50265 (Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swagg ...) + NOT-FOR-US: Bazarr +CVE-2023-50264 (Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contain ...) + NOT-FOR-US: Bazarr +CVE-2023-4020 (An unvalidated input in a library function responsible for communicati ...) + NOT-FOR-US: Silicon Labs +CVE-2023-39340 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) + NOT-FOR-US: Ivanti +CVE-2023-31813 + REJECTED +CVE-2023-6839 (Due to improper error handling, a REST API resource could expose a ser ...) + NOT-FOR-US: WSO2 +CVE-2023-6838 (Reflected XSS vulnerability can be exploited by tampering a request pa ...) + NOT-FOR-US: WSO2 +CVE-2023-6837 (Multiple WSO2 products have been identified as vulnerable to perform u ...) + NOT-FOR-US: WSO2 +CVE-2023-6836 (Multiple WSO2 products have been identified as vulnerable due to an XM ...) + NOT-FOR-US: WSO2 +CVE-2023-6835 (Multiple WSO2 products have been identified as vulnerable due to lack ...) + NOT-FOR-US: WSO2 +CVE-2023-6553 (The Backup Migration plugin for WordPress is vulnerable to Remote Code ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5310 (A denial of service vulnerability exists in all Silicon Labs Z-Wave co ...) + NOT-FOR-US: Silicon Labs Z-Wavecontroller and endpoint devices running Z-Wave SDK +CVE-2023-50918 (app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandl ...) + NOT-FOR-US: MISP +CVE-2023-50917 (MajorDoMo (aka Major Domestic Module) before 0662e5e allows command ex ...) + NOT-FOR-US: MajorDoMo (aka Major Domestic Module) +CVE-2023-50871 (In JetBrains YouTrack before 2023.3.22268 authorization check for inli ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2023-50870 (In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-50723 (XWiki Platform is a generic wiki platform. Starting in 2.3 and prior t ...) + NOT-FOR-US: XWiki +CVE-2023-50722 (XWiki Platform is a generic wiki platform. Starting in 2.3 and prior t ...) + NOT-FOR-US: XWiki +CVE-2023-50721 (XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and pr ...) + NOT-FOR-US: XWiki +CVE-2023-50720 (XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, ...) + NOT-FOR-US: XWiki +CVE-2023-50719 (XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 ...) + NOT-FOR-US: XWiki +CVE-2023-50089 (A Command Injection vulnerability exists in NETGEAR WNR2000v4 version ...) + NOT-FOR-US: NETGEAR +CVE-2023-49829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Themeum Tutor LMS +CVE-2023-49823 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49749 (Cross-Site Request Forgery (CSRF) vulnerability in SureTriggers SureTr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49747 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49744 (Cross-Site Request Forgery (CSRF) vulnerability in Gift Up Gift Up Gif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49197 (Cross-Site Request Forgery (CSRF) vulnerability in Apasionados, Apasio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49191 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49190 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49189 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49188 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49187 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49185 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49184 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49183 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49182 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49181 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49180 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49179 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49177 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49176 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49175 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49174 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49170 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49169 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49165 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49160 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49159 (Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital So ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48765 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48624 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48623 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48622 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48621 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48620 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48619 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48618 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48617 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48616 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48615 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48614 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48613 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48612 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48611 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48610 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48609 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48608 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48607 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48606 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48605 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48604 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48603 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48602 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48601 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48600 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48599 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48598 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48597 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48596 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48595 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48594 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48593 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48592 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48591 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48590 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48589 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48588 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48587 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48586 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48585 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48584 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48583 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48582 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48581 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48580 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48579 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48578 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48577 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48576 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48575 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48574 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48573 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48572 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48571 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48570 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48569 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48568 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48567 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48566 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48565 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48564 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48563 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48562 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48561 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48560 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48559 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48558 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48557 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48556 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48555 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48554 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48553 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48552 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48551 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48550 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48549 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48548 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48547 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48546 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48545 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48544 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48543 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48542 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48541 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48540 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48539 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48538 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48537 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48536 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48535 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48534 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48533 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48532 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48531 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48530 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48529 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48528 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48527 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48526 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48525 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48524 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48523 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48522 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48521 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48520 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48519 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48518 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48517 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48516 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48515 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48514 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48513 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48512 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48511 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48510 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48509 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48508 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48507 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48506 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48505 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48504 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48503 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48502 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48501 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48500 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48499 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48498 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48497 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48496 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48495 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48494 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48493 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48492 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48491 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48490 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48489 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48488 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48487 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48486 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48485 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48484 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48483 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48482 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48481 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48480 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48479 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48478 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48477 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48476 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48475 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48474 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48473 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48472 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48471 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48470 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48469 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48468 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48467 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48466 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48465 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48464 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48463 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48462 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48461 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48460 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48459 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48458 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48457 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48456 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48455 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48454 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48453 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48452 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48451 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48450 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48449 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48448 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48447 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48446 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48445 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48444 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48443 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48442 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48441 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48440 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-48395 (Kaifa Technology WebITR is an online attendance system, it has insuffi ...) + NOT-FOR-US: Kaifa Technology WebITR +CVE-2023-48394 (Kaifa Technology WebITR is an online attendance system, its file uploa ...) + NOT-FOR-US: Kaifa Technology WebITR +CVE-2023-48393 (Kaifa Technology WebITR is an online attendance system. A remote attac ...) + NOT-FOR-US: Kaifa Technology WebITR +CVE-2023-48392 (Kaifa Technology WebITR is an online attendance system, it has a vulne ...) + NOT-FOR-US: Kaifa Technology WebITR +CVE-2023-48390 (Multisuns EasyLog web+ has a code injection vulnerability. An unauthen ...) + NOT-FOR-US: Multisuns EasyLog web+ +CVE-2023-48389 (Multisuns EasyLog web+ has a path traversal vulnerability within its p ...) + NOT-FOR-US: Multisuns EasyLog web+ +CVE-2023-48388 (Multisuns EasyLog web+ has a vulnerability of using hard-coded credent ...) + NOT-FOR-US: Multisuns EasyLog web+ +CVE-2023-48387 (TAIWAN-CA(TWCA) JCICSecurityTool's Registry-related functions have ins ...) + NOT-FOR-US: TAIWAN-CA(TWCA) JCICSecurityTool +CVE-2023-48384 (ArmorX Global Technology Corporation ArmorX Spam has insufficient vali ...) + NOT-FOR-US: ArmorX Global Technology Corporation ArmorX Spam +CVE-2023-48382 (Softnext Mail SQR Expert is an email management platform, it has a Loc ...) + NOT-FOR-US: Softnext Mail SQR Expert +CVE-2023-48381 (Softnext Mail SQR Expert is an email management platform, it has a Loc ...) + NOT-FOR-US: Softnext Mail SQR Expert +CVE-2023-48380 (Softnext Mail SQR Expert is an email management platform, it has insuf ...) + NOT-FOR-US: Softnext Mail SQR Expert +CVE-2023-47065 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-47064 (Adobe Experience Manager versions 6.5.18 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-46116 (Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows u ...) + NOT-FOR-US: Tutanota (Tuta Mail) +CVE-2023-33222 (When handling contactless cards, usage of a specific function to get a ...) + NOT-FOR-US: Idemia producs +CVE-2023-33221 (When reading DesFire keys, the function that reads the card isn't prop ...) + NOT-FOR-US: Idemia producs +CVE-2023-33220 (During the retrofit validation process, the firmware doesn't properly ...) + NOT-FOR-US: Idemia producs +CVE-2023-33219 (The handler of the retrofit validation command doesn't properly check ...) + NOT-FOR-US: Idemia producs +CVE-2023-33218 (The Parameter Zone Read and Parameter Zone Write command handlers allo ...) + NOT-FOR-US: Idemia producs +CVE-2023-33217 (By abusing a design flaw in the firmware upgrade mechanism of the impa ...) + NOT-FOR-US: Idemia producs +CVE-2023-46279 (Deserialization of Untrusted Data vulnerability in Apache Dubbo.This i ...) + NOT-FOR-US: Apache Dubbo +CVE-2023-49898 (In streampark, there is a project module that integrates Maven's compi ...) + NOT-FOR-US: Apache StreamPark +CVE-2023-6832 (Business Logic Errors in GitHub repository microweber/microweber prior ...) + NOT-FOR-US: microweber +CVE-2023-6831 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) + NOT-FOR-US: mlflow +CVE-2023-6827 (The Essential Real Estate plugin for WordPress is vulnerable to arbitr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6826 (The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50715 (Home Assistant is open source home automation software. Prior to versi ...) + NOT-FOR-US: Home assistant +CVE-2023-4489 (The first S0 encryption key is generated with an uninitialized PRNG in ...) + NOT-FOR-US: Silicon Labs +CVE-2023-48379 (Softnext Mail SQR Expert is an email management platform, it has inade ...) + NOT-FOR-US: Softnext Mail SQR Expert +CVE-2023-48378 (Softnext Mail SQR Expert has a path traversal vulnerability within its ...) + NOT-FOR-US: Softnext Mail SQR Expert +CVE-2023-48376 (SmartStar Software CWS is a web-based integration platform, its file u ...) + NOT-FOR-US: SmartStar Software CWS +CVE-2023-48375 (SmartStar Software CWS is a web-based integration platform, it has a v ...) + NOT-FOR-US: SmartStar Software CWS +CVE-2023-48374 (SmartStar Software CWS is a web-base integration platform, it has a vu ...) + NOT-FOR-US: SmartStar Software CWS +CVE-2023-48373 (ITPison OMICARD EDM has a path traversal vulnerability within its para ...) + NOT-FOR-US: ITPison OMICARD EDM +CVE-2023-48372 (ITPison OMICARD EDM 's SMS-related function has insufficient validatio ...) + NOT-FOR-US: ITPison OMICARD EDM +CVE-2023-48371 (ITPison OMICARD EDM\u2019s file uploading function does not restrict u ...) + NOT-FOR-US: ITPison OMICARD EDM +CVE-2023-48050 (SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biom ...) + NOT-FOR-US: Cams Biometrics Zkteco +CVE-2023-48049 (A SQL injection vulnerability in Cybrosys Techno Solutions Website Blo ...) + NOT-FOR-US: Cybrosys Techno Solutions +CVE-2023-42183 (lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post- ...) + NOT-FOR-US: Classic LOCKSS Daemon +CVE-2023-40954 (A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress ...) + NOT-FOR-US: Grzegorz Marczynski Dynamic Progress Bar +CVE-2023-36878 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-6595 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-6572 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: gradio +CVE-2023-6571 (Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow) + NOT-FOR-US: kubeflow +CVE-2023-6570 (Server-Side Request Forgery (SSRF) in kubeflow/kubeflow) + NOT-FOR-US: kubeflow +CVE-2023-6569 (External Control of File Name or Path in h2oai/h2o-3) + NOT-FOR-US: h2oai/h2o-3 +CVE-2023-6563 (An unconstrained memory consumption vulnerability was discovered in Ke ...) + NOT-FOR-US: Keycloak +CVE-2023-6545 (The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to ...) + NOT-FOR-US: authelia-bhf as included in Beckhoffs TwinCAT/BSD +CVE-2023-6368 (In WhatsUp Gold versions released before 2023.1, an API endpoint was f ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-6367 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-6366 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-6365 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-6364 (In WhatsUp Gold versions released before 2023.1, a stored cross-site s ...) + NOT-FOR-US: WhatsUp Gold +CVE-2023-5769 (A vulnerability exists in the webserver that affects the RTU500 serie ...) + NOT-FOR-US: Hitachi +CVE-2023-5592 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) + NOT-FOR-US: PHOENIX +CVE-2023-50713 (Speckle Server provides server, frontend, 3D viewer, and other JavaScr ...) + NOT-FOR-US: Speckle Server +CVE-2023-50710 (Hono is a web framework written in TypeScript. Prior to version 3.11.7 ...) + NOT-FOR-US: Hono +CVE-2023-50566 (A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UT ...) + NOT-FOR-US: EyouCMS +CVE-2023-50565 (A cross-site scripting (XSS) vulnerability in the component /logs/dopo ...) + NOT-FOR-US: RPCMS +CVE-2023-50564 (An arbitrary file upload vulnerability in the component /inc/modules_i ...) + NOT-FOR-US: Pluck CMS +CVE-2023-50563 (Semcms v4.8 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: Semcms +CVE-2023-50472 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) + - cjson + NOTE: https://github.com/DaveGamble/cJSON/issues/803 + NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 +CVE-2023-50471 (cJSON v1.7.16 was discovered to contain a segmentation violation via t ...) + - cjson + NOTE: https://github.com/DaveGamble/cJSON/issues/802 + NOTE: Fixed by: https://github.com/DaveGamble/cJSON/commit/60ff122ef5862d04b39b150541459e7f5e35add8 +CVE-2023-50371 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50370 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50369 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50368 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-50269 (Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion ...) + - squid (bug #1058721) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3 + NOTE: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch + NOTE: http://www.squid-cache.org/Versions/v6/SQUID-2023_10.patch +CVE-2023-50137 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the sit ...) + NOT-FOR-US: JFinalcms +CVE-2023-50102 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: JFinalcms +CVE-2023-50101 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label ...) + NOT-FOR-US: JFinalcms +CVE-2023-50100 (JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carous ...) + NOT-FOR-US: JFinalcms +CVE-2023-50073 (EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: EmpireCMS +CVE-2023-50017 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-50011 (PopojiCMS version 2.0.1 is vulnerable to remote command execution in t ...) + NOT-FOR-US: PopojiCMS +CVE-2023-4694 (Certain HP OfficeJet Pro printers are potentially vulnerable to a Deni ...) + NOT-FOR-US: HP +CVE-2023-49860 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49847 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49846 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49842 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49841 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49836 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49828 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49827 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49820 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49786 (Asterisk is an open source private branch exchange and telephony toolk ...) + - asterisk 1:20.5.1~dfsg+~cs6.13.40431414-1 (bug #1059033) + NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-hxj9-xwr8-w8pq + NOTE: https://github.com/asterisk/asterisk/commit/d7d7764cb07c8a1872804321302ef93bf62cba05 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/15/7 +CVE-2023-49771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49745 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49740 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49739 ([PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATF ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49708 (SQLi vulnerability in Starshop component for Joomla.) + NOT-FOR-US: Starshop component for Joomla +CVE-2023-49707 (SQLi vulnerability in S5 Register module for Joomla.) + NOT-FOR-US: Joomla module +CVE-2023-49294 (Asterisk is an open source private branch exchange and telephony toolk ...) + - asterisk 1:20.5.1~dfsg+~cs6.13.40431414-1 (bug #1059032) + NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-8857-hfmw-vg8f + NOTE: https://github.com/asterisk/asterisk/commit/424be345639d75c6cb7d0bd2da5f0f407dbd0bd5 +CVE-2023-49195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49173 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49172 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49168 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49157 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49152 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49151 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49150 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49149 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48925 (SQL injection vulnerability in Buy Addons bavideotab before version 1. ...) + NOT-FOR-US: PrestaShop module +CVE-2023-48780 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48771 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48770 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48676 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-48671 (Dell vApp Manager, versions prior to 9.2.4.x contain an information di ...) + NOT-FOR-US: Dell +CVE-2023-48668 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) + NOT-FOR-US: Dell +CVE-2023-48667 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) + NOT-FOR-US: Dell +CVE-2023-48665 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) + NOT-FOR-US: Dell +CVE-2023-48664 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) + NOT-FOR-US: Dell +CVE-2023-48663 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) + NOT-FOR-US: Dell +CVE-2023-48662 (Dell vApp Manager, versions prior to 9.2.4.x contain a command injecti ...) + NOT-FOR-US: Dell +CVE-2023-48661 (Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file ...) + NOT-FOR-US: Dell +CVE-2023-48660 (Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file ...) + NOT-FOR-US: Dell +CVE-2023-48631 (@adobe/css-tools versions 4.3.1 and earlier are affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2023-47261 (Dokmee ECM 7.4.6 allows remote code execution because the response to ...) + NOT-FOR-US: Dokmee ECM +CVE-2023-46750 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability when ...) + - shiro + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue) + NOTE: https://lists.apache.org/thread/hoc9zdyzmmrfj1zhctsvvtx844tcq6w9 +CVE-2023-46348 (SQL njection vulnerability in SunnyToo sturls before version 1.1.13, a ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46144 (A download of code without integrity check vulnerability in PLCnext pr ...) + NOT-FOR-US: PLCnext +CVE-2023-46143 (Download of Code Without Integrity Check vulnerability in PHOENIX CONT ...) + NOT-FOR-US: PHOENIX +CVE-2023-46142 (A incorrect permission assignment for critical resource vulnerability ...) + NOT-FOR-US: PLCnext +CVE-2023-46141 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: PHOENIX +CVE-2023-45894 (The Remote Application Server in Parallels RAS before 19.2.23975 does ...) + NOT-FOR-US: Parallels +CVE-2023-45185 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) + NOT-FOR-US: IBM +CVE-2023-45182 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) + NOT-FOR-US: IBM +CVE-2023-44286 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) + NOT-FOR-US: Dell +CVE-2023-44285 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) + NOT-FOR-US: Dell +CVE-2023-44284 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) + NOT-FOR-US: Dell +CVE-2023-44279 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) + NOT-FOR-US: Dell +CVE-2023-44278 (Dell PowerProtect DD , versions prior to 7.13.0.10, LTS 7.7.5.25, LTS ...) + NOT-FOR-US: Dell +CVE-2023-44277 (Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7 ...) + NOT-FOR-US: Dell +CVE-2023-42801 (Moonlight-common-c contains the core GameStream client code shared bet ...) + NOT-FOR-US: Moonlight-common-c +CVE-2023-42800 (Moonlight-common-c contains the core GameStream client code shared bet ...) + NOT-FOR-US: Moonlight-common-c +CVE-2023-42799 (Moonlight-common-c contains the core GameStream client code shared bet ...) + NOT-FOR-US: Moonlight-common-c +CVE-2023-41151 (An uncaught exception issue discovered in Softing OPC UA C++ SDK befor ...) + NOT-FOR-US: OPC UA C++ SDK +CVE-2023-40659 (A reflected XSS vulnerability was discovered in the Easy Quick Contact ...) + NOT-FOR-US: Joomla module +CVE-2023-40658 (A reflected XSS vulnerability was discovered in the Clicky Analytics D ...) + NOT-FOR-US: Joomla module +CVE-2023-40657 (A reflected XSS vulnerability was discovered in the Joomdoc component ...) + NOT-FOR-US: Joomla module +CVE-2023-40656 (A reflected XSS vulnerability was discovered in the Quickform componen ...) + NOT-FOR-US: Joomla module +CVE-2023-40655 (A reflected XSS vulnerability was discovered in the Proforms Basic com ...) + NOT-FOR-US: Joomla module +CVE-2023-40630 (Unauthenticated LFI/SSRF in JCDashboards component for Joomla.) + NOT-FOR-US: Joomla module +CVE-2023-40629 (SQLi vulnerability in LMS Lite component for Joomla.) + NOT-FOR-US: Joomla module +CVE-2023-40628 (A reflected XSS vulnerability was discovered in the Extplorer componen ...) + NOT-FOR-US: Joomla module +CVE-2023-40627 (A reflected XSS vulnerability was discovered in the LivingWord compone ...) + NOT-FOR-US: Joomla module +CVE-2023-37457 (Asterisk is an open source private branch exchange and telephony toolk ...) + - asterisk + NOTE: https://github.com/asterisk/asterisk/security/advisories/GHSA-98rc-4j27-74hh + NOTE: https://github.com/asterisk/asterisk/commit/a1ca0268254374b515fa5992f01340f7717113fa +CVE-2023-3904 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-3511 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-3907 (A privilege escalation vulnerability in GitLab EE affecting all versio ...) + - gitlab (Specific to EE) +CVE-2023-5061 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-5512 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + - gitlab +CVE-2023-6051 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab +CVE-2023-6680 (An improper certificate validation issue in Smartcard authentication i ...) + - gitlab (Specific to EE) +CVE-2023-6564 + - gitlab (Specific to EE) +CVE-2023-49347 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 (unimportant) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1) + NOTE: Neutralised by kernel hardening +CVE-2023-49346 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 + [bookworm] - budgie-extras (Minor issue) + [bullseye] - budgie-extras (Minor issue) + [buster] - budgie-extras (Minor issue) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/0092025ef25b48c287a75946c0ee797d3c142760 (v1.7.1) +CVE-2023-49345 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 + [bookworm] - budgie-extras (Minor issue) + [bullseye] - budgie-extras (Minor issue) + [buster] - budgie-extras (Minor issue) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/588cbe6ffa72df904213d77728a3fd5bfae7195e (v1.7.1) +CVE-2023-49344 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 + [bookworm] - budgie-extras (Minor issue) + [bullseye] - budgie-extras (Minor issue) + [buster] - budgie-extras (Minor issue) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/11b02011ad2f6d46485b292713af09f7314843a5 (v1.7.1) +CVE-2023-49343 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 + [bookworm] - budgie-extras (Minor issue) + [bullseye] - budgie-extras (Minor issue) + [buster] - budgie-extras (Minor issue) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/e75c94af249191bdbd33eebf7a62d4234a0d8be5 (v1.7.1) +CVE-2023-49342 (Temporary data passed between application components by Budgie Extras ...) + - budgie-extras 1.7.1-1 + [bookworm] - budgie-extras (Minor issue) + [bullseye] - budgie-extras (Minor issue) + [buster] - budgie-extras (Minor issue) + NOTE: https://bugs.launchpad.net/bugs/2044373 + NOTE: https://www.openwall.com/lists/oss-security/2023/12/14/1 + NOTE: https://github.com/UbuntuBudgie/budgie-extras/commit/d03083732569126d2f21c8810d5a69554ccc5900 (v1.7.1) +CVE-2023-6775 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) + NOT-FOR-US: CodeAstro POS and Inventory Management System +CVE-2023-6407 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5630 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5629 (A CWE-601:URL Redirection to Untrusted Site (\u2018Open Redirect\u2019 ...) + NOT-FOR-US: Schneider Electric +CVE-2023-50709 (Cube is a semantic layer for building data applications. Prior to vers ...) + NOT-FOR-US: Cube +CVE-2023-50444 (By default, .ZED containers produced by PRIMX ZED! for Windows before ...) + NOT-FOR-US: PRIMX +CVE-2023-50443 (Encrypted disks created by PRIMX CRYHOD for Windows before Q.2020.4 (A ...) + NOT-FOR-US: PRIMX +CVE-2023-50442 (Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be m ...) + NOT-FOR-US: PRIMX +CVE-2023-50440 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) + NOT-FOR-US: PRIMX +CVE-2023-50439 (ZED containers produced by PRIMX ZED! for Windows before Q.2020.3 (ANS ...) + NOT-FOR-US: PRIMX +CVE-2023-50268 (jq is a command-line JSON processor. Version 1.7 is vulnerable to stac ...) + - jq 1.7.1-1 (bug #1058763) + [bookworm] - jq (Introduced in 1.7) + [bullseye] - jq (Introduced in 1.7) + [buster] - jq (Introduced in 1.7) + NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-7hmr-442f-qc8j + NOTE: https://github.com/jqlang/jq/pull/2804 + NOTE: Fixed by: https://github.com/jqlang/jq/commit/c9a51565214eece8f1053089739aea73145bfd6b (jq-1.7.1) +CVE-2023-50262 (Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Do ...) + - php-dompdf 2.0.4+dfsg-1 (bug #1058793) + NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3qx2-6f78-w2j2 + NOTE: https://github.com/dompdf/dompdf/commit/41cbac16f3cf56affa49f06e8dae66d0eac2b593 (v2.0.4) + TODO: check sources embedding php-dompdf if affected +CVE-2023-50248 (CKAN is an open-source data management system for powering data hubs a ...) + NOT-FOR-US: CKAN +CVE-2023-50246 (jq is a command-line JSON processor. Version 1.7 is vulnerable to heap ...) + - jq 1.7.1-1 (bug #1058763) + [bookworm] - jq (Introduced in 1.7) + [bullseye] - jq (Introduced in 1.7) + [buster] - jq (Introduced in 1.7) + NOTE: https://github.com/jqlang/jq/security/advisories/GHSA-686w-5m7m-54vc + NOTE: Fixed by: https://github.com/jqlang/jq/commit/71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 (jq-1.7.1) +CVE-2023-49878 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) + NOT-FOR-US: IBM +CVE-2023-49877 (IBM System Storage Virtualization Engine TS7700 3957-VEC, 3948-VED and ...) + NOT-FOR-US: IBM +CVE-2023-49646 (Improper authentication in some Zoom clients before version 5.16.5 may ...) + NOT-FOR-US: Zoom +CVE-2023-48702 (Jellyfin is a system for managing and streaming media. Prior to versio ...) + - jellyfin (bug #994189) +CVE-2023-48085 (Nagios XI before version 5.11.3 was discovered to contain a remote cod ...) + NOT-FOR-US: Nagios XI +CVE-2023-48084 (Nagios XI before version 5.11.3 was discovered to contain a SQL inject ...) + NOT-FOR-US: Nagios XI +CVE-2023-47624 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) + NOT-FOR-US: Audiobookshelf +CVE-2023-47623 (Scrypted is a home video integration and automation platform. In versi ...) + NOT-FOR-US: Scrypted +CVE-2023-47620 (Scrypted is a home video integration and automation platform. In versi ...) + NOT-FOR-US: Scrypted +CVE-2023-47619 (Audiobookshelf is a self-hosted audiobook and podcast server. In versi ...) + NOT-FOR-US: Audiobookshelf +CVE-2023-45184 (IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through ...) + NOT-FOR-US: IBM +CVE-2023-45174 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to ...) + NOT-FOR-US: IBM +CVE-2023-45170 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2023-45166 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2023-44709 (PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before wa ...) + NOT-FOR-US: PlutoSVG +CVE-2023-43586 (Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for ...) + NOT-FOR-US: Zoom +CVE-2023-43585 (Improper access control in Zoom Mobile App for iOS and Zoom SDKs for i ...) + NOT-FOR-US: Zoom +CVE-2023-43583 (Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for ...) + NOT-FOR-US: Zoom +CVE-2023-43042 (IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Stora ...) + NOT-FOR-US: IBM +CVE-2023-41720 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) + NOT-FOR-US: Ivanti +CVE-2023-41719 (A vulnerability exists on all versions of Ivanti Connect Secure below ...) + NOT-FOR-US: Ivanti +CVE-2023-41621 (A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro ...) + NOT-FOR-US: Emlog Pro +CVE-2023-41618 (Emlog Pro v2.1.14 was discovered to contain a reflective cross-site sc ...) + NOT-FOR-US: Emlog Pro +CVE-2023-40921 (SQL Injection vulnerability in functions/point_list.php in Common Serv ...) + NOT-FOR-US: Common Services soliberte +CVE-2023-31546 (Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows atta ...) + NOT-FOR-US: DedeBIZ +CVE-2023-50782 [Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659] + - python-cryptography + [buster] - python-cryptography (Minor issue; it's an incomplete fix of CVE-2020-25659) + NOTE: https://github.com/pyca/cryptography/issues/9785 + NOTE: https://people.redhat.com/~hkario/marvin/ + NOTE: https://github.com/openssl/openssl/pull/13817 + NOTE: CVE is for incomplete fix of CVE-2020-25659 +CVE-2023-50781 [Bleichenbacher timing attacks in the RSA decryption API - incomplete fix for CVE-2020-25657] + - m2crypto + [buster] - m2crypto (Minor issue; it's an incomplete fix of CVE-2020-25657) + NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/342 + NOTE: https://people.redhat.com/~hkario/marvin/ + NOTE: https://github.com/openssl/openssl/pull/13817 + NOTE: CVE is for incomplete fix of CVE-2020-25657 +CVE-2023-49934 (An issue was discovered in SchedMD Slurm 23.11.x. There is SQL Injecti ...) + - slurm-wlm (Vulnerable code introduced in 23.11 series) + - slurm-llnl (Vulnerable code introduced in 23.11 series) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-49933 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) + - slurm-wlm (bug #1058720) + - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-49937 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) + - slurm-wlm (bug #1058720) + - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-49936 (An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x ...) + - slurm-wlm (bug #1058720) + - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-49938 (An issue was discovered in SchedMD Slurm 22.05.x and 23.02.x. There is ...) + - slurm-wlm (bug #1058720) + - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-49935 (An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is ...) + - slurm-wlm (bug #1058720) + [bookworm] - slurm-wlm (Vulnerable code introduced later) + [bullseye] - slurm-wlm (Vulnerable code introduced later) + - slurm-llnl (Vulnerable code introduced later) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2023/000103.html +CVE-2023-6795 (An OS command injection vulnerability in Palo Alto Networks PAN-OS sof ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6794 (An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS so ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6793 (An improper privilege management vulnerability in Palo Alto Networks P ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6792 (An OS command injection vulnerability in the XML API of Palo Alto Netw ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6791 (A credential disclosure vulnerability in Palo Alto Networks PAN-OS sof ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6790 (A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Netw ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6789 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-6774 (A vulnerability was found in CodeAstro POS and Inventory Management Sy ...) + NOT-FOR-US: CodeAstro POS and Inventory Management System +CVE-2023-6773 (A vulnerability has been found in CodeAstro POS and Inventory Manageme ...) + NOT-FOR-US: CodeAstro POS and Inventory Management System +CVE-2023-6772 (A vulnerability, which was classified as critical, was found in OTCMS ...) + NOT-FOR-US: OTCMS +CVE-2023-6771 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6767 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Wedding Guest e-Book +CVE-2023-6766 (A vulnerability classified as problematic has been found in PHPGurukul ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6765 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-6762 (A vulnerability, which was classified as critical, was found in Thecos ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6761 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6760 (A vulnerability classified as critical was found in Thecosy IceCMS up ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6759 (A vulnerability classified as problematic has been found in Thecosy Ic ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6758 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6757 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6756 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classif ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6755 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...) + NOT-FOR-US: DedeBIZ +CVE-2023-6723 (An unrestricted file upload vulnerability has been identified in Repbo ...) + NOT-FOR-US: Repox +CVE-2023-6722 (A path traversal vulnerability has been detected in Repox, which allow ...) + NOT-FOR-US: Repox +CVE-2023-6721 (An XEE vulnerability has been found in Repox, which allows a remote at ...) + NOT-FOR-US: Repox +CVE-2023-6720 (An XSS vulnerability stored in Repox has been identified, which allows ...) + NOT-FOR-US: Repox +CVE-2023-6719 (An XSS vulnerability has been detected in Repox, which allows an attac ...) + NOT-FOR-US: Repox +CVE-2023-6718 (An authentication bypass vulnerability has been found in Repox, which ...) + NOT-FOR-US: Repox +CVE-2023-6660 (When a program running on an affected system appends data to a file vi ...) + NOT-FOR-US: FreeBSD +CVE-2023-6534 (In versions of FreeBSD 14.0-RELEASE before 14-RELEASE-p2, FreeBSD 13.2 ...) + NOT-FOR-US: FreeBSD +CVE-2023-6381 (Improper input validation vulnerability in Newsletter Software SuperMa ...) + NOT-FOR-US: Newsletter Software SuperMailer +CVE-2023-6380 (Open redirect vulnerability has been found in the Open CMS product aff ...) + NOT-FOR-US: Open CMS +CVE-2023-6379 (Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, ...) + NOT-FOR-US: Open CMS +CVE-2023-50779 (Missing permission checks in Jenkins PaaSLane Estimate Plugin 1.0.4 an ...) + NOT-FOR-US: Jenkins PaaSLane Estimate Plugin +CVE-2023-50778 (A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane ...) + NOT-FOR-US: Jenkins PaaSLane Estimate Plugin +CVE-2023-50777 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier does not mask PaaSL ...) + NOT-FOR-US: Jenkins PaaSLane Estimate Plugin +CVE-2023-50776 (Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier stores PaaSLane aut ...) + NOT-FOR-US: Jenkins PaaSLane Estimate Plugin +CVE-2023-50775 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...) + NOT-FOR-US: Jenkins Deployment Dashboard Plugin +CVE-2023-50774 (A cross-site request forgery (CSRF) vulnerability in Jenkins HTMLResou ...) + NOT-FOR-US: Jenkins HTMLResource Plugin +CVE-2023-50773 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier does not mask acce ...) + NOT-FOR-US: Jenkins Dingding JSON Pusher Plugin +CVE-2023-50772 (Jenkins Dingding JSON Pusher Plugin 2.0 and earlier stores access toke ...) + NOT-FOR-US: Jenkins Dingding JSON Pusher Plugin +CVE-2023-50771 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperl ...) + NOT-FOR-US: Jenkins OpenId Connect Authentication Plugin +CVE-2023-50770 (Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a ...) + NOT-FOR-US: Jenkins OpenId Connect Authentication Plugin +CVE-2023-50769 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) + NOT-FOR-US: Jenkins Nexus Platform Plugin +CVE-2023-50768 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) + NOT-FOR-US: Jenkins Nexus Platform Plugin +CVE-2023-50767 (Missing permission checks in Jenkins Nexus Platform Plugin 3.18.0-03 a ...) + NOT-FOR-US: Jenkins Nexus Platform Plugin +CVE-2023-50766 (A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Pla ...) + NOT-FOR-US: Jenkins Nexus Platform Plugin +CVE-2023-50765 (A missing permission check in Jenkins Scriptler Plugin 342.v6a_89fd40f ...) + NOT-FOR-US: Jenkins Scriptler Plugin +CVE-2023-50764 (Jenkins Scriptler Plugin 342.v6a_89fd40f466 and earlier does not restr ...) + NOT-FOR-US: Jenkins Scriptler Plugin +CVE-2023-50441 (Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.20 ...) + NOT-FOR-US: PRIMX ZONECENTRAL +CVE-2023-49363 (Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in th ...) + NOT-FOR-US: Rockoa +CVE-2023-49296 (The Arduino Create Agent allows users to use the Arduino Create applic ...) + NOT-FOR-US: Arduino Create Agent +CVE-2023-48639 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + NOT-FOR-US: Adobe +CVE-2023-48638 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + NOT-FOR-US: Adobe +CVE-2023-48637 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + NOT-FOR-US: Adobe +CVE-2023-48636 (Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 ( ...) + NOT-FOR-US: Adobe +CVE-2023-48635 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + NOT-FOR-US: Adobe +CVE-2023-48634 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + NOT-FOR-US: Adobe +CVE-2023-48633 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + NOT-FOR-US: Adobe +CVE-2023-48632 (Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earl ...) + NOT-FOR-US: Adobe +CVE-2023-48630 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-48629 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-48628 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-48627 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-48626 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-48625 (Adobe Substance 3D Sampler versions 4.2.1 and earlier are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-47327 (The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47326 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSR ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47325 (Silverpeas Core 6.3.1 administrative "Bin" feature is affected by brok ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47324 (Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47323 (The notification/messaging feature of Silverpeas Core 6.3.1 does not e ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47322 (The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cro ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47321 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via th ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47320 (Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An at ...) + NOT-FOR-US: Silverpeas Core +CVE-2023-47081 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-47080 (Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-47079 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-47078 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-47077 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-47076 (Adobe InDesign versions 19.0 (and earlier) and 17.4.2 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-47075 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47074 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47063 (Adobe Illustrator versions 28.0 (and earlier) and 27.9 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47062 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-47061 (Adobe Dimension versions 3.4.10 and earlier are affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-46727 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-v799-2mp3-wgfr + NOTE: https://github.com/glpi-project/glpi/commit/ee2d674481ebef177037e8e14d35c9455b5cfd46 +CVE-2023-46726 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qc92-gxc6-5f95 + NOTE: https://github.com/glpi-project/glpi/commit/42ba2b031bec0b3889317db25f3adf9080fc11b2 +CVE-2023-46247 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + NOT-FOR-US: Vyper +CVE-2023-44362 (Adobe Prelude versions 22.6 and earlier are affected by an Access of U ...) + NOT-FOR-US: Adobe +CVE-2023-44252 (** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerabilit ...) + NOT-FOR-US: FortiGuard +CVE-2023-44251 (** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to ...) + NOT-FOR-US: FortiGuard +CVE-2023-43813 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-94c3-fw5r-3362 + NOTE: https://github.com/glpi-project/glpi/commit/4bd7f02d940953b9cbc9d285f7544bb0e490e75e +CVE-2023-42495 (Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutraliz ...) + NOT-FOR-US: Dasan Networks W-Web +CVE-2023-34194 (StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML ...) + - tinyxml + NOTE: https://www.forescout.com/resources/sierra21-vulnerabilities + TODO: check details and embedded copies once assessment for tinyxml done +CVE-2023-6707 (Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6706 (Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allow ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6705 (Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allo ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6704 (Use after free in libavif in Google Chrome prior to 120.0.6099.109 all ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6703 (Use after free in Blink in Google Chrome prior to 120.0.6099.109 allow ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6702 (Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed ...) + {DSA-5577-1} + - chromium 120.0.6099.109-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6753 (Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.) + NOT-FOR-US: mlflow +CVE-2023-50263 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + NOT-FOR-US: Nautobot +CVE-2023-50252 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) + - php-dompdf-svg-lib 0.5.1-1 (bug #1058641) + NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-jq98-9543-m4cr + NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/08ce6a96d63ad7216315fae34a61c886dd2dc030 (0.5.1) + TODO: check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked +CVE-2023-50251 (php-svg-lib is an SVG file parsing / rendering library. Prior to versi ...) + - php-dompdf-svg-lib 0.5.1-1 (bug #1058641) + NOTE: https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-ff5x-7qg5-vwf2 + NOTE: Fixed by: https://github.com/dompdf/php-svg-lib/commit/88163cbe562d9b391b3a352e54d9c89d02d77ee0 (0.5.1) + TODO: check, other packages are embedding the library: civicrm, icinga-php-thirdparty and icingaweb2 to be checked +CVE-2023-48791 (An improper neutralization of special elements used in a command ('Com ...) + NOT-FOR-US: FortiGuard +CVE-2023-48782 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2023-48225 (Laf is a cloud development platform. Prior to version 1.0.0-beta.13, t ...) + NOT-FOR-US: Laf +CVE-2023-47579 (Relyum RELY-PCIe 22.2.1 devices suffer from a system group misconfigur ...) + NOT-FOR-US: Relyum RELY-PCIe +CVE-2023-47578 (Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to ...) + NOT-FOR-US: Relyum RELY-PCIe and RELY-REC +CVE-2023-47577 (An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 all ...) + NOT-FOR-US: Relyum +CVE-2023-47576 (An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + NOT-FOR-US: Relyum +CVE-2023-47575 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + NOT-FOR-US: Relyum +CVE-2023-47574 (An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 ...) + NOT-FOR-US: Relyum +CVE-2023-47573 (An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorizat ...) + NOT-FOR-US: Relyum +CVE-2023-47536 (An improper access control vulnerability [CWE-284] in FortiOS version ...) + NOT-FOR-US: FortiGuard +CVE-2023-46713 (An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 ...) + NOT-FOR-US: FortiGuard +CVE-2023-46675 (An issue was discovered by Elastic whereby sensitive information may b ...) + - kibana (bug #700337) +CVE-2023-45864 (A race condition issue discovered in Samsung Mobile Processor Exynos 9 ...) + NOT-FOR-US: Samsung +CVE-2023-45801 (Improper Authentication vulnerability in Nadatel DVR allows Informatio ...) + NOT-FOR-US: Nadatel +CVE-2023-45800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Hanbiro +CVE-2023-45725 (Design document functions which receive a user http request object may ...) + - couchdb +CVE-2023-45587 (An improper neutralization of input during web page generation ('cross ...) + NOT-FOR-US: FortiGuard +CVE-2023-43122 (Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080 ...) + NOT-FOR-US: Samsung +CVE-2023-42483 (A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exyno ...) + NOT-FOR-US: Samsung +CVE-2023-41844 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2023-41678 (A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiP ...) + NOT-FOR-US: FortiGuard +CVE-2023-41673 (An improper authorization vulnerability [CWE-285] in Fortinet FortiADC ...) + NOT-FOR-US: FortiGuard +CVE-2023-40716 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2023-3517 (Hitachi Vantara Pentaho Data Integration & Analytics versions before 9 ...) + NOT-FOR-US: Hitachi Vantara Pentaho Data Integration & Analytics +CVE-2023-36639 (A use of externally-controlled format string in Fortinet FortiProxy ve ...) + NOT-FOR-US: FortiGuard +CVE-2023-6710 (A flaw was found in the mod_proxy_cluster in the Apache server. This i ...) + - libapache2-mod-cluster (bug #731410) +CVE-2023-5379 (A flaw was found in Undertow. When an AJP request is sent that exceeds ...) + - undertow (bug #1059055) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2242099 +CVE-2023-49921 + - elasticsearch +CVE-2023-6687 (An issue was discovered by Elastic whereby Elastic Agent would log a r ...) + NOT-FOR-US: Elastic whereby Elastic Agent +CVE-2023-50247 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Th ...) + TODO: check +CVE-2023-49923 (An issue was discovered by Elastic whereby the Documents API of App Se ...) + NOT-FOR-US: Elastic whereby the Documents API of App Search +CVE-2023-49922 (An issue was discovered by Elastic whereby Beats and Elastic Agent wou ...) + NOT-FOR-US: Elastic whereby Beats and Elastic Agent +CVE-2023-49279 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-49278 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-49274 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-49273 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-49089 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-48313 (Umbraco is an ASP.NET content management system (CMS). Starting in 10 ...) + NOT-FOR-US: Umbraco +CVE-2023-48227 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-43364 (main.py in Searchor before 2.4.2 uses eval on CLI input, which may cau ...) + NOT-FOR-US: Searchor +CVE-2023-41337 (h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In ...) + TODO: check +CVE-2023-38694 (Umbraco is an ASP.NET content management system (CMS). Starting in ver ...) + NOT-FOR-US: Umbraco +CVE-2023-36696 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-36391 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2023-36020 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36019 (Microsoft Power Platform Connector Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36012 (DHCP Server Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36011 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36010 (Microsoft Defender Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36009 (Microsoft Word Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36006 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-36005 (Windows Telephony Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36004 (Windows DPAPI (Data Protection Application Programming Interface) Spoo ...) + NOT-FOR-US: Microsoft +CVE-2023-36003 (XAML Diagnostics Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35644 (Windows Sysmain Service Elevation of Privilege) + NOT-FOR-US: Microsoft +CVE-2023-35643 (DHCP Server Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35642 (Internet Connection Sharing (ICS) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35641 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35639 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35638 (DHCP Server Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35636 (Microsoft Outlook Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35635 (Windows Kernel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35634 (Windows Bluetooth Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35633 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35632 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2023-35631 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35630 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35629 (Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35628 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35625 (Azure Machine Learning Compute Instance for SDK Users Information Disc ...) + NOT-FOR-US: Microsoft +CVE-2023-35624 (Azure Connected Machine Agent Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35622 (Windows DNS Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35621 (Microsoft Dynamics 365 Finance and Operations Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-35619 (Microsoft Outlook for Mac Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-34064 (Workspace ONE Launcher contains a Privilege Escalation Vulnerability.A ...) + NOT-FOR-US: VMware +CVE-2023-6727 (Mattermost fails to perform correct authorization checks when creating ...) + - mattermost-server (bug #823556) +CVE-2023-6593 (Client side permission bypass in Devolutions Remote Desktop Manager 20 ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-6547 (Mattermost fails to validate team membership when a user attempts to a ...) + - mattermost-server (bug #823556) +CVE-2023-6193 (quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unb ...) + NOT-FOR-US: Cloudflare quiche +CVE-2023-50495 (NCurse v6.4-20230418 was discovered to contain a segmentation fault vi ...) + - ncurses 6.4+20230625-1 + [bookworm] - ncurses (Minor issue) + [bullseye] - ncurses (Minor issue) + [buster] - ncurses (Minor issue) + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html + NOTE: Fixed in ncurses-6.4-20230424 patchlevel +CVE-2023-4932 (SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). ...) + NOT-FOR-US: SAS +CVE-2023-49994 (Espeak-ng 1.52-dev was discovered to contain a Floating Point Exceptio ...) + - espeak-ng (bug #1059060) + [bookworm] - espeak-ng (Minor issue) + [bullseye] - espeak-ng (Minor issue) + [buster] - espeak-ng (Minor issue) + NOTE: https://github.com/espeak-ng/espeak-ng/issues/1823 + NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c +CVE-2023-49993 (Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the ...) + - espeak-ng (bug #1059060) + [bookworm] - espeak-ng (Minor issue) + [bullseye] - espeak-ng (Minor issue) + [buster] - espeak-ng (Minor issue) + NOTE: https://github.com/espeak-ng/espeak-ng/issues/1826 + NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c +CVE-2023-49992 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow v ...) + - espeak-ng (bug #1059060) + [bookworm] - espeak-ng (Minor issue) + [bullseye] - espeak-ng (Minor issue) + [buster] - espeak-ng (Minor issue) + NOTE: https://github.com/espeak-ng/espeak-ng/issues/1827 + NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c +CVE-2023-49991 (Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow ...) + - espeak-ng (bug #1059060) + [bookworm] - espeak-ng (Minor issue) + [bullseye] - espeak-ng (Minor issue) + [buster] - espeak-ng (Minor issue) + NOTE: https://github.com/espeak-ng/espeak-ng/issues/1825 + NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c +CVE-2023-49990 (Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the ...) + - espeak-ng (bug #1059060) + [bookworm] - espeak-ng (Minor issue) + [bullseye] - espeak-ng (Minor issue) + [buster] - espeak-ng (Minor issue) + NOTE: https://github.com/espeak-ng/espeak-ng/issues/1824 + NOTE: https://github.com/espeak-ng/espeak-ng/commit/58f1e0b6a4e6aa55621c6f01118994d01fd6f68c +CVE-2023-49874 (Mattermost fails to check whether a user is a guest when updating the ...) + - mattermost-server (bug #823556) +CVE-2023-49809 (Mattermost fails to handle a null request body in the /add endpoint, a ...) + - mattermost-server (bug #823556) +CVE-2023-49713 (Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI ...) + NOT-FOR-US: NetBIOS service of HMI GC-A2 series + NOT-FOR-US: JTEKT ELECTRONICS CORPORATION +CVE-2023-49695 (OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS ...) + NOT-FOR-US: ELECOM +CVE-2023-49692 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + NOT-FOR-US: Siemens +CVE-2023-49691 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + NOT-FOR-US: Siemens +CVE-2023-49607 (Mattermost fails to validate the type of the "reminder" body request p ...) + - mattermost-server (bug #823556) +CVE-2023-49563 (Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allow ...) + NOT-FOR-US: Voltronic Power SNMP Web Pro +CVE-2023-49143 (Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC- ...) + NOT-FOR-US: JTEKT ELECTRONICS CORPORATION +CVE-2023-49140 (Denial-of-service (DoS) vulnerability exists in commplex-link service ...) + NOT-FOR-US: JTEKT ELECTRONICS CORPORATION +CVE-2023-48677 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-48431 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2023-48430 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2023-48429 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2023-48428 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2023-48427 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2023-46701 (Mattermost fails to perform authorization checks in the /plugins/play ...) + - mattermost-server (bug #823556) +CVE-2023-46456 (In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inj ...) + NOT-FOR-US: GL.iNET GL-AR300M routers +CVE-2023-46455 (In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to wr ...) + NOT-FOR-US: GL.iNET GL-AR300M routers +CVE-2023-46454 (In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to i ...) + NOT-FOR-US: GL.iNET GL-AR300M routers +CVE-2023-46285 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + NOT-FOR-US: Siemens +CVE-2023-46284 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + NOT-FOR-US: Siemens +CVE-2023-46283 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + NOT-FOR-US: Siemens +CVE-2023-46282 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + NOT-FOR-US: Siemens +CVE-2023-46281 (A vulnerability has been identified in Opcenter Quality (All versions) ...) + NOT-FOR-US: Siemens +CVE-2023-46156 (Affected devices improperly handle specially crafted packets sent to p ...) + NOT-FOR-US: Siemens +CVE-2023-45847 (Mattermost fails to to check the length when setting the title in a ru ...) + - mattermost-server (bug #823556) +CVE-2023-45316 (Mattermost fails to validate if a relative path is passed in /plugins/ ...) + - mattermost-server (bug #823556) +CVE-2023-41963 (Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC- ...) + NOT-FOR-US: JTEKT ELECTRONICS CORPORATION +CVE-2023-41623 (Emlog version pro2.1.14 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: EMlog +CVE-2023-38380 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIP ...) + NOT-FOR-US: Siemens +CVE-2023-6709 (Improper Neutralization of Special Elements Used in a Template Engine ...) + NOT-FOR-US: mlflow +CVE-2023-6542 (Due to lack of proper authorization checks in Emarsys SDK for Android, ...) + NOT-FOR-US: Emarsys SDK for Android +CVE-2023-5536 (A feature in LXD (LP#1829071), affects the default configuration of Ub ...) + NOT-FOR-US: Ubuntu server configuration +CVE-2023-50424 (SAPBTPSecurity Services Integration Library ([Golang] github.com/sap/c ...) + NOT-FOR-US: SAP +CVE-2023-50423 (SAPBTPSecurity Services Integration Library ([Python]sap-xssec) - vers ...) + NOT-FOR-US: SAP +CVE-2023-50422 (SAPBTPSecurity Services Integration Library ([Java] cloud-security-ser ...) + NOT-FOR-US: SAP +CVE-2023-50245 (OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata pr ...) + NOT-FOR-US: OpenEXR-viewer +CVE-2023-49805 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-49804 (Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to ve ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-49803 (@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a ...) + NOT-FOR-US: Node @koa/cors +CVE-2023-49802 (The LinkedCustomFields plugin for MantisBT allows users to link values ...) + NOT-FOR-US: LinkedCustomFields plugin for MantisBT +CVE-2023-49796 (MindsDB connects artificial intelligence models to real time data. Ver ...) + NOT-FOR-US: MindsDB +CVE-2023-49587 (SAP Solution Manager - version 720, allows an authorized attacker to e ...) + NOT-FOR-US: SAP +CVE-2023-49584 (SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP ...) + NOT-FOR-US: SAP +CVE-2023-49583 (SAPBTPSecurity Services Integration Library ([Node.js] @sap/xssec - ve ...) + NOT-FOR-US: SAP +CVE-2023-49581 (SAP GUI for WindowsandSAP GUI for Javaallow an unauthenticated attacke ...) + NOT-FOR-US: SAP +CVE-2023-49580 (SAP GUI for WindowsandSAP GUI for Java - versions SAP_BASIS 755, SAP_B ...) + NOT-FOR-US: SAP +CVE-2023-49578 (SAP Cloud Connector - version 2.0, allows an authenticated user with l ...) + NOT-FOR-US: SAP +CVE-2023-49577 (The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 6 ...) + NOT-FOR-US: SAP +CVE-2023-49494 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) + NOT-FOR-US: DedeCMS +CVE-2023-49490 (XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scr ...) + NOT-FOR-US: XunRuiCMS +CVE-2023-49488 (A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 al ...) + NOT-FOR-US: Openfiler ESA +CVE-2023-49058 (SAP Master Data Governance File Upload applicationallows an attacker t ...) + NOT-FOR-US: SAP +CVE-2023-48642 (Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticate ...) + NOT-FOR-US: Archer +CVE-2023-48641 (Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecu ...) + NOT-FOR-US: Archer +CVE-2023-45292 (When using the default implementation of Verify to check a Captcha, ve ...) + NOT-FOR-US: base64Captcha +CVE-2023-42932 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-42927 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-42926 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42924 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-42923 (This issue was addressed through improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-42922 (This issue was addressed with improved redaction of sensitive informat ...) + NOT-FOR-US: Apple +CVE-2023-42919 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-42914 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42912 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42911 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42910 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42909 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42908 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42907 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42906 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42905 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42904 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42903 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42902 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42901 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2023-42900 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-42899 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42898 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42897 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-42894 (This issue was addressed with improved redaction of sensitive informat ...) + NOT-FOR-US: Apple +CVE-2023-42891 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2023-42890 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5527-1} + - webkit2gtk 2.42.0-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.0-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0012.html +CVE-2023-42886 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2023-42884 (This issue was addressed with improved redaction of sensitive informat ...) + NOT-FOR-US: Apple +CVE-2023-42883 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5580-1} + - webkit2gtk 2.42.4-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.4-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0012.html +CVE-2023-42882 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42874 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-42481 (In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, ...) + NOT-FOR-US: SAP +CVE-2023-42479 (An unauthenticated attacker can embed a hidden access to a Biller Dire ...) + NOT-FOR-US: SAP +CVE-2023-42478 (SAP Business ObjectsBusiness Intelligence Platform is vulnerable to st ...) + NOT-FOR-US: SAP +CVE-2023-42476 (SAP Business Objects Web Intelligence - version 420, allows an authen ...) + NOT-FOR-US: SAP +CVE-2023-41120 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41119 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41118 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41117 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41116 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41115 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41114 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-41113 (An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS ...) + NOT-FOR-US: EnterpriseDB Postgres Advanced Server +CVE-2023-40446 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-36654 (Directory traversal in the log-download REST API endpoint in ProLion C ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36652 (A SQL Injection in the users searching REST API endpoint in ProLion Cr ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36651 (Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allo ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36650 (A missing integrity check in the update system in ProLion CryptoSpike ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36649 (Insertion of sensitive information in the centralized (Grafana) loggin ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36648 (Missing authentication in the internal data streaming system in ProLio ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36647 (A hard-coded cryptographic private key used to sign JWT authentication ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-36646 (Incorrect user role checking in multiple REST API endpoints in ProLion ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2022-48616 (A Huawei data communication product has a command injection vulnerabil ...) + NOT-FOR-US: Huawei +CVE-2022-48615 (An improper access control vulnerability exists in a Huawei datacom pr ...) + NOT-FOR-US: Huawei +CVE-2023-XXXX [RCE vulnerability in WP_HTML_Token class] + - wordpress + [bookworm] - wordpress (Vulnerable code not present) + [bullseye] - wordpress (Vulnerable code not present) + [buster] - wordpress (Vulnerable code not present) + NOTE: https://wordpress.org/documentation/wordpress-version/version-6-4-2/#installation-update-information + NOTE: https://www.wordfence.com/blog/2023/12/psa-critical-pop-chain-allowing-remote-code-execution-patched-in-wordpress-6-4-2/ +CVE-2023-6536 [NULL pointer dereference in __nvmet_req_complete] + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254052 +CVE-2023-6535 [NULL pointer dereference in nvmet_tcp_execute_request] + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254053 +CVE-2023-6356 [NULL pointer dereference in nvmet_tcp_build_iovec] + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2254054 +CVE-2023-39804 [Incorrectly handled extension attributes in PAX archives can lead to a crash] + - tar 1.34+dfsg-1.3 (bug #1058079) + [bookworm] - tar (Minor issue) + [bullseye] - tar (Minor issue) + [buster] - tar (Minor issue) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 (v1.35) +CVE-2023-6679 (A null pointer dereference vulnerability was found in dpll_pin_parent_ ...) + - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/netdev/20231211083758.1082853-1-jiri@resnulli.us/ +CVE-2023-6671 (A vulnerability has been discovered on OJS, that consists in a CSRF (C ...) + NOT-FOR-US: OJS (OPEN JOURNAL SYSTEMS) +CVE-2023-6538 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...) + NOT-FOR-US: Hitachi +CVE-2023-6194 (In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition X ...) + NOT-FOR-US: Eclipse Memory Analyzer +CVE-2023-6035 (The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5955 (The Contact Form Email WordPress plugin before 1.3.44 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5940 (The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5907 (The File Manager WordPress plugin before 6.3 does not restrict the fil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5757 (The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5750 (The EmbedPress WordPress plugin before 3.9.2 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5749 (The EmbedPress WordPress plugin before 3.9.2 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49795 (MindsDB connects artificial intelligence models to real time data. Ver ...) + NOT-FOR-US: MindsDB +CVE-2023-49418 (TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerabili ...) + NOT-FOR-US: TOTOLink +CVE-2023-49417 (TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerabil ...) + NOT-FOR-US: TOTOLink +CVE-2023-48715 (Tuleap is an open source suite to improve management of software devel ...) + NOT-FOR-US: Tuleap +CVE-2023-6185 (Improper Input Validation vulnerability in GStreamer integration of Th ...) + {DSA-5574-1} + - libreoffice 4:7.6.3-1 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185/ +CVE-2023-6186 (Insufficient macro permission validation of The Document Foundation Li ...) + {DSA-5574-1} + - libreoffice 4:7.6.4~rc1-1 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186/ +CVE-2023-6659 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Web-Based Student Clearance System +CVE-2023-6658 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6657 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6656 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceL ...) + NOT-FOR-US: DeepFaceLab +CVE-2023-6181 (An oversight in BCB handling of reboot reason that allows for persiste ...) + NOT-FOR-US: Android +CVE-2023-5500 (This vulnerability allows an remote attacker with low privileges to mi ...) + NOT-FOR-US: Frauscher Sensortechnik products +CVE-2023-50465 (A stored cross-site scripting (XSS) vulnerability exists in Monica (ak ...) + NOT-FOR-US: MonicaHQ +CVE-2023-50463 (The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, whe ...) + NOT-FOR-US: caddy-geo-ip +CVE-2023-49964 (An issue was discovered in Hyland Alfresco Community Edition through 7 ...) + NOT-FOR-US: Hyland Alfresco Community Edition +CVE-2023-49355 (decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out- ...) + - jq 1.7.1-1 + [bookworm] - jq (Vulnerable code not present) + [bullseye] - jq (Vulnerable code not present) + [buster] - jq (Vulnerable code not present) + NOTE: https://github.com/linzc21/bug-reports/blob/main/reports/jq/1.7-37-g88f01a7/heap-buffer-overflow/CVE-2023-49355.md + NOTE: Duplicate of CVE-2023-50246 and requested to be rejected +CVE-2023-48425 (U-Boot vulnerability resulting in persistent Code Execution) + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) +CVE-2023-48424 (U-Boot shell vulnerability resulting in Privilege escalation in a prod ...) + NOT-FOR-US: Google Chromecast (unlikely to affect u-boot as packaged in Debian) +CVE-2023-48417 (Missing Permission checks resulting in unauthorized access and Manipul ...) + NOT-FOR-US: Android +CVE-2023-6655 (A vulnerability, which was classified as critical, has been found in H ...) + NOT-FOR-US: Hongjing e-HR 2020 +CVE-2023-6654 (A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Af ...) + NOT-FOR-US: PHPEMS +CVE-2023-6653 (A vulnerability was found in PHPGurukul Teacher Subject Allocation Man ...) + NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System +CVE-2023-6652 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) + NOT-FOR-US: code-projects Matrimonial Site +CVE-2023-6651 (A vulnerability was found in code-projects Matrimonial Site 1.0. It ha ...) + NOT-FOR-US: code-projects Matrimonial Site +CVE-2023-6650 (A vulnerability was found in SourceCodester Simple Invoice Generator S ...) + NOT-FOR-US: SourceCodester Simple Invoice Generator System +CVE-2023-6649 (A vulnerability has been found in PHPGurukul Teacher Subject Allocatio ...) + NOT-FOR-US: PHPGurukul Teacher Subject Allocation Management System +CVE-2023-6648 (A vulnerability, which was classified as critical, was found in PHPGur ...) + NOT-FOR-US: PHPGurukul Nipah Virus Testing Management System +CVE-2023-50457 (An issue was discovered in Zammad before 6.2.0. When listing tickets l ...) + - zammad (bug #841355) +CVE-2023-50456 (An issue was discovered in Zammad before 6.2.0. An attacker can trigge ...) + - zammad (bug #841355) +CVE-2023-50455 (An issue was discovered in Zammad before 6.2.0. Due to lack of rate li ...) + - zammad (bug #841355) +CVE-2023-50454 (An issue was discovered in Zammad before 6.2.0. In several subsystems, ...) + - zammad (bug #841355) +CVE-2023-50453 (An issue was discovered in Zammad before 6.2.0. It uses the public end ...) + - zammad (bug #841355) +CVE-2023-50449 (JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Di ...) + NOT-FOR-US: JFinalCMS +CVE-2023-50446 (An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1 ...) + NOT-FOR-US: Mullvad VPN Windows app +CVE-2022-48614 (Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS.) + NOT-FOR-US: Semantik MediaWiki +CVE-2023-6647 (A vulnerability, which was classified as critical, has been found in A ...) + NOT-FOR-US: AMTT HiBOS +CVE-2023-6646 (A vulnerability classified as problematic has been found in linkding 1 ...) + NOT-FOR-US: linkding +CVE-2023-50431 (sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c ...) + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lists.freedesktop.org/archives/dri-devel/2023-November/431772.html +CVE-2023-50430 (The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computer ...) + NOT-FOR-US: Goodix Fingerprint Device (as shipped in Dell Inspiron 15 computers) +CVE-2023-50429 (IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensembl ...) + NOT-FOR-US: IzyBat Orange casiers +CVE-2023-50428 (In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots202311 ...) + - bitcoin +CVE-2021-46899 (SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote de ...) + NOT-FOR-US: SyncTrayzor +CVE-2023-6394 (A flaw was found in Quarkus. This issue occurs when receiving a reques ...) + NOT-FOR-US: Quarkus +CVE-2023-6337 (HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable t ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-6120 (The Welcart e-Commerce plugin for WordPress is vulnerable to Directory ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5756 (The Digital Publications by Supsystic plugin for WordPress is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49800 (`nuxt-api-party` is an open source module to proxy API requests. The l ...) + NOT-FOR-US: nuxt-api-party +CVE-2023-49799 (`nuxt-api-party` is an open source module to proxy API requests. nuxt- ...) + NOT-FOR-US: nuxt-api-party +CVE-2023-49798 (OpenZeppelin Contracts is a library for smart contract development. A ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2023-49797 (PyInstaller bundles a Python application and all its dependencies into ...) + NOT-FOR-US: PyInstaller +CVE-2023-48311 (dockerspawner is a tool to spawn JupyterHub single user servers in Doc ...) + NOT-FOR-US: dockerspawner +CVE-2023-47722 (IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in bro ...) + NOT-FOR-US: IBM +CVE-2023-47465 (An issue in GPAC v.2.2.1 and before allows a local attacker to cause a ...) + - gpac (bug #1059056) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2652 + NOTE: https://github.com/gpac/gpac/commit/a40a3b7ef7420c8df0a7d9411ab1fc267ca86c49 + NOTE: https://github.com/gpac/gpac/commit/613dbc5702b09063b101cfc3d6ad74b45ad87521 +CVE-2023-47254 (An OS Command Injection in the CLI interface on DrayTek Vigor167 versi ...) + NOT-FOR-US: DrayTek Vigor167 +CVE-2023-46932 (Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671 ...) + - gpac (bug #1059056) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2669 + NOTE: https://github.com/gpac/gpac/commit/dfdf1681aae2f7b6265e58e97f8461a89825a74b +CVE-2023-6622 (A null pointer dereference vulnerability was found in nft_dynset_init( ...) + - linux + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3701cd390fd731ee7ae8b8006246c8db82c72bea +CVE-2023-6619 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6618 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6617 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6616 (A vulnerability was found in SourceCodester Simple Student Attendance ...) + NOT-FOR-US: SourceCodester Simple Student Attendance System +CVE-2023-6615 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Typecho +CVE-2023-6614 (A vulnerability classified as problematic was found in Typecho 1.2.1. ...) + NOT-FOR-US: Typecho +CVE-2023-6613 (A vulnerability classified as problematic has been found in Typecho 1. ...) + NOT-FOR-US: Typecho +CVE-2023-6612 (A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. I ...) + NOT-FOR-US: Totolink +CVE-2023-6611 (A vulnerability was found in Tongda OA 2017 up to 11.9. It has been de ...) + NOT-FOR-US: Tongda OA +CVE-2023-6610 (An out-of-bounds read vulnerability was found in smb2_dump_detail in f ...) + - linux (unimportant) + NOTE: CONFIG_CIFS_DEBUG2 not enabled in Debian +CVE-2023-6609 (A vulnerability was found in osCommerce 4. It has been classified as p ...) + NOT-FOR-US: osCommerce +CVE-2023-6608 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) + NOT-FOR-US: Tongda OA +CVE-2023-6607 (A vulnerability has been found in Tongda OA 2017 up to 11.10 and class ...) + NOT-FOR-US: Tongda OA +CVE-2023-6606 (An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb ...) + - linux +CVE-2023-6507 (An issue was found in CPython 3.12.0 `subprocess` module on POSIX plat ...) + - python3.12 3.12.1-1 + - python3.11 (Vulnerable code not present) + - python3.10 (Vulnerable code not present) + - python3.9 (Vulnerable code not present) + - python3.7 (Vulnerable code not present) + - python2.7 (Vulnerable code not present) + NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/AUL7QFHBLILGISS7U63B47AYSSGJJQZD/ + NOTE: https://github.com/python/cpython/issues/112334 + NOTE: https://github.com/python/cpython/pull/112617 +CVE-2023-6245 (The Candid library causes a Denial of Service while parsing a special ...) + NOT-FOR-US: Candid +CVE-2023-6146 (A Qualys web application was found to have a stored XSS vulnerability ...) + NOT-FOR-US: Qualys +CVE-2023-49788 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2023-49782 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2023-49487 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49486 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49485 (JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49484 (Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-49444 (An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attacke ...) + NOT-FOR-US: DoraCMS +CVE-2023-49443 (DoraCMS v2.1.8 was discovered to re-use the same code for verification ...) + NOT-FOR-US: DoraCMS +CVE-2023-49007 (In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-bas ...) + NOT-FOR-US: Netgear +CVE-2023-48423 (In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-48422 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-48421 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) + NOT-FOR-US: Android +CVE-2023-48420 (there is a possible use after free due to a race condition. This could ...) + NOT-FOR-US: Android +CVE-2023-48416 (In multiple locations, there is a possible null dereference due to a m ...) + NOT-FOR-US: Android +CVE-2023-48415 (In Init of protocolembmsadapter.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-48414 (In the Pixel Camera Driver, there is a possible use after free due to ...) + NOT-FOR-US: Android +CVE-2023-48413 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-48412 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...) + NOT-FOR-US: Android +CVE-2023-48411 (In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapt ...) + NOT-FOR-US: Android +CVE-2023-48410 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...) + NOT-FOR-US: Android +CVE-2023-48409 (In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-mod ...) + NOT-FOR-US: Android +CVE-2023-48408 (In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is ...) + NOT-FOR-US: Android +CVE-2023-48407 (there is a possible DCK won't be deleted after factory reset due to a ...) + NOT-FOR-US: Android +CVE-2023-48406 (there is a possible permanent DoS or way for the modem to boot unverif ...) + NOT-FOR-US: Android +CVE-2023-48405 (there is a possible way for the secure world to write to NS memory due ...) + NOT-FOR-US: Android +CVE-2023-48404 (In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.c ...) + NOT-FOR-US: Android +CVE-2023-48403 (In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-48402 (In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing p ...) + NOT-FOR-US: Android +CVE-2023-48401 (In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-48399 (In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, th ...) + NOT-FOR-US: Android +CVE-2023-48398 (In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnet ...) + NOT-FOR-US: Android +CVE-2023-48397 (In Init of protocolcalladapter.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-47565 (An OS command injection vulnerability has been found to affect legacy ...) + NOT-FOR-US: QNAP +CVE-2023-46499 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46498 (An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46497 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46496 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46495 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46494 (Cross Site Scripting vulnerability in EverShop NPM versions before v.1 ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46493 (Directory Traversal vulnerability in EverShop NPM versions before v.1. ...) + NOT-FOR-US: EverShop NPM +CVE-2023-46157 (File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest p ...) + NOT-FOR-US: MGT CloudPanel +CVE-2023-32975 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-32968 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-6599 (Missing Standardized Error Handling Mechanism in GitHub repository mic ...) + NOT-FOR-US: microweber +CVE-2023-6581 (A vulnerability has been found in D-Link DAR-7000 up to 20231126 and c ...) + NOT-FOR-US: D-Link +CVE-2023-6580 (A vulnerability, which was classified as critical, was found in D-Link ...) + NOT-FOR-US: D-Link +CVE-2023-6579 (A vulnerability, which was classified as critical, has been found in o ...) + NOT-FOR-US: osCommerce +CVE-2023-6578 (A vulnerability classified as critical has been found in Software AG W ...) + NOT-FOR-US: Software AG WebMethods +CVE-2023-6577 (A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to ...) + NOT-FOR-US: Beijing Baichuo PatrolFlow 2530Pro +CVE-2023-6576 (A vulnerability was found in Beijing Baichuo S210 up to 20231123. It h ...) + NOT-FOR-US: Beijing Baichuo S210 +CVE-2023-6061 (Multiple components of Iconics SCADA Suite are prone to a Phantom DLL ...) + NOT-FOR-US: Iconics SCADA Suite +CVE-2023-5058 (Improper Input Validation in the processing of user-supplied splash sc ...) + NOT-FOR-US: Phoenix +CVE-2023-5008 (Student Information System v1.0 is vulnerable to an unauthenticated SQ ...) + NOT-FOR-US: Student Information System +CVE-2023-4122 (Student Information System v1.0 is vulnerable to an Insecure File Uplo ...) + NOT-FOR-US: Student Information System +CVE-2023-48929 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...) + NOT-FOR-US: Franklin Fueling Systems System Sentinel AnyWare (SSA) +CVE-2023-48928 (Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24. ...) + NOT-FOR-US: Franklin Fueling Systems System Sentinel AnyWare (SSA) +CVE-2023-48122 (An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote at ...) + NOT-FOR-US: microweber +CVE-2023-46693 (Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allo ...) + NOT-FOR-US: FormaLMS +CVE-2023-43744 (An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, ...) + NOT-FOR-US: Zultys products firmware +CVE-2023-43743 (A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virt ...) + NOT-FOR-US: Zultys products firmware +CVE-2023-43742 (An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, ...) + NOT-FOR-US: Zultys products firmware +CVE-2023-43305 (An issue in studio kent mini-app on Line v13.6.1 allows attackers to s ...) + NOT-FOR-US: studio kent mini-app on Line +CVE-2023-38174 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36880 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35618 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32460 (Dell PowerEdge BIOS contains an improper privilege management security ...) + NOT-FOR-US: Dell +CVE-2023-45866 (Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral ...) + {DLA-3689-1} + [experimental] - bluez 5.70-1.1~exp0 + - bluez 5.70-1.1 (bug #1057914) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 + NOTE: The fix for CVE-2020-0556 allows to set manually the "ClassicBondedOnly" + NOTE: configuration options but defaulted to false. +CVE-2023-6588 (Offline mode is always enabled, even if permission disallows it, in D ...) + NOT-FOR-US: Devolutions Server +CVE-2023-6575 (A vulnerability was found in Beijing Baichuo S210 up to 20231121. It h ...) + NOT-FOR-US: Beijing Baichuo S210 +CVE-2023-6574 (A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 ...) + NOT-FOR-US: Beijing Baichuo Smart S20 +CVE-2023-6333 (The affected ControlByWeb Relay products are vulnerable to a stored cr ...) + NOT-FOR-US: ControlByWeb Relay +CVE-2023-50164 (An attacker can manipulate file upload params to enable paths traversa ...) + - libstruts1.2-java + NOTE: https://lists.apache.org/thread/yh09b3fkf6vz5d6jdgrlvmg60lfwtqhj + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-066 +CVE-2023-50002 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-50001 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-50000 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-4486 (Under certain circumstances, invalid authentication credentials could ...) + NOT-FOR-US: Johnson Controls Metasys NAE55, SNE, and SNC engines +CVE-2023-49999 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) + NOT-FOR-US: Tenda +CVE-2023-49967 (Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blo ...) + NOT-FOR-US: Typecho +CVE-2023-49958 (An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (O ...) + NOT-FOR-US: Dalmann OCPP.Core +CVE-2023-49957 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) + NOT-FOR-US: Dalmann OCPP.Core +CVE-2023-49956 (An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Op ...) + NOT-FOR-US: Dalmann OCPP.Core +CVE-2023-49955 (An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Op ...) + NOT-FOR-US: Dalmann OCPP.Core +CVE-2023-49787 + REJECTED +CVE-2023-49746 (Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team S ...) + NOT-FOR-US: Softaculous Team SpeedyCache +CVE-2023-49493 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) + NOT-FOR-US: DedeCMS +CVE-2023-49492 (DedeCMS v5.7.111 was discovered to contain a reflective cross-site scr ...) + NOT-FOR-US: DedeCMS +CVE-2023-49468 (Libde265 v1.0.14 was discovered to contain a global buffer overflow vu ...) + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/432 + NOTE: Fixed by: https://github.com/strukturag/libde265/commit/3e822a3ccf88df1380b165d6ce5a00494a27ceeb +CVE-2023-49467 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/434 +CVE-2023-49465 (Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vuln ...) + - libde265 + NOTE: https://github.com/strukturag/libde265/issues/435 +CVE-2023-49464 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + - libheif + [bookworm] - libheif (Minor issue) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Vulnerable code not present) + NOTE: https://github.com/strukturag/libheif/issues/1044 + NOTE: https://github.com/strukturag/libheif/pull/1049 + NOTE: https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 +CVE-2023-49463 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + - libheif + [bookworm] - libheif (Minor issue) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Vulnerable code not present) + NOTE: https://github.com/strukturag/libheif/issues/1042 + NOTE: https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf +CVE-2023-49462 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + - libheif + [bookworm] - libheif (Minor issue) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Vulnerable code not present) + NOTE: https://github.com/strukturag/libheif/issues/1043 + NOTE: https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878cc67f3889969 +CVE-2023-49460 (libheif v1.17.5 was discovered to contain a segmentation violation via ...) + - libheif + [bookworm] - libheif (Minor issue) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Vulnerable code not present) + NOTE: https://github.com/strukturag/libheif/issues/1046 + NOTE: https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76 +CVE-2023-49437 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) + NOT-FOR-US: Tenda +CVE-2023-49436 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) + NOT-FOR-US: Tenda +CVE-2023-49435 (Tenda AX9 V22.03.01.46 is vulnerable to command injection.) + NOT-FOR-US: Tenda +CVE-2023-49434 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + NOT-FOR-US: Tenda +CVE-2023-49433 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + NOT-FOR-US: Tenda +CVE-2023-49432 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + NOT-FOR-US: Tenda +CVE-2023-49431 (Tenda AX9 V22.03.01.46 has been discovered to contain a command inject ...) + NOT-FOR-US: Tenda +CVE-2023-49430 (Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vuln ...) + NOT-FOR-US: Tenda +CVE-2023-49429 (Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injecti ...) + NOT-FOR-US: Tenda +CVE-2023-49428 (Tenda AX12 V22.03.01.46 has been discovered to contain a command injec ...) + NOT-FOR-US: Tenda +CVE-2023-49426 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-49425 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-49424 (Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-49411 (Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability v ...) + NOT-FOR-US: Tenda +CVE-2023-49410 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-49409 (Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution v ...) + NOT-FOR-US: Tenda +CVE-2023-49408 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-49406 (Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execu ...) + NOT-FOR-US: Tenda +CVE-2023-49405 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-49404 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-49403 (Tenda W30E V16.01.0.12(4843) was discovered to contain a command injec ...) + NOT-FOR-US: Tenda +CVE-2023-49402 (Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-48958 (gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_ ...) + - gpac (bug #1059056) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2689 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/249c9fc18704e6d3cb6a4b173034a41aa570e7e4 +CVE-2023-48325 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47779 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47548 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47440 (Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversa ...) + NOT-FOR-US: Gladys Assistant +CVE-2023-46974 (Cross Site Scripting vulnerability in Best Courier Management System v ...) + NOT-FOR-US: Best Courier Management System +CVE-2023-46871 (GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a mem ...) + - gpac (bug #1059056) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2658 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/03760e34d32e502a0078b20d15ea83ecaf453a5c +CVE-2023-46641 (Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45762 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41905 (NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scr ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-41804 (Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41172 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-41171 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-41170 (NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scr ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-41169 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-41168 (NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site script ...) + NOT-FOR-US: NETSCOUT nGeniusONE +CVE-2023-40302 (NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability) + NOT-FOR-US: NETSCOUT nGeniusPULSE +CVE-2023-40301 (NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.) + NOT-FOR-US: NETSCOUT nGeniusPULSE +CVE-2023-40300 (NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.) + NOT-FOR-US: NETSCOUT nGeniusPULSE +CVE-2023-39909 (Ericsson Network Manager before 23.2 mishandles Access Control and thu ...) + NOT-FOR-US: Ericsson Network Manager +CVE-2023-39172 (The affected devices transmit sensitive information unencrypted allowi ...) + NOT-FOR-US: SENEC Home +CVE-2023-39171 (SENEC Storage Box V1,V2 and V3 accidentially expose a management UI ac ...) + NOT-FOR-US: SENEC Storage Box +CVE-2023-39170 + REJECTED +CVE-2023-39169 (The affected devices use publicly available default credentials with a ...) + NOT-FOR-US: SENEC Home +CVE-2023-39168 + REJECTED +CVE-2023-39167 (InSENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker ca ...) + NOT-FOR-US: SENEC Storage Box +CVE-2023-35909 (Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35039 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33413 (The configuration functionality in the Intelligent Platform Management ...) + NOT-FOR-US: Supermicro +CVE-2023-33412 (The web interface in the Intelligent Platform Management Interface (IP ...) + NOT-FOR-US: Supermicro +CVE-2023-33411 (A web server in the Intelligent Platform Management Interface (IPMI) b ...) + NOT-FOR-US: Supermicro +CVE-2023-6568 (Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlf ...) + NOT-FOR-US: mlflow +CVE-2023-6566 (Business Logic Errors in GitHub repository microweber/microweber prior ...) + NOT-FOR-US: microweber +CVE-2023-5761 (The Burst Statistics \u2013 Privacy-Friendly Analytics for WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5714 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5713 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5712 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5711 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5710 (The System Dashboard plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49225 (A cross-site-scripting vulnerability exists in Ruckus Access Point pro ...) + NOT-FOR-US: Ruckus +CVE-2023-48861 (DLL hijacking vulnerability in TTplayer version 7.0.2, allows local at ...) + NOT-FOR-US: TTplayer +CVE-2023-48860 (TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48841 (Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Languag ...) + NOT-FOR-US: Appointment Scheduler +CVE-2023-48840 (A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3 ...) + NOT-FOR-US: Appointment Scheduler +CVE-2023-48839 (Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site ...) + NOT-FOR-US: Appointment Scheduler +CVE-2023-48838 (Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection iss ...) + NOT-FOR-US: Appointment Scheduler +CVE-2023-48837 (Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues ...) + NOT-FOR-US: Car Rental Script +CVE-2023-48836 (Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scri ...) + NOT-FOR-US: Car Rental Script +CVE-2023-48835 (Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > ...) + NOT-FOR-US: Car Rental Script +CVE-2023-48834 (A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows ...) + NOT-FOR-US: Car Rental Script +CVE-2023-48833 (A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Cale ...) + NOT-FOR-US: Time Slots Booking Calendar +CVE-2023-48831 (A lack of rate limiting in pjActionAJaxSend in Availability Booking Ca ...) + NOT-FOR-US: Availability Booking Calendar +CVE-2023-48830 (Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Lan ...) + NOT-FOR-US: Shuttle Booking Software +CVE-2023-48828 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross ...) + NOT-FOR-US: Time Slots Booking Calendar +CVE-2023-48827 (Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injecti ...) + NOT-FOR-US: Time Slots Booking Calendar +CVE-2023-48826 (Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the ...) + NOT-FOR-US: Time Slots Booking Calendar +CVE-2023-48825 (Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injec ...) + NOT-FOR-US: Availability Booking Calendar +CVE-2023-48824 (BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (X ...) + NOT-FOR-US: BoidCMS +CVE-2023-48823 (A Blind SQL injection issue in ajax.php in GaatiTrack Courier Manageme ...) + NOT-FOR-US: GaatiTrack Courier Management System +CVE-2023-48208 (A Cross Site Scripting vulnerability in Availability Booking Calendar ...) + NOT-FOR-US: Availability Booking Calendar +CVE-2023-48207 (Availability Booking Calendar 5.0 allows CSV injection via the unique ...) + NOT-FOR-US: Availability Booking Calendar +CVE-2023-48206 (A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Manag ...) + NOT-FOR-US: GaatiTrack CourierManagement System +CVE-2023-48205 (Jorani Leave Management System 1.0.2 allows a remote attacker to spoof ...) + NOT-FOR-US: Jorani Leave Management System +CVE-2023-48172 (A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software ...) + NOT-FOR-US: Shuttle Booking Software +CVE-2023-46916 (Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An att ...) + NOT-FOR-US: Maxima Max Pro Power +CVE-2023-46354 (In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46353 (In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPre ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46307 (An issue was discovered in server.js in etcd-browser 87ae63d75260. By ...) + NOT-FOR-US: etcd-browser +CVE-2023-43304 (An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to s ...) + NOT-FOR-US: PARK DANDAN mini-app on Line +CVE-2023-43303 (An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attac ...) + NOT-FOR-US: craftbeer bar canvas mini-app on Line +CVE-2023-43302 (An issue in sanTas mini-app on Line v13.6.1 allows attackers to send c ...) + NOT-FOR-US: sanTas mini-app on Line +CVE-2023-43301 (An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers ...) + NOT-FOR-US: DARTS SHOP MAXIM mini-app on Line +CVE-2023-43300 (An issue in urban_project mini-app on Line v13.6.1 allows attackers to ...) + NOT-FOR-US: urban_project mini-app on Line +CVE-2023-43299 (An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to s ...) + NOT-FOR-US: DA BUTCHERS mini-app on Line +CVE-2023-43298 (An issue in SCOL Members Card mini-app on Line v13.6.1 allows attacker ...) + NOT-FOR-US: SCOL Members Card mini-app on Line +CVE-2023-43103 (An XSS issue was discovered in a web endpoint in Zimbra Collaboration ...) + NOT-FOR-US: Zimbra +CVE-2023-43102 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. A ...) + NOT-FOR-US: Zimbra +CVE-2023-41106 (An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. A ...) + NOT-FOR-US: Zimbra +CVE-2023-40238 (A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O w ...) + NOT-FOR-US: Insyde +CVE-2023-6560 (An out-of-bounds memory access flaw was found in the io_uring SQ/CQ ri ...) + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/820d070feb668aab5bc9413c285a1dda2a70e076 (6.7-rc4) +CVE-2023-5384 (A flaw was found in Infinispan. When serializing the configuration for ...) + NOT-FOR-US: Infinispan +CVE-2023-6514 (The Bluetooth module of some Huawei Smart Screen products has an ident ...) + NOT-FOR-US: Huawei +CVE-2023-6459 (Mattermost is grouping calls inthe /metrics endpoint by id and reports ...) + - mattermost-server (bug #823556) +CVE-2023-6458 (Mattermost webapp fails to validateroute parameters in//cha ...) + - mattermost-server (bug #823556) +CVE-2023-6393 (A flaw was found in the Quarkus Cache Runtime. When request processing ...) + NOT-FOR-US: Quarkus +CVE-2023-6291 + NOT-FOR-US: Keycloak +CVE-2023-6288 (Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on mac ...) + NOT-FOR-US: Devolutions +CVE-2023-6273 (Permission management vulnerability in the module for disabling Sound ...) + NOT-FOR-US: Huawei +CVE-2023-49248 (Vulnerability of unauthorized file access in the Settings app. Success ...) + NOT-FOR-US: Huawei +CVE-2023-49247 (Permission verification vulnerability in distributed scenarios. Succes ...) + NOT-FOR-US: Huawei +CVE-2023-49246 (Unauthorized access vulnerability in the card management module. Succe ...) + NOT-FOR-US: Huawei +CVE-2023-49245 (Unauthorized access vulnerability in the Huawei Share module. Successf ...) + NOT-FOR-US: Huawei +CVE-2023-49244 (Permission management vulnerability in the multi-user module. Successf ...) + NOT-FOR-US: Huawei +CVE-2023-49243 (Vulnerability of unauthorized access to email attachments in the email ...) + NOT-FOR-US: Huawei +CVE-2023-49242 (Free broadcast vulnerability in the running management module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-49241 (API permission control vulnerability in the network management module. ...) + NOT-FOR-US: Huawei +CVE-2023-49240 (Unauthorized access vulnerability in the launcher module. Successful e ...) + NOT-FOR-US: Huawei +CVE-2023-49239 (Unauthorized access vulnerability in the card management module. Succe ...) + NOT-FOR-US: Huawei +CVE-2023-49096 (Jellyfin is a Free Software Media System for managing and streaming me ...) + - jellyfin (bug #994189) +CVE-2023-48859 (TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authenticatio ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48123 (An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v ...) + NOT-FOR-US: Netgate pfSense Plus +CVE-2023-46773 (Permission management vulnerability in the PMS module. Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-46751 (An issue was discovered in the function gdev_prn_open_printer_seekable ...) + {DSA-5578-1} + - ghostscript 10.02.1~dfsg-1 + [bullseye] - ghostscript (Vulnerable code introduced later) + [buster] - ghostscript (Vulnerable code introduced later) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707264 (restricted) + NOTE: Introduced with: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e1a3956f252404f07d93be47f7845b23e4a2c4de + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=dcdbc595c13c9d11d235702dff46bb74c80f7698 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d2da96e81c7455338302c71a291088a8396245a (ghostpdl-10.02.1) +CVE-2023-46688 (Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows ...) + NOT-FOR-US: Pleasanter +CVE-2023-45210 (Pleasanter 1.3.47.0 and earlier contains an improper access control vu ...) + NOT-FOR-US: Pleasanter +CVE-2023-44113 (Vulnerability of missing permission verification for APIs in the Desig ...) + NOT-FOR-US: Huawei +CVE-2023-44099 (Vulnerability of data verification errors in the kernel module. Succes ...) + NOT-FOR-US: Huawei +CVE-2023-39539 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...) + NOT-FOR-US: AMI AptioV +CVE-2023-39538 (AMI AptioV contains a vulnerability in BIOS where a User may cause an ...) + NOT-FOR-US: AMI AptioV +CVE-2023-36655 (The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Activ ...) + NOT-FOR-US: ProLion CryptoSpike +CVE-2023-34439 (Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting ...) + NOT-FOR-US: Pleasanter +CVE-2023-32268 (Exposure of Proxy Administrator Credentials An authenticated administ ...) + NOT-FOR-US: Microfocus +CVE-2023-46218 (This flaw allows a malicious HTTP server to set "super cookies" in cur ...) + {DLA-3692-1} + - curl 8.5.0-1 (bug #1057646) + NOTE: Introduced by: https://github.com/curl/curl/commit/e77b5b7453c1e8ccd7ec0816890d98e2f392e465 (curl-7_46_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/2b0994c29a721c91c572cff7808c572a24d251eb (curl-8_5_0) + NOTE: https://curl.se/docs/CVE-2023-46218.html +CVE-2023-46219 (When saving HSTS data to an excessively long file name, curl could end ...) + - curl 8.5.0-1 (bug #1057645) + [bullseye] - curl (curl is not built with HSTS support) + [buster] - curl (Not affected by CVE-2022-32207) + NOTE: Introduced by: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0) + NOTE: The issue is introduced with the fix for CVE-2022-32207. + NOTE: Fixed by: https://github.com/curl/curl/commit/73b65e94f3531179de45c6f3c836a610e3d0a846 (curl-8_5_0) + NOTE: https://curl.se/docs/CVE-2023-46219.html +CVE-2023-6527 (The Email Subscription Popup plugin for WordPress is vulnerable to Ref ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5970 (Improper authentication in the SMA100 SSL-VPN virtual office portal al ...) + NOT-FOR-US: SonicWall +CVE-2023-49897 (An OS command injection vulnerability exists in AE1021PE firmware vers ...) + NOT-FOR-US: AE1021PE firmware +CVE-2023-49297 (PyDrive2 is a wrapper library of google-api-python-client that simplif ...) + - pydrive2 (bug #1057647) + NOTE: https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5 + NOTE: https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004 (1.16.2) +CVE-2023-49283 (microsoft-graph-core the Microsoft Graph Library for PHP. The Microsof ...) + NOT-FOR-US: microsoft-graph-core +CVE-2023-49282 (msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft ...) + NOT-FOR-US: msgraph-sdk-php +CVE-2023-48940 (A stored cross-site scripting (XSS) vulnerability in /admin.php of Dai ...) + NOT-FOR-US: DaiCuo +CVE-2023-48930 (xinhu xinhuoa 2.2.1 contains a File upload vulnerability.) + NOT-FOR-US: xinhu xinhuoa +CVE-2023-48849 (Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows un ...) + NOT-FOR-US: Ruijie EG Series Routers +CVE-2023-46736 (EspoCRM is an Open Source CRM (Customer Relationship Management) softw ...) + NOT-FOR-US: EspoCRM +CVE-2023-44221 (Improper neutralization of special elements in the SMA100 SSL-VPN mana ...) + NOT-FOR-US: SonicWall +CVE-2023-41268 (Improper input validation vulnerability in Samsung Open Source Escargo ...) + NOT-FOR-US: Samsung +CVE-2023-40053 (A vulnerability has been identified within Serv-U 15.4 that allows an ...) + NOT-FOR-US: SolarWinds +CVE-2023-6512 (Inappropriate implementation in Web Browser UI in Google Chrome prior ...) + {DSA-5573-1} + - chromium 120.0.6099.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6511 (Inappropriate implementation in Autofill in Google Chrome prior to 120 ...) + {DSA-5573-1} + - chromium 120.0.6099.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6510 (Use after free in Media Capture in Google Chrome prior to 120.0.6099.6 ...) + {DSA-5573-1} + - chromium 120.0.6099.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6509 (Use after free in Side Panel Search in Google Chrome prior to 120.0.60 ...) + {DSA-5573-1} + - chromium 120.0.6099.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6508 (Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 ...) + {DSA-5573-1} + - chromium 120.0.6099.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-39326 (A malicious HTTP sender can use chunk extensions to cause a receiver r ...) + - golang-1.21 1.21.5-1 + - golang-1.20 1.20.12-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + NOTE: https://go.dev/issue/64433 + NOTE: https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5) + NOTE: https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12) +CVE-2023-45285 (Using go get to fetch a module with the ".git" suffix may unexpectedly ...) + - golang-1.21 1.21.5-1 + - golang-1.20 1.20.12-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + NOTE: https://go.dev/issue/63845 + NOTE: https://github.com/golang/go/commit/23c943e5296c6fa3a6f9433bd929306c4dbf2aa3 (go1.21.5) + NOTE: https://github.com/golang/go/commit/46bc33819ac86a9596b8059235842f0e0c7469bd (go1.20.12) +CVE-2023-6448 (Unitronics VisiLogic before version 9.9.00, used in Vision and Samba P ...) + NOT-FOR-US: Unitronics Vision +CVE-2023-6357 (A low-privileged remote attacker could exploit the vulnerability and i ...) + NOT-FOR-US: CODESYS +CVE-2023-6180 (The tokio-boring library in version 4.0.0 is affected by a memory leak ...) + NOT-FOR-US: tokio-boring Rust library +CVE-2023-49448 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49447 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49446 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49398 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49397 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49396 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49395 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49383 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49382 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49381 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49380 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49379 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49378 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49377 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49376 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49375 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49374 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49373 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-49372 (JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: JFinalCMS +CVE-2023-46674 (An issue was identified that allowed the unsafe deserialization of jav ...) + NOT-FOR-US: Elasticsearch-hadoop +CVE-2023-45842 (Multiple data integrity vulnerabilities exist in the package hash chec ...) + NOT-FOR-US: Buildroot +CVE-2023-45841 (Multiple data integrity vulnerabilities exist in the package hash chec ...) + NOT-FOR-US: Buildroot +CVE-2023-45840 (Multiple data integrity vulnerabilities exist in the package hash chec ...) + NOT-FOR-US: Buildroot +CVE-2023-45839 (Multiple data integrity vulnerabilities exist in the package hash chec ...) + NOT-FOR-US: Buildroot +CVE-2023-45838 (Multiple data integrity vulnerabilities exist in the package hash chec ...) + NOT-FOR-US: Buildroot +CVE-2023-45287 (Before Go 1.20, the RSA based TLS key exchanges used the math/big libr ...) + - golang-1.20 (Fixed before initial upload to Debian) + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue; intrusive backport) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue; intrusive backport) + - golang-1.11 + NOTE: https://go.dev/issue/20654 + NOTE: https://go.dev/cl/326012/26 + NOTE: https://groups.google.com/g/golang-announce/c/QMK8IQALDvA + NOTE: https://people.redhat.com/~hkario/marvin/ + NOTE: https://pkg.go.dev/vuln/GO-2023-2375 + NOTE: Fixed by: https://github.com/golang/go/commit/8a81fdf165facdcefa06531de5af98a4db343035 (go1.20rc1) +CVE-2023-45085 (An issue exists in SoftIron HyperCloud where compute nodes may come on ...) + NOT-FOR-US: SoftIron HyperCloud +CVE-2023-45084 (An issue exists in SoftIron HyperCloud where drive caddy removal and r ...) + NOT-FOR-US: SoftIron HyperCloud +CVE-2023-45083 (An Improper Privilege Management vulnerability exists in HyperCloud th ...) + NOT-FOR-US: SoftIron HyperCloud +CVE-2023-44298 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) + NOT-FOR-US: Dell +CVE-2023-44297 (Dell PowerEdge platforms 16G Intel E5 BIOS and Dell Precision BIOS, ve ...) + NOT-FOR-US: Dell +CVE-2023-43628 (An integer underflow vulnerability exists in the NTRIP Stream Parsing ...) + - gpsd (Vulnerable code introduced later, cf bug #1057667) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1860 + NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/6ccd477f5e21a45f6c52a21ad323c93e59aa2461 + NOTE: Introduced by: https://gitlab.com/gpsd/gpsd/-/commit/c1c1c2706c4f5b9bf3be437d0a8f0106ef00c5e7 + NOTE: Fixed by: https://gitlab.com/gpsd/gpsd/-/commit/3e5c6c28c422102dd453e31912e1e79d1f7ff7f2 +CVE-2023-43608 (A data integrity vulnerability exists in the BR_NO_CHECK_HASH_FOR func ...) + NOT-FOR-US: Buildroot +CVE-2023-41835 (When a Multipart request is performed but some of the fields exceed th ...) + - libstruts1.2-java + NOTE: https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-065 +CVE-2023-49070 (Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPCno longer m ...) + NOT-FOR-US: Apache OFBiz +CVE-2023-6269 (An argument injection vulnerability has been identified in the admini ...) + NOT-FOR-US: Atos +CVE-2023-6063 (The WP Fastest Cache WordPress plugin before 1.2.2 does not properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5990 (The Interactive Contact Form and Multi Step Form Builder with Drag & D ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5979 (The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5953 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5952 (The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5951 (The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5944 (Delta ElectronicsDOPSoft is vulnerable to a stack-based buffer overflo ...) + NOT-FOR-US: Delta Electronics +CVE-2023-5884 (The Word Balloon WordPress plugin before 4.20.3 does not protect some ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5874 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5809 (The Popup box WordPress plugin before 3.8.6 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5808 (SMU versions prior to 14.8.7825.01 are susceptible to unintended infor ...) + NOT-FOR-US: Hitachi +CVE-2023-5762 (The Filr WordPress plugin before 1.2.3.6 is vulnerable from an RCE (Re ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5210 (The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5188 (The MMS Interpreter of WagoAppRTU in versions below 1.4.6.0 which is u ...) + NOT-FOR-US: WagoAppRTU +CVE-2023-5141 (The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5137 (The Simply Excerpts WordPress plugin through 1.4 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5108 (The Easy Newsletter Signups WordPress plugin through 1.0.4 does not pr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5105 (The Frontend File Manager Plugin WordPress plugin before 22.6 has a vu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4460 (The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 d ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49293 (Vite is a website frontend framework. When Vite's HTML transformation ...) + NOT-FOR-US: Vite +CVE-2023-49292 (ecies is an Elliptic Curve Integrated Encryption Scheme for secp256k1 ...) + NOT-FOR-US: ecies +CVE-2023-49291 (tj-actions/branch-names is a Github action to retrieve branch or tag n ...) + NOT-FOR-US: Github action +CVE-2023-49290 (lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/J ...) + NOT-FOR-US: lestrrat-go/jwx +CVE-2023-49289 (Ajax.NET Professional (AjaxPro) is an AJAX framework for Microsoft ASP ...) + NOT-FOR-US: Ajax.NET Professional +CVE-2023-49284 (fish is a smart and user-friendly command line shell for macOS, Linux, ...) + - fish 3.6.4-1 (bug #1057455) + [bookworm] - fish (Minor issue) + [bullseye] - fish (Minor issue) + [buster] - fish (Minor issue) + NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f + NOTE: https://github.com/fish-shell/fish-shell/commit/09986f5563e31e2c900a606438f1d60d008f3a14 (3.6.2) +CVE-2023-49280 (XWiki Change Request is an XWiki application allowing to request chang ...) + NOT-FOR-US: XWiki +CVE-2023-49080 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...) + - jupyter-server (unimportant; bug #1057454) + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-h56g-gq9v-vc8r + NOTE: https://github.com/jupyter-server/jupyter_server/commit/0056c3aa52cbb28b263a7a609ae5f17618b36652 (v2.11.2) + NOTE: Path disclosure has no security impact as packaged in Debian +CVE-2023-48698 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2023-48697 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2023-48696 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2023-48695 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2023-48694 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2023-48693 (Azure RTOS ThreadX is an advanced real-time operating system (RTOS) de ...) + NOT-FOR-US: Azure RTOS +CVE-2023-48692 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) + NOT-FOR-US: Azure RTOS +CVE-2023-48691 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) + NOT-FOR-US: Azure RTOS +CVE-2023-48316 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) + NOT-FOR-US: Azure RTOS +CVE-2023-48315 (Azure RTOS NetX Duo is a TCP/IP network stack designed specifically fo ...) + NOT-FOR-US: Azure RTOS +CVE-2023-47633 (Traefik is an open source HTTP reverse proxy and load balancer. The tr ...) + - traefik (bug #983289) +CVE-2023-47304 (An issue was discovered in Vonage Box Telephone Adapter VDV23 version ...) + NOT-FOR-US: Vonage Box Telephone Adapter VDV23 +CVE-2023-47124 (Traefik is an open source HTTP reverse proxy and load balancer. When T ...) + - traefik (bug #983289) +CVE-2023-47106 (Traefik is an open source HTTP reverse proxy and load balancer. When a ...) + - traefik (bug #983289) +CVE-2023-45781 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2023-45779 (In TBD of TBD, there is a possible malicious update to platform compon ...) + NOT-FOR-US: Android +CVE-2023-45777 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...) + NOT-FOR-US: Android +CVE-2023-45776 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-45775 (In CreateAudioBroadcast of broadcaster.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-45774 (In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-45773 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-44295 (Dell PowerScale OneFS versions 8.2.2.x through 9.6.0.x contains an imp ...) + NOT-FOR-US: Dell +CVE-2023-44288 (Dell PowerScale OneFS, 8.2.2.x through 9.6.0.x, contains an improper c ...) + NOT-FOR-US: Dell +CVE-2023-43472 (An issue in MLFlow versions 2.8.1 and before allows a remote attacker ...) + NOT-FOR-US: mlflow +CVE-2023-42581 (Improper URL validation from InstantPlay deeplink in Galaxy Store prio ...) + NOT-FOR-US: Samsung +CVE-2023-42580 (Improper URL validation from MCSLaunch deeplink in Galaxy Store prior ...) + NOT-FOR-US: Samsung +CVE-2023-42579 (Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese ...) + NOT-FOR-US: Samsung +CVE-2023-42578 (Improper handling of insufficient permissions or privileges vulnerabil ...) + NOT-FOR-US: Samsung +CVE-2023-42577 (Improper Access Control in Samsung Voice Recorder prior to versions 21 ...) + NOT-FOR-US: Samsung +CVE-2023-42576 (Improper Authentication vulnerability in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-42575 (Improper Authentication vulnerability in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-42574 (Improper access control vulnerablility in GameHomeCN prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-42573 (PendingIntent hijacking vulnerability in Search Widget prior to versio ...) + NOT-FOR-US: Samsung +CVE-2023-42572 (Implicit intent hijacking vulnerability in Samsung Account Web SDK pri ...) + NOT-FOR-US: Samsung +CVE-2023-42571 (Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 all ...) + NOT-FOR-US: Samsung +CVE-2023-42570 (Improper access control vulnerability in KnoxCustomManagerService prio ...) + NOT-FOR-US: Samsung +CVE-2023-42569 (Improper authorization verification vulnerability in AR Emoji prior to ...) + NOT-FOR-US: Samsung +CVE-2023-42568 (Improper access control vulnerability in SmartManagerCN prior to SMR D ...) + NOT-FOR-US: Samsung +CVE-2023-42567 (Improper size check vulnerability in softsimd prior to SMR Dec-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-42566 (Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-42565 (Improper input validation vulnerability in Smart Clip prior to SMR Dec ...) + NOT-FOR-US: Samsung +CVE-2023-42564 (Improper access control in knoxcustom service prior to SMR Dec-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-42563 (Integer overflow vulnerability in landmarkCopyImageToNative of libFace ...) + NOT-FOR-US: Samsung +CVE-2023-42562 (Integer overflow vulnerability in detectionFindFaceSupportMultiInstanc ...) + NOT-FOR-US: Samsung +CVE-2023-42561 (Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec- ...) + NOT-FOR-US: Samsung +CVE-2023-42560 (Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.s ...) + NOT-FOR-US: Samsung +CVE-2023-42559 (Improper exception management vulnerability in Knox Guard prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-42558 (Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-42557 (Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-42556 (Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-40465 (Several versions of ALEOS, including ALEOS 4.16.0, include an opensour ...) + NOT-FOR-US: ALEOS +CVE-2023-40464 (Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded ...) + NOT-FOR-US: ALEOS +CVE-2023-40463 (When configured in debugging mode by an authenticated user with adm ...) + NOT-FOR-US: ALEOS +CVE-2023-40462 (The ACEManager component of ALEOS 4.16 and earlier does not perform ...) + NOT-FOR-US: ALEOS +CVE-2023-40461 (The ACEManager component of ALEOS 4.16 and earlier allows an authen ...) + NOT-FOR-US: ALEOS +CVE-2023-40460 (The ACEManager component of ALEOS 4.16 and earlier does not validat ...) + NOT-FOR-US: ALEOS +CVE-2023-40459 (The ACEManager component of ALEOS 4.16 and earlier does not adequately ...) + NOT-FOR-US: ALEOS +CVE-2023-40103 (In multiple locations, there is a possible way to corrupt memory due t ...) + NOT-FOR-US: Android +CVE-2023-40098 (In mOnDone of NotificationConversationInfo.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2023-40097 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...) + NOT-FOR-US: Android +CVE-2023-40096 (In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is ...) + NOT-FOR-US: Android +CVE-2023-40095 (In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, th ...) + NOT-FOR-US: Android +CVE-2023-40094 (In keyguardGoingAway of ActivityTaskManagerService.java, there is a po ...) + NOT-FOR-US: Android +CVE-2023-40092 (In verifyShortcutInfoPackage of ShortcutService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-40091 (In onTransact of IncidentService.cpp, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-40090 (In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to by ...) + NOT-FOR-US: Android +CVE-2023-40089 (In getCredentialManagerPolicy of DevicePolicyManagerService.java, ther ...) + NOT-FOR-US: Android +CVE-2023-40088 (In callback_thread_event of com_android_bluetooth_btservice_AdapterSer ...) + NOT-FOR-US: Android +CVE-2023-40087 (In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-40084 (In run of MDnsSdListener.cpp, there is a possible memory corruption du ...) + NOT-FOR-US: Android +CVE-2023-40083 (In parse_gap_data of utils.cc, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2023-40082 (In modify_for_next_stage of fdt.rs, there is a possible way to render ...) + NOT-FOR-US: Android +CVE-2023-40081 (In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a p ...) + NOT-FOR-US: Android +CVE-2023-40080 (In multiple functions of btm_ble_gap.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-40079 (In injectSendIntentSender of ShortcutService.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-40078 (In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder. ...) + NOT-FOR-US: Android +CVE-2023-40077 (In multiple functions of MetaDataBase.cpp, there is a possible UAF wri ...) + NOT-FOR-US: Android +CVE-2023-40076 (In createPendingIntent of CredentialManagerUi.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-40075 (In forceReplaceShortcutInner of ShortcutPackage.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-40074 (In saveToXml of PersistableBundle.java, invalid data could lead to loc ...) + NOT-FOR-US: Android +CVE-2023-40073 (In visitUris of Notification.java, there is a possible cross-user medi ...) + NOT-FOR-US: Android +CVE-2023-39248 (Dell OS10 Networking Switches running 10.5.2.x and above contain an Un ...) + NOT-FOR-US: Dell +CVE-2023-37572 (Softing OPC Suite version 5.25 and before has Incorrect Access Control ...) + NOT-FOR-US: Softing OPC Suite +CVE-2023-35690 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-35668 (In visitUris of Notification.java, there is a possible way to display ...) + NOT-FOR-US: Android +CVE-2023-33107 (Memory corruption in Graphics Linux while assigning shared virtual mem ...) + NOT-FOR-US: Qualcomm +CVE-2023-33106 (Memory corruption while submitting a large list of sync points in an A ...) + NOT-FOR-US: Qualcomm +CVE-2023-33098 (Transient DOS while parsing WPA IES, when it is passed with length mor ...) + NOT-FOR-US: Qualcomm +CVE-2023-33097 (Transient DOS in WLAN Firmware while processing a FTMR frame.) + NOT-FOR-US: Qualcomm +CVE-2023-33092 (Memory corruption while processing pin reply in Bluetooth, when pin co ...) + NOT-FOR-US: Qualcomm +CVE-2023-33089 (Transient DOS when processing a NULL buffer while parsing WLAN vdev.) + NOT-FOR-US: Qualcomm +CVE-2023-33088 (Memory corruption when processing cmd parameters while parsing vdev.) + NOT-FOR-US: Qualcomm +CVE-2023-33087 (Memory corruption in Core while processing RX intent request.) + NOT-FOR-US: Qualcomm +CVE-2023-33083 (Memory corruption in WLAN Host while processing RRM beacon on the AP.) + NOT-FOR-US: Qualcomm +CVE-2023-33082 (Memory corruption while sending an Assoc Request having BTM Query or B ...) + NOT-FOR-US: Qualcomm +CVE-2023-33081 (Transient DOS while converting TWT (Target Wake Time) frame parameters ...) + NOT-FOR-US: Qualcomm +CVE-2023-33080 (Transient DOS while parsing a vender specific IE (Information Element) ...) + NOT-FOR-US: Qualcomm +CVE-2023-33079 (Memory corruption in Audio while running invalid audio recording from ...) + NOT-FOR-US: Qualcomm +CVE-2023-33071 (Memory corruption in Automotive OS whenever untrusted apps try to acce ...) + NOT-FOR-US: Qualcomm +CVE-2023-33070 (Transient DOS in Automotive OS due to improper authentication to the s ...) + NOT-FOR-US: Qualcomm +CVE-2023-33063 (Memory corruption in DSP Services during a remote call from HLOS to DS ...) + NOT-FOR-US: Qualcomm +CVE-2023-33054 (Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS ...) + NOT-FOR-US: Qualcomm +CVE-2023-33053 (Memory corruption in Kernel while parsing metadata.) + NOT-FOR-US: Qualcomm +CVE-2023-33044 (Transient DOS in Data modem while handling TLB control messages from t ...) + NOT-FOR-US: Qualcomm +CVE-2023-33043 (Transient DOS in Modem when a Beam switch request is made with a non-c ...) + NOT-FOR-US: Qualcomm +CVE-2023-33042 (Transient DOS in Modem after RRC Setup message is received.) + NOT-FOR-US: Qualcomm +CVE-2023-33041 (Under certain scenarios the WLAN Firmware will reach an assertion due ...) + NOT-FOR-US: Qualcomm +CVE-2023-33024 (Memory corruption while sending SMS from AP firmware.) + NOT-FOR-US: Qualcomm +CVE-2023-33022 (Memory corruption in HLOS while invoking IOCTL calls from user-space.) + NOT-FOR-US: Qualcomm +CVE-2023-33018 (Memory corruption while using the UIM diag command to get the operator ...) + NOT-FOR-US: Qualcomm +CVE-2023-33017 (Memory corruption in Boot while running a ListVars test in UEFI Menu d ...) + NOT-FOR-US: Qualcomm +CVE-2023-4503 + NOT-FOR-US: Red Hat EAP-Galleon +CVE-2023-6484 + NOT-FOR-US: Keycloak +CVE-2023-6481 (A serialization vulnerability in logback receiver component part of l ...) + - logback (Incomplte fix not applied) + NOTE: https://logback.qos.ch/news.html#1.3.14 + NOTE: https://logback.qos.ch/news.html#1.2.13 +CVE-2023-6460 (A potential logging of the firestore key via logging within nodejs-fir ...) + NOT-FOR-US: nodejs-firestore +CVE-2023-5768 (A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU ...) + NOT-FOR-US: Hitachi +CVE-2023-5767 (A vulnerability exists in the webserver that affects the RTU500 serie ...) + NOT-FOR-US: Hitachi +CVE-2023-48967 (Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of Untru ...) + NOT-FOR-US: Ssolon +CVE-2023-48966 (An arbitrary file upload vulnerability in the component /admin/api.upl ...) + NOT-FOR-US: ThinkAdmin +CVE-2023-48965 (An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.5 ...) + NOT-FOR-US: ThinkAdmin +CVE-2023-48910 (Microcks up to 1.17.1 was discovered to contain a Server-Side Request ...) + NOT-FOR-US: Microcks +CVE-2023-48866 (A Cross-Site Scripting (XSS) vulnerability in the recipe preparation c ...) + - grocy (bug #969056) +CVE-2023-48863 (SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security ...) + NOT-FOR-US: SEMCMS +CVE-2023-48815 (kkFileView v4.3.0 is vulnerable to Incorrect Access Control.) + NOT-FOR-US: kkFileView +CVE-2023-48800 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48799 (TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-44306 (Dell DM5500 contains a path traversal vulnerability in the appliance. ...) + NOT-FOR-US: Dell +CVE-2023-44305 (Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerabi ...) + NOT-FOR-US: Dell +CVE-2023-44304 (Dell DM5500 contains a privilege escalation vulnerability in the appli ...) + NOT-FOR-US: Dell +CVE-2023-44302 (Dell DM5500 5.14.0.0 and prior contain an improper authentication vuln ...) + NOT-FOR-US: Dell +CVE-2023-44301 (Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scriptin ...) + NOT-FOR-US: Dell +CVE-2023-44300 (Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerabil ...) + NOT-FOR-US: Dell +CVE-2023-44291 (Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in ...) + NOT-FOR-US: Dell +CVE-2023-41613 (EzViz Studio v2.2.0 is vulnerable to DLL hijacking.) + NOT-FOR-US: EzViz Studio +CVE-2023-32804 (Out-of-bounds Write vulnerability in Arm Ltd Midgard GPU Userspace Dri ...) + NOT-FOR-US: Arm +CVE-2023-5332 (Patch in third party library Consul requires 'enable-script-checks' to ...) + - consul + [bullseye] - consul (Minor issue) + [buster] - consul (Minor issue) + NOTE: https://gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171 + NOTE: https://www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurations +CVE-2023-49287 (TinyDir is a lightweight C directory and file reader. Buffer overflows ...) + TODO: potentally affects falcosecurity-libs, gemmi, lwip + NOTE: https://www.openwall.com/lists/oss-security/2023/12/04/1 + NOTE: https://github.com/cxong/tinydir/security/advisories/GHSA-jf5r-wgf4-qhxf +CVE-2023-49108 (Path traversal vulnerability exists in RakRak Document Plus Ver.3.2.0. ...) + NOT-FOR-US: RakRak Document Plus +CVE-2023-49093 (HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerab ...) + - jenkins-htmlunit-core-js + - htmlunit + NOTE: https://github.com/HtmlUnit/htmlunit/security/advisories/GHSA-37vq-hr2f-g7h7 +CVE-2023-47701 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-46167 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-42751 (In gnss service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2023-42749 (In enginnermode service, there is a possible way to write permission u ...) + NOT-FOR-US: Unisoc +CVE-2023-42748 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42747 (In camera service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42746 (In power manager, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2023-42745 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42744 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42743 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42742 (In sysui, there is a possible missing permission check. This could lea ...) + NOT-FOR-US: Unisoc +CVE-2023-42741 (In telecom service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42740 (In telecom service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42739 (In engineermode service, there is a possible way to write permission u ...) + NOT-FOR-US: Unisoc +CVE-2023-42738 (In telocom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42737 (In telecom service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42736 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42735 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42734 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42733 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42732 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42731 (In Gnss service, there is a possible out of bounds read due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2023-42730 (In IMS service, there is a possible way to write permission usage reco ...) + NOT-FOR-US: Unisoc +CVE-2023-42729 (In ril service, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2023-42728 (In phasecheckserver, there is a possible out of bounds read due to a m ...) + NOT-FOR-US: Unisoc +CVE-2023-42727 (In gpu driver, there is a possible out of bounds write due to a incorr ...) + NOT-FOR-US: Unisoc +CVE-2023-42726 (In TeleService, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2023-42725 (In gpu driver, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-42724 (In gpu driver, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-42723 (In camera service, there is a possible out of bounds read due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2023-42722 (In camera service, there is a possible use after free due to a logic e ...) + NOT-FOR-US: Unisoc +CVE-2023-42721 (In flv extractor, there is a possible missing verification incorrect i ...) + NOT-FOR-US: Unisoc +CVE-2023-42720 (In video service, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2023-42719 (In video service, there is a possible out of bounds read due to a inco ...) + NOT-FOR-US: Unisoc +CVE-2023-42718 (In dialer, there is a possible way to write permission usage records o ...) + NOT-FOR-US: Unisoc +CVE-2023-42717 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42716 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42715 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-42714 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42713 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42712 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42711 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42710 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42709 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42708 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42707 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42706 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42705 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42704 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42703 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42702 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42701 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42700 (In firewall service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-42699 (In omacp service, there is a possible way to write permission usage re ...) + NOT-FOR-US: Unisoc +CVE-2023-42698 (In omacp service, there is a possible way to write permission usage re ...) + NOT-FOR-US: Unisoc +CVE-2023-42697 (In omacp service, there is a possible way to write permission usage re ...) + NOT-FOR-US: Unisoc +CVE-2023-42696 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42695 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42694 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42693 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42692 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42691 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42690 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42689 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42688 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42687 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42686 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42685 (In wifi service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42684 (In gsp driver, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-42683 (In gsp driver, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-42682 (In gsp driver, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2023-42681 (In ion service, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2023-42680 (In gpu driver, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-42679 (In gpu driver, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2023-42678 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42677 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42676 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42675 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42674 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42673 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42672 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-42671 (In imsservice, there is a possible way to write permission usage recor ...) + NOT-FOR-US: Unisoc +CVE-2023-40692 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-40687 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-38727 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-38003 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-32870 (In display drm, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-32869 (In display drm, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-32868 (In display drm, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-32867 (In display drm, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-32866 (In mmp, there is a possible memory corruption due to an incorrect boun ...) + NOT-FOR-US: MediaTek +CVE-2023-32865 (In display drm, there is a possible out of bounds write due to an inco ...) + NOT-FOR-US: MediaTek +CVE-2023-32864 (In display drm, there is a possible out of bounds write due to an inco ...) + NOT-FOR-US: MediaTek +CVE-2023-32863 (In display drm, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-32862 (In display, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: MediaTek +CVE-2023-32861 (In display, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: MediaTek +CVE-2023-32860 (In display, there is a possible classic buffer overflow due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-32859 (In meta, there is a possible classic buffer overflow due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2023-32858 (In GZ, there is a possible information disclosure due to a missing dat ...) + NOT-FOR-US: MediaTek +CVE-2023-32857 (In display, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: MediaTek +CVE-2023-32856 (In display, there is a possible out of bounds read due to an incorrect ...) + NOT-FOR-US: MediaTek +CVE-2023-32855 (In aee, there is a possible escalation of privilege due to a missing p ...) + NOT-FOR-US: MediaTek +CVE-2023-32854 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-32853 (In rpmb, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek +CVE-2023-32852 (In cameraisp, there is a possible information disclosure due to improp ...) + NOT-FOR-US: MediaTek +CVE-2023-32851 (In decoder, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediaTek +CVE-2023-32850 (In decoder, there is a possible out of bounds write due to an integer ...) + NOT-FOR-US: MediaTek +CVE-2023-32849 (In cmdq, there is a possible out of bounds write due to type confusion ...) + NOT-FOR-US: MediaTek +CVE-2023-32848 (In vdec, there is a possible out of bounds write due to type confusion ...) + NOT-FOR-US: MediaTek +CVE-2023-32847 (In audio, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-32846 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-32845 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-32844 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-32843 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-32842 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-32841 (In 5G Modem, there is a possible system crash due to improper error ha ...) + NOT-FOR-US: MediaTek +CVE-2023-49948 (Forgejo before 1.20.5-1 allows remote attackers to test for the existe ...) + NOT-FOR-US: Forgejo +CVE-2023-49947 (Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic ...) + NOT-FOR-US: Forgejo +CVE-2023-49946 (In Forgejo before 1.20.5-1, certain endpoints do not check whether an ...) + NOT-FOR-US: Forgejo +CVE-2023-45178 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2022-4957 (A vulnerability was found in librespeed speedtest up to 5.2.4. It has ...) + - librespeed-speedtest (bug #970554) +CVE-2020-36768 (A vulnerability was found in rl-institut NESP2 Initial Release/1.0. It ...) + NOT-FOR-US: rl-institut NESP2 +CVE-2018-25094 (A vulnerability was found in \u0e23\u0e30\u0e1a\u0e1a\u0e1a\u0e31\u0e0 ...) + NOT-FOR-US: some PHP Online Accounting System +CVE-2023-6474 (A vulnerability has been found in PHPGurukul Nipah Virus Testing Manag ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6473 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Online Quiz System +CVE-2023-49926 (app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS ...) + NOT-FOR-US: MISP +CVE-2023-47100 (In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write t ...) + NOTE: Duplicate of CVE-2023-47038 (MITRE CNA contacted) +CVE-2023-6472 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: PHPEMS +CVE-2023-6467 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated a ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6466 (A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declare ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-6465 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6464 (A vulnerability was found in SourceCodester User Registration and Logi ...) + NOT-FOR-US: SourceCodester User Registration and Login System +CVE-2023-6463 (A vulnerability has been found in SourceCodester User Registration and ...) + NOT-FOR-US: SourceCodester User Registration and Login System +CVE-2023-6462 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester User Registration and Login System +CVE-2023-49914 (InteraXon Muse 2 devices allow remote attackers to cause a denial of s ...) + NOT-FOR-US: InteraXon Muse 2 devices +CVE-2023-49281 (Calendarinho is an open source calendaring application to manage large ...) + NOT-FOR-US: Calendarinho +CVE-2023-49277 (dpaste is an open source pastebin application written in Python using ...) + NOT-FOR-US: dpaste, different from src:dpaste +CVE-2023-49276 (Uptime Kuma is an open source self-hosted monitoring tool. In affected ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-48887 (A deserialization vulnerability in Jupiter v1.3.1 allows attackers to ...) + NOT-FOR-US: Jupiter +CVE-2023-48886 (A deserialization vulnerability in NettyRpc v1.2 allows attackers to e ...) + NOT-FOR-US: NettyRpc +CVE-2023-48801 (In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file su ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48314 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2023-46746 (PostHog provides open-source product analytics, session recording, fea ...) + NOT-FOR-US: PostHog +CVE-2023-46174 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-44402 (Electron is an open source framework for writing cross-platform deskto ...) + - electron (bug #842420) +CVE-2023-44382 (October is a Content Management System (CMS) and web platform to assis ...) + NOT-FOR-US: October CMS +CVE-2023-44381 (October is a Content Management System (CMS) and web platform to assis ...) + NOT-FOR-US: October CMS +CVE-2023-43021 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2023-42022 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-42019 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2023-42009 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-40699 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2023-39257 (Dell Rugged Control Center, version prior to 4.7, contains an Improper ...) + NOT-FOR-US: Dell +CVE-2023-39256 (Dell Rugged Control Center, version prior to 4.7, contains an improper ...) + NOT-FOR-US: Dell +CVE-2023-6461 (Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/m ...) + NOT-FOR-US: minipaint +CVE-2023-6449 (The Contact Form 7 plugin for WordPress is vulnerable to arbitrary fil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5637 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...) + NOT-FOR-US: ArslanSoft Education Portal +CVE-2023-5636 (Unrestricted Upload of File with Dangerous Type vulnerability in Arsla ...) + NOT-FOR-US: ArslanSoft Education Portal +CVE-2023-5635 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) + NOT-FOR-US: ArslanSoft Education Portal +CVE-2023-5634 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: ArslanSoft Education Portal +CVE-2023-5427 (Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm ...) + NOT-FOR-US: Arm +CVE-2023-4518 (A vulnerability exists in the input validation of the GOOSE messages ...) + NOT-FOR-US: Hitachi +CVE-2023-49371 (RuoYi up to v4.6 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: RuoYi +CVE-2023-48893 (SQL injection vulnerability in Senayan Library Management Systems Slim ...) + NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian +CVE-2023-48842 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) + NOT-FOR-US: D-Link +CVE-2023-48813 (Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerab ...) + NOT-FOR-US: Senayan Library Management Systems (Slims) 9 Bulian +CVE-2023-45168 (IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2023-43015 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-42006 (IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could a ...) + NOT-FOR-US: IBM +CVE-2023-38268 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) + NOT-FOR-US: IBM +CVE-2023-6396 + - gitlab (Specific to EE) +CVE-2023-6442 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6440 (A vulnerability was found in SourceCodester Book Borrower System 1.0 a ...) + NOT-FOR-US: SourceCodester +CVE-2023-6033 (Improper neutralization of input in Jira integration configuration in ...) + - gitlab +CVE-2023-5995 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-5915 (A vulnerability of Uncontrolled Resource Consumption has been identifi ...) + NOT-FOR-US: Yokogawa Electric Corporation STARDOM +CVE-2023-5909 (KEPServerEX does not properly validate certificates from clients which ...) + NOT-FOR-US: KEPServerEX +CVE-2023-5908 (KEPServerEX is vulnerable to a buffer overflow which may allow an atta ...) + NOT-FOR-US: KEPServerEX +CVE-2023-5226 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab +CVE-2023-4912 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-4658 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-4317 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-49735 (** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleRes ...) + - tiles (unimportant; bug #1057315) + NOTE: https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p + NOTE: Negligible security impact as packaged in Debian +CVE-2023-48894 (Incorrect Access Control vulnerability in jshERP V3.3 allows attackers ...) + NOT-FOR-US: jshERP +CVE-2023-48016 (Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in ...) + NOT-FOR-US: Restaurant Table Booking System +CVE-2023-47454 (An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 fo ...) + NOT-FOR-US: NetEase CloudMusic +CVE-2023-47453 (An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 a ...) + NOT-FOR-US: Sohu Video Player +CVE-2023-47452 (An Untrusted search path vulnerability in notepad++ 6.5 allows local u ...) + NOT-FOR-US: notepad++ +CVE-2023-47307 (Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Techno ...) + NOT-FOR-US: Shenzhen Libituo +CVE-2023-47279 (In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability ...) + NOT-FOR-US: Delta Electronics +CVE-2023-47207 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) + NOT-FOR-US: Delta Electronics +CVE-2023-46956 (SQL injection vulnerability in Packers and Movers Management System v. ...) + NOT-FOR-US: Packers and Movers Management System +CVE-2023-46690 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) + NOT-FOR-US: Delta Electronics +CVE-2023-46389 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 Firmware ...) + NOT-FOR-US: LOYTEC +CVE-2023-46388 (LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerab ...) + NOT-FOR-US: LOYTEC +CVE-2023-46387 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware ...) + NOT-FOR-US: LOYTEC +CVE-2023-46386 (LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware ...) + NOT-FOR-US: LOYTEC +CVE-2023-46385 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...) + NOT-FOR-US: LOYTEC +CVE-2023-46384 (LOYTEC electronics GmbH LINX Configurator 7.4.10 is vulnerable to Inse ...) + NOT-FOR-US: LOYTEC +CVE-2023-46383 (LOYTEC electronics GmbH LINX Configurator 7.4.10 uses HTTP Basic Authe ...) + NOT-FOR-US: LOYTEC +CVE-2023-46326 (ZStack Cloud version 3.10.38 and before allows unauthenticated API acc ...) + NOT-FOR-US: ZStack Cloud +CVE-2023-45253 (An issue was discovered in Huddly HuddlyCameraService before version 8 ...) + NOT-FOR-US: Huddly HuddlyCameraService +CVE-2023-45252 (DLL Hijacking vulnerability in Huddly HuddlyCameraService before versi ...) + NOT-FOR-US: Huddly HuddlyCameraService +CVE-2023-43455 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-43454 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-43453 (An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B2 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-43089 (Dell Rugged Control Center, version prior to 4.7, contains insufficien ...) + NOT-FOR-US: Dell +CVE-2023-42917 (A memory corruption vulnerability was addressed with improved locking. ...) + {DSA-5575-1} + - webkit2gtk 2.42.3-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.3-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0011.html +CVE-2023-42916 (An out-of-bounds read was addressed with improved input validation. Th ...) + {DSA-5575-1} + - webkit2gtk 2.42.3-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.3-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0011.html +CVE-2023-3964 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3949 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3443 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-39226 (In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability ...) + NOT-FOR-US: Delta Electronics +CVE-2023-6439 (A vulnerability classified as problematic was found in ZenTao PMS 18.8 ...) + NOT-FOR-US: ZenTao PMS +CVE-2023-6438 (A vulnerability classified as problematic has been found in Thecosy Ic ...) + NOT-FOR-US: IceCMS +CVE-2023-6435 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6434 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6433 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6432 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6431 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6430 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6429 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6428 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6427 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6426 (A vulnerability has been discovered in BigProf Online Invoicing System ...) + NOT-FOR-US: BigProf Online Invoicing System +CVE-2023-6425 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) + NOT-FOR-US: BigProf Online Clinic Management System +CVE-2023-6424 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) + NOT-FOR-US: BigProf Online Clinic Management System +CVE-2023-6423 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) + NOT-FOR-US: BigProf Online Clinic Management System +CVE-2023-6422 (A vulnerability has been discovered in BigProf Online Clinic Managemen ...) + NOT-FOR-US: BigProf Online Clinic Management System +CVE-2023-6420 (A vulnerability has been reported in Voovi Social Networking Script ve ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6419 (A vulnerability has been reported in Voovi Social Networking Script ve ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6418 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6417 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6416 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6415 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6414 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6413 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6412 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6411 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6410 (A vulnerability has been reported in Voovi Social Networking Script th ...) + NOT-FOR-US: Voovi Social Networking Script +CVE-2023-6402 (A vulnerability, which was classified as critical, was found in PHPGur ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6401 (A vulnerability classified as problematic was found in NotePad++ up to ...) + NOT-FOR-US: NotePad++ +CVE-2023-6376 (Henschen & Associates court document management software does not suff ...) + NOT-FOR-US: Henschen & Associates court document management software +CVE-2023-6375 (Tyler Technologies Court Case Management Plus may store backups in a l ...) + NOT-FOR-US: Tyler Technologies Court Case Management Plus +CVE-2023-6360 (The 'My Calendar' WordPress Plugin, version < 3.4.22 is affected by an ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-6354 (Tyler Technologies Magistrate Court Case Management Plus allows an una ...) + NOT-FOR-US: Tyler Technologies Magistrate Court Case Management Plus +CVE-2023-6353 (Tyler Technologies Civil and Criminal Electronic Filing allows an unau ...) + NOT-FOR-US: Tyler Technologies Civil and Criminal Electronic Filing +CVE-2023-6352 (The default configuration of Aquaforest TIFF Server allows access to a ...) + NOT-FOR-US: Aquaforest TIFF Server +CVE-2023-6344 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...) + NOT-FOR-US: Tyler Technologies Court Case Management Plus +CVE-2023-6343 (Tyler Technologies Court Case Management Plus allows a remote, unauthe ...) + NOT-FOR-US: Tyler Technologies Court Case Management Plus +CVE-2023-6342 (Tyler Technologies Court Case Management Plus allows a remote attacker ...) + NOT-FOR-US: Tyler Technologies Court Case Management Plus +CVE-2023-6341 (Catalis (previously Icon Software) CMS360 allows a remote, unauthentic ...) + NOT-FOR-US: Catalis (previously Icon Software) CMS360 +CVE-2023-6137 (Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post ...) + NOT-FOR-US: finnj Frontier Post +CVE-2023-6136 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Bowo Debug Log Manager +CVE-2023-6071 (An Improper Neutralization of Special Elements used in a command vulne ...) + NOT-FOR-US: Trellix +CVE-2023-6027 (A critical flaw has been identified in elijaa/phpmemcachedadmin affect ...) + - phpmemcachedadmin (bug #776613) +CVE-2023-6026 (A Path traversal vulnerability has been reported in elijaa/phpmemcache ...) + - phpmemcachedadmin (bug #776613) +CVE-2023-5966 (An authenticated privileged attacker could upload a specially crafted ...) + NOT-FOR-US: EspoCRM +CVE-2023-5965 (An authenticated privileged attacker could upload a specially crafted ...) + NOT-FOR-US: EspoCRM +CVE-2023-5803 (Cross-Site Request Forgery (CSRF) vulnerability in Business Directory ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4770 (An uncontrolled search path element vulnerability has been found on 4D ...) + NOT-FOR-US: 4D.exe and 4D Server.exe +CVE-2023-48964 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/W ...) + NOT-FOR-US: Tenda +CVE-2023-48963 (Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/w ...) + NOT-FOR-US: Tenda +CVE-2023-48914 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-48913 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-48912 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-48812 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48811 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48810 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48808 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48807 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48806 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48805 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48804 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48803 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48802 (In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-48754 (Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Po ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48752 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48749 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48748 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48746 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48744 (Cross-Site Request Forgery (CSRF) vulnerability in Offshore Web Master ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48743 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48742 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48737 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48336 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48334 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48333 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48331 (Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyB ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48330 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Strand Bulk Co ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48329 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48328 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48326 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48323 (Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Tea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48321 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48317 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48289 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48284 (Cross-Site Request Forgery (CSRF) vulnerability in WebToffee Decorator ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48283 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48282 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Landonio Tax ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48281 (Cross-Site Request Forgery (CSRF) vulnerability in Super Blog Me Broke ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48279 (Cross-Site Request Forgery (CSRF) vulnerability in Seraphinite Solutio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48278 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP For ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48272 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47877 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47876 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47875 (Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47872 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47870 (Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47854 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47851 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47850 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47848 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47844 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47827 (Incorrect Authorization vulnerability in NicheAddons Events Addon for ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47777 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47645 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47521 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47505 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46820 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45834 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45609 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45066 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45050 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44150 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44143 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41735 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41128 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41127 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40680 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40674 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40662 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40600 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40211 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39921 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38474 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38400 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37972 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37890 (Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37868 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37867 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Yet ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36685 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36682 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force US ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36523 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36507 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34390 (An input validation vulnerability in the Schweitzer Engineering Labora ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-34389 (An allocation of resources without limits or throttling vulnerability ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-34388 (AnImproper Authentication vulnerability in the Schweitzer Engineering ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-34030 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34018 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33333 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49620 (Before DolphinScheduler version 3.1.0, the login user could delete UDF ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2023-49733 (Improper Restriction of XML External Entity Reference vulnerability in ...) + NOT-FOR-US: Apache Cocoon +CVE-2023-5772 (The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5247 (Malicious Code Execution Vulnerability due to External Control of File ...) + NOT-FOR-US: Mitsubishi +CVE-2023-4474 (The improper neutralization of special elements in the WSGI server of ...) + NOT-FOR-US: Zyxel +CVE-2023-4473 (A command injection vulnerability in the web server of the Zyxel NAS32 ...) + NOT-FOR-US: Zyxel +CVE-2023-49701 (Memory Corruption in SIM management while USIMPhase2init) + NOT-FOR-US: USIMPhase2init +CVE-2023-49700 (Security best practices violations, a string operation in Streamingmed ...) + NOT-FOR-US: ASR Falcon +CVE-2023-49699 (Memory Corruption in IMS while calling VoLTE Streamingmedia Interface) + NOT-FOR-US: ASR Falcon +CVE-2023-49694 (A low-privileged OS user with access to a Windows host where NETGEAR P ...) + NOT-FOR-US: NETGEAR +CVE-2023-49693 (NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol ...) + NOT-FOR-US: NETGEAR +CVE-2023-49097 (ZITADEL is an identity infrastructure system. ZITADEL uses the notific ...) + NOT-FOR-US: ZITADEL +CVE-2023-49095 (nexkey is a microblogging platform. Insufficient validation of Activit ...) + NOT-FOR-US: nexkey +CVE-2023-49094 (Symbolicator is a symbolication service for native stacktraces and min ...) + NOT-FOR-US: Symbolicator +CVE-2023-49087 (xml-security is a library that implements XML signatures and encryptio ...) + NOT-FOR-US: xml-security (SimpleSAMLphp library for XML Security) +CVE-2023-49082 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + - python-aiohttp 3.9.1-1 (bug #1057164) + [bookworm] - python-aiohttp (Minor issue) + [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (Minor issue, limited request smuggling) + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx + NOTE: https://github.com/aio-libs/aiohttp/commit/493f06797654c383242f0e8007f6e06b818a1fbc (master) + NOTE: https://github.com/aio-libs/aiohttp/commit/4075c653fb67a29740bf9ac050bb02d10a57343a (v3.9.0b1) +CVE-2023-49081 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + - python-aiohttp 3.9.1-1 (bug #1057163) + [bookworm] - python-aiohttp (Minor issue) + [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (Minor issue, limited request smuggling) + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2 + NOTE: https://github.com/aio-libs/aiohttp/pull/7835 + NOTE: https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b (master) + NOTE: https://github.com/aio-libs/aiohttp/commit/53476dfd4ef4fb1bb74a267714bbc39eda71b403 (v3.9.0rc0) +CVE-2023-49077 (Mailcow: dockerized is an open source groupware/email suite based on d ...) + NOT-FOR-US: Mailcow +CVE-2023-49076 (Customer-data-framework allows management of customer data within Pimc ...) + NOT-FOR-US: Pimcore +CVE-2023-49052 (File Upload vulnerability in Microweber v.2.0.4 allows a remote attack ...) + NOT-FOR-US: microweber +CVE-2023-48952 (An issue in the box_deserialize_reusing function in openlink virtuoso- ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1175 +CVE-2023-48951 (An issue in the box_equal function in openlink virtuoso-opensource v7. ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1177 +CVE-2023-48950 (An issue in the box_col_len function in openlink virtuoso-opensource v ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1174 +CVE-2023-48949 (An issue in the box_add function in openlink virtuoso-opensource v7.2. ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1173 +CVE-2023-48948 (An issue in the box_div function in openlink virtuoso-opensource v7.2. ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1176 +CVE-2023-48947 (An issue in the cha_cmp function of openlink virtuoso-opensource v7.2. ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1179 +CVE-2023-48946 (An issue in the box_mpy function of openlink virtuoso-opensource v7.2. ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1178 +CVE-2023-48945 (A stack overflow in openlink virtuoso-opensource v7.2.11 allows attack ...) + - virtuoso-opensource (bug #1059062) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1172 +CVE-2023-47464 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...) + NOT-FOR-US: GL.iNet AX1800 +CVE-2023-47463 (Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 bef ...) + NOT-FOR-US: GL.iNet AX1800 +CVE-2023-47418 (Remote Code Execution (RCE) vulnerability in o2oa version 8.1.2 and be ...) + NOT-FOR-US: p2pa +CVE-2023-40458 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...) + NOT-FOR-US: Sierra Wireless +CVE-2023-3741 (An OS Command injection vulnerability in NEC Platforms DT900 and DT900 ...) + NOT-FOR-US: NEC +CVE-2023-37928 (A post-authentication command injection vulnerability in the WSGI serv ...) + NOT-FOR-US: Zyxel +CVE-2023-37927 (The improper neutralization of special elements in the CGI program of ...) + NOT-FOR-US: Zyxel +CVE-2023-35138 (A command injection vulnerability in the \u201cshow_zysync_server_cont ...) + NOT-FOR-US: Zyxel +CVE-2023-35137 (An improper authentication vulnerability in the authentication module ...) + NOT-FOR-US: Zyxel +CVE-2023-6378 (A serialization vulnerability in logback receiver component part of l ...) + - logback 1:1.2.11-5 (bug #1057423) + [bookworm] - logback (Minor issue) + [bullseye] - logback (Minor issue) + [buster] - logback (Minor issue, DoS) + NOTE: https://logback.qos.ch/news.html#1.3.12 + NOTE: Fixed by: https://github.com/qos-ch/logback/commit/b8eac23a9de9e05fb6d51160b3f46acd91af9731 (v_1.3.12) + NOTE: Fixed by: https://github.com/qos-ch/logback/commit/bb095154be011267b64e37a1d401546e7cc2b7c3 (v_1.2.13) + NOTE: Only exploitable if logback receiver component is deployed: + NOTE: https://logback.qos.ch/manual/receivers.html + NOTE: When fixing the issue make sure to to not introduce CVE-2023-6481 which is + NOTE: assigned for an incomplete fix for CVE-2023-6378. +CVE-2023-6218 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-6217 (In Progress MOVEit Transfer versions released before 2022.0.9 (14.0.9) ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-6070 (A server-side request forgery vulnerability in ESM prior to version 11 ...) + NOT-FOR-US: Trellix +CVE-2023-49091 (Cosmos provides users the ability self-host a home server by acting as ...) + NOT-FOR-US: Cosmos +CVE-2023-49090 (CarrierWave is a solution for file uploads for Rails, Sinatra and othe ...) + NOT-FOR-US: CarrierWave +CVE-2023-49083 (cryptography is a package designed to expose cryptographic primitives ...) + - python-cryptography (bug #1057108) + [bookworm] - python-cryptography (Minor issue) + [bullseye] - python-cryptography (Minor issue) + [buster] - python-cryptography (Vulnerable code introduced later) + NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97 + NOTE: https://github.com/pyca/cryptography/pull/9926 + NOTE: https://github.com/pyca/cryptography/commit/1e7b4d074e14c4e694d3ce69ad6754a6039fd6ff (main) + NOTE: https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a (41.0.6) +CVE-2023-49079 (Misskey is an open source, decentralized social media platform. Misske ...) + NOT-FOR-US: Misskey +CVE-2023-48882 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) + NOT-FOR-US: EyouCMS +CVE-2023-48881 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) + NOT-FOR-US: EyouCMS +CVE-2023-48880 (A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UT ...) + NOT-FOR-US: EyouCMS +CVE-2023-44383 (October is a Content Management System (CMS) and web platform to assis ...) + NOT-FOR-US: October CMS +CVE-2023-40626 (The language file parsing process could be manipulated to expose envir ...) + NOT-FOR-US: Joomla! +CVE-2023-49674 (A missing permission check in Jenkins NeuVector Vulnerability Scanner ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49673 (A cross-site request forgery (CSRF) vulnerability in Jenkins NeuVector ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49656 (Jenkins MATLAB Plugin 2.11.0 and earlier does not configure its XML pa ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49655 (A cross-site request forgery (CSRF) vulnerability in Jenkins MATLAB Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49654 (Missing permission checks in Jenkins MATLAB Plugin 2.11.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49653 (Jenkins Jira Plugin 3.11 and earlier does not set the appropriate cont ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49652 (Incorrect permission checks in Jenkins Google Compute Engine Plugin 4. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-49092 (RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a ...) + - rust-rsa (bug #1057096) + NOTE: https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr + NOTE: https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0071.html + NOTE: https://people.redhat.com/~hkario/marvin/ +CVE-2023-48193 (Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows ...) + NOT-FOR-US: JumpServer +CVE-2023-47462 (Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and befor ...) + NOT-FOR-US: GL.iNet AX1800 +CVE-2023-46944 (An issue in GitKraken GitLens before v.14.0.0 allows an attacker to ex ...) + NOT-FOR-US: GitKraken GitLens +CVE-2023-46887 (In Dreamer CMS before 4.0.1, the backend attachment management office ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-46886 (Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45484 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-45483 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-45482 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-45481 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-45480 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-45479 (Tenda AC10 version US_AC10V4.0si_V16.03.10.13_cn was discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-6351 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6350 (Use after free in libavif in Google Chrome prior to 119.0.6045.199 all ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6348 (Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6347 (Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowe ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6346 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 al ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6345 (Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allo ...) + {DSA-5569-1} + - chromium 119.0.6045.199-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6359 (A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LM ...) + NOT-FOR-US: Alumne LMS +CVE-2023-6239 (Under rare conditions, the effective permissions of an object might be ...) + NOT-FOR-US: M-Files +CVE-2023-6201 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Univera Computer System Panorama +CVE-2023-6151 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...) + NOT-FOR-US: ESKOM Computer e-municipality module +CVE-2023-6150 (Improper Privilege Management vulnerability in ESKOM Computer e-munici ...) + NOT-FOR-US: ESKOM Computer e-municipality module +CVE-2023-49314 (Asana Desktop 2.1.0 on macOS allows code injection because of specific ...) + NOT-FOR-US: Asana Desktop +CVE-2023-49313 (A dylib injection vulnerability in XMachOViewer 0.04 allows attackers ...) + NOT-FOR-US: XMachOViewer +CVE-2023-49078 (raptor-web is a CMS for game server communities that can be used to ho ...) + NOT-FOR-US: raptor-web CMS +CVE-2023-49062 (Katran could disclose non-initialized kernel memory as part of an IP h ...) + NOT-FOR-US: Katran +CVE-2023-48848 (An arbitrary file read vulnerability in ureport v2.2.9 allows a remote ...) + NOT-FOR-US: ureport +CVE-2023-48121 (An authentication bypass vulnerability in the Direct Connection Module ...) + NOT-FOR-US: Direct Connection Module in Ezviz +CVE-2023-48042 (Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing fi ...) + NOT-FOR-US: Amazzing Filter for Prestashop +CVE-2023-45539 (HAProxy before 2.8.2 accepts # as part of the URI component, which mig ...) + {DLA-3688-1} + - haproxy 2.6.15-1 + NOTE: https://lists.w3.org/Archives/Public/ietf-http-wg/2023JulSep/0070.html + NOTE: https://github.com/haproxy/haproxy/commit/2eab6d354322932cfec2ed54de261e4347eca9a6 (v2.9-dev3) + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=832b672eee54866c7a42a1d46078cc9ae0d544d9 (v2.6.15) + NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=178cea76b1c9d9413afa6961b6a4576fcb5b26fa (v2.2.31) +CVE-2023-45286 (A race condition in go-resty can result in HTTP request body disclosur ...) + - golang-github-go-resty-resty (bug #1057226) + [bookworm] - golang-github-go-resty-resty (Minor issue) + [bullseye] - golang-github-go-resty-resty (Minor issue) + NOTE: https://github.com/go-resty/resty/issues/743 + NOTE: https://github.com/go-resty/resty/issues/739 + NOTE: https://github.com/go-resty/resty/pull/745 +CVE-2023-42505 (An authenticated user with read permissions on database connections me ...) + NOT-FOR-US: Apache Superset +CVE-2023-42504 (An authenticated malicious user could initiate multiple concurrent req ...) + NOT-FOR-US: Apache Superset +CVE-2023-42502 (An authenticated attacker with update datasets permission could change ...) + NOT-FOR-US: Apache Superset +CVE-2023-42004 (IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable t ...) + NOT-FOR-US: IBM +CVE-2023-41264 (Netwrix Usercube before 6.0.215, in certain misconfigured on-premises ...) + NOT-FOR-US: Netwrix Usercube +CVE-2023-40056 (SQL Injection Remote Code Vulnerability was found in the SolarWinds Pl ...) + NOT-FOR-US: SolarWinds +CVE-2023-34055 (In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, ...) + NOT-FOR-US: Spring Boot +CVE-2023-46589 (Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 1 ...) + - tomcat10 10.1.16-1 (bug #1057082) + [bookworm] - tomcat10 (Minor issue, fix along in next DSA) + - tomcat9 9.0.70-2 + [bullseye] - tomcat9 (Minor issue, fix along in next DSA) + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2023/11/28/2 + NOTE: https://github.com/apache/tomcat/commit/b5776d769bffeade865061bc8ecbeb2b56167b08 (10.1.16) + NOTE: https://github.com/apache/tomcat/commit/7a2d8818fcea0b51747a67af9510ce7977245ebd (9.0.83) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2024-0070 + REJECTED +CVE-2024-0069 + REJECTED +CVE-2023-6226 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6225 (The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6219 (The BookingPress plugin for WordPress is vulnerable to arbitrary file ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5960 (An improper privilege management vulnerability in the hotspot feature ...) + NOT-FOR-US: Zyxel +CVE-2023-5885 (The discontinued FFS Colibri product allows a remote user to access fi ...) + NOT-FOR-US: FFS Colibri +CVE-2023-5797 (An improper privilege management vulnerability in the debug CLI comman ...) + NOT-FOR-US: Zyxel +CVE-2023-5773 + REJECTED +CVE-2023-5650 (An improper privilege management vulnerability in the ZySH of the Zyxe ...) + NOT-FOR-US: Zyxel +CVE-2023-4667 (The web interface of the PAC Device allows the device administrator us ...) + NOT-FOR-US: SIGMA +CVE-2023-4398 (An integer overflow vulnerability in the source code of the QuickSec I ...) + NOT-FOR-US: Zyxel +CVE-2023-4397 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) + NOT-FOR-US: Zyxel +CVE-2023-4226 (Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4225 (Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Cham ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4224 (Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chami ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4223 (Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Cham ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4222 (Command injection in `main/lp/openoffice_text_document.class.php` in C ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4221 (Command injection in `main/lp/openoffice_presentation.class.php` in Ch ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-4220 (Unrestricted file upload in big file upload functionality in `/main/in ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-49145 (Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Process ...) + NOT-FOR-US: Apache NiFi +CVE-2023-49075 (The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBund ...) + NOT-FOR-US: Admin Classic Bundle for Pimcore +CVE-2023-49044 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) + NOT-FOR-US: Tenda +CVE-2023-49030 (SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows ...) + NOT-FOR-US: in32ns KLive +CVE-2023-48713 (Knative Serving builds on Kubernetes to support deploying and serving ...) + NOT-FOR-US: Knative +CVE-2023-48188 (SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4 ...) + NOT-FOR-US: PrestaShop opartdevis +CVE-2023-48034 (An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker ...) + NOT-FOR-US: Acer +CVE-2023-48023 (Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor' ...) + NOT-FOR-US: Anyscale Ray +CVE-2023-48022 (Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbit ...) + NOT-FOR-US: Anyscale Ray +CVE-2023-47503 (An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to exec ...) + NOT-FOR-US: jflyfox jfinalCMS +CVE-2023-47437 (A vulnerability has been identified in Pachno 1.0.6 allowing an authen ...) + NOT-FOR-US: Pachno +CVE-2023-46480 (An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitr ...) + NOT-FOR-US: Owncast +CVE-2023-46355 (In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for P ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46349 (In the module "Product Catalog (CSV, Excel) Export/Update" (updateprod ...) + NOT-FOR-US: PrestaShop module +CVE-2023-42366 (A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_ ...) + - busybox (bug #1059053) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=15874 +CVE-2023-42365 (A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via ...) + - busybox (bug #1059052) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=15871 +CVE-2023-42364 (A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to ...) + - busybox (bug #1059051) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=15868 +CVE-2023-42363 (A use-after-free vulnerability was discovered in xasprintf function in ...) + - busybox (bug #1059050) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=15865 +CVE-2023-3545 (Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-3533 (Path traversal in file upload functionality in `/main/webservices/addi ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-3368 (Command injection in `/main/webservices/additional_webservices.php` in ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37926 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) + NOT-FOR-US: Zyxel +CVE-2023-37925 (An improper privilege management vulnerability in the debug CLI comman ...) + NOT-FOR-US: Zyxel +CVE-2023-35139 (A cross-site scripting (XSS) vulnerability in the CGI program of the Z ...) + NOT-FOR-US: Zyxel +CVE-2023-35136 (An improper input validation vulnerability in the \u201cQuagga\u201d p ...) + NOT-FOR-US: Zyxel +CVE-2023-34054 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...) + NOT-FOR-US: Reactor Netty HTTP Server +CVE-2023-34053 (In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user ...) + - libspring-java (Only affects 6.x) +CVE-2023-32065 (OroCommerce is an open-source Business to Business Commerce applicatio ...) + NOT-FOR-US: OroCommerce +CVE-2023-32064 (OroCommerce package with customer portal and non authenticated visitor ...) + NOT-FOR-US: OroCommerce +CVE-2023-32063 (OroCalendarBundle enables a Calendar feature and related functionality ...) + NOT-FOR-US: OroCalendarBundle +CVE-2023-32062 (OroPlatform is a package that assists system and user calendar managem ...) + NOT-FOR-US: OroPlatform +CVE-2023-6329 (An authentication bypass vulnerability exists in Control iD iDSecure v ...) + NOT-FOR-US: Control iD iDSecure +CVE-2023-6287 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...) + - check-mk +CVE-2023-6254 (A Vulnerability in OTRS AgentInterface and ExternalInterface allows th ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x +CVE-2023-6202 (Mattermost fails to perform proper authorization in the /plugins/focal ...) + - mattermost-server (bug #823556) +CVE-2023-5974 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to server ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5958 (The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape ema ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5942 (The Medialist WordPress plugin before 1.4.1 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5906 (The Job Manager & Career WordPress plugin before 1.4.4 contains a vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5845 (The Simple Social Media Share Buttons WordPress plugin before 5.1.1 le ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5738 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5737 (The WordPress Backup & Migration WordPress plugin before 1.4.4 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5653 (The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5641 (The Martins Free & Easy SEO BackLink Link Building Network WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5620 (The Web Push Notifications WordPress plugin before 4.35.0 does not pre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5616 [gnome-control-center incorrectly claims remote login is off] + - gnome-control-center (bug #1058624) + [bookworm] - gnome-control-center (Minor issue) + [bullseye] - gnome-control-center (Minor issue) + [buster] - gnome-control-center (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577 + NOTE: https://gitlab.gnome.org/GNOME/gnome-control-center/-/merge_requests/2092 + NOTE: TODO: check, potentially same incorrect checking of service and socket status in budgie-control-center +CVE-2023-5611 (The Seraphinite Accelerator WordPress plugin before 2.20.32 does not h ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5607 (An improper limitation of a path name to a restricted directory (path ...) + NOT-FOR-US: Trellix +CVE-2023-5604 (The Asgaros Forum WordPress plugin before 2.7.1 allows forum administr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5560 (The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5559 (The 10Web Booster WordPress plugin before 2.24.18 does not validate th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5525 (The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is m ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5325 (The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5239 (The Security & Malware scan by CleanTalk WordPress plugin before 2.121 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5209 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4931 (Uncontrolled search path element vulnerability in Plesk Installer affe ...) + NOT-FOR-US: Plesk Installer +CVE-2023-4922 (The WPB Show Core WordPress plugin through 2.2 is vulnerable to a loca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4642 (The kk Star Ratings WordPress plugin before 5.4.6 does not implement a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4590 (Buffer overflow vulnerability in Frhed hex editor, affecting version 1 ...) + NOT-FOR-US: Frhed +CVE-2023-4514 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price of a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-49316 (In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively larg ...) + - php-phpseclib3 3.0.34-1 (bug #1057008) + [bookworm] - php-phpseclib3 3.0.19-1+deb12u1 + NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f (3.0.34) + TODO: check if affecting ldap-account-manager or unused path +CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parame ...) + NOT-FOR-US: Tenda +CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) + NOT-FOR-US: Tenda +CVE-2023-49043 (Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remot ...) + NOT-FOR-US: Tenda +CVE-2023-49042 (Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...) + NOT-FOR-US: Tenda +CVE-2023-49040 (An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute ...) + NOT-FOR-US: Tenda +CVE-2023-49029 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) + NOT-FOR-US: smpn1smg absis +CVE-2023-49028 (Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and ...) + NOT-FOR-US: smpn1smg absis +CVE-2023-48369 (Mattermost fails to limit the log size of server logs allowing an atta ...) + - mattermost-server (bug #823556) +CVE-2023-48268 (Mattermost fails tolimit the amount of data extracted from compressed ...) + - mattermost-server (bug #823556) +CVE-2023-47865 (Mattermost fails to check if hardened mode is enabled when overriding ...) + - mattermost-server (bug #823556) +CVE-2023-47168 (Mattermost fails to properly check a redirect URL parameter allowing f ...) + - mattermost-server (bug #823556) +CVE-2023-45223 (Mattermost fails to properly validate the "Show Full Name" option in a ...) + - mattermost-server (bug #823556) +CVE-2023-43754 (Mattermost fails to check whether the \u201cAllow users to view archiv ...) + - mattermost-server (bug #823556) +CVE-2023-42000 (Arcserve UDP prior to 9.2 contains a path traversal vulnerability in c ...) + NOT-FOR-US: Arcserve +CVE-2023-41999 (An authentication bypass exists in Arcserve UDP prior to version 9.2. ...) + NOT-FOR-US: Arcserve +CVE-2023-41998 (Arcserve UDP prior to 9.2 contained a vulnerability in thecom.ca.arcfl ...) + NOT-FOR-US: Arcserve +CVE-2023-41257 (A type confusion vulnerability exists in the way Foxit Reader 12.1.2.1 ...) + NOT-FOR-US: Foxit Reader +CVE-2023-40703 (Mattermost fails to properly limit the characters allowed in different ...) + - mattermost-server (bug #823556) +CVE-2023-40194 (An arbitrary file creation vulnerability exists in the Javascript expo ...) + NOT-FOR-US: Foxit Reader +CVE-2023-39542 (A code execution vulnerability exists in the Javascript saveAs API of ...) + NOT-FOR-US: Foxit Reader +CVE-2023-38573 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) + NOT-FOR-US: Foxit Reader +CVE-2023-35985 (An arbitrary file creation vulnerability exists in the Javascript expo ...) + NOT-FOR-US: Foxit Reader +CVE-2023-35075 (Mattermost fails to use innerText /textContentwhen setting the channel ...) + - mattermost-server (bug #823556) +CVE-2023-32616 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) + NOT-FOR-US: Foxit Reader +CVE-2023-31275 (An uninitialized pointer use vulnerability exists in the functionality ...) + NOT-FOR-US: WPS Office +CVE-2023-2707 (The gAppointments WordPress plugin through 1.9.5.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43701 (Improper payload validation and an improper REST API response type, ma ...) + NOT-FOR-US: Apache Superset +CVE-2023-42501 (Unnecessary read permissions within the Gamma role would allow authent ...) + NOT-FOR-US: Apache Superset +CVE-2023-40610 (Improper authorization check and possible privilege escalation on Apac ...) + NOT-FOR-US: Apache Superset +CVE-2023-6313 (A vulnerability was found in SourceCodester URL Shortener 1.0. It has ...) + NOT-FOR-US: SourceCodester URL Shortener +CVE-2023-6312 (A vulnerability was found in SourceCodester Loan Management System 1.0 ...) + NOT-FOR-US: SourceCodester Loan Management System +CVE-2023-6311 (A vulnerability was found in SourceCodester Loan Management System 1.0 ...) + NOT-FOR-US: SourceCodester Loan Management System +CVE-2023-6310 (A vulnerability has been found in SourceCodester Loan Management Syste ...) + NOT-FOR-US: SourceCodester Loan Management System +CVE-2023-6309 (A vulnerability, which was classified as critical, was found in moses- ...) + NOT-FOR-US: Moses +CVE-2023-6308 (A vulnerability, which was classified as critical, has been found in X ...) + NOT-FOR-US: Xiamen Four-Faith Video Surveillance Management System +CVE-2023-6307 (A vulnerability classified as critical was found in jeecgboot JimuRepo ...) + NOT-FOR-US: jeecgboot JimuReport +CVE-2023-6306 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System +CVE-2023-6305 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) + NOT-FOR-US: SourceCodester Free and Open Source Inventory Management System +CVE-2023-6304 (A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-R ...) + NOT-FOR-US: Tecno 4G Portable WiFi TR118 +CVE-2023-6303 (A vulnerability was found in CSZCMS 1.3.0. It has been classified as p ...) + NOT-FOR-US: CSZCMS +CVE-2023-6302 (A vulnerability was found in CSZCMS 1.3.0 and classified as critical. ...) + NOT-FOR-US: CSZCMS +CVE-2023-6301 (A vulnerability has been found in SourceCodester Best Courier Manageme ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-6300 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-6299 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Apryse iText +CVE-2023-6298 (A vulnerability classified as problematic was found in Apryse iText 8. ...) + NOT-FOR-US: Apryse iText +CVE-2023-6297 (A vulnerability classified as problematic has been found in PHPGurukul ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6296 (A vulnerability was found in osCommerce 4. It has been rated as proble ...) + NOT-FOR-US: osCommerce +CVE-2023-49322 (Certain WithSecure products allow a Denial of Service because there is ...) + NOT-FOR-US: WithSecure +CVE-2023-49321 (Certain WithSecure products allow a Denial of Service because scanning ...) + NOT-FOR-US: WithSecure +CVE-2023-49312 (Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3 ...) + NOT-FOR-US: Precision Bridge +CVE-2023-47039 + - perl (Windows specific issue) +CVE-2023-47038 (A vulnerability was found in perl. This issue occurs when a crafted re ...) + - perl 5.36.0-10 (bug #1056746) + [bookworm] - perl 5.36.0-7+deb12u1 + [bullseye] - perl (Minor issue; can be fixed via point release) + [buster] - perl (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 (v5.34.2) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 (v5.36.2) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/92a9eb3d0d52ec7655c1beb29999a5a5219be664 (v5.38.1) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 (bleed) +CVE-2023-46671 (An issue was discovered by Elastic whereby sensitive information may b ...) + - kibana (bug #700337) +CVE-2023-6293 (Prototype Pollution in GitHub repository robinbuschmann/sequelize-type ...) + NOT-FOR-US: sequelize-typescript +CVE-2023-6277 (An out-of-memory flaw was found in libtiff. Passing a crafted tiff fil ...) + - tiff 4.5.1+git230720-2 (bug #1056751) + [bookworm] - tiff (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) + [bullseye] - tiff (Minor issue; will cause compatibility issue with libimager-perl, cf #1057270) + [buster] - tiff (Minor issue; OOM DoS) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/614 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/545 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/5320c9d89c054fa805d037d84c57da874470b01a + NOTE: Updating with fix for CVE-2023-6277 will cause a regression in libimager-perl, cf. + NOTE: https://bugs.debian.org/1057270 +CVE-2023-6276 (A vulnerability classified as critical has been found in Tongda OA 201 ...) + NOT-FOR-US: Tongda OA +CVE-2023-6275 (A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1. ...) + NOT-FOR-US: TOTVS Fluig Platform +CVE-2023-6274 (A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. ...) + NOT-FOR-US: Beijing Baichuo Smart S80 +CVE-2023-6251 (Cross-site Request Forgery (CSRF) in Checkmk < 2.2.0p15, < 2.1.0p37, < ...) + - check-mk +CVE-2023-49298 (OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios i ...) + - zfs-linux 2.1.14-1 (bug #1056752) + [bookworm] - zfs-linux (contrib not supported) + [bullseye] - zfs-linux (contrib not supported) + NOTE: https://github.com/openzfs/zfs/issues/15526 + NOTE: https://github.com/openzfs/zfs/pull/15571 +CVE-2023-48712 (Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux ...) + NOT-FOR-US: Warpgate +CVE-2023-48711 (google-translate-api-browser is an npm package which interfaces with t ...) + NOT-FOR-US: google-translate-api-browser Node.js module +CVE-2023-48708 (CodeIgniter Shield is an authentication and authorization provider for ...) + NOT-FOR-US: CodeIgniter Shield +CVE-2023-48707 (CodeIgniter Shield is an authentication and authorization provider for ...) + NOT-FOR-US: CodeIgniter Shield +CVE-2023-48312 (capsule-proxy is a reverse proxy for the capsule operator project. Aff ...) + NOT-FOR-US: capsule-proxy (reverse proxy for Capsule) +CVE-2023-46575 (A SQL injection vulnerability exists in Meshery prior to version v0.6. ...) + NOT-FOR-US: Meshery +CVE-2023-38914 + REJECTED +CVE-2023-49068 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2023-49216 (Usedesk before 1.7.57 allows profile stored XSS.) + NOT-FOR-US: Usedesk +CVE-2023-49215 (Usedesk before 1.7.57 allows filter reflected XSS.) + NOT-FOR-US: Usedesk +CVE-2023-49214 (Usedesk before 1.7.57 allows chat template injection.) + NOT-FOR-US: Usedesk +CVE-2023-49213 (The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 ...) + NOT-FOR-US: Ironman PowerShell Universal +CVE-2023-48796 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2023-47529 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: ThemeIsle Cloud Templates & Patterns collection +CVE-2023-47244 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Omnisend Email Marketing for WooCommerce by Omnisend +CVE-2023-44303 (RVTools, Version 3.9.2 and above, contain a sensitive data exposure vu ...) + NOT-FOR-US: Dell +CVE-2023-33706 (SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks ...) + NOT-FOR-US: SysAid +CVE-2023-6118 (Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allow ...) + NOT-FOR-US: Neutron IP Camera +CVE-2023-5972 (A null pointer dereference flaw was found in the nft_inner.c functiona ...) + - linux 6.5.10-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/505ce0630ad5d31185695f8a29dde8d29f28faa7 (6.6-rc7) + NOTE: https://git.kernel.org/linus/52177bbf19e6e9398375a148d2e13ed492b40b80 (6.6-rc7) +CVE-2023-4677 (Cron log backup files contain administrator session IDs. It is trivial ...) + NOT-FOR-US: Pandora FMS Console +CVE-2023-4595 (An information exposure vulnerability has been found, the exploitation ...) + NOT-FOR-US: SLmail +CVE-2023-4594 (Stored XSS vulnerability. This vulnerability could allow an attacker t ...) + NOT-FOR-US: SLmail +CVE-2023-4593 (Path traversal vulnerability whose exploitation could allow an authent ...) + NOT-FOR-US: SLmail +CVE-2023-4406 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: KC Group E-Commerce Software +CVE-2023-49210 (The openssl (aka node-openssl) NPM package through 2.0.0 was character ...) + NOT-FOR-US: malicious node module +CVE-2023-49208 (scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible b ...) + - glewlwyd 2.7.6+ds-1 + [bookworm] - glewlwyd (Minor issue) + [bullseye] - glewlwyd (Minor issue) + [buster] - glewlwyd (Vulnerable code not present) + NOTE: https://github.com/babelouest/glewlwyd/commit/f9d8c06aae8dfe17e761b18b577ff169e059e812 (v2.7.6) +CVE-2023-41812 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41808 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41807 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41806 (Improper Privilege Management vulnerability in Pandora FMS on all allo ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41792 (Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41790 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41789 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41788 (Unrestricted Upload of File with Dangerous Type vulnerability in Pando ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41787 (Uncontrolled Search Path Element vulnerability in Pandora FMS on all a ...) + NOT-FOR-US: Pandora FMS +CVE-2023-41786 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Pandora FMS +CVE-2023-3631 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Medart Health Services Medart Notification Panel +CVE-2023-3377 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Veribilim Software Computer Veribase +CVE-2023-33202 (Bouncy Castle for Java before 1.73 contains a potential Denial of Serv ...) + - bouncycastle 1.77-1 (bug #1056754) + [bookworm] - bouncycastle (Minor issue) + [bullseye] - bouncycastle (Minor issue) + NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33202 + NOTE: Fixed by https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c (r1rv73) +CVE-2023-43123 (On unix-like systems, the temporary directory is shared between all us ...) + NOT-FOR-US: Apache Storm +CVE-2023-49146 (DOMSanitizer (aka dom-sanitizer) before 1.0.7 allows XSS via an SVG do ...) + NOT-FOR-US: dom-sanitizer +CVE-2023-49102 (NZBGet 21.1 allows authenticated remote code execution because the una ...) + NOT-FOR-US: NZBGet +CVE-2023-48107 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...) + - zlib-ng (bug #1002056) +CVE-2023-48105 (An heap overflow vulnerability was discovered in Bytecode alliance was ...) + NOT-FOR-US: wasm-micro-runtime +CVE-2023-47839 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47835 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47834 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47833 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47831 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47829 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47821 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47817 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47816 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47815 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47814 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47813 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47812 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47811 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47810 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47809 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47808 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47790 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47786 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47773 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47768 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47767 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47668 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44290 (Dell Command | Monitor versions prior to 10.10.0, contain an improper ...) + NOT-FOR-US: Dell +CVE-2023-44289 (Dell Command | Configure versions prior to 4.11.0, contain an improper ...) + NOT-FOR-US: Dell +CVE-2023-43086 (Dell Command | Configure, versions prior to 4.11.0, contains an improp ...) + NOT-FOR-US: Dell +CVE-2023-41140 (A maliciously crafted PRT file when parsed through Autodesk AutoCAD 20 ...) + NOT-FOR-US: Autodesk +CVE-2023-41139 (A maliciously crafted STP file when parsed through Autodesk AutoCAD 20 ...) + NOT-FOR-US: Autodesk +CVE-2023-40002 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-39253 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...) + NOT-FOR-US: Dell +CVE-2023-48706 (Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-a ...) + - vim (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q + NOTE: Fixed by: https://github.com/vim/vim/commit/26c11c56888d01e298cd8044caf8 (v9.0.2121) + NOTE: Crash in CLI tool, no security impact +CVE-2023-6265 (** UNSUPPORTED WHEN ASSIGNED ** Draytek Vigor2960 v1.5.1.4 and v1.5.1. ...) + NOT-FOR-US: Draytek Vigor2960 +CVE-2023-6264 (Information leak in Content-Security-Policy header in Devolutions Serv ...) + NOT-FOR-US: Devolutions Server +CVE-2023-6263 (An issue was discovered by IPVM team in Network Optix NxCloud before 2 ...) + NOT-FOR-US: Network Optix NxCloud +CVE-2023-6253 (A saved encryption key in the Uninstaller in Digital Guardian's Agent ...) + NOT-FOR-US: Digital Guardian's Agent +CVE-2023-6252 (Path traversal vulnerability in Chalemelon Power framework, affecting ...) + NOT-FOR-US: Chalemelon Power framework +CVE-2023-6189 (Missing access permissions checks inthe M-Files serverbefore 23.11.1 ...) + NOT-FOR-US: M-Files +CVE-2023-6164 (The MainWP Dashboard \u2013 WordPress Manager for Multiple Websites M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6160 (The LifterLMS \u2013 WordPress LMS Plugin for eLearning plugin for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6157 (Improper neutralization of livestatus command delimiters in ajax_searc ...) + - check-mk +CVE-2023-6156 (Improper neutralization of livestatus command delimiters in the availa ...) + - check-mk +CVE-2023-6117 (A possibility of unwanted server memory consumption was detected throu ...) + NOT-FOR-US: M-Files +CVE-2023-6011 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: DECE Software Geodi +CVE-2023-6009 (The UserPro plugin for WordPress is vulnerable to privilege escalation ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6008 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6007 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6918 (A flaw was found in the libssh implements abstract layer for message d ...) + - libssh (bug #1059059) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/610d7a09f99c601224ae2aa3d3de7e75b1d284dd (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/63ff242131c8e6d98917456f71f6d33b9ef3a763 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8b66d037d575e5f3ce4d35964547ff8c7e75ff8e (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8977e246b6d7ae467cab008a49e0a9e3d84bc2a0 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/622421018b58392ffecc29726b947e089b678221 (libssh-0.10.6) +CVE-2023-6004 + - libssh (bug #1059061) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c2c56bacab00766d01671413321d564227aabf19 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/a66b4a6eae6614d200a3625862d77565b96a7cd3 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/8615c24647f773a5e04203c7459512715d698be1 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/c6180409677c765e6b9ae2b18a3a7a9671ac1dbe (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/9bbb817c0c5434f03613d0783b2ef5f52235b901 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/22492b69bba22b102342afc574800d354a08e405 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/d7467498fd988949edde9c6384973250fd454a8b (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/62d3101c1f76b6891b70c50154e0e934d6b8cb57 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/cea841d71c025f9c998b7d5fc9f2a2839df62921 (libssh-0.10.6) + NOTE: https://gitlab.com/libssh/libssh-mirror/-/commit/2c492ee179d5caa2718c5e768bab6e0b2b64a8b0 (libssh-0.10.6) +CVE-2023-5983 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Botanik Software Pharmacy Automation +CVE-2023-5921 (Improper Enforcement of Behavioral Workflow vulnerability in DECE Soft ...) + NOT-FOR-US: DECE Software Geodi +CVE-2023-5822 (The Drag and Drop Multiple File Upload - Contact Form 7 plugin for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5815 (The News & Blog Designer Pack \u2013 WordPress Blog Plugin \u2014 (Blo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5742 (The EasyRotator for WordPress plugin for WordPress is vulnerable to St ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5715 (The Website Optimization \u2013 Plerdy plugin for WordPress is vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5708 (The WP Post Columns plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5706 (The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5704 (The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5667 (The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5664 (The Garden Gnome Package plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5662 (The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5537 (The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5469 (The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5466 (The Wp anything slider plugin for WordPress is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5465 (The Popup with fancybox plugin for WordPress is vulnerable to SQL Inje ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5419 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5417 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5416 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5415 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5411 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5387 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5386 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5385 (The Funnelforms Free plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5383 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5382 (The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5338 (The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5314 (The WP EXtra plugin for WordPress is vulnerable to unauthorized access ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5234 (The Related Products for WooCommerce plugin for WordPress is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5163 (The Weather Atlas Widget plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5128 (The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5096 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5048 (The WDContactFormBuilder plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: DRD Fleet Leasing DRDrive +CVE-2023-4726 (The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4686 (The WP Customer Reviews plugin for WordPress is vulnerable to Sensitiv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48705 (Nautobot is a Network Source of Truth and Network Automation Platform ...) + NOT-FOR-US: Nautobot +CVE-2023-48646 (Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-48106 (Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an ...) + - zlib-ng (bug #1002056) +CVE-2023-47825 (Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra pl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47824 (Cross-Site Request Forgery (CSRF) vulnerability in wpWax Legal Pages \ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47819 (Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47792 (Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Bi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47791 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47785 (Cross-Site Request Forgery (CSRF) vulnerability in LayerSlider plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47781 (Cross-Site Request Forgery (CSRF) vulnerability in Thrive Themes Thriv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47775 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team Comme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47765 (Cross-Site Request Forgery (CSRF) vulnerability in CodeBard CodeBard's ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47759 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47758 (Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47755 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47467 (Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remot ...) + NOT-FOR-US: jeecgboot jeecg-boot +CVE-2023-47380 (Admidio v4.2.12 and below is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Admidio +CVE-2023-47350 (SwiftyEdit Content Management System prior to v1.2.0 is vulnerable to ...) + NOT-FOR-US: SwiftyEdit Content Management System +CVE-2023-47316 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) + NOT-FOR-US: Headwind MDM Web panel +CVE-2023-47315 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) + NOT-FOR-US: Headwind MDM Web panel +CVE-2023-47314 (Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting (X ...) + NOT-FOR-US: Headwind MDM Web panel +CVE-2023-47313 (Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal. Th ...) + NOT-FOR-US: Headwind MDM Web panel +CVE-2023-47312 (Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Contro ...) + NOT-FOR-US: Headwind MDM Web panel +CVE-2023-47251 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a ...) + NOT-FOR-US: TightGate-Pro Server +CVE-2023-47250 (In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, b ...) + NOT-FOR-US: TightGate-Pro Server +CVE-2023-47014 (A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester St ...) + NOT-FOR-US: Sourcecodester Sticky Notes App +CVE-2023-46673 (It was identified that malformed scripts used in the script processor ...) + - elasticsearch +CVE-2023-46357 (In the module "Cross Selling in Modal Cart" (motivationsale) < 3.5.0 f ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45377 (In the module "Chronopost Official" (chronopost) for PrestaShop, a gue ...) + NOT-FOR-US: PrestaShop module +CVE-2023-43082 (Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability i ...) + NOT-FOR-US: Dell +CVE-2023-43081 (PowerProtect Agent for File System Version 19.14 and prior, contains a ...) + NOT-FOR-US: Dell +CVE-2023-3104 (Lack of authentication vulnerability. An unauthenticated local user is ...) + NOT-FOR-US: Unitree Robotics A1 +CVE-2023-3103 (Authentication bypass vulnerability, the exploitation of which could a ...) + NOT-FOR-US: Unitree Robotics A1 +CVE-2023-39925 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Com ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2889 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Veon Computer Service Tracking Software +CVE-2023-2841 (The Advanced Local Pickup for WooCommerce plugin for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2497 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2449 (The UserPro plugin for WordPress is vulnerable to unauthorized passwor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2448 (The UserPro plugin for WordPress is vulnerable to unauthorized access ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2440 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2438 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2437 (The UserPro plugin for WordPress is vulnerable to authentication bypas ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37924 (Apache Software Foundation Apache Submarine has an SQL injection vulne ...) + NOT-FOR-US: Apache Submarine +CVE-2023-6248 (The Syrus4 IoT gateway utilizes an unsecured MQTT server to download a ...) + NOT-FOR-US: Syrus4 IoT gateway +CVE-2023-5299 (A user with a standard account in Fuji Electric Tellus Lite may overwr ...) + NOT-FOR-US: Fuji Electric Tellus Lite +CVE-2023-49105 (An issue was discovered in ownCloud owncloud/core before 10.13.1. An a ...) + - owncloud +CVE-2023-49104 (An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when ...) + NOT-FOR-US: Owncloud addon +CVE-2023-49103 (An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2 ...) + NOT-FOR-US: Owncloud addon +CVE-2023-48701 (Statamic CMS is a Laravel and Git powered content management system (C ...) + NOT-FOR-US: Statamic CMS +CVE-2023-48700 (The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libr ...) + NOT-FOR-US: Nautobot Device Onboarding plugin +CVE-2023-48699 (fastbots is a library for fast bot and scraper development using selen ...) + NOT-FOR-US: fastbots +CVE-2023-48307 (Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivi ...) + NOT-FOR-US: Nextcloud Mail app +CVE-2023-48306 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48305 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48304 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48303 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48302 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48301 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48299 (TorchServe is a tool for serving and scaling PyTorch models in product ...) + NOT-FOR-US: TorchServe +CVE-2023-48239 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-48230 (Cap'n Proto is a data interchange format and capability-based RPC syst ...) + - capnproto 1.0.1-3 (bug #1056615) + [bookworm] - capnproto (Vulnerable code not present) + [bullseye] - capnproto (Vulnerable code not present) + [buster] - capnproto (Vulnerable code not present) + NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-r89h-f468-62w3 + NOTE: https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59 (v2-branch) + NOTE: https://github.com/capnproto/capnproto/commit/5d5d734b0350c6f2e36c3155753e6a19fbfeda9a (v1.0.1.1) +CVE-2023-48228 (authentik is an open-source identity provider. When initialising a oau ...) + NOT-FOR-US: authentik +CVE-2023-48161 (Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows ...) + - giflib (unimportant) + NOTE: https://sourceforge.net/p/giflib/bugs/167/ + NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact +CVE-2023-47393 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...) + NOT-FOR-US: Mercedes me IOS APP +CVE-2023-47392 (An access control issue in Mercedes me IOS APP v1.34.0 and below allow ...) + NOT-FOR-US: Mercedes me IOS APP +CVE-2023-47016 (radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in l ...) + - radare2 (bug #1056930) + NOTE: https://github.com/radareorg/radare2/issues/22349 + NOTE: https://github.com/radareorg/radare2/commit/40c9f50e127be80b9d816bce2ab2ee790831aefd +CVE-2023-46814 (A binary hijacking vulnerability exists within the VideoLAN VLC media ...) + - vlc (Windows-specific) + NOTE: https://www.videolan.org/security/sb-vlc3019.html +CVE-2023-41146 (Autodesk Customer Support Portal allows cases created by users under a ...) + NOT-FOR-US: Autodesk Customer Support Portal +CVE-2023-41145 (Autodesk users who no longer have an active license for an account can ...) + NOT-FOR-US: Autodesk +CVE-2023-40152 (When Fuji Electric Tellus Lite V-Simulator parses a specially-crafted ...) + NOT-FOR-US: Fuji Electric Tellus Lite V-Simulator +CVE-2023-35127 (Stack-based buffer overflow may occur when Fuji Electric Tellus Lite V ...) + NOT-FOR-US: Fuji Electric Tellus Lite V-Simulator +CVE-2023-2447 (The UserPro plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2446 (The UserPro plugin for WordPress is vulnerable to sensitive informatio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6238 (A buffer overflow vulnerability was found in the NVM Express (NVMe) dr ...) + - linux + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) +CVE-2023-6235 (An uncontrolled search path element vulnerability has been found in th ...) + NOT-FOR-US: Duet Display for Windows +CVE-2023-6228 (An issue was found in the tiffcp utility distributed by the libtiff pa ...) + - tiff (unimportant) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/606 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1e7d217a323eac701b134afc4ae39b6bdfdbc96a + NOTE: Crash in CLI tool, no security impact +CVE-2023-6213 (Memory safety bugs present in Firefox 119. Some of these bugs showed e ...) + - firefox 120.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6213 +CVE-2023-6212 (Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thun ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6212 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6212 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6212 +CVE-2023-6211 (If an attacker needed a user to load an insecure http: page and knew t ...) + - firefox 120.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6211 +CVE-2023-6210 (When an https: web page created a pop-up from a "javascript:" URL, tha ...) + - firefox 120.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6210 +CVE-2023-6209 (Relative URLs starting with three slashes were incorrectly parsed, and ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6209 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6209 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6209 +CVE-2023-6208 (When using X11, text selected by the page using the Selection API was ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6208 +CVE-2023-6207 (Ownership mismanagement led to a use-after-free in ReadableByteStreams ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6207 +CVE-2023-6206 (The black fade animation when exiting fullscreen is roughly the length ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6206 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6206 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6206 +CVE-2023-6205 (It was possible to cause the use of a MessagePort after it had already ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6205 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6205 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6205 +CVE-2023-6204 (On some systems\u2014depending on the graphics settings and drivers\u2 ...) + {DSA-5566-1 DSA-5561-1 DLA-3674-1 DLA-3661-1} + - firefox 120.0-1 + - firefox-esr 115.5.0esr-1 + - thunderbird 1:115.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-49/#CVE-2023-6204 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-50/#CVE-2023-6204 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-52/#CVE-2023-6204 +CVE-2023-5776 (The Post Meta Data Manager plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5599 (A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboar ...) + NOT-FOR-US: 3DDashboard in 3DSwymer from Release 3DEXPERIENCE +CVE-2023-5598 (Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in ...) + NOT-FOR-US: 3DSwym in 3DSwymer from Release 3DEXPERIENCE +CVE-2023-5055 (Possible variant of CVE-2021-3434 in function le_ecred_reconf_req.) + NOT-FOR-US: zephyr-rtos +CVE-2023-49061 (An attacker could have performed HTML template injection via Reader Mo ...) + - firefox (Only affects Firefox for iOS) +CVE-2023-49060 (An attacker could have accessed internal pages or data by ex-filtratin ...) + - firefox (Only affects Firefox for iOS) +CVE-2023-48226 (OpenReplay is a self-hosted session replay suite. In version 1.14.0, d ...) + NOT-FOR-US: OpenReplay +CVE-2023-48124 (Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote atta ...) + NOT-FOR-US: SUP Online Shopping +CVE-2023-47643 (SuiteCRM is a Customer Relationship Management (CRM) software applicat ...) + NOT-FOR-US: SuiteCRM +CVE-2023-46377 + REJECTED +CVE-2023-6199 (Book Stack version 23.10.2 allows filtering local files on the server. ...) + NOT-FOR-US: bookstack +CVE-2023-6178 (An arbitrary file write vulnerability exists where an authenticated at ...) + NOT-FOR-US: Nessus Agent +CVE-2023-6144 (Dev blog v1.0 allows to exploit an account takeover through the "user" ...) + NOT-FOR-US: Dev blog +CVE-2023-6142 (Dev blog v1.0 allows to exploit an XSS through an unrestricted file up ...) + NOT-FOR-US: Dev blog +CVE-2023-6062 (An arbitrary file write vulnerability exists where an authenticated, r ...) + NOT-FOR-US: Nessus +CVE-2023-5553 (During internal Axis Security Development Model (ASDM) threat-modellin ...) + NOT-FOR-US: AXIS OS +CVE-2023-5275 (Improper Input Validation vulnerability in simulation function of GX W ...) + NOT-FOR-US: Mitsubishi +CVE-2023-5274 (Improper Input Validation vulnerability in simulation function of GX W ...) + NOT-FOR-US: Mitsubishi +CVE-2023-4424 (An malicious BLE device can cause buffer overflow by sending malformed ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4149 (A vulnerability in the web-based management allows an unauthenticated ...) + NOT-FOR-US: Wago +CVE-2023-48310 (TestingPlatform is a testing platform for Internet Security Standards. ...) + NOT-FOR-US: TestingPlatform +CVE-2023-48192 (An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local att ...) + NOT-FOR-US: TOTOlink +CVE-2023-48176 (An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote at ...) + NOT-FOR-US: WebsiteGuide +CVE-2023-48051 (An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to dec ...) + NOT-FOR-US: upydev +CVE-2023-47311 (An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcomma ...) + NOT-FOR-US: Yamcs +CVE-2023-47172 (Certain WithSecure products allow Local Privilege Escalation. This aff ...) + NOT-FOR-US: WithSecure +CVE-2023-46935 (eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lea ...) + NOT-FOR-US: eyoucms +CVE-2023-46471 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...) + NOT-FOR-US: Yamcs +CVE-2023-46470 (Cross Site Scripting vulnerability in Space Applications Services Yamc ...) + NOT-FOR-US: Yamcs +CVE-2023-45886 (The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote ...) + NOT-FOR-US: BGP daemon (bgpd) in IP Infusion ZebOS +CVE-2023-42770 (Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users en ...) + NOT-FOR-US: Red Lion +CVE-2023-40151 (When user authentication is not enabled the shell can execute commands ...) + NOT-FOR-US: Red Lion +CVE-2023-6134 (A flaw was found in Keycloak that prevents certain schemes in redirect ...) + NOT-FOR-US: Keycloak +CVE-2023-5764 (A template injection flaw was found in Ansible where a user's controll ...) + - ansible-core 2.14.13-1 (bug #1057427) + [bookworm] - ansible-core (Minor issue) + - ansible 5.4.0-1 + [bullseye] - ansible (Minor issue) + NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247629 + NOTE: https://github.com/ansible/ansible/pull/82293 (stable-2.16) + NOTE: https://github.com/ansible/ansible/pull/82294 (stable-2.15) + NOTE: https://github.com/ansible/ansible/pull/82295 (stable-2.14) + NOTE: https://github.com/ansible/ansible/commit/7239d2d371bc6e274cbb7314e01431adce6ae25a (v2.14.12rc1) +CVE-2023-41913 (strongSwan before 5.9.12 has a buffer overflow and possible unauthenti ...) + {DSA-5560-1 DLA-3663-1} + - strongswan 5.9.12-1 + NOTE: https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-(cve-2023-41913).html + NOTE: Patches: https://download.strongswan.org/security/CVE-2023-41913/ +CVE-2023-6197 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6196 (The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6045 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) + NOT-FOR-US: OpenHarmony +CVE-2023-5799 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have prope ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5652 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5651 (The WP Hotel Booking WordPress plugin before 2.0.8 does not have autho ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5640 (The Article Analytics WordPress plugin does not properly sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5610 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5609 (The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5593 (The out-of-bounds write vulnerability in the Windows-based SecuExtende ...) + NOT-FOR-US: SecuExtender SSL VPN Client +CVE-2023-5509 (The myStickymenu WordPress plugin before 2.6.5 does not adequately aut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5343 (The Popup box WordPress plugin before 3.7.9 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5340 (The Five Star Restaurant Menu and Food Ordering WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5140 (The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5119 (The Forminator WordPress plugin before 1.27.0 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4970 (The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4824 (The WooHoo Newspaper Magazine theme does not have CSRF check in place ...) + NOT-FOR-US: WooHoo Newspaper Magazine theme +CVE-2023-4808 (The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4799 (The Magic Embeds WordPress plugin before 3.1.2 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48309 (NextAuth.js provides authentication for Next.js. `next-auth` applicati ...) + NOT-FOR-US: NextAuth.js +CVE-2023-48300 (The `Embed Privacy` plugin for WordPress that prevents the loading of ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48293 (The XWiki Admin Tools Application provides tools to help the administr ...) + NOT-FOR-US: XWiki Admin Tools Application +CVE-2023-48292 (The XWiki Admin Tools Application provides tools to help the administr ...) + NOT-FOR-US: XWiki Admin Tools Application +CVE-2023-48241 (XWiki Platform is a generic wiki platform. Starting in version 6.3-mil ...) + NOT-FOR-US: XWiki +CVE-2023-48240 (XWiki Platform is a generic wiki platform. The rendered diff in XWiki ...) + NOT-FOR-US: XWiki +CVE-2023-48223 (fast-jwt provides fast JSON Web Token (JWT) implementation. Prior to v ...) + NOT-FOR-US: fast-jwt +CVE-2023-48221 (wire-avs provides Audio, Visual, and Signaling (AVS) functionality sur ...) + NOT-FOR-US: wire-avs +CVE-2023-48218 (The Strapi Protected Populate Plugin protects `get` endpoints from rev ...) + NOT-FOR-US: Strapi Protected Populate Plugin +CVE-2023-48111 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-48110 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) + NOT-FOR-US: Tenda +CVE-2023-48109 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via th ...) + NOT-FOR-US: Tenda +CVE-2023-48090 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in ...) + - gpac (bug #1059056) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2680 +CVE-2023-48039 (GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in ...) + - gpac (bug #1059056) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2679 +CVE-2023-47772 (Contributor+Stored Cross-Site Scripting (XSS) vulnerability in Slider ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47417 (Cross Site Scripting (XSS) vulnerability in the component /shells/embe ...) + NOT-FOR-US: DZSlides +CVE-2023-47217 (in OpenHarmony v3.2.2 and prior versions allow a local attacker cause ...) + NOT-FOR-US: OpenHarmony +CVE-2023-46990 (Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a ...) + NOT-FOR-US: PublicCMS +CVE-2023-46705 (in OpenHarmony v3.2.2 and prior versions allow a local attacker causes ...) + NOT-FOR-US: OpenHarmony +CVE-2023-46100 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get se ...) + NOT-FOR-US: OpenHarmony +CVE-2023-43612 (in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitr ...) + NOT-FOR-US: OpenHarmony +CVE-2023-42774 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) + NOT-FOR-US: OpenHarmony +CVE-2023-3116 (in OpenHarmony v3.2.2 and prior versions allow a local attacker get co ...) + NOT-FOR-US: OpenHarmony +CVE-2023-38885 (OpenSIS Classic Community Edition version 9.0 lacks cross-site request ...) + NOT-FOR-US: OpenSIS +CVE-2023-38884 (An Insecure Direct Object Reference (IDOR) vulnerability in the Commun ...) + NOT-FOR-US: OpenSIS +CVE-2023-38883 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + NOT-FOR-US: OpenSIS +CVE-2023-38882 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + NOT-FOR-US: OpenSIS +CVE-2023-38881 (A reflected cross-site scripting (XSS) vulnerability in the Community ...) + NOT-FOR-US: OpenSIS +CVE-2023-38880 (The Community Edition version 9.0 of OS4ED's openSIS Classic has a bro ...) + NOT-FOR-US: OpenSIS +CVE-2023-38879 (The Community Edition version 9.0 of OS4ED's openSIS Classic allows re ...) + NOT-FOR-US: OpenSIS +CVE-2023-38823 (Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC ...) + NOT-FOR-US: Tenda +CVE-2023-36013 (PowerShell Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35762 (Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to ope ...) + NOT-FOR-US: INEA ME RTU firmware +CVE-2023-29155 (Versions of INEA ME RTU firmware 3.36b and prior do not require authen ...) + NOT-FOR-US: INEA ME RTU firmware +CVE-2023-47175 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) + NOT-FOR-US: LuxCal Web Calendar +CVE-2023-46700 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (My ...) + NOT-FOR-US: LuxCal Web Calendar +CVE-2023-3379 (Wago web-based management of multiple products has a vulnerability whi ...) + NOT-FOR-US: Wago +CVE-2023-46302 (Apache Software Foundation Apache Submarine has a bug when serializing ...) + NOT-FOR-US: Apache Submarine +CVE-2023-47685 (Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47672 (Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Categor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47671 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Verti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47670 (Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Kore ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47667 (Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Ful ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47666 (Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47664 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Pl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47655 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC X ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47651 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Li ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47650 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47649 (Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Res ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47644 (Cross-Site Request Forgery (CSRF) vulnerability in profilegrid Profile ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47556 (Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Devi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47553 (Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc User ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47552 (Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47551 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47531 (Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit D ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47519 (Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47243 (Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop \ucf54\ub ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41129 (Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32514 (Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32504 (Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat.Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32245 (Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essenti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48736 (In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-40363 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2023-38361 (IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algo ...) + NOT-FOR-US: IBM +CVE-2023-6187 (The Paid Memberships Pro plugin for WordPress is vulnerable to arbitra ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4214 (The AppPresser plugin for WordPress is vulnerable to unauthorized pass ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48295 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) + NOT-FOR-US: LibreNMS +CVE-2023-48294 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) + NOT-FOR-US: LibreNMS +CVE-2023-48238 (joaquimserafim/json-web-token is a javascript library use to interact ...) + NOT-FOR-US: Node json-web-token +CVE-2023-48028 (kodbox 1.46.01 has a security flaw that enables user enumeration. This ...) + NOT-FOR-US: kodbox +CVE-2023-48017 (Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) v ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-46745 (LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitorin ...) + NOT-FOR-US: LibreNMS +CVE-2023-46402 (git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in ...) + NOT-FOR-US: git-urls +CVE-2023-44796 (Cross Site Scripting (XSS) vulnerability in LimeSurvey before version ...) + - limesurvey (bug #472802) +CVE-2023-43177 (CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modifi ...) + NOT-FOR-US: CrushFTP +CVE-2023-40817 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product ...) + NOT-FOR-US: OpenCRX +CVE-2023-40816 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Mil ...) + NOT-FOR-US: OpenCRX +CVE-2023-40815 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category ...) + NOT-FOR-US: OpenCRX +CVE-2023-40814 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts ...) + NOT-FOR-US: OpenCRX +CVE-2023-40813 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Sav ...) + NOT-FOR-US: OpenCRX +CVE-2023-40812 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts ...) + NOT-FOR-US: OpenCRX +CVE-2023-40810 (OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name ...) + NOT-FOR-US: OpenCRX +CVE-2023-40809 (OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity ...) + NOT-FOR-US: OpenCRX +CVE-2023-6188 (A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been r ...) + NOT-FOR-US: GetSimpleCMS +CVE-2023-6179 (Honeywell ProWatch, 4.5, including all Service Pack versions, contain ...) + NOT-FOR-US: Honeywell ProWatch +CVE-2023-5445 (An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 ...) + NOT-FOR-US: ePolicy Orchestrator +CVE-2023-5444 (A Cross Site Request Forgery vulnerability in ePolicy Orchestrator pri ...) + NOT-FOR-US: ePolicy Orchestrator +CVE-2023-48185 (Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.29 ...) + NOT-FOR-US: TerraMaster +CVE-2023-48029 (Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with ...) + NOT-FOR-US: Corebos +CVE-2023-48025 (Liblisp through commit 4c65969 was discovered to contain a out-of-boun ...) + NOT-FOR-US: Liblisp +CVE-2023-48024 (Liblisp through commit 4c65969 was discovered to contain a use-after-f ...) + NOT-FOR-US: Liblisp +CVE-2023-47757 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47073 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47072 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47071 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47070 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47069 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47068 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47067 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47066 (Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44355 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-44353 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-44352 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-44351 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-44350 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-44326 (Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-44325 (Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-44324 (Adobe FrameMaker versions 2022 and earlier are affected by an Improper ...) + NOT-FOR-US: Adobe +CVE-2023-6020 (LFI in Ray's /static/ directory allows attackers to read any file on t ...) + NOT-FOR-US: Ray +CVE-2023-6014 (An attacker is able to arbitrarily create an account in MLflow bypassi ...) + NOT-FOR-US: mlflow +CVE-2023-48659 (An issue was discovered in MISP before 2.4.176. app/Controller/AppCont ...) + NOT-FOR-US: MISP +CVE-2023-48658 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) + NOT-FOR-US: MISP +CVE-2023-48657 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) + NOT-FOR-US: MISP +CVE-2023-48656 (An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php ...) + NOT-FOR-US: MISP +CVE-2023-48655 (An issue was discovered in MISP before 2.4.176. app/Controller/Compone ...) + NOT-FOR-US: MISP +CVE-2023-48649 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on t ...) + NOT-FOR-US: Concrete CMS +CVE-2023-48648 (Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized ac ...) + NOT-FOR-US: Concrete CMS +CVE-2023-48237 (Vim is an open source command line text editor. In affected versions w ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 + NOTE: https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e (v9.0.2112) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48236 (Vim is an open source command line text editor. When using the z= comm ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 + NOTE: https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 (v9.0.2111) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48235 (Vim is an open source command line text editor. When parsing relative ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g + NOTE: https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 (v9.0.2110) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48234 (Vim is an open source command line text editor. When getting the count ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq + NOTE: https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca (v9.0.2109) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48233 (Vim is an open source command line text editor. If the count after the ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj + NOTE: https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 (v9.0.2108) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48232 (Vim is an open source command line text editor. A floating point excep ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw + NOTE: https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce (v9.0.2107) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48231 (Vim is an open source command line text editor. When closing a window, ...) + - vim 2:9.0.2116-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 + NOTE: https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a (v9.0.2106) + NOTE: Self-inflicted crash, no security impact +CVE-2023-48222 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2023-48078 (SQL Injection vulnerability in add.php in Simple CRUD Functionality v1 ...) + NOT-FOR-US: Simple CRUD Functionality +CVE-2023-48031 (OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with ...) + NOT-FOR-US: OpenSupports +CVE-2023-47797 (Reflected cross-site scripting (XSS) vulnerability on a content page\u ...) + NOT-FOR-US: Liferay Portal +CVE-2023-47688 (Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube Spe ...) + NOT-FOR-US: WordPress plugin# +CVE-2023-47687 (Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Cust ...) + NOT-FOR-US: WordPress plugin# +CVE-2023-47686 (Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato ...) + NOT-FOR-US: WordPress plugin# +CVE-2023-47675 (CubeCart prior to 6.5.3 allows a remote authenticated attacker with an ...) + NOT-FOR-US: CubeCart +CVE-2023-47642 (Zulip is an open-source team collaboration tool. It was discovered by ...) + NOT-FOR-US: Zulip +CVE-2023-47283 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...) + NOT-FOR-US: CubeCart +CVE-2023-47112 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2023-47025 (An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial ...) + NOT-FOR-US: Free5gc +CVE-2023-46214 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise ...) + NOT-FOR-US: Splunk +CVE-2023-46213 (In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escap ...) + NOT-FOR-US: Splunk +CVE-2023-45387 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...) + NOT-FOR-US: PrestaShop addon +CVE-2023-45382 (In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from ...) + NOT-FOR-US: PrestaShop addon +CVE-2023-42428 (Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a ...) + NOT-FOR-US: CubeCart +CVE-2023-41102 (An issue was discovered in the captive portal in OpenNDS before versio ...) + NOT-FOR-US: OpenNDS +CVE-2023-41101 (An issue was discovered in the captive portal in OpenNDS before versio ...) + NOT-FOR-US: OpenNDS +CVE-2023-40314 (Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS ...) + NOT-FOR-US: OpenNMS +CVE-2023-39548 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) + NOT-FOR-US: CLUSTERPRO +CVE-2023-39547 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) + NOT-FOR-US: CLUSTERPRO +CVE-2023-39546 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) + NOT-FOR-US: CLUSTERPRO +CVE-2023-39545 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) + NOT-FOR-US: CLUSTERPRO +CVE-2023-39544 (CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, ...) + NOT-FOR-US: CLUSTERPRO +CVE-2023-38324 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38322 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38320 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38316 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38315 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38314 (An issue was discovered in OpenNDS Captive Portal before version 10.1. ...) + NOT-FOR-US: OpenNDS +CVE-2023-38313 (An issue was discovered in OpenNDS Captive Portal before 10.1.2. it ha ...) + NOT-FOR-US: OpenNDS +CVE-2023-38130 (Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6 ...) + NOT-FOR-US: CubeCart +CVE-2023-6176 (A null pointer dereference flaw was found in the Linux kernel API for ...) + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cfaa80c91f6f99b9342b6557f0f0e1143e434066 (6.6-rc2) +CVE-2023-6175 [NetScreen file parser crash] + {DSA-5559-1} + - wireshark 4.0.11-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-29.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19404 +CVE-2023-6174 (SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of serv ...) + {DSA-5559-1} + - wireshark 4.0.11-1 + [bullseye] - wireshark (Only affects 4.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-28.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19369 +CVE-2023-6121 (An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsy ...) + - linux + [bookworm] - linux 6.1.64-1 + NOTE: https://lore.kernel.org/linux-nvme/b58a2dc6-cc8f-4d19-9efe-e1d5b4505efc@nvidia.com/T/ + NOTE: https://lore.kernel.org/linux-nvme/CAK5usQvxAyC3LJ4OnqerS1P0JpbfFr9uRZmq6Jb4QhaB7AQCoQ@mail.gmail.com/T/ + NOTE: https://git.kernel.org/linus/1c22e0295a5eb571c27b53c7371f95699ef705ff (6.7-rc3) +CVE-2023-6119 (An Improper Privilege Management vulnerability in Trellix GetSusp prio ...) + NOT-FOR-US: Trellix +CVE-2023-6038 (An attacker is able to read any file on the server hosting the H2O das ...) + NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) +CVE-2023-6023 (An attacker can read any file on the filesystem on the server hosting ...) + NOT-FOR-US: ModelDB +CVE-2023-6022 (An attacker is able to steal secrets and potentially gain remote code ...) + NOT-FOR-US: Prefect +CVE-2023-6021 (LFI in Ray's log API endpoint allows attackers to read any file on the ...) + NOT-FOR-US: Ray's log API endpoint +CVE-2023-6019 (A command injection existed in Ray's cpu_profile URL parameter allowin ...) + NOT-FOR-US: Ray +CVE-2023-6018 (An attacker can overwrite any file on the server hosting MLflow withou ...) + NOT-FOR-US: mlflow +CVE-2023-6017 (H2O included a reference to an S3 bucket that no longer existed allowi ...) + NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) +CVE-2023-6016 (An attacker is able to gain remote code execution on a server hosting ...) + NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) +CVE-2023-6015 (MLflow allowed arbitrary files to be PUT onto the server.) + NOT-FOR-US: mlflow +CVE-2023-6013 (H2O is vulnerable to stored XSS vulnerability which can lead to a Loca ...) + NOT-FOR-US: H2O (h2ai) (not the same as src:h2o) +CVE-2023-4771 (A Cross-Site scripting vulnerability has been found in CKSource CKEdit ...) + - ckeditor (unimportant) + NOTE: Seems bogus, only affects an example +CVE-2023-48134 (nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive I ...) + NOT-FOR-US: nagayama_copabowl +CVE-2023-48056 (PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chai ...) + NOT-FOR-US: PyPinkSign +CVE-2023-48055 (SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption ...) + NOT-FOR-US: SuperAGI +CVE-2023-48054 (Missing SSL certificate validation in localstack v2.3.2 allows attacke ...) + NOT-FOR-US: localstack.cloud +CVE-2023-48053 (Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaini ...) + NOT-FOR-US: Archery +CVE-2023-48052 (Missing SSL certificate validation in HTTPie v3.2.2 allows attackers t ...) + - httpie (unimportant) + [bullseye] - httpie (remote version check introduced in 3.2.0) + [buster] - httpie (remote version check introduced in 3.2.0) + NOTE: https://gxx777.github.io/HTTPie_3.2.2_Cryptographic_API_Misuse_Vulnerability.md + NOTE: The httpie tools do validate SSL certificates for user-provided URLs, and fail if invalid. + NOTE: Only its internal version check (update_warnings.py) makes a verify=False call to a + NOTE: https://packages.httpie.io/latest.json URL, with no security impact besides displaying the information. + NOTE: Introduced by: https://github.com/httpie/cli/commit/003f2095d4e98b26220802f016a56be38bf9bd8d (v3.2.0) +CVE-2023-47514 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrence ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47512 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47511 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47508 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47245 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47240 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47239 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47060 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47059 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47058 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47057 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47056 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47055 (Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-47054 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47053 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47052 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47051 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47050 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47049 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47048 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47047 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47046 (Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-47044 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47043 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47042 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47041 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-47040 (Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44372 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44371 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44367 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44366 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44365 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44361 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44360 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44359 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44358 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44357 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44356 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44348 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44347 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44346 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44345 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44344 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44343 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44342 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44341 (Adobe InDesign versions ID18.5 (and earlier) and ID17.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-44340 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44339 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44338 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44337 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44336 (Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-44335 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44334 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44333 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44332 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44331 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44330 (Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-44329 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-44328 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-44327 (Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-44292 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...) + NOT-FOR-US: Dell +CVE-2023-44282 (Dell Repository Manager, 3.4.3 and prior, contains an Improper Access ...) + NOT-FOR-US: Dell +CVE-2023-39926 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Unde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39259 (Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 c ...) + NOT-FOR-US: Dell +CVE-2023-39246 (Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Sec ...) + NOT-FOR-US: Dell +CVE-2023-36026 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36008 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-34375 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SE ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32957 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazz ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32796 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32469 (Dell Precision Tower BIOS contains an Improper Input Validation vulner ...) + NOT-FOR-US: Dell +CVE-2023-6105 (An information disclosure vulnerability exists in multiple ManageEngin ...) + NOT-FOR-US: ManageEngine +CVE-2023-5381 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4723 (The Elementor Addon Elements plugin for WordPress is vulnerable to Sen ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4690 (The Elementor Addon Elements plugin for WordPress is vulnerable to Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4689 (The Elementor Addon Elements plugin for WordPress is vulnerable to Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48365 (Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows un ...) + NOT-FOR-US: Qlik Sense Enterprise for Windows +CVE-2023-48224 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-48204 (An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtai ...) + NOT-FOR-US: PublicCMS +CVE-2023-48200 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...) + - grocy (bug #969056) +CVE-2023-48199 (HTML Injection vulnerability in the 'manageApiKeys' component in Grocy ...) + - grocy (bug #969056) +CVE-2023-48198 (A Cross-Site Scripting (XSS) vulnerability in the 'product description ...) + - grocy (bug #969056) +CVE-2023-48197 (Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local att ...) + - grocy (bug #969056) +CVE-2023-47674 (Missing authentication for critical function vulnerability in First Co ...) + NOT-FOR-US: First Corporation +CVE-2023-47638 + REJECTED +CVE-2023-43887 (Libde265 v1.0.12 was discovered to contain multiple buffer overflows v ...) + {DLA-3676-1} + - libde265 1.0.13-1 + [bookworm] - libde265 1.0.11-1+deb12u1 + [bullseye] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/418 + NOTE: https://github.com/strukturag/libde265/commit/63b596c915977f038eafd7647d1db25488a8c133 (v1.0.13) +CVE-2023-47471 (Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a ...) + {DLA-3676-1} + - libde265 1.0.13-1 (bug #1056187) + [bookworm] - libde265 1.0.11-1+deb12u1 + [bullseye] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/426 + NOTE: https://github.com/strukturag/libde265/commit/e36b4a1b0bafa53df47514c419d5be3e8916ebc7 (v1.0.13) +CVE-2023-47470 (Buffer Overflow vulnerability in Ffmpeg before github commit 456574705 ...) + - ffmpeg (Vulnerable code not in any Debian released version) + NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20230915131147.5945-2-michael%40niedermayer.cc/ + NOTE: https://github.com/goldds96/Report/tree/main/FFmpeg + NOTE: Introduced in: https://github.com/FFmpeg/FFmpeg/commit/34e4f18360c4ecb8e5979cab8f389478d8cd7819 (n6.1) + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/4565747056a11356210ed8edcecb920105e40b60 (n6.1) +CVE-2023-47444 (An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticate ...) + NOT-FOR-US: OpenCart +CVE-2023-47347 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...) + NOT-FOR-US: free5GC +CVE-2023-47345 (Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cau ...) + NOT-FOR-US: free5GC +CVE-2023-47335 (Insecure permissions in the setNFZEnable function of Autel Robotics EV ...) + NOT-FOR-US: Autel Robotics EVO Nano drone +CVE-2023-47264 (Certain WithSecure products have a buffer over-read whereby processing ...) + NOT-FOR-US: WithSecure +CVE-2023-47263 (Certain WithSecure products allow a Denial of Service (DoS) in the ant ...) + NOT-FOR-US: WithSecure +CVE-2023-47213 (First Corporation's DVRs use a hard-coded password, which may allow a ...) + NOT-FOR-US: First Corporation +CVE-2023-47003 (An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitra ...) + NOT-FOR-US: RedisGraph +CVE-2023-44296 (Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vu ...) + NOT-FOR-US: Dell +CVE-2023-43757 (Inadequate encryption strength vulnerability in multiple routers provi ...) + NOT-FOR-US: ELECOM +CVE-2023-43752 (OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier ...) + NOT-FOR-US: ELECOM +CVE-2023-43275 (Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 ...) + NOT-FOR-US: DedeCMS +CVE-2023-41442 (An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1 ...) + NOT-FOR-US: Kloudq Technologies Limited Tor Equip +CVE-2023-6079 + REJECTED +CVE-2023-5720 (A flaw was found in Quarkus, where it does not properly sanitize artif ...) + NOT-FOR-US: Quarkus +CVE-2023-5676 (In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an ...) + NOT-FOR-US: Eclipse OpenJ9 +CVE-2023-5245 (FileUtil.extract() enumerates all zip file entries and extracts each f ...) + NOT-FOR-US: mleap +CVE-2023-4602 (The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48219 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...) + - tinymce +CVE-2023-48089 (xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via / ...) + NOT-FOR-US: XXL-Job +CVE-2023-48088 (xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /x ...) + NOT-FOR-US: XXL-Job +CVE-2023-48087 (xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job ...) + NOT-FOR-US: XXL-Job +CVE-2023-48014 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a sta ...) + - gpac (bug #1056282) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2613 + NOTE: https://github.com/gpac/gpac/commit/66abf0887c89c29a484d9e65e70882794e9e3a1b +CVE-2023-48013 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a dou ...) + - gpac (bug #1056282) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2612 + NOTE: https://github.com/gpac/gpac/commit/cd8a95c1efb8f5bfc950b86c2ef77b4c76f6b893 +CVE-2023-48011 (GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a hea ...) + - gpac (bug #1056282) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2611 + NOTE: https://github.com/gpac/gpac/commit/c70f49dda4946d6db6aa55588f6a756b76bd84ea +CVE-2023-47637 (Pimcore is an Open Source Data & Experience Management Platform. In af ...) + NOT-FOR-US: Pimcore +CVE-2023-47636 (The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Fu ...) + NOT-FOR-US: Pimcore Admin Classic Bundle +CVE-2023-41699 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in P ...) + NOT-FOR-US: Payara +CVE-2023-34982 (This external control vulnerability, if exploited, could allow a local ...) + NOT-FOR-US: AVEVA +CVE-2023-34062 (In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versi ...) + NOT-FOR-US: Reactor Netty HTTP Server +CVE-2023-33873 (This privilege escalation vulnerability, if exploited, cloud allow a l ...) + NOT-FOR-US: AVEVA +CVE-2023-6133 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6032 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5987 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5986 (A CWE-601 URL Redirection to Untrusted Site vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5985 (A CWE-79 Improper Neutralization of Input During Web Page Generation v ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5984 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5981 (A vulnerability was found that the response times to malformed ciphert ...) + {DLA-3660-1} + - gnutls28 3.8.2-1 (bug #1056188) + [bookworm] - gnutls28 3.7.9-2+deb12u1 + [bullseye] - gnutls28 (Minor issue; can be fixed via point release) + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1511 + NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 + NOTE: https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html + NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d (3.8.2) +CVE-2023-4889 (The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-48217 (Statamic is a flat-first, Laravel + Git powered CMS designed for build ...) + NOT-FOR-US: Statamic CMS +CVE-2023-47678 (An improper access control vulnerability exists in RT-AC87U all versio ...) + NOT-FOR-US: ASUSTeK +CVE-2023-47641 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + - python-aiohttp 3.8.1-1 + [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (Minor issue) + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j + NOTE: https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 (v3.8.0b0) +CVE-2023-47640 (DataHub is an open-source metadata platform. The HMAC signature for Da ...) + NOT-FOR-US: DataHub +CVE-2023-47631 (vantage6 is a framework to manage and deploy privacy enhancing technol ...) + NOT-FOR-US: vantage6 +CVE-2023-47630 (Kyverno is a policy engine designed for Kubernetes. An issue was found ...) + NOT-FOR-US: Kyverno +CVE-2023-47627 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + - python-aiohttp 3.8.6-1 + [bookworm] - python-aiohttp (Minor issue) + [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (Minor issue) + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg + NOTE: https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d (v3.8.6) +CVE-2023-47586 (Multiple heap-based buffer overflow vulnerabilities exist in V-Server ...) + NOT-FOR-US: FUJI +CVE-2023-47585 (Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earl ...) + NOT-FOR-US: FUJI +CVE-2023-47584 (Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and ear ...) + NOT-FOR-US: FUJI +CVE-2023-47583 (Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator ...) + NOT-FOR-US: FUJI +CVE-2023-47582 (Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17 ...) + NOT-FOR-US: FUJI +CVE-2023-47581 (Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlie ...) + NOT-FOR-US: FUJI +CVE-2023-47580 (Multiple improper restriction of operations within the bounds of a mem ...) + NOT-FOR-US: FUJI +CVE-2023-47549 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on302 respo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47547 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47546 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Walte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47545 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47544 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47532 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47524 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requiresPH ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47522 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Fe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47520 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47517 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47446 (Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scriptin ...) + NOT-FOR-US: Pre-School Enrollment +CVE-2023-47445 (Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via t ...) + NOT-FOR-US: Pre-School Enrollment version +CVE-2023-47309 (Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripti ...) + NOT-FOR-US: Nukium nkmgls +CVE-2023-47308 (In the module "Newsletter Popup PRO with Voucher/Coupon code" (newslet ...) + NOT-FOR-US: PrestaShop addon +CVE-2023-47130 (Yii is an open source PHP web framework. yiisoft/yii before version 1. ...) + - yii (bug #597899) +CVE-2023-47125 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: TYPO3 +CVE-2023-46672 (An issue was identified by Elastic whereby sensitive information is re ...) + - logstash (bug #664841) +CVE-2023-46582 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...) + NOT-FOR-US: Inventory Management +CVE-2023-46581 (SQL injection vulnerability in Inventory Management v.1.0 allows a loc ...) + NOT-FOR-US: Inventory Management +CVE-2023-46580 (Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 ...) + NOT-FOR-US: Inventory Management +CVE-2023-46132 (Hyperledger Fabric is an open source permissioned distributed ledger f ...) + NOT-FOR-US: Hyperledger Fabric +CVE-2023-46121 (yt-dlp is a youtube-dl fork with additional features and fixes. The Ge ...) + - yt-dlp 2023.11.16-1 (bug #1055996) + [bookworm] - yt-dlp (Minor issue) + NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-3ch3-jhc6-5r8x + NOTE: https://github.com/yt-dlp/yt-dlp/commit/f04b5bedad7b281bee9814686bba1762bae092eb (2023.11.14) +CVE-2023-46026 (Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul ...) + NOT-FOR-US: phpgurukul +CVE-2023-46025 (SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher ...) + NOT-FOR-US: phpgurukul +CVE-2023-46024 (SQL Injection vulnerability in index.php in phpgurukul Teacher Subject ...) + NOT-FOR-US: phpgurukul +CVE-2023-46023 (SQL injection vulnerability in addTask.php in Code-Projects Simple Tas ...) + NOT-FOR-US: Code-Projects Simple Task List +CVE-2023-46022 (SQL Injection vulnerability in delete.php in Code-Projects Blood Bank ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-45627 (An authenticated Denial-of-Service (DoS) vulnerability exists in the C ...) + NOT-FOR-US: Aruba +CVE-2023-45626 (An authenticated vulnerability has been identified allowing an attacke ...) + NOT-FOR-US: Aruba +CVE-2023-45625 (Multiple authenticated command injection vulnerabilities exist in the ...) + NOT-FOR-US: Aruba +CVE-2023-45624 (An unauthenticated Denial-of-Service (DoS) vulnerability exists in the ...) + NOT-FOR-US: Aruba +CVE-2023-45623 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the W ...) + NOT-FOR-US: Aruba +CVE-2023-45622 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the B ...) + NOT-FOR-US: Aruba +CVE-2023-45621 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...) + NOT-FOR-US: Aruba +CVE-2023-45620 (Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the C ...) + NOT-FOR-US: Aruba +CVE-2023-45619 (There is an arbitrary file deletion vulnerability in the RSSI service ...) + NOT-FOR-US: Aruba +CVE-2023-45618 (There are arbitrary file deletion vulnerabilities in the AirWave clien ...) + NOT-FOR-US: Aruba +CVE-2023-45617 (There are arbitrary file deletion vulnerabilities in the CLI service a ...) + NOT-FOR-US: Aruba +CVE-2023-45616 (There is a buffer overflow vulnerability in the underlying AirWave cli ...) + NOT-FOR-US: Aruba +CVE-2023-45615 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) + NOT-FOR-US: Aruba +CVE-2023-45614 (There are buffer overflow vulnerabilities in the underlying CLI servic ...) + NOT-FOR-US: Aruba +CVE-2023-43979 (ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: ETS Soft ybc_blog +CVE-2023-43591 (Improper privilege management in Zoom Rooms for macOS before version ...) + NOT-FOR-US: Zoom +CVE-2023-43590 (Link following in Zoom Rooms for macOS before version 5.16.0 may allo ...) + NOT-FOR-US: Zoom +CVE-2023-43588 (Insufficient control flow management in some Zoom clients may allow an ...) + NOT-FOR-US: Zoom +CVE-2023-43582 (Improper authorization in some Zoom clients may allow an authorized us ...) + NOT-FOR-US: Zoom +CVE-2023-41718 (When a particular process flow is initiated, an attacker may be able t ...) + NOT-FOR-US: Ivanti +CVE-2023-41597 (EyouCms v1.6.2 was discovered to contain a reflected cross-site script ...) + NOT-FOR-US: EyouCms +CVE-2023-41570 (MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect acc ...) + NOT-FOR-US: MikroTik +CVE-2023-40923 (MyPrestaModules ordersexport before v5.0 was discovered to contain mul ...) + NOT-FOR-US: MyPrestaModules ordersexport +CVE-2023-39537 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) + NOT-FOR-US: AMI +CVE-2023-39536 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) + NOT-FOR-US: AMI +CVE-2023-39535 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) + NOT-FOR-US: AMI +CVE-2023-39337 (A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older a ...) + NOT-FOR-US: Ivanti +CVE-2023-39335 (A security vulnerability has been identified in EPMM Versions 11.10, 1 ...) + NOT-FOR-US: Ivanti +CVE-2023-39206 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...) + NOT-FOR-US: Zoom +CVE-2023-39205 (Improper conditions check in Zoom Team Chat for Zoom clients may allow ...) + NOT-FOR-US: Zoom +CVE-2023-39204 (Buffer overflow in some Zoom clients may allow an unauthenticated user ...) + NOT-FOR-US: Zoom +CVE-2023-39203 (Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop C ...) + NOT-FOR-US: Zoom +CVE-2023-39202 (Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Cl ...) + NOT-FOR-US: Zoom +CVE-2023-39199 (Cryptographic issues with In-Meeting Chat for some Zoom clients may al ...) + NOT-FOR-US: Zoom +CVE-2023-38544 (A logged in user can modify specific files that may lead to unauthoriz ...) + NOT-FOR-US: Ivanti +CVE-2023-38543 (A vulnerability exists on all versions of the Ivanti Secure Access Cli ...) + NOT-FOR-US: Ivanti +CVE-2023-38043 (A vulnerability exists on all versions of the Ivanti Secure Access Cli ...) + NOT-FOR-US: Ivanti +CVE-2023-36558 (ASP.NET Core - Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36437 (Azure DevOps Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36049 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-36038 (ASP.NET Core Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36007 (Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-35080 (A vulnerability has been identified in the Ivanti Secure Access Window ...) + NOT-FOR-US: Ivanti +CVE-2023-34060 (VMware Cloud Director Appliance contains an authentication bypass vuln ...) + NOT-FOR-US: VMware +CVE-2023-44444 [GIMP PSP File Parsing Off-By-One Remote Code Execution Vulnerability] + {DSA-5564-1 DLA-3659-1} + - gimp 2.10.36-1 (bug #1055984) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1591/ + NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e1bfd87195e4fe60a92df70cde65464d032dd3c1 + NOTE: Backport to gimp-2.10: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10071 (restricted) +CVE-2023-44443 [GIMP PSP File Parsing Integer Overflow Remote Code Execution Vulnerability] + {DSA-5564-1} + - gimp 2.10.36-1 (bug #1055984) + [buster] - gimp (Vulnerable code introduced in 2.10.22) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1593/ + NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/96f536a33590bb9811da5b5639e1d6c25aaf2e01 + NOTE: Backport to gimp-2.10: https://gitlab.gnome.org/GNOME/gimp/-/commit/ef12c0a90752a06d4c465a768d052b07f5e8a8a0 (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10072 (restricted) + NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gimp/-/commit/bf66a07d207bc09f222e56c398760478a3a057fa (GIMP_2_10_22) +CVE-2023-44442 [GIMP PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability] + {DSA-5564-1 DLA-3659-1} + - gimp 2.10.36-1 (bug #1055984) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1594/ + NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/985c0a20e18b5b3b8a48ee9cb12287b1d5732d3d (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10101 (restricted) +CVE-2023-44441 [GIMP DDS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability] + {DSA-5564-1 DLA-3677-1} + - gimp 2.10.36-1 (bug #1055984) + [buster] - gimp (DDS plugin added in 2.10.10) + - gimp-dds + [bullseye] - gimp-dds (Obsoleted by src:gimp, should get dropped via Breaks) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1592/ + NOTE: https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#fixed-vulnerabilities + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/7db71cd0b6e36c454aa0d2d3efeec7e636db4dbc (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e92f279c97282a2b20dca0d923db7465f2057703 (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/9dda8139e4d07e3a273436eda993fef32555edbe (GIMP_2_10_36) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/10069 (restricted) +CVE-2023-6112 (Use after free in Navigation in Google Chrome prior to 119.0.6045.159 ...) + {DSA-5556-1} + - chromium 119.0.6045.159-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5997 (Use after free in Garbage Collection in Google Chrome prior to 119.0.6 ...) + {DSA-5556-1} + - chromium 119.0.6045.159-1 + [buster] - chromium (see DSA 5046) +CVE-2023-6131 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) + NOT-FOR-US: suitecrm +CVE-2023-6130 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) + NOT-FOR-US: suitecrm +CVE-2023-6128 (Cross-site Scripting (XSS) - Reflected in GitHub repository salesagili ...) + NOT-FOR-US: suitecrm +CVE-2023-6127 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...) + NOT-FOR-US: suitecrm +CVE-2023-6126 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) + NOT-FOR-US: suitecrm +CVE-2023-6125 (Code Injection in GitHub repository salesagility/suitecrm prior to 7.1 ...) + NOT-FOR-US: suitecrm +CVE-2023-6124 (Server-Side Request Forgery (SSRF) in GitHub repository salesagility/s ...) + NOT-FOR-US: suitecrm +CVE-2023-6111 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + - linux 6.5.13-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/93995bf4af2c5a99e2a87f0cd5ce547d31eb7630 (6.7-rc1) +CVE-2023-48094 (A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows a ...) + NOT-FOR-US: CesiumJS +CVE-2023-48021 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-48020 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-47660 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47659 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47658 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47656 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47654 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47653 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47646 (Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47554 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47550 (Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47384 (MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contai ...) + - gpac (bug #1056282) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in Buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2672 +CVE-2023-47262 (The startup process and device configurations of the Abbott ID NOW dev ...) + NOT-FOR-US: Abbott ID NOW +CVE-2023-47127 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2023-47126 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2023-46601 (A vulnerability has been identified in COMOS (All versions). The affec ...) + NOT-FOR-US: Siemens +CVE-2023-46590 (A vulnerability has been identified in Siemens OPC UA Modelling Editor ...) + NOT-FOR-US: Siemens +CVE-2023-46099 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-46098 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-46097 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-46096 (A vulnerability has been identified in SIMATIC PCS neo (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-45794 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2023-45684 (Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. ...) + - cfengine3 (Only affects CFEngine Enterprise) + NOTE: https://cfengine.com/blog/2023/cve-2023-45684/ +CVE-2023-45585 (An insertion of sensitive information into log file vulnerability [CWE ...) + NOT-FOR-US: FortiGuard +CVE-2023-45582 (An improper restriction of excessive authentication attempts vulnerabi ...) + NOT-FOR-US: FortiGuard +CVE-2023-44374 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44373 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44322 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44321 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44320 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44319 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44318 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44317 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU, RU ...) + NOT-FOR-US: Siemens +CVE-2023-44248 (An improper access control vulnerability [CWE-284] inFortiEDRCollector ...) + NOT-FOR-US: FortiGuard +CVE-2023-43505 (A vulnerability has been identified in COMOS (All versions). The affec ...) + NOT-FOR-US: Siemens +CVE-2023-43504 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...) + NOT-FOR-US: Siemens +CVE-2023-43503 (A vulnerability has been identified in COMOS (All versions < V10.4.4). ...) + NOT-FOR-US: Siemens +CVE-2023-42783 (A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8 ...) + NOT-FOR-US: FortiGuard +CVE-2023-41840 (A untrusted search path vulnerability in Fortinet FortiClientWindows 7 ...) + NOT-FOR-US: FortiGuard +CVE-2023-41676 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) + NOT-FOR-US: FortiGuard +CVE-2023-40719 (A use of hard-coded credentials vulnerability in Fortinet FortiAnalyze ...) + NOT-FOR-US: FortiGuard +CVE-2023-40540 (Non-Transparent Sharing of Microarchitectural Resources in some Intel( ...) + NOT-FOR-US: Intel +CVE-2023-40220 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...) + NOT-FOR-US: Intel +CVE-2023-39412 (Cross-site request forgery in some Intel Unison software may allow an ...) + NOT-FOR-US: Intel +CVE-2023-39411 (Improper input validationation for some Intel Unison software may allo ...) + NOT-FOR-US: Intel +CVE-2023-39230 (Insecure inherited permissions in some Intel Rapid Storage Technology ...) + NOT-FOR-US: Intel +CVE-2023-39228 (Improper access control for some Intel Unison software may allow an un ...) + NOT-FOR-US: Intel +CVE-2023-39221 (Improper access control for some Intel Unison software may allow an au ...) + NOT-FOR-US: Intel +CVE-2023-38570 (Access of memory location after end of buffer for some Intel Unison so ...) + NOT-FOR-US: Intel +CVE-2023-38411 (Improper access control in the Intel Smart Campus android application ...) + NOT-FOR-US: Intel +CVE-2023-38177 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38151 (Microsoft Host Integration Server 2020 Remote Code Execution Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-38131 (Improper input validationation for some Intel Unison software may allo ...) + NOT-FOR-US: Intel +CVE-2023-36860 (Improper input validation for some Intel Unison software may allow an ...) + NOT-FOR-US: Intel +CVE-2023-36719 (Microsoft Speech Application Programming Interface (SAPI) Elevation of ...) + NOT-FOR-US: Microsoft +CVE-2023-36705 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36641 (A numeric truncation error in Fortinet FortiProxy version 7.2.0 throug ...) + NOT-FOR-US: FortiGuard +CVE-2023-36633 (An improper authorization vulnerability [CWE-285] in FortiMail webmail ...) + NOT-FOR-US: FortiGuard +CVE-2023-36560 (ASP.NET Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36553 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2023-36439 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36428 (Microsoft Local Security Authority Subsystem Service Information Discl ...) + NOT-FOR-US: Microsoft +CVE-2023-36427 (Windows Hyper-V Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36425 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-36424 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-36423 (Microsoft Remote Registry Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36422 (Microsoft Windows Defender Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36413 (Microsoft Office Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36410 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36408 (Windows Hyper-V Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36407 (Windows Hyper-V Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36406 (Windows Hyper-V Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36405 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36404 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36403 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36402 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-36401 (Microsoft Remote Registry Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36400 (Windows HMAC Key Derivation Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36399 (Windows Storage Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36398 (Windows NTFS Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36397 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-36396 (Windows Compressed Folder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36395 (Windows Deployment Services Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36394 (Windows Search Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36393 (Windows User Interface Application Core Remote Code Execution Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-36392 (DHCP Server Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36052 (Azure CLI REST Command Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36050 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36047 (Windows Authentication Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36046 (Windows Authentication Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36045 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36043 (Open Management Infrastructure Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36042 (Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36041 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36039 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36037 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36036 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-36035 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36033 (Windows DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36031 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36030 (Microsoft Dynamics 365 Sales Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36028 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) + NOT-FOR-US: Microsoft +CVE-2023-36025 (Windows SmartScreen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36021 (Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36018 (Visual Studio Code Jupyter Extension Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36017 (Windows Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36016 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-34997 (Insecure inherited permissions in the installer for some Intel Server ...) + NOT-FOR-US: Intel +CVE-2023-34991 (A improper neutralization of special elements used in an sql command ( ...) + NOT-FOR-US: FortiGuard +CVE-2023-34431 (Improper input validation in some Intel(R) Server Board BIOS firmware ...) + NOT-FOR-US: Intel +CVE-2023-34430 (Uncontrolled search path in some Intel Battery Life Diagnostic Tool so ...) + NOT-FOR-US: Intel +CVE-2023-34350 (Uncontrolled search path element in some Intel(R) XTU software before ...) + NOT-FOR-US: Intel +CVE-2023-34314 (Insecure inherited permissions in some Intel(R) Simics Simulator softw ...) + NOT-FOR-US: Intel +CVE-2023-33878 (Path transversal in some Intel(R) NUC P14E Laptop Element Audio Instal ...) + NOT-FOR-US: Intel +CVE-2023-33874 (Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - ...) + NOT-FOR-US: Intel +CVE-2023-33872 (Improper access control in the Intel Support android application all v ...) + NOT-FOR-US: Intel +CVE-2023-33304 (A use of hard-coded credentials vulnerability in Fortinet FortiClient ...) + NOT-FOR-US: FortiGuard +CVE-2023-32701 (Improper Input Validation in the Networking Stack of QNX SDP version(s ...) + NOT-FOR-US: QNX SDP +CVE-2023-32662 (Improper authorization in some Intel Battery Life Diagnostic Tool inst ...) + NOT-FOR-US: Intel +CVE-2023-32661 (Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJY ...) + NOT-FOR-US: Intel +CVE-2023-32660 (Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbol ...) + NOT-FOR-US: Intel +CVE-2023-32658 (Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC ...) + NOT-FOR-US: Intel +CVE-2023-32655 (Path transversal in some Intel(R) NUC Kits & Mini PCs - NUC8i7HVK & NU ...) + NOT-FOR-US: Intel +CVE-2023-32641 (Improper input validation in firmware for Intel(R) QAT before version ...) + NOT-FOR-US: Intel +CVE-2023-32638 (Incorrect default permissions in some Intel Arc RGB Controller softwar ...) + NOT-FOR-US: Intel +CVE-2023-32283 (Insertion of sensitive information into log file in some Intel(R) On D ...) + NOT-FOR-US: Intel +CVE-2023-32279 (Improper access control in user mode driver for some Intel(R) Connecti ...) + NOT-FOR-US: Intel +CVE-2023-32278 (Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel ...) + NOT-FOR-US: Intel +CVE-2023-32204 (Improper access control in some Intel(R) OFU software before version 1 ...) + NOT-FOR-US: Intel +CVE-2023-31320 (Improper input validation in the AMD RadeonTM Graphics display driver ...) + NOT-FOR-US: Intel +CVE-2023-31273 (Protection mechanism failure in some Intel DCM software before version ...) + NOT-FOR-US: Intel +CVE-2023-31247 (A memory corruption vulnerability exists in the HTTP Server Host heade ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-31203 (Improper input validation in some OpenVINO Model Server software befor ...) + NOT-FOR-US: Intel +CVE-2023-29161 (Uncontrolled search path in some Intel(R) OFU software before version ...) + NOT-FOR-US: Intel +CVE-2023-29157 (Improper access control in some Intel(R) OFU software before version 1 ...) + NOT-FOR-US: Intel +CVE-2023-28377 (Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware ...) + NOT-FOR-US: Intel +CVE-2023-22327 (Out-of-bounds write in firmware for some Intel(R) FPGA products before ...) + NOT-FOR-US: Intel +CVE-2023-5528 (A security issue was discovered in Kubernetes where a user that can cr ...) + - kubernetes (Windows-specific) +CVE-2023-23583 (Sequence of processor instructions leads to unexpected behavior for so ...) + {DSA-5563-1 DLA-3690-1} + - intel-microcode 3.20231114.1 (bug #1055962) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20231114 + NOTE: https://lock.cmpxchg8b.com/reptar.html + NOTE: https://github.com/google/security-research/tree/master/pocs/cpus/reptar + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/redundant-prefix-issue.html +CVE-2023-6115 + REJECTED +CVE-2023-6109 (The YOP Poll plugin for WordPress is vulnerable to a race condition in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6107 + REJECTED +CVE-2023-6106 + REJECTED +CVE-2023-6092 + REJECTED +CVE-2023-6089 + REJECTED +CVE-2023-6088 + REJECTED +CVE-2023-6087 + REJECTED +CVE-2023-6086 + REJECTED +CVE-2023-6085 + REJECTED +CVE-2023-6083 + REJECTED +CVE-2023-6034 + REJECTED +CVE-2023-6010 + REJECTED +CVE-2023-6006 (This vulnerability potentially allows local attackers to escalate priv ...) + NOT-FOR-US: PaperCut NG +CVE-2023-5977 + REJECTED +CVE-2023-4603 (The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47697 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47696 (Unauth. Stored Cross-Site Scripting (XSS) vulnerabilityin Gravity Mast ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47695 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47690 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47684 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePun ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47680 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47673 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47665 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47662 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gold ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47657 (Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47629 (DataHub is an open-source metadata platform. In affected versions sign ...) + NOT-FOR-US: DataHub +CVE-2023-47628 (DataHub is an open-source metadata platform. DataHub Frontend's sessio ...) + NOT-FOR-US: DataHub +CVE-2023-47625 (PX4 autopilot is a flight control solution for drones. In affected ver ...) + NOT-FOR-US: PX4 autopilot +CVE-2023-47609 (SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 ...) + NOT-FOR-US: OSS Calendar +CVE-2023-47346 (Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2 ...) + NOT-FOR-US: free5GC +CVE-2023-47117 (Label Studio is an open source data labeling tool. In all current vers ...) + NOT-FOR-US: Label Studio +CVE-2023-46446 (An issue in AsyncSSH before 2.14.1 allows attackers to control the rem ...) + - python-asyncssh (bug #1055999) + [bookworm] - python-asyncssh (Minor issue) + [bullseye] - python-asyncssh (Minor issue) + [buster] - python-asyncssh (Minor issue) + NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-c35q-ffpf-5qpm + NOTE: https://terrapin-attack.com/ +CVE-2023-46445 (An issue in AsyncSSH before 2.14.1 allows attackers to control the ext ...) + - python-asyncssh (bug #1056000) + [bookworm] - python-asyncssh (Minor issue) + [bullseye] - python-asyncssh (Minor issue) + [buster] - python-asyncssh (Minor issue) + NOTE: https://github.com/ronf/asyncssh/security/advisories/GHSA-cfc2-wr2v-gxm5 +CVE-2023-46021 (SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46020 (Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46019 (Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects B ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46018 (SQL injection vulnerability in receiverReg.php in Code-Projects Blood ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46017 (SQL Injection vulnerability in receiverLogin.php in Code-Projects Bloo ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46016 (Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46015 (Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-46014 (SQL Injection vulnerability in hospitalLogin.php in Code-Projects Bloo ...) + NOT-FOR-US: Code-Projects Blood Bank +CVE-2023-45881 (GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resour ...) + NOT-FOR-US: GibbonEdu Gibbon +CVE-2023-45880 (GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via ...) + NOT-FOR-US: GibbonEdu Gibbon +CVE-2023-45879 (GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME el ...) + NOT-FOR-US: GibbonEdu Gibbon +CVE-2023-45878 (GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write ...) + NOT-FOR-US: GibbonEdu Gibbon +CVE-2023-45560 (An issue in Yasukawa memberscard v.13.6.1 allows attackers to send cra ...) + NOT-FOR-US: Yasukawa memberscard +CVE-2023-45558 (An issue in Golden v.13.6.1 allows attackers to send crafted notificat ...) + NOT-FOR-US: Golden +CVE-2023-43902 (Incorrect access control in the Forgot Your Password function of EMSig ...) + NOT-FOR-US: EMSigner +CVE-2023-43901 (Incorrect access control in the AdHoc User creation form of EMSigner v ...) + NOT-FOR-US: EMSigner +CVE-2023-43900 (Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow atta ...) + NOT-FOR-US: EMSigner +CVE-2023-42816 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) + NOT-FOR-US: Kyverno +CVE-2023-42815 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) + NOT-FOR-US: Kyverno +CVE-2023-42814 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) + NOT-FOR-US: Kyverno +CVE-2023-42813 (Kyverno is a policy engine designed for Kubernetes. A security vulnera ...) + NOT-FOR-US: Kyverno +CVE-2023-42480 (The unauthenticated attacker in NetWeaver AS Java Logon application - ...) + NOT-FOR-US: SAP +CVE-2023-42327 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...) + NOT-FOR-US: pfSense +CVE-2023-42326 (An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execut ...) + NOT-FOR-US: pfSense +CVE-2023-42325 (Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 al ...) + NOT-FOR-US: pfSense +CVE-2023-41366 (Under certain condition SAP NetWeaver Application Server ABAP - versio ...) + NOT-FOR-US: SAP +CVE-2023-31754 (Optimizely CMS UI before v12.16.0 was discovered to contain a cross-si ...) + NOT-FOR-US: Optimizely CMS UI +CVE-2023-31403 (SAP Business One installation - version 10.0, does not perform proper ...) + NOT-FOR-US: SAP +CVE-2023-6104 + REJECTED +CVE-2023-6103 (A vulnerability has been found in Intelbras RX 1500 1.1.9 and classifi ...) + NOT-FOR-US: Intelbras +CVE-2023-6102 (A vulnerability, which was classified as problematic, was found in Mai ...) + NOT-FOR-US: Maiwei Safety Production Control Platform +CVE-2023-6101 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Maiwei Safety Production Control Platform +CVE-2023-6100 (A vulnerability classified as problematic was found in Maiwei Safety P ...) + NOT-FOR-US: Maiwei Safety Production Control Platform +CVE-2023-6099 (A vulnerability classified as critical has been found in Shenzhen Youk ...) + NOT-FOR-US: Shenzhen Youkate Industrial Facial Love Cloud Payment System +CVE-2023-6098 (An XSS vulnerability has been discovered in ICS Business Manager affec ...) + NOT-FOR-US: ICS Business Manager +CVE-2023-6097 (A SQL injection vulnerability has been found in ICS Business Manager, ...) + NOT-FOR-US: ICS Business Manager +CVE-2023-5999 + REJECTED +CVE-2023-48068 (DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vu ...) + NOT-FOR-US: DedeCMS +CVE-2023-48063 (An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerab ...) + NOT-FOR-US: dreamer_cms + NOT-FOR-US: Dreamer CMS +CVE-2023-48060 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-48058 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-47801 (An issue was discovered in Click Studios Passwordstate before 9811. Ex ...) + NOT-FOR-US: Click Studios Passwordstate +CVE-2023-47621 (Guest Entries is a php library which allows users to create, update & ...) + NOT-FOR-US: Guest Entries +CVE-2023-46092 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Web ...) + NOT-FOR-US: LionScripts.Com Webmaster Tools +CVE-2023-40335 (Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O'Connell Cl ...) + NOT-FOR-US: Jeremy O'Connell Cleverwise Daily Quotes +CVE-2023-39166 (Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Compo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35877 (Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32123 (Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 al ...) + NOT-FOR-US: WordPress plugin +CVE-2023-XXXX [tor TROVE-2023-006] + - tor 0.4.8.9-1 + [bookworm] - tor (Vulnerable code introduced with 0.4.8.1-alpha) + [bullseye] - tor (Vulnerable code introduced with 0.4.8.1-alpha) + [buster] - tor (Vulnerable code introduced with 0.4.8.1-alpha) + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog + NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/e62b8bce5a88f8fa38a62ab503df7f0eecfb1d22 (tor-0.4.8.9) + NOTE: Fixed by: https://gitlab.torproject.org/tpo/core/tor/-/commit/83aecca561e5c284a7279e1fc5784871abe5304b (tor-0.4.8.9) + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40883 (non public ATM) +CVE-2023-XXXX [tor TROVE-2023-004] + - tor 0.4.8.8-1 + [bookworm] - tor 0.4.7.16-1 + [bullseye] - tor (see DSA 5562) + [buster] - tor (see DLA 3685) + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/tor-0.4.8.9/ChangeLog + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/7aa496a2e057bb7c3cc284a04a1a4d2941c304f1 (tor-0.4.8.8) + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40874 (non public ATM) +CVE-2023-XXXX [RUSTSEC-2023-0070: Insufficient covariance check makes self_cell unsound] + - rust-self-cell 1.0.2-1 (bug #1055895) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0070.html + NOTE: https://github.com/Voultapher/self_cell/issues/49 +CVE-2023-5747 (Bashis, a Security Researcher at IPVM has found a flaw that allows for ...) + NOT-FOR-US: Hanwha Vision PNV-A6081R +CVE-2023-5741 (The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5037 + REJECTED +CVE-2023-4775 (The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47669 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Pro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47652 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47516 (Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Categ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47230 (Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47163 (Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence ...) + NOT-FOR-US: Remarshal +CVE-2023-46638 (Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46636 (Cross-Site Request Forgery (CSRF) vulnerability in David St\xf6ckl Cus ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46634 (Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46629 (Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remov ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46625 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Man ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46620 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46619 (Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialW ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46618 (Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Serge ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46207 (Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Mot ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46201 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41239 (Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38515 (Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38364 (IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2023-38363 (IBM CICS TX Advanced 10.1 does not set the secure attribute on authori ...) + NOT-FOR-US: IBM +CVE-2023-37978 (Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35041 (Cross-Site Request Forgery (CSRF) vulnerability leading to Local File ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34384 (Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34378 (Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34013 (Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Po ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33207 (Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielog\xf ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32588 (Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Pos ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32583 (Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6084 (A vulnerability was found in Tongda OA 2017 up to 11.9 and classified ...) + NOT-FOR-US: Tongda OA +CVE-2023-47037 (We failed to applyCVE-2023-40611 in 2.7.1 and this vulnerability was m ...) + - airflow (bug #819700) +CVE-2023-5959 (A vulnerability, which was classified as problematic, was found in Bei ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform V31R02B10-01 +CVE-2023-47390 (Headscale through 0.22.3 writes bearer tokens to info-level logs.) + NOT-FOR-US: Headscale +CVE-2023-43057 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) + NOT-FOR-US: IBM +CVE-2023-4804 (Anunauthorized user could access debug features in Quantum HD Unity pr ...) + NOT-FOR-US: Quantum HD Unity +CVE-2023-47122 (Gitsign is software for keyless Git signing using Sigstore. In version ...) + - gitsign (bug #1019518) +CVE-2023-46850 (Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined ...) + {DSA-5555-1} + - openvpn 2.6.7-1 (bug #1055805) + [bullseye] - openvpn (Vulnerable code not present) + [buster] - openvpn (Vulnerable code not present) + NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46850 + NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ + NOTE: Introduced by: https://github.com/OpenVPN/openvpn/commit/9a7b95fda56127df6de6fe7c60e08fb5b67a9919 (v2.6_beta1) + NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/57a5cd1e12f193927c9b7429f8778fec7e04c50a (v2.6.7) +CVE-2023-46849 (Using the --fragment option in certain configuration setups OpenVPN ve ...) + {DSA-5555-1} + - openvpn 2.6.7-1 (bug #1055805) + [bullseye] - openvpn (Vulnerable code not present) + [buster] - openvpn (Vulnerable code not present) + NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2023-46849 + NOTE: https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ + NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/1cfca659244e362f372d9843351257f456392a2f (v2.6.7) +CVE-2023-6076 (A vulnerability classified as problematic was found in PHPGurukul Rest ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6075 (A vulnerability classified as problematic has been found in PHPGurukul ...) + NOT-FOR-US: PHPGurukul +CVE-2023-6074 (A vulnerability was found in PHPGurukul Restaurant Table Booking Syste ...) + NOT-FOR-US: PHPGurukul +CVE-2023-4949 (An attacker with local access to a system (either through a disk or ex ...) + - grub (unimportant) + NOTE: https://xenbits.xenproject.org/xsa/advisory-443.html + NOTE: grub-legancy has not secure boot support. The CVE is specific for the src:grub + NOTE: issue "An attacker with local access to a system (either through a disk or external + NOTE: drive) can present a modified XFS partition to grub-legacy in such a way to exploit + NOTE: a memory corruption in grub's XFS file system implementation." +CVE-2023-47614 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47611 (A CWE-269: Improper Privilege Management vulnerability exists in Telit ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47164 (Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier all ...) + - hoteldruid 3.0.6-1 (bug #1055772) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-47129 (Statmic is a core Laravel content management system Composer package. ...) + NOT-FOR-US: Statmic +CVE-2023-47128 (Piccolo is an object-relational mapping and query builder which suppor ...) + NOT-FOR-US: Piccolo ORM (not the same as src:piccolo) +CVE-2023-47121 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2023-47120 (Discourse is an open source platform for community discussion. In vers ...) + NOT-FOR-US: Discourse +CVE-2023-47119 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2023-47108 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) + NOT-FOR-US: OpenTelemetry-Go Contrib +CVE-2023-46735 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony (Vulnerable code introduced later in v6.3.0) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-72x2-5c85-6wmr + NOTE: https://github.com/symfony/symfony/commit/8128c302430394f639e818a7103b3f6815d8d962 (v6.3.8) +CVE-2023-46734 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3664-1} + - symfony 5.4.31+dfsg-1 (bug #1055774) + [bookworm] - symfony 5.4.23+dfsg-1+deb12u1 + [bullseye] - symfony (Minor issue) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3 + NOTE: https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c (v4.4.51, v5.4.31, v6.3.8) +CVE-2023-46733 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony 5.4.31+dfsg-1 (bug #1055775) + [bookworm] - symfony 5.4.23+dfsg-1+deb12u1 + [bullseye] - symfony (Vulnerable code introduced later) + [buster] - symfony (Vulnerable code introduced later) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-m2wj-r6g3-fxfx + NOTE: https://github.com/symfony/symfony/commit/dc356499d5ceb86f7cf2b4c7f032eca97061ed74 (v5.4.31, v6.3.8) +CVE-2023-46130 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2023-45816 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2023-45806 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2023-41285 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) + NOT-FOR-US: QNAP +CVE-2023-41284 (A SQL injection vulnerability has been reported to affect QuMagie. If ...) + NOT-FOR-US: QNAP +CVE-2023-39295 (An OS command injection vulnerability has been reported to affect QuMa ...) + NOT-FOR-US: QNAP +CVE-2023-36027 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-5870 (A flaw was found in PostgreSQL involving the pg_cancel_backend role th ...) + {DSA-5554-1 DSA-5553-1 DLA-3651-1} + - postgresql-16 16.1-1 + - postgresql-15 (bug #1056283) + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/support/security/CVE-2023-5870/ + NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ +CVE-2023-5869 (A flaw was found in PostgreSQL that allows authenticated database user ...) + {DSA-5554-1 DSA-5553-1 DLA-3651-1} + - postgresql-16 16.1-1 + - postgresql-15 (bug #1056283) + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/support/security/CVE-2023-5869/ + NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ +CVE-2023-5868 (A memory disclosure vulnerability was found in PostgreSQL that allows ...) + {DSA-5554-1 DSA-5553-1 DLA-3651-1} + - postgresql-16 16.1-1 + - postgresql-15 (bug #1056283) + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/support/security/CVE-2023-5868/ + NOTE: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ +CVE-2023-6073 (Attacker can perform a Denial of Service attack to crash the ICAS 3 IV ...) + NOT-FOR-US: Volkswagen +CVE-2023-6069 (Improper Link Resolution Before File Access in GitHub repository froxl ...) + - froxlor (bug #581792) +CVE-2023-5954 (HashiCorp Vault and Vault Enterprise inbound client requests triggerin ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-4379 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-47800 (Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default pass ...) + NOT-FOR-US: Natus NeuroWorks and SleepWorks +CVE-2023-47246 (In SysAid On-Premise before 23.3.36, a path traversal vulnerability le ...) + NOT-FOR-US: SysAid +CVE-2023-46729 (sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized ...) + NOT-FOR-US: sentry-javascript +CVE-2023-45167 (IBM AIX's 7.3 Python implementation could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2023-39796 (SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 ...) + NOT-FOR-US: WBCE CMS +CVE-2023-36024 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36014 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-34031 (Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34025 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34024 (Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32794 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32745 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32744 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32739 (Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32602 (Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NO ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32594 (Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32592 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edwa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32587 (Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32579 (Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32512 (Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPix ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32502 (Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32501 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32500 (Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - M ...) + NOT-FOR-US: WordPress Theme +CVE-2023-32125 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32093 (Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Red ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32092 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) + NOT-FOR-US: WordPress plugin +CVE-2023-6054 (A vulnerability, which was classified as critical, was found in Tongda ...) + NOT-FOR-US: Tongda OA +CVE-2023-6053 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: Tongda OA +CVE-2023-6052 (A vulnerability classified as critical has been found in Tongda OA 201 ...) + NOT-FOR-US: Tongda OA +CVE-2023-6039 (A use-after-free flaw was found in lan78xx_disconnect in drivers/net/u ...) + - linux 6.4.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3 (6.5-rc5) +CVE-2023-4612 (Improper Authentication vulnerability in Apereo CAS injakarta.servlet. ...) + NOT-FOR-US: Apereo CAS +CVE-2023-4218 (In Eclipse IDE versions < 2023-09 (4.29) some files with xml content a ...) + - eclipse +CVE-2023-47616 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47615 (A CWE-526: Exposure of Sensitive Information Through Environmental Var ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47612 (A CWE-552: Files or Directories Accessible to External Parties vulnera ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47610 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47373 (The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allow ...) + NOT-FOR-US: DRAGON FAMILY Line +CVE-2023-47372 (The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6. ...) + NOT-FOR-US: UPDATESALON C-LOUNGE Line +CVE-2023-47370 (The leakage of channel access token in bluetrick Line 13.6.1 allows re ...) + NOT-FOR-US: bluetrick Line +CVE-2023-47369 (The leakage of channel access token in best_training_member Line 13.6. ...) + NOT-FOR-US: best_training_member Line +CVE-2023-47368 (The leakage of channel access token in taketorinoyu Line 13.6.1 allows ...) + NOT-FOR-US: taketorinoyu Line +CVE-2023-47367 (The leakage of channel access token in platinum clinic Line 13.6.1 all ...) + NOT-FOR-US: platinum clinic Line +CVE-2023-47366 (The leakage of channel access token in craft_members Line 13.6.1 allow ...) + NOT-FOR-US: craft_members Line +CVE-2023-47365 (The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 ...) + NOT-FOR-US: Lil.OFF-PRICE STORE Line +CVE-2023-47364 (The leakage of channel access token in nagaoka taxi Line 13.6.1 allows ...) + NOT-FOR-US: nagaoka taxi Line +CVE-2023-47363 (The leakage of channel access token in F.B.P members Line 13.6.1 allow ...) + NOT-FOR-US: F.B.P members Line +CVE-2023-47238 (Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 \ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47237 (Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47110 (blockreassurance adds an information block aimed at offering helpful i ...) + NOT-FOR-US: blockreassurance +CVE-2023-46894 (An issue discovered in esptool 4.6.2 allows attackers to view sensitiv ...) + NOTE: Bogus issue reported for esptool, also see + NOTE: https://github.com/espressif/esptool/issues/926 + NOTE: Old revisions of one of the supported chipsets were using AES ECB for secure + NOTE: boot and flash encryption, but newer ones have switched to newer cryptographic + NOTE: algorithms. esptool keeps support for the older algorithms, in order to keep + NOTE: the ability to work with older revisions of the hardware. +CVE-2023-46743 (application-collabora is an integration of Collabora Online in XWiki. ...) + NOT-FOR-US: XWiki +CVE-2023-46614 (Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Hel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45885 (Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct ...) + NOT-FOR-US: NASA Open MCT (aka openmct) +CVE-2023-45884 (Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka ...) + NOT-FOR-US: NASA Open MCT (aka openmct) +CVE-2023-43791 (Label Studio is a multi-type data labeling and annotation tool with st ...) + NOT-FOR-US: HumanSignal Label Studio +CVE-2023-41138 (The AppsAnywhere macOS client-privileged helper can be tricked into ex ...) + NOT-FOR-US: AppsAnywhere macOS client-privileged helper +CVE-2023-41137 (Symmetric encryption used to protect messages between the AppsAnywhere ...) + NOT-FOR-US: AppsAnywhere +CVE-2023-40055 (The Network Configuration Manager was susceptible to a Directory Trave ...) + NOT-FOR-US: SolarWinds +CVE-2023-40054 (The Network Configuration Manager was susceptible to a Directory Trave ...) + NOT-FOR-US: SolarWinds +CVE-2023-39198 (A race condition was found in the QXL driver in the Linux kernel. The ...) + - linux 6.4.13-1 + [bookworm] - linux 6.1.52-1 + NOTE: https://git.kernel.org/linus/c611589b4259ed63b9b77be6872b1ce07ec0ac16 (6.5-rc7) +CVE-2023-39197 + - linux 6.4.4-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30 (6.5-rc1) +CVE-2023-36688 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34386 (Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34371 (Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo Spa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34182 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Passw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34181 (Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34178 (Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Gro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34177 (Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagstr\xf6m W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34171 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Repor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34169 (Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34033 (Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagina ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34002 (Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manage ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46857 (Squidex before 7.9.0 allows XSS via an SVG document to the Upload Asse ...) + NOT-FOR-US: Squidex +CVE-2023-5079 (Lenovo LeCloud App improper input validation allows attackers to acces ...) + NOT-FOR-US: Lenovo +CVE-2023-5078 (A vulnerability was reported in some ThinkPad BIOS that could allow a ...) + NOT-FOR-US: Lenovo +CVE-2023-5075 (A buffer overflow was reported in the FmpSipoCapsuleDriver driver in t ...) + NOT-FOR-US: Lenovo +CVE-2023-4891 (A potential use-after-free vulnerability was reported in the Lenovo Vi ...) + NOT-FOR-US: Lenovo +CVE-2023-4706 (A privilege escalation vulnerability was reported in Lenovo preloaded ...) + NOT-FOR-US: Lenovo +CVE-2023-4632 (An uncontrolled search path vulnerability was reported in Lenovo Syste ...) + NOT-FOR-US: Lenovo +CVE-2023-4249 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) + NOT-FOR-US: Zavio +CVE-2023-47613 (A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinter ...) + NOT-FOR-US: Telit Cinterion +CVE-2023-47489 (An issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to ex ...) + NOT-FOR-US: Combodo iTop +CVE-2023-47488 (Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 all ...) + NOT-FOR-US: Combodo iTop +CVE-2023-47114 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-47113 (BleachBit cleans files to free disk space and to maintain privacy. Ble ...) + NOT-FOR-US: BleachBit +CVE-2023-47111 (ZITADEL provides identity infrastructure. ZITADEL provides administrat ...) + NOT-FOR-US: ZITADEL +CVE-2023-47109 (PrestaShop blockreassurance adds an information block aimed at offerin ...) + NOT-FOR-US: PrestaShop blockreassurance +CVE-2023-47008 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker ...) + NOT-FOR-US: ASUS +CVE-2023-47007 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker ...) + NOT-FOR-US: ASUS +CVE-2023-47006 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker ...) + NOT-FOR-US: ASUS +CVE-2023-47005 (An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker ...) + NOT-FOR-US: ASUS +CVE-2023-46492 (Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a ...) + NOT-FOR-US: MLDB.ai +CVE-2023-46363 (jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in ...) + - jbig2enc + NOTE: https://github.com/agl/jbig2enc/issues/85 +CVE-2023-46362 (jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbi ...) + - jbig2enc + NOTE: https://github.com/agl/jbig2enc/issues/84 +CVE-2023-45875 (An issue was discovered in Couchbase Server 7.2.0. There is a private ...) + NOT-FOR-US: Couchbase Server +CVE-2023-45857 (An issue discovered in Axios 1.5.1 inadvertently reveals the confident ...) + - node-axios 1.6.2+dfsg-1 (bug #1056099) + [bookworm] - node-axios (Minor issue) + [bullseye] - node-axios (Minor issue) + [buster] - node-axios (Minor issue) + NOTE: https://github.com/axios/axios/issues/6006 + NOTE: https://github.com/axios/axios/commit/96ee232bd3ee4de2e657333d4d2191cd389e14d0 (v1.6.0) +CVE-2023-45225 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) + NOT-FOR-US: Zavio +CVE-2023-45079 (A memory leakage vulnerability was reported in the NvmramSmm SMM drive ...) + NOT-FOR-US: Lenovo +CVE-2023-45078 (A memory leakage vulnerability was reported in the DustFilterAlertSmm ...) + NOT-FOR-US: Lenovo +CVE-2023-45077 (A memory leakage vulnerability was reported in the 534D0740 DXE driver ...) + NOT-FOR-US: Lenovo +CVE-2023-45076 (A memory leakage vulnerability was reported in the 534D0140 DXE driver ...) + NOT-FOR-US: Lenovo +CVE-2023-45075 (A memory leakage vulnerability was reported in the SWSMI_Shadow DXE dr ...) + NOT-FOR-US: Lenovo +CVE-2023-43755 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) + NOT-FOR-US: Zavio +CVE-2023-43581 (A buffer overflow was reported in the Update_WMI module in some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2023-43580 (A buffer overflow was reported in the SmuV11DxeVMR module in some Leno ...) + NOT-FOR-US: Lenovo +CVE-2023-43579 (A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2023-43578 (A buffer overflow was reported in the SmiFlash module in some Lenovo D ...) + NOT-FOR-US: Lenovo +CVE-2023-43577 (A buffer overflow was reported in the ReFlash module in some Lenovo De ...) + NOT-FOR-US: Lenovo +CVE-2023-43576 (A buffer overflow was reported in the WMISwSmi module in some Lenovo D ...) + NOT-FOR-US: Lenovo +CVE-2023-43575 (A buffer overflow was reported in the UltraFunctionTable module in som ...) + NOT-FOR-US: Lenovo +CVE-2023-43574 (A buffer over-read was reported in the LEMALLDriversConnectedEventHook ...) + NOT-FOR-US: Lenovo +CVE-2023-43573 (A buffer overflow was reported in the LEMALLDriversConnectedEventHook ...) + NOT-FOR-US: Lenovo +CVE-2023-43572 (A buffer over-read was reported in the BiosExtensionLoader module in s ...) + NOT-FOR-US: Lenovo +CVE-2023-43571 (A buffer overflow was reported in the BiosExtensionLoader module in so ...) + NOT-FOR-US: Lenovo +CVE-2023-43570 (A potential vulnerability was reported in the SMI callback function of ...) + NOT-FOR-US: Lenovo +CVE-2023-43569 (A buffer overflow was reported in the OemSmi module in some Lenovo Des ...) + NOT-FOR-US: Lenovo +CVE-2023-43568 (A buffer over-read was reported in the LemSecureBootForceKey module in ...) + NOT-FOR-US: Lenovo +CVE-2023-43567 (A buffer overflow was reported in the LemSecureBootForceKey module in ...) + NOT-FOR-US: Lenovo +CVE-2023-3959 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) + NOT-FOR-US: Zavio +CVE-2023-39435 (Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, ...) + NOT-FOR-US: Zavio +CVE-2023-37790 (Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an ...) + NOT-FOR-US: Jaspersoft Clarity PPM +CVE-2023-37533 (HCL Connections is vulnerable to reflected cross-site scripting (XSS) ...) + NOT-FOR-US: HCL +CVE-2023-36667 (Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Dire ...) + NOT-FOR-US: Couchbase Server +CVE-2023-6012 (An improper input validation vulnerability has been found in Lanaccess ...) + NOT-FOR-US: Lanaccess ONSAFE MonitorHM +CVE-2023-5978 (In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain ...) + NOT-FOR-US: FreeBSD (cap_net libcasper service) +CVE-2023-5941 (In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeB ...) + NOT-FOR-US: FreeBSD +CVE-2023-5913 (Incorrect Privilege Assignment vulnerability in opentext Fortify ScanC ...) + NOT-FOR-US: Microfocus opentext +CVE-2023-5760 (A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (inpu ...) + NOT-FOR-US: Norton +CVE-2023-5759 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + NOT-FOR-US: Helix Core +CVE-2023-5136 (An incorrect permission assignment in the TopoGrafix DataPlugin for GP ...) + NOT-FOR-US: opoGrafix DataPlugin for GPX +CVE-2023-47397 (WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestran ...) + NOT-FOR-US: WeBid +CVE-2023-47379 (Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Script ...) + NOT-FOR-US: microweber +CVE-2023-47231 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47229 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47227 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47226 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47223 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47190 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47181 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47107 (PILOS is an open source front-end for BigBlueButton servers with a bui ...) + NOT-FOR-US: PILOS +CVE-2023-46774 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2023-46772 (Vulnerability of parameters being out of the value range in the QMI se ...) + NOT-FOR-US: Huawei +CVE-2023-46771 (Security vulnerability in the face unlock module. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2023-46767 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-46766 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-46765 (Vulnerability of uncaught exceptions in the NFC module. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2023-46764 (Unauthorized startup vulnerability of background apps. Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-46763 (Vulnerability of background app permission management in the framework ...) + NOT-FOR-US: Huawei +CVE-2023-46762 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-46761 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-46760 (Out-of-bounds write vulnerability in the kernel driver module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-46759 (Permission control vulnerability in the call module. Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2023-46758 (Permission management vulnerability in the multi-screen interaction mo ...) + NOT-FOR-US: Huawei +CVE-2023-46757 (The remote PIN module has a vulnerability that causes incorrect inform ...) + NOT-FOR-US: Huawei +CVE-2023-46756 (Permission control vulnerability in the window management module. Succ ...) + NOT-FOR-US: Huawei +CVE-2023-46755 (Vulnerability of input parameters being not strictly verified in the i ...) + NOT-FOR-US: Huawei +CVE-2023-46643 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46642 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46626 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46621 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Baj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46613 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45849 (An arbitrary code execution which results in privilege escalation was ...) + NOT-FOR-US: Helix Core +CVE-2023-45319 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + NOT-FOR-US: Helix Core +CVE-2023-45140 (The Bastion provides authentication, authorization, traceability and a ...) + NOT-FOR-US: Bastion +CVE-2023-44098 (Vulnerability of missing encryption in the card management module. Suc ...) + NOT-FOR-US: Huawei +CVE-2023-3282 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-39913 (Deserialization of Untrusted Data, Improper Input Validation vulnerabi ...) + NOT-FOR-US: Apache UIMA +CVE-2023-35767 (In Helix Core versions prior to 2023.2, an unauthenticated remote Deni ...) + NOT-FOR-US: Helix Core +CVE-2023-32298 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Da ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48613 (Race condition vulnerability in the kernel module. Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2023-47248 (Deserialization of untrusted data in IPC and Parquet readers in PyArro ...) + - apache-arrow (bug #970021) +CVE-2023-40114 + NOT-FOR-US: Android +CVE-2023-40111 + NOT-FOR-US: Android +CVE-2023-40110 + NOT-FOR-US: Android +CVE-2023-40109 + NOT-FOR-US: Android +CVE-2023-40107 + NOT-FOR-US: Android +CVE-2023-40106 + NOT-FOR-US: Android +CVE-2023-40105 + NOT-FOR-US: Android +CVE-2023-40124 + NOT-FOR-US: Android +CVE-2023-40115 + NOT-FOR-US: Android +CVE-2023-40100 + NOT-FOR-US: Android +CVE-2023-40104 + NOT-FOR-US: Android +CVE-2023-40113 + NOT-FOR-US: Android +CVE-2023-40112 + NOT-FOR-US: Android +CVE-2023-6002 (YugabyteDB is vulnerable to cross site scripting (XSS) via log injecti ...) + NOT-FOR-US: YugabyteDB +CVE-2023-6001 (Prometheus metrics are available without authentication. These expose ...) + NOT-FOR-US: YugabyteDB +CVE-2023-5982 (The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5801 (Vulnerability of identity verification being bypassed in the face unlo ...) + NOT-FOR-US: Huawei +CVE-2023-46800 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46799 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46798 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46797 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46796 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46795 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46794 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46793 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46792 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46790 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46789 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46788 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46787 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46786 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46785 (Online Matrimonial Project v1.0 is vulnerable to multiple Unauthentica ...) + NOT-FOR-US: Online Matrimonial Project +CVE-2023-46770 (Out-of-bounds vulnerability in the sensor module. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2023-46769 (Use-After-Free (UAF) vulnerability in the dubai module. Successful ex ...) + NOT-FOR-US: Huawei +CVE-2023-46768 (Multi-thread vulnerability in the idmap module. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2023-46680 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + NOT-FOR-US: Online Job Portal +CVE-2023-46679 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + NOT-FOR-US: Online Job Portal +CVE-2023-46678 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + NOT-FOR-US: Online Job Portal +CVE-2023-46677 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + NOT-FOR-US: Online Job Portal +CVE-2023-46676 (Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL I ...) + NOT-FOR-US: Online Job Portal +CVE-2023-46483 (Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an at ...) + NOT-FOR-US: timetec AWDMS +CVE-2023-46001 (Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g2013208 ...) + - gpac (bug #1056282) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2629 + NOTE: https://github.com/gpac/gpac/commit/e79b0cf7e72404750630bc01340e999f3940dbc4 +CVE-2023-45380 (In the module "Order Duplicator " Clone and Delete Existing Order" (or ...) + NOT-FOR-US: PrestaShop addon +CVE-2023-44115 (Vulnerability of improper permission control in the Booster module. Im ...) + NOT-FOR-US: Huawei +CVE-2023-43984 (Insecure permissions in Smart Soft advancedexport before v4.4.7 allow ...) + NOT-FOR-US: Smart Soft advancedexport +CVE-2023-42361 (Local File Inclusion vulnerability in Midori-global Better PDF Exporte ...) + NOT-FOR-US: Midori-global Better PDF Exporter for Jira Server +CVE-2023-41270 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + NOT-FOR-US: Samsung +CVE-2023-41112 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + NOT-FOR-US: Samsung +CVE-2023-41111 (An issue was discovered in Samsung Mobile Processor, Wearable Processo ...) + NOT-FOR-US: Samsung +CVE-2023-45284 (On Windows, The IsLocal function does not correctly detect reserved de ...) + - golang-1.21 1.21.4-1 (unimportant) + - golang-1.20 1.20.11-1 (unimportant) + - golang-1.19 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) + NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY + NOTE: https://github.com/golang/go/issues/63713 + NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) + NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) + NOTE: No security impact for Debian packages, only affects code running on Windows +CVE-2023-45283 (The filepath package does not recognize paths with a \??\ prefix as sp ...) + - golang-1.21 1.21.5-1 (unimportant) + - golang-1.20 1.20.12-1 (unimportant) + - golang-1.19 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) + NOTE: https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY + NOTE: https://github.com/golang/go/issues/63713 + NOTE: https://github.com/golang/go/commit/9e933c189ca3a84f12995b3c799364a06abc4376 (go1.21.4) + NOTE: https://github.com/golang/go/commit/46fb78168596f7ce8834f528bb0eb9555c08bcae (go1.20.11) + NOTE: Requires a followup: https://www.openwall.com/lists/oss-security/2023/12/05/2 + NOTE: https://go.dev/issue/64028 + NOTE: https://github.com/golang/go/commit/8caf4bb3e78d0bc2d5598645b89ed8f0e9bd68f2 (go1.21.5) + NOTE: https://github.com/golang/go/commit/1b59b017db1ac4a63ed08173c00d7f08d47530be (go1.20.12) + NOTE: No security impact for Debian packages, only affects code running on Windows +CVE-2023-5998 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.) + - gpac (bug #1056282) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.com/bounties/ea02a231-b688-422b-a881-ef415bcf6113 + NOTE: https://github.com/gpac/gpac/commit/db74835944548fc3bdf03121b0e012373bdebb3e +CVE-2023-5996 (Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 al ...) + {DSA-5551-1} + - chromium 119.0.6045.123-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5975 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5819 (The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5818 (The Amazonify plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5743 (The Telephone Number Linker plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5709 (The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injecti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5703 (The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5669 (The Featured Image Caption plugin for WordPress is vulnerable to Store ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5661 (The Social Feed plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5660 (The SendPress Newsletters plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5659 (The Interact: Embed A Quiz On Your Site plugin for WordPress is vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5658 (The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5577 (The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5567 (The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5532 (The ImageMapper plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5507 (The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5506 (The ImageMapper plugin for WordPress is vulnerable to unauthorized los ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5309 (Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5contain a fl ...) + NOT-FOR-US: Puppet Enterprise +CVE-2023-5179 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2023-4888 (The Simple Like Page Plugin plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4842 (The Social Sharing Plugin - Social Warfare plugin for WordPress is vul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4295 (A local non-privileged user can make improper GPU memory processing op ...) + NOT-FOR-US: Arm +CVE-2023-4272 (A local non-privileged user can make GPU processing operations that ex ...) + NOT-FOR-US: Arm +CVE-2023-47510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSoluti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47456 (Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in funct ...) + NOT-FOR-US: Tenda +CVE-2023-47455 (Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSch ...) + NOT-FOR-US: Tenda +CVE-2023-46744 (Squidex is an open source headless CMS and content management hub. In ...) + NOT-FOR-US: Squidex +CVE-2023-46737 (Cosign is a sigstore signing tool for OCI containers. Cosign is suscep ...) + NOT-FOR-US: Cosign +CVE-2023-46730 (Group-Office is an enterprise CRM and groupware tool. In affected vers ...) + NOT-FOR-US: Group-Office CRM +CVE-2023-46501 (An issue in BoltWire v.6.03 allows a remote attacker to obtain sensiti ...) + NOT-FOR-US: BoltWire +CVE-2023-46253 (Squidex is an open source headless CMS and content management hub. Aff ...) + NOT-FOR-US: Squidex +CVE-2023-46252 (Squidex is an open source headless CMS and content management hub. Aff ...) + NOT-FOR-US: Squidex +CVE-2023-46244 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-46243 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-46242 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-42659 (In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted fi ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-41798 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41425 (Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 ...) + NOT-FOR-US: Wonder CMS +CVE-2023-3889 (A local non-privileged user can make improper GPU memory processing op ...) + NOT-FOR-US: Arm +CVE-2023-37835 + REJECTED +CVE-2023-36527 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33481 (RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection att ...) + NOT-FOR-US: RemoteClinic +CVE-2023-33480 (RemoteClinic 2.0 contains a critical vulnerability chain that can be e ...) + NOT-FOR-US: RemoteClinic +CVE-2023-33479 (RemoteClinic version 2.0 contains a SQL injection vulnerability in the ...) + NOT-FOR-US: RemoteClinic +CVE-2023-33478 (RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter ...) + NOT-FOR-US: RemoteClinic +CVE-2023-32966 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab Jazz Popups ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4431 (A vulnerability classified as problematic has been found in msyk FMDat ...) + NOT-FOR-US: msyk FMDataAPI +CVE-2023-46851 (Allura Discussion and Allura Forum importing does not restrict URL val ...) + NOT-FOR-US: Apache Allura +CVE-2023-46819 (Missing Authentication in Apache Software Foundation Apache OFBiz when ...) + NOT-FOR-US: Apache OFBiz +CVE-2023-5976 (Improper Access Control in GitHub repository microweber/microweber pri ...) + NOT-FOR-US: microweber +CVE-2023-5605 (The URL Shortify WordPress plugin before 1.7.9.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5601 (The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5530 (The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5454 (The Templately WordPress plugin before 2.2.6 does not properly authori ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5355 (The Awesome Support WordPress plugin before 6.1.5 does not sanitize fi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5354 (The Awesome Support WordPress plugin before 6.1.5 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5352 (The Awesome Support WordPress plugin before 6.1.5 does not correctly a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5228 (The User Registration WordPress plugin before 3.0.4.2 does not sanitiz ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5181 (The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5082 (The History Log by click5 WordPress plugin before 1.0.13 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5076 (The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4930 (The Front End PM WordPress plugin before 11.4.3 does not block listing ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4858 (The Simple Table Manager WordPress plugin through 1.5.6 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4810 (The Responsive Pricing Table WordPress plugin before 5.1.8 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47102 (UrBackup Server 2.5.31 allows brute-force enumeration of user accounts ...) + NOT-FOR-US: UrBackup Server +CVE-2023-47004 (Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12 ...) + NOT-FOR-US: RedisGraph +CVE-2023-46998 (Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through ...) + - libjs-bootbox (bug #1055612) + [bookworm] - libjs-bootbox (Minor issue) + [bullseye] - libjs-bootbox (Minor issue) + [buster] - libjs-bootbox (Minor issue, reflected XSS) + NOTE: https://github.com/bootboxjs/bootbox/issues/661 +CVE-2023-46845 (EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, ...) + NOT-FOR-US: EC-CUBE +CVE-2023-45556 (Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows ...) + NOT-FOR-US: MyBB +CVE-2023-43886 (A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03 ...) + NOT-FOR-US: Tenda +CVE-2023-43885 (Missing error handling in the HTTP server component of Tenda RX9 Pro F ...) + NOT-FOR-US: Tenda +CVE-2023-42555 (Use of implicit intent for sensitive communication vulnerability in Ea ...) + NOT-FOR-US: Samsung +CVE-2023-42554 (Improper Authentication vulnerabiity in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-42553 (Improper authorization verification vulnerability in Samsung Email pri ...) + NOT-FOR-US: Samsung +CVE-2023-42552 (Implicit intent hijacking vulnerability in Firewall application prior ...) + NOT-FOR-US: Samsung +CVE-2023-42551 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42550 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42549 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42548 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42547 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42546 (Use of implicit intent for sensitive communication vulnerability in st ...) + NOT-FOR-US: Samsung +CVE-2023-42545 (Use of implicit intent for sensitive communication vulnerability in Ph ...) + NOT-FOR-US: Samsung +CVE-2023-42544 (Improper access control vulnerability in Quick Share prior to 13.5.52. ...) + NOT-FOR-US: Samsung +CVE-2023-42543 (Improper verification of intent by broadcast receiver vulnerability in ...) + NOT-FOR-US: Samsung +CVE-2023-42542 (Improper access control vulnerability in Samsung Push Service prior to ...) + NOT-FOR-US: Samsung +CVE-2023-42541 (Improper authorization in PushClientProvider of Samsung Push Service p ...) + NOT-FOR-US: Samsung +CVE-2023-42540 (Improper access control vulnerability in Samsung Account prior to vers ...) + NOT-FOR-US: Samsung +CVE-2023-42539 (PendingIntent hijacking vulnerability in ChallengeNotificationManager ...) + NOT-FOR-US: Samsung +CVE-2023-42538 (An improper input validation in saped_rec_silence in libsaped prior to ...) + NOT-FOR-US: Samsung +CVE-2023-42537 (An improper input validation in get_head_crc in libsaped prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-42536 (An improper input validation in saped_dec in libsaped prior to SMR Nov ...) + NOT-FOR-US: Samsung +CVE-2023-42535 (Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Releas ...) + NOT-FOR-US: Samsung +CVE-2023-42534 (Improper input validation vulnerability in ChooserActivity prior to SM ...) + NOT-FOR-US: Samsung +CVE-2023-42533 (Improper Input Validation with USB Gadget Interface prior to SMR Nov-2 ...) + NOT-FOR-US: Samsung +CVE-2023-42532 (Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Rel ...) + NOT-FOR-US: Samsung +CVE-2023-42531 (Improper access control vulnerability in SmsController prior to SMR No ...) + NOT-FOR-US: Samsung +CVE-2023-42530 (Improper access control vulnerability in SecSettings prior to SMR Nov- ...) + NOT-FOR-US: Samsung +CVE-2023-42529 (Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 R ...) + NOT-FOR-US: Samsung +CVE-2023-42528 (Improper Input Validation vulnerability in ProcessNvBuffering of libse ...) + NOT-FOR-US: Samsung +CVE-2023-42527 (Improper input validation vulnerability in ProcessWriteFile of libsec- ...) + NOT-FOR-US: Samsung +CVE-2023-42284 (Blind SQL injection in api_version parameter in Tyk Gateway version 5. ...) + NOT-FOR-US: Tyk Gateway +CVE-2023-42283 (Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 a ...) + NOT-FOR-US: Tyk Gateway +CVE-2023-41723 (A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Onl ...) + NOT-FOR-US: Veeam +CVE-2023-38549 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) + NOT-FOR-US: Veeam +CVE-2023-38548 (A vulnerability in Veeam ONE allows an unprivileged user who has acces ...) + NOT-FOR-US: Veeam +CVE-2023-38547 (A vulnerability in Veeam ONE allows an unauthenticated user to gain in ...) + NOT-FOR-US: Veeam +CVE-2023-36769 (Microsoft OneNote Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36409 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35140 (The improper privilege management vulnerability in the Zyxel GS1900-24 ...) + NOT-FOR-US: Zyxel +CVE-2023-33074 (Memory corruption in Audio when SSR event is triggered after music pla ...) + NOT-FOR-US: Qualcomm +CVE-2023-33061 (Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-resp ...) + NOT-FOR-US: Qualcomm +CVE-2023-33059 (Memory corruption in Audio while processing the VOC packet data from A ...) + NOT-FOR-US: Qualcomm +CVE-2023-33056 (Transient DOS in WLAN Firmware when firmware receives beacon including ...) + NOT-FOR-US: Qualcomm +CVE-2023-33055 (Memory Corruption in Audio while invoking callback function in driver ...) + NOT-FOR-US: Qualcomm +CVE-2023-33048 (Transient DOS in WLAN Firmware while parsing t2lm buffers.) + NOT-FOR-US: Qualcomm +CVE-2023-33047 (Transient DOS in WLAN Firmware while parsing no-inherit IES.) + NOT-FOR-US: Qualcomm +CVE-2023-33045 (Memory corruption in WLAN Firmware while parsing a NAN management fram ...) + NOT-FOR-US: Qualcomm +CVE-2023-33031 (Memory corruption in Automotive Audio while copying data from ADSP sha ...) + NOT-FOR-US: Qualcomm +CVE-2019-25156 (A vulnerability classified as problematic was found in dstar2018 Agenc ...) + NOT-FOR-US: dstar2018 Agency +CVE-2023-5969 (Mattermost fails to properly sanitize the request to/api/v4/redirect_l ...) + - mattermost-server (bug #823556) +CVE-2023-5968 (Mattermost fails to properly sanitize the user object when updating th ...) + - mattermost-server (bug #823556) +CVE-2023-5967 (Mattermost fails to properly validate requests to the Calls plugin, al ...) + - mattermost-server (bug #823556) +CVE-2023-5964 (The 1E-Exchange-DisplayMessageinstruction that is part of the End-User ...) + NOT-FOR-US: 1E-Exchange-DisplayMessageinstruction +CVE-2023-5963 (An issue has been discovered in GitLab EE with Advanced Search affecti ...) + - gitlab (Specific to EE) +CVE-2023-5950 (Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2023-5823 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Googl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5777 (Weintek EasyBuilder Pro contains a vulnerability that, even when the p ...) + NOT-FOR-US: Weintek EasyBuilder Pro +CVE-2023-5771 (Proofpoint Enterprise Protection contains a stored XSS vulnerability i ...) + NOT-FOR-US: Proofpoint Enterprise Protection +CVE-2023-5719 (The Crimson 3.2 Windows-based configuration tool allows users with adm ...) + NOT-FOR-US: Crimson +CVE-2023-4996 (Netskope was made aware of a security vulnerability in its NSClient pr ...) + NOT-FOR-US: Netskope +CVE-2023-4535 (An out-of-bounds read vulnerability was found in OpenSC packages withi ...) + - opensc 0.23.0-2 (bug #1055520) + [bookworm] - opensc 0.23.0-0.3+deb12u1 + [bullseye] - opensc (vulnerable code introduced later) + [buster] - opensc (vulnerable code introduced later) + NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-4535 + NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/f1993dc4e0b33050b8f72a3558ee88b24c4063b2 (0.24.0-rc1) + NOTE: Introduced by: https://github.com/OpenSC/OpenSC/commit/c852236e8368b47b38d89b1b7fb2dbd78753e109 (0.23.0-rc1) +CVE-2023-47186 (Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47185 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Te ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47184 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47182 (Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2023-47177 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yaki ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46824 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46823 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46822 (Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46821 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46783 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46782 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46781 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46780 (Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <=1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46779 (Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46778 (Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46777 (Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46776 (Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46775 (Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46732 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-46731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-46254 (capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy ...) + NOT-FOR-US: capsule-proxy (reverse proxy for Capsule) +CVE-2023-46251 (MyBB is a free and open source forum software. Custom MyCode (BBCode) ...) + NOT-FOR-US: MyBB +CVE-2023-46084 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45827 (Dot diver is a lightweight, powerful, and dependency-free TypeScript u ...) + NOT-FOR-US: Dot diver +CVE-2023-45657 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45163 (The 1E-Exchange-CommandLinePing instruction that is part of the Networ ...) + NOT-FOR-US: 1E-Exchange-CommandLinePing +CVE-2023-45161 (The 1E-Exchange-URLResponseTime instruction that is part of the Networ ...) + NOT-FOR-US: 1E-Exchange-URLResponseTime +CVE-2023-45074 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45069 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45055 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45001 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44398 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...) + - exiv2 (Vulnerable code introduced in 0.28.0) + NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d8f82d5db1fed05a18aa0f84f1cc8899d011a18b (v0.28.1) + NOTE: Regression test: https://github.com/Exiv2/exiv2/commit/6ca8fcd9526ad509a64b71c818b7ddc099b54583 +CVE-2023-41685 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41378 (In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), a ...) + NOT-FOR-US: Calico Typha +CVE-2023-40661 (Several memory vulnerabilities were identified within the OpenSC packa ...) + {DLA-3668-1} + - opensc 0.23.0-2 (bug #1055522) + [bookworm] - opensc 0.23.0-0.3+deb12u1 + [bullseye] - opensc (Minor issue) + NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 + NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40661 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2240913#c1 +CVE-2023-40660 (A flaw was found in OpenSC packages that allow a potential PIN bypass. ...) + {DLA-3668-1} + - opensc 0.23.0-2 (bug #1055521) + [bookworm] - opensc 0.23.0-0.3+deb12u1 + [bullseye] - opensc (Minor issue) + NOTE: https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 + NOTE: https://github.com/OpenSC/OpenSC/wiki/CVE-2023-40660 + NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 (0.24.0-rc1) +CVE-2023-40609 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39345 (strapi is an open-source headless CMS. Versions prior to 4.13.1 did no ...) + NOT-FOR-US: strapi +CVE-2023-35911 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4699 (Insufficient Verification of Data Authenticity vulnerability in Mitsub ...) + NOT-FOR-US: Mitsubishi +CVE-2023-4625 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) + NOT-FOR-US: Mitsubishi +CVE-2023-47271 (PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, ...) + NOT-FOR-US: PKP-WAL (aka PKP Web Application Library or pkp-lib) +CVE-2023-47253 (Qualitor through 8.20 allows remote attackers to execute arbitrary cod ...) + NOT-FOR-US: Qualitor +CVE-2023-46802 (e-Tax software Version3.0.10 and earlier improperly restricts XML exte ...) + NOT-FOR-US: e-Tax software +CVE-2023-40207 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38407 (bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond ...) + - frr (bug #1055852) + NOTE: https://github.com/FRRouting/frr/pull/12951 + NOTE: https://github.com/FRRouting/frr/commit/7404a914b0cafe046703c8381903a80d3def8f8b (base_9.0) + NOTE: https://github.com/FRRouting/frr/pull/12956 + NOTE: https://github.com/FRRouting/frr/commit/ab362eae68edec12c175d9bc488bcc3f8b73d36f (frr-8.5) +CVE-2023-38406 (bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri ...) + - frr 8.4.4-1 + [bookworm] - frr 8.4.4-1.1~deb12u1 + NOTE: https://github.com/FRRouting/frr/pull/12884 + NOTE: https://github.com/FRRouting/frr/pull/12892 (backport for stable/8.4) + NOTE: https://github.com/FRRouting/frr/commit/8a4e6637fc0621e90daa4decb4ee887a0af8ee24 (frr-8.4.3) +CVE-2023-38382 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33924 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32840 (In modem CCCI, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: Mediatek +CVE-2023-32839 (In dpe, there is a possible out of bounds write due to a missing valid ...) + NOT-FOR-US: Mediatek +CVE-2023-32838 (In dpe, there is a possible out of bounds write due to a missing valid ...) + NOT-FOR-US: Mediatek +CVE-2023-32837 (In video, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: Mediatek +CVE-2023-32836 (In display, there is a possible out of bounds write due to an integer ...) + NOT-FOR-US: Mediatek +CVE-2023-32835 (In keyinstall, there is a possible memory corruption due to type confu ...) + NOT-FOR-US: Mediatek +CVE-2023-32834 (In secmem, there is a possible memory corruption due to type confusion ...) + NOT-FOR-US: Mediatek +CVE-2023-32832 (In video, there is a possible memory corruption due to a race conditio ...) + NOT-FOR-US: Mediatek +CVE-2023-32825 (In bluethooth service, there is a possible out of bounds reads due to ...) + NOT-FOR-US: Mediatek +CVE-2023-32818 (In vdec, there is a possible out of bounds write due to type confusion ...) + NOT-FOR-US: Mediatek +CVE-2021-4430 (A vulnerability classified as problematic has been found in Ortus Solu ...) + NOT-FOR-US: Ortus Solutions ColdBox Elixir +CVE-2018-25093 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...) + NOT-FOR-US: Vaerys-Dawn DiscordSailv2 +CVE-2018-25092 (A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. I ...) + NOT-FOR-US: Vaerys-Dawn DiscordSailv2 +CVE-2017-20187 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium ...) + NOT-FOR-US: Magnesium-PHP +CVE-2023-47260 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails ...) + - redmine (bug #1055474) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories +CVE-2023-47259 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile ...) + - redmine (bug #1055474) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories +CVE-2023-47258 (Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown ...) + - redmine (bug #1055474) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories +CVE-2023-47249 (In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayTy ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-46981 (SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote atta ...) + NOT-FOR-US: Novel-Plus +CVE-2023-46964 (Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation ...) + NOT-FOR-US: Hillstone Next Generation FireWall SG-6000-e3960 +CVE-2023-46963 (An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learni ...) + NOT-FOR-US: Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System +CVE-2023-46382 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) + NOT-FOR-US: LOYTEC electronics GmbH +CVE-2023-46381 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) + NOT-FOR-US: LOYTEC electronics GmbH +CVE-2023-46380 (LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LI ...) + NOT-FOR-US: LOYTEC electronics GmbH +CVE-2023-40922 (kerawen before v2.5.1 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: kerawen +CVE-2023-47272 (Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a C ...) + {DSA-5572-1 DLA-3683-1} + - roundcube 1.6.5+dfsg-1 (bug #1055421) + NOTE: https://github.com/roundcube/roundcubemail/commit/81ac3c342a4f288deb275590895b52ec3785cf8a (1.6.5) +CVE-2023-47235 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) + - frr (bug #1055852) + NOTE: https://github.com/FRRouting/frr/commit/6814f2e0138a6ea5e1f83bdd9085d9a77999900b +CVE-2023-47234 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) + - frr (bug #1055852) + NOTE: https://github.com/FRRouting/frr/commit/c37119df45bbf4ef713bc10475af2ee06e12f3bf +CVE-2023-47233 (The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf ...) + - linux + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216702 +CVE-2023-45189 (A vulnerability in IBM Robotic Process Automation and IBM Robotic Proc ...) + NOT-FOR-US: IBM +CVE-2023-40215 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38391 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36677 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35910 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32741 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5946 (The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5945 (The video carousel slider with lightbox plugin for WordPress is vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5707 (The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5088 (A bug in QEMU could cause a guest I/O operation otherwise addressed to ...) + - qemu 1:8.1.1+ds-2 + [bookworm] - qemu (Minor issue) + [bullseye] - qemu (Minor issue) + [buster] - qemu (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2247283 + NOTE: https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/ + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-09/msg01011.html +CVE-2023-4769 (A SSRF vulnerability has been found in ManageEngine Desktop Central af ...) + NOT-FOR-US: ManageEngine Desktop Central +CVE-2023-4768 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...) + NOT-FOR-US: ManageEngine Desktop Central +CVE-2023-4767 (A CRLF injection vulnerability has been found in ManageEngine Desktop ...) + NOT-FOR-US: ManageEngine Desktop Central +CVE-2023-4592 (A Cross-Site Scripting vulnerability has been detected in WPN-XM Serve ...) + NOT-FOR-US: WPN-XM Serverstack +CVE-2023-4591 (A local file inclusion vulnerability has been found in WPN-XM Serverst ...) + NOT-FOR-US: WPN-XM Serverstack +CVE-2023-4043 (In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from ...) + NOT-FOR-US: Eclipse Parsson +CVE-2023-46980 (An issue in Best Courier Management System v.1.0 allows a remote attac ...) + NOT-FOR-US: Best Courier Management System +CVE-2023-46947 (Subrion 4.2.1 has a remote command execution vulnerability in the back ...) + NOT-FOR-US: Subrion +CVE-2023-46404 (PCRS <= 3.11 (d0de1e) \u201cQuestions\u201d page and \u201cCode editor ...) + NOT-FOR-US: PCRS +CVE-2023-41726 (Ivanti Avalanche Incorrect Default Permissions allows Local Privilege ...) + NOT-FOR-US: Ivanti +CVE-2023-41725 (Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Loc ...) + NOT-FOR-US: Ivanti +CVE-2023-41652 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: David F. Carr RSVPMaker rsvpmaker +CVE-2023-3277 (The MStore API plugin for WordPress is vulnerable to Unauthorized Acco ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39301 (A server-side request forgery (SSRF) vulnerability has been reported t ...) + NOT-FOR-US: QNAP +CVE-2023-39299 (A path traversal vulnerability has been reported to affect Music Stati ...) + NOT-FOR-US: QNAP +CVE-2023-36529 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress theme +CVE-2023-34383 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: weDevs WP Project Manager wedevs-project-manager +CVE-2023-34179 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Groundhogg +CVE-2023-32508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32121 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5948 (Improper Authorization in GitHub repository teamamaze/amazefileutiliti ...) + NOT-FOR-US: amazefileutilities +CVE-2023-5763 (In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower t ...) + NOT-FOR-US: Eclipse Glassfish +CVE-2023-46958 (An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrar ...) + NOT-FOR-US: lmxcms +CVE-2023-46954 (SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1 ...) + NOT-FOR-US: Relativity ODA LLC RelativityOne +CVE-2023-46817 (An issue was discovered in phpFox before 4.8.14. The url request param ...) + NOT-FOR-US: phpFox +CVE-2023-46517 + REJECTED +CVE-2023-46352 (In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46176 (IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated ...) + NOT-FOR-US: IBM +CVE-2023-44271 (An issue was discovered in Pillow before 10.0.0. It is a Denial of Ser ...) + - pillow 10.0.0-1 + [bookworm] - pillow (Minor issue) + [bullseye] - pillow (Minor issue) + [buster] - pillow (Minor issue) + NOTE: https://github.com/python-pillow/Pillow/pull/7244 + NOTE: https://github.com/python-pillow/Pillow/commit/1fe1bb49c452b0318cad12ea9d97c3bef188e9a7 (10.0.0) +CVE-2023-43982 (Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovere ...) + NOT-FOR-US: Bon Presta boninstagramcarousel +CVE-2023-43194 (Submitty before v22.06.00 is vulnerable to Incorrect Access Control. A ...) + NOT-FOR-US: Submitty +CVE-2023-43018 (IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operatio ...) + NOT-FOR-US: IBM +CVE-2023-42299 (Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a ...) + - openimageio 2.4.13.0+dfsg-1 + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/issues/3840 + NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 + NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) +CVE-2023-42029 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...) + NOT-FOR-US: IBM +CVE-2023-42027 (IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multi ...) + NOT-FOR-US: IBM +CVE-2023-41357 (Galaxy Software Services Corporation Vitals ESP is an online knowledge ...) + NOT-FOR-US: Galaxy Software Services Corporation Vitals ESP +CVE-2023-41356 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...) + NOT-FOR-US: NCSIST ManageEngine Mobile Device Manager(MDM) APP +CVE-2023-41355 (Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q Firewall +CVE-2023-41354 (Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q Firewall +CVE-2023-41353 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password r ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q +CVE-2023-41352 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient fi ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q +CVE-2023-41351 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q +CVE-2023-41350 (Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient me ...) + NOT-FOR-US: Chunghwa Telecom NOKIA G-040W-Q +CVE-2023-41348 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) + NOT-FOR-US: ASUS +CVE-2023-41347 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) + NOT-FOR-US: ASUS +CVE-2023-41346 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) + NOT-FOR-US: ASUS +CVE-2023-41345 (ASUS RT-AX55\u2019s authentication-related function has a vulnerabilit ...) + NOT-FOR-US: ASUS +CVE-2023-41344 (NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function ...) + NOT-FOR-US: NCSIST ManageEngine Mobile Device Manager(MDM) APP +CVE-2023-41343 (Rogic No-Code Database Builder's file uploading function has insuffici ...) + NOT-FOR-US: Rogic No-Code Database Builder +CVE-2023-39284 (An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with k ...) + NOT-FOR-US: Insyde InsydeH2O +CVE-2023-39283 (An SMM memory corruption vulnerability in the SMM driver (SMRAM write) ...) + NOT-FOR-US: Insyde InsydeH2O +CVE-2023-39057 (An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to ...) + NOT-FOR-US: hirochanKAKIwaiting +CVE-2023-39054 (An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to ...) + NOT-FOR-US: Tokudaya.ekimae_mc +CVE-2023-39053 (An information leak in Hattoriya v13.6.1 allows attackers to obtain th ...) + NOT-FOR-US: Hattoriya +CVE-2023-39051 (An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 ...) + NOT-FOR-US: VISION MEAT WORKS Track Diner 10/10mbl +CVE-2023-39050 (An information leak in Daiky-value.Fukueten v13.6.1 allows attackers t ...) + NOT-FOR-US: Daiky-value.Fukueten +CVE-2023-39048 (An information leak in Tokudaya.honten v13.6.1 allows attackers to obt ...) + NOT-FOR-US: Tokudaya.honten +CVE-2023-39047 (An information leak in shouzu sweets oz v13.6.1 allows attackers to ob ...) + NOT-FOR-US: shouzu sweets oz +CVE-2023-39042 (An information leak in Gyouza-newhushimi v13.6.1 allows attackers to o ...) + NOT-FOR-US: Gyouza-newhushimi +CVE-2023-38965 (Lost and Found Information System 1.0 allows account takeover via user ...) + NOT-FOR-US: Lost and Found Information System +CVE-2023-36621 (An issue was discovered in the Boomerang Parental Control application ...) + NOT-FOR-US: Boomerang Parental Control +CVE-2023-36620 (An issue was discovered in the Boomerang Parental Control application ...) + NOT-FOR-US: Boomerang Parental Control +CVE-2023-36034 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36029 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36022 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35896 (IBM Content Navigator 3.0.13 is vulnerable to server-side request forg ...) + NOT-FOR-US: IBM +CVE-2023-34261 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identi ...) + NOT-FOR-US: Kyocera TASKalfa 4053ci printers +CVE-2023-34260 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a deni ...) + NOT-FOR-US: Kyocera TASKalfa 4053ci printers +CVE-2023-34259 (Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmde ...) + NOT-FOR-US: Kyocera TASKalfa 4053ci printers +CVE-2023-31579 (Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cry ...) + NOT-FOR-US: Dromara Lamp-Cloud +CVE-2023-5930 (A vulnerability was found in Campcodes Simple Student Information Syst ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5929 (A vulnerability was found in Campcodes Simple Student Information Syst ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5928 (A vulnerability was found in Campcodes Simple Student Information Syst ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5927 (A vulnerability has been found in Campcodes Simple Student Information ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5926 (A vulnerability, which was classified as critical, was found in Campco ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5925 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5924 (A vulnerability classified as critical was found in Campcodes Simple S ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5923 (A vulnerability classified as critical has been found in Campcodes Sim ...) + NOT-FOR-US: Campcodes Simple Student Information System +CVE-2023-5920 (Mattermost Desktop for MacOS fails to utilize the secure keyboard inpu ...) + NOT-FOR-US: Mattermost Desktop for MacOS +CVE-2023-5919 (A vulnerability was found in SourceCodester Company Website CMS 1.0 an ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2023-5918 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Visitor Management System +CVE-2023-5917 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: phpBB +CVE-2023-5916 (A vulnerability classified as critical has been found in Lissy93 Dashy ...) + NOT-FOR-US: Lissy93 Dashy +CVE-2023-5876 (Mattermost fails to properly validate a RegExp built off the server UR ...) + - mattermost-server (bug #823556) +CVE-2023-5875 (Mattermost Desktop fails to correctlyhandle permissions or prompt the ...) + NOT-FOR-US: Mattermost Desktop +CVE-2023-5860 (The Icons Font Loader plugin for WordPress is vulnerable to arbitrary ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5846 (Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulne ...) + NOT-FOR-US: Franklin Fueling System TS-550 +CVE-2023-5606 (The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5035 (A vulnerability has been identified in PT-G503 Series firmware version ...) + NOT-FOR-US: PT-G503 Series firmware +CVE-2023-4217 (A vulnerability has been identified in PT-G503 Series versions prior t ...) + NOT-FOR-US: Moxa PT-G503 Series +CVE-2023-46925 (Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Reportico +CVE-2023-46725 (FoodCoopShop is open source software for food coops and local shops. V ...) + NOT-FOR-US: FoodCoopShop +CVE-2023-46475 (A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 1 ...) + NOT-FOR-US: ZenTao +CVE-2023-45347 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45346 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45345 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45344 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45343 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45342 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45341 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45340 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45339 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45338 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45337 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45336 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45335 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45334 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45333 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45332 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45331 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45330 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45329 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45328 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45327 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45326 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45325 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45324 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-45323 (Online Food Ordering System v1.0 is vulnerable to multiple Unauthentic ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-43336 (Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and ...) + NOT-FOR-US: Sangoma FreePBX +CVE-2023-43193 (Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). ...) + NOT-FOR-US: Submitty +CVE-2023-43087 (Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper hand ...) + NOT-FOR-US: Dell +CVE-2023-43076 (Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-servi ...) + NOT-FOR-US: Dell +CVE-2023-42802 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rrh2-x4ch-pq3m +CVE-2023-47360 (Videolan VLC prior to version 3.0.20 contains an Integer underflow tha ...) + {DSA-5545-1 DLA-3679-1} + - vlc 3.0.20-1 + NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms + NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef +CVE-2023-47359 (Videolan VLC prior to version 3.0.20 contains an incorrect offset read ...) + {DSA-5545-1 DLA-3679-1} + - vlc 3.0.20-1 + NOTE: https://0xariana.github.io/blog/real_bugs/vlc/mms + NOTE: https://code.videolan.org/videolan/vlc/-/commit/27840cb5b20bc4651ba6af01d0a7ae6da17297ef +CVE-2023-5910 (A vulnerability was found in PopojiCMS 2.0.1 and classified as problem ...) + NOT-FOR-US: PopojiCMS +CVE-2023-47204 (Unsafe YAML deserialization in yaml.Loader in transmute-core before 1. ...) + NOT-FOR-US: transmute-core +CVE-2023-46595 (Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workf ...) + NOT-FOR-US: Fireflow +CVE-2023-46448 (Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Com ...) + NOT-FOR-US: dmpop Mejiro +CVE-2023-46428 (An arbitrary file upload vulnerability in HadSky v7.12.10 allows attac ...) + NOT-FOR-US: HadSky +CVE-2023-46327 (Multiple MFPs (multifunction printers) provided by FUJIFILM Business I ...) + NOT-FOR-US: FUJIFILM +CVE-2023-45203 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + NOT-FOR-US: Online Examination System +CVE-2023-45202 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + NOT-FOR-US: Online Examination System +CVE-2023-45201 (Online Examination System v1.0 is vulnerable to multiple Open Redirect ...) + NOT-FOR-US: Online Examination System +CVE-2023-45114 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45113 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45112 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45111 (Online Examination System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45019 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45018 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45017 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45016 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45015 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45014 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45013 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-45012 (Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticat ...) + NOT-FOR-US: Online Examination System +CVE-2023-44954 (Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a rem ...) + NOT-FOR-US: BigTree CMS +CVE-2023-44025 (SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and befo ...) + NOT-FOR-US: Addifyfreegifts +CVE-2023-39281 (A stack buffer overflow vulnerability discovered in AsfSecureBootDxe i ...) + NOT-FOR-US: Insyde InsydeH2O +CVE-2023-5849 (Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allow ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5847 (Under certain conditions, a low privileged attacker could load a speci ...) + NOT-FOR-US: Tenable +CVE-2023-5766 (A remote code execution vulnerability in Remote Desktop Manager 2023.2 ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-5765 (Improper access control in the password analyzer feature in Devolution ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-5627 (A vulnerability has been identified in NPort 6000 Series, making the a ...) + NOT-FOR-US: Moxa +CVE-2023-5358 (Improper access control in Report log filters feature in Devolutions S ...) + NOT-FOR-US: Devolutions +CVE-2023-4452 (A vulnerability has been identified in the EDR-810, EDR-G902, and EDR- ...) + NOT-FOR-US: Moxa +CVE-2023-46931 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) + - gpac (bug #1055298) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2664 + NOTE: https://github.com/gpac/gpac/commit/671976fccc971b3dff8d3dcf6ebd600472ca64bf +CVE-2023-46930 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) + - gpac (bug #1055298) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2666 + NOTE: https://github.com/gpac/gpac/commit/3809955065afa3da1ad580012ec43deadbb0f2c8 +CVE-2023-46928 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box i ...) + - gpac (bug #1055298) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2661 + NOTE: https://github.com/gpac/gpac/commit/0753bf6d867343a80a044bf47a27d0b7accc8bf1 +CVE-2023-46927 (GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow ...) + - gpac (bug #1055298) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2657 + NOTE: https://github.com/gpac/gpac/commit/a7b467b151d9b54badbc4dd71e7a366b7c391817 +CVE-2023-46911 (There is a Cross Site Scripting (XSS) vulnerability in the choose_styl ...) + NOT-FOR-US: Jspxcms +CVE-2023-46482 (SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attack ...) + NOT-FOR-US: wuzhicms +CVE-2023-42750 (In gnss service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2023-42655 (In sim service, there is a possible way to write permission usage reco ...) + NOT-FOR-US: Unisoc +CVE-2023-42654 (In dm service, there is a possible missing permission check. This coul ...) + NOT-FOR-US: Unisoc +CVE-2023-42653 (In faceid service, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2023-42652 (In engineermode, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42651 (In engineermode, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42650 (In engineermode, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42649 (In engineermode, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42648 (In engineermode, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42647 (In Ifaa service, there is a possible way to write permission usage rec ...) + NOT-FOR-US: Unisoc +CVE-2023-42646 (In Ifaa service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2023-42645 (In sim service, there is a possible way to write permission usage reco ...) + NOT-FOR-US: Unisoc +CVE-2023-42644 (In dm service, there is a possible missing permission check. This coul ...) + NOT-FOR-US: Unisoc +CVE-2023-42643 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42642 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42641 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42640 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42639 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42638 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42637 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42636 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42635 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42634 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42633 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42632 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-42631 (In validationtools, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-40062 (SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code E ...) + NOT-FOR-US: SolarWinds +CVE-2023-40061 (Insecure job execution mechanism vulnerability. This vulnerability ca ...) + NOT-FOR-US: SolarWinds +CVE-2023-3972 (A vulnerability was found in insights-client. This security issue occu ...) + NOT-FOR-US: Red Hat insights-client +CVE-2023-33228 (The SolarWinds Network Configuration Manager was susceptible to the Ex ...) + NOT-FOR-US: SolarWinds +CVE-2023-33227 (The Network Configuration Manager was susceptible to a Directory Trave ...) + NOT-FOR-US: SolarWinds +CVE-2023-33226 (The Network Configuration Manager was susceptible to a Directory Trave ...) + NOT-FOR-US: SolarWinds +CVE-2023-46695 (An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13 ...) + - python-django (Only an issue on windows) + NOTE: https://www.djangoproject.com/weblog/2023/nov/01/security-releases/ +CVE-2023-5831 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab +CVE-2023-4700 (An authorization issue affecting GitLab EE affecting all versions from ...) + - gitlab (Specific to EE) +CVE-2023-5600 + - gitlab (Specific to EE) +CVE-2023-3246 (An issue has been discovered in GitLab EE/CE affecting all versions st ...) + - gitlab +CVE-2023-3909 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab +CVE-2023-5825 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab +CVE-2023-3399 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab +CVE-2023-5904 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) + NOT-FOR-US: pkp-lib +CVE-2023-5903 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) + NOT-FOR-US: pkp-lib +CVE-2023-5902 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) + NOT-FOR-US: pkp-lib +CVE-2023-5901 (Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-1 ...) + NOT-FOR-US: pkp-lib +CVE-2023-5900 (Cross-Site Request Forgery in GitHub repository pkp/pkp-lib prior to 3 ...) + NOT-FOR-US: pkp-lib +CVE-2023-5899 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) + NOT-FOR-US: pkp-lib +CVE-2023-5898 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) + NOT-FOR-US: pkp-lib +CVE-2023-5897 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocal ...) + NOT-FOR-US: pkp-lib +CVE-2023-5896 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) + NOT-FOR-US: pkp-lib +CVE-2023-5895 (Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prio ...) + NOT-FOR-US: pkp-lib +CVE-2023-5894 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior ...) + NOT-FOR-US: Open Journal System +CVE-2023-5893 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib pri ...) + NOT-FOR-US: pkp-lib +CVE-2023-5892 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) + NOT-FOR-US: pkp-lib +CVE-2023-5891 (Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-li ...) + NOT-FOR-US: pkp-lib +CVE-2023-5890 (Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib p ...) + NOT-FOR-US: pkp-lib +CVE-2023-5889 (Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior ...) + NOT-FOR-US: pkp-lib +CVE-2023-5516 (Poorly constructed webap requests and URI components with special char ...) + NOT-FOR-US: Hitachi +CVE-2023-5515 (The responses for web queries with certain parameters disclose interna ...) + NOT-FOR-US: Hitachi +CVE-2023-5514 (The response messages received from the eSOMS report generation using ...) + NOT-FOR-US: Hitachi +CVE-2023-5306 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...) + NOT-FOR-US: Online Blood Donation Management System +CVE-2023-4198 (Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unaut ...) + - dolibarr +CVE-2023-4197 (Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to stri ...) + - dolibarr +CVE-2023-47099 (A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtua ...) + NOT-FOR-US: Virtualmin +CVE-2023-47098 (A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra ...) + NOT-FOR-US: Virtualmin +CVE-2023-47097 (A Stored Cross-Site Scripting (XSS) vulnerability in the Server Templa ...) + NOT-FOR-US: Virtualmin +CVE-2023-47096 (A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin S ...) + NOT-FOR-US: Virtualmin +CVE-2023-47095 (A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields ...) + NOT-FOR-US: Virtualmin +CVE-2023-47094 (A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans ...) + NOT-FOR-US: Virtualmin +CVE-2023-46485 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46484 (An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote att ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46378 (Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allow ...) + NOT-FOR-US: MiniCMS +CVE-2023-46278 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...) + NOT-FOR-US: Cybozu +CVE-2023-44486 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...) + NOT-FOR-US: Online Blood Donation Management System +CVE-2023-44485 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...) + NOT-FOR-US: Online Blood Donation Management System +CVE-2023-44484 (Online Blood Donation Management System v1.0 is vulnerable to multiple ...) + NOT-FOR-US: Online Blood Donation Management System +CVE-2023-43295 (Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd ...) + NOT-FOR-US: Click Studios (SA) Pty Ltd Passwordstate +CVE-2023-39695 (Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 ...) + NOT-FOR-US: Elenos +CVE-2023-39610 (An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) an ...) + NOT-FOR-US: TP-Link +CVE-2023-37833 (Improper access control in Elenos ETG150 FM transmitter v3.12 allows a ...) + NOT-FOR-US: Elenos +CVE-2023-2622 (Authenticated clients can read arbitrary files on the MAIN Computer sy ...) + NOT-FOR-US: Hitachi +CVE-2023-2621 (The McFeeder server (distributed as part of SSW package), is susceptib ...) + NOT-FOR-US: Hitachi +CVE-2023-5859 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5858 (Inappropriate implementation in WebApp Provider in Google Chrome prior ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5857 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5856 (Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5855 (Use after free in Reading Mode in Google Chrome prior to 119.0.6045.10 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5854 (Use after free in Profiles in Google Chrome prior to 119.0.6045.105 al ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5853 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5852 (Use after free in Printing in Google Chrome prior to 119.0.6045.105 al ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5851 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5850 (Incorrect security UI in Downloads in Google Chrome prior to 119.0.604 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5482 (Insufficient data validation in USB in Google Chrome prior to 119.0.60 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5480 (Inappropriate implementation in Payments in Google Chrome prior to 119 ...) + {DSA-5546-1} + - chromium 119.0.6045.105-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5873 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: Pimcore +CVE-2023-5739 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...) + NOT-FOR-US: HP +CVE-2023-5519 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5464 (The Jquery accordion slideshow plugin for WordPress is vulnerable to S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5458 (The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5439 (The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5438 (The wp image slideshow plugin for WordPress is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5437 (The WP fade in text news plugin for WordPress is vulnerable to SQL Inj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5436 (The Vertical marquee plugin for WordPress is vulnerable to SQL Injecti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5435 (The Up down image slideshow gallery plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5434 (The Superb slideshow gallery plugin for WordPress is vulnerable to SQL ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5433 (The Message ticker plugin for WordPress is vulnerable to SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5431 (The Left right image slideshow gallery plugin for WordPress is vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5430 (The Jquery news ticker plugin for WordPress is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5429 (The Information Reel plugin for WordPress is vulnerable to SQL Injecti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5428 (The Image vertical reel scroll slideshow plugin for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5412 (The Image horizontal reel scroll slideshow plugin for WordPress is vul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5360 (The Royal Elementor Addons and Templates WordPress plugin before 1.3.7 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5307 (The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5243 (The Login Screen Manager WordPress plugin through 3.5.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5238 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5237 (The Memberlite Shortcodes WordPress plugin before 1.3.9 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5229 (The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5211 (The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5116 (The Live updates from Excel plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5114 (The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5099 (The HTML filter and csv-file search plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5098 (The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5073 (The iframe forms plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4836 (The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4823 (The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4390 (The Popup box WordPress plugin before 3.7.2 does not sanitize and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4251 (The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4250 (The EventPrime WordPress plugin before 3.2.0 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46993 (In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46992 (TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Acc ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46979 (TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46978 (TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Acce ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46977 (TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a s ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46976 (TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection vi ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46723 (lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and ...) + NOT-FOR-US: lte-pic32-writer +CVE-2023-46722 (The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Pr ...) + NOT-FOR-US: Pimcore Admin Classic Bundle +CVE-2023-46622 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46313 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46256 (PX4-Autopilot provides PX4 flight control solution for drones. In vers ...) + NOT-FOR-US: PX4-Autopilot +CVE-2023-46255 (SpiceDB is an open source, Google Zanzibar-inspired database for creat ...) + NOT-FOR-US: SpiceDB +CVE-2023-46250 (pypdf is a free and open-source pure-python PDF library. An attacker w ...) + - pypdf (Vulnerable code not yet present) + - pypdf2 (Vulnerable code not yet present) + NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f + NOTE: https://github.com/py-pdf/pypdf/pull/2264 + NOTE: https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d (3.17.0) +CVE-2023-46249 (authentik is an open-source Identity Provider. Prior to versions 2023. ...) + NOT-FOR-US: authentik +CVE-2023-46248 (Cody is an artificial intelligence (AI) coding assistant. The Cody AI ...) + NOT-FOR-US: Cody +CVE-2023-46245 (Kimai is a web-based multi-user time-tracking application. Versions 2. ...) + NOT-FOR-US: Kimai +CVE-2023-46240 (CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 v ...) + NOT-FOR-US: CodeIgniter +CVE-2023-46239 (quic-go is an implementation of the QUIC protocol in Go. Starting in v ...) + - golang-github-lucas-clemente-quic-go (Vulnerable version never in a unstable release; only affects 0.37.x) + NOTE: https://github.com/quic-go/quic-go/security/advisories/GHSA-3q6m-v84f-6p9h + NOTE: https://github.com/quic-go/quic-go/commit/b6a4725b60f1fe04e8f1ddcc3114e290fcea1617 (v0.37.3) +CVE-2023-46237 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) + NOT-FOR-US: FOG +CVE-2023-46236 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) + NOT-FOR-US: FOG +CVE-2023-46235 (FOG is a free open-source cloning/imaging/rescue suite/inventory manag ...) + NOT-FOR-US: FOG +CVE-2023-45955 (An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers t ...) + NOT-FOR-US: Nanoleaf Light strip +CVE-2023-43796 (Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 a ...) + - matrix-synapse 1.95.1-1 (bug #1055255) + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575 + NOTE: https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f (v1.95.1) +CVE-2023-42658 (Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow loca ...) + NOT-FOR-US: Chef InSpec +CVE-2023-42425 (An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote at ...) + NOT-FOR-US: Turing Video Turing Edge+ EVC5FD +CVE-2023-41377 + REJECTED +CVE-2023-40681 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40050 (Upload profile either through API or user interface in Chef Automate p ...) + NOT-FOR-US: Chef Automate +CVE-2023-38994 (The 'check_univention_joinstatus' prometheus monitoring script (and ot ...) + NOT-FOR-US: Univention +CVE-2023-37966 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Solwin Infotech +CVE-2023-37832 (A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows a ...) + NOT-FOR-US: Elenos +CVE-2023-37831 (An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attac ...) + NOT-FOR-US: Elenos +CVE-2023-37243 (The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availabil ...) + NOT-FOR-US: Atera +CVE-2023-36508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35879 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-33927 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5867 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5866 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5865 (Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5864 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5863 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5862 (Missing Authorization in GitHub repository hamza417/inure prior to Bui ...) + NOT-FOR-US: hamza417/inure +CVE-2023-5861 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2023-47174 (Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework fo ...) + NOT-FOR-US: Thorn SFTP gateway +CVE-2023-46502 (An issue in openCRX v.5.2.2 allows a remote attacker to read internal ...) + NOT-FOR-US: OpenCRX +CVE-2023-46478 (An issue in minCal v.1.0.0 allows a remote attacker to execute arbitra ...) + NOT-FOR-US: minCal +CVE-2023-46451 (Best Courier Management System v1.0 is vulnerable to Cross Site Script ...) + NOT-FOR-US: Best Courier Management System +CVE-2023-46361 (Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulne ...) + - jbig2dec (bug #1055387) + [bookworm] - jbig2dec (Minor issue) + [bullseye] - jbig2dec (Minor issue) + [buster] - jbig2dec (Minor issue) + NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/jbig2dec-SEGV/jbig2dec-SEGV.md + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707308 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=705041 + NOTE: Fixed by: https://github.com/ArtifexSoftware/jbig2dec/commit/ee53a7e4bc7819d32e8c0b2057885bcc97586bf3 +CVE-2023-46356 (In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebC ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46139 (KernelSU is a Kernel based root solution for Android. Starting in vers ...) + NOT-FOR-US: KernelSU (Kernel based root solution for Android) +CVE-2023-46138 (JumpServer is an open source bastion host and maintenance security aud ...) + NOT-FOR-US: JumpServer +CVE-2023-46040 (Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a r ...) + NOT-FOR-US: GetSimpleCMS +CVE-2023-45996 (SQL injection vulnerability in Senayan Library Management Systems Slim ...) + NOT-FOR-US: Senayan Library Management Systems +CVE-2023-45956 (An issue discovered in Govee LED Strip v3.00.42 allows attackers to ca ...) + NOT-FOR-US: Govee LED Strip +CVE-2023-45899 (An issue in the component SuperUserSetuserModuleFrontController:init() ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45804 + REJECTED +CVE-2023-45672 (Frigate is an open source network video recorder. Prior to version 0.1 ...) + NOT-FOR-US: Frigate +CVE-2023-45671 (Frigate is an open source network video recorder. Prior to version 0.1 ...) + NOT-FOR-US: Frigate +CVE-2023-45670 (Frigate is an open source network video recorder. Prior to version 0.1 ...) + NOT-FOR-US: Frigate +CVE-2023-45378 (In the module "PrestaBlog" (prestablog) version 4.4.7 and before from ...) + NOT-FOR-US: PrestaShop module +CVE-2023-44397 (CloudExplorer Lite is an open source, lightweight cloud management pla ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-43798 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) + NOT-FOR-US: BigBlueButton +CVE-2023-43797 (BigBlueButton is an open-source virtual classroom. Prior to versions 2 ...) + NOT-FOR-US: BigBlueButton +CVE-2023-43139 (An issue in franfinance before v.2.0.27 allows a remote attacker to ex ...) + NOT-FOR-US: PrestaShop module +CVE-2023-42323 (Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 all ...) + NOT-FOR-US: DouHaocms +CVE-2023-36263 (Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL In ...) + NOT-FOR-US: PrestaShop module +CVE-2023-31794 (MuPDF v1.21.1 was discovered to contain an infinite recursion in the c ...) + - mupdf 1.22.1+ds1-1 + [bookworm] - mupdf (Minor issue) + [bullseye] - mupdf (Minor issue) + [buster] - mupdf (Minor issue) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706506 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;a=commit;h=c0015401693b58e2deb5d75c39f27bc1216e47c6 (1.22.0-rc1) +CVE-2019-25155 (DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-targe ...) + - dompurify.js + NOTE: https://github.com/cure53/DOMPurify/pull/337 +CVE-2015-20110 (JHipster generator-jhipster before 2.23.0 allows a timing attack again ...) + NOT-FOR-US: JHipster generator-jhipster +CVE-2023-34049 [allows an attacker to force Salt-SSH to run their script] + - salt (bug #1055179) + NOTE: https://saltproject.io/security-announcements/2023-10-27-advisory/index.html +CVE-2023-5844 (Unverified Password Change in GitHub repository pimcore/admin-ui-class ...) + NOT-FOR-US: Pimcore admin-ui-classic-bundle +CVE-2023-5843 (The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5833 (Improper Access Control in GitHub repository mintplex-labs/anything-ll ...) + NOT-FOR-US: AnythingLLM +CVE-2023-5832 (Improper Input Validation in GitHub repository mintplex-labs/anything- ...) + NOT-FOR-US: AnythingLLM +CVE-2023-5666 (The Accordion plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5583 (The WP Simple Galleries plugin for WordPress is vulnerable to PHP Obje ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5566 (The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5565 (The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5362 (The Carousel, Recent Post Slider and Banner Slider plugin for WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5335 (The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5315 (The Google Maps made Simple plugin for WordPress is vulnerable to SQL ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5252 (The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5251 (The Grid Plus plugin for WordPress is vulnerable to unauthorized modif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5250 (The Grid Plus plugin for WordPress is vulnerable to Local File Inclusi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5199 (The PHP to Page plugin for WordPress is vulnerable Local File Inclusio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5164 (The Bellows Accordion Menu plugin for WordPress is vulnerable to Store ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5049 (The Giveaways and Contests by RafflePress plugin for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4964 (Potential open redirect vulnerability in opentext Service Management A ...) + NOT-FOR-US: Microfocus opentext +CVE-2023-47104 (tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell met ...) + NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs) +CVE-2023-47101 (The installer (aka openvpn-client-installer) in Securepoint SSL VPN Cl ...) + NOT-FOR-US: Securepoint SSL VPN Client +CVE-2023-45780 (In Print Service, there is a possible background activity launch due t ...) + NOT-FOR-US: Android +CVE-2023-44323 (Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2023-44078 + REJECTED +CVE-2023-43792 (baserCMS is a website development framework. In versions 4.6.0 through ...) + NOT-FOR-US: baserCMS +CVE-2023-43649 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + NOT-FOR-US: baserCMS +CVE-2023-43648 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + NOT-FOR-US: baserCMS +CVE-2023-43647 (baserCMS is a website development framework. Prior to version 4.8.0, t ...) + NOT-FOR-US: baserCMS +CVE-2023-42804 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) + NOT-FOR-US: BigBlueButton +CVE-2023-42803 (BigBlueButton is an open-source virtual classroom. BigBlueButton prior ...) + NOT-FOR-US: BigBlueButton +CVE-2023-42431 (Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension ...) + NOT-FOR-US: BlueSpiceAvatars extension of BlueSpice +CVE-2023-41891 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) + NOT-FOR-US: FlyteAdmin +CVE-2023-41605 + REJECTED +CVE-2023-40943 + REJECTED +CVE-2023-40101 (In collapse of canonicalize_md.c, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2023-36920 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + NOT-FOR-US: SAP +CVE-2020-36767 (tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell meta ...) + NOT-FOR-US: tinyfiledialogs (aka tiny file dialogs) +CVE-2023-5842 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...) + - dolibarr + NOTE: https://huntr.com/bounties/aed81114-5952-46f5-ae3a-e66518e98ba3 + NOTE: https://github.com/dolibarr/dolibarr/commit/f569048eb2bd823525bce4ef52316e7a83e3345c +CVE-2023-4393 (HTML and SMTP injections on the registration page of LiquidFiles versi ...) + NOT-FOR-US: LiquidFiles +CVE-2023-46867 (In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixT ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-46866 (In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-46865 (/api/v1/company/upload-logo in CompanyController.php in crater through ...) + NOT-FOR-US: Crater +CVE-2023-46864 (Peppermint Ticket Management through 0.2.4 allows remote attackers to ...) + NOT-FOR-US: Peppermint Ticket Management +CVE-2023-46863 (Peppermint Ticket Management before 0.2.4 allows remote attackers to r ...) + NOT-FOR-US: Peppermint Ticket Management +CVE-2023-45799 (In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability e ...) + NOT-FOR-US: MLSoft TCO!stream +CVE-2023-45798 (In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists ...) + NOT-FOR-US: Yettiesoft VestCert +CVE-2023-45797 (A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions ...) + NOT-FOR-US: DreamSecurity MagicLine4NX +CVE-2023-45746 (Cross-site scripting vulnerability in Movable Type series allows a rem ...) + - movabletype-opensource +CVE-2023-44141 (Inkdrop prior to v5.6.0 allows a local attacker to conduct a code inje ...) + NOT-FOR-US: Inkdrop +CVE-2023-44002 + REJECTED +CVE-2007-10003 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: WordPress plugin +CVE-2005-10002 (A vulnerability, which was classified as critical, was found in almost ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5840 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) + NOT-FOR-US: LinkStack +CVE-2023-5839 (Privilege Chaining in GitHub repository hestiacp/hestiacp prior to 1.8 ...) + NOT-FOR-US: Hestia Control Panel +CVE-2023-5838 (Insufficient Session Expiration in GitHub repository linkstackorg/link ...) + NOT-FOR-US: LinkStack +CVE-2023-5837 (A vulnerability classified as problematic was found in AlexanderLivano ...) + NOT-FOR-US: AlexanderLivanov FotosCMS2 +CVE-2023-5836 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-46862 (An issue was discovered in the Linux kernel through 6.5.9. During a ra ...) + - linux 6.5.10-1 + [bookworm] - linux 6.1.64-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4 + NOTE: https://git.kernel.org/linus/7644b1a1c9a7ae8ab99175989bfc8676055edb46 +CVE-2023-46858 (Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflecte ...) + - moodle +CVE-2023-46854 (Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxm ...) + NOT-FOR-US: Proxmox proxmox-widget-toolkit +CVE-2023-45897 (exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in ...) + - exfatprogs 1.2.2-1 + [bookworm] - exfatprogs 1.2.0-1+deb12u1 + [bullseye] - exfatprogs (Minor issue) + NOTE: https://github.com/exfatprogs/exfatprogs/commit/ec78688e5fb5a70e13df82b4c0da1e6228d3ccdf (1.2.2) + NOTE: https://github.com/exfatprogs/exfatprogs/commit/22d0e43e8d24119cbfc6efafabb0dec6517a86c4 (1.2.2) + NOTE: https://github.com/exfatprogs/exfatprogs/commit/4abc55e976573991e6a1117bb2b3711e59da07ae (1.2.2) +CVE-2023-43041 (IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a d ...) + NOT-FOR-US: IBM +CVE-2023-40686 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...) + NOT-FOR-US: IBM +CVE-2023-40685 (Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator c ...) + NOT-FOR-US: IBM +CVE-2023-5835 (A vulnerability classified as problematic was found in hu60t hu60wap6. ...) + NOT-FOR-US: hu60t hu60wap6 +CVE-2023-5426 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5425 (The Post Meta Data Manager plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46129 (NATS.io is a high performance open source pub-sub distributed communic ...) + - golang-github-nats-io-nkeys 0.4.6-1 (bug #1055010) + [bookworm] - golang-github-nats-io-nkeys (Vulnerable code not present) + [bullseye] - golang-github-nats-io-nkeys (Vulnerable code not present) + [buster] - golang-github-nats-io-nkeys (Vulnerable code not present) + - nats-server 2.10.4-1 (bug #1055011) + [bookworm] - nats-server (Vulnerable code not present) + NOTE: https://advisories.nats.io/CVE/secnote-2023-02.txt + NOTE: https://github.com/nats-io/nkeys/security/advisories/GHSA-mr45-rx8q-wcm9 +CVE-2023-47090 (NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authent ...) + - nats-server 2.10.3-1 + NOTE: https://advisories.nats.io/CVE/secnote-2023-01.txt + NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-fr2g-9hjm-wr23 +CVE-2023-5056 (A flaw was found in the Skupper operator, which may permit a certain c ...) + NOT-FOR-US: Skupper +CVE-2023-5834 (HashiCorp Vagrant's Windows installer targeted a custom location with ...) + NOT-FOR-US: HashiCorp Vagrant's Windows installer +CVE-2023-5830 (A vulnerability classified as critical has been found in ColumbiaSoft ...) + NOT-FOR-US: ColumbiaSoft Document Locator +CVE-2023-46587 (Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a loca ...) + NOT-FOR-US: XnView +CVE-2023-46570 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) + - radare2 (bug #1054908) + NOTE: https://github.com/radareorg/radare2/issues/22333 + NOTE: Fixed by: https://github.com/radareorg/radare2/commit/3e406459f163eba7672b3421c8a84b2c0e4ac0f8 +CVE-2023-46569 (An out-of-bounds read in radare2 v.5.8.9 and before exists in the prin ...) + - radare2 (bug #1054908) + NOTE: https://github.com/radareorg/radare2/issues/22334 + NOTE: Fixed by: https://github.com/radareorg/radare2/commit/2e2f2a9b1800d09be09461e7536ac03a301f97f2 +CVE-2023-46510 (An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 ...) + NOT-FOR-US: ZIONCOM (Hong Kong) Technology Limited A7000R +CVE-2023-46509 (An issue in Contec SolarView Compact v.6.0 and before allows an attack ...) + NOT-FOR-US: Contec SolarView Compact +CVE-2023-46490 (SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker ...) + - cacti + [bookworm] - cacti (Revisit when more details are available) + [bullseye] - cacti (Revisit when more details are available) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-f4r3-53jr-654c (not public yet) + NOTE: https://gist.github.com/ISHGARD-2/a95632111138fcd7ccf7432ccb145b53 +CVE-2023-46468 (An issue in juzawebCMS v.3.4 and before allows a remote attacker to ex ...) + NOT-FOR-US: juzawebCMS +CVE-2023-46467 (Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allo ...) + NOT-FOR-US: juzawebCMS +CVE-2023-46215 (Insertion of Sensitive Information into Log File vulnerability in Apac ...) + NOT-FOR-US: Apache Airflow Celery provider +CVE-2023-46211 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stylemix ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46200 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44480 (Leave Management System Project v1.0 is vulnerable to multiple Authent ...) + NOT-FOR-US: Leave Management System Project +CVE-2023-43322 (ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5. ...) + NOT-FOR-US: ZPE Systems +CVE-2023-40140 (In android_view_InputDevice_create of android_view_InputDevice.cpp, th ...) + NOT-FOR-US: Android +CVE-2023-40139 (In FillUi of FillUi.java, there is a possible way to view another user ...) + NOT-FOR-US: Android +CVE-2023-40138 (In FillUi of FillUi.java, there is a possible way to view another user ...) + NOT-FOR-US: Android +CVE-2023-40137 (In multiple functions of DialogFillUi.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-40136 (In setHeader of DialogFillUi.java, there is a possible way to view ano ...) + NOT-FOR-US: Android +CVE-2023-40135 (In applyCustomDescription of SaveUi.java, there is a possible way to v ...) + NOT-FOR-US: Android +CVE-2023-40134 (In isFullScreen of FillUi.java, there is a possible way to view anothe ...) + NOT-FOR-US: Android +CVE-2023-40133 (In multiple locations of DialogFillUi.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-40131 (In GpuService of GpuService.cpp, there is a possible use after free du ...) + NOT-FOR-US: Android +CVE-2023-40130 (In onBindingDied of CallRedirectionProcessor.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-40129 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2023-40128 (In several functions of xmlregexp.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-40127 (In multiple locations, there is a possible way to access screenshots d ...) + NOT-FOR-US: Android +CVE-2023-40125 (In onCreate of ApnEditor.java, there is a possible way for a Guest use ...) + NOT-FOR-US: Android +CVE-2023-40123 (In updateActionViews of PipMenuView.java, there is a possible bypass o ...) + NOT-FOR-US: Android +CVE-2023-40121 (In appendEscapedSQLString of DatabaseUtils.java, there is a possible S ...) + NOT-FOR-US: Android +CVE-2023-40120 (In multiple locations, there is a possible way to bypass user notifica ...) + NOT-FOR-US: Android +CVE-2023-40117 (In resetSettingsLocked of SettingsProvider.java, there is a possible l ...) + NOT-FOR-US: Android +CVE-2023-40116 (In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-35794 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) + NOT-FOR-US: Cassia Access Controller +CVE-2023-32738 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alka ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5829 (A vulnerability was found in code-projects Admission Management System ...) + NOT-FOR-US: code-projects Admission Management System +CVE-2023-5828 (A vulnerability was found in Nanning Ontall Longxing Industrial Develo ...) + NOT-FOR-US: Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System +CVE-2023-5827 (A vulnerability was found in Shanghai CTI Navigation CTI Monitoring an ...) + NOT-FOR-US: Shanghai CTI Navigation CTI Monitoring and Early Warning System +CVE-2023-5826 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-5821 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5820 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5817 (The Neon text plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5807 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: TRtek Software Education Portal +CVE-2023-5774 (The Animated Counters plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5705 (The VK Filter Search plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5570 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) + NOT-FOR-US: Inohom Home Manager Gateway +CVE-2023-5443 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) + NOT-FOR-US: EDM Informatics E-invoice +CVE-2023-4967 (Denial of Service in NetScaler ADC and NetScaler Gateway when configur ...) + NOT-FOR-US: Citrix +CVE-2023-46853 (In Memcached before 1.6.22, an off-by-one error exists when processing ...) + - memcached 1.6.22-1 + [bookworm] - memcached (Minor issue) + [bullseye] - memcached (Minor issue) + [buster] - memcached (The vulnerable code was introduced later) + NOTE: https://github.com/memcached/memcached/commit/6987918e9a3094ec4fc8976f01f769f624d790fa (1.6.22) +CVE-2023-46852 (In Memcached before 1.6.22, a buffer overflow exists when processing m ...) + - memcached 1.6.22-1 + [bookworm] - memcached (Minor issue) + [bullseye] - memcached (Minor issue) + [buster] - memcached (The vulnerable code was introduced later) + NOTE: https://github.com/memcached/memcached/commit/76a6c363c18cfe7b6a1524ae64202ac9db330767 (1.6.22) +CVE-2023-46604 (The Java OpenWire protocol marshaller is vulnerable to Remote Code Ex ...) + {DLA-3657-1} + - activemq 5.17.6+dfsg-1 (bug #1054909) + NOTE: https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt + NOTE: http://www.openwall.com/lists/oss-security/2023/10/27/5 +CVE-2023-46407 (FFmpeg prior to commit bf814 was discovered to contain an out of bound ...) + - ffmpeg (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3 + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/bf814387f42e9b0dea9d75c03db4723c88e7d962 + NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231015004924.597746-1-leo.izen%40gmail.com/ + NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20231013014959.536776-1-leo.izen%40gmail.com/ +CVE-2023-46394 (A stored cross-site scripting (XSS) vulnerability in /home/user/edit_s ...) + NOT-FOR-US: gougucms +CVE-2023-46393 (gougucms v4.08.18 was discovered to contain a password reset poisoning ...) + NOT-FOR-US: gougucms +CVE-2023-46290 (Due to inadequate code logic, a previously unauthenticated threat acto ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-46289 (Rockwell Automation FactoryTalk View Site Edition insufficiently valid ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-46246 (Vim is an improved version of the good old UNIX editor Vi. Heap-use-af ...) + - vim 2:9.0.2087-1 (unimportant) + NOTE: https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm + NOTE: https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a (v9.0.2068) + NOTE: Crash in CLI tool, no security impact +CVE-2023-44377 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-44376 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-5814 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-5813 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-5812 (A vulnerability has been found in flusity CMS and classified as critic ...) + NOT-FOR-US: flusity CMS +CVE-2023-5811 (A vulnerability, which was classified as problematic, was found in flu ...) + NOT-FOR-US: flusity CMS +CVE-2023-5810 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: flusity CMS +CVE-2023-5805 (A vulnerability was found in SourceCodester Simple Real Estate Portal ...) + NOT-FOR-US: SourceCodester Simple Real Estate Portal System +CVE-2023-5051 (The CallRail Phone Call Tracking plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46818 (An issue was discovered in ISPConfig before 3.2.11p1. PHP code injecti ...) + NOT-FOR-US: ISPConfig +CVE-2023-46816 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...) + NOT-FOR-US: SugarCRM +CVE-2023-46815 (An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13. ...) + NOT-FOR-US: SugarCRM +CVE-2023-46665 (Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerabi ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-46505 (Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacke ...) + NOT-FOR-US: FanCMS +CVE-2023-46504 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...) + NOT-FOR-US: PwnCYN YXBOOKCMS +CVE-2023-46503 (Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 a ...) + NOT-FOR-US: PwnCYN YXBOOKCMS +CVE-2023-46491 (ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) v ...) + NOT-FOR-US: ZenTao Biz +CVE-2023-46376 (Zentao Biz version 8.7 and before is vulnerable to Information Disclos ...) + NOT-FOR-US: ZenTao Biz +CVE-2023-46375 (ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Reques ...) + NOT-FOR-US: ZenTao Biz +CVE-2023-46374 (ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cr ...) + NOT-FOR-US: ZenTao +CVE-2023-46199 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Trib ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46194 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46192 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Inte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46153 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46093 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lion ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45499 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...) + NOT-FOR-US: VinChin Backup & Recovery +CVE-2023-45498 (VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was disco ...) + NOT-FOR-US: VinChin Backup & Recovery +CVE-2023-44375 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-44268 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-44220 (SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and ...) + NOT-FOR-US: SonicWall +CVE-2023-44219 (A local privilege escalation vulnerability in SonicWall Directory Serv ...) + NOT-FOR-US: SonicWall +CVE-2023-44162 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-43738 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-43737 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-43352 (An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-42406 (SQL injection vulnerability in D-Link Online behavior audit gateway DA ...) + NOT-FOR-US: D-Link +CVE-2023-42188 (IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: IceCMS +CVE-2023-39726 (An issue in Mintty v.3.6.4 and before allows a remote attacker to exec ...) + NOT-FOR-US: Mintty +CVE-2023-38328 (An issue was discovered in eGroupWare 17.1.20190111. An Improper Passw ...) + - egroupware +CVE-2023-34059 (open-vm-tools contains a file descriptor hijack vulnerability in the v ...) + {DSA-5543-1 DLA-3646-1} + - open-vm-tools 2:12.3.5-1 (bug #1054666) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/2 + NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34059.patch/CVE-2023-34059.patch + NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/3 +CVE-2023-34058 (VMware Tools contains a SAML token signature bypass vulnerability.A ma ...) + {DSA-5543-1 DLA-3646-1} + - open-vm-tools 2:12.3.5-1 (bug #1054666) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/27/1 + NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-34058.patch/CVE-2023-34058.patch +CVE-2023-34057 (VMware Tools contains a local privilege escalation vulnerability.A mal ...) + NOT-FOR-US: WMware +CVE-2023-33559 (A local file inclusion vulnerability via the lang parameter in OcoMon ...) + NOT-FOR-US: OcoMon +CVE-2023-33558 (An information disclosure vulnerability in the component users-grid-da ...) + NOT-FOR-US: OcoMon +CVE-2023-46813 (An issue was discovered in the Linux kernel before 6.5.9, exploitable ...) + - linux 6.5.10-1 + [bookworm] - linux 6.1.64-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/63e44bc52047f182601e7817da969a105aa1f721 (6.6-rc7) + NOTE: https://git.kernel.org/linus/b9cb9c45583b911e0db71d09caa6b56469eb2bdf (6.6-rc7) + NOTE: https://git.kernel.org/linus/a37cd2a59d0cb270b1bba568fd3a3b8668b9d3ba (6.6-rc7) +CVE-2023-5804 (A vulnerability was found in PHPGurukul Nipah Virus Testing Management ...) + NOT-FOR-US: PHPGurukul +CVE-2023-5802 (Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5798 (The Assistant WordPress plugin before 1.4.4 does not validate a parame ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5796 (A vulnerability was found in CodeAstro POS System 1.0. It has been rat ...) + NOT-FOR-US: CodeAstro POS System +CVE-2023-5795 (A vulnerability was found in CodeAstro POS System 1.0. It has been dec ...) + NOT-FOR-US: CodeAstro POS System +CVE-2023-5794 (A vulnerability was found in PHPGurukul Online Railway Catering System ...) + NOT-FOR-US: PHPGurukul +CVE-2023-5793 (A vulnerability was found in flusity CMS and classified as problematic ...) + NOT-FOR-US: flusity CMS +CVE-2023-5792 (A vulnerability has been found in SourceCodester Sticky Notes App 1.0 ...) + NOT-FOR-US: SourceCodester Sticky Notes App +CVE-2023-5791 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Sticky Notes App +CVE-2023-5790 (A vulnerability classified as critical was found in SourceCodester Fil ...) + NOT-FOR-US: SourceCodester File Manager App +CVE-2023-5789 (A vulnerability classified as problematic has been found in Dragon Pat ...) + NOT-FOR-US: Dragon Path +CVE-2023-5787 (A vulnerability was found in Shaanxi Chanming Education Technology Sco ...) + NOT-FOR-US: Shaanxi Chanming Education Technology Score Query System +CVE-2023-5786 (A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It ha ...) + NOT-FOR-US: GeoServer +CVE-2023-5785 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-5784 (A vulnerability was found in Netentsec NS-ASG Application Security Gat ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-5783 (A vulnerability has been found in Tongda OA 2017 up to 11.9 and classi ...) + NOT-FOR-US: Tongda OA +CVE-2023-5782 (A vulnerability, which was classified as critical, was found in Tongda ...) + NOT-FOR-US: Tongda OA +CVE-2023-5781 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: Tongda OA +CVE-2023-5780 (A vulnerability classified as critical was found in Tongda OA 2017 11. ...) + NOT-FOR-US: Tongda OA +CVE-2023-5754 (Sielco PolyEco1000 uses a weak set of default administrative credentia ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-5624 (Under certain conditions, Nessus Network Monitor was found to not prop ...) + NOT-FOR-US: Nessus Network Monitor +CVE-2023-5623 (NNM failed to properly set ACLs on its installation directory, which c ...) + NOT-FOR-US: Nessus Network Monitor +CVE-2023-5622 (Under certain conditions, Nessus Network Monitor could allow a low pri ...) + NOT-FOR-US: Nessus Network Monitor +CVE-2023-46748 (An authenticated SQL injection vulnerability exists in the BIG-IP Conf ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-46747 (Undisclosed requests may bypass configuration utility authentication, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-46666 (An issue was discovered when using Document Level Security and the SPO ...) + NOT-FOR-US: Elastic Sharepoint Online Python Connector +CVE-2023-46664 (Sielco PolyEco1000 is vulnerable to an improper access control vulnera ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-46663 (Sielco PolyEco1000 is vulnerable to an attacker bypassing authorizatio ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-46662 (Sielco PolyEco1000 is vulnerable to an information disclosure vulnerab ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-46661 (Sielco PolyEco1000 is vulnerable to an attacker escalating their privi ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-46450 (Sourcecodester Free and Open Source inventory management system 1.0 is ...) + NOT-FOR-US: Sourcecodester Free and Open Source inventory management system +CVE-2023-46449 (Sourcecodester Free and Open Source inventory management system v1.0 i ...) + NOT-FOR-US: Sourcecodester Free and Open Source inventory management system +CVE-2023-46435 (Sourcecodester Packers and Movers Management System v1.0 is vulnerable ...) + NOT-FOR-US: Sourcecodester Packers and Movers Management System +CVE-2023-46238 (ZITADEL is an identity infrastructure management system. ZITADEL users ...) + NOT-FOR-US: ZITADEL +CVE-2023-46234 (browserify-sign is a package to duplicate the functionality of node's ...) + {DSA-5539-1 DLA-3635-1} + - node-browserify-sign 4.2.2-1 (bug #1054667) + NOTE: https://github.com/browserify/browserify-sign/security/advisories/GHSA-x9w5-v3q2-3rhw + NOTE: https://github.com/browserify/browserify-sign/commit/85994cd6348b50f2fd1b73c54e20881416f44a30 (v4.2.2) +CVE-2023-46094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46090 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46088 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46081 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode La ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46077 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46075 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45869 (ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbit ...) + - ilias (bug #195688) +CVE-2023-45868 (The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attac ...) + - ilias (bug #195688) +CVE-2023-45867 (ILIAS (2013-09-12 release) contains a medium-criticality Directory Tra ...) + - ilias (bug #195688) +CVE-2023-45317 (The application interface allows users to perform certain actions via ...) + NOT-FOR-US: Sielco +CVE-2023-45228 (The application suffers from improper access control when editing user ...) + NOT-FOR-US: Sielco +CVE-2023-44267 (Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL ...) + NOT-FOR-US: Online Art Gallery +CVE-2023-43208 (NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to ...) + NOT-FOR-US: NextGen Healthcare Mirth Connect +CVE-2023-42769 (The cookie session ID is of insufficient length and can be exploited b ...) + NOT-FOR-US: Sielco +CVE-2023-41966 (The application suffers from a privilege escalation vulnerability. A ...) + NOT-FOR-US: Sielco +CVE-2023-41096 (Missing Encryption of Security Keys vulnerability in Silicon Labs Embe ...) + NOT-FOR-US: Silabs +CVE-2023-41095 (Missing Encryption of Security Keys vulnerability in Silicon Labs Open ...) + NOT-FOR-US: Silabs +CVE-2023-39936 (In Ashlar-Vellum Graphite v13.0.48, the affected application lacks pro ...) + NOT-FOR-US: Ashlar-Vellum +CVE-2023-39427 (In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 S ...) + NOT-FOR-US: Ashlar-Vellum +CVE-2023-32116 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tota ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31419 (A flaw was discovered in Elasticsearch, affecting the _search API that ...) + - elasticsearch +CVE-2023-31418 (An issue has been identified with how Elasticsearch handled incoming r ...) + - elasticsearch +CVE-2023-31416 (Secret token configuration is never applied when using ECK <2.8 with A ...) + NOT-FOR-US: Elastic Cloud on Kubernetes +CVE-2023-5139 (Potential buffer overflow vulnerability at the following location in t ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-46754 (The admin panel for Obl.ong before 1.1.2 allows authorization bypass b ...) + NOT-FOR-US: admin panel for Obl.ong +CVE-2023-46753 (An issue was discovered in FRRouting FRR through 9.0.1. A crash can oc ...) + - frr (bug #1055852) + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/d8482bf011cb2b173e85b65b4bf3d5061250cdb9 (master) + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/21418d64af11553c402f932b0311c812d98ac3e4 (stable/8.5 branch) +CVE-2023-46752 (An issue was discovered in FRRouting FRR through 9.0.1. It mishandles ...) + - frr (bug #1055852) + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b08afc81c60607a4f736f418f2e3eb06087f1a35 (master) + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/30b5c2a434d25981e16792f6f50162beb517ae4d (stable/8.5 branch) +CVE-2023-46668 (If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-defa ...) + NOT-FOR-US: Elastic Endpoint +CVE-2023-46667 (An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where ...) + NOT-FOR-US: Elastic Fleet Server +CVE-2023-46584 (SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing ...) + NOT-FOR-US: PHPGurukul +CVE-2023-46583 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (Ni ...) + NOT-FOR-US: PHPGurukul +CVE-2023-46345 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via ...) + - catdoc (unimportant) + NOTE: Crash in CLI tool, no security impact +CVE-2023-46233 (crypto-js is a JavaScript library of crypto standards. Prior to versio ...) + {DLA-3669-1} + - cryptojs 3.1.2+dfsg-4 (bug #1055525) + NOTE: https://github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vf + NOTE: https://github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40a (4.2.0) +CVE-2023-46232 (era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer ...) + NOT-FOR-US: era-compiler-vyper +CVE-2023-46137 (Twisted is an event-based framework for internet applications. Prior t ...) + - twisted (bug #1054913) + [bookworm] - twisted (Minor issue) + [bullseye] - twisted (Minor issue) + [buster] - twisted (Minor issue) + NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm +CVE-2023-46134 (D-Tale is the combination of a Flask back-end and a React front-end to ...) + NOT-FOR-US: D-Tale +CVE-2023-46133 (CryptoES is a cryptography algorithms library compatible with ES6 and ...) + NOT-FOR-US: CryptoES +CVE-2023-45137 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-43906 (Xolo CMS v0.11 was discovered to contain a reflected cross-site script ...) + NOT-FOR-US: Xolo CMS +CVE-2023-43905 (Incorrect access control in writercms v1.1.0 allows attackers to direc ...) + NOT-FOR-US: writercms +CVE-2023-38849 (An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtai ...) + NOT-FOR-US: tire-sales Line +CVE-2023-38848 (An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker ...) + NOT-FOR-US: rmc R Beauty CLINIC Line +CVE-2023-38847 (An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to ...) + NOT-FOR-US: CHRISTINA JAPAN Line +CVE-2023-38846 (An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obt ...) + NOT-FOR-US: Marbre Lapin Line +CVE-2023-38845 (An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote ...) + NOT-FOR-US: Anglaise Company Anglaise.Company +CVE-2023-31422 (An issue was discovered by Elastic whereby sensitive information is re ...) + - kibana (bug #700337) +CVE-2023-31421 (It was discovered that when acting as TLS clients, Beats, Elastic Agen ...) + NOT-FOR-US: Elastic +CVE-2023-45872 + - qt6-svg (Doesn't affect any version uploaded to unstable) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2246067 +CVE-2023-5717 (A heap out-of-bounds write vulnerability in the Linux kernel's Linux K ...) + - linux 6.5.10-1 + [bookworm] - linux 6.1.64-1 + NOTE: https://git.kernel.org/linus/32671e3799ca2e4590773fd0e63aaa4229e50c06 (6.6-rc7) +CVE-2023-5678 (Issue summary: Generating excessively long X9.42 DH keys or checking e ...) + - openssl 3.0.12-2 (bug #1055473) + [bookworm] - openssl (Minor issue; can be fixed along with future update) + [bullseye] - openssl (Minor issue; can be fixed along with future update) + [buster] - openssl (Minor issue; can be fixed along with future update) + NOTE: https://www.openssl.org/news/secadv/20231106.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0.y) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c (for 1.1.1y) +CVE-2023-5671 (HP Print and Scan Doctor for Windows may potentially be vulnerable to ...) + NOT-FOR-US: HP +CVE-2023-46564 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46563 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46562 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46560 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46559 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46558 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46557 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46556 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46555 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46554 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46553 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46552 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46551 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46550 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46549 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46548 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46547 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46546 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46545 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46544 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46543 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46542 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46541 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46540 (TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46539 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46538 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46537 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46536 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46535 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46534 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46527 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46526 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46525 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46523 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46522 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46521 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46520 (TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discover ...) + NOT-FOR-US: TP-LINK +CVE-2023-46518 (Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command ex ...) + NOT-FOR-US: Mercury A15 +CVE-2023-46424 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46423 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46422 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46421 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46420 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46419 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46418 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46417 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46416 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46415 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46414 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a rem ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46413 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46412 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46411 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46410 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46409 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46408 (TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46396 (Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex ...) + NOT-FOR-US: Audimex +CVE-2023-46102 (The Android Client application, when enrolled to the AppHub server, co ...) + NOT-FOR-US: Bosch +CVE-2023-45851 (The Android Client application, when enrolled to the AppHub server,con ...) + NOT-FOR-US: Bosch +CVE-2023-45844 (The vulnerability allows a low privileged user that have access to the ...) + NOT-FOR-US: Bosch +CVE-2023-45321 (The Android Client application, when enrolled with the define method ...) + NOT-FOR-US: Bosch +CVE-2023-45220 (The Android Client application, when enrolled with the define method 1 ...) + NOT-FOR-US: Bosch +CVE-2023-45136 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-45135 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-45134 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-43488 (The vulnerability allows a low privileged (untrusted) application to m ...) + NOT-FOR-US: Bosch +CVE-2023-42861 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-42857 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-42856 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42854 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-42852 (A logic issue was addressed with improved checks. This issue is fixed ...) + {DSA-5557-1} + - webkit2gtk 2.42.2-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.2-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2023-42850 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-42849 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42847 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-42846 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-42845 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2023-42844 (This issue was addressed with improved handling of symlinks. This issu ...) + NOT-FOR-US: Apple +CVE-2023-42842 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-42841 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-42494 (EisBaer Scada - CWE-749: Exposed Dangerous Method or Function) + NOT-FOR-US: EisBaer Scada +CVE-2023-42493 (EisBaer Scada - CWE-256: Plaintext Storage of a Password) + NOT-FOR-US: EisBaer Scada +CVE-2023-42492 (EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key) + NOT-FOR-US: EisBaer Scada +CVE-2023-42491 (EisBaer Scada - CWE-285: Improper Authorization) + NOT-FOR-US: EisBaer Scada +CVE-2023-42490 (EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unaut ...) + NOT-FOR-US: EisBaer Scada +CVE-2023-42489 (EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical ...) + NOT-FOR-US: EisBaer Scada +CVE-2023-42488 (EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restric ...) + NOT-FOR-US: EisBaer Scada +CVE-2023-42438 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2023-41997 (This issue was addressed by restricting options offered on a locked de ...) + NOT-FOR-US: Apple +CVE-2023-41989 (The issue was addressed by restricting options offered on a locked dev ...) + NOT-FOR-US: Apple +CVE-2023-41988 (This issue was addressed by restricting options offered on a locked de ...) + NOT-FOR-US: Apple +CVE-2023-41983 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5557-1} + - webkit2gtk 2.42.2-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.2-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2023-41982 (This issue was addressed by restricting options offered on a locked de ...) + NOT-FOR-US: Apple +CVE-2023-41977 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-41976 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-41975 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-41960 (The vulnerability allows an unprivileged(untrusted) third-party applic ...) + NOT-FOR-US: Bosch +CVE-2023-41372 (The vulnerability allows an unprivileged (untrusted) third- party appl ...) + NOT-FOR-US: Bosch +CVE-2023-41255 (The vulnerability allows an unprivileged user with access to the subne ...) + NOT-FOR-US: Bosch +CVE-2023-41254 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-41077 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-41072 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-40449 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40447 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40445 (The issue was addressed with improved UI handling. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-40444 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40425 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-40423 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40421 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40416 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40413 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-40408 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2023-40405 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-40404 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-40401 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-3010 (Grafana is an open-source platform for monitoring and observability. ...) + NOT-FOR-US: Grafana plugin +CVE-2023-37913 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37912 (XWiki Rendering is a generic Rendering system that converts textual in ...) + NOT-FOR-US: XWiki +CVE-2023-37911 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37910 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37909 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37908 (XWiki Rendering is a generic Rendering system that converts textual in ...) + NOT-FOR-US: XWiki +CVE-2023-34447 (iTop is an open source, web-based IT service management platform. Prio ...) + NOT-FOR-US: iTop +CVE-2023-34446 (iTop is an open source, web-based IT service management platform. Prio ...) + NOT-FOR-US: iTop +CVE-2023-32359 (This issue was addressed with improved redaction of sensitive informat ...) + {DSA-5527-1} + - webkit2gtk 2.42.0-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.0-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2023-46660 (Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time compari ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46659 (Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46658 (Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-co ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46657 (Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time compar ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46656 (Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46655 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46654 (Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46653 (Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATE ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46652 (A missing permission check in Jenkins lambdatest-automation Plugin 1.2 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46651 (Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriat ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-46650 (Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub pr ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-5043 (Ingress nginx annotation injection causes arbitrary command execution.) + NOT-FOR-US: Kubernetes ingress-nginx +CVE-2023-5044 (Code injection via nginx.ingress.kubernetes.io/permanent-redirect anno ...) + NOT-FOR-US: Kubernetes ingress-nginx +CVE-2023-5758 (When opening a page in reader mode, the redirect URL could have caused ...) + - firefox (Only affects Firefox on iOS) + NOTE: https://www.mozilla.org/security/advisories/mfsa2023-48/ +CVE-2023-5752 (When installing a package from a Mercurial VCS URL (ie "pip install ...) + - python-pip 23.3+dfsg-1 + [bookworm] - python-pip (Minor issue) + [bullseye] - python-pip (Minor issue) + [buster] - python-pip (Minor issue) + NOTE: https://github.com/pypa/pip/pull/12306 + NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ +CVE-2023-5311 (The WP EXtra plugin for WordPress is vulnerable to unauthorized modifi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4608 (An authenticated XCC user with elevated privileges can perform blind S ...) + NOT-FOR-US: Lenovo +CVE-2023-4607 (An authenticated XCC user can change permissions for any user through ...) + NOT-FOR-US: Lenovo +CVE-2023-4606 (An authenticated XCC user with Read-Only permission can change a diffe ...) + NOT-FOR-US: Lenovo +CVE-2023-46574 (An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote att ...) + NOT-FOR-US: TOTOLINK +CVE-2023-46358 (In the module "Referral and Affiliation Program" (referralbyphone) ver ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46347 (In the module "Step by Step products Pack" (ndk_steppingpack) version ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46346 (In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportpr ...) + NOT-FOR-US: PrestaShop module +CVE-2023-46158 (IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 co ...) + NOT-FOR-US: IBM +CVE-2023-46136 (Werkzeug is a comprehensive WSGI web application library. If an upload ...) + - python-werkzeug (bug #1054553) + [bookworm] - python-werkzeug (Minor issue) + [bullseye] - python-werkzeug (Minor issue) + [buster] - python-werkzeug (Minor issue) + NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-hrfv-mqp8-q5rw + NOTE: https://github.com/pallets/werkzeug/commit/b1916c0c083e0be1c9d887ee2f3d696922bfc5c1 (3.0.1) +CVE-2023-46135 (rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. ...) + NOT-FOR-US: rs-stellar-strkey +CVE-2023-46126 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-46125 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-46124 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-46123 (jumpserver is an open source bastion machine, professional operation a ...) + NOT-FOR-US: JumpServer +CVE-2023-46120 (The RabbitMQ Java client library allows Java and JVM-based application ...) + NOT-FOR-US: RabbitMQ Java client library +CVE-2023-46119 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2023-46118 (RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API ...) + {DSA-5571-1 DLA-3687-1} + - rabbitmq-server 3.10.8-3 (bug #1056723) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-w6cq-9cf4-gqpg + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/9708 +CVE-2023-45555 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) + NOT-FOR-US: zzzCMS +CVE-2023-45554 (File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker t ...) + NOT-FOR-US: zzzCMS +CVE-2023-44794 (An issue in Dromara SaToken version 1.36.0 and before allows a remote ...) + NOT-FOR-US: Dromara SaToken +CVE-2023-44769 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) + NOT-FOR-US: Zenario CMS +CVE-2023-44767 (A File upload vulnerability in RiteCMS 3.0 allows a local attacker to ...) + NOT-FOR-US: RiteCMS +CVE-2023-43961 (An issue in Dromara SaToken version 1.3.50RC and before when using Spr ...) + NOT-FOR-US: Dromara SaToken +CVE-2023-43795 (GeoServer is an open source software server written in Java that allow ...) + NOT-FOR-US: GeoServer +CVE-2023-43360 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-41721 (Instances of UniFi Network Application that (i) are run on a UniFi Gat ...) + NOT-FOR-US: UniFi Network Application +CVE-2023-41339 (GeoServer is an open source software server written in Java that allow ...) + NOT-FOR-US: GeoServer +CVE-2023-3112 (A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ...) + NOT-FOR-US: Lenovo +CVE-2023-39930 (A first-factor authentication bypass vulnerability exists in the PingF ...) + NOT-FOR-US: PingFederate +CVE-2023-39740 (The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allo ...) + NOT-FOR-US: Onigiriya-musubee Line +CVE-2023-39739 (The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 a ...) + NOT-FOR-US: REGINA SWEETS&BAKERY Line +CVE-2023-39737 (The leakage of the client secret in Matsuya Line 13.6.1 allows attacke ...) + NOT-FOR-US: Matsuya Line +CVE-2023-39736 (The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 a ...) + NOT-FOR-US: Fukunaga_memberscard Line +CVE-2023-39735 (The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allo ...) + NOT-FOR-US: Uomasa_Saiji_news Line +CVE-2023-39734 (The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_ ...) + NOT-FOR-US: VISION MEAT WORKS TrackDiner10/10_mc Line +CVE-2023-39733 (The leakage of the client secret in TonTon-Tei Line v13.6.1 allows att ...) + NOT-FOR-US: TonTon-Tei Line +CVE-2023-39732 (The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 all ...) + NOT-FOR-US: Tokueimaru_waiting Line +CVE-2023-39219 (PingFederate Administrative Console dependency contains a weakness whe ...) + NOT-FOR-US: PingFederate +CVE-2023-38041 (A logged in user may elevate its permissions by abusing a Time-of-Chec ...) + NOT-FOR-US: Ivanti +CVE-2023-37283 (Under a very specific and highly unrecommended configuration, authenti ...) + NOT-FOR-US: PingFederate +CVE-2023-36085 (The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host he ...) + NOT-FOR-US: sisqualWFM +CVE-2023-34085 (When an AWS DynamoDB table is used for user attribute storage, it is p ...) + NOT-FOR-US: AWS +CVE-2023-34056 (vCenter Server contains a partial information disclosure vulnerability ...) + NOT-FOR-US: VMware +CVE-2023-34048 (vCenter Server contains an out-of-bounds write vulnerability in the im ...) + NOT-FOR-US: VMware +CVE-2023-31582 (jose4j before v0.9.3 allows attackers to set a low iteration count of ...) + - libjose4j-java 0.7.12-2 (bug #1054872) + NOTE: https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then + NOTE: Fixed by: https://bitbucket.org/b_c/jose4j/commits/1929fe3 (jose4j/0.9.3) +CVE-2023-31581 (Dromara Sureness before v1.0.8 was discovered to use a hardcoded key.) + NOT-FOR-US: Dromara Sureness +CVE-2023-31580 (light-oauth2 before version 2.1.27 obtains the public key without any ...) + NOT-FOR-US: light-oauth2 +CVE-2023-6478 (A flaw was found in xorg-server. A specially crafted request to RRChan ...) + {DSA-5576-1 DLA-3686-1} + - xorg-server 2:21.1.10-1 + - xwayland 2:23.2.3-1 + [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) + NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632 +CVE-2023-6377 (A flaw was found in xorg-server. Querying or changing XKB button actio ...) + {DSA-5576-2 DSA-5576-1 DLA-3686-2 DLA-3686-1} + - xorg-server 2:21.1.10-1 + - xwayland 2:23.2.3-1 + [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) + NOTE: https://lists.x.org/archives/xorg-announce/2023-December/003435.html + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd +CVE-2023-5574 (A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue oc ...) + - xorg-server (bug #1055426) + [bookworm] - xorg-server (Minor issue) + [bullseye] - xorg-server (Minor issue) + [buster] - xorg-server (Minor issue) + NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1189 +CVE-2023-5380 (A use-after-free flaw was found in the xorg-x11-server. An X server cr ...) + {DSA-5534-1 DLA-3631-1} + - xorg-server 2:21.1.9-1 + NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7 +CVE-2023-5367 (A out-of-bounds write flaw was found in the xorg-x11-server. This issu ...) + {DSA-5534-1 DLA-3631-1} + - xorg-server 2:21.1.9-1 + - xwayland 2:23.2.2-1 + [bookworm] - xwayland (Minor issue; Xwayland shouldn't be running as root) + NOTE: https://lists.x.org/archives/xorg-announce/2023-October/003430.html + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a +CVE-2023-5472 (Use after free in Profiles in Google Chrome prior to 118.0.5993.117 al ...) + {DSA-5536-1} + - chromium 118.0.5993.117-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5753 (Potential buffer overflows in the Bluetooth subsystem due to asserts b ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-5748 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Synology +CVE-2023-5745 (The Reusable Text Blocks plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5744 (The Very Simple Google Maps plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5740 (The Live Chat with Facebook Messenger plugin for WordPress is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5127 (The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5126 (The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5110 (The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5085 (The Advanced Menu Widget plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46373 (TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the f ...) + NOT-FOR-US: TP-Link +CVE-2023-46371 (TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability vi ...) + NOT-FOR-US: TP-Link +CVE-2023-46370 (Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via ...) + NOT-FOR-US: Tenda +CVE-2023-46369 (Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability vi ...) + NOT-FOR-US: Tenda +CVE-2023-46204 (Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46202 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Log ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46198 (Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Soluti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46193 (Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46191 (Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46190 (Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46189 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46152 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46151 (Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Produc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46150 (Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46128 (Nautobot is a Network Automation Platform built as a web application a ...) + NOT-FOR-US: Nautobot +CVE-2023-46071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46069 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46068 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQue ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46010 (An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary comm ...) + NOT-FOR-US: SeaCMS +CVE-2023-45960 + REJECTED +CVE-2023-45837 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45835 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn L ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45833 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Lead ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45832 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mart ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45829 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45770 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpsp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45769 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Rav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45768 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Step ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45767 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Woka ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45764 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45761 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45759 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Ke ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45758 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45756 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider T ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45755 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Budd ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45754 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45747 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45646 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45644 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anur ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45640 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45637 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45634 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43510 (A vulnerability in the ClearPass Policy Manager web-basedmanagement in ...) + NOT-FOR-US: Aruba +CVE-2023-43509 (A vulnerability in the web-based management interface ofClearPass Poli ...) + NOT-FOR-US: Aruba +CVE-2023-43508 (Vulnerabilities in the web-based management interface ofClearPass Poli ...) + NOT-FOR-US: Aruba +CVE-2023-43507 (A vulnerability in the web-based management interface ofClearPass Poli ...) + NOT-FOR-US: Aruba +CVE-2023-43506 (A vulnerability in the ClearPass OnGuard Linux agent couldallow malici ...) + NOT-FOR-US: Aruba +CVE-2023-42031 (IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard C ...) + NOT-FOR-US: IBM +CVE-2023-39924 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39619 (ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a ...) + NOT-FOR-US: Node Email Check module +CVE-2023-39231 (PingFederate using the PingOne MFA adapter allows a new MFA device to ...) + NOT-FOR-US: PingFederate +CVE-2023-5732 (An attacker could have created a malicious link using bidirectional ch ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5732 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5732 +CVE-2023-5731 (Memory safety bugs present in Firefox 118. Some of these bugs showed e ...) + - firefox 119.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5731 +CVE-2023-5730 (Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thun ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox 119.0-1 + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5730 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5730 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5730 +CVE-2023-5729 (A malicious web site can enter fullscreen mode while simultaneously tr ...) + - firefox 119.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5729 +CVE-2023-5728 (During garbage collection extra operations were performed on a object ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox 119.0-1 + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5728 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5728 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5728 +CVE-2023-5727 (The executable file warning was not presented when downloading .msix, ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5727 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5727 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5727 +CVE-2023-5726 (A website could have obscured the full screen notification by using th ...) + - firefox (Only affects Firefox on MacOS) + - firefox-esr (Only affects Firefox ESR on MacOS) + - thunderbird (Only affects Thunderbird on MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5726 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5726 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5726 +CVE-2023-5725 (A malicious installed WebExtension could open arbitrary URLs, which un ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox 119.0-1 + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5725 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5725 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5725 +CVE-2023-5724 (Drivers are not always robust to extremely large draw calls and in som ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox 119.0-1 + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5724 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5724 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5724 +CVE-2023-5723 (An attacker with temporary script access to a site could have set a co ...) + - firefox 119.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5723 +CVE-2023-5722 (Using iterative requests an attacker was able to learn the size of an ...) + - firefox 119.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5722 +CVE-2023-5721 (It was possible for certain browser prompts and dialogs to be activate ...) + {DSA-5538-1 DSA-5535-1 DLA-3637-1 DLA-3632-1} + - firefox 119.0-1 + - firefox-esr 115.4.0esr-1 + - thunderbird 1:115.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/#CVE-2023-5721 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-46/#CVE-2023-5721 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/#CVE-2023-5721 +CVE-2023-5746 (A vulnerability regarding use of externally-controlled format string i ...) + NOT-FOR-US: Synology +CVE-2023-5363 (Issue summary: A bug has been identified in the processing of key and ...) + {DSA-5532-1} + - openssl 3.0.12-1 + [bullseye] - openssl (Vulnerable code not present) + [buster] - openssl (Vulnerable code not present) + NOTE: https://www.openssl.org/news/secadv/20231024.txt +CVE-2023-46059 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) + NOT-FOR-US: Geeklog-Core geeklog +CVE-2023-46058 (Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2 ...) + NOT-FOR-US: Geeklog-Core geeklog +CVE-2023-45998 (kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing g ...) + NOT-FOR-US: kodbox +CVE-2023-45990 (Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remot ...) + NOT-FOR-US: WenwenaiCMS +CVE-2023-45966 (umputun remark42 version 1.12.1 and before has a Blind Server-Side Req ...) + NOT-FOR-US: umputun remark42 +CVE-2023-44760 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v. ...) + NOT-FOR-US: Concrete CMS +CVE-2023-43358 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43281 (Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remo ...) + NOTE: Duplicate of CVE-2023-45664 +CVE-2023-39817 + REJECTED +CVE-2023-39816 + REJECTED +CVE-2023-39815 + REJECTED +CVE-2023-39814 + REJECTED +CVE-2023-37636 (A stored cross-site scripting (XSS) vulnerability in UVDesk Community ...) + NOT-FOR-US: UVDesk Community Skeleton +CVE-2023-37635 (UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to p ...) + NOT-FOR-US: UVDesk Community Skeleton +CVE-2023-33517 (carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary Fil ...) + NOT-FOR-US: carRental +CVE-2023-5633 (The reference count changes made as part of the CVE-2023-33951 and CVE ...) + - linux 6.5.8-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/91398b413d03660fd5828f7b4abc64e884b98069 (6.6-rc6) +CVE-2023-5718 (The Vue.js Devtools extension was found to leak screenshot data back t ...) + NOT-FOR-US: Vue.js Devtools extension +CVE-2023-5246 (Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways wi ...) + NOT-FOR-US: SICK +CVE-2023-46603 (In International Color Consortium DemoIccMAX 79ecb74, there is an out- ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-46602 (In International Color Consortium DemoIccMAX 79ecb74, there is a stack ...) + NOT-FOR-US: International Color Consortium DemoIccMAX +CVE-2023-46332 (WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataS ...) + - wabt (bug #1055299) + [bookworm] - wabt (Minor issue) + [bullseye] - wabt (Minor issue) + [buster] - wabt (Minor issue) + NOTE: https://github.com/WebAssembly/wabt/issues/2311 +CVE-2023-46331 (WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegm ...) + - wabt (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/2310 + NOTE: Crash in CLI tool, no security impact +CVE-2023-46127 (Frappe is a full-stack web application framework that uses Python and ...) + NOT-FOR-US: Frappe Framework +CVE-2023-46122 (sbt is a build tool for Scala, Java, and others. Given a specially cra ...) + NOT-FOR-US: sbt +CVE-2023-43074 (Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2023-43067 (Dell Unity prior to 5.3 contains an XML External Entity injection vuln ...) + NOT-FOR-US: Dell +CVE-2023-43066 (Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerabili ...) + NOT-FOR-US: Dell +CVE-2023-43065 (Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. ...) + NOT-FOR-US: Dell +CVE-2023-43045 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could ...) + NOT-FOR-US: IBM +CVE-2023-42295 (An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to ex ...) + - openimageio 2.4.16.0+dfsg-1 (bug #1054873) + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) + NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/issues/3947 + NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3948 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/15750af31a5d130ea63ac133453eb5448cefa636 (v2.5.3.0-beta1) + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/OpenImageIO/commit/672ed4c445ebefd5581974c27e28ef717fb6c401 (v2.4.15.0) +CVE-2023-38722 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vul ...) + NOT-FOR-US: IBM +CVE-2023-37532 (HCL Commerce Remote Store server could allow a remote attacker, using ...) + NOT-FOR-US: HCL +CVE-2023-33840 (IBM Security Verify Governance 10.0 is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2023-33839 (IBM Security Verify Governance 10.0 could allow a remote authenticated ...) + NOT-FOR-US: IBM +CVE-2023-33837 (IBM Security Verify Governance 10.0 does not encrypt sensitive or crit ...) + NOT-FOR-US: IBM +CVE-2023-46288 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + - airflow (bug #819700) +CVE-2023-46316 (In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scrip ...) + - traceroute 1:2.1.3-1 + [bookworm] - traceroute (Minor issue) + [bullseye] - traceroute (Minor issue) + [buster] - traceroute (Minor issue) + NOTE: https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/ +CVE-2023-46586 + - weborf 1.0-1 (bug #1054417) + [bookworm] - weborf 0.19-2.1+deb12u1 + [bullseye] - weborf (Minor issue) + [buster] - weborf (Minor issue) + NOTE: https://github.com/ltworf/weborf/pull/88 + NOTE: Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0) +CVE-2023-5702 (A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and ...) + NOT-FOR-US: Viessmann Vitogate 300 +CVE-2023-5701 (A vulnerability has been found in vnotex vnote up to 3.17.0 and classi ...) + NOT-FOR-US: vnotex vnote +CVE-2023-5700 (A vulnerability, which was classified as critical, was found in Netent ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-5699 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5698 (A vulnerability classified as problematic was found in CodeAstro Inter ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5697 (A vulnerability classified as problematic has been found in CodeAstro ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5696 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5695 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5694 (A vulnerability was found in CodeAstro Internet Banking System 1.0. It ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-5693 (A vulnerability was found in CodeAstro Internet Banking System 1.0 and ...) + NOT-FOR-US: CodeAstro Internet Banking System +CVE-2023-46324 (pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is u ...) + NOT-FOR-US: free5GC +CVE-2023-46322 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) + NOT-FOR-US: iTerm2 +CVE-2023-46321 (iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ...) + NOT-FOR-US: iTerm2 +CVE-2023-46319 (WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthen ...) + NOT-FOR-US: WALLIX Bastion +CVE-2023-46317 (Knot Resolver before 5.7.0 performs many TCP reconnections upon receiv ...) + - knot-resolver 5.7.0-1 + [bookworm] - knot-resolver (Minor issue) + [bullseye] - knot-resolver (Minor issue) + NOTE: https://www.knot-resolver.cz/2023-08-22-knot-resolver-5.7.0.html + NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1448 +CVE-2023-46315 (The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsi ...) + NOT-FOR-US: Stable Diffusion webui Infinite Image Browsing +CVE-2023-46095 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46089 (Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback U ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46085 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43624 (CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4 ...) + NOT-FOR-US: CX-Designer +CVE-2023-46306 (The web administration interface in NetModule Router Software (NRSW) 4 ...) + NOT-FOR-US: NetModule Router Software +CVE-2023-46303 (link_to_local_path in ebooks/conversion/plugins/html_input.py in calib ...) + - calibre 6.19.1-1 + [bookworm] - calibre (Minor issue) + [bullseye] - calibre (Minor issue) + [buster] - calibre (Minor issue) + NOTE: https://github.com/0x1717/ssrf-via-img + NOTE: https://github.com/kovidgoyal/calibre/commit/bbbddd2bf4ef4ddb467b0aeb0abe8765ed7f8a6b (v6.19.0) +CVE-2021-46898 (views/switch.py in django-grappelli (aka Django Grappelli) before 2.15 ...) + NOT-FOR-US: Django Grappelli +CVE-2021-46897 (views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or co ...) + NOT-FOR-US: Wagtail CRX CodeRed Extensions +CVE-2023-46728 (Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and ...) + - squid 6.1-1 + NOTE: No code fix, gopher support was removed: + NOTE: https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3 (SQUID_6_0_1) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f + NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html +CVE-2023-46724 (Squid is a caching proxy for the Web. Due to an Improper Validation of ...) + - squid 6.5-1 (bug #1055252) + [buster] - squid (Doesn't build with OpenSSL yet) + NOTE: https://github.com/squid-cache/squid/commit/792ef23e6e1c05780fe17f733859eef6eb8c8be3 + NOTE: https://megamansec.github.io/Squid-Security-Audit/ssl-bufferunderread.html + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 +CVE-2023-46848 (Squid is vulnerable to Denial of Service, where a remote attacker can ...) + - squid 6.5-1 (bug #1055251) + [bullseye] - squid (Vulnerable code not present) + [buster] - squid (Vulnerable code not present) + - squid3 (Vulnerable code not present) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w +CVE-2023-46847 (Squid is vulnerable to a Denial of Service, where a remote attacker c ...) + - squid 6.5-1 (bug #1055250) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g + NOTE: https://github.com/squid-cache/squid/commit/052cf082b0faaef4eaaa4e94119d7a1437aac4a3 + NOTE: https://megamansec.github.io/Squid-Security-Audit/digest-overflow.html +CVE-2023-5824 (Squid is vulnerable to Denial of Service attack against HTTP and HTTPS ...) + - squid 6.5-1 (bug #1055249) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255 +CVE-2023-46846 (SQUID is vulnerable to HTTP request smuggling, caused by chunked decod ...) + - squid 6.5-1 (bug #1054537) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh +CVE-2023-5178 (A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` ...) + - linux 6.5.8-1 + [bookworm] - linux 6.1.64-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2241924 + NOTE: https://git.kernel.org/linus/d920abd1e7c4884f9ecd0749d1921b7ab19ddfbd + NOTE: https://www.openwall.com/lists/oss-security/2023/10/15/1 +CVE-2023-5625 (A regression was introduced in the Red Hat build of python-eventlet du ...) + - python-eventlet (Red Hat-specific regression) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2244717 +CVE-2023-39333 + - nodejs 18.13.0+dfsg1-1.1 (bug #1054892) + [bullseye] - nodejs (Only affects 18.x and later) + [buster] - nodejs (Only affects 18.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#code-injection-via-webassembly-export-names-low---cve-2023-39333 + NOTE: https://github.com/nodejs/node/commit/eaf9083cf1e43bd897ac8244dcc0f4e3500150ca +CVE-2023-5388 + - nss (bug #1056284) + [bookworm] - nss (Minor issue, revisit once fixed upstream) + [bullseye] - nss (Minor issue, revisit once fixed upstream) + [buster] - nss (Minor issue) + NOTE: https://people.redhat.com/~hkario/marvin/ +CVE-2023-5551 (Separate Groups mode restrictions were not honoured in the forum summa ...) + - moodle +CVE-2023-5550 (In a shared hosting environment that has been misconfigured to allow a ...) + - moodle +CVE-2023-5549 (Insufficient web service capability checks made it possible to move ca ...) + - moodle +CVE-2023-5548 (Stronger revision number limitations were required on file serving end ...) + - moodle +CVE-2023-5547 (The course upload preview contained an XSS risk for users uploading un ...) + - moodle +CVE-2023-5546 (ID numbers displayed in the quiz grading report required additional sa ...) + - moodle +CVE-2023-5545 (H5P metadata automatically populated the author with the user's userna ...) + - moodle +CVE-2023-5544 (Wiki comments required additional sanitizing and access restrictions t ...) + - moodle +CVE-2023-5539 (A remote code execution risk was identified in the Lesson activity. By ...) + - moodle +CVE-2023-5540 (A remote code execution risk was identified in the IMSCP activity. By ...) + - moodle +CVE-2023-5541 (The CSV grade import method contained an XSS risk for users importing ...) + - moodle +CVE-2023-5542 (Students in "Only see own membership" groups could see other students ...) + - moodle +CVE-2023-5543 (When duplicating a BigBlueButton activity, the original meeting ID was ...) + - moodle +CVE-2023-46301 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...) + NOT-FOR-US: iTerm2 +CVE-2023-46300 (iTerm2 before 3.4.20 allow (potentially remote) code execution because ...) + NOT-FOR-US: iTerm2 +CVE-2023-46298 (Next.js before 13.4.20-canary.13 lacks a cache-control header and thus ...) + NOT-FOR-US: Next.js +CVE-2023-46078 (Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Seria ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46067 (Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Fon ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38735 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2023-38276 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...) + NOT-FOR-US: IBM +CVE-2023-38275 (IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive in ...) + NOT-FOR-US: IBM +CVE-2023-5349 (A memory leak flaw was found in ruby-magick, an interface between Ruby ...) + {DLA-3625-1} + - ruby-rmagick 5.3.0-1 + [bookworm] - ruby-rmagick (Minor issue) + [bullseye] - ruby-rmagick (Minor issue) + NOTE: https://github.com/rmagick/rmagick/pull/1406 + NOTE: https://github.com/rmagick/rmagick/commit/fec7a7e639ae565386f7615155dbcf49b957b64a (RMagick_5-3-0) +CVE-2023-5684 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-5683 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-5682 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) + NOT-FOR-US: Tongda OA +CVE-2023-5681 (A vulnerability, which was classified as critical, was found in Netent ...) + NOT-FOR-US: Netentsec NS-ASG Application Security Gateway +CVE-2023-5205 (The Add Custom Body Class plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5132 (The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unau ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4939 (The SALESmanago plugin for WordPress is vulnerable to Log Injection in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4635 (The EventON plugin for WordPress is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46055 (An issue in ThingNario Photon v.1.0 allows a remote attacker to execut ...) + NOT-FOR-US: ThingNario Photon +CVE-2023-46054 (Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and befor ...) + NOT-FOR-US: WBCE CMS +CVE-2023-46003 (I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) vi ...) + NOT-FOR-US: I-doit pro +CVE-2023-45682 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 15) + NOTE: https://github.com/nothings/stb/pull/1560 +CVE-2023-45681 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 14) + NOTE: https://github.com/nothings/stb/pull/1559 +CVE-2023-45680 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 13) + NOTE: https://github.com/nothings/stb/pull/1558 +CVE-2023-45679 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 12) + NOTE: https://github.com/nothings/stb/pull/1557 +CVE-2023-45678 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 11) + NOTE: https://github.com/nothings/stb/pull/1556 +CVE-2023-45677 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 10) + NOTE: https://github.com/nothings/stb/pull/1555 +CVE-2023-45676 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 9) + NOTE: https://github.com/nothings/stb/pull/1554 +CVE-2023-45675 (stb_vorbis is a single file MIT licensed library for processing ogg vo ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 8) + NOTE: https://github.com/nothings/stb/issues/1552 + NOTE: https://github.com/nothings/stb/pull/1553 +CVE-2023-45667 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 7) + NOTE: https://github.com/nothings/stb/issues/1550 + NOTE: https://github.com/nothings/stb/pull/1551 +CVE-2023-45666 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 6) + NOTE: https://github.com/nothings/stb/issues/1548 + NOTE: https://github.com/nothings/stb/pull/1549 +CVE-2023-45664 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 4) + NOTE: https://github.com/nothings/stb/issues/1542 + NOTE: https://github.com/nothings/stb/pull/1545 +CVE-2023-45663 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 3) + NOTE: https://github.com/nothings/stb/issues/1542 + NOTE: https://github.com/nothings/stb/pull/1543 +CVE-2023-45662 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 2) + NOTE: https://github.com/nothings/stb/issues/1540 + NOTE: https://github.com/nothings/stb/pull/1541 +CVE-2023-45661 (stb_image is a single file MIT licensed library for processing images. ...) + - libstb (bug #1054911) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2023-145_GHSL-2023-151_stb_image_h/ (issue 1) + NOTE: https://github.com/nothings/stb/issues/1538 + NOTE: https://github.com/nothings/stb/pull/1539 +CVE-2023-43357 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43356 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43355 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43354 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43353 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43346 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + NOT-FOR-US: opensolution Quick CMS +CVE-2023-38194 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keep ...) + NOT-FOR-US: SuperWebMailer +CVE-2023-38193 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remo ...) + NOT-FOR-US: SuperWebMailer +CVE-2023-38192 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows supe ...) + NOT-FOR-US: SuperWebMailer +CVE-2023-38191 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spam ...) + NOT-FOR-US: SuperWebMailer +CVE-2023-38190 (An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Expo ...) + NOT-FOR-US: SuperWebMailer +CVE-2023-32786 (In Langchain through 0.0.155, prompt injection allows an attacker to f ...) + NOT-FOR-US: Langchain +CVE-2023-32785 (In Langchain through 0.0.155, prompt injection allows execution of arb ...) + NOT-FOR-US: Langchain +CVE-2023-5690 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-5689 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-5688 (Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-5687 (Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo ...) + NOT-FOR-US: mosparo +CVE-2023-5686 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1055854) + NOTE: https://huntr.com/bounties/bbfe1f76-8fa1-4a8c-909d-65b16e970be0 + NOTE: https://github.com/radareorg/radare2/commit/1bdda93e348c160c84e30da3637acef26d0348de +CVE-2023-5618 (The Modern Footnotes plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46287 (XSS exists in NagVis before 1.9.38 via the select function in share/se ...) + - nagvis 1:1.9.38-1 + [bookworm] - nagvis (Minor issue) + [bullseye] - nagvis (Minor issue) + [buster] - nagvis (Minor issue) + NOTE: https://github.com/NagVis/nagvis/pull/356 + NOTE: https://github.com/NagVis/nagvis/commit/093c2b0b31001bb74c78452858a0a9d27fa0a9b5 (nagvis-1.9.38) +CVE-2023-46117 (reconFTW is a tool designed to perform automated recon on a target dom ...) + NOT-FOR-US: reconFTW +CVE-2023-45805 (pdm is a Python package and dependency manager supporting the latest P ...) + - pdm (bug #1054428) + [bookworm] - pdm (Minor issue) + NOTE: https://github.com/pdm-project/pdm/security/advisories/GHSA-j44v-mmf2-xvm9 + NOTE: https://github.com/pdm-project/pdm/commit/6853e2642dfa281d4a9958fbc6c95b7e32d84831 +CVE-2023-44483 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) + - libxml-security-java + NOTE: https://www.openwall.com/lists/oss-security/2023/10/20/5 + NOTE: https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 + NOTE: https://santuario.apache.org/secadv.data/CVE-2023-44483.txt.asc +CVE-2023-44256 (A server-side request forgery vulnerability [CWE-918] in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2023-3965 (The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scri ...) + NOT-FOR-US: WordPress theme +CVE-2023-3962 (The Winters theme for WordPress is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress theme +CVE-2023-3933 (The Your Journey theme for WordPress is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress theme +CVE-2023-3487 (An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and ...) + NOT-FOR-US: Silicon Labs Gecko Bootloader +CVE-2023-37824 (Sitolog sitologapplicationconnect v7.8.a and before was discovered to ...) + NOT-FOR-US: Sitolog sitologapplicationconnect +CVE-2023-34046 (VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Tim ...) + NOT-FOR-US: VMware +CVE-2023-34045 (VMware Fusion(13.x prior to 13.5)contains a local privilege escalation ...) + NOT-FOR-US: VMware +CVE-2023-34044 (VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) ...) + NOT-FOR-US: VMware +CVE-2023-5090 (A flaw was found in KVM. An improper check in svm_set_x2apic_msr_inter ...) + - linux 6.5.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b65235f6e102354ccafda601eaa1c5bef5284d21 +CVE-2023-5668 (The WhatsApp Share Button plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5656 + REJECTED +CVE-2023-5655 + REJECTED +CVE-2023-5647 + REJECTED +CVE-2023-5646 + REJECTED +CVE-2023-5615 (The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5614 (The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5613 (The Super Testimonials plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5602 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5576 (The Migration, Backup, Staging - WPvivid plugin for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5534 (The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5533 (The AI ChatBot plugin for WordPress is vulnerable to unauthorized use ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5524 (Insufficient blacklisting in M-Files Web Companion before release vers ...) + NOT-FOR-US: M-Files +CVE-2023-5523 (Execution of downloaded content flaw in M-Files Web Companion before r ...) + NOT-FOR-US: M-Files +CVE-2023-5414 (The Icegram Express plugin for WordPress is vulnerable to Directory Tr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5337 (The Contact form Form For All plugin for WordPress is vulnerable to St ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5308 (The Podcast Subscribe Buttons plugin for WordPress is vulnerable to St ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5292 (The Advanced Custom Fields: Extended plugin for WordPress is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5231 (The Magic Action Box plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5200 (The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5121 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5120 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5109 (The WP Mailto Links \u2013 Protect Email Addresses plugin for WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5086 (The Copy Anything to Clipboard plugin for WordPress is vulnerable to S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5071 (The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5070 (The Social Media Share Buttons & Social Sharing Icons plugin for WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5050 (The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4999 (The Horizontal scrolling announcement plugin for WordPress is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4975 (The Website Builder by SeedProd plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4968 (The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4961 (The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4947 (The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-4943 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4942 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4941 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4940 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4937 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4935 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4926 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4924 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4923 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4920 (The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4919 (The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4796 (The Booster for WooCommerce for WordPress is vulnerable to Information ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-4668 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4648 (The WP Customer Reviews plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4598 (The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4488 (The Dropbox Folder Share for WordPress is vulnerable to Local File Inc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4482 (The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4402 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4386 (The Essential Blocks plugin for WordPress is vulnerable to PHP Object ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4274 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4271 (The Photospace Responsive plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4021 (The Modern Events Calendar lite plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46277 (please (aka pleaser) through 0.5.4 allows privilege escalation through ...) + - rust-pleaser (bug #1054289) + [bookworm] - rust-pleaser (Minor issue) + [bullseye] - rust-pleaser (Minor issue) + NOTE: https://gitlab.com/edneville/please/-/issues/13 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0066.html +CVE-2023-46267 + REJECTED +CVE-2023-46115 (Tauri is a framework for building binaries for all major desktop platf ...) + NOT-FOR-US: Tauri +CVE-2023-45823 (Artifact Hub is a web-based application that enables finding, installi ...) + NOT-FOR-US: Artifact Hub +CVE-2023-45822 (Artifact Hub is a web-based application that enables finding, installi ...) + NOT-FOR-US: Artifact Hub +CVE-2023-45821 (Artifact Hub is a web-based application that enables finding, installi ...) + NOT-FOR-US: Artifact Hub +CVE-2023-45819 (TinyMCE is an open source rich text editor. A cross-site scripting (XS ...) + - tinymce + [buster] - tinymce (Minor issue) +CVE-2023-45818 (TinyMCE is an open source rich text editor. A mutation cross-site scri ...) + - tinymce + [buster] - tinymce (Minor issue) +CVE-2023-45815 (ArchiveBox is an open source self-hosted web archiving system. Any use ...) + NOT-FOR-US: ArchiveBox +CVE-2023-45471 (The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XS ...) + NOT-FOR-US: QAD Search Server +CVE-2023-45394 (Stored Cross-Site Scripting (XSS) vulnerability in the Company field i ...) + NOT-FOR-US: Small CRM +CVE-2023-45280 (Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its p ...) + NOT-FOR-US: Yamcs +CVE-2023-45279 (Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its p ...) + NOT-FOR-US: Yamcs +CVE-2023-44690 (Inadequate encryption strength in mycli 1.27.0 allows attackers to vie ...) + - mycli (unimportant) + NOTE: Negligible security impact +CVE-2023-44385 (The Home Assistant Companion for iOS and macOS app up to version 2023. ...) + NOT-FOR-US: Home Assistant Companion +CVE-2023-43875 (Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of ...) + NOT-FOR-US: Subrion CMS +CVE-2023-43359 (Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43345 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + NOT-FOR-US: Quick CMS +CVE-2023-43344 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + NOT-FOR-US: Quick CMS +CVE-2023-43342 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + NOT-FOR-US: Quick CMS +CVE-2023-43341 (Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allo ...) + NOT-FOR-US: Evolution CMS +CVE-2023-43340 (Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a ...) + NOT-FOR-US: Evolution CMS +CVE-2023-41899 (Home assistant is an open source home automation. In affected versions ...) + NOT-FOR-US: Home assistant +CVE-2023-41898 (Home assistant is an open source home automation. The Home Assistant C ...) + NOT-FOR-US: Home assistant +CVE-2023-41897 (Home assistant is an open source home automation. Home Assistant serve ...) + NOT-FOR-US: Home assistant +CVE-2023-41896 (Home assistant is an open source home automation. Whilst auditing the ...) + NOT-FOR-US: Home assistant +CVE-2023-41895 (Home assistant is an open source home automation. The Home Assistant l ...) + NOT-FOR-US: Home assistant +CVE-2023-41894 (Home assistant is an open source home automation. The assessment verif ...) + NOT-FOR-US: Home assistant +CVE-2023-41893 (Home assistant is an open source home automation. The audit team\u2019 ...) + NOT-FOR-US: Home assistant +CVE-2023-40361 (SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the preview ...) + NOT-FOR-US: SECUDOS Qiata +CVE-2023-3998 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3996 (The ARMember Lite - Membership Plugin for WordPress is vulnerable to S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3869 (The wpDiscuz plugin for WordPress is vulnerable to unauthorized modifi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39731 (The leakage of the client secret in Kaibutsunosato v13.6.1 allows atta ...) + NOT-FOR-US: Kaibutsunosato +CVE-2023-39680 (Sollace Unicopia version 1.1.1 and before was discovered to deserializ ...) + NOT-FOR-US: Sollace Unicopia +CVE-2023-34052 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...) + NOT-FOR-US: Vmware +CVE-2023-34051 (VMware Aria Operations for Logs contains an authentication bypass vuln ...) + NOT-FOR-US: Vmware +CVE-2023-2325 (Stored XSS Vulnerability in M-Files Classic Web versions before 23.10a ...) + NOT-FOR-US: M-Files +CVE-2022-4954 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4418 (The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4353 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...) + NOT-FOR-US: WooCommerce plugin +CVE-2020-36759 (The Woody code snippets plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36758 (The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36755 (The Customizr theme for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WordPress theme +CVE-2020-36754 (The Paid Memberships Pro plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36753 (The Hueman theme for WordPress is vulnerable to Cross-Site Request For ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36751 (The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36714 (The Brizy plugin for WordPress is vulnerable to authorization bypass d ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36706 (The Simple:Press \u2013 WordPress Forum Plugin for WordPress is vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36698 (The Security & Malware scan by CleanTalk plugin for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45802 (When a HTTP/2 stream was reset (RST frame) by a client, there was a ti ...) + - apache2 2.4.58-1 + [bookworm] - apache2 (Minor issue) + [bullseye] - apache2 (Minor issue) + [buster] - apache2 (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-45802 + NOTE: https://github.com/icing/blog/blob/main/h2-rapid-reset.md#cve-2023-45802 +CVE-2023-43622 (An attacker, opening a HTTP/2 connection with an initial window size o ...) + - apache2 2.4.58-1 + [bookworm] - apache2 (Minor issue) + [bullseye] - apache2 (Minor issue) + [buster] - apache2 (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/5 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-43622 +CVE-2023-5654 (The React Developer Tools extension registers a message listener with ...) + NOT-FOR-US: React Developer Tools extension +CVE-2023-5059 (Santesoft Sante FFT Imaging lacks proper validation of user-supplied d ...) + NOT-FOR-US: Santesoft Sante FFT Imaging +CVE-2023-46227 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-46042 (An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute ...) + NOT-FOR-US: GetSimpleCMS +CVE-2023-46033 (D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL ...) + NOT-FOR-US: D-Link +CVE-2023-45992 (A vulnerability in the web-based interface of the RUCKUS Cloudpath pro ...) + NOT-FOR-US: Ruckus +CVE-2023-45883 (A privilege escalation vulnerability exists within the Qumu Multicast ...) + NOT-FOR-US: Qumu Multicast Extension +CVE-2023-45826 (Leantime is an open source project management system. A 'userId' varia ...) + NOT-FOR-US: Leantime +CVE-2023-45825 (ydb-go-sdk is a pure Go native and database/sql driver for the YDB pla ...) + NOT-FOR-US: ydb-go-sdk +CVE-2023-45820 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-45809 (Wagtail is an open source content management system built on Django. A ...) + NOT-FOR-US: Wagtail +CVE-2023-45665 + REJECTED +CVE-2023-45384 (KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestrict ...) + NOT-FOR-US: KnowBand supercheckout +CVE-2023-45381 (In the module "Creative Popup" (creativepopup) up to version 1.6.9 fro ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45379 (In the module "Rotator Img" (posrotatorimg) in versions at least up to ...) + NOT-FOR-US: PosThemes for PrestaShop +CVE-2023-45376 (In the module "Carousels Pack - Instagram, Products, Brands, Supplier" ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45281 (An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie ...) + NOT-FOR-US: Yamcs +CVE-2023-45278 (Directory Traversal vulnerability in the storage functionality of the ...) + NOT-FOR-US: Yamcs +CVE-2023-45277 (Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The v ...) + NOT-FOR-US: Yamcs +CVE-2023-43986 (DM Concept configurator before v4.9.4 was discovered to contain a SQL ...) + NOT-FOR-US: DM Concept configurator (PrestaShop module) +CVE-2023-43492 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi conta ...) + NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device +CVE-2023-43252 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted i ...) + NOT-FOR-US: XNSoft Nconvert +CVE-2023-43251 (XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a c ...) + NOT-FOR-US: XNSoft Nconvert +CVE-2023-42666 (The affected product is vulnerable to an exposure of sensitive informa ...) + NOT-FOR-US: DEXMA +CVE-2023-42435 (The affected product is vulnerable to a cross-site request forgery vul ...) + NOT-FOR-US: DEXMA +CVE-2023-41089 (The affected product is vulnerable to an improper authentication vulne ...) + NOT-FOR-US: DEXMA +CVE-2023-41088 (The affected product is vulnerable to a cleartext transmission of sens ...) + NOT-FOR-US: DEXMA +CVE-2023-40153 (The affected product is vulnerable to a cross-site scripting vulnerabi ...) + NOT-FOR-US: DEXMA +CVE-2023-40145 (In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can exe ...) + NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device +CVE-2023-39431 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...) + NOT-FOR-US: Sante DICOM Viewer Pro +CVE-2023-38584 (In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi co ...) + NOT-FOR-US: Weintek's cMT3000 HMI Web CGI device +CVE-2023-38128 (An out-of-bounds write vulnerability exists in the "HyperLinkFrame" st ...) + NOT-FOR-US: Ichitaro +CVE-2023-38127 (An integer overflow exists in the "HyperLinkFrame" stream parser of Ic ...) + NOT-FOR-US: Ichitaro +CVE-2023-35986 (Sante DICOM Viewer Pro lacks proper validation of user-supplied data w ...) + NOT-FOR-US: Sante DICOM Viewer Pro +CVE-2023-35187 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + NOT-FOR-US: SolarWinds +CVE-2023-35186 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) + NOT-FOR-US: SolarWinds +CVE-2023-35185 (The SolarWinds Access Rights Manager was susceptible to a Directory Tr ...) + NOT-FOR-US: SolarWinds +CVE-2023-35184 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) + NOT-FOR-US: SolarWinds +CVE-2023-35183 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...) + NOT-FOR-US: SolarWinds +CVE-2023-35182 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) + NOT-FOR-US: SolarWinds +CVE-2023-35181 (The SolarWinds Access Rights Manager was susceptible to Privilege Esca ...) + NOT-FOR-US: SolarWinds +CVE-2023-35180 (The SolarWinds Access Rights Manager was susceptible to Remote Code Ex ...) + NOT-FOR-US: SolarWinds +CVE-2023-35126 (An out-of-bounds write vulnerability exists within the parsers for bot ...) + NOT-FOR-US: Ichitaro +CVE-2023-34366 (A use-after-free vulnerability exists in the Figure stream parsing fun ...) + NOT-FOR-US: Ichitaro +CVE-2023-45024 (Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information ...) + {DSA-5541-1} + - request-tracker5 5.0.5+dfsg-1 (bug #1054517) + NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 + NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) +CVE-2023-41260 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...) + {DSA-5542-1 DSA-5541-1 DLA-3642-1} + - request-tracker5 5.0.5+dfsg-1 (bug #1054517) + - request-tracker4 4.4.7+dfsg-1 (bug #1054516) + NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 + NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) + NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 + NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7) +CVE-2023-41259 (Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 ...) + {DSA-5542-1 DSA-5541-1 DLA-3642-1} + - request-tracker5 5.0.5+dfsg-1 (bug #1054517) + - request-tracker4 4.4.7+dfsg-1 (bug #1054516) + NOTE: https://github.com/bestpractical/rt/releases/tag/rt-5.0.5 + NOTE: https://github.com/bestpractical/rt/commit/90fb016e604942256edf00a36644ce077bb5ea4e (rt-5.0.5) + NOTE: https://github.com/bestpractical/rt/releases/tag/rt-4.4.7 + NOTE: https://github.com/bestpractical/rt/commit/33e9203bf2a61e20f8b8e682d57f55cb7a995967 (rt-4.4.7) +CVE-2023-5639 (The Team Showcase plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5638 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5336 (The iPanorama 360 \u2013 WordPress Virtual Tour Builder plugin for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5254 (The ChatBot plugin for WordPress is vulnerable to Sensitive Informatio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5241 (The AI ChatBot for WordPress is vulnerable to Directory Traversal in v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5212 (The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File De ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5204 (The ChatBot plugin for WordPress is vulnerable to SQL Injection via th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4645 (The Ad Inserter for WordPress is vulnerable to Sensitive Information E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46229 (LangChain before 0.0.317 allows SSRF via document_loaders/recursive_ur ...) + NOT-FOR-US: LanChain-ai Langchain +CVE-2023-46228 (zchunk before 1.3.2 has multiple integer overflows via malformed zchun ...) + - zchunk 1.3.2+ds1-1 (bug #1054235) + [bookworm] - zchunk (Minor issue) + [bullseye] - zchunk (Minor issue) + NOTE: https://github.com/zchunk/zchunk/commit/08aec2b4dfd7f709b6e3d511411ffcc83ed4efbe (1.3.2) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1216268 +CVE-2023-45958 (Thirty Bees Core v1.4.0 was discovered to contain a reflected cross-si ...) + NOT-FOR-US: Thirty Bees Core +CVE-2023-45909 (zzzcms v2.2.0 was discovered to contain an open redirect vulnerability ...) + NOT-FOR-US: zzzcms +CVE-2023-45814 (Bunkum is an open-source protocol-agnostic request server for custom g ...) + NOT-FOR-US: Bunkum +CVE-2023-45813 (Torbot is an open source tor network intelligence tool. In affected ve ...) + NOT-FOR-US: Torbot +CVE-2023-45812 (The Apollo Router is a configurable, high-performance graph router wri ...) + NOT-FOR-US: Apollo Router +CVE-2023-45146 (XXL-RPC is a high performance, distributed RPC framework. With it, a T ...) + NOT-FOR-US: XXL-RPC +CVE-2023-45145 (Redis is an in-memory database that persists on disk. On startup, Redi ...) + {DLA-3627-1} + - redis 5:7.0.14-1 (bug #1054225) + [bookworm] - redis (Minor issue) + [bullseye] - redis (Minor issue) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-ghmp-889m-7cvx + NOTE: https://github.com/redis/redis/commit/03345ddc7faf7af079485f2cbe5d17a1611cbce1 (unstable) + NOTE: https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc (7.0.14) +CVE-2023-43803 (Arduino Create Agent is a package to help manage Arduino development. ...) + NOT-FOR-US: Arduino Create Agent +CVE-2023-43802 (Arduino Create Agent is a package to help manage Arduino development. ...) + NOT-FOR-US: Arduino Create Agent +CVE-2023-43801 (Arduino Create Agent is a package to help manage Arduino development. ...) + NOT-FOR-US: Arduino Create Agent +CVE-2023-43800 (Arduino Create Agent is a package to help manage Arduino development. ...) + NOT-FOR-US: Arduino Create Agent +CVE-2023-37504 (HCL Compass is vulnerable to failure to invalidate sessions. The appli ...) + NOT-FOR-US: HCL +CVE-2023-37503 (HCL Compass is vulnerable to insecure password requirements. An attack ...) + NOT-FOR-US: HCL +CVE-2023-37502 (HCL Compass is vulnerable to lack of file upload security. An attacker ...) + NOT-FOR-US: HCL +CVE-2023-36857 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) + NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware +CVE-2023-34441 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) + NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware +CVE-2023-34437 (Baker Hughes \u2013 Bently Nevada 3500 System TDI Firmware version 5.0 ...) + NOT-FOR-US: Baker Hughes - Bently Nevada 3500 System TDI Firmware +CVE-2023-34050 (In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed l ...) + NOT-FOR-US: Spring AMQP +CVE-2023-5642 (Advantech R-SeeNet v2.4.23 allows an unauthenticated remote attacker t ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2023-5632 (In Eclipse Mosquito before and including 2.0.5, establishing a connect ...) + - mosquitto 2.0.7-1 + [buster] - mosquitto (The vulnerable code was introduced later) + NOTE: https://github.com/eclipse/mosquitto/pull/2053 + NOTE: https://github.com/eclipse/mosquitto/commit/18bad1ff32435e523d7507e9b2ce0010124a8f2d (v2.0.6) +CVE-2023-5631 (Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 al ...) + {DSA-5531-1 DLA-3630-1} + - roundcube 1.6.4+dfsg-1 (bug #1054079) + NOTE: https://github.com/roundcube/roundcubemail/commit/41756cc3331b495cc0b71886984474dc529dd31d (1.6.4) + NOTE: https://www.openwall.com/lists/oss-security/2023/11/01/1 +CVE-2023-4601 (A stack-based buffer overflow vulnerability exists in NI System Config ...) + NOT-FOR-US: NI System Configuration +CVE-2023-46009 (gifsicle-1.94 was found to have a floating point exception (FPE) vulne ...) + - gifsicle (unimportant) + NOTE: https://github.com/kohler/gifsicle/issues/196 + NOTE: Fixed by: https://github.com/kohler/gifsicle/commit/76b1f021dd185ceff7b4a71a9f96a6026aca06af + NOTE: Fixed by: https://github.com/kohler/gifsicle/commit/06d533628b1f3a75d06cbb29773dc6aaa2916fc3 + NOTE: Crash in CLI tool, no security impact +CVE-2023-46007 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Best Courier Management System +CVE-2023-46006 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Best Courier Management System +CVE-2023-46005 (Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Best Courier Management System +CVE-2023-46004 (Sourcecodester Best Courier Management System 1.0 is vulnerable to Arb ...) + NOT-FOR-US: Sourcecodester Best Courier Management System +CVE-2023-45912 (WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate ...) + NOT-FOR-US: WIPOTEC GmbH ComScale +CVE-2023-45911 (An issue in WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 allows ...) + NOT-FOR-US: WIPOTEC GmbH ComScale +CVE-2023-45727 (Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gatew ...) + NOT-FOR-US: Proself +CVE-2023-45632 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45630 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Ga ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45608 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45607 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Scot ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45602 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Shopfile ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45383 (In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2. ...) + NOT-FOR-US: PrestaShop plugin +CVE-2023-45073 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45072 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kard ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45071 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in 10Web Form ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45070 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45067 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45064 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Daisuke ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45062 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Thomas S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45059 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45057 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hits ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45056 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45054 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AWESOME ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43250 (XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a Use ...) + NOT-FOR-US: XNSoft Nconvert +CVE-2023-35663 (In Init of protocolnetadapter.cpp, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-35656 (In multiple functions of protocolembmsadapter.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-32089 (Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with ...) + NOT-FOR-US: Pega Platform +CVE-2023-32088 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...) + NOT-FOR-US: Pega Platform +CVE-2023-32087 (Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS i ...) + NOT-FOR-US: Pega Platform +CVE-2023-5568 (A heap-based Buffer Overflow flaw was discovered in Samba. It could al ...) + - samba 2:4.19.2+dfsg-1 + [bookworm] - samba (Vulnerable code introduced later) + [bullseye] - samba (Vulnerable code introduced later) + [buster] - samba (Vulnerable code introduced later) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15491 + NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/3310 + NOTE: https://github.com/samba-team/samba/commit/3280893ae80507e36653a0c7da03c82b88ece30b +CVE-2023-5626 (Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior t ...) + NOT-FOR-US: OJS +CVE-2023-5621 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) + NOT-FOR-US: Thumbnail Slider With Lightbox plugin for WordPress +CVE-2023-5552 (A password disclosure vulnerability in the Secure PDF eXchange (SPX) f ...) + NOT-FOR-US: Sophos +CVE-2023-5538 (The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: MpOperationLogs plugin for WordPress +CVE-2023-4938 (The BEAR for WordPress is vulnerable to Missing Authorization in versi ...) + NOT-FOR-US: BEAR for WordPress +CVE-2023-45811 (Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__p ...) + NOT-FOR-US: Synchrony deobfuscator +CVE-2023-45810 (OpenFGA is a flexible authorization/permission engine built for develo ...) + NOT-FOR-US: OpenFGA +CVE-2023-45051 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45049 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPJo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-42507 (Stack-based buffer overflow vulnerability exists in OnSinView2 version ...) + NOT-FOR-US: OnSinView2 +CVE-2023-42506 (Improper restriction of operations within the bounds of a memory buffe ...) + NOT-FOR-US: OnSinView2 +CVE-2023-42319 (Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, ...) + - golang-github-go-ethereum (bug #890541) +CVE-2023-41715 (SonicOS post-authentication Improper Privilege Management vulnerabilit ...) + NOT-FOR-US: SonicOS +CVE-2023-41713 (SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyT ...) + NOT-FOR-US: SonicOS +CVE-2023-41712 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) + NOT-FOR-US: SonicOS +CVE-2023-41711 (SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability ...) + NOT-FOR-US: SonicOS +CVE-2023-41631 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) + NOT-FOR-US: eSST Monitoring +CVE-2023-41630 (eSST Monitoring v2.147.1 was discovered to contain a remote code execu ...) + NOT-FOR-US: eSST Monitoring +CVE-2023-41629 (A lack of input sanitizing in the file download feature of eSST Monito ...) + NOT-FOR-US: eSST Monitoring +CVE-2023-3254 (The Widgets for Google Reviews plugin for WordPress is vulnerable to C ...) + NOT-FOR-US: Widgets for Google Reviews plugin for WordPress +CVE-2023-3042 (In dotCMS, versions mentioned, a flaw in the NormalizationFilter does ...) + NOT-FOR-US: dotCMS +CVE-2023-39332 (Various `node:fs` functions allow specifying paths as either strings o ...) + - nodejs (Only affects 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#path-traversal-through-path-stored-in-uint8array-high---cve-2023-39332 +CVE-2023-39331 (A previously disclosed vulnerability (CVE-2023-30584) was patched insu ...) + - nodejs (CVE-2023-30584 not insufficiently patched) + NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#permission-model-improperly-protects-against-path-traversal-high---cve-2023-39331 +CVE-2023-39280 (SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerabilit ...) + NOT-FOR-US: SonicOS +CVE-2023-39279 (SonicOS post-authentication Stack-Based Buffer Overflow vulnerability ...) + NOT-FOR-US: SonicOS +CVE-2023-39278 (SonicOS post-authentication user assertion failure leads to Stack-Base ...) + NOT-FOR-US: SonicOS +CVE-2023-39277 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) + NOT-FOR-US: SonicOS +CVE-2023-39276 (SonicOS post-authentication stack-based buffer overflow vulnerability ...) + NOT-FOR-US: SonicOS +CVE-2023-38552 (When the Node.js policy feature checks the integrity of a resource aga ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1054892) + [bullseye] - nodejs (Only affects 18.x and later) + [buster] - nodejs (Only affects 18.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/october-2023-security-releases#integrity-checks-according-to-policies-can-be-circumvented-medium---cve-2023-38552 + NOTE: https://github.com/nodejs/node/commit/1c538938ccadfd35fbc699d8e85102736cd5945c +CVE-2023-36321 (Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discover ...) + NOT-FOR-US: COVESA +CVE-2023-35084 (Unsafe Deserialization of User Input could lead to Execution of Unauth ...) + NOT-FOR-US: Ivanti +CVE-2023-35083 (Allows an authenticated attacker with network access to read arbitrary ...) + NOT-FOR-US: Ivanti +CVE-2023-5522 (Mattermost Mobile fails to limitthe maximum number of Markdown element ...) + NOT-FOR-US: Mattermost Mobile +CVE-2023-5339 (Mattermost Desktopfails to set an appropriate log level during initial ...) + NOT-FOR-US: Mattermost Desktop +CVE-2023-4896 (A vulnerability exists which allows an authenticated attacker to acces ...) + NOT-FOR-US: Aruba Networks +CVE-2023-45952 (An arbitrary file upload vulnerability in the component ajax_link.php ...) + NOT-FOR-US: lylme_spage +CVE-2023-45951 (lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: lylme_spage +CVE-2023-45907 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45906 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45905 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45904 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45903 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45902 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45901 (Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-45803 (urllib3 is a user-friendly HTTP client library for Python. urllib3 pre ...) + {DLA-3649-1} + - python-urllib3 1.26.18-1 (bug #1054226) + [bookworm] - python-urllib3 (Minor issue) + [bullseye] - python-urllib3 (Minor issue) + NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 + NOTE: https://github.com/urllib3/urllib3/commit/b594c5ceaca38e1ac215f916538fb128e3526a36 (1.26.18) +CVE-2023-45010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45007 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45006 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsol ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45005 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45004 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45003 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Pl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44990 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in real ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44824 (An issue in Expense Management System v.1.0 allows a local attacker to ...) + NOT-FOR-US: Expense Management System +CVE-2023-44311 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the P ...) + NOT-FOR-US: Liferay Portal plugin +CVE-2023-44310 (Stored cross-site scripting (XSS) vulnerability in Page Tree menu Life ...) + NOT-FOR-US: Liferay +CVE-2023-44309 (Multiple stored cross-site scripting (XSS) vulnerabilities in the frag ...) + NOT-FOR-US: Liferay +CVE-2023-43959 (An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged ...) + NOT-FOR-US: YeaLinkSIP-T19P-E2 +CVE-2023-43794 (Nocodb is an open source Airtable alternative. Affected versions of no ...) + NOT-FOR-US: nocodb +CVE-2023-43777 (Eaton easySoft software is used to program easy controllers and displa ...) + NOT-FOR-US: Eaton easySoft software +CVE-2023-43776 (Eaton easyE4 PLC offers a device password protection functionality to ...) + NOT-FOR-US: Eaton easyE4 PLC +CVE-2023-42629 (Stored cross-site scripting (XSS) vulnerability in the manage vocabula ...) + NOT-FOR-US: Liferay +CVE-2023-42628 (Stored cross-site scripting (XSS) vulnerability in the Wiki widget in ...) + NOT-FOR-US: Liferay +CVE-2023-42627 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Comm ...) + NOT-FOR-US: Liferay +CVE-2023-39902 (A software vulnerability has been identified in the U-Boot Secondary P ...) + NOT-FOR-US: NXP +CVE-2023-37537 (An unquoted service path vulnerability in HCL AppScan Presence, deploy ...) + NOT-FOR-US: HCL +CVE-2023-4399 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana (Specific to Grafana Enterprise) +CVE-2023-4215 (Advantech WebAccess version 9.1.3 contains an exposure of sensitive in ...) + NOT-FOR-US: Advantech +CVE-2023-4089 (On affected Wago products an remote attacker with administrative privi ...) + NOT-FOR-US: Wago +CVE-2023-45807 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) + - opensearch (bug #1054912) + NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-72q2-gwwf-6hrv +CVE-2023-45659 (Engelsystem is a shift planning system for chaos events. If a users' ...) + NOT-FOR-US: Engelsystem +CVE-2023-45542 (Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote ...) + NOT-FOR-US: mooSocial +CVE-2023-45540 (An issue in Jorani Leave Management System 1.0.3 allows a remote attac ...) + NOT-FOR-US: Jorani Leave Management System +CVE-2023-45386 (In the module extratabspro before version 2.2.8 from MyPresta.eu for P ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45375 (In the module "PireosPay" (pireospay) before version 1.7.10 from 01gen ...) + NOT-FOR-US: PrestaShop module +CVE-2023-45358 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored ...) + NOT-FOR-US: Archer +CVE-2023-45357 (Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensiti ...) + NOT-FOR-US: Archer +CVE-2023-45152 (Engelsystem is a shift planning system for chaos events. A Blind SSRF ...) + NOT-FOR-US: Engelsystem +CVE-2023-45147 (Discourse is an open source community platform. In affected versions a ...) + NOT-FOR-US: Discourse +CVE-2023-45144 (com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in buil ...) + NOT-FOR-US: com.xwiki.identity-oauth:identity-oauth-ui +CVE-2023-45141 (Fiber is an express inspired web framework written in Go. A Cross-Site ...) + NOT-FOR-US: Fiber +CVE-2023-45131 (Discourse is an open source platform for community discussion. New cha ...) + NOT-FOR-US: Discourse +CVE-2023-45128 (Fiber is an express inspired web framework written in Go. A Cross-Site ...) + NOT-FOR-US: Fiber +CVE-2023-44694 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...) + NOT-FOR-US: D-Link +CVE-2023-44693 (D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerab ...) + NOT-FOR-US: D-Link +CVE-2023-44394 (MantisBT is an open source bug tracker. Due to insufficient access-lev ...) + - mantis +CVE-2023-44391 (Discourse is an open source platform for community discussion. User su ...) + NOT-FOR-US: Discourse +CVE-2023-44388 (Discourse is an open source platform for community discussion. A malic ...) + NOT-FOR-US: Discourse +CVE-2023-43814 (Discourse is an open source platform for community discussion. Attacke ...) + NOT-FOR-US: Discourse +CVE-2023-43659 (Discourse is an open source platform for community discussion. Imprope ...) + NOT-FOR-US: Discourse +CVE-2023-43658 (dicourse-calendar is a plugin for the Discourse messaging platform whi ...) + NOT-FOR-US: Discourse plugin +CVE-2023-42497 (Reflected cross-site scripting (XSS) vulnerability on the Export for T ...) + NOT-FOR-US: Liferay Portal +CVE-2023-42459 (Fast DDS is a C++ implementation of the DDS (Data Distribution Service ...) + {DSA-5568-1} + - fastdds 2.11.2+ds-6 (bug #1054163) + [bullseye] - fastdds (Vulnerable code not present) + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-gq8g-fj58-22gm + NOTE: https://github.com/eProsima/Fast-DDS/issues/3207 + NOTE: https://github.com/eProsima/Fast-DDS/pull/3824 + NOTE: https://github.com/eProsima/Fast-DDS/commit/1e978c6f3d0ca1df6b323b37fd4902b0762ececb +CVE-2023-41752 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + {DSA-5549-1 DLA-3645-1} + - trafficserver 9.2.3+ds-1 (bug #1054427) + NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q + NOTE: https://github.com/apache/trafficserver/commit/334839cb7a6724c71a5542e924251a8d931774b0 (8.1.9) + NOTE: https://github.com/apache/trafficserver/commit/de7c8a78edd5b75e311561dfaa133e9d71ea8a5e (9.2.3-rc0) +CVE-2023-40852 (SQL Injection vulnerability in Phpgurukul User Registration & Login an ...) + NOT-FOR-US: Phpgurukul +CVE-2023-40851 (Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registrati ...) + NOT-FOR-US: Phpgurukul +CVE-2023-40374 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-40373 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...) + NOT-FOR-US: IBM +CVE-2023-40372 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-39456 (Improper Input Validation vulnerability in Apache Traffic Server with ...) + - trafficserver 9.2.3+ds-1 (bug #1054427) + [bookworm] - trafficserver 9.2.3+ds-1+deb12u1 + [bullseye] - trafficserver (Vulnerable code not present) + [buster] - trafficserver (Vulnerable code not present) + NOTE: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q + NOTE: https://github.com/apache/trafficserver/commit/4ca137b59bc6aaa25f8b14db2bdd2e72c43502e5 (9.2.3-rc0) +CVE-2023-38740 (IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11. ...) + NOT-FOR-US: IBM +CVE-2023-38728 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-38720 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-38719 (IBM Db2 11.5 could allow a local user with special privileges to cause ...) + NOT-FOR-US: IBM +CVE-2023-34210 (SQL Injection in create customer group function in EasyUse MailHunter ...) + NOT-FOR-US: EasyUse MailHunter +CVE-2023-34209 (Exposure of Sensitive System Information to an Unauthorized Control Sp ...) + NOT-FOR-US: EasyUse MailHunter +CVE-2023-34208 (Path Traversal in create template function in EasyUse MailHunter Ultim ...) + NOT-FOR-US: EasyUse MailHunter +CVE-2023-34207 (Unrestricted upload of file with dangerous type vulnerability in creat ...) + NOT-FOR-US: EasyUse MailHunter +CVE-2012-10016 (A vulnerability classified as problematic has been found in Halulu sim ...) + NOT-FOR-US: Halulu +CVE-2011-10004 (A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5595 (Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.) + - gpac (bug #1055125) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/0064cf76-ece1-495d-82b4-e4a1bebeb28e + NOTE: https://github.com/gpac/gpac/issues/2633 + NOTE: https://github.com/gpac/gpac/commit/7a6f636db3360bb16d18078d51e8c596f31302a1 +CVE-2023-5575 (Improper access control in the permission inheritance in Devolutions S ...) + NOT-FOR-US: Devolutions Server +CVE-2023-5561 (WordPress does not properly restrict which user fields are searchable ...) + {DLA-3658-1} + - wordpress 6.3.2+dfsg1-1 + NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ + NOTE: https://core.trac.wordpress.org/changeset/56840/ +CVE-2023-5422 (The functions to fetch e-mail via POP3 or IMAP as well as sending e-ma ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-5421 (An attacker who is logged into OTRS as an user with privileges to crea ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-5177 (The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5167 (The User Activity Log Pro WordPress plugin before 2.3.4 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5133 (This user-activity-log-pro WordPress plugin before 2.3.4 retrieves cli ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5089 (The Defender Security WordPress plugin before 4.1.0 does not prevent r ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5087 (The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prev ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5057 (The ActivityPub WordPress plugin before 1.0.0 does not escape user met ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5003 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4971 (The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserial ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4950 (The Interactive Contact Form and Multi Step Form Builder WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4933 (The WP Job Openings WordPress plugin before 3.4.3 does not block listi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4862 (The File Manager Pro WordPress plugin before 1.8.1 does not adequately ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4861 (The File Manager Pro WordPress plugin before 1.8.1 allows admin users ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4834 (In Red Lion EuropembCONNECT24 and mymbCONNECT24 and Helmholz myREX24 a ...) + NOT-FOR-US: Red Lion +CVE-2023-4827 (The File Manager Pro WordPress plugin before 1.8 does not properly che ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4822 (Grafana is an open-source platform for monitoring and observability. T ...) + - grafana +CVE-2023-4821 (The Drag and Drop Multiple File Upload for WooCommerce WordPress plugi ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-4820 (The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4819 (The Shared Files WordPress plugin before 1.7.6 does not return the rig ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4811 (The WordPress File Upload WordPress plugin before 4.23.3 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4805 (The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4800 (The DoLogin Security WordPress plugin before 3.7.1 does not restrict t ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4798 (The User Avatar WordPress plugin before 1.2.2 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4795 (The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4783 (The Magee Shortcodes WordPress plugin through 2.1.1 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4776 (The School Management System WordPress plugin before 2.2.5 uses the Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4725 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4691 (The WordPress Online Booking and Scheduling Plugin WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4687 (The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prev ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4666 (The Form Maker by 10Web WordPress plugin before 1.15.20 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4646 (The Simple Posts Ticker WordPress plugin before 1.1.6 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4643 (The Enable Media Replace WordPress plugin before 4.1.3 unserializes us ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4620 (The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4457 (Grafana is an open-source platform for monitoring and observability. ...) + NOT-FOR-US: Grafana plugin +CVE-2023-4388 (The EventON WordPress plugin before 2.2 does not sanitise and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4290 (The WP Matterport Shortcode WordPress plugin before 2.1.7 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4289 (The WP Matterport Shortcode WordPress plugin before 2.1.8 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46087 (Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit T ...) + NOT-FOR-US: WordPress plugin +CVE-2023-46066 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Cod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45985 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-45984 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-45836 (Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45831 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45763 (Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <=2. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45753 (Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45752 (Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gal ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45749 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenk ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45748 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45690 (Default file permissions on South River Technologies' Titan MFT and Ti ...) + NOT-FOR-US: South River Technologies +CVE-2023-45689 (Lack of sufficient path validation in South River Technologies' Titan ...) + NOT-FOR-US: South River Technologies +CVE-2023-45688 (Lack of sufficient path validation in South River Technologies' Titan ...) + NOT-FOR-US: South River Technologies +CVE-2023-45687 (A session fixation vulnerability in South River Technologies' Titan MF ...) + NOT-FOR-US: South River Technologies +CVE-2023-45686 (Insufficient path validation when writing a file via WebDAV in South R ...) + NOT-FOR-US: South River Technologies +CVE-2023-45685 (Insufficient path validation when extracting a zip archive in South Ri ...) + NOT-FOR-US: South River Technologies +CVE-2023-45683 (github.com/crewjam/saml is a saml library for the go language. In affe ...) + - golang-github-crewjam-saml (bug #1054223) + NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-267v-3v32-g6q5 + NOTE: https://github.com/crewjam/saml/commit/b07b16cf83c4171d16da4d85608cb827f183cd79 (v0.4.14) +CVE-2023-45669 (WebAuthn4J Spring Security provides Web Authentication specification s ...) + NOT-FOR-US: WebAuthn4J Spring Security +CVE-2023-45660 (Nextcloud mail is an email app for the Nextcloud home server platform. ...) + NOT-FOR-US: Nextcloud plugin +CVE-2023-45656 (Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Lo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45655 (Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixField ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45654 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45653 (Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Vid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45651 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Att ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45650 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45647 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45645 (Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Str ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45643 (Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45642 (Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pix ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45641 (Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Co ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45639 (Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort Search ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45638 (Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gatew ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45629 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery \u ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45606 (Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45605 (Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45274 (Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45273 (Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45151 (Nextcloud server is an open source home cloud platform. Affected versi ...) + - nextcloud-server (bug #941708) +CVE-2023-45150 (Nextcloud calendar is a calendar app for the Nextcloud server platform ...) + NOT-FOR-US: Nextcloud plugin +CVE-2023-45149 (Nextcloud talk is a chat module for the Nextcloud server platform. In ...) + NOT-FOR-US: Nextcloud plugin +CVE-2023-45148 (Nextcloud is an open source home cloud server. When Memcached is used ...) + - nextcloud-server (bug #941708) +CVE-2023-44987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Time ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tych ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44985 (Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44984 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44229 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43121 (A Directory Traversal vulnerability discovered in Chalet application i ...) + NOT-FOR-US: Extreme Networks Switch Engine +CVE-2023-43120 (An issue discovered in Extreme Networks Switch Engine (EXOS) before 32 ...) + NOT-FOR-US: Extreme Networks Switch Engine +CVE-2023-43119 (An Access Control issue discovered in Extreme Networks Switch Engine ( ...) + NOT-FOR-US: Extreme Networks Switch Engine +CVE-2023-43118 (Cross Site Request Forgery (CSRF) vulnerability in Chalet application ...) + NOT-FOR-US: Extreme Networks Switch Engine +CVE-2023-40180 (silverstripe-graphql is a package which serves Silverstripe data in Gr ...) + NOT-FOR-US: silverstripe-graphql +CVE-2023-3991 (An OS command injection vulnerability exists in the httpd iperfrun.cgi ...) + NOT-FOR-US: FreshTomato +CVE-2023-3746 (The ActivityPub WordPress plugin before 1.0.0 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3707 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3706 (The ActivityPub WordPress plugin before 1.0.0 does not ensure that pos ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3392 (The Read More & Accordion WordPress plugin before 3.2.7 unserializes u ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3279 (The WordPress Gallery Plugin WordPress plugin before 3.39 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3155 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3154 (The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38059 (The loading of external images is not blocked, even if configured, if ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-43668 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...) + NOT-FOR-US: Apache InLong +CVE-2023-43667 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Apache InLong +CVE-2023-43666 (Insufficient Verification of Data Authenticity vulnerability in Apache ...) + NOT-FOR-US: Apache InLong +CVE-2023-5591 (SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.) + NOT-FOR-US: LibreNMS +CVE-2023-5590 (NULL Pointer Dereference in GitHub repository seleniumhq/selenium prio ...) + NOT-FOR-US: Selenium +CVE-2023-5589 (A vulnerability was found in SourceCodester Judging Management System ...) + NOT-FOR-US: SourceCodester +CVE-2023-5588 (A vulnerability was found in kphrx pleroma. It has been classified as ...) + NOT-FOR-US: Pleroma +CVE-2023-5587 (A vulnerability was found in SourceCodester Free Hospital Management S ...) + NOT-FOR-US: SourceCodester +CVE-2023-45898 (The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/ext ...) + - linux 6.5.6-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/768d612f79822d30a1e7d132a4d4b05337ce42ec (6.6-rc1) +CVE-2023-45757 (Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows ...) + NOT-FOR-US: Apache bRPC +CVE-2023-45580 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45579 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45578 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45577 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45576 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45575 (Stack Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.25 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45574 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45573 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45572 (Buffer Overflow vulnerability in D-Link device DI-7003GV2.D1 v.23.08.2 ...) + NOT-FOR-US: DI-7003GV2.D1 +CVE-2023-45158 (An OS command injection vulnerability exists in web2py 2.24.1 and earl ...) + - web2py +CVE-2023-44809 (D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.) + NOT-FOR-US: D-Link +CVE-2023-44808 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_ ...) + NOT-FOR-US: D-Link +CVE-2023-40791 (extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4 ...) + - linux 6.4.13-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f443fd5af5dbd531f880d3645d5dd36976cf087f (6.5-rc6) +CVE-2023-40790 + REJECTED +CVE-2023-40377 (Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7. ...) + NOT-FOR-US: IBM +CVE-2023-38280 (IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 coul ...) + NOT-FOR-US: IBM +CVE-2023-36955 (TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a st ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36954 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36953 (TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36952 (TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36950 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36947 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.611 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-36340 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...) + NOT-FOR-US: TOTOLINK +CVE-2023-35018 (IBM Security Verify Governance 10.0 could allow a privileged use to up ...) + NOT-FOR-US: IBM +CVE-2023-35013 (IBM Security Verify Governance 10.0, Identity Manager could allow a lo ...) + NOT-FOR-US: IBM +CVE-2023-33836 (IBM Security Verify Governance 10.0 contains hard-coded credentials, s ...) + NOT-FOR-US: IBM +CVE-2022-48612 (A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink One ...) + NOT-FOR-US: ClassLink OneClick Extension +CVE-2023-38312 (A directory traversal vulnerability in Valve Counter-Strike 8684 allow ...) + NOT-FOR-US: Counter-Strike +CVE-2018-25091 (urllib3 before 1.24.2 does not remove the authorization HTTP header wh ...) + {DLA-3610-1} + - python-urllib3 1.25.6-4 + NOTE: https://github.com/urllib3/urllib3/issues/1510 + NOTE: This issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). + NOTE: Fixed by https://github.com/urllib3/urllib3/commit/adb358f8e06865406d1f05e581a16cbea2136fbc (1.25) +CVE-2023-5586 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0 ...) + - gpac (bug #1055124) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2632 + NOTE: https://huntr.dev/bounties/d2a6ea71-3555-47a6-9b18-35455d103740 + NOTE: https://github.com/gpac/gpac/commit/ca1b48f0abe71bf81a58995d7d75dc27f5a17ddc +CVE-2023-5585 (A vulnerability was found in SourceCodester Online Motorcycle Rental S ...) + NOT-FOR-US: SourceCodester +CVE-2023-45871 (An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c i ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/bb5ed01cd2428cd25b1c88a3a9cba87055eb289f (6.6-rc1) +CVE-2023-45863 (An issue was discovered in lib/kobject.c in the Linux kernel before 6. ...) + - linux 6.1.20-1 + NOTE: https://git.kernel.org/linus/3bb2a01caa813d3a1845d378bbe4169ef280d394 (6.3-rc1) +CVE-2023-45862 (An issue was discovered in drivers/usb/storage/ene_ub6250.c for the EN ...) + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/ce33e64c1788912976b61314b56935abd4bc97ef (6.3-rc1) +CVE-2023-40378 (IBM Directory Server for IBM i contains a local privilege escalation v ...) + NOT-FOR-US: IBM +CVE-2023-5582 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: zzzcms +CVE-2023-5581 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester +CVE-2023-5580 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2023-5579 (A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as ...) + NOT-FOR-US: yhz66 Sandbox +CVE-2023-5578 (A vulnerability was found in Port\xe1bilis i-Educar up to 2.7.5. It ha ...) + NOT-FOR-US: i-Educar +CVE-2023-45176 (IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 throug ...) + NOT-FOR-US: IBM +CVE-2023-40367 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) + NOT-FOR-US: IBM +CVE-2023-35024 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + NOT-FOR-US: IBM +CVE-2023-41914 (SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allow ...) + {DSA-5529-1} + - slurm-wlm 23.02.6-1 + [bullseye] - slurm-wlm (Very intrusive patch and upstream does not release patches for unsupported versions) + - slurm-llnl + [buster] - slurm-llnl (EOL in buster LTS) + NOTE: https://groups.google.com/g/slurm-users/c/N9WHFVefSHA + NOTE: slurm-wlm-contrib also changed, but actual security issue is in slurm-wlm +CVE-2023-4263 (Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nR ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4257 (Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can ca ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-45856 (qdPM 9.2 allows remote code execution by using the Add Attachments fea ...) + NOT-FOR-US: qdPM +CVE-2023-45855 (qdPM 9.2 allows Directory Traversal to list files and directories by n ...) + NOT-FOR-US: qdPM +CVE-2023-45853 (MiniZip in zlib through 1.3 has an integer overflow and resultant heap ...) + {DLA-3670-1} + - zlib 1:1.3.dfsg-2 (bug #1054290) + [bookworm] - zlib (contrib/minizip not built and producing binary packages) + [bullseye] - zlib (contrib/minizip not built and producing binary packages) + [buster] - zlib (contrib/minizip not built and producing binary packages) + - minizip (bug #1056718) + [bookworm] - minizip 1.1-8+deb12u1 + [bullseye] - minizip (Minor issue; can be fixed in point release) + NOTE: https://github.com/madler/zlib/pull/843 + NOTE: https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c + NOTE: src:zlib only starts building minizip starting in 1:1.2.13.dfsg-2 +CVE-2023-45852 (In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticat ...) + NOT-FOR-US: VitogateqdPM +CVE-2023-45674 (Farmbot-Web-App is a web control interface for the Farmbot farm automa ...) + NOT-FOR-US: Farmbot-Web-App +CVE-2023-44037 (An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v. ...) + NOT-FOR-US: ZPE +CVE-2023-36559 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-5573 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + NOT-FOR-US: Vrite +CVE-2023-5572 (Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite ...) + NOT-FOR-US: Vrite +CVE-2023-5571 (Improper Input Validation in GitHub repository vriteio/vrite prior to ...) + NOT-FOR-US: Vrite +CVE-2023-5449 (A potential security vulnerability has been identified in certain HP D ...) + NOT-FOR-US: HP +CVE-2023-5409 (HP is aware of a potential security vulnerability in HP t430 and t638 ...) + NOT-FOR-US: HP +CVE-2023-5240 (Improper access control in PAM propagation scripts in Devolutions Serv ...) + NOT-FOR-US: Devolutions Server +CVE-2023-4995 (The Embed Calendly plugin for WordPress is vulnerable to Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4829 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) + - froxlor (bug #581792) +CVE-2023-4517 (Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hest ...) + NOT-FOR-US: Hestia Control Panel +CVE-2023-4499 (A potential security vulnerability has been identified in the HP ThinU ...) + NOT-FOR-US: HP +CVE-2023-45468 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: Netis +CVE-2023-45467 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-45466 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-45465 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-45464 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: Netis +CVE-2023-45463 (Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: Netis +CVE-2023-45393 (An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Bu ...) + NOT-FOR-US: GRANDING UTime Master +CVE-2023-45391 (A stored cross-site scripting (XSS) vulnerability in the Create A New ...) + NOT-FOR-US: GRANDING UTime Master +CVE-2023-45276 (Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45270 (Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45269 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45268 (Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45267 (Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45162 (Affected 1E Platform versions have a Blind SQL Injection vulnerability ...) + NOT-FOR-US: 1T Platform +CVE-2023-45130 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) + NOT-FOR-US: Frontier +CVE-2023-45109 (Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45108 (Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45107 (Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43079 (Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, con ...) + NOT-FOR-US: Dell +CVE-2023-41843 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortinet +CVE-2023-41836 (An improper neutralization of input during web page generation ('cross ...) + NOT-FOR-US: Fortinet +CVE-2023-41682 (A improper limitation of a pathname to a restricted directory ('path t ...) + NOT-FOR-US: Fortinet +CVE-2023-41681 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortinet +CVE-2023-41680 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortinet +CVE-2023-40682 (IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspe ...) + NOT-FOR-US: OVM +CVE-2023-39999 (Exposure of Sensitive Information to an Unauthorized Actor in WordPres ...) + {DLA-3658-1} + - wordpress 6.3.2+dfsg1-1 + [bookworm] - wordpress (Minor issue) + [bullseye] - wordpress (Minor issue) + NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ + NOTE: https://core.trac.wordpress.org/changeset/56843/ +CVE-2023-39960 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-38000 (Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability i ...) + - wordpress 6.3.2+dfsg1-1 + [buster] - wordpress (Vulnerable code was introduced in 5.9) + NOTE: https://wordpress.org/documentation/wordpress-version/version-6-3-2/ + NOTE: https://plugins.trac.wordpress.org/changeset/2978318/gutenberg/trunk/build/block-library/blocks/post-navigation-link.php +CVE-2023-34977 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2023-34976 (A SQL injection vulnerability has been reported to affect Video Statio ...) + NOT-FOR-US: QNAP +CVE-2023-34975 (A SQL injection vulnerability has been reported to affect Video Statio ...) + NOT-FOR-US: QNAP +CVE-2023-33303 (A insufficient session expiration in Fortinet FortiEDR version 5.0.0 t ...) + NOT-FOR-US: Fortinet +CVE-2023-32976 (An OS command injection vulnerability has been reported to affect Cont ...) + NOT-FOR-US: QNAP +CVE-2023-32974 (A path traversal vulnerability has been reported to affect several QNA ...) + NOT-FOR-US: QNAP +CVE-2023-32973 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-32970 (A NULL pointer dereference vulnerability has been reported to affect s ...) + NOT-FOR-US: QNAP +CVE-2023-42663 (Apache Airflow, versions before 2.7.2, has a vulnerability that allows ...) + - airflow (bug #819700) +CVE-2023-42792 (Apache Airflow, in versions prior to 2.7.2, contains a security vulner ...) + - airflow (bug #819700) +CVE-2023-45348 (Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerabili ...) + - airflow (bug #819700) +CVE-2023-42781 (Apache Airflow, versions before 2.7.3, has a vulnerability that allows ...) + - airflow (bug #819700) +CVE-2023-42780 (Apache Airflow, versions prior to 2.7.2, contains a security vulnerabi ...) + - airflow (bug #819700) +CVE-2023-5564 (Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxl ...) + - froxlor (bug #581792) +CVE-2023-5563 (The SJA1000 CAN controller driver backend automatically attempt to rec ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-5557 (A flaw was found in the tracker-miners package. A weakness in the sand ...) + - tracker-miners 3.4.5-1 (bug #1053881) + [bookworm] - tracker-miners (Minor issue) + [bullseye] - tracker-miners (Minor issue) + [buster] - tracker-miners (Minor issue) + NOTE: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/#tracker-miners-seccomp-sandbox-escape + NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/issues/277 + NOTE: https://gitlab.gnome.org/GNOME/tracker-miners/-/merge_requests/480 +CVE-2023-4562 (Improper Authentication vulnerability in Mitsubishi Electric Corporati ...) + NOT-FOR-US: Mitsubishi +CVE-2023-45511 (A memory leak in tsMuxer version git-2539d07 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2023-45510 (tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc ...) + NOT-FOR-US: tsMuxer +CVE-2023-41263 (An issue was discovered in Plixer Scrutinizer before 19.3.1. It expose ...) + NOT-FOR-US: Plixer Scrutinizer +CVE-2023-41262 (An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer ...) + NOT-FOR-US: Plixer Scrutinizer +CVE-2023-41261 (An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer ...) + NOT-FOR-US: Plixer Scrutinizer +CVE-2023-38251 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38250 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38249 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38221 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38220 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38219 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-38218 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-45365 + NOT-FOR-US: MediaWiki extension Citoid +CVE-2023-45366 + NOT-FOR-US: MediaWiki extension Wikibase +CVE-2023-45368 + NOT-FOR-US: MediaWiki extension EntitySchema +CVE-2023-5562 (An unsafe default configuration in KNIME Analytics Platform before 5.2 ...) + NOT-FOR-US: KNIME +CVE-2023-5556 (Cross-site Scripting (XSS) - Reflected in GitHub repository structuriz ...) + NOT-FOR-US: structurizr/onpremises +CVE-2023-5555 (Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms p ...) + NOT-FOR-US: frappe/lms +CVE-2023-5554 (Lack of TLS certificate verification in log transmission of a financia ...) + NOT-FOR-US: LINE +CVE-2023-5072 (Denial of Service in JSON-Java versions up to and including 20230618. ...) + - libjson-java (bug #1053882) + [bookworm] - libjson-java (Minor issue) + [bullseye] - libjson-java (Minor issue) + [buster] - libjson-java (Minor issue) + - jenkins-json (bug #1053883) + [bookworm] - jenkins-json (Minor issue) + [bullseye] - jenkins-json (Minor issue) + [buster] - jenkins-json (Minor issue) + - libjettison-java (bug #1053884) + [bookworm] - libjettison-java (Minor issue) + [bullseye] - libjettison-java (Minor issue) + [buster] - libjettison-java (Minor issue) + NOTE: https://github.com/stleary/JSON-java/issues/758 + NOTE: https://github.com/stleary/JSON-java/issues/771 + NOTE: https://github.com/stleary/JSON-java/pull/772/ +CVE-2023-5046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Procost +CVE-2023-5045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Kayisi +CVE-2023-45143 (Undici is an HTTP/1.1 client written from scratch for Node.js. Prior t ...) + - node-undici 5.26.3+dfsg1+~cs23.10.12-1 (bug #1053879) + [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u2 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp + NOTE: https://github.com/nodejs/undici/commit/e041de359221ebeae04c469e8aff4145764e6d76 (v5.26.2) +CVE-2023-45142 (OpenTelemetry-Go Contrib is a collection of third-party packages for O ...) + NOT-FOR-US: OpenTelemetry-Go Contrib +CVE-2023-45138 (Change Request is an pplication allowing users to request changes on a ...) + NOT-FOR-US: XWiki addon +CVE-2023-45133 (Babel is a compiler for writingJavaScript. In `@babel/traverse` prior ...) + {DSA-5528-1 DLA-3618-1} + - node-babel + - node-babel7 7.20.15+ds1+~cs214.269.168-5 (bug #1053880) + NOTE: github.com: https://github.com/babel/babel/security/advisories/GHSA-67hx-6x53-jw92 + NOTE: github.com: https://github.com/babel/babel/pull/16033 + NOTE: github.com: https://github.com/babel/babel/commit/b13376b346946e3f62fc0848c1d2a23223314c82 +CVE-2023-45106 (Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45103 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Per ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45102 (Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Mana ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45063 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45060 (Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Intera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45058 (Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45052 (Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45048 (Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45047 (Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc Le ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45011 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Pow ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44998 (Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43149 (SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) th ...) + NOT-FOR-US: SPA-Cart +CVE-2023-43148 (SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability ...) + NOT-FOR-US: SPA-Cart +CVE-2023-43147 (PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Reque ...) + NOT-FOR-US: PHPJabbers Limo Booking Software +CVE-2023-41131 (Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Da ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37637 + REJECTED +CVE-2023-32634 (An authentication bypass vulnerability exists in the CiRpcServerThread ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-32275 (An information disclosure vulnerability exists in the CtEnumCa() funct ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-32124 (Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31192 (An information disclosure vulnerability exists in the ClientConnect() ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-27516 (An authentication bypass vulnerability exists in the CiRpcAccepted() f ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-36839 (An Improper Validation of Specified Quantity in Input vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-44204 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44182 (An Unchecked Return Value vulnerability in the user interfaces to the ...) + NOT-FOR-US: Juniper +CVE-2023-44203 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44202 + NOT-FOR-US: Juniper +CVE-2023-44198 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44197 (An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (r ...) + NOT-FOR-US: Juniper +CVE-2023-44196 (An Improper Check for Unusual or Exceptional Conditions in the Packet ...) + NOT-FOR-US: Juniper +CVE-2023-44195 (An Improper Restriction of Communication Channel to Intended Endpoints ...) + NOT-FOR-US: Juniper +CVE-2023-44201 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44199 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44184 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) + NOT-FOR-US: Juniper +CVE-2023-44181 (An Improperly Implemented Security Check for Standard vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-44191 (An Allocation of Resources Without Limits or Throttling vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-44192 (An Improper Input Validation vulnerability in the Packet Forwarding En ...) + NOT-FOR-US: Juniper +CVE-2023-44175 (A Reachable Assertion vulnerability in the routing protocol daemon (rp ...) + NOT-FOR-US: Juniper +CVE-2023-44178 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) + NOT-FOR-US: Juniper +CVE-2023-44177 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) + NOT-FOR-US: Juniper +CVE-2023-44176 (A Stack-based Buffer Overflow vulnerability in the CLI command of Juni ...) + NOT-FOR-US: Juniper +CVE-2023-36841 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-36843 (An Improper Handling of Inconsistent Special Elements vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-44194 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) + NOT-FOR-US: Juniper +CVE-2023-44193 (An Improper Release of Memory Before Removing Last Reference vulnerabi ...) + NOT-FOR-US: Juniper +CVE-2023-44183 (An Improper Input Validation vulnerability in the VxLAN packet forward ...) + NOT-FOR-US: Juniper +CVE-2023-44185 (An Improper Input Validation vulnerability in the routing protocol dae ...) + NOT-FOR-US: Juniper +CVE-2023-5531 (The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5470 (The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45132 (NAXSI is an open-source maintenance web application firewall (WAF) for ...) + NOT-FOR-US: NAXSI +CVE-2023-44793 + REJECTED +CVE-2023-44190 (An Origin Validation vulnerability in MAC address validation of Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-44189 (An Origin Validation vulnerability in MAC address validation of Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-44188 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) + NOT-FOR-US: Juniper +CVE-2023-44187 (An Exposure of Sensitive Information vulnerability in the 'file copy' ...) + NOT-FOR-US: Juniper +CVE-2023-42298 (An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to ca ...) + - gpac (bug #1053878) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2567 + NOTE: https://github.com/gpac/gpac/commit/16c4fafc2881112eba7051cac48f922eb2b94e06 +CVE-2023-40833 (An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain pr ...) + NOT-FOR-US: Thecosy IceCMS +CVE-2023-40829 (There is an interface unauthorized access vulnerability in the backgro ...) + NOT-FOR-US: Tencent +CVE-2023-3781 (there is a possible use-after-free write due to improper locking. This ...) + NOT-FOR-US: Android +CVE-2023-32724 (Memory pointer is in a property of the Ducktape object. This leads to ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1053877) + [buster] - zabbix (vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-23391 + NOTE: https://github.com/zabbix/zabbix/commit/7266d0ac709b68ccb4d69d28253488670b8b4eb7 (release/5.0) + NOTE: https://github.com/zabbix/zabbix/commit/b28bf2f7081cffaeecbfb797d6e625e72679c06e (release/6.0) +CVE-2023-32723 (Request to LDAP is sent before user permissions are checked.) + - zabbix 1:6.0.23+dfsg-1 (bug #1053877) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-23230 + NOTE: very likely commit https://github.com/zabbix/zabbix/commit/3576afe9b87d8ad1ba92a13c28ba904671087688 (for 4.0.x) +CVE-2023-32722 (The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1053877) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-23390 +CVE-2023-32721 (A stored XSS has been found in the Zabbix web application in the Maps ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1053877) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-23389 + NOTE: possible upstream fix (4.0.x) https://github.com/zabbix/zabbix/commit/d05854bc0e638bbc0c2077ded09797648dba0911 +CVE-2023-5535 (Use After Free in GitHub repository vim/vim prior to v9.0.2010.) + - vim 2:9.0.2018-1 (unimportant) + NOTE: https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f + NOTE: https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d (v9.0.2010) + NOTE: Crash in CLI tool, no security impact +CVE-2023-5521 (Incorrect Authorization in GitHub repository tiann/kernelsu prior to v ...) + NOT-FOR-US: KernelSU +CVE-2023-5520 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) + - gpac (bug #1053878) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/681e42d0-18d4-4ebc-aba0-c5b0f77ac74a + NOTE: https://github.com/gpac/gpac/commit/5692dc729491805e0e5f55c21d50ba1e6b19e88e +CVE-2023-4957 (A vulnerability of authentication bypass has been found on a Zebra Tec ...) + NOT-FOR-US: Zebra Technologies ZTC +CVE-2023-4936 (It is possible to sideload a compromised DLL during the installation a ...) + NOT-FOR-US: Synaptics +CVE-2023-45396 (An Insecure Direct Object Reference (IDOR) vulnerability leads to even ...) + NOT-FOR-US: Insecure Direct Object Reference +CVE-2023-44962 (File Upload vulnerability in Koha Library Software 23.05.04 and before ...) + NOT-FOR-US: Koha +CVE-2023-44961 (SQL Injection vulnerability in Koha Library Software 23.0.5.04 and bef ...) + NOT-FOR-US: Koha +CVE-2023-44186 (An Improper Handling of Exceptional Conditions vulnerability in AS PAT ...) + NOT-FOR-US: Juniper +CVE-2023-44119 (Vulnerability of mutual exclusion management in the kernel module.Succ ...) + NOT-FOR-US: Huawei +CVE-2023-44118 (Vulnerability of undefined permissions in the MeeTime module.Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-44116 (Vulnerability of access permissions not being strictly verified in the ...) + NOT-FOR-US: Huawei +CVE-2023-44114 (Out-of-bounds array vulnerability in the dataipa module.Successful exp ...) + NOT-FOR-US: Huawei +CVE-2023-44111 (Vulnerability of brute-force attacks on the device authentication modu ...) + NOT-FOR-US: Huawei +CVE-2023-44110 (Out-of-bounds access vulnerability in the audio module.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-44109 (Clone vulnerability in the huks ta module.Successful exploitation of t ...) + NOT-FOR-US: Huawei +CVE-2023-44108 (Type confusion vulnerability in the distributed file module.Successful ...) + NOT-FOR-US: Huawei +CVE-2023-44107 (Vulnerability of defects introduced in the design process in the scree ...) + NOT-FOR-US: Huawei +CVE-2023-44106 (API permission management vulnerability in the Fwk-Display module.Succ ...) + NOT-FOR-US: Huawei +CVE-2023-44105 (Vulnerability of permissions not being strictly verified in the window ...) + NOT-FOR-US: Huawei +CVE-2023-44104 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) + NOT-FOR-US: Huawei +CVE-2023-44103 (Out-of-bounds read vulnerability in the Bluetooth module.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2023-44102 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) + NOT-FOR-US: Huawei +CVE-2023-44101 (The Bluetooth module has a vulnerability in permission control for bro ...) + NOT-FOR-US: Huawei +CVE-2023-44100 (Broadcast permission control vulnerability in the Bluetooth module.Suc ...) + NOT-FOR-US: Huawei +CVE-2023-44097 (Vulnerability of the permission to access device SNs being improperly ...) + NOT-FOR-US: Huawei +CVE-2023-44096 (Vulnerability of brute-force attacks on the device authentication modu ...) + NOT-FOR-US: Huawei +CVE-2023-44095 (Use-After-Free (UAF) vulnerability in the surfaceflinger module.Succes ...) + NOT-FOR-US: Huawei +CVE-2023-44094 (Type confusion vulnerability in the distributed file module.Successful ...) + NOT-FOR-US: Huawei +CVE-2023-44093 (Vulnerability of package names' public keys not being verified in the ...) + NOT-FOR-US: Huawei +CVE-2023-43960 (An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to e ...) + NOT-FOR-US: DLINK +CVE-2023-43661 (Cachet, the open-source status page system. Prior to the 2.4 branch, a ...) + NOT-FOR-US: Cachet +CVE-2023-42138 (Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and ea ...) + NOT-FOR-US: KV STUDIO +CVE-2023-41882 (vantage6 is privacy preserving federated learning infrastructure. The ...) + NOT-FOR-US: vantage6 +CVE-2023-41881 (vantage6 is privacy preserving federated learning infrastructure. When ...) + NOT-FOR-US: vantage6 +CVE-2023-41304 (Parameter verification vulnerability in the window module.Successful e ...) + NOT-FOR-US: Huawei +CVE-2023-40142 (In TBD of TBD, there is a possible way to bypass carrier restrictions ...) + NOT-FOR-US: Android +CVE-2023-40141 (In temp_residency_name_store of thermal_metrics.c, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-38817 (An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attac ...) + NOT-FOR-US: Inspect Element Ltd Echo.a +CVE-2023-38217 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-38216 (Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-37538 (HCL Digital Experience is susceptible to cross site scripting (XSS). O ...) + NOT-FOR-US: HCL +CVE-2023-35968 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...) + NOT-FOR-US: Yifan +CVE-2023-35967 (Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_ ...) + NOT-FOR-US: Yifan +CVE-2023-35966 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...) + NOT-FOR-US: Yifan +CVE-2023-35965 (Two heap-based buffer overflow vulnerabilities exist in the httpd mana ...) + NOT-FOR-US: Yifan +CVE-2023-35662 (there is a possible out of bounds write due to buffer overflow. This c ...) + NOT-FOR-US: Android +CVE-2023-35661 (In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-35660 (In lwis_transaction_client_cleanup of lwis_transaction.c, there is a p ...) + NOT-FOR-US: Android +CVE-2023-35655 (In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-35654 (In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-35653 (In TBD of TBD, there is a possible way to access location information ...) + NOT-FOR-US: Android +CVE-2023-35652 (In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cp ...) + NOT-FOR-US: Android +CVE-2023-35649 (In several functions of Exynos modem files, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-35648 (In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cp ...) + NOT-FOR-US: Android +CVE-2023-35647 (In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cp ...) + NOT-FOR-US: Android +CVE-2023-35646 (In TBD of TBD, there is a possible stack buffer overflow due to a miss ...) + NOT-FOR-US: Android +CVE-2023-35645 (In tbd of tbd, there is a possible memory corruption due to a race con ...) + NOT-FOR-US: Android +CVE-2023-35194 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-35193 (An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-35056 (A buffer overflow vulnerability exists in the httpd next_page function ...) + NOT-FOR-US: Yifan +CVE-2023-35055 (A buffer overflow vulnerability exists in the httpd next_page function ...) + NOT-FOR-US: Yifan +CVE-2023-34426 (A stack-based buffer overflow vulnerability exists in the httpd manage ...) + NOT-FOR-US: Yifan +CVE-2023-34365 (A stack-based buffer overflow vulnerability exists in the libutils.so ...) + NOT-FOR-US: Yifan +CVE-2023-34356 (An OS command injection vulnerability exists in the data.cgi xfer_dns ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-34354 (A stored cross-site scripting (XSS) vulnerability exists in the upload ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-34346 (A stack-based buffer overflow vulnerability exists in the httpd gwcfg. ...) + NOT-FOR-US: Yifan +CVE-2023-32645 (A leftover debug code vulnerability exists in the httpd debug credenti ...) + NOT-FOR-US: Yifan +CVE-2023-32632 (A command execution vulnerability exists in the validate.so diag_ping_ ...) + NOT-FOR-US: Yifan +CVE-2023-31272 (A stack-based buffer overflow vulnerability exists in the httpd do_wds ...) + NOT-FOR-US: Yifan +CVE-2023-28381 (An OS command injection vulnerability exists in the admin.cgi MVPN_tri ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-27380 (An OS command injection vulnerability exists in the admin.cgi USSD_sen ...) + NOT-FOR-US: Surf SOHO HW1 +CVE-2023-24479 (An authentication bypass vulnerability exists in the httpd nvram.cgi f ...) + NOT-FOR-US: Yifan +CVE-2023-44981 (Authorization Bypass Through User-Controlled Key vulnerability in Apac ...) + {DSA-5544-1 DLA-3624-1} + - zookeeper 3.9.1-1 (bug #1054224) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/11/4 + NOTE: https://github.com/apache/zookeeper/commit/e2070bed85d8b0c98a5a0045bf92421f473c412e (master) + NOTE: https://github.com/apache/zookeeper/commit/96b3172ca249a8580e9a315d589d319286cee4ee (release-3.8.3) + NOTE: Introduced by: https://github.com/apache/zookeeper/commit/8a06bd1ccef382461c7b0a63f2012f4aeac90753 (release-3.4.10-rc0) +CVE-2023-5511 (Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it ...) + - snipe-it (bug #1005172) +CVE-2023-4990 (Directory traversal vulnerability in MCL-Net versions prior to 4.6 Upd ...) + NOT-FOR-US: MCL-Net +CVE-2023-45312 (In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for E ...) + NOT-FOR-US: mtproto_proxy component for Erlang +CVE-2023-45194 (Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00. ...) + NOT-FOR-US: MR-GM2 firmware +CVE-2023-44997 (Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP For ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44689 (e-Gov Client Application (Windows version) versions prior to 2.1.1.0 a ...) + NOT-FOR-US: e-Gov Client Application +CVE-2023-37536 (An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remo ...) + NOT-FOR-US: HCL +CVE-2023-36127 (User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. ...) + NOT-FOR-US: PHPJabbers Appointment Scheduler +CVE-2023-36126 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) + NOT-FOR-US: PHPJabbers Appointment Scheduler +CVE-2023-39325 (A malicious HTTP/2 client which rapidly creates requests and immediate ...) + - golang-1.21 1.21.3-1 + - golang-1.20 1.20.10-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/golang/go/issues/63417 +CVE-2023-5473 (Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5486 (Inappropriate implementation in Input in Google Chrome prior to 118.0. ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5477 (Inappropriate implementation in Installer in Google Chrome prior to 11 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5478 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5485 (Inappropriate implementation in Autofill in Google Chrome prior to 118 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5479 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5476 (Use after free in Blink History in Google Chrome prior to 118.0.5993.7 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5474 (Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 al ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5475 (Inappropriate implementation in DevTools in Google Chrome prior to 118 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5481 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5483 (Inappropriate implementation in Intents in Google Chrome prior to 118. ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5484 (Inappropriate implementation in Navigation in Google Chrome prior to 1 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5487 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5218 (Use after free in Site Isolation in Google Chrome prior to 118.0.5993. ...) + {DSA-5526-1} + - chromium 118.0.5993.70-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4421 (The NSS code used for checking PKCS#1 v1.5 was leaking information use ...) + {DLA-3634-1} + - nss 2:3.61-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1651411 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2238677 + NOTE: https://hg.mozilla.org/projects/nss/rev/fc05574c739947d615ab0b2b2b564f01c922eccd +CVE-2023-38546 (This flaw allows an attacker to insert cookies at will into a running ...) + {DSA-5523-1 DLA-3613-1} + - curl 8.3.0-3 + NOTE: https://curl.se/docs/CVE-2023-38546.html + NOTE: Introduced by: https://github.com/curl/curl/commit/74d5a6fb3b9a96d9fa51ba90996e94c878ebd151 (curl-7_9_1) + NOTE: Fixed by: https://github.com/curl/curl/commit/61275672b46d9abb3285740467b882e22ed75da8 (curl-8_4_0) +CVE-2023-38545 (This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy ...) + {DSA-5523-1} + - curl 8.3.0-3 + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2023-38545.html + NOTE: Introduced by: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08 (curl-7_69_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/fb4415d8aee6c1045be932a34fe6107c2f5ed147 (curl-8_4_0) + NOTE: https://daniel.haxx.se/blog/2023/10/11/how-i-made-a-heap-overflow-in-curl/ +CVE-2023-5499 (Information exposure vulnerability in Shenzhen Reachfar v28, the explo ...) + NOT-FOR-US: Shenzhen Reachfar +CVE-2023-5498 (Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding ...) + NOT-FOR-US: chiefonboarding +CVE-2023-5497 (A vulnerability classified as critical has been found in Tongda OA 201 ...) + NOT-FOR-US: Tongda OA +CVE-2023-5496 (A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefo ...) + NOT-FOR-US: Translator PoqDev +CVE-2023-5495 (A vulnerability was found in QDocs Smart School 6.4.1. It has been cla ...) + NOT-FOR-US: QDocs Smart School +CVE-2023-5494 (A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5493 (A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Ser ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5492 (A vulnerability, which was classified as critical, was found in Beijin ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5491 (A vulnerability, which was classified as critical, has been found in B ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5490 (A vulnerability classified as critical was found in Beijing Baichuo Sm ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5489 (A vulnerability classified as critical has been found in Beijing Baich ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5488 (A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service ...) + NOT-FOR-US: Beijing Baichuo Smart +CVE-2023-5450 (An insufficient verification of data vulnerability exists in BIG-IP Ed ...) + NOT-FOR-US: F5 +CVE-2023-4966 (Sensitive information disclosurein NetScaler ADC and NetScaler Gateway ...) + NOT-FOR-US: Citrix +CVE-2023-4837 (SmodBIP is vulnerable to Cross-Site Request Forgery, that could be use ...) + NOT-FOR-US: SmodBIPx +CVE-2023-4309 (Election Services Co. (ESC) Internet Election Service is vulnerable to ...) + NOT-FOR-US: Election Services Co. (ESC) Internet Election Service +CVE-2023-45648 (Improper Input Validation vulnerability in Apache Tomcat.Tomcatfrom 11 ...) + {DSA-5522-1 DSA-5521-1 DLA-3617-1} + - tomcat10 10.1.14-1 + - tomcat9 9.0.70-2 + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/10 + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2023-45601 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) + NOT-FOR-US: Parasolid +CVE-2023-45226 (The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5 ...) + NOT-FOR-US: F5 +CVE-2023-45219 (Exposure of Sensitive Information vulnerability exist in an undisclose ...) + NOT-FOR-US: F5 +CVE-2023-45205 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...) + NOT-FOR-US: Siemens +CVE-2023-45204 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-45129 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.94.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-5chr-wjw5-3gq4 + NOTE: https://github.com/matrix-org/synapse/pull/16360 +CVE-2023-44996 (Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44995 (Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44994 (Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44763 (Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerabil ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44476 (Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44475 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44471 (Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backen ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44470 (Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMC ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44399 (ZITADEL provides identity infrastructure. In versions 2.37.2 and prior ...) + NOT-FOR-US: ZITADEL +CVE-2023-44315 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...) + NOT-FOR-US: Siemens +CVE-2023-44261 (Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44259 (Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44257 (Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44249 (An authorization bypass through user-controlled key[CWE-639] vulnerabi ...) + NOT-FOR-US: Fortinet +CVE-2023-44241 (Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44087 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44086 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44085 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44084 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44083 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44082 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-44081 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Tecnomatix Plant Simulation +CVE-2023-43896 (A buffer overflow in Macrium Reflect 8.1.7544 and below allows attacke ...) + NOT-FOR-US: Macrium Reflect +CVE-2023-43746 (When running in Appliance mode, an authenticated user assigned the Adm ...) + NOT-FOR-US: F5 +CVE-2023-43625 (A vulnerability has been identified in Simcenter Amesim (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-43623 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...) + NOT-FOR-US: Siemens +CVE-2023-43611 (The BIG-IP Edge Client Installer on macOS does not follow best practic ...) + NOT-FOR-US: F5 +CVE-2023-43485 (When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system ...) + NOT-FOR-US: F5 +CVE-2023-42796 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-42795 (Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...) + {DSA-5522-1 DSA-5521-1 DLA-3617-1} + - tomcat10 10.1.14-1 + - tomcat9 9.0.70-2 + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/9 + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2023-42794 (Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork ...) + - tomcat10 (Windows-specific) + - tomcat9 (Windows-specific) + - tomcat8 (Windows-specific) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/8 +CVE-2023-42788 (An improper neutralization of special elements used in an os command ( ...) + NOT-FOR-US: Fortinet +CVE-2023-42787 (A client-side enforcement of server-side security [CWE-602] vulnerabil ...) + NOT-FOR-US: Fortinet +CVE-2023-42782 (A insufficient verification of data authenticity vulnerability [CWE-34 ...) + NOT-FOR-US: Fortinet +CVE-2023-42768 (When a non-admin user has been assigned an administrator role via an i ...) + NOT-FOR-US: F5 +CVE-2023-41964 (The BIG-IP and BIG-IQ systems do not encrypt some sensitive informatio ...) + NOT-FOR-US: F5 +CVE-2023-41876 (Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41858 (Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order De ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41854 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. Wp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41853 (Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41852 (Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41851 (Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41850 (Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Rube ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41841 (An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7. ...) + NOT-FOR-US: Fortinet +CVE-2023-41838 (An improper neutralization of special elements used in an os command ( ...) + NOT-FOR-US: Fortinet +CVE-2023-41774 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41773 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41772 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41771 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41770 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41769 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41768 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41767 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41766 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2023-41765 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41763 (Skype for Business Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41679 (An improper access control vulnerability [CWE-284] in FortiManager man ...) + NOT-FOR-US: Fortinet +CVE-2023-41675 (A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 thro ...) + NOT-FOR-US: Fortinet +CVE-2023-41373 (A directory traversal vulnerability exists in the BIG-IP Configuration ...) + NOT-FOR-US: F5 +CVE-2023-41253 (When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, an ...) + NOT-FOR-US: F5 +CVE-2023-41085 (When IPSec is configured on a Virtual Server, undisclosed traffic can ...) + NOT-FOR-US: F5 +CVE-2023-40718 (A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 ...) + NOT-FOR-US: Fortinet +CVE-2023-40542 (When TCP Verified Accept is enabled on a TCP profile that is configure ...) + NOT-FOR-US: F5 +CVE-2023-40537 (An authenticated user's session cookie may remain valid for a limited ...) + NOT-FOR-US: F5 +CVE-2023-40534 (When a client-side HTTP/2 profile and the HTTP MRF Router option are e ...) + NOT-FOR-US: F5 +CVE-2023-39447 (When BIG-IP APM Guided Configurations are configured, undisclosed sens ...) + NOT-FOR-US: F5 +CVE-2023-38640 (A vulnerability has been identified in SICAM PAS/PQS (All versions >= ...) + NOT-FOR-US: Siemens +CVE-2023-38171 (Microsoft QUIC Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38166 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38159 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-37939 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortinet +CVE-2023-37935 (A use of GET request method with sensitive query strings vulnerability ...) + NOT-FOR-US: Fortinet +CVE-2023-37195 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...) + NOT-FOR-US: Siemens +CVE-2023-37194 (A vulnerability has been identified in SIMATIC CP 1604 (All versions), ...) + NOT-FOR-US: Siemens +CVE-2023-36902 (Windows Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36790 (Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36789 (Skype for Business Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36786 (Skype for Business Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36785 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-36780 (Skype for Business Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36778 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36776 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36743 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36737 (Azure Network Watcher VM Agent Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36732 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36731 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36730 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-36729 (Named Pipe File System Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36728 (Microsoft SQL Server Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36726 (Windows Internet Key Exchange (IKE) Extension Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2023-36725 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36724 (Windows Power Management Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36723 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36722 (Active Directory Domain Services Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36721 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36720 (Windows Mixed Reality Developer Tools Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36718 (Microsoft Virtual Trusted Platform Module Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-36717 (Windows Virtual Trusted Platform Module Denial of Service Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36713 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-36712 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36711 (Windows Runtime C++ Template Library Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-36710 (Windows Media Foundation Core Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36709 (Microsoft AllJoyn API Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36707 (Windows Deployment Services Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36706 (Windows Deployment Services Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36704 (Windows Setup Files Cleanup Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36703 (DHCP Server Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36702 (Microsoft DirectMusic Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36701 (Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-36698 (Windows Kernel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36697 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36637 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-36606 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36605 (Windows Named Pipe Filesystem Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36603 (Windows TCP/IP Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36602 (Windows TCP/IP Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36598 (Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36596 (Remote Procedure Call Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36594 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36593 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36592 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36591 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36590 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36589 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36585 (Windows upnphost.dll Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36584 (Windows Mark of the Web Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36583 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36582 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36581 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36579 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36578 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36577 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-36576 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36575 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36574 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36573 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36572 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36571 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36570 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36569 (Microsoft Office Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36568 (Microsoft Office Click-To-Run Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36567 (Windows Deployment Services Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36566 (Microsoft Common Data Model SDK Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36565 (Microsoft Office Graphics Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36564 (Windows Search Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36563 (Microsoft WordPad Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36561 (Azure DevOps Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36557 (PrintHTML API Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36556 (An incorrect authorization vulnerability [CWE-863] in FortiMail webmai ...) + NOT-FOR-US: Fortinet +CVE-2023-36555 (An improper neutralization of script-related html tags in a web page ( ...) + NOT-FOR-US: Fortinet +CVE-2023-36550 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-36549 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-36548 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-36547 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-36478 (Eclipse Jetty provides a web server and servlet container. In versions ...) + {DSA-5540-1 DLA-3641-1} + - jetty9 9.4.53-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r + NOTE: https://github.com/eclipse/jetty.project/pull/9634 +CVE-2023-36438 (Windows TCP/IP Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36436 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36435 (Microsoft QUIC Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36434 (Windows IIS Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36433 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-36431 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36429 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-36420 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-36419 (Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privi ...) + NOT-FOR-US: Microsoft +CVE-2023-36418 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36417 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36416 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36415 (Azure Identity SDK Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36414 (Azure Identity SDK Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36380 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-35796 (A vulnerability has been identified in SINEMA Server V14 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-35349 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-34993 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34992 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34989 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34988 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34987 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34986 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-34985 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2023-33301 (An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7 ...) + NOT-FOR-US: Fortinet +CVE-2023-42670 (A flaw was found in Samba. It is susceptible to a vulnerability where ...) + {DSA-5525-1} + - samba 2:4.19.1+dfsg-1 + [bullseye] - samba (Vulnerable code not present) + [buster] - samba (Vulnerable code not present) + NOTE: https://www.samba.org/samba/security/CVE-2023-42670.html +CVE-2023-42669 (A vulnerability was found in Samba's "rpcecho" development server, a n ...) + {DSA-5525-1} + - samba 2:4.19.1+dfsg-1 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2023-42669.html +CVE-2023-4091 (A vulnerability was discovered in Samba, where the flaw allows SMB cli ...) + {DSA-5525-1} + - samba 2:4.19.1+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-4091.html + NOTE: In scope for continued Samba support +CVE-2023-4154 (A design flaw was found in Samba's DirSync control implementation, whi ...) + {DSA-5525-1} + - samba 2:4.19.1+dfsg-1 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2023-4154.html +CVE-2023-3961 (A path traversal vulnerability was identified in Samba when processing ...) + {DSA-5525-1} + - samba 2:4.19.1+dfsg-1 + [bullseye] - samba (Vulnerable code not present) + [buster] - samba (Vulnerable code not present) + NOTE: https://www.samba.org/samba/security/CVE-2023-3961.html + NOTE: In scope for continued Samba support +CVE-2023-44487 (The HTTP/2 protocol allows a denial of service (server resource consum ...) + {DSA-5570-1 DSA-5558-1 DSA-5549-1 DSA-5540-1 DSA-5522-1 DSA-5521-1 DLA-3656-1 DLA-3645-1 DLA-3641-1 DLA-3638-1 DLA-3621-1 DLA-3617-1} + - tomcat9 9.0.70-2 + - tomcat10 10.1.14-1 + - trafficserver 9.2.3+ds-1 (bug #1053801; bug #1054427) + - h2o 2.2.5+dfsg2-8 (bug #1054232) + - haproxy 1.8.13-1 + - nginx 1.24.0-2 (unimportant; bug #1053770) + - nghttp2 1.57.0-1 (bug #1053769) + - jetty9 9.4.53-1 + - netty 1:4.1.48-8 (bug #1054234) + - dnsdist 1.8.2-2 + [buster] - dnsdist (HTTP/2 support was added later) + - varnish (bug #1056156) + NOTE: Tomcat: https://github.com/apache/tomcat/commit/76bb4bfbfeae827dce896f650655bbf6e251ed49 (10.1.14) + NOTE: Tomcat: https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a (9.0.81) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version + NOTE: ATS: https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q + NOTE: ATS: https://github.com/apache/trafficserver/commit/b28ad74f117307e8de206f1de70c3fa716f90682 (9.2.3-rc0) + NOTE: ATS: https://github.com/apache/trafficserver/commit/d742d74039aaa548dda0148ab4ba207906abc620 (8.1.9) + NOTE: h2o: https://github.com/h2o/h2o/commit/28fe15117b909588bf14269a0e1c6ec4548579fe + NOTE: dnsdist: h2o change breaks the ABI, hence dnsdist switched to a vendored fix in 1.8.2-2 + NOTE: haproxy: http://git.haproxy.org/?p=haproxy.git;a=commit;h=f210191dcdf32a2cb263c5bd22b7fc98698ce59a (v1.9-dev1) + NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44134.html + NOTE: haproxy: https://www.mail-archive.com/haproxy@formilux.org/msg44136.html + NOTE: nginx: https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html + NOTE: nginx: https://github.com/nginx/nginx/commit/6ceef192e7af1c507826ac38a2d43f08bf265fb9 + NOTE: nghttp2: https://github.com/nghttp2/nghttp2/pull/1961 + NOTE: nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg + NOTE: nghttp2: https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832 (v1.57.0) + NOTE: jetty9: https://github.com/eclipse/jetty.project/issues/10679 + NOTE: jetty9: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/10/6 + NOTE: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ + NOTE: Go uses CVE-2023-39325 to track this + NOTE: netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p + NOTE: netty: https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61 (netty-4.1.100.Final) + NOTE: varnish: https://varnish-cache.org/security/VSV00013.html + NOTE: varnish: https://github.com/varnishcache/varnish-cache/issues/3996 + NOTE: Unaffected implementations not requiring code changes: + NOTE: - rust-hyper: https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected + NOTE: - apache2: https://chaos.social/@icing/111210915918780532 + NOTE: - lighttpd: https://www.openwall.com/lists/oss-security/2023/10/13/9 +CVE-2023-34324 [linux/xen: Possible deadlock in Linux kernel event handling] + - linux 6.5.8-1 + [bookworm] - linux 6.1.64-1 + NOTE: https://xenbits.xen.org/xsa/advisory-441.html + NOTE: https://git.kernel.org/linus/87797fad6cce28ec9be3c13f031776ff4f104cfc (6.6-rc6) +CVE-2023-46837 [arm32: The cache may not be properly cleaned/invalidated (take two)] + - xen + [bookworm] - xen (Minor issue, fix along in next DSA) + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-447.html +CVE-2023-46836 [x86: BTC/SRSO fixes not fully effective] + - xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928) + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-446.html +CVE-2023-46835 [x86/AMD: mismatch in IOMMU quarantine page table levels] + - xen 4.17.2+76-ge1f9cb16e2-1 (bug #1056928) + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-445.html +CVE-2023-34328 [A PV vCPU can place a breakpoint over the live GDT] + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-444.html +CVE-2023-34327 [An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state] + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-444.html +CVE-2023-34325 [Multiple vulnerabilities in libfsimage disk handling] + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-443.html +CVE-2023-34326 [x86/AMD: missing IOMMU TLB flushing] + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-442.html +CVE-2023-34323 [xenstored: A transaction conflict can crash C Xenstored] + - xen 4.17.2+55-g0b56bed864-1 (unimportant) + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-440.html + NOTE: Debian uses the ocaml-based xenstored +CVE-2023-5471 (A vulnerability, which was classified as critical, was found in codepr ...) + NOT-FOR-US: codeprojects Farmacia +CVE-2023-5468 (The Slick Contact Forms plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5467 (The GEO my WordPress plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5463 (A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been r ...) + NOT-FOR-US: XINJE +CVE-2023-5462 (A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been decl ...) + NOT-FOR-US: XINJE +CVE-2023-45208 (A command injection in the parsing_xml_stasurvey function inside libcg ...) + NOT-FOR-US: D-Link +CVE-2023-44959 (An issue found in D-Link DSL-3782 v.1.03 and before allows remote auth ...) + NOT-FOR-US: D-Link +CVE-2023-44848 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) + NOT-FOR-US: SeaCMS +CVE-2023-44847 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) + NOT-FOR-US: SeaCMS +CVE-2023-44846 (An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code ...) + NOT-FOR-US: SeaCMS +CVE-2023-44827 (An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8 ...) + NOT-FOR-US: ZenTao +CVE-2023-44826 (Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local ...) + NOT-FOR-US: ZenTao +CVE-2023-44813 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...) + NOT-FOR-US: mooSocial +CVE-2023-43899 (hansun CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: hansun CMS +CVE-2023-43271 (Incorrect access control in 70mai a500s v1.2.119 allows attackers to d ...) + NOT-FOR-US: 70mai a500s +CVE-2023-42477 (SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50,allo ...) + NOT-FOR-US: SAP +CVE-2023-42475 (The Statutory Reporting application has a vulnerable file storage loca ...) + NOT-FOR-US: SAP +CVE-2023-42474 (SAP BusinessObjects Web Intelligence - version 420, has a URL with par ...) + NOT-FOR-US: SAP +CVE-2023-42473 (S/4HANA Manage (Withholding Tax Items) - version 106,does not perform ...) + NOT-FOR-US: SAP +CVE-2023-42189 (Insecure Permissions vulnerability in Connectivity Standards Alliance ...) + NOT-FOR-US: Connectivity Standards Alliance Matter Official SDK +CVE-2023-41730 (Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newslette ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41697 (Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41694 (Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41684 (Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41365 (SAP Business One (B1i) - version 10.0, allows an authorized attacker t ...) + NOT-FOR-US: SAP +CVE-2023-40310 (SAP PowerDesignerClient- version 16.7, does not sufficiently validate ...) + NOT-FOR-US: SAP +CVE-2023-45360 (An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1. ...) + {DSA-5520-1} + - mediawiki 1:1.39.5-1 + [buster] - mediawiki (Minor issue, prior to 1.32 any sysop could edit sitewide CSS/JS anyway) + NOTE: https://phabricator.wikimedia.org/T340221 +CVE-2023-45362 (An issue was discovered in DifferenceEngine.php in MediaWiki before 1. ...) + {DSA-5520-1 DLA-3671-1} + - mediawiki 1:1.39.5-1 + NOTE: https://phabricator.wikimedia.org/T341529 +CVE-2023-45361 + - mediawiki 1:1.39.5-1 + [bookworm] - mediawiki 1:1.39.5-1~deb12u1 + [bullseye] - mediawiki (Vulnerable code not present) + [buster] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T340220 +CVE-2023-45359 + - mediawiki 1:1.39.5-1 + [bookworm] - mediawiki 1:1.39.5-1~deb12u1 + [bullseye] - mediawiki (Vulnerable code not present) + [buster] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T340217 +CVE-2023-5461 (A vulnerability was found in Delta Electronics WPLSoft 2.51. It has be ...) + NOT-FOR-US: Delta Electronics +CVE-2023-5460 (A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and ...) + NOT-FOR-US: Delta Electronics +CVE-2023-5459 (A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 ...) + NOT-FOR-US: Delta Electronics +CVE-2023-5365 (HP LIFE Android Mobile application is potentially vulnerable to escala ...) + NOT-FOR-US: HP +CVE-2023-5333 (Mattermost fails to deduplicate input IDs allowing asimple user to cau ...) + - mattermost-server (bug #823556) +CVE-2023-5331 (Mattermost fails to properly check the creator of an attached file whe ...) + - mattermost-server (bug #823556) +CVE-2023-5330 (Mattermost fails toenforce a limit for the size of the cache entry for ...) + - mattermost-server (bug #823556) +CVE-2023-5103 (Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK ...) + NOT-FOR-US: SICK +CVE-2023-5102 (Insufficient Control Flow Management in RDT400 in SICK APU allows an u ...) + NOT-FOR-US: SICK +CVE-2023-5101 (Files or Directories Accessible to External Parties in RDT400 in SICK ...) + NOT-FOR-US: SICK +CVE-2023-5100 (Cleartext Transmission of Sensitive Information in RDT400 in SICK APU ...) + NOT-FOR-US: SICK +CVE-2023-45613 (In JetBrains Ktor before 2.3.5 server certificates were not verified) + NOT-FOR-US: JetBrains Ktor +CVE-2023-45612 (In JetBrains Ktor before 2.3.5 default configuration of ContentNegotia ...) + NOT-FOR-US: JetBrains Ktor +CVE-2023-45248 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-45247 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-44993 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...) + NOT-FOR-US: QuantumCloud +CVE-2023-44821 (Gifsicle through 1.94, if deployed in a way that allows untrusted inpu ...) + - gifsicle (unimportant) + NOTE: Memory leak in CLI tool, no security impact + NOTE: https://github.com/kohler/gifsicle/issues/195 +CVE-2023-44812 (Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a ...) + NOT-FOR-US: mooSocial +CVE-2023-44811 (Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 a ...) + NOT-FOR-US: mooSocial +CVE-2023-44473 (Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44467 (langchain_experimental 0.0.14 allows an attacker to bypass the CVE-202 ...) + NOT-FOR-US: langchain_experimental +CVE-2023-44400 (Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-44393 (Piwigo is an open source photo gallery application. Prior to version 1 ...) + - piwigo +CVE-2023-44392 (Garden provides automation for Kubernetes development and testing. Pri ...) + NOT-FOR-US: Garden +CVE-2023-44378 (gnark is a zk-SNARK library that offers a high-level API to design cir ...) + NOT-FOR-US: gnark +CVE-2023-44260 (Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44246 (Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44240 (Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44238 (Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44237 (Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44236 (Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Ca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44232 (Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44231 (Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43700 (Missing Authorization in RDT400 in SICK APU allows an unprivileged rem ...) + NOT-FOR-US: SICK +CVE-2023-43699 (Improper Restriction of Excessive Authentication Attempts in RDT400 in ...) + NOT-FOR-US: SICK +CVE-2023-43698 (Improper Neutralization of Input During Web Page Generation (\u2019Cro ...) + NOT-FOR-US: SICK +CVE-2023-43697 (Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU al ...) + NOT-FOR-US: SICK +CVE-2023-43696 (Improper Access Control in SICK APU allows an unprivileged remote atta ...) + NOT-FOR-US: SICK +CVE-2023-43643 (AntiSamy is a library for performing fast, configurable cleansing of H ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1054164) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/security/advisories/GHSA-pcf2-gh6g-h5r2 + NOTE: https://github.com/nahsra/antisamy/commit/05c52b98bb845b8175b8406bd2f391ce334a05d6 (v1.7.4) +CVE-2023-42455 (Wazuh is a security detection, visibility, and compliance open source ...) + NOT-FOR-US: Wazuh +CVE-2023-41672 (Cross-Site Request Forgery (CSRF) vulnerability in R\xe9mi Leclercq Hi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41670 (Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in per ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41669 (Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41668 (Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41667 (Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41660 (Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41047 (OctoPrint is a web interface for 3D printers. OctoPrint versions up un ...) + NOT-FOR-US: OctoPrint +CVE-2023-3589 (A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork C ...) + NOT-FOR-US: Teamwork Cloudt +CVE-2023-39189 (A flaw was found in the Netfilter subsystem in the Linux kernel. The n ...) + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/f4f8a7803119005e87b716874bec07c751efafec (6.6-rc1) +CVE-2023-36820 (Micronaut Security is a security solution for applications. Prior to v ...) + NOT-FOR-US: Micronaut Security +CVE-2023-43641 (libcue provides an API for parsing and extracting data from CUE sheets ...) + {DSA-5524-1 DLA-3615-1} + - libcue 2.2.1-4.1 + NOTE: https://github.com/lipnitsk/libcue/security/advisories/GHSA-5982-x7hv-r9cj + NOTE: https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ + NOTE: Fixed by: https://github.com/lipnitsk/libcue/commit/fdf72c8bded8d24cfa0608b8e97f2eed210a920e (v2.3.0) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/09/3 +CVE-2023-45374 (An issue was discovered in the SportsTeams extension for MediaWiki bef ...) + NOT-FOR-US: MediaWiki extension SportsTeams +CVE-2023-45373 (An issue was discovered in the ProofreadPage extension for MediaWiki b ...) + NOT-FOR-US: MediaWiki extension ProofreadPage +CVE-2023-45372 (An issue was discovered in the Wikibase extension for MediaWiki before ...) + NOT-FOR-US: MediaWiki extension Wikibase +CVE-2023-45371 (An issue was discovered in the Wikibase extension for MediaWiki before ...) + NOT-FOR-US: MediaWiki extension Wikibase +CVE-2023-45370 (An issue was discovered in the SportsTeams extension for MediaWiki bef ...) + NOT-FOR-US: MediaWiki extension SportsTeams +CVE-2023-45369 (An issue was discovered in the PageTriage extension for MediaWiki befo ...) + NOT-FOR-US: MediaWiki extension PageTriage +CVE-2023-45367 (An issue was discovered in the CheckUser extension for MediaWiki befor ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-45364 (An issue was discovered in includes/page/Article.php in MediaWiki 1.36 ...) + - mediawiki 1:1.39.5-1 + [bookworm] - mediawiki 1:1.39.5-1~deb12u1 + [bullseye] - mediawiki (Vulnerable code not present) + [buster] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T264765 +CVE-2023-45363 (An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, ...) + {DSA-5520-1 DLA-3671-1} + - mediawiki 1:1.39.5-1 + NOTE: https://phabricator.wikimedia.org/T333050 +CVE-2023-45356 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 40 ...) + NOT-FOR-US: Atos +CVE-2023-45355 (Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 an ...) + NOT-FOR-US: Atos +CVE-2023-45354 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) + NOT-FOR-US: Atos +CVE-2023-45353 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) + NOT-FOR-US: Atos +CVE-2023-45352 (Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 a ...) + NOT-FOR-US: Atos +CVE-2023-45351 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 As ...) + NOT-FOR-US: Atos +CVE-2023-45350 (Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 M ...) + NOT-FOR-US: Atos +CVE-2023-45349 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 As ...) + NOT-FOR-US: Atos +CVE-2023-39854 (The web interface of ATX Ucrypt through 3.5 allows authenticated users ...) + NOT-FOR-US: ATX Ucrypt +CVE-2023-40654 (In FW-PackageManager, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-40653 (In FW-PackageManager, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-40652 (In jpg driver, there is a possible out of bounds write due to improper ...) + NOT-FOR-US: Unisoc +CVE-2023-40651 (In urild service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2023-40650 (In Telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-40649 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40648 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40647 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40646 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40645 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40644 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40643 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40642 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40641 (In Messaging, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40640 (In SoundRecorder service, there is a possible missing permission check ...) + NOT-FOR-US: Unisoc +CVE-2023-40639 (In SoundRecorder service, there is a possible missing permission check ...) + NOT-FOR-US: Unisoc +CVE-2023-40638 (In Telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-40637 (In telecom service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2023-40636 (In telecom service, there is a possible way to write permission usage ...) + NOT-FOR-US: Unisoc +CVE-2023-40635 (In linkturbo, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-40634 (In phasechecksercer, there is a possible missing permission check. Thi ...) + NOT-FOR-US: Unisoc +CVE-2023-40633 (In phasecheckserver, there is a possible missing permission check. Thi ...) + NOT-FOR-US: Unisoc +CVE-2023-40632 (In jpg driver, there is a possible use after free due to a logic error ...) + NOT-FOR-US: Unisoc +CVE-2023-40631 (In Dialer, there is a possible missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2023-5182 (Sensitive data could be exposed in logs of subiquity version 23.09.1 a ...) + NOT-FOR-US: Subiquity +CVE-2023-45322 (libxml2 through 2.11.5 has a use-after-free that can only occur after ...) + [experimental] - libxml2 2.12.3+dfsg-0exp1 + - libxml2 (bug #1053629) + [bookworm] - libxml2 (Minor issue) + [bullseye] - libxml2 (Minor issue) + [buster] - libxml2 (Minor issue, very hard/unlikely to trigger) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 + NOTE: http://www.openwall.com/lists/oss-security/2023/10/06/5 +CVE-2023-45199 (Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can ...) + - mbedtls (Vulnerable code introduced later) + NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-2/ +CVE-2023-44860 (An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker t ...) + NOT-FOR-US: NETIS SYSTEMS +CVE-2023-44061 (File Upload vulnerability in Simple and Nice Shopping Cart Script v.1. ...) + NOT-FOR-US: File Upload vulnerability in Simple and Nice Shopping Cart Script +CVE-2023-43615 (Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.) + - mbedtls (unimportant) + NOTE: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/ + NOTE: Vulnerability not present in default build and only present if compile-time + NOTE: configuration enables vulnerable cipher suites. Debian does not enable + NOTE: MBEDTLS_CIPHER_NULL_CIPHER and MBEDTLS_ARC4_C. +CVE-2023-36123 (Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 ...) + NOT-FOR-US: Hex-Dragon Plain Craft Launcher 2 +CVE-2023-5452 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) + - snipe-it (bug #1005172) +CVE-2023-5214 (In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges ...) + NOT-FOR-US: Puppet Bolt +CVE-2023-4530 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Turna Advertising Administration Panel +CVE-2023-4469 (The Profile Extra Fields by BestWebSoft plugin for WordPress is vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2023-45311 (fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us- ...) + NOT-FOR-US: fsevents +CVE-2023-45303 (ThingsBoard before 3.5 allows Server-Side Template Injection if users ...) + NOT-FOR-US: ThingsBoard +CVE-2023-45282 (In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can o ...) + NOT-FOR-US: NASA Open MCT (aka openmct) +CVE-2023-45246 (Sensitive information disclosure and manipulation due to improper auth ...) + NOT-FOR-US: Acronis +CVE-2023-45245 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-45244 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-45239 (A lack of input validation exists in tac_plus prior to commit 4fdf178 ...) + NOT-FOR-US: tac_plus +CVE-2023-44807 (D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the canc ...) + NOT-FOR-US: D-Link +CVE-2023-44771 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) + NOT-FOR-US: Zenario CMS +CVE-2023-44770 (A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 ...) + NOT-FOR-US: Zenario CMS +CVE-2023-44766 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44765 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8. ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44764 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 all ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44762 (A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versio ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44761 (Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS ve ...) + NOT-FOR-US: Concrete CMS +CVE-2023-44758 (GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerabil ...) + NOT-FOR-US: GDidees CMS +CVE-2023-44384 (Discourse-jira is a Discourse plugin allows Jira projects, issue types ...) + NOT-FOR-US: Discourse plugin +CVE-2023-44243 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Inst ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44233 (Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44146 (Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Che ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43810 (OpenTelemetry, also known as OTel for short, is a vendor-neutral open- ...) + NOT-FOR-US: OpenTelemetry +CVE-2023-43058 (IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escal ...) + NOT-FOR-US: IBM +CVE-2023-42445 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (bug #1055176) + [bookworm] - gradle (Minor issue) + [bullseye] - gradle (Minor issue) + [buster] - gradle (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-mrff-q8qj-xvg8 +CVE-2023-41950 (Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bous ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41801 (Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Tea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41732 (Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Block ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41659 (Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41654 (Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authL ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41650 (Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40671 (Cross-Site Request Forgery (CSRF) vulnerability in \u5927\u4fa0wp DX-a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40607 (Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40008 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3725 (Potential buffer overflow vulnerability in the Zephyr CAN bus subsyste ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-38703 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f76w-fh7c-pc66 + NOTE: https://github.com/pjsip/pjproject/commit/6dc9b8c181aff39845f02b4626e0812820d4ef0d (2.14) +CVE-2023-36465 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) + NOT-FOR-US: Decidim +CVE-2023-35897 (IBM Spectrum Protect Client and IBM Storage Protect for Virtual Enviro ...) + NOT-FOR-US: IBM +CVE-2023-32972 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-32971 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-5408 (A privilege escalation flaw was found in the node restriction admissio ...) + NOT-FOR-US: OpenShift +CVE-2023-4061 (A flaw was found in wildfly-core. A management user could use the reso ...) + NOT-FOR-US: Red Hat Enterprise Application Platform +CVE-2023-3171 + NOT-FOR-US: Red Hat Enterprise Application Platform +CVE-2023-5441 (NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161a ...) + - vim 2:9.0.2018-1 (unimportant) + NOTE: https://huntr.dev/bounties/b54cbdf5-3e85-458d-bb38-9ea2c0b669f2 + NOTE: https://github.com/vim/vim/commit/20d161ace307e28690229b68584f2d84556f8960 (v9.0.1992) + NOTE: Crash in CLI tool, no security impact +CVE-2023-5312 + REJECTED +CVE-2023-45243 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-45242 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-45241 (Sensitive information leak through log files. The following products a ...) + NOT-FOR-US: Acronis +CVE-2023-45240 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-44214 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-44213 (Sensitive information disclosure due to excessive collection of system ...) + NOT-FOR-US: Acronis +CVE-2023-44212 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-44211 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-43343 (Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6 ...) + NOT-FOR-US: Quick CMS +CVE-2023-43269 (pigcms up to 7.0 was discovered to contain an arbitrary file upload vu ...) + NOT-FOR-US: pigcms +CVE-2023-40556 (Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39323 (Line directives ("//line") can be used to bypass the restrictions on " ...) + - golang-1.21 1.21.2-1 + - golang-1.20 1.20.9-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/63211 + NOTE: https://go.dev/cl/533215 + NOTE: https://groups.google.com/g/golang-announce/c/XBa1oHDevAo + NOTE: https://pkg.go.dev/vuln/GO-2023-2095 + NOTE: https://github.com/golang/go/commit/2ddfc04d12da7028334ab4f8effbc3a78b92d9d2 (go1.21.2) + NOTE: https://github.com/golang/go/commit/31d5b604ac0adb58aec4870ac1b974c08312fd49 (go1.20.9) +CVE-2015-10126 (A vulnerability classified as critical was found in Easy2Map Photos Pl ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10125 (A vulnerability classified as problematic has been found in WP Ultimat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5423 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: ourceCodester Online Pizza Ordering System +CVE-2023-4570 (An improper access restriction in NI MeasurementLink Python services c ...) + NOT-FOR-US: NI MeasurementLink Python services +CVE-2023-4401 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...) + NOT-FOR-US: Dell +CVE-2023-45160 (In the affected version of the 1E Client, an ordinary user could subve ...) + NOT-FOR-US: 1E Client +CVE-2023-45159 (1E Client installer can perform arbitrary file deletion on protected f ...) + NOT-FOR-US: 1E Client +CVE-2023-44839 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44838 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44837 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44836 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44835 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44834 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44833 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44832 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44831 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44830 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44829 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44828 (D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflo ...) + NOT-FOR-US: D-Link +CVE-2023-44390 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...) + NOT-FOR-US: HtmlSanitizer .NET library +CVE-2023-44387 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (bug #1055177) + [bookworm] - gradle (Minor issue) + [bullseye] - gradle (Minor issue) + [buster] - gradle (Minor issue, requires local access to build machine) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-43r3-pqhv-f7h9 + NOTE: https://github.com/gradle/gradle/commit/3b406191e24d69e7e42dc3f3b5cc50625aa930b7 +CVE-2023-44386 (Vapor is an HTTP web framework for Swift. There is a denial of service ...) + NOT-FOR-US: Vapor +CVE-2023-44024 (SQL injection vulnerability in KnowBand Module One Page Checkout, Soci ...) + NOT-FOR-US: supercheckout +CVE-2023-43983 (Presto Changeo attributegrid up to 2.0.3 was discovered to contain a S ...) + NOT-FOR-US: Presto Changeo attributegrid +CVE-2023-43981 (Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a ...) + NOT-FOR-US: Presto Changeo testsitecreator +CVE-2023-43284 (D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail ...) + NOT-FOR-US: D-Link +CVE-2023-43260 (Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovere ...) + NOT-FOR-US: Milesight +CVE-2023-43073 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an Impro ...) + NOT-FOR-US: Dell +CVE-2023-43072 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an impro ...) + NOT-FOR-US: Dell +CVE-2023-43071 (Dell SmartFabric Storage Software v1.4 (and earlier) contains possible ...) + NOT-FOR-US: Dell +CVE-2023-43070 (Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path T ...) + NOT-FOR-US: Dell +CVE-2023-43069 (Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS ...) + NOT-FOR-US: Dell +CVE-2023-43068 (Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Co ...) + NOT-FOR-US: Dell +CVE-2023-40920 (Prixan prixanconnect up to v1.62 was discovered to contain a SQL injec ...) + NOT-FOR-US: Prixan +CVE-2023-32485 (Dell SmartFabric Storage Software version 1.3 and lower contain an imp ...) + NOT-FOR-US: Dell +CVE-2023-45198 (ftpd before "NetBSD-ftpd 20230930" can leak information about the host ...) + NOT-FOR-US: NetBSD ftpd +CVE-2023-44389 (Zope is an open-source web application server. The title property, ava ...) + NOT-FOR-US: Zope +CVE-2023-43877 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...) + NOT-FOR-US: Rite CMS +CVE-2023-43809 (Soft Serve is a self-hostable Git server for the command line. Prior t ...) + NOT-FOR-US: Soft Serve +CVE-2023-43805 (Nexkey is a fork of Misskey, an open source, decentralized social medi ...) + NOT-FOR-US: Nexkey +CVE-2023-43799 (Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL ...) + NOT-FOR-US: Altair +CVE-2023-43793 (Misskey is an open source, decentralized social media platform. Prior ...) + NOT-FOR-US: Misskey +CVE-2023-43321 (File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3. ...) + NOT-FOR-US: Digital China Networks DCFW-1800-SDC +CVE-2023-40299 (Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and a ...) + NOT-FOR-US: Kong Insomnia +CVE-2023-36619 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...) + NOT-FOR-US: Atos Unify OpenScape Session Border Controller +CVE-2023-36618 (Atos Unify OpenScape Session Border Controller through V10 R3.01.03 al ...) + NOT-FOR-US: Atos Unify OpenScape Session Border Controller +CVE-2023-35803 (IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Ove ...) + NOT-FOR-US: IQ Engine +CVE-2023-3430 (A vulnerability was found in OpenImageIO, where a heap buffer overflow ...) + - openimageio 2.4.13.0+dfsg-1 + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/issues/3840 + NOTE: https://github.com/AcademySoftwareFoundation/OpenImageIO/pull/3841 + NOTE: https://github.com/OpenImageIO/oiio/commit/5ff2c56dd28e96f67ed8f80d8a3d1235e51f9957 (v2.4.12.0) +CVE-2023-38473 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) + - avahi (bug #1054880) + [bookworm] - avahi (Minor issue) + [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) + NOTE: https://github.com/lathiat/avahi/issues/451 + NOTE: https://github.com/lathiat/avahi/pull/486 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 +CVE-2023-38472 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) + - avahi (bug #1054879) + [bookworm] - avahi (Minor issue) + [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) + NOTE: https://github.com/lathiat/avahi/issues/452 + NOTE: https://github.com/lathiat/avahi/pull/490 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 +CVE-2023-38471 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) + - avahi (bug #1054878) + [bookworm] - avahi (Minor issue) + [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) + NOTE: https://github.com/lathiat/avahi/issues/453 + NOTE: https://github.com/lathiat/avahi/pull/494 + NOTE: https://github.com/lathiat/avahi/commit/894f085f402e023a98cbb6f5a3d117bd88d93b09 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 +CVE-2023-38470 (A vulnerability was found in Avahi. A reachable assertion exists in th ...) + - avahi (bug #1054877) + [bookworm] - avahi (Minor issue) + [bullseye] - avahi (Minor issue) + [buster] - avahi (Minor issue; re-evaluate when fixed upstream) + NOTE: https://github.com/lathiat/avahi/issues/454 + NOTE: https://github.com/lathiat/avahi/pull/457 + NOTE: https://github.com/lathiat/avahi/commit/94cb6489114636940ac683515417990b55b5d66c + NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 +CVE-2023-38469 (A vulnerability was found in Avahi, where a reachable assertion exists ...) + - avahi (bug #1054876) + [bookworm] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) + [bullseye] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) + [buster] - avahi (Minor issue; can be mitigated by setting disable-user-service-publishing to yes) + NOTE: https://github.com/lathiat/avahi/issues/455 + NOTE: https://github.com/lathiat/avahi/pull/500 + NOTE: Fixed by: https://github.com/lathiat/avahi/commit/a337a1ba7d15853fb56deef1f464529af6e3a1cf + NOTE: Tests: https://github.com/lathiat/avahi/commit/c6cab87df290448a63323c8ca759baa516166237 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/06/4 +CVE-2023-5402 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5399 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5391 (A CWE-502: Deserialization of untrusted data vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2023-5377 (Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.) + - gpac (bug #1055122) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2606 + NOTE: https://github.com/gpac/gpac/commit/8e9d6b38c036a97020c462ad48e1132e0ddc57ce + NOTE: https://huntr.dev/bounties/fe778df4-3867-41d6-954b-211c81bccbbf +CVE-2023-5375 (Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.) + NOT-FOR-US: mosparo +CVE-2023-5374 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-5373 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-5371 (RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3. ...) + {DSA-5559-1} + - wireshark 4.0.10-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19322 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-27.html +CVE-2023-5113 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) + NOT-FOR-US: HP +CVE-2023-4997 (Improper authorisation of regular users in ProIntegra Uptime DC softwa ...) + NOT-FOR-US: ProIntegra Uptime DC software +CVE-2023-4497 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) + NOT-FOR-US: Easy Chat Server +CVE-2023-4496 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) + NOT-FOR-US: Easy Chat Server +CVE-2023-4495 (Easy Chat Server, in its 3.1 version and before, does not sufficiently ...) + NOT-FOR-US: Easy Chat Server +CVE-2023-4494 (Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 vers ...) + NOT-FOR-US: Easy Chat Server +CVE-2023-4493 (Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 versio ...) + NOT-FOR-US: Easy Address Book Web Server +CVE-2023-4492 (Vulnerability in Easy Address Book Web Server 1.6 version, affecting t ...) + NOT-FOR-US: Easy Address Book Web Server +CVE-2023-4491 (Buffer overflow vulnerability in Easy Address Book Web Server 1.6 vers ...) + NOT-FOR-US: Easy Address Book Web Server +CVE-2023-4090 (Cross-site Scripting (XSS) reflected vulnerability on WideStand until ...) + NOT-FOR-US: Widestand CMS +CVE-2023-4037 (Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interfac ...) + NOT-FOR-US: Conacwin +CVE-2023-44210 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-44209 (Local privilege escalation due to improper soft link handling. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-44208 (Sensitive information disclosure and manipulation due to missing autho ...) + NOT-FOR-US: Acronis +CVE-2023-44075 (Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a ...) + NOT-FOR-US: Small CRM in PHP +CVE-2023-43838 (An arbitrary file upload vulnerability in Personal Management System v ...) + NOT-FOR-US: Personal Management System +CVE-2023-43804 (urllib3 is a user-friendly HTTP client library for Python. urllib3 doe ...) + {DLA-3610-1} + - python-urllib3 1.26.17-1 (bug #1053626) + [bookworm] - python-urllib3 (Minor issue) + [bullseye] - python-urllib3 (Minor issue) + NOTE: https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f + NOTE: https://github.com/urllib3/urllib3/commit/01220354d389cd05474713f8c982d05c9b17aafb (1.26.17) +CVE-2023-43261 (An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 b ...) + NOT-FOR-US: Milesight +CVE-2023-42824 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-42809 (Redisson is a Java Redis client that uses the Netty framework. Prior t ...) + NOT-FOR-US: Redisson +CVE-2023-42808 (Common Voice is the web app for Mozilla Common Voice, a platform for c ...) + NOT-FOR-US: Mozilla Common Voice +CVE-2023-42449 (Hydra is the two-layer scalability solution for Cardano. Prior to vers ...) + NOT-FOR-US: Hydra +CVE-2023-42448 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...) + NOT-FOR-US: Hydra +CVE-2023-41094 (TouchLink packets processed after timeout or out of range due to Opera ...) + NOT-FOR-US: TouchLink +CVE-2023-40684 (IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOn ...) + NOT-FOR-US: IBM +CVE-2023-40561 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhance ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40559 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40376 (IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7. ...) + NOT-FOR-US: IBM +CVE-2023-3701 (Aqua Drive, in its 2.4 version, is vulnerable to a relative path trave ...) + NOT-FOR-US: Aqua Drive +CVE-2023-3665 (A code injection vulnerability in Trellix ENS 10.7.0 April 2023 releas ...) + NOT-FOR-US: Trellix +CVE-2023-3576 (A memory leak flaw was found in Libtiff's tiffcrop utility. This issue ...) + {DSA-5567-1} + - tiff 4.5.1~rc3-1 + [buster] - tiff (Minor issue, memory leak in CLI tool) + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/475 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1d5b1181c980090a6518f11e61a18b0e268bf31a (v4.5.1rc1) +CVE-2023-3512 (Relative path traversal vulnerability in Setelsa Security's ConacWin C ...) + NOT-FOR-US: Conacwin +CVE-2023-3038 (SQL injection vulnerability in HelpDezk Community affecting version 1. ...) + NOT-FOR-US: HelpDezk Community +CVE-2023-3037 (Improper authorization vulnerability in HelpDezk Community affecting v ...) + NOT-FOR-US: HelpDezk Community +CVE-2023-39194 (A flaw was found in the XFRM subsystem in the Linux kernel. The specif ...) + - linux 6.4.13-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1492/ + NOTE: https://git.kernel.org/linus/dfa73c17d55b921e1d4e154976de35317e43a93a (6.5-rc7) +CVE-2023-39193 (A flaw was found in the Netfilter subsystem in the Linux kernel. The s ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1491/ + NOTE: https://git.kernel.org/linus/e99476497687ef9e850748fe6d232264f30bc8f9 (6.6-rc1) +CVE-2023-39192 (A flaw was found in the Netfilter subsystem in the Linux kernel. The x ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1490/ + NOTE: https://git.kernel.org/linus/69c5d284f67089b4750d28ff6ac6f52ec224b330 (6.6-rc1) +CVE-2023-39191 (An improper input validation flaw was found in the eBPF subsystem in t ...) + - linux 6.3.7-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1489/ + NOTE: Debian sets BPF_UNPRIV_DEFAULT_OFF=y +CVE-2023-38701 (Hydra is the layer-two scalability solution for Cardano. Users of the ...) + NOT-FOR-US: Hydra +CVE-2023-38538 (A race condition in an event subsystem led to a heap use-after-free is ...) + NOT-FOR-US: Whatsapp +CVE-2023-38537 (A race condition in a network transport subsystem led to a heap use-af ...) + NOT-FOR-US: Whatsapp +CVE-2023-37995 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...) + NOT-FOR-US: Chetan Gole WP-Copy +CVE-2023-2809 (Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 ...) + NOT-FOR-US: Sage +CVE-2023-5370 (On CPU 0 the check for the SMCCC workaround is called before SMCCC sup ...) + NOT-FOR-US: FreeBSD +CVE-2023-5369 (Before correction, thecopy_file_rangesystem call checked only for the ...) + NOT-FOR-US: FreeBSD +CVE-2023-5368 (On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls u ...) + NOT-FOR-US: FreeBSD +CVE-2023-5357 (The Instagram for WordPress plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Instagram for WordPress plugin for WordPress +CVE-2023-5291 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: Blog Filter plugin for WordPress +CVE-2023-44974 (An arbitrary file upload vulnerability in the component /admin/plugin. ...) + NOT-FOR-US: emlog +CVE-2023-44973 (An arbitrary file upload vulnerability in the component /content/templ ...) + NOT-FOR-US: emlog +CVE-2023-44272 (A cross-site scripting vulnerability exists in Citadel versions prior ...) + - webcit + [buster] - webcit (Minor issue) + NOTE: https://code.citadel.org/citadel/citadel/-/commit/f0dac5ff074ad686fa71ea663c8ead107bd3041e (v994) +CVE-2023-43953 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: SSCMS +CVE-2023-43952 (SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (X ...) + NOT-FOR-US: SSCMS +CVE-2023-43951 (SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: SSCMS +CVE-2023-43898 (Nothings stb 2.28 was discovered to contain a Null Pointer Dereference ...) + - libstb (bug #1053627) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + [buster] - libstb (Minor issue, DoS / clean crash) + NOTE: https://github.com/nothings/stb/issues/1452 + NOTE: Proposed fixes: https://github.com/nothings/stb/pull/1454 + NOTE: https://github.com/nothings/stb/issues/1521 +CVE-2023-43176 (A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allo ...) + NOT-FOR-US: Afterlogic Aurora Files +CVE-2023-40519 (A cross-site scripting (XSS) vulnerability in the bpk-common/auth/logi ...) + NOT-FOR-US: Broadpeak Centralized Accounts Management Auth Agent +CVE-2023-3213 (The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Mail SMTP Pro plugin for WordPress +CVE-2023-39651 (Improper neutralization of SQL parameter in Theme Volty CMS BrandList ...) + NOT-FOR-US: PrestaShop module +CVE-2023-39649 (Improper neutralization of SQL parameter in Theme Volty CMS Category S ...) + NOT-FOR-US: PrestaShop module +CVE-2023-39648 (Improper neutralization of SQL parameter in Theme Volty CMS Testimonia ...) + NOT-FOR-US: PrestaShop module +CVE-2023-39647 (Improper neutralization of SQL parameter in Theme Volty CMS Category P ...) + NOT-FOR-US: PrestaShop module +CVE-2023-39646 (Improper neutralization of SQL parameter in Theme Volty CMS Category C ...) + NOT-FOR-US: PrestaShop module +CVE-2023-39645 (Improper neutralization of SQL parameter in Theme Volty CMS Payment Ic ...) + NOT-FOR-US: PrestaShop module +CVE-2023-37404 (IBM Observability with Instana 1.0.243 through 1.0.254 could allow an ...) + NOT-FOR-US: IBM +CVE-2023-35905 (IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-33273 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-33272 (An issue was discovered in DTS Monitoring 3.57.0. The parameter ip wit ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-33271 (An issue was discovered in DTS Monitoring 3.57.0. The parameter common ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-33270 (An issue was discovered in DTS Monitoring 3.57.0. The parameter url wi ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-33269 (An issue was discovered in DTS Monitoring 3.57.0. The parameter option ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-33268 (An issue was discovered in DTS Monitoring 3.57.0. The parameter port w ...) + NOT-FOR-US: DTS Monitoring +CVE-2023-5366 (A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertise ...) + - openvswitch 3.1.2-1 + [bookworm] - openvswitch (Minor issue) + [bullseye] - openvswitch (Minor issue) + [buster] - openvswitch (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2006347 + NOTE: https://github.com/openvswitch/ovs/commit/694c7b4e097c4d89e23ea9b3c7b677b4fcbe0459 (v3.1.2) + NOTE: https://github.com/openvswitch/ovs/commit/489553b1c21692063931a9f50b6849b23128443c (v3.2.0) +CVE-2023-4610 + REJECTED +CVE-2023-5353 (Improper Access Control in GitHub repository salesagility/suitecrm pri ...) + NOT-FOR-US: suitecrm +CVE-2023-5351 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) + NOT-FOR-US: suitecrm +CVE-2023-5350 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14 ...) + NOT-FOR-US: suitecrm +CVE-2023-5255 (For certificates that utilize the auto-renew feature in Puppet Server, ...) + - puppet (Introduced in Puppet Server 8.2) + - puppetserver (Introduced in Puppet Server 8.2) + NOTE: https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates +CVE-2023-4929 (All firmware versions of the NPort 5000 Series are affected by an impr ...) + NOT-FOR-US: Moxa +CVE-2023-4886 (A sensitive information exposure vulnerability was found in foreman. C ...) + - foreman (bug #663101) +CVE-2023-4885 (Man in the Middle vulnerability, which could allow an attacker to inte ...) + NOT-FOR-US: Open5GS +CVE-2023-4884 (An attacker could send an HTTP request to an Open5GS endpoint and retr ...) + NOT-FOR-US: Open5GS +CVE-2023-4883 (Invalid pointer release vulnerability. Exploitation of this vulnerabil ...) + NOT-FOR-US: Open5GS +CVE-2023-4882 (DOS vulnerability that could allow an attacker to register a new VNF ( ...) + NOT-FOR-US: Open5GS +CVE-2023-4817 (This vulnerability allows an authenticated attacker to upload maliciou ...) + NOT-FOR-US: ICP DAS +CVE-2023-4732 (A flaw was found in pfn_swap_entry_to_page in memory management subsys ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2236982 + NOTE: https://git.kernel.org/linus/8f34f1eac3820fc2722e5159acceb22545b30b0d (5.14-rc1) +CVE-2023-4564 (This vulnerability could allow an attacker to store a malicious JavaSc ...) + NOT-FOR-US: Capensis +CVE-2023-4103 (QSige statistics are affected by a remote SQLi vulnerability. It has b ...) + NOT-FOR-US: QSige +CVE-2023-4102 (QSige login SSO does not have an access control mechanism to verify wh ...) + NOT-FOR-US: QSige +CVE-2023-4101 (The QSige login SSO does not have an access control mechanism to verif ...) + NOT-FOR-US: QSige +CVE-2023-4100 (Allows an attacker to perform XSS attacks stored on certain resources. ...) + NOT-FOR-US: QSige +CVE-2023-4099 (The QSige Monitor application does not have an access control mechanis ...) + NOT-FOR-US: QSige +CVE-2023-4098 (It has been identified that the web application does not correctly fil ...) + NOT-FOR-US: QSige +CVE-2023-4097 (The file upload functionality is not implemented correctly and allows ...) + NOT-FOR-US: QSige +CVE-2023-43976 (An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to ...) + NOT-FOR-US: CatoNetworks CatoClient +CVE-2023-42508 (JFrog Artifactory prior to version 7.66.0 is vulnerable to specific en ...) + NOT-FOR-US: JFrog Artifactory +CVE-2023-41693 (Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview My ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41244 (Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40830 (Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index p ...) + NOT-FOR-US: Tenda +CVE-2023-40558 (Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40212 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40210 (Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40202 (Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40201 (Cross-Site Request Forgery (CSRF) vulnerability inFuturioWP Futurio Ex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40199 (Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like But ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40198 (Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Coo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40009 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3654 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) + NOT-FOR-US: cashIT! +CVE-2023-3350 (A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, ...) + NOT-FOR-US: IBERMATICA +CVE-2023-3349 (Information exposure vulnerability in IBERMATICA RPS 2019, which explo ...) + NOT-FOR-US: IBERMATICA +CVE-2023-3196 (This vulnerability could allow an attacker to store a malicious JavaSc ...) + NOT-FOR-US: Capensis +CVE-2023-39989 (Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Foo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39923 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39917 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39165 (Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39159 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39158 (Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38398 (Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <=2. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38396 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38390 (Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38381 (Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyB ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37998 (Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37996 (Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37992 (Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertain ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37991 (Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37990 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37891 (Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34970 (A local non-privileged user can make improper GPU processing operation ...) + NOT-FOR-US: Arm +CVE-2023-33200 (A local non-privileged user can make improper GPU processing operation ...) + NOT-FOR-US: Arm +CVE-2023-32792 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...) + NOT-FOR-US: NXLog Manager +CVE-2023-32791 (Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5 ...) + NOT-FOR-US: NXLog Manager +CVE-2023-32790 (Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 ver ...) + NOT-FOR-US: NXLog Manager +CVE-2023-32671 (A stored XSS vulnerability has been found on BuddyBoss Platform affect ...) + NOT-FOR-US: BuddyBoss +CVE-2023-32670 (Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , whi ...) + NOT-FOR-US: BuddyBoss +CVE-2023-32669 (Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exp ...) + NOT-FOR-US: BuddyBoss +CVE-2023-32091 (Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <=0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2830 (Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Te ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2681 (An SQL Injection vulnerability has been found on Jorani version 1.0.0. ...) + NOT-FOR-US: Jorani +CVE-2023-2544 (Authorization bypass vulnerability in UPV PEIX, affecting the componen ...) + NOT-FOR-US: UPV PEIX +CVE-2023-4693 (An out-of-bounds read flaw was found on grub2's NTFS filesystem driver ...) + {DSA-5519-1 DLA-3605-1} + - grub2 2.12~rc1-11 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html + NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/ +CVE-2023-4692 (An out-of-bounds write flaw was found in grub2's NTFS filesystem drive ...) + {DSA-5519-1 DLA-3605-1} + - grub2 2.12~rc1-11 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html + NOTE: https://lore.kernel.org/all/ZRxK8s4nQV2jBq%2F9@tomti.i.net-space.pl/ +CVE-2023-4911 (A buffer overflow was discovered in the GNU C Library's dynamic loader ...) + {DSA-5514-1} + - glibc 2.37-12 + [buster] - glibc (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/2 + NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=2ed18c5b534d9e92fc006202a5af0df6b72e7aca (glibc-2.34; backported in debian/2.31-12) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa + NOTE: https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt +CVE-2023-43789 (A vulnerability was found in libXpm where a vulnerability exists due t ...) + {DSA-5516-1 DLA-3603-1} + - libxpm 1:3.5.17-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/7e21cb63b9a1ca760a06cc4cd9b19bbc3fcd8f51 +CVE-2023-43788 (A vulnerability was found in libXpm due to a boundary condition within ...) + {DSA-5516-1 DLA-3603-1} + - libxpm 1:3.5.17-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/2fa554b01ef6079a9b35df9332bdc4f139ed67e0 +CVE-2023-43787 (A vulnerability was found in libX11 due to an integer overflow within ...) + {DSA-5517-1 DLA-3602-1} + - libx11 2:1.8.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/7916869d16bdd115ac5be30a67c3749907aea6a0 + NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/91f887b41bf75648df725a4ed3be036da02e911e +CVE-2023-43786 (A vulnerability was found in libX11 due to an infinite loop within the ...) + {DSA-5517-1 DLA-3602-1} + - libx11 2:1.8.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/204c3393c4c90a29ed6bef64e43849536e863a86 + NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/73a37d5f2fcadd6540159b432a70d80f442ddf4a + NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/b4031fc023816aca07fbd592ed97010b9b48784b + NOTE: Hardening: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/84fb14574c039f19ad7face87eb9acc31a50701c +CVE-2023-43785 (A vulnerability was found in libX11 due to a boundary condition within ...) + {DSA-5517-1 DLA-3602-1} + - libx11 2:1.8.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/03/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/6858d468d9ca55fb4c5fd70b223dbc78a3358a7f +CVE-2023-5346 (Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed ...) + {DSA-5515-1} + - chromium 117.0.5938.149-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5345 (A use-after-free vulnerability in the Linux kernel's fs/smb/client com ...) + - linux 6.5.6-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e6e43b8aa7cd3c3af686caf0c2e11819a886d705 + NOTE: https://kernel.dance/#e6e43b8aa7cd3c3af686caf0c2e11819a886d705 +CVE-2023-5344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.2018-1 (bug #1053694) + [bookworm] - vim (Minor issue) + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue, 1-byte overflow) + NOTE: https://github.com/vim/vim/commit/3bd7fa12e146c6051490d048a4acbfba974eeb04 + NOTE: https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf +CVE-2023-5341 (A heap use-after-free flaw was found in coders/bmp.c in ImageMagick.) + - imagemagick 8:6.9.12.98+dfsg1-2 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1 (7.1.1-19) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/405684654eb9b43424c3c0276ea343681021d9e0 (6.9.12-97) +CVE-2023-5334 (The WP Responsive header image slider plugin for WordPress is vulnerab ...) + NOT-FOR-US: WP Responsive header image slider plugin for WordPress +CVE-2023-5290 + REJECTED +CVE-2023-5160 (Mattermost fails to check the Show Full Name option at the /api/v4/tea ...) + - mattermost-server (bug #823556) +CVE-2023-5106 (An issue has been discovered in Ultimate-licensed GitLab EE affecting ...) + - gitlab (Specific to EE) +CVE-2023-4659 (Cross-Site Request Forgery vulnerability, whose exploitation could all ...) + NOT-FOR-US: free5GC +CVE-2023-44479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44477 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44474 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44463 (An issue was discovered in pretix before 2023.7.1. Incorrect parsing o ...) + NOT-FOR-US: pretix +CVE-2023-44266 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44265 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44264 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44263 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riya ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44262 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renz ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44245 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Con ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44244 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44242 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44239 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44230 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44218 (A flaw within the SonicWall NetExtender Pre-Logon feature enables an u ...) + NOT-FOR-US: SonicWall +CVE-2023-44217 (A local privilege escalation vulnerability in SonicWall Net Extender M ...) + NOT-FOR-US: SonicWall +CVE-2023-44145 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44144 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44012 (Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a re ...) + NOT-FOR-US: mojoPortal +CVE-2023-44011 (An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute a ...) + NOT-FOR-US: mojoPortal +CVE-2023-44009 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) + NOT-FOR-US: mojoPortal +CVE-2023-44008 (File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote atta ...) + NOT-FOR-US: mojoPortal +CVE-2023-43980 (Presto Changeo testsitecreator up to v1.1.1 was discovered to contain ...) + NOT-FOR-US: Presto Changeo testsitecreator +CVE-2023-43893 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-43892 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-43891 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-43890 (Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection v ...) + NOT-FOR-US: Netis +CVE-2023-43836 (There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, ...) + NOT-FOR-US: Jizhicms +CVE-2023-43835 (Super Store Finder 3.7 and below is vulnerable to authenticated Arbitr ...) + NOT-FOR-US: Super Store Finder +CVE-2023-43627 (Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earl ...) + NOT-FOR-US: ACERA firmware +CVE-2023-43361 (Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local a ...) + - vorbis-tools (unimportant) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/xiph/vorbis-tools/issues/41 + NOTE: https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/7 +CVE-2023-43297 (An issue in animal-art-lab v13.6.1 allows attackers to send crafted no ...) + NOT-FOR-US: animal-art-lab +CVE-2023-43268 (Deyue Remote Vehicle Management System v1.1 was discovered to contain ...) + NOT-FOR-US: Deyue Remote Vehicle Management System +CVE-2023-43267 (A cross-site scripting (XSS) vulnerability in the publish article func ...) + NOT-FOR-US: emlog +CVE-2023-42771 (Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 a ...) + NOT-FOR-US: ACERA firmware +CVE-2023-41859 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Asho ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41856 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41855 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41847 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41800 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniC ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41797 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41580 (Phpipam before v1.5.2 was discovered to contain a LDAP injection vulne ...) + - phpipam (bug #731713) +CVE-2023-41086 (Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTE ...) + NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices +CVE-2023-40744 + REJECTED +CVE-2023-3967 (Allocation of Resources Without Limits or Throttling vulnerability in ...) + NOT-FOR-US: Hitachi +CVE-2023-3770 (Incorrect validation vulnerability of the data entered, allowing an at ...) + NOT-FOR-US: Ingeteam +CVE-2023-3769 (Incorrect data input validation vulnerability, which could allow an at ...) + NOT-FOR-US: Ingeteam +CVE-2023-3768 (Incorrect data input validation vulnerability, which could allow an at ...) + NOT-FOR-US: Ingeteam +CVE-2023-3744 (Server-Side Request Forgery vulnerability in SLims version 9.6.0. This ...) + NOT-FOR-US: SLiMS +CVE-2023-3656 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) + NOT-FOR-US: cashIT! +CVE-2023-3655 (cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwic ...) + NOT-FOR-US: cashIT! +CVE-2023-3440 (Incorrect Default Permissions vulnerability in Hitachi JP1/Performance ...) + NOT-FOR-US: IBM +CVE-2023-3335 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + NOT-FOR-US: Hitachi +CVE-2023-39429 (Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN acce ...) + NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices +CVE-2023-39222 (OS command injection vulnerability in FURUNO SYSTEMS wireless LAN acce ...) + NOT-FOR-US: FURUNO SYSTEMS wireless LAN access point devices +CVE-2023-37605 (Weak Exception Handling vulnerability in baramundi software GmbH EMM A ...) + NOT-FOR-US: baramundi +CVE-2023-36628 (A flaw exists in VASA which allows users with access to a vSphere/ESXi ...) + NOT-FOR-US: VASA +CVE-2023-36627 (A flaw exists in FlashBlade Purity whereby a user with access to an ad ...) + NOT-FOR-US: FlashBlade Purity +CVE-2023-33039 (Memory corruption in Automotive Display while destroying the image han ...) + NOT-FOR-US: Qualcomm +CVE-2023-33035 (Memory corruption while invoking callback function of AFE from ADSP.) + NOT-FOR-US: Qualcomm +CVE-2023-33034 (Memory corruption while parsing the ADSP response command.) + NOT-FOR-US: Qualcomm +CVE-2023-33029 (Memory corruption in DSP Service during a remote call from HLOS to DSP ...) + NOT-FOR-US: Qualcomm +CVE-2023-33028 (Memory corruption in WLAN Firmware while doing a memory copy of pmk ca ...) + NOT-FOR-US: Qualcomm +CVE-2023-33027 (Transient DOS in WLAN Firmware while parsing rsn ies.) + NOT-FOR-US: Qualcomm +CVE-2023-33026 (Transient DOS in WLAN Firmware while parsing a NAN management frame.) + NOT-FOR-US: Qualcomm +CVE-2023-32572 (A flaw exists in FlashArray Purity wherein under limited circumstances ...) + NOT-FOR-US: FlashArray Purity +CVE-2015-10124 (A vulnerability was found in Most Popular Posts Widget Plugin up to 0. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5329 (A vulnerability classified as problematic was found in Field Logic Dat ...) + NOT-FOR-US: Field Logic DataCube4 +CVE-2023-5328 (A vulnerability classified as critical has been found in SATO CL4NX-J ...) + NOT-FOR-US: SATO CL4NX-J Plus +CVE-2023-5327 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...) + NOT-FOR-US: SATO CL4NX-J Plus +CVE-2023-5326 (A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has ...) + NOT-FOR-US: SATO CL4NX-J Plus +CVE-2023-5324 (A vulnerability has been found in eeroOS up to 6.16.4-11 and classifie ...) + NOT-FOR-US: eeroOS +CVE-2023-4211 (A local non-privileged user can make improper GPU memory processing op ...) + NOT-FOR-US: Arm +CVE-2023-42132 (FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly ...) + NOT-FOR-US: FD Application Apr. 2022 Edition +CVE-2023-41737 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in niga ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin YYDev ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41731 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41729 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Send ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41728 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41692 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennesse ...) + NOT-FOR-US: WordPress theme +CVE-2023-32830 (In TVAPI, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: Mediatek +CVE-2023-32829 (In apusys, there is a possible out of bounds write due to an integer o ...) + NOT-FOR-US: Mediatek +CVE-2023-32828 (In vpu, there is a possible out of bounds write due to an integer over ...) + NOT-FOR-US: Mediatek +CVE-2023-32827 (In camera middleware, there is a possible out of bounds write due to a ...) + NOT-FOR-US: Mediatek +CVE-2023-32826 (In camera middleware, there is a possible out of bounds write due to a ...) + NOT-FOR-US: Mediatek +CVE-2023-32824 (In rpmb , there is a possible double free due to improper locking. Thi ...) + NOT-FOR-US: Mediatek +CVE-2023-32823 (In rpmb , there is a possible memory corruption due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-32822 (In ftm, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-32821 (In video, there is a possible out of bounds write due to a permissions ...) + NOT-FOR-US: Mediatek +CVE-2023-32820 (In wlan firmware, there is a possible firmware assertion due to improp ...) + NOT-FOR-US: Mediatek +CVE-2023-32819 (In display, there is a possible information disclosure due to a missin ...) + NOT-FOR-US: Mediatek +CVE-2023-5323 (Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dol ...) + - dolibarr +CVE-2023-5322 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + NOT-FOR-US: D-Link +CVE-2023-5112 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-5111 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43907 (OptiPNG v0.7.7 was discovered to contain a global buffer overflow via ...) + - optipng (unimportant; bug #1055668) + NOTE: https://sourceforge.net/p/optipng/bugs/87/ + NOTE: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer-overflow1/optipng-global-buffer-overflow1.md + NOTE: Crash in CLI tool, no security impact +CVE-2023-43735 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43734 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43733 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43732 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43731 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43730 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43729 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43728 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43727 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43726 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43725 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43724 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43723 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43722 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43721 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43720 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43719 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43718 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43717 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43716 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43715 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43714 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43713 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43712 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-5321 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...) + NOT-FOR-US: hamza417/inure +CVE-2023-5313 (A vulnerability classified as problematic was found in phpkobo Ajax Po ...) + NOT-FOR-US: phpkobo Ajax Poll Script +CVE-2023-5305 (A vulnerability was found in Online Banquet Booking System 1.0 and cla ...) + NOT-FOR-US: Online Banquet Booking System +CVE-2023-5304 (A vulnerability has been found in Online Banquet Booking System 1.0 an ...) + NOT-FOR-US: Online Banquet Booking System +CVE-2023-5303 (A vulnerability, which was classified as problematic, was found in Onl ...) + NOT-FOR-US: Online Banquet Booking System +CVE-2023-5302 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5301 (A vulnerability classified as critical was found in DedeCMS 5.7.111. T ...) + NOT-FOR-US: DedeCMS +CVE-2023-5300 (A vulnerability classified as critical has been found in TTSPlanning u ...) + NOT-FOR-US: TTSPlanning +CVE-2023-5207 (A vulnerability was discovered in GitLab CE and EE affecting all versi ...) + - gitlab +CVE-2023-44488 (VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash rela ...) + {DSA-5518-1 DLA-3598-1} + - libvpx 1.12.0-1.2 + NOTE: https://github.com/webmproject/libvpx/commit/263682c9a29395055f3b3afe2d97be1828a6223f (main) + NOTE: https://github.com/webmproject/libvpx/commit/df9fd9d5b7325060b2b921558a1eb20ca7880937 (v1.13.1) + NOTE: http://www.openwall.com/lists/oss-security/2023/09/30/4 +CVE-2022-4956 (A vulnerability classified as critical has been found in Caphyon Advan ...) + NOT-FOR-US: Caphyon Advanced Installer +CVE-2023-5320 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5319 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5318 (Use of Hard-coded Credentials in GitHub repository microweber/microweb ...) + NOT-FOR-US: microweber +CVE-2023-5317 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5316 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5298 (A vulnerability was found in Tongda OA 2017. It has been rated as crit ...) + NOT-FOR-US: Tongda OA +CVE-2023-5297 (A vulnerability was found in Xinhu RockOA 2.3.2. It has been classifie ...) + NOT-FOR-US: Xinhu RockOA +CVE-2023-5296 (A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and clas ...) + NOT-FOR-US: Xinhu RockOA +CVE-2023-5295 (The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: Blog Filter plugin for WordPress +CVE-2023-5294 (A vulnerability has been found in ECshop 4.1.1 and classified as criti ...) + NOT-FOR-US: ECshop +CVE-2023-5293 (A vulnerability, which was classified as critical, was found in ECshop ...) + NOT-FOR-US: ECshop +CVE-2023-5227 (Unrestricted Upload of File with Dangerous Type in GitHub repository t ...) + NOT-FOR-US: phpmyfaq +CVE-2023-5201 (The OpenHook plugin for WordPress is vulnerable to Remote Code Executi ...) + NOT-FOR-US: OpenHook plugin for WordPress +CVE-2023-44270 (An issue was discovered in PostCSS before 8.4.31. The vulnerability af ...) + - node-postcss 8.4.31+~cs8.0.26-1 (bug #1053282) + [bookworm] - node-postcss (Minor issue) + [bullseye] - node-postcss (Minor issue) + [buster] - node-postcss (Minor issue) + NOTE: https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 (8.4.31) +CVE-2023-43711 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43710 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43709 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43708 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43707 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43706 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43705 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43704 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43703 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-43702 (Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: Os Commerce +CVE-2023-5289 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2023-5288 (A remote unauthorized attacker may connect to the SIM1012, interact wi ...) + NOT-FOR-US: SICK SIM1012 +CVE-2023-5287 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: BEECMS +CVE-2023-5286 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Expense Tracker App +CVE-2023-5285 (A vulnerability classified as critical was found in Tongda OA 2017. Af ...) + NOT-FOR-US: Tongda OA +CVE-2023-5284 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5283 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5282 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5281 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5280 (A vulnerability was found in SourceCodester Engineers Online Portal 1. ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5279 (A vulnerability has been found in SourceCodester Engineers Online Port ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5278 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5277 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5276 (A vulnerability classified as critical was found in SourceCodester Eng ...) + NOT-FOR-US: SourceCodester Engineers Online Portal +CVE-2023-5273 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5272 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5271 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5270 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5269 (A vulnerability was found in SourceCodester Best Courier Management Sy ...) + NOT-FOR-US: SourceCodester Best Courier Management System +CVE-2023-5268 (A vulnerability was found in DedeBIZ 6.2 and classified as critical. T ...) + NOT-FOR-US: DedeBIZ +CVE-2023-5267 (A vulnerability has been found in Tongda OA 2017 and classified as cri ...) + NOT-FOR-US: Tongda OA +CVE-2023-5266 (A vulnerability, which was classified as critical, was found in DedeBI ...) + NOT-FOR-US: DedeBIZ +CVE-2023-5265 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: Tongda OA +CVE-2023-5264 (A vulnerability classified as critical was found in huakecms 3.0. Affe ...) + NOT-FOR-US: huakecms +CVE-2023-5263 (A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. ...) + NOT-FOR-US: ZZZCMS +CVE-2023-5262 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classif ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-5261 (A vulnerability, which was classified as critical, was found in Tongda ...) + NOT-FOR-US: Tongda OA +CVE-2023-5260 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Simple Membership System +CVE-2023-5259 (A vulnerability classified as problematic was found in ForU CMS. This ...) + NOT-FOR-US: ForU CMS +CVE-2023-5258 (A vulnerability classified as critical has been found in OpenRapid Rap ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-5257 (A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It ...) + NOT-FOR-US: WhiteHSBG JNDIExploit +CVE-2023-5196 (Mattermost fails to enforce character limits in all possible notificat ...) + - mattermost-server (bug #823556) +CVE-2023-5195 (Mattermost fails to properly validate the permissions when soft deleti ...) + - mattermost-server (bug #823556) +CVE-2023-5194 (Mattermost fails to properly validate permissions when demoting and de ...) + - mattermost-server (bug #823556) +CVE-2023-5193 (Mattermost fails to properly check permissions when retrieving a post ...) + - mattermost-server (bug #823556) +CVE-2023-5159 (Mattermost fails to properly verify the permissions when managing/upda ...) + - mattermost-server (bug #823556) +CVE-2023-43944 (A Stored Cross Site Scripting (XSS) vulnerability was found in SourceC ...) + NOT-FOR-US: SourceCodester Task Management System +CVE-2023-43909 (Hospital Management System thru commit 4770d was discovered to contain ...) + NOT-FOR-US: Hospital Management System +CVE-2023-43655 (Composer is a dependency manager for PHP. Users publishing a composer. ...) + - composer 2.6.4-1 + [bookworm] - composer (Minor issue) + [bullseye] - composer (Minor issue) + [buster] - composer (Minor issue, only a problem when configured improperly) + NOTE: https://github.com/composer/composer/security/advisories/GHSA-jm6m-4632-36hf + NOTE: https://github.com/composer/composer/commit/4fce14795aba98e40b6c4f5047305aba17a6120d (1.10.27) + NOTE: https://github.com/composer/composer/commit/95e091c921037b7b6564942845e7b738f6b95c9c (2.2.22) + NOTE: https://github.com/composer/composer/commit/955a48e6319c8962e5cd421b07c00ab3c728968c (2.6.4) +CVE-2023-41691 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41687 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41666 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovamba ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41662 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41661 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41658 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41657 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grou ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41655 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3413 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3024 (Forcing the Bluetooth LE stack to segment 'prepare write response' pac ...) + NOT-FOR-US: Silabs +CVE-2023-39410 (When deserializing untrusted or corrupted data, it is possible for a r ...) + NOT-FOR-US: Apache Avro +CVE-2023-39308 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedbac ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5198 (An issue has been discovered in GitLab affecting all versions prior to ...) + - gitlab +CVE-2023-5185 (Gym Management System Project v1.0 is vulnerable to an Insecure File ...) + NOT-FOR-US: Gym Management System Project +CVE-2023-5077 (The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine d ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-5053 (Hospital management system version 378c157 allows to bypass authentica ...) + NOT-FOR-US: Hospital management system +CVE-2023-5004 (Hospital management system version 378c157 allows to bypass authentica ...) + NOT-FOR-US: Hospital management system +CVE-2023-4532 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-4316 (Zod in version 3.22.2 allows an attacker to perform a denial of servic ...) + NOT-FOR-US: Zod +CVE-2023-44469 (A Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...) + {DLA-3612-1} + - lemonldap-ng 2.17.1+ds-1 + [bookworm] - lemonldap-ng 2.16.1+ds-deb12u2 + [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u5 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2998 + NOTE: https://security.lauritz-holtmann.de/post/sso-security-ssrf/ +CVE-2023-44466 (An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel ...) + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a282a2f10539dce2aa619e71e1817570d557fc97 (6.5-rc2) +CVE-2023-44464 (pretix before 2023.7.2 allows Pillow to parse EPS files.) + NOT-FOR-US: pretix +CVE-2023-44174 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44173 (Online Movie Ticket Booking System v1.0 is vulnerable to an authentic ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44168 (The 'phone' parameter of the process_registration.php resource does n ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44167 (The 'name' parameter of the process_registration.php resource does no ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44166 (The 'age' parameter of the process_registration.php resource does not ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44165 (The 'Password' parameter of the process_login.php resource does not v ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44164 (The 'Email' parameter of the process_login.php resource does not vali ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-44163 (The 'search' parameter of the process_search.php resource does not va ...) + NOT-FOR-US: Online Movie Ticket Booking System +CVE-2023-43740 (Online Book Store Project v1.0 is vulnerable to an Insecure File Uploa ...) + NOT-FOR-US: Online Book Store Project +CVE-2023-43739 (The 'bookisbn' parameter of the cart.php resource does not validate t ...) + NOT-FOR-US: Online Book Store Project +CVE-2023-43665 (In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, ...) + - python-django 3:4.2.6-1 (bug #1053475) + [bookworm] - python-django (Minor issue, fix along in future update) + [bullseye] - python-django (Minor issue, fix along in future update) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/04/6 + NOTE: https://www.djangoproject.com/weblog/2023/oct/04/security-releases/ + NOTE: https://github.com/django/django/commit/17b51094d778b421bb2b3aae0c270894b050455d (main) + NOTE: https://github.com/django/django/commit/be9c27c4d18c2e6a5be8af4e53c0797440794473 (4.2.6) + NOTE: https://github.com/django/django/commit/ccdade1a0262537868d7ca64374de3d957ca50c5 (3.2.22) +CVE-2023-43662 (ShokoServer is a media server which specializes in organizing anime. I ...) + NOT-FOR-US: ShokoServer +CVE-2023-43654 (TorchServe is a tool for serving and scaling PyTorch models in product ...) + NOT-FOR-US: TorchServe +CVE-2023-43014 (Asset Management System v1.0 is vulnerable to an Authenticated SQL In ...) + NOT-FOR-US: Asset Management System +CVE-2023-43013 (Asset Management System v1.0 is vulnerable to an unauthenticated SQL ...) + NOT-FOR-US: Asset Management System +CVE-2023-3979 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3922 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3920 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3917 (Denial of Service in pipelines affecting all versions of Gitlab EE and ...) + - gitlab +CVE-2023-3914 (A business logic error in GitLab EE affecting all versions prior to 16 ...) + - gitlab (Specific to EE) +CVE-2023-3906 (An input validation issue in the asset proxy in GitLab EE, affecting a ...) + - gitlab (Specific to EE) +CVE-2023-3775 (A Vault Enterprise Sentinel Role Governing Policy created by an operat ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-3115 (An issue has been discovered in GitLab EE affecting all versions affec ...) + - gitlab (Specific to EE) +CVE-2023-32477 (Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an im ...) + NOT-FOR-US: Dell +CVE-2023-5256 (In certain scenarios, Drupal's JSON:API module will output error backt ...) + - drupal7 +CVE-2023-5871 (A flaw was found in libnbd, due to a malicious Network Block Device (N ...) + - libnbd 1.18.1-1 (bug #1055170) + [bookworm] - libnbd (Vulnerable code not present) + [bullseye] - libnbd (Vulnerable code not present) + NOTE: https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/PFVUCMPFQUDC23JXSCUUPXIGDZ7XCFMD/ + NOTE: Introduced by: https://gitlab.com/nbdkit/libnbd/-/commit/20dadb0e10fc7236c763e3cf8c55fcc92ef28623 (v1.17.4) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/177308adb17e81fce7c0f2b2fcf655c5c0b6a4d6 (master) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/4451e5b61ca07771ceef3e012223779e7a0c7701 (stable-1.18) +CVE-2023-5215 (A flaw was found in libnbd. A server can reply with a block size large ...) + - libnbd 1.16.5-1 + [bookworm] - libnbd (Minor issue) + [bullseye] - libnbd (Minor issue) + NOTE: https://listman.redhat.com/archives/libguestfs/2023-September/032635.html + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/0f8ee8c6bd6dd93de771e6d4da87ec5a59504aae (v1.18.0) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/f03330181229360a1a97a264aa956fea54c657de (v1.16.5) +CVE-2023-43884 (A Cross-site scripting (XSS) vulnerability in Reference ID from the pa ...) + NOT-FOR-US: Subrion CMS +CVE-2023-43879 (Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allow ...) + NOT-FOR-US: Rite CMS +CVE-2023-43878 (Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities t ...) + NOT-FOR-US: Rite CMS +CVE-2023-43876 (A Cross-Site Scripting (XSS) vulnerability in installation of October ...) + NOT-FOR-US: October CMS +CVE-2023-43874 (Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 ...) + NOT-FOR-US: e017 CMS +CVE-2023-43873 (A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows ...) + NOT-FOR-US: e017 CMS +CVE-2023-43872 (A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local a ...) + NOT-FOR-US: CMSmadesimple +CVE-2023-43871 (A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to ...) + NOT-FOR-US: WBCE +CVE-2023-43869 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) + NOT-FOR-US: D-Link +CVE-2023-43868 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVa ...) + NOT-FOR-US: D-Link +CVE-2023-43867 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) + NOT-FOR-US: D-Link +CVE-2023-43866 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) + NOT-FOR-US: D-Link +CVE-2023-43865 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) + NOT-FOR-US: D-Link +CVE-2023-43864 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWA ...) + NOT-FOR-US: D-Link +CVE-2023-43863 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) + NOT-FOR-US: D-Link +CVE-2023-43862 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLangu ...) + NOT-FOR-US: D-Link +CVE-2023-43861 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) + NOT-FOR-US: D-Link +CVE-2023-43860 (D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWa ...) + NOT-FOR-US: D-Link +CVE-2023-43664 (PrestaShop is an Open Source e-commerce web application. In the Presta ...) + NOT-FOR-US: PrestaShop +CVE-2023-43663 (PrestaShop is an Open Source e-commerce web application. In affected v ...) + NOT-FOR-US: PrestaShop +CVE-2023-43657 (discourse-encrypt is a plugin that provides a secure communication cha ...) + NOT-FOR-US: discourse-encrypt plugin +CVE-2023-43323 (mooSocial 3.1.8 is vulnerable to external service interaction on post ...) + NOT-FOR-US: mooSocial +CVE-2023-43226 (An arbitrary file upload vulnerability in dede/baidunews.php in DedeCM ...) + NOT-FOR-US: DedeCMS +CVE-2023-43044 (IBM License Metric Tool 9.2 could allow a remote attacker to traverse ...) + NOT-FOR-US: IBM +CVE-2023-41911 (Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 ...) + NOT-FOR-US: Samsung +CVE-2023-40375 (Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contain ...) + NOT-FOR-US: IBM +CVE-2023-40307 (An attacker with standard privileges on macOS when requesting administ ...) + NOT-FOR-US: SAP +CVE-2023-39195 + REJECTED +CVE-2023-5244 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2023-5233 (The Font Awesome Integration plugin for WordPress is vulnerable to Sto ...) + NOT-FOR-US: Font Awesome Integration plugin for WordPress +CVE-2023-5232 (The Font Awesome More Icons plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Font Awesome More Icons plugin for WordPress +CVE-2023-5230 (The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerab ...) + NOT-FOR-US: TM WooCommerce Compare & Wishlist plugin for WordPress +CVE-2023-44276 (OPNsense before 23.7.5 allows XSS via the index.php sequence parameter ...) + NOT-FOR-US: OPNsense +CVE-2023-44275 (OPNsense before 23.7.5 allows XSS via the index.php column_count param ...) + NOT-FOR-US: OPNsense +CVE-2023-44273 (Consensys gnark-crypto through 0.11.2 allows Signature Malleability. T ...) + NOT-FOR-US: Consensys gnark-crypto +CVE-2023-44080 (An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attack ...) + NOT-FOR-US: PGYER codefever +CVE-2023-43660 (Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that d ...) + NOT-FOR-US: Warpgate +CVE-2023-43656 (matrix-hookshot is a Matrix bot for connecting to external services li ...) + NOT-FOR-US: matrix-hookshot +CVE-2023-43651 (JumpServer is an open source bastion host. An authenticated user can e ...) + NOT-FOR-US: JumpServer +CVE-2023-43320 (An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, ...) + NOT-FOR-US: Proxmox +CVE-2023-43314 (The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware v ...) + NOT-FOR-US: ZYXEL +CVE-2023-43233 (A stored cross-site scripting (XSS) vulnerability in the cms/content/e ...) + NOT-FOR-US: YZNCMS +CVE-2023-43192 (SQL injection can exist in a newly created part of the SpringbootCMS 1 ...) + NOT-FOR-US: JFinalcms +CVE-2023-43191 (SpringbootCMS 1.0 foreground message can be embedded malicious code sa ...) + NOT-FOR-US: JFinalCMS +CVE-2023-42818 (JumpServer is an open source bastion host. When users enable MFA and u ...) + NOT-FOR-US: JumpServer +CVE-2023-42222 (WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebC ...) + NOT-FOR-US: WebCatalog +CVE-2023-41453 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41452 (Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1. ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41451 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41450 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41449 (An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41448 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41447 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41446 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41445 (Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 al ...) + NOT-FOR-US: phpkobo AjaxNewTicker +CVE-2023-41444 (An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attac ...) + NOT-FOR-US: Binalyze IREC.sys +CVE-2023-40026 (Argo CD is a declarative continuous deployment framework for Kubernete ...) + NOT-FOR-US: Argo CD +CVE-2023-38877 (A host header injection vulnerability exists in gugoan's Economizzer v ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-38874 (A remote code execution (RCE) vulnerability via an insecure file uploa ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-38873 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-38872 (An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Eco ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-38871 (The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-38870 (A SQL injection vulnerability exists in gugoan Economizzer commit 3730 ...) + NOT-FOR-US: gugoan's Economizzer +CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability] + - exim4 4.97~RC2-2 + [bookworm] - exim4 4.96-15+deb12u3 + [bullseye] - exim4 (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) + [buster] - exim4 (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=3033 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt +CVE-2023-42118 [Exim libspf2 Integer Underflow Remote Code Execution Vulnerability] + - libspf2 (bug #1053870) + [bookworm] - libspf2 (Revisit once upstream and ZDI status is clarfied) + [bullseye] - libspf2 (Revisit once upstream and ZDI status is clarfied) + [buster] - libspf2 (Revisit once upstream and ZDI status is clarfied) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=3032 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt + NOTE: https://lists.exim.org/lurker/message/20231004.080103.8c98192c.en.html + NOTE: Potentially same issue as: https://github.com/shevek/libspf2/issues/45 + NOTE: https://github.com/shevek/libspf2/pull/44 + NOTE: The potentially related (but unknown if exploitable) integer overflow flaw from pull/44 + NOTE: is fixed with libspf2/1.2.10-8. There have been 1. no proofs it is exploitable, and the + NOTE: finder clarifies as "ut I haven't been able to get it to do anything after that because + NOTE: another buffer fills up." and 2. that this is the same issue as CVE-2023-42118 . +CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability] + - exim4 4.97~RC2-2 + [bookworm] - exim4 4.96-15+deb12u3 + [bullseye] - exim4 (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) + [buster] - exim4 (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1471/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=3031 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt +CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability] + {DSA-5512-1 DLA-3599-1} + - exim4 4.97~RC1-2 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1470/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=3000 + NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/936e342d560e218c2aee5cb2295be925c27c2106 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt +CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability] + {DSA-5512-1} + - exim4 4.97~RC1-2 + [buster] - exim4 (External authenticator support was introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=2999 + NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/955f1203c15be96fa84b5331fa2a5cb2e556b9a9 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt +CVE-2023-42114 [Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability] + {DSA-5512-1 DLA-3599-1} + - exim4 4.97~RC1-2 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1468/ + NOTE: https://bugs.exim.org/show_bug.cgi?id=3001 + NOTE: https://git.exim.org/exim.git/log/refs/heads/exim-4.96%20security/exim.git/commit/ccf9816f54fb04ab5508eb8c7f00b08bc3531297 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 + NOTE: https://exim.org/static/doc/security/CVE-2023-zdi.txt +CVE-2023-XXXX [AV1 codec parser buffer overflow] + - gst-plugins-bad1.0 1.22.8-1 + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0011.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5823 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/890d59e97e291fe848147ebf4d5884bcec1101c9 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5 (1.22.8) +CVE-2023-44446 [MXF demuxer use-after-free] + {DSA-5565-1 DLA-3673-1} + - gst-plugins-bad1.0 1.22.7-1 (bug #1056101) + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0010.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5635 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/274551d450e443a8c71baa95e3f8d5dad212737f + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7dfaa57b6f9b55f17ffe824bd8988bb71ae11353 (1.22.7) +CVE-2023-44429 [AV1 codec parser buffer overflow] + {DSA-5565-1} + - gst-plugins-bad1.0 1.22.7-1 (bug #1056102) + [buster] - gst-plugins-bad1.0 (Vulnerable code was introduced later) + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0009.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5634 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1db83d3f745332cbda6adf954b2c53a10caa205e + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b76a801f57353b893c344025cac56413140fca6d (1.22.7) +CVE-2023-40476 [Integer overflow in H.265 video parser leading to stack overwrite] + {DSA-5533-1 DLA-3633-1} + - gst-plugins-bad1.0 1.22.7-1 (bug #1053259) + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0008.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5364 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ff91a3d8d6f7e2412c44663bf30fad5c7fdbc9d9 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fddda166222a067d0e511950a0a8cfb9f5a521b7 (1.22.6) +CVE-2023-40475 [Integer overflow leading to heap overwrite in MXF file handling with AES3 audio] + {DSA-5533-1 DLA-3633-1} + - gst-plugins-bad1.0 1.22.7-1 (bug #1053260) + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0007.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72742dee30cce7bf909639f82de119871566ce39 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1edd1c38dcc5d27e7c5649d999ee8278872a16d4 (1.22.6) +CVE-2023-40474 [Integer overflow leading to heap overwrite in MXF file handling with uncompressed video] + {DSA-5533-1 DLA-3633-1} + - gst-plugins-bad1.0 1.22.7-1 (bug #1053261) + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0006.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5362 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ce17e968e4cf900d28ca5b46f6e095febc42b4f0 + NOTE: Fixed by: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f73fc41f2ca6a0cd4e883aee64bf8e1c15ff68ce (1.22.6) +CVE-2023-5236 (A flaw was found in Infinispan, which does not detect circular object ...) + NOT-FOR-US: Infinispan +CVE-2023-5223 (A vulnerability, which was classified as critical, has been found in H ...) + NOT-FOR-US: HimitZH HOJ +CVE-2023-5222 (A vulnerability classified as critical was found in Viessmann Vitogate ...) + NOT-FOR-US: Viessmann Vitogate +CVE-2023-5221 (A vulnerability classified as critical has been found in ForU CMS. Thi ...) + NOT-FOR-US: ForU CMS +CVE-2023-5217 (Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior ...) + {DSA-5513-1 DSA-5510-1 DSA-5509-1 DSA-5508-1 DLA-3601-1 DLA-3598-1 DLA-3591-1} + - chromium 117.0.5938.132-1 + [buster] - chromium (see DSA 5046) + - firefox (unimportant) + - firefox-esr (unimportant) + - thunderbird 1:115.3.1-1 (unimportant) + - libvpx 1.12.0-1.1 (bug #1053182) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/#CVE-2023-5217 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/28/5 + NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/af6dedd715f4307669366944cca6e0417b290282 + NOTE: Fixed by (libvpx): https://github.com/webmproject/libvpx/commit/3fbd1dca6a4d2dad332a2110d646e4ffef36d590 + NOTE: https://hg.mozilla.org/mozilla-central/rev/c53f5ef77b62b79af86951a7f9130e1896b695d2 + NOTE: src:firefox, src:firefox-esr and src:thunderbird use the system libvpx starting in bookworm + NOTE: and above. For older releases still needs the fixes in src:firefox-esr and src:thunderbird. +CVE-2023-5187 (Use after free in Extensions in Google Chrome prior to 117.0.5938.132 ...) + {DSA-5508-1} + - chromium 117.0.5938.132-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5186 (Use after free in Passwords in Google Chrome prior to 117.0.5938.132 a ...) + {DSA-5508-1} + - chromium 117.0.5938.132-1 + [buster] - chromium (see DSA 5046) +CVE-2023-5184 (Two potential signed to unsigned conversion errors and buffer overflow ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4523 (Real Time Automation 460 Series products with versions prior to v8.9.8 ...) + NOT-FOR-US: Real Time Automation 460 Series products +CVE-2023-4066 (A flaw was found in Red Hat's AMQ Broker, which stores certain passwor ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2023-4129 (Dell Data Protection Central, version 19.9, contains an Inadequate Enc ...) + NOT-FOR-US: Dell +CVE-2023-4003 (One Identity Password Manager version 5.9.7.1 -An unauthenticated atta ...) + NOT-FOR-US: One Identity Password Manager +CVE-2023-2585 + NOT-FOR-US: Keycloak +CVE-2023-2422 (A flaw was found in Keycloak. A Keycloak server configured to support ...) + NOT-FOR-US: Keycloak +CVE-2023-44207 (Stored cross-site scripting (XSS) vulnerability in protection plan nam ...) + NOT-FOR-US: Acronis +CVE-2023-44206 (Sensitive information disclosure and manipulation due to improper auth ...) + NOT-FOR-US: Acronis +CVE-2023-44205 (Sensitive information disclosure due to improper authorization. The fo ...) + NOT-FOR-US: Acronis +CVE-2023-44161 (Sensitive information manipulation due to cross-site request forgery. ...) + NOT-FOR-US: Acronis +CVE-2023-44160 (Sensitive information manipulation due to cross-site request forgery. ...) + NOT-FOR-US: Acronis +CVE-2023-44159 (Sensitive information disclosure due to cleartext storage of sensitive ...) + NOT-FOR-US: Acronis +CVE-2023-44158 (Sensitive information disclosure due to insufficient token field maski ...) + NOT-FOR-US: Acronis +CVE-2023-44157 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-44156 (Sensitive information disclosure due to spell-jacking. The following p ...) + NOT-FOR-US: Acronis +CVE-2023-44155 (Sensitive information leak through log files. The following products a ...) + NOT-FOR-US: Acronis +CVE-2023-44154 (Sensitive information disclosure and manipulation due to improper auth ...) + NOT-FOR-US: Acronis +CVE-2023-44153 (Sensitive information disclosure due to cleartext storage of sensitive ...) + NOT-FOR-US: Acronis +CVE-2023-44152 (Sensitive information disclosure and manipulation due to improper auth ...) + NOT-FOR-US: Acronis +CVE-2023-44129 (The vulnerability is that the Messaging ("com.android.mms") app patche ...) + NOT-FOR-US: LG +CVE-2023-44128 (he vulnerability is to delete arbitrary files in LGInstallService ("co ...) + NOT-FOR-US: LG +CVE-2023-44127 (he vulnerability is that the Call management ("com.android.server.tele ...) + NOT-FOR-US: LG +CVE-2023-44126 (The vulnerability is that the Call management ("com.android.server.tel ...) + NOT-FOR-US: LG +CVE-2023-44125 (The vulnerability is the use of implicit PendingIntents without the Pe ...) + NOT-FOR-US: LG +CVE-2023-44124 (The vulnerability is to theft of arbitrary files with system privilege ...) + NOT-FOR-US: LG +CVE-2023-44123 (The vulnerability is the use of implicit PendingIntents with the Pendi ...) + NOT-FOR-US: LG +CVE-2023-44122 (The vulnerability is to theft of arbitrary files with system privilege ...) + NOT-FOR-US: LG +CVE-2023-44121 (The vulnerability is an intent redirection in LG ThinQ Service ("com.l ...) + NOT-FOR-US: LG +CVE-2023-44048 (Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scri ...) + NOT-FOR-US: Sourcecodester Expense Tracker App +CVE-2023-44047 (Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Inje ...) + NOT-FOR-US: Sourcecodester Toll Tax Management System +CVE-2023-44023 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44022 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44021 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44020 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44019 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44018 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44017 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44016 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44015 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44014 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-44013 (Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discover ...) + NOT-FOR-US: Tenda +CVE-2023-43830 (A Cross-site scripting (XSS) vulnerability in /panel/configuration/fin ...) + NOT-FOR-US: Subrion CMS +CVE-2023-43828 (A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Sub ...) + NOT-FOR-US: Subrion CMS +CVE-2023-43652 (JumpServer is an open source bastion host. As an unauthenticated user, ...) + NOT-FOR-US: JumpServer +CVE-2023-43650 (JumpServer is an open source bastion host. The verification code for r ...) + NOT-FOR-US: JumpServer +CVE-2023-43125 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-43124 (BIG-IP APM clients may send IP traffic outside of the VPN tunnel.Note: ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-42822 (xrdp is an open source remote desktop protocol server. Access to the f ...) + - xrdp (bug #1053284) + [bookworm] - xrdp (Minor issue) + [bullseye] - xrdp (Minor issue) + [buster] - xrdp (Minor issue) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw + NOTE: https://github.com/neutrinolabs/xrdp/commit/73acbe1f7957c65122b00de4d6f57a8d0d257c40 +CVE-2023-42657 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traver ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-42487 (Soundminer \u2013 CWE-22: Improper Limitation of a Pathname to a Restr ...) + NOT-FOR-US: Soundminer +CVE-2023-42486 (Fortect - CWE-428: Unquoted Search Path or Element, may be used by loc ...) + NOT-FOR-US: Fortect +CVE-2023-41653 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41242 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hass ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41241 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sure ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41238 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ultimate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41237 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-41236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy ad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41235 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-40333 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Int ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40049 (In WS_FTP Server version prior to 8.8.2, an unauthenticated user cou ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-40048 (In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager i ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-40047 (In WS_FTP Server version prior to 8.8.2,a stored cross-site scripting ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-40046 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-40045 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cros ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-40044 (In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticate ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-33972 (Scylladb is a NoSQL data store using the seastar framework, compatible ...) + - scylladb (bug #824509) +CVE-2023-32458 (Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack relea ...) + NOT-FOR-US: Dell +CVE-2023-XXXX [code execution via malformed XTGETTCAP] + - foot 1.15.3-2 (bug #1053115) + [bookworm] - foot 1.13.1-2+deb12u1 + [bullseye] - foot (Minor issue) + NOTE: https://codeberg.org/dnkl/foot/commit/8a5f2915e9d327d1517d1da49ce7e2303fe61d36 +CVE-2023-5183 (Unsafe deserialization of untrusted JSON allows execution of arbitrary ...) + NOT-FOR-US: Illumio +CVE-2023-4934 (Authorization Bypass Through User-Controlled Key vulnerability in Usta ...) + NOT-FOR-US: Usta" AYBS +CVE-2023-4737 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Hedef Tracking Admin Panel +CVE-2023-4423 (The WP Event Manager \u2013 Events Calendar, Registrations, Sell Ticke ...) + NOT-FOR-US: WordPress plugin +CVE-2023-44216 (PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU de ...) + NOT-FOR-US: Imagination GPUs +CVE-2023-44044 (Super Store Finder v3.6 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: Super Store Finder +CVE-2023-44043 (A reflected cross-site scripting (XSS) vulnerability in /install/index ...) + NOT-FOR-US: Black Cat CMS +CVE-2023-44042 (A stored cross-site scripting (XSS) vulnerability in /settings/index.p ...) + NOT-FOR-US: Black Cat CMS +CVE-2023-43825 (Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and ...) + NOT-FOR-US: Shihonkanri Plus +CVE-2023-43645 (OpenFGA is an authorization/permission engine built for developers and ...) + NOT-FOR-US: OpenFGA +CVE-2023-43381 (SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote a ...) + NOT-FOR-US: Tianchoy Blog +CVE-2023-43331 (A cross-site scripting (XSS) vulnerability in the Add User function of ...) + NOT-FOR-US: Small CRM +CVE-2023-43291 (Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier al ...) + NOT-FOR-US: emlog +CVE-2023-43263 (A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 al ...) + NOT-FOR-US: Froala Editor +CVE-2023-43232 (A stored cross-site scripting (XSS) vulnerability in the Website colum ...) + NOT-FOR-US: DedeBIZ +CVE-2023-43187 (A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint ...) + NOT-FOR-US: NodeBB +CVE-2023-43154 (In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loos ...) + NOT-FOR-US: Macrob7 Macs Framework Content Management System (CMS) +CVE-2023-42820 (JumpServer is an open source bastion host. This vulnerability is due t ...) + NOT-FOR-US: JumpServer +CVE-2023-42819 (JumpServer is an open source bastion host. Logged-in users can access ...) + NOT-FOR-US: JumpServer +CVE-2023-42462 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-42461 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-42453 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.93.0-1 (bug #1053283) + NOTE: https://github.com/matrix-org/synapse/pull/16327 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-7565-cq32-vx2x +CVE-2023-41996 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-41995 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-41986 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-41984 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-41981 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-41980 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-41979 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-41968 (This issue was addressed with improved validation of symlinks. This is ...) + NOT-FOR-US: Apple +CVE-2023-41888 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41878 (MeterSphere is a one-stop open source continuous testing platform, cov ...) + NOT-FOR-US: MeterSphere +CVE-2023-41335 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.93.0-1 (bug #1053283) + NOTE: https://github.com/matrix-org/synapse/pull/16272 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4f74-84v3-j9q5 +CVE-2023-41333 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-41332 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-41326 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41324 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41323 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41322 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41321 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41320 (GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asse ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-41232 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2023-41174 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-41079 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-41078 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2023-41074 (The issue was addressed with improved checks. This issue is fixed in t ...) + {DSA-5527-1} + - webkit2gtk 2.42.0-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.0-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-41073 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2023-41071 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-41070 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-41068 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2023-41067 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-41066 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2023-41065 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-41063 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40677 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40676 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jaso ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40669 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40668 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40667 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40665 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40664 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40663 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40605 (Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40604 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40541 (This issue was addressed by adding an additional prompt for user conse ...) + NOT-FOR-US: Apple +CVE-2023-40520 (The issue was addressed with improved checks. This issue is fixed in t ...) + NOT-FOR-US: Apple +CVE-2023-40456 (The issue was addressed with improved checks. This issue is fixed in t ...) + NOT-FOR-US: Apple +CVE-2023-40455 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40454 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40452 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-40451 (This issue was addressed with improved iframe sandbox enforcement. Thi ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-40450 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-40448 (The issue was addressed with improved handling of protocols. This issu ...) + NOT-FOR-US: Apple +CVE-2023-40443 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-40441 (A resource exhaustion issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2023-40436 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-40435 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40434 (A configuration issue was addressed with additional restrictions. This ...) + NOT-FOR-US: Apple +CVE-2023-40432 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40431 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40429 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2023-40428 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-40427 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-40426 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40424 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-40422 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40420 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40419 (The issue was addressed with improved checks. This issue is fixed in t ...) + NOT-FOR-US: Apple +CVE-2023-40418 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2023-40417 (A window management issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2023-40412 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40410 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-40409 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40407 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-40406 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-40403 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40402 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-40400 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-40399 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40395 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-40391 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-40388 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-40386 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-40384 (A permissions issue was addressed with improved redaction of sensitive ...) + NOT-FOR-US: Apple +CVE-2023-40330 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Pe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39434 (A use-after-free issue was addressed with improved memory management. ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-39233 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-38615 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38596 (The issue was addressed with improved handling of protocols. This issu ...) + NOT-FOR-US: Apple +CVE-2023-38586 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2023-37448 (A lock screen issue was addressed with improved state management. This ...) + NOT-FOR-US: Apple +CVE-2023-35990 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-35984 (The issue was addressed with improved checks. This issue is fixed in t ...) + NOT-FOR-US: Apple +CVE-2023-35793 (An issue was discovered in Cassia Access Controller 2.1.1.2303271039. ...) + NOT-FOR-US: Cassia Access Controller +CVE-2023-35074 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5396-1} + - webkit2gtk 2.40.0-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-35071 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: MRV Tech Logging Administration Panel +CVE-2023-32421 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-32396 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-32377 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-32361 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-2358 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server +CVE-2023-29497 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-43040 [Improperly verified POST keys] + {DLA-3629-1} + - ceph 16.2.11+ds-5 (bug #1053690) + [bookworm] - ceph (Minor issue) + [bullseye] - ceph (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/26/10 + NOTE: https://tracker.ceph.com/issues/63004 + NOTE: https://github.com/ceph/ceph/pull/53714 + NOTE: Fixed by: https://github.com/ceph/ceph/commit/100d81aa060f061271499f1fa28dbdc06de443fd (main) +CVE-2023-5197 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + - linux 6.5.6-1 + [bookworm] - linux 6.1.64-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f15f29fd4779be8a418b66e9d52979bb6d6c2325 (6.6-rc3) + NOTE: https://kernel.dance/f15f29fd4779be8a418b66e9d52979bb6d6c2325 +CVE-2023-5189 (A path traversal vulnerability exists in Ansible when extracting tarba ...) + NOT-FOR-US: Ansible Automation Hub +CVE-2023-5157 (A vulnerability was found in MariaDB. An OpenVAS port scan on ports 33 ...) + - galera-4 26.4.13-1 + [bullseye] - galera-4 (Minor issue; can be fixed via point release) + - galera-3 (vulnerable code not backported to galera-3) + NOTE: https://jira.mariadb.org/browse/MDEV-25068 + NOTE: Introduced by: https://github.com/codership/galera/commit/c27596d06a221f6c14d36759c681149964008749 (26.4.8) + NOTE: Fixed by: https://github.com/codership/galera/commit/930c016108d7086b472ad7a8b9d0f6989202b48a (26.4.12) +CVE-2023-5115 (An absolute path traversal attack exists in the Ansible automation pla ...) + - ansible-core 2.14.11-1 (bug #1053693) + [bookworm] - ansible-core (Minor issue) + [bullseye] - ansible-core (Minor issue) + - ansible 5.4.0-1 + [bullseye] - ansible (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2233810 + NOTE: https://github.com/ansible/ansible/pull/81780 + NOTE: https://github.com/ansible/ansible/commit/ddf0311c63287e2d5334770377350c1e0cbfff28 + NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid +CVE-2023-4264 (Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsy ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4262 (Possible buffer overflow in Zephyr mgmt subsystem when asserts are dis ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4261 + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4260 (Potential off-by-one buffer overflow vulnerability in the Zephyr fuse ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4065 (A flaw was found in Red Hat AMQ Broker Operator, where it displayed a ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2023-44172 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) + NOT-FOR-US: SeaCMS +CVE-2023-44171 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) + NOT-FOR-US: SeaCMS +CVE-2023-44170 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) + NOT-FOR-US: SeaCMS +CVE-2023-44169 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) + NOT-FOR-US: SeaCMS +CVE-2023-43857 (Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-43856 (Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vu ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-43775 (Denial-of-service vulnerability in the web server of the Eaton SMP Gat ...) + NOT-FOR-US: Eaton +CVE-2023-43646 (get-func-name is a module to retrieve a function's name securely and c ...) + - node-get-func-name (bug #1053262) + [bookworm] - node-get-func-name (Minor issue) + [bullseye] - node-get-func-name (Minor issue) + [buster] - node-get-func-name (Minor issue, ReDoS) + NOTE: https://github.com/chaijs/get-func-name/security/advisories/GHSA-4q6p-r6v2-jvc5 + NOTE: https://github.com/chaijs/get-func-name/commit/f934b228b5e2cb94d6c8576d3aac05493f667c69 (v2.0.1) +CVE-2023-43614 (Cross-site scripting vulnerability in Order Data Edit page of Welcart ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-43610 (SQL injection vulnerability in Order Data Edit page of Welcart e-Comme ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-43493 (SQL injection vulnerability in Item List page of Welcart e-Commerce ve ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-43484 (Cross-site scripting vulnerability in Item List page of Welcart e-Comm ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-43234 (DedeBIZ v6.2.11 was discovered to contain multiple remote code executi ...) + NOT-FOR-US: DedeBIZ +CVE-2023-43222 (SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g ...) + NOT-FOR-US: SeaCMS +CVE-2023-43216 (SeaCMS V12.9 was discovered to contain an arbitrary file write vulnera ...) + NOT-FOR-US: SeaCMS +CVE-2023-42460 (Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_dec ...) + NOT-FOR-US: Vyper +CVE-2023-41962 (Cross-site scripting vulnerability in Credit Card Payment Setup page o ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-41904 (Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for Au ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-41233 (Cross-site scripting vulnerability in Item List page registration proc ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-40532 (Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8 ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-40219 (Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or ...) + NOT-FOR-US: Welcart e-Commerce +CVE-2023-39378 (SiberianCMS - CWE-89: Improper Neutralization of Special Elements used ...) + NOT-FOR-US: SiberianCMS +CVE-2023-39377 (SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type ...) + NOT-FOR-US: SiberianCMS +CVE-2023-39376 (SiberianCMS - CWE-284 Improper Access Control Authorized user may disa ...) + NOT-FOR-US: SiberianCMS +CVE-2023-39375 (SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges) + NOT-FOR-US: SiberianCMS +CVE-2023-39347 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-34043 (VMware Aria Operations contains a local privilege escalation vulnerabi ...) + NOT-FOR-US: VMware +CVE-2023-32541 (A use-after-free vulnerability exists in the footerr functionality of ...) + NOT-FOR-US: Hancom Office 2020 HWord +CVE-2023-5176 (Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thun ...) + {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} + - firefox 118.0-1 + - firefox-esr 115.3.0esr-1 + - thunderbird 1:115.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5176 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5176 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5176 +CVE-2023-5175 (During process shutdown, it was possible that an `ImageBitmap` was cre ...) + - firefox 118.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5175 +CVE-2023-5174 (If Windows failed to duplicate a handle during process creation, the s ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5174 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5174 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5174 +CVE-2023-5173 (In a non-standard configuration of Firefox, an integer overflow could ...) + - firefox 118.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5173 +CVE-2023-5172 (A hashtable in the Ion Engine could have been mutated while there was ...) + - firefox 118.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5172 +CVE-2023-5171 (During Ion compilation, a Garbage Collection could have resulted in a ...) + {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} + - firefox 118.0-1 + - firefox-esr 115.3.0esr-1 + - thunderbird 1:115.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5171 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5171 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5171 +CVE-2023-5170 (In canvas rendering, a compromised content process could have caused a ...) + - firefox 118.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5170 +CVE-2023-5169 (A compromised content process could have provided malicious data in a ...) + {DSA-5513-1 DSA-5506-1 DLA-3601-1 DLA-3587-1} + - firefox 118.0-1 + - firefox-esr 115.3.0esr-1 + - thunderbird 1:115.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5169 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5169 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5169 +CVE-2023-5168 (A compromised content process could have provided malicious data to `F ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-41/#CVE-2023-5168 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-42/#CVE-2023-5168 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-43/#CVE-2023-5168 +CVE-2023-5192 (Excessive Data Query Operations in a Large Data Table in GitHub reposi ...) + NOT-FOR-US: Pimcore +CVE-2023-5162 (The Options for Twenty Seventeen plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Options for Twenty Seventeen plugin for WordPress +CVE-2023-5161 (The Modal Window plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Modal Window plugin for WordPress +CVE-2023-5135 (The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Simple Cloudflare Turnstile plugin for WordPress +CVE-2023-5129 + REJECTED +CVE-2023-4565 (Broadcast permission control vulnerability in the framework module. Su ...) + NOT-FOR-US: Huawei +CVE-2023-4506 (The Active Directory Integration / LDAP Integration plugin for WordPre ...) + NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress +CVE-2023-4505 (The Staff / Employee Business Directory for Active Directory plugin fo ...) + NOT-FOR-US: Staff / Employee Business Directory for Active Directory plugin for WordPress +CVE-2023-4259 (Two potential buffer overflow vulnerabilities at the following locatio ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4258 (In Bluetooth mesh implementation If provisionee has a public key that ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-43457 (An issue in Service Provider Management System v.1.0 allows a remote a ...) + NOT-FOR-US: Service Provider Management System +CVE-2023-43326 (A reflected cross-site scripting (XSS) vulnerability exisits in multip ...) + NOT-FOR-US: mooSocial +CVE-2023-43325 (A reflected cross-site scripting (XSS) vulnerability in the data[redir ...) + NOT-FOR-US: mooSocial +CVE-2023-43278 (A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up ...) + NOT-FOR-US: Seacms +CVE-2023-43132 (szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remo ...) + NOT-FOR-US: szvone vmqphp +CVE-2023-42426 (Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1 ...) + NOT-FOR-US: Froala Froala Editor +CVE-2023-41861 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41860 (Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41312 (Permission control vulnerability in the audio module. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2023-41311 (Permission control vulnerability in the audio module. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2023-41310 (Keep-alive vulnerability in the sticky broadcast mechanism. Successful ...) + NOT-FOR-US: Huawei +CVE-2023-41309 (Permission control vulnerability in the MediaPlaybackController module ...) + NOT-FOR-US: Huawei +CVE-2023-41308 (Screenshot vulnerability in the input module. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2023-41307 (Memory overwriting vulnerability in the security module. Successful ex ...) + NOT-FOR-US: Huawei +CVE-2023-41306 (Vulnerability of mutex management in the bone voice ID trusted applica ...) + NOT-FOR-US: Huawei +CVE-2023-41305 (Vulnerability of 5G messages being sent without being encrypted in a V ...) + NOT-FOR-US: Huawei +CVE-2023-3767 (An OS command injection vulnerability has been found on EasyPHP Webse ...) + NOT-FOR-US: EasyPHP Webserver +CVE-2023-38907 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...) + NOT-FOR-US: TP-Link +CVE-2022-48606 (Stability-related vulnerability in the binder background management an ...) + NOT-FOR-US: Huawei +CVE-2023-5166 (Docker Desktop before 4.23.0 allows Access Token theft via a crafted e ...) + NOT-FOR-US: Docker Desktop +CVE-2023-5165 (Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enh ...) + NOT-FOR-US: Docker Desktop +CVE-2023-5158 (A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in t ...) + - linux 6.5.8-1 + [bookworm] - linux 6.1.64-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/virtualization/20230925103057.104541-1-sgarzare@redhat.com/T/#u +CVE-2023-5156 (A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 ...) + - glibc 2.37-11 (bug #1053002) + [bookworm] - glibc (Fix for CVE-2023-4806 not applied alone in released version) + [bullseye] - glibc (Fix for CVE-2023-4806 not applied alone in released version) + [buster] - glibc (Fix for CVE-2023-4806 not applied alone in released version) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2240541 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30884 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 + NOTE: https://sourceware.org/pipermail/libc-alpha/2023-September/151691.html +CVE-2023-4892 (Teedy v1.11 has a vulnerability in its text editor that allows events ...) + NOT-FOR-US: Teedy +CVE-2023-4631 (The DoLogin Security WordPress plugin before 3.7 uses headers such as ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4549 (The DoLogin Security WordPress plugin before 3.7 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4521 (The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4502 (The Translate WordPress with GTranslate WordPress plugin before 3.0.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4490 (The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4476 (The Locatoraid Store Locator WordPress plugin before 3.9.24 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4300 (The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not fi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4281 (This Activity Log WordPress plugin before 2.8.8 retrieves client IP ad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4238 (The Prevent files / folders access WordPress plugin before 2.5.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4148 (The Ditty WordPress plugin before 3.1.25 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-43644 (Sing-box is an open source proxy system. Affected versions are subject ...) + NOT-FOR-US: sing-box +CVE-2023-43642 (snappy-java is a Java port of the snappy, a fast C++ compresser/decomp ...) + - snappy-java 1.1.10.5-1 (bug #1053474) + [bookworm] - snappy-java (Minor issue) + [bullseye] - snappy-java (Minor issue) + [buster] - snappy-java (Minor issue) + NOTE: https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5 (v1.1.10.4) + NOTE: https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv +CVE-2023-43458 (Cross Site Scripting (XSS) vulnerability in Resort Reservation System ...) + NOT-FOR-US: Resort Reservation System +CVE-2023-43456 (Cross Site Scripting vulnerability in Service Provider Management Syst ...) + NOT-FOR-US: Service Provider Management System +CVE-2023-43382 (Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allo ...) + NOT-FOR-US: itechyou dreamer CMS +CVE-2023-43339 (Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 all ...) + NOT-FOR-US: cmsmadesimple +CVE-2023-43319 (Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWar ...) + NOT-FOR-US: IceWarp WebClient +CVE-2023-43256 (A path traversal in Gladys Assistant v4.26.1 and below allows authenti ...) + NOT-FOR-US: Gladys Assistant +CVE-2023-43141 (TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulner ...) + NOT-FOR-US: TOTOLINK +CVE-2023-43131 (General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow.) + NOT-FOR-US: General Device Manager +CVE-2023-42817 (Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The ...) + NOT-FOR-US: Pimcore +CVE-2023-41871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Mak ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Rata ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41867 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMaili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41863 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41419 (An issue in Gevent before version 23.9.0 allows a remote attacker to e ...) + NOT-FOR-US: Gevent Gevent +CVE-2023-41303 (Command injection vulnerability in the distributed file system module. ...) + NOT-FOR-US: Huawei +CVE-2023-41302 (Redirection permission verification vulnerability in the home screen m ...) + NOT-FOR-US: Huawei +CVE-2023-41301 (Vulnerability of unauthorized API access in the PMS module. Successful ...) + NOT-FOR-US: Huawei +CVE-2023-41300 (Vulnerability of parameters not being strictly verified in the PMS mod ...) + NOT-FOR-US: Huawei +CVE-2023-41299 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) + NOT-FOR-US: Huawei +CVE-2023-41298 (Vulnerability of permission control in the window module. Successful e ...) + NOT-FOR-US: Huawei +CVE-2023-41297 (Vulnerability of defects introduced in the design process in the Hivie ...) + NOT-FOR-US: Huawei +CVE-2023-41296 (Vulnerability of missing authorization in the kernel module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-41295 (Vulnerability of improper permission management in the displayengine m ...) + NOT-FOR-US: Huawei +CVE-2023-41294 (The DP module has a service hijacking vulnerability.Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2023-41293 (Data security classification vulnerability in the DDMP module. Success ...) + NOT-FOR-US: Huawei +CVE-2023-40163 (An out-of-bounds write vulnerability exists in the allocate_buffer_for ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-3664 (The FileOrganizer WordPress plugin through 1.0.2 does not restrict fun ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3550 (Mediawiki v1.40.0 does not validate namespaces used in XML files. The ...) + {DSA-5520-1 DLA-3671-1} + - mediawiki 1:1.39.5-1 + NOTE: https://phabricator.wikimedia.org/T341565 +CVE-2023-3547 (The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3226 (The Popup Builder WordPress plugin before 4.2.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39640 (UpLight cookiebanner before 1.5.1 was discovered to contain a SQL inje ...) + NOT-FOR-US: UpLight cookiebanner +CVE-2023-39453 (A use-after-free vulnerability exists in the tif_parse_sub_IFD functio ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-39409 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) + NOT-FOR-US: Huawei +CVE-2023-39408 (DoS vulnerability in the PMS module. Successful exploitation of this v ...) + NOT-FOR-US: Huawei +CVE-2023-39407 (The Watchkit has a risk of unauthorized file access.Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2023-35002 (A heap-based buffer overflow vulnerability exists in the pictwread fun ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-32653 (An out-of-bounds write vulnerability exists in the dcm_pixel_data_deco ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-32614 (A heap-based buffer overflow vulnerability exists in the create_png_ob ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-32284 (An out-of-bounds write vulnerability exists in the tiff_planar_adobe f ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2022-48605 (Input verification vulnerability in the fingerprint module. Successful ...) + NOT-FOR-US: Huawei +CVE-2023-42756 (A flaw was found in the Netfilter subsystem of the Linux kernel. A rac ...) + {DLA-3623-1} + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/27/2 + NOTE: https://git.kernel.org/linus/7433b6d2afd512d04398c73aa984d1e285be125b (6.6-rc3) +CVE-2023-42755 (A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) clas ...) + {DLA-3623-1} + - linux 6.3.7-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://lore.kernel.org/all/CADW8OBtkAf+nGokhD9zCFcmiebL1SM8bJp_oo=pE02BknG9qnQ@mail.gmail.com/ + NOTE: https://git.kernel.org/linus/265b4da82dbf5df04bee5a5d46b7474b1aaf326a (6.3-rc1) +CVE-2023-40581 (yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp ...) + - yt-dlp (Windows-specific) + NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-42h4-v29r-42qg +CVE-2023-5154 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) + NOT-FOR-US: D-Link +CVE-2023-5153 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: D-Link +CVE-2023-5152 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: D-Link +CVE-2023-5151 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: D-Link +CVE-2023-5150 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: D-Link +CVE-2023-5149 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + NOT-FOR-US: D-Link +CVE-2023-5148 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + NOT-FOR-US: D-Link +CVE-2023-5147 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + NOT-FOR-US: D-Link +CVE-2023-5146 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DA ...) + NOT-FOR-US: D-Link +CVE-2023-5145 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Li ...) + NOT-FOR-US: D-Link +CVE-2023-5144 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: D-Link +CVE-2023-5143 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: D-Link +CVE-2023-5142 (A vulnerability classified as problematic was found in H3C GR-1100-P, ...) + NOT-FOR-US: H3C +CVE-2023-41949 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41948 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41874 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche So ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41872 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5134 (The Easy Registration Forms for WordPress is vulnerable to Information ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5125 (The Contact Form by FormGet plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Contact Form by FormGet plugin for WordPress +CVE-2023-43470 (SQL injection vulnerability in janobe Online Voting System v.1.0 allow ...) + NOT-FOR-US: janobe Online Voting System +CVE-2023-43469 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) + NOT-FOR-US: janobe Online Job Portal +CVE-2023-43468 (SQL injection vulnerability in janobe Online Job Portal v.2020 allows ...) + NOT-FOR-US: janobe Online Job Portal +CVE-2023-43338 (Cesanta mjs v2.20.0 was discovered to contain a function pointer hijac ...) + NOT-FOR-US: Cesanta mjs +CVE-2023-43130 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) + NOT-FOR-US: D-Link +CVE-2023-43129 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) + NOT-FOR-US: D-Link +CVE-2023-43640 (TaxonWorks is a web-based workbench designed for taxonomists and biodi ...) + NOT-FOR-US: TaxonWorks +CVE-2023-43270 (dst-admin v1.5.0 was discovered to contain a remote command execution ...) + NOT-FOR-US: dst-admin +CVE-2023-43144 (Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQ ...) + NOT-FOR-US: Projectworldsl Assets-management-system-in-php +CVE-2023-42821 (The package `github.com/gomarkdown/markdown` is a Go library for parsi ...) + - golang-github-gomarkdown-markdown + [bookworm] - golang-github-gomarkdown-markdown (Minor issue) + NOTE: https://github.com/gomarkdown/markdown/commit/14b16010c2ee7ff33a940a541d993bd043a88940 + NOTE: https://github.com/gomarkdown/markdown/security/advisories/GHSA-m9xq-6h2j-65r2 +CVE-2023-42812 (Galaxy is an open-source platform for FAIR data analysis. Prior to ver ...) + NOT-FOR-US: Galaxy +CVE-2023-42811 (aes-gcm is a pure Rust implementation of the AES-GCM. Starting in vers ...) + NOT-FOR-US: Rust crate aes-gcm +CVE-2023-42798 (AutomataCI is a template git repository equipped with a native built-i ...) + NOT-FOR-US: AutomataCI +CVE-2023-41031 (Command injection inhomemng.htminJuplink RX4-1500 versions V1.0.2,V1.0 ...) + NOT-FOR-US: Juplink RX4-1500 +CVE-2023-41029 (Command injection vulnerability in thehomemng.htm endpointinJuplink RX ...) + NOT-FOR-US: Juplink RX4-1500 +CVE-2023-41027 (Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplin ...) + NOT-FOR-US: Juplink RX4-1500 +CVE-2023-40989 (SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that a ...) + NOT-FOR-US: jeecgboot jeecg-boot +CVE-2023-38346 (An issue was discovered in Wind River VxWorks 6.9 and 7. The function ...) + NOT-FOR-US: Wind River VxWorks +CVE-2023-5068 (Delta Electronics DIAScreen may write past the end of an allocated bu ...) + NOT-FOR-US: Delta Electronics +CVE-2023-4774 (The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerabl ...) + NOT-FOR-US: WP-Matomo Integration (WP-Piwik) plugin for WordPress +CVE-2023-4716 (The Media Library Assistant plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Media Library Assistant plugin for WordPress +CVE-2023-43784 (Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are ...) + NOT-FOR-US: Plesk Onyx +CVE-2023-43783 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasi ...) + NOT-FOR-US: Cadence +CVE-2023-43782 (Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop- ...) + NOT-FOR-US: Cadence +CVE-2023-43771 (In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets rec ...) + NOT-FOR-US: nqptp +CVE-2023-43767 (Certain WithSecure products allow Denial of Service via the aepack arc ...) + NOT-FOR-US: WithSecure +CVE-2023-43766 (Certain WithSecure products allow Local privilege escalation via the l ...) + NOT-FOR-US: WithSecure +CVE-2023-43765 (Certain WithSecure products allow Denial of Service in the aeelf compo ...) + NOT-FOR-US: WithSecure +CVE-2023-43764 + REJECTED +CVE-2023-43763 (Certain WithSecure products allow XSS via an unvalidated parameter in ...) + NOT-FOR-US: WithSecure +CVE-2023-43762 (Certain WithSecure products allow Unauthenticated Remote Code Executio ...) + NOT-FOR-US: WithSecure +CVE-2023-43761 (Certain WithSecure products allow Denial of Service (infinite loop). T ...) + NOT-FOR-US: WithSecure +CVE-2023-43760 (Certain WithSecure products allow Denial of Service via a fuzzed PE32 ...) + NOT-FOR-US: WithSecure +CVE-2023-43128 (D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulner ...) + NOT-FOR-US: D-Link +CVE-2023-42261 (Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insec ...) + NOT-FOR-US: Mobile Security Framework (MobSF) +CVE-2023-41616 (A reflected cross-site scripting (XSS) vulnerability in the Search Stu ...) + NOT-FOR-US: Student Management System +CVE-2023-41614 (A stored cross-site scripting (XSS) vulnerability in the Add Animal De ...) + NOT-FOR-US: Zoo Management System +CVE-2023-38344 (An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A ...) + NOT-FOR-US: Ivanti +CVE-2023-38343 (An XXE (XML external entity injection) vulnerability exists in the CSE ...) + NOT-FOR-US: Ivanti +CVE-2023-31719 (FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.) + NOT-FOR-US: FUXA +CVE-2023-31718 (FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.) + NOT-FOR-US: FUXA +CVE-2023-31717 (A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confid ...) + NOT-FOR-US: FUXA +CVE-2023-31716 (FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa. ...) + NOT-FOR-US: FUXA +CVE-2023-5002 (A flaw was found in pgAdmin. This issue occurs when the pgAdmin server ...) + - pgadmin4 (bug #834129) +CVE-2023-3629 (A flaw was found in Infinispan's REST, Cache retrieval endpoints do no ...) + NOT-FOR-US: Infinispan +CVE-2023-3628 (A flaw was found in Infinispan's REST. Bulk read endpoints do not prop ...) + NOT-FOR-US: Infinispan +CVE-2023-5104 (Improper Input Validation in GitHub repository nocodb/nocodb prior to ...) + NOT-FOR-US: nocodb +CVE-2023-4753 (OpenHarmony v3.2.1 and prior version has a system call function usage ...) + NOT-FOR-US: OpenHarmony +CVE-2023-43637 (Due to the implementation of "deriveVaultKey", prior to version 7.10, ...) + NOT-FOR-US: EVE OS +CVE-2023-43634 (When sealing/unsealing the \u201cvault\u201d key, a list of PCRs is us ...) + NOT-FOR-US: EVE OS +CVE-2023-43633 (On boot, the Pillar eve container checks for the existence and content ...) + NOT-FOR-US: EVE OS +CVE-2023-43632 (As noted in the \u201cVTPM.md\u201d file in the eve documentation, \u2 ...) + NOT-FOR-US: EVE OS +CVE-2023-43631 (On boot, the Pillar eve container checks for the existence and content ...) + NOT-FOR-US: EVE OS +CVE-2023-43309 (There is a stored cross-site scripting (XSS) vulnerability in Webmin 2 ...) + - webmin +CVE-2023-43274 (Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via th ...) + NOT-FOR-US: Phpjabbers +CVE-2023-43242 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43241 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...) + NOT-FOR-US: D-Link +CVE-2023-43240 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43239 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43238 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43237 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43236 (D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2023-43235 (D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow v ...) + NOT-FOR-US: D-Link +CVE-2023-42810 (systeminformation is a System Information Library for Node.JS. Version ...) + NOT-FOR-US: Node systeminformation +CVE-2023-42807 (Frappe LMS is an open source learning management system. In versions 1 ...) + NOT-FOR-US: Frappe Framework +CVE-2023-42806 (Hydra is the layer-two scalability solution for Cardano. Prior to vers ...) + NOT-FOR-US: Hydra +CVE-2023-42805 (quinn-proto is a state machine for the QUIC transport protocol. Prior ...) + - rust-quinn-proto 0.10.5-2 (bug #1052546) + [bookworm] - rust-quinn-proto (Minor issue) + NOTE: https://github.com/quinn-rs/quinn/pull/1667 + NOTE: https://github.com/quinn-rs/quinn/pull/1668 + NOTE: https://github.com/quinn-rs/quinn/pull/1669 + NOTE: https://github.com/quinn-rs/quinn/security/advisories/GHSA-q8wc-j5m9-27w3 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0063.html +CVE-2023-42482 (Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.) + NOT-FOR-US: Samsung +CVE-2023-42458 (Zope is an open-source web application server. Prior to versions 4.8.1 ...) + NOT-FOR-US: Zope +CVE-2023-42457 (plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELE ...) + NOT-FOR-US: plone.rest +CVE-2023-42456 (Sudo-rs, a memory safe implementation of sudo and su, allows users to ...) + - rust-sudo-rs (Fixed with first upload to Debian in unstable) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0069.html + NOTE: https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354 + NOTE: https://github.com/memorysafety/sudo-rs/commit/bfdbda22968e3de43fa8246cab1681cfd5d5493d (v0.2.1) + NOTE: https://www.openwall.com/lists/oss-security/2023/11/02/1 + NOTE: https://ferrous-systems.com/blog/sudo-rs-audit/ +CVE-2023-42280 (mee-admin 1.5 is vulnerable to Directory Traversal. The download metho ...) + NOT-FOR-US: mee-admin +CVE-2023-42279 (Dreamer CMS 4.1.3 is vulnerable to SQL Injection.) + NOT-FOR-US: Dreamer CMS +CVE-2023-41993 (The issue was addressed with improved checks. This issue is fixed in S ...) + {DSA-5527-1} + - webkit2gtk 2.42.1-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.1-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-41992 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-41991 (A certificate validation issue was addressed. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-41048 (plone.namedfile allows users to handle `File` and `Image` fields targe ...) + NOT-FOR-US: plone.namedfile +CVE-2023-40183 (DataEase is an open source data visualization and analysis tool. Prior ...) + NOT-FOR-US: DataEase +CVE-2023-34577 (SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and ...) + NOT-FOR-US: Prestashop opartplannedpopup +CVE-2023-34576 (SQL injection vulnerability in updatepos.php in PrestaShop opartfaq th ...) + NOT-FOR-US: PrestaShop opartfaq +CVE-2023-4760 (In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote ...) + NOT-FOR-US: Eclipse RAP +CVE-2023-4292 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) + NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi +CVE-2023-4291 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) + NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi +CVE-2023-4152 (Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all pre ...) + NOT-FOR-US: Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi +CVE-2023-43669 (The Tungstenite crate before 0.20.1 for Rust allows remote attackers t ...) + - rust-tungstenite 0.20.1-1 (bug #1052415) + NOTE: https://github.com/snapview/tungstenite-rs/issues/376 + NOTE: https://github.com/snapview/tungstenite-rs/commit/f916b332a97f78f4d54d942b9e008a1af57ff938 (v0.20.1) + NOTE: https://github.com/snapview/tungstenite-rs/commit/2e5029284b8bef3e59df0c9d3920c0ed6c7da7a9 (v0.20.1) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0065.html + NOTE: https://github.com/advisories/GHSA-9mcr-873m-xcxp +CVE-2023-43135 (There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2 ...) + NOT-FOR-US: TP-LINK +CVE-2023-42322 (Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a r ...) + NOT-FOR-US: icmsdev iCMS +CVE-2023-42321 (Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.1 ...) + NOT-FOR-US: icmsdev iCMS +CVE-2023-39677 (MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop ...) + NOT-FOR-US: MyPrestaModules Prestashop Module +CVE-2023-39675 (SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain ...) + NOT-FOR-US: Prestashop Module +CVE-2023-39252 (Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic al ...) + NOT-FOR-US: Dell +CVE-2023-38876 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...) + NOT-FOR-US: msaad1999's PHP-Login-System +CVE-2023-38875 (A reflected cross-site scripting (XSS) vulnerability in msaad1999's PH ...) + NOT-FOR-US: msaad1999's PHP-Login-System +CVE-2023-37279 (Faktory is a language-agnostic persistent background job server. Prior ...) + NOT-FOR-US: Faktory +CVE-2023-36234 (Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attac ...) + - netbox (bug #1017079) +CVE-2023-36109 (Buffer Overflow vulnerability in JerryScript version 3.0, allows remot ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5080 +CVE-2023-34575 (SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 ...) + NOT-FOR-US: PrestaShop opartsavecart +CVE-2023-5084 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) + NOT-FOR-US: Hestia Control Panel +CVE-2023-5074 (Use of a static key to protect a JWT token used in user authentication ...) + NOT-FOR-US: D-Link +CVE-2023-5042 (Sensitive information disclosure due to insecure folder permissions. T ...) + NOT-FOR-US: Acronis +CVE-2023-43636 (In EVE OS, the \u201cmeasured boot\u201d mechanism prevents a compromi ...) + NOT-FOR-US: EVE OS +CVE-2023-43635 (Vault Key Sealed With SHA1 PCRs The measured boot solution imple ...) + NOT-FOR-US: EVE OS +CVE-2023-43630 (PCR14 is not in the list of PCRs that seal/unseal the \u201cvault\u201 ...) + NOT-FOR-US: EVE OS +CVE-2023-43502 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-43501 (A missing permission check in Jenkins Build Failure Analyzer Plugin 2. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-43500 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build Fai ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-43499 (Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-43498 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) + - jenkins +CVE-2023-43497 (In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file ...) + - jenkins +CVE-2023-43496 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary ...) + - jenkins +CVE-2023-43495 (Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the ...) + - jenkins +CVE-2023-43494 (Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414. ...) + - jenkins +CVE-2023-43478 (fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), fi ...) + NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware +CVE-2023-43477 (The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra ...) + NOT-FOR-US: Telstra Smart Modem Gen 2 (Arcadyan LH1000) firmware +CVE-2023-43377 (A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_c ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43376 (A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43375 (Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vul ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43374 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43373 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43371 (Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + - hoteldruid 3.0.6-1 (bug #1052572) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2023-43207 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + NOT-FOR-US: D-Link +CVE-2023-43206 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + NOT-FOR-US: D-Link +CVE-2023-43204 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + NOT-FOR-US: D-Link +CVE-2023-43203 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack ov ...) + NOT-FOR-US: D-Link +CVE-2023-43202 (D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command ...) + NOT-FOR-US: D-Link +CVE-2023-43201 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + NOT-FOR-US: D-Link +CVE-2023-43200 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + NOT-FOR-US: D-Link +CVE-2023-43199 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + NOT-FOR-US: D-Link +CVE-2023-43198 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + NOT-FOR-US: D-Link +CVE-2023-43197 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a st ...) + NOT-FOR-US: D-Link +CVE-2023-43196 (D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack ove ...) + NOT-FOR-US: D-Link +CVE-2023-43138 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) + NOT-FOR-US: TP-Link +CVE-2023-43137 (TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command inje ...) + NOT-FOR-US: TP-Link +CVE-2023-43134 (There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3 ...) + NOT-FOR-US: Netis +CVE-2023-42660 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-42656 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-42335 (Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and f ...) + NOT-FOR-US: Fl3xx Dispatch +CVE-2023-42334 (An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3x ...) + NOT-FOR-US: Fl3xx Dispatch +CVE-2023-42331 (A file upload vulnerability in EliteCMS v1.01 allows a remote attacker ...) + NOT-FOR-US: EliteCMS +CVE-2023-42147 (An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sens ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-41902 (An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2. ...) + NOT-FOR-US: CoreCode MacUpdater +CVE-2023-41484 (An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain s ...) + NOT-FOR-US: imgcat +CVE-2023-41375 (Use after free vulnerability exists in Kostac PLC Programming Software ...) + NOT-FOR-US: KostacKostac PLC Programming Software +CVE-2023-41374 (Double free issue exists in Kostac PLC Programming Software Version 1. ...) + NOT-FOR-US: Kostac PLC Programming Software +CVE-2023-40930 (Skyworth 3.0 OS is vulnerable to Directory Traversal.) + NOT-FOR-US: Skyworth +CVE-2023-40619 (phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untr ...) + {DLA-3644-1} + - phppgadmin (bug #1053004) + NOTE: https://github.com/phppgadmin/phppgadmin/issues/174 + NOTE: https://github.com/hestiacp/phppgadmin/pull/4 +CVE-2023-40618 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...) + NOT-FOR-US: OpenKnowledgeMaps Head Start +CVE-2023-40368 (IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged ...) + NOT-FOR-US: IBM +CVE-2023-40043 (In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8) ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-39052 (An information leak in Earthgarden_waiting 13.6.1 allows attackers to ...) + NOT-FOR-US: Earthgarden_waiting +CVE-2023-39045 (An information leak in kokoroe_members card Line 13.6.1 allows attacke ...) + NOT-FOR-US: kokoroe_members card Line +CVE-2023-39044 (An information leak in ajino-Shiretoko Line v13.6.1 allows attackers t ...) + NOT-FOR-US: ajino-Shiretoko Line +CVE-2023-39041 (An information leak in KUKURUDELI Line v13.6.1 allows attackers to obt ...) + NOT-FOR-US: KUKURUDELI Line +CVE-2023-38718 (IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose ...) + NOT-FOR-US: IBM +CVE-2023-37410 (IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a loc ...) + NOT-FOR-US: IBM +CVE-2023-34047 (A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 a ...) + NOT-FOR-US: Spring for GraphQL +CVE-2023-2508 (The `PaperCutNG Mobility Print` version 1.0.3512 application allows an ...) + NOT-FOR-US: PaperCutNG +CVE-2023-4504 (Due to failure in validating the length provided by an attacker-crafte ...) + {DLA-3594-1} + - cups 2.4.2-6 + [bookworm] - cups 2.4.2-3+deb12u2 + [bullseye] - cups 2.3.3op2-3+deb11u4 + - libppd (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/20/3 + NOTE: https://takeonme.org/cves/CVE-2023-4504.html + NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/2431caddb7e6a87f04ac90b5c6366ad268b6ff31 (v2.4.7) + NOTE: Introduced after: https://github.com/OpenPrinting/libppd/commit/fae71641faa2d778e79245b788a90c0cd5d2cb4b (2.0b1) + NOTE: Fixed by: https://github.com/OpenPrinting/libppd/commit/262c909ac5b8676d1c221584c5a760e5e83fae66 +CVE-2023-4236 (A flaw in the networking code handling DNS-over-TLS queries may cause ...) + - bind9 1:9.19.17-1 (bug #1052417) + [bookworm] - bind9 1:9.18.19-1~deb12u1 + [bullseye] - bind9 (Vulnerable code introduced later) + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2023-4236 + NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/18efa454a98759bf4f3ca806d9a6ef881ff9648d (v9.18.19) +CVE-2023-3341 (The code that processes control channel messages sent to `named` calls ...) + {DSA-5504-1} + - bind9 1:9.19.17-1 (bug #1052416) + NOTE: https://kb.isc.org/docs/cve-2023-3341 + NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/432a49a7b089da6340e56d402034a586bc69f80e (v9.18.19) + NOTE: https://gitlab.isc.org/isc-projects/bind9/-/commit/c4fac5ca98efd02fbaef43601627c7a3a09f5a71 (v9.16.44) +CVE-2023-5063 (The Widget Responsive for Youtube plugin for WordPress is vulnerable t ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5062 (The WordPress Charts plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4088 (Incorrect Default Permissions vulnerability due to incomplete fix to a ...) + NOT-FOR-US: Mitsubishi +CVE-2023-43621 (An issue was discovered in Croc through 9.6.5. The shared secret, loca ...) + - croc (bug #1017956) +CVE-2023-43620 (An issue was discovered in Croc through 9.6.5. A sender may place ANSI ...) + - croc (bug #1017956) +CVE-2023-43619 (An issue was discovered in Croc through 9.6.5. A sender may send dange ...) + - croc (bug #1017956) +CVE-2023-43618 (An issue was discovered in Croc through 9.6.5. The protocol requires a ...) + - croc (bug #1017956) +CVE-2023-43617 (An issue was discovered in Croc through 9.6.5. When a custom shared se ...) + - croc (bug #1017956) +CVE-2023-43616 (An issue was discovered in Croc through 9.6.5. A sender can cause a re ...) + - croc (bug #1017956) +CVE-2023-40934 (A SQL injection vulnerability in Nagios XI 5.11.1 and below allows aut ...) + NOT-FOR-US: Nagios XI +CVE-2023-40933 (A SQL injection vulnerability in Nagios XI v5.11.1 and below allows au ...) + NOT-FOR-US: Nagios XI +CVE-2023-40932 (A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 ...) + NOT-FOR-US: Nagios XI +CVE-2023-40931 (A SQL injection vulnerability in Nagios XI from version 5.11.0 up to a ...) + NOT-FOR-US: Nagios XI +CVE-2023-39575 (A reflected cross-site scripting (XSS) vulnerability in the url_str UR ...) + NOT-FOR-US: ISL ARP Guard +CVE-2023-38888 (Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and be ...) + - dolibarr +CVE-2023-38887 (File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allo ...) + - dolibarr +CVE-2023-38886 (An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privi ...) + - dolibarr +CVE-2023-36319 (File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote ...) + NOT-FOR-US: Openupload Stable +CVE-2023-4376 (The Serial Codes Generator and Validator with WooCommerce Support Word ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4096 (Weak password recovery mechanism vulnerability in Fujitsu Arconte \xc1 ...) + NOT-FOR-US: Fujitsu +CVE-2023-4095 (User enumeration vulnerability in Arconte \xc1urea 1.5.0.0 version. Th ...) + NOT-FOR-US: Fujitsu +CVE-2023-4094 (ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could a ...) + NOT-FOR-US: Fujitsu +CVE-2023-4093 (Reflected and persistent XSS vulnerability in Arconte \xc1urea, in its ...) + NOT-FOR-US: Fujitsu +CVE-2023-4092 (SQL injection vulnerability in Arconte \xc1urea, in its 1.5.0.0 versio ...) + NOT-FOR-US: Fujitsu +CVE-2023-43566 (In JetBrains TeamCity before 2023.05.4 stored XSS was possible during ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-42793 (In JetBrains TeamCity before 2023.05.4 authentication bypass leading t ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-42452 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-42451 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-42450 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-42447 (blurhash-rs is a pure Rust implementation of Blurhash, software for en ...) + NOT-FOR-US: Rust crate blurhash +CVE-2023-42444 (phonenumber is a library for parsing, formatting and validating intern ...) + NOT-FOR-US: Rust crate phonenumber +CVE-2023-41890 (Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, all ...) + NOT-FOR-US: Sustainsys.Saml2 +CVE-2023-41834 (Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Fl ...) + NOT-FOR-US: Apache Flink +CVE-2023-41387 (A SQL injection in the flutter_downloader component through 1.11.1 for ...) + NOT-FOR-US: flutter_downloader +CVE-2023-41179 (A vulnerability in the 3rd party AV uninstaller module contained in Tr ...) + NOT-FOR-US: Trend Micro +CVE-2023-3892 (Improper Restriction of XML External Entity Reference vulnerability in ...) + NOT-FOR-US: MIM Assistant and Client DICOM RTst Loading modules +CVE-2023-38356 (MiniTool Power Data Recovery 11.6 contains an insecure installation pr ...) + NOT-FOR-US: MiniTool Power Data Recovery +CVE-2023-38355 (MiniTool Movie Maker 7.0 contains an insecure installation process tha ...) + NOT-FOR-US: MiniTool Movie Maker +CVE-2023-38354 (MiniTool Shadow Maker version 4.1 contains an insecure installation pr ...) + NOT-FOR-US: MiniTool Movie Maker +CVE-2023-38353 (MiniTool Power Data Recovery version 11.6 and before contains an insec ...) + NOT-FOR-US: MiniTool Power Data Recovery +CVE-2023-38352 (MiniTool Partition Wizard 12.8 contains an insecure update mechanism t ...) + NOT-FOR-US: MiniTool Partition Wizard +CVE-2023-38351 (MiniTool Partition Wizard 12.8 contains an insecure installation mecha ...) + NOT-FOR-US: MiniTool Partition Wizard +CVE-2023-32649 (A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian an ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-32186 (A Allocation of Resources Without Limits or Throttling vulnerability i ...) + NOT-FOR-US: SUSE RKE2 +CVE-2023-32182 (A Improper Link Resolution Before File Access ('Link Following') vulne ...) + NOT-FOR-US: config_postfix (SUSE specific script) +CVE-2023-31808 (Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard ...) + NOT-FOR-US: Technicolor +CVE-2023-2995 (The Leyka WordPress plugin before 3.30.4 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2567 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...) + NOT-FOR-US: Nozomi Networks Guardian and CMC +CVE-2023-29245 (A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due ...) + NOT-FOR-US: Nozomi Networks Guardian and CMC +CVE-2023-4998 + - gitlab +CVE-2023-5060 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) + NOT-FOR-US: LibreNMS +CVE-2023-5054 (The Super Store Finder plugin for WordPress is vulnerable to unauthent ...) + NOT-FOR-US: WordPress plugin +CVE-2023-5009 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-42454 (SQLpage is a SQL-only webapp builder. Someone using SQLpage versions p ...) + NOT-FOR-US: SQLpage +CVE-2023-42446 (Pow is a authentication and user management solution for Phoenix and P ...) + NOT-FOR-US: Pow +CVE-2023-42443 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + NOT-FOR-US: Vyper +CVE-2023-42441 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + NOT-FOR-US: Vyper +CVE-2023-42399 (Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0- ...) + NOT-FOR-US: Jodit Editor +CVE-2023-41599 (An issue in the component /common/DownController.java of JFinalCMS v5. ...) + NOT-FOR-US: JFinalCMS +CVE-2023-41443 (SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote atta ...) + NOT-FOR-US: Novel-Plus +CVE-2023-40788 (SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to ...) + NOT-FOR-US: SpringBlade +CVE-2023-39058 (An information leak in THE_B_members card v13.6.1 allows attackers to ...) + NOT-FOR-US: THE_B_members +CVE-2023-39056 (An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain ...) + NOT-FOR-US: Coffee-jumbo +CVE-2023-39049 (An information leak in youmart-tokunaga v13.6.1 allows attackers to ob ...) + NOT-FOR-US: youmart-tokunaga +CVE-2023-39046 (An information leak in TonTon-Tei_waiting Line v13.6.1 allows attacker ...) + NOT-FOR-US: TonTon-Tei_waiting Line +CVE-2023-39043 (An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows at ...) + NOT-FOR-US: YKC Tokushima_awayokocho Line +CVE-2023-39040 (An information leak in Cheese Cafe Line v13.6.1 allows attackers to ob ...) + NOT-FOR-US: Cheese Cafe Line +CVE-2023-39039 (An information leak in Camp Style Project Line v13.6.1 allows attacker ...) + NOT-FOR-US: Camp Style Project Line +CVE-2023-38582 (Persistent cross-site scripting (XSS) in the web application of MOD3GP ...) + NOT-FOR-US: MODULYS GP +CVE-2023-38255 (A potential attacker with or without (cookie theft) access to the devi ...) + NOT-FOR-US: MODULYS GP +CVE-2023-37611 (Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a re ...) + NOT-FOR-US: Neos CMS +CVE-2023-4237 (A flaw was found in the Ansible Automation Platform. When creating a n ...) + - ansible (bug #1055300) + [buster] - ansible (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229979 + NOTE: https://github.com/advisories/GHSA-ww3m-ffrm-qvqv + NOTE: https://github.com/ansible-collections/amazon.aws/pull/1704 + NOTE: Fixed by: https://github.com/ansible-collections/amazon.aws/commit/1a077fb3a15241db8964dc086d3b15370bbd1e4a (7.0.0) +CVE-2023-42754 (A NULL pointer dereference flaw was found in the Linux kernel ipv4 sta ...) + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/10/02/8 + NOTE: https://git.kernel.org/linus/0113d9c9d1ccc07f5a3710dac4aa24b6d711278c (6.6-rc3) +CVE-2023-42753 (An array indexing vulnerability was found in the netfilter subsystem o ...) + {DLA-3623-1} + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/09/22/10 + NOTE: https://git.kernel.org/linus/050d91c03b28ca479df13dfb02bcd2c60dd6a878 (6.6-rc1) +CVE-2023-42752 (An integer overflow flaw was found in the Linux kernel. This issue lea ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/18/3 + NOTE: https://git.kernel.org/linus/915d975b2ffa58a14bfcf16fafe00c41315949ff (6.6-rc1) + NOTE: https://git.kernel.org/linus/c3b704d4a4a265660e665df51b129e8425216ed1 (6.6-rc1) +CVE-2023-42387 (An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a rem ...) + NOT-FOR-US: TDSQL Chitu management platform +CVE-2023-42371 (Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0. ...) + NOT-FOR-US: Summernote Rich Text Editor +CVE-2023-42359 (SQL injection vulnerability in Exam Form Submission in PHP with Source ...) + NOT-FOR-US: Exam Form Submission in PHP with Source Code +CVE-2023-42328 (An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remo ...) + NOT-FOR-US: PeppermintLabs Peppermint +CVE-2023-42320 (Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.1 ...) + NOT-FOR-US: Tenda +CVE-2023-42253 (Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Code-Projects Vehicle Management +CVE-2023-41965 (Sending some requests in the web application of the vulnerable device ...) + NOT-FOR-US: MODULYS GP +CVE-2023-41929 (A DLL hijacking vulnerability in Samsung Memory Card & UFD Authenticat ...) + NOT-FOR-US: Samsung +CVE-2023-41595 (An issue in xui-xray v1.8.3 allows attackers to obtain sensitive infor ...) + NOT-FOR-US: xui-xray +CVE-2023-41084 (Session management within the web application is incorrect and allows ...) + NOT-FOR-US: MODULYS GP +CVE-2023-41030 (Hard-coded credentials inJuplink RX4-1500 versions V1.0.2 through V1.0 ...) + NOT-FOR-US: Juplink RX4-1500 +CVE-2023-40221 (The absence of filters when loading some sections in the web applicati ...) + NOT-FOR-US: MODULYS GP +CVE-2023-39452 (The web application that owns the device clearly stores the credential ...) + NOT-FOR-US: MODULYS GP +CVE-2023-39446 (Thanks to the weaknesses that the web application has at the user mana ...) + NOT-FOR-US: MODULYS GP +CVE-2023-34999 (A command injection vulnerability exists in RTS VLink Virtual Matrix S ...) + NOT-FOR-US: RTS VLink Virtual Matrix Software +CVE-2023-34195 (An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyd ...) + NOT-FOR-US: Insyde InsydeH2O +CVE-2023-33831 (A remote command execution (RCE) vulnerability in the /api/runscript e ...) + NOT-FOR-US: FUXA +CVE-2023-32187 (An Allocation of Resources Without Limits or Throttling vulnerability ...) + NOT-FOR-US: SUSE k3s +CVE-2020-36766 (An issue was discovered in the Linux kernel before 5.8.6. drivers/medi ...) + - linux 5.8.7-1 + [buster] - linux 4.19.146-1 + NOTE: https://git.kernel.org/linus/6c42227c3467549ddc65efe99c869021d2f4a570 (5.9-rc1) +CVE-2023-43770 (Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 al ...) + {DLA-3577-1} + - roundcube 1.6.3+dfsg-1 (bug #1052059) + [bookworm] - roundcube 1.6.3+dfsg-1~deb12u1 + [bullseye] - roundcube 1.4.14+dfsg.1-1~deb11u1 + NOTE: https://roundcube.net/news/2023/09/15/security-update-1.6.3-released + NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/e92ec206a886461245e1672d8530cc93c618a49b (1.6.3) +CVE-2023-5036 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: Memos +CVE-2023-5034 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester My Food Recipe +CVE-2023-5033 (A vulnerability classified as critical has been found in OpenRapid Rap ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-5032 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rat ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-5031 (A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been dec ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-5030 (A vulnerability has been found in Tongda OA up to 11.10 and classified ...) + NOT-FOR-US: Tongda OA +CVE-2023-5029 (A vulnerability, which was classified as critical, was found in mccms ...) + NOT-FOR-US: mccms +CVE-2023-43115 (In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead ...) + - ghostscript 10.02.0~dfsg-1 + [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u2 + [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u6 + [buster] - ghostscript (Minor issue; documented risks, have done refactoring in later versions) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=707051 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe (ghostpdl-10.02.0rc2) +CVE-2023-43114 (An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6 ...) + - qt6-base (Windows-specific) + - qtbase-opensource-src-gles (Windows-specific) + - qtbase-opensource-src (Windows-specific) + - qt4-x11 (Windows-specific) +CVE-2023-42526 (Certain WithSecure products allow a remote crash of a scanning engine ...) + NOT-FOR-US: WithSecure +CVE-2023-42525 (Certain WithSecure products allow an infinite loop in a scanning engin ...) + NOT-FOR-US: WithSecure +CVE-2023-42524 (Certain WithSecure products allow an infinite loop in a scanning engin ...) + NOT-FOR-US: WithSecure +CVE-2023-42523 (Certain WithSecure products allow a remote crash of a scanning engine ...) + NOT-FOR-US: WithSecure +CVE-2023-42522 (Certain WithSecure products allow a remote crash of a scanning engine ...) + NOT-FOR-US: WithSecure +CVE-2023-42521 (Certain WithSecure products allow a remote crash of a scanning engine ...) + NOT-FOR-US: WithSecure +CVE-2023-42520 (Certain WithSecure products allow a remote crash of a scanning engine ...) + NOT-FOR-US: WithSecure +CVE-2023-41349 (ASUS router RT-AX88U has a vulnerability of using externally controlla ...) + NOT-FOR-US: ASUS +CVE-2023-35851 (SUNNET WMPro portal's FAQ function has insufficient validation for use ...) + NOT-FOR-US: SUNNET WMPro +CVE-2023-35850 (SUNNET WMPro portal's file management function has a vulnerability of ...) + NOT-FOR-US: SUNNET WMPro +CVE-2023-5028 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: China Unicom TEWA-800G +CVE-2023-5027 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester Simple Membership System +CVE-2023-5026 (A vulnerability classified as problematic has been found in Tongda OA ...) + NOT-FOR-US: Tongda OA +CVE-2023-5025 (A vulnerability was found in KOHA up to 23.05.03. It has been declared ...) + NOT-FOR-US: KOHA +CVE-2023-5024 (A vulnerability was found in Planno 23.04.04. It has been classified a ...) + NOT-FOR-US: Planno +CVE-2023-5023 (A vulnerability was found in Tongda OA 2017 and classified as critical ...) + NOT-FOR-US: Tongda OA +CVE-2023-5022 (A vulnerability has been found in DedeCMS up to 5.7.100 and classified ...) + NOT-FOR-US: DedeCMS +CVE-2023-5021 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-5020 (A vulnerability, which was classified as critical, has been found in 0 ...) + NOT-FOR-US: 07FLY CRM +CVE-2023-5019 (A vulnerability classified as critical was found in Tongda OA. This vu ...) + NOT-FOR-US: Tongda OA +CVE-2023-5018 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-5017 (A vulnerability was found in lmxcms up to 1.41. It has been rated as c ...) + NOT-FOR-US: lmxcms +CVE-2023-5016 (A vulnerability was found in spider-flow up to 0.5.0. It has been decl ...) + NOT-FOR-US: spider-flow +CVE-2023-5015 (A vulnerability was found in UCMS 1.4.7. It has been classified as pro ...) + NOT-FOR-US: UCMS +CVE-2023-5014 (A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and ...) + NOT-FOR-US: Sakshi2610 Food Ordering Website +CVE-2023-5013 (A vulnerability has been found in Pluck CMS 4.7.18 and classified as p ...) + NOT-FOR-US: Pluck CMS +CVE-2023-5012 (A vulnerability, which was classified as problematic, was found in Top ...) + NOT-FOR-US: Topaz OFD +CVE-2023-38040 (A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earl ...) + NOT-FOR-US: Revive Adserver +CVE-2023-3025 (The Dropbox Folder Share plugin for WordPress is vulnerable to Server- ...) + NOT-FOR-US: Dropbox Folder Share plugin for WordPress +CVE-2023-43091 [Code injection via service.json file] + - gnome-maps 45~rc-1 + [bookworm] - gnome-maps (Minor issue) + [bullseye] - gnome-maps (Vulnerable code not present) + [buster] - gnome-maps (Vulnerable code not present) + NOTE: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588 + NOTE: Introduced with merge: https://gitlab.gnome.org/GNOME/gnome-maps/-/merge_requests/227 (v43.alpha) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea (v45.rc) +CVE-2023-43090 (A vulnerability was found in GNOME Shell. GNOME Shell's lock screen al ...) + {DSA-5501-1} + - gnome-shell 44.5-1 (bug #1052067) + [bullseye] - gnome-shell (Vulnerable code introduced in 42.beta) + [buster] - gnome-shell (Vulnerable code introduced in 42.beta) + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6990 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2944 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/521525948eed85cc27c0796a0b9569d161df81ba + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/671df28a509ae208e158976f0855d91fdbea16a1 + NOTE: Introduced around: https://gitlab.gnome.org/GNOME/gnome-shell/-/8ebc478f0f24720870c4911aef707f4dc34d140c +CVE-2023-5001 (The Horizontal scrolling announcement for WordPress plugin for WordPre ...) + NOT-FOR-US: Horizontal scrolling announcement for WordPress plugin for WordPress +CVE-2023-4994 (The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Allow PHP in Posts and Pages plugin for WordPress +CVE-2023-42442 (JumpServer is an open source bastion host and a professional operation ...) + NOT-FOR-US: JumpServer +CVE-2023-42439 (GeoNode is an open source platform that facilitates the creation, shar ...) + NOT-FOR-US: GeoNode +CVE-2023-42336 (An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attack ...) + NOT-FOR-US: NETIS SYSTEMS WF2409Ev4 +CVE-2023-41901 + REJECTED +CVE-2023-41900 (Jetty is a Java based web server and servlet engine. Versions 9.4.21 t ...) + {DSA-5507-1} + - jetty9 9.4.52-1 + [buster] - jetty9 (The vulnerable code was introduced in 9.4.21) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48 + NOTE: https://github.com/eclipse/jetty.project/pull/9528 (10.0.16, 11.0.16) + NOTE: https://github.com/eclipse/jetty.project/pull/9660 (9.4.52) +CVE-2023-41626 (Gradio v3.27.0 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: Gradio +CVE-2023-41436 (Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local at ...) + NOT-FOR-US: CSZCMS +CVE-2023-41157 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) + NOT-FOR-US: Usermin +CVE-2023-39777 (A cross-site scripting (XSS) vulnerability in the Admin Control Panel ...) + NOT-FOR-US: vBulletin +CVE-2023-39612 (A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23 ...) + NOT-FOR-US: FileBrowser +CVE-2023-36735 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36727 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36562 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36160 (An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_S ...) + NOT-FOR-US: Qubo +CVE-2023-4991 (A vulnerability was found in NextBX QWAlerter 4.50. It has been rated ...) + NOT-FOR-US: NextBX QWAlerter +CVE-2023-4988 (A vulnerability, which was classified as problematic, was found in Bet ...) + NOT-FOR-US: Bettershop LaikeTui +CVE-2023-4987 (A vulnerability, which was classified as critical, has been found in i ...) + NOT-FOR-US: infinitietech taskhub +CVE-2023-4986 (A vulnerability classified as problematic was found in Supcon InPlant ...) + NOT-FOR-US: Supcon InPlant SCADA +CVE-2023-4985 (A vulnerability classified as critical has been found in Supcon InPlan ...) + NOT-FOR-US: Supcon InPlant SCADA +CVE-2023-4984 (A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has bee ...) + NOT-FOR-US: didi KnowSearch +CVE-2023-4983 (A vulnerability was found in app1pro Shopicial up to 20230830. It has ...) + NOT-FOR-US: app1pro Shopicial +CVE-2023-4982 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2023-4981 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) + NOT-FOR-US: LibreNMS +CVE-2023-4980 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) + NOT-FOR-US: LibreNMS +CVE-2023-4979 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) + NOT-FOR-US: LibreNMS +CVE-2023-4978 (Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenm ...) + NOT-FOR-US: LibreNMS +CVE-2023-4977 (Code Injection in GitHub repository librenms/librenms prior to 23.9.0.) + NOT-FOR-US: LibreNMS +CVE-2023-4974 (A vulnerability was found in Academy LMS 6.2. It has been rated as cri ...) + NOT-FOR-US: Academy LMS +CVE-2023-4973 (A vulnerability was found in Academy LMS 6.2 on Windows. It has been d ...) + NOT-FOR-US: Academy LMS +CVE-2023-4963 (The WS Facebook Like Box Widget for WordPress plugin for WordPress is ...) + NOT-FOR-US: WS Facebook Like Box Widget for WordPress plugin for WordPress +CVE-2023-4959 (A flaw was found in Quay. Cross-site request forgery (CSRF) attacks fo ...) + NOT-FOR-US: Quay +CVE-2023-4956 (A flaw was found in Quay. Clickjacking is when an attacker uses multip ...) + NOT-FOR-US: Quay +CVE-2023-4835 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: CF Software Oil Management Software +CVE-2023-4833 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Besttem Network Marketing Software +CVE-2023-4831 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Ncode Ncep +CVE-2023-4830 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Tura Signalix +CVE-2023-4680 (HashiCorp Vault and Vault Enterprise transit secrets engine allowed au ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-4673 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Sanalogy Turasistan +CVE-2023-4670 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Innosa Probbys +CVE-2023-4665 (Incorrect Execution-Assigned Permissions vulnerability in Saphira Saph ...) + NOT-FOR-US: Saphira Saphira Connect +CVE-2023-4664 (Incorrect Default Permissions vulnerability in Saphira Saphira Connect ...) + NOT-FOR-US: Saphira Saphira Connect +CVE-2023-4663 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + NOT-FOR-US: Saphira Saphira Connect +CVE-2023-4662 (Execution with Unnecessary Privileges vulnerability in Saphira Saphira ...) + NOT-FOR-US: Saphira Saphira Connect +CVE-2023-4661 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Saphira Saphira Connect +CVE-2023-4231 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Cevik Informatics Online Payment System +CVE-2023-42405 (SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attac ...) + NOT-FOR-US: FIT2CLOUD RackShift +CVE-2023-42398 (An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary ...) + NOT-FOR-US: zzCMS +CVE-2023-42362 (An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allow ...) + NOT-FOR-US: Teller Web App +CVE-2023-42270 (Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: Grocy +CVE-2023-41889 (SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHI ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-41887 (OpenRefine is a powerful free, open source tool for working with messy ...) + - openrefine 3.7.5-1 + [bookworm] - openrefine 3.6.2-2+deb12u2 + NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5 + NOTE: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 (3.7.5) +CVE-2023-41886 (OpenRefine is a powerful free, open source tool for working with messy ...) + - openrefine 3.7.5-1 + [bookworm] - openrefine 3.6.2-2+deb12u2 + NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-qqh2-wvmv-h72m + NOTE: https://github.com/OpenRefine/OpenRefine/commit/2de1439f5be63d9d0e89bbacbd24fa28c8c3e29d (master) + NOTE: https://github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511 (3.7.5) +CVE-2023-41880 (Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions fr ...) + NOT-FOR-US: Wasmtime +CVE-2023-41592 (Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site ...) + NOT-FOR-US: Froala Editor +CVE-2023-41325 (OP-TEE is a Trusted Execution Environment (TEE) designed as companion ...) + NOT-FOR-US: OP-TEE +CVE-2023-41160 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) + NOT-FOR-US: Usermin +CVE-2023-41159 (A Stored Cross-Site Scripting (XSS) vulnerability while editing the au ...) + NOT-FOR-US: Usermin +CVE-2023-41156 (A Stored Cross-Site Scripting (XSS) vulnerability in the filter and fo ...) + NOT-FOR-US: Usermin +CVE-2023-41043 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-41042 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-40986 (A stored cross-site scripting (XSS) vulnerability in the Usermin Confi ...) + - webmin +CVE-2023-40985 (An issue was discovered in Webmin 2.100. The File Manager functionalit ...) + - webmin +CVE-2023-40984 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...) + - webmin +CVE-2023-40983 (A reflected cross-site scripting (XSS) vulnerability in the File Manag ...) + - webmin +CVE-2023-40982 (A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 all ...) + - webmin +CVE-2023-40958 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) + NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) +CVE-2023-40957 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) + NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) +CVE-2023-40956 (A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 ...) + NOT-FOR-US: Cloudroits Website Job Search +CVE-2023-40955 (A SQL injection vulnerability in Didotech srl Engineering & Lifecycle ...) + NOT-FOR-US: Didotech srl Engineering & Lifecycle Management (aka pdm) +CVE-2023-40869 (Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1 ...) + NOT-FOR-US: mooSocial +CVE-2023-40868 (Cross Site Request Forgery vulnerability in mooSocial MooSocial Softwa ...) + NOT-FOR-US: mooSocial +CVE-2023-40588 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-40167 (Jetty is a Java based web server and servlet engine. Prior to versions ...) + {DSA-5507-1 DLA-3592-1} + - jetty9 9.4.52-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6 + NOTE: https://github.com/eclipse/jetty.project/pull/10329 + NOTE: https://github.com/eclipse/jetty.project/commit/e4d596eafc887bcd813ae6e28295b5ce327def47 +CVE-2023-40019 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) +CVE-2023-40018 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) +CVE-2023-3891 (Race condition in Lapce v0.2.8 allows an attacker to elevate privilege ...) + NOT-FOR-US: Lapce +CVE-2023-3378 + REJECTED +CVE-2023-39643 (Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL inje ...) + NOT-FOR-US: Bl Modules xmlfeeds +CVE-2023-39642 (Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL inje ...) + NOT-FOR-US: Carts Guru cartsguru +CVE-2023-39641 (Active Design psaffiliate before v1.9.8 was discovered to contain a SQ ...) + NOT-FOR-US: Active Design psaffiliate +CVE-2023-39639 (LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injectio ...) + NOT-FOR-US: LeoTheme leoblog +CVE-2023-39638 (D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain ...) + NOT-FOR-US: D-Link +CVE-2023-38912 (SQL injection vulnerability in Super Store Finder PHP Script v.3.6 all ...) + NOT-FOR-US: Super Store Finder PHP Script +CVE-2023-38891 (SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote auth ...) + NOT-FOR-US: Vtiger CRM +CVE-2023-38706 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-38507 (Strapi is the an open-source headless content management system. Prior ...) + NOT-FOR-US: Strapi +CVE-2023-37459 (Contiki-NG is an operating system for internet-of-things devices. In v ...) + NOT-FOR-US: Contiki-NG +CVE-2023-37281 (Contiki-NG is an operating system for internet-of-things devices. In v ...) + NOT-FOR-US: Contiki-NG +CVE-2023-37263 (Strapi is the an open-source headless content management system. Prior ...) + NOT-FOR-US: Strapi +CVE-2023-36659 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long ...) + NOT-FOR-US: OPSWAT MetaDefender KIOSK +CVE-2023-36658 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It ha ...) + NOT-FOR-US: OPSWAT MetaDefender KIOSK +CVE-2023-36657 (An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built ...) + NOT-FOR-US: OPSWAT MetaDefender KIOSK +CVE-2023-36479 (Eclipse Jetty Canonical Repository is the canonical repository for the ...) + {DSA-5507-1 DLA-3592-1} + - jetty9 9.4.52-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j + NOTE: https://github.com/eclipse/jetty.project/pull/9888 + NOTE: Jetty 9.x, 10.x, and 11.x the org.eclipse.jetty.servlets.CGI has been deprecated + NOTE: and in Jetty 12 entirely removed. +CVE-2023-36472 (Strapi is an open-source headless content management system. Prior to ...) + NOT-FOR-US: Strapi +CVE-2023-32461 (Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow ...) + NOT-FOR-US: Dell +CVE-2023-4958 (In Red Hat Advanced Cluster Security (RHACS), it was found that some s ...) + NOT-FOR-US: StackRox +CVE-2023-4972 (Improper Privilege Management vulnerability in Yepas Digital Yepas all ...) + NOT-FOR-US: Yepas Digital Yepas +CVE-2023-4965 (A vulnerability was found in phpipam 1.5.1. It has been rated as probl ...) + - phpipam (bug #731713) +CVE-2023-4951 (A cross site scripting issue was discovered with the pagination functi ...) + NOT-FOR-US: GreenRADIUS web admin interface +CVE-2023-4832 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Aceka Company Management +CVE-2023-4766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Movus +CVE-2023-4702 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...) + NOT-FOR-US: Yepas Digital Yepas +CVE-2023-4676 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Yordam MedasPro +CVE-2023-4669 (Authentication Bypass by Assumed-Immutable Data vulnerability in Exaga ...) + NOT-FOR-US: Exagate SYSGuard 3001 +CVE-2023-4516 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2023-42180 (An arbitrary file upload vulnerability in the /user/upload component o ...) + NOT-FOR-US: lenosp +CVE-2023-42178 (Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query mo ...) + NOT-FOR-US: lenosp +CVE-2023-41588 (A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.1 ...) + NOT-FOR-US: Time to SLA plugin +CVE-2023-41011 (Command Execution vulnerability in China Mobile Communications China M ...) + NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway +CVE-2023-41010 (Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communicat ...) + NOT-FOR-US: China Telecom Tianyi Home Gateway +CVE-2023-40779 (An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remo ...) + NOT-FOR-US: IceWarp +CVE-2023-39286 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) + NOT-FOR-US: Mitel +CVE-2023-39285 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + NOT-FOR-US: Mitel +CVE-2023-38558 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...) + NOT-FOR-US: Siemens +CVE-2023-38557 (A vulnerability has been identified in Spectrum Power 7 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-37756 (I-doit pro 25 and below and I-doit open 25 and below employ weak passw ...) + NOT-FOR-US: I-doit pro +CVE-2023-37755 (i-doit pro 25 and below and I-doit open 25 and below are configured wi ...) + NOT-FOR-US: I-doit pro +CVE-2023-37739 (i-doit Pro v25 and below was discovered to be vulnerable to path trave ...) + NOT-FOR-US: I-doit pro +CVE-2023-36250 (CSV Injection vulnerability in GNOME time tracker version 3.0.2, allow ...) + - hamster-time-tracker + NOTE: https://github.com/BrunoTeixeira1996/CVE-2023-36250/blob/main/README.md + NOTE: Report sounds a little dubious, it's not really clear whether this cross any security boundary +CVE-2023-2848 (Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hija ...) + NOT-FOR-US: Movim +CVE-2023-4948 (The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable ...) + NOT-FOR-US: WooCommerce CVR Payment Gateway plugin for WordPress +CVE-2023-4945 (The Booster for WooCommerce plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Booster for WooCommerce plugin for WordPress +CVE-2023-4944 (The Awesome Weather Widget for WordPress plugin for WordPress is vulne ...) + NOT-FOR-US: Awesome Weather Widget for WordPress plugin for WordPress +CVE-2023-4841 (The Feeds for YouTube for WordPress plugin for WordPress is vulnerable ...) + NOT-FOR-US: Feeds for YouTube for WordPress plugin for WordPress +CVE-2023-4814 (A Privilege escalation vulnerability exists in Trellix Windows DLP end ...) + NOT-FOR-US: Trellix +CVE-2023-4568 (PaperCut NG allows for unauthenticated XMLRPC commands to be run by de ...) + NOT-FOR-US: PaperCut +CVE-2023-42503 (Improper Input Validation, Uncontrolled Resource Consumption vulnerabi ...) + - libcommons-compress-java 1.24.0-1 (bug #1052065) + [bookworm] - libcommons-compress-java (Minor issue) + [bullseye] - libcommons-compress-java (Vulnerable code introduced later) + [buster] - libcommons-compress-java (Vulnerable code introduced later) + NOTE: https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c + NOTE: Introduced due: https://issues.apache.org/jira/browse/COMPRESS-612 (1.22) +CVE-2023-41267 (In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a docume ...) + NOT-FOR-US: Apache Airflow HDFS Provider +CVE-2023-41162 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...) + NOT-FOR-US: Usermin +CVE-2023-41158 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...) + NOT-FOR-US: Usermin +CVE-2023-41155 (A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwardi ...) + - webmin +CVE-2023-41154 (A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cro ...) + NOT-FOR-US: Usermin +CVE-2023-41152 (A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type pro ...) + NOT-FOR-US: Usermin +CVE-2023-40617 (A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeM ...) + NOT-FOR-US: OpenKnowledgeMaps Head Start +CVE-2023-38206 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-38205 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-38204 (Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-4910 (A flaw was found In 3Scale Admin Portal. If a user logs out from the p ...) + NOT-FOR-US: 3scale-admin-portal +CVE-2023-38039 (When curl retrieves an HTTP response, it stores the incoming headers s ...) + - curl 8.3.0-1 + [bookworm] - curl 7.88.1-10+deb12u3 + [bullseye] - curl (Vulnerable code not present) + [buster] - curl (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/13/1 + NOTE: https://curl.se/docs/CVE-2023-38039.html + NOTE: Introduced by: https://github.com/curl/curl/commit/7c8c723682d524ac9580b9ca3b71419163cb5660 (curl-7_83_0) + NOTE: Experimental tag removed in: https://github.com/curl/curl/commit/4d94fac9f0d1dd02b8308291e4c47651142dc28b (curl-7_84_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/3ee79c1674fd6f99e8efca52cd7510e08b766770 (curl-8_3_0) +CVE-2023-4828 (An improper check for an exceptional condition in the Insider Threat M ...) + NOT-FOR-US: Insider Threat Management (ITM) Server +CVE-2023-4803 (A reflected cross-site scripting vulnerability in the WriteWindowTitle ...) + NOT-FOR-US: Insider Threat Management (ITM) Server +CVE-2023-4802 (A reflected cross-site scripting vulnerability in the UpdateInstalledS ...) + NOT-FOR-US: Insider Threat Management (ITM) Server +CVE-2023-4801 (An improper certification validation vulnerability in the Insider Thre ...) + NOT-FOR-US: Insider Threat Management (ITM) Server +CVE-2023-4785 (Lack of error handling in the TCP server in Google's gRPC starting ver ...) + - grpc + [bookworm] - grpc (Minor issue) + [bullseye] - grpc (Minor issue) + [buster] - grpc (Minor issue) + NOTE: https://github.com/grpc/grpc/pull/33656 + NOTE: https://github.com/grpc/grpc/pull/33667 + NOTE: https://github.com/grpc/grpc/pull/33669 + NOTE: https://github.com/grpc/grpc/pull/33670 + NOTE: https://github.com/grpc/grpc/pull/33672 +CVE-2023-4701 + REJECTED +CVE-2023-42469 (The com.full.dialer.top.secure.encrypted application through 1.0.1 for ...) + NOT-FOR-US: com.full.dialer.top.secure.encrypted application +CVE-2023-42468 (The com.cutestudio.colordialer application through 2.1.8-2 for Android ...) + NOT-FOR-US: com.cutestudio.colordialer application +CVE-2023-41892 (Craft CMS is a platform for creating digital experiences. This is a hi ...) + NOT-FOR-US: Craft CMS +CVE-2023-41081 (Important: Authentication Bypass CVE-2023-41081 The mod_jk component ...) + {DLA-3580-1} + - libapache-mod-jk 1:1.2.49-1 (bug #1051956) + [bookworm] - libapache-mod-jk 1:1.2.48-2+deb12u1 + [bullseye] - libapache-mod-jk 1:1.2.48-1+deb11u1 + NOTE: https://lists.apache.org/thread/rd1r26w7271jyqgzr4492tooyt583d8b + NOTE: http://www.openwall.com/lists/oss-security/2023/09/13/2 + NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.49 + NOTE: https://github.com/apache/tomcat-connectors/commit/0095b6cb84f41313ee4c0364b49c766168790792 +CVE-2023-40850 (netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There ...) + NOT-FOR-US: netentsec NS-ASG +CVE-2023-40717 (A use of hard-coded credentials vulnerability [CWE-798] inFortiTester2 ...) + NOT-FOR-US: FortiGuard +CVE-2023-40715 (A cleartext storage of sensitive information vulnerability [CWE-312] i ...) + NOT-FOR-US: FortiGuard +CVE-2023-3935 (A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network ...) + NOT-FOR-US: Wibu CodeMeter Runtime +CVE-2023-3588 (A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork C ...) + NOT-FOR-US: 3ds +CVE-2023-3280 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-39928 (A use-after-free vulnerability exists in the MediaRecorder API of Webk ...) + {DSA-5527-1} + - webkit2gtk 2.42.0-1 + [buster] - webkit2gtk (EOL in buster LTS) + - wpewebkit 2.42.0-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0009.html +CVE-2023-39916 (NLnet Labs\u2019 Routinator 0.9.0 up to and including 0.12.1 contains ...) + - routinator (bug #929024) +CVE-2023-39915 (NLnet Labs\u2019 Routinator up to and including version 0.12.1 may cra ...) + - routinator (bug #929024) +CVE-2023-39914 (NLnet Labs\u2019 bcder library up to and including version 0.7.2 panic ...) + - rust-bcder 0.7.3-1 (bug #1052176) + [bookworm] - rust-bcder (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0062.html + NOTE: https://nlnetlabs.nl/downloads/bcder/CVE-2023-39914.txt + NOTE: https://github.com/NLnetLabs/bcder/pull/74 +CVE-2023-38215 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-38214 (Adobe Experience Manager versions 6.5.17 and earlier are affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-36642 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2023-36638 (An improper privilege management vulnerability [CWE-269] in FortiManag ...) + NOT-FOR-US: FortiGuard +CVE-2023-36634 (An incomplete filtering of one or more instances of special elements v ...) + NOT-FOR-US: FortiGuard +CVE-2023-36551 (A exposure of sensitive information to an unauthorized actor in Fortin ...) + NOT-FOR-US: FortiGuard +CVE-2023-34984 (A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2. ...) + NOT-FOR-US: FortiGuard +CVE-2023-4039 (A failure in the -fstack-protector feature in GCC-based toolchains th ...) + - gcc-13 13.2.0-4 + - gcc-12 12.3.0-9 + [bookworm] - gcc-12 (Minor issue) + - gcc-11 11.4.0-4 + [bookworm] - gcc-11 (Minor issue) + - gcc-10 + [bullseye] - gcc-10 (Minor issue) + - gcc-9 + [bullseye] - gcc-9 (Minor issue) + - gcc-8 + [buster] - gcc-8 (Minor issue) + - gcc-7 + [buster] - gcc-7 (Minor issue) + NOTE: https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf +CVE-2023-4928 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.) + NOT-FOR-US: icms2 +CVE-2023-4917 (The Leyka plugin for WordPress is vulnerable to Sensitive Information ...) + NOT-FOR-US: Leyka plugin for WordPress +CVE-2023-4916 (The Login with phone number plugin for WordPress is vulnerable to Cros ...) + NOT-FOR-US: Login with phone number plugin for WordPress +CVE-2023-4915 (The WP User Control plugin for WordPress is vulnerable to unauthorized ...) + NOT-FOR-US: WP User Control plugin for WordPress +CVE-2023-4400 (A password management vulnerability in Skyhigh Secure Web Gateway (SWG ...) + NOT-FOR-US: Skyhigh Secure Web Gateway (SWG) +CVE-2023-4213 (The Simplr Registration Form Plus+ plugin for WordPress is vulnerable ...) + NOT-FOR-US: Simplr Registration Form Plus+ plugin for WordPress +CVE-2023-4153 (The BAN Users plugin for WordPress is vulnerable to privilege escalati ...) + NOT-FOR-US: BAN Users plugin for WordPress +CVE-2023-41423 (Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 a ...) + NOT-FOR-US: WP Githuber MD plugin +CVE-2023-39073 (An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arb ...) + NOT-FOR-US: SNMP Web Pro +CVE-2023-3867 [ksmbd: add missing compound request handing in some commands] + - linux 6.4.11-1 + [bookworm] - linux 6.1.52-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-981/ + NOTE: https://git.kernel.org/linus/7b7d709ef7cf285309157fb94c33f625dd22c5e1 (6.5-rc1) +CVE-2023-3866 [ksmbd: validate session id and tree id in the compound request] + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-979/ + NOTE: https://git.kernel.org/linus/5005bcb4219156f1bf7587b185080ec1da08518e (6.4) +CVE-2023-3865 [ksmbd: fix out-of-bound read in smb2_write] + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-980/ + NOTE: https://git.kernel.org/linus/5fe7f7b78290638806211046a99f031ff26164e1 (6.4) +CVE-2023-4813 (A flaw was found in glibc. In an uncommon situation, the gaih_inet fun ...) + - glibc 2.36-3 + [bullseye] - glibc (Minor issue) + [buster] - glibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28931 + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1c37b8022e8763fedbb3f79c02e05c6acfe5a215 (glibc-2.36) +CVE-2023-4806 (A flaw was found in glibc. In an extremely rare situation, the getaddr ...) + - glibc 2.37-10 + [bookworm] - glibc 2.36-9+deb12u3 + [bullseye] - glibc (Minor issue) + [buster] - glibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30843 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=973fe93a5675c42798b2161c6f29c01b0e243994 + NOTE: When fixing this issue in older releases make sure to not open CVE-2023-5156. +CVE-2023-4527 (A flaw was found in glibc. When the getaddrinfo function is called wit ...) + - glibc 2.37-9 (bug #1051958) + [bookworm] - glibc 2.36-9+deb12u3 + [bullseye] - glibc (Vulnerable code not present) + [buster] - glibc (Vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30842 + NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f282cdbe7f436c75864e5640a409a10485e9abb2 (glibc-2.36) + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4ea972b7edd7e36610e8cde18bf7a8149d7bac4f (release/2.36/master branch) + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7529346025a130fee483d42178b5c118da971bb (release/2.37/master branch) + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b25508dd774b617f99419bdc3cf2ace4560cd2d6 (release/2.38/master branch) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/25/1 +CVE-2023-4921 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_qf ...) + {DLA-3623-1} + - linux 6.5.6-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://kernel.dance/#8fc134fee27f2263988ae38920bc03da416b03d8 + NOTE: https://git.kernel.org/linus/8fc134fee27f2263988ae38920bc03da416b03d8 (6.6-rc1) +CVE-2023-4918 (A flaw was found in the Keycloak package, more specifically org.keyclo ...) + NOT-FOR-US: Keycloak +CVE-2023-4914 (Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7 ...) + NOT-FOR-US: cecil.app +CVE-2023-4913 (Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/c ...) + NOT-FOR-US: cecil.app +CVE-2023-4759 (Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, al ...) + - jgit (bug #1055853) + [bookworm] - jgit (Minor issue) + [bullseye] - jgit (Minor issue) + [buster] - jgit (Minor issue. Only case-insensitive filesystems are affected) + NOTE: https://git.eclipse.org/c/jgit/jgit.git/commit/?id=9072103f3b3cf64dd12ad2949836ab98f62dabf1 (v6.6.1.202309021850-r) + NOTE: https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/11 +CVE-2023-4501 (User authentication with username and password credentials is ineffect ...) + NOT-FOR-US: Micro Focus +CVE-2023-41885 (Piccolo is an ORM and query builder which supports asyncio. In version ...) + NOT-FOR-US: Piccolo +CVE-2023-41846 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-41764 (Microsoft Office Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-41331 (SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerab ...) + NOT-FOR-US: SOFARPC +CVE-2023-41036 (Macvim is a text editor for MacOS. Prior to version 178, Macvim makes ...) + NOT-FOR-US: Macvim +CVE-2023-41033 (A vulnerability has been identified in Parasolid V35.0 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-41032 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-41013 (Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allow ...) + NOT-FOR-US: IceWarp +CVE-2023-40834 (OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.) + NOT-FOR-US: OpenCart +CVE-2023-40784 (DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/modul ...) + NOT-FOR-US: DedeCMS +CVE-2023-40732 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40731 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40730 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40729 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40728 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40727 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40726 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40725 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40724 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-40712 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2023-40611 (Apache Airflow, versions before 2.7.1, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2023-40218 (An issue was discovered in the NPU kernel driver in Samsung Exynos Mob ...) + NOT-FOR-US: Samsung +CVE-2023-3712 (Files or Directories Accessible to External Parties vulnerability in H ...) + NOT-FOR-US: Honeywell +CVE-2023-3711 (Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Print ...) + NOT-FOR-US: Honeywell +CVE-2023-3710 (Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, A ...) + NOT-FOR-US: Honeywell +CVE-2023-39637 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injecti ...) + NOT-FOR-US: D-Link +CVE-2023-39215 (Improper authentication in Zoom clients may allow an authenticated use ...) + NOT-FOR-US: Zoom +CVE-2023-39208 (Improper input validation in Zoom Desktop Client for Linux before vers ...) + NOT-FOR-US: Zoom +CVE-2023-39201 (Untrusted search path in CleanZoom before file date 07/24/2023 may all ...) + NOT-FOR-US: Zoom +CVE-2023-39150 (ConEmu before commit 230724 does not sanitize title responses correctl ...) + NOT-FOR-US: ConEmu +CVE-2023-38164 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-38163 (Windows Defender Attack Surface Reduction Security Feature Bypass) + NOT-FOR-US: Microsoft +CVE-2023-38162 (DHCP Server Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38161 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38160 (Windows TCP/IP Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38156 (Azure HDInsight Apache Ambari JDBC Injection Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-38155 (Azure DevOps Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38152 (DHCP Server Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38150 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38149 (Windows TCP/IP Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38148 (Internet Connection Sharing (ICS) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38147 (Windows Miracast Wireless Display Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38146 (Windows Themes Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38144 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-38143 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-38142 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38141 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38140 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38139 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38076 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38075 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38074 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38073 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38072 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38071 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-38070 (A vulnerability has been identified in JT2Go (All versions < V14.3.0.1 ...) + NOT-FOR-US: Siemens +CVE-2023-37881 (Weak access control in Wing FTP Server (Admin Web Client) allows for p ...) + NOT-FOR-US: Wing FTP Server +CVE-2023-37879 (Insecure storage of sensitive information in Wing FTP Server (User Web ...) + NOT-FOR-US: Wing FTP Server +CVE-2023-37878 (Insecure default permissions in Wing FTP Server (Admin Web Client) all ...) + NOT-FOR-US: Wing FTP Server +CVE-2023-37875 (Improper encoding or escaping of output in Wing FTP Server (User Web C ...) + NOT-FOR-US: Wing FTP Server +CVE-2023-36886 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-36805 (Windows MSHTML Platform Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36804 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36803 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36802 (Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36801 (DHCP Server Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36800 (Dynamics Finance and Operations Cross-site Scripting Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36799 (.NET Core and Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36796 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36794 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36793 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36792 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36788 (.NET Framework Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2023-36777 (Microsoft Exchange Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36773 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36772 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36771 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36770 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36767 (Microsoft Office Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36766 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36765 (Microsoft Office Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36764 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36763 (Microsoft Outlook Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36762 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36761 (Microsoft Word Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36760 (3D Viewer Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36759 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36758 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36757 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36756 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36745 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36744 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36742 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36740 (3D Viewer Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36739 (3D Viewer Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36736 (Microsoft Identity Linux Broker Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35355 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-34470 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) + NOT-FOR-US: AMI AptioV +CVE-2023-34469 (AMI AptioV contains a vulnerability in BIOS where an Attacker may use ...) + NOT-FOR-US: AMI AptioV +CVE-2023-33136 (Azure DevOps Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-XXXX [receiving with Lightning: partial MPP might be accepted] + - electrum 4.4.6+dfsg-1 (bug #1052200) + [bookworm] - electrum 4.3.4+dfsg1-1+deb12u1 + [bullseye] - electrum (Vulnerable code introduced in 4.1.0 release) + NOTE: https://github.com/spesmilo/electrum/security/advisories/GHSA-8r85-vp7r-hjxf + NOTE: https://github.com/spesmilo/electrum/issues/8588 + NOTE: https://github.com/spesmilo/electrum/commit/11fba68126f82d05de90efd67f2b43dfd1b8f22c +CVE-2023-31417 (Elasticsearch generally filters out sensitive information and credenti ...) + - elasticsearch +CVE-2023-XXXX [RUSTSEC-2023-0059: Unaligned read of *const *const c_char pointer] + - rust-users (bug #1051808) + [bookworm] - rust-users (Minor issue) + [bullseye] - rust-users (Minor issue) + [buster] - rust-users (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0059.html + NOTE: https://github.com/ogham/rust-users/issues/55 + NOTE: Proposed patch: https://github.com/dhruvkb/rust-users/commit/e6ba8a88e0127f0d17ddd99f80f85d2c1722b227 +CVE-2023-XXXX [RUSTSEC-2023-0058: Exposes reference to non-Sync data to an arbitrary thread] + - rust-inventory (Fixed before initial upload to the archive) + NOTE: https://github.com/dtolnay/inventory/commit/762b5ce107a9f0d80121e614cad2d33c89c88584 (0.2.0) + NOTE: https://github.com/dtolnay/inventory/pull/42 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0058.html +CVE-2023-XXXX [RUSTSEC-2023-0057: Fails to prohibit standard library access prior to initialization of Rust standard library runtime] + - rust-inventory (Fixed before initial upload to the archive) + NOTE: https://github.com/dtolnay/inventory/commit/b499293ff75e4f65e8cdcb50280a9247d8df814a (0.2.0) + NOTE: https://github.com/dtolnay/inventory/pull/43 + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0057.html +CVE-2023-4899 (SQL Injection in GitHub repository mintplex-labs/anything-llm prior to ...) + NOT-FOR-US: anything-llm +CVE-2023-4898 (Authentication Bypass by Primary Weakness in GitHub repository mintple ...) + NOT-FOR-US: anything-llm +CVE-2023-4897 (Relative Path Traversal in GitHub repository mintplex-labs/anything-ll ...) + NOT-FOR-US: anything-llm +CVE-2023-4893 (The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Se ...) + NOT-FOR-US: Crayon Syntax Highlighter plugin for WordPress +CVE-2023-4890 (The JQuery Accordion Menu Widget for WordPress plugin for WordPress is ...) + NOT-FOR-US: JQuery Accordion Menu Widget for WordPress plugin for WordPress +CVE-2023-4887 (The Google Maps Plugin by Intergeo for WordPress plugin for WordPress ...) + NOT-FOR-US: Google Maps Plugin by Intergeo for WordPress plugin for WordPress +CVE-2023-4909 (Inappropriate implementation in Interstitials in Google Chrome prior t ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4908 (Inappropriate implementation in Picture in Picture in Google Chrome pr ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4907 (Inappropriate implementation in Intents in Google Chrome on Android pr ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4906 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4905 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4904 (Insufficient policy enforcement in Downloads in Google Chrome prior to ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4903 (Inappropriate implementation in Custom Mobile Tabs in Google Chrome on ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4902 (Inappropriate implementation in Input in Google Chrome prior to 117.0. ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4901 (Inappropriate implementation in Prompts in Google Chrome prior to 117. ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4900 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) + {DSA-5499-1} + - chromium 117.0.5938.62-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4863 (Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.1 ...) + {DSA-5497-2 DSA-5498-1 DSA-5497-1 DSA-5496-1 DLA-3570-1 DLA-3569-1 DLA-3568-1} + - chromium 117.0.5938.62-1 (unimportant) + [buster] - chromium (see DSA 5046) + - firefox 117.0.1-1 + - firefox-esr 115.2.1esr-1 + - thunderbird 1:115.2.2-1 + - libwebp 1.2.4-0.3 (bug #1051787) + NOTE: https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html + NOTE: src:chromium builds against the system libwebp library + NOTE: Fixed by: https://chromium.googlesource.com/webm/libwebp.git/+/902bc9190331343b2017211debcec8d2ab87e17a%5E%21/ + NOTE: Followup: https://chromium.googlesource.com/webm/libwebp.git/+/95ea5226c870449522240ccff26f0b006037c520%5E%21/#F0 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/#CVE-2023-4863 +CVE-2023-4840 (The MapPress Maps for WordPress plugin for WordPress is vulnerable to ...) + NOT-FOR-US: MapPress Maps for WordPress plugin for WordPress +CVE-2023-42472 (Due to insufficient file type validation, SAP BusinessObjectsBusiness ...) + NOT-FOR-US: SAP +CVE-2023-41990 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-41879 (Magento LTS is the official OpenMage LTS codebase. Guest orders may be ...) + NOT-FOR-US: Magento LTS / OpenMage LTS +CVE-2023-41369 (The Create Single Payment application of SAP S/4HANA- versions 100, 10 ...) + NOT-FOR-US: SAP +CVE-2023-41368 (The OData service of the S4 HANA (Manage checkbook apps) - versions 10 ...) + NOT-FOR-US: SAP +CVE-2023-41367 (Due to missing authentication check in webdynpro application, an unaut ...) + NOT-FOR-US: SAP +CVE-2023-40625 (S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, ...) + NOT-FOR-US: SAP +CVE-2023-40624 (SAP NetWeaver AS ABAP (applications based on Unified Rendering)- versi ...) + NOT-FOR-US: SAP +CVE-2023-40623 (SAP BusinessObjects SuiteInstaller - version 420, 430, allows an attac ...) + NOT-FOR-US: SAP +CVE-2023-40622 (SAP BusinessObjects Business Intelligence Platform (Promotion Manageme ...) + NOT-FOR-US: SAP +CVE-2023-40621 (SAP PowerDesigner Client - version 16.7, allows an unauthenticated att ...) + NOT-FOR-US: SAP +CVE-2023-40442 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-40440 (This issue was addressed with improved state management of S/MIME encr ...) + NOT-FOR-US: Apple +CVE-2023-40309 (SAP CommonCryptoLib does not perform necessary authentication checks, ...) + NOT-FOR-US: SAP +CVE-2023-40308 (SAP CommonCryptoLiballows an unauthenticated attacker to craft a reque ...) + NOT-FOR-US: SAP +CVE-2023-3039 (SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access C ...) + NOT-FOR-US: Dell +CVE-2023-39069 (An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 al ...) + NOT-FOR-US: StrangeBee TheHive +CVE-2023-38878 (A reflected cross-site scripting (XSS) vulnerability in DevCode OpenST ...) + NOT-FOR-US: DevCode OpenSTAManager +CVE-2023-37489 (Due to the lack of validation, SAP BusinessObjects Business Intelligen ...) + NOT-FOR-US: SAP +CVE-2023-35687 (In MtpPropertyValue of MtpProperty.h, there is a possible memory corru ...) + NOT-FOR-US: Android +CVE-2023-35684 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2023-35683 (In bindSelection of DatabaseUtils.java, there is a possible way to acc ...) + NOT-FOR-US: Android +CVE-2023-35682 (In hasPermissionForActivity of PackageManagerHelper.java, there is a p ...) + NOT-FOR-US: Android +CVE-2023-35681 (In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-35680 (In multiple locations, there is a possible way to import contacts belo ...) + NOT-FOR-US: Android +CVE-2023-35679 (In MtpPropertyValue of MtpProperty.h, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-35677 (In onCreate of DeviceAdminAdd.java, there is a possible way to forcibl ...) + NOT-FOR-US: Android +CVE-2023-35676 (In createQuickShareAction of SaveImageInBackgroundTask.java, there is ...) + NOT-FOR-US: Android +CVE-2023-35675 (In loadMediaResumptionControls of MediaResumeListener.kt, there is a p ...) + NOT-FOR-US: Android +CVE-2023-35674 (In onCreate of WindowState.java, there is a possible way to launch a b ...) + NOT-FOR-US: Android +CVE-2023-35673 (In build_read_multi_rsp of gatt_sr.cc, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2023-35671 (In onHostEmulationData of HostEmulationManager.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-35670 (In computeValuesFromData of FileUtils.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-35669 (In checkKeyIntentParceledCorrectly of AccountManagerService.java, ther ...) + NOT-FOR-US: Android +CVE-2023-35667 (In updateList of NotificationAccessSettings.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-35666 (In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free ...) + NOT-FOR-US: Android +CVE-2023-35665 (In multiple files, there is a possible way to import a contact from an ...) + NOT-FOR-US: Android +CVE-2023-35664 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-35658 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible priv ...) + NOT-FOR-US: Android +CVE-2023-4881 + REJECTED +CVE-2023-4318 (The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4314 (The wpDataTables WordPress plugin before 2.1.66 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4307 (The Lock User Account WordPress plugin through 1.0.3 does not have CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4294 (The URL Shortify WordPress plugin before 1.7.6 does not properly escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4278 (The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 do ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4270 (The Min Max Control WordPress plugin before 4.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4060 (The WP Adminify WordPress plugin before 3.1.6 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4022 (The Herd Effects WordPress plugin before 5.2.3 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41609 (An open redirect vulnerability in the sanitize_url() parameter of Couc ...) + NOT-FOR-US: CouchCMS +CVE-2023-41593 (Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop ...) + NOT-FOR-US: Dairy Farm Shop Management System +CVE-2023-41336 (ux-autocomplete is a JavaScript Autocomplete functionality for Symfony ...) + NOT-FOR-US: ux-autocomplete +CVE-2023-41256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) + NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration +CVE-2023-41103 (Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in ...) + NOT-FOR-US: Interact +CVE-2023-41000 (GPAC through 2.2.1 has a use-after-free vulnerability in the function ...) + - gpac (bug #1051955) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2550 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/0018b5e4e07a1465287e7dff69b387929f5a75fa +CVE-2023-40946 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $usernam ...) + NOT-FOR-US: Schoolmate +CVE-2023-40945 (Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Inje ...) + NOT-FOR-US: Sourcecodester Doctor Appointment System +CVE-2023-40944 (Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schooln ...) + NOT-FOR-US: Schoolmate +CVE-2023-40786 (HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowi ...) + NOT-FOR-US: HKcms +CVE-2023-40150 (Softneta MedDream PACS does not perform an authentication check and pe ...) + NOT-FOR-US: Softneta MedDream PACS +CVE-2023-40032 (libvips is a demand-driven, horizontally threaded image processing lib ...) + - vips 8.14.4-1 + [bookworm] - vips 8.14.1-3+deb12u1 + [bullseye] - vips (Vulnerable code not present) + [buster] - vips (Vulnerable code not present) + NOTE: https://github.com/libvips/libvips/pull/3604 + NOTE: Introduced by: https://github.com/libvips/libvips/commit/b2527da53143a38bca96f4a3371ccd0856c0268b (v8.12.0-rc1) + NOTE: Fixed by: https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b (v8.14.4) +CVE-2023-3612 (Govee Home app has unprotected access to WebView component which can b ...) + NOT-FOR-US: Govee Home app +CVE-2023-3510 (The FTP Access WordPress plugin through 1.0 does not have authorisatio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3170 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3169 (The tagDiv Composer WordPress plugin before 4.2, used as a companion b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39780 (ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authentic ...) + NOT-FOR-US: ASUS +CVE-2023-39227 (Softneta MedDream PACSstores usernames and passwords in plaintext. The ...) + NOT-FOR-US: Softneta MedDream PACS +CVE-2023-39070 (An issue in Cppcheck 2.12 dev allows a local attacker to execute arbit ...) + - cppcheck (unimportant) + NOTE: https://sourceforge.net/p/cppcheck/discussion/general/thread/fa43fb8ab1/ +CVE-2023-39068 (Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC ...) + NOT-FOR-US: NBD80S09S-KLC +CVE-2023-39067 (Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allo ...) + NOT-FOR-US: ZLMediaKiet +CVE-2023-39063 (Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local at ...) + NOT-FOR-US: RaidenFTPD +CVE-2023-38829 (An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker ...) + NOT-FOR-US: NETIS SYSTEMS WF2409E +CVE-2023-38743 (Zoho ManageEngine ADManager Plus before Build 7200 allows admin users ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-38256 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) + NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration +CVE-2023-36980 (An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balanc ...) + NOT-FOR-US: Ethereum Blockchain +CVE-2023-36497 (Dover Fueling Solutions MAGLINK LX Web Console Configuration versions ...) + NOT-FOR-US: Dover Fueling Solutions MAGLINK LX Web Console Configuration +CVE-2023-36161 (An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_ ...) + NOT-FOR-US: Qubo +CVE-2023-36140 (In PHPJabbers Cleaning Business Software 1.0, there is no encryption o ...) + NOT-FOR-US: PHPJabbers +CVE-2023-31468 (An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime ...) + NOT-FOR-US: Inosoft +CVE-2023-2705 (The gAppointments WordPress plugin before 1.10.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4816 (A vulnerability exists in the Equipment Tag Out authentication, when c ...) + NOT-FOR-US: Hitachi +CVE-2023-42471 (The wave.ai.browser application through 1.0.35 for Android allows a re ...) + NOT-FOR-US: wave.ai.browser application +CVE-2023-42470 (The Imou Life com.mm.android.smartlifeiot application through 6.8.0 fo ...) + NOT-FOR-US: Imou Life com.mm.android.smartlifeiot application +CVE-2023-42467 (QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset ...) + - qemu 1:8.1.1+ds-1 (bug #1051899) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u3 + [bullseye] - qemu (Minor issue) + [buster] - qemu (Minor issue) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1813 +CVE-2023-40040 (An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" ...) + NOT-FOR-US: MyCrops HiGrade "THC Testing & Cannabi" application +CVE-2023-40039 (An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. ...) + NOT-FOR-US: ARRIS TG852G, TG862G, and TG1672G devices +CVE-2023-35845 (Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certifica ...) + NOT-FOR-US: Anaconda Python +CVE-2023-4879 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) + NOT-FOR-US: icms2 +CVE-2023-4878 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...) + NOT-FOR-US: icms2 +CVE-2023-4877 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: hamza417/inure +CVE-2023-4876 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: hamza417/inure +CVE-2023-4873 (A vulnerability, which was classified as critical, was found in Beijin ...) + NOT-FOR-US: eijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform +CVE-2023-4872 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Contact Manager App +CVE-2023-4871 (A vulnerability classified as critical was found in SourceCodester Con ...) + NOT-FOR-US: SourceCodester Contact Manager App +CVE-2023-4870 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Contact Manager App +CVE-2023-4869 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...) + NOT-FOR-US: SourceCodester Contact Manager App +CVE-2023-4868 (A vulnerability was found in SourceCodester Contact Manager App 1.0. I ...) + NOT-FOR-US: SourceCodester Contact Manager App +CVE-2023-4867 (A vulnerability was found in Xintian Smart Table Integrated Management ...) + NOT-FOR-US: Xintian Smart Table Integrated Management System +CVE-2023-4866 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-4865 (A vulnerability has been found in SourceCodester Take-Note App 1.0 and ...) + NOT-FOR-US: SourceCodester Take-Note App +CVE-2023-4864 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Take-Note App +CVE-2023-41915 (OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to ...) + {DSA-5547-1 DLA-3643-1} + - pmix 5.0.1-1 (bug #1051729) + NOTE: https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f (v4.2.6) + NOTE: https://github.com/openpmix/openpmix/commit/0bf9801a3017eb6ca411e158da39570ccb998c17 (v5.0.1) +CVE-2023-4875 (Null pointer dereference when composing from a specially crafted draft ...) + {DSA-5494-1 DLA-3574-1} + - mutt 2.2.12-0.1 (bug #1051563) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/4cc3128abdf52c615911589394a03271fddeefc6 (mutt-2-2-12-rel) + NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html + NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 +CVE-2023-4874 (Null pointer dereference when viewing a specially crafted email in Mut ...) + {DSA-5494-1 DLA-3574-1} + - mutt 2.2.12-0.1 (bug #1051563) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/452ee330e094bfc7c9a68555e5152b1826534555 (mutt-2-2-12-rel) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/a4752eb0ae0a521eec02e59e51ae5daedf74fda0 (mutt-2-2-12-rel) + NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20230904/000056.html + NOTE: https://www.openwall.com/lists/oss-security/2023/09/09/1 +CVE-2023-4852 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) + NOT-FOR-US: IBOS OA +CVE-2023-4851 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) + NOT-FOR-US: IBOS OA +CVE-2023-4850 (A vulnerability, which was classified as critical, was found in IBOS O ...) + NOT-FOR-US: IBOS OA +CVE-2023-4849 (A vulnerability, which was classified as critical, has been found in I ...) + NOT-FOR-US: IBOS OA +CVE-2023-4848 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester Simple Book Catalog App +CVE-2023-4847 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Simple Book Catalog App +CVE-2023-4846 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) + NOT-FOR-US: SourceCodester Simple Membership System +CVE-2023-4845 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) + NOT-FOR-US: SourceCodester Simple Membership System +CVE-2023-4844 (A vulnerability was found in SourceCodester Simple Membership System 1 ...) + NOT-FOR-US: SourceCodester Simple Membership System +CVE-2023-4838 (The Simple Download Counter plugin for WordPress is vulnerable to Stor ...) + NOT-FOR-US: Simple Download Counter plugin for WordPress +CVE-2023-42278 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) + NOT-FOR-US: Hutool +CVE-2023-42277 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) + NOT-FOR-US: Hutool +CVE-2023-42276 (hutool v5.8.21 was discovered to contain a buffer overflow via the com ...) + NOT-FOR-US: Hutool +CVE-2023-41564 (An arbitrary file upload vulnerability in the Upload Asset function of ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-40306 (SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps ...) + NOT-FOR-US: SAP +CVE-2023-4853 (A flaw was found in Quarkus where HTTP security policies are not sanit ...) + NOT-FOR-US: Quarkus +CVE-2023-4843 (Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection ...) + NOT-FOR-US: Pega Platform +CVE-2023-4782 (Terraform version 1.0.8 through 1.5.6 allows arbitrary file write duri ...) + - terraform (bug #808940) +CVE-2023-4777 (An incorrect permission check in Qualys Container Scanning Connector P ...) + NOT-FOR-US: Qualys Container Scanning Connector Plugin +CVE-2023-42268 (Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: JeecgBoot +CVE-2023-41578 (Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file re ...) + NOT-FOR-US: JeecgBoot +CVE-2023-41575 (Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/s ...) + NOT-FOR-US: Blood Bank & Donor Management +CVE-2023-41338 (Fiber is an Express inspired web framework built in the go language. V ...) + NOT-FOR-US: Fiber +CVE-2023-41318 (matrix-media-repo is a highly customizable multi-domain media reposito ...) + NOT-FOR-US: matrix-media-repo +CVE-2023-40924 (SolarView Compact < 6.00 is vulnerable to Directory Traversal.) + NOT-FOR-US: SolarView Compact +CVE-2023-39712 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39676 (FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contai ...) + NOT-FOR-US: SimpleImportProduct Prestashop Module +CVE-2023-39584 (Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file re ...) + NOT-FOR-US: Hexo +CVE-2023-39076 (Injecting random data into the USB memory area on a General Motors (GM ...) + NOT-FOR-US: General Motors (GM) Chevrolet Equinox +CVE-2023-38736 (IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run ...) + NOT-FOR-US: IBM +CVE-2023-32332 (IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management ...) + NOT-FOR-US: IBM +CVE-2023-4807 (Issue summary: The POLY1305 MAC (message authentication code) implemen ...) + - openssl (Windows-specific) + NOTE: https://www.openssl.org/news/secadv/20230908.txt +CVE-2023-41775 (Improper access control vulnerability in 'direct' Desktop App for macO ...) + NOT-FOR-US: direct Desktop App for macOS +CVE-2023-41646 (Buttercup v2.20.3 allows attackers to obtain the hash of the master pa ...) + NOT-FOR-US: Buttercup +CVE-2023-41615 (Zoo Management System v1.0 was discovered to contain multiple SQL inje ...) + NOT-FOR-US: Zoo Management System +CVE-2023-41594 (Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discove ...) + NOT-FOR-US: Dairy Farm Shop Management System +CVE-2023-41161 (Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin ...) + NOT-FOR-US: Usermin +CVE-2023-40953 (icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: icms +CVE-2023-40584 (Argo CD is a declarative continuous deployment for Kubernetes. All ver ...) + NOT-FOR-US: Argo CD +CVE-2023-40353 (An issue was discovered in Exynos Mobile Processor 980 and 2100. An in ...) + NOT-FOR-US: Samsung +CVE-2023-40271 (In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate ...) + NOT-FOR-US: Trusted Firmware-M (TF-M) +CVE-2023-40029 (Argo CD is a declarative continuous deployment for Kubernetes. Argo CD ...) + NOT-FOR-US: Argo CD +CVE-2023-39620 (An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru ...) + NOT-FOR-US: Buffalo +CVE-2023-37759 (Incorrect access control in the User Registration page of Crypto Curre ...) + NOT-FOR-US: Crypto Currency Tracker +CVE-2023-37377 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) + NOT-FOR-US: Samsung +CVE-2023-37368 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-37367 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-36184 (CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack o ...) + NOT-FOR-US: CMysten Labs Sui +CVE-2023-34041 (Cloud foundry routing release versions prior to 0.278.0 are vulnerable ...) + NOT-FOR-US: Cloud foundry routing +CVE-2023-32470 (Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure O ...) + NOT-FOR-US: Dell +CVE-2023-4685 (Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0. ...) + NOT-FOR-US: Delta Electronics +CVE-2023-4528 (Unsafe deserialization in JSCAPE MFT Server versions prior to2023.1.9 ...) + NOT-FOR-US: JSCAPE MFT Server +CVE-2023-41316 (Tolgee is an open-source localization platform. Due to lack of validat ...) + NOT-FOR-US: Tolgee +CVE-2023-41064 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-41061 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-40942 (Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-40060 (A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix ...) + NOT-FOR-US: SolarWinds Serv-U +CVE-2023-3747 (Zero Trust Administrators have the ability to disallow end users from ...) + NOT-FOR-US: Cloudflare Warp +CVE-2023-39711 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39424 (A vulnerability inRDPngFileUpload.dll, as used in theIRM Next Generati ...) + NOT-FOR-US: IRM Next Generation booking system +CVE-2023-39423 (The RDPData.dll file exposes the/irmdata/api/common endpoint that hand ...) + NOT-FOR-US: Bitdefender +CVE-2023-39422 (The/irmdata/api/ endpoints exposed by theIRM Next Generation booking e ...) + NOT-FOR-US: Bitdefender +CVE-2023-39421 (The RDPWin.dll component as used in the IRM Next Generation booking en ...) + NOT-FOR-US: Bitdefender +CVE-2023-39420 (The RDPCore.dll component as used in the IRM Next Generation booking e ...) + NOT-FOR-US: Bitdefender +CVE-2023-37798 (A stored cross-site scripting (XSS) vulnerability in the new REDCap pr ...) + NOT-FOR-US: Vanderbilt REDCap +CVE-2023-36635 (An improper access control in Fortinet FortiSwitchManager version 7.2. ...) + NOT-FOR-US: FortiGuard +CVE-2023-4815 (Missing Authentication for Critical Function in GitHub repository answ ...) + NOT-FOR-US: answerdev/answer +CVE-2023-4792 (The Duplicate Post Page Menu & Custom Post Type plugin for WordPress i ...) + NOT-FOR-US: Duplicate Post Page Menu & Custom Post Type plugin for WordPress +CVE-2023-4772 (The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Newsletter plugin for WordPress +CVE-2023-41329 (WireMock is a tool for mocking HTTP services. The proxy mode of WireMo ...) + NOT-FOR-US: WireMock +CVE-2023-41327 (WireMock is a tool for mocking HTTP services. WireMock can be configur ...) + NOT-FOR-US: WireMock +CVE-2023-41053 (Redis is an in-memory database that persists on disk. Redis does not c ...) + - redis 5:7.0.13-1 (bug #1051512) + [bookworm] - redis (Minor issue) + [bullseye] - redis (Vulnerable code introduced later) + [buster] - redis (Vulnerable code introduced later) + NOTE: Introduced after: https://github.com/redis/redis/commit/55c81f2cd3da82f9f570000875e006b9046ddef3 (7.0-rc1) + NOTE: Fixed by: https://github.com/redis/redis/commit/9e505e6cd842338424e05883521ca1fb7d0f47f6 (7.2.1) + NOTE: Fixed by: https://github.com/redis/redis/commit/0f14d3279212e1b262869b6160db87d6f117cff5 (7.0.13) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-q4jr-5p56-4xwc +CVE-2023-40397 (The issue was addressed with improved checks. This issue is fixed in m ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0008.html +CVE-2023-40392 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-39967 (WireMock is a tool for mocking HTTP services. When certain request URL ...) + NOT-FOR-US: WireMock +CVE-2023-39956 (Electron is a framework which lets you write cross-platform desktop ap ...) + - electron (bug #842420) +CVE-2023-39240 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...) + NOT-FOR-US: ASUS +CVE-2023-39239 (It is identified a format string vulnerability in ASUS RT-AX56U V2\u20 ...) + NOT-FOR-US: ASUS +CVE-2023-39238 (It is identified a format string vulnerability in ASUS RT-AX56U V2. Th ...) + NOT-FOR-US: ASUS +CVE-2023-39237 (ASUS RT-AC86U Traffic Analyzer - Apps analysis function has insufficie ...) + NOT-FOR-US: ASUS +CVE-2023-39236 (ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient f ...) + NOT-FOR-US: ASUS +CVE-2023-38616 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2023-38605 (This issue was addressed with improved redaction of sensitive informat ...) + NOT-FOR-US: Apple +CVE-2023-38033 (ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has in ...) + NOT-FOR-US: ASUS +CVE-2023-38032 (ASUS RT-AC86U AiProtection security- related function has insufficient ...) + NOT-FOR-US: ASUS +CVE-2023-38031 (ASUS RT-AC86U Adaptive QoS - Web History function has insufficient fil ...) + NOT-FOR-US: ASUS +CVE-2023-34357 (Soar Cloud Ltd. HR Portal has a weak Password Recovery Mechanism for F ...) + NOT-FOR-US: Soar Cloud Ltd. HR Portal +CVE-2023-4809 (In pf packet processing with a 'scrub fragment reassemble' rule, a pac ...) + NOT-FOR-US: FreeBSD +CVE-2023-4634 (The Media Library Assistant plugin for WordPress is vulnerable to Loca ...) + NOT-FOR-US: Media Library Assistant plugin for WordPress +CVE-2023-4623 (A use-after-free vulnerability in the Linux kernel's net/sched: sch_hf ...) + {DLA-3623-1} + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/b3d26c5702c7d6c45456326e56d2ccf3f103e60f +CVE-2023-4622 (A use-after-free vulnerability in the Linux kernel's af_unix component ...) + {DSA-5492-1 DLA-3623-1} + - linux 6.4.13-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c +CVE-2023-4621 + REJECTED +CVE-2023-4589 (Insufficient verification of data authenticity vulnerability in Deline ...) + NOT-FOR-US: Delinea Secret Server +CVE-2023-4588 (File accessibility vulnerability in Delinea Secret Server, in its v10. ...) + NOT-FOR-US: Delinea Secret Server +CVE-2023-4498 (Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access ...) + NOT-FOR-US: Tenda +CVE-2023-4244 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + {DLA-3623-1} + - linux 6.4.13-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://lore.kernel.org/netdev/20230810070830.24064-1-pablo@netfilter.org/ + NOTE: https://lore.kernel.org/netdev/20230815223011.7019-1-fw@strlen.de/ + NOTE: https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8 +CVE-2023-4208 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 (6.5-rc5) +CVE-2023-4207 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/76e42ae831991c828cffa8c37736ebfb831ad5ec (6.5-rc5) +CVE-2023-4206 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_ro ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 (6.5-rc5) +CVE-2023-41601 (Multiple cross-site scripting (XSS) vulnerabilities in install/index.p ...) + NOT-FOR-US: CSZ CMS +CVE-2023-41330 (knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PD ...) + NOT-FOR-US: knplabs/knp-snappy +CVE-2023-41328 (Frappe is a low code web framework written in Python and Javascript. A ...) + NOT-FOR-US: Frappe Framework +CVE-2023-41319 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-41150 (F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scrip ...) + NOT-FOR-US: F-RevoCRM +CVE-2023-41149 (F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injecti ...) + NOT-FOR-US: F-RevoCRM +CVE-2023-41050 (AccessControl provides a general security framework for use in Zope. P ...) + NOT-FOR-US: Zope +CVE-2023-40601 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40591 (go-ethereum (geth) is a golang execution layer implementation of the E ...) + - golang-github-go-ethereum (bug #890541) +CVE-2023-40560 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Greg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40554 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blog2Soc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40553 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Plausibl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40552 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gurc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40531 (Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 B ...) + NOT-FOR-US: Archer AX6000 firmware +CVE-2023-40357 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...) + NOT-FOR-US: TP-Link +CVE-2023-40329 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPZe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Carr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40193 (Deco M4 firmware versions prior to 'Deco M4(JP)_V2_1.5.8 Build 2023061 ...) + NOT-FOR-US: Deco M4 firmware +CVE-2023-40007 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ujwo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39935 (Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' a ...) + NOT-FOR-US: Archer C5400 firmware +CVE-2023-39511 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-5hpr-4hhc-8q42 + NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e (release/1.2.25) + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/9d3495abdc86f40bc7fa9767fcf0136db5b6179a (release/1.2.20) +CVE-2023-39265 (Apache Superset would allow for SQLite database connections to be inco ...) + NOT-FOR-US: Apache Superset +CVE-2023-39264 (By default, stack traces for errors were enabled, which resulted in th ...) + NOT-FOR-US: Apache Superset +CVE-2023-39224 (Archer C5 firmware all versions and Archer C7 firmware versions prior ...) + NOT-FOR-US: Archer +CVE-2023-38588 (Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' a ...) + NOT-FOR-US: Archer +CVE-2023-38568 (Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allow ...) + NOT-FOR-US: Archer +CVE-2023-38563 (Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' a ...) + NOT-FOR-US: Archer +CVE-2023-38486 (A vulnerability in the secure boot implementation on affectedAruba 920 ...) + NOT-FOR-US: Aruba +CVE-2023-38485 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...) + NOT-FOR-US: Aruba +CVE-2023-38484 (Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 900 ...) + NOT-FOR-US: Aruba +CVE-2023-37941 (If an attacker gains write access to the Apache Superset metadata data ...) + NOT-FOR-US: Apache Superset +CVE-2023-37284 (Improper authentication vulnerability in Archer C20 firmware versions ...) + NOT-FOR-US: Archer +CVE-2023-36489 (Multiple TP-LINK products allow a network-adjacent unauthenticated att ...) + NOT-FOR-US: TP-Link +CVE-2023-36388 (Improper REST API permission in Apache Superset up to and including 2. ...) + NOT-FOR-US: Apache Superset +CVE-2023-36387 (An improper default REST API permission for Gamma users in Apache Supe ...) + NOT-FOR-US: Apache Superset +CVE-2023-32672 (An Incorrect authorisation check in SQLLab in Apache Superset versions ...) + NOT-FOR-US: Apache Superset +CVE-2023-32619 (Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and A ...) + NOT-FOR-US: Archer +CVE-2023-31188 (Multiple TP-LINK products allow a network-adjacent authenticated attac ...) + NOT-FOR-US: TP-Link +CVE-2023-41947 (A missing permission check in Jenkins Frugal Testing Plugin 1.1 and ea ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Te ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41945 (Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41944 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not esca ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41943 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perf ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41942 (A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeC ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41941 (A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41940 (Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41939 (Jenkins SSH2 Easy Plugin 1.4 and earlier does not verify that permissi ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41938 (A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41937 (Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (bo ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41936 (Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time c ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41935 (Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41934 (Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41933 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41932 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41931 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-41930 (Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-4779 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: User Submitted Posts plugin for WordPress +CVE-2023-4773 (The WordPress Social Login plugin for WordPress is vulnerable to Store ...) + NOT-FOR-US: WordPress Social Login plugin for WordPress +CVE-2023-4719 (The Simple Membership plugin for WordPress is vulnerable to Reflected ...) + NOT-FOR-US: Simple Membership plugin for WordPress +CVE-2023-4705 + REJECTED +CVE-2023-4487 (GE CIMPLICITY 2023 is by a process control vulnerability, which could ...) + NOT-FOR-US: GE CIMPLICITY +CVE-2023-4485 (ARDEREGSistema SCADA Central versions 2.203 and prior login page are v ...) + NOT-FOR-US: ARDEREG Sistema SCADA Central +CVE-2023-4310 (BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) ver ...) + NOT-FOR-US: BeyondTrust +CVE-2023-41508 (A hard coded password in Super Store Finder v3.6 allows attackers to a ...) + NOT-FOR-US: Super Store Finder +CVE-2023-41507 (Super Store Finder v3.6 was discovered to contain multiple SQL injecti ...) + NOT-FOR-US: Super Store Finder +CVE-2023-3472 (Use after free vulnerability in Panasonic KW Watcher versions 1.00 thr ...) + NOT-FOR-US: Panasonic +CVE-2023-3471 (Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 th ...) + NOT-FOR-US: Panasonic +CVE-2023-35719 (ManageEngine ADSelfService Plus GINA Client Insufficient Verification ...) + NOT-FOR-US: ManageEngine ADSelfService Plus GINA Client +CVE-2023-34637 (A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFl ...) + NOT-FOR-US: IsarNet AG IsarFlow +CVE-2023-34352 (A permissions issue was addressed with improved redaction of sensitive ...) + NOT-FOR-US: Apple +CVE-2023-32438 (This issue was addressed with improved checks to prevent unauthorized ...) + NOT-FOR-US: Apple +CVE-2023-32432 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-32428 (This issue was addressed with improved file handling. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-32426 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-32425 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-32379 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-32370 (A logic issue was addressed with improved validation. This issue is fi ...) + {DSA-5396-1} + - webkit2gtk 2.40.1-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0008.html +CVE-2023-32362 (Error handling was changed to not reveal sensitive information. This i ...) + NOT-FOR-US: Apple +CVE-2023-32356 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-32163 (Wacom Drivers for Windows Link Following Local Privilege Escalation Vu ...) + NOT-FOR-US: Wacom +CVE-2023-32162 (Wacom Drivers for Windows Incorrect Permission Assignment Local Privil ...) + NOT-FOR-US: Wacom +CVE-2023-29166 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-36851 (A Missing Authentication for Critical Function vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-4781 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + {DLA-3588-1} + - vim 2:9.0.1894-1 + [bookworm] - vim (Minor issue) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883/ + NOTE: https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93 (v9.0.1873) +CVE-2023-4778 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397/ + NOTE: https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed +CVE-2023-4764 (Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845. ...) + {DSA-5491-1} + - chromium 116.0.5845.180-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4763 (Use after free in Networks in Google Chrome prior to 116.0.5845.179 al ...) + {DSA-5491-1} + - chromium 116.0.5845.180-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4762 (Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed ...) + {DSA-5491-1} + - chromium 116.0.5845.180-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4761 (Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5 ...) + {DSA-5491-1} + - chromium 116.0.5845.180-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4531 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Mestav Software E-commerce Software +CVE-2023-4480 (Due to an out-of-date dependency in the \u201cFusion File Manager\u201 ...) + NOT-FOR-US: PHP-Fusion +CVE-2023-4178 (Authentication Bypass by Spoofing vulnerability in Neutron Neutron Sma ...) + NOT-FOR-US: Neutron Smart VMS +CVE-2023-4034 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Digita Information Technology Smartrise Document Management System +CVE-2023-41317 (The Apollo Router is a configurable, high-performance graph router wri ...) + NOT-FOR-US: Apollo Router +CVE-2023-41108 (TEF portal 2023-07-17 is vulnerable to authenticated remote code execu ...) + NOT-FOR-US: TEF portal +CVE-2023-41107 (TEF portal 2023-07-17 is vulnerable to a persistent cross site scripti ...) + NOT-FOR-US: TEF portal +CVE-2023-41012 (An issue in China Mobile Communications China Mobile Intelligent Home ...) + NOT-FOR-US: China Mobile Communications China Mobile Intelligent Home Gateway +CVE-2023-41009 (File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote a ...) + NOT-FOR-US: bolo-solo +CVE-2023-40918 (KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unautho ...) + NOT-FOR-US: KnowStreaming +CVE-2023-3616 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Mava Software Hotel Management System +CVE-2023-3375 (Unrestricted Upload of File with Dangerous Type vulnerability in Unisi ...) + NOT-FOR-US: Bookreen +CVE-2023-3374 (Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen ...) + NOT-FOR-US: Bookreen +CVE-2023-39681 (Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Cuppa CMS +CVE-2023-39654 (abupy up to v0.4.0 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: abupy +CVE-2023-39598 (Cross Site Scripting vulnerability in IceWarp Corporation WebClient v. ...) + NOT-FOR-US: IceWarp +CVE-2023-39516 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-r8qq-88g3-hmgv + NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e +CVE-2023-39515 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h + NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e +CVE-2023-39514 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6hrc-2cfc-8hm7 + NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17) +CVE-2023-39513 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti (Minor issue) + [bullseye] - cacti (Minor issue) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-9fj7-8f2j-2rw2 + NOTE: Initial fix: https://github.com/Cacti/cacti/commit/976f44dd8dfb2410e0dba00de9c4bbca17ee8910 (release/1.2.25) + NOTE: Final fix: https://github.com/Cacti/cacti/commit/23abb0e0a9729bd056b56f4fb5a6fc8e7ebda523 (release/1.2.25) +CVE-2023-39512 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-vqcc-5v63-g9q7 + NOTE: https://github.com/Cacti/cacti/commit/8d8aeec0eca3be7b10a12e6c2a78e6560bcef43e + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/75c147b70493d188ad85313569f86e33e13988b2 (release/1.2.17) +CVE-2023-39510 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-24w4-4hp2-3j8h + NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20) +CVE-2023-39366 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rwhh-xxm6-vcrv + NOTE: https://github.com/Cacti/cacti/commit/c67daa614d91c8592b8792298da8e3aa017c4009 + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/befc9005e99fdb44aa4b09b87fadced2f21539a6 (release/1.2.20) +CVE-2023-39365 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-v5w7-hww7-2f22 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1499/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1500/ + NOTE: https://github.com/cacti/cacti/commit/f775c115e9d6e4b6a326eee682af8afebc43f20e +CVE-2023-39364 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4pjv-rmrp-r59x + NOTE: https://github.com/Cacti/cacti/commit/05bf9dd89d056c7de9591396d92b25ddf140c0da +CVE-2023-39362 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-g6ff-58cj-x3cp + NOTE: https://github.com/cacti/cacti/commit/cb9ab92f2580fc6cb9b64ce129655fb15e35d056 + NOTE: https://github.com/Cacti/cacti/commit/ca5a66ceace19a565cae61b484064a06c7b0c3c1 +CVE-2023-39361 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6r43-q2fw-5wrg + NOTE: https://github.com/cacti/cacti/commit/4246aee6310846d0e106bd05279e54fff3765822 +CVE-2023-39360 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gx8c-xvjh-9qh4 + NOTE: https://github.com/cacti/cacti/commit/9696bbd8060c7332b11b709f4dd17e6c3776bba2 (release/1.2.25) + NOTE: https://github.com/cacti/cacti/commit/bc6dc996745ef0dee3427178c8d87a6402f3fefa (release/1.2.25) + NOTE: Introduced by: https://github.com/cacti/cacti/commit/bf292d5d57c2afa108f65198074cd82a40c13fd3 (release/1.2.17) +CVE-2023-39359 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-q4wh-3f9w-836h + NOTE: https://github.com/cacti/cacti/commit/7459ff57abcd97ab8bc7a19de9e308ca62c17d38 +CVE-2023-39358 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti 1.2.24+ds1-1+deb12u1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-gj95-7xr8-9p7g + NOTE: https://github.com/cacti/cacti/commit/318c377180039b22970f1f6636aa586d3b84c44d + NOTE: https://github.com/cacti/cacti/commit/58a2df17c94fda1cdae74613153524ad1a6aae82 + NOTE: Introduced by: https://github.com/cacti/cacti/commit/26e2dbacf298265ce9e517f6f1f008ec46167b5d (release/1.2.20) +CVE-2023-39357 (Cacti is an open source operational monitoring and fault management fr ...) + {DSA-5550-1} + - cacti 1.2.25+ds1-1 + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6jhp-mgqg-fhqg + NOTE: https://github.com/cacti/cacti/commit/21f6b5c9238b3e8c83f2c9295374d96eb104f21d +CVE-2023-36361 (Audimexee v14.1.7 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Audimexee +CVE-2023-35124 (An information disclosure vulnerability exists in the OAS Engine confi ...) + NOT-FOR-US: OAS Engine +CVE-2023-35072 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Coyav Travel Proagent +CVE-2023-35068 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: BMA Personnel Tracking System +CVE-2023-35065 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Paint Production Management +CVE-2023-34998 (An authentication bypass vulnerability exists in the OAS Engine functi ...) + NOT-FOR-US: OAS Engine +CVE-2023-34994 (An improper resource allocation vulnerability exists in the OAS Engine ...) + NOT-FOR-US: OAS Engine +CVE-2023-34353 (An authentication bypass vulnerability exists in the OAS Engine authen ...) + NOT-FOR-US: OAS Engine +CVE-2023-34317 (An improper input validation vulnerability exists in the OAS Engine Us ...) + NOT-FOR-US: OAS Engine +CVE-2023-32615 (A file write vulnerability exists in the OAS Engine configuration func ...) + NOT-FOR-US: OAS Engine +CVE-2023-32271 (An information disclosure vulnerability exists in the OAS Engine confi ...) + NOT-FOR-US: OAS Engine +CVE-2023-32086 + REJECTED +CVE-2023-31242 (An authentication bypass vulnerability exists in the OAS Engine functi ...) + NOT-FOR-US: OAS Engine +CVE-2023-2453 (There is insufficient sanitization of tainted file names that are dire ...) + NOT-FOR-US: PHP-Fusion +CVE-2023-40743 (** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an ...) + {DLA-3622-1} + - axis 1.4-29 (bug #1051288) + [bookworm] - axis 1.4-28+deb12u1 + [bullseye] - axis (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/05/1 + NOTE: https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 +CVE-2023-34322 [top-level shadow reference dropped too early for 64-bit PV guests] + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-438.html +CVE-2023-34321 [arm32: The cache may not be properly cleaned/invalidated] + - xen 4.17.2+55-g0b56bed864-1 (bug #1051954) + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-437.html +CVE-2023-4758 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/193633b1648582444fc99776cd741d7ba0125e86 + NOTE: https://huntr.dev/bounties/2f496261-1090-45ac-bc89-cc93c82090d6 +CVE-2023-4756 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/6914d016e2b540bac2c471c4aea156ddef8e8e01 + NOTE: https://huntr.dev/bounties/2342da0e-f097-4ce7-bfdc-3ec0ba446e05 +CVE-2023-4755 (Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/895ac12da168435eb8db3f96978ffa4c69d66c3a + NOTE: https://huntr.dev/bounties/463474b7-a4e8-42b6-8b30-e648a77ee6b3 +CVE-2023-4754 (Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/7e2e92feb1b30fac1d659f6620d743b5a188ffe0 + NOTE: https://huntr.dev/bounties/b7ed24ad-7d0b-40b7-8f4d-3c18a906620c +CVE-2023-4752 (Use After Free in GitHub repository vim/vim prior to 9.0.1858.) + {DLA-3588-1} + - vim 2:9.0.1894-1 + [bookworm] - vim (Minor issue) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757/ + NOTE: https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139 (v9.0.1858) +CVE-2023-4750 (Use After Free in GitHub repository vim/vim prior to 9.0.1857.) + - vim 2:9.0.1894-1 (unimportant) + NOTE: https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea/ + NOTE: https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed (v9.0.1857) + NOTE: Crash in CLI tool, no security impact +CVE-2023-4748 (A vulnerability, which was classified as critical, has been found in Y ...) + NOT-FOR-US: Yongyou UFIDA-NC +CVE-2023-4733 (Use After Free in GitHub repository vim/vim prior to 9.0.1840.) + - vim 2:9.0.1894-1 (unimportant) + NOTE: https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217/ + NOTE: https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c (v9.0.1840) + NOTE: Crash in CLI tool, no security impact +CVE-2023-4636 (The WordPress File Sharing Plugin plugin for WordPress is vulnerable t ...) + NOT-FOR-US: WordPress File Sharing Plugin plugin for WordPress +CVE-2023-4616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: LG +CVE-2023-4615 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: LG +CVE-2023-4614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: LG +CVE-2023-4613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: LG +CVE-2023-4587 (An IDOR vulnerability has been found in ZKTeco ZEM800 product affectin ...) + NOT-FOR-US: ZKTeco ZEM800 product +CVE-2023-4540 (Improper Handling of Exceptional Conditions vulnerability in Daurnimat ...) + - lua-http (bug #1051511) + [bookworm] - lua-http (Minor issue) + [bullseye] - lua-http (Minor issue) + [buster] - lua-http (Minor issue) + NOTE: Fixed by: https://github.com/daurnimator/lua-http/commit/ddab2835c583d45dec62680ca8d3cbde55e0bae6 +CVE-2023-4298 (The 123.chat WordPress plugin before 1.3.1 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4284 (The Post Timeline WordPress plugin before 2.2.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4279 (This User Activity Log WordPress plugin before 1.6.7 retrieves client ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4269 (The User Activity Log WordPress plugin before 1.6.6 lacks proper autho ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4254 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4253 (The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4216 (The Orders Tracking for WooCommerce WordPress plugin before 1.2.6 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4151 (The Store Locator WordPress plugin before 1.4.13 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4059 (The Profile Builder WordPress plugin before 3.9.8 lacks authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4019 (The Media from FTP WordPress plugin before 11.17 does not properly lim ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41910 (An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU ...) + {DSA-5505-1 DLA-3578-1} + - lldpd 1.0.17-1 + NOTE: Fixed by: https://github.com/lldpd/lldpd/commit/a9aeabdf879c25c584852a0bb5523837632f099b (1.0.17) +CVE-2023-41909 (An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_f ...) + {DLA-3573-1} + - frr 8.4.4-1 + NOTE: https://github.com/FRRouting/frr/commit/cfd04dcb3e689754a72507d086ba3b9709fc5ed8 (frr-9.0) + NOTE: https://github.com/FRRouting/frr/commit/cc1a551cb007cc8ed8b1ea0605a7ab46c16de12b (frr-8.5.1) + NOTE: https://github.com/FRRouting/frr/commit/0a12b878082f77b67ad5d9b4782846ac738575a2 (frr-8.4.4) +CVE-2023-41908 (Cerebrate before 1.15 lacks the Secure attribute for the session cooki ...) + NOT-FOR-US: Cerebrate +CVE-2023-41058 (Parse Server is an open source backend server. In affected versions th ...) + NOT-FOR-US: Node parse-server +CVE-2023-41057 (hyper-bump-it is a command line tool for updating the version in proje ...) + NOT-FOR-US: hyper-bump-it +CVE-2023-41055 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...) + NOT-FOR-US: LibreY +CVE-2023-41054 (LibreY is a fork of LibreX, a framework-less and javascript-free priva ...) + NOT-FOR-US: LibreY +CVE-2023-41052 (Vyper is a Pythonic Smart Contract Language. In affected versions the ...) + NOT-FOR-US: Vyper +CVE-2023-40937 + REJECTED +CVE-2023-40936 + REJECTED +CVE-2023-40705 (Stored cross-site scripting vulnerability in Map setting page of VI We ...) + NOT-FOR-US: VI Web Client +CVE-2023-40535 (Stored cross-site scripting vulnerability in View setting page of VI W ...) + NOT-FOR-US: VI Web Client +CVE-2023-40214 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vathemes ...) + NOT-FOR-US: WordPress theme +CVE-2023-40208 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aleksand ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40206 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in hwk- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40205 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pixelgra ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40197 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40196 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40015 (Vyper is a Pythonic Smart Contract Language. For the following (probab ...) + NOT-FOR-US: Vyper +CVE-2023-3814 (The Advanced File Manager WordPress plugin before 5.1.1 does not adequ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3499 (The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3222 (Vulnerability in the password recovery mechanism of Password Recovery ...) + NOT-FOR-US: Roundcube plugin +CVE-2023-3221 (User enumeration vulnerability in Password Recovery plugin 1.2 version ...) + NOT-FOR-US: Roundcube plugin +CVE-2023-39992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in vCita.Co ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39991 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Blindsid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39988 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39938 (Reflected cross-site scripting vulnerability in VI Web Client prior to ...) + NOT-FOR-US: VI Web Client +CVE-2023-39919 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in maen ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SAASPROJ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39448 (Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a r ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-39164 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39162 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XLPlugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38574 (Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a r ...) + NOT-FOR-US: VI Web Client +CVE-2023-38569 (Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18. ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-37393 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Atar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36492 (Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1. ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-36382 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36308 (disintegration Imaging 1.6.2 allows attackers to cause a panic (becaus ...) + NOT-FOR-US: disintegration Imaging +CVE-2023-36307 (ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer ...) + NOT-FOR-US: ZPLGFA +CVE-2023-35906 (IBM Aspera Faspex 5.0.5 could allow a remote attacked to bypass IP res ...) + NOT-FOR-US: IBM +CVE-2023-35892 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2023-33021 (Memory corruption in Graphics while processing user packets for comman ...) + NOT-FOR-US: Qualcomm +CVE-2023-33020 (Transient DOS in WLAN Host when an invalid channel (like channel out o ...) + NOT-FOR-US: Qualcomm +CVE-2023-33019 (Transient DOS in WLAN Host while doing channel switch announcement (CS ...) + NOT-FOR-US: Qualcomm +CVE-2023-33016 (Transient DOS in WLAN firmware while parsing MLO (multi-link operation ...) + NOT-FOR-US: Qualcomm +CVE-2023-33015 (Transient DOS in WLAN Firmware while interpreting MBSSID IE of a recei ...) + NOT-FOR-US: Qualcomm +CVE-2023-32578 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32338 (IBM Sterling Secure Proxy and IBM Sterling External Authentication Ser ...) + NOT-FOR-US: IBM +CVE-2023-32296 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kangu pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32102 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2813 (All of the above Aapna WordPress theme through 1.3, Anand WordPress th ...) + NOT-FOR-US: WordPress theme +CVE-2023-41164 (In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, ...) + {DLA-3558-1} + - python-django 3:3.2.21-1 (bug #1051226) + [bookworm] - python-django (Minor issue, fix along in future update) + [bullseye] - python-django (Minor issue, fix along in future update) + NOTE: https://www.openwall.com/lists/oss-security/2023/09/04/1 + NOTE: https://www.djangoproject.com/weblog/2023/sep/04/security-releases/ + NOTE: https://github.com/django/django/commit/3f41d6d62929dfe53eda8109b3b836f26645bdce (main) + NOTE: https://github.com/django/django/commit/9c51b4dcfa0cefcb48231f4d71cafa80821f87b9 (4.2.5) + NOTE: https://github.com/django/django/commit/6f030b1149bd8fa4ba90452e77cb3edc095ce54e (3.2.21) +CVE-2023-4015 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux (Vulnerable code not in a Debian released version) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0a771f7b266b02d262900c75f1e175c7fe76fec2 (6.5-rc4) +CVE-2023-3777 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux 5.10.191-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8 (6.5-rc3) +CVE-2023-4749 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4747 (A vulnerability classified as critical was found in DedeCMS 5.7.110. T ...) + NOT-FOR-US: DedeCMS +CVE-2023-4746 (A vulnerability classified as critical has been found in TOTOLINK N200 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-4745 (A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service ...) + NOT-FOR-US: Beijing Baichuo Smart S45F Multi-Service ecure Gateway Intelligent Management Platform +CVE-2023-4744 (A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. It has be ...) + NOT-FOR-US: Tenda +CVE-2023-4743 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been clas ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-4742 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) + NOT-FOR-US: IBOS OA +CVE-2023-4741 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) + NOT-FOR-US: IBOS OA +CVE-2023-38554 (In wcn bsp driver, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2023-38553 (In gnss service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2023-38468 (In urild service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2023-38467 (In urild service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2023-38466 (In ims service, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2023-38465 (In ims service, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2023-38464 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38463 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38462 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38461 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38460 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38459 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38458 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38457 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38456 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38455 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38454 (In vowifi service, there is a possible missing permission check.This c ...) + NOT-FOR-US: Unisoc +CVE-2023-38453 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38452 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38451 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38450 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38449 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38448 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38447 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38446 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38445 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38444 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38443 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38442 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38441 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38440 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38439 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38438 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38437 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-38436 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-33918 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-33917 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-33916 (In vowifiservice, there is a possible missing permission check.This co ...) + NOT-FOR-US: Unisoc +CVE-2023-33915 (In LTE protocol stack, there is a possible missing permission check. T ...) + NOT-FOR-US: Unisoc +CVE-2023-33914 (In NIA0 algorithm in Security Mode Command, there is a possible missin ...) + NOT-FOR-US: Unisoc +CVE-2023-32817 (In gnss service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2023-32816 (In gnss service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2023-32815 (In gnss service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2023-32814 (In gnss service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2023-32813 (In gnss service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: Unisoc +CVE-2023-32812 (In gnss service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: Unisoc +CVE-2023-32811 (In connectivity system driver, there is a possible out of bounds write ...) + NOT-FOR-US: MediaTek +CVE-2023-32810 (In bluetooth driver, there is a possible out of bounds read due to imp ...) + NOT-FOR-US: MediaTek +CVE-2023-32809 (In bluetooth driver, there is a possible read and write access to regi ...) + NOT-FOR-US: MediaTek +CVE-2023-32808 (In bluetooth driver, there is a possible read and write access to regi ...) + NOT-FOR-US: MediaTek +CVE-2023-32807 (In wlan service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: MediaTek +CVE-2023-32806 (In wlan driver, there is a possible out of bounds write due to imprope ...) + NOT-FOR-US: MediaTek +CVE-2023-32805 (In power, there is a possible out of bounds write due to an insecure d ...) + NOT-FOR-US: MediaTek +CVE-2023-4751 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1894-1 (unimportant) + NOTE: https://github.com/vim/vim/commit/e1121b139480f53d1b06f84f3e4574048108fa0b (v9.0.1331) + NOTE: https://huntr.dev/bounties/db7be8d6-6cb7-4ae5-9c4e-805423afa378 + NOTE: Crash in CLI tool, no security impact +CVE-2023-4740 (A vulnerability, which was classified as critical, was found in IBOS O ...) + NOT-FOR-US: IBOS OA +CVE-2023-4739 (A vulnerability, which was classified as critical, has been found in B ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-3703 (Proscend Advice ICR Series routers FW version 1.76- CWE-1392: Use of D ...) + NOT-FOR-US: Proscend Advice ICR Series routers FW +CVE-2023-39374 (ForeScout NAC SecureConnector version 11.2 -CWE-427: Uncontrolled Sear ...) + NOT-FOR-US: ForeScout NAC SecureConnector +CVE-2023-39373 (A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-rep ...) + NOT-FOR-US: Hyundai +CVE-2023-39372 (StarTrinity Softswitch version 2023-02-16 -Multiple CSRF (CWE-352)) + NOT-FOR-US: StarTrinity Softswitch +CVE-2023-39371 (StarTrinity Softswitch version 2023-02-16 -Open Redirect (CWE-601)) + NOT-FOR-US: StarTrinity Softswitch +CVE-2023-39370 (StarTrinity Softswitch version 2023-02-16 -Persistent XSS (CWE-79)) + NOT-FOR-US: StarTrinity Softswitch +CVE-2023-39369 (StarTrinity Softswitch version 2023-02-16- Multiple Reflected XSS (CWE ...) + NOT-FOR-US: StarTrinity Softswitch +CVE-2023-38521 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Exif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38518 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Visu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Real ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38516 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38482 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qual ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38476 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Suit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Elas ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37222 (Farsight Tech Nordic AB ProVide version 14.5- Multiple XSS vulnerabili ...) + NOT-FOR-US: Farsight Tech Nordic AB ProVide +CVE-2023-37221 (7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page ...) + NOT-FOR-US: 7Twenty BOT +CVE-2023-37220 (Synel Terminals - CWE-494: Download of Code Without Integrity Check) + NOT-FOR-US: Synel Terminals +CVE-2023-41180 (Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C ...) + NOT-FOR-US: Apache NiFi +CVE-2023-4738 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1894-1 + [bookworm] - vim (Minor issue) + [bullseye] - vim (Minor issue) + [buster] - vim (Minor issue; intrusive and hard to backport and will need a rewrite) + NOTE: https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612/ + NOTE: https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1 (v9.0.1848) +CVE-2023-4736 (Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.) + - vim (Windows-specific) + NOTE: https://huntr.dev/bounties/e1ce0995-4df4-4dec-9cd7-3136ac3e8e71/ + NOTE: https://github.com/vim/vim/commit/816fbcc262687b81fc46f82f7bbeb1453addfe0c (v9.0.1833) +CVE-2023-4735 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.) + - vim 2:9.0.1894-1 (unimportant) + NOTE: https://huntr.dev/bounties/fc83bde3-f621-42bd-aecb-8c1ae44cba51/ + NOTE: https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57 (v9.0.1847) + NOTE: Crash in CLI tool, no security impact +CVE-2023-4734 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) + - vim 2:9.0.1894-1 (unimportant) + NOTE: https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217/ + NOTE: https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5 (v9.0.1846) + NOTE: Crash in CLI tool, no security impact +CVE-2023-39983 (A vulnerability that poses a potential risk of polluting the MXsecurit ...) + NOT-FOR-US: MXsecurity +CVE-2023-39982 (A vulnerability has been identified in MXsecurity versions prior to v1 ...) + NOT-FOR-US: MXsecurity +CVE-2023-39981 (A vulnerability that allows for unauthorized access has been discovere ...) + NOT-FOR-US: MXsecurity +CVE-2023-39980 (A vulnerability that allows the unauthorized disclosure of authenticat ...) + NOT-FOR-US: MXsecurity +CVE-2023-39979 (There is a vulnerability in MXsecurity versions prior to 1.0.1 that ca ...) + NOT-FOR-US: MXsecurity +CVE-2023-4718 (The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: Font Awesome 4 Menus plugin for WordPress +CVE-2023-4722 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/de7f3a852bef72a52825fd307cf4e8f486401a76 + NOTE: https://huntr.dev/bounties/ddfdb41d-e708-4fec-afe5-68ff1f88f830 +CVE-2023-4721 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/3ec93d73d048ed7b46fe6e9f307cc7a0cc13db63 + NOTE: https://huntr.dev/bounties/f457dc62-3cff-47bd-8fd2-1cb2b4a832fc +CVE-2023-4720 (Floating Point Comparison with Incorrect Operator in GitHub repository ...) + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/e396648e48c57e2d53988d3fd4465b068b96c89a + NOTE: https://huntr.dev/bounties/1dc2954c-8497-49fa-b2af-113e1e9381ad +CVE-2023-4714 (A vulnerability was found in PlayTube 3.0.1 and classified as problema ...) + NOT-FOR-US: PlayTube +CVE-2023-4713 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) + NOT-FOR-US: IBOS OA +CVE-2023-4712 (A vulnerability, which was classified as critical, was found in Xintia ...) + NOT-FOR-US: Xintian Smart Table Integrated Management System +CVE-2023-4711 (A vulnerability, which was classified as critical, has been found in D ...) + NOT-FOR-US: D-Link +CVE-2023-4710 (A vulnerability classified as problematic was found in TOTVS RM 12.1. ...) + NOT-FOR-US: TOTVS RM +CVE-2023-4709 (A vulnerability classified as problematic has been found in TOTVS RM 1 ...) + NOT-FOR-US: TOTVS RM +CVE-2023-4708 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been r ...) + NOT-FOR-US: Infosoftbd Clcknshop +CVE-2023-4707 (A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been d ...) + NOT-FOR-US: Infosoftbd Clcknshop +CVE-2023-4704 (External Control of System or Configuration Setting in GitHub reposito ...) + NOT-FOR-US: icms2 +CVE-2023-41633 (Catdoc v0.95 was discovered to contain a NULL pointer dereference via ...) + - catdoc (unimportant) + NOTE: https://rycbar77.github.io/2023/08/29/catdoc-0-95-nullptr-dereference/ + NOTE: https://gist.github.com/rycbar77/3da455382f88cfb6d6798572f34378bd + NOTE: Crash in CLI tool, no security impact +CVE-2023-41628 (An issue in O-RAN Software Community E2 G-Release allows attackers to ...) + NOT-FOR-US: O-RAN +CVE-2023-41627 (O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the ...) + NOT-FOR-US: O-RAN +CVE-2023-41364 (In tine through 2023.01.14.325, the sort parameter of the /index.php e ...) + NOT-FOR-US: Tine groupware +CVE-2023-41051 (In a typical Virtual Machine Monitor (VMM) there are several component ...) + - rust-vm-memory 0.12.2-1 (bug #1051101) + [bookworm] - rust-vm-memory (Minor issue) + [bullseye] - rust-vm-memory (Minor issue) + NOTE: https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g + NOTE: https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8 (v0.12.2) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0056.html +CVE-2023-41049 (@dcl/single-sign-on-client is an open source npm library which deals w ...) + NOT-FOR-US: Node @dcl/single-sign-on-client +CVE-2023-41046 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-40980 (File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before ...) + NOT-FOR-US: DWSurvey DWSurvey-OSS +CVE-2023-40970 (Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerabl ...) + NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian +CVE-2023-40969 (Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable ...) + NOT-FOR-US: Senayan Library Management Systems SLIMS 9 Bulian +CVE-2023-40968 (Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allow ...) + - timg 1.5.2-1 (bug #1051231) + [bookworm] - timg 1.4.5-1+deb12u1 + NOTE: https://github.com/hzeller/timg/issues/115 + NOTE: https://github.com/hzeller/timg/commit/2e9414e668144bbe0afc074dac17b74ef4acfdcf (v1.5.2) +CVE-2023-40771 (SQL injection vulnerability in DataEase v.1.18.9 allows a remote attac ...) + NOT-FOR-US: DataEase +CVE-2023-40239 (Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE at ...) + NOT-FOR-US: Lexmark +CVE-2023-3210 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-39714 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39710 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39703 (A cross site scripting (XSS) vulnerability in the Markdown Editor comp ...) + NOT-FOR-US: Typora +CVE-2023-39685 (An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial ...) + NOT-FOR-US: hjson-java +CVE-2023-39631 (An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker t ...) + NOT-FOR-US: LanChain-ai Langchain +CVE-2023-39582 (SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allow ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37994 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37986 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37893 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Cho ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37830 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) + NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement +CVE-2023-37829 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) + NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement +CVE-2023-37828 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) + NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement +CVE-2023-37827 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) + NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement +CVE-2023-37826 (A cross-site scripting (XSS) vulnerability in General Solutions Steine ...) + NOT-FOR-US: General Solutions Steiner GmbH CASE 3 Taskmanagement +CVE-2023-36328 (Integer Overflow vulnerability in mp_grow in libtom libtommath before ...) + - libtommath 1.2.1-1 (bug #1051100) + [bookworm] - libtommath (Minor issue) + [bullseye] - libtommath (Minor issue) + [buster] - libtommath (Minor issue) + NOTE: https://github.com/libtom/libtommath/pull/546 + NOTE: https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 (v1.2.1) +CVE-2023-36327 (Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba424 ...) + NOT-FOR-US: RELIC +CVE-2023-36326 (Integer Overflow vulnerability in RELIC before commit 34580d840469361b ...) + NOT-FOR-US: RELIC +CVE-2023-36187 (Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4. ...) + NOT-FOR-US: NETGEAR +CVE-2023-36100 (An issue was discovered in IceCMS version 2.0.1, allows attackers to e ...) + NOT-FOR-US: IceCMS +CVE-2023-36088 (Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio ...) + NOT-FOR-US: NebulaGraph Studio +CVE-2023-36076 (SQL Injection vulnerability in smanga version 3.1.9 and earlier, allow ...) + NOT-FOR-US: smanga +CVE-2023-34011 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4647 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3205 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-4018 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-4638 + - gitlab +CVE-2023-4630 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-3950 (An information disclosure issue in GitLab EE affecting all versions fr ...) + - gitlab (Specific to EE) +CVE-2023-4378 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab +CVE-2023-3915 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-40325 + - moodle +CVE-2023-40324 + - moodle +CVE-2023-40323 + - moodle +CVE-2023-40322 + - moodle +CVE-2023-40321 + - moodle +CVE-2023-40320 + - moodle +CVE-2023-40319 + - moodle +CVE-2023-40318 + - moodle +CVE-2023-40317 + - moodle +CVE-2023-40316 + - moodle +CVE-2023-38037 [Active Support Possibly Discloses Locally Encrypted Files] + - rails (bug #1051057) + [bookworm] - rails (Minor issue) + [bullseye] - rails (Minor issue) + NOTE: https://github.com/advisories/GHSA-cr5q-6q9f-rq6q + NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activesupport/CVE-2023-38037.yml + NOTE: https://github.com/rails/rails/commit/a21d6edf35a60383dfa6c4da49e4b1aef5f00731 (v7.0.7.1) + NOTE: https://github.com/rails/rails/commit/c85cc667ebfd3c270df37c7575d580ea6462e12f (v6.1.7.5) +CVE-2023-4698 (Improper Input Validation in GitHub repository usememos/memos prior to ...) + NOT-FOR-US: Memos +CVE-2023-4697 (Improper Privilege Management in GitHub repository usememos/memos prio ...) + NOT-FOR-US: Memos +CVE-2023-4696 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: Memos +CVE-2023-4695 (Use of Predictable Algorithm in Random Number Generator in GitHub repo ...) + NOT-FOR-US: pkp-lib +CVE-2023-4688 (Sensitive information leak through log files. The following products a ...) + NOT-FOR-US: Acronis +CVE-2023-4299 (Digi RealPort Protocol is vulnerable to a replay attack that may allow ...) + NOT-FOR-US: Digi RealPort +CVE-2023-41751 (Sensitive information disclosure due to improper token expiration vali ...) + NOT-FOR-US: Acronis +CVE-2023-41750 (Sensitive information disclosure due to missing authorization. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-41749 (Sensitive information disclosure due to excessive collection of system ...) + NOT-FOR-US: Acronis +CVE-2023-39912 (Zoho ManageEngine ADManager Plus through 7202 allows admin users to do ...) + NOT-FOR-US: Zoho +CVE-2023-4683 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/112767e8b178fc82dec3cf82a1ca14d802cdb8ec + NOTE: https://huntr.dev/bounties/7852e4d2-af4e-4421-a39e-db23e0549922 +CVE-2023-4682 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/b1042c3eefca87c4bc32afb404ed6518d693e5be + NOTE: https://huntr.dev/bounties/15232a74-e3b8-43f0-ae8a-4e89d56c474c +CVE-2023-4681 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-D ...) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/4bac19ad854159b21ba70d8ab7c4e1cd1db8ea1c + NOTE: https://huntr.dev/bounties/d67c5619-ab36-41cc-93b7-04828e25f60e +CVE-2023-4678 (Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/4607052c482a51dbdacfe1ade10645c181d07b07 + NOTE: https://huntr.dev/bounties/688a4a01-8c18-469d-8cbe-a2e79e80c877 +CVE-2023-41748 (Remote command execution due to improper input validation. The followi ...) + NOT-FOR-US: Acronis +CVE-2023-41747 (Sensitive information disclosure due to improper input validation. The ...) + NOT-FOR-US: Acronis +CVE-2023-41746 (Remote command execution due to improper input validation. The followi ...) + NOT-FOR-US: Acronis +CVE-2023-41745 (Sensitive information disclosure due to excessive collection of system ...) + NOT-FOR-US: Acronis +CVE-2023-41744 (Local privilege escalation due to unrestricted loading of unsigned lib ...) + NOT-FOR-US: Acronis +CVE-2023-41743 (Local privilege escalation due to insecure driver communication port p ...) + NOT-FOR-US: Acronis +CVE-2023-41742 (Excessive attack surface due to binding to an unrestricted IP address. ...) + NOT-FOR-US: Acronis +CVE-2023-41741 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: Synology +CVE-2023-41740 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2023-41739 (Uncontrolled resource consumption vulnerability in File Functionality ...) + NOT-FOR-US: Synology +CVE-2023-41738 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2023-41717 (Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and ...) + NOT-FOR-US: Zscaler Proxy +CVE-2023-41642 (Multiple reflected cross-site scripting (XSS) vulnerabilities in the E ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41640 (An improper error handling vulnerability in the component ErroreNonGes ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41638 (An arbitrary file upload vulnerability in the Gestione Documentale mod ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41637 (An arbitrary file upload vulnerability in the Carica immagine function ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41636 (A SQL injection vulnerability in the Data Richiesta dal parameter of G ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41635 (A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.a ...) + NOT-FOR-US: GruppoSCAI RealGimm +CVE-2023-41045 (Graylog is a free and open log management platform. Graylog makes use ...) + - graylog2 (bug #652273) +CVE-2023-41044 (Graylog is a free and open log management platform. A partial path tra ...) + - graylog2 (bug #652273) +CVE-2023-41034 (Eclipse Leshan is a device management server and client Java implement ...) + NOT-FOR-US: Eclipse Leshan +CVE-2023-40589 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gc34-mw6m-g42x + NOTE: https://github.com/FreeRDP/FreeRDP/commit/16141a30f983dd6f7a6e5b0356084171942c9416 (3.0.0-beta3) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/c659973bb4cd65c065f2fe1a807dbc6805c684c6 (2.11.0) +CVE-2023-39356 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5v5-qhj5-mh6m + NOTE: https://github.com/FreeRDP/FreeRDP/commit/889348a86e49bc8f1351ed6496d847b32db5f86e (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/23db2f4e6ba71f1c10c543f24de595d7340adb46 (2.11.1) +CVE-2023-39355 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 (Vulnerable code not present) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hvwj-vmg6-2f5h + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6f9d33a7db0b346195b6a15b5b99944ba41beee (3.0.0-beta3) +CVE-2023-39354 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c3r2-pxxp-f8r6 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/82ac0164f330c08ddd9a6ef6f3dbf846c4b79def (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9a1ee1bae5a9561f5031a7b69129f10458b62d4a (2.11.0) +CVE-2023-39353 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hg53-9j9h-3c8f + NOTE: https://github.com/FreeRDP/FreeRDP/commit/efa0567c027239b901ccdc590b9e229e0111c68b (2.11.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9ed6d6baede27d5006e0e4c9bec8e506f695cb6a (2.11.0) +CVE-2023-39352 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-whwr-qcf2-2mvj + NOTE: https://github.com/FreeRDP/FreeRDP/commit/7daaba3c1411f71ac7260d01216ab8f8d3687c65 (3.0.0-beta1) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/856ecaa463e963ecfebc9734423d69139e7b3916 (2.11.0) +CVE-2023-39351 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q9x9-cqjc-rgwq + NOTE: https://github.com/FreeRDP/FreeRDP/commit/99e243cdbc31f66b5c917452c8fed3276e8bdcd5 (2.11.0) + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0) +CVE-2023-39350 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrrv-3w42-pffh + NOTE: https://github.com/FreeRDP/FreeRDP/commit/7ece410ce5b5660b9191e1ccb6835158afa11822 (2.11.0) + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/579a13b054c306de36a24621763729ebf01797d3 (2.0.0) +CVE-2023-34392 (A Missing Authentication for Critical Function vulnerability in the Sc ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator +CVE-2023-34391 (Insecure Inherited Permissions vulnerability in Schweitzer Engineering ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software +CVE-2023-33835 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) + NOT-FOR-US: IBM +CVE-2023-33834 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a ...) + NOT-FOR-US: IBM +CVE-2023-33833 (IBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensiti ...) + NOT-FOR-US: IBM +CVE-2023-4655 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) + NOT-FOR-US: icms2 +CVE-2023-4654 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: icms2 +CVE-2023-4653 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) + NOT-FOR-US: icms2 +CVE-2023-4652 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) + NOT-FOR-US: icms2 +CVE-2023-4651 (Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/ic ...) + NOT-FOR-US: icms2 +CVE-2023-4650 (Improper Access Control in GitHub repository instantsoft/icms2 prior t ...) + NOT-FOR-US: icms2 +CVE-2023-4649 (Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16. ...) + NOT-FOR-US: icms2 +CVE-2023-4641 [gpasswd(1) password leak] + - shadow 1:4.13+dfsg1-2 (bug #1051062) + [bookworm] - shadow (Minor issue) + [bullseye] - shadow (Minor issue) + [buster] - shadow (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2215945 + NOTE: https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 (4.14.0-rc1) +CVE-2023-4500 (The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: Order Tracking Pro plugin for WordPress +CVE-2023-4471 (The Order Tracking Pro plugin for WordPress is vulnerable to Reflected ...) + NOT-FOR-US: Order Tracking Pro plugin for WordPress +CVE-2023-4315 (The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4245 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to una ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4163 (In Brocade Fabric OS before v9.2.0a, a local authenticated privileged ...) + NOT-FOR-US: Brocade +CVE-2023-4162 (A segmentation fault can occur in Brocade Fabric OS after Brocade Fab ...) + NOT-FOR-US: Brocade +CVE-2023-4161 (The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cro ...) + NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress +CVE-2023-4160 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) + NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress +CVE-2023-4000 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress +CVE-2023-41163 (A Reflected Cross-site scripting (XSS) vulnerability in the file manag ...) + NOT-FOR-US: Usermin +CVE-2023-41041 (Graylog is a free and open log management platform. In a multi-node Gr ...) + - graylog2 (bug #652273) +CVE-2023-41040 (GitPython is a python library used to interact with Git repositories. ...) + {DLA-3589-1} + - python-git 3.1.36-1 + [bookworm] - python-git 3.1.30-1+deb12u2 + [bullseye] - python-git (Minor issue; can be fixed via point release) + NOTE: https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-cwvm-v4w8-q58c + NOTE: Fixed by: https://github.com/gitpython-developers/GitPython/commit/64ebb9fcdfbe48d5d61141a557691fd91f1e88d6 (3.1.35) + NOTE: Testcase: https://github.com/gitpython-developers/GitPython/commit/65b8c6a2ccacdf26e751cd3bc3c5a7c9e5796b56 (3.1.35) +CVE-2023-3999 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress +CVE-2023-3764 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) + NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress +CVE-2023-3677 (The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable ...) + NOT-FOR-US: WooCommerce PDF Invoice Builder plugin for WordPress +CVE-2023-3636 (The WP Project Manager plugin for WordPress is vulnerable to privilege ...) + NOT-FOR-US: WP Project Manager plugin for WordPress +CVE-2023-3489 (The firmwaredownload command on Brocade Fabric OS v9.2.0 could log th ...) + NOT-FOR-US: Brocade +CVE-2023-3404 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized dec ...) + NOT-FOR-US: ProfileGrid plugin for WordPress +CVE-2023-3162 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) + NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress +CVE-2023-39139 (An issue in Archive v3.3.7 allows attackers to execute a path traversa ...) + NOT-FOR-US: archive Dart library +CVE-2023-39138 (An issue in ZIPFoundation v0.9.16 allows attackers to execute a path t ...) + NOT-FOR-US: ZIPFoundation +CVE-2023-39137 (An issue in Archive v3.3.7 allows attackers to spoof zip filenames whi ...) + NOT-FOR-US: archive Dart library +CVE-2023-39136 (An unhandled edge case in the component _sanitizedPath of ZipArchive v ...) + NOT-FOR-US: SSZipArchive +CVE-2023-39135 (An issue in Zip Swift v2.1.2 allows attackers to execute a path traver ...) + NOT-FOR-US: Zip Swift +CVE-2023-38970 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) + NOT-FOR-US: Badaso +CVE-2023-31925 (Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication ...) + NOT-FOR-US: Brocade +CVE-2023-31714 (Chitor-CMS before v1.1.2 was discovered to contain multiple SQL inject ...) + NOT-FOR-US: Chitor-CMS +CVE-2023-31424 (Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a ...) + NOT-FOR-US: Brocade +CVE-2023-31423 (Possible information exposure through log file vulnerability where se ...) + NOT-FOR-US: Brocade +CVE-2023-2354 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Store ...) + NOT-FOR-US: CHP Ads Block Detector plugin for WordPress +CVE-2023-2353 (The CHP Ads Block Detector plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: CHP Ads Block Detector plugin for WordPress +CVE-2023-2352 (The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: CHP Ads Block Detector plugin for WordPress +CVE-2023-4640 (The controller responsible for setting the logging level does not incl ...) + NOT-FOR-US: YugabyteDB +CVE-2023-4624 (Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/b ...) + NOT-FOR-US: bookstack +CVE-2023-4600 (The AffiliateWP for WordPress is vulnerable to unauthorized modificati ...) + NOT-FOR-US: AffiliateWP for WordPress +CVE-2023-4571 (In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, ...) + NOT-FOR-US: Splunk +CVE-2023-4209 (The POEditor WordPress plugin before 0.9.8 does not have CSRF checks i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4150 (The User Activity Tracking and Log WordPress plugin before 4.0.9 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4109 (The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4036 (The Simple Blog Card WordPress plugin before 1.32 does not ensure that ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4035 (The Simple Blog Card WordPress plugin before 1.31 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4023 (The All Users Messenger WordPress plugin through 1.24 does not prevent ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4013 (The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-41563 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) + NOT-FOR-US: Tenda +CVE-2023-41562 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) + NOT-FOR-US: Tenda +CVE-2023-41561 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) + NOT-FOR-US: Tenda +CVE-2023-41560 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...) + NOT-FOR-US: Tenda +CVE-2023-41559 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) + NOT-FOR-US: Tenda +CVE-2023-41558 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-41557 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were di ...) + NOT-FOR-US: Tenda +CVE-2023-41556 (Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Te ...) + NOT-FOR-US: Tenda +CVE-2023-41555 (Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-41554 (Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack ov ...) + NOT-FOR-US: Tenda +CVE-2023-41553 (Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.0 ...) + NOT-FOR-US: Tenda +CVE-2023-41552 (Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were ...) + NOT-FOR-US: Tenda +CVE-2023-41539 (phpjabbers Business Directory Script 3.2 is vulnerable to SQL Injectio ...) + NOT-FOR-US: PHPJabbers +CVE-2023-41538 (phpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: PHPJabbers +CVE-2023-41537 (phpjabbers Business Directory Script 3.2 is vulnerable to Cross Site S ...) + NOT-FOR-US: PHPJabbers +CVE-2023-41039 (RestrictedPython is a restricted execution environment for Python to r ...) + - restrictedpython 6.2-1 + [bookworm] - restrictedpython (Minor issue) + [bullseye] - restrictedpython (Minor issue) + [buster] - restrictedpython (Minor issue, no rdeps) + NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-xjw2-6jm9-rf67 + NOTE: Fixed by: https://github.com/zopefoundation/RestrictedPython/commit/4134aedcff17c977da7717693ed89ce56d54c120 +CVE-2023-40848 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40847 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40845 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40844 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40843 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40842 (Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to B ...) + NOT-FOR-US: Tenda +CVE-2023-40841 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40840 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40839 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C ...) + NOT-FOR-US: Tenda +CVE-2023-40838 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0 ...) + NOT-FOR-US: Tenda +CVE-2023-40837 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50 ...) + NOT-FOR-US: Tenda +CVE-2023-40598 (In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attac ...) + NOT-FOR-US: Splunk +CVE-2023-40597 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) + NOT-FOR-US: Splunk +CVE-2023-40596 (In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a ...) + NOT-FOR-US: Splunk +CVE-2023-40595 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) + NOT-FOR-US: Splunk +CVE-2023-40594 (In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an ...) + NOT-FOR-US: Splunk +CVE-2023-40593 (In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious ...) + NOT-FOR-US: Splunk +CVE-2023-40592 (In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attac ...) + NOT-FOR-US: Splunk +CVE-2023-40582 (find-exec is a utility to discover available shell commands. Versions ...) + NOT-FOR-US: Node find-exec +CVE-2023-40188 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq + NOTE: Upstream reported the following fix through https://salsa.debian.org/-/snippets/662: + NOTE: https://github.com/FreeRDP/FreeRDP/commit/bdb3909a7713fb0b3d94c9676fe44d19de80eb4b (2.11.0) + NOTE: But, the advisory is inconsistent: it references 'general_LumaToYUV444' and 'in', while the code + NOTE: excerpt and stack trace (which is strikingly similar to CVE-2023-39354) are focused on 'rsc_rle_decode'. + NOTE: The commit bdb3909a above looks unrelated. Ubuntu used one of CVE-2023-39354's patches: + NOTE: https://github.com/FreeRDP/FreeRDP/commit/9a1ee1bae5a9561f5031a7b69129f10458b62d4a (2.11.0) +CVE-2023-40187 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 (Vulnerable code introduced in 3.0.0-beta1) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f + NOTE: Introduced by: https://github.com/FreeRDP/FreeRDP/commit/f34679397024a67ce6d568aad9ede19a8858b6f3 (3.0.0-beta1) + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ab31e8ba6ab3b4dd0183929cfb00bd5e797c402c (3.0.0-beta3) +CVE-2023-40186 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d8a1ac342ae375644c70579c33b5cf38fb43b083 (2.11.0) +CVE-2023-40184 (xrdp is an open source remote desktop protocol (RDP) server. In versio ...) + - xrdp (bug #1051061) + [bookworm] - xrdp (Minor issue) + [bullseye] - xrdp (Minor issue) + [buster] - xrdp (Minor issue) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq + NOTE: https://github.com/neutrinolabs/xrdp/commit/25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e +CVE-2023-40181 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/c23cbdc4a5756bd723223c7139654de7439fdcc0 (2.11.0) +CVE-2023-3992 (The PostX WordPress plugin before 3.0.6 does not sanitise and escape a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3720 (The Upload Media By URL WordPress plugin before 1.0.8 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3501 (The FormCraft WordPress plugin before 1.2.7 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3356 (The Subscribers Text Counter WordPress plugin before 1.7.1 does not ha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3136 (The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: MailArchiver plugin for WordPress +CVE-2023-35094 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35092 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34187 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34184 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34183 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34180 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34176 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34175 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSla ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34174 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34172 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mile ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34032 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34023 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34022 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Ha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34008 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34004 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33929 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaq ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33325 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33320 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33317 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33210 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuaj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33208 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32802 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32801 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32793 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32746 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32742 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32740 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Na ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32597 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32294 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4609 + REJECTED +CVE-2023-4599 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: Slimstat Analytics plugin for WordPress +CVE-2023-4597 (The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: Slimstat Analytics plugin for WordPress +CVE-2023-4596 (The Forminator plugin for WordPress is vulnerable to arbitrary file up ...) + NOT-FOR-US: Forminator plugin for WordPress +CVE-2023-4526 + REJECTED +CVE-2023-4525 + REJECTED +CVE-2023-4522 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab +CVE-2023-4296 (If an attacker tricks an admin user of PTC Codebeamer into clicking on ...) + NOT-FOR-US: PTC Codebeamer +CVE-2023-41269 + REJECTED +CVE-2023-41266 (A path traversal vulnerability found in Qlik Sense Enterprise for Wind ...) + NOT-FOR-US: Qlik +CVE-2023-41265 (An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise ...) + NOT-FOR-US: Qlik +CVE-2023-41153 (A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configura ...) + - webmin +CVE-2023-39559 (AudimexEE 15.0 was discovered to contain a full path disclosure vulner ...) + NOT-FOR-US: AudimexEE +CVE-2023-39558 (AudimexEE v15.0 was discovered to contain multiple reflected cross-sit ...) + NOT-FOR-US: AudimexEE +CVE-2023-38975 (* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote atta ...) + NOT-FOR-US: qdrant +CVE-2023-38971 (Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allo ...) + NOT-FOR-US: Badaso +CVE-2023-32241 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDevelo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4611 (A use-after-free flaw was found in mm/mempolicy.c in the memory manage ...) + - linux 6.4.11-1 + [bookworm] - linux (Vulnerable code not present) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6c21e066f9256ea1df6f88768f6ae1080b7cf509 (6.5-rc4) +CVE-2023-4481 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) + NOT-FOR-US: Juniper +CVE-2023-4572 (Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 ...) + {DSA-5487-1} + - chromium 116.0.5845.140-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4346 (KNX devices that use KNX Connection Authorization and support Option 1 ...) + NOT-FOR-US: KNX devices +CVE-2023-41376 (Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when ...) + NOT-FOR-US: Nokia Service Router Operating System (SR OS) and SR Linux +CVE-2023-41362 (MyBB before 1.8.36 allows Code Injection by users with certain high pr ...) + NOT-FOR-US: MyBB +CVE-2023-41037 (OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In ...) + - node-openpgp (bug #787774) +CVE-2023-40890 (A stack-based buffer overflow vulnerability exists in the lookup_seque ...) + {DLA-3675-1} + - zbar (bug #1051724) + NOTE: https://hackmd.io/@cspl/H1PxPAUnn + NOTE: https://github.com/mchehab/zbar/issues/263 + NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no upstream fix exists yet. +CVE-2023-40889 (A heap-based buffer overflow exists in the qr_reader_match_centers fun ...) + {DLA-3675-1} + - zbar (bug #1051724) + NOTE: https://hackmd.io/@cspl/B1ZkFZv23 + NOTE: https://github.com/mchehab/zbar/issues/263 + NOTE: 0.23.92-9 upload adds patch to avoid exploitation, but no upstream fix exists yet. +CVE-2023-40787 (In SpringBlade V3.6.0 when executing SQL query, the parameters submitt ...) + NOT-FOR-US: SpringBlade +CVE-2023-3646 (On affected platforms running Arista EOS with mirroring to multiple de ...) + NOT-FOR-US: Arista +CVE-2023-3253 (An improper authorization vulnerability exists where an authenticated, ...) + NOT-FOR-US: Nessus +CVE-2023-3252 (An arbitrary file write vulnerability exists where an authenticated, r ...) + NOT-FOR-US: Nessus +CVE-2023-3251 (A pass-back vulnerability exists where an authenticated, remote attack ...) + NOT-FOR-US: Nessus +CVE-2023-39678 (A cross-site scripting (XSS) vulnerability in the device web interface ...) + NOT-FOR-US: BDCOM OLT P3310D-2AC +CVE-2023-39663 (Mathjax up to v2.7.9 was discovered to contain two Regular expression ...) + - mathjax + [bookworm] - mathjax (Minor issue) + [bullseye] - mathjax (Minor issue) + [buster] - mathjax (Minor issue) + NOTE: https://github.com/mathjax/MathJax/issues/3074 +CVE-2023-39616 (AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read mem ...) + [experimental] - aom 3.7.0-1~exp1 + - aom 3.7.0-1 + [bookworm] - aom (Minor issue) + [bullseye] - aom (Vulnerable code introduced later) + [buster] - aom (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3372#c3 + NOTE: Introduced by: https://aomedia.googlesource.com/aom/+/55318e3c27fbcff4b4888e6b413ca1e34e4fb8a1 (3.4.0_rc1) + NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/35254736d9753447ac9bccf8e0062bdb74b0bdb7 (3.7.0_rc2) + NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/cbce06167ac7adc945786320ae3ea6e39b11e1d1 (3.7.0_rc2) + NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/54e4b8fffababa02c31674b3b37dc0c26dd0a898 (3.7.0_rc2) + NOTE: Fixed by: https://aomedia.googlesource.com/aom/+/df38eb169193f169bb4a81edd7b54d15cd5afc2a (3.7.0_rc2) + NOTE: Testcase: https://aomedia.googlesource.com/aom/+/7c3bcc8fa57ffda7f128f3cea9e8bb31c83fe4b7 (3.7.0_rc2) + NOTE: Testcase: https://aomedia.googlesource.com/aom/+/d90659acbb1487949195006d46c4582c62f1b90f (3.7.0_rc2) + NOTE: For Debian this was initially fixed in Debian unstable with 3.7.0~rc3-1 but reverted with the + NOTE: 3.7.0~really3.6.1-1 upload re-introducing the issue. +CVE-2023-39615 (Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...) + [experimental] - libxml2 2.12.3+dfsg-0exp1 + - libxml2 (bug #1051230) + [bookworm] - libxml2 (Minor issue) + [bullseye] - libxml2 (Minor issue) + [buster] - libxml2 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9 (v2.12.0) + NOTE: Followup: https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129 (v2.12.0) +CVE-2023-39522 (goauthentik is an open-source Identity Provider. In affected versions ...) + NOT-FOR-US: authentik +CVE-2023-39268 (A memory corruption vulnerability in ArubaOS-Switch could lead to unau ...) + NOT-FOR-US: Aruba +CVE-2023-39267 (An authenticated remote code execution vulnerability exists in the com ...) + NOT-FOR-US: Aruba +CVE-2023-39266 (A vulnerability in the ArubaOS-Switch web management interface could a ...) + NOT-FOR-US: Aruba +CVE-2023-38802 (FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote ...) + {DSA-5495-1 DLA-3573-1} + - frr 8.4.4-1.1 + NOTE: https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling + NOTE: https://github.com/FRRouting/frr/pull/14290 + NOTE: https://github.com/FRRouting/frr/commit/bcb6b58d9530173df41d3a3cbc4c600ee0b4b186 + NOTE: Backport for stable/8.4: https://github.com/FRRouting/frr/pull/14295 + NOTE: https://github.com/FRRouting/frr/commit/46817adab03802355c3cce7b753c7a735bdcc5ae +CVE-2023-38283 (In OpenBGPD before 8.1, incorrect handling of BGP update data (length ...) + - openbgpd 8.1-1 + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig +CVE-2023-34039 (Aria Operations for Networks contains an Authentication Bypass vulnera ...) + NOT-FOR-US: VMware +CVE-2023-4586 (A vulnerability was found in the Hot Rod client. This security issue o ...) + NOT-FOR-US: Infinispan +CVE-2023-4585 (Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thun ...) + - firefox 117.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4585 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4585 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4585 +CVE-2023-4584 (Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ...) + {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} + - firefox-esr 115.2.0esr-1 + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4584 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4584 +CVE-2023-4583 (When checking if the Browsing Context had been discarded in `HttpBaseC ...) + - firefox 117.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4583 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4583 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4583 +CVE-2023-4582 (Due to large allocation checks in Angle for glsl shaders being too len ...) + - firefox-esr (MacOS-specific) + - firefox (MacOS-specific) + - thunderbird (MacOS-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4582 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4582 +CVE-2023-4581 (Excel `.xll` add-in files did not have a blocklist entry in Firefox's ...) + {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} + - firefox-esr 115.2.0esr-1 + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4581 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4581 +CVE-2023-4580 (Push notifications stored on disk in private browsing mode were not be ...) + - firefox 117.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4580 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4580 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4580 +CVE-2023-4579 (Search queries in the default search engine could appear to have been ...) + - firefox 117.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4579 +CVE-2023-4578 (When calling `JS::CheckRegExpSyntax` a Syntax Error could have been se ...) + - firefox 117.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4578 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4578 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4578 +CVE-2023-4577 (When `UpdateRegExpStatics` attempted to access `initialStringHeap` it ...) + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4577 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4577 +CVE-2023-4576 (On Windows, an integer overflow could occur in `RecordedSourceSurfaceC ...) + - firefox-esr (Windows-specific) + - firefox (Windows-specific) + - thunderbird (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4576 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4576 +CVE-2023-4575 (When creating a callback over IPC for showing the File Picker window, ...) + {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} + - firefox-esr 115.2.0esr-1 + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4575 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4575 +CVE-2023-4574 (When creating a callback over IPC for showing the Color Picker window, ...) + {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} + - firefox-esr 115.2.0esr-1 + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4574 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4574 +CVE-2023-4573 (When receiving rendering data over IPC `mStream` could have been destr ...) + {DSA-5488-1 DSA-5485-1 DLA-3554-1 DLA-3553-1} + - firefox-esr 115.2.0esr-1 + - firefox 117.0-1 + - thunderbird 1:115.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-34/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-35/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4573 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4573 +CVE-2023-41363 (In Cerebrate 1.14, a vulnerability in UserSettingsController allows au ...) + NOT-FOR-US: Cerebrate +CVE-2023-41361 (An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not ...) + {DLA-3573-1} + - frr (bug #1055852) + [bullseye] - frr (The vulnerable code was introduced later) + NOTE: https://github.com/FRRouting/frr/pull/14241 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b4d09af9194d20a7f9f16995a062f5d8e3d32840 + NOTE: Backport for 9.0 branch: https://github.com/FRRouting/frr/pull/14250 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/73ad93a83f18564bb7bff4659872f7ec1a64b05e +CVE-2023-41360 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) + {DLA-3573-1} + - frr 8.4.4-1.1 + [bookworm] - frr 8.4.4-1.1~deb12u1 + [bullseye] - frr (The vulnerable code was introduced later) + NOTE: https://github.com/FRRouting/frr/pull/14245 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/9b855a692e68e0d16467e190b466b4ecb6853702 + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14249 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/3515178de4a56d66ed948a774efcbe4a854e1ca7 +CVE-2023-41359 (An issue was discovered in FRRouting FRR through 9.0. There is an out- ...) + - frr (The vulnerable code was introduced later) + NOTE: https://github.com/FRRouting/frr/pull/14232 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f96201e104892e18493f24cf67bb713678e8237b + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14268 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/460ee930d6dbce6e96ecbfcd568a291f31bae24e + NOTE: Introduced in: https://github.com/FRRouting/frr/commit/97a52c82a569f4a2ba792fbd734f5e635a057e6f (frr-8.5-rc) +CVE-2023-41358 (An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet. ...) + {DSA-5495-1 DLA-3573-1} + - frr 8.4.4-1.1 + NOTE: https://github.com/FRRouting/frr/pull/14260 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/28ccc24d38df1d51ed8a563507e5d6f6171fdd38 + NOTE: Backport for stable/8.5: https://github.com/FRRouting/frr/pull/14270 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/f291f1ee9434f56d4b185db0652794a92e313b00 +CVE-2023-41005 (An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execut ...) + NOT-FOR-US: Pagekit CMS +CVE-2023-40998 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr +CVE-2023-40997 (Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib- ...) + NOT-FOR-US: O-RAN Software Community ric-plt-lib-rmr +CVE-2023-40857 (Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remo ...) + NOTE: Non issue, untrusted yara rules not supported, see https://github.com/VirusTotal/yara/issues/1948 +CVE-2023-40828 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/pull/537 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 +CVE-2023-40827 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/issues/536 + NOTE: https://github.com/pf4j/pf4j/pull/537 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 +CVE-2023-40826 (An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to o ...) + - libpf4j-java 3.9.0+dfsg-2 (bug #1050834) + [bookworm] - libpf4j-java (Minor issue) + NOTE: https://github.com/pf4j/pf4j/issues/536 + NOTE: Duplicate/similar to: https://github.com/pf4j/pf4j/issues/526 + NOTE: https://github.com/pf4j/pf4j/pull/538 + NOTE: Fixed by: https://github.com/pf4j/pf4j/commit/8e0aa198c4e652cfc1eb9e05ca9b64397f67cc72 +CVE-2023-40825 (An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to ex ...) + NOT-FOR-US: PerfreeBlog +CVE-2023-40781 (Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remo ...) + - ming +CVE-2023-39968 (jupyter-server is the backend for Jupyter web applications. Open Redir ...) + [experimental] - jupyter-server 2.9.1-1 + - jupyter-server (bug #1057739) + [bookworm] - jupyter-server (Minor issue) + [bullseye] - jupyter-server (Minor issue) + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-r726-vmfq-j9j3 + NOTE: https://github.com/jupyter-server/jupyter_server/commit/290362593b2ffb23c59f8114d76f77875de4b925 (v2.7.2) +CVE-2023-39650 (Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a ...) + NOT-FOR-US: Theme Volty CMS Blog +CVE-2023-39059 (An issue in ansible semaphore v.2.8.90 allows a remote attacker to exe ...) + NOT-FOR-US: Ansible Semaphore +CVE-2023-38969 (Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote a ...) + NOT-FOR-US: Badaso +CVE-2023-34725 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) + NOT-FOR-US: TechView +CVE-2023-34724 (An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53 ...) + NOT-FOR-US: TechView +CVE-2023-32457 (Dell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper ...) + NOT-FOR-US: Dell +CVE-2023-4569 (A memory leak flaw was found in nft_set_catchall_flush in net/netfilte ...) + {DSA-5492-1} + - linux 6.4.13-1 + NOTE: https://git.kernel.org/linus/90e5b3462efa37b8bba82d7c4e63683856e188af (6.5-rc7) +CVE-2023-4567 + REJECTED +CVE-2023-4563 + REJECTED +CVE-2023-41109 (SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Com ...) + NOT-FOR-US: SmartNode SN200 (aka SN200) +CVE-2023-40846 (Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Bu ...) + NOT-FOR-US: Tenda +CVE-2023-40767 (User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40766 (User enumeration is found in in PHPJabbers Ticket Support Script v3.2. ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40765 (User enumeration is found in PHPJabbers Event Booking Calendar v4.0. T ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40764 (User enumeration is found in PHP Jabbers Car Rental Script v3.0. This ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40763 (User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40762 (User enumeration is found in PHPJabbers Fundraising Script v1.0. This ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40761 (User enumeration is found in PHPJabbers Yacht Listing Script v2.0. Thi ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40760 (User enumeration is found in PHP Jabbers Hotel Booking System v4.0. Th ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40759 (User enumeration is found in PHP Jabbers Restaurant Booking Script v3. ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40758 (User enumeration is found in PHPJabbers Document Creator v1.0. This is ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40757 (User enumeration is found in PHPJabbers Food Delivery Script v3.1. Thi ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40756 (User enumeration is found in PHPJabbers Callback Widget v1.0. This iss ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40755 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40754 (In PHPJabbers Car Rental Script 3.0, lack of verification when changin ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40753 (There is a Cross Site Scripting (XSS) vulnerability in the message par ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40752 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40751 (PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripti ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40750 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40749 (PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40748 (PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnera ...) + NOT-FOR-US: PHPJabbers +CVE-2023-40590 (GitPython is a python library used to interact with Git repositories. ...) + - python-git (Only affects python-git on Windows) +CVE-2023-40170 (jupyter-server is the backend for Jupyter web applications. Improper c ...) + [experimental] - jupyter-server 2.9.1-1 + - jupyter-server (bug #1057097) + [bookworm] - jupyter-server (Minor issue) + [bullseye] - jupyter-server (Minor issue) + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-64x5-55rw-9974 + NOTE: https://github.com/jupyter-server/jupyter_server/commit/87a4927272819f0b1cae1afa4c8c86ee2da002fd (v2.7.2) +CVE-2023-39810 (An issue in the CPIO command of Busybox v1.33.2 allows attackers to ex ...) + - busybox (bug #1055307) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/ +CVE-2023-39709 (Multiple cross-site scripting (XSS) vulnerabilities in Free and Open S ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39708 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39652 (theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL ...) + NOT-FOR-US: theme volty tvcmsvideotab +CVE-2023-39578 (A stored cross-site scripting (XSS) vulnerability in the Create functi ...) + NOT-FOR-US: Zenario CMS +CVE-2023-39562 (GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a hea ...) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2537 + NOTE: https://github.com/gpac/gpac/commit/9024531ee8e6ae8318a8fe0cbb64710d1acc31f6 +CVE-2023-39560 (ECTouch v2 was discovered to contain a SQL injection vulnerability via ...) + NOT-FOR-US: ECTouch v2 +CVE-2023-39348 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + NOT-FOR-US: Spinnaker +CVE-2023-39062 (Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 al ...) + NOT-FOR-US: Spipu HTML2PDF +CVE-2023-38289 + REJECTED +CVE-2023-38288 + REJECTED +CVE-2023-36481 (An issue was discovered in Samsung Exynos Mobile Processor and Wearabl ...) + NOT-FOR-US: Samsung +CVE-2023-35785 (Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudi ...) + NOT-FOR-US: Zoho +CVE-2023-34758 (Sliver from v1.5.x to v1.5.39 has an improper cryptographic implementa ...) + NOT-FOR-US: Slive +CVE-2018-25089 (A vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki ...) + NOT-FOR-US: glb Meetup Tag Extension +CVE-2017-20186 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ...) + NOT-FOR-US: nikooo777 ckSurf +CVE-2023-4561 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) + NOT-FOR-US: Omeka S +CVE-2023-4560 (Improper Authorization of Index Containing Sensitive Information in Gi ...) + NOT-FOR-US: Omeka S +CVE-2023-4559 (A vulnerability, which was classified as critical, has been found in B ...) + NOT-FOR-US: Bettershop LaikeTui +CVE-2023-4558 (A vulnerability classified as critical was found in SourceCodester Inv ...) + NOT-FOR-US: SourceCodester +CVE-2023-4557 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2023-40195 (Deserialization of Untrusted Data, Inclusion of Functionality from Unt ...) + NOT-FOR-US: Apache Airflow Spark Provider +CVE-2023-38730 (IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker ...) + NOT-FOR-US: IBM +CVE-2023-38030 (Saho\u2019s attendance devices ADM100 and ADM-100FP have a vulnerabili ...) + NOT-FOR-US: Saho +CVE-2023-38029 (Saho\u2019s attendance devices ADM100 and ADM-100FP has insufficient f ...) + NOT-FOR-US: Saho +CVE-2023-38028 (Saho\u2019s attendance devices ADM100 and ADM-100FP have insufficient ...) + NOT-FOR-US: Saho +CVE-2023-38027 (SpotCam Co., Ltd. SpotCam Sense\u2019s hidden Telnet function has a vu ...) + NOT-FOR-US: SpotCam +CVE-2023-38026 (SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-code ...) + NOT-FOR-US: SpotCam +CVE-2023-38025 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...) + NOT-FOR-US: SpotCam +CVE-2023-38024 (SpotCam Co., Ltd. SpotCam FHD 2\u2019s hidden Telnet function has a vu ...) + NOT-FOR-US: SpotCam +CVE-2023-33852 (IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote at ...) + NOT-FOR-US: IBM +CVE-2016-15035 (A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified ...) + NOT-FOR-US: Doc2k RE-Chat +CVE-2023-4556 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-4555 (A vulnerability has been found in SourceCodester Inventory Management ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4548 (A vulnerability classified as critical has been found in SPA-Cart eCom ...) + NOT-FOR-US: SPA-Cart eCommerce CMS +CVE-2023-4547 (A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has be ...) + NOT-FOR-US: SPA-Cart eCommerce CMS +CVE-2023-4546 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Plattform +CVE-2023-4545 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...) + NOT-FOR-US: IBOS OA +CVE-2023-4544 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-4543 (A vulnerability was found in IBOS OA 4.5.5. It has been declared as cr ...) + NOT-FOR-US: IBOS OA +CVE-2023-4542 (A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has ...) + NOT-FOR-US: D-Link +CVE-2023-4524 + REJECTED +CVE-2023-41121 (Array AG OS before 9.4.0.499 allows denial of service: remote attacker ...) + NOT-FOR-US: Array AG OS +CVE-2023-41080 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in F ...) + {DSA-5522-1 DSA-5521-1 DLA-3617-1} + - tomcat10 10.1.13-1 + - tomcat9 9.0.70-2 + - tomcat8 + NOTE: https://lists.apache.org/thread/71wvwprtx2j2m54fovq9zr7gbm2wow2f + NOTE: https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27 (10.1.13) + NOTE: https://github.com/apache/tomcat/commit/77c0ce2d169efa248b64b992e547aad549ec906b (9.0.80) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2023-40587 (Pyramid is an open source Python web framework. A path traversal vulne ...) + - python-pyramid (bug #1050740) + [bookworm] - python-pyramid (Minor issue) + [bullseye] - python-pyramid (Python version in Bullseye is not affected) + [buster] - python-pyramid (Python version in Buster is not affected) + NOTE: https://github.com/Pylons/pyramid/security/advisories/GHSA-j8g2-6fc7-q8f8 + NOTE: https://github.com/Pylons/pyramid/commit/347d7750da6f45c7436dd0c31468885cc9343c85 (2.0.2) + NOTE: Underlying issue fixed in Python 3.11 and 3.12. +CVE-2023-40586 (OWASP Coraza WAF is a golang modsecurity compatible web application fi ...) + NOT-FOR-US: OWASP Coraza WAF +CVE-2023-40585 (ironic-image is a container image to run OpenStack Ironic as part of M ...) + NOT-FOR-US: ironic-image container image +CVE-2023-40583 (libp2p is a networking stack and library modularized out of The IPFS P ...) + NOT-FOR-US: go-libp2p +CVE-2023-40571 (weblogic-framework is a tool for detecting weblogic vulnerabilities. V ...) + NOT-FOR-US: weblogic-framework +CVE-2023-40166 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) + NOT-FOR-US: Notepad++ +CVE-2023-40164 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) + NOT-FOR-US: Notepad++ +CVE-2023-39291 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...) + NOT-FOR-US: MiVoice Connect +CVE-2023-39290 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + NOT-FOR-US: MiVoice Connect +CVE-2023-39289 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) + NOT-FOR-US: MiVoice Connect +CVE-2023-39288 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) + NOT-FOR-US: MiVoice Connect +CVE-2023-39287 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + NOT-FOR-US: MiVoice Connect +CVE-2023-36741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-34723 (An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T5 ...) + NOT-FOR-US: TechView LA-5570 Wireless Gateway +CVE-2023-2906 (Due to a failure in validating the length provided by an attacker-craf ...) + {DSA-5559-1} + - wireshark 4.0.8-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Vulnerable code introduced in 3.0.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-26.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19229 + NOTE: Introduced by https://gitlab.com/wireshark/wireshark/-/commit/4ff777d5ce1d9951a1edbf7ffa914a12a00bb2b3 (v2.9.0) +CVE-2023-4534 (A vulnerability, which was classified as problematic, was found in Neo ...) + NOT-FOR-US: NeoMind Fusion Platform +CVE-2023-4520 (The FV Flowplayer Video Player plugin for WordPress is vulnerable to S ...) + NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress +CVE-2023-4508 (A user able to control file input to Gerbv, between versions 2.4.0 and ...) + {DLA-3593-1} + - gerbv 2.10.0-1 (bug #1050560) + [bookworm] - gerbv (Minor issue) + [bullseye] - gerbv (Minor issue) + NOTE: https://github.com/gerbv/gerbv/issues/191 + NOTE: https://github.com/gerbv/gerbv/pull/192 + NOTE: https://github.com/gerbv/gerbv/commit/5517e22250e935dc7f86f64ad414aeae3dbcb36a (v2.10.0-rc.1) +CVE-2023-4478 (Mattermost fails to restrict which parameters' values it takes from th ...) + - mattermost-server (bug #823556) +CVE-2023-41250 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-41249 (In JetBrains TeamCity before 2023.05.3 reflected XSS was possible duri ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-41248 (In JetBrains TeamCity before 2023.05.3 stored XSS was possible during ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-41173 (AdGuard DNS before 2.2 allows remote attackers to cause a denial of se ...) + NOT-FOR-US: AdGuard +CVE-2023-41167 (@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by c ...) + NOT-FOR-US: Webiny +CVE-2023-40915 (Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detec ...) + NOT-FOR-US: Tenda +CVE-2023-40802 (The get_parentControl_list_Info function does not verify the parameter ...) + NOT-FOR-US: Tenda +CVE-2023-40801 (The sub_451784 function does not validate the parameters entered by th ...) + NOT-FOR-US: Tenda +CVE-2023-40800 (The compare_parentcontrol_time function does not authenticate user inp ...) + NOT-FOR-US: Tenda +CVE-2023-40799 (Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_4 ...) + NOT-FOR-US: Tenda +CVE-2023-40798 (In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanPar ...) + NOT-FOR-US: Tenda +CVE-2023-40797 (In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not valida ...) + NOT-FOR-US: Tenda +CVE-2023-40796 (Phicomm k2 v22.6.529.216 is vulnerable to command injection.) + NOT-FOR-US: Phicomm +CVE-2023-40599 (Regular expression Denial-of-Service (ReDoS) exists in multiple add-on ...) + NOT-FOR-US: multiple addons for Mailform Pro CGI +CVE-2023-40580 (Freighter is a Stellar chrome extension. It may be possible for a mali ...) + NOT-FOR-US: Freighter Stellar chrome extension +CVE-2023-40579 (OpenFGA is an authorization/permission engine built for developers and ...) + NOT-FOR-US: OpenFGA +CVE-2023-40577 (Alertmanager handles alerts sent by client applications such as the Pr ...) + {DLA-3609-1} + - prometheus-alertmanager 0.26.0+ds-1 (bug #1050558) + NOTE: https://github.com/prometheus/alertmanager/security/advisories/GHSA-v86x-5fm3-5p7j + NOTE: https://github.com/prometheus/alertmanager/commit/8b9f2fd20c25e0d1e76aa0b407f7e354996d8e72 (v0.25.1) +CVE-2023-40576 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 (Vulnerable code not present) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2 +CVE-2023-40575 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 (Vulnerable code not present) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v +CVE-2023-40574 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 (Vulnerable code not present) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw +CVE-2023-40570 (Datasette is an open source multi-tool for exploring and publishing da ...) + NOT-FOR-US: Datasette +CVE-2023-40569 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hm8c-rcjg-c8qp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/23c3daeca1598393f8c93f563f7847a4d67919f1 (2.11.0) +CVE-2023-40568 + REJECTED +CVE-2023-40567 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3606-1} + - freerdp2 2.11.2+dfsg1-1 (bug #1051638) + [bookworm] - freerdp2 (Minor issue) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/bacb8c016ef72aa767760b6b01d15500aee9d59a (2.11.0) +CVE-2023-40530 (Improper authorization in handler for custom URL scheme issue in 'Skyl ...) + NOT-FOR-US: 'Skylark' App +CVE-2023-40182 (Silverware Games is a premium social network where people can play gam ...) + NOT-FOR-US: Silverware Games +CVE-2023-40179 (Silverware Games is a premium social network where people can play gam ...) + NOT-FOR-US: Silverware Games +CVE-2023-40036 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) + NOT-FOR-US: Notepad++ +CVE-2023-40031 (Notepad++ is a free and open-source source code editor. Versions 8.5.6 ...) + NOT-FOR-US: Notepad++ +CVE-2023-40030 (Cargo downloads a Rust project\u2019s dependencies and compiles the pr ...) + - cargo + [bookworm] - cargo (Minor issue) + [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue) + - rust-cargo + [bookworm] - rust-cargo (Minor issue) + [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue) + NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-wrrj-h57r-vx9p + NOTE: https://github.com/rust-lang/cargo/pull/12291 + NOTE: https://github.com/rust-lang/cargo/commit/9835622853f08be9a4b58ebe29dcec8f43b64b33 (0.75.0) +CVE-2023-40022 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2023-40017 (GeoNode is an open source platform that facilitates the creation, shar ...) + NOT-FOR-US: GeoNode +CVE-2023-3425 (Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 ...) + NOT-FOR-US: M-Files +CVE-2023-3406 (Path Traversal issue in M-Files Classic Web versions below 23.6.12695. ...) + NOT-FOR-US: M-Files +CVE-2023-39742 (giflib v5.2.1 was discovered to contain a segmentation fault via the c ...) + - giflib (unimportant) + NOTE: https://sourceforge.net/p/giflib/bugs/166/ + NOTE: Crash in CLI, negligible security impact +CVE-2023-39707 (A stored cross-site scripting (XSS) vulnerability in Free and Open Sou ...) + NOT-FOR-US: Free and Open Source Inventory Management System +CVE-2023-39700 (IceWarp Mail Server v10.4.5 was discovered to contain a reflected cros ...) + NOT-FOR-US: IceWarp +CVE-2023-39699 (IceWarp Mail Server v10.4.5 was discovered to contain a local file inc ...) + NOT-FOR-US: IceWarp +CVE-2023-39600 (IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: IceWarp +CVE-2023-39521 (Tuleap is an open source suite to improve management of software devel ...) + NOT-FOR-US: Tuleap +CVE-2023-39519 (Cloud Explorer Lite is an open source cloud management platform. Prior ...) + NOT-FOR-US: Cloud Explorer Lite +CVE-2023-38974 (A stored cross-site scripting (XSS) vulnerability in the Edit Category ...) + NOT-FOR-US: Badaso +CVE-2023-38973 (A stored cross-site scripting (XSS) vulnerability in the Add Tag funct ...) + NOT-FOR-US: Badaso +CVE-2023-38508 (Tuleap is an open source suite to improve management of software devel ...) + NOT-FOR-US: Tuleap +CVE-2023-38201 (A flaw was found in the Keylime registrar that could allow a bypass of ...) + NOT-FOR-US: Keylime +CVE-2023-37469 (CasaOS is an open-source personal cloud system. Prior to version 0.4.4 ...) + NOT-FOR-US: CasaOS +CVE-2023-37249 (Infoblox NIOS through 8.5.1 has a faulty component that accepts malici ...) + NOT-FOR-US: Infoblox NIOS +CVE-2023-36199 (An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacke ...) + NOT-FOR-US: skalenetwork sgxwallet +CVE-2023-36198 (Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows ...) + NOT-FOR-US: skalenetwork sgxwallet +CVE-2023-32797 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32757 (e-Excellence U-Office Force file uploading function does not restrict ...) + NOT-FOR-US: e-Excellence U-Office Force file uploading function +CVE-2023-32756 (e-Excellence U-Office Force has a path traversal vulnerability within ...) + NOT-FOR-US: e-Excellence U-Office Force +CVE-2023-32755 (e-Excellence U-Office Force generates an error message in webiste serv ...) + NOT-FOR-US: e-Excellence U-Office Force +CVE-2023-32678 (Zulip is an open-source team collaboration tool with topic-based threa ...) + NOT-FOR-US: Zulip +CVE-2023-32603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao D ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32598 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolf ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32595 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pala ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Clou ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32584 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32577 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32576 (Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Pla ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32575 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32518 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Ooga ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32079 (Netmaker makes networks with WireGuard. A Mass assignment vulnerabilit ...) + NOT-FOR-US: Netmaker +CVE-2023-32078 (Netmaker makes networks with WireGuard. An Insecure Direct Object Refe ...) + NOT-FOR-US: Netmaker +CVE-2023-32077 (Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0 ...) + NOT-FOR-US: Netmaker +CVE-2023-40217 (An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, ...) + {DLA-3614-1 DLA-3575-1} + - python3.12 3.12.0~rc1-2 + - python3.11 3.11.5-1 + - python3.10 3.10.13-1 + - python3.9 + - python3.7 + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + - pypy3 7.3.13+dfsg-1 + [bookworm] - pypy3 (Minor issue) + [bullseye] - pypy3 (Minor issue) + [buster] - pypy3 (Minor issue) + NOTE: https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ + NOTE: https://github.com/python/cpython/issues/108310 + NOTE: https://github.com/python/cpython/pull/108315 + NOTE: https://github.com/python/cpython/commit/0cb0c238d520a8718e313b52cffc356a5a7561bf (main) + NOTE: https://github.com/python/cpython/commit/256586ab8776e4526ca594b4866b9a3492e628f1 (3.12) + NOTE: https://github.com/python/cpython/commit/75a875e0df0530b75b1470d797942f90f4a718d3 (v3.11.5) + NOTE: https://github.com/python/cpython/commit/37d7180cb647f0bed0c1caab0037f3bc82e2af96 (v3.10.13) + NOTE: https://github.com/python/cpython/commit/264b1dacc67346efa0933d1e63f622676e0ed96b (v3.9.18) + NOTE: Additional patches to stabilize the test suite may also be applied to all versions: + NOTE: 1. https://github.com/python/cpython/commit/64f99350351bc46e016b2286f36ba7cd669b79e3 + NOTE: 2. https://github.com/python/cpython/commit/592bacb6fc0833336c0453e818e9b95016e9fd47 +CVE-2023-4380 (A logic flaw exists in Ansible. Whenever a private project is created ...) + - ansible (bug #1051897) + [bookworm] - ansible (Minor issue) + [bullseye] - ansible (Minor issue) + [buster] - ansible (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2232324 + NOTE: likely in awx component or may be RedHat specific +CVE-2023-4420 (A remote unprivileged attacker can intercept the communication via e.g ...) + NOT-FOR-US: SICK LMS5xx +CVE-2023-4419 (The LMS5xx uses hard-coded credentials, which potentially allow low-sk ...) + NOT-FOR-US: SICK LMS5xx +CVE-2023-4418 (A remote unprivileged attacker can sent multiple packages to the LMS5x ...) + NOT-FOR-US: SICK LMS5xx +CVE-2023-4320 (An arithmetic overflow flaw was found in Satellite when creating a new ...) + NOT-FOR-US: Red Hat Satellite +CVE-2023-40904 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-40902 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-40901 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-40900 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40899 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40898 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40897 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40896 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40895 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40894 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40893 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40892 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40891 (Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-40877 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) + NOT-FOR-US: DedeCMS +CVE-2023-40876 (DedeCMS up to and including 5.7.110 was discovered to contain a cross- ...) + NOT-FOR-US: DedeCMS +CVE-2023-40875 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...) + NOT-FOR-US: DedeCMS +CVE-2023-40874 (DedeCMS up to and including 5.7.110 was discovered to contain multiple ...) + NOT-FOR-US: DedeCMS +CVE-2023-40710 (An adversary could cause a continuous restart loop to the entire devic ...) + NOT-FOR-US: SNAP PAC S1 Firmware +CVE-2023-40709 (An adversary could crash the entire device by sending a large quantity ...) + NOT-FOR-US: SNAP PAC S1 Firmware +CVE-2023-40708 (The File Transfer Protocol (FTP) port is open by default in the SNAP P ...) + NOT-FOR-US: SNAP PAC S1 Firmware +CVE-2023-40707 (There are no requirements for setting a complex password in the built- ...) + NOT-FOR-US: SNAP PAC S1 Firmware +CVE-2023-40706 (There is no limit on the number of login attempts in the web server fo ...) + NOT-FOR-US: SNAP PAC S1 Firmware +CVE-2023-40371 (IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non- ...) + NOT-FOR-US: IBM +CVE-2023-39834 (PbootCMS below v3.2.0 was discovered to contain a command injection vu ...) + NOT-FOR-US: PbootCMS +CVE-2023-39801 (A lack of exception handling in the Renault Easy Link Multimedia Syste ...) + NOT-FOR-US: Renault Easy Link Multimedia System Software +CVE-2023-34973 (An insufficient entropy vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2023-34972 (A cleartext transmission of sensitive information vulnerability has be ...) + NOT-FOR-US: QNAP +CVE-2023-34971 (An inadequate encryption strength vulnerability has been reported to a ...) + NOT-FOR-US: QNAP +CVE-2023-34040 (In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and e ...) + NOT-FOR-US: Spring for Kafka +CVE-2023-32516 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32511 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32510 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31412 (The LMS5xx uses weak hash generation methods, resulting in the creatio ...) + NOT-FOR-US: SICK LMS5xx +CVE-2023-XXXX [tryton-server lack of record validation] + - tryton-server 6.0.34-1 + [bookworm] - tryton-server 6.0.29-2+deb12u1 + [bullseye] - tryton-server 5.0.33-2+deb11u2 + [buster] - tryton-server 5.0.4-2+deb10u2 + NOTE: https://discuss.tryton.org/t/security-release-for-issue-12428 +CVE-2023-4513 (BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to ...) + {DSA-5559-1} + - wireshark 4.0.8-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19259 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-25.html +CVE-2023-4512 (CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of serv ...) + {DSA-5559-1} + - wireshark 4.0.8-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19144 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-23.html +CVE-2023-4511 (BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 t ...) + {DSA-5559-1} + - wireshark 4.0.8-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19258 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-24.html +CVE-2023-4230 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) + NOT-FOR-US: Moxa +CVE-2023-4229 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) + NOT-FOR-US: Moxa +CVE-2023-4228 (A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4 ...) + NOT-FOR-US: Moxa +CVE-2023-4227 (A vulnerability has been identified in the ioLogik 4000 Series (ioLogi ...) + NOT-FOR-US: Moxa +CVE-2023-4042 (A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostsc ...) + - ghostscript (Red Hat specific packaging issue not including fix for CVE-2020-16305) +CVE-2023-41126 + REJECTED +CVE-2023-41125 + REJECTED +CVE-2023-41124 + REJECTED +CVE-2023-41123 + REJECTED +CVE-2023-41122 + REJECTED +CVE-2023-41028 (A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi route ...) + NOT-FOR-US: Juplink router +CVE-2023-40612 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file e ...) + NOT-FOR-US: OpenMNS +CVE-2023-40573 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-40572 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-40273 (The session fixation vulnerability allowed the authenticated user to c ...) + - airflow (bug #819700) +CVE-2023-40270 + REJECTED +CVE-2023-40185 (shescape is simple shell escape library for JavaScript. This may impac ...) + NOT-FOR-US: Node shescape +CVE-2023-40178 (Node-SAML is a SAML library not dependent on any frameworks that runs ...) + NOT-FOR-US: Node saml +CVE-2023-40177 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-40176 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-40035 (Craft is a CMS for creating custom digital experiences on the web and ...) + NOT-FOR-US: Craft CMS +CVE-2023-40025 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2023-3705 (The vulnerability exists in CP-Plus NVR due to an improper input handl ...) + NOT-FOR-US: CP-Plus NVR +CVE-2023-3704 (The vulnerability exists in CP-Plus DVR due to an improper input valid ...) + NOT-FOR-US: CP-Plus DVR +CVE-2023-3453 (ETIC Telecom RAS versions 4.7.0 and prior the web management portal au ...) + NOT-FOR-US: ETIC Telecom RAS +CVE-2023-39583 + REJECTED +CVE-2023-39441 (Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provide ...) + NOT-FOR-US: Apache Airflow SMTP Provider +CVE-2023-40477 + {DLA-3653-1 DLA-3543-1 DLA-3542-1} + - rar 2:6.23-1 + [bookworm] - rar 2:6.23-1~deb12u1 + [bullseye] - rar 2:6.23-1~deb11u1 + - unrar-nonfree 1:6.2.10-1 + [bookworm] - unrar-nonfree 1:6.2.6-1+deb12u1 + [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u3 + - libclamunrar 1.0.3-1 + [bookworm] - libclamunrar 1.0.3-1~deb12u1 + [bullseye] - libclamunrar 0.103.10-1~deb11u1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ + NOTE: https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa + NOTE: https://blog.clamav.net/2023/08/clamav-120-feature-version-and-111-102.html +CVE-2023-38831 (RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code w ...) + NOTE: RARLabs WinRAR +CVE-2023-38422 (Walchem Intuition 9 firmware versions prior to v4.21 are missing authe ...) + NOT-FOR-US: Walchem Intuition 9 firmware +CVE-2023-37379 (Apache Airflow, in versions prior to 2.7.0, contains a security vulner ...) + - airflow (bug #819700) +CVE-2023-36317 (Cross Site Scripting (XSS) vulnerability in sourcecodester Student Stu ...) + NOT-FOR-US: sourcecodester Student Study Center Desk Management System +CVE-2023-32509 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32505 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arsh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32498 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32497 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32300 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32202 (Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to ...) + NOT-FOR-US: Walchem Intuition 9 firmware +CVE-2023-32119 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3893 (A security issue was discovered in Kubernetes where a user that can c ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2023-3955 (A security issue was discovered in Kubernetes where a user that can c ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2023-3676 (A security issue was discovered in Kubernetes where a user that can c ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2023-3899 (A vulnerability was found in subscription-manager that allows local pr ...) + NOT-FOR-US: Red Hat Licence Manager +CVE-2023-4404 (The Donation Forms by Charitable plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Donation Forms by Charitable plugin for WordPress +CVE-2023-4041 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) +CVE-2023-41105 (An issue was discovered in Python 3.11 through 3.11.4. If a path conta ...) + - python3.12 3.12.0~rc1-2 + - python3.11 3.11.5-1 + [bookworm] - python3.11 (Minor issue) + - python3.10 (Vulnerable code introduced in 3.11.y) + - python3.9 (Vulnerable code introduced in 3.11.y) + - python3.7 (Vulnerable code introduced in 3.11.y) + - python2.7 (Vulnerable code introduced in 3.11.y) + NOTE: https://github.com/python/cpython/issues/106242 + NOTE: https://github.com/python/cpython/pull/107983 + NOTE: Backport for 3.12: https://github.com/python/cpython/pull/107981 + NOTE: Backport for 3.11: https://github.com/python/cpython/pull/107982 +CVE-2023-41104 (libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x befor ...) + NOT-FOR-US: libvmod-digest +CVE-2023-41100 (An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) ex ...) + NOT-FOR-US: TYPO3 extension +CVE-2023-41098 (An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsC ...) + NOT-FOR-US: MISP +CVE-2023-40370 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vuln ...) + NOT-FOR-US: IBM +CVE-2023-40282 (Improper authentication vulnerability in Rakuten WiFi Pocket all versi ...) + NOT-FOR-US: Rakuten WiFi Pocket +CVE-2023-40158 (Hidden functionality vulnerability in the CBC products allows a remote ...) + NOT-FOR-US: CBC digital video recorders +CVE-2023-40144 (OS command injection vulnerability in the CBC products allows a remote ...) + NOT-FOR-US: CBC digital video recorders +CVE-2023-3495 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...) + NOT-FOR-US: Hitachi +CVE-2023-39986 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Read vulnerability in Hi ...) + NOT-FOR-US: Hitachi +CVE-2023-39985 (** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in H ...) + NOT-FOR-US: Hitachi +CVE-2023-39984 (** UNSUPPORTED WHEN ASSIGNED ** Improper Restriction of Operations wit ...) + NOT-FOR-US: Hitachi +CVE-2023-39026 (Directory Traversal vulnerability in FileMage Gateway Windows Deployme ...) + NOT-FOR-US: FileMage Gateway Windows Deployments +CVE-2023-38734 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) + NOT-FOR-US: IBM +CVE-2023-38733 (IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 thro ...) + NOT-FOR-US: IBM +CVE-2023-38585 (Improper authentication vulnerability in the CBC products allows a rem ...) + NOT-FOR-US: CBC digital video recorders +CVE-2023-33850 (IBM GSKit-Crypto could allow a remote attacker to obtain sensitive inf ...) + NOT-FOR-US: IBM +CVE-2023-4475 (An Arbitrary File Movement vulnerability was found in ASUSTOR Data Mas ...) + NOT-FOR-US: ASUSTOR +CVE-2023-4303 (Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error m ...) + NOT-FOR-US: Jenkins Fortify Plugin +CVE-2023-4212 (A command injection vulnerability exists in Trane XL824, XL850, XL1050 ...) + NOT-FOR-US: Trane and Pivot thermostats +CVE-2023-3699 (An Improper Privilege Management vulnerability was found in ASUSTOR Da ...) + NOT-FOR-US: ASUSTOR +CVE-2023-39599 (Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows att ...) + NOT-FOR-US: CSZ CMS +CVE-2023-39141 (webui-aria2 commit 4fe2e was discovered to contain a path traversal vu ...) + NOT-FOR-US: webui-aria2 +CVE-2023-38996 (An issue in all versions of Douran DSGate allows a local authenticated ...) + NOT-FOR-US: Douran DSGate +CVE-2023-38909 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...) + NOT-FOR-US: TPLink +CVE-2023-38908 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...) + NOT-FOR-US: TPLink +CVE-2023-38906 (An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Applic ...) + NOT-FOR-US: TPLink +CVE-2023-38732 (IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allo ...) + NOT-FOR-US: IBM +CVE-2023-38668 (Stack-based buffer over-read in disasm in nasm 2.16 allows attackers t ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392811 + NOTE: Crash in CLI tool, no security impact +CVE-2023-38667 (Stack-based buffer over-read in function disasm in nasm 2.16 allows at ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392812 + NOTE: Crash in CLI tool, no security impact +CVE-2023-38666 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Bento4 +CVE-2023-38665 (Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows att ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392818 + NOTE: Crash in CLI tool, no security impact +CVE-2023-37440 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) + NOT-FOR-US: Aruba +CVE-2023-37439 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37438 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37437 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37436 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37435 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37434 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37433 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37432 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37431 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37430 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37429 (Multiple vulnerabilities in the web-based managementinterface of EdgeC ...) + NOT-FOR-US: Aruba +CVE-2023-37428 (A vulnerability in the EdgeConnect SD-WAN Orchestratorweb-based manage ...) + NOT-FOR-US: Aruba +CVE-2023-37427 (A vulnerability in the web-based management interface ofEdgeConnect SD ...) + NOT-FOR-US: Aruba +CVE-2023-37426 (EdgeConnect SD-WAN Orchestrator instances prior to theversions resolve ...) + NOT-FOR-US: Aruba +CVE-2023-37425 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) + NOT-FOR-US: Aruba +CVE-2023-37424 (A vulnerability in the web-based management interfaceof EdgeConnect SD ...) + NOT-FOR-US: Aruba +CVE-2023-37423 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) + NOT-FOR-US: Aruba +CVE-2023-37422 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) + NOT-FOR-US: Aruba +CVE-2023-37421 (Vulnerabilities in the web-based management interface of EdgeConnect S ...) + NOT-FOR-US: Aruba +CVE-2023-36281 (An issue in langchain v.0.0.171 allows a remote attacker to execute ar ...) + NOT-FOR-US: langchain +CVE-2023-34853 (Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b ...) + NOT-FOR-US: Supermicro motherboard X12DPG-QR +CVE-2022-48571 (memcached 1.6.7 allows a Denial of Service via multi-packet uploads in ...) + {DLA-3557-1} + - memcached 1.6.8+dfsg-1 + NOTE: Fixed by: https://github.com/memcached/memcached/commit/6b319c8c7a29e9c353dec83dc92f01905f6c8966 (1.6.8) +CVE-2022-48570 (Crypto++ through 8.4 contains a timing side channel in ECDSA signature ...) + - libcrypto++ + [bookworm] - libcrypto++ (Minor issue) + [bullseye] - libcrypto++ (Minor issue) + [buster] - libcrypto++ (Minor issue) + NOTE: Related issue: https://github.com/weidai11/cryptopp/issues/992 + NOTE: This issue exists because the CVE-2019-14318 fix was intentionally removed for + NOTE: functionality reasons. To fix the issue a rewrite of the rewrite the Integer class + NOTE: is required. +CVE-2022-48566 (An issue was discovered in compare_digest in Lib/hmac.py in Python thr ...) + {DLA-3614-1 DLA-3575-1} + - python3.9 3.9.1~rc1-1 + - python3.7 + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + NOTE: https://bugs.python.org/issue40791 + NOTE: https://github.com/python/cpython/commit/8183e11d87388e4e44e3242c42085b87a878f781 (v3.9.0b2) + NOTE: https://github.com/python/cpython/commit/c1bbca5b004b3f74d240ef8a76ff445cc1a27efb (v3.9.1rc1) + NOTE: https://github.com/python/cpython/commit/db95802bdfac4d13db3e2a391ec7b9e2f8d92dbe (v3.7.10) + NOTE: https://github.com/python/cpython/commit/8bef9ebb1b88cfa4b2a38b93fe4ea22015d8254a (v3.6.13) + NOTE: https://github.com/python/cpython/issues/84968 +CVE-2022-48565 (An XML External Entity (XXE) issue was discovered in Python through 3. ...) + {DLA-3614-1 DLA-3575-1} + - python3.9 3.9.1~rc1-1 + - python3.7 + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + NOTE: https://bugs.python.org/issue42051 + NOTE: https://github.com/python/cpython/issues/86217 + NOTE: https://github.com/python/cpython/commit/05ee790f4d1cd8725a90b54268fc1dfe5b4d1fa2 (v3.10.0a2) + NOTE: https://github.com/python/cpython/commit/479553c7c11306a09ce34edb6ef208133b7b95fe (v3.9.1rc1) + NOTE: https://github.com/python/cpython/commit/65894cac0835cb8f469f649e20aa1be8bf89f5ae (v3.8.7rc1) + NOTE: https://github.com/python/cpython/commit/e512bc799e3864fe3b1351757261762d63471efc (v3.7.10) + NOTE: https://github.com/python/cpython/commit/a158fb9c5138db94adf24fbc5690467cda811163 (v3.6.13) +CVE-2022-48564 (read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a po ...) + {DLA-3614-1} + - python3.9 3.9.1~rc1-1 + - python3.7 + - python2.7 (In 2.7, the plistlib parser only supports XML and not the affected binary format) + NOTE: https://bugs.python.org/issue42103 + NOTE: https://github.com/python/cpython/issues/86269 + NOTE: https://github.com/python/cpython/commit/34637a0ce21e7261b952fbd9d006474cc29b681f (v3.10.0a2) + NOTE: https://github.com/python/cpython/commit/e277cb76989958fdbc092bf0b2cb55c43e86610a (v3.9.1rc1) + NOTE: https://github.com/python/cpython/commit/547d2bcc55e348043b2f338027c1acd9549ada76 (v3.8.7rc1) + NOTE: https://github.com/python/cpython/commit/225e3659556616ad70186e7efc02baeebfeb5ec4 (v3.7.10) + NOTE: https://github.com/python/cpython/commit/a63234c49b2fbfb6f0aca32525e525ce3d43b2b4 (v3.6.13) +CVE-2022-48560 (A use-after-free exists in Python through 3.9 via heappushpop in heapq ...) + {DLA-3614-1 DLA-3575-1} + - python3.9 (Fixed before initial upload to the archive) + - python3.7 3.7.7-1 + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + NOTE: https://bugs.python.org/issue39421 + NOTE: https://github.com/python/cpython/issues/83602 + NOTE: https://github.com/python/cpython/commit/79f89e6e5a659846d1068e8b1bd8e491ccdef861 (v3.9.0a3) + NOTE: https://github.com/python/cpython/commit/993811ffe75c2573f97fb3fd1414b34609b8c8db (v3.8.2rc1) + NOTE: https://github.com/python/cpython/commit/958064f8d2b84062b0582bbae911df8ccfc11fd6 (v3.7.7rc1) + NOTE: https://github.com/python/cpython/commit/c563f409ea30bcb0623d785428c9257917371b76 (v3.6.11rc1) +CVE-2022-48554 (File before 5.43 has an stack-based buffer over-read in file_copystr i ...) + {DSA-5489-1} + - file 1:5.44-1 + [buster] - file (vulnerable code introduced later) + NOTE: https://bugs.astron.com/view.php?id=310 + NOTE: Fixed by: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 (FILE5_42) +CVE-2022-48547 (A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g a ...) + - cacti 0.8.7i-1 + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h) + NOTE: Duplicate CVE assignment for CVE-2021-26247 +CVE-2022-48545 (An infinite recursion in Catalog::findDestInTree can cause denial of s ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-48541 (A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote att ...) + - imagemagick 8:6.9.11.57+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/2889 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/004194253242af71adf5b70e151a7e89bb776eee (6.9.11-46) +CVE-2022-48538 (In Cacti 1.2.19, there is an authentication bypass in the web login fu ...) + - cacti 1.2.23+ds1-1 (unimportant) + NOTE: https://github.com/Cacti/cacti/issues/5189 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/9b53889c340031be67b62006a516e847b3793dcb (release/1.2.23) + NOTE: Only an issue when running with PHP8.2. +CVE-2022-48522 (In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based c ...) + - perl 5.36.0-4 (unimportant) + [bullseye] - perl (Vulnerable code introduced later) + [buster] - perl (Vulnerable code introduced later) + NOTE: Might be related to https://bugs.launchpad.net/ubuntu/+source/perl/+bug/2032667 + NOTE: which is just a infinite recursion exhausting the stack, with negligible security + NOTE: impact. + NOTE: https://github.com/Perl/perl5/issues/19147 + NOTE: Fixed by: https://github.com/Perl/perl5/commit/23cca2d1f4544cb47f1124d98c308ce1f31f09a6 (v5.35.5) +CVE-2023-XXXX [RUSTSEC-2023-0053: rustls-webpki: CPU denial of service in certificate path building] + - rust-rustls-webpki 0.104.4-1 (bug #1050298) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0053.html + NOTE: https://github.com/briansmith/webpki/issues/69 +CVE-2023-XXXX [RUSTSEC-2023-0052 webpki: CPU denial of service in certificate path building] + - rust-webpki 0.22.1-1 (bug #1050299) + [bookworm] - rust-webpki (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0052.html + NOTE: https://github.com/briansmith/webpki/issues/69 +CVE-2023-32184 (A Insecure Storage of Sensitive Information vulnerability in openSUSE ...) + NOT-FOR-US: OpenSUSE-welcome +CVE-2023-4456 (A flaw was found in openshift-logging LokiStack. The key used for cach ...) + NOT-FOR-US: LokiStack +CVE-2023-4455 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) + NOT-FOR-US: Wallabag +CVE-2023-4454 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) + NOT-FOR-US: Wallabag +CVE-2023-4453 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-4417 (Improper access controls in the entry duplication component in Devolut ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-4373 (Inadequate validation of permissions when employing remote tools and m ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-40735 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: BUTTERFLY BUTTON +CVE-2023-40352 (McAfee Safe Connect before 2.16.1.126 may allow an adversary with syst ...) + NOT-FOR-US: McAfee +CVE-2023-40068 (Cross-site scripting vulnerability in Advanced Custom Fields versions ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3954 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3936 (The Blog2Social WordPress plugin before 7.2.1 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3667 (The Bit Assist WordPress plugin before 1.1.9 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3604 (The Change WP Admin Login WordPress plugin before 1.1.4 discloses the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3481 (Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, w ...) + NOT-FOR-US: Critters +CVE-2023-3366 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39939 (SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (My ...) + NOT-FOR-US: LuxCal Web Calendar +CVE-2023-39660 (An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a rem ...) + NOT-FOR-US: Gaberiele Venturi pandasai +CVE-2023-39543 (Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2 ...) + NOT-FOR-US: LuxCal Web Calendar +CVE-2023-39106 (An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows ...) + NOT-FOR-US: Nacos Group Nacos Spring Project +CVE-2023-39094 (Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 all ...) + NOT-FOR-US: ZeroWdd studentmanager +CVE-2023-39061 (Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-38976 (An issue in weaviate v.1.20.0 allows a remote attacker to cause a deni ...) + NOT-FOR-US: weaviate +CVE-2023-38961 (Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0 ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5092 +CVE-2023-38899 (SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local ...) + NOT-FOR-US: berkaygediz O_Blog +CVE-2023-38836 (File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker ...) + NOT-FOR-US: BoidCMS +CVE-2023-38158 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38035 (A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sen ...) + NOT-FOR-US: Ivanti +CVE-2023-36787 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-31447 (user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all ...) + NOT-FOR-US: Draytek Vigor2620 devices +CVE-2023-4459 (A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in dri ...) + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd (5.18) +CVE-2023-4450 (A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has ...) + NOT-FOR-US: jeecgboot JimuReport +CVE-2023-4449 (A vulnerability was found in SourceCodester Free and Open Source Inven ...) + NOT-FOR-US: SourceCodester +CVE-2023-4448 (A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified a ...) + NOT-FOR-US: RapidCMS +CVE-2023-4447 (A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classif ...) + NOT-FOR-US: RapidCMS +CVE-2023-4446 (A vulnerability, which was classified as critical, was found in OpenRa ...) + NOT-FOR-US: RapidCMS +CVE-2023-4445 (A vulnerability, which was classified as critical, has been found in M ...) + NOT-FOR-US: Mini-Tmall +CVE-2023-4444 (A vulnerability classified as critical was found in SourceCodester Fre ...) + NOT-FOR-US: SourceCodester +CVE-2023-4443 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2023-4442 (A vulnerability was found in SourceCodester Free Hospital Management S ...) + NOT-FOR-US: SourceCodester +CVE-2023-4441 (A vulnerability was found in SourceCodester Free Hospital Management S ...) + NOT-FOR-US: SourceCodester +CVE-2023-4440 (A vulnerability was found in SourceCodester Free Hospital Management S ...) + NOT-FOR-US: SourceCodester +CVE-2023-4439 (A vulnerability was found in SourceCodester Card Holder Management Sys ...) + NOT-FOR-US: SourceCodester +CVE-2023-4438 (A vulnerability has been found in SourceCodester Inventory Management ...) + NOT-FOR-US: SourceCodester +CVE-2023-4437 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester +CVE-2023-4436 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2023-39809 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a comm ...) + NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG +CVE-2023-39808 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hard ...) + NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG +CVE-2023-39807 (N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL ...) + NOT-FOR-US: N.V.K.INTER CO., LTD. (NVK) iBSG +CVE-2023-39786 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2023-39785 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2023-39784 (Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2023-39751 (TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via ...) + NOT-FOR-US: TP-Link +CVE-2023-39750 (D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: D-Link +CVE-2023-39749 (D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: D-Link +CVE-2023-39748 (An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N ...) + NOT-FOR-US: TP-Link +CVE-2023-39747 (TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discov ...) + NOT-FOR-US: TP-Link +CVE-2023-39745 (TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 w ...) + NOT-FOR-US: TP-Link +CVE-2023-39618 (TOTOLINK X5000R B20210419 was discovered to contain a remote code exec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-39617 (TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B2023 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-4451 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-4435 (Improper Input Validation in GitHub repository hamza417/inure prior to ...) + NOT-FOR-US: hamza417/inure +CVE-2023-4434 (Missing Authorization in GitHub repository hamza417/inure prior to bui ...) + NOT-FOR-US: hamza417/inure +CVE-2023-40711 (Veilid before 0.1.9 does not check the size of uncompressed data durin ...) + NOT-FOR-US: Veilid +CVE-2023-37250 (Unity Parsec has a TOCTOU race condition that permits local attackers ...) + NOT-FOR-US: Unity Parsec +CVE-2023-4433 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-4432 (Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-4431 (Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5 ...) + {DSA-5483-1} + - chromium 116.0.5845.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4430 (Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allo ...) + {DSA-5483-1} + - chromium 116.0.5845.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4429 (Use after free in Loader in Google Chrome prior to 116.0.5845.110 allo ...) + {DSA-5483-1} + - chromium 116.0.5845.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4428 (Out of bounds memory access in CSS in Google Chrome prior to 116.0.584 ...) + {DSA-5483-1} + - chromium 116.0.5845.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4427 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...) + {DSA-5483-1} + - chromium 116.0.5845.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-40175 (Puma is a Ruby/Rack web server built for parallelism. Prior to version ...) + - puma 5.6.7-1 (bug #1050079) + [bookworm] - puma (Minor issue) + [bullseye] - puma (Minor issue) + [buster] - puma (invasive to backport) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8 + NOTE: https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a (master) + NOTE: https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1 (v6.3.1) + NOTE: https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662 (v5.6.7) +CVE-2023-40174 (Social media skeleton is an uncompleted/framework social media project ...) + NOT-FOR-US: social-media-skeleton +CVE-2023-40173 (Social media skeleton is an uncompleted/framework social media project ...) + NOT-FOR-US: social-media-skeleton +CVE-2023-40172 (Social media skeleton is an uncompleted/framework social media project ...) + NOT-FOR-US: social-media-skeleton +CVE-2023-40037 (Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in ...) + NOT-FOR-US: Apache NiFi +CVE-2023-38839 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote ...) + NOT-FOR-US: Kidus Minimati +CVE-2023-2971 (Improper path handling in Typora before 1.7.0-dev on Windows and Linux ...) + NOT-FOR-US: Typora +CVE-2023-4422 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-4415 (A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has b ...) + NOT-FOR-US: Ruijie +CVE-2023-4414 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-4413 + REJECTED +CVE-2023-4412 (A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B2020102 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-4411 (A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20 ...) + NOT-FOR-US: TOTOLINK +CVE-2023-4410 (A vulnerability, which was classified as critical, was found in TOTOLI ...) + NOT-FOR-US: TOTOLINK +CVE-2023-4409 (A vulnerability, which was classified as critical, has been found in N ...) + NOT-FOR-US: NBS&HappySoftWeChat +CVE-2023-4407 (A vulnerability classified as critical was found in Codecanyon Credit ...) + NOT-FOR-US: Codecanyon Credit Lite +CVE-2023-40072 (OS command injection vulnerability in WAB-S600-PS all versions, and WA ...) + NOT-FOR-US: WAB-S600-PS +CVE-2023-40069 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + NOT-FOR-US: ELECOM wireless LAN routers +CVE-2023-39944 (OS command injection vulnerability in WRC-F1167ACF all versions, and W ...) + NOT-FOR-US: WRC-F1167ACF +CVE-2023-39455 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + NOT-FOR-US: ELECOM wireless LAN routers +CVE-2023-39454 (Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC- ...) + NOT-FOR-US: WRC-X1800GS-B +CVE-2023-39445 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) + NOT-FOR-US: LAN-WH300N/RE +CVE-2023-39416 (Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gatew ...) + NOT-FOR-US: Proself Enterprise/Standard Edition +CVE-2023-39415 (Improper authentication vulnerability in Proself Enterprise/Standard E ...) + NOT-FOR-US: Proself Enterprise/Standard Edition +CVE-2023-38911 (A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows att ...) + NOT-FOR-US: CSZ CMS +CVE-2023-38910 (CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allow ...) + NOT-FOR-US: CSZ CMS +CVE-2023-38890 (Online Shopping Portal Project 3.1 allows remote attackers to execute ...) + NOT-FOR-US: Online Shopping Portal Project +CVE-2023-38576 (Hidden functionality vulnerability in LAN-WH300N/RE all versions provi ...) + NOT-FOR-US: LAN-WH300N/RE +CVE-2023-38132 (LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an i ...) + NOT-FOR-US: LAN-W451NGR +CVE-2023-35991 (Hidden functionality vulnerability in LOGITEC wireless LAN routers all ...) + NOT-FOR-US: LOGITEC wireless LAN routers +CVE-2023-32626 (Hidden functionality vulnerability in LAN-W300N/RS all versions, and L ...) + NOT-FOR-US: LAN-W300N/PR5 +CVE-2023-32130 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dani ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32122 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32109 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32108 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32107 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Ga ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32106 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32105 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32103 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4040 (The Stripe Payment Plugin for WooCommerce plugin for WordPress is vuln ...) + NOT-FOR-US: Stripe Payment Plugin for WooCommerce plugin for WordPress +CVE-2023-40171 (Dispatch is an open source security incident management tool. The serv ...) + NOT-FOR-US: Netflix Dispatch +CVE-2023-39674 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) + NOT-FOR-US: D-Link +CVE-2023-39673 (Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-39672 (Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-39671 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overfl ...) + NOT-FOR-US: D-Link +CVE-2023-39670 (Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffe ...) + NOT-FOR-US: Tenda +CVE-2023-39669 (D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer ...) + NOT-FOR-US: D-Link +CVE-2023-39668 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + NOT-FOR-US: D-Link +CVE-2023-39667 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + NOT-FOR-US: D-Link +CVE-2023-39666 (D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contai ...) + NOT-FOR-US: D-Link +CVE-2023-39665 (D-Link DIR-868L fw_revA_1-12_eu_multi_20170316 was discovered to conta ...) + NOT-FOR-US: D-Link +CVE-2023-39125 (NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in load ...) + NOT-FOR-US: NTSC-CRT +CVE-2023-31492 (Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-4394 (A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/ ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9ea0106a7a3d8116860712e3f17cd52ce99f6707 (6.0-rc3) +CVE-2023-4030 (A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen ...) + NOT-FOR-US: Lenovo +CVE-2023-4029 (A buffer overflow has been identified in the BoardUpdateAcpiDxe driver ...) + NOT-FOR-US: Lenovo +CVE-2023-4028 (A buffer overflow has been identified in the SystemUserMasterHddPwdDxe ...) + NOT-FOR-US: Lenovo +CVE-2023-40315 (In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related ...) + NOT-FOR-US: OpenMNS +CVE-2023-40313 (A BeanShell interpreter in remote server mode runs in OpenMNS Horizon ...) + NOT-FOR-US: OpenMNS +CVE-2023-40272 (Apache Airflow Spark Provider, versions before 4.1.3, is affected by a ...) + NOT-FOR-US: Apache Airflow Spark Provider +CVE-2023-40168 (TurboWarp is a desktop application that compiles scratch projects to J ...) + NOT-FOR-US: TurboWarp +CVE-2023-40165 (rubygems.org is the Ruby community's primary gem (library) hosting ser ...) + NOT-FOR-US: rubygems/rubygems.org +CVE-2023-3698 (Printer service fails to adequately handle user input, allowing an rem ...) + NOT-FOR-US: ASUSTOR +CVE-2023-3697 (Printer service fails to adequately handle user input, allowing an rem ...) + NOT-FOR-US: ASUSTOR +CVE-2023-3078 (An uncontrolled search path vulnerability was reported in the Lenovo U ...) + NOT-FOR-US: Lenovo +CVE-2023-39974 (Exposure of Sensitive Information vulnerability in AcyMailing Enterpri ...) + NOT-FOR-US: Joomla component +CVE-2023-39973 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...) + NOT-FOR-US: Joomla component +CVE-2023-39972 (Improper Access Control vulnerability in AcyMailing Enterprise compone ...) + NOT-FOR-US: Joomla component +CVE-2023-39971 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) + NOT-FOR-US: Joomla component +CVE-2023-39970 (Unrestricted Upload of File with Dangerous Type vulnerability in AcyMa ...) + NOT-FOR-US: Joomla component +CVE-2023-39743 (lrzip-next LZMA v23.01 was discovered to contain an access violation v ...) + - lrzip-next (bug #1042088) +CVE-2023-39741 (lrzip v0.651 was discovered to contain a heap overflow via the libzpaq ...) + - lrzip + [bookworm] - lrzip (Minor issue) + [bullseye] - lrzip (Minor issue) + [buster] - lrzip (Minor issue) + NOTE: https://github.com/ckolivas/lrzip/issues/246 +CVE-2023-38905 (SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a ...) + NOT-FOR-US: JeecgBoot +CVE-2023-38902 (A command injection vulnerability in RG-EW series home routers and rep ...) + NOT-FOR-US: RG-EW +CVE-2023-38843 (An issue in Atlos v.1.0 allows an authenticated attacker to execute ar ...) + NOT-FOR-US: Atlos +CVE-2023-38838 (SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote ...) + NOT-FOR-US: Kidus Minimati +CVE-2023-37914 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-36847 (A Missing Authentication for Critical Function vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-36846 (A Missing Authentication for Critical Function vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-36845 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...) + NOT-FOR-US: Juniper +CVE-2023-36844 (A PHP External Variable Modification vulnerability in J-Web of Juniper ...) + NOT-FOR-US: Juniper +CVE-2023-36106 (An incorrect access control vulnerability in powerjob 4.3.2 and earlie ...) + NOT-FOR-US: powerjob +CVE-2023-34419 (A buffer overflow has been identified in the SetupUtility driver in so ...) + NOT-FOR-US: Lenovo +CVE-2023-34412 (A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX ...) + NOT-FOR-US: Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices +CVE-2023-31946 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31945 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31944 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31943 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31942 (Cross Site Scripting vulnerability found in Online Travel Agency Syste ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31941 (File Upload vulnerability found in Online Travel Agency System v.1.0 a ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31940 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31939 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-31938 (SQL injection vulnerability found in Online Travel Agency System v.1.0 ...) + NOT-FOR-US: Online Travel Agency System +CVE-2023-2917 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2915 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2914 (The Rockwell Automation Thinmanager Thinserver is impacted by an impro ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2910 (Improper neutralization of special elements used in a command ('Comman ...) + NOT-FOR-US: ASUSTOR +CVE-2023-4395 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-4392 (A vulnerability was found in Control iD Gerencia Web 1.30 and classifi ...) + NOT-FOR-US: Control iD Gerencia Web +CVE-2023-40281 (EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerabili ...) + NOT-FOR-US: EC-CUBE +CVE-2023-40252 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + NOT-FOR-US: Genians +CVE-2023-40251 (Missing Encryption of Sensitive Data vulnerability in Genians Genian N ...) + NOT-FOR-US: Genians +CVE-2023-40034 (Woodpecker is a community fork of the Drone CI system. In affected ver ...) + NOT-FOR-US: Woodpecker +CVE-2023-40033 (Flarum is an open source forum software. Flarum is affected by a vulne ...) + NOT-FOR-US: Flarum +CVE-2023-40021 (Oppia is an online learning platform. When comparing a received CSRF t ...) + NOT-FOR-US: Oppia +CVE-2023-3244 (The Comments Like Dislike plugin for WordPress is vulnerable to unauth ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39846 (An issue in Konga v0.14.9 allows attackers to bypass authentication vi ...) + NOT-FOR-US: Konga +CVE-2023-38894 (A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before all ...) + NOT-FOR-US: Cronvel Tree-kit +CVE-2023-35893 (IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2023-35011 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to serve ...) + NOT-FOR-US: IBM +CVE-2023-35009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2023-34217 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) + NOT-FOR-US: Moxa +CVE-2023-34216 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) + NOT-FOR-US: Moxa +CVE-2023-34215 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to the ...) + NOT-FOR-US: Moxa +CVE-2023-34214 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) + NOT-FOR-US: Moxa +CVE-2023-34213 (TN-5900 Series firmware versions v3.3 and prior are vulnerable to comm ...) + NOT-FOR-US: Moxa +CVE-2023-33239 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) + NOT-FOR-US: Moxa +CVE-2023-33238 (TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series f ...) + NOT-FOR-US: Moxa +CVE-2023-33237 (TN-5900 Series firmware version v3.3 and prior is vulnerable to improp ...) + NOT-FOR-US: Moxa +CVE-2023-4389 (A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the bt ...) + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/168a2f776b9762f4021421008512dd7ab7474df1 (5.18-rc3) +CVE-2023-4387 (A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/ ...) + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/9e7fef9521e73ca8afd7da9e58c14654b02dfad8 (5.18) +CVE-2023-4385 (A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap ...) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/0d4837fdb796f99369cf7691d33de1b856bcaf1f (5.19-rc1) +CVE-2023-4384 (A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.1 ...) + NOT-FOR-US: MaximaTech Portal Executivo +CVE-2023-4383 (A vulnerability, which was classified as critical, was found in MicroW ...) + NOT-FOR-US: MicroWorld eScan Anti-Virus +CVE-2023-4382 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Hyip Rio +CVE-2023-4381 (Unverified Password Change in GitHub repository instantsoft/icms2 prio ...) + NOT-FOR-US: icms2 +CVE-2023-4241 (lol-html can cause panics on certain HTML inputs. Anyone processing ar ...) + NOT-FOR-US: lol-html +CVE-2023-4204 (NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected ...) + NOT-FOR-US: NPort IAW5000A-I/O Series firmware +CVE-2023-39975 (kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a ...) + - krb5 (Vulnerable code not present) + NOTE: https://github.com/krb5/krb5/pull/1312 + NOTE: Introduced by: https://github.com/krb5/krb5/commit/a9705a1e0b2cf0cde3e6f8dee14c25ffc074c00a (krb5-1.21-beta1) + NOTE: Fixed by: https://github.com/krb5/krb5/commit/88a1701b423c13991a8064feeb26952d3641d840 +CVE-2023-39507 (Improper authorization in the custom URL scheme handler in "Rikunabi N ...) + NOT-FOR-US: "Rikunabi NEXT" App for Android +CVE-2023-39250 (Dell Storage Integration Tools for VMware (DSITV) and Dell Storage vSp ...) + NOT-FOR-US: Dell +CVE-2023-39115 (install/aiz-uploader/upload in Campcodes Online Matrimonial Website Sy ...) + NOT-FOR-US: Campcodes Online Matrimonial Website System +CVE-2023-38904 (A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 a ...) + NOT-FOR-US: Netlify CMS +CVE-2023-38737 (IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is ...) + NOT-FOR-US: IBM +CVE-2023-33663 (In the module \u201cCustomization fields fee for your store\u201d (aic ...) + NOT-FOR-US: PrestaShop module +CVE-2023-32495 (Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive i ...) + NOT-FOR-US: Dell +CVE-2023-32494 (Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of i ...) + NOT-FOR-US: Dell +CVE-2023-32493 (Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass ...) + NOT-FOR-US: Dell +CVE-2023-32492 (Dell PowerScale OneFS 9.5.0.x contains an incorrect default permission ...) + NOT-FOR-US: Dell +CVE-2023-32491 (Dell PowerScale OneFS 9.5.0.x, contains an insertion of sensitive info ...) + NOT-FOR-US: Dell +CVE-2023-32490 (Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege manage ...) + NOT-FOR-US: Dell +CVE-2023-32489 (Dell PowerScale OneFS 8.2x -9.5x contains a privilege escalation vulne ...) + NOT-FOR-US: Dell +CVE-2023-32488 (Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosu ...) + NOT-FOR-US: Dell +CVE-2023-32487 (Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privi ...) + NOT-FOR-US: Dell +CVE-2023-32486 (Dell PowerScale OneFS 9.5.x version contain a privilege escalation vul ...) + NOT-FOR-US: Dell +CVE-2023-32453 (Dell BIOS contains an improper authentication vulnerability. A malicio ...) + NOT-FOR-US: Dell +CVE-2023-2737 (Improper log permissions in SafeNet Authentication ServiceVersion 3.4. ...) + NOT-FOR-US: SafeNet Authentication ServiceVersion +CVE-2023-4302 (A missing permission check in Jenkins Fortify Plugin 22.1.38 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-4301 (A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40351 (A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40350 (Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values re ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40349 (Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an optio ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40348 (The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provide ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40347 (Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40346 (Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortc ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40345 (Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40344 (A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40343 (Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-con ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40342 (Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JU ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40341 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40340 (Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40339 (Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier d ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40338 (Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an err ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40337 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-40336 (A cross-site request forgery (CSRF) vulnerability in Jenkins Folders P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-4374 (The WP Remote Users Sync plugin for WordPress is vulnerable to unautho ...) + NOT-FOR-US: WP Remote Users Sync plugin for WordPress +CVE-2023-3958 (The WP Remote Users Sync plugin for WordPress is vulnerable to Server ...) + NOT-FOR-US: WP Remote Users Sync plugin for WordPress +CVE-2023-39852 (Doctormms v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Doctormms +CVE-2023-39851 (webchess v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: webchess +CVE-2023-39850 (Schoolmate v1.3 was discovered to contain multiple SQL injection vulne ...) + NOT-FOR-US: Schoolmate +CVE-2023-39849 + REJECTED +CVE-2023-39848 + REJECTED +CVE-2023-4371 (A vulnerability was found in phpRecDB 1.3.1. It has been rated as prob ...) + NOT-FOR-US: phpRecDB +CVE-2023-4369 (Insufficient data validation in Systems Extensions in Google Chrome on ...) + NOT-FOR-US: Systems Extensions in Google Chrome on ChromeOS +CVE-2023-4368 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4367 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4366 (Use after free in Extensions in Google Chrome prior to 116.0.5845.96 a ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4365 (Inappropriate implementation in Fullscreen in Google Chrome prior to 1 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4364 (Inappropriate implementation in Permission Prompts in Google Chrome pr ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4363 (Inappropriate implementation in WebShare in Google Chrome on Android p ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4362 (Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4361 (Inappropriate implementation in Autofill in Google Chrome on Android p ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4360 (Inappropriate implementation in Color in Google Chrome prior to 116.0. ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4359 (Inappropriate implementation in App Launcher in Google Chrome on iOS p ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4358 (Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4357 (Insufficient validation of untrusted input in XML in Google Chrome pri ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4356 (Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowe ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4355 (Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4354 (Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 a ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4353 (Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4352 (Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4351 (Use after free in Network in Google Chrome prior to 116.0.5845.96 allo ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4350 (Inappropriate implementation in Fullscreen in Google Chrome on Android ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4349 (Use after free in Device Trust Connectors in Google Chrome prior to 11 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4345 (Broadcom RAID Controller web interface is vulnerable client-side contr ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4344 (Broadcom RAID Controller web interface is vulnerable to insufficient r ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4343 (Broadcom RAID Controller web interface is vulnerable due to exposure o ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4342 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4341 (Broadcom RAID Controller is vulnerable to Privilege escalation to root ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4340 (Broadcom RAID Controller is vulnerable to Privilege escalation by taki ...) + NOT-FOR-US: Broadcom RAID Controller +CVE-2023-4339 (Broadcom RAID Controller web interface is vulnerable to exposure of pr ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4338 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4337 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4336 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4335 (Broadcom RAID Controller Web server (nginx) is serving private server- ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4334 (Broadcom RAID Controller Web server (nginx) is serving private files w ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4333 (Broadcom RAID Controller web interface doesn\u2019t enforce SSL cipher ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4332 (Broadcom RAID Controller web interface is vulnerable due to Improper p ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4331 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4330 + REJECTED +CVE-2023-4329 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4328 (Broadcom RAID Controller web interface is vulnerable to exposure of s ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4327 (Broadcom RAID Controller web interface is vulnerable to exposure of se ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4326 (Broadcom RAID Controller web interface is vulnerable has an insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4325 (Broadcom RAID Controller web interface is vulnerable due to usage of L ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4324 (Broadcom RAID Controller web interface is vulnerable due to insecure d ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-4323 (Broadcom RAID Controller web interface is vulnerable to improper sessi ...) + NOT-FOR-US: Broadcom RAID Controller web interface +CVE-2023-40028 (Ghost is an open source content management system. Versions prior to 5 ...) + NOT-FOR-US: Ghost CMS +CVE-2023-40027 (Keystone is an open source headless CMS for Node.js \u2014 built with ...) + NOT-FOR-US: Keystone CMS +CVE-2023-39843 (Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1 ...) + NOT-FOR-US: Suleve 5-in-1 Smart Door Lock +CVE-2023-39842 (Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Securit ...) + NOT-FOR-US: Digoo DG-HAMB Smart Home Security +CVE-2023-39841 (Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock ...) + NOT-FOR-US: Etekcity 3-in-1 Smart Door Lock +CVE-2023-39662 (An issue in llama_index v.0.7.13 and before allows a remote attacker t ...) + NOT-FOR-US: llama_index +CVE-2023-39661 (An issue in pandas-ai v.0.9.1 and before allows a remote attacker to e ...) + NOT-FOR-US: pandas-ai +CVE-2023-39659 (An issue in langchain langchain-ai v.0.0.232 and before allows a remot ...) + NOT-FOR-US: langchain-ai +CVE-2023-39438 (A missing authorization check allows an arbitrary authenticated user t ...) + NOT-FOR-US: cla-assistant +CVE-2023-38916 (SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote ...) + NOT-FOR-US: eVotingSystem-PHP +CVE-2023-38915 (File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote ...) + NOT-FOR-US: Wolf-leo EasyAdmin8 +CVE-2023-38898 (An issue in Python cpython v.3.7 allows an attacker to obtain sensitiv ...) + - python3.12 3.12.0~b4-1 + - python3.11 (Vulnerable code not present) + - python3.10 (Vulnerable code not present) + - python3.9 (Vulnerable code not present) + - python3.7 (Vulnerable code not present) + - python2.7 (Vulnerable code not present) + NOTE: Introduced in https://github.com/python/cpython/commit/a474e04388c2ef6aca75c26cb70a1b6200235feb (v3.12.0b1) + NOTE: https://github.com/python/cpython/commit/9e6f8d46150c1a0af09d68ce63c603cf321994aa (v3.12.0b4) + NOTE: https://github.com/python/cpython/issues/105987 +CVE-2023-38896 (An issue in Harrison Chase langchain v.0.0.194 and before allows a rem ...) + NOT-FOR-US: Harrison Chase langchain +CVE-2023-38889 (An issue in Alluxio v.2.9.3 and before allows an attacker to execute a ...) + NOT-FOR-US: Alluxio +CVE-2023-38866 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...) + NOT-FOR-US: COMFAST +CVE-2023-38865 (COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected ...) + NOT-FOR-US: COMFAST +CVE-2023-38864 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) + NOT-FOR-US: COMFAST +CVE-2023-38863 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) + NOT-FOR-US: COMFAST +CVE-2023-38862 (An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbi ...) + NOT-FOR-US: COMFAST +CVE-2023-38861 (An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote a ...) + NOT-FOR-US: Wavlink +CVE-2023-38860 (An issue in LangChain v.0.0.231 allows a remote attacker to execute ar ...) + NOT-FOR-US: LangChain +CVE-2023-38858 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...) + - faad2 2.11.0-1 (bug #1050095) + [bookworm] - faad2 (Minor issue) + [bullseye] - faad2 (Minor issue) + [buster] - faad2 (recheck when fixed upstream) + NOTE: https://github.com/knik0/faad2/issues/173 + NOTE: Fixed by: https://github.com/knik0/faad2/commit/c65ae2904192965e7c9fcafe8c1ae5fa0649eea4 (2.11.0) +CVE-2023-38857 (Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacke ...) + - faad2 2.11.0-1 (bug #1050094) + [bookworm] - faad2 (Minor issue) + [bullseye] - faad2 (Minor issue) + [buster] - faad2 (recheck when fixed upstream) + NOTE: https://github.com/knik0/faad2/issues/171 + NOTE: Fixed by: https://github.com/knik0/faad2/commit/b02a9ee5bf071fa92563536c076a69dbec814e7e (2.11.0) +CVE-2023-38856 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#4) + NOTE: Negligible security impact +CVE-2023-38855 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#6) + NOTE: Negligible security impact +CVE-2023-38854 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#5) + NOTE: Negligible security impact +CVE-2023-38853 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#1) + NOTE: Negligible security impact +CVE-2023-38852 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#3) + NOTE: Negligible security impact +CVE-2023-38851 (Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacke ...) + - r-cran-readxl (unimportant) + NOTE: https://github.com/libxls/libxls/issues/124 (#2) + NOTE: Negligible security impact +CVE-2023-38850 (Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an ...) + NOT-FOR-US: Codedoc +CVE-2023-38840 (Bitwarden Desktop 2023.7.0 and below allows an attacker with local acc ...) + NOT-FOR-US: Bitwarden +CVE-2023-38402 (A vulnerability in the HPE Aruba Networking Virtual IntranetAccess (VI ...) + NOT-FOR-US: HPE +CVE-2023-38401 (A vulnerability in the HPE Aruba Networking Virtual Intranet Access (V ...) + NOT-FOR-US: HPE +CVE-2023-35082 (An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, ...) + NOT-FOR-US: Ivanti +CVE-2023-2916 (The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive ...) + NOT-FOR-US: InfiniteWP Client plugin for WordPress +CVE-2023-4347 (Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/l ...) + NOT-FOR-US: LibreNMS +CVE-2023-4308 (The User Submitted Posts plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-40518 (LiteSpeed OpenLiteSpeed before 1.7.18 does not strictly validate HTTP ...) + NOT-FOR-US: LiteSpeed OpenLiteSpeed +CVE-2023-40453 (Docker Machine through 0.16.2 allows an attacker, who has control of a ...) + NOT-FOR-US: Docker Machine +CVE-2023-40013 (SVG Loader is a javascript library that fetches SVGs using XMLHttpRequ ...) + NOT-FOR-US: SVG Loader +CVE-2023-39829 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-39828 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-39827 (Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-38687 (Svelecte is a flexible autocomplete/select component written in Svelte ...) + NOT-FOR-US: Svelecte +CVE-2023-35689 (In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-32358 (A type confusion issue was addressed with improved checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-4322 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1051898) + NOTE: https://github.com/radareorg/radare2/commit/ba919adb74ac368bf76b150a00347ded78b572dd + NOTE: https://huntr.dev/bounties/06e2484c-d6f1-4497-af67-26549be9fffd +CVE-2023-4321 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-40360 (QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive i ...) + - qemu 1:8.0.4+dfsg-2 (bug #1050140) + [bookworm] - qemu (Vulnerable code intoduced later) + [bullseye] - qemu (Vulnerable code intoduced later) + [buster] - qemu (Vulnerable code intoduced later) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1815 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 (v8.1.0-rc3) +CVE-2023-40359 (xterm before 380 supports ReGIS reporting for character-set names even ...) + - xterm 382-2 (unimportant) + NOTE: https://invisible-island.net/xterm/xterm.log.html#xterm_380 + NOTE: ReGIS support not enabled in Debian builds +CVE-2023-40354 (An issue was discovered in MariaDB MaxScale before 23.02.3. A user ent ...) + NOT-FOR-US: Maxscale +CVE-2023-40312 (Multiple reflected XSS were found on different JSP files with unsaniti ...) + NOT-FOR-US: OpenMNS +CVE-2023-40311 (Multiple stored XSS were found on different JSP files with unsanitized ...) + NOT-FOR-US: OpenMNS +CVE-2023-40024 (ScanCode.io is a server to script and automate software composition an ...) + NOT-FOR-US: ScanCode.io +CVE-2023-40023 (yaklang is a programming language designed for cybersecurity. The Yak ...) + NOT-FOR-US: yaklang +CVE-2023-40020 (PrivateUploader is an open source image hosting server written in Vue ...) + NOT-FOR-US: PrivateUploader +CVE-2023-3721 (The WP-EMail WordPress plugin before 2.69.1 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3645 (The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3601 (The Simple Author Box WordPress plugin before 2.52 does not verify a u ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3435 (The User Activity Log WordPress plugin before 1.6.5 does not correctly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3328 (The Custom Field For WP Job Manager WordPress plugin before 1.2 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3160 (The vulnerability potentially allows an attacker to misuse ESET\u2019s ...) + NOT-FOR-US: ESET +CVE-2023-39908 (The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not proper ...) + NOT-FOR-US: YubiHSM 2 SDK +CVE-2023-39293 (A Command Injection vulnerability has been identified in the MiVoice O ...) + NOT-FOR-US: Mitel +CVE-2023-39292 (A SQL Injection vulnerability has been identified in the MiVoice Offic ...) + NOT-FOR-US: Mitel +CVE-2023-38741 (IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a d ...) + NOT-FOR-US: IBM +CVE-2023-38721 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...) + NOT-FOR-US: IBM +CVE-2023-37847 (novel-plus v3.6.2 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: novel-plus +CVE-2023-37070 (Code Projects Hospital Information System 1.0 is vulnerable to Cross S ...) + NOT-FOR-US: Code Projects Hospital Information System +CVE-2023-33013 (A post-authentication command injection vulnerability in the NTP featu ...) + NOT-FOR-US: Zyxel +CVE-2023-32748 (The Linux DVS server component of Mitel MiVoice Connect through 19.3 S ...) + NOT-FOR-US: Mitel +CVE-2023-2803 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2802 (The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2606 (The WP Brutal AI WordPress plugin before 2.06 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4953 (The Elementor Website Builder WordPress plugin before 3.5.5 does not f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39950 (efibootguard is a simple UEFI boot loader with support for safely swit ...) + - efibootguard 0.15-1 (bug #1049436) + [bookworm] - efibootguard 0.13-2+deb12u1 + NOTE: https://github.com/siemens/efibootguard/commit/965d65c5751898c4bb094ef191b7387819423414 (v0.15) + NOTE: https://github.com/siemens/efibootguard/commit/53dee61dc8b3a83c882e4bc9a0cfe7d6d73610c4 (v0.15) +CVE-2023-40305 (GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in ...) + - indent 2.2.13-3 (bug #1049366) + [bookworm] - indent 2.2.12-4+deb12u2 + [bullseye] - indent (Minor issue) + [buster] - indent (Minor issue) + NOTE: https://savannah.gnu.org/bugs/index.php?64503 +CVE-2023-40303 (GNU inetutils through 2.4 may allow privilege escalation because of un ...) + {DLA-3611-1} + - inetutils 2:2.4-3 (bug #1049365) + [bookworm] - inetutils 2:2.4-2+deb12u1 + [bullseye] - inetutils 2:2.0-1+deb11u2 + NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html +CVE-2023-40296 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in R ...) + NOT-FOR-US: async-sockets-cpp +CVE-2023-40295 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInit ...) + NOT-FOR-US: libboron +CVE-2023-40294 (libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBl ...) + NOT-FOR-US: libboron +CVE-2023-40293 (Harman Infotainment 20190525031613 and later allows command injection ...) + NOT-FOR-US: Harman Infotainment +CVE-2023-40292 (Harman Infotainment 20190525031613 and later discloses the IP address ...) + NOT-FOR-US: Harman Infotainment +CVE-2023-40291 (Harman Infotainment 20190525031613 allows root access via SSH over a U ...) + NOT-FOR-US: Harman Infotainment +CVE-2023-40283 (An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_s ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + NOTE: https://git.kernel.org/linus/1728137b33c00d5a2b5110ed7aafb42e7c32e4a1 (6.5-rc1) +CVE-2023-40274 (An issue was discovered in zola 0.13.0 through 0.17.2. The custom impl ...) + - zola (bug #976052) +CVE-2023-3267 (When adding a remote backup location, an authenticated user can pass a ...) + NOT-FOR-US: Trellix +CVE-2023-3266 (A non-feature complete authentication mechanism exists in the producti ...) + NOT-FOR-US: Trellix +CVE-2023-3265 (An authentication bypass exists on CyberPower PowerPanel Enterprise by ...) + NOT-FOR-US: Trellix +CVE-2023-3264 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-3263 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-3262 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-3261 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-3260 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-3259 (The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earl ...) + NOT-FOR-US: Trellix +CVE-2023-39406 (Permission control vulnerability in the XLayout component. Successful ...) + NOT-FOR-US: Huawei +CVE-2023-39405 (Vulnerability of out-of-bounds parameter read/write in the Wi-Fi modul ...) + NOT-FOR-US: Huawei +CVE-2023-39404 (Vulnerability of input parameter verification in certain APIs in the w ...) + NOT-FOR-US: Huawei +CVE-2023-39403 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39402 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39401 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39400 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39399 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39398 (Parameter verification vulnerability in the installd module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39397 (Input parameter verification vulnerability in the communication system ...) + NOT-FOR-US: Huawei +CVE-2023-39396 (Deserialization vulnerability in the input module. Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2023-39395 (Mismatch vulnerability in the serialization process in the communicati ...) + NOT-FOR-US: Huawei +CVE-2023-39394 (Vulnerability of API privilege escalation in the wifienhance module. S ...) + NOT-FOR-US: Huawei +CVE-2023-39393 (Vulnerability of insecure signatures in the ServiceWifiResources modul ...) + NOT-FOR-US: Huawei +CVE-2023-39392 (Vulnerability of insecure signatures in the OsuLogin module. Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-39391 (Vulnerability of system file information leakage in the USB Service mo ...) + NOT-FOR-US: Huawei +CVE-2023-39390 (Vulnerability of input parameter verification in certain APIs in the w ...) + NOT-FOR-US: Huawei +CVE-2023-39389 (Vulnerability of input parameters being not strictly verified in the P ...) + NOT-FOR-US: Huawei +CVE-2023-39388 (Vulnerability of input parameters being not strictly verified in the P ...) + NOT-FOR-US: Huawei +CVE-2023-39387 (Vulnerability of permission control in the window management module. S ...) + NOT-FOR-US: Huawei +CVE-2023-39386 (Vulnerability of input parameters being not strictly verified in the P ...) + NOT-FOR-US: Huawei +CVE-2023-39385 (Vulnerability of configuration defects in the media module of certain ...) + NOT-FOR-US: Huawei +CVE-2023-39384 (Vulnerability of incomplete permission verification in the input metho ...) + NOT-FOR-US: Huawei +CVE-2023-39383 (Vulnerability of input parameters being not strictly verified in the A ...) + NOT-FOR-US: Huawei +CVE-2023-39382 (Input verification vulnerability in the audio module. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2023-39381 (Input verification vulnerability in the storage module. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2023-39380 (Permission control vulnerability in the audio module. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2021-46895 (Vulnerability of defects introduced in the design process in the Multi ...) + NOT-FOR-US: Huawei +CVE-2023-4265 (Potential buffer overflow vulnerabilities in the following locations: ...) + NOT-FOR-US: Zephyr RTOS (unrelated to src:zephyr) +CVE-2023-4293 (The Premium Packages - Sell Digital Products Securely plugin for WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3452 (The Canto plugin for WordPress is vulnerable to Remote File Inclusion ...) + NOT-FOR-US: Canto plugin for WordPress +CVE-2023-3937 (Cross site scripting vulnerability in web portal in Snow Software Lice ...) + NOT-FOR-US: Snow Software +CVE-2023-3864 (Blind SQL injection in a service running in Snow Software license mana ...) + NOT-FOR-US: Snow Software +CVE-2023-39949 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-2 + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-3jv9-j9x3-95cg + NOTE: https://github.com/eProsima/Fast-DDS/issues/3236 + NOTE: https://github.com/eProsima/Fast-DDS/commit/3aa3ee0259deaebe3d578e0ec200947bdfe7d06f (v2.10.0) + NOTE: https://github.com/eProsima/Fast-DDS/commit/6bc2f8048eb9760dcbd148bdb73492e58da8eb1e (v2.9.2) +CVE-2023-39948 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-2 + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-x9pj-vrgf-f68f + NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 + NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 +CVE-2023-39947 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-3 (bug #1043548) + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-mf55-5747-c4pv + NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) + NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 +CVE-2023-39946 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-3 (bug #1043548) + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-j297-rg6j-m7hx + NOTE: https://github.com/eProsima/Fast-DDS/commit/7c1c611f2f70ec238fbde30a9ed044d99191e4fb (v2.11.1) + NOTE: https://github.com/eProsima/Fast-DDS/pull/3670 +CVE-2023-39945 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-3 (bug #1043548) + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-2rq6-8j7x-frr9 + NOTE: https://github.com/eProsima/Fast-DDS/issues/3422 + NOTE: https://github.com/eProsima/Fast-DDS/commit/d3db7244df4081ae630dea98b7b27eb96245d562 +CVE-2023-39534 (eprosima Fast DDS is a C++ implementation of the Data Distribution Ser ...) + {DSA-5481-1} + - fastdds 2.10.1+ds-2 + NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-fcr6-x23w-94wp + NOTE: https://github.com/eProsima/Fast-DDS/commit/2674fdd93793fd314fcb81b795f9f62b8fcb1ea0 + NOTE: https://github.com/eProsima/Fast-DDS/pull/3343 +CVE-2023-32267 (A potential vulnerability has been identified in OpenText / Micro Focu ...) + NOT-FOR-US: Micro Focus +CVE-2023-4304 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) + - froxlor (bug #581792) +CVE-2023-4108 (Mattermost fails to sanitize post metadata during audit logging result ...) + - mattermost-server (bug #823556) +CVE-2023-4107 (Mattermost fails to properly validate the requesting user permissions ...) + - mattermost-server (bug #823556) +CVE-2023-4106 (Mattermost fails to check if the requesting user is a guest before per ...) + - mattermost-server (bug #823556) +CVE-2023-4105 (Mattermost fails to delete the attachments when deleting a message in ...) + - mattermost-server (bug #823556) +CVE-2023-40267 (GitPython before 3.1.32 does not block insecure non-multi options in c ...) + {DLA-3502-1} + - python-git 3.1.36-1 (bug #1043503) + [bookworm] - python-git 3.1.30-1+deb12u2 + [bullseye] - python-git (Minor issue) + NOTE: https://github.com/gitpython-developers/GitPython/pull/1609 + NOTE: https://github.com/gitpython-developers/GitPython/commit/5c59e0d63da6180db8a0b349f0ad36fef42aceed (3.1.32) +CVE-2023-40260 (EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi ...) + NOT-FOR-US: EmpowerID +CVE-2023-40256 (A vulnerability was discovered in Veritas NetBackup Snapshot Manager b ...) + NOT-FOR-US: Veritas +CVE-2023-40254 (Download of Code Without Integrity Check vulnerability in Genians Geni ...) + NOT-FOR-US: Genians +CVE-2023-40253 (Improper Authentication vulnerability in Genians Genian NAC V4.0, Geni ...) + NOT-FOR-US: Genians +CVE-2023-40235 (An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0 ...) + NOT-FOR-US: ArchiMate Archi +CVE-2023-40224 (MISP 2.4.174 allows XSS in app/View/Events/index.ctp.) + NOT-FOR-US: MISP +CVE-2023-40014 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2023-3824 (In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* bef ...) + {DLA-3555-1} + - php8.2 8.2.10-1 (bug #1043477) + [bookworm] - php8.2 (Fix along in future update) + - php7.4 + [bullseye] - php7.4 (Fix along in future update) + - php7.3 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv + NOTE: https://github.com/php/php-src/commit/80316123f3e9dcce8ac419bd9dd43546e2ccb5ef (php-8.0.30) + NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 +CVE-2023-3823 (In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* be ...) + {DLA-3555-1} + - php8.2 8.2.10-1 (bug #1043477) + [bookworm] - php8.2 (Fix along in future update) + - php7.4 + [bullseye] - php7.4 (Fix along in future update) + - php7.3 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr + NOTE: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975 (php-8.0.30) + NOTE: Fixed in: 8.0.30, 8.1.22, 8.2.8 +CVE-2023-39553 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache Airflow Drill Provider +CVE-2023-38333 (Zoho ManageEngine Applications Manager through 16530 allows reflected ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-37513 (When the app is put to the background and the user goes to the task sw ...) + NOT-FOR-US: HCL +CVE-2023-37512 (When the app is put to the background and the user goes to the task sw ...) + NOT-FOR-US: HCL +CVE-2023-37511 (If certain App Transport Security (ATS) settings are set in a certain ...) + NOT-FOR-US: HCL +CVE-2023-35179 (A vulnerability has been identified within Serv-U 15.4 that, if exploi ...) + NOT-FOR-US: SolarWinds Serv-U +CVE-2023-34438 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) + NOT-FOR-US: Intel +CVE-2023-34427 (Protection mechanism failure in some Intel(R) RealSense(TM) ID softwar ...) + NOT-FOR-US: Intel +CVE-2023-34355 (Uncontrolled search path element for some Intel(R) Server Board M10JNP ...) + NOT-FOR-US: Intel +CVE-2023-34349 (Race condition in some Intel(R) NUC BIOS firmware may allow a privileg ...) + NOT-FOR-US: Intel +CVE-2023-34086 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) + NOT-FOR-US: Intel +CVE-2023-33877 (Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Int ...) + NOT-FOR-US: Intel +CVE-2023-33867 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) + NOT-FOR-US: Intel +CVE-2023-32663 (Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in v ...) + NOT-FOR-US: Intel +CVE-2023-32656 (Improper buffer restrictions in some Intel(R) RealSense(TM) ID softwar ...) + NOT-FOR-US: Intel +CVE-2023-32617 (Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NU ...) + NOT-FOR-US: Intel +CVE-2023-32609 (Improper access control in the Intel Unite(R) android application befo ...) + NOT-FOR-US: Intel +CVE-2023-32547 (Incorrect default permissions in the MAVinci Desktop Software for Inte ...) + NOT-FOR-US: Intel +CVE-2023-32543 (Incorrect default permissions in the Intel(R) ITS sofware before versi ...) + NOT-FOR-US: Intel +CVE-2023-32285 (Improper access control in some Intel(R) NUC BIOS firmware may allow a ...) + NOT-FOR-US: Intel +CVE-2023-31246 (Incorrect default permissions in some Intel(R) SDP Tool software befor ...) + NOT-FOR-US: Intel +CVE-2023-30760 (Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Inte ...) + NOT-FOR-US: Intel +CVE-2023-29494 (Improper input validation in BIOS firmware for some Intel(R) NUCs may ...) + NOT-FOR-US: Intel +CVE-2023-29243 (Unchecked return value in some Intel(R) RealSense(TM) ID software for ...) + NOT-FOR-US: Intel +CVE-2023-29151 (Uncontrolled search path element in some Intel(R) PSR SDK before versi ...) + NOT-FOR-US: Intel +CVE-2023-27887 (Improper initialization in BIOS firmware for some Intel(R) NUCs may al ...) + NOT-FOR-US: Intel +CVE-2023-38104 [ZDI-CAN-21444: Integer overflow leading to heap overwrite in RealMedia file handling] + {DSA-5476-1 DLA-3552-1} + - gst-plugins-ugly1.0 1.22.5-1 (bug #1043501) + - gst-plugins-ugly0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0005.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/67e38cf47b7683586c24de18d8253029042dc72f + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/eb89e0a13eeb59fc5bab787ded50faf6a50087e3 (1.22.5) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1008/ +CVE-2023-38103 [ZDI-CAN-21443: Integer overflow leading to heap overwrite in RealMedia file handling] + {DSA-5476-1 DLA-3552-1} + - gst-plugins-ugly1.0 1.22.5-1 (bug #1043501) + - gst-plugins-ugly0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0004.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2782 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/b268b27cd8ff0dda1fda71890cd414f4cb2096db + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/4266ba0fd2be7702044a5d90a8215abe41709874 (1.22.5) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1007/ +CVE-2023-40225 (HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4. ...) + - haproxy 2.6.15-1 (bug #1043502) + [bookworm] - haproxy (Minor issue, fix along with future DSA) + [bullseye] - haproxy (Minor issue, fix along with future DSA) + [buster] - haproxy (Vulnerable code not present) + NOTE: https://github.com/haproxy/haproxy/issues/2237 + NOTE: https://github.com/haproxy/haproxy/commit/6492f1f29d738457ea9f382aca54537f35f9d856 + NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=e8ba5e106444fc78558f4ff26e9ce946f89216f4 (v2.2.31) + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=d17c50010d591d1c070e1cb0567a06032d8869e9 (v2.6.15) +CVE-2023-4283 (The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: EmbedPress plugin for WordPress +CVE-2023-4282 (The EmbedPress plugin for WordPress is vulnerable to unauthorized loss ...) + NOT-FOR-US: EmbedPress plugin for WordPress +CVE-2023-4275 + REJECTED +CVE-2023-4128 + REJECTED +CVE-2023-40216 (OpenBSD 7.3 before errata 014 is missing an argument-count bounds chec ...) + NOT-FOR-US: OpenBSD +CVE-2023-39966 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-39965 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-39964 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-39963 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39962 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39961 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39959 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39958 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39957 (Nextcloud Talk Android allows users to place video and audio calls thr ...) + NOT-FOR-US: Nextcloud Talk Android +CVE-2023-39955 (Notes is a note-taking app for Nextcloud, an open-source cloud platfor ...) + NOT-FOR-US: Notes app for NextCloud +CVE-2023-39954 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...) + NOT-FOR-US: Nextcloud OIDC backend +CVE-2023-39953 (user_oidc provides the OIDC connect user backend for Nextcloud, an ope ...) + NOT-FOR-US: Nextcloud OIDC backend +CVE-2023-39952 (Nextcloud Server provides data storage for Nextcloud, an open source c ...) + - nextcloud-server (bug #941708) +CVE-2023-39806 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: iCMS +CVE-2023-39805 (iCMS v7.0.16 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: iCMS +CVE-2023-39776 (A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 a ...) + NOT-FOR-US: PHPJabbers +CVE-2023-39314 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38830 (An information leak in PHPJabbers Yacht Listing Script v1.0 allows att ...) + NOT-FOR-US: PHPJabbers +CVE-2023-38397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Egge ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38248 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38247 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38246 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38245 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38244 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38243 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38242 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38241 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38240 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38239 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38238 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38237 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38236 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38235 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38234 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38233 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38232 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38231 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38230 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38229 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38228 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38227 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38226 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38225 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38224 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38223 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38222 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-38210 (Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resou ...) + NOT-FOR-US: Adobe +CVE-2023-38034 (A command injection vulnerability in the DHCP Client function of all U ...) + NOT-FOR-US: UniFi +CVE-2023-37988 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37983 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37734 (EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a ...) + NOT-FOR-US: EZ softmagic MP3 Audio Converter +CVE-2023-37625 (A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 all ...) + - netbox (bug #1017079) +CVE-2023-37543 (Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for ...) + - cacti 1.2.6+ds1-1 + [buster] - cacti (Minor issue) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-4x82-8w8m-w8hj + NOTE: https://medium.com/%40hussainfathy99/exciting-news-my-first-cve-discovery-cve-2023-37543-idor-vulnerability-in-cacti-bbb6c386afed + NOTE: https://github.com/Cacti/cacti/issues/5523 + NOTE: Not possible to pinpoint exact fix, but upstream confirms that the fix is in + NOTE: 1.2.6 upstream, cf. https://github.com/Cacti/cacti/issues/5523#issuecomment-1768240843 + NOTE: and surrounding questions. +CVE-2023-37388 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37069 (Code-Projects Online Hospital Management System V1.0 is vulnerable to ...) + NOT-FOR-US: Code-Projects Online Hospital Management System +CVE-2023-36530 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36315 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36314 (There is a Cross Site Scripting (XSS) vulnerability in the value-text- ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36313 (PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36312 (There is a Cross Site Scripting (XSS) vulnerability in the value-enum- ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36311 (There is a SQL injection (SQLi) vulnerability in the "column" paramete ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36310 (There is a Cross Site Scripting (XSS) vulnerability in the "column" pa ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36309 (There is a Cross Site Scripting (XSS) vulnerability in the "action" pa ...) + NOT-FOR-US: PHPJabbers +CVE-2023-35085 (An integer overflow vulnerability in all UniFi Access Points and Switc ...) + NOT-FOR-US: UniFi +CVE-2023-34374 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rah ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32567 (Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in ...) + NOT-FOR-US: Ivanti +CVE-2023-32566 (An attacker can send a specially crafted request which could lead to l ...) + NOT-FOR-US: Ivanti +CVE-2023-32565 (An attacker can send a specially crafted request which could lead to l ...) + NOT-FOR-US: Ivanti +CVE-2023-32564 (An unrestricted upload of file with dangerous type vulnerability exist ...) + NOT-FOR-US: Ivanti +CVE-2023-32563 (An unauthenticated attacker could achieve the code execution through a ...) + NOT-FOR-US: Ivanti +CVE-2023-32562 (An unrestricted upload of file with dangerous type vulnerability exist ...) + NOT-FOR-US: Ivanti +CVE-2023-32561 (A previously generated artifact by an administrator could be accessed ...) + NOT-FOR-US: Ivanti +CVE-2023-32560 (An attacker can send a specially crafted message to the Wavelink Avala ...) + NOT-FOR-US: Ivanti +CVE-2023-39418 (A vulnerability was found in PostgreSQL with the use of the MERGE comm ...) + {DSA-5553-1} + - postgresql-15 15.4-1 + - postgresql-13 (Only affects 15.x) + - postgresql-11 (Only affects 15.x) + NOTE: https://www.postgresql.org/support/security/CVE-2023-39418/ + NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229 (REL_15_4) +CVE-2023-39417 (IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in Po ...) + {DSA-5554-1 DSA-5553-1 DLA-3600-1} + - postgresql-15 15.4-1 + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/support/security/CVE-2023-39417/ + NOTE: https://www.postgresql.org/about/news/postgresql-154-149-1312-1216-1121-and-postgresql-16-beta-3-released-2689/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=de494ec14f6bd7f2676623a5934723a6c8ba51c2 (REL_15_4) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b1b585e0fc3dd195bc2e338c80760bede08de5f1 (REL_13_12) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=919ebb023e74546c6293352556365091c5402366 (REL_11_21) +CVE-2023-4277 (The Realia plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: Realia plugin for WordPress +CVE-2023-4276 (The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: Absolute Privacy plugin for WordPress +CVE-2023-36673 (An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. ...) + NOT-FOR-US: Avira Phantom VPN +CVE-2023-36672 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...) + NOT-FOR-US: Clario VPN client +CVE-2023-36671 (An issue was discovered in the Clario VPN client through 5.9.1.1662 fo ...) + NOT-FOR-US: Clario VPN client +CVE-2023-35838 (The WireGuard client 0.5.3 on Windows insecurely configures the operat ...) + NOT-FOR-US: WireGuard client on Windows +CVE-2023-33242 (Crypto wallets implementing the Lindell17 TSS protocol might allow an ...) + NOT-FOR-US: Crypto wallets implementing the Lindell17 TSS protocol +CVE-2023-33241 (Crypto wallets implementing the GG18 or GG20 TSS protocol might allow ...) + NOT-FOR-US: Crypto wallets implementing the GG18 or GG20 TSS protocol +CVE-2023-32559 (A privilege escalation vulnerability exists in the experimental policy ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) + [buster] - nodejs (v10.x doesn't support policy manifests) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 + NOTE: https://github.com/nodejs/node/commit/d4570fae358693b8f7fec05294b9bb92a966226d (v18.x) + NOTE: https://github.com/nodejs/node/commit/4aa0eff787c14f14a239cf2f44bf751a0151e3eb (main) +CVE-2023-32558 (The use of the deprecated API `process.binding()` can bypass the permi ...) + - nodejs (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#processbinding-can-bypass-the-permission-model-through-path-traversal-highcve-2023-32558 +CVE-2023-32006 (The use of `module.constructor.createRequire()` can bypass the policy ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) + [buster] - nodejs (v10.x doesn't support policy manifests) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 + NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x) + NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main) +CVE-2023-32005 (A vulnerability has been identified in Node.js version 20, affecting u ...) + - nodejs (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsstatfs-can-retrive-stats-from-files-restricted-by-the-permission-model-lowcve-2023-32005 +CVE-2023-32004 (A vulnerability has been discovered in Node.js version 20, specificall ...) + - nodejs (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permission-model-bypass-by-specifying-a-path-traversal-sequence-in-a-buffer-highcve-2023-32004 +CVE-2023-32003 (`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permis ...) + - nodejs (Only affects 20.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#fsmkdtemp-and-fsmkdtempsync-are-missing-getvalidatedpath-checks-lowcve-2023-32003 +CVE-2023-32002 (The use of `Module._load()` can bypass the policy mechanism and requir ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1050739) + [buster] - nodejs (v10.x doesn't support policy manifests) + NOTE: https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 + NOTE: https://github.com/nodejs/node/commit/15bced0bde93f24115b779a309d517845c87e17a (v18.x) + NOTE: https://github.com/nodejs/node/commit/b68e5e798138be0041ba9ace72d8d45e63c068a1 (main) +CVE-2023-38712 (An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an ...) + - libreswan 4.12-1 + NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.txt + NOTE: https://libreswan.org/security/CVE-2023-38712/CVE-2023-38712.patch +CVE-2023-38711 (An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick ...) + - libreswan 4.12-1 + [bullseye] - libreswan (Vulnerable code not present) + [buster] - libreswan (Vulnerable code not present) + NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.txt + NOTE: https://libreswan.org/security/CVE-2023-38711/CVE-2023-38711.patch +CVE-2023-38710 (An issue was discovered in Libreswan before 4.12. When an IKEv2 Child ...) + - libreswan 4.12-1 + NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.txt + NOTE: https://libreswan.org/security/CVE-2023-38710/CVE-2023-38710.patch +CVE-2023-4273 (A flaw was found in the exFAT driver of the Linux kernel. The vulnerab ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d42334578eba1390859012ebb91e1e556d51db49 (6.5-rc5) + NOTE: https://dfir.ru/2023/08/23/cve-2023-4273-a-vulnerability-in-the-linux-exfat-driver/ +CVE-2023-40012 (uthenticode is a small cross-platform library for partially verifying ...) + NOT-FOR-US: uthenticode +CVE-2023-3953 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider Electric +CVE-2023-3518 (HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for ...) + - consul (Only affects 16.0) +CVE-2023-39969 (uthenticode is a small cross-platform library for partially verifying ...) + NOT-FOR-US: uthenticode +CVE-2023-39531 (Sentry is an error tracking and performance monitoring platform. Start ...) + NOT-FOR-US: Sentry +CVE-2023-39008 (A command injection vulnerability in the component /api/cron/settings/ ...) + NOT-FOR-US: OPNsense +CVE-2023-39007 (/ui/cron/item/open in the Cron component of OPNsense Community Edition ...) + NOT-FOR-US: OPNsense +CVE-2023-39006 (The Crash Reporter (crash_reporter.php) component of OPNsense Communit ...) + NOT-FOR-US: OPNsense +CVE-2023-39005 (Insecure permissions exist for configd.socket in OPNsense Community Ed ...) + NOT-FOR-US: OPNsense +CVE-2023-39004 (Insecure permissions in the configuration directory (/conf/) of OPNsen ...) + NOT-FOR-US: OPNsense +CVE-2023-39003 (OPNsense Community Edition before 23.7 and Business Edition before 23. ...) + NOT-FOR-US: OPNsense +CVE-2023-39002 (A cross-site scripting (XSS) vulnerability in the act parameter of sys ...) + NOT-FOR-US: OPNsense +CVE-2023-39001 (A command injection vulnerability in the component diag_backup.php of ...) + NOT-FOR-US: OPNsense +CVE-2023-39000 (A reflected cross-site scripting (XSS) vulnerability in the component ...) + NOT-FOR-US: OPNsense +CVE-2023-38999 (A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/ha ...) + NOT-FOR-US: OPNsense +CVE-2023-38998 (An open redirect in the Login page of OPNsense Community Edition befor ...) + NOT-FOR-US: OPNsense +CVE-2023-38997 (A directory traversal vulnerability in the Captive Portal templates of ...) + NOT-FOR-US: OPNsense +CVE-2023-38348 (A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.) + NOT-FOR-US: LWsystems Benno MailArchiv +CVE-2023-38347 (An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attacker ...) + NOT-FOR-US: LWsystems Benno MailArchiv +CVE-2023-38213 (Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vul ...) + NOT-FOR-US: Adobe +CVE-2023-38212 (Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overf ...) + NOT-FOR-US: Adobe +CVE-2023-38211 (Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerab ...) + NOT-FOR-US: Adobe +CVE-2023-37068 (Code-Projects Gym Management System V1.0 allows remote attackers to ex ...) + NOT-FOR-US: Code-Projects Gym Management System +CVE-2023-34545 (A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers ...) + NOT-FOR-US: CSZCMS +CVE-2023-33953 (gRPC contains a vulnerability that allows hpack table accounting error ...) + - grpc + [bookworm] - grpc (Minor issue) + [bullseye] - grpc (Minor issue) + [buster] - grpc (recheck when upstream patch is available/published) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2230890 + NOTE: https://cloud.google.com/support/bulletins#gcp-2023-022 +CVE-2023-33469 (In instances where the screen is visible and remote mouse connection i ...) + NOT-FOR-US: KramerAV +CVE-2023-33468 (KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior t ...) + NOT-FOR-US: KramerAV +CVE-2023-32782 (A command injection was identified in PRTG 23.2.84.1566 and earlier ve ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2023-32781 (A command injection vulnerability was identified in PRTG 23.2.84.1566 ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2023-31452 (A cross-site request forgery (CSRF) token bypass was identified in PRT ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2023-31450 (A path traversal vulnerability was identified in the SQL v2 sensors in ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2023-31449 (A path traversal vulnerability was identified in the WMI Custom sensor ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2023-31448 (A path traversal vulnerability was identified in the HL7 sensor in PRT ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2022-48604 (A SQL injection vulnerability exists in the \u201clogging export\u201d ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48603 (A SQL injection vulnerability exists in the \u201cmessage viewer ifram ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48602 (A SQL injection vulnerability exists in the \u201cmessage viewer print ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48601 (A SQL injection vulnerability exists in the \u201cnetwork print report ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48600 (A SQL injection vulnerability exists in the \u201cnotes view\u201d fea ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48599 (A SQL injection vulnerability exists in the \u201creporter events type ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48598 (A SQL injection vulnerability exists in the \u201creporter events type ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48597 (A SQL injection vulnerability exists in the \u201cticket event report\ ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48596 (A SQL injection vulnerability exists in the \u201cticket queue watcher ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48595 (A SQL injection vulnerability exists in the \u201cticket template watc ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48594 (A SQL injection vulnerability exists in the \u201cticket watchers emai ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48593 (A SQL injection vulnerability exists in the \u201ctopology data servic ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48592 (A SQL injection vulnerability exists in the vendor_country parameter o ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48591 (A SQL injection vulnerability exists in the vendor_state parameter of ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48590 (A SQL injection vulnerability exists in the \u201cadmin dynamic app mi ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48589 (A SQL injection vulnerability exists in the \u201creporting job editor ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48588 (A SQL injection vulnerability exists in the \u201cschedule editor deco ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48587 (A SQL injection vulnerability exists in the \u201cschedule editor\u201 ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48586 (A SQL injection vulnerability exists in the \u201cjson walker\u201d fe ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48585 (A SQL injection vulnerability exists in the \u201cadmin brand portal\u ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48584 (A command injection vulnerability exists in the download and convert r ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48583 (A command injection vulnerability exists in the dashboard scheduler fe ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48582 (A command injection vulnerability exists in the ticket report generate ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48581 (A command injection vulnerability exists in the \u201cdash export\u201 ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2022-48580 (A command injection vulnerability exists in the ARP ping device tool f ...) + NOT-FOR-US: ScienceLogic SL1 +CVE-2023-4243 (The FULL - Customer plugin for WordPress is vulnerable to Arbitrary Fi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4242 (The FULL - Customer plugin for WordPress is vulnerable to Information ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4239 (The Real Estate Manager plugin for WordPress is vulnerable to privileg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3632 (Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Educati ...) + NOT-FOR-US: Sifir Bes Education and Informatics Kunduz Homework Helper App +CVE-2023-39951 (OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrum ...) + NOT-FOR-US: OpenTelemetry Java Instrumentation +CVE-2023-39910 (The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin ...) + NOT-FOR-US: Libbitcoin Explorer +CVE-2023-39341 ("FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM pro ...) + NOT-FOR-US: FFRI yarai +CVE-2023-39214 (Exposure of sensitive information in Zoom Client SDK's before 5.15.5 m ...) + NOT-FOR-US: Zoom +CVE-2023-39213 (Improper neutralization of special elements in Zoom Desktop Client for ...) + NOT-FOR-US: Zoom +CVE-2023-39212 (Untrusted search path in Zoom Rooms for Windows before version 5.15.5 ...) + NOT-FOR-US: Zoom +CVE-2023-39211 (Improper privilege management in Zoom Desktop Client for Windows and Z ...) + NOT-FOR-US: Zoom +CVE-2023-39210 (Cleartext storage of sensitive information in Zoom Client SDK for Wind ...) + NOT-FOR-US: Zoom +CVE-2023-39209 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) + NOT-FOR-US: Zoom +CVE-2023-38752 (Improper authorization vulnerability in Special Interest Group Network ...) + NOT-FOR-US: Special Interest Group Network for Analysis and Liaison +CVE-2023-38751 (Improper authorization vulnerability in Special Interest Group Network ...) + NOT-FOR-US: Special Interest Group Network for Analysis and Liaison +CVE-2023-38209 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-38208 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-38207 (Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-37864 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37863 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37862 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37861 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37860 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37859 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37858 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37857 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37856 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-37855 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-33934 (Improper Input Validation vulnerability in Apache Software Foundation ...) + {DSA-5549-1 DLA-3595-1} + - trafficserver 9.2.2+ds-1 (bug #1043430) + NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc +CVE-2023-2905 (Due to a failure in validating the length of a provided MQTT_CMD_PUBLI ...) + NOT-FOR-US: Cesanta Mongoose +CVE-2023-3223 (A flaw was found in undertow. Servlets annotated with @MultipartConfig ...) + - undertow (bug #1054893) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209689 + NOTE: https://github.com/undertow-io/undertow/pull/1521 (2.3.9.Final) + NOTE: https://github.com/undertow-io/undertow/pull/1523 (backport, 2.2.27.Final) + NOTE: https://issues.redhat.com/browse/UNDERTOW-2271 +CVE-2023-4219 (A vulnerability was found in SourceCodester Doctors Appointment System ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-4203 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) + NOT-FOR-US: Advantech +CVE-2023-4202 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) + NOT-FOR-US: Advantech +CVE-2023-4009 (In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 i ...) + NOT-FOR-US: MongoDB Ops Manager +CVE-2023-40042 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) + NOT-FOR-US: TOTOLINK +CVE-2023-40041 (TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow ...) + NOT-FOR-US: TOTOLINK +CVE-2023-3898 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: mAyaNet E-Commerce Software +CVE-2023-3894 (Those using jackson-dataformats-text to parse TOML data may be vulnera ...) + NOT-FOR-US: jackson-dataformats-text +CVE-2023-3717 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Farmakom Remote Administration Console +CVE-2023-3716 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Oduyo Online Collection Software +CVE-2023-3653 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Digital Ant E-Commerce Software +CVE-2023-3652 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Digital Ant E-Commerce Software +CVE-2023-3651 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Digital Ant E-Commerce Software +CVE-2023-3522 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: a2 License Portal System +CVE-2023-3386 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: a2 Camera Trap Tracking System +CVE-2023-39549 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens Solid Edge +CVE-2023-39533 (go-libp2p is the Go implementation of the libp2p Networking Stack. Pri ...) + NOT-FOR-US: go-libp2p +CVE-2023-39532 (SES is a JavaScript environment that allows safe execution of arbitrar ...) + NOT-FOR-US: SES +CVE-2023-39518 (social-media-skeleton is an uncompleted social media project implement ...) + NOT-FOR-US: social-media-skeleton +CVE-2023-39419 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39342 (Dangerzone is software for converting potentially dangerous PDFs, offi ...) + NOT-FOR-US: Dangerzone +CVE-2023-39269 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2023-39218 (Client-side enforcement of server-side security in Zoom clients before ...) + NOT-FOR-US: Zoom +CVE-2023-39217 (Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow ...) + NOT-FOR-US: Zoom +CVE-2023-39216 (Improper input validation in Zoom Desktop Client for Windows before 5. ...) + NOT-FOR-US: Zoom +CVE-2023-39188 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39187 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39186 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39185 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39184 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39183 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39182 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39181 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-39086 (ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitiv ...) + NOT-FOR-US: ASUS +CVE-2023-38815 + REJECTED +CVE-2023-38814 + REJECTED +CVE-2023-38773 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38771 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38770 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38769 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38768 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38767 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38766 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38765 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38764 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38763 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38762 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38761 (Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38760 (SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attac ...) + NOT-FOR-US: ChurchCRM +CVE-2023-38759 (Cross Site Request Forgery (CSRF) vulnerability in wger Project wger W ...) + NOT-FOR-US: wger Project wger Workout Manager +CVE-2023-38758 (Cross Site Scripting vulnerability in wger Project wger Workout Manage ...) + NOT-FOR-US: wger Project wger Workout Manager +CVE-2023-38683 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2023-38682 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2023-38681 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-38680 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-38679 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-38641 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-38532 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38531 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38530 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38529 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38528 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38527 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38526 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38525 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38524 (A vulnerability has been identified in Parasolid V34.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-38384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntacti ...) + NOT-FOR-US: Siemens +CVE-2023-38254 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38188 (Azure Apache Hadoop Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38186 (Windows Mobile Device Management Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38185 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38184 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2023-38182 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38181 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38180 (.NET and Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2023-38178 (.NET Core and Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2023-38176 (Azure Arc-Enabled Servers Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38175 (Microsoft Windows Defender Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38172 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38170 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38169 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38167 (Microsoft Dynamics Business Central Elevation Of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-38154 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-37690 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37689 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37688 (Maid Hiring Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37687 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Nurse Hiring System +CVE-2023-37686 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Nurse Hiring System +CVE-2023-37685 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Nurse Hiring System +CVE-2023-37684 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Nurse Hiring System +CVE-2023-37683 (Online Nurse Hiring System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Nurse Hiring System +CVE-2023-37682 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-37646 (An issue in the CAB file extraction function of Bitberry File Opener v ...) + NOT-FOR-US: Bitberry File Opener +CVE-2023-37570 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) + NOT-FOR-US: ESDS Emagic Data Center Management Suit +CVE-2023-37373 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: Siemens +CVE-2023-37372 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: Siemens +CVE-2023-36914 (Windows Smart Card Resource Management Server Security Feature Bypass ...) + NOT-FOR-US: Microsoft +CVE-2023-36913 (Microsoft Message Queuing Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36912 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36911 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36910 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36909 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36908 (Windows Hyper-V Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36907 (Windows Cryptographic Services Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36906 (Windows Cryptographic Services Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36905 (Windows Wireless Wide Area Network Service (WwanSvc) Information Discl ...) + NOT-FOR-US: Microsoft +CVE-2023-36904 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-36903 (Windows System Assessment Tool Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36900 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-36899 (ASP.NET Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36898 (Tablet Windows User Interface Application Core Remote Code Execution V ...) + NOT-FOR-US: Microsoft +CVE-2023-36897 (Visual Studio Tools for Office Runtime Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36896 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36895 (Microsoft Outlook Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36894 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36893 (Microsoft Outlook Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36892 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36891 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36890 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36889 (Windows Group Policy Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36882 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-36881 (Azure Apache AmbariSpoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36877 (Azure Apache Oozie Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36876 (Reliability Analysis Metrics Calculation (RacTask) Elevation of Privil ...) + NOT-FOR-US: Microsoft +CVE-2023-36873 (.NET Framework Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36869 (Azure DevOps Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36866 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36865 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36546 (An issue in PEStudio v.9.52 allows a remote attacker to execute arbitr ...) + NOT-FOR-US: PEStudio +CVE-2023-36541 (Insufficient verification of data authenticity in Zoom Desktop Client ...) + NOT-FOR-US: Zoom +CVE-2023-36540 (Untrusted search path in the installer for Zoom Desktop Client for Win ...) + NOT-FOR-US: Zoom +CVE-2023-36535 (Client-side enforcement of server-side security in Zoom clients before ...) + NOT-FOR-US: Zoom +CVE-2023-36534 (Path traversal in Zoom Desktop Client for Windows before 5.14.7 may al ...) + NOT-FOR-US: Zoom +CVE-2023-36533 (Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow ...) + NOT-FOR-US: Zoom +CVE-2023-36532 (Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthentic ...) + NOT-FOR-US: Zoom +CVE-2023-36482 (An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN8 ...) + NOT-FOR-US: Samsung +CVE-2023-36344 (An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before al ...) + NOT-FOR-US: Diebold Nixdorf Vynamic View Console +CVE-2023-36306 (A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyz ...) + NOT-FOR-US: Adiscon Aiscon LogAnalyzer +CVE-2023-36136 (PHPJabbers Class Scheduling System 1.0 lacks encryption on the passwor ...) + NOT-FOR-US: PHPJabbers +CVE-2023-35394 (Azure HDInsight Jupyter Notebook Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35393 (Azure Apache Hive Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35391 (ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerab ...) + NOT-FOR-US: Microsoft .NET +CVE-2023-35390 (.NET and Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2023-35389 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35388 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35387 (Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35386 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35385 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35384 (Windows HTML Platforms Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35383 (Microsoft Message Queuing Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35382 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35381 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35380 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35379 (Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of ...) + NOT-FOR-US: Microsoft +CVE-2023-35378 (Windows Projected File System Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35377 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35376 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35372 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35371 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35368 (Microsoft Exchange Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35359 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32503 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32292 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetB ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2423 (A vulnerability was discovered in the Rockwell Automation Armor PowerF ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-34319 (The fix for XSA-423 added logic to Linux'es netback driver to deal wit ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + NOTE: https://git.kernel.org/linus/534fc31d09b706a16d83533e16b5dc855caf7576 + NOTE: https://xenbits.xen.org/xsa/advisory-432.html +CVE-2023-3573 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-3572 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-3571 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-3570 (In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0 ...) + NOT-FOR-US: PHOENIX +CVE-2023-3569 (In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to ...) + NOT-FOR-US: PHOENIX +CVE-2023-3526 (In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to ...) + NOT-FOR-US: PHOENIX +CVE-2023-39978 (ImageMagick before 6.9.12-91 allows attackers to cause a denial of ser ...) + - imagemagick (Vulnerable code not present) + NOTE: Introduced with: https://github.com/ImageMagick/ImageMagick6/commit/e8c0090c6d2df7b1553053dca2008e96724204bf (6.9.12-78) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/c90e79b3b22fec309cab55af2ee606f71b027b12 (6.9.12-91) +CVE-2023-39977 + REJECTED +CVE-2023-39976 (log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long ...) + - libqb 2.0.8-1 + [bookworm] - libqb (Minor issue) + [bullseye] - libqb (Minor issue) + [buster] - libqb (Vulnerable code introduced later) + NOTE: https://github.com/ClusterLabs/libqb/commit/1bbaa929b77113532785c408dd1b41cd0521ffc8 (v2.0.8) + NOTE: https://github.com/ClusterLabs/libqb/pull/490 +CVE-2023-39530 (PrestaShop is an open source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-39529 (PrestaShop is an open source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-39528 (PrestaShop is an open source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-39527 (PrestaShop is an open source e-commerce web application. Versions prio ...) + NOT-FOR-US: PrestaShop +CVE-2023-39526 (PrestaShop is an open source e-commerce web application. Versions prio ...) + NOT-FOR-US: PrestaShop +CVE-2023-39525 (PrestaShop is an open source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-39523 (ScanCode.io is a server to script and automate software composition an ...) + NOT-FOR-US: ScanCode.io +CVE-2023-39440 (In SAP BusinessObjects Business Intelligence - version 420, If a user ...) + NOT-FOR-US: SAP +CVE-2023-39439 (SAP Commerce Cloud may accept an empty passphrase for user ID and pass ...) + NOT-FOR-US: SAP +CVE-2023-39437 (SAP business One allows - version 10.0, allows an attacker to insert m ...) + NOT-FOR-US: SAP +CVE-2023-39436 (SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605 ...) + NOT-FOR-US: SAP +CVE-2023-37569 (This vulnerability exists in ESDS Emagic Data Center Management Suit d ...) + NOT-FOR-US: ESDS Emagic Data Center Management Suit +CVE-2023-37492 (SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP ...) + NOT-FOR-US: SAP +CVE-2023-37491 (The ACL (AccessControlList) of SAP Message Server - versions KERNEL 7. ...) + NOT-FOR-US: SAP +CVE-2023-37490 (SAP Business Objects Installer - versions 420, 430, allows an authenti ...) + NOT-FOR-US: SAP +CVE-2023-37488 (In SAP NetWeaverProcess Integration - versions SAP_XIESR 7.50, SAP_XIT ...) + NOT-FOR-US: SAP +CVE-2023-37487 (SAP Business One (Service Layer) - version 10.0, allows an authenticat ...) + NOT-FOR-US: SAP +CVE-2023-37486 (Under certain conditionsSAP Commerce(OCC API) - versions HY_COM 2105, ...) + NOT-FOR-US: SAP +CVE-2023-37484 (SAP PowerDesigner - version 16.7, queries all password hashes in the b ...) + NOT-FOR-US: SAP +CVE-2023-37483 (SAP PowerDesigner - version 16.7, has improper access control which mi ...) + NOT-FOR-US: SAP +CVE-2023-36926 (Due to missing authentication check in SAP Host Agent - version 7.22, ...) + NOT-FOR-US: SAP +CVE-2023-36923 (SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 ...) + NOT-FOR-US: SAP +CVE-2023-33993 (B1i module of SAP Business One - version 10.0, application allows an a ...) + NOT-FOR-US: SAP +CVE-2023-4205 + REJECTED +CVE-2023-4201 (A vulnerability was found in SourceCodester Inventory Management Syste ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4200 (A vulnerability has been found in SourceCodester Inventory Management ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4199 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4155 (A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in t ...) + {DSA-5492-1} + - linux 6.4.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7588dbcebcbf0193ab5b76987396d0254270b04a +CVE-2023-3896 (Divide By Zero in vim/vim from9.0.1367-1 to9.0.1367-3) + - vim 2:9.0.1894-1 (unimportant) + [buster] - vim (Vulnerable code introduced later) + NOTE: https://github.com/vim/vim/issues/12528 + NOTE: https://github.com/vim/vim/pull/12540 + NOTE: Introduced by: https://github.com/vim/vim/commit/361895d2a15b4b0bbbb4c009261eab5b3d69ebf1 (v9.0.0908) + NOTE: https://github.com/vim/vim/commit/8154e642aa476e1a5d3de66c34e8289845b2b797 (v9.0.1664) + NOTE: https://github.com/vim/vim/commit/e42989374144a63d986b878618aeac328e35ac3b (v9.0.1667) + NOTE: Crash in CLI tool, no security impact +CVE-2023-3671 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3650 (The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3575 (The Quiz And Survey Master WordPress plugin before 8.1.11 does not pro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3524 (The WPCode WordPress plugin before 2.0.13.1 does not escape generated ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3492 (The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3365 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-39550 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...) + NOT-FOR-US: Netgear +CVE-2023-39524 (PrestaShop is an open source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-39520 (Cryptomator encrypts data being stored on cloud infrastructure. The MS ...) + NOT-FOR-US: Cryptomator +CVE-2023-39363 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + NOT-FOR-US: Vyer +CVE-2023-39349 (Sentry is an error tracking and performance monitoring platform. Start ...) + NOT-FOR-US: Sentry +CVE-2023-38940 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were di ...) + NOT-FOR-US: Tenda +CVE-2023-38939 (Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-38938 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...) + NOT-FOR-US: Tenda +CVE-2023-38937 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...) + NOT-FOR-US: Tenda +CVE-2023-38936 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06. ...) + NOT-FOR-US: Tenda +CVE-2023-38935 (Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, ...) + NOT-FOR-US: Tenda +CVE-2023-38934 (Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was dis ...) + NOT-FOR-US: Tenda +CVE-2023-38933 (Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC ...) + NOT-FOR-US: Tenda +CVE-2023-38932 (Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2. ...) + NOT-FOR-US: Tenda +CVE-2023-38931 (Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06 ...) + NOT-FOR-US: Tenda +CVE-2023-38930 (Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC ...) + NOT-FOR-US: Tenda +CVE-2023-38929 (Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via th ...) + NOT-FOR-US: Tenda +CVE-2023-38928 (Netgear R7100LG 1.0.0.78 was discovered to contain a command injection ...) + NOT-FOR-US: Netgear +CVE-2023-38926 (Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Netgear +CVE-2023-38925 (Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were disc ...) + NOT-FOR-US: Netgear +CVE-2023-38924 (Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2023-38922 (Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0. ...) + NOT-FOR-US: Netgear +CVE-2023-38921 (Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain ...) + NOT-FOR-US: Netgear +CVE-2023-38704 (import-in-the-middle is a module loading interceptor specifically for ...) + NOT-FOR-US: Node import-in-the-middle +CVE-2023-38591 (Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer o ...) + NOT-FOR-US: Netgear +CVE-2023-38412 (Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer ov ...) + NOT-FOR-US: Netgear +CVE-2023-38392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38157 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38045 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Joomla advcomsys.com oneVote component +CVE-2023-38044 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Jooma extension +CVE-2023-36499 (Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer over ...) + NOT-FOR-US: Netgear +CVE-2023-36220 (Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a r ...) + NOT-FOR-US: Textpattern CMS +CVE-2023-36054 (lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 an ...) + {DLA-3626-1} + - krb5 1.20.1-3 (bug #1043431) + [bookworm] - krb5 1.20.1-2+deb12u1 + [bullseye] - krb5 1.18.3-6+deb11u4 + NOTE: https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd +CVE-2023-34477 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Joomla extension +CVE-2023-34476 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Joomla extension +CVE-2023-32783 (The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-32090 (Pega platform clients who are using versions 6.1 through 7.3.1 may be ...) + NOT-FOR-US: Pega +CVE-2023-2843 (The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4193 (A vulnerability has been found in SourceCodester Resort Reservation Sy ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-4192 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-4191 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-39903 (An issue was discovered in Fujitsu Software Infrastructure Manager (IS ...) + NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM) +CVE-2023-33913 (In DRM/oemcrypto, there is a possible out of bounds write due to an in ...) + NOT-FOR-US: Unisoc +CVE-2023-33912 (In Contacts service, there is a possible missing permission check.This ...) + NOT-FOR-US: Unisoc +CVE-2023-33911 (In vowifi service, there is a possible missing permission check.This c ...) + NOT-FOR-US: Unisoc +CVE-2023-33910 (In Contacts Service, there is a possible missing permission check.This ...) + NOT-FOR-US: Unisoc +CVE-2023-33909 (In Contacts service, there is a possible missing permission check.This ...) + NOT-FOR-US: Unisoc +CVE-2023-33908 (In ims service, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2023-33907 (In Contacts Service, there is a possible missing permission check. Thi ...) + NOT-FOR-US: Unisoc +CVE-2023-33906 (In Contacts Service, there is a possible missing permission check.This ...) + NOT-FOR-US: Unisoc +CVE-2022-48579 (UnRAR before 6.2.3 allows extraction of files outside of the destinati ...) + {DLA-3535-1} + - unrar-nonfree 1:6.2.3-1 (bug #1050080) + [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u2 + NOTE: https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee +CVE-2023-4196 (Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/co ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-4195 (PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prio ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-4186 (A vulnerability was found in SourceCodester Pharmacy Management System ...) + NOT-FOR-US: SourceCodester Pharmacy Management System +CVE-2023-4185 (A vulnerability was found in SourceCodester Online Hospital Management ...) + NOT-FOR-US: SourceCodester Online Hospital Management System +CVE-2023-4184 (A vulnerability was found in SourceCodester Inventory Management Syste ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4183 (A vulnerability has been found in SourceCodester Inventory Management ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4182 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Inventory Management System +CVE-2023-4181 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices +CVE-2023-4190 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) + NOT-FOR-US: admidio +CVE-2023-4180 (A vulnerability classified as critical was found in SourceCodester Fre ...) + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices +CVE-2023-4179 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Free Hospital Management System for Small Practices +CVE-2023-4177 (A vulnerability was found in EmpowerID up to 7.205.0.0. It has been ra ...) + NOT-FOR-US: EmpowerID +CVE-2023-4176 (A vulnerability was found in SourceCodester Hospital Management System ...) + NOT-FOR-US: SourceCodester Hospital Management System +CVE-2023-4175 (A vulnerability was found in mooSocial mooTravel 3.1.8 and classified ...) + NOT-FOR-US: mooSocial mooTravel +CVE-2023-4174 (A vulnerability has been found in mooSocial mooStore 3.1.6 and classif ...) + NOT-FOR-US: mooSocial mooStore +CVE-2023-4173 (A vulnerability, which was classified as problematic, was found in moo ...) + NOT-FOR-US: mooSocial mooStore +CVE-2023-4172 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System +CVE-2023-4171 (A vulnerability classified as problematic was found in Chengdu Flash F ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitoring and Warning System +CVE-2023-37874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Dimit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37873 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37581 (Insufficient input validation and sanitation in Weblog Category name, ...) + NOT-FOR-US: Apache Roller +CVE-2023-36689 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36686 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlow ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36678 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34377 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jose ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34010 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability insubmodule ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32600 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-4189 (Cross-site Scripting (XSS) - Reflected in GitHub repository instantsof ...) + NOT-FOR-US: icms2 +CVE-2023-4188 (SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-g ...) + NOT-FOR-US: icms2 +CVE-2023-4187 (Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/i ...) + NOT-FOR-US: icms2 +CVE-2023-4170 (A vulnerability was found in DedeBIZ 6.2.10. It has been rated as prob ...) + NOT-FOR-US: DedeBIZ +CVE-2023-4169 (A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been ...) + NOT-FOR-US: Ruijie RG-EW1200G +CVE-2023-4168 (A vulnerability was found in Templatecookie Adlisting 2.14.0. It has b ...) + NOT-FOR-US: Templatecookie Adlisting +CVE-2023-4167 (A vulnerability was found in Media Browser Emby Server 4.7.13.0 and cl ...) + NOT-FOR-US: Media Browser Emby Server +CVE-2023-4166 (A vulnerability has been found in Tongda OA and classified as critical ...) + NOT-FOR-US: Tongda OA +CVE-2023-4165 (A vulnerability, which was classified as critical, was found in Tongda ...) + NOT-FOR-US: Tongda OA +CVE-2023-39508 (Execution with Unnecessary Privileges, : Exposure of Sensitive Informa ...) + - airflow (bug #819700) +CVE-2023-39346 (LinuxASMCallGraph is software for drawing the call graph of the progra ...) + NOT-FOR-US: LinuxASMCallGraph +CVE-2023-38943 (ShuiZe_0x727 v1.0 was discovered to contain a remote command execution ...) + NOT-FOR-US: ShuiZe_0x727 +CVE-2023-36095 (An issue in Harrison Chase langchain v.0.0.194 allows an attacker to e ...) + NOT-FOR-US: Harrison Chase langchain +CVE-2023-33367 (A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 a ...) + NOT-FOR-US: Control ID IDSecure +CVE-2023-4159 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) + NOT-FOR-US: omeka-s +CVE-2023-4158 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) + NOT-FOR-US: omeka-s +CVE-2023-4157 (CWE-74 Improper Neutralization of Special Elements in Output Used by a ...) + NOT-FOR-US: omeka-s +CVE-2023-4156 (A heap out-of-bounds read flaw was found in builtin.c in the gawk pack ...) + - gawk 1:5.2.1-1 + [bullseye] - gawk (Minor issue) + [buster] - gawk (Minor issue, OOB read) + NOTE: https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html + NOTE: https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html + NOTE: https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0) +CVE-2023-4135 (A heap out-of-bounds memory read flaw was found in the virtual nvme de ...) + - qemu 1:8.0.4+dfsg-2 (bug #1050142) + [bookworm] - qemu (Vulnerable code not present) + [bullseye] - qemu (Vulnerable code not present) + [buster] - qemu (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2229101 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-21521 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/73064edfb864743cde2c08f319609344af02aeb3 (v8.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf (v8.1.0-rc4) +CVE-2023-39552 + REJECTED +CVE-2023-39551 (PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to ...) + NOT-FOR-US: PHPGurukul Online Security Guards Hiring System +CVE-2023-39379 (Fujitsu Software Infrastructure Manager (ISM) stores sensitive informa ...) + NOT-FOR-US: Fujitsu Software Infrastructure Manager (ISM) +CVE-2023-39344 (social-media-skeleton is an uncompleted social media project. A SQL in ...) + NOT-FOR-US: social-media-skeleton +CVE-2023-39143 (PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traver ...) + NOT-FOR-US: PaperCut +CVE-2023-39112 (ECShop v4.1.16 contains an arbitrary file deletion vulnerability in th ...) + NOT-FOR-US: ECShop +CVE-2023-39107 (An arbitrary file overwrite vulnerability in NoMachine Free Edition an ...) + NOT-FOR-US: NoMachine Free Edition +CVE-2023-38964 (Creative Item Academy LMS 6.0 was discovered to contain a cross-site s ...) + NOT-FOR-US: Creative Item Academy LMS +CVE-2023-38707 + REJECTED +CVE-2023-38702 (Knowage is an open source analytics and business intelligence suite. S ...) + NOT-FOR-US: Knowage +CVE-2023-38700 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...) + NOT-FOR-US: matrix-appservice-irc +CVE-2023-38699 (MindsDB's AI Virtual Database allows developers to connect any AI/ML m ...) + NOT-FOR-US: MindsDB AI Virtual Database +CVE-2023-38698 (Ethereum Name Service (ENS) is a distributed, open, and extensible nam ...) + NOT-FOR-US: Ethereum Name Service (ENS) +CVE-2023-38697 (protocol-http1 provides a low-level implementation of the HTTP/1 proto ...) + - ruby-protocol-http1 (bug #1043432) + [bookworm] - ruby-protocol-http1 (Minor issue) + [bullseye] - ruby-protocol-http1 (Minor issue) + NOTE: https://github.com/socketry/protocol-http1/pull/20 + NOTE: https://www.rfc-editor.org/rfc/rfc9112#name-chunked-transfer-coding + NOTE: https://github.com/socketry/protocol-http1/security/advisories/GHSA-6jwc-qr2q-7xwj + NOTE: https://github.com/socketry/protocol-http1/commit/e11fc164fd2b36f7b7e785e69fa8859eb06bcedd (v0.15.1) +CVE-2023-38696 + REJECTED +CVE-2023-38695 (cypress-image-snapshot shows visual regressions in Cypress with jest-i ...) + NOT-FOR-US: cypress-image-snapshot +CVE-2023-38692 (CloudExplorer Lite is an open source, lightweight cloud management pla ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-38691 (matrix-appservice-bridge provides an API for setting up bridges. Start ...) + NOT-FOR-US: matrix-appservice-bridge +CVE-2023-38690 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to ver ...) + NOT-FOR-US: matrix-appservice-irc +CVE-2023-38689 (Logistics Pipes is a modification (a.k.a. mod) for the computer game M ...) + NOT-FOR-US: Logistics Pipes +CVE-2023-38688 (twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, ...) + NOT-FOR-US: twitch-tui +CVE-2023-38686 (Sydent is an identity server for the Matrix communications protocol. P ...) + - matrix-sydent (bug #1043162) + NOTE: https://github.com/matrix-org/sydent/pull/574 + NOTE: https://github.com/matrix-org/sydent/commit/1cd748307c6b168b66154e6c4db715d4b9551261 (v2.5.6) + NOTE: https://github.com/matrix-org/sydent/security/advisories/GHSA-p6hw-wm59-3g5g +CVE-2023-38494 (MeterSphere is an open-source continuous testing platform. Prior to ve ...) + NOT-FOR-US: MeterSphere +CVE-2023-38487 (HedgeDoc is software for creating real-time collaborative markdown not ...) + NOT-FOR-US: HedgeDoc +CVE-2023-38332 (Zoho ManageEngine ADManager Plus through 7201 allow authenticated user ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-37896 (Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security ...) + NOT-FOR-US: Nuclei +CVE-2023-37470 (Metabase is an open-source business intelligence and analytics platfor ...) + NOT-FOR-US: Metabase +CVE-2023-36480 (The Aerospike Java client is a Java application that implements a netw ...) + NOT-FOR-US: Aerospike Java client +CVE-2023-34038 (VMware Horizon Server contains an information disclosure vulnerability ...) + NOT-FOR-US: VMware +CVE-2023-34037 (VMware Horizon Server contains a HTTP request smuggling vulnerability. ...) + NOT-FOR-US: VMware +CVE-2023-33379 (Connected IO v2.1.0 and prior has a misconfiguration in their MQTT bro ...) + NOT-FOR-US: Connected IO +CVE-2023-33378 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...) + NOT-FOR-US: Connected IO +CVE-2023-33377 (Connected IO v2.1.0 and prior has an OS command injection vulnerabilit ...) + NOT-FOR-US: Connected IO +CVE-2023-33376 (Connected IO v2.1.0 and prior has an argument injection vulnerability ...) + NOT-FOR-US: Connected IO +CVE-2023-33375 (Connected IO v2.1.0 and prior has a stack-based buffer overflow vulner ...) + NOT-FOR-US: Connected IO +CVE-2023-33374 (Connected IO v2.1.0 and prior has a command as part of its communicati ...) + NOT-FOR-US: Connected IO +CVE-2023-33373 (Connected IO v2.1.0 and prior keeps passwords and credentials in clear ...) + NOT-FOR-US: Connected IO +CVE-2023-33372 (Connected IO v2.1.0 and prior uses a hard-coded username/password pair ...) + NOT-FOR-US: Connected IO +CVE-2022-4955 (Inappropriate implementation in DevTools in Google Chrome prior to 108 ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4142 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) + NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress +CVE-2023-4141 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Rem ...) + NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress +CVE-2023-4140 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to pri ...) + NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress +CVE-2023-4139 (The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sen ...) + NOT-FOR-US: WP Ultimate CSV Importer plugin for WordPress +CVE-2023-3373 (Predictable Exact Value from Previous Values vulnerability in Mitsubis ...) + NOT-FOR-US: Mitsubishi +CVE-2023-39343 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2023-38991 (An issue in the delete function in the ActModelController class of jee ...) + NOT-FOR-US: jeesite +CVE-2023-38952 (Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticate ...) + NOT-FOR-US: ZKTeco BioTime +CVE-2023-38951 (A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attacke ...) + NOT-FOR-US: ZKTeco BioTime +CVE-2023-38950 (A path traversal vulnerability in the iclock API of ZKTeco BioTime v8. ...) + NOT-FOR-US: ZKTeco BioTime +CVE-2023-38949 (An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticat ...) + NOT-FOR-US: ZKTeco BioTime +CVE-2023-38941 (django-sspanel v2022.2.2 was discovered to contain a remote command ex ...) + NOT-FOR-US: django-sspanel +CVE-2023-38708 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...) + NOT-FOR-US: Pimcore +CVE-2023-37501 (A Persistent XSS vulnerability can be carried out in a certain field o ...) + NOT-FOR-US: Unica Campaign +CVE-2023-37500 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...) + NOT-FOR-US: Unica Platform +CVE-2023-37499 (A Persistent Cross-site Scripting (XSS) vulnerability can be carried o ...) + NOT-FOR-US: Unica Platform +CVE-2023-37498 (A user is capable of assigning him/herself to arbitrary groups by reus ...) + NOT-FOR-US: HCL +CVE-2023-37497 (The Unica application exposes an API which accepts arbitrary XML input ...) + NOT-FOR-US: Unica application +CVE-2023-36159 (Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Fo ...) + NOT-FOR-US: Sourcecodester Lost and Found Information System +CVE-2023-36158 (Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Ma ...) + NOT-FOR-US: sourcecodester Toll Tax Management System +CVE-2023-36141 (User enumeration is found in in PHPJabbers Cleaning Business Software ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36139 (In PHPJabbers Cleaning Business Software 1.0, lack of verification whe ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36138 (PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36137 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) + NOT-FOR-US: PHPJabbers Class Scheduling System +CVE-2023-36135 (User enumeration is found in in PHPJabbers Class Scheduling System v1. ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36134 (In PHP Jabbers Class Scheduling System 1.0, lack of verification when ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36133 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Acc ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36132 (PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorre ...) + NOT-FOR-US: PHPJabbers +CVE-2023-36131 (PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrec ...) + NOT-FOR-US: PHPJabbers +CVE-2023-33665 (ai-dev aitable before v0.2.2 was discovered to contain a SQL injection ...) + NOT-FOR-US: ai-dev aitable +CVE-2023-38497 (Cargo downloads the Rust project\u2019s dependencies and compiles the ...) + - cargo (bug #1043553) + [bookworm] - cargo (Minor issue) + [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue, hard to exploit) + - rust-cargo (bug #1043554) + [bookworm] - rust-cargo (Minor issue) + [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue, hard to exploit) + NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/2 + NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2023-38497 + NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-j3xp-wfr4-hx87 +CVE-2023-3995 + REJECTED +CVE-2023-4147 (A use-after-free flaw was found in the Linux kernel\u2019s Netfilter f ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0ebc1064e4874d5987722a2ddbc18f94aa53b211 (6.5-rc4) +CVE-2023-4145 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/custo ...) + NOT-FOR-US: pimcore/customer-data-framework +CVE-2023-4138 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2023-4136 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: CrafterCMS +CVE-2023-4134 [Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()] + - linux 6.4.4-1 (unimportant) + NOTE: https://git.kernel.org/linus/dbe836576f12743a7d2d170ad4ad4fd324c4d47a (6.5-rc1) + NOTE: TOUCHSCREEN_CYTTSP4_CORE not enabled in Debian +CVE-2023-4133 (A use-after-free vulnerability was found in the cxgb4 driver in the Li ...) + - linux 6.3.7-1 + NOTE: https://git.kernel.org/linus/e50b9b9e8610d47b7c22529443e45a16b1ea3a15 (6.3) +CVE-2023-4132 (A use-after-free vulnerability was found in the siano smsusb module in ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.4-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221707 + NOTE: https://git.kernel.org/linus/ebad8e731c1c06adf04621d6fd327b860c0861b5 (6.3-rc1) + NOTE: https://git.kernel.org/linus/6f489a966fbeb0da63d45c2c66a8957eab604bf6 (6.5-rc1) +CVE-2023-4127 (Race Condition within a Thread in GitHub repository answerdev/answer p ...) + NOT-FOR-US: answerdev/answer +CVE-2023-4126 (Insufficient Session Expiration in GitHub repository answerdev/answer ...) + NOT-FOR-US: answerdev/answer +CVE-2023-4125 (Weak Password Requirements in GitHub repository answerdev/answer prior ...) + NOT-FOR-US: answerdev/answer +CVE-2023-4124 (Missing Authorization in GitHub repository answerdev/answer prior to v ...) + NOT-FOR-US: answerdev/answer +CVE-2023-4121 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-4120 (A vulnerability was found in Beijing Baichuo Smart S85F Management Pla ...) + NOT-FOR-US: Beijing Baichuo Smart S85F Management Platform +CVE-2023-4119 (A vulnerability has been found in Academy LMS 6.0 and classified as pr ...) + NOT-FOR-US: Academy LMS +CVE-2023-4118 (A vulnerability, which was classified as problematic, was found in Cut ...) + NOT-FOR-US: Cute HTTP File Server +CVE-2023-4117 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: PHP Jabbers Rental Property Booking +CVE-2023-4116 (A vulnerability classified as problematic was found in PHP Jabbers Tax ...) + NOT-FOR-US: PHP Jabbers Taxi Booking +CVE-2023-4115 (A vulnerability classified as problematic has been found in PHP Jabber ...) + NOT-FOR-US: PHP Jabbers Cleaning Business +CVE-2023-4114 (A vulnerability was found in PHP Jabbers Night Club Booking Software 1 ...) + NOT-FOR-US: PHP Jabbers Night Club Booking Software +CVE-2023-4113 (A vulnerability was found in PHP Jabbers Service Booking Script 1.0. I ...) + NOT-FOR-US: PHP Jabbers Service Booking Script +CVE-2023-4112 (A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. ...) + NOT-FOR-US: PHP Jabbers Shuttle Booking Software +CVE-2023-4111 (A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 an ...) + NOT-FOR-US: PHP Jabbers Bus Reservation System +CVE-2023-4110 (A vulnerability has been found in PHP Jabbers Availability Booking Cal ...) + NOT-FOR-US: PHP Jabbers Availability Booking Calendar +CVE-2023-3932 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-3766 (A vulnerability was discovered in the odoh-rs rust crate that stems fr ...) + NOT-FOR-US: odoh-rs Rust crate +CVE-2023-3749 (A local user could edit the VideoEdge configuration file and interfere ...) + NOT-FOR-US: VideoEdge +CVE-2023-3669 (A missing Brute-Force protection in CODESYS Development System prior t ...) + NOT-FOR-US: Codesys +CVE-2023-3663 (In CODESYS Development System versions from 3.5.11.20 and before 3.5.1 ...) + NOT-FOR-US: Codesys +CVE-2023-3662 (In CODESYS Development System versions from 3.5.17.0 and prior to 3.5. ...) + NOT-FOR-US: Codesys +CVE-2023-3348 (The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) ...) + NOT-FOR-US: Wrangler +CVE-2023-3346 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Mitsubishi +CVE-2023-3329 (SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable t ...) + NOT-FOR-US: SpiderControl SCADA Webserver +CVE-2023-3180 (A flaw was found in the QEMU virtual crypto device while handling data ...) + {DLA-3604-1} + - qemu 1:8.0.4+dfsg-1 + [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/04b9b37edda85964cca033a48dcc0298036782f2 (v2.8.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 (master) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f (v8.0.4) +CVE-2023-39144 (Element55 KnowMore appliances version 21 and older was discovered to s ...) + NOT-FOR-US: Element55 +CVE-2023-39121 (emlog v2.1.9 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: emlog +CVE-2023-39114 (ngiflib commit 84a75 was discovered to contain a segmentation violatio ...) + NOT-FOR-US: ngiflib +CVE-2023-39113 (ngiflib commit fb271 was discovered to contain a segmentation violatio ...) + NOT-FOR-US: ngiflib +CVE-2023-39097 (WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) v ...) + NOT-FOR-US: WebBoss.io CMS +CVE-2023-39096 (WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) v ...) + NOT-FOR-US: WebBoss.io CMS +CVE-2023-39075 (Renault Zoe EV 2021 automotive infotainment system versions 283C35202R ...) + NOT-FOR-US: Renault +CVE-2023-38958 (An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthen ...) + NOT-FOR-US: ZKTeco BioAccess +CVE-2023-38956 (A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows u ...) + NOT-FOR-US: ZKTeco BioAccess +CVE-2023-38955 (ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain ...) + NOT-FOR-US: ZKTeco BioAccess +CVE-2023-38954 (ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection ...) + NOT-FOR-US: ZKTeco BioAccess +CVE-2023-38948 (An arbitrary file download vulnerability in the /c/PluginsController.p ...) + NOT-FOR-US: jizhi CMS +CVE-2023-38947 (An arbitrary file upload vulnerability in the /languages/install.php c ...) + NOT-FOR-US: WBCE CMS +CVE-2023-38942 (Dango-Translator v4.5.5 was discovered to contain a remote command exe ...) + NOT-FOR-US: Dango-Translator +CVE-2023-38812 + REJECTED +CVE-2023-38748 (Use after free vulnerability exists in CX-Programmer Included in CX-On ...) + NOT-FOR-US: CX-One CXONE-AL[][]D-V4 +CVE-2023-38747 (Heap-based buffer overflow vulnerability exists in CX-Programmer Inclu ...) + NOT-FOR-US: CX-One CXONE-AL[][]D-V4 +CVE-2023-38746 (Out-of-bounds read vulnerability/issue exists in CX-Programmer Include ...) + NOT-FOR-US: CX-One CXONE-AL[][]D-V4 +CVE-2023-38744 (Denial-of-service (DoS) vulnerability due to improper validation of sp ...) + NOT-FOR-US: OMRON +CVE-2023-37679 (A remote command execution (RCE) vulnerability in NextGen Mirth Connec ...) + NOT-FOR-US: NextGen Mirth Connect +CVE-2023-37559 (After successful authentication as a user in multiple Codesys products ...) + NOT-FOR-US: Codesys +CVE-2023-37558 (After successful authentication as a user in multiple Codesys products ...) + NOT-FOR-US: Codesys +CVE-2023-37557 (After successful authentication as a user in multiple Codesys products ...) + NOT-FOR-US: Codesys +CVE-2023-37556 (In multiple versions of multiple Codesys products, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37555 (In multiple versions of multiple Codesys products, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37554 (In multiple versions of multiple Codesys products, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37553 (In multiple versions of multiple Codesys products, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37552 (In multiple versions of multiple Codesys products, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37551 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37550 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37549 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37548 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37547 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37546 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37545 (In multiple Codesys products in multiple versions, after successful au ...) + NOT-FOR-US: Codesys +CVE-2023-37364 (In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapt ...) + NOT-FOR-US: WS-Inc J WBEM Server +CVE-2023-36299 (A File Upload vulnerability in typecho v.1.2.1 allows a remote attacke ...) + NOT-FOR-US: typecho +CVE-2023-36298 (DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote co ...) + NOT-FOR-US: DedeCMS +CVE-2023-36255 (An issue in Eramba Limited Eramba Enterprise and Community edition v.3 ...) + NOT-FOR-US: Eramba Limited Eramba Enterprise +CVE-2023-36217 (Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remo ...) + NOT-FOR-US: Xoops CMS +CVE-2023-36213 (SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacke ...) + NOT-FOR-US: MotoCMS +CVE-2023-36212 (File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacke ...) + NOT-FOR-US: Total CMS +CVE-2023-36082 (An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a ...) + NOT-FOR-US: GatesAIr Flexiva FM Transmitter/Exiter Fax 150W +CVE-2023-35081 (A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.1 ...) + NOT-FOR-US: Ivanti +CVE-2023-34196 (In the Keyfactor EJBCA before 8.0.0, the RA web certificate distributi ...) + NOT-FOR-US: Keyfactor EJBCA +CVE-2023-33666 (ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain ...) + NOT-FOR-US: ai-dev aioptimizedcombinations +CVE-2023-33371 (Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic ...) + NOT-FOR-US: Control ID IDSecure +CVE-2023-33370 (An uncaught exception vulnerability exists in Control ID IDSecure 4.7. ...) + NOT-FOR-US: Control ID IDSecure +CVE-2023-33369 (A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 ...) + NOT-FOR-US: Control ID IDSecure +CVE-2023-33368 (Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfi ...) + NOT-FOR-US: Control ID IDSecure +CVE-2023-33366 (A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1 ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-33365 (A path traversal vulnerability exists in Suprema BioStar 2 before 2.9. ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-33364 (An OS Command injection vulnerability exists in Suprema BioStar 2 befo ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-33363 (An authentication bypass vulnerability exists in Suprema BioStar 2 bef ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-32764 (Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate ...) + NOT-FOR-US: Fabasoft Cloud Enterprise Client +CVE-2023-2754 (The Cloudflare WARP client for Windows assigns loopback IPv4 addresses ...) + NOT-FOR-US: Cloudflare WARP client for Windows +CVE-2023-4104 (An invalid Polkit Authentication check and missing authentication requ ...) + - mozillavpn (bug #1043004) + NOTE: https://www.openwall.com/lists/oss-security/2023/08/03/1 + NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055 + NOTE: https://github.com/mozilla-mobile/mozilla-vpn-client/commit/6933a07164cd69636889403c959ac2c2b115e0f6 +CVE-2023-3971 (An HTML injection flaw was found in Controller in the user interface s ...) + NOT-FOR-US: Red Hat Ansible Automation Controller +CVE-2023-34320 (Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where ...) + - xen 4.17.2-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://www.openwall.com/lists/oss-security/2023/08/01/1 + NOTE: https://xenbits.xen.org/xsa/advisory-436.html +CVE-2023-4078 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4077 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4076 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allo ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4075 (Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowe ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4074 (Use after free in Blink Task Scheduling in Google Chrome prior to 115. ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4073 (Out of bounds memory access in ANGLE in Google Chrome on Mac prior to ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4072 (Out of bounds read and write in WebGL in Google Chrome prior to 115.0. ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4071 (Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.1 ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4070 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4069 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4068 (Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed ...) + {DSA-5467-1} + - chromium 115.0.5790.170-1 + [buster] - chromium (see DSA 5046) +CVE-2023-4067 (The Bus Ticket Booking with Seat Reservation plugin for WordPress is v ...) + NOT-FOR-US: Bus Ticket Booking with Seat Reservation plugin for WordPress +CVE-2023-3978 (Text nodes not in the HTML namespace are incorrectly literally rendere ...) + - golang-golang-x-net 1:0.14.0-1 (bug #1043163) + [bookworm] - golang-golang-x-net (Minor issue) + [bullseye] - golang-golang-x-net (Minor issue) + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/cl/514896 + NOTE: https://go.dev/issue/61615 + NOTE: https://pkg.go.dev/vuln/GO-2023-1988 + NOTE: https://github.com/golang/net/commit/8ffa475fbdb33da97e8bf79cc5791ee8751fca5e (v0.13.0) +CVE-2023-3470 (Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generat ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-3426 (The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, ...) + NOT-FOR-US: Liferay +CVE-2023-38423 (A cross-site scripting (XSS) vulnerability exists in an undisclosed pa ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-38419 (An authenticated attacker with guest privileges or higher can cause th ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-38418 (The BIG-IP Edge Client Installer on macOS does not follow best practic ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-38330 (OXID eShop Enterprise Edition 6.5.0 \u2013 6.5.2 before 6.5.3 allows u ...) + NOT-FOR-US: OXID eShop Enterprise Edition +CVE-2023-38138 (A reflected cross-site scripting (XSS) vulnerability exists in an undi ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-36858 (An insufficient verification of data vulnerability exists in BIG-IP Ed ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-36494 (Audit logs on F5OS-A may contain undisclosed sensitive information. No ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-36081 (Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/ ...) + NOT-FOR-US: GatesAIr Flexiva FM Transmitter +CVE-2023-33383 (Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to ...) + NOT-FOR-US: Shelly 4PM Pro four-channel smart switch +CVE-2023-33257 (Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML ...) + NOT-FOR-US: Verint Engagement Management +CVE-2023-4016 (Under some circumstances, this weakness allows a user who has access t ...) + - procps 2:4.0.4-1 (bug #1042887) + [bookworm] - procps (Minor issue) + [bullseye] - procps (Minor issue) + [buster] - procps (Minor issue, DoS, rare conditions) + NOTE: https://gitlab.com/procps-ng/procps/-/issues/297 + NOTE: https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 +CVE-2023-3739 (Insufficient validation of untrusted input in Chromad in Google Chrome ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3731 (Use after free in Diagnostics in Google Chrome on ChromeOS prior to 11 ...) + NOT-FOR-US: Google Chrome on ChromeOS +CVE-2023-3729 (Use after free in Splitscreen in Google Chrome on ChromeOS prior to 11 ...) + NOT-FOR-US: Google Chrome on ChromeOS +CVE-2023-3494 (The fwctl driver implements a state machine which is executed when a b ...) + NOT-FOR-US: bhyve +CVE-2023-3107 (A set of carefully crafted ipv6 packets can trigger an integer overflo ...) + NOT-FOR-US: FreeBSD +CVE-2023-38990 (An issue in the delete function in the MenuController class of jeesite ...) + NOT-FOR-US: jeesite +CVE-2023-38556 (Improper input validation vulnerability in SEIKO EPSON printer Web Con ...) + NOT-FOR-US: SEIKO +CVE-2023-36351 (An issue in Viatom Health ViHealth for Android v.2.74.58 and before al ...) + NOT-FOR-US: Viatom Health ViHealth for Android +CVE-2023-36121 (Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote att ...) + NOT-FOR-US: e107 +CVE-2023-36118 (Cross Site Scripting vulnerability in Faculty Evaulation System using ...) + NOT-FOR-US: Faculty Evaulation System +CVE-2023-34869 (PHPJabbers Catering System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: PHPJabbers Catering System +CVE-2023-33564 (There is a Cross Site Scripting (XSS) vulnerability in the "theme" par ...) + NOT-FOR-US: PHPJabbers Time Slots Booking Calendar +CVE-2023-33563 (In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification ...) + NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar +CVE-2023-33562 (User enumeration is found in in PHP Jabbers Time Slots Booking Calenda ...) + NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar +CVE-2023-33561 (Improper input validation of password parameter in PHP Jabbers Time Sl ...) + NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar +CVE-2023-33560 (There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter ...) + NOT-FOR-US: PHP Jabbers Time Slots Booking Calendar +CVE-2023-31928 (A reflected cross-site scripting (XSS) vulnerability exists in Brocade ...) + NOT-FOR-US: Brocade +CVE-2023-31927 (An information disclosure in the web interface of Brocade Fabric OS ve ...) + NOT-FOR-US: Brocade +CVE-2023-31926 (System files could be overwritten using the less command in Brocade Fa ...) + NOT-FOR-US: Brocade +CVE-2023-31432 (Through manipulation of passwords or other variables, using commands s ...) + NOT-FOR-US: Brocade +CVE-2023-31431 (A buffer overflow vulnerability in \u201cdiagstatus\u201d command in B ...) + NOT-FOR-US: Brocade +CVE-2023-31430 (A buffer overflow vulnerability in \u201csecpolicydelete\u201d command ...) + NOT-FOR-US: Brocade +CVE-2023-31429 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...) + NOT-FOR-US: Brocade +CVE-2023-31428 (Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a ...) + NOT-FOR-US: Brocade +CVE-2023-31427 (Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2. ...) + NOT-FOR-US: Brocade +CVE-2023-31426 (The Brocade Fabric OS Commands \u201cconfigupload\u201d and \u201cconf ...) + NOT-FOR-US: Brocade +CVE-2023-31425 (A vulnerability in the fosexec command of Brocade Fabric OS after Broc ...) + NOT-FOR-US: Brocade +CVE-2023-4008 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-4011 (An issue has been discovered in GitLab EE affecting all versions from ...) + - gitlab (Specific to EE) +CVE-2023-4002 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-3993 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-3994 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-3900 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab +CVE-2023-3500 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-3401 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-3385 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-3364 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-3301 (A flaw was found in QEMU. The async nature of hot-unplug enables a rac ...) + - qemu 1:8.0.3+dfsg-1 + [bookworm] - qemu (Minor issue) + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + [buster] - qemu (vhost-vdpa introduced in v5.1) + NOTE: https://github.com/qemu/qemu/commit/a0d7215e339b61c7d7a7b3fcf754954d80d93eb8 (v8.1.0-rc0) + NOTE: https://github.com/qemu/qemu/commit/aab37b2002811f112d5c26337473486d7d585881 (v8.0.3) +CVE-2023-3718 (An authenticated command injection vulnerability exists in the AOS-CX ...) + NOT-FOR-US: Aruba +CVE-2023-39147 (An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attacker ...) + NOT-FOR-US: Uvdesk +CVE-2023-39110 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) + NOT-FOR-US: rConfig +CVE-2023-39109 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) + NOT-FOR-US: rConfig +CVE-2023-39108 (rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery ...) + NOT-FOR-US: rConfig +CVE-2023-38560 (An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_ ...) + - ghostscript 10.02.0~dfsg-1 (unimportant) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706898 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=b7eb1d0174cb25a0cd44a1c0706c2ed73fc95bef (ghostpdl-10.02.0rc1) + NOTE: Issue in PCL support shipped sourcewise in src:ghostscript +CVE-2023-38559 (A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_w ...) + {DLA-3519-1} + - ghostscript 10.02.0~dfsg-1 (bug #1043033) + [bookworm] - ghostscript 10.0.0~dfsg-11+deb12u2 + [bullseye] - ghostscript 9.53.3~dfsg-7+deb11u6 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706897 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (ghostpdl-10.02.0rc1) +CVE-2023-38357 (Session tokens in RWS WorldServer 11.7.3 and earlier have a low entrop ...) + NOT-FOR-US: RWS WorldServer +CVE-2023-37478 (pnpm is a package manager. It is possible to construct a tarball that, ...) + NOT-FOR-US: pnpm +CVE-2023-36211 (The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting ...) + NOT-FOR-US: Barebones CMS +CVE-2023-36210 (MotoCMS Version 3.4.3 Store Category Template was discovered to contai ...) + NOT-FOR-US: MotoCMS +CVE-2023-34634 (Greenshot 1.2.10 and below allows arbitrary code execution because .NE ...) + NOT-FOR-US: Greenshot +CVE-2023-34552 (In certain EZVIZ products, two stack based buffer overflows in mulicas ...) + NOT-FOR-US: EZVIZ +CVE-2023-34551 (In certain EZVIZ products, two stack buffer overflows in netClientSetW ...) + NOT-FOR-US: EZVIZ +CVE-2023-33493 (An Unrestricted Upload of File with Dangerous Type vulnerability in th ...) + NOT-FOR-US: Prestashop addon +CVE-2023-32302 + REJECTED +CVE-2023-31710 (TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1. ...) + NOT-FOR-US: TP-Link +CVE-2023-4058 (Memory safety bugs present in Firefox 115. Some of these bugs showed e ...) + - firefox 116.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4058 +CVE-2023-4057 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thun ...) + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + [bookworm] - firefox-esr (Only affects Firefox ESR 115.1) + [bullseye] - firefox-esr (Only affects Firefox ESR 115.1) + [buster] - firefox-esr (Only affects Firefox ESR 115.1) + - thunderbird 1:115.1.0-1 + [bookworm] - thunderbird (Only affects Thunderbird 115.1) + [bullseye] - thunderbird (Only affects Thunderbird 115.1) + [buster] - thunderbird (Only affects Thunderbird 115.1) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4057 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4057 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4057 +CVE-2023-4056 (Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4056 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4056 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4056 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4056 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4056 +CVE-2023-4055 (When the number of cookies per domain was exceeded in `document.cookie ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4055 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4055 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4055 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4055 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4055 +CVE-2023-4054 (When opening appref-ms files, Firefox did not warn the user that these ...) + - firefox (Affects only Firefox on Windows) + - firefox-esr (Affects only Firefox on Windows) + - thunderbird (Affects only Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4054 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4054 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4054 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4054 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4054 +CVE-2023-4053 (A website could have obscured the full screen notification by using a ...) + - firefox 116.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4053 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4053 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4053 +CVE-2023-4052 (The Firefox updater created a directory writable by non-privileged use ...) + - firefox (Affects only Firefox on Windows) + - firefox-esr (Affects only Firefox ESR 115.0.1 on Windows) + - thunderbird (Affects only Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4052 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4052 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4052 +CVE-2023-4051 (A website could have obscured the full screen notification by using th ...) + - firefox 116.0-1 + - firefox-esr 115.2.0esr-1 + [bookworm] - firefox-esr (ESR 102 not affected) + [bullseye] - firefox-esr (ESR 102 not affected) + [buster] - firefox-esr (ESR 102 not affected) + - thunderbird 1:115.2.0-1 + [bookworm] - thunderbird (ESR 102 not affected) + [bullseye] - thunderbird (ESR 102 not affected) + [buster] - thunderbird (ESR 102 not affected) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4051 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/#CVE-2023-4051 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/#CVE-2023-4051 +CVE-2023-4050 (In some cases, an untrusted input stream was copied to a stack buffer ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4050 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4050 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4050 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4050 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4050 +CVE-2023-4049 (Race conditions in reference counting code were found through code ins ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4049 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4049 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4049 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4049 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4049 +CVE-2023-4048 (An out-of-bounds read could have led to an exploitable crash when pars ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4048 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4048 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4048 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4048 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4048 +CVE-2023-4047 (A bug in popup notifications delay calculation could have made it poss ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4047 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4047 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4047 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4047 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4047 +CVE-2023-4046 (In some circumstances, a stale value could have been used for a global ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4046 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4046 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4046 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4046 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4046 +CVE-2023-4045 (Offscreen Canvas did not properly track cross-origin tainting, which c ...) + {DSA-5469-1 DSA-5464-1 DLA-3523-1 DLA-3521-1} + - firefox 116.0-1 + - firefox-esr 115.1.0esr-1 + - thunderbird 1:115.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-29/#CVE-2023-4045 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-30/#CVE-2023-4045 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/#CVE-2023-4045 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-32/#CVE-2023-4045 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/#CVE-2023-4045 +CVE-2023-36325 [Attackers can de-anonymize i2p hidden services with a message replay attack] + - i2p (bug #1043161) + NOTE: https://xeiaso.net/blog/CVE-2023-36325 + NOTE: https://geti2p.net/en/blog/post/2023/06/25/new_release_2.3.0 + NOTE: https://i2pgit.org/i2p-hackers/i2p.i2p/-/commit/82aa4e19fbb37ca1bd752ec1b836120beec0985f (i2p-2.3.0) +CVE-2023-4033 (OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0 ...) + NOT-FOR-US: mlflow +CVE-2023-3825 (PTC\u2019s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to bein ...) + NOT-FOR-US: PTC KEPServerEX +CVE-2023-3462 (HashiCorp's Vault and Vault Enterprise are vulnerable to user enumerat ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-39122 (BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Serv ...) + NOT-FOR-US: BMC Control-M Software +CVE-2023-37772 (Online Shopping Portal Project v3.1 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Shopping Portal Project +CVE-2023-37496 (HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulner ...) + NOT-FOR-US: HCL +CVE-2023-36984 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.) + NOT-FOR-US: LavaLite CMS +CVE-2023-36983 (LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.) + NOT-FOR-US: LavaLite CMS +CVE-2023-34960 (A command injection vulnerability in the wsConvertPpt component of Cha ...) + NOT-FOR-US: Chamilo CMS +CVE-2023-4026 + REJECTED +CVE-2023-4010 (A flaw was found in the USB Host Controller Driver framework in the Li ...) + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2227726 + NOTE: https://github.com/wanrenmi/a-usb-kernel-bug +CVE-2023-3997 (Splunk SOAR versions lower than 6.1.0 are indirectly affected by a pot ...) + NOT-FOR-US: Splunk SOAR +CVE-2023-3983 (An authenticated SQL injection vulnerability exists in Advantech iView ...) + NOT-FOR-US: Advantech iView +CVE-2023-3817 (Issue summary: Checking excessively long DH keys or parameters may be ...) + {DLA-3530-1} + - openssl 3.0.10-1 + [bookworm] - openssl 3.0.10-1~deb12u1 + [bullseye] - openssl 1.1.1v-0~deb11u1 + NOTE: https://www.openssl.org/news/secadv/20230731.txt + NOTE: https://www.openwall.com/lists/oss-security/2023/07/31/1 + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1c16253f3c3a8d1e25918c3f404aae6a5b0893de (master) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5 (openssl-3.1.2) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f (openssl-3.0.10) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5 (OpenSSL_1_1_1v) +CVE-2023-3508 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3507 (The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3345 (The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3292 (The grid-kit-premium WordPress plugin before 2.2.0 does not escape som ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3134 (The Forminator WordPress plugin before 1.24.4 does not properly escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3130 (The Short URL WordPress plugin before 1.6.5 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38989 (An issue in the delete function in the UserController class of jeesite ...) + NOT-FOR-US: jeesite +CVE-2023-38750 (In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 ...) + NOT-FOR-US: Zimbra +CVE-2023-38311 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) + - webmin +CVE-2023-38310 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) + - webmin +CVE-2023-38309 (An issue was discovered in Webmin 2.021. A Reflected Cross-Site Script ...) + - webmin +CVE-2023-38308 (An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) ...) + - webmin +CVE-2023-38307 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) + - webmin +CVE-2023-38306 (An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) ...) + - webmin +CVE-2023-38305 (An issue was discovered in Webmin 2.021. The download functionality al ...) + - webmin +CVE-2023-38304 (An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting ...) + - webmin +CVE-2023-38303 (An issue was discovered in Webmin 2.021. One can exploit a stored Cros ...) + - webmin +CVE-2023-37771 (Art Gallery Management System v1.0 contains a SQL injection vulnerabil ...) + NOT-FOR-US: Art Gallery Management System +CVE-2023-37647 (SEMCMS v1.5 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: SEMCMS +CVE-2023-37580 (Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the ...) + NOT-FOR-US: Zimbra +CVE-2023-36092 (Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows ...) + NOT-FOR-US: D-Link +CVE-2023-36091 (Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows ...) + NOT-FOR-US: D-Link +CVE-2023-36090 (Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows ...) + NOT-FOR-US: D-Link +CVE-2023-36089 (Authentication Bypass vulnerability in D-Link DIR-645 firmware version ...) + NOT-FOR-US: D-Link +CVE-2023-35861 (A shell-injection vulnerability in email notifications on Supermicro m ...) + NOT-FOR-US: Supermicro +CVE-2023-35792 (Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scrip ...) + NOT-FOR-US: Vound Intella Connect +CVE-2023-35791 (Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.) + NOT-FOR-US: Vound Intella Connect +CVE-2023-34917 (Fuge CMS v1.0 contains an Open Redirect vulnerability in member/Regist ...) + NOT-FOR-US: Fuge CMS +CVE-2023-34916 (Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/Proce ...) + NOT-FOR-US: Fuge CMS +CVE-2023-34872 (A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a re ...) + [experimental] - poppler 23.08.0-1 + - poppler (bug #1042811) + [bookworm] - poppler (Minor issue) + [bullseye] - poppler (Vulnerable code introduced later) + [buster] - poppler (Vulnerable code introduced later) + NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/fa494b780ab69ef04ba7447ab6d8fc3b46373e59 (poppler-21.08.0) + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe (poppler-23.06.0) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399 +CVE-2023-34842 (Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows ...) + NOT-FOR-US: DedeCMS +CVE-2023-34644 (Remote code execution vulnerability in Ruijie Networks Product: RG-EW ...) + NOT-FOR-US: Ruijie +CVE-2023-34635 (Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injec ...) + NOT-FOR-US: Wifi Soft Unibox Administration +CVE-2023-33534 (A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intellig ...) + NOT-FOR-US: Guanzhou Tozed Kangwei +CVE-2020-36763 (Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote a ...) + NOT-FOR-US: DuxCMS +CVE-2023-4007 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-4006 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: phpmyfaq +CVE-2023-4005 (Insufficient Session Expiration in GitHub repository fossbilling/fossb ...) + NOT-FOR-US: fossbilling +CVE-2023-35019 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...) + NOT-FOR-US: IBM +CVE-2023-35016 (IBM Security Verify Governance, Identity Manager 10.0 could allow a re ...) + NOT-FOR-US: IBM +CVE-2023-34360 (A stored cross-site scripting (XSS) issue was discovered within the Cu ...) + NOT-FOR-US: ASUS +CVE-2023-34359 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...) + NOT-FOR-US: ASUS +CVE-2023-34358 (ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. ...) + NOT-FOR-US: ASUS +CVE-2023-4004 (A use-after-free flaw was found in the Linux kernel's netfilter in the ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/87b5a5c209405cb6b57424cdfa226a6dbd349232 (6.5-rc3) +CVE-2023-3976 + NOT-FOR-US: Red Hat OpenStack Platform +CVE-2023-37219 (Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formul ...) + NOT-FOR-US: Tadiran Telecom Composit +CVE-2023-37218 (Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a ...) + NOT-FOR-US: Tadiran Telecom Aeonix +CVE-2023-37217 (Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy) + NOT-FOR-US: Tadiran Telecom Aeonix +CVE-2023-37216 (AnaSystem SensMini M4 \u2013 Using the configuration tool, an authenti ...) + NOT-FOR-US: AnaSystem SensMini M4 +CVE-2023-37215 (JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials) + NOT-FOR-US: JBL soundbar multibeam +CVE-2023-37214 (Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.) + NOT-FOR-US: Heights Telecom ERO1xS-Pro Dual-Band FW +CVE-2023-37213 (Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection') + NOT-FOR-US: Synel SYnergy Fingerprint Terminals +CVE-2023-32227 (Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Crede ...) + NOT-FOR-US: Synel SYnergy Fingerprint Terminals +CVE-2023-32226 (Sysaid - CWE-552: Files or Directories Accessible to External Parties ...) + NOT-FOR-US: SysAid +CVE-2023-32225 (Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - A ...) + NOT-FOR-US: SysAid +CVE-2023-4012 (ntpd will crash if the server is not NTS-enabled (no certificate) and ...) + {DSA-5466-1} + - ntpsec 1.2.2+dfsg1-2 (bug #1038422) + [bullseye] - ntpsec (Vulnerable code introduced later) + [buster] - ntpsec (Vulnerable code introduced later) + NOTE: https://gitlab.com/NTPsec/ntpsec/-/issues/794 + NOTE: https://blog.ntpsec.org/2023/08/03/version-1.2.2a.html +CVE-2023-38988 (An issue in the delete function in the OaNotifyController class of jee ...) + NOT-FOR-US: jeesite +CVE-2023-3598 (Out of bounds read and write in ANGLE in Google Chrome prior to 114.0. ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3488 (Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and ear ...) + NOT-FOR-US: GBL parser in Silicon Labs GSDK +CVE-2023-39190 + REJECTED +CVE-2023-39023 (university compass v2.2.0 and below was discovered to contain a code i ...) + NOT-FOR-US: university compass +CVE-2023-39022 (oscore v2.2.6 and below was discovered to contain a code injection vul ...) + NOT-FOR-US: oscore +CVE-2023-39021 (wix-embedded-mysql v4.6.1 and below was discovered to contain a code i ...) + NOT-FOR-US: wix-embedded-mysql +CVE-2023-39020 (stanford-parser v3.9.2 and below was discovered to contain a code inje ...) + NOT-FOR-US: stanford-parser +CVE-2023-39018 (FFmpeg 0.7.0 and below was discovered to contain a code injection vuln ...) + NOT-FOR-US: ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) +CVE-2023-39017 (quartz-jobs 2.3.2 and below was discovered to contain a code injection ...) + NOTE: Disputed Quartz issue + NOTE: https://github.com/quartz-scheduler/quartz/issues/943 +CVE-2023-39016 (bboss-persistent v6.0.9 and below was discovered to contain a code inj ...) + NOT-FOR-US: bboss-persistent +CVE-2023-39015 (webmagic-extension v0.9.0 and below was discovered to contain a code i ...) + NOT-FOR-US: webmagic-extension +CVE-2023-39013 (Duke v1.2 and below was discovered to contain a code injection vulnera ...) + NOT-FOR-US: Duke +CVE-2023-39010 (BoofCV 0.42 was discovered to contain a code injection vulnerability v ...) + NOT-FOR-US: BoofCV +CVE-2023-38992 (jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: jeecg-boot +CVE-2023-38685 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-38684 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-38498 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-37906 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-37904 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-37754 (PowerJob v4.3.3 was discovered to contain a remote command execution ( ...) + NOT-FOR-US: PowerJob +CVE-2023-37467 (Discourse is an open source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-31937 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-31936 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-31935 (Cross Site Scripting vulnerability found in Rail Pass Management Syste ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-31934 (Cross Site Scripting vulnerability found in Rail Pass Management Syste ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-31933 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-31932 (Sql injection vulnerability found in Rail Pass Management System v.1.0 ...) + NOT-FOR-US: Rail Pass Management System +CVE-2023-2685 (A vulnerability was found in AO-OPC server versions mentioned above. A ...) + NOT-FOR-US: ABB AO-OPC +CVE-2023-3990 (A vulnerability classified as problematic has been found in Mingsoft M ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2023-3989 (A vulnerability was found in SourceCodester Jewelry Store System 1.0. ...) + NOT-FOR-US: SourceCodester Jewelry Store System +CVE-2023-3988 (A vulnerability was found in Cafe Billing System 1.0. It has been decl ...) + NOT-FOR-US: Cafe Billing System +CVE-2023-3987 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...) + NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System +CVE-2023-3986 (A vulnerability was found in SourceCodester Simple Online Mens Salon M ...) + NOT-FOR-US: SourceCodester Simple Online Mens Salon Management System +CVE-2023-3985 (A vulnerability has been found in SourceCodester Online Jewelry Store ...) + NOT-FOR-US: SourceCodester Online Jewelry Store +CVE-2023-3984 (A vulnerability, which was classified as critical, was found in phpscr ...) + NOT-FOR-US: phpscriptpoint +CVE-2023-3977 (Several plugins for WordPress by Inisev are vulnerable to Cross-Site R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3774 (An unhandled error in Vault Enterprise's namespace creation may cause ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-3670 (In CODESYS Development System 3.5.9.0 to3.5.17.0 andCODESYS Scripting4 ...) + NOT-FOR-US: CODESYS +CVE-2023-38609 (An injection issue was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2023-38604 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2023-38601 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-38599 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38598 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-38592 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38590 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-38571 (This issue was addressed with improved validation of symlinks. This is ...) + NOT-FOR-US: Apple +CVE-2023-38331 (Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-37285 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2023-36495 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2023-34425 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-33745 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper P ...) + NOT-FOR-US: TeleAdapt RoomCast TA-2400 +CVE-2023-33744 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard- ...) + NOT-FOR-US: TeleAdapt RoomCast TA-2400 +CVE-2023-33743 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper A ...) + NOT-FOR-US: TeleAdapt RoomCast TA-2400 +CVE-2023-33742 (TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Stor ...) + NOT-FOR-US: TeleAdapt RoomCast TA-2400 +CVE-2023-32654 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32445 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-32444 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-32427 (This issue was addressed by using HTTPS when sending information over ...) + NOT-FOR-US: Apple +CVE-2023-37369 (In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before ...) + {DLA-3539-1} + - qt6-base + [bookworm] - qt6-base (Minor issue) + - qtbase-opensource-src-gles + [bookworm] - qtbase-opensource-src-gles (Minor issue) + [bullseye] - qtbase-opensource-src-gles (Minor issue) + - qtbase-opensource-src 5.15.10+dfsg-3 + [bookworm] - qtbase-opensource-src (Minor issue) + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qt4-x11 + NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/455027 +CVE-2023-3982 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) + NOT-FOR-US: omeka-s +CVE-2023-3981 (Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s ...) + NOT-FOR-US: omeka-s +CVE-2023-3980 (Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s ...) + NOT-FOR-US: omeka-s +CVE-2023-3975 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.5. ...) + NOT-FOR-US: jgraph/drawio +CVE-2023-3974 (OS Command Injection in GitHub repository jgraph/drawio prior to 21.4. ...) + NOT-FOR-US: jgraph/drawio +CVE-2023-3973 (Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/dra ...) + NOT-FOR-US: jgraph/drawio +CVE-2023-3970 (A vulnerability, which was classified as problematic, was found in GZ ...) + NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP +CVE-2023-3969 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: GZ Scripts Availability Booking Calendar PHP +CVE-2023-38512 (Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream \ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38510 (Tolgee is an open-source localization platform. Starting in version 3. ...) + NOT-FOR-US: Tolgee +CVE-2023-38509 (XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki ...) + NOT-FOR-US: XWiki +CVE-2023-38505 (DietPi-Dashboard is a web dashboard for the operating system DietPi. T ...) + NOT-FOR-US: DietPi-Dashboard +CVE-2023-38504 (Sails is a realtime MVC Framework for Node.js. In Sails apps prior to ...) + NOT-FOR-US: sails.js +CVE-2023-38495 (Crossplane is a framework for building cloud native control planes wit ...) + NOT-FOR-US: Crossplane +CVE-2023-38492 (Kirby is a content management system. A vulnerability in versions prio ...) + NOT-FOR-US: Kirby CMS +CVE-2023-38491 (Kirby is a content management system. A vulnerability in versions prio ...) + NOT-FOR-US: Kirby CMS +CVE-2023-38490 (Kirby is a content management system. A vulnerability in versions prio ...) + NOT-FOR-US: Kirby CMS +CVE-2023-38489 (Kirby is a content management system. A vulnerability in versions prio ...) + NOT-FOR-US: Kirby CMS +CVE-2023-38488 (Kirby is a content management system. A vulnerability in versions prio ...) + NOT-FOR-US: Kirby CMS +CVE-2023-37993 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37981 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37979 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37977 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37976 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37975 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37970 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37900 (Crossplane is a framework for building cloud native control planes wit ...) + NOT-FOR-US: Crossplane +CVE-2023-37894 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTh ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-36942 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...) + NOT-FOR-US: PHPGurukul Online Fire Reporting System +CVE-2023-36941 (A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire R ...) + NOT-FOR-US: PHPGurukul Online Fire Reporting System +CVE-2023-3957 (The ACF Photo Gallery Field plugin for WordPress is vulnerable to unau ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3956 (The InstaWP Connect plugin for WordPress is vulnerable to unauthorized ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3451 + REJECTED +CVE-2023-38611 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38608 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-38606 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-38603 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-38602 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2023-38600 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38597 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38595 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38594 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38593 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-38580 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38572 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-38565 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2023-38564 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-38425 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38424 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38421 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-38410 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-38285 (Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Co ...) + - modsecurity 3.0.10-1 (bug #1042475) + [bookworm] - modsecurity 3.0.9-1+deb12u1 + [bullseye] - modsecurity (Minor issue) + [buster] - modsecurity (Minor issue) + NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/ +CVE-2023-38261 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38259 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-38258 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-38136 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-38133 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5468-1} + - webkit2gtk 2.40.5-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.5-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0007.html +CVE-2023-37732 (Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/233 + NOTE: https://github.com/yasm/yasm/commit/2cd3bb50e256f5ed5f611ac611d25fe673f2cec3 + NOTE: Crash in CLI tool, no security impact +CVE-2023-37692 (An arbitrary file upload vulnerability in October CMS v3.4.4 allows at ...) + NOT-FOR-US: October CMS +CVE-2023-36862 (A downgrade issue affecting Intel-based Mac computers was addressed wi ...) + NOT-FOR-US: Apple +CVE-2023-36854 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-35993 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-35983 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-32734 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-32450 (Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access C ...) + NOT-FOR-US: Dell +CVE-2023-32443 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32442 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2023-32441 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-32437 (The issue was addressed with improvements to the file handling protoco ...) + NOT-FOR-US: Apple +CVE-2023-32433 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-32429 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-32418 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-32416 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-32381 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-32364 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-3622 (Access Control Bypass Vulnerability in the SolarWinds Platform that al ...) + NOT-FOR-US: SolarWinds +CVE-2023-3242 (Allocation of Resources Without Limits or Throttling, Improper Initial ...) + NOT-FOR-US: B&R Industrial Automation +CVE-2023-39261 (In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesti ...) + - intellij-idea (bug #747616) +CVE-2023-38673 (PaddlePaddle before 2.5.0 has a command injection in fs.py. This resul ...) + NOT-FOR-US: PaddlePaddle +CVE-2023-38672 (FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause ...) + NOT-FOR-US: PaddlePaddle +CVE-2023-38671 (Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. Thi ...) + NOT-FOR-US: PaddlePaddle +CVE-2023-38670 (Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. ...) + NOT-FOR-US: PaddlePaddle +CVE-2023-38669 (Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This r ...) + NOT-FOR-US: PaddlePaddle +CVE-2023-37624 (Netdisco before v2.063000 was discovered to contain an open redirect v ...) + NOT-FOR-US: Netdisco +CVE-2023-37623 (Netdisco before v2.063000 was discovered to contain a cross-site scrip ...) + NOT-FOR-US: Netdisco +CVE-2023-37049 (emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\templat ...) + NOT-FOR-US: emlog +CVE-2023-33802 (A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to caus ...) + NOT-FOR-US: SumatraPDF Reader +CVE-2023-33308 (A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS ver ...) + NOT-FOR-US: FortiGuard +CVE-2023-33229 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...) + NOT-FOR-US: SolarWinds +CVE-2023-33225 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + NOT-FOR-US: SolarWinds +CVE-2023-33224 (The SolarWinds Platform was susceptible to the Incorrect Behavior Orde ...) + NOT-FOR-US: SolarWinds +CVE-2023-31466 (An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Conf ...) + NOT-FOR-US: FSMLabs TimeKeeper +CVE-2023-31465 (An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. B ...) + NOT-FOR-US: FSMLabs TimeKeeper +CVE-2023-3442 (A missing authorization vulnerability exists in versions of the Jenkin ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-3414 (A cross-site request forgery vulnerability exists in versions of the J ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39156 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39155 (Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39154 (Incorrect permission checks in Jenkins Qualys Web App Scanning Connect ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39153 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Au ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39152 (Always-incorrect control flow implementation in Jenkins Gradle Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-39151 (Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize o ...) + - jenkins +CVE-2023-3947 (The Video Conferencing with Zoom plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Video Conferencing with Zoom plugin for WordPress +CVE-2023-3946 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...) + NOT-FOR-US: ePO +CVE-2023-3945 (A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been cl ...) + NOT-FOR-US: phpscriptpoint +CVE-2023-3944 (A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified ...) + NOT-FOR-US: phpscriptpoint +CVE-2023-3897 (Username enumeration is possible through Bypassing CAPTCHA in On-premi ...) + NOT-FOR-US: On-premise SureMDM Solution +CVE-2023-3890 (A vulnerability classified as problematic has been found in Campcodes ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3548 (An unauthorized user could gain account access to IQ Wifi 6 versions p ...) + NOT-FOR-US: IQ Wifi +CVE-2023-3486 (An authentication bypass exists in PaperCut NG versions 22.0.12 and pr ...) + NOT-FOR-US: PaperCut NG +CVE-2023-39175 (In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integr ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-39174 (In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-39173 (In JetBrains TeamCity before 2023.05.2 a token with limited permission ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-39130 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap bu ...) + - gdb (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30641 + NOTE: Crash in CLI tool, no security impact +CVE-2023-39129 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap us ...) + - gdb (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30640 + NOTE: Crash in CLI tool, no security impact +CVE-2023-39128 (GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack o ...) + - gdb (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30639 + NOTE: Crash in CLI tool, no security impact +CVE-2023-38555 (Authentication bypass vulnerability in Fujitsu network devices Si-R se ...) + NOT-FOR-US: Fujitsu network devices +CVE-2023-38503 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-38502 (TDengine is an open source, time-series database optimized for Interne ...) + - tdengine (bug #992514) +CVE-2023-38501 (copyparty is file server software. Prior to version 1.8.7, the applica ...) + NOT-FOR-US: copyparty +CVE-2023-38500 (TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to p ...) + NOT-FOR-US: TYPO3 HTML Sanitizer +CVE-2023-38499 (TYPO3 is an open source PHP based web content management system. Start ...) + NOT-FOR-US: Typo3 +CVE-2023-38496 (Apptainer is an open source container platform. Version 1.2.0-rc.2 int ...) + NOT-FOR-US: Apptainer + NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-mmx5-32m4-wxvx + NOTE: Specific to Apptainer and not in singularity-container +CVE-2023-38493 (Armeria is a microservice framework Spring supports Matrix variables. ...) + NOT-FOR-US: Armeria +CVE-2023-38435 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Apache Felix Healthcheck Webconsole Plugin +CVE-2023-38433 (Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded c ...) + NOT-FOR-US: Fujitsu +CVE-2023-37920 (Certifi is a curated collection of Root Certificates for validating th ...) + - python-certifi (unimportant) + NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7 + NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates +CVE-2023-37919 (Cal.com is open-source scheduling software. A vulnerability allows act ...) + NOT-FOR-US: Cal.com +CVE-2023-37907 (Cryptomator is data encryption software for users who store their file ...) + NOT-FOR-US: Cryptomator +CVE-2023-37902 (Vyper is a Pythonic programming language that targets the Ethereum Vir ...) + NOT-FOR-US: Vyper +CVE-2023-37677 (Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a re ...) + NOT-FOR-US: Pligg CMS +CVE-2023-37460 (Plexis Archiver is a collection of Plexus components to create archive ...) + NOT-FOR-US: Plexis Archiver +CVE-2023-37258 (DataEase is an open source data visualization analysis tool. Prior to ...) + NOT-FOR-US: DataEase +CVE-2023-37257 (DataEase is an open source data visualization analysis tool. Prior to ...) + NOT-FOR-US: DataEase +CVE-2023-36826 (Sentry is an error tracking and performance monitoring platform. Start ...) + NOT-FOR-US: Sentry +CVE-2023-36806 (Contao is an open source content management system. Starting in versio ...) + NOT-FOR-US: Contao CMS +CVE-2023-36503 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36502 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36501 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo Po ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35982 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2023-35981 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2023-35980 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2023-35944 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-35943 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-35942 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-35941 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-35929 (Tuleap is a free and open source suite to improve management of softwa ...) + NOT-FOR-US: Tuleap +CVE-2023-35043 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34798 (An arbitrary file upload vulnerability in eoffice before v9.5 allows a ...) + NOT-FOR-US: eoffice +CVE-2023-34369 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gran ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34235 (Strapi is an open-source headless content management system. Prior to ...) + NOT-FOR-US: Strapi +CVE-2023-34093 (Strapi is an open-source headless content management system. Prior to ...) + NOT-FOR-US: Strapi +CVE-2023-34017 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33925 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginFo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32629 (Local privilege escalation vulnerability in Ubuntu Kernels overlayfs o ...) + - linux (Ubuntu-specific issue) +CVE-2023-32468 (Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of ...) + NOT-FOR-US: Dell +CVE-2023-2850 (NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability d ...) + NOT-FOR-US: NodeBB +CVE-2023-2640 (On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overl ...) + - linux (Ubuntu-specific issue) +CVE-2023-2626 (There exists an authentication bypass vulnerability in OpenThread bord ...) + NOT-FOR-US: OpenThread +CVE-2023-3773 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...) + {DSA-5492-1 DLA-3623-1} + - linux 6.4.13-1 + [bullseye] - linux 5.10.197-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/all/20230723074110.3705047-1-linma@zju.edu.cn/T/#u +CVE-2023-3772 (A flaw was found in the Linux kernel\u2019s IP framework for transform ...) + {DSA-5492-1 DLA-3623-1} + - linux 6.4.13-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://lore.kernel.org/netdev/20230721145103.2714073-1-linma@zju.edu.cn/ + NOTE: https://www.openwall.com/lists/oss-security/2023/08/10/1 +CVE-2023-37895 (Java object deserialization issue in Jackrabbit webapp/standalone on a ...) + - jackrabbit 2.20.11-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/25/8 + NOTE: standalone and webapp modules are not enabled in Debian packages +CVE-2023-3888 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3887 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3886 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3885 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3884 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3883 (A vulnerability, which was classified as problematic, was found in Cam ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3882 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3881 (A vulnerability classified as critical was found in Campcodes Beauty S ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3880 (A vulnerability classified as critical has been found in Campcodes Bea ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3879 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3878 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3877 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3876 (A vulnerability was found in Campcodes Beauty Salon Management System ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3875 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3874 (A vulnerability, which was classified as critical, was found in Campco ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3873 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3872 (A vulnerability classified as critical was found in Campcodes Beauty S ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3871 (A vulnerability classified as critical has been found in Campcodes Bea ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Biltay Technology Scienta +CVE-2023-38745 (Pandoc before 3.1.6 allows arbitrary file write: this can be triggered ...) + - pandoc (Incomplete fixes for CVE-2023-35936 not applied) + NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) +CVE-2023-37361 (REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via schedu ...) + NOT-FOR-US: REDCap +CVE-2023-35088 (Improper Neutralization of Special Elements Used in an SQL Command ('S ...) + NOT-FOR-US: Apache InLong +CVE-2023-35078 (An authentication bypass vulnerability in Ivanti EPMM allows unauthori ...) + NOT-FOR-US: Ivanti +CVE-2023-35067 (Plaintext Storage of a Password vulnerability in Infodrom Software E-I ...) + NOT-FOR-US: Infodrom +CVE-2023-35066 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Infodrom +CVE-2023-34434 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-34189 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) + NOT-FOR-US: Apache InLong +CVE-2023-33777 (An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.2 ...) + NOT-FOR-US: Prestashop +CVE-2023-32639 (Applicant Programme Ver.7.06 and earlier improperly restricts XML exte ...) + NOT-FOR-US: Applicant Programme +CVE-2023-32637 (GBrowse accepts files with any formats uploaded and places them in the ...) + - gbrowse 2.56+dfsg-1 + NOTE: Fairly silly CVE assignment, possibly fixed earlier than 2.56, simply marking that as fixed + NOTE: https://jvn.jp/en/jp/JVN35897618/ +CVE-2023-32232 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) + NOT-FOR-US: Vasion +CVE-2023-32231 (An issue was discovered in Vasion PrinterLogic Client for Windows befo ...) + NOT-FOR-US: Vasion +CVE-2023-41175 (A vulnerability was found in libtiff due to multiple potential integer ...) + {DSA-5567-1 DLA-3513-1} + - tiff 4.5.1+git230720-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/592 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235264 +CVE-2023-40745 (LibTIFF is vulnerable to an integer overflow. This flaw allows remote ...) + {DSA-5567-1 DLA-3513-1} + - tiff 4.5.1+git230720-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/591 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2235265 +CVE-2023-3870 + REJECTED +CVE-2023-3863 (A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.4-1 + NOTE: https://git.kernel.org/linus/6709d4b7bc2e079241fdef15d1160581c5261c10 (6.5-rc1) +CVE-2023-3344 (The Auto Location for WP Job Manager via Google WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3324 (A vulnerability exists by allowing low-privileged users to read and up ...) + NOT-FOR-US: ABB +CVE-2023-3323 (A vulnerability exists by allowing low-privileged users to read and up ...) + NOT-FOR-US: ABB +CVE-2023-3322 (A vulnerability exists by allowing low-privileged users to read and up ...) + NOT-FOR-US: ABB +CVE-2023-3321 (A vulnerability exists by allowing low-privileged users to read and up ...) + NOT-FOR-US: ABB +CVE-2023-3248 (The All-in-one Floating Contact Form WordPress plugin before 2.1.2 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38060 (Improper Input Validation vulnerability in the ContentType parameter f ...) + {DLA-3551-1} + - znuny 6.5.3-1 + [bookworm] - znuny (Minor issue) + - otrs2 + [bullseye] - otrs2 (Minor issue) + NOTE: https://github.com/znuny/Znuny/commit/355800e68c1560c1d098ec0953ee9940d2d1f836 (rel-6_5_3) +CVE-2023-38058 (An improper privilege check in the OTRS ticket move action in the agen ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x +CVE-2023-38057 (An improper input validation vulnerability in OTRS Survey modules allo ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-38056 (Improper Neutralization of commands allowed to be executed via OTRS Sy ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-37613 (A cross-site scripting (XSS) vulnerability in Assembly Software Trialw ...) + NOT-FOR-US: Assembly Software Trialworks +CVE-2023-2761 (The User Activity Log WordPress plugin before 1.6.3 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3862 (A vulnerability was found in Travelmate Travelable Trek Management Sol ...) + NOT-FOR-US: Travelmate Travelable Trek Management Solution +CVE-2023-3861 (A vulnerability was found in phpscriptpoint Insurance 1.2. It has been ...) + NOT-FOR-US: phpscriptpoint Insurance +CVE-2023-3860 (A vulnerability was found in phpscriptpoint Insurance 1.2. It has been ...) + NOT-FOR-US: phpscriptpoint Insurance +CVE-2023-3859 (A vulnerability was found in phpscriptpoint Car Listing 1.6 and classi ...) + NOT-FOR-US: phpscriptpoint Car Listing +CVE-2023-3858 (A vulnerability has been found in phpscriptpoint Car Listing 1.6 and c ...) + NOT-FOR-US: phpscriptpoint Car Listing +CVE-2023-3857 (A vulnerability, which was classified as problematic, was found in php ...) + NOT-FOR-US: phpscriptpoint Ecommerce +CVE-2023-3856 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: phpscriptpoint Ecommerce +CVE-2023-3855 (A vulnerability classified as problematic was found in phpscriptpoint ...) + NOT-FOR-US: phpscriptpoint JobSeeker +CVE-2023-3854 (A vulnerability classified as critical has been found in phpscriptpoin ...) + NOT-FOR-US: phpscriptpoint BloodBank +CVE-2023-3853 (A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been ...) + NOT-FOR-US: phpscriptpoint BloodBank +CVE-2023-3852 (A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has be ...) + NOT-FOR-US: OpenRapid RapidCMS +CVE-2023-3850 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-3849 (A vulnerability, which was classified as problematic, was found in moo ...) + NOT-FOR-US: mooSocial mooDating +CVE-2023-3848 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: mooDating +CVE-2023-3847 (A vulnerability classified as problematic was found in mooSocial mooDa ...) + NOT-FOR-US: mooDating +CVE-2023-3846 (A vulnerability classified as problematic has been found in mooSocial ...) + NOT-FOR-US: mooDating +CVE-2023-3845 (A vulnerability was found in mooSocial mooDating 1.2. It has been rate ...) + NOT-FOR-US: mooDating +CVE-2023-3844 (A vulnerability was found in mooSocial mooDating 1.2. It has been decl ...) + NOT-FOR-US: mooDating +CVE-2023-3843 (A vulnerability was found in mooSocial mooDating 1.2. It has been clas ...) + NOT-FOR-US: mooDating +CVE-2023-3842 (A vulnerability was found in Pointware EasyInventory 1.0.12.0 and clas ...) + NOT-FOR-US: Pointware EasyInventory +CVE-2023-3841 (A vulnerability has been found in NxFilter 4.3.2.5 and classified as p ...) + NOT-FOR-US: NxFilter +CVE-2023-3840 (A vulnerability, which was classified as problematic, was found in NxF ...) + NOT-FOR-US: NxFilter +CVE-2023-3839 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: DedeBIZ +CVE-2023-3838 (A vulnerability classified as problematic was found in DedeBIZ 6.2.10. ...) + NOT-FOR-US: DedeBIZ +CVE-2023-3837 (A vulnerability classified as problematic has been found in DedeBIZ 6. ...) + NOT-FOR-US: DedeBIZ +CVE-2023-3836 (A vulnerability classified as critical was found in Dahua Smart Park M ...) + NOT-FOR-US: Dahua Smart Park Management +CVE-2023-3835 (A vulnerability classified as problematic has been found in Bug Finder ...) + NOT-FOR-US: Bug Finder +CVE-2023-3834 (A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated ...) + NOT-FOR-US: Bug Finder +CVE-2023-3833 (A vulnerability was found in Bug Finder Montage 1.0. It has been decla ...) + NOT-FOR-US: Bug Finder +CVE-2023-3832 (A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has be ...) + NOT-FOR-US: Bug Finder +CVE-2023-3831 (A vulnerability was found in Bug Finder Finounce 1.0 and classified as ...) + NOT-FOR-US: Bug Finder +CVE-2023-3830 (A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been r ...) + NOT-FOR-US: Bug Finder +CVE-2023-3829 (A vulnerability was found in Bug Finder ICOGenie 1.0. It has been decl ...) + NOT-FOR-US: Bug Finder +CVE-2023-3828 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...) + NOT-FOR-US: Bug Finder +CVE-2023-3827 (A vulnerability was found in Bug Finder Listplace Directory Listing Pl ...) + NOT-FOR-US: Bug Finder +CVE-2023-38633 (A directory traversal problem in the URL decoder of librsvg before 2.5 ...) + {DSA-5484-1} + - librsvg 2.54.7+dfsg-1 (bug #1041810) + [buster] - librsvg (The vulnerable code was introduced later) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1213502 + NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996 + NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/15293f1243e1dd4756ffc1d13d5a8ea49167174f (2.54.6) + NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/d1f066bf2198bd46c5ba80cb5123b768ec16e37d (2.50.8) + NOTE: https://gitlab.gnome.org/GNOME/librsvg/-/commit/22bcb919c8b39133370c7fc0eb27176fb09aa4fb (2.46.6) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/27/1 + NOTE: https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/ +CVE-2023-38195 (Datalust Seq before 2023.2.9489 allows insertion of sensitive informat ...) + NOT-FOR-US: Datalust Seq +CVE-2023-3826 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) + NOT-FOR-US: IBOS OA +CVE-2023-3776 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.4-2 + NOTE: https://git.kernel.org/linus/0323bce598eea038714f941ce2b22541c46d488f (6.5-rc2) +CVE-2023-3611 (An out-of-bounds write vulnerability in the Linux kernel's net/sched: ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.4-2 + NOTE: https://git.kernel.org/linus/3e337087c3b5805fe0b8a46ba622a962880b5d64 (6.5-rc2) +CVE-2023-3610 (A use-after-free vulnerability in the Linux kernel's netfilter: nf_tab ...) + {DSA-5461-1 DLA-3512-1} + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4bedf9eee016286c835e3d8fa981ddece5338795 (6.4) +CVE-2023-3609 (A use-after-free vulnerability in the Linux kernel's net/sched: cls_u3 ...) + {DSA-5480-1 DLA-3623-1} + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + NOTE: https://git.kernel.org/linus/04c55383fa5689357bcdd2c8036725a55ed632bc (6.4-rc7) +CVE-2023-37918 (Dapr is a portable, event-driven, runtime for building distributed app ...) + NOT-FOR-US: Dapr +CVE-2023-37917 (KubePi is an opensource kubernetes management panel. A normal user has ...) + NOT-FOR-US: KubePi +CVE-2023-37916 (KubePi is an opensource kubernetes management panel. The endpoint /kub ...) + NOT-FOR-US: KubePi +CVE-2023-35077 (An out-of-bounds write vulnerability on windows operating systems caus ...) + NOT-FOR-US: Ivanti +CVE-2023-3822 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-3821 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-3820 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.) + NOT-FOR-US: pimcore +CVE-2023-3819 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: pimcore +CVE-2023-3102 (A sensitive information leak issue has been discovered in GitLab EE af ...) + - gitlab (Specific to EE) +CVE-2023-38647 (An attacker can use SnakeYAML to deserialize java.net.URLClassLoader a ...) + NOT-FOR-US: Apache Helix +CVE-2023-38646 (Metabase open source before 0.46.6.1 and Metabase Enterprise before 1. ...) + NOT-FOR-US: Metabase +CVE-2023-38187 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-38173 (Microsoft Edge for Android Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-37915 (OpenDDS is an open source C++ implementation of the Object Management ...) + NOT-FOR-US: OpenDDS +CVE-2023-37905 (ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEdi ...) + NOT-FOR-US: ckeditor plugin +CVE-2023-37903 (vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up t ...) + NOT-FOR-US: Node vm2 +CVE-2023-37901 (Indico is an open source a general-purpose, web based event management ...) + NOT-FOR-US: CERN Indico +CVE-2023-37742 (WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected c ...) + NOT-FOR-US: WebBoss.io CMS +CVE-2023-36339 (An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to ...) + NOT-FOR-US: WebBoss.io CMS +CVE-2023-35392 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-3815 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: y_project RuoYi +CVE-2023-3813 (The Jupiter X Core plugin for WordPress is vulnerable to arbitrary fil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3811 (A vulnerability was found in Hospital Management System 1.0. It has be ...) + NOT-FOR-US: Hospital Management System +CVE-2023-3810 (A vulnerability was found in Hospital Management System 1.0. It has be ...) + NOT-FOR-US: Hospital Management System +CVE-2023-3809 (A vulnerability was found in Hospital Management System 1.0. It has be ...) + NOT-FOR-US: Hospital Management System +CVE-2023-3808 (A vulnerability was found in Hospital Management System 1.0 and classi ...) + NOT-FOR-US: Hospital Management System +CVE-2023-3807 (A vulnerability has been found in Campcodes Beauty Salon Management Sy ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3806 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester +CVE-2023-3805 (A vulnerability, which was classified as critical, has been found in X ...) + NOT-FOR-US: Xiamen Four Letter Video Surveillance Management System +CVE-2023-3804 (A vulnerability classified as problematic was found in Chengdu Flash F ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitor +CVE-2023-3803 (A vulnerability classified as problematic has been found in Chengdu Fl ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitor +CVE-2023-3802 (A vulnerability was found in Chengdu Flash Flood Disaster Monitoring a ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitor +CVE-2023-3801 (A vulnerability was found in IBOS OA 4.5.5. It has been declared as cr ...) + NOT-FOR-US: IBOS OS +CVE-2023-3800 (A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classifie ...) + NOT-FOR-US: EasyAdmin8 +CVE-2023-3799 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) + NOT-FOR-US: IBOS OS +CVE-2023-3798 (A vulnerability has been found in Chengdu Flash Flood Disaster Monitor ...) + NOT-FOR-US: Chengdu Flash Flood Disaster Monitor +CVE-2023-3797 (A vulnerability, which was classified as critical, was found in Gen Te ...) + NOT-FOR-US: Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early WArning System +CVE-2023-3796 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Bug Finder Foody Friend +CVE-2023-3795 (A vulnerability classified as critical was found in Bug Finder ChainCi ...) + NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform +CVE-2023-38632 (async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in t ...) + NOT-FOR-US: async-sockets-cpp +CVE-2023-37645 (eyoucms v1.6.3 was discovered to contain an information disclosure vul ...) + NOT-FOR-US: eyoucms +CVE-2023-37292 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: HGiga +CVE-2023-37291 (Galaxy Software Services Vitals ESP is vulnerable to using a hard-code ...) + NOT-FOR-US: Galaxy Software Services Vitals ESP +CVE-2023-35087 (It is identified a format string vulnerability in ASUS RT-AX56U V2 & R ...) + NOT-FOR-US: ASUS +CVE-2023-35086 (It is identified a format string vulnerability in ASUS RT-AX56U V2 & R ...) + NOT-FOR-US: ASUS +CVE-2023-32625 (Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAK ...) + NOT-FOR-US: SAKURA +CVE-2023-32624 (Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and ...) + NOT-FOR-US: SAKURA +CVE-2023-32478 (Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sens ...) + NOT-FOR-US: Dell +CVE-2023-3812 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...) + - linux 6.0.8-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux 4.19.269-1 + NOTE: https://git.kernel.org/linus/363a5328f4b0517e59572118ccfb7c626d81dca9 (6.1-rc4) +CVE-2023-3794 (A vulnerability classified as problematic has been found in Bug Finder ...) + NOT-FOR-US: Bug Finder ChainCity Real Estate Investment Platform +CVE-2023-3793 (A vulnerability was found in Weaver e-cology. It has been rated as cri ...) + NOT-FOR-US: Weaver e-cology +CVE-2023-3792 (A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been cl ...) + NOT-FOR-US: Beijing Netcon NS-ASG +CVE-2023-3791 (A vulnerability was found in IBOS OA 4.5.5 and classified as critical. ...) + NOT-FOR-US: IBOS OA +CVE-2023-3790 (A vulnerability has been found in Boom CMS 8.0.7 and classified as pro ...) + NOT-FOR-US: Boom CMS +CVE-2023-3789 (A vulnerability, which was classified as problematic, was found in Pau ...) + NOT-FOR-US: PaulPrinting CMS +CVE-2023-3788 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: ActiveITzone Active Super Shop CMS +CVE-2023-3787 (A vulnerability classified as problematic was found in Codecanyon Tiva ...) + NOT-FOR-US: Codecanyon Tiva Events Calender +CVE-2023-3786 (A vulnerability classified as problematic has been found in Aures Kome ...) + NOT-FOR-US: Aures Komet +CVE-2023-3785 (A vulnerability was found in PaulPrinting CMS 2018. It has been rated ...) + NOT-FOR-US: PaulPrinting CMS +CVE-2023-38617 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...) + NOT-FOR-US: Office Suite Premium +CVE-2023-38523 (The web interface on multiple Samsung Harman AMX N-Series devices allo ...) + NOT-FOR-US: Samsung +CVE-2023-38335 (Omnis Studio 10.22.00 has incorrect access control. It advertises a fe ...) + NOT-FOR-US: Omnis Studio +CVE-2023-38334 (Omnis Studio 10.22.00 has incorrect access control. It advertises an i ...) + NOT-FOR-US: Omnis Studio +CVE-2023-38203 (Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-37728 (IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) v ...) + NOT-FOR-US: Icewarp Icearp +CVE-2023-37650 (A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-37649 (Incorrect access control in the component /models/Content of Cockpit C ...) + NOT-FOR-US: Cockpit CMS +CVE-2023-37602 (An arbitrary file upload vulnerability in the component /workplace#!ex ...) + NOT-FOR-US: Alkacon OpenCMS +CVE-2023-37601 (Office Suite Premium v10.9.1.42602 was discovered to contain a local f ...) + NOT-FOR-US: Office Suite Premium +CVE-2023-37600 (Office Suite Premium Version v10.9.1.42602 was discovered to contain a ...) + NOT-FOR-US: Office Suite Premium +CVE-2023-37471 (Open Access Management (OpenAM) is an access management solution that ...) + NOT-FOR-US: Open Access Management (OpenAM) +CVE-2023-37290 (InfoDoc Document On-line Submission and Approval System lacks sufficie ...) + NOT-FOR-US: InfoDoc Document On-line Submission and Approval System +CVE-2023-37165 (Millhouse-Project v1.414 was discovered to contain a remote code execu ...) + NOT-FOR-US: Millhouse-Project +CVE-2023-37164 (Diafan CMS v6.0 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: Diafan CMS +CVE-2023-34625 (ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication B ...) + NOT-FOR-US: ShowMojo MojoBox Digital Lockbox +CVE-2023-32483 (Wyse Management Suite versions prior to 4.0 contain a sensitive inform ...) + NOT-FOR-US: Wyse Management Suite +CVE-2023-32482 (Wyse Management Suite versions prior to 4.0 contain an improper author ...) + NOT-FOR-US: Wyse Management Suite +CVE-2023-32481 (Wyse Management Suite versions prior to 4.0 contain a denial-of-servic ...) + NOT-FOR-US: Wyse Management Suite +CVE-2023-32476 (Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vuln ...) + NOT-FOR-US: Dell +CVE-2023-32455 (Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive ...) + NOT-FOR-US: Dell +CVE-2023-32447 (Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive ...) + NOT-FOR-US: Dell +CVE-2023-32446 (Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive ...) + NOT-FOR-US: Dell +CVE-2023-32265 (A potential security vulnerability has been identified in the Enterpri ...) + NOT-FOR-US: Micro Focus +CVE-2023-31753 (SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an ...) + NOT-FOR-US: eNdonesia +CVE-2023-31462 (An issue was discovered in SteelSeries GG 36.0.0. An attacker can chan ...) + NOT-FOR-US: SteelSeries +CVE-2023-31461 (Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to ...) + NOT-FOR-US: SteelSeries +CVE-2023-37450 (The issue was addressed with improved checks. This issue is fixed in i ...) + {DSA-5457-1} + - webkit2gtk 2.40.4-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.4-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0006.html + NOTE: https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07 +CVE-2023-38200 (A flaw was found in Keylime. Due to their blocking nature, the Keylime ...) + NOT-FOR-US: Keylime +CVE-2023-3784 (A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has ...) + NOT-FOR-US: Dooblou WiFi File Explorer +CVE-2023-3783 (A vulnerability was found in Webile 1.0.1. It has been classified as p ...) + NOT-FOR-US: Webile +CVE-2023-3782 (DoS of the OkHttp client when using a BrotliInterceptor and surfing to ...) + NOT-FOR-US: BrotliInterceptor +CVE-2023-3779 (The Essential Addons For Elementor plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3300 (HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP ...) + - nomad + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 +CVE-2023-3299 (HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies ...) + - nomad (Specific to Nomad Enterprise) +CVE-2023-3072 (HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL ...) + - nomad + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270 +CVE-2023-37362 (Weintek Weincloud v0.13.6 could allow an attacker to abuse the reg ...) + NOT-FOR-US: Weincloud +CVE-2023-37289 (It is identified a vulnerability of Unrestricted Upload of File with D ...) + NOT-FOR-US: InfoDoc +CVE-2023-36853 (In Keysight Geolocation Server v2.4.2 and prior, a low privileged atta ...) + NOT-FOR-US: Keysight Geolocation Server +CVE-2023-35134 (Weintek Weincloud v0.13.6 could allow an attacker to reset a passwor ...) + NOT-FOR-US: Weincloud +CVE-2023-34478 (Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a ...) + - shiro (bug #1051228) + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/4 +CVE-2023-34429 (Weintek Weincloud v0.13.6 could allow an attacker to cause a denia ...) + NOT-FOR-US: Weincloud +CVE-2023-34394 (In Keysight Geolocation Server v2.4.2 and prior, an attacker could upl ...) + NOT-FOR-US: Keysight Geolocation Server +CVE-2023-32657 (Weintek Weincloud v0.13.6 could allow an attacker to efficiently d ...) + NOT-FOR-US: Weincloud +CVE-2023-38408 (The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insuff ...) + {DLA-3532-1} + - openssh 1:9.3p2-1 (bug #1042460) + [bookworm] - openssh 1:9.2p1-2+deb12u1 + [bullseye] - openssh 1:8.4p1-5+deb11u2 + NOTE: https://www.openwall.com/lists/oss-security/2023/07/19/9 + NOTE: https://github.com/openssh/openssh-portable/commit/892506b13654301f69f9545f48213fc210e5c5cc + NOTE: https://github.com/openssh/openssh-portable/commit/1f2731f5d7a8f8a8385c6031667ed29072c0d92a + NOTE: https://github.com/openssh/openssh-portable/commit/29ef8a04866ca14688d5b7fed7b8b9deab851f77 + NOTE: https://github.com/openssh/openssh-portable/commit/099cdf59ce1e72f55d421c8445bf6321b3004755 + NOTE: Exploitation requires the presence of specific libraries on the victim system. + NOTE: Remote exploitation requires that the agent was forwarded to an attacker-controlled + NOTE: system. +CVE-2023-3765 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) + NOT-FOR-US: mlflow +CVE-2023-3763 (A vulnerability was found in Intergard SGS 8.7.0. It has been declared ...) + NOT-FOR-US: Intergard SGS +CVE-2023-3762 (A vulnerability was found in Intergard SGS 8.7.0. It has been classifi ...) + NOT-FOR-US: Intergard SGS +CVE-2023-3761 (A vulnerability was found in Intergard SGS 8.7.0 and classified as pro ...) + NOT-FOR-US: Intergard SGS +CVE-2023-3760 (A vulnerability has been found in Intergard SGS 8.7.0 and classified a ...) + NOT-FOR-US: Intergard SGS +CVE-2023-3759 (A vulnerability, which was classified as critical, was found in Interg ...) + NOT-FOR-US: Intergard SGS +CVE-2023-3757 (A vulnerability classified as problematic has been found in GZ Scripts ...) + NOT-FOR-US: GZ Script Car Rental Script +CVE-2023-3756 (A vulnerability was found in Creativeitem Atlas Business Directory Lis ...) + NOT-FOR-US: Creativeitem Atlas Business Directory Listing +CVE-2023-3755 (A vulnerability has been found in Creativeitem Atlas Business Director ...) + NOT-FOR-US: Creativeitem Atlas Business Directory Listing +CVE-2023-3754 (A vulnerability, which was classified as problematic, was found in Cre ...) + NOT-FOR-US: Creativeitem Ekushey Project Manager CRM +CVE-2023-3753 (A vulnerability classified as problematic has been found in Creativeit ...) + NOT-FOR-US: Creativeitem Mastery LMS +CVE-2023-3752 (A vulnerability was found in Creativeitem Academy LMS 5.15. It has bee ...) + NOT-FOR-US: Creativeitem Academy LMS +CVE-2023-3751 (A vulnerability was found in Super Store Finder 3.6. It has been decla ...) + NOT-FOR-US: Super Store Finder +CVE-2023-3722 (An OS command injection vulnerability was found in the Avaya Aura Devi ...) + NOT-FOR-US: Avaya +CVE-2023-3638 (In GeoVision GV-ADR2701 cameras, an attacker could edit the login resp ...) + NOT-FOR-US: GeoVision +CVE-2023-3527 (A CSV injection vulnerability was found in theAvaya Call Management Sy ...) + NOT-FOR-US: Avaya +CVE-2023-3519 (Unauthenticated remote code execution) + NOT-FOR-US: Citrix +CVE-2023-3467 (Privilege Escalation to root administrator (nsroot)) + NOT-FOR-US: Citrix +CVE-2023-3466 (Reflected Cross-Site Scripting (XSS)) + NOT-FOR-US: Citrix +CVE-2023-3463 (All versions of GE Digital CIMPLICITY that are not adhering to SDG gui ...) + NOT-FOR-US: GE Digital CIMPLICITY +CVE-2023-37899 (Feathersjs is a framework for creating web APIs and real-time applicat ...) + NOT-FOR-US: Feathersjs +CVE-2023-37897 (Grav is a file-based Web-platform built in PHP. Grav is subject to a s ...) + NOT-FOR-US: Grav CMS +CVE-2023-37748 (ngiflib commit 5e7292 was discovered to contain an infinite loop via t ...) + NOT-FOR-US: ngiflib +CVE-2023-37733 (An arbitrary file upload vulnerability in tduck-platform v4.0 allows a ...) + NOT-FOR-US: Grav CMStduck-platform +CVE-2023-37276 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...) + - python-aiohttp 3.8.5-1 + [bookworm] - python-aiohttp (Minor issue) + [bullseye] - python-aiohttp (Minor issue) + [buster] - python-aiohttp (doesn't use llhttp, PoC is rejected with Bad Request) + NOTE: https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w + NOTE: https://github.com/aio-libs/aiohttp/commit/9337fb3f2ab2b5f38d7e98a194bde6f7e3d16c40 (v3.8.5) + NOTE: https://hackerone.com/reports/2001873 + NOTE: http-parser->llhttp switch: https://github.com/aio-libs/aiohttp/commit/485a5fc49050f8f8bf0d7eec8a85b4d9b450386c (v3.8.0a4) +CVE-2023-35900 (IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 a ...) + NOT-FOR-US: IBM +CVE-2023-35898 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2023-34034 (Using "**" as a pattern in Spring Security configuration for WebFlux ...) + - libspring-security-2.0-java +CVE-2023-33876 (A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.1 ...) + NOT-FOR-US: Foxit Reader +CVE-2023-33866 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit Reader +CVE-2023-33832 (IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user ...) + NOT-FOR-US: IBM +CVE-2023-32664 (A type confusion vulnerability exists in the Javascript checkThisBox m ...) + NOT-FOR-US: Foxit Reader +CVE-2023-32635 (XBRL data create application version 7.0 and earlier improperly restri ...) + NOT-FOR-US: XBRL data create application +CVE-2023-32263 (A potential vulnerability has been identified in the Micro Focus Dimen ...) + NOT-FOR-US: Micro Focus Dimensions CM Plugin for Jenkins +CVE-2023-27379 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2023-3347 (A vulnerability was found in Samba's SMB2 packet signing mechanism. Th ...) + {DSA-5477-1} + - samba 2:4.18.5+dfsg-1 + [bullseye] - samba (Vulnerable code not present) + [buster] - samba (Vulnerable code not present) + NOTE: https://www.samba.org/samba/security/CVE-2023-3347.html +CVE-2023-34968 (A path disclosure vulnerability was found in Samba. As part of the Spo ...) + {DSA-5477-1} + - samba 2:4.18.5+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-34968.html +CVE-2023-42464 (A Type Confusion vulnerability was found in the Spotlight RPC function ...) + {DSA-5503-1 DLA-3584-1} + - netatalk 3.1.17~ds-1 (bug #1052087) + NOTE: https://github.com/Netatalk/netatalk/issues/486 + NOTE: https://github.com/Netatalk/netatalk/pull/485 + NOTE: Fixed by: https://github.com/Netatalk/netatalk/commit/a0ee3c246ee9e082436192290610a4d812fc0b7f (main) + NOTE: Fixed by: https://github.com/Netatalk/netatalk/commit/f6364ef0e5f1b7de88c5e837434af8a5df4c4c75 (netatalk-3-1-17) +CVE-2023-34967 (A Type Confusion vulnerability was found in Samba's mdssvc RPC service ...) + {DSA-5477-1} + - samba 2:4.18.5+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-34967.html +CVE-2023-34966 (An infinite loop vulnerability was found in Samba's mdssvc RPC service ...) + {DSA-5477-1} + - samba 2:4.18.5+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-34966.html +CVE-2023-3750 (A flaw was found in libvirt. The virStoragePoolObjListSearch function ...) + - libvirt 9.6.0-1 (bug #1041811) + [bookworm] - libvirt (Minor issue) + [bullseye] - libvirt (Vulnerable code not present) + [buster] - libvirt (Vulnerable code not present) + NOTE: https://listman.redhat.com/archives/libvir-list/2023-July/240776.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222210 + NOTE: Introduced with: https://gitlab.com/libvirt/libvirt/-/commit/0c4b391e2a90c3e0f8a8721cb539e03f14eb1d5e (v8.3.0-rc1) + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/9a47442366fcf8a7b6d7422016d7bbb6764a1098 (v9.6.0-rc1) +CVE-2023-3748 (A flaw was found in FRRouting when parsing certain babeld unicast hell ...) + - frr (bug #1042473) + [bullseye] - frr (The vulnerable code was introduced later) + [buster] - frr (The vulnerable code was introduced later) + NOTE: https://github.com/FRRouting/frr/issues/11808 + NOTE: https://github.com/FRRouting/frr/pull/12950 + NOTE: https://github.com/FRRouting/frr/pull/12952 + NOTE: https://github.com/FRRouting/frr/commit/0a95d121ca8e1f43d41d952d6c82d111ca850085 (frr-8.5) +CVE-2023-3745 (A heap-based buffer overflow issue was found in ImageMagick's PushChar ...) + - imagemagick 8:6.9.11.24+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/1857 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7486477aa00c5c7856b111506da075b6cdfa8b73 (6.9.11-0) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b466a96965afc1308a4ace93f5535c2b770f294b (6.9.11-0) +CVE-2023-3446 (Issue summary: Checking excessively long DH keys or parameters may be ...) + {DLA-3530-1} + - openssl 3.0.10-1 (bug #1041817) + [bookworm] - openssl 3.0.10-1~deb12u1 + [bullseye] - openssl 1.1.1v-0~deb11u1 + NOTE: https://www.openssl.org/news/secadv/20230719.txt + NOTE: https://github.com/openssl/openssl/commit/9e0094e2aa1b3428a12d5095132f133c078d3c3d (master) + NOTE: https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb (openssl-3.0.10) + NOTE: https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528 (OpenSSL_1_1_1v) +CVE-2023-32001 + REJECTED +CVE-2023-3740 (Insufficient validation of untrusted input in Themes in Google Chrome ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3738 (Inappropriate implementation in Autofill in Google Chrome prior to 115 ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3737 (Inappropriate implementation in Notifications in Google Chrome prior t ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3736 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3735 (Inappropriate implementation in Web API Permission Prompts in Google C ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3734 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3733 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3732 (Out of bounds memory access in Mojo in Google Chrome prior to 115.0.57 ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3730 (Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 a ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3728 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allow ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3727 (Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allow ...) + {DSA-5456-1} + - chromium 115.0.5790.98-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3743 (Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote ...) + NOT-FOR-US: Ap Page Builder +CVE-2023-38326 + REJECTED +CVE-2023-38257 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insec ...) + NOT-FOR-US: Iagona ScrutisWeb +CVE-2023-37973 (Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Repla ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37892 (Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - Plug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37889 (Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37788 (goproxy v1.1 was discovered to contain an issue which can lead to a De ...) + - golang-github-elazarl-goproxy (bug #1042474) + [bookworm] - golang-github-elazarl-goproxy (Minor issue) + [bullseye] - golang-github-elazarl-goproxy (Minor issue) + [buster] - golang-github-elazarl-goproxy (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/elazarl/goproxy/issues/502 +CVE-2023-37758 (D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: D-Link +CVE-2023-37481 (Fides is an open-source privacy engineering platform for managing data ...) + NOT-FOR-US: Fides +CVE-2023-37480 (Fides is an open-source privacy engineering platform for managing data ...) + NOT-FOR-US: Fides +CVE-2023-37477 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-37387 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37386 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helpe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37259 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip ...) + NOT-FOR-US: Node matrix-react-sdk +CVE-2023-37143 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) + NOT-FOR-US: Microsoft +CVE-2023-37142 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) + NOT-FOR-US: Microsoft +CVE-2023-37141 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) + NOT-FOR-US: Microsoft +CVE-2023-37140 (ChakraCore branch master cbb9b was discovered to contain a segmentatio ...) + NOT-FOR-US: Microsoft +CVE-2023-37139 (ChakraCore branch master cbb9b was discovered to contain a stack overf ...) + NOT-FOR-US: Microsoft +CVE-2023-36670 (A remotely exploitable command injection vulnerability was found on th ...) + NOT-FOR-US: Kratos NGC-IDU +CVE-2023-36669 (Missing Authentication for a Critical Function within the Kratos NGC I ...) + NOT-FOR-US: Kratos NGC-IDU +CVE-2023-36384 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36383 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Mag ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36120 + REJECTED +CVE-2023-35763 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a crypto ...) + NOT-FOR-US: Iagona ScrutisWeb +CVE-2023-35189 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote ...) + NOT-FOR-US: Iagona ScrutisWeb +CVE-2023-34330 (AMI SPx contains a vulnerability in the BMC where a user may inject co ...) + NOT-FOR-US: AMI SPx +CVE-2023-34329 (AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cau ...) + NOT-FOR-US: AMI SPx +CVE-2023-34035 (Spring Security versions 5.8prior to 5.8.5, 6.0prior to 6.0.5,and 6.1p ...) + - libspring-security-2.0-java +CVE-2023-33871 (Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a direct ...) + NOT-FOR-US: Iagona ScrutisWeb +CVE-2023-33329 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33312 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Ea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33265 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) + - hazelcast (bug #745640) +CVE-2023-33231 (XSS attack was possible in DPA 2023.2 due to insufficient input valida ...) + NOT-FOR-US: SolarWinds +CVE-2023-32965 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31441 (In NATO Communications and Information Agency anet (aka Advisor Networ ...) + NOT-FOR-US: NATO Communications and Information Agency anet +CVE-2023-2913 (An executable used in Rockwell Automation ThinManager ThinServer can b ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2433 (The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scri ...) + NOT-FOR-US: YARPP plugin for WordPress +CVE-2021-4428 (A vulnerability has been found in what3words Autosuggest Plugin up to ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36762 (A vulnerability was found in ONS Digital RAS Collection Instrument up ...) + NOT-FOR-US: ONS Digital RAS Collection Instrument +CVE-2018-25088 (A vulnerability, which was classified as critical, was found in Blue Y ...) + NOT-FOR-US: Blue Yonder postgraas_server +CVE-2023-3724 (If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor ...) + - wolfssl 5.5.4-2.1 (bug #1041699) + [bookworm] - wolfssl (Minor issue) + [bullseye] - wolfssl (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/pull/6412 + NOTE: https://github.com/wolfSSL/wolfssl/commit/00f1eddee429ff51390b20caadd2eb6afe51e1aa (v5.6.2-stable) +CVE-2023-3714 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3713 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3709 (The Royal Elementor Addons plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3708 (Several themes for WordPress by DeoThemes are vulnerable to Reflected ...) + NOT-FOR-US: WordPress themes +CVE-2023-3615 (Mattermost iOS app failsto properlyvalidate the server certificate whi ...) + NOT-FOR-US: Mattermost iOS app +CVE-2023-3614 (Mattermost fails to properly validate a gif image file, allowing an at ...) + - mattermost-server (bug #823556) +CVE-2023-3613 (Mattermost WelcomeBot plugin fails to to validate the membership statu ...) + NOT-FOR-US: Mattermost plugin +CVE-2023-3593 (Mattermost fails to properly validate markdown, allowing an attacker t ...) + - mattermost-server (bug #823556) +CVE-2023-3591 (Mattermost fails to invalidate previously generated password reset tok ...) + - mattermost-server (bug #823556) +CVE-2023-3590 (Mattermostfails to delete card attachments in Boards, allowing an atta ...) + - mattermost-server (bug #823556) +CVE-2023-3587 (Mattermost fails to properly show information in the UI, allowing a sy ...) + - mattermost-server (bug #823556) +CVE-2023-3586 (Mattermost fails to disablepublic Boards after the "Enable Publicly-Sh ...) + - mattermost-server (bug #823556) +CVE-2023-3585 (Mattermost Boards fail to properly validate a board link, allowing an ...) + - mattermost-server (bug #823556) +CVE-2023-3584 (Mattermost fails to properly check the authorization ofPOST /api/v4/te ...) + - mattermost-server (bug #823556) +CVE-2023-3582 (Mattermost fails to verify channel membership when linking a board to ...) + - mattermost-server (bug #823556) +CVE-2023-3581 (Mattermost fails to properly validate the origin of a websocket connec ...) + - mattermost-server (bug #823556) +CVE-2023-3577 (Mattermost fails to properly restrict requests tolocalhost/intranet du ...) + - mattermost-server (bug #823556) +CVE-2023-3459 (The Export and Import Users and Customers plugin for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3418 (The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3403 (The ProfileGrid plugin for WordPress is vulnerable to unauthorized mod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3376 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3245 (The Floating Chat Widget WordPress plugin before 3.1.2 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3186 (The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3182 (The Membership WordPress plugin before 3.2.3 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3179 (The POST SMTP Mailer WordPress plugin before 2.5.7 does not have prope ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3041 (The Autochat Automatic Conversation WordPress plugin through 1.1.7 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-38434 (xHTTP 72f812d has a double free in close_connection in xhttp.c via a m ...) + NOT-FOR-US: xHTTP +CVE-2023-38432 (An issue was discovered in the Linux kernel before 6.3.10. fs/smb/serv ...) + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2b9b8f3b68edb3d67d79962f02e26dbb5ae3808d (6.4) +CVE-2023-38431 (An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...) + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/368ba06881c395f1c9a7ba22203cf8d78b4addc0 (6.4-rc6) +CVE-2023-38430 (An issue was discovered in the Linux kernel before 6.3.9. ksmbd does n ...) + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1c1bcf2d3ea061613119b534f57507c377df20f9 (6.4-rc6) +CVE-2023-38429 (An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/con ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/443d61d1fa9faa60ef925513d83742902390100f (6.4-rc3) +CVE-2023-38428 (An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f0a96d1aafd8964e1f9955c830a3e5cb3c60a90f (6.4-rc3) +CVE-2023-38427 (An issue was discovered in the Linux kernel before 6.3.8. fs/smb/serve ...) + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f1a411873c85b642f13b01f21b534c2bab81fc1b (6.4-rc6) +CVE-2023-38426 (An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/02f76c401d17e409ed45bf7887148fcc22c93c85 (6.4-rc3) +CVE-2023-38409 (An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/ ...) + - linux 6.1.25-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fffb0b52d5258554c645c966c6cbef7de50b851d (6.3-rc7) +CVE-2023-38405 (On Crestron 3-Series Control Systems before 1.8001.0187, crafting and ...) + NOT-FOR-US: Creston +CVE-2023-38404 (The XPRTLD web application in Veritas InfoScale Operations Manager (VI ...) + NOT-FOR-US: Veritas InfoScale +CVE-2023-38403 (iperf3 before 3.14 allows peers to cause an integer overflow and heap ...) + {DSA-5455-1 DLA-3506-1} + - iperf3 3.14-1 (bug #1040830) + NOTE: https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc + NOTE: https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 (3.14) +CVE-2023-37985 (Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Res ...) + NOT-FOR-US: WordPress themes +CVE-2023-37974 (Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Soc ...) + NOT-FOR-US: WordPress themes +CVE-2023-37968 (Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multi ...) + NOT-FOR-US: WordPress themes +CVE-2023-37850 + REJECTED +CVE-2023-37791 (D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow v ...) + NOT-FOR-US: D-Link +CVE-2023-37781 (An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to exec ...) + NOT-FOR-US: EMQX +CVE-2023-37770 (faust commit ee39a19 was discovered to contain a stack overflow via th ...) + - faust (unimportant) + NOTE: https://github.com/grame-cncm/faust/issues/922 + NOTE: Negligible security impact +CVE-2023-37769 (stress-test master commit e4c878 was discovered to contain a FPE vulne ...) + - pixman (unimportant) + NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 + NOTE: Crash in test tool, no security impact +CVE-2023-37479 (Open Enclave is a hardware-agnostic open source library for developing ...) + NOT-FOR-US: Open Enclave +CVE-2023-37476 (OpenRefine is a free, open source tool for data processing. A carefull ...) + - openrefine 3.6.2-3 (bug #1041422) + [bookworm] - openrefine 3.6.2-2+deb12u1 + NOTE: https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-m88m-crr9-jvqq + NOTE: https://github.com/OpenRefine/OpenRefine/commit/e9c1e65d58b47aec8cd676bd5c07d97b002f205e (master) + NOTE: https://github.com/OpenRefine/OpenRefine/commit/c40c84d8170c4d61c6a0926531b552a50caa5651 (3.7.4) +CVE-2023-37475 (Hamba avro is a go lang encoder/decoder implementation of the avro cod ...) + NOT-FOR-US: Hamba avro +CVE-2023-37461 (Metersphere is an opensource testing framework. Files uploaded to Mete ...) + NOT-FOR-US: Metersphere +CVE-2023-37266 (CasaOS is an open-source Personal Cloud system. Unauthenticated attack ...) + NOT-FOR-US: CasaOS +CVE-2023-37265 (CasaOS is an open-source Personal Cloud system. Due to a lack of IP ad ...) + NOT-FOR-US: CasaOS +CVE-2023-36656 (Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI be ...) + NOT-FOR-US: Jaegertracing UI +CVE-2023-36514 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shippin ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-36513 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Automat ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-36511 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-35880 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-35818 (An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devi ...) + NOT-FOR-US: Expressif +CVE-2023-35096 (Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <=2.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35089 (Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35038 (Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34669 (TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability ...) + NOT-FOR-US: TOTOLINK +CVE-2023-34143 (Improper Validation of Certificate with Host Mismatch vulnerability in ...) + NOT-FOR-US: Hitachi +CVE-2023-34142 (Cleartext Transmission of Sensitive Information vulnerability in Hitac ...) + NOT-FOR-US: Hitachi +CVE-2023-34141 (A command injection vulnerability in the access point (AP) management ...) + NOT-FOR-US: Zyxel +CVE-2023-34140 (A buffer overflow vulnerability in the Zyxel ATP series firmware versi ...) + NOT-FOR-US: Zyxel +CVE-2023-34139 (A command injection vulnerability in the Free Time WiFi hotspot featur ...) + NOT-FOR-US: Zyxel +CVE-2023-34138 (A command injection vulnerability in the hotspot management feature of ...) + NOT-FOR-US: Zyxel +CVE-2023-34036 (Reactive web applications that use Spring HATEOAS to produce hypermedi ...) + NOT-FOR-US: Spring HATEOAS +CVE-2023-34005 (Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design F ...) + NOT-FOR-US: Etoile Web Design +CVE-2023-33012 (A command injection vulnerability in the configuration parser of the Z ...) + NOT-FOR-US: Zyxel +CVE-2023-33011 (A format string vulnerability in the Zyxel ATP series firmware version ...) + NOT-FOR-US: Zyxel +CVE-2023-31998 (A heap overflow vulnerability found in EdgeRouters and Aircubes allows ...) + NOT-FOR-US: Ubiquiti +CVE-2023-31853 (Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin ...) + NOT-FOR-US: Cudy LT400 +CVE-2023-31852 (Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-b ...) + NOT-FOR-US: Cudy LT400 +CVE-2023-31851 (Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in ...) + NOT-FOR-US: Cudy LT400 +CVE-2023-2963 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Oliva Expertise +CVE-2023-2960 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Oliva Expertise +CVE-2023-2959 (Authentication Bypass by Primary Weakness vulnerability in Oliva Exper ...) + NOT-FOR-US: Oliva Expertise +CVE-2023-2958 (Authorization Bypass Through User-Controlled Key vulnerability in Orig ...) + NOT-FOR-US: Origin Software ATS Pro +CVE-2023-2912 (Use After Free vulnerability in Secomea SiteManager Embedded allows Ob ...) + NOT-FOR-US: Secomea SiteManager Embedded +CVE-2023-2701 (The Gravity Forms WordPress plugin before 2.7.5 does not escape genera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2636 (The AN_GradeBook WordPress plugin through 5.0.1 does not properly sani ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2579 (The InventoryPress WordPress plugin through 1.7 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2330 (The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2329 (The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 d ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36695 (Incorrect Default Permissions vulnerability in Hitachi Device Manager ...) + NOT-FOR-US: Hitachi +CVE-2015-10122 (A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3700 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: easyappointments +CVE-2023-3696 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...) + NOT-FOR-US: Mongoose +CVE-2023-3695 (A vulnerability classified as critical has been found in Campcodes Bea ...) + NOT-FOR-US: Campcodes Beauty Salon Management System +CVE-2023-3694 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2023-3693 (A vulnerability classified as critical was found in SourceCodester Lif ...) + NOT-FOR-US: SourceCodester +CVE-2023-3496 + REJECTED +CVE-2023-35901 (IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 thro ...) + NOT-FOR-US: IBM +CVE-2023-35012 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-33857 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2023-2760 (An SQL injection vulnerability exists in TapHome core HandleMessageUpd ...) + NOT-FOR-US: TapHome +CVE-2023-2759 (A hidden API exists in TapHome's core platform before version 2023.2 t ...) + NOT-FOR-US: TapHome +CVE-2022-4952 (A vulnerability has been found in OmniSharp csharp-language-server-pro ...) + NOT-FOR-US: OmniSharp +CVE-2023-3691 (A vulnerability, which was classified as problematic, was found in lay ...) + NOT-FOR-US: layui +CVE-2023-3690 (A vulnerability, which was classified as critical, has been found in B ...) + NOT-FOR-US: Bylancer QuickOrder +CVE-2023-3689 (A vulnerability classified as critical was found in Bylancer QuickQR 6 ...) + NOT-FOR-US: Bylancer QuickQR +CVE-2023-3688 (A vulnerability classified as critical has been found in Bylancer Quic ...) + NOT-FOR-US: Bylancer QuickJob +CVE-2023-3687 (A vulnerability was found in Bylancer QuickVCard 2.1. It has been rate ...) + NOT-FOR-US: Bylancer QuickVCard +CVE-2023-3686 (A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has bee ...) + NOT-FOR-US: Bylancer QuickAI +CVE-2023-3685 (A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1 ...) + NOT-FOR-US: Nesote Inout Search Engine AI Edition +CVE-2023-3684 (A vulnerability was found in LivelyWorks Articart 2.0.1 and classified ...) + NOT-FOR-US: LivelyWorks Articart +CVE-2023-3674 (A flaw was found in the keylime attestation verifier, which fails to f ...) + NOT-FOR-US: Keylime +CVE-2023-38379 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) + NOT-FOR-US: RIGOL +CVE-2023-38378 (The web interface on the RIGOL MSO5000 digital oscilloscope with firmw ...) + NOT-FOR-US: RIGOL +CVE-2023-3692 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...) + NOT-FOR-US: admidio +CVE-2023-3683 (A vulnerability has been found in LivelyWorks Articart 2.0.1 and class ...) + NOT-FOR-US: LivelyWorks Articart +CVE-2023-37811 + REJECTED +CVE-2023-37810 + REJECTED +CVE-2023-37809 + REJECTED +CVE-2023-37808 + REJECTED +CVE-2023-37807 + REJECTED +CVE-2023-37806 + REJECTED +CVE-2023-37805 + REJECTED +CVE-2023-37804 + REJECTED +CVE-2023-37803 + REJECTED +CVE-2023-37802 + REJECTED +CVE-2023-37801 + REJECTED +CVE-2023-37800 + REJECTED +CVE-2023-36169 + REJECTED +CVE-2023-36168 + REJECTED +CVE-2023-36166 + REJECTED +CVE-2023-36165 + REJECTED +CVE-2023-3682 (A vulnerability, which was classified as critical, was found in Nesote ...) + NOT-FOR-US: Nesote Inout Blockchain +CVE-2023-3681 (A vulnerability classified as problematic was found in Campcodes Retro ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-3680 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2023-3679 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester +CVE-2023-2507 (CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to exe ...) + NOT-FOR-US: CleverTap Cordova Plugin +CVE-2023-3678 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-38350 (PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via t ...) + - pnp4nagios + NOTE: https://github.com/pnp4nagios/pnp4nagios/pull/16 +CVE-2023-38349 (PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controlle ...) + - pnp4nagios + NOTE: https://github.com/pnp4nagios/pnp4nagios/pull/17 +CVE-2023-38337 (rswag before 2.10.1 allows remote attackers to read arbitrary JSON and ...) + NOT-FOR-US: rswag +CVE-2023-38336 (netkit-rcp in rsh-client 0.17-24 allows command injection via filename ...) + - netkit-rsh (bug #1039689) + [bookworm] - netkit-rsh (Minor issue) + [bullseye] - netkit-rsh (Minor issue) + [buster] - netkit-rsh (Minor issue) +CVE-2023-37794 (WAYOS FBM-291W 19.09.11V was discovered to contain a command injection ...) + NOT-FOR-US: WAYOS +CVE-2023-37793 (WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow v ...) + NOT-FOR-US: WAYOS +CVE-2023-37472 (Knowage is an open source suite for business analytics. The applicatio ...) + NOT-FOR-US: Knowage +CVE-2023-37464 (OpenIDC/cjose is a C library implementing the Javascript Object Signin ...) + {DSA-5472-1 DLA-3515-1} + - cjose 0.6.2.2-1 (bug #1041423) + NOTE: https://github.com/OpenIDC/cjose/security/advisories/GHSA-3rhg-3gf2-6xgj + NOTE: https://github.com/OpenIDC/cjose/commit/7325e9a5e71e2fc0e350487ecac7d84acdf0ed5e (v0.6.2.2) +CVE-2023-37462 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37268 (Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn' ...) + NOT-FOR-US: Warpgate +CVE-2023-36818 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2023-36811 (borgbackup is an opensource, deduplicating archiver with compression a ...) + - borgbackup 1.2.5-1 + [bookworm] - borgbackup (Minor issue) + [bullseye] - borgbackup (Minor issue) + [buster] - borgbackup (Minor issue) + NOTE: https://github.com/borgbackup/borg/security/advisories/GHSA-8fjr-hghr-4m99 + NOTE: https://github.com/borgbackup/borg/commit/a2ee13fd341dcd004b4a06b17d6f2fc759327861 + NOTE: https://github.com/borgbackup/borg/commit/bfead4b288833f890523d8881797ff6b345edaf9 + NOTE: https://github.com/borgbackup/borg/commit/462c1bdf2e597bd2e276c8fea82c84fabc0b7244 + NOTE: https://github.com/borgbackup/borg/commit/277b0b81a860f4518d7bf0cc0951e77f9c99336d + NOTE: https://github.com/borgbackup/borg/commit/b23e6cb73da01df038f7bd10c34a91c7187817b0 + NOTE: https://github.com/borgbackup/borg/commit/95b560442284eda3ffae403c3086d549f6e121b8 + NOTE: https://github.com/borgbackup/borg/commit/5cd2060345f38f2e0324ab178f847c2f45598b12 + NOTE: https://github.com/borgbackup/borg/commit/56da3987111eb80b4ca38ac3e6aaa7953c61d2e3 + NOTE: https://github.com/borgbackup/borg/commit/449cd51b73b0710a940af8cefe74793ce81563f4 + NOTE: https://github.com/borgbackup/borg/commit/f334ef1b4de2f8a359ededa41ce13358b81e63c1 + NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811 + NOTE: Requires significant work to check and repair a repo after the upgrade. +CVE-2023-36466 (Discourse is an open source discussion platform. When editing a topic, ...) + NOT-FOR-US: Discourse +CVE-2023-35802 (IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Ove ...) + NOT-FOR-US: Extreme Network AP devices +CVE-2023-34236 (Weave GitOps Terraform Controller (aka Weave TF-controller) is a contr ...) + NOT-FOR-US: Weave GitOps Terraform Controller +CVE-2023-3673 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.) + NOT-FOR-US: pimcore +CVE-2023-3672 (Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webment ...) + NOT-FOR-US: plaidweb/webmention.js +CVE-2023-3633 (An out-of-bounds writevulnerability in Bitdefender Engines on Windows ...) + NOT-FOR-US: Bitdefender +CVE-2023-3434 (Improper Input Validation in the hyperlink interpretation inSavoir-fai ...) + NOT-FOR-US: Savoir-faire Linux's Jami +CVE-2023-3433 (The "nickname" field within Savoir-faire Linux's Jami application is s ...) + NOT-FOR-US: Savoir-faire Linux's Jami +CVE-2023-38325 (The cryptography package before 41.0.2 for Python mishandles SSH certi ...) + - python-cryptography (Vulnerable code not present) + NOTE: https://github.com/pyca/cryptography/issues/9207 + NOTE: https://github.com/pyca/cryptography/pull/9208 + NOTE: Introduced after: https://github.com/pyca/cryptography/commit/aca8de845e751dd45fe4e48f8492f357d34d1861 (40.0.0) + NOTE: Fixed by: https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3 (main) + NOTE: Fixed by: https://github.com/pyca/cryptography/commit/e190ef190525999d1f599cf8c3aef5cb7f3a8bc4 (41.0.2) +CVE-2023-38253 (An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str fun ...) + - w3m (unimportant) + NOTE: https://github.com/tats/w3m/issues/271 + NOTE: Crash in CLI tool, no security impact +CVE-2023-38252 (An out-of-bounds read flaw was found in w3m, in the Strnew_size functi ...) + - w3m (unimportant) + NOTE: https://github.com/tats/w3m/issues/270 + NOTE: Crash in CLI tool, no security impact +CVE-2023-37474 (Copyparty is a portable file server. Versions prior to 1.8.2 are subje ...) + NOT-FOR-US: copyparty +CVE-2023-37473 (zenstruck/collections is a set of helpers for iterating/paginating/fil ...) + NOT-FOR-US: zenstruck/collections +CVE-2023-37224 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) + NOT-FOR-US: Archer +CVE-2023-37223 (Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6 ...) + NOT-FOR-US: Archer +CVE-2023-36888 (Microsoft Edge for Android (Chromium-based) Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36887 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36883 (Microsoft Edge for iOS Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36850 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...) + NOT-FOR-US: Juniper +CVE-2023-36849 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-36848 (An Improper Handling of Undefined Values vulnerability in the periodic ...) + NOT-FOR-US: Juniper +CVE-2023-36840 (A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) o ...) + NOT-FOR-US: Juniper +CVE-2023-36838 (An Out-of-bounds Read vulnerability in the flow processing daemon (flo ...) + NOT-FOR-US: Juniper +CVE-2023-36836 (A Use of an Uninitialized Resource vulnerability in the routing protoc ...) + NOT-FOR-US: Juniper +CVE-2023-36835 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-36834 (An Incomplete Internal State Distinction vulnerability in the packet f ...) + NOT-FOR-US: Juniper +CVE-2023-36833 (A Use After Free vulnerability in the packet forwarding engine (PFE) o ...) + NOT-FOR-US: Juniper +CVE-2023-36832 (An Improper Handling of Exceptional Conditions vulnerability in packet ...) + NOT-FOR-US: Juniper +CVE-2023-36831 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-36119 + REJECTED +CVE-2023-35692 (In getLocationCache of GeoLocation.java, there is a possible way to se ...) + NOT-FOR-US: Android +CVE-2023-32761 (Cross Site Request Forgery (CSRF) vulnerability in Archer Platform bef ...) + NOT-FOR-US: Archer +CVE-2023-32760 (An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6. ...) + NOT-FOR-US: Archer +CVE-2023-32759 (An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6. ...) + NOT-FOR-US: Archer +CVE-2023-2975 (Issue summary: The AES-SIV cipher implementation contains a bug that c ...) + - openssl 3.0.10-1 (bug #1041818) + [bookworm] - openssl 3.0.10-1~deb12u1 + [bullseye] - openssl (Vulnerable code not present, only affects 3.x) + [buster] - openssl (Vulnerable code not present, only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20230714.txt + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598 (openssl-3.0.10) +CVE-2023-3668 (Improper Encoding or Escaping of Output in GitHub repository froxlor/f ...) + - froxlor (bug #581792) +CVE-2023-3649 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of ser ...) + {DSA-5559-1} + - wireshark 4.0.7-1 (bug #1041101) + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-22.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19164 +CVE-2023-3648 (Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 ...) + {DSA-5559-1} + - wireshark 4.0.7-1 (bug #1041101) + [bullseye] - wireshark (Vulnerable code not present) + [buster] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-21.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19105 + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/f8d308e9affefea9cca4bd5f2672f4c09688d4e0 (master) + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/b6c69cc5a996a665b3b86112ff38ff026e4c3994 (backport to 4.0.2) + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/e0bd9d312c362318fd19e41c6c0e23fc81d42253 (backport to 3.6.10) +CVE-2023-3514 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer ...) + NOT-FOR-US: Razer +CVE-2023-3513 (Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer ...) + NOT-FOR-US: Razer +CVE-2023-38286 (Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spr ...) + NOT-FOR-US: thymeleaf +CVE-2023-37849 (A DLL hijacking vulnerability in Panda Security VPN for Windows prior ...) + NOT-FOR-US: thymeleafPanda Security VPN +CVE-2023-37839 (An arbitrary file upload vulnerability in /dede/file_manage_control.ph ...) + NOT-FOR-US: Dede CMS +CVE-2023-37837 (libjpeg commit db33a6e was discovered to contain a heap buffer overflo ...) + - libjpeg (bug #1041103) + [bookworm] - libjpeg (Minor issue) + [bullseye] - libjpeg (Minor issue) + NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG0 + NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e +CVE-2023-37836 (libjpeg commit db33a6e was discovered to contain a reachable assertion ...) + - libjpeg (bug #1041103) + [bookworm] - libjpeg (Minor issue) + [bullseye] - libjpeg (Minor issue) + NOTE: https://github.com/thorfdbg/libjpeg/issues/87#BUG1 + NOTE: Fixed by: https://github.com/thorfdbg/libjpeg/commit/9e0cea29d7ba7a2c1e763865391bc94b336da25e +CVE-2023-37723 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37722 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37721 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37719 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37718 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37717 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, ...) + NOT-FOR-US: Tenda +CVE-2023-37716 (Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, ...) + NOT-FOR-US: Tenda +CVE-2023-37715 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37714 (Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered ...) + NOT-FOR-US: Tenda +CVE-2023-37599 (An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain s ...) + NOT-FOR-US: issabel-pbx +CVE-2023-37598 (A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0 ...) + NOT-FOR-US: issabel-pbx +CVE-2023-37468 (Feedbacksystem is a personalized feedback system for students using ar ...) + NOT-FOR-US: Feedbacksystem +CVE-2023-37466 (vm2 is an advanced vm/sandbox for Node.js. The library contains critic ...) + NOT-FOR-US: Node vm2 +CVE-2023-37278 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-46gp-f96h-53w4 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-37275 (Auto-GPT is an experimental open-source application showcasing the cap ...) + NOT-FOR-US: Auto-GPT +CVE-2023-37274 (Auto-GPT is an experimental open-source application showcasing the cap ...) + NOT-FOR-US: Auto-GPT +CVE-2023-37273 (Auto-GPT is an experimental open-source application showcasing the cap ...) + NOT-FOR-US: Auto-GPT +CVE-2023-37272 (JS7 is an Open Source Job Scheduler. Users specify file names when upl ...) + NOT-FOR-US: JS7 +CVE-2023-36473 (Discourse is an open source discussion platform. A CSP (Content Securi ...) + NOT-FOR-US: Discourse +CVE-2023-35945 (Envoy is a cloud-native high-performance edge/middle/service proxy. En ...) + - envoyproxy (bug #987544) +CVE-2023-3661 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-3660 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-3659 (A vulnerability has been found in SourceCodester AC Repair and Service ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-3658 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-3657 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-37787 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...) + NOT-FOR-US: Geeklog +CVE-2023-37786 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 ...) + NOT-FOR-US: Geeklog +CVE-2023-37785 (A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and be ...) + NOT-FOR-US: ImpressCMS +CVE-2023-37746 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37745 (A cross-site scripting (XSS) vulnerability in Maid Hiring Management S ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37744 (Maid Hiring Management System v1.0 was discovered to contain a cross-s ...) + NOT-FOR-US: Maid Hiring Management System +CVE-2023-37743 (A cross-site scripting (XSS) vulnerability in Teacher Subject Allocati ...) + NOT-FOR-US: Teacher Subject Allocation System +CVE-2023-37463 (cmark-gfm is an extended version of the C reference implementation of ...) + - cmark-gfm (bug #1041097) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1041098) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1041099) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1041100) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-w4qg-3vf7-m9x5 +CVE-2023-37267 (Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco c ...) + NOT-FOR-US: Umbraco +CVE-2023-35833 (An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When mo ...) + NOT-FOR-US: YSoft SAFEQ 6 Server +CVE-2023-35070 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: VegaGroup Web Collection +CVE-2023-34458 (mx-chain-go is the official implementation of the MultiversX blockchai ...) + NOT-FOR-US: mx-chain-go +CVE-2023-33768 (Incorrect signature verification of the firmware during the Device Fir ...) + NOT-FOR-US: Belkin +CVE-2023-31825 (An issue found in Inageya v.13.4.1 allows a remote attacker to gain ac ...) + NOT-FOR-US: Inageya +CVE-2023-31824 (An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote at ...) + NOT-FOR-US: DERICIA +CVE-2023-31823 (An issue found in Marui Co Marui Official app v.13.6.1 allows a remote ...) + NOT-FOR-US: Marui Co Marui Official app +CVE-2023-31822 (An issue found in Entetsu Store v.13.4.1 allows a remote attacker to g ...) + NOT-FOR-US: Entetsu Store +CVE-2023-31821 (An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to ...) + NOT-FOR-US: ALBIS +CVE-2023-31820 (An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker t ...) + NOT-FOR-US: Shizutetsu Store +CVE-2023-31819 (An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a ...) + NOT-FOR-US: KEISEI Store +CVE-2023-31705 (A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester ...) + NOT-FOR-US: Sourcecodester +CVE-2023-31704 (Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to I ...) + NOT-FOR-US: Sourcecodester Online Computer and Laptop Store +CVE-2023-3444 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-3424 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-3363 (An information disclosure issue in Gitlab CE/EE affecting all versions ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-3362 (An information disclosure issue in GitLab CE/EE affecting all versions ...) + - gitlab 16.0.7+ds1-2 +CVE-2023-3343 (The User Registration plugin for WordPress is vulnerable to PHP Object ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3342 (The User Registration plugin for WordPress is vulnerable to arbitrary ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3319 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: PlatPlay DSr +CVE-2023-38199 (coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does n ...) + - modsecurity-crs 3.3.5-1 (bug #1041109) + [bookworm] - modsecurity-crs (Minor issue) + [bullseye] - modsecurity-crs (Minor issue) + [buster] - modsecurity-crs (Minor issue) + NOTE: https://github.com/coreruleset/coreruleset/issues/3191 + NOTE: https://github.com/coreruleset/coreruleset/pull/3237 +CVE-2023-38198 (acme.sh before 3.0.6 runs arbitrary commands from a remote server via ...) + NOT-FOR-US: acme.sh +CVE-2023-38197 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6 ...) + {DLA-3539-1} + - qt6-base (bug #1041104) + [bookworm] - qt6-base (Minor issue) + - qtbase-opensource-src-gles 5.15.10+dfsg-3 (bug #1041106) + [bookworm] - qtbase-opensource-src-gles (Minor issue) + [bullseye] - qtbase-opensource-src-gles (Minor issue) + - qtbase-opensource-src 5.15.10+dfsg-3 (bug #1041105) + [bookworm] - qtbase-opensource-src (Minor issue) + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qt4-x11 + NOTE: https://www.qt.io/blog/security-advisory-qxmlstreamreader-1 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/488960 +CVE-2023-37568 (ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC- ...) + NOT-FOR-US: ELECOM +CVE-2023-37567 (Command injection vulnerability in ELECOM and LOGITEC wireless LAN rou ...) + NOT-FOR-US: ELECOM +CVE-2023-37566 (Command injection vulnerability in ELECOM and LOGITEC wireless LAN rou ...) + NOT-FOR-US: ELECOM +CVE-2023-37565 (Code injection vulnerability in ELECOM wireless LAN routers allows a n ...) + NOT-FOR-US: ELECOM +CVE-2023-37564 (OS command injection vulnerability in ELECOM wireless LAN routers allo ...) + NOT-FOR-US: ELECOM +CVE-2023-37563 (ELECOM wireless LAN routers are vulnerable to sensitive information ex ...) + NOT-FOR-US: ELECOM +CVE-2023-37562 (Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167 ...) + NOT-FOR-US: ELECOM +CVE-2023-37561 (Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM ...) + NOT-FOR-US: ELECOM +CVE-2023-37560 (Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, a ...) + NOT-FOR-US: ELECOM +CVE-2023-37415 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache Airflow Apache Hive Provider +CVE-2023-35694 (In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a pos ...) + NOT-FOR-US: Android kernel (samsung_slsi) +CVE-2023-35693 (In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corrupt ...) + - linux (Android-specific incfs) +CVE-2023-35691 (there is a possible out of bounds read due to a missing bounds check. ...) + NOT-FOR-US: Android +CVE-2023-35069 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Bullwark +CVE-2023-34137 (SonicWall GMS and Analytics CAS Web Services application use static va ...) + NOT-FOR-US: SonicWall +CVE-2023-34136 (Vulnerability in SonicWall GMS and Analytics allows unauthenticated at ...) + NOT-FOR-US: SonicWall +CVE-2023-34135 (Path Traversal vulnerability in SonicWall GMS and Analytics allows a r ...) + NOT-FOR-US: SonicWall +CVE-2023-34134 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: SonicWall +CVE-2023-34133 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: SonicWall +CVE-2023-34132 (Use of password hash instead of password for authentication vulnerabil ...) + NOT-FOR-US: SonicWall +CVE-2023-34131 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: SonicWall +CVE-2023-34130 (SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TE ...) + NOT-FOR-US: SonicWall +CVE-2023-34129 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: SonicWall +CVE-2023-34128 (Tomcat application credentials are hardcoded in SonicWall GMS and Anal ...) + NOT-FOR-US: SonicWall +CVE-2023-34127 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: SonicWall +CVE-2023-34126 (Vulnerability in SonicWall GMS and Analytics allows an authenticated a ...) + NOT-FOR-US: SonicWall +CVE-2023-34125 (Path Traversal vulnerability in GMS and Analytics allows an authentica ...) + NOT-FOR-US: SonicWall +CVE-2023-34124 (The authentication mechanism in SonicWall GMS and Analytics Web Servic ...) + NOT-FOR-US: SonicWall +CVE-2023-34123 (Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, So ...) + NOT-FOR-US: SonicWall +CVE-2023-33274 (The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains ...) + NOT-FOR-US: PowerShield SNMP Web Pro +CVE-2023-2957 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Florist Site +CVE-2023-2620 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-2576 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-3644 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-3643 (A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been c ...) + NOT-FOR-US: Boss Mini +CVE-2023-3642 (A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 an ...) + NOT-FOR-US: GZ Scripts Vacation Rental Website +CVE-2023-3641 (A vulnerability has been found in khodakhah NodCMS 3.4.1 and classifie ...) + NOT-FOR-US: khodakhah NodCMS +CVE-2023-3640 (A possible unauthorized memory access flaw was found in the Linux kern ...) + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2217523 +CVE-2023-3635 (GzipSource does not handle an exception that might be raised when pars ...) + - okio (Doesn't ship Kotlin variant yet) + NOTE: https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/ + NOTE: https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b +CVE-2023-3596 (Where this vulnerability exists in the Rockwell Automation 1756-EN4* E ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-3595 (Where this vulnerability exists in the Rockwell Automation 1756 EN2* a ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-3106 (A NULL pointer dereference vulnerability was found in netlink_dump. Th ...) + - linux 4.8.5-1 + NOTE: https:/git.kernel.org/linus/1ba5bf993c6a3142e18e68ea6452b347f9cb5635 (4.8-rc7) +CVE-2023-38069 (In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be sup ...) + - intellij-idea (bug #747616) +CVE-2023-38068 (In JetBrains YouTrack before 2023.1.16597 captcha was not properly val ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2023-38067 (In JetBrains TeamCity before 2023.05.1 build parameters of the "passwo ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38066 (In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer h ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38065 (In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the bu ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38064 (In JetBrains TeamCity before 2023.05.1 build chain parameters of the " ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38063 (In JetBrains TeamCity before 2023.05.1 stored XSS while running custom ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38062 (In JetBrains TeamCity before 2023.05.1 parameters of the "password" ty ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38061 (In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-38046 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2023-37630 (Online Piggery Management System 1.0 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Online Piggery Management System +CVE-2023-37629 (Online Piggery Management System 1.0 is vulnerable to File Upload. An ...) + NOT-FOR-US: Online Piggery Management System +CVE-2023-37628 (Online Piggery Management System 1.0 is vulnerable to SQL Injection.) + NOT-FOR-US: Online Piggery Management System +CVE-2023-37627 (Code-projects Online Restaurant Management System 1.0 is vulnerable to ...) + NOT-FOR-US: Code-projects Online Restaurant Management System +CVE-2023-37582 (The RocketMQ NameServer component still has a remote command execution ...) + NOT-FOR-US: Apache RocketMQ +CVE-2023-37456 (The session restore helper crashed whenever there was no parameter sen ...) + - firefox (Only affects Firefox on iOS) +CVE-2023-37455 (The permission request prompt from the site in the background tab was ...) + - firefox (Only affects Firefox on iOS) +CVE-2023-36266 (An issue was discovered in Keeper Password Manager for Desktop version ...) + NOT-FOR-US: Keeper Password Manager for Desktop +CVE-2023-33905 (In iwnpi server, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2023-33904 (In hci_server, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2023-33903 (In FM service, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2023-33902 (In bluetooth service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33901 (In bluetooth service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33900 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33899 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33898 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33897 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2023-33896 (In libimpl-ril, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2023-33895 (In fastDial service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2023-33894 (In fastDial service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2023-33893 (In fastDial service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2023-33892 (In fastDial service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2023-33891 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33890 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33889 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33888 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33887 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33886 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33885 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33884 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33883 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33882 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33881 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-33880 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2023-33879 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2023-33668 (DigiExam up to v14.0.2 lacks integrity checks for native modules, allo ...) + NOT-FOR-US: DigiExam +CVE-2023-32789 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: DigiExam +CVE-2023-32788 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: DigiExam +CVE-2023-37965 (A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37964 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBo ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37963 (A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37962 (A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37961 (A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37960 (Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37959 (A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37958 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37957 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37956 (A missing permission check in Jenkins Test Results Aggregator Plugin 1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37955 (A cross-site request forgery (CSRF) vulnerability in Jenkins Test Resu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37954 (A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37953 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37952 (A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37951 (Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate co ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37950 (A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37949 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37948 (Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37947 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier i ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37946 (Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier d ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37945 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37944 (A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37943 (Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-37942 (Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-3618 (A flaw was found in libtiff. A specially crafted tiff file can lead to ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 (bug #1040945) + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/529 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (v4.5.1rc1) +CVE-2023-3603 (A missing allocation check in sftp server processing read requests may ...) + - libssh (Vulnerable code not present in 0.10.5/any released version) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?id=fe80f47b0ae8902d229ef9b8a1b4fa949b92e720 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2221791 +CVE-2023-3525 (The Getnet Argentina para Woocommerce plugin for WordPress is vulnerab ...) + NOT-FOR-US: Getnet Argentina para Woocommerce plugin for WordPress +CVE-2023-3369 (The About Me 3000 widget plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: About Me 3000 widget plugin for WordPress +CVE-2023-3202 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3199 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3168 (The WP Reroute Email plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WP Reroute Email plugin for WordPress +CVE-2023-3167 (The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Mail Queue plugin for WordPress +CVE-2023-3166 (The Lana Email Logger plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: Lana Email Logger plugin for WordPress +CVE-2023-3158 (The Mail Control plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Mail Control plugin for WordPress +CVE-2023-3135 (The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: Mailtree Log Mail plugin for WordPress +CVE-2023-3127 (An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iS ...) + NOT-FOR-US: iSTAR +CVE-2023-3122 (The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: GD Mail Queue plugin for WordPress +CVE-2023-3105 (The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direc ...) + NOT-FOR-US: LearnDash LMS plugin for WordPress +CVE-2023-3093 (The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: YaySMTP plugin for WordPress +CVE-2023-3092 (The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: SMTP Mail plugin for WordPress +CVE-2023-3088 (The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WP Mail Log plugin for WordPress +CVE-2023-3087 (The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: FluentSMTP plugin for WordPress +CVE-2023-3082 (The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Post SMTP plugin for WordPress +CVE-2023-3081 (The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WP Mail Logging plugin for WordPress +CVE-2023-3080 (The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: WP Mail Catcher plugin for WordPress +CVE-2023-3023 (The WP EasyCart plugin for WordPress is vulnerable to time-based SQL I ...) + NOT-FOR-US: WP EasyCart plugin for WordPress +CVE-2023-3019 (A DMA reentrancy issue leading to a use-after-free error was found in ...) + [experimental] - qemu 1:8.1.0+ds-1~exp1 + - qemu (bug #1041102) + [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) + [buster] - qemu (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=59243 + NOTE: Proposed upstream patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html +CVE-2023-3011 (The ARMember plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: ARMember plugin for WordPress +CVE-2023-37767 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + - gpac (bug #1041421) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2514 + NOTE: https://github.com/gpac/gpac/commit/d414df635c773b21bbb3a9fbf17b101b1e8ea345 +CVE-2023-37766 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + - gpac (bug #1041421) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2516 + NOTE: https://github.com/gpac/gpac/commit/a64c60ef0983be6db8ab1e4a663e0ce83ff7bf2c +CVE-2023-37765 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + - gpac (bug #1041421) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2515 + NOTE: https://github.com/gpac/gpac/commit/36e1b9900ff638576cb88636bbbe2116ed06dfdc +CVE-2023-37200 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) + NOT-FOR-US: Schneider Electric +CVE-2023-37199 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + NOT-FOR-US: Schneider Electric +CVE-2023-37198 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + NOT-FOR-US: Schneider Electric +CVE-2023-37197 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) + NOT-FOR-US: Schneider Electric +CVE-2023-37196 (A CWE-89: Improper Neutralization of Special Elements vulnerability us ...) + NOT-FOR-US: Schneider Electric +CVE-2023-37174 (GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a seg ...) + - gpac (bug #1041421) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2505 + NOTE: https://github.com/gpac/gpac/commit/549ff4484246f2bc4d5fec6760332b43774db483 +CVE-2023-32200 (There is insufficient restrictions of called script functions in Apach ...) + - apache-jena 4.9.0-1 (bug #1041108) + [bookworm] - apache-jena (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/11/11 +CVE-2023-2869 (The WP-Members Membership plugin for WordPress is vulnerable to unauth ...) + NOT-FOR-US: WP-Members Membership plugin for WordPress +CVE-2023-2763 (Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vul ...) + NOT-FOR-US: SOLIDWORKS +CVE-2023-2762 (A Use-After-Free vulnerability in SLDPRT file reading procedure exists ...) + NOT-FOR-US: SOLIDWORKS +CVE-2023-2562 (The Gallery Metabox for WordPress is vulnerable to unauthorized access ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2561 (The Gallery Metabox for WordPress is vulnerable to unauthorized modifi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2517 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress +CVE-2021-4427 (The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPres ...) + NOT-FOR-US: Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress +CVE-2021-4426 (The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: Absolute Reviews plugin for WordPress +CVE-2021-4425 (The Defender Security plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: Defender Security plugin for WordPress +CVE-2021-4424 (The Slider Hero plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: Slider Hero plugin for WordPress +CVE-2021-4423 (The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: RAYS Grid plugin for WordPress +CVE-2021-4422 (The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: POST SMTP Mailer plugin for WordPress +CVE-2021-4421 (The Advanced Popups plugin for WordPress is vulnerable to Cross-Site R ...) + NOT-FOR-US: Advanced Popups plugin for WordPress +CVE-2021-4420 (The Sell Media plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Sell Media plugin for WordPress +CVE-2021-4419 (The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: WP-Backgrounds Lite plugin for WordPress +CVE-2021-4417 (The Forminator \u2013 Contact Form, Payment Form & Custom Form Builder ...) + NOT-FOR-US: Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress +CVE-2021-4416 (The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request F ...) + NOT-FOR-US: wp-mpdf plugin for WordPress +CVE-2021-4415 (The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: Sunshine Photo Cart plugin for WordPress +CVE-2021-4414 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) + NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress +CVE-2021-4413 (The Process Steps Template Designer plugin for WordPress is vulnerable ...) + NOT-FOR-US: Process Steps Template Designer plugin for WordPress +CVE-2021-4412 (The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WP Prayer plugin for WordPress +CVE-2021-4411 (The WP EasyPay \u2013 Square for WordPress plugin for WordPress is vul ...) + NOT-FOR-US: WP EasyPay – Square for WordPress plugin for WordPress +CVE-2021-4410 (The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site R ...) + NOT-FOR-US: Qtranslate Slug plugin for WordPress +CVE-2021-4409 (The WooCommerce Etsy Integration plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WooCommerce Etsy Integration plugin for WordPress +CVE-2021-4408 (The DW Question & Answer plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: DW Question & Answer plugin for WordPress +CVE-2021-4407 (The Custom Banners plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Custom Banners plugin for WordPress +CVE-2020-36761 (The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: Top 10 plugin for WordPress +CVE-2020-36760 (The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: Ocean Extra plugin for WordPress +CVE-2020-36757 (The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Hotel Booking plugin for WordPress +CVE-2020-36756 (The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: 10WebAnalytics plugin for WordPress +CVE-2020-36752 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...) + NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress +CVE-2020-36750 (The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: EWWW Image Optimizer plugin for WordPress +CVE-2023-37579 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache Pulsar +CVE-2023-3627 (Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/su ...) + NOT-FOR-US: SuiteCRM core +CVE-2023-3626 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System +CVE-2023-3625 (A vulnerability classified as critical was found in Suncreate Mountain ...) + NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System +CVE-2023-3624 (A vulnerability classified as critical has been found in Nesote Inout ...) + NOT-FOR-US: Nesote Inout Blockchain FiatExchanger +CVE-2023-3623 (A vulnerability was found in Suncreate Mountain Flood Disaster Prevent ...) + NOT-FOR-US: Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System +CVE-2023-3621 (A vulnerability was found in IBOS OA 4.5.5. It has been classified as ...) + NOT-FOR-US: IBOS OA +CVE-2023-3620 (Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarte ...) + NOT-FOR-US: amauric/tarteaucitron.js +CVE-2023-3619 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-3617 (A vulnerability was found in SourceCodester Best POS Management System ...) + NOT-FOR-US: SourceCodester Best POS Management System +CVE-2023-37659 (xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).) + NOT-FOR-US: xalpha +CVE-2023-37658 (fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File ...) + NOT-FOR-US: fast-poster +CVE-2023-37657 (TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: TwoNav +CVE-2023-37656 (WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via ...) + NOT-FOR-US: WebsiteGuide +CVE-2023-37597 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...) + NOT-FOR-US: issabel-pbx +CVE-2023-37596 (Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0 ...) + NOT-FOR-US: issabel-pbx +CVE-2023-37391 (Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37376 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-37375 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-37374 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-37280 (Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based o ...) + NOT-FOR-US: Pimcore Admin Classic Bundle +CVE-2023-37271 (RestrictedPython is a tool that helps to define a subset of the Python ...) + - restrictedpython 6.2-1 (bug #1041429) + [bookworm] - restrictedpython (Minor issue) + [bullseye] - restrictedpython (Minor issue) + [buster] - restrictedpython (Minor issue, no rdeps) + NOTE: https://github.com/zopefoundation/RestrictedPython/security/advisories/GHSA-wqc8-x2pr-7jqh + NOTE: https://github.com/zopefoundation/RestrictedPython/commit/c8eca66ae49081f0016d2e1f094c3d72095ef531 (master) + NOTE: https://github.com/zopefoundation/RestrictedPython/commit/d8c5aa72c5d0ec8eceab635d93d6bc8321116002 (5.3) +CVE-2023-37248 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-37247 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-37246 (A vulnerability has been identified in Tecnomatix Plant Simulation V22 ...) + NOT-FOR-US: Siemens +CVE-2023-36884 (Windows Search Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36874 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36872 (VP9 Video Extensions Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36871 (Azure Active Directory Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36868 (Azure Service Fabric on Windows Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-36867 (Visual Studio Code GitHub Pull Requests and Issues Extension Remote Co ...) + NOT-FOR-US: Microsoft +CVE-2023-36825 (Orchid is a Laravel package that allows application development of bac ...) + NOT-FOR-US: Decidim +CVE-2023-36824 (Redis is an in-memory database that persists on disk. In Redit 7.0 pri ...) + - redis 5:7.0.12-1 (bug #1040879) + [bookworm] - redis (Minor issue) + [bullseye] - redis (Vulnerable code introduced later) + [buster] - redis (Vulnerable code introduced later) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-4cfx-h9gq-xpx3 +CVE-2023-36755 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36754 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36753 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36752 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36751 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36750 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36749 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36748 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36693 (Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36690 (Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS th ...) + NOT-FOR-US: WordPress theme +CVE-2023-36687 (Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Me ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36538 (Improper access control in Zoom Rooms for Windows before version 5.15. ...) + NOT-FOR-US: Zoom +CVE-2023-36537 (Improper privilege management in Zoom Rooms for Windows before version ...) + NOT-FOR-US: Zoom +CVE-2023-36536 (Untrusted search path in the installer for Zoom Rooms for Windows befo ...) + NOT-FOR-US: Zoom +CVE-2023-36522 (Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36521 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-36390 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36389 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36386 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-36293 (SQL injection vulnerability in wmanager v.1.0.7 and before allows a re ...) + NOT-FOR-US: wmanager +CVE-2023-36167 + REJECTED +CVE-2023-36164 + REJECTED +CVE-2023-36163 (Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 ...) + NOT-FOR-US: BuildaGate +CVE-2023-35921 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-35920 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-35913 (Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Ant ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35780 (Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35778 (Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Po ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35773 (Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - Chu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35374 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35373 (Mono Authenticode Validation Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35367 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-35366 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-35365 (Windows Routing and Remote Access Service (RRAS) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-35364 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35363 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35362 (Windows Clip Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35361 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35360 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35358 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35357 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35356 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35353 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-35352 (Windows Remote Desktop Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35351 (Windows Active Directory Certificate Services (AD CS) Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2023-35350 (Windows Active Directory Certificate Services (AD CS) Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2023-35348 (Active Directory Federation Service Security Feature Bypass Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-35347 (Microsoft Install Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35346 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35345 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35344 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35343 (Windows Geolocation Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35342 (Windows Image Acquisition Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35341 (Microsoft DirectMusic Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35340 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35339 (Windows CryptoAPI Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35338 (Windows Peer Name Resolution Protocol Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35337 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35336 (Windows MSHTML Platform Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35335 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-35333 (MediaWiki PandocUpload Extension Remote Code Execution Vulnerability) + NOT-FOR-US: MediaWiki extension PandocUpload +CVE-2023-35332 (Windows Remote Desktop Protocol Security Feature Bypass) + NOT-FOR-US: Microsoft +CVE-2023-35331 (Windows Local Security Authority (LSA) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35330 (Windows Extended Negotiation Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35329 (Windows Authentication Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35328 (Windows Transaction Manager Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35326 (Windows CDP User Components Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35325 (Windows Print Spooler Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35324 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-35323 (Windows OLE Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35322 (Windows Deployment Services Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35321 (Windows Deployment Services Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35320 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-35319 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35318 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35317 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-35316 (Remote Procedure Call Runtime Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35315 (Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-35314 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35313 (Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code E ...) + NOT-FOR-US: Microsoft +CVE-2023-35312 (Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35311 (Microsoft Outlook Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35310 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35309 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35308 (Windows MSHTML Platform Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35306 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-35305 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35304 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35303 (USB Audio Class System Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35302 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-35300 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35299 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-35298 (HTTP.sys Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-35297 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-35296 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-35091 (Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Man ...) + NOT-FOR-US: WooCommerce addon +CVE-2023-35047 (Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35044 (Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Secur ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34561 (A buffer overflow in the level parsing code of RobTop Games AB Geometr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34185 (Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34119 (Insecure temporary file in the installer for Zoom Rooms for Windowsbef ...) + NOT-FOR-US: Zoom +CVE-2023-34118 (Improper privilege management in Zoom Rooms for Windows before version ...) + NOT-FOR-US: Zoom +CVE-2023-34117 (Relative path traversal in the Zoom Client SDK before version 5.15.0 m ...) + NOT-FOR-US: Zoom +CVE-2023-34116 (Improper input validation in the Zoom Desktop Client for Windows befor ...) + NOT-FOR-US: Zoom +CVE-2023-34090 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) + NOT-FOR-US: Decidim +CVE-2023-34089 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) + NOT-FOR-US: Decidim +CVE-2023-34029 (Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34015 (Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Cond ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33174 (Windows Cryptographic Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33173 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33172 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33171 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-33170 (ASP.NET and Visual Studio Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33169 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33168 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33167 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33166 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33165 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33164 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33163 (Windows Network Load Balancing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33162 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33161 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33160 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33159 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33158 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33157 (Microsoft SharePoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33156 (Microsoft Defender Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33155 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-33154 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-33153 (Microsoft Outlook Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33152 (Microsoft ActiveX Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33151 (Microsoft Outlook Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33150 (Microsoft Office Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33149 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33148 (Microsoft Office Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33134 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33127 (.NET and Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32693 (Decidim is a participatory democracy framework, written in Ruby on Rai ...) + NOT-FOR-US: Decidim +CVE-2023-32104 (Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurato ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32085 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-32084 (HTTP.sys Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32083 (Microsoft Failover Cluster Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32057 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32056 (Windows Server Update Service (WSUS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-32055 (Active Template Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32054 (Volume Shadow Copy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32053 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32052 (Microsoft Power Apps (online) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32051 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32050 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32049 (Windows SmartScreen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32047 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32046 (Windows MSHTML Platform Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32045 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32044 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32043 (Windows Remote Desktop Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32042 (OLE Automation Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32041 (Windows Update Orchestrator Service Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-32040 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-32039 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-32038 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32037 (Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-32035 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32034 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32033 (Microsoft Failover Cluster Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-31818 (An issue found in Marukyu Line v.13.4.1 allows a remote attacker to ga ...) + NOT-FOR-US: Marukyu Line +CVE-2023-31191 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...) + NOT-FOR-US: DroneScout +CVE-2023-31190 (DroneScout ds230 Remote ID receiver from BlueMark Innovations is affec ...) + NOT-FOR-US: DroneScout +CVE-2023-2746 (The Rockwell Automation Enhanced HIM software contains an API that t ...) + NOT-FOR-US: Rockwell +CVE-2023-29156 (DroneScout ds230 Remote ID receiver from BlueMark Innovationsis affect ...) + NOT-FOR-US: Rockwell +CVE-2022-48521 (An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through ...) + {DLA-3680-1} + - opendkim 2.11.0~beta2-9 (bug #1041107) + [bookworm] - opendkim 2.11.0~beta2-8+deb12u1 + [bullseye] - opendkim (Minor issue) + NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/148 +CVE-2023-36543 (Apache Airflow, versions before 2.6.3, has a vulnerability where an au ...) + - airflow (bug #819700) +CVE-2023-36542 (Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Ser ...) + NOT-FOR-US: Apache NiFi +CVE-2023-35908 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2023-3608 (A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated ...) + NOT-FOR-US: Ruijie +CVE-2023-3607 (A vulnerability was found in kodbox 1.26. It has been declared as crit ...) + NOT-FOR-US: kodbox +CVE-2023-3606 (A vulnerability was found in TamronOS up to 20230703. It has been clas ...) + NOT-FOR-US: TamronOS +CVE-2023-37191 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) + NOT-FOR-US: Issabel +CVE-2023-37190 (A stored cross-site scripting (XSS) vulnerability in Issabel issabel-p ...) + NOT-FOR-US: Issabel +CVE-2023-37189 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) + NOT-FOR-US: Issabel +CVE-2023-36925 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an una ...) + NOT-FOR-US: SAP +CVE-2023-36924 (While using a specific function, SAP ERP Defense Forces and Public Sec ...) + NOT-FOR-US: SAP +CVE-2023-36922 (Due to programming error in function module and report, IS-OIL compone ...) + NOT-FOR-US: SAP +CVE-2023-36921 (SAP Solution Manager (Diagnostics agent) - version 7.20, allows an att ...) + NOT-FOR-US: SAP +CVE-2023-36919 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + NOT-FOR-US: SAP +CVE-2023-36918 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + NOT-FOR-US: SAP +CVE-2023-36917 (SAP BusinessObjects Business Intelligence Platform - version 420, 430, ...) + NOT-FOR-US: SAP +CVE-2023-36517 (Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abs ...) + NOT-FOR-US: Kevon +CVE-2023-35874 (SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL ...) + NOT-FOR-US: SAP +CVE-2023-35873 (TheRuntime Workbench (RWB) of SAP NetWeaver Process Integration- versi ...) + NOT-FOR-US: SAP +CVE-2023-35872 (TheMessage Display Tool (MDT) of SAP NetWeaver Process Integration- ve ...) + NOT-FOR-US: SAP +CVE-2023-35871 (The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP ...) + NOT-FOR-US: SAP +CVE-2023-35870 (When creating a journal entry template in SAP S/4HANA (Manage Journal ...) + NOT-FOR-US: SAP +CVE-2023-35781 (Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin ...) + NOT-FOR-US: LWS +CVE-2023-35774 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...) + NOT-FOR-US: LWS +CVE-2023-33992 (The SAP BW BICS communication layer in SAP Business Warehouse and SAP ...) + NOT-FOR-US: SAP +CVE-2023-33990 (SAP SQL Anywhere- version 17.0, allows an attacker to prevent legitima ...) + NOT-FOR-US: SAP +CVE-2023-33989 (An attacker with non-administrative authorizations in SAP NetWeaver (B ...) + NOT-FOR-US: SAP +CVE-2023-33988 (In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_M ...) + NOT-FOR-US: SAP +CVE-2023-33987 (An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7 ...) + NOT-FOR-US: SAP +CVE-2023-31405 (SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, ...) + NOT-FOR-US: SAP +CVE-2023-3605 (A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It ...) + NOT-FOR-US: PHPGurukul Online Shopping Portal +CVE-2023-3417 (Thunderbird allowed the Text Direction Override Unicode Character in f ...) + {DSA-5463-1 DLA-3510-1} + - thunderbird 1:102.13.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3417 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-28/#CVE-2023-3417 +CVE-2023-3600 (During the worker lifecycle, a use-after-free condition could have occ ...) + - firefox 115.0.2-1 + - thunderbird (Only affected version ever only in experimental) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/#CVE-2023-3600 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/#CVE-2023-3600 +CVE-2023-3599 (A vulnerability was found in SourceCodester Best Fee Management System ...) + NOT-FOR-US: SourceCodester Best Fee Management System +CVE-2023-3580 (Improper Handling of Additional Special Element in GitHub repository s ...) + NOT-FOR-US: squidex +CVE-2023-3579 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: HadSky +CVE-2023-3578 (A vulnerability classified as critical was found in DedeCMS 5.7.109. A ...) + NOT-FOR-US: DedeCMS +CVE-2023-3574 (Improper Authorization in GitHub repository pimcore/customer-data-fram ...) + NOT-FOR-US: pimcore customer-data-framework +CVE-2023-3273 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) + NOT-FOR-US: SICK +CVE-2023-3272 (Cleartext Transmission of Sensitive Information in the SICK ICR890-4 c ...) + NOT-FOR-US: SICK +CVE-2023-3271 (Improper Access Control in the SICK ICR890-4 could allow an unauthenti ...) + NOT-FOR-US: SICK +CVE-2023-3270 (Exposure of Sensitive Information to an Unauthorized Actor in the SICK ...) + NOT-FOR-US: SICK +CVE-2023-3225 (The Float menu WordPress plugin before 5.0.3 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3219 (The EventON WordPress plugin before 2.1.2 does not validate that the e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3209 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3175 (The AI ChatBot WordPress plugin before 4.6.1 does not adequately escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3131 (The MStore API WordPress plugin before 3.9.7 does not secure most of i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3129 (The URL Shortify WordPress plugin before 1.7.0 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3118 (The Export All URLs WordPress plugin before 4.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3077 (The MStore API WordPress plugin before 3.9.8 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3076 (The MStore API WordPress plugin before 3.9.9 does not prevent visitors ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37712 (Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20( ...) + NOT-FOR-US: Tenda +CVE-2023-37711 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-37710 (Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to con ...) + NOT-FOR-US: Tenda +CVE-2023-37707 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37706 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37705 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37704 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37703 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37702 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37701 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37700 (Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2023-37392 (Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dum ...) + NOT-FOR-US: WordPress plugin +CVE-2023-37277 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-37154 + - monitoring-plugins (unimportant) + NOTE: Fix in nagios-plugins project: https://github.com/nagios-plugins/nagios-plugins/commit/e8810de21be80148562b7e0168b0a62aeedffde6 + NOTE: monitoring-plugins upstream does not plan to make an upstream change similar to + NOTE: nagios-plugins because there are valid usecases to execute stuff locally via + NOTE: check_by_ssh (although not commonly known and used). + NOTE: Documentation for expected behaviour in monitoring-plugins/check_by_ssh: + NOTE: https://github.com/monitoring-plugins/monitoring-plugins/security/advisories/GHSA-p3gv-vmpx-hhw4 + NOTE: https://joshua.hu/nagios-hacking-cve-2023-37154 +CVE-2023-37153 (KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: KodExplorer +CVE-2023-37152 (Projectworlds Online Art Gallery Project 1.0 allows unauthenticated us ...) + NOT-FOR-US: Projectworlds Online Art Gallery Project +CVE-2023-37151 + REJECTED +CVE-2023-37150 (Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scri ...) + NOT-FOR-US: Sourcecodester Online Pizza Ordering System +CVE-2023-36940 (Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Rep ...) + NOT-FOR-US: PHPGurukul Online Fire Reporting System +CVE-2023-36939 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) + NOT-FOR-US: Hostel Management System +CVE-2023-36936 (Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security ...) + NOT-FOR-US: PHPGurukul Online Security Guards Hiring System +CVE-2023-36691 (Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar Webw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36376 (Cross-Site Scripting (XSS) vulnerability in Hostel Management System v ...) + NOT-FOR-US: Hostel Management System +CVE-2023-36375 (Cross Site Scripting vulnerability in Hostel Management System v2.1 al ...) + NOT-FOR-US: Hostel Management System +CVE-2023-35912 (Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Dona ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35699 (Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthen ...) + NOT-FOR-US: SICK +CVE-2023-35698 (Observable Response Discrepancy in the SICK ICR890-4 could allow a rem ...) + NOT-FOR-US: SICK +CVE-2023-35697 (Improper Restriction of Excessive Authentication Attempts in the SICK ...) + NOT-FOR-US: SICK +CVE-2023-35696 (Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthen ...) + NOT-FOR-US: SICK +CVE-2023-34432 (A heap buffer overflow vulnerability was found in sox, in the lsx_read ...) + - sox 14.4.2+git20190427-3.2 (bug #1041110) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212291 + NOTE: https://sourceforge.net/p/sox/bugs/367/ + NOTE: Same fix as for CVE-2021-23159 +CVE-2023-34347 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) + NOT-FOR-US: Delta Electronics InfraSuite Device Master +CVE-2023-34318 (A heap buffer overflow vulnerability was found in sox, in the startrea ...) + - sox 14.4.2+git20190427-3.2 (bug #1041111) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212283 + NOTE: https://sourceforge.net/p/sox/bugs/368/ + NOTE: Same fix as for CVE-2021-23159 +CVE-2023-34316 (An attacker could bypass the latest Delta Electronics InfraSuite Devic ...) + NOT-FOR-US: Delta Electronics InfraSuite Device Master +CVE-2023-32627 (A floating point exception vulnerability was found in sox, in the read ...) + {DLA-3527-1} + - sox 14.4.2+git20190427-4 (bug #1041112) + [bookworm] - sox (Minor issue) + [bullseye] - sox (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212282 + NOTE: https://sourceforge.net/p/sox/bugs/369/ + NOTE: POC posted upstream is masked by fix of CVE-2021-3643, however sampling rate == 0, + NOTE: thus FPE is not fixed by CVE-2021-3643 + NOTE: Proposed patch: https://sourceforge.net/p/sox/bugs/_discuss/thread/e759e37389/2ead/attachment/0026-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch +CVE-2023-30765 (Delta Electronics InfraSuite Device Master versions prior to 1.0.7 con ...) + NOT-FOR-US: Delta Electronics InfraSuite Device Master +CVE-2023-2967 (The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2964 (The Simple Iframe WordPress plugin before 1.2.0 does not properly vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2796 (The EventON WordPress plugin before 2.1.2 lacks authentication and aut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2709 (The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2635 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2578 (The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2529 (The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2495 (The Greeklish-permalink WordPress plugin through 3.3 does not implemen ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2493 (The All In One Redirection WordPress plugin before 2.2.0 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26590 (A floating point exception vulnerability was found in sox, in the lsx_ ...) + - sox 14.4.2+git20190427-3.1 (bug #1041113) + [bullseye] - sox 14.4.2+git20190427-2+deb11u1 + [buster] - sox 14.4.2+git20190427-1+deb10u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2212279 + NOTE: https://sourceforge.net/p/sox/bugs/370/ + NOTE: Same fix as for CVE-2022-31650 +CVE-2016-15034 (A vulnerability was found in Dynacase Webdesk and classified as critic ...) + NOT-FOR-US: Dynacase +CVE-2015-10121 (A vulnerability has been found in Beeliked Microsite Plugin up to 1.0. ...) + NOT-FOR-US: Beeliked +CVE-2015-10120 (A vulnerability, which was classified as problematic, was found in WDS ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10119 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-XXXX [spip: Use a dedicated function to clean author data when preparing a session] + - spip 4.1.11+dfsg-1 + [bookworm] - spip 4.1.9+dfsg-1+deb12u2 + [bullseye] - spip 3.2.11-3+deb11u9 + [buster] - spip 3.2.4-1+deb10u12 + NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-4-SPIP-4-1-11.html +CVE-2023-3568 (Open Redirect in GitHub repository alextselegidis/easyappointments pri ...) + NOT-FOR-US: fossbilling +CVE-2023-37288 (SmartBPM.NET component has a vulnerability of path traversal within it ...) + NOT-FOR-US: SmartBPM.NET +CVE-2023-37287 (SmartBPM.NET has a vulnerability of using hard-coded authentication ke ...) + NOT-FOR-US: SmartBPM.NET +CVE-2023-37286 (SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine ...) + NOT-FOR-US: SmartBPM.NET +CVE-2021-4406 (An administrator is able to execute commands as root via the alerts ma ...) + NOT-FOR-US: QuantaStor +CVE-2023-3045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Tise Technology Parking Web Report +CVE-2023-36935 + REJECTED +CVE-2023-36360 + REJECTED +CVE-2023-34682 + REJECTED +CVE-2023-2853 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Softmed SelfPatron +CVE-2023-2852 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Softmed SelfPatron +CVE-2023-3567 (A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_scree ...) + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/226fae124b2dac217ea5436060d623ff3385bc34 (6.2-rc7) +CVE-2023-3566 (A vulnerability was found in wallabag 2.5.4. It has been declared as p ...) + NOT-FOR-US: Wallabag +CVE-2023-3565 (Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampass ...) + - teampass (bug #730180) +CVE-2023-3564 (A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System ...) + NOT-FOR-US: GZ Scripts GZ Multi Hotel Booking System +CVE-2023-3563 (A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and ...) + NOT-FOR-US: GZ Scripts GZ E Learning Platform +CVE-2023-3562 (A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and ...) + NOT-FOR-US: GZ Scripts PHP CRM Platform +CVE-2023-3561 (A vulnerability, which was classified as problematic, was found in GZ ...) + NOT-FOR-US: GZ Scripts PHP GZ Hotel Booking Script +CVE-2023-3560 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: GZ Scripts Ticket Booking Script +CVE-2023-3559 (A vulnerability classified as problematic was found in GZ Scripts PHP ...) + NOT-FOR-US: GZ Scripts PHP GZ Appointment Scheduling Script +CVE-2023-3558 (A vulnerability classified as problematic has been found in GZ Scripts ...) + NOT-FOR-US: GZ Scripts Event Booking Calendar +CVE-2023-3557 (A vulnerability was found in GZ Scripts Property Listing Script 1.0. I ...) + NOT-FOR-US: GZ Scripts Property Listing Script +CVE-2023-3556 (A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It ...) + NOT-FOR-US: GZ Scripts Car Listing Script PHP +CVE-2023-3555 (A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8 ...) + NOT-FOR-US: GZ Scripts PHP Vacation Rental Script +CVE-2023-3554 (A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classi ...) + NOT-FOR-US: GZ Scripts GZ Forum Script +CVE-2023-3553 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + - teampass (bug #730180) +CVE-2023-3552 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...) + - teampass (bug #730180) +CVE-2023-3551 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...) + - teampass (bug #730180) +CVE-2023-37270 (Piwigo is open source photo gallery software. Prior to version 13.8.0, ...) + - piwigo +CVE-2023-37269 (Winter is a free, open-source content management system (CMS) based on ...) + NOT-FOR-US: Winter +CVE-2023-37262 (CC: Tweaked is a mod for Minecraft which adds programmable computers, ...) + NOT-FOR-US: Tweaked mod for Minecraft +CVE-2023-37261 (OpenComputers is a Minecraft mod that adds programmable computers and ...) + NOT-FOR-US: OpenComputers mod for Minecraft +CVE-2023-32000 (A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Ver ...) + NOT-FOR-US: UniFi Network +CVE-2023-3544 (A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP ...) + NOT-FOR-US: GZ Scripts +CVE-2023-3543 (A vulnerability was found in GZ Scripts Availability Booking Calendar ...) + NOT-FOR-US: GZ Scripts +CVE-2023-3542 (A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as ...) + NOT-FOR-US: ThinuCMS +CVE-2023-3541 (A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classifie ...) + NOT-FOR-US: ThinuCMS +CVE-2023-3540 (A vulnerability, which was classified as problematic, was found in Sim ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3539 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3538 (A vulnerability classified as problematic was found in SimplePHPscript ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3537 (A vulnerability classified as problematic has been found in SimplePHPs ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3536 (A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3535 (A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It h ...) + NOT-FOR-US: SimplePHPscripts +CVE-2023-3534 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) + NOT-FOR-US: SourceCodester +CVE-2023-37308 (Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username ...) + NOT-FOR-US: Zoho +CVE-2023-37264 (Tekton Pipelines project provides k8s-style resources for declaring CI ...) + NOT-FOR-US: Tekton Pipelines +CVE-2023-37173 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37172 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37171 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37170 (TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an u ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37149 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37148 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37146 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37145 (TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2023-37144 (Tenda AC10 v15.03.06.26 was discovered to contain a command injection ...) + NOT-FOR-US: Tenda +CVE-2023-37067 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37066 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37065 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37064 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37063 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37062 (Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-37061 (Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege acco ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-36994 (In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installat ...) + NOT-FOR-US: TravianZ +CVE-2023-36993 (The cryptographically insecure random number generator being used in T ...) + NOT-FOR-US: TravianZ +CVE-2023-36992 (PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the ...) + NOT-FOR-US: TravianZ +CVE-2023-36256 (The Online Examination System Project 1.0 version is vulnerable to Cro ...) + NOT-FOR-US: Online Examination System Project +CVE-2023-36201 (An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5026 +CVE-2023-34197 (Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP ...) + NOT-FOR-US: Zoho +CVE-2023-33715 + REJECTED +CVE-2023-33664 (ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a S ...) + NOT-FOR-US: ai-dev aicombinationsonfly +CVE-2023-32183 (Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed ...) + NOT-FOR-US: hawk2 as packaged by SuSE +CVE-2023-34442 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Apache Camel JIRA +CVE-2023-35887 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Apache Mina SSHD +CVE-2023-33008 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache Johnzon +CVE-2023-3532 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) + NOT-FOR-US: Outline +CVE-2023-37192 (Memory management and protection issues in Bitcoin Core v22 allows att ...) + - bitcoin (bug #1041427) +CVE-2023-36859 (PiiGAB M-Bus SoftwarePack 900S does not correctly sanitize user inp ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-36829 (Sentry is an error tracking and performance monitoring platform. Start ...) + NOT-FOR-US: Sentry +CVE-2023-35987 (PiiGAB M-Bus contains hard-coded credentials which it uses for authent ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-35890 (IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than ...) + NOT-FOR-US: IBM +CVE-2023-35765 (PiiGAB M-Bus stores credentials in a plaintext file, which could allow ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-35120 (PiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-34995 (There are no requirements for setting a complex passwordfor PiiGAB M-B ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-34433 (PiiGAB M-Bus stores passwords using a weak hash algorithm.) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-33868 (The number of login attempts is not limited. This could allow an attac ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-32652 (PiiGAB M-Busdoes not validate identification strings before processing ...) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-31277 (PiiGAB M-Bus transmits credentials in plaintext format.) + NOT-FOR-US: PiiGAB M-Bus +CVE-2023-3531 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-3529 (A vulnerability classified as problematic has been found in Rotem Dyna ...) + NOT-FOR-US: Rotem Dynamics Rotem CRM +CVE-2023-3528 (A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated ...) + NOT-FOR-US: ThinuTech ThinuCMS +CVE-2023-3523 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) + - gpac (bug #1041421) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/57e0be03-8484-415e-8b5c-c1fe4546eaac/ + NOTE: https://github.com/gpac/gpac/commit/64201a26476c12a7dbd7ffb5757743af6954db96 +CVE-2023-3456 (Vulnerability of kernel raw address leakage in the hang detector modu ...) + NOT-FOR-US: Huawei +CVE-2023-37454 (An issue was discovered in the Linux kernel through 6.4.2. A crafted U ...) + - linux +CVE-2023-37453 (An issue was discovered in the USB subsystem in the Linux kernel throu ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/ff33299ec8bb80cdcc073ad9c506bd79bb2ed20b (6.6-rc1) +CVE-2023-37260 (league/oauth2-server is an implementation of an OAuth 2.0 authorizatio ...) + NOT-FOR-US: league/oauth2-server +CVE-2023-37245 (Buffer overflow vulnerability in the modem pinctrl module. Successful ...) + NOT-FOR-US: Huawei +CVE-2023-37242 (Vulnerability of commands from the modem being intercepted in the atcm ...) + NOT-FOR-US: Huawei +CVE-2023-37241 (Input verification vulnerability in the WMS API. Successful exploitati ...) + NOT-FOR-US: Huawei +CVE-2023-37240 (Vulnerability of missing input length verification in the distributed ...) + NOT-FOR-US: Huawei +CVE-2023-37239 (Format string vulnerability in the distributed file system. Attackers ...) + NOT-FOR-US: Huawei +CVE-2023-37238 (Vulnerability of apps' permission to access a certain API being incomp ...) + NOT-FOR-US: Huawei +CVE-2023-37136 (A stored cross-site scripting (XSS) vulnerability in the Basic Website ...) + NOT-FOR-US: EyouCMS +CVE-2023-37135 (A stored cross-site scripting (XSS) vulnerability in the Image Upload ...) + NOT-FOR-US: EyouCMS +CVE-2023-37134 (A stored cross-site scripting (XSS) vulnerability in the Basic Informa ...) + NOT-FOR-US: EyouCMS +CVE-2023-37133 (A stored cross-site scripting (XSS) vulnerability in the Column manage ...) + NOT-FOR-US: EyouCMS +CVE-2023-37132 (A stored cross-site scripting (XSS) vulnerability in the custom variab ...) + NOT-FOR-US: EyouCMS +CVE-2023-37131 (A Cross-Site Request Forgery (CSRF) in the component /public/admin/pro ...) + NOT-FOR-US: YznCMS +CVE-2023-37125 (A stored cross-site scripting (XSS) vulnerability in the Management Cu ...) + NOT-FOR-US: SEACMS +CVE-2023-37124 (A stored cross-site scripting (XSS) vulnerability in the Site Setup mo ...) + NOT-FOR-US: SEACMS +CVE-2023-37122 (A stored cross-site scripting (XSS) vulnerability in Bagecms v3.1.0 al ...) + NOT-FOR-US: Bagecms +CVE-2023-36995 (TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the stati ...) + NOT-FOR-US: TravianZ +CVE-2023-36970 (A Cross-site scripting (XSS) vulnerability in CMS Made Simple v2.2.17 ...) + NOT-FOR-US: CMS Made Simple +CVE-2023-36969 (CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via ...) + NOT-FOR-US: CMS Made Simple +CVE-2023-36968 (A SQL Injection vulnerability detected in Food Ordering System v1.0 al ...) + NOT-FOR-US: Food Ordering System +CVE-2023-36830 (SQLFluff is a SQL linter. Prior to version 2.1.2, in environments wher ...) + - sqlfluff (bug #1041428) + [bookworm] - sqlfluff (Minor issue) + NOTE: https://github.com/sqlfluff/sqlfluff/security/advisories/GHSA-jqhc-m2j3-fjrx + NOTE: https://github.com/sqlfluff/sqlfluff/pull/4925 +CVE-2023-36823 (Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully ...) + {DLA-3652-1} + - ruby-sanitize 6.0.2-1 (bug #1041430) + NOTE: https://github.com/rgrove/sanitize/commit/76ed46e6dc70820f38efe27de8dabd54dddb5220 (v6.0.2) + NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-f5ww-cq3m-q3g7 +CVE-2023-36462 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-36461 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-36460 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-36459 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-36456 (authentik is an open-source Identity Provider. Prior to versions 2023. ...) + NOT-FOR-US: authentik +CVE-2023-36189 (SQL injection vulnerability in langchain before v0.0.247 allows a remo ...) + NOT-FOR-US: langchain +CVE-2023-36188 (An issue in langchain v.0.0.64 allows a remote attacker to execute arb ...) + NOT-FOR-US: langchain +CVE-2023-35948 (Novu provides an API for sending notifications through multiple channe ...) + NOT-FOR-US: Novu +CVE-2023-35937 (Metersphere is an open source continuous testing platform. In versions ...) + NOT-FOR-US: Metersphere +CVE-2023-35934 (yt-dlp is a command-line program to download videos from video sites. ...) + - yt-dlp 2023.07.06-1 (bug #1040595) + [bookworm] - yt-dlp (Minor issue) + [bullseye] - yt-dlp (Minor issue) + NOTE: https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-v8mc-9377-rwjj + NOTE: https://github.com/yt-dlp/yt-dlp/commit/1ceb657bdd254ad961489e5060f2ccc7d556b729 + NOTE: https://github.com/yt-dlp/yt-dlp/commit/3121512228487c9c690d3d39bfd2579addf96e07 + NOTE: https://github.com/yt-dlp/yt-dlp/commit/f8b4bcc0a791274223723488bfbfc23ea3276641 +CVE-2023-34193 (File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated ...) + NOT-FOR-US: Zimbra +CVE-2023-34192 (Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a rem ...) + NOT-FOR-US: Zimbra +CVE-2023-34164 (Vulnerability of incomplete input parameter verification in the commun ...) + NOT-FOR-US: Huawei +CVE-2022-48520 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-48519 (Unauthorized access vulnerability in the SystemUI module. Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-48518 (Vulnerability of signature verification in the iaware system being ini ...) + NOT-FOR-US: Huawei +CVE-2022-48517 (Unauthorized service access vulnerability in the DSoftBus module. Succ ...) + NOT-FOR-US: Huawei +CVE-2022-48516 (Vulnerability that a unique value can be obtained by a third-party app ...) + NOT-FOR-US: Huawei +CVE-2022-48515 (Vulnerability of inappropriate permission control in Nearby. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-48514 (The Sepolicy module has inappropriate permission control on the use of ...) + NOT-FOR-US: Huawei +CVE-2022-48513 (Vulnerability of identity verification being bypassed in the Gallery m ...) + NOT-FOR-US: Huawei +CVE-2022-48512 (Use After Free (UAF) vulnerability in the Vdecoderservice service. Suc ...) + NOT-FOR-US: Huawei +CVE-2022-48511 (Use After Free (UAF) vulnerability in the audio PCM driver module unde ...) + NOT-FOR-US: Huawei +CVE-2022-48510 (Input verification vulnerability in the AMS module. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-48509 (Race condition vulnerability due to multi-thread access to mutually ex ...) + NOT-FOR-US: Huawei +CVE-2022-48508 (Inappropriate authorization vulnerability in the system apps. Successf ...) + NOT-FOR-US: Huawei +CVE-2022-48507 (Vulnerability of identity verification being bypassed in the storage m ...) + NOT-FOR-US: Huawei +CVE-2021-46896 (Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cau ...) + NOT-FOR-US: PX4-Autopilot +CVE-2021-46894 (Use After Free (UAF) vulnerability in the uinput module.Successful exp ...) + NOT-FOR-US: Huawei +CVE-2021-46892 (Encryption bypass vulnerability in Maintenance mode. Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2023-32258 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20796/ + NOTE: https://git.kernel.org/linus/abcc506a9a71976a8b4c9bf3ee6efd13229c1e19 (6.4-rc1) +CVE-2023-32257 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20596/ + NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) +CVE-2023-32252 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20590/ + NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) +CVE-2023-32248 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20479/ + NOTE: https://git.kernel.org/linus/3ac00a2ab69b34189942afa9e862d5170cdcb018 (6.4-rc1) +CVE-2023-32247 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20478/ + NOTE: https://git.kernel.org/linus/ea174a91893956450510945a0c5d1a10b5323656 (6.4-rc1) +CVE-2023-3521 (Cross-site Scripting (XSS) - Reflected in GitHub repository fossbillin ...) + NOT-FOR-US: fossbilling +CVE-2023-3520 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: openitcockpit +CVE-2023-36828 (Statamic is a flat-first, Laravel and Git powered content management s ...) + NOT-FOR-US: Statamic +CVE-2023-36827 (Fides is an open-source privacy engineering platform for managing the ...) + NOT-FOR-US: Fides +CVE-2023-36822 (Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulne ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-36821 (Uptime Kuma, a self-hosted monitoring tool, allows an authenticated at ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-36809 (Kiwi TCMS, an open source test management system allows users to uploa ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-36808 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-vf5h-jh9q-2gjm + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-36458 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-36457 (1Panel is an open source Linux server operation and maintenance manage ...) + NOT-FOR-US: 1Panel +CVE-2023-35940 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qrh8-rg45-45fw + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-35939 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cjcx-pwcx-v34c + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-35936 (Pandoc is a Haskell library for converting from one markup format to a ...) + {DLA-3507-1} + - pandoc 2.17.1.1-2 (bug #1041976) + [bookworm] - pandoc 2.17.1.1-2~deb12u1 + [bullseye] - pandoc 2.9.2.1-1+deb11u1 + - haskell-pandoc 3.0.1-2 + NOTE: https://github.com/jgm/pandoc/security/advisories/GHSA-xj5q-fv23-575g + NOTE: Fixed by: https://github.com/jgm/pandoc/commit/5e381e3878b5da87ee7542f7e51c3c1a7fd84b89 (3.1.4) + NOTE: Regression: https://github.com/jgm/pandoc/commit/54561e9a6667b36a8452b01d2def9e3642013dd6 (3.1.4) + NOTE: Regression: https://github.com/jgm/pandoc/commit/df4f13b262f7be5863042f8a5a1c365282c81f07 (3.1.4) + NOTE: Tests: https://github.com/jgm/pandoc/commit/fe62da61dfd33e6b4c0c03895c528a47a0405bf7 + NOTE: Tests: https://github.com/jgm/pandoc/commit/5246f02f0bb9c176a6d2f6e3d0c03407d8a67445 + NOTE: Followup (to avoid introduction of CVE-2023-38745): + NOTE: https://github.com/jgm/pandoc/commit/eddedbfc14916aa06fc01ff04b38aeb30ae2e625 (3.1.6) +CVE-2023-3515 (Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.) + - gitea +CVE-2023-3455 (Key management vulnerability on system. Successful exploitation of thi ...) + NOT-FOR-US: Huawei +CVE-2023-3336 (TN-5900 Series version 3.3 and prior versions is vulnearble to user en ...) + NOT-FOR-US: Moxa +CVE-2023-3089 (A compliance problem was found in the Red Hat OpenShift Container Plat ...) + NOT-FOR-US: Red Hat OpenShift Container Platform +CVE-2023-36934 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-36933 (In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-36932 (In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-36665 ("protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows P ...) + NOT-FOR-US: protobuf.js +CVE-2023-36624 (Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated o ...) + NOT-FOR-US: Loxone Miniserver Go +CVE-2023-36623 (The root password of the Loxone Miniserver Go Gen.2 before 14.2 is cal ...) + NOT-FOR-US: Loxone Miniserver Go +CVE-2023-36622 (The websocket configuration endpoint of the Loxone Miniserver Go Gen.2 ...) + NOT-FOR-US: Loxone Miniserver Go +CVE-2023-35979 (There is an unauthenticated buffer overflow vulnerabilityin the proces ...) + NOT-FOR-US: Aruba +CVE-2023-35978 (A vulnerability in ArubaOS could allow an unauthenticatedremote attack ...) + NOT-FOR-US: Aruba +CVE-2023-35977 (Vulnerabilities exist which allow an authenticated attackerto access s ...) + NOT-FOR-US: Aruba +CVE-2023-35976 (Vulnerabilities exist which allow an authenticated attackerto access s ...) + NOT-FOR-US: Aruba +CVE-2023-35975 (An authenticated path traversal vulnerability exists in theArubaOS com ...) + NOT-FOR-US: Aruba +CVE-2023-35974 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...) + NOT-FOR-US: Aruba +CVE-2023-35973 (Authenticated command injection vulnerabilities exist inthe ArubaOS co ...) + NOT-FOR-US: Aruba +CVE-2023-35972 (An authenticated remote command injection vulnerabilityexists in the A ...) + NOT-FOR-US: Aruba +CVE-2023-35971 (A vulnerability in the ArubaOS web-based management interface could al ...) + NOT-FOR-US: Aruba +CVE-2023-35924 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxh4-j63w-8jmm + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-35863 (In MADEFORNET HTTP Debugger through 9.12, the Windows service does not ...) + NOT-FOR-US: MADEFORNET HTTP Debugger +CVE-2023-34654 (taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Taocms +CVE-2023-34473 (AMI SPx contains a vulnerability in the BMC where a valid user may cau ...) + NOT-FOR-US: AMI SPx +CVE-2023-34472 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...) + NOT-FOR-US: AMI SPx +CVE-2023-34471 (AMI SPx contains a vulnerability in the BMC where a user may cause a m ...) + NOT-FOR-US: AMI SPx +CVE-2023-34457 (MechanicalSoup is a Python library for automating interaction with web ...) + - python-mechanicalsoup (bug #1041814) + [bookworm] - python-mechanicalsoup (Minor issue) + [bullseye] - python-mechanicalsoup (Minor issue) + [buster] - python-mechanicalsoup (Minor issue; invasive backport required) + NOTE: https://github.com/MechanicalSoup/MechanicalSoup/security/advisories/GHSA-x456-3ccm-m6j4 + NOTE: https://github.com/MechanicalSoup/MechanicalSoup/commit/d57c4a269bba3b9a0c5bfa20292955b849006d9e (v1.3.0) +CVE-2023-34338 (AMI SPx contains a vulnerability in the BMC where an Attacker may caus ...) + NOT-FOR-US: AMI SPx +CVE-2023-34337 (AMI SPx contains a vulnerability in the BMC where a user may cause an ...) + NOT-FOR-US: AMI SPx +CVE-2023-34244 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-p93p-pwg9-w95w + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-34107 (GLPI is a free asset and IT management software package. Versions of t ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-966h-xrf5-pmj4 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-34106 (GLPI is a free asset and IT management software package. Versions of t ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-923r-hqh4-wj7c + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-33335 (Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was Decembe ...) + NOT-FOR-US: Sophos +CVE-2023-2880 (Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all prev ...) + NOT-FOR-US: Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi +CVE-2023-2538 (A CWE-552 "Files or Directories Accessible to External Parties\u201d i ...) + NOT-FOR-US: Tyan S5552 BMC +CVE-2021-46893 (Vulnerability of unstrict data verification and parameter check. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-46891 (Vulnerability of incomplete read and write permission verification in ...) + NOT-FOR-US: Huawei +CVE-2021-46890 (Vulnerability of incomplete read and write permission verification in ...) + NOT-FOR-US: Huawei +CVE-2023-35001 (Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byte ...) + {DSA-5453-1 DLA-3512-1} + - linux 6.4.4-1 + [bookworm] - linux 6.1.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/3 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-900/ +CVE-2023-31248 (Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulner ...) + {DSA-5453-1 DLA-3512-1} + - linux 6.4.4-1 + [bookworm] - linux 6.1.38-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/2 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-899/ +CVE-2023-3484 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-35786 (Zoho ManageEngine ADManager Plus before 7183 allows admin users to exp ...) + NOT-FOR-US: Zoho +CVE-2023-34150 (** UNSUPPORTED WHEN ASSIGNED **Use of TikaEncodingDetector in Apache A ...) + NOT-FOR-US: Apache Any23 +CVE-2023-3255 (A flaw was found in the QEMU built-in VNC server while processing Clie ...) + - qemu 1:8.0.4+dfsg-1 + [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 + [bullseye] - qemu (Vulnerable code not present) + [buster] - qemu (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2218486 + NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg00596.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/35720b3d90866ed4c174eb35762e04a1b9e533d1 (v8.0.4) + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/0bf41cab93e5c72dcda717abd625698b59d9ba3e (v6.1.0-rc0) +CVE-2023-37212 (Memory safety bugs present in Firefox 114. Some of these bugs showed e ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37212 +CVE-2023-37211 (Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thu ...) + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} + - firefox 115.0-1 + - firefox-esr 102.13.0esr-1 + - thunderbird 1:102.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37211 +CVE-2023-37210 (A website could prevent a user from exiting full-screen mode via alert ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37210 +CVE-2023-37209 (A use-after-free condition existed in `NotifyOnHistoryReload` where a ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37209 +CVE-2023-37208 (When opening Diagcab files, Firefox did not warn the user that these f ...) + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} + - firefox 115.0-1 + - firefox-esr 102.13.0esr-1 + - thunderbird 1:102.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37208 +CVE-2023-37207 (A website could have obscured the fullscreen notification by using a U ...) + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} + - firefox 115.0-1 + - firefox-esr 102.13.0esr-1 + - thunderbird 1:102.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37207 +CVE-2023-37206 (Uploading files which contain symlinks may have allowed an attacker to ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37206 +CVE-2023-37205 (The use of RTL Arabic characters in the address bar may have allowed f ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37205 +CVE-2023-37204 (A website could have obscured the fullscreen notification by using an ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37204 +CVE-2023-37203 (Insufficient validation in the Drag and Drop API in conjunction with s ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37203 +CVE-2023-37202 (Cross-compartment wrappers wrapping a scripted proxy could have caused ...) + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} + - firefox 115.0-1 + - firefox-esr 102.13.0esr-1 + - thunderbird 1:102.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37202 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37202 +CVE-2023-37201 (An attacker could have triggered a use-after-free condition when creat ...) + {DSA-5451-1 DSA-5450-1 DLA-3490-1 DLA-3484-1} + - firefox 115.0-1 + - firefox-esr 102.13.0esr-1 + - thunderbird 1:102.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-37201 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-24/#CVE-2023-37201 +CVE-2023-3482 (When Firefox is configured to block storage of all cookies, it was sti ...) + - firefox 115.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-22/#CVE-2023-3482 +CVE-2023-3506 (A vulnerability was found in Active It Zone Active eCommerce CMS 6.5.0 ...) + NOT-FOR-US: Active It Zone Active eCommerce CMS +CVE-2023-3505 (A vulnerability was found in Onest CRM 1.0. It has been classified as ...) + NOT-FOR-US: Onest CRM +CVE-2023-3504 (A vulnerability was found in SmartWeb Infotech Job Board 1.0 and class ...) + NOT-FOR-US: SmartWeb Infotech Job Board +CVE-2023-3503 (A vulnerability has been found in SourceCodester Shopping Website 1.0 ...) + NOT-FOR-US: SourceCodester Shopping Website +CVE-2023-3502 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Shopping Website +CVE-2023-31999 (All versions of @fastify/oauth2 used a statically generated state para ...) + NOT-FOR-US: @fastify/oauth2 +CVE-2023-3460 (The Ultimate Member WordPress plugin before 2.6.7 does not prevent vis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3139 (The Protect WP Admin WordPress plugin before 4.0 discloses the URL of ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3133 (The Tutor LMS WordPress plugin before 2.2.1 does not implement adequat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2333 (The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2324 (The Elementor Forms Google Sheet Connector WordPress plugin before 1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2321 (The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gshe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2320 (The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-goo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-36813 (Kanboard is project management software that focuses on the Kanban met ...) + {DSA-5454-1} + - kanboard 1.2.31+ds-1 (bug #1040265) + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-9gvq-78jp-jxcx + NOTE: https://github.com/kanboard/kanboard/commit/25b93343baeaf8ad018dcd87b094e47a5c6a3e0a +CVE-2023-3497 (Out of bounds read in Google Security Processor firmware in Google Chr ...) + NOT-FOR-US: Chrome OS +CVE-2023-3395 (All versions of the TWinSoft Configuration Tool store encrypted passwo ...) + NOT-FOR-US: TWinSoft Configuration Tool +CVE-2023-37378 (Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles acces ...) + {DLA-3483-1} + - nsis 3.09-1 (bug #1040880) + [bookworm] - nsis (Minor issue) + [bullseye] - nsis (Minor issue) + NOTE: https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 (v309) + NOTE: https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 (v309) + NOTE: https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 (v309) + NOTE: http://sf.net/p/nsis/bugs/1296 +CVE-2023-36819 (Knowage is the professional open source suite for modern business anal ...) + NOT-FOR-US: Knowage +CVE-2023-36817 (`tktchurch/website` contains the codebase for The King's Temple Church ...) + NOT-FOR-US: tktchurch/website +CVE-2023-36816 (2FA is a Web app to manage Two-Factor Authentication (2FA) accounts an ...) + NOT-FOR-US: Bubka 2FAuth +CVE-2023-36815 (Sealos is a Cloud Operating System designed for managing cloud-native ...) + NOT-FOR-US: Sealos +CVE-2023-36814 (Products.CMFCore are the key framework services for the Zope Content M ...) + NOT-FOR-US: Products.CMFCore +CVE-2023-36611 (The affected TBox RTUs allow low privilege users to access software se ...) + NOT-FOR-US: TBox +CVE-2023-36610 (The affected TBox RTUs generate software security tokens using insuffi ...) + NOT-FOR-US: TBox +CVE-2023-36609 (The affected TBox RTUs run OpenVPN with root privileges and can run us ...) + NOT-FOR-US: TBox +CVE-2023-36608 (The affected TBox RTUs store hashed passwords using MD5 encryption, wh ...) + NOT-FOR-US: TBox +CVE-2023-36377 (Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and befor ...) + - osslsigncode 2.3.0-1 (bug #1035875) + [bullseye] - osslsigncode (Minor issue) + NOTE: https://github.com/mtrojnar/osslsigncode/releases/tag/2.3 +CVE-2023-36291 (Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a rem ...) + NOT-FOR-US: Maxsite CMS +CVE-2023-36262 + REJECTED +CVE-2023-36258 (An issue in langchain v.0.0.199 allows an attacker to execute arbitrar ...) + NOT-FOR-US: Langchain +CVE-2023-36223 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) + NOT-FOR-US: mlogclub bbs-go +CVE-2023-36222 (Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and be ...) + NOT-FOR-US: mlogclub bbs-go +CVE-2023-36183 (Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before all ...) + {DLA-3518-1} + - openimageio 2.4.13.0+dfsg-1 + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/issues/3871 + NOTE: https://github.com/OpenImageIO/oiio/commit/aad99bad9a4f6b965f99a291f9c67458c8c982e8 (master) + NOTE: https://github.com/OpenImageIO/oiio/commit/749a557b5eed75a1b1c728e6287e4ca8e2e0be1e (v2.4.13.0) +CVE-2023-36162 (Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier a ...) + NOT-FOR-US: ZZCMS +CVE-2023-35935 + REJECTED +CVE-2023-34451 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) + NOT-FOR-US: CometBFT +CVE-2023-34450 (CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a s ...) + NOT-FOR-US: CometBFT +CVE-2023-36053 (In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, Em ...) + {DSA-5465-1 DLA-3500-1} + - python-django 3:3.2.20-1 (bug #1040225) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/03/1 + NOTE: https://www.djangoproject.com/weblog/2023/jul/03/security-releases/ + NOTE: https://github.com/django/django/commit/ad0410ec4f458aa39803e5f6b9a3736527062dcd (main) + NOTE: https://github.com/django/django/commit/454f2fb93437f98917283336201b4048293f7582 (3.2.20) +CVE-2023-35797 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Hive provider for Apache Airflow +CVE-2023-3438 (An unquoted Windows search path vulnerability existed in the install t ...) + NOT-FOR-US: Trellix +CVE-2023-3370 + REJECTED +CVE-2023-3314 (A vulnerability arises out of a failure to comprehensively sanitize th ...) + NOT-FOR-US: Trellix +CVE-2023-3313 (An OS common injection vulnerability exists in the ESM certificate API ...) + NOT-FOR-US: Trellix +CVE-2023-36001 + REJECTED +CVE-2023-35999 + REJECTED +CVE-2023-35700 + REJECTED +CVE-2023-35073 + REJECTED +CVE-2023-34211 + REJECTED +CVE-2023-36674 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) + {DSA-5447-1} + - mediawiki 1:1.39.4-1 + [buster] - mediawiki (BadFileLookup was introduced in version 1.35) + NOTE: https://phabricator.wikimedia.org/T335612 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/934571/ +CVE-2023-37252 + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-37253 + NOT-FOR-US: MediaWiki extension ProofreadPage +CVE-2023-3493 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: fossbilling +CVE-2023-3491 (Unrestricted Upload of File with Dangerous Type in GitHub repository f ...) + NOT-FOR-US: fossbilling +CVE-2023-3490 (SQL Injection in GitHub repository fossbilling/fossbilling prior to 0. ...) + NOT-FOR-US: fossbilling +CVE-2023-3117 + REJECTED +CVE-2023-36812 (OpenTSDB is a open source, distributed, scalable Time Series Database ...) + NOT-FOR-US: OpenTSDB +CVE-2023-36144 (An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1. ...) + NOT-FOR-US: Intelbras +CVE-2023-35947 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (bug #1041424) + [bookworm] - gradle (Minor issue) + [bullseye] - gradle (Minor issue) + [buster] - gradle (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-84mw-qh6q-v842 + NOTE: https://github.com/gradle/gradle/commit/1096b309520a8c315e3b6109a6526de4eabcb879 (v8.2.0-RC3) + NOTE: https://github.com/gradle/gradle/commit/2e5c34d57d0c0b7f0e8b039a192b91e5c8249d91 (v8.2.0-RC3) +CVE-2023-35946 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (bug #1041424) + [bookworm] - gradle (Minor issue) + [bullseye] - gradle (Minor issue) + [buster] - gradle (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-2h6c-rv6q-494v + NOTE: https://github.com/gradle/gradle/commit/859eae2b2acf751ae7db3c9ffefe275aa5da0d5d (v8.2.0-RC3) + NOTE: https://github.com/gradle/gradle/commit/b07e528feb3a5ffa66bdcc358549edd73e4c8a12 (v8.2.0-RC3) +CVE-2023-33298 (com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allow ...) + NOT-FOR-US: Perimeter81 +CVE-2023-31997 (UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi N ...) + NOT-FOR-US: UniFi OS +CVE-2023-29241 (Improper Information in Cybersecurity Guidebook in Bosch Building Inte ...) + NOT-FOR-US: Bosch +CVE-2021-4405 (The ElasticPress plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: ElasticPress plugin for WordPress +CVE-2021-4404 (The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Event Espresso 4 Decaf plugin for WordPress +CVE-2021-4403 (The Remove Schema plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: Remove Schema plugin for WordPress +CVE-2021-4402 (The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Multiple Roles plugin for WordPress +CVE-2021-4401 (The Style Kits plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Style Kits plugin for WordPress +CVE-2021-4400 (The Better Search plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: Better Search plugin for WordPress +CVE-2021-4399 (The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Edwiser Bridge plugin for WordPress +CVE-2021-4398 (The Amministrazione Trasparente plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Amministrazione Trasparente plugin for WordPress +CVE-2021-4397 (The Staff Directory Plugin plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Staff Directory Plugin plugin for WordPress +CVE-2021-4396 (The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forg ...) + NOT-FOR-US: Rucy plugin for WordPress +CVE-2021-4395 (The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vu ...) + NOT-FOR-US: Abandoned Cart Recovery for WooCommerce plugin for WordPress +CVE-2021-4394 (The Locations plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: Locations plugin for WordPress +CVE-2021-4393 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...) + NOT-FOR-US: eCommerce Product Catalog Plugin for WordPress plugin for WordPress +CVE-2021-4392 (The eCommerce Product Catalog Plugin for WordPress plugin for WordPres ...) + NOT-FOR-US: eCommerce Product Catalog Plugin for WordPress plugin for WordPress +CVE-2021-4391 (The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulner ...) + NOT-FOR-US: Ultimate Gift Cards for WooCommerce plugin for WordPress +CVE-2021-4390 (The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: Contact Form 7 Style plugin for WordPress +CVE-2021-4389 (The WP Travel plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WP Travel plugin for WordPress +CVE-2021-4388 (The Opal Estate plugin for WordPress is vulnerable to featured propert ...) + NOT-FOR-US: Opal Estate plugin for WordPress +CVE-2021-4387 (The Opal Estate plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: Opal Estate plugin for WordPress +CVE-2021-4386 (The WP Security Question plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: WP Security Question plugin for WordPress +CVE-2021-4385 (The WP Private Content Plus plugin for WordPress is vulnerable to Cros ...) + NOT-FOR-US: WP Private Content Plus plugin for WordPress +CVE-2021-4384 (The WordPress Photo Gallery \u2013 Image Gallery plugin for WordPress ...) + NOT-FOR-US: WordPress Photo Gallery – Image Gallery plugin for WordPress +CVE-2020-36749 (The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: Easy Testimonials plugin for WordPress +CVE-2020-36748 (The Dokan plugin for WordPress is vulnerable to Cross-Site Request For ...) + NOT-FOR-US: Dokan plugin for WordPress +CVE-2020-36747 (The Lightweight Sidebar Manager plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Lightweight Sidebar Manager plugin for WordPress +CVE-2020-36746 (The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: Menu Swapper plugin for WordPress +CVE-2020-36745 (The WP Project Manager plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: WP Project Manager plugin for WordPress +CVE-2020-36744 (The NotificationX plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: NotificationX plugin for WordPress +CVE-2020-36743 (The Product Catalog Simple plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Product Catalog Simple plugin for WordPress +CVE-2020-36742 (The Custom Field Template plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: Custom Field Template plugin for WordPress +CVE-2020-36741 (The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: MultiVendorX plugin for WordPress +CVE-2020-36740 (The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Radio Buttons for Taxonomies plugin for WordPress +CVE-2020-36739 (The Feed Them Social \u2013 Page, Post, Video, and Photo Galleries plu ...) + NOT-FOR-US: Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress +CVE-2020-36738 (The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPres ...) + NOT-FOR-US: Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress +CVE-2020-36737 (The Import / Export Customizer Settings plugin for WordPress is vulner ...) + NOT-FOR-US: Import / Export Customizer Settings plugin for WordPress +CVE-2020-36736 (The WooCommerce Checkout & Funnel Builder by CartFlows plugin for Word ...) + NOT-FOR-US: WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress +CVE-2020-36735 (The WP ERP | Complete HR solution with recruitment & job listings | Wo ...) + NOT-FOR-US: WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress +CVE-2023-3485 (Insecure defaults in open-source Temporal Server before version 1.20 o ...) + NOT-FOR-US: Temporal Server +CVE-2023-3479 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) + NOT-FOR-US: Hestia Control Panel +CVE-2023-3478 (A vulnerability classified as critical was found in IBOS OA 4.5.5. Aff ...) + NOT-FOR-US: IBOS OA +CVE-2023-37365 (Hnswlib 0.7.0 has a double free in init_index when the M argument is a ...) + - hnswlib 0.7.0-1 (bug #1041426) + [bookworm] - hnswlib 0.6.2-2+deb12u1 + [bullseye] - hnswlib 0.4.0-3+deb11u1 + NOTE: https://github.com/nmslib/hnswlib/issues/467 +CVE-2023-37360 (pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injec ...) + - pacparser (bug #1041425) + [bookworm] - pacparser (Minor issue) + [bullseye] - pacparser (Minor issue) + [buster] - pacparser (Minor issue) + NOTE: https://github.com/manugarg/pacparser/security/advisories/GHSA-62q6-v997-f7v9 + NOTE: https://github.com/manugarg/pacparser/commit/0bf0636de624996fe202b51eec8a58abd774269e (v1.4.2) +CVE-2023-37307 (In MISP before 2.4.172, title_for_layout is not properly sanitized in ...) + NOT-FOR-US: MISP +CVE-2023-37306 (MISP 2.4.172 mishandles different certificate file extensions in serve ...) + NOT-FOR-US: MISP +CVE-2023-37305 (An issue was discovered in the ProofreadPage (aka Proofread Page) exte ...) + NOT-FOR-US: MediaWiki extension ProofreadPage +CVE-2023-37304 (An issue was discovered in the DoubleWiki extension for MediaWiki thro ...) + NOT-FOR-US: MediaWiki extension DoubleWiki +CVE-2023-37303 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-37302 (An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki ...) + NOT-FOR-US: MediaWiki extension WikiBase +CVE-2023-37301 (An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki ...) + NOT-FOR-US: MediaWiki extension WikiBase +CVE-2023-37300 (An issue was discovered in the CheckUserLog API in the CheckUser exten ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-37299 (Joplin before 2.11.5 allows XSS via an AREA element of an image map.) + NOT-FOR-US: Joplin +CVE-2023-37298 (Joplin before 2.11.5 allows XSS via a USE element in an SVG document.) + NOT-FOR-US: Joplin +CVE-2023-36810 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) + {DLA-3497-1} + - pypdf2 1.27.9-1 + [bullseye] - pypdf2 (Minor issue) + NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw + NOTE: https://github.com/py-pdf/pypdf/issues/582 + NOTE: https://github.com/py-pdf/pypdf/pull/808 + NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/c6c56f550bb384e05f0139c796ba1308837d6373 (1.27.9) +CVE-2023-36807 (pypdf is a pure-python PDF library capable of splitting, merging, crop ...) + - pypdf2 2.10.7-1 + [bullseye] - pypdf2 (only version 2.10.5 is affected) + [buster] - pypdf2 (only version 2.10.5 is affected) + NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m + NOTE: https://github.com/py-pdf/pypdf/issues/1329 + NOTE: https://github.com/py-pdf/pypdf/pull/1331 + NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/e6531a25325e7e0174b6a1ba03b57320b5227f6b (2.10.6) +CVE-2023-36477 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35178 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) + NOT-FOR-US: HP +CVE-2023-35177 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...) + NOT-FOR-US: HP +CVE-2023-35176 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) + NOT-FOR-US: HP +CVE-2023-35175 (Certain HP LaserJet Pro print products are potentially vulnerable to P ...) + NOT-FOR-US: HP +CVE-2023-34840 (angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to c ...) + NOT-FOR-US: angular-ui-notification +CVE-2023-33276 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) + NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router +CVE-2023-31543 (A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers t ...) + - python-pipreqs (bug #1028550) +CVE-2023-3477 (A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been de ...) + NOT-FOR-US: RocketSoft Rocket LMS +CVE-2023-3476 (A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It ...) + NOT-FOR-US: SimplePHPscripts GuestBook Script +CVE-2023-3475 (A vulnerability was found in SimplePHPscripts Event Script 2.1 and cla ...) + NOT-FOR-US: SimplePHPscripts Event Script +CVE-2023-3474 (A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and ...) + NOT-FOR-US: SimplePHPscripts Simple Blog +CVE-2023-3473 (A vulnerability, which was classified as critical, was found in Campco ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-3469 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-3465 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...) + NOT-FOR-US: SimplePHPscripts Classified Ads Script +CVE-2023-3464 (A vulnerability was found in SimplePHPscripts Classified Ads Script 1. ...) + NOT-FOR-US: SimplePHPscripts Classified Ads Script +CVE-2023-3249 (The Web3 \u2013 Crypto wallet Login & NFT token gating plugin for Word ...) + NOT-FOR-US: Web3 Crypto wallet Login & NFT token gating plugin for WordPress +CVE-2023-3063 (The SP Project & Document Manager plugin for WordPress is vulnerable t ...) + NOT-FOR-US: SP Project & Document Manager plugin for WordPress +CVE-2023-36607 (The affected TBox RTUs are missing authorization for running some API ...) + NOT-FOR-US: Ovarro +CVE-2023-36539 (Exposure of information intended to be encrypted by some Zoom clients ...) + NOT-FOR-US: Zoom +CVE-2023-36470 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-36469 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-36468 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-36347 (A broken authentication mechanism in the endpoint excel.php of POS Cod ...) + NOT-FOR-US: POS Codekop +CVE-2023-36146 (A Stored Cross-Site Scripting (XSS) vulnerability was found in Multila ...) + NOT-FOR-US: Multilaser RE 170 +CVE-2023-36143 (Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerabil ...) + NOT-FOR-US: Maxprint Maxlink 1200G +CVE-2023-33336 (Reflected cross site scripting (XSS) vulnerability was discovered in S ...) + NOT-FOR-US: Sophos Web Appliance +CVE-2023-32622 (Improper neutralization of special elements in WL-WN531AX2 firmware ve ...) + NOT-FOR-US: WL-WN531AX2 firmware +CVE-2023-32621 (WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with ...) + NOT-FOR-US: WL-WN531AX2 firmware +CVE-2023-32620 (Improper authentication vulnerability in WL-WN531AX2 firmware versions ...) + NOT-FOR-US: WL-WN531AX2 firmware +CVE-2023-32613 (Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmw ...) + NOT-FOR-US: WL-WN531AX2 firmware +CVE-2023-32612 (Client-side enforcement of server-side security issue exists in WL-WN5 ...) + NOT-FOR-US: WL-WN531AX2 firmware +CVE-2023-32608 (Directory traversal vulnerability in Pleasanter (Community Edition and ...) + NOT-FOR-US: Pleasanter +CVE-2023-32607 (Stored cross-site scripting vulnerability in Pleasanter (Community Edi ...) + NOT-FOR-US: Pleasanter +CVE-2023-2846 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) + NOT-FOR-US: Mitsubishi +CVE-2023-2834 (The BookIt plugin for WordPress is vulnerable to authentication bypass ...) + NOT-FOR-US: BookIt plugin for WordPress +CVE-2023-2974 (A vulnerability was found in quarkus-core. This vulnerability occurs b ...) + NOT-FOR-US: Quarkus +CVE-2023-3458 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) + NOT-FOR-US: SourceCodester Shopping Website +CVE-2023-3457 (A vulnerability was found in SourceCodester Shopping Website 1.0. It h ...) + NOT-FOR-US: SourceCodester Shopping Website +CVE-2023-37256 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension Cargo +CVE-2023-37255 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-37254 (An issue was discovered in the Cargo extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension Cargo +CVE-2023-37251 (An issue was discovered in the GoogleAnalyticsMetrics extension for Me ...) + NOT-FOR-US: MediaWiki extension GoogleAnalyticsMetrics +CVE-2023-36617 (A ReDoS issue was discovered in the URI component before 0.12.2 for Ru ...) + - rubygems (Incomplete fix never applied) + - ruby3.1 (Incomplete fix never applied) + - ruby2.7 (Incomplete fix never applied) + - ruby2.5 + [buster] - ruby2.5 (Minor issue, ReDoS) + - jruby (Incomplete fix not applied, covered by CVE-2023-28755) + [buster] - jruby (Minor issue, ReDoS) + NOTE: https://www.ruby-lang.org/en/news/2023/06/29/redos-in-uri-CVE-2023-36617/ + NOTE: https://github.com/ruby/uri/commit/9010ee2536adda10a0555ae1ed6fe2f5808e6bf1 + NOTE: https://github.com/ruby/uri/commit/9d7bcef1e6ad23c9c6e4932f297fb737888144c8 +CVE-2023-36488 (ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Sit ...) + - ilias (bug #195688) +CVE-2023-36487 (The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_be ...) + - ilias (bug #195688) +CVE-2023-36484 (ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross- ...) + - ilias (bug #195688) +CVE-2023-36471 (Xwiki commons is the common modules used by other XWiki top level proj ...) + NOT-FOR-US: Xwiki +CVE-2023-35938 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2023-35830 (STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module Deploymen ...) + NOT-FOR-US: STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity +CVE-2023-34849 (An unauthorized command injection vulnerability exists in the ActionLo ...) + NOT-FOR-US: Ikuai router OS +CVE-2023-34844 (Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode ...) + NOT-FOR-US: Play With Docker +CVE-2023-34735 (Property Cloud Platform Management Center 1.0 is vulnerable to error-b ...) + NOT-FOR-US: Property Cloud Platform Management Center +CVE-2023-34658 (Telegram v9.6.3 on iOS allows attackers to hide critical information o ...) + NOT-FOR-US: Telegram on iOS +CVE-2023-34656 (An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communi ...) + NOT-FOR-US: Xiamen Si Xin Communication Technology Video management system +CVE-2023-34599 (Multiple Cross-Site Scripting (XSS) vulnerabilities have been identifi ...) + NOT-FOR-US: Gibbon CMS +CVE-2023-34598 (Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it' ...) + NOT-FOR-US: Gibbon CMS +CVE-2023-34487 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...) + NOT-FOR-US: itsourcecode Online Hotel Management System Project +CVE-2023-34486 (itsourcecode Online Hotel Management System Project In PHP v1.0.0 is v ...) + NOT-FOR-US: itsourcecode Online Hotel Management System Project +CVE-2023-33466 (Orthanc before 1.12.0 allows authenticated users with access to the Or ...) + {DSA-5473-1 DLA-3562-1} + - orthanc 1.12.1+dfsg-1 (bug #1040597) + NOTE: https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568 + NOTE: Requires the addition of a new RestApiWriteToFileSystemEnabled configuration and + NOTE: a check in ExportInstanceFile (OrthancRestResources.cpp); the default value + NOTE: could/work break behaviour. +CVE-2023-33277 (The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and ...) + NOT-FOR-US: Gira Giersiepen Gira KNX/IP-Router +CVE-2023-33190 (Sealos is an open source cloud operating system distribution based on ...) + NOT-FOR-US: Sealos +CVE-2023-37329 [Heap overwrite in PGS subtitle overlay decoder] + {DSA-5444-1 DLA-3503-1} + - gst-plugins-bad1.0 1.22.4-1 + - gst-plugins-bad0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0003.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4896.patch + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/5f3cf0a7d7ae7ab883d0611e85c06354f1e94907 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/60226124ec367c2549e4bf1e6174dfb8eca5a63d +CVE-2023-37327 [Integer overflow leading to heap overwrite in FLAC image tag handling] + {DSA-5445-1 DLA-3505-1} + - gst-plugins-good1.0 1.22.4-1 + - gst-plugins-good0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0001.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4894.patch + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/bdc8021c73c16c49d594579c606a4f4771a2670e + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/7bcd791fabe03b9ab1c72f494fc86cd0c06c3556 +CVE-2023-37328 [Heap overwrite in subtitle parsing] + {DSA-5443-1 DLA-3504-1} + - gst-plugins-base1.0 1.22.4-1 + - gst-plugins-base0.10 + NOTE: https://gstreamer.freedesktop.org/security/sa-2023-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4895.patch + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/518ecba8f960137715f776dac6c93e4c4e4179d1 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/1d9b360708115d4acc3fd4bf13cde066391ed057 +CVE-2023-3447 (The Active Directory Integration / LDAP Integration plugin for WordPre ...) + NOT-FOR-US: Active Directory Integration / LDAP Integration plugin for WordPress +CVE-2023-3243 (** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authentica ...) + NOT-FOR-US: Honeywell +CVE-2023-37237 (In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permission ...) + NOT-FOR-US: Veritas NetBackup Appliance +CVE-2023-36476 (calamares-nixos-extensions provides Calamares branding and modules for ...) + NOT-FOR-US: calamares-nixos-extensions +CVE-2023-36475 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2023-36474 (Interactsh is an open-source tool for detecting out-of-band interactio ...) + NOT-FOR-US: Interactsh +CVE-2023-34843 (Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted ...) + NOT-FOR-US: Traggo Server +CVE-2023-34834 (A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webse ...) + NOT-FOR-US: MCL-Net +CVE-2023-34831 (The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is a ...) + NOT-FOR-US: "Submission Web Form" of Turnitin LTI tool/plugin +CVE-2023-34738 (Chemex through 3.7.1 is vulnerable to arbitrary file upload.) + NOT-FOR-US: Chemex +CVE-2023-34736 (Guantang Equipment Management System version 4.12 is vulnerable to Arb ...) + NOT-FOR-US: Guantang Equipment Management System +CVE-2023-34734 (Annet AC Centralized Management Platform 1.02.040 is vulnerable to Sto ...) + NOT-FOR-US: Annet AC Centralized Management Platform +CVE-2023-34652 (PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site S ...) + NOT-FOR-US: PHPgurukl Hostel Management System +CVE-2023-34651 (PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site ...) + NOT-FOR-US: PHPgurukl Hostel Management System +CVE-2023-34650 (PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: PHPgurukl Small CRM +CVE-2023-34648 (A Cross Site Scripting vulnerability in PHPgurukl User Registration Lo ...) + NOT-FOR-US: PHPgurukl User Registration Login and User Management System +CVE-2023-34647 (PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site S ...) + NOT-FOR-US: PHPgurukl Hostel Management System +CVE-2023-33661 (Multiple cross-site scripting (XSS) vulnerabilities were discovered in ...) + NOT-FOR-US: Church CRM +CVE-2023-32610 (Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated a ...) + NOT-FOR-US: Mailform Pro CGI +CVE-2023-32224 (D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction o ...) + NOT-FOR-US: D-Link +CVE-2023-32223 (D-Link DSL-224 firmware version 3.0.10 allows post authentication comm ...) + NOT-FOR-US: D-Link +CVE-2023-32222 (D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows ...) + NOT-FOR-US: D-Link +CVE-2023-2982 (The WordPress Social Login and Register (Discord, Google, Twitter, Lin ...) + NOT-FOR-US: WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress +CVE-2023-3450 (A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as ...) + NOT-FOR-US: Ruijie RG-BCR860 +CVE-2023-3449 (A vulnerability has been found in IBOS OA 4.5.5 and classified as crit ...) + NOT-FOR-US: IBOS OA +CVE-2023-3445 (Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spin ...) + NOT-FOR-US: Spina CMS +CVE-2023-3439 (A flaw was found in the MCTP protocol in the Linux kernel. The functio ...) + - linux 5.17.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b561275d633bcd8e0e8055ab86f1a13df75a0269 (5.18-rc5) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/02/1 +CVE-2023-3390 (A use-after-free vulnerability was found in the Linux kernel's netfilt ...) + {DSA-5461-1 DSA-5448-1 DLA-3512-1} + - linux 6.3.11-1 + NOTE: https://git.kernel.org/linus/1240eb93f0616b21c675416516ff3d74798fdc97 (6.4-rc7) + NOTE: https://kernel.dance/#1240eb93f0616b21c675416516ff3d74798fdc97 +CVE-2023-3389 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...) + {DSA-5480-1 DLA-3623-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9ca9fb24d5febccea354089c41f96a8ad0d853f8 + NOTE: https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663 +CVE-2023-3090 (A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan ne ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 + NOTE: https://git.kernel.org/linus/90cbed5247439a966b645b34eb0a2e037836ea8e (6.4-rc2) +CVE-2023-3034 (Reflected XSS affects the \u2018mode\u2019 parameter in the /admin fun ...) + NOT-FOR-US: NTRIP Professional Caster +CVE-2023-36467 (AWS data.all is an open source development framework to help users bui ...) + NOT-FOR-US: AWS data.all +CVE-2023-34937 (A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 ...) + NOT-FOR-US: H3C +CVE-2023-34936 (A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R ...) + NOT-FOR-US: H3C +CVE-2023-34935 (A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R ...) + NOT-FOR-US: H3C +CVE-2023-34934 (A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV1 ...) + NOT-FOR-US: H3C +CVE-2023-34933 (A stack overflow in the UpdateWanParams function of H3C Magic B1STV100 ...) + NOT-FOR-US: H3C +CVE-2023-34932 (A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R0 ...) + NOT-FOR-US: H3C +CVE-2023-34931 (A stack overflow in the EditWlanMacList function of H3C Magic B1STV100 ...) + NOT-FOR-US: H3C +CVE-2023-34930 (A stack overflow in the EditMacList function of H3C Magic B1STV100R012 ...) + NOT-FOR-US: H3C +CVE-2023-34929 (A stack overflow in the AddMacList function of H3C Magic B1STV100R012 ...) + NOT-FOR-US: H3C +CVE-2023-34928 (A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R ...) + NOT-FOR-US: H3C +CVE-2023-34761 (An unauthenticated attacker within BLE proximity can remotely connect ...) + NOT-FOR-US: 7-Eleven LED Message Cup +CVE-2023-33592 (Lost and Found Information System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Lost and Found Information System +CVE-2023-33570 (Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI).) + NOT-FOR-US: Bagisto +CVE-2023-2625 (A vulnerability exists that can be exploited by an authenticated clien ...) + NOT-FOR-US: ABB CoreTec +CVE-2023-3436 (Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-3428 (A heap-based buffer overflow vulnerability was found in coders/tiff.c ...) + [experimental] - imagemagick 8:6.9.12.98+dfsg1-1 + - imagemagick 8:6.9.12.98+dfsg1-2 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790 (7.1.1-13) + NOTE: Prerequisite: https://github.com/ImageMagick/ImageMagick6/commit/2b4eabb9d09b278f16727c635e928bd951c58773 (6.9.12-55) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5 (6.9.12-91) +CVE-2023-3427 (The Salon Booking System plugin for WordPress is vulnerable to Cross-S ...) + NOT-FOR-US: Salon Booking System plugin for WordPress +CVE-2023-3407 (The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Subscribe2 plugin for WordPress +CVE-2023-3333 (Improper Neutralization of Special Elements used in an OS Command vuln ...) + NOT-FOR-US: NEC +CVE-2023-3332 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) + NOT-FOR-US: NEC +CVE-2023-3331 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) + NOT-FOR-US: NEC +CVE-2023-3330 (Improper Limitation of a Pathname to a Restricted Directory vulnerabil ...) + NOT-FOR-US: NEC +CVE-2023-3327 + REJECTED +CVE-2023-36464 (pypdf is an open source, pure-python PDF library. In affected versions ...) + - pypdf (bug #1040338) + [bookworm] - pypdf (Minor issue) + - pypdf2 (bug #1040339) + [bookworm] - pypdf2 (Minor issue) + [bullseye] - pypdf2 (Vulnerable code not present) + [buster] - pypdf2 (Vulnerable code not present) + NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8 + NOTE: Introduced with: https://github.com/py-pdf/pypdf/pull/969 (2.2.0) + NOTE: Fixed with: https://github.com/py-pdf/pypdf/pull/1828 + NOTE: Fixed by: https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932 (3.9.0) +CVE-2023-32623 (Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earl ...) + NOT-FOR-US: Snow Monkey Forms +CVE-2022-48505 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-48503 (The issue was addressed with improved bounds checks. This issue is fix ...) + {DSA-5241-1 DSA-5240-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0005.html +CVE-2023-3397 (A race condition occurred between the functions lmLogClose and txEnd i ...) + - linux + NOTE: https://lore.kernel.org/lkml/20230515095956.17898-1-zyytlz.wz@163.com/ +CVE-2023-3355 (A NULL pointer dereference flaw was found in the Linux kernel's driver ...) + - linux 6.1.20-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/d839f0811a31322c087a859c2b181e2383daa7be (6.3-rc1) +CVE-2023-3354 (A flaw was found in the QEMU built-in VNC server. When a client connec ...) + - qemu 1:8.0.4+dfsg-1 + [bookworm] - qemu 1:7.2+dfsg-7+deb12u2 + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + [buster] - qemu (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2216478 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-07/msg01014.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62 (v8.0.4) +CVE-2023-3432 (Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plant ...) + - plantuml (bug #1040000) + [bookworm] - plantuml (Minor issue) + [bullseye] - plantuml (Minor issue) + [buster] - plantuml (Minor issue) + NOTE: https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51/ + NOTE: https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797 (v1.2023.9) +CVE-2023-3431 (Improper Access Control in GitHub repository plantuml/plantuml prior t ...) + - plantuml (bug #1039999) + [bookworm] - plantuml (Minor issue) + [bullseye] - plantuml (Minor issue) + [buster] - plantuml (Minor issue) + NOTE: https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c/ + NOTE: https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e (v1.2023.9) +CVE-2023-3405 (Unchecked parameter value in M-Files Server in versions before 23.6.12 ...) + NOT-FOR-US: M-Files +CVE-2023-36463 (Meldekarten generator is an open source project to create a program, r ...) + NOT-FOR-US: Meldekarten generator +CVE-2023-36002 (A missing authorization check in multiple URL validation endpoints of ...) + NOT-FOR-US: Insider Threat Management Server +CVE-2023-36000 (A missing authorization check in the MacOS agent configuration endpoin ...) + NOT-FOR-US: Insider Threat Management Server +CVE-2023-35998 (A missing authorization check in multiple SOAP endpoints of the Inside ...) + NOT-FOR-US: Insider Threat Management Server +CVE-2023-35800 (Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecu ...) + NOT-FOR-US: Stormshield Endpoint Security Evolution +CVE-2023-35799 (Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecu ...) + NOT-FOR-US: Stormshield Endpoint Security Evolution +CVE-2023-34839 (A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-p ...) + NOT-FOR-US: Issabel +CVE-2023-34838 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) + NOT-FOR-US: Microworld Technologies eScan Management console +CVE-2023-34837 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) + NOT-FOR-US: Microworld Technologies eScan Management console +CVE-2023-34836 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) + NOT-FOR-US: Microworld Technologies eScan Management console +CVE-2023-34835 (A Cross Site Scripting vulnerability in Microworld Technologies eScan ...) + NOT-FOR-US: Microworld Technologies eScan Management console +CVE-2023-34830 (i-doit Open v24 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: i-doit Open +CVE-2023-34240 (Cloudexplorer-lite is an open source cloud software stack. Weak passwo ...) + NOT-FOR-US: Cloudexplorer-lite +CVE-2023-34099 (Shopware is an open source e-commerce software. The mail validation in ...) + NOT-FOR-US: Shopware +CVE-2023-34098 (Shopware is an open source e-commerce software. Due to an incorrect co ...) + NOT-FOR-US: Shopware +CVE-2023-33567 (An unauthorized access vulnerability has been discovered in ROS2 Foxy ...) + NOTE: Duplicate of CVE-2021-38425 +CVE-2023-33566 (An unauthorized node injection vulnerability has been identified in RO ...) + NOTE: Duplicate of CVE-2021-38425 +CVE-2023-32339 (IBM Business Automation Workflow is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM +CVE-2023-2996 (The Jetpack WordPress plugin before 12.1.1 does not validate uploaded ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2861 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...) + - qemu 1:8.0.3+dfsg-1 + [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 + [bullseye] - qemu (Minor issue) + [buster] - qemu (Minor issue) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda +CVE-2023-2860 (An out-of-bounds read vulnerability was found in the SR-IPv6 implement ...) + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux 4.19.260-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-18511/ + NOTE: https://git.kernel.org/linus/84a53580c5d2138c7361c7c3eea5b31827e63b35 (6.0-rc5) +CVE-2023-2877 (The Formidable Forms WordPress plugin before 6.3.1 does not adequately ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2842 (The WP Inventory Manager WordPress plugin before 2.1.0.14 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2818 (An insecure filesystem permission in the Insider Threat Management Age ...) + NOT-FOR-US: Insider Threat Management Agent for Windows +CVE-2023-2795 (The CodeColorer WordPress plugin before 0.10.1 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2744 (The ERP WordPress plugin before 1.12.4 does not properly sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2743 (The ERP WordPress plugin before 1.12.4 does not sanitise and escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2711 (The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2628 (The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks ( ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2627 (The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2624 (The KiviCare WordPress plugin before 3.2.1 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2623 (The KiviCare WordPress plugin before 3.2.1 does not restrict the infor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2605 (The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2601 (The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2592 (The FormCraft WordPress plugin before 3.9.7 does not properly sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2580 (The AI Engine WordPress plugin before 1.6.83 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2482 (The Responsive CSS EDITOR WordPress plugin through 1.0 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2326 (The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35798 (Input Validation vulnerability in Apache Software Foundation Apache Ai ...) + NOT-FOR-US: Apache Airflow ODBC/MSSQL Provider +CVE-2023-34395 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) + NOT-FOR-US: Apache Airflow ODBC Provider +CVE-2023-3423 (Weak Password Requirements in GitHub repository cloudexplorer-dev/clou ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-3412 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3411 (The Image Map Pro \u2013 Drag-and-drop Builder for Interactive Images ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3371 (The User Registration plugin for WordPress is vulnerable to Sensitive ...) + NOT-FOR-US: User Registration plugin for WordPress +CVE-2023-3132 (The MainWP Child plugin for WordPress is vulnerable to Sensitive Infor ...) + NOT-FOR-US: MainWP Child plugin for WordPress +CVE-2023-35695 (A remote attacker could leverage a vulnerability in Trend Micro Mobile ...) + NOT-FOR-US: Trend Micro +CVE-2023-35168 (DataEase is an open source data visualization analysis tool to analyze ...) + NOT-FOR-US: DataEase +CVE-2023-35164 (DataEase is an open source data visualization analysis tool to analyze ...) + NOT-FOR-US: DataEase +CVE-2023-34924 (H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflo ...) + NOT-FOR-US: H3C +CVE-2023-34463 (DataEase is an open source data visualization analysis tool to analyze ...) + NOT-FOR-US: DataEase +CVE-2023-34148 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2023-34147 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2023-34146 (An exposed dangerous function vulnerability in the Trend Micro Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2023-34145 (An untrusted search path vulnerability in the Trend Micro Apex One and ...) + NOT-FOR-US: Trend Micro +CVE-2023-34144 (An untrusted search path vulnerability in the Trend Micro Apex One and ...) + NOT-FOR-US: Trend Micro +CVE-2023-32605 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) + NOT-FOR-US: Trend Micro +CVE-2023-32604 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) + NOT-FOR-US: Trend Micro +CVE-2023-32557 (A path traversal vulnerability in the Trend Micro Apex One and Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2023-32556 (A link following vulnerability in the Trend Micro Apex One and Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2023-32555 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + NOT-FOR-US: Trend Micro +CVE-2023-32554 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + NOT-FOR-US: Trend Micro +CVE-2023-32553 (An Improper access control vulnerability in Trend Micro Apex One and A ...) + NOT-FOR-US: Trend Micro +CVE-2023-32552 (An Improper access control vulnerability in Trend Micro Apex One and A ...) + NOT-FOR-US: Trend Micro +CVE-2023-32537 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) + NOT-FOR-US: Trend Micro +CVE-2023-32536 (Affected versions Trend Micro Apex Central (on-premise) are vulnerable ...) + NOT-FOR-US: Trend Micro +CVE-2023-32535 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) + NOT-FOR-US: Trend Micro +CVE-2023-32534 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) + NOT-FOR-US: Trend Micro +CVE-2023-32533 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) + NOT-FOR-US: Trend Micro +CVE-2023-32532 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) + NOT-FOR-US: Trend Micro +CVE-2023-32531 (Certain dashboard widgets on Trend Micro Apex Central (on-premise) are ...) + NOT-FOR-US: Trend Micro +CVE-2023-32530 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...) + NOT-FOR-US: Trend Micro +CVE-2023-32529 (Vulnerable modules of Trend Micro Apex Central (on-premise) contain vu ...) + NOT-FOR-US: Trend Micro +CVE-2023-32528 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...) + NOT-FOR-US: Trend Micro +CVE-2023-32527 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable . ...) + NOT-FOR-US: Trend Micro +CVE-2023-32526 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...) + NOT-FOR-US: Trend Micro +CVE-2023-32525 (Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulne ...) + NOT-FOR-US: Trend Micro +CVE-2023-32524 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 ...) + NOT-FOR-US: Trend Micro +CVE-2023-32523 (Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 ...) + NOT-FOR-US: Trend Micro +CVE-2023-32522 (A path traversal exists in a specific dll of Trend Micro Mobile Securi ...) + NOT-FOR-US: Trend Micro +CVE-2023-32521 (A path traversal exists in a specific service dll of Trend Micro Mobil ...) + NOT-FOR-US: Trend Micro +CVE-2023-3361 (A flaw was found in Red Hat OpenShift Data Science. When exporting a p ...) + NOT-FOR-US: OpenShift Data +CVE-2023-3422 (Use after free in Guest View in Google Chrome prior to 114.0.5735.198 ...) + {DSA-5440-1} + - chromium 114.0.5735.198-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3421 (Use after free in Media in Google Chrome prior to 114.0.5735.198 allow ...) + {DSA-5440-1} + - chromium 114.0.5735.198-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3420 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed ...) + {DSA-5440-1} + - chromium 114.0.5735.198-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3398 (Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3.) + NOT-FOR-US: jgraph/drawio +CVE-2023-3113 (An unauthenticated XML external entity injection (XXE) vulnerability e ...) + NOT-FOR-US: Lenovo +CVE-2023-36631 (Lack of access control in wfc.exe in Malwarebytes Binisoft Windows Fir ...) + NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control +CVE-2023-36301 (Talend Data Catalog before 8.0-20230221 contain a directory traversal ...) + NOT-FOR-US: Talend Data Catalog +CVE-2023-36252 (An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote ...) + NOT-FOR-US: Ateme Flamingo XL +CVE-2023-35933 (OPenFGA is an open source authorization/permission engine built for de ...) + NOT-FOR-US: OPenFGA +CVE-2023-35930 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...) + NOT-FOR-US: SpiceDB +CVE-2023-35170 + REJECTED +CVE-2023-34422 (A valid, authenticated LXCA user with elevated privileges may be able ...) + NOT-FOR-US: Lenovo +CVE-2023-34421 (A valid, authenticated LXCA user with elevated privileges may be able ...) + NOT-FOR-US: Lenovo +CVE-2023-34420 (A valid, authenticated LXCA user with elevated privileges may be able ...) + NOT-FOR-US: Lenovo +CVE-2023-34418 (A valid, authenticated LXCA user may be able to gain unauthorized acce ...) + NOT-FOR-US: Lenovo +CVE-2023-33580 (Phpgurukul Student Study Center Management System V1.0 is vulnerable t ...) + NOT-FOR-US: Phpgurukul Student Study Center Management System +CVE-2023-33404 (An Unrestricted Upload vulnerability, due to insufficient validation o ...) + NOT-FOR-US: BlogEngine.Net +CVE-2023-33176 (BigBlueButton is an open source virtual classroom designed to help tea ...) + NOT-FOR-US: BigBlueButton +CVE-2023-2993 (A valid, authenticated user with limited privileges may be able to use ...) + NOT-FOR-US: Lenovo +CVE-2023-2992 (An unauthenticated denial of service vulnerability exists in the SMM v ...) + NOT-FOR-US: Lenovo +CVE-2023-36675 (An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1. ...) + {DSA-5447-1} + - mediawiki 1:1.39.4-1 + [buster] - mediawiki (partial blocking was introduced in 1.33) + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/921452 + NOTE: https://phabricator.wikimedia.org/T332889 +CVE-2023-36666 (INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page ...) + NOT-FOR-US: INEX IXP-Manager +CVE-2023-36664 (Artifex Ghostscript through 10.01.2 mishandles permission validation f ...) + {DSA-5446-1} + - ghostscript 10.01.2~dfsg-1 + [buster] - ghostscript (Vulnerable code not present; no path validation at all) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706761 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706778 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=505eab7782b429017eb434b2b95120855f2b0e3c + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0974e4f2ac0005d3731e0b5c13ebc7e965540f4d + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea (ghostpdl-10.01.2) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=fb342fdb60391073a69147cb71af1ac416a81099 (ghostpdl-10.01.2) +CVE-2023-36663 (it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows ...) + NOT-FOR-US: it-novum openITCOCKPIT (aka open IT COCKPIT) +CVE-2023-36662 (The TechTime User Management components for Atlassian products allow s ...) + NOT-FOR-US: Atlassian +CVE-2023-36660 (The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory ...) + - nettle (Only affects 3.9.x and experimental is fixed) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1212112 + NOTE: Introduced with: https://git.lysator.liu.se/nettle/nettle/-/commit/9cf0e2d2675268a403194d85a78a44e8cbdf562b (nettle_3.9_release_20230514) + NOTE: Fixed by: https://git.lysator.liu.se/nettle/nettle/-/commit/867a4548b95705291a3afdd66d76e7f17ba2618f (nettle_3.9.1_release_20230601) +CVE-2023-3396 (A vulnerability was found in Campcodes Retro Cellphone Online Store 1. ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-36632 (The legacy email.utils.parseaddr function in Python through 3.11.4 all ...) + NOTE: Disputed Python issue +CVE-2023-36630 (In CloudPanel before 2.3.1, insecure file upload leads to privilege es ...) + NOT-FOR-US: CloudPanel +CVE-2015-20109 (end_pattern (called from internal_fnmatch) in the GNU C Library (aka g ...) + - glibc 2.22-1 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18036 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61 (glibc-2.22) +CVE-2023-36612 (Directory traversal can occur in the Basecamp com.basecamp.bc3 applica ...) + NOT-FOR-US: Basecamp +CVE-2023-3388 (The Beautiful Cookie Consent Banner for WordPress is vulnerable to Sto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3387 (The Lana Text to Image plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: Lana Text to Image plugin for WordPress +CVE-2023-3197 (The MStore API plugin for WordPress is vulnerable to Unauthenticated B ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-35932 (jcvi is a Python library to facilitate genome assembly, annotation, an ...) + NOT-FOR-US: jcvi +CVE-2023-35928 (Nextcloud Server is a space for data storage on Nextcloud, a self-host ...) + - nextcloud-server (bug #941708) +CVE-2023-35927 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) + - nextcloud-server (bug #941708) +CVE-2023-35173 (Nextcloud End-to-end encryption app provides all the necessary APIs to ...) + NOT-FOR-US: Nextcloud End-to-end encryption app +CVE-2023-35172 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) + - nextcloud-server (bug #941708) +CVE-2023-35171 (NextCloud Server and NextCloud Enterprise Server provide file storage ...) + - nextcloud-server (bug #941708) +CVE-2023-35169 (PHP-IMAP is a wrapper for common IMAP communication without the need t ...) + NOT-FOR-US: PHP-Imap + NOTE: src:ldap-account-manager bundles it, but not relevant for it +CVE-2023-35165 (AWS Cloud Development Kit (AWS CDK) is an open-source software develop ...) + NOT-FOR-US: AWS Cloud Development Kit +CVE-2023-35163 (Vega is a decentralized trading platform that allows pseudo-anonymous ...) + NOT-FOR-US: Vega +CVE-2023-35154 (Knowage is an open source analytics and business intelligence suite. S ...) + NOT-FOR-US: Knowage +CVE-2023-34254 (The GLPI Agent is a generic management agent. Prior to version 1.5, if ...) + - glpi + NOTE: https://github.com/glpi-project/glpi-agent/security/advisories/GHSA-39vc-hxgm-j465 +CVE-2023-3394 (Session Fixation in GitHub repository fossbilling/fossbilling prior to ...) + NOT-FOR-US: fossbilling +CVE-2023-3393 (Code Injection in GitHub repository fossbilling/fossbilling prior to 0 ...) + NOT-FOR-US: fossbilling +CVE-2023-3391 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester Human Resource Management System +CVE-2023-3384 (A flaw was found in the Quay registry. While the image labels created ...) + NOT-FOR-US: Quay +CVE-2023-3383 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Game Result Matrix System +CVE-2023-3382 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Game Result Matrix System +CVE-2023-3381 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online School Fees System +CVE-2023-3380 (A vulnerability classified as critical has been found in Wavlink WN579 ...) + NOT-FOR-US: WAVLINK +CVE-2023-3304 (Improper Access Control in GitHub repository admidio/admidio prior to ...) + NOT-FOR-US: admidio +CVE-2023-3303 (Improper Access Control in GitHub repository admidio/admidio prior to ...) + NOT-FOR-US: admidio +CVE-2023-3302 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: admidio +CVE-2023-36348 (POS Codekop v2.0 was discovered to contain an authenticated remote cod ...) + NOT-FOR-US: POS Codekop +CVE-2023-36346 (POS Codekop v2.0 was discovered to contain a reflected cross-site scri ...) + NOT-FOR-US: POS Codekop +CVE-2023-36345 (A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attacke ...) + NOT-FOR-US: POS Codekop +CVE-2023-36289 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) + NOT-FOR-US: Webkul QloApps +CVE-2023-36288 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) + NOT-FOR-US: Webkul QloApps +CVE-2023-36287 (An unauthenticated Cross-Site Scripting (XSS) vulnerability found in W ...) + NOT-FOR-US: Webkul QloApps +CVE-2023-36284 (An unauthenticated Time-Based SQL injection found in Webkul QloApps 1. ...) + NOT-FOR-US: Webkul QloApps +CVE-2023-36274 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) + - libredwg (bug #595191) +CVE-2023-36273 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) + - libredwg (bug #595191) +CVE-2023-36272 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) + - libredwg (bug #595191) +CVE-2023-36271 (LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via ...) + - libredwg (bug #595191) +CVE-2023-35931 (Shescape is a simple shell escape library for JavaScript. An attacker ...) + NOT-FOR-US: Shescape +CVE-2023-35925 (FastAsyncWorldEdit (FAWE) is designed for efficient world editing. Thi ...) + NOT-FOR-US: FastAsyncWorldEdit +CVE-2023-35759 (In Progress WhatsUp Gold before 23.0.0, an SNMP-related application en ...) + NOT-FOR-US: Progress WhatsUp Gold +CVE-2023-35167 (Remult is a CRUD framework for full-stack TypeScript. If you used the ...) + NOT-FOR-US: Remult +CVE-2023-35162 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35161 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35160 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35159 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35158 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35157 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35156 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35155 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35153 (XWiki Platform is a generic wiki platform. Starting in version 5.4.4 a ...) + NOT-FOR-US: XWiki +CVE-2023-35152 (XWiki Platform is a generic wiki platform. Starting in version 12.9-rc ...) + NOT-FOR-US: XWiki +CVE-2023-35151 (XWiki Platform is a generic wiki platform. Starting in version 7.3-mil ...) + NOT-FOR-US: XWiki +CVE-2023-35150 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35048 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mage ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34673 (Elenos ETG150 FM transmitter running on version 3.12 was discovered to ...) + NOT-FOR-US: Elenos ETG150 FM transmitter +CVE-2023-34672 (Improper Access Control leads to adding a high-privilege user affectin ...) + NOT-FOR-US: Elenos ETG150 FM transmitter +CVE-2023-34671 (Improper Access Control leads to privilege escalation affecting Elenos ...) + NOT-FOR-US: Elenos ETG150 FM transmitter +CVE-2023-34467 (XWiki Platform is a generic wiki platform. Starting in version 3.5-mil ...) + NOT-FOR-US: XWiki +CVE-2023-34466 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-34465 (XWiki Platform is a generic wiki platform. Starting in version 11.8-rc ...) + NOT-FOR-US: XWiki +CVE-2023-34464 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-34460 (Tauri is a framework for building binaries for all major desktop platf ...) + NOT-FOR-US: Tauri +CVE-2023-34203 (In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explo ...) + NOT-FOR-US: Progress OpenEdge OEM +CVE-2023-34188 (The HTTP server in Mongoose before 7.10 accepts requests containing ne ...) + NOT-FOR-US: Cesanta Mongoose + NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 +CVE-2023-34021 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34012 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33565 (ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYT ...) + NOTE: Duplicate of CVE-2021-38425 +CVE-2023-32580 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEx ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32480 (Dell BIOS contains an Improper Input Validation vulnerability. An unau ...) + NOT-FOR-US: Dell +CVE-2023-32439 (A type confusion issue was addressed with improved checks. This issue ...) + {DSA-5449-1} + - webkit2gtk 2.40.3-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.3-1 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0005.html +CVE-2023-32435 (A memory corruption issue was addressed with improved state management ...) + {DSA-5396-1} + - webkit2gtk 2.40.0-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0005.html +CVE-2023-32434 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2023-32423 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-32422 (This issue was addressed by adding additional SQLite logging restricti ...) + NOT-FOR-US: Apple +CVE-2023-32420 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32419 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-32417 (This issue was addressed by restricting options offered on a locked de ...) + NOT-FOR-US: Apple +CVE-2023-32415 (This issue was addressed with improved redaction of sensitive informa ...) + NOT-FOR-US: Apple +CVE-2023-32414 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-32413 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2023-32412 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-32411 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-32410 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32408 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-32407 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32405 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-32404 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-32403 (This issue was addressed with improved redaction of sensitive informa ...) + NOT-FOR-US: Apple +CVE-2023-32402 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32400 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-32399 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-32398 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-32397 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32395 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32394 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-32393 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5396-1} + - webkit2gtk 2.40.0-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0006.html +CVE-2023-32392 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-32391 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-32390 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-32389 (This issue was addressed with improved redaction of sensitive informa ...) + NOT-FOR-US: Apple +CVE-2023-32388 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-32387 (A use-after-free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-32386 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-32385 (A denial-of-service issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2023-32384 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2023-32382 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32380 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2023-32376 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-32375 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32372 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32371 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-32369 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32368 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32367 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-32365 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-32363 (A permissions issue was addressed by removing vulnerable code and addi ...) + NOT-FOR-US: Apple +CVE-2023-32360 (An authentication issue was addressed with improved state management. ...) + {DLA-3594-1} + - cups 2.4.2-6 (bug #1051953) + [bookworm] - cups 2.4.2-3+deb12u2 + [bullseye] - cups 2.3.3op2-3+deb11u4 + NOTE: https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913 (v2.4.3) +CVE-2023-32357 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2023-32355 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-32354 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-32353 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-32352 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-32351 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-3128 (Grafana is validating Azure AD accounts based on the email claim. On ...) + - grafana +CVE-2023-3114 (Terraform Enterprise since v202207-1 did not properly implement author ...) + NOT-FOR-US: Terraform Enterprise +CVE-2023-36193 (Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via t ...) + - gifsicle 1.94-1 (unimportant; bug #1038976) + NOTE: https://github.com/kohler/gifsicle/issues/191 + NOTE: https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb (v1.94) + NOTE: Crash in CLI tool, no security impact +CVE-2023-36192 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...) + - sngrep 1.7.0-2 (unimportant; bug #1038975) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/irontec/sngrep/issues/438 + NOTE: https://github.com/irontec/sngrep/commit/ad1daf15c8387bfbb48097c25197bf330d2d98fc +CVE-2023-36191 + REJECTED +CVE-2023-35801 (A directory traversal vulnerability in Safe Software FME Server before ...) + NOT-FOR-US: Safe Software FME Server +CVE-2023-35133 (An issue in the logic used to check 0.0.0.0 against the cURL blocked h ...) + - moodle +CVE-2023-35132 (A limited SQL injection risk was identified on the Mnet SSO access con ...) + - moodle +CVE-2023-35131 (Content on the groups page required additional sanitizing to prevent a ...) + - moodle +CVE-2023-34553 (An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attacke ...) + NOT-FOR-US: WAFU Keyless Smart Lock +CVE-2023-34462 (Netty is an asynchronous event-driven network application framework fo ...) + {DSA-5558-1} + - netty 1:4.1.48-8 (bug #1038947) + [buster] - netty (SslClientHelloHandler introduced in v4.1.46) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845 + NOTE: https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32 (netty-4.1.94.Final) +CVE-2023-34110 (Flask-AppBuilder is an application development framework, built on top ...) + - flask-appbuilder (bug #1038948) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-jhpr-j7cq-3jp3 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/ae25ad4c87a9051ebe4a4e8f02aee73232642626 (v4.3.2) +CVE-2023-33299 (A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, ...) + NOT-FOR-US: Fortinet +CVE-2023-33141 (Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability) + NOT-FOR-US: Yet Another Reverse Proxy +CVE-2023-32464 (Dell VxRail, versions prior to 7.0.450, contain an improper certificat ...) + NOT-FOR-US: Dell +CVE-2023-32463 (Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-servic ...) + NOT-FOR-US: Dell +CVE-2023-32320 (Nextcloud Server is a data storage system for Nextcloud, a self-hosted ...) + - nextcloud-server (bug #941708) +CVE-2023-31469 (A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was ...) + NOT-FOR-US: Apache StreamPipes +CVE-2023-3326 (pam_krb5 authenticates a user by essentially running kinit with the pa ...) + - libpam-krb5 (unimportant) + NOTE: Documented shortcoming of Linux pam-krb + NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/2 +CVE-2023-3256 (Advantech R-SeeNet versions 2.4.22 allows low-level users to access ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2023-36371 (An issue in the GDKfree component of MonetDB Server v11.45.17 and v11. ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36370 (An issue in the gc_col component of MonetDB Server v11.45.17 and v11.4 ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36369 (An issue in the list_append component of MonetDB Server v11.45.17 and ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36368 (An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36367 (An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11. ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36366 (An issue in the log_create_delta component of MonetDB Server v11.45.17 ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36365 (An issue in the sql_trans_copy_key component of MonetDB Server v11.45. ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36364 (An issue in the rel_deps component of MonetDB Server v11.45.17 and v11 ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36363 (An issue in the __nss_database_lookup component of MonetDB Server v11. ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36362 (An issue in the rel_sequences component of MonetDB Server v11.45.17 an ...) + NOT-FOR-US: MonetDB Server +CVE-2023-36359 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND ...) + NOT-FOR-US: TP-Link +CVE-2023-36358 (TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR8 ...) + NOT-FOR-US: TP-Link +CVE-2023-36357 (An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL ...) + NOT-FOR-US: TP-Link +CVE-2023-36356 (TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N ...) + NOT-FOR-US: TP-Link +CVE-2023-36355 (TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: TP-Link +CVE-2023-36354 (TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/ ...) + NOT-FOR-US: TP-Link +CVE-2023-36243 (FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml ...) + - flvmeta (unimportant; bug #1038977) + NOTE: https://github.com/noirotm/flvmeta/issues/19 + NOTE: https://github.com/noirotm/flvmeta/commit/7b91e5656e27b16639c8de156878c7624346cbd4 (v1.2.2) + NOTE: Crash in CLI tool, no security impact +CVE-2023-36239 (libming listswf 0.4.7 was discovered to contain a buffer overflow in t ...) + - ming + NOTE: https://github.com/libming/libming/issues/273 +CVE-2023-36097 (funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via ...) + NOT-FOR-US: funadmin +CVE-2023-36093 (There is a storage type cross site scripting (XSS) vulnerability in th ...) + NOT-FOR-US: EyouCMS +CVE-2023-35926 (Backstage is an open platform for building developer portals. The Back ...) + NOT-FOR-US: Backstage +CVE-2023-35918 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35917 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35174 (Livebook is a web application for writing interactive and collaborativ ...) + NOT-FOR-US: Livebook +CVE-2023-35093 (Broken Access Control vulnerability in StylemixThemes MasterStudy LMS ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35090 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34939 (Onlyoffice Community Server before v12.5.2 was discovered to contain a ...) + NOT-FOR-US: Onlyoffice Community Server +CVE-2023-34927 (Casdoor v1.331.0 and below was discovered to contain a Cross-Site Requ ...) + NOT-FOR-US: Casdoor +CVE-2023-34923 (XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in T ...) + NOT-FOR-US: TOPdesk +CVE-2023-34796 (Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashb ...) + NOT-FOR-US: dmarcts-report-viewer +CVE-2023-34601 (Jeesite before commit 10742d3 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Jeesite +CVE-2023-34368 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP O ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34028 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF \u2 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34006 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33997 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33387 (A reflected cross-site scripting (XSS) vulnerability in DATEV eG Perso ...) + NOT-FOR-US: DATEV +CVE-2023-33323 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32960 (Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, Da ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32571 (Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to ...) + NOT-FOR-US: Dynamic Linq +CVE-2023-32239 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress theme +CVE-2023-31868 (Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XS ...) + NOT-FOR-US: Sage X3 +CVE-2023-31867 (Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.) + NOT-FOR-US: Sage X3 +CVE-2023-2991 (Fortra Globalscape EFT's administration server suffers from an informa ...) + NOT-FOR-US: Fortra Globalscape +CVE-2023-2990 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial o ...) + NOT-FOR-US: Fortra Globalscape +CVE-2023-2989 (Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of ...) + NOT-FOR-US: Fortra Globalscape +CVE-2023-2611 (Advantech R-SeeNet versions 2.4.22 is installed with a hidden root- ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2023-34614 (An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to ...) + NOT-FOR-US: jmarsden/jsonij +CVE-2023-33842 (IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 r ...) + NOT-FOR-US: IBM +CVE-2023-33405 (Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.) + NOT-FOR-US: Blogengine.net +CVE-2023-32449 (Dell PowerStore versions prior to 3.5 contain an improper verification ...) + NOT-FOR-US: Dell +CVE-2019-25152 (The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for Woo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3359 (An issue was discovered in the Linux kernel brcm_nvram_parse in driver ...) + - linux 6.1.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b0576ade3aaf24b376ea1a4406ae138e2a22b0c0 (6.2-rc7) +CVE-2023-3358 (A null pointer dereference was found in the Linux kernel's Integrated ...) + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8 (6.2-rc5) +CVE-2023-3357 (A NULL pointer dereference flaw was found in the Linux kernel AMD Sens ...) + - linux 6.1.4-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/53ffa6a9f83b2170c60591da1ead8791d5a42e81 (6.2-rc1) +CVE-2023-3351 + REJECTED +CVE-2023-3110 (Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier ...) + NOT-FOR-US: SiLabs Unify Gateway +CVE-2023-34981 (A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1 ...) + - tomcat10 10.1.10-1 + [bookworm] - tomcat10 (Issue introduced in 10.1.8) + - tomcat9 (Vulnerable code introduced in 9.0.74) + NOTE: https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz + NOTE: Introduced due to fix for: https://bz.apache.org/bugzilla/show_bug.cgi?id=66512 + NOTE: Fixed by: https://bz.apache.org/bugzilla/show_bug.cgi?id=66591 +CVE-2023-33725 (Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovere ...) + NOT-FOR-US: Broadleaf +CVE-2023-33591 (User Registration & Login and User Management System v1.0 was discover ...) + NOT-FOR-US: User Registration & Login and User Management System +CVE-2023-33584 (Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Enrollment System Project +CVE-2023-33289 (The urlnorm crate through 0.1.4 for Rust allows Regular Expression Den ...) + NOT-FOR-US: Rust crate urlnorm +CVE-2023-2829 (A `named` instance configured to run as a DNSSEC-validating recursive ...) + - bind9 (Only affects BIND Supported Preview Edition) + NOTE: https://kb.isc.org/docs/cve-2023-2829 +CVE-2023-2911 (If the `recursive-clients` quota is reached on a BIND 9 resolver confi ...) + {DSA-5439-1} + - bind9 1:9.18.16-1 + [buster] - bind9 (Vulnerable code not present; libns added in 9.19.14) + NOTE: https://kb.isc.org/docs/cve-2023-2911 + NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0003-CVE-2023-2911.patch + NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0003-CVE-2023-2911.patch +CVE-2023-2828 (Every `named` instance configured to run as a recursive resolver maint ...) + {DSA-5439-1 DLA-3498-1} + - bind9 1:9.18.16-1 + NOTE: https://kb.isc.org/docs/cve-2023-2828 + NOTE: https://downloads.isc.org/isc/bind9/9.18.16/patches/0001-CVE-2023-2828.patch + NOTE: https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch +CVE-2023-XXXX [RUSTSEC-2023-0045] + - rust-memoffset 0.6.4-1 + [bullseye] - rust-memoffset (Minor issue) + [buster] - rust-memoffset (Minor issue, Undefined Behavior) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0045.html + NOTE: https://github.com/Gilnaa/memoffset/issues/24 +CVE-2023-3339 (A vulnerability has been found in code-projects Agro-School Management ...) + NOT-FOR-US: Agro-School Management System +CVE-2023-34340 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache Accumulo +CVE-2023-3340 (A vulnerability was found in SourceCodester Online School Fees System ...) + NOT-FOR-US: SourceCodester Online School Fees System +CVE-2023-3338 (A null pointer dereference flaw was found in the Linux kernel's DECnet ...) + {DSA-5480-1 DLA-3623-1 DLA-3508-1} + - linux 6.1.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/06/24/3 + NOTE: https://git.kernel.org/linus/1202cdd665315c525b5237e96e0bedc76d7e754f (6.1-rc1) +CVE-2023-3337 (A vulnerability was found in PuneethReddyHC Online Shopping System Adv ...) + NOT-FOR-US: PuneethReddyHC Online Shopping System Advanced +CVE-2023-3220 (An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_ ...) + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/93340e10b9c5fc86730d149636e0aa8b47bb5a34 (6.3-rc1) +CVE-2023-35885 (CloudPanel 2 before 2.3.1 has insecure file-manager cookie authenticat ...) + NOT-FOR-US: CloudPanel +CVE-2023-35854 (Zoho ManageEngine ADSelfService Plus through 6113 has an authenticatio ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-35166 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-35098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Bri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35097 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35095 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flot ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34600 (Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.) + NOT-FOR-US: Adiscon LogAnalyzer +CVE-2023-34597 (A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers ...) + NOT-FOR-US: Fibaro Motion Sensor firmware +CVE-2023-34596 (A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attacke ...) + NOT-FOR-US: Aeotec WallMote Switch firmware +CVE-2023-34563 (netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overfl ...) + NOT-FOR-US: Netgear +CVE-2023-34541 (Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_pr ...) + NOT-FOR-US: Langchain +CVE-2023-33869 (Enphase Envoy versions D7.0.88 is vulnerable to a command injection ex ...) + NOT-FOR-US: Enphase Envoy +CVE-2023-33495 (Craft CMS through 4.4.9 is vulnerable to HTML Injection.) + NOT-FOR-US: Craft CMS +CVE-2023-32274 (Enphase Installer Toolkit versions 3.27.0 has hard coded credentials e ...) + NOT-FOR-US: Enphase Installer Toolkit +CVE-2023-2533 (A Cross-Site Request Forgery (CSRF) vulnerability has been identified ...) + NOT-FOR-US: PaperCut +CVE-2023-2400 (Improper deletion of resource in the user management feature in Devolu ...) + NOT-FOR-US: Devolutions Server +CVE-2023-3325 (The CMS Commander plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: CMS Commander plugin for WordPress +CVE-2023-3320 (The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Sticky Social plugin for WordPress +CVE-2023-3315 (Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35884 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPri ...) + NOT-FOR-US: EventPrime plugin +CVE-2023-35882 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35878 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vady ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32659 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross- ...) + NOT-FOR-US: SUBNET PowerSYSTEM Center +CVE-2023-29158 (SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable t ...) + NOT-FOR-US: SUBNET PowerSYSTEM Center +CVE-2023-3318 (A vulnerability was found in SourceCodester Resort Management System 1 ...) + NOT-FOR-US: SourceCodester Resort Management System +CVE-2023-3317 (A use-after-free flaw was found in mt7921_check_offload_capability in ...) + - linux (Vulnerable code never in released version in unstable) + NOTE: https://git.kernel.org/linus/2ceb76f734e37833824b7fab6af17c999eb48d2b (6.3-rc6) +CVE-2023-3316 (A NULL pointer dereference in TIFFClose() is caused by a failure to op ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/515 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/468 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 (v4.5.1rc1) +CVE-2023-3312 (A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpuf ...) + - linux (Vulnerable code never present in released version) + NOTE: https://git.kernel.org/linus/ba5e770c9698782bc203bbf5cf3b36a77720bdbe (6.4-rc1) +CVE-2023-35843 (NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability ...) + NOT-FOR-US: NocoDB +CVE-2023-35779 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35776 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35775 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35772 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Go ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34461 (PyBB is an open source bulletin board. A manual code review of the PyB ...) + NOT-FOR-US: PyBB +CVE-2023-34373 (Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-34167 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-34166 (Vulnerability of system restart triggered by abnormal callbacks passed ...) + NOT-FOR-US: Huawei +CVE-2023-34163 (Permission control vulnerability in the window management module.Succe ...) + NOT-FOR-US: Huawei +CVE-2023-34162 (Version update determination vulnerability in the user profile module. ...) + NOT-FOR-US: Huawei +CVE-2023-34161 (nappropriate authorization vulnerability in the SettingsProvider modul ...) + NOT-FOR-US: Huawei +CVE-2023-34160 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-34159 (Improper permission control vulnerability in the Notepad app.Successfu ...) + NOT-FOR-US: Huawei +CVE-2023-34158 (Vulnerability of spoofing trustlists of Huawei desktop.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2023-34156 (Vulnerability of services denied by early fingerprint APIs on HarmonyO ...) + NOT-FOR-US: Huawei +CVE-2023-34155 (Vulnerability of unauthorized calling on HUAWEI phones and tablets.Suc ...) + NOT-FOR-US: Huawei +CVE-2023-33213 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31411 (A remote unprivileged attacker can modify and access configuration set ...) + NOT-FOR-US: SICK +CVE-2023-31410 (A remote unprivileged attacker can intercept the communication via e.g ...) + NOT-FOR-US: SICK +CVE-2023-2908 (A null pointer dereference issue was found in Libtiff's tif_dir.c file ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/479 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f (v4.5.1rc1) + NOTE: Introduced by the fix for CVE-2022-3599/CVE-2022-4645/CVE-2023-30086/CVE-2023-30774: + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 (v4.5.0rc1) +CVE-2023-2907 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Marksoft +CVE-2023-2899 (The Google Map Shortcode WordPress plugin through 3.1.2 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2812 (The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2811 (The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2805 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2779 (The Social Share, Social Login and Social Comments WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2751 (The Upload Resume WordPress plugin through 1.2.0 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2742 (The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2719 (The SupportCandy WordPress plugin before 3.1.7 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2684 (The File Renaming on Upload WordPress plugin before 2.5.2 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2654 (The Conditional Menus WordPress plugin before 1.2.1 does not escape a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2600 (The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2527 (The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2492 (The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2401 (The QuBot WordPress plugin before 1.1.6 does not sanitise and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2399 (The QuBot WordPress plugin before 1.1.6 doesn't filter user input on c ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2359 (The Slider Revolution WordPress plugin through 6.6.12 does not check f ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48506 (A flawed pseudorandom number generator in Dominion Voting Systems Imag ...) + NOT-FOR-US: Dominion Voting Systems +CVE-2022-48501 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48500 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48499 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48498 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48497 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48496 (Vulnerability of lax app identity verification in the pre-authorizatio ...) + NOT-FOR-US: Huawei +CVE-2022-48495 (Vulnerability of unauthorized access to foreground app information.Suc ...) + NOT-FOR-US: Huawei +CVE-2022-48494 (Vulnerability of lax app identity verification in the pre-authorizatio ...) + NOT-FOR-US: Huawei +CVE-2022-48493 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48492 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48491 (Vulnerability of missing authentication on certain HUAWEI phones.Succe ...) + NOT-FOR-US: Huawei +CVE-2022-48490 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48489 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48488 (Vulnerability of bypassing the default desktop security controls.Succe ...) + NOT-FOR-US: Huawei +CVE-2022-48487 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48486 (Configuration defects in the secure OS module.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2023-3311 (A vulnerability, which was classified as problematic, was found in Pun ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system-advanced +CVE-2023-3310 (A vulnerability, which was classified as critical, has been found in c ...) + NOT-FOR-US: Agro-School Management System +CVE-2023-3309 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-3308 (A vulnerability classified as problematic has been found in whaleal Ic ...) + NOT-FOR-US: whaleal IceFrog +CVE-2023-3307 (A vulnerability was found in miniCal 1.0.0. It has been rated as criti ...) + NOT-FOR-US: miniCal +CVE-2023-35866 (In KeePassXC through 2.7.5, a local attacker can make changes to the D ...) + NOTE: Disputed KeePassXC issue +CVE-2023-35862 (libcoap 4.3.1 contains a buffer over-read via the function coap_parse_ ...) + NOT-FOR-US: libcoap +CVE-2023-35857 (In Siren Investigate before 13.2.2, session keys remain active even af ...) + NOT-FOR-US: Siren Investigate +CVE-2023-35856 (A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, a ...) + NOT-FOR-US: Nintendo Mario Kart Wii +CVE-2023-35855 (A buffer overflow in Counter-Strike through 8684 allows a game server ...) + NOT-FOR-US: Counter-Strike +CVE-2023-35853 (In Suricata before 6.0.13, an adversary who controls an external sourc ...) + - suricata 1:6.0.13-1 + [bookworm] - suricata (Minor issue) + [bullseye] - suricata (Minor issue) + NOTE: https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da +CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who controls an ...) + - suricata 1:6.0.13-1 + [bookworm] - suricata (Minor issue) + [bullseye] - suricata (Minor issue) + NOTE: https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335 + NOTE: https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17 +CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly c ...) + NOT-FOR-US: picoTCP +CVE-2023-35848 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size ...) + NOT-FOR-US: picoTCP +CVE-2023-35847 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MS ...) + NOT-FOR-US: picoTCP +CVE-2023-35846 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the ...) + NOT-FOR-US: picoTCP +CVE-2023-35844 (packages/backend/src/routers in Lightdash before 0.510.3 has insecure ...) + NOT-FOR-US: Lightdash +CVE-2023-35840 (_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder befor ...) + NOT-FOR-US: elFinder +CVE-2023-35839 (Solon before 2.3.3 allows Deserialization of Untrusted Data.) + NOT-FOR-US: Solon +CVE-2023-35829 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3228cec23b8b29215e18090c6ba635840190993d (6.4-rc1) + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-34657 (A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 al ...) + NOT-FOR-US: Eyoucms +CVE-2023-34642 (KioWare for Windows through v8.33 was discovered to contain an incompl ...) + NOT-FOR-US: KioWare for Windows +CVE-2023-34641 (KioWare for Windows through v8.33 was discovered to contain an incompl ...) + NOT-FOR-US: KioWare for Windows +CVE-2023-34603 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: JeecgBoot +CVE-2023-34602 (JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: JeecgBoot +CVE-2023-32542 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...) + NOT-FOR-US: TELLUS +CVE-2023-32538 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) + NOT-FOR-US: TELLUS +CVE-2023-32288 (Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS ...) + NOT-FOR-US: TELLUS +CVE-2023-32276 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) + NOT-FOR-US: TELLUS +CVE-2023-32273 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) + NOT-FOR-US: TELLUS +CVE-2023-32270 (Access of memory location after end of buffer issue exists in TELLUS v ...) + NOT-FOR-US: TELLUS +CVE-2023-32201 (Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 a ...) + NOT-FOR-US: TELLUS +CVE-2023-31239 (Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V- ...) + NOT-FOR-US: FUJI +CVE-2023-30759 (The driver installation package created by Printer Driver Packager NX ...) + NOT-FOR-US: Ricoh +CVE-2023-35828 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) + {DLA-3508-1} + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/2b947f8769be8b8181dc795fd292d3e7120f5204 (6.4-rc1) + NOTE: USB_RENESAS_USB3 not enabled in Debian + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-35827 (An issue was discovered in the Linux kernel through 6.3.8. A use-after ...) + - linux 6.5.8-1 + [bookworm] - linux 6.1.64-1 + NOTE: https://lore.kernel.org/lkml/cca0b40b-d6f8-54c7-1e46-83cb62d0a2f1%40huawei.com/T/ +CVE-2023-35826 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/50d0a7aea4809cef87979d4669911276aa23b71f (6.4-rc1) + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-35825 + REJECTED +CVE-2023-35824 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) + {DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/5abda7a16698d4d1f47af1168d8fa2c640116b4a (6.4-rc1) + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-35823 (An issue was discovered in the Linux kernel before 6.3.2. A use-after- ...) + {DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/30cf57da176cca80f11df0d9b7f71581fe601389 (6.4-rc1) + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-35005 (In Apache Airflow, some potentially sensitive values were being shown ...) + - airflow (bug #819700) +CVE-2023-3306 (A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It ha ...) + NOT-FOR-US: Ruijie +CVE-2023-3305 (A vulnerability was found in C-DATA Web Management System up to 202306 ...) + NOT-FOR-US: C-DATA Web Management System +CVE-2023-35813 (Multiple Sitecore products allow remote code execution. This affects E ...) + NOT-FOR-US: Sitecore +CVE-2023-35811 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) + NOT-FOR-US: SugarCRM +CVE-2023-35810 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) + NOT-FOR-US: SugarCRM +CVE-2023-35809 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) + NOT-FOR-US: SugarCRM +CVE-2023-35808 (An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x ...) + NOT-FOR-US: SugarCRM +CVE-2014-125106 (Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec ...) + - nanopb (Fixed before initial upload to Debian) + NOTE: https://github.com/nanopb/nanopb/commit/d2099cc8f1adb33d427a44a5e32ed27b647c7168 (nanopb-0.3.1) +CVE-2023-3297 (In Ubuntu's accountsservice an unprivileged local attacker can trigger ...) + - accountsservice (Ubuntu specific 0010-set-language.patch not applied in Debian) + NOTE: https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182 +CVE-2023-3295 (The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35790 (An issue was discovered in dec_patch_dictionary.cc in libjxl before 0. ...) + [experimental] - jpeg-xl 0.8.2-1 + - jpeg-xl (bug #1055306) + [bookworm] - jpeg-xl (Minor issue) + NOTE: https://github.com/libjxl/libjxl/pull/2551 + NOTE: https://github.com/libjxl/libjxl/commit/d4e67a644d8babe7cb68de122d8b5ccb2ad8f226 +CVE-2023-35789 (An issue was discovered in the C AMQP client library (aka rabbitmq-c) ...) + - librabbitmq (bug #1037322) + [bookworm] - librabbitmq (Minor issue) + [bullseye] - librabbitmq (Minor issue) + [buster] - librabbitmq (Minor issue) + NOTE: https://github.com/alanxz/rabbitmq-c/issues/575 + NOTE: https://github.com/alanxz/rabbitmq-c/commit/463054383fbeef889b409a7f843df5365288e2a0 +CVE-2023-34459 (OpenZeppelin Contracts is a library for smart contract development. St ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2023-33438 (A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer Te ...) + NOT-FOR-US: Wolters Kluwer TeamMate+ +CVE-2023-3294 (Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-sto ...) + NOT-FOR-US: saleor/react-storefront +CVE-2023-3293 (Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/ ...) + NOT-FOR-US: salesagility/suitecrm-core +CVE-2023-35788 (An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/06/07/1 + NOTE: https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c (6.4-rc5) +CVE-2023-35784 (A double free or use after free could occur after SSL_clear in OpenBSD ...) + - libressl (bug #754513) +CVE-2023-35783 (The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x throu ...) + NOT-FOR-US: Typo3 extension +CVE-2023-35782 (The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL ...) + NOT-FOR-US: Typo3 extension +CVE-2023-34832 (TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer ...) + NOT-FOR-US: TP-Link +CVE-2023-34795 (xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitial ...) + NOT-FOR-US: xlsxio +CVE-2023-34733 (A lack of exception handling in the Volkswagen Discover Media Infotain ...) + NOT-FOR-US: Volkswagen Discover Media Infotainment System Software +CVE-2023-34660 (jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg ...) + NOT-FOR-US: jjeecg-boot +CVE-2023-34659 (jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id p ...) + NOT-FOR-US: jeecg-boot +CVE-2023-34645 (jfinal CMS 5.1.0 has an arbitrary file read vulnerability.) + NOT-FOR-US: jfinal CMS +CVE-2023-34548 (Simple Customer Relationship Management 1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Simple Customer Relationship Management +CVE-2023-33307 (A null pointer dereference in Fortinet FortiOS before 7.2.5 and before ...) + NOT-FOR-US: FortiGuard +CVE-2023-33306 (A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7 ...) + NOT-FOR-US: FortiGuard +CVE-2023-2918 + REJECTED +CVE-2023-2831 (Mattermost fails to unescape Markdown strings in a memory-efficient wa ...) + - mattermost-server (bug #823556) +CVE-2023-2797 (Mattermost fails to sanitize code permalinks, allowing an attacker to ...) + - mattermost-server (bug #823556) +CVE-2023-2793 (Mattermost fails to validate links on external websites when construct ...) + - mattermost-server (bug #823556) +CVE-2023-2792 (Mattermost fails to sanitize ephemeral error messages, allowing an att ...) + - mattermost-server (bug #823556) +CVE-2023-2791 (When creating a playbook run via the /dialog API, Mattermost fails to ...) + - mattermost-server (bug #823556) +CVE-2023-2788 (Mattermost fails to check if an admin user account active after an oau ...) + - mattermost-server (bug #823556) +CVE-2023-2787 (Mattermost fails to check channel membership when accessing message th ...) + - mattermost-server (bug #823556) +CVE-2023-2786 (Mattermost fails to properly check thepermissions when executing comma ...) + - mattermost-server (bug #823556) +CVE-2023-2785 (Mattermost fails to properly truncate the postgres error log message o ...) + - mattermost-server (bug #823556) +CVE-2023-2784 (Mattermost fails to verify if the requestor is a sysadmin or not, befo ...) + - mattermost-server (bug #823556) +CVE-2023-2783 (Mattermost Apps Framework fails to verify that a secret provided in th ...) + - mattermost-server (bug #823556) +CVE-2023-3291 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2 ...) + {DSA-5452-1} + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/526954e6-8683-4697-bfa2-886c3204a1d5/ + NOTE: https://github.com/gpac/gpac/commit/6a748ccc3f76ff10e3ae43014967ea4b0c088aaf +CVE-2023-3269 (A vulnerability exists in the memory management subsystem of the Linux ...) + {DSA-5448-1} + - linux 6.3.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://github.com/lrh2000/StackRot + NOTE: https://www.openwall.com/lists/oss-security/2023/07/05/1 + NOTE: https://www.openwall.com/lists/oss-security/2023/07/28/1 +CVE-2023-3268 (An out of bounds (OOB) memory access flaw was found in the Linux kerne ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 + NOTE: https://git.kernel.org/linus/43ec16f1450f4936025a9bdf1a273affdb9732c1 (6.4-rc1) +CVE-2023-35708 (In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6 ...) + NOT-FOR-US: MOVEit +CVE-2023-34845 (Bludit v3.14.1 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: Bludit +CVE-2023-34800 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) + NOT-FOR-US: D-Link +CVE-2023-34797 (Broken access control in the Registration page (/Registration.aspx) of ...) + NOT-FOR-US: Termenos CWX +CVE-2023-34165 (Unauthorized access vulnerability in the Save for later feature provid ...) + NOT-FOR-US: Huawei +CVE-2023-34157 (Vulnerability of HwWatchHealth being hijacked.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2023-34154 (Vulnerability of undefined permissions in HUAWEI VR screen projection. ...) + NOT-FOR-US: Huawei +CVE-2023-32754 (Thinking Software Efence login function has insufficient validation fo ...) + NOT-FOR-US: Thinking Software Efence +CVE-2023-32753 (OMICARD EDM\u2019s file uploading function does not restrict upload of ...) + NOT-FOR-US: OMICARD +CVE-2023-32752 (L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000\u2019s file uploa ...) + NOT-FOR-US: L7 Networks InstantScan +CVE-2023-32028 (Microsoft SQL OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32027 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-32026 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-32025 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-2431 (A security issue was discovered in Kubelet that allows pods to bypass ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10 + NOTE: https://github.com/kubernetes/kubernetes/issues/118690 +CVE-2023-2728 (Users may be able to launch containers that bypass the mountable secre ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/9oU_lW2cU_g + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 +CVE-2023-2727 (Users may be able to launch containers using images that are restricte ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8 + NOTE: https://github.com/kubernetes/kubernetes/issues/118640 +CVE-2023-3276 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Dromara HuTool +CVE-2023-3275 (A vulnerability classified as critical was found in PHPGurukul Rail Pa ...) + NOT-FOR-US: PHPGurukul Rail Pass Management System +CVE-2023-3274 (A vulnerability classified as critical has been found in code-projects ...) + NOT-FOR-US: code-projects Supplier Management System +CVE-2023-34880 (cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal v ...) + NOT-FOR-US: cmseasy +CVE-2023-34852 (PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.) + NOT-FOR-US: PublicCMS +CVE-2023-34833 (An arbitrary file upload vulnerability in the component /api/upload.ph ...) + NOT-FOR-US: ThinkAdmin +CVE-2023-34666 (Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Mana ...) + NOT-FOR-US: Phpgurukul Cyber Cafe Management System +CVE-2023-34626 (Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.) + - piwigo +CVE-2023-34455 (snappy-java is a fast compressor/decompressor for Java. Due to use of ...) + NOT-FOR-US: snappy-java +CVE-2023-34454 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) + NOT-FOR-US: snappy-java +CVE-2023-34453 (snappy-java is a fast compressor/decompressor for Java. Due to uncheck ...) + NOT-FOR-US: snappy-java +CVE-2023-34242 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-34241 (OpenPrinting CUPS is a standards-based, open source printing system fo ...) + {DLA-3476-1} + - cups 2.4.2-5 (bug #1038885) + [bookworm] - cups 2.4.2-3+deb12u1 + [bullseye] - cups 2.3.3op2-3+deb11u3 + NOTE: https://www.openwall.com/lists/oss-security/2023/06/22/4 + NOTE: https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 + NOTE: Introduced by: https://github.com/OpenPrinting/cups/commit/996acce8760c538b9fee69c99f274ffc27744386#diff-ea18088a3c3df78fec37244a94c58754b6e5cb7fbfd7066f6124de51a73c284d (v2.2b1) +CVE-2023-33243 (RedTeam Pentesting discovered that the web interface of STARFACE as we ...) + NOT-FOR-US: STARFACE +CVE-2023-32229 (Due to an error in the software interface to the secure element chip o ...) + NOT-FOR-US: Bosch +CVE-2023-31672 (In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (aili ...) + NOT-FOR-US: PrestaShop +CVE-2023-2747 (The initialization vector (IV) used by the secure engine (SE) for encr ...) + NOT-FOR-US: silabs SGDK +CVE-2023-2686 (Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon La ...) + NOT-FOR-US: Silicon Labs Gecko SDK +CVE-2023-2683 (A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allo ...) + NOT-FOR-US: silabs Bluetooth SDK +CVE-2023-XXXX [RUSTSEC-2023-0038: Out-of-bounds array access leads to panic] + - rust-sequoia-openpgp 1.16.0-1 + [bookworm] - rust-sequoia-openpgp (Minor issue) + [bullseye] - rust-sequoia-openpgp (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0038.html +CVE-2023-3193 (Cross-site scripting (XSS) vulnerability in the Layout module's SEO co ...) + NOT-FOR-US: Liferay +CVE-2023-3138 (A vulnerability was found in libX11. The security flaw occurs because ...) + {DSA-5433-1 DLA-3472-1} + - libx11 2:1.8.6-1 (bug #1038133) + NOTE: https://www.openwall.com/lists/oss-security/2023/06/15/2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c +CVE-2023-35030 (Cross-site request forgery (CSRF) vulnerability in the Layout module's ...) + NOT-FOR-US: Liferay +CVE-2023-35029 (Open redirect vulnerability in the Layout module's SEO configuration i ...) + NOT-FOR-US: Liferay +CVE-2023-34565 (Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Creat ...) + - netbox (bug #1017079) +CVE-2023-34452 (Grav is a flat-file content management system. In versions 1.7.42 and ...) + NOT-FOR-US: Grav CMS +CVE-2023-34449 (ink! is an embedded domain specific language to write smart contracts ...) + NOT-FOR-US: ink! +CVE-2023-34448 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) + NOT-FOR-US: Grav CMS +CVE-2023-34253 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) + NOT-FOR-US: Grav CMS +CVE-2023-34252 (Grav is a flat-file content management system. Prior to version 1.7.42 ...) + NOT-FOR-US: Grav CMS +CVE-2023-34251 (Grav is a flat-file content management system. Versions prior to 1.7.4 ...) + NOT-FOR-US: Grav CMS +CVE-2023-33515 (SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scriptin ...) + NOT-FOR-US: SoftExpert Excellence Suite +CVE-2023-31746 (There is a command injection vulnerability in the adslr VW2100 router ...) + NOT-FOR-US: adslr VW2100 router +CVE-2023-2847 (During internal security analysis, a local privilege escalation vulner ...) + NOT-FOR-US: ESET +CVE-2023-2820 (An information disclosure vulnerability in the faye endpoint in Proofp ...) + NOT-FOR-US: Proofpoint +CVE-2023-2819 (A stored cross-site scripting vulnerability in the Sources UI in Proof ...) + NOT-FOR-US: Proofpoint +CVE-2023-3241 (A vulnerability was found in OTCMS up to 6.62 and classified as proble ...) + NOT-FOR-US: OTCMS +CVE-2023-3240 (A vulnerability has been found in OTCMS up to 6.62 and classified as p ...) + NOT-FOR-US: OTCMS +CVE-2023-3239 (A vulnerability, which was classified as problematic, was found in OTC ...) + NOT-FOR-US: OTCMS +CVE-2023-3040 (A debug function in the lua-resty-json package, up to commit id 3ef949 ...) + NOT-FOR-US: lua-resty-json +CVE-2023-3036 (An unchecked read in NTP server in github.com/cloudflare/cfnts prior t ...) + NOT-FOR-US: cfnts +CVE-2023-35116 (jackson-databind through 2.15.2 allows attackers to cause a denial of ...) + NOTE: Disputed jackson-databind issue + NOTE: https://github.com/FasterXML/jackson-databind/issues/3972 + NOTE: https://github.com/FasterXML/jackson-databind/issues/3972#issuecomment-1597218091 +CVE-2023-35110 (An issue was discovered jjson thru 0.1.7 allows attackers to cause a d ...) + NOT-FOR-US: jjson +CVE-2023-34878 (An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensi ...) + NOT-FOR-US: Ujcms +CVE-2023-34868 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5083 +CVE-2023-34867 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5084 +CVE-2023-34865 (Directory traversal vulnerability in ujcms 6.0.2 allows attackers to m ...) + NOT-FOR-US: ujcms +CVE-2023-34824 (fdkaac before 1.0.5 was discovered to contain a heap buffer overflow i ...) + - fdkaac (unimportant; bug #1038951) + NOTE: https://github.com/nu774/fdkaac/issues/55 + NOTE: https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8 (v1.0.5) + NOTE: Crash in CLI tool, no security impact +CVE-2023-34823 (fdkaac before 1.0.5 was discovered to contain a stack overflow in read ...) + - fdkaac (unimportant; bug #1038951) + NOTE: https://github.com/nu774/fdkaac/issues/55 + NOTE: https://github.com/nu774/fdkaac/commit/22dbf72491541aa854835fdf2a9a0d92532728d8 (v1.0.5) + NOTE: Crash in CLI tool, no security impact +CVE-2023-34756 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34755 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34754 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34753 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34752 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34751 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34750 (bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: bloofox +CVE-2023-34747 (File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-fil ...) + NOT-FOR-US: ujcms +CVE-2023-34624 (An issue was discovered htmlcleaner thru = 2.28 allows attackers to ca ...) + {DSA-5471-1 DLA-3520-1} + - libhtmlcleaner-java 2.29-1 + NOTE: https://github.com/amplafi/htmlcleaner/issues/13 +CVE-2023-34623 (An issue was discovered jtidy thru r938 allows attackers to cause a de ...) + - jtidy (bug #1038663) + [bookworm] - jtidy (Minor issue) + [bullseye] - jtidy (Minor issue) + [buster] - jtidy (Minor issue, DoS) + NOTE: https://github.com/trajano/jtidy/issues/4 +CVE-2023-34620 (An issue was discovered hjson thru 3.0.0 allows attackers to cause a d ...) + NOT-FOR-US: hjson +CVE-2023-34617 (An issue was discovered genson thru 1.6 allows attackers to cause a de ...) + NOT-FOR-US: genson +CVE-2023-34616 (An issue was discovered pbjson thru 0.4.0 allows attackers to cause a ...) + NOT-FOR-US: jbjson +CVE-2023-34615 (An issue was discovered JSONUtil thru 5.0 allows attackers to cause a ...) + NOT-FOR-US: JSONUtil +CVE-2023-34613 (An issue was discovered sojo thru 1.1.1 allows attackers to cause a de ...) + NOT-FOR-US: sojo +CVE-2023-34612 (An issue was discovered ph-json thru 9.5.5 allows attackers to cause a ...) + NOT-FOR-US: ph-json +CVE-2023-34611 (An issue was discovered mjson thru 1.4.1 allows attackers to cause a d ...) + NOT-FOR-US: mjson +CVE-2023-34610 (An issue was discovered json-io thru 4.14.0 allows attackers to cause ...) + NOT-FOR-US: json-io +CVE-2023-34609 (An issue was discovered flexjson thru 3.3 allows attackers to cause a ...) + NOT-FOR-US: flexjson +CVE-2023-34585 + REJECTED +CVE-2023-34540 (An issue discovered in Langchain before 0.0.225 allows attacker to run ...) + NOT-FOR-US: Langchain +CVE-2023-34367 (Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The v ...) + NOT-FOR-US: Microsoft +CVE-2023-34101 (Contiki-NG is an operating system for internet of things devices. In v ...) + NOT-FOR-US: Contiki-NG +CVE-2023-32465 (Dell Power Protect Cyber Recovery, contains an Authentication Bypass v ...) + NOT-FOR-US: Dell +CVE-2023-32031 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32030 (.NET and Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32024 (Microsoft Power Apps Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-31671 (PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via P ...) + NOT-FOR-US: PrestaShop postfinance +CVE-2023-2976 (Use of Java's default temporary directory for file creation in `FileBa ...) + - guava-libraries 32.0.1-1 (bug #1038979) + [bookworm] - guava-libraries (Minor issue) + [bullseye] - guava-libraries (Minor issue) + [buster] - guava-libraries (Minor issue) + NOTE: https://github.com/google/guava/releases/tag/v32.0.0 + NOTE: https://github.com/google/guava/issues/2575 +CVE-2023-35149 (A missing permission check in Jenkins Digital.ai App Management Publis ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35148 (A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35147 (Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not rest ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35146 (Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35145 (Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35144 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35143 (Jenkins Maven Repository Server Plugin 1.10 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32262 (A potential vulnerability has been identified in the Micro Focus Dimen ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32261 (A potential vulnerability has been identified in the Micro Focus Dimen ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35142 (Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validat ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-35141 (In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests a ...) + - jenkins +CVE-2023-3238 (A vulnerability, which was classified as critical, has been found in O ...) + NOT-FOR-US: OTCMS +CVE-2023-3237 (A vulnerability classified as critical was found in OTCMS up to 6.62. ...) + NOT-FOR-US: OTCMS +CVE-2023-3236 (A vulnerability classified as critical has been found in mccms up to 2 ...) + NOT-FOR-US: mccms +CVE-2023-3235 (A vulnerability was found in mccms up to 2.6.5. It has been rated as c ...) + NOT-FOR-US: mccms +CVE-2023-3234 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...) + NOT-FOR-US: Zhong Bang CRMEB +CVE-2023-3233 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. It has been ...) + NOT-FOR-US: Zhong Bang CRMEB +CVE-2023-3232 (A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classifi ...) + NOT-FOR-US: Zhong Bang CRMEB +CVE-2023-3231 (A vulnerability has been found in UJCMS up to 6.0.2 and classified as ...) + NOT-FOR-US: UJCMS +CVE-2023-3230 (Missing Authorization in GitHub repository fossbilling/fossbilling pri ...) + NOT-FOR-US: fossbilling +CVE-2023-3229 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...) + NOT-FOR-US: fossbilling +CVE-2023-3228 (Business Logic Errors in GitHub repository fossbilling/fossbilling pri ...) + NOT-FOR-US: fossbilling +CVE-2023-3227 (Insufficient Granularity of Access Control in GitHub repository fossbi ...) + NOT-FOR-US: fossbilling +CVE-2023-3203 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3201 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3200 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3198 (The MStore API plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-3189 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Online School Fees System +CVE-2023-3001 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...) + NOT-FOR-US: Schneider Electric +CVE-2023-34944 (An arbitrary file upload vulnerability in the /fileUpload.lib.php comp ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-34537 (A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacke ...) + - hoteldruid 3.0.6-1 (bug #1038251) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + NOTE: https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 +CVE-2023-34396 (Allocation of Resources Without Limits or Throttling vulnerability in ...) + - libstruts1.2-java +CVE-2023-34250 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-34149 (Allocation of Resources Without Limits or Throttling vulnerability in ...) + - libstruts1.2-java +CVE-2023-34000 (Unauth. IDOR vulnerability leading to PII Disclosure inWooCommerce Str ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33933 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + {DSA-5435-1 DLA-3475-1} + - trafficserver 9.2.1+ds-1 (bug #1038248) + NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs + NOTE: https://github.com/apache/trafficserver/commit/867c48c1adf9e795c8d85c48d2d0f07f08aa87ec (master) + NOTE: https://github.com/apache/trafficserver/commit/726a79cb2f70fcbe0e2139aab3fe56930d3d8c27 (9.2.1-rc0) + NOTE: https://github.com/apache/trafficserver/commit/496fa2c4cbdf2b3d6c61760a3fb6675b74b549f0 (8.1.7) +CVE-2023-33817 (hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerabil ...) + - hoteldruid 3.0.6-1 (bug #1038251) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + NOTE: https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5 +CVE-2023-33146 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33145 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33144 (Visual Studio Code Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33142 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33140 (Microsoft OneNote Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33139 (Visual Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33137 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33135 (.NET and Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33133 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33132 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33131 (Microsoft Outlook Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33130 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33129 (Microsoft SharePoint Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33128 (.NET and Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-33126 (.NET and Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32301 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-32061 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-32032 (.NET and Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: .NET +CVE-2023-32029 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32022 (Windows Server Service Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32021 (Windows SMB Witness Service Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32020 (Windows DNS Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32019 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32018 (Windows Hello Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32017 (Microsoft PostScript Printer Driver Remote Code Execution Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-32016 (Windows Installer Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32015 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-32014 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-32013 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32012 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32011 (Windows iSCSI Discovery Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32010 (Windows Bus Filter Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-32009 (Windows Collaborative Translation Framework Elevation of Privilege Vul ...) + NOT-FOR-US: Microsoft +CVE-2023-32008 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-2778 (A denial-of-service vulnerability exists in Rockwell Automation Factor ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2639 (The underlying feedback mechanism of Rockwell Automation'sFactoryTal ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2638 (Rockwell Automation's FactoryTalk System Services does not verify that ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2637 (Rockwell Automation's FactoryTalk System Services uses a hard-coded cr ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2570 (A CWE-129: Improper Validation of Array Index vulnerability exists tha ...) + NOT-FOR-US: Schneider Electric +CVE-2023-2569 (A CWE-787: Out-of-Bounds Write vulnerability exists that could cause l ...) + NOT-FOR-US: Schneider Electric +CVE-2023-3224 (Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.) + NOT-FOR-US: Nuxt +CVE-2023-3218 (Race Condition within a Thread in GitHub repository it-novum/openitcoc ...) + NOT-FOR-US: openitcockpit +CVE-2023-3050 (Reliance on Cookies without Validation and Integrity Checking in a Sec ...) + NOT-FOR-US: TMT Lockcell +CVE-2023-3049 (Unrestricted Upload of File with Dangerous Type vulnerability in TMT L ...) + NOT-FOR-US: TMT Lockcell +CVE-2023-3048 (Authorization Bypass Through User-Controlled Key vulnerability in TMT ...) + NOT-FOR-US: TMT Lockcell +CVE-2023-3047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: TMT Lockcell +CVE-2023-35064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Satos Satos Mobile +CVE-2023-34965 (SSPanel-Uim 2023.3 does not restrict access to the /link/ interface wh ...) + NOT-FOR-US: SSPanel-Uim +CVE-2023-34249 (benjjvi/PyBB is an open source bulletin board. Prior to commit dcaeccd ...) + NOT-FOR-US: benjjvi/PyBB +CVE-2023-34247 (Keystone is a content management system for Node.JS. There is an open ...) + NOT-FOR-US: Keystone CMS +CVE-2023-34122 (Improper input validation in the installer for Zoom for Windows clien ...) + NOT-FOR-US: Zoom +CVE-2023-34121 (Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom V ...) + NOT-FOR-US: Zoom +CVE-2023-34120 (Improper privilege management in Zoom for Windows, Zoom Rooms for Wind ...) + NOT-FOR-US: Zoom +CVE-2023-34115 (Buffer copy without checking size of input in Zoom Meeting SDK befor ...) + NOT-FOR-US: Zoom +CVE-2023-34114 (Exposure of resource to wrong sphere in Zoom for Windows and Zoom for ...) + NOT-FOR-US: Zoom +CVE-2023-34113 (Insufficient verification of data authenticity in Zoom for Windows cl ...) + NOT-FOR-US: Zoom +CVE-2023-33921 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-33920 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-33919 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-33695 (Hutool v5.8.17 and below was discovered to contain an information disc ...) + NOT-FOR-US: Hutool +CVE-2023-33621 (GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication ...) + NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware +CVE-2023-33620 (GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its ...) + NOT-FOR-US: GL.iNET GL-AR750S-Ext firmware +CVE-2023-33568 (An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers ...) + - dolibarr +CVE-2023-33305 (A loop with unreachable exit condition ('infinite loop') in Fortinet F ...) + NOT-FOR-US: FortiGuard +CVE-2023-33124 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + NOT-FOR-US: Siemens +CVE-2023-33123 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + NOT-FOR-US: Siemens +CVE-2023-33122 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + NOT-FOR-US: Siemens +CVE-2023-33121 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.3 ...) + NOT-FOR-US: Siemens +CVE-2023-32548 (OS command injection vulnerability exists in WPS Office version 10.8.0 ...) + NOT-FOR-US: WPS Office +CVE-2023-32546 (Code injection vulnerability exists in Chatwork Desktop Application (M ...) + NOT-FOR-US: Chatwork Desktop Application +CVE-2023-31541 (A unrestricted file upload vulnerability was discovered in the \u2018B ...) + NOT-FOR-US: Redmine plugin +CVE-2023-31439 (An issue was discovered in systemd 253. An attacker can modify the con ...) + - systemd (unimportant) + NOTE: Disputed by upstream + NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf +CVE-2023-31438 (An issue was discovered in systemd 253. An attacker can truncate a sea ...) + - systemd (unimportant) + NOTE: Disputed by upstream + NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf +CVE-2023-31437 (An issue was discovered in systemd 253. An attacker can modify a seale ...) + - systemd (unimportant) + NOTE: Disputed by upstream + NOTE: https://github.com/kastel-security/Journald/blob/main/journald-publication.pdf +CVE-2023-31198 (OS command injection vulnerability exists in Wi-Fi AP UNIT allows. If ...) + NOT-FOR-US: Wi-Fi AP UNIT +CVE-2023-31196 (Missing authentication for critical function in Wi-Fi AP UNIT allows a ...) + NOT-FOR-US: Wi-Fi AP UNIT +CVE-2023-31195 (ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 use ...) + NOT-FOR-US: ASUS Router RT-AX3000 Firmware +CVE-2023-30766 (Hidden functionality issue exists in KB-AHR series and KB-IRIP series. ...) + NOT-FOR-US: KB-AHR/KB-IRIP +CVE-2023-30764 (OS command injection vulnerability exists in KB-AHR series and KB-IRIP ...) + NOT-FOR-US: KB-AHR/KB-IRIP +CVE-2023-30762 (Improper authentication vulnerability exists in KB-AHR series and KB-I ...) + NOT-FOR-US: KB-AHR/KB-IRIP +CVE-2023-2807 (Authentication Bypass by Spoofing vulnerability in the password reset ...) + NOT-FOR-US: Pandora FMS +CVE-2023-29501 (Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, an ...) + NOT-FOR-US: Jiyu Kukan Toku-Toku coupon App for iOS +CVE-2023-29498 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) + NOT-FOR-US: FRENIC RHC Loader +CVE-2023-29167 (Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3. ...) + NOT-FOR-US: FRENIC RHC Loader +CVE-2023-29160 (Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader ...) + NOT-FOR-US: FRENIC RHC Loader +CVE-2023-36661 (Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth ...) + {DSA-5432-1 DLA-3464-1} + - xmltooling 3.2.4-1 (bug #1037948) + NOTE: https://shibboleth.net/community/advisories/secadv_20230612.txt + NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=6080f6343f98fec085bc0fd746913ee418cc9d30 +CVE-2023-33991 (SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 7 ...) + NOT-FOR-US: SAP +CVE-2023-33986 (SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, ...) + NOT-FOR-US: SAP +CVE-2023-33985 (SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently ...) + NOT-FOR-US: SAP +CVE-2023-33984 (SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfa ...) + NOT-FOR-US: SAP +CVE-2023-32674 (Certain versions of HP PC Hardware Diagnostics Windows are potentially ...) + NOT-FOR-US: HP +CVE-2023-32673 (Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assis ...) + NOT-FOR-US: HP +CVE-2023-32221 (EaseUS Todo Backup version 20220111.390 - An omission during installat ...) + NOT-FOR-US: EaseUS Todo Backup +CVE-2023-32220 (Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass ...) + NOT-FOR-US: Milesight NCR/camera +CVE-2023-32219 (A Mazda model (2015-2016) can be unlocked via an unspecified method.) + NOT-FOR-US: Mazda +CVE-2023-32115 (An attacker can exploit MDS COMPARE TOOL and use specially crafted inp ...) + NOT-FOR-US: SAP +CVE-2023-32114 (SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, ...) + NOT-FOR-US: SAP +CVE-2023-2876 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 P ...) + NOT-FOR-US: ABB +CVE-2023-2827 (SAP Plant Connectivity - version 15.5 (PCo) or the Production Connecto ...) + NOT-FOR-US: SAP +CVE-2023-2729 (Use of insufficiently random values vulnerability in User Management F ...) + NOT-FOR-US: Synology +CVE-2023-2673 (Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUAR ...) + NOT-FOR-US: PHOENIX CONTACT +CVE-2023-2563 (The WordPress Contact Forms by Cimatti plugin for WordPress is vulnera ...) + NOT-FOR-US: WordPress Contact Forms by Cimatti plugin for WordPress +CVE-2023-2351 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Directory Kit plugin for WordPress +CVE-2023-3212 (A NULL pointer dereference issue was found in the gfs2 file system in ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1} + - linux 6.3.7-1 + NOTE: https://git.kernel.org/linus/504a10d9e46bc37b23d0a1ae2f28973c8516e636 (6.4-rc2) +CVE-2023-3208 (A vulnerability, which was classified as critical, has been found in R ...) + NOT-FOR-US: RoadFlow Visual Process Engine .NET Core Mvc +CVE-2023-3206 (A vulnerability classified as problematic was found in Chengdu VEC40G ...) + NOT-FOR-US: Chengdu VEC40G +CVE-2023-3159 (A use after free issue was discovered in driver/firewire in outbound_p ...) + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git/kernel.org/linus/b7c81f80246fac44077166f3e07103affe6db8ff (5.18-rc6) +CVE-2023-35054 (In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-ren ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2023-35053 (In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible vi ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2023-35042 (GeoServer 2, in some configurations, allows remote attackers to execut ...) + NOT-FOR-US: GeoServer +CVE-2023-34942 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) + NOT-FOR-US: Asus +CVE-2023-34941 (A stored cross-site scripting (XSS) vulnerability in the urlFilterList ...) + NOT-FOR-US: Asus +CVE-2023-34940 (Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overf ...) + NOT-FOR-US: Asus +CVE-2023-34855 (A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipm ...) + NOT-FOR-US: Youxun Electronic Equipment +CVE-2023-34581 (Sourcecodester Service Provider Management System v1.0 is vulnerable t ...) + NOT-FOR-US: Sourcecodester Service Provider Management System +CVE-2023-34494 (NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_sen ...) + NOT-FOR-US: NanoMQ +CVE-2023-34475 (A heap use after free issue was discovered in ImageMagick's ReplaceXmp ...) + - imagemagick (Vulnerable code not present) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) +CVE-2023-34474 (A heap-based buffer overflow issue was discovered in ImageMagick's Rea ...) + - imagemagick (Vulnerable code not present) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1061db7f80fdc9ef572ac60b55f408f7bab6e1b0 (7.1.1-10) +CVE-2023-34488 (NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handle ...) + NOT-FOR-US: NanoMQ +CVE-2023-34468 (The DBCPConnectionPool and HikariCPConnectionPool Controller Services ...) + NOT-FOR-US: Apache NiFi +CVE-2023-34345 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34344 (AMI BMC contains a vulnerability in the IPMI handler, where an unautho ...) + NOT-FOR-US: AMI BMC +CVE-2023-34343 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34342 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34341 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34336 (AMI BMC contains a vulnerability in the IPMI handler, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34335 (AMI BMC contains a vulnerability in the IPMI handler, where an unauthe ...) + NOT-FOR-US: AMI BMC +CVE-2023-34334 (AMI BMC contains a vulnerability in the SPX REST API, where an attacke ...) + NOT-FOR-US: AMI BMC +CVE-2023-34246 (Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to ...) + {DLA-3494-1} + [experimental] - ruby-doorkeeper 5.6.6-1 + - ruby-doorkeeper (bug #1038950) + NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-7w2c-w47h-789w + NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/1589 + NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/1646 + NOTE: Fixed by: https://github.com/doorkeeper-gem/doorkeeper/commit/f202079baac4c978a01ccc9a45d78fde368ac907 (v5.6.6) +CVE-2023-34212 (The JndiJmsConnectionFactoryProvider Controller Service, along with th ...) + NOT-FOR-US: Apache NiFi +CVE-2023-34105 (SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV ...) + NOT-FOR-US: SRS video server +CVE-2023-34026 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in BrokenCr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33626 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) + NOT-FOR-US: D-Link +CVE-2023-33625 (D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discover ...) + NOT-FOR-US: D-Link +CVE-2023-33624 + REJECTED +CVE-2023-33623 + REJECTED +CVE-2023-33622 + REJECTED +CVE-2023-33492 (EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: EyouCMS +CVE-2023-33290 (The git-url-parse crate through 0.4.4 for Rust allows Regular Expressi ...) + NOT-FOR-US: git-url-parse Rust crate +CVE-2023-33253 (LabCollector 6.0 though 6.15 allows remote code execution. An authenti ...) + NOT-FOR-US: LabCollector +CVE-2023-32961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Se ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32118 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPoperat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2718 (The Contact Form Email WordPress plugin before 1.3.38 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2568 (The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2398 (The Icegram Engage WordPress plugin before 3.1.12 does not escape a pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2362 (The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress pl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-35036 (In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-35035 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + NOT-FOR-US: Unify +CVE-2023-35034 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + NOT-FOR-US: Unify +CVE-2023-35033 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + NOT-FOR-US: Unify +CVE-2023-35032 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + NOT-FOR-US: Unify +CVE-2023-35031 (Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 ...) + NOT-FOR-US: Unify +CVE-2020-36732 (The crypto-js package before 3.2.1 for Node.js generates random number ...) + NOT-FOR-US: Node crypto-js +CVE-2015-10118 (A vulnerability classified as problematic was found in cchetanonline W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3195 (A stack-based buffer overflow issue was found in ImageMagick's coders/ ...) + - imagemagick 8:6.9.12.98+dfsg1-2 + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/29/1 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/85a370c79afeb45a97842b0959366af5236e9023 (6.9.12-26) + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f620340935777b28fa3f7b0ed7ed6bd86946934c (7.1.0-11) +CVE-2023-3192 (Session Fixation in GitHub repository froxlor/froxlor prior to 2.1.0.) + - froxlor (bug #581792) +CVE-2023-3191 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-3190 (Improper Encoding or Escaping of Output in GitHub repository nilsteamp ...) + - teampass (bug #730180) +CVE-2023-3188 (Server-Side Request Forgery (SSRF) in GitHub repository owncast/owncas ...) + NOT-FOR-US: Owncast +CVE-2023-3187 (A vulnerability, which was classified as critical, has been found in P ...) + NOT-FOR-US: PHPGurukul Teachers Record Management System +CVE-2023-3184 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-3183 (A vulnerability was found in SourceCodester Performance Indicator Syst ...) + NOT-FOR-US: SourceCodester Performance Indicator System +CVE-2023-3141 (A use-after-free flaw was found in r592_remove in drivers/memstick/hos ...) + {DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/63264422785021704c39b38f65a78ab9e4a186d7 (6.4-rc1) + NOTE: Only "exploitable" by removing the module which needs root privileges +CVE-2023-34856 (A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05 ...) + NOT-FOR-US: D-Link +CVE-2023-34245 (@udecode/plate-link is the link handler for the udecode/plate rich-tex ...) + NOT-FOR-US: @udecode/plate-link +CVE-2023-34100 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + NOT-FOR-US: Contiki-NG +CVE-2023-33557 (Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Fuel CMS +CVE-2023-32732 (gRPC contains a vulnerability whereby a client can cause a termination ...) + - grpc + [bookworm] - grpc (Minor issue) + [bullseye] - grpc (Minor issue) + [buster] - grpc (Minor issue; request smuggling; recheck whether fixed or introduced by #32309 when CVE description is updated) + NOTE: https://github.com/grpc/grpc/pull/32309 + NOTE: CVE description and fix are sensible, but there seem to be confusion: https://github.com/grpc/grpc/pull/32309#issuecomment-1589703522 +CVE-2023-32731 (When gRPC HTTP2 stack raised a header size exceeded error, it skipped ...) + - grpc (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/grpc/grpc/pull/32309#issuecomment-1589561295 (v1.53.0-pre1) + NOTE: Fixed by: https://github.com/grpc/grpc/commit/65a2a895afaf1d2072447b9baf246374b182a946 (v1.56.0-pre1) +CVE-2023-32312 (UmbracoIdentityExtensions is an Umbraco add-on package that enables ea ...) + NOT-FOR-US: UmbracoIdentityExtensions +CVE-2023-3177 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) + NOT-FOR-US: SourceCodester +CVE-2023-3176 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester +CVE-2023-3173 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + - froxlor (bug #581792) +CVE-2023-3172 (Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20.) + - froxlor (bug #581792) +CVE-2023-34364 (A buffer overflow was discovered in Progress DataDirect Connect for OD ...) + NOT-FOR-US: Progress DataDirect Connect for ODBC +CVE-2023-34363 (An issue was discovered in Progress DataDirect Connect for ODBC before ...) + NOT-FOR-US: Progress DataDirect Connect for ODBC +CVE-2023-34243 (TGstation is a toolset to manage production BYOND servers. In affected ...) + NOT-FOR-US: TGstation +CVE-2023-34233 (The Snowflake Connector for Python provides an interface for developin ...) + NOT-FOR-US: Snowflake connector for Python +CVE-2023-34232 (snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerab ...) + NOT-FOR-US: Snowflake connector for NodeJS +CVE-2023-34230 (snowflake-connector-net, the Snowflake Connector for .NET, is vulnerab ...) + NOT-FOR-US: Snowflake connector for .NET +CVE-2023-34112 (JavaCPP Presets is a project providing Java distributions of native C+ ...) + NOT-FOR-US: JavaCPP Presents +CVE-2023-32751 (Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the downl ...) + NOT-FOR-US: Pydio Cells +CVE-2023-2897 (The Brizy Page Builder plugin for WordPress is vulnerable to IP Addres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2896 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2895 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2894 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2893 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2892 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2891 (The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2767 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2764 (The Draw Attention plugin for WordPress is vulnerable to unauthorized ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2688 (The WordPress File Upload and WordPress File Upload Pro plugins for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2607 (The Multiple Page Generator Plugin for WordPress is vulnerable to time ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2604 (The Team Circle Image Slider With Lightbox plugin for WordPress is vul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2599 (The Active Directory Integration plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2584 (The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2558 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2557 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2556 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2555 (The WPCS \u2013 WordPress Currency Switcher Professional plugin for Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2526 (The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2484 (The Active Directory Integration plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2452 (The Advanced Woo Search plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2450 (The FiboSearch - AJAX Search for WooCommerce plugin for WordPress is v ...) + NOT-FOR-US: Woocommerce plugin +CVE-2023-2414 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2402 (The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3164 (A heap-buffer-overflow vulnerability was found in LibTIFF, in extractI ...) + - tiff (unimportant) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/542 + NOTE: Crash in CLI tool, no security impact +CVE-2023-3165 (A vulnerability was found in SourceCodester Life Insurance Management ...) + NOT-FOR-US: SourceCodester Life Insurance Management System +CVE-2023-3163 (A vulnerability was found in y_project RuoYi up to 4.7.7. It has been ...) + NOT-FOR-US: y_project RuoYi +CVE-2023-3161 (A flaw was found in the Framebuffer Console (fbcon) in the Linux Kerne ...) + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/2b09d5d364986f724f17001ccfe4126b9b43a0be (6.2-rc7) +CVE-2023-34962 (Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a st ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-34961 (Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-34959 (An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-34958 (Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a stud ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-34571 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34570 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34569 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34568 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34567 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34566 (Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2023-34231 (gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a ...) + NOT-FOR-US: Snowflake connector for GO +CVE-2023-34096 (Thruk is a multibackend monitoring webinterface which currently suppor ...) + NOT-FOR-US: Thruk +CVE-2023-34095 (cpdb-libs provides frontend and backend libraries for the Common Print ...) + - cpdb-libs 1.2.0-3 (bug #1038253) + [bookworm] - cpdb-libs 1.2.0-2+deb12u1 + NOTE: https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x + NOTE: Fixed by: https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7 + NOTE: 1.2.x version predate the upstream commit 3f66d47252d5 ("print_frontend: Use + NOTE: larger and more easily adjustable string buffers") and only using buffers of + NOTE: 100 characters of length. +CVE-2023-33660 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) + NOT-FOR-US: NanoMQ +CVE-2023-33658 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) + NOT-FOR-US: NanoMQ +CVE-2023-33657 (A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerabil ...) + NOT-FOR-US: NanoMQ +CVE-2023-33443 (Incorrect access control in the administrative functionalities of BES- ...) + NOT-FOR-US: BES VideoPlayTool +CVE-2023-32750 (Pydio Cells through 4.1.2 allows SSRF. For longer running processes, P ...) + NOT-FOR-US: Pydio Cells +CVE-2023-32749 (Pydio Cells allows users by default to create so-called external users ...) + NOT-FOR-US: Pydio Cells +CVE-2023-34969 (D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus- ...) + {DLA-3628-1} + [experimental] - dbus 1.15.6-1 + - dbus 1.14.8-1 (bug #1037151) + [bookworm] - dbus 1.14.8-1~deb12u1 + [bullseye] - dbus 1.12.28-0+deb11u1 + NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 +CVE-2023-34239 (Gradio is an open-source Python library that is used to build machine ...) + NOT-FOR-US: Gradio +CVE-2023-34238 (Gatsby is a free and open source framework based on React. The Gatsby ...) + - gatsby (bug #922188) +CVE-2023-33849 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + NOT-FOR-US: IBM +CVE-2023-33848 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + NOT-FOR-US: IBM +CVE-2023-33847 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + NOT-FOR-US: IBM +CVE-2023-33846 (IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, ...) + NOT-FOR-US: IBM +CVE-2023-33496 (xxl-rpc v1.7.0 was discovered to contain a deserialization vulnerabili ...) + NOT-FOR-US: xxl-rpc +CVE-2023-2986 (The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulner ...) + NOT-FOR-US: Abandoned Cart Lite for WooCommerce plugin for WordPress +CVE-2023-2904 (The External Visitor Manager portal of HID\u2019s SAFE versions 5.8.0 ...) + NOT-FOR-US: HID SAFE +CVE-2023-2866 (If an attacker can trick an authenticated user into loading a maliciou ...) + NOT-FOR-US: Advantech +CVE-2023-3153 (A flaw was found in Open Virtual Network where the service monitor MAC ...) + - ovn 23.09.0-1 (bug #1043598) + [bookworm] - ovn (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2213279 + NOTE: https://github.com/ovn-org/ovn/issues/198 + NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2023-August/000327.html + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2023-August/407553.html + NOTE: https://github.com/ovn-org/ovn/commit/9a3f7ed905e525ebdcb14541e775211cbb0203bd (v23.03.1) +CVE-2023-3152 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3151 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3150 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3149 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3148 (A vulnerability was found in SourceCodester Online Discussion Forum Si ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3147 (A vulnerability has been found in SourceCodester Online Discussion For ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3146 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3145 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3144 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3143 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Online Discussion Forum Site +CVE-2023-3142 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2023-3140 (Missing HTTP headers (X-Frame-Options, Content-Security-Policy) in KNI ...) + NOT-FOR-US: KNIME Business Hub +CVE-2023-34237 (SABnzbd is an open source automated Usenet download tool. A design fla ...) + - sabnzbdplus 4.0.2+dfsg-1 (bug #1038949) + [bookworm] - sabnzbdplus (Minor issue) + [bullseye] - sabnzbdplus (Minor issue) + [buster] - sabnzbdplus (Minor issue; simple workaround exists) + NOTE: https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc (4.0.2RC2) + NOTE: https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429 (4.0.2RC2) + NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r +CVE-2023-34234 (OpenZeppelin Contracts is a library for smart contract development. By ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2023-34109 (zxcvbn-ts is an open source password strength estimator written in typ ...) + NOT-FOR-US: zxcvbn-ts +CVE-2023-34108 (mailcow is a mail server suite based on Dovecot, Postfix and other ope ...) + NOT-FOR-US: mailcow +CVE-2023-33595 (CPython v3.12.0 alpha 7 was discovered to contain a heap use-after-fre ...) + - python3.11 (Vulnerable code not present) + - python3.10 (Vulnerable code not present) + - python3.9 (Vulnerable code not present) + - python3.7 (Vulnerable code not present) + - python2.7 (Vulnerable code not present) + NOTE: https://github.com/python/cpython/issues/103824 + NOTE: Introduced by: https://github.com/python/cpython/commit/1ef61cf71a218c71860ff6aecf0fd51edb8b65dc (v3.12.0b1) + NOTE: Fixed by: https://github.com/python/cpython/commit/d5a97074d24cd14cb2a35a2b1ad3074863cde264 (v3.12.0b1) +CVE-2023-33556 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-33553 (An issue in Planet Technologies WDRT-1800AX v1.01-CP21 allows attacker ...) + NOT-FOR-US: Planet Technologies WDRT-1800AX +CVE-2023-33510 (Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary file ...) + NOT-FOR-US: Jeecg P3 Biz Chat +CVE-2023-33498 (alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privileg ...) + NOT-FOR-US: alist +CVE-2023-33284 (Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution ...) + NOT-FOR-US: Marval MSM +CVE-2023-33283 (Marval MSM through 14.19.0.12476 uses a static encryption key for secr ...) + NOT-FOR-US: Marval MSM +CVE-2023-33282 (Marval MSM through 14.19.0.12476 and 15.0 has a System account with de ...) + NOT-FOR-US: Marval MSM +CVE-2023-2530 (A privilege escalation allowing remote code execution was discovered i ...) + - puppet (Specific to Puppet Enterprise) +CVE-2023-2442 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-4380 (The Pinterest Automatic plugin for WordPress is vulnerable to authoriz ...) + NOT-FOR-US: Pinterest Automatic plugin for WordPress +CVE-2021-4379 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to a ...) + NOT-FOR-US: WooCommerce Multi Currency plugin for WordPress +CVE-2021-4337 (Sixteen XforWooCommerce Add-On Plugins for WordPress are vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46889 (The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS ...) + NOT-FOR-US: 10Web Photo Gallery plugin for WordPress +CVE-2020-36728 (The Adning Advertising plugin for WordPress is vulnerable to file dele ...) + NOT-FOR-US: Adning Advertising plugin for WordPress +CVE-2020-36705 (The Adning Advertising plugin for WordPress is vulnerable to arbitrary ...) + NOT-FOR-US: Adning Advertising plugin for WordPress +CVE-2023-33865 (RenderDoc before 1.27 allows local privilege escalation via a symlink ...) + {DLA-3501-1} + - renderdoc (bug #1037208) + [bookworm] - renderdoc (Minor issue) + [bullseye] - renderdoc (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 + NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) +CVE-2023-33864 (StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Inte ...) + {DLA-3501-1} + - renderdoc (bug #1037208) + [bookworm] - renderdoc (Minor issue) + [bullseye] - renderdoc (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 + NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) +CVE-2023-33863 (SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow wit ...) + {DLA-3501-1} + - renderdoc (bug #1037208) + [bookworm] - renderdoc (Minor issue) + [bullseye] - renderdoc (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/06/06/3 + NOTE: https://github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27) + NOTE: https://github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27) +CVE-2023-3126 (The B2BKing plugin for WordPress is vulnerable to unauthorized access ...) + NOT-FOR-US: B2BKing plugin for WordPress +CVE-2023-3125 (The B2BKing plugin for WordPress is vulnerable to unauthorized modific ...) + NOT-FOR-US: B2BKing plugin for WordPress +CVE-2023-3124 (The Elementor Pro plugin for WordPress is vulnerable to unauthorized d ...) + NOT-FOR-US: Elementor Pro plugin for WordPress +CVE-2023-33782 (D-Link DIR-842V2 v1.0.3 was discovered to contain a command injection ...) + NOT-FOR-US: D-Link +CVE-2023-33781 (An issue in D-Link DIR-842V2 v1.0.3 allows attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2023-33604 (Imperial CMS v7.5 was discovered to contain an arbitrary file deletion ...) + NOT-FOR-US: Imperial CMS +CVE-2023-33601 (An arbitrary file upload vulnerability in /admin.php?c=upload of phpok ...) + NOT-FOR-US: phpok +CVE-2023-33538 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) + NOT-FOR-US: TP-Link +CVE-2023-33537 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) + NOT-FOR-US: TP-Link +CVE-2023-33536 (TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was dis ...) + NOT-FOR-US: TP-Link +CVE-2023-2541 (The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthen ...) + NOT-FOR-US: KNIME Business Hub +CVE-2022-4950 (Several WordPress plugins developed by Cool Plugins are vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4949 (The AdSanity plugin for WordPress is vulnerable to arbitrary file uplo ...) + NOT-FOR-US: AdSanity plugin for WordPress +CVE-2022-4948 (The FlyingPress plugin for WordPress is vulnerable to authorization by ...) + NOT-FOR-US: FlyingPress plugin for WordPress +CVE-2021-4383 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to pag ...) + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress +CVE-2021-4382 (The Recently plugin for WordPress is vulnerable to arbitrary file uplo ...) + NOT-FOR-US: Recently plugin for WordPress +CVE-2021-4381 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4378 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Sto ...) + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress +CVE-2021-4377 (The Doneren met Mollie plugin for WordPress is vulnerable to Sensitive ...) + NOT-FOR-US: Doneren met Mollie plugin for WordPress +CVE-2021-4376 (The WooCommerce Multi Currency plugin for WordPress is vulnerable to M ...) + NOT-FOR-US: WooCommerce Multi Currency plugin for WordPress +CVE-2021-4375 (The Welcart e-Commerce plugin for WordPress is vulnerable to authoriza ...) + NOT-FOR-US: Welcart e-Commerce plugin for WordPress +CVE-2021-4374 (The WordPress Automatic Plugin for WordPress is vulnerable to arbitrar ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4373 (The Better Search plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: Better Search plugin for WordPress +CVE-2021-4372 (The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is ...) + NOT-FOR-US: WooCommerce Dynamic Pricing and Discounts plugin for WordPress +CVE-2021-4371 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Set ...) + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress +CVE-2021-4370 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4369 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4368 (The Frontend File Manager plugin for WordPress is vulnerable to Authen ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4367 (The Flo Forms \u2013 Easy Drag & Drop Form Builder plugin for WordPres ...) + NOT-FOR-US: Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress +CVE-2021-4366 (The PWA for WP & AMP plugin for WordPress is vulnerable to authorizati ...) + NOT-FOR-US: PWA for WP & AMP plugin for WordPress +CVE-2021-4365 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4364 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) + NOT-FOR-US: JobSearch WP Job Board plugin for WordPress +CVE-2021-4363 (The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Ref ...) + NOT-FOR-US: WP Quick FrontEnd Editor plugin for WordPress +CVE-2021-4362 (The Kiwi Social Share plugin for WordPress is vulnerable to authorizat ...) + NOT-FOR-US: Kiwi Social Share plugin for WordPress +CVE-2021-4361 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) + NOT-FOR-US: JobSearch WP Job Board plugin for WordPress +CVE-2021-4360 (The Controlled Admin Access plugin for WordPress is vulnerable to Priv ...) + NOT-FOR-US: Controlled Admin Access plugin for WordPress +CVE-2021-4359 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4358 (The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WP DSGVO Tools (GDPR) plugin for WordPress +CVE-2021-4357 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4356 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4355 (The Welcart e-Commerce plugin for WordPress is vulnerable to authoriza ...) + NOT-FOR-US: Welcart e-Commerce plugin for WordPress +CVE-2021-4354 (The PWA for WP & AMP for WordPress is vulnerable to arbitrary file upl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4352 (The JobSearch WP Job Board plugin for WordPress is vulnerable to autho ...) + NOT-FOR-US: JobSearch WP Job Board plugin for WordPress +CVE-2021-4351 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4350 (The Frontend File Manager plugin for WordPress is vulnerable to Unauth ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4349 (The Process Steps Template Designer plugin for WordPress is vulnerable ...) + NOT-FOR-US: Process Steps Template Designer plugin for WordPress +CVE-2021-4348 (The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthe ...) + NOT-FOR-US: Ultimate GDPR & CCPA plugin for WordPress +CVE-2021-4347 (The function update_shipment_status_email_status_fun in the plugin Adv ...) + NOT-FOR-US: WooCommerce plugin +CVE-2021-4346 (The uListing plugin for WordPress is vulnerable to Unauthenticated Arb ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4345 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4344 (The Frontend File Manager plugin for WordPress is vulnerable to Privil ...) + NOT-FOR-US: Frontend File Manager plugin for WordPress +CVE-2021-4343 (The Unauthenticated Account Creation plugin for WordPress is vulnerabl ...) + NOT-FOR-US: Unauthenticated Account Creation plugin for WordPress +CVE-2021-4342 + REJECTED +CVE-2021-4341 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4340 (The uListing plugin for WordPress is vulnerable to generic SQL Injecti ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4339 (The uListing plugin for WordPress is vulnerable to authorization bypas ...) + NOT-FOR-US: uListing plugin for WordPress +CVE-2021-4338 (The 404 to 301 plugin for WordPress is vulnerable to authorization byp ...) + NOT-FOR-US: 404 to 301 plugin for WordPress +CVE-2020-36731 (The Flexible Checkout Fields for WooCommerce plugin for WordPress is ...) + NOT-FOR-US: Flexible Checkout Fields for WooCommerce plugin for WordPress +CVE-2020-36730 (The CMP for WordPress is vulnerable to authorization bypass due to a m ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36729 (The 2J-SlideShow Plugin for WordPress is vulnerable to authorization b ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36727 (The Newsletter Manager plugin for WordPress is vulnerable to insecure ...) + NOT-FOR-US: Newsletter Manager plugin for WordPress +CVE-2020-36726 (The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object ...) + NOT-FOR-US: Ultimate Reviews plugin for WordPress +CVE-2020-36725 (The TI WooCommerce Wishlist and TI WooCommerce Wishlist Pro plugins fo ...) + NOT-FOR-US: WooCommerce plugin +CVE-2020-36724 (The Wordable plugin for WordPress is vulnerable to authentication bypa ...) + NOT-FOR-US: Wordable plugin for WordPress +CVE-2020-36723 (The ListingPro - WordPress Directory & Listing Theme for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36722 (The Visual Composer plugin for WordPress is vulnerable to Cross-Site S ...) + NOT-FOR-US: Visual Composer plugin for WordPress +CVE-2020-36721 (The Brilliance <= 1.2.7, Activello <= 1.4.0, and Newspaper X <= 1.3.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36720 (The Kali Forms plugin for WordPress is vulnerable to Authenticated Opt ...) + NOT-FOR-US: Kali Forms plugin for WordPress +CVE-2020-36719 (The ListingPro - WordPress Directory & Listing Theme for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36718 (The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to ...) + NOT-FOR-US: GDPR CCPA Compliance Support plugin for WordPress +CVE-2020-36717 (The Kali Forms plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Kali Forms plugin for WordPress +CVE-2020-36716 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) + NOT-FOR-US: WP Activity Log plugin for WordPress +CVE-2020-36715 (The Login/Signup Popup plugin for WordPress is vulnerable to authoriza ...) + NOT-FOR-US: Login/Signup Popup plugin for WordPress +CVE-2020-36713 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2020-36712 (The Kali Forms plugin for WordPress is vulnerable to Unauthenticated A ...) + NOT-FOR-US: Kali Forms plugin for WordPress +CVE-2020-36711 (The Avada theme for WordPress is vulnerable to Stored Cross-Site Scrip ...) + NOT-FOR-US: Avada theme for WordPress +CVE-2020-36710 (The WPS Hide Login plugin for WordPress is vulnerable to login page di ...) + NOT-FOR-US: WPS Hide Login plugin for WordPress +CVE-2020-36709 (The Page Builder: KingComposer plugin for WordPress is vulnerable to S ...) + NOT-FOR-US: Page Builder: KingComposer plugin for WordPress +CVE-2020-36708 (The following themes for WordPress are vulnerable to Function Injectio ...) + NOT-FOR-US: WordPress theme +CVE-2020-36707 (The Coming Soon & Maintenance Mode Page plugin for WordPress is vulner ...) + NOT-FOR-US: Coming Soon & Maintenance Mode Page plugin for WordPress +CVE-2020-36704 (The Fruitful Theme for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WordPress theme +CVE-2020-36703 (The Elementor Website Builder plugin for WordPress is vulnerable to St ...) + NOT-FOR-US: Elementor Website Builder plugin for WordPress +CVE-2020-36702 (The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Ultimate Addons for Gutenberg plugin for WordPress +CVE-2020-36701 (The Page Builder: KingComposer plugin for WordPress is vulnerable to A ...) + NOT-FOR-US: Page Builder: KingComposer plugin for WordPress +CVE-2020-36700 (The Page Builder: KingComposer plugin for WordPress is vulnerable to a ...) + NOT-FOR-US: Page Builder: KingComposer plugin for WordPress +CVE-2020-36699 (The Quick Page/Post Redirect Plugin for WordPress is vulnerable to aut ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36697 (The WP GDPR plugin for WordPress is vulnerable to authorization bypass ...) + NOT-FOR-US: WP GDPR plugin for WordPress +CVE-2020-36696 (The Product Input Fields for WooCommerce plugin for WordPress is vulne ...) + NOT-FOR-US: Product Input Fields for WooCommerce plugin for WordPress +CVE-2019-25151 (The Funnel Builder plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Funnel Builder plugin for WordPress +CVE-2019-25150 (The Email Templates plugin for WordPress is vulnerable to HTML Injecti ...) + NOT-FOR-US: Email Templates plugin for WordPress +CVE-2019-25149 (The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary ...) + NOT-FOR-US: Gallery Images Ape plugin for WordPress +CVE-2019-25148 (The WP HTML Mail plugin for WordPress is vulnerable to HTML injection ...) + NOT-FOR-US: WP HTML Mail plugin for WordPress +CVE-2019-25147 (The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Pretty Links plugin for WordPress +CVE-2019-25146 (The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: DELUCKS SEO plugin for WordPress +CVE-2019-25145 (The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is ...) + NOT-FOR-US: Contact Form & SMTP Plugin by PirateForms plugin for WordPress +CVE-2019-25144 (The WP HTML Mail plugin for WordPress is vulnerable to HTML injection ...) + NOT-FOR-US: WP HTML Mail plugin for WordPress +CVE-2019-25143 (The GDPR Cookie Compliance plugin for WordPress is vulnerable to autho ...) + NOT-FOR-US: GDPR Cookie Compliance plugin for WordPress +CVE-2019-25142 (The Mesmerize & Materialis themes for WordPress are vulnerable to auth ...) + NOT-FOR-US: WordPress themes +CVE-2019-25141 (The Easy WP SMTP plugin for WordPress is vulnerable to authorization b ...) + NOT-FOR-US: Easy WP SMTP plugin for WordPress +CVE-2019-25140 (The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress ...) + NOT-FOR-US: WordPress Coming Soon Page & Maintenance Mode plugin for WordPress +CVE-2019-25139 (The Coming Soon Page & Maintenance Mode plugin for WordPress is vulner ...) + NOT-FOR-US: Coming Soon Page & Maintenance Mode plugin for WordPress +CVE-2019-25138 (The User Submitted Posts plugin for WordPress is vulnerable to arbitra ...) + NOT-FOR-US: User Submitted Posts plugin for WordPress +CVE-2016-15033 (The Delete All Comments plugin for WordPress is vulnerable to arbitrar ...) + NOT-FOR-US: Delete All Comments plugin for WordPress +CVE-2023-3123 + REJECTED +CVE-2023-3121 (A vulnerability has been found in Dahua Smart Parking Management up to ...) + NOT-FOR-US: Dahua Smart Parking Management +CVE-2023-3120 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-3119 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-34409 (In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, t ...) + NOT-FOR-US: Percona Monitoring and Management (PMM) +CVE-2023-34111 (The `Release PR Merged` workflow in the github repo taosdata/grafanapl ...) + NOT-FOR-US: taosdata/grafanaplugin +CVE-2023-34104 (fast-xml-parser is an open source, pure javascript xml parser. fast-xm ...) + - node-webfont (Vulnerable code not present) + NOTE: https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-6w63-h3fj-q4vw + NOTE: Introduced by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/a4bdced80369892ee413bf08e28b78795a2b0d5b (v4.1.3) + NOTE: Fixed by: https://github.com/NaturalIntelligence/fast-xml-parser/commit/39b0e050bb909e8499478657f84a3076e39ce76c (v4.2.3) +CVE-2023-33977 (Kiwi TCMS is an open source test management system for both manual and ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-33959 (notation is a CLI tool to sign and verify OCI artifacts and container ...) + NOT-FOR-US: notation +CVE-2023-33958 (notation is a CLI tool to sign and verify OCI artifacts and container ...) + NOT-FOR-US: notation +CVE-2023-33957 (notation is a CLI tool to sign and verify OCI artifacts and container ...) + NOT-FOR-US: notation +CVE-2023-33952 (A double-free vulnerability was found in the vmwgfx driver in the Linu ...) + - linux 6.1.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20292/ + NOTE: https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c (6.4-rc1) +CVE-2023-33951 (A race condition vulnerability was found in the vmwgfx driver in the L ...) + - linux 6.1.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20110/ + NOTE: https://git.kernel.org/linus/9ef8d83e8e25d5f1811b3a38eb1484f85f64296c (6.4-rc1) +CVE-2023-33747 (CloudPanel v2.2.2 allows attackers to execute a path traversal.) + NOT-FOR-US: CloudPanel +CVE-2023-33684 (Weak session management in DB Elettronica Telecomunicazioni SpA SFT DA ...) + NOT-FOR-US: DB Elettronica Telecomunicazioni SpA SFT DAB 600/C Firmware +CVE-2023-33659 (A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vuln ...) + NOT-FOR-US: NanoMQ +CVE-2023-33653 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...) + NOT-FOR-US: Sitecore Experience Platform (XP) +CVE-2023-33652 (Sitecore Experience Platform (XP) v9.3 was discovered to contain an au ...) + NOT-FOR-US: Sitecore Experience Platform (XP) +CVE-2023-33651 (An issue in the MVC Device Simulator of Sitecore Experience Platform ( ...) + NOT-FOR-US: Sitecore Experience Platform (XP) +CVE-2023-33613 (axTLS v2.1.5 was discovered to contain a heap buffer overflow in the b ...) + - axtls +CVE-2023-33569 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-33533 (Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Vers ...) + NOT-FOR-US: Netgear +CVE-2023-33532 (There is a command injection vulnerability in the Netgear R6250 router ...) + NOT-FOR-US: Netgear +CVE-2023-33530 (There is a command injection vulnerability in the Tenda G103 Gigabit G ...) + NOT-FOR-US: Tenda +CVE-2023-33477 (In Harmonic NSG 9000-6G devices, an authenticated remote user can obta ...) + NOT-FOR-US: Harmonic NSG 9000-6G devices +CVE-2023-33460 (There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...) + {DLA-3492-1 DLA-3478-1} + - yajl 2.1.0-5 (bug #1039984) + [bookworm] - yajl 2.1.0-3+deb12u2 + [bullseye] - yajl 2.1.0-3+deb11u2 + NOTE: https://github.com/lloyd/yajl/issues/250 + NOTE: Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0) + NOTE: The original fix uploaded as 2.1.0-3.1 was incomplete. + - epics-base + [bookworm] - epics-base (Minor issue) + [buster] - epics-base (Minor issue; fix only after newer releases got a fix) + - r-cran-jsonlite + [bookworm] - r-cran-jsonlite (Minor issue) + [bullseye] - r-cran-jsonlite (Minor issue) + [buster] - r-cran-jsonlite (Minor issue; fix only after newer releases got a fix) + - ruby-yajl (Vulnerable code not present; embeds not-affected old yajl version) + NOTE: ruby-yajl embeds yajl version 1.0.12 (https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h) +CVE-2023-33457 (In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , ...) + NOT-FOR-US: Sogou Workflow +CVE-2023-33381 (A command injection vulnerability was found in the ping functionality ...) + NOT-FOR-US: MitraStar +CVE-2023-32683 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...) + - matrix-synapse 1.90.0-1 (bug #1037207) + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-98px-6486-j7qc +CVE-2023-32682 (Synapse is a Matrix protocol homeserver written in Python with the Twi ...) + - matrix-synapse 1.90.0-1 (bug #1037207) + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-26c5-ppr8-f33p +CVE-2023-32551 (Landscape allowed URLs which caused open redirection.) + NOT-FOR-US: Landscape +CVE-2023-32550 (Landscape's server-status page exposed sensitive system information. T ...) + NOT-FOR-US: Landscape +CVE-2023-32549 (Landscape cryptographic keys were insecurely generated with a weak pse ...) + NOT-FOR-US: Landscape +CVE-2023-32545 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-32539 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-32289 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-32281 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-32203 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-31606 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) + {DLA-3480-1} + - ruby-redcloth (bug #1040488) + [bookworm] - ruby-redcloth (Minor issue) + [bullseye] - ruby-redcloth (Minor issue) + NOTE: https://github.com/jgarber/redcloth/issues/73 + NOTE: https://github.com/e23e/CVE-2023-31606#readme +CVE-2023-31569 (TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-31278 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-31244 (The affected product does not properly validate user-supplied data. If ...) + NOT-FOR-US: Horner Automation +CVE-2023-2833 (The ReviewX plugin for WordPress is vulnerable to privilege escalation ...) + NOT-FOR-US: ReviewX plugin for WordPress +CVE-2023-2801 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-29503 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-28653 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-27916 (The affected application lacks proper validation of user-supplied data ...) + NOT-FOR-US: Horner Automation +CVE-2023-34417 (Memory safety bugs present in Firefox 113. Some of these bugs showed e ...) + - firefox 114.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34417 +CVE-2023-34416 (Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thu ...) + {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1} + - firefox 114.0-1 + - firefox-esr 102.12.0esr-1 + - thunderbird 1:102.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34416 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34416 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34416 +CVE-2023-34415 (When choosing a site-isolated process for a document loaded from a dat ...) + - firefox 114.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34415 +CVE-2023-34414 (The error page for sites with invalid TLS certificates was missing the ...) + {DSA-5423-1 DSA-5421-1 DLA-3452-1 DLA-3448-1} + - firefox 114.0-1 + - firefox-esr 102.12.0esr-1 + - thunderbird 1:102.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-19/#CVE-2023-34414 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-20/#CVE-2023-34414 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-21/#CVE-2023-34414 +CVE-2023-XXXX [RUSTSEC-2023-0041] + - rust-trust-dns-server + [bookworm] - rust-trust-dns-server (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0041.html + NOTE: https://github.com/bluejekyll/trust-dns/pull/1952 + NOTE: https://github.com/bluejekyll/trust-dns/commit/217974c0544483efe0c648befabb25bf88242716 +CVE-2023-3027 (The grc-policy-propagator allows security escalation within the cluste ...) + NOT-FOR-US: grc-policy-propagator +CVE-2023-34103 (Avo is an open source ruby on rails admin panel creation framework. In ...) + NOT-FOR-US: Avo +CVE-2023-34102 (Avo is an open source ruby on rails admin panel creation framework. Th ...) + NOT-FOR-US: Avo +CVE-2023-33410 (Minical 1.0.0 and earlier contains a CSV injection vulnerability which ...) + NOT-FOR-US: Minical +CVE-2023-33409 (Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via m ...) + NOT-FOR-US: Minical +CVE-2023-33408 (Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnera ...) + NOT-FOR-US: Minical +CVE-2023-32628 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) + NOT-FOR-US: Advantech WebAccss/SCADA +CVE-2023-32540 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) + NOT-FOR-US: Advantech WebAccss/SCADA +CVE-2023-2546 (The WP User Switch plugin for WordPress is vulnerable to authenticatio ...) + NOT-FOR-US: WP User Switch plugin for WordPress +CVE-2023-22450 (In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary fi ...) + NOT-FOR-US: Advantech WebAccss/SCADA +CVE-2018-25087 (A vulnerability classified as problematic was found in Arborator Serve ...) + NOT-FOR-US: Arborator +CVE-2017-20185 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWM ...) + NOT-FOR-US: Fuzzy SWMP +CVE-2015-10117 (A vulnerability, which was classified as problematic, was found in Gra ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10116 (A vulnerability classified as problematic has been found in RealFavico ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10030 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10029 (A vulnerability classified as problematic was found in Exit Box Lite P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2589 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-2485 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-3111 (A use after free vulnerability was found in prepare_to_relocate in fs/ ...) + {DSA-5480-1 DLA-3623-1 DLA-3508-1} + - linux 5.19.6-1 + NOTE: https://git.kernel.org/linus/85f02d6c856b9f3a0acf5219de6e32f58b9778eb (6.0-rc2) +CVE-2023-3109 (Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admid ...) + NOT-FOR-US: admidio +CVE-2023-3108 (A flaw was found in the subsequent get_user_pages_fast in the Linux ke ...) + - linux 4.0.2-1 + NOTE: https://git.kernel.org/linus/9399f0c51489ae8c16d6559b82a452fdc1895e91 (4.0-rc1) +CVE-2023-3066 (Incorrect Authorization vulnerability in Mobatime mobile application A ...) + NOT-FOR-US: Mobatime mobile application +CVE-2023-3065 (Improper Authentication vulnerability in Mobatime mobile application A ...) + NOT-FOR-US: Mobatime mobile application +CVE-2023-3064 (Anonymous user may get the list of existing users managed by the appli ...) + NOT-FOR-US: Mobatime mobile application +CVE-2023-34097 (hoppscotch is an open source API development ecosystem. In versions pr ...) + NOT-FOR-US: hoppscotch +CVE-2023-33970 (Kanboard is open source project management software that focuses on th ...) + - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard 1.2.26+ds-2+deb12u1 + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-wfch-8rhv-v286 + NOTE: https://github.com/kanboard/kanboard/commit/b501ef44bc28ee9cf603a4fa446ee121d66f652f (v1.2.30) +CVE-2023-33969 (Kanboard is open source project management software that focuses on th ...) + - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard 1.2.26+ds-2+deb12u1 + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-8qvf-9847-gpc9 + NOTE: https://github.com/kanboard/kanboard/commit/05f1d23d821152cd61536d3b09e522c0f7573e3c (v1.2.30) +CVE-2023-33968 (Kanboard is open source project management software that focuses on th ...) + - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard 1.2.26+ds-2+deb12u1 + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-gf8r-4p6m-v8vr + NOTE: https://github.com/kanboard/kanboard/commit/c20be8f5fa26e54005a90c645e80b11481a65053 (v1.2.30) +CVE-2023-33956 (Kanboard is open source project management software that focuses on th ...) + - kanboard 1.2.26+ds-4 (bug #1037167) + [bookworm] - kanboard 1.2.26+ds-2+deb12u1 + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-r36m-44gg-wxg2 + NOTE: https://github.com/kanboard/kanboard/commit/437b141fa2267df36976814e704517f30d2424bd (v1.2.30) +CVE-2023-33733 (Reportlab up to v3.6.12 allows attackers to execute arbitrary code via ...) + - python-reportlab 3.6.13-1 + [buster] - python-reportlab (Vulnerable code not present) + NOTE: https://docs.reportlab.com/releases/notes/whats-new-3613/ + NOTE: https://github.com/c53elyas/CVE-2023-33733 + NOTE: Introduced by: https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3 (3.5.34) + NOTE: This was introduced when fixing CVE-2019-17626. The version in Debian Buster + NOTE: uses a simpler fix in 3.5.13-1+deb10u1 and is not affected. + NOTE: Fixed by: https://hg.reportlab.com/hg-public/reportlab/rev/1c39d2db15bb (3.6.13) +CVE-2023-33693 (A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 al ...) + NOT-FOR-US: EasyPlayerPro-Win +CVE-2023-33690 (SonicJS up to v0.7.0 allows attackers to execute an authenticated path ...) + NOT-FOR-US: SonicJS +CVE-2023-33524 (Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal ...) + NOT-FOR-US: Advent/SSC Inc. Tamale RMS +CVE-2023-33518 (emoncms v11 and later was discovered to contain an information disclos ...) + NOT-FOR-US: emoncms +CVE-2023-33386 (MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interf ...) + NOT-FOR-US: MarsCTF +CVE-2023-32766 (Gitpod before 2022.11.3 allows XSS because redirection can occur for s ...) + NOT-FOR-US: Gitpod +CVE-2023-31893 (Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vul ...) + NOT-FOR-US: Telefnica Brasil Vivo Play (IPTV) Firmware +CVE-2023-2634 (The Get your number WordPress plugin through 1.1.3 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2572 (The Survey Maker WordPress plugin before 3.4.7 does not escape some pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2571 (The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2503 (The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2489 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2488 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2472 (The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2337 (The ConvertKit WordPress plugin before 2.2.1 does not escape a paramet ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4946 (The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10115 (A vulnerability, which was classified as problematic, was found in Woo ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10114 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10113 (A vulnerability classified as problematic was found in WooFramework Tw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3100 (A vulnerability, which was classified as critical, has been found in I ...) + NOT-FOR-US: IBOS +CVE-2023-3099 (A vulnerability classified as critical was found in KylinSoft youker-a ...) + NOT-FOR-US: KylinSoft +CVE-2023-3098 (A vulnerability classified as critical has been found in KylinSoft you ...) + NOT-FOR-US: KylinSoft +CVE-2023-3097 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...) + NOT-FOR-US: KylinSoft +CVE-2023-3096 (A vulnerability was found in KylinSoft kylin-software-properties on Ky ...) + NOT-FOR-US: KylinSoft +CVE-2023-34411 (The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of se ...) + - rust-xml-rs (Vulnerable code not present) + NOTE: https://github.com/netvl/xml-rs/pull/226 + NOTE: Introduced by: https://github.com/netvl/xml-rs/commit/014d808be900c85a0afc5ccdfe668be040d175aa (0.8.9) + NOTE: Fixed by: https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c (0.8.14) +CVE-2023-34410 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...) + {DLA-3539-1} + - qt6-base 6.4.2+dfsg-11 (bug #1037209) + [bookworm] - qt6-base (Minor issue) + - qtbase-opensource-src 5.15.8+dfsg-12 (bug #1037210) + [bookworm] - qtbase-opensource-src (Minor issue) + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qtbase-opensource-src-gles + [bookworm] - qtbase-opensource-src-gles (Minor issue) + [bullseye] - qtbase-opensource-src-gles (Minor issue) + - qt4-x11 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477560 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/480002 +CVE-2023-34407 (OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows ...) + NOT-FOR-US: Harbinger Offline Player +CVE-2023-32334 (IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 and IBM Maximo Applicatio ...) + NOT-FOR-US: IBM +CVE-2015-10112 (A vulnerability classified as problematic has been found in WooFramewo ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125105 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.1 o ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3095 (Improper Access Control in GitHub repository nilsteampassnet/teampass ...) + - teampass (bug #730180) +CVE-2023-3094 (A vulnerability classified as critical has been found in code-projects ...) + NOT-FOR-US: code-projects Agro-School Management System +CVE-2015-10111 (A vulnerability was found in Watu Quiz Plugin up to 2.6.7 on WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10028 (A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10027 (A vulnerability was found in Blogger Importer Plugin up to 0.5 on Word ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3091 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Captura u ...) + NOT-FOR-US: Captura +CVE-2023-3086 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-3085 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: X-RT luci +CVE-2023-3084 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-32582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3083 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-3055 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: Page Builder by AZEXO plugin for WordPress +CVE-2023-3053 (The Page Builder by AZEXO plugin for WordPress is vulnerable to unauth ...) + NOT-FOR-US: Page Builder by AZEXO plugin for WordPress +CVE-2023-3052 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: Page Builder by AZEXO plugin for WordPress +CVE-2023-3051 (The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: Page Builder by AZEXO plugin for WordPress +CVE-2023-3044 (An excessively large PDF page size (found in fuzz testing, unlikely in ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-33143 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-2816 (Consul and Consul Enterprise allowed any user with service:write permi ...) + - consul (Vulnerable code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-16-consul-envoy-extension-downstream-proxy-configuration-by-upstream-service-owner/54525 +CVE-2023-2781 (The User Email Verification for WooCommerce plugin for WordPress is vu ...) + NOT-FOR-US: User Email Verification for WooCommerce plugin for WordPress +CVE-2023-2416 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress +CVE-2023-2415 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress +CVE-2023-2407 (The Event Registration Calendar By vcita plugin, versions up to and in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2406 (The Event Registration Calendar By vcita plugin, versions up to and in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2405 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...) + NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress +CVE-2023-2404 (The CRM and Lead Management by vcita plugin for WordPress is vulnerabl ...) + NOT-FOR-US: CRM and Lead Management by vcita plugin for WordPress +CVE-2023-3075 (Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebo ...) + NOT-FOR-US: Corebos +CVE-2023-3074 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + NOT-FOR-US: Corebos +CVE-2023-3073 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + NOT-FOR-US: Corebos +CVE-2023-3071 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + NOT-FOR-US: Corebos +CVE-2023-3070 (Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/core ...) + NOT-FOR-US: Corebos +CVE-2023-3069 (Unverified Password Change in GitHub repository tsolucio/corebos prior ...) + NOT-FOR-US: Corebos +CVE-2023-3068 (A vulnerability classified as critical has been found in Campcodes Ret ...) + NOT-FOR-US: Campcodes Retro Cellphone Online Store +CVE-2023-3067 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) + NOT-FOR-US: Trilium Notes +CVE-2023-3062 (A vulnerability was found in code-projects Agro-School Management Syst ...) + NOT-FOR-US: Agro-School Management System +CVE-2023-3061 (A vulnerability was found in code-projects Agro-School Management Syst ...) + NOT-FOR-US: Agro-School Management System +CVE-2023-3060 (A vulnerability has been found in code-projects Agro-School Management ...) + NOT-FOR-US: Agro-School Management System +CVE-2023-3059 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Exam Form Submission +CVE-2023-3058 (A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declar ...) + NOT-FOR-US: 07FLY CRM +CVE-2023-3057 (A vulnerability was found in YFCMF up to 3.0.4. It has been rated as p ...) + NOT-FOR-US: YFCMF +CVE-2023-3056 (A vulnerability was found in YFCMF up to 3.0.4. It has been declared a ...) + NOT-FOR-US: YFCMF +CVE-2023-3033 (Incorrect Authorization vulnerability in Mobatime web application allo ...) + NOT-FOR-US: Mobatime web application +CVE-2023-3032 (Unrestricted Upload of File with Dangerous Type vulnerability in Mobat ...) + NOT-FOR-US: Mobatime web application +CVE-2023-3031 (Improper Limitation of a Pathname leads to a Path Traversal vulnerabil ...) + NOT-FOR-US: Prestashop +CVE-2023-34362 (In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2023-34094 (ChuanhuChatGPT is a graphical user interface for ChatGPT and many larg ...) + NOT-FOR-US: ChuanhuChatGPT +CVE-2023-33763 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + NOT-FOR-US: eMedia Consulting simpleRedak +CVE-2023-33762 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + NOT-FOR-US: eMedia Consulting simpleRedak +CVE-2023-33761 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + NOT-FOR-US: eMedia Consulting simpleRedak +CVE-2023-33731 (Reflected Cross Site Scripting (XSS) in the view dashboard detail feat ...) + NOT-FOR-US: Microworld Technologies eScan management console +CVE-2023-33717 (mp4v2 v2.1.3 was discovered to contain a memory leak when a method cal ...) + - mp4v2 +CVE-2023-33675 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33673 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33672 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33671 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33670 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33669 (Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2023-33476 (ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable t ...) + {DSA-5434-1 DLA-3465-1} + - minidlna 1.3.2+dfsg-1.1 (bug #1037052) + NOTE: https://blog.coffinsec.com/0day/2023/05/31/minidlna-heap-overflow-rca.html + NOTE: Fixed by: https://sourceforge.net/p/minidlna/git/ci/9bd58553fae5aef3e6dd22f51642d2c851225aec/ (v1_3_3) +CVE-2023-2687 (Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4 ...) + NOT-FOR-US: Silicon Labs Gecko SDK +CVE-2023-3000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Erikoglu Technology ErMon +CVE-2023-2835 (The WP Directory Kit plugin for WordPress is vulnerable to Reflected C ...) + NOT-FOR-US: WP Directory Kit plugin for WordPress +CVE-2016-15032 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: mback2k mh_httpbl Extension on TYPO3 +CVE-2015-10110 (A vulnerability classified as problematic was found in ruddernation Ti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-3035 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...) + NOT-FOR-US: Guangdong Pythagorean OA Office System +CVE-2023-34339 (In JetBrains Ktor before 2.3.1 headers containing authentication data ...) + NOT-FOR-US: JetBrains Ktor +CVE-2023-34092 (Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5 ...) + NOT-FOR-US: Vite +CVE-2023-34091 (Kyverno is a policy engine designed for Kubernetes. In versions of Kyv ...) + NOT-FOR-US: Kyverno +CVE-2023-33965 (Brook is a cross-platform programmable network tool. The `tproxy` serv ...) + NOT-FOR-US: Brook +CVE-2023-33963 (DataEase is an open source data visualization and analysis tool. Prior ...) + NOT-FOR-US: DataEase +CVE-2023-33960 (OpenProject is web-based project management software. For any OpenProj ...) + NOT-FOR-US: OpenProject +CVE-2023-33764 (eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to cont ...) + NOT-FOR-US: eMedia Consulting simpleRedak +CVE-2023-33756 (An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and belo ...) + - foswiki (bug #509864) +CVE-2023-33754 (The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 do ...) + NOT-FOR-US: Inpiazza Cloud WiFi +CVE-2023-33552 (Heap Buffer Overflow in the erofs_read_one_data function at data.c in ...) + - erofs-utils 1.6-2 (bug #1037092) + [bookworm] - erofs-utils (Minor issue) + [bullseye] - erofs-utils (Vulnerable code not present) + NOTE: https://github.com/lometsj/blog_repo/issues/1 + NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=2145dff03dd3f3f74bcda3b52160fbad37f7fcfe +CVE-2023-33551 (Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/mai ...) + - erofs-utils 1.6-2 (bug #1037092) + [bookworm] - erofs-utils (Minor issue) + [bullseye] - erofs-utils (Vulnerable code not present) + NOTE: https://github.com/lometsj/blog_repo/issues/2 + NOTE: Proposed fix: https://git.kernel.org/pub/scm/linux/kernel/git/xiang/erofs-utils.git/commit/?h=experimental&id=27aeef179bf17d5f1d98f827e93d24839a6d4176 +CVE-2023-33546 (Janino 3.1.9 and earlier are subject to denial of service (DOS) attack ...) + - janino (unimportant) + NOTE: https://github.com/janino-compiler/janino/issues/201 + NOTE: Bug fixed in 3.1.10, but not considered a security issue by upstream +CVE-2023-33544 (hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input ...) + NOT-FOR-US: hawtio +CVE-2023-32717 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) + NOT-FOR-US: Splunk Enterprise +CVE-2023-32716 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...) + NOT-FOR-US: Splunk Enterprise +CVE-2023-32715 (In the Splunk App for Lookup File Editing versions below 4.0.1, a user ...) + NOT-FOR-US: Splunk +CVE-2023-32714 (In the Splunk App for Lookup File Editing versions below 4.0.1, a low- ...) + NOT-FOR-US: Splunk +CVE-2023-32713 (In Splunk App for Stream versions below 8.1.1, a low-privileged user c ...) + NOT-FOR-US: Splunk +CVE-2023-32712 (In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an ...) + NOT-FOR-US: Splunk +CVE-2023-32711 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splun ...) + NOT-FOR-US: Splunk +CVE-2023-32710 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in ...) + NOT-FOR-US: Splunk +CVE-2023-32709 (In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Spl ...) + NOT-FOR-US: Splunk +CVE-2023-32708 (In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Spl ...) + NOT-FOR-US: Splunk +CVE-2023-32707 (In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and ...) + NOT-FOR-US: Splunk +CVE-2023-32706 (On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unau ...) + NOT-FOR-US: Splunk +CVE-2023-32690 (libspdm is a sample implementation that follows the DMTF SPDM specific ...) + NOT-FOR-US: libspdm +CVE-2023-32310 (DataEase is an open source data visualization and analysis tool. The A ...) + NOT-FOR-US: DataEase +CVE-2023-32181 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...) + - libeconf 0.5.2+dfsg1-1 (bug #1037333) + [bookworm] - libeconf (Minor issue) + [bullseye] - libeconf (Minor issue) + NOTE: https://github.com/openSUSE/libeconf/issues/178 + NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2) +CVE-2015-10109 (A vulnerability was found in Video Playlist and Gallery Plugin up to 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125104 (A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-XXXX [RUSTSEC-2023-0039] + - rust-buffered-reader 1.2.0-1 (bug #1037018) + [bookworm] - rust-buffered-reader (Minor issue) + [bullseye] - rust-buffered-reader (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0039.html + NOTE: https://lists.sequoia-pgp.org/hyperkitty/list/announce@lists.sequoia-pgp.org/thread/SN2E3QRT4DMQ5JNEK6VIN6DJ5SH766DI/ + NOTE: https://gitlab.com/sequoia-pgp/sequoia/-/commit/f6307652fb2cbf4e0fbd3f897b1ec70863fcfa61 +CVE-2023-32324 (OpenPrinting CUPS is an open source printing system. In versions 2.4.2 ...) + {DLA-3440-1} + - cups 2.4.2-4 + [bookworm] - cups 2.4.2-3+deb12u1 + [bullseye] - cups 2.3.3op2-3+deb11u3 + NOTE: https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 + NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/fd8bc2d32589d1fd91fe1c0521be2a7c0462109e +CVE-2023-3029 (A vulnerability has been found in Guangdong Pythagorean OA Office Syst ...) + NOT-FOR-US: Guangdong Pythagorean OA Office System +CVE-2023-3028 (Insufficient authentication in the MQTT backend (broker) allows an att ...) + NOT-FOR-US: HopeChart HQT-401 telematics unit +CVE-2023-3026 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2023-34312 (In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProte ...) + NOT-FOR-US: Tencent QQ TIM +CVE-2023-33778 (Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Poin ...) + NOT-FOR-US: Draytek Vigor Routers firmware +CVE-2023-33719 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::R ...) + - mp4v2 +CVE-2023-33716 (mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4 ...) + - mp4v2 +CVE-2023-33643 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33642 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33641 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33640 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33639 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33638 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33637 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33636 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33635 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33634 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33633 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33632 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33631 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33630 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33629 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33628 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33627 (H3C Magic R300 version R300-2100MV100R004 was discovered to contain a ...) + NOT-FOR-US: H3C Magic R300 +CVE-2023-33461 (iniparser v4.1 is vulnerable to NULL Pointer Dereference in function i ...) + - iniparser 4.1-7 (unimportant) + NOTE: https://github.com/ndevilla/iniparser/issues/144 + NOTE: Negligible security impact +CVE-2023-30758 (Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier ...) + NOT-FOR-US: Pleasanter +CVE-2023-29159 (Directory traversal vulnerability in Starlette versions 0.13.5 and lat ...) + NOT-FOR-US: Starlette +CVE-2023-29154 (SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) v ...) + NOT-FOR-US: CONPROSYS +CVE-2023-28937 (DataSpider Servista version 4.4 and earlier uses a hard-coded cryptogr ...) + NOT-FOR-US: DataSpider +CVE-2023-28824 (Server-side request forgery vulnerability exists in CONPROSYS HMI Syst ...) + NOT-FOR-US: CONPROSYS +CVE-2023-28713 (Plaintext storage of a password exists in CONPROSYS HMI System (CHS) v ...) + NOT-FOR-US: CONPROSYS +CVE-2023-28657 (Improper access control vulnerability exists in CONPROSYS HMI System ( ...) + NOT-FOR-US: CONPROSYS +CVE-2023-28651 (Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS ...) + NOT-FOR-US: CONPROSYS +CVE-2023-28399 (Incorrect permission assignment for critical resource exists in CONPRO ...) + NOT-FOR-US: CONPROSYS +CVE-2018-25086 (A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has ...) + NOT-FOR-US: sea75300 FanPress CM +CVE-2010-10010 (A vulnerability classified as problematic has been found in Stars Alli ...) + NOT-FOR-US: Stars Alliance PsychoStats +CVE-2023-3022 (A flaw was found in the IPv6 module of the Linux kernel. The arg.resul ...) + - linux 5.2.6-1 + NOTE: https://git.kernel.org/linus/a65120bae4b7425a39c5783aa3d4fc29677eef0e +CVE-2023-3021 (Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-libr ...) + NOT-FOR-US: mkucej/i-librarian-free +CVE-2023-3020 (Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-l ...) + NOT-FOR-US: mkucej/i-librarian-free +CVE-2023-3018 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-3017 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-3016 (A vulnerability was found in yiwent Vip Video Analysis 1.0 and classif ...) + NOT-FOR-US: yiwent Vip Video Analysis +CVE-2023-3015 (A vulnerability has been found in yiwent Vip Video Analysis 1.0 and cl ...) + NOT-FOR-US: yiwent Vip Video Analysis +CVE-2023-3014 (A vulnerability, which was classified as problematic, was found in Bei ...) + NOT-FOR-US: BeipyVideoResolution +CVE-2023-3013 (Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.) + - gpac (bug #1051740) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/52f95edc-cc03-4a9f-9bf8-74f641260073 + NOTE: https://github.com/gpac/gpac/commit/78e539b43293829a14a32e821f5267e3b7417594 +CVE-2023-3012 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) + {DSA-5452-1} + - gpac (bug #1051740) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/916b787a-c603-409d-afc6-25bb02070e69 + NOTE: https://github.com/gpac/gpac/commit/53387aa86c1af1228d0fa57c67f9c7330716d5a7 +CVE-2023-3009 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-3008 (A vulnerability classified as critical has been found in ningzichun St ...) + NOT-FOR-US: ningzichun Student Management System +CVE-2023-3007 (A vulnerability was found in ningzichun Student Management System 1.0. ...) + NOT-FOR-US: ningzichun Student Management System +CVE-2023-3006 (A known cache speculation vulnerability, known as Branch History Injec ...) + - linux 6.0.7-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Too difficult and risky to backport) + NOTE: https://git.kernel.org/linus/0e5d5ae837c8ce04d2ddb874ec5f920118bd9d31 (6.1-rc1) +CVE-2023-3005 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Local Service Search Engine Management System +CVE-2023-3004 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Simple Chat System +CVE-2023-3003 (A vulnerability classified as critical was found in SourceCodester Tra ...) + NOT-FOR-US: SourceCodester Train Station Ticketing System +CVE-2023-34258 (An issue was discovered in BMC Patrol before 22.1.00. The agent's conf ...) + NOT-FOR-US: BMC Patrol +CVE-2023-34257 (An issue was discovered in BMC Patrol through 23.1.00. The agent's con ...) + NOT-FOR-US: BMC Patrol +CVE-2023-34256 (An issue was discovered in the Linux kernel before 6.3.3. There is an ...) + {DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + NOTE: https://git.kernel.org/linus/4f04351888a83e595571de672e0a4a8b74f4fb31 (6.4-rc2) + NOTE: Exploitable only when modifying block device while beeing mounted. +CVE-2023-34255 + REJECTED +CVE-2023-34229 (In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection p ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34228 (In JetBrains TeamCity before 2023.05 authentication checks were missin ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34227 (In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerabl ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34226 (In JetBrains TeamCity before 2023.05 reflected XSS in the Subscription ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34225 (In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34224 (In JetBrains TeamCity before 2023.05 open redirect during oAuth config ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34223 (In JetBrains TeamCity before 2023.05 parameters of the "password" type ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34222 (In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34221 (In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34220 (In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status P ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34219 (In JetBrains TeamCity before 2023.05 improper permission checks allowe ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34218 (In JetBrains TeamCity before 2023.05 bypass of permission checks allow ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-34088 (Collabora Online is a collaborative online office suite. A stored cros ...) + NOT-FOR-US: Collabora Online +CVE-2023-33979 (gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnera ...) + NOT-FOR-US: gpt_academicmkucej/i-librarian-free +CVE-2023-33971 (Formcreator is a GLPI plugin which allow creation of custom forms and ...) + NOT-FOR-US: GLPI plugin +CVE-2023-33967 (EaseProbe is a tool that can do health/status checking. An SQL injecti ...) + NOT-FOR-US: EaseProbe +CVE-2023-33966 (Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and de ...) + NOT-FOR-US: Deno +CVE-2023-33964 (mx-chain-go is an implementation of the MultiversX blockchain protocol ...) + NOT-FOR-US: mx-chain-go +CVE-2023-33736 (A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3 ...) + NOT-FOR-US: Dcat-Admin +CVE-2023-33735 (D-Link DIR-846 v1.00A52 was discovered to contain a remote command exe ...) + NOT-FOR-US: D-Link +CVE-2023-33732 (Cross Site Scripting (XSS) in the New Policy form in Microworld Techno ...) + NOT-FOR-US: Microworld +CVE-2023-33730 (Privilege Escalation in the "GetUserCurrentPwd" function in Microworld ...) + NOT-FOR-US: Microworld Technologies eScan Management Console +CVE-2023-33722 (EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated rem ...) + NOT-FOR-US: EDIMAX +CVE-2023-33718 (mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::Read ...) + - mp4v2 +CVE-2023-33509 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to SQL Injection.) + NOT-FOR-US: KramerAV VIA GO +CVE-2023-33508 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to unauthenticated file ...) + NOT-FOR-US: KramerAV VIA GO +CVE-2023-33507 (KramerAV VIA GO\xb2 < 4.0.1.1326 is vulnerable to Unauthenticated arbi ...) + NOT-FOR-US: KramerAV VIA GO +CVE-2023-33487 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) + NOT-FOR-US: TOTOLINK +CVE-2023-33486 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) + NOT-FOR-US: TOTOLINK +CVE-2023-33485 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) + NOT-FOR-US: TOTOLINK +CVE-2023-33287 (A stored cross-site scripting (XSS) vulnerability in the Inline Table ...) + NOT-FOR-US: Atlassian Confluence +CVE-2023-32217 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 ...) + NOT-FOR-US: IdentityIQ +CVE-2023-31548 (A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEdi ...) + NOT-FOR-US: ChurchCRM +CVE-2023-2909 (EZ Sync service fails to adequately handle user input, allowing an att ...) + NOT-FOR-US: EZ Sync +CVE-2023-2758 (A denial of service vulnerability exists in Contec CONPROSYS HMI Syste ...) + NOT-FOR-US: CONPROSYS +CVE-2023-2749 (Download Center fails to properly validate the file path submitted by ...) + NOT-FOR-US: ASUSTOR +CVE-2022-48502 (An issue was discovered in the Linux kernel before 6.2. The ntfs3 subs ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.52-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0e8235d28f3a0e9eda9f02ff67ee566d5f42b66b (6.2-rc1) + NOTE: NTFS3 driver not enabled in Debian +CVE-2015-10108 (A vulnerability was found in meitar Inline Google Spreadsheet Viewer P ...) + NOT-FOR-US: Inline Google Spreadsheet Viewer +CVE-2023-33962 (JStachio is a type-safe Java Mustache templating engine. Prior to ver ...) + NOT-FOR-US: JStachio +CVE-2023-33961 (Leantime is a lean open source project management system. Starting in ...) + NOT-FOR-US: Leantime +CVE-2023-33741 (Macrovideo v380pro v1.4.97 shares the device id and password when shar ...) + NOT-FOR-US: Macrovideo +CVE-2023-33740 (Incorrect access control in luowice v3.5.18 allows attackers to access ...) + NOT-FOR-US: luowice +CVE-2023-33734 (BlueCMS v1.6 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: BlueCMS +CVE-2023-33181 (Xibo is a content management system (CMS). Starting in version 3.0.0 a ...) + NOT-FOR-US: Xibo +CVE-2023-33180 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + NOT-FOR-US: Xibo +CVE-2023-33179 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + NOT-FOR-US: Xibo +CVE-2023-32342 (IBM GSKit could allow a remote attacker to obtain sensitive informatio ...) + NOT-FOR-US: IBM +CVE-2023-2999 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2998 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2987 (The Wordapp plugin for WordPress is vulnerable to authorization bypass ...) + NOT-FOR-US: Wordapp plugin for WordPress +CVE-2023-2952 (XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) + {DSA-5429-1 DLA-3443-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-20.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19100 +CVE-2023-2836 (The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: CRM Perks Forms plugin for WordPress +CVE-2023-2612 (Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ub ...) + NOT-FOR-US: shiftfs (part of Ubuntu kernels, not not upstream) +CVE-2023-2549 (The Feather Login Page plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: Feather Login Page plugin for WordPress +CVE-2023-2547 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) + NOT-FOR-US: Feather Login Page plugin for WordPress +CVE-2023-2545 (The Feather Login Page plugin for WordPress is vulnerable to unauthori ...) + NOT-FOR-US: Feather Login Page plugin for WordPress +CVE-2023-2436 (The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Blog-in-Blog plugin for WordPress +CVE-2023-2435 (The Blog-in-Blog plugin for WordPress is vulnerable to Local File Incl ...) + NOT-FOR-US: Blog-in-Blog plugin for WordPress +CVE-2023-2434 (The Nested Pages plugin for WordPress is vulnerable to unauthorized lo ...) + NOT-FOR-US: Nested Pages plugin for WordPress +CVE-2015-10107 (A vulnerability was found in Simplr Registration Form Plus+ Plugin up ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125103 (A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on ...) + NOT-FOR-US: Twitter plugin +CVE-2012-10015 (A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on ...) + NOT-FOR-US: Twitter plugin +CVE-2023-33975 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-33974 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-33973 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-33656 (A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability ...) + NOT-FOR-US: NanoMQ +CVE-2023-33234 (Arbitrary code execution in Apache Airflow CNCF Kubernetes provider ve ...) + NOT-FOR-US: Apache Airflow CNCF Kubernetes Provider +CVE-2023-33178 (Xibo is a content management system (CMS). An SQL injection vulnerabil ...) + NOT-FOR-US: Xibo +CVE-2023-33177 (Xibo is a content management system (CMS). A path traversal vulnerabil ...) + NOT-FOR-US: Xibo +CVE-2023-32699 (MeterSphere is an open source continuous testing platform. Version 2.9 ...) + NOT-FOR-US: MeterSphere +CVE-2023-32696 (CKAN is an open-source data management system for powering data hubs a ...) + NOT-FOR-US: CKAN +CVE-2023-32689 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2023-32684 (Lima launches Linux virtual machines, typically on macOS, for running ...) + NOT-FOR-US: Lima +CVE-2023-32448 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key St ...) + NOT-FOR-US: PowerPath +CVE-2023-32218 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection ...) + NOT-FOR-US: Avaya +CVE-2023-2994 + REJECTED +CVE-2023-2985 (A use after free flaw was found in hfsplus_put_super in fs/hfsplus/sup ...) + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/07db5e247ab5858439b14dd7cc1fe538b9efcf32 (6.3-rc1) +CVE-2023-2984 (Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore pr ...) + NOT-FOR-US: pimcore +CVE-2023-2983 (Privilege Defined With Unsafe Actions in GitHub repository pimcore/pim ...) + NOT-FOR-US: pimcore +CVE-2023-2981 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Abstrium Pydio Cells +CVE-2023-2980 (A vulnerability classified as critical was found in Abstrium Pydio Cel ...) + NOT-FOR-US: Abstrium Pydio Cells +CVE-2023-2979 (A vulnerability classified as critical has been found in Abstrium Pydi ...) + NOT-FOR-US: Abstrium Pydio Cells +CVE-2023-2978 (A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been r ...) + NOT-FOR-US: Abstrium Pydio Cells +CVE-2023-2977 (A vulnerbility was found in OpenSC. This security flaw cause a buffer ...) + {DLA-3463-1} + - opensc 0.23.0-0.3 (bug #1037021) + [bullseye] - opensc (Minor issue) + NOTE: https://github.com/OpenSC/OpenSC/issues/2785 + NOTE: https://github.com/OpenSC/OpenSC/pull/2787 + NOTE: Fixed by: https://github.com/OpenSC/OpenSC/commit/81944d1529202bd28359bede57c0a15deb65ba8a +CVE-2023-2973 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester +CVE-2023-2972 (Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.) + NOT-FOR-US: antfu/utils +CVE-2023-2968 (A remote attacker can trigger a denial of service in the socket.remote ...) + NOT-FOR-US: JFROG +CVE-2023-2650 (Issue summary: Processing some specially crafted ASN.1 object identifi ...) + {DSA-5417-1 DLA-3449-1} + - openssl 3.0.9-1 + NOTE: https://www.openssl.org/news/secadv/20230530.txt + NOTE: https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 (OpenSSL_1_1_1u) + NOTE: https://github.com/openssl/openssl/commit/423a2bc737a908ad0c77bda470b2b59dc879936b (openssl-3.0.9) +CVE-2023-34205 (In Moov signedxml through 1.0.0, parsing the raw XML (as received) can ...) + NOT-FOR-US: Moov signedxml +CVE-2023-34204 (imapsync through 2.229 uses predictable paths under /tmp and /var/tmp ...) + - imapsync + NOTE: https://github.com/imapsync/imapsync/issues/399 +CVE-2023-33955 (Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEF ...) + - minio (bug #859207) +CVE-2023-33245 (Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arb ...) + NOT-FOR-US: Minecraft +CVE-2023-33198 (tgstation-server is a production scale tool for BYOND server managemen ...) + NOT-FOR-US: tgstation-server +CVE-2023-33193 (Emby Server is a user-installable home media server which stores and o ...) + NOT-FOR-US: Emby Server +CVE-2023-33191 (Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp co ...) + NOT-FOR-US: Kyverno +CVE-2023-33189 (Pomerium is an identity and context-aware access proxy. With specially ...) + NOT-FOR-US: Pomerium +CVE-2023-33186 (Zulip is an open-source team collaboration tool with unique topic-base ...) + NOT-FOR-US: Zulip +CVE-2023-33183 (Calendar app for Nextcloud easily sync events from various devices wit ...) + NOT-FOR-US: Nextcloud addon +CVE-2023-33182 (Contacts app for Nextcloud easily syncs contacts from various devices ...) + NOT-FOR-US: Nextcloud addon +CVE-2023-33175 (ToUI is a Python package for creating user interfaces (websites and de ...) + NOT-FOR-US: ToUI +CVE-2023-32698 (nFPM is an alternative to fpm. The file permissions on the checked-in ...) + NOT-FOR-US: nFPM +CVE-2023-32692 (CodeIgniter is a PHP full-stack web framework. This vulnerability allo ...) + NOT-FOR-US: CodeIgniter +CVE-2023-32691 (gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitiv ...) + NOT-FOR-US: GO Simple Tunnel +CVE-2023-32687 (tgstation-server is a toolset to manage production BYOND servers. Star ...) + NOT-FOR-US: tgstation-server +CVE-2023-32072 (Tuleap is an open source tool for end to end traceability of applicati ...) + NOT-FOR-US: Tuleap +CVE-2023-2970 (A vulnerability classified as problematic was found in MindSpore 2.0.0 ...) + NOT-FOR-US: MindSpore +CVE-2023-2962 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2023-2961 (A segmentation fault flaw was found in the Advancecomp package. This m ...) + - advancecomp 2.5-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2210768 + NOTE: Fixed by: https://github.com/amadvance/advancecomp/commit/cfca0f6e589cd46151d067c6723752ff17038b2a (v2.5) + NOTE: Crash in CLI tool, no security impact +CVE-2023-2808 (Mattermost fails to normalize UTF confusable characters when determini ...) + - mattermost-server (bug #823556) +CVE-2023-2518 (The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2470 (The Add to Feedly WordPress plugin through 1.2.11 does not sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125102 (A vulnerability classified as problematic was found in Bestwebsoft Rel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2953 (A vulnerability was found in openldap. This security flaw causes a nul ...) + [experimental] - openldap 2.6.4+dfsg-1~exp1 + - openldap (bug #1036995) + [bookworm] - openldap (Minor issue) + [bullseye] - openldap (Minor issue) + [buster] - openldap (Minor issue) + NOTE: https://bugs.openldap.org/show_bug.cgi?id=9904 + NOTE: https://git.openldap.org/openldap/openldap/-/commit/ea8dd2d279c5aeaf9d4672a4e95bebd99babcce1 (master) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/3f2abd0b2eeec8522e50d5c4ea4992e70e8f9915 (master) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/c5c8c06a8bd52ea7b843e7d8ca961a7d1800ce5f (OPENLDAP_REL_ENG_2_6_4) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/840944e26f734bb03d925f26c4ef11a6cedcbb9c (OPENLDAP_REL_ENG_2_6_4) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/752d320cf96e46f24c0900f1a8f6af0a3fc3c4ce (OPENLDAP_REL_ENG_2_5_14) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/6563fab9e2feccb0a684d0398e78571d09fb808b (OPENLDAP_REL_ENG_2_5_14) +CVE-2023-34153 (A vulnerability was found in ImageMagick. This security flaw causes a ...) + - imagemagick (Vulnerable code introduced later in ImageMagick7) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6338 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d31c80d15a2c82fc1dd8e889e0f97b0219079a57 (7.1.1-10) + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/8fdb81b3c551a37f41a6370fe7d1634406eb1cef + NOTE: introduces the vsync and pix_fmt features, without introducing the vulnerability. +CVE-2023-34152 (A vulnerability was found in ImageMagick. This security flaw cause a r ...) + - imagemagick (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339 + NOTE: Only an issue when configured with --enable-pipes. Enabling pipes are + NOTE: a security risk per se and user needs to take precautions accordingly + NOTE: when enabled. + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6339#issuecomment-1559698800 + NOTE: CVE might get rejected or disputed +CVE-2023-33291 (In ebankIT 6, the public endpoints /public/token/Email/generate and /p ...) + NOT-FOR-US: ebankIT +CVE-2023-31874 (Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafte ...) + NOT-FOR-US: Yank Note (YN) +CVE-2023-31873 (Gin 0.7.4 allows execution of arbitrary code when a crafted file is op ...) + NOT-FOR-US: Gin Markdown Editor +CVE-2023-2955 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Students Online Internship Timesheet System +CVE-2023-2954 (Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/ ...) + NOT-FOR-US: djangoblog +CVE-2021-4336 (A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. ...) + NOT-FOR-US: ITRS Group monitor-ninja +CVE-2023-33931 (Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu You ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33926 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Goog ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33332 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-33328 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33326 (Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in Ev ...) + NOT-FOR-US: EventPrime plugin +CVE-2023-33319 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooComme ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-33316 (Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooComm ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-33315 (Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33314 (Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33313 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33311 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33309 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33216 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVec ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-33212 (Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormB ...) + NOT-FOR-US: WordPress plugin +CVE-2023-33211 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32800 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10106 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: Typo3 extension +CVE-2014-125101 (A vulnerability classified as critical has been found in Portfolio Gal ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2951 (A vulnerability classified as critical has been found in code-projects ...) + NOT-FOR-US: Bus Dispatch and Information System +CVE-2023-2950 (Improper Authorization in GitHub repository openemr/openemr prior to 7 ...) + NOT-FOR-US: OpenEMR +CVE-2023-2949 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) + NOT-FOR-US: OpenEMR +CVE-2023-2948 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...) + NOT-FOR-US: OpenEMR +CVE-2023-2947 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) + NOT-FOR-US: OpenEMR +CVE-2023-2946 (Improper Access Control in GitHub repository openemr/openemr prior to ...) + NOT-FOR-US: OpenEMR +CVE-2023-2945 (Missing Authorization in GitHub repository openemr/openemr prior to 7. ...) + NOT-FOR-US: OpenEMR +CVE-2023-2944 (Improper Access Control in GitHub repository openemr/openemr prior to ...) + NOT-FOR-US: OpenEMR +CVE-2023-2943 (Code Injection in GitHub repository openemr/openemr prior to 7.0.1.) + NOT-FOR-US: OpenEMR +CVE-2023-2942 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) + NOT-FOR-US: OpenEMR +CVE-2023-3217 (Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allow ...) + {DSA-5428-1} + - chromium 114.0.5735.133-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3216 (Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed ...) + {DSA-5428-1} + - chromium 114.0.5735.133-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3215 (Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allo ...) + {DSA-5428-1} + - chromium 114.0.5735.133-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3214 (Use after free in Autofill payments in Google Chrome prior to 114.0.57 ...) + {DSA-5428-1} + - chromium 114.0.5735.133-1 + [buster] - chromium (see DSA 5046) +CVE-2023-3079 (Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed ...) + {DSA-5420-1} + - chromium 114.0.5735.106-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2941 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2940 (Inappropriate implementation in Downloads in Google Chrome prior to 11 ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2939 (Insufficient data validation in Installer in Google Chrome on Windows ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2938 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2937 (Inappropriate implementation in Picture In Picture in Google Chrome pr ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2936 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2935 (Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2934 (Out of bounds memory access in Mojo in Google Chrome prior to 114.0.57 ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2933 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2932 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2931 (Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2930 (Use after free in Extensions in Google Chrome prior to 114.0.5735.90 a ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2929 (Out of bounds write in Swiftshader in Google Chrome prior to 114.0.573 ...) + {DSA-5418-1} + - chromium 114.0.5735.90-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2928 (A vulnerability was found in DedeCMS up to 5.7.106. It has been declar ...) + NOT-FOR-US: DedeCMS +CVE-2023-2927 (A vulnerability was found in JIZHICMS 2.4.5. It has been classified as ...) + NOT-FOR-US: JIZHICMS +CVE-2023-2926 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...) + NOT-FOR-US: SeaCMS +CVE-2023-2925 (A vulnerability, which was classified as problematic, was found in Web ...) + NOT-FOR-US: Webkul krayin crm +CVE-2015-20108 (xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPat ...) + - ruby-saml 1.0.0-1 + NOTE: https://github.com/SAML-Toolkits/ruby-saml/commit/9853651b96b99653ea8627d757d46bfe62ab6448 (v1.0.0) + NOTE: https://github.com/SAML-Toolkits/ruby-saml/pull/225 +CVE-2023-33199 (Rekor's goals are to provide an immutable tamper resistant ledger of m ...) + - rekor (bug #990249) +CVE-2023-33196 (Craft is a CMS for creating custom digital experiences. Cross site scr ...) + NOT-FOR-US: Craft CMS +CVE-2023-33195 (Craft is a CMS for creating custom digital experiences on the web. A m ...) + NOT-FOR-US: Craft CMS +CVE-2023-33194 (Craft is a CMS for creating custom digital experiences on the web.The ...) + NOT-FOR-US: Craft CMS +CVE-2023-33192 (ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not val ...) + NOT-FOR-US: ntpd-rs +CVE-2023-33188 (Omni-notes is an open source note-taking application for Android. The ...) + NOT-FOR-US: Omni-notes +CVE-2023-33187 (Highlight is an open source, full-stack monitoring platform. Highlight ...) + NOT-FOR-US: Highlight (different from src:highlight) +CVE-2023-33184 (Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed ...) + NOT-FOR-US: Nextcloud Mail +CVE-2023-32688 (parse-server-push-adapter is the official Push Notification adapter fo ...) + NOT-FOR-US: parse-server-push-adapter +CVE-2023-32686 (Kiwi TCMS is an open source test management system for both manual and ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-32676 (Autolab is a course management service that enables auto-graded progra ...) + NOT-FOR-US: Autolab +CVE-2023-32325 (PostHog-js is a library to interface with the PostHog analytics tool. ...) + NOT-FOR-US: PostHog-js +CVE-2023-32321 (CKAN is an open-source data management system for powering data hubs a ...) + NOT-FOR-US: CKAN +CVE-2023-32319 (Nextcloud server is an open source personal cloud implementation. Miss ...) + - nextcloud-server (bug #941708) +CVE-2023-32317 (Autolab is a course management service that enables auto-graded progra ...) + NOT-FOR-US: Autolab +CVE-2023-32316 (CloudExplorer Lite is an open source cloud management tool. In affecte ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-32315 (Openfire is an XMPP server licensed under the Open Source Apache Licen ...) + NOT-FOR-US: Ignite Realtime Openfire +CVE-2023-32311 (CloudExplorer Lite is an open source cloud management platform. In Clo ...) + NOT-FOR-US: CloudExplorer Lite +CVE-2023-32307 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) + {DSA-5431-1 DLA-3441-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-6 (bug #1036847) + NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-rm4c-ccvf-ff9c + NOTE: https://github.com/freeswitch/sofia-sip/pull/214 + NOTE: Fixed by: https://github.com/freeswitch/sofia-sip/commit/c3bbc50c88d168065de34ca01b9b1d98c1b0e810 (v1.13.15) +CVE-2023-2924 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: Supcon SimField +CVE-2023-2923 (A vulnerability classified as critical was found in Tenda AC6 US_AC6V1 ...) + NOT-FOR-US: Tenda +CVE-2023-2922 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Comment System +CVE-2023-2825 (An issue has been discovered in GitLab CE/EE affecting only version 16 ...) + - gitlab (Only affects 16.x) +CVE-2023-2898 (There is a null-pointer-dereference flaw found in f2fs_write_end_io in ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.4-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/linux-f2fs-devel/20230522124203.3838360-1-chao@kernel.org/ + NOTE: https://git.kernel.org/linus/d8189834d4348ae608083e1f1f53792cfcc2a9bc (6.5-rc1) +CVE-2023-33780 (A stored cross-site scripting (XSS) vulnerability in TFDi Design smart ...) + NOT-FOR-US: TFDi Design smartCARS +CVE-2023-33779 (A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows ...) + NOT-FOR-US: XXL-Job +CVE-2023-33720 (mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4 ...) + - mp4v2 +CVE-2023-33440 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitra ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-33439 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-33394 (skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers ...) + NOT-FOR-US: skycaiji +CVE-2023-33255 (An issue was discovered in Papaya Viewer 1.0.1449. User-supplied input ...) + NOT-FOR-US: Papaya Viewer +CVE-2023-33247 (Talend Data Catalog remote harvesting server before 8.0-20230413 conta ...) + NOT-FOR-US: Talend +CVE-2023-33197 (Craft is a CMS for creating custom digital experiences on the web. Cro ...) + NOT-FOR-US: Craft CMS +CVE-2023-33185 (Django-SES is a drop-in mail backend for Django. The django_ses librar ...) + NOT-FOR-US: Django-SES +CVE-2023-32964 (Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Bett ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32318 (Nextcloud server provides a home for data. A regression in the session ...) + - nextcloud-server (bug #941708) +CVE-2023-2817 (A post-authentication stored cross-site scripting vulnerability exists ...) + NOT-FOR-US: Craft CMS +CVE-2023-2854 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) + {DSA-5429-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (vulnerable code introduced later) + [buster] - wireshark (vulnerable code introduced in 4.0) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-17.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19084 + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/19ed05756313a0181fd3188eae0557f688bfddaf (v3.7.0) +CVE-2023-2856 (VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 ...) + {DSA-5429-1 DLA-3443-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-16.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19083 +CVE-2023-2858 (NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3 ...) + {DSA-5429-1 DLA-3443-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-15.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19081 +CVE-2023-2879 (GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...) + {DSA-5429-1 DLA-3443-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-14.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19068 +CVE-2023-2857 (BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...) + {DSA-5429-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Vulnerable code introduced later) + [buster] - wireshark (BLF support added in 3.6) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-13.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19063 + NOTE: Introduced after: https://gitlab.com/wireshark/wireshark/-/commit/796819c955b9dd508d73bb640d56c2625f866862 (v3.5.0) +CVE-2023-2855 (Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6. ...) + {DSA-5429-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Candump support added in 3.2) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-12.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19062 +CVE-2023-32074 (user_oidc app is an OpenID Connect user backend for Nextcloud. Authent ...) + NOT-FOR-US: Nextcloud app +CVE-2023-2903 (A vulnerability classified as problematic has been found in NFine Rapi ...) + NOT-FOR-US: NFine Rapid Development Platform +CVE-2023-2902 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + NOT-FOR-US: NFine Rapid Development Platform +CVE-2023-2901 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + NOT-FOR-US: NFine Rapid Development Platform +CVE-2023-2900 (A vulnerability was found in NFine Rapid Development Platform 20230511 ...) + NOT-FOR-US: NFine Rapid Development Platform +CVE-2023-33751 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) + NOT-FOR-US: mipjz +CVE-2023-33750 (A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allo ...) + NOT-FOR-US: mipjz +CVE-2023-33356 (IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: IceCMS +CVE-2023-33355 (IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access t ...) + NOT-FOR-US: IceCMS +CVE-2023-33280 (In the Store Commander scquickaccounting module for PrestaShop through ...) + NOT-FOR-US: PrestaShop +CVE-2023-33279 (In the Store Commander scfixmyprestashop module through 2023-05-09 for ...) + NOT-FOR-US: PrestaShop +CVE-2023-33278 (In the Store Commander scexportcustomers module for PrestaShop through ...) + NOT-FOR-US: PrestaShop +CVE-2023-33263 (In WFTPD 3.25, usernames and password hashes are stored in an openly v ...) + NOT-FOR-US: WFTPD +CVE-2023-33248 (Amazon Alexa software version 8960323972 on Echo Dot 2nd generation an ...) + NOT-FOR-US: Amazon Alexa +CVE-2023-32694 (Saleor Core is a composable, headless commerce API. Saleor's `validate ...) + NOT-FOR-US: Saleor +CVE-2023-31861 (ZLMediaKit 4.0 is vulnerable to Directory Traversal.) + NOT-FOR-US: ZLMediaKit +CVE-2023-31594 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) + NOT-FOR-US: IC Realtime ICIP-P2012T +CVE-2023-31458 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + NOT-FOR-US: Mitel +CVE-2023-2888 (A vulnerability, which was classified as problematic, was found in PHP ...) + NOT-FOR-US: PHPOK +CVE-2023-2887 (Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2886 (Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2885 (Improper Enforcement of Message Integrity During Transmission in a Com ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2884 (Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), U ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2883 (Authorization Bypass Through User-Controlled Key vulnerability in CBOT ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2882 (Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot ...) + NOT-FOR-US: CBOT Chatbot +CVE-2023-2881 (Storing Passwords in a Recoverable Format in GitHub repository pimcore ...) + NOT-FOR-US: pimcore +CVE-2023-2851 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: AGT Tech Ceppatron +CVE-2023-2798 (Those using HtmlUnit to browse untrusted webpages may be vulnerable to ...) + NOT-FOR-US: HtmlUnit +CVE-2023-2734 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-2733 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-2732 (The MStore API plugin for WordPress is vulnerable to authentication by ...) + NOT-FOR-US: MStore API plugin for WordPress +CVE-2023-2500 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) + NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress +CVE-2023-2480 (Missing access permissions checks in M-Files Client before 23.5.12598. ...) + NOT-FOR-US: M-Files +CVE-2023-28370 (Open redirect vulnerability in Tornado versions 6.3.1 and earlier allo ...) + - python-tornado 6.3.2-1 (bug #1036875) + [bookworm] - python-tornado (Minor issue) + [bullseye] - python-tornado (Minor issue) + [buster] - python-tornado (Minor issue) + - salt + NOTE: https://github.com/tornadoweb/tornado/commit/32ad07c54e607839273b4e1819c347f5c8976b2f (v6.3.2) +CVE-2023-27529 (Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an ...) + NOT-FOR-US: Wacom Tablet Driver installer +CVE-2023-XXXX [Block themes parsing shortcodes in user-generated data] + - wordpress 6.2.2+dfsg1-1 (bug #1036689) + [bookworm] - wordpress (Minor issue, fix along in future update) + [bullseye] - wordpress (Block template support was introduced later) + [buster] - wordpress (Block template support was introduced later) + NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/ + NOTE: https://github.com/WordPress/WordPress/commit/6a077b35f15590a843ff8a6c97a135f3a34872dd + NOTE: Upstream reverted the change because it broke countless wordpress installations + NOTE: https://github.com/WordPress/WordPress/commit/2bb3a5169548d16173cf48ca9da1111efc428f86 +CVE-2023-33983 (The Introduction Client in Briar through 1.5.3 does not implement out- ...) + - briar (bug #1019932) +CVE-2023-33982 (Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward ...) + - briar (bug #1019932) +CVE-2023-33981 (Briar before 1.4.22 allows attackers to spoof other users' messages in ...) + - briar (bug #1019932) +CVE-2023-33980 (Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows a ...) + - briar (bug #1019932) +CVE-2023-33950 (Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Lif ...) + NOT-FOR-US: Liferay +CVE-2023-33949 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier t ...) + NOT-FOR-US: Liferay +CVE-2023-33948 (The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Lifera ...) + NOT-FOR-US: Liferay +CVE-2023-33947 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Life ...) + NOT-FOR-US: Liferay +CVE-2023-33946 (The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Life ...) + NOT-FOR-US: Liferay +CVE-2023-33945 (SQL injection vulnerability in the upgrade process for SQL Server in L ...) + NOT-FOR-US: Liferay +CVE-2023-33944 (Cross-site scripting (XSS) vulnerability in Layout module in Liferay P ...) + NOT-FOR-US: Liferay +CVE-2023-33943 (Cross-site scripting (XSS) vulnerability in the Account module in Life ...) + NOT-FOR-US: Liferay +CVE-2023-33942 (Cross-site scripting (XSS) vulnerability in the Web Content Display wi ...) + NOT-FOR-US: Liferay +CVE-2023-33941 (Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for ...) + NOT-FOR-US: Liferay +CVE-2023-33940 (Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in ...) + NOT-FOR-US: Liferay +CVE-2023-33939 (Cross-site scripting (XSS) vulnerability in the Modified Facet widget ...) + NOT-FOR-US: Liferay +CVE-2023-33938 (Cross-site scripting (XSS) vulnerability in the App Builder module's c ...) + NOT-FOR-US: Liferay +CVE-2023-33937 (Stored cross-site scripting (XSS) vulnerability in Form widget configu ...) + NOT-FOR-US: Liferay +CVE-2023-33829 (A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM ...) + NOT-FOR-US: Cloudogu GmbH SCM Manager +CVE-2023-33800 (A stored cross-site scripting (XSS) vulnerability in the Create Region ...) + - netbox (bug #1017079) +CVE-2023-33799 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) + - netbox (bug #1017079) +CVE-2023-33798 (A stored cross-site scripting (XSS) vulnerability in the Create Rack ( ...) + - netbox (bug #1017079) +CVE-2023-33797 (A stored cross-site scripting (XSS) vulnerability in the Create Sites ...) + - netbox (bug #1017079) +CVE-2023-33796 (A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to e ...) + - netbox (bug #1017079) +CVE-2023-33795 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) + - netbox (bug #1017079) +CVE-2023-33794 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...) + - netbox (bug #1017079) +CVE-2023-33793 (A stored cross-site scripting (XSS) vulnerability in the Create Power ...) + - netbox (bug #1017079) +CVE-2023-33792 (A stored cross-site scripting (XSS) vulnerability in the Create Site G ...) + - netbox (bug #1017079) +CVE-2023-33791 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...) + - netbox (bug #1017079) +CVE-2023-33790 (A stored cross-site scripting (XSS) vulnerability in the Create Locati ...) + - netbox (bug #1017079) +CVE-2023-33789 (A stored cross-site scripting (XSS) vulnerability in the Create Contac ...) + - netbox (bug #1017079) +CVE-2023-33788 (A stored cross-site scripting (XSS) vulnerability in the Create Provid ...) + - netbox (bug #1017079) +CVE-2023-33787 (A stored cross-site scripting (XSS) vulnerability in the Create Tenant ...) + - netbox (bug #1017079) +CVE-2023-33786 (A stored cross-site scripting (XSS) vulnerability in the Create Circui ...) + - netbox (bug #1017079) +CVE-2023-33785 (A stored cross-site scripting (XSS) vulnerability in the Create Rack R ...) + - netbox (bug #1017079) +CVE-2023-33010 (A buffer overflow vulnerability in the ID processing function in Zyxel ...) + NOT-FOR-US: Zyxel +CVE-2023-33009 (A buffer overflow vulnerability in the notification function in Zyxel ...) + NOT-FOR-US: Zyxel +CVE-2023-31748 (Insecure permissions in MobileTrans v4.0.11 allows attackers to escala ...) + NOT-FOR-US: MobileTrans +CVE-2023-31595 (IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Contro ...) + NOT-FOR-US: IC Realtime ICIP-P2012T +CVE-2023-31460 (A vulnerability in the Connect Mobility Router component of MiVoice Co ...) + NOT-FOR-US: Mitel +CVE-2023-31459 (A vulnerability in the Connect Mobility Router component of Mitel MiVo ...) + NOT-FOR-US: Mitel +CVE-2023-31457 (A vulnerability in the Headquarters server component of Mitel MiVoice ...) + NOT-FOR-US: Mitel +CVE-2023-2878 (Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses ...) + NOT-FOR-US: secrets-store-csi-driver +CVE-2023-2875 (A vulnerability, which was classified as problematic, was found in eSc ...) + NOT-FOR-US: eScan Antivirus +CVE-2023-2874 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Twister Antivirus +CVE-2023-2873 (A vulnerability classified as critical was found in Twister Antivirus ...) + NOT-FOR-US: Twister Antivirus +CVE-2023-2872 (A vulnerability classified as problematic has been found in FlexiHub 5 ...) + NOT-FOR-US: FlexiHub +CVE-2023-2871 (A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0 ...) + NOT-FOR-US: FabulaTech USB for Remote Desktop +CVE-2023-2870 (A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has ...) + NOT-FOR-US: EnTech Monitor Asset Manager +CVE-2023-2868 (A remote command injection vulnerability exists in the Barracuda Email ...) + NOT-FOR-US: Barracuda +CVE-2023-2865 (A vulnerability was found in SourceCodester Theme Park Ticketing Syste ...) + NOT-FOR-US: SourceCodester Theme Park Ticketing System +CVE-2023-2864 (A vulnerability was found in SourceCodester Online Jewelry Store 1.0 a ...) + NOT-FOR-US: SourceCodester Online Jewelry Store +CVE-2023-2863 (A vulnerability has been found in Simple Design Daily Journal 1.012.GP ...) + NOT-FOR-US: Simple Design Daily Journal +CVE-2023-2862 (A vulnerability, which was classified as problematic, was found in Sit ...) + NOT-FOR-US: SiteServer CMS +CVE-2023-2750 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Cityboss E-municipality +CVE-2023-33246 (For RocketMQ versions 5.1.0 and below, under certain conditions, there ...) + NOT-FOR-US: Apache RocketMQ +CVE-2023-32697 (SQLite JDBC is a library for accessing and creating SQLite database fi ...) + - xerial-sqlite-jdbc 3.42.0.0+dfsg-1 (bug #1036706) + [bookworm] - xerial-sqlite-jdbc 3.40.1.0+dfsg-1+deb12u1 + NOTE: https://github.com/xerial/sqlite-jdbc/security/advisories/GHSA-6phf-6h5g-97j2 + NOTE: Fixed by: https://github.com/xerial/sqlite-jdbc/commit/edb4b8adc2447bc04e05b9b908195a4bc7926242 (3.41.2.2) +CVE-2023-32685 (Kanboard is project management software that focuses on the Kanban met ...) + - kanboard 1.2.26+ds-3 (bug #1036874) + [bookworm] - kanboard 1.2.26+ds-2+deb12u1 + NOTE: https://github.com/kanboard/kanboard/security/advisories/GHSA-hjmw-gm82-r4gv +CVE-2023-32681 (Requests is a HTTP library. Since Requests 2.3.0, Requests has been le ...) + {DLA-3456-1} + - requests 2.31.0+dfsg-1 (bug #1036693) + [bookworm] - requests (Minor issue) + [bullseye] - requests (Minor issue) + NOTE: https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q + NOTE: Fixed by: https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5 (v2.31.0) +CVE-2023-31763 (Weak security in the transmitter of AGShome Smart Alarm v1.0 allows at ...) + NOT-FOR-US: AGShome Smart Alarm +CVE-2023-31762 (Weak security in the transmitter of Digoo DG-HAMB Smart Home Security ...) + NOT-FOR-US: Digoo DG-HAMB Smart Home Security System +CVE-2023-31761 (Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Secur ...) + NOT-FOR-US: Blitzwolf BW-IS22 Smart Home Security Alarm +CVE-2023-31759 (Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allo ...) + NOT-FOR-US: Kerui W18 Alarm System +CVE-2023-31747 (Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain a ...) + NOT-FOR-US: Wondershare Filmora 12 +CVE-2023-31726 (AList 3.15.1 is vulnerable to Incorrect Access Control, which can be e ...) + NOT-FOR-US: AList +CVE-2023-2859 (Code Injection in GitHub repository nilsteampassnet/teampass prior to ...) + - teampass (bug #730180) +CVE-2023-2498 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) + NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress +CVE-2023-2496 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) + NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress +CVE-2023-2494 (The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPr ...) + NOT-FOR-US: Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress +CVE-2023-32695 (socket.io parser is a socket.io encoder and decoder written in JavaScr ...) + - node-socket.io-parser 4.2.1+~3.1.0-2 + [bullseye] - node-socket.io-parser (Vulnerable code introduced later) + [buster] - node-socket.io-parser (Vulnerable code introduced later) + NOTE: https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9 + NOTE: Fixed by: https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced (3.4.3) + NOTE: Introduced by: https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9 (4.0.4) + NOTE: Fixed by: https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3 (4.2.3) +CVE-2023-33617 (An OS Command Injection vulnerability in Parks Fiberlink 210 firmware ...) + NOT-FOR-US: Parks Fiberlink 210 firmware +CVE-2023-33599 (EasyImages2.0 \u2264 2.8.1 is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: EasyImages2.0 +CVE-2023-33362 (Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" func ...) + - piwigo +CVE-2023-33361 (Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php ...) + - piwigo +CVE-2023-33359 (Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in th ...) + - piwigo +CVE-2023-33338 (Old Age Home Management 1.0 is vulnerable to SQL Injection via the use ...) + NOT-FOR-US: Old Age Home Management +CVE-2023-31860 (Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend o ...) + NOT-FOR-US: Wuzhi CMS +CVE-2023-31752 (SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is v ...) + NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System +CVE-2023-31669 (WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dyl ...) + - wabt 1.0.33-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/2165 + NOTE: https://github.com/WebAssembly/wabt/pull/2166 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31518 (A heap use-after-free in the component CDataFileReader::GetItem of tee ...) + - teeworlds (bug #1036703) + [bookworm] - teeworlds (Minor issue) + [bullseye] - teeworlds (Minor issue) + [buster] - teeworlds (Minor issue) + NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b + NOTE: https://github.com/teeworlds/teeworlds/issues/2970 +CVE-2023-31517 (Teeworlds v0.7.5 was discovered to contain memory leaks.) + - teeworlds (bug #1036703) + [bookworm] - teeworlds (Minor issue) + [bullseye] - teeworlds (Minor issue) + [buster] - teeworlds (Minor issue) + NOTE: https://gist.github.com/manba-bryant/9ca95d69c65f4d2c55946932c946fb9b +CVE-2023-2703 (Exposure of Private Personal Information to an Unauthorized Actor vuln ...) + NOT-FOR-US: Finex Media Competition Management System +CVE-2023-2702 (Authorization Bypass Through User-Controlled Key vulnerability in Fine ...) + NOT-FOR-US: Finex Media Competition Management System +CVE-2023-31996 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection ...) + NOT-FOR-US: Hanwha +CVE-2023-31995 (Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Script ...) + NOT-FOR-US: Hanwha +CVE-2023-31994 (Certain Hanwha products are vulnerable to Denial of Service (DoS). ck ...) + NOT-FOR-US: Hanwha +CVE-2023-31826 (Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security ch ...) + NOT-FOR-US: Skyscreamer Open Source Nevado JMS +CVE-2023-31816 (IT Sourcecode Content Management System Project In PHP and MySQL With ...) + NOT-FOR-US: IT Sourcecode Content Management System Project +CVE-2023-31814 (D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to Fil ...) + NOT-FOR-US: D-Link +CVE-2023-31741 (There is a command injection vulnerability in the Linksys E2000 router ...) + NOT-FOR-US: Linksys +CVE-2023-31740 (There is a command injection vulnerability in the Linksys E2000 router ...) + NOT-FOR-US: Linksys +CVE-2023-31708 (A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers ...) + NOT-FOR-US: EyouCMS +CVE-2023-31670 (An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and ...) + - wabt 1.0.33-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/2199 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31664 (A reflected cross-site scripting (XSS) vulnerability in /authenticatio ...) + NOT-FOR-US: WSO2 +CVE-2023-2845 (Improper Access Control in GitHub repository cloudexplorer-dev/cloudex ...) + NOT-FOR-US: Cloudexplorer +CVE-2023-2844 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: Cloudexplorer +CVE-2023-2505 (The affected products have a CSRF vulnerability that could allow an at ...) + NOT-FOR-US: Birddog +CVE-2023-2504 (Files present on firmware images could allow an attacker to gain unaut ...) + NOT-FOR-US: Birddog +CVE-2023-27388 (Improper authentication vulnerability in T&D Corporation and ESPEC MIC ...) + NOT-FOR-US: T&D Corporation +CVE-2023-27387 (Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC COR ...) + NOT-FOR-US: T&D Corporation +CVE-2023-23545 (Missing authentication for critical function exists in T&D Corporation ...) + NOT-FOR-US: T&D Corporation +CVE-2023-22654 (Client-side enforcement of server-side security issue exists in T&D Co ...) + NOT-FOR-US: T&D Corporation +CVE-2023-33294 (An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctwe ...) + NOT-FOR-US: KaiOS +CVE-2023-33293 (An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios ...) + NOT-FOR-US: KaiOS +CVE-2023-32409 (The issue was addressed with improved bounds checks. This issue is fix ...) + - webkit2gtk 2.42.0-1 (unimportant) + - wpewebkit 2.42.0-1 (unimportant) + NOTE: Affects the GPU process which is not supported by the GTK and WPE ports + NOTE: https://bugs.webkit.org/show_bug.cgi?id=255350 + NOTE: https://github.com/WebKit/WebKit/pull/12660 + NOTE: https://github.com/WebKit/WebKit/commit/54408f5746f2401721bd56d71de132a22b6f9856 +CVE-2023-32373 (A use-after-free issue was addressed with improved memory management. ...) + {DSA-5427-1} + - webkit2gtk 2.40.2-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://bugs.webkit.org/show_bug.cgi?id=254840 + NOTE: https://github.com/WebKit/WebKit/commit/85fd2302d16a09a82d9a6e81eb286babb23c4b3c + NOTE: https://webkitgtk.org/security/WSA-2023-0004.html +CVE-2023-32350 (Versions 00.07.00 through 00.07.03 of Teltonika\u2019s RUT router firm ...) + NOT-FOR-US: Teltonika +CVE-2023-32349 (Version 00.07.03.4 and prior of Teltonika\u2019s RUT router firmware c ...) + NOT-FOR-US: Teltonika +CVE-2023-32348 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) + NOT-FOR-US: Teltonika +CVE-2023-32347 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 use ...) + NOT-FOR-US: Teltonika +CVE-2023-32346 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) + NOT-FOR-US: Teltonika +CVE-2023-31923 (Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A v ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-31779 (Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). A ...) + NOT-FOR-US: Wekan +CVE-2023-31742 (There is a command injection vulnerability in the Linksys WRT54GL rout ...) + NOT-FOR-US: Linksys +CVE-2023-31689 (In Wcms 0.3.2, an attacker can send a crafted request from a vulnerabl ...) + NOT-FOR-US: Wcms +CVE-2023-31584 (GitHub repository cu/silicon commit a9ef36 was discovered to contain a ...) + NOT-FOR-US: cu/silicon +CVE-2023-2840 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2 ...) + {DSA-5411-1} + - gpac (bug #1036701) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/21926fc2-6eb1-4e24-8a36-e60f487d0257/ + NOTE: https://github.com/gpac/gpac/commit/ba59206b3225f0e8e95a27eff41cb1c49ddf9a37 +CVE-2023-2839 (Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2.) + {DSA-5411-1} + - gpac (bug #1036701) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/42dce889-f63d-4ea9-970f-1f20fc573d5f/ + NOTE: https://github.com/gpac/gpac/commit/047f96fb39e6bf70cb9f344093f5886e51dce0ac +CVE-2023-2838 (Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.) + {DSA-5411-1} + - gpac (bug #1036701) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/711e0988-5345-4c01-a2fe-1179604dd07f/ + NOTE: https://github.com/gpac/gpac/commit/c88df2e202efad214c25b4e586f243b2038779ba +CVE-2023-2837 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) + {DSA-5411-1} + - gpac (bug #1036701) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/a6bfd1b2-aba8-4c6f-90c4-e95b1831cb17/ + NOTE: https://github.com/gpac/gpac/commit/6f28c4cd607d83ce381f9b4a9f8101ca1e79c611 +CVE-2023-2832 (SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.) + NOT-FOR-US: unilogies/bumsys +CVE-2023-2597 (In Eclipse Openj9 before version 0.38.0, in the implementation of the ...) + NOT-FOR-US: Eclipse Openj9 +CVE-2023-2588 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 hav ...) + NOT-FOR-US: Teltonika +CVE-2023-2587 (Teltonika\u2019s Remote Management System versions prior to 4.10.0 con ...) + NOT-FOR-US: Teltonika +CVE-2023-2586 (Teltonika\u2019s Remote Management System versions 4.14.0 is vulnerabl ...) + NOT-FOR-US: Teltonika +CVE-2023-32067 (c-ares is an asynchronous resolver library. c-ares is vulnerable to de ...) + {DSA-5419-1 DLA-3471-1} + [experimental] - c-ares 1.19.1-1 + - c-ares 1.18.1-3 + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc + NOTE: https://github.com/c-ares/c-ares/commit/b9b8413cfdb70a3f99e1573333b23052d57ec1ae (cares-1_19_1) +CVE-2023-33297 (Bitcoin Core before 24.1, when debug mode is not used, allows attacker ...) + - bitcoin (bug #1036647) + NOTE: https://github.com/bitcoin/bitcoin/issues/27586 + NOTE: https://github.com/bitcoin/bitcoin/issues/27623 + NOTE: https://github.com/bitcoin/bitcoin/pull/27610 +CVE-2023-33288 (An issue was discovered in the Linux kernel before 6.2.9. A use-after- ...) + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/47c29d69212911f50bdcdd0564b5999a559010d4 (6.3-rc4) +CVE-2023-33285 (An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, an ...) + - qt6-base 6.4.2+dfsg-10 (bug #1036848) + [bookworm] - qt6-base (Minor issue) + - qtbase-opensource-src 5.15.8+dfsg-11 + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qtbase-opensource-src-gles + [bookworm] - qtbase-opensource-src-gles (Minor issue) + [bullseye] - qtbase-opensource-src-gles (Minor issue) + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/477644 +CVE-2023-33281 (The remote keyfob system on Nissan Sylphy Classic 2021 sends the same ...) + NOT-FOR-US: Nissan Sylphy Classic 2021 +CVE-2023-33264 (In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, ...) + NOT-FOR-US: Kazelcast +CVE-2023-33254 (There is an LDAP bind credentials exposure on KACE Systems Deployment ...) + NOT-FOR-US: KACE +CVE-2023-33252 (iden3 snarkjs through 0.6.11 allows double spending because there is n ...) + NOT-FOR-US: iden3 snarkjs +CVE-2023-33251 (When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDi ...) + NOT-FOR-US: Akka HTTP +CVE-2023-33250 (The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in ...) + - linux 6.4.4-1 + [bookworm] - linux (Vulnerable code introduced later) + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + NOTE: https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ + NOTE: https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/ +CVE-2023-33236 (MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerabi ...) + NOT-FOR-US: MXsecurity +CVE-2023-33235 (MXsecurity version 1.0 is vulnearble to command injection vulnerabilit ...) + NOT-FOR-US: MXsecurity +CVE-2023-32336 (IBM InfoSphere Information Server 11.7 is affected by a remote code ex ...) + NOT-FOR-US: IBM +CVE-2020-36694 (An issue was discovered in netfilter in the Linux kernel before 5.10. ...) + - linux +CVE-2023-31454 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...) + NOT-FOR-US: Apache InLong +CVE-2023-31453 (Incorrect Permission Assignment for Critical Resource Vulnerability in ...) + NOT-FOR-US: Apache InLong +CVE-2021-46888 (An issue was discovered in hledger before 1.23. A Stored Cross-Site Sc ...) + NOT-FOR-US: hledger +CVE-2023-32589 (Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexie ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2826 (A vulnerability has been found in SourceCodester Class Scheduling Syst ...) + NOT-FOR-US: SourceCodester Class Scheduling System +CVE-2023-33244 (Obsidian before 1.2.2 allows calls to unintended APIs (for microphone ...) + NOT-FOR-US: Obsidian +CVE-2023-2713 (Authorization Bypass Through User-Controlled Key vulnerability in "Re ...) + NOT-FOR-US: Rental Module for Ideasoft's E-commerce Platform +CVE-2023-2712 (Unrestricted Upload of File with Dangerous Type vulnerability in "Ren ...) + NOT-FOR-US: Rental Module for Ideasoft's E-commerce Platform +CVE-2023-32677 (Zulip is an open-source team collaboration tool with unique topic-base ...) + NOT-FOR-US: Zulip +CVE-2023-2824 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) + NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System +CVE-2023-2823 (A vulnerability was found in SourceCodester Class Scheduling System 1. ...) + NOT-FOR-US: SourceCodester Class Scheduling System +CVE-2023-2822 (A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It ...) + NOT-FOR-US: Ellucian Ethos Identity +CVE-2023-2736 (The Groundhogg plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-2735 (The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-2717 (The Groundhogg plugin for WordPress is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-2716 (The Groundhogg plugin for WordPress is vulnerable to unauthorized acce ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-2715 (The Groundhogg plugin for WordPress is vulnerable to unauthorized modi ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-2714 (The Groundhogg plugin for WordPress is vulnerable to unauthorized modi ...) + NOT-FOR-US: Groundhogg plugin for WordPress +CVE-2023-32700 (LuaTeX before 1.17.0 allows execution of arbitrary shell commands when ...) + {DSA-5406-1 DLA-3427-1} + - texlive-bin 2022.20220321.62855-5.1 + NOTE: https://tug.org/~mseven/luatex.html + NOTE: Introduced by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/4d8b815d3b53ae72bce12b535d86bdce51834d50 (1.0.4) + NOTE: Fixed by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/5650c067de62cb7d4aaca44f30c8e9115c51bfc6 (1.17.0) + NOTE: Fixed by: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/b8b71a256664d17a8b6c81481a835813c61aa661 (1.17.0) +CVE-2023-32679 (Craft CMS is an open source content management system. In affected ver ...) + NOT-FOR-US: Craft CMS +CVE-2023-32675 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2023-31862 (jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The conte ...) + NOT-FOR-US: jizhicms +CVE-2023-31757 (DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parame ...) + NOT-FOR-US: DedeCMS +CVE-2023-31756 (A command injection vulnerability exists in the administrative web por ...) + NOT-FOR-US: TP-Link +CVE-2023-31707 (SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.) + NOT-FOR-US: SEMCMS +CVE-2023-2815 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Jewelry Store +CVE-2023-2814 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Class Scheduling System +CVE-2023-2806 (A vulnerability classified as problematic was found in Weaver e-cology ...) + NOT-FOR-US: Weaver e-cology +CVE-2023-2804 (A heap-based buffer overflow issue was discovered in libjpeg-turbo in ...) + - libjpeg-turbo (Vulnerable code not present) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/675 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9f756bc67a84d4566bf74a0c2432aa55da404021 +CVE-2023-33240 (Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1 ...) + NOT-FOR-US: Foxit +CVE-2023-32680 (Metabase is an open source business analytics engine. To edit SQL Snip ...) + NOT-FOR-US: Metabase +CVE-2023-2704 (The BP Social Connect plugin for WordPress is vulnerable to authentica ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32323 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.74.0-1 + NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-f3wc-3vxv-xmvr +CVE-2023-32322 (Ombi is an open source application which allows users to request speci ...) + NOT-FOR-US: Ombi +CVE-2023-32100 (Compiler removal of buffer clearing in sli_se_driver_mac_compute in ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-32099 (Compiler removal of buffer clearing in sli_se_sign_hashin Sili ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-32098 (Compiler removal of buffer clearing in sli_se_sign_message ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-32097 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-32096 (Compiler removal of buffer clearing in sli_crypto_transparent_ae ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-31871 (OpenText Documentum Content Server before 23.2 has a flaw that allows ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2023-31655 (redis-7.0.10 was discovered to contain a segmentation violation.) + NOTE: Bogus issue, see https://github.com/RedisLabs/redisraft/issues/608 +CVE-2023-31597 (An issue in Zammad v5.4.0 allows attackers to bypass e-mail verificati ...) + - zammad (bug #841355) +CVE-2023-2800 (Insecure Temporary File in GitHub repository huggingface/transformers ...) + NOT-FOR-US: Transformers +CVE-2023-2799 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: OA +CVE-2023-2790 (A vulnerability classified as problematic has been found in TOTOLINK N ...) + NOT-FOR-US: TOTOLINK +CVE-2023-2789 (A vulnerability was found in GNU cflow 1.7. It has been rated as probl ...) + - cflow (unimportant) + NOTE: https://github.com/DaisyPo/fuzzing-vulncollect/blob/main/cflow/stack-overflow/parser.c/README.md + NOTE: Crash in CLI tool, no security impact +CVE-2023-2782 (Sensitive information disclosure due to improper authorization. The fo ...) + NOT-FOR-US: Acronis Cyber Infrastructure (ACI) +CVE-2023-2481 (Compiler removal of buffer clearing in sli_se_opaque_import_key ...) + NOT-FOR-US: Silicon Labs Gecko Platform SDK +CVE-2023-33204 (sysstat through 12.7.2 allows a multiplication integer overflow in che ...) + {DLA-3434-1} + - sysstat (bug #1036294) + [bookworm] - sysstat (Minor issue) + [bullseye] - sysstat (Incomplete fix for CVE-2022-39377 not applied) + NOTE: https://github.com/sysstat/sysstat/pull/360 + NOTE: https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 + NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. +CVE-2023-33203 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...) + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/6b6bc5b8bd2d4ca9e1efa9ae0f98a0b0687ace75 (6.3-rc4) +CVE-2023-33201 (Bouncy Castle For Java before 1.74 is affected by an LDAP injection vu ...) + {DLA-3514-1} + - bouncycastle 1.77-1 (bug #1040050) + [bookworm] - bouncycastle (Minor issue) + [bullseye] - bouncycastle (Minor issue) + NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2023-33201 + NOTE: https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc +CVE-2023-31729 (TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.) + NOT-FOR-US: TOTOLINK +CVE-2023-2780 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) + NOT-FOR-US: mlflow +CVE-2023-2757 (The Waiting: One-click countdowns plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Waiting: One-click countdowns plugin for WordPress +CVE-2019-25137 (Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Exe ...) + NOT-FOR-US: Umbraco CMS +CVE-2023-32763 (An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6. ...) + {DLA-3539-1} + - qt6-base 6.4.2+dfsg-8 + - qtbase-opensource-src 5.15.8+dfsg-10 + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qtbase-opensource-src-gles 5.15.8+dfsg-3 (bug #1036702) + [bullseye] - qtbase-opensource-src-gles (Minor issue) + - qt4-x11 + NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000413.html + NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff + NOTE: https://download.qt.io/official_releases/qt/6.5/CVE-2023-32763-qtbase-6.5.diff + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/476490 + NOTE: https://bugreports.qt.io/browse/QTBUG-113337 +CVE-2023-32762 (An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6. ...) + - qt6-base 6.4.2+dfsg-9 + - qtbase-opensource-src 5.15.8+dfsg-10 + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Can wait for next upload) + - qtbase-opensource-src-gles (Not built in GLES variant) + NOTE: https://github.com/qt/qtbase/commit/1b736a815be0222f4b24289cf17575fc15707305 +CVE-2023-34408 (DokuWiki before 2023-04-04a allows XSS via RSS titles.) + - dokuwiki 0.0.20220731.a-2 (bug #1036279) + [bullseye] - dokuwiki (Minor issue) + [buster] - dokuwiki (Minor issue) + NOTE: https://github.com/dokuwiki/dokuwiki/pull/3967 + NOTE: https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e4465894a67a5890f74a6f5f82e827de + NOTE: https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/ +CVE-2023-32767 (The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05 ...) + NOT-FOR-US: Symcon +CVE-2023-31904 (savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File In ...) + NOT-FOR-US: savysoda Wifi HD Wireless Disk Drive +CVE-2023-31903 (GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allo ...) + NOT-FOR-US: GuppY CMS +CVE-2023-31902 (RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execu ...) + NOT-FOR-US: RPA Technology Mobile Mouse +CVE-2023-31725 (yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free v ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/221 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31724 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/222 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31723 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/220 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31722 (There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31703 (Cross Site Scripting (XSS) in the edit user form in Microworld Technol ...) + NOT-FOR-US: Microworld Technologies eScan management console +CVE-2023-31702 (SQL injection in the View User Profile in MicroWorld eScan Management ...) + NOT-FOR-US: Microworld Technologies eScan management console +CVE-2023-31701 (TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable ...) + NOT-FOR-US: TP-Link +CVE-2023-31700 (TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable ...) + NOT-FOR-US: TP-Link +CVE-2023-31699 (ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) ...) + NOT-FOR-US: ChurchCRM +CVE-2023-31698 (Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Bludit +CVE-2023-2776 (A vulnerability was found in code-projects Simple Photo Gallery 1.0. I ...) + NOT-FOR-US: code-projects Simple Photo Gallery +CVE-2023-2775 (A vulnerability was found in code-projects Bus Dispatch and Informatio ...) + NOT-FOR-US: code-projects Bus Dispatch and Information System +CVE-2023-2774 (A vulnerability was found in code-projects Bus Dispatch and Informatio ...) + NOT-FOR-US: code-projects Bus Dispatch and Information System +CVE-2023-2773 (A vulnerability has been found in code-projects Bus Dispatch and Infor ...) + NOT-FOR-US: code-projects Bus Dispatch and Information System +CVE-2023-2772 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Budget and Expense Tracker System +CVE-2023-2771 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2770 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2769 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2768 (A vulnerability was found in Sucms 1.0. It has been rated as problemat ...) + NOT-FOR-US: Sucms +CVE-2023-2766 (A vulnerability was found in Weaver OA 9.5 and classified as problemat ...) + NOT-FOR-US: Weaver OA +CVE-2023-2765 (A vulnerability has been found in Weaver OA up to 9.5 and classified a ...) + NOT-FOR-US: Weaver OA +CVE-2023-2756 (SQL Injection in GitHub repository pimcore/customer-data-framework pri ...) + NOT-FOR-US: pimcore +CVE-2023-2745 (WordPress Core is vulnerable to Directory Traversal in versions up to, ...) + {DLA-3462-1} + - wordpress 6.2.1+dfsg1-1 (bug #1036296) + [bookworm] - wordpress (Minor issue, fix along in future update) + [bullseye] - wordpress (Minor issue, fix along in future update) + NOTE: https://core.trac.wordpress.org/changeset?old=55765&new=55765 + NOTE: https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-release/ +CVE-2023-2679 (Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows ...) + NOT-FOR-US: Snow Software +CVE-2023-31848 (davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).) + NOT-FOR-US: davinci +CVE-2023-31847 (In davinci 0.3.0-rc after logging in, the user can connect to the mysq ...) + NOT-FOR-US: davinci +CVE-2023-31679 (Incorrect access control in Videogo v6.8.1 allows attackers to access ...) + NOT-FOR-US: Videogo +CVE-2023-31678 (Incorrect access control in Videogo v6.8.1 allows attackers to bind sh ...) + NOT-FOR-US: Videogo +CVE-2023-31677 (Insecure permissions in luowice 3.5.18 allow attackers to view informa ...) + NOT-FOR-US: luowice +CVE-2023-31544 (A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v ...) + NOT-FOR-US: alkacon-OpenCMS +CVE-2023-2753 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2752 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2706 (The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vuln ...) + NOT-FOR-US: OTP Login Woocommerce & Gravity Forms plugin for WordPress +CVE-2023-2608 (The Multiple Page Generator Plugin for WordPress is vulnerable to Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2528 (The Contact Form by Supsystic plugin for WordPress is vulnerable to Cr ...) + NOT-FOR-US: Contact Form by Supsystic plugin for WordPress +CVE-2023-2509 (A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood ...) + NOT-FOR-US: ASUSTOR +CVE-2023-2469 + REJECTED +CVE-2023-31890 (An XML Deserialization vulnerability in glazedlists v1.11.0 allows an ...) + NOT-FOR-US: glazedlists +CVE-2023-31857 (Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricte ...) + NOT-FOR-US: Sourcecodester Online Computer and Laptop Store +CVE-2023-31856 (A command injection vulnerability in the hostTime parameter in the fun ...) + NOT-FOR-US: TOTOLINK +CVE-2023-31587 (Tenda AC5 router V15.03.06.28 was discovered to contain a remote code ...) + NOT-FOR-US: Tenda +CVE-2023-31576 (An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows ...) + - serendipity +CVE-2023-31572 (An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change ...) + NOT-FOR-US: Bludit +CVE-2023-31519 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2023-2740 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Guest Management System +CVE-2023-2739 (A vulnerability classified as problematic was found in Gira HomeServer ...) + NOT-FOR-US: Gira HomeServer +CVE-2023-2738 (A vulnerability classified as critical has been found in Tongda OA 11. ...) + NOT-FOR-US: Tongda +CVE-2023-2731 (A NULL pointer dereference flaw was found in Libtiff's LZWDecode() fun ...) + - tiff 4.5.0-6 (bug #1036282) + [bullseye] - tiff (Vulnerable code introduced later) + [buster] - tiff (Vulnerable code introduced later) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/548 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b (v4.5.1rc1) + NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) +CVE-2023-2730 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2726 (Inappropriate implementation in WebApp Installs in Google Chrome prior ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2725 (Use after free in Guest View in Google Chrome prior to 113.0.5672.126 ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2724 (Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2723 (Use after free in DevTools in Google Chrome prior to 113.0.5672.126 al ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2722 (Use after free in Autofill UI in Google Chrome on Android prior to 113 ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2721 (Use after free in Navigation in Google Chrome prior to 113.0.5672.126 ...) + {DSA-5404-1} + - chromium 113.0.5672.126-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2548 (The RegistrationMagic plugin for WordPress is vulnerable to Insecure D ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2023-2499 (The RegistrationMagic plugin for WordPress is vulnerable to authentica ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2023-2633 (Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-2632 (Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API key ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-2631 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33007 (Jenkins LoadComplete support Plugin 1.0 and earlier does not escape th ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33006 (A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oaut ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33005 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the prev ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33004 (A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33003 (A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profi ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33002 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33001 (Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-33000 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32999 (A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32998 (A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32997 (Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32996 (A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32995 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32994 (Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditiona ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32993 (Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not per ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32992 (Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32991 (A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Sing ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32990 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32989 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32988 (A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32987 (A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32986 (Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32985 (Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the pa ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32984 (Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not e ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32983 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask ex ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32982 (Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra var ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32981 (An arbitrary file write vulnerability in Jenkins Pipeline Utility Step ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32980 (A cross-site request forgery (CSRF) vulnerability in Jenkins Email Ext ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32979 (Jenkins Email Extension Plugin does not perform a permission check in ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32978 (A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32977 (Jenkins Pipeline: Job Plugin does not escape the display name of the b ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-32956 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2023-32955 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2023-32309 (PyMdown Extensions is a set of extensions for the `Python-Markdown` ma ...) + NOT-FOR-US: PyMdown Extensions +CVE-2023-32308 (anuko timetracker is an open source time tracking system. Boolean-base ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2023-32068 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-2710 (The video carousel slider with lightbox plugin for WordPress is vulner ...) + NOT-FOR-US: video carousel slider with lightbox plugin for WordPress +CVE-2023-2708 (The Video Gallery plugin for WordPress is vulnerable to Reflected Cros ...) + NOT-FOR-US: Video Gallery plugin for WordPress +CVE-2023-32787 (The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to blo ...) + NOT-FOR-US: OPC UA Legacy Java Stack +CVE-2023-32314 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) + NOT-FOR-US: Node vm2 +CVE-2023-32313 (vm2 is a sandbox that can run untrusted code with Node's built-in modu ...) + NOT-FOR-US: Node vm2 +CVE-2023-31986 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) + NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 +CVE-2023-31845 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-31844 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-31843 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-31842 (Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Faculty Evaluation System +CVE-2023-31631 (An issue in the sqlo_preds_contradiction component of openlink virtuos ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1137 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/c77cd981a82a7f6385b174eb818057b2f19d8c09 +CVE-2023-31630 (An issue in the sqlo_query_spec component of openlink virtuoso-opensou ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1138 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/f9244141ce68dc4a3314fd4a0cd5bb3bdd6ab830 +CVE-2023-31629 (An issue in the sqlo_union_scope component of openlink virtuoso-openso ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1139 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/9553f94992f0a33f7eb7e87e74f0f78998ba5bec +CVE-2023-31628 (An issue in the stricmp component of openlink virtuoso-opensource v7.2 ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1141 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 +CVE-2023-31627 (An issue in the strhash component of openlink virtuoso-opensource v7.2 ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1140 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/ce61d6f568568b771d7e857408e3246d31135494 +CVE-2023-31626 (An issue in the gpf_notice component of openlink virtuoso-opensource v ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1129 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/4ad97c5a81067e3bdabe849f42f089edc9880131 +CVE-2023-31625 (An issue in the psiginfo component of openlink virtuoso-opensource v7. ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1132 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 +CVE-2023-31624 (An issue in the sinv_check_exp component of openlink virtuoso-opensour ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1134 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/311097fb1f23d0a1dd7dcdd2afecf6fe14665526 +CVE-2023-31623 (An issue in the mp_box_copy component of openlink virtuoso-opensource ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1131 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 +CVE-2023-31622 (An issue in the sqlc_make_policy_trig component of openlink virtuoso-o ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1135 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/db91dc5602a8cfde2e4e1d00387d5ba4b77389dc +CVE-2023-31621 (An issue in the kc_var_col component of openlink virtuoso-opensource v ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1130 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/ec54f1c7b50df944ae4a8d3e29cd7eaf1cc97b21 +CVE-2023-31620 (An issue in the dv_compare component of openlink virtuoso-opensource v ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1128 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/a4997ed2499c4de8c95e2de9e2a07b60384fbbec +CVE-2023-31619 (An issue in the sch_name_to_object component of openlink virtuoso-open ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1133 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 +CVE-2023-31618 (An issue in the sqlc_union_dt_wrap component of openlink virtuoso-open ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1136 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/030e47a29976709a50603e3f34e82278e5f462df +CVE-2023-31617 (An issue in the dk_set_delete component of openlink virtuoso-opensourc ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1127 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2b64ad928ef5f75fc93091677a78abfbd17ea07f +CVE-2023-31616 (An issue in the bif_mod component of openlink virtuoso-opensource v7.2 ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1122 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/25fff0eaa85898004bb14909e9f29d16b2918792 +CVE-2023-31615 (An issue in the chash_array component of openlink virtuoso-opensource ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1124 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/d02925b18e3ad0244ae7c52acf92bfa686738eb2 +CVE-2023-31614 (An issue in the mp_box_deserialize_string function in openlink virtuos ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1117 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/7c488ae70803b208a94bf12fee792195caddbf7d +CVE-2023-31613 (An issue in the __nss_database_lookup component of openlink virtuoso-o ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1121 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/171718c844530864cb375213c8b9cbc8ba079efc +CVE-2023-31612 (An issue in the dfe_qexp_list component of openlink virtuoso-opensourc ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1125 +CVE-2023-31611 (An issue in the __libc_longjmp component of openlink virtuoso-opensour ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1119 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/db0b768dfbb66e306504d0f7951c4ae4932edd74 +CVE-2023-31610 (An issue in the _IO_default_xsputn component of openlink virtuoso-open ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1118 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/2ed10333e6e973c2b3e1e60ba854ef0dd12afe07 +CVE-2023-31609 (An issue in the dfe_unit_col_loci component of openlink virtuoso-opens ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1126 +CVE-2023-31608 (An issue in the artm_div_int component of openlink virtuoso-opensource ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1123 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/9c5bdeb73b00b5ae88db0be036d429d779126094 +CVE-2023-31607 (An issue in the __libc_malloc component of openlink virtuoso-opensourc ...) + - virtuoso-opensource (bug #1036467) + [bookworm] - virtuoso-opensource (Minor issue) + [bullseye] - virtuoso-opensource (Minor issue) + [buster] - virtuoso-opensource (Minor issue) + NOTE: https://github.com/openlink/virtuoso-opensource/issues/1120 + NOTE: https://github.com/openlink/virtuoso-opensource/commit/ea8b2c975c6c96f36e34014d6c71a73761198ebe +CVE-2023-31409 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...) + NOT-FOR-US: SICK +CVE-2023-31408 (Cleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSO ...) + NOT-FOR-US: SICK +CVE-2023-32784 (In KeePass 2.x before 2.54, it is possible to recover the cleartext ma ...) + - keepass2 + [bookworm] - keepass2 (Minor issue) + [bullseye] - keepass2 (Minor issue) + [buster] - keepass2 (Minor issue) + NOTE: https://github.com/vdohney/keepass-password-dumper + NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/f3438e6283/ +CVE-2023-32758 (giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5. ...) + NOT-FOR-US: git-url-parse +CVE-2023-2700 (A vulnerability was found in libvirt. This security flaw ouccers due t ...) + [experimental] - libvirt 9.3.0-1 + - libvirt 9.0.0-4 (bug #1036297) + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203653 + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585 (v9.3.0) +CVE-2023-2699 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2698 (A vulnerability classified as critical was found in SourceCodester Los ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2697 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2696 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2695 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2694 (A vulnerability was found in SourceCodester Online Exam System 1.0. It ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2693 (A vulnerability was found in SourceCodester Online Exam System 1.0 and ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2692 (A vulnerability has been found in SourceCodester ICT Laboratory Manage ...) + NOT-FOR-US: SourceCodester ICT Laboratory Management System +CVE-2023-2691 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Personnel Property Equipment System +CVE-2023-2690 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Personnel Property Equipment System +CVE-2023-2689 (A vulnerability classified as critical was found in SourceCodester Bil ...) + NOT-FOR-US: SourceCodester Billing Management System +CVE-2023-32303 (Planet is software that provides satellite data. The secret file store ...) + NOT-FOR-US: Planet +CVE-2023-32306 (Time Tracker is an open source time tracking system. A time-based blin ...) + NOT-FOR-US: Time Tracker +CVE-2023-32305 (aiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contai ...) + NOT-FOR-US: aiven-extras +CVE-2023-32081 (Vert.x STOMP is a vert.x implementation of the STOMP specification tha ...) + NOT-FOR-US: Vert.x STOMP +CVE-2023-32073 (WWBN AVideo is an open source video platform. In versions 12.4 and pri ...) + NOT-FOR-US: AVideo +CVE-2023-31985 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) + NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 +CVE-2023-31983 (A Command Injection vulnerability in Edimax Wireless Router N300 Firmw ...) + NOT-FOR-US: Edimax Wireless Router N300 Firmware BR-6428NS_v4 +CVE-2023-31922 (QuickJS commit 2788d71 was discovered to contain a stack-overflow via ...) + NOT-FOR-US: QuickJS +CVE-2023-31921 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + - iotjs (Vulnerable code not present) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5068 +CVE-2023-31920 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5070 +CVE-2023-31919 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5069 +CVE-2023-31918 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5064 +CVE-2023-31916 (Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5062 +CVE-2023-31914 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memo ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5071 +CVE-2023-31913 (Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertio ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5061 +CVE-2023-2682 (A vulnerability was found in Caton Live up to 2023-04-26 and classifie ...) + NOT-FOR-US: Caton Live +CVE-2023-2680 (This CVE exists because of an incomplete fix for CVE-2021-3750. More s ...) + - qemu (Red Hat specific incomplete fix for CVE-2021-3750) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2203387 +CVE-2023-2678 (A vulnerability has been found in SourceCodester File Tracker Manager ...) + NOT-FOR-US: SourceCodester File Tracker Manager System +CVE-2023-2677 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Covid-19 Contact Tracing System +CVE-2023-2676 (A vulnerability, which was classified as critical, has been found in H ...) + NOT-FOR-US: H3C +CVE-2023-2675 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: linagora twake +CVE-2023-2672 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2671 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2603 (A vulnerability was found in libcap. This issue occurs in the _libcap_ ...) + - libcap2 1:2.66-4 (bug #1036114) + [bullseye] - libcap2 (Minor issue) + [buster] - libcap2 (Vulnerable code introduced later) + NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe + NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf + NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4 + NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=422bec25ae4a1ab03fd4d6f728695ed279173b18 (libcap-2.69) +CVE-2023-2602 (A vulnerability was found in the pthread_create() function in libcap. ...) + - libcap2 1:2.66-4 (bug #1036114) + [bullseye] - libcap2 (Minor issue) + [buster] - libcap2 (Vulnerable code introduced later) + NOTE: https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe + NOTE: https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf + NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/4 + NOTE: Fixed by: https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb (libcap-2.69) +CVE-2023-2515 (Mattermost fails to restrict a user with permissions to edit other use ...) + - mattermost-server (bug #823556) +CVE-2023-2514 (Mattermost Sever fails to redact the DB username and password before e ...) + - mattermost-server (bug #823556) +CVE-2023-2512 (Prior to version v1.20230419.0, the FormData API implementation was su ...) + NOT-FOR-US: Cloudflare workerd +CVE-2023-2458 (Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior t ...) + NOT-FOR-US: Google Chrome on ChromeOS +CVE-2023-2457 (Out of bounds write in ChromeOS Audio Server in Google Chrome on Chrom ...) + NOT-FOR-US: Google Chrome on ChromeOS +CVE-2023-32254 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + {DSA-5448-1} + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/30210947a343b6b3ca13adc9bfc88e1543e16dd5 (6.4-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-20592/ +CVE-2023-32250 (A flaw was found in the Linux kernel's ksmbd, a high-performance in-ke ...) + {DSA-5448-1} + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f5c779b7ddbda30866cf2a27c63e34158f858c73 (6.4-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-698/ +CVE-2023-32243 (Improper Authentication vulnerability in WPDeveloper Essential Addons ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32059 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2023-32058 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2023-31531 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) + NOT-FOR-US: Motorola +CVE-2023-31530 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) + NOT-FOR-US: Motorola +CVE-2023-31529 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) + NOT-FOR-US: Motorola +CVE-2023-31528 (Motorola CX2L Router 1.0.1 was discovered to contain a command injecti ...) + NOT-FOR-US: Motorola +CVE-2023-31508 + REJECTED +CVE-2023-31502 (Altenergy Power Control Software C1.2.5 was discovered to contain a re ...) + NOT-FOR-US: Altenergy Power Control Software +CVE-2023-31497 (Incorrect access control in Quick Heal Technologies Limited Seqrite En ...) + NOT-FOR-US: Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) +CVE-2023-2674 (Improper Access Control in GitHub repository openemr/openemr prior to ...) + NOT-FOR-US: OpenEMR +CVE-2023-2670 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2669 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2668 (A vulnerability was found in SourceCodester Lost and Found Information ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2667 (A vulnerability has been found in SourceCodester Lost and Found Inform ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2666 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - froxlor (bug #581792) +CVE-2023-2665 (Storage of Sensitive Data in a Mechanism without Access Control in Git ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2023-2664 (In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tre ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-2663 (In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree l ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-2662 (In Xpdf 4.04 (and earlier), a bad color space object in the input PDF ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-2511 + REJECTED +CVE-2023-2510 + REJECTED +CVE-2023-2502 + REJECTED +CVE-2023-2501 + REJECTED +CVE-2023-32082 (etcd is a distributed key-value store for the data of a distributed sy ...) + - etcd (bug #1036295) + [bookworm] - etcd (Minor issue) + [bullseye] - etcd (Minor issue) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/pull/15656 + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298 +CVE-2023-32075 (The Customer Management Framework (CMF) for Pimcore adds functionality ...) + NOT-FOR-US: Pimcore +CVE-2023-31498 (A privilege escalation issue was found in PHP Gurukul Hospital Managem ...) + NOT-FOR-US: PHP Gurukul Hospital Management System +CVE-2023-31475 (An issue was discovered on GL.iNet devices before 3.216. The function ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-31473 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-31445 (Cassia Access controller before 2.1.1.2203171453, was discovered to ha ...) + NOT-FOR-US: Cassia Access controller +CVE-2023-2661 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2660 (A vulnerability has been found in SourceCodester Online Computer and L ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2659 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2658 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2657 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2656 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2653 (A vulnerability classified as critical was found in SourceCodester Los ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2652 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Lost and Found Information System +CVE-2023-2490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fern ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2444 (A cross site request forgery vulnerability exists in Rockwell Automati ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2443 (Rockwell Automation ThinManager product allows the use of medium stren ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2455 (Row security policies disregard user ID changes after inlining; Postgr ...) + {DSA-5401-1 DLA-3422-1} + - postgresql-15 15.3-0+deb12u1 + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=473626cf00babd829eb15c36b51dfb358d32bc95 (REL_11_20) +CVE-2023-2454 (schema_element defeats protective search_path changes; It was found th ...) + {DSA-5401-1 DLA-3422-1} + - postgresql-15 15.3-0+deb12u1 + - postgresql-13 + - postgresql-11 + NOTE: https://www.postgresql.org/about/news/postgresql-153-148-1311-1215-and-1120-released-2637/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=23cb8eaeb97df350273cb8902e55842a955339c8 (REL_11_20) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=766e061404c2159dccebad4d19e496d8ced8b2c4 (REL_11_20) +CVE-2023-32668 (LuaTeX before 1.17.0 allows a document (compiled with the default sett ...) + - texlive-bin 2022.20220321.62855-6 (bug #1036470) + [bookworm] - texlive-bin 2022.20220321.62855-5.1+deb12u1 + [bullseye] - texlive-bin (Minor issue) + [buster] - texlive-bin (Minor issue) + NOTE: https://tug.org/pipermail/tex-live/2023-May/049188.html + NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/b266ef076c96b382cd23a4c93204e247bb98626a + NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/e7df9234420973a2f69aac1b10cbb5f00b0cda4d + NOTE: https://gitlab.lisn.upsaclay.fr/texlive/luatex/-/commit/da4492c789e25f05255d54e45447d3da79098967 +CVE-2023-32080 (Wings is the server control plane for Pterodactyl Panel. A vulnerabili ...) + NOT-FOR-US: Pterodactyl panel +CVE-2023-31477 (A path traversal issue was discovered on GL.iNet devices before 3.216. ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-31442 (In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discov ...) + NOT-FOR-US: Lightbend Akka +CVE-2023-2649 (A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been de ...) + NOT-FOR-US: Tenda +CVE-2023-2648 (A vulnerability was found in Weaver E-Office 9.5. It has been classifi ...) + NOT-FOR-US: Weaver E-Office +CVE-2023-2647 (A vulnerability was found in Weaver E-Office 9.5 and classified as cri ...) + NOT-FOR-US: Weaver E-Office +CVE-2023-2646 (A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 ...) + NOT-FOR-US: TP-Link Archer +CVE-2023-2645 (A vulnerability, which was classified as critical, was found in USR US ...) + NOT-FOR-US: USR USR-G806 +CVE-2023-2644 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: DigitalPersona +CVE-2023-2643 (A vulnerability classified as critical was found in SourceCodester Fil ...) + NOT-FOR-US: SourceCodester File Tracker Manager System +CVE-2023-2642 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Exam System +CVE-2023-2641 (A vulnerability was found in SourceCodester Online Internship Manageme ...) + NOT-FOR-US: SourceCodester Online Internship Management System +CVE-2023-32076 (in-toto is a framework to protect supply chain integrity. The in-toto ...) + - in-toto (bug #1035934) + [bookworm] - in-toto (Minor issue) + [bullseye] - in-toto (Minor issue) + NOTE: https://github.com/in-toto/in-toto/security/advisories/GHSA-wc64-c5rv-32pf + NOTE: https://github.com/in-toto/in-toto/commit/f88138c90861953c77a1384ea2fcc58126e6fe59 (v2.0.0) + NOTE: https://github.com/in-toto/in-toto/commit/9835aae17bc60b600713962b2bb66e6b7abe9325 (v2.0.0) +CVE-2023-32070 (XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, ...) + NOT-FOR-US: XWiki +CVE-2023-31910 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5076 +CVE-2023-31908 (Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buff ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5067 +CVE-2023-31907 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5073 +CVE-2023-31906 (Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buf ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5066 +CVE-2023-31568 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...) + - libpodofo (Vulnerable code not present) + NOTE: https://github.com/podofo/podofo/issues/72 + NOTE: Fixed by: https://github.com/podofo/podofo/commit/29d59f604b37159e938a2f46acd4856cfd1e7bac + NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 +CVE-2023-31567 (Podofo v0.10.0 was discovered to contain a heap buffer overflow via th ...) + - libpodofo (bug #1036278) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + NOTE: https://github.com/podofo/podofo/issues/71 +CVE-2023-31566 (Podofo v0.10.0 was discovered to contain a heap-use-after-free via the ...) + - libpodofo (bug #1036278) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + NOTE: https://github.com/podofo/podofo/issues/70 +CVE-2023-31557 + REJECTED +CVE-2023-31556 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...) + - libpodofo (Vulnerable code not present) + NOTE: https://github.com/podofo/podofo/issues/66 + NOTE: Fixed by: https://github.com/podofo/podofo/commit/8d3e9104ea10f8b53a0b5a2a806e6388acd41a40 + NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 +CVE-2023-31555 (podofoinfo 0.10.0 was discovered to contain a segmentation violation v ...) + - libpodofo (Vulnerable code not present) + NOTE: https://github.com/podofo/podofo/issues/67 + NOTE: Fixed by: https://github.com/podofo/podofo/commit/3759eb6aae7c01f2d8670f16ac46f5e116c7f468 + NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 +CVE-2023-31554 + REJECTED +CVE-2023-31471 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-2630 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2629 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: pimcore +CVE-2023-32573 (In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x thro ...) + {DLA-3539-1} + - qt6-svg 6.4.2-2 + - qtsvg-opensource-src 5.15.8-3 + [bullseye] - qtsvg-opensource-src (Minor issue) + [buster] - qtsvg-opensource-src (Minor issue) + - qt4-x11 + NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/474093 + NOTE: https://lists.qt-project.org/pipermail/announce/2023-May/000411.html + NOTE: https://codereview.qt-project.org/c/qt/qtsvg/+/474404 + NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-32573-qtsvg-5.15.diff +CVE-2023-32570 (VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that ca ...) + [experimental] - dav1d 1.2.0-1 + - dav1d 1.2.1-2 (bug #1035950) + [bookworm] - dav1d (Minor issue) + [bullseye] - dav1d (Minor issue) + NOTE: https://code.videolan.org/videolan/dav1d/-/commit/cf617fdae0b9bfabd27282854c8e81450d955efa (1.2.0) +CVE-2023-32569 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) + NOT-FOR-US: Veritas InfoScale Operations Manager +CVE-2023-32568 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) + NOT-FOR-US: Veritas InfoScale Operations Manager +CVE-2023-31478 (An issue was discovered on GL.iNet devices before 3.216. An API endpoi ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-2619 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester +CVE-2023-2618 (A vulnerability, which was classified as problematic, has been found i ...) + - opencv 4.6.0+dfsg-12 (bug #1035954) + [bullseye] - opencv (Vulnerable code not present) + [buster] - opencv (Vulnerable code not present) + NOTE: https://github.com/opencv/opencv_contrib/pull/3484 + NOTE: https://github.com/opencv/opencv_contrib/commit/2b62ff6181163eea029ed1cab11363b4996e9cd6 +CVE-2023-2617 (A vulnerability classified as problematic was found in OpenCV wechat_q ...) + - opencv 4.6.0+dfsg-12 (bug #1035954) + [bullseye] - opencv (Vulnerable code not present) + [buster] - opencv (Vulnerable code not present) + NOTE: https://github.com/opencv/opencv_contrib/pull/3480 + NOTE: https://github.com/opencv/opencv_contrib/commit/ccc277247ac1a7aef0a90353edcdec35fbc5903c +CVE-2023-2616 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) + NOT-FOR-US: pimcore +CVE-2023-2615 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-2614 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) + NOT-FOR-US: pimcore +CVE-2023-2610 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) + {DLA-3453-1} + - vim 2:9.0.1658-1 (bug #1035955) + [bookworm] - vim (Minor issue) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d + NOTE: https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a (v9.0.1532) +CVE-2023-32216 (Memory safety bugs present in Firefox 112. Some of these bugs showed ...) + - firefox 113.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32216 +CVE-2023-32215 (Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32215 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32215 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32215 +CVE-2023-32214 (Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32214 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32214 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32214 +CVE-2023-32213 (When reading a file, an uninitialized value could have been used as re ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32213 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32213 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32213 +CVE-2023-32212 (An attacker could have positioned a datalist element to o ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32212 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32212 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32212 +CVE-2023-32211 (A type checking bug would have led to invalid code being compiled. Thi ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32211 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32211 +CVE-2023-32210 (Documents were incorrectly assuming an ordering of principal objects w ...) + - firefox 113.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32210 +CVE-2023-32209 (A maliciously crafted favicon could have led to an out of memory crash ...) + - firefox 113.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32209 +CVE-2023-32208 (Service workers could reveal script base URL due to dynamic `import()` ...) + - firefox 113.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32208 +CVE-2023-32207 (A missing delay in popup notifications could have made it possible for ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32207 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32207 +CVE-2023-32206 (An out-of-bound read could have led to a crash in the RLBox Expat driv ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32206 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32206 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32206 +CVE-2023-32205 (In multiple cases browser prompts could have been obscured by popups c ...) + {DSA-5403-1 DSA-5400-1 DLA-3421-1 DLA-3417-1} + - firefox 113.0-1 + - firefox-esr 102.11.0esr-1 + - thunderbird 1:102.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-16/#CVE-2023-32205 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-17/#CVE-2023-32205 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-18/#CVE-2023-32205 +CVE-2023-32071 (XWiki Platform is a generic wiki platform. Starting in versions 2.2-mi ...) + NOT-FOR-US: XWiki +CVE-2023-32069 (XWiki Platform is a generic wiki platform. Starting in version 3.3-mil ...) + NOT-FOR-US: XWiki +CVE-2023-32066 (Time Tracker is an open source time tracking system. The week view plu ...) + NOT-FOR-US: Time Tracker +CVE-2023-32060 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) + NOT-FOR-US: DHIS2 +CVE-2023-31982 (Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the ...) + - sngrep 1.7.0-1 (unimportant) + NOTE: https://github.com/irontec/sngrep/issues/431 + NOTE: https://github.com/irontec/sngrep/commit/f39fa0b59b4d693f1997bc0cbf8b3b0772018563 (v1.7.0) + NOTE: Crash in CLI tool, no security impact +CVE-2023-31981 (Sngrep v1.6.0 was discovered to contain a stack buffer overflow via th ...) + - sngrep 1.7.0-1 (unimportant) + NOTE: https://github.com/irontec/sngrep/issues/430 + NOTE: https://github.com/irontec/sngrep/commit/038a65883551fdccc0bb86600309bb85d2251f98 (v1.7.0) + NOTE: Crash in CLI tool, no security impact +CVE-2023-31979 (Catdoc v0.95 was discovered to contain a global buffer overflow via th ...) + - catdoc (unimportant) + NOTE: https://github.com/petewarden/catdoc/issues/9 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31976 (libming v0.4.8 was discovered to contain a stack buffer overflow via t ...) + - ming +CVE-2023-31975 (yasm v1.3.0 was discovered to contain a memory leak via the function y ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/210 + NOTE: Memory leak in CLI tool, no security impact +CVE-2023-31974 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/208 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31973 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/207 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31972 (yasm v1.3.0 was discovered to contain a use after free via the functio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/209 + NOTE: Crash in CLI tool, no security impact +CVE-2023-31807 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31806 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31805 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31804 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31803 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31802 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31801 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31800 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31799 (Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allo ...) + NOT-FOR-US: Chamilo LMS +CVE-2023-31490 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...) + {DSA-5495-1 DLA-3573-1} + - frr 8.4.4-1 (bug #1036062) + NOTE: https://github.com/FRRouting/frr/issues/13099 + NOTE: https://github.com/FRRouting/frr/pull/12454 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/06431bfa7570f169637ebb5898f0b0cc3b010802 +CVE-2023-31489 (An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to c ...) + - frr 8.4.4-1 (bug #1036061) + [bullseye] - frr (The vulnerable code was introduced later) + [buster] - frr (The vulnerable code was introduced later) + NOTE: https://github.com/FRRouting/frr/issues/13098 + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/b1d33ec293e8e36fbb8766252f3b016d268e31ce +CVE-2023-31476 (An issue was discovered on GL.iNet devices running firmware before 3.2 ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-31474 (An issue was discovered on GL.iNet devices before 3.216. Through the s ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-31472 (An issue was discovered on GL.iNet devices before 3.216. There is an a ...) + NOT-FOR-US: GL.iNet devices +CVE-2023-2609 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.153 ...) + - vim 2:9.0.1658-1 (unimportant) + NOTE: https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 + NOTE: https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad (v9.0.1531) + NOTE: Crash in CLI tool, no security impact +CVE-2023-2598 (A flaw was found in the fixed buffer registration code for io_uring (i ...) + - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/3 + NOTE: https://git.kernel.org/linus/776617db78c6d208780e7c69d4d68d1fa82913de (6.4-rc1) +CVE-2023-2596 (A vulnerability was found in SourceCodester Online Reviewer System 1.0 ...) + NOT-FOR-US: SourceCodester Online Reviewer System +CVE-2023-2595 (A vulnerability has been found in SourceCodester Billing Management Sy ...) + NOT-FOR-US: SourceCodester Billing Management System +CVE-2023-2594 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Food Ordering Management System +CVE-2023-2591 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + - teampass (bug #730180) +CVE-2023-32113 (SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attack ...) + NOT-FOR-US: SAP +CVE-2023-32112 (Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APP ...) + NOT-FOR-US: SAP +CVE-2023-32111 (In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a cr ...) + NOT-FOR-US: SAP +CVE-2023-31407 (SAP Business Planning and Consolidation - versions 740, 750, allows an ...) + NOT-FOR-US: SAP +CVE-2023-31406 (Due to insufficient input validation, SAP BusinessObjects Business Int ...) + NOT-FOR-US: SAP +CVE-2023-31404 (Under certain conditions,SAP BusinessObjects Business Intelligence Pla ...) + NOT-FOR-US: SAP +CVE-2023-2590 (Missing Authorization in GitHub repository answerdev/answer prior to 1 ...) + NOT-FOR-US: answerdev/answer +CVE-2023-2478 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2583 (Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.) + NOT-FOR-US: jsreport +CVE-2023-2582 (A prototype pollution vulnerability exists in Strikingly CMS which can ...) + NOT-FOR-US: Strikingly CMS +CVE-2023-2575 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) + NOT-FOR-US: Advantech +CVE-2023-2574 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) + NOT-FOR-US: Advantech +CVE-2023-2573 (Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affect ...) + NOT-FOR-US: Advantech +CVE-2023-2566 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) + NOT-FOR-US: OpenEMR +CVE-2023-2534 (Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x +CVE-2023-2565 (A vulnerability has been found in SourceCodester Multi Language Hotel ...) + NOT-FOR-US: SourceCodester Multi Language Hotel Management Software +CVE-2023-2564 (OS Command Injection in GitHub repository sbs20/scanservjs prior to v2 ...) + NOT-FOR-US: scanservjs (SANE scanner nodejs web ui) +CVE-2023-32290 (The myMail app through 14.30 for iOS sends cleartext credentials in a ...) + NOT-FOR-US: myMail app for iOS +CVE-2023-2560 (A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has ...) + NOT-FOR-US: jja8 NewBingGoGo +CVE-2016-15031 (A vulnerability was found in PHP-Login 1.0. It has been declared as cr ...) + NOT-FOR-US: PHP-Login +CVE-2023-2554 (External Control of File Name or Path in GitHub repository unilogies/b ...) + NOT-FOR-US: unilogies/bumsys +CVE-2023-2553 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...) + NOT-FOR-US: unilogies/bumsys +CVE-2023-2552 (Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsy ...) + NOT-FOR-US: unilogies/bumsys +CVE-2023-2551 (PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior ...) + NOT-FOR-US: unilogies/bumsys +CVE-2023-2550 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2540 + REJECTED +CVE-2023-2539 + REJECTED +CVE-2023-2537 + REJECTED +CVE-2023-2536 + REJECTED +CVE-2023-2516 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-2427 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-32269 (An issue was discovered in the Linux kernel before 6.1.11. In net/netr ...) + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/611792920925fb088ddccbe2783c7f92fdfb6b64 (6.2-rc7) +CVE-2023-32235 (Ghost before 5.42.1 allows remote attackers to read arbitrary files wi ...) + NOT-FOR-US: Ghost CMS +CVE-2023-32233 (In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_ta ...) + {DSA-5402-1 DLA-3508-1 DLA-3446-1} + - linux 6.1.27-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/05/08/4 + NOTE: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab (6.4-rc1) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/15/5 +CVE-2023-31415 (Kibana version 8.7.0 contains an arbitrary code execution flaw. An att ...) + - kibana (bug #700337) +CVE-2023-31414 (Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code executio ...) + - kibana (bug #700337) +CVE-2023-31413 (Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson inp ...) + NOT-FOR-US: Filebeat +CVE-2023-2535 + REJECTED +CVE-2023-2531 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: azuracast +CVE-2017-20183 (A vulnerability was found in External Media without Import Plugin up t ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2524 (A vulnerability classified as critical has been found in Control iD RH ...) + NOT-FOR-US: Control iD RHiD +CVE-2023-2523 (A vulnerability was found in Weaver E-Office 9.5. It has been rated as ...) + NOT-FOR-US: Weaver E-Office +CVE-2023-2522 (A vulnerability was found in Chengdu VEC40G 3.0. It has been declared ...) + NOT-FOR-US: Chengdu VEC40G +CVE-2023-2521 (A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been class ...) + NOT-FOR-US: NEXTU NEXT-7004N +CVE-2023-2520 (A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031 ...) + NOT-FOR-US: Caton Prime +CVE-2023-2519 (A vulnerability has been found in Caton CTP Relay Server 1.2.9 and cla ...) + NOT-FOR-US: Caton CTP Relay Server +CVE-2023-2513 (A use-after-free vulnerability was found in the Linux kernel's ext4 fi ...) + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/67d7d8ad99beccd9fe92d585b87f1760dc9018e3 (6.0-rc1) +CVE-2017-20184 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Carlo Gavazzi Powersoft +CVE-2023-2468 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2467 (Inappropriate implementation in Prompts in Google Chrome on Android pr ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2466 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2465 (Inappropriate implementation in CORS in Google Chrome prior to 113.0.5 ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2464 (Inappropriate implementation in PictureInPicture in Google Chrome prio ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2463 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2462 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2461 (Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113. ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2460 (Insufficient validation of untrusted input in Extensions in Google Chr ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2459 (Inappropriate implementation in Prompts in Google Chrome prior to 113. ...) + {DSA-5398-1} + - chromium 113.0.5672.63-1 + [buster] - chromium (see DSA 5046) +CVE-2023-32007 (** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibi ...) + - apache-spark (bug #802194) +CVE-2023-31435 (Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Te ...) + NOT-FOR-US: evasys +CVE-2023-31434 (The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user prof ...) + NOT-FOR-US: evasys +CVE-2023-31433 (A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9 ...) + NOT-FOR-US: evasys +CVE-2023-2483 + REJECTED +CVE-2023-2479 (OS Command Injection in GitHub repository appium/appium-desktop prior ...) + NOT-FOR-US: Appium +CVE-2023-2477 (A vulnerability was found in Funadmin up to 3.2.3. It has been declare ...) + NOT-FOR-US: Funadmin +CVE-2023-2476 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been ...) + NOT-FOR-US: Dromara J2eeFAST +CVE-2023-2475 (A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classifi ...) + NOT-FOR-US: Dromara J2eeFAST +CVE-2023-2474 (A vulnerability has been found in Rebuild 3.2 and classified as proble ...) + NOT-FOR-US: Rebuild +CVE-2023-2473 (A vulnerability was found in Dreamer CMS up to 4.1.3. It has been decl ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-2445 (Improper access control in Subscriptions Folder path filter in Devolut ...) + NOT-FOR-US: Devolutions +CVE-2022-48483 (3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthentica ...) + NOT-FOR-US: 3CX +CVE-2022-48482 (3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows all ...) + NOT-FOR-US: 3CX +CVE-2014-125100 (A vulnerability classified as problematic was found in BestWebSoft Job ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10026 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2451 (A vulnerability was found in SourceCodester Online DJ Management Syste ...) + NOT-FOR-US: SourceCodester Online DJ Management System +CVE-2018-25085 (A vulnerability classified as problematic was found in Responsive Menu ...) + NOT-FOR-US: Responsive Menus on Drupal +CVE-2015-10105 (A vulnerability, which was classified as critical, was found in IP Bla ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10104 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2430 (A vulnerability was found due to missing lock for IOPOLL flaw in io_cq ...) + {DSA-5492-1} + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e12d7a46f65ae4b7d58a5e0c1cbfa825cf8d830d (6.2-rc5) +CVE-2023-2429 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2428 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-2426 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + - vim 2:9.0.1378-2 (bug #1035323) + [bullseye] - vim (Minor issue) + [buster] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425 + NOTE: https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b (v9.0.1499) +CVE-2023-31485 (GitLab::API::v4 through 0.26 does not verify TLS certificates when con ...) + - libgitlab-api-v4-perl (bug #954051) + [bookworm] - libgitlab-api-v4-perl (Minor issue) + [bullseye] - libgitlab-api-v4-perl (Minor issue) + [buster] - libgitlab-api-v4-perl (Minor issue) + NOTE: https://github.com/bluefeet/GitLab-API-v4/pull/57 +CVE-2023-31484 (CPAN.pm before 2.35 does not verify TLS certificates when downloading ...) + [experimental] - perl 5.38.0~rc2-1 + - perl (bug #1035109) + [bookworm] - perl (Minor issue) + [bullseye] - perl (Minor issue) + [buster] - perl (Minor issue) + NOTE: https://github.com/andk/cpanpm/pull/175 + NOTE: https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL) +CVE-2023-31483 (tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a di ...) + NOT-FOR-US: Cauldron cbang +CVE-2023-2425 (A vulnerability was found in SourceCodester Simple Student Information ...) + NOT-FOR-US: SourceCodester Simple Student Information System +CVE-2023-2424 (A vulnerability was found in DedeCMS 5.7.106 and classified as critica ...) + NOT-FOR-US: DedeCMS +CVE-2023-2421 (A vulnerability classified as problematic has been found in Control iD ...) + NOT-FOR-US: Control iD RHiD +CVE-2023-2420 (A vulnerability was found in MLECMS 3.0. It has been rated as critical ...) + NOT-FOR-US: MLECMS +CVE-2023-2419 (A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been decla ...) + NOT-FOR-US: Zhong Bang CRMEB +CVE-2023-2418 (A vulnerability was found in Konga 2.8.3 on Kong. It has been classifi ...) + NOT-FOR-US: Konga +CVE-2023-2417 (A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 ...) + NOT-FOR-US: ks-soft Advanced Host Monitor +CVE-2023-2413 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2412 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2411 (A vulnerability was found in SourceCodester AC Repair and Services Sys ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2410 (A vulnerability has been found in SourceCodester AC Repair and Service ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2409 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2408 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester AC Repair and Services System +CVE-2023-2397 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Simple Mobile Comparison Website +CVE-2023-2396 (A vulnerability classified as problematic was found in Netgear SRX5308 ...) + NOT-FOR-US: Netgear +CVE-2023-2395 (A vulnerability classified as problematic has been found in Netgear SR ...) + NOT-FOR-US: Netgear +CVE-2023-31486 (HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available ...) + - libhttp-tiny-perl (bug #962407; unimportant) + [experimental] - perl 5.38.0~rc2-1 + - perl (unimportant; bug #954089) + NOTE: https://www.openwall.com/lists/oss-security/2023/04/18/14 + NOTE: https://github.com/chansen/p5-http-tiny/issues/134 + NOTE: https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ + NOTE: https://hackeriet.github.io/cpan-http-tiny-overview/ + NOTE: Applications need to explicitly opt in to enable verification. +CVE-2023-31470 (SmartDNS through 41 before 56d0332 allows an out-of-bounds write becau ...) + NOT-FOR-US: SmartDNS +CVE-2023-31444 (In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, ...) + NOT-FOR-US: Talend Studio +CVE-2023-2394 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2393 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2392 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2391 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classif ...) + NOT-FOR-US: Netgear +CVE-2023-2390 (A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and cl ...) + NOT-FOR-US: Netgear +CVE-2023-2389 (A vulnerability, which was classified as problematic, was found in Net ...) + NOT-FOR-US: Netgear +CVE-2023-2388 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Netgear +CVE-2023-2387 (A vulnerability classified as problematic was found in Netgear SRX5308 ...) + NOT-FOR-US: Netgear +CVE-2023-2386 (A vulnerability classified as problematic has been found in Netgear SR ...) + NOT-FOR-US: Netgear +CVE-2023-2385 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2384 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2383 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has bee ...) + NOT-FOR-US: Netgear +CVE-2023-2382 (A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classif ...) + NOT-FOR-US: Netgear +CVE-2023-2381 (A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and cl ...) + NOT-FOR-US: Netgear +CVE-2023-2380 (A vulnerability, which was classified as problematic, was found in Net ...) + NOT-FOR-US: Netgear +CVE-2023-2379 (A vulnerability classified as critical has been found in Ubiquiti Edge ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2378 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2377 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2376 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2375 (A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix. ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2374 (A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-ho ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2373 (A vulnerability, which was classified as critical, was found in Ubiqui ...) + NOT-FOR-US: Ubiquiti +CVE-2023-2372 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Online DJ Management System +CVE-2023-2371 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online DJ Management System +CVE-2023-2370 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online DJ Management System +CVE-2023-2369 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) + NOT-FOR-US: SourceCodester Faculty Evaluation System +CVE-2023-2368 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) + NOT-FOR-US: SourceCodester Faculty Evaluation System +CVE-2023-2367 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) + NOT-FOR-US: SourceCodester Faculty Evaluation System +CVE-2023-2366 (A vulnerability was found in SourceCodester Faculty Evaluation System ...) + NOT-FOR-US: SourceCodester Faculty Evaluation System +CVE-2023-2365 (A vulnerability has been found in SourceCodester Faculty Evaluation Sy ...) + NOT-FOR-US: SourceCodester Faculty Evaluation System +CVE-2023-2364 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-2363 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Resort Reservation System +CVE-2023-2361 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2360 (Sensitive information disclosure due to CORS misconfiguration. The fol ...) + NOT-FOR-US: Acronis +CVE-2023-2356 (Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) + NOT-FOR-US: mlflow +CVE-2023-2355 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...) + NOT-FOR-US: Acronis Snap Deploy (Windows) +CVE-2023-2350 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2349 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2348 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2347 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2346 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2345 (A vulnerability was found in SourceCodester Service Provider Managemen ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2344 (A vulnerability has been found in SourceCodester Service Provider Mana ...) + NOT-FOR-US: SourceCodester Service Provider Management System +CVE-2023-2343 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) + NOT-FOR-US: pimcore +CVE-2023-2342 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-2341 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) + NOT-FOR-US: pimcore +CVE-2023-2340 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2339 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-2338 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.) + NOT-FOR-US: pimcore +CVE-2023-2336 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.) + NOT-FOR-US: pimcore +CVE-2023-2335 (Plaintext Password in Registry vulnerability in 42gears surelock win ...) + NOT-FOR-US: 42gears +CVE-2023-2331 (Unquoted service Path or Element vulnerability in 42Gears Surelock Win ...) + NOT-FOR-US: 42Gears +CVE-2023-2328 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) + NOT-FOR-US: pimcore +CVE-2023-2327 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-2322 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-48481 (In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was po ...) + NOT-FOR-US: JetBrains Toolbox App +CVE-2023-XXXX [RUSTSEC-2023-0035: enumflags2: Adverserial use of make_bitflags! macro can cause undefined behavior] + - rust-enumflags2 (Introduced in 0.7.0) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0035.html +CVE-2023-31436 (qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2 ...) + {DSA-5402-1 DLA-3446-1} + - linux 6.1.27-1 + [buster] - linux 4.19.282-1 + NOTE: https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d (6.3) + NOTE: https://kernel.dance/#3037933448f60f9acb705997eae62013ecb81e0d +CVE-2023-31290 (Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser ex ...) + NOT-FOR-US: Trust Wallet Core +CVE-2023-31289 + RESERVED +CVE-2023-31288 + RESERVED +CVE-2023-31287 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...) + NOT-FOR-US: Serenity +CVE-2023-31286 (An issue was discovered in Serenity Serene (and StartSharp) before 6.7 ...) + NOT-FOR-US: Serenity +CVE-2023-31285 (An XSS issue was discovered in Serenity Serene (and StartSharp) before ...) + NOT-FOR-US: Serenity +CVE-2023-31284 (illumos illumos-gate before 676abcb has a stack buffer overflow in /de ...) + NOT-FOR-US: illumos illumos-gate +CVE-2023-31283 + RESERVED +CVE-2023-31282 + RESERVED +CVE-2023-31281 + RESERVED +CVE-2023-31280 + RESERVED +CVE-2023-31279 + RESERVED +CVE-2023-31245 (Devices using Snap One OvrC cloud are sent to a web address when acces ...) + NOT-FOR-US: Snap One +CVE-2023-31241 (Snap One OvrC cloud servers contain a route an attacker can use to byp ...) + NOT-FOR-US: Snap One +CVE-2023-31240 (Snap One OvrC Pro versions prior to 7.2 have their own locally running ...) + NOT-FOR-US: Snap One +CVE-2023-31193 (Snap One OvrC Pro versions prior to 7.3 use HTTP connections when down ...) + NOT-FOR-US: Snap One +CVE-2023-28649 (The Hub in the Snap One OvrC cloud platform is a device used to centra ...) + NOT-FOR-US: Snap One +CVE-2023-28412 (When supplied with a random MAC address, Snap One OvrC cloud servers w ...) + NOT-FOR-US: Snap One +CVE-2023-28386 (Snap One OvrC Pro devices versions 7.2 and prior do not validate firmw ...) + NOT-FOR-US: Snap One +CVE-2023-25183 (In Snap One OvrC Pro versions prior to 7.2, when logged into the super ...) + NOT-FOR-US: Snap One +CVE-2023-2319 (It was discovered that an update for PCS package in RHBA-2023:2151 err ...) + NOT-FOR-US: ed Hat Enterprise Linux 9.2 specific security regression from CVE-2023-28154 +CVE-2023-2318 (DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0. ...) + NOT-FOR-US: MarkText +CVE-2023-2317 (DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows ...) + NOT-FOR-US: Typora +CVE-2023-2316 (Improper path handling in Typora before 1.6.7 on Windows and Linux all ...) + NOT-FOR-US: Typora +CVE-2023-2315 (Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authe ...) + NOT-FOR-US: OpenCart +CVE-2023-31269 + RESERVED +CVE-2023-31268 + RESERVED +CVE-2023-31267 + RESERVED +CVE-2023-31266 + RESERVED +CVE-2023-31265 + RESERVED +CVE-2023-31264 + RESERVED +CVE-2023-31263 + RESERVED +CVE-2023-31262 + RESERVED +CVE-2023-31261 + RESERVED +CVE-2023-31260 + RESERVED +CVE-2023-31259 + RESERVED +CVE-2023-31258 + RESERVED +CVE-2023-31257 + RESERVED +CVE-2023-31256 + RESERVED +CVE-2023-31255 + RESERVED +CVE-2023-31254 + RESERVED +CVE-2023-31253 + RESERVED +CVE-2023-31252 + RESERVED +CVE-2023-31251 + RESERVED +CVE-2023-31250 (The file download facility doesn't sufficiently sanitize file paths in ...) + - drupal7 + NOTE: https://www.drupal.org/sa-core-2023-005 +CVE-2023-31238 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + NOT-FOR-US: Siemens +CVE-2023-31237 + RESERVED +CVE-2023-31236 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in unFo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31235 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31234 + RESERVED +CVE-2023-31233 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoq ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31232 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31231 + RESERVED +CVE-2023-31230 (Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tong ...) + NOT-FOR-US: Haoqisir Baidu Tongji generator +CVE-2023-31229 + RESERVED +CVE-2023-31228 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31227 (The hwPartsDFR module has a vulnerability in API calling verification. ...) + NOT-FOR-US: Huawei +CVE-2023-31226 (The SDK for the MediaPlaybackController module has improper permission ...) + NOT-FOR-US: Huawei +CVE-2023-31225 (The Gallery app has the risk of hijacking attacks. Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2023-31194 (An improper array index validation vulnerability exists in the GraphPl ...) + NOT-FOR-US: Diagon +CVE-2023-27390 (A heap-based buffer overflow vulnerability exists in the Sequence::Dra ...) + NOT-FOR-US: Diagon +CVE-2023-2314 (Insufficient data validation in DevTools in Google Chrome prior to 111 ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2313 (Inappropriate implementation in Sandbox in Google Chrome on Windows pr ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2312 (Use after free in Offline in Google Chrome on Android prior to 116.0.5 ...) + {DSA-5479-1} + - chromium 116.0.5845.96-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2311 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2310 (A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer E ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-2309 (The wpForo Forum WordPress plugin before 2.1.9 does not escape some re ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2308 + RESERVED +CVE-2023-2307 (Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik ...) + NOT-FOR-US: builderio/qwik +CVE-2023-2306 (Qognify NiceVision versions 3.1 and prior are vulnerable to exposing s ...) + NOT-FOR-US: Qognify NiceVision +CVE-2023-2305 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2304 (The Favorites plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Favorites plugin for WordPress +CVE-2023-2303 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...) + NOT-FOR-US: Contact Form and Calls To Action by vcita plugin for WordPress +CVE-2023-2302 (The Contact Form and Calls To Action by vcita plugin for WordPress is ...) + NOT-FOR-US: Contact Form and Calls To Action by vcita plugin for WordPress +CVE-2023-2301 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Contact Form Builder by vcita plugin for WordPress +CVE-2023-2300 (The Contact Form Builder by vcita plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Contact Form Builder by vcita plugin for WordPress +CVE-2023-2299 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress +CVE-2023-2298 (The Online Booking & Scheduling Calendar for WordPress by vcita plugin ...) + NOT-FOR-US: Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress +CVE-2023-2297 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2296 (The Loginizer WordPress plugin before 1.7.9 does not escape a paramete ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4945 (The Dataprobe cloud usernames and passwords are stored in plain text i ...) + NOT-FOR-US: Dataprobe +CVE-2022-48480 (Integer overflow vulnerability in some phones. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48479 (The facial recognition TA of some products has the out-of-bounds memor ...) + NOT-FOR-US: Huawei +CVE-2022-48478 (The facial recognition TA of some products lacks memory length verific ...) + NOT-FOR-US: Huawei +CVE-2021-46887 (Lack of length check vulnerability in the HW_KEYMASTER module. Success ...) + NOT-FOR-US: Huawei +CVE-2021-46886 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2021-46885 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2021-46884 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2021-46883 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2021-46882 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2021-46881 (The video framework has memory overwriting caused by addition overflow ...) + NOT-FOR-US: Huawei +CVE-2023-31224 + RESERVED +CVE-2023-31223 (Dradis before 4.8.0 allows persistent XSS by authenticated author user ...) + NOT-FOR-US: Dradis +CVE-2023-2295 (A vulnerability was found in the libreswan library. This security issu ...) + NOTE: RedHat assigned duplicate of CVE-2023-30570, reported to the CNA +CVE-2023-2294 (A vulnerability was found in UCMS 1.6.0. It has been classified as pro ...) + NOT-FOR-US: UCMS +CVE-2023-2293 (A vulnerability was found in SourceCodester Purchase Order Management ...) + NOT-FOR-US: SourceCodester Purchase Order Management System +CVE-2023-2292 + RESERVED +CVE-2023-2291 (Static credentials exist in the PostgreSQL data used in ManageEngine A ...) + NOT-FOR-US: Zoho +CVE-2023-2290 (A potential vulnerability in the LenovoFlashDeviceInterface SMI handle ...) + NOT-FOR-US: Lenovo +CVE-2023-2289 (The wordpress vertical image slider plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2288 (The Otter WordPress plugin before 2.2.6 does not sanitize some user-co ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2287 (The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not li ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2286 (The WP Activity Log for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WP Activity Log for WordPress +CVE-2023-2285 (The WP Activity Log Premium plugin for WordPress is vulnerable to Cros ...) + NOT-FOR-US: WP Activity Log Premium plugin for WordPress +CVE-2023-2284 (The WP Activity Log Premium plugin for WordPress is vulnerable to unau ...) + NOT-FOR-US: WP Activity Log Premium plugin for WordPress +CVE-2023-31222 (Deserialization of untrusted datain Microsoft Messaging Queuing Servic ...) + NOT-FOR-US: Microsoft Messaging Queuing Service in Medtronic's Paceart Optima +CVE-2023-31221 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rans ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31220 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP-EXPER ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31219 (Server-Side Request Forgery (SSRF) vulnerability in WPChill Download M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31218 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31217 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31216 (Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31215 + RESERVED +CVE-2023-31214 + RESERVED +CVE-2023-31213 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31212 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31211 + RESERVED +CVE-2023-31210 (Usage of user controlled LD_LIBRARY_PATH in agent in Checkmk 2.2.0p10 ...) + - check-mk +CVE-2023-31209 (Improper neutralization of active check command arguments in Checkmk < ...) + - check-mk +CVE-2023-31208 (Improper neutralization of livestatus command delimiters in the RestAP ...) + - check-mk +CVE-2023-31207 (Transmission of credentials within query parameters in Checkmk <= 2.1. ...) + - check-mk +CVE-2023-2283 (A vulnerability was found in libssh, where the authentication check of ...) + {DSA-5409-1} + - libssh 0.10.5-1 (bug #1035832) + [buster] - libssh (Vulnerable code introduced later) + NOTE: https://www.libssh.org/security/advisories/CVE-2023-2283.txt + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=e8dfbb85a28514e1f869dac3000c6cec6cb8d08d (libssh-0.10.5) + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=c68a58575b6d0520e342cb3d3796a8fecd66405d (libssh-0.10.5) + NOTE: Vulnerable function introduced with: https://git.libssh.org/projects/libssh.git/commit/?id=fd9446553b5e06c95c67945959b228e44c870b73 (libssh-0.9.0) +CVE-2023-2282 (Improper access control in the Web Login listener in Devolutions Remot ...) + NOT-FOR-US: Devolutions +CVE-2023-2281 (When archiving a team, Mattermost fails to sanitize the related Websoc ...) + - mattermost-server (bug #823556) +CVE-2023-2280 (The WP Directory Kit plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2279 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Directory Kit plugin for WordPress +CVE-2023-2278 (The WP Directory Kit plugin for WordPress is vulnerable to Local File ...) + NOT-FOR-US: WP Directory Kit plugin for WordPress +CVE-2023-2277 (The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Directory Kit plugin for WordPress +CVE-2023-2276 (The WCFM Membership \u2013 WooCommerce Memberships for Multivendor Mar ...) + NOT-FOR-US: WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress +CVE-2023-2275 (The WooCommerce Multivendor Marketplace \u2013 REST API plugin for Wor ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-2274 + RESERVED +CVE-2023-2273 (Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer fr ...) + NOT-FOR-US: Rapid7 +CVE-2023-2272 (The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2271 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31206 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) + NOT-FOR-US: Apache InLong +CVE-2023-31205 + RESERVED +CVE-2023-31204 + RESERVED +CVE-2023-31200 (PTC Vuforia Studio does not require a token; this could allow an atta ...) + NOT-FOR-US: PTC Vuforia Studio +CVE-2023-31199 (Improper access control in the Intel(R) Solid State Drive Toolbox(TM) ...) + NOT-FOR-US: Intel +CVE-2023-31197 (Uncontrolled search path in the Intel(R) Trace Analyzer and Collector ...) + NOT-FOR-US: Intel +CVE-2023-31187 (Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently P ...) + NOT-FOR-US: Avaya +CVE-2023-31186 (Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observ ...) + NOT-FOR-US: Avaya +CVE-2023-31185 (ROZCOM server framework - Misconfiguration may allow information discl ...) + NOT-FOR-US: ROZCOM +CVE-2023-31184 (ROZCOM client CWE-798: Use of Hard-coded Credentials) + NOT-FOR-US: ROZCOM +CVE-2023-31183 (Cybonet PineApp Mail SecureA reflected cross-site scripting (XSS) vuln ...) + NOT-FOR-US: Cybonet PineApp Mail SecureA +CVE-2023-31182 (EasyTor Applications \u2013 Authorization Bypass - EasyTor Application ...) + NOT-FOR-US: EasyTor +CVE-2023-31181 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Trav ...) + NOT-FOR-US: WJJ Software +CVE-2023-31180 (WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-s ...) + NOT-FOR-US: WJJ Software +CVE-2023-31179 (AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal -Vulnerability allow ...) + NOT-FOR-US: AgilePoint +CVE-2023-31178 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Arbitrary File DeleteVulnerabi ...) + NOT-FOR-US: AgilePoint +CVE-2023-31177 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-451 +CVE-2023-31176 (An Insufficient Entropy vulnerability in the Schweitzer Engineering La ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-451 +CVE-2023-31175 (An Execution with Unnecessary Privileges vulnerability in the Schweitz ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31174 (A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer En ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31173 (Use of Hard-coded Credentials vulnerability in Schweitzer Engineering ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31172 (An Incomplete Filtering of Special Elements vulnerability in the Schwe ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31171 (An Improper Neutralization of Special Elements used in an SQL Command ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31170 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31169 (An Improper Handling of Unicode Encoding vulnerability in the Schweitz ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31168 (An Inclusion of Functionality from Untrusted Control Sphere vulnerabil ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31167 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31166 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31165 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31164 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31163 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31162 (An Improper Input Validation vulnerability in the Schweitzer Engineeri ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31161 (AnImproper Input Validation vulnerability in the Schweitzer Engineerin ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31160 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31159 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31158 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31157 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31156 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31155 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31154 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31153 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31152 (An Authentication Bypass Using an Alternate Path or Channel vulnerabil ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31151 (An Improper Certificate Validation vulnerability in the Schweitzer E ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31150 (A Storing Passwords in a Recoverable Format vulnerability in the Schwe ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31149 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31148 (An Improper Input Validation vulnerability in the Schweitzer Enginee ...) + NOT-FOR-US: Schweitzer Engineering Laboratories +CVE-2023-31147 (c-ares is an asynchronous resolver library. When /dev/urandom or RtlGe ...) + [experimental] - c-ares 1.19.1-1 + - c-ares 1.19.1-2 (unimportant) + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 + NOTE: https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5 (cares-1_19_1) + NOTE: Any Debian system/port provides /dev/urandom +CVE-2023-31146 (Vyper is a Pythonic smart contract language for the Ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2023-31145 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2023-31144 (Craft CMS is a content management system. Starting in version 3.0.0 an ...) + NOT-FOR-US: Craft CMS +CVE-2023-31143 (mage-ai is an open-source data pipeline tool for transforming and inte ...) + NOT-FOR-US: mage-ai +CVE-2023-31142 (Discourse is an open source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-31141 (OpenSearch is open-source software suite for search, analytics, and ob ...) + - opensearch (bug #1054912) + NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-g8xc-6mf7-h28h +CVE-2023-31140 (OpenProject is open source project management software. Starting with ...) + NOT-FOR-US: OpenProject +CVE-2023-31139 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) + NOT-FOR-US: DHIS2 +CVE-2023-31138 (DHIS2 Core contains the service layer and Web API for DHIS2, an inform ...) + NOT-FOR-US: DHIS2 +CVE-2023-31137 (MaraDNS is open-source software that implements the Domain Name System ...) + {DSA-5441-1 DLA-3457-1} + - maradns 2.0.13-1.5 (bug #1035936) + NOTE: https://github.com/samboy/MaraDNS/commit/bab062bde40b2ae8a91eecd522e84d8b993bab58 + NOTE: https://github.com/samboy/MaraDNS/security/advisories/GHSA-58m7-826v-9c3c +CVE-2023-31136 (PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO ...) + NOT-FOR-US: PostgresNIO +CVE-2023-31135 (Dgraph is an open source distributed GraphQL database. Existing Dgraph ...) + NOT-FOR-US: Dgraph +CVE-2023-31134 (Tauri is software for building applications for multi-platform deploym ...) + NOT-FOR-US: Tauri +CVE-2023-31133 (Ghost is an app for new-media creators with tools to build a website, ...) + NOT-FOR-US: Ghost CMS +CVE-2023-31132 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti (Only affect Cacti Installer on Windows) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-rf5w-pq3f-9876 +CVE-2023-31131 (Greenplum Database (GPDB) is an open source data warehouse based on Po ...) + NOT-FOR-US: Greenplum Database +CVE-2023-31130 (c-ares is an asynchronous resolver library. ares_inet_net_pton() is vu ...) + {DSA-5419-1 DLA-3471-1} + [experimental] - c-ares 1.19.1-1 + - c-ares 1.18.1-3 + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v + NOTE: https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 (cares-1_19_1) +CVE-2023-31129 (The Contiki-NG operating system versions 4.8 and prior can be triggere ...) + NOT-FOR-US: Contiki-NG +CVE-2023-31128 (NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 o ...) + NOT-FOR-US: Nextcloud app +CVE-2023-31127 (libspdm is a sample implementation that follows the DMTF SPDM specific ...) + NOT-FOR-US: libspdm +CVE-2023-31126 (`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the op ...) + NOT-FOR-US: org.xwiki.commons:xwiki-commons-xml +CVE-2023-31125 (Engine.IO is the implementation of transport-based cross-browser/cross ...) + NOT-FOR-US: Engine.IO +CVE-2023-31124 (c-ares is an asynchronous resolver library. When cross-compiling c-are ...) + [experimental] - c-ares 1.19.1-1 + - c-ares 1.19.1-2 (unimportant) + NOTE: https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 + NOTE: https://github.com/c-ares/c-ares/commit/c4930223e51d0e3dbfd8b2a814f4be2e269e2a9d (cares-1_19_1) + NOTE: No impact on binaries shipped by Debian +CVE-2023-31123 (`effectindex/tripreporter` is a community-powered, universal platform ...) + NOT-FOR-US: effectindex/tripreporter +CVE-2023-30768 (Improper access control in the Intel(R) Server Board S2600WTT belongin ...) + NOT-FOR-US: Intel +CVE-2023-30763 (Heap-based overflow in Intel(R) SoC Watch based software before versio ...) + NOT-FOR-US: Intel +CVE-2023-29502 (Before importing a project into Vuforia, a user could modify the \u20 ...) + NOT-FOR-US: Vuforia +CVE-2023-29242 (Improper access control for Intel(R) oneAPI Toolkits before version 20 ...) + NOT-FOR-US: Intel +CVE-2023-29168 (The local Vuforia web application does not support HTTPS, and federate ...) + NOT-FOR-US: Vuforia +CVE-2023-29152 (By changing the filename parameter in the request, an attacker could ...) + NOT-FOR-US: Vuforia +CVE-2023-28822 + RESERVED +CVE-2023-28745 + RESERVED +CVE-2023-28737 (Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integr ...) + NOT-FOR-US: Intel +CVE-2023-28719 + RESERVED +CVE-2023-28378 (Improper authorization in some Intel(R) QAT drivers for Windows - HW V ...) + NOT-FOR-US: Intel +CVE-2023-27881 (A user could use the \u201cUpload Resource\u201d functionality to uplo ...) + NOT-FOR-US: Vuforia +CVE-2023-24476 (An attacker with local access to the machine could record the traffic, ...) + NOT-FOR-US: Vuforia +CVE-2023-2270 (The Netskope client service running with NT\SYSTEM privileges accepts ...) + NOT-FOR-US: Netskope +CVE-2023-2269 (A denial of service problem was found, due to a possible recursive loc ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2189388 +CVE-2023-2268 (Plane version 0.7.1 allows an unauthenticated attacker to view all sto ...) + NOT-FOR-US: Plane +CVE-2023-2267 (An Improper Input Validation vulnerability in Schweitzer Engineering L ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L +CVE-2023-2266 (AnImproper neutralization of input during web page generation in the S ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L +CVE-2023-2265 (AnImproper Restriction of Rendered UI Layers or Frames in the Schweitz ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L +CVE-2023-2264 (An improper input validation vulnerability in the Schweitzer Engineeri ...) + NOT-FOR-US: Schweitzer Engineering Laboratories SEL-411L +CVE-2023-2263 (The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is v ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2262 (A buffer overflow vulnerability exists in the Rockwell Automation sele ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2261 (The WP Activity Log plugin for WordPress is vulnerable to authorizatio ...) + NOT-FOR-US: WP Activity Log plugin for WordPress +CVE-2023-2260 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: Alf.io +CVE-2023-2259 (Improper Neutralization of Special Elements Used in a Template Engine ...) + NOT-FOR-US: Alf.io +CVE-2023-2258 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: Alf.io +CVE-2023-31122 (Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.Th ...) + - apache2 2.4.58-1 + [bookworm] - apache2 (Minor issue) + [bullseye] - apache2 (Minor issue) + [buster] - apache2 (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/10/19/4 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122 + NOTE: Fixed by: https://github.com/apache/httpd/commit/c41eb3b14a3d1eb2e3c42c4728cc52a22748851a +CVE-2023-31121 + RESERVED +CVE-2023-31120 + RESERVED +CVE-2023-31119 + RESERVED +CVE-2023-31118 + RESERVED +CVE-2023-31117 + RESERVED +CVE-2023-31116 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + NOT-FOR-US: Samsung +CVE-2023-31115 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + NOT-FOR-US: Samsung +CVE-2023-31114 (An issue was discovered in the Shannon RCS component in Samsung Exynos ...) + NOT-FOR-US: Samsung +CVE-2023-31113 + RESERVED +CVE-2023-31112 + RESERVED +CVE-2023-31111 + RESERVED +CVE-2023-31110 + RESERVED +CVE-2023-31109 + RESERVED +CVE-2023-31108 + RESERVED +CVE-2023-31107 + RESERVED +CVE-2023-31106 + RESERVED +CVE-2023-31105 + RESERVED +CVE-2023-31104 + RESERVED +CVE-2023-2257 (Authentication Bypass in Hub Business integration in Devolutions Works ...) + NOT-FOR-US: Devolutions +CVE-2023-2256 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2255 (Improper access control in editor components of The Document Foundatio ...) + {DSA-5415-1 DLA-3526-1} + - libreoffice 4:7.4.5-3 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/ +CVE-2023-2254 (The Ko-fi Button WordPress plugin before 1.3.3 does not properly some ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2253 (A flaw was found in the `/v2/_catalog` endpoint in distribution/distri ...) + {DSA-5414-1 DLA-3473-1} + - docker-registry 2.8.2+ds1-1 (bug #1035956) + NOTE: Fixed by: https://github.com/distribution/distribution/commit/521ea3d973cb0c7089ebbcdd4ccadc34be941f54 (v2.8.2-beta.1) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/09/1 + NOTE: https://github.com/distribution/distribution/security/advisories/GHSA-hqxw-f8mx-cpmw +CVE-2023-2252 + RESERVED +CVE-2023-2251 (Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.) + - node-yaml 2.1.3-2 (bug #1035580) + [bullseye] - node-yaml (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/4b494e99-5a3e-40d9-8678-277f3060e96c + NOTE: https://github.com/advisories/GHSA-f9xv-q969-pqx4 + NOTE: Introduced by: https://github.com/eemeli/yaml/commit/89119eeec4a305d741b26d1a49ffa1ac67394a8e#diff-55db69e02ff5714d444d8081ec6ecac5d9833fb29fda64d1e829e5766434fdc0R97 (v2.0.0-5) + NOTE: Fixed by: https://www.github.com/eemeli/yaml/commit/984f5781ffd807e58cad3b5c8da1f940dab75fba (v2.2.2) +CVE-2023-2250 (A flaw was found in the Open Cluster Management (OCM) when a user have ...) + NOT-FOR-US: Open Cluster Management (OCM) +CVE-2023-2249 (The wpForo Forum plugin for WordPress is vulnerable to Local File Incl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2248 + REJECTED +CVE-2022-48477 (In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module in ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-48476 (In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` ...) + NOT-FOR-US: JetBrains Ktor +CVE-2023-31103 (Exposure of Resource to Wrong Sphere Vulnerability in Apache Software ...) + NOT-FOR-US: Apache InLong +CVE-2023-40481 + - 7zip 23.01+dfsg-1 + [bookworm] - 7zip (Minor issue; will be fixed via point release) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ + NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ +CVE-2023-31102 (Ppmd7.c in 7-Zip before 23.00 allows an integer underflow and invalid ...) + - 7zip 23.01+dfsg-1 + [bookworm] - 7zip (Minor issue; will be fixed via point release) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1165/ + NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/713c8a8269/ +CVE-2023-31101 (Insecure Default Initialization of Resource Vulnerability in Apache So ...) + NOT-FOR-US: Apache InLong +CVE-2023-31100 (Improper Access Control in SMI handler vulnerability in Phoenix Secure ...) + NOT-FOR-US: Phoenix +CVE-2023-31099 (Zoho ManageEngine OPManager through 126323 allows an authenticated use ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-31098 (Weak Password Requirements vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache InLong +CVE-2023-31097 + RESERVED +CVE-2023-31096 (An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel ...) + NOT-FOR-US: Broadcom +CVE-2023-31095 + RESERVED +CVE-2023-31094 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Ka ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-31093 (Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31092 + RESERVED +CVE-2023-31091 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31090 + RESERVED +CVE-2023-31089 (Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31088 (Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floatin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31087 (Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Mana ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31086 (Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31085 (An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/ + NOTE: Negligible security impact +CVE-2023-31084 (An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in th ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1 DLA-3508-1} + - linux 6.3.7-1 + NOTE: https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/ +CVE-2023-31083 (An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux ...) + - linux 6.5.8-1 + NOTE: https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/ +CVE-2023-31082 (An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2 ...) + - linux + NOTE: https://lore.kernel.org/all/CA+UBctCZok5FSQ=LPRA+A-jocW=L8FuMVZ_7MNqhh483P5yN8A@mail.gmail.com/ +CVE-2023-31081 (An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_brid ...) + - linux (unimportant) + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/all/CA+UBctDXyiosaiR7YNKCs8k0aWu4gU+YutRcnC+TDJkXpHjQag@mail.gmail.com/ + NOTE: CONFIG_DVB_VIDTV (vidtv driver) not enabled in Debian official configuration +CVE-2023-31080 + RESERVED +CVE-2023-31079 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31078 (Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31077 (Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31076 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31075 (Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Lo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31074 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31073 + RESERVED +CVE-2023-31072 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31071 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yannick ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31070 + RESERVED +CVE-2023-31069 (An issue was discovered in TSplus Remote Access through 16.0.2.14. Cre ...) + NOT-FOR-US: TSplus +CVE-2023-31068 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...) + NOT-FOR-US: TSplus +CVE-2023-31067 (An issue was discovered in TSplus Remote Access through 16.0.2.14. The ...) + NOT-FOR-US: TSplus +CVE-2023-31066 (Files or Directories Accessible to External Parties vulnerability in A ...) + NOT-FOR-US: Apache InLong +CVE-2023-31065 (Insufficient Session Expiration vulnerability in Apache Software Found ...) + NOT-FOR-US: Apache InLong +CVE-2023-31064 (Files or Directories Accessible to External Parties vulnerability in A ...) + NOT-FOR-US: Apache InLong +CVE-2023-31063 + RESERVED +CVE-2023-31062 (Improper Privilege Management Vulnerabilities in Apache Software Found ...) + NOT-FOR-US: Apache InLong +CVE-2023-31061 (Repetier Server through 1.4.10 does not have CSRF protection.) + NOT-FOR-US: Repetier Server +CVE-2023-31060 (Repetier Server through 1.4.10 executes as SYSTEM. This can be leverag ...) + NOT-FOR-US: Repetier Server +CVE-2023-31059 (Repetier Server through 1.4.10 allows ..%5c directory traversal for re ...) + NOT-FOR-US: Repetier Server +CVE-2023-31058 (Deserialization of Untrusted Data Vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-31057 + RESERVED +CVE-2023-31056 (CloverDX before 5.17.3 writes passwords to the audit log in certain si ...) + NOT-FOR-US: CloverDX +CVE-2023-31055 + RESERVED +CVE-2023-31054 + RESERVED +CVE-2023-31053 + RESERVED +CVE-2023-31052 + RESERVED +CVE-2023-31051 + RESERVED +CVE-2023-31050 + RESERVED +CVE-2023-31049 + RESERVED +CVE-2023-31048 (The OPC UA .NET Standard Reference Server before 1.4.371.86. places se ...) + NOT-FOR-US: OPC UA .NET Standard Reference Server +CVE-2023-31047 (In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, i ...) + {DLA-3415-1} + - python-django 3:3.2.19-1 (bug #1035467) + [bullseye] - python-django 2:2.2.28-1~deb11u2 + NOTE: https://www.djangoproject.com/weblog/2023/may/03/security-releases/ + NOTE: https://github.com/django/django/commit/fb4c55d9ec4bb812a7fb91fa20510d91645e411b (main) + NOTE: https://github.com/django/django/commit/eed53d0011622e70b936e203005f0e6f4ac48965 (3.2.19) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/03/1 +CVE-2023-31046 (A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and ...) + NOT-FOR-US: PaperCut +CVE-2023-31045 (A stored Cross-site scripting (XSS) issue in Text Editors and Formats ...) + - backdrop (bug #914257) +CVE-2023-31044 + RESERVED +CVE-2023-31043 (EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs un ...) + NOT-FOR-US: EnterpriseDB +CVE-2023-2247 (In affected versions of Octopus Deploy it is possible to unmask variab ...) + NOT-FOR-US: Octopus Deploy +CVE-2023-31042 (A flaw exists in FlashBlade Purity whereby an authenticated user with ...) + NOT-FOR-US: FlashBlade Purity +CVE-2023-31041 (An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with ker ...) + NOT-FOR-US: Insyde +CVE-2023-31040 + RESERVED +CVE-2023-2246 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: SourceCodester +CVE-2023-31039 (Security vulnerabilityin Apache bRPC <1.5.0 on all platforms allows at ...) + NOT-FOR-US: Apache bRPC +CVE-2023-31038 (SQL injection in Log4cxx when using the ODBC appender to send log mess ...) + [experimental] - log4cxx 1.1.0-1~exp1 + - log4cxx 1.1.0-1 (unimportant) + NOTE: https://lists.apache.org/thread/vgjlpdf353vv91gryspwxrzj6p0fbjd9 + NOTE: ODBC appender not enabled in Debian builds +CVE-2023-2245 (A vulnerability was found in hansunCMS 1.4.3. It has been declared as ...) + NOT-FOR-US: hansunCMS +CVE-2023-2244 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) + NOT-FOR-US: SourceCodester Online Eyewear Shop +CVE-2023-2243 (A vulnerability was found in SourceCodester Complaint Management Syste ...) + NOT-FOR-US: SourceCodester Complaint Management System +CVE-2023-2242 (A vulnerability has been found in SourceCodester Online Computer and L ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-2241 (A vulnerability, which was classified as critical, was found in PoDoFo ...) + - libpodofo (Vulnerable code introduced later) + NOTE: https://github.com/podofo/podofo/issues/69 + NOTE: Introduced by: https://github.com/podofo/podofo/commit/a2eca000e5a4337fb79ee8215d06413785653184 + NOTE: Fixed by: https://github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778 +CVE-2012-10014 (A vulnerability classified as problematic has been found in Kau-Boy Ba ...) + NOT-FOR-US: WordPress plugin +CVE-2012-10013 (A vulnerability was found in Kau-Boy Backend Localization Plugin up to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-31037 + RESERVED +CVE-2023-31036 + RESERVED +CVE-2023-31035 + RESERVED +CVE-2023-31034 + RESERVED +CVE-2023-31033 + RESERVED +CVE-2023-31032 + RESERVED +CVE-2023-31031 + RESERVED +CVE-2023-31030 + RESERVED +CVE-2023-31029 + RESERVED +CVE-2023-31028 + RESERVED +CVE-2023-31027 (NVIDIA GPU Display Driver for Windows contains a vulnerability that al ...) + NOT-FOR-US: NVIDIA +CVE-2023-31026 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...) + NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) +CVE-2023-31025 + RESERVED +CVE-2023-31024 + RESERVED +CVE-2023-31023 (NVIDIA Display Driver for Windows contains a vulnerability where an at ...) + NOT-FOR-US: NVIDIA +CVE-2023-31022 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 525.147.05-1 (bug #1055136) + [bookworm] - nvidia-graphics-drivers 525.147.05-1~deb12u1 + [bullseye] - nvidia-graphics-drivers (Non-free not supported) + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-open-gpu-kernel-modules 525.147.05-1 (bug #1055144) + [bookworm] - nvidia-open-gpu-kernel-modules 525.147.05-1~deb12u1 + - nvidia-graphics-drivers-tesla 525.147.05-1 (bug #1055143) + [bookworm] - nvidia-graphics-drivers-tesla 525.147.05-3~deb12u1 + - nvidia-graphics-drivers-tesla-470 470.223.02-1 (bug #1055142) + [bookworm] - nvidia-graphics-drivers-tesla-470 470.223.02-1~deb12u1 + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1055141) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.248.02-4 (bug #1055140) + NOTE: 450.248.02-4 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + [bullseye] - nvidia-graphics-drivers-tesla-450 (Non-free not supported) + - nvidia-graphics-drivers-tesla-418 (bug #1055139) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1055138) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1055137) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5491 +CVE-2023-31021 (NVIDIA vGPU software for Windows and Linux contains a vulnerability in ...) + NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) +CVE-2023-31020 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA +CVE-2023-31019 (NVIDIA GPU Display Driver for Windows contains a vulnerability in wksS ...) + NOT-FOR-US: NVIDIA +CVE-2023-31018 (NVIDIA GPU Driver for Windows and Linux contains a vulnerability in th ...) + NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) +CVE-2023-31017 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) + NOT-FOR-US: NVIDIA +CVE-2023-31016 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) + NOT-FOR-US: NVIDIA +CVE-2023-31015 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31014 (NVIDIA GeForce Now for Android contains a vulnerability in the game la ...) + NOT-FOR-US: NVIDIA GeForce Now for Android +CVE-2023-31013 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31012 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31011 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service where ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31010 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31009 (NVIDIA DGX H100 BMC contains a vulnerability in the REST service, wher ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31008 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-31007 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache Pulsar +CVE-2023-31006 + RESERVED +CVE-2023-31005 + RESERVED +CVE-2023-31004 + RESERVED +CVE-2023-31003 + RESERVED +CVE-2023-31002 + RESERVED +CVE-2023-31001 + RESERVED +CVE-2023-31000 + RESERVED +CVE-2023-30999 + RESERVED +CVE-2023-30998 + RESERVED +CVE-2023-30997 + RESERVED +CVE-2023-30996 + RESERVED +CVE-2023-30995 (IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow ...) + NOT-FOR-US: IBM +CVE-2023-30994 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) + NOT-FOR-US: IBM +CVE-2023-30993 (IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow ...) + NOT-FOR-US: IBM +CVE-2023-30992 + RESERVED +CVE-2023-30991 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2023-30990 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute ...) + NOT-FOR-US: IBM +CVE-2023-30989 (IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local pr ...) + NOT-FOR-US: IBM +CVE-2023-30988 (The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i conta ...) + NOT-FOR-US: IBM +CVE-2023-30987 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30986 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-30985 (A vulnerability has been identified in Solid Edge SE2023 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-30984 + RESERVED +CVE-2023-30983 + RESERVED +CVE-2023-30982 + RESERVED +CVE-2023-30981 + RESERVED +CVE-2023-30980 + RESERVED +CVE-2023-30979 + RESERVED +CVE-2023-30978 + RESERVED +CVE-2023-30977 + RESERVED +CVE-2023-30976 + RESERVED +CVE-2023-30975 + RESERVED +CVE-2023-30974 + RESERVED +CVE-2023-30973 + RESERVED +CVE-2023-30972 + RESERVED +CVE-2023-30971 + RESERVED +CVE-2023-30970 + RESERVED +CVE-2023-30969 (The Palantir Tiles1 service was found to be vulnerable to an API wide ...) + NOT-FOR-US: Palantir +CVE-2023-30968 + RESERVED +CVE-2023-30967 (Gotham Orbital-Simulator service prior to 0.692.0 was found to be vuln ...) + NOT-FOR-US: Gotham Orbital-Simulator service +CVE-2023-30966 + RESERVED +CVE-2023-30965 + RESERVED +CVE-2023-30964 + RESERVED +CVE-2023-30963 (A security defect was discovered in Foundry Frontend which enabled use ...) + NOT-FOR-US: Palantir +CVE-2023-30962 (The Gotham Cerberus service was found to have a stored cross-site scri ...) + NOT-FOR-US: Gotham Cerberus +CVE-2023-30961 (Palantir Gotham was found to be vulnerable to a bug where under certai ...) + NOT-FOR-US: Palantir Gotham +CVE-2023-30960 (A security defect was discovered in Foundry job-tracker that enabled u ...) + NOT-FOR-US: Palantir +CVE-2023-30959 (In Apollo change requests, comments added by users could contain a ja ...) + NOT-FOR-US: Apollo +CVE-2023-30958 (A security defect was identified in Foundry Frontend that enabled user ...) + NOT-FOR-US: Palantir +CVE-2023-30957 + RESERVED +CVE-2023-30956 (A security defect was identified in Foundry Comments that enabled a us ...) + NOT-FOR-US: Palantir +CVE-2023-30955 (A security defect was identified in Foundry workspace-server that enab ...) + NOT-FOR-US: Palantir +CVE-2023-30954 (The Gotham video-application-server service contained a race condition ...) + NOT-FOR-US: Gotham video-application-server service +CVE-2023-30953 + RESERVED +CVE-2023-30952 (A security defect was discovered in Foundry Issues that enabled users ...) + NOT-FOR-US: Palantir +CVE-2023-30951 (The Foundry Magritte plugin rest-source was found to be vulnerable to ...) + NOT-FOR-US: Palantir +CVE-2023-30950 (The foundry campaigns service was found to be vulnerable to an unauthe ...) + NOT-FOR-US: Palantir +CVE-2023-30949 (A missing origin validation in Slate sandbox could be exploited by a m ...) + NOT-FOR-US: Palantir +CVE-2023-30948 (A security defect in Foundry's Comments functionality resulted in the ...) + NOT-FOR-US: Palantir +CVE-2023-30947 + RESERVED +CVE-2023-30946 (A security defect was identified in Foundry Issues. If a user was adde ...) + NOT-FOR-US: Palantir +CVE-2023-30945 (Multiple Services such as VHS(Video History Server) and VCD(Video Clip ...) + NOT-FOR-US: Palantir +CVE-2023-30944 (The vulnerability was found Moodle which exists due to insufficient sa ...) + - moodle +CVE-2023-30943 (The vulnerability was found Moodle which exists because the applicatio ...) + - moodle +CVE-2023-30942 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30941 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30940 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30939 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30938 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30937 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30936 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30935 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30934 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30933 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30932 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30931 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30930 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30929 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-30928 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2023-30927 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30926 (In opm service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2023-30925 (In opm service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2023-30924 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30923 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30922 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30921 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30920 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30919 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30918 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30917 (In DMService, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30916 (In DMService, there is a possible missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30915 (In email service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2023-30914 (In email service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2023-30913 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-2240 (Improper Privilege Management in GitHub repository microweber/microweb ...) + NOT-FOR-US: microweber +CVE-2023-2239 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) + NOT-FOR-US: microweber +CVE-2023-2238 + RESERVED +CVE-2023-2237 (The WP Replicate Post plugin for WordPress is vulnerable to SQL Inject ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2236 (A use-after-free vulnerability in the Linux Kernel io_uring subsystem ...) + - linux 6.0.12-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7) +CVE-2023-2235 (A use-after-free vulnerability in the Linux Kernel Performance Events ...) + - linux 6.1.25-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fd0815f632c24878e325821943edccc7fde947a2 (6.3-rc3) +CVE-2023-2234 (Union variant confusion allows any malicious BT controller to execute ...) + NOT-FOR-US: Zephyr +CVE-2023-2233 (An improper authorization issue has been discovered in GitLab CE/EE af ...) + - gitlab +CVE-2023-2232 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-2231 (A vulnerability, which was classified as critical, was found in MAXTEC ...) + NOT-FOR-US: MAXTECH +CVE-2023-2230 + REJECTED +CVE-2023-2229 (The Quick Post Duplicator for WordPress is vulnerable to SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2228 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-2227 (Improper Authorization in GitHub repository modoboa/modoboa prior to 2 ...) + NOT-FOR-US: Modoboa +CVE-2023-2226 (Due to insufficient validation in the PE and OLE parsers in Rapid7's V ...) + NOT-FOR-US: Rapid7 +CVE-2023-2225 (The SEO ALert WordPress plugin through 1.59 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2224 (The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2223 (The Login rebuilder WordPress plugin before 2.8.1 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2222 + REJECTED +CVE-2023-2221 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4944 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: KodExplorer +CVE-2023-2220 (A vulnerability was found in Dream Technology mica up to 3.0.5. It has ...) + NOT-FOR-US: Dream Technology mica +CVE-2023-2219 (A vulnerability was found in SourceCodester Task Reminder System 1.0 a ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-2218 (A vulnerability has been found in SourceCodester Task Reminder System ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-2217 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-2216 (A vulnerability classified as problematic was found in Campcodes Coffe ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2215 (A vulnerability classified as critical has been found in Campcodes Cof ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2214 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2213 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2212 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2211 (A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2210 (A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2209 (A vulnerability, which was classified as critical, was found in Campco ...) + NOT-FOR-US: Campcodes Coffee Shop POS System +CVE-2023-2208 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store +CVE-2023-2207 (A vulnerability classified as critical was found in Campcodes Retro Ba ...) + NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store +CVE-2023-2206 (A vulnerability classified as critical has been found in Campcodes Ret ...) + NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store +CVE-2023-2205 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...) + NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store +CVE-2023-2204 (A vulnerability was found in Campcodes Retro Basketball Shoes Online S ...) + NOT-FOR-US: Campcodes Retro Basketball Shoes Online Store +CVE-2023-2203 (A flaw was found in the WebKitGTK package. An improper input validatio ...) + - webkit2gtk (RHEL-specific backport regression) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188543 +CVE-2023-2202 (Improper Access Control in GitHub repository francoisjacquet/rosariosi ...) + NOT-FOR-US: RosarioSIS +CVE-2023-2201 (The Web Directory Free for WordPress is vulnerable to SQL Injection vi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2200 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-2199 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2198 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-30912 (A remote code execution issue exists in HPE OneView.) + NOT-FOR-US: HPE +CVE-2023-30911 (HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest ...) + NOT-FOR-US: HPE +CVE-2023-30910 (HPE MSA Controller prior to versionIN210R004 could be remotely exploit ...) + NOT-FOR-US: HPE +CVE-2023-30909 (A remote authentication bypass issue exists in some OneView APIs.) + NOT-FOR-US: HPE +CVE-2023-30908 (A remote authentication bypass issue exists in a OneView API.) + NOT-FOR-US: HPE +CVE-2023-30907 + RESERVED +CVE-2023-30906 (The vulnerability could be locally exploited to allow escalation of pr ...) + NOT-FOR-US: HPE +CVE-2023-30905 (The MC990 X and UV300 RMC component has and inadequate default configu ...) + NOT-FOR-US: HPE +CVE-2023-30904 (A security vulnerability in HPE Insight Remote Support may result in t ...) + NOT-FOR-US: HPE +CVE-2023-30903 (HP-UX could be exploited locally to create a Denial of Service (DoS) w ...) + NOT-FOR-US: HPE +CVE-2023-30902 (A privilege escalation vulnerability in the Trend Micro Apex One and A ...) + NOT-FOR-US: Trend Micro +CVE-2023-30901 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + NOT-FOR-US: Siemens +CVE-2023-30900 (A vulnerability has been identified in Xpedition Layout Browser (All v ...) + NOT-FOR-US: Siemens +CVE-2023-30899 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) + NOT-FOR-US: Siemens +CVE-2023-30898 (A vulnerability has been identified in Siveillance Video 2020 R2 (All ...) + NOT-FOR-US: Siemens +CVE-2023-2197 (HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padd ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-2196 (A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-2195 (A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-2194 (An out-of-bounds write vulnerability was found in the Linux kernel's S ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/92fbb6d1296f81f41f65effd7f5f8c0f74943d15 (6.3-rc4) +CVE-2023-2193 (Mattermost fails to invalidate existing authorization codes when deaut ...) + - mattermost-server (bug #823556) +CVE-2023-30897 (A vulnerability has been identified in SIMATIC WinCC (All versions < V ...) + NOT-FOR-US: Siemens +CVE-2023-2192 + RESERVED +CVE-2023-2191 (Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azu ...) + NOT-FOR-US: azuracast +CVE-2023-2190 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-2189 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2188 (The Colibri Page Builder for WordPress is vulnerable to SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30896 + RESERVED +CVE-2023-30895 + RESERVED +CVE-2023-30894 + RESERVED +CVE-2023-30893 + RESERVED +CVE-2023-30892 + RESERVED +CVE-2023-30891 + RESERVED +CVE-2023-30890 + RESERVED +CVE-2023-30889 + RESERVED +CVE-2023-30888 + RESERVED +CVE-2023-30887 + RESERVED +CVE-2023-30886 + RESERVED +CVE-2023-30885 + RESERVED +CVE-2023-30884 + RESERVED +CVE-2023-30883 + RESERVED +CVE-2023-30882 + RESERVED +CVE-2023-30881 + RESERVED +CVE-2023-30880 + RESERVED +CVE-2023-30879 + RESERVED +CVE-2023-30878 + RESERVED +CVE-2023-30877 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30876 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30874 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stev ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30873 + RESERVED +CVE-2023-30872 + RESERVED +CVE-2023-30871 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PT Woo P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30870 + RESERVED +CVE-2023-30869 (Improper Authentication vulnerability in Easy Digital Downloads plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30868 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Chri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30867 (In the Streampark platform, when users log in to the system and use ce ...) + NOT-FOR-US: Apache StreamPark +CVE-2023-30866 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2023-30865 (In dialer service, there is a missing permission check. This could lea ...) + NOT-FOR-US: Unisoc +CVE-2023-30864 (In Connectivity Service, there is a possible missing permission check. ...) + NOT-FOR-US: Unisoc +CVE-2023-30863 (In Connectivity Service, there is a possible missing permission check. ...) + NOT-FOR-US: Unisoc +CVE-2023-30862 + RESERVED +CVE-2023-2187 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...) + NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway +CVE-2023-2186 (On Triangle MicroWorks' SCADA Data Gateway version <= v5.01.03, an una ...) + NOT-FOR-US: Triangle MicroWorks' SCADA Data Gateway +CVE-2023-2185 + REJECTED +CVE-2023-2184 (The WP Responsive Tabs horizontal vertical and accordion Tabs plugin f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2183 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-2182 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-2181 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2180 (The KIWIZ Invoices Certification & PDF System WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2179 (The WooCommerce Order Status Change Notifier WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2178 (The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2177 (A null pointer dereference issue was found in the sctp network protoco ...) + - linux 5.18.16-1 + [bullseye] - linux 5.10.136-1 + NOTE: https://lore.kernel.org/netdev/CADvbK_dWMO0XdAf950Q14pUv99ahS1MRnOtppvosU2w33sO=kw@mail.gmail.com/T/ + NOTE: https://git.kernel.org/linus/181d8d2066c000ba0a0e6940a7ad80f1a0e68e9d (5.19) +CVE-2023-2176 (A vulnerability was found in compare_netdev_and_ip in drivers/infiniba ...) + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2022/12/9/178 + NOTE: https://www.spinics.net/lists/linux-rdma/msg114749.html + NOTE: https://patchwork.kernel.org/project/linux-rdma/patch/3d0e9a2fd62bc10ba02fed1c7c48a48638952320.1672819273.git.leonro@nvidia.com/ + NOTE: https://git.kernel.org/linus/8d037973d48c026224ab285e6a06985ccac6f7bf (6.3-rc1) +CVE-2022-4943 (The miniOrange's Google Authenticator plugin for WordPress is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2175 + RESERVED +CVE-2023-2174 (The BadgeOS plugin for WordPress is vulnerable to unauthorized modific ...) + NOT-FOR-US: BadgeOS plugin for WordPress +CVE-2023-2173 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...) + NOT-FOR-US: BadgeOS plugin for WordPress +CVE-2023-2172 (The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Obje ...) + NOT-FOR-US: BadgeOS plugin for WordPress +CVE-2023-2171 (The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: BadgeOS plugin for WordPress +CVE-2023-2170 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: TaxoPress plugin for WordPress +CVE-2023-2169 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: TaxoPress plugin for WordPress +CVE-2023-2168 (The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: TaxoPress plugin for WordPress +CVE-2023-2167 + RESERVED +CVE-2023-30861 (Flask is a lightweight WSGI web application framework. When all of the ...) + {DSA-5442-1 DLA-3536-1} + - flask 2.2.2-3 (bug #1035670) + NOTE: https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq + NOTE: https://github.com/pallets/flask/commit/8646edca6f47e2cd57464081b3911218d4734f8d (2.2.5) + NOTE: https://github.com/pallets/flask/commit/8705dd39c4fa563ea0fe0bf84c85da8fcc98b88d (2.3.2) +CVE-2023-30860 (WWBN AVideo is an open source video platform. In AVideo prior to versi ...) + NOT-FOR-US: AVideo +CVE-2023-30859 (Triton is a Minecraft plugin for Spigot and BungeeCord that helps you ...) + NOT-FOR-US: Triton Minecraft plugin +CVE-2023-30858 (The Denosaurs emoji package provides emojis for dinosaurs. Starting in ...) + NOT-FOR-US: Denosaurs emoji package +CVE-2023-30857 (@aedart/support is the support package for Ion, a monorepo for JavaScr ...) + NOT-FOR-US: support package for Ion +CVE-2023-30856 (eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and pri ...) + NOT-FOR-US: eDEX-UI +CVE-2023-30855 (Pimcore is an open source data and experience management platform. Ver ...) + NOT-FOR-US: Pimcore +CVE-2023-30854 (AVideo is an open source video platform. Prior to version 12.4, an OS ...) + NOT-FOR-US: AVideo +CVE-2023-30853 (Gradle Build Action allows users to execute a Gradle Build in their Gi ...) + NOT-FOR-US: Gradle Build Action +CVE-2023-30852 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-30851 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-30850 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-30849 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-30848 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-30847 (H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the rev ...) + - h2o (Vulnerable code not present before 2.2.6 upstream) + NOTE: Fixed by: https://github.com/h2o/h2o/commit/a70af675328dda438ecd9d8a1673c1715fd93cc7 + NOTE: Fixed by: https://github.com/h2o/h2o/commit/5f57d505514e937d13787b1f408837cb9197e2b2 + NOTE: https://github.com/h2o/h2o/pull/3229 + NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-p5hj-phwj-hrvx +CVE-2023-30846 (typed-rest-client is a library for Node Rest and Http Clients with typ ...) + NOT-FOR-US: typed-rest-client +CVE-2023-30845 (ESPv2 is a service proxy that provides API management capabilities usi ...) + NOT-FOR-US: ESPv2 +CVE-2023-30844 (Mutagen provides real-time file synchronization and flexible network f ...) + NOT-FOR-US: mutagen.io (different from src:mutagen) +CVE-2023-30843 (Payload is a free and open source headless content management system. ...) + NOT-FOR-US: Payload +CVE-2023-30842 + REJECTED +CVE-2023-30841 (Baremetal Operator (BMO) is a bare metal host provisioning integration ...) + NOT-FOR-US: Baremetal Operator (BMO) +CVE-2023-30840 (Fluid is an open source Kubernetes-native distributed dataset orchestr ...) + NOT-FOR-US: Fluid +CVE-2023-30839 (PrestaShop is an Open Source e-commerce web application. Versions prio ...) + NOT-FOR-US: PrestaShop +CVE-2023-30838 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-30837 (Vyper is a pythonic smart contract language for the EVM. The storage a ...) + NOT-FOR-US: Vyper +CVE-2023-30836 + RESERVED +CVE-2023-30835 + RESERVED +CVE-2023-30834 + RESERVED +CVE-2023-30833 + RESERVED +CVE-2023-30832 + RESERVED +CVE-2023-30831 + RESERVED +CVE-2023-30830 + RESERVED +CVE-2023-30829 + RESERVED +CVE-2023-30828 + RESERVED +CVE-2023-30827 + RESERVED +CVE-2023-30826 + RESERVED +CVE-2023-30825 + RESERVED +CVE-2023-30824 + RESERVED +CVE-2023-30823 + RESERVED +CVE-2023-30822 + RESERVED +CVE-2023-30821 + RESERVED +CVE-2023-30820 + RESERVED +CVE-2023-30819 + RESERVED +CVE-2023-30818 + RESERVED +CVE-2023-30817 + RESERVED +CVE-2023-30816 + RESERVED +CVE-2023-30815 + RESERVED +CVE-2023-30814 + RESERVED +CVE-2023-30813 + RESERVED +CVE-2023-30812 + RESERVED +CVE-2023-30811 + RESERVED +CVE-2023-30810 + RESERVED +CVE-2023-30809 + RESERVED +CVE-2023-30808 + RESERVED +CVE-2023-30807 + RESERVED +CVE-2023-30806 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) + NOT-FOR-US: Sangfor Next-Gen Application Firewall +CVE-2023-30805 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) + NOT-FOR-US: Sangfor Next-Gen Application Firewall +CVE-2023-30804 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) + NOT-FOR-US: Sangfor Next-Gen Application Firewall +CVE-2023-30803 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) + NOT-FOR-US: Sangfor Next-Gen Application Firewall +CVE-2023-30802 (The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulner ...) + NOT-FOR-US: Sangfor Next-Gen Application Firewall +CVE-2023-30801 (All versions of the qBittorrent client through 4.5.5 use default crede ...) + - qbittorrent (unimportant) + NOTE: https://github.com/qbittorrent/qBittorrent/issues/18731 + NOTE: https://github.com/qbittorrent/qBittorrent/pull/18735 + NOTE: README.Debian documents that quite clearly for the headless -nox version + NOTE: When merged, the patches could still be backported as hardening, but + NOTE: there's no need to treat this as a vulnerability by itself +CVE-2023-30800 (The web server used by MikroTik RouterOS version 6 is affected by a he ...) + NOT-FOR-US: MikroTik +CVE-2023-30799 (MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 ar ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2023-30798 (There MultipartParser usage in Encode's Starlette python framework bef ...) + - starlette 0.25.0-1 + [bullseye] - starlette (Minor issue) + NOTE: https://github.com/encode/starlette/commit/8c74c2c8dba7030154f8af18e016136bea1938fa (0.25.0) + NOTE: https://github.com/encode/starlette/security/advisories/GHSA-74m5-2c7w-9w3x +CVE-2023-30797 (Netflix Lemur before version 1.3.2 used insufficiently random values w ...) + NOT-FOR-US: Netflix Lemur +CVE-2023-30796 (A vulnerability has been identified in JT Open (All versions < V11.4), ...) + NOT-FOR-US: Siemens +CVE-2023-30795 (A vulnerability has been identified in JT Open (All versions < V11.4), ...) + NOT-FOR-US: Siemens +CVE-2023-2166 (A null pointer dereference issue was found in can protocol in net/can/ ...) + - linux 6.1.4-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0acc442309a0a1b01bcdaa135e56e6398a49439c (6.1) +CVE-2023-2165 + RESERVED +CVE-2023-2164 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-2163 (Incorrect verifier pruningin BPF in Linux Kernel>=5.4leads to unsafe c ...) + - linux 6.1.27-1 + [bullseye] - linux 5.10.179-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/71b547f561247897a0a14f3082730156c0533fed (6.3) +CVE-2023-2162 (A use-after-free vulnerability was found in iscsi_sw_tcp_session_creat ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/f484a794e4ee2a9ce61f52a78e810ac45f3fe3b3 (6.2-rc6) +CVE-2023-2161 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) + NOT-FOR-US: Schneider +CVE-2023-2160 (Weak Password Requirements in GitHub repository modoboa/modoboa prior ...) + NOT-FOR-US: modoboa +CVE-2023-2159 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2158 (Code Dx versions prior to 2023.4.2 are vulnerable to user impersonatio ...) + NOT-FOR-US: Code Dx +CVE-2023-2157 (A heap-based buffer overflow vulnerability was found in the ImageMagic ...) + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036476) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/9a9896fce95d09e5e47b86baccbe1ce1a2fca76b (7.1.1-7) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/7e4c992f148afc5b28111e540921d5b6e4e38673 (6.9.12-85) +CVE-2023-2156 (A flaw was found in the networking subsystem of the Linux kernel withi ...) + {DSA-5453-1 DSA-5448-1 DLA-3512-1} + - linux 6.3.11-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-547/ + NOTE: https://www.interruptlabs.co.uk//articles/linux-ipv6-route-of-death + NOTE: https://git.kernel.org/linus/a2f4c143d76b1a47c91ef9bc46907116b111da0b (6.4-rc6) +CVE-2023-2155 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) + NOT-FOR-US: SourceCodester Air Cargo Management System +CVE-2023-2154 (A vulnerability was found in SourceCodester Task Reminder System 1.0. ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-2153 (A vulnerability was found in SourceCodester Complaint Management Syste ...) + NOT-FOR-US: SourceCodester Complaint Management System +CVE-2023-2152 (A vulnerability has been found in SourceCodester Student Study Center ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-2151 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-2150 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Task Reminder System +CVE-2023-2149 (A vulnerability classified as critical was found in Campcodes Online T ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2148 (A vulnerability classified as critical has been found in Campcodes Onl ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2147 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2146 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2145 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2144 (A vulnerability was found in Campcodes Online Thesis Archiving System ...) + NOT-FOR-US: Campcodes Online Thesis Archiving System +CVE-2023-2143 (The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2142 + RESERVED +CVE-2023-2141 (An unsafe .NET object deserialization in DELMIA Apriso Release 2017 th ...) + NOT-FOR-US: DELMIA Apriso +CVE-2023-2140 (A Server-Side Request Forgery vulnerability in DELMIA Apriso Release ...) + NOT-FOR-US: DELMIA Apriso +CVE-2023-2139 (A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso ...) + NOT-FOR-US: DELMIA Apriso +CVE-2022-4942 (A vulnerability was found in mportuga eslint-detailed-reporter up to 0 ...) + NOT-FOR-US: eslint-detailed-reporter +CVE-2022-48475 (Buffer Overflow vulnerability in Control de Ciber version 1.650, in th ...) + NOT-FOR-US: Control de Ciber +CVE-2022-48474 (Control de Ciber, in its 1.650 version, is affected by a Denial of Ser ...) + NOT-FOR-US: Control de Ciber +CVE-2022-48473 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) + NOT-FOR-US: Huawei +CVE-2022-48472 (A Huawei printer has a system command injection vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2022-48471 (There is a misinterpretation of input vulnerability in Huawei Printer. ...) + NOT-FOR-US: Huawei +CVE-2022-48470 + RESERVED +CVE-2022-48469 (There is a traffic hijacking vulnerability in Huawei routers. Successf ...) + NOT-FOR-US: Huawei +CVE-2014-125099 (A vulnerability has been found in I Recommend This Plugin up to 3.7.2 ...) + NOT-FOR-US: I Recommend This Plugin +CVE-2023-30794 + RESERVED +CVE-2023-30793 + RESERVED +CVE-2023-2138 (Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-mod ...) + NOT-FOR-US: nuxtlabs/github-module +CVE-2023-2137 (Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.13 ...) + {DSA-5393-1} + - chromium 112.0.5615.138-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2136 (Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allo ...) + {DSA-5393-1} + - chromium 112.0.5615.138-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2135 (Use after free in DevTools in Google Chrome prior to 112.0.5615.137 al ...) + {DSA-5393-1} + - chromium 112.0.5615.138-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2134 (Out of bounds memory access in Service Worker API in Google Chrome pri ...) + {DSA-5393-1} + - chromium 112.0.5615.138-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2133 (Out of bounds memory access in Service Worker API in Google Chrome pri ...) + {DSA-5393-1} + - chromium 112.0.5615.138-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2132 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2131 (Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS co ...) + NOT-FOR-US: INEA ME RTU firmware +CVE-2023-2130 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Purchase Order Management System +CVE-2023-30792 (Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: ...) + NOT-FOR-US: Facebook lexical text editor +CVE-2023-30791 (Plane version 0.7.1-dev allows an attacker to change the avatar of his ...) + NOT-FOR-US: Plane +CVE-2023-30790 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-30789 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-30788 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-30787 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-30786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Benj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30785 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30784 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30783 + RESERVED +CVE-2023-30782 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30781 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Theme Bl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30780 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jonathan ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30778 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30777 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30776 (An authenticated user with specific data permissions could access data ...) + NOT-FOR-US: Apache Superset +CVE-2023-2129 + RESERVED +CVE-2023-2128 + RESERVED +CVE-2023-2127 + RESERVED +CVE-2023-2126 + RESERVED +CVE-2023-2125 + RESERVED +CVE-2023-2124 (An out-of-bounds memory access flaw was found in the Linux kernel\u201 ...) + {DSA-5480-1 DSA-5448-1 DLA-3623-1} + - linux 6.3.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/2 + NOTE: https://lore.kernel.org/linux-xfs/20230412214034.GL3223426@dread.disaster.area/T/#m1ebbcd1ad061d2d33bef6f0534a2b014744d152d + NOTE: https://git.kernel.org/linus/22ed903eee23a5b174e240f1cdfa9acf393a5210 (6.4-rc1) +CVE-2023-2123 (The WP Inventory Manager WordPress plugin before 2.1.0.13 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2122 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2121 (Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-2120 (The Thumbnail carousel slider plugin for WordPress is vulnerable to Re ...) + NOT-FOR-US: Thumbnail carousel slider plugin for WordPress +CVE-2023-2119 (The Responsive Filterable Portfolio plugin for WordPress is vulnerable ...) + NOT-FOR-US: Responsive Filterable Portfolio plugin for WordPress +CVE-2023-2118 (Insufficient access controlin support ticket feature in Devolutions Se ...) + NOT-FOR-US: Devolutions +CVE-2023-2117 (The Image Optimizer by 10web WordPress plugin before 1.0.27 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2116 + RESERVED +CVE-2023-2115 + RESERVED +CVE-2023-2114 (The NEX-Forms WordPress plugin before 8.4 does not properly escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2113 (The Autoptimize WordPress plugin before 3.1.7 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2112 (Desktop component service allows lateral movement between sessions in ...) + NOT-FOR-US: M-Files +CVE-2023-2111 (The Fast & Effective Popups & Lead-Generation for WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2110 (Improper path handling in Obsidian desktop before 1.2.8 on Windows, Li ...) + NOT-FOR-US: Obsidian +CVE-2023-30775 (A vulnerability was found in the libtiff library. This security flaw c ...) + - tiff 4.5.0-2 (unimportant) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/464 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afd7086090dafd3949afd172822cbcec4ed17d56 (v4.5.0rc1) + NOTE: Crash in CLI tool, no security impact +CVE-2023-30774 (A vulnerability was found in the libtiff library. This flaw causes a h ...) + - tiff 4.4.0-5 + [bullseye] - tiff 4.2.0-1+deb11u3 + [buster] - tiff 4.1.0+git191117-2~deb10u5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/463 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) + NOTE: Same fix as for CVE-2022-3599, CVE-2022-4645 and CVE-2023-30086. + NOTE: The fix causes CVE-2023-2908. +CVE-2023-2109 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) + NOT-FOR-US: chatwoot +CVE-2023-2108 (A vulnerability has been found in SourceCodester Judging Management Sy ...) + NOT-FOR-US: SourceCodester Judging Management System +CVE-2023-30773 + RESERVED +CVE-2023-30771 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache IoTDB +CVE-2015-10103 (A vulnerability, which was classified as problematic, was found in Int ...) + NOT-FOR-US: InternalError503 Forget It +CVE-2015-10102 (A vulnerability, which was classified as critical, has been found in F ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10101 (A vulnerability classified as problematic was found in Google Analytic ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2107 (A vulnerability, which was classified as critical, was found in IBOS 4 ...) + NOT-FOR-US: IBOS +CVE-2023-2106 (Weak Password Requirements in GitHub repository janeczku/calibre-web p ...) + - calibre-web (bug #982690) +CVE-2023-2105 (Session Fixation in GitHub repository alextselegidis/easyappointments ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2023-2104 (Improper Access Control in GitHub repository alextselegidis/easyappoin ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2023-2103 (Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidi ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2023-2102 (Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidi ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2023-2101 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: moxi624 Mogu Blog +CVE-2023-2100 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2099 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2098 (A vulnerability was found in SourceCodester Vehicle Service Management ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2097 (A vulnerability was found in SourceCodester Vehicle Service Management ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2096 (A vulnerability was found in SourceCodester Vehicle Service Management ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2095 (A vulnerability was found in SourceCodester Vehicle Service Management ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2094 (A vulnerability has been found in SourceCodester Vehicle Service Manag ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2093 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2092 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Vehicle Service Management System +CVE-2023-2091 (A vulnerability classified as critical was found in KylinSoft youker-a ...) + NOT-FOR-US: KylinSoft youker-assistant +CVE-2023-2090 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Employee and Visitor Gate Pass Logging System +CVE-2023-29240 (An authenticated attacker granted a Viewer or Auditor role on a BIG-IQ ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-29163 (When UDP profile with idle timeout set to immediate or the value 0 is ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-28742 (When DNS is provisioned, an authenticated remote command execution vul ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-28724 (NGINX Management Suite default file permissions are set such that an a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-28656 (NGINX Management Suite may allow an authenticated attacker to gain acc ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-28406 (A directory traversal vulnerability exists in an undisclosed page of t ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-27378 (Multiple reflected cross-site scripting (XSS) vulnerabilities exist in ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-24594 (When an SSL profile is configured on a Virtual Server, undisclosed tra ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-24461 (An improper certificate validationvulnerability exists in the BIG-IP E ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22372 (In the pre connection stage, an improper enforcement of message integr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-2089 (A vulnerability was found in SourceCodester Complaint Management Syste ...) + NOT-FOR-US: SourceCodester Complaint Management System +CVE-2023-2088 (A flaw was found in OpenStack due to an inconsistency between Cinder a ...) + - cinder 2:21.1.0-3 (bug #1035961) + [bullseye] - cinder (Minor issue) + - python-glance-store 4.1.0-4 (bug #1035962; bug #1035978) + [bullseye] - python-glance-store (Minor issue) + - nova 2:26.1.0-4 (bug #1035963; bug #1035981) + [bullseye] - nova (Minor issue) + - python-os-brick 4.1.0-3 (bug #1035932) + [bullseye] - python-os-brick (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/10/5 + NOTE: https://bugs.launchpad.net/nova/+bug/2004555 +CVE-2023-2087 (The Essential Blocks plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2086 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2085 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2084 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2083 (The Essential Blocks plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2082 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2081 + RESERVED +CVE-2023-2080 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Forcepoint +CVE-2023-2079 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) + NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress +CVE-2023-2078 (The "Buy Me a Coffee \u2013 Button and Widget Plugin" plugin for WordP ...) + NOT-FOR-US: "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress +CVE-2021-46880 (x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 er ...) + - libressl (bug #754513) +CVE-2023-30772 (The Linux kernel before 6.2.9 has a race condition and resultant use-a ...) + {DLA-3403-1} + - linux 6.1.25-1 (unimportant) + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/06615d11cc78162dfd5116efb71f29eb29502d37 (6.3-rc4) + NOTE: CONFIG_CHARGER_DA9150 not enabled in Debian. +CVE-2023-30770 (A stack-based buffer overflow vulnerability was found in the ASUSTOR D ...) + NOT-FOR-US: ASUSTOR Data Master (ADM) +CVE-2023-30769 (Vulnerability discovered is related to the peer-to-peer (p2p) communic ...) + - dogecoin (bug #1034806) + NOTE: https://www.halborn.com/blog/post/halborn-discovers-zero-day-impacting-dogecoin-and-280-networks +CVE-2023-30757 (A vulnerability has been identified in Totally Integrated Automation P ...) + NOT-FOR-US: Siemens +CVE-2023-30756 + RESERVED +CVE-2023-30755 + RESERVED +CVE-2023-30754 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AdFoxly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30753 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30752 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Silv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in iCon ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30750 + RESERVED +CVE-2023-30749 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ihom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30748 + RESERVED +CVE-2023-30747 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGem Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30746 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booq ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30745 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30744 (In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, C ...) + NOT-FOR-US: SAP +CVE-2023-30743 (Due to improper neutralization of input in SAPUI5 - versions SAP_UI 75 ...) + NOT-FOR-US: SAP +CVE-2023-30742 (SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4F ...) + NOT-FOR-US: SAP +CVE-2023-30741 (Due to insufficient input validation, SAP BusinessObjects Business Int ...) + NOT-FOR-US: SAP +CVE-2023-30740 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) + NOT-FOR-US: SAP +CVE-2023-30739 (Arbitrary File Descriptor Write vulnerability in libsec-ril prior to S ...) + NOT-FOR-US: Samsung +CVE-2023-30738 (An improper input validation in UEFI Firmware prior to Firmware update ...) + NOT-FOR-US: Samsung +CVE-2023-30737 (Improper access control vulnerability in Samsung Health prior to versi ...) + NOT-FOR-US: Samsung +CVE-2023-30736 (Improper authorization in PushMsgReceiver of Samsung Assistant prior t ...) + NOT-FOR-US: Samsung +CVE-2023-30735 (Improper Preservation of Permissions vulnerability in SAssistant prior ...) + NOT-FOR-US: Samsung +CVE-2023-30734 (Improper access control vulnerability in Samsung Health prior to versi ...) + NOT-FOR-US: Samsung +CVE-2023-30733 (Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SM ...) + NOT-FOR-US: Samsung +CVE-2023-30732 (Improper access control in system property prior to SMR Oct-2023 Relea ...) + NOT-FOR-US: Samsung +CVE-2023-30731 (Logic error in package installation via debugger command prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-30730 (Implicit intent hijacking vulnerability in Camera prior to versions 11 ...) + NOT-FOR-US: Samsung +CVE-2023-30729 (Improper Certificate Validation in Samsung Email prior to version 6.1. ...) + NOT-FOR-US: Samsung +CVE-2023-30728 (Intent redirection vulnerability in PackageInstallerCHN prior to versi ...) + NOT-FOR-US: Samsung +CVE-2023-30727 (Improper access control vulnerability in SecSettings prior to SMR Oct- ...) + NOT-FOR-US: Samsung +CVE-2023-30726 (PendingIntent hijacking vulnerability in GameLauncher prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-30725 (Improper authentication in LocalProvier of Gallery prior to version 14 ...) + NOT-FOR-US: Samsung +CVE-2023-30724 (Improper authentication in GallerySearchProvider of Gallery prior to v ...) + NOT-FOR-US: Samsung +CVE-2023-30723 (Improper input validation vulnerability in Samsung Health prior to ver ...) + NOT-FOR-US: Samsung +CVE-2023-30722 (Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchai ...) + NOT-FOR-US: Samsung +CVE-2023-30721 (Insertion of sensitive information into log vulnerability in Locksetti ...) + NOT-FOR-US: Samsung +CVE-2023-30720 (PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30719 (Exposure of Sensitive Information vulnerability in InboundSmsHandler p ...) + NOT-FOR-US: Samsung +CVE-2023-30718 (Improper export of android application components vulnerability in Wif ...) + NOT-FOR-US: Samsung +CVE-2023-30717 (Sensitive information exposure vulnerability in SVCAgent prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-30716 (Improper access control vulnerability in SVCAgent prior to SMR Sep-202 ...) + NOT-FOR-US: Samsung +CVE-2023-30715 (Improper access control vulnerability in Weather prior to SMR Sep-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30714 (Improper authorization vulnerability in FolderContainerDragDelegate in ...) + NOT-FOR-US: Samsung +CVE-2023-30713 (Improper privilege management vulnerability in FolderLockNotifier in O ...) + NOT-FOR-US: Samsung +CVE-2023-30712 (Improper input validation in Settings Suggestions prior to SMR Sep-202 ...) + NOT-FOR-US: Samsung +CVE-2023-30711 (Improper authentication in Phone and Messaging Storage SMR SEP-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-30710 (Improper input validation vulnerability in Knox AI prior to SMR Sep-20 ...) + NOT-FOR-US: Samsung +CVE-2023-30709 (Improper access control in Dual Messenger prior to SMR Sep-2023 Releas ...) + NOT-FOR-US: Samsung +CVE-2023-30708 (Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2023-30707 (Improper input validation vulnerability in FileProviderStatusReceiver ...) + NOT-FOR-US: Samsung +CVE-2023-30706 (Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Relea ...) + NOT-FOR-US: Samsung +CVE-2023-30705 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) + NOT-FOR-US: Samsung +CVE-2023-30704 (Improper Authorization vulnerability in Samsung Internet prior to vers ...) + NOT-FOR-US: Samsung +CVE-2023-30703 (Improper URL validation vulnerability in Samsung Members prior to vers ...) + NOT-FOR-US: Samsung +CVE-2023-30702 (Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG EL ...) + NOT-FOR-US: Samsung +CVE-2023-30701 (PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 R ...) + NOT-FOR-US: Samsung +CVE-2023-30700 (PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in frame ...) + NOT-FOR-US: Samsung +CVE-2023-30699 (Out-of-bounds write vulnerability in parser_hvcC function of libsimba ...) + NOT-FOR-US: Samsung +CVE-2023-30698 (Improper access control vulnerability in TelephonyUI prior to SMR Aug- ...) + NOT-FOR-US: Samsung +CVE-2023-30697 (An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ri ...) + NOT-FOR-US: Samsung +CVE-2023-30696 (An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior ...) + NOT-FOR-US: Samsung +CVE-2023-30695 (Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSU ...) + NOT-FOR-US: Samsung +CVE-2023-30694 (Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SM ...) + NOT-FOR-US: Samsung +CVE-2023-30693 (Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec- ...) + NOT-FOR-US: Samsung +CVE-2023-30692 (Improper input validation vulnerability in Evaluator prior to SMR Oct- ...) + NOT-FOR-US: Samsung +CVE-2023-30691 (Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release ...) + NOT-FOR-US: Samsung +CVE-2023-30690 (Improper input validation vulnerability in Duo prior to SMR Oct-2023 R ...) + NOT-FOR-US: Samsung +CVE-2023-30689 (Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-r ...) + NOT-FOR-US: Samsung +CVE-2023-30688 (Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR A ...) + NOT-FOR-US: Samsung +CVE-2023-30687 (Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30686 (Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30685 (Improper access control vulnerability in Telecom prior to SMR Aug-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30684 (Improper access control in Samsung Telecom prior to SMR Aug-2023 Relea ...) + NOT-FOR-US: Samsung +CVE-2023-30683 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...) + NOT-FOR-US: Samsung +CVE-2023-30682 (Improper access control in Telecom prior to SMR Aug-2023 Release 1 all ...) + NOT-FOR-US: Samsung +CVE-2023-30681 (An improper input validation vulnerability within initialize function ...) + NOT-FOR-US: Samsung +CVE-2023-30680 (Improper privilege management vulnerability in MMIGroup prior to SMR A ...) + NOT-FOR-US: Samsung +CVE-2023-30679 (Improper access control in HDCP trustlet prior to SMR Aug-2023 Release ...) + NOT-FOR-US: Samsung +CVE-2023-30678 (Potential zip path traversal vulnerability in Calendar application pri ...) + NOT-FOR-US: Samsung +CVE-2023-30677 (Improper access control vulnerability in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-30676 (Improper access control vulnerability in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-30675 (Improper authentication in Samsung Pass prior to version 4.2.03.1 allo ...) + NOT-FOR-US: Samsung +CVE-2023-30674 (Improper configuration in Samsung Internet prior to version 21.0.0.41 ...) + NOT-FOR-US: Samsung +CVE-2023-30673 (Improper validation of integrity check vulnerability in Smart Switch P ...) + NOT-FOR-US: Samsung +CVE-2023-30672 (Improper privilege management vulnerability in Samsung Smart Switch fo ...) + NOT-FOR-US: Samsung +CVE-2023-30671 (Logic error in package installation via adb command prior to SMR Jul-2 ...) + NOT-FOR-US: Samsung +CVE-2023-30670 (Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril pr ...) + NOT-FOR-US: Samsung +CVE-2023-30669 (Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril ...) + NOT-FOR-US: Samsung +CVE-2023-30668 (Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril pri ...) + NOT-FOR-US: Samsung +CVE-2023-30667 (Improper access control in Audio system service prior to SMR Jul-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-30666 (Improper input validation vulnerability in DoOemImeiSetPreconfig in li ...) + NOT-FOR-US: Samsung +CVE-2023-30665 (Improper input validation vulnerability in OnOemServiceMode in libsec- ...) + NOT-FOR-US: Samsung +CVE-2023-30664 (Improper input validation vulnerability in RegisteredMSISDN prior to S ...) + NOT-FOR-US: Samsung +CVE-2023-30663 (Improper input validation vulnerability in OemPersonalizationSetLock i ...) + NOT-FOR-US: Samsung +CVE-2023-30662 (Exposure of Sensitive Information vulnerability in getChipIds in UwbAo ...) + NOT-FOR-US: Samsung +CVE-2023-30661 (Exposure of Sensitive Information vulnerability in getChipInfos in Uwb ...) + NOT-FOR-US: Samsung +CVE-2023-30660 (Exposure of Sensitive Information vulnerability in getDefaultChipId in ...) + NOT-FOR-US: Samsung +CVE-2023-30659 (Improper input validation vulnerability in Transaction prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2023-30658 (Improper input validation vulnerability in DataProfile prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2023-30657 (Improper input validation vulnerability in EnhancedAttestationResult p ...) + NOT-FOR-US: Samsung +CVE-2023-30656 (Improper input validation vulnerability in LSOItemData prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2023-30655 (Improper input validation vulnerability in SCEPProfile prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2023-30654 (Improper access control vulnerability in SLocationService prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-30653 (Out of bounds read and write in enableTspDevice of sysinput HAL servic ...) + NOT-FOR-US: Samsung +CVE-2023-30652 (Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL se ...) + NOT-FOR-US: Samsung +CVE-2023-30651 (Out of bounds read and write in callgetTspsysfs of sysinput HAL servic ...) + NOT-FOR-US: Samsung +CVE-2023-30650 (Out of bounds read and write in callrunTspCmd of sysinput HAL service ...) + NOT-FOR-US: Samsung +CVE-2023-30649 (Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior ...) + NOT-FOR-US: Samsung +CVE-2023-30648 (Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of ...) + NOT-FOR-US: Samsung +CVE-2023-30647 (Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RIL ...) + NOT-FOR-US: Samsung +CVE-2023-30646 (Heap out of bound write vulnerability in BroadcastSmsConfig of RILD pr ...) + NOT-FOR-US: Samsung +CVE-2023-30645 (Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD pr ...) + NOT-FOR-US: Samsung +CVE-2023-30644 (Stack out of bound write vulnerability in CdmaSmsParser of RILD prior ...) + NOT-FOR-US: Samsung +CVE-2023-30643 (Missing authentication vulnerability in Galaxy Themes Service prior to ...) + NOT-FOR-US: Samsung +CVE-2023-30642 (Improper privilege management vulnerability in Galaxy Themes Service p ...) + NOT-FOR-US: Samsung +CVE-2023-30641 (Improper access control vulnerability in Settings prior to SMR Jul-202 ...) + NOT-FOR-US: Samsung +CVE-2023-30640 (Improper access control vulnerability in PersonaManagerService prior t ...) + NOT-FOR-US: Samsung +CVE-2023-30639 (Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored ...) + NOT-FOR-US: Archer +CVE-2023-30638 (Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 befor ...) + NOT-FOR-US: Unify +CVE-2023-30637 (Baidu braft 1.1.2 has a memory leak related to use of the new operator ...) + NOT-FOR-US: Baidu braft +CVE-2023-30636 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...) + NOT-FOR-US: TiKV +CVE-2023-30635 (TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal ...) + NOT-FOR-US: TiKV +CVE-2023-30634 + RESERVED +CVE-2023-30633 (An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with k ...) + NOT-FOR-US: Insyde +CVE-2023-30632 + RESERVED +CVE-2023-30631 (Improper Input Validation vulnerability in Apache Software Foundation ...) + {DSA-5435-1 DLA-3475-1} + - trafficserver 9.2.1+ds-1 (bug #1038248) + NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs + NOTE: https://github.com/apache/trafficserver/commit/8d1ad1dfe4d0ee179029f37c7e8d4caab601cb7b (master) + NOTE: https://github.com/apache/trafficserver/commit/ee46128fc7099956145be2147e4ddad7fbc7299b (9.2.1-rc0) + NOTE: https://github.com/apache/trafficserver/commit/35dd3efde78a73aefa257e12b8fe78d6cd646ba0 (8.1.7) +CVE-2023-30630 (Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This ...) + - dmidecode 3.5-1 (bug #1034483) + [bookworm] - dmidecode (Minor issue) + [bullseye] - dmidecode (Minor issue) + [buster] - dmidecode (Minor issue) + NOTE: https://github.com/adamreiser/dmiwrite + NOTE: https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html + NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206 + NOTE: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2 +CVE-2023-30629 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2023-30628 (Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-30627 (jellyfin-web is the web client for Jellyfin, a free-software media sys ...) + NOT-FOR-US: jellyfin-web +CVE-2023-30626 (Jellyfin is a free-software media system. Versions starting with 10.8. ...) + - jellyfin (bug #994189) +CVE-2023-30625 (rudder-server is part of RudderStack, an open source Customer Data Pla ...) + NOT-FOR-US: rudder-server +CVE-2023-30624 (Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6. ...) + NOT-FOR-US: wasmtime +CVE-2023-30623 (`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, ...) + NOT-FOR-US: embano1/wip GitHub Action +CVE-2023-30622 (Clusternet is a general-purpose system for controlling Kubernetes clus ...) + NOT-FOR-US: Clusternet +CVE-2023-30621 (Gipsy is a multi-purpose discord bot which aim to be as modular and us ...) + NOT-FOR-US: Gipsy +CVE-2023-30620 (mindsdb is a Machine Learning platform to help developers build AI sol ...) + NOT-FOR-US: mindsdb +CVE-2023-30619 (Tuleap Open ALM is a Libre and Open Source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2023-30618 (Kitchen-Terraform provides a set of Test Kitchen plugins which enable ...) + NOT-FOR-US: Kitchen-Terraform +CVE-2023-30617 + RESERVED +CVE-2023-30616 (Form block is a wordpress plugin designed to make form creation easier ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30615 (Iris is a web collaborative platform aiming to help incident responder ...) + NOT-FOR-US: Iris +CVE-2023-30614 (Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions ...) + NOT-FOR-US: Pay (payments engine for Ruby on Rails) +CVE-2023-30613 (Kiwi TCMS, an open source test management system, allows users to uplo ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-30612 (Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Thi ...) + NOT-FOR-US: Cloud hypervisor +CVE-2023-30611 (Discourse-reactions is a plugin that allows user to add their reaction ...) + NOT-FOR-US: Discourse-reactions plugin +CVE-2023-30610 (aws-sigv4 is a rust library for low level request signing in the aws c ...) + NOT-FOR-US: aws-sigv4 +CVE-2023-30609 (matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP ...) + NOT-FOR-US: Node matrix-react-sdk + NOTE: https://github.com/matrix-org/matrix-react-sdk/security/advisories/GHSA-xv83-x443-7rmw +CVE-2023-30608 (sqlparse is a non-validating SQL parser module for Python. In affected ...) + {DLA-3425-1} + - sqlparse (bug #1034615) + [bookworm] - sqlparse (Minor issue) + [bullseye] - sqlparse (Minor issue) + NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-rrm6-wvj7-cwh2 + NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/e75e35869473832a1eb67772b1adfee2db11b85a (0.1.15) + NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/c457abd5f097dd13fb21543381e7cfafe7d31cfb (0.4.4) +CVE-2023-30607 (icingaweb2-module-jira provides integration with Atlassian Jira. Start ...) + NOT-FOR-US: icingaweb2-module-jira +CVE-2023-30606 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2023-30605 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30604 (It is identified a vulnerability of insufficient authentication in the ...) + NOT-FOR-US: Hitron Technologies +CVE-2023-30603 (Hitron Technologies CODA-5310 Telnet function with the default account ...) + NOT-FOR-US: Hitron Technologies +CVE-2023-30602 (Hitron Technologies CODA-5310\u2019s Telnet function transfers sensiti ...) + NOT-FOR-US: Hitron Technologies +CVE-2023-30601 (Privilege escalation when enabling FQL/Audit logs allows user with JMX ...) + - cassandra (bug #585905) +CVE-2023-30600 + RESERVED +CVE-2023-30599 + RESERVED +CVE-2023-30598 + RESERVED +CVE-2023-30597 + RESERVED +CVE-2023-30596 + RESERVED +CVE-2023-30595 + RESERVED +CVE-2023-30594 + RESERVED +CVE-2023-30593 + RESERVED +CVE-2023-30592 + RESERVED +CVE-2023-30591 (Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attacker ...) + NOT-FOR-US: NodeBB +CVE-2023-30590 (The generateKeys() API function returned from crypto.createDiffieHellm ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) + [buster] - nodejs (minor issue - Inconsistency Between Implementation and Documented Design) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#diffiehellman-do-not-generate-keys-after-setting-a-private-key-medium-cve-2023-30590 + NOTE: Fixed by: https://github.com/nodejs/node/commit/1a5c9284ebce5cd71cf7a3c29759a748c373ac85 (v16.x) +CVE-2023-30589 (The llhttp parser in the http module in Node v20.2.0 does not strictly ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) + [buster] - nodejs (llhttp dependency/embedding introduced in 12.x) + - llhttp (bug #977716) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#http-request-smuggling-via-empty-headers-separated-by-cr-medium-cve-2023-30589 + NOTE: https://hackerone.com/reports/2001873 + NOTE: https://github.com/advisories/GHSA-cggh-pq45-6h9x + NOTE: Fixed by: https://github.com/nodejs/node/commit/e42ff4b0180f4e0f5712364dd6ea015559640152 (v16.x) +CVE-2023-30588 (When an invalid public key is used to create an x509 certificate using ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) + [buster] - nodejs (X509Certificate API introduced later) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#process-interuption-due-to-invalid-public-key-information-in-x509-certificates-medium-cve-2023-30588 + NOTE: https://hackerone.com/reports/1884159 + NOTE: Fixed by: https://github.com/nodejs/node/commit/5a92ea7a3b6210f04c902e177f9dc673ae866393 (v16.x) +CVE-2023-30587 + RESERVED + - nodejs (Vulnerable code introduced in 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#inspector-protocol-bypass-the-experimental-permission-model-high-cve-2023-30587 +CVE-2023-30586 (A privilege escalation vulnerability exists in Node.js 20 that allowed ...) + - nodejs (Vulnerable code introduced in 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#openssl-engines-can-be-used-to-bypass-the-permission-model-medium-cve-2023-30586 +CVE-2023-30585 (A vulnerability has been identified in the Node.js (.msi version) inst ...) + - nodejs (Only affects installation process on Windows) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#privilege-escalation-via-malicious-registry-key-manipulation-during-nodejs-installer-repair-process-medium-cve-2023-30585 +CVE-2023-30584 + RESERVED + - nodejs (Vulnerable code introduced in 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#path-traversal-bypass-in-experimental-permission-model-high-cve-2023-30584 +CVE-2023-30583 + RESERVED + - nodejs (Vulnerable code introduced in 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fsopenasblob-bypass-in-experimental-permission-model-medium-cve-2023-30583 +CVE-2023-30582 + RESERVED + - nodejs (Vulnerable code introduced in 20.x) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#fswatchfile-bypass-in-experimental-permission-model-medium-cve-2023-30582 +CVE-2023-30581 (The use of __proto__ in process.mainModule.__proto__.require() can byp ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1039990) + [buster] - nodejs (v10.x doesn't support policy manifests) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases#mainmoduleproto-bypass-experimental-policy-mechanism-high-cve-2023-30581 + NOTE: https://hackerone.com/reports/1877919 + NOTE: Fixed by: https://github.com/nodejs/node/commit/a6f4e87bc913ff18c1859b8a350c24f744355e66 (v16.x) +CVE-2023-30580 + RESERVED +CVE-2023-30579 + RESERVED +CVE-2023-30578 + RESERVED +CVE-2023-30577 (AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag- ...) + {DLA-3681-1} + - amanda 1:3.5.1-11.1 (bug #1055253) + [bookworm] - amanda 1:3.5.1-11+deb12u1 + [bullseye] - amanda (Minor issue) + NOTE: https://github.com/zmanda/amanda/security/advisories/GHSA-crrw-v393-h5q3 + NOTE: https://github.com/zmanda/amanda/pull/228 +CVE-2023-30576 (Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a free ...) + - guacamole-client +CVE-2023-30575 (Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths ...) + - guacamole-client +CVE-2023-30574 + RESERVED +CVE-2023-30573 + RESERVED +CVE-2023-30572 + RESERVED +CVE-2023-30571 (Libarchive through 3.6.2 can cause directories to have world-writable ...) + - libarchive (bug #1037093) + [bookworm] - libarchive (Minor issue) + [bullseye] - libarchive (Minor issue) + [buster] - libarchive (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/1876 +CVE-2023-29504 (Uncontrolled search path element in some Intel(R) RealSense(TM) Dynami ...) + NOT-FOR-US: Intel +CVE-2023-29500 (Exposure of sensitive information to an unauthorized actor in BIOS fir ...) + NOT-FOR-US: Intel +CVE-2023-29162 + RESERVED +CVE-2023-28740 (Uncontrolled search path element in some Intel(R) QAT drivers for Wind ...) + NOT-FOR-US: Intel +CVE-2023-28722 + RESERVED +CVE-2023-28407 + RESERVED +CVE-2023-28388 (Uncontrolled search path element in some Intel(R) Chipset Device Softw ...) + NOT-FOR-US: Intel +CVE-2023-27885 + RESERVED +CVE-2023-27880 + RESERVED +CVE-2023-27513 (Uncontrolled search path element in some Intel(R) Server Information R ...) + NOT-FOR-US: Intel +CVE-2023-25774 (A denial-of-service vulnerability exists in the vpnserver ConnectionAc ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-2077 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Campcodes Online Traffic Offense Management System +CVE-2023-2076 (A vulnerability classified as problematic was found in Campcodes Onlin ...) + NOT-FOR-US: Campcodes Online Traffic Offense Management System +CVE-2023-2075 (A vulnerability classified as critical has been found in Campcodes Onl ...) + NOT-FOR-US: Campcodes Online Traffic Offense Management System +CVE-2023-2074 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...) + NOT-FOR-US: Campcodes Online Traffic Offense Management System +CVE-2023-2073 (A vulnerability was found in Campcodes Online Traffic Offense Manageme ...) + NOT-FOR-US: Campcodes Online Traffic Offense Management System +CVE-2023-2072 (The Rockwell Automation PowerMonitor 1000 contains stored cross-site s ...) + NOT-FOR-US: Rockwell +CVE-2023-2071 (Rockwell Automation FactoryTalk View Machine Edition on the PanelView ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-2070 + RESERVED +CVE-2023-2069 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2068 (The File Manager Advanced Shortcode WordPress plugin through 2.3.2 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2067 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2066 (The Announcement & Notification Banner \u2013 Bulletin plugin for Word ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2065 (Authorization Bypass Through User-Controlled Key vulnerability in Armo ...) + NOT-FOR-US: Armoli Technology Cargo Tracking System +CVE-2023-2064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Minova Technology eTrace +CVE-2023-2063 (Unrestricted Upload of File with Dangerous Type vulnerability in FTP f ...) + NOT-FOR-US: Mitsubishi +CVE-2023-2062 (Missing Password Field Masking vulnerability in Mitsubishi Electric Co ...) + NOT-FOR-US: Mitsubishi +CVE-2023-2061 (Use of Hard-coded Password vulnerability in FTP function on Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2023-2060 (Weak Password Requirements vulnerability in FTP function on Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2023-2059 (A vulnerability was found in DedeCMS 5.7.87. It has been rated as prob ...) + NOT-FOR-US: DedeCMS +CVE-2023-2058 (A vulnerability was found in EyouCms up to 1.6.2. It has been declared ...) + NOT-FOR-US: EyouCms +CVE-2023-2057 (A vulnerability was found in EyouCms 1.5.4. It has been classified as ...) + NOT-FOR-US: EyouCms +CVE-2023-2056 (A vulnerability was found in DedeCMS up to 5.7.87 and classified as cr ...) + NOT-FOR-US: DedeCMS +CVE-2023-2055 (A vulnerability has been found in Campcodes Advanced Online Voting Sys ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2054 (A vulnerability, which was classified as critical, was found in Campco ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2053 (A vulnerability, which was classified as critical, has been found in C ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2052 (A vulnerability classified as critical was found in Campcodes Advanced ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2051 (A vulnerability classified as critical has been found in Campcodes Adv ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2050 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2049 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2048 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2047 (A vulnerability was found in Campcodes Advanced Online Voting System 1 ...) + NOT-FOR-US: Campcodes Advanced Online Voting System +CVE-2023-2046 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Yontem Informatics Vehicle Tracking System +CVE-2023-2045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Ipekyolu Software Auto Damage Tracking Software +CVE-2023-2044 (A vulnerability has been found in Control iD iDSecure 4.7.29.1 and cla ...) + NOT-FOR-US: Control iD iDSecure +CVE-2023-2043 (A vulnerability, which was classified as problematic, was found in Con ...) + NOT-FOR-US: Control iD iDSecure +CVE-2023-2042 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: DataGear +CVE-2023-2041 (A vulnerability classified as critical was found in novel-plus 3.6.2. ...) + NOT-FOR-US: novel-plus +CVE-2023-2040 (A vulnerability classified as critical has been found in novel-plus 3. ...) + NOT-FOR-US: novel-plus +CVE-2023-2039 (A vulnerability was found in novel-plus 3.6.2. It has been rated as cr ...) + NOT-FOR-US: novel-plus +CVE-2023-2038 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...) + NOT-FOR-US: Campcodes Video Sharing Website +CVE-2023-2037 (A vulnerability was found in Campcodes Video Sharing Website 1.0. It h ...) + NOT-FOR-US: Campcodes Video Sharing Website +CVE-2023-2036 (A vulnerability was found in Campcodes Video Sharing Website 1.0 and c ...) + NOT-FOR-US: Campcodes Video Sharing Website +CVE-2023-2035 (A vulnerability has been found in Campcodes Video Sharing Website 1.0 ...) + NOT-FOR-US: Campcodes Video Sharing Website +CVE-2023-2034 (Unrestricted Upload of File with Dangerous Type in GitHub repository f ...) + - froxlor (bug #581792) +CVE-2023-2033 (Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed ...) + {DSA-5390-1} + - chromium 112.0.5615.121-1 + [buster] - chromium (see DSA 5046) +CVE-2023-2032 (The Custom 404 Pro WordPress plugin before 3.8.1 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2031 (The Locatoraid Store Locator plugin for WordPress is vulnerable to Sto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2030 + RESERVED +CVE-2023-2029 (The PrePost SEO WordPress plugin through 3.0 does not properly sanitiz ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2028 (The Call Now Accessibility Button WordPress plugin before 1.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2027 (The ZM Ajax Login & Register plugin for WordPress is vulnerable to aut ...) + NOT-FOR-US: ZM Ajax Login & Register plugin for WordPress +CVE-2023-2026 (The Image Protector WordPress plugin through 1.1 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2025 (OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 ...) + NOT-FOR-US: OpenBlue Enterprise Manager Data Collector +CVE-2023-2024 (Improper authentication in OpenBlue Enterprise Manager Data Collector ...) + NOT-FOR-US: OpenBlue Enterprise Manager Data Collector +CVE-2023-2023 (The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2022 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 16.0.8+ds1-1 +CVE-2023-2021 (Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassn ...) + - teampass (bug #730180) +CVE-2023-2020 (Insufficient permission checks in the REST API in Tribe29 Checkmk <= 2 ...) + - check-mk +CVE-2023-2019 (A flaw was found in the Linux kernel's netdevsim device driver, within ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17811/ + NOTE: https://git.kernel.org/linus/180a6a3ee60a7cb69ed1232388460644f6a21f00 +CVE-2023-2018 + RESERVED +CVE-2023-2017 (Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6. ...) + NOT-FOR-US: Shopware +CVE-2023-2016 + RESERVED +CVE-2023-2015 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2014 (Cross-site Scripting (XSS) - Generic in GitHub repository microweber/m ...) + NOT-FOR-US: microweber +CVE-2023-2013 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2012 + RESERVED +CVE-2022-48468 (protobuf-c before 1.4.1 has an unsigned integer overflow in parse_requ ...) + - protobuf-c 1.4.1-1 + [bullseye] - protobuf-c (Minor issue) + [buster] - protobuf-c (Minor issue) + - libsignal-protocol-c 2.3.3-3 + [bullseye] - libsignal-protocol-c (Minor issue) + [buster] - libsignal-protocol-c (Minor issue) + NOTE: https://github.com/protobuf-c/protobuf-c/commit/289f5c18b195aa43d46a619d1188709abbfa9c82 (v1.4.1) + NOTE: https://github.com/protobuf-c/protobuf-c/commit/0d1fd124a4e0a07b524989f6e64410ff648fba61 (v1.4.1) + NOTE: https://github.com/protobuf-c/protobuf-c/pull/513 + NOTE: https://github.com/protobuf-c/protobuf-c/issues/499 +CVE-2022-48467 + RESERVED +CVE-2022-48466 + RESERVED +CVE-2022-48465 + RESERVED +CVE-2022-48464 (In wifi service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48463 (In wifi service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48462 (In wifi service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48461 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-48460 (In setting service, there is a possible undefined behavior due to inco ...) + NOT-FOR-US: Unisoc +CVE-2022-48459 (In TeleService, there is a possible system crash due to improper input ...) + NOT-FOR-US: Unisoc +CVE-2022-48458 (In TeleService, there is a possible system crash due to improper input ...) + NOT-FOR-US: Unisoc +CVE-2022-48457 (In TeleService, there is a possible system crash due to improper input ...) + NOT-FOR-US: Unisoc +CVE-2022-48456 (In camera driver, there is a possible out of bounds write due to a inc ...) + NOT-FOR-US: Unisoc +CVE-2022-48455 (In wifi service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48454 (In wifi service, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48453 (In camera driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-48452 (In Ifaa service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-48451 (In bluetooth service, there is a possible out of bounds write due to r ...) + NOT-FOR-US: Unisoc +CVE-2022-48450 (In bluetooth service, there is a possible missing params check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48449 + RESERVED +CVE-2022-48448 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48447 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48446 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48445 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48444 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48443 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48442 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48441 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48440 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48439 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2022-48438 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2023-30570 (pluto in Libreswan before 4.11 allows a denial of service (responder S ...) + - libreswan 4.11-1 (bug #1035542) + [bookworm] - libreswan 4.10-2+deb12u1 + [bullseye] - libreswan 4.3-1+deb11u4 + [buster] - libreswan (The vulnerable code was introduced in version 3.28) + NOTE: https://libreswan.org/security/CVE-2023-30570/CVE-2023-30570.txt + NOTE: https://github.com/libreswan/libreswan/issues/1039 + NOTE: Fix return value for aggr_inI1_outR1: https://github.com/libreswan/libreswan/commit/0250b5349145f6ac6b9c58e196489f7d048de305 (v4.11) + NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/a31bf33593e6a15bf1ad1b79ff6bb177a4d39f2c (v4.11) + NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/f32feb1dd71e4a69636d9d7efbd1ff441acde9d6 (v4.11) + NOTE: For later followup: https://github.com/libreswan/libreswan/commit/ceaabbd3f7f89712d85ec128c42d75d725879ad2 (v4.11) + NOTE: Later followup: https://github.com/libreswan/libreswan/commit/b77dc3483996a28703c4ff21225f4f541543f0f1 (v4.11) +CVE-2023-30569 + RESERVED +CVE-2023-30568 + RESERVED +CVE-2023-30567 + RESERVED +CVE-2023-30566 + RESERVED +CVE-2023-30565 (An insecure connection between Systems Manager and CQI Reporter applic ...) + NOT-FOR-US: CQI ReporterUnisoc +CVE-2023-30564 (Alaris Systems Manager does not perform input validation during the De ...) + NOT-FOR-US: Alaris Systems Manager +CVE-2023-30563 (A malicious file could be uploaded into a System Manager User Import F ...) + NOT-FOR-US: Alaris Systems Manager +CVE-2023-30562 (A GRE dataset file within Systems Manager can be tampered with and dis ...) + NOT-FOR-US: Balarisa Systems Manager +CVE-2023-30561 (The data flowing between the PCU and its modules is insecure. A threat ...) + NOT-FOR-US: Alarisa +CVE-2023-30560 (The configuration from the PCU can be modified without authentication ...) + NOT-FOR-US: Alarisa +CVE-2023-30559 (The configuration from the PCU can be modified without authentication ...) + NOT-FOR-US: Alarisa +CVE-2023-30558 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30557 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30556 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30555 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30554 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30553 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30552 (Archery is an open source SQL audit platform. The Archery project cont ...) + NOT-FOR-US: Archery +CVE-2023-30551 (Rekor is an open source software supply chain transparency log. Rekor ...) + - rekor (bug #990249) +CVE-2023-30550 (MeterSphere is an open source continuous testing platform, covering fu ...) + NOT-FOR-US: MeterSphere +CVE-2023-30549 (Apptainer is an open source container platform for Linux. There is an ...) + - singularity-container 3.11.4+ds1-1 (bug #1035026; unimportant) + NOTE: https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f4cg + NOTE: Sylabs and Apptainer projects are in disagreement to track this issue and + NOTE: their handling with respect to unpatches filesystem vulnerabilities. Sylanbs + NOTE: added a configuration option to disable all mounts of extfs file systems + NOTE: as well in 3.11.2 singularity-container version, as similar done by the + NOTE: Apptainer project. + NOTE: https://github.com/sylabs/singularity/blob/main/CHANGELOG.md#3112-2023-04-27 + NOTE: Details in https://sylabs.io/2023/04/response-to-cve-2023-30549/ +CVE-2023-30548 (gatsby-plugin-sharp is a plugin for the gatsby framework which exposes ...) + NOT-FOR-US: gatsby-plugin-sharp +CVE-2023-30547 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) + NOT-FOR-US: Node vm2 +CVE-2023-30546 (Contiki-NG is an operating system for Internet of Things devices. An o ...) + NOT-FOR-US: Contiki-NG +CVE-2023-30545 (PrestaShop is an Open Source e-commerce web application. Prior to vers ...) + NOT-FOR-US: PrestaShop +CVE-2023-30544 (Kiwi TCMS is an open source test management system. In versions of Kiw ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-30543 (@web3-react is a framework for building Ethereum Apps . In affected ve ...) + NOT-FOR-US: @web3-react +CVE-2023-30542 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2023-30541 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2023-30540 (Nextcloud Talk is a chat, video & audio call extension for Nextcloud. ...) + NOT-FOR-US: Nextcloud Talk +CVE-2023-30539 (Nextcloud is a personal home server system. Depending on the set up ta ...) + - nextcloud-server (bug #941708) +CVE-2023-30538 (Discourse is an open source platform for community discussion. Due to ...) + NOT-FOR-US: Discourse +CVE-2023-30537 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-30536 (slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions p ...) + - php-slim-psr7 1.6.1-1 (bug #1034580) + NOTE: https://github.com/slimphp/Slim-Psr7/security/advisories/GHSA-q2qj-628g-vhfw + NOTE: https://github.com/slimphp/Slim-Psr7/commit/4fea29e910391b1883de5bf6e84b50f6900355fb (1.6.1) +CVE-2023-30535 (Snowflake JDBC provides a JDBC type 4 driver that supports core functi ...) + NOT-FOR-US: Snowflake JDBC +CVE-2023-30534 (Cacti is an open source operational monitoring and fault management fr ...) + - cacti 1.2.25+ds1-1 + [bookworm] - cacti (Can be included in next DSA round or pu) + [bullseye] - cacti (Can be included in next DSA round or pu) + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-77rf-774j-6h3p +CVE-2023-30533 (SheetJS Community Edition before 0.19.3 allows Prototype Pollution via ...) + NOT-FOR-US: SheetJS +CVE-2023-2011 + RESERVED +CVE-2023-2010 (The Forminator WordPress plugin before 1.24.1 does not use an atomic o ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2009 (Plugin does not sanitize and escape the URL field in the Pretty Url Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-2008 (A flaw was found in the Linux kernel's udmabuf device driver. The spec ...) + - linux 5.18.14-1 + [bullseye] - linux 5.10.127-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-441/ + NOTE: https://git.kernel.org/linus/05b252cccb2e5c3f56119d25de684b4f810ba40a (5.19-rc4) +CVE-2023-2007 (The specific flaw exists within the DPT I2O Controller driver. The iss ...) + {DSA-5480-1 DLA-3623-1 DLA-3508-1} + - linux 6.0.2-1 + NOTE: https://git.kernel.org/linus/b04e75a4a8a81887386a0d2dbf605a48e779d2a0 (6.0-rc1) +CVE-2023-2006 (A race condition was found in the Linux kernel's RxRPC network protoco ...) + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-439/ + NOTE: https://git.kernel.org/linus/3bcd6c7eaa53b56c3f584da46a1f7652e759d0e5 (6.1-rc7) +CVE-2023-2005 (Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security ...) + NOT-FOR-US: Tenable +CVE-2023-2004 + REJECTED +CVE-2023-2003 (Embedded malicious code vulnerability in Vision1210, in the build 5 of ...) + NOT-FOR-US: Vision120 +CVE-2023-2002 (A vulnerability was found in the HCI sockets implementation due to a m ...) + {DSA-5480-1 DLA-3623-1 DLA-3508-1} + - linux 6.1.27-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/04/16/3 + NOTE: Fixed by: https://git.kernel.org/linus/25c150ac103a4ebeed0319994c742a90634ddf18 + NOTE: Fixed by: https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000@pku.edu.cn/ + NOTE: Hardening: https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000@pku.edu.cn/ +CVE-2023-2001 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-2000 (Mattermost Desktop App fails to validate a mattermost server redirecti ...) + NOT-FOR-US: Mattermost Desktop App +CVE-2023-1999 (There exists a use after free/double free in libwebp. An attacker can ...) + {DSA-5408-1 DSA-5392-1 DSA-5385-1 DLA-3439-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + - libwebp 1.2.4-0.2 (bug #1035371) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 (not public) + NOTE: https://hg.mozilla.org/releases/mozilla-esr102/rev/53b805c752ff23080e100eda2b3b4280d4370b2e + NOTE: https://chromium.googlesource.com/webm/libwebp/+/4654e1e7381044717d5d3e0dd7e735633a3ff300 (1.3.0) + NOTE: Fixed by: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129 (v1.3.1-rc1) + NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1) + NOTE: Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2) +CVE-2023-1997 (An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate ...) + NOT-FOR-US: SIMULIA +CVE-2023-1996 (A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPE ...) + NOT-FOR-US: 3ds +CVE-2023-30532 (A missing permission check in Jenkins TurboScript Plugin 1.3 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30531 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30530 (Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCo ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30529 (Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30528 (Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30527 (Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30526 (A missing permission check in Jenkins Report Portal Plugin 0.5 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30525 (A cross-site request forgery (CSRF) vulnerability in Jenkins Report Po ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30524 (Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPorta ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30523 (Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal acces ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30522 (A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30521 (A missing permission check in Jenkins Assembla merge request builder P ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30520 (Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL sche ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30519 (A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30518 (A missing permission check in Jenkins Thycotic Secret Server Plugin 1. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30517 (Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier uncond ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30516 (Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30515 (Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does no ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30514 (Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does no ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30513 (Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not prop ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-30512 (CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalat ...) + NOT-FOR-US: CubeFS +CVE-2023-30511 + RESERVED +CVE-2023-30510 (A vulnerability exists in the Aruba EdgeConnect Enterpriseweb manageme ...) + NOT-FOR-US: HPE +CVE-2023-30509 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + NOT-FOR-US: HPE +CVE-2023-30508 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + NOT-FOR-US: HPE +CVE-2023-30507 (Multiple authenticated path traversal vulnerabilities exist in the Aru ...) + NOT-FOR-US: HPE +CVE-2023-30506 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-30505 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-30504 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-30503 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-30502 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-30501 (Vulnerabilities exist in the Aruba EdgeConnect Enterprisecommand line ...) + NOT-FOR-US: HPE +CVE-2023-1998 (The Linux kernel allows userspace processes to enable mitigations by c ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/6921ed9049bc7457f66c1596c5b78aec0dae4a9d (6.3-rc1) + NOTE: https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d +CVE-2023-1995 (Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Serv ...) + NOT-FOR-US: Hitachi +CVE-2023-1994 (GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 ...) + {DSA-5429-1 DLA-3402-1} + [experimental] - wireshark 4.0.5-1~exp1 + - wireshark 4.0.6-1 (bug #1034721) + [bullseye] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18947 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-11.html +CVE-2023-1993 (LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6 ...) + {DSA-5429-1 DLA-3402-1} + [experimental] - wireshark 4.0.5-1~exp1 + - wireshark 4.0.6-1 (bug #1034721) + [bullseye] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18900 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-10.html +CVE-2023-1992 (RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6. ...) + {DSA-5429-1 DLA-3402-1} + [experimental] - wireshark 4.0.5-1~exp1 + - wireshark 4.0.6-1 (bug #1034721) + [bullseye] - wireshark (Minor issue) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18852 + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-09.html +CVE-2023-1991 + RESERVED +CVE-2022-48437 (An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1 ...) + - libressl (bug #754513) +CVE-2023-30500 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30499 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVis ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-30498 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeFlav ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-30497 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Simon Ch ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30496 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30495 + RESERVED +CVE-2023-30494 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ImageRec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30493 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30492 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30491 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30490 + RESERVED +CVE-2023-30489 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30488 + RESERVED +CVE-2023-30487 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30486 + RESERVED +CVE-2023-30485 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Solwin I ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30484 (Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Acces ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30483 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kiboko L ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30482 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30481 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30480 + RESERVED +CVE-2023-30479 + RESERVED +CVE-2023-30478 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newslette ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Essi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30476 + RESERVED +CVE-2023-30475 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30474 (Cross-Site Request Forgery (CSRF) vulnerability in Kilian Evang Ultima ...) + NOT-FOR-US: Kilian Evang Ultimate Noindex Nofollow +CVE-2023-30473 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Gl ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-30472 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeS ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-30470 (A use-after-free related to unsound inference in the bytecode generati ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-1990 (A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/n ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 (6.3-rc3) + NOTE: STMicroelectronics ST NCI NFC driver (NFC_ST_NCI_I2C, NFC_ST_NCI_SPI) not + NOTE: enabled in Debian +CVE-2023-1989 (A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\ ...) + {DSA-5492-1 DLA-3404-1 DLA-3403-1} + - linux 6.3.7-1 + [bullseye] - linux 5.10.197-1 + NOTE: https://git.kernel.org/linus/1e9ac114c4428fdb7ff4635b45d4f46017e8916f (6.3-rc4) +CVE-2023-1988 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1987 (A vulnerability has been found in SourceCodester Online Computer and L ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1986 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1985 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1984 (A vulnerability classified as critical was found in SourceCodester Com ...) + NOT-FOR-US: SourceCodester Complaint Management System +CVE-2023-1983 (A vulnerability was found in SourceCodester Sales Tracker Management S ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-1982 (The Front Editor WordPress plugin through 4.0.4 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1981 (A vulnerability was found in the avahi library. This flaw allows an un ...) + {DLA-3414-1} + - avahi 0.8-10 (bug #1034594) + [bullseye] - avahi (Minor issue) + NOTE: https://github.com/lathiat/avahi/issues/375 + NOTE: https://github.com/lathiat/avahi/pull/407 + NOTE: https://github.com/lathiat/avahi/commit/a2696da2f2c50ac43b6c4903f72290d5c3fa9f6f +CVE-2023-1980 (Two factor authentication bypass on login in Devolutions Remote Des ...) + NOT-FOR-US: Devolutions +CVE-2023-1979 (The Web Stories for WordPress plugin supports the WordPress built-in f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1978 (The ShiftController Employee Shift Scheduling plugin for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1977 (The Booking Manager WordPress plugin before 2.0.29 does not validate U ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1976 (Password Aging with Long Expiration in GitHub repository answerdev/ans ...) + NOT-FOR-US: answer +CVE-2023-1975 (Insertion of Sensitive Information Into Sent Data in GitHub repository ...) + NOT-FOR-US: answer +CVE-2023-1974 (Exposure of Sensitive Information Through Metadata in GitHub repositor ...) + NOT-FOR-US: answer +CVE-2023-30469 (Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hit ...) + NOT-FOR-US: Hitachi +CVE-2023-30468 + RESERVED +CVE-2023-1973 + RESERVED +CVE-2023-30467 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...) + NOT-FOR-US: Milesight +CVE-2023-30466 (This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS- ...) + NOT-FOR-US: Milesight +CVE-2023-30465 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Apache InLong +CVE-2023-1972 (A potential heap based buffer overflow was found in _bfd_elf_slurp_ver ...) + - binutils 2.41-1 (unimportant) + NOTE: https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30285 + NOTE: binutils not covered by security support +CVE-2023-1971 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: yuan1994 tpAdmin +CVE-2023-1970 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: yuan1994 tpAdmin +CVE-2023-1969 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Eyewear Shop +CVE-2023-1968 (Instruments with Illumina Universal Copy Service v2.x are vulnerable d ...) + NOT-FOR-US: Illumina +CVE-2023-1967 (Keysight N8844A Data Analytics Web Service deserializes untrusted data ...) + NOT-FOR-US: Keysight N8844A Data Analytics Web Service +CVE-2023-1966 (Instruments with Illumina Universal Copy Service v1.x and v2.x contain ...) + NOT-FOR-US: Illumina +CVE-2023-1965 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-30464 + RESERVED +CVE-2023-30463 (Altran picoTCP through 1.7.0 allows memory corruption (and subsequent ...) + NOT-FOR-US: picoTCP +CVE-2023-30462 + RESERVED +CVE-2023-30461 + RESERVED +CVE-2023-30460 + RESERVED +CVE-2023-30459 (SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker ...) + NOT-FOR-US: SmartPTT SCADA +CVE-2023-30458 (A username enumeration issue was discovered in Medicine Tracker System ...) + NOT-FOR-US: Medicine Tracker System +CVE-2023-30457 + RESERVED +CVE-2023-30456 (An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kern ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/112e66017bff7f2837030f34c2bc19501e9212d5 (6.3-rc3) +CVE-2023-30455 (An issue was discovered in ebankIT before 7. A Denial-of-Service attac ...) + NOT-FOR-US: ebankIT +CVE-2023-30454 (An issue was discovered in ebankIT before 7. Document Object Model bas ...) + NOT-FOR-US: ebankIT +CVE-2023-30453 (The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent ...) + NOT-FOR-US: Jira plugin +CVE-2023-30452 (The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluen ...) + NOT-FOR-US: MoroSystems EasyMind +CVE-2023-1964 (A vulnerability classified as critical has been found in PHPGurukul Ba ...) + NOT-FOR-US: PHPGurukul Bank Locker Management System +CVE-2023-1963 (A vulnerability was found in PHPGurukul Bank Locker Management System ...) + NOT-FOR-US: PHPGurukul Bank Locker Management System +CVE-2018-25084 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Ping Identity Self-Service Account Manager +CVE-2023-30451 + RESERVED +CVE-2023-30450 (rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls f ...) + NOT-FOR-US: Redpanda +CVE-2023-30449 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30448 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30447 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30446 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30445 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30444 (IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulne ...) + NOT-FOR-US: IBM +CVE-2023-30443 + RESERVED +CVE-2023-30442 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2023-30441 (IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8 ...) + NOT-FOR-US: IBM +CVE-2023-30440 (IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW9 ...) + NOT-FOR-US: IBM +CVE-2023-30439 + RESERVED +CVE-2023-30438 (An internally discovered vulnerability in PowerVM on IBM Power9 and Po ...) + NOT-FOR-US: IBM +CVE-2023-30437 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized ...) + NOT-FOR-US: IBM +CVE-2023-30436 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2023-30435 (IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cro ...) + NOT-FOR-US: IBM +CVE-2023-30434 (IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 ...) + NOT-FOR-US: IBM +CVE-2023-30433 (IBM Security Verify Access 10.0 could allow a remote attacker to condu ...) + NOT-FOR-US: IBM +CVE-2023-30432 + RESERVED +CVE-2023-30431 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-30430 + RESERVED +CVE-2015-10100 (A vulnerability, which was classified as critical, has been found in D ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125098 (A vulnerability was found in Dart http_server up to 0.9.5 and classifi ...) + NOT-FOR-US: Dart http_server +CVE-2014-125097 (A vulnerability, which was classified as problematic, was found in Bes ...) + NOT-FOR-US: BestWebSoft +CVE-2012-10012 (A vulnerability has been found in BestWebSoft Facebook Like Button up ...) + NOT-FOR-US: BestWebSoft +CVE-2009-10004 (A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has ...) + NOT-FOR-US: Turante Sandbox Theme +CVE-2023-30429 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache Pulsar +CVE-2023-30428 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache Pulsar +CVE-2023-30427 + RESERVED +CVE-2023-30426 + RESERVED +CVE-2023-30425 + RESERVED +CVE-2023-30424 + RESERVED +CVE-2023-30423 + RESERVED +CVE-2023-30422 + RESERVED +CVE-2023-30421 + RESERVED +CVE-2023-30420 + RESERVED +CVE-2023-30419 + RESERVED +CVE-2023-30418 + RESERVED +CVE-2023-30417 (A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2 ...) + NOT-FOR-US: Pear-Admin-Boot +CVE-2023-30416 + RESERVED +CVE-2023-30415 (Sourcecodester Packers and Movers Management System v1.0 was discovere ...) + NOT-FOR-US: Sourcecodester Packers and Movers Management System +CVE-2023-30414 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5051 +CVE-2023-30413 + RESERVED +CVE-2023-30412 + RESERVED +CVE-2023-30411 + RESERVED +CVE-2023-30410 (Jerryscript commit 1a2c047 was discovered to contain a stack overflow ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5052 +CVE-2023-30409 + RESERVED +CVE-2023-30408 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5057 +CVE-2023-30407 + RESERVED +CVE-2023-30406 (Jerryscript commit 1a2c047 was discovered to contain a segmentation vi ...) + - iotjs + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/5058 +CVE-2023-30405 (A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repea ...) + NOT-FOR-US: Aigital +CVE-2023-30404 (Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to co ...) + NOT-FOR-US: Aigital Wireless-N Repeater Mini_Router +CVE-2023-30403 (An issue in the time-based authentication mechanism of Aigital Aigital ...) + NOT-FOR-US: Aigital +CVE-2023-30402 (YASM v1.3.0 was discovered to contain a heap overflow via the function ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/206 + NOTE: Crash in CLI tool, no security impact +CVE-2023-30401 + RESERVED +CVE-2023-30400 (An issue was discovered in Anyka Microelectronics AK3918EV300 MCU v18. ...) + NOT-FOR-US: Anyka Microelectronics AK3918EV300 MCU +CVE-2023-30399 (Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC ...) + NOT-FOR-US: GARO Wallbox GLB/GTB/GTC +CVE-2023-30398 + RESERVED +CVE-2023-30397 + RESERVED +CVE-2023-30396 + RESERVED +CVE-2023-30395 + RESERVED +CVE-2023-30394 (Progress Ipswitch MoveIT 1.1.11 was discovered to contain a cross-site ...) + NOT-FOR-US: MoveIT +CVE-2023-30393 + RESERVED +CVE-2023-30392 + RESERVED +CVE-2023-30391 + RESERVED +CVE-2023-30390 + RESERVED +CVE-2023-30389 + RESERVED +CVE-2023-30388 + RESERVED +CVE-2023-30387 + RESERVED +CVE-2023-30386 + RESERVED +CVE-2023-30385 + RESERVED +CVE-2023-30384 + RESERVED +CVE-2023-30383 (TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Ar ...) + NOT-FOR-US: TP-Link +CVE-2023-30382 (A buffer overflow in the component hl.exe of Valve Half-Life up to 543 ...) + NOT-FOR-US: hl.exe of Valve Half-Life +CVE-2023-30381 + RESERVED +CVE-2023-30380 (An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 ...) + NOT-FOR-US: DedeCMS +CVE-2023-30379 + RESERVED +CVE-2023-30378 (In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-b ...) + NOT-FOR-US: Tenda +CVE-2023-30377 + RESERVED +CVE-2023-30376 (In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a ...) + NOT-FOR-US: Tenda +CVE-2023-30375 (In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-ba ...) + NOT-FOR-US: Tenda +CVE-2023-30374 + RESERVED +CVE-2023-30373 (In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a ...) + NOT-FOR-US: Tenda +CVE-2023-30372 (In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack ...) + NOT-FOR-US: Tenda +CVE-2023-30371 (In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-b ...) + NOT-FOR-US: Tenda +CVE-2023-30370 (In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-bas ...) + NOT-FOR-US: Tenda +CVE-2023-30369 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.) + NOT-FOR-US: Tenda +CVE-2023-30368 (Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWe ...) + NOT-FOR-US: Tenda +CVE-2023-30367 (Multi-Remote Next Generation Connection Manager (mRemoteNG) is free so ...) + NOT-FOR-US: mRemoteNG +CVE-2023-30366 + RESERVED +CVE-2023-30365 + RESERVED +CVE-2023-30364 + RESERVED +CVE-2023-30363 (vConsole v3.15.0 was discovered to contain a prototype pollution due t ...) + NOT-FOR-US: Tencent vConsole +CVE-2023-30362 (Buffer Overflow vulnerability in coap_send function in libcoap library ...) + - libcoap3 4.3.1-2 (bug #1040594) + [bookworm] - libcoap3 (Minor issue) + NOTE: https://github.com/obgm/libcoap/issues/1063 + NOTE: https://github.com/obgm/libcoap/commit/e242200f0af2a418dc9f69eee543feacc13cd851 +CVE-2023-30361 + RESERVED +CVE-2023-30360 + RESERVED +CVE-2023-30359 + RESERVED +CVE-2023-30358 + RESERVED +CVE-2023-30357 + RESERVED +CVE-2023-30356 (Missing Support for an Integrity Check in Shenzen Tenda Technology IP ...) + NOT-FOR-US: Tenda +CVE-2023-30355 + RESERVED +CVE-2023-30354 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not d ...) + NOT-FOR-US: Tenda +CVE-2023-30353 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows una ...) + NOT-FOR-US: Tenda +CVE-2023-30352 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...) + NOT-FOR-US: Tenda +CVE-2023-30351 (Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discov ...) + NOT-FOR-US: Tenda +CVE-2023-30350 (FS S3900-24T4S devices allow authenticated attackers with guest access ...) + NOT-FOR-US: FS S3900-24T4S devices +CVE-2023-30349 (JFinal CMS v5.1.0 was discovered to contain a remote code execution (R ...) + NOT-FOR-US: JFinal CMS +CVE-2023-30348 + RESERVED +CVE-2023-30347 (Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, ...) + NOT-FOR-US: Neox Contact Center +CVE-2023-30346 + RESERVED +CVE-2023-30345 + RESERVED +CVE-2023-30344 + RESERVED +CVE-2023-30343 + RESERVED +CVE-2023-30342 + RESERVED +CVE-2023-30341 + RESERVED +CVE-2023-30340 + RESERVED +CVE-2023-30339 + RESERVED +CVE-2023-30338 (Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pr ...) + NOT-FOR-US: Emlog Pro +CVE-2023-30337 + RESERVED +CVE-2023-30336 + RESERVED +CVE-2023-30335 + RESERVED +CVE-2023-30334 (AsmBB v2.9.1 was discovered to contain multiple cross-site scripting ( ...) + NOT-FOR-US: AsmBB +CVE-2023-30333 (An arbitrary file upload vulnerability in the component /admin/ThemeCo ...) + NOT-FOR-US: PerfreeBlog +CVE-2023-30332 + RESERVED +CVE-2023-30331 (An issue in the render function of beetl v3.15.0 allows attackers to e ...) + NOT-FOR-US: beetl +CVE-2023-30330 (SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerab ...) + NOT-FOR-US: SoftExpert (SE) Excellence Suite +CVE-2023-30329 + RESERVED +CVE-2023-30328 (An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for ma ...) + NOT-FOR-US: Mailbutler GmbH Shimo VPN Client +CVE-2023-30327 + RESERVED +CVE-2023-30326 (Cross Site Scripting (XSS) vulnerability in username field in /WebCont ...) + NOT-FOR-US: wliang6 ChatEngine +CVE-2023-30325 (SQL Injection vulnerability in textMessage parameter in /src/chatbotap ...) + NOT-FOR-US: wliang6 ChatEngine +CVE-2023-30324 + RESERVED +CVE-2023-30323 (SQL Injection vulnerability in username field in /src/chatbotapp/chatW ...) + NOT-FOR-US: Payatu chatengine +CVE-2023-30322 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) + NOT-FOR-US: Payatu chatengine +CVE-2023-30321 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) + NOT-FOR-US: wliang6 ChatEngine +CVE-2023-30320 (Cross Site Scripting (XSS) vulnerability in textMessage field in /src/ ...) + NOT-FOR-US: wliang6 ChatEngine +CVE-2023-30319 (Cross Site Scripting (XSS) vulnerability in username field in /src/cha ...) + NOT-FOR-US: wliang6 ChatEngine +CVE-2023-30318 + RESERVED +CVE-2023-30317 + RESERVED +CVE-2023-30316 + RESERVED +CVE-2023-30315 + RESERVED +CVE-2023-30314 + RESERVED +CVE-2023-30313 + RESERVED +CVE-2023-30312 + RESERVED +CVE-2023-30311 + RESERVED +CVE-2023-30310 + RESERVED +CVE-2023-30309 + RESERVED +CVE-2023-30308 + RESERVED +CVE-2023-30307 + RESERVED +CVE-2023-30306 + RESERVED +CVE-2023-30305 + RESERVED +CVE-2023-30304 + RESERVED +CVE-2023-30303 + RESERVED +CVE-2023-30302 + RESERVED +CVE-2023-30301 + RESERVED +CVE-2023-30300 (An issue in the component hang.wasm of WebAssembly 1.0 causes an infin ...) + - wabt 1.0.33-1 (unimportant; bug #1035686) + NOTE: https://github.com/WebAssembly/wabt/issues/2180 + NOTE: https://github.com/WebAssembly/wabt/pull/2183 + NOTE: https://github.com/WebAssembly/wabt/commit/2d77bda4034a719fe1a2eaf1d51593eb351ecb4c + NOTE: Hang in CLI tool, no security impact +CVE-2023-30299 + RESERVED +CVE-2023-30298 + RESERVED +CVE-2023-30297 (An issue found in N-able Technologies N-central Server before 2023.4 a ...) + NOT-FOR-US: N-able Technologies N-central Server +CVE-2023-30296 + RESERVED +CVE-2023-30295 + RESERVED +CVE-2023-30294 + RESERVED +CVE-2023-30293 + RESERVED +CVE-2023-30292 + RESERVED +CVE-2023-30291 + RESERVED +CVE-2023-30290 + RESERVED +CVE-2023-30289 + RESERVED +CVE-2023-30288 + RESERVED +CVE-2023-30287 + RESERVED +CVE-2023-30286 + RESERVED +CVE-2023-30285 (An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows ...) + NOT-FOR-US: Deviniti Issue Sync Synchronization +CVE-2023-30284 + RESERVED +CVE-2023-30283 + RESERVED +CVE-2023-30282 (PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Acces ...) + NOT-FOR-US: PrestaShop scexportcustomers +CVE-2023-30281 (Insecure permissions vulnerability was discovered, due to a lack of pe ...) + NOT-FOR-US: Prestashop +CVE-2023-30280 (Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700 ...) + NOT-FOR-US: Netgear +CVE-2023-30279 + RESERVED +CVE-2023-30278 + RESERVED +CVE-2023-30277 + RESERVED +CVE-2023-30276 + RESERVED +CVE-2023-30275 + RESERVED +CVE-2023-30274 + RESERVED +CVE-2023-30273 + RESERVED +CVE-2023-30272 + RESERVED +CVE-2023-30271 + RESERVED +CVE-2023-30270 + RESERVED +CVE-2023-30269 (CLTPHP <=6.0 is vulnerable to Improper Input Validation via applicatio ...) + NOT-FOR-US: CLTPHP +CVE-2023-30268 (CLTPHP <=6.0 is vulnerable to Improper Input Validation.) + NOT-FOR-US: CLTPHP +CVE-2023-30267 (CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via applicati ...) + NOT-FOR-US: CLTPHP +CVE-2023-30266 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...) + NOT-FOR-US: CLTPHP +CVE-2023-30265 (CLTPHP <=6.0 is vulnerable to Directory Traversal.) + NOT-FOR-US: CLTPHP +CVE-2023-30264 (CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangero ...) + NOT-FOR-US: CLTPHP +CVE-2023-30263 + RESERVED +CVE-2023-30262 (An issue found in MIM software Inc MIM License Server and MIMpacs serv ...) + NOT-FOR-US: MIM software Inc MIM License Server and MIMpacs services +CVE-2023-30261 (Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote at ...) + NOT-FOR-US: OpenWB +CVE-2023-30260 (Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earl ...) + NOT-FOR-US: RaspAP +CVE-2023-30259 (A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 ...) + - librecad (unimportant) + NOTE: https://github.com/LibreCAD/LibreCAD/issues/1481 + NOTE: Crash in CLI tool, no security impact +CVE-2023-30258 (Command Injection vulnerability in MagnusSolution magnusbilling 6.x an ...) + NOT-FOR-US: MagnusSolution magnusbilling +CVE-2023-30257 (A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build ...) + NOT-FOR-US: FiiO M6 +CVE-2023-30256 (Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 all ...) + NOT-FOR-US: Webkil QloApps +CVE-2023-30255 + RESERVED +CVE-2023-30254 + RESERVED +CVE-2023-30253 (Dolibarr before 17.0.1 allows remote code execution by an authenticate ...) + - dolibarr +CVE-2023-30252 + RESERVED +CVE-2023-30251 + RESERVED +CVE-2023-30250 + RESERVED +CVE-2023-30249 + RESERVED +CVE-2023-30248 + RESERVED +CVE-2023-30247 (File Upload vulnerability found in Oretnom23 Storage Unit Rental Manag ...) + NOT-FOR-US: Oretnom23 Storage Unit Rental Management System +CVE-2023-30246 (SQL injection vulnerability found in Judging Management System v.1.0 a ...) + NOT-FOR-US: Judging Management System +CVE-2023-30245 (SQL injection vulnerability found in Judging Management System v.1.0 a ...) + NOT-FOR-US: Judging Management System +CVE-2023-30244 + RESERVED +CVE-2023-30243 (Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable ...) + NOT-FOR-US: Beijing Netcon NS-ASG Application Security Gateway +CVE-2023-30242 (NS-ASG v6.3 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: Beijing Netcon NS-ASG Application Security Gateway +CVE-2023-30241 + RESERVED +CVE-2023-30240 + RESERVED +CVE-2023-30239 + RESERVED +CVE-2023-30238 + RESERVED +CVE-2023-30237 (CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to co ...) + NOT-FOR-US: CyberGhostVPN +CVE-2023-30236 + RESERVED +CVE-2023-30235 + RESERVED +CVE-2023-30234 + RESERVED +CVE-2023-30233 + RESERVED +CVE-2023-30232 + RESERVED +CVE-2023-30231 + RESERVED +CVE-2023-30230 + RESERVED +CVE-2023-30229 + RESERVED +CVE-2023-30228 + RESERVED +CVE-2023-30227 + RESERVED +CVE-2023-30226 (An issue was discovered in function get_gnu_verneed in rizinorg Rizin ...) + NOT-FOR-US: Rizin +CVE-2023-30225 + RESERVED +CVE-2023-30224 + RESERVED +CVE-2023-30223 (A broken authentication vulnerability in 4D SAS 4D Server software v17 ...) + NOT-FOR-US: 4D SAS 4D Server +CVE-2023-30222 (An information disclosure vulnerability in 4D SAS 4D Server Applicatio ...) + NOT-FOR-US: 4D SAS 4D Server +CVE-2023-30221 + RESERVED +CVE-2023-30220 + RESERVED +CVE-2023-30219 + RESERVED +CVE-2023-30218 + RESERVED +CVE-2023-30217 + RESERVED +CVE-2023-30216 (Insecure permissions in the updateUserInfo function of newbee-mall bef ...) + NOT-FOR-US: newbee-mall +CVE-2023-30215 + RESERVED +CVE-2023-30214 + RESERVED +CVE-2023-30213 + RESERVED +CVE-2023-30212 (OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client ...) + NOT-FOR-US: OURPHP +CVE-2023-30211 (OURPHP <= 7.2.0 is vulnerable to SQL Injection.) + NOT-FOR-US: OURPHP +CVE-2023-30210 (OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp ...) + NOT-FOR-US: OURPHP +CVE-2023-30209 + RESERVED +CVE-2023-30208 + RESERVED +CVE-2023-30207 (A divide by zero issue discovered in Kodi Home Theater Software 19.5 a ...) + - kodi 2:20.0~rc2+dfsg-2 (bug #1040593) + [bullseye] - kodi (Minor issue) + [buster] - kodi (Minor issue) + NOTE: https://github.com/xbmc/xbmc/issues/22378 + NOTE: https://github.com/xbmc/xbmc/commit/dbc00c500f4c4830049cc040a61c439c580eea73 + NOTE: https://github.com/xbmc/xbmc/pull/22391 +CVE-2023-30206 + RESERVED +CVE-2023-30205 (A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allow ...) + NOT-FOR-US: DouPHP +CVE-2023-30204 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-30203 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-30202 + RESERVED +CVE-2023-30201 + RESERVED +CVE-2023-30200 (In the module \u201cImage: WebP, Compress, Zoom, Lazy load, Alt & More ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30199 (Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access ...) + NOT-FOR-US: Prestashop +CVE-2023-30198 (Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Co ...) + NOT-FOR-US: Prestashop winbizpayment +CVE-2023-30197 (Incorrect Access Control in the module "My inventory" (myinventory) <= ...) + NOT-FOR-US: Prestashop +CVE-2023-30196 (Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Co ...) + NOT-FOR-US: Prestashop +CVE-2023-30195 (In the module "Detailed Order" (lgdetailedorder) in version up to 1.1. ...) + NOT-FOR-US: Prestashop +CVE-2023-30194 (Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Prestashop +CVE-2023-30193 + RESERVED +CVE-2023-30192 (Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via Po ...) + NOT-FOR-US: Prestashop +CVE-2023-30191 (PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via Cdesig ...) + NOT-FOR-US: PrestaShop +CVE-2023-30190 + RESERVED +CVE-2023-30189 (Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Prestashop +CVE-2023-30188 (Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 th ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2023-30187 (An out of bounds memory access vulnerability in ONLYOFFICE DocumentSer ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2023-30186 (A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 t ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2023-30185 (CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: CRMEB +CVE-2023-30184 (A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 al ...) + NOT-FOR-US: Typecho +CVE-2023-30183 + REJECTED +CVE-2023-30182 + RESERVED +CVE-2023-30181 + RESERVED +CVE-2023-30180 + RESERVED +CVE-2023-30179 (CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injectio ...) + NOT-FOR-US: Craft CMS +CVE-2023-30178 + RESERVED +CVE-2023-30177 (CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker ...) + NOT-FOR-US: CraftCMS +CVE-2023-30176 + RESERVED +CVE-2023-30175 + RESERVED +CVE-2023-30174 + RESERVED +CVE-2023-30173 + RESERVED +CVE-2023-30172 (A directory traversal vulnerability in the /get-artifact API method of ...) + NOT-FOR-US: mlflow +CVE-2023-30171 + RESERVED +CVE-2023-30170 + RESERVED +CVE-2023-30169 + RESERVED +CVE-2023-30168 + RESERVED +CVE-2023-30167 + RESERVED +CVE-2023-30166 + RESERVED +CVE-2023-30165 + RESERVED +CVE-2023-30164 + RESERVED +CVE-2023-30163 + RESERVED +CVE-2023-30162 + RESERVED +CVE-2023-30161 + RESERVED +CVE-2023-30160 + RESERVED +CVE-2023-30159 + RESERVED +CVE-2023-30158 + RESERVED +CVE-2023-30157 + RESERVED +CVE-2023-30156 + RESERVED +CVE-2023-30155 + RESERVED +CVE-2023-30154 (Multiple improper neutralization of SQL parameters in module AfterMail ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30153 (An SQL injection vulnerability in the Payplug (payplug) module for Pre ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30152 + RESERVED +CVE-2023-30151 (A SQL injection vulnerability in the Boxtal (envoimoinscher) module fo ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30150 (PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection ...) + NOT-FOR-US: PrestaShop leocustomajax +CVE-2023-30149 (SQL injection vulnerability in the City Autocomplete (cityautocomplete ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30148 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart op ...) + NOT-FOR-US: PrestaShop module +CVE-2023-30147 + RESERVED +CVE-2023-30146 (Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 all ...) + NOT-FOR-US: Assmann Digitus Plug&View IP Camera +CVE-2023-30145 (Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template I ...) + NOT-FOR-US: Camaleon CMS +CVE-2023-30144 + RESERVED +CVE-2023-30143 + RESERVED +CVE-2023-30142 + RESERVED +CVE-2023-30141 + RESERVED +CVE-2023-30140 + RESERVED +CVE-2023-30139 + RESERVED +CVE-2023-30138 + RESERVED +CVE-2023-30137 + RESERVED +CVE-2023-30136 + RESERVED +CVE-2023-30135 (Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command ...) + NOT-FOR-US: Tenda +CVE-2023-30134 + RESERVED +CVE-2023-30133 + RESERVED +CVE-2023-30132 (An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attacke ...) + NOT-FOR-US: IXP Data EasyInstall +CVE-2023-30131 (An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to ...) + NOT-FOR-US: IXP Data EasyInstall +CVE-2023-30130 (An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute ...) + NOT-FOR-US: CraftCMS +CVE-2023-30129 + RESERVED +CVE-2023-30128 + RESERVED +CVE-2023-30127 + RESERVED +CVE-2023-30126 + RESERVED +CVE-2023-30125 (EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Eyoucms +CVE-2023-30124 (LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: LavaLite +CVE-2023-30123 (wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Mem ...) + NOT-FOR-US: wuzhicms +CVE-2023-30122 (An arbitrary file upload vulnerability in the component /admin/ajax.ph ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-30121 + RESERVED +CVE-2023-30120 + RESERVED +CVE-2023-30119 + RESERVED +CVE-2023-30118 + RESERVED +CVE-2023-30117 + RESERVED +CVE-2023-30116 + RESERVED +CVE-2023-30115 + RESERVED +CVE-2023-30114 + RESERVED +CVE-2023-30113 + RESERVED +CVE-2023-30112 (Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.) + NOT-FOR-US: Medicine Tracker System in PHP +CVE-2023-30111 (Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Medicine Tracker System +CVE-2023-30110 + RESERVED +CVE-2023-30109 + RESERVED +CVE-2023-30108 + RESERVED +CVE-2023-30107 + RESERVED +CVE-2023-30106 (Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to C ...) + NOT-FOR-US: Medicine Tracker System +CVE-2023-30105 + RESERVED +CVE-2023-30104 + RESERVED +CVE-2023-30103 + RESERVED +CVE-2023-30102 + RESERVED +CVE-2023-30101 + RESERVED +CVE-2023-30100 + RESERVED +CVE-2023-30099 + RESERVED +CVE-2023-30098 + RESERVED +CVE-2023-30097 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) + NOT-FOR-US: TotalJS +CVE-2023-30096 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) + NOT-FOR-US: TotalJS +CVE-2023-30095 (A stored cross-site scripting (XSS) vulnerability in TotalJS messenger ...) + NOT-FOR-US: TotalJS +CVE-2023-30094 (A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 ...) + NOT-FOR-US: TotalJS +CVE-2023-30093 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2023-30092 (SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-30091 + RESERVED +CVE-2023-30090 (Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vu ...) + NOT-FOR-US: Semcms Shop +CVE-2023-30089 + RESERVED +CVE-2023-30088 (An issue found in Cesanta MJS v.1.26 allows a local attacker to cause ...) + NOT-FOR-US: Cesenta MJS +CVE-2023-30087 (Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a loc ...) + NOT-FOR-US: Cesenta MJS +CVE-2023-30086 (Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local ...) + - tiff 4.4.0-5 + [bullseye] - tiff 4.2.0-1+deb11u3 + [buster] - tiff 4.1.0+git191117-2~deb10u5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/538 + NOTE: Likely fixed by: https://gitlab.com/libtiff/libtiff/-/merge_requests/385 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f00484b9519df933723deb38fff943dc291a793d (v4.5.0rc1) + NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. + NOTE: The fix causes CVE-2023-2908. +CVE-2023-30085 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) + - ming + NOTE: https://github.com/libming/libming/issues/267 +CVE-2023-30084 (An issue found in libming swftophp v.0.4.8 allows a local attacker to ...) + - ming + NOTE: https://github.com/libming/libming/issues/268 +CVE-2023-30083 (Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows ...) + - ming + NOTE: https://github.com/libming/libming/issues/266 +CVE-2023-30082 (A denial of service attack might be launched against the server if an ...) + NOT-FOR-US: osTicket +CVE-2023-30081 + RESERVED +CVE-2023-30080 + RESERVED +CVE-2023-30079 + REJECTED +CVE-2023-30078 + REJECTED +CVE-2023-30077 (Judging Management System v1.0 by oretnom23 was discovered to vulnerab ...) + NOT-FOR-US: Judging Management System +CVE-2023-30076 (Sourcecodester Judging Management System v1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Judging Management System +CVE-2023-30075 + RESERVED +CVE-2023-30074 + RESERVED +CVE-2023-30073 + RESERVED +CVE-2023-30072 + RESERVED +CVE-2023-30071 + RESERVED +CVE-2023-30070 + RESERVED +CVE-2023-30069 + RESERVED +CVE-2023-30068 + RESERVED +CVE-2023-30067 + RESERVED +CVE-2023-30066 + RESERVED +CVE-2023-30065 (MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was dis ...) + NOT-FOR-US: MitraStar +CVE-2023-30064 + RESERVED +CVE-2023-30063 (D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass.) + NOT-FOR-US: D-Link +CVE-2023-30062 + RESERVED +CVE-2023-30061 (D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcg ...) + NOT-FOR-US: D-Link +CVE-2023-30060 + RESERVED +CVE-2023-30059 + RESERVED +CVE-2023-30058 (novel-plus 3.6.2 is vulnerable to SQL Injection.) + NOT-FOR-US: novel-plus +CVE-2023-30057 (Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Ori ...) + NOT-FOR-US: FICO +CVE-2023-30056 (A session takeover vulnerability exists in FICO Origination Manager De ...) + NOT-FOR-US: FICO +CVE-2023-30055 + RESERVED +CVE-2023-30054 (TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnera ...) + NOT-FOR-US: TOTOLINK +CVE-2023-30053 (TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...) + NOT-FOR-US: TOTOLINK +CVE-2023-30052 + RESERVED +CVE-2023-30051 + RESERVED +CVE-2023-30050 + RESERVED +CVE-2023-30049 + RESERVED +CVE-2023-30048 + RESERVED +CVE-2023-30047 + RESERVED +CVE-2023-30046 + RESERVED +CVE-2023-30045 + RESERVED +CVE-2023-30044 + RESERVED +CVE-2023-30043 + RESERVED +CVE-2023-30042 + RESERVED +CVE-2023-30041 + RESERVED +CVE-2023-30040 + RESERVED +CVE-2023-30039 + RESERVED +CVE-2023-30038 + RESERVED +CVE-2023-30037 + RESERVED +CVE-2023-30036 + RESERVED +CVE-2023-30035 + RESERVED +CVE-2023-30034 + RESERVED +CVE-2023-30033 + RESERVED +CVE-2023-30032 + RESERVED +CVE-2023-30031 + RESERVED +CVE-2023-30030 + RESERVED +CVE-2023-30029 + RESERVED +CVE-2023-30028 + RESERVED +CVE-2023-30027 + RESERVED +CVE-2023-30026 + RESERVED +CVE-2023-30025 + RESERVED +CVE-2023-30024 (The MagicJack device, a VoIP solution for internet phone calls, contai ...) + NOT-FOR-US: MagicJack +CVE-2023-30023 + RESERVED +CVE-2023-30022 + RESERVED +CVE-2023-30021 + RESERVED +CVE-2023-30020 + RESERVED +CVE-2023-30019 (imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) ...) + NOT-FOR-US: imgproxy +CVE-2023-30018 (Judging Management System v1.0 is vulnerable to SQL Injection. via /ph ...) + NOT-FOR-US: Judging Management System +CVE-2023-30017 + RESERVED +CVE-2023-30016 + RESERVED +CVE-2023-30015 + RESERVED +CVE-2023-30014 + RESERVED +CVE-2023-30013 (TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 cont ...) + NOT-FOR-US: TOTOLINK +CVE-2023-30012 + RESERVED +CVE-2023-30011 + RESERVED +CVE-2023-30010 + RESERVED +CVE-2023-30009 + RESERVED +CVE-2023-30008 + RESERVED +CVE-2023-30007 + RESERVED +CVE-2023-30006 + RESERVED +CVE-2023-30005 + RESERVED +CVE-2023-30004 + RESERVED +CVE-2023-30003 + RESERVED +CVE-2023-30002 + RESERVED +CVE-2023-30001 + RESERVED +CVE-2023-30000 + RESERVED +CVE-2023-29999 + RESERVED +CVE-2023-29998 (A Cross-site scripting (XSS) vulnerability in the content editor in Gi ...) + NOT-FOR-US: Gis3W g3w-suite +CVE-2023-29997 + RESERVED +CVE-2023-29996 (In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occur ...) + NOT-FOR-US: NanoMQ +CVE-2023-29995 (In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function ...) + NOT-FOR-US: NanoMQ +CVE-2023-29994 (In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqt ...) + NOT-FOR-US: NanoMQ +CVE-2023-29993 + RESERVED +CVE-2023-29992 + RESERVED +CVE-2023-29991 + RESERVED +CVE-2023-29990 + RESERVED +CVE-2023-29989 + RESERVED +CVE-2023-29988 + RESERVED +CVE-2023-29987 + RESERVED +CVE-2023-29986 (spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibl ...) + NOT-FOR-US: spring-boot-actuator-logview +CVE-2023-29985 (Sourcecodester Student Study Center Desk Management System v1.0 admin\ ...) + NOT-FOR-US: Sourcecodester +CVE-2023-29984 (Null pointer dereference vulnerability exists in multiple vendors MFPs ...) + NOT-FOR-US: Fujifilm +CVE-2023-29983 (Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8. ...) + NOT-FOR-US: Maximilian Vogt cmaps +CVE-2023-29982 + RESERVED +CVE-2023-29981 + RESERVED +CVE-2023-29980 + RESERVED +CVE-2023-29979 + RESERVED +CVE-2023-29978 + RESERVED +CVE-2023-29977 + RESERVED +CVE-2023-29976 + RESERVED +CVE-2023-29975 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to ch ...) + NOT-FOR-US: Pfsense CE +CVE-2023-29974 (An issue discovered in Pfsense CE version 2.6.0 allows attackers to co ...) + NOT-FOR-US: Pfsense CE +CVE-2023-29973 (Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead ...) + NOT-FOR-US: Pfsense CE +CVE-2023-29972 + RESERVED +CVE-2023-29971 + RESERVED +CVE-2023-29970 + RESERVED +CVE-2023-29969 + RESERVED +CVE-2023-29968 + RESERVED +CVE-2023-29967 + RESERVED +CVE-2023-29966 + RESERVED +CVE-2023-29965 + RESERVED +CVE-2023-29964 + RESERVED +CVE-2023-29963 (S-CMS v5.0 was discovered to contain an authenticated remote code exec ...) + NOT-FOR-US: S-CMS +CVE-2023-29962 + RESERVED +CVE-2023-29961 (D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack o ...) + NOT-FOR-US: D-Link +CVE-2023-29960 + RESERVED +CVE-2023-29959 + RESERVED +CVE-2023-29958 + RESERVED +CVE-2023-29957 + RESERVED +CVE-2023-29956 + RESERVED +CVE-2023-29955 + RESERVED +CVE-2023-29954 + RESERVED +CVE-2023-29953 + RESERVED +CVE-2023-29952 + RESERVED +CVE-2023-29951 + RESERVED +CVE-2023-29950 (swfrender v0.9.2 was discovered to contain a heap buffer overflow in t ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/198 +CVE-2023-29949 + RESERVED +CVE-2023-29948 + RESERVED +CVE-2023-29947 + RESERVED +CVE-2023-29946 + RESERVED +CVE-2023-29945 + RESERVED +CVE-2023-29944 (Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Exec ...) + NOT-FOR-US: Metersphere +CVE-2023-29943 + RESERVED +CVE-2023-29942 (llvm-project commit a0138390 was discovered to contain a segmentation ...) + - llvm-toolchain-13 (unimportant) + - llvm-toolchain-14 (unimportant) + - llvm-toolchain-15 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59990 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29941 (llvm-project commit a0138390 was discovered to contain a segmentation ...) + - llvm-toolchain-13 (unimportant) + - llvm-toolchain-14 (unimportant) + - llvm-toolchain-15 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59988 + NOTE: https://github.com/llvm/llvm-project/commit/9a29d87538842a29b430c6956a4f914896643691 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29940 + RESERVED +CVE-2023-29939 (llvm-project commit a0138390 was discovered to contain a segmentation ...) + - llvm-toolchain-13 1:13.0.1-12 (unimportant) + - llvm-toolchain-14 1:14.0.6-13 (unimportant) + - llvm-toolchain-15 1:15.0.7-7 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59983 + NOTE: https://github.com/llvm/llvm-project/commit/466aa585c6dfb096bf9a7ad9bcbc6ce8cc7abff1 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29938 + RESERVED +CVE-2023-29937 + RESERVED +CVE-2023-29936 + RESERVED +CVE-2023-29935 (llvm-project commit a0138390 was discovered to contain an assertion fa ...) + - llvm-toolchain-13 (unimportant) + - llvm-toolchain-14 (unimportant) + - llvm-toolchain-15 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59182 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29934 (llvm-project commit 6c01b5c was discovered to contain a segmentation f ...) + - llvm-toolchain-13 1:13.0.1-12 (unimportant) + - llvm-toolchain-14 1:14.0.6-13 (unimportant) + - llvm-toolchain-15 1:15.0.7-7 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59136 + NOTE: https://github.com/llvm/llvm-project/commit/80d5400d924e543c5420f4e924f5818313605e99 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29933 (llvm-project commit bd456297 was discovered to contain a segmentation ...) + - llvm-toolchain-13 (unimportant) + - llvm-toolchain-14 (unimportant) + - llvm-toolchain-15 1:15.0.7-7 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/59442 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29932 (llvm-project commit fdbc55a5 was discovered to contain a segmentation ...) + - llvm-toolchain-13 1:13.0.1-12 (unimportant) + - llvm-toolchain-14 1:14.0.6-13 (unimportant) + - llvm-toolchain-15 1:15.0.7-7 (unimportant) + NOTE: https://github.com/llvm/llvm-project/issues/58745 + NOTE: https://github.com/llvm/llvm-project/commit/d35fcf0e97e7bb02381506a71e61ec282b292c50 + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-29931 (laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illumi ...) + NOT-FOR-US: laravel-s +CVE-2023-29930 (An issue was found in Genesys CIC Polycom phone provisioning TFTP Serv ...) + NOT-FOR-US: Genesys +CVE-2023-29929 + RESERVED +CVE-2023-29928 + RESERVED +CVE-2023-29927 (Versions of Sage 300 through 2022 implement role-based access controls ...) + NOT-FOR-US: Sage +CVE-2023-29926 (PowerJob V4.3.2 has unauthorized interface that causes remote code exe ...) + NOT-FOR-US: PowerJob +CVE-2023-29925 + RESERVED +CVE-2023-29924 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows ...) + NOT-FOR-US: PowerJob +CVE-2023-29923 (PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list jo ...) + NOT-FOR-US: PowerJob +CVE-2023-29922 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...) + NOT-FOR-US: PowerJob +CVE-2023-29921 (PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the crea ...) + NOT-FOR-US: PowerJob +CVE-2023-29920 + RESERVED +CVE-2023-29919 (SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any fi ...) + NOT-FOR-US: SolarView +CVE-2023-29918 (RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Modul ...) + NOT-FOR-US: RosarioSIS +CVE-2023-29917 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29916 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29915 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29914 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29913 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29912 (H3C Magic R200 R200V100R004 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2023-29911 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29910 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29909 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29908 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29907 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29906 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29905 (H3C Magic R200 version R200V100R004 was discovered to contain a stack ...) + NOT-FOR-US: H3C +CVE-2023-29904 + RESERVED +CVE-2023-29903 + RESERVED +CVE-2023-29902 + RESERVED +CVE-2023-29901 + RESERVED +CVE-2023-29900 + RESERVED +CVE-2023-29899 + RESERVED +CVE-2023-29898 + RESERVED +CVE-2023-29897 + RESERVED +CVE-2023-29896 + RESERVED +CVE-2023-29895 + RESERVED +CVE-2023-29894 + RESERVED +CVE-2023-29893 + RESERVED +CVE-2023-29892 + RESERVED +CVE-2023-29891 + RESERVED +CVE-2023-29890 + RESERVED +CVE-2023-29889 + RESERVED +CVE-2023-29888 + RESERVED +CVE-2023-29887 (A Local File inclusion vulnerability in test.php in spreadsheet-reader ...) + NOT-FOR-US: spreadsheet-reader +CVE-2023-29886 + RESERVED +CVE-2023-29885 + RESERVED +CVE-2023-29884 + RESERVED +CVE-2023-29883 + RESERVED +CVE-2023-29882 + RESERVED +CVE-2023-29881 + RESERVED +CVE-2023-29880 + RESERVED +CVE-2023-29879 + RESERVED +CVE-2023-29878 + RESERVED +CVE-2023-29877 + RESERVED +CVE-2023-29876 + RESERVED +CVE-2023-29875 + RESERVED +CVE-2023-29874 + RESERVED +CVE-2023-29873 + RESERVED +CVE-2023-29872 + RESERVED +CVE-2023-29871 + RESERVED +CVE-2023-29870 + RESERVED +CVE-2023-29869 + RESERVED +CVE-2023-29868 (Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Contro ...) + - zammad (bug #841355) +CVE-2023-29867 (Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. ...) + - zammad (bug #841355) +CVE-2023-29866 + RESERVED +CVE-2023-29865 + RESERVED +CVE-2023-29864 + RESERVED +CVE-2023-29863 (Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to ...) + NOT-FOR-US: Medical Systems Co. Medisys Weblab Products +CVE-2023-29862 (An issue found in Agasio-Camera device version not specified allows a ...) + NOT-FOR-US: Agasio-Camera +CVE-2023-29861 (An issue found in FLIR-DVTEL version not specified allows a remote att ...) + NOT-FOR-US: FLIR-DVTEL +CVE-2023-29860 (An insecure permissions in /Taier/API/tenant/listTenant interface in D ...) + NOT-FOR-US: Taier +CVE-2023-29859 + RESERVED +CVE-2023-29858 + RESERVED +CVE-2023-29857 (An issue in Teslamate v1.27.1 allows attackers to obtain sensitive inf ...) + NOT-FOR-US: Teslamate +CVE-2023-29856 (D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerab ...) + NOT-FOR-US: D-Link +CVE-2023-29855 (WBCE CMS 1.5.3 has a command execution vulnerability via admin/languag ...) + NOT-FOR-US: WBCE CMS +CVE-2023-29854 (DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the for ...) + NOT-FOR-US: DirCMS +CVE-2023-29853 + RESERVED +CVE-2023-29852 + RESERVED +CVE-2023-29851 + RESERVED +CVE-2023-29850 (SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip ...) + NOT-FOR-US: SENAYAN Library Management System (SLiMS) Bulia +CVE-2023-29849 (Bang Resto 1.0 was discovered to contain multiple SQL injection vulner ...) + NOT-FOR-US: Bang Resto +CVE-2023-29848 (Bang Resto 1.0 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: Bang Resto +CVE-2023-29847 (AeroCMS v0.0.1 was discovered to contain multiple stored cross-site sc ...) + NOT-FOR-US: AeroCMS +CVE-2023-29846 + RESERVED +CVE-2023-29845 + REJECTED +CVE-2023-29844 + RESERVED +CVE-2023-29843 + RESERVED +CVE-2023-29842 (ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQ ...) + NOT-FOR-US: ChirchCRm +CVE-2023-29841 + RESERVED +CVE-2023-29840 + RESERVED +CVE-2023-29839 (A Stored Cross Site Scripting (XSS) vulnerability exists in multiple p ...) + - hoteldruid 3.0.5-1 (bug #1035671) + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + NOTE: https://github.com/jichngan/CVE-2023-29839 + NOTE: Fixed upstream in 3.0.5 +CVE-2023-29838 (Insecure Permission vulnerability found in Botkind/Siber Systems SyncA ...) + NOT-FOR-US: Botkind/Siber Systems SyncApp +CVE-2023-29837 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...) + NOT-FOR-US: Exelysis Unified Communication Solution (EUCS) +CVE-2023-29836 (Cross Site Scripting vulnerability found in Exelysis Unified Communica ...) + NOT-FOR-US: Exelysis Unified Communication Solutions (EUCS) +CVE-2023-29835 (Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9. ...) + NOT-FOR-US: Wondershare Dr.Fone +CVE-2023-29834 + RESERVED +CVE-2023-29833 + RESERVED +CVE-2023-29832 + RESERVED +CVE-2023-29831 + RESERVED +CVE-2023-29830 + RESERVED +CVE-2023-29829 + RESERVED +CVE-2023-29828 + RESERVED +CVE-2023-29827 (ejs v3.1.9 is vulnerable to server-side template injection. If the ejs ...) + - node-ejs (unimportant) + NOTE: https://github.com/mde/ejs/issues/720 + NOTE: Not considered a security issue by upstream, requires to never give unfiltered + NOTE: input to the EJS's render function. +CVE-2023-29826 + RESERVED +CVE-2023-29825 + RESERVED +CVE-2023-29824 (A use-after-free issue was discovered in Py_FindObjects() function in ...) + - scipy 1.8.1-3 + [bullseye] - scipy (Minor issue) + NOTE: https://github.com/scipy/scipy/issues/14713 + NOTE: https://github.com/scipy/scipy/pull/15013 + NOTE: http://www.square16.org/achievement/cve-2023-29824/ +CVE-2023-29823 + RESERVED +CVE-2023-29822 + RESERVED +CVE-2023-29821 + RESERVED +CVE-2023-29820 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) + NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection +CVE-2023-29819 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) + NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection +CVE-2023-29818 (An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v ...) + NOT-FOR-US: Webroot SecureAnywhere Endpoint Protection +CVE-2023-29817 + RESERVED +CVE-2023-29816 + RESERVED +CVE-2023-29815 (mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: mccms +CVE-2023-29814 + RESERVED +CVE-2023-29813 + RESERVED +CVE-2023-29812 + RESERVED +CVE-2023-29811 + RESERVED +CVE-2023-29810 + RESERVED +CVE-2023-29809 (SQL injection vulnerability found in Maximilian Vogt companymaps (cmap ...) + NOT-FOR-US: Maximilian Vogt companymaps (cmaps) +CVE-2023-29808 (Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) ...) + NOT-FOR-US: Maximilian Vogt companymaps (cmaps) +CVE-2023-29807 + RESERVED +CVE-2023-29806 + RESERVED +CVE-2023-29805 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...) + NOT-FOR-US: WFS-SR03 +CVE-2023-29804 (WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerab ...) + NOT-FOR-US: WFS-SR03 +CVE-2023-29803 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29802 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29801 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multipl ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29800 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29799 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29798 (TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a comma ...) + NOT-FOR-US: TOTOLINK +CVE-2023-29797 + RESERVED +CVE-2023-29796 + RESERVED +CVE-2023-29795 + RESERVED +CVE-2023-29794 + RESERVED +CVE-2023-29793 + RESERVED +CVE-2023-29792 + RESERVED +CVE-2023-29791 (kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the deb ...) + NOT-FOR-US: kodbox +CVE-2023-29790 (kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.) + NOT-FOR-US: kodbox +CVE-2023-29789 + RESERVED +CVE-2023-29788 + RESERVED +CVE-2023-29787 + RESERVED +CVE-2023-29786 + RESERVED +CVE-2023-29785 + RESERVED +CVE-2023-29784 + RESERVED +CVE-2023-29783 + RESERVED +CVE-2023-29782 + RESERVED +CVE-2023-29781 + RESERVED +CVE-2023-29780 (Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnera ...) + NOT-FOR-US: Third Reality Smart Blind +CVE-2023-29779 (Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulner ...) + NOT-FOR-US: Sengled Dimmer Switch +CVE-2023-29778 (GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection v ...) + NOT-FOR-US: GL.iNET +CVE-2023-29777 + RESERVED +CVE-2023-29776 + RESERVED +CVE-2023-29775 + RESERVED +CVE-2023-29774 (Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).) + NOT-FOR-US: Dreamer CMS +CVE-2023-29773 + RESERVED +CVE-2023-29772 (A Cross-site scripting (XSS) vulnerability in the System Log/General L ...) + NOT-FOR-US: ASUS +CVE-2023-29771 + RESERVED +CVE-2023-29770 (In Sentrifugo 3.5, the AssetsController::uploadsaveAction function all ...) + NOT-FOR-US: Sentrifugo +CVE-2023-29769 + RESERVED +CVE-2023-29768 + RESERVED +CVE-2023-29767 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) + NOT-FOR-US: CrossX +CVE-2023-29766 (An issue found in CrossX v.1.15.3 for Android allows a local attacker ...) + NOT-FOR-US: CrossX +CVE-2023-29765 + RESERVED +CVE-2023-29764 + RESERVED +CVE-2023-29763 + RESERVED +CVE-2023-29762 + RESERVED +CVE-2023-29761 (An issue found in Sleep v.20230303 for Android allows unauthorized app ...) + NOT-FOR-US: Sleep +CVE-2023-29760 + RESERVED +CVE-2023-29759 (An issue found in FlightAware v.5.8.0 for Android allows unauthorized ...) + NOT-FOR-US: FlightAware +CVE-2023-29758 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) + NOT-FOR-US: Blue Light Filter +CVE-2023-29757 (An issue found in Blue Light Filter v.1.5.5 for Android allows unautho ...) + NOT-FOR-US: Blue Light Filter +CVE-2023-29756 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) + NOT-FOR-US: Twilight +CVE-2023-29755 (An issue found in Twilight v.13.3 for Android allows unauthorized apps ...) + NOT-FOR-US: Twilight +CVE-2023-29754 + RESERVED +CVE-2023-29753 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) + NOT-FOR-US: Facemoji Emoji Keyboard +CVE-2023-29752 (An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows ...) + NOT-FOR-US: Facemoji Emoji Keyboard +CVE-2023-29751 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) + NOT-FOR-US: Yandex Navigator +CVE-2023-29750 + RESERVED +CVE-2023-29749 (An issue found in Yandex Navigator v.6.60 for Android allows unauthori ...) + NOT-FOR-US: Yandex Navigator +CVE-2023-29748 (Story Saver for Instragram - Video Downloader 1.0.6 for Android has an ...) + NOT-FOR-US: Story Saver for Instragram +CVE-2023-29747 (Story Saver for Instragram - Video Downloader 1.0.6 for Android exists ...) + NOT-FOR-US: Story Saver for Instragram +CVE-2023-29746 (An issue found in The Thaiger v.1.2 for Android allows unauthorized ap ...) + NOT-FOR-US: Thaiger +CVE-2023-29745 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + NOT-FOR-US: BestWeather +CVE-2023-29744 + RESERVED +CVE-2023-29743 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + NOT-FOR-US: BestWeather +CVE-2023-29742 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + NOT-FOR-US: BestWeather +CVE-2023-29741 (An issue found in BestWeather v.7.3.1 for Android allows unauthorized ...) + NOT-FOR-US: BestWeather +CVE-2023-29740 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) + NOT-FOR-US: Alarm Clock for Heavy Sleepers +CVE-2023-29739 (An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android a ...) + NOT-FOR-US: Alarm Clock for Heavy Sleepers +CVE-2023-29738 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) + NOT-FOR-US: Wave Animated Keyboard Emoji +CVE-2023-29737 (An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android al ...) + NOT-FOR-US: Wave Animated Keyboard Emoji +CVE-2023-29736 (Keyboard Themes 1.275.1.164 for Android contains a dictionary traversa ...) + NOT-FOR-US: Keyboard Themes for Android +CVE-2023-29735 (An issue found in edjing Mix v.7.09.01 for Android allows a local atta ...) + NOT-FOR-US: edjing Mix +CVE-2023-29734 (An issue found in edjing Mix v.7.09.01 for Android allows unauthorized ...) + NOT-FOR-US: edjing Mix +CVE-2023-29733 (The Lock Master app 2.2.4 for Android allows unauthorized apps to modi ...) + NOT-FOR-US: Lock Master +CVE-2023-29732 (SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the co ...) + NOT-FOR-US: SoLive +CVE-2023-29731 (SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that pr ...) + NOT-FOR-US: SoLive +CVE-2023-29730 + RESERVED +CVE-2023-29729 + RESERVED +CVE-2023-29728 (The Call Blocker application 6.6.3 for Android allows attackers to tam ...) + NOT-FOR-US: Call Blocker +CVE-2023-29727 (The Call Blocker application 6.6.3 for Android allows unauthorized app ...) + NOT-FOR-US: Call Blocker +CVE-2023-29726 (The Call Blocker application 6.6.3 for Android incorrectly opens a key ...) + NOT-FOR-US: Call Blocker +CVE-2023-29725 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applic ...) + NOT-FOR-US: BT21 x BTS Wallpaper app for Android +CVE-2023-29724 (The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps t ...) + NOT-FOR-US: BT21 x BTS Wallpaper app for Android +CVE-2023-29723 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...) + NOT-FOR-US: Glitter Unicorn Wallpaper app +CVE-2023-29722 (The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unau ...) + NOT-FOR-US: Glitter Unicorn Wallpaper app +CVE-2023-29721 (SofaWiki <= 3.8.9 has a file upload vulnerability that leads to comman ...) + NOT-FOR-US: SofaWiki +CVE-2023-29720 (SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index ...) + NOT-FOR-US: SofaWiki +CVE-2023-29719 + RESERVED +CVE-2023-29718 + RESERVED +CVE-2023-29717 + RESERVED +CVE-2023-29716 + RESERVED +CVE-2023-29715 + RESERVED +CVE-2023-29714 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + NOT-FOR-US: Vade Secure Gateway +CVE-2023-29713 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + NOT-FOR-US: Vade Secure Gateway +CVE-2023-29712 (Cross Site Scripting vulnerability found in Vade Secure Gateway allows ...) + NOT-FOR-US: Vade Secure Gateway +CVE-2023-29711 (An incorrect access control issue was discovered in Interlink PSG-5124 ...) + NOT-FOR-US: Interlink PSG-5124 +CVE-2023-29710 + RESERVED +CVE-2023-29709 (An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE ve ...) + NOT-FOR-US: Wildix WSG24POE +CVE-2023-29708 (An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter versi ...) + NOT-FOR-US: WavLink WavRouter +CVE-2023-29707 (Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Cent ...) + NOT-FOR-US: GBCOM LAC WEB Control Center +CVE-2023-29706 + RESERVED +CVE-2023-29705 + RESERVED +CVE-2023-29704 + RESERVED +CVE-2023-29703 + RESERVED +CVE-2023-29702 + RESERVED +CVE-2023-29701 + RESERVED +CVE-2023-29700 + RESERVED +CVE-2023-29699 + RESERVED +CVE-2023-29698 + RESERVED +CVE-2023-29697 + RESERVED +CVE-2023-29696 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2023-29695 + RESERVED +CVE-2023-29694 + RESERVED +CVE-2023-29693 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2023-29692 + RESERVED +CVE-2023-29691 + RESERVED +CVE-2023-29690 + RESERVED +CVE-2023-29689 (PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that ...) + NOT-FOR-US: PyroCMS +CVE-2023-29688 + RESERVED +CVE-2023-29687 + RESERVED +CVE-2023-29686 + RESERVED +CVE-2023-29685 + RESERVED +CVE-2023-29684 + RESERVED +CVE-2023-29683 + RESERVED +CVE-2023-29682 + RESERVED +CVE-2023-29681 (Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware ...) + NOT-FOR-US: Tenda +CVE-2023-29680 (Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmwar ...) + NOT-FOR-US: Tenda +CVE-2023-29679 + RESERVED +CVE-2023-29678 + RESERVED +CVE-2023-29677 + RESERVED +CVE-2023-29676 + RESERVED +CVE-2023-29675 + RESERVED +CVE-2023-29674 + RESERVED +CVE-2023-29673 + RESERVED +CVE-2023-29672 + RESERVED +CVE-2023-29671 + RESERVED +CVE-2023-29670 + RESERVED +CVE-2023-29669 + RESERVED +CVE-2023-29668 + RESERVED +CVE-2023-29667 + RESERVED +CVE-2023-29666 + RESERVED +CVE-2023-29665 (D-Link DIR823G_V1.0.2B05 was discovered to contain a stack overflow vi ...) + NOT-FOR-US: D-Link +CVE-2023-29664 + RESERVED +CVE-2023-29663 + RESERVED +CVE-2023-29662 + RESERVED +CVE-2023-29661 + RESERVED +CVE-2023-29660 + RESERVED +CVE-2023-29659 (A Segmentation fault caused by a floating point exception exists in li ...) + - libheif 1.16.2-1 (bug #1035607) + [bookworm] - libheif (Minor issue) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Minor issue) + NOTE: https://github.com/strukturag/libheif/issues/794 + NOTE: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991 (v1.15.2) +CVE-2023-29658 + RESERVED +CVE-2023-29657 (eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in ...) + - extplorer +CVE-2023-29656 (An improper authorization vulnerability in Darktrace mobile app (Andro ...) + NOT-FOR-US: Darktrace +CVE-2023-29655 + RESERVED +CVE-2023-29654 + RESERVED +CVE-2023-29653 + RESERVED +CVE-2023-29652 + RESERVED +CVE-2023-29651 + RESERVED +CVE-2023-29650 + RESERVED +CVE-2023-29649 + RESERVED +CVE-2023-29648 + RESERVED +CVE-2023-29647 + RESERVED +CVE-2023-29646 + RESERVED +CVE-2023-29645 + RESERVED +CVE-2023-29644 + RESERVED +CVE-2023-29643 (Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows a ...) + NOT-FOR-US: PerfreeBlog +CVE-2023-29642 + RESERVED +CVE-2023-29641 (Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5. ...) + NOT-FOR-US: pandao editor.md +CVE-2023-29640 + RESERVED +CVE-2023-29639 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...) + NOT-FOR-US: ZHENFENG13 My-Blog +CVE-2023-29638 (Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before ...) + NOT-FOR-US: WinterChenS my-site +CVE-2023-29637 (Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows ...) + NOT-FOR-US: Qbian61 forum-java +CVE-2023-29636 (Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows ...) + NOT-FOR-US: ZHENFENG13 My-Blog +CVE-2023-29635 (File upload vulnerability in Antabot White-Jotter v0.2.2, allows remot ...) + NOT-FOR-US: Antabot White-Jotter +CVE-2023-29634 + RESERVED +CVE-2023-29633 + RESERVED +CVE-2023-29632 (PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_ ...) + NOT-FOR-US: PrestaShop jmspagebuilder +CVE-2023-29631 (PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control v ...) + NOT-FOR-US: PrestaShop jmsslider +CVE-2023-29630 (PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection ...) + NOT-FOR-US: PrestaShop jmsmegamenu +CVE-2023-29629 (PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via aja ...) + NOT-FOR-US: PrestaShop jmsthemelayout +CVE-2023-29628 + RESERVED +CVE-2023-29627 (Online Pizza Ordering v1.0 was discovered to contain an arbitrary file ...) + NOT-FOR-US: Online Pizza Ordering +CVE-2023-29626 (Yoga Class Registration System 1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Yoga Class Registration System +CVE-2023-29625 (Employee Performance Evaluation System v1.0 was discovered to contain ...) + NOT-FOR-US: Employee Performance Evaluation System +CVE-2023-29624 + RESERVED +CVE-2023-29623 (Purchase Order Management v1.0 was discovered to contain a reflected c ...) + NOT-FOR-US: Purchase Order Management +CVE-2023-29622 (Purchase Order Management v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Purchase Order Management +CVE-2023-29621 (Purchase Order Management v1.0 was discovered to contain an arbitrary ...) + NOT-FOR-US: Purchase Order Management +CVE-2023-29620 + RESERVED +CVE-2023-29619 + RESERVED +CVE-2023-29618 + RESERVED +CVE-2023-29617 + RESERVED +CVE-2023-29616 + RESERVED +CVE-2023-29615 + RESERVED +CVE-2023-29614 + RESERVED +CVE-2023-29613 + RESERVED +CVE-2023-29612 + RESERVED +CVE-2023-29611 + RESERVED +CVE-2023-29610 + RESERVED +CVE-2023-29609 + RESERVED +CVE-2023-29608 + RESERVED +CVE-2023-29607 + RESERVED +CVE-2023-29606 + RESERVED +CVE-2023-29605 + RESERVED +CVE-2023-29604 + RESERVED +CVE-2023-29603 + RESERVED +CVE-2023-29602 + RESERVED +CVE-2023-29601 + RESERVED +CVE-2023-29600 + RESERVED +CVE-2023-29599 + RESERVED +CVE-2023-29598 (lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: lmxcms +CVE-2023-29597 (bloofox v0.5.2 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: bloofox +CVE-2023-29596 (Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an ...) + NOT-FOR-US: ByronKnoll Cmix +CVE-2023-29595 + RESERVED +CVE-2023-29594 + RESERVED +CVE-2023-29593 + RESERVED +CVE-2023-29592 + RESERVED +CVE-2023-29591 + RESERVED +CVE-2023-29590 + RESERVED +CVE-2023-29589 + RESERVED +CVE-2023-29588 + RESERVED +CVE-2023-29587 + RESERVED +CVE-2023-29586 (Code Sector TeraCopy 3.9.7 does not perform proper access validation o ...) + NOT-FOR-US: Code Sector TeraCopy +CVE-2023-29585 + RESERVED +CVE-2023-29584 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...) + - mp4v2 +CVE-2023-29583 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/218 + NOTE: Crash in CLI tool, no security impact +CVE-2023-29582 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/217 + NOTE: Crash in CLI tool, no security impact +CVE-2023-29581 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/216 + NOTE: Crash in CLI tool, no security impact +CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation violatio ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/215 + NOTE: Crash in CLI tool, no security impact +CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...) + - yasm (bug #1035951) + [bookworm] - yasm (Minor issue) + [bullseye] - yasm (Minor issue) + [buster] - yasm (Minor issue) + NOTE: https://github.com/yasm/yasm/issues/214 +CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the ...) + - mp4v2 +CVE-2023-29577 + RESERVED +CVE-2023-29576 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Bento4 +CVE-2023-29575 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) + NOT-FOR-US: Bento4 +CVE-2023-29574 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) + NOT-FOR-US: Bento4 +CVE-2023-29573 (Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in th ...) + NOT-FOR-US: Bento4 +CVE-2023-29572 + RESERVED +CVE-2023-29571 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesenta MJS +CVE-2023-29570 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesenta MJS +CVE-2023-29569 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesenta MJS +CVE-2023-29568 + RESERVED +CVE-2023-29567 + RESERVED +CVE-2023-29566 (huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 w ...) + NOT-FOR-US: huedawn-tesseract / dawnsparks-node-tesseract +CVE-2023-29565 + RESERVED +CVE-2023-29564 + RESERVED +CVE-2023-29563 + RESERVED +CVE-2023-29562 (TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack ov ...) + NOT-FOR-US: TP-Link +CVE-2023-29561 + RESERVED +CVE-2023-29560 + RESERVED +CVE-2023-29559 + RESERVED +CVE-2023-29558 + RESERVED +CVE-2023-29557 + RESERVED +CVE-2023-29556 + RESERVED +CVE-2023-29555 + RESERVED +CVE-2023-29554 + RESERVED +CVE-2023-29553 + RESERVED +CVE-2023-29552 (The Service Location Protocol (SLP, RFC 2608) allows an unauthenticate ...) + NOT-FOR-US: Service Location Protocol + NOTE: Might affect src:openslp-dfsg, but removed years ago +CVE-2023-29551 (Memory safety bugs present in Firefox 111. Some of these bugs showed e ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29551 +CVE-2023-29550 (Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29550 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29550 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29550 +CVE-2023-29549 (Under certain circumstances, a call to the bind function ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29549 +CVE-2023-29548 (A wrong lowering instruction in the ARM64 Ion compiler resulted in a w ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29548 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29548 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29548 +CVE-2023-29547 (When a secure cookie existed in the Firefox cookie jar an insecure coo ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29547 +CVE-2023-29546 (When recording the screen while in Private Browsing on Firefox for And ...) + - firefox (Only affects Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29546 +CVE-2023-29545 (Similar to CVE-2023-28163, this time when choosing 'Save Link As', sug ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29545 +CVE-2023-29544 (If multiple instances of resource exhaustion occurred at the incorrect ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29544 +CVE-2023-29543 (An attacker could have caused memory corruption and a potentially expl ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29543 +CVE-2023-29542 (A newline in a filename could have been used to bypass the file extens ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29542 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29542 +CVE-2023-29541 (Firefox did not properly handle downloads of files ending in .de ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29541 +CVE-2023-29540 (Using a redirect embedded into sourceMappingUrls could al ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29540 +CVE-2023-29539 (When handling the filename directive in the Content-Disposition header ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29539 +CVE-2023-29538 (Under specific circumstances a WebExtension may have received a ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29538 +CVE-2023-29537 (Multiple race conditions in the font initialization could have led to ...) + - firefox 112.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29537 +CVE-2023-29536 (An attacker could cause the memory manager to incorrectly free a point ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29536 +CVE-2023-29535 (Following a Garbage Collector compaction, weak maps may have been acce ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29535 +CVE-2023-29534 (Different techniques existed to obscure the fullscreen notification in ...) + - firefox (Only affects Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29534 +CVE-2023-29533 (A website could have obscured the fullscreen notification by using a c ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox 112.0-1 + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29533 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29533 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29533 +CVE-2023-29532 (A local attacker can trick the Mozilla Maintenance Service into applyi ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29532 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29532 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29532 +CVE-2023-29531 (An attacker could have caused an out of bounds memory access using Web ...) + - firefox (Only affects Firefox on macOS) + - firefox-esr (Only affects Firefox ESR on macOS) + - thunderbird (Only affects Thunderbird on macOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-29531 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-29531 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29531 +CVE-2023-1962 (A vulnerability classified as critical was found in SourceCodester Bes ...) + NOT-FOR-US: SourceCodester Best Online News Portal +CVE-2023-1961 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1960 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1959 (A vulnerability has been found in SourceCodester Online Computer and L ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1958 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1957 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1956 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1955 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1954 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1953 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1952 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1951 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1950 (A vulnerability has been found in PHPGurukul BP Monitoring Management ...) + NOT-FOR-US: PHPGurukul BP Monitoring Management System +CVE-2023-1949 (A vulnerability, which was classified as critical, was found in PHPGur ...) + NOT-FOR-US: PHPGurukul BP Monitoring Management System +CVE-2023-1948 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: PHPGurukul BP Monitoring Management System +CVE-2023-1947 (A vulnerability was found in taoCMS 3.0.2. It has been classified as c ...) + NOT-FOR-US: taoCMS +CVE-2023-1946 (A vulnerability was found in SourceCodester Survey Application System ...) + NOT-FOR-US: SourceCodester Survey Application System +CVE-2023-1945 (Unexpected data returned from the Safe Browsing API could have led to ...) + {DSA-5392-1 DSA-5385-1 DLA-3400-1 DLA-3391-1} + - firefox-esr 102.10.0esr-1 + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1945 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1945 +CVE-2023-1944 (This vulnerability enables ssh access to minikube container using a de ...) + NOT-FOR-US: minikube +CVE-2023-1943 (Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.) + NOT-FOR-US: Kubernetes Operations (kOps) +CVE-2015-10099 (A vulnerability classified as critical has been found in CP Appointmen ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125096 (A vulnerability was found in Fancy Gallery Plugin 1.5.12 on WordPress. ...) + NOT-FOR-US: WordPress plugin +CVE-2012-10011 (A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29530 (Laminas Diactoros provides PSR HTTP Message implementations. In versio ...) + NOT-FOR-US: Laminas Diactoros +CVE-2023-29529 (matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeS ...) + NOT-FOR-US: matrix-js-sdk +CVE-2023-29528 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29527 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29526 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29525 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29524 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29523 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29522 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29521 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29520 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29519 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29518 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29517 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29516 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29515 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29514 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29513 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29512 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29511 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29510 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29509 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29508 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29507 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29506 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29505 (An issue was discovered in Zoho ManageEngine Network Configuration Man ...) + NOT-FOR-US: Zoho +CVE-2023-28393 (A stack-based buffer overflow vulnerability exists in the tif_processi ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2023-1942 (A vulnerability has been found in SourceCodester Online Computer and L ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1941 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System +CVE-2023-1940 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System +CVE-2023-1939 (No access control for the OTP key on OTP entries in Devolutions Rem ...) + NOT-FOR-US: Devolutions +CVE-2023-1938 (The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1937 (A vulnerability, which was classified as problematic, was found in zhe ...) + NOT-FOR-US: zhenfeng13 My-Blog +CVE-2014-125095 (A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10025 (A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress an ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10024 (A vulnerability has been found in Exit Strategy Plugin 1.55 on WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2012-10010 (A vulnerability was found in BestWebSoft Contact Form 3.21. It has bee ...) + NOT-FOR-US: WordPress plugin +CVE-2023-32636 (A flaw was found in glib, where the gvariant deserialization code is v ...) + - glib2.0 (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 +CVE-2023-32643 (A flaw was found in GLib. The GVariant deserialization code is vulnera ...) + - glib2.0 (Incomplete fixes for CVE-2023-29499, CVE-2023-32611 and CVE-2023-32665 not applied) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 +CVE-2023-32665 (A flaw was found in GLib. GVariant deserialization is vulnerable to an ...) + {DLA-3583-1} + - glib2.0 2.74.4-1 + [bullseye] - glib2.0 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2121 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) + NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) + NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) +CVE-2023-32611 (A flaw was found in GLib. GVariant deserialization is vulnerable to a ...) + {DLA-3583-1} + - glib2.0 2.74.4-1 + [bullseye] - glib2.0 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2797 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) + NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) + NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) +CVE-2023-29499 (A flaw was found in GLib. GVariant deserialization fails to validate t ...) + {DLA-3583-1} + - glib2.0 2.74.4-1 + [bullseye] - glib2.0 (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2794 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126 (2.74, 3125 backport) + NOTE: Merge commit for glib-2-74: https://gitlab.gnome.org/GNOME/glib/-/commit/e16fb83755e08a4c2da2b0a8ea0fc2e27b1154bf (2.74.4) + NOTE: Be careful. Original fix introduces new bugs, resulting in CVE-2023-32643 and CVE-2023-32636 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2840 (CVE-2023-32643) + NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2841 (CVE-2023-32636) +CVE-2023-29493 + RESERVED +CVE-2023-29492 (Novi Survey before 8.9.43676 allows remote attackers to execute arbitr ...) + NOT-FOR-US: Novi Survey +CVE-2023-29491 (ncurses before 6.4 20230408, when used by a setuid application, allows ...) + {DLA-3682-1} + - ncurses 6.4-3 (bug #1034372) + [bullseye] - ncurses 6.2+20201114-2+deb11u2 + NOTE: https://invisible-island.net/ncurses/NEWS.html#index-t20230408 + NOTE: http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56 + NOTE: https://github.com/ThomasDickey/ncurses-snapshots/commit/a6d3f92bb5bba1a71c7c3df39497abbe5fe999ff + NOTE: https://www.openwall.com/lists/oss-security/2023/04/19/12 + NOTE: 6.4-3 upload configures with "--disable-root-environ" to disallow loading of + NOTE: custom terminfo entries in setuid/setgid programs, mitigating the impact of + NOTE: the vulnerability. +CVE-2023-29490 + RESERVED +CVE-2023-29489 (An issue was discovered in cPanel before 11.109.9999.116. XSS can occu ...) + NOT-FOR-US: cPanel +CVE-2023-29488 + RESERVED +CVE-2023-29487 + RESERVED +CVE-2023-29486 + RESERVED +CVE-2023-29485 + RESERVED +CVE-2023-29484 (In Terminalfour before 8.3.16, misconfigured LDAP users are able to lo ...) + NOT-FOR-US: Terminalfour +CVE-2023-29483 + RESERVED +CVE-2023-29482 + RESERVED +CVE-2023-29481 + RESERVED +CVE-2023-29480 (Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked af ...) + - rnp 0.16.3-1 (bug #1034558) + NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ +CVE-2023-29479 (Ribose RNP before 0.16.3 may hang when the input is malformed.) + {DSA-5392-1 DLA-3400-1} + - rnp 0.16.3-1 (bug #1034558) + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-29479 + NOTE: https://www.rnpgp.org/blog/2023-04-13-rnp-release-0-16-3/ +CVE-2023-29478 (BiblioCraft before 2.4.6 does not sanitize path-traversal characters i ...) + NOT-FOR-US: BiblioCraft +CVE-2023-29477 + RESERVED +CVE-2023-29476 + RESERVED +CVE-2023-29475 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...) + NOT-FOR-US: Unify +CVE-2023-29474 (inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Man ...) + NOT-FOR-US: Unify +CVE-2023-29473 (webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Ma ...) + NOT-FOR-US: Unify +CVE-2023-29472 + RESERVED +CVE-2023-29471 (Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug i ...) + NOT-FOR-US: Lightbend Alpakka Kafka +CVE-2023-29470 + RESERVED +CVE-2023-29469 (An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...) + {DSA-5391-1 DLA-3405-1} + - libxml2 2.9.14+dfsg-1.2 (bug #1034437) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185984 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/510 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64 (v2.10.4) +CVE-2023-29468 (The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the ...) + NOT-FOR-US: Texas Instruments +CVE-2023-29467 + RESERVED +CVE-2023-29466 + RESERVED +CVE-2023-29465 (SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world ...) + - flintqs (unimportant) + NOTE: https://github.com/sagemath/FlintQS/issues/3 + NOTE: https://github.com/sagemath/sage/pull/35419 + NOTE: Neutralised by kernel hardening +CVE-2023-29244 + RESERVED +CVE-2023-29165 (Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe ...) + NOT-FOR-US: Intel +CVE-2023-28823 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) + NOT-FOR-US: Intel +CVE-2023-28741 (Buffer overflow in some Intel(R) QAT drivers for Windows - HW Version ...) + NOT-FOR-US: Intel +CVE-2023-28715 + RESERVED +CVE-2023-28397 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) + NOT-FOR-US: Intel +CVE-2023-28396 + RESERVED +CVE-2023-27391 (Improper access control in some Intel(R) oneAPI Toolkit and component ...) + NOT-FOR-US: Intel +CVE-2023-22313 (Improper buffer restrictions in some Intel(R) QAT Library software bef ...) + NOT-FOR-US: Intel +CVE-2023-22310 (Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...) + NOT-FOR-US: Intel +CVE-2023-1936 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.11.11+ds1-1 +CVE-2023-1935 (ROC800-Series RTU devices are vulnerable to an authentication bypass, ...) + NOT-FOR-US: ROC800-Series RTU devices +CVE-2023-1934 (The PnPSCADA system, a product of SDG Technologies CC, is afflicted by ...) + NOT-FOR-US: PnPSCADA +CVE-2023-1933 + RESERVED +CVE-2023-1932 + RESERVED +CVE-2023-1931 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1930 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1929 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1928 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1927 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1926 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1925 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1924 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1923 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1922 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1921 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1920 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1919 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1918 (The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WP Fastest Cache plugin for WordPress +CVE-2023-1917 (The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48436 + RESERVED +CVE-2023-29464 (FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29463 (The JMX Console within the Rockwell Automation Pavilion8 is exposed to ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29462 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29461 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29460 (An arbitrary code execution vulnerability contained in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29459 (The laola.redbull application through 5.1.9-R for Android exposes the ...) + NOT-FOR-US: laola.redbull +CVE-2023-29458 (Duktape is an 3rd-party embeddable JavaScript engine, with a focus on ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (vulnerable code introduced later) + NOTE: This appears to be bug in Zabbix's use of duktape, not an issue in src:duktape per se + NOTE: https://support.zabbix.com/browse/ZBX-22989 + NOTE: duktape library introduced with https://github.com/zabbix/zabbix/commit/d43b04665c1ade5b4a9f49db750b8ca6c82e9de2 (5.0.0alpha1) +CVE-2023-29457 (Reflected XSS attacks, occur when a malicious script is reflected off ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22988 +CVE-2023-29456 (URL validation scheme receives input from a user and then parses it to ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22987 +CVE-2023-29455 (Reflected XSS attacks, also known as non-persistent attacks, occur whe ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22986 +CVE-2023-29454 (Stored or persistent cross-site scripting (XSS) is a type of XSS where ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22985 +CVE-2023-29453 (Templates do not properly consider backticks (`) as Javascript string ...) + - zabbix 1:6.0.23+dfsg-1 (unimportant) + NOTE: Zabbix in Debian uses Debian Go package +CVE-2023-29452 (Currently, geomap configuration (Administration -> General -> Geograph ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (vulnerable code introduced later) + [buster] - zabbix (vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-22981 + NOTE: Patches links: https://support.zabbix.com/browse/ZBX-22720 + NOTE: vulnerable geopmap widget introduced in version with https://github.com/zabbix/zabbix/commit/7e6a91149533b17b12c0317968b485e0c98d4ac2 (6.0.0alpha6) +CVE-2023-29451 (Specially crafted string can cause a buffer overrun in the JSON parser ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (5.x not affected) + NOTE: https://support.zabbix.com/browse/ZBX-22587 +CVE-2023-29450 (JavaScript pre-processing can be used by the attacker to gain access t ...) + {DLA-3538-1} + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22588 + NOTE: Patch for 5.0.32rc1: https://github.com/zabbix/zabbix/commit/c3f1543e4 + NOTE: Patch for 6.0.14rc2: https://github.com/zabbix/zabbix/commit/76f6a80cb +CVE-2023-29449 (JavaScript preprocessing, webhooks and global scripts can cause uncont ...) + - zabbix 1:6.0.23+dfsg-1 (bug #1055175) + [bookworm] - zabbix (Minor issue) + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-22589 + NOTE: Upstream patch for 5.0.32: https://github.com/zabbix/zabbix/commit/e90b8a3c62 + NOTE: applied in upstream release/5.0 branch: https://github.com/zabbix/zabbix/commit/c21cf2fa656b75733e3abc09d8f20690735b3f22 + NOTE: vulnerable module introduced in https://github.com/zabbix/zabbix/commit/18d2abfc40 (5.0.0alpha1) +CVE-2023-29448 + RESERVED +CVE-2023-29447 + RESERVED +CVE-2023-29446 + RESERVED +CVE-2023-29445 + RESERVED +CVE-2023-29444 + RESERVED +CVE-2023-29443 (Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-29442 (Zoho ManageEngine Applications Manager before 16400 allows proxy.html ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-29441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robert H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29440 (Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugi ...) + NOT-FOR-US: FooGallery +CVE-2023-29438 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29437 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29436 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29435 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fanc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29433 + RESERVED +CVE-2023-29432 + RESERVED +CVE-2023-29431 + RESERVED +CVE-2023-29430 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHtheme ...) + NOT-FOR-US: WordPress theme +CVE-2023-29429 + RESERVED +CVE-2023-29428 (Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb So ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29427 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Book ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29426 (Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29425 (Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com Shift ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29424 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plai ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29422 + RESERVED +CVE-2023-1916 (A flaw was found in tiffcrop, a program distributed by the libtiff pac ...) + - tiff (unimportant) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/536 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/537 + NOTE: Crash in CLI tool, no security impact +CVE-2023-1915 (The Thumbnail carousel slider WordPress plugin before 1.1.10 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1914 + RESERVED +CVE-2023-1913 (The Maps Widget for Google Maps for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1912 (The Limit Login Attempts plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: Limit Login Attempts plugin for WordPress +CVE-2023-1911 (The Blocksy Companion WordPress plugin before 1.8.82 does not ensure t ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1910 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1909 (A vulnerability, which was classified as critical, was found in PHPGur ...) + NOT-FOR-US: PHPGurukul BP Monitoring Management System +CVE-2023-1908 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) + NOT-FOR-US: SourceCodester Simple Mobile Comparison Website +CVE-2023-1907 + RESERVED +CVE-2023-1906 (A heap-based buffer overflow issue was discovered in ImageMagick's Imp ...) + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1034373) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-35q2-86c7-9247 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30c693b37c3b41723f1469d1226a2c814ca443d (ImageMagick 6.9.12-84) +CVE-2023-1905 (The WP Popups WordPress plugin before 2.1.5.1 does not properly escape ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10098 (A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 o ...) + NOT-FOR-US: WordPress plugin +CVE-2013-10023 (A vulnerability was found in Editorial Calendar Plugin up to 2.6 on Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-XXXX [https://rustsec.org/advisories/RUSTSEC-2023-0031.html] + - rust-spin 0.9.5-2 (bug #1034374) + [bullseye] - rust-spin (Introduced in 0.9.3) + [buster] - rust-spin (Introduced in 0.9.3) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0031.html + NOTE: https://github.com/mvdnes/spin-rs/issues/148 +CVE-2023-29421 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) + [experimental] - bzip3 1.2.3-1 + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/issues/94 + NOTE: https://github.com/kspalaiologos/bzip3/commit/33b1951f153c3c5dc8ed736b9110437e1a619b7d (1.2.3) +CVE-2023-29420 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) + [experimental] - bzip3 1.2.3-1 + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/commit/bb06deb85f1c249838eb938e0dab271d4194f8fa (1.2.3) + NOTE: https://github.com/kspalaiologos/bzip3/issues/92 +CVE-2023-29419 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) + [experimental] - bzip3 1.2.3-1 + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/commit/8ec8ce7d3d58bf42dabc47e4cc53aa27051bd602 (1.2.3) + NOTE: https://github.com/kspalaiologos/bzip3/issues/92 +CVE-2023-29418 (An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is ...) + [experimental] - bzip3 1.2.3-1 + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/commit/aae16d107f804f69000c09cd92027a140968cc9d (1.2.3) + NOTE: https://github.com/kspalaiologos/bzip3/issues/92 +CVE-2023-29417 (An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_d ...) + - bzip3 (unimportant) + NOTE: https://github.com/kspalaiologos/bzip3/issues/97 + NOTE: Issue between library and example code not correctly using the API +CVE-2023-29416 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_dec ...) + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/commit/bfa5bf82b53715dfedf048e5859a46cf248668ff (1.3.0) + NOTE: https://github.com/kspalaiologos/bzip3/issues/92 +CVE-2023-29415 (An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial ...) + - bzip3 1.2.2-2 (bug #1034177) + NOTE: https://github.com/kspalaiologos/bzip3/issues/95 + NOTE: https://github.com/kspalaiologos/bzip3/commit/56c24ca1f8f25e648d42154369b6962600f76465 (1.3.0) +CVE-2023-29414 (A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer ...) + NOT-FOR-US: Schneider +CVE-2023-29413 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider +CVE-2023-29412 (A CWE-78: Improper Handling of Case Sensitivity vulnerability exists t ...) + NOT-FOR-US: Schneider +CVE-2023-29411 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider +CVE-2023-29410 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + NOT-FOR-US: Schneider +CVE-2023-39322 (QUIC connections do not set an upper bound on the amount of data buffe ...) + - golang-1.21 1.21.1-1 + NOTE: https://go.dev/issue/62266 + NOTE: https://github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1) + NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM +CVE-2023-39321 (Processing an incomplete post-handshake message for a QUIC connection ...) + - golang-1.21 1.21.1-1 + NOTE: https://go.dev/issue/62266 + NOTE: https://github.com/golang/go/commit/91a4e74b98179f63a27dbff1ad68ddd0ed64363a (go1.21.1) + NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM +CVE-2023-39320 (The go.mod toolchain directive, introduced in Go 1.21, can be leverage ...) + - golang-1.21 1.21.1-1 + NOTE: https://go.dev/issue/62198 + NOTE: https://github.com/golang/go/commit/d25a935574efd573668d8ce9ea4cfc530bb63ecb (go1.21.1) + NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM +CVE-2023-39319 (The html/template package does not apply the proper rules for handling ...) + - golang-1.21 1.21.1-1 + - golang-1.20 1.20.8-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/62197 + NOTE: https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1) + NOTE: https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8) + NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM +CVE-2023-39318 (The html/template package does not properly handle HTML-like "" commen ...) + - golang-1.21 1.21.1-1 + - golang-1.20 1.20.8-1 + - golang-1.19 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/62196 + NOTE: https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1) + NOTE: https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8) + NOTE: https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM +CVE-2023-29409 (Extremely large RSA keys in certificate chains can cause a client/serv ...) + - golang-1.20 1.20.7-1 + - golang-1.19 1.19.12-1 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI +CVE-2023-29408 (The TIFF decoder does not place a limit on the size of compressed tile ...) + - golang-golang-x-image 0.11.0-1 (bug #1043159) + [bookworm] - golang-golang-x-image (Minor issue) + [bullseye] - golang-golang-x-image (Minor issue) + [buster] - golang-golang-x-image (Limited support, minor issue, DoS) + NOTE: https://go.dev/issue/61582 + NOTE: https://go.dev/cl/514897 + NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) +CVE-2023-29407 (A maliciously-crafted image can cause excessive CPU consumption in dec ...) + - golang-golang-x-image 0.11.0-1 (bug #1043159) + [bookworm] - golang-golang-x-image (Minor issue) + [bullseye] - golang-golang-x-image (Minor issue) + [buster] - golang-golang-x-image (Limited support, minor issue, DoS) + NOTE: https://go.dev/issue/61581 + NOTE: https://go.dev/cl/514897 + NOTE: https://github.com/golang/image/commit/cb227cd2c919b27c6206fe0c1041a8bcc677949d (v0.10.0) +CVE-2023-29406 (The HTTP/1 client does not fully validate the contents of the Host hea ...) + - golang-1.20 1.20.6-1 + - golang-1.19 1.19.11-1 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 + NOTE: https://github.com/golang/go/issues/60374 + NOTE: https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6) + NOTE: https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11) +CVE-2023-29405 (The go command may execute arbitrary code at build time when using cgo ...) + - golang-1.20 1.20.5-1 + [experimental] - golang-1.19 1.19.10-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 + NOTE: https://github.com/golang/go/issues/60306 + NOTE: https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4 (go1.20.5) + NOTE: https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637 (go1.20.5) + NOTE: https://github.com/golang/go/commit/44e0fb13e783a44463e95926a674fd580daa3a55 (go1.19.10) + NOTE: https://github.com/golang/go/commit/3ba9c890b86dc8c3a54c98d32497b7a8012704f9 (go1.19.10) +CVE-2023-29404 (The go command may execute arbitrary code at build time when using cgo ...) + - golang-1.20 1.20.5-1 + [experimental] - golang-1.19 1.19.10-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 + NOTE: https://github.com/golang/go/issues/60305 + NOTE: https://github.com/golang/go/commit/356a419e2f811b65d227abcea1a346f8dcb154e0 (go1.20.5) + NOTE: https://github.com/golang/go/commit/bf3c8ce03e175e870763901a3850bca01381a828 (go1.19.10) +CVE-2023-29403 (On Unix platforms, the Go runtime does not behave differently when a b ...) + - golang-1.20 1.20.5-1 + [experimental] - golang-1.19 1.19.10-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 + NOTE: https://github.com/golang/go/issues/60272 + NOTE: https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5) + NOTE: https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10) +CVE-2023-29402 (The go command may generate unexpected code at build time when using c ...) + - golang-1.20 1.20.5-1 + [experimental] - golang-1.19 1.19.10-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/q5135a9d924 + NOTE: https://github.com/golang/go/issues/60167 + NOTE: https://github.com/golang/go/commit/c0ed873cd8259f16d0da67eee783fda49f45ef61 (go1.20.5) + NOTE: https://github.com/golang/go/commit/c160b49b6d328c86bd76ca2fff9009a71347333f (go.1.19.10) +CVE-2023-29401 (The filename parameter of the Context.FileAttachment function is not p ...) + - golang-github-gin-gonic-gin (bug #1037530) + [bookworm] - golang-github-gin-gonic-gin (Minor issue) + [bullseye] - golang-github-gin-gonic-gin (Minor issue) + [buster] - golang-github-gin-gonic-gin (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/gin-gonic/gin/issues/3555 + NOTE: https://github.com/gin-gonic/gin/commit/2d4bbec941551479b1fdf1e54ece03e6e82a7e72 (v1.9.1) +CVE-2023-29400 (Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...) + - golang-1.20 1.20.4-1 + [experimental] - golang-1.19 1.19.9-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + [bullseye] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU + NOTE: https://github.com/golang/go/issues/59722 + NOTE: https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9) + NOTE: https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4) +CVE-2023-1904 (In affected versions of Octopus Server it is possible for the OpenID c ...) + NOT-FOR-US: Octopus Server +CVE-2023-1903 (SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform ...) + NOT-FOR-US: SAP +CVE-2023-1902 (The bluetooth HCI host layer logic not clearing a global reference to ...) + NOT-FOR-US: Zephyr +CVE-2023-1901 (The bluetooth HCI host layer logic not clearing a global reference to ...) + NOT-FOR-US: Zephyr +CVE-2023-1900 (A vulnerability within the Avira network protection feature allowed an ...) + NOT-FOR-US: Norton +CVE-2023-1899 (Atlas Copco Power Focus 6000 web server is not a secure connection by ...) + NOT-FOR-US: Atlas Copco Power Focus 6000 web server +CVE-2023-1898 (Atlas Copco Power Focus 6000 web server uses a small amount of session ...) + NOT-FOR-US: Atlas Copco Power Focus 6000 web server +CVE-2023-1897 (Atlas Copco Power Focus 6000 web server does not sanitize the login in ...) + NOT-FOR-US: Atlas Copco Power Focus 6000 web server +CVE-2023-1896 + RESERVED +CVE-2023-1895 (The Getwid \u2013 Gutenberg Blocks plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1894 (A Regular Expression Denial of Service (ReDoS) issue was discovered in ...) + - puppet (Limit to Puppet Server 7) + - puppetserver 7.9.5-2 (bug #1035541) + NOTE: https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos + NOTE: https://github.com/puppetlabs/puppetserver/pull/2700 + NOTE: https://github.com/puppetlabs/puppetserver/commit/545998b71baf70e35dc60c287f2cb2fc11ef9be2 (7.11.0) + NOTE: https://github.com/puppetlabs/puppetserver/commit/9e0239c19bc852b98c1a63fb33998de7eae388dc (7.11.0) +CVE-2023-29399 + RESERVED +CVE-2023-29398 + RESERVED +CVE-2023-29397 + RESERVED +CVE-2023-29396 + RESERVED +CVE-2023-29395 + RESERVED +CVE-2023-29394 + RESERVED +CVE-2023-29393 + RESERVED +CVE-2023-29392 + RESERVED +CVE-2023-29391 + RESERVED +CVE-2023-29390 + RESERVED +CVE-2023-29389 (Toyota RAV4 2021 vehicles automatically trust messages from other ECUs ...) + NOT-FOR-US: Toyota +CVE-2023-29388 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29387 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29386 + RESERVED +CVE-2023-29385 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Ad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29384 + RESERVED +CVE-2023-1893 (The Login Configurator WordPress plugin through 2.1 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1892 (Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/si ...) + - ruby-sidekiq (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/e35e5653-c429-4fb8-94a3-cbc123ae4777 + NOTE: Introduced by: https://github.com/sidekiq/sidekiq/commit/f68560742bcfd2e30b87c1bc2b65d834a1a05c73 (v7.0.4) + NOTE: Fixed by: https://github.com/sidekiq/sidekiq/commit/458fdf74176a9881478c48dc5cf0269107b22214 (v7.0.8) +CVE-2023-1891 (The Accordion & FAQ WordPress plugin before 1.9.9 does not escape vari ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1890 (The Tablesome WordPress plugin before 1.0.9 does not escape various ge ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1889 (The Directorist plugin for WordPress is vulnerable to an Insecure Dire ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1888 (The Directorist plugin for WordPress is vulnerable to an arbitrary use ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1887 (Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1886 (Authentication Bypass by Capture-replay in GitHub repository thorsten/ ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1885 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1884 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1883 (Improper Access Control in GitHub repository thorsten/phpmyfaq prior t ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1882 (Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfa ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1881 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2023-1880 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1879 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1878 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1877 (Command Injection in GitHub repository microweber/microweber prior to ...) + NOT-FOR-US: microweber +CVE-2023-1876 + REJECTED +CVE-2023-1875 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1874 (The WP Data Access plugin for WordPress is vulnerable to privilege esc ...) + NOT-FOR-US: WP Data Access plugin for WordPress +CVE-2023-1873 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Faturamatik Bircard +CVE-2023-1872 (A use-after-free vulnerability in the Linux Kernel io_uring system can ...) + {DLA-3404-1} + - linux 5.17.3-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=08681391b84da27133deefaaddefd0acfa90c2be + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=da24142b1ef9fd5d36b76e36bab328a5b27523e8 +CVE-2023-1871 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1870 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1869 (The YourChannel plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1868 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1867 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1866 (The YourChannel plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1865 (The YourChannel plugin for WordPress is vulnerable to unauthorized los ...) + NOT-FOR-US: YourChannel plugin for WordPress +CVE-2023-1864 (FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable ...) + NOT-FOR-US: FANUC +CVE-2023-1863 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Eskom Computer Water Metering Software +CVE-2023-1862 (Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a mal ...) + NOT-FOR-US: Cloudflare WARP client for Windows +CVE-2023-1861 (The Limit Login Attempts WordPress plugin through 1.7.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4941 (The WCFM Membership plugin for WordPress is vulnerable to Cross-Site R ...) + NOT-FOR-US: WCFM Membership plugin for WordPress +CVE-2022-4940 (The WCFM Membership plugin for WordPress is vulnerable to unauthorized ...) + NOT-FOR-US: WCFM Membership plugin for WordPress +CVE-2022-4939 (THe WCFM Membership plugin for WordPress is vulnerable to privilege es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4938 (The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: WCFM Frontend Manager plugin for WordPress +CVE-2022-4937 (The WCFM Frontend Manager plugin for WordPress is vulnerable to unauth ...) + NOT-FOR-US: WCFM Frontend Manager plugin for WordPress +CVE-2022-4936 (The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: WCFM Marketplace plugin for WordPress +CVE-2022-4935 (The WCFM Marketplace plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WCFM Marketplace plugin for WordPress +CVE-2021-4335 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4334 (The Fancy Product Designer plugin for WordPress is vulnerable to unaut ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125094 (A vulnerability classified as problematic was found in phpMiniAdmin up ...) + NOT-FOR-US: phpMiniAdmin +CVE-2023-29383 (In Shadow 4.13, it is possible to inject control characters into field ...) + - shadow 1:4.13+dfsg1-2 (bug #1034482) + [bookworm] - shadow (Minor issue) + [bullseye] - shadow (Minor issue) + [buster] - shadow (Minor issue) + NOTE: https://github.com/shadow-maint/shadow/pull/687 + NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d (4.14.0-rc1) + NOTE: https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 + NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ +CVE-2023-29382 (An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an atta ...) + NOT-FOR-US: Zimbra +CVE-2023-29381 (An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a rem ...) + NOT-FOR-US: Zimbra +CVE-2023-29380 (Warpinator before 1.6.0 allows remote file deletion via directory trav ...) + NOT-FOR-US: Warpinator +CVE-2023-29379 + RESERVED +CVE-2023-29378 + RESERVED +CVE-2023-29377 + RESERVED +CVE-2023-29376 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) + NOT-FOR-US: Progress Sitefinity +CVE-2023-29375 (An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, ...) + NOT-FOR-US: Progress Sitefinity +CVE-2023-29374 (In LangChain through 0.0.131, the LLMMathChain chain allows prompt inj ...) + NOT-FOR-US: LangChain +CVE-2023-29373 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29372 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-29371 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29370 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29369 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29368 (Windows Filtering Platform Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29367 (iSCSI Target WMI Provider Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29366 (Windows Geolocation Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29365 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29364 (Windows Authentication Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29363 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-29362 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29361 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-29360 (Microsoft Streaming Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29359 (GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29358 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29357 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29356 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-29355 (DHCP Server Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29354 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29353 (Sysinternals Process Monitor for Windows Denial of Service Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-29352 (Windows Remote Desktop Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29351 (Windows Group Policy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29350 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29349 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29348 (Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vul ...) + NOT-FOR-US: Microsoft +CVE-2023-29347 (Windows Admin Center Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29346 (NTFS Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29345 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29344 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29343 (SysInternals Sysmon for Windows Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29342 + RESERVED +CVE-2023-29341 (AV1 Video Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29340 (AV1 Video Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29339 + RESERVED +CVE-2023-29338 (Visual Studio Code Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29337 (NuGet Client Remote Code Execution Vulnerability) + - nuget (bug #1050835) + [bookworm] - nuget (Minor issue) + [bullseye] - nuget (Minor issue) + [buster] - nuget (Can wait for next update) + NOTE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337 +CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29335 (Microsoft Word Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29334 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29333 (Microsoft Access Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29332 (Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-29331 (.NET, .NET Framework, and Visual Studio Denial of Service Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-29330 (Microsoft Teams Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29329 + RESERVED +CVE-2023-29328 (Microsoft Teams Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29327 + RESERVED +CVE-2023-29326 (.NET Framework Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29325 (Windows OLE Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29324 (Windows MSHTML Platform Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-29323 (ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 ...) + - opensmtpd 7.3.0p1-1 (bug #1034178) + [bookworm] - opensmtpd (Minor issue) + [bullseye] - opensmtpd (Minor issue) + [buster] - opensmtpd (Minor issue) + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/7.1/common/024_smtpd.patch.sig +CVE-2023-29322 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-29321 (Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-29320 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-29319 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29318 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29317 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29316 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29315 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29314 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29313 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29312 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29311 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29310 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29309 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29308 (Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2023-29307 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-29306 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...) + NOT-FOR-US: Adobe +CVE-2023-29305 (Adobe Connect versions 12.3 and earlier are affected by a reflected Cr ...) + NOT-FOR-US: Adobe +CVE-2023-29304 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-29303 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-29302 (Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-29301 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-29300 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-29299 (Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-29298 (Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-29297 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29296 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29295 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29294 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29293 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29292 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29291 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29290 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29289 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29288 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29287 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-29286 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29285 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29284 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29283 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29282 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29281 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29280 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29279 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29278 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29277 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29276 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29275 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29274 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-29273 (Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2023-1860 (A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has b ...) + NOT-FOR-US: Keysight IXIA Hawkeye +CVE-2023-1859 (A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/tr ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/ +CVE-2023-1858 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App +CVE-2023-1857 (A vulnerability was found in SourceCodester Online Computer and Laptop ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1856 (A vulnerability has been found in SourceCodester Air Cargo Management ...) + NOT-FOR-US: SourceCodester Air Cargo Management System +CVE-2023-1855 (A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-2 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/cb090e64cf25602b9adaf32d5dfc9c8bec493cd1 (6.3-rc3) +CVE-2023-1854 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1853 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1852 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1851 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1850 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1849 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1848 (A vulnerability was found in SourceCodester Online Payroll System 1.0. ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1847 (A vulnerability was found in SourceCodester Online Payroll System 1.0 ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1846 (A vulnerability has been found in SourceCodester Online Payroll System ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1845 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Payroll System +CVE-2023-1844 (The Subscribe2 plugin for WordPress is vulnerable to unauthorized acce ...) + NOT-FOR-US: Subscribe2 plugin for WordPress +CVE-2023-1843 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1842 + REJECTED +CVE-2023-1841 + RESERVED +CVE-2023-29272 + RESERVED +CVE-2023-29271 + RESERVED +CVE-2023-29270 + RESERVED +CVE-2023-29269 + RESERVED +CVE-2023-29268 (The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Sta ...) + NOT-FOR-US: TIBCO +CVE-2023-29267 + RESERVED +CVE-2023-29266 + RESERVED +CVE-2023-29265 + RESERVED +CVE-2023-29264 + RESERVED +CVE-2023-29263 + RESERVED +CVE-2023-29262 + RESERVED +CVE-2023-29261 (IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user wit ...) + NOT-FOR-US: IBM +CVE-2023-29260 (IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side ...) + NOT-FOR-US: IBM +CVE-2023-29259 (IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-29258 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2023-29257 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-29256 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-29255 (IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-29254 + RESERVED +CVE-2023-29253 + RESERVED +CVE-2023-29252 + RESERVED +CVE-2023-29251 + RESERVED +CVE-2023-29250 + RESERVED +CVE-2023-29249 + RESERVED +CVE-2023-29248 + RESERVED +CVE-2023-29247 (Task instance details page in the UI is vulnerable to a stored XSS.Thi ...) + - airflow (bug #819700) +CVE-2023-29246 (An attacker who has gained access to an admin account can perform RCE ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2023-29239 + RESERVED +CVE-2023-29238 (Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29237 + RESERVED +CVE-2023-29236 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...) + NOT-FOR-US: WordPress theme +CVE-2023-29235 (Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Sw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29234 (A deserialization vulnerability existed when decode amalicious package ...) + NOT-FOR-US: Apache Dubbo +CVE-2023-23581 (A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHe ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-1840 (The Sp*tify Play Button for WordPress plugin for WordPress is vulnerab ...) + NOT-FOR-US: Sp*tify Play Button for WordPress plugin for WordPress +CVE-2023-1839 (The Product Addons & Fields for WooCommerce WordPress plugin before 32 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1838 (A use-after-free flaw was found in vhost_net_set_backend in drivers/vh ...) + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/fb4554c2232e44d595920f4d5c66cf8f7d13f9bc (5.18) +CVE-2023-1837 (Missing Authentication for critical function vulnerability in HYPR Ser ...) + NOT-FOR-US: HYPR +CVE-2023-1836 (A cross-site scripting issue has been discovered in GitLab affecting a ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1835 (The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1834 (Rockwell Automation was made aware that Kinetix 5500 drives, manufactu ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-1833 (Authentication Bypass by Primary Weakness vulnerability in DTS Electro ...) + NOT-FOR-US: DTS Electronics Redline Router firmware +CVE-2023-1832 (An improper access control flaw was found in Candlepin. An attacker ca ...) + NOT-FOR-US: Red Hat Satellite / Candlepin +CVE-2023-1831 (Mattermost fails to redact from audit logsthe user password during use ...) + - mattermost-server (bug #823556) +CVE-2023-1830 + RESERVED +CVE-2023-1829 (A use-after-free vulnerability in the Linux Kernel traffic control ind ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-898/ + NOTE: https://git.kernel.org/linus/8c710f75256bb3cf05ac7b1672c82b92c43f3d28 (6.3-rc1) +CVE-2023-1828 + RESERVED +CVE-2023-1827 (A vulnerability has been found in SourceCodester Centralized Covid Vac ...) + NOT-FOR-US: SourceCodester Centralized Covid Vaccination Records System +CVE-2023-1826 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Computer and Laptop Store +CVE-2023-1825 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-48435 (In JetBrains PhpStorm before 2023.1 source code could be logged in the ...) + NOT-FOR-US: JetBrains PhpStorm +CVE-2023-29233 + RESERVED +CVE-2023-29232 + RESERVED +CVE-2023-29231 + RESERVED +CVE-2023-29230 + RESERVED +CVE-2023-29229 + RESERVED +CVE-2023-29228 + RESERVED +CVE-2023-29227 + RESERVED +CVE-2023-29226 + RESERVED +CVE-2023-29225 + RESERVED +CVE-2023-29224 + RESERVED +CVE-2023-29223 + RESERVED +CVE-2023-29222 + RESERVED +CVE-2023-29221 + RESERVED +CVE-2023-29220 + RESERVED +CVE-2023-29219 + RESERVED +CVE-2023-29218 (The Twitter Recommendation Algorithm through ec83d01 allows attackers ...) + NOT-FOR-US: Twitter Recommendation Algorithm +CVE-2023-29217 + RESERVED +CVE-2023-29169 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) + NOT-FOR-US: mySCADA myPRO +CVE-2023-29150 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) + NOT-FOR-US: mySCADA myPRO +CVE-2023-28716 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) + NOT-FOR-US: mySCADA myPRO +CVE-2023-28400 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) + NOT-FOR-US: mySCADA myPRO +CVE-2023-28384 (mySCADA myPRO versions 8.26.0 and prior has parameters which an authen ...) + NOT-FOR-US: mySCADA myPRO +CVE-2023-1824 + RESERVED +CVE-2023-1823 (Inappropriate implementation in FedCM in Google Chrome prior to 112.0. ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1822 (Incorrect security UI in Navigation in Google Chrome prior to 112.0.56 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1821 (Inappropriate implementation in WebShare in Google Chrome prior to 112 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1820 (Heap buffer overflow in Browser History in Google Chrome prior to 112. ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1819 (Out of bounds read in Accessibility in Google Chrome prior to 112.0.56 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1818 (Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allow ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1817 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1816 (Incorrect security UI in Picture In Picture in Google Chrome prior to ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1815 (Use after free in Networking APIs in Google Chrome prior to 112.0.5615 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1814 (Insufficient validation of untrusted input in Safe Browsing in Google ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1813 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1812 (Out of bounds memory access in DOM Bindings in Google Chrome prior to ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1811 (Use after free in Frames in Google Chrome prior to 112.0.5615.49 allow ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1810 (Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.4 ...) + {DSA-5386-1} + - chromium 112.0.5615.49-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1809 (The Download Manager WordPress plugin before 6.3.0 leaks master key in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1808 + RESERVED +CVE-2023-29216 (In Apache Linkis <=1.3.1, because the parameters are not effectively f ...) + NOT-FOR-US: Apache Linkis +CVE-2023-29215 (In Apache Linkis <=1.3.1, due to the lack of effective filtering of pa ...) + NOT-FOR-US: Apache Linkis +CVE-2023-29214 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29213 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-29212 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29211 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29210 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29209 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29208 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29207 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29206 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29205 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29204 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29203 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29202 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29201 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-29200 (Contao is an open source content management system. Prior to versions ...) + NOT-FOR-US: Contao +CVE-2023-29199 (There exists a vulnerability in source code transformer (exception san ...) + NOT-FOR-US: Node vm2 +CVE-2023-29198 (Electron is a framework which lets you write cross-platform desktop ap ...) + - electron (bug #842420) +CVE-2023-29197 (guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. ...) + - php-guzzlehttp-psr7 2.4.5-1 (bug #1034581) + [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u2 + [buster] - php-guzzlehttp-psr7 (Minor issue) + - php-nyholm-psr7 1.5.1-2 (bug #1034597) + [bullseye] - php-nyholm-psr7 1.3.2-2+deb11u1 + NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-wxmh-65f7-jcvw + NOTE: https://github.com/guzzle/psr7/commit/0454e12ef0cd597ccd2adb036f7bda4e7fface66 (2.4.5) + NOTE: https://github.com/Nyholm/psr7/security/advisories/GHSA-wjfc-pgfp-pv9c + NOTE: https://github.com/Nyholm/psr7/commit/1029a2671cbdd3e075a21952082c2be7c8018426 (1.6.1) +CVE-2023-29196 (Discourse is an open source platform for community discussion. This vu ...) + NOT-FOR-US: Discourse +CVE-2023-29195 (Vitess is a database clustering system for horizontal scaling of MySQL ...) + NOT-FOR-US: Vitess +CVE-2023-29194 (Vitess is a database clustering system for horizontal scaling of MySQL ...) + NOT-FOR-US: Vitess +CVE-2023-29193 (SpiceDB is an open source, Google Zanzibar-inspired, database system f ...) + NOT-FOR-US: Go SpiceDB +CVE-2023-29192 (SilverwareGames.io versions before 1.2.19 allow users with access to t ...) + NOT-FOR-US: SilverwareGames.io +CVE-2023-29191 + RESERVED +CVE-2023-29190 + RESERVED +CVE-2023-29189 (SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, ...) + NOT-FOR-US: SAP +CVE-2023-29188 (SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4 ...) + NOT-FOR-US: SAP +CVE-2023-29187 (A Windows user with basic user authorization can exploit a DLL hijacki ...) + NOT-FOR-US: SAP +CVE-2023-29186 (In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an att ...) + NOT-FOR-US: SAP +CVE-2023-29185 (SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, ...) + NOT-FOR-US: SAP +CVE-2023-29184 + RESERVED +CVE-2023-29183 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: FortiGuard +CVE-2023-29182 (A stack-based buffer overflow vulnerability [CWE-121]in Fortinet Forti ...) + NOT-FOR-US: FortiGuard +CVE-2023-29181 + RESERVED +CVE-2023-29180 + RESERVED +CVE-2023-29179 + RESERVED +CVE-2023-29178 (A access of uninitialized pointer vulnerability [CWE-824] in Fortinet ...) + NOT-FOR-US: Fortinet +CVE-2023-29177 (Multiple buffer copy without checking size of input ('classic buffer o ...) + NOT-FOR-US: FortiGuard +CVE-2023-29176 + RESERVED +CVE-2023-29175 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) + NOT-FOR-US: FortiGuard +CVE-2023-29174 + RESERVED +CVE-2023-29173 + RESERVED +CVE-2023-29172 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29171 (Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Po ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29170 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1807 (The Elementor Addons, Widgets and Enhancements \u2013 Stax plugin for ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1806 (The WP Inventory Manager WordPress plugin before 2.1.0.12 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1805 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1804 (The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1803 (Authentication Bypass by Alternate Name vulnerability in DTS Electroni ...) + NOT-FOR-US: DTS Electronics Redline Router firmware +CVE-2023-1802 (In Docker Desktop 4.17.x the Artifactory Integration falls back to sen ...) + NOT-FOR-US: Docker Desktop +CVE-2023-1801 (The SMB protocol decoder in tcpdump version 4.99.3 can perform an out- ...) + [experimental] - tcpdump 4.99.4-1 + - tcpdump 4.99.4-2 (bug #1034086; unimportant) + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/7578e1c04ee280dda50c4c2813e7d55f539c6501 (master) + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/03c037bbd75588beba3ee09f26d17783d21e30bc (tcpdump-4.99.4) + NOTE: SMB printer not enabled in Debian builds +CVE-2023-1800 (A vulnerability, which was classified as critical, has been found in s ...) + NOT-FOR-US: sjqzhang go-fastdfs +CVE-2023-1799 (A vulnerability, which was classified as problematic, was found in Eyo ...) + NOT-FOR-US: EyouCMS +CVE-2023-1798 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: EyouCMS +CVE-2023-1797 (A vulnerability classified as critical was found in OTCMS 6.0.1. Affec ...) + NOT-FOR-US: OTCMS +CVE-2023-1796 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Employee Payslip Generator +CVE-2023-1795 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...) + NOT-FOR-US: SourceCodester Gadget Works Online Ordering System +CVE-2023-1794 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) + NOT-FOR-US: SourceCodester Police Crime Record Management System +CVE-2023-1793 (A vulnerability was found in SourceCodester Police Crime Record Manage ...) + NOT-FOR-US: SourceCodester Police Crime Record Management System +CVE-2023-1792 (A vulnerability was found in SourceCodester Simple Mobile Comparison W ...) + NOT-FOR-US: SourceCodester Simple Mobile Comparison Website +CVE-2023-1791 (A vulnerability has been found in SourceCodester Simple Task Allocatio ...) + NOT-FOR-US: SourceCodester Simple Task Allocation System +CVE-2023-1790 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Simple Task Allocation System +CVE-2023-28938 (Uncontrolled resource consumption in some Intel(R) SSD Tools software ...) + - mdadm 4.2~rc2-2 (unimportant) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html + NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=7d374a1869d3a84971d027a7f4233878c8f25a62 (mdadm-4.2-rc2) + NOTE: Negligible security impact as the memory leak is after "mdadm --detail" which + NOTE: is one shoot action. +CVE-2023-28736 (Buffer overflow in some Intel(R) SSD Tools software before version mda ...) + - mdadm 4.2-1 + [bullseye] - mdadm (Minor issue) + [buster] - mdadm (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00690.html + NOTE: Fixed by: https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/commit/?id=ced5fa8b170ad448f4076e24a10c731b5cfb36ce (mdadm-4.2) +CVE-2023-28717 + RESERVED +CVE-2023-28711 (Insufficient control flow management in the Hyperscan Library maintain ...) + NOT-FOR-US: Intel +CVE-2023-28405 (Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) ...) + NOT-FOR-US: Intel +CVE-2023-28380 (Uncontrolled search path for the Intel(R) AI Hackathon software before ...) + NOT-FOR-US: Intel +CVE-2023-27883 + RESERVED +CVE-2023-27515 (Cross-site scripting (XSS) for the Intel(R) DSA software before versio ...) + NOT-FOR-US: Intel +CVE-2023-24592 (Path traversal in the some Intel(R) oneAPI Toolkits and Component soft ...) + NOT-FOR-US: Intel +CVE-2023-24591 + RESERVED +CVE-2023-1789 (Improper Input Validation in GitHub repository firefly-iii/firefly-iii ...) + NOT-FOR-US: firefly-iii +CVE-2023-1788 (Insufficient Session Expiration in GitHub repository firefly-iii/firef ...) + NOT-FOR-US: firefly-iii +CVE-2023-1787 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1786 (Sensitive data could be exposed in logs of cloud-init before version 2 ...) + - cloud-init 23.2-1 (bug #1035023) + [bookworm] - cloud-init (Minor issue) + [bullseye] - cloud-init (Minor issue) + [buster] - cloud-init (Minor issue) + NOTE: https://bugs.launchpad.net/cloud-init/+bug/2013967 + NOTE: https://github.com/canonical/cloud-init/commit/a378b7e4f47375458651c0972e7cd813f6fe0a6b (23.2) +CVE-2023-1785 (A vulnerability was found in SourceCodester Earnings and Expense Track ...) + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App +CVE-2023-1784 (A vulnerability was found in jeecg-boot 3.5.0 and classified as critic ...) + NOT-FOR-US: jeecg-boot +CVE-2023-29149 + RESERVED +CVE-2023-29148 + RESERVED +CVE-2023-29147 (In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the det ...) + NOT-FOR-US: Malwarebytes EDR +CVE-2023-29146 + RESERVED +CVE-2023-29145 (The Malwarebytes EDR 1.0.11 for Linux driver doesn't properly ensure w ...) + NOT-FOR-US: Malwarebytes EDR +CVE-2023-29144 + RESERVED +CVE-2023-29143 + RESERVED +CVE-2023-29142 + RESERVED +CVE-2023-29141 (An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1. ...) + {DSA-5447-1 DLA-3540-1} + - mediawiki 1:1.39.4-1 + NOTE: https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39 + NOTE: https://phabricator.wikimedia.org/T285159 +CVE-2023-29140 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2023-29139 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: CheckUser MediaWiki extension +CVE-2023-29138 + RESERVED + NOT-FOR-US: CheckUser MediaWiki extension +CVE-2023-29137 (An issue was discovered in the GrowthExperiments extension for MediaWi ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2023-29136 + RESERVED +CVE-2023-29135 + RESERVED + NOT-FOR-US: CheckUser MediaWiki extension +CVE-2023-29134 + RESERVED + NOT-FOR-US: Cargo MediaWiki extension +CVE-2023-29133 + RESERVED + NOT-FOR-US: Cargo MediaWiki extension +CVE-2023-29132 (Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use ...) + - irssi 1.4.3-2 (bug #1033785) + [bullseye] - irssi (Vulnerable code introduced later) + [buster] - irssi (Vulnerable code introduced later) + NOTE: https://irssi.org/security/irssi_sa_2023_03.txt + NOTE: https://github.com/irssi/irssi/pull/1456 + NOTE: https://github.com/irssi/irssi/commit/c554a45738712219c066897b09a44d99afeb4240 +CVE-2023-29131 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-29130 (A vulnerability has been identified in SIMATIC CN 4100 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-29129 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) + NOT-FOR-US: Siemens +CVE-2023-29128 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29127 + RESERVED +CVE-2023-29126 + RESERVED +CVE-2023-29125 + RESERVED +CVE-2023-29124 + RESERVED +CVE-2023-29123 + RESERVED +CVE-2023-29122 + RESERVED +CVE-2023-29121 + RESERVED +CVE-2023-29120 + RESERVED +CVE-2023-29119 + RESERVED +CVE-2023-29118 + RESERVED +CVE-2023-29117 + RESERVED +CVE-2023-29116 + RESERVED +CVE-2023-29115 + RESERVED +CVE-2023-29114 + RESERVED +CVE-2023-29113 + RESERVED +CVE-2023-29112 (The SAP Application Interface (Message Monitoring) - versions 600, 700 ...) + NOT-FOR-US: SAP +CVE-2023-29111 (The SAP AIF (ODATA service) - versions 755, 756, discloses more detail ...) + NOT-FOR-US: SAP +CVE-2023-29110 (The SAP Application Interface (Message Dashboard) - versions AIF 703, ...) + NOT-FOR-US: SAP +CVE-2023-29109 (The SAP Application Interface Framework (Message Dashboard) - versions ...) + NOT-FOR-US: SAP +CVE-2023-29108 (The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDI ...) + NOT-FOR-US: SAP +CVE-2023-29107 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29106 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29105 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29104 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29103 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-29102 + RESERVED +CVE-2023-29101 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingr ...) + NOT-FOR-US: Muffingroup +CVE-2023-29100 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29099 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress theme +CVE-2023-29098 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistSc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29097 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3r ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-29096 + RESERVED +CVE-2023-29095 (Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSV ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29094 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-29093 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1783 (OrangeScrum version 2.0.11 allows an external attacker to remotely obt ...) + NOT-FOR-US: OrangeScrum +CVE-2023-1782 (HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow ...) + - nomad (Vulnerable code not present; Introduced in 1.5.0) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-13-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375 +CVE-2023-1781 + RESERVED +CVE-2023-1780 (The Companion Sitemap Generator WordPress plugin before 4.5.3 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1779 (Exposure of Sensitive Information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: MB Connect Lines +CVE-2023-1778 (This vulnerability exists in GajShield Data Security Firewall firmware ...) + NOT-FOR-US: GajShield Data Security Firewall firmware +CVE-2023-1777 (Mattermost allows an attacker to request a preview of an existing mess ...) + - mattermost-server (bug #823556) +CVE-2023-1776 (Boards in Mattermost allows an attacker to upload a malicious SVG imag ...) + - mattermost-server (bug #823556) +CVE-2023-1775 (When running in a High Availability configuration, Mattermost fails to ...) + - mattermost-server (bug #823556) +CVE-2023-1774 (When processing an email invite to a private channel on a team, Matter ...) + - mattermost-server (bug #823556) +CVE-2023-1773 (A vulnerability was found in Rockoa 2.3.2. It has been declared as cri ...) + NOT-FOR-US: Rockoa +CVE-2023-1772 (A vulnerability was found in DataGear up to 4.5.1. It has been classif ...) + NOT-FOR-US: DataGear +CVE-2023-1771 (A vulnerability was found in SourceCodester Grade Point Average GPA Ca ...) + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator +CVE-2023-1770 (A vulnerability has been found in SourceCodester Grade Point Average G ...) + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator +CVE-2023-1769 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator +CVE-2023-1768 (Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p ...) + - check-mk +CVE-2023-1767 (The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to ...) + NOT-FOR-US: Snyk Advisor website +CVE-2023-1766 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Akbim Computer Panon +CVE-2023-1765 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Akbim Computer Panon +CVE-2023-29092 (An issue was discovered in Exynos Mobile Processor and Modem for Exyno ...) + NOT-FOR-US: Samsung +CVE-2023-29091 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29090 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29089 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29088 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29087 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29086 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29085 (An issue was discovered in Samsung Exynos Mobile Processor, Automotive ...) + NOT-FOR-US: Samsung +CVE-2023-29084 (Zoho ManageEngine ADManager Plus before 7181 allows for authenticated ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-29083 + RESERVED +CVE-2023-29082 + RESERVED +CVE-2023-29081 + RESERVED +CVE-2023-29080 + RESERVED +CVE-2023-29079 + REJECTED +CVE-2023-29078 + REJECTED +CVE-2023-29077 + RESERVED +CVE-2023-29076 (A maliciously crafted MODEL, SLDASM, SAT or CATPART file when parsed t ...) + NOT-FOR-US: Autodesk +CVE-2023-29075 (A maliciously crafted PRT file when parsed through Autodesk AutoCAD 20 ...) + NOT-FOR-US: Autodesk +CVE-2023-29074 (A maliciously crafted CATPART file when parsed through Autodesk AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-29073 (A maliciously crafted MODEL file when parsed through Autodesk AutoCAD ...) + NOT-FOR-US: Autodesk +CVE-2023-29072 + RESERVED +CVE-2023-29071 + RESERVED +CVE-2023-29070 + RESERVED +CVE-2023-29069 (A maliciously crafted DLL file can be forced to install onto a non-def ...) + NOT-FOR-US: Autodesk +CVE-2023-29068 (A maliciously crafted file consumed through pskernel.dll file could le ...) + NOT-FOR-US: Autodesk +CVE-2023-29067 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-29066 (The FACSChorus software does not properly assign data access privilege ...) + NOT-FOR-US: FACSChorus +CVE-2023-29065 (The FACSChorus software database can be accessed directly with the pri ...) + NOT-FOR-US: FACSChorus +CVE-2023-29064 (The FACSChorus software contains sensitive information stored in plain ...) + NOT-FOR-US: FACSChorus +CVE-2023-29063 (The FACSChorus workstation does not prevent physical access to its PCI ...) + NOT-FOR-US: FACSChorus +CVE-2023-29062 (The Operating System hosting the FACSChorus application is configured ...) + NOT-FOR-US: FACSChorus +CVE-2023-29061 (There is no BIOS password on the FACSChorus workstation. A threat acto ...) + NOT-FOR-US: FACSChorus +CVE-2023-29060 (The FACSChorus workstation operating system does not restrict what dev ...) + NOT-FOR-US: FACSChorus +CVE-2023-1764 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...) + NOT-FOR-US: Canon +CVE-2023-1763 (Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5 ...) + NOT-FOR-US: Canon +CVE-2023-1762 (Improper Privilege Management in GitHub repository thorsten/phpmyfaq p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1761 (Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3 ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1760 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1759 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1758 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1757 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1756 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1755 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1754 (Improper Neutralization of Input During Web Page Generation in GitHub ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1753 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) + NOT-FOR-US: phpmyfaq +CVE-2023-1752 (The listed versions of Nexx Smart Home devices could allow any user to ...) + NOT-FOR-US: Nexx Smart Home devices +CVE-2023-1751 (The listed versions of Nexx Smart Home devices use a WebSocket server ...) + NOT-FOR-US: Nexx Smart Home devices +CVE-2023-1750 (The listed versions of Nexx Smart Home devices lack proper access cont ...) + NOT-FOR-US: Nexx Smart Home devices +CVE-2023-1749 (The listed versions of Nexx Smart Home devices lack proper access cont ...) + NOT-FOR-US: Nexx Smart Home devices +CVE-2023-1748 (The listed versions of Nexx Smart Home devices use hard-coded credenti ...) + NOT-FOR-US: Nexx Smart Home devices +CVE-2023-1747 (A vulnerability has been found in IBOS up to 4.5.4 and classified as c ...) + NOT-FOR-US: IBOS +CVE-2023-1746 (A vulnerability, which was classified as problematic, was found in Dre ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-1745 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: KMPlayer (different from src:kmplayer) +CVE-2023-1744 (A vulnerability classified as critical was found in IBOS 4.5.5. This v ...) + NOT-FOR-US: IBOS +CVE-2023-1743 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Grade Point Average GPA Calculator +CVE-2023-1742 (A vulnerability was found in IBOS 4.5.5. It has been rated as critical ...) + NOT-FOR-US: IBOS +CVE-2023-29059 (3CX DesktopApp through 18.12.416 has embedded malicious code, as explo ...) + NOT-FOR-US: 3CX DesktopApp +CVE-2023-29058 (A valid, authenticated XCC user with read-only permissions can modify ...) + NOT-FOR-US: Lenovo +CVE-2023-29057 (A valid XCC user's local account permissions overrides their active di ...) + NOT-FOR-US: Lenovo +CVE-2023-29056 (A valid LDAP user, under specific conditions, will default to read-onl ...) + NOT-FOR-US: Lenovo +CVE-2023-29055 + RESERVED +CVE-2023-29054 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2023-29053 (A vulnerability has been identified in JT Open (All versions < V11.3.2 ...) + NOT-FOR-US: Siemens +CVE-2023-29052 + RESERVED +CVE-2023-29051 + RESERVED +CVE-2023-29050 + RESERVED +CVE-2023-29049 + RESERVED +CVE-2023-29048 + RESERVED +CVE-2023-29047 (Imageconverter API endpoints provided methods that were not sufficient ...) + NOT-FOR-US: Open-Xchange +CVE-2023-29046 (Connections to external data sources, like e-mail autoconfiguration, w ...) + NOT-FOR-US: Open-Xchange +CVE-2023-29045 (Documents operations, in this case "drawing", could be manipulated to ...) + NOT-FOR-US: Open-Xchange +CVE-2023-29044 (Documents operations could be manipulated to contain invalid data type ...) + NOT-FOR-US: Open-Xchange +CVE-2023-29043 (Presentations may contain references to images, which are user-control ...) + NOT-FOR-US: Open-Xchange +CVE-2023-29042 + REJECTED +CVE-2023-29041 + REJECTED +CVE-2023-29040 + REJECTED +CVE-2023-29039 + REJECTED +CVE-2023-29038 + REJECTED +CVE-2023-29037 + REJECTED +CVE-2023-29036 + REJECTED +CVE-2023-29035 + REJECTED +CVE-2023-29034 + REJECTED +CVE-2023-29033 + REJECTED +CVE-2023-1741 (A vulnerability was found in jeecg-boot 3.5.0. It has been declared as ...) + NOT-FOR-US: jeecg-boot +CVE-2023-1740 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) + NOT-FOR-US: SourceCodester Air Cargo Management System +CVE-2023-1739 (A vulnerability was found in SourceCodester Simple and Beautiful Shopp ...) + NOT-FOR-US: SourceCodester Simple and Beautiful Shopping Cart System +CVE-2023-1738 (A vulnerability has been found in SourceCodester Young Entrepreneur E- ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1737 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1736 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1735 (A vulnerability classified as critical was found in SourceCodester You ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1734 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1733 (A denial of service condition exists in the Prometheus server bundled ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1732 (When sampling randomness for a shared secret, the implementation of Ky ...) + NOT-FOR-US: Cloudflare CIRCL +CVE-2023-1731 (In Meinbergs LTOS versions prior to V7.06.013, the configuration file ...) + NOT-FOR-US: LTOS +CVE-2023-1730 (The SupportCandy WordPress plugin before 3.1.5 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1729 (A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() c ...) + {DSA-5412-1 DLA-3433-1} + - libraw 0.20.2-2.1 (bug #1036281) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2188240 + NOTE: https://github.com/LibRaw/LibRaw/issues/557 + NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93 (master) + NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828 (0.21-stable) +CVE-2023-1728 (Unrestricted Upload of File with Dangerous Type vulnerability in Fernu ...) + NOT-FOR-US: Fernus Informatics LMS +CVE-2023-1727 + RESERVED +CVE-2023-1726 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Proliz OBS +CVE-2023-1725 (Server-Side Request Forgery (SSRF) vulnerability in Infoline Project M ...) + NOT-FOR-US: Infoline Project Management System +CVE-2023-1724 (Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent ...) + NOT-FOR-US: Faveo Helpdesk Enterprise +CVE-2023-1723 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Veragroup Mobile Assistant +CVE-2023-1722 (Yoga Class Registration System version 1.0 allows an administrator to ...) + NOT-FOR-US: Yoga Class Registration System +CVE-2023-1721 (Yoga Class Registration System version 1.0 allows an administrator to ...) + NOT-FOR-US: Yoga Class Registration System +CVE-2023-1720 (Lack of mime type response header in Bitrix24 22.0.300 allows authenti ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1719 (Global variable extraction in bitrix/modules/main/tools.php in Bitrix2 ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1718 (Improper file stream access in /desktop_app/file.ajax.php?action=uploa ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1717 (Prototype pollution in bitrix/templates/bitrix24/components/bitrix/men ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1716 (Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitri ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1715 (A logic error when using mb_strpos() to check for potential XSS payloa ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1714 (Unsafe variable extraction in bitrix/modules/main/classes/general/user ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1713 (Insecure temporary file creation in bitrix/modules/crm/lib/order/impor ...) + NOT-FOR-US: Bitrix24 +CVE-2023-1712 (Use of Hard-coded, Security-relevant Constants in GitHub repository de ...) + NOT-FOR-US: deepset-ai haystack +CVE-2023-1711 (A vulnerability exists in a FOXMAN-UN and UNEM logging component, it o ...) + NOT-FOR-US: Hitachi +CVE-2023-29032 (An attacker that has gained access to certain private information can ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2023-29031 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29030 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29029 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29028 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29027 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29026 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29025 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29024 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29023 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-29022 (A cross site scripting vulnerability was discovered in Rockwell Automa ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-1710 (A sensitive information disclosure vulnerability in GitLab affecting a ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1709 (Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack- ...) + NOT-FOR-US: Siemens +CVE-2023-29021 + RESERVED +CVE-2023-29020 (@fastify/passport is a port of passport authentication library for the ...) + NOT-FOR-US: @fastify/passport +CVE-2023-29019 (@fastify/passport is a port of passport authentication library for the ...) + NOT-FOR-US: @fastify/passport +CVE-2023-29018 (The OpenFeature Operator allows users to expose feature flags to appli ...) + NOT-FOR-US: open-feature-operator +CVE-2023-29017 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) + NOT-FOR-US: Node vm2 +CVE-2023-29016 (The Goobi viewer is a web application that allows digitised material t ...) + NOT-FOR-US: Goobi viewer +CVE-2023-29015 (The Goobi viewer is a web application that allows digitised material t ...) + NOT-FOR-US: Goobi viewer +CVE-2023-29014 (The Goobi viewer is a web application that allows digitised material t ...) + NOT-FOR-US: Goobi viewer +CVE-2023-29013 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...) + - traefik (bug #983289) +CVE-2023-29012 (Git for Windows is the Windows port of Git. Prior to version 2.40.1, a ...) + NOT-FOR-US: Git for Windows +CVE-2023-29011 (Git for Windows, the Windows port of Git, ships with an executable cal ...) + NOT-FOR-US: Git for Windows +CVE-2023-29010 (Budibase is a low code platform for creating internal tools, workflows ...) + NOT-FOR-US: budibase +CVE-2023-29009 (baserCMS is a website development framework with WebAPI that runs on P ...) + NOT-FOR-US: baserCMS +CVE-2023-29008 (The SvelteKit framework offers developers an option to create simple R ...) + NOT-FOR-US: SvelteKit +CVE-2023-29007 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) + - git 1:2.40.1-1 (bug #1034835) + [bookworm] - git (Minor issue) + [bullseye] - git (Minor issue) + [buster] - git (Minor issue) + NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 (v2.30.9) + NOTE: https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a (v2.30.9) + NOTE: https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d (v2.30.9) + NOTE: https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a (v2.30.9) +CVE-2023-29006 (The Order GLPI plugin allows users to manage order management within G ...) + NOT-FOR-US: GLPI plugin +CVE-2023-29005 (Flask-AppBuilder versions before 4.3.0 lack rate limiting which can al ...) + - flask-appbuilder (bug #1055181) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-9hcr-9hcv-x6pv +CVE-2023-29004 (hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache ...) + NOT-FOR-US: hap-wi/roxy-wi +CVE-2023-29003 (SvelteKit is a web development framework. The SvelteKit framework offe ...) + NOT-FOR-US: SvelteKit +CVE-2023-29002 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-29001 + RESERVED +CVE-2023-29000 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop 3.7.0-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/desktop/pull/4949 + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534 + NOTE: https://hackerone.com/reports/1679267 +CVE-2023-28999 (Nextcloud is an open-source productivity platform. In Nextcloud Deskto ...) + - nextcloud-desktop 3.9.0-1 (bug #1034184) + [bookworm] - nextcloud-desktop (Minor issue) + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8 + NOTE: https://github.com/nextcloud/desktop/pull/5560 +CVE-2023-28998 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop 3.7.0-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/desktop/pull/5323 + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr +CVE-2023-28997 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop 3.7.0-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/desktop/pull/5324 + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc +CVE-2023-28996 + RESERVED +CVE-2023-28995 (Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Confi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28994 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-theme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28993 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28992 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28991 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28990 + RESERVED +CVE-2023-28989 (Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28988 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28987 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28986 (Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28985 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28984 (A Use After Free vulnerability in the Layer 2 Address Learning Manager ...) + NOT-FOR-US: Juniper +CVE-2023-28983 (An OS Command Injection vulnerability in gRPC Network Operations Inter ...) + NOT-FOR-US: Juniper +CVE-2023-28982 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-28981 (An Improper Input Validation vulnerability in the kernel of Juniper Ne ...) + NOT-FOR-US: Juniper +CVE-2023-28980 (A Use After Free vulnerability in the routing protocol daemon of Junip ...) + NOT-FOR-US: Juniper +CVE-2023-28979 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28978 (An Insecure Default Initialization of Resource vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2023-28977 + RESERVED +CVE-2023-28976 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28975 (An Unexpected Status Code or Return Value vulnerability in the kernel ...) + NOT-FOR-US: Juniper +CVE-2023-28974 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28973 (An Improper Authorization vulnerability in the 'sysmanctl' shell comma ...) + NOT-FOR-US: Juniper +CVE-2023-28972 (An Improper Link Resolution Before File Access vulnerability in consol ...) + NOT-FOR-US: Juniper +CVE-2023-28971 (An Improper Restriction of Communication Channel to Intended Endpoints ...) + NOT-FOR-US: Juniper +CVE-2023-28970 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28969 + RESERVED +CVE-2023-28968 (An Improperly Controlled Sequential Memory Allocation vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-28967 (A Use of Uninitialized Resource vulnerability in the Border Gateway Pr ...) + NOT-FOR-US: Juniper +CVE-2023-28966 (An Incorrect Default Permissions vulnerability in Juniper Networks Jun ...) + NOT-FOR-US: Juniper +CVE-2023-28965 (An Improper Check or Handling of Exceptional Conditions within the sto ...) + NOT-FOR-US: Juniper +CVE-2023-28964 (An Improper Handling of Length Parameter Inconsistency vulnerability i ...) + NOT-FOR-US: Juniper +CVE-2023-28963 (An Improper Authentication vulnerability in cert-mgmt.php, used by the ...) + NOT-FOR-US: Juniper +CVE-2023-28962 (An Improper Authentication vulnerability in upload-file.php, used by t ...) + NOT-FOR-US: Juniper +CVE-2023-28961 (An Improper Handling of Unexpected Data Type vulnerability in IPv6 fir ...) + NOT-FOR-US: Juniper +CVE-2023-28960 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-28959 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-1708 (An issue was identified in GitLab CE/EE affecting all versions from 1. ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1707 (Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are po ...) + NOT-FOR-US: HP +CVE-2023-1706 + REJECTED +CVE-2023-1705 + RESERVED +CVE-2023-1704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1703 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) + NOT-FOR-US: pimcore +CVE-2023-1702 (Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimc ...) + NOT-FOR-US: pimcore +CVE-2023-1701 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-1700 + RESERVED +CVE-2023-1699 (Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsin ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2023-1698 (In multiple products of WAGO a vulnerability allows an unauthenticated ...) + NOT-FOR-US: WAGO +CVE-2023-1697 (An Improper Handling of Missing Values vulnerability in the Packet For ...) + NOT-FOR-US: Juniper +CVE-2023-1696 (The multimedia video module has a vulnerability in data processing.Suc ...) + NOT-FOR-US: Huawei +CVE-2023-1695 (Vulnerability of failures to capture exceptions in the communication f ...) + NOT-FOR-US: Huawei +CVE-2023-1694 (The Settings module has the file privilege escalation vulnerability.Su ...) + NOT-FOR-US: Huawei +CVE-2023-1693 (The Settings module has the file privilege escalation vulnerability.Su ...) + NOT-FOR-US: Huawei +CVE-2023-1692 (The window management module lacks permission verification.Successful ...) + NOT-FOR-US: Huawei +CVE-2023-1691 (Vulnerability of failures to capture exceptions in the communication f ...) + NOT-FOR-US: Huawei +CVE-2022-48434 (libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and ...) + - ffmpeg 7:5.1.2-1 + [bullseye] - ffmpeg (Wait until it lands in 4.3.x) + [buster] - ffmpeg (Wait until the backport to 4.x) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cc867f2c09d2b69cee8a0eccd62aff002cbbfe11 (n6.1-dev) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/35aa7e70e7ec350319e7634a30d8d8aa1e6ecdda (n5.1.2) +CVE-2022-48433 (In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak thro ...) + - intellij-idea (bug #747616) +CVE-2022-48432 (In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromi ...) + - intellij-idea (bug #747616) +CVE-2022-48431 (In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Mav ...) + - intellij-idea (bug #747616) +CVE-2022-48430 (In JetBrains IntelliJ IDEA before 2023.1 file content could be disclos ...) + - intellij-idea (bug #747616) +CVE-2021-46879 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong var ...) + NOT-FOR-US: Treasure Data Fluent Bit +CVE-2021-46878 (An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous p ...) + NOT-FOR-US: Treasure Data Fluent Bit +CVE-2023-28958 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially ...) + NOT-FOR-US: IBM +CVE-2023-28957 + RESERVED +CVE-2023-28956 (IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 ma ...) + NOT-FOR-US: IBM +CVE-2023-28955 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an ...) + NOT-FOR-US: IBM +CVE-2023-28954 + RESERVED +CVE-2023-28953 (IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2023-28952 + RESERVED +CVE-2023-28951 + RESERVED +CVE-2023-28950 (IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user infor ...) + NOT-FOR-US: IBM +CVE-2023-28949 + RESERVED +CVE-2023-28948 + RESERVED +CVE-2023-28947 + RESERVED +CVE-2023-28946 + RESERVED +CVE-2023-28945 + RESERVED +CVE-2023-28944 + RESERVED +CVE-2023-28943 + RESERVED +CVE-2023-28942 + RESERVED +CVE-2023-28941 + RESERVED +CVE-2023-28940 + RESERVED +CVE-2023-28939 + RESERVED +CVE-2023-28739 + RESERVED +CVE-2023-28738 + RESERVED +CVE-2023-28721 + RESERVED +CVE-2023-28658 (Insecure inherited permissions in some Intel(R) oneMKL software before ...) + NOT-FOR-US: Intel +CVE-2023-27517 + RESERVED +CVE-2023-26589 (Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tool ...) + NOT-FOR-US: Intel +CVE-2023-25949 (Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmw ...) + NOT-FOR-US: Intel +CVE-2023-25945 + RESERVED +CVE-2023-25778 + RESERVED +CVE-2023-22305 (Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator To ...) + NOT-FOR-US: Intel +CVE-2023-1690 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App +CVE-2023-1689 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App +CVE-2023-1688 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Earnings and Expense Tracker App +CVE-2023-1687 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Simple Task Allocation System +CVE-2023-1686 (A vulnerability was found in SourceCodester Young Entrepreneur E-Negos ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2023-1685 (A vulnerability was found in HadSky up to 7.11.8. It has been declared ...) + NOT-FOR-US: HadSky +CVE-2023-1684 (A vulnerability was found in HadSky 7.7.16. It has been classified as ...) + NOT-FOR-US: HadSky +CVE-2023-1683 (A vulnerability was found in Xunrui CMS 4.61 and classified as problem ...) + NOT-FOR-US: Xunrui CMS +CVE-2023-1682 (A vulnerability has been found in Xunrui CMS 4.61 and classified as pr ...) + NOT-FOR-US: Xunrui CMS +CVE-2023-1681 (A vulnerability, which was classified as problematic, was found in Xun ...) + NOT-FOR-US: Xunrui CMS +CVE-2023-1680 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Xunrui CMS +CVE-2023-1679 (A vulnerability classified as critical was found in DriverGenius 9.70. ...) + NOT-FOR-US: DriverGenius +CVE-2023-1678 (A vulnerability classified as critical has been found in DriverGenius ...) + NOT-FOR-US: DriverGenius +CVE-2023-1677 (A vulnerability was found in DriverGenius 9.70.0.346. It has been rate ...) + NOT-FOR-US: DriverGenius +CVE-2023-1676 (A vulnerability was found in DriverGenius 9.70.0.346. It has been decl ...) + NOT-FOR-US: DriverGenius +CVE-2023-1675 (A vulnerability was found in SourceCodester School Registration and Fe ...) + NOT-FOR-US: SourceCodester School Registration and Fee System +CVE-2023-1674 (A vulnerability was found in SourceCodester School Registration and Fe ...) + NOT-FOR-US: SourceCodester School Registration and Fee System +CVE-2023-1673 + RESERVED +CVE-2023-28936 (Attacker can access arbitrary recording/room Vendor: The Apache Softw ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2023-28935 (** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Ele ...) + NOT-FOR-US: Apache UIMA UICC +CVE-2023-28744 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2023-1672 (A race condition exists in the Tang server functionality for key gener ...) + {DLA-3648-1} + - tang 14-1 (bug #1038119) + [bookworm] - tang 11-2+deb12u1 + [bullseye] - tang 8-3+deb11u2 + NOTE: Fixed by: https://github.com/latchset/tang/commit/8dbbed10870378f1b2c3cf3df2ea7edca7617096 + NOTE: https://census-labs.com/news/2023/06/15/race-tang/ +CVE-2023-1671 (A pre-auth command injection vulnerability in the warn-proceed handler ...) + NOT-FOR-US: Sophos +CVE-2023-1670 (A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-car ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-2 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/e8d20c3ded59a092532513c9bd030d1ea66f5f44 +CVE-2023-1669 (The SEOPress WordPress plugin before 6.5.0.3 unserializes user input p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4934 (A post-auth command injection vulnerability in the exception wizard of ...) + NOT-FOR-US: Sophos +CVE-2020-36692 (A reflected XSS via POST vulnerability in report scheduler of Sophos W ...) + NOT-FOR-US: Sophos +CVE-2023-28934 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28933 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StPe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28932 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28931 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neve ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28930 (Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28929 (Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to ...) + NOT-FOR-US: Trend Micro +CVE-2023-28928 + RESERVED +CVE-2023-1668 (A flaw was found in openvswitch (OVS). When processing an IP packet wi ...) + {DSA-5387-1 DLA-3410-1} + - openvswitch 3.1.0-2 (bug #1034042) + NOTE: https://www.openwall.com/lists/oss-security/2023/04/06/1 + NOTE: https://github.com/openvswitch/ovs/commit/61b39d8c4797f1b668e4d5e5350d639fca6082a9 (v3.1.1) + NOTE: https://github.com/openvswitch/ovs/commit/f36509fd64e339ffd33593451099be6baa12ffe6 (v2.15.8) +CVE-2023-1667 (A NULL pointer dereference was found In libssh during re-keying with a ...) + {DSA-5409-1 DLA-3437-1} + - libssh 0.10.5-1 (bug #1035832) + NOTE: https://www.libssh.org/security/advisories/CVE-2023-1667.txt + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=a30339d7b16da7784413e4a4667feb3604ed0458 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=247a4a761cfa745ed1090290c5107de6321143c9 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=99760776d4552d8e63edd68ba4a7448766517b8c (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=6df2daea040c47daff0a861a30761092886fe748 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=b759ae557d611ba347392c051504de474a8d9b60 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=fc1a8bb4555624f85ba1370721ad2086a4feff8c (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=70565ac43867053871f47378c53e5d90ba9007d8 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=d08f1b2377fead6489aa1d6a102bf65895ecf858 (libssh-0.10.5) + NOTE: https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=dc1254d53e4fc6cbeb4797fc6ca1c9ed2c21f15c (libssh-0.10.5) +CVE-2023-1666 (A vulnerability has been found in SourceCodester Automatic Question Pa ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1665 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: linagora twake +CVE-2023-28927 + RESERVED +CVE-2023-28926 + RESERVED +CVE-2023-28925 + RESERVED +CVE-2023-28924 + RESERVED +CVE-2023-28923 + RESERVED +CVE-2023-28922 + RESERVED +CVE-2023-28921 + RESERVED +CVE-2023-28920 + RESERVED +CVE-2023-28919 + RESERVED +CVE-2023-28918 + RESERVED +CVE-2023-28917 + RESERVED +CVE-2023-28916 + RESERVED +CVE-2023-28915 + RESERVED +CVE-2023-28914 + RESERVED +CVE-2023-28913 + RESERVED +CVE-2023-28912 + RESERVED +CVE-2023-28911 + RESERVED +CVE-2023-28910 + RESERVED +CVE-2023-28909 + RESERVED +CVE-2023-28908 + RESERVED +CVE-2023-28907 + RESERVED +CVE-2023-28906 + RESERVED +CVE-2023-28905 + RESERVED +CVE-2023-28904 + RESERVED +CVE-2023-28903 + RESERVED +CVE-2023-28902 + RESERVED +CVE-2023-28901 + RESERVED +CVE-2023-28900 + RESERVED +CVE-2023-28899 + RESERVED +CVE-2023-28898 + RESERVED +CVE-2023-28897 + RESERVED +CVE-2023-28896 (Access to critical Unified Diagnostics Services (UDS) of the Modular I ...) + NOT-FOR-US: Skoda +CVE-2023-28895 (The password for access to the debugging console of the PoWer Controll ...) + NOT-FOR-US: Skoda +CVE-2023-28894 + RESERVED +CVE-2023-28893 + RESERVED +CVE-2023-1664 (A flaw was found in Keycloak. This flaw depends on a non-default confi ...) + NOT-FOR-US: Keycloak +CVE-2023-1663 (Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, ...) + NOT-FOR-US: Coverity +CVE-2023-1662 + RESERVED +CVE-2023-1661 (The Display post meta, term meta, comment meta, and user meta plugin f ...) + NOT-FOR-US: Display post meta, term meta, comment meta, and user meta plugin for WordPress +CVE-2023-1660 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1659 + REJECTED +CVE-2023-1658 + RESERVED +CVE-2023-1657 + RESERVED +CVE-2023-1656 (Cleartext Transmission of Sensitive Information vulnerability in Forge ...) + NOT-FOR-US: ForgeRock +CVE-2023-1655 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4 ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1034187) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/05f1d1de-bbfd-43fe-bdf9-7f73419ce7c9 + NOTE: https://github.com/gpac/gpac/commit/e7f96c2d3774e4ea25f952bcdf55af1dd6e919f4 + NOTE: https://github.com/gpac/gpac/commit/07a17aa004cfcdbc19ed7820444ec6586c0f980a (v2.2.1) +CVE-2023-1654 (Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1034187) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/33652b56-128f-41a7-afcc-10641f69ff14 + NOTE: https://github.com/gpac/gpac/commit/2c055153d401b8c49422971e3a0159869652d3da + NOTE: https://github.com/gpac/gpac/commit/2dad447d37226a5adcbb1c2f2e3f47d6321c8cbe (v2.2.1) +CVE-2023-1653 + RESERVED +CVE-2023-1652 (A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4 ...) + - linux 6.1.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e6cf91b7b47ff82b624bdfe2fdcde32bb52e71dd (6.2-rc5) +CVE-2023-1651 (The AI ChatBot WordPress plugin before 4.4.9 does not have authorisati ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1650 (The AI ChatBot WordPress plugin before 4.4.7 unserializes user input f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1649 (The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1648 + REJECTED +CVE-2022-48429 (In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 refle ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-48428 (In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-48427 (In JetBrains TeamCity before 2022.10.3 stored XSS on \u201cPending cha ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-48426 (In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connecti ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-28892 (Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an in ...) + NOT-FOR-US: Malwarebytes AdwCleaner +CVE-2023-28891 + RESERVED +CVE-2023-28890 + RESERVED +CVE-2023-28889 + RESERVED +CVE-2023-28888 + RESERVED +CVE-2023-28887 + RESERVED +CVE-2023-28886 + RESERVED +CVE-2023-28885 (The MyLink infotainment system (build 2021.3.26) in General Motors Che ...) + NOT-FOR-US: MyLink infotainment system +CVE-2023-28884 (In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in ...) + NOT-FOR-US: MISP +CVE-2023-28883 (In Cerebrate 1.13, a blind SQL injection exists in the searchAll API e ...) + NOT-FOR-US: Cerebrate +CVE-2023-28882 (Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial ...) + - modsecurity 3.0.9-1 (bug #1035083) + [bullseye] - modsecurity (Vulnerable code not present) + [buster] - modsecurity (Vulnerable code not present) + NOTE: https://www.trustwave.com/en-us/resources/security-resources/software-updates/announcing-modsecurity-version-309/ + NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2886 + NOTE: Introduced by: https://github.com/SpiderLabs/ModSecurity/commit/8df35deadb16b19e4cd936e6370688dccf1e18a4 (v3.0.5) + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/db84d8cf771d39db578707cd03ec2b60f74c9785 (v3.0.9) +CVE-2023-28881 + RESERVED +CVE-2023-28880 + RESERVED +CVE-2023-28879 (In Artifex Ghostscript through 10.01.0, there is a buffer overflow lea ...) + {DSA-5383-1 DLA-3381-1} + - ghostscript 10.0.0~dfsg-11 (bug #1033757) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=706494 (not public) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=37ed5022cecd584de868933b5b60da2e995b3179 + NOTE: Future hardening/potentially intrusive impact for older versions (and should not be applied for + NOTE: older versions): + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=3635f4c75e54e337a4eebcf6db3eef0e60f9cebf + NOTE: https://www.openwall.com/lists/oss-security/2023/04/12/4 + NOTE: https://offsec.almond.consulting/ghostscript-cve-2023-28879.html +CVE-2023-28878 + RESERVED +CVE-2023-28877 (The VTEX apps-graphql@2.x GraphQL API module does not properly restric ...) + NOT-FOR-US: VTEX apps-graphql@2.x GraphQL API module +CVE-2023-28876 (A Broken Access Control issue in comments to uploaded files in Filerun ...) + NOT-FOR-US: Filerun +CVE-2023-28875 (A Stored XSS issue in shared files download terms in Filerun Update 20 ...) + NOT-FOR-US: Filerun +CVE-2023-28874 (The next parameter in the /accounts/login endpoint of Seafile 9.0.6 al ...) + - seafile-server (bug #865830) +CVE-2023-28873 (An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows atta ...) + - seafile-server (bug #865830) +CVE-2023-28872 + RESERVED +CVE-2023-28871 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) + NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client +CVE-2023-28870 (Insecure File Permissions in Support Assistant in NCP Secure Enterpris ...) + NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client +CVE-2023-28869 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) + NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client +CVE-2023-28868 (Support Assistant in NCP Secure Enterprise Client before 12.22 allows ...) + NOT-FOR-US: Support Assistant in NCP Secure Enterprise Client +CVE-2023-28867 (In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a ...) + NOT-FOR-US: graphql-java +CVE-2023-28866 (In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out ...) + - linux 6.1.20-2 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) +CVE-2023-28865 + RESERVED +CVE-2023-28864 (Progress Chef Infra Server before 15.7 allows a local attacker to expl ...) + - chef + [buster] - chef (chef package does not include upstream chef-server) + NOTE: https://blog.mondoo.com/chef-infra-server-cve-2023-28864-impact-and-remediation + NOTE: https://github.com/chef/chef-server/blob/8a2dc82148844767f7c7728633a03dcee812e56a/omnibus/files/server-ctl-cookbooks/infra-server/recipes/oc_bifrost.rb#L42 + NOTE: Fixed by: https://github.com/chef/chef-server/commit/985dfee99044ff477dbc08462b6d69add70f8608 (15.7.0) + NOTE: only chef-server removed since 201207 +CVE-2023-28863 (AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of ...) + NOT-FOR-US: AMI +CVE-2023-28862 (An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...) + {DLA-3496-1} + - lemonldap-ng 2.16.1+ds-1 + [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u4 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2896 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/334 +CVE-2023-28861 + RESERVED +CVE-2023-28860 + RESERVED +CVE-2023-1647 (Improper Access Control in GitHub repository calcom/cal.com prior to 2 ...) + NOT-FOR-US: calcom cal.com +CVE-2023-1646 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1645 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1644 (A vulnerability was found in IObit Malware Fighter 9.4.0.776 and class ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1643 (A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1642 (A vulnerability, which was classified as problematic, was found in IOb ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1641 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1640 (A vulnerability classified as problematic was found in IObit Malware F ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1639 (A vulnerability classified as problematic has been found in IObit Malw ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2023-1638 (A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has b ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2018-25083 (The pullit package before 1.4.0 for Node.js allows OS Command Injectio ...) + NOT-FOR-US: pullit Node.js package +CVE-2023-28859 (redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open ...) + - python-redis (Incomplete fix for CVE-2023-28858 not applied) + NOTE: https://github.com/redis/redis-py/issues/2665 + NOTE: https://github.com/redis/redis-py/pull/2641 +CVE-2023-28858 (redis-py before 4.5.3 leaves a connection open after canceling an asyn ...) + - python-redis (bug #1033754) + [bookworm] - python-redis (Minor issue) + [bullseye] - python-redis (Vulnerable code not present) + [buster] - python-redis (Vulnerable code introduced later) + NOTE: https://github.com/redis/redis-py/issues/2624 + NOTE: https://github.com/redis/redis-py/pull/2641 + NOTE: https://openai.com/blog/march-20-chatgpt-outage + NOTE: Async support added in v4.2.0 + NOTE: When fixing this issue make sure to apply complete fixes (cf. CVE-2023-28859 + NOTE: CVE entry) to not open CVE-2023-28859. +CVE-2023-1637 (A flaw that boot CPU could be vulnerable for the speculative execution ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/e2a1256b17b16f9b9adf1b6fea56819e7b68e463 (5.18-rc2) +CVE-2023-1636 (A vulnerability was found in OpenStack Barbican containers. This vulne ...) + - barbican (Apparently RHOSP-specific, full details never made public) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181765 + NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter +CVE-2023-1635 (A vulnerability was found in OTCMS 6.72. It has been declared as probl ...) + NOT-FOR-US: OTCMS +CVE-2023-1634 (A vulnerability was found in OTCMS 6.72. It has been classified as cri ...) + NOT-FOR-US: OTCMS +CVE-2023-1633 (A credentials leak flaw was found in OpenStack Barbican. This flaw all ...) + - barbican (Apparently RHOSP-specific, full details never made public) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181761 + NOTE: https://review.rdoproject.org/r/48529 + NOTE: possibly RedHat downstream RHOSP specific, RedHat clarifying with reporter +CVE-2023-1632 + REJECTED +CVE-2023-1631 (A vulnerability, which was classified as problematic, was found in Jia ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-1630 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-1629 (A vulnerability classified as critical was found in JiangMin Antivirus ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-1628 (A vulnerability classified as problematic has been found in Jianming A ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-1627 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-1626 (A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has ...) + NOT-FOR-US: Jianming Antivirus +CVE-2023-28857 (Apereo CAS is an open source multilingual single sign-on solution for ...) + NOT-FOR-US: Apereo CAS +CVE-2023-28856 (Redis is an open source, in-memory database that persists on disk. Aut ...) + {DLA-3396-1} + - redis 5:7.0.11-1 (bug #1034613) + [bullseye] - redis (Minor issue) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-hjv8-vjf6-wcr6 + NOTE: https://github.com/redis/redis/commit/1c1bd618c95e26a8ff5c12e70cbf0117233ef073 (7.0.11) + NOTE: https://github.com/redis/redis/commit/e030e351fd7ae8c1b0254982a4f12a4bd15ac66b (6.2.12) + NOTE: Requires authenticated access to server. +CVE-2023-28855 (Fields is a GLPI plugin that allows users to add custom fields on GLPI ...) + NOT-FOR-US: GLPI plugin +CVE-2023-28854 (nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnera ...) + NOT-FOR-US: nophp +CVE-2023-28853 (Mastodon is a free, open-source social network server based on Activit ...) + - mastodon (bug #859741) +CVE-2023-28852 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28851 (Silverstripe Form Capture provides a method to capture simple silverst ...) + NOT-FOR-US: Silverstripe +CVE-2023-28850 (Pimcore Perspective Editor provides an editor for Pimcore that allows ...) + NOT-FOR-US: Pimcore Perspective Editor +CVE-2023-28849 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28848 (user_oidc is the OIDC connect user backend for Nextcloud, an open sour ...) + NOT-FOR-US: user_oidc extension for NextCloud +CVE-2023-28847 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2023-28846 (Unpoly is a JavaScript framework for server-side web applications. The ...) + NOT-FOR-US: Unpoly +CVE-2023-28845 (Nextcloud talk is a video & audio conferencing app for Nextcloud. In a ...) + NOT-FOR-US: Nextcloud talk is a video & audio conferencing app for Nextcloud +CVE-2023-28844 (Nextcloud server is an open source home cloud implementation. In affec ...) + - nextcloud-server (bug #941708) +CVE-2023-28843 (PrestaShop/paypal is an open source module for the PrestaShop web comm ...) + NOT-FOR-US: PrestaShop +CVE-2023-28842 (Moby) is an open source container framework developed by Docker Inc. t ...) + - docker.io 20.10.24+dfsg1-1 + [bullseye] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p + NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 +CVE-2023-28841 (Moby is an open source container framework developed by Docker Inc. th ...) + - docker.io 20.10.24+dfsg1-1 + [bullseye] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237 + NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 + NOTE: https://github.com/moby/moby/issues/43382 + NOTE: https://github.com/moby/moby/pull/45118 +CVE-2023-28840 (Moby is an open source container framework developed by Docker Inc. th ...) + - docker.io 20.10.24+dfsg1-1 + [bullseye] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp + NOTE: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333 + NOTE: https://github.com/moby/moby/issues/43382 + NOTE: https://github.com/moby/moby/pull/45118 +CVE-2023-28839 (Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platf ...) + NOT-FOR-US: PrestaShop addon +CVE-2023-28838 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28837 (Wagtail is an open source content management system built on Django. P ...) + NOT-FOR-US: Wagtail +CVE-2023-28836 (Wagtail is an open source content management system built on Django. S ...) + NOT-FOR-US: Wagtail +CVE-2023-28835 (Nextcloud server is an open source home cloud implementation. In affec ...) + - nextcloud-server (bug #941708) +CVE-2023-28834 (Nextcloud Server is an open source personal cloud server. Nextcloud Se ...) + - nextcloud-server (bug #941708) +CVE-2023-28833 (Nextcloud server is an open source home cloud implementation. In affec ...) + - nextcloud-server (bug #941708) +CVE-2023-28832 (A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 ( ...) + NOT-FOR-US: Siemens +CVE-2023-28831 (The OPC UA implementations (ANSI C and C++) in affected products conta ...) + NOT-FOR-US: Siemens +CVE-2023-28830 (A vulnerability has been identified in JT2Go (All versions < V14.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2023-28829 (A vulnerability has been identified in SIMATIC NET PC Software V14 (Al ...) + NOT-FOR-US: Siemens +CVE-2023-28828 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) + NOT-FOR-US: Siemens +CVE-2023-28827 + RESERVED +CVE-2023-28379 (A memory corruption vulnerability exists in the HTTP Server form bound ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-27395 (A heap-based buffer overflow vulnerability exists in the vpnserver Wpc ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-22325 (A denial of service vulnerability exists in the DCRegister DDNS_RPC_MA ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-22308 (An integer underflow vulnerability exists in the vpnserver OvsProcessD ...) + NOT-FOR-US: SoftEther VPN +CVE-2023-1625 (An information leak was discovered in OpenStack heat. This issue could ...) + [experimental] - heat 1:20.0.0~rc1-1 + - heat 1:19.0.0-2 (bug #1034186) + [bullseye] - heat (Minor issue) + [buster] - heat (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2181621 + NOTE: https://review.opendev.org/c/openstack/heat/+/868166 + NOTE: https://github.com/openstack/heat/commit/1305a3152f75c6e62ec5094ea2bfc38f165204cf (20.0.0.0rc1) +CVE-2023-1624 (The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1623 (The Custom Post Type UI WordPress plugin before 1.13.5 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1622 + REJECTED +CVE-2023-1621 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-1620 (Multiple WAGO devices in multiple versions may allow an authenticated ...) + NOT-FOR-US: WAGO +CVE-2023-1619 (Multiple WAGO devices in multiple versions may allow an authenticated ...) + NOT-FOR-US: WAGO +CVE-2023-1618 (Active Debug Code vulnerability in Mitsubishi Electric Corporation MEL ...) + NOT-FOR-US: Mitsubishi +CVE-2023-1617 (Improper Authentication vulnerability in B&R Industrial Automation B&R ...) + NOT-FOR-US: B&R Industrial Automation +CVE-2023-1616 (A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has bee ...) + NOT-FOR-US: XiaoBingBy TeaCMS +CVE-2020-36691 (An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c a ...) + - linux 5.8.7-1 + NOTE: https://git.kernel.org/linus/7690aa1cdf7c4565ad6b013b324c28b685505e24 (5.8-rc1) +CVE-2016-15030 (A vulnerability classified as problematic has been found in Arno0x Two ...) + NOT-FOR-US: Arno0x +CVE-2015-10097 (A vulnerability was found in grinnellplans-php up to 3.0. It has been ...) + NOT-FOR-US: grinnellplans-php +CVE-2023-28821 (Concrete CMS (previously concrete5) before 9.1 did not have a rate lim ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28820 (Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28819 (Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 t ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28818 (An issue was discovered in Veritas NetBackup IT Analytics 11 before 11 ...) + NOT-FOR-US: Veritas +CVE-2023-28817 + RESERVED +CVE-2023-28816 + RESERVED +CVE-2023-28815 + RESERVED +CVE-2023-28814 + RESERVED +CVE-2023-28813 (An attacker could exploit a vulnerability by sending crafted messages ...) + NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents +CVE-2023-28812 (There is a buffer overflow vulnerability in a web browser plug-in coul ...) + NOT-FOR-US: Hikvision Web Browser Plug-in LocalServiceComponents +CVE-2023-28811 (There is a buffer overflow in the password recovery feature of Hikvisi ...) + NOT-FOR-US: hikvison +CVE-2023-28810 (Some access control/intercom products have unauthorized modification o ...) + NOT-FOR-US: hikvison +CVE-2023-28809 (Some access control products are vulnerable to a session hijacking att ...) + NOT-FOR-US: hikvision +CVE-2023-28808 (Some Hikvision Hybrid SAN/Cluster Storage products have an access cont ...) + NOT-FOR-US: Hikvision Hybrid SAN/Cluster Storage products +CVE-2023-1615 (The Ultimate Addons for Contact Form 7 plugin for WordPress is vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1614 (The WP Custom Author URL WordPress plugin before 1.0.5 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28807 + RESERVED +CVE-2023-28806 + RESERVED +CVE-2023-28805 (An Improper Input Validation vulnerability in Zscaler Client Connector ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28804 (An Improper Verification of Cryptographic Signature vulnerability in Z ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28803 (An authentication bypass by spoofing of a device with a synthetic IP a ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28802 (An Improper Validation of Integrity Check Value in Zscaler Client Conn ...) + NOT-FOR-US: Zscaler Client Connector on Windows +CVE-2023-28801 (An Improper Verification of Cryptographic Signature in the SAML authen ...) + NOT-FOR-US: Zscaler +CVE-2023-28800 (When using local accounts for administration, the redirect url paramet ...) + NOT-FOR-US: Zscaler +CVE-2023-28799 (A URL parameter during login flow was vulnerable to injection. An atta ...) + NOT-FOR-US: Zscaler +CVE-2023-28798 + RESERVED +CVE-2023-28797 (Zscaler Client Connector for Windows before 4.1 writes/deletes a confi ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28796 (Improper Verification of Cryptographic Signature vulnerability in Zsca ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28795 (Origin Validation Error vulnerability in Zscaler Client Connector on L ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28794 (Origin Validation Error vulnerability in Zscaler Client Connector on L ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28793 (Buffer overflow vulnerability in the signelf library used by Zscaler C ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2023-28792 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28791 (Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simpl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28790 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Bre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28789 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28788 + RESERVED +CVE-2023-28787 + RESERVED +CVE-2023-28786 + RESERVED +CVE-2023-28785 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28784 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28783 (Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress Plugin +CVE-2023-28782 + RESERVED +CVE-2023-28781 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Con ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28780 (Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28779 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28778 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28777 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28776 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: Lightbox plugin +CVE-2023-28775 + RESERVED +CVE-2023-28774 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28773 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28772 (An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d3b16034a24a112bb83aeb669ac5b9b01f744bb7 (5.14-rc1) +CVE-2023-28771 (Improper error message handling in Zyxel ZyWALL/USG series firmware ve ...) + NOT-FOR-US: Zyxel +CVE-2023-28770 (The sensitive information exposure vulnerability in the CGI \u201cExpo ...) + NOT-FOR-US: Zyxel +CVE-2023-28769 (The buffer overflow vulnerability in the library \u201clibclinkc.so\u2 ...) + NOT-FOR-US: Zyxel +CVE-2023-28768 (Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80 ...) + NOT-FOR-US: Zyxel +CVE-2023-28767 (The configuration parser fails to sanitize user-controlled input in th ...) + NOT-FOR-US: Zyxel +CVE-2023-28766 (A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All v ...) + NOT-FOR-US: Siemens +CVE-2023-25180 + REJECTED +CVE-2023-24593 + REJECTED +CVE-2023-1613 (A vulnerability has been found in Rebuild up to 3.2.3 and classified a ...) + NOT-FOR-US: Rebuild +CVE-2023-1612 (A vulnerability, which was classified as critical, was found in Rebuil ...) + NOT-FOR-US: Rebuild +CVE-2023-1611 (A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree ...) + {DLA-3404-1} + - linux 6.1.25-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/ +CVE-2023-1610 (A vulnerability, which was classified as critical, has been found in R ...) + NOT-FOR-US: Rebuild +CVE-2023-1609 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...) + NOT-FOR-US: Zhong Bang CRMEB Java +CVE-2023-1608 (A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has ...) + NOT-FOR-US: Zhong Bang CRMEB Java +CVE-2023-1607 (A vulnerability was found in novel-plus 3.6.2. It has been classified ...) + NOT-FOR-US: novel-plus +CVE-2023-1606 (A vulnerability was found in novel-plus 3.6.2 and classified as critic ...) + NOT-FOR-US: novel-plus +CVE-2023-1605 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.8. ...) + - radare2 (bug #1034180) + NOTE: https://huntr.dev/bounties/9dddcf5b-7dd4-46cc-abf9-172dce20bab2 + NOTE: https://github.com/radareorg/radare2/commit/508a6307045441defd1bef0999a1f7052097613f +CVE-2023-1604 + RESERVED +CVE-2023-1603 (Permission bypass when importing or synchronizing entriesin User vault ...) + NOT-FOR-US: Devolutions +CVE-2023-1602 (The Short URL plugin for WordPress is vulnerable to stored Cross-Site ...) + NOT-FOR-US: Short URL plugin for WordPress +CVE-2023-1601 + REJECTED +CVE-2023-1600 + RESERVED +CVE-2023-1599 + RESERVED +CVE-2023-1598 + REJECTED +CVE-2023-1597 (The tagDiv Cloud Library WordPress plugin before 2.7 does not have aut ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1596 (The tagDiv Composer WordPress plugin before 4.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1595 (A vulnerability has been found in novel-plus 3.6.2 and classified as c ...) + NOT-FOR-US: novel-plus +CVE-2023-1594 (A vulnerability, which was classified as critical, was found in novel- ...) + NOT-FOR-US: novel-plus +CVE-2023-1593 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1592 (A vulnerability classified as critical was found in SourceCodester Aut ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1591 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1590 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-1589 (A vulnerability has been found in SourceCodester Online Tours & Travel ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-XXXX [RUSTSEC-2022-0092] + - rust-rmp-serde 1.1.1-1 + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0092.html +CVE-2023-28765 (An attacker with basic privileges in SAP BusinessObjects Business Inte ...) + NOT-FOR-US: SAP +CVE-2023-28764 (SAP BusinessObjects Platform - versions 420, 430, Information design t ...) + NOT-FOR-US: SAP +CVE-2023-28763 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) + NOT-FOR-US: SAP +CVE-2023-28762 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) + NOT-FOR-US: SAP +CVE-2023-28761 (InSAP NetWeaver Enterprise Portal - version 7.50,an unauthenticated at ...) + NOT-FOR-US: SAP +CVE-2023-28760 + RESERVED +CVE-2023-28759 (An issue was discovered in Veritas NetBackup before 10.0 on Windows. A ...) + NOT-FOR-US: Veritas +CVE-2023-28758 (An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allo ...) + NOT-FOR-US: Veritas +CVE-2023-28757 + RESERVED +CVE-2023-28756 (A ReDoS issue was discovered in the Time component through 0.2.1 in Ru ...) + {DLA-3447-1 DLA-3408-1} + - ruby3.1 (bug #1038408) + - ruby2.7 + - ruby2.5 + [experimental] - jruby 9.4.3.0+ds-1~exp1 + - jruby (bug #1036283) + [bookworm] - jruby (Minor issue) + NOTE: Fixed by: https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e (v3_1_4) + NOTE: Fixed by: https://github.com/ruby/time/commit/b57db51f577875d3e896dcd2ef1dcaf97f23e943 (v0.2.2) + NOTE: Fixed by: https://github.com/ruby/time/commit/3dce6f73d14f5fad6d9b302393fd02df48797b11 (v0.2.2) + NOTE: https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/ +CVE-2023-28755 (A ReDoS issue was discovered in the URI component through 0.12.0 in Ru ...) + {DLA-3447-1 DLA-3408-1} + - rubygems 3.4.20-1 + [bookworm] - rubygems (Minor issue) + [bullseye] - rubygems (Minor issue) + - ruby3.1 (bug #1038408) + - ruby2.7 + - ruby2.5 + [experimental] - jruby 9.4.3.0+ds-1~exp1 + - jruby (bug #1036283) + [bookworm] - jruby (Minor issue) + NOTE: Fixed by: https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300 (v3_1_4) + NOTE: Fixed by: https://github.com/ruby/uri/commit/eaf89cc31619d49e67c64d0b58ea9dc38892d175 (v0.12.1) + NOTE: https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/ + NOTE: Incomplete fix, cf. CVE-2023-36617 +CVE-2023-28754 (Deserialization of Untrusted Data vulnerability in Apache ShardingSphe ...) + NOT-FOR-US: Apache ShardingSphere-Agent +CVE-2023-28753 (netconsd prior to v0.2 was vulnerable to an integer overflow in its pa ...) + NOT-FOR-US: netconsd +CVE-2023-28752 + RESERVED +CVE-2023-1588 + REJECTED +CVE-2023-1587 (Avast and AVG Antivirus for Windows were susceptible to a NULL pointer ...) + NOT-FOR-US: Norton +CVE-2023-1586 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...) + NOT-FOR-US: Norton +CVE-2023-1585 (Avast and AVG Antivirus for Windows were susceptible to a Time-of-chec ...) + NOT-FOR-US: Norton +CVE-2023-1584 (A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access ...) + NOT-FOR-US: Quarkus +CVE-2023-28751 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpme ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28750 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28749 (Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSoluti ...) + NOT-FOR-US: CreativeMindsSolutions CM On Demand Search And Replace plugin +CVE-2023-28748 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28747 (Cross-Site Request Forgery (CSRF) vulnerability in codeboxr CBX Curren ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28735 + RESERVED +CVE-2023-28734 + RESERVED +CVE-2023-28733 (AnyMailing Joomla Plugin is vulnerable to stored cross site scripting ...) + NOT-FOR-US: Joomla Plugin +CVE-2023-28732 (Missing access control inAnyMailing Joomla Plugin allows to list and a ...) + NOT-FOR-US: Joomla Plugin +CVE-2023-28731 (AnyMailing Joomla Plugin is vulnerable tounauthenticated remote code e ...) + NOT-FOR-US: Joomla Plugin +CVE-2023-27882 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-1583 (A NULL pointer dereference was found in io_file_bitmap_get in io_uring ...) + - linux 6.1.25-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3&id=761efd55a0227aca3a69deacdaa112fffd44fe37 +CVE-2023-1582 (A race problem was found in fs/proc/task_mmu.c in the memory managemen ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.103-1 + NOTE: https://git.kernel.org/linus/24d7275ce2791829953ed4e72f68277ceb2571c6 (5.17-rc4) +CVE-2023-1581 + RESERVED +CVE-2023-1580 (Uncontrolled resource consumption in the logging feature in Devolution ...) + NOT-FOR-US: Devolutions +CVE-2023-1579 (Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29988 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd (binutils-2_40) + NOTE: binutils not covered by security support +CVE-2023-1578 (SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.) + NOT-FOR-US: pimcore +CVE-2023-1577 + RESERVED +CVE-2023-1576 + REJECTED +CVE-2023-1575 (The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross- ...) + NOT-FOR-US: Mega Main Menu plugin for WordPress +CVE-2023-1574 (Information disclosure in the user creation feature of a MSSQL data so ...) + NOT-FOR-US: Devolutions +CVE-2023-1573 (A vulnerability was found in DataGear up to 1.11.1 and classified as p ...) + NOT-FOR-US: DataGear +CVE-2023-1572 (A vulnerability has been found in DataGear up to 1.11.1 and classified ...) + NOT-FOR-US: DataGear +CVE-2023-1571 (A vulnerability, which was classified as critical, was found in DataGe ...) + NOT-FOR-US: DataGear +CVE-2023-1570 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: syoyo tinydng +CVE-2023-1569 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester E-Commerce System +CVE-2023-1568 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1567 (A vulnerability was found in SourceCodester Student Study Center Desk ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1566 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) + NOT-FOR-US: SourceCodester Medical Certificate Generator App +CVE-2023-1565 (A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classif ...) + NOT-FOR-US: FeiFeiCMS +CVE-2023-1564 (A vulnerability was found in SourceCodester Air Cargo Management Syste ...) + NOT-FOR-US: SourceCodester Air Cargo Management System +CVE-2023-1563 (A vulnerability has been found in SourceCodester Student Study Center ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1562 (Mattermost fails to check the "Show Full Name" setting when rendering ...) + - mattermost-server (bug #823556) +CVE-2023-1561 (A vulnerability, which was classified as critical, was found in code-p ...) + NOT-FOR-US: Simple Online Hotel Reservation System +CVE-2023-1560 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: TinyTIFF +CVE-2023-1559 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Storage Unit Rental Management System +CVE-2023-1558 (A vulnerability classified as critical has been found in Simple and Be ...) + NOT-FOR-US: Simple and Beautiful Shopping Cart System +CVE-2023-1557 (A vulnerability was found in SourceCodester E-Commerce System 1.0. It ...) + NOT-FOR-US: SourceCodester E-Commerce System +CVE-2023-1556 (A vulnerability was found in SourceCodester Judging Management System ...) + NOT-FOR-US: SourceCodester Judging Management System +CVE-2023-1555 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2013-10022 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28730 (A memory corruption vulnerability Panasonic Control FPWIN Pro versions ...) + NOT-FOR-US: Panasonic +CVE-2023-28729 (A type confusion vulnerability in Panasonic Control FPWIN Pro versions ...) + NOT-FOR-US: Panasonic +CVE-2023-28728 (A stack-based buffer overflow in Panasonic Control FPWIN Pro versions ...) + NOT-FOR-US: Panasonic +CVE-2023-28727 (Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attacker ...) + NOT-FOR-US: Panasonic AiSEG2 +CVE-2023-28726 (Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers ...) + NOT-FOR-US: Panasonic AiSEG2 +CVE-2023-28725 (General Bytes Crypto Application Server (CAS) 20230120, as distributed ...) + NOT-FOR-US: General Bytes Crypto Application Server (CAS) +CVE-2023-28723 (Exposure of sensitive information to an unauthorized actor in some Int ...) + NOT-FOR-US: Intel +CVE-2023-28718 (Osprey Pump Controller version 1.01 allows users to perform certain ac ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28714 (Improper access control in firmware for some Intel(R) PROSet/Wireless ...) + NOT-FOR-US: Intel +CVE-2023-28712 (Osprey Pump Controller version 1.01 contains an unauthenticated comman ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28710 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache Airflow Spark Provider +CVE-2023-28654 (Osprey Pump Controller version 1.01 has a hidden administrative accoun ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28648 (Osprey Pump Controller version 1.01 inputs passed to a GET parameter a ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28411 (Double free in some Intel(R) Server Board BMC firmware before version ...) + NOT-FOR-US: Intel +CVE-2023-28410 (Improper restriction of operations within the bounds of a memory buffe ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html + NOTE: Fixed by: https://git.kernel.org/linus/661412e301e2ca86799aa4f400d1cf0bd38c57c6 (5.19-rc1) + NOTE: http://blog.pi3.com.pl/?p=931 + NOTE: http://site.pi3.com.pl/adv/CVE-2023-28410_i915.txt +CVE-2023-28404 (Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQ ...) + NOT-FOR-US: Intel +CVE-2023-28403 + RESERVED +CVE-2023-28401 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...) + NOT-FOR-US: Intel +CVE-2023-28398 (Osprey Pump Controller version 1.01 could allow an unauthenticated use ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28395 (Osprey Pump Controller version 1.01 is vulnerable to a weak session to ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-28385 (Improper authorization in the Intel(R) NUC Pro Software Suite for Wind ...) + NOT-FOR-US: Intel +CVE-2023-28376 (Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Con ...) + NOT-FOR-US: Intel +CVE-2023-28375 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-27886 (Osprey Pump Controller version 1.01 is vulnerable to an unauthenticate ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-27394 (Osprey Pump Controller version 1.01 is vulnerable an unauthenticated O ...) + NOT-FOR-US: Osprey Pump Controller +CVE-2023-25071 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...) + NOT-FOR-US: Intel +CVE-2023-1554 (The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1553 + RESERVED +CVE-2023-1552 (ToolboxST prior to version 7.10 is affected by a deserialization vulne ...) + NOT-FOR-US: ToolboxST +CVE-2023-28709 (The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 ...) + {DSA-5521-1} + [experimental] - tomcat10 10.1.8-1 + - tomcat10 10.1.10-1 + - tomcat9 (Incomplete fix for CVE-2023-24998 not applied) + NOTE: https://github.com/apache/tomcat/commit/ba848da71c523d94950d3c53c19ea155189df9dc (10.1.8) + NOTE: https://github.com/apache/tomcat/commit/fbd81421629afe8b8a3922d59020cde81caea861 (9.0.74) +CVE-2023-28708 (When using the RemoteIpFilter with requests received from a reverse ...) + {DSA-5381-1 DLA-3384-1} + - tomcat10 10.1.6-1 + - tomcat9 9.0.70-2 + - tomcat8 + NOTE: https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=66471 + NOTE: https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b (10.1.6) + NOTE: https://github.com/apache/tomcat/commit/3b51230764da595bb19e8d0962dd8c69ab40dfab (9.0.72) + NOTE: https://github.com/apache/tomcat/commit/5b72c94e8b2c4ada63a1d91dc527bf4d8fd1f510 (8.5.86) + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2023-28707 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache Airflow Drill Provider +CVE-2023-28706 (Improper Control of Generation of Code ('Code Injection') vulnerabilit ...) + NOT-FOR-US: Apache Airflow Hive Provider +CVE-2023-28705 (Openfind Mail2000 has insufficient filtering special characters of ema ...) + NOT-FOR-US: Openfind +CVE-2023-28704 (Furbo dog camera has insufficient filtering for special parameter of d ...) + NOT-FOR-US: Furbo +CVE-2023-28703 (ASUS RT-AC86U\u2019s specific cgi function has a stack-based buffer ov ...) + NOT-FOR-US: ASUS +CVE-2023-28702 (ASUS RT-AC86U does not filter special characters for parameters in spe ...) + NOT-FOR-US: ASUS +CVE-2023-28701 (ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. A ...) + NOT-FOR-US: ELITE TECHNOLOGY CORP. Web Fax +CVE-2023-28700 (OMICARD EDM backend system\u2019s file uploading function does not res ...) + NOT-FOR-US: OMICARD +CVE-2023-28699 (Wade Graphic Design FANTSY has a vulnerability of insufficient filteri ...) + NOT-FOR-US: Wade Graphic Design FANTSY +CVE-2023-28698 (Wade Graphic Design FANTSY has a vulnerability of insufficient authori ...) + NOT-FOR-US: Wade Graphic Design FANTSY +CVE-2023-28697 (Moxa MiiNePort E1 has a vulnerability of insufficient access control. ...) + NOT-FOR-US: Moxa +CVE-2023-28696 (Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, The ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28695 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28694 (Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28693 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasahe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28692 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28691 + RESERVED +CVE-2023-28690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28689 + RESERVED +CVE-2023-28688 + RESERVED +CVE-2023-28687 + RESERVED +CVE-2023-1551 + RESERVED +CVE-2023-1550 (Insertion of Sensitive Information into log file vulnerability in NGIN ...) + NOT-FOR-US: NGINX Agent +CVE-2023-1549 (The Ad Inserter WordPress plugin before 2.7.27 unserializes user input ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1548 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) + NOT-FOR-US: Schneider +CVE-2023-1547 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Elra Parkmatik +CVE-2023-1546 (The MyCryptoCheckout WordPress plugin before 2.124 does not escape som ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1545 (SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3 ...) + - teampass (bug #730180) +CVE-2023-1544 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) + - qemu 1:8.0.2+dfsg-1 (bug #1034179) + [bookworm] - qemu (Minor issue) + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + [buster] - qemu (Minor issue) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2023-03/msg00206.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (v8.0.0-rc0) +CVE-2023-28686 (Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows a ...) + {DSA-5379-1} + - dino-im 0.4.2-1 (bug #1033370) + [buster] - dino-im (Vulnerable code added in v0.1.0) + NOTE: https://dino.im/security/cve-2023-28686/ + NOTE: Fixed by: https://github.com/dino/dino/commit/ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec + NOTE: Fixed by: https://github.com/dino/dino/commit/baf96d9d9fac7480fed777ac87d917f8dec8f0f6 (v0.4.2) + NOTE: Fixed by: https://github.com/dino/dino/commit/e02a443a4eaf02f0ab860b41d0bc7081d4110ab4 (v0.2.3) + NOTE: Bookmark supported added in https://github.com/dino/dino/commit/74c29d4df19f97b9b67bbc3c1a963a8729be69fd (v0.1.0) +CVE-2023-28685 (Jenkins AbsInt a\xb3 Plugin 1.1.0 and earlier does not configure its X ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28684 (Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not conf ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28683 (Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not con ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28682 (Jenkins Performance Publisher Plugin 8.09 and earlier does not configu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28681 (Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not con ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28680 (Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parse ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28679 (Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28678 (Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names fr ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28677 (Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string c ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28676 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convert T ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28675 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28674 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28673 (A missing permission check in Jenkins OctoPerf Load Testing Plugin Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28672 (Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28671 (A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28670 (Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not esca ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28669 (Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and meth ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28668 (Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 an ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-28667 (The Lead Generated WordPress Plugin, version <= 1.23, was affected by ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28666 (The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28665 (The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is af ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28664 (The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28663 (The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28662 (The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28661 (The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28660 (The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28659 (The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1543 (Insufficient Session Expiration in GitHub repository answerdev/answer ...) + NOT-FOR-US: answer +CVE-2023-1542 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...) + NOT-FOR-US: answer +CVE-2023-1541 (Business Logic Errors in GitHub repository answerdev/answer prior to 1 ...) + NOT-FOR-US: answer +CVE-2023-1540 (Observable Response Discrepancy in GitHub repository answerdev/answer ...) + NOT-FOR-US: answer +CVE-2023-1539 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: answer +CVE-2023-1538 (Observable Timing Discrepancy in GitHub repository answerdev/answer pr ...) + NOT-FOR-US: answer +CVE-2023-1537 (Authentication Bypass by Capture-replay in GitHub repository answerdev ...) + NOT-FOR-US: answer +CVE-2023-1536 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: answer +CVE-2023-1535 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: answer +CVE-2023-1534 (Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 a ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1533 (Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1532 (Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.1 ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1531 (Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allow ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1530 (Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1529 (Out of bounds memory access in WebHID in Google Chrome prior to 111.0. ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1528 (Use after free in Passwords in Google Chrome prior to 111.0.5563.110 a ...) + {DSA-5377-1} + - chromium 111.0.5563.110-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1527 (Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/cor ...) + NOT-FOR-US: Corebos +CVE-2023-1526 (Certain DesignJet and PageWide XL TAA compliant models may have risk o ...) + NOT-FOR-US: HP +CVE-2023-1525 (The Site Reviews WordPress plugin before 6.7.1 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1524 (The Download Manager WordPress plugin before 3.2.71 does not adequatel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28655 (A malicious user could leverage this vulnerability to escalate privile ...) + NOT-FOR-US: SAUTER +CVE-2023-28652 (An authenticated malicious user could successfully upload a malicious ...) + NOT-FOR-US: SAUTER +CVE-2023-28650 (An unauthenticated remote attacker could provide a malicious link and ...) + NOT-FOR-US: SAUTER +CVE-2023-28647 (Nextcloud iOS is an ios application used to interface with the nextclo ...) + NOT-FOR-US: Nextcloud iOS application +CVE-2023-28646 (Nextcloud android is an android app for interfacing with the nextcloud ...) + NOT-FOR-US: Nextcloud android application +CVE-2023-28645 (Nextcloud richdocuments is a Nextcloud app integrating the office suit ...) + NOT-FOR-US: Nextcloud richdocuments +CVE-2023-28644 (Nextcloud server is an open source home cloud implementation. In relea ...) + - nextcloud-server (bug #941708) +CVE-2023-28643 (Nextcloud server is an open source home cloud implementation. In affec ...) + - nextcloud-server (bug #941708) +CVE-2023-28642 (runc is a CLI tool for spawning and running containers according to th ...) + {DLA-3369-1} + - runc 1.1.5+ds1-1 + [bullseye] - runc (Minor issue) + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c + NOTE: https://github.com/opencontainers/runc/pull/3785 + NOTE: same fix as CVE-2023-27561 +CVE-2023-28641 + RESERVED +CVE-2023-28640 (Apiman is a flexible and open source API Management platform. Due to a ...) + NOT-FOR-US: Apiman +CVE-2023-28639 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28638 (Snappier is a high performance C# implementation of the Snappy compres ...) + NOT-FOR-US: Snappier +CVE-2023-28637 (DataEase is an open source data visualization analysis tool. In Dataea ...) + NOT-FOR-US: DataEase +CVE-2023-28636 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28635 (vantage6 is privacy preserving federated learning infrastructure. Prio ...) + NOT-FOR-US: vantage6 +CVE-2023-28634 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28633 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28632 (GLPI is a free asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-28631 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...) + NOT-FOR-US: comrak +CVE-2023-28630 (GoCD is an open source continuous delivery server. In GoCD versions fr ...) + NOT-FOR-US: GoCD +CVE-2023-28629 (GoCD is an open source continuous delivery server. GoCD versions befor ...) + NOT-FOR-US: GoCD +CVE-2023-28628 (lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versi ...) + NOT-FOR-US: lambdaisland/uri +CVE-2023-28627 (pymedusa is an automatic video library manager for TV Shows. In versio ...) + NOT-FOR-US: pymedusa +CVE-2023-28626 (comrak is a CommonMark + GFM compatible Markdown parser and renderer w ...) + NOT-FOR-US: comrak +CVE-2023-28625 (mod_auth_openidc is an authentication and authorization module for the ...) + {DSA-5405-1 DLA-3409-1} + - libapache2-mod-auth-openidc 2.4.12.3-2 (bug #1033916) + NOTE: https://github.com/OpenIDC/mod_auth_openidc/commit/4389182239c0f60cfa4873f9980c826a70047cc4 (v2.4.13.2) + NOTE: https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-f5xw-rvfr-24qr +CVE-2023-28624 + RESERVED +CVE-2023-28623 (Zulip is an open-source team collaboration tool with unique topic-base ...) + NOT-FOR-US: Zulip +CVE-2023-28622 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Tri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28621 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress theme +CVE-2023-28620 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cybe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28619 + RESERVED +CVE-2023-28618 (Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou E ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28391 (A memory corruption vulnerability exists in the HTTP Server header par ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-27927 (An authenticated malicious user could acquire the simple mail transfer ...) + NOT-FOR-US: SAUTER +CVE-2023-22300 (An unauthenticated remote attacker could force all authenticated users ...) + NOT-FOR-US: SAUTER +CVE-2023-1523 (Using the TIOCLINUX ioctl request, a malicious snap could inject conte ...) + - snapd 2.59.5-1 + [bookworm] - snapd (Minor issue) + [bullseye] - snapd (Minor issue) + [buster] - snapd (Minor issue) + NOTE: Preparation: https://github.com/snapcore/snapd/commit/e4681c57bd5805c8d2dec5c3ddf7d85ebf1d2c4c (2.59.5) + NOTE: Fixed by: https://github.com/snapcore/snapd/commit/dddcfd6ac8daa84feb80eb6fd88f852ced70629c (2.59.5) + NOTE: Fixed by: https://github.com/snapcore/snapd/commit/52af545f3c0d8b086500ab86f161703905638951 (2.59.5) + NOTE: Tests: https://github.com/snapcore/snapd/commit/e5e823b442aec364e81c9cb805dc2fce34c41b8b (2.59.5) + NOTE: Tests: https://github.com/snapcore/snapd/commit/8ad5a73e753828175c9fbbf03e518bb42d773979 (2.59.5) + NOTE: Tests: https://github.com/snapcore/snapd/commit/64cf6b0048385d921b25361d55ddfd524880c738 (2.59.5) + NOTE: Tests: https://github.com/snapcore/snapd/commit/2e93f91e1350f965a356748a3ddcff275207df12 (2.59.5) + NOTE: Tests: https://github.com/snapcore/snapd/commit/390dc62a71884c0463e2411fb13f5bd5abdc7442 (2.59.5) +CVE-2023-1522 (SQL Injection in the Hardware Inventory report of Security Center 5.11 ...) + NOT-FOR-US: Security Center +CVE-2023-1521 + RESERVED +CVE-2023-1520 + RESERVED +CVE-2023-1519 + RESERVED +CVE-2023-1518 (CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to ...) + NOT-FOR-US: CP Plus KVMS Pro +CVE-2023-1517 (Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore ...) + NOT-FOR-US: pimcore +CVE-2023-1516 (RoboDK versions 5.5.3 and prior contain an insecure permission assign ...) + NOT-FOR-US: RoboDK +CVE-2023-1515 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1514 (A vulnerability exists in the component RTU500 Scripting interface. Wh ...) + NOT-FOR-US: Hitachi +CVE-2023-1513 (A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.15-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/2c10b61421a28e95a46ab489fd56c0f442ff6952 (6.2) +CVE-2023-1512 + RESERVED +CVE-2023-1511 + RESERVED +CVE-2023-1510 + RESERVED +CVE-2023-1509 (The GMAce plugin for WordPress is vulnerable to Cross-Site Request For ...) + NOT-FOR-US: GMAce plugin for WordPress +CVE-2023-1508 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Adam Retail Automation Systems Mobilmen Terminal Software +CVE-2023-1507 (A vulnerability has been found in SourceCodester E-Commerce System 1.0 ...) + NOT-FOR-US: SourceCodester E-Commerce System +CVE-2023-1506 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester E-Commerce System +CVE-2023-1505 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester E-Commerce System +CVE-2023-1504 (A vulnerability classified as critical was found in SourceCodester Alp ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2023-1503 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2023-1502 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2019-25136 (A compromised child process could have injected XBL Bindings into priv ...) + - firefox 70.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/ +CVE-2018-25082 (A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classi ...) + NOT-FOR-US: zwczou WeChat SDK Python +CVE-2016-15029 (A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and class ...) + NOT-FOR-US: Ydalb mapicoin +CVE-2012-10009 (A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1501 (A vulnerability, which was classified as critical, was found in RockOA ...) + NOT-FOR-US: RockOA +CVE-2023-1500 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Simple Art Gallery +CVE-2023-1499 (A vulnerability classified as critical was found in code-projects Simp ...) + NOT-FOR-US: Simple Art Gallery +CVE-2023-1498 (A vulnerability classified as critical has been found in code-projects ...) + NOT-FOR-US: Responsive Hotel Site +CVE-2023-1497 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script +CVE-2023-1496 (Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/i ...) + NOT-FOR-US: imgproxy +CVE-2023-2491 (A flaw was found in the Emacs text editor. Processing a specially craf ...) + - emacs (Red Hat specific security regression from CVE-2023-28617 patches) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2192873 +CVE-2023-28617 (org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for G ...) + {DLA-3616-1 DLA-3416-1} + [experimental] - org-mode 9.6.6+dfsg-1~exp1 + - org-mode 9.5.2+dfsh-5 (bug #1033341) + [bullseye] - org-mode 9.4.0+dfsg-1+deb11u1 + - emacs 1:28.2+1-14 (bug #1033342) + [bullseye] - emacs (Minor issue) + NOTE: https://list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e + NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485 (release_9.6.2) + NOTE: https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741 (release_9.6.2) + NOTE: org-mode/9.5.2+dfsh-5 dropped all lisp files from the produced binary packages + NOTE: making an empty dependency package only thus considered fixed exceptionally in + NOTE: that version. +CVE-2023-28616 + RESERVED +CVE-2023-28615 + RESERVED +CVE-2023-28614 (Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injectio ...) + NOT-FOR-US: Freewill iFIS +CVE-2023-28613 (An issue was discovered in Samsung Exynos Mobile Processor and Baseban ...) + NOT-FOR-US: Samsung +CVE-2023-28612 + RESERVED +CVE-2023-28611 (Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and ...) + NOT-FOR-US: OMICRON +CVE-2023-28610 (The update process in OMICRON StationGuard and OMICRON StationScout be ...) + NOT-FOR-US: OMICRON +CVE-2023-28609 (api/auth.go in Ansible Semaphore before 2.8.89 mishandles authenticati ...) + NOT-FOR-US: Ansible Semaphore +CVE-2023-1495 (A vulnerability classified as critical was found in Rebuild up to 3.2. ...) + NOT-FOR-US: Rebuild +CVE-2023-1494 (A vulnerability classified as critical has been found in IBOS 4.5.5. A ...) + NOT-FOR-US: IBOS +CVE-2023-1493 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + NOT-FOR-US: Max Secure Anti Virus Plus +CVE-2023-1492 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + NOT-FOR-US: Max Secure Anti Virus Plus +CVE-2023-1491 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It h ...) + NOT-FOR-US: Max Secure Anti Virus Plus +CVE-2023-1490 (A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and c ...) + NOT-FOR-US: Max Secure Anti Virus Plus +CVE-2023-1489 (A vulnerability has been found in Lespeed WiseCleaner Wise System Moni ...) + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor +CVE-2023-1488 (A vulnerability, which was classified as problematic, was found in Les ...) + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor +CVE-2023-1487 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Lespeed WiseCleaner Wise System Monitor +CVE-2023-1486 (A vulnerability classified as problematic was found in Lespeed WiseCle ...) + NOT-FOR-US: Lespeed WiseCleaner Wise Force Deleter +CVE-2023-1485 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Young Entrepreneur E-Negosyo System +CVE-2022-4933 (A vulnerability, which was classified as critical, has been found in A ...) + NOT-FOR-US: Dolibarr module +CVE-2022-48422 (ONLYOFFICE Docs through 7.3 on certain Linux distributions allows loca ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-46877 (jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before ...) + - jackson-databind 2.13.2.2-1 + [bullseye] - jackson-databind (Minor issue) + [buster] - jackson-databind (Vulnerable code introduced in 2.10) + NOTE: https://groups.google.com/g/jackson-user/c/OsBsirPM_Vw + NOTE: https://github.com/FasterXML/jackson-databind/issues/3328 + NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-2.12.6) + NOTE: https://github.com/FasterXML/jackson-databind/commit/3ccde7d938fea547e598fdefe9a82cff37fed5cb (jackson-databind-3.13.1) +CVE-2015-10096 (A vulnerability, which was classified as critical, was found in Zarthu ...) + NOT-FOR-US: Zarthus IRC Twitter Announcer Bot +CVE-2023-28608 + RESERVED +CVE-2023-28607 (js/event-graph.js in MISP before 2.4.169 allows XSS via the event-grap ...) + NOT-FOR-US: MISP +CVE-2023-28606 (js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph no ...) + NOT-FOR-US: MISP +CVE-2023-28605 + RESERVED +CVE-2023-28604 (The fluid_components (aka Fluid Components) extension before 3.5.0 for ...) + NOT-FOR-US: TYPO3 extension +CVE-2023-1484 (A vulnerability was found in xzjie cms up to 1.0.3 and classified as c ...) + NOT-FOR-US: xzjie cms +CVE-2023-1483 (A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and cl ...) + NOT-FOR-US: XiaoBingBy TeaCMS +CVE-2023-1482 (A vulnerability, which was classified as problematic, was found in HkC ...) + NOT-FOR-US: HkCms +CVE-2023-1481 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System +CVE-2023-1480 (A vulnerability classified as critical was found in SourceCodester Mon ...) + NOT-FOR-US: SourceCodester Monitoring of Students Cyber Accounts System +CVE-2023-1479 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Simple Music Player +CVE-2023-28603 (Zoom VDI client installer prior to 5.14.0 contains an improper access ...) + NOT-FOR-US: Zoom +CVE-2023-28602 (Zoom for Windows clients prior to 5.13.5 contain an improper verificat ...) + NOT-FOR-US: Zoom +CVE-2023-28601 (Zoom for Windows clients prior to 5.14.0 contain an improper restricti ...) + NOT-FOR-US: Zoom +CVE-2023-28600 (Zoom for MacOSclients prior to 5.14.0 contain an improper access contr ...) + NOT-FOR-US: Zoom +CVE-2023-28599 (Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. ...) + NOT-FOR-US: Zoom +CVE-2023-28598 (Zoom for Linux clients prior to 5.13.10 contain an HTML injection vul ...) + NOT-FOR-US: Zoom +CVE-2023-28597 (Zoom clients prior to 5.13.5 contain an improper trust boundary implem ...) + NOT-FOR-US: Zoom +CVE-2023-28596 (Zoom Client for IT Admin macOS installers before version 5.13.5 contai ...) + NOT-FOR-US: Zoom +CVE-2023-28595 + RESERVED +CVE-2023-28594 + RESERVED +CVE-2023-28593 + RESERVED +CVE-2023-28592 + RESERVED +CVE-2023-28591 + RESERVED +CVE-2023-28590 + RESERVED +CVE-2023-28589 + RESERVED +CVE-2023-28588 (Transient DOS in Bluetooth Host while rfc slot allocation.) + NOT-FOR-US: Qualcomm +CVE-2023-28587 (Memory corruption in BT controller while parsing debug commands with s ...) + NOT-FOR-US: Qualcomm +CVE-2023-28586 (Information disclosure when the trusted application metadata symbol ad ...) + NOT-FOR-US: Qualcomm +CVE-2023-28585 (Memory corruption while loading an ELF segment in TEE Kernel.) + NOT-FOR-US: Qualcomm +CVE-2023-28584 (Transient DOS in WLAN Host when a mobile station receives invalid chan ...) + NOT-FOR-US: Qualcomm +CVE-2023-28583 + RESERVED +CVE-2023-28582 + RESERVED +CVE-2023-28581 (Memory corruption in WLAN Firmware while parsing receieved GTK Keys in ...) + NOT-FOR-US: Qualcomm +CVE-2023-28580 (Memory corruption in WLAN Host while setting the PMK length in PMK len ...) + NOT-FOR-US: Qualcomm +CVE-2023-28579 (Memory Corruption in WLAN Host while deserializing the input PMK bytes ...) + NOT-FOR-US: Qualcomm +CVE-2023-28578 + RESERVED +CVE-2023-28577 (In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no ch ...) + NOT-FOR-US: Qualcomm +CVE-2023-28576 (The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may ...) + NOT-FOR-US: Qualcomm +CVE-2023-28575 (The cam_get_device_priv function does not check the type of handle bei ...) + NOT-FOR-US: Qualcomm +CVE-2023-28574 (Memory corruption in core services when Diag handler receives a comman ...) + NOT-FOR-US: Qualcomm +CVE-2023-28573 (Memory corruption in WLAN HAL while parsing WMI command parameters.) + NOT-FOR-US: Qualcomm +CVE-2023-28572 (Memory corruption in WLAN HOST while processing the WLAN scan descript ...) + NOT-FOR-US: Qualcomm +CVE-2023-28571 (Information disclosure in WLAN HOST while processing the WLAN scan des ...) + NOT-FOR-US: Qualcomm +CVE-2023-28570 (Memory corruption while processing audio effects.) + NOT-FOR-US: Qualcomm +CVE-2023-28569 (Information disclosure in WLAN HAL while handling command through WMI ...) + NOT-FOR-US: Qualcomm +CVE-2023-28568 (Information disclosure in WLAN HAL when reception status handler is ca ...) + NOT-FOR-US: Qualcomm +CVE-2023-28567 (Memory corruption in WLAN HAL while handling command through WMI inter ...) + NOT-FOR-US: Qualcomm +CVE-2023-28566 (Information disclosure in WLAN HAL while handling the WMI state info c ...) + NOT-FOR-US: Qualcomm +CVE-2023-28565 (Memory corruption in WLAN HAL while handling command streams through W ...) + NOT-FOR-US: Qualcomm +CVE-2023-28564 (Memory corruption in WLAN HAL while passing command parameters through ...) + NOT-FOR-US: Qualcomm +CVE-2023-28563 (Information disclosure in IOE Firmware while handling WMI command.) + NOT-FOR-US: Qualcomm +CVE-2023-28562 (Memory corruption while handling payloads from remote ESL.) + NOT-FOR-US: Qualcomm +CVE-2023-28561 (Memory corruption in QESL while processing payload from external ESL d ...) + NOT-FOR-US: Qualcomm +CVE-2023-28560 (Memory corruption in WLAN HAL while processing devIndex from untrusted ...) + NOT-FOR-US: Qualcomm +CVE-2023-28559 (Memory corruption in WLAN FW while processing command parameters from ...) + NOT-FOR-US: Qualcomm +CVE-2023-28558 (Memory corruption in WLAN handler while processing PhyID in Tx status ...) + NOT-FOR-US: Qualcomm +CVE-2023-28557 (Memory corruption in WLAN HAL while processing command parameters from ...) + NOT-FOR-US: Qualcomm +CVE-2023-28556 (Cryptographic issue in HLOS during key management.) + NOT-FOR-US: Qualcomm +CVE-2023-28555 (Transient DOS in Audio while remapping channel buffer in media codec d ...) + NOT-FOR-US: Qualcomm +CVE-2023-28554 (Information Disclosure in Qualcomm IPC while reading values from share ...) + NOT-FOR-US: Qualcomm +CVE-2023-28553 (Information Disclosure in WLAN Host when processing WMI event command.) + NOT-FOR-US: Qualcomm +CVE-2023-28552 + RESERVED +CVE-2023-28551 (Memory corruption in UTILS when modem processes memory specific Diag c ...) + NOT-FOR-US: Qualcomm +CVE-2023-28550 (Memory corruption in MPP performance while accessing DSM watermark usi ...) + NOT-FOR-US: Qualcomm +CVE-2023-28549 (Memory corruption in WLAN HAL while parsing Rx buffer in processing TL ...) + NOT-FOR-US: Qualcomm +CVE-2023-28548 (Memory corruption in WLAN HAL while processing Tx/Rx commands from QDA ...) + NOT-FOR-US: Qualcomm +CVE-2023-28547 + RESERVED +CVE-2023-28546 (Memory Corruption in SPS Application while exporting public key in sor ...) + NOT-FOR-US: Qualcomm +CVE-2023-28545 (Memory corruption in TZ Secure OS while loading an app ELF.) + NOT-FOR-US: Qualcomm +CVE-2023-28544 (Memory corruption in WLAN while sending transmit command from HLOS to ...) + NOT-FOR-US: Qualcomm +CVE-2023-28543 (A malformed DLC can trigger Memory Corruption in SNPE library due to o ...) + NOT-FOR-US: Qualcomm +CVE-2023-28542 (Memory Corruption in WLAN HOST while fetching TX status information.) + NOT-FOR-US: Qualcomm +CVE-2023-28541 (Memory Corruption in Data Modem while processing DMA buffer release ev ...) + NOT-FOR-US: Qualcomm +CVE-2023-28540 (Cryptographic issue in Data Modem due to improper authentication durin ...) + NOT-FOR-US: Qualcomm +CVE-2023-28539 (Memory corruption in WLAN Host when the firmware invokes multiple WMI ...) + NOT-FOR-US: Qualcomm +CVE-2023-28538 (Memory corruption in WIN Product while invoking WinAcpi update driver ...) + NOT-FOR-US: Qualcomm +CVE-2023-28537 (Memory corruption while allocating memory in COmxApeDec module in Audi ...) + NOT-FOR-US: Qualcomm +CVE-2023-28536 + RESERVED +CVE-2023-28535 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paytm Pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28534 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28533 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in M Wi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28532 + RESERVED +CVE-2023-28531 (ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without ...) + - openssh 1:9.3p1-1 (bug #1033166) + [bookworm] - openssh (Minor issue) + [bullseye] - openssh (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9) + [buster] - openssh (Vulnerable code introduced later; per-hop desination constraints support added in OpenSSH 8.9) + NOTE: https://github.com/openssh/openssh-portable/commit/54ac4ab2b53ce9fcb66b8250dee91c070e4167ed (V_9_3_P1) +CVE-2023-28530 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site ...) + NOT-FOR-US: IBM +CVE-2023-28529 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) + NOT-FOR-US: IBM +CVE-2023-28528 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2023-28527 (IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a hea ...) + NOT-FOR-US: IBM +CVE-2023-28526 (IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-28525 + RESERVED +CVE-2023-28524 + RESERVED +CVE-2023-28523 (IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-28522 (IBM API Connect V10 could allow an authenticated user to perform actio ...) + NOT-FOR-US: IBM +CVE-2023-28521 + RESERVED +CVE-2023-28520 (IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site sc ...) + NOT-FOR-US: IBM +CVE-2023-28519 + RESERVED +CVE-2023-28518 + RESERVED +CVE-2023-28517 + RESERVED +CVE-2023-28516 + RESERVED +CVE-2023-28515 + RESERVED +CVE-2023-28514 (IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive ...) + NOT-FOR-US: IBM +CVE-2023-28513 (IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM ...) + NOT-FOR-US: IBM +CVE-2023-28512 + RESERVED +CVE-2023-28511 + RESERVED +CVE-2023-28510 + RESERVED +CVE-2023-28509 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28508 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28507 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28506 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28505 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28504 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28503 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28502 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28501 (Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVers ...) + NOT-FOR-US: Rocket Software UniData +CVE-2023-28500 (A Java insecure deserialization vulnerability in Adobe LiveCycle ES4 v ...) + NOT-FOR-US: Adobe +CVE-2023-28499 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in sim ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28498 (Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Boo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28497 (Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28496 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28495 (Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28494 + RESERVED +CVE-2023-28493 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: Wordpress theme +CVE-2023-28492 + RESERVED +CVE-2023-28491 + RESERVED +CVE-2023-28490 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28489 (A vulnerability has been identified in CP-8031 MASTER MODULE (All vers ...) + NOT-FOR-US: Siemens +CVE-2023-1478 (The Hummingbird WordPress plugin before 3.4.2 does not validate the ge ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1477 (Improper Authentication vulnerability in HYPR Keycloak Authenticator E ...) + NOT-FOR-US: HYPR Keycloak Authenticator Extension +CVE-2023-1476 (A use-after-free flaw was found in the Linux kernel\u2019s mm/mremap m ...) + NOT-FOR-US: RedHat specific incomplete Linux kpatch incomplete fix for CVE-2022-41222 +CVE-2023-1475 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2023-1474 (A vulnerability classified as critical was found in SourceCodester Aut ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1473 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1472 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1471 (The WP Popup Banners plugin for WordPress is vulnerable to SQL Injecti ...) + NOT-FOR-US: WP Popup Banners plugin for WordPress +CVE-2023-1470 (The eCommerce Product Catalog plugin for WordPress is vulnerable to St ...) + NOT-FOR-US: eCommerce Product Catalog plugin for WordPress +CVE-2023-1469 (The WP Express Checkout plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: WP Express Checkout plugin for WordPress +CVE-2023-1468 (A vulnerability classified as critical was found in SourceCodester Stu ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1467 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1466 (A vulnerability was found in SourceCodester Student Study Center Desk ...) + NOT-FOR-US: SourceCodester Student Study Center Desk Management System +CVE-2023-1465 (The WP EasyPay WordPress plugin before 4.1 does not escape some genera ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1464 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Medicine Tracker System +CVE-2023-1463 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + - teampass (bug #730180) +CVE-2023-1462 (Authorization Bypass Through User-Controlled Key vulnerability in Vadi ...) + NOT-FOR-US: Vadi Corporate Information Systems DigiKent +CVE-2023-1461 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2023-1460 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-1459 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2023-1458 (A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 ...) + NOT-FOR-US: Ubiquiti EdgeRouter X +CVE-2023-1457 (A vulnerability, which was classified as critical, was found in Ubiqui ...) + NOT-FOR-US: Ubiquiti EdgeRouter X +CVE-2023-1456 (A vulnerability, which was classified as critical, has been found in U ...) + NOT-FOR-US: Ubiquiti EdgeRouter X +CVE-2023-1455 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-1454 (A vulnerability classified as critical has been found in jeecg-boot 3. ...) + NOT-FOR-US: jeecg-boot +CVE-2023-1453 (A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has bee ...) + NOT-FOR-US: Watchdog Anti-Virus +CVE-2023-1452 (A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1034187) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2386 + NOTE: https://github.com/gpac/gpac/commit/a5efec8187de02d1f0a412140b0bf030a6747d3f + NOTE: https://github.com/gpac/gpac/commit/6d6c4533ca7004f76d524129b52bda241dc231b5 (v2.2.1) +CVE-2023-1451 (A vulnerability was found in MP4v2 2.1.2. It has been classified as pr ...) + - mp4v2 +CVE-2023-1450 (A vulnerability was found in MP4v2 2.1.2 and classified as problematic ...) + - mp4v2 +CVE-2023-1449 (A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1034187) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2387 + NOTE: https://github.com/gpac/gpac/commit/8ebbfd61c73d61a2913721a492e5a81fb8d9f9a9 + NOTE: https://github.com/gpac/gpac/commit/7c07b1346d64354ba3ac6412097cce1db119eef0 (v2.2.1) +CVE-2023-1448 (A vulnerability, which was classified as problematic, was found in GPA ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1034187) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2388 + NOTE: https://github.com/gpac/gpac/commit/8db20cb634a546c536c31caac94e1f74b778b463 + NOTE: https://github.com/gpac/gpac/commit/e76699a83a148345247a02501293b28bc62d6a2e (v2.2.1) +CVE-2023-1447 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Medicine Tracker System +CVE-2023-1446 (A vulnerability classified as problematic was found in Watchdog Anti-V ...) + NOT-FOR-US: Watchdog Anti-Virus +CVE-2023-1445 (A vulnerability classified as problematic has been found in Filseclab ...) + NOT-FOR-US: Filseclab Twister Antivirus +CVE-2023-1444 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...) + NOT-FOR-US: Filseclab Twister Antivirus +CVE-2023-1443 (A vulnerability was found in Filseclab Twister Antivirus 8. It has bee ...) + NOT-FOR-US: Filseclab Twister Antivirus +CVE-2023-1442 (A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has be ...) + NOT-FOR-US: Meizhou Qingyunke QYKCMS +CVE-2023-1441 (A vulnerability has been found in SourceCodester Automatic Question Pa ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1440 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Automatic Question Paper Generator System +CVE-2023-1439 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Medicine Tracker System +CVE-2023-1438 + RESERVED +CVE-2023-1437 (All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerabl ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2023-1436 (An infinite recursion is triggered in Jettison when constructing a JSO ...) + - libjettison-java 1.5.4-1 (bug #1033846) + [bookworm] - libjettison-java (Minor issue) + [bullseye] - libjettison-java (Minor issue) + [buster] - libjettison-java (Minor issue, DoS) + NOTE: https://research.jfrog.com/vulnerabilities/jettison-json-array-dos-xray-427911/ + NOTE: https://github.com/jettison-json/jettison/issues/60 + NOTE: https://github.com/jettison-json/jettison/pull/62 + NOTE: https://github.com/jettison-json/jettison/commit/c20a8be23f698d7d89b7ccf8d328971cf4709b9f (jettison-1.5.4) + NOTE: Introduced by: https://github.com/jettison-json/jettison/commit/be193159085b9fc2bc3526f8655871f9b0472d06 (jettison-1.3.1) +CVE-2023-1435 (The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1434 + RESERVED +CVE-2023-1433 (A vulnerability was found in SourceCodester Gadget Works Online Orderi ...) + NOT-FOR-US: SourceCodester Gadget Works Online Ordering System +CVE-2023-1432 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester Online Food Ordering System +CVE-2023-1431 (The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sens ...) + NOT-FOR-US: WP Simple Shopping Cart plugin for WordPress +CVE-2023-1430 (The FluentCRM - Marketing Automation For WordPress plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1429 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-1428 (There exists an vulnerability causing an abort() to be called in gRPC. ...) + - grpc (Vulnerable maxsize handler introduced later) + NOTE: Fixed by: https://github.com/grpc/grpc/commit/2485fa94bd8a723e5c977d55a3ce10b301b437f8 (v1.54.0-pre1) + NOTE: Introduced by: https://github.com/grpc/grpc/commit/b2b70515583fe18e36c7e70b265808fa3154f734 (v1.52.0-pre1) +CVE-2023-1427 (- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not en ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1426 (The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1425 (The WordPress CRM, Email & Marketing Automation for WordPress | Award ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28488 (client.c in gdhcp in ConnMan through 1.41 could be used by network-adj ...) + {DSA-5416-1 DLA-3397-1} + - connman 1.41-3 (bug #1034393) + NOTE: https://github.com/moehw/poc_exploits/tree/master/CVE-2023-28488 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138 +CVE-2023-28487 (Sudo before 1.9.13 does not escape control characters in sudoreplay ou ...) + - sudo 1.9.13p1-1 + [bullseye] - sudo (Minor issue) + [buster] - sudo (Minor issue) + NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca +CVE-2023-28486 (Sudo before 1.9.13 does not escape control characters in log messages.) + - sudo 1.9.13p1-1 + [bullseye] - sudo (Minor issue) + [buster] - sudo (Minor issue) + NOTE: https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca +CVE-2023-28485 (A stored cross-site scripting (Stored XSS) vulnerability in file previ ...) + NOT-FOR-US: WeKan +CVE-2023-28484 (In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can l ...) + {DSA-5391-1 DLA-3405-1} + - libxml2 2.9.14+dfsg-1.2 (bug #1034436) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2185994 + NOTE: Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4) +CVE-2023-28483 (An issue was discovered in Tigergraph Enterprise 3.7.0. The GSQL query ...) + NOT-FOR-US: Tigergraph Enterprise +CVE-2023-28482 (An issue was discovered in Tigergraph Enterprise 3.7.0. A single Tiger ...) + NOT-FOR-US: Tigergraph Enterprise +CVE-2023-28481 (An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsec ...) + NOT-FOR-US: Tigergraph Enterprise +CVE-2023-28480 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...) + NOT-FOR-US: Tigergraph Enterprise +CVE-2023-28479 (An issue was discovered in Tigergraph Enterprise 3.7.0. The TigerGraph ...) + NOT-FOR-US: Tigergraph Enterprise +CVE-2023-28478 (TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Bu ...) + NOT-FOR-US: TP-Link +CVE-2023-28477 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28476 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28475 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and ver ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28474 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28473 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28472 (Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28471 (Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored ...) + NOT-FOR-US: Concrete CMS +CVE-2023-28470 (In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is ...) + NOT-FOR-US: Couchbase Server +CVE-2023-28469 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: ARM +CVE-2023-28468 (An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O w ...) + NOT-FOR-US: Insyde InsydeH2O +CVE-2023-28467 (In MyBB before 1.8.34, there is XSS in the User CP module via the user ...) + NOT-FOR-US: MyBB +CVE-2023-28465 (The package-decompression feature in HL7 (Health Level 7) FHIR Core Li ...) + NOT-FOR-US: HL7 (Health Level 7) FHIR Core Libraries +CVE-2023-28464 (hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel throu ...) + - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/28/2 + NOTE: https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/ + NOTE: https://git.kernel.org/linus/5dc7d23e167e2882ef118456ceccd57873e876d8 +CVE-2023-28463 + RESERVED +CVE-2023-28462 (A JNDI rebind operation in the default ORB listener in Payara Server 4 ...) + NOT-FOR-US: Payara +CVE-2023-28461 (Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow ...) + NOT-FOR-US: Array Networks +CVE-2023-28460 (A command injection vulnerability was discovered in Array Networks APV ...) + NOT-FOR-US: Array Networks +CVE-2023-28459 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...) + NOT-FOR-US: pretalx +CVE-2023-28458 (pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non ...) + NOT-FOR-US: pretalx +CVE-2023-28457 + RESERVED +CVE-2023-28456 + RESERVED +CVE-2023-28455 + RESERVED +CVE-2023-28454 + RESERVED +CVE-2023-28453 + RESERVED +CVE-2023-28452 + RESERVED +CVE-2023-28451 + RESERVED +CVE-2023-28450 (An issue was discovered in Dnsmasq before 2.90. The default maximum ED ...) + - dnsmasq (bug #1033165) + [bookworm] - dnsmasq (Minor issue) + [bullseye] - dnsmasq (Minor issue) + [buster] - dnsmasq (Minor issue) + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5 +CVE-2023-1424 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Mitsubishi +CVE-2023-1423 + RESERVED +CVE-2023-1422 + RESERVED +CVE-2023-1421 (A reflected cross-site scripting vulnerability in the OAuth flow compl ...) + - mattermost-server (bug #823556) +CVE-2019-25135 + RESERVED +CVE-2019-25134 + RESERVED +CVE-2019-25133 + RESERVED +CVE-2019-25132 + RESERVED +CVE-2019-25131 + RESERVED +CVE-2019-25130 + RESERVED +CVE-2019-25129 + RESERVED +CVE-2019-25128 + RESERVED +CVE-2019-25127 + RESERVED +CVE-2019-25126 + RESERVED +CVE-2023-28466 (do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6. ...) + {DLA-3404-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Minor issue; CONFIG_TLS not enabled in Debian) + NOTE: https://git.kernel.org/linus/49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962 +CVE-2023-28449 + RESERVED +CVE-2023-28448 (Versionize is a framework for version tolerant serializion/deserializa ...) + NOT-FOR-US: Versionize (firecracker-microvm / framework for version tolerant serializion/deserialization of Rust data structures) +CVE-2023-28447 (Smarty is a template engine for PHP. In affected versions smarty did n ...) + - smarty3 3.1.48-1 (bug #1033964) + [bookworm] - smarty3 (Minor issue) + [bullseye] - smarty3 (Minor issue) + [buster] - smarty3 (Minor issue) + - smarty4 4.3.1-1 (bug #1033965) + [bookworm] - smarty4 4.3.0-1+deb12u1 + NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj + NOTE: https://github.com/smarty-php/smarty/commit/e75165565e9e5956a73365c24d650ba40570ae72 (v4.3.1) + NOTE: https://github.com/smarty-php/smarty/commit/7677db7bc9a1dcfcad1435fc9d3bac3f295ca3ad (v3.1.48) +CVE-2023-28446 (Deno is a simple, modern and secure runtime for JavaScript and TypeScr ...) + NOT-FOR-US: Deno +CVE-2023-28445 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) + NOT-FOR-US: Deno +CVE-2023-28444 (angular-server-side-configuration helps configure an angular applicati ...) + NOT-FOR-US: angular-server-side-configuration +CVE-2023-28443 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-28442 (GeoNode is an open source platform that facilitates the creation, shar ...) + NOT-FOR-US: GeoNode +CVE-2023-28441 (smartCARS 3 is flight tracking software. In version 0.5.8 and prior, a ...) + NOT-FOR-US: smartCARS +CVE-2023-28440 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2023-28439 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) + - ckeditor 4.22.1+dfsg-1 (bug #1034481) + [bookworm] - ckeditor (Minor issue) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + - ckeditor3 + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-vh5c-xwqv-cv9g + NOTE: https://github.com/ckeditor/ckeditor4/commit/b85af23f020a61397c6c0024aef73f2c7f62bfef (4.21.0) +CVE-2023-28438 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-28437 (Dataease is an open source data visualization and analysis tool. The b ...) + NOT-FOR-US: Dataease +CVE-2023-28436 (Tailscale is software for using Wireguard and multi-factor authenticat ...) + NOT-FOR-US: Tailscale +CVE-2023-28435 (Dataease is an open source data visualization and analysis tool. The p ...) + NOT-FOR-US: Dataease +CVE-2023-28434 (Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023 ...) + - minio (bug #859207) +CVE-2023-28433 (Minio is a Multi-Cloud Object Storage framework. All users on Windows ...) + - minio (bug #859207) +CVE-2023-28432 (Minio is a Multi-Cloud Object Storage framework. In a cluster deployme ...) + - minio (bug #859207) +CVE-2023-28431 (Frontier is an Ethereum compatibility layer for Substrate. Frontier's ...) + NOT-FOR-US: Frontier +CVE-2023-28430 (OneSignal is an email, sms, push notification, and in-app message serv ...) + NOT-FOR-US: OneSignal +CVE-2023-28429 (Pimcore is an open source data and experience management platform. Ver ...) + NOT-FOR-US: Pimcore +CVE-2023-28428 (PDFio is a C library for reading and writing PDF files. In versions 1. ...) + - ippsample (bug #1034155) + [bookworm] - ippsample (Minor issue) + NOTE: https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1) + NOTE: https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf +CVE-2023-28427 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...) + {DSA-5392-1 DLA-3400-1} + - node-matrix-js-sdk (bug #1033621) + [bullseye] - node-matrix-js-sdk (Minor issue) + [buster] - node-matrix-js-sdk (Minor issue) + - thunderbird 1:102.9.1-1 + NOTE: https://matrix.org/blog/2023/03/28/security-releases-matrix-js-sdk-24-0-0-and-matrix-react-sdk-3-69-0/ + NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-mwq8-fjpf-c2gr + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-12/#CVE-2023-28427 +CVE-2023-28426 + REJECTED +CVE-2023-28425 (Redis is an in-memory database that persists on disk. Starting in vers ...) + - redis 5:7.0.10-1 (bug #1033340) + [bullseye] - redis (Vulnerable code not present) + [buster] - redis (Vulnerable code not present) + NOTE: Fixed by: https://github.com/redis/redis/commit/48e0d4788434833b47892fe9f3d91be7687f25c9 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-mvmm-4vq6-vw8c +CVE-2023-28424 (Soko if the code that powers packages.gentoo.org. Prior to version 1.0 ...) + NOT-FOR-US: Soko +CVE-2023-28423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pris ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28422 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Mage ...) + NOT-FOR-US: WooCommerce plugin +CVE-2023-28421 + RESERVED +CVE-2023-28420 (Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28419 (Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28418 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress theme +CVE-2023-28417 + RESERVED +CVE-2023-28416 + RESERVED +CVE-2023-28415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xoot ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28414 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28413 (Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28409 (Unrestricted upload of file with dangerous type exists in MW WP Form v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28408 (Directory traversal vulnerability in MW WP Form versions v4.4.2 and ea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28394 (Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated ...) + NOT-FOR-US: Beekeeper Studio +CVE-2023-28392 (Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 ...) + NOT-FOR-US: AC-WAPU-300 +CVE-2023-28390 (Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) a ...) + NOT-FOR-US: SR-7100V +CVE-2023-28387 ("NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks ...) + NOT-FOR-US: "NewsPicks" App +CVE-2023-28382 (Directory traversal vulnerability in ESS REC Agent Server Edition seri ...) + NOT-FOR-US: ESS REC Agent Server Edition +CVE-2023-28369 (Brother iPrint&Scan V6.11.2 and earlier contains an improper access co ...) + NOT-FOR-US: Brother +CVE-2023-28367 (Cross-site scripting vulnerability in CTA post function of VK All in O ...) + NOT-FOR-US: VK All in One Expansion Unit +CVE-2023-27926 (Cross-site scripting vulnerability in Profile setting function of VK A ...) + NOT-FOR-US: VK All in One Expansion Unit +CVE-2023-27925 (Cross-site scripting vulnerability in Post function of VK Blocks 1.53. ...) + NOT-FOR-US: VK All in One Expansion Unit +CVE-2023-27923 (Cross-site scripting vulnerability in Tag edit function of VK Blocks 1 ...) + NOT-FOR-US: VK All in One Expansion Unit +CVE-2023-27922 (Cross-site scripting vulnerability in Newsletter versions prior to 7.6 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27921 (JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cr ...) + NOT-FOR-US: JINS MEME +CVE-2023-27920 (Improper access control vulnerability in the system date/time setting ...) + NOT-FOR-US: SolarView +CVE-2023-27919 (Authentication bypass vulnerability in NEXT ENGINE Integration Plugin ...) + NOT-FOR-US: NEXT ENGINE Integration Plugin +CVE-2023-27918 (Cross-site scripting vulnerability in Appointment and Event Booking Ca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27889 (Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLO ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27888 (Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier ...) + NOT-FOR-US: Joruri Gw +CVE-2023-27527 (Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML extern ...) + NOT-FOR-US: Shinseiyo Sogo Soft +CVE-2023-27521 (OS command injection vulnerability in the mail setting page of SolarVi ...) + NOT-FOR-US: SolarView +CVE-2023-27518 (Buffer overflow vulnerability in the multiple setting pages of SolarVi ...) + NOT-FOR-US: SolarView +CVE-2023-27514 (OS command injection vulnerability in the download page of SolarView C ...) + NOT-FOR-US: SolarView +CVE-2023-27512 (Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 ...) + NOT-FOR-US: SolarView +CVE-2023-27510 (JB Inquiry form contains an exposure of private personal information t ...) + NOT-FOR-US: JB Inquiry form +CVE-2023-27507 (MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal ...) + NOT-FOR-US: MicroEngine +CVE-2023-27397 (Unrestricted upload of file with dangerous type exists in MicroEngine ...) + NOT-FOR-US: MicroEngine +CVE-2023-27396 (FINS (Factory Interface Network Service) is a message communication pr ...) + NOT-FOR-US: FINS (Factory Interface Network Service) +CVE-2023-27385 (Heap-based buffer overflow vulnerability exists in CX-Drive All models ...) + NOT-FOR-US: CX-Drive All +CVE-2023-27384 (Operation restriction bypass vulnerability in MultiReport of Cybozu Ga ...) + NOT-FOR-US: Cybozu +CVE-2023-27304 (Operation restriction bypass vulnerability in Message and Bulletin of ...) + NOT-FOR-US: Cybozu +CVE-2023-26595 (Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10 ...) + NOT-FOR-US: Cybozu +CVE-2023-26593 (CENTUM series provided by Yokogawa Electric Corporation are vulnerable ...) + NOT-FOR-US: Yokogawa +CVE-2023-25955 (National land numerical information data conversion tool all versions ...) + NOT-FOR-US: National land numerical information data conversion tool +CVE-2023-25954 (KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' ...) + NOT-FOR-US: KYOCERA +CVE-2023-25953 (Code injection vulnerability in Drive Explorer for macOS versions 3.5. ...) + NOT-FOR-US: Drive Explorer for macOS +CVE-2023-25950 (HTTP request/response smuggling vulnerability in HAProxy version 2.7.0 ...) + - haproxy 2.6.8-1 + [bullseye] - haproxy (Vulnerable code not present) + [buster] - haproxy (Vulnerable code not present) + NOTE: https://git.haproxy.org/?p=haproxy-2.7.git;a=commit;h=3ca4223c5e1f18a19dc93b0b09ffdbd295554d46 (v2.7.1) + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=22b44d5f2c7ce1ed0e4b62c639991d5abbd42a50 (v2.6.8) +CVE-2023-25946 (Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware vers ...) + NOT-FOR-US: Qrio Lock +CVE-2023-25755 (Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerabl ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-25184 (Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpi ...) + NOT-FOR-US: Seiko +CVE-2023-25072 (Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. ...) + NOT-FOR-US: SkyBridge +CVE-2023-25070 (Cleartext transmission of sensitive information exists in SkyBridge MB ...) + NOT-FOR-US: SkyBridge +CVE-2023-24586 (Cleartext storage of sensitive information exists in SkyBridge MB-A100 ...) + NOT-FOR-US: SkyBridge +CVE-2023-23906 (Missing authentication for critical function exists in SkyBridge MB-A1 ...) + NOT-FOR-US: SkyBridge +CVE-2023-23901 (Improper following of a certificate's chain of trust exists in SkyBrid ...) + NOT-FOR-US: SkyBridge +CVE-2023-23578 (Improper access control vulnerability in SkyBridge MB-A200 firmware Ve ...) + NOT-FOR-US: SkyBridge +CVE-2023-22441 (Missing authentication for critical function exists in Seiko Solutions ...) + NOT-FOR-US: Seiko +CVE-2023-22361 (Improper privilege management vulnerability in SkyBridge MB-A100/110 f ...) + NOT-FOR-US: SkyBridge +CVE-2023-22282 (WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquote ...) + NOT-FOR-US: WAB-MAT +CVE-2023-1420 (The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1419 + RESERVED +CVE-2023-1418 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System +CVE-2023-1417 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1416 (A vulnerability classified as critical has been found in Simple Art Ga ...) + NOT-FOR-US: Simple Art Gallery +CVE-2023-1415 (A vulnerability was found in Simple Art Gallery 1.0. It has been decla ...) + NOT-FOR-US: Simple Art Gallery +CVE-2023-1414 (The WP VR WordPress plugin before 8.3.0 does not have authorisation an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1413 (The WP VR WordPress plugin before 8.2.9 does not sanitise and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1412 (An unprivileged (non-admin) user can exploit an Improper Access Contro ...) + NOT-FOR-US: Cloudflare WARP +CVE-2023-1411 + RESERVED +CVE-2023-1410 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-1409 (If the MongoDB Server running on Windows or macOS is configured to use ...) + - mongodb (Only applies to MacOS and Windows) +CVE-2022-48425 (In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfr ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/98bea253aa28ad8be2ce565a9ca21beb4a9419e5 (6.4-rc1) + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-48424 (In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate t ...) + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4f1dc7d9756e66f3f876839ea174df2e656b7f79 (6.2-rc1) + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-48423 (In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate ...) + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/54e45702b648b7c0000e90b3e9b890e367e16ea8 (6.2-rc1) + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-48421 + RESERVED +CVE-2023-28373 (A flaw exists in FlashArray Purity whereby an array administrator by c ...) + NOT-FOR-US: FlashArray Purity +CVE-2023-28372 (A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user w ...) + NOT-FOR-US: FlashBlade Purity +CVE-2023-28371 (In Stellarium through 1.2, attackers can write to files that are typic ...) + - stellarium (bug #1034183) + [bookworm] - stellarium (Minor issue) + [bullseye] - stellarium (Minor issue) + [buster] - stellarium (Minor issue) + NOTE: https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7 + NOTE: https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78 + NOTE: https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb +CVE-2023-28368 (TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ( ...) + NOT-FOR-US: TP-Link +CVE-2023-28366 (The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a ...) + {DSA-5511-1} + - mosquitto 2.0.17-1 + [buster] - mosquitto (Minor memory leak which requires rewrite of core functions) + NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ + NOTE: https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9 (v2.0.16) + NOTE: Regression fix: https://github.com/eclipse/mosquitto/commit/bfb373d774d8530e8d6620776304a3e0b0201793 + NOTE: Regression fix: https://github.com/eclipse/mosquitto/commit/28d96d8ebca9f6bdb7f272f1095760953e62d828 +CVE-2023-28365 (A backup file vulnerability found in UniFi applications (Version 7.3.8 ...) + NOT-FOR-US: UniFi +CVE-2023-28364 (An Open Redirect vulnerability exists prior to version 1.52.117, where ...) + - brave-browser (bug #864795) +CVE-2023-28363 + RESERVED +CVE-2023-28362 [Possible XSS via User Supplied Values to redirect_to] + RESERVED + - rails (bug #1051058) + [bookworm] - rails (Minor issue) + [bullseye] - rails (Minor issue) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-28362-possible-xss-via-user-supplied-values-to-redirect-to/83132 + NOTE: https://github.com/rails/rails/commit/69e37c84e3f77d75566424c7d0015172d6a6fac5 (main) + NOTE: https://github.com/rails/rails/commit/1c3f93d1e90a3475f9ae2377ead25ccf11f71441 (v6.1.7.4) +CVE-2023-28361 (A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi ...) + NOT-FOR-US: UniFi OS +CVE-2023-28360 (An omission of security-relevant information vulnerability exists in B ...) + - brave-browser (bug #864795) +CVE-2023-28359 (A NoSQL injection vulnerability has been identified in the listEmojiCu ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28358 (A vulnerability has been discovered in Rocket.Chat where a markdown pa ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28357 (A vulnerability has been identified in Rocket.Chat, where the ACL chec ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28356 (A vulnerability has been identified where a maliciously crafted messag ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28355 + RESERVED +CVE-2023-28354 + RESERVED +CVE-2023-28353 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. An ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28352 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. By ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28351 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Eve ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28350 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. Att ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28349 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28348 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. A s ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28347 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28346 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. It ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28345 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28344 (An issue was discovered in Faronics Insight 10.0.19045 on Windows. The ...) + NOT-FOR-US: Faronics Insight +CVE-2023-28343 (OS command injection affects Altenergy Power Control Software C1.2.5 v ...) + NOT-FOR-US: Altenergy Power Control Software +CVE-2023-1408 (The Video List Manager WordPress plugin through 1.7 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1407 (A vulnerability classified as critical was found in SourceCodester Stu ...) + NOT-FOR-US: SourceCodester +CVE-2023-1406 (The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48420 + RESERVED +CVE-2022-48419 + RESERVED +CVE-2022-48418 + RESERVED +CVE-2022-48417 + RESERVED +CVE-2022-48416 + RESERVED +CVE-2022-48415 + RESERVED +CVE-2022-48414 + RESERVED +CVE-2022-48413 + RESERVED +CVE-2022-48412 + RESERVED +CVE-2022-48411 + RESERVED +CVE-2020-36690 + RESERVED +CVE-2020-36689 + RESERVED +CVE-2020-36688 + RESERVED +CVE-2020-36687 + RESERVED +CVE-2020-36686 + RESERVED +CVE-2020-36685 + RESERVED +CVE-2020-36684 + RESERVED +CVE-2020-36683 + RESERVED +CVE-2020-36682 + RESERVED +CVE-2020-36681 + RESERVED +CVE-2019-25125 + RESERVED +CVE-2019-25124 + RESERVED +CVE-2019-25123 + RESERVED +CVE-2019-25122 + RESERVED +CVE-2019-25121 + RESERVED +CVE-2019-25120 + RESERVED +CVE-2019-25119 + RESERVED +CVE-2019-25118 + RESERVED +CVE-2019-25117 + RESERVED +CVE-2019-25116 + RESERVED +CVE-2023-28342 (Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to cond ...) + NOT-FOR-US: Zoho +CVE-2023-28341 (Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine A ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-28340 (Zoho ManageEngine Applications Manager through 16320 allows the admin ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-28339 (OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege es ...) + - doas + [bullseye] - doas (Minor issue) + - opendoas (bug #1034185) + [bookworm] - opendoas (Minor issue, will be addressed via kernel change which isn't in 6.1 yet) + NOTE: https://github.com/Duncaen/OpenDoas/issues/106 + NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/4 + NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been + NOTE: posted to kernel-hardening list, and can be mitigated with Linux 6.2, see option + NOTE: CONFIG_LEGACY_TIOCSTI. +CVE-2023-28338 (Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web ser ...) + NOT-FOR-US: Netgear +CVE-2023-28337 (When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (R ...) + NOT-FOR-US: Netgear +CVE-2023-28336 (Insufficient filtering of grade report history made it possible for te ...) + - moodle +CVE-2023-28335 (The link to reset all templates of a database activity did not include ...) + - moodle +CVE-2023-28334 (Authenticated users were able to enumerate other users' names via the ...) + - moodle +CVE-2023-28333 (The Mustache pix helper contained a potential Mustache injection risk ...) + - moodle +CVE-2023-28332 (If the algebra filter was enabled but not functional (eg the necessary ...) + - moodle +CVE-2023-28331 (Content output by the database auto-linking filter required additional ...) + - moodle +CVE-2023-28330 (Insufficient sanitizing in backup resulted in an arbitrary file read r ...) + - moodle +CVE-2023-28329 (Insufficient validation of profile field availability condition result ...) + - moodle +CVE-2023-28328 (A NULL pointer dereference flaw was found in the az6027 driver in driv ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/0ed554fd769a19ea8464bb83e9ac201002ef74ad (6.2-rc1) +CVE-2023-28327 (A NULL pointer dereference flaw was found in the UNIX protocol in net/ ...) + - linux 6.1.4-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b3abe42e94900bdd045c472f9c9be620ba5ce553 (6.1) +CVE-2023-28326 (Vendor: The Apache Software Foundation Versions Affected: Apache Open ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2023-1405 + RESERVED +CVE-2023-1404 (The Weaver Show Posts Plugin for WordPress is vulnerable to stored Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1403 (The Weaver Xtreme Theme for WordPress is vulnerable to stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1402 (The course participation report required additional checks to prevent ...) + - moodle +CVE-2023-1401 (An issue has been discovered in GitLab DAST scanner affecting all vers ...) + NOT-FOR-US: GitLab DAST scanner +CVE-2023-1400 (The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1399 (N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted d ...) + NOT-FOR-US: N6854A Geolocation Server +CVE-2023-1398 (A vulnerability classified as critical was found in XiaoBingBy TeaCMS ...) + NOT-FOR-US: XiaoBingBy TeaCMS +CVE-2023-1397 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Online Student Management System +CVE-2023-1396 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-1395 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + NOT-FOR-US: SourceCodester Yoga Class Registration System +CVE-2023-1394 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1393 (A flaw was found in X.Org Server Overlay Window. A Use-After-Free may ...) + {DSA-5380-1 DLA-3372-1} + - xorg-server 2:21.1.7-2 + - xwayland 2:22.1.9-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/03/29/1 + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/26ef545b3502f61ca722a7a3373507e88ef64110 +CVE-2023-1392 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-1391 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-1390 (A remote denial of service vulnerability was found in the Linux kernel ...) + - linux 5.10.12-1 + [buster] - linux 4.19.171-1 + NOTE: https://git.kernel.org/linus/b77413446408fdd256599daf00d5be72b5f3e7c6 (5.11-rc4) +CVE-2023-1389 (TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 2023 ...) + NOT-FOR-US: TP-Link +CVE-2023-1388 (A heap-based overflow vulnerability in TA prior to version 5.7.9 allow ...) + NOT-FOR-US: Trellix +CVE-2023-1387 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-1386 (A flaw was found in the 9p passthrough filesystem (9pfs) implementatio ...) + - qemu (bug #1055174) + [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) + [buster] - qemu (Minor issue) + NOTE: https://github.com/v9fs/linux/issues/29 +CVE-2023-1385 (Improper JPAKE implementation allows offline PIN brute-forcing due to ...) + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS +CVE-2023-1384 (The setMediaSource function on the amzn.thin.pl service does not sanit ...) + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS +CVE-2023-1383 (An Improper Enforcement of Behavioral Workflow vulnerability in the ex ...) + NOT-FOR-US: Amazon Fire TV Stick 3rd gen and Insignia TV with FireOS +CVE-2023-1382 (A data race flaw was found in the Linux kernel, between where con is a ...) + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux 4.19.269-1 + NOTE: https://git.kernel.org/linus/a7b42969d63f47320853a802efd879fbdc4e010e (6.1-rc7) +CVE-2022-48410 + RESERVED +CVE-2022-48409 + RESERVED +CVE-2022-48408 + RESERVED +CVE-2022-48407 + RESERVED +CVE-2022-48406 + RESERVED +CVE-2022-48405 + RESERVED +CVE-2022-48404 + RESERVED +CVE-2022-48403 + RESERVED +CVE-2023-28325 (An improper authorization vulnerability exists in Rocket.Chat <6.0 tha ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28324 (A improper input validation vulnerability exists in Ivanti Endpoint Ma ...) + NOT-FOR-US: Ivanti +CVE-2023-28323 (A deserialization of untrusted data exists in EPM 2022 Su3 and all pri ...) + NOT-FOR-US: Ivanti +CVE-2023-28322 (An information disclosure vulnerability exists in curl (Vulnerable code not present) + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2023-28319.html + NOTE: Introduced by: https://github.com/curl/curl/commit/3467e89bb97e6c87c77e82a046c59cb4b2d29a74 (curl-7_81_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/8e21b1a05f3c0ee098dbcb6c3d84cb61f102a122 (curl-8_1_0) +CVE-2023-28318 (A vulnerability has been discovered in Rocket.Chat, where messages can ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28317 (A vulnerability has been discovered in Rocket.Chat, where editing mess ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28316 (A security vulnerability has been discovered in the implementation of ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-28315 + RESERVED +CVE-2023-28314 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-28313 (Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-28312 (Azure Machine Learning Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28311 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28310 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28309 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-28308 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28307 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28306 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28305 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28304 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28303 (Windows Snipping Tool Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28302 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28301 (Microsoft Edge (Chromium-based) Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28300 (Azure Service Connector Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28299 (Visual Studio Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28298 (Windows Kernel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28297 (Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2023-28296 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28295 (Microsoft Publisher Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28294 + RESERVED +CVE-2023-28293 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28292 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28291 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28290 (Microsoft Remote Desktop app for Windows Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-28289 + RESERVED +CVE-2023-28288 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28287 (Microsoft Publisher Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28286 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28285 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28284 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28283 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2023-28282 + RESERVED +CVE-2023-28281 + RESERVED +CVE-2023-28280 + RESERVED +CVE-2023-28279 + RESERVED +CVE-2023-28278 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28277 (Windows DNS Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28276 (Windows Group Policy Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28275 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-28274 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28273 (Windows Clip Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28272 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28271 (Windows Kernel Memory Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28270 (Windows Lock Screen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28269 (Windows Boot Manager Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28268 (Netlogon RPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28267 (Remote Desktop Protocol Client Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28266 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-28265 + RESERVED +CVE-2023-28264 + RESERVED +CVE-2023-28263 (Visual Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28262 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28261 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28260 (.NET DLL Hijacking Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2023-28259 + RESERVED +CVE-2023-28258 + RESERVED +CVE-2023-28257 + RESERVED +CVE-2023-28256 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28255 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28254 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28253 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28252 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-28251 (Windows Driver Revocation List Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28250 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-28249 (Windows Boot Manager Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28248 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28247 (Windows Network File System Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28246 (Windows Registry Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28245 + RESERVED +CVE-2023-28244 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28243 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-28242 + RESERVED +CVE-2023-28241 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...) + NOT-FOR-US: Microsoft +CVE-2023-28240 (Windows Network Load Balancing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28239 + RESERVED +CVE-2023-28238 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2023-28237 (Windows Kernel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28236 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28235 (Windows Lock Screen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28234 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28233 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28232 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-28231 (DHCP Server Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28230 + RESERVED +CVE-2023-28229 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28228 (Windows Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28227 (Windows Bluetooth Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28226 (Windows Enroll Engine Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28225 (Windows NTLM Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28224 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2023-28223 (Windows Domain Name Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28222 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28221 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28220 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28219 (Layer 2 Tunneling Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-28218 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2023-28217 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-28216 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-27917 (OS command injection vulnerability in CONPROSYS IoT Gateway products a ...) + NOT-FOR-US: CONPROSYS IoT Gateway products +CVE-2023-27389 (Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway ...) + NOT-FOR-US: CONPROSYS IoT Gateway products +CVE-2023-23575 (Improper access control vulnerability in CONPROSYS IoT Gateway product ...) + NOT-FOR-US: CONPROSYS IoT Gateway products +CVE-2023-1381 (The WP Meta SEO WordPress plugin before 4.5.5 does not validate image ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48402 + RESERVED +CVE-2022-48401 + RESERVED +CVE-2022-48400 + RESERVED +CVE-2022-48399 + RESERVED +CVE-2022-48398 + RESERVED +CVE-2022-48397 + RESERVED +CVE-2022-48396 + RESERVED +CVE-2022-48395 + RESERVED +CVE-2022-48394 + RESERVED +CVE-2022-48393 + RESERVED +CVE-2020-36680 + RESERVED +CVE-2020-36679 + RESERVED +CVE-2020-36678 + RESERVED +CVE-2020-36677 + RESERVED +CVE-2020-36676 + RESERVED +CVE-2020-36675 + RESERVED +CVE-2020-36674 + RESERVED +CVE-2020-36673 + RESERVED +CVE-2020-36672 + RESERVED +CVE-2020-36671 + RESERVED +CVE-2019-25115 + RESERVED +CVE-2019-25114 + RESERVED +CVE-2019-25113 + RESERVED +CVE-2019-25112 + RESERVED +CVE-2019-25111 + RESERVED +CVE-2019-25110 + RESERVED +CVE-2019-25109 + RESERVED +CVE-2019-25108 + RESERVED +CVE-2019-25107 + RESERVED +CVE-2019-25106 + RESERVED +CVE-2023-28215 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28214 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28213 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28212 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28211 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28210 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28209 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-28208 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-28207 + RESERVED +CVE-2023-28206 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2023-28205 (A use after free issue was addressed with improved memory management. ...) + {DSA-5397-1 DSA-5396-1 DLA-3419-1} + - webkit2gtk 2.40.1-1 + - wpewebkit 2.38.6-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2023-28204 (An out-of-bounds read was addressed with improved input validation. Th ...) + {DSA-5427-1} + - webkit2gtk 2.40.2-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://bugs.webkit.org/show_bug.cgi?id=254930 + NOTE: https://github.com/WebKit/WebKit/commit/698c6e293734c3c46f223b77d5b4ee48b320e32c + NOTE: https://webkitgtk.org/security/WSA-2023-0004.html +CVE-2023-28203 (The issue was addressed with improved checks. This issue is fixed in A ...) + NOT-FOR-US: Apple +CVE-2023-28202 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-28201 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-28200 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2023-28199 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + NOT-FOR-US: Apple +CVE-2023-28198 (A use-after-free issue was addressed with improved memory management. ...) + {DSA-5396-1} + - webkit2gtk 2.40.1-1 + [buster] - webkit2gtk (webkit2gtk EOL in buster) + - wpewebkit 2.40.2-2 + [bookworm] - wpewebkit (wpewebkit not covered by security support in Bookworm) + [bullseye] - wpewebkit (wpewebkit >= 2.40 can no longer be sensibly backported) + NOTE: https://webkitgtk.org/security/WSA-2023-0008.html +CVE-2023-28197 + RESERVED +CVE-2023-28196 + RESERVED +CVE-2023-28195 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-28194 (The issue was addressed with improved checks. This issue is fixed in i ...) + NOT-FOR-US: Apple +CVE-2023-28193 + RESERVED +CVE-2023-28192 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2023-28191 (This issue was addressed with improved redaction of sensitive informat ...) + NOT-FOR-US: Apple +CVE-2023-28190 (A privacy issue was addressed by moving sensitive data to a more secur ...) + NOT-FOR-US: Apple +CVE-2023-28189 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-28188 (A denial-of-service issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2023-28187 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-28186 + RESERVED +CVE-2023-28185 + RESERVED +CVE-2023-28184 + RESERVED +CVE-2023-28183 + RESERVED +CVE-2023-28182 (The issue was addressed with improved authentication. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-28181 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-28180 (A denial-of-service issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2023-28179 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-28178 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-28177 (Memory safety bugs present in Firefox 110. Some of these bugs showed e ...) + - firefox 111.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28177 +CVE-2023-28176 (Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some ...) + {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} + - firefox 111.0-1 + - firefox-esr 102.9.0esr-1 + - thunderbird 1:102.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28176 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28176 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28176 +CVE-2023-28175 (Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11 ...) + NOT-FOR-US: Bosch +CVE-2023-28174 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLig ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28173 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28172 (Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28171 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress theme +CVE-2023-28170 + RESERVED +CVE-2023-28169 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Core ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28168 + RESERVED +CVE-2023-28167 (Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28166 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Ka ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28165 + RESERVED +CVE-2023-28164 (Dragging a URL from a cross-origin iframe that was removed during the ...) + {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} + - firefox 111.0-1 + - firefox-esr 102.9.0esr-1 + - thunderbird 1:102.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28164 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28164 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28164 +CVE-2023-28163 (When downloading files through the Save As dialog on Windows with sugg ...) + - firefox (Windows-specific) + - firefox-esr (Windows-specific) + - thunderbird (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28163 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28163 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28163 +CVE-2023-28162 (While implementing AudioWorklets, some code may have casted one type t ...) + {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} + - firefox 111.0-1 + - firefox-esr 102.9.0esr-1 + - thunderbird 1:102.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28162 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-28162 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-28162 +CVE-2023-28161 (If temporary "one-time" permissions, such as the ability to use the Ca ...) + - firefox 111.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28161 +CVE-2023-28160 (When following a redirect to a publicly accessible web extension file, ...) + - firefox 111.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28160 +CVE-2023-28159 (The fullscreen notification could have been hidden on Firefox for Andr ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-28159 +CVE-2023-1380 (A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in d ...) + {DSA-5480-1 DLA-3623-1 DLA-3508-1} + - linux 6.1.27-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/1 + NOTE: https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/T/#u + NOTE: https://git.kernel.org/linus/0da40e018fd034d87c9460123fa7f897b69fdee7 (6.4-rc1) +CVE-2023-1379 (A vulnerability was found in SourceCodester Friendly Island Pizza Webs ...) + NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System +CVE-2023-1378 (A vulnerability classified as critical was found in SourceCodester Fri ...) + NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System +CVE-2023-1377 (The Solidres WordPress plugin through 0.9.4 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1376 + RESERVED +CVE-2023-1375 (The WP Fastest Cache plugin for WordPress is vulnerable to unauthorize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1374 (The Solidres plugin for WordPress is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: Solidres plugin for WordPress +CVE-2023-1373 (The W4 Post List WordPress plugin before 2.4.6 does not escape some UR ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1372 (The WH Testimonials plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WH Testimonials plugin for WordPress +CVE-2023-1371 (The W4 Post List WordPress plugin before 2.4.6 does not ensure that pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1370 ([Json-smart](https://netplex.github.io/json-smart/) is a performance f ...) + {DLA-3373-1} + - json-smart (bug #1033474) + [bookworm] - json-smart (Minor issue) + [bullseye] - json-smart (Minor issue) + NOTE: https://research.jfrog.com/vulnerabilities/stack-exhaustion-in-json-smart-leads-to-denial-of-service-when-parsing-malformed-json-xray-427633/ + NOTE: https://github.com/netplex/json-smart-v2/commit/5b3205d051952d3100aa0db1535f6ba6226bd87a (2.4.9) +CVE-2023-1369 (A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has ...) + NOT-FOR-US: TG Soft Vir.IT eXplorer +CVE-2023-1368 (A vulnerability was found in XHCMS 1.0. It has been declared as critic ...) + NOT-FOR-US: XHCMS +CVE-2023-1367 (Code Injection in GitHub repository alextselegidis/easyappointments pr ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2023-1366 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + NOT-FOR-US: SourceCodester Yoga Class Registration System +CVE-2023-1365 (A vulnerability was found in SourceCodester Online Pizza Ordering Syst ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-1364 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-28158 (Privilege escalation via stored XSS using the file upload service to u ...) + NOT-FOR-US: Apache Archiva +CVE-2023-28157 + RESERVED +CVE-2023-28156 + RESERVED +CVE-2023-28155 (The Request package through 2.88.1 for Node.js allows a bypass of SSRF ...) + - node-request (bug #1033250) + [bookworm] - node-request (Minor issue) + [bullseye] - node-request (Minor issue) + [buster] - node-request (Minor issue) + NOTE: https://github.com/request/request/issues/3442 +CVE-2023-28154 (Webpack 5 before 5.76.0 does not avoid cross-realm object access. Impo ...) + - node-webpack 5.76.1+dfsg1+~cs17.16.16-1 (bug #1032904) + [bookworm] - node-webpack 5.75.0+dfsg+~cs17.16.14-1+deb12u1 + [bullseye] - node-webpack 4.43.0-6+deb11u1 + [buster] - node-webpack (Minor issue) + NOTE: https://github.com/webpack/webpack/pull/16500 + NOTE: Merge commit: https://github.com/webpack/webpack/commit/4b4ca3bb53f36a5b8fc6bc1bd976ed7af161bd80 (v5.76.0) +CVE-2023-1363 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System +CVE-2023-1362 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + NOT-FOR-US: Bumsys +CVE-2023-1361 (SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2.) + NOT-FOR-US: Bumsys +CVE-2022-48392 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48391 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48390 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48389 (In modem control device, there is a possible out of bounds write due t ...) + NOT-FOR-US: Unisoc +CVE-2022-48388 (In powerEx service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48387 (the apipe driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-48386 (the apipe driver, there is a possible use after free due to a logic er ...) + NOT-FOR-US: Unisoc +CVE-2022-48385 (In cp_dump driver, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2022-48384 (In srtd service, there is a possible missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-48383 (.In srtd service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48382 (In log service, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-48381 (In modem control device, there is a possible out of bounds write due t ...) + NOT-FOR-US: Unisoc +CVE-2022-48380 (In modem control device, there is a possible out of bounds write due t ...) + NOT-FOR-US: Unisoc +CVE-2022-48379 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48378 (In engineermode service, there is a possible missing permission check. ...) + NOT-FOR-US: Unisoc +CVE-2022-48377 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48376 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48375 (In contacts service, there is a possible missing permission check. Thi ...) + NOT-FOR-US: Unisoc +CVE-2022-48374 (In tee service, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-48373 (In tee service, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-48372 (In bootcp service, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Unisoc +CVE-2022-48371 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48370 (In dialer service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-48369 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48368 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2023-1360 (A vulnerability was found in SourceCodester Employee Payslip Generator ...) + NOT-FOR-US: SourceCodester Employee Payslip Generator with Sending Mail +CVE-2023-1359 (A vulnerability has been found in SourceCodester Gadget Works Online O ...) + NOT-FOR-US: SourceCodester Gadget Works Online Ordering System +CVE-2023-1358 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Gadget Works Online Ordering System +CVE-2023-1357 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Simple Bakery Shop Management System +CVE-2023-28153 (An issue was discovered in the Kiddoware Kids Place Parental Control a ...) + NOT-FOR-US: Kiddoware Kids Place Parental Control +CVE-2023-28152 (An issue was discovered in Independentsoft JWord before 1.1.110. The A ...) + NOT-FOR-US: Independentsoft JWord +CVE-2023-28151 (An issue was discovered in Independentsoft JSpreadsheet before 1.1.110 ...) + NOT-FOR-US: Independentsoft JSpreadsheet +CVE-2023-28150 (An issue was discovered in Independentsoft JODF before 1.1.110. The AP ...) + NOT-FOR-US: Independentsoft +CVE-2023-28149 + RESERVED +CVE-2023-28148 + RESERVED +CVE-2023-28147 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: ARM +CVE-2023-28146 + RESERVED +CVE-2023-28145 + RESERVED +CVE-2023-28144 (KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configura ...) + - hotspot (bug #1033848) + [bookworm] - hotspot (Minor issue) + [bullseye] - hotspot (Minor issue) + [buster] - hotspot (Vulnerable code not present, introduced in 1.3.0) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/14/8 + NOTE: Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0) + NOTE: Opt-In to allow privilege escalation (and disable by default): + NOTE: https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c +CVE-2023-1356 (Reflected cross-site scripting in the StudentSearch component in IDAtt ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-1355 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.140 ...) + - vim 2:9.0.1658-1 (unimportant) + NOTE: https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9 + NOTE: https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46 (v9.0.1402) + NOTE: Crash in CLI tool, no security impact +CVE-2022-48367 (An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Acce ...) + NOT-FOR-US: Ibexa +CVE-2022-48366 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It ...) + NOT-FOR-US: Ibexa +CVE-2022-48365 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The ...) + NOT-FOR-US: Ibexa +CVE-2021-46876 (An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. Th ...) + NOT-FOR-US: Ibexa +CVE-2021-46875 (An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An ...) + NOT-FOR-US: Ibexa +CVE-2023-1354 (A vulnerability has been found in SourceCodester Design and Implementa ...) + NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System +CVE-2023-1353 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System +CVE-2023-1352 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System +CVE-2023-1351 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System +CVE-2023-1350 (A vulnerability was found in liferea. It has been rated as critical. A ...) + - liferea 1.14.1-1 (bug #1032822) + [bullseye] - liferea (Minor issue) + [buster] - liferea (Minor issue) + NOTE: Introduced by: https://github.com/lwindolf/liferea/commit/b8288389820a3f510ef4b21684b22439c41d95a5 (v1.12.0) + NOTE: introduced by: https://github.com/lwindolf/liferea/commit/b67dbba73443ab7b36fcd3c78aa803e974c0f23e (v1.12.0) + NOTE: Fixed by: https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 (v1.14.1) + NOTE: Followup: https://github.com/lwindolf/liferea/commit/1981e1e161cde4896592ebca40fa3b115f0053ef (v1.14.1) + NOTE: Feature is always off-by default and not not advertised in the documentation. +CVE-2023-1349 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Hsycms +CVE-2016-15028 (A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been decl ...) + NOT-FOR-US: ICEPAY REST-API-NET +CVE-2023-28143 (Qualys Cloud Agent for macOS (versions 2.5.1-75 before 3.7) installer ...) + NOT-FOR-US: Qualys +CVE-2023-28142 (A Race Condition exists in the Qualys Cloud Agent for Windows platform ...) + NOT-FOR-US: Qualys +CVE-2023-28141 (An NTFS Junction condition exists in the Qualys Cloud Agent for Window ...) + NOT-FOR-US: Qualys +CVE-2023-28140 (An Executable Hijacking condition exists in the Qualys Cloud Agent for ...) + NOT-FOR-US: Qualys +CVE-2023-28139 + RESERVED +CVE-2023-28138 + RESERVED +CVE-2023-28137 + RESERVED +CVE-2023-28136 + RESERVED +CVE-2023-28135 + RESERVED +CVE-2023-28134 (Local attacker can escalate privileges on affected installations of Ch ...) + NOT-FOR-US: Check Point Harmony Endpoint/ZoneAlarm Extreme Security +CVE-2023-28133 (Local privilege escalation in Check Point Endpoint Security Client (ve ...) + NOT-FOR-US: Check Point Endpoint Security Client +CVE-2023-28132 + RESERVED +CVE-2023-28131 (A vulnerability in the expo.io framework allows an attacker to take ov ...) + NOT-FOR-US: expo.io +CVE-2023-28130 (Local user may lead to privilege escalation using Gaia Portal hostname ...) + NOT-FOR-US: Gaia Portal +CVE-2023-28129 (DSM 2022.2 SU2 and all prior versions allows a local low privileged ac ...) + NOT-FOR-US: Ivanti +CVE-2023-28128 (An unrestricted upload of file with dangerous type vulnerability exist ...) + NOT-FOR-US: Avalanche +CVE-2023-28127 (A path traversal vulnerability exists in Avalanche version 6.3.x and b ...) + NOT-FOR-US: Avalanche +CVE-2023-28126 (An authentication bypass vulnerability exists in Avalanche versions 6. ...) + NOT-FOR-US: Avalanche +CVE-2023-28125 (An improper authentication vulnerability exists in Avalanche Premise v ...) + NOT-FOR-US: Avalanche +CVE-2023-28124 (Improper usage of symmetric encryption in UI Desktop for Windows (Vers ...) + NOT-FOR-US: UI Desktop for Windows +CVE-2023-28123 (A permission misconfiguration in UI Desktop for Windows (Version 0.59. ...) + NOT-FOR-US: UI Desktop for Windows +CVE-2023-28122 (A local privilege escalation (LPE) vulnerability in UI Desktop for Win ...) + NOT-FOR-US: UI Desktop for Windows +CVE-2023-28121 (An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28120 + RESERVED + {DSA-5389-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1033262) + NOTE: https://github.com/rails/rails/commit/3cf23c3f891e2e81c977ea4ab83b62bc2a444b70 (v6.1.7.3) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-28120-possible-xss-security-vulnerability-in-safebuffer-bytesplice/82469 +CVE-2023-1348 + RESERVED +CVE-2023-1347 (The Customizer Export/Import WordPress plugin before 0.9.6 unserialize ...) + NOT-FOR-US: WordPress plugin +CVE-2023-28119 (The crewjam/saml go library contains a partial implementation of the S ...) + - golang-github-crewjam-saml (bug #1033753) + NOTE: https://github.com/crewjam/saml/commit/8e9236867d176ad6338c870a84e2039aef8a5021 (v0.4.13) + NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p +CVE-2023-28118 (kaml provides YAML support for kotlinx.serialization. Prior to version ...) + NOT-FOR-US: kaml +CVE-2023-28117 (Sentry SDK is the official Python SDK for Sentry, real-time crash repo ...) + NOT-FOR-US: Sentry Python SDK +CVE-2023-28116 (Contiki-NG is an open-source, cross-platform operating system for inte ...) + NOT-FOR-US: Contiki-NG +CVE-2023-28115 (Snappy is a PHP library allowing thumbnail, snapshot or PDF generation ...) + - civicrm (bug #1036284) + [bullseye] - civicrm (Minor issue) + NOTE: https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc + NOTE: https://github.com/KnpLabs/snappy/pull/469 + NOTE: https://github.com/KnpLabs/snappy/commit/1ee6360cbdbea5d09705909a150df7963a88efd6 (v1.4.2) +CVE-2023-28114 (`cilium-cli` is the command line interface to install, manage, and tro ...) + NOT-FOR-US: cilium-cli +CVE-2023-28113 (russh is a Rust SSH client and server library. Starting in version 0.3 ...) + NOT-FOR-US: russh +CVE-2023-28112 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-28111 (Discourse is an open-source discussion platform. Prior to version 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-28110 (Jumpserver is a popular open source bastion host, and Koko is a Jumpse ...) + NOT-FOR-US: Jumpserver +CVE-2023-28109 (Play With Docker is a browser-based Docker playground. Versions 0.0.2 ...) + NOT-FOR-US: Play with Docker +CVE-2023-28108 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-28107 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-28106 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2023-28105 (go-used-util has commonly used utility functions for Go. Versions prio ...) + NOT-FOR-US: go-used-util +CVE-2023-28104 (`silverstripe/graphql` serves Silverstripe data as GraphQL representat ...) + NOT-FOR-US: silverstripe/graphql +CVE-2023-28103 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. I ...) + NOT-FOR-US: Node matrix-react-sdk +CVE-2023-28102 (discordrb is an implementation of the Discord API using Ruby. In disco ...) + NOT-FOR-US: discordrb +CVE-2023-28101 (Flatpak is a system for building, distributing, and running sandboxed ...) + - flatpak 1.14.4-1 (bug #1033098) + [bullseye] - flatpak 1.10.8-0+deb11u1 + [buster] - flatpak (Minor issue) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8 + NOTE: https://github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869 (1.15.4) + NOTE: https://github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c (1.15.4) + NOTE: https://github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c (1.15.4) + NOTE: https://github.com/flatpak/flatpak/commit/acd627a2fabe9856947399044dbf7aa79247c75b (1.10.8) + NOTE: https://github.com/flatpak/flatpak/commit/e88eedce76f79a5573df4fc38b344bbeaf7af024 (1.10.8) +CVE-2023-28100 (Flatpak is a system for building, distributing, and running sandboxed ...) + - flatpak 1.14.4-1 (bug #1033099) + [bullseye] - flatpak 1.10.8-0+deb11u1 + [buster] - flatpak (Minor issue) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp + NOTE: https://github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9 (1.15.4) + NOTE: https://github.com/flatpak/flatpak/commit/a9bf18040cc075a70657c6090a59d7f6fe78f893 (1.10.8) +CVE-2023-28099 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-28098 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-28097 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-28096 (OpenSIPS, a Session Initiation Protocol (SIP) server implementation, h ...) + NOT-FOR-US: OpenSIPS +CVE-2023-28095 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-28094 (Pega platform clients who are using versions 7.4 through 8.8.x and hav ...) + NOT-FOR-US: Pega +CVE-2023-28093 (A user with a compromised configuration can start an unsigned binary a ...) + NOT-FOR-US: Pegasystems +CVE-2023-28092 (A potential security vulnerability has been identified in HPE ProLiant ...) + NOT-FOR-US: HPE +CVE-2023-28091 (HPE OneView virtual appliance "Migrate server hardware" option may exp ...) + NOT-FOR-US: HPE +CVE-2023-28090 (An HPE OneView appliance dump may expose SNMPv3 read credentials) + NOT-FOR-US: HPE +CVE-2023-28089 (An HPE OneView appliance dump may expose FTP credentials for c7000 Int ...) + NOT-FOR-US: HPE +CVE-2023-28088 (An HPE OneView appliance dump may expose SAN switch administrative cre ...) + NOT-FOR-US: HPE +CVE-2023-28087 (An HPE OneView appliance dump may expose OneView user accounts) + NOT-FOR-US: HPE +CVE-2023-28086 (An HPE OneView appliance dump may expose proxy credential settings) + NOT-FOR-US: HPE +CVE-2023-28085 (An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD ...) + NOT-FOR-US: HPE +CVE-2023-28084 (HPE OneView and HPE OneView Global Dashboard appliance dumps may expos ...) + NOT-FOR-US: HPE +CVE-2023-28083 (A remote Cross-site Scripting vulnerability was discovered in HPE Inte ...) + NOT-FOR-US: HPE +CVE-2023-28082 + RESERVED +CVE-2023-28081 (A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc21 ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-28080 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking ...) + NOT-FOR-US: PowerPath +CVE-2023-28079 (PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File ...) + NOT-FOR-US: PowerPath +CVE-2023-28078 + RESERVED +CVE-2023-28077 + RESERVED +CVE-2023-28076 (CloudLink 7.1.2 and all prior versions contain a broken or risky crypt ...) + NOT-FOR-US: Dell +CVE-2023-28075 (Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A ...) + NOT-FOR-US: Dell +CVE-2023-28074 + RESERVED +CVE-2023-28073 (Dell BIOS contains an improper authentication vulnerability. A locally ...) + NOT-FOR-US: Dell +CVE-2023-28072 (Dell Alienware Command Center, versions prior to 5.5.51.0, contain a d ...) + NOT-FOR-US: Dell +CVE-2023-28071 (Dell Command | Update, Dell Update, and Alienware Update versions 4.9. ...) + NOT-FOR-US: Dell +CVE-2023-28070 (Alienware Command Center Application, versions 5.5.43.0 and prior, con ...) + NOT-FOR-US: Alienware +CVE-2023-28069 (Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulne ...) + NOT-FOR-US: Dell +CVE-2023-28068 (Dell Command Monitor, versions 10.9 and prior, contains an improper fo ...) + NOT-FOR-US: Dell +CVE-2023-28067 + RESERVED +CVE-2023-28066 (Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Im ...) + NOT-FOR-US: Dell +CVE-2023-28065 (Dell Command | Update, Dell Update, and Alienware Update versions 4.8. ...) + NOT-FOR-US: Dell +CVE-2023-28064 (Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenti ...) + NOT-FOR-US: Dell +CVE-2023-28063 + RESERVED +CVE-2023-28062 (Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access ...) + NOT-FOR-US: Dell +CVE-2023-28061 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28060 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28059 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28058 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28057 + RESERVED +CVE-2023-28056 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28055 (Dell NetWorker, Version 19.7 has an improper authorization vulnerabili ...) + NOT-FOR-US: Dell +CVE-2023-28054 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28053 (Dell NetWorker Virtual Edition versions 19.8 and below contain the use ...) + NOT-FOR-US: Dell +CVE-2023-28052 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28051 (Dell Power Manager, versions 3.10 and prior, contains an Improper Acce ...) + NOT-FOR-US: Dell +CVE-2023-28050 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28049 + RESERVED +CVE-2023-28048 + RESERVED +CVE-2023-28047 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...) + NOT-FOR-US: Dell +CVE-2023-28046 (Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary ...) + NOT-FOR-US: Dell +CVE-2023-28045 (Dell CloudIQ Collector version 1.10.2 contains a missing encryption of ...) + NOT-FOR-US: Dell +CVE-2023-28044 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28043 (Dell SCG 5.14 contains an information disclosure vulnerability during ...) + NOT-FOR-US: Dell +CVE-2023-28042 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28041 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28040 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28039 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28038 + RESERVED +CVE-2023-28037 + RESERVED +CVE-2023-28036 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28035 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28034 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28033 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28032 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28031 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28030 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28029 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28028 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28027 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-28026 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-1346 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1345 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1344 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1343 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1342 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1341 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1340 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1339 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1338 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1337 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1336 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1335 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1334 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1333 (The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnera ...) + NOT-FOR-US: RapidLoad Power-Up for Autoptimize plugin for WordPress +CVE-2023-1332 + RESERVED +CVE-2023-1331 (The Redirection WordPress plugin before 1.1.5 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1330 (The Redirection WordPress plugin before 1.1.4 does not add nonce verif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1329 (A potential security vulnerability has been identified for certain HP ...) + NOT-FOR-US: HP +CVE-2023-1328 (A vulnerability was found in Guizhou 115cms 4.2. It has been classifie ...) + NOT-FOR-US: Guizhou 115cms +CVE-2023-1327 (Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an ...) + NOT-FOR-US: Netgear +CVE-2023-1326 (A privilege escalation attack was found in apport-cli 2.26.0 and earli ...) + NOT-FOR-US: Apport +CVE-2023-1325 (The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1324 (The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1323 (The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1322 (A vulnerability was found in lmxcms 1.41 and classified as critical. A ...) + NOT-FOR-US: lmxcms +CVE-2023-1321 (A vulnerability has been found in lmxcms 1.41 and classified as critic ...) + NOT-FOR-US: lmxcms +CVE-2023-1320 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) + NOT-FOR-US: osTicket +CVE-2023-1319 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) + NOT-FOR-US: osTicket +CVE-2023-1318 (Cross-site Scripting (XSS) - Generic in GitHub repository osticket/ost ...) + NOT-FOR-US: osTicket +CVE-2023-1317 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) + NOT-FOR-US: osTicket +CVE-2023-1316 (Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osti ...) + NOT-FOR-US: osTicket +CVE-2023-1315 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) + NOT-FOR-US: osTicket +CVE-2023-1314 (A vulnerability has been discovered in cloudflared's installer (<= 202 ...) + NOT-FOR-US: cloudflared's installer +CVE-2023-1313 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-1312 (Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2023-1311 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Friendly Island Pizza Website and Ordering System +CVE-2023-1310 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1309 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1308 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2013-10021 (A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPr ...) + NOT-FOR-US: dd32 Debug Bar Plugin +CVE-2023-28025 + RESERVED +CVE-2023-28024 + RESERVED +CVE-2023-28023 (A cross site request forgery vulnerability in the BigFix WebUI Softwar ...) + NOT-FOR-US: HCL +CVE-2023-28022 (HCL Connections is vulnerable to an information disclosure vulnerabili ...) + NOT-FOR-US: HCL +CVE-2023-28021 (The BigFix WebUI uses weak cipher suites.) + NOT-FOR-US: HCL +CVE-2023-28020 (URL redirection in Login page in HCL BigFix WebUI allows malicious use ...) + NOT-FOR-US: HCL +CVE-2023-28019 (Insufficient validation in Bigfix WebUI API App site version < 14 allo ...) + NOT-FOR-US: HCL +CVE-2023-28018 + RESERVED +CVE-2023-28017 (HCL Connections is vulnerable to a cross-site scripting attack where a ...) + NOT-FOR-US: HCL +CVE-2023-28016 (Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal S ...) + NOT-FOR-US: HCL +CVE-2023-28015 (The HCL Domino AppDev Pack IAM service is susceptible to a User Accoun ...) + NOT-FOR-US: HCL +CVE-2023-28014 (HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An a ...) + NOT-FOR-US: HCL +CVE-2023-28013 (HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vul ...) + NOT-FOR-US: HCL +CVE-2023-28012 (HCL BigFix Mobile is vulnerable to a command injection attack. An auth ...) + NOT-FOR-US: HCL +CVE-2023-28011 + RESERVED +CVE-2023-28010 (In some configuration scenarios, the Domino server host name can be ex ...) + NOT-FOR-US: HCL +CVE-2023-28009 (HCL Workload Automation is vulnerable to an XML External Entity Inject ...) + NOT-FOR-US: HCL +CVE-2023-28008 (HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML Ex ...) + NOT-FOR-US: HCL +CVE-2023-28007 + RESERVED +CVE-2023-28006 (The OSD Bare Metal Server uses a cryptographic algorithm that is no lo ...) + NOT-FOR-US: HCL +CVE-2023-28005 (A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryptio ...) + NOT-FOR-US: Trend Micro +CVE-2023-1307 (Authentication Bypass by Primary Weakness in GitHub repository froxlor ...) + - froxlor (bug #581792) +CVE-2023-1306 (An authenticated attacker can leverage an exposed resource.db() access ...) + NOT-FOR-US: Rapid7 +CVE-2023-1305 (An authenticated attacker can leverage an exposed \u201cbox\u201d obje ...) + NOT-FOR-US: Rapid7 +CVE-2023-1304 (An authenticated attacker can leverage an exposed getattr() method via ...) + NOT-FOR-US: Rapid7 +CVE-2023-1303 (A vulnerability was found in UCMS 1.6 and classified as critical. This ...) + NOT-FOR-US: UCMS +CVE-2023-1302 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester +CVE-2023-1301 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...) + NOT-FOR-US: SourceCodester +CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...) + - nomad (Vulnerable code not present; Introduced in 1.5.0) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 +CVE-2023-1298 (ServiceNow has released upgrades and patches that address a Reflected ...) + NOT-FOR-US: ServiceNow +CVE-2023-28004 (A CWE-129: Improper validation of an array index vulnerability exists ...) + NOT-FOR-US: Schneider +CVE-2023-28003 (A CWE-613: Insufficient Session Expiration vulnerability exists that c ...) + NOT-FOR-US: Schneider +CVE-2023-28002 (An improper validation of integrity check value vulnerability [CWE-354 ...) + NOT-FOR-US: FortiGuard +CVE-2023-28001 (An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 ...) + NOT-FOR-US: Fortinet +CVE-2023-28000 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2023-27999 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2023-27998 (A lack of custom error pages vulnerability [CWE-756] in FortiPresence ...) + NOT-FOR-US: FortiGuard +CVE-2023-27997 (A heap-based buffer overflow vulnerability [CWE-122] in FortiOS versio ...) + NOT-FOR-US: FortiGuard +CVE-2023-27996 + RESERVED +CVE-2023-27995 (A improper neutralization of special elements used in a template engin ...) + NOT-FOR-US: FortiGuard +CVE-2023-27994 + RESERVED +CVE-2023-27993 (A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 ...) + NOT-FOR-US: FortiGuard +CVE-2023-27992 (The pre-authentication command injection vulnerability in the Zyxel NA ...) + NOT-FOR-US: Zyxel +CVE-2023-27991 (The post-authentication command injection vulnerability in the CLI com ...) + NOT-FOR-US: Zyxel +CVE-2023-27990 (The XSS vulnerability in Zyxel ATP series firmware versions 4.32 throu ...) + NOT-FOR-US: Zyxel +CVE-2023-27989 (A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 ...) + NOT-FOR-US: Zyxel +CVE-2023-27988 (The post-authentication command injection vulnerability in the Zyxel N ...) + NOT-FOR-US: Zyxel +CVE-2023-27987 (In Apache Linkis <=1.3.1,due to the default token generated by Linkis ...) + NOT-FOR-US: Apache Linkis +CVE-2023-1297 (Consul and Consul Enterprise's cluster peering implementation containe ...) + - consul (Vulnerable code not present) +CVE-2023-1296 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correct ...) + - nomad (Vulnerable code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 +CVE-2023-1295 (A time-of-check to time-of-use issue exists in io_uring subsystem's IO ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9eac1904d3364254d622bf2c771c4f85cd435fc2 (5.12-rc1) +CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker Manager Syste ...) + NOT-FOR-US: SourceCodester File Tracker Manager System +CVE-2023-1293 (A vulnerability was found in SourceCodester Online Graduate Tracer Sys ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1292 (A vulnerability has been found in SourceCodester Sales Tracker Managem ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-1291 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-1290 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-1289 (A vulnerability was discovered in ImageMagick where a specially create ...) + - imagemagick 8:6.9.12.98+dfsg1-2 + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Should be fixed together with some other CVEs) + NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-j96m-mjp6-99xr + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5b23cbf2119540725e6dc81f4deb25798ead6a4 (7.1.1-0) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/706d381b7eb79927d328c96f7b7faab5dc109368 (6.9.12-78) +CVE-2023-1288 (An XML External Entity injection (XXE) vulnerability in ENOVIA Live Co ...) + NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE +CVE-2023-1287 (An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE a ...) + NOT-FOR-US: ENOVIA Live Collaboration V6R2013xE +CVE-2023-1286 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1285 (Signal Handler Race Condition vulnerability in Mitsubishi Electric Ind ...) + NOT-FOR-US: Mitsubishi Electric +CVE-2023-27984 (A CWE-20: Improper Input Validation vulnerability exists in Custom Rep ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27983 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27982 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27981 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27980 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27979 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27978 (A CWE-502: Deserialization of Untrusted Data vulnerability exists in t ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27977 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) + NOT-FOR-US: Schneider Electric +CVE-2023-27976 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...) + NOT-FOR-US: Schneider +CVE-2023-27975 + RESERVED +CVE-2023-27974 (Bitwarden through 2023.2.1 offers password auto-fill when the second-l ...) + NOT-FOR-US: Bitwarden +CVE-2023-27973 (Certain HP LaserJet Pro print products are potentially vulnerable to H ...) + NOT-FOR-US: HP +CVE-2023-27972 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) + NOT-FOR-US: HP +CVE-2023-27971 (Certain HP LaserJet Pro print products are potentially vulnerable to B ...) + NOT-FOR-US: HP +CVE-2023-1284 + RESERVED +CVE-2023-1283 (Code Injection in GitHub repository builderio/qwik prior to 0.21.0.) + NOT-FOR-US: qwik +CVE-2023-1282 (The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1281 (Use After Free vulnerability in Linux kernel traffic control index fil ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.15-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2 + NOTE: https://git.kernel.org/linus/ee059170b1f7e94e55fa6cadee544e176a6e59c2 (6.2) + NOTE: https://www.openwall.com/lists/oss-security/2023/04/11/3 +CVE-2023-1280 + RESERVED +CVE-2023-1279 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-1278 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: IBOS +CVE-2023-1277 (A vulnerability, which was classified as critical, was found in kylin- ...) + NOT-FOR-US: kylin-system-updater +CVE-2018-25081 (Bitwarden through 2023.2.1 offers password auto-fill within a cross-do ...) + NOT-FOR-US: Bitwarden +CVE-2017-20182 (A vulnerability was found in Mobile Vikings Django AJAX Utilities up t ...) + NOT-FOR-US: Mobile Vikings Django AJAX Utilities +CVE-2014-125093 (A vulnerability has been found in Ad Blocking Detector Plugin up to 1. ...) + NOT-FOR-US: Ad Blocking Detector Plugin +CVE-2013-10020 (A vulnerability, which was classified as problematic, was found in MMD ...) + NOT-FOR-US: MMDeveloper +CVE-2023-27970 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2023-27969 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-27968 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-27967 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27966 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-27965 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2023-27964 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2023-27963 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-27962 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-27961 (Multiple validation issues were addressed with improved input sanitiza ...) + NOT-FOR-US: Apple +CVE-2023-27960 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-27959 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27958 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27957 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-27956 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27955 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-27954 (The issue was addressed by removing origin information. This issue is ...) + {DSA-5397-1 DSA-5396-1 DLA-3419-1} + - webkit2gtk 2.40.1-1 + - wpewebkit 2.38.6-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2023-27953 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27952 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-27951 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-27950 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27949 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27948 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27947 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27946 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2023-27945 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-27944 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2023-27943 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-27942 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-27941 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2023-27940 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-27939 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27938 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2023-27937 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2023-27936 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2023-27935 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-27934 (A memory initialization issue was addressed. This issue is fixed in ma ...) + NOT-FOR-US: Apple +CVE-2023-27933 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-27932 (This issue was addressed with improved state management. This issue is ...) + {DSA-5397-1 DSA-5396-1 DLA-3419-1} + - webkit2gtk 2.40.1-1 + - wpewebkit 2.38.6-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2023-27931 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-27930 (A type confusion issue was addressed with improved checks. This issue ...) + NOT-FOR-US: Apple +CVE-2023-27929 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2023-27928 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-1276 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SUL1SS_shop +CVE-2023-1275 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Phone Shop Sales Managements System +CVE-2023-1274 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1273 (The ND Shortcodes WordPress plugin before 7.0 does not validate some s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1272 + RESERVED +CVE-2023-1271 + REJECTED +CVE-2023-1270 (Cross-site Scripting in GitHub repository btcpayserver/btcpayserver pr ...) + NOT-FOR-US: btcpayserver +CVE-2023-1269 (Use of Hard-coded Credentials in GitHub repository alextselegidis/easy ...) + NOT-FOR-US: alextselegidis easyappointments +CVE-2023-1268 + RESERVED +CVE-2023-1267 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Ulkem Company PtteM Kart +CVE-2023-27986 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to E ...) + - emacs 1:28.2+1-13 (bug #1032538) + [bullseye] - emacs (Vulnerable code not present, introduced in 28.1) + [buster] - emacs (Vulnerable code not present, introduced in 28.1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2 + NOTE: Introduced by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c (emacs-28.0.90) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=3c1693d08b0a71d40a77e7b40c0ebc42dca2d2cc +CVE-2023-27985 (emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to s ...) + - emacs 1:28.2+1-13 (bug #1032538) + [bullseye] - emacs (Vulnerable code not present, introduced in 28.1) + [buster] - emacs (Vulnerable code not present, introduced in 28.1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/08/2 + NOTE: Introduced by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=b1b05c828d67930bb3b897fe98e1992db42cf23c (emacs-28.0.90) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=d32091199ae5de590a83f1542a01d75fba000467 + NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60204 +CVE-2023-XXXX [RUSTSEC-2023-0018] + - rust-remove-dir-all 0.8.2-1 + [bookworm] - rust-remove-dir-all (Minor issue) + [bullseye] - rust-remove-dir-all (Minor issue) + [buster] - rust-remove-dir-all (Minor issue, no in-place fix: old API deprecated + new API introduced) + NOTE: https://github.com/advisories/GHSA-mc8h-8q98-g5hr + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0018.html +CVE-2023-27915 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-27914 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-27913 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-27912 (A maliciously crafted X_B file when parsed through Autodesk\xae AutoCA ...) + NOT-FOR-US: Autodesk +CVE-2023-27911 (A user may be tricked into opening a malicious FBX file that may explo ...) + NOT-FOR-US: Autodesk +CVE-2023-27910 (A user may be tricked into opening a malicious FBX file that may explo ...) + NOT-FOR-US: Autodesk +CVE-2023-27909 (An Out-Of-Bounds Write Vulnerability in Autodesk\xae FBX\xae SDK versi ...) + NOT-FOR-US: Autodesk +CVE-2023-27908 (A maliciously crafted DLL file can be forced to write beyond allocated ...) + NOT-FOR-US: Autodesk +CVE-2023-27907 (A malicious actor may convince a victim to open a malicious USD file t ...) + NOT-FOR-US: Autodesk +CVE-2023-27906 (A malicious actor may convince a victim to open a malicious USD file t ...) + NOT-FOR-US: Autodesk +CVE-2023-27884 + RESERVED +CVE-2023-27879 (Improper access control in firmware for some Intel(R) Optane(TM) SSD p ...) + NOT-FOR-US: Intel +CVE-2023-27519 (Improper input validation in firmware for some Intel(R) Optane(TM) SSD ...) + NOT-FOR-US: Intel +CVE-2023-27502 + RESERVED +CVE-2023-27306 (Improper Initialization in firmware for some Intel(R) Optane(TM) SSD p ...) + NOT-FOR-US: Intel +CVE-2023-27305 (Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Gr ...) + NOT-FOR-US: Intel +CVE-2023-25952 (Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - W ...) + NOT-FOR-US: Intel +CVE-2023-24588 (Exposure of sensitive information to an unauthorized actor in firmware ...) + NOT-FOR-US: Intel +CVE-2023-24587 (Insufficient control flow management in firmware for some Intel(R) Opt ...) + NOT-FOR-US: Intel +CVE-2023-22434 + RESERVED +CVE-2023-1266 + RESERVED +CVE-2023-1265 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1264 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.139 ...) + - vim 2:9.0.1658-1 (unimportant) + NOTE: https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 + NOTE: https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6 (v9.0.1392) + NOTE: Crash in CLI tool, no security impact +CVE-2023-1263 (The CMP \u2013 Coming Soon & Maintenance plugin for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1262 (Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router ...) + NOT-FOR-US: WI-SUN +CVE-2023-1261 (Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earli ...) + NOT-FOR-US: WI-SUN +CVE-2023-1260 (An authentication bypass vulnerability was discovered in kube-apiserve ...) + NOT-FOR-US: OpenShift +CVE-2023-1259 (The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27905 (Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core ...) + - jenkins +CVE-2023-27904 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error sta ...) + - jenkins +CVE-2023-27903 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...) + - jenkins +CVE-2023-27902 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary dir ...) + - jenkins +CVE-2023-27901 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...) + - jenkins +CVE-2023-27900 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Com ...) + - jenkins +CVE-2023-27899 (Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary ...) + - jenkins +CVE-2023-27898 (Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.37 ...) + - jenkins +CVE-2023-27897 (In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is auth ...) + NOT-FOR-US: SAP +CVE-2023-27896 (In SAP BusinessObjects Business Intelligence Platform - version 420, 4 ...) + NOT-FOR-US: SAP +CVE-2023-27895 (SAP Authenticator for Android - version 1.3.0, allows the screen to be ...) + NOT-FOR-US: SAP +CVE-2023-27894 (SAP BusinessObjects Business Intelligence Platform (Web Services) - ve ...) + NOT-FOR-US: SAP +CVE-2023-27893 (An attacker authenticated as a user with a non-administrative role and ...) + NOT-FOR-US: SAP +CVE-2023-1258 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: ABB Flow-X firmware +CVE-2023-1257 (An attacker with physical access to the affected Moxa UC Series device ...) + NOT-FOR-US: Moxa UC Series devices +CVE-2023-1256 (The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server ar ...) + NOT-FOR-US: AVEVA Plant SCADA and AVEVA Telemetry Server +CVE-2023-1255 (Issue summary: The AES-XTS cipher decryption implementation for 64 bit ...) + - openssl 3.0.9-1 (bug #1034720) + [bullseye] - openssl (Vulnerable code not present) + [buster] - openssl (Vulnerable code not present) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=02ac9c9420275868472f33b01def01218742b8bb + NOTE: https://www.openssl.org/news/secadv/20230420.txt +CVE-2023-1254 (A vulnerability has been found in SourceCodester Health Center Patient ...) + NOT-FOR-US: SourceCodester Health Center Patient Record Management System +CVE-2023-1253 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Health Center Patient Record Management System +CVE-2023-1252 (A use-after-free flaw was found in the Linux kernel\u2019s Ext4 File S ...) + - linux 5.15.3-3 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9a254403760041528bc8f69fe2f5e1ef86950991 (5.16-rc1) +CVE-2023-1251 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Akinsoft Wolvox +CVE-2023-1250 (Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-1249 (A use-after-free flaw was found in the Linux kernel\u2019s core dump s ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + NOTE: https://git.kernel.org/linus/390031c942116d4733310f0684beb8db19885fe6 (5.18-rc1) +CVE-2023-1248 (Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Action ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2023-1247 + REJECTED +CVE-2022-4932 (The Total Upkeep plugin for WordPress is vulnerable to information dis ...) + NOT-FOR-US: Total Upkeep plugin for WordPress +CVE-2022-4931 (The BackupWordPress plugin for WordPress is vulnerable to information ...) + NOT-FOR-US: BackupWordPress plugin for WordPress +CVE-2021-4333 (The WP Statistics plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: WP Statistics plugin for WordPress +CVE-2021-4332 (The Plus Addons for Elementor plugin for WordPress is vulnerable to ar ...) + NOT-FOR-US: Plus Addons for Elementor plugin for WordPress +CVE-2021-4331 (The Plus Addons for Elementor plugin for WordPress is vulnerable to pr ...) + NOT-FOR-US: Plus Addons for Elementor plugin for WordPress +CVE-2021-4330 (The Envato Elements & Download and Template Kit \u2013 Import plugins ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36670 (The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disc ...) + NOT-FOR-US: NEX-Forms. plugin for WordPress +CVE-2020-36669 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) + NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress +CVE-2020-36668 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) + NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress +CVE-2020-36667 (The JetBackup \u2013 WP Backup, Migrate & Restore plugin for WordPress ...) + NOT-FOR-US: JetBackup WP Backup, Migrate & Restore plugin for WordPress +CVE-2023-27892 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) + NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware +CVE-2023-27891 (rami.io pretix before 4.17.1 allows OAuth application authorization fr ...) + NOT-FOR-US: rami.io +CVE-2023-27890 (The Export User plugin through 2.0 for MyBB allows XSS during the proc ...) + NOT-FOR-US: MyBB +CVE-2023-27878 + RESERVED +CVE-2023-27877 (IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects t ...) + NOT-FOR-US: IBM +CVE-2023-27876 (IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE ...) + NOT-FOR-US: IBM +CVE-2023-27875 (IBM Aspera Faspex 5.0.4 could allow a user to change other user's cred ...) + NOT-FOR-US: IBM +CVE-2023-27874 (IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity inject ...) + NOT-FOR-US: IBM +CVE-2023-27873 (IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to ...) + NOT-FOR-US: IBM +CVE-2023-27872 + RESERVED +CVE-2023-27871 (IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2023-27870 (IBM Spectrum Virtualize 8.5, under certain circumstances, could disclo ...) + NOT-FOR-US: IBM +CVE-2023-27869 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) + NOT-FOR-US: IBM +CVE-2023-27868 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) + NOT-FOR-US: IBM +CVE-2023-27867 (IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, an ...) + NOT-FOR-US: IBM +CVE-2023-27866 (IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code e ...) + NOT-FOR-US: IBM +CVE-2023-27865 + RESERVED +CVE-2023-27864 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML ...) + NOT-FOR-US: IBM +CVE-2023-27863 (IBM Spectrum Protect Plus Server 10.1.13, under specific configuration ...) + NOT-FOR-US: IBM +CVE-2023-27862 + RESERVED +CVE-2023-27861 (IBM Maximo Application Suite - Manage Component 8.8.0 and 8.9.0 transm ...) + NOT-FOR-US: IBM +CVE-2023-27860 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensiti ...) + NOT-FOR-US: IBM +CVE-2023-27859 + RESERVED +CVE-2023-27858 (Rockwell Automation Arena Simulation contains an arbitrary code execut ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-27857 (In affected versions, a heap-based buffer over-read condition occurs w ...) + NOT-FOR-US: Rockwell +CVE-2023-27856 (In affected versions, path traversal exists when processing a message ...) + NOT-FOR-US: Rockwell +CVE-2023-27855 (In affected versions, a path traversal exists when processing a messag ...) + NOT-FOR-US: Rockwell +CVE-2023-27854 (An arbitrary code execution vulnerability was reported to Rockwell Aut ...) + NOT-FOR-US: Rockwell Automation +CVE-2023-25947 (The bundle management subsystem within OpenHarmony-v3.1.4 and prior ve ...) + NOT-FOR-US: OpenHarmony +CVE-2023-25076 (A buffer overflow vulnerability exists in the handling of wildcard bac ...) + {DSA-5413-1 DLA-3406-1} + - sniproxy 0.6.0-2.1 (bug #1033752) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 + NOTE: https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 (0.6.1) +CVE-2023-24465 (Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior vers ...) + NOT-FOR-US: OpenHarmony +CVE-2023-1246 (Files or Directories Accessible to External Parties vulnerability in S ...) + NOT-FOR-US: Saysis Starcities +CVE-2023-1245 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1244 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1243 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1242 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1241 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1240 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1239 (Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/ ...) + NOT-FOR-US: Answer +CVE-2023-1238 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1237 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-1236 (Inappropriate implementation in Internals in Google Chrome prior to 11 ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1235 (Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 all ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1234 (Inappropriate implementation in Intents in Google Chrome on Android pr ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1233 (Insufficient policy enforcement in Resource Timing in Google Chrome pr ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1232 (Insufficient policy enforcement in Resource Timing in Google Chrome pr ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1231 (Inappropriate implementation in Autofill in Google Chrome on Android p ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1230 (Inappropriate implementation in WebApp Installs in Google Chrome on An ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1229 (Inappropriate implementation in Permission prompts in Google Chrome pr ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1228 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1227 (Use after free in Core in Google Chrome on Lacros prior to 111.0.5563. ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1226 (Insufficient policy enforcement in Web Payments API in Google Chrome p ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1225 (Insufficient policy enforcement in Navigation in Google Chrome on iOS ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1224 (Insufficient policy enforcement in Web Payments API in Google Chrome p ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1223 (Insufficient policy enforcement in Autofill in Google Chrome on Androi ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1222 (Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0. ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1221 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1220 (Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 al ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1219 (Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.6 ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1218 (Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allow ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1217 (Stack buffer overflow in Crash reporting in Google Chrome on Windows p ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1216 (Use after free in DevTools in Google Chrome prior to 111.0.5563.64 all ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1215 (Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1214 (Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1213 (Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 ...) + {DSA-5371-1} + - chromium 111.0.5563.64-1 + [buster] - chromium (see DSA 5046) +CVE-2023-1212 (Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpip ...) + - phpipam (bug #731713) +CVE-2023-1211 (SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.) + - phpipam (bug #731713) +CVE-2023-1210 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-1209 (Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records ...) + NOT-FOR-US: ServiceNow +CVE-2023-1208 (This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary dat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1207 (This HTTP Headers WordPress plugin before 1.18.8 has an import functio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1206 (A hash collision flaw was found in the IPv6 connection lookup table in ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2175903 + NOTE: https://git.kernel.org/linus/d11b0df7ddf1831f3e170972f43186dad520bfcc (6.5-rc4) +CVE-2023-27853 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format s ...) + NOT-FOR-US: NETGEAR +CVE-2023-27852 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer o ...) + NOT-FOR-US: NETGEAR +CVE-2023-27851 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sha ...) + NOT-FOR-US: NETGEAR +CVE-2023-27850 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sha ...) + NOT-FOR-US: NETGEAR +CVE-2023-1205 (NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cr ...) + NOT-FOR-US: NETGEAR +CVE-2023-1204 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1203 (Improper removal of sensitive data in the entry edit feature of Hub Bu ...) + NOT-FOR-US: Devolutions +CVE-2023-1202 (Permission bypass when importing or synchronizing entriesin User vault ...) + NOT-FOR-US: Devolutions +CVE-2023-1201 (Improper access control in the secure messages feature in Devolutions ...) + NOT-FOR-US: Devolutions +CVE-2023-1200 (A vulnerability was found in ehuacui bbs. It has been declared as prob ...) + NOT-FOR-US: ehuacui bbs +CVE-2023-1199 + RESERVED +CVE-2023-1198 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Saysis Starcities +CVE-2023-1197 (Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/commun ...) + NOT-FOR-US: UVdesk +CVE-2023-1196 (The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x be ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1195 (A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in ...) + - linux 6.1.4-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/153695d36ead0ccc4d0256953c751cabf673e621 (6.1-rc3) +CVE-2023-1194 (An out-of-bounds (OOB) memory read flaw was found in parse_lease_state ...) + - linux 6.3.11-1 + [bookworm] - linux 6.1.37-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154176 +CVE-2023-1193 (A use-after-free flaw was found in setup_async_work in the KSMBD imple ...) + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154177 + NOTE: https://git.kernel.org/linus/3a9b557f44ea8f216aab515a7db20e23f0eb51b9 (6.3-rc6) +CVE-2023-1192 (A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS ...) + - linux + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2154178 +CVE-2023-1191 (A vulnerability classified as problematic has been found in fastcms. T ...) + NOT-FOR-US: fastcms +CVE-2023-1190 (A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has b ...) + NOT-FOR-US: xiaozhuai imageinfo +CVE-2023-1189 (A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. ...) + NOT-FOR-US: WiseCleaner Wise Folder Hider +CVE-2023-1188 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...) + NOT-FOR-US: FabulaTech Webcam for Remote Desktop +CVE-2023-1187 (A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8. ...) + NOT-FOR-US: FabulaTech Webcam for Remote Desktop +CVE-2023-1186 (A vulnerability has been found in FabulaTech Webcam for Remote Desktop ...) + NOT-FOR-US: FabulaTech Webcam for Remote Desktop +CVE-2023-1185 (A vulnerability, which was classified as problematic, was found in ECs ...) + NOT-FOR-US: ECshop +CVE-2020-36666 (The directory-pro WordPress plugin before 1.9.5, final-user-wp-fronten ...) + NOT-FOR-US: WordPress plugin +CVE-2023-XXXX [Transaction cache overrides the current user] + - tryton-server 6.0.29-1 + [bullseye] - tryton-server (Vulnerable code not present) + [buster] - tryton-server (Vulnerable code not present) + NOTE: https://foss.heptapod.net/tryton/tryton/-/issues/12108 + NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/107b68af389a2cb5c95f663f7a3107fc12aecaf7 + NOTE: Fixed by: https://foss.heptapod.net/tryton/tryton/-/commit/1ce8523f11aa78a88dd03e1f0ae2e2b076b6fdb0 (trytond-6.0.29) +CVE-2023-27849 (rails-routes-to-json v1.0.0 was discovered to contain a remote code ex ...) + NOT-FOR-US: rails-routes-to-json +CVE-2023-27848 (broccoli-compass v0.2.4 was discovered to contain a remote code execut ...) + NOT-FOR-US: broccoli-compass +CVE-2023-27847 (SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and be ...) + NOT-FOR-US: PrestaShop +CVE-2023-27846 (SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and ...) + NOT-FOR-US: PrestaShop module +CVE-2023-27845 (SQL injection vulnerability found in PrestaShop lekerawen_ocs before v ...) + NOT-FOR-US: PrestaShop +CVE-2023-27844 (SQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and ...) + NOT-FOR-US: PrestaShop +CVE-2023-27843 (SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 a ...) + NOT-FOR-US: PrestaShop +CVE-2023-27842 (Insecure Permissions vulnerability found in Extplorer File manager eXt ...) + - extplorer +CVE-2023-27841 + RESERVED +CVE-2023-27840 + RESERVED +CVE-2023-27839 + RESERVED +CVE-2023-27838 + RESERVED +CVE-2023-27837 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) + NOT-FOR-US: TP-Link +CVE-2023-27836 (TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain ...) + NOT-FOR-US: TP-Link +CVE-2023-27835 + RESERVED +CVE-2023-27834 + RESERVED +CVE-2023-27833 + RESERVED +CVE-2023-27832 + RESERVED +CVE-2023-27831 + RESERVED +CVE-2023-27830 (TightVNC before v2.8.75 allows attackers to escalate privileges on the ...) + - tightvnc (Windows-specific) + NOTE: https://medium.com/nestedif/vulnerability-disclosure-privilege-escalation-tightvnc-8165208cce +CVE-2023-27829 + RESERVED +CVE-2023-27828 + RESERVED +CVE-2023-27827 + RESERVED +CVE-2023-27826 (SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW ...) + NOT-FOR-US: TightVNC +CVE-2023-27825 + RESERVED +CVE-2023-27824 + RESERVED +CVE-2023-27823 (An authentication bypass in Optoma 1080PSTX C02 allows an attacker to ...) + NOT-FOR-US: Optoma 1080PSTX C02 +CVE-2023-27822 + RESERVED +CVE-2023-27821 (Databasir v1.0.7 was discovered to contain a remote code execution (RC ...) + NOT-FOR-US: Databasir +CVE-2023-27820 + RESERVED +CVE-2023-27819 + RESERVED +CVE-2023-27818 + RESERVED +CVE-2023-27817 + RESERVED +CVE-2023-27816 + RESERVED +CVE-2023-27815 + RESERVED +CVE-2023-27814 + RESERVED +CVE-2023-27813 + RESERVED +CVE-2023-27812 (bloofox v0.5.2 was discovered to contain an arbitrary file deletion vu ...) + NOT-FOR-US: bloofox +CVE-2023-27811 + RESERVED +CVE-2023-27810 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27809 + RESERVED +CVE-2023-27808 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27807 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27806 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27805 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27804 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27803 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27802 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27801 (H3C Magic R100 R100V100R005.bin was discovered to contain a stack over ...) + NOT-FOR-US: H3C Magic R100 +CVE-2023-27800 + RESERVED +CVE-2023-27799 + RESERVED +CVE-2023-27798 + RESERVED +CVE-2023-27797 + RESERVED +CVE-2023-27796 (RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wire ...) + NOT-FOR-US: RG-EW1200G PRO Wireless Routers +CVE-2023-27795 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local a ...) + NOT-FOR-US: IXP Data Easy Install +CVE-2023-27794 + RESERVED +CVE-2023-27793 (An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows loca ...) + NOT-FOR-US: IXP Data Easy Install +CVE-2023-27792 (An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attack ...) + NOT-FOR-US: IXP Data Easy Install +CVE-2023-27791 (An issue found in IXP Data Easy Install 6.6.148840 allows a remote att ...) + NOT-FOR-US: IXP Data Easy Install +CVE-2023-27790 + RESERVED +CVE-2023-27789 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/784 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27788 (An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/786 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27787 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/788 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27786 (An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/782 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27785 (An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker t ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/785 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27784 (An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/787 + NOTE: https://github.com/appneta/tcpreplay/pull/783 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/df18c48812462ea802d639d2477887055666ee58 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27783 (An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacke ...) + - tcpreplay 4.4.4-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/780 + NOTE: https://github.com/appneta/tcpreplay/pull/781 + NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/91009a551c2c59fe9079e217437bacbfd50e5450 (v4.4.4) + NOTE: Crash in CLI tool, no security impact +CVE-2023-27782 + RESERVED +CVE-2023-27781 (jpegoptim v1.5.2 was discovered to contain a heap overflow in the opti ...) + - jpegoptim (unimportant) + NOTE: https://github.com/tjko/jpegoptim/issues/132 + NOTE: https://github.com/tjko/jpegoptim/commit/29a073ad297a0954f5e865264e24755d0ffe53ed + NOTE: Crash in CLI tool, no security impact +CVE-2023-27780 + RESERVED +CVE-2023-27779 (AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: AM Presencia +CVE-2023-27778 + RESERVED +CVE-2023-27777 (Cross-site scripting (XSS) vulnerability was discovered in Online Jewe ...) + NOT-FOR-US: Online Jewelry Shop +CVE-2023-27776 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=c ...) + NOT-FOR-US: Online Jewelry Shop +CVE-2023-27775 (A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 all ...) + NOT-FOR-US: LiveAction LiveSP +CVE-2023-27774 + RESERVED +CVE-2023-27773 + RESERVED +CVE-2023-27772 (libiec61850 v1.5.1 was discovered to contain a segmentation violation ...) + NOT-FOR-US: libIEC61850 +CVE-2023-27771 (An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1. ...) + NOT-FOR-US: Wondershare +CVE-2023-27770 (An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 al ...) + NOT-FOR-US: Wondershare +CVE-2023-27769 (An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 al ...) + NOT-FOR-US: Wondershare +CVE-2023-27768 (An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 all ...) + NOT-FOR-US: Wondershare +CVE-2023-27767 (An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allo ...) + NOT-FOR-US: Wondershare +CVE-2023-27766 (An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows ...) + NOT-FOR-US: Wondershare +CVE-2023-27765 (An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 al ...) + NOT-FOR-US: Wondershare +CVE-2023-27764 (An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allo ...) + NOT-FOR-US: Wondershare +CVE-2023-27763 (An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 a ...) + NOT-FOR-US: Wondershare +CVE-2023-27762 (An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 ...) + NOT-FOR-US: Wondershare +CVE-2023-27761 (An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0. ...) + NOT-FOR-US: Wondershare +CVE-2023-27760 (An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allo ...) + NOT-FOR-US: Wondershare +CVE-2023-27759 (An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 al ...) + NOT-FOR-US: Wondershare +CVE-2023-27758 + RESERVED +CVE-2023-27757 (An arbitrary file upload vulnerability in the /admin/user/uploadImg co ...) + NOT-FOR-US: PerfreeBlog +CVE-2023-27756 + RESERVED +CVE-2023-27755 (go-bbs v1 was discovered to contain an arbitrary file download vulnera ...) + NOT-FOR-US: go-bbs +CVE-2023-27754 (vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow ca ...) + NOT-FOR-US: vox2mesh +CVE-2023-27753 + RESERVED +CVE-2023-27752 + REJECTED +CVE-2023-27751 + REJECTED +CVE-2023-27750 + RESERVED +CVE-2023-27749 + RESERVED +CVE-2023-27748 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity ...) + NOT-FOR-US: BlackVue DR750-2CH LTE +CVE-2023-27747 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticati ...) + NOT-FOR-US: BlackVue DR750-2CH LTE +CVE-2023-27746 (BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a ...) + NOT-FOR-US: BlackVue DR750-2CH LTE +CVE-2023-27745 (An issue in South River Technologies TitanFTP Before v2.0.1.2102 allow ...) + NOT-FOR-US: South River Technologies# +CVE-2023-27744 (An issue was discovered in South River Technologies TitanFTP NextGen s ...) + NOT-FOR-US: South River Technologies# +CVE-2023-27743 + RESERVED +CVE-2023-27742 (IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: IDURAR +CVE-2023-27741 + RESERVED +CVE-2023-27740 + RESERVED +CVE-2023-27739 + RESERVED +CVE-2023-27738 + RESERVED +CVE-2023-27737 + RESERVED +CVE-2023-27736 + RESERVED +CVE-2023-27735 + RESERVED +CVE-2023-27734 (An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker ...) + NOT-FOR-US: Eteran edb-debugger +CVE-2023-27733 (DedeCMS v5.7.106 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: DedeCMS +CVE-2023-27732 + RESERVED +CVE-2023-27731 + RESERVED +CVE-2023-27730 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Nginx NJS +CVE-2023-27729 (Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the ...) + NOT-FOR-US: Nginx NJS +CVE-2023-27728 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Nginx NJS +CVE-2023-27727 (Nginx NJS v0.7.10 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Nginx NJS +CVE-2023-27726 + RESERVED +CVE-2023-27725 + RESERVED +CVE-2023-27724 + RESERVED +CVE-2023-27723 + RESERVED +CVE-2023-27722 + RESERVED +CVE-2023-27721 + RESERVED +CVE-2023-27720 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: D-Link +CVE-2023-27719 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: D-Link +CVE-2023-27718 (D-Link DIR878 1.30B08 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: D-Link +CVE-2023-27717 + RESERVED +CVE-2023-27716 (An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows att ...) + NOT-FOR-US: freakchicken kafkaUI-lite +CVE-2023-27715 + RESERVED +CVE-2023-27714 + RESERVED +CVE-2023-27713 + RESERVED +CVE-2023-27712 + RESERVED +CVE-2023-27711 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) + NOT-FOR-US: Typecho +CVE-2023-27710 + RESERVED +CVE-2023-27709 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...) + NOT-FOR-US: DedeCMS +CVE-2023-27708 + RESERVED +CVE-2023-27707 (SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote ...) + NOT-FOR-US: DedeCMS +CVE-2023-27706 (Bitwarden Windows desktop application versions prior to v2023.4.0 stor ...) + NOT-FOR-US: Bitwarden +CVE-2023-27705 (APNG_Optimizer v1.4 was discovered to contain a buffer overflow via th ...) + NOT-FOR-US: APNG Optimizer +CVE-2023-27704 (Void Tools Everything lower than v1.4.1.1022 was discovered to contain ...) + NOT-FOR-US: Void Tools +CVE-2023-27703 (The Android version of pikpak v1.29.2 was discovered to contain an inf ...) + NOT-FOR-US: pikpak +CVE-2023-27702 + RESERVED +CVE-2023-27701 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) + NOT-FOR-US: MuYuCMS +CVE-2023-27700 (MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vuln ...) + NOT-FOR-US: MuYuCMS +CVE-2023-27699 + RESERVED +CVE-2023-27698 + RESERVED +CVE-2023-27697 + RESERVED +CVE-2023-27696 + RESERVED +CVE-2023-27695 + RESERVED +CVE-2023-27694 + RESERVED +CVE-2023-27693 + RESERVED +CVE-2023-27692 + RESERVED +CVE-2023-27691 + RESERVED +CVE-2023-27690 + RESERVED +CVE-2023-27689 + RESERVED +CVE-2023-27688 + RESERVED +CVE-2023-27687 + RESERVED +CVE-2023-27686 + RESERVED +CVE-2023-27685 + RESERVED +CVE-2023-27684 + RESERVED +CVE-2023-27683 + RESERVED +CVE-2023-27682 + RESERVED +CVE-2023-27681 + RESERVED +CVE-2023-27680 + RESERVED +CVE-2023-27679 + RESERVED +CVE-2023-27678 + RESERVED +CVE-2023-27677 + RESERVED +CVE-2023-27676 + RESERVED +CVE-2023-27675 + RESERVED +CVE-2023-27674 + RESERVED +CVE-2023-27673 + RESERVED +CVE-2023-27672 + RESERVED +CVE-2023-27671 + RESERVED +CVE-2023-27670 + RESERVED +CVE-2023-27669 + RESERVED +CVE-2023-27668 + RESERVED +CVE-2023-27667 (Auto Dealer Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Auto Dealer Management System +CVE-2023-27666 (Auto Dealer Management System v1.0 was discovered to contain a cross-s ...) + NOT-FOR-US: Auto Dealer Management System +CVE-2023-27665 + RESERVED +CVE-2023-27664 + RESERVED +CVE-2023-27663 + RESERVED +CVE-2023-27662 + RESERVED +CVE-2023-27661 + RESERVED +CVE-2023-27660 + RESERVED +CVE-2023-27659 + RESERVED +CVE-2023-27658 + RESERVED +CVE-2023-27657 + RESERVED +CVE-2023-27656 + RESERVED +CVE-2023-27655 + REJECTED +CVE-2023-27654 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) + NOT-FOR-US: WHO +CVE-2023-27653 (An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker t ...) + NOT-FOR-US: WHO +CVE-2023-27652 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...) + NOT-FOR-US: Ego Studio SuperClean +CVE-2023-27651 (An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an ...) + NOT-FOR-US: Ego Studio SuperClean +CVE-2023-27650 (An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a ...) + NOT-FOR-US: APUS Group Launcher +CVE-2023-27649 (SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0. ...) + NOT-FOR-US: Free Music +CVE-2023-27648 (Directory Traversal vulnerability found in T-ME Studios Change Color o ...) + NOT-FOR-US: T-ME Studios Change Color of Keypad +CVE-2023-27647 (An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacke ...) + NOT-FOR-US: DUALSPACE Lock Master +CVE-2023-27646 + RESERVED +CVE-2023-27645 (An issue found in POWERAMP audioplayer build 925 bundle play and build ...) + NOT-FOR-US: POWERAMP audioplayer +CVE-2023-27644 + RESERVED +CVE-2023-27643 (An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows ...) + NOT-FOR-US: POWERAMP +CVE-2023-27642 + RESERVED +CVE-2023-27641 (The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSE ...) + NOT-FOR-US: L-Soft +CVE-2023-27640 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) + NOT-FOR-US: tshirtecommerce +CVE-2023-27639 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) + NOT-FOR-US: tshirtecommerce +CVE-2023-27638 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) + NOT-FOR-US: tshirtecommerce +CVE-2023-27637 (An issue was discovered in the tshirtecommerce (aka Custom Product Des ...) + NOT-FOR-US: tshirtecommerce +CVE-2023-27636 + RESERVED +CVE-2023-1184 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: ECshop +CVE-2023-1183 (A flaw was found in the Libreoffice package. An attacker can craft an ...) + {DSA-5437-1 DSA-5436-1 DLA-3468-1 DLA-3467-1} + - hsqldb 2.7.2-1 + - hsqldb1.8.0 1.8.0.10+dfsg-12 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/ + NOTE: https://gerrit.libreoffice.org/c/core/+/146905 + NOTE: https://sourceforge.net/p/hsqldb/svn/6639/ +CVE-2023-1182 + RESERVED +CVE-2022-48364 (The undo_mark_statuses_as_sensitive method in app/services/approve_app ...) + - mastodon (bug #859741) +CVE-2023-27635 (debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary ...) + - debian-goodies (bug #1031267) + [bookworm] - debian-goodies (Minor issue; user prompted before execution) + [bullseye] - debian-goodies (Minor issue; user prompted before execution) + [buster] - debian-goodies (Minor issue; user prompted before execution) +CVE-2023-1181 (Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyima ...) + NOT-FOR-US: icret/easyimages2.0 +CVE-2023-1180 (A vulnerability has been found in SourceCodester Health Center Patient ...) + NOT-FOR-US: SourceCodester Health Center Patient Record Management System +CVE-2023-1179 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Computer Parts Sales and Inventory System +CVE-2008-10004 (A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It ...) + NOT-FOR-US: Email Registration +CVE-2023-27634 (Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file ...) + NOT-FOR-US: Shingo Intrepidity +CVE-2023-27633 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Customif ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27632 (Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Praye ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27631 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27630 + RESERVED +CVE-2023-27629 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27628 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27627 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27626 + RESERVED +CVE-2023-27625 + RESERVED +CVE-2023-27624 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27623 (Cross-Site Request Forgery (CSRF) vulnerability in Jens T\xf6rnell WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27622 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27621 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27620 (Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27619 (Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress theme +CVE-2023-27618 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGI ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27617 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27616 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Ca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27615 (Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27614 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27613 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorC ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27612 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27611 (Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable B ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27610 (Auth. (admin+) SQL Injection (SQLi) vulnerability in TransbankDevelope ...) + NOT-FOR-US: TransbankDevelopers Transbank Webpay +CVE-2023-27609 + RESERVED +CVE-2023-27608 + RESERVED +CVE-2023-27607 + RESERVED +CVE-2023-27606 (Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27605 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1178 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-27604 (Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a ...) + NOT-FOR-US: Apache Airflow Sqoop Provider +CVE-2023-27603 (In Apache Linkis <=1.3.1, due to the Manager module engineConn materia ...) + NOT-FOR-US: Apache Linkis +CVE-2023-27602 (In Apache Linkis <=1.3.1, The PublicService module uploadsfiles withou ...) + NOT-FOR-US: Apache Linkis +CVE-2023-1177 (Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prio ...) + NOT-FOR-US: mlflow +CVE-2023-1176 (Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2. ...) + NOT-FOR-US: mlflow +CVE-2023-1175 (Incorrect Calculation of Buffer Size in GitHub repository vim/vim prio ...) + {DLA-3453-1} + - vim 2:9.0.1378-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e + NOTE: https://github.com/vim/vim/commit/c99cbf8f289bdda5d4a77d7ec415850a520330ba (v9.0.1378) +CVE-2022-4930 (A vulnerability classified as problematic was found in nuxsmin sysPass ...) + NOT-FOR-US: nuxsmin sysPass +CVE-2017-20181 (A vulnerability classified as critical was found in hgzojer Vocable Tr ...) + NOT-FOR-US: hgzojer Vocable Trainer +CVE-2017-20180 (A vulnerability classified as critical has been found in Zerocoin libz ...) + NOT-FOR-US: Zerocoin libzerocoin +CVE-2015-10095 (A vulnerability classified as problematic has been found in woo-popup ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10094 (A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10093 (A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1 o ...) + NOT-FOR-US: Mark User as Spammer Plugin +CVE-2015-10092 (A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16 on Wo ...) + NOT-FOR-US: Qtranslate Slug Plugin +CVE-2015-10091 (A vulnerability has been found in ByWater Solutions bywater-koha-xslt ...) + NOT-FOR-US: bywater-koha-xslt +CVE-2015-10090 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125092 (A vulnerability was found in MaxButtons Plugin up to 1.26.0 on WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2006-10001 (A vulnerability, which was classified as problematic, was found in Sub ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27601 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27600 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27599 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27598 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27597 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27596 (OpenSIPS is a Session Initiation Protocol (SIP) server implementation. ...) + NOT-FOR-US: OpenSIPS +CVE-2023-27595 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-27594 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-27593 (Cilium is a networking, observability, and security solution with an e ...) + - cilium (bug #858303) +CVE-2023-27592 (Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically ...) + NOT-FOR-US: Miniflux +CVE-2023-27591 (Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated ...) + NOT-FOR-US: Miniflux +CVE-2023-27590 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2023-27589 (Minio is a Multi-Cloud Object Storage framework. Starting with RELEASE ...) + - minio (bug #859207) +CVE-2023-27588 (Hasura is an open-source product that provides users GraphQL or REST A ...) + NOT-FOR-US: Hasura +CVE-2023-27587 (ReadtoMyShoe, a web app that lets users upload articles and listen to ...) + NOT-FOR-US: ReadtoMyShoe +CVE-2023-27586 (CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Pr ...) + {DSA-5382-1} + - cairosvg 2.5.2-1.1 (bug #1033295) + [buster] - cairosvg (Minor issue; fix would require backporting entire --unsafe mechanism) + NOTE: https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 (2.7.0) + NOTE: https://github.com/Kozea/CairoSVG/security/advisories/GHSA-rwmf-w63j-p7gv + NOTE: Introduced in https://github.com/Kozea/CairoSVG/commit/1ee0889f4015ebaddcf9976d43222e673155797c (0.3) +CVE-2023-27585 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5438-1 DLA-3549-1 DLA-3394-1} + - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1036697) + - pjproject + - ring 20230922.0~ds1-1 + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-q9cp-8wcq-7pfr + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 + NOTE: https://github.com/pjsip/pjproject/commit/d1c5e4da5bae7f220bc30719888bb389c905c0c5 +CVE-2023-27584 + RESERVED +CVE-2023-27583 (PanIndex is a network disk directory index. In Panindex prior to versi ...) + NOT-FOR-US: PanIndex +CVE-2023-27582 (maddy is a composable, all-in-one mail server. Starting with version 0 ...) + NOT-FOR-US: maddy +CVE-2023-27581 (github-slug-action is a GitHub Action to expose slug value of GitHub e ...) + NOT-FOR-US: github-slug-action +CVE-2023-27580 (CodeIgniter Shield provides authentication and authorization for the C ...) + NOT-FOR-US: CodeIgniter +CVE-2023-27579 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2023-27578 (Galaxy is an open-source platform for data analysis. All supported ver ...) + NOT-FOR-US: Galaxy +CVE-2023-27577 (flarum is a forum software package for building communities. In versio ...) + NOT-FOR-US: Flarum +CVE-2023-27576 (An issue was discovered in phpList before 3.6.14. Due to an access err ...) + - phplist (bug #612288) +CVE-2023-27575 + RESERVED +CVE-2023-27574 (ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow en ...) + NOT-FOR-US: ShadowsocksX-NG +CVE-2023-27573 + RESERVED +CVE-2023-27572 (An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.0 ...) + NOT-FOR-US: CommScope Arris DG3450 +CVE-2023-27571 (An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_ ...) + NOT-FOR-US: DG3450 Cable Gateway +CVE-2023-27570 (The eo_tags package before 1.4.19 for PrestaShop allows SQL injection ...) + NOT-FOR-US: PrestaShop +CVE-2023-27569 (The eo_tags package before 1.3.0 for PrestaShop allows SQL injection v ...) + NOT-FOR-US: PrestaShop +CVE-2023-27568 (SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for ...) + NOT-FOR-US: inSpryker Commerce OS +CVE-2023-27567 (In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf ...) + NOT-FOR-US: OpenBSD +CVE-2023-27566 (Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write ...) + NOT-FOR-US: Live2D Cubism Editor +CVE-2023-27565 + RESERVED +CVE-2023-27564 (The n8n package 0.218.0 for Node.js allows Information Disclosure.) + NOT-FOR-US: n8n Node module +CVE-2023-27563 (The n8n package 0.218.0 for Node.js allows Escalation of Privileges.) + NOT-FOR-US: n8n Node module +CVE-2023-27562 (The n8n package 0.218.0 for Node.js allows Directory Traversal.) + NOT-FOR-US: n8n Node module +CVE-2023-27528 + RESERVED +CVE-2023-27392 (Incorrect default permissions in the Intel(R) Support android applicat ...) + NOT-FOR-US: Intel +CVE-2023-27382 (Incorrect default permissions in the Audio Service for some Intel(R) N ...) + NOT-FOR-US: Intel +CVE-2023-26587 (Improper input validation for the Intel(R) Easy Streaming Wizard softw ...) + NOT-FOR-US: Intel +CVE-2023-26586 + RESERVED +CVE-2023-25951 + RESERVED +CVE-2023-25757 (Improper access control in some Intel(R) Unison(TM) software before ve ...) + NOT-FOR-US: Intel +CVE-2023-25174 + RESERVED +CVE-2023-24596 + RESERVED +CVE-2023-22437 + RESERVED +CVE-2023-1174 (This vulnerability exposes a network port in minikube running on macOS ...) + NOT-FOR-US: minikube +CVE-2023-1173 + REJECTED +CVE-2023-1172 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: Bookly plugin for WordPress +CVE-2023-1171 + RESERVED +CVE-2023-1170 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 + NOTE: https://github.com/vim/vim/commit/1c73b65229c25e3c1fd8824ba958f7cc4d604f9c (v9.0.1376) + NOTE: Crash in CLI tool, no security impact +CVE-2023-1169 (The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2015-10089 (A vulnerability classified as problematic has been found in flame.js. ...) + NOT-FOR-US: flame.js +CVE-2023-1168 (An authenticated remote code execution vulnerability exists in the ...) + NOT-FOR-US: HPE +CVE-2023-1167 (Improper authorization in Gitlab EE affecting all versions from 12.3.0 ...) + - gitlab (Specific to EE) +CVE-2023-1166 (The USM-Premium WordPress plugin before 16.3 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4929 (A vulnerability was found in icplayer up to 0.818. It has been rated a ...) + NOT-FOR-US: icplayer +CVE-2022-4928 (A vulnerability was found in icplayer up to 0.819. It has been declare ...) + NOT-FOR-US: icplayer +CVE-2022-4927 (A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and clas ...) + NOT-FOR-US: NEOSDiscovery +CVE-2021-4329 (A vulnerability, which was classified as critical, has been found in j ...) + NOT-FOR-US: json-logic-js +CVE-2015-10088 (A vulnerability, which was classified as critical, was found in ayttm ...) + - ayttm + NOTE: https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046 + NOTE: https://sourceforge.net/p/ayttm/mailman/message/34397158/ +CVE-2014-125091 (A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 on ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125090 (A vulnerability was found in Media Downloader Plugin 0.1.992 on WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2008-10003 (A vulnerability was found in iGamingModules flashgames 1.1.0. It has b ...) + NOT-FOR-US: iGamingModules flashgames +CVE-2008-10002 (A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and cla ...) + NOT-FOR-US: cfire24 ajaxlife +CVE-2023-27560 (Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loo ...) + - php-phpseclib3 3.0.19-1 (bug #1032371) + NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/0398f7a81550a487170edca0ed39f360d4509e83 (3.0.0) + NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/6298d1cd55c3ffa44533bd41906caec246b60440 (3.0.19) +CVE-2023-27559 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5 ...) + NOT-FOR-US: IBM +CVE-2023-27558 (IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privile ...) + NOT-FOR-US: IBM +CVE-2023-27557 (IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1 ...) + NOT-FOR-US: IBM +CVE-2023-27556 (IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6. ...) + NOT-FOR-US: IBM +CVE-2023-27555 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) + NOT-FOR-US: IBM +CVE-2023-27554 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML E ...) + NOT-FOR-US: IBM +CVE-2023-27553 + RESERVED +CVE-2023-27552 + RESERVED +CVE-2023-27551 + RESERVED +CVE-2023-27550 + RESERVED +CVE-2023-27549 + RESERVED +CVE-2023-27548 + RESERVED +CVE-2023-27547 + RESERVED +CVE-2023-27546 + RESERVED +CVE-2023-27545 + RESERVED +CVE-2023-27544 + RESERVED +CVE-2023-27543 + RESERVED +CVE-2023-27542 + RESERVED +CVE-2023-27541 + RESERVED +CVE-2023-27540 (IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources ...) + NOT-FOR-US: IBM +CVE-2023-1165 (A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been ...) + NOT-FOR-US: Zhong Bang CRMEB Java +CVE-2023-1164 (A vulnerability was found in KylinSoft kylin-activation on KylinOS and ...) + NOT-FOR-US: KylinSoft +CVE-2023-1163 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in Dray ...) + NOT-FOR-US: DrayTek Vigor 2960 +CVE-2023-1162 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: DrayTek Vigor 2960 +CVE-2023-1161 (ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 an ...) + {DSA-5429-1 DLA-3402-1} + [experimental] - wireshark 4.0.5-1~exp1 + - wireshark 4.0.6-1 (bug #1033756) + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-08.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18839 + NOTE: Only affects ISO 15765 dissector in bullseye and older, + NOTE: ISO 10681 support was added in 3.6 +CVE-2023-1160 (Use of Platform-Dependent Third Party Components in GitHub repository ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-1159 (The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: Bookly plugin for WordPress +CVE-2023-1158 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server +CVE-2023-1157 (A vulnerability, which was classified as problematic, was found in fin ...) + NOT-FOR-US: Finixbit elf-parser +CVE-2023-1156 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Health Center Patient Record Management System +CVE-2021-4328 (A vulnerability has been found in \u72ee\u5b50\u9c7cCMS and classified ...) + NOT-FOR-US: 狮子鱼CMS +CVE-2020-36665 (A vulnerability was found in Artes\xe3os SEOTools up to 0.17.1 and cla ...) + NOT-FOR-US: artesaos SEOTools +CVE-2020-36664 (A vulnerability has been found in Artes\xe3os SEOTools up to 0.17.1 an ...) + NOT-FOR-US: artesaos SEOTools +CVE-2020-36663 (A vulnerability, which was classified as problematic, was found in Art ...) + NOT-FOR-US: artesaos SEOTools +CVE-2023-27539 + RESERVED + {DSA-5530-1 DLA-3392-1} + - ruby-rack 2.2.6.4-1 (bug #1033264) + NOTE: https://github.com/rack/rack/commit/231ef369ad0b542575fb36c74fcfcfabcf6c530c (v3.0.6.1) + NOTE: https://github.com/rack/rack/commit/ee7919ea04303717858be1c3f16b406adc6d8cff (v2.2.6.4) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-27539-possible-denial-of-service-vulnerability-in-racks-header-parsing/82466 +CVE-2023-27538 (An authentication bypass vulnerability exists in libcurl prior to v8.0 ...) + {DLA-3398-1} + - curl 7.88.1-7 + [bullseye] - curl 7.74.0-1.3+deb11u8 + NOTE: https://curl.se/docs/CVE-2023-27538.html + NOTE: Fixed by: https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb (curl-8_0_0) +CVE-2023-27537 (A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS ...) + - curl 7.88.1-7 + [bullseye] - curl (Vulnerable code introduced later) + [buster] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2023-27537.html + NOTE: Introduced by: https://github.com/curl/curl/commit/076a2f629119222aeeb50f5a03bf9f9052fabb9a (curl-7_88_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/dca4cdf071be095bcdc7126eaa77a8946ea4790b (curl-8_0_0) +CVE-2023-27536 (An authentication bypass vulnerability exists libcurl <8.0.0 in the co ...) + {DLA-3398-1} + - curl 7.88.1-7 + [bullseye] - curl 7.74.0-1.3+deb11u8 + NOTE: https://curl.se/docs/CVE-2023-27536.html + NOTE: Introduced by: https://github.com/curl/curl/commit/ebf42c4be76df40ec6d3bf32f229bbb274e2c32f (curl-7_22_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/cb49e67303dbafbab1cebf4086e3ec15b7d56ee5 (curl-8_0_0) +CVE-2023-27535 (An authentication bypass vulnerability exists in libcurl <8.0.0 in the ...) + {DLA-3398-1} + - curl 7.88.1-7 + [bullseye] - curl 7.74.0-1.3+deb11u8 + NOTE: https://curl.se/docs/CVE-2023-27535.html + NOTE: Introduced by: https://github.com/curl/curl/commit/177dbc7be07125582ddb7416dba7140b88ab9f62 (curl-7_13_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/8f4608468b890dce2dad9f91d5607ee7e9c1aba1 (curl-8_0_0) +CVE-2023-27534 (A path traversal vulnerability exists in curl <8.0.0 SFTP implementati ...) + - curl 7.88.1-7 + [bullseye] - curl 7.74.0-1.3+deb11u8 + [buster] - curl (Minor issue) + NOTE: https://curl.se/docs/CVE-2023-27534.html + NOTE: Introduced by: https://github.com/curl/curl/commit/ba6f20a2442ab1ebfe947cff19a552f92114a29a (curl-7_18_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 (curl-8_0_0) + NOTE: Regression fix: https://github.com/curl/curl/commit/91b53efa4b6854dc3688f55bfb329b0cafcf5325 (curl-8_1_0) +CVE-2023-27533 (A vulnerability in input validation exists in curl <8.0 during communi ...) + {DLA-3398-1} + - curl 7.88.1-7 + [bullseye] - curl 7.74.0-1.3+deb11u8 + NOTE: https://curl.se/docs/CVE-2023-27533.html + NOTE: Introduced by: https://github.com/curl/curl/commit/a1d6ad26100bc493c7b04f1301b1634b7f5aa8b4 (curl-7_7_alpha2) + NOTE: Fixed by: https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684 (curl-8_0_0) +CVE-2023-27532 (Vulnerability in Veeam Backup & Replication component allows encrypted ...) + NOT-FOR-US: Veeam +CVE-2023-27531 + RESERVED + NOT-FOR-US: Kredis JSON ruby gem + NOTE: https://discuss.rubyonrails.org/t/cve-2023-27531-possible-deserialization-of-untrusted-data-vulnerability-in-kredis-json/82467 +CVE-2023-27530 (A DoS vulnerability exists in Rack (bug #987544) +CVE-2023-27495 (@fastify/csrf-protection is a plugin which helps protect Fastify serve ...) + NOT-FOR-US: @fastify/csrf-protection +CVE-2023-27494 (Streamlit, software for turning data scripts into web applications, ha ...) + NOT-FOR-US: Streamlit +CVE-2023-27493 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-27492 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-27491 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-27490 (NextAuth.js is an open source authentication solution for Next.js appl ...) + NOT-FOR-US: NextAuth.js +CVE-2023-27489 (Kiwi TCMS is an open source test management system for both manual and ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-27488 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-27487 (Envoy is an open source edge and service proxy designed for cloud-nati ...) + - envoyproxy (bug #987544) +CVE-2023-27486 (xCAT is a toolkit for deployment and administration of computer cluste ...) + NOT-FOR-US: xCAT +CVE-2023-27485 (thmmniii/fbs-core is an open source feedback system for students. In v ...) + NOT-FOR-US: thmmniii/fbs-core +CVE-2023-27484 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...) + NOT-FOR-US: crossplane-runtime +CVE-2023-27483 (crossplane-runtime is a set of go libraries used to build Kubernetes c ...) + NOT-FOR-US: crossplane-runtime +CVE-2023-27482 (homeassistant is an open source home automation tool. A remotely explo ...) + - homeassistant (bug #839786) +CVE-2023-27481 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-27480 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-27479 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-27478 (libmemcached-awesome is an open source C/C++ client library and tools ...) + - libmemcached 1.1.4-1 (bug #1032479) + [bullseye] - libmemcached (Vulnerable code introduced later) + [buster] - libmemcached (Vulnerable code introduced later) + NOTE: Introduced with: https://github.com/awesomized/libmemcached/commit/d7a0084bf99d618d1dc26a54fd413db7ae8b8e63 (1.1.0-beta1) + NOTE: Fixed by: https://github.com/awesomized/libmemcached/commit/48dcc61a4919f6f3d5ee164630a843f2d8b8ade9 (1.1.4) +CVE-2023-27477 (wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code ...) + NOT-FOR-US: wasmtime +CVE-2023-27476 (OWSLib is a Python package for client programming with Open Geospatial ...) + {DSA-5426-1 DLA-3470-1} + [experimental] - owslib 0.28.1-1~exp1 + - owslib 0.27.2-3 (bug #1034182) + NOTE: https://github.com/geopython/OWSLib/commit/d91267303a695d69e73fa71efa100a035852a063 (0.29.0) + NOTE: https://github.com/geopython/OWSLib/commit/b0c687544ddc213d8dcd4a056139b63451938b21 (0.28.1) + NOTE: https://github.com/geopython/OWSLib/security/advisories/GHSA-8h9c-r582-mggc + NOTE: https://securitylab.github.com/advisories/GHSL-2022-131_OWSLib/ +CVE-2023-27475 (Goutil is a collection of miscellaneous functionality for the go langu ...) + NOT-FOR-US: Goutil +CVE-2023-27474 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-27473 + RESERVED +CVE-2023-27472 (quickentity-editor-next is an open source, system local, video game as ...) + NOT-FOR-US: quickentity-editor-next +CVE-2023-27471 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2023-27470 (BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 ...) + NOT-FOR-US: N-able Take Control Agent +CVE-2023-27469 (Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file de ...) + NOT-FOR-US: Malwarebytes Anti-Exploit +CVE-2023-27468 + RESERVED +CVE-2023-27467 + RESERVED +CVE-2023-27466 + RESERVED +CVE-2023-27465 (A vulnerability has been identified in SIMOTION C240 (All versions >= ...) + NOT-FOR-US: Siemens +CVE-2023-27464 (A vulnerability has been identified in Mendix Forgot Password (Mendix ...) + NOT-FOR-US: Siemens +CVE-2023-27463 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: RUGGEDCOM CROSSBOW +CVE-2023-27462 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: RUGGEDCOM CROSSBOW +CVE-2023-27461 (Cross-Site Request Forgery (CSRF) vulnerability in Yoohoo Plugins When ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27460 + RESERVED +CVE-2023-27459 + RESERVED +CVE-2023-27458 (Cross-Site Request Forgery (CSRF) vulnerability in wpstream WpStream p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27457 (Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27456 + RESERVED +CVE-2023-27455 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Mar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27454 + RESERVED +CVE-2023-27453 (Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27451 (Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Inst ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27450 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27449 + RESERVED +CVE-2023-27448 (Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27447 + RESERVED +CVE-2023-27446 (Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API tr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27445 (Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Flo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27444 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / Per ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27443 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27442 (Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27441 (Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27440 + RESERVED +CVE-2023-27439 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27438 (Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27437 + RESERVED +CVE-2023-27436 (Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Eleg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27435 (Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27434 (Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Edit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27433 (Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Mak ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27432 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimple ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27431 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store ...) + NOT-FOR-US: WordPress theme +CVE-2023-27430 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27429 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27428 + RESERVED +CVE-2023-27427 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZA ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27426 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27425 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jame ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27424 (Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27423 (Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27422 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27421 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-27420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-27419 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-27418 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Me ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27417 (Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27416 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deco ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27415 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27414 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Bo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27413 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-27412 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest ...) + NOT-FOR-US: WordPress theme +CVE-2023-27411 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: Siemens +CVE-2023-27410 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-27409 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-27408 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-27407 (A vulnerability has been identified in SCALANCE LPE9403 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-27406 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27405 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27404 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27403 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27402 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27401 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27400 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27399 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27398 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-27383 (Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023. ...) + NOT-FOR-US: Intel +CVE-2023-27307 + RESERVED +CVE-2023-27303 + RESERVED +CVE-2023-26596 + RESERVED +CVE-2023-26592 + RESERVED +CVE-2023-26591 + RESERVED +CVE-2023-25080 (Protection mechanism failure in some Intel(R) Distribution of OpenVINO ...) + NOT-FOR-US: Intel +CVE-2023-24478 (Use of insufficiently random values for some Intel Agilex(R) software ...) + NOT-FOR-US: Intel +CVE-2023-24463 + RESERVED +CVE-2023-22312 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...) + NOT-FOR-US: Intel +CVE-2023-1129 (The WP FEvents Book WordPress plugin through 0.46 does not ensures tha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1128 + RESERVED +CVE-2023-1127 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.) + - vim 2:9.0.1378-1 (unimportant) + [bullseye] - vim (Vulnerable code not present) + [buster] - vim (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb + NOTE: Introduced by: https://github.com/vim/vim/commit/8cf3459878198c5bb4a96f3c63214b2 (v9.0.0701) + NOTE: Fixed by: https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c (v9.0.1367) + NOTE: Crash in CLI tool, no security impact +CVE-2023-1126 (The WP FEvents Book WordPress plugin through 0.46 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1125 (The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1124 (The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1123 + RESERVED +CVE-2023-1122 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1121 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1120 (The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1119 (The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1118 (A flaw use after free in the Linux kernel integrated infrared receiver ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/29b0589a865b6f66d141d79b2dd1373e4e50fe17 + NOTE: https://www.openwall.com/lists/oss-security/2023/03/02/1 +CVE-2023-1117 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1116 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1115 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1114 (Missing Authorization vulnerability in Eskom e-Belediye allows Informa ...) + NOT-FOR-US: Eskom Bilgisayar e-Belediye +CVE-2023-1113 (A vulnerability was found in SourceCodester Simple Payroll System 1.0. ...) + NOT-FOR-US: SourceCodester Simple Payroll System +CVE-2023-1112 (A vulnerability was found in Drag and Drop Multiple File Upload Contac ...) + NOT-FOR-US: Drag and Drop Multiple File Upload Contact Form +CVE-2023-1111 + RESERVED +CVE-2023-1110 (The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4926 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) + {DSA-5328-1} + - chromium 109.0.5414.119-1 + [buster] - chromium (see DSA 5046) +CVE-2021-4327 (A vulnerability was found in SerenityOS. It has been rated as critical ...) + NOT-FOR-US: SerenityOS +CVE-2023-27381 + RESERVED +CVE-2023-27377 (Missing authentication in the StudentPopupDetails_EmergencyContactDeta ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27376 (Missing authentication in the StudentPopupDetails_StudentDetails ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27375 (Missing authentication in the StudentPopupDetails_ContactDetails ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27374 + RESERVED +CVE-2023-27373 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2023-27308 + RESERVED +CVE-2023-27302 + RESERVED +CVE-2023-27301 + RESERVED +CVE-2023-27300 + RESERVED +CVE-2023-27299 + RESERVED +CVE-2023-27297 + RESERVED +CVE-2023-26597 (Controller DoS due to buffer overflow in the handling of a specially c ...) + NOT-FOR-US: Honeywell +CVE-2023-26585 + RESERVED +CVE-2023-25948 (Server information leak of configuration data when an error is generat ...) + NOT-FOR-US: Honeywell +CVE-2023-25770 (Controller DoS may occur due to buffer overflow when an error is gener ...) + NOT-FOR-US: Honeywell +CVE-2023-25178 (Controller may be loaded with malicious firmware which could enable re ...) + NOT-FOR-US: Honeywell +CVE-2023-25078 (Server or Console Station DoS due to heap overflow occurring during th ...) + NOT-FOR-US: Honeywell +CVE-2023-24589 + RESERVED +CVE-2023-24480 (Controller DoS due to stack overflow when decoding a message from the ...) + NOT-FOR-US: Honeywell +CVE-2023-24474 (Experion server may experience a DoS due to a heap overflow which coul ...) + NOT-FOR-US: Honeywell +CVE-2023-23905 + RESERVED +CVE-2023-23585 (Experion server DoS due to heap overflow occurring during the handling ...) + NOT-FOR-US: Honeywell +CVE-2023-22658 + RESERVED +CVE-2023-22435 (Experion server may experience a DoS due to a stack overflow when hand ...) + NOT-FOR-US: Honeywell +CVE-2023-1109 (In Phoenix Contacts ENERGY AXC PU Web service an authenticated restric ...) + NOT-FOR-US: Phoenix Contacts ENERGY AXC PU Web service +CVE-2023-1108 (A flaw was found in undertow. This issue makes achieving a denial of s ...) + [experimental] - undertow 2.3.8-1 + - undertow 2.3.8-2 (bug #1033253) + NOTE: https://issues.redhat.com/browse/UNDERTOW-2239 + NOTE: https://github.com/undertow-io/undertow/pull/1453 +CVE-2023-1107 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) + NOT-FOR-US: flatpressblog +CVE-2023-1106 (Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressb ...) + NOT-FOR-US: flatpressblog +CVE-2023-1105 (External Control of File Name or Path in GitHub repository flatpressbl ...) + NOT-FOR-US: flatpressblog +CVE-2023-1104 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) + NOT-FOR-US: flatpressblog +CVE-2023-1103 + REJECTED +CVE-2023-1102 + RESERVED +CVE-2023-1101 (SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerab ...) + NOT-FOR-US: SonicOS SSLVPN +CVE-2023-1100 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Catering Reservation System +CVE-2023-1099 (A vulnerability was found in SourceCodester Online Student Management ...) + NOT-FOR-US: SourceCodester Online Student Management System +CVE-2023-27371 (GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) ...) + {DLA-3374-1} + - libmicrohttpd 0.9.75-6 + [bullseye] - libmicrohttpd (Minor issue) + NOTE: https://git.gnunet.org/libmicrohttpd.git/commit/?id=e0754d1638c602382384f1eface30854b1defeec (v0.9.76) + NOTE: https://lists.gnu.org/archive/html/libmicrohttpd/2023-02/msg00000.html +CVE-2023-27370 + RESERVED +CVE-2023-27369 + RESERVED +CVE-2023-27368 + RESERVED +CVE-2023-27367 + RESERVED +CVE-2023-27366 + RESERVED +CVE-2023-27365 + RESERVED +CVE-2023-27364 + RESERVED +CVE-2023-27363 + RESERVED +CVE-2023-27362 + RESERVED +CVE-2023-27361 + RESERVED +CVE-2023-27360 + RESERVED +CVE-2023-27359 + RESERVED +CVE-2023-27358 + RESERVED +CVE-2023-27357 + RESERVED +CVE-2023-27356 + RESERVED +CVE-2023-27355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Sonos One Speaker +CVE-2023-27354 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Sonos One Speaker +CVE-2023-27353 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Sonos One Speaker +CVE-2023-27352 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Sonos One Speaker +CVE-2023-27351 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: PaperCut +CVE-2023-27350 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: PaperCut +CVE-2023-27349 + RESERVED +CVE-2023-27348 + RESERVED +CVE-2023-27347 + RESERVED +CVE-2023-27346 + RESERVED +CVE-2023-27345 + RESERVED +CVE-2023-27344 + RESERVED +CVE-2023-27343 + RESERVED +CVE-2023-27342 + RESERVED +CVE-2023-27341 + RESERVED +CVE-2023-27340 + RESERVED +CVE-2023-27339 + RESERVED +CVE-2023-27338 + RESERVED +CVE-2023-27337 + RESERVED +CVE-2023-27336 + RESERVED +CVE-2023-27335 + RESERVED +CVE-2023-27334 + RESERVED +CVE-2023-27333 + RESERVED +CVE-2023-27332 + RESERVED +CVE-2023-27331 + RESERVED +CVE-2023-27330 + RESERVED +CVE-2023-27329 + RESERVED +CVE-2023-27328 + RESERVED +CVE-2023-27327 + RESERVED +CVE-2023-27326 + RESERVED +CVE-2023-27325 + RESERVED +CVE-2023-27324 + RESERVED +CVE-2023-27323 + RESERVED +CVE-2023-27322 + RESERVED +CVE-2023-27321 + RESERVED +CVE-2023-27320 (Sudo before 1.9.13p2 has a double free in the per-command chroot featu ...) + - sudo 1.9.13p3-1 (bug #1032163) + [bullseye] - sudo (Vulnerable code not present) + [buster] - sudo (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/28/1 + NOTE: https://www.sudo.ws/security/advisories/double_free/ + NOTE: https://github.com/sudo-project/sudo/commit/87ce69246869d9b9d69be278e29e0fc6a3cabdb9 +CVE-2023-27319 + RESERVED +CVE-2023-27318 + RESERVED +CVE-2023-27317 (ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a ...) + NOT-FOR-US: ONTAP +CVE-2023-27316 (SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerabilit ...) + NOT-FOR-US: NetApp +CVE-2023-27315 (SnapGathers versions prior to 4.9 are susceptible to a vulnerability ...) + NOT-FOR-US: NetApp +CVE-2023-27314 (ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12 ...) + NOT-FOR-US: NetApp +CVE-2023-27313 (SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vul ...) + NOT-FOR-US: NetApp +CVE-2023-27312 (SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are su ...) + NOT-FOR-US: NetApp +CVE-2023-27311 (NetApp Blue XP Connector versions prior to 3.9.25 expose information v ...) + NOT-FOR-US: NetApp Blue XP Connector +CVE-2023-27310 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: Siemens +CVE-2023-27309 (A vulnerability has been identified in RUGGEDCOM CROSSBOW (All version ...) + NOT-FOR-US: Siemens +CVE-2023-23554 (Uncontrolled search path element vulnerability exists in pg_ivm versio ...) + NOT-FOR-US: pg_ivm +CVE-2023-22847 (Information disclosure vulnerability exists in pg_ivm versions prior t ...) + NOT-FOR-US: pg_ivm +CVE-2023-1098 (An information disclosure vulnerability has been discovered in GitLab ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1097 (Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are v ...) + NOT-FOR-US: Baicells EG7035-M11 devices +CVE-2023-1096 (SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susc ...) + NOT-FOR-US: SnapCenter (NetAPP) +CVE-2023-1095 (In nf_tables_updtable, if nf_tables_table_enable returns an error, nft ...) + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/580077855a40741cf511766129702d97ff02f4d9 (6.0-rc1) +CVE-2023-1094 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-1093 (The OAuth Single Sign On WordPress plugin before 6.24.2 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1092 (The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1091 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Alpata Licensed Warehousing Automation System +CVE-2023-1090 (The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1089 (The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1088 (The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1087 (The WC Sales Notification WordPress plugin before 1.2.3 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1086 (The Preview Link Generator WordPress plugin before 1.0.4 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1085 + RESERVED +CVE-2023-1084 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1083 + RESERVED +CVE-2023-1082 + RESERVED +CVE-2023-27296 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-27295 (Cross-site request forgery is facilitated by OpenCATS failure to requi ...) + NOT-FOR-US: OpenCATS +CVE-2023-27294 (Improper neutralization of input during web page generation allows an ...) + NOT-FOR-US: OpenCATS +CVE-2023-27293 (Improper neutralization of input during web page generation allows an ...) + NOT-FOR-US: OpenCATS +CVE-2023-27292 (An open redirect vulnerability exposes OpenCATS to template injection ...) + NOT-FOR-US: OpenCATS +CVE-2023-26594 + RESERVED +CVE-2023-25771 (Improper access control for some Intel(R) NUC BIOS firmware may allow ...) + NOT-FOR-US: Intel +CVE-2023-25769 + RESERVED +CVE-2023-25079 + RESERVED +CVE-2023-24481 + RESERVED +CVE-2023-24462 + RESERVED +CVE-2023-24017 + RESERVED +CVE-2023-24013 + RESERVED +CVE-2023-22848 + RESERVED +CVE-2023-22390 + RESERVED +CVE-2023-1081 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: Microweber +CVE-2023-1080 (The GN Publisher plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: GN Publisher plugin for WordPress +CVE-2023-27291 + RESERVED +CVE-2023-27290 (Docker based datastores for IBM Instana (IBM Observability with Instan ...) + NOT-FOR-US: IBM +CVE-2023-27289 + RESERVED +CVE-2023-27288 + RESERVED +CVE-2023-27287 + RESERVED +CVE-2023-27286 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-27285 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2023-27284 (IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-27283 + RESERVED +CVE-2023-27282 + RESERVED +CVE-2023-27281 + RESERVED +CVE-2023-27280 + RESERVED +CVE-2023-27279 + RESERVED +CVE-2023-27278 + RESERVED +CVE-2023-27277 + RESERVED +CVE-2023-27276 + RESERVED +CVE-2023-27275 + RESERVED +CVE-2023-27274 + RESERVED +CVE-2023-27273 + RESERVED +CVE-2023-27272 + RESERVED +CVE-2023-27271 (InSAP BusinessObjects Business Intelligence Platform (Web Services) - ...) + NOT-FOR-US: SAP +CVE-2023-27270 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) + NOT-FOR-US: SAP +CVE-2023-27269 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) + NOT-FOR-US: SAP +CVE-2023-27268 (SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does ...) + NOT-FOR-US: SAP +CVE-2023-27267 (Due to missing authentication andinsufficient input validation,the OSC ...) + NOT-FOR-US: SAP +CVE-2023-27266 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...) + - mattermost-server (bug #823556) +CVE-2023-27265 (Mattermost fails to honor the ShowEmailAddress setting when constructi ...) + - mattermost-server (bug #823556) +CVE-2023-27264 (A missing permissions check in Mattermost Playbooks in Mattermost allo ...) + - mattermost-server (bug #823556) +CVE-2023-27263 (A missing permissions check in the /plugins/playbooks/api/v0/runs API ...) + - mattermost-server (bug #823556) +CVE-2023-1079 (A flaw was found in the Linux kernel. A use-after-free may be triggere ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/4ab3a086d10eeec1424f2e8a968827a6336203df + NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/4 +CVE-2023-1078 (A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.12-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/f753a68980cf4b59a80fe677619da2b1804f526d +CVE-2023-1077 (In the Linux kernel, pick_next_rt_entity() may return a type confused ...) + {DLA-3404-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/7c4a5b89a0b5a57a64b601775b296abf77a9fe97 + NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/7 +CVE-2023-4194 (A flaw was found in the Linux kernel's TUN/TAP functionality. This iss ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.11-1 + NOTE: https://git.kernel.org/linus/9bc3047374d5bec163e83e743709e23753376f0c (6.5-rc5) + NOTE: https://git.kernel.org/linus/5c9241f3ceab3257abe2923a59950db0dc8bb737 (6.5-rc5) +CVE-2023-1076 (A flaw was found in the Linux Kernel. The tun/tap sockets have their s ...) + {DLA-3404-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/66b2c338adce580dfce2199591e65e2bab889cff + NOTE: https://git.kernel.org/linus/a096ccca6e503a5c575717ff8a36ace27510ab0a + NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/5 +CVE-2023-1075 (A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectl ...) + - linux 6.1.11-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ffe2a22562444720b05bdfeb999c03e810d84cbb + NOTE: https://www.openwall.com/lists/oss-security/2023/03/01/6 +CVE-2023-1074 (A memory leak flaw was found in the Linux kernel's Stream Control Tran ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/458e279f861d3f61796894cd158b780765a1569f + NOTE: https://www.openwall.com/lists/oss-security/2023/01/23/1 +CVE-2023-1073 (A memory corruption flaw was found in the Linux kernel\u2019s human in ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/b12fece4c64857e5fab4290bf01b2e0317a88456 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/3 +CVE-2023-1072 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1071 (An issue has been discovered in GitLab affecting all versions from 15. ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-1070 (External Control of File Name or Path in GitHub repository nilsteampas ...) + - teampass (bug #730180) +CVE-2023-1069 (The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1068 (The Download Read More Excerpt Link plugin for WordPress is vulnerable ...) + NOT-FOR-US: Download Read More Excerpt Link plugin for WordPress +CVE-2023-1067 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-1066 + RESERVED +CVE-2023-1065 (This vulnerability in the Snyk Kubernetes Monitor can result in irrele ...) + NOT-FOR-US: Snyk Kubernetes Monitor +CVE-2023-1064 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Uzay Baskul Weighbridge Automation +CVE-2023-1063 (A vulnerability has been found in SourceCodester Doctors Appointment S ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1062 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1061 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1060 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: YKM YKM CRM +CVE-2023-1059 (A vulnerability classified as critical was found in SourceCodester Doc ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1058 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1057 (A vulnerability was found in SourceCodester Doctors Appointment System ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1056 (A vulnerability was found in SourceCodester Doctors Appointment System ...) + NOT-FOR-US: SourceCodester Doctors Appointment System +CVE-2023-1055 (A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP t ...) + - 389-ds-base (bug #1034891) + [bookworm] - 389-ds-base (Minor issue) + [bullseye] - 389-ds-base (Minor issue) + [buster] - 389-ds-base (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2173517 +CVE-2023-1054 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-1053 (A vulnerability was found in SourceCodester Music Gallery Site 1.0 and ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-1052 + RESERVED +CVE-2023-1051 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Web Report System +CVE-2023-1050 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Web Report System +CVE-2023-1049 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + NOT-FOR-US: Schneider +CVE-2023-XXXX [RUSTSEC-2023-0015] + - rust-ascii 0.9.3-1 + [bullseye] - rust-ascii (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0015.html + NOTE: https://github.com/tomprogrammer/rust-ascii/commit/dc7e07397ce362487162cb86f92c0bec4645d867 (v0.9.3) + NOTE: https://github.com/tomprogrammer/rust-ascii/issues/64 +CVE-2023-27262 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27261 (Missing authentication in the DeleteAssignments method in IDAt ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27260 (Unauthenticated SQL injection in the GetAssignmentsDue method i ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27259 (Missing authentication in the GetAssignmentsDue method in IDAtten ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27258 (Missing authentication in the GetStudentGroupStudents method in ID ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27257 (Missing authentication in the GetActiveToiletPasses method in IDAtt ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27256 (Missing authentication in the GetLogFiles method in IDAttend\u2019s ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27255 (Unauthenticated SQL injection in the DeleteRoomChanges method in ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27254 (Unauthenticated SQL injection in the GetRoomChanges method in IDA ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-27253 (A command injection vulnerability in the function restore_rrddata() of ...) + NOT-FOR-US: pfSense +CVE-2023-27252 + RESERVED +CVE-2023-27251 + RESERVED +CVE-2023-27250 (Online Book Store Project v1.0 is vulnerable to SQL Injection via /boo ...) + NOT-FOR-US: Online Book Store Project +CVE-2023-27249 (swfdump v0.9.2 was discovered to contain a heap buffer overflow in the ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/197 + NOTE: Crash in CLI tool, no security implications +CVE-2023-27248 + RESERVED +CVE-2023-27247 (Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rig ...) + NOT-FOR-US: Cynet Client Agent +CVE-2023-27246 (An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth ...) + NOT-FOR-US: Virtual Disk of MK-Auth +CVE-2023-27245 (A cross-site scripting (XSS) vulnerability in File Management Project ...) + NOT-FOR-US: File Management Project +CVE-2023-27244 + RESERVED +CVE-2023-27243 (An access control issue in Makves DCAP v3.0.0.122 allows unauthenticat ...) + NOT-FOR-US: Makves DCAP +CVE-2023-27242 (SourceCodester Loan Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: SourceCodester Loan Management System +CVE-2023-27241 (SourceCodester Water Billing System v1.0 was discovered to contain a c ...) + NOT-FOR-US: SourceCodester Water Billing System +CVE-2023-27240 (Tenda AX3 V16.03.12.11 was discovered to contain a command injection v ...) + NOT-FOR-US: Tenda +CVE-2023-27239 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-27238 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache pois ...) + NOT-FOR-US: LavaLite CMS +CVE-2023-27237 (LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header ...) + NOT-FOR-US: LavaLite CMS +CVE-2023-27236 + RESERVED +CVE-2023-27235 (An arbitrary file upload vulnerability in the \admin\c\CommonControlle ...) + NOT-FOR-US: Jizhicms +CVE-2023-27234 (A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2. ...) + NOT-FOR-US: Jizhicms +CVE-2023-27233 (Piwigo before 13.6.0 was discovered to contain a SQL injection vulnera ...) + - piwigo +CVE-2023-27232 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-27231 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-27230 + RESERVED +CVE-2023-27229 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-27228 + RESERVED +CVE-2023-27227 + RESERVED +CVE-2023-27226 + RESERVED +CVE-2023-27225 (A cross-site scripting (XSS) vulnerability in User Registration & Logi ...) + NOT-FOR-US: Admin Panel v3 +CVE-2023-27224 (An issue found in NginxProxyManager v.2.9.19 allows an attacker to exe ...) + NOT-FOR-US: NginxProxyManager +CVE-2023-27223 + RESERVED +CVE-2023-27222 + RESERVED +CVE-2023-27221 + RESERVED +CVE-2023-27220 + RESERVED +CVE-2023-27219 + RESERVED +CVE-2023-27218 + RESERVED +CVE-2023-27217 (A stack-based buffer overflow in the ChangeFriendlyName() function of ...) + NOT-FOR-US: Belkin +CVE-2023-27216 (An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated u ...) + NOT-FOR-US: D-Link +CVE-2023-27215 + RESERVED +CVE-2023-27214 (Online Student Management System v1.0 was discovered to contain multip ...) + NOT-FOR-US: Online Student Management System +CVE-2023-27213 (Online Student Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Student Management System +CVE-2023-27212 (A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of ...) + NOT-FOR-US: Online Pizza Ordering System +CVE-2023-27211 (A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Onl ...) + NOT-FOR-US: Online Pizza Ordering System +CVE-2023-27210 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Online Pizza Ordering System +CVE-2023-27209 + RESERVED +CVE-2023-27208 (A cross-site scripting (XSS) vulnerability in /php-opos/login.php of O ...) + NOT-FOR-US: Online Pizza Ordering System +CVE-2023-27207 (Online Pizza Ordering System 1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Online Pizza Ordering System +CVE-2023-27206 (A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of B ...) + NOT-FOR-US: Best POS Management System +CVE-2023-27205 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Best POS Management System +CVE-2023-27204 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Best POS Management System +CVE-2023-27203 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Best POS Management System +CVE-2023-27202 (Best POS Management System 1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Best POS Management System +CVE-2023-27201 + RESERVED +CVE-2023-27200 + RESERVED +CVE-2023-27199 (PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows atta ...) + NOT-FOR-US: PAX +CVE-2023-27198 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...) + NOT-FOR-US: PAX +CVE-2023-27197 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow ...) + NOT-FOR-US: PAX +CVE-2023-27196 + RESERVED +CVE-2023-27195 + RESERVED +CVE-2023-27194 + RESERVED +CVE-2023-27193 (An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain pr ...) + NOT-FOR-US: DUALSPACE +CVE-2023-27192 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) + NOT-FOR-US: DUALSPACE Super Secuirty +CVE-2023-27191 (An issue found in DUALSPACE Super Secuirty v.2.3.7 allows an attacker ...) + NOT-FOR-US: DUALSPACE Super Secuirty +CVE-2023-27190 + RESERVED +CVE-2023-27189 + RESERVED +CVE-2023-27188 + RESERVED +CVE-2023-27187 + RESERVED +CVE-2023-27186 + RESERVED +CVE-2023-27185 + RESERVED +CVE-2023-27184 + RESERVED +CVE-2023-27183 + RESERVED +CVE-2023-27182 + RESERVED +CVE-2023-27181 + RESERVED +CVE-2023-27180 (GDidees CMS v3.9.1 was discovered to contain a source code disclosure ...) + NOT-FOR-US: GDidees CMS +CVE-2023-27179 (GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary fi ...) + NOT-FOR-US: GDidees CMS +CVE-2023-27178 (An arbitrary file upload vulnerability in the upload function of GDide ...) + NOT-FOR-US: GDidees CMS +CVE-2023-27177 + RESERVED +CVE-2023-27176 + RESERVED +CVE-2023-27175 + RESERVED +CVE-2023-27174 + RESERVED +CVE-2023-27173 + RESERVED +CVE-2023-27172 (Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT t ...) + NOT-FOR-US: Xpand IT Write-back manager +CVE-2023-27171 + REJECTED +CVE-2023-27170 (Xpand IT Write-back manager v2.3.1 allows attackers to perform a direc ...) + NOT-FOR-US: Xpand IT Write-back manager +CVE-2023-27169 (Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license cl ...) + NOT-FOR-US: Xpand IT Write-back manager +CVE-2023-27168 + RESERVED +CVE-2023-27167 (Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vu ...) + NOT-FOR-US: Suprema BioStar +CVE-2023-27166 + RESERVED +CVE-2023-27165 + RESERVED +CVE-2023-27164 (An arbitrary file upload vulnerability in Halo up to v1.6.1 allows att ...) + NOT-FOR-US: Halo +CVE-2023-27163 (request-baskets up to v1.2.1 was discovered to contain a Server-Side R ...) + NOT-FOR-US: request-baskets +CVE-2023-27162 (openapi-generator up to v6.4.0 was discovered to contain a Server-Side ...) + NOT-FOR-US: openapi-generator +CVE-2023-27161 (Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request ...) + - jellyfin (bug #994189) +CVE-2023-27160 (forem up to v2022.11.11 was discovered to contain a Server-Side Reques ...) + NOT-FOR-US: forem +CVE-2023-27159 (Appwrite up to v1.2.1 was discovered to contain a Server-Side Request ...) + NOT-FOR-US: Appwrite +CVE-2023-27158 + RESERVED +CVE-2023-27157 + RESERVED +CVE-2023-27156 + RESERVED +CVE-2023-27155 + RESERVED +CVE-2023-27154 + RESERVED +CVE-2023-27153 + RESERVED +CVE-2023-27152 (DECISO OPNsense 23.1 does not impose rate limits for authentication, a ...) + NOT-FOR-US: DECISO OPNsense +CVE-2023-27151 + RESERVED +CVE-2023-27150 + RESERVED +CVE-2023-27149 (A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTic ...) + NOT-FOR-US: Enhancesoft osTicket +CVE-2023-27148 (A stored cross-site scripting (XSS) vulnerability in the Admin panel i ...) + NOT-FOR-US: Enhancesoft osTicket +CVE-2023-27147 + RESERVED +CVE-2023-27146 + RESERVED +CVE-2023-27145 + RESERVED +CVE-2023-27144 + RESERVED +CVE-2023-27143 + RESERVED +CVE-2023-27142 + RESERVED +CVE-2023-27141 + RESERVED +CVE-2023-27140 + RESERVED +CVE-2023-27139 + RESERVED +CVE-2023-27138 + RESERVED +CVE-2023-27137 + RESERVED +CVE-2023-27136 + RESERVED +CVE-2023-27135 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-27134 + RESERVED +CVE-2023-27133 (TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .h ...) + NOT-FOR-US: TSplus Remote Work +CVE-2023-27132 (TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pa ...) + NOT-FOR-US: TSplus Remote Work +CVE-2023-27131 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) + NOT-FOR-US: Typecho +CVE-2023-27130 (Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a r ...) + NOT-FOR-US: Typecho +CVE-2023-27129 + RESERVED +CVE-2023-27128 + RESERVED +CVE-2023-27127 + RESERVED +CVE-2023-27126 (The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on fi ...) + NOT-FOR-US: TP-Link +CVE-2023-27125 + RESERVED +CVE-2023-27124 + RESERVED +CVE-2023-27123 + RESERVED +CVE-2023-27122 + RESERVED +CVE-2023-27121 (A cross-site scripting (XSS) vulnerability in the component /framework ...) + NOT-FOR-US: Pleasant Solutions Pleasant Password Server +CVE-2023-27120 + RESERVED +CVE-2023-27119 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...) + - wabt (unimportant; bug #1032669) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/WebAssembly/wabt/issues/1990 +CVE-2023-27118 + RESERVED +CVE-2023-27117 (WebAssembly v1.0.29 was discovered to contain a heap overflow via the ...) + - wabt (unimportant; bug #1032669) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/WebAssembly/wabt/issues/1989 +CVE-2023-27116 (WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleT ...) + - wabt 1.0.33-1 (unimportant; bug #1032669) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/WebAssembly/wabt/issues/1984 + NOTE: https://github.com/WebAssembly/wabt/pull/2119 + NOTE: https://github.com/WebAssembly/wabt/commit/8a7b7497bdf78f9099f8d5a3a2c9bde87ddd52da +CVE-2023-27115 (WebAssembly v1.0.29 was discovered to contain a segmentation fault via ...) + - wabt (unimportant; bug #1032669) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/WebAssembly/wabt/issues/1938 + NOTE: https://github.com/WebAssembly/wabt/issues/1992 +CVE-2023-27114 (radare2 v5.8.3 was discovered to contain a segmentation fault via the ...) + - radare2 (bug #1032667) + NOTE: https://github.com/radareorg/radare2/issues/21363 + NOTE: https://github.com/radareorg/radare2/commit/a15067a8eaa836bcc24b0882712c14d1baa66509 +CVE-2023-27113 + RESERVED +CVE-2023-27112 + RESERVED +CVE-2023-27111 + RESERVED +CVE-2023-27110 + RESERVED +CVE-2023-27109 + RESERVED +CVE-2023-27108 (An issue was discovered in KaiOS 3.0. The pre-installed Communications ...) + NOT-FOR-US: KaiOS +CVE-2023-27107 (Incorrect access control in the runReport function of MyQ Solution Pri ...) + NOT-FOR-US: MyQ Solution +CVE-2023-27106 + RESERVED +CVE-2023-27105 (A vulnerability in the Wi-Fi file transfer module of Shanling M5S Port ...) + NOT-FOR-US: Shanling +CVE-2023-27104 + RESERVED +CVE-2023-27103 (Libde265 v1.0.11 was discovered to contain a heap buffer overflow via ...) + {DLA-3676-1} + - libde265 1.0.12-1 (bug #1033257) + [bookworm] - libde265 1.0.11-1+deb12u1 + [bullseye] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/394 + NOTE: https://github.com/strukturag/libde265/commit/d6bf73e765b7a23627bfd7a8645c143fd9097995 (v1.0.12) +CVE-2023-27102 (Libde265 v1.0.11 was discovered to contain a segmentation violation vi ...) + {DLA-3676-1} + - libde265 1.0.12-1 (bug #1033257) + [bookworm] - libde265 1.0.11-1+deb12u1 + [bullseye] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/393 + NOTE: https://github.com/strukturag/libde265/commit/0b1752abff97cb542941d317a0d18aa50cb199b1 (v1.0.12) +CVE-2023-27101 + RESERVED +CVE-2023-27100 (Improper restriction of excessive authentication attempts in the SSHGu ...) + NOT-FOR-US: Netgate pfSense Plus +CVE-2023-27099 + RESERVED +CVE-2023-27098 + RESERVED +CVE-2023-27097 + RESERVED +CVE-2023-27096 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) + NOT-FOR-US: Hippo4j +CVE-2023-27095 (Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 ...) + NOT-FOR-US: Hippo4j +CVE-2023-27094 (An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escala ...) + NOT-FOR-US: Hippo4j +CVE-2023-27093 (Cross Site Scripting vulnerability found in My-Blog allows attackers t ...) + NOT-FOR-US: My-Blog +CVE-2023-27092 (Cross Site Scripting vulnerability found in Jbootfly allows attackers ...) + NOT-FOR-US: Jbootfly +CVE-2023-27091 (An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows a ...) + NOT-FOR-US: XiaoBingby TeaCMS +CVE-2023-27090 (Cross Site Scripting vulnerability found in TeaCMS storage allows atta ...) + NOT-FOR-US: TeaCMS +CVE-2023-27089 (Cross Site Scripting vulnerability found in Ehuacui BBS allows attacke ...) + NOT-FOR-US: Ehuacui +CVE-2023-27088 (feiqu-opensource Background Vertical authorization vulnerability exist ...) + NOT-FOR-US: feiqu-opensource Background Vertical +CVE-2023-27087 (Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and ...) + NOT-FOR-US: Xuxueli +CVE-2023-27086 + RESERVED +CVE-2023-27085 + RESERVED +CVE-2023-27084 (Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allo ...) + NOT-FOR-US: Dreamer CMS +CVE-2023-27083 (An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-d ...) + NOT-FOR-US: Pluck CMS +CVE-2023-27082 (Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4. ...) + NOT-FOR-US: Pluck CMS +CVE-2023-27081 + RESERVED +CVE-2023-27080 + RESERVED +CVE-2023-27079 (Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an ...) + NOT-FOR-US: Tenda +CVE-2023-27078 (A command injection issue was found in TP-Link MR3020 v.1_150921 that ...) + NOT-FOR-US: TP-Link +CVE-2023-27077 (Stack Overflow vulnerability found in 360 D901 allows a remote attacke ...) + NOT-FOR-US: 360 D901 +CVE-2023-27076 (Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows a ...) + NOT-FOR-US: Tenda +CVE-2023-27075 (A cross-site scripting vulnerability (XSS) in the component microbin/s ...) + NOT-FOR-US: Microbin +CVE-2023-27074 (BP Monitoring Management System v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: BP Monitoring Management System +CVE-2023-27073 (A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1. ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-27072 + RESERVED +CVE-2023-27071 + RESERVED +CVE-2023-27070 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...) + NOT-FOR-US: TotalJS OpenPlatform +CVE-2023-27069 (A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatf ...) + NOT-FOR-US: TotalJS OpenPlatform +CVE-2023-27068 (Deserialization of Untrusted Data in Sitecore Experience Platform thro ...) + NOT-FOR-US: Sitecore +CVE-2023-27067 (Directory Traversal vulnerability in Sitecore Experience Platform thro ...) + NOT-FOR-US: Sitecore +CVE-2023-27066 (Directory Traversal vulnerability in Site Core Experience Platform 10. ...) + NOT-FOR-US: Sitecore +CVE-2023-27065 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-27064 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-27063 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-27062 (Tenda V15V1.0 was discovered to contain a buffer overflow vulnerabilit ...) + NOT-FOR-US: Tenda +CVE-2023-27061 (Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2023-27060 (LightCMS v1.3.7 was discovered to contain a remote code execution (RCE ...) + NOT-FOR-US: LightCMS +CVE-2023-27059 (A cross-site scripting (XSS) vulnerability in the Edit Group function ...) + NOT-FOR-US: ChurchCRM +CVE-2023-27058 + RESERVED +CVE-2023-27057 + RESERVED +CVE-2023-27056 + RESERVED +CVE-2023-27055 (Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access s ...) + NOT-FOR-US: Aver Information Inc PTZApp2 +CVE-2023-27054 (A cross-site scripting (XSS) vulnerability in MiroTalk P2P before comm ...) + NOT-FOR-US: MiroTalk +CVE-2023-27053 + RESERVED +CVE-2023-27052 (E-Commerce System v1.0 ws discovered to contain a SQL injection vulner ...) + NOT-FOR-US: E-Commerce System +CVE-2023-27051 + RESERVED +CVE-2023-27050 + RESERVED +CVE-2023-27049 + RESERVED +CVE-2023-27048 + RESERVED +CVE-2023-27047 + RESERVED +CVE-2023-27046 + RESERVED +CVE-2023-27045 + RESERVED +CVE-2023-27044 + RESERVED +CVE-2023-27043 (The email module of Python through 3.11.3 incorrectly parses e-mail ad ...) + - python3.11 + [bookworm] - python3.11 (Minor issue) + - python3.10 + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + [buster] - python3.7 (Minor issue) + - python2.7 + [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + [buster] - python2.7 (Minor issue) + NOTE: https://github.com/python/cpython/issues/102988 +CVE-2023-27042 (Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/Se ...) + NOT-FOR-US: Tenda +CVE-2023-27041 (School Registration and Fee System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: School Registration and Fee System +CVE-2023-27040 (Simple Image Gallery v1.0 was discovered to contain a remote code exec ...) + NOT-FOR-US: Simple Image Gallery +CVE-2023-27039 + RESERVED +CVE-2023-27038 + RESERVED +CVE-2023-27037 (Qibosoft QiboCMS v7 was discovered to contain a remote code execution ...) + NOT-FOR-US: Qibosoft QiboCMS +CVE-2023-27036 + RESERVED +CVE-2023-27035 (An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers t ...) + NOT-FOR-US: Obsidian Canvas +CVE-2023-27034 (PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: PrestaShop +CVE-2023-27033 (Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code ...) + NOT-FOR-US: Prestashop cdesigner +CVE-2023-27032 (Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to c ...) + NOT-FOR-US: Prestashop advancedpopupcreator +CVE-2023-27031 + RESERVED +CVE-2023-27030 + RESERVED +CVE-2023-27029 + RESERVED +CVE-2023-27028 + RESERVED +CVE-2023-27027 + RESERVED +CVE-2023-27026 + RESERVED +CVE-2023-27025 (An arbitrary file download vulnerability in the background management ...) + NOT-FOR-US: RuoYi +CVE-2023-27024 + RESERVED +CVE-2023-27023 + RESERVED +CVE-2023-27022 + RESERVED +CVE-2023-27021 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27020 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27019 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27018 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27017 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27016 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27015 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27014 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27013 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27012 (Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a s ...) + NOT-FOR-US: Tenda +CVE-2023-27011 + RESERVED +CVE-2023-27010 (Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions ...) + NOT-FOR-US: Wondershare Dr.Fone +CVE-2023-27009 + RESERVED +CVE-2023-27008 (A Cross-site scripting (XSS) vulnerability in the function encrypt_pas ...) + NOT-FOR-US: ATutor +CVE-2023-27007 + RESERVED +CVE-2023-27006 + RESERVED +CVE-2023-27005 + RESERVED +CVE-2023-27004 + RESERVED +CVE-2023-27003 + RESERVED +CVE-2023-27002 + RESERVED +CVE-2023-27001 + RESERVED +CVE-2023-27000 + RESERVED +CVE-2023-26999 + RESERVED +CVE-2023-26998 + RESERVED +CVE-2023-26997 + RESERVED +CVE-2023-26996 + RESERVED +CVE-2023-26995 + RESERVED +CVE-2023-26994 + RESERVED +CVE-2023-26993 + RESERVED +CVE-2023-26992 + RESERVED +CVE-2023-26991 (SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in t ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/196 + NOTE: Crash in CLI tool, no security impact +CVE-2023-26990 + RESERVED +CVE-2023-26989 + RESERVED +CVE-2023-26988 + RESERVED +CVE-2023-26987 (An issue discovered in Konga 0.14.9 allows remote attackers to manipul ...) + NOT-FOR-US: Konga +CVE-2023-26986 (An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers ...) + NOT-FOR-US: China Mobile OA Mailbox PC +CVE-2023-26985 + RESERVED +CVE-2023-26984 (An issue in the password reset function of Peppermint v0.2.4 allows at ...) + NOT-FOR-US: Peppermint +CVE-2023-26983 + RESERVED +CVE-2023-26982 (Trudesk v1.2.6 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: Trudesk +CVE-2023-26981 + RESERVED +CVE-2023-26980 (PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition ...) + NOT-FOR-US: PAX Technology PAX A920 Pro PayDroid +CVE-2023-26979 (Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 ...) + NOT-FOR-US: Bluetens Electrostimulation Device BluetensQ +CVE-2023-26978 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-26977 + RESERVED +CVE-2023-26976 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2023-26975 + RESERVED +CVE-2023-26974 (Irfanview v4.62 allows a user-mode write access violation via a crafte ...) + NOT-FOR-US: Irfanview +CVE-2023-26973 + RESERVED +CVE-2023-26972 + RESERVED +CVE-2023-26971 + RESERVED +CVE-2023-26970 + RESERVED +CVE-2023-26969 (Atropim 1.5.26 is vulnerable to Directory Traversal.) + NOT-FOR-US: Atropim +CVE-2023-26968 (In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyph ...) + NOT-FOR-US: Atrocore +CVE-2023-26967 + RESERVED +CVE-2023-26966 (libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when lib ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/530 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/473 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 (v4.5.1rc1) +CVE-2023-26965 (loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-ba ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/472 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf (v4.5.1rc1) +CVE-2023-26964 (An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occ ...) + - rust-h2 0.3.13-2 (bug #1034723) + [buster] - rust-h2 (Minor issue) + NOTE: https://github.com/hyperium/hyper/issues/2877 + NOTE: https://github.com/hyperium/h2/commit/5bc8e72e5fcbd8ae2d3d9bc78a1c0ef0040bcc39 (v0.3.17) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0034.html +CVE-2023-26963 + RESERVED +CVE-2023-26962 + RESERVED +CVE-2023-26961 (Alteryx Server 2022.1.1.42590 does not employ file type verification f ...) + NOT-FOR-US: Alteryx +CVE-2023-26960 + RESERVED +CVE-2023-26959 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL I ...) + NOT-FOR-US: Phpgurukul Park Ticketing Management System +CVE-2023-26958 (Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross ...) + NOT-FOR-US: Phpgurukul Park Ticketing Management System +CVE-2023-26957 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26956 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26955 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26954 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26953 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26952 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26951 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26950 (onekeyadmin v1.3.9 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26949 (An arbitrary file upload vulnerability in the component /admin1/config ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26948 (onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vu ...) + NOT-FOR-US: onekeyadmin +CVE-2023-26947 + RESERVED +CVE-2023-26946 + RESERVED +CVE-2023-26945 + RESERVED +CVE-2023-26944 + RESERVED +CVE-2023-26943 (Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allo ...) + NOT-FOR-US: Yale Keyless Lock +CVE-2023-26942 (Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allo ...) + NOT-FOR-US: Yale IA-210 Alarm +CVE-2023-26941 (Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allo ...) + NOT-FOR-US: Yale Conexis L1 +CVE-2023-26940 + RESERVED +CVE-2023-26939 + RESERVED +CVE-2023-26938 + REJECTED +CVE-2023-26937 + REJECTED +CVE-2023-26936 + REJECTED +CVE-2023-26935 + REJECTED +CVE-2023-26934 + REJECTED +CVE-2023-26933 + RESERVED +CVE-2023-26932 + RESERVED +CVE-2023-26931 + REJECTED +CVE-2023-26930 (Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2023-26929 + RESERVED +CVE-2023-26928 + RESERVED +CVE-2023-26927 + RESERVED +CVE-2023-26926 + RESERVED +CVE-2023-26925 (An information disclosure vulnerability exists in the Syslog functiona ...) + NOT-FOR-US: D-Link +CVE-2023-26924 (LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockReg ...) + - llvm-toolchain-14 (unimportant) + - llvm-toolchain-15 (unimportant) + NOTE: Negligible security impact, also see https://llvm.org/docs/Security.html#what-is-considered-a-security-issue +CVE-2023-26923 (Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that ...) + - musescore (unimportant) + [buster] - musescore (vulnerability introduced in 3.0) + - musescore2 (vulnerability introduced in 3.0) + - musescore3 (unimportant) + NOTE: https://github.com/musescore/MuseScore/issues/16346 + NOTE: Vulnerability triggered only on Windows codepath +CVE-2023-26922 (SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a ...) + NOT-FOR-US: Varisicte +CVE-2023-26921 (OS Command Injection vulnerability in quectel AG550QCN allows attacker ...) + NOT-FOR-US: quectel +CVE-2023-26920 (fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution.) + NOT-FOR-US: fast-xml-parser +CVE-2023-26919 (delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escap ...) + NOT-FOR-US: delight-nashorn-sandbox +CVE-2023-26918 (Diasoft File Replication Pro 7.5.0 allows attackers to escalate privil ...) + NOT-FOR-US: Diasoft File Replication Pro +CVE-2023-26917 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...) + - libyang2 (bug #1034724) + [bookworm] - libyang2 (Minor issue) + [bullseye] - libyang2 (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1987 + NOTE: https://github.com/CESNET/libyang/commit/cfa1a965a429e4bfc5ae1539a8e87a9cf71c3090 (v2.1.55) +CVE-2023-26916 (libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL poin ...) + - libyang2 (bug #1034154) + [bookworm] - libyang2 (Minor issue) + [bullseye] - libyang2 (Minor issue) + NOTE: https://github.com/CESNET/libyang/issues/1979 + NOTE: https://github.com/CESNET/libyang/commit/dc668d296f9f05aeab6315d44cff3208641e3096 (v2.1.55) +CVE-2023-26915 + RESERVED +CVE-2023-26914 + RESERVED +CVE-2023-26913 (EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross ...) + NOT-FOR-US: EVOLUCARE ECSIMAGING +CVE-2023-26912 (Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commi ...) + NOT-FOR-US: S-mall-ssm +CVE-2023-26911 (ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contain ...) + NOT-FOR-US: Asus +CVE-2023-26910 + RESERVED +CVE-2023-26909 + RESERVED +CVE-2023-26908 + RESERVED +CVE-2023-26907 + RESERVED +CVE-2023-26906 + RESERVED +CVE-2023-26905 (An issue was discovered in Alphaware - Simple E-Commerce System v1.0. ...) + NOT-FOR-US: Alphaware +CVE-2023-26904 + RESERVED +CVE-2023-26903 + RESERVED +CVE-2023-26902 + RESERVED +CVE-2023-26901 + RESERVED +CVE-2023-26900 + RESERVED +CVE-2023-26899 + RESERVED +CVE-2023-26898 + RESERVED +CVE-2023-26897 + RESERVED +CVE-2023-26896 + RESERVED +CVE-2023-26895 + RESERVED +CVE-2023-26894 + RESERVED +CVE-2023-26893 + RESERVED +CVE-2023-26892 + RESERVED +CVE-2023-26891 + RESERVED +CVE-2023-26890 + RESERVED +CVE-2023-26889 + RESERVED +CVE-2023-26888 + RESERVED +CVE-2023-26887 + RESERVED +CVE-2023-26886 + RESERVED +CVE-2023-26885 + RESERVED +CVE-2023-26884 + RESERVED +CVE-2023-26883 + RESERVED +CVE-2023-26882 + RESERVED +CVE-2023-26881 + RESERVED +CVE-2023-26880 + RESERVED +CVE-2023-26879 + RESERVED +CVE-2023-26878 + RESERVED +CVE-2023-26877 + RESERVED +CVE-2023-26876 (SQL injection vulnerability found in Piwigo v.13.5.0 and before allows ...) + - piwigo +CVE-2023-26875 + RESERVED +CVE-2023-26874 + RESERVED +CVE-2023-26873 + RESERVED +CVE-2023-26872 + RESERVED +CVE-2023-26871 + RESERVED +CVE-2023-26870 + RESERVED +CVE-2023-26869 + RESERVED +CVE-2023-26868 + RESERVED +CVE-2023-26867 + RESERVED +CVE-2023-26866 (GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions ...) + NOT-FOR-US: GreenPacket +CVE-2023-26865 (SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and b ...) + NOT-FOR-US: PrestaShop bdroppy +CVE-2023-26864 (SQL injection vulnerability found in PrestaShop smplredirectionsmanage ...) + NOT-FOR-US: PrestaShop +CVE-2023-26863 + RESERVED +CVE-2023-26862 + RESERVED +CVE-2023-26861 (SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 an ...) + NOT-FOR-US: PrestaShop module +CVE-2023-26860 (SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and b ...) + NOT-FOR-US: PrestaShop Igbudget +CVE-2023-26859 (SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 an ...) + NOT-FOR-US: PrestaShop +CVE-2023-26858 (SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a r ...) + NOT-FOR-US: prestashop +CVE-2023-26857 (An arbitrary file upload vulnerability in /admin/ajax.php?action=save_ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2023-26856 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2023-26855 (The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt v ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26854 + RESERVED +CVE-2023-26853 + RESERVED +CVE-2023-26852 (An arbitrary file upload vulnerability in the upload plugin of Textpat ...) + NOT-FOR-US: Textpattern CMS +CVE-2023-26851 + RESERVED +CVE-2023-26850 + RESERVED +CVE-2023-26849 + RESERVED +CVE-2023-26848 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-26847 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...) + NOT-FOR-US: OpenCATS +CVE-2023-26846 (A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 a ...) + NOT-FOR-US: OpenCATS +CVE-2023-26845 (A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers ...) + NOT-FOR-US: OpenCATS +CVE-2023-26844 + RESERVED +CVE-2023-26843 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26842 (A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 a ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26841 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26840 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26839 (A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 ...) + NOT-FOR-US: ChurchCRM +CVE-2023-26838 + RESERVED +CVE-2023-26837 + RESERVED +CVE-2023-26836 + RESERVED +CVE-2023-26835 + RESERVED +CVE-2023-26834 + RESERVED +CVE-2023-26833 + RESERVED +CVE-2023-26832 + RESERVED +CVE-2023-26831 + RESERVED +CVE-2023-26830 (An unrestricted file upload vulnerability in the administrative portal ...) + NOT-FOR-US: Gladinet CentreStack +CVE-2023-26829 (An authentication bypass vulnerability in the Password Reset component ...) + NOT-FOR-US: Gladinet CentreStack +CVE-2023-26828 + RESERVED +CVE-2023-26827 + RESERVED +CVE-2023-26826 + RESERVED +CVE-2023-26825 + RESERVED +CVE-2023-26824 + RESERVED +CVE-2023-26823 + REJECTED +CVE-2023-26822 (D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command in ...) + NOT-FOR-US: D-Link +CVE-2023-26821 + RESERVED +CVE-2023-26820 (siteproxy v1.0 was discovered to contain a path traversal vulnerabilit ...) + NOT-FOR-US: siteproxy +CVE-2023-26819 + RESERVED +CVE-2023-26818 (Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, ...) + NOT-FOR-US: Telegram on MacOS +CVE-2023-26817 (codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a r ...) + NOT-FOR-US: codefever +CVE-2023-26816 + RESERVED +CVE-2023-26815 + RESERVED +CVE-2023-26814 + RESERVED +CVE-2023-26813 (SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictiona ...) + NOT-FOR-US: wangmarket CMS +CVE-2023-26812 + REJECTED +CVE-2023-26811 + RESERVED +CVE-2023-26810 + RESERVED +CVE-2023-26809 + RESERVED +CVE-2023-26808 + RESERVED +CVE-2023-26807 + RESERVED +CVE-2023-26806 (Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulner ...) + NOT-FOR-US: Tenda +CVE-2023-26805 (Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) ...) + NOT-FOR-US: Tenda +CVE-2023-26804 + RESERVED +CVE-2023-26803 + RESERVED +CVE-2023-26802 (An issue in the component /network_config/nsg_masq.cgi of DCN (Digital ...) + NOT-FOR-US: DCN (Digital China Networks) DCBI-Netlog-LAB +CVE-2023-26801 (LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 ...) + NOT-FOR-US: LB-LINK +CVE-2023-26800 (Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discov ...) + NOT-FOR-US: Ruijie Networks RG-EW1200 Wireless Routers +CVE-2023-26799 + RESERVED +CVE-2023-26798 + RESERVED +CVE-2023-26797 + RESERVED +CVE-2023-26796 + RESERVED +CVE-2023-26795 + RESERVED +CVE-2023-26794 + RESERVED +CVE-2023-26793 + RESERVED +CVE-2023-26792 + RESERVED +CVE-2023-26791 + RESERVED +CVE-2023-26790 + RESERVED +CVE-2023-26789 (Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected ...) + NOT-FOR-US: Veritas +CVE-2023-26788 (Veritas Appliance v4.1.0.1 is affected by Host Header Injection attack ...) + NOT-FOR-US: Veritas Appliance +CVE-2023-26787 + RESERVED +CVE-2023-26786 + RESERVED +CVE-2023-26785 + RESERVED +CVE-2023-26784 (SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020 ...) + NOT-FOR-US: Kirin +CVE-2023-26783 + RESERVED +CVE-2023-26782 (An issue discovered in mccms 2.6.1 allows remote attackers to cause a ...) + NOT-FOR-US: mccms +CVE-2023-26781 (SQL injection vulnerability in mccms 2.6 allows remote attackers to ru ...) + NOT-FOR-US: mccms +CVE-2023-26780 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.) + NOT-FOR-US: CleverStupidDog yf-exam +CVE-2023-26779 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which ...) + NOT-FOR-US: CleverStupidDog yf-exam +CVE-2023-26778 + RESERVED +CVE-2023-26777 (Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1 ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-26776 (Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a ...) + NOT-FOR-US: Monitorr +CVE-2023-26775 (File Upload vulnerability found in Monitorr v.1.7.6 allows a remote at ...) + NOT-FOR-US: Monitorr +CVE-2023-26774 (An issue found in Sales Tracker Management System v.1.0 allows a remot ...) + NOT-FOR-US: Sales Tracker Management System +CVE-2023-26773 (Cross Site Scripting vulnerability found in Sales Tracker Management S ...) + NOT-FOR-US: Sales Tracker Management System +CVE-2023-26772 + RESERVED +CVE-2023-26771 + RESERVED +CVE-2023-26770 + RESERVED +CVE-2023-26769 (Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 all ...) + - liblouis 3.24.0-2 (bug #1033202; unimportant) + NOTE: https://github.com/liblouis/liblouis/pull/1300 + NOTE: https://github.com/liblouis/liblouis/commit/d45430431f8c75941f863328eb3f7fc09f902b2e (v3.25.0) + NOTE: https://github.com/liblouis/liblouis/commit/6f39e88745e8ec602ccc46042c305a6188f28b0a (v3.25.0) + NOTE: https://github.com/liblouis/liblouis/commit/9f6cec9b63c1d9396fcc32fed77267a2815b648f (v3.25.0) + NOTE: Negligible security impact in debugging tool +CVE-2023-26768 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) + - liblouis 3.24.0-2 (bug #1033202; unimportant) + NOTE: https://github.com/liblouis/liblouis/issues/1301 + NOTE: https://github.com/liblouis/liblouis/pull/1302 + NOTE: https://github.com/liblouis/liblouis/commit/565ac66ec0c187ffb442226487de3db376702958 (v3.25.0) + NOTE: https://github.com/liblouis/liblouis/commit/47822bb418fb77564c159469e3be79989b11aced (v3.25.0) + NOTE: Negligible security impact +CVE-2023-26767 (Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remo ...) + - liblouis 3.24.0-2 (bug #1033202; unimportant) + NOTE: https://github.com/liblouis/liblouis/issues/1292 + NOTE: https://github.com/liblouis/liblouis/pull/1297 + NOTE: https://github.com/liblouis/liblouis/commit/f432de31058b5a94874d47405216d07910c18a9a (v3.25.0) + NOTE: Negligible security impact +CVE-2023-26766 + RESERVED +CVE-2023-26765 + RESERVED +CVE-2023-26764 + RESERVED +CVE-2023-26763 + RESERVED +CVE-2023-26762 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary fi ...) + NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 +CVE-2023-26761 + RESERVED +CVE-2023-26760 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information ...) + NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 +CVE-2023-26759 (Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command i ...) + NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 +CVE-2023-26758 (Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file d ...) + NOT-FOR-US: Sme.UP ERP TOKYO V6R1M220406 +CVE-2023-26757 + RESERVED +CVE-2023-26756 (The login page of Revive Adserver v5.4.1 is vulnerable to brute force ...) + NOT-FOR-US: Revive Adserver +CVE-2023-26755 + RESERVED +CVE-2023-26754 + RESERVED +CVE-2023-26753 + RESERVED +CVE-2023-26752 + RESERVED +CVE-2023-26751 + RESERVED +CVE-2023-26750 (SQL injection vulnerability found in Yii Framework Yii 2 Framework bef ...) + - yii (bug #597899) +CVE-2023-26749 + RESERVED +CVE-2023-26748 + RESERVED +CVE-2023-26747 + RESERVED +CVE-2023-26746 + RESERVED +CVE-2023-26745 + RESERVED +CVE-2023-26744 + RESERVED +CVE-2023-26743 + RESERVED +CVE-2023-26742 + RESERVED +CVE-2023-26741 + RESERVED +CVE-2023-26740 + RESERVED +CVE-2023-26739 + RESERVED +CVE-2023-26738 + RESERVED +CVE-2023-26737 + RESERVED +CVE-2023-26736 + RESERVED +CVE-2023-26735 (blackbox_exporter v0.23.0 was discovered to contain an access control ...) + - prometheus-blackbox-exporter (unimportant) + NOTE: https://github.com/prometheus/blackbox_exporter/issues/1024 + NOTE: https://github.com/prometheus/blackbox_exporter/issues/1024#issuecomment-1526944617 + NOTE: Upstream of the project did disputed the CVE. Upstream position is + NOTE: that the refererred behaviour is intended functionality. +CVE-2023-26734 + RESERVED +CVE-2023-26733 (Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local a ...) + NOT-FOR-US: tinyTIFF +CVE-2023-26732 + RESERVED +CVE-2023-26731 + RESERVED +CVE-2023-26730 + RESERVED +CVE-2023-26729 + RESERVED +CVE-2023-26728 + RESERVED +CVE-2023-26727 + RESERVED +CVE-2023-26726 + RESERVED +CVE-2023-26725 + RESERVED +CVE-2023-26724 + RESERVED +CVE-2023-26723 + RESERVED +CVE-2023-26722 + RESERVED +CVE-2023-26721 + RESERVED +CVE-2023-26720 + RESERVED +CVE-2023-26719 + RESERVED +CVE-2023-26718 + RESERVED +CVE-2023-26717 + RESERVED +CVE-2023-26716 + RESERVED +CVE-2023-26715 + RESERVED +CVE-2023-26714 + RESERVED +CVE-2023-26713 + RESERVED +CVE-2023-26712 + RESERVED +CVE-2023-26711 + RESERVED +CVE-2023-26710 + RESERVED +CVE-2023-26709 + RESERVED +CVE-2023-26708 + RESERVED +CVE-2023-26707 + RESERVED +CVE-2023-26706 + RESERVED +CVE-2023-26705 + RESERVED +CVE-2023-26704 + RESERVED +CVE-2023-26703 + RESERVED +CVE-2023-26702 + RESERVED +CVE-2023-26701 + RESERVED +CVE-2023-26700 + RESERVED +CVE-2023-26699 + RESERVED +CVE-2023-26698 + RESERVED +CVE-2023-26697 + RESERVED +CVE-2023-26696 + RESERVED +CVE-2023-26695 + RESERVED +CVE-2023-26694 + RESERVED +CVE-2023-26693 + RESERVED +CVE-2023-26692 (ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Manage ...) + NOT-FOR-US: ZCBS Zijper Collectie Beheer Systeem +CVE-2023-26691 + RESERVED +CVE-2023-26690 + RESERVED +CVE-2023-26689 + RESERVED +CVE-2023-26688 + RESERVED +CVE-2023-26687 + RESERVED +CVE-2023-26686 + RESERVED +CVE-2023-26685 + RESERVED +CVE-2023-26684 + RESERVED +CVE-2023-26683 + RESERVED +CVE-2023-26682 + RESERVED +CVE-2023-26681 + RESERVED +CVE-2023-26680 + RESERVED +CVE-2023-26679 + RESERVED +CVE-2023-26678 + RESERVED +CVE-2023-26677 + RESERVED +CVE-2023-26676 + RESERVED +CVE-2023-26675 + RESERVED +CVE-2023-26674 + RESERVED +CVE-2023-26673 + RESERVED +CVE-2023-26672 + RESERVED +CVE-2023-26671 + RESERVED +CVE-2023-26670 + RESERVED +CVE-2023-26669 + RESERVED +CVE-2023-26668 + RESERVED +CVE-2023-26667 + RESERVED +CVE-2023-26666 + RESERVED +CVE-2023-26665 + RESERVED +CVE-2023-26664 + RESERVED +CVE-2023-26663 + RESERVED +CVE-2023-26662 + RESERVED +CVE-2023-26661 + RESERVED +CVE-2023-26660 + RESERVED +CVE-2023-26659 + RESERVED +CVE-2023-26658 + RESERVED +CVE-2023-26657 + RESERVED +CVE-2023-26656 + RESERVED +CVE-2023-26655 + RESERVED +CVE-2023-26654 + RESERVED +CVE-2023-26653 + RESERVED +CVE-2023-26652 + RESERVED +CVE-2023-26651 + RESERVED +CVE-2023-26650 + RESERVED +CVE-2023-26649 + RESERVED +CVE-2023-26648 + RESERVED +CVE-2023-26647 + RESERVED +CVE-2023-26646 + RESERVED +CVE-2023-26645 + RESERVED +CVE-2023-26644 + RESERVED +CVE-2023-26643 + RESERVED +CVE-2023-26642 + RESERVED +CVE-2023-26641 + RESERVED +CVE-2023-26640 + RESERVED +CVE-2023-26639 + RESERVED +CVE-2023-26638 + RESERVED +CVE-2023-26637 + RESERVED +CVE-2023-26636 + RESERVED +CVE-2023-26635 + RESERVED +CVE-2023-26634 + RESERVED +CVE-2023-26633 + RESERVED +CVE-2023-26632 + RESERVED +CVE-2023-26631 + RESERVED +CVE-2023-26630 + RESERVED +CVE-2023-26629 + RESERVED +CVE-2023-26628 + RESERVED +CVE-2023-26627 + RESERVED +CVE-2023-26626 + RESERVED +CVE-2023-26625 + RESERVED +CVE-2023-26624 + RESERVED +CVE-2023-26623 + RESERVED +CVE-2023-26622 + RESERVED +CVE-2023-26621 + RESERVED +CVE-2023-26620 + RESERVED +CVE-2023-26619 + RESERVED +CVE-2023-26618 + RESERVED +CVE-2023-26617 + RESERVED +CVE-2023-26616 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...) + NOT-FOR-US: D-Link +CVE-2023-26615 (D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerab ...) + NOT-FOR-US: D-Link +CVE-2023-26614 + RESERVED +CVE-2023-26613 (An OS command injection vulnerability in D-Link DIR-823G firmware vers ...) + NOT-FOR-US: D-Link +CVE-2023-26612 (D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnera ...) + NOT-FOR-US: D-Link +CVE-2023-26611 + RESERVED +CVE-2023-26610 + RESERVED +CVE-2023-26609 (ABUS TVIP 20000-21150 devices allows remote attackers to execute arbit ...) + NOT-FOR-US: ABUS TVIP 20000-21150 devices +CVE-2023-26608 (SOLDR (System of Orchestration, Lifecycle control, Detection and Respo ...) + NOT-FOR-US: SOLDR (System of Orchestration, Lifecycle control, Detection and Response) +CVE-2023-26607 (In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr ...) + - linux 4.19.37-1 + NOTE: https://lkml.org/lkml/2023/2/21/1353 +CVE-2023-26606 (In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs i ...) + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2023/2/20/860 + NOTE: NTFS3 driver not enabled in Debian. +CVE-2023-26605 (In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_mov ...) + - linux 6.0.12-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2023/2/22/3 + NOTE: https://git.kernel.org/linus/4e3c51f4e805291b057d12f5dda5aeb50a538dc4 +CVE-2023-26604 (systemd before 247 does not adequately block local privilege escalatio ...) + {DLA-3377-1} + - systemd 247.1-2 + NOTE: https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 + NOTE: https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 + NOTE: https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/ +CVE-2023-26603 + RESERVED +CVE-2022-48363 (In MPD before 0.23.8, as used on Automotive Grade Linux and other plat ...) + NOT-FOR-US: MPD as used by Automotive Grade Linux +CVE-2023-26602 (ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to ex ...) + NOT-FOR-US: ASUS ASMB8 iKVM firmware +CVE-2023-26601 (Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer throu ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-26600 (ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP thro ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-26599 (XSS vulnerability in TripleSign in Tripleplay Platform releases prior ...) + NOT-FOR-US: Tripleplay +CVE-2023-26598 + RESERVED +CVE-2023-26588 (Use of hard-coded credentials vulnerability in Buffalo network devices ...) + NOT-FOR-US: Buffalo network devices +CVE-2023-26584 (Unauthenticated SQL injection in the GetStudentInconsistencies met ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26583 (Unauthenticated SQL injection in the GetCurrentPeriod method in IDA ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26582 (Unauthenticated SQL injection in the GetExcursionDetails method in I ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26581 (Unauthenticated SQL injection in the GetVisitors method in IDAttend\u ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26580 (Unauthenticated arbitrary file read in the IDAttend\u2019s IDWeb appli ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26579 (Missing authentication in the DeleteStaff method in IDAttend\u2019s ID ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26578 (Arbitrary file upload to web root in the IDAttend\u2019s IDWeb applica ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26577 (Stored cross-site scripting in the IDAttend\u2019s IDWeb application 3 ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26576 (Missing authentication in the SearchStudentsRFID method in IDAttend\ ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26575 (Missing authentication in the SearchStudentsStaff method in IDAttend\ ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26574 (Missing authentication in the SearchStudents method in IDAttend\u2019s ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26573 (Missing authentication in the SetDB method in IDAttend\u2019s IDWeb ap ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26572 (Unauthenticated SQL injection in the GetExcursionList method in IDAtte ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26571 (Missing authentication in the SetStudentNotes method in IDAttend\u201 ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26570 (Missing authentication in the StudentPopupDetails_Timetable method in ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26569 (Unauthenticated SQL injection in the StudentPopupDetails_Timetable met ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26568 (Unauthenticated SQL injection in the GetStudentGroupStudents method in ...) + NOT-FOR-US: IDAttend's IDWeb application +CVE-2023-26567 (Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) plac ...) + NOT-FOR-US: Sangoma +CVE-2023-26566 + RESERVED +CVE-2023-26565 + RESERVED +CVE-2023-26564 (The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Mode ...) + NOT-FOR-US: Syncfusion +CVE-2023-26563 (The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesys ...) + NOT-FOR-US: Syncfusion +CVE-2023-26562 + RESERVED +CVE-2023-26561 + RESERVED +CVE-2023-26560 (Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of aut ...) + NOT-FOR-US: CFEngine Enterprise +CVE-2023-26559 (A directory traversal vulnerability in Oxygen XML Web Author before 25 ...) + NOT-FOR-US: Oxygen XML Web Author +CVE-2023-26558 + RESERVED +CVE-2023-26557 (io.finnet tss-lib before 2.0.0 can leak the lambda value of a private ...) + NOT-FOR-US: io.finnet tss-lib +CVE-2023-26556 (io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side ...) + NOT-FOR-US: io.finnet tss-lib +CVE-2023-26555 (praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-o ...) + - ntp + [bullseye] - ntp (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver) + [buster] - ntp (Minor issue; affects only the clock driver for the Trimble Palisade GPS timing receiver) + NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26555 +CVE-2023-26554 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) + - ntp (unimportant) + NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26554 + NOTE: Negligible security impact, affects only ntpq CLI and testsuite +CVE-2023-26553 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) + - ntp (unimportant) + NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26553 + NOTE: Negligible security impact, affects only ntpq CLI and testsuite +CVE-2023-26552 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) + - ntp (unimportant) + NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26552 + NOTE: Negligible security impact, affects only ntpq CLI and testsuite +CVE-2023-26551 (mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write ...) + - ntp (unimportant) + NOTE: https://github.com/spwpun/ntp-4.2.8p15-cves/blob/main/CVE-2023-26551 + NOTE: Negligible security impact, affects only ntpq CLI and testsuite +CVE-2023-26550 (A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allow ...) + NOT-FOR-US: BMC Control-M +CVE-2023-26549 (The SystemUI module has a vulnerability of repeated app restart due to ...) + NOT-FOR-US: Huawei +CVE-2023-26548 (The pgmng module has a vulnerability in serialization/deserialization. ...) + NOT-FOR-US: Huawei +CVE-2023-26547 (The InputMethod module has a vulnerability of serialization/deserializ ...) + NOT-FOR-US: Huawei +CVE-2023-26546 (European Chemicals Agency IUCLID before 6.27.6 allows remote authentic ...) + NOT-FOR-US: European Chemicals Agency IUCLID +CVE-2023-24544 (Improper access control vulnerability in Buffalo network devices allow ...) + NOT-FOR-US: Buffalo network devices +CVE-2023-24464 (Stored-cross-site scripting vulnerability in Buffalo network devices a ...) + NOT-FOR-US: Buffalo network devices +CVE-2023-1048 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: TechPowerUp Ryzen DRAM Calculator +CVE-2023-1047 (A vulnerability classified as critical was found in TechPowerUp RealTe ...) + NOT-FOR-US: TechPowerUp RealTemp +CVE-2023-1046 (A vulnerability classified as critical has been found in MuYuCMS 2.2. ...) + NOT-FOR-US: MuYuCMS +CVE-2023-1045 (A vulnerability was found in MuYuCMS 2.2. It has been rated as problem ...) + NOT-FOR-US: MuYuCMS +CVE-2023-1044 (A vulnerability was found in MuYuCMS 2.2. It has been declared as prob ...) + NOT-FOR-US: MuYuCMS +CVE-2023-1043 (A vulnerability was found in MuYuCMS 2.2. It has been classified as pr ...) + NOT-FOR-US: MuYuCMS +CVE-2023-1042 (A vulnerability has been found in SourceCodester Online Pet Shop We Ap ...) + NOT-FOR-US: SourceCodester Online Pet Shop We App +CVE-2023-1041 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Simple Responsive Tourism Website +CVE-2023-1040 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Graduate Tracer System +CVE-2023-1039 (A vulnerability classified as critical was found in SourceCodester Cla ...) + NOT-FOR-US: SourceCodester Class and Exam Timetabling System +CVE-2023-1038 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Reviewer Management System +CVE-2023-1037 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) + NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System +CVE-2023-1036 (A vulnerability was found in SourceCodester Dental Clinic Appointment ...) + NOT-FOR-US: SourceCodester Dental Clinic Appointment Reservation System +CVE-2023-1035 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + NOT-FOR-US: SourceCodester Clinics Patient Management System +CVE-2023-1034 (Path Traversal: '\..\filename' in GitHub repository salesagility/suite ...) + NOT-FOR-US: suitecrm +CVE-2023-1033 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) + - froxlor (bug #581792) +CVE-2023-1032 + RESERVED + - linux 6.1.20-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/13/2 + NOTE: https://git.kernel.org/linus/649c15c7691e9b13cbe9bf6c65c365350e056067 +CVE-2022-48362 (Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1. ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-48361 (The Always On Display (AOD) has a path traversal vulnerability in them ...) + NOT-FOR-US: Huawei +CVE-2022-48360 (The facial recognition module has a vulnerability in file permission c ...) + NOT-FOR-US: Huawei +CVE-2022-48359 (The recovery mode for updates has a vulnerability that causes arbitrar ...) + NOT-FOR-US: Huawei +CVE-2022-48358 (The BatteryHealthActivity has a redirection vulnerability. Successful ...) + NOT-FOR-US: Huawei +CVE-2022-48357 (Some products have the double fetch vulnerability. Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2022-48356 (The facial recognition module has a vulnerability in input parameter v ...) + NOT-FOR-US: Huawei +CVE-2022-48355 (The Bluetooth module has a heap out-of-bounds read vulnerability. Succ ...) + NOT-FOR-US: Huawei +CVE-2022-48354 (The Bluetooth module has a heap out-of-bounds write vulnerability. Suc ...) + NOT-FOR-US: Huawei +CVE-2022-48353 (Some smartphones have configuration issues. Successful exploitation of ...) + NOT-FOR-US: Huawei +CVE-2022-48352 (Some smartphones have data initialization issues. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2022-48351 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-48350 (The HUAWEI Messaging app has a vulnerability of unauthorized file acce ...) + NOT-FOR-US: Huawei +CVE-2022-48349 (The control component has a spoofing vulnerability. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-48348 (The MediaProvider module has a vulnerability of unauthorized data read ...) + NOT-FOR-US: Huawei +CVE-2022-48347 (The MediaProvider module has a vulnerability in permission verificatio ...) + NOT-FOR-US: Huawei +CVE-2022-48346 (The HwContacts module has a logic bypass vulnerability. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2020-36662 + RESERVED +CVE-2015-10087 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in UpTh ...) + NOT-FOR-US: WordPress theme +CVE-2015-10086 (A vulnerability, which was classified as critical, was found in OpenCy ...) + NOT-FOR-US: OpenCycleCompass +CVE-2023-26545 (In the Linux kernel before 6.1.13, there is a double free in net/mpls/ ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.15-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/fda6c89fe3d9aca073495a664e1d5aea28cd4377 (6.2) +CVE-2023-26544 (In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in ...) + - linux 6.1.4-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2023/2/20/128 + NOTE: NTFS3 driver not enabled in Debian. +CVE-2023-1031 (MonicaHQ version 4.0.0 allows an authenticated remote attacker to exec ...) + NOT-FOR-US: MonicaHQ +CVE-2023-1030 (A vulnerability has been found in SourceCodester Online Boat Reservati ...) + NOT-FOR-US: SourceCodester Online BoatReservation System +CVE-2023-1029 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1028 (The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1027 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1026 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized acc ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2019-25105 (A vulnerability, which was classified as problematic, was found in dro ...) + NOT-FOR-US: dro.pm +CVE-2023-26543 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26542 (Cross-Site Request Forgery (CSRF) vulnerability in Exeebit phpinfo() W ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26541 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26540 + RESERVED +CVE-2023-26539 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26538 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kamy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26537 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nico ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26536 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26535 (Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26534 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneW ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26533 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26532 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26531 (Cross-Site Request Forgery (CSRF) vulnerability in \u95ea\u7535\u535a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26530 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Keh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26529 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dupe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26528 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jini ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26527 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIn ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26526 + RESERVED +CVE-2023-26525 + RESERVED +CVE-2023-26524 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26523 + RESERVED +CVE-2023-26522 + RESERVED +CVE-2023-26521 + RESERVED +CVE-2023-26520 + RESERVED +CVE-2023-26519 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26518 (Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26517 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26516 (Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26515 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko T ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26514 (Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26513 (Excessive Iteration vulnerability in Apache Software Foundation Apache ...) + NOT-FOR-US: Apache Sling +CVE-2023-26512 (CWE-502 Deserialization of Untrusted Dataat therabbitmq-connector plug ...) + NOT-FOR-US: Apache EventMesh +CVE-2023-1025 (The Simple File List WordPress plugin before 6.0.10 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1024 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sit ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1023 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plu ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1022 (The WP Meta SEO plugin for WordPress is vulnerable to unauthorized opt ...) + NOT-FOR-US: WP Meta SEO plugin for WordPress +CVE-2023-1021 (The amr ical events lists WordPress plugin through 6.6 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1020 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1019 (The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1018 (An out-of-bounds read vulnerability exists in TPM2.0's Module Library ...) + - libtpms 0.9.2-3.1 (bug #1032420) + NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 + NOTE: https://kb.cert.org/vuls/id/782720 + NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf +CVE-2023-1017 (An out-of-bounds write vulnerability exists in TPM2.0's Module Library ...) + - libtpms 0.9.2-3.1 (bug #1032420) + NOTE: https://github.com/stefanberger/libtpms/commit/324dbb4c27ae789c73b69dbf4611242267919dd4 + NOTE: https://kb.cert.org/vuls/id/782720 + NOTE: https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf +CVE-2023-1016 (The Intuitive Custom Post Order plugin for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1015 + REJECTED +CVE-2023-1014 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) + NOT-FOR-US: Virames Vira-Investing +CVE-2023-1013 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + NOT-FOR-US: Virames Vira-Investing +CVE-2023-1012 + RESERVED +CVE-2023-1011 (The AI ChatBot WordPress plugin before 4.4.5 does not escape most of i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-1010 (A vulnerability classified as critical was found in vox2png 1.0. Affec ...) + NOT-FOR-US: vox2png +CVE-2023-1009 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: DrayTek Vigor 2960 +CVE-2023-1008 (A vulnerability was found in Twister Antivirus 8.17. It has been rated ...) + NOT-FOR-US: Twister Antivirus +CVE-2023-1007 (A vulnerability was found in Twister Antivirus 8.17. It has been decla ...) + NOT-FOR-US: Twister Antivirus +CVE-2023-1006 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) + NOT-FOR-US: SourceCodester Medical Certificate Generator App +CVE-2023-1005 (A vulnerability was found in JP1016 Markdown-Electron and classified a ...) + NOT-FOR-US: JP1016 Markdown-Electron +CVE-2023-1004 (A vulnerability has been found in MarkText up to 0.17.1 on Windows and ...) + NOT-FOR-US: MarkText +CVE-2023-1003 (A vulnerability, which was classified as critical, was found in Typora ...) + NOT-FOR-US: Typora +CVE-2023-1002 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: MuYuCMS +CVE-2023-1001 + RESERVED +CVE-2023-1000 + RESERVED +CVE-2023-0999 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-0998 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2023-0997 (A vulnerability was found in SourceCodester Moosikay E-Commerce System ...) + NOT-FOR-US: SourceCodester Moosikay E-Commerce System +CVE-2023-26511 (A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Prop ...) + NOT-FOR-US: Propius MachineSelector +CVE-2023-26510 (Ghost 5.35.0 allows authorization bypass: contributors can view draft ...) + NOT-FOR-US: Ghost CMS +CVE-2023-26509 (AnyDesk 7.0.8 allows remote Denial of Service.) + NOT-FOR-US: AnyDesk +CVE-2023-26508 + RESERVED +CVE-2023-26507 + RESERVED +CVE-2023-26506 + RESERVED +CVE-2023-26505 + RESERVED +CVE-2023-26504 + RESERVED +CVE-2023-26503 + RESERVED +CVE-2023-26502 + RESERVED +CVE-2023-26501 + RESERVED +CVE-2023-26500 + RESERVED +CVE-2023-26499 + RESERVED +CVE-2023-26498 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) + NOT-FOR-US: Samsung +CVE-2023-26497 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) + NOT-FOR-US: Samsung +CVE-2023-26496 (An issue was discovered in Samsung Baseband Modem Chipset for Exynos M ...) + NOT-FOR-US: Samsung +CVE-2023-26495 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2023-26494 (lorawan-stack is an open source LoRaWAN network server. Prior to versi ...) + NOT-FOR-US: lorawan-stack +CVE-2023-26493 (Cocos Engine is an open-source framework for building 2D & 3D real-tim ...) + NOT-FOR-US: Cocos Engine +CVE-2023-26492 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2023-26491 (RSSHub is an open source and extensible RSS feed generator. When the U ...) + NOT-FOR-US: RSSHub +CVE-2023-26490 (mailcow is a dockerized email package, with multiple containers linked ...) + NOT-FOR-US: mailcow +CVE-2023-26489 (wasmtime is a fast and secure runtime for WebAssembly. In affected ver ...) + NOT-FOR-US: wasmtime +CVE-2023-26488 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2023-26487 (Vega is a visualization grammar, a declarative format for creating, sa ...) + NOT-FOR-US: Vega +CVE-2023-26486 (Vega is a visualization grammar, a declarative format for creating, sa ...) + NOT-FOR-US: Vega +CVE-2023-26485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1034171) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1034172) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1034173) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1034174) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r8vr-c48j-fcc5 + NOTE: https://github.com/github/cmark-gfm/commit/07a66c9bc341f902878e37d7da8647d6ef150987 (0.29.0.gfm.10) +CVE-2023-26484 (KubeVirt is a virtual machine management add-on for Kubernetes. In ver ...) + NOT-FOR-US: KubeVirt +CVE-2023-26483 (gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Provider ...) + - golang-github-russellhaering-gosaml2 (bug #948190) +CVE-2023-26482 (Nextcloud server is an open source home cloud implementation. In affec ...) + - nextcloud-server (bug #941708) +CVE-2023-26481 (authentik is an open-source Identity Provider. Due to an insufficient ...) + NOT-FOR-US: authentik +CVE-2023-26480 (XWiki Platform is a generic wiki platform. Starting in version 12.10, ...) + NOT-FOR-US: XWiki +CVE-2023-26479 (XWiki Platform is a generic wiki platform. Starting in version 6.0, us ...) + NOT-FOR-US: XWiki +CVE-2023-26478 (XWiki Platform is a generic wiki platform. Starting in version 14.3-rc ...) + NOT-FOR-US: XWiki +CVE-2023-26477 (XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc ...) + NOT-FOR-US: XWiki +CVE-2023-26476 (XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, ...) + NOT-FOR-US: XWiki +CVE-2023-26475 (XWiki Platform is a generic wiki platform. Starting in version 2.3-mil ...) + NOT-FOR-US: XWiki +CVE-2023-26474 (XWiki Platform is a generic wiki platform. Starting in version 13.10, ...) + NOT-FOR-US: XWiki +CVE-2023-26473 (XWiki Platform is a generic wiki platform. Starting in version 1.3-rc- ...) + NOT-FOR-US: XWiki +CVE-2023-26472 (XWiki Platform is a generic wiki platform. Starting in version 6.2-mil ...) + NOT-FOR-US: XWiki +CVE-2023-26471 (XWiki Platform is a generic wiki platform. Starting in version 11.6-rc ...) + NOT-FOR-US: XWiki +CVE-2023-26470 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2023-26469 (In Jorani 1.0.0, an attacker could leverage path traversal to access f ...) + NOT-FOR-US: Jorani +CVE-2023-26468 (Cerebrate 1.12 does not properly consider organisation_id during creat ...) + NOT-FOR-US: Cerebrate +CVE-2023-26467 (A man in the middle can redirect traffic to a malicious server in a co ...) + NOT-FOR-US: RPA: Synchronization Engine +CVE-2023-26466 (A user with non-Admin access can change a configuration file on the cl ...) + NOT-FOR-US: RPA: Synchronization Engine +CVE-2023-26465 (Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.) + NOT-FOR-US: Pega Platform +CVE-2023-25944 (Uncontrolled search path element in some Intel(R) VCUST Tool software ...) + NOT-FOR-US: Intel +CVE-2023-25779 + RESERVED +CVE-2023-25777 + RESERVED +CVE-2023-25775 (Improper access control in the Intel(R) Ethernet Controller RDMA drive ...) + - linux 6.5.3-1 + [bookworm] - linux 6.1.55-1 + NOTE: https://git.kernel.org/linus/bb6d73d9add68ad270888db327514384dfa44958 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html +CVE-2023-25075 (Unquoted search path in the installer for some Intel Server Configurat ...) + NOT-FOR-US: Intel +CVE-2023-25073 + RESERVED +CVE-2023-24542 + RESERVED +CVE-2023-24541 + RESERVED +CVE-2023-22342 + RESERVED +CVE-2023-22293 + RESERVED +CVE-2023-0996 (There is a vulnerability in the strided image data parsing code in the ...) + - libheif 1.15.1-1 (bug #1032101) + [bullseye] - libheif (Minor issue) + [buster] - libheif (Minor issue) + NOTE: https://github.com/strukturag/libheif/pull/759 + NOTE: https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html +CVE-2023-0995 (Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bum ...) + NOT-FOR-US: Bumsys +CVE-2023-0994 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: RosarioSIS +CVE-2023-0993 (The Shield Security plugin for WordPress is vulnerable to Missing Auth ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0992 (The Shield Security plugin for WordPress is vulnerable to stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48345 (sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...) + - node-mermaid (bug #1032313) + [bullseye] - node-mermaid (Minor issue) + NOTE: https://github.com/braintree/sanitize-url/commit/d4bdc89f1743fe3cdb7c3f24b06e4c875f349b0c +CVE-2023-26464 (** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppe ...) + - apache-log4j1.2 (Only affects legacy Java releases which Debian hasn't shipped since 2015) + NOTE: https://lists.apache.org/thread/wkx6grrcjkh86crr49p4blc1v1nflj3t +CVE-2023-0991 + RESERVED +CVE-2023-0990 + RESERVED +CVE-2023-0989 (An information disclosure issue in GitLab CE/EE affecting all versions ...) + - gitlab +CVE-2023-0988 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-0987 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-0986 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-0985 (An Authorization Bypass vulnerability was found in MB Connect LinesmbC ...) + NOT-FOR-US: mbCONNECT24 +CVE-2023-0984 + RESERVED +CVE-2023-0983 (The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0982 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + NOT-FOR-US: SourceCodester Yoga Class Registration System +CVE-2023-0981 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + NOT-FOR-US: SourceCodester Yoga Class Registration System +CVE-2023-0980 (A vulnerability was found in SourceCodester Yoga Class Registration Sy ...) + NOT-FOR-US: SourceCodester Yoga Class Registration System +CVE-2022-48344 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-48343 (In JetBrains TeamCity before 2022.10.2 there was an XSS vulnerability ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-48342 (In JetBrains TeamCity before 2022.10.2 jVMTI was enabled by default on ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2023-26463 (strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution be ...) + - strongswan 5.9.8-4 + [bullseye] - strongswan (Vulnerable code not present) + [buster] - strongswan (Vulnerable code not present) + NOTE: https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html + NOTE: Introduced by: https://github.com/strongswan/strongswan/commit/63fd718915b5d246dcc5560382db0c30de309040 (5.9.8dr1) +CVE-2023-26462 (ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privi ...) + NOT-FOR-US: ThingsBoard +CVE-2023-26461 (SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an ...) + NOT-FOR-US: SAP +CVE-2023-26460 (Cache Management Service in SAP NetWeaver Application Server for Java ...) + NOT-FOR-US: SAP +CVE-2023-26459 (Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP P ...) + NOT-FOR-US: SAP +CVE-2023-26458 (An information disclosure vulnerability exists in SAP Landscape Manage ...) + NOT-FOR-US: SAP +CVE-2023-26457 (SAP Content Server - version 7.53, does not sufficiently encode user-c ...) + NOT-FOR-US: SAP +CVE-2023-26456 (Users were able to set an arbitrary "product name" for OX Guard. The c ...) + NOT-FOR-US: Open-Xchange +CVE-2023-26455 (RMI was not requiring authentication when calling ChronosRMIService:se ...) + NOT-FOR-US: Open-Xchange +CVE-2023-26454 (Requests to fetch image metadata could be abused to include SQL querie ...) + NOT-FOR-US: Open-Xchange +CVE-2023-26453 (Requests to cache an image could be abused to include SQL queries that ...) + NOT-FOR-US: Open-Xchange +CVE-2023-26452 (Requests to cache an image and return its metadata could be abused to ...) + NOT-FOR-US: Open-Xchange +CVE-2023-26451 (Functions with insufficient randomness were used to generate authoriza ...) + NOT-FOR-US: OX App Suite +CVE-2023-26450 (The "OX Count" web service did not specify a media-type when processin ...) + NOT-FOR-US: OX App Suite +CVE-2023-26449 (The "OX Chat" web service did not specify a media-type when processing ...) + NOT-FOR-US: OX App Suite +CVE-2023-26448 (Custom log-in and log-out locations are used-defined as jslob but were ...) + NOT-FOR-US: OX App Suite +CVE-2023-26447 (The "upsell" widget for the portal allows to specify a product descrip ...) + NOT-FOR-US: OX App Suite +CVE-2023-26446 (The users clientID at "application passwords" was not sanitized or esc ...) + NOT-FOR-US: OX App Suite +CVE-2023-26445 (Frontend themes are defined by user-controllable jslob settings and co ...) + NOT-FOR-US: OX App Suite +CVE-2023-26444 + RESERVED +CVE-2023-26443 (Full-text autocomplete search allows user-provided SQL syntax to be in ...) + NOT-FOR-US: OX App Suite +CVE-2023-26442 (In case Cacheservice was configured to use a sproxyd object-storage ba ...) + NOT-FOR-US: OX App Suite +CVE-2023-26441 (Cacheservice did not correctly check if relative cache object were poi ...) + NOT-FOR-US: OX App Suite +CVE-2023-26440 (The cacheservice API could be abused to indirectly inject parameters w ...) + NOT-FOR-US: OX App Suite +CVE-2023-26439 (The cacheservice API could be abused to inject parameters with SQL syn ...) + NOT-FOR-US: OX App Suite +CVE-2023-26438 (External service lookups for a number of protocols were vulnerable to ...) + NOT-FOR-US: OX App Suite +CVE-2023-26437 (Denial of service vulnerability in PowerDNS Recursor allows authoritat ...) + - pdns-recursor 4.8.4-1 (bug #1033941) + [bullseye] - pdns-recursor (Minor issue) + [buster] - pdns-recursor (Minor issue) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html + NOTE: https://github.com/PowerDNS/pdns/commit/94fccab63457f8327add3a8e1e2b7876234e4989 (rec-4.6.6) + NOTE: https://github.com/PowerDNS/pdns/commit/5174c955a5c320849e6fe12471b7fce1c31ca2a8 (rec-4.7.5) + NOTE: https://github.com/PowerDNS/pdns/commit/cd279418d3b3151ab3b489e68bb5354138220e2f (rec-4.8.4) +CVE-2023-26436 (Attackers with access to the "documentconverterws" API were able to in ...) + NOT-FOR-US: OX App Suite +CVE-2023-26435 (It was possible to call filesystem and network references using the lo ...) + NOT-FOR-US: OX App Suite +CVE-2023-26434 (When adding an external mail account, processing of POP3 "capabilities ...) + NOT-FOR-US: OX App Suite +CVE-2023-26433 (When adding an external mail account, processing of IMAP "capabilities ...) + NOT-FOR-US: OX App Suite +CVE-2023-26432 (When adding an external mail account, processing of SMTP "capabilities ...) + NOT-FOR-US: OX App Suite +CVE-2023-26431 (IPv4-mapped IPv6 addresses did not get recognized as "local" by the co ...) + NOT-FOR-US: OX App Suite +CVE-2023-26430 (Attackers with access to user accounts can inject arbitrary control ch ...) + NOT-FOR-US: OX App Suite +CVE-2023-26429 (Control characters were not removed when exporting user feedback conte ...) + NOT-FOR-US: OX App Suite +CVE-2023-26428 (Attackers can successfully request arbitrary snippet IDs, including E- ...) + NOT-FOR-US: OX App Suite +CVE-2023-26427 (Default permissions for a properties file were too permissive. Local s ...) + NOT-FOR-US: OX App Suite +CVE-2023-26426 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-26425 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26424 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26423 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26422 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26421 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26420 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26419 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26418 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26417 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26416 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26415 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26414 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26413 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26412 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26411 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26410 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26409 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26408 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26407 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26406 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26405 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26404 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26403 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26402 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26401 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26400 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26399 + RESERVED +CVE-2023-26398 (Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-26397 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26396 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26395 (Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2023-26394 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26393 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26392 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26391 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26390 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26389 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26388 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26387 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26386 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26385 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26384 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26383 (Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2023-26382 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26381 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26380 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26379 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26378 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26377 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26376 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26375 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26374 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26373 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26372 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26371 (Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2023-26370 (Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-26369 (Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and ...) + NOT-FOR-US: Adobe +CVE-2023-26368 (Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-26367 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-26366 (Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-26365 + RESERVED +CVE-2023-26364 (@adobe/css-tools version 4.3.0 and earlier are affected by an Improper ...) + NOT-FOR-US: Adobe +CVE-2023-26363 + RESERVED +CVE-2023-26362 + RESERVED +CVE-2023-26361 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) + NOT-FOR-US: Adobe +CVE-2023-26360 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) + NOT-FOR-US: Adobe +CVE-2023-26359 (Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update ...) + NOT-FOR-US: Adobe +CVE-2023-26358 (Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted ...) + NOT-FOR-US: Adobe +CVE-2023-26357 + RESERVED +CVE-2023-26356 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26355 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26354 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26353 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26352 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26351 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26350 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26349 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-26348 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26347 (Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2023-26346 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26345 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26344 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...) + NOT-FOR-US: Adobe +CVE-2023-26343 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26342 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26341 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26340 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26339 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26338 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26337 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-ba ...) + NOT-FOR-US: Adobe +CVE-2023-26336 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-26335 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26334 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access ...) + NOT-FOR-US: Adobe +CVE-2023-26333 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26332 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26331 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26330 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26329 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26328 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26327 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-26326 (The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26325 (The 'rx_export_review' action in the ReviewX WordPress Plugin, is affe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26324 + RESERVED +CVE-2023-26323 + RESERVED +CVE-2023-26322 + RESERVED +CVE-2023-26321 + RESERVED +CVE-2023-26320 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Xiaomi +CVE-2023-26319 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Xiaomi +CVE-2023-26318 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Xiaomi +CVE-2023-26317 (A vulnerability has been discovered in Xiaomi routers that could allow ...) + NOT-FOR-US: Xiaomi +CVE-2023-26316 (A XSS vulnerability exists in the Xiaomi cloud service Application pro ...) + NOT-FOR-US: Xiaomi +CVE-2023-26315 + RESERVED +CVE-2023-0979 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: MedData Informatics MedDataPACS +CVE-2023-0978 (A command injection vulnerability in Trellix Intelligent Sandbox CLI f ...) + NOT-FOR-US: Trellix +CVE-2023-0977 (A heap-based overflow vulnerability in Trellix Agent (Windows and Linu ...) + NOT-FOR-US: Trellix +CVE-2023-0976 (A command Injection Vulnerability in TA for mac-OS prior to version 5. ...) + NOT-FOR-US: Trellix +CVE-2023-0975 (A vulnerability exists in Trellix Agent for Windows version 5.7.8 and ...) + NOT-FOR-US: Trellix +CVE-2023-0974 + RESERVED +CVE-2023-0973 (STEPTools v18SP1 ifcmesh library (v18.1) is affected due to a null poi ...) + NOT-FOR-US: STEPTools ifcmesh library +CVE-2023-0972 (Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlie ...) + NOT-FOR-US: SiLabs +CVE-2023-0971 (A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows au ...) + NOT-FOR-US: SiLabs +CVE-2023-0970 (Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK ve ...) + NOT-FOR-US: SiLabs +CVE-2023-0969 (A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an a ...) + NOT-FOR-US: SiLabs +CVE-2023-0968 (The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: Watu Quiz plugin for WordPress +CVE-2023-0967 (Bhima version 1.27.0 allows an attacker authenticated with normal user ...) + NOT-FOR-US: Bhima +CVE-2023-0966 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Eyewear Shop +CVE-2023-0965 (Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_a ...) + NOT-FOR-US: Silabs +CVE-2023-0964 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Sales Tracker Management System +CVE-2023-0963 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-0962 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-0961 (A vulnerability was found in SourceCodester Music Gallery Site 1.0. It ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-0960 (A vulnerability was found in SeaCMS 11.6 and classified as problematic ...) + NOT-FOR-US: SeaCMS +CVE-2023-0959 (Bhima version 1.27.0 allows a remote attacker to update the privileges ...) + NOT-FOR-US: Bhima +CVE-2023-0958 (Several plugins for WordPress by Inisev are vulnerable to unauthorized ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0957 (An issue was discovered in Gitpod versions prior to release-2022.11.2. ...) + NOT-FOR-US: Gitpod +CVE-2023-0956 (External input could be used on TEL-STER TelWin SCADA WebInterface to ...) + NOT-FOR-US: TEL-STER TelWin SCADA WebInterface +CVE-2023-0955 (The WP Statistics WordPress plugin before 14.0 does not escape a param ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0954 (A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and ...) + NOT-FOR-US: Sensormatic Electronics Illustra Pro +CVE-2023-0953 (Insufficient input sanitization in the documentation feature of Devolu ...) + NOT-FOR-US: Devolutions Server +CVE-2023-0952 (Improper access controls on entries in Devolutions Server 2022.3.12 a ...) + NOT-FOR-US: Devolutions Server +CVE-2023-0951 (Improper access controls on some API endpoints in Devolutions Server 2 ...) + NOT-FOR-US: Devolutions Server +CVE-2023-0950 (Improper Validation of Array Index vulnerability in the spreadsheet co ...) + {DSA-5415-1 DLA-3526-1} + - libreoffice 4:7.4.5-3 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/ +CVE-2023-0949 (Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/mo ...) + NOT-FOR-US: Modoboa +CVE-2023-0948 (The Japanized For WooCommerce WordPress plugin before 2.5.8 does not e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48341 (ThingsBoard 3.4.1 could allow a remote authenticated attacker to achie ...) + NOT-FOR-US: ThingsBoard +CVE-2021-4326 (A vulnerability in Imperative framework which allows already-privilege ...) + NOT-FOR-US: Imperative framework +CVE-2023-26313 + RESERVED +CVE-2023-26312 + RESERVED +CVE-2023-26311 (A remote code execution vulnerability in the webview component of OPPO ...) + NOT-FOR-US: Oppo +CVE-2023-26310 (There is a command injection problem in the old version of the mobile ...) + NOT-FOR-US: Oppo +CVE-2023-26309 (A remote code execution vulnerability in the webview component of OneP ...) + NOT-FOR-US: Oppo +CVE-2023-26308 + RESERVED +CVE-2023-26307 + RESERVED +CVE-2023-26306 + RESERVED +CVE-2023-26305 + RESERVED +CVE-2023-26304 + RESERVED +CVE-2023-26303 (Denial of service could be caused to markdown-it-py, before v2.2.0, if ...) + - markdown-it-py 2.1.0-5 (bug #1031764) + NOTE: https://github.com/advisories/GHSA-vrjv-mxr7-vjf8 + NOTE: https://github.com/executablebooks/markdown-it-py/pull/246 + NOTE: https://github.com/executablebooks/markdown-it-py/commit/ae03c6107dfa18e648f6fdd1280f5b89092d5d49 (v2.2.0) +CVE-2023-26302 (Denial of service could be caused to the command line interface of mar ...) + - markdown-it-py 2.1.0-5 (bug #1031764) + NOTE: https://github.com/advisories/GHSA-jrwr-5x3p-hvc3 + NOTE: https://github.com/executablebooks/markdown-it-py/pull/247 + NOTE: https://github.com/executablebooks/markdown-it-py/commit/53ca3e9c2b9e9b295f6abf7f4ad2730a9b70f68c (v2.2.0) +CVE-2023-26301 (Certain HP LaserJet Pro print products are potentially vulnerable to a ...) + NOT-FOR-US: HP +CVE-2023-26300 (A potential security vulnerability has been identified in the system B ...) + NOT-FOR-US: HP +CVE-2023-26299 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) + NOT-FOR-US: HP +CVE-2023-26298 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) + NOT-FOR-US: HP +CVE-2023-26297 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) + NOT-FOR-US: HP +CVE-2023-26296 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) + NOT-FOR-US: HP +CVE-2023-26295 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) + NOT-FOR-US: HP +CVE-2023-26294 (Previous versions of HP Device Manager (prior to HPDM 5.0.10) could po ...) + NOT-FOR-US: HP +CVE-2023-0947 (Path Traversal in GitHub repository flatpressblog/flatpress prior to 1 ...) + NOT-FOR-US: flatpressblog +CVE-2023-0946 (A vulnerability has been found in SourceCodester Best POS Management S ...) + NOT-FOR-US: SourceCodester Best POS Management System +CVE-2023-0945 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Best POS Management System +CVE-2023-0944 (Bhima version 1.27.0 allows an authenticated attacker with regular use ...) + NOT-FOR-US: Bhima +CVE-2023-0943 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Best POS Management System +CVE-2023-0942 (The Japanized For WooCommerce plugin for WordPress is vulnerable to Re ...) + NOT-FOR-US: Japanized For WooCommerce plugin for WordPress +CVE-2023-26314 (The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary ...) + {DLA-3343-1} + - mono 6.8.0.105+dfsg-3.3 (bug #972146) + [bullseye] - mono 6.8.0.105+dfsg-3.3~deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/05/1 +CVE-2023-26293 (A vulnerability has been identified in Totally Integrated Automation P ...) + NOT-FOR-US: TIA Portal V15 +CVE-2023-26292 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Forcepoint +CVE-2023-26291 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Forcepoint +CVE-2023-26290 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Forcepoint +CVE-2023-26289 + RESERVED +CVE-2023-26288 + RESERVED +CVE-2023-26287 + RESERVED +CVE-2023-26286 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2023-26285 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attac ...) + NOT-FOR-US: IBM +CVE-2023-26284 (IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through ...) + NOT-FOR-US: IBM +CVE-2023-26283 (IBM WebSphere Application Server 9.0 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2023-26282 + RESERVED +CVE-2023-26281 (IBM HTTP Server 8.5 used by IBM WebSphere Application Server could all ...) + NOT-FOR-US: IBM +CVE-2023-26280 + RESERVED +CVE-2023-26279 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local us ...) + NOT-FOR-US: IBM +CVE-2023-26278 (IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local au ...) + NOT-FOR-US: IBM +CVE-2023-26277 (IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local use ...) + NOT-FOR-US: IBM +CVE-2023-26276 (IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorith ...) + NOT-FOR-US: IBM +CVE-2023-26275 + RESERVED +CVE-2023-26274 (IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vuln ...) + NOT-FOR-US: IBM +CVE-2023-26273 (IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform una ...) + NOT-FOR-US: IBM +CVE-2023-26272 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) + NOT-FOR-US: IBM +CVE-2023-26271 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) + NOT-FOR-US: IBM +CVE-2023-26270 (IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager ...) + NOT-FOR-US: IBM +CVE-2023-26269 (Apache James server version 3.7.3 and earlier provides a JMX managemen ...) + NOT-FOR-US: Apache James +CVE-2023-26268 (Design documents with matching document IDs, from databases on the sam ...) + - couchdb +CVE-2023-0941 (Use after free in Prompts in Google Chrome prior to 110.0.5481.177 all ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0940 (The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0939 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: NTN Information Technologies Online Services Software +CVE-2023-0938 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Music Gallery Site +CVE-2023-0937 (The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0936 (A vulnerability was found in TP-Link Archer C50 V2_160801. It has been ...) + NOT-FOR-US: TP-Link +CVE-2023-0935 (A vulnerability was found in DolphinPHP up to 1.5.1. It has been decla ...) + NOT-FOR-US: DolphinPHP +CVE-2023-26267 (php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary ...) + NOT-FOR-US: php-saml-sp +CVE-2023-26266 (In AFL++ 4.05c, the CmpLog component uses the current working director ...) + - aflplusplus 4.04c-4 (bug #1033255) + [bullseye] - aflplusplus (Minor issue) + NOTE: https://github.com/AFLplusplus/AFLplusplus/pull/1643 + NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/f2be73186e2e16c3992f92b65ae9ba598d6fff2f + NOTE: https://github.com/AFLplusplus/AFLplusplus/commit/673a0a3866783bf28e31d14fbd7a9009c7816ec3 +CVE-2023-26265 (The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sa ...) + - backdrop (bug #914257) +CVE-2023-26264 (All versions of Talend Data Catalog before 8.0-20220907 are potentiall ...) + NOT-FOR-US: Talend Data Catalog +CVE-2023-26263 (All versions of Talend Data Catalog before 8.0-20230110 are potentiall ...) + NOT-FOR-US: Talend Data Catalog +CVE-2023-26262 (An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Si ...) + NOT-FOR-US: Sitecore +CVE-2023-26261 (In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection lead ...) + NOT-FOR-US: UBIKA WAAP Gateway/Cloud +CVE-2023-26260 (OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hi ...) + NOT-FOR-US: OXID eShop +CVE-2023-26259 + RESERVED +CVE-2023-26258 (Arcserve UDP through 9.0.6034 allows authentication bypass. The method ...) + NOT-FOR-US: Arcserve +CVE-2023-26257 (An issue was discovered in the Connected Vehicle Systems Alliance (COV ...) + NOT-FOR-US: Connected Vehicle Systems Alliance +CVE-2023-26256 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) + NOT-FOR-US: Plugin for Jira +CVE-2023-26255 (An unauthenticated path traversal vulnerability affects the "STAGIL Na ...) + NOT-FOR-US: Plugin for Jira +CVE-2023-26254 + RESERVED +CVE-2023-26253 (In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bri ...) + - glusterfs 10.3-5 (bug #1031731) + [bullseye] - glusterfs (Minor issue) + [buster] - glusterfs (Minor issue) + NOTE: https://github.com/gluster/glusterfs/issues/3954 +CVE-2023-26252 + RESERVED +CVE-2023-26251 + RESERVED +CVE-2023-26250 + RESERVED +CVE-2023-26249 (Knot Resolver before 5.6.0 enables attackers to consume its resources, ...) + - knot-resolver 5.6.0-1 + [bullseye] - knot-resolver (Minor issue) + [buster] - knot-resolver (Minor issue) + NOTE: https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html +CVE-2023-26248 + RESERVED +CVE-2023-26247 + RESERVED +CVE-2023-26246 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) + NOT-FOR-US: Hyundai +CVE-2023-26245 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) + NOT-FOR-US: Hyundai +CVE-2023-26244 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) + NOT-FOR-US: Hyundai +CVE-2023-26243 (An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment ...) + NOT-FOR-US: Hyundai +CVE-2023-26242 (afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the ...) + - linux (unimportant) + NOTE: https://patchwork.kernel.org/project/linux-fpga/patch/20230206054326.89323-1-k1rh4.lee@gmail.com/ + NOTE: FPGA_DFL_AFU not enabled in Debian. +CVE-2023-26241 + RESERVED +CVE-2023-26240 + RESERVED +CVE-2023-26239 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...) + NOT-FOR-US: WatchGuard EPDR +CVE-2023-26238 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...) + NOT-FOR-US: WatchGuard EPDR +CVE-2023-26237 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible ...) + NOT-FOR-US: WatchGuard EPDR +CVE-2023-26236 (An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak ...) + NOT-FOR-US: WatchGuard EPDR +CVE-2023-26235 (JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.jav ...) + NOT-FOR-US: JD-GUI +CVE-2023-26234 (JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvide ...) + NOT-FOR-US: JD-GUI +CVE-2023-26233 + RESERVED +CVE-2023-26232 + RESERVED +CVE-2023-26231 + RESERVED +CVE-2023-26230 + RESERVED +CVE-2023-26229 + RESERVED +CVE-2023-26228 + RESERVED +CVE-2023-26227 + RESERVED +CVE-2023-26226 + RESERVED +CVE-2023-26225 + RESERVED +CVE-2023-26224 + RESERVED +CVE-2023-26223 + RESERVED +CVE-2023-26222 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...) + NOT-FOR-US: TIBCO +CVE-2023-26221 (The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire An ...) + NOT-FOR-US: Spotfire Connectors component of TIBCO +CVE-2023-26220 (The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analy ...) + NOT-FOR-US: TIBCO +CVE-2023-26219 (The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TI ...) + NOT-FOR-US: TIBCO +CVE-2023-26218 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...) + NOT-FOR-US: TIBCO +CVE-2023-26217 (The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX ...) + NOT-FOR-US: TIBCO +CVE-2023-26216 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) + NOT-FOR-US: TIBCO +CVE-2023-26215 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) + NOT-FOR-US: TIBCO +CVE-2023-26214 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...) + NOT-FOR-US: BusinessConnect UI component of TIBCO +CVE-2023-0934 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-0933 (Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allow ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0932 (Use after free in WebRTC in Google Chrome on Windows prior to 110.0.54 ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0931 (Use after free in Video in Google Chrome prior to 110.0.5481.177 allow ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0930 (Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0929 (Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allo ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0928 (Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0927 (Use after free in Web Payments API in Google Chrome on Android prior t ...) + {DSA-5359-1} + - chromium 110.0.5481.177-1 + [buster] - chromium (see DSA 5046) +CVE-2022-48340 (In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-com ...) + - glusterfs 11.1-1 (bug #1031796) + [bookworm] - glusterfs (Minor issue) + [bullseye] - glusterfs (Minor issue) + [buster] - glusterfs (Minor issue) + NOTE: https://github.com/gluster/glusterfs/issues/3732 + NOTE: https://github.com/gluster/glusterfs/commit/d2e159d337e17844bf483a7f2aca4c52e37c7c60 (v11.1) +CVE-2022-48336 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagPars ...) + NOT-FOR-US: Widevine +CVE-2022-48335 (Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVeri ...) + NOT-FOR-US: Widevine +CVE-2022-48334 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...) + NOT-FOR-US: Widevine +CVE-2022-48333 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify ...) + NOT-FOR-US: Widevine +CVE-2022-48332 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...) + NOT-FOR-US: Widevine +CVE-2022-48331 (Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_k ...) + NOT-FOR-US: Widevine +CVE-2022-48339 (An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has ...) + {DSA-5360-1 DLA-3416-1} + - emacs 1:28.2+1-11 (bug #1031730) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=1b4dc4691c1f87fc970fbe568b43869a15ad0d4c + NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60295 +CVE-2022-48338 (An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, th ...) + {DSA-5360-1} + - emacs 1:28.2+1-11 (bug #1031730) + [buster] - emacs (Vulnerable code introduced later) + NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=60268 + NOTE: Introduced by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=27f5627104a073762c3b1d21e55822ec2d2e0347 (emacs-27.0.90) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=9a3b08061feea14d6f37685ca1ab8801758bfd1c +CVE-2022-48337 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) + {DSA-5360-1 DLA-3416-1} + - emacs 1:28.2+1-11 (bug #1031730) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c + NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=59817 + NOTE: Original fix introduced memory leak: + NOTE: https://bugs.debian.org/1031888 + NOTE: https://debbugs.gnu.org/61819 + NOTE: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=0fde314f6f6e6664cddab1b2f0fe20629cd39d14 +CVE-2023-26213 (On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui- ...) + NOT-FOR-US: Barracuda +CVE-2023-26212 + RESERVED +CVE-2023-26211 + RESERVED +CVE-2023-26210 (Multiple improper neutralization of special elements used in an os com ...) + NOT-FOR-US: Fortinet +CVE-2023-26209 (A improper restriction of excessive authentication attempts vulnerabil ...) + NOT-FOR-US: FortiGuard +CVE-2023-26208 (A improper restriction of excessive authentication attempts vulnerabil ...) + NOT-FOR-US: FortiGuard +CVE-2023-26207 (An insertion of sensitive information into log file vulnerability in F ...) + NOT-FOR-US: Fortinet +CVE-2023-26206 + RESERVED +CVE-2023-26205 (An improper access control vulnerability[CWE-284] in FortiADC automati ...) + NOT-FOR-US: FortiGuard +CVE-2023-26204 (A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM ...) + NOT-FOR-US: Fortinet +CVE-2023-26203 (A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F ...) + NOT-FOR-US: FortiGuard +CVE-2023-26202 + RESERVED +CVE-2023-26201 + RESERVED +CVE-2023-26200 + RESERVED +CVE-2023-26199 + RESERVED +CVE-2023-26198 + RESERVED +CVE-2023-26197 + RESERVED +CVE-2023-26196 + RESERVED +CVE-2023-26195 + RESERVED +CVE-2023-26194 + RESERVED +CVE-2023-26193 + RESERVED +CVE-2023-26192 + RESERVED +CVE-2023-26191 + RESERVED +CVE-2023-26190 + RESERVED +CVE-2023-26189 + RESERVED +CVE-2023-26188 + RESERVED +CVE-2023-26187 + RESERVED +CVE-2023-26186 + RESERVED +CVE-2023-26185 + RESERVED +CVE-2023-26184 + RESERVED +CVE-2023-26183 + RESERVED +CVE-2023-26182 + RESERVED +CVE-2023-26181 + RESERVED +CVE-2023-26180 + RESERVED +CVE-2023-26179 + RESERVED +CVE-2023-26178 + RESERVED +CVE-2023-26177 + RESERVED +CVE-2023-26176 + RESERVED +CVE-2023-26175 + RESERVED +CVE-2023-26174 + RESERVED +CVE-2023-26173 + RESERVED +CVE-2023-26172 + RESERVED +CVE-2023-26171 + RESERVED +CVE-2023-26170 + RESERVED +CVE-2023-26169 + RESERVED +CVE-2023-26168 + RESERVED +CVE-2023-26167 + RESERVED +CVE-2023-26166 + RESERVED +CVE-2023-26165 + RESERVED +CVE-2023-26164 + RESERVED +CVE-2023-26163 + RESERVED +CVE-2023-26162 + RESERVED +CVE-2023-26161 + RESERVED +CVE-2023-26160 + RESERVED +CVE-2023-26159 + RESERVED +CVE-2023-26158 (All versions of the package mockjs are vulnerable to Prototype Polluti ...) + NOT-FOR-US: mockjs +CVE-2023-26157 + RESERVED +CVE-2023-26156 (Versions of the package chromedriver before 119.0.1 are vulnerable to ...) + NOT-FOR-US: chromedriver Node.js module +CVE-2023-26155 (All versions of the package node-qpdf are vulnerable to Command Inject ...) + NOT-FOR-US: node-qpdf +CVE-2023-26154 (Versions of the package pubnub before 7.4.0; all versions of the packa ...) + NOT-FOR-US: pubnub +CVE-2023-26153 (Versions of the package geokit-rails before 2.5.0 are vulnerable to Co ...) + NOT-FOR-US: geokit-rails +CVE-2023-26152 (All versions of the package static-server are vulnerable to Directory ...) + NOT-FOR-US: Node static-server +CVE-2023-26151 (Versions of the package asyncua before 0.9.96 are vulnerable to Denial ...) + NOT-FOR-US: asyncua +CVE-2023-26150 (Versions of the package asyncua before 0.9.96 are vulnerable to Improp ...) + NOT-FOR-US: asyncua +CVE-2023-26149 (Versions of the package quill-mention before 4.0.0 are vulnerable to C ...) + NOT-FOR-US: Node quill-mention +CVE-2023-26148 (All versions of the package ithewei/libhv are vulnerable to CRLF Injec ...) + NOT-FOR-US: ithewei/libhv +CVE-2023-26147 (All versions of the package ithewei/libhv are vulnerable to HTTP Respo ...) + NOT-FOR-US: ithewei/libhv +CVE-2023-26146 (All versions of the package ithewei/libhv are vulnerable to Cross-site ...) + NOT-FOR-US: ithewei/libhv +CVE-2023-26145 (This affects versions of the package pydash before 6.0.0. A number of ...) + NOT-FOR-US: pydash +CVE-2023-26144 (Versions of the package graphql from 16.3.0 and before 16.8.1 are vuln ...) + - node-graphql 16.8.1-1 + [bookworm] - node-graphql (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181 + NOTE: https://github.com/graphql/graphql-js/pull/3972 + NOTE: https://github.com/graphql/graphql-js/issues/3955 + NOTE: https://github.com/graphql/graphql-js/commit/f94b511386c7e47bd0380dcd56553dc063320226 +CVE-2023-26143 (Versions of the package blamer before 1.0.4 are vulnerable to Arbitrar ...) + NOT-FOR-US: Node blamer +CVE-2023-26142 (All versions of the package crow are vulnerable to HTTP Response Split ...) + NOT-FOR-US: Crow +CVE-2023-26141 (Versions of the package sidekiq before 7.1.3 are vulnerable to Denial ...) + - ruby-sidekiq + [bookworm] - ruby-sidekiq (Minor issue) + [bullseye] - ruby-sidekiq (Minor issue) + [buster] - ruby-sidekiq (Minor issue, DoS still possible) + NOTE: https://security.snyk.io/vuln/SNYK-RUBY-SIDEKIQ-5885107 + NOTE: https://github.com/sidekiq/sidekiq/commit/62c90d7c5a7d8a378d79909859d87c2e0702bf89 (v7.1.3) +CVE-2023-26140 (Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerab ...) + NOT-FOR-US: excalidraw +CVE-2023-26139 (Versions of the package underscore-keypath from 0.0.11 are vulnerable ...) + NOT-FOR-US: Node underscore-keypath +CVE-2023-26138 (All versions of the package drogonframework/drogon are vulnerable to C ...) + NOT-FOR-US: Drogon +CVE-2023-26137 (All versions of the package drogonframework/drogon are vulnerable to H ...) + NOT-FOR-US: Drogon +CVE-2023-26136 (Versions of the package tough-cookie before 4.1.3 are vulnerable to Pr ...) + {DLA-3488-1} + - node-tough-cookie 4.1.3+~4.0.2-1 + [bookworm] - node-tough-cookie 4.0.0-2+deb12u1 + [bullseye] - node-tough-cookie (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873 + NOTE: https://github.com/salesforce/tough-cookie/issues/282 + NOTE: https://github.com/salesforce/tough-cookie/commit/12d474791bb856004e858fdb1c47b7608d09cf6e (v4.1.3) +CVE-2023-26135 (All versions of the package flatnest are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node flatnest +CVE-2023-26134 (Versions of the package git-commit-info before 2.0.2 are vulnerable to ...) + NOT-FOR-US: Node git-commit-info +CVE-2023-26133 (All versions of the package progressbar.js are vulnerable to Prototype ...) + NOT-FOR-US: progressbar.js +CVE-2023-26132 (Versions of the package dottie before 2.0.4 are vulnerable to Prototyp ...) + - node-dottie 2.0.6+~2.0.5-1 (bug #1040592) + [bookworm] - node-dottie 2.0.2-4+deb12u1 + [bullseye] - node-dottie (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763 + NOTE: https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68 (v2.0.4) +CVE-2023-26131 (All versions of the package github.com/xyproto/algernon/engine; all ve ...) + NOT-FOR-US: github.com/xyproto/algernon/engine +CVE-2023-26130 (Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerab ...) + - cpp-httplib 0.11.4+ds-2 (bug #1037100) + [bookworm] - cpp-httplib 0.11.4+ds-1+deb12u1 + NOTE: https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-5591194 + NOTE: https://gist.github.com/dellalibera/094aece17a86069a7d27f93c8aba2280 + NOTE: https://github.com/yhirose/cpp-httplib/commit/5b397d455d25a391ba346863830c1949627b4d08 (v0.12.4) +CVE-2023-26129 (All versions of the package bwm-ng are vulnerable to Command Injection ...) + NOT-FOR-US: bwm-ng Nodejs module (not the same as src:bwm-ng) +CVE-2023-26128 (All versions of the package keep-module-latest are vulnerable to Comma ...) + NOT-FOR-US: Node keep-module-latest +CVE-2023-26127 (All versions of the package n158 are vulnerable to Command Injection d ...) + NOT-FOR-US: Node n158 +CVE-2023-26126 (All versions of the package m.static are vulnerable to Directory Trave ...) + NOT-FOR-US: m.static +CVE-2023-26125 (Versions of the package github.com/gin-gonic/gin before 1.9.0 are vuln ...) + - golang-github-gin-gonic-gin (bug #1035498) + [bookworm] - golang-github-gin-gonic-gin (Minor issue) + [bullseye] - golang-github-gin-gonic-gin (Minor issue) + [buster] - golang-github-gin-gonic-gin (Minor issue) + NOTE: https://github.com/gin-gonic/gin/pull/3500 + NOTE: https://github.com/gin-gonic/gin/pull/3503 + NOTE: https://github.com/gin-gonic/gin/commit/81ac7d55a09e34013225db0aeac6e70c1ae68928 (v1.9.0) +CVE-2023-26124 + RESERVED +CVE-2023-26123 (Versions of the package raysan5/raylib before 4.5.0 are vulnerable to ...) + NOT-FOR-US: raylib +CVE-2023-26122 (All versions of the package safe-eval are vulnerable to Sandbox Bypass ...) + NOT-FOR-US: Node safe-eval +CVE-2023-26121 (All versions of the package safe-eval are vulnerable to Prototype Poll ...) + NOT-FOR-US: Node safe-eval +CVE-2023-26120 (This affects all versions of the package com.xuxueli:xxl-job. HTML upl ...) + NOT-FOR-US: com.xuxueli:xxl-job +CVE-2023-26119 (Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and b ...) + NOT-FOR-US: net.sourceforge.htmlunit:htmlunit +CVE-2023-26118 (Versions of the package angular from 1.4.9 are vulnerable to Regular E ...) + - angular.js (bug #1036694) + [bookworm] - angular.js (Minor issue) + [bullseye] - angular.js (Minor issue) + [buster] - angular.js (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373046 +CVE-2023-26117 (Versions of the package angular from 1.0.0 are vulnerable to Regular E ...) + - angular.js (bug #1036694) + [bookworm] - angular.js (Minor issue) + [bullseye] - angular.js (Minor issue) + [buster] - angular.js (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373045 +CVE-2023-26116 (Versions of the package angular from 1.2.21 are vulnerable to Regular ...) + - angular.js (bug #1036694) + [bookworm] - angular.js (Minor issue) + [bullseye] - angular.js (Minor issue) + [buster] - angular.js (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-3373044 +CVE-2023-26115 (All versions of the package word-wrap are vulnerable to Regular Expres ...) + NOT-FOR-US: Node.js word-wrap module +CVE-2023-26114 (Versions of the package code-server before 4.10.1 are vulnerable to Mi ...) + NOT-FOR-US: Node code-server +CVE-2023-26113 (Versions of the package collection.js before 6.8.1 are vulnerable to P ...) + NOT-FOR-US: collection.js +CVE-2023-26112 (All versions of the package configobj are vulnerable to Regular Expres ...) + - configobj 5.0.8-2 (bug #1034152) + [bookworm] - configobj (Minor issue) + [bullseye] - configobj (Minor issue) + [buster] - configobj (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-CONFIGOBJ-3252494 + NOTE: https://github.com/DiffSK/configobj/issues/232 + NOTE: https://github.com/DiffSK/configobj/pull/236 +CVE-2023-26111 (All versions of the package @nubosoftware/node-static; all versions of ...) + NOT-FOR-US: @nubosoftware/node-static +CVE-2023-26110 (All versions of the package node-bluetooth are vulnerable to Buffer Ov ...) + NOT-FOR-US: node-bluetooth +CVE-2023-26109 (All versions of the package node-bluetooth-serial-port are vulnerable ...) + NOT-FOR-US: node-bluetooth-serial-port +CVE-2023-26108 (Versions of the package @nestjs/core before 9.0.5 are vulnerable to In ...) + NOT-FOR-US: @nestjs/core +CVE-2023-26107 (All versions of the package sketchsvg are vulnerable to Arbitrary Code ...) + NOT-FOR-US: Node sketchsvg +CVE-2023-26106 (All versions of the package dot-lens are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node dot-lens +CVE-2023-26105 (All versions of the package utilities are vulnerable to Prototype Poll ...) + NOT-FOR-US: mde JavaScript utilities +CVE-2023-26104 (All versions of the package lite-web-server are vulnerable to Denial o ...) + NOT-FOR-US: Node lite-web-server +CVE-2023-26103 (Versions of the package deno before 1.31.0 are vulnerable to Regular E ...) + NOT-FOR-US: Deno +CVE-2023-26102 (All versions of the package rangy are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node rangy +CVE-2023-0926 + RESERVED +CVE-2023-0925 (Version 10.11 of webMethods OneData runs an embedded instance of Azul ...) + NOT-FOR-US: webMethods OneData +CVE-2023-0924 (The ZYREX POPUP WordPress plugin through 1.0 does not validate the typ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0923 (A flaw was found in the Kubernetes service for notebooks in RHODS, whe ...) + NOT-FOR-US: Red Hat OpenShift Data Science +CVE-2023-0922 (The Samba AD DC administration tool, when operating against a remote L ...) + - samba 2:4.17.7+dfsg-1 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2023-0922.html +CVE-2023-0921 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-48330 (A Huawei sound box product has an out-of-bounds write vulnerability. A ...) + NOT-FOR-US: Huawei +CVE-2023-26101 (In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user ...) + NOT-FOR-US: Progress Flowmon Packet Investigator +CVE-2023-26100 (In Progress Flowmon before 12.2.0, an application endpoint failed to s ...) + NOT-FOR-US: Progress Flowmon +CVE-2023-26099 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consult ...) + NOT-FOR-US: Telindus +CVE-2023-26098 (An issue was discovered in the Open Document feature in Telindus Apsal ...) + NOT-FOR-US: Telindus +CVE-2023-26097 (An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorize ...) + NOT-FOR-US: Telindus +CVE-2023-26096 + RESERVED +CVE-2023-26095 (ASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6 ...) + NOT-FOR-US: Stormshield Network Security +CVE-2023-26094 + RESERVED +CVE-2023-26093 (Liima before 1.17.28 allows Hibernate query language (HQL) injection, ...) + NOT-FOR-US: Liima +CVE-2023-26092 (Liima before 1.17.28 allows server-side template injection.) + NOT-FOR-US: Liima +CVE-2023-26091 (The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4. ...) + NOT-FOR-US: TYPO3 extension +CVE-2023-26090 + RESERVED +CVE-2023-26089 (European Chemicals Agency IUCLID 6.x before 6.27.6 allows authenticati ...) + NOT-FOR-US: European Chemicals Agency IUCLID +CVE-2023-26088 (In Malwarebytes before 4.5.23, a symbolic link may be used delete any ...) + NOT-FOR-US: Malwarebytes +CVE-2023-26087 + RESERVED +CVE-2023-26086 + RESERVED +CVE-2023-26085 (A possible out-of-bounds read and write (due to an improper length che ...) + NOT-FOR-US: Arm NN Android-NN-Driver +CVE-2023-26084 (The armv8_dec_aes_gcm_full() API of Arm AArch64cryptolib before 86065c ...) + NOT-FOR-US: AArch64cryptolib +CVE-2023-26083 (Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Ker ...) + NOT-FOR-US: Mali GPU Kernel Driver +CVE-2023-26082 + RESERVED +CVE-2023-26081 (In Epiphany (aka GNOME Web) through 43.0, untrusted web content can tr ...) + {DLA-3423-1} + - epiphany-browser 43.1-1 (bug #1031727) + [bullseye] - epiphany-browser (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/commit/53363c3c8178bf9193dad9fa3516f4e10cff0ffd + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/commit/b8f34863485095bc59b97a6c250ed5e976d39dd4 (43.1) +CVE-2023-26080 + RESERVED +CVE-2023-26079 + RESERVED +CVE-2023-26078 (Privilege escalation vulnerability was discovered in Atera Agent 1.8.4 ...) + NOT-FOR-US: Atera Agent +CVE-2023-26077 (Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a D ...) + NOT-FOR-US: Atera Agent +CVE-2023-26076 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + NOT-FOR-US: Samsung +CVE-2023-26075 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + NOT-FOR-US: Samsung +CVE-2023-26074 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + NOT-FOR-US: Samsung +CVE-2023-26073 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + NOT-FOR-US: Samsung +CVE-2023-26072 (An issue was discovered in Samsung Mobile Chipset and Baseband Modem C ...) + NOT-FOR-US: Samsung +CVE-2023-26071 (An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An O ...) + NOT-FOR-US: MCUBO ICT +CVE-2023-26070 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) + NOT-FOR-US: Lexmark +CVE-2023-26069 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) + NOT-FOR-US: Lexmark +CVE-2023-26068 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) + NOT-FOR-US: Lexmark +CVE-2023-26067 (Certain Lexmark devices through 2023-02-19 mishandle Input Validation ...) + NOT-FOR-US: Lexmark +CVE-2023-26066 (Certain Lexmark devices through 2023-02-19 have Improper Validation of ...) + NOT-FOR-US: Lexmark +CVE-2023-26065 (Certain Lexmark devices through 2023-02-19 have an Integer Overflow.) + NOT-FOR-US: Lexmark +CVE-2023-26064 (Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write ...) + NOT-FOR-US: Lexmark +CVE-2023-26063 (Certain Lexmark devices through 2023-02-19 access a Resource By Using ...) + NOT-FOR-US: Lexmark +CVE-2023-26062 (A mobile network solution internal fault is found in Nokia Web Element ...) + NOT-FOR-US: Nokia +CVE-2023-26061 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Sched ...) + NOT-FOR-US: Nokia +CVE-2023-26060 (An issue was discovered in Nokia NetAct before 22 FP2211. On the Worki ...) + NOT-FOR-US: Nokia +CVE-2023-26059 (An issue was discovered in Nokia NetAct before 22 SP1037. On the Site ...) + NOT-FOR-US: Nokia +CVE-2023-26058 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) + NOT-FOR-US: Nokia +CVE-2023-26057 (An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XM ...) + NOT-FOR-US: Nokia +CVE-2023-0920 + RESERVED +CVE-2022-48329 (MISP before 2.4.166 unsafely allows users to use the order parameter, ...) + NOT-FOR-US: MISP +CVE-2022-48328 (app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.1 ...) + NOT-FOR-US: MISP +CVE-2021-4325 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: NHN TOAST UI Chart +CVE-2017-20179 (A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated a ...) + NOT-FOR-US: InSTEDD Pollit +CVE-2015-10085 (A vulnerability was found in GoPistolet. It has been declared as probl ...) + NOT-FOR-US: GoPistolet +CVE-2015-10084 (A vulnerability was found in irontec klear-library chloe and classifie ...) + NOT-FOR-US: irontec klear-library +CVE-2015-10083 (A vulnerability has been found in harrystech Dynosaur-Rails and classi ...) + NOT-FOR-US: harrystech Dynosaur-Rails +CVE-2023-0919 (Missing Authentication for Critical Function in GitHub repository kare ...) + NOT-FOR-US: Kavita +CVE-2023-0918 (A vulnerability has been found in codeprojects Pharmacy Management Sys ...) + NOT-FOR-US: codeprojects Pharmacy Management System +CVE-2023-0917 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Simple Customer Relationship Management System +CVE-2023-0916 (A vulnerability classified as critical was found in SourceCodester Aut ...) + NOT-FOR-US: SourceCodester Auto Dealer Management System +CVE-2023-0915 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Auto Dealer Management System +CVE-2017-20178 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2. ...) + NOT-FOR-US: Codiad +CVE-2016-15027 (A vulnerability was found in meta4creations Post Duplicator Plugin 2.1 ...) + NOT-FOR-US: meta4creations Post Duplicator Plugin +CVE-2015-10082 (A vulnerability classified as problematic has been found in UIKit0 lib ...) + NOT-FOR-US: UIKit0 +CVE-2015-10081 (A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and c ...) + NOT-FOR-US: arnoldle submitByMailPlugin +CVE-2014-125089 (A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been ...) + NOT-FOR-US: cention-chatserver +CVE-2023-0914 (Improper Authorization in GitHub repository pixelfed/pixelfed prior to ...) + NOT-FOR-US: pixelfed +CVE-2023-0913 (A vulnerability classified as critical was found in SourceCodester Aut ...) + NOT-FOR-US: SourceCodester Auto Dealer Management System +CVE-2023-0912 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Auto Dealer Management System +CVE-2019-25104 (A vulnerability has been found in rtcwcoop 1.0.2 and classified as pro ...) + - iortcw (Specific to rtcwcoop, also see bug #1031732) + NOTE: https://github.com/iortcw/iortcw/issues/174 +CVE-2016-15026 (A vulnerability was found in 3breadt dd-plist 1.17 and classified as p ...) + NOT-FOR-US: dd-plist +CVE-2016-15025 (A vulnerability, which was classified as problematic, was found in gen ...) + NOT-FOR-US: generator-hottowel +CVE-2015-10080 (A vulnerability was found in NREL api-umbrella-web 0.7.1. It has been ...) + NOT-FOR-US: api-umbrella-web +CVE-2014-125088 (A vulnerability was found in qt-users-jp silk 0.0.1. It has been decla ...) + NOT-FOR-US: qt-users-jp +CVE-2013-10019 (A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been ...) + NOT-FOR-US: OAICat +CVE-2012-10008 (A vulnerability, which was classified as critical, has been found in u ...) + NOT-FOR-US: uakfdotb oneapp +CVE-2023-0911 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0910 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-0909 (A vulnerability, which was classified as problematic, was found in cxa ...) + NOT-FOR-US: cxasm notepad-- +CVE-2023-0908 (A vulnerability, which was classified as problematic, was found in Xos ...) + NOT-FOR-US: Xoslab Easy File Locker +CVE-2023-0907 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Filseclab Twister Antivirus +CVE-2023-0906 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-0905 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Employee Task Management System +CVE-2023-0904 (A vulnerability was found in SourceCodester Employee Task Management S ...) + NOT-FOR-US: SourceCodester Employee Task Management System +CVE-2023-0903 (A vulnerability was found in SourceCodester Employee Task Management S ...) + NOT-FOR-US: SourceCodester Employee Task Management System +CVE-2023-0902 (A vulnerability was found in SourceCodester Simple Food Ordering Syste ...) + NOT-FOR-US: SourceCodester Simple Food Ordering System +CVE-2016-15024 (A vulnerability was found in doomsider shadow. It has been classified ...) + NOT-FOR-US: doomsider shadow +CVE-2014-125087 (A vulnerability was found in java-xmlbuilder up to 1.1. It has been ra ...) + NOT-FOR-US: java-xmlbuilder +CVE-2012-10007 (A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 ...) + NOT-FOR-US: madgicweb BuddyStream Plugin +CVE-2023-26056 (XWiki Platform is a generic wiki platform. Starting in version 3.0-mil ...) + NOT-FOR-US: XWiki +CVE-2023-26055 (XWiki Commons are technical libraries common to several other top leve ...) + NOT-FOR-US: XWiki +CVE-2023-26054 (BuildKit is a toolkit for converting source code to build artifacts in ...) + NOT-FOR-US: BuildKit +CVE-2023-26053 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (The version of Gradle in Debian doesn't support dependency verification yet) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2174854 +CVE-2023-26052 (Saleor is a headless, GraphQL commerce platform delivering personalize ...) + NOT-FOR-US: Saleor +CVE-2023-26051 (Saleor is a headless, GraphQL commerce platform delivering personalize ...) + NOT-FOR-US: Saleor +CVE-2023-26050 + RESERVED +CVE-2023-26049 (Jetty is a java based web server and servlet engine. Nonstandard cooki ...) + {DSA-5507-1 DLA-3592-1} + [experimental] - jetty9 9.4.51-1 + - jetty9 9.4.52-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c + NOTE: https://github.com/eclipse/jetty.project/pull/9339 + NOTE: https://github.com/eclipse/jetty.project/pull/9352 +CVE-2023-26048 (Jetty is a java based web server and servlet engine. In affected versi ...) + {DSA-5507-1 DLA-3592-1} + [experimental] - jetty9 9.4.51-1 + - jetty9 9.4.52-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8 + NOTE: https://github.com/eclipse/jetty.project/issues/9076 + NOTE: https://github.com/eclipse/jetty.project/pull/9344 + NOTE: https://github.com/eclipse/jetty.project/pull/9345 +CVE-2023-26047 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...) + NOT-FOR-US: teler-waf +CVE-2023-26046 (teler-waf is a Go HTTP middleware that provides teler IDS functionalit ...) + NOT-FOR-US: teler-waf +CVE-2023-26045 (NodeBB is Node.js based forum software. Starting in version 2.5.0 and ...) + NOT-FOR-US: NodeBB +CVE-2023-26044 (react/http is an event-driven, streaming HTTP client and server implem ...) + - php-react-http + [buster] - php-react-http (Minor issue) + NOTE: https://github.com/reactphp/http/security/advisories/GHSA-95x4-j7vc-h8mf + NOTE: https://github.com/reactphp/http/commit/b3594f7936b92f9fc2d5f9e84dc01bdb95a72167 (v1.9.0) + TODO: check, is embedded inicinga-php-thirdparty, icingaweb2-module-reactbundle possibly affected +CVE-2023-26043 (GeoNode is an open source platform that facilitates the creation, shar ...) + NOT-FOR-US: GeoNode +CVE-2023-26042 (Part-DB is an open source inventory management system for your electro ...) + NOT-FOR-US: Part-DB +CVE-2023-26041 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) + NOT-FOR-US: Nextcloud Talk +CVE-2023-26040 (Discourse is an open-source discussion platform. Between versions 3.1. ...) + NOT-FOR-US: Discourse +CVE-2023-26039 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-44q8-h2pw-cc9g + NOTE: https://github.com/ZoneMinder/zoneminder/commit/3bd58d8393fba06f17e013c33b3d44442e3e5be2 +CVE-2023-26038 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-wrx3-r8c4-r24w + NOTE: https://github.com/ZoneMinder/zoneminder/commit/6e417c28eac89664afa46b2fc1f7217622d0ef24 +CVE-2023-26037 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-65jp-2hj3-3733 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/4f4ddaab3f982890750594c471bd6b8f72d05dbd +CVE-2023-26036 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h5m9-6jjc-cgmw + NOTE: https://github.com/ZoneMinder/zoneminder/commit/3268f95282d4f99d6cec3a6e0a83f341cf48166a +CVE-2023-26035 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr + NOTE: https://github.com/ZoneMinder/zoneminder/commit/609b22a54d22229a278afe548a32a05a00fc8c13 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/6ffd2bda1c04ced6ce38bfe829de6e2bf23b7348 +CVE-2023-26034 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-222j-wh8m-xjrx +CVE-2023-26033 (Gentoo soko is the code that powers packages.gentoo.org. Versions prio ...) + NOT-FOR-US: Gentoo soko +CVE-2023-26032 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-6c72-q9mw-mwx9 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/decf3e307bdadc0a96ffb151d19f4a4605a7cc71 +CVE-2023-26031 (Relative library resolution in linux container-executor binary in Apac ...) + - hadoop (bug #793644) +CVE-2023-0901 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: pixelfed +CVE-2023-0900 (The Pricing Table Builder WordPress plugin through 1.1.6 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0899 (The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0898 (General Electric MiCOM S1 Agile is vulnerable to an attacker achieving ...) + NOT-FOR-US: General Electric MiCOM S1 Agile +CVE-2023-0897 (Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due ...) + NOT-FOR-US: Sielco PolyEco1000 +CVE-2023-26030 + RESERVED +CVE-2023-26029 + RESERVED +CVE-2023-26028 + RESERVED +CVE-2023-26027 + RESERVED +CVE-2023-26026 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...) + NOT-FOR-US: IBM +CVE-2023-26025 + RESERVED +CVE-2023-26024 (IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attack ...) + NOT-FOR-US: IBM +CVE-2023-26023 (Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensit ...) + NOT-FOR-US: IBM +CVE-2023-26022 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is v ...) + NOT-FOR-US: IBM +CVE-2023-26021 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2023-26020 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: CrafterCMS +CVE-2023-26019 + RESERVED +CVE-2023-26018 + RESERVED +CVE-2023-26017 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blue ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26016 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26015 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26014 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HT ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26013 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26012 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denz ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26011 (Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26010 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26009 + RESERVED +CVE-2023-26008 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay ...) + NOT-FOR-US: WordPress plugin +CVE-2023-26007 + RESERVED +CVE-2023-26006 + RESERVED +CVE-2023-26005 + RESERVED +CVE-2023-26004 + RESERVED +CVE-2023-26003 + RESERVED +CVE-2023-26002 + RESERVED +CVE-2023-26001 + RESERVED +CVE-2023-26000 + RESERVED +CVE-2023-25999 + RESERVED +CVE-2023-25998 + RESERVED +CVE-2023-25997 + RESERVED +CVE-2023-25996 + RESERVED +CVE-2023-25995 + RESERVED +CVE-2023-25994 (Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publis ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25993 + RESERVED +CVE-2023-25992 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Crea ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25991 (Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25990 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25989 (Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25988 + RESERVED +CVE-2023-25987 (Cross-Site Request Forgery (CSRF) vulnerability in Aleksandar Uro\u016 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25986 (Cross-Site Request Forgery (CSRF) vulnerability in WattIsIt PayGreen \ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25985 (Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25984 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25983 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25982 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25981 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25980 (Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25979 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vide ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25978 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25977 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9see ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25976 (Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integrati ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25975 (Cross-Site Request Forgery (CSRF) vulnerability in Fr\xe9d\xe9ric Shee ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25974 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psic ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25973 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSW ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25971 (Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25970 + RESERVED +CVE-2023-25969 + RESERVED +CVE-2023-25968 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25967 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25966 + RESERVED +CVE-2023-25965 + RESERVED +CVE-2023-25964 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Noah ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25963 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25962 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bipl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25961 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25960 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25959 + RESERVED +CVE-2023-25958 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Just ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25957 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) + NOT-FOR-US: Siemens +CVE-2023-25956 (Generation of Error Message Containing Sensitive Information vulnerabi ...) + NOT-FOR-US: Apache Airflow AWS Provider +CVE-2023-25077 (Cross-site scripting vulnerability in Authentication Key Settings of E ...) + NOT-FOR-US: EC-CUBE +CVE-2023-22838 (Cross-site scripting vulnerability in Product List Screen and Product ...) + NOT-FOR-US: EC-CUBE +CVE-2023-0896 (A default password was reported in Lenovo Smart Clock Essential with A ...) + NOT-FOR-US: Lenovo +CVE-2023-0895 (The WP Coder \u2013 add custom html, css and js code plugin for WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0894 (The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0893 (The Time Sheets WordPress plugin before 1.29.3 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0892 (The BizLibrary WordPress plugin through 1.1 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0891 (The StagTools WordPress plugin before 2.3.7 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0890 (The WordPress Shortcodes Plugin \u2014 Shortcodes Ultimate WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0889 (Themeflection Numbers WordPress plugin before 2.0.1 does not have auth ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0888 (An improper neutralization of directives in dynamically evaluated code ...) + NOT-FOR-US: Space Battery Pack SP with Wi-Fi +CVE-2023-0887 (A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified a ...) + NOT-FOR-US: phjounin TFTPD64-SE +CVE-2023-0886 + REJECTED +CVE-2023-0885 + REJECTED +CVE-2023-0884 + REJECTED +CVE-2023-0883 (A vulnerability has been found in SourceCodester Online Pizza Ordering ...) + NOT-FOR-US: SourceCodester Online Pizza Ordering System +CVE-2023-25943 + RESERVED +CVE-2023-25942 (Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled res ...) + NOT-FOR-US: Dell +CVE-2023-25941 (Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of p ...) + NOT-FOR-US: Dell +CVE-2023-25940 (Dell PowerScale OneFS version 9.5.0.0 contains improper link resolutio ...) + NOT-FOR-US: Dell +CVE-2023-25939 + RESERVED +CVE-2023-25938 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-25937 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-25936 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-25935 + RESERVED +CVE-2023-25934 (DELL ECS prior to 3.8.0.2 contains an improper verification of cryptog ...) + NOT-FOR-US: Dell +CVE-2023-25933 (A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-25756 (Out-of-bounds read in the BIOS firmware for some Intel(R) Processors m ...) + NOT-FOR-US: Intel +CVE-2023-25546 + RESERVED +CVE-2023-23904 + RESERVED +CVE-2023-23573 (Improper access control in the Intel(R) Unite(R) android application b ...) + NOT-FOR-US: Intel +CVE-2023-22449 (Improper input validation in some Intel(R) NUC BIOS firmware may allow ...) + NOT-FOR-US: Intel +CVE-2023-22444 (Improper initialization in some Intel(R) NUC 13 Extreme Compute Elemen ...) + NOT-FOR-US: Intel +CVE-2023-22356 (Improper initialization in some Intel(R) NUC BIOS firmware may allow a ...) + NOT-FOR-US: Intel +CVE-2023-22351 + RESERVED +CVE-2023-22330 (Use of uninitialized resource in some Intel(R) NUC BIOS firmware may a ...) + NOT-FOR-US: Intel +CVE-2023-22329 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2023-0882 (Improper Input Validation, Authorization Bypass Through User-Controlle ...) + NOT-FOR-US: Kron Tech Single Connect +CVE-2023-0881 + RESERVED +CVE-2023-0880 (Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prio ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0879 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) + NOT-FOR-US: btcpayserver +CVE-2023-0878 (Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framewo ...) + NOT-FOR-US: Nuxt +CVE-2023-0877 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.) + - froxlor (bug #581792) +CVE-2023-0876 (The WP Meta SEO WordPress plugin before 4.5.3 does not authorize sever ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0875 (The WP Meta SEO WordPress plugin before 4.5.3 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0874 (The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0873 (The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25932 + RESERVED +CVE-2023-25931 (Medtronic identified that the Pelvic Health clinician apps, which are ...) + NOT-FOR-US: Pelvic Health clinician apps +CVE-2023-25930 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1 ...) + NOT-FOR-US: IBM +CVE-2023-25929 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2023-25928 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-25927 (IBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and ...) + NOT-FOR-US: IBM +CVE-2023-25926 + RESERVED +CVE-2023-25925 + RESERVED +CVE-2023-25924 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25923 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25922 + RESERVED +CVE-2023-25921 + RESERVED +CVE-2023-25920 + RESERVED +CVE-2023-25919 + RESERVED +CVE-2023-25918 + RESERVED +CVE-2023-25917 + RESERVED +CVE-2023-25916 + RESERVED +CVE-2023-25915 (Due to improper input validation, a remote attacker could execute arbi ...) + NOT-FOR-US: Danfoss AK-SM80A +CVE-2023-25914 (Due to improper restriction, attackers could retrieve and read system ...) + NOT-FOR-US: Danfoss AK-SM80A +CVE-2023-25913 (Because of an authentication flaw an attacker would be capable of gene ...) + NOT-FOR-US: Danfoss AK-SM80A +CVE-2023-25912 (The webreport generation feature in the Danfoss AK-EM100 allows an una ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-25911 (The Danfoss AK-EM100 web applications allow for OS command injection t ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-25910 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) + NOT-FOR-US: Siemens +CVE-2023-0872 (The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0 ...) + NOT-FOR-US: OpenMNS +CVE-2023-0871 (XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and ver ...) + NOT-FOR-US: OpenMNS +CVE-2023-0870 (A form can be manipulated with cross-site request forgery in multiple ...) + NOT-FOR-US: OpenNMS +CVE-2023-0869 (Cross-site scripting in outage/list.htm in multiple versions of OpenNM ...) + NOT-FOR-US: OpenNMS +CVE-2023-0868 (Reflected cross-site scripting in graph results in multiple versions o ...) + NOT-FOR-US: OpenNMS +CVE-2023-0867 (Multiple stored and reflected cross-site scripting vulnerabilities in ...) + NOT-FOR-US: OpenNMS +CVE-2023-0866 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3 ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/7d3c5792-d20b-4cb6-9c6d-bb14f3430d7f + NOTE: https://github.com/gpac/gpac/commit/b964fe4226f1424cf676d5822ef898b6b01f5937 + NOTE: https://github.com/gpac/gpac/commit/518ae69dbbdb46c8443431dac9e9489aa0b78882 (v2.2.1) +CVE-2023-0865 (The WooCommerce Multiple Customer Addresses & Shipping WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0864 (Cleartext Transmission of Sensitive Information vulnerability in ABB T ...) + NOT-FOR-US: ABB +CVE-2023-0863 (Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80 ...) + NOT-FOR-US: ABB +CVE-2023-0862 (The NetModule NSRW web administration interface is vulnerable to path ...) + NOT-FOR-US: NetModule NSRW web administration interface +CVE-2023-0861 (NetModule NSRW web administration interface executes an OS command con ...) + NOT-FOR-US: NetModule NSRW web administration interface +CVE-2023-0860 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: Modoboa +CVE-2023-0859 (Arbitrary Files can be installed in the Setting Data Import function o ...) + NOT-FOR-US: Canon +CVE-2023-0858 (Improper Authentication of RemoteUI of Office / Small Office Multifunc ...) + NOT-FOR-US: Canon +CVE-2023-0857 (Unintentional change of settings during initial registration of system ...) + NOT-FOR-US: Canon +CVE-2023-0856 (Buffer overflow in IPP sides attribute process of Office / Small Offic ...) + NOT-FOR-US: Canon +CVE-2023-0855 (Buffer overflow in IPP number-up attribute process of Office / Small O ...) + NOT-FOR-US: Canon +CVE-2023-0854 (Buffer overflow in NetBIOS QNAME registering and communication process ...) + NOT-FOR-US: Canon +CVE-2023-0853 (Buffer overflow in mDNS NSEC record registering process of Office / Sm ...) + NOT-FOR-US: Canon +CVE-2023-0852 (Buffer overflow in the Address Book of Mobile Device function of Offic ...) + NOT-FOR-US: Canon +CVE-2023-0851 (Buffer overflow in CPCA Resource Download process of Office / Small Of ...) + NOT-FOR-US: Canon +CVE-2022-48327 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) + NOT-FOR-US: Mapos +CVE-2022-48326 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) + NOT-FOR-US: Mapos +CVE-2022-48325 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) + NOT-FOR-US: Mapos +CVE-2022-48324 (Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 al ...) + NOT-FOR-US: Mapos +CVE-2021-46874 + RESERVED +CVE-2023-25909 (HGiga OAKlouds file uploading function does not restrict upload of fil ...) + NOT-FOR-US: HGiga OAKlouds +CVE-2023-25908 (Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-25907 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25906 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25905 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25904 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25903 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer ...) + NOT-FOR-US: Adobe +CVE-2023-25902 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25901 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2023-25900 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25899 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-25898 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25897 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25896 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-25895 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25894 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-25893 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-25892 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25891 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25890 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25889 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25888 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25887 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25886 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25885 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25884 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25883 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25882 (Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-bas ...) + NOT-FOR-US: Adobe +CVE-2023-25881 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2023-25880 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-25879 (Adobe Dimension versions 3.4.7 (and earlier) is affected by an Imprope ...) + NOT-FOR-US: Adobe +CVE-2023-25878 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25877 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25876 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25875 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25874 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25873 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25872 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25871 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25870 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25869 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25868 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25867 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25866 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25865 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25864 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25863 (Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-25862 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-25861 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-25860 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-25859 (Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-0850 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14 and classifie ...) + NOT-FOR-US: Netgear +CVE-2023-0849 (A vulnerability has been found in Netgear WNDR3700v2 1.0.1.14 and clas ...) + NOT-FOR-US: Netgear +CVE-2023-0848 (A vulnerability was found in Netgear WNDR3700v2 1.0.1.14. It has been ...) + NOT-FOR-US: Netgear +CVE-2023-0847 (The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulne ...) + NOT-FOR-US: DASH 7 Alliance protocol +CVE-2023-25858 + RESERVED +CVE-2023-25857 + RESERVED +CVE-2023-25856 + RESERVED +CVE-2023-25855 + RESERVED +CVE-2023-25854 + RESERVED +CVE-2023-25853 + RESERVED +CVE-2023-25852 + RESERVED +CVE-2023-25851 + RESERVED +CVE-2023-25850 + RESERVED +CVE-2023-25849 + RESERVED +CVE-2023-25848 (ArcGIS Enterprise Server versions 11.0 and below have an information d ...) + NOT-FOR-US: ArcGIS Enterprise Server +CVE-2023-25847 + RESERVED +CVE-2023-25846 + RESERVED +CVE-2023-25845 + RESERVED +CVE-2023-25844 + RESERVED +CVE-2023-25843 + RESERVED +CVE-2023-25842 + RESERVED +CVE-2023-25841 (There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Se ...) + NOT-FOR-US: Esri +CVE-2023-25840 (There is a Cross-site Scripting vulnerabilityin ArcGIS Server in versi ...) + NOT-FOR-US: Esri +CVE-2023-25839 (There is SQL injection vulnerability in Esri ArcGIS Insights Desktop f ...) + NOT-FOR-US: Esri ArcGIS +CVE-2023-25838 (There is SQL injection vulnerabilityin Esri ArcGIS Insights 2022.1 for ...) + NOT-FOR-US: Esri ArcGIS +CVE-2023-25837 (There is a Cross-site Scripting vulnerabilityin Esri ArcGIS Enterprise ...) + NOT-FOR-US: Esri +CVE-2023-25836 (There is a Cross-site Scripting vulnerabilityin Esri Portal Sites in v ...) + NOT-FOR-US: Esri +CVE-2023-25835 (There is a stored Cross-site Scripting vulnerabilityin Esri Portal for ...) + NOT-FOR-US: Esri +CVE-2023-25834 (Changes to user permissions in Portal for ArcGIS 10.9.1 and below are ...) + NOT-FOR-US: Esri +CVE-2023-25833 (There is an HTML injection vulnerability in Esri Portal for ArcGIS ver ...) + NOT-FOR-US: Esri +CVE-2023-25832 (There is a cross-site-request forgery vulnerability in Esri Portal for ...) + NOT-FOR-US: Esri +CVE-2023-25831 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2023-25830 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2023-25829 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...) + NOT-FOR-US: Esri +CVE-2023-25828 (Pluck CMS is vulnerable to an authenticated remote code execution (RCE ...) + NOT-FOR-US: Pluck CMS +CVE-2023-25827 (Due to insufficient validation of parameters reflected in error messag ...) + NOT-FOR-US: OpenTSDB +CVE-2023-25826 (Due to insufficient validation of parameters passed to the legacy HTTP ...) + NOT-FOR-US: OpenTSDB +CVE-2023-25825 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.33+dfsg1-1 (unimportant) + NOTE: Only supported for trusted users/behind auth + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-68vf-g4qm-jr6v + NOTE: https://github.com/ZoneMinder/zoneminder/commit/4637eaf9ea530193e0897ec48899f5638bdd6d81 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/57bf25d39f12d620693f26068b8441b4f3f0b6c0 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/e1028c1d7f23cc1e0941b7b37bb6ae5a04364308 +CVE-2023-25824 (Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions ...) + - mod-gnutls (bug #942737) + [buster] - mod-gnutls (Minor issue, DoS) + NOTE: https://github.com/airtower-luna/mod_gnutls/security/advisories/GHSA-6cfv-fvgm-7pc8 + NOTE: https://github.com/airtower-luna/mod_gnutls/commit/d7eec4e598158ab6a98bf505354e84352f9715ec (mod_gnutls/0.12.1) +CVE-2023-25823 (Gradio is an open-source Python library to build machine learning and ...) + NOT-FOR-US: Gradio +CVE-2023-25822 (ReportPortal is an AI-powered test automation platform. Prior to versi ...) + NOT-FOR-US: reportportal +CVE-2023-25821 (Nextcloud is an Open Source private cloud software. Versions 24.0.4 an ...) + - nextcloud-server (bug #941708) +CVE-2023-25820 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2023-25819 (Discourse is an open source platform for community discussion. Tags th ...) + NOT-FOR-US: Discourse +CVE-2023-25818 (Nextcloud server is an open source, personal cloud implementation. In ...) + - nextcloud-server (bug #941708) +CVE-2023-25817 (Nextcloud server is an open source, personal cloud implementation. In ...) + - nextcloud-server (bug #941708) +CVE-2023-25816 (Nextcloud is an Open Source private cloud software. Versions 25.0.0 an ...) + - nextcloud-server (bug #941708) +CVE-2023-25815 (In Git for Windows, the Windows port of Git, no localized messages are ...) + - git 1:2.40.1-1 (bug #1034835) + [bookworm] - git (Minor issue) + [bullseye] - git (Minor issue) + [buster] - git (Minor issue) + NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/c4137be0f5a6edf9a9044e6e43ecf4468c7a4046 (v2.30.9) +CVE-2023-25814 (metersphere is an open source continuous testing platform. In versions ...) + NOT-FOR-US: metersphere +CVE-2023-25813 (Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL inj ...) + NOT-FOR-US: Sequelize +CVE-2023-25812 (Minio is a Multi-Cloud Object Storage framework. Affected versions do ...) + - minio (bug #859207) +CVE-2023-25811 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-25810 (Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.2 ...) + NOT-FOR-US: Uptime Kuma +CVE-2023-25809 (runc is a CLI tool for spawning and running containers according to th ...) + - runc 1.1.5+ds1-1 + [bullseye] - runc (Minor issue) + [buster] - runc (Minor issue) + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc + NOTE: https://github.com/opencontainers/runc/commit/0e6b818a2b0d24fdb6697614e5c5f115bbe8e3a5 (v1.1.5) +CVE-2023-25808 + RESERVED +CVE-2023-25807 (DataEase is an open source data visualization and analysis tool. When ...) + NOT-FOR-US: DataEase +CVE-2023-25806 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...) + NOT-FOR-US: OpenSearch Security is a plugin for OpenSearch +CVE-2023-25805 (versionn, software for changing version information across multiple fi ...) + NOT-FOR-US: Node versionn +CVE-2023-25804 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) + NOT-FOR-US: Roxy-WI +CVE-2023-25803 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) + NOT-FOR-US: Roxy-WI +CVE-2023-25802 (Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Ke ...) + NOT-FOR-US: Roxy-WI +CVE-2023-25801 (TensorFlow is an open source machine learning platform. Prior to versi ...) + - tensorflow (bug #804612) +CVE-2023-25800 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25799 + RESERVED +CVE-2023-25798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25797 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25796 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Incl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25795 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.I ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25794 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Geor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25792 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Xiao ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25791 + RESERVED +CVE-2023-25790 + RESERVED +CVE-2023-25789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapf ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25788 (Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25787 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbol ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25786 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25785 + RESERVED +CVE-2023-25784 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25783 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25782 (Auth. (admin+) vulnerability in Second2none Service Area Postcode Chec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25781 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seba ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0846 (Unauthenticated, stored cross-site scripting in the display of alarm r ...) + NOT-FOR-US: OpenNMS +CVE-2023-0845 (Consul and Consul Enterprise allowed an authenticated user with servic ...) + - consul (Only affects 1.14.x) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-06-consul-server-panic-when-ingress-and-api-gateways-configured-with-peering-connections/51197 +CVE-2023-0844 (The Namaste! LMS WordPress plugin before 2.6 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0843 + RESERVED +CVE-2023-0842 (xml2js version 0.4.23 allows an external attacker to edit or add new p ...) + - node-xml2js 0.4.23+~cs15.4.0+dfsg-7 (bug #1034148) + [bullseye] - node-xml2js (Minor issue) + [buster] - node-xml2js (Minor issue) + NOTE: https://fluidattacks.com/advisories/myers/ + NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/issues/663 + NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/pull/603 + NOTE: https://github.com/Leonidas-from-XIV/node-xml2js/commit/581b19a62d88f8a3c068b5a45f4542c2d6a495a5 +CVE-2023-0841 (A vulnerability, which was classified as critical, has been found in G ...) + - gpac (bug #1034890) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) +CVE-2023-0840 (A vulnerability classified as problematic was found in PHPCrazy 1.1.1. ...) + NOT-FOR-US: PHPCrazy +CVE-2023-0839 (Improper Protection for Outbound Error Messages and Alert Signals vuln ...) + NOT-FOR-US: ProMIS Process Co. InSCADA +CVE-2023-0838 (An issue has been discovered in GitLab affecting versions starting fro ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0837 (An improper authorization check of local device settings in TeamViewe ...) + NOT-FOR-US: TeamViewer +CVE-2023-25780 (It is identified a vulnerability of insufficient authentication in an ...) + NOT-FOR-US: Intel +CVE-2023-25776 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) + NOT-FOR-US: Intel +CVE-2023-25773 (Improper access control in the Intel(R) Unite(R) Hub software installe ...) + NOT-FOR-US: Intel +CVE-2023-25768 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25767 (A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Cre ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25766 (A missing permission check in Jenkins Azure Credentials Plugin 253.v88 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25765 (In Jenkins Email Extension Plugin 2.93 and earlier, templates defined ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25764 (Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanit ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25763 (Jenkins Email Extension Plugin 2.93 and earlier does not escape variou ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25762 (Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape j ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25761 (Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape t ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-25545 (Improper buffer restrictions in some Intel(R) Server Board BMC firmwar ...) + NOT-FOR-US: Intel +CVE-2023-25182 (Uncontrolled search path element in the Intel(R) Unite(R) Client softw ...) + NOT-FOR-US: Intel +CVE-2023-25179 (Uncontrolled resource consumption in the Intel(R) Unite(R) android app ...) + NOT-FOR-US: Intel +CVE-2023-25175 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) + NOT-FOR-US: Intel +CVE-2023-24475 (Out of bounds read in some Intel(R) Server Board BMC firmware before v ...) + NOT-FOR-US: Intel +CVE-2023-22661 (Buffer overflow in some Intel(R) Server Board BMC firmware before vers ...) + NOT-FOR-US: Intel +CVE-2023-22379 (Improper input validation in some Intel(R) Server Board BMC firmware b ...) + NOT-FOR-US: Intel +CVE-2023-22297 (Access of memory location after end of buffer in some Intel(R) Server ...) + NOT-FOR-US: Intel +CVE-2023-0836 (An information leak vulnerability was discovered in HAProxy 2.1, 2.2 b ...) + {DSA-5388-1} + - haproxy 2.6.8-1 + [buster] - haproxy (Vulnerable code introduced later) + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=2e6bf0a2722866ae0128a4392fa2375bd1f03ff8 + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=f988992d16f45ef03d5bbb024a1042ed8123e4c5 (v2.6.8) + NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=18575ba4e5057afdb80cc06135272889ae1fa2d1 (v2.2.27) + NOTE: Introduced by: https://git.haproxy.org/?p=haproxy.git;a=commitdiff;h=63bbf284a131de362ad5b60d64ff3b1eff830553 (v2.1-dev2) +CVE-2023-0835 (markdown-pdf version 11.0.0 allows an external attacker to remotely ob ...) + NOT-FOR-US: Node markdown-pdf +CVE-2023-0834 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: HYPR Workforce Access on MacOS +CVE-2023-25181 (A heap-based buffer overflow vulnerability exists in the HTTP Server f ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-0833 (A flaw was found in Red Hat's AMQ-Streams, which ships a version of th ...) + NOT-FOR-US: Red Hat's AMQ-Streams +CVE-2023-0832 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: Under Construction plugin for WordPress +CVE-2023-0831 (The Under Construction plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: Under Construction plugin for WordPress +CVE-2023-0830 (A vulnerability classified as critical has been found in EasyNAS 1.1.0 ...) + NOT-FOR-US: EasyNAS +CVE-2023-0829 (Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scri ...) + NOT-FOR-US: Plesk +CVE-2023-0828 (Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora ...) + NOT-FOR-US: Pandora FMS +CVE-2023-0827 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-0826 + RESERVED +CVE-2023-0825 + RESERVED +CVE-2023-0824 + RESERVED +CVE-2023-0823 (The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25760 (Incorrect Access Control in Tripleplay Platform releases prior to Cave ...) + NOT-FOR-US: Tripleplay +CVE-2023-25759 (OS Command Injection in TripleData Reporting Engine in Tripleplay Plat ...) + NOT-FOR-US: Tripleplay +CVE-2023-25758 (Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.1 ...) + NOT-FOR-US: Onekey +CVE-2023-0822 (The affected product DIAEnergie (versions prior to v1.9.03.001) contai ...) + NOT-FOR-US: DIAEnergie +CVE-2023-0821 (HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...) + - nomad (bug #1034181) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 +CVE-2023-0820 (The User Role by BestWebSoft WordPress plugin before 1.6.7 does not pr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0819 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2. ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/35793610-dccc-46c8-9f55-6a24c621e4ef + NOTE: https://github.com/gpac/gpac/commit/d067ab3ccdeaa340e8c045a0fd5bcfc22b809e8f + NOTE: https://github.com/gpac/gpac/commit/bfcee8d14588d49708d20c27cb8cb6bc9ff8934d (v2.2.1) +CVE-2023-0818 (Off-by-one Error in GitHub repository gpac/gpac prior to v2.3.0-DEV.) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/038e7472-f3e9-46c2-9aea-d6dafb62a18a + NOTE: https://github.com/gpac/gpac/commit/377ab25f3e502db2934a9cf4b54739e1c89a02ff + NOTE: https://github.com/gpac/gpac/commit/cbbc4d343149c07896c4a3bed28849c576510b6c (v2.2.1) +CVE-2023-0817 (Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/cb730bc5-d79c-4de6-9e57-10e8c3ce2cf3 + NOTE: https://github.com/gpac/gpac/commit/be9f8d395bbd196e3812e9cd80708f06bcc206f7 + NOTE: https://github.com/gpac/gpac/commit/99dfc2bc443bfb6b80c610c25f98747d358c209d (v2.2.1) +CVE-2023-25754 (Privilege Context Switching Error vulnerability in Apache Software Fou ...) + - airflow (bug #819700) +CVE-2023-25753 (There exists an SSRF (Server-Side Request Forgery) vulnerability locat ...) + NOT-FOR-US: Apache ShenYu +CVE-2023-25752 (When accessing throttled streams, the count of available bytes needed ...) + {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} + - firefox 111.0-1 + - firefox-esr 102.9.0esr-1 + - thunderbird 1:102.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25752 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25752 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25752 +CVE-2023-25751 (Sometimes, when invalidating JIT code while following an iterator, the ...) + {DSA-5375-1 DSA-5374-1 DLA-3365-1 DLA-3364-1} + - firefox 111.0-1 + - firefox-esr 102.9.0esr-1 + - thunderbird 1:102.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-10/#CVE-2023-25751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-11/#CVE-2023-25751 +CVE-2023-25750 (Under certain circumstances, a ServiceWorker's offline cache may have ...) + - firefox 111.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25750 +CVE-2023-25749 (Android applications with unpatched vulnerabilities can be launched fr ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25749 +CVE-2023-25748 (By displaying a prompt with a long description, the fullscreen notific ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/#CVE-2023-25748 +CVE-2023-25747 (A potential use-after-free in libaudio was fixed by disabling the AAud ...) + - firefox (Specific to Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-08/ +CVE-2023-25746 (Memory safety bugs present in Firefox ESR 102.7. Some of these bugs sh ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25746 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25746 +CVE-2023-25745 (Memory safety bugs present in Firefox 109. Some of these bugs showed e ...) + - firefox 110.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25745 +CVE-2023-25744 (Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25744 +CVE-2023-25743 (A lack of in app notification for entering fullscreen mode could have ...) + - firefox (Specific to Firefox Focus) + - firefox-esr (Specific to Firefox Focus) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25743 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25743 +CVE-2023-25742 (When importing a SPKI RSA public key as ECDSA P-256, the key would be ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25742 +CVE-2023-25741 (When dragging and dropping an image cross-origin, the image's size cou ...) + - firefox 110.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25741 +CVE-2023-25740 (After downloading a Windows .scf script from the local fi ...) + - firefox (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25740 +CVE-2023-25739 (Module load requests that failed were not being checked as to whether ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25739 +CVE-2023-25738 (Members of the DEVMODEW struct set by the printer device ...) + - firefox (Windows-specific) + - firefox-esr (Windows-specific) + - thunderbird (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25738 +CVE-2023-25737 (An invalid downcast from nsTextNode to SVGElement.url shortcut from the local ...) + - firefox (Windows-specific) + - firefox-esr (Windows-specific) + - thunderbird (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25734 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25734 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25734 +CVE-2023-25733 (The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being ver ...) + - firefox 110.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25733 +CVE-2023-25732 (When encoding data from an inputStream in xpcomrequestFullscreen and then b ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25730 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25730 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25730 +CVE-2023-25729 (Permission prompts for opening external schemes were only shown for Content-Security-Policy-Report-Only header could allo ...) + {DSA-5355-1 DSA-5350-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-25728 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-25728 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-25728 +CVE-2023-24585 (An out-of-bounds write vulnerability exists in the HTTP Server functio ...) + NOT-FOR-US: Weston Embedded uC-HTTP +CVE-2023-0816 (The Formidable Forms WordPress plugin before 6.1 uses several potentia ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0815 (Potential Insertion of Sensitive Information into Jetty Log Files in m ...) + NOT-FOR-US: OpenNMS +CVE-2023-0814 (The Profile Builder \u2013 User Profile & User Registration Forms plug ...) + NOT-FOR-US: Profile Builder – User Profile & User Registration Forms plugin for WordPress +CVE-2023-0813 (A flaw was found in the Network Observability plugin for OpenShift con ...) + NOT-FOR-US: Network Observability plugin for OpenShift console +CVE-2023-0812 (The Active Directory Integration / LDAP Integration WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0811 (Omron CJ1M unit v4.0 and prior has improper access controls on the mem ...) + NOT-FOR-US: Omron CJ1M +CVE-2023-0810 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) + NOT-FOR-US: btcpayserver +CVE-2023-0809 (In Mosquitto before 2.0.16, excessive memory is allocated based on mal ...) + {DSA-5511-1} + - mosquitto 2.0.17-1 + [buster] - mosquitto (The vulnerable code was introduced later) + NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ + NOTE: Fixed by https://github.com/eclipse/mosquitto/commit/a3c680fbb00a0019573fb84c29332e845e6efcad +CVE-2023-3592 (In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 ...) + {DSA-5511-1} + - mosquitto 2.0.17-1 + [buster] - mosquitto (The vulnerable code was introduced later) + NOTE: https://mosquitto.org/blog/2023/08/version-2-0-16-released/ + NOTE: https://github.com/eclipse/mosquitto/commit/00b24e0eb0686e9a76feb71fdaee650cb7e612fa (v2.0.16) +CVE-2023-0808 (A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_540 ...) + NOT-FOR-US: Deye/Revolt/Bosswerk Inverter +CVE-2023-0807 + RESERVED +CVE-2023-0806 + RESERVED +CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...) + - phpmyadmin 4:5.2.1+dfsg-1 + [bullseye] - phpmyadmin (Minor issue) + NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/ +CVE-2023-25726 + RESERVED +CVE-2023-25725 (HAProxy before 2.7.3 may allow a bypass of access control because HTTP ...) + {DSA-5348-1 DLA-3318-1} + - haproxy 2.6.8-2 + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=73be199c4f5f1ed468161a4c5e10ca77cd5989d8 (v2.6.9) +CVE-2023-25724 + REJECTED +CVE-2023-25723 + REJECTED +CVE-2023-25722 (A credential-leak issue was discovered in related Veracode products be ...) + NOT-FOR-US: Veracode +CVE-2023-25721 (Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using ...) + NOT-FOR-US: Veracode +CVE-2023-25720 + RESERVED +CVE-2023-25719 (ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect ...) + NOT-FOR-US: ConnectWise +CVE-2023-25718 (In ConnectWise Control through 22.9.10032 (formerly known as ScreenCon ...) + NOT-FOR-US: ConnectWise +CVE-2023-25717 (Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an ...) + NOT-FOR-US: Ruckus Wireless Admin +CVE-2023-25716 (Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25715 (Missing Authorization vulnerability in GamiPress GamiPress \u2013 The ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25714 + RESERVED +CVE-2023-25713 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25712 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-B ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25711 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGI ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25709 (Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatorai ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25708 (Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR \u20 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25707 (Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooki ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25706 (Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Rob ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25705 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25704 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehj ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25703 + RESERVED +CVE-2023-25702 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Full ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25701 + RESERVED +CVE-2023-25700 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25699 + RESERVED +CVE-2023-25698 (Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shopp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25697 + RESERVED +CVE-2023-25696 (Improper Input Validation vulnerability in the Apache Airflow Hive Pro ...) + NOT-FOR-US: Apache Airflow Hive Provider +CVE-2023-25695 (Generation of Error Message Containing Sensitive Information vulnerabi ...) + - airflow (bug #819700) +CVE-2023-25694 + REJECTED +CVE-2023-25693 (Improper Input Validation vulnerability in the Apache Airflow Sqoop Pr ...) + NOT-FOR-US: Apache Airflow Sqoop Provider +CVE-2023-25692 (Improper Input Validation vulnerability in the Apache Airflow Google P ...) + NOT-FOR-US: Apache Airflow Google Provider +CVE-2023-25691 (Improper Input Validation vulnerability in the Apache Airflow Google P ...) + NOT-FOR-US: Apache Airflow Google Provider +CVE-2023-0805 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2023-0804 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/497 +CVE-2023-0803 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/501 +CVE-2023-0802 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/500 +CVE-2023-0801 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_un ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/498 +CVE-2023-0800 (LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/33aee1275d9d1384791d2206776eb8152d397f00 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/496 +CVE-2023-0799 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/494 +CVE-2023-0798 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/492 +CVE-2023-0797 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_uni ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/495 +CVE-2023-0796 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/499 +CVE-2023-0795 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop. ...) + {DSA-5361-1 DLA-3333-1} + - tiff 4.5.0-5 (bug #1031632) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/afaabc3e50d4e5d80a94143f7e3c997e7e410f68 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/493 +CVE-2022-4925 (Insufficient validation of untrusted input in QUIC in Google Chrome pr ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4924 (Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4923 (Inappropriate implementation in Omnibox in Google Chrome prior to 99.0 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4922 (Inappropriate implementation in Blink in Google Chrome prior to 99.0.4 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4921 (Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4920 (Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4919 (Use after free in Base Internals in Google Chrome prior to 101.0.4951. ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4918 (Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4917 (Incorrect security UI in Notifications in Google Chrome on Android pri ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4916 (Use after free in Media in Google Chrome prior to 103.0.5060.53 allowe ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-4915 (Inappropriate implementation in URL Formatting in Google Chrome prior ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4914 (Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4913 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4912 (Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allow ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4911 (Insufficient data validation in DevTools in Google Chrome prior to 106 ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4910 (Inappropriate implementation in Autofill in Google Chrome prior to 107 ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4909 (Inappropriate implementation in XML in Google Chrome prior to 107.0.53 ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4908 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4907 (Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 al ...) + {DSA-5552-1 DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) + - ffmpeg 7:6.0-4 + [bullseye] - ffmpeg (Vulnerable code introduced later) + [buster] - ffmpeg (Vulnerable code introduced later) + NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/e601ec3c1991ee09ff45db3be4d894e5774f6f2b (n6.0) + NOTE: Introduced by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/c3bf53fab2165f52b3f71412664668dd75e10a0f (n5.1) +CVE-2022-4906 (Inappropriate implementation in Blink in Google Chrome prior to 108.0. ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-48323 (Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0. ...) + NOT-FOR-US: Sunlogin Sunflower Simplified +CVE-2022-48322 (NETGEAR Nighthawk WiFi Mesh systems and routers are affected by a stac ...) + NOT-FOR-US: NETGEAR +CVE-2021-4324 (Insufficient policy enforcement in Google Update in Google Chrome prio ...) + - chromium (Not applicable to Debian builds) +CVE-2021-4323 (Insufficient validation of untrusted input in Extensions in Google Chr ...) + {DSA-4906-1} + - chromium 90.0.4430.72-1 (bug #987053) + [stretch] - chromium (see DSA 4562) +CVE-2021-4322 (Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4321 (Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4320 (Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4319 (Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4318 (Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4317 (Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4316 (Inappropriate implementation in Cast UI in Google Chrome prior to 96.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2015-10079 (A vulnerability was found in juju2143 WalrusIRC 0.0.2. It has been rat ...) + NOT-FOR-US: juju2143 WalrusIRC +CVE-2023-25690 (Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 thr ...) + {DSA-5376-1 DLA-3401-1} + - apache2 2.4.56-1 (bug #1032476) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/07/1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-25690 + NOTE: https://github.com/apache/httpd/commit/d78a166fedd9d02c23e4b71d5f53bd9b2c4b9a51 (r1908095) +CVE-2023-0794 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0793 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0792 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.) + NOT-FOR-US: phpmyfaq +CVE-2023-0791 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0790 (Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1 ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0789 (Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1. ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0788 (Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.) + NOT-FOR-US: phpmyfaq +CVE-2023-0787 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0786 (Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/php ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0785 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Best Online News Portal +CVE-2023-0784 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Best Online News Portal +CVE-2022-4905 (A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordP ...) + NOT-FOR-US: UDX Stateless Media Plugin +CVE-2023-25689 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and ...) + NOT-FOR-US: IBM +CVE-2023-25688 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25687 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25686 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25685 + RESERVED +CVE-2023-25684 (IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and ...) + NOT-FOR-US: IBM +CVE-2023-25683 (IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW ...) + NOT-FOR-US: IBM +CVE-2023-25682 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...) + NOT-FOR-US: IBM +CVE-2023-25681 + RESERVED +CVE-2023-25680 (IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2023-25679 + RESERVED +CVE-2023-0783 (A vulnerability was found in EcShop 4.1.5. It has been classified as c ...) + NOT-FOR-US: EcShop +CVE-2023-0782 (A vulnerability was found in Tenda AC23 16.03.07.45 and classified as ...) + NOT-FOR-US: Tenda +CVE-2023-0781 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2020-36661 (A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been d ...) + NOT-FOR-US: lua-multipart +CVE-2019-25103 (A vulnerability has been found in simple-markdown 0.5.1 and classified ...) + NOT-FOR-US: simple-markdown +CVE-2019-25102 (A vulnerability, which was classified as problematic, was found in sim ...) + NOT-FOR-US: simple-markdown +CVE-2015-10078 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Resend Welcome Email Plugin +CVE-2023-0780 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-0779 (At the most basic level, an invalid pointer can be input that crashes ...) + NOT-FOR-US: Zephyr +CVE-2023-0778 (A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This is ...) + - libpod 4.3.1+ds1-7 (bug #1032099) + [bullseye] - libpod (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168256 + NOTE: Introduced with: https://github.com/containers/podman/commit/edddfe8c4f7761b12dc64ea4aa0a83b755aa124f (v3.4.0-rc1) + NOTE: Fixed by: https://github.com/containers/podman/commit/6ca857feb07a5fdc96fd947afef03916291673d8 (v4.5.0-rc1) +CVE-2023-25678 + RESERVED +CVE-2023-25677 + RESERVED +CVE-2023-0777 (Authentication Bypass by Primary Weakness in GitHub repository modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-0776 (Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNo ...) + NOT-FOR-US: Baicells +CVE-2023-0775 (An invalid \u2018prepare write request\u2019 command can cause the Blu ...) + NOT-FOR-US: GSDK +CVE-2023-0774 (A vulnerability has been found in SourceCodester Medical Certificate G ...) + NOT-FOR-US: SourceCodester Medical Certificate Generator App +CVE-2023-0773 (The vulnerability exists in Uniview IP Camera due to identification an ...) + NOT-FOR-US: Uniview IP Camera +CVE-2023-0772 (The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25676 (TensorFlow is an open source machine learning platform. When running v ...) + - tensorflow (bug #804612) +CVE-2023-25675 (TensorFlow is an open source machine learning platform. When running v ...) + - tensorflow (bug #804612) +CVE-2023-25674 (TensorFlow is an open source machine learning platform. Versions prior ...) + - tensorflow (bug #804612) +CVE-2023-25673 (TensorFlow is an open source platform for machine learning. Versions p ...) + - tensorflow (bug #804612) +CVE-2023-25672 (TensorFlow is an open source platform for machine learning. The functi ...) + - tensorflow (bug #804612) +CVE-2023-25671 (TensorFlow is an open source platform for machine learning. There is o ...) + - tensorflow (bug #804612) +CVE-2023-25670 (TensorFlow is an open source platform for machine learning. Versions p ...) + - tensorflow (bug #804612) +CVE-2023-25669 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25668 (TensorFlow is an open source platform for machine learning. Attackers ...) + - tensorflow (bug #804612) +CVE-2023-25667 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25666 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25665 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25664 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25663 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25662 (TensorFlow is an open source platform for machine learning. Versions p ...) + - tensorflow (bug #804612) +CVE-2023-25661 (TensorFlow is an Open Source Machine Learning Framework. In versions p ...) + - tensorflow (bug #804612) +CVE-2023-25660 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25659 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25658 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2023-25657 (Nautobot is a Network Source of Truth and Network Automation Platform. ...) + NOT-FOR-US: Nautobot +CVE-2023-25656 (notation-go is a collection of libraries for supporting Notation sign, ...) + NOT-FOR-US: notation-go +CVE-2023-25655 (baserCMS is a Content Management system. Prior to version 4.7.5, any f ...) + NOT-FOR-US: baserCMS +CVE-2023-25654 (baserCMS is a Content Management system. Prior to version 4.7.5, there ...) + NOT-FOR-US: baserCMS +CVE-2023-25653 (node-jose is a JavaScript implementation of the JSON Object Signing an ...) + NOT-FOR-US: Cisco node-jose (different from src:node-jose) + NOTE: https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw +CVE-2023-25652 (Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2. ...) + - git 1:2.40.1-1 (bug #1034835) + [bookworm] - git (Minor issue) + [bullseye] - git (Minor issue) + [buster] - git (Minor issue) + NOTE: https://lore.kernel.org/lkml/xmqqa5yv3n93.fsf@gitster.g/ + NOTE: https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b (v2.30.9) +CVE-2023-25651 (There is a SQL injection vulnerability in some ZTE mobile internetprod ...) + NOT-FOR-US: ZTE +CVE-2023-25650 (There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Sin ...) + NOT-FOR-US: ZTE +CVE-2023-25649 (There is a command injection vulnerability in a mobile internet produc ...) + NOT-FOR-US: ZTE +CVE-2023-25648 (There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI ...) + NOT-FOR-US: ZTE +CVE-2023-25647 (There is a permission and access control vulnerability in some ZTE mob ...) + NOT-FOR-US: ZTE +CVE-2023-25646 + RESERVED +CVE-2023-25645 (There is a permission and access control vulnerability in some ZTE And ...) + NOT-FOR-US: ZTE +CVE-2023-25644 (There is a denial of service vulnerability in some ZTEmobile internet ...) + NOT-FOR-US: ZTE +CVE-2023-25643 (There is a command injection vulnerability in some ZTE mobile internet ...) + NOT-FOR-US: ZTE +CVE-2023-25642 (There is a buffer overflow vulnerability in some ZTEmobile internetpro ...) + NOT-FOR-US: ZTE +CVE-2023-0771 (SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,deve ...) + - ampache +CVE-2023-0770 (Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2. ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd + NOTE: https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 +CVE-2023-0769 + RESERVED +CVE-2023-0768 (The Avirato hotels online booking engine WordPress plugin through 5.0. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25641 + RESERVED +CVE-2023-25640 + RESERVED +CVE-2023-25639 + RESERVED +CVE-2023-25638 + RESERVED +CVE-2023-25637 + RESERVED +CVE-2023-25636 + RESERVED +CVE-2023-25635 + RESERVED +CVE-2023-25634 + RESERVED +CVE-2023-25633 + RESERVED +CVE-2023-25632 (The Android Mobile Whale browser app before 3.0.1.2 allows the attacke ...) + NOT-FOR-US: Whale browser +CVE-2023-25631 + RESERVED +CVE-2023-25630 + RESERVED +CVE-2023-25629 + RESERVED +CVE-2023-25628 + RESERVED +CVE-2023-25627 + RESERVED +CVE-2023-25626 + RESERVED +CVE-2023-25625 + RESERVED +CVE-2023-25624 + RESERVED +CVE-2023-25623 + RESERVED +CVE-2023-25622 + RESERVED +CVE-2023-25621 (Privilege Escalation vulnerability in Apache Software Foundation Apach ...) + NOT-FOR-US: Apache Sling +CVE-2023-25620 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2023-25619 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2023-25618 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) + NOT-FOR-US: SAP +CVE-2023-25617 (SAP Business Object (Adaptive Job Server) - versions 420, 430, allows ...) + NOT-FOR-US: SAP +CVE-2023-25616 (In some scenario, SAP Business Objects Business Intelligence Platform ...) + NOT-FOR-US: SAP +CVE-2023-25615 (Due to insufficient input sanitization, SAP ABAP - versions 751, 753, ...) + NOT-FOR-US: SAP +CVE-2023-25614 (SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, ...) + NOT-FOR-US: SAP +CVE-2023-25613 (An LDAP Injection vulnerability exists in theLdapIdentityBackend of Ap ...) + NOT-FOR-US: Apache Kerby +CVE-2023-0767 (An attacker could construct a PKCS 12 cert bundle in such a way that c ...) + {DSA-5355-1 DSA-5353-1 DSA-5350-1 DLA-3327-1 DLA-3324-1 DLA-3319-1} + - firefox 110.0-1 + - nss 2:3.87.1-1 + - firefox-esr 102.8.0esr-1 + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/#CVE-2023-0767 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/#CVE-2023-0767 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0767 + NOTE: https://hg.mozilla.org/projects/nss/rev/684586ec163ad4fbbf15ea2cd1ee5c2da43036ad +CVE-2023-0766 (The Newsletter Popup WordPress plugin through 1.2 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0765 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0764 (The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perf ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0763 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0762 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0761 (The Clock In Portal- Staff & Attendance Management WordPress plugin th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0760 (Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2. ...) + {DSA-5452-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/d06223df-a473-4c82-96d0-23726b844b21 + NOTE: https://github.com/gpac/gpac/commit/ea7395f39f601a7750d48d606e9d10ea0b7beefe +CVE-2023-0759 (Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2. ...) + NOT-FOR-US: Cockpit Content Platform (different from src:cockpit) +CVE-2023-0758 (A vulnerability was found in glorylion JFinalOA 1.0.2 and classified a ...) + NOT-FOR-US: glorylion JFinalOA +CVE-2023-0757 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: PHOENIX +CVE-2022-4904 (A flaw was found in the c-ares package. The ares_set_sortlist is missi ...) + {DLA-3323-1} + - c-ares 1.18.1-2 (bug #1031525) + [bullseye] - c-ares 1.17.1-1+deb11u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2168631 + NOTE: https://github.com/c-ares/c-ares/pull/497 + NOTE: https://github.com/c-ares/c-ares/commit/9903253c347f9e0bffd285ae3829aef251cc852d (cares-1_19_0) +CVE-2022-4903 (A vulnerability was found in CodenameOne 7.0.70. It has been classifie ...) + NOT-FOR-US: CodenameOne +CVE-2015-10077 (A vulnerability was found in webbuilders-group silverstripe-kapost-bri ...) + NOT-FOR-US: Silverstripe +CVE-2023-25612 + RESERVED +CVE-2023-25177 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) + NOT-FOR-US: Delta Electronics +CVE-2023-24014 (Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are v ...) + NOT-FOR-US: Delta Electronics +CVE-2023-0756 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0755 (The affected products are vulnerable to an improper validation of arra ...) + NOT-FOR-US: PTC +CVE-2023-0754 (The affected products are vulnerable to an integer overflow or wraparo ...) + NOT-FOR-US: PTC +CVE-2015-10076 (A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has bee ...) + NOT-FOR-US: dimtion Shaarlier +CVE-2023-25611 (A improper neutralization of formula elements in a CSV file vulnerabil ...) + NOT-FOR-US: Fortinet +CVE-2023-25610 + RESERVED +CVE-2023-25609 (A server-side request forgery (SSRF) vulnerability[CWE-918] inFortiMan ...) + NOT-FOR-US: Fortinet +CVE-2023-25608 (An incomplete filtering of one or more instances of special elements v ...) + NOT-FOR-US: FortiGuard +CVE-2023-25607 (An improper neutralization of special elements used in an OS Command ( ...) + NOT-FOR-US: Fortinet +CVE-2023-25606 (An improper limitation of a pathname to a restricted directory ('Path ...) + NOT-FOR-US: Fortinet +CVE-2023-25605 (A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - ...) + NOT-FOR-US: Fortinet +CVE-2023-25604 (An insertion of sensitive information into log file vulnerability in F ...) + NOT-FOR-US: Fortinet +CVE-2023-25603 (A permissive cross-domain policy with untrusted domains vulnerability ...) + NOT-FOR-US: FortiGuard +CVE-2023-25602 (A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, F ...) + NOT-FOR-US: FortiGuard +CVE-2023-25601 (On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gatew ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2023-0753 + RESERVED +CVE-2023-0752 + RESERVED +CVE-2023-0751 (When GELI reads a key file from standard input, it does not reuse the ...) + NOT-FOR-US: FreeBSD GELI +CVE-2023-0750 (Yellobrik PEC-1864 implements authentication checks via javascript in ...) + NOT-FOR-US: Yellobrik PEC-1864 +CVE-2023-0749 (The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0748 (Open Redirect in GitHub repository btcpayserver/btcpayserver prior to ...) + NOT-FOR-US: btcpayserver +CVE-2023-0747 (Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/ ...) + NOT-FOR-US: btcpayserver +CVE-2023-0746 (The help page in GigaVUE-FM, when using GigaVUE-OS software version 5. ...) + NOT-FOR-US: GigaVUE-FM +CVE-2023-0745 (The High Availability functionality of Yugabyte Anywhere can be abused ...) + - yugabyte-db (bug #989673) +CVE-2022-48321 (Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe2 ...) + - check-mk +CVE-2022-48320 (Cross-site Request Forgery (CSRF) in Tribe29's Checkmk <= 2.1.0p17, Ch ...) + - check-mk +CVE-2022-48319 (Sensitive host secret disclosed in cmk-update-agent.log file in Tribe2 ...) + - check-mk +CVE-2022-48318 (No authorisation controls in the RestAPI documentation for Tribe29's C ...) + - check-mk +CVE-2022-48317 (Expired sessions were not securely terminated in the RestAPI for Tribe ...) + - check-mk +CVE-2023-25600 (An issue was discovered in InsydeH2O. A malicious operating system can ...) + NOT-FOR-US: InsydeH2O +CVE-2023-25599 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) + NOT-FOR-US: Mitel +CVE-2023-25598 (A vulnerability in the conferencing component of Mitel MiVoice Connect ...) + NOT-FOR-US: Mitel +CVE-2023-25597 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) + NOT-FOR-US: Mitel +CVE-2023-25596 (A vulnerability exists in ClearPass Policy Manager that allows for an ...) + NOT-FOR-US: Aruba +CVE-2023-25595 (A vulnerability exists in the ClearPass OnGuard Ubuntu agentthat allow ...) + NOT-FOR-US: Aruba +CVE-2023-25594 (A vulnerability in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2023-25593 (Vulnerabilities within the web-based management interface of ClearPass ...) + NOT-FOR-US: Aruba +CVE-2023-25592 (Vulnerabilities within the web-based management interface of ClearPass ...) + NOT-FOR-US: Aruba +CVE-2023-25591 (A vulnerability in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2023-25590 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...) + NOT-FOR-US: Aruba +CVE-2023-25589 (A vulnerability in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2023-0744 (Improper Access Control in GitHub repository answerdev/answer prior to ...) + NOT-FOR-US: Answer +CVE-2023-0743 (Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/an ...) + NOT-FOR-US: Answer +CVE-2023-0742 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-0741 (Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer ...) + NOT-FOR-US: Answer +CVE-2023-0740 (Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/ans ...) + NOT-FOR-US: Answer +CVE-2023-0739 (Concurrent Execution using Shared Resource with Improper Synchronizati ...) + NOT-FOR-US: Answer +CVE-2023-0738 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...) + NOT-FOR-US: OrangeScrum +CVE-2023-0737 + RESERVED +CVE-2023-0736 (Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wall ...) + NOT-FOR-US: Wallabag +CVE-2023-0735 (Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallab ...) + NOT-FOR-US: Wallabag +CVE-2023-0734 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) + NOT-FOR-US: Wallabag +CVE-2023-0733 (The Newsletter Popup WordPress plugin through 1.2 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0732 (A vulnerability has been found in SourceCodester Online Eyewear Shop 1 ...) + NOT-FOR-US: SourceCodester +CVE-2023-25588 (A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct i ...) + - binutils 2.39.50.20221208-1 (unimportant) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 + NOTE: binutils not covered by security support + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677 +CVE-2023-25587 + REJECTED +CVE-2023-25586 (A flaw was found in Binutils. A logic fail in the bfd_init_section_dec ...) + - binutils 2.39.50.20221208-1 (unimportant) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5830876a0cca17bef3b2d54908928e72cca53502 + NOTE: binutils not covered by security support + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29855 +CVE-2023-25585 (A flaw was found in Binutils. The use of an uninitialized field in the ...) + - binutils 2.39.50.20221224-1 (unimportant) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7 + NOTE: binutils not covered by security support + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29892 +CVE-2023-25584 (An out-of-bounds read flaw was found in the parse_module function in b ...) + - binutils 2.39.50.20221224-1 (unimportant) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 + NOTE: binutils not covered by security support +CVE-2023-25583 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25582 (Two OS command injection vulnerabilities exist in the zebra vlan_name ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25581 + RESERVED +CVE-2023-25580 + RESERVED +CVE-2023-25579 (Nextcloud server is a self hosted home cloud product. In affected vers ...) + - nextcloud-server (bug #941708) +CVE-2023-25578 (Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. ...) + NOT-FOR-US: Starlite +CVE-2023-25577 (Werkzeug is a comprehensive WSGI web application library. Prior to ver ...) + {DSA-5470-1 DLA-3346-1} + - python-werkzeug 2.2.2-3 (bug #1031370) + NOTE: https://github.com/pallets/werkzeug/commit/fe899d0cdf767a7289a8bf746b7f72c2907a1b4b (2.2.3) + NOTE: https://github.com/pallets/werkzeug/commit/09449ee77934a0c883f5959785864ecae6aaa2c9 (2.2.3) + NOTE: https://github.com/pallets/werkzeug/commit/babc8d9e8c9fa995ef26050698bc9b5a92803664 (2.2.3) + NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-xg9f-g7g7-2323 +CVE-2023-25576 (@fastify/multipart is a Fastify plugin to parse the multipart content- ...) + NOT-FOR-US: Fastify plugin +CVE-2023-25575 (API Platform Core is the server component of API Platform: hypermedia ...) + NOT-FOR-US: API Platform Core +CVE-2023-25574 + RESERVED +CVE-2023-25573 (metersphere is an open source continuous testing platform. In affected ...) + NOT-FOR-US: metersphere +CVE-2023-25572 (react-admin is a frontend framework for building browser applications ...) + NOT-FOR-US: react-admin +CVE-2023-25571 (Backstage is an open platform for building developer portals. `@backst ...) + NOT-FOR-US: Backstage +CVE-2023-25570 (Apollo is a configuration management system. Prior to version 2.1.0, t ...) + NOT-FOR-US: Apollo +CVE-2023-25569 (Apollo is a configuration management system. Prior to version 2.1.0, a ...) + NOT-FOR-US: Apollo +CVE-2023-25568 (Boxo, formerly known as go-libipfs, is a library for building IPFS app ...) + NOT-FOR-US: Boxo +CVE-2023-25567 (GSS-NTLMSSP, a mechglue plugin for the GSSAPI library that implements ...) + - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp (Minor issue) + [buster] - gss-ntlmssp (Minor issue) + NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-24pf-6prf-24ch + NOTE: https://github.com/gssapi/gss-ntlmssp/commit/025fbb756d44ffee8f847db4222ed6aa4bd1fbe4 (v1.2.0) +CVE-2023-25566 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) + - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp (Vulnerable code not present) + [buster] - gss-ntlmssp (Vulnerable code not present) + NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-mfm4-6g58-jw74 + NOTE: https://github.com/gssapi/gss-ntlmssp/commit/8660fb16474054e692a596e9c79670cd4d3954f4 (v1.2.0) +CVE-2023-25565 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) + - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp (Minor issue) + [buster] - gss-ntlmssp (Minor issue) + NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-7q7f-wqcg-mvfg + NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c16100f60907a2de92bcb676f303b81facee0f64 (v1.2.0) +CVE-2023-25564 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) + - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp (Vulnerable code not present) + [buster] - gss-ntlmssp (Vulnerable code not present) + NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-r85x-q5px-9xfq + NOTE: https://github.com/gssapi/gss-ntlmssp/commit/c753000eb31835c0664e528fbc99378ae0cbe950 (v1.2.0) +CVE-2023-25563 (GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implement ...) + - gss-ntlmssp 1.2.0-1 (bug #1031369) + [bullseye] - gss-ntlmssp (Minor issue) + [buster] - gss-ntlmssp (Minor issue) + NOTE: https://github.com/gssapi/gss-ntlmssp/security/advisories/GHSA-jjjx-5qf7-9mgf + NOTE: https://github.com/gssapi/gss-ntlmssp/commit/97c62c6167299028d80765080e74d91dfc99efbd (v1.2.0) +CVE-2023-25562 (DataHub is an open-source metadata platform. In versions of DataHub pr ...) + NOT-FOR-US: DataHub +CVE-2023-25561 (DataHub is an open-source metadata platform. In the event a system is ...) + NOT-FOR-US: DataHub +CVE-2023-25560 (DataHub is an open-source metadata platform. The AuthServiceClient whi ...) + NOT-FOR-US: DataHub +CVE-2023-25559 (DataHub is an open-source metadata platform. When not using authentica ...) + NOT-FOR-US: DataHub +CVE-2023-25558 (DataHub is an open-source metadata platform. When the DataHub frontend ...) + NOT-FOR-US: DataHub +CVE-2023-25557 (DataHub is an open-source metadata platform. The DataHub frontend acts ...) + NOT-FOR-US: DataHub +CVE-2023-25556 (A CWE-287: Improper Authentication vulnerability exists that could all ...) + NOT-FOR-US: Schneider +CVE-2023-25555 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) + NOT-FOR-US: Schneider +CVE-2023-25554 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) + NOT-FOR-US: Schneider +CVE-2023-25553 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider +CVE-2023-25552 (A CWE-862: Missing Authorization vulnerability exists that could allow ...) + NOT-FOR-US: Schneider +CVE-2023-25551 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider +CVE-2023-25550 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + NOT-FOR-US: Schneider +CVE-2023-25549 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) + NOT-FOR-US: Schneider +CVE-2023-25548 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...) + NOT-FOR-US: Schneider +CVE-2023-25547 (A CWE-863: Incorrect Authorization vulnerability exists that could all ...) + NOT-FOR-US: Schneider +CVE-2023-25544 (Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' versi ...) + NOT-FOR-US: Dell +CVE-2023-25543 + RESERVED +CVE-2023-25542 (Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an impr ...) + NOT-FOR-US: Dell +CVE-2023-25541 + RESERVED +CVE-2023-25540 (Dell PowerScale OneFS 9.4.0.x contains an incorrect default permission ...) + NOT-FOR-US: Dell +CVE-2023-25539 (Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerabilit ...) + NOT-FOR-US: Dell +CVE-2023-25538 + RESERVED +CVE-2023-25537 (Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Preci ...) + NOT-FOR-US: Dell +CVE-2023-25536 (Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive informati ...) + NOT-FOR-US: Dell +CVE-2023-25535 + RESERVED +CVE-2023-22660 (A heap-based buffer overflow vulnerability exists in the way Ichitaro ...) + NOT-FOR-US: Ichitaro +CVE-2023-0731 (The Interactive Geo Maps plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: Interactive Geo Maps plugin for WordPress +CVE-2023-0730 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0729 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0728 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0727 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0726 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0725 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0724 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0723 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0722 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0721 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress +CVE-2023-0720 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0719 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0718 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0717 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0716 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0715 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0714 + RESERVED +CVE-2023-0713 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0712 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0711 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0710 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0709 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0708 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0707 (A vulnerability was found in SourceCodester Medical Certificate Genera ...) + NOT-FOR-US: SourceCodester +CVE-2023-0706 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2023-XXXX [RUSTSEC-2023-0005] + - rust-tokio 1.24.2-1 + [bullseye] - rust-tokio (Vulnerable code not present) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0005.html + NOTE: https://github.com/tokio-rs/tokio/issues/5372 +CVE-2023-25534 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25533 (NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an a ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25532 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25531 (NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacke ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25530 (NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25529 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25528 (NVIDIA DGX H100 baseboard management controller (BMC) contains a vulne ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25527 (NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, w ...) + NOT-FOR-US: NVIDIA DGX H100 BMC +CVE-2023-25526 (NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanag ...) + NOT-FOR-US: NVIDIA Cumulus Linux +CVE-2023-25525 (NVIDIA Cumulus Linux contains a vulnerability in forwarding where a Vx ...) + NOT-FOR-US: NVIDIA Cumulus Linux +CVE-2023-25524 (NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a ...) + NOT-FOR-US: NVIDIA +CVE-2023-25523 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + - nvidia-cuda-toolkit (unimportant; bug #1042766) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5469 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25522 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + NOT-FOR-US: NVIDIA +CVE-2023-25521 (NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attack ...) + NOT-FOR-US: NVIDIA +CVE-2023-25520 (NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootc ...) + NOT-FOR-US: NVIDIA +CVE-2023-25519 (NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit c ...) + NOT-FOR-US: NVIDIA +CVE-2023-25518 (NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe contro ...) + NOT-FOR-US: NVIDIA +CVE-2023-25517 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA (vGPU not packaged in Debian) +CVE-2023-25516 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686) + [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1 + - nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685) + [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 + - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) + [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.248.02-1 (bug #1039682) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.248.02-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1039681) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1039680) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1039679) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.125.06-1 (bug #1039678) + [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1 + [bullseye] - nvidia-graphics-drivers 470.199.02-1 + [buster] - nvidia-graphics-drivers (Minor issue, revisit when/if fixed upstream) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 +CVE-2023-25515 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.125.06-1 (bug #1039686) + [bookworm] - nvidia-open-gpu-kernel-modules 525.125.06-1~deb12u1 + - nvidia-graphics-drivers-tesla 525.125.06-1 (bug #1039685) + [bookworm] - nvidia-graphics-drivers-tesla 525.125.06-1~deb12u1 + - nvidia-graphics-drivers-tesla-470 470.199.02-1 (bug #1039684) + [bookworm] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb12u1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.199.02-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1039683) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.248.02-1 (bug #1039682) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.248.02-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1039681) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1039680) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1039679) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.125.06-1 (bug #1039678) + [bookworm] - nvidia-graphics-drivers 525.125.06-1~deb12u1 + [bullseye] - nvidia-graphics-drivers 470.199.02-1 + [buster] - nvidia-graphics-drivers (Minor issue, revisit when/if fixed upstream) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5468 +CVE-2023-25514 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + - nvidia-cuda-toolkit (unimportant; bug #1034793; bug #1034799) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25513 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + - nvidia-cuda-toolkit 12.0.1-1 (unimportant; bug #1041887) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25512 (NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in ...) + [experimental] - nvidia-cuda-toolkit 12.1.0-1 + - nvidia-cuda-toolkit (unimportant; bug #1034799) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25511 (NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in ...) + - nvidia-cuda-toolkit (unimportant; bug #1034793; bug #1034799) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25510 (NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer ...) + - nvidia-cuda-toolkit (unimportant; bug #1034793; bug #1034799) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5456 + NOTE: Crash in CLI tool, no security impact +CVE-2023-25509 (NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to ...) + NOT-FOR-US: NVIDIA DGX-1 SBIOS +CVE-2023-25508 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where a ...) + NOT-FOR-US: NVIDIA DGX-1 BMC +CVE-2023-25507 (NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where a ...) + NOT-FOR-US: NVIDIA DGX-1 BMC +CVE-2023-25506 (NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a pr ...) + NOT-FOR-US: NVIDIA DGX-1 +CVE-2023-25505 (NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the A ...) + NOT-FOR-US: NVIDIA DGX-1 BMC +CVE-2023-25504 (A malicious actor who has been authenticated and granted specific perm ...) + NOT-FOR-US: Apache Superset +CVE-2023-25503 + RESERVED +CVE-2023-25502 + RESERVED +CVE-2023-25501 + RESERVED +CVE-2023-25500 (Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to ...) + NOT-FOR-US: Vaadin +CVE-2023-25499 (When adding non-visible components to the UI in server side, content i ...) + NOT-FOR-US: Vaadin +CVE-2023-24019 (A stack-based buffer overflow vulnerability exists in the urvpn_client ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0705 (Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allow ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0704 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0703 (Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 all ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0702 (Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.7 ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0701 (Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0700 (Inappropriate implementation in Download in Google Chrome prior to 110 ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0699 (Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0698 (Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 a ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0697 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0696 (Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a ...) + {DSA-5345-1} + - chromium 110.0.5481.77-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0695 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0694 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0693 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0692 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0691 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2023-0690 (HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where w ...) + NOT-FOR-US: HashiCorp Boundary +CVE-2023-0689 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0688 (The Metform Elementor Contact Form Builder for WordPress is vulnerable ...) + NOT-FOR-US: Metform Elementor Contact Form Builder for WordPress +CVE-2011-10003 (A vulnerability was found in XpressEngine up to 1.4.4. It has been rat ...) + NOT-FOR-US: XpressEngine +CVE-2023-25498 + RESERVED +CVE-2023-25497 + RESERVED +CVE-2023-25496 (A privilege escalation vulnerability was reported in Lenovo Drivers Ma ...) + NOT-FOR-US: Lenovo +CVE-2023-25495 (A valid, authenticated administrative user can query a web interface A ...) + NOT-FOR-US: Lenovo +CVE-2023-25494 + RESERVED +CVE-2023-25493 + RESERVED +CVE-2023-25492 (A valid, authenticated user may be able to trigger a denial of service ...) + NOT-FOR-US: Lenovo +CVE-2023-25491 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Samue ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25490 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25489 (Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update T ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25488 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25487 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25486 + RESERVED +CVE-2023-25485 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bern ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25484 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25483 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anki ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25482 (Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tile ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25481 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Sub ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25480 (Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25479 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25478 (Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25477 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25476 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ezoic Am ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25475 (Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25474 (Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25473 (Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25472 (Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Pod ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25471 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25470 (Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25469 + RESERVED +CVE-2023-25468 (Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25467 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Hu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25466 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamus ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25465 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25464 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25463 (Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP te ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25462 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP h ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25461 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nami ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25460 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25459 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Post ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25458 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25457 + RESERVED +CVE-2023-25456 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25455 + RESERVED +CVE-2023-25454 + RESERVED +CVE-2023-25453 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sado ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25452 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mich ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25451 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPCh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25450 (Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u201 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25449 (Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bast ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25448 (Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archiv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25447 (Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorW ...) + NOT-FOR-US: WordPress theme +CVE-2023-25446 + RESERVED +CVE-2023-25445 + RESERVED +CVE-2023-25444 + RESERVED +CVE-2023-25443 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25442 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25441 + RESERVED +CVE-2023-25440 (Stored Cross Site Scripting (XSS) vulnerability in the add contact fun ...) + - civicrm (bug #1036695) + [bullseye] - civicrm (Minor issue) + NOTE: https://packetstormsecurity.com/files/172470/CiviCRM-5.59.alpha1-Cross-Site-Scripting.html +CVE-2023-25439 (Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionIn ...) + NOT-FOR-US: Square Pig FusionInvoice +CVE-2023-25438 (An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote at ...) + NOT-FOR-US: MilleGP5 +CVE-2023-25437 (An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H ...) + NOT-FOR-US: vTech +CVE-2023-25436 + RESERVED +CVE-2023-25435 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...) + - tiff 4.5.0-5 + [bullseye] - tiff 4.2.0-1+deb11u4 + [buster] - tiff 4.1.0+git191117-2~deb10u7 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/518 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1) + NOTE: Same fix as CVE-2023-0795 +CVE-2023-25434 (libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSample ...) + - tiff 4.5.0-5 + [bullseye] - tiff 4.2.0-1+deb11u4 + [buster] - tiff 4.1.0+git191117-2~deb10u7 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/519 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 (v4.5.1rc1) + NOTE: Same fix as CVE-2023-0795. +CVE-2023-25433 (libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiff ...) + {DLA-3513-1} + - tiff 4.5.1~rc3-1 + [bookworm] - tiff (Minor issue) + [bullseye] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/520 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 (v4.5.1rc1) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 (v4.5.1rc1) +CVE-2023-25432 (An issue was discovered in Online Reviewer Management System v1.0. The ...) + NOT-FOR-US: Online Reviewer Management System +CVE-2023-25431 (An issue was discovered in Online Reviewer Management System v1.0. The ...) + NOT-FOR-US: Online Reviewer Management System +CVE-2023-25430 + RESERVED +CVE-2023-25429 + RESERVED +CVE-2023-25428 (A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.2 ...) + NOT-FOR-US: Soft-o Free Password Manager +CVE-2023-25427 + RESERVED +CVE-2023-25426 + RESERVED +CVE-2023-25425 + RESERVED +CVE-2023-25424 + RESERVED +CVE-2023-25423 + RESERVED +CVE-2023-25422 + RESERVED +CVE-2023-25421 + RESERVED +CVE-2023-25420 + RESERVED +CVE-2023-25419 + RESERVED +CVE-2023-25418 + RESERVED +CVE-2023-25417 + RESERVED +CVE-2023-25416 + RESERVED +CVE-2023-25415 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...) + NOT-FOR-US: Aten +CVE-2023-25414 (Aten PE8108 2.4.232 is vulnerable to denial of service (DOS).) + NOT-FOR-US: Aten +CVE-2023-25413 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The dev ...) + NOT-FOR-US: Aten +CVE-2023-25412 + RESERVED +CVE-2023-25411 (Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF) ...) + NOT-FOR-US: Aten +CVE-2023-25410 + RESERVED +CVE-2023-25409 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...) + NOT-FOR-US: Aten +CVE-2023-25408 + RESERVED +CVE-2023-25407 (Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restric ...) + NOT-FOR-US: Aten +CVE-2023-25406 + RESERVED +CVE-2023-25405 + RESERVED +CVE-2023-25404 + RESERVED +CVE-2023-25403 (CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass ...) + NOT-FOR-US: CleverStupidDog yf-exam +CVE-2023-25402 (CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is n ...) + NOT-FOR-US: CleverStupidDog yf-exam +CVE-2023-25401 + RESERVED +CVE-2023-25400 + RESERVED +CVE-2023-25399 (A refcounting issue which leads to potential memory leak was discovere ...) + - scipy 1.10.0-2 + [bullseye] - scipy (Minor issue) + NOTE: https://github.com/scipy/scipy/issues/16235 + NOTE: https://github.com/scipy/scipy/pull/16397 + NOTE: Fixed by: https://github.com/scipy/scipy/commit/9b6521198c4f31d3f9cb525e581bea8e3e77f0a2 (v1.10.0rc1) + NOTE: http://www.square16.org/achievement/cve-2023-25399/ +CVE-2023-25398 + RESERVED +CVE-2023-25397 + RESERVED +CVE-2023-25396 (Privilege escalation in the MSI repair functionality in Caphyon Advanc ...) + NOT-FOR-US: Caphyon Advanced Installer +CVE-2023-25395 (TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection ...) + NOT-FOR-US: TOTOLINK +CVE-2023-25394 (Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Update ...) + NOT-FOR-US: Videostream macOS app +CVE-2023-25393 + RESERVED +CVE-2023-25392 (Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Val ...) + NOT-FOR-US: Allegro Tech BigFlow +CVE-2023-25391 + RESERVED +CVE-2023-25390 + RESERVED +CVE-2023-25389 + RESERVED +CVE-2023-25388 + RESERVED +CVE-2023-25387 + RESERVED +CVE-2023-25386 + RESERVED +CVE-2023-25385 + RESERVED +CVE-2023-25384 + RESERVED +CVE-2023-25383 + RESERVED +CVE-2023-25382 + RESERVED +CVE-2023-25381 + RESERVED +CVE-2023-25380 + RESERVED +CVE-2023-25379 + RESERVED +CVE-2023-25378 + RESERVED +CVE-2023-25377 + RESERVED +CVE-2023-25376 + RESERVED +CVE-2023-25375 + RESERVED +CVE-2023-25374 + RESERVED +CVE-2023-25373 + RESERVED +CVE-2023-25372 + RESERVED +CVE-2023-25371 + RESERVED +CVE-2023-25370 + RESERVED +CVE-2023-25369 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial o ...) + NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS +CVE-2023-25368 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrec ...) + NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS +CVE-2023-25367 (Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user in ...) + NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS +CVE-2023-25366 (In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interfa ...) + NOT-FOR-US: Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS +CVE-2023-25365 + RESERVED +CVE-2023-25364 + RESERVED +CVE-2023-25363 (A use-after-free vulnerability in WebCore::RenderLayer::updateDescenda ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=242684 +CVE-2023-25362 (A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSe ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=244802 +CVE-2023-25361 (A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=244249 +CVE-2023-25360 (A use-after-free vulnerability in WebCore::RenderLayer::renderer in We ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=242686 +CVE-2023-25359 + RESERVED +CVE-2023-25358 (A use-after-free vulnerability in WebCore::RenderLayer::addChild in We ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=242683 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2023-25357 + RESERVED +CVE-2023-25356 (CoreDial sipXcom up to and including 21.04 is vulnerable to Improper N ...) + NOT-FOR-US: CoreDial sipXcom +CVE-2023-25355 (CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure P ...) + NOT-FOR-US: CoreDial sipXcom +CVE-2023-25354 + RESERVED +CVE-2023-25353 + RESERVED +CVE-2023-25352 + RESERVED +CVE-2023-25351 + RESERVED +CVE-2023-25350 (Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the use ...) + NOT-FOR-US: Faveo Helpdesk +CVE-2023-25349 + RESERVED +CVE-2023-25348 (ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerabilit ...) + NOT-FOR-US: ChurchCRM +CVE-2023-25347 (A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, ...) + NOT-FOR-US: ChurchCRM +CVE-2023-25346 (A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5. ...) + NOT-FOR-US: ChurchCRM +CVE-2023-25345 (Directory traversal vulnerability in swig-templates thru 2.0.4 and swi ...) + NOT-FOR-US: swig-templates +CVE-2023-25344 (An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4 ...) + NOT-FOR-US: swig-templates +CVE-2023-25343 + RESERVED +CVE-2023-25342 + RESERVED +CVE-2023-25341 + RESERVED +CVE-2023-25340 + RESERVED +CVE-2023-25339 + RESERVED +CVE-2023-25338 + RESERVED +CVE-2023-25337 + RESERVED +CVE-2023-25336 + RESERVED +CVE-2023-25335 + RESERVED +CVE-2023-25334 + RESERVED +CVE-2023-25333 + RESERVED +CVE-2023-25332 + RESERVED +CVE-2023-25331 + RESERVED +CVE-2023-25330 (A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows rem ...) + NOT-FOR-US: Mybatis +CVE-2023-25329 + RESERVED +CVE-2023-25328 + RESERVED +CVE-2023-25327 + RESERVED +CVE-2023-25326 + RESERVED +CVE-2023-25325 + RESERVED +CVE-2023-25324 + RESERVED +CVE-2023-25323 + RESERVED +CVE-2023-25322 + RESERVED +CVE-2023-25321 + RESERVED +CVE-2023-25320 + RESERVED +CVE-2023-25319 + RESERVED +CVE-2023-25318 + RESERVED +CVE-2023-25317 + RESERVED +CVE-2023-25316 + RESERVED +CVE-2023-25315 + RESERVED +CVE-2023-25314 (Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Netwo ...) + NOT-FOR-US: AVideo +CVE-2023-25313 (OS injection vulnerability in World Wide Broadcast Network AVideo vers ...) + NOT-FOR-US: AVideo +CVE-2023-25312 + RESERVED +CVE-2023-25311 + RESERVED +CVE-2023-25310 + RESERVED +CVE-2023-25309 (Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version ...) + NOT-FOR-US: Fetlife rollout-ui +CVE-2023-25308 + RESERVED +CVE-2023-25307 (nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal.) + NOT-FOR-US: nothub mrpack-install +CVE-2023-25306 (MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal.) + NOT-FOR-US: MultiMC Launcher +CVE-2023-25305 (PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpac ...) + NOT-FOR-US: PolyMC Launcher +CVE-2023-25304 (Prism Launcher <= 6.1 is vulnerable to Directory Traversal.) + NOT-FOR-US: Prism Launcher +CVE-2023-25303 (ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack ...) + NOT-FOR-US: ATLauncher +CVE-2023-25302 + RESERVED +CVE-2023-25301 + RESERVED +CVE-2023-25300 + RESERVED +CVE-2023-25299 + RESERVED +CVE-2023-25298 + RESERVED +CVE-2023-25297 + RESERVED +CVE-2023-25296 + RESERVED +CVE-2023-25295 + RESERVED +CVE-2023-25294 + RESERVED +CVE-2023-25293 + RESERVED +CVE-2023-25292 (Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office vers ...) + NOT-FOR-US: Intermesh BV Group-Office +CVE-2023-25291 + RESERVED +CVE-2023-25290 + RESERVED +CVE-2023-25289 (Directory Traversal vulnerability in virtualreception Digital Receptie ...) + NOT-FOR-US: virtualreception Digital Receptie +CVE-2023-25288 + RESERVED +CVE-2023-25287 + RESERVED +CVE-2023-25286 + RESERVED +CVE-2023-25285 + RESERVED +CVE-2023-25284 + RESERVED +CVE-2023-25283 (A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows att ...) + NOT-FOR-US: D-Link +CVE-2023-25282 (A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows atta ...) + NOT-FOR-US: D-Link +CVE-2023-25281 (A stack overflow vulnerability exists in pingV4Msg component in D-Link ...) + NOT-FOR-US: D-Link +CVE-2023-25280 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) + NOT-FOR-US: D-Link +CVE-2023-25279 (OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows ...) + NOT-FOR-US: D-Link +CVE-2023-25278 + RESERVED +CVE-2023-25277 + RESERVED +CVE-2023-25276 + RESERVED +CVE-2023-25275 + RESERVED +CVE-2023-25274 + RESERVED +CVE-2023-25273 + RESERVED +CVE-2023-25272 + RESERVED +CVE-2023-25271 + RESERVED +CVE-2023-25270 + RESERVED +CVE-2023-25269 + RESERVED +CVE-2023-25268 + RESERVED +CVE-2023-25267 (An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 1 ...) + NOT-FOR-US: Kerio Connect +CVE-2023-25266 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) + NOT-FOR-US: Docmosis Tornado +CVE-2023-25265 (Docmosis Tornado <= 2.9.4 is vulnerable to Directory Traversal leading ...) + NOT-FOR-US: Docmosis Tornado +CVE-2023-25264 (An issue was discovered in Docmosis Tornado prior to version 2.9.5. An ...) + NOT-FOR-US: Docmosis Tornado +CVE-2023-25263 (In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attac ...) + NOT-FOR-US: Stimulsoft Designer +CVE-2023-25262 (Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Se ...) + NOT-FOR-US: Stimulsoft Designer +CVE-2023-25261 (Certain Stimulsoft GmbH products are affected by: Remote Code Executio ...) + NOT-FOR-US: Stimulsoft +CVE-2023-25260 (Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusi ...) + NOT-FOR-US: Stimulsoft Designer +CVE-2023-25259 + RESERVED +CVE-2023-25258 + RESERVED +CVE-2023-25257 + RESERVED +CVE-2023-25256 + RESERVED +CVE-2023-25255 + RESERVED +CVE-2023-25254 + RESERVED +CVE-2023-25253 + RESERVED +CVE-2023-25252 + RESERVED +CVE-2023-25251 + RESERVED +CVE-2023-25250 + RESERVED +CVE-2023-25249 + RESERVED +CVE-2023-25248 + RESERVED +CVE-2023-25247 + RESERVED +CVE-2023-25246 + RESERVED +CVE-2023-25245 + RESERVED +CVE-2023-25244 + RESERVED +CVE-2023-25243 + RESERVED +CVE-2023-25242 + RESERVED +CVE-2023-25241 (bgERP v22.31 was discovered to contain a reflected cross-site scriptin ...) + NOT-FOR-US: bgERP +CVE-2023-25240 (An improper SameSite Attribute vulnerability in pimCore v10.5.15 allow ...) + NOT-FOR-US: Pimcore +CVE-2023-25239 + RESERVED +CVE-2023-25238 + RESERVED +CVE-2023-25237 + RESERVED +CVE-2023-25236 + RESERVED +CVE-2023-25235 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) + NOT-FOR-US: Tenda +CVE-2023-25234 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) + NOT-FOR-US: Tenda +CVE-2023-25233 (Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in functio ...) + NOT-FOR-US: Tenda +CVE-2023-25232 + RESERVED +CVE-2023-25231 (Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in f ...) + NOT-FOR-US: Tenda +CVE-2023-25230 (loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).) + NOT-FOR-US: loonflow +CVE-2023-25229 + RESERVED +CVE-2023-25228 + RESERVED +CVE-2023-25227 + RESERVED +CVE-2023-25226 + RESERVED +CVE-2023-25225 + RESERVED +CVE-2023-25224 + RESERVED +CVE-2023-25223 (CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.) + NOT-FOR-US: CRMEB +CVE-2023-25222 (A heap-based buffer overflow vulnerability exits in GNU LibreDWG v0.12 ...) + - libredwg (bug #595191) +CVE-2023-25221 (Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vuln ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/388 + NOTE: https://github.com/strukturag/libde265/commit/857290982330e82d9e25d9d39527c6737021aa7d (v1.0.11) +CVE-2023-25220 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25219 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25218 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25217 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25216 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25215 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25214 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25213 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25212 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25211 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25210 (Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack ...) + NOT-FOR-US: Tenda +CVE-2023-25209 + RESERVED +CVE-2023-25208 + RESERVED +CVE-2023-25207 (PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfran ...) + NOT-FOR-US: PrestaShop +CVE-2023-25206 (PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection.) + NOT-FOR-US: PrestaShop +CVE-2023-25205 + RESERVED +CVE-2023-25204 + RESERVED +CVE-2023-25203 + RESERVED +CVE-2023-25202 + RESERVED +CVE-2023-25201 (Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit A ...) + NOT-FOR-US: MultiTech Conduit AP MTCAP2-L4E1 +CVE-2023-25200 + RESERVED +CVE-2023-25199 + RESERVED +CVE-2023-0687 (A vulnerability was found in GNU C Library 2.38. It has been declared ...) + NOTE: Not considered a security issue + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29444 + NOTE: https://patchwork.sourceware.org/project/glibc/patch/20230204114138.5436-1-leo@yuriev.ru/ +CVE-2023-0686 (A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. I ...) + NOT-FOR-US: SourceCodester Online Eyewear Shop +CVE-2023-0685 (The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0684 (The Wicked Folders plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Wicked Folders plugin for WordPress +CVE-2023-0683 (A valid, authenticated XCC user with read only access may gain elevate ...) + NOT-FOR-US: Lenovo +CVE-2023-0682 + RESERVED +CVE-2023-0681 (Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redir ...) + NOT-FOR-US: Rapid7 +CVE-2023-0680 + REJECTED +CVE-2023-0679 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-48316 + RESERVED +CVE-2022-48315 + RESERVED +CVE-2015-10075 (A vulnerability was found in Custom-Content-Width 1.0. It has been dec ...) + NOT-FOR-US: Custom-Content-Width +CVE-2015-10074 (A vulnerability was found in OpenSeaMap online_chart 1.2. It has been ...) + NOT-FOR-US: OpenSeaMap +CVE-2011-10002 (A vulnerability classified as critical has been found in weblabyrinth ...) + NOT-FOR-US: weblabyrinth +CVE-2023-25198 + RESERVED +CVE-2023-25197 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Apache Fineract +CVE-2023-25196 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Apache Fineract +CVE-2023-25195 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) + NOT-FOR-US: Apache Fineract +CVE-2022-48314 (The Bluetooth module has a vulnerability of bypassing the user confirm ...) + NOT-FOR-US: Huawei +CVE-2022-48313 (The Bluetooth module has a vulnerability of bypassing the user confirm ...) + NOT-FOR-US: Huawei +CVE-2022-48312 (The HwPCAssistant module has the out-of-bounds read/write vulnerabilit ...) + NOT-FOR-US: Huawei +CVE-2023-25194 (A possible security vulnerability has been identified in Apache Kafka ...) + - kafka (bug #786460) +CVE-2022-4902 (A vulnerability classified as problematic has been found in eXo Chat A ...) + NOT-FOR-US: eXo Chat +CVE-2020-36660 (A vulnerability was found in paxswill EVE Ship Replacement Program 0.1 ...) + NOT-FOR-US: paxswill EVE Ship Replacement Program +CVE-2017-20177 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WangGuard +CVE-2015-10073 (A vulnerability, which was classified as problematic, was found in tin ...) + NOT-FOR-US: WikiSEO +CVE-2023-25193 (hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to ...) + - harfbuzz 8.0.0-1 (bug #1030612) + [bookworm] - harfbuzz (Minor issue) + [bullseye] - harfbuzz (Minor issue) + [buster] - harfbuzz (Minor issue) + NOTE: Original fix: https://github.com/harfbuzz/harfbuzz/commit/85be877925ddbf34f74a1229f3ca1716bb6170dc + NOTE: Reverted: https://github.com/harfbuzz/harfbuzz/commit/661050b4659ee490dfe622821bc7fde7d1c40510 + NOTE: Fixed by: https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8 (7.0.0) +CVE-2014-125086 (A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and ...) + NOT-FOR-US: Gimmie +CVE-2014-125085 (A vulnerability, which was classified as critical, was found in Gimmie ...) + NOT-FOR-US: Gimmie +CVE-2014-125084 (A vulnerability, which was classified as critical, has been found in G ...) + NOT-FOR-US: Gimmie +CVE-2023-25192 (AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fi ...) + NOT-FOR-US: AMI +CVE-2023-25191 (AMI MegaRAC SPX devices allow Password Disclosure through Redfish. The ...) + NOT-FOR-US: AMI +CVE-2023-25190 + RESERVED +CVE-2023-0678 (Missing Authorization in GitHub repository phpipam/phpipam prior to v1 ...) + - phpipam (bug #731713) +CVE-2023-0677 (Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/ph ...) + - phpipam (bug #731713) +CVE-2023-0676 (Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/ph ...) + - phpipam (bug #731713) +CVE-2023-0675 (A vulnerability, which was classified as critical, was found in Calend ...) + NOT-FOR-US: Calendar Event Management System +CVE-2023-0674 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: XXL-JOB +CVE-2023-0673 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Eyewear Shop +CVE-2017-20176 (A vulnerability classified as problematic was found in ciubotaru share ...) + NOT-FOR-US: share-on-diaspora +CVE-2017-20175 (A vulnerability classified as problematic has been found in DaSchTour ...) + NOT-FOR-US: Mamoto extension for MediaWiki +CVE-2023-25189 + RESERVED +CVE-2023-25188 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + NOT-FOR-US: NOKIA +CVE-2023-25187 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + NOT-FOR-US: NOKIA +CVE-2023-25186 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + NOT-FOR-US: NOKIA +CVE-2023-25185 (An issue was discovered on NOKIA Airscale ASIKA Single RAN devices bef ...) + NOT-FOR-US: NOKIA +CVE-2023-25074 (Improper privilege validation in Command Centre Server allows authenti ...) + NOT-FOR-US: Gallagher +CVE-2023-24590 (A format string issue in the Controller 6000's optional diagnostic web ...) + NOT-FOR-US: Gallagher +CVE-2023-24584 (Controller 6000 is vulnerable to a buffer overflow via the Controller ...) + NOT-FOR-US: Gallagher +CVE-2023-23584 (An observable response discrepancy in the Gallagher Command Centre RES ...) + NOT-FOR-US: Gallagher +CVE-2023-23576 (Incorrect behavior order in the Command Centre Server could allow priv ...) + NOT-FOR-US: Gallagher +CVE-2023-23570 (Client-Side enforcement of Server-Side security for the Command Centre ...) + NOT-FOR-US: Gallagher +CVE-2023-23568 (Improper privilege validation in Command Centre Server allows authenti ...) + NOT-FOR-US: Gallagher +CVE-2023-22439 (Improper input validation of a large HTTP request in the Controller 60 ...) + NOT-FOR-US: Gallagher +CVE-2023-22428 (Improper privilege validation in Command Centre Server allows authenti ...) + NOT-FOR-US: Gallagher +CVE-2023-22363 (A stack-based buffer overflow in the Command Centre Server allows an a ...) + NOT-FOR-US: Gallagher +CVE-2023-0672 + RESERVED +CVE-2023-0671 (Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.) + - froxlor (bug #581792) +CVE-2023-0670 (Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an atta ...) + NOT-FOR-US: ULearn +CVE-2023-0669 (Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authe ...) + NOT-FOR-US: Fortra GoAnywhere MFT +CVE-2023-0668 (Due to failure in validating the length provided by an attacker-crafte ...) + {DSA-5429-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (vulnerable code introduced in 3.2) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-19.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19087 + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/254502d765d11f1d97b15bc1c3ff06d38e049ef2 (v3.1.1) +CVE-2023-0667 (Due to failure in validating the length provided by an attacker-crafte ...) + {DSA-5429-1} + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Minor issue) + NOTE: https://takeonme.org/cves/CVE-2023-0667.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19086 +CVE-2023-0666 (Due to failure in validating the length provided by an attacker-crafte ...) + {DSA-5429-1} + [experimental] - wireshark 4.0.6-1~exp1 + - wireshark 4.0.6-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (vulnerable code introduced in 3.4) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-18.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/19085 + NOTE: Introduced by: https://gitlab.com/wireshark/wireshark/-/commit/77d94aea243c3eca2be4749fce3145218fdf8b29 (v3.3.0) +CVE-2023-0665 (HashiCorp Vault's PKI mount issuer endpoints did not correctly authori ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-0664 (A flaw was found in the QEMU Guest Agent service for Windows. A local ...) + - qemu (Windows specific issue) +CVE-2023-0663 (A vulnerability was found in Calendar Event Management System 2.3.0. I ...) + NOT-FOR-US: Calendar Event Management System +CVE-2022-48311 (**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet ...) + NOT-FOR-US: HP +CVE-2023-25173 (containerd is an open source container runtime. A bug was found in con ...) + - containerd 1.6.18~ds1-1 + [bullseye] - containerd 1.4.13~ds1-1~deb11u4 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-hmfx-3pcx-653p +CVE-2023-25172 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-25171 (Kiwi TCMS, an open source test management system, does not impose rate ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-25170 (PrestaShop is an open source e-commerce web application that, prior to ...) + NOT-FOR-US: PrestaShop +CVE-2023-25169 (discourse-yearly-review is a discourse plugin which publishes an autom ...) + NOT-FOR-US: Discourse plugin +CVE-2023-25168 (Wings is Pterodactyl's server control plane. This vulnerability can be ...) + NOT-FOR-US: Wings +CVE-2023-25167 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2023-25166 (formula is a math and string formula parser. In versions prior to 3.0. ...) + NOT-FOR-US: @sideway/formula +CVE-2023-25165 (Helm is a tool that streamlines installing and managing Kubernetes app ...) + - helm-kubernetes (bug #910799) +CVE-2023-25164 (Tinacms is a Git-backed headless content management system with suppor ...) + NOT-FOR-US: Tinacms +CVE-2023-25163 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2023-25162 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2023-25161 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2023-25160 (Nextcloud Mail is an email app for the Nextcloud home server platform. ...) + NOT-FOR-US: Nextcloud Mail +CVE-2023-25159 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2023-25158 (GeoTools is an open source Java library that provides tools for geospa ...) + NOT-FOR-US: GeoTools +CVE-2023-25157 (GeoServer is an open source software server written in Java that allow ...) + NOT-FOR-US: Geoserver +CVE-2023-25156 (Kiwi TCMS, an open source test management system, does not impose rate ...) + NOT-FOR-US: Kiwi TCMS +CVE-2023-25155 (Redis is an in-memory database that persists on disk. Authenticated us ...) + - redis 5:7.0.9-1 (bug #1032279) + [bullseye] - redis (Minor issue) + [buster] - redis (Minor issue, DoS) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-x2r7-j9vw-3w83 + NOTE: https://github.com/redis/redis/commit/2a2a582e7cd99ba3b531336b8bd41df2b566e619 (7.0.9) +CVE-2023-25154 (Misskey is an open source, decentralized social media platform. In ver ...) + NOT-FOR-US: Misskey +CVE-2023-25153 (containerd is an open source container runtime. Before versions 1.6.18 ...) + - containerd 1.6.18~ds1-1 + [bullseye] - containerd 1.4.13~ds1-1~deb11u4 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-259w-8hf6-59c2 +CVE-2023-25152 (Wings is Pterodactyl's server control plane. Affected versions are sub ...) + NOT-FOR-US: Wings +CVE-2023-25151 (opentelemetry-go-contrib is a collection of extensions for OpenTelemet ...) + NOT-FOR-US: opentelemetry-go-contrib +CVE-2023-25150 (Nextcloud office/richdocuments is an office suit for the nextcloud ser ...) + NOT-FOR-US: Nextcloud office/richdocuments +CVE-2023-25149 (TimescaleDB, an open-source time-series SQL database, has a privilege ...) + NOT-FOR-US: Timescale TimescaleDB +CVE-2023-25148 (A security agent link following vulnerability in Trend Micro Apex One ...) + NOT-FOR-US: Trend Micro +CVE-2023-25147 (An issue in the Trend Micro Apex One agent could allow an attacker who ...) + NOT-FOR-US: Trend Micro +CVE-2023-25146 (A security agent link following vulnerability in the Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2023-25145 (A link following vulnerability in the scanning function of Trend Micro ...) + NOT-FOR-US: Trend Micro +CVE-2023-25144 (An improper access control vulnerability in the Trend Micro Apex One a ...) + NOT-FOR-US: Trend Micro +CVE-2023-25143 (An uncontrolled search path element vulnerability in the Trend Micro A ...) + NOT-FOR-US: Trend Micro +CVE-2023-25142 + RESERVED +CVE-2023-25141 (Apache Sling JCR Base < 3.1.12 has a critical injection vulnerability ...) + NOT-FOR-US: Apache sling-org-apache-sling-jcr-base +CVE-2023-25140 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2023-3247 (In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before ...) + {DSA-5425-1 DSA-5424-1 DLA-3458-1} + - php8.2 8.2.7-1 + - php7.4 + - php7.3 + NOTE: Fixed in 8.2.7, 8.1.20, 8.0.29 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw + NOTE: https://github.com/php/php-src/commit/ac4254ad764c70cb1f05c9270d8d12689fc3aeb6 (php-8.0.29) + NOTE: https://github.com/php/php-src/commit/32c7c433ac1983c4497349051681a4f361d3d33e (php-8.0.29) +CVE-2023-0662 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) + {DSA-5363-1 DLA-3345-1} + - php8.2 8.2.4-1 (bug #1031368) + - php7.4 + - php7.3 + NOTE: Fixed in: 8.2.3 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv + NOTE: https://github.com/php/php-src/commit/716de0cff539f46294ef70fe75d548cd66766370 + NOTE: https://github.com/php/php-src/commit/e45850c195dcd5534394cf357a3f776d4916b655 (improvement) +CVE-2023-0661 (Improper access control in Devolutions Server allows an authenticated ...) + NOT-FOR-US: Devolutions +CVE-2023-0660 (The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0659 (A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been clas ...) + NOT-FOR-US: BDCOM +CVE-2022-4901 (Multiple stored XSS vulnerabilities in Sophos Connect versions older t ...) + NOT-FOR-US: Sophos +CVE-2022-48310 (An information disclosure vulnerability allows sensitive key material ...) + NOT-FOR-US: Sophos +CVE-2022-48309 (A CSRF vulnerability allows malicious websites to retrieve logs and te ...) + NOT-FOR-US: Sophos +CVE-2023-25139 (sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-o ...) + - glibc (Vulnerable code introduced in 2.37) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=30068 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0 +CVE-2023-25138 + RESERVED +CVE-2023-25137 + RESERVED +CVE-2023-25135 (vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker t ...) + NOT-FOR-US: vBulletin +CVE-2023-25134 (McAfee Total Protection prior to 16.0.50 may allow an adversary (with ...) + NOT-FOR-US: McAfee +CVE-2023-25133 (Improper privilege management vulnerability in default.cmd file in Pow ...) + NOT-FOR-US: PowerPanel +CVE-2023-25132 (Unrestricted upload of file with dangerous type vulnerability in defau ...) + NOT-FOR-US: PowerPanel +CVE-2023-25131 (Use of default password vulnerability in PowerPanel Business Local/Rem ...) + NOT-FOR-US: PowerPanel +CVE-2023-25130 + REJECTED +CVE-2023-25129 + REJECTED +CVE-2023-25128 + REJECTED +CVE-2023-25127 + REJECTED +CVE-2023-25126 + REJECTED +CVE-2023-25125 + REJECTED +CVE-2023-25124 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25123 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25122 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25121 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25120 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25119 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25118 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25117 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25116 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25115 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25114 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25113 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25112 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25111 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25110 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25109 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25108 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25107 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25106 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25105 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25104 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25103 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25102 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25101 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25100 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25099 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25098 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25097 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25096 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25095 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25094 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25093 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25092 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25091 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25090 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25089 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25088 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25087 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25086 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25085 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25084 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25083 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25082 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25081 (Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binar ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-25069 (TXOne StellarOne has an improper access control privilege escalation v ...) + NOT-FOR-US: TXOne StellarOne +CVE-2023-24018 (A stack-based buffer overflow vulnerability exists in the libzebra.so. ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-22653 (An OS command injection vulnerability exists in the vtysh_ubus tcpdump ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0658 (A vulnerability, which was classified as critical, was found in Multil ...) + NOT-FOR-US: Multilaser RE057 and RE170 +CVE-2022-48308 (It was discovered that the sls-logging was not verifying hostnames in ...) + NOT-FOR-US: sls-logging +CVE-2022-48307 (It was discovered that the Magritte-ftp was not verifying hostnames in ...) + NOT-FOR-US: Magritte-ftp +CVE-2022-48306 (Improper Validation of Certificate with Host Mismatch vulnerability in ...) + NOT-FOR-US: Palantir +CVE-2019-25101 (A vulnerability classified as critical has been found in OnShift Turbo ...) + NOT-FOR-US: OnShift TurboGears +CVE-2018-25080 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: MobileDetect +CVE-2018-25079 (A vulnerability was found in Segmentio is-url up to 1.2.2. It has been ...) + NOT-FOR-US: Node is-url +CVE-2015-10072 (A vulnerability classified as problematic was found in NREL api-umbrel ...) + NOT-FOR-US: api-umbrella-web +CVE-2013-10018 (A vulnerability was found in fanzila WebFinance 0.5. It has been decla ...) + NOT-FOR-US: fanzila WebFinance +CVE-2013-10017 (A vulnerability was found in fanzila WebFinance 0.5. It has been class ...) + NOT-FOR-US: fanzila WebFinance +CVE-2013-10016 (A vulnerability was found in fanzila WebFinance 0.5 and classified as ...) + NOT-FOR-US: fanzila WebFinance +CVE-2013-10015 (A vulnerability has been found in fanzila WebFinance 0.5 and classifie ...) + NOT-FOR-US: fanzila WebFinance +CVE-2023-25068 + RESERVED +CVE-2023-25067 + RESERVED +CVE-2023-25066 (Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flow ...) + NOT-FOR-US: FolioVision +CVE-2023-25065 (Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tab ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25064 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25063 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anad ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25062 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25061 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25060 + RESERVED +CVE-2023-25059 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in aval ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25058 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25057 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25056 (Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed The ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25055 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25054 + RESERVED +CVE-2023-25053 + RESERVED +CVE-2023-25052 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tepl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25051 (Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Re ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25050 + RESERVED +CVE-2023-25049 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25048 + RESERVED +CVE-2023-25047 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25046 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25045 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25044 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25043 + RESERVED +CVE-2023-25042 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25041 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththeme ...) + NOT-FOR-US: WordPress theme +CVE-2023-25040 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25039 + RESERVED +CVE-2023-25038 (Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25037 + RESERVED +CVE-2023-25036 (Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.An ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25035 + RESERVED +CVE-2023-25034 (Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean U ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25033 (Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share B ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25032 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25031 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25030 + RESERVED +CVE-2023-25029 (Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25028 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25027 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25026 + RESERVED +CVE-2023-25025 (Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-Copy ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25024 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Iceg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25023 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sale ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25022 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25021 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fare ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25020 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs ...) + NOT-FOR-US: WordPress plugin +CVE-2023-25019 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0657 + RESERVED +CVE-2023-0656 (A Stack-based buffer overflow vulnerability in the SonicOS allows a re ...) + NOT-FOR-US: SonicOS +CVE-2023-0655 (SonicWall Email Security contains a vulnerability that could permit a ...) + NOT-FOR-US: SonicWall +CVE-2023-0654 (Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0653 + RESERVED +CVE-2023-0652 (Due to a hardlink created in the ProgramData folder during the repair ...) + NOT-FOR-US: installer (MSI) of WARP Client for Windows +CVE-2023-0651 (A vulnerability was found in FastCMS 0.1.0. It has been classified as ...) + NOT-FOR-US: FastCMS +CVE-2023-0650 (A vulnerability was found in YAFNET up to 3.1.11 and classified as pro ...) + NOT-FOR-US: YAFNET +CVE-2023-0649 (A vulnerability has been found in dst-admin 1.5.0 and classified as cr ...) + NOT-FOR-US: dst-admin +CVE-2023-0648 (A vulnerability, which was classified as critical, was found in dst-ad ...) + NOT-FOR-US: dst-admin +CVE-2023-0647 (A vulnerability, which was classified as critical, has been found in d ...) + NOT-FOR-US: dst-admin +CVE-2023-0646 (A vulnerability classified as critical was found in dst-admin 1.5.0. A ...) + NOT-FOR-US: dst-admin +CVE-2023-0645 (An out of bounds read exists in libjxl. An attacker using a specifical ...) + [experimental] - jpeg-xl 0.8.2-1 + - jpeg-xl (bug #1034722) + [bookworm] - jpeg-xl (Minor issue) + NOTE: https://github.com/libjxl/libjxl/commit/a7c8428b61299f3b055cbbdbba3fbcd8cb38d084 + NOTE: https://github.com/libjxl/libjxl/issues/2100 + NOTE: https://github.com/libjxl/libjxl/pull/2101 +CVE-2023-0644 (The Push Notifications for WordPress by PushAssist WordPress plugin th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0643 (Improper Handling of Additional Special Element in GitHub repository s ...) + NOT-FOR-US: squidex +CVE-2023-0642 (Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex ...) + NOT-FOR-US: squidex +CVE-2023-0641 (A vulnerability was found in PHPGurukul Employee Leaves Management Sys ...) + NOT-FOR-US: PHPGurukul Employee Leaves Management System +CVE-2023-0640 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been ...) + NOT-FOR-US: TRENDnet +CVE-2023-0639 (A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classifie ...) + NOT-FOR-US: TRENDnet +CVE-2023-0638 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) + NOT-FOR-US: TRENDnet +CVE-2023-0637 (A vulnerability, which was classified as critical, was found in TRENDn ...) + NOT-FOR-US: TRENDnet +CVE-2023-0636 (Improper Input Validation vulnerability in ABB Ltd. ASPECT\xae-Enterpr ...) + NOT-FOR-US: ABB +CVE-2023-0635 (Improper Privilege Management vulnerability in ABB Ltd. ASPECT\xae-Ent ...) + NOT-FOR-US: ABB +CVE-2023-25136 (OpenSSH server (sshd) 9.1 introduced a double-free vulnerability durin ...) + - openssh 1:9.2p1-1 + [bullseye] - openssh (Vulnerable code not present) + [buster] - openssh (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/02/2 + NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3522 + NOTE: Introduced by: https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/13/1 +CVE-2023-25018 (RIFARTEK IOT Wall transportation function has insufficient filtering f ...) + NOT-FOR-US: RIFARTEK IOT Wall +CVE-2023-25017 (RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An a ...) + NOT-FOR-US: RIFARTEK IOT Wall +CVE-2023-25016 (Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1. ...) + NOT-FOR-US: Couchbase Server +CVE-2023-25015 (Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF ...) + NOT-FOR-US: Clockwork Web +CVE-2023-25014 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) + NOT-FOR-US: TYPO3 extension +CVE-2023-25013 (An issue was discovered in the femanager extension before 5.5.3, 6.x b ...) + NOT-FOR-US: TYPO3 extension +CVE-2023-25012 (The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove i ...) + {DLA-3404-1} + - linux 6.1.20-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/ +CVE-2023-25011 (PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22 ...) + NOT-FOR-US: PC settings tool +CVE-2023-25010 (A malicious actor may convince a victim to open a malicious USD file t ...) + NOT-FOR-US: Autodesk +CVE-2023-25009 (A malicious actor may convince a user to open a malicious USD file tha ...) + NOT-FOR-US: Autodesk +CVE-2023-25008 (A malicious actor may convince a user to open a malicious USD file tha ...) + NOT-FOR-US: Autodesk +CVE-2023-25007 (A malicious actor may convince a user to open a malicious USD file tha ...) + NOT-FOR-US: Autodesk +CVE-2023-25006 (A malicious actor may convince a user to open a malicious USD file tha ...) + NOT-FOR-US: Autodesk +CVE-2023-25005 (A maliciously crafted DLL file can be forced to read beyond allocated ...) + NOT-FOR-US: Autodesk +CVE-2023-25004 (A maliciously crafted pskernel.dll file in Autodesk products is used t ...) + NOT-FOR-US: Autodesk +CVE-2023-25003 (A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and M ...) + NOT-FOR-US: Autodesk +CVE-2023-25002 (A maliciously crafted SKP file in Autodesk products is used to trigger ...) + NOT-FOR-US: Autodesk +CVE-2023-25001 (A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be ...) + NOT-FOR-US: Autodesk +CVE-2023-0634 + REJECTED +CVE-2023-0633 (In Docker Desktop on Windows before 4.12.0 an argument injection to in ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0632 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-0631 (The Paid Memberships Pro WordPress plugin before 2.9.12 does not preve ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0630 (The Slimstat Analytics WordPress plugin before 4.9.3.3 does not preven ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0629 (Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enh ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0628 (Docker Desktop before 4.17.0 allows an attacker to execute an arbitrar ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0627 (Docker Desktop 4.11.x allows --no-windows-containers flag bypass via I ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0626 (Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0625 (Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extens ...) + NOT-FOR-US: Docker Desktop +CVE-2023-0624 (OrangeScrum version 2.0.11 allows an external attacker to obtain arbit ...) + NOT-FOR-US: OrangeScrum +CVE-2023-0623 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...) + NOT-FOR-US: Cscape Envision RV +CVE-2023-0622 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds writ ...) + NOT-FOR-US: Cscape Envision RV +CVE-2023-0621 (Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read ...) + NOT-FOR-US: Cscape Envision RV +CVE-2023-0620 (HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-25000 (HashiCorp Vault's implementation of Shamir's secret sharing used preco ...) + NOT-FOR-US: HashiCorp Vault +CVE-2023-24999 (HashiCorp Vault and Vault Enterprise\u2019s approle auth method allowe ...) + NOT-FOR-US: Vault +CVE-2023-24998 (Apache Commons FileUpload before 1.5 does not limit the number of requ ...) + {DSA-5522-1 DLA-3617-1} + - tomcat10 10.1.5-1 + - tomcat9 9.0.70-2 + [bullseye] - tomcat9 (Minor issue, fix along with future update) + - libcommons-fileupload-java 1.4-2 (bug #1031733) + [bullseye] - libcommons-fileupload-java (Minor issue) + [buster] - libcommons-fileupload-java (Minor issue) + NOTE: https://github.com/apache/commons-fileupload/commit/e20c04990f7420ca917e96a84cec58b13a1b3d17 (commons-fileupload-1.5) + NOTE: Caution: patch is no-op by default, reverse-dependencies would need to provide updated settings + NOTE: https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy + NOTE: https://github.com/apache/tomcat/commit/8a2285f13affa961cc65595aad999db5efae45ce (10.1.5) + NOTE: https://github.com/apache/tomcat/commit/cf77cc545de0488fb89e24294151504a7432df74 (9.0.71) + NOTE: When fixing the issue make sure to apply complete fixes to not open CVE-2023-28709 + NOTE: Starting with 9.0.70-2 Tomcat9 no longer ships the server stack, using that as the fixed version +CVE-2023-24996 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24995 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24994 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24993 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24992 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24991 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24990 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24989 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24988 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24987 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24986 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24985 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24984 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24983 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24982 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24981 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24980 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24979 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-24978 (A vulnerability has been identified in Tecnomatix Plant Simulation (Al ...) + NOT-FOR-US: Siemens +CVE-2023-0619 (The Kraken.io Image Optimizer plugin for WordPress is vulnerable to au ...) + NOT-FOR-US: Kraken.io Image Optimizer plugin for WordPress +CVE-2023-0618 (A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been ...) + NOT-FOR-US: TRENDnet +CVE-2023-0617 (A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been ...) + NOT-FOR-US: TRENDnet +CVE-2023-0616 (If a MIME email combines OpenPGP and OpenPGP MIME data in a certain wa ...) + {DSA-5355-1 DLA-3324-1} + - thunderbird 1:102.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-07/#CVE-2023-0616 +CVE-2023-0615 (A memory leak flaw and potential divide by zero and Integer overflow w ...) + - linux 6.1.4-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux 4.19.282-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2166287 +CVE-2023-0614 (The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confident ...) + - samba 2:4.17.7+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-0614.html +CVE-2023-0613 (A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and cla ...) + NOT-FOR-US: TRENDnet +CVE-2023-0612 (A vulnerability, which was classified as critical, was found in TRENDn ...) + NOT-FOR-US: TRENDnet +CVE-2023-0611 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: TRENDnet +CVE-2023-0610 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) + NOT-FOR-US: Wallabag +CVE-2023-0609 (Improper Authorization in GitHub repository wallabag/wallabag prior to ...) + NOT-FOR-US: Wallabag +CVE-2023-24997 (Deserialization of Untrusted Data vulnerability in Apache Software Fou ...) + NOT-FOR-US: Apache InLong +CVE-2023-24977 (Out-of-bounds Read vulnerability in Apache Software Foundation Apache ...) + NOT-FOR-US: Apache InLong +CVE-2023-24976 + RESERVED +CVE-2023-24975 (IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caus ...) + NOT-FOR-US: IBM +CVE-2023-24974 + RESERVED +CVE-2023-24973 + RESERVED +CVE-2023-24972 + RESERVED +CVE-2023-24971 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...) + NOT-FOR-US: IBM +CVE-2023-24970 + RESERVED +CVE-2023-24969 + RESERVED +CVE-2023-24968 + RESERVED +CVE-2023-24967 + RESERVED +CVE-2023-24966 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2023-24965 (IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts acc ...) + NOT-FOR-US: IBM +CVE-2023-24964 (IBM InfoSphere Information Server 11.7 could allow a local user to obt ...) + NOT-FOR-US: IBM +CVE-2023-24963 + RESERVED +CVE-2023-24962 + RESERVED +CVE-2023-24961 + RESERVED +CVE-2023-24960 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2023-24959 (IBM InfoSphere Information Systems 11.7 could expose information about ...) + NOT-FOR-US: IBM +CVE-2023-24958 (A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52 ...) + NOT-FOR-US: IBM +CVE-2023-24957 (IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0. ...) + NOT-FOR-US: IBM +CVE-2023-24956 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Forget Heart Message Box +CVE-2023-24955 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24954 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24953 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24952 + RESERVED +CVE-2023-24951 + RESERVED +CVE-2023-24950 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24949 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24948 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24947 (Windows Bluetooth Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24946 (Windows Backup Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24945 (Windows iSCSI Target Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24944 (Windows Bluetooth Driver Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24943 (Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-24942 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24941 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24940 (Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-24939 (Server for NFS Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24938 (Windows CryptoAPI Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24937 (Windows CryptoAPI Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24936 (.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnera ...) + NOT-FOR-US: .NET +CVE-2023-24935 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24934 (Microsoft Defender Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24933 + RESERVED +CVE-2023-24932 (Secure Boot Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24931 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24930 (Microsoft OneDrive for MacOS Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24929 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24928 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24927 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24926 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24925 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24924 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24923 (Microsoft OneDrive for Android Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24922 (Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-24921 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-24920 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-24919 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-24918 + RESERVED +CVE-2023-24917 + RESERVED +CVE-2023-24916 + RESERVED +CVE-2023-24915 + RESERVED +CVE-2023-24914 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24913 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24912 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24911 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24910 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24909 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24908 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24907 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24906 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24905 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24904 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24903 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-24902 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24901 (Windows NFS Portmapper Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24900 (Windows NTLM Security Support Provider Information Disclosure Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-24899 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24898 (Windows SMB Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24897 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) + NOT-FOR-US: .NET +CVE-2023-24896 (Dynamics 365 Finance Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24895 (.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerab ...) + NOT-FOR-US: .NET +CVE-2023-24894 + RESERVED +CVE-2023-24893 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24892 (Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24891 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-24890 (Microsoft OneDrive for iOS Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24889 + RESERVED +CVE-2023-24888 + RESERVED +CVE-2023-24887 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24886 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24885 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24884 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24883 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24882 (Microsoft OneDrive for Android Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24881 (Microsoft Teams Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24880 (Windows SmartScreen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24879 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-24878 + RESERVED +CVE-2023-24877 + RESERVED +CVE-2023-24876 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24875 + RESERVED +CVE-2023-24874 + RESERVED +CVE-2023-24873 + RESERVED +CVE-2023-24872 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24871 (Windows Bluetooth Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24870 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24869 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24868 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24867 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-24866 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24865 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24864 (Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privil ...) + NOT-FOR-US: Microsoft +CVE-2023-24863 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24862 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24861 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24860 (Microsoft Defender Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-24859 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-24858 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24857 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24856 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-24016 (Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro ...) + NOT-FOR-US: Intel +CVE-2023-23910 (Out-of-bounds write for some Intel(R) Trace Analyzer and Collector sof ...) + NOT-FOR-US: Intel +CVE-2023-23909 (Out-of-bounds read for some Intel(R) Trace Analyzer and Collector soft ...) + NOT-FOR-US: Intel +CVE-2023-23569 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...) + NOT-FOR-US: Intel +CVE-2023-22447 (Insertion of sensitive information into log file in the Open CAS softw ...) + NOT-FOR-US: Intel +CVE-2023-22446 + RESERVED +CVE-2023-22443 (Integer overflow in some Intel(R) Server Board BMC firmware before ver ...) + NOT-FOR-US: Intel +CVE-2023-22442 (Out of bounds write in some Intel(R) Server Board BMC firmware before ...) + NOT-FOR-US: Intel +CVE-2023-22440 (Incorrect default permissions in the Intel(R) SCS Add-on software inst ...) + NOT-FOR-US: Intel +CVE-2023-22276 (Race condition in firmware for some Intel(R) Ethernet Controllers and ...) + NOT-FOR-US: Intel +CVE-2023-0608 (Cross-site Scripting (XSS) - DOM in GitHub repository microweber/micro ...) + NOT-FOR-US: microweber +CVE-2023-0607 (Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/p ...) + NOT-FOR-US: ProjectSend +CVE-2023-0606 (Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/am ...) + - ampache +CVE-2023-0605 (The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0604 (The WP Food Manager WordPress plugin before 1.0.4 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0603 (The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0602 (The Twittee Text Tweet WordPress plugin through 1.0.8 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0601 + RESERVED +CVE-2023-24855 (Memory corruption in Modem while processing security related configura ...) + NOT-FOR-US: Qualcomm +CVE-2023-24854 (Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware respons ...) + NOT-FOR-US: Qualcomm +CVE-2023-24853 (Memory Corruption in HLOS while registering for key provisioning notif ...) + NOT-FOR-US: Qualcomm +CVE-2023-24852 (Memory Corruption in Core due to secure memory access by user while lo ...) + NOT-FOR-US: Qualcomm +CVE-2023-24851 (Memory Corruption in WLAN HOST while parsing QMI response message from ...) + NOT-FOR-US: Qualcomm +CVE-2023-24850 (Memory Corruption in HLOS while importing a cryptographic key into Key ...) + NOT-FOR-US: Qualcomm +CVE-2023-24849 (Information Disclosure in data Modem while parsing an FMTP line in an ...) + NOT-FOR-US: Qualcomm +CVE-2023-24848 (Information Disclosure in Data Modem while performing a VoLTE call wit ...) + NOT-FOR-US: Qualcomm +CVE-2023-24847 (Transient DOS in Modem while allocating DSM items.) + NOT-FOR-US: Qualcomm +CVE-2023-24846 + RESERVED +CVE-2023-24845 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2023-24844 (Memory Corruption in Core while invoking a call to Access Control core ...) + NOT-FOR-US: Qualcomm +CVE-2023-24843 (Transient DOS in Modem while triggering a camping on an 5G cell.) + NOT-FOR-US: Qualcomm +CVE-2023-24842 (HGiga MailSherlock has vulnerability of insufficient access control. A ...) + NOT-FOR-US: HGiga MailSherlock +CVE-2023-24841 (HGiga MailSherlock query function for connection log has a vulnerabili ...) + NOT-FOR-US: HGiga MailSherlock +CVE-2023-24840 (HGiga MailSherlock mail query function has vulnerability of insufficie ...) + NOT-FOR-US: HGiga MailSherlock +CVE-2023-24839 (HGiga MailSherlock\u2019s specific function has insufficient filtering ...) + NOT-FOR-US: HGiga MailSherlock +CVE-2023-24838 (HGiga PowerStation has a vulnerability of Information Leakage. An unau ...) + NOT-FOR-US: HGiga PowerStation +CVE-2023-24837 (HGiga PowerStation remote management function has insufficient filteri ...) + NOT-FOR-US: HGiga +CVE-2023-24836 (SUNNET CTMS has vulnerability of path traversal within its file upload ...) + NOT-FOR-US: SUNNET +CVE-2023-24835 (Softnext Technologies Corp.\u2019s SPAM SQR has a vulnerability of Cod ...) + NOT-FOR-US: Softnext +CVE-2023-24834 (WisdomGarden Tronclass has improper access control when uploading file ...) + NOT-FOR-US: WisdomGarden Tronclass +CVE-2023-0600 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0599 (Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored c ...) + NOT-FOR-US: Rapid7 +CVE-2023-0598 (GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Dig ...) + NOT-FOR-US: GE +CVE-2023-0597 (A flaw possibility of memory leak in the Linux kernel cpu_entry_area m ...) + - linux 6.3.7-1 + NOTE: https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80 (6.2-rc1) +CVE-2023-0596 + RESERVED +CVE-2023-0595 (A CWE-117: Improper Output Neutralization for Logs vulnerability exist ...) + NOT-FOR-US: Schneider +CVE-2023-0594 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-0593 (A path traversal vulnerability affects yaffshiv YAFFS filesystem extra ...) + NOT-FOR-US: ProjectSendyaffshiv +CVE-2023-0592 (A path traversal vulnerability affects jefferson's JFFS2 filesystem ex ...) + NOT-FOR-US: jefferson JFFS tool +CVE-2023-0591 (ubireader_extract_files is vulnerable to path traversal when run again ...) + NOT-FOR-US: UBI reader +CVE-2023-0590 (A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c ...) + - linux 6.0.6-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/ebda44da44f6f309d302522b049f43d6f829f7aa (6.1-rc2) +CVE-2023-0589 (The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0588 (The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4900 (A vulnerability was found in PHP where setting the environment variabl ...) + - php8.2 (Fixed before initial upload) + - php7.4 + [bullseye] - php7.4 (Minor issue, fix along in future update) + - php7.3 + NOTE: https://github.com/php/php-src/issues/8989 + NOTE: https://github.com/php/php-src/pull/9000 + NOTE: https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 (php-8.0.22RC1) + NOTE: Introduced by: https://github.com/php/php-src/commit/82effb3fc7bcab0efcc343b3e03355f5f2f663c9 (php-7.4.0RC1) +CVE-2022-4899 (A vulnerability was found in zstd v1.4.10, where an attacker can suppl ...) + - libzstd 1.5.4+dfsg2-1 + [bullseye] - libzstd (Minor issue) + [buster] - libzstd (Vulnerable code introduced later) + NOTE: https://github.com/facebook/zstd/issues/3200 + NOTE: https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846 (v1.5.4) + NOTE: https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa (v1.5.4) + NOTE: Introduced by https://github.com/facebook/zstd/commit/9a8ccd4ba377060fbe180bcbc3e2bb714bda8726 (v1.4.7) +CVE-2023-24833 (A use-after-free in BigIntPrimitive addition in Hermes prior to commit ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-24832 (A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-0587 (A file upload vulnerability in exists in Trend Micro Apex One server b ...) + NOT-FOR-US: Trend Micro +CVE-2023-0586 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: All in One SEO Pack plugin for WordPress +CVE-2023-0585 (The All in One SEO Pack plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: All in One SEO Pack plugin for WordPress +CVE-2016-15023 (A vulnerability, which was classified as problematic, was found in Sit ...) + NOT-FOR-US: SiteFusion +CVE-2023-24831 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache IoTDB +CVE-2023-24828 (Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions ...) + NOT-FOR-US: Onedev +CVE-2023-24827 (syft is a a CLI tool and Go library for generating a Software Bill of ...) + NOT-FOR-US: syft +CVE-2023-24826 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24825 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24824 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1034171) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1034172) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1034173) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1034174) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-66g8-4hjf-77xh + NOTE: https://github.com/github/cmark-gfm/commit/2300c1bd2c8226108885bf019655c4159cf26b59 (0.29.0.gfm.10) +CVE-2023-24823 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24822 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24821 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24820 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24819 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24818 (RIOT-OS, an operating system that supports Internet of Things devices, ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24817 (RIOT-OS, an operating system for Internet of Things (IoT) devices, con ...) + NOT-FOR-US: RIOT-OS +CVE-2023-24816 (IPython (Interactive Python) is a command shell for interactive comput ...) + - ipython (Windows-specific) + NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-29gw-9793-fvw7 + NOTE: https://github.com/ipython/ipython/commit/991849c247fc208628879e7ca2923b3c218a5a75 (8.10.0) +CVE-2023-24815 (Vert.x-Web is a set of building blocks for building web applications i ...) + NOT-FOR-US: Vert.x-Web +CVE-2023-24814 (TYPO3 is a free and open source Content Management Framework released ...) + NOT-FOR-US: Typo3 +CVE-2023-24813 (Dompdf is an HTML to PDF converter written in php. Due to the differen ...) + - php-dompdf 2.0.3+dfsg-1 + [bullseye] - php-dompdf (SVG image references validation introduced in v2.0.0) + [buster] - php-dompdf (SVG image references validation introduced in v2.0.0) + NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-56gj-mvh6-rp75 + NOTE: Fixed by: https://github.com/dompdf/dompdf/commit/95009ea98230f9b084b040c34e3869ef3dccc9aa (v2.0.3) + NOTE: Introduced by: https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799 (v2.0.0) +CVE-2023-24812 (Misskey is an open source, decentralized social media platform. In ver ...) + NOT-FOR-US: Misskey +CVE-2023-24811 (Misskey is an open source, decentralized social media platform. In ver ...) + NOT-FOR-US: Misskey +CVE-2023-24810 (Misskey is an open source, decentralized social media platform. Due to ...) + NOT-FOR-US: Misskey +CVE-2023-24809 (NetHack is a single player dungeon exploration game. Starting with ver ...) + - nethack 3.6.7-1 (bug #1031869) + [bookworm] - nethack (Minor issue) + [bullseye] - nethack (Minor issue) + [buster] - nethack (Minor issue) + NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2cqv-5w4v-mgch + NOTE: https://nethack.org/security/CVE-2023-24809.html +CVE-2023-24808 (PDFio is a C library for reading and writing PDF files. In versions pr ...) + - ippsample (unimportant; bug #1033104) + NOTE: Crash in CLI tool, no security impact +CVE-2023-24807 (Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the ...) + - node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418) + [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-r6ch-mqf9-qc9w + NOTE: https://github.com/nodejs/undici/commit/f2324e549943f0b0937b09fb1c0c16cc7c93abdf (v5.19.1) +CVE-2023-24806 + REJECTED +CVE-2023-24805 (cups-filters contains backends, filters, and other software required t ...) + {DSA-5407-1 DLA-3430-1} + - cups-filters 1.28.17-3 (bug #1036224) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/17/5 + NOTE: https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-gpxc-v2m8-fr3x + NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/8f274035756c04efeb77eb654e9d4c4447287d65 (master) + NOTE: Fixed by: https://github.com/OpenPrinting/cups-filters/commit/93e60d3df358c0ae6f3dba79e1c9684657683d89 (1.x) +CVE-2023-24804 (The ownCloud Android app allows ownCloud users to access, share, and e ...) + NOT-FOR-US: ownCloud Android app +CVE-2023-0584 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...) + NOT-FOR-US: VK Blocks plugin for WordPress +CVE-2023-0583 (The VK Blocks plugin for WordPress is vulnerable to improper authoriza ...) + NOT-FOR-US: VK Blocks plugin for WordPress +CVE-2023-0582 + RESERVED +CVE-2023-0581 (The PrivateContent plugin for WordPress is vulnerable to protection me ...) + NOT-FOR-US: PrivateContent plugin for WordPress +CVE-2023-0580 (Insecure Storage of Sensitive Information vulnerability in ABB My Cont ...) + NOT-FOR-US: ABB +CVE-2023-0579 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0578 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: ASOS +CVE-2023-0577 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: ASOS +CVE-2023-0576 + REJECTED +CVE-2023-0575 (External Control of Critical State Data, Improper Control of Generatio ...) + - yugabyte-db (bug #989673) +CVE-2023-0574 (Server-Side Request Forgery (SSRF), Improperly Controlled Modification ...) + - yugabyte-db (bug #989673) +CVE-2022-48305 (There is an identity authentication bypass vulnerability in Huawei Chi ...) + NOT-FOR-US: Huawei +CVE-2023-24830 (Improper Authentication vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache IoTDB +CVE-2023-24829 (Incorrect Authorization vulnerability in Apache Software Foundation Ap ...) + NOT-FOR-US: Apache IoTDB +CVE-2023-24803 + RESERVED +CVE-2023-24802 + RESERVED +CVE-2023-24801 + RESERVED +CVE-2023-24800 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) + NOT-FOR-US: D-Link +CVE-2023-24799 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) + NOT-FOR-US: D-Link +CVE-2023-24798 (D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overf ...) + NOT-FOR-US: D-Link +CVE-2023-24797 (D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack over ...) + NOT-FOR-US: D-Link +CVE-2023-24796 (Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and befo ...) + NOT-FOR-US: Vinga +CVE-2023-24795 (Command execution vulnerability was discovered in JHR-N916R router fir ...) + NOT-FOR-US: JHR-N916R +CVE-2023-24794 + RESERVED +CVE-2023-24793 + RESERVED +CVE-2023-24792 + RESERVED +CVE-2023-24791 + RESERVED +CVE-2023-24790 + RESERVED +CVE-2023-24789 (jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injec ...) + NOT-FOR-US: jeecg-boot +CVE-2023-24788 (NotrinosERP v0.7 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: NotrinosERP +CVE-2023-24787 + REJECTED +CVE-2023-24786 + RESERVED +CVE-2023-24785 (An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a de ...) + NOT-FOR-US: Giorgio Tani peazip +CVE-2023-24784 + RESERVED +CVE-2023-24783 + RESERVED +CVE-2023-24782 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24781 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24780 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24779 + RESERVED +CVE-2023-24778 + RESERVED +CVE-2023-24777 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24776 (Funadmin v3.2.0 was discovered to contain a remote code execution (RCE ...) + NOT-FOR-US: Funadmin +CVE-2023-24775 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24774 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24773 (Funadmin v3.2.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Funadmin +CVE-2023-24772 + RESERVED +CVE-2023-24771 + RESERVED +CVE-2023-24770 + RESERVED +CVE-2023-24769 (Changedetection.io before v0.40.1.1 was discovered to contain a stored ...) + NOT-FOR-US: Changedetection.io +CVE-2023-24768 + RESERVED +CVE-2023-24767 + RESERVED +CVE-2023-24766 + RESERVED +CVE-2023-24765 + RESERVED +CVE-2023-24764 + RESERVED +CVE-2023-24763 (In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated ...) + NOT-FOR-US: PrestaShop module +CVE-2023-24762 (OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 ...) + NOT-FOR-US: D-Link +CVE-2023-24761 + RESERVED +CVE-2023-24760 (An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalat ...) + NOT-FOR-US: Ofcms +CVE-2023-24759 + RESERVED +CVE-2023-24758 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/383 + NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11) +CVE-2023-24757 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/385 + NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) +CVE-2023-24756 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/380 + NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) +CVE-2023-24755 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/384 + NOTE: https://github.com/strukturag/libde265/commit/48eb7dafe204b825b4a62948ed171a0cd3f1bda2 (v1.0.11) +CVE-2023-24754 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/382 + NOTE: https://github.com/strukturag/libde265/commit/bfb6de155f9fb015d2904cb4ef07809f17995276 (v1.0.11) +CVE-2023-24753 + RESERVED +CVE-2023-24752 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/378 + NOTE: https://github.com/strukturag/libde265/commit/052bacb2535cf0024042eefde58e48df2c778f7c (v1.0.11) +CVE-2023-24751 (libde265 v1.0.10 was discovered to contain a NULL pointer dereference ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/379 + NOTE: https://github.com/strukturag/libde265/commit/7ea8e3cbb010bc02fa38419e87ed2281d7933850 (v1.0.11) +CVE-2023-24750 + RESERVED +CVE-2023-24749 + RESERVED +CVE-2023-24748 + RESERVED +CVE-2023-24747 (Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: Jfinal CMS +CVE-2023-24746 + RESERVED +CVE-2023-24745 + RESERVED +CVE-2023-24744 (Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus ...) + NOT-FOR-US: Rediker Software AdminPlus +CVE-2023-24743 + RESERVED +CVE-2023-24742 + RESERVED +CVE-2023-24741 + RESERVED +CVE-2023-24740 + RESERVED +CVE-2023-24739 + RESERVED +CVE-2023-24738 + RESERVED +CVE-2023-24737 (PMB v7.4.6 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: PMB +CVE-2023-24736 (PMB v7.4.6 was discovered to contain a remote code execution (RCE) vul ...) + NOT-FOR-US: PMB +CVE-2023-24735 (PMB v7.4.6 was discovered to contain an open redirect vulnerability vi ...) + NOT-FOR-US: PMB +CVE-2023-24734 (An arbitrary file upload vulnerability in the camera_upload.php compon ...) + NOT-FOR-US: PMB +CVE-2023-24733 (PMB v7.4.6 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: PMB +CVE-2023-24732 (Simple Customer Relationship Management System v1.0 as discovered to c ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24731 (Simple Customer Relationship Management System v1.0 as discovered to c ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24730 (Simple Customer Relationship Management System v1.0 as discovered to c ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24729 (Simple Customer Relationship Management System v1.0 as discovered to c ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24728 (Simple Customer Relationship Management System v1.0 as discovered to c ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24727 + RESERVED +CVE-2023-24726 (Art Gallery Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Art Gallery Management System +CVE-2023-24725 + RESERVED +CVE-2023-24724 (A stored cross site scripting (XSS) vulnerability was discovered in th ...) + NOT-FOR-US: SAS 9.4 Admin Console +CVE-2023-24723 + RESERVED +CVE-2023-24722 + RESERVED +CVE-2023-24721 (A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1. ...) + NOT-FOR-US: LiveAction LiveSP +CVE-2023-24720 (An arbitrary file upload vulnerability in readium-js v0.32.0 allows at ...) + NOT-FOR-US: readium-js +CVE-2023-24719 + RESERVED +CVE-2023-24718 + RESERVED +CVE-2023-24717 + RESERVED +CVE-2023-24716 + RESERVED +CVE-2023-24715 + RESERVED +CVE-2023-24714 + RESERVED +CVE-2023-24713 + RESERVED +CVE-2023-24712 + RESERVED +CVE-2023-24711 + RESERVED +CVE-2023-24710 + RESERVED +CVE-2023-24709 (An issue found in Paradox Security Systems IPR512 allows attackers to ...) + NOT-FOR-US: Paradox Security Systems IPR512 +CVE-2023-24708 + RESERVED +CVE-2023-24707 + RESERVED +CVE-2023-24706 + RESERVED +CVE-2023-24705 + RESERVED +CVE-2023-24704 + RESERVED +CVE-2023-24703 + RESERVED +CVE-2023-24702 + RESERVED +CVE-2023-24701 + RESERVED +CVE-2023-24700 + RESERVED +CVE-2023-24699 + RESERVED +CVE-2023-24698 (Insufficient parameter validation in the Foswiki::Sandbox component of ...) + - foswiki (bug #509864) +CVE-2023-24697 + RESERVED +CVE-2023-24696 + RESERVED +CVE-2023-24695 + RESERVED +CVE-2023-24694 + RESERVED +CVE-2023-24693 + RESERVED +CVE-2023-24692 + RESERVED +CVE-2023-24691 + RESERVED +CVE-2023-24690 (ChurchCRM 4.5.3 and below was discovered to contain a stored cross-sit ...) + NOT-FOR-US: ChurchCRM +CVE-2023-24689 (An issue in Mojoportal v2.7.0.0 and below allows an authenticated atta ...) + NOT-FOR-US: Mojoportal +CVE-2023-24688 (An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to ...) + NOT-FOR-US: Mojoportal +CVE-2023-24687 (Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scri ...) + NOT-FOR-US: Mojoportal +CVE-2023-24686 (An issue in the CSV Import function of ChurchCRM v4.5.3 and below allo ...) + NOT-FOR-US: ChurchCRM +CVE-2023-24685 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...) + NOT-FOR-US: ChurchCRM +CVE-2023-24684 (ChurchCRM v4.5.3 and below was discovered to contain a SQL injection v ...) + NOT-FOR-US: ChurchCRM +CVE-2023-24683 + RESERVED +CVE-2023-24682 + RESERVED +CVE-2023-24681 + RESERVED +CVE-2023-24680 + RESERVED +CVE-2023-24679 + RESERVED +CVE-2023-24678 (A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attac ...) + NOT-FOR-US: Centralite Pearl Thermostat +CVE-2023-24677 + RESERVED +CVE-2023-24676 + RESERVED +CVE-2023-24675 (Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attack ...) + NOT-FOR-US: BluditCMS +CVE-2023-24674 (Permissions vulnerability found in Bludit CMS v.4.0.0 allows local att ...) + NOT-FOR-US: BluditCMS +CVE-2023-24673 + RESERVED +CVE-2023-24672 + RESERVED +CVE-2023-24671 (VX Search v13.8 and v14.7 was discovered to contain an unquoted servic ...) + NOT-FOR-US: VX Search +CVE-2023-24670 + RESERVED +CVE-2023-24669 + RESERVED +CVE-2023-24668 + RESERVED +CVE-2023-24667 + RESERVED +CVE-2023-24666 + RESERVED +CVE-2023-24665 + RESERVED +CVE-2023-24664 + RESERVED +CVE-2023-24663 + RESERVED +CVE-2023-24662 + RESERVED +CVE-2023-24661 + RESERVED +CVE-2023-24660 + RESERVED +CVE-2023-24659 + RESERVED +CVE-2023-24658 + RESERVED +CVE-2023-24657 (phpipam v1.6 was discovered to contain a reflected cross-site scriptin ...) + - phpipam (bug #731713) +CVE-2023-24656 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24655 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24654 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24653 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24652 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24651 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24650 + RESERVED +CVE-2023-24649 + RESERVED +CVE-2023-24648 (Zstore v6.6.0 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: Zstore +CVE-2023-24647 (Food Ordering System v2.0 was discovered to contain a SQL injection vu ...) + NOT-FOR-US: Food Ordering System +CVE-2023-24646 (An arbitrary file upload vulnerability in the component /fos/admin/aja ...) + NOT-FOR-US: Food Ordering System +CVE-2023-24645 + RESERVED +CVE-2023-24644 + RESERVED +CVE-2023-24643 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-24642 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-24641 (Judging Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Judging Management System +CVE-2023-24640 + RESERVED +CVE-2023-24639 + RESERVED +CVE-2023-24638 + RESERVED +CVE-2023-24637 + RESERVED +CVE-2023-24636 + RESERVED +CVE-2023-24635 + RESERVED +CVE-2023-24634 + RESERVED +CVE-2023-24633 + RESERVED +CVE-2023-24632 + RESERVED +CVE-2023-24631 + RESERVED +CVE-2023-24630 + RESERVED +CVE-2023-24629 + RESERVED +CVE-2023-24628 + RESERVED +CVE-2023-24627 + RESERVED +CVE-2023-24626 (socket.c in GNU Screen through 4.9.0, when installed setuid or setgid ...) + - screen 4.9.1-1 (unimportant) + NOTE: https://savannah.gnu.org/bugs/?63195 (private) + NOTE: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 + NOTE: screen in Debian not installed setuid or setgid +CVE-2023-24625 (Faveo 5.0.1 allows remote attackers to obtain sensitive information vi ...) + NOT-FOR-US: Faveo +CVE-2023-24624 + RESERVED +CVE-2023-24623 (Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to th ...) + NOT-FOR-US: Paranoidhttp +CVE-2023-24622 (isInList in the safeurl-python package before 1.2 for Python has an in ...) + NOT-FOR-US: safeurl-python +CVE-2023-24621 (An issue was discovered in Esoteric YamlBeans through 1.15. It allows ...) + NOT-FOR-US: Esoteric YamlBeans +CVE-2023-24620 (An issue was discovered in Esoteric YamlBeans through 1.15. A crafted ...) + NOT-FOR-US: Esoteric YamlBeans +CVE-2023-24619 (Redpanda before 22.3.12 discloses cleartext AWS credentials. The impor ...) + NOT-FOR-US: Redpanda +CVE-2023-24618 + RESERVED +CVE-2023-24617 + RESERVED +CVE-2023-24616 + RESERVED +CVE-2023-24615 + RESERVED +CVE-2023-24614 + RESERVED +CVE-2023-24613 (The user interface of Array Networks AG Series and vxAG through 9.4.0. ...) + NOT-FOR-US: Array Networks +CVE-2023-24612 (The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allo ...) + NOT-FOR-US: MediaWiki PdfBook extension +CVE-2023-24611 + RESERVED +CVE-2023-24610 (NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrar ...) + NOT-FOR-US: NOSH +CVE-2023-24609 + RESERVED +CVE-2023-24608 + RESERVED +CVE-2023-0573 + RESERVED +CVE-2023-0572 (Unchecked Error Condition in GitHub repository froxlor/froxlor prior t ...) + - froxlor (bug #581792) +CVE-2022-4898 (In affected versions of Octopus Server the help sidebar can be customi ...) + NOT-FOR-US: Octopus Server +CVE-2022-48304 + RESERVED +CVE-2022-48303 (GNU Tar through 1.34 has a one-byte out-of-bounds read that results in ...) + - tar 1.34+dfsg-1.4 (unimportant) + NOTE: Crash in CLI tool, no security impact + NOTE: https://savannah.gnu.org/bugs/?62387 + NOTE: https://savannah.gnu.org/patch/?10307 + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/tar.git/commit/?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8 (v1.35) +CVE-2021-46873 (WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account ...) + NOTE: Generic protocol issue in WireGuard +CVE-2023-0571 (A vulnerability has been found in SourceCodester Canteen Management Sy ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2023-0570 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0569 (Weak Password Requirements in GitHub repository publify/publify prior ...) + NOT-FOR-US: Publify +CVE-2023-0568 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) + {DSA-5363-1 DLA-3345-1} + - php8.2 8.2.4-1 (bug #1031368) + - php7.4 + - php7.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81746 + NOTE: Fixed in: 8.2.3 + NOTE: https://github.com/php/php-src/commit/ec10b28d64decbc54aa1e585dce580f0bd7a5953 +CVE-2023-0567 (In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3 ...) + {DSA-5363-1 DLA-3345-1} + - php8.2 8.2.4-1 (bug #1031368) + - php7.4 + - php7.3 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81744 + NOTE: Fixed in 8.2.3 + NOTE: https://github.com/php/php-src/security/advisories/GHSA-7fj2-8x79-rjf4 + NOTE: https://github.com/php/php-src/commit/c840f71524067aa474c00c3eacfb83bd860bfc8a + NOTE: https://github.com/php/php-src/commit/a92acbad873a05470af1a47cb785a18eadd827b5 +CVE-2022-48302 (The AMS module has a vulnerability of lacking permission verification ...) + NOT-FOR-US: Huawei +CVE-2022-48301 (The bundle management module lacks permission verification in some API ...) + NOT-FOR-US: Huawei +CVE-2022-48300 (The WMS module lacks the authentication mechanism in some APIs. Succes ...) + NOT-FOR-US: Huawei +CVE-2022-48299 (The WMS module lacks the authentication mechanism in some APIs. Succes ...) + NOT-FOR-US: Huawei +CVE-2022-48298 (The geofencing kernel code does not verify the length of the input dat ...) + NOT-FOR-US: Huawei +CVE-2022-48297 (The geofencing kernel code has a vulnerability of not verifying the le ...) + NOT-FOR-US: Huawei +CVE-2022-48296 (The SystemUI has a vulnerability in permission management. Successful ...) + NOT-FOR-US: Huawei +CVE-2022-48295 (The IHwAntiMalPlugin interface lacks permission verification. Successf ...) + NOT-FOR-US: Huawei +CVE-2022-48294 (The IHwAttestationService interface has a defect in authentication. Su ...) + NOT-FOR-US: Huawei +CVE-2022-48293 (The Bluetooth module has an OOM vulnerability. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-48292 (The Bluetooth module has an out-of-memory (OOM) vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2022-48291 (The Bluetooth module has an authentication bypass vulnerability in the ...) + NOT-FOR-US: Huawei +CVE-2022-48290 (The phone-PC collaboration module has a logic bypass vulnerability. Su ...) + NOT-FOR-US: Huawei +CVE-2022-48289 (The bundle management module lacks authentication and control mechanis ...) + NOT-FOR-US: Huawei +CVE-2022-48288 (The bundle management module lacks authentication and control mechanis ...) + NOT-FOR-US: Huawei +CVE-2022-48287 (The HwContacts module has a logic bypass vulnerability. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2022-48286 (The multi-screen collaboration module has a privilege escalation vulne ...) + NOT-FOR-US: Huawei +CVE-2023-24607 (Qt before 6.4.3 allows a denial of service via a crafted string when t ...) + - qtbase-opensource-src 5.15.8+dfsg-3 (bug #1031872) + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Minor issue) + - qt6-base 6.4.2+dfsg-7 (bug #1031871) + - qtbase-opensource-src-gles (GLES build only ships libqt5gui5, not the DB modules, see #1031873) + NOTE: https://www.qt.io/blog/security-advisory-qt-sql-odbc-driver-plugin + NOTE: https://github.com/qt/qtbase/commit/aaf1381eab6292aa0444a5eadcc24165b6e1c02d (6.4) + NOTE: https://download.qt.io/official_releases/qt/5.15/CVE-2023-24607-qtbase-5.15.diff +CVE-2023-24606 + RESERVED +CVE-2023-24605 (OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all ...) + NOT-FOR-US: OX App Suite +CVE-2023-24604 (OX App Suite before backend 7.10.6-rev37 does not check HTTP header le ...) + NOT-FOR-US: OX App Suite +CVE-2023-24603 (OX App Suite before backend 7.10.6-rev37 does not check size limits wh ...) + NOT-FOR-US: OX App Suite +CVE-2023-24602 (OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the T ...) + NOT-FOR-US: OX App Suite +CVE-2023-24601 (OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app dee ...) + NOT-FOR-US: OX App Suite +CVE-2023-24600 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...) + NOT-FOR-US: OX App Suite +CVE-2023-24599 (OX App Suite before backend 7.10.6-rev37 allows authenticated users to ...) + NOT-FOR-US: OX App Suite +CVE-2023-24598 (OX App Suite before backend 7.10.6-rev37 has an information leak in th ...) + NOT-FOR-US: OX App Suite +CVE-2023-24597 (OX App Suite before frontend 7.10.6-rev24 allows the loading (without ...) + NOT-FOR-US: OX App Suite +CVE-2023-0566 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + - froxlor (bug #581792) +CVE-2023-0565 (Business Logic Errors in GitHub repository froxlor/froxlor prior to 2. ...) + - froxlor (bug #581792) +CVE-2023-0564 (Weak Password Requirements in GitHub repository froxlor/froxlor prior ...) + - froxlor (bug #581792) +CVE-2023-0563 (A vulnerability classified as problematic has been found in PHPGurukul ...) + NOT-FOR-US: PHPGurukul Bank Locker Management System +CVE-2022-48285 (loadAsync in JSZip before 3.8.0 allows Directory Traversal via a craft ...) + - node-jszip 3.10.0+dfsg-1 + [bullseye] - node-jszip (Minor issue) + [buster] - node-jszip (Minor issue) + NOTE: https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15 (v3.8.0) +CVE-2023-0562 (A vulnerability was found in PHPGurukul Bank Locker Management System ...) + NOT-FOR-US: PHPGurukul Bank Locker Management System +CVE-2023-0561 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0560 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2016-15022 (A vulnerability was found in mosbth cimage up to 0.7.18. It has been d ...) + NOT-FOR-US: mosbth cimage +CVE-2009-10003 (A vulnerability was found in capnsquarepants wordcraft up to 0.6. It h ...) + NOT-FOR-US: capnsquarepants wordcraft +CVE-2023-0559 (The GS Portfolio for Envato WordPress plugin before 1.4.0 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0558 (The ContentStudio plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: ContentStudio plugin for WordPress +CVE-2023-0557 (The ContentStudio plugin for WordPress is vulnerable to Sensitive Info ...) + NOT-FOR-US: ContentStudio plugin for WordPress +CVE-2023-0556 (The ContentStudio plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: ContentStudio plugin for WordPress +CVE-2023-0555 (The Quick Restaurant Menu plugin for WordPress is vulnerable to author ...) + NOT-FOR-US: Quick Restaurant Menu plugin for WordPress +CVE-2023-0554 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: Quick Restaurant Menu plugin for WordPress +CVE-2023-0553 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: Quick Restaurant Menu plugin for WordPress +CVE-2023-0552 (The Registration Forms WordPress plugin before 3.8.2.3 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0551 (The REST API TO MiniProgram WordPress plugin through 4.6.1 does not ha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0550 (The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecu ...) + NOT-FOR-US: Quick Restaurant Menu plugin for WordPress +CVE-2022-48284 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...) + NOT-FOR-US: Huawei +CVE-2022-48283 (A piece of Huawei whole-home intelligence software has an Incorrect Pr ...) + NOT-FOR-US: Huawei +CVE-2021-4315 (A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and class ...) + NOT-FOR-US: NYUCCL psiTurk +CVE-2023-24595 (An OS command injection vulnerability exists in the ys_thirdparty syst ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-24583 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-24582 (Two OS command injection vulnerabilities exist in the urvpn_client cmd ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-24581 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-22365 (An OS command injection vulnerability exists in the ys_thirdparty chec ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-22299 (An OS command injection vulnerability exists in the vtysh_ubus _get_fw ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0549 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: YAFNET +CVE-2023-0548 (The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0547 (OCSP revocation status of recipient certificates was not checked when ...) + {DSA-5392-1 DLA-3400-1} + - thunderbird 1:102.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-0547 +CVE-2023-0546 (The Contact Form Plugin WordPress plugin before 4.3.25 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0545 (The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0544 (The WP Login Box WordPress plugin through 2.0.2 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0543 (The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0542 (The Custom Post Type List Shortcode WordPress plugin through 1.4.4 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0541 (The GS Books Showcase WordPress plugin before 1.3.1 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0540 (The GS Filterable Portfolio WordPress plugin before 1.6.1 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0539 (The GS Insever Portfolio WordPress plugin before 1.4.5 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0538 (The Campaign URL Builder WordPress plugin before 1.8.2 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0537 (The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0536 (The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0535 (The Donation Block For PayPal WordPress plugin before 2.1.0 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0534 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0533 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0532 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0531 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0530 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0529 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0528 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0527 (A vulnerability was found in PHPGurukul Online Security Guards Hiring ...) + NOT-FOR-US: PHPGurukul Online Security Guards Hiring System +CVE-2023-0526 (The Post Shortcode WordPress plugin through 2.0.9 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24580 (An issue was discovered in the Multipart Request Parser in Django 3.2 ...) + {DLA-3329-1} + - python-django 3:3.2.18-1 (bug #1031290) + [bullseye] - python-django 2:2.2.28-1~deb11u2 + NOTE: https://www.djangoproject.com/weblog/2023/feb/14/security-releases/ + NOTE: https://github.com/django/django/commit/a665ed5179f5bbd3db95ce67286d0192eff041d8 (3.2.18) +CVE-2023-24579 (McAfee Total Protection prior to 16.0.51 allows attackers to trick a v ...) + NOT-FOR-US: McAfee +CVE-2023-24578 (McAfee Total Protection prior to 16.0.49 allows attackers to elevate u ...) + NOT-FOR-US: McAfee +CVE-2023-24577 (McAfee Total Protection prior to 16.0.50 allows attackers to elevate u ...) + NOT-FOR-US: McAfee +CVE-2023-24543 + RESERVED +CVE-2023-23908 (Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalab ...) + {DSA-5474-1 DLA-3537-1} + - intel-microcode 3.20230808.1 (bug #1043305) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00836.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 +CVE-2023-23580 (Stack-based buffer overflow for some Intel(R) Trace Analyzer and Colle ...) + NOT-FOR-US: Intel +CVE-2023-23577 (Uncontrolled search path element for some ITE Tech consumer infrared d ...) + NOT-FOR-US: Intel +CVE-2023-23544 + RESERVED +CVE-2023-22841 (Unquoted search path in the software installer for the System Firmware ...) + NOT-FOR-US: Intel +CVE-2023-22840 (Improper neutralization in software for the Intel(R) oneVPL GPU softwa ...) + NOT-FOR-US: Intel +CVE-2023-22655 + RESERVED +CVE-2023-22431 + RESERVED +CVE-2023-22311 + RESERVED +CVE-2023-0525 (Weak Encoding for Password vulnerability in Mitsubishi Electric Corpor ...) + NOT-FOR-US: PyroCMS +CVE-2023-0524 (As part of our Security Development Lifecycle, a potential privilege e ...) + NOT-FOR-US: Tenable +CVE-2023-0523 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0522 (The Enable/Disable Auto Login when Register WordPress plugin through 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0521 + RESERVED +CVE-2023-0520 (The RapidExpCart WordPress plugin through 1.0 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0519 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) + NOT-FOR-US: Modoboa +CVE-2023-0518 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2020-36659 (In Apache::Session::Browseable before 1.3.6, validity of the X.509 cer ...) + {DLA-3285-1} + - libapache-session-browseable-perl 1.3.7-1 + NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f (v1.3.6) + NOTE: Regression follow-up: https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/c73e05c1363cd59e437aa1ea5ea0d260d62d5ee6 (v1.3.7) +CVE-2020-36658 (In Apache::Session::LDAP before 0.5, validity of the X.509 certificate ...) + {DLA-3284-1} + - libapache-session-ldap-perl 0.5-1 + NOTE: Fixed by: https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f (v0.5) +CVE-2023-24576 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...) + NOT-FOR-US: EMC +CVE-2023-24575 (Dell Multifunction Printer E525w Driver and Software Suite, versions p ...) + NOT-FOR-US: Dell +CVE-2023-24574 (Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Unc ...) + NOT-FOR-US: Dell +CVE-2023-24573 (Dell Command | Monitor versions prior to 10.9 contain an arbitrary fol ...) + NOT-FOR-US: Dell +CVE-2023-24572 (Dell Command | Integration Suite for System Center, versions before 6. ...) + NOT-FOR-US: Dell +CVE-2023-24571 (Dell BIOS contains an Improper Input Validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2023-24570 + RESERVED +CVE-2023-24569 (Dell Alienware Command Center versions 5.5.37.0 and prior contain an I ...) + NOT-FOR-US: Dell +CVE-2023-24568 (Dell NetWorker, contains an Improper Validation of Certificate with Ho ...) + NOT-FOR-US: Dell +CVE-2023-24567 (Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version di ...) + NOT-FOR-US: Dell +CVE-2023-24566 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24565 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24564 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24563 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24562 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24561 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24560 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24559 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24558 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24557 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24556 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24555 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24554 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24553 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24552 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24551 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24550 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24549 (A vulnerability has been identified in Solid Edge SE2022 (All versions ...) + NOT-FOR-US: Siemens +CVE-2023-24548 (On affected platforms running Arista EOS with VXLAN configured, malfor ...) + NOT-FOR-US: Arista +CVE-2023-24547 (On affected platforms running Arista MOS, the configuration of a BGP p ...) + NOT-FOR-US: Arista +CVE-2023-24546 (On affected versions of the CloudVision Portal improper access control ...) + NOT-FOR-US: Arista +CVE-2023-24545 (On affected platforms running Arista CloudEOS an issue in the Software ...) + NOT-FOR-US: Arista +CVE-2023-0517 + RESERVED +CVE-2023-0516 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0515 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0514 (The Membership Database WordPress plugin through 1.0 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0513 (A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 a ...) + NOT-FOR-US: isoftforce Dreamer CMS +CVE-2023-0512 (Divide By Zero in GitHub repository vim/vim prior to 9.0.1247.) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 + NOTE: https://github.com/vim/vim/commit/870219c58c0804bdc55419b2e455c06ac715a835 (v9.0.1247) + NOTE: Crash in CLI tool, no security impact +CVE-2023-0511 (Relative Path Traversal vulnerability in ForgeRock Access Management J ...) + NOT-FOR-US: ForgeRock +CVE-2023-0510 + RESERVED +CVE-2023-24540 (Not all valid JavaScript whitespace characters are considered to be wh ...) + - golang-1.20 1.20.4-1 + [experimental] - golang-1.19 1.19.9-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + [bullseye] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU + NOTE: https://github.com/golang/go/issues/59721 + NOTE: https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9) + NOTE: https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4) +CVE-2023-24539 (Angle brackets (<>) are not considered dangerous characters when inser ...) + - golang-1.20 1.20.4-1 + [experimental] - golang-1.19 1.19.9-1 + - golang-1.19 1.19.10-2 + [bookworm] - golang-1.19 (Minor issue) + [bullseye] - golang-1.19 (Minor issue) + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU + NOTE: https://github.com/golang/go/issues/59720 + NOTE: https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9) + NOTE: https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4) +CVE-2023-24538 (Templates do not properly consider backticks (`) as Javascript string ...) + - golang-1.20 1.20.3-1 + [experimental] - golang-1.19 1.19.8-1 + - golang-1.19 1.19.8-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 + NOTE: https://go.dev/issue/59234 + NOTE: https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3) + NOTE: https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8) +CVE-2023-24537 (Calling any of the Parse functions on Go source code which contains // ...) + - golang-1.20 1.20.3-1 + [experimental] - golang-1.19 1.19.8-1 + - golang-1.19 1.19.8-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 + NOTE: https://go.dev/issue/59180 + NOTE: https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3) + NOTE: https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8) + NOTE: Introduced by: https://github.com/golang/go/commit/99c30211b1e0b3ac4e5d32f3ae5eaf759c23195f (go1.11beta1) +CVE-2023-24536 (Multipart form parsing can consume large amounts of CPU and memory whe ...) + - golang-1.20 1.20.3-1 + [experimental] - golang-1.19 1.19.8-1 + - golang-1.19 1.19.8-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 + NOTE: https://go.dev/issue/59153 + NOTE: https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3) + NOTE: https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go1.19.8) +CVE-2023-24535 (Parsing invalid messages can panic. Parsing a text-format message whic ...) + - python3.12 (unimportant) + - python3.11 (unimportant) + - python3.10 (unimportant) + - python3.9 (unimportant) + - python3.7 (unimportant) + - python2.7 (unimportant) + NOTE: https://github.com/python/cpython/issues/103800 + NOTE: Disputed upstream and not considered a security issue, negligible security impact +CVE-2023-24534 (HTTP and MIME header parsing can allocate large amounts of memory, eve ...) + - golang-1.20 1.20.3-1 + [experimental] - golang-1.19 1.19.8-1 + - golang-1.19 1.19.8-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 + NOTE: https://go.dev/issue/58975 + NOTE: https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3) + NOTE: https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8) +CVE-2023-24533 (Multiplication of certain unreduced P-256 scalars produce incorrect re ...) + NOT-FOR-US: filippo.io/nistec (also included in golang, but tracked as CVE-2023-24533 for it) +CVE-2023-24532 (The ScalarMult and ScalarBaseMult methods of the P256 Curve may return ...) + - golang-1.20 1.20.2-1 + [experimental] - golang-1.19 1.19.7-1 + - golang-1.19 1.19.8-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://golangtutorial.dev/news/go-1.20.2-and-go-1.19.7-versions-released/ + NOTE: https://github.com/golang/go/issues/58647 + NOTE: https://go-review.googlesource.com/c/go/+/471256 + NOTE: https://github.com/golang/go/commit/602eeaab387f24a4b28c5eccbb50fa934f3bc3c4 (go1.20.2) + NOTE: https://github.com/golang/go/commit/639b67ed114151c0d786aa26e7faeab942400703 (go1.19.7) +CVE-2023-24531 + RESERVED +CVE-2023-24473 (An information disclosure vulnerability exists in the TGAInput::read_t ...) + [experimental] - openimageio 2.4.9.0+dfsg-1 + - openimageio 2.4.13.0+dfsg-1 (bug #1034150) + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/pull/3768 + NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) + NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1707 +CVE-2023-24472 (A denial of service vulnerability exists in the FitsOutput::close() fu ...) + {DLA-3518-1} + [experimental] - openimageio 2.4.9.0+dfsg-1 + - openimageio 2.4.13.0+dfsg-1 (bug #1034151) + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/commit/f8db9f38d18a66889f444031051e0f0acaa611b6 (master) + NOTE: https://github.com/OpenImageIO/oiio/commit/a39692256b060b543f53646c6a807c81b79c5750 (v2.4.8.1) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1709 +CVE-2023-22845 (An out-of-bounds read vulnerability exists in the TGAInput::decode_pix ...) + [experimental] - openimageio 2.4.9.0+dfsg-1 + - openimageio 2.4.13.0+dfsg-1 (bug #1034150) + [bookworm] - openimageio (Minor issue) + [bullseye] - openimageio (Minor issue) + [buster] - openimageio (Minor issue) + NOTE: https://github.com/OpenImageIO/oiio/pull/3768 + NOTE: https://github.com/OpenImageIO/oiio/commit/759fcd392d130c12ae476857e1ed2a91bcf2686b (master) + NOTE: https://github.com/OpenImageIO/oiio/commit/209bb4c327b2a8be08f41c1a213dfe9001f0b5d0 (v2.4.8.1) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1708 +CVE-2023-0509 (Improper Certificate Validation in GitHub repository pyload/pyload pri ...) + - pyload (bug #1001980) +CVE-2023-0508 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2020-36657 (uptimed before 0.4.6-r1 on Gentoo allows local users (with access to t ...) + - uptimed (Gentoo-specific) +CVE-2018-25078 (man-db before 2.8.5 on Gentoo allows local users (with access to the m ...) + - man-db (Gentoo-specific packaging issue) +CVE-2023-24530 (SAP BusinessObjects Business Intelligence Platform (CMC) - versions 42 ...) + NOT-FOR-US: SAP +CVE-2023-24529 (Due to lack of proper input validation, BSP application (CRM_BSP_FRAME ...) + NOT-FOR-US: SAP +CVE-2023-24528 (SAP Fiori apps for Travel Management in SAP ERP (My Travel Requests) - ...) + NOT-FOR-US: SAP +CVE-2023-24527 (SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perfo ...) + NOT-FOR-US: SAP +CVE-2023-24526 (SAP NetWeaver Application Server Java for Classload Service - version ...) + NOT-FOR-US: SAP +CVE-2023-24525 (SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, ...) + NOT-FOR-US: SAP +CVE-2023-24524 (SAP S/4 HANA Map Treasury Correspondence Format Datadoes not perform n ...) + NOT-FOR-US: SAP +CVE-2023-24523 (An attacker authenticated as a non-admin user with local access to a s ...) + NOT-FOR-US: SAP +CVE-2023-24522 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Busines ...) + NOT-FOR-US: SAP +CVE-2023-24521 (Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Fra ...) + NOT-FOR-US: SAP +CVE-2023-24520 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-24519 (Two OS command injection vulnerability exist in the vtysh_ubus toolsh_ ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-24518 (A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allow ...) + NOT-FOR-US: Pandora FMS +CVE-2023-24517 (Unrestricted Upload of File with Dangerous Type vulnerability in the P ...) + NOT-FOR-US: Pandora FMS File Manager component +CVE-2023-24516 (Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Da ...) + NOT-FOR-US: Pandora FMS +CVE-2023-24515 (Server-Side Request Forgery (SSRF) vulnerability in API checker of Pan ...) + NOT-FOR-US: Pandora FMS +CVE-2023-24514 (Cross-site Scripting (XSS) vulnerability in Visual Console Module of P ...) + NOT-FOR-US: Pandora FMS +CVE-2023-23546 (A misconfiguration vulnerability exists in the urvpn_client functional ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0507 (Grafana is an open-source platform for monitoring and observability. ...) + - grafana +CVE-2023-0506 (The web service of ByDemes Group Airspace CCTV Web Service in its 2.61 ...) + NOT-FOR-US: ByDemes Group Airspace CCTV Web Service +CVE-2023-0505 (The Ever Compare WordPress plugin through 1.2.3 does not have CSRF che ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0504 (The HT Politic WordPress plugin before 2.3.8 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0503 (The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0502 (The WP News WordPress plugin through 1.1.9 does not have CSRF check wh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0501 (The WP Insurance WordPress plugin before 2.1.4 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0500 (The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF ch ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0499 (The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0498 (The WP Education WordPress plugin before 1.2.7 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0497 (The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0496 (The HT Event WordPress plugin before 1.4.6 does not have CSRF check wh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0495 (The HT Slider For Elementor WordPress plugin before 1.4.0 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0494 (A vulnerability was found in X.Org. This issue occurs due to a danglin ...) + {DSA-5342-1 DLA-3310-1} + - xorg-server 2:21.1.7-1 (bug #1030777) + - xwayland 2:22.1.8-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/1 + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/0ba6d8c37071131a49790243cdac55392ecf71ec +CVE-2022-4897 (The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24513 (On affected platforms running Arista CloudEOS an issue in the Software ...) + NOT-FOR-US: Arista +CVE-2023-24512 (On affected platforms running Arista EOS, an authorized attacker with ...) + NOT-FOR-US: Arista +CVE-2023-24511 (On affected platforms running Arista EOS with SNMP configured, a speci ...) + NOT-FOR-US: Arista +CVE-2023-24510 (On the affected platforms running EOS, a malformed DHCP packet might c ...) + NOT-FOR-US: Arista +CVE-2023-24509 (On affected modular platforms running Arista EOS equipped with both re ...) + NOT-FOR-US: Arista +CVE-2023-24508 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 ...) + NOT-FOR-US: Baicells +CVE-2023-24507 (AgilePoint NX v8.0 SU2.2 & SU2.3 \u2013 Insecure File Upload -Vulnerab ...) + NOT-FOR-US: AgilePoint +CVE-2023-24506 (Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through a ...) + NOT-FOR-US: Milesight +CVE-2023-24505 (Milesight NCR/camera version 71.8.0.6-r5 discloses sensitive informati ...) + NOT-FOR-US: Milesight +CVE-2023-24504 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) + NOT-FOR-US: Electra Central +CVE-2023-24503 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) + NOT-FOR-US: Electra Central +CVE-2023-24502 (Electra Central AC unit \u2013 The unit opens an AP with an easily cal ...) + NOT-FOR-US: Electra Central +CVE-2023-24501 (Electra Central AC unit \u2013 Hardcoded Credentials in unspecified co ...) + NOT-FOR-US: Electra Central +CVE-2023-24500 (Electra Central AC unit \u2013 Adjacent attacker may cause the unit to ...) + NOT-FOR-US: Electra Central +CVE-2023-24499 (Butterfly Button plugin may leave traces of its use on user's device. ...) + NOT-FOR-US: Butterfly Button plugin +CVE-2023-24498 (An uspecified endpoint in the web server of the switch does not proper ...) + NOT-FOR-US: Netgear +CVE-2023-24497 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) + NOT-FOR-US: MilesightVPN +CVE-2023-24496 (Cross-site scripting (xss) vulnerabilities exist in the requestHandler ...) + NOT-FOR-US: MilesightVPN +CVE-2023-0493 (Improper Neutralization of Equivalent Special Elements in GitHub repos ...) + NOT-FOR-US: btcpayserver +CVE-2023-0492 (The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 d ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0491 (The Schedulicity WordPress plugin through 2.21 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0490 (The f(x) TOC WordPress plugin through 1.1.0 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0489 (The SlideOnline WordPress plugin through 1.2.1 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0488 (Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload ...) + - pyload (bug #1001980) +CVE-2023-0487 (The My Sticky Elements WordPress plugin before 2.0.9 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0486 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...) + NOT-FOR-US: VitalPBX +CVE-2023-0485 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0484 (The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Block ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0483 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0482 (In RESTEasy the insecure File.createTempFile() is used in the DataSour ...) + - resteasy (bug #1031728) + - resteasy3.0 (bug #1031729) + [bookworm] - resteasy3.0 (Minor issue) + [bullseye] - resteasy3.0 (Minor issue) + [buster] - resteasy3.0 (Minor issue) + NOTE: https://github.com/resteasy/resteasy/pull/3409/ + NOTE: https://github.com/resteasy/resteasy/commit/3d8a551d80b98f185edaff6f895188ec8211366b +CVE-2023-0481 (In RestEasy Reactive implementation of Quarkus the insecure File.creat ...) + NOT-FOR-US: Quarkus +CVE-2023-0480 (VitalPBX version 3.2.3-8 allows an unauthenticated external attacker t ...) + NOT-FOR-US: VitalPBX +CVE-2023-27372 (SPIP before 4.2.1 allows Remote Code Execution via form values in the ...) + {DSA-5367-1 DLA-3347-1} + - spip 4.1.8+dfsg-1 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-2-1-SPIP-4-1-8-SPIP-4-0-10-et.html + NOTE: https://git.spip.net/spip/spip/commit/5aedf49b89415a4df3eb775eee3801a2b4b88266 (v3.2.18) + NOTE: https://git.spip.net/spip/spip/commit/96fbeb38711c6706e62457f2b732a652a04a409d (master) + NOTE: https://blog.spip.net/Mise-a-jour-sortie-de-SPIP-4-2-2-SPIP-4-1-9-SPIP-4-0-11-et-SPIP-3-2-19.html (regression update) + NOTE: https://git.spip.net/spip/svp/commit/d463bc549b13bc45651051f83760e8ce274c98d9 (SVP, regression fix) +CVE-2023-24495 (A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.s ...) + NOT-FOR-US: Tenable +CVE-2023-24494 (A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc ...) + NOT-FOR-US: Tenable +CVE-2023-24493 (A formula injection vulnerability exists in Tenable.sc due to improper ...) + NOT-FOR-US: Tenable +CVE-2023-24492 (A vulnerability has been discovered in the Citrix Secure Access client ...) + NOT-FOR-US: Citrix +CVE-2023-24491 (A vulnerability has been discovered in the Citrix Secure Access client ...) + NOT-FOR-US: Citrix +CVE-2023-24490 (Users with only access to launch VDA applications can launch an unauth ...) + NOT-FOR-US: Citrix +CVE-2023-24489 (A vulnerability has been discovered in the customer-managed ShareFile ...) + NOT-FOR-US: Citrix +CVE-2023-24488 (Cross site scripting vulnerabilityin Citrix ADC and Citrix Gatewayin a ...) + NOT-FOR-US: Citrix +CVE-2023-24487 (Arbitrary file readin Citrix ADC and Citrix Gateway) + NOT-FOR-US: Citrix +CVE-2023-24486 (A vulnerability has been identified in Citrix Workspace app for Linux ...) + NOT-FOR-US: Citrix +CVE-2023-24485 (Vulnerabilities have been identified that, collectively, allow a stand ...) + NOT-FOR-US: Citrix +CVE-2023-24484 (A malicious user can cause log files to be written to a directory that ...) + NOT-FOR-US: Citrix +CVE-2023-24483 (A vulnerability has been identified that, if exploited, could result i ...) + NOT-FOR-US: Citrix +CVE-2023-24482 (A vulnerability has been identified in COMOS V10.2 (All versions), COM ...) + NOT-FOR-US: Siemens +CVE-2023-24477 (In certain conditions, depending on timing and the usage of the Chrome ...) + NOT-FOR-US: Guardian/CMC +CVE-2023-24471 (An access control vulnerability was found, due to the restrictions tha ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-24015 (A partial DoS vulnerability has been detected in the Reports section, ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-23903 (An authenticated administrator can upload a SAML configuration file wi ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-23574 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...) + NOT-FOR-US: Nozomi Networks Guardian and CMC +CVE-2023-22843 (An authenticated attacker with administrative access to the appliance ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-22378 (A blind SQL Injection vulnerability in Nozomi Networks Guardian and CM ...) + NOT-FOR-US: Nozomi Networks +CVE-2023-0479 + RESERVED +CVE-2023-0478 + RESERVED +CVE-2023-0477 (The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0476 (A LDAP injection vulnerability exists in Tenable.sc due to improper va ...) + NOT-FOR-US: Tenable +CVE-2023-0475 (HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompressi ...) + - golang-github-hashicorp-go-getter (bug #1032100) + [bookworm] - golang-github-hashicorp-go-getter (Minor issue) + [bullseye] - golang-github-hashicorp-go-getter (Minor issue) + [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://discuss.hashicorp.com/t/hcsec-2023-4-go-getter-vulnerable-to-denial-of-service-via-malicious-compressed-archive/50125 +CVE-2023-0474 (Use after free in GuestView in Google Chrome prior to 109.0.5414.119 a ...) + {DSA-5328-1} + - chromium 109.0.5414.119-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0473 (Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.54 ...) + {DSA-5328-1} + - chromium 109.0.5414.119-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0472 (Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allo ...) + {DSA-5328-1} + - chromium 109.0.5414.119-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0471 (Use after free in WebTransport in Google Chrome prior to 109.0.5414.11 ...) + {DSA-5328-1} + - chromium 109.0.5414.119-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0470 (Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modob ...) + NOT-FOR-US: Modoboa +CVE-2023-0469 (A use-after-free flaw was found in io_uring/filetable.c in io_install_ ...) + - linux 6.0.12-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9d94c04c0db024922e886c9fd429659f22f48ea4 (6.1-rc7) +CVE-2023-0468 (A use-after-free flaw was found in io_uring/poll.c in io_poll_check_ev ...) + - linux 6.0.12-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/12ad3d2d6c5b0131a6052de91360849e3e154846 (6.1-rc7) + NOTE: https://git.kernel.org/linus/a26a35e9019fd70bf3cf647dcfdae87abc7bacea (6.1-rc7) +CVE-2023-0467 (The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0466 (The function X509_VERIFY_PARAM_add0_policy() is documented to implicit ...) + {DSA-5417-1 DLA-3449-1} + - openssl 3.0.9-1 (bug #1034720) + NOTE: https://www.openssl.org/news/secadv/20230328.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51e8a84ce742db0f6c70510d0159dad8f7825908 (openssl-3.0) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a (OpenSSL_1_1_1-stable) +CVE-2023-0465 (Applications that use a non-default option when verifying certificates ...) + {DSA-5417-1 DLA-3449-1} + - openssl 3.0.9-1 (bug #1034720) + NOTE: https://www.openssl.org/news/secadv/20230328.txt + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1dd43e0709fece299b15208f36cc7c76209ba0bb (openssl-3.0.9) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d2f0d05807fc70c68dcc22bcc6979147782d4adf (openssl-3.0.9) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=dda529ecc2d085488eef60235ef553dc5fd6e6dc (openssl-3.0.9) + NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 (OpenSSL_1_1_1-stable) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f675d164e5d9648c3537a0f5efe1cc2fd232b4a9 (OpenSSL_1_1_1-stable) + NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23a4cbeb3ad80da3830f760f624599f24236bc38 (OpenSSL_1_1_1-stable) +CVE-2023-0464 (A security vulnerability has been identified in all supported versions ...) + {DSA-5417-1 DLA-3449-1} + - openssl 3.0.9-1 (bug #1034720) + NOTE: https://www.openssl.org/news/secadv/20230322.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1 (openssl-3.0) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b (OpenSSL_1_1_1-stable) +CVE-2023-0463 (The force offline MFA prompt setting is not respected when switching t ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2023-0462 (An arbitrary code execution flaw was found in Foreman. This issue may ...) + - foreman (bug #663101) +CVE-2023-0461 (There is a use-after-free vulnerability in the Linux Kernel which can ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.7-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://git.kernel.org/linus/2c02d41d71f90a5168391b6a5f2954112ba2307c +CVE-2023-0460 (The YouTube Embedded 1.2 SDK binds to a service within the YouTube Mai ...) + NOT-FOR-US: YouTube Embedded 1.2 SDK +CVE-2023-0459 (Copy_from_user on 64-bit versions of the Linux kernel does not impleme ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.15-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh + NOTE: https://git.kernel.org/linus/74e19ef0ff8061ef55957c3abd71614ef0f42f47 (6.3-rc1) +CVE-2023-0458 (A speculative pointer dereference problem exists in the Linux Kernel o ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.8-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh + NOTE: https://git.kernel.org/linus/739790605705ddcf18f21782b9c99ad7d53a8c11 (6.2-rc5) +CVE-2023-0457 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric C ...) + NOT-FOR-US: Mitsubishi +CVE-2022-4896 (Cyber Control, in its 1.650 version, is affected by a vulnerabilityin ...) + NOT-FOR-US: Cyber Control +CVE-2020-36656 (The Spectra WordPress plugin before 1.15.0 does not sanitize user inpu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24470 (Potential XML External Entity Injection in ArcSight Logger versions pr ...) + NOT-FOR-US: ArcSight +CVE-2023-24469 (Potential Cross-Site Scripting in ArcSight Logger versions prior to 7. ...) + NOT-FOR-US: ArcSight +CVE-2023-24468 (Broken access control in Advanced Authentication versions prior to 6.4 ...) + NOT-FOR-US: NetIQ +CVE-2023-24467 + RESERVED +CVE-2023-24466 + RESERVED +CVE-2023-24020 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass ...) + NOT-FOR-US: Snap One Wattbox WB-300-IP-3 +CVE-2023-23582 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerab ...) + NOT-FOR-US: Snap One Wattbox WB-300-IP-3 +CVE-2023-22389 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwo ...) + NOT-FOR-US: Snap One Wattbox WB-300-IP-3 +CVE-2023-22371 (An os command injection vulnerability exists in the liburvpn.so create ...) + NOT-FOR-US: MilesightVPN +CVE-2023-22315 (Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a propri ...) + NOT-FOR-US: Snap One Wattbox WB-300-IP-3 +CVE-2023-0456 (A flaw was found in APICast, when 3Scale's OIDC module does not proper ...) + NOT-FOR-US: Red Hat 3scale API gateway +CVE-2023-0455 (Unrestricted Upload of File with Dangerous Type in GitHub repository u ...) + NOT-FOR-US: unilogies/bumsys +CVE-2023-0454 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) + NOT-FOR-US: OrangeScrum +CVE-2023-0453 (The WP Private Message WordPress plugin (bundled with the Superio them ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24459 (A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earli ...) + NOT-FOR-US: Jenkins BearyChat Plugin +CVE-2023-24458 (A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24457 (A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24456 (Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not inva ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24455 (Jenkins visualexpert Plugin 1.3 and earlier does not restrict the name ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24454 (Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQual ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24453 (A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24452 (A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuali ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24451 (A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1. ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24450 (Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypte ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24449 (Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24448 (A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24447 (A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24446 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24445 (Jenkins OpenID Plugin 2.4 and earlier improperly determines that a red ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24444 (Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24443 (Jenkins TestComplete support Plugin 2.8.1 and earlier does not configu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24442 (Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier s ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24441 (Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML par ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24440 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier t ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24439 (Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier s ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24438 (A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24437 (A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipe ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24436 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24435 (A missing permission check in Jenkins GitHub Pull Request Builder Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24434 (A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pu ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24433 (Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 an ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24432 (A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by M ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24431 (A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24430 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24429 (Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24428 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24427 (Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate th ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24426 (Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invali ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24425 (Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24424 (Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24423 (A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Tr ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24422 (A sandbox bypass vulnerability involving map constructors in Jenkins S ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-24421 (Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24420 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zestard ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24419 (Cross-Site Request Forgery (CSRF) vulnerability in Strategy11 Form Bui ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24418 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24417 (Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24416 + RESERVED +CVE-2023-24415 (Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI Cha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24414 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24413 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24412 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web- ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24411 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24410 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24409 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24408 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24407 + RESERVED +CVE-2023-24406 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mune ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24405 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24404 (Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24403 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP F ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24402 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Rol ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24401 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24400 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-ma ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24399 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24398 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24397 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rese ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24396 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24395 (Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Cont ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24394 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24393 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24392 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24391 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24390 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24389 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in bran ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24388 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking ca ...) + NOT-FOR-US: WpDevArt Booking calendar, Appointment Booking System plugin +CVE-2023-24387 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24386 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kari ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24385 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Dav ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24384 (Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organizati ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24383 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kibo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24382 (Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24381 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsTh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24380 (Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24379 + RESERVED +CVE-2023-24378 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24377 (Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24376 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin Nico ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24375 + RESERVED +CVE-2023-24374 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24373 + RESERVED +CVE-2023-24372 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23579 (Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the ...) + NOT-FOR-US: Datakit CrossCadWare_x64.dll +CVE-2023-22846 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) + NOT-FOR-US: Datakit CrossCadWare_x64.dll +CVE-2023-22354 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) + NOT-FOR-US: Datakit CrossCadWare_x64.dll +CVE-2023-22321 (Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the e ...) + NOT-FOR-US: Datakit CrossCadWare_x64.dll +CVE-2023-22295 (Datakit CrossCadWare_x64.dll contains an out of bounds read past the e ...) + NOT-FOR-US: Datakit CrossCadWare_x64.dll +CVE-2023-0452 (Econolite EOS versions prior to 3.2.23 use a weak hash algorithm for e ...) + NOT-FOR-US: Econolite EOS traffic control software +CVE-2023-0451 (Econolite EOS versions prior to 3.2.23 lack a password requirement for ...) + NOT-FOR-US: Econolite EOS traffic control software +CVE-2023-0450 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0449 + REJECTED +CVE-2023-0448 (The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GE ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0447 (The My YouTube Channel plugin for WordPress is vulnerable to authoriza ...) + NOT-FOR-US: My YouTube Channel plugin for WordPress +CVE-2023-0446 (The My YouTube Channel plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: My YouTube Channel plugin for WordPress +CVE-2023-0445 + RESERVED +CVE-2023-0444 (A privilege escalation vulnerability exists in Delta Electronics Infra ...) + NOT-FOR-US: Delta Electronics InfraSuite Device Master +CVE-2023-0443 (The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freem ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0442 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0441 (The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0440 (Observable Discrepancy in GitHub repository healthchecks/healthchecks ...) + NOT-FOR-US: healthchecks +CVE-2023-0439 (The NEX-Forms WordPress plugin before 8.4.4 does not escape its form n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0438 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-0437 + RESERVED +CVE-2023-0436 (The affected versions of MongoDB Atlas Kubernetes Operator may print s ...) + NOT-FOR-US: MongoDB Atlas Kubernetes Operator +CVE-2022-48282 (Under very specific circumstances (see Required configuration section ...) + NOT-FOR-US: MongoDB .NET/C# Driver +CVE-2023-24371 + RESERVED +CVE-2023-24370 + RESERVED +CVE-2023-24369 (A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows atta ...) + NOT-FOR-US: UJCMS +CVE-2023-24368 + REJECTED +CVE-2023-24367 + REJECTED +CVE-2023-24366 (An arbitrary file download vulnerability in rConfig v6.8.0 allows atta ...) + NOT-FOR-US: rConfig +CVE-2023-24365 + RESERVED +CVE-2023-24364 (Simple Customer Relationship Management System v1.0 was discovered to ...) + NOT-FOR-US: Simple Customer Relationship Management System +CVE-2023-24363 + RESERVED +CVE-2023-24362 + RESERVED +CVE-2023-24361 + RESERVED +CVE-2023-24360 + RESERVED +CVE-2023-24359 + RESERVED +CVE-2023-24358 + RESERVED +CVE-2023-24357 + RESERVED +CVE-2023-24356 + RESERVED +CVE-2023-24355 + RESERVED +CVE-2023-24354 + RESERVED +CVE-2023-24353 + RESERVED +CVE-2023-24352 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24351 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24350 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24349 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24348 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24347 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24346 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24345 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24344 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24343 (D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2023-24342 + RESERVED +CVE-2023-24341 + RESERVED +CVE-2023-24340 + RESERVED +CVE-2023-24339 + RESERVED +CVE-2023-24338 + RESERVED +CVE-2023-24337 + RESERVED +CVE-2023-24336 + RESERVED +CVE-2023-24335 + RESERVED +CVE-2023-24334 + RESERVED +CVE-2023-24333 + RESERVED +CVE-2023-24332 + RESERVED +CVE-2023-24331 + RESERVED +CVE-2023-24330 + RESERVED +CVE-2023-24329 (An issue in the urllib.parse component of Python before 3.11.4 allows ...) + {DLA-3575-1} + - python3.11 3.11.4-1 + [bookworm] - python3.11 (Minor issue) + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + [buster] - python3.7 (Cf. related CVE-2022-0391) + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + NOTE: https://pointernull.com/security/python-url-parse-problem.html + NOTE: https://github.com/python/cpython/pull/99421 + NOTE: https://github.com/python/cpython/pull/99446 (backport for 3.11 branch) + NOTE: https://github.com/python/cpython/commit/439b9cfaf43080e91c4ad69f312f21fa098befc7 (v3.12.0a2) + NOTE: https://github.com/python/cpython/commit/72d356e3584ebfb8e813a8e9f2cd3dccf233c0d9 (v3.11.1) + NOTE: The change linked above does not seem to fix the CVE: + NOTE: https://github.com/python/cpython/issues/102153 + NOTE: https://github.com/python/cpython/pull/104575 (3.11) + NOTE: https://github.com/python/cpython/pull/104592 (3.11, 3.10) + NOTE: https://github.com/python/cpython/pull/104593 (3.9) + NOTE: https://github.com/python/cpython/commit/2f630e1ce18ad2e07428296532a68b11dc66ad10 (v3.12.0b1) + NOTE: https://github.com/python/cpython/commit/610cc0ab1b760b2abaac92bd256b96191c46b941 (v3.11.4) + NOTE: https://github.com/python/cpython/commit/f48a96a28012d28ae37a2f4587a780a5eb779946 (v3.10.12) + NOTE: https://github.com/python/cpython/commit/d7f8a5fe07b0ff3a419ccec434cc405b21a5a304 (v3.9.17) +CVE-2023-24328 + RESERVED +CVE-2023-24327 + RESERVED +CVE-2023-24326 + RESERVED +CVE-2023-24325 + RESERVED +CVE-2023-24324 + RESERVED +CVE-2023-24323 (Mojoportal v2.7 was discovered to contain an authenticated XML externa ...) + NOT-FOR-US: Mojoportal +CVE-2023-24322 (A reflected cross-site scripting (XSS) vulnerability in the FileDialog ...) + NOT-FOR-US: Mojoportal +CVE-2023-24321 + RESERVED +CVE-2023-24320 (An access control issue in Axcora POS #0~gitf77ec09 allows unauthentic ...) + NOT-FOR-US: Axcora POS +CVE-2023-24319 + RESERVED +CVE-2023-24318 + RESERVED +CVE-2023-24317 (Judging Management System 1.0 was discovered to contain an arbitrary f ...) + NOT-FOR-US: Judging Management System +CVE-2023-24316 + RESERVED +CVE-2023-24315 + RESERVED +CVE-2023-24314 + RESERVED +CVE-2023-24313 + RESERVED +CVE-2023-24312 + RESERVED +CVE-2023-24311 + RESERVED +CVE-2023-24310 + RESERVED +CVE-2023-24309 + RESERVED +CVE-2023-24308 (A potential memory vulnerability due to insufficient input validation ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2023-24307 + RESERVED +CVE-2023-24306 + RESERVED +CVE-2023-24305 + RESERVED +CVE-2023-24304 (Improper input validation in the PDF.dll plugin of IrfanView v4.60 all ...) + NOT-FOR-US: IrfanView +CVE-2023-24303 + RESERVED +CVE-2023-24302 + RESERVED +CVE-2023-24301 + RESERVED +CVE-2023-24300 + RESERVED +CVE-2023-24299 + RESERVED +CVE-2023-24298 + RESERVED +CVE-2023-24297 + RESERVED +CVE-2023-24296 + RESERVED +CVE-2023-24295 (A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows at ...) + NOT-FOR-US: SoftMaker Software GmbH FlexiPDF +CVE-2023-24294 (Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to ...) + NOT-FOR-US: Zumtobel Netlink CCD Onboard +CVE-2023-24293 + RESERVED +CVE-2023-24292 + RESERVED +CVE-2023-24291 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24290 + RESERVED +CVE-2023-24289 + RESERVED +CVE-2023-24288 [A crafted save file can cause a buffer overrun in Simon Tatham's Portable Puzzle Collection] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24287 [A crafted save file can cause a buffer overrun in the Undead puzzle] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24286 [A crafted save file can cause a buffer overrun in the Mosaic puzzle] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles (Vulnerable code introduced later) + [buster] - sgt-puzzles (Vulnerable code introduced later) +CVE-2023-24285 [A crafted save file can cause a buffer overrun in the Netslide puzzle] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24284 [A crafted save file can cause a buffer overrun in the Guess puzzle] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24283 [A crafted save file can cause a buffer overrun in the Guess puzzle] + RESERVED + - sgt-puzzles 20230122.806ae71-1 (bug #1028986) + [bullseye] - sgt-puzzles 20191231.79a5378-3+deb11u1 + [buster] - sgt-puzzles (Games are not supported in LTS) +CVE-2023-24282 (An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 al ...) + NOT-FOR-US: Poly Trio 8800 +CVE-2023-24281 + RESERVED +CVE-2023-24280 + RESERVED +CVE-2023-24279 (A cross-site scripting (XSS) vulnerability in Open Networking Foundati ...) + NOT-FOR-US: Open Networking Foundation ONOS +CVE-2023-24278 (Squidex before 7.4.0 was discovered to contain a squid.svg cross-site ...) + NOT-FOR-US: Squidex +CVE-2023-24277 + RESERVED +CVE-2023-24276 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24275 + RESERVED +CVE-2023-24274 + RESERVED +CVE-2023-24273 + RESERVED +CVE-2023-24272 + RESERVED +CVE-2023-24271 + RESERVED +CVE-2023-24270 + RESERVED +CVE-2023-24269 (An arbitrary file upload vulnerability in the plugin upload function o ...) + NOT-FOR-US: Textpattern plugin +CVE-2023-24268 + RESERVED +CVE-2023-24267 + RESERVED +CVE-2023-24266 + RESERVED +CVE-2023-24265 + RESERVED +CVE-2023-24264 + RESERVED +CVE-2023-24263 + RESERVED +CVE-2023-24262 + RESERVED +CVE-2023-24261 (A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows ...) + NOT-FOR-US: GL.iNET +CVE-2023-24260 + RESERVED +CVE-2023-24259 + RESERVED +CVE-2023-24258 (SPIP v4.1.5 and earlier was discovered to contain a SQL injection vuln ...) + {DSA-5325-1 DLA-3347-1} + - spip 4.1.7+dfsg-1 + NOTE: https://blog.spip.net/Mise-a-jour-de-securite-sortie-de-SPIP-4-1-7-SPIP-4-0-9-et-SPIP-3-2-17.html?lang=fr + NOTE: https://salsa.debian.org/debian/spip/-/commit/ce1d68694d4bb72317ff39baa67195e6b5ccaa92 + NOTE: https://github.com/Abyss-W4tcher/ab4yss-wr4iteups/blob/ffa980faa9e3598d49d6fb7def4f7a67cfb5f427/SPIP%20-%20Pentest/SPIP%204.1.5/SPIP_4.1.5_AND_BEFORE_AUTH_SQLi_Abyss_Watcher.md +CVE-2023-24257 + RESERVED +CVE-2023-24256 (An issue in the com.nextev.datastatistic component of NIO EC6 Aspen be ...) + NOT-FOR-US: NIO EC6 Aspen +CVE-2023-24255 + RESERVED +CVE-2023-24254 + RESERVED +CVE-2023-24253 (Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain ...) + NOT-FOR-US: Domotica Labs srl Ikon Server +CVE-2023-24252 + RESERVED +CVE-2023-24251 (WangEditor v5 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: WangEditor +CVE-2023-24250 + RESERVED +CVE-2023-24249 (An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows ...) + NOT-FOR-US: laravel-admin +CVE-2023-24248 + RESERVED +CVE-2023-24247 + RESERVED +CVE-2023-24246 + RESERVED +CVE-2023-24245 + RESERVED +CVE-2023-24244 + RESERVED +CVE-2023-24243 (CData RSB Connect v22.0.8336 was discovered to contain a Server-Side R ...) + NOT-FOR-US: CData RSB Connect +CVE-2023-24242 + RESERVED +CVE-2023-24241 (Forget Heart Message Box v1.1 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Forget Heart Message Box +CVE-2023-24240 + RESERVED +CVE-2023-24239 + RESERVED +CVE-2023-24238 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24237 + RESERVED +CVE-2023-24236 (TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24235 + RESERVED +CVE-2023-24234 (A stored cross-site scripting (XSS) vulnerability in the component php ...) + NOT-FOR-US: Inventory Management System +CVE-2023-24233 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) + NOT-FOR-US: Inventory Management System +CVE-2023-24232 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) + NOT-FOR-US: Inventory Management System +CVE-2023-24231 (A stored cross-site scripting (XSS) vulnerability in the component /ph ...) + NOT-FOR-US: Inventory Management System +CVE-2023-24230 (A stored cross-site scripting (XSS) vulnerability in the component /fo ...) + NOT-FOR-US: Formwork +CVE-2023-24229 (DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with netwo ...) + NOT-FOR-US: DrayTek Vigor2960 +CVE-2023-24228 + RESERVED +CVE-2023-24227 + RESERVED +CVE-2023-24226 + RESERVED +CVE-2023-24225 + RESERVED +CVE-2023-24224 + RESERVED +CVE-2023-24223 + RESERVED +CVE-2023-24222 + RESERVED +CVE-2023-24221 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: LuckyframeWEB +CVE-2023-24220 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: LuckyframeWEB +CVE-2023-24219 (LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: LuckyframeWEB +CVE-2023-24218 + RESERVED +CVE-2023-24217 (AgileBio Electronic Lab Notebook v4.234 was discovered to contain a lo ...) + NOT-FOR-US: AgileBio Electronic Lab Notebook +CVE-2023-24216 + RESERVED +CVE-2023-24215 + RESERVED +CVE-2023-24214 + RESERVED +CVE-2023-24213 + RESERVED +CVE-2023-24212 (Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2023-24211 + RESERVED +CVE-2023-24210 + RESERVED +CVE-2023-24209 + RESERVED +CVE-2023-24208 + RESERVED +CVE-2023-24207 + RESERVED +CVE-2023-24206 (Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Davinci +CVE-2023-24205 (Clash for Windows v0.20.12 was discovered to contain a remote code exe ...) + NOT-FOR-US: Clash for Windows +CVE-2023-24204 + RESERVED +CVE-2023-24203 + RESERVED +CVE-2023-24202 (Raffle Draw System v1.0 was discovered to contain a local file inclusi ...) + NOT-FOR-US: Raffle Draw System +CVE-2023-24201 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: Raffle Draw System +CVE-2023-24200 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: Raffle Draw System +CVE-2023-24199 (Raffle Draw System v1.0 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: Raffle Draw System +CVE-2023-24198 (Raffle Draw System v1.0 was discovered to contain multiple SQL injecti ...) + NOT-FOR-US: Raffle Draw System +CVE-2023-24197 (Online Food Ordering System v2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-24196 + RESERVED +CVE-2023-24195 (Online Food Ordering System v2 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-24194 (Online Food Ordering System v2 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-24193 + RESERVED +CVE-2023-24192 (Online Food Ordering System v2 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-24191 (Online Food Ordering System v2 was discovered to contain a cross-site ...) + NOT-FOR-US: Online Food Ordering System +CVE-2023-24190 + RESERVED +CVE-2023-24189 (An XML External Entity (XXE) vulnerability in urule v2.1.7 allows atta ...) + NOT-FOR-US: urule +CVE-2023-24188 (ureport v2.2.9 was discovered to contain a directory traversal vulnera ...) + NOT-FOR-US: ureport +CVE-2023-24187 (An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows at ...) + NOT-FOR-US: ureport +CVE-2023-24186 + RESERVED +CVE-2023-24185 + RESERVED +CVE-2023-24184 (TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24183 + RESERVED +CVE-2023-24182 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...) + NOT-FOR-US: LuCI openwrt +CVE-2023-24181 (LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to c ...) + NOT-FOR-US: LuCI openwrt +CVE-2023-24180 (Libelfin v0.3 was discovered to contain an integer overflow in the loa ...) + - libelfin (bug #1033741) + [bookworm] - libelfin (Minor issue) + [bullseye] - libelfin (Minor issue) + [buster] - libelfin (Minor issue) + NOTE: https://github.com/aclements/libelfin/issues/75 +CVE-2023-24179 + RESERVED +CVE-2023-24178 + RESERVED +CVE-2023-24177 + RESERVED +CVE-2023-24176 + RESERVED +CVE-2023-24175 + RESERVED +CVE-2023-24174 + RESERVED +CVE-2023-24173 + RESERVED +CVE-2023-24172 + RESERVED +CVE-2023-24171 + RESERVED +CVE-2023-24170 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...) + NOT-FOR-US: Tenda +CVE-2023-24169 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) + NOT-FOR-US: Tenda +CVE-2023-24168 + RESERVED +CVE-2023-24167 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/a ...) + NOT-FOR-US: Tenda +CVE-2023-24166 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/f ...) + NOT-FOR-US: Tenda +CVE-2023-24165 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/i ...) + NOT-FOR-US: Tenda +CVE-2023-24164 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/F ...) + NOT-FOR-US: Tenda +CVE-2023-24163 (SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker t ...) + NOT-FOR-US: Dromara hutool +CVE-2023-24162 (Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacke ...) + NOT-FOR-US: Dromara hutool +CVE-2023-24161 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24160 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24159 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24158 + RESERVED +CVE-2023-24157 (A command injection vulnerability in the serverIp parameter in the fun ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24156 (A command injection vulnerability in the ip parameter in the function ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24155 (TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password fo ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24154 (TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24153 (A command injection vulnerability in the version parameter in the func ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24152 (A command injection vulnerability in the serverIp parameter in the fun ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24151 (A command injection vulnerability in the ip parameter in the function ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24150 (A command injection vulnerability in the serverIp parameter in the fun ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24149 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24148 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24147 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code pas ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24146 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24145 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24144 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24143 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24142 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24141 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24140 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24139 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24138 (TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2023-24137 + RESERVED +CVE-2023-24136 + RESERVED +CVE-2023-24135 + RESERVED +CVE-2023-24134 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24133 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24132 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24131 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24130 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24129 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24128 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24127 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24126 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24125 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24124 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24123 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24122 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24121 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24120 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24119 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24118 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24117 (Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to c ...) + NOT-FOR-US: Jensen of Scandinavia Eagle 1200AC +CVE-2023-24116 + RESERVED +CVE-2023-24115 + RESERVED +CVE-2023-24114 (typecho 1.1/17.10.30 was discovered to contain a remote code execution ...) + NOT-FOR-US: typecho +CVE-2023-24113 + RESERVED +CVE-2023-24112 + RESERVED +CVE-2023-24111 + RESERVED +CVE-2023-24110 + RESERVED +CVE-2023-24109 + RESERVED +CVE-2023-24108 (MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to co ...) + NOT-FOR-US: MvcTools +CVE-2023-24107 (hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459f ...) + NOT-FOR-US: hour_of_code_python_2015 +CVE-2023-24106 + RESERVED +CVE-2023-24105 + RESERVED +CVE-2023-24104 (Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to ...) + NOT-FOR-US: Ubiquiti Networks UniFi Dream Machine Pro +CVE-2023-24103 + RESERVED +CVE-2023-24102 + RESERVED +CVE-2023-24101 + RESERVED +CVE-2023-24100 + RESERVED +CVE-2023-24099 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2023-24098 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2023-24097 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2023-24096 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2023-24095 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2023-24094 (An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2023-24093 (An access control issue in H3C A210-G A210-GV100R005 allows attackers ...) + NOT-FOR-US: H3C A210-G A210-GV100R005 +CVE-2023-24092 + RESERVED +CVE-2023-24091 + RESERVED +CVE-2023-24090 + RESERVED +CVE-2023-24089 + RESERVED +CVE-2023-24088 + RESERVED +CVE-2023-24087 + RESERVED +CVE-2023-24086 (SLIMS v9.5.2 was discovered to contain a reflected cross-site scriptin ...) + NOT-FOR-US: SLIMS# +CVE-2023-24085 + RESERVED +CVE-2023-24084 (ChiKoi v1.0 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: ChiKoi +CVE-2023-24083 + RESERVED +CVE-2023-24082 + RESERVED +CVE-2023-24081 (Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock ...) + NOT-FOR-US: Redrock Software TutorTrac +CVE-2023-24080 (A lack of rate limiting on the password reset endpoint of Chamberlain ...) + NOT-FOR-US: Chamberlain myQ +CVE-2023-24079 + RESERVED +CVE-2023-24078 (Real Time Logic FuguHub v8.1 and earlier was discovered to contain a r ...) + NOT-FOR-US: Real Time Logic FuguHub +CVE-2023-24077 + RESERVED +CVE-2023-24076 + RESERVED +CVE-2023-24075 + RESERVED +CVE-2023-24074 + RESERVED +CVE-2023-24073 + RESERVED +CVE-2023-24072 + RESERVED +CVE-2023-24071 + RESERVED +CVE-2023-24070 (app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an X ...) + NOT-FOR-US: MISP +CVE-2023-24069 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) + - signal-desktop (bug #842943) +CVE-2023-24068 (Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an att ...) + - signal-desktop (bug #842943) +CVE-2023-24067 + RESERVED +CVE-2023-24066 + RESERVED +CVE-2023-24065 (NOSH 4a5cfdb allows stored XSS via the create user page. For example, ...) + NOT-FOR-US: NOSH +CVE-2023-24064 + RESERVED +CVE-2023-24063 + RESERVED +CVE-2023-24062 + RESERVED +CVE-2023-24061 + RESERVED +CVE-2023-24060 (Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed[u ...) + NOT-FOR-US: Haven +CVE-2023-0435 (Excessive Attack Surface in GitHub repository pyload/pyload prior to 0 ...) + - pyload (bug #1001980) +CVE-2022-4895 (Improper Certificate Validation vulnerability in Hitachi Infrastructur ...) + NOT-FOR-US: Hitachi +CVE-2022-48281 (processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has ...) + {DSA-5333-1 DLA-3297-1} + - tiff 4.5.0-4 (bug #1029653) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d1b6b9c1b3cae2d9e37754506c1ad8f4f7b646b5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/488 +CVE-2022-48280 + RESERVED +CVE-2023-0412 (TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 a ...) + {DLA-3313-1} + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-07.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18770 +CVE-2023-0411 (Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and ...) + {DLA-3313-1} + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-06.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18711 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18720 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18737 +CVE-2023-0415 (iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...) + {DLA-3313-1} + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-05.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18796 +CVE-2023-0416 (GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 an ...) + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Vulnerable code introduced later) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-04.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18779 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/9322 + NOTE: Vulnerable dissector introduced with https://gitlab.com/wireshark/wireshark/-/commit/a87e56aa79f62ba8967e63da9d408e464596cd85 (first released with version 3.0.0) +CVE-2023-0413 (Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 ...) + {DLA-3313-1} + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-03.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18766 +CVE-2023-0417 (Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 ...) + {DLA-3313-1} + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-02.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18628 +CVE-2023-0414 (Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial o ...) + - wireshark 4.0.3-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (Vulnerable code introduced later) + NOTE: https://www.wireshark.org/security/wnpa-sec-2023-01.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18622 + NOTE: introduced by https://gitlab.com/wireshark/wireshark/-/merge_requests/6838 +CVE-2023-24059 (Grand Theft Auto V for PC allows attackers to achieve partial remote c ...) + NOT-FOR-US: Grand Theft Auto V for PC +CVE-2023-24058 (Booked Scheduler 2.5.5 allows authenticated users to create and schedu ...) + NOT-FOR-US: Booked Scheduler +CVE-2023-24057 (HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers ...) + NOT-FOR-US: HL7 (Health Level 7) FHIR Core Libraries +CVE-2023-24056 (In pkgconf through 1.9.3, variable duplication can cause unbounded str ...) + - pkgconf 1.8.1-1 + [bullseye] - pkgconf (Minor issue) + [buster] - pkgconf (Minor issue) + NOTE: https://gitea.treehouse.systems/ariadne/pkgconf/commit/81cc9b3e6dafcdd02579bcccec6ac47d91e5d023 (pkgconf-1.9.4, pkgconf-1.8.1) + NOTE: https://nullprogram.com/blog/2023/01/18/ +CVE-2023-24055 (KeePass through 2.53 (in a default installation) allows an attacker, w ...) + NOT-FOR-US: Disputed KeePass issue +CVE-2023-0434 (Improper Input Validation in GitHub repository pyload/pyload prior to ...) + - pyload (bug #1001980) +CVE-2023-24054 + REJECTED +CVE-2023-0433 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ + NOTE: https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b (v9.0.1225) + NOTE: Crash in CLI tool, no security impact +CVE-2023-24053 + RESERVED +CVE-2023-24052 (An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows att ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24051 (A client side rate limit issue discovered in Connectize AC21000 G6 641 ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24050 (Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641. ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24049 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24048 (Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24047 (An Insecure Credential Management issue discovered in Connectize AC210 ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24046 (An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows ...) + NOT-FOR-US: Connectize AC21000 G6 +CVE-2023-24045 (In Dataiku DSS 11.2.1, an attacker can download other Dataiku files th ...) + NOT-FOR-US: Dataiku +CVE-2023-24044 (A Host Header Injection issue on the Login page of Plesk Obsidian thro ...) + NOT-FOR-US: Plesk Obsidian +CVE-2023-24043 + RESERVED +CVE-2023-24042 (A race condition in LightFTP through 2.2 allows an attacker to achieve ...) + NOT-FOR-US: LightFTP +CVE-2023-24041 + RESERVED +CVE-2023-24040 (dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser ...) + NOT-FOR-US: Oracle +CVE-2023-24039 (A stack-based buffer overflow in ParseColors in libXm in Common Deskto ...) + NOT-FOR-US: Oracle +CVE-2023-24038 (The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_ ...) + {DSA-5339-1 DLA-3296-1} + - libhtml-stripscripts-perl 1.06-4 (bug #1029400) + NOTE: https://github.com/clintongormley/perl-html-stripscripts/issues/3 + NOTE: https://github.com/clintongormley/perl-html-stripscripts/pull/4 +CVE-2023-24037 + RESERVED +CVE-2023-24036 + RESERVED +CVE-2023-24035 + RESERVED +CVE-2023-24034 + RESERVED +CVE-2023-24033 (The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1 ...) + NOT-FOR-US: Samsung +CVE-2023-24032 (In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who ...) + NOT-FOR-US: Zimbra +CVE-2023-24031 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. ...) + NOT-FOR-US: Zimbra +CVE-2023-24030 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) + NOT-FOR-US: Zimbra +CVE-2023-24029 (In Progress WS_FTP Server before 8.8, it is possible for a host admini ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2023-24028 (In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorre ...) + NOT-FOR-US: MISP +CVE-2023-24027 (In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a netwo ...) + NOT-FOR-US: MISP +CVE-2023-24026 (In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerabilit ...) + NOT-FOR-US: MISP +CVE-2023-24025 (CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2 ...) + NOT-FOR-US: CRYSTALS-DILITHIUM +CVE-2023-24024 + RESERVED +CVE-2023-24023 (Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connect ...) + NOT-FOR-US: Bluetooth protocol issue +CVE-2023-24022 (Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with ...) + NOT-FOR-US: Baicells +CVE-2023-0432 (The web configuration service of the affected device contains an authe ...) + NOT-FOR-US: Delta Electronics +CVE-2023-0431 (The File Away WordPress plugin through 3.9.9.0.1 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36655 (Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary ...) + - yii (bug #597899) +CVE-2023-24021 (Incorrect handling of '\0' bytes in file uploads in ModSecurity before ...) + {DLA-3283-1} + - modsecurity-apache 2.9.7-1 (bug #1029329) + [bullseye] - modsecurity-apache (Minor issue) + NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2857 + NOTE: https://github.com/SpiderLabs/ModSecurity/commit/4324f0ac59f8225aa44bc5034df60dbeccd1d334 (v2.9.7) +CVE-2023-24012 + RESERVED +CVE-2023-24011 + RESERVED +CVE-2023-24010 + RESERVED +CVE-2023-24009 (Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress theme +CVE-2023-24008 (Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik \u20 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24007 (Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24006 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Softwa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24005 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24004 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24003 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24002 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24001 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yann ...) + NOT-FOR-US: WordPress plugin +CVE-2023-24000 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23999 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23998 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23997 (Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23996 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prof ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23995 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23994 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23993 (Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Lio ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23992 (Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23991 + RESERVED +CVE-2023-23990 + RESERVED +CVE-2023-23989 + RESERVED +CVE-2023-23988 + RESERVED +CVE-2023-23987 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEv ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23986 + RESERVED +CVE-2023-23985 + RESERVED +CVE-2023-23984 (Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23983 (Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23982 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23981 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23980 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mail ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23979 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Q ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23978 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23977 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23976 + RESERVED +CVE-2023-23975 + RESERVED +CVE-2023-23974 (Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Eve ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23973 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Cont ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23972 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smpl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23971 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23970 + RESERVED +CVE-2023-23907 (A directory traversal vulnerability exists in the server.js start func ...) + NOT-FOR-US: MilesightVPN +CVE-2023-23902 (A buffer overflow vulnerability exists in the uhttpd login functionali ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-23571 (An access violation vulnerability exists in the eventcore functionalit ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-23547 (A directory traversal vulnerability exists in the luci2-io file-export ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-22844 (An authentication bypass vulnerability exists in the requestHandlers.j ...) + NOT-FOR-US: MilesightVPN +CVE-2023-22659 (An os command injection vulnerability exists in the libzebra.so change ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-22319 (A sql injection vulnerability exists in the requestHandlers.js LoginAu ...) + NOT-FOR-US: MilesightVPN +CVE-2023-22306 (An OS command injection vulnerability exists in the libzebra.so bridge ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0430 (Certificate OCSP revocation status was not checked when verifying S/Mi ...) + {DSA-5355-1 DLA-3324-1} + - thunderbird 1:102.7.1+1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-04/#CVE-2023-0430 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1769000 +CVE-2023-0429 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0428 (The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0427 + RESERVED +CVE-2023-0426 (ABB is aware of vulnerabilities in the product versions listed below. ...) + NOT-FOR-US: ABB +CVE-2023-0425 (ABB is aware of vulnerabilities in the product versions listed below. ...) + NOT-FOR-US: ABB +CVE-2023-0424 (The MS-Reviews WordPress plugin through 1.5 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0423 (The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0422 (The Article Directory WordPress plugin through 1.3 does not properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0421 (The Cloud Manager WordPress plugin through 1.0 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0420 (The Custom Post Type and Taxonomy GUI Manager WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0419 (The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0418 (The Video Central for WordPress plugin through 1.3.0 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4894 (Certain HP and Samsung Printer software packages may potentially be vu ...) + NOT-FOR-US: HP +CVE-2022-4893 + REJECTED +CVE-2022-48279 (In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart reque ...) + {DLA-3283-1} + - modsecurity-apache 2.9.6-1 + [bullseye] - modsecurity-apache (Minor issue) + - modsecurity 3.0.8-1 + [bullseye] - modsecurity (Minor issue) + [buster] - modsecurity (Minor issue) + NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ + NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2795 + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/d6c10885e08779e99e76efcd5ad65802104cda14 (v3.0.8) + NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2797 + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/51a30d7b406af95c4143560d9753cf0b6d2151f5 (v2.9.6) + NOTE: Issue relates to CVE-2022-39956 but considered independent change to ModSecurity (C + NOTE: language) codebase. +CVE-2023-23969 (In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, t ...) + {DLA-3306-1} + - python-django 3:3.2.17-1 (bug #1030251) + [bullseye] - python-django 2:2.2.28-1~deb11u2 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/4 + NOTE: https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a (3.2.17) +CVE-2023-23968 + RESERVED +CVE-2023-23967 + RESERVED +CVE-2023-23966 + RESERVED +CVE-2023-23965 + RESERVED +CVE-2023-23964 + RESERVED +CVE-2023-23963 + RESERVED +CVE-2023-23962 + RESERVED +CVE-2023-23961 + RESERVED +CVE-2023-23960 + RESERVED +CVE-2023-23959 + RESERVED +CVE-2023-23958 (Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Ha ...) + NOT-FOR-US: Symantec Protection Engine +CVE-2023-23957 (An authenticated user can see and modify the value for \u2018next\u201 ...) + NOT-FOR-US: Symantec Identity Portal +CVE-2023-23956 (A user can supply malicious HTML and JavaScript code that will be exec ...) + NOT-FOR-US: Symantec +CVE-2023-23955 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) + NOT-FOR-US: Symantec +CVE-2023-23954 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) + NOT-FOR-US: Symantec +CVE-2023-23953 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) + NOT-FOR-US: Symantec +CVE-2023-23952 (Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1. ...) + NOT-FOR-US: Symantec +CVE-2023-23951 (Ability to enumerate the Oracle LDAP attributes for the current user b ...) + NOT-FOR-US: Symantec +CVE-2023-23950 (User\u2019s supplied input (usually a CRLF sequence) can be used to sp ...) + NOT-FOR-US: Symantec +CVE-2023-23949 (An authenticated user can supply malicious HTML and JavaScript code th ...) + NOT-FOR-US: Symantec +CVE-2023-23948 (The ownCloud Android app allows ownCloud users to access, share, and e ...) + NOT-FOR-US: ownCloud Android app +CVE-2023-23947 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2023-23946 (Git, a revision control system, is vulnerable to path traversal prior ...) + {DSA-5357-1 DLA-3338-1} + - git 1:2.39.2-1 (bug #1031310) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5 + NOTE: https://github.com/git/git/commit/fade728df1221598f42d391cf377e9e84a32053f (v2.30.8) +CVE-2023-23945 + RESERVED +CVE-2023-23944 (Nextcloud mail is an email app for the nextcloud home server platform. ...) + NOT-FOR-US: Nextcloud mail +CVE-2023-23943 (Nextcloud mail is an email app for the nextcloud home server platform. ...) + NOT-FOR-US: Nextcloud mail +CVE-2023-23942 (The Nextcloud Desktop Client is a tool to synchronize files from a Nex ...) + - nextcloud-desktop 3.6.4-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg + NOTE: https://github.com/nextcloud/desktop/pull/5233 + NOTE: https://github.com/nextcloud/desktop/pull/5240 + NOTE: https://hackerone.com/reports/1788598 +CVE-2023-23941 (SwagPayPal is a PayPal integration for shopware/platform. If JavaScrip ...) + NOT-FOR-US: SwagPayPal +CVE-2023-23940 (OpenZeppelin Contracts for Cairo is a library for secure smart contrac ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2023-23939 (Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vu ...) + NOT-FOR-US: Azure/setup-kubectl +CVE-2023-23938 (Tuleap is a Free & Source tool for end to end traceability of applicat ...) + NOT-FOR-US: Tuleap +CVE-2023-23937 (Pimcore is an Open Source Data & Experience Management Platform: PIM, ...) + NOT-FOR-US: Pimcore +CVE-2023-23936 (Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 ...) + - node-undici 5.19.1+dfsg1+~cs20.10.9.5-1 (bug #1031418) + [bookworm] - node-undici 5.15.0+dfsg1+~cs20.10.9.3-1+deb12u1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-5r9g-qh6m-jxff + NOTE: https://github.com/nodejs/undici/commit/a2eff05401358f6595138df963837c24348f2034 (v5.19.1) +CVE-2023-23935 (Discourse is an open-source messaging platform. In versions 3.0.1 and ...) + NOT-FOR-US: Discourse +CVE-2023-23934 (Werkzeug is a comprehensive WSGI web application library. Browsers may ...) + {DSA-5470-1 DLA-3346-1} + - python-werkzeug 2.2.2-3 (bug #1031370) + NOTE: https://github.com/pallets/werkzeug/commit/8c2b4b82d0cade0d37e6a88e2cd2413878e8ebd4 (2.2.3) + NOTE: https://github.com/pallets/werkzeug/security/advisories/GHSA-px8h-6qxv-m22q +CVE-2023-23933 (OpenSearch Anomaly Detection identifies atypical data and receives aut ...) + NOT-FOR-US: OpenSearch Anomaly Detection +CVE-2023-23932 (OpenDDS is an open source C++ implementation of the Object Management ...) + NOT-FOR-US: OpenDDS +CVE-2023-23931 (cryptography is a package designed to expose cryptographic primitives ...) + {DLA-3331-2 DLA-3331-1} + - python-cryptography 38.0.4-3 (bug #1031049) + [bullseye] - python-cryptography (Minor issue) + NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r + NOTE: https://github.com/pyca/cryptography/commit/9fbf84efc861668755ab645530ec7be9cf3c6696 +CVE-2023-23930 (vantage6 is privacy preserving federated learning infrastructure. Vers ...) + NOT-FOR-US: vantage6 +CVE-2023-23929 (vantage6 is a privacy preserving federated learning infrastructure for ...) + NOT-FOR-US: vantage6 +CVE-2023-23928 (reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.v ...) + NOT-FOR-US: reason-jose +CVE-2023-23927 (Craft is a platform for creating digital experiences. When you insert ...) + NOT-FOR-US: Craft +CVE-2023-23926 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. An ...) + NOT-FOR-US: APOC +CVE-2023-23925 (Switcher Client is a JavaScript SDK to work with Switcher API which is ...) + NOT-FOR-US: Switcher +CVE-2023-23924 (Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 ...) + - php-dompdf (Vulnerable code not in any Debian released version) + NOTE: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg + NOTE: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85 (v2.0.2) +CVE-2023-23923 (The vulnerability was found Moodle which exists due to insufficient li ...) + - moodle +CVE-2023-23922 (The vulnerability was found Moodle which exists due to insufficient sa ...) + - moodle +CVE-2023-23921 (The vulnerability was found Moodle which exists due to insufficient sa ...) + - moodle +CVE-2023-0410 (Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qw ...) + NOT-FOR-US: builderio/qwik +CVE-2023-0409 + RESERVED +CVE-2023-0408 + RESERVED +CVE-2023-0407 + RESERVED +CVE-2023-23920 (An untrusted search path vulnerability exists in Node.js. <19.6.1, <18 ...) + {DSA-5395-1 DLA-3344-1} + - nodejs 18.13.0+dfsg1-1.1 (bug #1031834) + [bookworm] - nodejs (Can be fixed along with next update) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-insecure-loading-of-icu-data-through-icu_data-environment-variable-low-cve-2023-23920 + NOTE: https://github.com/nodejs/node/commit/f369c0a739b9f0182ededa834a2a44e6fec322d1 +CVE-2023-23919 (A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16 ...) + - nodejs 18.13.0+dfsg1-1.1 (bug #1031834) + [bookworm] - nodejs (Can be fixed along with next update) + [bullseye] - nodejs (X509Certificate API introduced in v15.6.0) + [buster] - nodejs (X509Certificate API introduced in v15.6.0) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-openssl-error-handling-issues-in-nodejs-crypto-library-medium-cve-2023-23919 + NOTE: https://hackerone.com/reports/1808596 + NOTE: https://github.com/nodejs/node/commit/438812e14d3b2a705fb639b69e37c6cc4e7c8029 +CVE-2023-23918 (A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14 ...) + - nodejs (bug #1031834) + [bookworm] - nodejs (Can be fixed along with next update) + [bullseye] - nodejs (Permissions policy introduced in v16.x) + [buster] - nodejs (v10.x doesn't support policy manifests) + NOTE: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases/#node-js-permissions-policies-can-be-bypassed-via-process-mainmodule-high-cve-2023-23918 + NOTE: Only affects users enabling experimental permissions option with --experimental-policy. + NOTE: https://github.com/nodejs/node/commit/af9140088621abd09016848f4526d66b7a81b9ba + NOTE: https://github.com/nodejs/node/commit/9b7db62276e4a9c97aedf91daf38bf7b7d23fee4 +CVE-2023-23917 (A prototype pollution vulnerability exists in Rocket.Chat server <5.2. ...) + NOT-FOR-US: Rocket.Chat +CVE-2023-23916 (An allocation of resources without limits or throttling vulnerability ...) + {DSA-5365-1 DLA-3341-1} + - curl 7.88.1-1 (bug #1031371) + NOTE: https://curl.se/docs/CVE-2023-23916.html + NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 (curl-7_88_0) +CVE-2023-23915 (A cleartext transmission of sensitive information vulnerability exists ...) + - curl 7.88.1-1 (bug #1031371) + [bullseye] - curl (curl is not built with HSTS support) + [buster] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2023-23915.html + NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) + NOTE: https://github.com/curl/curl/pull/10138 +CVE-2023-23914 (A cleartext transmission of sensitive information vulnerability exists ...) + - curl 7.88.1-1 (bug #1031371) + [bullseye] - curl (curl is not built with HSTS support) + [buster] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2023-23914.html + NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) + NOTE: https://github.com/curl/curl/pull/10138 +CVE-2023-23913 + RESERVED + {DSA-5389-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1033263) + NOTE: https://github.com/rails/rails/commit/5037a13614d71727af8a175063bcf6ba1a74bdbd (v6.1.7.3) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-23913-dom-based-cross-site-scripting-in-rails-ujs-for-contenteditable-html-elements/82468 +CVE-2023-23912 (A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earli ...) + NOT-FOR-US: EdgeRouters +CVE-2023-23911 (An improper access control vulnerability exists prior to v6 that could ...) + NOT-FOR-US: open.rocket.chat +CVE-2023-23900 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, I ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23899 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extension ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23898 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23897 (Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simp ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23896 + RESERVED +CVE-2023-23895 + RESERVED +CVE-2023-23894 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23893 + RESERVED +CVE-2023-23892 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23891 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23890 (Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb R ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23889 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23888 + RESERVED +CVE-2023-23887 + RESERVED +CVE-2023-23886 + RESERVED +CVE-2023-23885 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23884 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanb ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23883 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilityin David ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23882 + RESERVED +CVE-2023-23881 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gree ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23880 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23879 (Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Exe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23878 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in fli ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23877 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23876 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23875 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hima ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23874 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23873 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23872 + RESERVED +CVE-2023-23871 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webd ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23870 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpde ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23869 (Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23868 + RESERVED +CVE-2023-23867 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23866 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23865 (Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins St ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23864 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Micha ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Blac ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23862 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23861 (Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23550 (An OS command injection vulnerability exists in the ys_thirdparty user ...) + NOT-FOR-US: Milesight UR32L +CVE-2023-0406 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-0405 (The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooComm ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0404 (The Events Made Easy plugin for WordPress is vulnerable to authorizati ...) + NOT-FOR-US: Events Made Easy plugin for WordPress +CVE-2023-0403 (The Social Warfare plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Social Warfare plugin for WordPress +CVE-2023-0402 (The Social Warfare plugin for WordPress is vulnerable to authorization ...) + NOT-FOR-US: Social Warfare plugin for WordPress +CVE-2023-0401 (A NULL pointer can be dereferenced when signatures are being verified ...) + - openssl 3.0.8-1 + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d3b6dfd70db844c4499bec6ad6601623a565e674 (openssl-3.0.8) +CVE-2023-0400 (The protection bypass vulnerability in DLP for Windows 11.9.x is addre ...) + NOT-FOR-US: DLP for Windows +CVE-2023-0399 (The Image Over Image For WPBakery Page Builder WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0398 (Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa ...) + NOT-FOR-US: Modoboa +CVE-2023-23860 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) + NOT-FOR-US: SAP +CVE-2023-23859 (SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, ...) + NOT-FOR-US: SAP +CVE-2023-23858 (Due to insufficient input validation, SAP NetWeaver AS for ABAP and AB ...) + NOT-FOR-US: SAP +CVE-2023-23857 (Due to missing authentication check, SAP NetWeaver AS for Java - versi ...) + NOT-FOR-US: SAP +CVE-2023-23856 (In SAP BusinessObjects Business Intelligence (Web Intelligence user in ...) + NOT-FOR-US: SAP +CVE-2023-23855 (SAP Solution Manager - version 720, allows an authenticated attacker t ...) + NOT-FOR-US: SAP +CVE-2023-23854 (SAP NetWeaver Application Server for ABAP and ABAP Platform - versions ...) + NOT-FOR-US: SAP +CVE-2023-23853 (An unauthenticated attacker in AP NetWeaver Application Server for ABA ...) + NOT-FOR-US: SAP +CVE-2023-23852 (SAP Solution Manager (System Monitoring) - version 720, does not suffi ...) + NOT-FOR-US: SAP +CVE-2023-23851 (SAP Business Planning and Consolidation - versions 200, 300, allows an ...) + NOT-FOR-US: SAP +CVE-2023-23850 (A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 a ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-23849 (Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an u ...) + NOT-FOR-US: Coverity +CVE-2023-23848 (Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 an ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-23847 (A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins ...) + NOT-FOR-US: Jenkins plugin +CVE-2023-23846 (Due to insufficient length validation in the Open5GS GTP library versi ...) + NOT-FOR-US: Open5GS +CVE-2023-23845 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + NOT-FOR-US: SolarWinds +CVE-2023-23844 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + NOT-FOR-US: SolarWinds +CVE-2023-23843 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + NOT-FOR-US: SolarWinds +CVE-2023-23842 (The SolarWinds Network Configuration Manager was susceptible to the Di ...) + NOT-FOR-US: SolarWinds +CVE-2023-23841 (SolarWinds Serv-U is submitting an HTTP request when changing or updat ...) + NOT-FOR-US: SolarWinds +CVE-2023-23840 (The SolarWinds Platform was susceptible to the Incorrect Comparison Vu ...) + NOT-FOR-US: SolarWinds +CVE-2023-23839 (The SolarWinds Platform was susceptible to the Exposure of Sensitive I ...) + NOT-FOR-US: SolarWinds +CVE-2023-23838 (Directory traversal and file enumeration vulnerability which allowed u ...) + NOT-FOR-US: SolarWinds +CVE-2023-23837 (No exception handling vulnerability which revealed sensitive or excess ...) + NOT-FOR-US: SolarWinds +CVE-2023-23836 (SolarWinds Platform version 2022.4.1 was found to be susceptible to th ...) + NOT-FOR-US: SolarWinds +CVE-2023-0397 (A malicious / defect bluetooth controller can cause a Denial of Servic ...) + NOT-FOR-US: Zephyr +CVE-2023-0396 (A malicious / defective bluetooth controller can cause buffer overread ...) + NOT-FOR-US: Zephyr +CVE-2023-0395 (The menu shortcode WordPress plugin through 1.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0393 + RESERVED +CVE-2023-0392 (The LDAP Agent Update service with versions prior to 5.18 used an unqu ...) + NOT-FOR-US: Okta LDAP Agent Update service +CVE-2023-0391 (MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt ...) + NOT-FOR-US: MGT-COMMERCE +CVE-2022-48278 + RESERVED +CVE-2022-48277 + RESERVED +CVE-2022-48276 + RESERVED +CVE-2022-48275 + RESERVED +CVE-2022-48274 + RESERVED +CVE-2022-48273 + RESERVED +CVE-2022-48272 + RESERVED +CVE-2022-48271 + RESERVED +CVE-2022-48270 + RESERVED +CVE-2022-48269 + RESERVED +CVE-2015-10071 (A vulnerability was found in gitter-badger ezpublish-modern-legacy. It ...) + NOT-FOR-US: gitter-badger ezpublish-modern-legacy +CVE-2023-23835 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2023-23834 + RESERVED +CVE-2023-23833 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steve ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23832 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23831 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23830 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23829 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pier ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23828 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23827 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Googl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23826 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23825 + RESERVED +CVE-2023-23824 (Auth. SQL Injection (SQLi) vulnerability inWP-TopBar<= 5.36 versions.) + NOT-FOR-US: WordPress plugin +CVE-2023-23823 + RESERVED +CVE-2023-23822 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23821 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23820 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rola ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23818 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Avip ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23817 (Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebA ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23816 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23815 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23814 + RESERVED +CVE-2023-23813 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23812 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joos ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23811 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23810 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23809 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mori ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23808 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Serg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23807 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumo ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23806 (Auth. (admin+) StoredCross-Site Scripting (XSS) vulnerability in Davin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23805 + RESERVED +CVE-2023-23804 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23803 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23802 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy G ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23801 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23800 (Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Sh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23799 (Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leon ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23798 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23797 (Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Au ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23796 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23795 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23794 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23793 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eigh ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23792 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23791 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23790 (Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23789 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prem ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23788 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23787 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23786 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Chr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23785 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23784 (A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7 ...) + NOT-FOR-US: FortiGuard +CVE-2023-23783 (A use of externally-controlled format string in Fortinet FortiWeb vers ...) + NOT-FOR-US: FortiGuard +CVE-2023-23782 (A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 throug ...) + NOT-FOR-US: FortiGuard +CVE-2023-23781 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...) + NOT-FOR-US: FortiGuard +CVE-2023-23780 (A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 throu ...) + NOT-FOR-US: FortiGuard +CVE-2023-23779 (Multiple improper neutralization of special elements used in an OS Com ...) + NOT-FOR-US: FortiGuard +CVE-2023-23778 (A relative path traversal vulnerability [CWE-23] in FortiWeb version 7 ...) + NOT-FOR-US: FortiGuard +CVE-2023-23777 (An improper neutralization of special elements used in an OS command ( ...) + NOT-FOR-US: Fortinet +CVE-2023-23776 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) + NOT-FOR-US: Fortinet +CVE-2023-23775 + RESERVED +CVE-2023-23549 (Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 ...) + - check-mk +CVE-2023-23548 (Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, ...) + - check-mk +CVE-2023-22359 (User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker ...) + - check-mk +CVE-2023-22348 (Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions < ...) + - check-mk +CVE-2023-22318 (Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5 ...) + - check-mk +CVE-2023-22309 (Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Applianc ...) + - check-mk +CVE-2023-22307 (Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before ...) + - check-mk +CVE-2023-22294 (Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows ...) + - check-mk +CVE-2023-22288 (HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and al ...) + - check-mk +CVE-2023-0394 (A NULL pointer dereference flaw was found in rawv6_push_pending_frames ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/18/2 + NOTE: https://git.kernel.org/linus/cb3e9864cdbe35ff6378966660edbcbac955fe17 (6.2-rc4) +CVE-2023-0390 + RESERVED +CVE-2023-0389 + RESERVED +CVE-2023-0388 (The Random Text WordPress plugin through 0.3.0 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0387 + REJECTED +CVE-2023-0386 (A flaw was found in the Linux kernel, where unauthorized access to the ...) + {DSA-5402-1 DLA-3446-1} + - linux 6.1.11-1 + NOTE: https://git.kernel.org/linus/4f11ada10d0ad3fd53e2bd67806351de63a4f9c3 (6.2-rc6) +CVE-2023-0385 (The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: Custom 404 Pro plugin for WordPress +CVE-2023-0384 (User-controlled operations could have allowed Denial of Service in M-F ...) + NOT-FOR-US: M-Files +CVE-2023-0383 (User-controlled operations could have allowed Denial of Service in M-F ...) + NOT-FOR-US: M-Files +CVE-2023-0382 (User-controlled operations could have allowed Denial of Service in M-F ...) + NOT-FOR-US: M-Files Server +CVE-2023-0381 (The GigPress WordPress plugin through 2.3.28 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0380 (The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0379 (The Spotlight Social Feeds WordPress plugin before 1.4.3 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0378 (The Greenshift WordPress plugin before 5.0 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0377 (The Scriptless Social Sharing WordPress plugin before 3.2.2 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0376 + RESERVED +CVE-2023-0375 (The Easy Affiliate Links WordPress plugin before 3.7.1 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0374 (The W4 Post List WordPress plugin before 2.4.6 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0373 (The Lightweight Accordion WordPress plugin before 1.5.15 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0372 (The EmbedStories WordPress plugin before 0.7.5 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0371 (The EmbedSocial WordPress plugin before 1.1.28 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0370 (The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0369 (The GoToWP WordPress plugin through 5.1.1 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0368 (The Responsive Tabs For WPBakery Page Builder (formerly Visual Compose ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4892 (A vulnerability was found in MyCMS. It has been classified as problema ...) + NOT-FOR-US: MyCMS +CVE-2022-47909 (Livestatus Query Language (LQL) injection in the AuthUser HTTP query h ...) + - check-mk +CVE-2022-46836 (PHP code injection in watolib auth.php and hosttags.php in Tribe29's C ...) + - check-mk +CVE-2022-46303 (Command injection in SMS notifications in Tribe29 Checkmk <= 2.1.0p10, ...) + - check-mk +CVE-2022-46302 (Broad access controls could allow site users to directly interact with ...) + - check-mk +CVE-2022-43440 (Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk b ...) + - check-mk +CVE-2021-4314 (It is possible to manipulate the JWT token without the knowledge of th ...) + NOT-FOR-US: Zowe +CVE-2017-20174 (A vulnerability was found in bastianallgeier Kirby Webmentions Plugin ...) + NOT-FOR-US: bastianallgeier Kirby Webmentions Plugin +CVE-2015-10070 (A vulnerability was found in copperwall Twiddit. It has been rated as ...) + NOT-FOR-US: copperwall Twiddit +CVE-2015-10069 (A vulnerability was found in viakondratiuk cash-machine. It has been d ...) + NOT-FOR-US: viakondratiuk cash-machine +CVE-2014-125083 (A vulnerability has been found in Anant Labs google-enterprise-connect ...) + NOT-FOR-US: Anant Labs google-enterprise-connect +CVE-2013-10014 (A vulnerability classified as critical has been found in oktora24 2moo ...) + NOT-FOR-US: oktora24 2moons +CVE-2023-23774 (Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled ...) + NOT-FOR-US: Motorola +CVE-2023-23773 (Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. Th ...) + NOT-FOR-US: Motorola +CVE-2023-23772 (Motorola MBTS Site Controller fails to check firmware update authentic ...) + NOT-FOR-US: Motorola +CVE-2023-23771 (Motorola MBTS Base Radio accepts hard-coded backdoor password. The Mot ...) + NOT-FOR-US: Motorola +CVE-2023-23770 (Motorola MBTS Site Controller accepts hard-coded backdoor password. Th ...) + NOT-FOR-US: Motorola +CVE-2023-23769 + RESERVED +CVE-2023-23768 + RESERVED +CVE-2023-23767 + REJECTED +CVE-2023-23766 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23765 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23764 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23763 (An authorization/sensitive information disclosure vulnerability was id ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23762 (An incorrect comparison vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23761 (An improper authentication vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23760 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-23759 (There is a vulnerability in the fizz library prior to v2023.01.30.00 w ...) + NOT-FOR-US: Facebook fizz +CVE-2023-23758 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Joomla extension +CVE-2023-23757 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Joomla extension +CVE-2023-23756 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Joomla addon +CVE-2023-23755 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of ra ...) + NOT-FOR-US: Joomla! +CVE-2023-23754 (An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input ...) + NOT-FOR-US: Joomla! +CVE-2023-0367 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0366 (The Loan Comparison WordPress plugin before 1.5.3 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0365 (The React Webcam WordPress plugin through 1.2.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0364 (The real.Kit WordPress plugin before 5.1.1 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0363 (The Scheduled Announcements Widget WordPress plugin before 1.0 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0362 (Themify Portfolio Post WordPress plugin before 1.2.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0361 (A timing side-channel in the handling of RSA ClientKeyExchange message ...) + {DSA-5349-1 DLA-3321-1} + - gnutls28 3.7.8-5 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1050 + NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 + NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a (3.8.0) + NOTE: Code cleanup: https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558 (3.8.0) +CVE-2023-0360 (The Location Weather WordPress plugin before 1.3.4 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0359 (A missing nullptr-check in handle_ra_input can cause a nullptr-deref.) + NOT-FOR-US: Zephyr +CVE-2023-0358 (Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/93e128ed-253f-4c42-81ff-fbac7fd8f355 + NOTE: https://github.com/gpac/gpac/commit/9971fb125cf91cefd081a080c417b90bbe4a467b +CVE-2023-0357 (Helpy version 2.8.0 allows an unauthenticated remote attacker to explo ...) + NOT-FOR-US: Helpy +CVE-2023-0356 (SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encry ...) + NOT-FOR-US: SOCOMEC MODULYS GP Netvision +CVE-2023-0355 (Akuvox E11 uses a hard-coded cryptographic key, which could allow an a ...) + NOT-FOR-US: Akuvox +CVE-2023-0354 (The Akuvox E11 web server can be accessed without any user authenticat ...) + NOT-FOR-US: Akuvox +CVE-2023-0353 (Akuvox E11 uses a weak encryption algorithm for stored passwords and u ...) + NOT-FOR-US: Akuvox +CVE-2023-0352 (The Akuvox E11 password recovery webpage can be accessed without authe ...) + NOT-FOR-US: Akuvox +CVE-2023-0351 (The Akuvox E11 web server backend library allows command injection in ...) + NOT-FOR-US: Akuvox +CVE-2023-0350 (Akuvox E11 does not ensure that a file extension is associated with th ...) + NOT-FOR-US: Akuvox +CVE-2023-0349 (The Akuvox E11 libvoice library provides unauthenticated access to the ...) + NOT-FOR-US: Akuvox +CVE-2023-0348 (Akuvox E11 allows direct SIP calls. No access control is enforced by t ...) + NOT-FOR-US: Akuvox +CVE-2023-0347 (The Akuvox E11 Media Access Control (MAC) address, a primary identifie ...) + NOT-FOR-US: Akuvox +CVE-2023-0346 (Akuvox E11 cloud login is performed through an unencrypted HTTP connec ...) + NOT-FOR-US: Akuvox +CVE-2023-0345 (The Akuvox E11 secure shell (SSH) server is enabled by default and can ...) + NOT-FOR-US: Akuvox +CVE-2023-0344 (Akuvox E11 appears to be using a custom version of dropbear SSH server ...) + NOT-FOR-US: Akuvox E11 +CVE-2023-0343 (Akuvox E11 contains a function that encrypts messages which are then f ...) + NOT-FOR-US: Akuvox E11 +CVE-2010-10009 (A vulnerability was found in frioux ptome. It has been rated as critic ...) + NOT-FOR-US: frioux ptome +CVE-2023-23753 (The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQ ...) + NOT-FOR-US: Joomla! extension +CVE-2023-23752 (An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper ac ...) + NOT-FOR-US: Joomla! +CVE-2023-23751 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL ...) + NOT-FOR-US: Joomla! +CVE-2023-23750 (An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing toke ...) + NOT-FOR-US: Joomla! +CVE-2023-23749 (The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerb ...) + NOT-FOR-US: Joomla! extension +CVE-2023-23748 + RESERVED +CVE-2023-23747 + RESERVED +CVE-2023-23746 + RESERVED +CVE-2023-23745 + RESERVED +CVE-2023-23744 + RESERVED +CVE-2023-23743 + RESERVED +CVE-2023-23742 + RESERVED +CVE-2023-23741 + RESERVED +CVE-2023-23740 + RESERVED +CVE-2023-23739 + RESERVED +CVE-2023-23738 + RESERVED +CVE-2023-23737 (Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Lin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23736 + RESERVED +CVE-2023-23735 + RESERVED +CVE-2023-23734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davi ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23733 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23732 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23731 (Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23730 + RESERVED +CVE-2023-23729 + RESERVED +CVE-2023-23728 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23727 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Form ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23726 + RESERVED +CVE-2023-23725 + RESERVED +CVE-2023-23724 (Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Ema ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23723 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23722 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winw ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23721 (Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin L ...) + NOT-FOR-US: David Gwyer Admin Log +CVE-2023-23720 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetR ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23719 (Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23718 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Pa ...) + NOT-FOR-US: Esstat17 +CVE-2023-23717 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Georg ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23716 + RESERVED +CVE-2023-23715 + RESERVED +CVE-2023-23714 (Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23713 (Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Th ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23712 (Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager p ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23711 (Cross-Site Request Forgery (CSRF) vulnerability in A2 Hosting A2 Optim ...) + NOT-FOR-US: A2 Hosting +CVE-2023-23710 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in mini ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23709 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23708 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23707 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23706 (Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23705 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23704 (Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23703 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23702 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23701 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23700 + RESERVED +CVE-2023-23699 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0342 (MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM k ...) + NOT-FOR-US: MongoDB Ops Manager Diagnostics Archive +CVE-2023-0341 (A stack buffer overflow exists in the ec_glob function of editorconfig ...) + - editorconfig-core 0.12.6-0.1 + [bullseye] - editorconfig-core (Minor issue) + [buster] - editorconfig-core (Minor issue) + NOTE: https://github.com/editorconfig/editorconfig-core-c/pull/87 + NOTE: https://github.com/editorconfig/editorconfig-core-c/commit/41281ea82fbf24b060a9f69b9c5369350fb0529e +CVE-2023-0340 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0339 (Relative Path Traversal vulnerability in ForgeRock Access Management W ...) + NOT-FOR-US: ForgeRock +CVE-2023-0338 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) + NOT-FOR-US: lirantal/daloradius +CVE-2023-0337 (Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/d ...) + NOT-FOR-US: lirantal/daloradius +CVE-2023-0336 (The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0335 (The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken acces ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0334 (The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0333 (The TemplatesNext ToolKit WordPress plugin before 3.2.9 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0332 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester Online Food Ordering System +CVE-2020-36654 (A vulnerability classified as problematic has been found in GENI Porta ...) + NOT-FOR-US: GENI Portal +CVE-2020-36653 (A vulnerability was found in GENI Portal. It has been rated as problem ...) + NOT-FOR-US: GENI Portal +CVE-2017-20173 (A vulnerability was found in AlexRed contentmap. It has been rated as ...) + NOT-FOR-US: AlexRed contentmap +CVE-2017-20172 (A vulnerability was found in ridhoq soundslike. It has been classified ...) + NOT-FOR-US: ridhoq soundslike +CVE-2015-10068 (A vulnerability classified as critical was found in danynab movify-j. ...) + NOT-FOR-US: danynab movify-j +CVE-2012-10006 (A vulnerability classified as critical has been found in ale7714 sigep ...) + NOT-FOR-US: ale7714 +CVE-2011-10001 (A vulnerability was found in iamdroppy phoenixcf. It has been declared ...) + NOT-FOR-US: iamdroppy phoenixcf +CVE-2010-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesam ...) + NOT-FOR-US: simplesamlphp-module-openidprovider +CVE-2023-XXXX [RUSTSEC-2022-0078] + - rust-bumpalo 3.12.0-1 (bug #1032088) + [bullseye] - rust-bumpalo (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0078.html + NOTE: https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111 +CVE-2023-23698 (Dell Command | Update, Dell Update, and Alienware Update versions befo ...) + NOT-FOR-US: Dell +CVE-2023-23697 (Dell Command | Intel vPro Out of Band, versions before 4.4.0, contain ...) + NOT-FOR-US: Dell +CVE-2023-23696 (Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain ...) + NOT-FOR-US: Dell +CVE-2023-23695 (Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken ...) + NOT-FOR-US: Dell +CVE-2023-23694 (Dell VxRail versions earlier than 7.0.450, contain(s) an OS command in ...) + NOT-FOR-US: Dell +CVE-2023-23693 (Dell VxRail, versions prior to 7.0.450, contains an OS command injecti ...) + NOT-FOR-US: Dell +CVE-2023-23692 (Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection ...) + NOT-FOR-US: EMC +CVE-2023-23691 (Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Clie ...) + NOT-FOR-US: EMC +CVE-2023-23690 (Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contai ...) + NOT-FOR-US: EMC +CVE-2023-23689 (Dell PowerScale nodes A200, A2000, H400, H500, H600, H5600, F800, F810 ...) + NOT-FOR-US: Dell +CVE-2023-23688 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23687 (Auth.Stored Cross-Site Scripting (XSS) vulnerability inYoutube shortco ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23686 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23685 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23684 (Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This iss ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23682 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23681 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23680 (Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23679 (Authorization Bypass Through User-Controlled Key vulnerability in JS H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23678 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23677 (Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetri ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23676 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23675 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23674 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOL ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23673 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hari ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23672 + RESERVED +CVE-2023-23671 (Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23670 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23669 + RESERVED +CVE-2023-23668 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23667 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23666 + RESERVED +CVE-2023-23665 + RESERVED +CVE-2023-23664 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23663 + RESERVED +CVE-2023-23662 + RESERVED +CVE-2023-23661 + RESERVED +CVE-2023-23660 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainW ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23659 (Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Exten ...) + NOT-FOR-US: MainWP Matomo Extension +CVE-2023-23658 + RESERVED +CVE-2023-23657 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23656 + RESERVED +CVE-2023-23655 + RESERVED +CVE-2023-23654 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spar ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23653 + RESERVED +CVE-2023-23652 + RESERVED +CVE-2023-23651 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Googl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23650 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23649 + RESERVED +CVE-2023-23648 + RESERVED +CVE-2023-23647 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23646 (Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gal ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23645 + RESERVED +CVE-2023-23644 + RESERVED +CVE-2023-23643 + RESERVED +CVE-2023-23642 + RESERVED +CVE-2023-23641 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23640 + RESERVED +CVE-2023-23639 + RESERVED +CVE-2023-23638 (A deserialization vulnerability existed when dubbo generic invoke, whi ...) + NOT-FOR-US: Apache Dubbo +CVE-2023-0331 (The Correos Oficial WordPress plugin through 1.2.0.2 does not have an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0330 (A vulnerability in the lsi53c895a device affects the latest version of ...) + {DLA-3604-1} + - qemu 1:8.0.2+dfsg-1 (bug #1029155) + [bookworm] - qemu 1:7.2+dfsg-7+deb12u1 + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160151 + NOTE: Proposed patch: https://lists.nongnu.org/archive/html/qemu-devel/2023-01/msg03411.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e49884a90987744ddb54b2fadc770633eb6a4d62 (v8.0.1) + NOTE: See also generic re-entrancy ground work at https://gitlab.com/qemu-project/qemu/-/issues/556 +CVE-2023-0329 (The Elementor Website Builder WordPress plugin before 3.12.2 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48261 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) + NOT-FOR-US: Huawei +CVE-2020-36652 (Incorrect Default Permissions vulnerability in Hitachi Automation Dire ...) + NOT-FOR-US: Hitachi +CVE-2020-36651 (A vulnerability has been found in youngerheart nodeserver and classifi ...) + NOT-FOR-US: youngerheart nodeserver +CVE-2018-25077 (A vulnerability was found in melnaron mel-spintax. It has been rated a ...) + NOT-FOR-US: melnaron mel-spintax +CVE-2017-20171 (A vulnerability classified as critical has been found in PrivateSky ap ...) + NOT-FOR-US: PrivateSky +CVE-2015-10067 (A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has ...) + NOT-FOR-US: oznetmaster SSharpSmartThreadPool +CVE-2015-10066 (A vulnerability was found in tynx wuersch and classified as critical. ...) + NOT-FOR-US: tynx wuersch +CVE-2015-10065 (A vulnerability classified as critical was found in AenBleidd FiND. Th ...) + NOT-FOR-US: AenBleidd FiND +CVE-2014-125082 (A vulnerability was found in nivit redports. It has been declared as c ...) + NOT-FOR-US: nivit redports +CVE-2014-125081 (A vulnerability, which was classified as critical, has been found in r ...) + NOT-FOR-US: risheesh debutsav +CVE-2010-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil ...) + NOT-FOR-US: lierdakil click-reminder +CVE-2010-10006 (A vulnerability, which was classified as problematic, was found in mic ...) + NOT-FOR-US: michaelliao jopenid +CVE-2023-23637 (IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain te ...) + NOT-FOR-US: IMPatienT +CVE-2023-23636 (In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerabl ...) + - jellyfin (bug #994189) +CVE-2023-23635 (In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnera ...) + - jellyfin (bug #994189) +CVE-2023-23634 + RESERVED +CVE-2023-23633 + RESERVED +CVE-2023-23632 (BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x a ...) + NOT-FOR-US: BeyondTrust Privileged Remote Access +CVE-2023-23631 (github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go- ...) + NOT-FOR-US: github.com/ipfs/go-unixfsnode +CVE-2023-23630 (Eta is an embedded JS templating engine that works inside Node, Deno, ...) + NOT-FOR-US: Eta +CVE-2023-23629 (Metabase is an open source data analytics platform. Affected versions ...) + NOT-FOR-US: Metabase +CVE-2023-23628 (Metabase is an open source data analytics platform. Affected versions ...) + NOT-FOR-US: Metabase +CVE-2023-23627 (Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 ...) + - ruby-sanitize 6.0.0-1.1 (bug #1030047) + [bullseye] - ruby-sanitize (Minor issue) + [buster] - ruby-sanitize (Minor issue) + NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7 + NOTE: https://github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22 (v6.0.1) +CVE-2023-23626 (go-bitfield is a simple bitfield package for the go language aiming to ...) + NOT-FOR-US: go-bitfield +CVE-2023-23625 (go-unixfs is an implementation of a unix-like filesystem on top of an ...) + NOT-FOR-US: go-unixfs +CVE-2023-23624 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-23623 (Electron is a framework which lets you write cross-platform desktop ap ...) + - electron (bug #842420) +CVE-2023-23622 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-23621 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-23620 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-23619 (Modelina is a library for generating data models based on inputs such ...) + NOT-FOR-US: Modelina +CVE-2023-23618 (Git for Windows is the Windows port of the revision control system Git ...) + NOT-FOR-US: Git for Windows +CVE-2023-23617 (OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and ...) + NOT-FOR-US: OpenMage LTS +CVE-2023-23616 (Discourse is an open-source discussion platform. Prior to version 3.0. ...) + NOT-FOR-US: Discourse +CVE-2023-23615 (Discourse is an open source discussion platform. The embeddable commen ...) + NOT-FOR-US: Discourse +CVE-2023-23614 (Pi-hole\xae's Web interface (based off of AdminLTE) provides a central ...) + NOT-FOR-US: Pi-Hole +CVE-2023-23613 (OpenSearch is an open source distributed and RESTful search engine. In ...) + - opensearch (bug #1054912) + NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-v3cg-7r9h-r2g6 +CVE-2023-23612 (OpenSearch is an open source distributed and RESTful search engine. Op ...) + - opensearch (bug #1054912) + NOTE: https://github.com/opensearch-project/security/security/advisories/GHSA-864v-6qj7-62qj +CVE-2023-23611 (LTI Consumer XBlock implements the consumer side of the LTI specificat ...) + NOT-FOR-US: LTI +CVE-2023-23610 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6565-hm87-24hf + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-23609 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2023-23608 (Spotipy is a light weight Python library for the Spotify Web API. In v ...) + NOT-FOR-US: Spotipy +CVE-2023-23607 (erohtar/Dasherr is a dashboard for self-hosted services. In affected v ...) + NOT-FOR-US: Dasherr +CVE-2023-23606 (Memory safety bugs present in Firefox 108. Some of these bugs showed e ...) + - firefox 109.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23606 +CVE-2023-23605 (Memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 109.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23605 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23605 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23605 +CVE-2023-23604 (A duplicate SystemPrincipal object could be created when ...) + - firefox 109.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23604 +CVE-2023-23603 (Regular expressions used to filter out forbidden properties and values ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 109.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23603 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23603 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23603 +CVE-2023-23602 (A mishandled security check when creating a WebSocket in a WebWorker c ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 109.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23602 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23602 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23602 +CVE-2023-23601 (Navigations were being allowed when dragging a URL from a cross-origin ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 109.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23601 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23601 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23601 +CVE-2023-23600 (Per origin notification permissions were being stored in a way that di ...) + - firefox (Only affects Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23600 +CVE-2023-23599 (When copying a network request from the developer tools panel as a cur ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23599 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23599 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23599 +CVE-2023-23598 (Due to the Firefox GTK wrapper code's use of text/plain for drag data ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 109.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23598 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2023-23598 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2023-23598 +CVE-2023-23597 (A compromised web child process could disable web security opening res ...) + - firefox 109.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-01/#CVE-2023-23597 +CVE-2023-0328 (The WPCode WordPress plugin before 2.0.7 does not have adequate privil ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0327 (A vulnerability was found in saemorris TheRadSystem. It has been class ...) + NOT-FOR-US: saemorris TheRadSystem +CVE-2023-0326 (An issue has been discovered in GitLab DAST API scanner affecting all ...) + NOT-FOR-US: GitLab DAST API scanner +CVE-2023-0325 (Uvdesk version 1.1.1 allows an unauthenticated remote attacker to expl ...) + NOT-FOR-US: Uvdesk +CVE-2023-0324 (A vulnerability was found in SourceCodester Online Tours & Travels Man ...) + NOT-FOR-US: SourceCodester Online Tours & Travels Management System +CVE-2023-0323 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2023-0322 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: UNIS +CVE-2023-0321 (Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 m ...) + NOT-FOR-US: Campbell +CVE-2023-0320 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: UBYS +CVE-2023-0319 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0318 + RESERVED +CVE-2023-0317 (Unprotected Alternate Channel vulnerability in debug console of GateM ...) + NOT-FOR-US: Secomea +CVE-2022-4891 (A vulnerability has been found in Sisimai up to 4.25.14p11 and classif ...) + NOT-FOR-US: Sisimai +CVE-2017-20170 (A vulnerability was found in ollpu parontalli. It has been classified ...) + NOT-FOR-US: ollpu parontalli +CVE-2016-15021 (A vulnerability was found in nickzren alsdb. It has been rated as crit ...) + NOT-FOR-US: nickzren alsdb +CVE-2015-10064 (A vulnerability was found in VictorFerraresi pokemon-database-php. It ...) + NOT-FOR-US: pokemon-database-php +CVE-2015-10063 (A vulnerability was found in saemorris TheRadSystem and classified as ...) + NOT-FOR-US: saemorris TheRadSystem +CVE-2015-10062 (A vulnerability, which was classified as problematic, was found in gal ...) + NOT-FOR-US: galaxy-data-resource +CVE-2015-10061 (A vulnerability was found in evandro-machado Trabalho-Web2. It has bee ...) + NOT-FOR-US: Trabalho-Web2. +CVE-2015-10060 (A vulnerability was found in MNBikeways database and classified as cri ...) + NOT-FOR-US: MNBikeways +CVE-2015-10059 (A vulnerability has been found in s134328 Webapplication-Veganguide an ...) + NOT-FOR-US: Webapplication-Veganguide +CVE-2015-10058 (A vulnerability, which was classified as problematic, was found in Wik ...) + NOT-FOR-US: Wikisource Category Browser +CVE-2013-10013 (A vulnerability was found in Bricco Authenticator Plugin. It has been ...) + NOT-FOR-US: Bricco Authenticator Plugin +CVE-2023-0316 (Path Traversal: '\..\filename' in GitHub repository froxlor/froxlor pr ...) + - froxlor (bug #581792) +CVE-2023-0315 (Command Injection in GitHub repository froxlor/froxlor prior to 2.0.8.) + - froxlor (bug #581792) +CVE-2023-0314 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0313 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0312 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0311 (Improper Authentication in GitHub repository thorsten/phpmyfaq prior t ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0310 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0309 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0308 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0307 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0306 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2023-0305 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Food Ordering System +CVE-2023-0304 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Food Ordering System +CVE-2023-0303 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester Online Food Ordering System +CVE-2022-4890 (A vulnerability, which was classified as critical, has been found in a ...) + NOT-FOR-US: abhilash1985 PredictApp +CVE-2021-4313 (A vulnerability was found in NethServer phonenehome. It has been rated ...) + NOT-FOR-US: NethServer phonenehome +CVE-2018-25076 (A vulnerability classified as critical was found in Events Extension o ...) + NOT-FOR-US: BigTree CMS addon +CVE-2016-15020 (A vulnerability was found in liftkit database up to 2.13.1. It has bee ...) + NOT-FOR-US: liftkit database +CVE-2015-10057 (A vulnerability was found in Little Apps Little Software Stats. It has ...) + NOT-FOR-US: Little Apps Little Software Stats +CVE-2015-10056 (A vulnerability was found in 2071174A vinylmap. It has been classified ...) + NOT-FOR-US: 2071174A vinylmap +CVE-2015-10055 (A vulnerability was found in PictureThisWebServer and classified as cr ...) + NOT-FOR-US: PictureThisWebServer +CVE-2015-10054 (A vulnerability, which was classified as critical, was found in githui ...) + NOT-FOR-US: P2Manage +CVE-2015-10053 (A vulnerability classified as critical has been found in prodigasistem ...) + NOT-FOR-US: prodigasistemas curupira +CVE-2014-125080 (A vulnerability has been found in frontaccounting faplanet and classif ...) + NOT-FOR-US: frontaccounting faplanet +CVE-2013-10012 (A vulnerability, which was classified as critical, was found in antonb ...) + NOT-FOR-US: antonbolling clan7ups +CVE-2010-10005 + REJECTED +CVE-2023-23596 (jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. W ...) + NOT-FOR-US: jc21 NGINX Proxy Manager +CVE-2023-23595 (BlueCat Device Registration Portal 2.2 allows XXE attacks that exfiltr ...) + NOT-FOR-US: BlueCat Device Registration Portal +CVE-2023-23594 (An authentication bypass vulnerability in the web client interface for ...) + NOT-FOR-US: CL4NX printer +CVE-2023-23593 + RESERVED +CVE-2023-23592 (WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to ac ...) + NOT-FOR-US: WALLIX Access Manager +CVE-2023-23591 (The Logback component in Terminalfour before 8.3.14.1 allows OS admini ...) + NOT-FOR-US: Terminalfour +CVE-2023-0302 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) + - radare2 (bug #1029037) + NOTE: https://huntr.dev/bounties/583133af-7ae6-4a21-beef-a4b0182cf82e/ + NOTE: https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce +CVE-2023-0301 (Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/a ...) + NOT-FOR-US: Alf.io +CVE-2023-0300 (Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-even ...) + NOT-FOR-US: Alf.io +CVE-2023-0299 (Improper Input Validation in GitHub repository publify/publify prior t ...) + NOT-FOR-US: Publify +CVE-2022-4889 (A vulnerability classified as critical was found in visegripped Strack ...) + NOT-FOR-US: Stracker +CVE-2018-25075 (A vulnerability classified as critical has been found in karsany OBrid ...) + NOT-FOR-US: OBridge +CVE-2016-15019 (A vulnerability was found in tombh jekbox. It has been rated as proble ...) + NOT-FOR-US: jekbox +CVE-2016-15018 (A vulnerability was found in krail-jpa up to 0.9.1. It has been classi ...) + NOT-FOR-US: krail-jpa +CVE-2015-10052 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: gibb-modul-151 +CVE-2015-10051 (A vulnerability, which was classified as critical, has been found in b ...) + NOT-FOR-US: bony2023 Discussion-Board +CVE-2015-10050 (A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. ...) + NOT-FOR-US: miRNA_Database_by_PHP_MySql +CVE-2015-10049 (A vulnerability was found in Overdrive Eletr\xf4nica course-builder up ...) + NOT-FOR-US: Overdrive Eletronica course-builder +CVE-2015-10048 (A vulnerability was found in bmattoso desafio_buzz_woody. It has been ...) + NOT-FOR-US: desafio_buzz_woody +CVE-2015-10047 (A vulnerability was found in KYUUBl school-register. It has been class ...) + NOT-FOR-US: KYUUBl school-register +CVE-2015-10046 (A vulnerability has been found in lolfeedback and classified as critic ...) + NOT-FOR-US: lolfeedback +CVE-2015-10045 (A vulnerability, which was classified as critical, was found in tutran ...) + NOT-FOR-US: tutrantta project_todolist +CVE-2015-10044 (A vulnerability classified as critical was found in gophergala sqldump ...) + NOT-FOR-US: gophergala sqldump +CVE-2014-125079 (A vulnerability was found in agy pontifex.http. It has been declared a ...) + NOT-FOR-US: pontifex.http +CVE-2014-125078 (A vulnerability was found in yanheven console and classified as proble ...) + NOT-FOR-US: yanheven console +CVE-2014-125077 (A vulnerability, which was classified as critical, has been found in p ...) + NOT-FOR-US: pointhi searx_stats +CVE-2023-23590 (Mercedes-Benz XENTRY Retail Data Storage 7.8.1 allows remote attackers ...) + NOT-FOR-US: Mercedes-Benz +CVE-2023-0298 (Incorrect Authorization in GitHub repository firefly-iii/firefly-iii p ...) + NOT-FOR-US: firefly-iii +CVE-2023-0297 (Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev ...) + - pyload (bug #1001980) +CVE-2023-0296 (The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) ...) + NOT-FOR-US: OpenShift +CVE-2023-0295 (The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: Launchpad plugin for WordPress +CVE-2023-0294 (The Mediamatic \u2013 Media Library Folders plugin for WordPress is vu ...) + NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress +CVE-2023-0293 (The Mediamatic \u2013 Media Library Folders plugin for WordPress is vu ...) + NOT-FOR-US: Mediamatic Media Library Folders plugin for WordPress +CVE-2017-20169 (A vulnerability, which was classified as critical, has been found in G ...) + NOT-FOR-US: GGGGGGGG ToN-MasterServer +CVE-2015-10043 (A vulnerability, which was classified as critical, was found in abreen ...) + NOT-FOR-US: abreen Apollo +CVE-2015-10042 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: Dovgalyuk AIBattle +CVE-2015-10041 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical ...) + NOT-FOR-US: Dovgalyuk AIBattle +CVE-2015-10040 (A vulnerability was found in gitlearn. It has been declared as problem ...) + NOT-FOR-US: gitlearn +CVE-2023-23588 (A vulnerability has been identified in SIMATIC IPC1047 (All versions), ...) + NOT-FOR-US: Siemens +CVE-2023-23587 + RESERVED +CVE-2023-23586 (Due to a vulnerability in the io_uring subsystem, it is possible to le ...) + {DLA-3349-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 + NOTE: Unclear if this is just a duplicate of CVE-2023-0240. Track it + NOTE: as different for now. The only CVE record references available + NOTE: are identical, but with different description of the issue. +CVE-2023-0292 (The Quiz And Survey Master plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Quiz And Survey Master plugin for WordPress +CVE-2023-0291 (The Quiz And Survey Master for WordPress is vulnerable to authorizatio ...) + NOT-FOR-US: Quiz And Survey Master for WordPress +CVE-2023-0290 (Rapid7 Velociraptor did not properly sanitize the client ID parameter ...) + NOT-FOR-US: Rapid7 +CVE-2023-0289 (Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webc ...) + NOT-FOR-US: craigk5n/webcalendar +CVE-2023-0288 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/550a0852-9be0-4abe-906c-f803b34e41d3 + NOTE: https://github.com/vim/vim/commit/232bdaaca98c34a99ffadf27bf6ee08be6cc8f6a (v9.0.1189) + NOTE: Crash in CLI tool, no security impact +CVE-2023-0287 (A vulnerability was found in ityouknow favorites-web. It has been rate ...) + NOT-FOR-US: ityouknow favorites-web +CVE-2023-0286 (There is a type confusion vulnerability relating to X.400 address proc ...) + {DSA-5343-1 DLA-3325-1} + - openssl 3.0.8-1 + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2f7530077e0ef79d98718138716bc51ca0cad658 (openssl-3.0.8) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 (OpenSSL_1_1_1t) +CVE-2023-0285 (The Real Media Library WordPress plugin before 4.18.29 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0284 (Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows a ...) + - check-mk +CVE-2023-0283 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Flight Booking Management System +CVE-2023-0282 (The YourChannel WordPress plugin before 1.2.2 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0281 (A vulnerability was found in SourceCodester Online Flight Booking Mana ...) + NOT-FOR-US: SourceCodester Online Flight Booking Management System +CVE-2023-0280 (The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0279 (The Media Library Assistant WordPress plugin before 3.06 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0278 (The GeoDirectory WordPress plugin before 2.2.24 does not properly sani ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0277 (The WC Fields Factory WordPress plugin through 4.1.5 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0276 (The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0275 (The Easy Accept Payments for PayPal WordPress plugin before 4.9.10 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0274 (The URL Params WordPress plugin before 2.5 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0273 (The Custom Content Shortcode WordPress plugin through 4.0.2 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0272 (The NEX-Forms WordPress plugin before 8.3.3 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0271 (The WP Font Awesome WordPress plugin before 1.7.9 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0270 (The YaMaps for WordPress Plugin WordPress plugin before 0.6.26 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0269 + REJECTED +CVE-2023-0268 (The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0267 (The Ultimate Carousel For WPBakery Page Builder WordPress plugin throu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4888 (The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4312 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: Th3-822 Rapidleech +CVE-2009-10002 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: dpup fittr-flickr +CVE-2009-10001 (A vulnerability classified as problematic was found in jianlinwei cool ...) + NOT-FOR-US: jianlinwei cool-php-captcha +CVE-2023-23589 (The SafeSocks option in Tor before 0.4.7.13 has a logic error in which ...) + {DSA-5320-1 DLA-3286-1} + - tor 0.4.7.13-1 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.7/ReleaseNotes + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/commit/a282145b3634547ab84ccd959d0537c021ff7ffc +CVE-2023-23566 (A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker t ...) + NOT-FOR-US: Axigen +CVE-2023-23565 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) + NOT-FOR-US: Geomatika IsiGeo Web +CVE-2023-23564 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) + NOT-FOR-US: Geomatika IsiGeo Web +CVE-2023-23563 (An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote ...) + NOT-FOR-US: Geomatika IsiGeo Web +CVE-2023-23562 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2023-23561 (Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2023-23560 (In certain Lexmark products through 2023-01-12, SSRF can occur because ...) + NOT-FOR-US: Lexmark +CVE-2023-23559 (In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux k ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.11-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/ +CVE-2023-23558 (In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. ...) + - eternal-terminal (bug #861635) +CVE-2023-23557 (An error in Hermes' algorithm for copying objects properties prior to ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-23556 (An error in BigInt conversion to Number in Hermes prior to commit a6dc ...) + NOT-FOR-US: Facebook Hermes +CVE-2023-23555 (On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-23553 (Control By Web X-400 devices are vulnerable to a cross-site scripting ...) + NOT-FOR-US: Control By Web X-400 devices +CVE-2023-23552 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-23551 (Control By Web X-600M devices run Lua scripts and are vulnerable to co ...) + NOT-FOR-US: Control By Web X-600M devices +CVE-2023-23543 (The issue was addressed with additional restrictions on the observabil ...) + NOT-FOR-US: Apple +CVE-2023-23542 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-23541 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-23540 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23539 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-23538 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-23537 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-23536 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-23535 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23534 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-23533 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2023-23532 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-23531 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23530 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23529 (A type confusion issue was addressed with improved checks. This issue ...) + {DSA-5352-1 DSA-5351-1 DLA-3320-1} + - webkit2gtk 2.38.5-1 + - wpewebkit 2.38.5-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0002.html +CVE-2023-23528 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2023-23527 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-23526 (This was addressed with additional checks by Gatekeeper on files downl ...) + NOT-FOR-US: Apple +CVE-2023-23525 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2023-23524 (A denial-of-service issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2023-23523 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2023-23522 (A privacy issue was addressed with improved handling of temporary file ...) + NOT-FOR-US: Apple +CVE-2023-23521 + RESERVED +CVE-2023-23520 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23519 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2023-23518 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5341-1 DSA-5340-1 DLA-3308-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html +CVE-2023-23517 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5341-1 DSA-5340-1 DLA-3308-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html +CVE-2023-23516 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23515 + RESERVED +CVE-2023-23514 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2023-23513 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2023-23512 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2023-23511 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23510 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23509 + RESERVED +CVE-2023-23508 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23507 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2023-23506 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23505 (A privacy issue was addressed with improved private data redaction for ...) + NOT-FOR-US: Apple +CVE-2023-23504 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23503 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23502 (An information disclosure issue was addressed by removing the vulnerab ...) + NOT-FOR-US: Apple +CVE-2023-23501 (The issue was addressed with improved memory handling This issue is fi ...) + NOT-FOR-US: Apple +CVE-2023-23500 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23499 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2023-23498 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23497 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-23496 (The issue was addressed with improved checks. This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2023-23495 (A permissions issue was addressed with improved redaction of sensitive ...) + NOT-FOR-US: Apple +CVE-2023-23494 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2023-23493 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2023-22842 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22839 (On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22664 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22657 (On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginn ...) + NOT-FOR-US: F5 +CVE-2023-22422 (On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22418 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22374 (A format string vulnerability exists in iControl SOAP that allows an a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22358 (In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vu ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22341 (On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when th ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22340 (On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22326 (In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22323 (In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15. ...) + NOT-FOR-US: F5 +CVE-2023-22302 (In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22287 + REJECTED +CVE-2023-22284 + REJECTED +CVE-2023-22283 (On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vuln ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-22281 (On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2023-0266 (A use after free vulnerability exists in the ALSA PCM package in the L ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.7-1 + NOTE: https://git.kernel.org/linus/56b88b50565cd8b946a2d00b0c83927b7ebb055e +CVE-2023-0265 (Uvdesk version 1.1.1 allows an authenticated remote attacker to execut ...) + NOT-FOR-US: Uvdesk +CVE-2023-0264 (A flaw was found in Keycloaks OpenID Connect user authentication, whic ...) + NOT-FOR-US: Keycloak +CVE-2023-0263 (The WP Yelp Review Slider WordPress plugin before 7.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0262 (The WP Airbnb Review Slider WordPress plugin before 3.3 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0261 (The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0260 (The WP Review Slider WordPress plugin before 12.2 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0259 (The WP Google Review Slider WordPress plugin before 11.8 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0258 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester +CVE-2023-0257 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester +CVE-2023-0256 (A vulnerability was found in SourceCodester Online Food Ordering Syste ...) + NOT-FOR-US: SourceCodester +CVE-2022-48260 (There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. ...) + NOT-FOR-US: Huawei +CVE-2022-48259 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...) + NOT-FOR-US: Huawei +CVE-2022-48258 (In Eternal Terminal 6.2.1, etserver and etclient have world-readable l ...) + - eternal-terminal (bug #861635) +CVE-2022-48257 (In Eternal Terminal 6.2.1, etserver and etclient have predictable logf ...) + - eternal-terminal (bug #861635) +CVE-2022-48256 (Technitium DNS Server before 10.0 allows a self-CNAME denial-of-servic ...) + NOT-FOR-US: Technitium DNS Server +CVE-2021-46872 (An issue was discovered in Nim before 1.6.2. The RST module of the Nim ...) + - nim 1.6.2-1 + [bullseye] - nim (Minor issue) + [buster] - nim (Minor issue) + NOTE: https://github.com/nim-lang/Nim/pull/19134 + NOTE: https://github.com/nim-lang/Nim/commit/9338aa24977e84a33b9a7802eaff0777fcf4d9c3 +CVE-2023-23492 (The Login with Phone Number WordPress Plugin, version < 1.4.2, is affe ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23491 (The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23490 (The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23489 (The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0. ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23488 (The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affecte ...) + NOT-FOR-US: WordPress plugin +CVE-2023-23487 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2023-23486 + RESERVED +CVE-2023-23485 + RESERVED +CVE-2023-23484 + RESERVED +CVE-2023-23483 + RESERVED +CVE-2023-23482 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allo ...) + NOT-FOR-US: IBM +CVE-2023-23481 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) + NOT-FOR-US: IBM +CVE-2023-23480 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) + NOT-FOR-US: IBM +CVE-2023-23479 + RESERVED +CVE-2023-23478 + RESERVED +CVE-2023-23477 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...) + NOT-FOR-US: IBM +CVE-2023-23476 (IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnera ...) + NOT-FOR-US: IBM +CVE-2023-23475 (IBM Infosphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2023-23474 + RESERVED +CVE-2023-23473 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site req ...) + NOT-FOR-US: IBM +CVE-2023-23472 + RESERVED +CVE-2023-23471 + RESERVED +CVE-2023-23470 (IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged a ...) + NOT-FOR-US: IBM +CVE-2023-23469 (IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0. ...) + NOT-FOR-US: IBM +CVE-2023-23468 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) + NOT-FOR-US: IBM +CVE-2023-23467 (Media CP Media Control Panel latest version. Reflected XSS possible th ...) + NOT-FOR-US: Media CP Media Control Panel +CVE-2023-23466 (Media CP Media Control Panel latest version. Insufficiently protected ...) + NOT-FOR-US: Media CP Media Control Panel +CVE-2023-23465 (Media CP Media Control Panel latest version. CSRF possible through uns ...) + NOT-FOR-US: Media CP Media Control Panel +CVE-2023-23464 (Media CP Media Control Panel latest version. A Permissive Flash Cross- ...) + NOT-FOR-US: Media CP Media Control Panel +CVE-2023-23463 (Sunell DVR, latest version, Insufficiently Protected Credentials (CWE- ...) + NOT-FOR-US: Sunell DVR +CVE-2023-23462 (Libpeconv \u2013 integer overflow, before commit 75b1565 (30/11/2022).) + NOT-FOR-US: libpeconv +CVE-2023-23461 (Libpeconv \u2013 access violation, before commit b076013 (30/11/2022).) + NOT-FOR-US: libpeconv +CVE-2023-23460 (Priority Web version 19.1.0.68, parameter manipulation on an unspecifi ...) + NOT-FOR-US: Priority Web +CVE-2023-23459 (Priority Windows may allow Command Execution via SQL Injection using a ...) + NOT-FOR-US: Priority Windows +CVE-2023-23458 (Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information ...) + NOT-FOR-US: Sunell DVR +CVE-2023-23457 (A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dyn ...) + - upx-ucl (unimportant; bug #1031874) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160382 + NOTE: https://github.com/upx/upx/commit/779b648c5f6aa9b33f4728f79dd4d0efec0bf860 + NOTE: https://github.com/upx/upx/issues/631 +CVE-2023-23456 (A heap-based buffer overflow issue was discovered in UPX in PackTmt::p ...) + - upx-ucl (bug #1033258) + [bullseye] - upx-ucl (Minor issue) + [buster] - upx-ucl (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2160381 + NOTE: https://github.com/upx/upx/commit/510505a85cbe45e51fbd470f1aa8b02157c429d4 + NOTE: https://github.com/upx/upx/issues/632 +CVE-2023-0255 (The Enable Media Replace WordPress plugin before 4.0.2 does not preven ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0254 (The Simple Membership WP user Import plugin for WordPress is vulnerabl ...) + NOT-FOR-US: Simple Membership WP user Import plugin for WordPress +CVE-2023-0253 (The Real Media Library: Media Library Folder & File Manager plugin for ...) + NOT-FOR-US: Real Media Library: Media Library Folder & File Manager plugin for WordPress +CVE-2023-0252 (The Contextual Related Posts WordPress plugin before 3.3.1 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0251 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics +CVE-2023-0250 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics +CVE-2023-0249 (Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics +CVE-2023-0248 (An attacker with physical access to the Kantech Gen1 ioSmart card read ...) + NOT-FOR-US: Kantech +CVE-2023-0247 (Uncontrolled Search Path Element in GitHub repository bits-and-blooms/ ...) + NOT-FOR-US: bits-and-blooms/bloom +CVE-2023-0246 (A vulnerability, which was classified as problematic, was found in ear ...) + NOT-FOR-US: earclink ESPCMS +CVE-2023-0245 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Online Flight Booking Management System +CVE-2023-0244 (A vulnerability classified as critical was found in TuziCMS 2.0.6. Thi ...) + NOT-FOR-US: TuziCMS +CVE-2023-0243 (A vulnerability classified as critical has been found in TuziCMS 2.0.6 ...) + NOT-FOR-US: TuziCMS +CVE-2023-0242 (Rapid7 Velociraptor allows users to be created with different privileg ...) + NOT-FOR-US: Rapid7 +CVE-2023-0241 (pgAdmin 4 versions prior to v6.19 contains a directory traversal vulne ...) + - pgadmin4 (bug #834129) +CVE-2023-0240 (There is a logic error in io_uring's implementation which can be used ...) + {DLA-3349-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.162-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93 +CVE-2023-0239 + RESERVED +CVE-2023-0238 (Due to lack of a security policy, the WARP Mobile Client (<=6.29) for ...) + NOT-FOR-US: WARP Mobile Client +CVE-2023-0237 + REJECTED +CVE-2023-0236 (The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0235 + REJECTED +CVE-2023-0234 (The SiteGround Security WordPress plugin before 1.3.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0233 (The ActiveCampaign WordPress plugin before 8.1.12 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0232 (The ShopLentor WordPress plugin before 2.5.4 unserializes user input f ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0231 (The ShopLentor WordPress plugin before 2.5.4 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0230 (The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4887 + RESERVED +CVE-2013-10011 (A vulnerability was found in aeharding classroom-engagement-system and ...) + NOT-FOR-US: aeharding classroom-engagement-system +CVE-2012-10005 (A vulnerability has been found in manikandan170890 php-form-builder-cl ...) + NOT-FOR-US: manikandan170890 php-form-builder-class +CVE-2023-23455 (atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1. ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.7-1 + NOTE: https://git.kernel.org/linus/a2965c7be0522eaa18808684b7b82b248515511b +CVE-2023-23454 (cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.7-1 + NOTE: https://git.kernel.org/linus/caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12 +CVE-2023-23453 (Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmw ...) + NOT-FOR-US: SICK +CVE-2023-23452 (Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmw ...) + NOT-FOR-US: SICK +CVE-2023-23451 (The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNE ...) + NOT-FOR-US: SICK +CVE-2023-23450 (Use of Password Hash Instead of Password for Authentication in SICK FT ...) + NOT-FOR-US: SICK +CVE-2023-23449 (Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Part ...) + NOT-FOR-US: SICK +CVE-2023-23448 (Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLO ...) + NOT-FOR-US: SICK +CVE-2023-23447 (Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Pa ...) + NOT-FOR-US: SICK +CVE-2023-23446 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers ...) + NOT-FOR-US: SICK +CVE-2023-23445 (Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers ...) + NOT-FOR-US: SICK +CVE-2023-23444 (Missing Authentication for Critical Function in SICK Flexi Classic and ...) + NOT-FOR-US: SICK +CVE-2023-23443 + RESERVED +CVE-2023-23442 + RESERVED +CVE-2023-23441 + RESERVED +CVE-2023-23440 + RESERVED +CVE-2023-23439 + RESERVED +CVE-2023-23438 + RESERVED +CVE-2023-23437 + RESERVED +CVE-2023-23436 + RESERVED +CVE-2023-23435 + RESERVED +CVE-2023-23434 + RESERVED +CVE-2023-23433 + RESERVED +CVE-2023-23432 + RESERVED +CVE-2023-23431 + RESERVED +CVE-2023-23430 + RESERVED +CVE-2023-23429 + RESERVED +CVE-2023-23428 + RESERVED +CVE-2023-23427 + RESERVED +CVE-2023-23426 + RESERVED +CVE-2023-23425 + RESERVED +CVE-2023-23424 + RESERVED +CVE-2023-23423 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23422 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23421 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23420 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23419 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-23418 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-23417 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-23416 (Windows Cryptographic Services Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23415 (Internet Control Message Protocol (ICMP) Remote Code Execution Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-23414 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2023-23413 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-23412 (Windows Accounts Picture Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23411 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23410 (Windows HTTP.sys Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23409 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-23408 (Azure Apache AmbariSpoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23407 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2023-23406 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-23405 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23404 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-23403 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-23402 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23401 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23400 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23399 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23398 (Microsoft Excel Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23397 (Microsoft Outlook Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23396 (Microsoft Excel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23395 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23394 (Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-23393 (Windows BrokerInfrastructure Service Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-23392 (HTTP Protocol Stack Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23391 (Office for Android Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23390 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23389 (Microsoft Defender Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23388 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23387 + RESERVED +CVE-2023-23386 + RESERVED +CVE-2023-23385 (Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Pri ...) + NOT-FOR-US: Microsoft +CVE-2023-23384 (Microsoft SQL Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23383 (Service Fabric Explorer Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23382 (Azure Machine Learning Compute Instance Information Disclosure Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-23381 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23380 + RESERVED +CVE-2023-23379 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23378 (Print 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23377 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23376 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-23375 (Microsoft ODBC and OLE DB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23374 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-23373 (An OS command injection vulnerability has been reported to affect QUSB ...) + NOT-FOR-US: QNAP +CVE-2023-23372 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2023-23371 (A cleartext transmission of sensitive information vulnerability has be ...) + NOT-FOR-US: QNAP +CVE-2023-23370 (An insufficiently protected credentials vulnerability has been reporte ...) + NOT-FOR-US: QNAP +CVE-2023-23369 (An OS command injection vulnerability has been reported to affect seve ...) + NOT-FOR-US: QNAP +CVE-2023-23368 (An OS command injection vulnerability has been reported to affect seve ...) + NOT-FOR-US: QNAP +CVE-2023-23367 (An OS command injection vulnerability has been reported to affect seve ...) + NOT-FOR-US: QNAP +CVE-2023-23366 (A path traversal vulnerability has been reported to affect Music Stati ...) + NOT-FOR-US: QNAP +CVE-2023-23365 (A path traversal vulnerability has been reported to affect Music Stati ...) + NOT-FOR-US: QNAP +CVE-2023-23364 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-23363 (A buffer copy without checking size of input vulnerability has been re ...) + NOT-FOR-US: QNAP +CVE-2023-23362 (An OS command injection vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2023-23361 + RESERVED +CVE-2023-23360 + RESERVED +CVE-2023-23359 + RESERVED +CVE-2023-23358 + RESERVED +CVE-2023-23357 + RESERVED +CVE-2023-23356 + RESERVED +CVE-2023-23355 (An OS command injection vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2023-23354 + RESERVED +CVE-2023-23353 + RESERVED +CVE-2023-23352 + RESERVED +CVE-2023-23351 + RESERVED +CVE-2023-23350 + RESERVED +CVE-2023-23349 + RESERVED +CVE-2023-0229 (A flaw was found in github.com/openshift/apiserver-library-go, used in ...) + NOT-FOR-US: OpenShift +CVE-2023-0228 (Improper Authentication vulnerability in ABB Symphony Plus S+ Operatio ...) + NOT-FOR-US: ABB +CVE-2023-0227 (Insufficient Session Expiration in GitHub repository pyload/pyload pri ...) + - pyload (bug #1001980) +CVE-2023-0226 + RESERVED +CVE-2023-0225 (A flaw was found in Samba. An incomplete access check on dnsHostName a ...) + - samba 2:4.17.7+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2023-0225.html +CVE-2023-0224 + RESERVED +CVE-2023-0223 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4886 (Ingress-nginx `path` sanitization can be bypassed with `log_format` di ...) + NOT-FOR-US: Kubernetes ingress-nginx +CVE-2022-48255 (There is a system command injection vulnerability in BiSheng-WNM FW 3. ...) + NOT-FOR-US: Huawei +CVE-2022-48254 (There is a data processing error vulnerability in Leia-B29 2.0.0.49(M0 ...) + NOT-FOR-US: Huawei +CVE-2023-23348 (HCL Launch could disclose sensitive information if a manual edit of a ...) + NOT-FOR-US: HCL +CVE-2023-23347 (HCL DRYiCE iAutomate is affected by the use of a broken cryptographic ...) + NOT-FOR-US: HCL +CVE-2023-23346 (HCL DRYiCE MyCloud is affected by the use of a broken cryptographic al ...) + NOT-FOR-US: HCL +CVE-2023-23345 + RESERVED +CVE-2023-23344 (A permission issue in BigFix WebUI Insights site version 14 allows an ...) + NOT-FOR-US: BigFix +CVE-2023-23343 (A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server v ...) + NOT-FOR-US: BigFix +CVE-2023-23342 (If certain local files are manipulated in a certain manner, the valida ...) + NOT-FOR-US: HCL +CVE-2023-23341 + RESERVED +CVE-2023-23340 + RESERVED +CVE-2023-23339 + RESERVED +CVE-2023-23338 + RESERVED +CVE-2023-23337 + RESERVED +CVE-2023-23336 + RESERVED +CVE-2023-23335 + RESERVED +CVE-2023-23334 + RESERVED +CVE-2023-23333 (There is a command injection vulnerability in SolarView Compact throug ...) + NOT-FOR-US: SolarView +CVE-2023-23332 + RESERVED +CVE-2023-23331 (Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Amano Xoffice +CVE-2023-23330 (amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable ...) + NOT-FOR-US: amano Xparc parking solutions +CVE-2023-23329 + RESERVED +CVE-2023-23328 (A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated ...) + NOT-FOR-US: AvantFAX +CVE-2023-23327 (An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Back ...) + NOT-FOR-US: AvantFAX +CVE-2023-23326 (A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3 ...) + NOT-FOR-US: AvantFAX +CVE-2023-23325 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...) + NOT-FOR-US: Zumtobel Netlink CCD Onboard +CVE-2023-23324 (Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to co ...) + NOT-FOR-US: Zumtobel Netlink CCD Onboard +CVE-2023-23323 + RESERVED +CVE-2023-23322 + RESERVED +CVE-2023-23321 + RESERVED +CVE-2023-23320 + RESERVED +CVE-2023-23319 + RESERVED +CVE-2023-23318 + RESERVED +CVE-2023-23317 + RESERVED +CVE-2023-23316 + RESERVED +CVE-2023-23315 (The PrestaShop e-commerce platform module stripejs contains a Blind SQ ...) + NOT-FOR-US: PrestaShop +CVE-2023-23314 (An arbitrary file upload vulnerability in the /api/upload component of ...) + NOT-FOR-US: Zdir +CVE-2023-23313 (Certain Draytek products are vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Draytek +CVE-2023-23312 + RESERVED +CVE-2023-23311 + RESERVED +CVE-2023-23310 + RESERVED +CVE-2023-23309 + RESERVED +CVE-2023-23308 + RESERVED +CVE-2023-23307 + RESERVED +CVE-2023-23306 (The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 ...) + NOT-FOR-US: CIQ API +CVE-2023-23305 (The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is v ...) + NOT-FOR-US: GarminOS TVM component in CIQ API +CVE-2023-23304 (The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allo ...) + NOT-FOR-US: GarminOS TVM component in CIQ API +CVE-2023-23303 (The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API ...) + NOT-FOR-US: CIQ API +CVE-2023-23302 (The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API vers ...) + NOT-FOR-US: CIQ API +CVE-2023-23301 (The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1 ...) + NOT-FOR-US: CIQ API +CVE-2023-23300 (The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API vers ...) + NOT-FOR-US: CIQ API +CVE-2023-23299 (The permission system implemented and enforced by the GarminOS TVM com ...) + NOT-FOR-US: CIQ API +CVE-2023-23298 (The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API ...) + NOT-FOR-US: CIQ API +CVE-2023-23297 + RESERVED +CVE-2023-23296 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vu ...) + NOT-FOR-US: JetWave +CVE-2023-23295 (Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...) + NOT-FOR-US: JetWave +CVE-2023-23294 (Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vu ...) + NOT-FOR-US: JetWave +CVE-2023-23293 + RESERVED +CVE-2023-23292 + RESERVED +CVE-2023-23291 + RESERVED +CVE-2023-23290 + RESERVED +CVE-2023-23289 + RESERVED +CVE-2023-23288 + RESERVED +CVE-2023-23287 + RESERVED +CVE-2023-23286 (Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows ...) + NOT-FOR-US: Provide server +CVE-2023-23285 + RESERVED +CVE-2023-23284 + RESERVED +CVE-2023-23283 + RESERVED +CVE-2023-23282 + RESERVED +CVE-2023-23281 + RESERVED +CVE-2023-23280 + RESERVED +CVE-2023-23279 (Canteen Management System 1.0 is vulnerable to SQL Injection via /php_ ...) + NOT-FOR-US: Canteen Management System +CVE-2023-23278 + RESERVED +CVE-2023-23277 (Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote ...) + NOT-FOR-US: Snippet-box +CVE-2023-23276 + RESERVED +CVE-2023-23275 + RESERVED +CVE-2023-23274 + RESERVED +CVE-2023-23273 + RESERVED +CVE-2023-23272 + RESERVED +CVE-2023-23271 + RESERVED +CVE-2023-23270 + RESERVED +CVE-2023-23269 + RESERVED +CVE-2023-23268 + RESERVED +CVE-2023-23267 + RESERVED +CVE-2023-23266 + RESERVED +CVE-2023-23265 + RESERVED +CVE-2023-23264 + RESERVED +CVE-2023-23263 + RESERVED +CVE-2023-23262 + RESERVED +CVE-2023-23261 + RESERVED +CVE-2023-23260 + RESERVED +CVE-2023-23259 + RESERVED +CVE-2023-23258 + RESERVED +CVE-2023-23257 + RESERVED +CVE-2023-23256 + RESERVED +CVE-2023-23255 + RESERVED +CVE-2023-23254 + RESERVED +CVE-2023-23253 + RESERVED +CVE-2023-23252 + RESERVED +CVE-2023-23251 + RESERVED +CVE-2023-23250 + RESERVED +CVE-2023-23249 + RESERVED +CVE-2023-23248 + RESERVED +CVE-2023-23247 + RESERVED +CVE-2023-23246 + RESERVED +CVE-2023-23245 + RESERVED +CVE-2023-23244 + RESERVED +CVE-2023-23243 + RESERVED +CVE-2023-23242 + RESERVED +CVE-2023-23241 + RESERVED +CVE-2023-23240 + RESERVED +CVE-2023-23239 + RESERVED +CVE-2023-23238 + RESERVED +CVE-2023-23237 + RESERVED +CVE-2023-23236 + RESERVED +CVE-2023-23235 + RESERVED +CVE-2023-23234 + RESERVED +CVE-2023-23233 + RESERVED +CVE-2023-23232 + RESERVED +CVE-2023-23231 + RESERVED +CVE-2023-23230 + RESERVED +CVE-2023-23229 + RESERVED +CVE-2023-23228 + RESERVED +CVE-2023-23227 + RESERVED +CVE-2023-23226 + RESERVED +CVE-2023-23225 + RESERVED +CVE-2023-23224 + RESERVED +CVE-2023-23223 + RESERVED +CVE-2023-23222 + RESERVED +CVE-2023-23221 + RESERVED +CVE-2023-23220 + RESERVED +CVE-2023-23219 + RESERVED +CVE-2023-23218 + RESERVED +CVE-2023-23217 + RESERVED +CVE-2023-23216 + RESERVED +CVE-2023-23215 + RESERVED +CVE-2023-23214 + RESERVED +CVE-2023-23213 + RESERVED +CVE-2023-23212 + RESERVED +CVE-2023-23211 + RESERVED +CVE-2023-23210 + RESERVED +CVE-2023-23209 + RESERVED +CVE-2023-23208 (Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable ...) + NOT-FOR-US: Genesys Administrator Extension (GAX) +CVE-2023-23207 + RESERVED +CVE-2023-23206 + RESERVED +CVE-2023-23205 (An issue was discovered in lib60870 v2.3.2. There is a memory leak in ...) + NOT-FOR-US: lib60870 +CVE-2023-23204 + RESERVED +CVE-2023-23203 + RESERVED +CVE-2023-23202 + RESERVED +CVE-2023-23201 + RESERVED +CVE-2023-23200 + RESERVED +CVE-2023-23199 + RESERVED +CVE-2023-23198 + RESERVED +CVE-2023-23197 + RESERVED +CVE-2023-23196 + RESERVED +CVE-2023-23195 + RESERVED +CVE-2023-23194 + RESERVED +CVE-2023-23193 + RESERVED +CVE-2023-23192 (IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass ...) + NOT-FOR-US: IS Decisions UserLock MFA +CVE-2023-23191 + RESERVED +CVE-2023-23190 + RESERVED +CVE-2023-23189 + RESERVED +CVE-2023-23188 + RESERVED +CVE-2023-23187 + RESERVED +CVE-2023-23186 + RESERVED +CVE-2023-23185 + RESERVED +CVE-2023-23184 + RESERVED +CVE-2023-23183 + RESERVED +CVE-2023-23182 + RESERVED +CVE-2023-23181 + RESERVED +CVE-2023-23180 + RESERVED +CVE-2023-23179 + RESERVED +CVE-2023-23178 + RESERVED +CVE-2023-23177 + RESERVED +CVE-2023-23176 + RESERVED +CVE-2023-23175 + RESERVED +CVE-2023-23174 + RESERVED +CVE-2023-23173 + RESERVED +CVE-2023-23172 + RESERVED +CVE-2023-23171 + RESERVED +CVE-2023-23170 + RESERVED +CVE-2023-23169 (Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and serve ...) + NOT-FOR-US: Synapsoft pdfocus +CVE-2023-23168 + RESERVED +CVE-2023-23167 + RESERVED +CVE-2023-23166 + RESERVED +CVE-2023-23165 + RESERVED +CVE-2023-23164 + RESERVED +CVE-2023-23163 (Art Gallery Management System Project v1.0 was discovered to contain a ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23162 (Art Gallery Management System Project v1.0 was discovered to contain a ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23161 (A reflected cross-site scripting (XSS) vulnerability in Art Gallery Ma ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23160 + RESERVED +CVE-2023-23159 + RESERVED +CVE-2023-23158 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23157 (A stored cross-site scripting (XSS) vulnerability in Art Gallery Manag ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23156 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23155 (Art Gallery Management System Project in PHP 1.0 was discovered to con ...) + NOT-FOR-US: Art Gallery Management System Project +CVE-2023-23154 + RESERVED +CVE-2023-23153 + RESERVED +CVE-2023-23152 + RESERVED +CVE-2023-23151 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deleti ...) + NOT-FOR-US: bloofoxCMS +CVE-2023-23150 (SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to ...) + NOT-FOR-US: SA-WR915ND +CVE-2023-23149 (DEK-1705 <=Firmware:34.23.1 device was discovered to have a command ex ...) + NOT-FOR-US: DEK-1705 +CVE-2023-23148 + RESERVED +CVE-2023-23147 + RESERVED +CVE-2023-23146 + RESERVED +CVE-2023-23145 (GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a me ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/4ade98128cbc41d5115b97a41ca2e59529c8dd5f +CVE-2023-23144 (Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/3a2458a49b3e6399709d456d7b35e7a6f50cfb86 +CVE-2023-23143 (Buffer overflow vulnerability in function avc_parse_slice in file medi ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/commit/af6a5e7a96ee01a139cce6c9e4edfc069aad17a6 +CVE-2023-23142 + RESERVED +CVE-2023-23141 + RESERVED +CVE-2023-23140 + RESERVED +CVE-2023-23139 + RESERVED +CVE-2023-23138 + RESERVED +CVE-2023-23137 + RESERVED +CVE-2023-23136 (lmxcms v1.41 was discovered to contain an arbitrary file deletion vuln ...) + NOT-FOR-US: lmxcms +CVE-2023-23135 (An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attacker ...) + NOT-FOR-US: ftdms +CVE-2023-23134 + RESERVED +CVE-2023-23133 + RESERVED +CVE-2023-23132 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclos ...) + NOT-FOR-US: Selfwealth +CVE-2023-23131 (Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transpor ...) + NOT-FOR-US: Selfwealth +CVE-2023-23130 (Connectwise Automate 2022.11 is vulnerable to Cleartext authentication ...) + NOT-FOR-US: Connectwise +CVE-2023-23129 + RESERVED +CVE-2023-23128 (Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Reso ...) + NOT-FOR-US: Connectwise +CVE-2023-23127 (In Connectwise Control 22.8.10013.8329, the login page does not implem ...) + NOT-FOR-US: Connectwise +CVE-2023-23126 (Connectwise Automate 2022.11 is vulnerable to Clickjacking. The login ...) + NOT-FOR-US: Connectwise +CVE-2023-23125 + RESERVED +CVE-2023-23124 + RESERVED +CVE-2023-23123 + RESERVED +CVE-2023-23122 + RESERVED +CVE-2023-23121 + RESERVED +CVE-2023-23120 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...) + NOT-FOR-US: TRENDnet +CVE-2023-23119 (The use of the cyclic redundancy check (CRC) algorithm for integrity c ...) + NOT-FOR-US: TRENDnet +CVE-2023-23118 + RESERVED +CVE-2023-23117 + RESERVED +CVE-2023-23116 + RESERVED +CVE-2023-23115 + RESERVED +CVE-2023-23114 + RESERVED +CVE-2023-23113 + RESERVED +CVE-2023-23112 + RESERVED +CVE-2023-23111 + RESERVED +CVE-2023-23110 (An exploitable firmware modification vulnerability was discovered in c ...) + NOT-FOR-US: Netgear +CVE-2023-23109 (In crasm 1.8-3, invalid input validation, specific files passed to the ...) + - crasm (unimportant) + NOTE: https://github.com/colinbourassa/crasm/pull/7 + NOTE: Crash in CLI tool, no security impact +CVE-2023-23108 (In crasm 1.8-3, invalid input validation, specific files passed to the ...) + - crasm (unimportant) + NOTE: https://github.com/colinbourassa/crasm/pull/7 + NOTE: Crash in CLI tool, no security impact +CVE-2023-23107 + RESERVED +CVE-2023-23106 + RESERVED +CVE-2023-23105 + RESERVED +CVE-2023-23104 + RESERVED +CVE-2023-23103 + RESERVED +CVE-2023-23102 + RESERVED +CVE-2023-23101 + RESERVED +CVE-2023-23100 + RESERVED +CVE-2023-23099 + RESERVED +CVE-2023-23098 + RESERVED +CVE-2023-23097 + RESERVED +CVE-2023-23096 + RESERVED +CVE-2023-23095 + RESERVED +CVE-2023-23094 + RESERVED +CVE-2023-23093 + RESERVED +CVE-2023-23092 + RESERVED +CVE-2023-23091 + RESERVED +CVE-2023-23090 + RESERVED +CVE-2023-23089 + RESERVED +CVE-2023-0222 + RESERVED +CVE-2023-0221 (Product security bypass vulnerability in ACC prior to version 8.3.4 al ...) + NOT-FOR-US: Trellix +CVE-2023-0220 (The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0219 (The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0218 + RESERVED +CVE-2023-0217 (An invalid pointer dereference on read can be triggered when an applic ...) + - openssl 3.0.8-1 + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=23985bac83fd50c8e29431009302b5442f985096 (openssl-3.0.8) +CVE-2023-0216 (An invalid pointer dereference on read can be triggered when an applic ...) + - openssl 3.0.8-1 + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6 (openssl-3.0.8) +CVE-2023-0215 (The public API function BIO_new_NDEF is a helper function used for str ...) + {DSA-5343-1 DLA-3325-1} + - openssl 3.0.8-1 + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c3829dd8825c654652201e16f8a0a0c46ee3f344 (OpenSSL_1_1_1t) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f040f2577891d2bdb7610566c172233844cf673a (OpenSSL_1_1_1t) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd (openssl-3.0.8) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f596ec8a6f9f5fcfa8e46a73b60f78a609725294 (openssl-3.0.8) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/03/1 +CVE-2023-0214 (A cross-site scripting vulnerability in Skyhigh SWG in main releases 1 ...) + NOT-FOR-US: Skyhigh SWG +CVE-2023-0213 (Elevation of privilege issue in M-Files Installer versions before 22.6 ...) + NOT-FOR-US: M-Files +CVE-2023-0212 (The Advanced Recent Posts WordPress plugin through 0.6.14 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0211 + RESERVED +CVE-2022-4885 (A vulnerability has been found in sviehb jefferson up to 0.3 and class ...) + NOT-FOR-US: sviehb jefferson +CVE-2020-36650 (A vulnerability, which was classified as critical, was found in Ionica ...) + NOT-FOR-US: gry nodejs module +CVE-2020-36649 (A vulnerability was found in mholt PapaParse up to 5.1.x. It has been ...) + - mediawiki 1:1.39.4-1 (unimportant) + [bookworm] - mediawiki 1:1.39.4-1~deb12u1 + [bullseye] - mediawiki 1:1.35.11-1~deb11u1 + [buster] - mediawiki (Vulnerable code not present) + NOTE: MediaWiki embeds a copy, but negligible security impact + NOTE: https://phabricator.wikimedia.org/T326946 + NOTE: https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621 (5.2.0) + NOTE: Fixed in MediaWiki 1.35.10 / 1.38.6 / 1.39.3 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/ +CVE-2018-25074 (A vulnerability was found in Prestaul skeemas and classified as proble ...) + NOT-FOR-US: Prestaul skeemas +CVE-2018-25073 (A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1. ...) + NOT-FOR-US: Newcomer1989 TSN-Ranksystem +CVE-2017-20168 (A vulnerability was found in jfm-so piWallet. It has been rated as cri ...) + NOT-FOR-US: jfm-so piWallet +CVE-2015-10039 (A vulnerability was found in dobos domino. It has been rated as critic ...) + NOT-FOR-US: dobos domino +CVE-2015-10038 (A vulnerability was found in nym3r0s pplv2. It has been declared as cr ...) + NOT-FOR-US: nym3r0s pplv2 +CVE-2014-125076 (A vulnerability was found in NoxxieNl Criminals. It has been classifie ...) + NOT-FOR-US: NoxxieNl Criminals +CVE-2014-125075 (A vulnerability was found in gmail-servlet and classified as critical. ...) + NOT-FOR-US: gmail-servlet +CVE-2014-125074 (A vulnerability was found in Nayshlok Voyager. It has been declared as ...) + NOT-FOR-US: Nayshlok Voyager +CVE-2013-10010 (A vulnerability classified as problematic has been found in zerochplus ...) + NOT-FOR-US: zerochplus +CVE-2023-23088 (Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1 ...) + NOT-FOR-US: Barenboim json-parser +CVE-2023-23087 (An issue was found in MojoJson v1.2.3 allows attackers to execute arbi ...) + NOT-FOR-US: MojoJson +CVE-2023-23086 (Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to ...) + NOT-FOR-US: MojoJson +CVE-2023-23085 + RESERVED +CVE-2023-23084 + RESERVED +CVE-2023-23083 + RESERVED +CVE-2023-23082 (A heap buffer overflow vulnerability in Kodi Home Theater Software up ...) + - kodi 2:20.0+dfsg-2 (bug #1031048) + [bullseye] - kodi (Minor issue) + [buster] - kodi (Minor issue) + NOTE: https://github.com/xbmc/xbmc/issues/22377 + NOTE: https://github.com/xbmc/xbmc/commit/00fec1dbdd1df827872c7b55ad93059636dfc076 + NOTE: https://github.com/xbmc/xbmc/commit/7e5f9fbf9aaa3540aab35e7504036855b23dcf60 + NOTE: https://github.com/xbmc/xbmc/pull/22380 +CVE-2023-23081 + RESERVED +CVE-2023-23080 (Certain Tenda products are vulnerable to command injection. This affec ...) + NOT-FOR-US: Tenda +CVE-2023-23079 + RESERVED +CVE-2023-23078 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) + NOT-FOR-US: Zoho +CVE-2023-23077 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) + NOT-FOR-US: Zoho +CVE-2023-23076 (OS Command injection vulnerability in Support Center Plus 11 via Execu ...) + NOT-FOR-US: Zoho +CVE-2023-23075 (Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 vi ...) + NOT-FOR-US: Zoho +CVE-2023-23074 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) + NOT-FOR-US: Zoho +CVE-2023-23073 (Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceD ...) + NOT-FOR-US: Zoho +CVE-2023-23072 + RESERVED +CVE-2023-23071 + RESERVED +CVE-2023-23070 + RESERVED +CVE-2023-23069 + RESERVED +CVE-2023-23068 + RESERVED +CVE-2023-23067 + RESERVED +CVE-2023-23066 + RESERVED +CVE-2023-23065 + RESERVED +CVE-2023-23064 (TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Acce ...) + NOT-FOR-US: TOTOLINK +CVE-2023-23063 (Cellinx NVT v1.0.6.002b is vulnerable to local file disclosure.) + NOT-FOR-US: Cellinx NVT +CVE-2023-23062 + RESERVED +CVE-2023-23061 + RESERVED +CVE-2023-23060 + RESERVED +CVE-2023-23059 (An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 ...) + NOT-FOR-US: GeoVision GV-Edge Recording Manager +CVE-2023-23058 + RESERVED +CVE-2023-23057 + RESERVED +CVE-2023-23056 + RESERVED +CVE-2023-23055 + RESERVED +CVE-2023-23054 + RESERVED +CVE-2023-23053 + RESERVED +CVE-2023-23052 + RESERVED +CVE-2023-23051 + RESERVED +CVE-2023-23050 + RESERVED +CVE-2023-23049 + RESERVED +CVE-2023-23048 + RESERVED +CVE-2023-23047 + RESERVED +CVE-2023-23046 + RESERVED +CVE-2023-23045 + RESERVED +CVE-2023-23044 + RESERVED +CVE-2023-23043 + RESERVED +CVE-2023-23042 + RESERVED +CVE-2023-23041 + RESERVED +CVE-2023-23040 (TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 ...) + NOT-FOR-US: TP-Link +CVE-2023-23039 (An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/lkml/20230102010528.2868403-1-yoochan1026@gmail.com/ + NOTE: CONFIG_VCC depends on CONFIG_SUN_LDOMS, which is SPARC64 only +CVE-2023-23038 + RESERVED +CVE-2023-23037 + RESERVED +CVE-2023-23036 + RESERVED +CVE-2023-23035 + RESERVED +CVE-2023-23034 + RESERVED +CVE-2023-23033 + RESERVED +CVE-2023-23032 + RESERVED +CVE-2023-23031 + RESERVED +CVE-2023-23030 + RESERVED +CVE-2023-23029 + RESERVED +CVE-2023-23028 + RESERVED +CVE-2023-23027 + RESERVED +CVE-2023-23026 (Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 s ...) + NOT-FOR-US: Sourcecodester +CVE-2023-23025 + RESERVED +CVE-2023-23024 (Book Store Management System v1.0 was discovered to contain a cross-si ...) + NOT-FOR-US: Book Store Management System +CVE-2023-23023 + RESERVED +CVE-2023-23022 + RESERVED +CVE-2023-23021 + RESERVED +CVE-2023-23020 + RESERVED +CVE-2023-23019 + RESERVED +CVE-2023-23018 + RESERVED +CVE-2023-23017 + RESERVED +CVE-2023-23016 + RESERVED +CVE-2023-23015 (Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username ...) + NOT-FOR-US: Kalkun +CVE-2023-23014 (Cross Site Scripting (XSS) vulnerability in InventorySystem thru commi ...) + NOT-FOR-US: InventorySystem +CVE-2023-23013 + RESERVED +CVE-2023-23012 (Cross Site Scripting (XSS) vulnerability in craigrodway classroombooki ...) + NOT-FOR-US: craigrodway classroombookings +CVE-2023-23011 (Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filte ...) + NOT-FOR-US: InvoicePlane +CVE-2023-23010 (Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Boot ...) + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap +CVE-2023-23009 (Libreswan 4.9 allows remote attackers to cause a denial of service (as ...) + {DSA-5368-1} + - libreswan 4.9-2 (bug #1031821) + [buster] - libreswan (3.x not vulnerable) + NOTE: https://github.com/libreswan/libreswan/issues/954 + NOTE: https://libreswan.org/security/CVE-2023-23009/CVE-2023-23009.txt +CVE-2023-23008 + RESERVED +CVE-2023-23007 (An issue was discovered in ESPCMS P8.21120101 after logging in to the ...) + NOT-FOR-US: ESPCMS +CVE-2023-23006 (In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5 ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux (Vulnerble code not present) + NOTE: https://git.kernel.org/linus/6b8b42585886c59a008015083282aae434349094 (5.16-rc8) +CVE-2023-23005 (In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the al ...) + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerble code not present) + NOTE: https://git.kernel.org/linus/4a625ceee8a0ab0273534cb6b432ce6b331db5ee (6.2-rc1) +CVE-2023-23004 (In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c m ...) + {DLA-3404-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/15342f930ebebcfe36f2415049736a77d7d2e045 (5.19-rc1) +CVE-2023-23003 (In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check ...) + - linux 5.16.7-1 (unimportant) + NOTE: https://git.kernel.org/linus/0a515a06c5ebfa46fee3ac519e418f801e718da4 (5.16-rc6) + NOTE: Negligible security impact +CVE-2023-23002 (In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinte ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6845667146a28c09b5dfc401c1ad112374087944 (5.17-rc1) +CVE-2023-23001 (In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c mis ...) + - linux 5.16.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3ba880a12df5aa4488c18281701b5b1bc3d4531a +CVE-2023-23000 (In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles t ...) + - linux 5.17.3-1 (unimportant) + NOTE: https://git.kernel.org/linus/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f + NOTE: Negligible security impact +CVE-2023-22999 (In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misint ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b52fe2dbb3e655eb1483000adfab68a219549e13 +CVE-2023-22998 (In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_objec ...) + {DLA-3404-1} + - linux 6.0.3-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/c24968734abfed81c8f93dc5f44a7b7a9aecadfa (6.0-rc1) + NOTE: https://git.kernel.org/linus/64b88afbd92fbf434759d1896a7cf705e1c00e79 (6.0-rc1) +CVE-2023-22997 (In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterp ...) + - linux 6.1.4-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/45af1d7aae7d5520d2858f8517a1342646f015db +CVE-2023-22996 (In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does n ...) + - linux 5.17.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4b41a9d0fe3db5f91078a380f62f0572c3ecf2dd +CVE-2023-22995 (In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_regis ...) + - linux 5.17.3-1 (unimportant) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fa0ef93868a6062babe1144df2807a8b1d4924d2 + NOTE: This is a one-time resource leak in device probe, not a security issue +CVE-2023-22994 + RESERVED +CVE-2023-22993 + RESERVED +CVE-2023-22992 + RESERVED +CVE-2023-22991 + RESERVED +CVE-2023-22990 + RESERVED +CVE-2023-22989 + RESERVED +CVE-2023-22988 + RESERVED +CVE-2023-22987 + RESERVED +CVE-2023-22986 + RESERVED +CVE-2023-22985 (Sourcecodester Simple Guestbook Management System version 1 is vulnera ...) + NOT-FOR-US: Sourcecodester Simple Guestbook Management System +CVE-2023-22984 (A Vulnerability was discovered in Axis 207W network camera. There is a ...) + NOT-FOR-US: Axis 207W network camera +CVE-2023-22983 + RESERVED +CVE-2023-22982 + RESERVED +CVE-2023-22981 + RESERVED +CVE-2023-22980 + RESERVED +CVE-2023-22979 + RESERVED +CVE-2023-22978 + RESERVED +CVE-2023-22977 + RESERVED +CVE-2023-22976 + RESERVED +CVE-2023-22975 (jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: jfinal_cms +CVE-2023-22974 (A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthe ...) + NOT-FOR-US: OpenEMR +CVE-2023-22973 (A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new. ...) + NOT-FOR-US: OpenEMR +CVE-2023-22972 (A Reflected Cross-site scripting (XSS) vulnerability in interface/form ...) + NOT-FOR-US: OpenEMR +CVE-2023-22971 (Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Rou ...) + NOT-FOR-US: Hughes +CVE-2023-22970 (Bottles before 51.0 mishandles YAML load, which allows remote code exe ...) + NOT-FOR-US: Bottles +CVE-2023-22969 + RESERVED +CVE-2023-22968 + RESERVED +CVE-2023-22967 + RESERVED +CVE-2023-22966 + RESERVED +CVE-2023-22965 + RESERVED +CVE-2023-22964 (Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13 ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2023-22963 (The personnummer implementation before 3.0.3 for Dart mishandles numbe ...) + NOT-FOR-US: Dart language (different from src:dart) +CVE-2023-22962 + RESERVED +CVE-2023-22961 + RESERVED +CVE-2023-22960 (Lexmark products through 2023-01-10 have Improper Control of Interacti ...) + NOT-FOR-US: Lexmark +CVE-2023-22959 (WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.ph ...) + NOT-FOR-US: WebChess +CVE-2023-22958 (The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoo ...) + NOT-FOR-US: Syracom Secure Login plugin +CVE-2023-22957 (An issue was discovered in libac_des3.so on AudioCodes VoIP desk phone ...) + NOT-FOR-US: AudioCodes VoIP desk phones +CVE-2023-22956 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...) + NOT-FOR-US: AudioCodes VoIP desk phones +CVE-2023-22955 (An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1 ...) + NOT-FOR-US: AudioCodes VoIP desk phones +CVE-2023-22954 + RESERVED +CVE-2023-22953 (In ExpressionEngine before 7.2.6, remote code execution can be achieve ...) + NOT-FOR-US: ExpressionEngine +CVE-2023-22952 (In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject cu ...) + NOT-FOR-US: SugarCRM +CVE-2023-22951 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It ...) + NOT-FOR-US: TigerGraph Enterprise Free Edition +CVE-2023-22950 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Dat ...) + NOT-FOR-US: TigerGraph Enterprise Free Edition +CVE-2023-22949 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) + NOT-FOR-US: TigerGraph Enterprise Free Edition +CVE-2023-22948 (An issue was discovered in TigerGraph Enterprise Free Edition 3.x. The ...) + NOT-FOR-US: TigerGraph Enterprise Free Edition +CVE-2023-22947 (Insecure folder permissions in the Windows installation path of Shibbo ...) + - shibboleth-sp (Windows-specific) +CVE-2023-22946 (In Apache Spark versions prior to 3.4.0, applications using spark-subm ...) + - apache-spark (bug #802194) +CVE-2023-22945 (In the GrowthExperiments extension for MediaWiki through 1.39, the gro ...) + NOT-FOR-US: GrowthExperiments extension for MediaWiki +CVE-2023-22944 + RESERVED +CVE-2023-22943 (In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk Clo ...) + NOT-FOR-US: Splunk +CVE-2023-22942 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross ...) + NOT-FOR-US: Splunk +CVE-2023-22941 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an impr ...) + NOT-FOR-US: Splunk +CVE-2023-22940 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases ...) + NOT-FOR-US: Splunk +CVE-2023-22939 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) + NOT-FOR-US: Splunk +CVE-2023-22938 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) + NOT-FOR-US: Splunk +CVE-2023-22937 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the loo ...) + NOT-FOR-US: Splunk +CVE-2023-22936 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) + NOT-FOR-US: Splunk +CVE-2023-22935 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) + NOT-FOR-US: Splunk +CVE-2023-22934 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the \u2 ...) + NOT-FOR-US: Splunk +CVE-2023-22933 (In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View ...) + NOT-FOR-US: Splunk +CVE-2023-22932 (In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cros ...) + NOT-FOR-US: Splunk +CVE-2023-22931 (In Splunk Enterprise versions below 8.1.13 and 8.2.10, the \u2018creat ...) + NOT-FOR-US: Splunk +CVE-2023-22930 + RESERVED +CVE-2023-22929 + RESERVED +CVE-2023-22928 + RESERVED +CVE-2023-22927 + RESERVED +CVE-2023-22926 + RESERVED +CVE-2023-22925 + RESERVED +CVE-2023-22656 + RESERVED +CVE-2023-22433 + RESERVED +CVE-2023-22426 + RESERVED +CVE-2023-22423 + RESERVED +CVE-2023-22420 + RESERVED +CVE-2023-22364 + RESERVED +CVE-2023-22352 + RESERVED +CVE-2023-22343 + RESERVED +CVE-2023-22328 + RESERVED +CVE-2023-22289 + RESERVED +CVE-2023-0209 (NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, ...) + NOT-FOR-US: NVIDIA DGX-1 SBIOS +CVE-2023-0208 (NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server c ...) + NOT-FOR-US: NVIDIA DCGM for Linux +CVE-2023-0207 (NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modi ...) + NOT-FOR-US: NVIDIA DGX-2 SBIOS +CVE-2023-0206 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...) + NOT-FOR-US: NVIDIA DGX A100 SBIOS +CVE-2023-0205 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2023-0204 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2023-0203 (NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerabilit ...) + NOT-FOR-US: NVIDIA +CVE-2023-0202 (NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may m ...) + NOT-FOR-US: NVIDIA +CVE-2023-0201 (NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with ...) + NOT-FOR-US: NVIDIA +CVE-2023-0200 (NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high p ...) + NOT-FOR-US: NVIDIA +CVE-2023-0199 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0198 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0197 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2023-0196 (NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local use ...) + [experimental] - nvidia-cuda-toolkit 12.1.0-1 + - nvidia-cuda-toolkit (unimportant; bug #1032668) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446 + NOTE: Crash in CLI tool, no security impact +CVE-2023-0195 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0194 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0193 (NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a ...) + [experimental] - nvidia-cuda-toolkit 12.1.0-1 + - nvidia-cuda-toolkit (unimportant; bug #1032668) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5446 + NOTE: Crash in CLI tool, no security impact +CVE-2023-0192 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2023-0191 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0190 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0189 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0188 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0187 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2023-0185 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0183 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers (non-free not supported) + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2023-0181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0180 (NVIDIA GPU Display Driver for Linux contains a vulnerability in a kern ...) + - nvidia-open-gpu-kernel-modules 525.105.17-1 (bug #1033783) + - nvidia-graphics-drivers-tesla 525.105.17-1 (bug #1033782) + - nvidia-graphics-drivers-tesla-470 470.182.03-1 (bug #1033780) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.182.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1033779) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-450 450.236.01-1 (bug #1033778) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.236.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-418 (bug #1033777) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-legacy-390xx (bug #1033776) + [bullseye] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + [buster] - nvidia-graphics-drivers-legacy-390xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1033775) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers 525.105.17-1 (bug #1033774) + [bullseye] - nvidia-graphics-drivers 470.182.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5452 +CVE-2023-0179 (A buffer overflow vulnerability was found in the Netfilter subsystem i ...) + {DSA-5324-1 DLA-3349-1} + - linux 6.1.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/13/2 + NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230111212251.193032-4-pablo@netfilter.org/ +CVE-2023-0178 (The Annual Archive WordPress plugin before 1.6.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0177 (The Social Like Box and Page by WpDevArt WordPress plugin before 0.8.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0176 (The Giveaways and Contests by RafflePress WordPress plugin before 1.11 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0175 (The Responsive Clients Logo Gallery Plugin for WordPress plugin throug ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0174 (The WP VR WordPress plugin before 8.2.7 does not validate and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0173 (The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0172 (The Juicer WordPress plugin before 1.11 does not validate and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0171 (The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0170 (The Html5 Audio Player WordPress plugin before 2.1.12 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0169 (The Zoho Forms WordPress plugin before 3.0.1 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0168 (The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0167 (The GetResponse for WordPress plugin through 5.5.31 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0166 (The Product Slider for WooCommerce by PickPlugins WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0165 (The Cost Calculator WordPress plugin through 1.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0164 (OrangeScrum version 2.0.11 allows an authenticated external attacker t ...) + NOT-FOR-US: OrangeScrum +CVE-2022-48253 (nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that m ...) + NOT-FOR-US: Nostromo webserver +CVE-2022-48252 (The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote ...) + NOT-FOR-US: jokob-sk/Pi.Alert +CVE-2015-10037 (A vulnerability, which was classified as critical, was found in ACI_Es ...) + NOT-FOR-US: ACI_Escola +CVE-2015-10036 (A vulnerability was found in kylebebak dronfelipe. It has been declare ...) + NOT-FOR-US: kylebebak dronfelipe +CVE-2012-10004 (A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It ...) + NOT-FOR-US: backdrop-contrib Basic Cart +CVE-2023-22924 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...) + NOT-FOR-US: Zyxel +CVE-2023-22923 (A format string vulnerability in a binary of the Zyxel NBG-418N v2 fir ...) + NOT-FOR-US: Zyxel +CVE-2023-22922 (A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware vers ...) + NOT-FOR-US: Zyxel +CVE-2023-22921 (A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 fi ...) + NOT-FOR-US: Zyxel +CVE-2023-22920 (A security misconfiguration vulnerability exists in the Zyxel LTE3316- ...) + NOT-FOR-US: Zyxel +CVE-2023-22919 (The post-authentication command injection vulnerability in the Zyxel N ...) + NOT-FOR-US: Zyxel +CVE-2023-22918 (A post-authentication information exposure vulnerability in the CGI pr ...) + NOT-FOR-US: Zyxel +CVE-2023-22917 (A buffer overflow vulnerability in the \u201csdwan_iface_ipc\u201d bin ...) + NOT-FOR-US: Zyxel +CVE-2023-22916 (The configuration parser of Zyxel ATP series firmware versions 5.10 th ...) + NOT-FOR-US: Zyxel +CVE-2023-22915 (A buffer overflow vulnerability in the \u201cfbwifi_forward.cgi\u201d ...) + NOT-FOR-US: Zyxel +CVE-2023-22914 (A path traversal vulnerability in the \u201caccount_print.cgi\u201d CG ...) + NOT-FOR-US: Zyxel +CVE-2023-22913 (A post-authentication command injection vulnerability in the \u201cacc ...) + NOT-FOR-US: Zyxel +CVE-2023-22912 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2023-22911 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + NOT-FOR-US: MediaWiki extension Widgets +CVE-2023-22910 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + NOT-FOR-US: MediaWiki extension WikiBase +CVE-2023-22909 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + NOT-FOR-US: MediaWiki extension MobileFrontend +CVE-2023-22908 + RESERVED +CVE-2023-0210 (A bug affects the Linux kernel\u2019s ksmbd NTLMv2 authentication and ...) + - linux 6.1.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/797805d81baa814f76cf7bdab35f86408a79d707 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/04/1 +CVE-2023-0163 + RESERVED +CVE-2023-0162 (The CPO Companion plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: CPO Companion plugin for WordPress +CVE-2023-0161 + REJECTED +CVE-2023-0160 (A deadlock flaw was found in the Linux kernel\u2019s BPF subsystem. Th ...) + - linux + NOTE: https://lore.kernel.org/all/CABcoxUayum5oOqFMMqAeWuS8+EzojquSOSyDA3J_2omY=2EeAg@mail.gmail.com/ +CVE-2023-0159 (The Extensive VC Addons for WPBakery page builder WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0158 (NLnet Labs Krill supports direct access to the RRDP repository content ...) + NOT-FOR-US: NLnet Labs Krill +CVE-2023-0157 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0156 (The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0155 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0154 (The GamiPress WordPress plugin before 1.0.9 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0153 (The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0152 (The WP Multi Store Locator WordPress plugin through 2.4 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0151 (The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0150 (The Cloak Front End Email WordPress plugin before 1.9.2 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0149 (The WordPrezi WordPress plugin before 0.9 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0148 (The Gallery Factory Lite WordPress plugin through 2.0.0 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0147 (The Flexible Captcha WordPress plugin through 4.1 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0146 (The Naver Map WordPress plugin through 1.1.0 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0145 (The Saan World Clock WordPress plugin through 1.8 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20167 (A vulnerability, which was classified as problematic, was found in Min ...) + NOT-FOR-US: Minichan +CVE-2016-15017 (A vulnerability has been found in fabarea media_upload on TYPO3 and cl ...) + NOT-FOR-US: fabarea media_upload +CVE-2014-125073 (A vulnerability was found in mapoor voteapp. It has been rated as crit ...) + NOT-FOR-US: mapoor voteapp +CVE-2023-22907 + RESERVED +CVE-2023-22906 (Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with roo ...) + NOT-FOR-US: Hero Qubo +CVE-2023-22905 + RESERVED +CVE-2023-22904 + RESERVED +CVE-2023-22903 (api/views/user.py in LibrePhotos before e19e539 has incorrect access c ...) + NOT-FOR-US: LibrePhotos +CVE-2023-22902 (Openfind Mail2000 file uploading function has insufficient filtering f ...) + NOT-FOR-US: Openfind Mail2000 +CVE-2023-22901 (ChangingTec MOTP system has a path traversal vulnerability. A remote a ...) + NOT-FOR-US: ChangingTec MOTP +CVE-2023-22900 (Efence login function has insufficient validation for user input. An u ...) + NOT-FOR-US: Efence +CVE-2023-22899 (Zip4j through 2.11.2, as used in Threema and other products, does not ...) + - zip4j 2.11.2-3 (bug #1029038) + [bullseye] - zip4j (Minor issue) + NOTE: https://github.com/srikanth-lingala/zip4j/issues/485 + NOTE: https://github.com/srikanth-lingala/zip4j/commit/597b31afb473a40e8252de5b5def1876bab198d3 +CVE-2023-22898 (workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 a ...) + NOT-FOR-US: Pandora +CVE-2023-22897 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...) + NOT-FOR-US: SecurePoint UTM +CVE-2023-22896 + RESERVED +CVE-2023-22895 (The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denia ...) + - rust-bzip2 0.4.4-1 (bug #1029158) + [bullseye] - rust-bzip2 (Minor issue) + [buster] - rust-bzip2 (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0004.html + NOTE: https://github.com/alexcrichton/bzip2-rs/pull/86 + NOTE: https://github.com/alexcrichton/bzip2-rs/commit/90c9c182cd5a5ebc75810aebd89b347a7bdf590b (0.4.4) +CVE-2023-22894 (Strapi through 4.5.5 allows attackers (with access to the admin panel) ...) + NOT-FOR-US: Strapi +CVE-2023-22893 (Strapi through 4.5.5 does not verify the access or ID tokens issued du ...) + NOT-FOR-US: Strapi +CVE-2023-22892 (There exists an information disclosure vulnerability in SmartBear Zeph ...) + NOT-FOR-US: SmartBear Zephyr Enterprise +CVE-2023-22891 (There exists a privilege escalation vulnerability in SmartBear Zephyr ...) + NOT-FOR-US: SmartBear Zephyr Enterprise +CVE-2023-22890 (SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated user ...) + NOT-FOR-US: SmartBear Zephyr Enterprise +CVE-2023-22889 (SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined inp ...) + NOT-FOR-US: SmartBear Zephyr Enterprise +CVE-2023-22888 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2023-22887 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2023-22886 (Improper Input Validation vulnerability in Apache Software Foundation ...) + NOT-FOR-US: Apache Airflow JDBC Provider +CVE-2023-22885 + REJECTED +CVE-2023-22884 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + - airflow (bug #819700) +CVE-2023-0144 (The Event Manager and Tickets Selling Plugin for WooCommerce WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0143 (The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0142 (Uncontrolled search path element vulnerability in Backup Management Fu ...) + NOT-FOR-US: Synology +CVE-2023-0141 (Insufficient policy enforcement in CORS in Google Chrome prior to 109. ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0140 (Inappropriate implementation in in File System API in Google Chrome on ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0139 (Insufficient validation of untrusted input in Downloads in Google Chro ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0138 (Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0 ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0137 (Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS pr ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0136 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0135 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0134 (Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0133 (Inappropriate implementation in in Permission prompts in Google Chrome ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0132 (Inappropriate implementation in in Permission prompts in Google Chrome ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0131 (Inappropriate implementation in in iframe Sandbox in Google Chrome pri ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0130 (Inappropriate implementation in in Fullscreen API in Google Chrome on ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0129 (Heap buffer overflow in Network Service in Google Chrome prior to 109. ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0128 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...) + {DSA-5317-1} + - chromium 109.0.5414.74-1 + [buster] - chromium (see DSA 5046) +CVE-2023-0127 (A command injection vulnerability in the firmware_update command, in t ...) + NOT-FOR-US: Tenable +CVE-2023-0126 (Pre-authentication path traversal vulnerability in SMA1000 firmware ve ...) + NOT-FOR-US: SonicWall +CVE-2023-0125 (A vulnerability was found in Control iD Gerencia Web 1.30. It has been ...) + NOT-FOR-US: Control iD Panel +CVE-2023-0124 (Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics DOPSoft +CVE-2023-0123 (Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable ...) + NOT-FOR-US: Delta Electronics DOPSoft +CVE-2022-48251 (The AES instructions on the ARMv8 platform do not have an algorithm th ...) + NOT-FOR-US: ARM hardware design issue +CVE-2021-46871 (tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows ...) + NOT-FOR-US: Phoenix.HTML +CVE-2017-20166 (Ecto 2.2.0 lacks a certain protection mechanism associated with the in ...) + NOT-FOR-US: Ecto +CVE-2015-10035 (A vulnerability was found in gperson angular-test-reporter and classif ...) + NOT-FOR-US: angular-test-reporter +CVE-2015-10034 (A vulnerability has been found in j-nowak workout-organizer and classi ...) + NOT-FOR-US: j-nowak workout-organizer +CVE-2015-10033 (A vulnerability, which was classified as problematic, was found in jvv ...) + NOT-FOR-US: jvvlee MerlinsBoard +CVE-2014-125072 (A vulnerability classified as critical has been found in CherishSin kl ...) + NOT-FOR-US: CherishSin +CVE-2014-125071 (A vulnerability was found in lukehutch Gribbit. It has been classified ...) + NOT-FOR-US: lukehutch Gribbit +CVE-2023-22883 (Zoom Client for IT Admin Windows installers before version 5.13.5 cont ...) + NOT-FOR-US: Zoom +CVE-2023-22882 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...) + NOT-FOR-US: Zoom +CVE-2023-22881 (Zoom clients before version 5.13.5 contain a STUN parsing vulnerabilit ...) + NOT-FOR-US: Zoom +CVE-2023-22880 (Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows ...) + NOT-FOR-US: Zoom +CVE-2023-22879 + RESERVED +CVE-2023-22878 (IBM InfoSphere Information Server 11.7 stores user credentials in plai ...) + NOT-FOR-US: IBM +CVE-2023-22877 (IBM InfoSphere Information Server 11.7 is potentially vulnerable to CS ...) + NOT-FOR-US: IBM +CVE-2023-22876 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) + NOT-FOR-US: IBM +CVE-2023-22875 (IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/T ...) + NOT-FOR-US: IBM +CVE-2023-22874 (IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial ...) + NOT-FOR-US: IBM +CVE-2023-22873 + RESERVED +CVE-2023-22872 + RESERVED +CVE-2023-22871 + RESERVED +CVE-2023-22870 (IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext w ...) + NOT-FOR-US: IBM +CVE-2023-22869 + RESERVED +CVE-2023-22868 (IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2023-22867 + RESERVED +CVE-2023-22866 + RESERVED +CVE-2023-22865 + RESERVED +CVE-2023-22864 + RESERVED +CVE-2023-22863 (IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP ...) + NOT-FOR-US: IBM +CVE-2023-22862 (IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authenti ...) + NOT-FOR-US: IBM +CVE-2023-22861 + RESERVED +CVE-2023-22860 (IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, ...) + NOT-FOR-US: IBM +CVE-2023-22859 + RESERVED +CVE-2023-22459 + RESERVED +CVE-2023-0122 (A NULL pointer dereference vulnerability in the Linux kernel NVMe func ...) + - linux (Vulnerable code not present in any released Debian version) +CVE-2023-0121 (A denial of service issue was discovered in GitLab CE/EE affecting all ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0120 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab +CVE-2023-0119 (A stored Cross-site scripting vulnerability was found in foreman. The ...) + - foreman (bug #663101) +CVE-2023-0118 (An arbitrary code execution flaw was found in Foreman. This flaw allow ...) + - foreman (bug #663101) +CVE-2022-4884 (Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1 ...) + - check-mk +CVE-2022-4883 (A flaw was found in libXpm. When processing files with .Z or .gz exten ...) + {DLA-3459-1} + - libxpm 1:3.5.12-1.1 + [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/515294bb8023a45ff916696d0a14308ff4f3a376 (libXpm-3.5.15) + NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/8178eb0834d82242e1edbc7d4fb0d1b397569c68 (libXpm-3.5.15) +CVE-2022-4882 (A vulnerability was found in kaltura mwEmbed up to 2.91. It has been r ...) + NOT-FOR-US: Kaltura +CVE-2022-48250 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48249 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48248 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48247 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48246 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48245 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48244 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48243 (In audio service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48242 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48241 (In telephony service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-48240 (In camera driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-48239 (In camera driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-48238 (In Image filter, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48237 (In Image filter, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-48236 (In MP3 encoder, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2022-48235 (In MP3 encoder, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-48234 (In FM service , there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-48233 (In FM service , there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-48232 (In FM service , there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-48231 (In soter service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-48230 (There is a misinterpretation of input vulnerability in BiSheng-WNM FW ...) + NOT-FOR-US: Huawei +CVE-2022-46285 (A flaw was found in libXpm. This issue occurs when parsing a file with ...) + {DLA-3459-1} + - libxpm 1:3.5.12-1.1 + [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d765014816c566c63165c63ca8 (libXpm-3.5.15) +CVE-2022-44617 (A flaw was found in libXpm. When processing a file with width of 0 and ...) + {DLA-3459-1} + - libxpm 1:3.5.12-1.1 + [bullseye] - libxpm 1:3.5.12-1.1~deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/f80fa6ae47ad4a5beacb287c0030c9913b046643 (libXpm-3.5.15) + NOTE: https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/c5ab17bcc34914c0b0707d2135dbebe9a367c5f0 (libXpm-3.5.15) +CVE-2021-4311 (A vulnerability classified as problematic was found in Talend Open Stu ...) + NOT-FOR-US: Talend +CVE-2021-4310 (A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been ...) + NOT-FOR-US: 01-Scripts 01-Artikelsystem +CVE-2017-20165 (A vulnerability classified as problematic has been found in debug-js d ...) + - node-debug 3.1.0-1 + NOTE: https://github.com/debug-js/debug/pull/504 + NOTE: https://github.com/debug-js/debug/commit/c38a0166c266a679c8de012d4eaccec3f944e685 +CVE-2015-10032 (A vulnerability was found in HealthMateWeb. It has been declared as pr ...) + NOT-FOR-US: HealthMateWeb +CVE-2010-10004 (A vulnerability was found in Information Cards Module on simpleSAMLphp ...) + NOT-FOR-US: Information Cards Module +CVE-2023-22858 (An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, al ...) + NOT-FOR-US: BlogEngine.NET +CVE-2023-22857 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...) + NOT-FOR-US: BlogEngine.NET +CVE-2023-22856 (A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3. ...) + NOT-FOR-US: BlogEngine.NET +CVE-2023-0117 (The online authentication provided by the hwKitAssistant lacks strict ...) + NOT-FOR-US: Huawei +CVE-2023-0116 (The reminder module lacks an authentication mechanism for broadcasts r ...) + NOT-FOR-US: Huawei +CVE-2023-0115 + REJECTED +CVE-2022-4881 (A vulnerability was found in CapsAdmin PAC3. It has been rated as prob ...) + NOT-FOR-US: CapsAdmin PAC3 +CVE-2021-4309 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: 01-Scripts 01ACP +CVE-2021-4308 (A vulnerability was found in WebPA up to 3.1.1. It has been rated as c ...) + NOT-FOR-US: WebPA +CVE-2020-36648 (A vulnerability, which was classified as critical, was found in pouetn ...) + NOT-FOR-US: pouetnet pouet +CVE-2020-36647 (A vulnerability classified as critical has been found in YunoHost-Apps ...) + NOT-FOR-US: YunoHost-Apps +CVE-2019-25100 (A vulnerability was found in happyman twmap. It has been declared as c ...) + NOT-FOR-US: happyman twmap +CVE-2018-25072 (A vulnerability classified as critical has been found in lojban jbovla ...) + NOT-FOR-US: lojban jbovlaste +CVE-2016-15016 (A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0 ...) + NOT-FOR-US: mrtnmtth joomla_mod_einsatz_stats +CVE-2016-15015 (A vulnerability, which was classified as problematic, was found in via ...) + NOT-FOR-US: viafintech Barzahlen Payment Module PHP SDK +CVE-2015-10031 (A vulnerability classified as critical was found in purpleparrots 491- ...) + NOT-FOR-US: purpleparrots 491-Project +CVE-2015-10030 (A vulnerability has been found in SUKOHI Surpass and classified as cri ...) + NOT-FOR-US: SUKOHI Surpass +CVE-2014-125070 (A vulnerability has been found in yanheven console and classified as p ...) + NOT-FOR-US: yanheven console +CVE-2014-125069 (A vulnerability was found in saxman maps-js-icoads. It has been classi ...) + NOT-FOR-US: saxman maps-js-icoads +CVE-2014-125068 (A vulnerability was found in saxman maps-js-icoads and classified as c ...) + NOT-FOR-US: saxman maps-js-icoads +CVE-2014-125067 (A vulnerability classified as critical was found in corincerami curios ...) + NOT-FOR-US: corincerami +CVE-2014-125066 (A vulnerability was found in emmflo yuko-bot. It has been declared as ...) + NOT-FOR-US: emmflo yuko-bot +CVE-2007-10002 (A vulnerability, which was classified as critical, has been found in w ...) + NOT-FOR-US: web-cyradm +CVE-2023-22855 (Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code executio ...) + NOT-FOR-US: Kardex +CVE-2023-22854 (The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 ...) + NOT-FOR-US: Mitel +CVE-2023-22853 (Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/s ...) + - tikiwiki +CVE-2023-22852 (Tiki through 25.0 allows CSRF attacks that are related to tiki-importe ...) + - tikiwiki +CVE-2023-22851 (Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php P ...) + - tikiwiki +CVE-2023-22850 (Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib ...) + - tikiwiki +CVE-2021-4307 (A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has ...) + NOT-FOR-US: Yomguithereal Baobab +CVE-2020-36646 (A vulnerability classified as problematic has been found in MediaArea ...) + {DLA-3290-1} + - libzen 0.4.39-1 + [bullseye] - libzen 0.4.38-1+deb11u1 + NOTE: https://github.com/MediaArea/ZenLib/pull/119 + NOTE: https://github.com/MediaArea/ZenLib/commit/6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408 (v0.4.39) +CVE-2017-20164 (A vulnerability was found in Symbiote Seed up to 6.0.2. It has been cl ...) + NOT-FOR-US: Symbiote Seed +CVE-2016-15014 (A vulnerability has been found in CESNET theme-cesnet up to 1.x on own ...) + NOT-FOR-US: CESNET theme-cesnet +CVE-2016-15013 (A vulnerability was found in ForumHulp searchresults. It has been rate ...) + NOT-FOR-US: ForumHulp +CVE-2015-10029 (A vulnerability classified as problematic was found in kelvinmo simple ...) + NOT-FOR-US: kelvinmo +CVE-2014-125065 (A vulnerability, which was classified as critical, was found in john52 ...) + NOT-FOR-US: bottle-auth +CVE-2014-125064 + REJECTED +CVE-2013-10009 (A vulnerability was found in DrAzraelTod pyChao and classified as crit ...) + NOT-FOR-US: DrAzraelTod pyChao +CVE-2023-22849 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Apache Sling +CVE-2023-0114 (A vulnerability was found in Netis Netcore Router. It has been rated a ...) + NOT-FOR-US: Netis Netcore Router +CVE-2023-0113 (A vulnerability was found in Netis Netcore Router up to 2.2.6. It has ...) + NOT-FOR-US: Netis Netcore Router +CVE-2022-4880 (A vulnerability was found in stakira OpenUtau. It has been classified ...) + NOT-FOR-US: stakira OpenUtau +CVE-2022-48229 + RESERVED +CVE-2021-4306 (A vulnerability classified as problematic has been found in cronvel te ...) + NOT-FOR-US: Node terminal-kit +CVE-2020-36645 (A vulnerability, which was classified as critical, was found in square ...) + NOT-FOR-US: square squalor +CVE-2020-36644 (A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 a ...) + NOT-FOR-US: jamesmartin Inline SVG +CVE-2018-25071 (A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been ...) + NOT-FOR-US: roxlukas LMeve +CVE-2018-25070 (A vulnerability has been found in polterguy Phosphorus Five up to 8.2 ...) + NOT-FOR-US: polterguy Phosphorus Five +CVE-2018-25069 (A vulnerability classified as critical has been found in Netis Netcore ...) + NOT-FOR-US: Netis Netcore Router +CVE-2016-15012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotc ...) + NOT-FOR-US: SalesforceMobileSDK-Windows +CVE-2015-10028 (A vulnerability has been found in ss15-this-is-sparta and classified a ...) + NOT-FOR-US: ss15-this-is-sparta +CVE-2015-10027 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: hydrian TTRSS-Auth-LDAP +CVE-2015-10026 (A vulnerability was found in tiredtyrant flairbot. It has been declare ...) + NOT-FOR-US: tiredtyrant flairbot +CVE-2015-10025 (A vulnerability has been found in luelista miniConf up to 1.7.6 and cl ...) + NOT-FOR-US: luelista miniConf +CVE-2015-10024 (A vulnerability classified as critical was found in hoffie larasync. T ...) + NOT-FOR-US: hoffie larasync +CVE-2015-10023 (A vulnerability classified as critical has been found in Fumon trello- ...) + NOT-FOR-US: Fumon trello-octometric +CVE-2015-10022 (A vulnerability was found in IISH nlgis2. It has been declared as crit ...) + NOT-FOR-US: IISH nlgis2 +CVE-2015-10021 (A vulnerability was found in ritterim definely. It has been classified ...) + NOT-FOR-US: ritterim +CVE-2015-10020 (A vulnerability has been found in ssn2013 cis450Project and classified ...) + NOT-FOR-US: cis450Project +CVE-2015-10019 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: MySimplifiedSQL +CVE-2014-125063 (A vulnerability was found in ada-l0velace Bid and classified as critic ...) + NOT-FOR-US: ada-l0velace Bid +CVE-2014-125062 (A vulnerability classified as critical was found in ananich bitstorm. ...) + NOT-FOR-US: ananich bitstorm +CVE-2014-125061 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel file ...) + NOT-FOR-US: peel filebrokerrm +CVE-2014-125060 (A vulnerability, which was classified as critical, was found in holden ...) + NOT-FOR-US: holdennb CollabCal +CVE-2014-125059 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: sternenseemann sternenblog +CVE-2014-125058 (A vulnerability was found in LearnMeSomeCodes project3 and classified ...) + NOT-FOR-US: LearnMeSomeCodes +CVE-2014-125057 (A vulnerability was found in mrobit robitailletheknot. It has been cla ...) + NOT-FOR-US: robitailletheknot +CVE-2014-125056 (A vulnerability was found in Pylons horus and classified as problemati ...) + NOT-FOR-US: Pylons horus +CVE-2014-125055 (A vulnerability, which was classified as problematic, was found in agn ...) + NOT-FOR-US: agnivade easy-scrypt +CVE-2014-125054 (A vulnerability classified as critical was found in koroket RedditOnRa ...) + NOT-FOR-US: RedditOnRails +CVE-2023-22837 + RESERVED +CVE-2023-22836 + RESERVED +CVE-2023-22835 (A security defect was identified that enabled a user of Foundry Issues ...) + NOT-FOR-US: Palantir +CVE-2023-22834 (The Contour Service was not checking that users had permission to crea ...) + NOT-FOR-US: Palantir +CVE-2023-22833 (Palantir Foundry deployments running Lime2 versions between 2.519.0 an ...) + NOT-FOR-US: Palantir +CVE-2023-22832 (The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19. ...) + NOT-FOR-US: Apache NiFi +CVE-2023-22831 + RESERVED +CVE-2023-22830 + RESERVED +CVE-2023-22829 + RESERVED +CVE-2023-22828 + RESERVED +CVE-2023-22827 + RESERVED +CVE-2023-22826 + RESERVED +CVE-2023-22825 + RESERVED +CVE-2023-22824 + RESERVED +CVE-2023-22823 + RESERVED +CVE-2023-22822 + RESERVED +CVE-2023-22821 + RESERVED +CVE-2023-22820 + RESERVED +CVE-2023-22819 + RESERVED +CVE-2023-22818 (Multiple DLL Search Order Hijack vulnerabilities were addressed in the ...) + NOT-FOR-US: SanDisk Security Installer for Windows +CVE-2023-22817 + RESERVED +CVE-2023-22816 (A post-authentication remote command injection vulnerability in a CGI ...) + NOT-FOR-US: Western Digital +CVE-2023-22815 (Post-authentication remote command injection vulnerability in Western ...) + NOT-FOR-US: Western Digital +CVE-2023-22814 (An authentication bypass issue via spoofing was discovered in the toke ...) + NOT-FOR-US: Western Digital +CVE-2023-22813 (A device API endpoint was missing access controls on Western Digital M ...) + NOT-FOR-US: Western Digital +CVE-2023-22812 (SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 ...) + NOT-FOR-US: SanDisk PrivateAccess +CVE-2023-22811 + RESERVED +CVE-2023-22810 + RESERVED +CVE-2023-22809 (In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...) + {DSA-5321-1 DLA-3272-1} + - sudo 1.9.12p2-1 + NOTE: https://www.sudo.ws/security/advisories/sudoedit_any/ + NOTE: https://github.com/sudo-project/sudo/commit/0274a4f3b403162a37a10f199c989f3727ed3ad4 + NOTE: https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf + NOTE: https://www.openwall.com/lists/oss-security/2023/01/19/1 +CVE-2023-22808 (An issue was discovered in the Arm Android Gralloc Module. A non-privi ...) + NOT-FOR-US: Arm Android Gralloc Module +CVE-2023-22663 (Improper authentication for some Intel Unison software may allow an au ...) + NOT-FOR-US: Intel +CVE-2023-22448 (Improper access control for some Intel Unison software may allow a pri ...) + NOT-FOR-US: Intel +CVE-2023-22445 + RESERVED +CVE-2023-22430 + RESERVED +CVE-2023-22355 (Uncontrolled search path in some Intel(R) oneAPI Toolkit and component ...) + NOT-FOR-US: Intel +CVE-2023-22338 (Out-of-bounds read in some Intel(R) oneVPL GPU software before version ...) + NOT-FOR-US: Intel +CVE-2023-22337 (Improper input validation for some Intel Unison software may allow an ...) + NOT-FOR-US: Intel +CVE-2023-22292 (Uncaught exception for some Intel Unison software may allow an authent ...) + NOT-FOR-US: Intel +CVE-2023-22290 (Uncaught exception for some Intel Unison software may allow an authent ...) + NOT-FOR-US: Intel +CVE-2023-22285 (Improper access control for some Intel Unison software may allow an un ...) + NOT-FOR-US: Intel +CVE-2023-0112 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0111 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0110 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0109 + RESERVED +CVE-2023-0108 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0107 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0106 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2023-0105 (A flaw was found in Keycloak. This flaw allows impersonation and locko ...) + NOT-FOR-US: Keycloak +CVE-2018-25068 (A vulnerability has been found in devent globalpom-utils up to 4.5.0 a ...) + NOT-FOR-US: devent globalpom-utils +CVE-2018-25067 (A vulnerability, which was classified as critical, was found in JoomGa ...) + NOT-FOR-US: JoomGallery +CVE-2014-125053 (A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has bee ...) + NOT-FOR-US: Piwigo-Guest-Book +CVE-2014-125052 (A vulnerability was found in JervenBolleman sparql-identifiers and cla ...) + NOT-FOR-US: JervenBolleman sparql-identifiers +CVE-2013-10008 (A vulnerability was found in sheilazpy eShop. It has been classified a ...) + NOT-FOR-US: sheilazpy eShop +CVE-2023-22807 (LS ELECTRIC XBC-DN32U with operating system version 01.80 does not pro ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-22806 (LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits se ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-22805 (LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-22804 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-22803 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-22802 + RESERVED +CVE-2023-22801 + RESERVED +CVE-2023-22800 + RESERVED +CVE-2023-22799 (A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could all ...) + - ruby-globalid 0.6.0-2 (bug #1029851) + [bullseye] - ruby-globalid (Minor issue) + [buster] - ruby-globalid (Minor issue) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 + NOTE: https://github.com/rails/globalid/commit/3bc4349422e60f2235876a59dd415e98b072eb2b (v1.1.0) +CVE-2023-22798 (Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://gith ...) + NOT-FOR-US: Brave adblock-lists +CVE-2023-22797 (An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new ...) + - rails (Only affects 7.x) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22797-possible-open-redirect-vulnerability-in-action-pack/82120 +CVE-2023-22796 (A regular expression based DoS vulnerability in Active Support <6.1.7. ...) + {DSA-5372-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1030050) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22796-possible-redos-based-dos-vulnerability-in-active-supports-underscore/82116 + NOTE: https://github.com/rails/rails/commit/4b383e6936d7a72b5dc839f526c9a9aeb280acae (6-1-stable) +CVE-2023-22795 (A regular expression based DoS vulnerability in Action Dispatch <6.1.7 ...) + {DSA-5372-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1030050) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118 + NOTE: https://github.com/rails/rails/commit/484fc9185db6c6a6a49ab458b11f9366da02bab2 (6-1-stable) +CVE-2023-22794 (A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 relate ...) + {DSA-5372-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1030050) + [buster] - rails (Only affects 6.x and later) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22794-sql-injection-vulnerability-via-activerecord-comments/82117 + NOTE: https://github.com/rails/rails/commit/048e9fc05e18c91838a44e60175e475de8b2aad5 (6-1-stable) +CVE-2023-22793 + RESERVED +CVE-2023-22792 (A regular expression based DoS vulnerability in Action Dispatch <6.0.6 ...) + {DSA-5372-1} + - rails 2:6.1.7.3+dfsg-1 (bug #1030050) + NOTE: https://discuss.rubyonrails.org/t/cve-2023-22792-possible-redos-based-dos-vulnerability-in-action-dispatch/82115 + NOTE: https://github.com/rails/rails/commit/7a7f37f146aa977350cf914eba20a95ce371485f (6-1-stable) +CVE-2023-22791 (A vulnerability exists in Aruba InstantOS and ArubaOS 10where an edge- ...) + NOT-FOR-US: HPE +CVE-2023-22790 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) + NOT-FOR-US: HPE +CVE-2023-22789 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) + NOT-FOR-US: HPE +CVE-2023-22788 (Multiple authenticated command injection vulnerabilitiesexist in the A ...) + NOT-FOR-US: HPE +CVE-2023-22787 (An unauthenticated Denial of Service (DoS) vulnerability exists in a s ...) + NOT-FOR-US: HPE +CVE-2023-22786 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22785 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22784 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22783 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22782 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22781 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22780 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22779 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: HPE +CVE-2023-22778 (A vulnerability in the ArubaOS web management interface could allow an ...) + NOT-FOR-US: Aruba +CVE-2023-22777 (An authenticated information disclosure vulnerability exists in the Ar ...) + NOT-FOR-US: Aruba +CVE-2023-22776 (An authenticated path traversal vulnerability exists in the ArubaOS co ...) + NOT-FOR-US: Aruba +CVE-2023-22775 (A vulnerability exists which allows an authenticated attacker to acces ...) + NOT-FOR-US: Aruba +CVE-2023-22774 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...) + NOT-FOR-US: Aruba +CVE-2023-22773 (Authenticated path traversal vulnerabilities exist in the ArubaOS comm ...) + NOT-FOR-US: Aruba +CVE-2023-22772 (An authenticated path traversal vulnerability exists in the ArubaOS we ...) + NOT-FOR-US: Aruba +CVE-2023-22771 (An insufficient session expiration vulnerability exists in the ArubaOS ...) + NOT-FOR-US: Aruba +CVE-2023-22770 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22769 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22768 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22767 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22766 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22765 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22764 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22763 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22762 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2023-22761 (Authenticated remote command injection vulnerabilities exist in the Ar ...) + NOT-FOR-US: Aruba +CVE-2023-22760 (Authenticated remote command injection vulnerabilities exist in the Ar ...) + NOT-FOR-US: Aruba +CVE-2023-22759 (Authenticated remote command injection vulnerabilities exist in the Ar ...) + NOT-FOR-US: Aruba +CVE-2023-22758 (Authenticated remote command injection vulnerabilities exist in the Ar ...) + NOT-FOR-US: Aruba +CVE-2023-22757 (There are buffer overflow vulnerabilities in multiple underlying opera ...) + NOT-FOR-US: Aruba +CVE-2023-22756 (There are buffer overflow vulnerabilities in multiple underlying opera ...) + NOT-FOR-US: Aruba +CVE-2023-22755 (There are buffer overflow vulnerabilities in multiple underlying opera ...) + NOT-FOR-US: Aruba +CVE-2023-22754 (There are buffer overflow vulnerabilities in multiple underlying opera ...) + NOT-FOR-US: Aruba +CVE-2023-22753 (There are buffer overflow vulnerabilities in multiple underlying opera ...) + NOT-FOR-US: Aruba +CVE-2023-22752 (There are stack-based buffer overflow vulnerabilities that could lead ...) + NOT-FOR-US: Aruba +CVE-2023-22751 (There are stack-based buffer overflow vulnerabilities that could lead ...) + NOT-FOR-US: Aruba +CVE-2023-22750 (There are multiple command injection vulnerabilities that could lead t ...) + NOT-FOR-US: Aruba +CVE-2023-22749 (There are multiple command injection vulnerabilities that could lead t ...) + NOT-FOR-US: Aruba +CVE-2023-22748 (There are multiple command injection vulnerabilities that could lead t ...) + NOT-FOR-US: Aruba +CVE-2023-22747 (There are multiple command injection vulnerabilities that could lead t ...) + NOT-FOR-US: Aruba +CVE-2023-22746 (CKAN is an open-source DMS (data management system) for powering data ...) + NOT-FOR-US: CKAN +CVE-2023-22745 (tpm2-tss is an open source software implementation of the Trusted Comp ...) + - tpm2-tss 3.2.1-3 (bug #1029369) + [bullseye] - tpm2-tss (Minor issue) + [buster] - tpm2-tss (Minor issue) + NOTE: Fixed by: https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 + NOTE: https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 +CVE-2023-22744 + RESERVED +CVE-2023-22743 (Git for Windows is the Windows port of the revision control system Git ...) + NOT-FOR-US: Git for Windows +CVE-2023-22742 (libgit2 is a cross-platform, linkable library implementation of Git. W ...) + {DLA-3340-1} + - libgit2 1.5.1+ds-1 (bug #1029368) + [bullseye] - libgit2 1.1.0+dfsg.1-4+deb11u1 + NOTE: https://github.com/libgit2/libgit2/commit/cd6f679af401eda1f172402006ef8265f8bd58ea (v1.4.5) + NOTE: https://github.com/libgit2/libgit2/commit/42e5db98b963ae503229c63e44e06e439df50e56 (v1.5.1) + NOTE: https://github.com/libgit2/libgit2/security/advisories/GHSA-8643-3wh5-rmjq +CVE-2023-22741 (Sofia-SIP is an open-source SIP User-Agent library, compliant with the ...) + {DSA-5410-1 DLA-3292-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-4 (bug #1029654) + NOTE: https://github.com/freeswitch/sofia-sip/commit/9defd6f72dd416ee4fcc1a23cccbb159990da0f6 (v1.13.11) + NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54 +CVE-2023-22740 (Discourse is an open source platform for community discussion. Version ...) + NOT-FOR-US: Discourse +CVE-2023-22739 (Discourse is an open source platform for community discussion. Version ...) + NOT-FOR-US: Discourse +CVE-2023-22738 (vantage6 is a privacy preserving federated learning infrastructure for ...) + NOT-FOR-US: vantage6 +CVE-2023-22737 (wire-server provides back end services for Wire, a team communication ...) + NOT-FOR-US: wire-server +CVE-2023-22736 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2023-22735 (Zulip is an open-source team collaboration tool. In versions of zulip ...) + NOT-FOR-US: Zulip +CVE-2023-22734 (Shopware is an open source commerce platform based on Symfony Framewor ...) + NOT-FOR-US: Shopware +CVE-2023-22733 (Shopware is an open source commerce platform based on Symfony Framewor ...) + NOT-FOR-US: Shopware +CVE-2023-22732 (Shopware is an open source commerce platform based on Symfony Framewor ...) + NOT-FOR-US: Shopware +CVE-2023-22731 (Shopware is an open source commerce platform based on Symfony Framewor ...) + NOT-FOR-US: Shopware +CVE-2023-22730 (Shopware is an open source commerce platform based on Symfony Framewor ...) + NOT-FOR-US: Shopware +CVE-2023-22729 (Silverstripe Framework is the Model-View-Controller framework that pow ...) + NOT-FOR-US: Silverstripe +CVE-2023-22728 (Silverstripe Framework is the Model-View-Controller framework that pow ...) + NOT-FOR-US: Silverstripe +CVE-2023-22727 (CakePHP is a development framework for PHP web apps. In affected versi ...) + NOT-FOR-US: CakePHP +CVE-2023-22726 (act is a project which allows for local running of github actions. The ...) + NOT-FOR-US: act +CVE-2023-22725 (GLPI is a Free Asset and IT Management Software package. Versions 0.6. ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-f5g6-fxrw-pfj7 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-22724 (GLPI is a Free Asset and IT Management Software package. Versions prio ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-x9g4-j85w-cmff + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-22723 + RESERVED +CVE-2023-22722 (GLPI is a Free Asset and IT Management Software package. Versions 9.4. ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-352j-wr38-493c + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-22721 (Auth. Stored Cross-Site Scripting (XSS) inOi Yandex.Maps for WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22720 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22719 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22718 (Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User M ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22717 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22716 (Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam A ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22715 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaM ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22714 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming So ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22713 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22712 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22711 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22710 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidev ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22709 (Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple H ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22708 + RESERVED +CVE-2023-22707 (Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Gre ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22706 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Property ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22705 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne I ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22704 (Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22703 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22702 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMob ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22701 + RESERVED +CVE-2023-22700 (Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Pixel ...) + NOT-FOR-US: PixelYourSite +CVE-2023-22699 + RESERVED +CVE-2023-22698 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22697 + RESERVED +CVE-2023-22696 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22695 (Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita C ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22694 (Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Nor ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22693 (Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Goog ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22692 (Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22691 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22690 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shop ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22689 (Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22688 (Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22687 (Insecure Storage of Sensitive Information vulnerability in Jose Mortel ...) + NOT-FOR-US: Jose Mortellaro Freesoul Deactivate +CVE-2023-22686 (Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice Pa ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22685 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22684 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subs ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22683 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22682 (Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | P ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22681 (Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech On ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22680 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alta ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22679 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22678 (Cross-Site Request Forgery (CSRF) vulnerability inRafael DerySuperior ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22677 + RESERVED +CVE-2023-22676 + RESERVED +CVE-2023-22675 + RESERVED +CVE-2023-22674 + RESERVED +CVE-2023-22673 (Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Mon ...) + NOT-FOR-US: WordPress plugin +CVE-2023-22672 (Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Mul ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0104 (The listed versions for Weintek EasyBuilder Pro are vulnerable to a Zi ...) + NOT-FOR-US: Weintek EasyBuilder Pro +CVE-2023-0103 (If an attacker were to access memory locations of LS ELECTRIC XBC-DN32 ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-0102 (LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing a ...) + NOT-FOR-US: LS ELECTRIC +CVE-2023-0101 (A privilege escalation vulnerability was identified in Nessus versions ...) + NOT-FOR-US: Nessus +CVE-2023-0100 (In Eclipse BIRT, starting from version 2.6.2, the default configuratio ...) + NOT-FOR-US: Eclipse BIRT +CVE-2023-0099 (The Simple URLs WordPress plugin before 115 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0098 (The Simple URLs WordPress plugin before 115 does not escape some param ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0097 (The Post Grid, Post Carousel, & List Category Posts WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0096 (The Happyforms WordPress plugin before 1.22.0 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0095 (The Page View Count WordPress plugin before 2.6.1 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4879 (A vulnerability was found in Forged Alliance Forever up to 3746. It ha ...) + NOT-FOR-US: Forged Alliance Forever +CVE-2022-4878 (A vulnerability classified as critical has been found in JATOS. Affect ...) + NOT-FOR-US: JATOS +CVE-2020-36643 + REJECTED +CVE-2020-36642 (A vulnerability was found in trampgeek jobe up to 1.6.x and classified ...) + NOT-FOR-US: trampgeek jobe +CVE-2019-25099 (A vulnerability classified as critical was found in Arthmoor QSF-Porta ...) + NOT-FOR-US: Arthmoor QSF-Portal +CVE-2018-25066 (A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has bee ...) + NOT-FOR-US: PeterMu nodebatis +CVE-2016-15011 (A vulnerability classified as problematic was found in e-Contract dssp ...) + NOT-FOR-US: e-Contract dssp +CVE-2015-10018 (A vulnerability has been found in DBRisinajumi d2files and classified ...) + NOT-FOR-US: DBRisinajumi d2files +CVE-2015-10017 (A vulnerability has been found in HPI-Information-Systems ProLOD and c ...) + NOT-FOR-US: HPI-Information-Systems ProLOD +CVE-2015-10016 (A vulnerability, which was classified as critical, has been found in j ...) + NOT-FOR-US: jeff-kelley opensim-utils +CVE-2014-125051 (A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. ...) + NOT-FOR-US: himiklab yii2-jqgrid-widget +CVE-2014-125050 (A vulnerability was found in ScottTZhang voter-js and classified as cr ...) + NOT-FOR-US: ScottTZhang voter-js +CVE-2014-125049 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified ...) + NOT-FOR-US: typcn Blogile +CVE-2014-125048 (A vulnerability, which was classified as critical, has been found in k ...) + NOT-FOR-US: kassi xingwall +CVE-2014-125047 (A vulnerability classified as critical has been found in tbezman schoo ...) + NOT-FOR-US: tbezman school-store +CVE-2014-125046 (A vulnerability, which was classified as critical, was found in Seiji4 ...) + NOT-FOR-US: Seiji42 cub-scout-tracker +CVE-2023-22671 (Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10 ...) + - ghidra (bug #923851) +CVE-2023-22670 (A heap-based buffer overflow exists in the DXF file reading procedure ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2023-22669 (Parsing of DWG files in Open Design Alliance Drawings SDK before 2023. ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2023-22668 (Memory Corruption in Audio while invoking IOCTLs calls from the user-s ...) + NOT-FOR-US: Qualcomm +CVE-2023-22667 (Memory Corruption in Audio while allocating the ion buffer during the ...) + NOT-FOR-US: Qualcomm +CVE-2023-22666 (Memory Corruption in Audio while playing amrwbplus clips with modified ...) + NOT-FOR-US: Qualcomm +CVE-2023-0094 + RESERVED +CVE-2023-0093 (Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are ...) + NOT-FOR-US: Okta Advanced Server Access Client +CVE-2023-0092 + RESERVED +CVE-2023-0090 (The webservices in Proofpoint Enterprise Protection (PPS/POD) contain ...) + NOT-FOR-US: Proofpoint +CVE-2023-0089 (The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a v ...) + NOT-FOR-US: Proofpoint +CVE-2022-48228 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...) + NOT-FOR-US: Acuant AsureID Sentinel +CVE-2022-48227 (An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It ...) + NOT-FOR-US: Acuant AsureID Sentinel +CVE-2022-48226 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) + NOT-FOR-US: Acuant +CVE-2022-48225 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...) + NOT-FOR-US: Acuant +CVE-2022-48224 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It i ...) + NOT-FOR-US: Acuant +CVE-2022-48223 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) + NOT-FOR-US: Acuant +CVE-2022-48222 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Duri ...) + NOT-FOR-US: Acuant +CVE-2022-48221 (An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Mult ...) + NOT-FOR-US: Acuant +CVE-2017-20163 (A vulnerability has been found in Red Snapper NView and classified as ...) + NOT-FOR-US: Red Snapper NView +CVE-2014-125045 (A vulnerability has been found in meol1 and classified as critical. Af ...) + NOT-FOR-US: meol1 +CVE-2014-125044 (A vulnerability, which was classified as critical, was found in soshto ...) + NOT-FOR-US: soshtolsus wing-tight +CVE-2014-125043 + REJECTED +CVE-2014-125042 + REJECTED +CVE-2023-22665 (There is insufficient checking of user queries in Apache Jena versions ...) + - apache-jena 4.9.0-1 (bug #1035952) + [bookworm] - apache-jena (Minor issue) + NOTE: https://lists.apache.org/thread/s0dmpsxcwqs57l4qfs415klkgmhdxq7s +CVE-2023-22652 (A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow ...) + - libeconf 0.5.2+dfsg1-1 (bug #1037333) + [bookworm] - libeconf (Minor issue) + [bullseye] - libeconf (Minor issue) + NOTE: https://github.com/openSUSE/libeconf/issues/177 + NOTE: https://github.com/openSUSE/libeconf/commit/8d086dfc69d4299e55e4844e3573b3a4cf420f19 (v0.5.2) +CVE-2023-22651 (Improper Privilege Management vulnerability in SUSE Rancher allows Pri ...) + NOT-FOR-US: Rancher +CVE-2023-22650 + RESERVED +CVE-2023-22649 + RESERVED +CVE-2023-22648 (A Improper Privilege Management vulnerability in SUSE Rancher causes p ...) + NOT-FOR-US: Rancher +CVE-2023-22647 (An Improper Privilege Management vulnerability in SUSE Rancher allowed ...) + NOT-FOR-US: Rancher +CVE-2023-22646 + RESERVED +CVE-2023-22645 (An Improper Privilege Management vulnerability in SUSE kubewarden allo ...) + NOT-FOR-US: kubewarden +CVE-2023-22644 (An Innsertion of Sensitive Information into Log File vulnerability in ...) + NOT-FOR-US: SUSE Manager Server Module +CVE-2023-22643 (An Improper Neutralization of Special Elements used in an OS Command ( ...) + NOT-FOR-US: SAP +CVE-2023-22642 (An improper certificate validation vulnerability [CWE-295] in FortiAna ...) + NOT-FOR-US: Fortinet +CVE-2023-22641 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) + NOT-FOR-US: Fortinet +CVE-2023-22640 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) + NOT-FOR-US: FortiGuard +CVE-2023-22639 (A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, ...) + NOT-FOR-US: Fortinet +CVE-2023-22638 (Several improper neutralization of inputs during web page generation v ...) + NOT-FOR-US: FortiGuard +CVE-2023-22637 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: FortiGuard +CVE-2023-22636 (An unauthorized configuration download vulnerability in FortiWeb 6.3.6 ...) + NOT-FOR-US: Fortinet +CVE-2023-22635 (A download of code without Integrity check vulnerability [CWE-494] in ...) + NOT-FOR-US: Fortinet +CVE-2023-22634 + RESERVED +CVE-2023-22633 (An improper permissions, privileges, and access controls vulnerability ...) + NOT-FOR-US: Fortinet +CVE-2023-22436 (The kernel subsystem function check_permission_for_set_tokenid within ...) + NOT-FOR-US: OpenHarmony +CVE-2023-22301 (The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior version ...) + NOT-FOR-US: OpenHarmony +CVE-2023-22291 (An invalid free vulnerability exists in the Frame stream parser functi ...) + NOT-FOR-US: Ichitaro +CVE-2023-0091 (A flaw was found in Keycloak, where it did not properly check client t ...) + NOT-FOR-US: Keycloak +CVE-2023-0088 (The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: Swifty Page Manager plugin for WordPress +CVE-2023-0087 (The Swifty Page Manager plugin for WordPress is vulnerable to Stored C ...) + NOT-FOR-US: Swifty Page Manager plugin for WordPress +CVE-2023-0086 (The JetWidgets for Elementor plugin for WordPress is vulnerable to Cro ...) + NOT-FOR-US: JetWidgets for Elementor plugin for WordPress +CVE-2023-0085 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress +CVE-2023-0084 (The Metform Elementor Contact Form Builder plugin for WordPress is vul ...) + NOT-FOR-US: Metform Elementor Contact Form Builder plugin for WordPress +CVE-2023-0083 (The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior vers ...) + NOT-FOR-US: OpenHarmony +CVE-2023-0082 (The ExactMetrics WordPress plugin before 7.12.1 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0081 (The MonsterInsights WordPress plugin before 8.12.1 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0080 (The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 do ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0079 + RESERVED +CVE-2023-0078 (The Resume Builder WordPress plugin through 3.1.1 does not sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0077 (Integer overflow or wraparound vulnerability in CGI component in Synol ...) + NOT-FOR-US: Synology +CVE-2022-4877 (A vulnerability has been found in snoyberg keter up to 1.8.1 and class ...) + NOT-FOR-US: snoyberg keter +CVE-2022-48220 + RESERVED +CVE-2022-48219 + RESERVED +CVE-2022-48218 + RESERVED +CVE-2021-4305 (A vulnerability was found in Woorank robots-txt-guard. It has been rat ...) + NOT-FOR-US: Woorank robots-txt-guard +CVE-2021-4304 (A vulnerability was found in eprintsug ulcc-core. It has been declared ...) + NOT-FOR-US: eprintsug ulcc-core +CVE-2021-4303 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: shannah Xataface +CVE-2020-36641 (A vulnerability classified as problematic was found in gturri aXMLRPC ...) + NOT-FOR-US: gturri aXMLRPC +CVE-2020-36640 (A vulnerability, which was classified as problematic, was found in bon ...) + NOT-FOR-US: bonitasoft bonita-connector-webservice +CVE-2019-25098 (A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has b ...) + - extplorer +CVE-2019-25097 (A vulnerability was found in soerennb eXtplorer up to 2.1.12 and class ...) + - extplorer +CVE-2019-25096 (A vulnerability has been found in soerennb eXtplorer up to 2.1.12 and ...) + - extplorer +CVE-2019-25095 (A vulnerability, which was classified as problematic, was found in kak ...) + NOT-FOR-US: kakwa LdapCherry +CVE-2018-25065 (A vulnerability was found in Wikimedia mediawiki-extensions-I18nTags a ...) + NOT-FOR-US: MediaWiki extension I18nTags +CVE-2018-25064 (A vulnerability was found in OSM Lab show-me-the-way. It has been rate ...) + NOT-FOR-US: OSM Lab show-me-the-way +CVE-2017-20162 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: vercel ms +CVE-2016-15010 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: University of Cambridge django-ucamlookup +CVE-2016-15009 (A vulnerability classified as problematic has been found in OpenACS bu ...) + NOT-FOR-US: OpenACS bug-tracker +CVE-2015-10015 (A vulnerability, which was classified as critical, has been found in g ...) + NOT-FOR-US: glidernet ogn-live +CVE-2015-10014 (A vulnerability classified as critical has been found in arekk uke. Th ...) + NOT-FOR-US: arekk uke +CVE-2015-10013 (A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up ...) + NOT-FOR-US: WebDevStudios taxonomy-switcher Plugin +CVE-2014-125041 (A vulnerability classified as critical was found in Miccighel PR-CWT. ...) + NOT-FOR-US: Miccighel PR-CWT +CVE-2014-125040 (A vulnerability was found in stevejagodzinski DevNewsAggregator. It ha ...) + NOT-FOR-US: stevejagodzinski DevNewsAggregator +CVE-2007-10001 (A vulnerability classified as problematic has been found in web-cyradm ...) + NOT-FOR-US: web-cyradm +CVE-2023-22632 + RESERVED +CVE-2023-22631 + RESERVED +CVE-2023-22630 (IzyBat Orange casiers before 20221102_1 allows SQL Injection via a get ...) + NOT-FOR-US: IzyBat Orange casiers +CVE-2023-22629 (An issue was discovered in TitanFTP through 1.94.1205. The move-file f ...) + NOT-FOR-US: TitanFTP +CVE-2023-22628 + RESERVED +CVE-2023-22627 + RESERVED +CVE-2023-22626 (PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because ...) + - ruby-pghero (bug #882288) +CVE-2023-22625 + RESERVED +CVE-2023-22624 (Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers ...) + NOT-FOR-US: Zoho +CVE-2023-22623 + RESERVED +CVE-2023-22622 (WordPress through 6.1.1 depends on unpredictable client visits to caus ...) + - wordpress (Not an issue for packaged WordPress) +CVE-2023-22621 (Strapi through 4.5.5 allows authenticated Server-Side Template Injecti ...) + NOT-FOR-US: Strapi +CVE-2023-22620 (An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewa ...) + NOT-FOR-US: SecurePoint UTM +CVE-2023-22619 + RESERVED +CVE-2023-0076 (The Download Attachments WordPress plugin through 1.2.24 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0075 (The Amazon JS WordPress plugin through 0.10 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0074 (The WP Social Widget WordPress plugin before 2.2.4 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0073 (The Client Logo Carousel WordPress plugin through 3.0.0 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0072 (The WC Vendors Marketplace WordPress plugin before 2.4.5 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0071 (The WP Tabs WordPress plugin before 2.1.17 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0070 (The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0069 (The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0068 (The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin thr ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0067 (The Timed Content WordPress plugin before 2.73 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0066 (The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0065 (The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0064 (The eVision Responsive Column Layout Shortcodes WordPress plugin throu ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0063 (The WordPress Shortcodes WordPress plugin through 1.6.36 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0062 (The EAN for WooCommerce WordPress plugin before 4.4.3 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0061 (The Judge.me Product Reviews for WooCommerce WordPress plugin before 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0060 (The Responsive Gallery Grid WordPress plugin before 2.3.9 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0059 (The Youzify WordPress plugin before 1.2.2 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0058 (The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0057 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + - pyload (bug #1001980) +CVE-2023-0056 (An uncontrolled resource consumption vulnerability was discovered in H ...) + {DSA-5348-1} + - haproxy 2.6.8-1 + [buster] - haproxy (Vulnerable code introduced later) + NOTE: https://github.com/haproxy/haproxy/issues/1972 + NOTE: https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=84f5cba24f59b1c8339bb38323fcb01f434ba8e5 (v2.6.8) + NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=038a7e8aeb1c5b90c18c55d2bcfb3aaa476bce89 (v2.2.27) +CVE-2023-0055 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + - pyload (bug #1001980) +CVE-2022-4876 (A vulnerability was found in Kaltura mwEmbed up to 2.96.rc1 and classi ...) + NOT-FOR-US: Kaltura mwEmbed +CVE-2022-4875 (A vulnerability has been found in fossology and classified as problema ...) + - fossology +CVE-2021-4302 (A vulnerability was found in slackero phpwcms up to 1.9.26. It has bee ...) + NOT-FOR-US: slackero phpwcms +CVE-2021-4301 (A vulnerability was found in slackero phpwcms up to 1.9.26 and classif ...) + NOT-FOR-US: slackero phpwcms +CVE-2021-4300 (A vulnerability has been found in ghostlander Halcyon and classified a ...) + NOT-FOR-US: ghostlander Halcyon +CVE-2023-22618 (If Security Hardening guide rules are not followed, then Nokia WaveLit ...) + NOT-FOR-US: Nokia +CVE-2023-22617 (A remote attacker might be able to cause infinite recursion in PowerDN ...) + - pdns-recursor 4.8.1-1 (bug #1029367) + [bullseye] - pdns-recursor (Vulnerable code introduced later) + [buster] - pdns-recursor (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/20/1 + NOTE: https://downloads.powerdns.com/patches/2023-01/ + NOTE: https://github.com/PowerDNS/pdns/pull/12442 +CVE-2023-22616 (An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5. ...) + NOT-FOR-US: Insyde +CVE-2023-22615 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2023-22614 (An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kern ...) + NOT-FOR-US: Insyde +CVE-2023-22613 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2023-22612 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2023-22611 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: EcoStruxure Geo SCADA Expert +CVE-2023-22610 (A CWE-863: Incorrect Authorization vulnerability exists that could cau ...) + NOT-FOR-US: EcoStruxure Geo SCADA Expert +CVE-2023-22609 + REJECTED +CVE-2023-22608 + REJECTED +CVE-2023-22607 + REJECTED +CVE-2023-22606 + REJECTED +CVE-2023-22605 + REJECTED +CVE-2023-22604 + REJECTED +CVE-2023-22603 + REJECTED +CVE-2023-0054 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.) + {DLA-3453-1} + - vim 2:9.0.1378-1 (bug #1031875) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/b289ee0f-fd16-4147-bd01-c6289c45e49d + NOTE: https://github.com/vim/vim/commit/3ac1d97a1d9353490493d30088256360435f7731 (v9.0.1145) +CVE-2023-0053 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...) + NOT-FOR-US: SAUTER Controls Nova +CVE-2023-0052 (SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 ...) + NOT-FOR-US: SAUTER +CVE-2023-0051 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1 ...) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/1c8686db-baa6-42dc-ba45-aed322802de9 + NOTE: https://github.com/vim/vim/commit/c32949b0779106ed5710ae3bffc5053e49083ab4 (v9.0.1144) + NOTE: Crash in CLI tool, no security impact +CVE-2023-0050 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0049 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.) + - vim 2:9.0.1378-1 (unimportant) + NOTE: https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9 + NOTE: https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c (v9.0.1143) + NOTE: Crash in CLI tool, no security impact +CVE-2023-0048 (Code Injection in GitHub repository lirantal/daloradius prior to maste ...) + NOT-FOR-US: lirantal/daloradius +CVE-2023-0047 + REJECTED +CVE-2023-0046 (Improper Restriction of Names for Files and Other Resources in GitHub ...) + NOT-FOR-US: lirantal/daloradius +CVE-2023-0045 (The current implementation of the prctl syscall does not issue an IBPB ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.7-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/1 + NOTE: https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8#event-88245 + NOTE: https://git.kernel.org/linus/a664ec9158eeddd75121d39c9a0758016097fa96 (6.2-rc3) + NOTE: https://github.com/es0j/CVE-2023-0045 +CVE-2023-0044 (If the Quarkus Form Authentication session cookie Path attribute is se ...) + NOT-FOR-US: Quarkus +CVE-2022-4874 (Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1 ...) + NOT-FOR-US: Netcomm +CVE-2022-4873 (On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buff ...) + NOT-FOR-US: Netcomm +CVE-2022-4872 (The Chained Products WordPress plugin before 2.12.0 does not have auth ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48217 (The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) ...) + NOT-FOR-US: ROS tf_remapper_node +CVE-2022-48216 (Uniswap Universal Router before 1.1.0 mishandles reentrancy. This woul ...) + NOT-FOR-US: Uniswap Universal Router +CVE-2020-36639 (A vulnerability has been found in AlliedModders AMX Mod X on Windows a ...) + NOT-FOR-US: AlliedModders AMX Mod X +CVE-2019-25094 (A vulnerability, which was classified as problematic, was found in inn ...) + NOT-FOR-US: innologi appointments Extension +CVE-2016-15008 (A vulnerability was found in oxguy3 coebot-www and classified as probl ...) + NOT-FOR-US: oxguy3 coebot-www +CVE-2014-125039 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: kkokko NeoXplora +CVE-2010-10003 (A vulnerability classified as critical was found in gesellix titlelink ...) + NOT-FOR-US: gesellix titlelink +CVE-2023-22602 (When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, ...) + - shiro (bug #1029039) + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue, cf. #1029039) + NOTE: https://lists.apache.org/thread/dzj0k2smpzzgj6g666hrbrgsrlf9yhkl +CVE-2023-22601 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) + NOT-FOR-US: InHand Networks InRouter +CVE-2023-22600 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) + NOT-FOR-US: InHand Networks InRouter +CVE-2023-22599 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) + NOT-FOR-US: InHand Networks InRouter +CVE-2023-22598 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) + NOT-FOR-US: InHand Networks InRouter +CVE-2023-22597 (InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRo ...) + NOT-FOR-US: InHand Networks InRouter +CVE-2023-22596 + RESERVED +CVE-2023-22595 (IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integ ...) + NOT-FOR-US: IBM +CVE-2023-22594 (IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is ...) + NOT-FOR-US: IBM +CVE-2023-22593 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 a ...) + NOT-FOR-US: IBM +CVE-2023-22592 (IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 cou ...) + NOT-FOR-US: IBM +CVE-2023-22591 (IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 throug ...) + NOT-FOR-US: IBM +CVE-2023-22590 + RESERVED +CVE-2023-22589 + RESERVED +CVE-2023-22588 + RESERVED +CVE-2023-22587 + RESERVED +CVE-2023-0043 (The Custom Add User WordPress plugin through 2.0.2 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0042 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2023-0041 (IBM Security Guardium 11.5 could allow a user to take over another use ...) + NOT-FOR-US: IBM +CVE-2023-22586 (The Danfoss AK-EM100 web applications allow for Local File Inclusion i ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-22585 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-22584 (The Danfoss AK-EM100 stores login credentials in cleartext.) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-22583 (The Danfoss AK-EM100 web forms allow for SQL injection in the login fo ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-22582 (The Danfoss AK-EM100 web applications allow for Reflected Cross-Site S ...) + NOT-FOR-US: Danfoss AK-EM100 +CVE-2023-22581 (White Rabbit Switch contains a vulnerability which makes it possible f ...) + NOT-FOR-US: White Rabbit Switch +CVE-2023-22580 (Due to improper input filtering in the sequalize js library, can malic ...) + NOT-FOR-US: DIVD +CVE-2023-22579 (Due to improper parameter filtering in the sequalize js library, can a ...) + NOT-FOR-US: DIVD +CVE-2023-22578 (Due to improper artibute filtering in the sequalize js library, can a ...) + NOT-FOR-US: DIVD +CVE-2023-22577 (Within White Rabbit Switch it's possible as an unauthenticated user to ...) + NOT-FOR-US: White Rabbit Switch +CVE-2023-0040 (Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form ...) + NOT-FOR-US: AsyncHTTPClient +CVE-2023-0039 + REJECTED +CVE-2023-0038 (The "Survey Maker \u2013 Best WordPress Survey Plugin" plugin for Word ...) + NOT-FOR-US: "Survey Maker – Best WordPress Survey Plugin" plugin for WordPress +CVE-2023-0037 (The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 d ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0036 (platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and ...) + NOT-FOR-US: OpenHarmony +CVE-2023-0035 (softbus_client_stub in communication subsystem within OpenHarmony-v3.0 ...) + NOT-FOR-US: OpenHarmony +CVE-2022-4871 (A vulnerability classified as problematic was found in ummmmm nflpick- ...) + NOT-FOR-US: ummmmm nflpick-em.com +CVE-2022-48215 + RESERVED +CVE-2022-48214 + RESERVED +CVE-2022-48213 + RESERVED +CVE-2022-48212 + RESERVED +CVE-2022-48211 + RESERVED +CVE-2022-48210 + RESERVED +CVE-2015-10012 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in sumocoder ...) + NOT-FOR-US: sumocoders FrameworkUserBundle +CVE-2013-10007 (A vulnerability classified as problematic has been found in ethitter W ...) + NOT-FOR-US: ethitter WP-Print-Friendly +CVE-2012-10003 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: ahmyi RivetTracker +CVE-2012-10002 (A vulnerability was found in ahmyi RivetTracker. It has been declared ...) + NOT-FOR-US: ahmyi RivetTracker +CVE-2023-0034 (The JetWidgets For Elementor WordPress plugin before 1.0.14 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2023-0033 (The PDF Viewer WordPress plugin before 1.0.0 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4870 (In affected versions of Octopus Deploy it is possible to discover netw ...) + NOT-FOR-US: Octopus Deploy +CVE-2015-10011 (A vulnerability classified as problematic has been found in OpenDNS Op ...) + NOT-FOR-US: OpenResolve +CVE-2015-10010 (A vulnerability was found in OpenDNS OpenResolve. It has been rated as ...) + NOT-FOR-US: OpenResolve +CVE-2023-22576 + RESERVED +CVE-2023-22575 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...) + NOT-FOR-US: Dell +CVE-2023-22574 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensit ...) + NOT-FOR-US: Dell +CVE-2023-22573 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitiv ...) + NOT-FOR-US: Dell +CVE-2023-22572 (Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitiv ...) + NOT-FOR-US: Dell +CVE-2023-0032 + RESERVED +CVE-2023-0031 + RESERVED +CVE-2021-4299 (A vulnerability classified as problematic was found in cronvel string- ...) + NOT-FOR-US: Node string-kit +CVE-2021-4298 (A vulnerability classified as critical has been found in Hesburgh Libr ...) + NOT-FOR-US: Sipity +CVE-2019-25093 (A vulnerability, which was classified as problematic, was found in dra ...) + NOT-FOR-US: Recent Threads On Index +CVE-2017-20161 (A vulnerability classified as problematic has been found in rofl0r Mac ...) + NOT-FOR-US: MacGeiger +CVE-2016-15007 (A vulnerability was found in Centralized-Salesforce-Dev-Framework. It ...) + NOT-FOR-US: Centralized-Salesforce-Dev-Framework +CVE-2016-15006 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: EnigmaX +CVE-2015-10009 (A vulnerability was found in nterchange up to 4.1.0. It has been rated ...) + NOT-FOR-US: nterchange +CVE-2015-10008 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WE ...) + NOT-FOR-US: 82Flex WEIPDCRM +CVE-2015-10007 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WE ...) + NOT-FOR-US: 82Flex WEIPDCRM +CVE-2014-125038 (A vulnerability has been found in IS_Projecto2 and classified as criti ...) + NOT-FOR-US: IS_Projecto2 +CVE-2014-125037 (A vulnerability, which was classified as critical, was found in Licens ...) + NOT-FOR-US: License To Kill +CVE-2014-125036 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Ansinle Debops ntp +CVE-2014-125035 (A vulnerability classified as problematic was found in Jobs-Plugin. Af ...) + NOT-FOR-US: mrbobbybryant/Jobs-Plugin +CVE-2014-125034 (A vulnerability has been found in stiiv contact_app and classified as ...) + NOT-FOR-US: stiiv/contact_app +CVE-2014-125033 (A vulnerability was found in rails-cv-app. It has been rated as proble ...) + NOT-FOR-US: rails-cv-app +CVE-2014-125032 (A vulnerability was found in porpeeranut go-with-me. It has been decla ...) + NOT-FOR-US: porpeeranut go-with-me +CVE-2014-125031 (A vulnerability was found in kirill2485 TekNet. It has been classified ...) + NOT-FOR-US: kirill2485 TekNet +CVE-2023-22571 + RESERVED +CVE-2023-22570 + RESERVED +CVE-2023-22569 + RESERVED +CVE-2023-22568 + RESERVED +CVE-2023-22567 + RESERVED +CVE-2023-22566 + RESERVED +CVE-2023-22565 + RESERVED +CVE-2023-22564 + RESERVED +CVE-2023-22563 + RESERVED +CVE-2023-22562 + RESERVED +CVE-2023-22561 + RESERVED +CVE-2023-22560 + RESERVED +CVE-2023-22559 + RESERVED +CVE-2023-22558 + RESERVED +CVE-2023-22557 + RESERVED +CVE-2023-22556 + RESERVED +CVE-2023-22555 + RESERVED +CVE-2023-22554 + RESERVED +CVE-2023-22553 + RESERVED +CVE-2023-22552 + RESERVED +CVE-2022-48209 + RESERVED +CVE-2022-48208 + RESERVED +CVE-2022-48207 + RESERVED +CVE-2022-48206 + RESERVED +CVE-2022-48205 + RESERVED +CVE-2022-48204 + RESERVED +CVE-2022-48203 + RESERVED +CVE-2022-48202 + RESERVED +CVE-2022-48201 + RESERVED +CVE-2022-48200 + RESERVED +CVE-2023-22551 (The FTP (aka "Implementation of a simple FTP client and server") proje ...) + NOT-FOR-US: rovinbhandari FTP +CVE-2023-0030 (A use-after-free flaw was found in the Linux kernel\u2019s nouveau dri ...) + - linux 5.2.6-1 + NOTE: https://git.kernel.org/linus/729eba3355674f2d9524629b73683ba1d1cd3f10 (5.0-rc1) +CVE-2023-0029 (A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411 ...) + NOT-FOR-US: Multilaser RE708 +CVE-2022-4869 (A vulnerability was found in Evolution Events Artaxerxes. It has been ...) + NOT-FOR-US: Evolution Events Artaxerxes +CVE-2022-48199 (SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a m ...) + NOT-FOR-US: SoftPerfect +CVE-2021-4297 (A vulnerability has been found in trampgeek jobe up to 1.6.4 and class ...) + NOT-FOR-US: trampgeek jobe +CVE-2018-25063 (A vulnerability classified as problematic was found in Zenoss Dashboar ...) + NOT-FOR-US: Zenoss Dashboard +CVE-2018-25062 (A vulnerability classified as problematic has been found in flar2 Elem ...) + NOT-FOR-US: flar2 ElementalX +CVE-2015-10006 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: admont28 Ingnovarq +CVE-2014-125030 (A vulnerability, which was classified as critical, has been found in t ...) + NOT-FOR-US: taoeffect Empress +CVE-2013-10006 (A vulnerability classified as problematic was found in Ziftr primecoin ...) + NOT-FOR-US: Ziftr primecoin +CVE-2010-10002 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: simplesamlphp-module-openid +CVE-2023-22550 + RESERVED +CVE-2023-22549 + RESERVED +CVE-2023-22548 + RESERVED +CVE-2023-22547 + RESERVED +CVE-2023-22546 + RESERVED +CVE-2023-22545 + RESERVED +CVE-2023-22544 + RESERVED +CVE-2023-22543 + RESERVED +CVE-2023-22542 + RESERVED +CVE-2023-22541 + RESERVED +CVE-2023-22540 + RESERVED +CVE-2023-22539 + RESERVED +CVE-2023-22538 + RESERVED +CVE-2023-22537 + RESERVED +CVE-2023-22536 + RESERVED +CVE-2023-22535 + RESERVED +CVE-2023-22534 + RESERVED +CVE-2023-22533 + RESERVED +CVE-2023-22532 + RESERVED +CVE-2023-22531 + RESERVED +CVE-2023-22530 + RESERVED +CVE-2023-22529 + RESERVED +CVE-2023-22528 + RESERVED +CVE-2023-22527 + RESERVED +CVE-2023-22526 + RESERVED +CVE-2023-22525 + RESERVED +CVE-2023-22524 (Certain versions of the Atlassian Companion App for MacOS were affecte ...) + NOT-FOR-US: Atlassian +CVE-2023-22523 (This vulnerability, if exploited, allows an attacker to perform privil ...) + NOT-FOR-US: Atlassian +CVE-2023-22522 (This Template Injection vulnerability allows an authenticated attacker ...) + NOT-FOR-US: Atlassian +CVE-2023-22521 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) + NOT-FOR-US: Crowd Data Center and Server +CVE-2023-22520 + RESERVED +CVE-2023-22519 + RESERVED +CVE-2023-22518 (All versions of Confluence Data Center and Server are affected by this ...) + NOT-FOR-US: Atlassian +CVE-2023-22517 + RESERVED +CVE-2023-22516 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) + NOT-FOR-US: Bamboo Data Center and Server +CVE-2023-22515 (Atlassian has been made aware of an issue reported by a handful of cus ...) + NOT-FOR-US: Atlassian +CVE-2023-22514 + RESERVED +CVE-2023-22513 (This High severity RCE (Remote Code Execution) vulnerability was intro ...) + NOT-FOR-US: Bitbucket Data Center and Server +CVE-2023-22512 + RESERVED +CVE-2023-22511 + RESERVED +CVE-2023-22510 + RESERVED +CVE-2023-22509 + RESERVED +CVE-2023-22508 (This High severity RCE (Remote Code Execution) vulnerability known as ...) + NOT-FOR-US: Atlassian +CVE-2023-22507 + RESERVED +CVE-2023-22506 (This High severity Injection and RCE (Remote Code Execution) vulnerabi ...) + NOT-FOR-US: Atlassian +CVE-2023-22505 (This High severity RCE (Remote Code Execution) vulnerability known as ...) + NOT-FOR-US: Atlassian +CVE-2023-22504 (Affected versions of Atlassian Confluence Server allow remote attacker ...) + NOT-FOR-US: Atlassian +CVE-2023-22503 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + NOT-FOR-US: Atlassian +CVE-2023-22502 + RESERVED +CVE-2023-22501 (An authentication vulnerability was discovered in Jira Service Managem ...) + NOT-FOR-US: Atlassian +CVE-2023-0028 (Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twak ...) + NOT-FOR-US: linagora/Twake +CVE-2022-48198 (The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot ...) + NOT-FOR-US: ros ntpd driver +CVE-2022-48197 (Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 th ...) + NOT-FOR-US: TreeView of YUI2 +CVE-2018-25061 (A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as ...) + NOT-FOR-US: rgb2hex +CVE-2017-20160 (A vulnerability was found in flitto express-param up to 0.x. It has be ...) + NOT-FOR-US: express-param +CVE-2014-125029 (A vulnerability was found in ttskch PaginationServiceProvider up to 0. ...) + NOT-FOR-US: ttskch/PaginationServiceProvider +CVE-2014-125028 (A vulnerability was found in valtech IDP Test Client and classified as ...) + NOT-FOR-US: valtech IDP Test Client +CVE-2022-4868 (Improper Authorization in GitHub repository froxlor/froxlor prior to 2 ...) + - froxlor (bug #581792) +CVE-2022-4867 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) + - froxlor (bug #581792) +CVE-2022-4866 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4865 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2017-20159 (A vulnerability was found in rf Keynote up to 0.x on Rails. It has bee ...) + NOT-FOR-US: rf Keynote +CVE-2017-20158 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in vova07 Yi ...) + NOT-FOR-US: vova07 Yii2 FileAPI Widget +CVE-2017-20157 (A vulnerability was found in Ariadne Component Library up to 2.x. It h ...) + NOT-FOR-US: Ariadne Component Library +CVE-2017-20156 (A vulnerability was found in Exciting Printer and classified as critic ...) + NOT-FOR-US: Exciting Printer +CVE-2014-125027 (A vulnerability has been found in Yuna Scatari TBDev up to 2.1.17 and ...) + NOT-FOR-US: Yuna Scatari TBDev +CVE-2022-4864 (Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0 ...) + - froxlor (bug #581792) +CVE-2017-20155 (A vulnerability was found in Sterc Google Analytics Dashboard for MODX ...) + NOT-FOR-US: Sterc Google Analytics Dashboard for MODX +CVE-2017-20154 (A vulnerability was found in ghostlander Phoenixcoin. It has been clas ...) + NOT-FOR-US: ghostlander Phoenixcoin +CVE-2022-4863 (Improper Handling of Insufficient Permissions or Privileges in GitHub ...) + NOT-FOR-US: usememos +CVE-2022-4862 (Rendering of HTML provided by another authenticated user is possible i ...) + NOT-FOR-US: M-Files Web +CVE-2022-4861 (Incorrect implementation in authentication protocol in M-Files Client ...) + NOT-FOR-US: M-Files +CVE-2022-4860 (A vulnerability was found in KBase Metrics. It has been classified as ...) + NOT-FOR-US: KBase Metrics +CVE-2022-4859 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Joget +CVE-2022-4858 (Insertion of Sensitive Information into Log Files in M-Files Server be ...) + NOT-FOR-US: M-Files +CVE-2022-4857 (A vulnerability was found in Modbus Tools Modbus Poll up to 9.10.0 and ...) + NOT-FOR-US: Modbus Tools Modbus Poll +CVE-2022-4856 (A vulnerability has been found in Modbus Tools Modbus Slave up to 7.5. ...) + NOT-FOR-US: Modbus Tools Modbus Slave +CVE-2022-4855 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Lead Management System +CVE-2022-48196 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2020-36638 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de ...) + NOT-FOR-US: Chris92de AdminServ +CVE-2020-36637 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Chris92de ...) + NOT-FOR-US: Chris92de AdminServ +CVE-2018-25060 (A vulnerability was found in Macaron csrf and classified as problemati ...) + - golang-github-go-macaron-csrf (bug #1033115) + [bullseye] - golang-github-go-macaron-csrf (Minor issue, no reverse deps) + [buster] - golang-github-go-macaron-csrf (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/go-macaron/csrf/commit/dadd1711a617000b70e5e408a76531b73187031c + NOTE: https://github.com/go-macaron/csrf/pull/7 +CVE-2018-25059 (A vulnerability was found in pastebinit up to 0.2.2 and classified as ...) + NOT-FOR-US: jessfraz/pastebinit (Go implementation of pastebinit, different from src:pastebinit) +CVE-2017-20153 (A vulnerability has been found in aerouk imageserve and classified as ...) + NOT-FOR-US: aerouk imageserve +CVE-2017-20152 (A vulnerability, which was classified as problematic, was found in aer ...) + NOT-FOR-US: aerouk imageserve +CVE-2017-20151 (A vulnerability classified as problematic was found in iText RUPS. Thi ...) + NOT-FOR-US: iText RUPS +CVE-2022-48195 (An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When ...) + NOT-FOR-US: Mellium +CVE-2022-48194 (TP-Link TL-WR902AC devices through V3 0.9.1 allow remote authenticated ...) + NOT-FOR-US: TP-Link +CVE-2022-48193 (Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during ...) + NOT-FOR-US: Softing smartLink SW-HT +CVE-2022-48192 (Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1 ...) + NOT-FOR-US: Softing smartLink SW-HT +CVE-2022-48191 (A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) whe ...) + NOT-FOR-US: Trend Micro +CVE-2021-46870 + RESERVED +CVE-2021-46869 + RESERVED +CVE-2023-22500 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3ghv-p34r-5ghx + NOTE: Only supported behind an authenticated HTTP zone +CVE-2023-22499 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) + NOT-FOR-US: Deno +CVE-2023-22498 + REJECTED +CVE-2023-22497 (Netdata is an open source option for real-time infrastructure monitori ...) + - netdata 1.37.0-1 + [bullseye] - netdata (Minor issue) + [buster] - netdata (Minor issue) + NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-jx85-39cw-66f2 +CVE-2023-22496 (Netdata is an open source option for real-time infrastructure monitori ...) + - netdata 1.37.0-1 + [bullseye] - netdata (Minor issue) + [buster] - netdata (Minor issue) + NOTE: https://github.com/netdata/netdata/security/advisories/GHSA-xg38-3vmw-2978 +CVE-2023-22495 (Izanami is a shared configuration service well-suited for micro-servic ...) + NOT-FOR-US: Izanami +CVE-2023-22494 + REJECTED +CVE-2023-22493 (RSSHub is an open source RSS feed generator. RSSHub is vulnerable to S ...) + NOT-FOR-US: RSSHub +CVE-2023-22492 (ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OA ...) + NOT-FOR-US: ZITADEL +CVE-2023-22491 (Gatsby is a free and open source framework based on React that helps d ...) + - gatsby (bug #922188) +CVE-2023-22490 (Git is a revision control system. Using a specially-crafted repository ...) + {DSA-5357-1 DLA-3338-1} + - git 1:2.39.2-1 (bug #1031310) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/5 + NOTE: https://github.com/git/git/commit/58325b93c5b6212697b088371809e9948fee8052 (v2.30.8) + NOTE: https://github.com/git/git/commit/cf8f6ce02a13f4d1979a53241afbee15a293fce9 (v2.30.8) + NOTE: https://github.com/git/git/commit/bffc762f87ae8d18c6001bf0044a76004245754c (v2.30.8) +CVE-2023-22489 (Flarum is a discussion platform for websites. If the first post of a d ...) + NOT-FOR-US: Flarum +CVE-2023-22488 (Flarum is a forum software for building communities. Using the notific ...) + NOT-FOR-US: Flarum +CVE-2023-22487 (Flarum is a forum software for building communities. Using the mention ...) + NOT-FOR-US: Flarum +CVE-2023-22486 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1033110) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1033111) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1033112) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1033113) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-r572-jvj2-3m8p + NOTE: https://github.com/github/cmark-gfm/commit/ece074cc3378f7a8dec0395f00123e9fa6981f7b (0.29.0.gfm.7) +CVE-2023-22485 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1033110) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1033111) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1033112) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1033113) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-c944-cv5f-hpvr +CVE-2023-22484 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1033110) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1033111) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1033112) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1033113) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-24f7-9frr-5h2r +CVE-2023-22483 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm (bug #1033110) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1033111) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - r-cran-commonmark (bug #1033112) + [bookworm] - r-cran-commonmark (Minor issue) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + - ruby-commonmarker (bug #1033113) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-29g3-96g3-jg6c +CVE-2023-22482 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2023-22481 (FreshRSS is a self-hosted RSS feed aggregator. When using the greader ...) + NOT-FOR-US: FreshRSS +CVE-2023-22480 (KubeOperator is an open source Kubernetes distribution focused on help ...) + NOT-FOR-US: KubeOperator +CVE-2023-22479 (KubePi is a modern Kubernetes panel. A session fixation attack allows ...) + NOT-FOR-US: KubePi +CVE-2023-22478 (KubePi is a modern Kubernetes panel. The API interfaces with unauthori ...) + NOT-FOR-US: KubePi +CVE-2023-22477 (Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius unt ...) + NOT-FOR-US: Mercurius +CVE-2023-22476 (Mantis Bug Tracker (MantisBT) is an open source issue tracker. In vers ...) + - mantis +CVE-2023-0027 (Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerab ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-4854 + REJECTED +CVE-2022-4853 + REJECTED +CVE-2022-4852 + REJECTED +CVE-2022-4851 (Improper Handling of Values in GitHub repository usememos/memos prior ...) + NOT-FOR-US: usememos +CVE-2022-4850 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: usememos +CVE-2022-4849 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: usememos +CVE-2022-4848 (Improper Verification of Source of a Communication Channel in GitHub r ...) + NOT-FOR-US: usememos +CVE-2022-4847 (Incorrectly Specified Destination in a Communication Channel in GitHub ...) + NOT-FOR-US: usememos +CVE-2022-4846 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: usememos +CVE-2022-4845 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: usememos +CVE-2022-4844 (Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos ...) + NOT-FOR-US: usememos +CVE-2022-4843 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) + - radare2 (Vulnerable code not yet present) + NOTE: https://huntr.dev/bounties/075b2760-66a0-4d38-b3b5-e9934956ab7f + NOTE: https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24 +CVE-2022-4842 (A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver funct ...) + - linux 6.1.8-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156927 + NOTE: NTFS3 driver not enabled in Debian +CVE-2022-4841 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4840 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4839 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4838 (The Clean Login WordPress plugin before 1.13.7 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4837 (The CPO Companion WordPress plugin before 1.1.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4836 (The Breadcrumb WordPress plugin before 1.5.33 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4835 (The Social Sharing Toolkit WordPress plugin through 2.6 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4834 (The CPT Bootstrap Carousel WordPress plugin through 1.12 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4833 (The YourChannel: Everything you want in a YouTube plugin WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4832 (The Store Locator WordPress plugin before 1.4.9 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4831 (The Custom User Profile Fields for User Registration WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4830 (The Paid Memberships Pro WordPress plugin before 2.9.9 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4829 (The Show-Hide / Collapse-Expand WordPress plugin before 1.3.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4828 (The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4827 (The WP Tiles WordPress plugin through 1.1.2 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4826 (The Simple Tooltips WordPress plugin before 2.1.4 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4825 (The WP-ShowHide WordPress plugin before 1.05 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4824 (The WP Blog and Widgets WordPress plugin before 2.3.1 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-48190 + REJECTED +CVE-2022-48189 (An SMM driver input validation vulnerability in the BIOS of some Think ...) + NOT-FOR-US: Lenovo +CVE-2022-48188 (A buffer overflow vulnerability in the SecureBootDXE BIOS driver of so ...) + NOT-FOR-US: Lenovo +CVE-2022-48187 + REJECTED +CVE-2022-48186 (A certificate validation vulnerability exists in the Baiying Android a ...) + NOT-FOR-US: Baiying Android application +CVE-2022-48185 + RESERVED +CVE-2022-48184 + RESERVED +CVE-2022-48183 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) + NOT-FOR-US: Lenovo +CVE-2022-48182 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) + NOT-FOR-US: Lenovo +CVE-2022-48181 (An ErrorMessage driver stack-based buffer overflow vulnerability in BI ...) + NOT-FOR-US: Lenovo +CVE-2022-48180 + RESERVED +CVE-2022-48179 + RESERVED +CVE-2021-4296 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Unicorn - W3C's Unified Validator +CVE-2021-4295 (A vulnerability classified as problematic was found in ONC code-valida ...) + NOT-FOR-US: ONC code-validator-api +CVE-2018-25058 (A vulnerability classified as problematic has been found in Twitter-Po ...) + NOT-FOR-US: Twitter-Post-Fetcher +CVE-2023-22475 (Canarytokens is an open source tool which helps track activity and act ...) + NOT-FOR-US: canarytokens +CVE-2023-22474 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2023-22473 (Talk-Android enables users to have video & audio calls through Nextclo ...) + NOT-FOR-US: Talk-Android +CVE-2023-22472 (Deck is a kanban style organization tool aimed at personal planning an ...) + NOT-FOR-US: Deck +CVE-2023-22471 (Deck is a kanban style organization tool aimed at personal planning an ...) + NOT-FOR-US: Deck +CVE-2023-22470 (Nextcloud Deck is a kanban style organization tool aimed at personal p ...) + NOT-FOR-US: Deck +CVE-2023-22469 (Deck is a kanban style organization tool aimed at personal planning an ...) + NOT-FOR-US: Deck +CVE-2023-22468 (Discourse is an open source platform for community discussion. Version ...) + NOT-FOR-US: Discourse +CVE-2023-22467 (Luxon is a library for working with dates and times in JavaScript. On ...) + NOT-FOR-US: Luxon +CVE-2023-22466 (Tokio is a runtime for writing applications with Rust. Starting with v ...) + - rust-tokio 1.24.2-1 (bug #1029157) + [bullseye] - rust-tokio (Only affects 1.7.0 and later) + NOTE: https://rustsec.org/advisories/RUSTSEC-2023-0001.html + NOTE: https://github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7 +CVE-2023-22465 (Http4s is a Scala interface for HTTP services. Starting with version 0 ...) + NOT-FOR-US: http4s +CVE-2023-22463 (KubePi is a k8s panel. The jwt authentication function of KubePi throu ...) + NOT-FOR-US: KubePi +CVE-2023-22462 (Grafana is an open-source platform for monitoring and observability. O ...) + - grafana +CVE-2023-22461 (The `sanitize-svg` package, a small SVG sanitizer to prevent cross-sit ...) + NOT-FOR-US: sanitize-svg +CVE-2023-22460 (go-ipld-prime is an implementation of the InterPlanetary Linked Data ( ...) + NOT-FOR-US: go-ipld-prime +CVE-2023-22458 (Redis is an in-memory database that persists on disk. Authenticated us ...) + - redis 5:7.0.8-1 (bug #1029363) + [bullseye] - redis (Vulnerable code introduced later) + [buster] - redis (Vulnerable code introduced later) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-r8w2-2m53-gprj + NOTE: Introduced after: https://github.com/redis/redis/commit/b9a0500f16d0cd016398133cc7ac256ad927b679 (6.2-rc3) + NOTE: Fixed by: https://github.com/redis/redis/commit/3f1f02034ce674cad8268f958cf8c39944b240c6 (7.0.8) +CVE-2023-22457 (CKEditor Integration UI adds support for editing wiki pages using CKEd ...) + NOT-FOR-US: xwiki CKEditor Integration UI +CVE-2023-22464 (ViewVC is a browser interface for CVS and Subversion version control r ...) + {DLA-3266-1} + - viewvc + NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216 + NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-jvpj-293q-q53h + NOTE: https://github.com/viewvc/viewvc/commit/8c61b87b3e8745ab298e1463e1fce092e5c01026 (1.1.30) +CVE-2023-22456 (ViewVC, a browser interface for CVS and Subversion version control rep ...) + {DLA-3266-1} + - viewvc + NOTE: https://github.com/viewvc/viewvc/issues/311#issuecomment-1371011216 + NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-j4mx-f97j-gc5g + NOTE: https://github.com/viewvc/viewvc/commit/2d57d713aa9b64558a9ba3ea187866ce98564c0a (1.1.29) +CVE-2023-22455 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2023-22454 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2023-22453 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2023-22452 (kenny2automate is a Discord bot. In the web interface for server setti ...) + NOT-FOR-US: kenny2automate +CVE-2023-22451 (Kiwi TCMS is an open source test management system. In version 11.6 an ...) + NOT-FOR-US: Kiwi TCMS +CVE-2022-4823 (A vulnerability, which was classified as problematic, was found in InS ...) + NOT-FOR-US: InSTEDD Nuntium +CVE-2022-4822 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: FlatPress +CVE-2022-4821 (A vulnerability classified as problematic was found in FlatPress. This ...) + NOT-FOR-US: FlatPress +CVE-2022-4820 (A vulnerability classified as problematic has been found in FlatPress. ...) + NOT-FOR-US: FlatPress +CVE-2022-4819 (A vulnerability was found in HotCRP. It has been rated as problematic. ...) + NOT-FOR-US: HotCRP +CVE-2022-4818 (A vulnerability was found in Talend Open Studio for MDM. It has been d ...) + NOT-FOR-US: Talend Open Studio for MDM +CVE-2022-48178 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a st ...) + NOT-FOR-US: X2CRM Open Source Sales CRM +CVE-2022-48177 (X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a re ...) + NOT-FOR-US: X2CRM Open Source Sales CRM +CVE-2022-48176 (Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7 ...) + NOT-FOR-US: Netgear +CVE-2022-48175 (Rukovoditel v3.2.1 was discovered to contain a remote code execution ( ...) + NOT-FOR-US: Rukovoditel +CVE-2022-48174 (There is a stack overflow vulnerability in ash.c:6030 in busybox befor ...) + - busybox (bug #1059049) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=15216 + NOTE: https://git.busybox.net/busybox/commit/?id=d417193cf37ca1005830d7e16f5fa7e1d8a44209 +CVE-2022-48173 + RESERVED +CVE-2022-48172 + RESERVED +CVE-2022-48171 + RESERVED +CVE-2022-48170 + RESERVED +CVE-2022-48169 + RESERVED +CVE-2022-48168 + RESERVED +CVE-2022-48167 + RESERVED +CVE-2022-48166 (An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 all ...) + NOT-FOR-US: Wavlink +CVE-2022-48165 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) + NOT-FOR-US: Wavlink +CVE-2022-48164 (An access control issue in the component /cgi-bin/ExportLogs.sh of Wav ...) + NOT-FOR-US: Wavlink +CVE-2022-48163 + RESERVED +CVE-2022-48162 + RESERVED +CVE-2022-48161 (Easy Images v2.0 was discovered to contain an arbitrary file download ...) + NOT-FOR-US: Easy Images +CVE-2022-48160 + RESERVED +CVE-2022-48159 + RESERVED +CVE-2022-48158 + RESERVED +CVE-2022-48157 + RESERVED +CVE-2022-48156 + RESERVED +CVE-2022-48155 + RESERVED +CVE-2022-48154 + RESERVED +CVE-2022-48153 + RESERVED +CVE-2022-48152 (SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to ex ...) + NOT-FOR-US: RemoteClinic +CVE-2022-48151 + RESERVED +CVE-2022-48150 (Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: Shopware +CVE-2022-48149 (Online Student Admission System in PHP Free Source Code 1.0 was discov ...) + NOT-FOR-US: Online Student Admission System in PHP Free Source Code +CVE-2022-48148 + RESERVED +CVE-2022-48147 + RESERVED +CVE-2022-48146 + RESERVED +CVE-2022-48145 + RESERVED +CVE-2022-48144 + RESERVED +CVE-2022-48143 + RESERVED +CVE-2022-48142 + RESERVED +CVE-2022-48141 + RESERVED +CVE-2022-48140 (DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: DedeCMS +CVE-2022-48139 + RESERVED +CVE-2022-48138 + REJECTED +CVE-2022-48137 + REJECTED +CVE-2022-48136 + RESERVED +CVE-2022-48135 + RESERVED +CVE-2022-48134 + RESERVED +CVE-2022-48133 + RESERVED +CVE-2022-48132 + RESERVED +CVE-2022-48131 + RESERVED +CVE-2022-48130 (Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-48129 + RESERVED +CVE-2022-48128 + RESERVED +CVE-2022-48127 + RESERVED +CVE-2022-48126 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48125 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48124 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48123 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48122 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48121 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48120 (SQL Injection vulnerability in kishan0725 Hospital Management System t ...) + NOT-FOR-US: kishan0725 Hospital Management System +CVE-2022-48119 + RESERVED +CVE-2022-48118 (Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: Jorani +CVE-2022-48117 + RESERVED +CVE-2022-48116 (AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: AyaCMS +CVE-2022-48115 (The dropdown menu in jspreadsheet before v4.6.0 was discovered to be v ...) + NOT-FOR-US: jspreadsheet +CVE-2022-48114 (RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: RuoYi +CVE-2022-48113 (A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows una ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48112 + RESERVED +CVE-2022-48111 (A cross-site scripting (XSS) vulnerability in the check_login function ...) + NOT-FOR-US: SIPE +CVE-2022-48110 (CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scri ...) + NOT-FOR-US: Disputed ckeditor issue +CVE-2022-48109 + RESERVED +CVE-2022-48108 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...) + NOT-FOR-US: D-Link +CVE-2022-48107 (D-Link DIR_878_FW1.30B08 was discovered to contain a command injection ...) + NOT-FOR-US: D-Link +CVE-2022-48106 + RESERVED +CVE-2022-48105 + RESERVED +CVE-2022-48104 + RESERVED +CVE-2022-48103 + RESERVED +CVE-2022-48102 + RESERVED +CVE-2022-48101 + RESERVED +CVE-2022-48100 + RESERVED +CVE-2022-48099 + RESERVED +CVE-2022-48098 + RESERVED +CVE-2022-48097 + RESERVED +CVE-2022-48096 + RESERVED +CVE-2022-48095 + RESERVED +CVE-2022-48094 (lmxcms v1.41 was discovered to contain an arbitrary file read vulnerab ...) + NOT-FOR-US: lmxcms +CVE-2022-48093 (Seacms v12.7 was discovered to contain a remote code execution (RCE) v ...) + NOT-FOR-US: Seacms +CVE-2022-48092 + RESERVED +CVE-2022-48091 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site ...) + NOT-FOR-US: Tramyardg hotel-mgmt-system +CVE-2022-48090 (Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Inject ...) + NOT-FOR-US: Tramyardg hotel-mgmt-system +CVE-2022-48089 + RESERVED +CVE-2022-48088 + RESERVED +CVE-2022-48087 + RESERVED +CVE-2022-48086 + RESERVED +CVE-2022-48085 (Softr v2.0 was discovered to contain a HTML injection vulnerability vi ...) + NOT-FOR-US: Softr +CVE-2022-48084 + RESERVED +CVE-2022-48083 + RESERVED +CVE-2022-48082 (Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnera ...) + NOT-FOR-US: Easyone CRM +CVE-2022-48081 + RESERVED +CVE-2022-48080 + RESERVED +CVE-2022-48079 (Monnai aaPanel host system v1.5 contains an access control issue which ...) + NOT-FOR-US: Monnai aaPanel host system +CVE-2022-48078 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...) + NOT-FOR-US: pycdc +CVE-2022-48077 (Genymotion Desktop v3.3.2 was discovered to contain a DLL hijacking vu ...) + NOT-FOR-US: Genymotion Desktop +CVE-2022-48076 + RESERVED +CVE-2022-48075 + RESERVED +CVE-2022-48074 (An issue in NoMachine before v8.2.3 allows attackers to execute arbitr ...) + NOT-FOR-US: NoMachine +CVE-2022-48073 (Phicomm K2G v22.6.3.20 was discovered to store the root and admin pass ...) + NOT-FOR-US: Phicomm +CVE-2022-48072 (Phicomm K2G v22.6.3.20 was discovered to contain a command injection v ...) + NOT-FOR-US: Phicomm +CVE-2022-48071 (Phicomm K2 v22.6.534.263 was discovered to store the root and admin pa ...) + NOT-FOR-US: Phicomm +CVE-2022-48070 (Phicomm K2 v22.6.534.263 was discovered to contain a command injection ...) + NOT-FOR-US: Phicomm +CVE-2022-48069 (Totolink A830R V4.1.2cu.5182 was discovered to contain a command injec ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48068 + RESERVED +CVE-2022-48067 (An information disclosure vulnerability in Totolink A830R V4.1.2cu.518 ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48066 (An issue in the component global.so of Totolink A830R V4.1.2cu.5182 al ...) + NOT-FOR-US: TOTOLINK +CVE-2022-48065 (GNU Binutils before 2.40 was discovered to contain a memory leak vulne ...) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29925 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d28fbc7197ba0e021a43f873eff90b05dcdcff6a (binutils-2_40) + NOTE: binutils not covered by security support +CVE-2022-48064 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29922 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931 (binutils-2_40) + NOTE: binutils not covered by security support +CVE-2022-48063 (GNU Binutils before 2.40 was discovered to contain an excessive memory ...) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29924 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd (binutils-2_40) + NOTE: binutils not covered by security support +CVE-2022-48062 + RESERVED +CVE-2022-48061 + RESERVED +CVE-2022-48060 + RESERVED +CVE-2022-48059 + RESERVED +CVE-2022-48058 + RESERVED +CVE-2022-48057 + RESERVED +CVE-2022-48056 + RESERVED +CVE-2022-48055 + RESERVED +CVE-2022-48054 + RESERVED +CVE-2022-48053 + RESERVED +CVE-2022-48052 + RESERVED +CVE-2022-48051 + RESERVED +CVE-2022-48050 + RESERVED +CVE-2022-48049 + RESERVED +CVE-2022-48048 + RESERVED +CVE-2022-48047 + RESERVED +CVE-2022-48046 + RESERVED +CVE-2022-48045 + RESERVED +CVE-2022-48044 + RESERVED +CVE-2022-48043 + RESERVED +CVE-2022-48042 + RESERVED +CVE-2022-48041 + RESERVED +CVE-2022-48040 + RESERVED +CVE-2022-48039 + RESERVED +CVE-2022-48038 + RESERVED +CVE-2022-48037 + RESERVED +CVE-2022-48036 + RESERVED +CVE-2022-48035 + RESERVED +CVE-2022-48034 + RESERVED +CVE-2022-48033 + RESERVED +CVE-2022-48032 + RESERVED +CVE-2022-48031 + RESERVED +CVE-2022-48030 + RESERVED +CVE-2022-48029 + RESERVED +CVE-2022-48028 + RESERVED +CVE-2022-48027 + RESERVED +CVE-2022-48026 + RESERVED +CVE-2022-48025 + RESERVED +CVE-2022-48024 + RESERVED +CVE-2022-48023 (Insufficient privilege verification in Zammad v5.3.0 allows an authent ...) + - zammad (bug #841355) +CVE-2022-48022 (An issue in the component /api/v1/mentions of Zammad v5.3.0 allows aut ...) + - zammad (bug #841355) +CVE-2022-48021 (A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary ...) + - zammad (bug #841355) +CVE-2022-48020 (Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site sc ...) + NOT-FOR-US: Vinteo VCC +CVE-2022-48019 (The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3 ...) + NOT-FOR-US: Another Eden +CVE-2022-48018 + RESERVED +CVE-2022-48017 + RESERVED +CVE-2022-48016 + RESERVED +CVE-2022-48015 + RESERVED +CVE-2022-48014 + RESERVED +CVE-2022-48013 (Opencats v0.9.7 was discovered to contain a stored cross-site scriptin ...) + NOT-FOR-US: Opencats +CVE-2022-48012 (Opencats v0.9.7 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: Opencats +CVE-2022-48011 (Opencats v0.9.7 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Opencats +CVE-2022-48010 (LimeSurvey v5.4.15 was discovered to contain a stored cross-site scrip ...) + - limesurvey (bug #472802) +CVE-2022-48009 + RESERVED +CVE-2022-48008 (An arbitrary file upload vulnerability in the plugin manager of LimeSu ...) + - limesurvey (bug #472802) +CVE-2022-48007 (A stored cross-site scripting (XSS) vulnerability in identification.ph ...) + - piwigo +CVE-2022-48006 (An arbitrary file upload vulnerability in taocms v3.0.2 allows attacke ...) + NOT-FOR-US: Taocms +CVE-2022-48005 + RESERVED +CVE-2022-48004 + RESERVED +CVE-2022-48003 + RESERVED +CVE-2022-48002 + RESERVED +CVE-2022-48001 + RESERVED +CVE-2022-48000 + RESERVED +CVE-2022-47999 + RESERVED +CVE-2022-47998 + RESERVED +CVE-2022-47997 + RESERVED +CVE-2022-47996 + RESERVED +CVE-2022-47995 + RESERVED +CVE-2022-47994 + RESERVED +CVE-2022-47993 + RESERVED +CVE-2022-47992 + RESERVED +CVE-2022-47991 + RESERVED +CVE-2018-25057 (A vulnerability was found in simple_php_link_shortener. It has been cl ...) + NOT-FOR-US: simple_php_link_shortener +CVE-2022-4817 (A vulnerability was found in centic9 jgit-cookbook. It has been declar ...) + NOT-FOR-US: centic9 jgit-cookbook +CVE-2022-4816 (A denial-of-service vulnerability has been identified in Lenovo Safece ...) + NOT-FOR-US: Lenovo +CVE-2022-4815 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi Vantara Pentaho Business Analytics Server +CVE-2022-4814 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4813 (Insufficient Granularity of Access Control in GitHub repository usemem ...) + NOT-FOR-US: usememos +CVE-2022-4812 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-4811 (Authorization Bypass Through User-Controlled Key vulnerability in usem ...) + NOT-FOR-US: usememos +CVE-2022-4810 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4809 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4808 (Improper Privilege Management in GitHub repository usememos/memos prio ...) + NOT-FOR-US: usememos +CVE-2022-4807 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4806 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-4805 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) + NOT-FOR-US: usememos +CVE-2022-4804 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...) + NOT-FOR-US: usememos +CVE-2022-4803 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-4802 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-4801 (Insufficient Granularity of Access Control in GitHub repository usemem ...) + NOT-FOR-US: usememos +CVE-2022-4800 (Improper Verification of Source of a Communication Channel in GitHub r ...) + NOT-FOR-US: usememos +CVE-2022-47990 (IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged loca ...) + NOT-FOR-US: IBM +CVE-2022-4799 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-47989 + RESERVED +CVE-2022-47988 + RESERVED +CVE-2022-47987 + RESERVED +CVE-2022-47986 (IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote ...) + NOT-FOR-US: IBM +CVE-2022-47985 + RESERVED +CVE-2022-47984 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) + NOT-FOR-US: IBM +CVE-2022-47983 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-47982 + RESERVED +CVE-2022-47981 + RESERVED +CVE-2022-47980 + RESERVED +CVE-2022-4798 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-47979 + RESERVED +CVE-2022-47978 + RESERVED +CVE-2022-47977 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...) + NOT-FOR-US: JT Open +CVE-2022-47976 (The DMSDP module of the distributed hardware has a vulnerability that ...) + NOT-FOR-US: Huawei +CVE-2022-47975 (The DUBAI module has a double free vulnerability. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2022-47974 (The Bluetooth AVRCP module has a vulnerability that can lead to DoS at ...) + NOT-FOR-US: Huawei +CVE-2022-4797 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: usememos +CVE-2022-4796 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) + NOT-FOR-US: usememos +CVE-2022-4795 (The Galleries by Angie Makes WordPress plugin through 1.67 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4794 (The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4793 (The Blog Designer WordPress plugin before 2.4.1 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4792 (The News & Blog Designer Pack WordPress plugin before 3.3 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4791 (The Product Slider and Carousel with Category for WooCommerce WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4790 (The WP Google My Business Auto Publish WordPress plugin before 3.4 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4789 (The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4788 (The Embed PDF WordPress plugin through 1.0.6 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4787 (Themify Shortcodes WordPress plugin before 2.0.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4786 (The Video.js WordPress plugin through 4.5.0 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4785 (The Video Sidebar Widgets WordPress plugin through 6.1 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4784 (The Hueman Addons WordPress plugin through 2.3.3 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4783 (The Youtube Channel Gallery WordPress plugin through 2.4 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4782 (The ClickFunnels WordPress plugin through 3.1.1 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4781 (The Accordion Shortcodes WordPress plugin through 2.4.2 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4780 (ISOS firmwares from versions 1.81 to 2.00 contain hardcoded credential ...) + NOT-FOR-US: ISOS firmwares +CVE-2022-4779 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...) + NOT-FOR-US: StreamX applications +CVE-2022-4778 (StreamX applications from versions 6.02.01 to 6.04.34 are affected by ...) + NOT-FOR-US: StreamX applications +CVE-2021-46868 (The HW_KEYMASTER module has a problem in releasing memory.Successful e ...) + NOT-FOR-US: Huawei +CVE-2021-46867 (The HW_KEYMASTER module has a problem in releasing memory.Successful e ...) + NOT-FOR-US: Huawei +CVE-2021-4294 (A vulnerability was found in OpenShift OSIN. It has been classified as ...) + NOT-FOR-US: OpenShift OSIN +CVE-2021-4293 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: gnuboard youngcart5 +CVE-2019-25092 (A vulnerability classified as problematic was found in Nakiami Mellivo ...) + NOT-FOR-US: Nakiami Mellivora +CVE-2018-25056 (A vulnerability, which was classified as problematic, was found in yol ...) + NOT-FOR-US: yolapi +CVE-2018-25055 (A vulnerability was found in FarCry Solr Pro Plugin up to 1.5.x. It ha ...) + NOT-FOR-US: FarCry Solr Pro Plugin +CVE-2018-25054 (A vulnerability was found in shred cilla. It has been classified as pr ...) + NOT-FOR-US: cilla +CVE-2018-25053 (A vulnerability was found in moappi Json2html up to 1.1.x and classifi ...) + NOT-FOR-US: json2html +CVE-2018-25052 (A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 a ...) + - libcatalyst-plugin-session-perl 0.41-1 + NOTE: https://github.com/perl-catalyst/Catalyst-Plugin-Session/commit/88d1b599e1163761c9bd53bec53ba078f13e09d4 (0.41) +CVE-2018-25051 (A vulnerability, which was classified as problematic, was found in JmP ...) + NOT-FOR-US: JmPotato Pomash +CVE-2018-25050 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Harvest Chosen +CVE-2017-20150 (A vulnerability was found in challenge website. It has been rated as c ...) + NOT-FOR-US: challenge website +CVE-2022-XXXX [RUSTSEC-2022-0074] + - rust-prettytable-rs 0.10.0-1 (bug #1027282) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0074.html + NOTE: https://github.com/phsym/prettytable-rs/issues/145 +CVE-2023-22438 (Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 ...) + NOT-FOR-US: EC-CUBE +CVE-2023-22432 (Open redirect vulnerability exists in web2py versions prior to 2.23.1. ...) + - web2py +CVE-2023-22429 (Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier ...) + NOT-FOR-US: Android App 'Wolt Delivery: Food and more' +CVE-2023-22427 (Stored cross-site scripting vulnerability in Theme switching function ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-22425 (Stored cross-site scripting vulnerability in Schedule function of SHIR ...) + NOT-FOR-US: SHIRASAGI +CVE-2023-22424 (Use-after-free vulnerability exists in Kostac PLC Programming Software ...) + NOT-FOR-US: Kostac +CVE-2023-22421 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...) + NOT-FOR-US: Kostac +CVE-2023-22419 (Out-of-bounds read vulnerability exists in Kostac PLC Programming Soft ...) + NOT-FOR-US: Kostac +CVE-2023-22377 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) + NOT-FOR-US: tsClinical +CVE-2023-22376 (Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan ...) + NOT-FOR-US: Tilt Network Camera +CVE-2023-22375 (Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN ...) + NOT-FOR-US: Tilt Network Camera +CVE-2023-22370 (Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Ti ...) + NOT-FOR-US: Tilt Network Camera +CVE-2023-22369 + REJECTED +CVE-2023-22368 (Untrusted search path vulnerability in ELECOM Camera Assistant 1.00 an ...) + NOT-FOR-US: ELECOM +CVE-2023-22367 (Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Androi ...) + NOT-FOR-US: Ichiran +CVE-2023-22362 (SUSHIRO App for Android outputs sensitive information to the log file, ...) + NOT-FOR-US: SUSHIRO +CVE-2023-22360 (Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0. ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22353 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22350 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22349 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22347 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22346 (Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22345 (Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ve ...) + NOT-FOR-US: Screen Creator Advance +CVE-2023-22344 (Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and e ...) + NOT-FOR-US: SS1 +CVE-2023-22336 (Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Raku ...) + NOT-FOR-US: SS1 +CVE-2023-22335 (Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier ...) + NOT-FOR-US: SS1 +CVE-2023-22333 (Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier al ...) + NOT-FOR-US: EasyMail +CVE-2023-22332 (Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4. ...) + - pgpool2 4.3.5-1 (bug #1030048) + [bullseye] - pgpool2 (Minor issue) + [buster] - pgpool2 (Minor issue, restricted system account password hash leak to authentified users) + NOTE: https://www.pgpool.net/mediawiki/index.php/Main_Page#News +CVE-2023-22324 (SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5. ...) + NOT-FOR-US: CONPROSYS +CVE-2023-22322 (Improper restriction of XML external entity reference (XXE) vulnerabil ...) + NOT-FOR-US: CX-Motion Pro +CVE-2023-22320 (OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM ...) + NOT-FOR-US: OpenAM Web Policy Agent (different from src:openam) +CVE-2023-22316 (Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...) + NOT-FOR-US: PIXELA +CVE-2023-22304 (OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1 ...) + NOT-FOR-US: PIXELA +CVE-2023-22303 (TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 2022 ...) + NOT-FOR-US: TP-Link +CVE-2023-22298 (Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allow ...) + - pgadmin4 (bug #834129) +CVE-2023-22296 (Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer s ...) + NOT-FOR-US: Mahoroba Kobo +CVE-2023-22286 (Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevance ...) + NOT-FOR-US: Mahoroba Kobo +CVE-2023-22280 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...) + NOT-FOR-US: Mahoroba Kobo +CVE-2023-22279 (MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX ...) + NOT-FOR-US: Mahoroba Kobo +CVE-2023-22278 (m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver ...) + NOT-FOR-US: Digital Arts +CVE-2022-47969 + RESERVED +CVE-2022-4777 (The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4776 (The CC Child Pages WordPress plugin before 1.43 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4775 (The GeoDirectory WordPress plugin before 2.2.22 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4774 (The Bit Form WordPress plugin before 1.9 does not validate the file ty ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4773 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problema ...) + NOT-FOR-US: cloudsync +CVE-2022-4772 (A vulnerability was found in Widoco and classified as critical. Affect ...) + NOT-FOR-US: Widoco +CVE-2022-4771 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-4770 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-4769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-4768 (A vulnerability was found in Dropbox merou. It has been classified as ...) + NOT-FOR-US: Dropbox merou +CVE-2022-47318 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...) + {DLA-3303-1} + - ruby-git 1.13.1-1 + [bullseye] - ruby-git (Minor issue) + NOTE: https://github.com/ruby-git/ruby-git/pull/602 + NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0) +CVE-2022-46648 (ruby-git versions prior to v1.13.0 allows a remote authenticated attac ...) + {DLA-3303-1} + - ruby-git 1.13.1-1 + [bullseye] - ruby-git (Minor issue) + NOTE: https://github.com/ruby-git/ruby-git/pull/602 + NOTE: https://github.com/ruby-git/ruby-git/commit/4fe8738e8348567255ab4be25867684b5d0d282d (v1.13.0) +CVE-2021-4292 (A vulnerability was found in OpenMRS Admin UI Module up to 1.4.x. It h ...) + NOT-FOR-US: OpenMRS +CVE-2021-4291 (A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It h ...) + NOT-FOR-US: OpenMRS +CVE-2021-4290 (A vulnerability was found in DHBW Fallstudie. It has been declared as ...) + NOT-FOR-US: DHBW Fallstudie +CVE-2020-36636 (A vulnerability classified as problematic has been found in OpenMRS Ad ...) + NOT-FOR-US: OpenMRS +CVE-2020-36635 (A vulnerability was found in OpenMRS Appointment Scheduling Module up ...) + NOT-FOR-US: OpenMRS +CVE-2019-25091 (A vulnerability classified as problematic has been found in nsupdate.i ...) + NOT-FOR-US: nsupdate.info +CVE-2023-22417 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22416 (A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos O ...) + NOT-FOR-US: Juniper +CVE-2023-22415 (An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Netwo ...) + NOT-FOR-US: Juniper +CVE-2023-22414 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22413 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-22412 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...) + NOT-FOR-US: Juniper +CVE-2023-22411 (An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) ...) + NOT-FOR-US: Juniper +CVE-2023-22410 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22409 (An Unchecked Input for Loop Condition vulnerability in a NAT library o ...) + NOT-FOR-US: Juniper +CVE-2023-22408 (An Improper Validation of Array Index vulnerability in the SIP ALG of ...) + NOT-FOR-US: Juniper +CVE-2023-22407 (An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rp ...) + NOT-FOR-US: Juniper +CVE-2023-22406 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22405 (An Improper Preservation of Consistency Between Independent Representa ...) + NOT-FOR-US: Juniper +CVE-2023-22404 (An Out-of-bounds Write vulnerability in the Internet Key Exchange Prot ...) + NOT-FOR-US: Juniper +CVE-2023-22403 (An Allocation of Resources Without Limits or Throttling vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-22402 (A Use After Free vulnerability in the kernel of Juniper Networks Junos ...) + NOT-FOR-US: Juniper +CVE-2023-22401 (An Improper Validation of Array Index vulnerability in the Advanced Fo ...) + NOT-FOR-US: Juniper +CVE-2023-22400 (An Uncontrolled Resource Consumption vulnerability in the PFE manageme ...) + NOT-FOR-US: Juniper +CVE-2023-22399 (When sFlow is enabled and it monitors a packet forwarded via ECMP, a b ...) + NOT-FOR-US: Juniper +CVE-2023-22398 (An Access of Uninitialized Pointer vulnerability in the Routing Protoc ...) + NOT-FOR-US: Juniper +CVE-2023-22397 (An Allocation of Resources Without Limits or Throttling weakness in th ...) + NOT-FOR-US: Juniper +CVE-2023-22396 (An Uncontrolled Resource Consumption vulnerability in TCP processing o ...) + NOT-FOR-US: Juniper +CVE-2023-22395 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22394 (An Improper Handling of Unexpected Data Type vulnerability in the hand ...) + NOT-FOR-US: Juniper +CVE-2023-22393 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2023-22392 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2023-22391 (A vulnerability in class-of-service (CoS) queue management in Juniper ...) + NOT-FOR-US: Juniper +CVE-2023-22366 (CX-Motion-MCH v2.32 and earlier contains an access of uninitialized po ...) + NOT-FOR-US: CX-Motion-MCH +CVE-2023-22357 (Active debug code exists in OMRON CP1L-EL20DR-D all versions, which ma ...) + NOT-FOR-US: OMROM +CVE-2023-22317 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) + NOT-FOR-US: CX-Programmer +CVE-2023-22314 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) + NOT-FOR-US: CX-Programmer +CVE-2023-22277 (Use after free vulnerability exists in CX-Programmer Ver.9.79 and earl ...) + NOT-FOR-US: CX-Programmer +CVE-2023-0026 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) + NOT-FOR-US: Juniper +CVE-2022-47968 (Heimdall Application Dashboard through 2.5.4 allows reflected and stor ...) + NOT-FOR-US: Heimdall Application Dashboard +CVE-2022-47967 (A vulnerability has been identified in Solid Edge (All versions < V202 ...) + NOT-FOR-US: Siemens +CVE-2022-4767 (Denial of Service in GitHub repository usememos/memos prior to 0.9.1.) + NOT-FOR-US: usememos +CVE-2022-4766 (A vulnerability was found in dolibarr_project_timesheet up to 4.5.5. I ...) + NOT-FOR-US: dolibarr_project_timesheet +CVE-2022-4765 (The Portfolio for Elementor WordPress plugin before 2.3.1 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4764 (The Simple File Downloader WordPress plugin through 1.0.4 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4763 (The Icon Widget WordPress plugin before 1.3.0 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4762 (The Materialis Companion WordPress plugin before 1.3.40 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4761 (The Post Views Count WordPress plugin through 3.0.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4760 (The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4759 (The GigPress WordPress plugin before 2.3.28 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4758 (The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4757 (The List Pages Shortcode WordPress plugin before 1.7.6 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4756 (The My YouTube Channel WordPress plugin before 3.23.0 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4755 (A vulnerability was found in FlatPress and classified as problematic. ...) + NOT-FOR-US: FlatPress +CVE-2022-4754 (The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4753 (The Print-O-Matic WordPress plugin before 2.1.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4752 (The Opening Hours WordPress plugin through 2.3.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4751 (The Word Balloon WordPress plugin before 4.19.3 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4750 (The WP Responsive Testimonials Slider And Widget WordPress plugin thro ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4749 (The Posts List Designer by Category WordPress plugin before 3.2 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4748 (A vulnerability was found in FlatPress. It has been classified as crit ...) + NOT-FOR-US: FlatPress +CVE-2022-4747 (The Post Category Image With Grid and Slider WordPress plugin before 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4289 (A vulnerability classified as problematic was found in OpenMRS openmrs ...) + NOT-FOR-US: OpenMRS +CVE-2021-4288 (A vulnerability was found in OpenMRS openmrs-module-referenceapplicati ...) + NOT-FOR-US: OpenMRS +CVE-2021-4287 (A vulnerability, which was classified as problematic, was found in ReF ...) + - binwalk 2.3.3+dfsg1-1 (unimportant) + NOTE: https://github.com/ReFirmLabs/binwalk/commit/fa0c0bd59b8588814756942fe4cb5452e76c1dcd (v2.3.3) + NOTE: https://github.com/ReFirmLabs/binwalk/pull/556 + NOTE: This is not a security vulnerability, but only adds a security-related feature +CVE-2021-4286 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: cocagne pysrp +CVE-2021-4285 (A vulnerability classified as problematic was found in Nagios NCPA. Th ...) + NOT-FOR-US: Nagios NCPA +CVE-2021-4284 (A vulnerability classified as problematic has been found in OpenMRS HT ...) + NOT-FOR-US: OpenMRS +CVE-2021-4283 (A vulnerability was found in FreeBPX voicemail. It has been rated as p ...) + NOT-FOR-US: FreeBPX voicemail +CVE-2021-4282 (A vulnerability was found in FreePBX voicemail. It has been declared a ...) + NOT-FOR-US: FreePBX voicemail +CVE-2020-36634 (A vulnerability classified as problematic has been found in Indeed Eng ...) + NOT-FOR-US: Indeed Engineering util +CVE-2020-36633 (A vulnerability was found in moodle-block_sitenews 1.0. It has been cl ...) + NOT-FOR-US: moodle-block_sitenews +CVE-2019-25090 (A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and cla ...) + NOT-FOR-US: FreePBX arimanager +CVE-2019-25089 (A vulnerability has been found in Morgawr Muon 0.1.1 and classified as ...) + NOT-FOR-US: Morgawr Muon +CVE-2019-25088 (A vulnerability was found in ytti Oxidized Web. It has been classified ...) + NOT-FOR-US: ytti Oxidized Web +CVE-2019-25087 (A vulnerability was found in RamseyK httpserver. It has been rated as ...) + NOT-FOR-US: RamseyK httpserver +CVE-2019-25086 (A vulnerability was found in IET-OU Open Media Player up to 1.5.0. It ...) + NOT-FOR-US: IET-OU Open Media Player +CVE-2018-25049 (A vulnerability was found in email-existence. It has been rated as pro ...) + NOT-FOR-US: email-existence +CVE-2015-10005 (A vulnerability was found in markdown-it up to 2.x. It has been classi ...) + NOT-FOR-US: Fuji Electric +CVE-2022-47966 (Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Pl ...) + NOT-FOR-US: Zoho +CVE-2022-4746 (The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a vis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4745 (The WP Customer Area WordPress plugin before 8.1.4 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4281 (A vulnerability was found in Brave UX for-the-badge and classified as ...) + NOT-FOR-US: Brave UX for-the-badge +CVE-2022-47908 (Stack-based buffer overflow vulnerability in V-Server v4.0.12.0 and ea ...) + NOT-FOR-US: Fuji Electric +CVE-2022-4744 (A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device ...) + {DLA-3403-1} + - linux 5.15.15-1 + [bullseye] - linux 5.10.136-1 + NOTE: https://git.kernel.org/linus/158b515f703e75e7d68289bf4d98c664e1d632df (5.16-rc7) +CVE-2022-4743 (A potential memory leak issue was discovered in SDL2 in GLES_CreateTex ...) + {DLA-3314-1} + - libsdl2 2.26.0+dfsg-1 + [bullseye] - libsdl2 (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2156290 + NOTE: https://github.com/libsdl-org/SDL/pull/6269 + NOTE: Fixed by: https://github.com/libsdl-org/SDL/commit/00b67f55727bc0944c3266e2b875440da132ce4b (prerelease-2.25.1) +CVE-2022-4742 (A vulnerability, which was classified as critical, has been found in j ...) + NOT-FOR-US: Node json-pointer module +CVE-2022-47317 (Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier al ...) + NOT-FOR-US: Fuji Electric +CVE-2022-46360 (Out-of-bounds read vulnerability in V-SFT v6.1.7.0 and earlier and TEL ...) + NOT-FOR-US: Fuji Electric +CVE-2022-43448 (Out-of-bounds write vulnerability in V-SFT v6.1.7.0 and earlier and TE ...) + NOT-FOR-US: Fuji Electric +CVE-2022-41645 (Out-of-bounds read vulnerability in V-Server v4.0.12.0 and earlier all ...) + NOT-FOR-US: Fuji Electric +CVE-2022-4741 (A vulnerability was found in docconv up to 1.2.0 and classified as pro ...) + NOT-FOR-US: docconv +CVE-2022-4740 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: kkFileView +CVE-2022-4739 (A vulnerability classified as critical was found in SourceCodester Sch ...) + NOT-FOR-US: SourceCodester School Dormitory Management System +CVE-2022-4738 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Blood Bank Management System +CVE-2022-4737 (A vulnerability was found in SourceCodester Blood Bank Management Syst ...) + NOT-FOR-US: SourceCodester Blood Bank Management System +CVE-2022-4736 (A vulnerability was found in Venganzas del Pasado and classified as pr ...) + NOT-FOR-US: Venganzas del Pasado +CVE-2021-4280 (A vulnerability was found in styler_praat_scripts. It has been classif ...) + NOT-FOR-US: styler_praat_scripts +CVE-2021-4279 (A vulnerability has been found in Starcounter-Jack JSON-Patch up to 3. ...) + NOT-FOR-US: Starcounter-Jack JSON-Patch +CVE-2020-36632 (A vulnerability, which was classified as critical, was found in hughsk ...) + NOT-FOR-US: hughsk flat +CVE-2020-36631 (A vulnerability was found in barronwaffles dwc_network_server_emulator ...) + NOT-FOR-US: barronwaffles dwc_network_server_emulator +CVE-2020-36630 (A vulnerability was found in FreePBX cdr 14.0. It has been classified ...) + NOT-FOR-US: FreePBX +CVE-2019-25085 (A vulnerability was found in GNOME gvdb. It has been classified as cri ...) + - glib2.0 2.66.0-1 + [buster] - glib2.0 (Transient vulnerable code not present) + - epiphany-browser 3.34.1-1 + [buster] - epiphany-browser (vulnerable code introduced later in version 3.33.4) + NOTE: Fix in gvdb: https://github.com/GNOME/gvdb/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2019-06-27) + NOTE: Introduced by gvdb: https://github.com/GNOME/gvdb/commit/d12c5aaba8f2f6208c3493b42ab15a139c049d58 (2019-06-20) + NOTE: Fix in glib2.0: https://github.com/GNOME/glib/commit/d83587b2a364eb9a9a53be7e6a708074e252de14 (2.65.0) + NOTE: Fix in Epiphany: https://gitlab.gnome.org/GNOME/epiphany/-/commit/de54f9b1ad9784b07150eeffa125193d583b3b1c (3.33.4) +CVE-2022-4735 (A vulnerability classified as problematic was found in asrashley dash- ...) + NOT-FOR-US: asrashley dash-live +CVE-2021-4278 (A vulnerability classified as problematic has been found in cronvel tr ...) + NOT-FOR-US: cronvel tree-kit +CVE-2019-25084 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Hide Files on GitHub Chrome extension +CVE-2022-47952 (lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may al ...) + {DLA-3533-1} + - lxc 1:5.0.2-1 + [bullseye] - lxc 1:4.0.6-2+deb11u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157281 + NOTE: https://github.com/MaherAzzouzi/CVE-2022-47952 + NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1783591/comments/45 + NOTE: Different issue than CVE-2018-6556 + NOTE: https://github.com/lxc/lxc/commit/80553b5b412365f429aff93cff178e3e952ee6bd +CVE-2022-47951 (An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before ...) + {DSA-5338-1 DSA-5337-1 DSA-5336-1 DLA-3302-1 DLA-3301-1 DLA-3300-1} + - nova 2:26.0.0-6 (bug #1029561) + - cinder 2:21.0.0-3 (bug #1029562) + - glance 2:25.0.0-2 (bug #1029563) + NOTE: https://bugs.launchpad.net/nova/+bug/1996188 +CVE-2022-47950 (An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...) + {DSA-5327-1 DLA-3281-1} + - swift 2.30.0-4 (bug #1029154) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/1 +CVE-2022-47949 (The Nintendo NetworkBuffer class, as used in Animal Crossing: New Hori ...) + NOT-FOR-US: Animal Crossing +CVE-2022-47948 + RESERVED +CVE-2022-47947 + RESERVED +CVE-2022-4734 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + NOT-FOR-US: usememos +CVE-2022-4733 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) + NOT-FOR-US: OpenEMR +CVE-2022-4732 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...) + NOT-FOR-US: microweber +CVE-2022-4731 (A vulnerability, which was classified as problematic, was found in mya ...) + NOT-FOR-US: myapnea +CVE-2022-4730 (A vulnerability was found in Graphite Web. It has been classified as p ...) + {DLA-3309-1} + - graphite-web 1.1.8-1.1 (bug #1026992) + NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 + NOTE: https://github.com/graphite-project/graphite-web/issues/2746 + NOTE: https://github.com/graphite-project/graphite-web/pull/2785 +CVE-2022-4729 (A vulnerability was found in Graphite Web and classified as problemati ...) + {DLA-3309-1} + - graphite-web 1.1.8-1.1 (bug #1026992) + NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 + NOTE: https://github.com/graphite-project/graphite-web/issues/2745 + NOTE: https://github.com/graphite-project/graphite-web/pull/2785 +CVE-2022-4728 (A vulnerability has been found in Graphite Web and classified as probl ...) + {DLA-3309-1} + - graphite-web 1.1.8-1.1 (bug #1026992) + NOTE: https://github.com/graphite-project/graphite-web/commit/2f178f490e10efc03cd1d27c72f64ecab224eb23 + NOTE: https://github.com/graphite-project/graphite-web/issues/2744 + NOTE: https://github.com/graphite-project/graphite-web/pull/2785 +CVE-2022-4727 (A vulnerability, which was classified as problematic, was found in Ope ...) + NOT-FOR-US: OpenMRS +CVE-2022-4726 (A vulnerability classified as critical was found in SourceCodester San ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-4725 (A vulnerability was found in AWS SDK 2.59.0. It has been rated as crit ...) + NOT-FOR-US: aws-sdk-android +CVE-2021-4277 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: fredsmith utils +CVE-2021-4276 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in dns-stats ...) + NOT-FOR-US: dns-stats hedgehog +CVE-2020-36629 (A vulnerability classified as critical was found in SimbCo httpster. T ...) + NOT-FOR-US: SimbCo httpster +CVE-2020-36628 (A vulnerability classified as critical has been found in Calsign APDE. ...) + NOT-FOR-US: Calsign APDE +CVE-2020-36627 (A vulnerability was found in Macaron i18n. It has been declared as pro ...) + - golang-github-go-macaron-i18n + [bullseye] - golang-github-go-macaron-i18n (Minor issue, no reverse deps) + [buster] - golang-github-go-macaron-i18n (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/go-macaron/i18n/commit/329b0c4844cc16a5a253c011b55180598e707735 (v0.5.0) +CVE-2020-36626 (A vulnerability classified as critical has been found in Modern Tribe ...) + NOT-FOR-US: Modern Tribe Panel Builder Plugin +CVE-2022-47946 (An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/22/2 +CVE-2022-47945 (ThinkPHP Framework before 6.0.14 allows local file inclusion via the l ...) + NOT-FOR-US: ThinkPHP Framework +CVE-2022-47944 + RESERVED +CVE-2022-4724 (Improper Access Control in GitHub repository ikus060/rdiffweb prior to ...) + - rdiffweb (bug #969974) +CVE-2022-4723 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-4722 (Authentication Bypass by Primary Weakness in GitHub repository ikus060 ...) + - rdiffweb (bug #969974) +CVE-2022-4721 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) + - rdiffweb (bug #969974) +CVE-2022-4720 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.) + - rdiffweb (bug #969974) +CVE-2022-4719 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...) + - rdiffweb (bug #969974) +CVE-2022-4718 (The Landing Page Builder WordPress plugin before 1.4.9.9 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4717 (The Strong Testimonials WordPress plugin before 3.0.3 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4716 (The WP Popups WordPress plugin before 2.1.4.8 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4715 (The Structured Content WordPress plugin before 1.5.1 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4714 (The WP Dark Mode WordPress plugin before 4.0.0 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4713 + RESERVED +CVE-2022-4712 (The WP Cerber Security plugin for WordPress is vulnerable to stored cr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4711 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-47937 (** UNSUPPORTED WHEN ASSIGNED ** Improper input validation in the ...) + NOT-FOR-US: Apache Sling +CVE-2022-47936 (A vulnerability has been identified in JT Open (All versions < V11.2.3 ...) + NOT-FOR-US: JT Open +CVE-2022-47935 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) + NOT-FOR-US: Siemens +CVE-2022-4710 (The Royal Elementor Addons plugin for WordPress is vulnerable to Refle ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4709 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4708 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4707 (The Royal Elementor Addons plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4706 (The Genesis Columns Advanced WordPress plugin before 2.0.4 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4705 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4704 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4703 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4702 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4701 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4700 (The Royal Elementor Addons plugin for WordPress is vulnerable to insuf ...) + NOT-FOR-US: Royal Elementor Addons plugin for WordPress +CVE-2022-4699 (The MediaElement.js WordPress plugin through 4.2.8 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4698 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: ProfilePress plugin for WordPress +CVE-2022-4697 (The ProfilePress plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: ProfilePress plugin for WordPress +CVE-2022-4696 (There exists a use-after-free vulnerability in the Linux kernel throug ...) + {DSA-5324-1 DLA-3349-1} + - linux 5.14.6-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a +CVE-2022-4695 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4694 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4693 (The User Verification WordPress plugin before 1.0.94 was affected by a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4692 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4691 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4690 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4689 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4688 (Improper Authorization in GitHub repository usememos/memos prior to 0. ...) + NOT-FOR-US: usememos +CVE-2022-4687 (Incorrect Use of Privileged APIs in GitHub repository usememos/memos p ...) + NOT-FOR-US: usememos +CVE-2022-4686 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: usememos +CVE-2022-4685 + REJECTED +CVE-2022-4684 (Improper Access Control in GitHub repository usememos/memos prior to 0 ...) + NOT-FOR-US: usememos +CVE-2022-4683 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: usememos +CVE-2022-4682 (The Lightbox Gallery WordPress plugin before 0.9.5 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4681 (The Hide My WP WordPress plugin before 6.2.9 does not properly sanitiz ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47943 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ac60778b87e45576d7bfdbd6f53df902654e6f09 (6.0-rc1) +CVE-2022-47942 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8f0541186e9ad1b62accc9519cc2b7a7240272a7 (6.0-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17771/ +CVE-2022-47941 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/aa7253c2393f6dcd6a1468b0792f6da76edad917 (6.0-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17815/ +CVE-2022-47940 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/158a66b245739e15858de42c0ba60fcf3de9b8e6 (5.19-rc1) +CVE-2022-47939 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/cf6531d98190fa2cf92a6d8bbc8af0a4740a223c (6.0-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17816 +CVE-2022-47938 (An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/824d4f64c20093275f72fc8101394d75ff6a249e (6.0-rc1) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17818/ +CVE-2022-47934 (Brave Browser before 1.43.88 allowed a remote attacker to cause a deni ...) + - brave-browser (bug #864795) +CVE-2022-47933 (Brave Browser before 1.42.51 allowed a remote attacker to cause a deni ...) + - brave-browser (bug #864795) +CVE-2022-47932 (Brave Browser before 1.43.34 allowed a remote attacker to cause a deni ...) + - brave-browser (bug #864795) +CVE-2022-47931 (IO FinNet tss-lib before 2.0.0 allows a collision of hash values.) + NOT-FOR-US: Multi-Party Threshold Signature Scheme +CVE-2022-47930 (An issue was discovered in IO FinNet tss-lib before 2.0.0. The paramet ...) + NOT-FOR-US: io.finnet tss-lib +CVE-2022-47929 (In the Linux kernel before 6.1.6, a NULL pointer dereference bug in th ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.7-1 + NOTE: https://git.kernel.org/linus/96398560f26aa07e8f2969d73c8197e6a6d10407 (6.2-rc4) +CVE-2022-47928 (In MISP before 2.4.167, there is XSS in the template file uploads in a ...) + NOT-FOR-US: MISP +CVE-2022-47927 (An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.3 ...) + {DLA-3489-1} + - mediawiki 1:1.39.1-1 + [bullseye] - mediawiki 1:1.35.11-1~deb11u1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/UEMW64LVEH3BEXCJV43CVS6XPYURKWU3/ + NOTE: https://phabricator.wikimedia.org/T322637 +CVE-2022-47914 + RESERVED +CVE-2022-4680 (The Revive Old Posts WordPress plugin before 9.0.11 unserializes user ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4679 (The Wufoo Shortcode WordPress plugin before 1.52 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4678 (The TemplatesNext ToolKit WordPress plugin before 3.2.8 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4677 (The Leaflet Maps Marker WordPress plugin before 3.12.7 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4676 (The OSM WordPress plugin through 6.01 does not validate and escape som ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4675 (The Mongoose Page Plugin WordPress plugin before 1.9.0 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4674 (The Ibtana WordPress plugin before 1.1.8.8 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46739 + RESERVED +CVE-2022-46735 + RESERVED +CVE-2022-46734 + RESERVED +CVE-2022-4673 (The Rate my Post WordPress plugin before 3.3.9 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4672 (The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4671 (The PixCodes WordPress plugin before 2.3.7 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4670 (The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4669 (The Page Builder: Live Composer WordPress plugin before 1.5.23 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4668 (The Easy Appointments WordPress plugin before 3.11.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4667 (The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4666 (The Markup (JSON-LD) structured in schema.org WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4665 (Unrestricted Upload of File with Dangerous Type in GitHub repository a ...) + - ampache +CVE-2022-4664 (The Logo Slider WordPress plugin before 3.6.0 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46419 + RESERVED +CVE-2022-45878 + RESERVED +CVE-2022-45120 + RESERVED +CVE-2022-43659 + RESERVED +CVE-2022-43444 + RESERVED +CVE-2022-42702 + RESERVED +CVE-2023-0025 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...) + NOT-FOR-US: SAP +CVE-2023-0024 (SAP Solution Manager (BSP Application) - version 720, allows an authen ...) + NOT-FOR-US: SAP +CVE-2023-0023 (In SAP Bank Account Management (Manage Banks) application, when a user ...) + NOT-FOR-US: SAP +CVE-2023-0022 (SAP BusinessObjects Business Intelligence Analysis edition for OLAP al ...) + NOT-FOR-US: SAP +CVE-2023-0021 (Due to insufficient encoding of user input, SAP NetWeaver - versions 7 ...) + NOT-FOR-US: SAP +CVE-2022-47926 (AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_ ...) + NOT-FOR-US: AyaCMS +CVE-2022-4663 (The Members Import plugin for WordPress is vulnerable to Self Cross-Si ...) + NOT-FOR-US: Members Import plugin for WordPress +CVE-2022-4662 (A flaw incorrect access control in the Linux kernel USB core subsystem ...) + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/9c6d778800b921bde3bff3cff5003d1650f942d1 (6.0-rc4) +CVE-2022-4661 (The Widgets for WooCommerce Products on Elementor WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4660 + RESERVED +CVE-2022-4659 + REJECTED +CVE-2022-4658 (The RSSImport WordPress plugin through 4.6.1 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4657 (The Restaurant Menu WordPress plugin before 2.3.6 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4656 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4655 (The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4654 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4653 (The Greenshift WordPress plugin before 4.8.9 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4652 (The Video Background WordPress plugin before 2.7.5 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4651 (The Justified Gallery WordPress plugin before 1.7.1 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4650 (The HashBar WordPress plugin before 1.3.6 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4649 (The WP Extended Search WordPress plugin before 2.1.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36625 (A vulnerability was found in destiny.gg chat. It has been rated as pro ...) + NOT-FOR-US: destiny.gg chat +CVE-2020-36624 (A vulnerability was found in ahorner text-helpers up to 1.0.x. It has ...) + NOT-FOR-US: text_helpers gem +CVE-2022-47925 (The validate JSON endpoint of the Secvisogram csaf-validator-service i ...) + NOT-FOR-US: csaf-validator-service +CVE-2022-47924 (An high privileged attacker may pass crafted arguments to the validate ...) + NOT-FOR-US: csaf-validator-service +CVE-2022-4648 (The Real Testimonials WordPress plugin before 2.6.0 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4647 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-4646 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-4645 (LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:94 ...) + {DSA-5333-1} + - tiff 4.4.0-5 + [buster] - tiff 4.1.0+git191117-2~deb10u5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/277 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 + NOTE: Same fix as for CVE-2022-3599, CVE-2023-30086 and CVE-2023-30774. + NOTE: The fix causes CVE-2023-2908. +CVE-2022-4644 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.) + - rdiffweb (bug #969974) +CVE-2022-4643 (A vulnerability was found in docconv up to 1.2.0. It has been declared ...) + NOT-FOR-US: docconv +CVE-2022-4642 (A vulnerability was found in tatoeba2. It has been classified as probl ...) + NOT-FOR-US: Tatoeba +CVE-2022-4641 (A vulnerability was found in pig-vector and classified as problematic. ...) + NOT-FOR-US: pig-vector +CVE-2022-4640 (A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified a ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-4639 (A vulnerability, which was classified as critical, has been found in s ...) + - sslh (Vulnerable code introduced later) + NOTE: https://github.com/yrutschle/sslh/pull/353 + NOTE: https://github.com/yrutschle/sslh/commit/b19f8a6046b080e4c2e28354a58556bb26040c6f +CVE-2022-4638 (A vulnerability classified as problematic was found in collective.cont ...) + NOT-FOR-US: collective.contact.widget +CVE-2022-4637 (A vulnerability classified as problematic has been found in ep3-bs up ...) + NOT-FOR-US: ep3-bs +CVE-2022-4636 (Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1 ...) + NOT-FOR-US: Black Box KVM Firmware +CVE-2022-4635 + RESERVED +CVE-2021-4275 (A vulnerability, which was classified as problematic, was found in kat ...) + NOT-FOR-US: pyambic-pentameter +CVE-2023-22388 (Memory Corruption in Multi-mode Call Processor while processing bit ma ...) + NOT-FOR-US: Qualcomm +CVE-2023-22387 (Arbitrary memory overwrite when VM gets compromised in TX write leadin ...) + NOT-FOR-US: Qualcomm +CVE-2023-22386 (Memory Corruption in WLAN HOST while processing WLAN FW request to all ...) + NOT-FOR-US: Qualcomm +CVE-2023-22385 (Memory Corruption in Data Modem while making a MO call or MT VOLTE cal ...) + NOT-FOR-US: Qualcomm +CVE-2023-22384 (Memory Corruption in VR Service while sending data using Fast Message ...) + NOT-FOR-US: Qualcomm +CVE-2023-22383 (Memory Corruption in camera while installing a fd for a particular DMA ...) + NOT-FOR-US: Qualcomm +CVE-2023-22382 (Weak configuration in Automotive while VM is processing a listener req ...) + NOT-FOR-US: Qualcomm +CVE-2022-47917 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-47912 + RESERVED +CVE-2022-47911 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-47896 (In JetBrains IntelliJ IDEA before 2022.3.1 code Templates were vulnera ...) + - intellij-idea (bug #747616) +CVE-2022-47895 (In JetBrains IntelliJ IDEA before 2022.3.1 the "Validate JSP File" act ...) + - intellij-idea (bug #747616) +CVE-2022-47894 + RESERVED +CVE-2022-47893 (There is a remote code execution vulnerability that affects all versio ...) + NOT-FOR-US: NetMan 204 +CVE-2022-47892 (All versions of NetMan 204 could allow an unauthenticated remote attac ...) + NOT-FOR-US: NetMan 204 +CVE-2022-47891 (All versions of NetMan 204 allow an attacker that knows the MAC and se ...) + NOT-FOR-US: NetMan 204 +CVE-2022-47395 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-47320 (The iBoot device\u2019s basic discovery protocol assists in initial de ...) + NOT-FOR-US: Dataprobe +CVE-2022-47311 (A proprietary protocol for iBoot devices is used for control and keepa ...) + NOT-FOR-US: Dataprobe +CVE-2022-46738 (The affected product exposes multiple sensitive data fields of the aff ...) + NOT-FOR-US: Dataprobe +CVE-2022-46733 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-46658 (The affected product is vulnerable to a stack-based buffer overflow wh ...) + NOT-FOR-US: Dataprobe +CVE-2022-4634 (All versions prior to Delta Electronic\u2019s CNCSoft version 1.01.34 ...) + NOT-FOR-US: Delta Electronics +CVE-2022-4633 (A vulnerability was found in Auto Upload Images up to 3.3.0 and classi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4632 (A vulnerability has been found in Auto Upload Images up to 3.3.0 and c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4631 (A vulnerability, which was classified as problematic, was found in WP- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46300 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-4630 (Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal ...) + NOT-FOR-US: daloRADIUS +CVE-2022-4629 (The Product Slider for WooCommerce WordPress plugin before 2.6.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46286 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-4628 (The Easy PayPal Buy Now Button WordPress plugin before 1.7.4 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4627 (The ShiftNav WordPress plugin before 1.7.2 does not validate and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4626 (The PPWP WordPress plugin before 1.8.6 does not validate and escape so ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4625 (The Login Logout Menu WordPress plugin before 1.4.0 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4624 (The GS Logo Slider WordPress plugin before 3.3.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4623 (The ND Shortcodes WordPress plugin before 7.0 does not validate and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45876 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-45468 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-45444 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-45127 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-45121 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-43512 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-43483 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-43455 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-41989 (Sewio\u2019s Real-Time Location System (RTLS) Studio version 2.0.0 up ...) + NOT-FOR-US: Sewio +CVE-2022-41696 (Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose i ...) + NOT-FOR-US: VISAM VBASE Automation Base +CVE-2022-40633 (A malicious actor can clone access cards used to open control cabinets ...) + NOT-FOR-US: Rittal +CVE-2021-4274 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: bird-lg +CVE-2021-4273 (A vulnerability classified as problematic was found in studygolang. Th ...) + NOT-FOR-US: studygolang +CVE-2021-4272 (A vulnerability classified as problematic has been found in studygolan ...) + NOT-FOR-US: studygolang +CVE-2021-4271 (A vulnerability was found in panicsteve w2wiki. It has been rated as p ...) + NOT-FOR-US: panicsteve w2wiki +CVE-2021-4270 (A vulnerability was found in Imprint CMS. It has been classified as pr ...) + NOT-FOR-US: Imprint CMS +CVE-2021-4269 (A vulnerability has been found in SimpleRisk and classified as problem ...) + NOT-FOR-US: SimpleRisk +CVE-2021-4268 (A vulnerability, which was classified as problematic, was found in php ...) + NOT-FOR-US: phpRedisAdmin +CVE-2021-4267 (A vulnerability classified as problematic was found in tad_discuss. Af ...) + NOT-FOR-US: tad_discuss +CVE-2021-4266 (A vulnerability classified as problematic has been found in Webdetails ...) + NOT-FOR-US: Webdetails cpf +CVE-2021-4265 (A vulnerability was found in siwapp-ror. It has been rated as problema ...) + NOT-FOR-US: siwapp-ror +CVE-2021-4264 (A vulnerability was found in LinkedIn dustjs up to 2.x and classified ...) + NOT-FOR-US: dustjs +CVE-2021-4263 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: leanote +CVE-2020-36623 (A vulnerability was found in Pengu. It has been declared as problemati ...) + NOT-FOR-US: Pengu +CVE-2020-36622 (A vulnerability was found in sah-comp bienlein and classified as probl ...) + NOT-FOR-US: sah-comp bienlein +CVE-2020-36621 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: chedabob whatismyudid +CVE-2020-36620 (A vulnerability was found in Brondahl EnumStringValues up to 4.0.0. It ...) + NOT-FOR-US: Brondahl EnumStringValues +CVE-2023-22381 (A code injection vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-22380 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: Github Enterprise Server +CVE-2023-22373 (Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3 ...) + NOT-FOR-US: CONPROSYS +CVE-2023-22339 (Improper access control vulnerability in CONPROSYS HMI System (CHS) Ve ...) + NOT-FOR-US: CONPROSYS +CVE-2023-22334 (Use of password hash instead of password for authentication vulnerabil ...) + NOT-FOR-US: CONPROSYS +CVE-2023-22331 (Use of default credentials vulnerability in CONPROSYS HMI System (CHS) ...) + NOT-FOR-US: CONPROSYS +CVE-2023-0020 (SAP BusinessObjects Business Intelligence platform - versions 420, 430 ...) + NOT-FOR-US: SAP +CVE-2023-0019 (In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100 ...) + NOT-FOR-US: SAP +CVE-2023-0018 (Due to improper input sanitization of user-controlled input in SAP Bus ...) + NOT-FOR-US: SAP +CVE-2023-0017 (An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.5 ...) + NOT-FOR-US: SAP +CVE-2022-47890 + RESERVED +CVE-2022-47889 + RESERVED +CVE-2022-47888 + RESERVED +CVE-2022-47887 + RESERVED +CVE-2022-47886 + RESERVED +CVE-2022-47885 + RESERVED +CVE-2022-47884 + RESERVED +CVE-2022-47883 + RESERVED +CVE-2022-47882 + RESERVED +CVE-2022-47881 (Foxit PDF Reader and PDF Editor 11.2.1.53537 and earlier has an Out-of ...) + NOT-FOR-US: Foxit +CVE-2022-47880 (An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH J ...) + NOT-FOR-US: Jedox +CVE-2022-47879 (A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 20 ...) + NOT-FOR-US: Jedox +CVE-2022-47878 (Incorrect input validation for the default-storage-path in the setting ...) + NOT-FOR-US: Jedox +CVE-2022-47877 (A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows r ...) + NOT-FOR-US: Jedox +CVE-2022-47876 (The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticate ...) + NOT-FOR-US: Jedox +CVE-2022-47875 (A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedo ...) + NOT-FOR-US: Jedox +CVE-2022-47874 (Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows ...) + NOT-FOR-US: Jedox +CVE-2022-47873 (Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting i ...) + NOT-FOR-US: Netcad KEOS +CVE-2022-47872 (maccms10 2021.1000.2000 is vulnerable to Server-side request forgery ( ...) + NOT-FOR-US: maccms10 +CVE-2022-47871 + RESERVED +CVE-2022-47870 (A Cross Site Scripting (XSS) vulnerability in the web SQL monitor logi ...) + NOT-FOR-US: Redgate SQL Monitor +CVE-2022-47869 + RESERVED +CVE-2022-47868 + RESERVED +CVE-2022-47867 + RESERVED +CVE-2022-47866 (Lead management system v1.0 is vulnerable to SQL Injection via the id ...) + NOT-FOR-US: Lead management system +CVE-2022-47865 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) + NOT-FOR-US: Lead management system +CVE-2022-47864 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) + NOT-FOR-US: Lead management system +CVE-2022-47863 + RESERVED +CVE-2022-47862 (Lead Management System v1.0 is vulnerable to SQL Injection via the cus ...) + NOT-FOR-US: Lead management system +CVE-2022-47861 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) + NOT-FOR-US: Lead management system +CVE-2022-47860 (Lead Management System v1.0 is vulnerable to SQL Injection via the id ...) + NOT-FOR-US: Lead management system +CVE-2022-47859 (Lead Management System v1.0 is vulnerable to SQL Injection via the use ...) + NOT-FOR-US: Lead management system +CVE-2022-47858 + RESERVED +CVE-2022-47857 + RESERVED +CVE-2022-47856 + RESERVED +CVE-2022-47855 + RESERVED +CVE-2022-47854 (i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplem ...) + - i-librarian (bug #649291) +CVE-2022-47853 (TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Inject ...) + NOT-FOR-US: TOTOLINK +CVE-2022-47852 + RESERVED +CVE-2022-47851 + RESERVED +CVE-2022-47850 + RESERVED +CVE-2022-47849 + RESERVED +CVE-2022-47848 (An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09. ...) + NOT-FOR-US: Bezeq Vtech +CVE-2022-47847 + RESERVED +CVE-2022-47846 + RESERVED +CVE-2022-47845 + RESERVED +CVE-2022-47844 + RESERVED +CVE-2022-47843 + RESERVED +CVE-2022-47842 + RESERVED +CVE-2022-47841 + RESERVED +CVE-2022-47840 + RESERVED +CVE-2022-47839 + RESERVED +CVE-2022-47838 + RESERVED +CVE-2022-47837 + RESERVED +CVE-2022-47836 + RESERVED +CVE-2022-47835 + RESERVED +CVE-2022-47834 + RESERVED +CVE-2022-47833 + RESERVED +CVE-2022-47832 + RESERVED +CVE-2022-47831 + RESERVED +CVE-2022-47830 + RESERVED +CVE-2022-47829 + RESERVED +CVE-2022-47828 + RESERVED +CVE-2022-47827 + RESERVED +CVE-2022-47826 + RESERVED +CVE-2022-47825 + RESERVED +CVE-2022-47824 + RESERVED +CVE-2022-47823 + RESERVED +CVE-2022-47822 + RESERVED +CVE-2022-47821 + RESERVED +CVE-2022-47820 + RESERVED +CVE-2022-47819 + RESERVED +CVE-2022-47818 + RESERVED +CVE-2022-47817 + RESERVED +CVE-2022-47816 + RESERVED +CVE-2022-47815 + RESERVED +CVE-2022-47814 + RESERVED +CVE-2022-47813 + RESERVED +CVE-2022-47812 + RESERVED +CVE-2022-47811 + RESERVED +CVE-2022-47810 + RESERVED +CVE-2022-47809 + RESERVED +CVE-2022-47808 + RESERVED +CVE-2022-47807 + RESERVED +CVE-2022-47806 + RESERVED +CVE-2022-47805 + RESERVED +CVE-2022-47804 + RESERVED +CVE-2022-47803 + RESERVED +CVE-2022-47802 + RESERVED +CVE-2022-47801 + RESERVED +CVE-2022-47800 + RESERVED +CVE-2022-47799 + RESERVED +CVE-2022-47798 + RESERVED +CVE-2022-47797 + RESERVED +CVE-2022-47796 + RESERVED +CVE-2022-47795 + RESERVED +CVE-2022-47794 + RESERVED +CVE-2022-47793 + RESERVED +CVE-2022-47792 + RESERVED +CVE-2022-47791 + RESERVED +CVE-2022-47790 (Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable t ...) + NOT-FOR-US: Sourcecodester Dynamic Transaction Queuing System +CVE-2022-47789 + RESERVED +CVE-2022-47788 + RESERVED +CVE-2022-47787 + RESERVED +CVE-2022-47786 + RESERVED +CVE-2022-47785 + RESERVED +CVE-2022-47784 + RESERVED +CVE-2022-47783 + RESERVED +CVE-2022-47782 + RESERVED +CVE-2022-47781 + RESERVED +CVE-2022-47780 (SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter.) + NOT-FOR-US: Bangresto +CVE-2022-47779 + RESERVED +CVE-2022-47778 + RESERVED +CVE-2022-47777 + RESERVED +CVE-2022-47776 + RESERVED +CVE-2022-47775 + RESERVED +CVE-2022-47774 + RESERVED +CVE-2022-47773 + RESERVED +CVE-2022-47772 + RESERVED +CVE-2022-47771 + RESERVED +CVE-2022-47770 (Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Una ...) + NOT-FOR-US: Serenissima Informatica Fast Checkin +CVE-2022-47769 (An arbitrary file write vulnerability in Serenissima Informatica Fast ...) + NOT-FOR-US: Serenissima Informatica Fast Checkin +CVE-2022-47768 (Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Tr ...) + NOT-FOR-US: Serenissima Informatica Fast Checkin +CVE-2022-47767 (A backdoor in Solar-Log Gateway products allows remote access via web ...) + NOT-FOR-US: Solar-Log +CVE-2022-47766 (PopojiCMS v2.0.1 backend plugin function has a file upload vulnerabili ...) + NOT-FOR-US: PopojiCMS +CVE-2022-47765 + RESERVED +CVE-2022-47764 + RESERVED +CVE-2022-47763 + RESERVED +CVE-2022-47762 (In gin-vue-admin < 2.5.5, the download module has a Path Traversal vul ...) + NOT-FOR-US: gin-vue-admin +CVE-2022-47761 + RESERVED +CVE-2022-47760 + RESERVED +CVE-2022-47759 + RESERVED +CVE-2022-47758 (Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowi ...) + NOT-FOR-US: Nanoleaf +CVE-2022-47757 (In imo.im 2022.11.1051, a path traversal vulnerability delivered via a ...) + NOT-FOR-US: imo.im Android application +CVE-2022-47756 + RESERVED +CVE-2022-47755 + RESERVED +CVE-2022-47754 + RESERVED +CVE-2022-47753 + RESERVED +CVE-2022-47752 + RESERVED +CVE-2022-47751 + RESERVED +CVE-2022-47750 + RESERVED +CVE-2022-47749 + RESERVED +CVE-2022-47748 + RESERVED +CVE-2022-47747 (kraken <= 0.1.4 has an arbitrary file read vulnerability via the compo ...) + NOT-FOR-US: Kraken +CVE-2022-47746 + RESERVED +CVE-2022-47745 (ZenTao 16.4 to 18.0.beta1 is vulnerable to SQL injection. After loggin ...) + NOT-FOR-US: ZenTao +CVE-2022-47744 + RESERVED +CVE-2022-47743 + RESERVED +CVE-2022-47742 + RESERVED +CVE-2022-47741 + RESERVED +CVE-2022-47740 (Seltmann GmbH Content Management System 6 is vulnerable to SQL Injecti ...) + NOT-FOR-US: Seltmann GmbH Content Management System +CVE-2022-47739 + RESERVED +CVE-2022-47738 + RESERVED +CVE-2022-47737 + RESERVED +CVE-2022-47736 + RESERVED +CVE-2022-47735 + RESERVED +CVE-2022-47734 + RESERVED +CVE-2022-47733 + RESERVED +CVE-2022-47732 (In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthe ...) + NOT-FOR-US: Yeastar +CVE-2022-47731 + RESERVED +CVE-2022-47730 + RESERVED +CVE-2022-47729 + RESERVED +CVE-2022-47728 + RESERVED +CVE-2022-47727 + RESERVED +CVE-2022-47726 + RESERVED +CVE-2022-47725 + RESERVED +CVE-2022-47724 + RESERVED +CVE-2022-47723 + RESERVED +CVE-2022-47722 + RESERVED +CVE-2022-47721 + RESERVED +CVE-2022-47720 + RESERVED +CVE-2022-47719 + RESERVED +CVE-2022-47718 + RESERVED +CVE-2022-47717 (Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CO ...) + NOT-FOR-US: Last Yard +CVE-2022-47716 + RESERVED +CVE-2022-47715 (In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted t ...) + NOT-FOR-US: Last Yard +CVE-2022-47714 (Last Yard 22.09.8-1 does not enforce HSTS headers) + NOT-FOR-US: Last Yard +CVE-2022-47713 + RESERVED +CVE-2022-47712 + RESERVED +CVE-2022-47711 + RESERVED +CVE-2022-47710 + RESERVED +CVE-2022-47709 + RESERVED +CVE-2022-47708 + RESERVED +CVE-2022-47707 + RESERVED +CVE-2022-47706 + RESERVED +CVE-2022-47705 + RESERVED +CVE-2022-47704 + RESERVED +CVE-2022-47703 (TIANJIE CPE906-3 is vulnerable to password disclosure. This is present ...) + NOT-FOR-US: TIANJIE +CVE-2022-47702 + RESERVED +CVE-2022-47701 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) + NOT-FOR-US: COMFAST Router +CVE-2022-47700 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) + NOT-FOR-US: COMFAST Router +CVE-2022-47699 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) + NOT-FOR-US: COMFAST Router +CVE-2022-47698 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) + NOT-FOR-US: COMFAST Router +CVE-2022-47697 (COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR62 ...) + NOT-FOR-US: COMFAST Router +CVE-2022-47696 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...) + - binutils 2.39.50.20221208-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29677 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1 + NOTE: binutils not covered by security support +CVE-2022-47695 (An issue was discovered Binutils objdump before 2.39.3 allows attacker ...) + - binutils 2.39.50.20221208-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29846 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3d3af4ba39e892b1c544d667ca241846bc3df386 + NOTE: binutils not covered by security support +CVE-2022-47694 + RESERVED +CVE-2022-47693 + RESERVED +CVE-2022-47692 + RESERVED +CVE-2022-47691 + RESERVED +CVE-2022-47690 + RESERVED +CVE-2022-47689 + RESERVED +CVE-2022-47688 + RESERVED +CVE-2022-47687 + RESERVED +CVE-2022-47686 + RESERVED +CVE-2022-47685 + RESERVED +CVE-2022-47684 + RESERVED +CVE-2022-47683 + RESERVED +CVE-2022-47682 + RESERVED +CVE-2022-47681 + RESERVED +CVE-2022-47680 + RESERVED +CVE-2022-47679 + RESERVED +CVE-2022-47678 + RESERVED +CVE-2022-47677 + RESERVED +CVE-2022-47676 + RESERVED +CVE-2022-47675 + RESERVED +CVE-2022-47674 + RESERVED +CVE-2022-47673 (An issue was discovered in Binutils addr2line before 2.39.3, function ...) + - binutils 2.39.50.20221224-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29876 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44 + NOTE: binutils not covered by security support +CVE-2022-47672 + RESERVED +CVE-2022-47671 + RESERVED +CVE-2022-47670 + RESERVED +CVE-2022-47669 + RESERVED +CVE-2022-47668 + RESERVED +CVE-2022-47667 + RESERVED +CVE-2022-47666 + RESERVED +CVE-2022-47665 (Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/369 + NOTE: https://github.com/strukturag/libde265/commit/2f0430ecda4dc83b5a3feaa3bea4826d1840dc68 (v1.0.10) +CVE-2022-47664 (Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qp ...) + {DSA-5346-1 DLA-3352-1} + - libde265 1.0.11-1 + NOTE: https://github.com/strukturag/libde265/issues/368 + NOTE: https://github.com/strukturag/libde265/commit/5583f983e012b3870e29190d2b8e43ff6d77a72e (v1.0.10) +CVE-2022-47663 (GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2360 + NOTE: https://github.com/gpac/gpac/commit/e7e8745f677010a5cb3366d5cbf39df7cffaaa2d (v2.2.0) +CVE-2022-47662 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack over ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2359 + NOTE: https://github.com/gpac/gpac/commit/080a62728ccd251a7f20eaac3fda21b0716e3c9b (v2.2.0) +CVE-2022-47661 (GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2358 + NOTE: https://github.com/gpac/gpac/commit/aa8fbec874b5e040854effff5309aa445c234618 (v2.2.0) +CVE-2022-47660 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in is ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2357 + NOTE: https://github.com/gpac/gpac/commit/a8f438d201fb165961ba1d5d3b80daa3637735f4 (v2.2.0) +CVE-2022-47659 (GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2354 + NOTE: https://github.com/gpac/gpac/commit/348d7722c1e90c7811b43b0eed5c2aca2cb8a717 (v2.2.0) +CVE-2022-47658 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2356 + NOTE: https://github.com/gpac/gpac/commit/55c8b3af6f5ef9e51edb41172062ca9b5db4026b (v2.2.0) +CVE-2022-47657 (GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2355 + NOTE: https://github.com/gpac/gpac/commit/9f1e633184904fffc315bd35ebce76b4b42f9097 (v2.2.0) +CVE-2022-47656 (GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2353 + NOTE: https://github.com/gpac/gpac/commit/c9a8118965b53d29837b1b82b6a58543efb23baf (v2.2.0) +CVE-2022-47655 (Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_q ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 + NOTE: https://github.com/strukturag/libde265/issues/367 + NOTE: https://github.com/strukturag/libde265/pull/376 +CVE-2022-47654 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2350 + NOTE: https://github.com/gpac/gpac/commit/88e7b873da5d3e85d31b601c1560d2e24a1d7b25 (v2.2.0) +CVE-2022-47653 (GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2349 + NOTE: https://github.com/gpac/gpac/commit/a1e197581437cf0a104a9b6543cb4547cfdfc03f (v2.2.0) +CVE-2022-47652 + RESERVED +CVE-2022-47651 + RESERVED +CVE-2022-47650 + RESERVED +CVE-2022-47649 + RESERVED +CVE-2022-47648 (An Improper Access Control vulnerability allows an attacker to access ...) + NOT-FOR-US: Bosch Security Systems B420 firmware +CVE-2022-47647 + RESERVED +CVE-2022-47646 + RESERVED +CVE-2022-47645 + RESERVED +CVE-2022-47644 + RESERVED +CVE-2022-47643 + RESERVED +CVE-2022-47642 + RESERVED +CVE-2022-47641 + RESERVED +CVE-2022-47640 + RESERVED +CVE-2022-47639 + RESERVED +CVE-2022-47638 + RESERVED +CVE-2022-47637 (The installer in XAMPP through 8.1.12 allows local users to write to t ...) + NOT-FOR-US: XAMPP installer +CVE-2022-47636 (A DLL hijacking vulnerability has been discovered in OutSystems Servic ...) + NOT-FOR-US: OutSystems Service Studio +CVE-2022-47635 (Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS ...) + NOT-FOR-US: Wildix CMS +CVE-2022-47634 (M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17 ...) + NOT-FOR-US: M-Link +CVE-2022-47633 (An image signature validation bypass vulnerability in Kyverno 1.8.3 an ...) + NOT-FOR-US: Kyverno +CVE-2022-47632 (Razer Synapse before 3.7.0830.081906 allows privilege escalation due t ...) + NOT-FOR-US: Razer +CVE-2022-47631 (Razer Synapse through 3.7.1209.121307 allows privilege escalation due ...) + NOT-FOR-US: Razer +CVE-2022-47630 (Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 ...) + - arm-trusted-firmware 2.9.0+dfsg-3 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/16/8 + NOTE: Debian ships an almost unpatched copy, so is not affected by itself + NOTE: Still tracking for the purpose of potential downstream providers + NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/fd37982a19a4a291 (v2.9-rc0) + NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/72460f50e2437a85 (v2.9-rc0) + NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/f5c51855d36e399e (v2.9-rc0) + NOTE: https://github.com/ARM-software/arm-trusted-firmware/commit/abb8f936fd0ad085 (v2.9-rc0) +CVE-2022-47628 + RESERVED +CVE-2022-47627 + RESERVED +CVE-2022-47626 + RESERVED +CVE-2022-47625 + RESERVED +CVE-2022-47624 + RESERVED +CVE-2022-47623 + RESERVED +CVE-2022-47622 + RESERVED +CVE-2022-47621 + RESERVED +CVE-2022-47620 + RESERVED +CVE-2022-47619 + RESERVED +CVE-2022-47618 (Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator cr ...) + NOT-FOR-US: Merit Lilin +CVE-2022-47617 (Hitron CODA-5310 has hard-coded encryption/decryption keys in the prog ...) + NOT-FOR-US: Hitron +CVE-2022-47616 (Hitron CODA-5310 has insufficient filtering for specific parameters in ...) + NOT-FOR-US: Hitron +CVE-2022-47615 (Local File Inclusion vulnerability inLearnPress \u2013 WordPress LMS P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47614 (Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47613 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Quan ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47612 (Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47611 (Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47610 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr D ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47609 (Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47608 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47607 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in User ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47606 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47605 (Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47604 + RESERVED +CVE-2022-47603 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47602 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47601 + RESERVED +CVE-2022-47600 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47599 + RESERVED +CVE-2022-47598 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47597 + RESERVED +CVE-2022-47596 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47595 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47594 + RESERVED +CVE-2022-47593 (Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad Ra ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47592 (Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperma ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47591 (Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47590 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Mai ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47589 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47588 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47587 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Corn ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47586 (Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47585 + RESERVED +CVE-2022-47584 + RESERVED +CVE-2022-47583 (Terminal character injection in Mintty before 3.6.3 allows code execut ...) + NOT-FOR-US: Mintty +CVE-2022-47582 + RESERVED +CVE-2022-47581 (Isode M-Vault 16.0v0 through 17.x before 17.0v24 can crash upon an LDA ...) + NOT-FOR-US: Isode M-Vault +CVE-2022-47580 + RESERVED +CVE-2022-4622 (The Login Logout Menu WordPress plugin through 1.3.3 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4621 (Panasonic Sanyo CCTV Network Cameras versions 1.02-05 and 2.03-0x are ...) + NOT-FOR-US: Panasonic +CVE-2022-4620 + RESERVED +CVE-2022-4619 (The Sidebar Widgets by CodeLights plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Sidebar Widgets by CodeLights plugin for WordPress +CVE-2022-4618 + REJECTED +CVE-2022-4617 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-47579 + RESERVED +CVE-2022-47578 (An issue was discovered in the endpoint protection agent in Zoho Manag ...) + NOT-FOR-US: Zoho +CVE-2022-47577 (An issue was discovered in the endpoint protection agent in Zoho Manag ...) + NOT-FOR-US: Zoho +CVE-2022-4616 (The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to ...) + NOT-FOR-US: webserver in Delta DX-3021 +CVE-2023-22275 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2023-22274 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2023-22273 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2023-22272 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2023-22271 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a W ...) + NOT-FOR-US: Adobe +CVE-2023-22270 + RESERVED +CVE-2023-22269 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-22268 (Adobe RoboHelp Server versions 11.4 and earlier are affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2023-22267 + RESERVED +CVE-2023-22266 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22265 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22264 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22263 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22262 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22261 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22260 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22259 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22258 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22257 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22256 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a U ...) + NOT-FOR-US: Adobe +CVE-2023-22255 + RESERVED +CVE-2023-22254 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-22253 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-22252 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-22251 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-22250 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-22249 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-22248 (Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2023-22247 (Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2023-22246 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-22245 + RESERVED +CVE-2023-22244 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use Aft ...) + NOT-FOR-US: Adobe +CVE-2023-22243 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-22242 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-22241 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-22240 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-22239 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) + NOT-FOR-US: Adobe +CVE-2023-22238 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) + NOT-FOR-US: Adobe +CVE-2023-22237 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) + NOT-FOR-US: Adobe +CVE-2023-22236 (Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2023-22235 (InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by ...) + NOT-FOR-US: Adobe +CVE-2023-22234 (Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-b ...) + NOT-FOR-US: Adobe +CVE-2023-22233 (After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are af ...) + NOT-FOR-US: Adobe +CVE-2023-22232 (Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2023-22231 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22230 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22229 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22228 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22227 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22226 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-22225 + RESERVED +CVE-2023-22224 + RESERVED +CVE-2022-47576 + RESERVED +CVE-2022-47575 + RESERVED +CVE-2022-47574 + RESERVED +CVE-2022-47573 + RESERVED +CVE-2022-47572 + RESERVED +CVE-2022-47571 + RESERVED +CVE-2022-47570 + RESERVED +CVE-2022-47569 + RESERVED +CVE-2022-47568 + RESERVED +CVE-2022-47567 + RESERVED +CVE-2022-47566 + RESERVED +CVE-2022-47565 + RESERVED +CVE-2022-47564 + RESERVED +CVE-2022-47563 + RESERVED +CVE-2022-47562 (Vulnerability in the RCPbind service running on UDP port (111), allowi ...) + NOT-FOR-US: ekorCCP +CVE-2022-47561 (The web application stores credentials in clear text in the "admin.xml ...) + NOT-FOR-US: ekorCCP +CVE-2022-47560 (The lack of web request control on ekorCCP and ekorRCI devices allows ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47559 (Lack of device control over web requests in ekorCCP and ekorRCI, allow ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47558 (Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP se ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47557 (Vulnerability in ekorCCP and ekorRCI that could allow an attacker with ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47556 (Uncontrolled resource consumption in ekorRCI, allowing an attacker wit ...) + NOT-FOR-US: ekorRCI devices +CVE-2022-47555 (Operating system command injection in ekorCCP and ekorRCI, which could ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47554 (Exposure of sensitive information in ekorCCP and ekorRCI, potentially ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47553 (Incorrect authorisation in ekorCCP and ekorRCI, which could allow a re ...) + NOT-FOR-US: ekorCCP and ekorRCI devices +CVE-2022-47552 + RESERVED +CVE-2022-47551 (Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read perm ...) + NOT-FOR-US: apiman +CVE-2022-47550 + RESERVED +CVE-2022-47549 (An unprotected memory-access operation in optee_os in TrustedFirmware ...) + NOT-FOR-US: OP-TEE +CVE-2022-47548 + RESERVED +CVE-2022-47547 (GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a p ...) + NOT-FOR-US: GossipSub +CVE-2022-47546 + RESERVED +CVE-2022-47545 + RESERVED +CVE-2022-47544 (An issue was discovered in Siren Investigate before 12.1.7. Script var ...) + NOT-FOR-US: Siren Investigate +CVE-2022-47543 (An issue was discovered in Siren Investigate before 12.1.7. There is a ...) + NOT-FOR-US: Siren Investigate +CVE-2022-47542 (Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Cont ...) + NOT-FOR-US: Red Gate SQL Monitor +CVE-2022-4615 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) + NOT-FOR-US: OpenEMR +CVE-2022-4614 (Cross-site Scripting (XSS) - Stored in GitHub repository alagrede/znot ...) + NOT-FOR-US: znote-app +CVE-2022-4613 (A vulnerability was found in Click Studios Passwordstate and Passwords ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-4612 (A vulnerability has been found in Click Studios Passwordstate and Pass ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-4611 (A vulnerability, which was classified as problematic, was found in Cli ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-4610 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-4609 (Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memo ...) + NOT-FOR-US: usememos +CVE-2022-4608 (A vulnerability exists in HCI IEC 60870-5-104 function included in cer ...) + NOT-FOR-US: ABB +CVE-2021-4262 (A vulnerability classified as critical was found in laravel-jqgrid. Af ...) + NOT-FOR-US: laravel-jqgrid. +CVE-2021-4261 (A vulnerability classified as critical has been found in pacman-canvas ...) + NOT-FOR-US: pacman-canvas +CVE-2021-4260 (A vulnerability was found in oils-js. It has been declared as critical ...) + NOT-FOR-US: oils-js +CVE-2021-4259 (A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been c ...) + NOT-FOR-US: phpRedisAdmin +CVE-2021-4258 (A vulnerability was found in whohas. It has been rated as problematic. ...) + - whohas (unimportant) + NOTE: https://github.com/whohas/whohas/commit/667c3e2e9178f15c23d7918b5db25cd0792c8472 + NOTE: No security impact +CVE-2020-36619 (A vulnerability was found in multimon-ng. It has been rated as critica ...) + - multimon-ng 1.2.0+dfsg-1 + [bullseye] - multimon-ng (Minor issue) + [buster] - multimon-ng (Minor issue) + NOTE: https://github.com/EliasOenal/multimon-ng/commit/e5a51c508ef952e81a6da25b43034dd1ed023c07 (1.2.0) + NOTE: https://github.com/EliasOenal/multimon-ng/pull/160 +CVE-2020-36618 (A vulnerability classified as critical has been found in Furqan node-w ...) + NOT-FOR-US: Node whois +CVE-2016-20018 (Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability t ...) + NOT-FOR-US: Knex +CVE-2022-47541 + RESERVED +CVE-2022-47540 + RESERVED +CVE-2022-47539 + RESERVED +CVE-2022-47538 + RESERVED +CVE-2022-47537 + RESERVED +CVE-2022-47536 + RESERVED +CVE-2022-47535 + RESERVED +CVE-2022-47534 + RESERVED +CVE-2022-47533 + RESERVED +CVE-2022-47532 + RESERVED +CVE-2022-47531 (An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versi ...) + NOT-FOR-US: Ericsson Evolved Packet Gateway (EPG) +CVE-2022-47530 + RESERVED +CVE-2022-47529 (Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWit ...) + NOT-FOR-US: NetWitness +CVE-2022-47528 + RESERVED +CVE-2022-47527 + RESERVED +CVE-2022-47526 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path travers ...) + NOT-FOR-US: Fox-IT DataDiode +CVE-2022-47525 (Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Ze ...) + NOT-FOR-US: Fox-IT DataDiode +CVE-2022-47524 (F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homog ...) + NOT-FOR-US: F-Secure SAFE Browser +CVE-2022-47523 (Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pr ...) + NOT-FOR-US: Zoho +CVE-2022-4607 (A vulnerability was found in 3D City Database OGC Web Feature Service ...) + NOT-FOR-US: 3D City Database OGC Web Feature Service +CVE-2021-4257 (A vulnerability was found in ctrlo lenio. It has been declared as prob ...) + NOT-FOR-US: ctrlo lenio +CVE-2021-4256 (A vulnerability was found in ctrlo lenio. It has been classified as pr ...) + NOT-FOR-US: ctrlo lenio +CVE-2021-4255 (A vulnerability was found in ctrlo lenio and classified as problematic ...) + NOT-FOR-US: ctrlo lenio +CVE-2021-4254 (A vulnerability has been found in ctrlo lenio and classified as proble ...) + NOT-FOR-US: ctrlo lenio +CVE-2021-4253 (A vulnerability, which was classified as problematic, was found in ctr ...) + NOT-FOR-US: ctrlo lenio +CVE-2021-4252 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WP-Ban +CVE-2021-4251 (A vulnerability classified as problematic was found in as. This vulner ...) + NOT-FOR-US: andrewsauder/as +CVE-2021-4250 (A vulnerability classified as problematic has been found in cgriego ac ...) + NOT-FOR-US: ActiveAttr +CVE-2022-4606 (PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress ...) + NOT-FOR-US: flatpressblog +CVE-2022-4605 (Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog ...) + NOT-FOR-US: flatpressblog +CVE-2022-4604 (A vulnerability classified as problematic was found in wp-english-wp-a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4603 (A vulnerability classified as problematic has been found in ppp. Affec ...) + - ppp (unimportant) + NOTE: https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf + NOTE: No security impact +CVE-2022-4602 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been rate ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4601 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been decl ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4600 (A vulnerability was found in Shoplazza LifeStyle 1.1. It has been clas ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4599 (A vulnerability was found in Shoplazza LifeStyle 1.1 and classified as ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4598 (A vulnerability has been found in Shoplazza LifeStyle 1.1 and classifi ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4597 (A vulnerability, which was classified as problematic, was found in Sho ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4596 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Shoplazza LifeStyle +CVE-2022-4595 (A vulnerability classified as problematic has been found in django-ope ...) + NOT-FOR-US: django-openipam +CVE-2022-4594 (A vulnerability was found in drogatkin TJWS2. It has been declared as ...) + NOT-FOR-US: drogatkin TJWS2 +CVE-2022-4593 (A vulnerability was found in retra-system. It has been classified as p ...) + NOT-FOR-US: retra-system +CVE-2022-4592 (A vulnerability was found in luckyshot CRMx and classified as critical ...) + NOT-FOR-US: luckyshot CRMx +CVE-2021-4249 (A vulnerability was found in xml-conduit. It has been classified as pr ...) + - haskell-xml-conduit 1.9.1.1-1 + [bullseye] - haskell-xml-conduit (Minor issue) + [buster] - haskell-xml-conduit (Minor issue) + NOTE: https://github.com/snoyberg/xml/pull/161/commits/2274b3c26fda7406337ce47cdfd862ef187694e2 + NOTE: https://github.com/snoyberg/xml/commit/4be1021791dcdee8b164d239433a2043dc0939ea (xml-conduit/1.9.1.0) +CVE-2021-4248 (A vulnerability was found in kapetan dns up to 6.1.0. It has been rate ...) + NOT-FOR-US: kapetan dns +CVE-2021-4247 (A vulnerability has been found in OWASP NodeGoat and classified as pro ...) + NOT-FOR-US: NodeGoat +CVE-2020-36617 (A vulnerability was found in ewxrjk sftpserver. It has been declared a ...) + NOT-FOR-US: ewxrjk sftpserver +CVE-2023-22223 + RESERVED +CVE-2023-22222 + RESERVED +CVE-2023-22221 + RESERVED +CVE-2023-22220 + RESERVED +CVE-2023-22219 + RESERVED +CVE-2023-22218 + RESERVED +CVE-2023-22217 + RESERVED +CVE-2023-22216 + RESERVED +CVE-2023-22215 + RESERVED +CVE-2023-22214 + RESERVED +CVE-2023-22213 + RESERVED +CVE-2023-22212 + RESERVED +CVE-2023-22211 + RESERVED +CVE-2023-22210 + RESERVED +CVE-2023-22209 + RESERVED +CVE-2023-22208 + RESERVED +CVE-2023-22207 + RESERVED +CVE-2023-22206 + RESERVED +CVE-2023-22205 + RESERVED +CVE-2023-22204 + RESERVED +CVE-2023-22203 + RESERVED +CVE-2023-22202 + RESERVED +CVE-2023-22201 + RESERVED +CVE-2023-22200 + RESERVED +CVE-2023-22199 + RESERVED +CVE-2023-22198 + RESERVED +CVE-2023-22197 + RESERVED +CVE-2023-22196 + RESERVED +CVE-2023-22195 + RESERVED +CVE-2023-22194 + RESERVED +CVE-2023-22193 + RESERVED +CVE-2023-22192 + RESERVED +CVE-2023-22191 + RESERVED +CVE-2023-22190 + RESERVED +CVE-2023-22189 + RESERVED +CVE-2023-22188 + RESERVED +CVE-2023-22187 + RESERVED +CVE-2023-22186 + RESERVED +CVE-2023-22185 + RESERVED +CVE-2023-22184 + RESERVED +CVE-2023-22183 + RESERVED +CVE-2023-22182 + RESERVED +CVE-2023-22181 + RESERVED +CVE-2023-22180 + RESERVED +CVE-2023-22179 + RESERVED +CVE-2023-22178 + RESERVED +CVE-2023-22177 + RESERVED +CVE-2023-22176 + RESERVED +CVE-2023-22175 + RESERVED +CVE-2023-22174 + RESERVED +CVE-2023-22173 + RESERVED +CVE-2023-22172 + RESERVED +CVE-2023-22171 + RESERVED +CVE-2023-22170 + RESERVED +CVE-2023-22169 + RESERVED +CVE-2023-22168 + RESERVED +CVE-2023-22167 + RESERVED +CVE-2023-22166 + RESERVED +CVE-2023-22165 + RESERVED +CVE-2023-22164 + RESERVED +CVE-2023-22163 + RESERVED +CVE-2023-22162 + RESERVED +CVE-2023-22161 + RESERVED +CVE-2023-22160 + RESERVED +CVE-2023-22159 + RESERVED +CVE-2023-22158 + RESERVED +CVE-2023-22157 + RESERVED +CVE-2023-22156 + RESERVED +CVE-2023-22155 + RESERVED +CVE-2023-22154 + RESERVED +CVE-2023-22153 + RESERVED +CVE-2023-22152 + RESERVED +CVE-2023-22151 + RESERVED +CVE-2023-22150 + RESERVED +CVE-2023-22149 + RESERVED +CVE-2023-22148 + RESERVED +CVE-2023-22147 + RESERVED +CVE-2023-22146 + RESERVED +CVE-2023-22145 + RESERVED +CVE-2023-22144 + RESERVED +CVE-2023-22143 + RESERVED +CVE-2023-22142 + RESERVED +CVE-2023-22141 + RESERVED +CVE-2023-22140 + RESERVED +CVE-2023-22139 + RESERVED +CVE-2023-22138 + RESERVED +CVE-2023-22137 + RESERVED +CVE-2023-22136 + RESERVED +CVE-2023-22135 + RESERVED +CVE-2023-22134 + RESERVED +CVE-2023-22133 + RESERVED +CVE-2023-22132 + RESERVED +CVE-2023-22131 + RESERVED +CVE-2023-22130 (Vulnerability in the Sun ZFS Storage Appliance product of Oracle Syste ...) + NOT-FOR-US: Oracle +CVE-2023-22129 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-22128 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-22127 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2023-22126 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2023-22125 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2023-22124 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2023-22123 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2023-22122 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2023-22121 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2023-22120 + RESERVED +CVE-2023-22119 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22118 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22117 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22116 + RESERVED +CVE-2023-22115 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 +CVE-2023-22114 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22113 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 +CVE-2023-22112 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22111 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 +CVE-2023-22110 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 +CVE-2023-22109 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22108 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22107 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) + NOT-FOR-US: Oracle +CVE-2023-22106 (Vulnerability in the Oracle Enterprise Command Center Framework produc ...) + NOT-FOR-US: Oracle +CVE-2023-22105 (Vulnerability in the BI Publisher product of Oracle Analytics (compone ...) + NOT-FOR-US: Oracle +CVE-2023-22104 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 +CVE-2023-22103 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22102 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + - mysql-connector-java +CVE-2023-22101 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22100 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.12-dfsg-1 +CVE-2023-22099 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.12-dfsg-1 +CVE-2023-22098 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.12-dfsg-1 +CVE-2023-22097 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22096 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2023-22095 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 (Only affects 8.1) +CVE-2023-22094 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...) + NOT-FOR-US: Oracle +CVE-2023-22093 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2023-22092 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22091 (Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise ...) + NOT-FOR-US: Oracle +CVE-2023-22090 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) + NOT-FOR-US: Oracle +CVE-2023-22089 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22088 (Vulnerability in the Oracle Communications Order and Service Managemen ...) + NOT-FOR-US: Oracle +CVE-2023-22087 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) + NOT-FOR-US: Oracle +CVE-2023-22086 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22085 (Vulnerability in the Hospitality OPERA 5 Property Services product of ...) + NOT-FOR-US: Oracle +CVE-2023-22084 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb 1:10.11.6-1 + [bookworm] - mariadb (Minor issue, will be fixed via point update) + - mariadb-10.5 + [bullseye] - mariadb-10.5 (Minor issue, will be fixed via point update) + - mariadb-10.3 + - mysql-8.0 8.0.35-1 (bug #1055034) + NOTE: Fixed in MariaDB: 11.2.2, 11.1.3, 11.0.4, 10.11.6, 10.10.7, 10.6.16, 10.5.23, 10.4.32 +CVE-2023-22083 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + NOT-FOR-US: Oracle +CVE-2023-22082 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22081 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + {DSA-5548-1 DSA-5537-1 DLA-3636-1} + - openjdk-8 8u392-ga-1 + - openjdk-11 11.0.21+9-1 + - openjdk-17 17.0.9+9-1 + - openjdk-21 21.0.1+12-1 +CVE-2023-22080 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22079 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22078 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22077 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...) + NOT-FOR-US: Oracle +CVE-2023-22076 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2023-22075 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) + NOT-FOR-US: Oracle +CVE-2023-22074 (Vulnerability in the Oracle Database Sharding component of Oracle Data ...) + NOT-FOR-US: Oracle +CVE-2023-22073 (Vulnerability in the Oracle Notification Server component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2023-22072 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22071 (Vulnerability in the PL/SQL component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2023-22070 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22069 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22068 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22067 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + - openjdk-8 8u392-ga-1 +CVE-2023-22066 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22065 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 +CVE-2023-22064 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22063 + RESERVED +CVE-2023-22062 (Vulnerability in the Oracle Hyperion Financial Reporting product of Or ...) + NOT-FOR-US: Oracle +CVE-2023-22061 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22060 (Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyper ...) + NOT-FOR-US: Oracle +CVE-2023-22059 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22058 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22057 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22056 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22055 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-22054 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22053 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22052 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2023-22051 (Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM ...) + NOT-FOR-US: Oracle +CVE-2023-22050 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) + NOT-FOR-US: Oracle +CVE-2023-22049 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5458-1 DLA-3571-1} + - openjdk-8 8u382-ga-1 + - openjdk-11 11.0.20+8-1 + - openjdk-17 17.0.8+7-1 +CVE-2023-22048 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22047 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22046 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22045 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5458-1 DLA-3571-1} + - openjdk-8 8u382-ga-1 + - openjdk-11 11.0.20+8-1 + - openjdk-17 17.0.8+7-1 +CVE-2023-22044 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5458-1} + - openjdk-17 17.0.8+7-1 +CVE-2023-22043 (Vulnerability in Oracle Java SE (component: JavaFX). The supported v ...) + - openjfx 11+26-1 + NOTE: This only affects JavaFX 8.x, so marking the first 11 upload as fixed +CVE-2023-22042 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2023-22041 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5458-1 DLA-3571-1} + - openjdk-11 11.0.20+8-1 + - openjdk-17 17.0.8+7-1 +CVE-2023-22040 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22039 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) + NOT-FOR-US: Oracle +CVE-2023-22038 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22037 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + NOT-FOR-US: Oracle +CVE-2023-22036 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5458-1 DLA-3571-1} + - openjdk-11 11.0.20+8-1 + - openjdk-17 17.0.8+7-1 +CVE-2023-22035 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2023-22034 (Vulnerability in the Unified Audit component of Oracle Database Server ...) + NOT-FOR-US: Oracle +CVE-2023-22033 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22032 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.35-1 (bug #1055034) +CVE-2023-22031 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-22030 + RESERVED +CVE-2023-22029 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...) + NOT-FOR-US: Oracle +CVE-2023-22028 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 +CVE-2023-22027 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22026 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 +CVE-2023-22025 (Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle Gr ...) + {DSA-5548-1} + - openjdk-17 17.0.9+9-1 + - openjdk-21 21.0.1+12-1 +CVE-2023-22024 (In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has ...) + NOT-FOR-US: Oracle +CVE-2023-22023 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-22022 (Vulnerability in the Oracle Health Sciences Sciences Data Management W ...) + NOT-FOR-US: Oracle +CVE-2023-22021 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22020 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22019 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2023-22018 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.10-dfsg-1 +CVE-2023-22017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.10-dfsg-1 +CVE-2023-22016 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.10-dfsg-1 +CVE-2023-22015 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 +CVE-2023-22014 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-22013 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22012 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22011 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-22010 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) + NOT-FOR-US: Oracle +CVE-2023-22009 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...) + NOT-FOR-US: Oracle +CVE-2023-22008 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22007 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22006 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5458-1 DLA-3571-1} + - openjdk-11 11.0.20+8-1 + - openjdk-17 17.0.8+7-1 +CVE-2023-22005 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-22004 (Vulnerability in the Oracle Applications Technology product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-22003 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-22002 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-22001 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-22000 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21999 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21998 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21997 (Vulnerability in the Oracle User Management product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2023-21996 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21995 + RESERVED +CVE-2023-21994 (Vulnerability in the Oracle Mobile Security Suite product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2023-21993 (Vulnerability in the Oracle Clinical Remote Data Capture product of Or ...) + NOT-FOR-US: Oracle +CVE-2023-21992 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) + NOT-FOR-US: Oracle +CVE-2023-21991 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21990 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21989 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21988 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21987 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.8-dfsg-1 +CVE-2023-21986 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + NOT-FOR-US: GraalVM +CVE-2023-21985 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21984 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21983 (Vulnerability in the Application Express Administration product of Ora ...) + NOT-FOR-US: Oracle +CVE-2023-21982 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21981 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21980 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21979 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21978 (Vulnerability in the Oracle Application Object Library product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21977 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21976 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21975 (Vulnerability in the Application Express Customers Plugin product of O ...) + NOT-FOR-US: Oracle +CVE-2023-21974 (Vulnerability in the Application Express Team Calendar Plugin product ...) + NOT-FOR-US: Oracle +CVE-2023-21973 (Vulnerability in the Oracle iProcurement product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2023-21972 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21971 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + - mysql-connector-java +CVE-2023-21970 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) + NOT-FOR-US: Oracle +CVE-2023-21969 (Vulnerability in Oracle SQL Developer (component: Installation). Supp ...) + NOT-FOR-US: Oracle +CVE-2023-21968 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21967 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21966 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21965 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21964 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21963 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 +CVE-2023-21962 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21961 (Vulnerability in the Oracle Hyperion Essbase Administration Services p ...) + NOT-FOR-US: Oracle +CVE-2023-21960 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21959 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2023-21958 + RESERVED +CVE-2023-21957 + RESERVED +CVE-2023-21956 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21955 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21954 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21953 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21952 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21951 + RESERVED +CVE-2023-21950 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.34-1 (bug #1041819) +CVE-2023-21949 (Vulnerability in the Advanced Networking Option component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2023-21948 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21947 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21946 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21945 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21944 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) + NOT-FOR-US: Oracle +CVE-2023-21943 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) + NOT-FOR-US: Oracle +CVE-2023-21942 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) + NOT-FOR-US: Oracle +CVE-2023-21941 (Vulnerability in the Oracle BI Publisher product of Oracle Analytics ( ...) + NOT-FOR-US: Oracle +CVE-2023-21940 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21939 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21938 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21937 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21936 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-21935 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21934 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2023-21933 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21932 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) + NOT-FOR-US: Oracle +CVE-2023-21931 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21930 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5478-1 DSA-5430-1 DLA-3571-1} + - openjdk-8 8u372-ga-1 + - openjdk-11 11.0.19+7-1 (bug #1036280) + - openjdk-17 17.0.7+7-1 (bug #1035957) + - openjdk-20 20.0.1+9-2 +CVE-2023-21929 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21928 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21927 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-21926 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21925 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21924 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21923 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21922 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21921 (Vulnerability in the Oracle Health Sciences InForm product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2023-21920 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21919 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21918 (Vulnerability in the Oracle Database Recovery Manager component of Ora ...) + NOT-FOR-US: Oracle +CVE-2023-21917 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 +CVE-2023-21916 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21915 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + NOT-FOR-US: Oracle +CVE-2023-21914 + RESERVED +CVE-2023-21913 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 +CVE-2023-21912 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 +CVE-2023-21911 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.33-1 (bug #1034719) +CVE-2023-21910 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21909 (Vulnerability in the Siebel CRM product of Oracle Siebel CRM (componen ...) + NOT-FOR-US: Oracle +CVE-2023-21908 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21907 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21906 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21905 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21904 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21903 (Vulnerability in the Oracle Banking Virtual Account Management product ...) + NOT-FOR-US: Oracle +CVE-2023-21902 (Vulnerability in the Oracle Financial Services Behavior Detection Plat ...) + NOT-FOR-US: Oracle +CVE-2023-21901 + RESERVED +CVE-2023-21900 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21899 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21898 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21897 + RESERVED +CVE-2023-21896 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2023-21895 + RESERVED +CVE-2023-21894 (Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Fr ...) + NOT-FOR-US: Oracle +CVE-2023-21893 (Vulnerability in the Oracle Data Provider for .NET component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-21892 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21891 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21890 (Vulnerability in the Oracle Communications Converged Application Serve ...) + NOT-FOR-US: Oracle +CVE-2023-21889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21888 (Vulnerability in the Primavera Gateway product of Oracle Construction ...) + NOT-FOR-US: Oracle +CVE-2023-21887 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 7.0.6-dfsg-1 (bug #1029153) +CVE-2023-21883 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21882 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21881 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21880 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21879 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21877 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21876 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21875 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21874 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 +CVE-2023-21873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21872 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 +CVE-2023-21871 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2023-21865 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 +CVE-2023-21864 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 +CVE-2023-21863 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21862 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...) + NOT-FOR-US: Oracle +CVE-2023-21861 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2023-21860 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2023-21859 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2023-21858 (Vulnerability in the Oracle Collaborative Planning product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2023-21857 (Vulnerability in the Oracle HCM Common Architecture product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2023-21856 (Vulnerability in the Oracle iSetup product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2023-21855 (Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2023-21854 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2023-21853 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2023-21852 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2023-21851 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2023-21850 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21849 (Vulnerability in the Oracle Applications DBA product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2023-21848 (Vulnerability in the Oracle Communications Convergence product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21847 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + NOT-FOR-US: Oracle +CVE-2023-21846 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2023-21845 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21844 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2023-21843 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-8 8u362-ga-1 + - openjdk-11 11.0.18+10-1 + - openjdk-17 17.0.6+10-1 + - openjdk-21 21~7ea-1 +CVE-2023-21842 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21840 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 +CVE-2023-21839 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21838 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21837 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2023-21836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.32-1 (bug #1029151) +CVE-2023-21835 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-11 11.0.18+10-1 + - openjdk-17 17.0.6+10-1 + - openjdk-21 21~7ea-1 +CVE-2023-21834 (Vulnerability in the Oracle Self-Service Human Resources product of Or ...) + NOT-FOR-US: Oracle +CVE-2023-21833 + RESERVED +CVE-2023-21832 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2023-21831 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) + NOT-FOR-US: Oracle +CVE-2023-21830 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + - openjdk-8 8u362-ga-1 + - openjdk-21 21~7ea-1 +CVE-2023-21829 (Vulnerability in the Oracle Database RDBMS Security component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2023-21828 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2023-21827 (Vulnerability in the Oracle Database Data Redaction component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2023-21826 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2023-21825 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2023-21824 (Vulnerability in the Oracle Communications BRM - Elastic Charging Engi ...) + NOT-FOR-US: Oracle +CVE-2022-47522 (The IEEE 802.11 specifications through 802.11ax allow physically proxi ...) + NOT-FOR-US: IEEE 802.11 specifications +CVE-2022-47521 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) + {DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/f9b62f9843c7b0afdaecabbcebf1dbba18599408 (6.1-rc8) +CVE-2022-47520 (An issue was discovered in the Linux kernel before 6.0.11. Missing off ...) + {DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/cd21d99e595ec1d8721e1058dcdd4f1f7de1d793 (6.1-rc8) +CVE-2022-47517 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...) + NOT-FOR-US: libsofia-sip fork in drachtio-server + NOTE: CVE corresponds partially to issues fixed for CVE-2022-31002 for src:sofia-sip +CVE-2022-47516 (An issue was discovered in the libsofia-sip fork in drachtio-server be ...) + {DSA-5410-1 DLA-3334-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-5 (bug #1031792) + NOTE: Report in fork: https://github.com/drachtio/drachtio-server/issues/244 + NOTE: https://github.com/freeswitch/sofia-sip/commit/cadf505d88e2971d24b6a4379ddbb1398d8ec443 (v1.13.14) +CVE-2022-47515 (An issue was discovered in drachtio-server before 0.8.20. It allows re ...) + NOT-FOR-US: drachtio-server +CVE-2022-47514 (An XML external entity (XXE) injection vulnerability in XML-RPC.NET be ...) + NOT-FOR-US: XML-RPC.NET +CVE-2022-47519 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) + {DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/051ae669e4505abbe05165bebf6be7922de11f41 +CVE-2022-47518 (An issue was discovered in the Linux kernel before 6.0.11. Missing val ...) + {DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/0cdfa9e6f0915e3d243e2393bfa8a22e12d553b0 +CVE-2022-47513 + RESERVED +CVE-2022-4591 (A vulnerability was found in mschaef toto up to 1.4.20. It has been de ...) + NOT-FOR-US: mschaef toto +CVE-2022-4590 (A vulnerability was found in mschaef toto up to 1.4.20. It has been cl ...) + NOT-FOR-US: mschaef toto +CVE-2022-4589 (A vulnerability has been found in cyface Terms and Conditions Module u ...) + NOT-FOR-US: cyface Terms and Conditions Module +CVE-2022-4588 (A vulnerability, which was classified as problematic, was found in Bos ...) + NOT-FOR-US: Boston Sleep slice +CVE-2022-4587 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Opencaching Deutschland oc-server3 +CVE-2022-4586 (A vulnerability classified as problematic was found in Opencaching Deu ...) + NOT-FOR-US: Opencaching Deutschland oc-server3 +CVE-2022-4585 (A vulnerability classified as problematic has been found in Opencachin ...) + NOT-FOR-US: Opencaching Deutschland oc-server3 +CVE-2022-4584 (A vulnerability was found in Axiomatic Bento4 up to 1.6.0-639. It has ...) + NOT-FOR-US: Bento4 +CVE-2022-4583 (A vulnerability was found in jLEMS. It has been declared as critical. ...) + NOT-FOR-US: jLEMS +CVE-2022-4582 (A vulnerability was found in starter-public-edition-4 up to 4.6.10. It ...) + NOT-FOR-US: starter-public-edition-4 +CVE-2022-4581 (A vulnerability was found in 1j01 mind-map and classified as problemat ...) + NOT-FOR-US: 1j01 +CVE-2021-4246 (A vulnerability was found in roxlukas LMeve and classified as critical ...) + NOT-FOR-US: roxlukas LMeve +CVE-2023-21823 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21822 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21821 + RESERVED +CVE-2023-21820 (Windows Distributed File System (DFS) Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-21819 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21818 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21817 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21816 (Windows Active Directory Domain Services API Denial of Service Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-21815 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21814 + RESERVED +CVE-2023-21813 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21812 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-21811 (Windows iSCSI Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21810 + RESERVED +CVE-2023-21809 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21808 (.NET and Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21807 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-21806 (Power BI Report Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21805 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21804 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21803 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21802 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21801 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-21800 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21799 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-21798 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21797 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21795 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21794 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21793 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21792 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21791 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21790 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21789 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21788 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21787 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21786 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21785 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21784 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21783 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21782 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21781 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21780 (3D Builder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21779 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21778 (Microsoft Dynamics Unified Service Desk Remote Code Execution Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2023-21777 (Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-21776 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21775 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21774 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-4580 (The Twenty20 Image Before-After WordPress plugin through 1.5.9 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4579 + REJECTED +CVE-2022-4578 (The Video Conferencing with Zoom WordPress plugin before 4.0.10 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4577 (The Easy Testimonials WordPress plugin before 3.9.3 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4576 (The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4575 (A vulnerability due to improper write protection of UEFI variables was ...) + NOT-FOR-US: Lenovo +CVE-2022-4574 (An SMI handler input validation vulnerability in the BIOS of some Thin ...) + NOT-FOR-US: Lenovo +CVE-2022-4573 (An SMI handler input validation vulnerability in the ThinkPad X1 Fold ...) + NOT-FOR-US: Lenovo +CVE-2022-4572 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: UBI reader +CVE-2022-4571 (The Seriously Simple Podcasting WordPress plugin before 2.19.1 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4570 (The Top 10 WordPress plugin before 3.2.3 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4569 (A local privilege escalation vulnerability in the ThinkPad Hybrid USB- ...) + NOT-FOR-US: Lenovo +CVE-2022-4568 (A directory permissions management vulnerability in Lenovo System Upda ...) + NOT-FOR-US: Lenovo +CVE-2022-4567 (Improper Access Control in GitHub repository openemr/openemr prior to ...) + NOT-FOR-US: OpenEMR +CVE-2021-46866 + RESERVED +CVE-2021-46865 + RESERVED +CVE-2021-46864 + RESERVED +CVE-2021-46863 + RESERVED +CVE-2021-46862 + RESERVED +CVE-2021-46861 + RESERVED +CVE-2021-46860 + RESERVED +CVE-2021-46859 + RESERVED +CVE-2021-46858 + RESERVED +CVE-2021-46857 + RESERVED +CVE-2020-36616 + RESERVED +CVE-2020-36615 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-36614 + RESERVED +CVE-2020-36613 + RESERVED +CVE-2020-36612 + RESERVED +CVE-2019-25083 + REJECTED +CVE-2019-25082 + REJECTED +CVE-2019-25081 + REJECTED +CVE-2019-25080 + REJECTED +CVE-2019-25079 + REJECTED +CVE-2022-4566 (A vulnerability, which was classified as critical, has been found in y ...) + NOT-FOR-US: RuoYi +CVE-2022-4565 (A vulnerability classified as problematic was found in Dromara HuTool ...) + NOT-FOR-US: Dromara HuTool +CVE-2022-4564 (A vulnerability classified as problematic has been found in University ...) + NOT-FOR-US: University of Central Florida Materia +CVE-2022-4563 (A vulnerability was found in Freedom of the Press SecureDrop. It has b ...) + NOT-FOR-US: Freedom of the Press SecureDrop +CVE-2022-4562 (The Meks Flexible Shortcodes WordPress plugin before 1.3.5 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4561 (A vulnerability classified as problematic has been found in SemanticDr ...) + NOT-FOR-US: SemanticDrilldown MediaWiki extension +CVE-2022-4560 (A vulnerability was found in Joget up to 7.0.31. It has been rated as ...) + NOT-FOR-US: Joget +CVE-2022-4559 (A vulnerability was found in INEX IPX-Manager up to 6.2.0. It has been ...) + NOT-FOR-US: INEX IPX-Manager +CVE-2022-4558 (A vulnerability was found in Alinto SOGo up to 5.7.1. It has been clas ...) + - sogo 5.8.0-1 + [bullseye] - sogo (Minor issue) + [buster] - sogo (Minor issue) + NOTE: https://github.com/Alinto/sogo/commit/1e0f5f00890f751e84d67be4f139dd7f00faa5f3 (SOGo-5.8.0) +CVE-2022-4557 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-4556 (A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as ...) + - sogo 5.8.0-1 + [bullseye] - sogo (Minor issue) + [buster] - sogo (Minor issue) + NOTE: https://github.com/Alinto/sogo/commit/efac49ae91a4a325df9931e78e543f707a0f8e5e (SOGo-5.8.0) +CVE-2022-4555 (The WP Shamsi plugin for WordPress is vulnerable to authorization bypa ...) + NOT-FOR-US: WP Shamsi plugin for WordPress +CVE-2022-4554 (B2B Customer Ordering System developed by ID Software Project and Cons ...) + NOT-FOR-US: B2B Customer Ordering System +CVE-2022-4553 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4552 (The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4551 (The Rich Table of Contents WordPress plugin before 1.3.9 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4550 (The User Activity WordPress plugin through 1.0.1 checks headers such a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4549 (The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4548 (The Optimize images ALT Text & names for SEO using AI WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4547 (The Conditional Payment Methods for WooCommerce WordPress plugin throu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4546 (The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4545 (The Sitemap WordPress plugin before 4.4 does not validate and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4544 (The MashShare WordPress plugin before 3.8.7 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4543 (A flaw named "EntryBleed" was found in the Linux Kernel Page Table Iso ...) + - linux + [bookworm] - linux (Minor issue, revisit when/if fixed upstream) + [bullseye] - linux (Minor issue, revisit when/if fixed upstream) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/16/3 + NOTE: https://www.willsroot.io/2022/12/entrybleed.html +CVE-2023-0016 (SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to exec ...) + NOT-FOR-US: SAP +CVE-2023-0015 (In SAP BusinessObjects Business Intelligence Platform (Web Intelligenc ...) + NOT-FOR-US: SAP +CVE-2023-0014 (SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, ...) + NOT-FOR-US: SAP +CVE-2023-0013 (The ABAP Keyword Documentation of SAP NetWeaver Application Server - v ...) + NOT-FOR-US: SAP +CVE-2023-0012 (In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gai ...) + NOT-FOR-US: SAP +CVE-2022-4542 (The Compact WP Audio Player WordPress plugin before 1.9.8 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4541 + RESERVED +CVE-2022-4540 + RESERVED +CVE-2022-4539 + RESERVED +CVE-2022-4538 + RESERVED +CVE-2022-4537 (The Hide My WP Ghost \u2013 Security Plugin plugin for WordPress is vu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4536 + RESERVED +CVE-2022-4535 + RESERVED +CVE-2022-4534 + RESERVED +CVE-2022-4533 + RESERVED +CVE-2022-4532 + RESERVED +CVE-2022-4531 + REJECTED +CVE-2022-4530 + RESERVED +CVE-2022-4529 + RESERVED +CVE-2022-4528 + RESERVED +CVE-2022-4527 (A vulnerability was found in collective.task up to 3.0.8. It has been ...) + NOT-FOR-US: collective.task +CVE-2022-4526 (A vulnerability was found in django-photologue up to 3.15.1 and classi ...) + NOT-FOR-US: django-photologue +CVE-2022-4525 (A vulnerability has been found in National Sleep Research Resource sle ...) + NOT-FOR-US: National Sleep Research Resource +CVE-2022-4524 (A vulnerability, which was classified as problematic, was found in Roo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4523 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Virtual Exim 2 +CVE-2022-4522 (A vulnerability classified as problematic was found in CalendarXP up t ...) + NOT-FOR-US: CalenderXP +CVE-2022-4521 (A vulnerability classified as problematic has been found in WSO2 carbo ...) + NOT-FOR-US: WSO carbon-registry +CVE-2022-4520 (A vulnerability was found in WSO2 carbon-registry up to 4.8.11. It has ...) + NOT-FOR-US: WSO carbon-registry +CVE-2022-4519 (The WP User plugin for WordPress is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WP User plugin for WordPress +CVE-2022-4518 + RESERVED +CVE-2022-47512 (Sensitive information was stored in plain text in a file that is acces ...) + NOT-FOR-US: SolarWinds +CVE-2022-47511 + RESERVED +CVE-2022-47510 + RESERVED +CVE-2022-47509 (The SolarWinds Platform was susceptible to the Incorrect Input Neutral ...) + NOT-FOR-US: SolarWinds +CVE-2022-47508 (Customers who had configured their polling to occur via Kerberos did n ...) + NOT-FOR-US: SolarWinds +CVE-2022-47507 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-47506 (SolarWinds Platform was susceptible to the Directory Traversal Vulnera ...) + NOT-FOR-US: SolarWinds +CVE-2022-47505 (The SolarWinds Platform was susceptible to the Local Privilege Escalat ...) + NOT-FOR-US: SolarWinds +CVE-2022-47504 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-47503 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-47502 (Apache OpenOffice documents can contain links that call internal macro ...) + NOT-FOR-US: Apache OpenOffice +CVE-2022-47501 (Arbitrary file reading vulnerability in Apache Software Foundation Apa ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-47500 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in A ...) + NOT-FOR-US: Apache Helix +CVE-2022-47499 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47498 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47497 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47496 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47495 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47494 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47493 (In soter service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-47492 (In soter service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-47491 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47490 (In soter service, there is a possible missing permission check. This c ...) + NOT-FOR-US: Unisoc +CVE-2022-47489 (In soter service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-47488 (In spipe drive, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-47487 (In thermal service, there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Unisoc +CVE-2022-47486 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) + NOT-FOR-US: Unisoc +CVE-2022-47485 (In modem control device, there is a possible out of bounds write due t ...) + NOT-FOR-US: Unisoc +CVE-2022-47484 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47483 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47482 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47481 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47480 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47479 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47478 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47477 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47476 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47475 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47474 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47473 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47472 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47471 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47470 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) + NOT-FOR-US: Unisoc +CVE-2022-47469 (In ext4fsfilter driver, there is a possible out of bounds read due to ...) + NOT-FOR-US: Unisoc +CVE-2022-47468 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47467 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47466 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47465 (In vdsp service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-47464 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47463 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47462 (In telephone service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47461 (In telephone service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-47460 (In gpu device, there is a memory corruption due to a use after free. T ...) + NOT-FOR-US: Unisoc +CVE-2022-47459 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47458 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47457 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47456 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47455 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47454 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47453 (In wcn service, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47452 (In gnss driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-47451 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47450 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-46732 (Even if the authentication fails for local service authentication, the ...) + NOT-FOR-US: GE Digital +CVE-2022-46660 (An unauthorized user could alter or write files with full control over ...) + NOT-FOR-US: GE Digital +CVE-2022-46331 (An unauthorized user could possibly delete any file on the system.) + NOT-FOR-US: GE Digital +CVE-2022-4517 + RESERVED +CVE-2022-4516 + REJECTED +CVE-2022-4515 (A flaw was found in Exuberant Ctags in the way it handles the "-o" opt ...) + {DLA-3254-1} + - exuberant-ctags 1:5.9~svn20110310-18 (bug #1026995) + [bullseye] - exuberant-ctags (Minor issue) + - universal-ctags (Fixed before initial upload to Debian) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153519 + NOTE: Fixed by: https://github.com/universal-ctags/ctags/commit/e00c55d7a0204dc1d0ae316141323959e1e16162 +CVE-2022-4514 (A vulnerability, which was classified as problematic, was found in Ope ...) + NOT-FOR-US: OpenCaching oc-server3 +CVE-2022-4513 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: European Environment Agency eionet.contreg +CVE-2022-4512 (The Better Font Awesome WordPress plugin before 2.0.4 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4511 (A vulnerability has been found in RainyGao DocSys and classified as cr ...) + NOT-FOR-US: RainyGao DocSys +CVE-2022-4510 (A path traversal vulnerability was identified in ReFirm Labs binwalk f ...) + {DLA-3339-1} + - binwalk 2.3.4+dfsg1-1 + [bullseye] - binwalk (Minor issue) + NOTE: https://github.com/ReFirmLabs/binwalk/pull/617 + NOTE: https://github.com/ReFirmLabs/binwalk/commit/696fe34ed680ffd951bfeca737feb4a0b98dde5c (v2.3.4) +CVE-2022-4509 (The Content Control WordPress plugin before 1.1.10 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43494 (An unauthorized user could be able to read any file on the system, pot ...) + NOT-FOR-US: GE Digital +CVE-2022-38469 (An unauthorized user with network access and the decryption key could ...) + NOT-FOR-US: GE Digital +CVE-2021-4245 (A vulnerability classified as problematic has been found in chbrown rf ...) + NOT-FOR-US: rfc6902 +CVE-2022-47449 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47448 (Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47447 (Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47446 (Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations St ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47445 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47444 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfileP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47443 (Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47442 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47441 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitab ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47440 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47439 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket A ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47438 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpD ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47437 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bran ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47436 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mant ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47435 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliv ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47434 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47433 (Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47432 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47431 (Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor inter ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47430 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47429 + RESERVED +CVE-2022-47428 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47427 (Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47426 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47425 + RESERVED +CVE-2022-47424 + RESERVED +CVE-2022-47423 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47422 (Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept St ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47421 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47420 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47419 (An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful ...) + NOT-FOR-US: Mayan EDMS DMS +CVE-2022-47418 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) + NOT-FOR-US: LogicalDOC +CVE-2022-47417 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) + NOT-FOR-US: LogicalDOC +CVE-2022-47416 (LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type ...) + NOT-FOR-US: LogicalDOC +CVE-2022-47415 (LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a s ...) + NOT-FOR-US: LogicalDOC +CVE-2022-47414 (If an attacker has access to the console for OpenKM (and is authentica ...) + NOT-FOR-US: OpenKM +CVE-2022-47413 (Given a malicious document provided by an attacker, the OpenKM DMS is ...) + NOT-FOR-US: OpenKM +CVE-2022-47412 (Given a malicious document provided by an attacker, the ONLYOFFICE Wor ...) + NOT-FOR-US: ONLYOFFICE +CVE-2022-47411 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-47410 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-47409 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-47408 (An issue was discovered in the fp_newsletter (aka Newsletter subscribe ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-47407 (An issue was discovered in the fp_masterquiz (aka Master-Quiz) extensi ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-47406 (An issue was discovered in the fe_change_pwd (aka Change password for ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-4508 (The ConvertKit WordPress plugin before 2.0.5 does not validate and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4507 (The Real Cookie Banner WordPress plugin before 3.4.10 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4506 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) + NOT-FOR-US: OpenEMR +CVE-2022-4505 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: OpenEMR +CVE-2022-4504 (Improper Input Validation in GitHub repository openemr/openemr prior t ...) + NOT-FOR-US: OpenEMR +CVE-2022-4503 (Cross-site Scripting (XSS) - Generic in GitHub repository openemr/open ...) + NOT-FOR-US: OpenEMR +CVE-2022-4502 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) + NOT-FOR-US: OpenEMR +CVE-2022-4501 (The Mega Addons plugin for WordPress is vulnerable to authorization by ...) + NOT-FOR-US: Mega Addons plugin for WordPress +CVE-2022-47405 + RESERVED +CVE-2022-47404 + RESERVED +CVE-2022-47403 + RESERVED +CVE-2022-47402 + RESERVED +CVE-2022-47401 + RESERVED +CVE-2022-47400 + RESERVED +CVE-2022-47399 + RESERVED +CVE-2022-47398 + RESERVED +CVE-2022-47397 + RESERVED +CVE-2022-47396 + RESERVED +CVE-2022-4500 + RESERVED +CVE-2022-4499 (TP-Link routers, Archer C5 and WR710N-V1, using the latest software, t ...) + NOT-FOR-US: TP-Link +CVE-2022-4498 (In TP-Link routers, Archer C5 and WR710N-V1, running the latest availa ...) + NOT-FOR-US: TP-Link +CVE-2022-4497 (The Jetpack CRM WordPress plugin before 5.5 does not validate and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4496 (The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4495 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: collective.dms.basecontent +CVE-2022-4494 (A vulnerability, which was classified as critical, has been found in b ...) + NOT-FOR-US: MCPMappingViewer +CVE-2022-4493 (A vulnerability classified as critical was found in scifio. Affected b ...) + NOT-FOR-US: SCIFIO (SCientific Image Format Input & Output) +CVE-2022-4492 (The undertow client is not checking the server identity presented by t ...) + [experimental] - undertow 2.3.8-1 + - undertow 2.3.8-2 (bug #1032087) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2153260 has missing public details + NOTE: Fixed by https://github.com/undertow-io/undertow/pull/1447 +CVE-2022-4491 (The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4490 + RESERVED +CVE-2022-4489 (The HUSKY WordPress plugin before 1.3.2 unserializes user input provid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4488 (The Widgets on Pages WordPress plugin before 1.8.0 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4487 (The Easy Accordion WordPress plugin before 2.2.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4486 (The Meteor Slides WordPress plugin before 1.5.7 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4485 (The Page-list WordPress plugin before 5.3 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4484 (The Social Share, Social Login and Social Comments Plugin WordPress pl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4483 (The Insert Pages WordPress plugin before 3.7.5 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4482 (The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4481 (The Mesmerize Companion WordPress plugin before 1.6.135 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4480 (The Click to Chat WordPress plugin before 3.18.1 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4479 (The Table of Contents Plus WordPress plugin before 2212 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4478 (The Font Awesome WordPress plugin before 4.3.2 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4477 (The Smash Balloon Social Post Feed WordPress plugin before 4.1.6 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4476 (The Download Manager WordPress plugin before 3.2.62 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2023-21773 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21772 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21771 (Windows Local Session Manager (LSM) Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-21770 + RESERVED +CVE-2023-21769 (Microsoft Message Queuing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21768 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2023-21767 (Windows Overlay Filter Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21766 (Windows Overlay Filter Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21765 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21764 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21763 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21762 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21761 (Microsoft Exchange Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21760 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21759 (Windows Smart Card Resource Management Server Security Feature Bypass ...) + NOT-FOR-US: Microsoft +CVE-2023-21758 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21757 (Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2023-21756 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21755 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21754 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21753 (Event Tracing for Windows Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21752 (Windows Backup Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21751 (Azure DevOps Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21750 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21749 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21748 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21747 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21746 (Windows NTLM Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21745 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21744 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21743 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21742 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21741 (Microsoft Office Visio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21740 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21739 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21738 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21737 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21736 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21735 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21734 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21733 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21732 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21731 + RESERVED +CVE-2023-21730 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21729 (Remote Procedure Call Runtime Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21728 (Windows Netlogon Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21727 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21726 (Windows Credential Manager User Interface Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2023-21725 (Windows Malicious Software Removal Tool Elevation of Privilege Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2023-21724 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-47393 (An authenticated, remote attacker may use a Improper Restriction of Op ...) + NOT-FOR-US: CODESYS +CVE-2022-47392 (An authenticated, remote attacker may use a improper input validation ...) + NOT-FOR-US: CODESYS +CVE-2022-47391 (In multiple CODESYS products in multiple versions an unauthorized, rem ...) + NOT-FOR-US: CODESYS +CVE-2022-47390 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47389 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47388 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47387 (An authenticated remote attacker may use a stack based out-of-bounds w ...) + NOT-FOR-US: CODESYS +CVE-2022-47386 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47385 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47384 (An authenticated remote attacker may use a stack based out-of-bounds w ...) + NOT-FOR-US: CODESYS +CVE-2022-47383 (An authenticated, remote attacker may use a stack based out-of-bounds ...) + NOT-FOR-US: CODESYS +CVE-2022-47382 (An authenticated remote attacker may use a stack based out-of-bounds w ...) + NOT-FOR-US: CODESYS +CVE-2022-47381 (An authenticated remote attacker may use a stack based out-of-bounds w ...) + NOT-FOR-US: CODESYS +CVE-2022-47380 (An authenticated remote attacker may use a stack based out-of-bounds w ...) + NOT-FOR-US: CODESYS +CVE-2022-47379 (An authenticated, remote attacker may use a out-of-bounds write vulner ...) + NOT-FOR-US: CODESYS +CVE-2022-47378 (Multiple CODESYS products in multiple versions are prone to a improper ...) + NOT-FOR-US: CODESYS +CVE-2022-47377 (Password recovery vulnerability in SICK SIM2000ST Partnumber 2086502 w ...) + NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 +CVE-2022-47376 (The Alaris Infusion Central software, versions 1.1 to 1.3.2, may conta ...) + NOT-FOR-US: Alaris Infusion Central +CVE-2022-46330 (Squirrel.Windows is both a toolset and a library that provides install ...) + NOT-FOR-US: Squirrel.Windows +CVE-2022-4475 (The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4474 (The Easy Social Feed WordPress plugin before 6.4.0 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4473 (The Widget Shortcode WordPress plugin through 0.3.5 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4472 (The Simple Sitemap WordPress plugin before 3.5.8 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4471 (The YARPP WordPress plugin before 5.30.3 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4470 (The Widgets for Google Reviews WordPress plugin before 9.8 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4469 (The Simple Membership WordPress plugin before 4.2.2 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4468 (The WP Recipe Maker WordPress plugin before 8.6.1 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4467 (The Search & Filter WordPress plugin before 1.2.16 does not validate a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4466 (The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4465 (The WP Video Lightbox WordPress plugin before 1.9.7 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4464 (Themify Portfolio Post WordPress plugin before 1.2.1 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4463 + REJECTED +CVE-2022-4462 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4461 + RESERVED +CVE-2022-4460 (The Sidebar Widgets by CodeLights WordPress plugin through 1.4 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4459 (The WP Show Posts WordPress plugin before 1.1.4 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4458 (The amr shortcode any widget WordPress plugin through 4.0 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43543 (KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App ...) + NOT-FOR-US: KDDI +Message App, NTT DOCOMO +Message App and SoftBank +Message App +CVE-2023-21723 + RESERVED +CVE-2023-21722 (.NET Framework Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21721 (Microsoft OneNote Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21720 (Microsoft Edge (Chromium-based) Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21719 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21718 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-21717 (Microsoft SharePoint Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21716 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21715 (Microsoft Publisher Security Features Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21714 (Microsoft Office Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21713 (Microsoft SQL Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21712 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21711 + RESERVED +CVE-2023-21710 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21709 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21708 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21707 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21706 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21705 (Microsoft SQL Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21704 (Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2023-21703 (Azure Data Box Gateway Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21702 (Windows iSCSI Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21701 (Microsoft Protected Extensible Authentication Protocol (PEAP) Denial o ...) + NOT-FOR-US: Microsoft +CVE-2023-21700 (Windows iSCSI Discovery Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21699 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2023-21698 + RESERVED +CVE-2023-21697 (Windows Internet Storage Name Service (iSNS) Server Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2023-21696 + RESERVED +CVE-2023-21695 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) + NOT-FOR-US: Microsoft +CVE-2023-21694 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21693 (Microsoft PostScript and PCL6 Class Printer Driver Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2023-21692 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) + NOT-FOR-US: Microsoft +CVE-2023-21691 (Microsoft Protected Extensible Authentication Protocol (PEAP) Informat ...) + NOT-FOR-US: Microsoft +CVE-2023-21690 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) + NOT-FOR-US: Microsoft +CVE-2023-21689 (Microsoft Protected Extensible Authentication Protocol (PEAP) Remote C ...) + NOT-FOR-US: Microsoft +CVE-2023-21688 (NT OS Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21687 (HTTP.sys Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21686 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-21685 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-21684 (Microsoft PostScript and PCL6 Class Printer Driver Remote Code Executi ...) + NOT-FOR-US: Microsoft +CVE-2023-21683 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21682 (Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2023-21681 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2023-21680 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21679 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21678 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21677 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21676 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2023-21675 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21674 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-47375 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-47374 (A vulnerability has been identified in SIMATICPC-Station Plus (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-47373 (Reflected Cross Site Scripting in Search Functionality of Module Libra ...) + NOT-FOR-US: Pandora FMS +CVE-2022-47372 (Stored cross-site scripting vulnerability in the Create event section ...) + NOT-FOR-US: Pandora FMS +CVE-2022-4457 (Due to a misconfiguration in the manifest file of the WARP client for ...) + NOT-FOR-US: Cloudflare Warp +CVE-2022-4456 (A vulnerability has been found in falling-fruit and classified as prob ...) + NOT-FOR-US: falling-fruit +CVE-2022-4455 (A vulnerability, which was classified as problematic, was found in spr ...) + NOT-FOR-US: sproctor php-calendar +CVE-2022-4454 (A vulnerability, which was classified as critical, has been found in m ...) + NOT-FOR-US: m0ver bible-online +CVE-2022-4453 (The 3D FlipBook WordPress plugin through 1.13.2 does not validate or e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4452 (Insufficient data validation in crosvm in Google Chrome prior to 107.0 ...) + NOT-FOR-US: Android +CVE-2022-4451 (The Social Sharing WordPress plugin before 3.3.45 does not validate an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4450 (The function PEM_read_bio_ex() reads a PEM file from a BIO and parses ...) + {DSA-5343-1 DLA-3325-1} + - openssl 3.0.8-1 + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=63bcf189be73a9cc1264059bed6f57974be74a83 (openssl-3.0.8) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bbcf509bd046b34cca19c766bbddc31683d0858b (OpenSSL_1_1_1t) +CVE-2022-4449 (The Page scroll to id WordPress plugin before 1.7.6 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4448 (The GiveWP WordPress plugin before 2.24.0 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4447 (The Fontsy WordPress plugin through 1.8.6 does not properly sanitize a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4446 (PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior ...) + NOT-FOR-US: Corebos +CVE-2022-4445 (The FL3R FeelBox WordPress plugin through 8.1 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4444 (A vulnerability was found in ipti br.tag. It has been declared as prob ...) + NOT-FOR-US: ipti br.tag +CVE-2022-4443 (The BruteBank WordPress plugin before 1.9 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4442 (The Custom Post Types and Custom Fields creator WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2019-25078 (A vulnerability classified as problematic was found in pacparser up to ...) + - pacparser 1.3.6-1.4 (bug #1026106) + [bullseye] - pacparser (Minor issue) + [buster] - pacparser (Minor issue) + NOTE: https://github.com/manugarg/pacparser/issues/99 + NOTE: https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 (v1.4.0) +CVE-2022-47371 (In bt driver, there is a thread competition leads to early release of ...) + NOT-FOR-US: Unisoc +CVE-2022-47370 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47369 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47368 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47367 (In bluetooth driver, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47366 (In wlan driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-47365 (In wlan driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-47364 (In wlan driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-47363 (In wlan driver, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2022-47362 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47361 (In firewall service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47360 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47359 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47358 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47357 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47356 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47355 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47354 (In log service, there is a missing permission check. This could lead t ...) + NOT-FOR-US: Unisoc +CVE-2022-47353 (In vdsp device, there is a possible system crash due to improper input ...) + NOT-FOR-US: Unisoc +CVE-2022-47352 (In camera driver, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-47351 (In camera driver, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-47350 (In camera driver, there is a possible out of bounds read due to a miss ...) + NOT-FOR-US: Unisoc +CVE-2022-47349 + RESERVED +CVE-2022-47348 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47347 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47346 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47345 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47344 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47343 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47342 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47341 (In engineermode services, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-47340 (In h265 codec firmware, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-47339 (In cmd services, there is a OS command injection issue due to missing ...) + NOT-FOR-US: Unisoc +CVE-2022-47338 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47337 (In media service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-47336 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47335 (In telecom service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-47334 (In phasecheck server, there is a possible out of bounds read due to a ...) + NOT-FOR-US: Unisoc +CVE-2022-47333 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47332 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47331 (In wlan driver, there is a race condition. This could lead to local de ...) + NOT-FOR-US: Unisoc +CVE-2022-47330 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47329 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47328 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47327 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47326 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47325 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47324 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-47323 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47322 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-47310 + RESERVED +CVE-2022-47309 + RESERVED +CVE-2022-47308 + RESERVED +CVE-2022-47307 + RESERVED +CVE-2022-47306 + RESERVED +CVE-2022-47305 + RESERVED +CVE-2022-47304 + RESERVED +CVE-2022-47303 + RESERVED +CVE-2022-47302 + RESERVED +CVE-2022-47301 + RESERVED +CVE-2022-47300 + RESERVED +CVE-2022-47299 + RESERVED +CVE-2022-47298 + RESERVED +CVE-2022-47297 + RESERVED +CVE-2022-47296 + RESERVED +CVE-2022-47295 + RESERVED +CVE-2022-47294 + RESERVED +CVE-2022-47293 + RESERVED +CVE-2022-47292 + RESERVED +CVE-2022-47291 + RESERVED +CVE-2022-47290 + RESERVED +CVE-2022-47289 + RESERVED +CVE-2022-47288 + RESERVED +CVE-2022-47287 + RESERVED +CVE-2022-47286 + RESERVED +CVE-2022-47285 + RESERVED +CVE-2022-47284 + RESERVED +CVE-2022-47283 + RESERVED +CVE-2022-47282 + RESERVED +CVE-2022-47281 + RESERVED +CVE-2022-47280 + RESERVED +CVE-2022-47279 + RESERVED +CVE-2022-47278 + RESERVED +CVE-2022-47277 + RESERVED +CVE-2022-47276 + RESERVED +CVE-2022-47275 + RESERVED +CVE-2022-47274 + RESERVED +CVE-2022-47273 + RESERVED +CVE-2022-47272 + RESERVED +CVE-2022-47271 + RESERVED +CVE-2022-47270 + RESERVED +CVE-2022-47269 + RESERVED +CVE-2022-47268 + RESERVED +CVE-2022-47267 + RESERVED +CVE-2022-47266 + RESERVED +CVE-2022-47265 + RESERVED +CVE-2022-47264 + RESERVED +CVE-2022-47263 + RESERVED +CVE-2022-47262 + RESERVED +CVE-2022-47261 + RESERVED +CVE-2022-47260 + RESERVED +CVE-2022-47259 + RESERVED +CVE-2022-47258 + RESERVED +CVE-2022-47257 + RESERVED +CVE-2022-47256 + RESERVED +CVE-2022-47255 + RESERVED +CVE-2022-47254 + RESERVED +CVE-2022-47253 + RESERVED +CVE-2022-47252 + RESERVED +CVE-2022-47251 + RESERVED +CVE-2022-47250 + RESERVED +CVE-2022-47249 + RESERVED +CVE-2022-47248 + RESERVED +CVE-2022-47247 + RESERVED +CVE-2022-47246 + RESERVED +CVE-2022-47245 + RESERVED +CVE-2022-47244 + RESERVED +CVE-2022-47243 + RESERVED +CVE-2022-47242 + RESERVED +CVE-2022-47241 + RESERVED +CVE-2022-47240 + RESERVED +CVE-2022-47239 + RESERVED +CVE-2022-47238 + RESERVED +CVE-2022-47237 + RESERVED +CVE-2022-47236 + RESERVED +CVE-2022-47235 + RESERVED +CVE-2022-47234 + RESERVED +CVE-2022-47233 + RESERVED +CVE-2022-47232 + RESERVED +CVE-2022-47231 + RESERVED +CVE-2022-47230 + RESERVED +CVE-2022-47229 + RESERVED +CVE-2022-47228 + RESERVED +CVE-2022-47227 + RESERVED +CVE-2022-47226 + RESERVED +CVE-2022-47225 + RESERVED +CVE-2022-47224 + RESERVED +CVE-2022-47223 + RESERVED +CVE-2022-47222 + RESERVED +CVE-2022-47221 + RESERVED +CVE-2022-47220 + RESERVED +CVE-2022-47219 + RESERVED +CVE-2022-47218 + RESERVED +CVE-2022-47217 + RESERVED +CVE-2022-47216 + RESERVED +CVE-2022-47215 + RESERVED +CVE-2022-47214 + RESERVED +CVE-2022-47213 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-47212 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-47211 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-47210 (The default console presented to users over telnet (when enabled) is r ...) + NOT-FOR-US: Netgear +CVE-2022-47209 (A support user exists on the device and appears to be a backdoor for T ...) + NOT-FOR-US: Netgear +CVE-2022-47208 (The \u201cpuhttpsniff\u201d service, which runs by default, is suscept ...) + NOT-FOR-US: Netgear +CVE-2022-47207 + RESERVED +CVE-2022-47206 + RESERVED +CVE-2022-47205 + RESERVED +CVE-2022-47204 + RESERVED +CVE-2022-47203 + RESERVED +CVE-2022-47202 + RESERVED +CVE-2022-47201 + RESERVED +CVE-2022-47200 + RESERVED +CVE-2022-47199 + RESERVED +CVE-2022-47198 + RESERVED +CVE-2022-47197 (An insecure default vulnerability exists in the Post Creation function ...) + NOT-FOR-US: Ghost CMS +CVE-2022-47196 (An insecure default vulnerability exists in the Post Creation function ...) + NOT-FOR-US: Ghost CMS +CVE-2022-47195 (An insecure default vulnerability exists in the Post Creation function ...) + NOT-FOR-US: Ghost CMS +CVE-2022-47194 (An insecure default vulnerability exists in the Post Creation function ...) + NOT-FOR-US: Ghost CMS +CVE-2022-46736 + RESERVED +CVE-2022-46729 + RESERVED +CVE-2022-46655 + RESERVED +CVE-2022-46296 + RESERVED +CVE-2022-45125 + RESERVED +CVE-2022-44454 + RESERVED +CVE-2022-44450 + RESERVED +CVE-2022-4441 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) + NOT-FOR-US: Hitachi +CVE-2022-4440 (Use after free in Profiles in Google Chrome prior to 108.0.5359.124 al ...) + {DSA-5302-1} + - chromium 108.0.5359.124-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4439 (Use after free in Aura in Google Chrome on Windows prior to 108.0.5359 ...) + {DSA-5302-1} + - chromium 108.0.5359.124-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4438 (Use after free in Blink Frames in Google Chrome prior to 108.0.5359.12 ...) + {DSA-5302-1} + - chromium 108.0.5359.124-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4437 (Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 al ...) + {DSA-5302-1} + - chromium 108.0.5359.124-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4436 (Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 ...) + {DSA-5302-1} + - chromium 108.0.5359.124-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4435 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) + NOT-FOR-US: Lenovo +CVE-2022-4434 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) + NOT-FOR-US: Lenovo +CVE-2022-4433 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) + NOT-FOR-US: Lenovo +CVE-2022-4432 (A buffer over-read vulnerability was reported in the ThinkPadX13s BIOS ...) + NOT-FOR-US: Lenovo +CVE-2022-4431 (The WOOCS WordPress plugin before 1.3.9.4 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4430 + RESERVED +CVE-2022-43669 + RESERVED +CVE-2022-43493 + RESERVED +CVE-2022-41834 + RESERVED +CVE-2020-36611 (Incorrect Default Permissions vulnerability in Hitachi Tuning Manager ...) + NOT-FOR-US: Hitachi +CVE-2023-0011 (A flaw in the input validation in TOBY-L2 allows a user to execute arb ...) + TODO: check +CVE-2022-47193 + RESERVED +CVE-2022-47192 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) + NOT-FOR-US: Generex UPS CS141 +CVE-2022-47191 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) + NOT-FOR-US: Generex UPS CS141 +CVE-2022-47190 (Generex UPS CS141 below 2.06 version, could allow a remote attacker to ...) + NOT-FOR-US: Generex UPS CS141 +CVE-2022-47189 (Generex UPS CS141 below 2.06 version, allows an attacker toupload a fi ...) + NOT-FOR-US: Generex UPS CS141 +CVE-2022-47188 (There is an arbitrary file reading vulnerability in Generex UPS CS141 ...) + NOT-FOR-US: Generex UPS CS141 +CVE-2022-47187 (There is a file upload XSS vulnerability in Generex CS141 below 2.06 v ...) + NOT-FOR-US: Generex CS141 +CVE-2022-47186 (There is an unrestricted upload of file vulnerability in Generex CS141 ...) + NOT-FOR-US: Generex CS141 +CVE-2022-47185 (Improper input validation vulnerability on the range header in Apache ...) + {DSA-5549-1 DLA-3595-1} + - trafficserver 9.2.2+ds-1 (bug #1043430) + NOTE: https://lists.apache.org/thread/jsl6dfdgs1mjjo1mbtyflyjr7xftswhc + NOTE: https://github.com/apache/trafficserver/issues/9265 + NOTE: https://github.com/apache/trafficserver/pull/10131 + NOTE: https://github.com/apache/trafficserver/commit/5d0835ea5a57003798497d07331fa4f89823c750 (9.2.2-rc0) + NOTE: https://github.com/apache/trafficserver/commit/c50ee6c4f2ae32f2c849fccb5b0f367165fe9c20 (8.1.8-rc0) +CVE-2022-47184 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + {DSA-5435-1 DLA-3475-1} + - trafficserver 9.2.1+ds-1 (bug #1038248) + NOTE: https://lists.apache.org/thread/tns2b4khyyncgs5v5p9y35pobg9z2bvs + NOTE: https://github.com/apache/trafficserver/commit/105af3ca30e59fbb89013e83a484a04559b4cf25 (master) + NOTE: https://github.com/apache/trafficserver/commit/c371b7b21a7e774f852af86b85c87d5d877a14bd (9.2.1-rc0) + NOTE: https://github.com/apache/trafficserver/commit/b49ae063632b1f40b9bd45aa66524924e2c26600 (8.1.7) +CVE-2022-47183 (Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Blo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47182 + RESERVED +CVE-2022-47181 (Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email T ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47180 (Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Fra ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47179 (Cross-Site Request Forgery (CSRF) vulnerability in Uwe Jacobs OWM Weat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47178 (Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Button ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47177 (Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP Easy ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47176 + RESERVED +CVE-2022-47175 (Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Eleme ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47174 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performan ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47173 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47172 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47171 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47170 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unli ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47169 (Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility L ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47168 + RESERVED +CVE-2022-47167 (Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Cray ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47166 (Cross-Site Request Forgery (CSRF) vulnerability in voidCoders Void Con ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47165 (Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47164 (Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Eve ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47163 (Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47162 (Cross-Site Request Forgery (CSRF) vulnerability in Dannie Herdyawan DH ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47161 (Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47160 + RESERVED +CVE-2022-47159 (Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster L ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47158 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakp ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47157 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47156 + RESERVED +CVE-2022-47155 (Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47154 (Cross-Site Request Forgery (CSRF) vulnerability in Pi Websolution CSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47153 + RESERVED +CVE-2022-47152 (Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47151 + RESERVED +CVE-2022-47150 + RESERVED +CVE-2022-47149 (Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47148 (Cross-Site Request Forgery (CSRF) vulnerability in WP Overnight PDF In ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47147 (Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47146 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47145 (Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47144 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47143 (Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47142 (Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediama ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47141 (Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic K ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47140 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Repute I ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47139 (Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Ba ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47138 (Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47137 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47136 (Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC N ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47135 (Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Ch ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47134 (Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Galle ...) + NOT-FOR-US: WordPress plugin +CVE-2022-47133 + RESERVED +CVE-2022-47132 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) + NOT-FOR-US: Academy LMS +CVE-2022-47131 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) + NOT-FOR-US: Academy LMS +CVE-2022-47130 (A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows ...) + NOT-FOR-US: Academy LMS +CVE-2022-47129 (PHPOK v6.3 was discovered to contain a remote code execution (RCE) vul ...) + NOT-FOR-US: PHPOK +CVE-2022-47128 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47127 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47126 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47125 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47124 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47123 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47122 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47121 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47120 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47119 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47118 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47117 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47116 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47115 (Tenda A15 V15.13.07.13 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-47114 + RESERVED +CVE-2022-47113 + RESERVED +CVE-2022-47112 + RESERVED +CVE-2022-47111 + RESERVED +CVE-2022-47110 + RESERVED +CVE-2022-47109 + RESERVED +CVE-2022-47108 + RESERVED +CVE-2022-47107 + RESERVED +CVE-2022-47106 + RESERVED +CVE-2022-47105 (Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-47104 + RESERVED +CVE-2022-47103 + RESERVED +CVE-2022-47102 (A cross-site scripting (XSS) vulnerability in Student Study Center Man ...) + NOT-FOR-US: Student Study Center Management System +CVE-2022-47101 + RESERVED +CVE-2022-47100 (A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to ar ...) + NOT-FOR-US: Sengled Smart bulb +CVE-2022-47099 + RESERVED +CVE-2022-47098 + RESERVED +CVE-2022-47097 + RESERVED +CVE-2022-47096 + RESERVED +CVE-2022-47095 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2346 + NOTE: https://github.com/gpac/gpac/commit/1918a58bd0c9789844cf6a377293161506ee312c (v2.2.0) +CVE-2022-47094 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer de ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2345 + NOTE: https://github.com/gpac/gpac/commit/6ddedfb85e617f5e935cb490d5b51f141e13a937 (v2.2.0) +CVE-2022-47093 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after- ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2344 + NOTE: https://github.com/gpac/gpac/commit/706111f4d8babf0cda9fac5f3ca4e89983274d6e (v2.2.0) +CVE-2022-47092 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2347 + NOTE: https://github.com/gpac/gpac/commit/6bb3e4e288f02c9c595e63230979cd5443a1cb7a (v2.2.0) +CVE-2022-47091 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2343 + NOTE: https://github.com/gpac/gpac/commit/65d089bcb5dad6fda668ee61e38a8394ed8bdf1f (v2.2.0) +CVE-2022-47090 + RESERVED +CVE-2022-47089 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2338 + NOTE: https://github.com/gpac/gpac/commit/73a8c425adaad7526de81586fcb053acde807757 (v2.2.0) +CVE-2022-47088 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2340 + NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) +CVE-2022-47087 (GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_ ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2339 + NOTE: https://github.com/gpac/gpac/commit/48760768611f6766bf9e7378bb7cc66cebd6e49d (v2.2.0) +CVE-2022-47086 (GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violati ...) + {DSA-5411-1} + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2337 + NOTE: https://github.com/gpac/gpac/commit/15e3aece44f24a1c4e8cc0622c59008b1b9ab683 (v2.2.0) +CVE-2022-47085 (An issue was discovered in ostree before 2022.7 allows attackers to ca ...) + - ostree (Rust bindings not included in Debian source package) + NOTE: https://github.com/ostreedev/ostree/issues/2775 +CVE-2022-47084 + RESERVED +CVE-2022-47083 (Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection.) + NOT-FOR-US: Spitfire CMS +CVE-2022-47082 + RESERVED +CVE-2022-47081 + RESERVED +CVE-2022-47080 + RESERVED +CVE-2022-47079 + RESERVED +CVE-2022-47078 + RESERVED +CVE-2022-47077 + RESERVED +CVE-2022-47076 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...) + NOT-FOR-US: Smart Office Web +CVE-2022-47075 (An issue was discovered in Smart Office Web 20.28 and earlier allows a ...) + NOT-FOR-US: Smart Office Web +CVE-2022-47074 + RESERVED +CVE-2022-47073 (A cross-site scripting (XSS) vulnerability in the Create Ticket page o ...) + NOT-FOR-US: Small CRM +CVE-2022-47072 + RESERVED +CVE-2022-47071 (In NVS365 V01, the background network test function can trigger comman ...) + NOT-FOR-US: NVS365 V01 +CVE-2022-47070 (NVS365 V01 is vulnerable to Incorrect Access Control. After entering a ...) + NOT-FOR-US: NVS365 V01 +CVE-2022-47069 (p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerabi ...) + - p7zip (unimportant) + NOTE: https://sourceforge.net/p/p7zip/bugs/241/ + NOTE: Crash in CLI tool, no security impact +CVE-2022-47068 + RESERVED +CVE-2022-47067 + RESERVED +CVE-2022-47066 + RESERVED +CVE-2022-47065 (TrendNet Wireless AC Easy-Upgrader TEW-820AP v1.0R, firmware version 1 ...) + NOT-FOR-US: TrendNet +CVE-2022-47064 + RESERVED +CVE-2022-47063 + RESERVED +CVE-2022-47062 + RESERVED +CVE-2022-47061 + RESERVED +CVE-2022-47060 + RESERVED +CVE-2022-47059 + RESERVED +CVE-2022-47058 + RESERVED +CVE-2022-47057 + RESERVED +CVE-2022-47056 + RESERVED +CVE-2022-47055 + RESERVED +CVE-2022-47054 + RESERVED +CVE-2022-47053 (An arbitrary file upload vulnerability in the Digital Assets Manager m ...) + NOT-FOR-US: DotNetNuke +CVE-2022-47052 (The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' i ...) + NOT-FOR-US: NETGEAR +CVE-2022-47051 + RESERVED +CVE-2022-47050 + RESERVED +CVE-2022-47049 + RESERVED +CVE-2022-47048 + RESERVED +CVE-2022-47047 + RESERVED +CVE-2022-47046 + RESERVED +CVE-2022-47045 + RESERVED +CVE-2022-47044 + RESERVED +CVE-2022-47043 + RESERVED +CVE-2022-47042 (MCMS v5.2.10 and below was discovered to contain an arbitrary file wri ...) + NOT-FOR-US: MCMS +CVE-2022-47041 + RESERVED +CVE-2022-47040 (An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 al ...) + NOT-FOR-US: ASKEY +CVE-2022-47039 + RESERVED +CVE-2022-47038 + RESERVED +CVE-2022-47037 + RESERVED +CVE-2022-47036 + RESERVED +CVE-2022-47035 (Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedd ...) + NOT-FOR-US: D-Link +CVE-2022-47034 (A type juggling vulnerability in the component /auth/fn.php of PlaySMS ...) + NOT-FOR-US: PlaySMS +CVE-2022-47033 + RESERVED +CVE-2022-47032 + RESERVED +CVE-2022-47031 + RESERVED +CVE-2022-47030 + RESERVED +CVE-2022-47029 (An issue was found in Action Launcher v50.5 allows an attacker to esca ...) + NOT-FOR-US: Action Launcher +CVE-2022-47028 (An issue discovered in Action Launcher for Android v50.5 allows an att ...) + NOT-FOR-US: Action Launcher +CVE-2022-47027 (Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized app ...) + NOT-FOR-US: Timmystudios Fast Typing Keyboard +CVE-2022-47026 + RESERVED +CVE-2022-47025 + RESERVED +CVE-2022-47024 (A null pointer dereference issue was discovered in function gui_x11_cr ...) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://github.com/vim/vim/commit/a63ad78ed31e36dbdf3a9cd28071dcdbefce7d19 (v9.0.0339) + NOTE: Crash in CLI tool, no security impact +CVE-2022-47023 + RESERVED +CVE-2022-47022 (An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to ca ...) + - hwloc 2.9.3-1 + [bookworm] - hwloc (Minor issue) + [bullseye] - hwloc (Minor issue) + [buster] - hwloc (Minor issue) + NOTE: https://github.com/open-mpi/hwloc/issues/544 + NOTE: https://github.com/open-mpi/hwloc/commit/ac1f8db9a0790d2bf153711ff4cbf6101f89aace (master) + NOTE: https://github.com/open-mpi/hwloc/commit/a62b8ba587b225d25d6ee05c705fbc44c55d1986 (hwloc-2.9.3rc1) + NOTE: Additionally openmpi and mpich embedd hwloc, but issue seems negligible +CVE-2022-47021 (A null pointer dereference issue was discovered in functions op_get_da ...) + - opusfile 0.12-4 (bug #1030049) + [bullseye] - opusfile (Minor issue) + [buster] - opusfile (Minor issue) + NOTE: https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 + NOTE: https://github.com/xiph/opusfile/issues/36 +CVE-2022-47020 + RESERVED +CVE-2022-47019 + RESERVED +CVE-2022-47018 + RESERVED +CVE-2022-47017 + RESERVED +CVE-2022-47016 + REJECTED +CVE-2022-47015 (MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of S ...) + {DLA-3444-1} + [experimental] - mariadb 1:10.11.3-1~exp1 + - mariadb 1:10.11.3-1 (bug #1034889) + - mariadb-10.6 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.20-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-29644 +CVE-2022-47014 + RESERVED +CVE-2022-47013 + RESERVED +CVE-2022-47012 (Use of uninitialized variable in function gen_eth_recv in GNS3 dynamip ...) + NOT-FOR-US: GNS3 +CVE-2022-47011 (An issue was discovered function parse_stab_struct_fields in stabs.c i ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29261 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a24927bc8dbf6beac2000593b21235c3796dc35 (binutils-2_39) + NOTE: binutils not covered by security support +CVE-2022-47010 (An issue was discovered function pr_function_type in prdbg.c in Binuti ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29262 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d02e70b197c786f26175b9a73f94e01d14abdab + NOTE: binutils not covered by security support +CVE-2022-47009 + RESERVED +CVE-2022-47008 (An issue was discovered function make_tempdir, and make_tempname in bu ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29255 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d6e1d48c83b165c129cb0aa78905f7ca80a1f682 + NOTE: binutils not covered by security support +CVE-2022-47007 (An issue was discovered function stab_demangle_v3_arg in stabs.c in Bi ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29254 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb + NOTE: binutils not covered by security support +CVE-2022-47006 + RESERVED +CVE-2022-47005 + RESERVED +CVE-2022-47004 + RESERVED +CVE-2022-47003 (A vulnerability in the Remember Me function of Mura CMS before v10.0.5 ...) + NOT-FOR-US: Mura CMS +CVE-2022-47002 (A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and ...) + NOT-FOR-US: Mura CMS +CVE-2022-47001 + RESERVED +CVE-2022-47000 + RESERVED +CVE-2022-46999 (Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: TuziCMS +CVE-2022-46998 (An issue in the website background of taocms v3.0.2 allows attackers t ...) + NOT-FOR-US: Taocms +CVE-2022-46997 (Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovere ...) + NOT-FOR-US: Passhunt +CVE-2022-46996 (vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was di ...) + NOT-FOR-US: vSphere_selfuse +CVE-2022-46995 + RESERVED +CVE-2022-46994 + RESERVED +CVE-2022-46993 + RESERVED +CVE-2022-46992 + RESERVED +CVE-2022-46991 + RESERVED +CVE-2022-46990 + RESERVED +CVE-2022-46989 + RESERVED +CVE-2022-46988 + RESERVED +CVE-2022-46987 + RESERVED +CVE-2022-46986 + RESERVED +CVE-2022-46985 + RESERVED +CVE-2022-46984 + RESERVED +CVE-2022-46983 + RESERVED +CVE-2022-46982 + RESERVED +CVE-2022-46981 + RESERVED +CVE-2022-46980 + RESERVED +CVE-2022-46979 + RESERVED +CVE-2022-46978 + RESERVED +CVE-2022-46977 + RESERVED +CVE-2022-46976 + RESERVED +CVE-2022-46975 + RESERVED +CVE-2022-46974 + RESERVED +CVE-2022-46973 (Report v0.9.8.6 was discovered to contain a Server-Side Request Forger ...) + NOT-FOR-US: AJ-Report +CVE-2022-46972 + RESERVED +CVE-2022-46971 + RESERVED +CVE-2022-46970 + RESERVED +CVE-2022-46969 + RESERVED +CVE-2022-46968 (A stored cross-site scripting (XSS) vulnerability in /index.php?page=h ...) + NOT-FOR-US: Revenue Collection System +CVE-2022-46967 (An access control issue in Revenue Collection System v1.0 allows unaut ...) + NOT-FOR-US: Revenue Collection System +CVE-2022-46966 (Revenue Collection System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Revenue Collection System +CVE-2022-46965 (PrestaShop module, totadministrativemandate before v1.7.1 was discover ...) + NOT-FOR-US: PrestaShop module +CVE-2022-46964 + RESERVED +CVE-2022-46963 + RESERVED +CVE-2022-46962 + RESERVED +CVE-2022-46961 + RESERVED +CVE-2022-46960 + RESERVED +CVE-2022-46959 (An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allo ...) + NOT-FOR-US: Sonic +CVE-2022-46958 + RESERVED +CVE-2022-46957 (Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable ...) + NOT-FOR-US: Sourcecodester.com Online Graduate Tracer System V +CVE-2022-46956 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46955 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46954 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46953 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46952 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46951 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46950 (Dynamic Transaction Queuing System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-46949 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46948 + RESERVED +CVE-2022-46947 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46946 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46945 (Nagvis before 1.9.34 was discovered to contain an arbitrary file read ...) + - nagvis 1:1.9.34-1 + [bullseye] - nagvis (Minor issue) + [buster] - nagvis (Minor issue) + NOTE: https://github.com/NagVis/nagvis/commit/71aba7f46f79d846e1df037f165d206a2cd1d22a (nagvis-1.9.34) +CVE-2022-46944 + RESERVED +CVE-2022-46943 + RESERVED +CVE-2022-46942 + RESERVED +CVE-2022-46941 + RESERVED +CVE-2022-46940 + RESERVED +CVE-2022-46939 + RESERVED +CVE-2022-46938 + RESERVED +CVE-2022-46937 + RESERVED +CVE-2022-46936 + RESERVED +CVE-2022-46935 + RESERVED +CVE-2022-46934 (kkFileView v4.1.0 was discovered to contain a cross-site scripting (XS ...) + NOT-FOR-US: kkFileView +CVE-2022-46933 + RESERVED +CVE-2022-46932 + RESERVED +CVE-2022-46931 + RESERVED +CVE-2022-46930 + RESERVED +CVE-2022-46929 + RESERVED +CVE-2022-46928 + RESERVED +CVE-2022-46927 + RESERVED +CVE-2022-46926 + RESERVED +CVE-2022-46925 + RESERVED +CVE-2022-46924 + RESERVED +CVE-2022-46923 + RESERVED +CVE-2022-46922 + RESERVED +CVE-2022-46921 + RESERVED +CVE-2022-46920 + RESERVED +CVE-2022-46919 + RESERVED +CVE-2022-46918 + RESERVED +CVE-2022-46917 + RESERVED +CVE-2022-46916 + RESERVED +CVE-2022-46915 + RESERVED +CVE-2022-46914 (An issue in the firmware update process of TP-LINK TL-WA801N / TL-WA80 ...) + NOT-FOR-US: TP-Link +CVE-2022-46913 + RESERVED +CVE-2022-46912 (An issue in the firmware update process of TP-Link TL-WR841N / TL-WA84 ...) + NOT-FOR-US: TP-Link +CVE-2022-46911 + RESERVED +CVE-2022-46910 (An issue in the firmware update process of TP-Link TL-WA901ND V1 up to ...) + NOT-FOR-US: TP-Link +CVE-2022-46909 + RESERVED +CVE-2022-4429 (Avira Security for Windows contains an unquoted service path which all ...) + NOT-FOR-US: Avira Security for Windows +CVE-2022-4428 (support_uri parameter in the WARP client local settings file (mdm.xml) ...) + NOT-FOR-US: Cloudflare Warp +CVE-2022-4427 (Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTR ...) + {DLA-3551-1} + - znuny 6.4.5-1 + - otrs2 + [bullseye] - otrs2 (Non-free not supported) + NOTE: https://www.znuny.org/en/advisories/zsa-2022-07 +CVE-2022-4426 (The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4425 + RESERVED +CVE-2022-4424 + RESERVED +CVE-2022-4423 + RESERVED +CVE-2022-4422 (Call Center System developed by Bulutses Information Technologies befo ...) + NOT-FOR-US: BULUTDESK CALLCENTER +CVE-2022-4421 (A vulnerability was found in rAthena FluxCP. It has been classified as ...) + NOT-FOR-US: rAthena FluxCP +CVE-2022-4420 + RESERVED +CVE-2022-4419 + RESERVED +CVE-2022-4418 (Local privilege escalation due to unrestricted loading of unsigned lib ...) + NOT-FOR-US: Acronis +CVE-2022-4417 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4244 (A vulnerability classified as problematic has been found in yikes-inc- ...) + NOT-FOR-US: yikes-inc-easy-mailchimp-extender +CVE-2021-4243 + REJECTED +CVE-2022-4345 (Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in ...) + {DLA-3313-1} + - wireshark 4.0.2-1 + [bullseye] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-09.html + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8991 + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/8986 + NOTE: https://gitlab.com/wireshark/wireshark/-/commit/39db474f80af87449ce0f034522dccc80ed4153f +CVE-2022-4344 (Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 t ...) + - wireshark 4.0.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (vulernable loop in code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-10.html + NOTE: likely https://gitlab.com/wireshark/wireshark/-/commit/e0bd9d312c362318fd19e41c6c0e23fc81d42253 +CVE-2022-46908 (SQLite through 3.40.0, when relying on --safe for execution of an untr ...) + - sqlite3 3.40.0-2 (bug #1026293) + [bullseye] - sqlite3 (Vulnerable code introduced later) + [buster] - sqlite3 (Vulnerable code introduced later) + - sqlite (--safe introduced in v3.36.0) + NOTE: https://sqlite.org/forum/forumpost/07beac8056151b2f + NOTE: Fixed by: https://sqlite.org/src/info/cefc032473ac5ad2 +CVE-2022-4416 (A vulnerability was found in RainyGao DocSys. It has been declared as ...) + NOT-FOR-US: RainyGao DocSys +CVE-2022-4415 (A vulnerability was found in systemd. This security flaw can cause a l ...) + - systemd 252.4-1 (bug #1026831) + [bullseye] - systemd 247.3-7+deb11u2 + [buster] - systemd (Optional feature; disabled by default) + NOTE: Preparation (main branch commit only): https://github.com/systemd/systemd/commit/510a146634f3e095b34e2a26023b1b1f99dcb8c0 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/3e4d0f6cf99f8677edd6a237382a65bfe758de03 + NOTE: Fixed by: https://github.com/systemd/systemd-stable/commit/bb47600aeb38c68c857fbf0ee5f66c3144dd81ce (v247.13) + NOTE: Affects only v246 and newer (when acl support was enabled by default), and only if building with libacl support + NOTE: Optional (disabled by default) faulty behaviour introduced by v215 + NOTE: https://www.openwall.com/lists/oss-security/2022/12/21/3 +CVE-2022-4414 (Cross-site Scripting (XSS) - DOM in GitHub repository nuxt/framework p ...) + NOT-FOR-US: nuxt +CVE-2022-4413 (Cross-site Scripting (XSS) - Reflected in GitHub repository nuxt/frame ...) + NOT-FOR-US: nuxt +CVE-2022-4412 + RESERVED +CVE-2022-4411 + RESERVED +CVE-2022-4410 (The Permalink Manager Lite plugin for WordPress is vulnerable to Store ...) + NOT-FOR-US: Permalink Manager Lite plugin for WordPress +CVE-2022-4409 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: phpMyFAQ +CVE-2022-4408 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpMyFAQ +CVE-2022-4407 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpMyFAQ +CVE-2022-4406 + RESERVED +CVE-2022-4405 + RESERVED +CVE-2022-4404 + RESERVED +CVE-2022-4403 (A vulnerability classified as critical was found in SourceCodester Can ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4402 (A vulnerability classified as critical has been found in RainyGao DocS ...) + NOT-FOR-US: RainyGao DocSys +CVE-2022-4401 (A vulnerability was found in pallidlight online-course-selection-syste ...) + NOT-FOR-US: pallidlight online-course-selection-system +CVE-2022-4400 (A vulnerability was found in zbl1996 FS-Blog and classified as problem ...) + NOT-FOR-US: zbl1996 FS-Blog +CVE-2022-46907 (A carefully crafted request on several JSPWiki plugins could trigger a ...) + - jspwiki +CVE-2022-4399 (A vulnerability was found in TicklishHoneyBee nodau. It has been rated ...) + - nodau 0.3.8-5 (unimportant) + NOTE: https://github.com/TicklishHoneyBee/nodau/commit/7a7d737a3929f335b9717ddbd31db91151b69ad2 + NOTE: https://github.com/TicklishHoneyBee/nodau/pull/26 + NOTE: Negligible security impact +CVE-2022-4398 (Integer Overflow or Wraparound in GitHub repository radareorg/radare2 ...) + - radare2 (bug #1027144) + NOTE: https://huntr.dev/bounties/c6f8d3ef-5420-4eba-9a5f-aba5e2b5fea2 + NOTE: https://github.com/radareorg/radare2/commit/b53a1583d05c3a5bfe5fa60da133fe59dfbb02b8 +CVE-2022-4397 (A vulnerability was found in morontt zend-blog-number-2. It has been c ...) + NOT-FOR-US: morontt zend-blog-number-2 +CVE-2022-4396 (A vulnerability was found in RDFlib pyrdfa3 and classified as problema ...) + - python-pyrdfa 3.5.2+20220329~ds-1 (bug #1026051) + [bullseye] - python-pyrdfa (Minor issue) + NOTE: https://github.com/RDFLib/pyrdfa3/commit/ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e + NOTE: https://github.com/RDFLib/pyrdfa3/pull/40 +CVE-2022-46906 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) + NOT-FOR-US: WebSoft HCM +CVE-2022-46905 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) + NOT-FOR-US: WebSoft HCM +CVE-2022-46904 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) + NOT-FOR-US: WebSoft HCM +CVE-2022-46903 (Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allo ...) + NOT-FOR-US: WebSoft HCM +CVE-2022-46902 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) + NOT-FOR-US: Vocera Report Server and Voice Server +CVE-2022-46901 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) + NOT-FOR-US: Vocera Report Server and Voice Server +CVE-2022-46900 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) + NOT-FOR-US: Vocera Report Server and Voice Server +CVE-2022-46899 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) + NOT-FOR-US: Vocera Report Server and Voice Server +CVE-2022-46898 (An issue was discovered in Vocera Report Server and Voice Server 5.x t ...) + NOT-FOR-US: Vocera Report Server and Voice Server +CVE-2022-46897 + RESERVED +CVE-2022-46896 + RESERVED +CVE-2022-46895 + RESERVED +CVE-2022-46894 + RESERVED +CVE-2022-46893 + RESERVED +CVE-2022-4395 (The Membership For WooCommerce WordPress plugin before 2.1.7 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4394 (The iPages Flipbook For WordPress plugin through 1.4.6 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4393 (The ImageLinks Interactive Image Builder for WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4392 (The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 ...) + NOT-FOR-US: iPanorama 360 WordPress Virtual Tour Builder plugin +CVE-2022-46892 (In Ampere AltraMax and Ampere Altra before 2.10c, improper access cont ...) + NOT-FOR-US: Ampere +CVE-2022-46891 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...) + NOT-FOR-US: Arm Mali +CVE-2022-46890 (Weak access control in NexusPHP before 1.7.33 allows a remote authenti ...) + NOT-FOR-US: NexusPHP +CVE-2022-46889 (A persistent cross-site scripting (XSS) vulnerability in NexusPHP befo ...) + NOT-FOR-US: NexusPHP +CVE-2022-46888 (Multiple reflective cross-site scripting (XSS) vulnerabilities in Nexu ...) + NOT-FOR-US: NexusPHP +CVE-2022-46887 (Multiple SQL injection vulnerabilities in NexusPHP before 1.7.33 allow ...) + NOT-FOR-US: NexusPHP +CVE-2022-46886 (There exists an open redirect within the response list update function ...) + NOT-FOR-US: ServiceNow +CVE-2022-46885 (Mozilla developers Timothy Nikkel, Ashley Hale, and the Mozilla Fuzzin ...) + - firefox 106.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46885 +CVE-2022-46884 (A potential use-after-free vulnerability existed in SVG Images if the ...) + - firefox 106.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46884 +CVE-2022-46883 (Mozilla developers Gabriele Svelto, Yulia Startsev, Andrew McCreight a ...) + - firefox 107.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46883 +CVE-2022-46882 (A use-after-free in WebGL extensions could have led to a potentially e ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - firefox 107.0-1 + - firefox-esr 102.6.0esr-1 + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-46882 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46882 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46882 +CVE-2022-46881 (An optimization in WebGL was incorrect in some cases, and could have l ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - firefox 106.0-1 + - firefox-esr 102.6.0esr-1 + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-46881 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46881 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46881 +CVE-2022-46880 (A missing check related to tex units could have led to a use-after-fre ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46880 +CVE-2022-46879 (Mozilla developers and community members Lukas Bernhard, Gabriele Svel ...) + - firefox 108.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46879 +CVE-2022-46878 (Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - firefox 108.0-1 + - firefox-esr 102.6.0esr-1 + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46878 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46878 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46878 +CVE-2022-46877 (By confusing the browser, the fullscreen notification could have been ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - firefox 108.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46877 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46877 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46877 +CVE-2022-46876 + RESERVED +CVE-2022-46875 (The executable file warning was not presented when downloading .atloc ...) + - firefox (Only affects MacOS) + - firefox-esr (Only affects MacOS) + - thunderbird (Only affects MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46875 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46875 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46875 +CVE-2022-46874 (A file with a long filename could have had its filename truncated to r ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - firefox 108.0-1 + - firefox-esr 102.6.0esr-1 + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46874 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46874 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46874 +CVE-2022-46873 (Because Firefox did not implement the unsafe-hashes CSP d ...) + - firefox 108.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46873 +CVE-2022-46872 (An attacker who compromised a content process could have partially esc ...) + {DSA-5303-1 DSA-5301-1 DLA-3242-1 DLA-3241-1} + - firefox 108.0-1 + - firefox-esr 102.6.0esr-1 + - thunderbird 1:102.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46872 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-52/#CVE-2022-46872 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-53/#CVE-2022-46872 +CVE-2022-46871 (An out of date library (libusrsctp) contained vulnerabilities that cou ...) + {DSA-5355-1 DSA-5322-1 DLA-3324-1 DLA-3275-1} + - libusrsctp 0.9.3.0+20201007-1 + [buster] - libusrsctp (Fix too intrusive and risky to to backport for a minor issue) + - firefox 108.0-1 + - firefox-esr 102.7.0esr-1 + - thunderbird 1:102.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-51/#CVE-2022-46871 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-02/#CVE-2022-46871 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2023-03/#CVE-2022-46871 + NOTE: https://bugs.launchpad.net/ubuntu/+source/libusrsctp/+bug/2015448 + NOTE: https://github.com/sctplab/usrsctp/commit/939d48f9632d69bf170c7a84514b312b6b42257d (0.9.4.0) + NOTE: https://lists.debian.org/debian-lts/2023/06/msg00051.html +CVE-2022-46870 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Apache Zeppelin +CVE-2022-46869 (Local privilege escalation during installation due to improper soft li ...) + NOT-FOR-US: Acronis +CVE-2022-46868 (Local privilege escalation during recovery due to improper soft link h ...) + NOT-FOR-US: Acronis +CVE-2022-46867 (Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal St ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46866 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Impo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46865 (Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46864 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46863 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Full ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46862 (Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz An ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46861 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46860 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46859 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46858 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.R ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46857 (Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46856 (Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46855 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46854 (Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchp ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46853 (Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Pos ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46852 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP T ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46851 (Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force St ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46850 (Auth. (author+) Broken Access Control vulnerability leading to Arbitra ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46849 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46848 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46847 + RESERVED +CVE-2022-46846 + RESERVED +CVE-2022-46845 + RESERVED +CVE-2022-46844 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46843 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van T ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46842 (Cross-Site Request Forgery (CSRF) vulnerability inJS Help Desk plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46841 (Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Build ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46840 + RESERVED +CVE-2022-46839 + RESERVED +CVE-2022-46838 + RESERVED +CVE-2022-4391 (The Vision Interactive For WordPress plugin through 1.5.3 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4390 (A network misconfiguration is present in versions prior to 1.0.9.90 of ...) + NOT-FOR-US: Netgear +CVE-2022-4389 + RESERVED +CVE-2022-4388 + RESERVED +CVE-2022-4387 + RESERVED +CVE-2022-4386 (The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4385 (The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4384 (The Stream WordPress plugin before 3.9.2 does not prevent users with l ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4383 (The CBX Petition for WordPress plugin through 1.0.3 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4382 (A use-after-free flaw caused by a race among the superblock operations ...) + - linux 6.1.8-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/12/13/1 + NOTE: https://git.kernel.org/linus/d18dcfe9860e842f394e37ba01ca9440ab2178f4 (6.2-rc5) +CVE-2022-4381 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4380 + RESERVED +CVE-2022-4379 (A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/n ...) + {DLA-3404-1} + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/14/3 + NOTE: https://lore.kernel.org/all/1670885411-10060-1-git-send-email-dai.ngo@oracle.com/ +CVE-2022-4377 (A vulnerability was found in S-CMS 5.0 Build 20220328. It has been dec ...) + NOT-FOR-US: S-CMS +CVE-2022-4376 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4378 (A stack overflow flaw was found in the Linux kernel's SYSCTL subsystem ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/12/09/1 + NOTE: https://git.kernel.org/linus/bce9332220bd677d83b19d21502776ad555a0e73 + NOTE: https://git.kernel.org/linus/e6cfaf34be9fcd1a8285a294e18986bfc41a409c +CVE-2022-46835 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...) + NOT-FOR-US: IdentitylQ +CVE-2022-46834 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmwa ...) + NOT-FOR-US: SICK +CVE-2022-46833 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmwa ...) + NOT-FOR-US: SICK +CVE-2022-46832 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU62x firmwa ...) + NOT-FOR-US: SICK +CVE-2022-4375 (A vulnerability was found in Mingsoft MCMS up to 5.2.9. It has been cl ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-4374 (The Bg Bible References WordPress plugin through 3.8.14 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4373 (The Quote-O-Matic WordPress plugin through 1.0.5 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4372 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4371 (The Web Invoice WordPress plugin through 2.1.3 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4370 (The multimedial images WordPress plugin through 1.0b does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4369 (The WP-Lister Lite for Amazon WordPress plugin before 2.4.4 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4368 (The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4367 + REJECTED +CVE-2022-43501 (KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Seq ...) + NOT-FOR-US: Zuken Elmic +CVE-2022-43460 (Driver Distributor v2.2.3.1 and earlier contains a vulnerability where ...) + NOT-FOR-US: Driver Distributor +CVE-2022-46831 (In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-46830 (In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpo ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-46829 (In JetBrains JetBrains Gateway before 2022.3 a client could connect wi ...) + NOT-FOR-US: JetBrains JetBrains Gateway +CVE-2022-46828 (In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS wa ...) + - intellij-idea (bug #747616) +CVE-2022-46827 (In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF ...) + - intellij-idea (bug #747616) +CVE-2022-46826 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allow ...) + - intellij-idea (bug #747616) +CVE-2022-46825 (In JetBrains IntelliJ IDEA before 2022.3 the built-in web server leake ...) + - intellij-idea (bug #747616) +CVE-2022-46824 (In JetBrains IntelliJ IDEA before 2022.2.4 a buffer overflow in the fs ...) + - intellij-idea (bug #747616) +CVE-2022-46823 (A vulnerability has been identified in Mendix SAML (Mendix 8 compatibl ...) + NOT-FOR-US: Siemens +CVE-2022-46822 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Devel ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46821 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46820 (Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table O ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46819 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46818 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46817 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyz ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46816 (Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro A ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46815 (Cross-Site Request Forgery (CSRF) vulnerability inLauri Karisola / WP ...) + NOT-FOR-US: Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin +CVE-2022-46814 (Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kode ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46813 (Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advance ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46812 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46811 + RESERVED +CVE-2022-46810 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank Yo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46809 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46808 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46807 + RESERVED +CVE-2022-46806 (Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Cart All ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46805 (Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46804 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46803 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46802 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46801 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46800 (Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technolog ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46799 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirte ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46798 (Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLento ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46797 (Cross-Site Request Forgery (CSRF) vulnerability in Conversios All-in-o ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46796 + RESERVED +CVE-2022-46795 + RESERVED +CVE-2022-46794 (Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46793 (Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4366 (Missing Authorization in GitHub repository lirantal/daloradius prior t ...) + NOT-FOR-US: daloRADIUS +CVE-2022-4365 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4364 (A vulnerability classified as critical has been found in Teledyne FLIR ...) + NOT-FOR-US: Teledyne +CVE-2022-4363 + RESERVED +CVE-2022-4362 (The Popup Maker WordPress plugin before 1.16.9 does not validate and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4361 (Keycloak, an open-source identity and access management solution, has ...) + NOT-FOR-US: Keycloak +CVE-2022-4360 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4359 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4358 (The WP RSS By Publishers WordPress plugin through 0.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4357 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4356 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4355 (The LetsRecover WordPress plugin before 1.2.0 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4354 (A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as ...) + NOT-FOR-US: LinZhaoguan pb-cms +CVE-2022-4353 (A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classifie ...) + NOT-FOR-US: LinZhaoguan pb-cms +CVE-2022-4352 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4351 (The Qe SEO Handyman WordPress plugin through 1.0 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4350 (A vulnerability, which was classified as problematic, was found in Min ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-4349 (A vulnerability classified as problematic has been found in CTF-hacker ...) + NOT-FOR-US: CTF-hacker pwn +CVE-2022-4348 (A vulnerability was found in y_project RuoYi-Cloud. It has been rated ...) + NOT-FOR-US: y_project RuoYi-Cloud +CVE-2022-4347 (A vulnerability was found in xiandafu beetl-bbs. It has been declared ...) + NOT-FOR-US: xiandafu beetl-bbs +CVE-2020-36610 (A vulnerability was found in annyshow DuxCMS 2.1. It has been declared ...) + NOT-FOR-US: DuxCMS +CVE-2020-36609 (A vulnerability was found in annyshow DuxCMS 2.1. It has been classifi ...) + NOT-FOR-US: DuxCMS +CVE-2022-46792 (Hasura GraphQL Engine before 2.15.2 mishandles row-level authorization ...) + NOT-FOR-US: Hasura GraphQL +CVE-2022-46791 + REJECTED +CVE-2022-46790 + REJECTED +CVE-2022-46789 + REJECTED +CVE-2022-46788 + REJECTED +CVE-2022-46787 + REJECTED +CVE-2022-46786 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...) + NOT-FOR-US: SquaredUp Dashboard Server +CVE-2022-46785 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (is ...) + NOT-FOR-US: SquaredUp Dashboard Server +CVE-2022-46784 (SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open re ...) + NOT-FOR-US: SquaredUp Dashboard Server +CVE-2022-46783 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. If ...) + NOT-FOR-US: Stormshield SSL VPN Client +CVE-2022-46782 (An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A ...) + NOT-FOR-US: Stormshield SSL VPN Client +CVE-2022-46781 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: Arm Mali GPU Kernel Driver +CVE-2022-46780 + RESERVED +CVE-2022-46779 + RESERVED +CVE-2022-46778 + RESERVED +CVE-2022-46777 + RESERVED +CVE-2022-46776 + RESERVED +CVE-2022-46775 + RESERVED +CVE-2022-46774 (IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application S ...) + NOT-FOR-US: IBM +CVE-2022-46773 (IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-46772 + RESERVED +CVE-2022-46771 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.18, 7.0.5.0 through 7 ...) + NOT-FOR-US: IBM +CVE-2022-46770 (qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through ...) + NOT-FOR-US: qubes-mirage-firewall +CVE-2022-46769 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Apache Sling +CVE-2022-4346 (The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked se ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4343 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-4342 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4341 (A vulnerability has been found in csliuwy coder-chain_gdut and classif ...) + NOT-FOR-US: csliuwy coder-chain_gdut +CVE-2022-46768 (Arbitrary file read vulnerability exists in Zabbix Web Service Report ...) + - zabbix 1:6.0.13+dfsg-1 (bug #1026847) + [bullseye] - zabbix (Vulnerable code introduced later) + [buster] - zabbix (Vulnerable code introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-22087 + NOTE: Vulnerable service introduced in 5.4.0 https://support.zabbix.com/browse/ZBXNEXT-6478 +CVE-2022-46767 + RESERVED +CVE-2022-46766 + RESERVED +CVE-2022-46765 + RESERVED +CVE-2022-46764 (A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 al ...) + NOT-FOR-US: TrueConf Server +CVE-2022-46763 (A SQL injection issue in a database stored function in TrueConf Server ...) + NOT-FOR-US: TrueConf Server +CVE-2022-46762 (The memory management module has a logic bypass vulnerability.Successf ...) + NOT-FOR-US: Huawei +CVE-2022-46761 (The system has a vulnerability that may cause dynamic hiding and resto ...) + NOT-FOR-US: Huawei +CVE-2022-46760 + RESERVED +CVE-2022-46759 + RESERVED +CVE-2022-46758 + RESERVED +CVE-2022-46757 + RESERVED +CVE-2022-46756 (Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vul ...) + NOT-FOR-US: Dell +CVE-2022-46755 (Wyse Management Suite 3.8 and below contain an improper access control ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46754 (Wyse Management Suite 3.8 and below contain an improper access control ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46753 + REJECTED +CVE-2022-46752 (Dell BIOS contains an Improper Authorization vulnerability. An unauthe ...) + NOT-FOR-US: Dell +CVE-2022-46751 (Improper Restriction of XML External Entity Reference, XML Injection ( ...) + NOT-FOR-US: Apache Ivy +CVE-2022-4340 (The BookingPress WordPress plugin before 1.0.31 suffers from an Insecu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4339 + REJECTED +CVE-2022-4338 (An integer underflow in Organization Specific TLV was found in various ...) + {DSA-5319-1 DLA-3253-1} + - openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2 + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html + NOTE: https://github.com/openvswitch/ovs/pull/405 + NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4 +CVE-2022-4337 (An out-of-bounds read in Organization Specific TLV was found in variou ...) + {DSA-5319-1 DLA-3253-1} + - openvswitch 3.1.0~git20221212.739bcf2-4 (bug #1027273) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/20/2 + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2022-December/400596.html + NOTE: https://github.com/openvswitch/ovs/pull/405 + NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/be53a5c447c3ed77ef2d4e1e09ea63de576b90e8 (v2.4.0) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/7490f281f09a8455c48e19b0cf1b99ab758ee4f4 +CVE-2022-4336 (In BAOTA linux panel there exists a stored xss vulnerability attackers ...) + NOT-FOR-US: BAOTA linux panel +CVE-2022-4335 (A blind SSRF vulnerability was identified in all versions of GitLab EE ...) + - gitlab (Specific to EE) +CVE-2022-4334 + REJECTED +CVE-2022-4333 (Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher A ...) + NOT-FOR-US: Sprecher Automation +CVE-2022-4332 (In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x avulnera ...) + NOT-FOR-US: Sprecher Automation +CVE-2022-4331 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-4330 (The WP Attachments WordPress plugin before 5.0.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4329 (The Product list Widget for Woocommerce WordPress plugin through 1.0 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4328 (The WooCommerce Checkout Field Manager WordPress plugin before 18.0 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4327 + REJECTED +CVE-2022-4326 (Improper preservation of permissions vulnerability in Trellix Endpoint ...) + NOT-FOR-US: Trellix Endpoint Agent (xAgent) +CVE-2022-4325 (The Post Status Notifier Lite WordPress plugin before 1.10.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4324 (The Custom Field Template WordPress plugin before 2.5.8 unserialises t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4323 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...) + NOT-FOR-US: WordPress plugin +CVE-2018-25048 (The CODESYS runtime system in multiple versions allows an remote low p ...) + NOT-FOR-US: CODESYS +CVE-2023-21673 (Improper Access to the VM resource manager can lead to Memory Corrupti ...) + NOT-FOR-US: Qualcomm +CVE-2023-21672 (Memory corruption in Audio while running concurrent tunnel playback or ...) + NOT-FOR-US: Qualcomm +CVE-2023-21671 (Memory Corruption in Core during syscall for Sectools Fuse comparison ...) + NOT-FOR-US: Qualcomm +CVE-2023-21670 (Memory Corruption in GPU Subsystem due to arbitrary command execution ...) + NOT-FOR-US: Qualcomm +CVE-2023-21669 (Information Disclosure in WLAN HOST while sending DPP action frame to ...) + NOT-FOR-US: Qualcomm +CVE-2023-21668 + RESERVED +CVE-2023-21667 (Transient DOS in Bluetooth HOST while passing descriptor to validate t ...) + NOT-FOR-US: Qualcomm +CVE-2023-21666 (Memory Corruption in Graphics while accessing a buffer allocated throu ...) + NOT-FOR-US: Qualcomm +CVE-2023-21665 (Memory corruption in Graphics while importing a file.) + NOT-FOR-US: Qualcomm +CVE-2023-21664 (Memory Corruption in Core Platform while printing the response buffer ...) + NOT-FOR-US: Qualcomm +CVE-2023-21663 (Memory Corruption while accessing metadata in Display.) + NOT-FOR-US: Qualcomm +CVE-2023-21662 (Memory corruption in Core Platform while printing the response buffer ...) + NOT-FOR-US: Qualcomm +CVE-2023-21661 (Transient DOS while parsing WLAN beacon or probe-response frame.) + NOT-FOR-US: Qualcomm +CVE-2023-21660 (Transient DOS in WLAN Firmware while parsing FT Information Elements.) + NOT-FOR-US: Qualcomm +CVE-2023-21659 (Transient DOS in WLAN Firmware while processing frames with missing he ...) + NOT-FOR-US: Qualcomm +CVE-2023-21658 (Transient DOS in WLAN Firmware while processing the received beacon or ...) + NOT-FOR-US: Qualcomm +CVE-2023-21657 (Memoru corruption in Audio when ADSP sends input during record use cas ...) + NOT-FOR-US: Qualcomm +CVE-2023-21656 (Memory corruption in WLAN HOST while receiving an WMI event from firmw ...) + NOT-FOR-US: Qualcomm +CVE-2023-21655 (Memory corruption in Audio while validating and mapping metadata.) + NOT-FOR-US: Qualcomm +CVE-2023-21654 (Memory corruption in Audio during playback session with audio effects ...) + NOT-FOR-US: Qualcomm +CVE-2023-21653 (Transient DOS in Modem while processing RRC reconfiguration message.) + NOT-FOR-US: Qualcomm +CVE-2023-21652 (Cryptographic issue in HLOS as derived keys used to encrypt/decrypt in ...) + NOT-FOR-US: Qualcomm +CVE-2023-21651 (Memory Corruption in Core due to incorrect type conversion or cast in ...) + NOT-FOR-US: Qualcomm +CVE-2023-21650 (Memory Corruption in GPS HLOS Driver when injectFdclData receives data ...) + NOT-FOR-US: Qualcomm +CVE-2023-21649 (Memory corruption in WLAN while running doDriverCmd for an unspecific ...) + NOT-FOR-US: Qualcomm +CVE-2023-21648 (Memory corruption in RIL while trying to send apdu packet.) + NOT-FOR-US: Qualcomm +CVE-2023-21647 (Information disclosure in Bluetooth when an GATT packet is received du ...) + NOT-FOR-US: Qualcomm +CVE-2023-21646 (Transient DOS in Modem while processing invalid System Information Blo ...) + NOT-FOR-US: Qualcomm +CVE-2023-21645 + RESERVED +CVE-2023-21644 (Memory corruption in RIL due to Integer Overflow while triggering qcri ...) + NOT-FOR-US: Qualcomm +CVE-2023-21643 (Memory corruption due to untrusted pointer dereference in automotive d ...) + NOT-FOR-US: Qualcomm +CVE-2023-21642 (Memory corruption in HAB Memory management due to broad system privile ...) + NOT-FOR-US: Qualcomm +CVE-2023-21641 (An app with non-privileged access can change global system brightness ...) + NOT-FOR-US: Qualcomm +CVE-2023-21640 (Memory corruption in Linux when the file upload API is called with par ...) + NOT-FOR-US: Qualcomm +CVE-2023-21639 (Memory corruption in Audio while processing sva_model_serializer using ...) + NOT-FOR-US: Qualcomm +CVE-2023-21638 (Memory corruption in Video while calling APIs with different instance ...) + NOT-FOR-US: Qualcomm +CVE-2023-21637 (Memory corruption in Linux while calling system configuration APIs.) + NOT-FOR-US: Qualcomm +CVE-2023-21636 (Memory Corruption due to improper validation of array index in Linux w ...) + NOT-FOR-US: Qualcomm +CVE-2023-21635 (Memory Corruption in Data Network Stack & Connectivity when sim gets d ...) + NOT-FOR-US: Qualcomm +CVE-2023-21634 (Memory Corruption in Radio Interface Layer while sending an SMS or wri ...) + NOT-FOR-US: Qualcomm +CVE-2023-21633 (Memory Corruption in Linux while processing QcRilRequestImsRegisterMul ...) + NOT-FOR-US: Qualcomm +CVE-2023-21632 (Memory corruption in Automotive GPU while querying a gsl memory node.) + NOT-FOR-US: Qualcomm +CVE-2023-21631 (Weak Configuration due to improper input validation in Modem while pro ...) + NOT-FOR-US: Qualcomm +CVE-2023-21630 (Memory Corruption in Multimedia Framework due to integer overflow when ...) + NOT-FOR-US: Qualcomm +CVE-2023-21629 (Memory Corruption in Modem due to double free while parsing the PKCS15 ...) + NOT-FOR-US: Qualcomm +CVE-2023-21628 (Memory corruption in WLAN HAL while processing WMI-UTF command or FTM ...) + NOT-FOR-US: Qualcomm +CVE-2023-21627 (Memory corruption in Trusted Execution Environment while calling servi ...) + NOT-FOR-US: Qualcomm +CVE-2023-21626 (Cryptographic issue in HLOS due to improper authentication while perfo ...) + NOT-FOR-US: Qualcomm +CVE-2023-21625 (Information disclosure in Network Services due to buffer over-read whi ...) + NOT-FOR-US: Qualcomm +CVE-2023-21624 (Information disclosure in DSP Services while loading dynamic module.) + NOT-FOR-US: Qualcomm +CVE-2022-46750 + REJECTED +CVE-2022-46749 + REJECTED +CVE-2022-46748 + REJECTED +CVE-2022-46747 + REJECTED +CVE-2022-46746 + REJECTED +CVE-2022-46745 + REJECTED +CVE-2022-46744 + REJECTED +CVE-2022-46743 + REJECTED +CVE-2022-46742 (Code injection in paddle.audio.functional.get_window in PaddlePaddle 2 ...) + NOT-FOR-US: PaddlePaddle +CVE-2022-46741 (Out-of-bounds read in gather_tree in PaddlePaddle before 2.4.) + NOT-FOR-US: PaddlePaddle +CVE-2022-46740 (There is a denial of service vulnerability in the Wi-Fi module of the ...) + NOT-FOR-US: Huawei +CVE-2022-46728 + REJECTED +CVE-2022-46727 + REJECTED +CVE-2022-46726 + RESERVED +CVE-2022-46725 (A spoofing issue existed in the handling of URLs. This issue was addre ...) + {DSA-5341-1 DSA-5340-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2022-46724 (This issue was addressed by restricting options offered on a locked de ...) + NOT-FOR-US: Apple +CVE-2022-46723 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-46722 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-46721 + RESERVED +CVE-2022-46720 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2022-46719 + REJECTED +CVE-2022-46718 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: APple +CVE-2022-46717 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-46716 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-46715 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: APple +CVE-2022-46714 + RESERVED +CVE-2022-46713 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2022-46712 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-46711 + RESERVED +CVE-2022-46710 + RESERVED +CVE-2022-46709 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-46708 + REJECTED +CVE-2022-46707 + REJECTED +CVE-2022-46706 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2022-46705 (A spoofing issue existed in the handling of URLs. This issue was addre ...) + {DSA-5341-1 DSA-5340-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2022-46704 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-46703 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-46702 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-46701 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-46700 (A memory corruption issue was addressed with improved input validation ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-46699 (A memory corruption issue was addressed with improved state management ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-46698 (A logic issue was addressed with improved checks. This issue is fixed ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-46697 (An out-of-bounds access issue was addressed with improved bounds check ...) + NOT-FOR-US: Apple +CVE-2022-46696 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-46695 (A spoofing issue existed in the handling of URLs. This issue was addre ...) + NOT-FOR-US: Apple +CVE-2022-46694 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-46693 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-46692 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-46691 (A memory consumption issue was addressed with improved memory handling ...) + {DSA-5274-1 DSA-5273-1 DLA-3183-1} + - webkit2gtk 2.38.1-1 + - wpewebkit 2.38.1-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-46690 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-46689 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2022-46688 (A cross-site request forgery (CSRF) vulnerability in Jenkins Sonar Ger ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46687 (Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build d ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46686 (Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46685 (In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46684 (Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values r ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46683 (Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46682 (Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML pars ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-46681 + REJECTED +CVE-2022-46680 (A CWE-319: Cleartext transmission of sensitive information vulnerabili ...) + NOT-FOR-US: Schneider Electric +CVE-2022-46679 (Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficien ...) + NOT-FOR-US: Dell +CVE-2022-46678 (Wyse Management Suite 3.8 and below contain an improper access contr ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46677 (Wyse Management Suite 3.8 and below contain an improper access control ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46676 (Wyse Management Suite 3.8 and below contain an improper access control ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46675 (Wyse Management Suite Repository 3.8 and below contain an information ...) + NOT-FOR-US: Wyse Management Suite +CVE-2022-46656 (Insecure inherited permissions for the Intel(R) NUC Pro Software Suite ...) + NOT-FOR-US: Intel +CVE-2022-46645 (Uncontrolled resource consumption in the Intel(R) Smart Campus Android ...) + NOT-FOR-US: Intel +CVE-2022-46279 (Improper access control in the Intel(R) Retail Edge android applicatio ...) + NOT-FOR-US: Intel +CVE-2022-45112 (Improper access control in some Intel(R) VROC software before version ...) + NOT-FOR-US: Intel +CVE-2022-44607 + RESERVED +CVE-2022-44449 (Stored cross-site scripting vulnerability in Zenphoto versions prior t ...) + NOT-FOR-US: Zenphoto +CVE-2022-43502 + RESERVED +CVE-2022-43498 + RESERVED +CVE-2022-43474 (Uncontrolled search path for the DSP Builder software installer before ...) + NOT-FOR-US: Intel +CVE-2022-4322 (A vulnerability, which was classified as critical, was found in maku-b ...) + NOT-FOR-US: maku-boot +CVE-2022-4321 (The PDF Generator for WordPress plugin before 1.1.2 includes a vendore ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4320 (The WordPress Events Calendar WordPress plugin before 1.4.5 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4319 + RESERVED +CVE-2022-4318 (A vulnerability was found in cri-o. This issue allows the addition of ...) + - cri-o (bug #979702) +CVE-2022-4317 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...) + NOT-FOR-US: Gitlab DAST analyzer +CVE-2022-4316 + RESERVED +CVE-2022-4315 (An issue has been discovered in GitLab DAST analyzer affecting all ver ...) + NOT-FOR-US: Gitlab DAST analyzer +CVE-2022-4314 (Improper Privilege Management in GitHub repository ikus060/rdiffweb pr ...) + - rdiffweb (bug #969974) +CVE-2022-4313 (A vulnerability was reported where through modifying the scan variable ...) + NOT-FOR-US: Tenable +CVE-2022-4312 (A cleartext storage of sensitive information vulnerability exists in P ...) + NOT-FOR-US: PcVue +CVE-2022-4311 (An insertion of sensitive information into log file vulnerability exis ...) + NOT-FOR-US: PcVue +CVE-2022-42879 (NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphic ...) + NOT-FOR-US: Intel +CVE-2022-42700 + RESERVED +CVE-2022-46674 + RESERVED +CVE-2022-46673 + REJECTED +CVE-2022-46672 + REJECTED +CVE-2022-46671 + REJECTED +CVE-2022-46670 (Rockwell Automation was made aware of a vulnerability by a security re ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-46669 + REJECTED +CVE-2022-46668 + REJECTED +CVE-2022-46667 + REJECTED +CVE-2022-46666 + REJECTED +CVE-2022-46665 + REJECTED +CVE-2022-46664 (A vulnerability has been identified in Mendix Workflow Commons (All ve ...) + NOT-FOR-US: Siemens +CVE-2022-46662 (Roxio Creator LJB starts another program with an unquoted file path. S ...) + NOT-FOR-US: Roxio +CVE-2022-4310 (The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4309 (The Subscribe2 WordPress plugin before 10.38 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4308 (Plaintext Storage of a Password vulnerability in Secomea GateManager ( ...) + NOT-FOR-US: Secomea +CVE-2022-4307 (The \u067e\u0644\u0627\u06af\u06cc\u0646 \u067e\u0631\u062f\u0627\u062 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4306 (The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4305 (The Login as User or Customer WordPress plugin before 3.3 lacks author ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4304 (A timing based side channel exists in the OpenSSL RSA Decryption imple ...) + {DSA-5343-1 DLA-3325-1} + - openssl 3.0.8-1 + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d (openssl-3.0.8) (reverted in 908eaceb62624f5b5c505b286d904bd3a4e8a64a) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a00d757d9ca212994625d1a02c81cc5edd27e13b (openssl-3.0.9) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=43d8f88511991533f53680a751e9326999a6a31f (OpenSSL_1_1_1t) (reverted in 0372649a943fb23f7f08c7acdbc01464b9df03f0) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=3f499b24f3bcd66db022074f7e8b4f6ee266a3ae (OpenSSL_1_1_1t) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8daa2616bbe6f7994e0cdd796d3280118c51d8d8 (OpenSSL_1_1_1t) +CVE-2022-4303 (The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4302 (The White Label CMS WordPress plugin before 2.5 unserializes user inpu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4301 (The Sunshine Photo Cart WordPress plugin before 2.9.15 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4300 (A vulnerability was found in FastCMS. It has been rated as critical. T ...) + NOT-FOR-US: FastCMS +CVE-2022-4299 (The Metricool WordPress plugin before 1.18 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4298 (The Wholesale Market WordPress plugin before 2.2.1 does not have autho ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4297 (The WP AutoComplete Search WordPress plugin through 1.0.4 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4296 (A vulnerability classified as problematic has been found in TP-Link TL ...) + NOT-FOR-US: TP-Link +CVE-2022-46663 (In GNU Less before 609, crafted data can result in "less -R" not filte ...) + - less 590-1.2 (bug #1030825) + [bullseye] - less (Vulnerable code not present) + [buster] - less (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/07/7 + NOTE: Introduced by: https://github.com/gwsw/less/commit/0f810ef16781bf0f59690be63af876bddabf68bf (v566) + NOTE: Fixed by: https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c +CVE-2022-46651 (Apache Airflow, versions before 2.6.3, is affected by a vulnerability ...) + - airflow (bug #819700) +CVE-2022-46650 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...) + NOT-FOR-US: ALEOS +CVE-2022-46649 (Acemanager in ALEOS before version 4.16 allows a user with valid crede ...) + NOT-FOR-US: ALEOS +CVE-2022-46647 (Insertion of sensitive information into log file for some Intel Unison ...) + NOT-FOR-US: Intel +CVE-2022-46646 (Exposure of sensitive information to an unauthorized actor for some In ...) + NOT-FOR-US: Intel +CVE-2022-46329 (Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi so ...) + {DLA-3596-1} + - firmware-nonfree (bug #1051892) + [bookworm] - firmware-nonfree (Non-free not supported) + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html + NOTE: Fixed upstream in linux-firmware/20230804 +CVE-2022-46301 (Improper Initialization for some Intel Unison software may allow a pri ...) + NOT-FOR-US: Intel +CVE-2022-46299 (Insufficient control flow management for some Intel Unison software ma ...) + NOT-FOR-US: Intel +CVE-2022-46298 (Incomplete cleanup for some Intel Unison software may allow a privileg ...) + NOT-FOR-US: Intel +CVE-2022-46283 + RESERVED +CVE-2022-46282 (Use after free vulnerability in CX-Drive V3.00 and earlier allows a lo ...) + NOT-FOR-US: CX-Drive +CVE-2022-45469 (Improper input validation for some Intel Unison software may allow an ...) + NOT-FOR-US: Intel +CVE-2022-43666 (Exposure of sensitive system information due to uncleared debug inform ...) + NOT-FOR-US: Intel +CVE-2022-43496 + RESERVED +CVE-2022-43473 (A blind XML External Entity (XXE) vulnerability exists in the Add UCS ...) + NOT-FOR-US: ZoHo ManageEngine +CVE-2022-4295 (The Show All Comments WordPress plugin before 7.0.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-46644 + RESERVED +CVE-2022-46643 + RESERVED +CVE-2022-46642 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...) + NOT-FOR-US: D-Link +CVE-2022-46641 (D-Link DIR-846 A1_FW100A43 was discovered to contain a command injecti ...) + NOT-FOR-US: D-Link +CVE-2022-46640 (Nanoleaf Desktop App before v1.3.1 was discovered to contain a command ...) + NOT-FOR-US: Nanoleaf +CVE-2022-46639 (A vulnerability in the descarga_etiqueta.php component of Correos Pres ...) + NOT-FOR-US: Prestashop +CVE-2022-46638 + RESERVED +CVE-2022-46637 (Prolink router PRS1841 was discovered to contain hardcoded credentials ...) + NOT-FOR-US: Prolink router +CVE-2022-46636 + RESERVED +CVE-2022-46635 + RESERVED +CVE-2022-46634 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-46633 + RESERVED +CVE-2022-46632 + RESERVED +CVE-2022-46631 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-46630 + RESERVED +CVE-2022-46629 + RESERVED +CVE-2022-46628 + RESERVED +CVE-2022-46627 + RESERVED +CVE-2022-46626 + RESERVED +CVE-2022-46625 + RESERVED +CVE-2022-46624 (A cross-site scripting (XSS) vulnerability in Online Graduate Tracer S ...) + NOT-FOR-US: Online Graduate Tracer System +CVE-2022-46623 (Judging Management System v1.0.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Judging Management System +CVE-2022-46622 (A cross-site scripting (XSS) vulnerability in Judging Management Syste ...) + NOT-FOR-US: Judging Management System +CVE-2022-46621 + REJECTED +CVE-2022-46620 + REJECTED +CVE-2022-46619 + RESERVED +CVE-2022-46618 + RESERVED +CVE-2022-46617 + RESERVED +CVE-2022-46616 + RESERVED +CVE-2022-46615 + RESERVED +CVE-2022-46614 + RESERVED +CVE-2022-46613 + RESERVED +CVE-2022-46612 + RESERVED +CVE-2022-46611 + RESERVED +CVE-2022-46610 (72crm v9 was discovered to contain an arbitrary file upload vulnerabil ...) + NOT-FOR-US: 72crm +CVE-2022-46609 (Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and ...) + NOT-FOR-US: backdoored Python3-RESTfulAPI package +CVE-2022-46608 + RESERVED +CVE-2022-46607 + RESERVED +CVE-2022-46606 + RESERVED +CVE-2022-46605 + RESERVED +CVE-2022-46604 (An issue in Tecrail Responsive FileManager v9.9.5 and below allows att ...) + NOT-FOR-US: Tecrail Responsive FileManager +CVE-2022-46603 (An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary comma ...) + NOT-FOR-US: Inkdrop +CVE-2022-46602 + RESERVED +CVE-2022-46601 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46600 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46599 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46598 (TRENDnet TEW755AP 1.13B01 was discovered to contain a command injectio ...) + NOT-FOR-US: TRENDnet +CVE-2022-46597 (TRENDnet TEW755AP 1.13B01 was discovered to contain a command injectio ...) + NOT-FOR-US: TRENDnet +CVE-2022-46596 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46595 + RESERVED +CVE-2022-46594 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46593 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46592 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46591 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46590 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46589 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46588 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46587 + RESERVED +CVE-2022-46586 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46585 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46584 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46583 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46582 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46581 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46580 (TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow v ...) + NOT-FOR-US: TRENDnet +CVE-2022-46579 + RESERVED +CVE-2022-46578 + RESERVED +CVE-2022-46577 + RESERVED +CVE-2022-46576 + RESERVED +CVE-2022-46575 + RESERVED +CVE-2022-46574 + RESERVED +CVE-2022-46573 + RESERVED +CVE-2022-46572 + RESERVED +CVE-2022-46571 + RESERVED +CVE-2022-46570 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46569 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46568 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46567 + RESERVED +CVE-2022-46566 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46565 + RESERVED +CVE-2022-46564 + RESERVED +CVE-2022-46563 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46562 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46561 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46560 (D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discov ...) + NOT-FOR-US: D-Link +CVE-2022-46559 + RESERVED +CVE-2022-46558 + RESERVED +CVE-2022-46557 + RESERVED +CVE-2022-46556 + RESERVED +CVE-2022-46555 + RESERVED +CVE-2022-46554 + RESERVED +CVE-2022-46553 + RESERVED +CVE-2022-46552 (D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote ...) + NOT-FOR-US: D-Link +CVE-2022-46551 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46550 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46549 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46548 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46547 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46546 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46545 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46544 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46543 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46542 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46541 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46540 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46539 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46538 (Tenda F1203 V2.0.1.6 was discovered to contain a command injection vul ...) + NOT-FOR-US: Tenda +CVE-2022-46537 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46536 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46535 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46534 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46533 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46532 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46531 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46530 (Tenda F1203 V2.0.1.6 was discovered to contain a buffer overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-46529 + RESERVED +CVE-2022-46528 + RESERVED +CVE-2022-46527 (ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow ...) + NOT-FOR-US: ELSYS ERS +CVE-2022-46526 + RESERVED +CVE-2022-46525 + RESERVED +CVE-2022-46524 + RESERVED +CVE-2022-46523 + RESERVED +CVE-2022-46522 + RESERVED +CVE-2022-46521 + RESERVED +CVE-2022-46520 + RESERVED +CVE-2022-46519 + RESERVED +CVE-2022-46518 + RESERVED +CVE-2022-46517 + RESERVED +CVE-2022-46516 + RESERVED +CVE-2022-46515 + RESERVED +CVE-2022-46514 + RESERVED +CVE-2022-46513 + RESERVED +CVE-2022-46512 + RESERVED +CVE-2022-46511 + RESERVED +CVE-2022-46510 + RESERVED +CVE-2022-46509 + RESERVED +CVE-2022-46508 + RESERVED +CVE-2022-46507 + RESERVED +CVE-2022-46506 + RESERVED +CVE-2022-46505 (An issue in MatrixSSL 4.5.1-open and earlier leads to failure to secur ...) + - matrixssl +CVE-2022-46504 + RESERVED +CVE-2022-46503 (A cross-site scripting (XSS) vulnerability in the component /admin/reg ...) + NOT-FOR-US: Online Student Enrollment System +CVE-2022-46502 (Online Student Enrollment System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Student Enrollment System +CVE-2022-46501 (Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered ...) + NOT-FOR-US: Accruent LLC Maintenance Connection +CVE-2022-46500 + RESERVED +CVE-2022-46499 + RESERVED +CVE-2022-46498 + RESERVED +CVE-2022-46497 + RESERVED +CVE-2022-46496 (BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missin ...) + NOT-FOR-US: BTicino Door Entry HOMETOUCH +CVE-2022-46495 + RESERVED +CVE-2022-46494 + RESERVED +CVE-2022-46493 (Default version of nbnbk was discovered to contain an arbitrary file u ...) + NOT-FOR-US: nbnbk +CVE-2022-46492 (nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered t ...) + NOT-FOR-US: nbnbk +CVE-2022-46491 (A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administr ...) + NOT-FOR-US: nbnbk +CVE-2022-46490 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2327 + NOTE: https://github.com/gpac/gpac/commit/8968a510250e8c70a611221d63fe0a45b7d3a551 (v2.2.0) +CVE-2022-46489 (GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contai ...) + [experimental] - gpac 2.2.1+dfsg1-1 + - gpac 2.2.1+dfsg1-2 (bug #1033116) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2328 + NOTE: https://github.com/gpac/gpac/commit/44e8616ec6d0c37498cdacb81375b09249fa9daa (v2.2.0) +CVE-2022-46488 + RESERVED +CVE-2022-46487 + RESERVED +CVE-2022-46486 + RESERVED +CVE-2022-46485 (Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and be ...) + NOT-FOR-US: ngSurvey +CVE-2022-46484 (Information disclosure in password protected surveys in Data Illusion ...) + NOT-FOR-US: ngSurvey +CVE-2022-46483 + RESERVED +CVE-2022-46482 + RESERVED +CVE-2022-46481 + RESERVED +CVE-2022-46480 (Incorrect Session Management and Credential Re-use in the Bluetooth LE ...) + NOT-FOR-US: Ultraloq UL3 2nd Gen Smart Lock Firmware +CVE-2022-46479 + RESERVED +CVE-2022-46478 (The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no ...) + NOT-FOR-US: datax-web +CVE-2022-46477 + RESERVED +CVE-2022-46476 (D-Link DIR-859 A1 1.05 was discovered to contain a command injection v ...) + NOT-FOR-US: D-Link +CVE-2022-46475 (D-Link DIR 645A1 1.06B01_Beta01 was discovered to contain a stack over ...) + NOT-FOR-US: D-Link +CVE-2022-46474 + RESERVED +CVE-2022-46473 + RESERVED +CVE-2022-46472 (Helmet Store Showroom Site v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46471 (Online Health Care System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Online Health Care System +CVE-2022-46470 + RESERVED +CVE-2022-46469 + RESERVED +CVE-2022-46468 + RESERVED +CVE-2022-46467 + RESERVED +CVE-2022-46466 + RESERVED +CVE-2022-46465 + RESERVED +CVE-2022-46464 + REJECTED +CVE-2022-46463 (An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to ...) + NOT-FOR-US: Harbor +CVE-2022-46462 + RESERVED +CVE-2022-46461 + RESERVED +CVE-2022-46460 + RESERVED +CVE-2022-46459 + RESERVED +CVE-2022-46458 + RESERVED +CVE-2022-46457 (NASM v2.16 was discovered to contain a segmentation violation in the c ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392809 + NOTE: Crash in CLI tool, no security impact +CVE-2022-46456 (NASM v2.16 was discovered to contain a global buffer overflow in the c ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392814 + NOTE: Crash in CLI tool, no security impact +CVE-2022-46455 + RESERVED +CVE-2022-46454 + RESERVED +CVE-2022-46453 + RESERVED +CVE-2022-46452 + RESERVED +CVE-2022-46451 + RESERVED +CVE-2022-46450 + RESERVED +CVE-2022-46449 (An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cau ...) + - mpd (Only affects Windows) + NOTE: https://github.com/MusicPlayerDaemon/MPD/issues/1676 + NOTE: https://github.com/MusicPlayerDaemon/MPD/commit/73b5d0a9b9ace89edcee30d9d83eb16c27c6f9b2 (v0.23.11) +CVE-2022-46448 + RESERVED +CVE-2022-46447 + RESERVED +CVE-2022-46446 + RESERVED +CVE-2022-46445 + RESERVED +CVE-2022-46444 + RESERVED +CVE-2022-46443 (mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemq ...) + NOT-FOR-US: mesinkasir Bangresto +CVE-2022-46442 (dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n quer ...) + NOT-FOR-US: dedecms +CVE-2022-46441 + RESERVED +CVE-2022-46440 (ttftool v0.9.2 was discovered to contain a segmentation violation via ...) + - swftools +CVE-2022-46439 + RESERVED +CVE-2022-46438 (A cross-site scripting (XSS) vulnerability in the /admin/article_categ ...) + NOT-FOR-US: DouPHP +CVE-2022-46437 + RESERVED +CVE-2022-46436 + RESERVED +CVE-2022-46435 (An issue in the firmware update process of TP-Link TL-WR941ND V2/V3 up ...) + NOT-FOR-US: TP-Link +CVE-2022-46434 (An issue in the firmware update process of TP-Link TL-WA7510N v1 v3.12 ...) + NOT-FOR-US: TP-Link +CVE-2022-46433 + RESERVED +CVE-2022-46432 (An exploitable firmware modification vulnerability was discovered on T ...) + NOT-FOR-US: TP-Link +CVE-2022-46431 + RESERVED +CVE-2022-46430 (TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated a ...) + NOT-FOR-US: TP-Link +CVE-2022-46429 + RESERVED +CVE-2022-46428 (TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attack ...) + NOT-FOR-US: TP-Link +CVE-2022-46427 + RESERVED +CVE-2022-46426 + RESERVED +CVE-2022-46425 + RESERVED +CVE-2022-46424 (An exploitable firmware modification vulnerability was discovered on t ...) + NOT-FOR-US: Netgear +CVE-2022-46423 (An exploitable firmware modification vulnerability was discovered on t ...) + NOT-FOR-US: Netgear +CVE-2022-46422 (An issue in Netgear WNR2000 v1 1.2.3.7 and earlier allows authenticate ...) + NOT-FOR-US: Netgear +CVE-2022-43486 (Hidden functionality vulnerability in Buffalo network devices WSR-3200 ...) + NOT-FOR-US: Buffalo network devices +CVE-2022-43466 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...) + NOT-FOR-US: Buffalo network devices +CVE-2022-43443 (Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and earlier, W ...) + NOT-FOR-US: Buffalo network devices +CVE-2022-4294 (Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible ...) + NOT-FOR-US: Norton +CVE-2022-4293 (Floating Point Comparison with Incorrect Operator in GitHub repository ...) + - vim 2:9.0.0813-1 (unimportant) + NOTE: https://huntr.dev/bounties/385a835f-6e33-4d00-acce-ac99f3939143 + NOTE: https://github.com/vim/vim/commit/cdef1cefa2a440911c727558562f83ed9b00e16b (v9.0.0804) + NOTE: Crash in CLI tool, no security impact +CVE-2022-4292 (Use After Free in GitHub repository vim/vim prior to 9.0.0882.) + - vim 2:9.0.1000-1 (unimportant) + NOTE: https://huntr.dev/bounties/da3d4c47-e57a-451e-993d-9df0ed31f57b + NOTE: https://github.com/vim/vim/commit/c3d27ada14acd02db357f2d16347acc22cb17e93 (v9.0.0882) + NOTE: Crash in CLI tool, no security impact +CVE-2022-4291 (The aswjsflt.dll library from Avast Antivirus windows contained a pote ...) + NOT-FOR-US: Avast Antivirus +CVE-2022-4290 (The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4289 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4288 + RESERVED +CVE-2022-4287 (Authentication bypass in local application lock feature in Devolutions ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-4286 (A reflected cross-site scripting (XSS) vulnerability exists in System ...) + NOT-FOR-US: B&R Automation Runtime +CVE-2022-4285 (An illegal memory access flaw was found in the binutils package. Parsi ...) + - binutils 2.39.50.20221208-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29699 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 + NOTE: binutils not covered by security support +CVE-2022-4284 + REJECTED +CVE-2022-4283 (A vulnerability was found in X.Org. This security flaw occurs because ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/ccdd431cd8f1cabae9d744f0514b6533c438908c +CVE-2022-4282 (A vulnerability was found in SpringBootCMS and classified as critical. ...) + NOT-FOR-US: SpringBootCMS +CVE-2022-46421 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Airflow Hive provider +CVE-2022-4281 (A vulnerability has been found in Facepay 1.0 and classified as critic ...) + NOT-FOR-US: Facepay +CVE-2022-46288 (Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and e ...) + NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM +CVE-2022-46287 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...) + NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM +CVE-2022-41993 (Cross-site scripting vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R ...) + NOT-FOR-US: DENSHI NYUSATSU CORE SYSTEM +CVE-2022-46416 (Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate term ...) + NOT-FOR-US: Parrot Bebop +CVE-2022-46415 (DJI Spark 01.00.0900 allows remote attackers to prevent legitimate ter ...) + NOT-FOR-US: DJI Spark +CVE-2022-46414 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) + NOT-FOR-US: Veritas +CVE-2022-46413 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) + NOT-FOR-US: Veritas +CVE-2022-46412 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A ...) + NOT-FOR-US: Veritas +CVE-2022-46411 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0 an ...) + NOT-FOR-US: Veritas +CVE-2022-46410 (An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A ...) + NOT-FOR-US: Veritas +CVE-2022-46409 + RESERVED +CVE-2022-46408 (Ericsson Network Manager (ENM), versions prior to 22.1, contains a vul ...) + NOT-FOR-US: Ericsson Network Manager +CVE-2022-46407 (Ericsson Network Manager (ENM), versions prior to 22.2, contains a vul ...) + NOT-FOR-US: Ericsson Network Manager +CVE-2022-46406 + RESERVED +CVE-2022-46405 (Mastodon through 4.0.2 allows attackers to cause a denial of service ( ...) + - mastodon (bug #859741) +CVE-2022-46404 (A command injection vulnerability has been identified in Atos Unify Op ...) + NOT-FOR-US: Atos Unify OpenScape +CVE-2022-46403 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) + NOT-FOR-US: Microchip +CVE-2022-46402 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) + NOT-FOR-US: Microchip +CVE-2022-46401 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) + NOT-FOR-US: Microchip +CVE-2022-46400 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) + NOT-FOR-US: Microchip +CVE-2022-46399 (The Microchip RN4870 module firmware 1.43 (and the Microchip PIC Light ...) + NOT-FOR-US: Microchip +CVE-2022-46398 + RESERVED +CVE-2022-46397 (FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, ...) + NOT-FOR-US: FD.io VPP (Vector Packet Processor) IPSec +CVE-2022-46396 (An issue was discovered in the Arm Mali Kernel Driver. A non-privilege ...) + NOT-FOR-US: Arm Mali +CVE-2022-46395 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: Arm Mali +CVE-2022-46394 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: Arm Mali +CVE-2022-46393 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...) + - mbedtls 2.28.2-1 + [bullseye] - mbedtls (The vulnerable code was introduced later) + [buster] - mbedtls (The vulnerable code was introduced later) + NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 + NOTE: Fixed by https://github.com/Mbed-TLS/mbedtls/commit/f385fcebee017973cf4137333628a78248f1f443 +CVE-2022-46392 (An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0 ...) + - mbedtls 2.28.2-1 + [bullseye] - mbedtls (Minor issue) + [buster] - mbedtls (Minor issue) + NOTE: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2 + NOTE: Issue is most likely related to library/bignum.c and the mbedtls_mpi_exp_mod function. +CVE-2022-46391 (AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to print ...) + {DLA-3225-1} + - awstats 7.8-3 (bug #1025410) + [bullseye] - awstats 7.8-2+deb11u1 + NOTE: https://github.com/eldy/AWStats/pull/226 + NOTE: Fixed by: https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965 +CVE-2022-46390 + RESERVED +CVE-2022-46389 (There exists a reflected XSS within the logout functionality of Servic ...) + NOT-FOR-US: ServiceNow +CVE-2022-46388 + RESERVED +CVE-2022-46387 (ConEmu through 220807 and Cmder before 1.3.21 report the title of the ...) + NOT-FOR-US: ConEmu +CVE-2022-46386 + RESERVED +CVE-2022-46385 + RESERVED +CVE-2022-46384 + RESERVED +CVE-2022-46383 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...) + NOT-FOR-US: RackN Digital Rebar +CVE-2022-46382 (RackN Digital Rebar through 4.6.14, 4.7 through 4.7.22, 4.8 through 4. ...) + NOT-FOR-US: RackN Digital Rebar +CVE-2022-46381 (Certain Linear eMerge E3-Series devices are vulnerable to XSS via the ...) + NOT-FOR-US: Linear eMerge E3-Series devices +CVE-2022-4280 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Dot Tech Smart Campus System +CVE-2022-4279 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Human Resource Management System +CVE-2022-4278 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester Book Store Management System +CVE-2022-4277 (A vulnerability was found in Shaoxing Background Management System. It ...) + NOT-FOR-US: Shaoxing Background Management System +CVE-2022-4276 (A vulnerability was found in House Rental System and classified as cri ...) + NOT-FOR-US: House Rental System +CVE-2022-4275 (A vulnerability has been found in House Rental System and classified a ...) + NOT-FOR-US: House Rental System +CVE-2022-4274 (A vulnerability, which was classified as critical, was found in House ...) + NOT-FOR-US: House Rental System +CVE-2022-4273 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Human Resource Management System +CVE-2022-4272 (A vulnerability, which was classified as critical, has been found in F ...) + NOT-FOR-US: FeMiner wms +CVE-2022-45124 (An information disclosure vulnerability exists in the User authenticat ...) + NOT-FOR-US: WellinTech KingHistorian +CVE-2022-45115 (A buffer overflow vulnerability exists in the Attribute Arena function ...) + NOT-FOR-US: Ichitaro +CVE-2022-43665 (A denial of service vulnerability exists in the malware scan functiona ...) + NOT-FOR-US: ESTsoft Alyac +CVE-2022-46378 (An out-of-bounds read vulnerability exists in the PORT command paramet ...) + NOT-FOR-US: uC-FTPs +CVE-2022-46377 (An out-of-bounds read vulnerability exists in the PORT command paramet ...) + NOT-FOR-US: uC-FTPs +CVE-2022-46376 + RESERVED +CVE-2022-46375 + RESERVED +CVE-2022-46374 + RESERVED +CVE-2022-46373 + RESERVED +CVE-2022-46372 (Alotcer - AR7088H-A firmware version 16.10.3 Command execution Imprope ...) + NOT-FOR-US: Alotcer - AR7088H-A firmware +CVE-2022-46371 (Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. U ...) + NOT-FOR-US: Alotcer - AR7088H-A firmware +CVE-2022-46370 (Rumpus - FTP server version 9.0.7.1 Improper Token Verification\u2013 ...) + NOT-FOR-US: Rumpus - FTP server +CVE-2022-46369 (Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (P ...) + NOT-FOR-US: Rumpus - FTP server +CVE-2022-46368 (Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) ...) + NOT-FOR-US: Rumpus - FTP server +CVE-2022-46367 (Rumpus - FTP server Cross-site request forgery (CSRF) \u2013 Privilege ...) + NOT-FOR-US: Rumpus - FTP server +CVE-2022-46365 (Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs i ...) + NOT-FOR-US: Apache StreamPark +CVE-2022-46364 (A SSRF vulnerability in parsing thehref attribute of XOP:Include in MT ...) + NOT-FOR-US: Apache CXF +CVE-2022-46363 (A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows ...) + NOT-FOR-US: Apache CXF +CVE-2022-4271 (Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/o ...) + NOT-FOR-US: osTicket +CVE-2022-4270 (Incorrect privilege assignment issue in M-Files Web in M-Files Web ver ...) + NOT-FOR-US: M-Files Web +CVE-2022-4269 (A flaw was found in the Linux kernel Traffic Control (TC) subsystem. U ...) + {DSA-5480-1 DLA-3623-1} + - linux 6.1.20-2 + NOTE: https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/ +CVE-2022-4268 (The Plugin Logic WordPress plugin before 1.0.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4267 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4266 (The Bulk Delete Users by Email WordPress plugin through 1.2 does not h ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4265 (The Replyable WordPress plugin before 2.2.10 does not validate the cla ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4264 (Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files bef ...) + NOT-FOR-US: M-Files +CVE-2022-4263 + RESERVED +CVE-2022-XXXX [node-d3-color redos] + - node-d3-color 1.2.8-5 + [bullseye] - node-d3-color (Minor issue) + [buster] - node-d3-color (Minor issue) + NOTE: https://github.com/advisories/GHSA-36jr-mh4h-2g58 + NOTE: https://github.com/d3/d3-color/issues/97 + NOTE: https://github.com/d3/d3-color/pull/100 +CVE-2023-21623 + RESERVED +CVE-2023-21622 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) + NOT-FOR-US: FrameMaker +CVE-2023-21621 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) + NOT-FOR-US: FrameMaker +CVE-2023-21620 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) + NOT-FOR-US: FrameMaker +CVE-2023-21619 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) + NOT-FOR-US: FrameMaker +CVE-2023-21618 (Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2023-21617 + RESERVED +CVE-2023-21616 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-21615 (Experience Manager versions 6.5.15.0 (and earlier) are affected by a r ...) + NOT-FOR-US: Adobe +CVE-2023-21614 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21613 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21612 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21611 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21610 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21609 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21608 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21607 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21606 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21605 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21604 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21603 (Adobe Dimension version 3.4.6 (and earlier) are affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2023-21602 + RESERVED +CVE-2023-21601 (Adobe Dimension version 3.4.6 (and earlier) are affected by a Use Afte ...) + NOT-FOR-US: Adobe +CVE-2023-21600 + RESERVED +CVE-2023-21599 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21598 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21597 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21596 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21595 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21594 (Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affec ...) + NOT-FOR-US: Adobe +CVE-2023-21593 (Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2023-21592 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21591 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21590 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21589 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21588 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21587 (Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affe ...) + NOT-FOR-US: Adobe +CVE-2023-21586 + RESERVED +CVE-2023-21585 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21584 (FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affecte ...) + NOT-FOR-US: FrameMaker +CVE-2023-21583 (Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2023-21582 (Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2023-21581 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21580 + RESERVED +CVE-2023-21579 (Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 ...) + NOT-FOR-US: Adobe +CVE-2023-21578 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) + NOT-FOR-US: Adobe +CVE-2023-21577 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) + NOT-FOR-US: Adobe +CVE-2023-21576 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) + NOT-FOR-US: Adobe +CVE-2023-21575 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) + NOT-FOR-US: Adobe +CVE-2023-21574 (Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affecte ...) + NOT-FOR-US: Adobe +CVE-2022-4262 (Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a ...) + {DSA-5295-1} + - chromium 108.0.5359.94-1 + [buster] - chromium (see DSA 5046) +CVE-2023-21573 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-21572 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-21571 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-21570 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2023-21569 (Azure DevOps Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21568 (Microsoft SQL Server Integration Service (VS extension) Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2023-21567 (Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21566 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21565 (Azure DevOps Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21564 (Azure DevOps Server Cross-Site Scripting Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21563 (BitLocker Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21562 + RESERVED +CVE-2023-21561 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21560 (Windows Boot Manager Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21559 (Windows Cryptographic Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21558 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21557 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...) + NOT-FOR-US: Microsoft +CVE-2023-21556 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21555 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21554 (Microsoft Message Queuing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21553 (Azure DevOps Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21552 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21551 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21550 (Windows Cryptographic Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21549 (Windows SMB Witness Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21548 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-21547 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21546 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21545 + RESERVED +CVE-2023-21544 + RESERVED +CVE-2023-21543 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2023-21542 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21541 (Windows Task Scheduler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21540 (Windows Cryptographic Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21539 (Windows Authentication Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21538 (.NET Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21537 (Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21536 (Event Tracing for Windows Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21535 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2023-21534 + RESERVED +CVE-2023-21533 + RESERVED +CVE-2023-21532 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21531 (Azure Service Fabric Container Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21530 + RESERVED +CVE-2023-21529 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21528 (Microsoft SQL Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21527 (Windows iSCSI Service Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21526 (Windows Netlogon Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21525 (Remote Procedure Call Runtime Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2023-21524 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-4261 (Rapid7 Nexpose and InsightVM versions prior to 6.6.172 failed to relia ...) + NOT-FOR-US: Rapid7 Nexpose and InsightVM +CVE-2022-4260 (The WP-Ban WordPress plugin before 1.69.1 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4259 (Due to improper input validation in the Alerts controller, a SQL injec ...) + NOT-FOR-US: Nozomi Networks +CVE-2022-4258 (In multiple versions of HIMA PC based Software an unquoted Windows sea ...) + NOT-FOR-US: HIMA +CVE-2022-4257 (A vulnerability was found in C-DATA Web Management System. It has been ...) + NOT-FOR-US: C-DATA Web Management System +CVE-2022-4256 (The All-in-One Addons for Elementor WordPress plugin before 2.4.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4255 (An info leak issue was identified in all versions of GitLab EE from 13 ...) + - gitlab (Specific to EE) +CVE-2022-4254 (sssd: libsss_certmap fails to sanitise certificate data used in LDAP f ...) + {DLA-3436-1} + - sssd 2.3.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2149894 + NOTE: https://github.com/SSSD/sssd/issues/5135 + NOTE: https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 + NOTE: https://github.com/SSSD/sssd/commit/918fb32af6a271230bf87db47f78768edb9ca86c (sssd-1-16) +CVE-2022-4253 (A vulnerability was found in SourceCodester Canteen Management System. ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4252 (A vulnerability was found in SourceCodester Canteen Management System. ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4251 (A vulnerability was found in Movie Ticket Booking System and classifie ...) + NOT-FOR-US: Movie Ticket Booking System +CVE-2022-4250 (A vulnerability has been found in Movie Ticket Booking System and clas ...) + NOT-FOR-US: Movie Ticket Booking System +CVE-2022-4249 (A vulnerability, which was classified as problematic, was found in Mov ...) + NOT-FOR-US: Movie Ticket Booking System +CVE-2022-4248 (A vulnerability, which was classified as critical, has been found in M ...) + NOT-FOR-US: Movie Ticket Booking System +CVE-2022-4247 (A vulnerability classified as critical was found in Movie Ticket Booki ...) + NOT-FOR-US: Movie Ticket Booking System +CVE-2022-4246 (A vulnerability classified as problematic has been found in Kakao PotP ...) + NOT-FOR-US: Kakao PotPlayer +CVE-2022-46366 (Apache Tapestry 3.x allows deserialization of untrusted data, leading ...) + NOT-FOR-US: Apache Tapestry +CVE-2022-46361 (An attacker having physical access to WDM can plug USB device to gain ...) + NOT-FOR-US: Honeywell +CVE-2022-43485 (Use of Insufficiently Random Values in Honeywell OneWireless. This vul ...) + NOT-FOR-US: Honeywell +CVE-2022-4245 (A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml. ...) + - plexus-utils2 3.0.24-1 + NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-461102 + NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/f933e5e78dc2637e485447ed821fe14904f110de (plexus-utils-3.0.24) + NOTE: https://github.com/codehaus-plexus/plexus-utils/issues/3 +CVE-2022-4244 (A flaw was found in codeplex-codehaus. A directory traversal attack (a ...) + - plexus-utils2 3.0.24-1 + NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521 + NOTE: https://github.com/codehaus-plexus/plexus-utils/issues/4 + NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef (plexus-utils-3.0.24) +CVE-2022-4243 (The ImageInject WordPress plugin through 1.17 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4242 (The WP Google Review Slider WordPress plugin before 11.6 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4241 + RESERVED +CVE-2022-4240 (Missing Authentication for Critical Function vulnerability in Honeywel ...) + NOT-FOR-US: Honeywell +CVE-2022-46359 (Potential vulnerabilities have been identified in HP Security Manager ...) + NOT-FOR-US: HP +CVE-2022-46358 (Potential vulnerabilities have been identified in HP Security Manager ...) + NOT-FOR-US: HP +CVE-2022-46357 (Potential vulnerabilities have been identified in HP Security Manager ...) + NOT-FOR-US: HP +CVE-2022-46356 (Potential vulnerabilities have been identified in HP Security Manager ...) + NOT-FOR-US: HP +CVE-2022-46355 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46354 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46353 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46352 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46351 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46350 (A vulnerability has been identified in SCALANCE X204RNA (HSR) (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-46349 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-46348 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-46347 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-46346 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-46345 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-4239 (The Workreap WordPress theme before 2.6.4 does not verify that an addo ...) + NOT-FOR-US: WordPress theme +CVE-2022-4238 + RESERVED +CVE-2022-4237 (The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4236 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4235 (RushBet version 2022.23.1-b490616d allows a remote attacker to steal c ...) + NOT-FOR-US: RushBet +CVE-2022-4234 (A vulnerability was found in SourceCodester Canteen Management System. ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4233 (A vulnerability has been found in SourceCodester Event Registration Sy ...) + NOT-FOR-US: SourceCodester Event Registration System +CVE-2022-4232 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Event Registration System +CVE-2022-4231 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Tribal Systems Zenario CMS +CVE-2022-4230 (The WP Statistics WordPress plugin before 13.2.9 does not escape a par ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4229 (A vulnerability classified as critical was found in SourceCodester Boo ...) + NOT-FOR-US: SourceCodester Book Store Management System +CVE-2022-4228 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Book Store Management System +CVE-2022-4227 (The Booster for WooCommerce WordPress plugin before 5.6.3, Booster Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4226 (The Simple Basic Contact Form WordPress plugin before 20221201 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4225 + RESERVED +CVE-2021-4242 (A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 a ...) + NOT-FOR-US: Sapido +CVE-2022-46344 (A vulnerability was found in X.Org. This security flaw occurs because ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8 +CVE-2022-46343 (A vulnerability was found in X.Org. This security flaw occurs because ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/842ca3ccef100ce010d1d8f5f6d6cc1915055900 +CVE-2022-46342 (A vulnerability was found in X.Org. This security flaw occurs because ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b79f32b57cc0c1186b2899bce7cf89f7b325161b +CVE-2022-46341 (A vulnerability was found in X.Org. This security flaw occurs because ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/51eb63b0ee1509c6c6b8922b0e4aa037faa6f78b +CVE-2022-46340 (A vulnerability was found in X.Org. This security flaw occurs becuase ...) + {DSA-5304-1 DLA-3256-1} + - xorg-server 2:21.1.5-1 (bug #1026071) + - xwayland 2:22.1.6-1 + NOTE: https://lists.x.org/archives/xorg-announce/2022-December/003302.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/b320ca0ffe4c0c872eeb3a93d9bde21f765c7c63 +CVE-2022-46339 + RESERVED +CVE-2022-4224 (In multiple products of CODESYS v3 in multiple versions a remote low p ...) + NOT-FOR-US: CODESYS +CVE-2022-4223 (The pgAdmin server includes an HTTP API that is intended to be used to ...) + - pgadmin4 (bug #834129) +CVE-2022-4222 (A vulnerability was found in SourceCodester Canteen Management System. ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4221 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Asus NAS-M25 +CVE-2022-4220 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4219 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4218 (The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4217 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4216 (The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4215 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4214 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4213 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4212 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4211 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4210 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4209 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-4208 (The Chained Quiz plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Chained Quiz plugin for WordPress +CVE-2022-41985 (An authentication bypass vulnerability exists in the Authentication fu ...) + NOT-FOR-US: uC-FTPs +CVE-2022-46337 (A cleverly devised username might bypass LDAP authentication checks. I ...) + - derby 10.14.2.0-3 (bug #1056755) + [bookworm] - derby (Minor issue) + [bullseye] - derby (Minor issue) + [buster] - derby (Minor issue) + NOTE: https://issues.apache.org/jira/browse/DERBY-7147 + NOTE: https://www.openwall.com/lists/oss-security/2023/11/19/3 +CVE-2022-46336 + REJECTED +CVE-2022-46335 + REJECTED +CVE-2022-46334 (Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability wh ...) + NOT-FOR-US: Proofpoint +CVE-2022-46333 (The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) ...) + NOT-FOR-US: Proofpoint +CVE-2022-46332 (The Admin Smart Search feature in Proofpoint Enterprise Protection (PP ...) + NOT-FOR-US: Proofpoint +CVE-2022-46328 (Some smartphones have the input validation vulnerability. Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-46327 (Some smartphones have configuration issues. Successful exploitation of ...) + NOT-FOR-US: Huawei +CVE-2022-46326 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-46325 (Some smartphones have the out-of-bounds write vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2022-46324 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-46323 (Some smartphones have the out-of-bounds write vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2022-46322 (Some smartphones have the out-of-bounds write vulnerability. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-46321 (The Wi-Fi module has a vulnerability in permission verification. Succe ...) + NOT-FOR-US: Huawei +CVE-2022-46320 (The kernel module has an out-of-bounds read vulnerability. Successful ...) + NOT-FOR-US: Huawei +CVE-2022-46319 (Fingerprint calibration has a vulnerability of lacking boundary judgme ...) + NOT-FOR-US: Huawei +CVE-2022-46318 (The HAware module has a function logic error. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-46317 (The power consumption module has an out-of-bounds read vulnerability. ...) + NOT-FOR-US: Huawei +CVE-2022-46316 (A thread security vulnerability exists in the authentication process. ...) + NOT-FOR-US: Huawei +CVE-2022-46315 (The ProfileSDK has defects introduced in the design process. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-46314 (The IPC module has defects introduced in the design process. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-46313 (The sensor privacy module has an authentication vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2022-46312 (The application management module has a vulnerability in permission ve ...) + NOT-FOR-US: Huawei +CVE-2022-46311 (The contacts component has a free (undefined) provider vulnerability. ...) + NOT-FOR-US: Huawei +CVE-2022-46310 (The TelephonyProvider module has a vulnerability in obtaining values.S ...) + NOT-FOR-US: Huawei +CVE-2022-46281 + RESERVED +CVE-2022-4207 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress +CVE-2022-4206 (A sensitive information leak issue has been discovered in all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4205 (In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4204 + RESERVED +CVE-2022-4203 (A read buffer overrun can be triggered in X.509 certificate verificati ...) + - openssl 3.0.8-1 + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20230207.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c927a3492698c254637da836762f9b1f86cffabc (openssl-3.0.8) +CVE-2022-4202 (A vulnerability, which was classified as problematic, was found in GPA ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2333 + NOTE: https://github.com/gpac/gpac/commit/b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908 +CVE-2021-46856 (The multi-screen collaboration module has a path traversal vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2022-46338 (g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, ...) + {DLA-3217-1} + - g810-led 0.4.2-3 (bug #1024998) + [bullseye] - g810-led 0.4.2-1+deb11u1 + NOTE: https://github.com/MatMoul/g810-led/pull/297 + NOTE: Fixed by: https://github.com/MatMoul/g810-led/commit/e2b486fd1bc21e0b784e1b4c959770772dfced24 (v0.4.3) +CVE-2022-46309 (Vitals ESP upload function has a path traversal vulnerability. A remot ...) + NOT-FOR-US: Vitals ESP +CVE-2022-46308 (SGUDA U-Lock central lock control service\u2019s user management funct ...) + NOT-FOR-US: SGUDA U-Lock central lock control service +CVE-2022-46307 (SGUDA U-Lock central lock control service\u2019s lock management funct ...) + NOT-FOR-US: SGUDA U-Lock central lock control service +CVE-2022-46306 (ChangingTec ServiSign component has a path traversal vulnerability due ...) + NOT-FOR-US: ChangingTec ServiSign +CVE-2022-46305 (ChangingTec ServiSign component has a path traversal vulnerability. An ...) + NOT-FOR-US: ChangingTec ServiSign +CVE-2022-46304 (ChangingTec ServiSign component has insufficient filtering for special ...) + NOT-FOR-US: ChangingTec ServiSign +CVE-2022-46295 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 +CVE-2022-46294 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 +CVE-2022-46293 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 +CVE-2022-46292 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 +CVE-2022-46291 (Multiple out-of-bounds write vulnerabilities exist in the translationV ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1666 +CVE-2022-46290 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 +CVE-2022-46289 (Multiple out-of-bounds write vulnerabilities exist in the ORCA format ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1665 +CVE-2022-46280 (A use of uninitialized pointer vulnerability exists in the PQS format ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1670 +CVE-2022-46278 + RESERVED +CVE-2022-46277 + RESERVED +CVE-2022-46276 + RESERVED +CVE-2022-46275 + RESERVED +CVE-2022-46274 + RESERVED +CVE-2022-46273 + RESERVED +CVE-2022-46272 + RESERVED +CVE-2022-46271 + RESERVED +CVE-2022-46270 + RESERVED +CVE-2022-46269 + RESERVED +CVE-2022-46268 + RESERVED +CVE-2022-46267 + RESERVED +CVE-2022-46266 + RESERVED +CVE-2022-45445 + RESERVED +CVE-2022-45346 + RESERVED +CVE-2022-45119 + REJECTED +CVE-2022-44615 + RESERVED +CVE-2022-44453 + RESERVED +CVE-2022-44451 (A use of uninitialized pointer vulnerability exists in the MSI format ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1669 +CVE-2022-43664 (A use-after-free vulnerability exists within the way Ichitaro Word Pro ...) + NOT-FOR-US: Ichitaro +CVE-2022-43663 (An integer conversion vulnerability exists in the SORBAx64.dll RecvPac ...) + NOT-FOR-US: WellinTech KingHistorian +CVE-2022-43503 + REJECTED +CVE-2022-43467 (An out-of-bounds write vulnerability exists in the PQS format coord_fi ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1671 +CVE-2022-42885 (A use of uninitialized pointer vulnerability exists in the GRO format ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1668 +CVE-2022-42489 + RESERVED +CVE-2022-4201 (A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4200 (The Login with Cognito WordPress plugin through 1.4.8 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4199 (The Link Library WordPress plugin before 7.4.1 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4198 (The WP Social Sharing WordPress plugin through 2.2 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4197 (The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4196 (The Multi Step Form WordPress plugin before 1.7.8 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4195 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4194 (Use after free in Accessibility in Google Chrome prior to 108.0.5359.7 ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4193 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4192 (Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4191 (Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allo ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4190 (Insufficient data validation in Directory in Google Chrome prior to 10 ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4189 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4188 (Insufficient validation of untrusted input in CORS in Google Chrome on ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4187 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4186 (Insufficient validation of untrusted input in Downloads in Google Chro ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4185 (Inappropriate implementation in Navigation in Google Chrome on iOS pri ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4184 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4183 (Insufficient policy enforcement in Popup Blocker in Google Chrome prio ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4182 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4181 (Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowe ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4180 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-41795 + RESERVED +CVE-2022-41793 (An out-of-bounds write vulnerability exists in the CSR format title fu ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1667 +CVE-2022-4179 (Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowe ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4178 (Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2372 +CVE-2022-4177 (Use after free in Extensions in Google Chrome prior to 108.0.5359.71 a ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4176 (Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS a ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4175 (Use after free in Camera Capture in Google Chrome prior to 108.0.5359. ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4174 (Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a ...) + {DSA-5293-1} + - chromium 108.0.5359.71-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4173 (A vulnerability within the malware removal functionality of Avast and ...) + NOT-FOR-US: Avast and AVG Antivirus +CVE-2022-4172 (An integer overflow and buffer overflow issues were found in the ACPI ...) + - qemu 1:7.2+dfsg-1 (bug #1025123) + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1268 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f7e26ffa590ff26b4c6a2c513ad9ba1e6156f5b8 (v7.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/defb70980f6bed36100b74e84220f1764c0dd544 (v7.2.0-rc0) + NOTE: https://lore.kernel.org/qemu-devel/20221024154233.1043347-1-lk@c--e.de/ +CVE-2022-40973 + RESERVED +CVE-2022-37331 (An out-of-bounds write vulnerability exists in the Gaussian format ori ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1672 +CVE-2022-46265 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) + NOT-FOR-US: Siemens +CVE-2022-46264 + RESERVED +CVE-2022-46263 + RESERVED +CVE-2022-46262 + RESERVED +CVE-2022-46261 + RESERVED +CVE-2022-46260 + RESERVED +CVE-2022-46259 + RESERVED +CVE-2022-46258 (An incorrect authorization vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-46257 (An information disclosure vulnerability was identified in GitHub Enter ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-46256 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-46255 (An improper limitation of a pathname to a restricted directory vulnera ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-46254 + RESERVED +CVE-2022-46253 + RESERVED +CVE-2022-46252 + RESERVED +CVE-2022-46251 + RESERVED +CVE-2022-46250 + RESERVED +CVE-2022-46249 + RESERVED +CVE-2022-46248 + RESERVED +CVE-2022-46247 + RESERVED +CVE-2022-46246 + RESERVED +CVE-2022-46245 + RESERVED +CVE-2022-46244 + REJECTED +CVE-2022-46243 + REJECTED +CVE-2022-46242 + REJECTED +CVE-2022-46241 + REJECTED +CVE-2022-46240 + REJECTED +CVE-2022-46239 + REJECTED +CVE-2022-46238 + REJECTED +CVE-2022-46237 + REJECTED +CVE-2022-46236 + REJECTED +CVE-2022-46235 + REJECTED +CVE-2022-46234 + REJECTED +CVE-2022-46233 + REJECTED +CVE-2022-46232 + REJECTED +CVE-2022-46231 + REJECTED +CVE-2022-46230 + REJECTED +CVE-2022-46229 + REJECTED +CVE-2022-46228 + REJECTED +CVE-2022-46227 + REJECTED +CVE-2022-46226 + REJECTED +CVE-2022-46225 + REJECTED +CVE-2022-46224 + REJECTED +CVE-2022-46223 + REJECTED +CVE-2022-46222 + REJECTED +CVE-2022-46221 + REJECTED +CVE-2022-46220 + REJECTED +CVE-2022-46219 + REJECTED +CVE-2022-46218 + REJECTED +CVE-2022-46217 + REJECTED +CVE-2022-46216 + REJECTED +CVE-2022-46215 + REJECTED +CVE-2022-46214 + REJECTED +CVE-2022-46213 + REJECTED +CVE-2022-46212 + REJECTED +CVE-2022-46211 + REJECTED +CVE-2022-46210 + REJECTED +CVE-2022-46209 + REJECTED +CVE-2022-46208 + REJECTED +CVE-2022-46207 + REJECTED +CVE-2022-46206 + REJECTED +CVE-2022-46205 + REJECTED +CVE-2022-46204 + REJECTED +CVE-2022-46203 + REJECTED +CVE-2022-46202 + REJECTED +CVE-2022-46201 + REJECTED +CVE-2022-46200 + REJECTED +CVE-2022-46199 + REJECTED +CVE-2022-46198 + REJECTED +CVE-2022-46197 + REJECTED +CVE-2022-46196 + REJECTED +CVE-2022-46195 + REJECTED +CVE-2022-46194 + REJECTED +CVE-2022-46193 + REJECTED +CVE-2022-46192 + REJECTED +CVE-2022-46191 + REJECTED +CVE-2022-46190 + REJECTED +CVE-2022-46189 + REJECTED +CVE-2022-46188 + REJECTED +CVE-2022-46187 + REJECTED +CVE-2022-46186 + REJECTED +CVE-2022-46185 + REJECTED +CVE-2022-46184 + REJECTED +CVE-2022-46183 + REJECTED +CVE-2022-46182 + REJECTED +CVE-2022-46181 (Gotify server is a simple server for sending and receiving messages in ...) + NOT-FOR-US: Gotify server +CVE-2022-46180 (Discourse Mermaid (discourse-mermaid-theme-component) allows users of ...) + NOT-FOR-US: Discourse +CVE-2022-46179 (LiuOS is a small Python project meant to imitate the functions of a re ...) + NOT-FOR-US: LiuOS +CVE-2022-46178 (MeterSphere is a one-stop open source continuous testing platform, cov ...) + NOT-FOR-US: MeterSphere +CVE-2022-46177 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2022-46176 (Cargo is a Rust package manager. The Rust Security Response WG was not ...) + - cargo 0.66.0+ds1-1 + [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue) + - rust-cargo 0.66.0-1 + [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/10/3 + NOTE: https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176 +CVE-2022-46175 (JSON5 is an extension to the popular JSON file format that aims to be ...) + {DLA-3665-1} + - node-json5 2.2.3+dfsg-1 (bug #1027145) + [bullseye] - node-json5 2.1.3-2+deb11u1 + NOTE: https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h + NOTE: https://github.com/json5/json5/issues/199 + NOTE: https://github.com/json5/json5/issues/295 + NOTE: Fixed by: https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972 (v1.0.2) + NOTE: Fixed by: https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8 (v2.2.2) +CVE-2022-46174 (efs-utils is a set of Utilities for Amazon Elastic File System (EFS). ...) + NOT-FOR-US: AWS efs-utils +CVE-2022-46173 (Elrond-GO is a go implementation for the Elrond Network protocol. Vers ...) + NOT-FOR-US: Elrond go +CVE-2022-46172 (authentik is an open-source Identity provider focused on flexibility a ...) + NOT-FOR-US: authentik +CVE-2022-46171 (Tauri is a framework for building binaries for all major desktop platf ...) + NOT-FOR-US: Tauri +CVE-2022-46170 (CodeIgniter is a PHP full-stack web framework. When an application use ...) + - codeigniter (bug #471583) +CVE-2022-46169 (Cacti is an open source platform which provides a robust and extensibl ...) + {DSA-5298-1 DLA-3252-1} + - cacti 1.2.22+ds1-3 (bug #1025648) + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/7f0e16312dd5ce20f93744ef8b9c3b0f1ece2216 + NOTE: Fixup for 1.2.x with PHP < 7.0: https://github.com/Cacti/cacti/commit/a8d59e8fa5f0054aa9c6981b1cbe30ef0e2a0ec9 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/b43f13ae7f1e6bfe4e8e56a80a7cd867cf2db52b + NOTE: https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf +CVE-2022-46168 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2022-46167 (Capsule is a multi-tenancy and policy-based framework for Kubernetes. ...) + NOT-FOR-US: Capsule +CVE-2022-46166 (Spring boot admins is an open source administrative user interface for ...) + NOT-FOR-US: Spring boot admins +CVE-2022-46165 (Syncthing is an open source, continuous file synchronization program. ...) + - syncthing (bug #1037432) + [bookworm] - syncthing (Minor issue) + [bullseye] - syncthing (Minor issue) + [buster] - syncthing (Minor issue) + NOTE: https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h + NOTE: https://github.com/syncthing/syncthing/commit/73c52eafb6566435dffd979c3c49562b6d5a4238 (v1.23.5) +CVE-2022-46164 (NodeBB is an open source Node.js based forum software. Due to a plain ...) + NOT-FOR-US: NodeBB +CVE-2022-46163 (Travel support program is a rails app to support the travel support pr ...) + NOT-FOR-US: Travel support program +CVE-2022-46162 (discourse-bbcode is the official BBCode plugin for Discourse. Prior to ...) + NOT-FOR-US: BBCode plugin for Discourse +CVE-2022-46161 (pdfmake is an open source client/server side PDF printing in pure Java ...) + NOT-FOR-US: pdfmake +CVE-2022-46160 (Tuleap is an Open Source Suite to improve management of software devel ...) + NOT-FOR-US: Tuleap +CVE-2022-46159 (Discourse is an open-source discussion platform. In version 2.8.13 and ...) + NOT-FOR-US: Discourse +CVE-2022-46158 (PrestaShop is an open-source e-commerce solution. Versions prior to 1. ...) + NOT-FOR-US: PrestaShop +CVE-2022-46157 (Akeneo PIM is an open source Product Information Management (PIM). Ake ...) + NOT-FOR-US: Akeneo PIM +CVE-2022-46156 (The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring appl ...) + NOT-FOR-US: Grafana Synthetic Monitoring +CVE-2022-46155 (Airtable.js is the JavaScript client for Airtable. Prior to version 0. ...) + NOT-FOR-US: Airtable.js +CVE-2022-46154 (Kodexplorer is a chinese language web based file manager and browser b ...) + NOT-FOR-US: Kodexplorer +CVE-2022-46153 (Traefik is an open source HTTP reverse proxy and load balancer. In aff ...) + - traefik (bug #983289) +CVE-2022-46152 (OP-TEE Trusted OS is the secure side implementation of OP-TEE project, ...) + NOT-FOR-US: OP-TEE +CVE-2022-46151 (Querybook is an open source data querying UI. In affected versions use ...) + NOT-FOR-US: Querybook +CVE-2022-46150 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) + NOT-FOR-US: Discourse +CVE-2022-46149 (Cap'n Proto is a data interchange format and remote procedure call (RP ...) + [experimental] - capnproto 0.9.2-1 + - capnproto 0.9.2-2 + [bullseye] - capnproto (Breaks API and requires rebuilds, possibly via point release) + [buster] - capnproto (Minor issue; breaks API) + - rust-capnp 0.14.11-1.1 (bug #1025821) + NOTE: https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx + NOTE: https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 + NOTE: https://github.com/capnproto/capnproto/blob/master/security-advisories/2022-11-30-0-pointer-list-bounds.md + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0068.html +CVE-2022-46148 (Discourse is an open-source messaging platform. In versions 2.8.10 and ...) + NOT-FOR-US: Discourse +CVE-2022-46147 (Drag and Drop XBlock v2 implements a drag-and-drop style problem, wher ...) + NOT-FOR-US: Drag and Drop XBlock +CVE-2022-46146 (Prometheus Exporter Toolkit is a utility package to build exporters. P ...) + - golang-github-prometheus-exporter-toolkit 0.8.2-1 (bug #1025127) + [bullseye] - golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2 + NOTE: https://www.openwall.com/lists/oss-security/2022/11/29/1 + NOTE: https://github.com/prometheus/exporter-toolkit/security/advisories/GHSA-7rg2-cxvp-9p7p + NOTE: https://github.com/prometheus/exporter-toolkit/commit/5b1eab34484ddd353986bce736cd119d863e4ff5 (v0.8.2) +CVE-2022-46145 (authentik is an open-source identity provider. Versions prior to 2022. ...) + NOT-FOR-US: authentik +CVE-2022-46144 (A vulnerability has been identified in SCALANCE SC622-2C (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-46143 (Affected devices do not check the TFTP blocksize correctly. This could ...) + NOT-FOR-US: Siemens +CVE-2022-46142 (Affected devices store the CLI user passwords encrypted in flash memor ...) + NOT-FOR-US: Siemens +CVE-2022-46141 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (Al ...) + NOT-FOR-US: Siemens +CVE-2022-46140 (Affected devices use a weak encryption scheme to encrypt the debug zip ...) + NOT-FOR-US: Siemens +CVE-2022-44620 (Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1 ...) + NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware +CVE-2022-44606 (OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...) + NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware +CVE-2022-43464 (Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 ...) + NOT-FOR-US: UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware +CVE-2022-4171 (The demon image annotation plugin for WordPress is vulnerable to impro ...) + NOT-FOR-US: demon image annotation plugin for WordPress +CVE-2022-4170 (The rxvt-unicode package is vulnerable to a remote code execution, in ...) + - rxvt-unicode 9.31-1 (bug #1025489) + [bookworm] - rxvt-unicode (Minor issue) + [bullseye] - rxvt-unicode (Vulnerable code introduced later) + [buster] - rxvt-unicode (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/12/05/1 + NOTE: http://cvs.schmorp.de/rxvt-unicode/src/perl/background?r1=1.105&r2=1.109 + NOTE: Not exploitable due to a bug since 9.30 upstream +CVE-2022-4169 (The Theme and plugin translation for Polylang is vulnerable to authori ...) + NOT-FOR-US: Polylang +CVE-2022-4168 + REJECTED +CVE-2022-4167 (Incorrect Authorization check affecting all versions of GitLab EE from ...) + - gitlab (Specific to EE) +CVE-2022-4166 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4165 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4164 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4163 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4162 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4161 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4160 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4159 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4158 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4157 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4156 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4155 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4154 (The Contest Gallery Pro WordPress plugin before 19.1.5 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4153 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4152 (The Contest Gallery WordPress plugin before 19.1.5, Contest Gallery Pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4151 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4150 (The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4149 (The Netskope client service (prior to R96) on Windows runs as NT AUTHO ...) + NOT-FOR-US: Netskope +CVE-2022-4148 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4147 (Quarkus CORS filter allows simple GET and POST requests with invalid O ...) + NOT-FOR-US: Quarkus +CVE-2022-46139 (TP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers ...) + NOT-FOR-US: TP-Link +CVE-2022-46138 + RESERVED +CVE-2022-46137 (AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: ob ...) + NOT-FOR-US: AeroCMS +CVE-2022-46136 + RESERVED +CVE-2022-46135 (In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at ...) + NOT-FOR-US: AeroCMS +CVE-2022-46134 + RESERVED +CVE-2022-46133 + RESERVED +CVE-2022-46132 + RESERVED +CVE-2022-46131 + RESERVED +CVE-2022-46130 + RESERVED +CVE-2022-46129 + RESERVED +CVE-2022-46128 (phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable ...) + NOT-FOR-US: phpgurukul Doctor Appointment Management System V +CVE-2022-46127 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46126 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46125 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46124 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46123 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46122 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46121 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46120 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46119 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46118 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46117 (Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hs ...) + NOT-FOR-US: Helmet Store Showroom Site +CVE-2022-46116 + RESERVED +CVE-2022-46115 + RESERVED +CVE-2022-46114 + RESERVED +CVE-2022-46113 + RESERVED +CVE-2022-46112 + RESERVED +CVE-2022-46111 + RESERVED +CVE-2022-46110 + RESERVED +CVE-2022-46109 (Tenda AC15 V15.03.06.23 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-46108 + RESERVED +CVE-2022-46107 + RESERVED +CVE-2022-46106 + RESERVED +CVE-2022-46105 + RESERVED +CVE-2022-46104 + RESERVED +CVE-2022-46103 + RESERVED +CVE-2022-46102 (AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/ad ...) + NOT-FOR-US: AyaCMS +CVE-2022-46101 (AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php fil ...) + NOT-FOR-US: AyaCMS +CVE-2022-46100 + RESERVED +CVE-2022-46099 + RESERVED +CVE-2022-46098 + RESERVED +CVE-2022-46097 + RESERVED +CVE-2022-46096 (A Cross site scripting (XSS) vulnerability in Sourcecodester Online Co ...) + NOT-FOR-US: Sourcecodester +CVE-2022-46095 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 was discov ...) + NOT-FOR-US: Sourcecodester +CVE-2022-46094 + RESERVED +CVE-2022-46093 (Hospital Management System v1.0 is vulnerable to SQL Injection. Attack ...) + NOT-FOR-US: Hospital Management System +CVE-2022-46092 + RESERVED +CVE-2022-46091 + RESERVED +CVE-2022-46090 + RESERVED +CVE-2022-46089 + RESERVED +CVE-2022-46088 + RESERVED +CVE-2022-46087 (CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A norm ...) + NOT-FOR-US: CloudSchool +CVE-2022-46086 + RESERVED +CVE-2022-46085 + RESERVED +CVE-2022-46084 + RESERVED +CVE-2022-46083 + RESERVED +CVE-2022-46082 + RESERVED +CVE-2022-46081 (In Garmin Connect 4.61, terminating a LiveTrack session wouldn't preve ...) + NOT-FOR-US: Garmin +CVE-2022-46080 (Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and comm ...) + NOT-FOR-US: Nexxt Nebula +CVE-2022-46079 + RESERVED +CVE-2022-46078 + RESERVED +CVE-2022-46077 + RESERVED +CVE-2022-46076 (D-Link DIR-869 DIR869Ax_FW102B15 is vulnerable to Authentication Bypas ...) + NOT-FOR-US: D-Link +CVE-2022-46075 + RESERVED +CVE-2022-46074 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Request Forgery ...) + NOT-FOR-US: Helmet Store Showroom +CVE-2022-46073 (Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Helmet Store Showroom +CVE-2022-46072 (Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection ...) + NOT-FOR-US: Helmet Store Showroom +CVE-2022-46071 (There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Log ...) + NOT-FOR-US: Helmet Store Showroom +CVE-2022-46070 + RESERVED +CVE-2022-46069 + RESERVED +CVE-2022-46068 + RESERVED +CVE-2022-46067 + RESERVED +CVE-2022-46066 + RESERVED +CVE-2022-46065 + RESERVED +CVE-2022-46064 + RESERVED +CVE-2022-46063 + RESERVED +CVE-2022-46062 (Gym Management System v0.0.1 is vulnerable to Cross Site Request Forge ...) + NOT-FOR-US: Gym Management System +CVE-2022-46061 (AeroCMS v0.0.1 is vulnerable to ClickJacking.) + NOT-FOR-US: AeroCMS +CVE-2022-46060 + RESERVED +CVE-2022-46059 (AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: AeroCMS +CVE-2022-46058 (AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: AeroCMS +CVE-2022-46057 + RESERVED +CVE-2022-46056 + RESERVED +CVE-2022-46055 + RESERVED +CVE-2022-46054 + RESERVED +CVE-2022-46053 + RESERVED +CVE-2022-46052 + RESERVED +CVE-2022-46051 (The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable ...) + NOT-FOR-US: AeroCMS +CVE-2022-46050 + RESERVED +CVE-2022-46049 + RESERVED +CVE-2022-46048 + RESERVED +CVE-2022-46047 (AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter ...) + NOT-FOR-US: AeroCMS +CVE-2022-46046 + RESERVED +CVE-2022-46045 + RESERVED +CVE-2022-46044 + RESERVED +CVE-2022-46043 + RESERVED +CVE-2022-46042 + RESERVED +CVE-2022-46041 + RESERVED +CVE-2022-46040 + RESERVED +CVE-2022-46039 + RESERVED +CVE-2022-46038 + RESERVED +CVE-2022-46037 + RESERVED +CVE-2022-46036 + RESERVED +CVE-2022-46035 + RESERVED +CVE-2022-46034 + RESERVED +CVE-2022-46033 + RESERVED +CVE-2022-46032 + RESERVED +CVE-2022-46031 + RESERVED +CVE-2022-46030 + RESERVED +CVE-2022-46029 + RESERVED +CVE-2022-46028 + RESERVED +CVE-2022-46027 + RESERVED +CVE-2022-46026 + RESERVED +CVE-2022-46025 + RESERVED +CVE-2022-46024 + RESERVED +CVE-2022-46023 + RESERVED +CVE-2022-46022 + RESERVED +CVE-2022-46021 (X-Man 1.0 has a SQL injection vulnerability, which can cause data leak ...) + NOT-FOR-US: X-Man +CVE-2022-46020 (WBCE CMS v1.5.4 can implement getshell by modifying the upload file ty ...) + NOT-FOR-US: WBCE CMS +CVE-2022-46019 + RESERVED +CVE-2022-46018 + RESERVED +CVE-2022-46017 + RESERVED +CVE-2022-46016 + RESERVED +CVE-2022-46015 + RESERVED +CVE-2022-46014 + RESERVED +CVE-2022-46013 + RESERVED +CVE-2022-46012 + RESERVED +CVE-2022-46011 + RESERVED +CVE-2022-46010 + RESERVED +CVE-2022-46009 + RESERVED +CVE-2022-46008 + RESERVED +CVE-2022-46007 + RESERVED +CVE-2022-46006 + RESERVED +CVE-2022-46005 + RESERVED +CVE-2022-46004 + RESERVED +CVE-2022-46003 + RESERVED +CVE-2022-46002 + RESERVED +CVE-2022-46001 + RESERVED +CVE-2022-46000 + RESERVED +CVE-2022-45999 + RESERVED +CVE-2022-45998 + RESERVED +CVE-2022-45997 (Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.) + NOT-FOR-US: Tenda +CVE-2022-45996 (Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd ...) + NOT-FOR-US: Tenda +CVE-2022-45995 (There is an unauthorized buffer overflow vulnerability in Tenda AX12 v ...) + NOT-FOR-US: Tenda +CVE-2022-45994 + RESERVED +CVE-2022-45993 + RESERVED +CVE-2022-45992 + RESERVED +CVE-2022-45991 + RESERVED +CVE-2022-45990 (A cross-site scripting (XSS) vulnerability in the component /signup_sc ...) + NOT-FOR-US: Ecommerce-Website +CVE-2022-45989 + RESERVED +CVE-2022-45988 (starsoftcomm CooCare 5.304 allows local attackers to escalate privileg ...) + NOT-FOR-US: starsoftcomm CooCare +CVE-2022-45987 + RESERVED +CVE-2022-45986 + RESERVED +CVE-2022-45985 + RESERVED +CVE-2022-45984 + RESERVED +CVE-2022-45983 + RESERVED +CVE-2022-45982 (thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulne ...) + NOT-FOR-US: ThinkPHP +CVE-2022-45981 + RESERVED +CVE-2022-45980 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) + NOT-FOR-US: Tenda +CVE-2022-45979 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45978 + RESERVED +CVE-2022-45977 (Tenda AX12 V22.03.01.21_CN was found to have a command injection vulne ...) + NOT-FOR-US: Tenda +CVE-2022-45976 + RESERVED +CVE-2022-45975 + RESERVED +CVE-2022-45974 + RESERVED +CVE-2022-45973 + RESERVED +CVE-2022-45972 + RESERVED +CVE-2022-45971 + RESERVED +CVE-2022-45970 (Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulle ...) + NOT-FOR-US: Alist +CVE-2022-45969 (Alist v3.4.0 is vulnerable to Directory Traversal,) + NOT-FOR-US: Alist +CVE-2022-45968 (Alist v3.4.0 is vulnerable to File Upload. A user with only file uploa ...) + NOT-FOR-US: Alist +CVE-2022-45967 + RESERVED +CVE-2022-45966 (here is an arbitrary file upload vulnerability in the file management ...) + NOT-FOR-US: Classcms +CVE-2022-45965 + RESERVED +CVE-2022-45964 + RESERVED +CVE-2022-45963 (h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.) + NOT-FOR-US: h3c firewall +CVE-2022-45962 (Open Solutions for Education, Inc openSIS Community Edition v8.0 and e ...) + NOT-FOR-US: OpenSIS +CVE-2022-45961 + RESERVED +CVE-2022-45960 + RESERVED +CVE-2022-45959 + RESERVED +CVE-2022-45958 + RESERVED +CVE-2022-45957 (ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 ...) + NOT-FOR-US: ZTE +CVE-2022-45956 (Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the c ...) + - boa +CVE-2022-45955 + RESERVED +CVE-2022-45954 + RESERVED +CVE-2022-45953 + RESERVED +CVE-2022-45952 + RESERVED +CVE-2022-45951 + RESERVED +CVE-2022-45950 + RESERVED +CVE-2022-45949 + RESERVED +CVE-2022-45948 + RESERVED +CVE-2022-45947 + RESERVED +CVE-2022-45946 + RESERVED +CVE-2022-45945 + RESERVED +CVE-2022-45944 + RESERVED +CVE-2022-45943 + RESERVED +CVE-2022-45942 (A Remote Code Execution (RCE) vulnerability was found in includes/baij ...) + NOT-FOR-US: baijiacms +CVE-2022-45941 + RESERVED +CVE-2022-45940 + RESERVED +CVE-2022-45939 (GNU Emacs through 28.2 allows attackers to execute commands via shell ...) + {DSA-5314-1 DLA-3257-1} + - emacs 1:28.2+1-8 (bug #1025009) + - xemacs21 21.4.24-11 + [bullseye] - xemacs21 (Minor issue) + [buster] - xemacs21 (Minor issue) + NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d48bb4874bc6cd3e69c7a15fc3c91cc141025c51 +CVE-2022-45938 (An issue was discovered in Comcast Defined Technologies microeisbss th ...) + NOT-FOR-US: Comcast Defined Technologies microeisbss +CVE-2022-45937 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...) + NOT-FOR-US: Siemens +CVE-2022-45936 (A vulnerability has been identified in Mendix Email Connector (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-4146 (Expression Language Injection vulnerability in Hitachi Replication Man ...) + NOT-FOR-US: Hitachi +CVE-2022-45935 (Usage of temporary files with insecure permissions by the Apache James ...) + NOT-FOR-US: Apache James +CVE-2022-45934 (An issue was discovered in the Linux kernel through 6.0.10. l2cap_conf ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.4-1 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d +CVE-2022-45933 (KubeView through 0.1.31 allows attackers to obtain control of a Kubern ...) + NOT-FOR-US: KubeView +CVE-2022-45932 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + NOT-FOR-US: OpenDaylight +CVE-2022-45931 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + NOT-FOR-US: OpenDaylight +CVE-2022-45930 (A SQL injection issue was discovered in AAA in OpenDaylight (ODL) befo ...) + NOT-FOR-US: OpenDaylight +CVE-2022-45929 + RESERVED +CVE-2022-45928 (A remote OScript execution issue was discovered in OpenText Content Su ...) + NOT-FOR-US: OpenText +CVE-2022-45927 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45926 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45925 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45924 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45923 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45922 (An issue was discovered in OpenText Content Suite Platform 22.1 (16.2. ...) + NOT-FOR-US: OpenText +CVE-2022-45921 (FusionAuth before 1.41.3 allows a file outside of the application root ...) + NOT-FOR-US: FusionAuth +CVE-2022-45920 (In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitored ...) + NOT-FOR-US: Softing uaToolkit Embedded +CVE-2022-45919 (An issue was discovered in the Linux kernel through 6.0.10. In drivers ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + [buster] - linux 4.19.289-1 + NOTE: https://lore.kernel.org/linux-media/20221121063308.GA33821%40ubuntu/T/#u + NOTE: Negligible security impact, would need physical access to "exploit" + NOTE: https://git.kernel.org/linus/280a8ab81733da8bc442253c700a52c4c0886ffd +CVE-2022-45918 (ILIAS before 7.16 allows External Control of File Name or Path.) + - ilias (bug #195688) +CVE-2022-45917 (ILIAS before 7.16 has an Open Redirect.) + - ilias (bug #195688) +CVE-2022-45916 (ILIAS before 7.16 allows XSS.) + - ilias (bug #195688) +CVE-2022-45915 (ILIAS before 7.16 allows OS Command Injection.) + - ilias (bug #195688) +CVE-2022-45914 (The ESL (Electronic Shelf Label) protocol, as implemented by (for exam ...) + NOT-FOR-US: ESL (Electronic Shelf Label) protocol +CVE-2022-45913 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) + NOT-FOR-US: Zimbra +CVE-2022-45912 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...) + NOT-FOR-US: Zimbra +CVE-2022-45911 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) + NOT-FOR-US: Zimbra +CVE-2022-4145 (A content spoofing flaw was found in OpenShift's OAuth endpoint. This ...) + NOT-FOR-US: OpenShift +CVE-2022-45910 (Improper neutralization of special elements used in an LDAP query ('LD ...) + NOT-FOR-US: Apache ManifoldCF +CVE-2022-45909 (drachtio-server before 0.8.19 has a heap-based buffer over-read via a ...) + NOT-FOR-US: drachtio-server +CVE-2022-45908 (In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vuln ...) + NOT-FOR-US: PaddlePaddle +CVE-2022-45907 (In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line c ...) + - pytorch 1.13.1+dfsg-1 (bug #1024903) + [bullseye] - pytorch (Minor issue) + NOTE: https://github.com/pytorch/pytorch/commit/767f6aa49fe20a2766b9843d01e3b7f7793df6a3 + NOTE: https://github.com/pytorch/pytorch/commit/74a9ca993bd79f8131829e9c946657fa9a1d05ef (v1.13.1) + NOTE: https://github.com/pytorch/pytorch/issues/88868 +CVE-2022-45906 + RESERVED +CVE-2022-45905 + RESERVED +CVE-2022-45904 + RESERVED +CVE-2022-45903 + RESERVED +CVE-2022-45902 + RESERVED +CVE-2022-45901 + RESERVED +CVE-2022-45900 + RESERVED +CVE-2022-45899 + RESERVED +CVE-2022-45898 + RESERVED +CVE-2022-4144 (An out-of-bounds read flaw was found in the QXL display device emulati ...) + - qemu 1:7.2+dfsg-1 + [bullseye] - qemu (Minor issue) + [buster] - qemu (Minor issue, DoS) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2148506 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg04143.html + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1336 + NOTE: Pre-requisite 1: https://gitlab.com/qemu-project/qemu/-/commit/61c34fc194b776ecadc39fb26b061331107e5599 (v7.2.0-rc3) + NOTE: Pre-requisite 2: https://gitlab.com/qemu-project/qemu/-/commit/8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f (v7.2.0-rc3) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622 (v7.2.0-rc3) +CVE-2022-4143 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4142 (The WordPress Filter Gallery Plugin WordPress plugin before 0.1.6 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4141 (Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing a ...) + {DLA-3453-1} + - vim 2:9.0.1000-1 (bug #1027146) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/20ece512-c600-45ac-8a84-d0931e05541f + NOTE: https://github.com/vim/vim/commit/cc762a48d42b579fb7bdec2c614636b830342dd5 (v9.0.0947) +CVE-2022-4140 (The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4139 (An incorrect TLB flush issue was found in the Linux kernel\u2019s GPU ...) + {DLA-3244-1} + - linux 6.0.10-2 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Vulnerable code not present, only affects gen12 video and compute engines) + NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/1 + NOTE: https://git.kernel.org/linus/04aa64375f48a5d430b5550d9271f8428883e550 +CVE-2022-45897 (On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attac ...) + NOT-FOR-US: Xerox +CVE-2022-45896 (Planet eStream before 6.72.10.07 allows unauthenticated upload of arbi ...) + NOT-FOR-US: Planet eStream +CVE-2022-45895 (Planet eStream before 6.72.10.07 discloses sensitive information, rela ...) + NOT-FOR-US: Planet eStream +CVE-2022-45894 (GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory ...) + NOT-FOR-US: Planet eStream +CVE-2022-45893 (Planet eStream before 6.72.10.07 allows a low-privileged user to gain ...) + NOT-FOR-US: Planet eStream +CVE-2022-45892 (In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Script ...) + NOT-FOR-US: Planet eStream +CVE-2022-45891 (Planet eStream before 6.72.10.07 allows attackers to call restricted f ...) + NOT-FOR-US: Planet eStream +CVE-2022-45890 (In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting ...) + NOT-FOR-US: Planet eStream +CVE-2022-45889 (Planet eStream before 6.72.10.07 allows a remote attacker (who is a pu ...) + NOT-FOR-US: Planet eStream +CVE-2022-45888 (An issue was discovered in the Linux kernel through 6.0.9. drivers/cha ...) + - linux 6.3.7-1 (unimportant) + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/all/20221022175404.GA375335@ubuntu/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-45887 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + [buster] - linux 4.19.289-1 + NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/ + NOTE: Negligible security impact, would need physical access to "exploit" + NOTE: https://git.kernel.org/linus/517a281338322ff8293f988771c98aaa7205e457 +CVE-2022-45886 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) + - linux 6.3.7-1 (unimportant) + [bookworm] - linux 6.1.37-1 + [bullseye] - linux 5.10.191-1 + [buster] - linux 4.19.289-1 + NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/ + NOTE: Negligible security impact, would need physical access to "exploit" + NOTE: https://git.kernel.org/linus/4172385b0c9ac366dcab78eda48c26814b87ed1a +CVE-2022-45885 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-45884 (An issue was discovered in the Linux kernel through 6.0.9. drivers/med ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-45883 + REJECTED +CVE-2022-45877 (OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code i ...) + NOT-FOR-US: OpenHarmony +CVE-2022-45875 (Improper validation of script alert plugin parameters in Apache Dolphi ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-45874 (Huawei Aslan Children's Watch has an improper authorization vulnerabil ...) + NOT-FOR-US: Huawei +CVE-2022-45126 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) + NOT-FOR-US: OpenHarmony +CVE-2022-45118 (OpenHarmony-v3.1.2 and prior versions had a vulnerability that telepho ...) + NOT-FOR-US: OpenHarmony +CVE-2022-44455 (The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prio ...) + NOT-FOR-US: OpenHarmony +CVE-2022-43662 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) + NOT-FOR-US: OpenHarmony +CVE-2022-41802 (Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kerne ...) + NOT-FOR-US: OpenHarmony +CVE-2022-4138 (A Cross Site Request Forgery issue has been discovered in GitLab CE/EE ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4137 (A reflected cross-site scripting (XSS) vulnerability was found in the ...) + NOT-FOR-US: Keycloak +CVE-2022-45873 (systemd 250 and 251 allows local users to achieve a systemd-coredump d ...) + - systemd 252-1 + [bullseye] - systemd (Vulnerable code introduced later) + [buster] - systemd (Vulnerable code introduced later) + NOTE: https://github.com/systemd/systemd/pull/25055#issuecomment-1313733553 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/076b807be472630692c5348c60d0c2b7b28ad437 (v252-rc3) + NOTE: Introduced by: https://github.com/systemd/systemd/commit/61aea456c12c54f49c4a76259af130e576130ce9 (v250-rc1) +CVE-2022-45872 (iTerm2 before 3.4.18 mishandles a DECRQSS response.) + NOT-FOR-US: iTerm2 +CVE-2022-45871 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...) + NOT-FOR-US: WithSecure +CVE-2022-45870 + RESERVED +CVE-2022-45869 (A race condition in the x86 KVM subsystem in the Linux kernel through ...) + - linux 6.0.12-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/47b0c2e4c220f2251fd8dcfbb44479819c715e15 (6.1-rc7) +CVE-2022-45868 (The web-based admin console in H2 Database Engine through 2.1.214 can ...) + - h2database (unimportant) + NOTE: Not cosidered a vulnerability of H2 Console by vendor. Passwords should never be + NOTE: passed on the command line. +CVE-2022-45867 (MyBB before 1.8.33 allows Directory Traversal. The Admin CP Languages ...) + NOT-FOR-US: MyBB +CVE-2022-45866 (qpress before PierreLvx/qpress 20220819 and before version 11.3, as us ...) + NOT-FOR-US: qpress +CVE-2022-4136 (Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4 ...) + NOT-FOR-US: leadshop +CVE-2022-4135 (Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 a ...) + {DSA-5289-1} + - chromium 107.0.5304.121-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4134 (A flaw was found in openstack-glance. This issue could allow a remote, ...) + NOTE: There's no code fix, just an update on best practices + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147462 + NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0090 + NOTE: https://bugs.launchpad.net/ossn/+bug/1990157 +CVE-2022-4133 + REJECTED +CVE-2022-4132 (A flaw was found in JSS. A memory leak in JSS requires non-standard co ...) + - jss (bug #1052575) + [bookworm] - jss (Minor issue) + [bullseye] - jss (Minor issue) + [buster] - jss (The vulnerable code was introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2147372 + NOTE: Triggered by: https://github.com/dogtagpki/jss/pull/928 + NOTE: Upstream PR: https://github.com/dogtagpki/jss/pull/970 + NOTE: https://github.com/dogtagpki/jss/commit/bc8e2e6a37922cd15ef39e7e9c194b0dcbea8aa6 (v5.5.0-alpha2) +CVE-2021-46855 + RESERVED +CVE-2022-45865 + RESERVED +CVE-2022-45864 + RESERVED +CVE-2022-45863 + RESERVED +CVE-2022-45862 + RESERVED +CVE-2022-45861 (An access of uninitialized pointer vulnerability [CWE-824] in the SSL ...) + NOT-FOR-US: Fortinet +CVE-2022-45860 (A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7 ...) + NOT-FOR-US: FortiGuard +CVE-2022-45859 (An insufficiently protected credentials vulnerability [CWE-522] in For ...) + NOT-FOR-US: FortiGuard +CVE-2022-45858 (A use of a weak cryptographic algorithm vulnerability [CWE-327] in For ...) + NOT-FOR-US: FortiGuard +CVE-2022-45857 (An incorrect user management vulnerability [CWE-286] in the FortiManag ...) + NOT-FOR-US: Fortinet +CVE-2022-45856 + RESERVED +CVE-2022-45855 (SpringEL injection in the metrics source in Apache Ambari version 2.7. ...) + NOT-FOR-US: Apache Ambari +CVE-2022-45854 (An improper check for unusual conditions in Zyxel NWA110AX firmware ve ...) + NOT-FOR-US: Zyxel +CVE-2022-45853 (The privilege escalation vulnerability in the Zyxel GS1900-8 firmware ...) + NOT-FOR-US: Zyxel +CVE-2022-45852 + RESERVED +CVE-2022-45851 + RESERVED +CVE-2022-45850 + RESERVED +CVE-2022-45849 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45848 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability inContest Gall ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45847 + RESERVED +CVE-2022-45846 (Cross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45845 + RESERVED +CVE-2022-45844 + RESERVED +CVE-2022-45843 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Next ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45842 (Unauth. Race Condition vulnerability inWP ULike Plugin <= 4.6.4 onWord ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45841 + RESERVED +CVE-2022-45840 + RESERVED +CVE-2022-45839 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45838 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute Info ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45837 (Reflected Cross-Site Scripting (XSS) vulnerability in Denis \u5fae\u4f ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45836 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45835 (Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Pa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45834 + RESERVED +CVE-2022-45833 (Auth. Path Traversal vulnerability in Easy WP SMTP plugin <= 1.5.1 on ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45832 + RESERVED +CVE-2022-45831 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob01 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45830 + RESERVED +CVE-2022-45829 (Auth. Path Traversal vulnerability inEasy WP SMTP plugin <= 1.5.1 atWo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45828 (Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timeta ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gall ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45826 + RESERVED +CVE-2022-45825 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45824 (Cross-Site Request Forgery (CSRF) vulnerability inAdvanced Booking Cal ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45823 (Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Vide ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45822 (Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calenda ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45821 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45820 (SQL Injection (SQLi) vulnerability inLearnPress \u2013 WordPress LMS P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45819 + RESERVED +CVE-2022-45818 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45817 (Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45816 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inGD bbPress Att ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45815 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45814 (Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen W ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45813 + RESERVED +CVE-2022-45812 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45811 + RESERVED +CVE-2022-45810 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45809 (Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ric ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45808 (SQL Injection vulnerability inLearnPress \u2013 WordPress LMS Plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45807 (Cross-Site Request Forgery (CSRF) inWPVibes WP Mail Log plugin <= 1.0. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45806 + RESERVED +CVE-2022-45805 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45804 (Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gall ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45803 + RESERVED +CVE-2022-45802 (Streampark allows any users to upload a jar as application, but there ...) + NOT-FOR-US: Apache StreamPark +CVE-2022-45801 (Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. ...) + NOT-FOR-US: Apache StreamPark +CVE-2022-4131 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4130 (A blind site-to-site request forgery vulnerability was found in Satell ...) + NOT-FOR-US: Red Hat Satellite server +CVE-2022-4129 (A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2T ...) + {DLA-3404-1} + - linux 6.1.4-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://lore.kernel.org/all/20221114191619.124659-1-jakub@cloudflare.com/t + NOTE: https://git.kernel.org/linus/b68777d54fac21fc833ec26ea1a2a84f975ab035 (6.1-rc6) + NOTE: https://git.kernel.org/linus/af295e854a4e3813ffbdef26dbb6a4d6226c3ea1 (6.1-rc7) +CVE-2022-4128 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) + - linux 5.18.14-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/5c835bb142d4013c2ab24bff5ae9f6709a39cbcf (5.19-rc7) +CVE-2022-4127 (A NULL pointer dereference issue was discovered in the Linux kernel in ...) + - linux (Vulnerable code only in 5.19-rcX versions) + NOTE: https://git.kernel.org/linus/d785a773bed966a75ca1f11d108ae1897189975b (5.19-rc6) +CVE-2022-4126 (Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, ...) + NOT-FOR-US: ABB RCCMD +CVE-2022-4125 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4124 (The Popup Manager WordPress plugin through 1.6.6 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45800 + RESERVED +CVE-2022-45799 + RESERVED +CVE-2022-45798 (A link following vulnerability in the Damage Cleanup Engine component ...) + NOT-FOR-US: Trend Micro +CVE-2022-4123 (A flaw was found in Buildah. The local path and the lowest subdirector ...) + - golang-github-containers-buildah (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144989 + NOTE: Negligible security impact +CVE-2022-4122 (A vulnerability was found in buildah. Incorrect following of symlinks ...) + - golang-github-containers-buildah (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2144983 + NOTE: Negligible security impact +CVE-2021-46854 (mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS ...) + - proftpd-dfsg 1.3.7c+dfsg-1 (bug #993173) + [bullseye] - proftpd-dfsg 1.3.7a+dfsg-12+deb11u1 + [buster] - proftpd-dfsg 1.3.6-4+deb10u6 + NOTE: https://github.com/proftpd/proftpd/issues/1284 + NOTE: https://github.com/proftpd/proftpd/pull/1285 + NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 (v1.3.8rc2) + NOTE: Fixed by: https://github.com/proftpd/proftpd/commit/e7c0b6e78a81fa97ec41ea6332e5e11b864089b8 (v1.3.7c) +CVE-2022-45797 (An arbitrary file deletion vulnerability in the Damage Cleanup Engine ...) + NOT-FOR-US: Trend Micro +CVE-2022-45796 (Command injection vulnerability in nw_interface.html in SHARP multifun ...) + NOT-FOR-US: SHARP +CVE-2022-45795 + RESERVED +CVE-2022-45794 + RESERVED +CVE-2022-45793 + RESERVED +CVE-2022-45792 + RESERVED +CVE-2022-45791 + RESERVED +CVE-2022-45790 + RESERVED +CVE-2022-45789 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...) + NOT-FOR-US: Schneider Electric +CVE-2022-45788 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2022-45787 (Unproper laxist permissions on the temporary files used by MIME4J Temp ...) + NOT-FOR-US: Apache James +CVE-2022-45786 (There are issues with the AGE drivers for Golang and Python that enabl ...) + NOT-FOR-US: Apache AGE +CVE-2022-4121 (In libetpan a null pointer dereference in mailimap_mailbox_data_status ...) + {DLA-3261-1} + - libetpan 1.9.4-3.1 (bug #1025120) + [bullseye] - libetpan (Minor issue) + NOTE: https://github.com/dinhvh/libetpan/issues/420 + NOTE: https://github.com/dinhvh/libetpan/commit/5c9eb6b6ba64c4eb927d7a902317410181aacbba +CVE-2022-4120 (The Stop Spammers Security | Block Spam Users, Comments, Forms WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4119 (The Image Optimizer, Resizer and CDN WordPress plugin before 6.8.1 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4118 (The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor st ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4117 (The IWS WordPress plugin through 1.0 does not properly escape a parame ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4116 (A vulnerability was found in quarkus. This security flaw happens in De ...) + NOT-FOR-US: Quarkus +CVE-2022-4115 (The Editorial Calendar WordPress plugin before 3.8.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-XXXX [rust-atty: Potential unaligned read] + - rust-atty (Windows-specific) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0145.html +CVE-2022-45785 + RESERVED +CVE-2022-45784 + RESERVED +CVE-2022-45783 (An issue was discovered in dotCMS core 4.x through 22.10.2. An authent ...) + NOT-FOR-US: dotCMS +CVE-2022-45782 (An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21 ...) + NOT-FOR-US: dotCMS +CVE-2022-4114 (The Superio WordPress theme does not sanitise and escape some paramete ...) + NOT-FOR-US: WordPress theme +CVE-2022-4113 + RESERVED +CVE-2022-4112 (The Quizlord WordPress plugin through 2.0 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4111 (Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 ...) + NOT-FOR-US: ToolJet +CVE-2022-4110 (The Eventify\u2122 WordPress plugin through 2.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4109 (The Wholesale Market for WooCommerce WordPress plugin before 2.0.0 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4108 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4107 (The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4106 (The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45781 (Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlie ...) + NOT-FOR-US: Tenda +CVE-2022-45780 + RESERVED +CVE-2022-45779 + RESERVED +CVE-2022-45778 (https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 ...) + NOT-FOR-US: Hillstone Firewall SG-6000 +CVE-2022-45777 + RESERVED +CVE-2022-45776 + RESERVED +CVE-2022-45775 + RESERVED +CVE-2022-45774 + RESERVED +CVE-2022-45773 + RESERVED +CVE-2022-45772 + RESERVED +CVE-2022-45771 (An issue in the /api/audits component of Pwndoc v0.5.3 allows attacker ...) + NOT-FOR-US: Pwndoc +CVE-2022-45770 (Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windo ...) + NOT-FOR-US: Adguard +CVE-2022-45769 (A cross-site scripting (XSS) vulnerability in ClicShopping_V3 v3.402 a ...) + NOT-FOR-US: ClicShopping_V3 +CVE-2022-45768 (Command Injection vulnerability in Edimax Technology Co., Ltd. Wireles ...) + NOT-FOR-US: Edimax +CVE-2022-45767 + RESERVED +CVE-2022-45766 (Hardcoded credentials in Global Facilities Management Software (GFMS) ...) + NOT-FOR-US: Global Facilities Management Software (GFMS) +CVE-2022-45765 + RESERVED +CVE-2022-45764 + RESERVED +CVE-2022-45763 + RESERVED +CVE-2022-45762 + RESERVED +CVE-2022-45761 + RESERVED +CVE-2022-45760 (SENS v1.0 is vulnerable to Incorrect Access Control vulnerability.) + NOT-FOR-US: SENS +CVE-2022-45759 (SENS v1.0 has a file upload vulnerability.) + NOT-FOR-US: SENS +CVE-2022-45758 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS) via com.liuyanzh ...) + NOT-FOR-US: SENS +CVE-2022-45757 + RESERVED +CVE-2022-45756 (SENS v1.0 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: SENS +CVE-2022-45755 (Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows atta ...) + NOT-FOR-US: EyouCMS +CVE-2022-45754 + RESERVED +CVE-2022-45753 + RESERVED +CVE-2022-45752 + RESERVED +CVE-2022-45751 + RESERVED +CVE-2022-45750 + RESERVED +CVE-2022-45749 + RESERVED +CVE-2022-45748 (An issue was discovered with assimp 5.1.4, a use after free occurred i ...) + - assimp (bug #1029833) + [bookworm] - assimp (Minor issue) + [bullseye] - assimp (Minor issue) + [buster] - assimp (Minor issue) + NOTE: https://github.com/assimp/assimp/issues/4286 +CVE-2022-45747 + RESERVED +CVE-2022-45746 + RESERVED +CVE-2022-45745 + RESERVED +CVE-2022-45744 + RESERVED +CVE-2022-45743 + RESERVED +CVE-2022-45742 + RESERVED +CVE-2022-45741 + RESERVED +CVE-2022-45740 + RESERVED +CVE-2022-45739 + RESERVED +CVE-2022-45738 + RESERVED +CVE-2022-45737 + RESERVED +CVE-2022-45736 + RESERVED +CVE-2022-45735 + RESERVED +CVE-2022-45734 + RESERVED +CVE-2022-45733 + RESERVED +CVE-2022-45732 + RESERVED +CVE-2022-45731 + RESERVED +CVE-2022-45730 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) + NOT-FOR-US: Doctor Appointment Management System +CVE-2022-45729 (A cross-site scripting (XSS) vulnerability in Doctor Appointment Manag ...) + NOT-FOR-US: Doctor Appointment Management System +CVE-2022-45728 (Doctor Appointment Management System v1.0.0 was discovered to contain ...) + NOT-FOR-US: Doctor Appointment Management System +CVE-2022-45727 + RESERVED +CVE-2022-45726 + RESERVED +CVE-2022-45725 (Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a ...) + NOT-FOR-US: Comfast +CVE-2022-45724 (Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a ...) + NOT-FOR-US: Comfast +CVE-2022-45723 + RESERVED +CVE-2022-45722 (ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: ezEIP +CVE-2022-45721 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45720 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45719 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45718 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45717 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45716 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45715 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45714 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45713 + RESERVED +CVE-2022-45712 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45711 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a command inje ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45710 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffe ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45709 (IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple comma ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45708 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45707 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45706 (IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overf ...) + NOT-FOR-US: IP-COM M50 +CVE-2022-45705 + RESERVED +CVE-2022-45704 + RESERVED +CVE-2022-45703 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29799 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69bfd1759db41c8d369f9dcc98a135c5a5d97299 + NOTE: binutils not covered by security support +CVE-2022-45702 + RESERVED +CVE-2022-45701 (Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution ...) + NOT-FOR-US: Arris TG2482A firmware +CVE-2022-45700 + RESERVED +CVE-2022-45699 (Command injection in the administration interface in APSystems ECU-R v ...) + NOT-FOR-US: APSystems +CVE-2022-45698 + RESERVED +CVE-2022-45697 (Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 ...) + NOT-FOR-US: Razer Central +CVE-2022-45696 + RESERVED +CVE-2022-45695 + RESERVED +CVE-2022-45694 + RESERVED +CVE-2022-45693 (Jettison before v1.5.2 was discovered to contain a stack overflow via ...) + {DSA-5312-1 DLA-3259-1} + - libjettison-java 1.5.3-1 + NOTE: https://github.com/jettison-json/jettison/issues/52 +CVE-2022-45692 + RESERVED +CVE-2022-45691 + RESERVED +CVE-2022-45690 (A stack overflow in the org.json.JSONTokener.nextValue::JSONTokener.ja ...) + NOT-FOR-US: hutool-json +CVE-2022-45689 (hutool-json v5.8.10 was discovered to contain an out of memory error.) + NOT-FOR-US: hutool-json +CVE-2022-45688 (A stack overflow in the XML.toJSONObject component of hutool-json v5.8 ...) + NOT-FOR-US: hutool-json +CVE-2022-45687 + RESERVED +CVE-2022-45686 + RESERVED +CVE-2022-45685 (A stack overflow in Jettison before v1.5.2 allows attackers to cause a ...) + {DSA-5312-1 DLA-3259-1} + - libjettison-java 1.5.3-1 + NOTE: https://github.com/jettison-json/jettison/issues/54 +CVE-2022-45684 + RESERVED +CVE-2022-45683 + RESERVED +CVE-2022-45682 + RESERVED +CVE-2022-45681 + RESERVED +CVE-2022-45680 + RESERVED +CVE-2022-45679 + RESERVED +CVE-2022-45678 + RESERVED +CVE-2022-45677 (SQL Injection Vulnerability in tanujpatra228 Tution Management System ...) + NOT-FOR-US: tanujpatra228 Tution Management System (TMS) +CVE-2022-45676 + RESERVED +CVE-2022-45675 + RESERVED +CVE-2022-45674 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + NOT-FOR-US: Tenda +CVE-2022-45673 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Cross Site Request Forgery ...) + NOT-FOR-US: Tenda +CVE-2022-45672 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45671 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45670 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45669 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45668 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + NOT-FOR-US: Tenda +CVE-2022-45667 (Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery ( ...) + NOT-FOR-US: Tenda +CVE-2022-45666 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45665 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45664 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45663 (Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45662 + RESERVED +CVE-2022-45661 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45660 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45659 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45658 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45657 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45656 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45655 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45654 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45653 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45652 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45651 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45650 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45649 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45648 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45647 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45646 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45645 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45644 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45643 (Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45642 + RESERVED +CVE-2022-45641 (Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSe ...) + NOT-FOR-US: Tenda +CVE-2022-45640 (Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Cause ...) + NOT-FOR-US: Tenda +CVE-2022-45639 (OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows ...) + NOTE: Bogus report on srcsleuthkit: If a malformed parameter is passed, it needs to be + NOTE: sanitised in the calling application +CVE-2022-45638 + RESERVED +CVE-2022-45637 (An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Ap ...) + NOT-FOR-US: MEGAFEIS +CVE-2022-45636 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) + NOT-FOR-US: MEGAFEIS +CVE-2022-45635 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) + NOT-FOR-US: MEGAFEIS +CVE-2022-45634 (An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Andr ...) + NOT-FOR-US: MEGAFEIS +CVE-2022-45633 + RESERVED +CVE-2022-45632 + RESERVED +CVE-2022-45631 + RESERVED +CVE-2022-45630 + RESERVED +CVE-2022-45629 + RESERVED +CVE-2022-45628 + RESERVED +CVE-2022-45627 + RESERVED +CVE-2022-45626 + RESERVED +CVE-2022-45625 + RESERVED +CVE-2022-45624 + RESERVED +CVE-2022-45623 + RESERVED +CVE-2022-45622 + RESERVED +CVE-2022-45621 + RESERVED +CVE-2022-45620 + RESERVED +CVE-2022-45619 + RESERVED +CVE-2022-45618 + RESERVED +CVE-2022-45617 + RESERVED +CVE-2022-45616 + RESERVED +CVE-2022-45615 + RESERVED +CVE-2022-45614 + REJECTED +CVE-2022-45613 (Book Store Management System v1.0 was discovered to contain a cross-si ...) + NOT-FOR-US: Book Store Management System +CVE-2022-45612 + RESERVED +CVE-2022-45611 (An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows ...) + NOT-FOR-US: Fresenius Kabi PharmaHelp +CVE-2022-45610 + RESERVED +CVE-2022-45609 + RESERVED +CVE-2022-45608 (An issue was discovered in ThingsBoard 3.4.1, allows low privileged at ...) + NOT-FOR-US: ThingsBoard +CVE-2022-45607 + RESERVED +CVE-2022-45606 + RESERVED +CVE-2022-45605 + RESERVED +CVE-2022-45604 + RESERVED +CVE-2022-45603 + RESERVED +CVE-2022-45602 + RESERVED +CVE-2022-45601 + RESERVED +CVE-2022-45600 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 devices imprope ...) + NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware +CVE-2022-45599 (Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable t ...) + NOT-FOR-US: Aztech WMB250AC Mesh Routers Firmware +CVE-2022-45598 (Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.1 ...) + NOT-FOR-US: Joplin Desktop App +CVE-2022-45597 (ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: t ...) + NOT-FOR-US: ComponentSpace.Saml2 +CVE-2022-45596 + RESERVED +CVE-2022-45595 + RESERVED +CVE-2022-45594 + RESERVED +CVE-2022-45593 + RESERVED +CVE-2023-34854 [Authenticated remote code execution via backup/restore in HotelDruid] + - hoteldruid 3.0.6-1 + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2022-45592 [(1) Server Side Request Forgery (SSRF), (2) persistant Cross site scripting (XSS), and (3) File upload vulnerability.] + RESERVED + - hoteldruid 3.0.6-1 + [bookworm] - hoteldruid (Minor issue) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) +CVE-2022-45591 + RESERVED +CVE-2022-45590 + RESERVED +CVE-2022-45589 (All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Tal ...) + NOT-FOR-US: Talend +CVE-2022-45588 (All versions before R2022-09 of Talend's Remote Engine Gen 2 are poten ...) + NOT-FOR-US: Talend +CVE-2022-45587 (Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpd ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-45586 (Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-45585 + RESERVED +CVE-2022-45584 + RESERVED +CVE-2022-45583 + RESERVED +CVE-2022-45582 (Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1. ...) + {DLA-3678-1} + - horizon 3:23.1.0-3 + [bookworm] - horizon 3:23.0.0-5+deb12u1 + [bullseye] - horizon 3:18.6.2-5+deb11u2 + NOTE: https://bugs.launchpad.net/horizon/+bug/1982676 + NOTE: https://opendev.org/openstack/horizon/commit/beed6bf6f6f83df9972db5fb539d64175ce12ce9 (19.4.0) + NOTE: https://opendev.org/openstack/horizon/commit/2f600272bfffb3024e6f06a369f9b4768dd1a0b0 (20.1.4) + NOTE: https://opendev.org/openstack/horizon/commit/79d139594290779b2f74ca894332aa7f2f7e4735 (23.1.0) +CVE-2022-45581 + RESERVED +CVE-2022-45580 + RESERVED +CVE-2022-45579 + RESERVED +CVE-2022-45578 + RESERVED +CVE-2022-45577 + RESERVED +CVE-2022-45576 + RESERVED +CVE-2022-45575 + RESERVED +CVE-2022-45574 + RESERVED +CVE-2022-45573 + RESERVED +CVE-2022-45572 + RESERVED +CVE-2022-45571 + RESERVED +CVE-2022-45570 + RESERVED +CVE-2022-45569 + RESERVED +CVE-2022-45568 + RESERVED +CVE-2022-45567 + RESERVED +CVE-2022-45566 + RESERVED +CVE-2022-45565 + RESERVED +CVE-2022-45564 (SQL Injection vulnerability in znfit Home improvement ERP management s ...) + NOT-FOR-US: znfit Home improvement ERP management system +CVE-2022-45563 + RESERVED +CVE-2022-45562 (Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 ...) + NOT-FOR-US: Telos Alliance Omnia MPX Node +CVE-2022-45561 + RESERVED +CVE-2022-45560 + RESERVED +CVE-2022-45559 + RESERVED +CVE-2022-45558 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) + NOT-FOR-US: Hundredrabbits Left +CVE-2022-45557 (Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 ...) + NOT-FOR-US: Hundredrabbits Left +CVE-2022-45556 + RESERVED +CVE-2022-45555 + RESERVED +CVE-2022-45554 + RESERVED +CVE-2022-45553 (An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Route ...) + NOT-FOR-US: Shenzhen Zhibotong Electronics +CVE-2022-45552 (An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ...) + NOT-FOR-US: Shenzhen Zhibotong Electronics +CVE-2022-45551 (An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router ...) + NOT-FOR-US: Shenzhen Zhibotong Electronics +CVE-2022-45550 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).) + NOT-FOR-US: AyaCMS +CVE-2022-45549 + RESERVED +CVE-2022-45548 (AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.) + NOT-FOR-US: AyaCMS +CVE-2022-45547 + RESERVED +CVE-2022-45546 (Information Disclosure in Authentication Component of ScreenCheck Badg ...) + NOT-FOR-US: ScreenCheck BadgeMaker +CVE-2022-45545 + RESERVED +CVE-2022-45544 (Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 ...) + NOT-FOR-US: Schlix Web Inc SCHLIX CMS +CVE-2022-45543 (Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attacke ...) + NOT-FOR-US: DiscuzX +CVE-2022-45542 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager com ...) + NOT-FOR-US: EyouCMS +CVE-2022-45541 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribu ...) + NOT-FOR-US: EyouCMS +CVE-2022-45540 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor ...) + NOT-FOR-US: EyouCMS +CVE-2022-45539 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager compone ...) + NOT-FOR-US: EyouCMS +CVE-2022-45538 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish ...) + NOT-FOR-US: EyouCMS +CVE-2022-45537 (EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish ...) + NOT-FOR-US: EyouCMS +CVE-2022-45536 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45535 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45534 + RESERVED +CVE-2022-45533 + RESERVED +CVE-2022-45532 + RESERVED +CVE-2022-45531 + RESERVED +CVE-2022-45530 + RESERVED +CVE-2022-45529 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45528 + RESERVED +CVE-2022-45527 (File upload vulnerability in Future-Depth Institutional Management Web ...) + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) +CVE-2022-45526 (SQL Injection vulnerability in Future-Depth Institutional Management W ...) + NOT-FOR-US: Future-Depth Institutional Management Website (IMS) +CVE-2022-45525 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45524 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45523 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45522 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45521 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45520 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45519 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45518 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45517 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45516 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45515 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45514 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45513 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45512 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45511 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45510 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45509 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45508 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45507 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45506 (Tenda W30E v1.0.1.25(633) was discovered to contain a command injectio ...) + NOT-FOR-US: Tenda +CVE-2022-45505 (Tenda W30E V1.0.1.25(633) was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-45504 (An issue in the component tpi_systool_handle(0) (/goform/SysToolRestor ...) + NOT-FOR-US: Tenda +CVE-2022-45503 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-45502 + RESERVED +CVE-2022-45501 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-45500 + RESERVED +CVE-2022-45499 (Tenda W6-S v1.0.0.4(510) was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-45498 (An issue in the component tpi_systool_handle(0) (/goform/SysToolReboot ...) + NOT-FOR-US: Tenda +CVE-2022-45497 (Tenda W6-S v1.0.0.4(510) was discovered to contain a command injection ...) + NOT-FOR-US: Tenda +CVE-2022-45496 (Buffer overflow vulnerability in function json_parse_string in sheredo ...) + NOT-FOR-US: json.h +CVE-2022-45495 + RESERVED +CVE-2022-45494 (Buffer overflow vulnerability in function json_parse_object in sheredo ...) + NOT-FOR-US: json.h +CVE-2022-45493 (Buffer overflow vulnerability in function json_parse_key in sheredom j ...) + NOT-FOR-US: json.h +CVE-2022-45492 (Buffer overflow vulnerability in function json_parse_number in sheredo ...) + NOT-FOR-US: json.h +CVE-2022-45491 (Buffer overflow vulnerability in function json_parse_value in sheredom ...) + NOT-FOR-US: json.h +CVE-2022-45490 + RESERVED +CVE-2022-45489 + RESERVED +CVE-2022-45488 + RESERVED +CVE-2022-45487 + RESERVED +CVE-2022-45486 + RESERVED +CVE-2022-45485 + RESERVED +CVE-2022-45484 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-4105 (A stored XSS in a kiwi Test Plan can run malicious javascript which co ...) + NOT-FOR-US: kiwi Test Plan +CVE-2022-4104 (A loop with an unreachable exit condition can be triggered by passing ...) + NOT-FOR-US: Tenable +CVE-2022-4103 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4102 (The Royal Elementor Addons WordPress plugin before 1.3.56 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4101 (The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4100 + RESERVED +CVE-2022-4099 (The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4098 (Multiple Wiesemann&Theis products of the ComServer Series are prone to ...) + NOT-FOR-US: Wiesemann&Theis products of ComServer Series +CVE-2022-4097 (The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is suscep ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4096 (Server-Side Request Forgery (SSRF) in GitHub repository appsmithorg/ap ...) + NOT-FOR-US: appsmith +CVE-2022-4095 (A use-after-free flaw was found in Linux kernel before 5.19.2. This is ...) + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/e230a4455ac3e9b112f0367d1b8e255e141afae0 (6.0-rc4) +CVE-2022-4094 + RESERVED +CVE-2022-4093 (SQL injection attacks can result in unauthorized access to sensitive d ...) + - dolibarr +CVE-2022-4092 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-44608 (Uncontrolled resource consumption vulnerability in Cybozu Remote Servi ...) + NOT-FOR-US: Cybozu +CVE-2022-4091 (A vulnerability was found in SourceCodester Canteen Management System. ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-4090 (A vulnerability was found in rickxy Stock Management System and classi ...) + NOT-FOR-US: rickxy Stock Management System +CVE-2022-4089 (A vulnerability was found in rickxy Stock Management System. It has be ...) + NOT-FOR-US: rickxy Stock Management System +CVE-2022-4088 (A vulnerability was found in rickxy Stock Management System and classi ...) + NOT-FOR-US: rickxy Stock Management System +CVE-2022-4087 (A vulnerability was found in iPXE. It has been declared as problematic ...) + - ipxe (Vulnerable code not present) + NOTE: Introduced by: https://github.com/ipxe/ipxe/commit/634a86093af9a6d134be8662f25616f4edfec683 + NOTE: Fixed by: https://github.com/ipxe/ipxe/commit/186306d6199096b7a7c4b4574d4be8cdb8426729 +CVE-2022-4086 + REJECTED +CVE-2022-4085 + REJECTED +CVE-2022-4084 + REJECTED +CVE-2022-4083 + REJECTED +CVE-2022-4082 + REJECTED +CVE-2022-4081 + REJECTED +CVE-2022-4080 + REJECTED +CVE-2022-4079 + REJECTED +CVE-2022-4078 + REJECTED +CVE-2022-4077 + REJECTED +CVE-2022-4076 + REJECTED +CVE-2022-4075 + REJECTED +CVE-2022-4074 + REJECTED +CVE-2022-4073 + REJECTED +CVE-2022-4072 + REJECTED +CVE-2022-4071 + REJECTED +CVE-2022-4070 (Insufficient Session Expiration in GitHub repository librenms/librenms ...) + NOT-FOR-US: LibreNMS +CVE-2022-4069 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) + NOT-FOR-US: LibreNMS +CVE-2022-4068 (A user is able to enable their own account if it was disabled by an ad ...) + NOT-FOR-US: LibreNMS +CVE-2022-4067 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2022-4066 (A vulnerability was found in davidmoreno onion. It has been rated as p ...) + - libonion (bug #744119) +CVE-2022-4065 (A vulnerability was found in cbeust testng 7.5.0/7.6.0/7.6.1/7.7.0. It ...) + - testng (Vulnerable code introduced later) + NOTE: https://github.com/cbeust/testng/pull/2806 + NOTE: https://github.com/cbeust/testng/commit/47afa2c8a29e2cf925238af1ad7c76fba282793f +CVE-2022-4064 (A vulnerability was found in Dalli. It has been classified as problema ...) + - ruby-dalli (Vulnerable code introduced later) + NOTE: https://github.com/petergoldstein/dalli/issues/932 + NOTE: https://github.com/petergoldstein/dalli/pull/933 + NOTE: Introduced after: https://github.com/petergoldstein/dalli/commit/5588d98f79eb04a9abcaeeff3263e08f93468b30 (v3.2.0) + NOTE: Fixed by: https://github.com/petergoldstein/dalli/commit/48d594dae55934476fec61789e7a7c3700e0f50d (v3.2.3) +CVE-2022-45483 (Lazy Mouse allows an attacker (in a man in the middle position between ...) + NOT-FOR-US: Lazy Mouse +CVE-2022-45482 (Lazy Mouse server enforces weak password requirements and doesn't impl ...) + NOT-FOR-US: Lazy Mouse +CVE-2022-45481 (The default configuration of Lazy Mouse does not require a password, a ...) + NOT-FOR-US: Lazy Mouse +CVE-2022-45480 (PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middl ...) + NOT-FOR-US: Telepad +CVE-2022-45479 (PC Keyboard allows remote unauthenticated users to send instructions t ...) + NOT-FOR-US: Telepad +CVE-2022-45478 (Telepad allows an attacker (in a man-in-the-middle position between th ...) + NOT-FOR-US: Telepad +CVE-2022-45477 (Telepad allows remote unauthenticated users to send instructions to th ...) + NOT-FOR-US: Telepad +CVE-2022-45476 (Tiny File Manager version 2.4.8 executes the code of files uploaded by ...) + NOT-FOR-US: Tiny File Manager +CVE-2022-45475 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...) + NOT-FOR-US: Tiny File Manager +CVE-2022-4063 (The InPost Gallery WordPress plugin before 2.1.4.1 insecurely uses PHP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4062 (A CWE-285: Improper Authorization vulnerability exists that could caus ...) + NOT-FOR-US: Schneider Electric +CVE-2022-45474 (drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-fr ...) + NOT-FOR-US: drachtio-server +CVE-2022-45473 (In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachti ...) + NOT-FOR-US: drachtio-server +CVE-2022-45472 (CAE LearningSpace Enterprise (with Intuity License) image 267r patch 6 ...) + NOT-FOR-US: CAE LearningSpace Enterprise +CVE-2022-45471 (In JetBrains Hub before 2022.3.15181 Throttling was missed when sendin ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-45470 (missing input validation in Apache Hama may cause information disclosu ...) + NOT-FOR-US: Apache Hama +CVE-2022-44456 (CONPROSYS HMI System (CHS) Ver.3.4.4?and earlier allows a remote unaut ...) + NOT-FOR-US: CONPROSYS HMI System (CHS) +CVE-2022-4061 (The JobBoardWP WordPress plugin before 1.2.2 does not properly validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4060 (The User Post Gallery WordPress plugin through 2.19 does not limit wha ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4059 (The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4058 (The Photo Gallery by 10Web WordPress plugin before 1.8.3 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4057 (The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable ...) + NOT-FOR-US: WordPress plugin +CVE-2023-21523 (A Stored Cross-site Scripting (XSS) vulnerability in the Management Co ...) + NOT-FOR-US: BlackBerry +CVE-2023-21522 (A Reflected Cross-site Scripting (XSS) vulnerability in the Management ...) + NOT-FOR-US: BlackBerry +CVE-2023-21521 (An SQL Injection vulnerability in the Management Console(Operator Audi ...) + NOT-FOR-US: BlackBerry +CVE-2023-21520 (A PII Enumeration via Credential Recovery in the Self Service(Credenti ...) + NOT-FOR-US: BlackBerry +CVE-2023-21519 + RESERVED +CVE-2022-45467 + RESERVED +CVE-2022-45466 + RESERVED +CVE-2022-45465 + RESERVED +CVE-2022-45464 + RESERVED +CVE-2022-45463 + RESERVED +CVE-2022-4056 + RESERVED +CVE-2022-4055 (When xdg-mail is configured to use thunderbird for mailto URLs, improp ...) + - xdg-utils (bug #1027160) + [bookworm] - xdg-utils (Minor issue) + [bullseye] - xdg-utils (Minor issue) + [buster] - xdg-utils (Minor issue) + NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 + NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/58 +CVE-2022-4054 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-45462 (Alarm instance management has command injection when there is a specif ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-45461 (The Java Admin Console in Veritas NetBackup through 10.1 and related V ...) + NOT-FOR-US: Veritas NetBackup +CVE-2022-45460 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...) + NOT-FOR-US: Xiongmai +CVE-2022-4053 (A vulnerability was found in Student Attendance Management System. It ...) + NOT-FOR-US: Student Attendance Management System +CVE-2022-4052 (A vulnerability was found in Student Attendance Management System and ...) + NOT-FOR-US: Student Attendance Management System +CVE-2022-4051 (A vulnerability has been found in Hostel Searching Project and classif ...) + NOT-FOR-US: Hostel Searching Project +CVE-2022-4050 (The JoomSport WordPress plugin before 5.2.8 does not properly sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4049 (The WP User WordPress plugin through 7.0 does not properly sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4048 (Inadequate Encryption Strength in CODESYS Development System V3 versio ...) + NOT-FOR-US: CODESYS +CVE-2022-4047 (The Return Refund and Exchange For WooCommerce WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4046 (In CODESYS Control in multiple versions a improper restriction of oper ...) + NOT-FOR-US: CODESYS +CVE-2022-4045 (A denial-of-service vulnerability in the Mattermost allows an authenti ...) + - mattermost-server (bug #823556) +CVE-2022-4044 (A denial-of-service vulnerability in Mattermost allows an authenticate ...) + - mattermost-server (bug #823556) +CVE-2022-4043 (The WP Custom Admin Interface WordPress plugin before 7.29 unserialize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4042 (The Paytium: Mollie payment forms & donations WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4041 (Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-i ...) + NOT-FOR-US: Hitachi +CVE-2022-4040 + RESERVED +CVE-2022-4039 (A flaw was found in Red Hat Single Sign-On for OpenShift container ima ...) + NOT-FOR-US: Keycloak +CVE-2022-4038 + RESERVED +CVE-2022-4037 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-45459 (Sensitive information disclosure due to insecure registry permissions. ...) + NOT-FOR-US: Acronis +CVE-2022-45458 (Sensitive information disclosure and manipulation due to improper cert ...) + NOT-FOR-US: Acronis +CVE-2022-45457 (Sensitive information disclosure and manipulation due to improper cert ...) + NOT-FOR-US: Acronis +CVE-2022-45456 (Denial of service due to unauthenticated API endpoint. The following p ...) + NOT-FOR-US: Acronis +CVE-2022-45455 (Local privilege escalation due to incomplete uninstallation cleanup. T ...) + NOT-FOR-US: Acronis +CVE-2022-45454 (Sensitive information disclosure due to insecure folder permissions. T ...) + NOT-FOR-US: Acronis +CVE-2022-45453 (TLS/SSL weak cipher suites enabled. The following products are affecte ...) + NOT-FOR-US: Acronis +CVE-2022-45452 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-45451 (Local privilege escalation due to insecure driver communication port p ...) + NOT-FOR-US: Acronis +CVE-2022-45450 (Sensitive information disclosure and manipulation due to improper auth ...) + NOT-FOR-US: Acronis +CVE-2022-45449 + RESERVED +CVE-2022-45448 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) + NOT-FOR-US: M4 PDF plugin for Prestashop sites +CVE-2022-45447 (M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, i ...) + NOT-FOR-US: M4 PDF plugin for Prestashop sites +CVE-2022-4036 (The Appointment Hour Booking plugin for WordPress is vulnerable to CAP ...) + NOT-FOR-US: Appointment Hour Booking plugin for WordPress +CVE-2022-4035 (The Appointment Hour Booking plugin for WordPress is vulnerable to iFr ...) + NOT-FOR-US: Appointment Hour Booking plugin for WordPress +CVE-2022-4034 (The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV ...) + NOT-FOR-US: Appointment Hour Booking Plugin for WordPress +CVE-2022-4033 (The Quiz and Survey Master plugin for WordPress is vulnerable to input ...) + NOT-FOR-US: Quiz and Survey Master plugin for WordPress +CVE-2022-4032 (The Quiz and Survey Master plugin for WordPress is vulnerable to iFram ...) + NOT-FOR-US: Quiz and Survey Master plugin for WordPress +CVE-2022-4031 (The Simple:Press plugin for WordPress is vulnerable to arbitrary file ...) + NOT-FOR-US: Simple:Press plugin for WordPress +CVE-2022-4030 (The Simple:Press plugin for WordPress is vulnerable to Path Traversal ...) + NOT-FOR-US: Simple:Press plugin for WordPress +CVE-2022-4029 (The Simple:Press plugin for WordPress is vulnerable to Reflected Cross ...) + NOT-FOR-US: Simple:Press plugin for WordPress +CVE-2022-4028 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Simple:Press plugin for WordPress +CVE-2022-4027 (The Simple:Press plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Simple:Press plugin for WordPress +CVE-2022-4026 + RESERVED +CVE-2022-4025 (Inappropriate implementation in Paint in Google Chrome prior to 98.0.4 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) +CVE-2022-4024 (The Registration Forms WordPress plugin before 3.8.1.3 does not have a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4023 (The 3DPrint WordPress plugin before 3.5.6.9 does not protect against C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4022 (The SVG Support plugin for WordPress defaults to insecure settings in ...) + NOT-FOR-US: SVG Support plugin for WordPress +CVE-2022-4021 (The Permalink Manager Lite plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: Permalink Manager Lite plugin for WordPress +CVE-2022-4020 (Vulnerability in theHQSwSmiDxe DXE driver on some consumer Acer Notebo ...) + NOT-FOR-US: Acer +CVE-2022-4019 (A denial-of-service vulnerability in the Mattermost Playbooks plugin a ...) + NOT-FOR-US: Mattermost plugin +CVE-2022-4018 (Missing Authentication for Critical Function in GitHub repository ikus ...) + - rdiffweb (bug #969974) +CVE-2022-4017 (The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4016 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4015 (A vulnerability, which was classified as critical, was found in Sports ...) + NOT-FOR-US: Sports Club Management System +CVE-2022-4014 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: FeehiCMS +CVE-2022-4013 (A vulnerability classified as problematic was found in Hospital Manage ...) + NOT-FOR-US: Hospital Management Center +CVE-2022-4012 (A vulnerability classified as critical has been found in Hospital Mana ...) + NOT-FOR-US: Hospital Management Center +CVE-2022-4011 (A vulnerability was found in Simple History Plugin. It has been rated ...) + NOT-FOR-US: Simple History Plugin +CVE-2022-43468 (External initialization of trusted variables or data stores vulnerabil ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41783 (tdpServer of TP-Link RE300 V1 improperly processes its input, which ma ...) + NOT-FOR-US: TP-Link +CVE-2022-4010 (The Image Hover Effects WordPress plugin before 5.5 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4009 (In affected versions of Octopus Deploy it is possible for a user to in ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-4008 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-4007 (A issue has been discovered in GitLab CE/EE affecting all versions fro ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-4006 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WBCE CMS +CVE-2022-4005 (The Donation Button WordPress plugin through 4.0.0 does not sanitize a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-4004 (The Donation Button WordPress plugin through 4.0.0 does not properly c ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4241 (A vulnerability, which was classified as problematic, was found in php ...) + NOT-FOR-US: phpservermon +CVE-2021-4240 (A vulnerability, which was classified as problematic, was found in php ...) + NOT-FOR-US: phpservermon +CVE-2022-45442 (Sinatra is a domain-specific language for creating web applications in ...) + {DLA-3264-1} + - ruby-sinatra 3.0.5-2 (bug #1025125) + NOTE: https://github.com/sinatra/sinatra/security/advisories/GHSA-2x8x-jmrp-phxw + NOTE: https://github.com/sinatra/sinatra/commit/ea8fc9495a350f7551b39e3025bfcd06f49f363b (v3.0.4) + NOTE: https://github.com/sinatra/sinatra/commit/1808bcdf3424eab0c659ef2d0e85579aab977a1a (v2.2.3) +CVE-2022-45441 (A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmwa ...) + NOT-FOR-US: Zyxel +CVE-2022-45440 (A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmwa ...) + NOT-FOR-US: Zyxel +CVE-2022-45439 (A pair of spare WiFi credentials is stored in the configuration file o ...) + NOT-FOR-US: Zyxel +CVE-2022-45438 (When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by ...) + NOT-FOR-US: Apache Superset +CVE-2022-45437 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2022-45436 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Pandora FMS +CVE-2022-4003 + RESERVED +CVE-2022-4002 + RESERVED +CVE-2022-4001 + RESERVED +CVE-2022-4000 (The WooCommerce Shipping WordPress plugin through 1.2.11 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3999 (The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3998 (A vulnerability, which was classified as critical, was found in Monika ...) + NOT-FOR-US: MonikaBrzica scm +CVE-2022-3997 (A vulnerability, which was classified as critical, has been found in M ...) + NOT-FOR-US: MonikaBrzica scm +CVE-2022-3996 (If an X.509 certificate contains a malformed policy constraint and pol ...) + - openssl 3.0.7-2 (bug #1027102) + [bullseye] - openssl (Only affects 3.0.x) + [buster] - openssl (Only affects 3.0.x) + NOTE: https://www.openssl.org/news/secadv/20221213.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7725e7bfe6f2ce8146b6552b44e0d226be7638e7 +CVE-2022-45435 (IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 ...) + NOT-FOR-US: IdentitylQ +CVE-2022-45434 (Some Dahua software products have a vulnerability of unauthenticated u ...) + NOT-FOR-US: Dahua +CVE-2022-45433 (Some Dahua software products have a vulnerability of unauthenticated t ...) + NOT-FOR-US: Dahua +CVE-2022-45432 (Some Dahua software products have a vulnerability of unauthenticated s ...) + NOT-FOR-US: Dahua +CVE-2022-45431 (Some Dahua software products have a vulnerability of unauthenticated r ...) + NOT-FOR-US: Dahua +CVE-2022-45430 (Some Dahua software products have a vulnerability of unauthenticated e ...) + NOT-FOR-US: Dahua +CVE-2022-45429 (Some Dahua software products have a vulnerability of server-side reque ...) + NOT-FOR-US: Dahua +CVE-2022-45428 (Some Dahua software products have a vulnerability of sensitive informa ...) + NOT-FOR-US: Dahua +CVE-2022-45427 (Some Dahua software products have a vulnerability of unrestricted uplo ...) + NOT-FOR-US: Dahua +CVE-2022-45426 (Some Dahua software products have a vulnerability of unrestricted down ...) + NOT-FOR-US: Dahua +CVE-2022-45425 (Some Dahua software products have a vulnerability of using of hard-cod ...) + NOT-FOR-US: Dahua +CVE-2022-45424 (Some Dahua software products have a vulnerability of unauthenticated r ...) + NOT-FOR-US: Dahua +CVE-2022-45423 (Some Dahua software products have a vulnerability of unauthenticated r ...) + NOT-FOR-US: Dahua +CVE-2022-45422 (When LG SmartShare is installed, local privilege escalation is possibl ...) + NOT-FOR-US: LG +CVE-2022-45122 (Cross-site scripting vulnerability in Movable Type Movable Type 7 r.53 ...) + - movabletype-opensource +CVE-2022-45113 (Improper validation of syntactic correctness of input vulnerability ex ...) + - movabletype-opensource +CVE-2022-43660 (Improper neutralization of Server-Side Includes (SSW) within a web pag ...) + - movabletype-opensource +CVE-2022-3995 (The TeraWallet plugin for WordPress is vulnerable to Insecure Direct O ...) + NOT-FOR-US: TeraWallet plugin for WordPress +CVE-2022-3994 (The Authenticator WordPress plugin before 1.3.1 does not prevent subsc ...) + NOT-FOR-US: WordPress plugin +CVE-2023-21518 (Improper access control vulnerability in SearchWidget prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-21517 (Heap out-of-bound write vulnerability in Exynos baseband prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-21516 (XSS vulnerability from InstantPlay in Galaxy Store prior to version 4. ...) + NOT-FOR-US: InstantPlay in Galaxy Store +CVE-2023-21515 (InstantPlay which included vulnerable script which could execute javas ...) + NOT-FOR-US: InstantPlay +CVE-2023-21514 (Improper scheme validation from InstantPlay Deeplink in Galaxy Store p ...) + NOT-FOR-US: InstantPlay +CVE-2023-21513 (Improper privilege management vulnerability in CC Mode prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2023-21512 (Improper Knox ID validation logic in notification framework prior to S ...) + NOT-FOR-US: Samsung +CVE-2023-21511 (Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_S ...) + NOT-FOR-US: Samsung +CVE-2023-21510 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SC ...) + NOT-FOR-US: Samsung +CVE-2023-21509 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_S ...) + NOT-FOR-US: Samsung +CVE-2023-21508 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...) + NOT-FOR-US: Samsung +CVE-2023-21507 (Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESO ...) + NOT-FOR-US: Samsung +CVE-2023-21506 (Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RES ...) + NOT-FOR-US: Samsung +CVE-2023-21505 (Improper access control in Samsung Core Service prior to version 2.1.0 ...) + NOT-FOR-US: Samsung +CVE-2023-21504 (Potential buffer overflow vulnerability in mm_Plmncoordination.c in Sh ...) + NOT-FOR-US: Samsung +CVE-2023-21503 (Potential buffer overflow vulnerability in mm_LteInterRatManagement.c ...) + NOT-FOR-US: Samsung +CVE-2023-21502 (Improper input validation vulnerability in FactoryTest application pri ...) + NOT-FOR-US: Samsung +CVE-2023-21501 (Improper input validation vulnerability in mPOS fiserve trustlet prior ...) + NOT-FOR-US: Samsung +CVE-2023-21500 (Double free validation vulnerability in setPinPadImages in mPOS TUI tr ...) + NOT-FOR-US: Samsung +CVE-2023-21499 (Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin ...) + NOT-FOR-US: Samsung +CVE-2023-21498 (Improper input validation vulnerability in setPartnerTAInfo in mPOS TU ...) + NOT-FOR-US: Samsung +CVE-2023-21497 (Use of externally-controlled format string vulnerability in mPOS TUI t ...) + NOT-FOR-US: Samsung +CVE-2023-21496 (Active Debug Code vulnerability in ActivityManagerService prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-21495 (Improper access control vulnerability in Knox Enrollment Service prior ...) + NOT-FOR-US: Samsung +CVE-2023-21494 (Potential buffer overflow vulnerability in auth api in mm_Authenticati ...) + NOT-FOR-US: Samsung +CVE-2023-21493 (Improper access control vulnerability in SemShareFileProvider prior to ...) + NOT-FOR-US: Samsung +CVE-2023-21492 (Kernel pointers are printed in the log file prior to SMR May-2023 Rele ...) + NOT-FOR-US: Samsung +CVE-2023-21491 (Improper access control vulnerability in ThemeManager prior to SMR May ...) + NOT-FOR-US: Samsung +CVE-2023-21490 (Improper access control in GearManagerStub prior to SMR May-2023 Relea ...) + NOT-FOR-US: Samsung +CVE-2023-21489 (Heap out-of-bounds write vulnerability in bootloader prior to SMR May- ...) + NOT-FOR-US: Samsung +CVE-2023-21488 (Improper access control vulnerablility in Tips prior to SMR May-2023 R ...) + NOT-FOR-US: Samsung +CVE-2023-21487 (Improper access control vulnerability in Telephony framework prior to ...) + NOT-FOR-US: Samsung +CVE-2023-21486 (Improper export of android application components vulnerability in Ima ...) + NOT-FOR-US: Samsung +CVE-2023-21485 (Improper export of android application components vulnerability in Vid ...) + NOT-FOR-US: Samsung +CVE-2023-21484 (Improper access control vulnerability in AppLock prior to SMR May-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-21483 + RESERVED +CVE-2023-21482 + RESERVED +CVE-2023-21481 + RESERVED +CVE-2023-21480 + RESERVED +CVE-2023-21479 + RESERVED +CVE-2023-21478 + RESERVED +CVE-2023-21477 + RESERVED +CVE-2023-21476 + RESERVED +CVE-2023-21475 + RESERVED +CVE-2023-21474 + RESERVED +CVE-2023-21473 + RESERVED +CVE-2023-21472 + RESERVED +CVE-2023-21471 + RESERVED +CVE-2023-21470 + RESERVED +CVE-2023-21469 + RESERVED +CVE-2023-21468 + RESERVED +CVE-2023-21467 + RESERVED +CVE-2023-21466 + RESERVED +CVE-2023-21465 (Improper access control vulnerability in BixbyTouch prior to version 3 ...) + NOT-FOR-US: Samsung +CVE-2023-21464 (Improper access control in Samsung Calendar prior to versions 12.4.02. ...) + NOT-FOR-US: Samsung +CVE-2023-21463 (Improper access control vulnerability in MyFiles application prior to ...) + NOT-FOR-US: Samsung +CVE-2023-21462 (The sensitive information exposure vulnerability in Quick Share Agent ...) + NOT-FOR-US: Samsung +CVE-2023-21461 (Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in ...) + NOT-FOR-US: Samsung +CVE-2023-21460 (Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2023-21459 (Use after free vulnerability in decon driver prior to SMR Mar-2023 Rel ...) + NOT-FOR-US: Samsung +CVE-2023-21458 (Improper privilege management vulnerability in PhoneStatusBarPolicy in ...) + NOT-FOR-US: Samsung +CVE-2023-21457 (Improper access control vulnerability in Bluetooth prior to SMR Mar-20 ...) + NOT-FOR-US: Samsung +CVE-2023-21456 (Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar ...) + NOT-FOR-US: Samsung +CVE-2023-21455 (Improper authorization implementation in Exynos baseband prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-21454 (Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Relea ...) + NOT-FOR-US: Samsung +CVE-2023-21453 (Improper input validation vulnerability in SoftSim TA prior to SMR Mar ...) + NOT-FOR-US: Samsung +CVE-2023-21452 (Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 R ...) + NOT-FOR-US: Samsung +CVE-2023-21451 (A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRI ...) + NOT-FOR-US: Samsung +CVE-2023-21450 (Missing Authorization vulnerability in One Hand Operation + prior to v ...) + NOT-FOR-US: Samsung +CVE-2023-21449 (Improper access control vulnerability in Call application prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2023-21448 (Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.3 ...) + NOT-FOR-US: Samsung +CVE-2023-21447 (Improper access control vulnerabilities in Samsung Cloud prior to vers ...) + NOT-FOR-US: Samsung +CVE-2023-21446 (Improper input validation in MyFiles prior to version 12.2.09 in Andro ...) + NOT-FOR-US: Samsung +CVE-2023-21445 (Improper access control vulnerability in MyFiles prior to versions 12. ...) + NOT-FOR-US: Samsung +CVE-2023-21444 (Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 ...) + NOT-FOR-US: Samsung +CVE-2023-21443 (Improper cryptographic implementation in Samsung Flow for Android prio ...) + NOT-FOR-US: Samsung +CVE-2023-21442 (Improper access control vulnerability in Runestone application prior t ...) + NOT-FOR-US: Samsung +CVE-2023-21441 (Insufficient Verification of Data Authenticity vulnerability in Routin ...) + NOT-FOR-US: Samsung +CVE-2023-21440 (Improper access control vulnerability in WindowManagerService prior to ...) + NOT-FOR-US: Samsung +CVE-2023-21439 (Improper input validation vulnerability in UwbDataTxStatusEvent prior ...) + NOT-FOR-US: Samsung +CVE-2023-21438 (Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows ph ...) + NOT-FOR-US: Samsung +CVE-2023-21437 (Improper access control vulnerability in Phone application prior to SM ...) + NOT-FOR-US: Samsung +CVE-2023-21436 (Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Re ...) + NOT-FOR-US: Samsung +CVE-2023-21435 (Exposure of Sensitive Information vulnerability in Fingerprint TA prio ...) + NOT-FOR-US: Samsung +CVE-2023-21434 (Improper input validation vulnerability in Galaxy Store prior to versi ...) + NOT-FOR-US: Samsung +CVE-2023-21433 (Improper access control vulnerability in Galaxy Store prior to version ...) + NOT-FOR-US: Samsung +CVE-2023-21432 (Improper access control vulnerabilities in Smart Things prior to 1.7.9 ...) + NOT-FOR-US: Samsung +CVE-2023-21431 (Improper input validation in Bixby Vision prior to version 3.7.70.17 a ...) + NOT-FOR-US: Samsung +CVE-2023-21430 (An out-of-bound read vulnerability in mapToBuffer function in libSDKRe ...) + NOT-FOR-US: Samsung +CVE-2023-21429 (Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release ...) + NOT-FOR-US: Samsung +CVE-2023-21428 (Improper input validation vulnerability in TelephonyUI prior to SMR Ja ...) + NOT-FOR-US: Samsung +CVE-2023-21427 (Improper access control vulnerability in NfcTile prior to SMR Jan-2023 ...) + NOT-FOR-US: Samsung +CVE-2023-21426 (Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Ja ...) + NOT-FOR-US: Samsung +CVE-2023-21425 (Improper access control vulnerability in telecom application prior to ...) + NOT-FOR-US: Samsung +CVE-2023-21424 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) + NOT-FOR-US: Samsung +CVE-2023-21423 (Improper authorization vulnerability in ChnFileShareKit prior to SMR J ...) + NOT-FOR-US: Samsung +CVE-2023-21422 (Improper authorization vulnerability in semAddPublicDnsAddr in WifiSev ...) + NOT-FOR-US: Samsung +CVE-2023-21421 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) + NOT-FOR-US: Samsung +CVE-2023-21420 (Use of Externally-Controlled Format String vulnerabilities in STST TA ...) + NOT-FOR-US: Samsung +CVE-2023-21419 (An improper implementation logic in Secure Folder prior to SMR Jan-202 ...) + NOT-FOR-US: Samsung +CVE-2022-45421 (Mozilla developers Andrew McCreight and Gabriele Svelto reported memor ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45421 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45421 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45421 +CVE-2022-45420 (Use tables inside of an iframe, an attacker could have caused iframe c ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45420 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45420 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45420 +CVE-2022-45419 (If the user added a security exception for an invalid TLS certificate, ...) + - firefox 107.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45419 +CVE-2022-45418 (If a custom mouse cursor is specified in CSS, under certain circumstan ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45418 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45418 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45418 +CVE-2022-45417 (Service Workers did not detect Private Browsing Mode correctly in all ...) + - firefox 107.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45417 +CVE-2022-45416 (Keyboard events reference strings like "KeyA" that were at fixed, know ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45416 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45416 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45416 +CVE-2022-45415 (When downloading an HTML file, if the title of the page was formatted ...) + - firefox 107.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45415 +CVE-2022-45414 (If a Thunderbird user quoted from an HTML email, for example by replyi ...) + {DSA-5303-1} + - thunderbird 1:102.5.1-1 + [bullseye] - thunderbird (Minor issue, fix along in next ESR update) + [buster] - thunderbird (Minor issue) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/#CVE-2022-45414 +CVE-2022-45413 (Using the S.browser_fallback_url parameter parameter, an ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45413 +CVE-2022-45412 (When resolving a symlink such as file:///proc/self/fd/1, ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45412 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45412 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45412 +CVE-2022-45411 (Cross-Site Tracing occurs when a server will echo a request back via t ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45411 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45411 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45411 +CVE-2022-45410 (When a ServiceWorker intercepted a request with FetchEventFontFace() on a backgr ...) + - firefox 107.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45407 +CVE-2022-45406 (If an out-of-memory condition occurred when creating a JavaScript glob ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45406 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45406 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45406 +CVE-2022-45405 (Freeing arbitrary nsIInputStream's on a different thread ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45405 +CVE-2022-45404 (Through a series of popup and window.print() calls, an at ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45404 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45404 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45404 +CVE-2022-45403 (Service Workers should not be able to infer information about opaque c ...) + {DSA-5284-1 DSA-5282-1 DLA-3199-1 DLA-3196-1} + - firefox 107.0-1 + - firefox-esr 102.5.0esr-1 + - thunderbird 1:102.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-47/#CVE-2022-45403 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-48/#CVE-2022-45403 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-49/#CVE-2022-45403 +CVE-2022-45402 (In Apache Airflow versions prior to 2.4.3, there was an open redirect ...) + - airflow (bug #819700) +CVE-2022-45401 (Jenkins Associated Files Plugin 0.2.1 and earlier does not escape name ...) + NOT-FOR-US: Jenkins Associated Files Plugin +CVE-2022-45400 (Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser ...) + NOT-FOR-US: Jenkins JAPEX Plugin +CVE-2022-45399 (A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 ...) + NOT-FOR-US: Jenkins Cluster Statistics Plugin +CVE-2022-45398 (A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster S ...) + NOT-FOR-US: Jenkins Cluster Statistics Plugin +CVE-2022-45397 (Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does ...) + NOT-FOR-US: Jenkins OSF Builder Suite : : XML Linter Plugin +CVE-2022-45396 (Jenkins SourceMonitor Plugin 0.2 and earlier does not configure its XM ...) + NOT-FOR-US: Jenkins SourceMonitor Plugin +CVE-2022-45395 (Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser ...) + NOT-FOR-US: Jenkins CCCC Plugin +CVE-2022-45394 (A missing permission check in Jenkins Delete log Plugin 1.0 and earlie ...) + NOT-FOR-US: Jenkins Delete log Plugin +CVE-2022-45393 (A cross-site request forgery (CSRF) vulnerability in Jenkins Delete lo ...) + NOT-FOR-US: Jenkins Delete log Plugin +CVE-2022-45392 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...) + NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin +CVE-2022-45391 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and e ...) + NOT-FOR-US: Jenkins NS-ND Integration Performance Publisher Plugin +CVE-2022-45390 (A missing permission check in Jenkins loader.io Plugin 1.0.1 and earli ...) + NOT-FOR-US: Jenkins loader.io Plugin +CVE-2022-45389 (A missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier al ...) + NOT-FOR-US: Jenkins XP-Dev Plugin +CVE-2022-45388 (Jenkins Config Rotator Plugin 2.0.1 and earlier does not restrict a fi ...) + NOT-FOR-US: Jenkins Config Rotator Plugin +CVE-2022-45387 (Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed conte ...) + NOT-FOR-US: Jenkins BART Plugin +CVE-2022-45386 (Jenkins Violations Plugin 0.7.11 and earlier does not configure its XM ...) + NOT-FOR-US: Jenkins Violations Plugin +CVE-2022-45385 (A missing permission check in Jenkins CloudBees Docker Hub/Registry No ...) + NOT-FOR-US: CloudBees Docker Hub/Registry Notification Plugin +CVE-2022-45384 (Jenkins Reverse Proxy Auth Plugin 1.7.3 and earlier stores the LDAP ma ...) + NOT-FOR-US: Jenkins Reverse Proxy Auth Plugin +CVE-2022-45383 (An incorrect permission check in Jenkins Support Core Plugin 1206.v140 ...) + NOT-FOR-US: Jenkins Support Core Plugin +CVE-2022-45382 (Jenkins Naginator Plugin 1.18.1 and earlier does not escape display na ...) + NOT-FOR-US: Jenkins Naginator Plugin +CVE-2022-45381 (Jenkins Pipeline Utility Steps Plugin 2.13.1 and earlier does not rest ...) + NOT-FOR-US: Jenkins Pipeline Utility Steps Plugin +CVE-2022-45380 (Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) ...) + NOT-FOR-US: Jenkins JUnit Plugin +CVE-2022-45379 (Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier store ...) + NOT-FOR-US: Jenkins Script Security Plugin +CVE-2022-45378 (In the default configuration of Apache SOAP, an RPCRouterServlet is av ...) + NOT-FOR-US: Apache SOAP +CVE-2022-45377 + RESERVED +CVE-2022-45376 (Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45375 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45374 + RESERVED +CVE-2022-45373 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45372 (Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Ga ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45371 (Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine pl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45370 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45369 (Auth. (subscriber+) Broken Access Control vulnerability in Plugin for ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45368 + RESERVED +CVE-2022-45367 (Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Cus ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45366 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45365 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45364 (Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45363 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup B ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45362 (Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Paymen ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45361 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45360 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45359 (Unauth. Arbitrary File Upload vulnerability inYITH WooCommerce Gift Ca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45358 (Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45357 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45356 + RESERVED +CVE-2022-45355 (Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45354 + RESERVED +CVE-2022-45353 (Broken Access Control inBetheme theme <= 26.6.1 on WordPress.) + NOT-FOR-US: WordPress theme +CVE-2022-45352 + RESERVED +CVE-2022-45351 + RESERVED +CVE-2022-45350 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45349 + RESERVED +CVE-2022-45348 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45347 (Apache ShardingSphere-Proxy prior to 5.3.0 when using MySQL as databas ...) + NOT-FOR-US: Apache ShardingSphere-Proxy +CVE-2022-45344 + RESERVED +CVE-2022-45343 (GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a hea ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2315 + NOTE: https://github.com/gpac/gpac/commit/1016912db5408b6f38e8eb715279493ae380d1c4 +CVE-2022-45342 + RESERVED +CVE-2022-45341 + RESERVED +CVE-2022-45340 + RESERVED +CVE-2022-45339 + RESERVED +CVE-2022-45338 (An arbitrary file upload vulnerability in the profile picture upload f ...) + NOT-FOR-US: Exact Synergy Enterprise +CVE-2022-45337 (Tenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-45336 + RESERVED +CVE-2022-45335 + RESERVED +CVE-2022-45334 + RESERVED +CVE-2022-45333 + RESERVED +CVE-2022-45332 (LibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow ...) + - libredwg (bug #595191) +CVE-2022-45331 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45330 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45329 (AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability ...) + NOT-FOR-US: AeroCMS +CVE-2022-45328 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Church Management System +CVE-2022-45327 + RESERVED +CVE-2022-45326 (An XML external entity (XXE) injection vulnerability in Kwoksys Kwok I ...) + NOT-FOR-US: Kwoksys +CVE-2022-45325 + RESERVED +CVE-2022-45324 + RESERVED +CVE-2022-45323 + RESERVED +CVE-2022-45322 + RESERVED +CVE-2022-45321 + RESERVED +CVE-2022-45320 + RESERVED +CVE-2022-45319 + RESERVED +CVE-2022-45318 + RESERVED +CVE-2022-45317 + RESERVED +CVE-2022-45316 + RESERVED +CVE-2022-45315 (Mikrotik RouterOs before stable v7.6 was discovered to contain an out- ...) + NOT-FOR-US: Mikrotik +CVE-2022-45314 + RESERVED +CVE-2022-45313 (Mikrotik RouterOs before stable v7.5 was discovered to contain an out- ...) + NOT-FOR-US: Mikrotik +CVE-2022-45312 + RESERVED +CVE-2022-45311 + RESERVED +CVE-2022-45310 + RESERVED +CVE-2022-45309 + RESERVED +CVE-2022-45308 + RESERVED +CVE-2022-45307 (Insecure permissions in Chocolatey PHP package v8.1.12 and below grant ...) + NOT-FOR-US: Chocolatey PHP package +CVE-2022-45306 (Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.21 ...) + NOT-FOR-US: Chocolatey Azure-Pipelines-Agent package +CVE-2022-45305 (Insecure permissions in Chocolatey Python3 package v3.11.0 and below g ...) + NOT-FOR-US: Chocolatey Python3 package +CVE-2022-45304 (Insecure permissions in Chocolatey Cmder package v1.3.20 and below gra ...) + NOT-FOR-US: Chocolatey Cmder package +CVE-2022-45303 + RESERVED +CVE-2022-45302 + RESERVED +CVE-2022-45301 (Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below gra ...) + NOT-FOR-US: Chocolatey Ruby package +CVE-2022-45300 + RESERVED +CVE-2022-45299 (An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allo ...) + - rust-webbrowser 0.8.7-1 + NOTE: https://github.com/offalltn/CVE-2022-45299 +CVE-2022-45298 + RESERVED +CVE-2022-45297 (EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: EQ +CVE-2022-45296 + RESERVED +CVE-2022-45295 + RESERVED +CVE-2022-45294 + RESERVED +CVE-2022-45293 + RESERVED +CVE-2022-45292 (User invites for Funkwhale v1.2.8 do not permanently expire after bein ...) + NOT-FOR-US: Funkwhale +CVE-2022-45291 (PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 20 ...) + NOT-FOR-US: PWS Personal Weather Station Dashboard +CVE-2022-45290 (Kbase Doc v1.0 was discovered to contain an arbitrary file deletion vu ...) + NOT-FOR-US: Kbase Doc +CVE-2022-45289 + RESERVED +CVE-2022-45288 + RESERVED +CVE-2022-45287 (An access control issue in Registration.aspx of Temenos CWX 8.5.6 allo ...) + NOT-FOR-US: Temenos CWX +CVE-2022-45286 + RESERVED +CVE-2022-45285 (Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is ...) + NOT-FOR-US: Vsourz Digital Advanced Contact form +CVE-2022-45284 + RESERVED +CVE-2022-45283 (GPAC MP4box v2.0.0 was discovered to contain a stack overflow in the s ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2295 + NOTE: https://github.com/gpac/gpac/commit/0fc714872ba4536a1190f93aa278b6e08f8c60df +CVE-2022-45282 + RESERVED +CVE-2022-45281 + RESERVED +CVE-2022-45280 (A cross-site scripting (XSS) vulnerability in the Url parameter in /lo ...) + NOT-FOR-US: EyouCMS +CVE-2022-45279 + RESERVED +CVE-2022-45278 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Jizhicms +CVE-2022-45277 + RESERVED +CVE-2022-45276 (An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 a ...) + NOT-FOR-US: YJCMS +CVE-2022-45275 (An arbitrary file upload vulnerability in /queuing/admin/ajax.php?acti ...) + NOT-FOR-US: Dynamic Transaction Queuing System +CVE-2022-45274 + RESERVED +CVE-2022-45273 + RESERVED +CVE-2022-45272 + RESERVED +CVE-2022-45271 + RESERVED +CVE-2022-45270 + RESERVED +CVE-2022-45269 (A directory traversal vulnerability in the component SCS.Web.Server.SP ...) + NOT-FOR-US: Linx Sphere LINX +CVE-2022-45268 + RESERVED +CVE-2022-45267 + RESERVED +CVE-2022-45266 + RESERVED +CVE-2022-45265 + RESERVED +CVE-2022-45264 + RESERVED +CVE-2022-45263 + RESERVED +CVE-2022-45262 + RESERVED +CVE-2022-45261 + RESERVED +CVE-2022-45260 + RESERVED +CVE-2022-45259 + RESERVED +CVE-2022-45258 + RESERVED +CVE-2022-45257 + RESERVED +CVE-2022-45256 + RESERVED +CVE-2022-45255 + RESERVED +CVE-2022-45254 + RESERVED +CVE-2022-45253 + RESERVED +CVE-2022-45252 + RESERVED +CVE-2022-45251 + RESERVED +CVE-2022-45250 + RESERVED +CVE-2022-45249 + RESERVED +CVE-2022-45248 + RESERVED +CVE-2022-45247 + RESERVED +CVE-2022-45246 + RESERVED +CVE-2022-45245 + RESERVED +CVE-2022-45244 + RESERVED +CVE-2022-45243 + RESERVED +CVE-2022-45242 + RESERVED +CVE-2022-45241 + RESERVED +CVE-2022-45240 + RESERVED +CVE-2022-45239 + RESERVED +CVE-2022-45238 + RESERVED +CVE-2022-45237 + RESERVED +CVE-2022-45236 + RESERVED +CVE-2022-45235 + RESERVED +CVE-2022-45234 + RESERVED +CVE-2022-45233 + RESERVED +CVE-2022-45232 + RESERVED +CVE-2022-45231 + RESERVED +CVE-2022-45230 + RESERVED +CVE-2022-45229 + RESERVED +CVE-2022-45228 (Dragino Lora LG01 18ed40 IoT v4.3.4 was discovered to contain a Cross- ...) + NOT-FOR-US: Dragino Lora LG01 18ed40 IoT +CVE-2022-45227 (The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the director ...) + NOT-FOR-US: Dragino Lora LG01 18ed40 IoT +CVE-2022-45226 + RESERVED +CVE-2022-45225 (Book Store Management System v1.0 was discovered to contain a cross-si ...) + NOT-FOR-US: Book Store Management System +CVE-2022-45224 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + NOT-FOR-US: Web-Based Student Clearance System +CVE-2022-45223 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + NOT-FOR-US: Web-Based Student Clearance System +CVE-2022-45222 + RESERVED +CVE-2022-45221 (Web-Based Student Clearance System v1.0 was discovered to contain a cr ...) + NOT-FOR-US: Web-Based Student Clearance System +CVE-2022-45220 + RESERVED +CVE-2022-45219 + RESERVED +CVE-2022-45218 (Human Resource Management System v1.0.0 was discovered to contain a cr ...) + NOT-FOR-US: Human Resource Management System +CVE-2022-45217 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) + NOT-FOR-US: Book Store Management System +CVE-2022-45216 + RESERVED +CVE-2022-45215 (A cross-site scripting (XSS) vulnerability in Book Store Management Sy ...) + NOT-FOR-US: Book Store Management System +CVE-2022-45214 (A cross-site scripting (XSS) vulnerability in Sanitization Management ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-45213 (perfSONAR before 4.4.6 inadvertently supports the parse option for a f ...) + NOT-FOR-US: perfSONAR +CVE-2022-45212 + RESERVED +CVE-2022-45211 + RESERVED +CVE-2022-45210 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-45209 + RESERVED +CVE-2022-45208 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-45207 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-45206 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-45205 (Jeecg-boot v3.4.3 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-45204 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a mem ...) + - gpac (Vulnerable code not present in any version in the archive) + NOTE: https://github.com/gpac/gpac/issues/2307 + NOTE: Introduced by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da + NOTE: Fixed by: https://github.com/gpac/gpac/commit/f045be5809808d64ebf8ce5ab628fa55786bea4f +CVE-2022-45203 + RESERVED +CVE-2022-45202 (GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a sta ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2296 + NOTE: https://github.com/gpac/gpac/issues/2296#issuecomment-1303112783 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/74e53280dad7b29f85386c6a1286fb92643465da +CVE-2022-45201 + RESERVED +CVE-2022-45200 + RESERVED +CVE-2022-3993 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: Kavita +CVE-2022-3992 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-3991 (The Photospace Gallery plugin for WordPress is vulnerable to Stored Cr ...) + NOT-FOR-US: Photospace Gallery plugin for WordPress +CVE-2022-3990 (HPSFViewer might allow Escalation of Privilege. This potential vulnera ...) + NOT-FOR-US: HP +CVE-2022-3989 (The Motors WordPress plugin before 1.4.4 does not properly validate up ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3988 (A vulnerability was found in Frappe. It has been rated as problematic. ...) + NOT-FOR-US: Frappe Framework +CVE-2022-3987 (The Responsive Lightbox2 WordPress plugin before 1.0.4 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3986 (The WP Stripe Checkout WordPress plugin before 1.2.2.21 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3985 (The Videojs HTML5 Player WordPress plugin before 1.1.9 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3984 (The Flowplayer Video Player WordPress plugin before 1.0.5 does not val ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3983 (The Checkout for PayPal WordPress plugin before 1.0.14 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3982 (The Booking calendar, Appointment Booking System WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3981 (The Icegram Express WordPress plugin before 5.5.1 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3980 (An XML External Entity (XEE) vulnerability allows server-side request ...) + NOT-FOR-US: Sophos +CVE-2022-37406 (Cross-site scripting vulnerability in Aficio SP 4210N firmware version ...) + NOT-FOR-US: Aficio SP 4210N firmware +CVE-2022-45199 (Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.) + - pillow 9.3.0-1 (bug #1024512) + [bullseye] - pillow (Vulnerable code not present, introduced in 9.2.0) + [buster] - pillow (Vulnerable code not present, introduced in 9.2.0) + NOTE: https://github.com/python-pillow/Pillow/commit/2444cddab2f83f28687c7c20871574acbb6dbcf3 (9.3.0) + NOTE: https://github.com/python-pillow/Pillow/pull/6700 +CVE-2022-45198 (Pillow before 9.2.0 performs Improper Handling of Highly Compressed GI ...) + - pillow 9.2.0-1 + [bullseye] - pillow (Minor issue) + [buster] - pillow (Minor issue) + NOTE: https://github.com/python-pillow/Pillow/commit/11918eac0628ec8ac0812670d9838361ead2d6a4 (9.2.0) + NOTE: https://github.com/python-pillow/Pillow/pull/6402 +CVE-2022-3979 (A vulnerability was found in NagVis up to 1.9.33 and classified as pro ...) + - nagvis 1:1.9.34-1 + [bullseye] - nagvis (Minor issue) + [buster] - nagvis (Minor issue) + NOTE: https://github.com/NagVis/nagvis/commit/7574fd8a2903282c2e0d1feef5c4876763db21d5 (nagvis-1.9.34) +CVE-2022-3978 (A vulnerability, which was classified as problematic, was found in Nod ...) + NOT-FOR-US: NodeBB +CVE-2022-3977 (A use-after-free flaw was found in the Linux kernel MCTP (Management C ...) + - linux 6.0.2-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3a732b46736cd8a29092e4b0b1a9ba83e672bf89 (6.1-rc1) +CVE-2022-3976 (A vulnerability has been found in MZ Automation libiec61850 up to 1.4 ...) + NOT-FOR-US: libIEC61850 +CVE-2022-3975 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: NukeViet CMS +CVE-2022-3974 (A vulnerability classified as critical was found in Axiomatic Bento4. ...) + NOT-FOR-US: Bento4 +CVE-2022-3973 (A vulnerability classified as critical has been found in Pingkon HMS-P ...) + NOT-FOR-US: Pingkon HMS-PHP +CVE-2022-3972 (A vulnerability was found in Pingkon HMS-PHP. It has been rated as cri ...) + NOT-FOR-US: Pingkon HMS-PHP +CVE-2022-3971 (A vulnerability was found in matrix-appservice-irc up to 0.35.1. It ha ...) + NOT-FOR-US: matrix-appservice-irc +CVE-2022-3970 (A vulnerability was found in LibTIFF. It has been classified as critic ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-6 (bug #1024737) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53137 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be + NOTE: https://oss-fuzz.com/download?testcase_id=5738253143900160 +CVE-2022-3969 (A vulnerability was found in OpenKM up to 6.3.11 and classified as pro ...) + NOT-FOR-US: OpenKM +CVE-2022-3968 (A vulnerability has been found in emlog and classified as problematic. ...) + NOT-FOR-US: emlog +CVE-2022-3967 (A vulnerability, which was classified as critical, was found in Vesta ...) + NOT-FOR-US: Vesta +CVE-2022-3966 (A vulnerability, which was classified as critical, has been found in U ...) + NOT-FOR-US: Ultimate Member Plugin +CVE-2022-3965 (A vulnerability classified as problematic was found in ffmpeg. This vu ...) + [experimental] - ffmpeg 7:6.0-1 + - ffmpeg 7:5.1.3-1 + [bullseye] - ffmpeg (Vulnerable code not present) + [buster] - ffmpeg (Vulnerable code not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/13c13109759090b7f7182480d075e13b36ed8edd (n6.0) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9886e4c3b0880b167dbfdad722fb654c58cdc977 (n5.1.3) +CVE-2022-3964 (A vulnerability classified as problematic has been found in ffmpeg. Th ...) + [experimental] - ffmpeg 7:6.0-1 + - ffmpeg 7:5.1.3-1 + [bullseye] - ffmpeg (Vulnerable code not present) + [buster] - ffmpeg (Vulnerable code not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/92f9b28ed84a77138105475beba16c146bdaf984 (n6.0) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7c234248f859baa35e55c3dbbb7a359eae1c5257 (n5.1.3) +CVE-2022-45197 (Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLS ...) + - slixmpp 1.8.3-1 + [bullseye] - slixmpp (Minor issue) + [buster] - slixmpp (Minor issue) + NOTE: https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa (slix-1.8.3) +CVE-2022-45196 (Hyperledger Fabric 2.3 allows attackers to cause a denial of service ( ...) + NOT-FOR-US: Hyperledger Fabric +CVE-2022-45195 (SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not a ...) + NOT-FOR-US: SimpleXMQ +CVE-2022-3963 (A vulnerability was found in gnuboard5. It has been classified as prob ...) + NOT-FOR-US: Gnuboard +CVE-2022-45194 (CBRN-Analysis before 22 allows XXE attacks via am mws XML document, le ...) + NOT-FOR-US: CBRN-Analysis +CVE-2022-45193 (CBRN-Analysis before 22 has weak file permissions under Public Profile ...) + NOT-FOR-US: CBRN-Analysis +CVE-2022-45192 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) + NOT-FOR-US: Microchip +CVE-2022-45191 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) + NOT-FOR-US: Microchip +CVE-2022-45190 (An issue was discovered on Microchip RN4870 1.43 devices. An attacker ...) + NOT-FOR-US: Microchip +CVE-2022-45189 + RESERVED +CVE-2022-45188 (Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.15~ds-1 (bug #1024021) + NOTE: https://rushbnt.github.io/bug%20analysis/netatalk-0day/ + NOTE: https://github.com/Netatalk/netatalk/commit/dfab56846e8f454fe0548347ae6437bd12a05925 + NOTE: https://github.com/Netatalk/netatalk/commit/952b510d38914ed215858883f395da33d8b7e396 (netatalk-3-1-15) +CVE-2022-45187 + RESERVED +CVE-2022-45186 + RESERVED +CVE-2022-45185 + RESERVED +CVE-2022-45184 (The Web Server in Ironman Software PowerShell Universal v3.x and v2.x ...) + NOT-FOR-US: Ironman Software PowerShell Universal +CVE-2022-45183 (Escalation of privileges in the Web Server in Ironman Software PowerSh ...) + NOT-FOR-US: Ironman +CVE-2022-45182 (Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module ...) + NOT-FOR-US: Pi-Star_DV_Dash (for Pi-Star DV) +CVE-2022-45181 + RESERVED +CVE-2022-45180 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45179 + RESERVED +CVE-2022-45178 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. B ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45177 + RESERVED +CVE-2022-45176 + RESERVED +CVE-2022-45175 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45174 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45173 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45172 (An issue was discovered in LIVEBOX Collaboration vDesk before v018. Br ...) + NOT-FOR-US: LIVEBOX Collaboration vDesk +CVE-2022-45171 + RESERVED +CVE-2022-45170 (An issue was discovered in LIVEBOX Collaboration vDesk through v018. A ...) + NOT-FOR-US: LIVEBOX +CVE-2022-45169 + RESERVED +CVE-2022-45168 + RESERVED +CVE-2022-3962 (A content spoofing vulnerability was found in Kiali. It was discovered ...) + NOT-FOR-US: Kiali +CVE-2022-3961 (The Directorist WordPress plugin before 7.4.4 does not prevent users w ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3960 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-45167 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) + NOT-FOR-US: Archibus Web Central +CVE-2022-45166 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) + NOT-FOR-US: Archibus Web Central +CVE-2022-45165 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) + NOT-FOR-US: Archibus Web Central +CVE-2022-45164 (An issue was discovered in Archibus Web Central 2022.03.01.107. A serv ...) + NOT-FOR-US: Archibus Web Central +CVE-2022-45163 (An information-disclosure vulnerability exists on select NXP devices w ...) + NOT-FOR-US: NXP devices +CVE-2022-45162 + RESERVED +CVE-2022-45161 + RESERVED +CVE-2022-45160 + RESERVED +CVE-2022-45159 + RESERVED +CVE-2022-45158 + RESERVED +CVE-2022-45157 + RESERVED +CVE-2022-45156 + RESERVED +CVE-2022-45155 (An Improper Handling of Exceptional Conditions vulnerability in obs-se ...) + NOT-FOR-US: openSUSE Factory +CVE-2022-45154 (A Cleartext Storage of Sensitive Information vulnerability in suppport ...) + NOT-FOR-US: SuSE supportutils +CVE-2022-45153 (An Incorrect Default Permissions vulnerability in saphanabootstrap-for ...) + NOT-FOR-US: SAP +CVE-2022-45152 (A blind Server-Side Request Forgery (SSRF) vulnerability was found in ...) + - moodle +CVE-2022-45151 (The stored-XSS vulnerability was discovered in Moodle which exists due ...) + - moodle +CVE-2022-45150 (A reflected cross-site scripting vulnerability was discovered in Moodl ...) + - moodle +CVE-2022-45149 (A vulnerability was found in Moodle which exists due to insufficient v ...) + - moodle +CVE-2022-45148 + REJECTED +CVE-2022-45147 + RESERVED +CVE-2022-3959 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Drogon +CVE-2022-3958 (Cross-site Scripting (XSS) vulnerability in BlueSpiceUserSidebar exten ...) + NOT-FOR-US: BlueSpiceUserSidebar extension of BlueSpice +CVE-2022-3957 (A vulnerability classified as problematic was found in GPAC. Affected ...) + {DSA-5411-1} + - gpac (unimportant) + NOTE: https://github.com/gpac/gpac/commit/2191e66aa7df750e8ef01781b1930bea87b713bb + NOTE: Negligible security impact +CVE-2022-3956 (A vulnerability classified as critical has been found in tsruban HHIMS ...) + NOT-FOR-US: tsruban HHIMS +CVE-2022-3955 (A vulnerability was found in tholum crm42. It has been rated as critic ...) + NOT-FOR-US: tholum crm42 +CVE-2022-3954 + RESERVED +CVE-2022-3953 + REJECTED +CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and clas ...) + NOT-FOR-US: ManyDesigns Portofino +CVE-2022-3951 + RESERVED +CVE-2022-3950 (A vulnerability, which was classified as problematic, was found in san ...) + NOT-FOR-US: sanluan PublicCMS +CVE-2022-3949 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Sourcecodester Simple Cashiering System +CVE-2022-3948 (A vulnerability classified as critical was found in eolinker goku_lite ...) + NOT-FOR-US: eolinker goku_lite +CVE-2022-3947 (A vulnerability classified as critical has been found in eolinker goku ...) + NOT-FOR-US: eolinker goku_lite +CVE-2022-3946 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not have aut ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3945 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: Kavita +CVE-2022-3944 (A vulnerability was found in jerryhanjj ERP. It has been declared as c ...) + NOT-FOR-US: jerryhanjj ERP +CVE-2022-3943 (A vulnerability was found in ForU CMS. It has been classified as probl ...) + NOT-FOR-US: ForU CMS +CVE-2022-3942 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-45146 (An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA b ...) + NOT-FOR-US: FIPS provider for Bouncycastle, not part of the Debian package for Bouncycastle +CVE-2022-45145 (egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS comman ...) + - chicken (Windows-specific) + NOTE: https://lists.gnu.org/archive/html/chicken-announce/2022-11/msg00000.html + NOTE: https://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commitdiff;h=a08f8f548d772ef410c672ba33a27108d8d434f3;hp=9c6fb001c25de4390f46ffd7c3c94237f4df92a9 +CVE-2022-45144 (Algoo Tracim before 4.4.2 allows XSS via HTML file upload.) + NOT-FOR-US: Algoo Tracim +CVE-2022-3941 (A vulnerability has been found in Activity Log Plugin and classified a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3940 (A vulnerability, which was classified as problematic, was found in lan ...) + NOT-FOR-US: lanyulei ferry +CVE-2022-3939 (A vulnerability, which was classified as critical, has been found in l ...) + NOT-FOR-US: lanyulei ferry +CVE-2022-3938 + REJECTED +CVE-2022-3937 (The Easy Video Player WordPress plugin before 1.2.2.3 does not sanitiz ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3936 (The Team Members WordPress plugin before 5.2.1 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3935 (The Welcart e-Commerce WordPress plugin before 2.8.4 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3934 (The FlatPM WordPress plugin before 3.0.13 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3933 (The Essential Real Estate WordPress plugin before 3.9.6 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45143 (The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and ...) + {DSA-5381-1} + - tomcat9 9.0.70-1 + [buster] - tomcat9 (The vulnerable code was introduced later) + - tomcat8 + NOTE: https://github.com/apache/tomcat/commit/b336f4e58893ea35114f1e4a415657f723b1298e (9.0.69) + NOTE: https://github.com/apache/tomcat/commit/0cab3a56bd89f70e7481bb0d68395dc7e130dbbf (8.5.84) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/03/1 +CVE-2022-45142 (The fix for CVE-2022-3437 included changing memcmp to be constant time ...) + {DSA-5344-1 DLA-3311-1} + - heimdal 7.8.git20221117.28daf24+dfsg-1.1 (bug #1030849) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/08/1 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15296 +CVE-2022-45141 (Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerabili ...) + - samba 2:4.16.0+dfsg-2 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-45141.html +CVE-2022-45140 (The configuration backend allows an unauthenticated user to write arbi ...) + NOT-FOR-US: WAGO +CVE-2022-45139 (A CORS Misconfiguration in the web-based management allows a malicious ...) + NOT-FOR-US: WAGO +CVE-2022-45138 (The configuration backend of the web-based management can be used by u ...) + NOT-FOR-US: WAGO +CVE-2022-45137 (The configuration backend of the web-based management is vulnerable to ...) + NOT-FOR-US: WAGO +CVE-2022-45136 (Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisa ...) + - apache-jena 4.5.0-1 (bug #1024738) + NOTE: https://www.openwall.com/lists/oss-security/2022/11/14/5 + NOTE: The SDB module was removed after 3.17.0, marking 4.5.0 as fixed: https://jena.apache.org/documentation/archive/sdb/ +CVE-2022-45135 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Apache Cocoon +CVE-2022-43668 (Typora versions prior to 1.4.4 fails to properly neutralize JavaScript ...) + NOT-FOR-US: Typora +CVE-2022-3932 + RESERVED +CVE-2022-3931 + REJECTED +CVE-2022-3930 (The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR v ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3929 (Communication between the client and the server application of the aff ...) + NOT-FOR-US: Hitachi +CVE-2022-3928 (Hardcoded credential is found in affected products' message queue. An ...) + NOT-FOR-US: Hitachi +CVE-2022-3927 (The affected products store both public and private key that are used ...) + NOT-FOR-US: Hitachi +CVE-2022-3926 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3925 (The buddybadges WordPress plugin through 1.0.0 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3924 (This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` ...) + {DSA-5329-1} + - bind9 1:9.18.11-1 + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-3924 +CVE-2022-3923 (The ActiveCampaign for WooCommerce WordPress plugin before 1.9.8 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3922 (The Broken Link Checker WordPress plugin before 1.11.20 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45134 + RESERVED +CVE-2022-45133 + RESERVED +CVE-2022-45132 (In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, r ...) + - lava 2023.01-1 (bug #1024428) + [bullseye] - lava (Vulnerable code not present) + [buster] - lava (Vulnerable code not present) + NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/ + NOTE: https://git.lavasoftware.org/lava/lava/-/commit/ab17e8304f10c7c0fe912067f2ed85a4753241c7 (2022.11.1) +CVE-2022-45131 + RESERVED +CVE-2022-45130 (Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/command ...) + NOT-FOR-US: Plesk +CVE-2022-45129 (Payara before 2022-11-04, when deployed to the root context, allows at ...) + NOT-FOR-US: Payara +CVE-2022-45128 (Improper authorization in the Intel(R) EMA software before version 1.9 ...) + NOT-FOR-US: Intel +CVE-2022-45117 + RESERVED +CVE-2022-45114 + RESERVED +CVE-2022-45109 (Improper initialization for some Intel Unison software may allow an au ...) + NOT-FOR-US: Intel +CVE-2022-44612 (Use of hard-coded credentials in some Intel(R) Unison(TM) software bef ...) + NOT-FOR-US: Intel +CVE-2022-44611 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2022-43505 (Insufficient control flow management in the BIOS firmware for some Int ...) + NOT-FOR-US: Intel +CVE-2022-43477 (Incomplete cleanup for some Intel Unison software may allow an authent ...) + NOT-FOR-US: Intel +CVE-2022-41808 (Improper buffer restriction in software for the Intel QAT Driver for L ...) + NOT-FOR-US: Intel +CVE-2022-41659 (Improper access control for some Intel Unison software may allow a pri ...) + NOT-FOR-US: Intel +CVE-2022-3921 (The Listingo WordPress theme before 3.2.7 does not validate files to b ...) + NOT-FOR-US: Listingo WordPress theme +CVE-2022-3920 (HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filt ...) + - consul (Vulnerable code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-28-consul-cluster-peering-leaks-imported-nodes-services-information/46946 +CVE-2022-45108 + RESERVED +CVE-2022-45107 + RESERVED +CVE-2022-45106 + RESERVED +CVE-2022-45105 + RESERVED +CVE-2022-45104 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) + NOT-FOR-US: Dell +CVE-2022-45103 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) + NOT-FOR-US: Dell +CVE-2022-45102 (Dell EMC Data Protection Central, versions 19.1 through 19.7, contains ...) + NOT-FOR-US: EMC +CVE-2022-45101 (Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling ...) + NOT-FOR-US: Dell +CVE-2022-45100 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Cert ...) + NOT-FOR-US: Dell +CVE-2022-45099 (Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding f ...) + NOT-FOR-US: Dell +CVE-2022-45098 (Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of ...) + NOT-FOR-US: Dell +CVE-2022-45097 (Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Manag ...) + NOT-FOR-US: Dell +CVE-2022-45096 (Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface ...) + NOT-FOR-US: Dell +CVE-2022-45095 (Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulner ...) + NOT-FOR-US: Dell +CVE-2022-45094 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2022-45093 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2022-45092 (A vulnerability has been identified in SINEC INS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2022-45091 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45090 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45089 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45088 (Improper Input Validation vulnerability in Group Arge Energy and Contr ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45087 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45086 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45085 (Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy ...) + NOT-FOR-US: Group Arge Energy and Control Systems Smartpower Web +CVE-2022-45084 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softacul ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45083 + RESERVED +CVE-2022-45082 (Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45081 + RESERVED +CVE-2022-45080 (Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45079 (Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginiz ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45078 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45077 (Auth. (subscriber+) PHP Object Injection vulnerability in Betheme them ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45076 (Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Ele ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45075 + RESERVED +CVE-2022-45074 (Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45073 (Cross-Site Request Forgery (CSRF) vulnerability in REST API Authentica ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45072 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45071 (Cross-Site Request Forgery (CSRF) vulnerability in WPML Multilingual C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45070 + RESERVED +CVE-2022-45069 (Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45068 (Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercad ...) + NOT-FOR-US: Mercado +CVE-2022-45067 (Cross-Site Request Forgery (CSRF) vulnerability inDevsCred Exclusive A ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45066 (Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45065 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45064 (The SlingRequestDispatcher doesn't correctly implement the RequestDisp ...) + NOT-FOR-US: Apache Sling +CVE-2022-3919 (The Jetpack CRM WordPress plugin before 5.4.3 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3918 (A program using FoundationNetworking in swift-corelibs-foundation is p ...) + NOT-FOR-US: swift-corelibs-foundation +CVE-2022-3917 (Improper access control of bootloader functionwas discovered in Motoro ...) + NOT-FOR-US: Motorola +CVE-2022-3916 (A flaw was found in the offline_access scope in Keycloak. This issue w ...) + NOT-FOR-US: Keycloak +CVE-2022-3915 (The Dokan WordPress plugin before 3.7.6 does not properly sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3914 + RESERVED +CVE-2022-3913 (Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to v ...) + NOT-FOR-US: Rapid7 +CVE-2022-3912 (The User Registration WordPress plugin before 2.2.4.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3911 (The iubenda WordPress plugin before 3.3.3 does does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3910 (Use After Free vulnerability in Linux Kernel allows Privilege Escalati ...) + - linux 5.19.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fc7222c3a9f56271fba02aabbfbae999042f1679 (6.0-rc6) +CVE-2022-3909 (The Add Comments WordPress plugin through 1.0.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45063 (xterm before 375 allows code execution via font ops, e.g., because an ...) + - xterm 375-1 + [bullseye] - xterm (Minor issue; mitigated by default in Debian) + [buster] - xterm (Minor issue; mitigated by default in Debian) + NOTE: https://www.openwall.com/lists/oss-security/2022/11/10/1 + NOTE: Debian sets defaults for allowWindowOps and allowFontOps resources to false since + NOTE: 238-1, mitigating the issue. +CVE-2022-45062 (In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there i ...) + {DSA-5296-1} + - xfce4-settings 4.16.4-1 (bug #1023732) + [buster] - xfce4-settings (The vulnerable code was introduced later) + NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 + NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1) + NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4) + NOTE: Regression from the CVE fix with filenames with spaces: + NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/403 + NOTE: https://gitlab.xfce.org/xfce/xfce4-settings/-/merge_requests/85 +CVE-2022-45061 (An issue was discovered in Python before 3.11.1. An unnecessary quadra ...) + {DLA-3477-1 DLA-3432-1} + - python3.11 3.11.1-1 + - python3.10 3.10.9-1 + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python2.7 + [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + NOTE: https://github.com/python/cpython/issues/98433 + NOTE: https://github.com/python/cpython/pull/99092 + NOTE: https://github.com/python/cpython/commit/a6f6c3a3d6f2b580f2d87885c9b8a9350ad7bf15 (v3.11.1) + NOTE: https://github.com/python/cpython/commit/9bb8e18ca46fe66fa6802602f8a7228a24dd785f (v3.10.9) + NOTE: https://github.com/python/cpython/commit/c09dba57cfbbf74273ce44b1f48f71b46806605c (v3.9.16) + NOTE: https://github.com/python/cpython/commit/82ca2839c9ec6bf9a9400e791a52411824df67f3 (v3.8.16) + NOTE: https://github.com/python/cpython/commit/b0b590be9597fd5919228d251812dd54145f70a7 (v3.7.16) +CVE-2022-45060 (An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and ...) + {DSA-5334-1 DLA-3208-1} + - varnish 7.1.1-1.1 (bug #1023751) + NOTE: https://varnish-cache.org/security/VSV00011.html + NOTE: https://github.com/varnishcache/varnish-cache/commit/515a93df894430767073ccd8265497b6b25b54b5 +CVE-2022-45059 (An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x be ...) + - varnish 7.1.1-1.1 (bug #1023750) + [bullseye] - varnish (Vulnerable code not present, only affects Varnish 7) + [buster] - varnish (Vulnerable code not present, only affects Varnish 7) + NOTE: https://varnish-cache.org/security/VSV00010.html + NOTE: https://github.com/varnishcache/varnish-cache/commit/fcf5722af75fdbf58dd425dd68d0beaa49bab4f4 +CVE-2022-3908 (The Helloprint WordPress plugin before 1.4.7 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3907 (The Clerk WordPress plugin before 4.0.0 is affected by time-based atta ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3906 (The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3905 + REJECTED +CVE-2022-3904 (The MonsterInsights WordPress plugin before 8.9.1 does not sanitize or ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3903 (An incorrect read request flaw was found in the Infrared Transceiver U ...) + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 +CVE-2022-3902 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3901 (Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute ...) + NOT-FOR-US: Visioweb.js +CVE-2022-3900 (The Cooked Pro WordPress plugin before 1.7.5.7 does not properly valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45058 + RESERVED +CVE-2022-45057 + RESERVED +CVE-2022-45056 + RESERVED +CVE-2022-45055 + RESERVED +CVE-2022-45054 + RESERVED +CVE-2022-45053 + RESERVED +CVE-2022-45052 (A Local File Inclusion vulnerability has been found in Axiell Iguana C ...) + NOT-FOR-US: Axiell Iguana CMS +CVE-2022-45051 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) + NOT-FOR-US: Axiell Iguana CMS +CVE-2022-45050 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) + NOT-FOR-US: Axiell Iguana CMS +CVE-2022-45049 (A reflected XSS vulnerability has been found in Axiell Iguana CMS, all ...) + NOT-FOR-US: Axiell Iguana CMS +CVE-2022-45048 (Authenticated users with appropriate privileges can create policies ha ...) + NOT-FOR-US: Apache Ranger +CVE-2022-45047 (Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvide ...) + NOT-FOR-US: Apache Mina SSHD +CVE-2022-45046 + REJECTED +CVE-2022-3899 + RESERVED +CVE-2022-3898 (The WP Affiliate Platform plugin for WordPress is vulnerable to Cross- ...) + NOT-FOR-US: WP Affiliate Platform plugin for WordPress +CVE-2022-3897 (The WP Affiliate Platform plugin for WordPress is vulnerable to Stored ...) + NOT-FOR-US: WP Affiliate Platform plugin for WordPress +CVE-2022-3896 (The WP Affiliate Platform plugin for WordPress is vulnerable to Reflec ...) + NOT-FOR-US: WP Affiliate Platform plugin for WordPress +CVE-2022-3895 (Some UI elements of the Common User Interface Component are not proper ...) + NOT-FOR-US: BlueSpice +CVE-2022-3894 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3893 (Cross-site Scripting (XSS) vulnerability in BlueSpiceCustomMenu extens ...) + NOT-FOR-US: BlueSpice +CVE-2022-3892 (The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3891 (The WP FullCalendar WordPress plugin before 1.5 does not ensure that t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-45045 (Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.1 ...) + NOT-FOR-US: Xiongmai +CVE-2022-3890 (Heap buffer overflow in Crashpad in Google Chrome on Android prior to ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3889 (Type confusion in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3888 (Use after free in WebCodecs in Google Chrome prior to 107.0.5304.106 a ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3887 (Use after free in Web Workers in Google Chrome prior to 107.0.5304.106 ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3886 (Use after free in Speech Recognition in Google Chrome prior to 107.0.5 ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3885 (Use after free in V8 in Google Chrome prior to 107.0.5304.106 allowed ...) + {DSA-5275-1} + - chromium 107.0.5304.110-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3884 (Incorrect Default Permissions vulnerability in Hitachi Ops Center Anal ...) + NOT-FOR-US: Hitachi +CVE-2022-45044 (A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All v ...) + NOT-FOR-US: Siemens +CVE-2022-3883 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3882 (The Memory Usage, Memory Limit, PHP and Server Memory Health Check and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3881 (The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3880 (The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enum ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3879 (The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3878 (A vulnerability classified as critical has been found in Maxon ERP. Th ...) + NOT-FOR-US: Maxon ERP +CVE-2022-3877 (A vulnerability, which was classified as problematic, was found in Cli ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-3876 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-3875 (A vulnerability classified as critical was found in Click Studios Pass ...) + NOT-FOR-US: Click Studios Passwordstate and Passwordstate Browser Extension Chrome +CVE-2022-3874 (A command injection flaw was found in foreman. This flaw allows an aut ...) + - foreman (bug #663101) +CVE-2022-3873 (Cross-site Scripting (XSS) - DOM in GitHub repository jgraph/drawio pr ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3872 (An off-by-one read/write issue was found in the SDHCI device of QEMU. ...) + - qemu (bug #1024022) + [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) + [buster] - qemu (Minor issue, DoS, waiting for sanctioned patch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2140567 + NOTE: patch proposal 1: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01068.html + NOTE: patch proposal 2: https://lists.nongnu.org/archive/html/qemu-devel/2022-11/msg01161.html + NOTE: No sanctioned upstream patch as of 2023-03-09 +CVE-2022-45043 (Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via gofo ...) + NOT-FOR-US: Tenda +CVE-2022-45042 + RESERVED +CVE-2022-45041 (SQL Injection exits in xinhu < 2.5.0) + NOT-FOR-US: xinhu +CVE-2022-45040 (A cross-site scripting (XSS) vulnerability in /admin/pages/sections_sa ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45039 (An arbitrary file upload vulnerability in the Server Settings module o ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45038 (A cross-site scripting (XSS) vulnerability in /admin/settings/save.php ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45037 (A cross-site scripting (XSS) vulnerability in /admin/users/index.php o ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45036 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45035 + RESERVED +CVE-2022-45034 + RESERVED +CVE-2022-45033 (A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allo ...) + NOT-FOR-US: Expense Tracker +CVE-2022-45032 + RESERVED +CVE-2022-45031 + RESERVED +CVE-2022-45030 (A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHand ...) + NOT-FOR-US: rConfig +CVE-2022-45029 + RESERVED +CVE-2022-45028 (A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 ...) + NOT-FOR-US: Arris +CVE-2022-45027 (perfSONAR before 4.4.6, when performing participant discovery, incorre ...) + NOT-FOR-US: perfSONAR +CVE-2022-45026 (An issue in Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode an ...) + NOT-FOR-US: Markdown Preview Enhanced +CVE-2022-45025 (Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was d ...) + NOT-FOR-US: Markdown Preview Enhanced +CVE-2022-45024 + RESERVED +CVE-2022-45023 + RESERVED +CVE-2022-45022 + RESERVED +CVE-2022-45021 + RESERVED +CVE-2022-45020 (Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site sc ...) + NOT-FOR-US: Rukovoditel +CVE-2022-45019 (SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: SLiMS 9 Bulian +CVE-2022-45018 + RESERVED +CVE-2022-45017 (A cross-site scripting (XSS) vulnerability in the Overview Page settin ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45016 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45015 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45014 (A cross-site scripting (XSS) vulnerability in the Search Settings modu ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45013 (A cross-site scripting (XSS) vulnerability in the Show Advanced Option ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45012 (A cross-site scripting (XSS) vulnerability in the Modify Page module o ...) + NOT-FOR-US: WBCE CMS +CVE-2022-45011 + RESERVED +CVE-2022-45010 (Simple Phone Book/Directory Web App v1.0 was discovered to contain a S ...) + NOT-FOR-US: Simple Phone Book/Directory Web App +CVE-2022-45009 (Online Leave Management System v1.0 was discovered to contain an arbit ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-45008 (Online Leave Management System v1.0 was discovered to contain a stored ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-45007 + RESERVED +CVE-2022-45006 + RESERVED +CVE-2022-45005 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) + NOT-FOR-US: IP-COM EW9 +CVE-2022-45004 (Gophish through 0.12.1 was discovered to contain a cross-site scriptin ...) + NOT-FOR-US: Gophish +CVE-2022-45003 (Gophish through 0.12.1 allows attackers to cause a Denial of Service ( ...) + NOT-FOR-US: Gophish +CVE-2022-45002 + RESERVED +CVE-2022-45001 + RESERVED +CVE-2022-45000 + RESERVED +CVE-2022-44999 + RESERVED +CVE-2022-44998 + RESERVED +CVE-2022-44997 + RESERVED +CVE-2022-44996 + RESERVED +CVE-2022-44995 + RESERVED +CVE-2022-44994 + RESERVED +CVE-2022-44993 + RESERVED +CVE-2022-44992 + RESERVED +CVE-2022-44991 + RESERVED +CVE-2022-44990 + RESERVED +CVE-2022-44989 + RESERVED +CVE-2022-44988 + RESERVED +CVE-2022-44987 + RESERVED +CVE-2022-44986 + RESERVED +CVE-2022-44985 + RESERVED +CVE-2022-44984 + RESERVED +CVE-2022-44983 + RESERVED +CVE-2022-44982 + RESERVED +CVE-2022-44981 + RESERVED +CVE-2022-44980 + RESERVED +CVE-2022-44979 + RESERVED +CVE-2022-44978 + RESERVED +CVE-2022-44977 + RESERVED +CVE-2022-44976 + RESERVED +CVE-2022-44975 + RESERVED +CVE-2022-44974 + RESERVED +CVE-2022-44973 + RESERVED +CVE-2022-44972 + RESERVED +CVE-2022-44971 + RESERVED +CVE-2022-44970 + RESERVED +CVE-2022-44969 + RESERVED +CVE-2022-44968 + RESERVED +CVE-2022-44967 + RESERVED +CVE-2022-44966 + RESERVED +CVE-2022-44965 + RESERVED +CVE-2022-44964 + RESERVED +CVE-2022-44963 + RESERVED +CVE-2022-44962 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44961 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44960 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44959 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44958 + RESERVED +CVE-2022-44957 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44956 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44955 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44954 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44953 (webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: webtareas +CVE-2022-44952 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44951 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44950 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44949 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44948 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44947 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44946 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44945 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44944 (Rukovoditel v3.2.1 was discovered to contain a stored cross-site scrip ...) + NOT-FOR-US: Rukovoditel +CVE-2022-44943 + RESERVED +CVE-2022-44942 (Casdoor before v1.126.1 was discovered to contain an arbitrary file de ...) + NOT-FOR-US: Casdoor +CVE-2022-44941 + RESERVED +CVE-2022-44940 (Patchelf v0.9 was discovered to contain an out-of-bounds read via the ...) + - patchelf (unimportant) + NOTE: https://github.com/NixOS/patchelf/pull/419 + NOTE: https://github.com/NixOS/patchelf/commit/96c8422e374064c3407e73e8b1e4995f95e0a9e0 (0.16.0) + NOTE: Crash in CLI tool, no securiy impact +CVE-2022-44939 (Efs Software Easy Chat Server Version 3.1 was discovered to contain a ...) + NOT-FOR-US: Efs Software Easy Chat Server +CVE-2022-44938 (Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attac ...) + NOT-FOR-US: SeedDMS +CVE-2022-44937 (Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery ...) + NOT-FOR-US: BossCMS +CVE-2022-44936 + RESERVED +CVE-2022-44935 + RESERVED +CVE-2022-44934 + RESERVED +CVE-2022-44933 + RESERVED +CVE-2022-44932 (An access control issue in Tenda A18 v15.13.07.09 allows unauthenticat ...) + NOT-FOR-US: Tenda +CVE-2022-44931 (Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-44930 (D-Link DHP-W310AV 3.10EU was discovered to contain a command injection ...) + NOT-FOR-US: D-Link +CVE-2022-44929 (An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthent ...) + NOT-FOR-US: D-Link +CVE-2022-44928 (D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injecti ...) + NOT-FOR-US: D-Link +CVE-2022-44927 + RESERVED +CVE-2022-44926 + RESERVED +CVE-2022-44925 + RESERVED +CVE-2022-44924 + RESERVED +CVE-2022-44923 + RESERVED +CVE-2022-44922 + RESERVED +CVE-2022-44921 + RESERVED +CVE-2022-44920 + RESERVED +CVE-2022-44919 + RESERVED +CVE-2022-44918 + RESERVED +CVE-2022-44917 + RESERVED +CVE-2022-44916 + RESERVED +CVE-2022-44915 + RESERVED +CVE-2022-44914 + RESERVED +CVE-2022-44913 + RESERVED +CVE-2022-44912 + RESERVED +CVE-2022-44911 + RESERVED +CVE-2022-44910 (Binbloom 2.0 was discovered to contain a heap buffer overflow via the ...) + NOT-FOR-US: Binbloom +CVE-2022-44909 + RESERVED +CVE-2022-44908 + RESERVED +CVE-2022-44907 + RESERVED +CVE-2022-44906 + RESERVED +CVE-2022-44905 + RESERVED +CVE-2022-44904 + RESERVED +CVE-2022-44903 + RESERVED +CVE-2022-44902 + RESERVED +CVE-2022-44901 + RESERVED +CVE-2022-44900 (A directory traversal vulnerability in the SevenZipFile.extractall() f ...) + - py7zr 0.11.3+dfsg-5 (bug #1032091) + NOTE: https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 (v0.20.1) + NOTE: https://lessonsec.com/cve/cve-2022-44900/ +CVE-2022-44899 + RESERVED +CVE-2022-44898 (The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not p ...) + NOT-FOR-US: Asus Aura Sync +CVE-2022-44897 (A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuild ...) + NOT-FOR-US: ApolloTheme AP PageBuilder +CVE-2022-44896 + RESERVED +CVE-2022-44895 + RESERVED +CVE-2022-44894 + RESERVED +CVE-2022-44893 + RESERVED +CVE-2022-44892 + RESERVED +CVE-2022-44891 + RESERVED +CVE-2022-44890 + RESERVED +CVE-2022-44889 + RESERVED +CVE-2022-44888 + RESERVED +CVE-2022-44887 + RESERVED +CVE-2022-44886 + RESERVED +CVE-2022-44885 + RESERVED +CVE-2022-44884 + RESERVED +CVE-2022-44883 + RESERVED +CVE-2022-44882 + RESERVED +CVE-2022-44881 + RESERVED +CVE-2022-44880 + RESERVED +CVE-2022-44879 + RESERVED +CVE-2022-44878 + RESERVED +CVE-2022-44877 (login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 b ...) + NOT-FOR-US: CWP (aka Control Web Panel or CentOS Web Panel) +CVE-2022-44876 + RESERVED +CVE-2022-44875 (KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.All ...) + NOT-FOR-US: KioWare +CVE-2022-44874 (wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered t ...) + NOT-FOR-US: wasm3 +CVE-2022-44873 + RESERVED +CVE-2022-44872 + RESERVED +CVE-2022-44871 + RESERVED +CVE-2022-44870 (A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022 ...) + NOT-FOR-US: maccms10 +CVE-2022-44869 + RESERVED +CVE-2022-44868 + RESERVED +CVE-2022-44867 + RESERVED +CVE-2022-44866 + RESERVED +CVE-2022-44865 + RESERVED +CVE-2022-44864 + RESERVED +CVE-2022-44863 + RESERVED +CVE-2022-44862 + RESERVED +CVE-2022-44861 + RESERVED +CVE-2022-44860 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44859 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44858 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44857 + RESERVED +CVE-2022-44856 + RESERVED +CVE-2022-44855 + RESERVED +CVE-2022-44854 + RESERVED +CVE-2022-44853 + RESERVED +CVE-2022-44852 + RESERVED +CVE-2022-44851 + RESERVED +CVE-2022-44850 + RESERVED +CVE-2022-44849 (A Cross-Site Request Forgery (CSRF) in the Administrator List of MetIn ...) + NOT-FOR-US: MetInfo +CVE-2022-44848 + RESERVED +CVE-2022-44847 + RESERVED +CVE-2022-44846 + RESERVED +CVE-2022-44845 + RESERVED +CVE-2022-44844 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44843 (TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44842 + RESERVED +CVE-2022-44841 + RESERVED +CVE-2022-44840 (Heap buffer overflow vulnerability in binutils readelf before 2.40 via ...) + - binutils 2.40-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29732 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=28750e3b967da2207d51cbce9fc8be262817ee59 + NOTE: binutils not covered by security support +CVE-2022-44839 + RESERVED +CVE-2022-44838 (Automotive Shop Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44837 + RESERVED +CVE-2022-44836 + RESERVED +CVE-2022-44835 + RESERVED +CVE-2022-44834 + RESERVED +CVE-2022-44833 + RESERVED +CVE-2022-44832 (D-Link DIR-3040 device with firmware 120B03 was discovered to contain ...) + NOT-FOR-US: D-Link +CVE-2022-44831 + RESERVED +CVE-2022-44830 (Sourcecodester Event Registration App v1.0 was discovered to contain m ...) + NOT-FOR-US: Sourcecodester Event Registration App +CVE-2022-44829 + RESERVED +CVE-2022-44828 + RESERVED +CVE-2022-44827 + RESERVED +CVE-2022-44826 + RESERVED +CVE-2022-44825 + RESERVED +CVE-2022-44824 + RESERVED +CVE-2022-44823 + RESERVED +CVE-2022-44822 + RESERVED +CVE-2022-44821 + RESERVED +CVE-2022-44820 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44819 + RESERVED +CVE-2022-44818 + RESERVED +CVE-2022-44817 + RESERVED +CVE-2022-44816 + RESERVED +CVE-2022-44815 + RESERVED +CVE-2022-44814 + RESERVED +CVE-2022-44813 + RESERVED +CVE-2022-44812 + RESERVED +CVE-2022-44811 + RESERVED +CVE-2022-44810 + RESERVED +CVE-2022-44809 + RESERVED +CVE-2022-44808 (A command injection vulnerability has been found on D-Link DIR-823G de ...) + NOT-FOR-US: D-Link +CVE-2022-44807 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow vi ...) + NOT-FOR-US: D-Link +CVE-2022-44806 (D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.) + NOT-FOR-US: D-Link +CVE-2022-44805 + RESERVED +CVE-2022-44804 (D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via ...) + NOT-FOR-US: D-Link +CVE-2022-44803 + RESERVED +CVE-2022-44802 + RESERVED +CVE-2022-44801 (D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control.) + NOT-FOR-US: D-Link +CVE-2022-44800 + RESERVED +CVE-2022-44799 + RESERVED +CVE-2022-44798 + RESERVED +CVE-2022-44797 (btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta a ...) + NOT-FOR-US: btcd +CVE-2022-44796 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Th ...) + NOT-FOR-US: Object First +CVE-2022-44795 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A ...) + NOT-FOR-US: Object First +CVE-2022-44794 (An issue was discovered in Object First Ootbi BETA build 1.0.7.712. Ma ...) + NOT-FOR-US: Object First +CVE-2022-44793 (handle_ipv6IpForwarding in agent/mibgroup/ip-mib/ip_scalars.c in Net-S ...) + {DLA-3270-1} + - net-snmp 5.9.3+dfsg-2 (bug #1024020) + [bullseye] - net-snmp (Minor issue) + NOTE: https://github.com/net-snmp/net-snmp/issues/475 + NOTE: https://gist.github.com/menglong2234/d07a65b5028145c9f4e1d1db8c4c202f + NOTE: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 +CVE-2022-44792 (handle_ipDefaultTTL in agent/mibgroup/ip-mib/ip_scalars.c in Net-SNMP ...) + {DLA-3270-1} + - net-snmp 5.9.3+dfsg-2 (bug #1024020) + [bullseye] - net-snmp (Minor issue) + NOTE: https://github.com/net-snmp/net-snmp/issues/474 + NOTE: https://gist.github.com/menglong2234/b7bc13ae1a144f47cc3c95a7ea062428 + NOTE: https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 +CVE-2022-44791 + RESERVED +CVE-2022-44790 (Interspire Email Marketer through 6.5.1 allows SQL Injection via the s ...) + NOT-FOR-US: Interspire Email Marketer +CVE-2022-44789 (A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 ...) + {DSA-5291-1} + - mujs 1.3.2-1 (bug #1024769) + NOTE: https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt + NOTE: Fixed by: https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f (1.3.2) +CVE-2022-44788 (An issue was discovered in Appalti & Contratti 9.12.2. It allows Sessi ...) + NOT-FOR-US: Appalti & Contratti +CVE-2022-44787 (An issue was discovered in Appalti & Contratti 9.12.2. The web applica ...) + NOT-FOR-US: Appalti & Contratti +CVE-2022-44786 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) + NOT-FOR-US: Appalti & Contratti +CVE-2022-44785 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) + NOT-FOR-US: Appalti & Contratti +CVE-2022-44784 (An issue was discovered in Appalti & Contratti 9.12.2. The target web ...) + NOT-FOR-US: Appalti & Contratti +CVE-2022-44619 (Insecure storage of sensitive information in the Intel(R) DCM software ...) + NOT-FOR-US: Intel +CVE-2022-44610 (Improper authentication in the Intel(R) DCM software before version 5. ...) + NOT-FOR-US: Intel +CVE-2022-43507 (Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL be ...) + NOT-FOR-US: Intel +CVE-2022-43475 (Insecure storage of sensitive information in the Intel(R) DCM software ...) + NOT-FOR-US: Intel +CVE-2022-43465 (Improper authorization in the Intel(R) SCS software all versions may a ...) + NOT-FOR-US: Intel +CVE-2022-43456 (Uncontrolled search path in some Intel(R) RST software before versions ...) + NOT-FOR-US: Intel +CVE-2022-41998 (Uncontrolled search path in the Intel(R) DCM software before version 5 ...) + NOT-FOR-US: Intel +CVE-2022-41979 (Protection mechanism failure in the Intel(R) DCM software before versi ...) + NOT-FOR-US: Intel +CVE-2022-41625 + RESERVED +CVE-2022-41610 (Improper authorization in Intel(R) EMA Configuration Tool before versi ...) + NOT-FOR-US: Intel +CVE-2022-3871 + RESERVED +CVE-2022-3870 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-44783 + RESERVED +CVE-2022-44782 + RESERVED +CVE-2022-44781 + RESERVED +CVE-2022-44780 + RESERVED +CVE-2022-3869 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.38.2 ...) + - froxlor (bug #581792) +CVE-2022-3868 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-44779 + RESERVED +CVE-2022-44778 + RESERVED +CVE-2022-44777 + RESERVED +CVE-2022-44776 + RESERVED +CVE-2022-44775 + RESERVED +CVE-2022-44774 + RESERVED +CVE-2022-44773 + RESERVED +CVE-2022-44772 + RESERVED +CVE-2022-44771 + RESERVED +CVE-2022-44770 + RESERVED +CVE-2022-44769 + RESERVED +CVE-2022-44768 + RESERVED +CVE-2022-44767 + RESERVED +CVE-2022-44766 + RESERVED +CVE-2022-44765 + RESERVED +CVE-2022-44764 + RESERVED +CVE-2022-44763 + RESERVED +CVE-2022-44762 + RESERVED +CVE-2022-44761 + RESERVED +CVE-2022-44760 + RESERVED +CVE-2022-44759 + RESERVED +CVE-2022-44758 (BigFix Insights/IVR fixlet uses improper credential handling within ce ...) + NOT-FOR-US: HCL +CVE-2022-44757 (BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptogr ...) + NOT-FOR-US: HCL +CVE-2022-44756 (Insights for Vulnerability Remediation (IVR) is vulnerable toimproper ...) + NOT-FOR-US: HCL +CVE-2022-44755 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) + NOT-FOR-US: IBM +CVE-2022-44754 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) + NOT-FOR-US: IBM +CVE-2022-44753 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) + NOT-FOR-US: IBM +CVE-2022-44752 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) + NOT-FOR-US: IBM +CVE-2022-44751 (HCL Notes is susceptible to a stack based buffer overflow vulnerabilit ...) + NOT-FOR-US: IBM +CVE-2022-44750 (HCL Domino is susceptible to a stack based buffer overflow vulnerabili ...) + NOT-FOR-US: IBM +CVE-2022-44747 (Local privilege escalation due to improper soft link handling. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-44746 (Sensitive information disclosure due to insecure folder permissions. T ...) + NOT-FOR-US: Acronis +CVE-2022-44745 (Sensitive information leak through log files. The following products a ...) + NOT-FOR-US: Acronis +CVE-2022-44744 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-44743 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Blu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44742 (Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Le ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44741 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44740 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44739 (Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurant ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44738 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44737 (Multiple Cross-Site Request Forgery vulnerabilities inAll-In-One Secur ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44736 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cham ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44735 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gus ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44734 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Best ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44733 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-44732 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-3867 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream su ...) + - nomad (Only affects 1.4) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168 +CVE-2022-3866 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identi ...) + - nomad (Only affects 1.4) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167 +CVE-2022-3865 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3864 + RESERVED +CVE-2022-3863 (Use after free in Browser History in Google Chrome prior to 100.0.4896 ...) + {DSA-5114-1} + - chromium 100.0.4896.75-1 + [buster] - chromium (see DSA 5046) +CVE-2023-21418 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) + NOT-FOR-US: AXIS OS +CVE-2023-21417 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found tha ...) + NOT-FOR-US: AXIS OS +CVE-2023-21416 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) + NOT-FOR-US: AXIS OS +CVE-2023-21415 (Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that ...) + NOT-FOR-US: AXIS OS +CVE-2023-21414 (NCC Group has found a flaw during the annual internal penetration test ...) + NOT-FOR-US: AXIS OS +CVE-2023-21413 (GoSecure on behalf of Genetec Inc. has found a flaw that allows for a ...) + NOT-FOR-US: AXIS OS +CVE-2023-21412 (User provided input is not sanitized on the AXIS License Plate Verifie ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21411 (User provided input is not sanitized in the \u201cSettings > Access Co ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21410 (User provided input is not sanitized on the AXIS License Plate Verifie ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21409 (Due to insufficient file permissions, unprivileged users could gain ac ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21408 (Due to insufficient file permissions, unprivileged users could gain ac ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21407 (A broken access control was found allowing for privileged escalation o ...) + NOT-FOR-US: AXIS License Plate Verifier +CVE-2023-21406 (Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A ...) + NOT-FOR-US: AXIS +CVE-2023-21405 (Knud from Fraktal.fi has found a flaw in some Axis Network Door Contro ...) + NOT-FOR-US: AXIS +CVE-2023-21404 (AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components ...) + NOT-FOR-US: AXIS OS +CVE-2022-44749 (A directory traversal vulnerability in the ZIP archive extraction rout ...) + NOT-FOR-US: KNIME +CVE-2022-44748 (A directory traversal vulnerability in the ZIP archive extraction rout ...) + NOT-FOR-US: KNIME +CVE-2022-44731 (A vulnerability has been identified in SIMATIC WinCC OA V3.15 (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-44730 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) + {DLA-3619-1} + - batik 1.17+dfsg-1 + [bookworm] - batik 1.16+dfsg-1+deb12u1 + [bullseye] - batik 1.12-4+deb11u2 + NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/3 + NOTE: https://issues.apache.org/jira/browse/BATIK-1347 +CVE-2022-44729 (Server-Side Request Forgery (SSRF) vulnerability in Apache Software Fo ...) + {DLA-3619-1} + - batik 1.17+dfsg-1 + [bookworm] - batik 1.16+dfsg-1+deb12u1 + [bullseye] - batik 1.12-4+deb11u2 + NOTE: https://www.openwall.com/lists/oss-security/2023/08/22/2 + NOTE: https://issues.apache.org/jira/browse/BATIK-1349 +CVE-2022-44728 + RESERVED +CVE-2022-44727 (The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for Pres ...) + NOT-FOR-US: PrestaShop module +CVE-2022-44726 (The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS i ...) + NOT-FOR-US: TouchDown Timesheet tracking component for Jira +CVE-2022-44725 (OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses ...) + NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) +CVE-2022-44724 (The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Da ...) + NOT-FOR-US: Stiltsoft +CVE-2022-44723 + RESERVED +CVE-2022-44722 + RESERVED +CVE-2022-44721 + REJECTED +CVE-2022-44720 (An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Inj ...) + NOT-FOR-US: Weblib Ucopia +CVE-2022-44719 (An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server ...) + NOT-FOR-US: Weblib Ucopia +CVE-2022-44718 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) + NOT-FOR-US: NetScout +CVE-2022-44717 (An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open R ...) + NOT-FOR-US: NetScout +CVE-2022-44716 + RESERVED +CVE-2022-44715 (Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allow ...) + NOT-FOR-US: NetScout +CVE-2022-3862 (The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3861 (The Betheme theme for WordPress is vulnerable to PHP Object Injection ...) + NOT-FOR-US: Betheme theme for WordPress +CVE-2022-3860 (The Visual Email Designer for WooCommerce WordPress plugin before 1.7. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3859 (An uncontrolled search path vulnerability exists in Trellix Agent (TA) ...) + NOT-FOR-US: Trellix +CVE-2022-3858 (The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeC ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3857 (A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a s ...) + NOTE: Unreproducible libpng issue + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2142600 + NOTE: https://sourceforge.net/p/libpng/bugs/300/ +CVE-2022-3856 (The Comic Book Management System WordPress plugin before 2.2.0 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2023-21403 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21402 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21401 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21400 (In multiple functions of io_uring.c, there is a possible kernel memor ...) + {DSA-5480-1 DLA-3623-1} + - linux 5.18.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://source.android.com/security/bulletin/pixel/2023-07-01 + NOTE: https://yanglingxi1993.github.io/dirty_pagetable/dirty_pagetable.html + NOTE: https://www.openwall.com/lists/oss-security/2023/07/14/2 + NOTE: https://www.openwall.com/lists/oss-security/2023/07/25/9 + NOTE: https://twitter.com/VAR10CK/status/1683303642173153280 +CVE-2023-21399 (there is a possible way to bypass cryptographic assurances due to a lo ...) + NOT-FOR-US: Android/Pixel kernel +CVE-2023-21398 (In sdksandbox, there is a possible strandhogg style overlay attack due ...) + NOT-FOR-US: Android +CVE-2023-21397 (In Setup Wizard, there is a possible way to save a WiFi network due to ...) + NOT-FOR-US: Android +CVE-2023-21396 (In Activity Manager, there is a possible background activity launch du ...) + NOT-FOR-US: Android +CVE-2023-21395 (In Bluetooth, there is a possible out of bounds read due to a use afte ...) + NOT-FOR-US: Android +CVE-2023-21394 (In registerPhoneAccount of TelecomServiceImpl.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21393 (In Settings, there is a possible way for the user to change SIM due to ...) + NOT-FOR-US: Android +CVE-2023-21392 (In Bluetooth, there is a possible way to corrupt memory due to a use a ...) + NOT-FOR-US: Android +CVE-2023-21391 (In Messaging, there is a possible way to disable the messaging applica ...) + NOT-FOR-US: Android +CVE-2023-21390 (In Sim, there is a possible way to evade mobile preference restriction ...) + NOT-FOR-US: Android +CVE-2023-21389 (In Settings, there is a possible bypass of profile owner restrictions ...) + NOT-FOR-US: Android +CVE-2023-21388 (In Settings, there is a possible restriction bypass due to a missing p ...) + NOT-FOR-US: Android +CVE-2023-21387 (In User Backup Manager, there is a possible way to leak a token to byp ...) + NOT-FOR-US: Android +CVE-2023-21386 + RESERVED +CVE-2023-21385 (In Whitechapel, there is a possible out of bounds read due to memory c ...) + NOT-FOR-US: Android +CVE-2023-21384 (In Package Manager, there is a possible possible permissions bypass du ...) + NOT-FOR-US: Android +CVE-2023-21383 (In Settings, there is a possible way for the user to unintentionally s ...) + NOT-FOR-US: Android +CVE-2023-21382 (In Content Resolver, there is a possible method to access metadata abo ...) + NOT-FOR-US: Android +CVE-2023-21381 (In Media Resource Manager, there is a possible local arbitrary code ex ...) + NOT-FOR-US: Android +CVE-2023-21380 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) + NOT-FOR-US: Android +CVE-2023-21379 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21378 (In Telecomm, there is a possible way to silence the ring for calls of ...) + NOT-FOR-US: Android +CVE-2023-21377 (In SELinux Policy, there is a possible restriction bypass due to a per ...) + NOT-FOR-US: Android +CVE-2023-21376 (In Telephony, there is a possible way to retrieve the ICCID due to a l ...) + NOT-FOR-US: Android +CVE-2023-21375 (In Sysproxy, there is a possible out of bounds write due to an integer ...) + NOT-FOR-US: Android +CVE-2023-21374 (In System UI, there is a possible factory reset protection bypass due ...) + NOT-FOR-US: Android +CVE-2023-21373 (In Telephony, there is a possible way for a guest user to change the p ...) + NOT-FOR-US: Android +CVE-2023-21372 (In libdexfile, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21371 (In Secure Element, there is a possible out of bounds write due to an i ...) + NOT-FOR-US: Android +CVE-2023-21370 (In the Security Element API, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2023-21369 (In Usage Access, there is a possible way to display a Settings usage a ...) + NOT-FOR-US: Android +CVE-2023-21368 (In Audio, there is a possible out of bounds read due to missing bounds ...) + NOT-FOR-US: Android +CVE-2023-21367 (In Scudo, there is a possible way to exploit certain heap OOB read/wri ...) + NOT-FOR-US: Android +CVE-2023-21366 (In Scudo, there is a possible way for an attacker to predict heap allo ...) + NOT-FOR-US: Android +CVE-2023-21365 (In Contacts, there is a possible crash loop due to resource exhaustion ...) + NOT-FOR-US: Android +CVE-2023-21364 (In ContactsProvider, there is a possible crash loop due to resource ex ...) + NOT-FOR-US: Android +CVE-2023-21363 + RESERVED +CVE-2023-21362 (In Usage, there is a possible permanent DoS due to resource exhaustion ...) + NOT-FOR-US: Android +CVE-2023-21361 (In Bluetooth, there is a possibility of code-execution due to a use af ...) + NOT-FOR-US: Android +CVE-2023-21360 (In Bluetooth, there is a possible out of bounds write due to improper ...) + NOT-FOR-US: Android +CVE-2023-21359 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21358 (In UWB Google, there is a possible way for a malicious app to masquera ...) + NOT-FOR-US: Android +CVE-2023-21357 (In NFC, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Android +CVE-2023-21356 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21355 (In libaudioclient, there is a possible out of bounds write due to a us ...) + NOT-FOR-US: Android +CVE-2023-21354 (In Package Manager Service, there is a possible way to determine wheth ...) + NOT-FOR-US: Android +CVE-2023-21353 (In NFA, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Android +CVE-2023-21352 (In NFA, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Android +CVE-2023-21351 (In Activity Manager, there is a possible background activity launch du ...) + NOT-FOR-US: Android +CVE-2023-21350 (In Media Projection, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2023-21349 (In Package Manager, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2023-21348 (In Window Manager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21347 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21346 (In the Device Idle Controller, there is a possible way to determine wh ...) + NOT-FOR-US: Android +CVE-2023-21345 (In Game Manager Service, there is a possible way to determine whether ...) + NOT-FOR-US: Android +CVE-2023-21344 (In Job Scheduler, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21343 (In ActivityStarter, there is a possible background activity launch due ...) + NOT-FOR-US: Android +CVE-2023-21342 (In Speech, there is a possible way to bypass background activity launc ...) + NOT-FOR-US: Android +CVE-2023-21341 (In Permission Manager, there is a possible way to bypass required perm ...) + NOT-FOR-US: Android +CVE-2023-21340 (In Telecomm, there is a possible way to get the call state due to a mi ...) + NOT-FOR-US: Android +CVE-2023-21339 (In Minikin, there is a possible way to trigger ANR by showing a malici ...) + NOT-FOR-US: Android +CVE-2023-21338 (In Input Method, there is a possible way to determine whether an app i ...) + NOT-FOR-US: Android +CVE-2023-21337 (In InputMethod, there is a possible way to determine whether an app is ...) + NOT-FOR-US: Android +CVE-2023-21336 (In Input Method, there is a possible way to determine whether an app i ...) + NOT-FOR-US: Android +CVE-2023-21335 (In Settings, there is a possible way to determine whether an app is in ...) + NOT-FOR-US: Android +CVE-2023-21334 (In App Ops Service, there is a possible disclosure of information abou ...) + NOT-FOR-US: Android +CVE-2023-21333 (In Text Services, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21332 (In Text Services, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21331 (In InputMethod, there is a possible way to determine whether an app is ...) + NOT-FOR-US: Android +CVE-2023-21330 (In Overlay Manager, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2023-21329 (In Activity Manager, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2023-21328 (In Package Installer, there is a possible way to determine whether an ...) + NOT-FOR-US: Android +CVE-2023-21327 (In Permission Manager, there is a possible way to determine whether an ...) + NOT-FOR-US: Android +CVE-2023-21326 (In Package Manager Service, there is a possible way to determine wheth ...) + NOT-FOR-US: Android +CVE-2023-21325 (In Settings, there is a possible way to determine whether an app is in ...) + NOT-FOR-US: Android +CVE-2023-21324 (In Package Installer, there is a possible way to determine whether an ...) + NOT-FOR-US: Android +CVE-2023-21323 (In Activity Manager, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2023-21322 + RESERVED +CVE-2023-21321 (In Package Manager, there is a possible cross-user settings disclosure ...) + NOT-FOR-US: Android +CVE-2023-21320 (In Device Policy, there is a possible way to verify if a particular ad ...) + NOT-FOR-US: Android +CVE-2023-21319 (In UsageStatsService, there is a possible way to read installed 3rd pa ...) + NOT-FOR-US: Android +CVE-2023-21318 (In Content, there is a possible way to determine whether an app is ins ...) + NOT-FOR-US: Android +CVE-2023-21317 (In ContentService, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21316 (In Content, there is a possible way to determine whether an app is ins ...) + NOT-FOR-US: Android +CVE-2023-21315 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...) + NOT-FOR-US: Android +CVE-2023-21314 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2023-21313 (In Core, there is a possible way to forward calls without user knowled ...) + NOT-FOR-US: Android +CVE-2023-21312 (In IntentResolver, there is a possible cross-user media read due to a ...) + NOT-FOR-US: Android +CVE-2023-21311 (In Settings, there is a possible way to control private DNS settings f ...) + NOT-FOR-US: Android +CVE-2023-21310 (In Bluetooth, there is a possible out of bounds write due to a heap bu ...) + NOT-FOR-US: Android +CVE-2023-21309 (In libcore, there is a possible out of bounds read due to a missing bo ...) + NOT-FOR-US: Android +CVE-2023-21308 (In Composer, there is a possible out of bounds read due to a missing b ...) + NOT-FOR-US: Android +CVE-2023-21307 (In Bluetooth, there is a possible way for a paired Bluetooth device to ...) + NOT-FOR-US: Android +CVE-2023-21306 (In ContentService, there is a possible way to read installed sync cont ...) + NOT-FOR-US: Android +CVE-2023-21305 (In Content, there is a possible way to determine whether an app is ins ...) + NOT-FOR-US: Android +CVE-2023-21304 (In Content Service, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2023-21303 (In Content, here is a possible way to determine whether an app is inst ...) + NOT-FOR-US: Android +CVE-2023-21302 (In Package Manager, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2023-21301 (In ActivityManagerService, there is a possible way to determine whethe ...) + NOT-FOR-US: Android +CVE-2023-21300 (In PackageManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2023-21299 (In Package Manager, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2023-21298 (In Slice, there is a possible disclosure of installed applications due ...) + NOT-FOR-US: Android +CVE-2023-21297 (In SEPolicy, there is a possible way to access the factory MAC address ...) + NOT-FOR-US: Android +CVE-2023-21296 (In Permission, there is a possible way to determine whether an app is ...) + NOT-FOR-US: Android +CVE-2023-21295 (In SliceManagerService, there is a possible way to check if a content ...) + NOT-FOR-US: Android +CVE-2023-21294 (In Slice, there is a possible disclosure of installed packages due to ...) + NOT-FOR-US: Android +CVE-2023-21293 (In PackageManagerNative, there is a possible way to determine whether ...) + NOT-FOR-US: Android +CVE-2023-21292 (In openContentUri of ActivityManagerService.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21291 (In visitUris of Notification.java, there is a possible way to reveal i ...) + NOT-FOR-US: Android +CVE-2023-21290 (In update of MmsProvider.java, there is a possible way to bypass file ...) + NOT-FOR-US: Android +CVE-2023-21289 (In multiple locations, there is a possible bypass of a multi user secu ...) + NOT-FOR-US: Android +CVE-2023-21288 (In visitUris of Notification.java, there is a possible way to reveal i ...) + NOT-FOR-US: Android +CVE-2023-21287 (In multiple locations, there is a possible code execution due to type ...) + NOT-FOR-US: Android +CVE-2023-21286 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) + NOT-FOR-US: Android +CVE-2023-21285 (In setMetadata of MediaSessionRecord.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21284 (In multiple functions of DevicePolicyManager.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21283 (In multiple functions of StatusHints.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21282 (In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21281 (In multiple functions of KeyguardViewMediator.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21280 (In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there i ...) + NOT-FOR-US: Android +CVE-2023-21279 (In visitUris of RemoteViews.java, there is a possible cross-user media ...) + NOT-FOR-US: Android +CVE-2023-21278 (In multiple locations, there is a possible way to obscure the micropho ...) + NOT-FOR-US: Android +CVE-2023-21277 (In visitUris of RemoteViews.java, there is a possible way to reveal im ...) + NOT-FOR-US: Android +CVE-2023-21276 (In writeToParcel of CursorWindow.cpp, there is a possible information ...) + NOT-FOR-US: Android +CVE-2023-21275 (In decideCancelProvisioningDialog of AdminIntegratedFlowPrepareActivit ...) + NOT-FOR-US: Android +CVE-2023-21274 (In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21273 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2023-21272 (In readFrom of Uri.java, there is a possible bad URI permission grant ...) + NOT-FOR-US: Android +CVE-2023-21271 (In parseInputs of ShimPreparedModel.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-21270 + RESERVED +CVE-2023-21269 (In startActivityInner of ActivityStarter.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21268 (In update of MmsProvider.java, there is a possible way to change direc ...) + NOT-FOR-US: Android +CVE-2023-21267 (In doKeyguardLocked of KeyguardViewMediator.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21266 (In killBackgroundProcesses of ActivityManagerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-21265 (In multiple locations, there are root CA certificates which need to be ...) + NOT-FOR-US: Android +CVE-2023-21264 (In multiple functions of mem_protect.c, there is a possible way to acc ...) + - linux 6.3.7-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://source.android.com/docs/security/bulletin/2023-08-01 + NOTE: https://git.kernel.org/linus/09cce60bddd6461a93a5bf434265a47827d1bc6f +CVE-2023-21263 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21262 (In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21261 + REJECTED +CVE-2023-21260 (In notification access permission dialog box, malicious application ca ...) + NOT-FOR-US: Android +CVE-2023-21259 + RESERVED +CVE-2023-21258 + RESERVED +CVE-2023-21257 (In updateSettingsInternalLI of InstallPackageHelper.java, there is a p ...) + NOT-FOR-US: Android +CVE-2023-21256 (In SettingsHomepageActivity.java, there is a possible way to launch ar ...) + NOT-FOR-US: Android +CVE-2023-21255 (In multiple functions of binder.c, there is a possible memory corrupti ...) + {DSA-5480-1 DLA-3623-1} + - linux 6.3.7-1 + [bookworm] - linux 6.1.37-1 + NOTE: https://git.kernel.org/linus/bdc1c5fac982845a58d28690cdb56db8c88a530d (6.4-rc4) +CVE-2023-21254 (In getCurrentState of OneTimePermissionUserManager.java, there is a po ...) + NOT-FOR-US: Android +CVE-2023-21253 (In multiple locations, there is a possible way to crash multiple syste ...) + NOT-FOR-US: Android +CVE-2023-21252 (In validatePassword of WifiConfigurationUtil.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21251 (In onCreate of ConfirmDialog.java, there is a possible way to connect ...) + NOT-FOR-US: Android +CVE-2023-21250 (In gatt_end_operation of gatt_utils.cc, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21249 (In multiple functions of OneTimePermissionUserManager.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-21248 (In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController ...) + NOT-FOR-US: Android +CVE-2023-21247 (In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceContr ...) + NOT-FOR-US: Android +CVE-2023-21246 (In ShortcutInfo of ShortcutInfo.java, there is a possible way for an a ...) + NOT-FOR-US: Android +CVE-2023-21245 (In showNextSecurityScreenOrFinish of KeyguardSecurityContainerControll ...) + NOT-FOR-US: Android +CVE-2023-21244 (In visitUris of Notification.java, there is a possible bypass of user ...) + NOT-FOR-US: Android +CVE-2023-21243 (In validateForCommonR1andR2 of PasspointConfiguration.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-21242 (In isServerCertChainValid of InsecureEapNetworkHandler.java, there is ...) + NOT-FOR-US: Android +CVE-2023-21241 (In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21240 (In Policy of Policy.java, there is a possible boot loop due to resourc ...) + NOT-FOR-US: Android +CVE-2023-21239 (In visitUris of Notification.java, there is a possible way to leak ima ...) + NOT-FOR-US: Android +CVE-2023-21238 (In visitUris of RemoteViews.java, there is a possible leak of images b ...) + NOT-FOR-US: Android +CVE-2023-21237 (In applyRemoteView of NotificationContentInflater.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-21236 (In aoc_service_set_read_blocked of aoc.c, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2023-21235 (In onCreate of LockSettingsActivity.java, there is a possible way set ...) + NOT-FOR-US: Android +CVE-2023-21234 (In launchConfirmationActivity of ChooseLockSettingsHelper.java, there ...) + NOT-FOR-US: Android +CVE-2023-21233 (In multiple locations of avrc, there is a possible leak of heap data d ...) + NOT-FOR-US: Android +CVE-2023-21232 (In multiple locations, there is a possible way to retrieve sensor data ...) + NOT-FOR-US: Android +CVE-2023-21231 (In getIntentForButton of ButtonManager.java, there is a possible way f ...) + NOT-FOR-US: Android +CVE-2023-21230 (In onAccessPointChanged of AccessPointPreference.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-21229 (In registerServiceLocked of ManagedServices.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21228 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21227 (There is information disclosure.) + NOT-FOR-US: Android +CVE-2023-21226 (In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-21225 (there is a possible way to bypass the protected confirmation screen du ...) + NOT-FOR-US: Android +CVE-2023-21224 (In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a ...) + NOT-FOR-US: Android +CVE-2023-21223 (In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a p ...) + NOT-FOR-US: Android +CVE-2023-21222 (In load_dt_data of storage.c, there is a possible out of bounds write ...) + NOT-FOR-US: Android +CVE-2023-21221 + RESERVED +CVE-2023-21220 (there is a possible use of unencrypted transport over cellular network ...) + NOT-FOR-US: Android +CVE-2023-21219 (there is a possible use of unencrypted transport over cellular network ...) + NOT-FOR-US: Android +CVE-2023-21218 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21217 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21216 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21215 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21214 (In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21213 (In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21212 (In multiple files, there is a possible out of bounds read due to a mis ...) + NOT-FOR-US: Android +CVE-2023-21211 (In multiple files, there is a possible out of bounds read due to a hea ...) + NOT-FOR-US: Android +CVE-2023-21210 (In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21209 (In multiple functions of sta_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21208 (In setCountryCodeInternal of sta_iface.cpp, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21207 (In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21206 (In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-21205 (In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21204 (In multiple files, there is a possible out of bounds read due to a mis ...) + NOT-FOR-US: Android +CVE-2023-21203 (In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-21202 (In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a po ...) + NOT-FOR-US: Android +CVE-2023-21201 (In on_create_record_event of btif_sdp_server.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-21200 (In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21199 (In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21198 (In remove_sdp_record of btif_sdp_server.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21197 (In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21196 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) + NOT-FOR-US: Android +CVE-2023-21195 (In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-21194 (In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21193 (In VideoFrame of VideoFrame.h, there is a possible abort due to an int ...) + NOT-FOR-US: Android +CVE-2023-21192 (In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java ...) + NOT-FOR-US: Android +CVE-2023-21191 (In fixNotification of NotificationManagerService.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-21190 (In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a ...) + NOT-FOR-US: Android +CVE-2023-21189 (In startLockTaskMode of LockTaskController.java, there is a possible b ...) + NOT-FOR-US: Android +CVE-2023-21188 (In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21187 (In onCreate of UsbAccessoryUriActivity.java, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2023-21186 (In LogResponse of Dns.cpp, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2023-21185 (In multiple functions of WifiNetworkFactory.java, there is a missing p ...) + NOT-FOR-US: Android +CVE-2023-21184 (In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker ...) + NOT-FOR-US: Android +CVE-2023-21183 (In ForegroundUtils of ForegroundUtils.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21182 (In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp ...) + NOT-FOR-US: Android +CVE-2023-21181 (In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21180 (In xmlParseTryOrFinish of parser.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21179 (In parseSecurityParamsFromXml of XmlUtil.java, there is a possible byp ...) + NOT-FOR-US: Android +CVE-2023-21178 (In installKey of KeyUtil.cpp, there is a possible failure of file encr ...) + NOT-FOR-US: Android +CVE-2023-21177 (In requestAppKeyboardShortcuts of WindowManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2023-21176 (In list_key_entries of utils.rs, there is a possible way to disable us ...) + NOT-FOR-US: Android +CVE-2023-21175 (In onCreate of DataUsageSummary.java, there is a possible method for a ...) + NOT-FOR-US: Android +CVE-2023-21174 (In isPageSearchEnabled of BillingCycleSettings.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-21173 (In multiple methods of DataUsageList.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21172 (In multiple functions of WifiCallingSettings.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21171 (In verifyInputEvent of InputDispatcher.cpp, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21170 (In executeSetClientTarget of ComposerCommandEngine.h, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-21169 (In inviteInternal of p2p_iface.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21168 (In convertCbYCrY of ColorConverter.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21167 (In setProfileName of DevicePolicyManagerService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-21166 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21165 + RESERVED +CVE-2023-21164 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21163 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21162 (There is elevation of privilege.) + NOT-FOR-US: Android +CVE-2023-21161 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...) + NOT-FOR-US: Android +CVE-2023-21160 (In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21159 (In Parse of simdata.cpp, there is a possible out of bounds write due t ...) + NOT-FOR-US: Android +CVE-2023-21158 (In encode of miscdata.cpp, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2023-21157 (In encode of wlandata.cpp, there is a possible out of bounds write due ...) + NOT-FOR-US: Android +CVE-2023-21156 (In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-21155 (In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-21154 (In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21153 (In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21152 (In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, ...) + NOT-FOR-US: Android +CVE-2023-21151 (In the Google BMS kernel module, there is a possible out of bounds wri ...) + NOT-FOR-US: Android +CVE-2023-21150 (In handle_set_parameters_ctrl of hal_socket.c, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21149 (In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there ...) + NOT-FOR-US: Android +CVE-2023-21148 (In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2023-21147 (In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible U ...) + NOT-FOR-US: Android +CVE-2023-21146 (there is a possible way to corrupt memory due to a use after free. Thi ...) + NOT-FOR-US: Android +CVE-2023-21145 (In updatePictureInPictureMode of ActivityRecord.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-21144 (In doInBackground of NotificationContentInflater.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-21143 (In multiple functions of multiple files, there is a possible way to ma ...) + NOT-FOR-US: Android +CVE-2023-21142 (In multiple files, there is a possible way to access traces in the dev ...) + NOT-FOR-US: Android +CVE-2023-21141 (In several functions of several files, there is a possible way to acce ...) + NOT-FOR-US: Android +CVE-2023-21140 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21139 (In bindPlayer of MediaControlPanel.java, there is a possible launch ar ...) + NOT-FOR-US: Android +CVE-2023-21138 (In onNullBinding of CallRedirectionProcessor.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21137 (In several methods of JobStore.java, uncaught exceptions in job map pa ...) + NOT-FOR-US: Android +CVE-2023-21136 (In multiple functions of JobStore.java, there is a possible way to cau ...) + NOT-FOR-US: Android +CVE-2023-21135 (In onCreate of NotificationAccessSettings.java, there is a possible fa ...) + NOT-FOR-US: Android +CVE-2023-21134 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21133 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21132 (In onCreate of ManagePermissionsActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-21131 (In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, t ...) + NOT-FOR-US: Android +CVE-2023-21130 (In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-21129 (In getFullScreenIntentDecision of NotificationInterruptStateProviderIm ...) + NOT-FOR-US: Android +CVE-2023-21128 (In various functions of AppStandbyController.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21127 (In readSampleData of NuMediaExtractor.cpp, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21126 (In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, the ...) + NOT-FOR-US: Android +CVE-2023-21125 + RESERVED +CVE-2023-21124 (In run of multiple files, there is a possible escalation of privilege ...) + NOT-FOR-US: Android +CVE-2023-21123 (In multiple functions of multiple files, there is a possible way to by ...) + NOT-FOR-US: Android +CVE-2023-21122 (In various functions of various files, there is a possible way to bypa ...) + NOT-FOR-US: Android +CVE-2023-21121 (In onResume of AppManagementFragment.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21120 (In multiple functions of cdm_engine.cpp, there is a possible use-after ...) + NOT-FOR-US: Android +CVE-2023-21119 + RESERVED +CVE-2023-21118 (In unflattenString8 of Sensor.cpp, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-21117 (In registerReceiverWithFeature of ActivityManagerService.java, there i ...) + NOT-FOR-US: Android +CVE-2023-21116 (In verifyReplacingVersionCode of InstallPackageHelper.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-21115 (In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to do ...) + NOT-FOR-US: Android +CVE-2023-21114 + RESERVED +CVE-2023-21113 + RESERVED +CVE-2023-21112 (In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21111 (In several functions of PhoneAccountRegistrar.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21110 (In several functions of SnoozeHelper.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21109 (In multiple places of AccessibilityService, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2023-21108 (In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21107 (In retrieveAppEntry of NotificationAccessDetails.java, there is a miss ...) + NOT-FOR-US: Android +CVE-2023-21106 (In adreno_set_param of adreno_gpu.c, there is a possible memory corrup ...) + - linux 6.1.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5) +CVE-2023-21105 (In multiple functions of ChooserActivity.java, there is a possible cro ...) + NOT-FOR-US: Android +CVE-2023-21104 (In applySyncTransaction of WindowOrganizer.java, a missing permission ...) + NOT-FOR-US: Android +CVE-2023-21103 (In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught except ...) + NOT-FOR-US: Android +CVE-2023-21102 (In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypas ...) + - linux 6.1.8-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://source.android.com/docs/security/bulletin/2023-05-01 + NOTE: https://git.kernel.org/linus/ff7a167961d1b97e0e205f245f806e564d3505e7 (6.2-rc1) + NOTE: https://git.kernel.org/linus/18bba1843fc7f264f58c9345d00827d082f9c558 (6.2-rc4) +CVE-2023-21101 (In multiple functions of WVDrmPlugin.cpp, there is a possible use afte ...) + NOT-FOR-US: Android +CVE-2023-21100 (In inflate of inflate.c, there is a possible out of bounds write due t ...) + NOT-FOR-US: Android +CVE-2023-21099 (In multiple methods of PackageInstallerSession.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-21098 (In multiple functions of AccountManagerService.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-21097 (In toUriInner of Intent.java, there is a possible way to launch an arb ...) + NOT-FOR-US: Android +CVE-2023-21096 (In OnWakelockReleased of attribution_processor.cc, there is a use afte ...) + NOT-FOR-US: Android +CVE-2023-21095 (In canStartSystemGesture of RecentsAnimationDeviceState.java, there is ...) + NOT-FOR-US: Android +CVE-2023-21094 (In sanitize of LayerState.cpp, there is a possible way to take over th ...) + NOT-FOR-US: Android +CVE-2023-21093 (In extractRelativePath of FileUtils.java, there is a possible way to a ...) + NOT-FOR-US: Android +CVE-2023-21092 (In retrieveServiceLocked of ActiveServices.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2023-21091 (In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-21090 (In parseUsesPermission of ParsingPackageUtils.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21089 (In startInstrumentation of ActivityManagerService.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-21088 (In deliverOnFlushComplete of LocationProviderManager.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-21087 (In PreferencesHelper.java, an uncaught exception may cause the device ...) + NOT-FOR-US: Android +CVE-2023-21086 (In isToggleable of SecureNfcEnabler.java and SecureNfcPreferenceContro ...) + NOT-FOR-US: Android +CVE-2023-21085 (In nci_snd_set_routing_cmd of nci_hmsgs.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21084 (In buildPropFile of filesystem.go, there is a possible insecure hash d ...) + NOT-FOR-US: Android +CVE-2023-21083 (In onNullBinding of CallScreeningServiceHelper.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-21082 (In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, t ...) + NOT-FOR-US: Android +CVE-2023-21081 (In multiple functions of PackageInstallerService.java and related file ...) + NOT-FOR-US: Android +CVE-2023-21080 (In register_notification_rsp of btif_rc.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21079 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21078 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21077 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21076 (In createTransmitFollowupRequest of nan.cpp, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2023-21075 (In get_svc_hash of nan.cpp, there is a possible out of bounds write du ...) + NOT-FOR-US: Android +CVE-2023-21074 + RESERVED +CVE-2023-21073 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21072 (In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2023-21071 (In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21070 (In add_roam_cache_list of wl_roam.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21069 (In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21068 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) + NOT-FOR-US: Android +CVE-2023-21067 (Product: AndroidVersions: Android kernelAndroid ID: A-254114726Referen ...) + NOT-FOR-US: Android +CVE-2023-21066 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2023-21065 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) + NOT-FOR-US: Android +CVE-2023-21064 (In DoSetPinControl of miscservice.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2023-21063 (In ParseWithAuthType of simdata.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21062 (In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds r ...) + NOT-FOR-US: Android +CVE-2023-21061 (Product: AndroidVersions: Android kernelAndroid ID: A-229255400Referen ...) + NOT-FOR-US: Android +CVE-2023-21060 (In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21059 (In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, ...) + NOT-FOR-US: Android +CVE-2023-21058 (In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21057 (In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-21056 (In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memo ...) + NOT-FOR-US: Android +CVE-2023-21055 (In dit_hal_ioctl of dit.c, there is a possible use after free due to a ...) + NOT-FOR-US: Android +CVE-2023-21054 (In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-21053 (In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-21052 (In setToExternal of ril_external_client.cpp, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2023-21051 (In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-21050 (In load_png_image of ExynosHWCHelper.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2023-21049 (In append_camera_metadata of camera_metadata.c, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-21048 (In handleEvent of nan.cpp, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2023-21047 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2023-21046 (In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2023-21045 (When cpif handles probe failures, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2023-21044 (In init of VendorGraphicBufferMeta, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21043 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) + NOT-FOR-US: Android +CVE-2023-21042 (In (TBD) of (TBD), there is a possible way to corrupt memory due to a ...) + NOT-FOR-US: Android +CVE-2023-21041 (In append_to_params of param_util.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21040 (In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21039 (In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21038 (In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21037 + RESERVED +CVE-2023-21036 (In BitmapExport.java, there is a possible failure to truncate images d ...) + NOT-FOR-US: Android +CVE-2023-21035 (In multiple functions of BackupHelper.java, there is a possible way fo ...) + NOT-FOR-US: Android +CVE-2023-21034 (In multiple functions of SensorService.cpp, there is a possible access ...) + NOT-FOR-US: Android +CVE-2023-21033 (In addNetwork of WifiManager.java, there is a possible way to trigger ...) + NOT-FOR-US: Android +CVE-2023-21032 (In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21031 (In setPowerMode of HWC2.cpp, there is a possible out of bounds read du ...) + NOT-FOR-US: Android +CVE-2023-21030 (In Confirmation of keystore_cli_v2.cpp, there is a possible way to cor ...) + NOT-FOR-US: Android +CVE-2023-21029 (In register of UidObserverController.java, there is a missing permissi ...) + NOT-FOR-US: Android +CVE-2023-21028 (In parse_printerAttributes of ipphelper.c, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21027 (In multiple functions of PasspointXmlUtils.java, there is a possible a ...) + NOT-FOR-US: Android +CVE-2023-21026 (In updateInputChannel of WindowManagerService.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2023-21025 (In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-21024 (In maybeFinish of FallbackHome.java, there is a possible delay of lock ...) + NOT-FOR-US: Android +CVE-2023-21023 + RESERVED +CVE-2023-21022 (In BufferBlock of Suballocation.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21021 (In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is ...) + NOT-FOR-US: Android +CVE-2023-21020 (In registerSignalHandlers of main.c, there is a possible local arbitra ...) + NOT-FOR-US: Android +CVE-2023-21019 (In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-21018 (In UnwindingWorker of unwinding.cc, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2023-21017 (In InstallStart of InstallStart.java, there is a possible way to chang ...) + NOT-FOR-US: Android +CVE-2023-21016 (In AccountTypePreference of AccountTypePreference.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-21015 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) + NOT-FOR-US: Android +CVE-2023-21014 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21013 (In forceStaDisconnection of hostapd.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-21012 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21011 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21010 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21009 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21008 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21007 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21006 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-21005 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) + NOT-FOR-US: Android +CVE-2023-21004 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) + NOT-FOR-US: Android +CVE-2023-21003 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) + NOT-FOR-US: Android +CVE-2023-21002 (In getAvailabilityStatus of several Transcode Permission Controllers, ...) + NOT-FOR-US: Android +CVE-2023-21001 (In onContextItemSelected of NetworkProviderSettings.java, there is a p ...) + NOT-FOR-US: Android +CVE-2023-21000 (In MediaCodec.cpp, there is a possible use after free due to improper ...) + NOT-FOR-US: Android +CVE-2023-20999 (In multiple locations, there is a possible way to trigger a persistent ...) + NOT-FOR-US: Android +CVE-2023-20998 (In multiple locations, there is a possible way to trigger a persistent ...) + NOT-FOR-US: Android +CVE-2023-20997 (In multiple locations, there is a possible way to trigger a persistent ...) + NOT-FOR-US: Android +CVE-2023-20996 (In multiple locations, there is a possible way to trigger a persistent ...) + NOT-FOR-US: Android +CVE-2023-20995 (In captureImage of CustomizedSensor.cpp, there is a possible way to by ...) + NOT-FOR-US: Android +CVE-2023-20994 (In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20993 (In multiple functions of SnoozeHelper.java, there is a possible failur ...) + NOT-FOR-US: Android +CVE-2023-20992 (In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-20991 (In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_inter ...) + NOT-FOR-US: Android +CVE-2023-20990 (In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-20989 (In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-20988 (In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-20987 (In btm_read_link_quality_complete of btm_acl.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-20986 (In btm_ble_clear_resolving_list_completecomplete of btm_ble_privacy.cc ...) + NOT-FOR-US: Android +CVE-2023-20985 (In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-20984 (In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2023-20983 (In btm_ble_rand_enc_complete of btm_ble.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-20982 (In btm_read_tx_power_complete of btm_acl.cc, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2023-20981 (In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-20980 (In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2023-20979 (In GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-20978 + RESERVED +CVE-2023-20977 (In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a ...) + NOT-FOR-US: Android +CVE-2023-20976 (In getConfirmationMessage of DefaultAutofillPicker.java, there is a po ...) + NOT-FOR-US: Android +CVE-2023-20975 (In getAvailabilityStatus of EnableContentCapturePreferenceController.j ...) + NOT-FOR-US: Android +CVE-2023-20974 (In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, th ...) + NOT-FOR-US: Android +CVE-2023-20973 (In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20972 (In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2023-20971 (In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.j ...) + NOT-FOR-US: Android +CVE-2023-20970 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-20969 (In multiple locations of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-20968 (In multiple functions of p2p_iface.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2023-20967 (In avdt_scb_hdl_pkt_no_frag of avdt_scb_act.cc, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2023-20966 (In inflate of inflate.c, there is a possible out of bounds write due t ...) + NOT-FOR-US: Android +CVE-2023-20965 (In processMessageImpl of ClientModeImpl.java, there is a possible cred ...) + NOT-FOR-US: Android +CVE-2023-20964 (In multiple functions of MediaSessionRecord.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20963 (In WorkSource, there is a possible parcel mismatch. This could lead to ...) + NOT-FOR-US: Android +CVE-2023-20962 (In getSliceEndItem of MediaVolumePreferenceController.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20961 + RESERVED +CVE-2023-20960 (In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there ...) + NOT-FOR-US: Android +CVE-2023-20959 (In AddSupervisedUserActivity, guest users are not prevented from start ...) + NOT-FOR-US: Android +CVE-2023-20958 (In read_paint of ttcolr.c, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2023-20957 (In onAttach of SettingsPreferenceFragment.java, there is a possible by ...) + NOT-FOR-US: Android +CVE-2023-20956 (In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds w ...) + NOT-FOR-US: Android +CVE-2023-20955 (In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a p ...) + NOT-FOR-US: Android +CVE-2023-20954 (In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2023-20953 (In onPrimaryClipChanged of ClipboardListener.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20952 (In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2023-20951 (In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-20950 (In AlarmManagerActivity of AlarmManagerActivity.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2023-20949 (In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out ...) + NOT-FOR-US: Linux kernel of the Pixel phone +CVE-2023-20948 (In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-20947 (In getGroupState of GrantPermissionsViewModel.kt, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20946 (In onStart of BluetoothSwitchPreferenceController.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-20945 (In phNciNfc_MfCreateXchgDataHdr of phNxpExtns_MifareStd.cpp, there is ...) + NOT-FOR-US: Android +CVE-2023-20944 (In run of ChooseTypeAndAccountActivity.java, there is a possible escal ...) + NOT-FOR-US: Android +CVE-2023-20943 (In clearApplicationUserData of ActivityManagerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20942 (In openMmapStream of AudioFlinger.cpp, there is a possible way to reco ...) + NOT-FOR-US: Android +CVE-2023-20941 (In acc_ctrlrequest_composite of f_accessory.c, there is a possible out ...) + - linux (Android-specific kernel patch) + NOTE: https://android.googlesource.com/kernel/common/+/f63204236560b6f38b6e015c53eb6304d988 +CVE-2023-20940 (In the Android operating system, there is a possible way to replace a ...) + NOT-FOR-US: Android +CVE-2023-20939 (In multiple functions of looper_backed_event_loop.cpp, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-20938 (In binder_transaction_buffer_release of binder.c, there is a possible ...) + - linux 5.17.6-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Minor issue) + NOTE: https://source.android.com/docs/security/bulletin/2023-02-01 +CVE-2023-20937 (In several functions of the Android Linux kernel, there is a possible ...) + - linux (Android-specific) + NOTE: https://source.android.com/docs/security/bulletin/2023-02-01 +CVE-2023-20936 (In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2023-20935 (In deserialize of multiple files, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2023-20934 (In resolveAttributionSource of ServiceUtilities.cpp, there is a possib ...) + NOT-FOR-US: Android +CVE-2023-20933 (In several functions of MediaCodec.cpp, there is a possible way to cor ...) + NOT-FOR-US: Android media framework +CVE-2023-20932 (In onCreatePreferences of EditInfoFragment.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2023-20931 (In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-20930 (In pushDynamicShortcut of ShortcutPackage.java, there is a possible wa ...) + NOT-FOR-US: Android +CVE-2023-20929 (In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20928 (In binder_vma_close of binder.c, there is a possible use after free du ...) + - linux 5.19.6-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://android.googlesource.com/kernel/common/+/201d5f4a3ec1 + NOTE: https://source.android.com/docs/security/bulletin/2023-01-01 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2374 +CVE-2023-20927 (In permissions of AndroidManifest.xml, there is a possible way to gran ...) + NOT-FOR-US: Android +CVE-2023-20926 (In onParentVisible of HeaderPrivacyIconsController.kt, there is a poss ...) + NOT-FOR-US: Android +CVE-2023-20925 (In setUclampMinLocked of PowerSessionManager.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20924 (In (TBD) of (TBD), there is a possible way to bypass the lockscreen du ...) + NOT-FOR-US: Android +CVE-2023-20923 (In exported content providers of ShannonRcs, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2023-20922 (In setMimeGroup of PackageManagerService.java, there is a possible cra ...) + NOT-FOR-US: Android +CVE-2023-20921 (In onPackageRemoved of AccessibilityManagerService.java, there is a po ...) + NOT-FOR-US: Android +CVE-2023-20920 (In queue of UsbRequest.java, there is a possible way to corrupt memory ...) + NOT-FOR-US: Android +CVE-2023-20919 (In getStringsForPrefix of Settings.java, there is a possible preventio ...) + NOT-FOR-US: Android +CVE-2023-20918 (In getPendingIntentLaunchFlags of ActivityOptions.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2023-20917 (In onTargetSelected of ResolverActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-20916 (In getMainActivityLaunchIntent of LauncherAppsService.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20915 (In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20914 (In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPer ...) + NOT-FOR-US: Android +CVE-2023-20913 (In onCreate of PhoneAccountSettingsActivity.java and related files, th ...) + NOT-FOR-US: Android +CVE-2023-20912 (In onActivityResult of AvatarPickerActivity.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2023-20911 (In addPermission of PermissionManagerServiceImpl.java , there is a pos ...) + NOT-FOR-US: Android +CVE-2023-20910 (In add of WifiNetworkSuggestionsManager.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2023-20909 (In multiple functions of RunningTasks.java, there is a possible privil ...) + NOT-FOR-US: Android +CVE-2023-20908 (In several functions of SettingsState.java, there is a possible system ...) + NOT-FOR-US: Android +CVE-2023-20907 + RESERVED +CVE-2023-20906 (In onPackageAddedInternal of PermissionManagerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2023-20905 (In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2023-20904 (In getTrampolineIntent of SettingsActivity.java, there is a possible l ...) + NOT-FOR-US: Android +CVE-2022-44714 + RESERVED +CVE-2022-44713 (Microsoft Outlook for Mac Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44712 + RESERVED +CVE-2022-44711 + RESERVED +CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44709 + RESERVED +CVE-2022-44708 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44707 (Windows Kernel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44706 + RESERVED +CVE-2022-44705 + RESERVED +CVE-2022-44704 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-44703 + RESERVED +CVE-2022-44702 (Windows Terminal Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44701 + RESERVED +CVE-2022-44700 + RESERVED +CVE-2022-44699 (Azure Network Watcher Agent Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44698 (Windows SmartScreen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44697 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44696 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44695 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44694 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44693 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44692 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44691 (Microsoft Office OneNote Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44690 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44689 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-44688 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44687 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44686 + RESERVED +CVE-2022-44685 + RESERVED +CVE-2022-44684 + RESERVED +CVE-2022-44683 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44682 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44681 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44680 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44679 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44678 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44677 (Windows Projected File System Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44676 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-44675 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44674 (Windows Bluetooth Driver Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44673 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-44672 + RESERVED +CVE-2022-44671 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44670 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-44669 (Windows Error Reporting Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44668 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44667 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44666 (Windows Contacts Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-44665 + RESERVED +CVE-2022-3855 (The 404 to Start WordPress plugin through 1.6.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3854 (A flaw was found in Ceph, relating to the URL processing on RGW backen ...) + - ceph 16.2.10+ds-5 (bug #1027151) + [bullseye] - ceph (Vulnerable code added in Ceph 16.1) + [buster] - ceph (Vulnerable code added in Ceph 16.1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139925 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1205025 + NOTE: https://tracker.ceph.com/issues/55765 + NOTE: https://github.com/ceph/ceph/pull/47025 + NOTE: Introduced in https://github.com/ceph/ceph/commit/99f7c4aa1286edfea6961b92bb44bb8fe22bd599 +CVE-2022-44664 + RESERVED +CVE-2022-44663 + RESERVED +CVE-2022-44662 + RESERVED +CVE-2022-44661 + RESERVED +CVE-2022-44660 + RESERVED +CVE-2022-44659 + RESERVED +CVE-2022-44658 + RESERVED +CVE-2022-44657 + RESERVED +CVE-2022-44656 + RESERVED +CVE-2022-44655 + RESERVED +CVE-2022-44654 (Affected builds of Trend Micro Apex One and Apex One as a Service cont ...) + NOT-FOR-US: Trend Micro +CVE-2022-44653 (A security agent directory traversal vulnerability in Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2022-44652 (An improper handling of exceptional conditions vulnerability in Trend ...) + NOT-FOR-US: Trend Micro +CVE-2022-44651 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + NOT-FOR-US: Trend Micro +CVE-2022-44650 (A memory corruption vulnerability in the Unauthorized Change Preventio ...) + NOT-FOR-US: Trend Micro +CVE-2022-44649 (An out-of-bounds access vulnerability in the Unauthorized Change Preve ...) + NOT-FOR-US: Trend Micro +CVE-2022-44648 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2022-44647 (An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2022-44646 (In JetBrains TeamCity version before 2022.10, no audit items were adde ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-44645 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deser ...) + NOT-FOR-US: Apache Linkis +CVE-2022-44644 (In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the d ...) + NOT-FOR-US: Apache Linkis +CVE-2022-3853 (Cross-site Scripting (XSS) is a client-side code injection attack. The ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3852 (The VR Calendar plugin for WordPress is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: VR Calendar plugin for WordPress +CVE-2022-3851 + RESERVED +CVE-2022-3850 (The Find and Replace All WordPress plugin before 1.3 does not have CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3849 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3848 (The WP User Merger WordPress plugin before 1.5.3 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3847 (The Showing URL in QR Code WordPress plugin through 0.0.1 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44643 (A vulnerability in the label-based access control of Grafana Labs Graf ...) + NOT-FOR-US: Grafana Labs Grafana Enterprise Metrics +CVE-2022-44642 + RESERVED +CVE-2022-44641 (In Linaro Automated Validation Architecture (LAVA) before 2022.11, use ...) + {DSA-5318-1 DLA-3276-1} + - lava 2023.01-1 (bug #1024429) + NOTE: https://lists.lavasoftware.org/archives/list/lava-announce@lists.lavasoftware.org/thread/WHXGQMIZAPW3GCQEXYHC32N2ZAAAIYCY/ + NOTE: https://git.lavasoftware.org/lava/lava/-/commit/1bee0f8957741582c2bed800974f31439c6f3ff5 (2022.11) +CVE-2022-44640 (Heimdal before 7.7.1 allows remote attackers to execute arbitrary code ...) + {DSA-5287-1 DLA-3206-1} + - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) + - samba 2:4.17.4+dfsg-1 + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-88pm-hfmq-7vv4 + NOTE: https://github.com/heimdal/heimdal/commit/ea5ec8f174920cb80ce2b168b49195378420449e (heimdal-7.7.1) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14929 +CVE-2022-44639 + RESERVED +CVE-2022-44638 (In libpixman in Pixman before 0.42.2, there is an out-of-bounds write ...) + {DSA-5276-1 DLA-3179-1} + - pixman 0.40.0-1.1 (bug #1023427) + NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/commit/a1f88e842e0216a5b4df1ab023caebe33c101395 (pixman-0.42.2) + NOTE: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2345 +CVE-2022-44637 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...) + - redmine 5.0.4-1 (bug #1026048) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories +CVE-2022-44636 (The Samsung TV (2021 and 2022 model) smart remote control allows attac ...) + NOT-FOR-US: Samsung +CVE-2022-3846 (The Workreap WordPress theme before 2.6.3 has a vulnerability with the ...) + NOT-FOR-US: WordPress theme +CVE-2022-3845 (A vulnerability has been found in phpipam and classified as problemati ...) + - phpipam (bug #731713) +CVE-2022-3844 (A vulnerability, which was classified as problematic, was found in Web ...) + - webmin +CVE-2021-46853 (Alpine before 2.25 allows remote attackers to cause a denial of servic ...) + - alpine 2.25+dfsg1-1 + [bullseye] - alpine (Minor issue) + [buster] - alpine (Minor issue) + NOTE: https://nostarttls.secvuln.info + NOTE: https://bugs.gentoo.org/807613 + NOTE: https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011 (v2.25) +CVE-2022-44635 (Apache Fineract allowed an authenticated user to perform remote code e ...) + NOT-FOR-US: Apache Fineract +CVE-2022-44634 (Auth. (admin+) Arbitrary File Read vulnerability in S2W \u2013 Import ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44633 + RESERVED +CVE-2022-44632 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Deni ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44631 (Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1ap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44630 + RESERVED +CVE-2022-44629 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cata ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44628 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jump ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44627 (Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44626 + RESERVED +CVE-2022-44625 (Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44624 (In JetBrains TeamCity version before 2022.10, Password parameters coul ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-44623 (In JetBrains TeamCity version before 2022.10, Project Viewer could see ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-44622 (In JetBrains TeamCity version between 2021.2 and 2022.10 access permis ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-44621 (Diagnosis Controller miss parameter validation, so user may attacked b ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2022-44618 + RESERVED +CVE-2022-44614 + RESERVED +CVE-2022-44613 + RESERVED +CVE-2022-44609 + RESERVED +CVE-2022-44452 + RESERVED +CVE-2022-43661 + RESERVED +CVE-2022-43511 + RESERVED +CVE-2022-43510 + RESERVED +CVE-2022-43446 + RESERVED +CVE-2022-42465 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...) + NOT-FOR-US: Intel +CVE-2022-3843 (In WAGO Unmanaged Switch (852-111/000-001) in firmware version 01 an u ...) + NOT-FOR-US: WAGO +CVE-2022-3842 (Use after free in Passwords in Google Chrome prior to 105.0.5195.125 a ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3841 (RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Req ...) + NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM) +CVE-2022-3840 (The Login for Google Apps WordPress plugin before 3.4.5 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3839 (The Analytics for WP WordPress plugin through 1.5.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3838 (The WPUpper Share Buttons WordPress plugin through 3.42 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3837 (The Uji Countdown WordPress plugin before 2.3.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3836 + RESERVED +CVE-2022-3835 (The Kwayy HTML Sitemap WordPress plugin before 4.0 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3834 (The Google Forms WordPress plugin through 0.95 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3833 (The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3832 (The External Media WordPress plugin before 1.0.36 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3831 (The reCAPTCHA WordPress plugin through 1.6 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3830 (The WP Page Builder WordPress plugin through 1.2.8 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3829 + RESERVED +CVE-2022-3828 (The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3827 (A vulnerability was found in centreon. It has been declared as critica ...) + - centreon-web (bug #913903) +CVE-2022-3826 (A vulnerability was found in Huaxia ERP. It has been classified as pro ...) + NOT-FOR-US: Huaxia ERP +CVE-2022-3825 (A vulnerability was found in Huaxia ERP 2.3 and classified as critical ...) + NOT-FOR-US: Huaxia ERP +CVE-2022-3824 (The WP Admin UI Customize WordPress plugin before 1.5.13 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3823 (The Beautiful Cookie Consent Banner WordPress plugin before 2.9.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3822 (The Donations via PayPal WordPress plugin before 1.9.9 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3821 (An off-by-one Error issue was discovered in Systemd in format_timespan ...) + {DLA-3474-1} + - systemd 251.3-1 + [bullseye] - systemd 247.3-7+deb11u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2139327 + NOTE: https://github.com/systemd/systemd/issues/23928 + NOTE: https://github.com/systemd/systemd/pull/23933 + NOTE: https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e (v252-rc1) + NOTE: https://github.com/systemd/systemd-stable/commit/72d4c15a946d20143cd4c6783c802124bc894dc7 (v251.3) +CVE-2022-3820 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3819 (An improper authorization issue in GitLab CE/EE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3818 (An uncontrolled resource consumption issue when parsing URLs in GitLab ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3817 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...) + NOT-FOR-US: Bento4 +CVE-2022-3816 (A vulnerability, which was classified as problematic, was found in Axi ...) + NOT-FOR-US: Bento4 +CVE-2022-3815 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Bento4 +CVE-2022-3814 (A vulnerability classified as problematic was found in Axiomatic Bento ...) + NOT-FOR-US: Bento4 +CVE-2022-3813 (A vulnerability classified as problematic has been found in Axiomatic ...) + NOT-FOR-US: Bento4 +CVE-2022-3812 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) + NOT-FOR-US: Bento4 +CVE-2020-36608 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Tribal Systems Zenario CMS +CVE-2023-20903 (This disclosure regards a vulnerability related to UAA refresh tokens ...) + NOT-FOR-US: Cloud Foundry +CVE-2023-20902 (A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, ...) + NOT-FOR-US: Harbor +CVE-2023-20901 + RESERVED +CVE-2023-20900 (A malicious actor that has been granted Guest Operation Privileges ht ...) + {DSA-5493-1 DLA-3597-1} + - open-vm-tools 2:12.3.0-1 (bug #1050970) + NOTE: https://www.openwall.com/lists/oss-security/2023/08/31/1 + NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch + NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16 (stable-12.3.0) +CVE-2023-20899 (VMware SD-WAN (Edge) contains a bypass authentication vulnerability. A ...) + NOT-FOR-US: VMware +CVE-2023-20898 (Git Providers can read from the wrong environment because they get the ...) + - salt (bug #1051504) + NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ +CVE-2023-20897 (Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. ...) + - salt (bug #1051504) + NOTE: https://saltproject.io/security-announcements/2023-08-10-advisory/ + NOTE: https://github.com/saltstack/salt/issues/64061 +CVE-2023-20896 (The VMware vCenter Server contains an out-of-bounds read vulnerability ...) + NOT-FOR-US: VMware +CVE-2023-20895 (The VMware vCenter Server contains a memory corruption vulnerability i ...) + NOT-FOR-US: VMware +CVE-2023-20894 (The VMware vCenter Server contains an out-of-bounds write vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2023-20893 (The VMware vCenter Server contains a use-after-free vulnerability in t ...) + NOT-FOR-US: VMware +CVE-2023-20892 (The vCenter Server contains a heap overflow vulnerability due to the u ...) + NOT-FOR-US: VMware +CVE-2023-20891 (The VMware Tanzu Application Service for VMs and Isolation Segment con ...) + NOT-FOR-US: VMware +CVE-2023-20890 (Aria Operations for Networks contains an arbitrary file write vulnerab ...) + NOT-FOR-US: VMware +CVE-2023-20889 (Aria Operations for Networks contains an information disclosure vulner ...) + NOT-FOR-US: VMware +CVE-2023-20888 (Aria Operations for Networks contains an authenticated deserialization ...) + NOT-FOR-US: VMware +CVE-2023-20887 (Aria Operations for Networks contains a command injection vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2023-20886 (VMware Workspace ONE UEM console contains an open redirect vulnerabili ...) + NOT-FOR-US: VMware +CVE-2023-20885 (Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume ...) + NOT-FOR-US: Cloud foundry +CVE-2023-20884 (VMware Workspace ONE Access and VMware Identity Manager contain an ins ...) + NOT-FOR-US: VMware +CVE-2023-20883 (In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, ...) + NOT-FOR-US: Spring Boot +CVE-2023-20882 (In Cloud foundry routing release versions from 0.262.0 and prior to 0. ...) + NOT-FOR-US: Cloud foundry +CVE-2023-20881 (Cloud foundry instances having CAPI version between 1.140 and 1.152.0 ...) + NOT-FOR-US: Cloud foundry +CVE-2023-20880 (VMware Aria Operations contains a privilege escalation vulnerability. ...) + NOT-FOR-US: VMware +CVE-2023-20879 (VMware Aria Operations contains a Local privilege escalation vulnerabi ...) + NOT-FOR-US: VMware +CVE-2023-20878 (VMware Aria Operations contains a deserialization vulnerability. A mal ...) + NOT-FOR-US: VMware +CVE-2023-20877 (VMware Aria Operations contains a privilege escalation vulnerability. ...) + NOT-FOR-US: VMware +CVE-2023-20876 + RESERVED +CVE-2023-20875 + RESERVED +CVE-2023-20874 + RESERVED +CVE-2023-20873 (In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsup ...) + NOT-FOR-US: Spring Boot +CVE-2023-20872 (VMware Workstation and Fusion contain an out-of-bounds read/write vuln ...) + NOT-FOR-US: VMware +CVE-2023-20871 (VMware Fusion contains a local privilege escalation vulnerability. A m ...) + NOT-FOR-US: VMware +CVE-2023-20870 (VMware Workstation and Fusion contain an out-of-bounds read vulnerabil ...) + NOT-FOR-US: VMware +CVE-2023-20869 (VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-bas ...) + NOT-FOR-US: VMware +CVE-2023-20868 (NSX-T contains a reflected cross-site scripting vulnerability due to a ...) + NOT-FOR-US: VMware +CVE-2023-20867 (A fully compromised ESXi host can force VMware Tools to fail to authen ...) + {DSA-5493-1 DLA-3531-1} + - open-vm-tools 2:12.2.5-1 (bug #1037546) + NOTE: https://www.vmware.com/security/advisories/VMSA-2023-0013.html + NOTE: https://github.com/vmware/open-vm-tools/tree/CVE-2023-20867.patch +CVE-2023-20866 (In Spring Session version 3.0.0, the session id can be logged to the s ...) + NOT-FOR-US: Spring Session +CVE-2023-20865 (VMware Aria Operations for Logs contains a command injection vulnerabi ...) + NOT-FOR-US: VMware +CVE-2023-20864 (VMware Aria Operations for Logs contains a deserialization vulnerabili ...) + NOT-FOR-US: VMware +CVE-2023-20863 (In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0 ...) + - libspring-java (unimportant) + NOTE: https://spring.io/security/cve-2023-20863 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2023-20862 (In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prio ...) + NOT-FOR-US: Spring Security +CVE-2023-20861 (In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELE ...) + - libspring-java (unimportant) + NOTE: https://spring.io/security/cve-2023-20861 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2023-20860 (Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ...) + - libspring-java (unimportant) + NOTE: https://spring.io/security/cve-2023-20860 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2023-20859 (In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prio ...) + NOT-FOR-US: Spring Vault +CVE-2023-20858 (VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8 ...) + NOT-FOR-US: VMware +CVE-2023-20857 (VMware Workspace ONE Content contains a passcode bypass vulnerability. ...) + NOT-FOR-US: VMware +CVE-2023-20856 (VMware vRealize Operations (vROps) contains a CSRF bypass vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2023-20855 (VMware vRealize Orchestrator contains an XML External Entity (XXE) vul ...) + NOT-FOR-US: VMware +CVE-2023-20854 (VMware Workstation contains an arbitrary file deletion vulnerability. ...) + NOT-FOR-US: VMware +CVE-2022-44605 + RESERVED +CVE-2022-44604 + RESERVED +CVE-2022-44603 + RESERVED +CVE-2022-44602 + RESERVED +CVE-2022-44601 + RESERVED +CVE-2022-44600 + RESERVED +CVE-2022-44599 + RESERVED +CVE-2022-44598 + RESERVED +CVE-2022-44597 + RESERVED +CVE-2022-44596 + RESERVED +CVE-2022-44595 + RESERVED +CVE-2022-44594 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Code ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44593 + RESERVED +CVE-2022-44592 + RESERVED +CVE-2022-44591 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anth ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44590 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44589 + RESERVED +CVE-2022-44588 (Unauth. SQL Injection vulnerability inCryptocurrency Widgets Pack Plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44587 + RESERVED +CVE-2022-44586 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiL ...) + NOT-FOR-US: Ayoub Media +CVE-2022-44585 (Cross-Site Request Forgery (CSRF) vulnerability inMagneticlab S\xe0rlH ...) + NOT-FOR-US: Magneticlab +CVE-2022-44584 (Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44583 (Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44582 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Appt ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44581 + RESERVED +CVE-2022-44580 (SQL Injection (SQLi) vulnerability in RichPlugins Plugin for Google Re ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44579 + RESERVED +CVE-2022-44578 + RESERVED +CVE-2022-44577 + REJECTED +CVE-2022-44576 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Agen ...) + NOT-FOR-US: WordPress plugin +CVE-2022-44575 (A vulnerability has been identified in PLM Help Server V4.2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-44574 (An improper authentication vulnerability exists in Avalanche version 6 ...) + NOT-FOR-US: Ivanti +CVE-2022-44573 + RESERVED +CVE-2022-44572 (A denial of service vulnerability in the multipart parsing component o ...) + {DSA-5530-1 DLA-3298-1} + - ruby-rack 2.2.4-3 (bug #1029832) + NOTE: https://github.com/rack/rack/commit/dc50f8e495f67eb933b1fc33ebee550908d945e6 (v2.0.9.2) + NOTE: https://github.com/rack/rack/commit/8291f502b0e1dcf514cc25c34e4bf0beec7a92ae (v2.1.4.2) + NOTE: https://github.com/rack/rack/commit/19e49f0f185d7e42ed5b402baec6c897a8c48029 (v2.2.6.1) +CVE-2022-44571 (There is a denial of service vulnerability in the Content-Disposition ...) + {DSA-5530-1 DLA-3298-1} + - ruby-rack 2.2.4-3 (bug #1029832) + NOTE: https://github.com/rack/rack/commit/4e33ad10bf5f16d25c156f905bcc548e7f787bc3 (v2.0.9.2) + NOTE: https://github.com/rack/rack/commit/9b5fb5c7ef0e39b959a6c5c0005d9af44a29d6f8 (v2.1.4.2) + NOTE: https://github.com/rack/rack/commit/ee25ab9a7ee981d7578f559701085b0cf39bde77 (v2.2.6.1) +CVE-2022-44570 (A denial of service vulnerability in the Range header parsing componen ...) + {DSA-5530-1 DLA-3298-1} + - ruby-rack 2.2.4-3 (bug #1029832) + NOTE: https://github.com/rack/rack/commit/52721ae0b730e3920ad5375dfd5a3ea9b4f9e359 (v2.0.9.2) + NOTE: https://github.com/rack/rack/commit/f66ef5c8255dcea82c1b2665fc9ab948b76bb437 (v2.1.4.2) + NOTE: https://github.com/rack/rack/commit/f6d4f528f2df1318a6612845db0b59adc7fe8fc1 (v2.2.6.2) +CVE-2022-44569 (A locally authenticated attacker with low privileges can bypass authen ...) + NOT-FOR-US: Ivanti +CVE-2022-44568 + RESERVED +CVE-2022-44567 (A command injection vulnerability exists in Rocket.Chat-Desktop <3.8.1 ...) + NOT-FOR-US: Rocket.Chat-Desktop +CVE-2022-44566 (A denial of service vulnerability present in ActiveRecord's PostgreSQL ...) + - rails 2:6.1.7.3+dfsg-1 (bug #1030050) + NOTE: https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119 + NOTE: https://github.com/rails/rails/commit/414eb337d142a9c61d7723ceb9b7c1ab30dff3ed (6-1-stable) +CVE-2022-44565 (An improper access validation vulnerability exists in airMAX AC <8.7.1 ...) + NOT-FOR-US: airMAX +CVE-2022-44564 (Huawei Aslan Children's Watch has a path traversal vulnerability. Succ ...) + NOT-FOR-US: Huawei +CVE-2022-3811 (The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3810 (A vulnerability was found in Axiomatic Bento4. It has been classified ...) + NOT-FOR-US: Bento4 +CVE-2022-3809 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...) + NOT-FOR-US: Bento4 +CVE-2022-3808 + REJECTED +CVE-2022-3807 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) + NOT-FOR-US: Bento4 +CVE-2022-3806 (Inconsistent handling of error cases in bluetooth hci may lead to a do ...) + NOT-FOR-US: Zephyr +CVE-2022-3805 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...) + NOT-FOR-US: Jeg Elementor Kit plugin for WordPress +CVE-2022-3804 (A vulnerability was found in eolinker apinto-dashboard. It has been cl ...) + NOT-FOR-US: eolinker apinto-dashboard +CVE-2022-3803 (A vulnerability was found in eolinker apinto-dashboard and classified ...) + NOT-FOR-US: eolinker apinto-dashboard +CVE-2022-3802 (A vulnerability has been found in IBAX go-ibax and classified as criti ...) + NOT-FOR-US: IBAX go-ibax +CVE-2022-3801 (A vulnerability, which was classified as critical, was found in IBAX g ...) + NOT-FOR-US: IBAX go-ibax +CVE-2022-3800 (A vulnerability, which was classified as critical, has been found in I ...) + NOT-FOR-US: IBAX go-ibax +CVE-2022-3799 (A vulnerability classified as critical was found in IBAX go-ibax. Affe ...) + NOT-FOR-US: IBAX go-ibax +CVE-2022-3798 (A vulnerability classified as critical has been found in IBAX go-ibax. ...) + NOT-FOR-US: IBAX go-ibax +CVE-2022-3797 (A vulnerability was found in eolinker apinto-dashboard. It has been ra ...) + NOT-FOR-US: eolinker apinto-dashboard +CVE-2022-3796 + REJECTED +CVE-2022-3795 + RESERVED +CVE-2022-3794 (The Jeg Elementor Kit plugin for WordPress is vulnerable to authorizat ...) + NOT-FOR-US: Jeg Elementor Kit plugin for WordPress +CVE-2022-3793 (An improper authorization issue in GitLab CE/EE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3792 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: GullsEye +CVE-2022-3791 + REJECTED +CVE-2022-3790 + REJECTED +CVE-2022-3789 (A vulnerability has been found in Tim Campus Confession Wall and class ...) + NOT-FOR-US: Tim Campus Confession Wall +CVE-2022-3788 + REJECTED +CVE-2022-3787 (A vulnerability was found in the device-mapper-multipath. The device-m ...) + NOT-FOR-US: Red Hat Enterprise Linux specfic regression for CVE-2022-41974 update +CVE-2022-3786 (A buffer overrun can be triggered in X.509 certificate verification, s ...) + - openssl 3.0.7-1 + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20221101.txt + NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a (openssl-3.0.7) +CVE-2022-44563 (There is a race condition vulnerability in SD upgrade mode. Successful ...) + NOT-FOR-US: Hauwei +CVE-2022-44562 (The system framework layer has a vulnerability of serialization/deseri ...) + NOT-FOR-US: Hauwei +CVE-2022-44561 (The preset launcher module has a permission verification vulnerability ...) + NOT-FOR-US: Hauwei +CVE-2022-44560 (The launcher module has an Intent redirection vulnerability. Successfu ...) + NOT-FOR-US: Hauwei +CVE-2022-44559 (The AMS module has a vulnerability of serialization/deserialization mi ...) + NOT-FOR-US: Hauwei +CVE-2022-44558 (The AMS module has a vulnerability of serialization/deserialization mi ...) + NOT-FOR-US: Hauwei +CVE-2022-44557 (The SmartTrimProcessEvent module has a vulnerability of obtaining the ...) + NOT-FOR-US: Hauwei +CVE-2022-44556 (Missing parameter type validation in the DRM module. Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2022-44555 (The DDMP/ODMF module has a service hijacking vulnerability. Successful ...) + NOT-FOR-US: Hauwei +CVE-2022-44554 (The power module has a vulnerability in permission verification. Succe ...) + NOT-FOR-US: Hauwei +CVE-2022-44553 (The HiView module has a vulnerability of not filtering third-party app ...) + NOT-FOR-US: Hauwei +CVE-2022-44552 (The lock screen module has defects introduced in the design process. S ...) + NOT-FOR-US: Hauwei +CVE-2022-44551 (The iaware module has a vulnerability in thread security. Successful e ...) + NOT-FOR-US: Hauwei +CVE-2022-44550 (The graphics display module has a UAF vulnerability when traversing gr ...) + NOT-FOR-US: Hauwei +CVE-2022-44549 (The LBS module has a vulnerability in geofencing API access. Successfu ...) + NOT-FOR-US: Hauwei +CVE-2022-44548 (There is a vulnerability in permission verification during the Bluetoo ...) + NOT-FOR-US: Hauwei +CVE-2022-44547 (The Display Service module has a UAF vulnerability. Successful exploit ...) + NOT-FOR-US: Hauwei +CVE-2022-44546 (The kernel module has the vulnerability that the mapping is not cleare ...) + NOT-FOR-US: Hauwei +CVE-2022-44545 + RESERVED +CVE-2022-44544 (Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04. ...) + - mahara +CVE-2022-44543 (The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-44542 (lesspipe before 2.06 allows attackers to execute code via Perl Storabl ...) + NOT-FOR-US: lesspipe (not the same as lesspipe contained in src:less) +CVE-2022-44541 + REJECTED +CVE-2022-44540 + REJECTED +CVE-2022-44539 + REJECTED +CVE-2022-44538 + REJECTED +CVE-2022-44537 + REJECTED +CVE-2022-44536 + REJECTED +CVE-2022-44535 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...) + NOT-FOR-US: Aruba +CVE-2022-44534 (A vulnerability in the Aruba EdgeConnect Enterprise Orchestrator web-b ...) + NOT-FOR-US: Aruba +CVE-2022-44533 (A vulnerability in the Aruba EdgeConnect Enterprise web management int ...) + NOT-FOR-US: Aruba +CVE-2022-44532 (An authenticated path traversal vulnerability exists in the Aruba Edge ...) + NOT-FOR-US: Aruba +CVE-2022-3785 (A vulnerability, which was classified as critical, has been found in A ...) + NOT-FOR-US: Bento4 +CVE-2022-3784 (A vulnerability classified as critical was found in Axiomatic Bento4 5 ...) + NOT-FOR-US: Bento4 +CVE-2022-3783 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: node-red-dashboard +CVE-2022-3782 (keycloak: path traversal via double URL encoding. A flaw was found in ...) + NOT-FOR-US: Keycloak +CVE-2022-3781 (Dashlane password and Keepass Server password in My Account Settings a ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2021-46852 (The memory management module has the logic bypass vulnerability. Succe ...) + NOT-FOR-US: Hauwei +CVE-2021-46851 (The DRM module has a vulnerability in verifying the secure memory attr ...) + NOT-FOR-US: Hauwei +CVE-2022-44531 + RESERVED +CVE-2022-44530 + RESERVED +CVE-2022-44529 + RESERVED +CVE-2022-44528 + RESERVED +CVE-2022-44527 + RESERVED +CVE-2022-44526 + RESERVED +CVE-2022-44525 + RESERVED +CVE-2022-44524 + RESERVED +CVE-2022-44523 + RESERVED +CVE-2022-44522 + RESERVED +CVE-2022-44521 + RESERVED +CVE-2022-44520 + RESERVED +CVE-2022-44519 + RESERVED +CVE-2022-44518 + RESERVED +CVE-2022-44517 + RESERVED +CVE-2022-44516 + RESERVED +CVE-2022-44515 + RESERVED +CVE-2022-44514 + RESERVED +CVE-2022-44513 + RESERVED +CVE-2022-44512 + RESERVED +CVE-2022-44511 + RESERVED +CVE-2022-44510 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44509 + RESERVED +CVE-2022-44508 + RESERVED +CVE-2022-44507 + RESERVED +CVE-2022-44506 + RESERVED +CVE-2022-44505 + RESERVED +CVE-2022-44504 + RESERVED +CVE-2022-44503 + RESERVED +CVE-2022-44502 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-44501 + RESERVED +CVE-2022-44500 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-44499 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-44498 (Adobe Illustrator versions 26.5.1 (and earlier), and 27.0 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-44497 + RESERVED +CVE-2022-44496 + RESERVED +CVE-2022-44495 + RESERVED +CVE-2022-44494 + RESERVED +CVE-2022-44493 + RESERVED +CVE-2022-44492 + RESERVED +CVE-2022-44491 + RESERVED +CVE-2022-44490 + RESERVED +CVE-2022-44489 + RESERVED +CVE-2022-44488 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44487 + RESERVED +CVE-2022-44486 + RESERVED +CVE-2022-44485 + RESERVED +CVE-2022-44484 + RESERVED +CVE-2022-44483 + RESERVED +CVE-2022-44482 + RESERVED +CVE-2022-44481 + RESERVED +CVE-2022-44480 + RESERVED +CVE-2022-44479 + RESERVED +CVE-2022-44478 + RESERVED +CVE-2022-44477 + RESERVED +CVE-2022-44476 + RESERVED +CVE-2022-44475 + RESERVED +CVE-2022-44474 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44473 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44472 + RESERVED +CVE-2022-44471 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44470 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44469 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44468 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44467 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44466 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44465 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44464 + RESERVED +CVE-2022-44463 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44462 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-44461 + RESERVED +CVE-2022-44460 + RESERVED +CVE-2022-44459 + RESERVED +CVE-2022-44458 + RESERVED +CVE-2022-44457 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) + NOT-FOR-US: Siemens +CVE-2022-43506 (SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEn ...) + NOT-FOR-US: Delta Electronics +CVE-2022-43495 (OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distr ...) + NOT-FOR-US: OpenHarmony +CVE-2022-43457 (SQL Injection in HandlerPage_KID.ashxin Delta Electronics ...) + NOT-FOR-US: Delta Electronics +CVE-2022-43452 (SQL Injection in FtyInfoSetting.aspxin Delta Electronics ...) + NOT-FOR-US: Delta Electronics +CVE-2022-43451 (OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal v ...) + NOT-FOR-US: OpenHarmony +CVE-2022-43449 (OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulne ...) + NOT-FOR-US: OpenHarmony +CVE-2022-43447 (SQL Injection in AM_EBillAnalysis.aspxin Delta Electronics D ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41775 (SQL Injection in Handler_CFG.ashxin Delta Electronics DIAEnerg ...) + NOT-FOR-US: Delta Electronics +CVE-2022-3780 (Database connections on deleted users could stay active on MySQL data ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-3779 + RESERVED +CVE-2022-3778 + REJECTED +CVE-2022-3777 + RESERVED +CVE-2022-3776 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3775 (When rendering certain unicode sequences, grub2's font code doesn't pr ...) + {DSA-5280-1 DLA-3190-2 DLA-3190-1} + - grub2 2.06-5 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html +CVE-2022-3774 (A vulnerability was found in SourceCodester Train Scheduler App 1.0 an ...) + NOT-FOR-US: SourceCodester Train Scheduler App +CVE-2022-3773 + REJECTED +CVE-2022-3772 + REJECTED +CVE-2022-3771 (A vulnerability, which was classified as critical, has been found in e ...) + NOT-FOR-US: easyii CMS +CVE-2022-3770 (A vulnerability classified as critical was found in Yunjing CMS. This ...) + NOT-FOR-US: Yunjing CMS +CVE-2022-3769 (The OWM Weather WordPress plugin before 5.6.9 does not properly saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3768 (The WPSmartContracts WordPress plugin before 1.3.12 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3767 (Missing validation in DAST analyzer affecting all versions from 1.11.0 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3766 (Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/p ...) + NOT-FOR-US: phpmyfaq +CVE-2022-3765 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2022-3764 + RESERVED +CVE-2022-3763 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3762 (The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3761 (OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect ...) + NOT-FOR-US: OpenVPN Connect +CVE-2023-20853 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) + NOT-FOR-US: aEnrich Technology a+HRD +CVE-2023-20852 (aEnrich Technology a+HRD has a vulnerability of Deserialization of Unt ...) + NOT-FOR-US: aEnrich Technology a+HRD +CVE-2022-44448 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44447 (In wlan driver, there is a possible null pointer dereference issue due ...) + NOT-FOR-US: Unisoc +CVE-2022-44446 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44445 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44444 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44443 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44442 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44441 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44440 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44439 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44438 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44437 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44436 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44435 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44434 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-44433 (In phoneEx service, there is a possible missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-44432 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44431 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44430 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44429 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44428 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44427 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44426 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44425 (In wlan driver, there is a possible missing bounds check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-44424 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-44423 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-44422 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-44421 (In wlan driver, there is a possible missing permission check. This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-44420 (In modem, there is a possible missing verification of HashMME value in ...) + NOT-FOR-US: Unisoc +CVE-2022-44419 (In modem, there is a possible missing verification of NAS Security Mod ...) + NOT-FOR-US: Unisoc +CVE-2022-3760 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Mia-Med +CVE-2022-3759 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3758 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-44418 + RESERVED +CVE-2022-44417 + RESERVED +CVE-2022-44416 + RESERVED +CVE-2022-44415 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44414 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44413 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44412 + RESERVED +CVE-2022-44411 (Web Based Quiz System v1.0 transmits user passwords in plaintext durin ...) + NOT-FOR-US: Web Based Quiz System +CVE-2022-44410 + RESERVED +CVE-2022-44409 + RESERVED +CVE-2022-44408 + RESERVED +CVE-2022-44407 + RESERVED +CVE-2022-44406 + RESERVED +CVE-2022-44405 + RESERVED +CVE-2022-44404 + RESERVED +CVE-2022-44403 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44402 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44401 (Online Tours & Travels Management System v1.0 contains an arbitrary fi ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-44400 (Purchase Order Management System v1.0 contains a file upload vulnerabi ...) + NOT-FOR-US: Purchase Order Management System +CVE-2022-44399 (Poultry Farm Management System v1.0 contains a SQL injection vulnerabi ...) + NOT-FOR-US: Poultry Farm Management System +CVE-2022-44398 + RESERVED +CVE-2022-44397 + RESERVED +CVE-2022-44396 + RESERVED +CVE-2022-44395 + RESERVED +CVE-2022-44394 + RESERVED +CVE-2022-44393 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44392 + RESERVED +CVE-2022-44391 + RESERVED +CVE-2022-44390 (A cross-site scripting (XSS) vulnerability in EyouCMS V1.5.9-UTF8-SP1 ...) + NOT-FOR-US: EyouCMS +CVE-2022-44389 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) + NOT-FOR-US: EyouCMS +CVE-2022-44388 + RESERVED +CVE-2022-44387 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) + NOT-FOR-US: EyouCMS +CVE-2022-44386 + RESERVED +CVE-2022-44385 + RESERVED +CVE-2022-44384 (An arbitrary file upload vulnerability in rconfig v3.9.6 allows attack ...) + NOT-FOR-US: rConfig +CVE-2022-44383 + RESERVED +CVE-2022-44382 + RESERVED +CVE-2022-44381 (Snipe-IT through 6.0.14 allows attackers to check whether a user accou ...) + - snipe-it (bug #1005172) +CVE-2022-44380 (Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for ...) + - snipe-it (bug #1005172) +CVE-2022-44379 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44378 (Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/ ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44377 + RESERVED +CVE-2022-44376 + RESERVED +CVE-2022-44375 + RESERVED +CVE-2022-44374 + RESERVED +CVE-2022-44373 (A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upg ...) + NOT-FOR-US: TrendNet Wireless AC Easy-Upgrader TEW-820AP +CVE-2022-44372 + RESERVED +CVE-2022-44371 (hope-boot 1.0.0 has a deserialization vulnerability that can cause Rem ...) + NOT-FOR-US: hope-boot +CVE-2022-44370 (NASM v2.16 was discovered to contain a heap buffer overflow in the com ...) + - nasm 2.16.01-1 (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392815 + NOTE: https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f + NOTE: Crash in CLI tool, no security impact +CVE-2022-44369 (NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392819 + NOTE: Crash in CLI tool, no security impact +CVE-2022-44368 (NASM v2.16 was discovered to contain a null pointer deference in the N ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392820 + NOTE: Crash in CLI tool, no security impact +CVE-2022-44367 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + NOT-FOR-US: Tenda +CVE-2022-44366 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + NOT-FOR-US: Tenda +CVE-2022-44365 (Tenda i21 V1.0.0.14(4656) has a stack overflow vulnerability via /gofo ...) + NOT-FOR-US: Tenda +CVE-2022-44364 + RESERVED +CVE-2022-44363 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + NOT-FOR-US: Tenda +CVE-2022-44362 (Tenda i21 V1.0.0.14(4656) is vulnerable to Buffer Overflow via /goform ...) + NOT-FOR-US: Tenda +CVE-2022-44361 (An issue was discovered in ZZCMS 2022. There is a cross-site scripting ...) + NOT-FOR-US: ZZCMS +CVE-2022-44360 + RESERVED +CVE-2022-44359 + RESERVED +CVE-2022-44358 + RESERVED +CVE-2022-44357 + RESERVED +CVE-2022-44356 (WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030 ...) + NOT-FOR-US: WAVLINK +CVE-2022-44355 (SolarView Compact 7.0 is vulnerable to Cross-site Scripting (XSS) via ...) + NOT-FOR-US: SolarView Compact +CVE-2022-44354 (SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Uploa ...) + NOT-FOR-US: SolarView Compact +CVE-2022-44353 + RESERVED +CVE-2022-44352 + RESERVED +CVE-2022-44351 (Skycaiji v2.5.1 was discovered to contain a deserialization vulnerabil ...) + NOT-FOR-US: Skycaiji +CVE-2022-44350 + RESERVED +CVE-2022-44349 (NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scri ...) + NOT-FOR-US: NAVBLUE S.A.S N-Ops & Crew +CVE-2022-44348 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44347 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44346 + RESERVED +CVE-2022-44345 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44344 + RESERVED +CVE-2022-44343 (CRMEB 4.4.4 is vulnerable to Any File download.) + NOT-FOR-US: CRMEB +CVE-2022-44342 + RESERVED +CVE-2022-44341 + RESERVED +CVE-2022-44340 + RESERVED +CVE-2022-44339 + RESERVED +CVE-2022-44338 + RESERVED +CVE-2022-44337 + RESERVED +CVE-2022-44336 + RESERVED +CVE-2022-44335 + RESERVED +CVE-2022-44334 + RESERVED +CVE-2022-44333 + RESERVED +CVE-2022-44332 + RESERVED +CVE-2022-44331 + RESERVED +CVE-2022-44330 + RESERVED +CVE-2022-44329 + RESERVED +CVE-2022-44328 + RESERVED +CVE-2022-44327 + RESERVED +CVE-2022-44326 + RESERVED +CVE-2022-44325 + RESERVED +CVE-2022-44324 + RESERVED +CVE-2022-44323 + RESERVED +CVE-2022-44322 + RESERVED +CVE-2022-44321 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44320 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44319 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44318 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44317 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44316 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44315 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44314 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44313 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44312 (PicoC Version 3.2.2 was discovered to contain a heap buffer overflow i ...) + NOT-FOR-US: PicoC +CVE-2022-44311 (html2xhtml v1.3 was discovered to contain an Out-Of-Bounds read in the ...) + NOT-FOR-US: html2xhtml +CVE-2022-44310 (In Development IL ecdh before 0.2.0, an attacker can send an invalid p ...) + NOT-FOR-US: Development IL ecdh +CVE-2022-44309 + RESERVED +CVE-2022-44308 + RESERVED +CVE-2022-44307 + RESERVED +CVE-2022-44306 + RESERVED +CVE-2022-44305 + RESERVED +CVE-2022-44304 + RESERVED +CVE-2022-44303 (Resque Scheduler version 1.27.4 is vulnerable to Cross-site scripting ...) + NOT-FOR-US: Resque Scheduler +CVE-2022-44302 + RESERVED +CVE-2022-44301 + RESERVED +CVE-2022-44300 + RESERVED +CVE-2022-44299 (SiteServerCMS 7.1.3 sscms has a file read vulnerability.) + NOT-FOR-US: SiteServer CMS +CVE-2022-44298 (SiteServer CMS 7.1.3 is vulnerable to SQL Injection.) + NOT-FOR-US: SiteServer CMS +CVE-2022-44297 (SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.) + NOT-FOR-US: SiteServer CMS +CVE-2022-44296 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44295 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44294 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44293 + RESERVED +CVE-2022-44292 + RESERVED +CVE-2022-44291 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: webtareas +CVE-2022-44290 (webTareas 2.4p5 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: webtareas +CVE-2022-44289 (Thinkphp 5.1.41 and 5.0.24 has a code logic error which causes file up ...) + NOT-FOR-US: ThinkPHP Framework +CVE-2022-44288 + RESERVED +CVE-2022-44287 + RESERVED +CVE-2022-44286 + RESERVED +CVE-2022-44285 + RESERVED +CVE-2022-44284 (Dinstar FXO Analog VoIP Gateway DAG2000-16O is vulnerable to Cross Sit ...) + NOT-FOR-US: Dinstar FXO Analog VoIP Gateway DAG2000-16O +CVE-2022-44283 (AVS Audio Converter 10.3 is vulnerable to Buffer Overflow.) + NOT-FOR-US: AVS Audio Converter +CVE-2022-44282 + RESERVED +CVE-2022-44281 + RESERVED +CVE-2022-44280 (Automotive Shop Management System v1.0 is vulnerable to Delete any fil ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-44279 (Garage Management System v1.0 is vulnerable to Cross Site Scripting (X ...) + NOT-FOR-US: Garage Management System +CVE-2022-44278 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44277 (Sanitization Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44276 (In Responsive Filemanager < 9.12.0, an attacker can bypass upload rest ...) + NOT-FOR-US: Responsive Filemanager +CVE-2022-44275 + RESERVED +CVE-2022-44274 + RESERVED +CVE-2022-44273 + RESERVED +CVE-2022-44272 + RESERVED +CVE-2022-44271 + RESERVED +CVE-2022-44270 + RESERVED +CVE-2022-44269 + RESERVED +CVE-2022-44268 (ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it ...) + {DSA-5347-1 DLA-3357-1} + - imagemagick 8:6.9.11.60+dfsg-1.6 (bug #1030767) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763 + NOTE: https://www.metabaseq.com/imagemagick-zero-days/ + NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027 + NOTE: https://github.com/duc-nt/CVE-2022-44268-ImageMagick-Arbitrary-File-Read-PoC +CVE-2022-44267 (ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parse ...) + {DSA-5347-1 DLA-3357-1} + - imagemagick 8:6.9.11.60+dfsg-1.6 (bug #1030767) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/d77c01e560e973177feed4915ffd7dd1a45fd763 + NOTE: https://www.metabaseq.com/imagemagick-zero-days/ + NOTE: https://github.com/ImageMagick/ImageMagick/discussions/6027 +CVE-2022-44266 + RESERVED +CVE-2022-44265 + RESERVED +CVE-2022-44264 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.) + NOT-FOR-US: Dentsply Sirona Sidexis +CVE-2022-44263 (Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Contr ...) + NOT-FOR-US: Dentsply Sirona Sidexis +CVE-2022-44262 (ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE).) + NOT-FOR-US: ff4j +CVE-2022-44261 (Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Avery Dennison Monarch Printer M9855 +CVE-2022-44260 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44259 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44258 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44257 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44256 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44255 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication bu ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44254 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44253 (TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication b ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44252 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44251 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44250 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44249 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 contains a command injection v ...) + NOT-FOR-US: TOTOLINK +CVE-2022-44248 + RESERVED +CVE-2022-44247 + RESERVED +CVE-2022-44246 + RESERVED +CVE-2022-44245 + RESERVED +CVE-2022-44244 (An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalat ...) + NOT-FOR-US: Lin-CMS +CVE-2022-44243 + RESERVED +CVE-2022-44242 + RESERVED +CVE-2022-44241 + RESERVED +CVE-2022-44240 + RESERVED +CVE-2022-44239 + RESERVED +CVE-2022-44238 + RESERVED +CVE-2022-44237 + RESERVED +CVE-2022-44236 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...) + NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG +CVE-2022-44235 (Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20 ...) + NOT-FOR-US: Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG +CVE-2022-44234 + RESERVED +CVE-2022-44233 + RESERVED +CVE-2022-44232 (libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in d ...) + - ming +CVE-2022-44231 + RESERVED +CVE-2022-44230 + RESERVED +CVE-2022-44229 + RESERVED +CVE-2022-44228 + RESERVED +CVE-2022-44227 + RESERVED +CVE-2022-44226 + RESERVED +CVE-2022-44225 + RESERVED +CVE-2022-44224 + RESERVED +CVE-2022-44223 + RESERVED +CVE-2022-44222 + RESERVED +CVE-2022-44221 + RESERVED +CVE-2022-44220 + RESERVED +CVE-2022-44219 + RESERVED +CVE-2022-44218 + RESERVED +CVE-2022-44217 + RESERVED +CVE-2022-44216 (Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An att ...) + NOT-FOR-US: Gnuboard +CVE-2022-44215 (There is an open redirect vulnerability in Titan FTP server 19.0 and b ...) + NOT-FOR-US: Titan FTP server +CVE-2022-44214 + RESERVED +CVE-2022-44213 (ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulne ...) + NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio ECO ADMS +CVE-2022-44212 (In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to ac ...) + NOT-FOR-US: GL.iNet Goodcloud +CVE-2022-44211 (In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote atta ...) + NOT-FOR-US: GL.iNet Goodcloud +CVE-2022-44210 + RESERVED +CVE-2022-44209 + RESERVED +CVE-2022-44208 + RESERVED +CVE-2022-44207 + RESERVED +CVE-2022-44206 + RESERVED +CVE-2022-44205 + RESERVED +CVE-2022-44204 (D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow ...) + NOT-FOR-US: D-Link +CVE-2022-44203 + RESERVED +CVE-2022-44202 (D-Link DIR878 1.02B04 and 1.02B05 are vulnerable to Buffer Overflow.) + NOT-FOR-US: D-Link +CVE-2022-44201 (D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.) + NOT-FOR-US: D-Link +CVE-2022-44200 (Netgear R7000P V1.3.0.8, V1.3.1.64 is vulnerable to Buffer Overflow vi ...) + NOT-FOR-US: Netgear +CVE-2022-44199 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) + NOT-FOR-US: Netgear +CVE-2022-44198 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) + NOT-FOR-US: Netgear +CVE-2022-44197 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) + NOT-FOR-US: Netgear +CVE-2022-44196 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) + NOT-FOR-US: Netgear +CVE-2022-44195 + RESERVED +CVE-2022-44194 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via parameter ...) + NOT-FOR-US: Netgear +CVE-2022-44193 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) + NOT-FOR-US: Netgear +CVE-2022-44192 + RESERVED +CVE-2022-44191 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) + NOT-FOR-US: Netgear +CVE-2022-44190 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow via paramete ...) + NOT-FOR-US: Netgear +CVE-2022-44189 + RESERVED +CVE-2022-44188 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) + NOT-FOR-US: Netgear +CVE-2022-44187 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_ ...) + NOT-FOR-US: Netgear +CVE-2022-44186 (Netgear R7000P V1.3.1.64 is vulnerable to Buffer Overflow in /usr/sbin ...) + NOT-FOR-US: Netgear +CVE-2022-44185 + RESERVED +CVE-2022-44184 (Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/ ...) + NOT-FOR-US: Netgear +CVE-2022-44183 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44182 + RESERVED +CVE-2022-44181 + RESERVED +CVE-2022-44180 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44179 + RESERVED +CVE-2022-44178 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow. via function ...) + NOT-FOR-US: Tenda +CVE-2022-44177 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44176 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44175 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44174 (Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44173 + RESERVED +CVE-2022-44172 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44171 (Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44170 + RESERVED +CVE-2022-44169 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44168 (Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44167 (Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44166 + RESERVED +CVE-2022-44165 + RESERVED +CVE-2022-44164 + RESERVED +CVE-2022-44163 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44162 + RESERVED +CVE-2022-44161 + RESERVED +CVE-2022-44160 + RESERVED +CVE-2022-44159 + RESERVED +CVE-2022-44158 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44157 + RESERVED +CVE-2022-44156 (Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function ...) + NOT-FOR-US: Tenda +CVE-2022-44155 + RESERVED +CVE-2022-44154 + RESERVED +CVE-2022-44153 (Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Rapid Software LLC Rapid SCADA +CVE-2022-44152 + RESERVED +CVE-2022-44151 (Simple Inventory Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Simple Inventory Management System +CVE-2022-44150 + RESERVED +CVE-2022-44149 (The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 and 80.103.2. ...) + NOT-FOR-US: Nexxt Amp300 ARN02304U8 +CVE-2022-44148 + RESERVED +CVE-2022-44147 + REJECTED +CVE-2022-44146 + RESERVED +CVE-2022-44145 + RESERVED +CVE-2022-44144 + RESERVED +CVE-2022-44143 + RESERVED +CVE-2022-44142 + RESERVED +CVE-2022-44141 + RESERVED +CVE-2022-44140 (Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Jizhicms +CVE-2022-44139 (Apartment Visitor Management System v1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Apartment Visitor Management System +CVE-2022-44138 + RESERVED +CVE-2022-44137 (SourceCodester Sanitization Management System 1.0 is vulnerable to SQL ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-44136 (Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).) + NOT-FOR-US: Zenario CMS +CVE-2022-44135 + RESERVED +CVE-2022-44134 + RESERVED +CVE-2022-44133 + RESERVED +CVE-2022-44132 + RESERVED +CVE-2022-44131 + RESERVED +CVE-2022-44130 + RESERVED +CVE-2022-44129 + RESERVED +CVE-2022-44128 + RESERVED +CVE-2022-44127 + RESERVED +CVE-2022-44126 + RESERVED +CVE-2022-44125 + RESERVED +CVE-2022-44124 + RESERVED +CVE-2022-44123 + RESERVED +CVE-2022-44122 + RESERVED +CVE-2022-44121 + RESERVED +CVE-2022-44120 (dedecmdv6 6.1.9 is vulnerable to SQL Injection. via sys_sql_query.php.) + NOT-FOR-US: dedecmdv6 +CVE-2022-44119 + RESERVED +CVE-2022-44118 (dedecmdv6 v6.1.9 is vulnerable to Remote Code Execution (RCE) via file ...) + NOT-FOR-US: dedecmdv6 +CVE-2022-44117 (Boa 0.94.14rc21 is vulnerable to SQL Injection via username.) + - boa +CVE-2022-44116 + RESERVED +CVE-2022-44115 + RESERVED +CVE-2022-44114 + RESERVED +CVE-2022-44113 + RESERVED +CVE-2022-44112 + RESERVED +CVE-2022-44111 + RESERVED +CVE-2022-44110 + RESERVED +CVE-2022-44109 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...) + NOT-FOR-US: pdftojson +CVE-2022-44108 (pdftojson commit 94204bb was discovered to contain a stack overflow vi ...) + NOT-FOR-US: pdftojson +CVE-2022-44107 + RESERVED +CVE-2022-44106 + RESERVED +CVE-2022-44105 + RESERVED +CVE-2022-44104 + RESERVED +CVE-2022-44103 + RESERVED +CVE-2022-44102 + RESERVED +CVE-2022-44101 + RESERVED +CVE-2022-44100 + RESERVED +CVE-2022-44099 + RESERVED +CVE-2022-44098 + RESERVED +CVE-2022-44097 (Book Store Management System v1.0 was discovered to contain hardcoded ...) + NOT-FOR-US: Book Store Management System +CVE-2022-44096 (Sanitization Management System v1.0 was discovered to contain hardcode ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-44095 + RESERVED +CVE-2022-44094 + RESERVED +CVE-2022-44093 + RESERVED +CVE-2022-44092 + RESERVED +CVE-2022-44091 + RESERVED +CVE-2022-44090 + RESERVED +CVE-2022-44089 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) + NOT-FOR-US: ESPCMS +CVE-2022-44088 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) + NOT-FOR-US: ESPCMS +CVE-2022-44087 (ESPCMS P8.21120101 was discovered to contain a remote code execution ( ...) + NOT-FOR-US: ESPCMS +CVE-2022-44086 + RESERVED +CVE-2022-44085 + RESERVED +CVE-2022-44084 + RESERVED +CVE-2022-44083 + RESERVED +CVE-2022-44082 + RESERVED +CVE-2022-44081 (Lodepng v20220717 was discovered to contain a segmentation fault via t ...) + NOT-FOR-US: Lodepng +CVE-2022-44080 + RESERVED +CVE-2022-44079 (pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered t ...) + NOT-FOR-US: pycdc +CVE-2022-44078 + RESERVED +CVE-2022-44077 + RESERVED +CVE-2022-44076 + RESERVED +CVE-2022-44075 + RESERVED +CVE-2022-44074 + RESERVED +CVE-2022-44073 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Zenario CMS +CVE-2022-44072 + RESERVED +CVE-2022-44071 (Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: Zenario CMS +CVE-2022-44070 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Zenario CMS +CVE-2022-44069 (Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Zenario CMS +CVE-2022-44068 + RESERVED +CVE-2022-44067 + RESERVED +CVE-2022-44066 + RESERVED +CVE-2022-44065 + RESERVED +CVE-2022-44064 + RESERVED +CVE-2022-44063 + RESERVED +CVE-2022-44062 + RESERVED +CVE-2022-44061 + RESERVED +CVE-2022-44060 + RESERVED +CVE-2022-44059 + RESERVED +CVE-2022-44058 + RESERVED +CVE-2022-44057 + RESERVED +CVE-2022-44056 + RESERVED +CVE-2022-44055 + RESERVED +CVE-2022-44054 (The d8s-xml for python, as distributed on PyPI, included a potential c ...) + NOT-FOR-US: d8s-xml +CVE-2022-44053 (The d8s-networking for python, as distributed on PyPI, included a pote ...) + NOT-FOR-US: d8s-networking +CVE-2022-44052 (The d8s-dates for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-dates +CVE-2022-44051 (The d8s-stats for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-stats +CVE-2022-44050 (The d8s-networking for python, as distributed on PyPI, included a pote ...) + NOT-FOR-US: d8s-networking +CVE-2022-44049 (The d8s-python for python, as distributed on PyPI, included a potentia ...) + NOT-FOR-US: d8s-python +CVE-2022-44048 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-urls +CVE-2022-44047 + RESERVED +CVE-2022-44046 + RESERVED +CVE-2022-44045 + RESERVED +CVE-2022-44044 + RESERVED +CVE-2022-44043 + RESERVED +CVE-2022-44042 + RESERVED +CVE-2022-44041 + RESERVED +CVE-2022-44040 + RESERVED +CVE-2022-44039 (Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File s ...) + NOT-FOR-US: Franklin Fueling System FFS Colibri +CVE-2022-44038 (Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remo ...) + NOT-FOR-US: Russound XSourcePlayer 777D +CVE-2022-44037 (An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) ...) + NOT-FOR-US: APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software +CVE-2022-44036 (In b2evolution 7.2.5, if configured with admins_can_manipulate_sensiti ...) + NOT-FOR-US: b2evolution CMS +CVE-2022-44035 + RESERVED +CVE-2022-44034 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) + - linux 6.4.4-1 (unimportant) + NOTE: https://lore.kernel.org/lkml/20220916050333.GA188358@ubuntu/ + NOTE: https://lore.kernel.org/lkml/20220919101825.GA313940@ubuntu/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-44033 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ + NOTE: https://lore.kernel.org/lkml/20220919040457.GA302681@ubuntu/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-44032 (An issue was discovered in the Linux kernel through 6.0.6. drivers/cha ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/lkml/20220915020834.GA110086@ubuntu/ + NOTE: https://lore.kernel.org/lkml/20220919040701.GA302806@ubuntu/ + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-44031 (Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in i ...) + - redmine 5.0.4-1 (bug #1026048) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories +CVE-2022-44030 (Redmine 5.x before 5.0.4 allows downloading of file attachments of any ...) + - redmine 5.0.4-1 (bug #1026048) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://github.com/redmine/redmine/commit/c02e3bfaec5fb45bd02d840b2306a875cc4f7f88 + NOTE: https://github.com/redmine/redmine/commit/eea816ae0825a3d794e650d11a3909ace772152b + NOTE: https://github.com/redmine/redmine/commit/df615b7047e58a5dfb236d3b011dfe1619559acc + NOTE: https://github.com/redmine/redmine/commit/072faff556c5f3ab1f65cad4d2753600cf4ee909 + NOTE: https://github.com/redmine/redmine/commit/9435929e349f0af9ba1d059e41d80c65be50e833 +CVE-2022-44029 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44028 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44027 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44026 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44025 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44024 (An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It al ...) + NOT-FOR-US: NetScout +CVE-2022-44023 (PwnDoc through 0.5.3 might allow remote attackers to identify disabled ...) + NOT-FOR-US: PwnDoc +CVE-2022-44022 (PwnDoc through 0.5.3 might allow remote attackers to identify valid us ...) + NOT-FOR-US: PwnDoc +CVE-2022-44021 + RESERVED +CVE-2022-44020 (An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and Vi ...) + NOT-FOR-US: OpenStack Sushy-Tools / VirtualBMC +CVE-2022-44019 (In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote comm ...) + NOT-FOR-US: Total.js CMS +CVE-2022-44018 (In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discov ...) + NOT-FOR-US: Softing uaToolkit Embedded +CVE-2022-44017 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. Due ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44016 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44015 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44014 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. In t ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44013 (An issue was discovered in Simmeth Lieferantenmanager before 5.6. An a ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44012 (An issue was discovered in /DS/LM_API/api/SelectionService/InsertQuery ...) + NOT-FOR-US: Simmeth Lieferantenmanager +CVE-2022-44011 (An issue was discovered in ClickHouse before 22.9.1.2603. An authentic ...) + - clickhouse + [bookworm] - clickhouse (Minor issue) + [bullseye] - clickhouse (Minor issue) + [buster] - clickhouse (Minor issue, DoS) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/40241 +CVE-2022-44010 (An issue was discovered in ClickHouse before 22.9.1.2603. An attacker ...) + - clickhouse + [bookworm] - clickhouse (Minor issue) + [bullseye] - clickhouse (Minor issue) + [buster] - clickhouse (Minor issue, DoS) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/40292 +CVE-2022-44009 (Improper access control in Key-Value RBAC in StackStorm version 3.7.0 ...) + NOT-FOR-US: StackStorm +CVE-2022-44008 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44007 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an un ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44006 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to impro ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44005 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to the u ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44004 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insec ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44003 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44002 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to insuf ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44001 (An issue was discovered in BACKCLICK Professional 5.9.63. User authent ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-44000 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to an ex ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-43999 (An issue was discovered in BACKCLICK Professional 5.9.63. Due to expos ...) + NOT-FOR-US: BACKCLICK Professional +CVE-2022-43998 + RESERVED +CVE-2022-3757 + REJECTED +CVE-2022-3756 + REJECTED +CVE-2022-3755 + REJECTED +CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) + NOT-FOR-US: phpmyfaq +CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43997 (Incorrect access control in Aternity agent in Riverbed Aternity before ...) + NOT-FOR-US: Riverbed Aternity +CVE-2022-43996 (The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF d ...) + NOT-FOR-US: csaf_provider +CVE-2022-43995 (Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains ...) + - sudo 1.9.12p1-1 (unimportant) + NOTE: Fixed by: https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 (SUDO_1_9_12p1) + NOTE: Binary packages compiled with PAM support not enabling the plugins/sudoers/auth/passwd.c code +CVE-2022-43994 + RESERVED +CVE-2022-43993 + RESERVED +CVE-2022-43992 + RESERVED +CVE-2022-43991 + RESERVED +CVE-2022-43990 (Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 wit ...) + NOT-FOR-US: SICK +CVE-2022-43989 (Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 10926 ...) + NOT-FOR-US: SICK +CVE-2022-43988 + RESERVED +CVE-2022-43987 + RESERVED +CVE-2022-43986 + RESERVED +CVE-2022-43985 (In Apache Airflow versions prior to 2.4.2, there was an open redirect ...) + - airflow (bug #819700) +CVE-2022-43984 (Browsershot version 3.57.3 allows an external attacker to remotely obt ...) + NOT-FOR-US: Browsershot +CVE-2022-43983 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...) + NOT-FOR-US: Browsershot +CVE-2022-3752 (An unauthorized user could use a specially crafted sequence of Etherne ...) + NOT-FOR-US: Rockwell +CVE-2022-3751 (SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.) + NOT-FOR-US: Owncast +CVE-2022-43982 (In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with confi ...) + - airflow (bug #819700) +CVE-2022-43981 + RESERVED +CVE-2022-43980 (There is a stored cross-site scripting vulnerability in Pandora FMS v7 ...) + NOT-FOR-US: Pandora FMS +CVE-2022-43979 (There is a Path Traversal that leads to a Local File Inclusion in Pand ...) + NOT-FOR-US: Pandora FMS +CVE-2022-43978 (There is an improper authentication vulnerability in Pandora FMS v764. ...) + NOT-FOR-US: Pandora FMS +CVE-2022-3750 (The has a CSRF vulnerability that allows the deletion of a post witho ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3749 + RESERVED +CVE-2022-3748 (Improper Authorization vulnerability in ForgeRock Inc. Access Manageme ...) + NOT-FOR-US: ForgeRock +CVE-2022-3747 (The Becustom plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: Becustom plugin for WordPress +CVE-2022-3746 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2022-3745 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2022-3744 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2022-3743 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2022-3742 (A potential vulnerability was discovered in LCFC BIOS for some Lenovo ...) + NOT-FOR-US: Lenovo +CVE-2022-3741 (Impact varies for each individual vulnerability in the application. Fo ...) + NOT-FOR-US: chatwoot +CVE-2022-3740 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3739 + RESERVED +CVE-2022-3738 (The vulnerability allows a remote unauthenticated attacker to download ...) + NOT-FOR-US: WAGO +CVE-2022-3737 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 me ...) + NOT-FOR-US: PHOENIX +CVE-2023-20851 (In stc, there is a possible out of bounds read due to a race condition ...) + NOT-FOR-US: MediaTek +CVE-2023-20850 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-20849 (In imgsys_cmdq, there is a possible use after free due to a missing va ...) + NOT-FOR-US: MediaTek +CVE-2023-20848 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20847 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20846 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20845 (In imgsys, there is a possible out of bounds read due to a missing val ...) + NOT-FOR-US: MediaTek +CVE-2023-20844 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20843 (In imgsys_cmdq, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20842 (In imgsys_cmdq, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-20841 (In imgsys, there is a possible out of bounds write due to a missing va ...) + NOT-FOR-US: MediaTek +CVE-2023-20840 (In imgsys, there is a possible out of bounds read and write due to a m ...) + NOT-FOR-US: MediaTek +CVE-2023-20839 (In imgsys, there is a possible out of bounds read due to a missing val ...) + NOT-FOR-US: MediaTek +CVE-2023-20838 (In imgsys, there is a possible out of bounds read due to a race condit ...) + NOT-FOR-US: MediaTek +CVE-2023-20837 (In seninf, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: MediaTek +CVE-2023-20836 (In camsys, there is a possible out of bounds read due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20835 (In camsys, there is a possible use after free due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2023-20834 (In pda, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek +CVE-2023-20833 (In keyinstall, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek +CVE-2023-20832 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20831 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20830 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20829 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20828 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20827 (In ims service, there is a possible memory corruption due to a race co ...) + NOT-FOR-US: MediaTek +CVE-2023-20826 (In cta, there is a possible information disclosure due to a missing pe ...) + NOT-FOR-US: MediaTek +CVE-2023-20825 (In duraspeed, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: MediaTek +CVE-2023-20824 (In duraspeed, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: MediaTek +CVE-2023-20823 (In cmdq, there is a possible out of bounds read due to an incorrect st ...) + NOT-FOR-US: MediaTek +CVE-2023-20822 (In netdagent, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2023-20821 (In nvram, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20820 (In wlan service, there is a possible command injection due to improper ...) + NOT-FOR-US: MediaTek +CVE-2023-20819 (In CDMA PPP protocol, there is a possible out of bounds write due to a ...) + NOT-FOR-US: MediaTek +CVE-2023-20818 (In wlan service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: MediaTek +CVE-2023-20817 (In wlan service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: MediaTek +CVE-2023-20816 (In wlan service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: MediaTek +CVE-2023-20815 (In wlan service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: MediaTek +CVE-2023-20814 (In wlan service, there is a possible out of bounds write due to improp ...) + NOT-FOR-US: MediaTek +CVE-2023-20813 (In wlan service, there is a possible out of bounds read due to imprope ...) + NOT-FOR-US: MediaTek +CVE-2023-20812 (In wlan driver, there is a possible out of bounds write due to imprope ...) + NOT-FOR-US: MediaTek +CVE-2023-20811 (In IOMMU, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20810 (In IOMMU, there is a possible information disclosure due to improper i ...) + NOT-FOR-US: MediaTek +CVE-2023-20809 (In vdec, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek +CVE-2023-20808 (In OPTEE, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20807 (In dpe, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20806 (In hcp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20805 (In imgsys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: MediaTek +CVE-2023-20804 (In imgsys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: MediaTek +CVE-2023-20803 (In imgsys, there is a possible memory corruption due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2023-20802 (In imgsys, there is a possible memory corruption due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2023-20801 (In imgsys,there is a possible use after free due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2023-20800 (In imgsys, there is a possible system crash due to a mssing ptr check. ...) + NOT-FOR-US: MediaTek +CVE-2023-20799 + RESERVED +CVE-2023-20798 (In pda, there is a possible out of bounds read due to an incorrect cal ...) + NOT-FOR-US: MediaTek +CVE-2023-20797 (In camera middleware, there is a possible out of bounds write due to a ...) + NOT-FOR-US: MediaTek +CVE-2023-20796 (In power, there is a possible memory corruption due to an incorrect bo ...) + NOT-FOR-US: MediaTek +CVE-2023-20795 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20794 + RESERVED +CVE-2023-20793 (In apu, there is a possible memory corruption due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20792 + RESERVED +CVE-2023-20791 + RESERVED +CVE-2023-20790 (In nvram, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20789 (In jpeg, there is a possible information disclosure due to a missing b ...) + NOT-FOR-US: MediaTek +CVE-2023-20788 (In thermal, there is a possible use after free due to a race condition ...) + NOT-FOR-US: MediaTek +CVE-2023-20787 (In thermal, there is a possible use after free due to a race condition ...) + NOT-FOR-US: MediaTek +CVE-2023-20786 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20785 (In audio, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20784 (In keyinstall, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20783 (In keyinstall, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20782 (In keyinstall, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek +CVE-2023-20781 (In keyinstall, there is a possible memory corruption due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2023-20780 (In keyinstall, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek +CVE-2023-20779 + RESERVED +CVE-2023-20778 + RESERVED +CVE-2023-20777 + RESERVED +CVE-2023-20776 + RESERVED +CVE-2023-20775 (In display, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediatekMediatek +CVE-2023-20774 (In display, there is a possible out of bounds read due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2023-20773 (In vow, there is a possible escalation of privilege due to a missing p ...) + NOT-FOR-US: Mediatek +CVE-2023-20772 (In vow, there is a possible escalation of privilege due to a missing p ...) + NOT-FOR-US: Mediatek +CVE-2023-20771 (In display, there is a possible memory corruption due to a race condit ...) + NOT-FOR-US: Mediatek +CVE-2023-20770 + RESERVED +CVE-2023-20769 + RESERVED +CVE-2023-20768 (In ion, there is a possible out of bounds read due to type confusion. ...) + NOT-FOR-US: Mediatek +CVE-2023-20767 (In pqframework, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Mediatek +CVE-2023-20766 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20765 + RESERVED +CVE-2023-20764 + RESERVED +CVE-2023-20763 + RESERVED +CVE-2023-20762 + RESERVED +CVE-2023-20761 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20760 (In apu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20759 (In cmdq, there is a possible memory corruption due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20758 (In cmdq, there is a possible memory corruption due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20757 (In cmdq, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20756 (In keyinstall, there is a possible out of bounds write due to an integ ...) + NOT-FOR-US: Mediatek +CVE-2023-20755 (In keyinstall, there is a possible out of bounds write due to an integ ...) + NOT-FOR-US: Mediatek +CVE-2023-20754 (In keyinstall, there is a possible out of bounds write due to an integ ...) + NOT-FOR-US: Mediatek +CVE-2023-20753 (In rpmb, there is a possible out of bounds write due to a logic error. ...) + NOT-FOR-US: Mediatek +CVE-2023-20752 (In keymange, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20751 (In keymange, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20750 (In swpm, there is a possible out of bounds write due to a race conditi ...) + NOT-FOR-US: Mediatek +CVE-2023-20749 (In swpm, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20748 (In display, there is a possible out of bounds read due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2023-20747 (In vcu, there is a possible memory corruption due to type confusion. T ...) + NOT-FOR-US: Mediatek +CVE-2023-20746 (In vcu, there is a possible out of bounds write due to improper lockin ...) + NOT-FOR-US: Mediatek +CVE-2023-20745 (In vcu, there is a possible out of bounds write due to improper lockin ...) + NOT-FOR-US: Mediatek +CVE-2023-20744 (In vcu, there is a possible use after free due to a logic error. This ...) + NOT-FOR-US: Mediatek +CVE-2023-20743 (In vcu, there is a possible out of bounds write due to improper lockin ...) + NOT-FOR-US: Mediatek +CVE-2023-20742 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20741 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20740 (In vcu, there is a possible memory corruption due to a logic error. Th ...) + NOT-FOR-US: Mediatek +CVE-2023-20739 (In vcu, there is a possible memory corruption due to a logic error. Th ...) + NOT-FOR-US: Mediatek +CVE-2023-20738 (In vcu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20737 (In vcu, there is a possible use after free due to improper locking. Th ...) + NOT-FOR-US: Mediatek +CVE-2023-20736 (In vcu, there is a possible out of bounds write due to a race conditio ...) + NOT-FOR-US: Mediatek +CVE-2023-20735 (In vcu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20734 (In vcu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20733 (In vcu, there is a possible use after free due to improper locking. Th ...) + NOT-FOR-US: Mediatek +CVE-2023-20732 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20731 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20730 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20729 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20728 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20727 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20726 (In mnld, there is a possible leak of GPS location due to a missing per ...) + NOT-FOR-US: Mediatek +CVE-2023-20725 (In preloader, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20724 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20723 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20722 (In m4u, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: Mediatek +CVE-2023-20721 (In isp, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: Mediatek +CVE-2023-20720 (In pqframework, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Mediatek +CVE-2023-20719 (In pqframework, there is a possible out of bounds read due to a missin ...) + NOT-FOR-US: Mediatek +CVE-2023-20718 (In vcu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20717 (In vcu, there is a possible leak of dma buffer due to a race condition ...) + NOT-FOR-US: Mediatek +CVE-2023-20716 (In wlan, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20715 (In wlan, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20714 + RESERVED +CVE-2023-20713 + RESERVED +CVE-2023-20712 (In wlan, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20711 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20710 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20709 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20708 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20707 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2023-20706 (In apu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20705 (In apu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20704 (In apu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20703 (In apu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: Mediatek +CVE-2023-20702 (In 5G NRLC, there is a possible invalid memory access due to lack of e ...) + NOT-FOR-US: Mediatek +CVE-2023-20701 (In widevine, there is a possible out of bounds write due to a logic er ...) + NOT-FOR-US: Mediatek +CVE-2023-20700 (In widevine, there is a possible out of bounds write due to a logic er ...) + NOT-FOR-US: Mediatek +CVE-2023-20699 (In adsp, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2023-20698 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20697 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20696 (In preloader, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20695 (In preloader, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20694 (In preloader, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2023-20693 (In wlan firmware, there is possible system crash due to an uncaught ex ...) + NOT-FOR-US: Mediatek +CVE-2023-20692 (In wlan firmware, there is possible system crash due to an uncaught ex ...) + NOT-FOR-US: Mediatek +CVE-2023-20691 (In wlan firmware, there is possible system crash due to an integer ove ...) + NOT-FOR-US: Mediatek +CVE-2023-20690 (In wlan firmware, there is possible system crash due to an integer ove ...) + NOT-FOR-US: Mediatek +CVE-2023-20689 (In wlan firmware, there is possible system crash due to an integer ove ...) + NOT-FOR-US: Mediatek +CVE-2023-20688 (In power, there is a possible out of bounds read due to a missing boun ...) + NOT-FOR-US: MediaTek +CVE-2023-20687 (In display drm, there is a possible double free due to a race conditio ...) + NOT-FOR-US: MediaTek +CVE-2023-20686 (In display drm, there is a possible double free due to a race conditio ...) + NOT-FOR-US: MediaTek +CVE-2023-20685 (In vdec, there is a possible use after free due to a race condition. T ...) + NOT-FOR-US: MediaTek +CVE-2023-20684 (In vdec, there is a possible use after free due to a race condition. T ...) + NOT-FOR-US: MediaTek +CVE-2023-20683 + RESERVED +CVE-2023-20682 (In wlan, there is a possible out of bounds write due to an integer ove ...) + NOT-FOR-US: MediaTek +CVE-2023-20681 (In adsp, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2023-20680 (In adsp, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2023-20679 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20678 + RESERVED +CVE-2023-20677 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20676 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20675 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20674 (In wlan, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20673 (In vcu, there is a possible memory corruption due to type confusion. T ...) + NOT-FOR-US: Mediatek +CVE-2023-20672 + RESERVED +CVE-2023-20671 + RESERVED +CVE-2023-20670 (In audio, there is a possible out of bounds write due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20669 + RESERVED +CVE-2023-20668 + RESERVED +CVE-2023-20667 + RESERVED +CVE-2023-20666 (In display drm, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-20665 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20664 (In gz, there is a possible double free due to a use after free. This c ...) + NOT-FOR-US: MediaTek +CVE-2023-20663 (In wlan, there is a possible out of bounds write due to an integer ove ...) + NOT-FOR-US: MediaTek +CVE-2023-20662 (In wlan, there is a possible out of bounds write due to an integer ove ...) + NOT-FOR-US: MediaTek +CVE-2023-20661 (In wlan, there is a possible out of bounds write due to an integer ove ...) + NOT-FOR-US: MediaTek +CVE-2023-20660 (In wlan, there is a possible out of bounds read due to an integer over ...) + NOT-FOR-US: MediaTek +CVE-2023-20659 (In wlan, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek +CVE-2023-20658 (In isp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20657 (In mtee, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek +CVE-2023-20656 (In geniezone, there is a possible out of bounds write due to a logic e ...) + NOT-FOR-US: MediaTek +CVE-2023-20655 (In mmsdk, there is a possible escalation of privilege due to a parcel ...) + NOT-FOR-US: MediaTek +CVE-2023-20654 (In keyinstall, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20653 (In keyinstall, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20652 (In keyinstall, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek +CVE-2023-20651 (In apu, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20650 (In apu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20649 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20648 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20647 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20646 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20645 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20644 (In ril, there is a possible out of bounds read due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2023-20643 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20642 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20641 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20640 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20639 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20638 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20637 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20636 (In display drm, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-20635 (In keyinstall, there is a possible information disclosure due to an in ...) + NOT-FOR-US: MediaTek +CVE-2023-20634 (In widevine, there is a possible out of bounds write due to improper i ...) + NOT-FOR-US: MediaTek +CVE-2023-20633 (In usb, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20632 (In usb, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20631 + RESERVED +CVE-2023-20630 (In usb, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20629 + RESERVED +CVE-2023-20628 (In thermal, there is a possible memory corruption due to an uncaught e ...) + NOT-FOR-US: MediaTek +CVE-2023-20627 (In pqframework, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2023-20626 (In msdc, there is a possible out of bounds write due to an incorrect b ...) + NOT-FOR-US: MediaTek +CVE-2023-20625 (In adsp, there is a possible double free due to a race condition. This ...) + NOT-FOR-US: MediaTek +CVE-2023-20624 (In vow, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: MediaTek +CVE-2023-20623 (In ion, there is a possible escalation of privilege due to improper lo ...) + NOT-FOR-US: MediaTek +CVE-2023-20622 + RESERVED +CVE-2023-20621 (In tinysys, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediaTek +CVE-2023-20620 (In adsp, there is a possible escalation of privilege due to a logic er ...) + NOT-FOR-US: MediaTek +CVE-2023-20619 (In vcu, there is a possible memory corruption due to improper locking. ...) + NOT-FOR-US: MediaTek +CVE-2023-20618 (In vcu, there is a possible memory corruption due to improper locking. ...) + NOT-FOR-US: MediaTek +CVE-2023-20617 + RESERVED +CVE-2023-20616 (In ion, there is a possible out of bounds read due to type confusion. ...) + NOT-FOR-US: MediaTek +CVE-2023-20615 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20614 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20613 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20612 (In ril, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20611 (In gpu, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek +CVE-2023-20610 (In display drm, there is a possible memory corruption due to a race co ...) + NOT-FOR-US: MediaTek +CVE-2023-20609 (In ccu, there is a possible out of bounds read due to a logic error. T ...) + NOT-FOR-US: MediaTek +CVE-2023-20608 (In display drm, there is a possible use after free due to a race condi ...) + NOT-FOR-US: MediaTek +CVE-2023-20607 (In ccu, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2023-20606 (In apusys, there is a possible out of bounds read due to a missing bou ...) + NOT-FOR-US: MediaTek +CVE-2023-20605 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2023-20604 (In ged, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2023-20603 + RESERVED +CVE-2023-20602 (In ged, there is a possible out of bounds write due to an integer over ...) + NOT-FOR-US: MediaTek +CVE-2022-43977 (An issue was discovered on GE Grid Solutions MS3000 devices before 3.7 ...) + NOT-FOR-US: GE +CVE-2022-43976 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...) + NOT-FOR-US: GE +CVE-2022-43975 (An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 ...) + NOT-FOR-US: GE +CVE-2022-43974 (MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDeco ...) + - matrixssl +CVE-2022-43973 (An arbitrary code execution vulnerability exisits in Linksys WRT54GL W ...) + NOT-FOR-US: Linksys +CVE-2022-43972 (A null pointer dereference vulnerability exists in Linksys WRT54GL Wir ...) + NOT-FOR-US: Linksys +CVE-2022-43971 (An arbitrary code exection vulnerability exists in Linksys WUMC710 Wir ...) + NOT-FOR-US: Linksys +CVE-2022-43970 (A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G B ...) + NOT-FOR-US: Linksys +CVE-2022-43969 (Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials.) + NOT-FOR-US: Ricoh +CVE-2022-43968 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43967 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43966 + RESERVED +CVE-2022-43965 + RESERVED +CVE-2022-43964 + RESERVED +CVE-2022-43963 + RESERVED +CVE-2022-43962 + RESERVED +CVE-2022-43961 + RESERVED +CVE-2022-43960 + RESERVED +CVE-2022-43959 (Insufficiently Protected Credentials in the AD/LDAP server settings in ...) + NOT-FOR-US: 1C-Bitrix Bitrix24 +CVE-2022-3736 (BIND 9 resolver can crash when stale cache and stale answers are enabl ...) + {DSA-5329-1} + - bind9 1:9.18.11-1 + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-3736 +CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated as crit ...) + NOT-FOR-US: seccome Ehoney +CVE-2022-3734 (A vulnerability was found in a port or fork of Redis. It has been decl ...) + NOTE: Bogus report/assignment for Redis +CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) + NOT-FOR-US: SourceCodester Web-Based Student Clearance System +CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as critical ...) + NOT-FOR-US: seccome Ehoney +CVE-2022-3731 (A vulnerability has been found in seccome Ehoney and classified as cri ...) + NOT-FOR-US: seccome Ehoney +CVE-2022-3730 (A vulnerability, which was classified as critical, was found in seccom ...) + NOT-FOR-US: seccome Ehoney +CVE-2022-3729 (A vulnerability, which was classified as critical, has been found in s ...) + NOT-FOR-US: seccome Ehoney +CVE-2022-3728 (A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that ...) + NOT-FOR-US: Lenovo +CVE-2023-20601 + RESERVED +CVE-2023-20600 + RESERVED +CVE-2023-20599 + RESERVED +CVE-2023-20598 (An improper privilege management in the AMD Radeon\u2122Graphics drive ...) + NOT-FOR-US: AMD +CVE-2023-20597 (Improper initialization of variables in the DXE driver may allow a pri ...) + NOT-FOR-US: AMD +CVE-2023-20596 (Improper input validation in the SMM Supervisor may allow an attacker ...) + NOT-FOR-US: AMD +CVE-2023-20595 + RESERVED +CVE-2023-20594 (Improper initialization of variables in the DXE driver may allow a pri ...) + NOT-FOR-US: AMD +CVE-2023-20593 (An issue in \u201cZen 2\u201d CPUs, under specific microarchitectural ...) + {DSA-5462-1 DSA-5461-1 DSA-5459-1 DLA-3512-1 DLA-3511-1 DLA-3508-1} + - linux 6.4.4-2 + - amd64-microcode 3.20230719.1 (bug #1041863) + NOTE: https://www.openwall.com/lists/oss-security/2023/07/24/1 + NOTE: https://lock.cmpxchg8b.com/zenbleed.html + NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html + NOTE: https://github.com/google/security-research/security/advisories/GHSA-v6wh-rxpg-cmm8 + NOTE: https://xenbits.xen.org/xsa/advisory-433.html + NOTE: Technically not an issue in src:linux but track as well the kernel side mitigation + NOTE: under the CVE entry. + NOTE: 3.20230719.1 ships the first batch of fixes, only for 2nd gen Epyc CPUs, further + NOTE: CPUs to follow in later releases +CVE-2023-20592 (Improper or unexpected behavior of the INVD instruction in some AMD CP ...) + - amd64-microcode 3.20230719.1 + [bookworm] - amd64-microcode 3.20230719.1~deb12u1 + [bullseye] - amd64-microcode 3.20230719.1~deb11u1 + [buster] - amd64-microcode 3.20230719.1~deb10u1 + NOTE: https://cachewarpattack.com/ + NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3005.html +CVE-2023-20591 + RESERVED +CVE-2023-20590 + RESERVED +CVE-2023-20589 (An attacker with specialized hardware and physical access to an impact ...) + NOT-FOR-US: AMD +CVE-2023-20588 (A division-by-zero error on some AMD processors can potentially return ...) + {DSA-5492-1 DSA-5480-1 DLA-3623-1} + - linux 6.4.13-1 + [bullseye] - linux 5.10.197-1 + - xen 4.17.2+55-g0b56bed864-1 + [bookworm] - xen 4.17.2+76-ge1f9cb16e2-1~deb12u1 + [bullseye] - xen (EOLed in Bullseye) + [buster] - xen (DSA 4677-1) + NOTE: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html + NOTE: https://git.kernel.org/linus/77245f1c3c6495521f6a3af082696ee2f8ce3921 + NOTE: https://git.kernel.org/linus/f58d6fbcb7c848b7f2469be339bc571f2e9d245b + NOTE: https://xenbits.xen.org/xsa/advisory-439.html + NOTE: https://github.com/xen-project/xen/commit/d7b78041dc819efde0350f27754a61cb01a93496 +CVE-2023-20587 + RESERVED +CVE-2023-20586 (A potential vulnerability was reported in Radeon\u2122 Software Crimso ...) + NOT-FOR-US: AMD +CVE-2023-20585 + RESERVED +CVE-2023-20584 + RESERVED +CVE-2023-20583 (A potential power side-channel vulnerability in AMD processors may all ...) + NOT-FOR-US: AMD +CVE-2023-20582 + RESERVED +CVE-2023-20581 + RESERVED +CVE-2023-20580 + RESERVED +CVE-2023-20579 + RESERVED +CVE-2023-20578 + RESERVED +CVE-2023-20577 + RESERVED +CVE-2023-20576 + RESERVED +CVE-2023-20575 (A potential power side-channel vulnerability in some AMD processors ma ...) + NOT-FOR-US: AMD +CVE-2023-20574 + RESERVED +CVE-2023-20573 + RESERVED +CVE-2023-20572 + RESERVED +CVE-2023-20571 (A race condition in System Management Mode (SMM) code may allow an att ...) + NOT-FOR-US: AMD +CVE-2023-20570 + RESERVED +CVE-2023-20569 (A side channel vulnerability on some of the AMD CPUs may allow an atta ...) + {DSA-5475-1 DLA-3525-1} + - amd64-microcode 3.20230719.1 + [bookworm] - amd64-microcode 3.20230719.1~deb12u1 + [bullseye] - amd64-microcode 3.20230719.1~deb11u1 + [buster] - amd64-microcode 3.20230719.1~deb10u1 + - linux 6.4.4-3 + [buster] - linux (Mitigation is too invasive to backport) + NOTE: SRSO microcode for Milan (Zen3 EPYC): + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/amd-ucode?id=b250b32ab1d044953af2dc5e790819a7703b7ee6 + NOTE: 3.20230719.1 ships the first batch of fixes, only for 3nd gen EPYC CPUs (Milan), + NOTE: further update for 4th gen EPYC CPUs to follow in later releases. + NOTE: Updated microcode for 4th gen EPYC CPUs Genoa (Family=0x19 Model=0x11) and + NOTE: Bergamo (Family=0x19 Model=0xa0) with (cf: https://bugs.debian.org/1043381): + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f2eb058afc57348cde66852272d6bf11da1eef8f + NOTE: 3.20230808.1.1 ships this second batch of fixes for 4th gen EPYC CPUs. + NOTE: https://comsec.ethz.ch/research/microarch/inception/ + NOTE: https://comsec.ethz.ch/wp-content/files/inception_sec23.pdf + NOTE: https://github.com/comsec-group/inception + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-7005 + NOTE: https://www.amd.com/content/dam/amd/en/documents/corporate/cr/speculative-return-stack-overflow-whitepaper.pdf + NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/4 +CVE-2023-20568 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) + NOT-FOR-US: AMD +CVE-2023-20567 (Improper signature verification of RadeonTM RX Vega M Graphics driver ...) + NOT-FOR-US: AMD +CVE-2023-20566 (Improper address validation in ASP with SNP enabled may potentially al ...) + NOT-FOR-US: AMD +CVE-2023-20565 (Insufficient protections in System Management Mode (SMM) code may allo ...) + NOT-FOR-US: AMD +CVE-2023-20564 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) + NOT-FOR-US: AMD +CVE-2023-20563 (Insufficient protections in System Management Mode (SMM) code may allo ...) + NOT-FOR-US: AMD +CVE-2023-20562 (Insufficient validation in the IOCTL (Input Output Control) input buff ...) + NOT-FOR-US: AMD +CVE-2023-20561 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) + NOT-FOR-US: AMD +CVE-2023-20560 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) + NOT-FOR-US: AMD +CVE-2023-20559 (Insufficient control flow management in AmdCpmGpioInitSmm may allow a ...) + NOT-FOR-US: AMD +CVE-2023-20558 (Insufficient control flow management in AmdCpmOemSmm may allow a privi ...) + NOT-FOR-US: AMD +CVE-2023-20557 + RESERVED +CVE-2023-20556 (Insufficient validation of the IOCTL (Input Output Control) input buff ...) + NOT-FOR-US: AMD +CVE-2023-20555 (Insufficient input validation in CpmDisplayFeatureSmm may allow an att ...) + NOT-FOR-US: AMD +CVE-2023-20554 + RESERVED +CVE-2023-20553 + RESERVED +CVE-2023-20552 + RESERVED +CVE-2023-20551 + RESERVED +CVE-2023-20550 + RESERVED +CVE-2023-20549 + RESERVED +CVE-2023-20548 + RESERVED +CVE-2023-20547 + RESERVED +CVE-2023-20546 + RESERVED +CVE-2023-20545 + RESERVED +CVE-2023-20544 + RESERVED +CVE-2023-20543 + RESERVED +CVE-2023-20542 + RESERVED +CVE-2023-20541 + RESERVED +CVE-2023-20540 + RESERVED +CVE-2023-20539 + RESERVED +CVE-2023-20538 + RESERVED +CVE-2023-20537 + RESERVED +CVE-2023-20536 + RESERVED +CVE-2023-20535 + RESERVED +CVE-2023-20534 + RESERVED +CVE-2023-20533 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) + NOT-FOR-US: AMD +CVE-2023-20532 (Insufficient input validation in the SMU may allow an attacker to impr ...) + NOT-FOR-US: AMD +CVE-2023-20531 (Insufficient bound checks in the SMU may allow an attacker to update t ...) + NOT-FOR-US: AMD +CVE-2023-20530 (Insufficient input validation of BIOS mailbox messages in SMU may resu ...) + NOT-FOR-US: AMD +CVE-2023-20529 (Insufficient bound checks in the SMU may allow an attacker to update t ...) + NOT-FOR-US: AMD +CVE-2023-20528 (Insufficient input validation in the SMU may allow a physical attacker ...) + NOT-FOR-US: AMD +CVE-2023-20527 (Improper syscall input validation in the ASP Bootloader may allow a pr ...) + NOT-FOR-US: AMD +CVE-2023-20526 (Insufficient input validation in the ASP Bootloader may enable a privi ...) + NOT-FOR-US: AMD +CVE-2023-20525 (Insufficient syscall input validation in the ASP Bootloader may allow ...) + NOT-FOR-US: AMD +CVE-2023-20524 (An attacker with a compromised ASP could possibly send malformed comma ...) + NOT-FOR-US: AMD +CVE-2023-20523 (TOCTOU in the ASP may allow a physical attacker to write beyond the bu ...) + NOT-FOR-US: AMD +CVE-2023-20522 (Insufficient input validation in ASP may allow an attacker with a mali ...) + NOT-FOR-US: AMD +CVE-2023-20521 (TOCTOU in the ASP Bootloader may allow an attacker with physical acces ...) + NOT-FOR-US: AMD +CVE-2023-20520 (Improper access control settings in ASP Bootloader may allow an attack ...) + NOT-FOR-US: AMD +CVE-2023-20519 (A Use-After-Free vulnerability in the management of an SNP guest conte ...) + NOT-FOR-US: AMD +CVE-2023-20518 + RESERVED +CVE-2023-20517 + RESERVED +CVE-2023-20516 + RESERVED +CVE-2023-20515 + RESERVED +CVE-2023-20514 + RESERVED +CVE-2023-20513 + RESERVED +CVE-2023-20512 + RESERVED +CVE-2023-20511 + RESERVED +CVE-2023-20510 + RESERVED +CVE-2023-20509 + RESERVED +CVE-2023-20508 + RESERVED +CVE-2023-20507 + RESERVED +CVE-2023-20506 + RESERVED +CVE-2023-20505 + RESERVED +CVE-2023-20504 + RESERVED +CVE-2023-20503 + RESERVED +CVE-2023-20502 + RESERVED +CVE-2023-20501 + RESERVED +CVE-2023-20500 + RESERVED +CVE-2023-20499 + RESERVED +CVE-2023-20498 + RESERVED +CVE-2023-20497 + RESERVED +CVE-2023-20496 + RESERVED +CVE-2023-20495 + RESERVED +CVE-2023-20494 + RESERVED +CVE-2023-20493 + RESERVED +CVE-2023-20492 + RESERVED +CVE-2023-20491 + RESERVED +CVE-2023-20490 + RESERVED +CVE-2023-20489 + RESERVED +CVE-2023-20488 + RESERVED +CVE-2023-20487 + RESERVED +CVE-2023-20486 + RESERVED +CVE-2023-20485 + RESERVED +CVE-2023-20484 + RESERVED +CVE-2023-20483 + RESERVED +CVE-2023-20482 + RESERVED +CVE-2023-20481 + RESERVED +CVE-2023-20480 + RESERVED +CVE-2023-20479 + RESERVED +CVE-2023-20478 + RESERVED +CVE-2023-20477 + RESERVED +CVE-2023-20476 + RESERVED +CVE-2023-20475 + RESERVED +CVE-2023-20474 + RESERVED +CVE-2023-20473 + RESERVED +CVE-2023-20472 + RESERVED +CVE-2023-20471 + RESERVED + NOT-FOR-US: Android +CVE-2023-20470 + RESERVED +CVE-2023-20469 + RESERVED +CVE-2023-20468 + RESERVED +CVE-2023-20467 + RESERVED +CVE-2023-20466 + RESERVED +CVE-2023-20465 + RESERVED +CVE-2023-20464 + RESERVED +CVE-2023-20463 + RESERVED + NOT-FOR-US: Android +CVE-2023-20462 + RESERVED +CVE-2023-20461 + RESERVED +CVE-2023-20460 + RESERVED +CVE-2023-20459 + RESERVED +CVE-2023-20458 + RESERVED +CVE-2023-20457 + RESERVED +CVE-2023-20456 + RESERVED +CVE-2023-20455 + RESERVED +CVE-2023-20454 + RESERVED +CVE-2023-20453 + RESERVED +CVE-2023-20452 + RESERVED +CVE-2023-20451 + RESERVED +CVE-2023-20450 + RESERVED +CVE-2023-20449 + RESERVED +CVE-2023-20448 + RESERVED +CVE-2023-20447 + RESERVED +CVE-2023-20446 + RESERVED +CVE-2023-20445 + RESERVED +CVE-2023-20444 + RESERVED +CVE-2023-20443 + RESERVED +CVE-2023-20442 + RESERVED +CVE-2023-20441 + RESERVED +CVE-2023-20440 + RESERVED +CVE-2023-20439 + RESERVED +CVE-2023-20438 + RESERVED +CVE-2023-20437 + RESERVED +CVE-2023-20436 + RESERVED +CVE-2023-20435 + RESERVED +CVE-2023-20434 + RESERVED +CVE-2023-20433 + RESERVED +CVE-2023-20432 + RESERVED +CVE-2023-20431 + RESERVED +CVE-2023-20430 + RESERVED +CVE-2023-20429 + RESERVED +CVE-2023-20428 + RESERVED +CVE-2023-20427 + RESERVED +CVE-2023-20426 + RESERVED +CVE-2023-20425 + RESERVED +CVE-2023-20424 + RESERVED +CVE-2023-20423 + RESERVED +CVE-2023-20422 + RESERVED +CVE-2023-20421 + RESERVED +CVE-2023-20420 + RESERVED +CVE-2023-20419 + RESERVED +CVE-2023-20418 + RESERVED +CVE-2023-20417 + RESERVED +CVE-2023-20416 + RESERVED +CVE-2023-20415 + RESERVED +CVE-2023-20414 + RESERVED +CVE-2023-20413 + RESERVED +CVE-2023-20412 + RESERVED +CVE-2023-20411 + RESERVED +CVE-2023-20410 + RESERVED +CVE-2023-20409 + RESERVED +CVE-2023-20408 + RESERVED +CVE-2023-20407 + RESERVED +CVE-2023-20406 + RESERVED +CVE-2023-20405 + RESERVED +CVE-2023-20404 + RESERVED +CVE-2023-20403 + RESERVED +CVE-2023-20402 + RESERVED +CVE-2023-20401 + RESERVED +CVE-2023-20400 + RESERVED +CVE-2023-20399 + RESERVED +CVE-2023-20398 + RESERVED +CVE-2023-20397 + RESERVED +CVE-2023-20396 + RESERVED +CVE-2023-20395 + RESERVED +CVE-2023-20394 + RESERVED +CVE-2023-20393 + RESERVED +CVE-2023-20392 + RESERVED +CVE-2023-20391 + RESERVED +CVE-2023-20390 + RESERVED +CVE-2023-20389 + RESERVED +CVE-2023-20388 + RESERVED +CVE-2023-20387 + RESERVED +CVE-2023-20386 + RESERVED +CVE-2023-20385 + RESERVED +CVE-2023-20384 + RESERVED +CVE-2023-20383 + RESERVED +CVE-2023-20382 + RESERVED +CVE-2023-20381 + RESERVED +CVE-2023-20380 + RESERVED +CVE-2023-20379 + RESERVED +CVE-2023-20378 + RESERVED +CVE-2023-20377 + RESERVED +CVE-2023-20376 + RESERVED +CVE-2023-20375 + RESERVED +CVE-2023-20374 + RESERVED +CVE-2023-20373 + RESERVED +CVE-2023-20372 + RESERVED +CVE-2023-20371 + RESERVED +CVE-2023-20370 + RESERVED +CVE-2023-20369 + RESERVED +CVE-2023-20368 + RESERVED +CVE-2023-20367 + RESERVED +CVE-2023-20366 + RESERVED +CVE-2023-20365 + RESERVED +CVE-2023-20364 + RESERVED +CVE-2023-20363 + RESERVED +CVE-2023-20362 + RESERVED +CVE-2023-20361 + RESERVED +CVE-2023-20360 + RESERVED +CVE-2023-20359 + RESERVED +CVE-2023-20358 + RESERVED +CVE-2023-20357 + RESERVED +CVE-2023-20356 + RESERVED +CVE-2023-20355 + RESERVED +CVE-2023-20354 + RESERVED +CVE-2023-20353 + RESERVED +CVE-2023-20352 + RESERVED +CVE-2023-20351 + RESERVED +CVE-2023-20350 + RESERVED +CVE-2023-20349 + RESERVED +CVE-2023-20348 + RESERVED +CVE-2023-20347 + RESERVED +CVE-2023-20346 + RESERVED +CVE-2023-20345 + RESERVED +CVE-2023-20344 + RESERVED +CVE-2023-20343 + RESERVED +CVE-2023-20342 + RESERVED +CVE-2023-20341 + RESERVED +CVE-2023-20340 + RESERVED +CVE-2023-20339 + RESERVED +CVE-2023-20338 + RESERVED +CVE-2023-20337 + RESERVED +CVE-2023-20336 + RESERVED +CVE-2023-20335 + RESERVED +CVE-2023-20334 + RESERVED +CVE-2023-20333 + RESERVED +CVE-2023-20332 + RESERVED +CVE-2023-20331 + RESERVED +CVE-2023-20330 + RESERVED +CVE-2023-20329 + RESERVED +CVE-2023-20328 + RESERVED +CVE-2023-20327 + RESERVED +CVE-2023-20326 + RESERVED +CVE-2023-20325 + RESERVED +CVE-2023-20324 + RESERVED +CVE-2023-20323 + RESERVED +CVE-2023-20322 + RESERVED +CVE-2023-20321 + RESERVED +CVE-2023-20320 + RESERVED +CVE-2023-20319 + RESERVED +CVE-2023-20318 + RESERVED +CVE-2023-20317 + RESERVED +CVE-2023-20316 + RESERVED +CVE-2023-20315 + RESERVED +CVE-2023-20314 + RESERVED +CVE-2023-20313 + RESERVED +CVE-2023-20312 + RESERVED +CVE-2023-20311 + RESERVED +CVE-2023-20310 + RESERVED +CVE-2023-20309 + RESERVED +CVE-2023-20308 + RESERVED +CVE-2023-20307 + RESERVED +CVE-2023-20306 + RESERVED +CVE-2023-20305 + RESERVED +CVE-2023-20304 + RESERVED +CVE-2023-20303 + RESERVED +CVE-2023-20302 + RESERVED +CVE-2023-20301 + RESERVED +CVE-2023-20300 + RESERVED +CVE-2023-20299 + RESERVED +CVE-2023-20298 + RESERVED +CVE-2023-20297 + RESERVED +CVE-2023-20296 + RESERVED +CVE-2023-20295 + RESERVED +CVE-2023-20294 + RESERVED +CVE-2023-20293 + RESERVED +CVE-2023-20292 + RESERVED +CVE-2023-20291 + RESERVED +CVE-2023-20290 + RESERVED +CVE-2023-20289 + RESERVED +CVE-2023-20288 + RESERVED +CVE-2023-20287 + RESERVED +CVE-2023-20286 + RESERVED +CVE-2023-20285 + RESERVED +CVE-2023-20284 + RESERVED +CVE-2023-20283 + RESERVED +CVE-2023-20282 + RESERVED +CVE-2023-20281 + RESERVED +CVE-2023-20280 + RESERVED +CVE-2023-20279 + RESERVED +CVE-2023-20278 + RESERVED +CVE-2023-20277 + RESERVED +CVE-2023-20276 + RESERVED +CVE-2023-20275 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...) + NOT-FOR-US: Cisco +CVE-2023-20274 (A vulnerability in the installer script of Cisco AppDynamics PHP Agent ...) + NOT-FOR-US: Cisco +CVE-2023-20273 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) + NOT-FOR-US: Cisco +CVE-2023-20272 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2023-20271 + RESERVED +CVE-2023-20270 (A vulnerability in the interaction between the Server Message Block (S ...) + NOT-FOR-US: Cisco +CVE-2023-20269 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...) + NOT-FOR-US: Cisco +CVE-2023-20268 (A vulnerability in the packet processing functionality of Cisco access ...) + NOT-FOR-US: Cisco +CVE-2023-20267 (A vulnerability in the IP geolocation rules of Snort 3 could allow an ...) + NOT-FOR-US: Cisco +CVE-2023-20266 (A vulnerability in Cisco Emergency Responder, Cisco Unified Communicat ...) + NOT-FOR-US: Cisco +CVE-2023-20265 (A vulnerability in the web-based management interface of a small subse ...) + NOT-FOR-US: Cisco +CVE-2023-20264 (A vulnerability in the implementation of Security Assertion Markup Lan ...) + NOT-FOR-US: Cisco +CVE-2023-20263 (A vulnerability in the web-based management interface of Cisco HyperFl ...) + NOT-FOR-US: Cisco +CVE-2023-20262 (A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager co ...) + NOT-FOR-US: Cisco +CVE-2023-20261 (A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could a ...) + NOT-FOR-US: Cisco +CVE-2023-20260 + RESERVED +CVE-2023-20259 (A vulnerability in an API endpoint of multiple Cisco Unified Communica ...) + NOT-FOR-US: Cisco +CVE-2023-20258 + RESERVED +CVE-2023-20257 + RESERVED +CVE-2023-20256 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) + NOT-FOR-US: Cisco +CVE-2023-20255 (A vulnerability in an API of the Web Bridge feature of Cisco Meeting S ...) + NOT-FOR-US: Cisco +CVE-2023-20254 (A vulnerability in the session management system of the Cisco Catalyst ...) + NOT-FOR-US: Cisco +CVE-2023-20253 (A vulnerability in the command line interface (cli) management interfa ...) + NOT-FOR-US: Cisco +CVE-2023-20252 (A vulnerability in the Security Assertion Markup Language (SAML) APIs ...) + NOT-FOR-US: Cisco +CVE-2023-20251 (A vulnerability in the memory buffer of Cisco Wireless LAN Controller ...) + NOT-FOR-US: Cisco +CVE-2023-20250 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20249 + RESERVED +CVE-2023-20248 + RESERVED +CVE-2023-20247 (A vulnerability in the remote access SSL VPN feature of Cisco Adaptive ...) + NOT-FOR-US: Cisco +CVE-2023-20246 (Multiple Cisco products are affected by a vulnerability in Snort acces ...) + - snort (Vulnerable code only in 3.x series) + NOTE: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-snort3acp-bypass-3bdR2BEh +CVE-2023-20245 (Multiple vulnerabilities in the per-user-override feature of Cisco Ada ...) + NOT-FOR-US: Cisco +CVE-2023-20244 (A vulnerability in the internal packet processing of Cisco Firepower T ...) + NOT-FOR-US: Cisco +CVE-2023-20243 (A vulnerability in the RADIUS message processing feature of Cisco Iden ...) + NOT-FOR-US: Cisco +CVE-2023-20242 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20241 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...) + NOT-FOR-US: Cisco +CVE-2023-20240 (Multiple vulnerabilities in Cisco Secure Client Software, formerly Any ...) + NOT-FOR-US: Cisco +CVE-2023-20239 + RESERVED +CVE-2023-20238 (A vulnerability in the single sign-on (SSO) implementation of Cisco Br ...) + NOT-FOR-US: Cisco +CVE-2023-20237 (A vulnerability in Cisco Intersight Virtual Appliance could allow an u ...) + NOT-FOR-US: Cisco +CVE-2023-20236 (A vulnerability in the iPXE boot function of Cisco IOS XR software cou ...) + NOT-FOR-US: Cisco +CVE-2023-20235 (A vulnerability in the on-device application development workflow feat ...) + NOT-FOR-US: Cisco +CVE-2023-20234 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) + NOT-FOR-US: Cisco FXOS Software +CVE-2023-20233 (A vulnerability in the Connectivity Fault Management (CFM) feature of ...) + NOT-FOR-US: Cisco +CVE-2023-20232 (A vulnerability in the Tomcat implementation for Cisco Unified Contact ...) + NOT-FOR-US: Cisco +CVE-2023-20231 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2023-20230 (A vulnerability in the restricted security domain implementation of Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20229 (A vulnerability in the CryptoService function of Cisco Duo Device Heal ...) + NOT-FOR-US: Cisco +CVE-2023-20228 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2023-20227 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20226 (A vulnerability in Application Quality of Experience (AppQoE) and Unif ...) + NOT-FOR-US: Cisco +CVE-2023-20225 + RESERVED +CVE-2023-20224 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...) + NOT-FOR-US: Cisco +CVE-2023-20223 (A vulnerability in Cisco DNA Center could allow an unauthenticated, re ...) + NOT-FOR-US: Cisco +CVE-2023-20222 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2023-20221 (A vulnerability in the web-based management interface of Cisco IP Phon ...) + NOT-FOR-US: Cisco +CVE-2023-20220 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20219 (Multiple vulnerabilities in the web management interface of Cisco Fire ...) + NOT-FOR-US: Cisco +CVE-2023-20218 (A vulnerability in web-based management interface of Cisco SPA500 Seri ...) + NOT-FOR-US: Cisco +CVE-2023-20217 (A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Vir ...) + NOT-FOR-US: Cisco +CVE-2023-20216 (A vulnerability in the privilege management functionality of all Cisco ...) + NOT-FOR-US: Cisco +CVE-2023-20215 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...) + NOT-FOR-US: Cisco +CVE-2023-20214 (A vulnerability in the request authentication validation for the REST ...) + NOT-FOR-US: Cisco +CVE-2023-20213 (A vulnerability in the CDP processing feature of Cisco ISE could allow ...) + NOT-FOR-US: Cisco +CVE-2023-20212 (A vulnerability in the AutoIt module of ClamAV could allow an unauthen ...) + - clamav 1.0.2+dfsg-1 (bug #1050057) + [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 + [bullseye] - clamav (only affects v1.0.0 and v1.0.1) + [buster] - clamav (only affects v1.0.0 and v1.0.1) + NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html +CVE-2023-20211 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20210 (A vulnerability in Cisco BroadWorks could allow an authenticated, loca ...) + NOT-FOR-US: Cisco +CVE-2023-20209 (A vulnerability in the web-based management interface of Cisco Express ...) + NOT-FOR-US: Cisco +CVE-2023-20208 (A vulnerability in the web-based management interface of Cisco ISE cou ...) + NOT-FOR-US: Cisco +CVE-2023-20207 (A vulnerability in the logging component of Cisco Duo Authentication P ...) + NOT-FOR-US: Cisco +CVE-2023-20206 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20205 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20204 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2023-20203 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20202 (A vulnerability in the Wireless Network Control daemon (wncd) of Cisco ...) + NOT-FOR-US: Cisco +CVE-2023-20201 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20200 (A vulnerability in the Simple Network Management Protocol (SNMP) servi ...) + NOT-FOR-US: Cisco +CVE-2023-20199 (A vulnerability in Cisco Duo Two-Factor Authentication for macOS could ...) + NOT-FOR-US: Cisco +CVE-2023-20198 (Cisco is providing an update for the ongoing investigation into observ ...) + NOT-FOR-US: Cisco +CVE-2023-20197 (A vulnerability in the filesystem image parser for Hierarchical File S ...) + {DLA-3544-1} + - clamav 1.0.2+dfsg-1 (bug #1050057) + [bookworm] - clamav 1.0.2+dfsg-1~deb12u1 + [bullseye] - clamav 0.103.9+dfsg-0+deb11u1 + NOTE: https://blog.clamav.net/2023/07/2023-08-16-releases.html +CVE-2023-20196 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...) + NOT-FOR-US: Cisco +CVE-2023-20195 (Two vulnerabilities in Cisco ISE could allow an authenticated, remote ...) + NOT-FOR-US: Cisco +CVE-2023-20194 (A vulnerability in the ERS API of Cisco ISE could allow an authenticat ...) + NOT-FOR-US: Cisco +CVE-2023-20193 (A vulnerability in the Embedded Service Router (ESR) of Cisco ISE coul ...) + NOT-FOR-US: Cisco +CVE-2023-20192 (Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePres ...) + NOT-FOR-US: Cisco +CVE-2023-20191 (A vulnerability in the access control list (ACL) processing on MPLS in ...) + NOT-FOR-US: Cisco +CVE-2023-20190 (A vulnerability in the classic access control list (ACL) compression f ...) + NOT-FOR-US: Cisco +CVE-2023-20189 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20188 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20187 (A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) featu ...) + NOT-FOR-US: Cisco +CVE-2023-20186 (A vulnerability in the Authentication, Authorization, and Accounting ( ...) + NOT-FOR-US: Cisco +CVE-2023-20185 (A vulnerability in the Cisco ACI Multi-Site CloudSec encryption featur ...) + NOT-FOR-US: Cisco +CVE-2023-20184 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) + NOT-FOR-US: Cisco +CVE-2023-20183 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) + NOT-FOR-US: Cisco +CVE-2023-20182 (Multiple vulnerabilities in the API of Cisco DNA Center Software could ...) + NOT-FOR-US: Cisco +CVE-2023-20181 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20180 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) + NOT-FOR-US: Cisco +CVE-2023-20179 (A vulnerability in the web-based management interface of Cisco Catalys ...) + NOT-FOR-US: Cisco +CVE-2023-20178 (A vulnerability in the client update process of Cisco AnyConnect Secur ...) + NOT-FOR-US: Cisco +CVE-2023-20177 (A vulnerability in the SSL file policy implementation of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2023-20176 (A vulnerability in the networking component of Cisco access point (AP) ...) + NOT-FOR-US: Cisco +CVE-2023-20175 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2023-20174 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20173 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20172 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20171 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20170 (A vulnerability in a specific Cisco ISE CLI command could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2023-20169 (A vulnerability in the Intermediate System-to-Intermediate System (IS- ...) + NOT-FOR-US: Cisco +CVE-2023-20168 (A vulnerability in TACACS+ and RADIUS remote authentication for Cisco ...) + NOT-FOR-US: Cisco +CVE-2023-20167 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20166 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20165 + RESERVED +CVE-2023-20164 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20163 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20162 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20161 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20160 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20159 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20158 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20157 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20156 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20155 (A vulnerability in a logging API in Cisco Firepower Management Center ...) + NOT-FOR-US: Cisco +CVE-2023-20154 + RESERVED +CVE-2023-20153 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2023-20152 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2023-20151 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20150 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20149 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20148 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20147 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20146 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20145 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20144 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20143 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20142 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20141 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20140 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20139 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20138 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20137 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20136 (A vulnerability in the OpenAPI of Cisco Secure Workload could allow an ...) + NOT-FOR-US: Cisco +CVE-2023-20135 (A vulnerability in Cisco IOS XR Software image verification checks cou ...) + NOT-FOR-US: Cisco +CVE-2023-20134 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) + NOT-FOR-US: Cisco +CVE-2023-20133 (A vulnerability in the web interface of Cisco Webex Meetings could all ...) + NOT-FOR-US: Cisco +CVE-2023-20132 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) + NOT-FOR-US: Cisco +CVE-2023-20131 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20130 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20129 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20128 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20127 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20126 (A vulnerability in the web-based management interface of Cisco SPA112 ...) + NOT-FOR-US: Cisco +CVE-2023-20125 + RESERVED +CVE-2023-20124 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20123 (A vulnerability in the offline access mode of Cisco Duo Two-Factor Aut ...) + NOT-FOR-US: Cisco +CVE-2023-20122 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...) + NOT-FOR-US: Cisco +CVE-2023-20121 (Multiple vulnerabilities in the restricted shell of Cisco Evolved Prog ...) + NOT-FOR-US: Cisco +CVE-2023-20120 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20119 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2023-20118 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20117 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20116 (A vulnerability in the Administrative XML Web Service (AXL) API of Cis ...) + NOT-FOR-US: Cisco +CVE-2023-20115 (A vulnerability in the SFTP server implementation for Cisco Nexus 3000 ...) + NOT-FOR-US: Cisco +CVE-2023-20114 (A vulnerability in the file download feature of Cisco Firepower Manage ...) + NOT-FOR-US: Cisco +CVE-2023-20113 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2023-20112 (A vulnerability in Cisco access point (AP) software could allow an una ...) + NOT-FOR-US: Cisco +CVE-2023-20111 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2023-20110 (A vulnerability in the web-based management interface of Cisco Smart S ...) + NOT-FOR-US: Cisco +CVE-2023-20109 (A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) f ...) + NOT-FOR-US: Cisco +CVE-2023-20108 (A vulnerability in the XCP Authentication Service of the Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20107 (A vulnerability in the deterministic random bit generator (DRBG), also ...) + NOT-FOR-US: Cisco +CVE-2023-20106 (Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could ...) + NOT-FOR-US: Cisco +CVE-2023-20105 (A vulnerability in the change password functionality of Cisco Expressw ...) + NOT-FOR-US: Cisco +CVE-2023-20104 (A vulnerability in the file upload functionality of Cisco Webex App fo ...) + NOT-FOR-US: Cisco +CVE-2023-20103 (A vulnerability in Cisco Secure Network Analytics could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2023-20102 (A vulnerability in the web-based management interface of Cisco Secure ...) + NOT-FOR-US: Cisco +CVE-2023-20101 (A vulnerability in Cisco Emergency Responder could allow an unauthenti ...) + NOT-FOR-US: Cisco +CVE-2023-20100 (A vulnerability in the access point (AP) joining process of the Contro ...) + NOT-FOR-US: Cisco +CVE-2023-20099 + RESERVED +CVE-2023-20098 (A vulnerability in the CLI of Cisco SDWAN vManage Software could allow ...) + NOT-FOR-US: Cisco +CVE-2023-20097 (A vulnerability in Cisco access points (AP) software could allow an au ...) + NOT-FOR-US: Cisco +CVE-2023-20096 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20095 (A vulnerability in the remote access VPN feature of Cisco Adaptive Sec ...) + NOT-FOR-US: Cisco +CVE-2023-20094 + RESERVED +CVE-2023-20093 + RESERVED +CVE-2023-20092 + RESERVED +CVE-2023-20091 + RESERVED +CVE-2023-20090 + RESERVED +CVE-2023-20089 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature fo ...) + NOT-FOR-US: Cisco +CVE-2023-20088 (A vulnerability in the nginx configurations that are provided as part ...) + NOT-FOR-US: Cisco +CVE-2023-20087 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20086 (A vulnerability in ICMPv6 processing of Cisco Adaptive Security Applia ...) + NOT-FOR-US: Cisco +CVE-2023-20085 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2023-20084 (A vulnerability in the endpoint software of Cisco Secure Endpoint for ...) + NOT-FOR-US: Cisco +CVE-2023-20083 (A vulnerability in ICMPv6 inspection when configured with the Snort 2 ...) + NOT-FOR-US: Cisco +CVE-2023-20082 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Serie ...) + NOT-FOR-US: Cisco +CVE-2023-20081 (A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adapt ...) + NOT-FOR-US: Cisco +CVE-2023-20080 (A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server f ...) + NOT-FOR-US: Cisco +CVE-2023-20079 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2023-20078 (Multiple vulnerabilities in the web-based management interface of cert ...) + NOT-FOR-US: Cisco +CVE-2023-20077 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20076 (A vulnerability in the Cisco IOx application hosting environment could ...) + NOT-FOR-US: Cisco +CVE-2023-20075 (Vulnerability in the CLI of Cisco Secure Email Gateway could allow an ...) + NOT-FOR-US: Cisco +CVE-2023-20074 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20073 (A vulnerability in the web-based management interface of Cisco RV340, ...) + NOT-FOR-US: Cisco +CVE-2023-20072 (A vulnerability in the fragmentation handling code of tunnel protocol ...) + NOT-FOR-US: Cisco +CVE-2023-20071 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) + NOT-FOR-US: Cisco +CVE-2023-20070 (A vulnerability in the TLS 1.3 implementation of the Cisco Firepower T ...) + NOT-FOR-US: Cisco +CVE-2023-20069 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2023-20068 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2023-20067 (A vulnerability in the HTTP-based client profiling feature of Cisco IO ...) + NOT-FOR-US: Cisco +CVE-2023-20066 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2023-20065 (A vulnerability in the Cisco IOx application hosting subsystem of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20064 (A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS X ...) + NOT-FOR-US: Cisco's use of GRUB +CVE-2023-20063 (A vulnerability in the inter-device communication mechanisms between d ...) + NOT-FOR-US: Cisco +CVE-2023-20062 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) + NOT-FOR-US: Cisco +CVE-2023-20061 (Multiple vulnerabilities in Cisco Unified Intelligence Center could al ...) + NOT-FOR-US: Cisco +CVE-2023-20060 + RESERVED +CVE-2023-20059 (A vulnerability in the implementation of the Cisco Network Plug-and-Pl ...) + NOT-FOR-US: Cisco +CVE-2023-20058 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20057 (A vulnerability in the URL filtering mechanism of Cisco AsyncOS Softwa ...) + NOT-FOR-US: Cisco +CVE-2023-20056 (A vulnerability in the management CLI of Cisco access point (AP) softw ...) + NOT-FOR-US: Cisco +CVE-2023-20055 (A vulnerability in the management API of Cisco DNA Center could allow ...) + NOT-FOR-US: Cisco +CVE-2023-20054 + RESERVED +CVE-2023-20053 (A vulnerability in the web-based management interface of Cisco Nexus D ...) + NOT-FOR-US: Cisco +CVE-2023-20052 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...) + {DLA-3328-1} + - clamav 1.0.1+dfsg-1 (bug #1031509) + [bullseye] - clamav 0.103.8+dfsg-0+deb11u1 + NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html +CVE-2023-20051 (A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet D ...) + NOT-FOR-US: Cisco +CVE-2023-20050 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) + NOT-FOR-US: Cisco +CVE-2023-20049 (A vulnerability in the bidirectional forwarding detection (BFD) hardwa ...) + NOT-FOR-US: Cisco +CVE-2023-20048 (A vulnerability in the web services interface of Cisco Firepower Manag ...) + NOT-FOR-US: Cisco +CVE-2023-20047 (A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of ...) + NOT-FOR-US: Cisco +CVE-2023-20046 (A vulnerability in the key-based SSH authentication feature of Cisco S ...) + NOT-FOR-US: Cisco +CVE-2023-20045 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20044 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...) + NOT-FOR-US: Cisco +CVE-2023-20043 (A vulnerability in Cisco CX Cloud Agent of could allow an authenticate ...) + NOT-FOR-US: Cisco +CVE-2023-20042 (A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Se ...) + NOT-FOR-US: Cisco +CVE-2023-20041 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20040 (A vulnerability in the NETCONF service of Cisco Network Services Orche ...) + NOT-FOR-US: Cisco +CVE-2023-20039 + RESERVED +CVE-2023-20038 (A vulnerability in the monitoring application of Cisco Industrial Netw ...) + NOT-FOR-US: Cisco +CVE-2023-20037 (A vulnerability in Cisco Industrial Network Director could allow an au ...) + NOT-FOR-US: Cisco +CVE-2023-20036 + RESERVED +CVE-2023-20035 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2023-20034 (Vulnerability in the Elasticsearch database used in the of Cisco SD-WA ...) + - elasticsearch +CVE-2023-20033 (A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and C ...) + NOT-FOR-US: Cisco +CVE-2023-20032 (On Feb 15, 2023, the following vulnerability in the ClamAV scanning li ...) + {DLA-3328-1} + - clamav 1.0.1+dfsg-1 (bug #1031509) + [bullseye] - clamav 0.103.8+dfsg-0+deb11u1 + NOTE: https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html + NOTE: https://github.com/google/security-research/security/advisories/GHSA-r6g3-3wqj-m3c8 +CVE-2023-20031 (A vulnerability in the SSL/TLS certificate handling of Snort 3 Detecti ...) + NOT-FOR-US: Cisco +CVE-2023-20030 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2023-20029 (A vulnerability in the Meraki onboarding feature of Cisco IOS XE Softw ...) + NOT-FOR-US: Cisco +CVE-2023-20028 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20027 (A vulnerability in the implementation of the IPv4 Virtual Fragmentatio ...) + NOT-FOR-US: Cisco +CVE-2023-20026 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20025 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20024 (Multiple vulnerabilities in the web-based user interface of certain Ci ...) + NOT-FOR-US: Cisco +CVE-2023-20023 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2023-20022 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2023-20021 (Multiple vulnerabilities in specific Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2023-20020 (A vulnerability in the Device Management Servlet application of Cisco ...) + NOT-FOR-US: Cisco +CVE-2023-20019 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2023-20018 (A vulnerability in the web-based management interface of Cisco IP Phon ...) + NOT-FOR-US: Cisco +CVE-2023-20017 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...) + NOT-FOR-US: Cisco +CVE-2023-20016 (A vulnerability in the backup configuration feature of Cisco UCS Manag ...) + NOT-FOR-US: Cisco +CVE-2023-20015 (A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firep ...) + NOT-FOR-US: Cisco +CVE-2023-20014 (A vulnerability in the DNS functionality of Cisco Nexus Dashboard Soft ...) + NOT-FOR-US: Cisco +CVE-2023-20013 (Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance ...) + NOT-FOR-US: Cisco +CVE-2023-20012 (A vulnerability in the CLI console login authentication of Cisco Nexus ...) + NOT-FOR-US: Cisco +CVE-2023-20011 (A vulnerability in the web-based management interface of Cisco Applica ...) + NOT-FOR-US: Cisco +CVE-2023-20010 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2023-20009 (A vulnerability in the Web UI and administrative CLI of the Cisco Secu ...) + NOT-FOR-US: Cisco +CVE-2023-20008 (A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Softwar ...) + NOT-FOR-US: Cisco +CVE-2023-20007 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2023-20006 (A vulnerability in the hardware-based SSL/TLS cryptography functionali ...) + NOT-FOR-US: Cisco +CVE-2023-20005 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2023-20004 + RESERVED +CVE-2023-20003 (A vulnerability in the social login configuration option for the guest ...) + NOT-FOR-US: Cisco +CVE-2023-20002 (A vulnerability in Cisco TelePresence CE and RoomOS Software could all ...) + NOT-FOR-US: Cisco +CVE-2023-20001 + RESERVED +CVE-2023-0010 (A reflected cross-site scripting (XSS) vulnerability in the Captive Po ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0009 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0008 (A file disclosure vulnerability in Palo Alto Networks PAN-OS software ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0007 (A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-O ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0006 (A local file deletion vulnerability in the Palo Alto Networks GlobalPr ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0005 (A vulnerability in Palo Alto Networks PAN-OS software enables an authe ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0004 (A local file deletion vulnerability in Palo Alto Networks PAN-OS softw ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0003 (A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0002 (A problem with a protection mechanism in the Palo Alto Networks Cortex ...) + NOT-FOR-US: Palo Alto Networks +CVE-2023-0001 (An information exposure vulnerability in the Palo Alto Networks Cortex ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-43958 (A vulnerability has been identified in QMS Automotive (All versions < ...) + NOT-FOR-US: QMS Automotive +CVE-2022-43957 + RESERVED +CVE-2022-43956 + RESERVED +CVE-2022-43955 (An improper neutralization of input during web page generation [CWE-79 ...) + NOT-FOR-US: Fortinet +CVE-2022-43954 (An insertion of sensitive information into log file vulnerability [CWE ...) + NOT-FOR-US: Fortinet +CVE-2022-43953 (A use of externally-controlled format string in Fortinet FortiOS versi ...) + NOT-FOR-US: Fortinet +CVE-2022-43952 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Fortinet +CVE-2022-43951 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortinet +CVE-2022-43950 (A URL redirection to untrusted site ('Open Redirect') vulnerability [C ...) + NOT-FOR-US: FortiGuard +CVE-2022-43949 (A use of a broken or risky cryptographic algorithm [CWE-327] in Forti ...) + NOT-FOR-US: Fortinet +CVE-2022-43948 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-43947 (Animproper restriction of excessive authentication attempts vulnerabil ...) + NOT-FOR-US: Fortinet +CVE-2022-43946 (Multiple vulnerabilities including an incorrect permission assignment ...) + NOT-FOR-US: Fortinet +CVE-2022-3727 + RESERVED +CVE-2022-3726 (Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3725 (Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allow ...) + - wireshark 4.0.0-1 + [bullseye] - wireshark (Vulnerable code not present) + [buster] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-07.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18378 +CVE-2022-3724 (Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 al ...) + - wireshark (Only affects Wireshark on Windows) + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-08.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18384 + NOTE: Crash only triggered on Windows +CVE-2022-3723 (Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a ...) + {DSA-5263-1} + - chromium 107.0.5304.87-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3722 + RESERVED +CVE-2022-3721 (Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.) + - froxlor (bug #581792) +CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3719 + REJECTED +CVE-2022-3718 + REJECTED +CVE-2022-3717 + REJECTED +CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Online Medicine Ordering System +CVE-2022-3715 (A flaw was found in the bash package, where a heap-buffer overflow can ...) + - bash 5.2-1 (bug #1030355) + [bullseye] - bash (Minor issue) + [buster] - bash (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126720 + NOTE: https://lists.gnu.org/archive/html/bug-bash/2022-08/msg00147.html + NOTE: Introduced by: http://git.savannah.gnu.org/cgit/bash.git/commit/?id=bdf37a2d4f0f052ffd15d36de3b3a5d28f357000 (5.1) +CVE-2022-3714 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Medicine Ordering System +CVE-2022-43945 (The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0 ...) + - linux 6.0.3-1 + NOTE: Merge: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f90497a16e434c2211c66e3de8e77b17868382b8 +CVE-2022-43944 + REJECTED +CVE-2022-43943 + REJECTED +CVE-2022-43942 + REJECTED +CVE-2022-43941 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi +CVE-2022-43940 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi +CVE-2022-43939 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi +CVE-2022-43938 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-43937 + RESERVED +CVE-2022-43936 + RESERVED +CVE-2022-43935 + RESERVED +CVE-2022-43934 + RESERVED +CVE-2022-43933 + RESERVED +CVE-2022-3713 (A code injection vulnerability allows adjacent attackers to execute co ...) + NOT-FOR-US: Sophos +CVE-2022-3712 + RESERVED +CVE-2022-3711 (A post-auth read-only SQL injection vulnerability allows users to read ...) + NOT-FOR-US: Sophos +CVE-2022-3710 (A post-auth read-only SQL injection vulnerability allows API clients t ...) + NOT-FOR-US: Sophos +CVE-2022-3709 (A stored XSS vulnerability allows admin to super-admin privilege escal ...) + NOT-FOR-US: Sophos +CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to Server-Side Requ ...) + NOT-FOR-US: Web Stories plugin for WordPress +CVE-2022-3707 (A double-free memory flaw was found in the Linux kernel. The Intel GVT ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.7-1 + [bullseye] - linux 5.10.178-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137979 + NOTE: https://lore.kernel.org/all/20221007013708.1946061-1-zyytlz.wz@163.com/ +CVE-2022-3706 (Improper authorization in GitLab CE/EE affecting all versions from 7.1 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-43932 (Improper neutralization of special elements in output used by a downst ...) + NOT-FOR-US: Synology +CVE-2022-43931 (Out-of-bounds write vulnerability in Remote Desktop Functionality in S ...) + NOT-FOR-US: Synology VPN Plus Server +CVE-2022-43930 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-43929 (IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to ...) + NOT-FOR-US: IBM +CVE-2022-43928 (The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a ...) + NOT-FOR-US: IBM +CVE-2022-43927 (IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-43926 + RESERVED +CVE-2022-43925 + RESERVED +CVE-2022-43924 + RESERVED +CVE-2022-43923 (IBM Maximo Application Suite 8.8.0 and 8.9.0 stores potentially sensit ...) + NOT-FOR-US: IBM +CVE-2022-43922 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...) + NOT-FOR-US: IBM +CVE-2022-43921 + RESERVED +CVE-2022-43920 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...) + NOT-FOR-US: IBM +CVE-2022-43919 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticat ...) + NOT-FOR-US: IBM +CVE-2022-43918 + RESERVED +CVE-2022-43917 (IBM WebSphere Application Server 8.5 and 9.0 traditional container use ...) + NOT-FOR-US: IBM +CVE-2022-43916 + RESERVED +CVE-2022-43915 + RESERVED +CVE-2022-43914 (IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2022-43913 + RESERVED +CVE-2022-43912 + RESERVED +CVE-2022-43911 + RESERVED +CVE-2022-43910 (IBM Security Guardium 11.3 could allow a local user to escalate their ...) + NOT-FOR-US: IBM +CVE-2022-43909 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2022-43908 (IBM Security Guardium 11.3 could allow an authenticated user to cause ...) + NOT-FOR-US: IBM +CVE-2022-43907 (IBM Security Guardium 11.4 could allow a remote authenticated attacker ...) + NOT-FOR-US: IBM +CVE-2022-43906 (IBM Security Guardium 11.5 could disclose sensitive information due to ...) + NOT-FOR-US: IBM +CVE-2022-43905 + RESERVED +CVE-2022-43904 (IBM Security Guardium 11.3 and 11.4 could disclose sensitive informati ...) + NOT-FOR-US: IBM +CVE-2022-43903 (IBM Security Guardium 10.6, 11.3, and 11.4 could allow an authenticate ...) + NOT-FOR-US: IBM +CVE-2022-43902 (IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial ...) + NOT-FOR-US: IBM +CVE-2022-43901 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 coul ...) + NOT-FOR-US: IBM +CVE-2022-43900 (IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 coul ...) + NOT-FOR-US: IBM +CVE-2022-43899 + RESERVED +CVE-2022-43898 + RESERVED +CVE-2022-43897 + RESERVED +CVE-2022-43896 + RESERVED +CVE-2022-43895 + RESERVED +CVE-2022-43894 + RESERVED +CVE-2022-43893 (IBM Security Verify Privilege On-Premises 11.5 could allow a privilege ...) + NOT-FOR-US: IBM +CVE-2022-43892 (IBM Security Verify Privilege On-Premises 11.5 does not validate, or i ...) + NOT-FOR-US: IBM +CVE-2022-43891 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) + NOT-FOR-US: IBM +CVE-2022-43890 + RESERVED +CVE-2022-43889 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...) + NOT-FOR-US: IBM +CVE-2022-43888 + RESERVED +CVE-2022-43887 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...) + NOT-FOR-US: IBM +CVE-2022-43886 + RESERVED +CVE-2022-43885 + RESERVED +CVE-2022-43884 + RESERVED +CVE-2022-43883 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to ...) + NOT-FOR-US: IBM +CVE-2022-43882 + RESERVED +CVE-2022-43881 + RESERVED +CVE-2022-43880 + RESERVED +CVE-2022-43879 + RESERVED +CVE-2022-43878 + RESERVED +CVE-2022-43877 (IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensi ...) + NOT-FOR-US: IBM +CVE-2022-43876 + RESERVED +CVE-2022-43875 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) + NOT-FOR-US: IBM +CVE-2022-43874 (IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2 ...) + NOT-FOR-US: IBM +CVE-2022-43873 (An authenticated user can exploit a vulnerability in the IBM Spectrum ...) + NOT-FOR-US: IBM +CVE-2022-43872 (IBM Financial Transaction Manager 3.2.4 authorization checks are done ...) + NOT-FOR-US: IBM +CVE-2022-43871 (IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2022-43870 (IBM Spectrum Virtualize 8.3, 8.4, and 8.5 could disclose SNMPv3 server ...) + NOT-FOR-US: IBM +CVE-2022-43869 (IBM Spectrum Scale (5.1.0.0 through 5.1.2.8 and 5.1.3.0 through 5.1.5. ...) + NOT-FOR-US: IBM +CVE-2022-43868 (IBM Security Verify Access OIDC Provider could disclose directory info ...) + NOT-FOR-US: IBM +CVE-2022-43867 (IBM Spectrum Scale 5.1.0.1 through 5.1.4.1 could allow a local attacke ...) + NOT-FOR-US: IBM +CVE-2022-43866 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2022-43865 + RESERVED +CVE-2022-43864 (IBM Business Automation Workflow 22.0.2 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2022-43863 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, all ...) + NOT-FOR-US: IBM +CVE-2022-43862 + RESERVED +CVE-2022-43861 + RESERVED +CVE-2022-43860 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) + NOT-FOR-US: IBM +CVE-2022-43859 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) + NOT-FOR-US: IBM +CVE-2022-43858 (IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated use ...) + NOT-FOR-US: IBM +CVE-2022-43857 (IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user ...) + NOT-FOR-US: IBM +CVE-2022-43856 + RESERVED +CVE-2022-43855 + RESERVED +CVE-2022-43854 + RESERVED +CVE-2022-43853 + RESERVED +CVE-2022-43852 + RESERVED +CVE-2022-43851 + RESERVED +CVE-2022-43850 + RESERVED +CVE-2022-43849 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-43848 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-43847 + RESERVED +CVE-2022-43846 + RESERVED +CVE-2022-43845 + RESERVED +CVE-2022-43844 (IBM Robotic Process Automation for Cloud Pak 20.12 through 21.0.3 is v ...) + NOT-FOR-US: IBM +CVE-2022-43843 (IBM Spectrum Scale 5.1.5.0 through 5.1.5.1 uses weaker than expected c ...) + NOT-FOR-US: IBM +CVE-2022-43842 + RESERVED +CVE-2022-43841 + RESERVED +CVE-2022-43840 + RESERVED +CVE-2022-43839 + RESERVED +CVE-2022-43838 + RESERVED +CVE-2022-43837 + RESERVED +CVE-2022-43836 + RESERVED +CVE-2022-43835 + RESERVED +CVE-2022-43834 + RESERVED +CVE-2022-43833 + RESERVED +CVE-2022-43832 + RESERVED +CVE-2022-43831 (IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1. ...) + NOT-FOR-US: IBM +CVE-2022-43830 + REJECTED +CVE-2022-43829 + REJECTED +CVE-2022-43828 + REJECTED +CVE-2022-43827 + REJECTED +CVE-2022-43826 + REJECTED +CVE-2022-43825 + REJECTED +CVE-2022-43824 + REJECTED +CVE-2022-43823 + REJECTED +CVE-2022-43822 + REJECTED +CVE-2022-43821 + REJECTED +CVE-2022-43820 + REJECTED +CVE-2022-43819 + REJECTED +CVE-2022-43818 + REJECTED +CVE-2022-43817 + REJECTED +CVE-2022-43816 + REJECTED +CVE-2022-43815 + REJECTED +CVE-2022-43814 + REJECTED +CVE-2022-43813 + REJECTED +CVE-2022-43812 + REJECTED +CVE-2022-43811 + REJECTED +CVE-2022-43810 + REJECTED +CVE-2022-43809 + REJECTED +CVE-2022-43808 + REJECTED +CVE-2022-43807 + REJECTED +CVE-2022-43806 + REJECTED +CVE-2022-43805 + REJECTED +CVE-2022-43804 + REJECTED +CVE-2022-43803 + REJECTED +CVE-2022-43802 + REJECTED +CVE-2022-43801 + REJECTED +CVE-2022-43800 + REJECTED +CVE-2022-43799 + REJECTED +CVE-2022-43798 + REJECTED +CVE-2022-43797 + REJECTED +CVE-2022-43796 + REJECTED +CVE-2022-43795 + REJECTED +CVE-2022-43794 + REJECTED +CVE-2022-43793 + REJECTED +CVE-2022-43792 + REJECTED +CVE-2022-43791 + REJECTED +CVE-2022-43790 + REJECTED +CVE-2022-43789 + REJECTED +CVE-2022-43788 + REJECTED +CVE-2022-43787 + REJECTED +CVE-2022-43786 + REJECTED +CVE-2022-43785 + REJECTED +CVE-2022-43784 + REJECTED +CVE-2022-43783 + REJECTED +CVE-2022-43782 (Affected versions of Atlassian Crowd allow an attacker to authenticate ...) + NOT-FOR-US: Atlassian +CVE-2022-43781 (There is a command injection vulnerability using environment variables ...) + NOT-FOR-US: Atlassian +CVE-2022-43780 (Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to ...) + NOT-FOR-US: HP +CVE-2022-43779 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) + NOT-FOR-US: HP +CVE-2022-43778 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-43777 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-43776 (The url parameter of the /api/geojson endpoint in Metabase versions <4 ...) + NOT-FOR-US: Metabase +CVE-2022-43775 (The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL ...) + NOT-FOR-US: Delta Electronics DIAEnergy +CVE-2022-43774 (The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contain ...) + NOT-FOR-US: Delta Electronics DIAEnergy +CVE-2022-43773 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-43772 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi +CVE-2022-43771 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.4. ...) + NOT-FOR-US: Hitachi +CVE-2022-43770 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...) + NOT-FOR-US: Hitachi +CVE-2022-43769 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-43768 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-43767 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-43766 (Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable ...) + NOT-FOR-US: Apache IoTDB +CVE-2022-43765 (B&R APROL versions < R 4.2-07 doesn\u2019t process correctly specially ...) + NOT-FOR-US: B&R APROL +CVE-2022-43764 (Insufficient validation of input parameters when changing configuratio ...) + NOT-FOR-US: B&R APROL +CVE-2022-43763 (Insufficient check of preconditions could lead to Denial of Service co ...) + NOT-FOR-US: B&R APROL +CVE-2022-43762 (Lack of verification in B&R APROL Tbase server versions< R 4.2-07 may ...) + NOT-FOR-US: B&R APROL +CVE-2022-43761 (Missing authentication when creating and managing the B&R APROL databa ...) + NOT-FOR-US: B&R APROL +CVE-2022-3705 (A vulnerability was found in vim and classified as problematic. Affect ...) + {DLA-3182-1} + - vim 2:9.0.0813-1 (unimportant) + NOTE: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731 (v9.0.0805) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3704 (A vulnerability classified as problematic has been found in Ruby on Ra ...) + - rails (bug #1024274; unimportant) + NOTE: https://github.com/rails/rails/commit/be177e4566747b73ff63fd5f529fab564e475ed4 + NOTE: https://github.com/rails/rails/issues/46244 + NOTE: https://github.com/rails/rails/issues/46244#issuecomment-1380875153 + NOTE: Considered only a bug withouth security impact by the rails team +CVE-2022-3703 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) +CVE-2022-3702 (A denial of service vulnerability was reported in Lenovo Vantage Hardw ...) + NOT-FOR-US: Lenovo +CVE-2022-3701 (A privilege elevation vulnerability was reported in the Lenovo Vantage ...) + NOT-FOR-US: Lenovo +CVE-2022-3700 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in the ...) + NOT-FOR-US: Lenovo +CVE-2022-3699 (A privilege escalation vulnerability was reported in the Lenovo Hardwa ...) + NOT-FOR-US: Lenovo +CVE-2022-3698 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) + NOT-FOR-US: Lenovo +CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when using th ...) + - ansible 7.0.0+dfsg-1 + [bullseye] - ansible (Minor issue) + [buster] - ansible (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664 + NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199 +CVE-2022-3696 (A post-auth code injection vulnerability allows admins to execute code ...) + NOT-FOR-US: Sophos +CVE-2022-3695 (Hitachi Vantara Pentaho Business Analytics Server prior to versions 9. ...) + NOT-FOR-US: Hitachi +CVE-2022-3694 (The Syncee WordPress plugin before 1.0.10 leaks the administrator toke ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3693 (Path Traversal vulnerability in Deytek Informatics FileOrbis File Mana ...) + NOT-FOR-US: FileOrbis +CVE-2022-3692 + REJECTED +CVE-2022-3691 (The DeepL Pro API translation plugin WordPress plugin before 1.7.5 dis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3690 (The Popup Maker WordPress plugin before 1.16.11 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3689 (The HTML Forms WordPress plugin before 1.3.25 does not properly proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3688 (The WPQA Builder WordPress plugin before 5.9 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43760 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Rancher +CVE-2022-43759 (A Improper Privilege Management vulnerability in SUSE Rancher, allows ...) + NOT-FOR-US: Rancher +CVE-2022-43758 (A Improper Neutralization of Special Elements used in an OS Command (' ...) + NOT-FOR-US: Rancher +CVE-2022-43757 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...) + NOT-FOR-US: Rancher +CVE-2022-43756 (A Improper Neutralization of Special Elements in Output Used by a Down ...) + NOT-FOR-US: Rancher +CVE-2022-43755 (A Insufficient Entropy vulnerability in SUSE Rancher allows attackers ...) + NOT-FOR-US: Rancher +CVE-2022-43754 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Uyuni +CVE-2022-43753 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) + NOT-FOR-US: Uyuni +CVE-2022-43752 (Oracle Solaris version 10 1/13, when using the Common Desktop Environm ...) + NOT-FOR-US: Oracle Solaris +CVE-2022-43751 (McAfee Total Protection prior to version 16.0.49 contains an uncontrol ...) + NOT-FOR-US: McAfee +CVE-2022-43750 (drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 ...) + {DLA-3245-1 DLA-3173-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 (6.1-rc1) +CVE-2022-43749 (Improper privilege management vulnerability in summary report manageme ...) + NOT-FOR-US: Synology +CVE-2022-43748 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-43747 (baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2 ...) + NOT-FOR-US: baramundi +CVE-2022-3687 + RESERVED +CVE-2022-3686 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...) + NOT-FOR-US: ABB SDM600 endpoint +CVE-2022-3685 (A vulnerability exists in the SDM600 software. The software operates a ...) + NOT-FOR-US: ABB SDM600 endpoint +CVE-2022-3684 (A vulnerability exists in a SDM600 endpoint. An attacker could exploit ...) + NOT-FOR-US: ABB SDM600 endpoint +CVE-2022-3683 (A vulnerability exists in the SDM600 API web services authorization va ...) + NOT-FOR-US: ABB SDM600 +CVE-2022-3682 (A vulnerability exists in the SDM600 file permission validation. An a ...) + NOT-FOR-US: ABB SDM600 +CVE-2022-3681 (A vulnerability has been identified in the MR2600 router v1.0.18 and e ...) + NOT-FOR-US: MR2600 router +CVE-2022-43746 + RESERVED +CVE-2022-43745 + RESERVED +CVE-2022-43744 + RESERVED +CVE-2022-43743 + RESERVED +CVE-2022-43742 + RESERVED +CVE-2022-43741 + RESERVED +CVE-2022-43740 (IBM Security Verify Access OIDC Provider could allow a remote user to ...) + NOT-FOR-US: IBM +CVE-2022-43739 + RESERVED +CVE-2022-43738 + RESERVED +CVE-2022-43737 + RESERVED +CVE-2022-43736 + RESERVED +CVE-2022-43735 + RESERVED +CVE-2022-43734 + RESERVED +CVE-2022-43733 + RESERVED +CVE-2022-43732 + RESERVED +CVE-2022-43731 + RESERVED +CVE-2022-43730 + RESERVED +CVE-2022-43729 + RESERVED +CVE-2022-43728 + RESERVED +CVE-2022-43727 + RESERVED +CVE-2022-43726 + RESERVED +CVE-2022-43725 + RESERVED +CVE-2022-43724 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) + NOT-FOR-US: Siemens +CVE-2022-43723 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) + NOT-FOR-US: Siemens +CVE-2022-43722 (A vulnerability has been identified in SICAM PAS/PQS (All versions < V ...) + NOT-FOR-US: Siemens +CVE-2022-43721 (An authenticated attacker with update datasets permission could change ...) + NOT-FOR-US: Apache Superset +CVE-2022-43720 (An authenticated attacker with write CSS template permissions can crea ...) + NOT-FOR-US: Apache Superset + NOTE: https://github.com/apache/superset/pull/21853 +CVE-2022-43719 (Two legacy REST API endpoints for approval and request access are vuln ...) + NOT-FOR-US: Apache Superset + NOTE: https://github.com/apache/superset/pull/22022 +CVE-2022-43718 (Upload data forms do not correctly render user input leading to possib ...) + NOT-FOR-US: Apache Superset +CVE-2022-43717 (Dashboard rendering does not sufficiently sanitize the content of mark ...) + NOT-FOR-US: Apache Superset + NOTE: https://github.com/apache/superset/pull/21895 +CVE-2022-43716 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-43715 + RESERVED +CVE-2022-43714 + RESERVED +CVE-2022-43713 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 ...) + NOT-FOR-US: GX Software XperienCentral +CVE-2022-43712 (POST requests to /web/mvc in GX Software XperienCentral version 10.36. ...) + NOT-FOR-US: GX Software XperienCentral +CVE-2022-43711 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 ...) + NOT-FOR-US: GX Software XperienCentral +CVE-2022-43710 (Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 ...) + NOT-FOR-US: GX Software XperienCentral +CVE-2022-43709 (MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users ...) + NOT-FOR-US: MyBB +CVE-2022-43708 (MyBB 1.8.31 has a (issue 2 of 2) cross-site scripting (XSS) vulnerabil ...) + NOT-FOR-US: MyBB +CVE-2022-43707 (MyBB 1.8.31 has a Cross-site scripting (XSS) vulnerability in the visu ...) + NOT-FOR-US: MyBB +CVE-2022-43706 (Cross-site scripting (XSS) vulnerability in the Web UI of StackStorm v ...) + NOT-FOR-US: StackStorm +CVE-2022-43705 (In Botan before 2.19.3, it is possible to forge OCSP responses due to ...) + - botan 2.19.3+dfsg-1 + [bullseye] - botan (Minor issue) + [buster] - botan (Minor issue) + NOTE: https://github.com/randombit/botan/security/advisories/GHSA-4v9w-qvcq-6q7w + NOTE: https://github.com/randombit/botan/commit/fd83d9e262f63fb673e4c13ca37e5b768e41e812 (2.19.3) + NOTE: https://github.com/randombit/botan/commit/4e35073ff356e37c3adcf1ff3522e9d0d48c765f (2.19.3) + NOTE: https://github.com/randombit/botan/commit/c2faa88b0281e5017be72e1c85d0c41f686e1928 (2.19.3) + NOTE: https://github.com/randombit/botan/commit/5d8d9fbf75c8b814ea609161bee525d520f5cb57 (2.19.3) + NOTE: https://github.com/randombit/botan/commit/1829ef9d89614da1eacdf511356bdf98a970f5f5 (2.19.3) + NOTE: https://github.com/randombit/botan/commit/991b0159282781f2d5c06ff42a9ff00ee563e96b (2.19.3) + NOTE: https://github.com/randombit/botan/commit/a33689613127f319c0047fb96f092de16e7cb350 (2.19.3) + NOTE: https://github.com/randombit/botan/commit/909c62717855402e04dbaf8ffc085f444d547aae (2.19.3) +CVE-2022-43704 (The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, a ...) + NOT-FOR-US: Sinilink XY-WFT1 WiFi Remote Thermostat +CVE-2022-43703 (An installer that loads or executes files using an unconstrained searc ...) + NOT-FOR-US: Arm +CVE-2022-43702 (When the directory containing the installer does not have sufficiently ...) + NOT-FOR-US: Arm +CVE-2022-43701 (When the installation directory does not have sufficiently restrictive ...) + NOT-FOR-US: Arm +CVE-2022-43700 + RESERVED +CVE-2022-43699 (OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account di ...) + NOT-FOR-US: OX App Suite +CVE-2022-43698 (OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 a ...) + NOT-FOR-US: OX App Suite +CVE-2022-43697 (OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking a ...) + NOT-FOR-US: OX App Suite +CVE-2022-43696 (OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.) + NOT-FOR-US: OX App Suite +CVE-2022-43695 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43694 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43693 (Concrete CMS is vulnerable to CSRF due to the lack of "State" paramete ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43692 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43691 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43690 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43689 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43688 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43687 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43686 (In Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 an ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43685 (CKAN through 2.9.6 account takeovers by unauthenticated users when an ...) + NOT-FOR-US: CKAN +CVE-2022-43684 (ServiceNow has released patches and an upgrade that address an Access ...) + NOT-FOR-US: ServiceNow +CVE-2022-43683 + RESERVED +CVE-2022-43682 + RESERVED +CVE-2022-43681 (An out-of-bounds read exists in the BGP daemon of FRRouting FRR throug ...) + {DLA-3573-1} + - frr 8.4.1-1 (bug #1035829) + [bullseye] - frr 7.5.1-1.1+deb11u2 + NOTE: https://github.com/FRRouting/frr/issues/13427 + NOTE: https://github.com/FRRouting/frr/issues/13480 + NOTE: https://github.com/FRRouting/frr/commit/6c4ca9812976596bf8b5226600269fc4031f1422 (frr-8.4) +CVE-2022-43680 (In libexpat through 2.4.9, there is a use-after free caused by overeag ...) + {DSA-5266-1 DLA-3165-1} + - expat 2.5.0-1 (bug #1022743) + NOTE: https://github.com/libexpat/libexpat/issues/649 + NOTE: https://github.com/libexpat/libexpat/pull/616 + NOTE: https://github.com/libexpat/libexpat/pull/650 + NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/5290462a7ea1278a8d5c0d5b2860d4e244f997e4 (R_2_5_0) + NOTE: Testcase: https://github.com/libexpat/libexpat/commit/43992e4ae25fc3dc0eec0cd3a29313555d56aee2 (R_2_5_0) +CVE-2022-43679 (The Docker image of ownCloud Server through 10.11 contains a misconfig ...) + NOT-FOR-US: Docker image of ownCloud Server +CVE-2022-43678 + RESERVED +CVE-2022-43677 (In free5GC 3.2.1, a malformed NGAP message can crash the AMF and NGAP ...) + NOT-FOR-US: free5GC +CVE-2022-43676 + RESERVED +CVE-2022-43675 + RESERVED +CVE-2022-43674 + RESERVED +CVE-2022-43673 (Wire through 3.22.3993 on Windows advertises deletion of sent messages ...) + NOT-FOR-US: Wire +CVE-2022-43672 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-43671 (Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 571 ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-43670 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Apache Sling +CVE-2022-43667 (Stack-based buffer overflow vulnerability exists in CX-Programmer v.9. ...) + NOT-FOR-US: CX-Programmer +CVE-2022-43509 (Out-of-bounds write vulnerability exists in CX-Programmer v.9.77 and e ...) + NOT-FOR-US: CX-Programmer +CVE-2022-43508 (Use-after free vulnerability exists in CX-Programmer v.9.77 and earlie ...) + NOT-FOR-US: CX-Programmer +CVE-2022-43504 (Improper authentication vulnerability in WordPress versions prior to 6 ...) + {DSA-5279-1} + - wordpress 6.0.3+dfsg1-1 (bug #1022575) + [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 + NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ + NOTE: Fixed by: https://core.trac.wordpress.org/changeset/54531 (6.0) + NOTE: Follow-up: https://core.trac.wordpress.org/changeset/54533 (6.0) +CVE-2022-43500 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...) + {DSA-5279-1} + - wordpress 6.0.3+dfsg1-1 (bug #1022575) + [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 + NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ +CVE-2022-43497 (Cross-site scripting vulnerability in WordPress versions prior to 6.0. ...) + {DSA-5279-1} + - wordpress 6.0.3+dfsg1-1 (bug #1022575) + [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 + NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ +CVE-2022-43487 (Cross-site scripting vulnerability in Salon booking system versions pr ...) + NOT-FOR-US: Salon booking system +CVE-2022-43484 (TERASOLUNA Global Framework 1.0.0 (Public review version) and TERASOLU ...) + NOT-FOR-US: TERASOLUNA +CVE-2022-43470 (Cross-site request forgery (CSRF) vulnerability in +F FS040U software ...) + NOT-FOR-US: +F software +CVE-2022-43442 (Plaintext storage of a password vulnerability exists in +F FS040U soft ...) + NOT-FOR-US: +F software +CVE-2022-42486 (Stored cross-site scripting vulnerability in User group management of ...) + NOT-FOR-US: baserCMS +CVE-2022-41994 (Stored cross-site scripting vulnerability in Permission Settings of ba ...) + NOT-FOR-US: baserCMS +CVE-2022-41830 (Stored cross-site scripting vulnerability in Kyocera Document Solution ...) + NOT-FOR-US: Kyocera Document Solutions +CVE-2022-41807 (Missing authorization vulnerability exists in Kyocera Document Solutio ...) + NOT-FOR-US: Kyocera Document Solutions +CVE-2022-41798 (Session information easily guessable vulnerability exists in Kyocera D ...) + NOT-FOR-US: Kyocera Document Solutions +CVE-2022-3680 + REJECTED +CVE-2022-3679 (The Starter Templates by Kadence WP WordPress plugin before 1.2.17 uns ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3678 + REJECTED +CVE-2022-3677 (The Advanced Import WordPress plugin before 1.3.8 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3676 (In Eclipse Openj9 before version 0.35.0, interface calls can be inline ...) + NOT-FOR-US: Eclipse Openj9 +CVE-2022-3675 (Fedora CoreOS supports setting a GRUB bootloader password using a Buta ...) + NOT-FOR-US: Fedora CoreOS grub-password feature +CVE-2022-3674 (A vulnerability has been found in SourceCodester Sanitization Manageme ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-3673 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-3672 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-3671 (A vulnerability classified as critical was found in SourceCodester eLe ...) + NOT-FOR-US: SourceCodester eLearning System +CVE-2022-3670 (A vulnerability was found in Axiomatic Bento4. It has been classified ...) + NOT-FOR-US: Bento4 +CVE-2022-3669 (A vulnerability was found in Axiomatic Bento4 and classified as proble ...) + NOT-FOR-US: Bento4 +CVE-2022-3668 (A vulnerability has been found in Axiomatic Bento4 and classified as p ...) + NOT-FOR-US: Bento4 +CVE-2022-3667 (A vulnerability, which was classified as critical, was found in Axioma ...) + NOT-FOR-US: Bento4 +CVE-2022-3666 (A vulnerability, which was classified as critical, has been found in A ...) + NOT-FOR-US: Bento4 +CVE-2022-3665 (A vulnerability classified as critical was found in Axiomatic Bento4. ...) + NOT-FOR-US: Bento4 +CVE-2022-3664 (A vulnerability classified as critical has been found in Axiomatic Ben ...) + NOT-FOR-US: Bento4 +CVE-2022-3663 (A vulnerability was found in Axiomatic Bento4. It has been rated as pr ...) + NOT-FOR-US: Bento4 +CVE-2022-3662 (A vulnerability was found in Axiomatic Bento4. It has been declared as ...) + NOT-FOR-US: Bento4 +CVE-2021-46850 (myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel befor ...) + NOT-FOR-US: myVesta Control Panel +CVE-2021-46849 + REJECTED +CVE-2021-46848 (GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check ...) + {DLA-3263-1} + - libtasn1-6 4.19.0-2 + [bullseye] - libtasn1-6 4.16.0-2+deb11u1 + NOTE: https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5 (v4.19.0) + NOTE: https://gitlab.com/gnutls/libtasn1/-/issues/32 +CVE-2021-46847 + RESERVED +CVE-2022-43657 + RESERVED +CVE-2022-43656 + RESERVED +CVE-2022-43655 + RESERVED +CVE-2022-43654 + RESERVED +CVE-2022-43653 + RESERVED +CVE-2022-43652 + RESERVED +CVE-2022-43651 + RESERVED +CVE-2022-43650 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: RARLAB WinRAR +CVE-2022-43649 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43648 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43647 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43646 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43645 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43644 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43643 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43642 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43641 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43640 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43637 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-43636 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: TP-Link +CVE-2022-43635 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: TP-Link +CVE-2022-43634 (This vulnerability allows remote attackers to execute arbitrary code o ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.15~ds-1 (bug #1034170) + NOTE: https://github.com/Netatalk/Netatalk/pull/186 + NOTE: https://github.com/advisories/GHSA-fwj9-7qq8-jc93 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-094/ + NOTE: https://github.com/Netatalk/netatalk/commit/5fcb4ab02aced14484310165b3d754bb2f0820ca + NOTE: https://github.com/Netatalk/netatalk/commit/e6a9ce5b8145d0b39851fbf80916035a714e9d59 (netatalk-3-1-15) +CVE-2022-43633 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43632 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43630 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43629 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43628 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43627 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43626 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43625 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43624 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43623 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43622 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43621 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2022-43620 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2022-43619 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-43618 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43617 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43616 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43615 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43612 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43611 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43610 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Corel CorelDRAW Graphics Suite +CVE-2022-43609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: IronCAD +CVE-2022-43608 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Canon +CVE-2022-3661 (Insufficient data validation in Extensions in Google Chrome prior to 1 ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3660 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3659 (Use after free in Accessibility in Google Chrome on Chrome OS prior to ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3658 (Use after free in Feedback service on Chrome OS in Google Chrome on Ch ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3657 (Use after free in Extensions in Google Chrome prior to 107.0.5304.62 a ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3656 (Insufficient data validation in File System in Google Chrome prior to ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3655 (Heap buffer overflow in Media Galleries in Google Chrome prior to 107. ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3654 (Use after free in Layout in Google Chrome prior to 107.0.5304.62 allow ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3653 (Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3652 (Type confusion in V8 in Google Chrome prior to 107.0.5304.62 allowed a ...) + {DSA-5261-1} + - chromium 107.0.5304.68-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3651 + RESERVED +CVE-2022-3650 (A privilege escalation flaw was found in Ceph. Ceph-crash.service allo ...) + - ceph 16.2.10+ds-4 (bug #1024932) + [bullseye] - ceph (Minor issue) + [buster] - ceph (ceph-crash service added in Ceph 14) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/1 + NOTE: https://tracker.ceph.com/issues/57967 + NOTE: https://github.com/ceph/ceph/pull/48713 + NOTE: https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439 (main) + NOTE: https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382 (main) + NOTE: Backport to Pacific: https://github.com/ceph/ceph/pull/48804 + NOTE: Backport to Quincy: https://github.com/ceph/ceph/pull/48805 +CVE-2022-3649 (A vulnerability was found in Linux Kernel. It has been classified as p ...) + {DLA-3245-1 DLA-3173-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://git.kernel.org/linus/d325dc6eb763c10f591c239550b8c7e5466a5d09 +CVE-2022-43607 (An out-of-bounds write vulnerability exists in the MOL2 format attribu ...) + - openbabel + [bookworm] - openbabel (Minor issue) + [bullseye] - openbabel (Minor issue) + [buster] - openbabel (Minor issue, no upstream patch yet) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1664 +CVE-2022-43606 (A use-of-uninitialized-pointer vulnerability exists in the Forward Ope ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2022-43605 (An out-of-bounds write vulnerability exists in the SetAttributeList at ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2022-43604 (An out-of-bounds write vulnerability exists in the GetAttributeList at ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2022-43603 (A denial of service vulnerability exists in the ZfileOutput::close() f ...) + {DSA-5384-1 DLA-3382-1} + [experimental] - openimageio 2.4.7.1+dfsg-1 + - openimageio 2.4.7.1+dfsg-2 (bug #1027808) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1657 + NOTE: https://github.com/OpenImageIO/oiio/pull/3670 +CVE-2022-43602 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43601 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43600 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43599 (Multiple code execution vulnerabilities exist in the IFFOutput::close( ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1656 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43598 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43597 (Multiple memory corruption vulnerabilities exist in the IFFOutput alig ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1655 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43596 (An information disclosure vulnerability exists in the IFFOutput channe ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1654 + NOTE: https://github.com/OpenImageIO/oiio/pull/3676 +CVE-2022-43595 (Multiple denial of service vulnerabilities exist in the image output c ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 + NOTE: https://github.com/OpenImageIO/oiio/pull/3673 +CVE-2022-43594 (Multiple denial of service vulnerabilities exist in the image output c ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1653 + NOTE: https://github.com/OpenImageIO/oiio/pull/3673 +CVE-2022-43593 (A denial of service vulnerability exists in the DPXOutput::close() fun ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1652 + NOTE: https://github.com/OpenImageIO/oiio/pull/3672 +CVE-2022-43592 (An information disclosure vulnerability exists in the DPXOutput::close ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1651 + NOTE: https://github.com/OpenImageIO/oiio/pull/3672 +CVE-2022-43591 (A buffer overflow vulnerability exists in the QML QtScript Reflect API ...) + - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant) + - qtdeclarative-opensource-src (unimportant) + - qtdeclarative-opensource-src-gles (unimportant) + NOTE: Not considered a security issue, QML only supported from a trusted source + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650 + NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos + NOTE: https://bugreports.qt.io/browse/QTBUG-107619 + NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437789 +CVE-2022-43590 (A null pointer dereference vulnerability exists in the handle_ioctl_0x ...) + NOT-FOR-US: Callback technologies CBFS Filter +CVE-2022-43589 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...) + NOT-FOR-US: Callback technologies CBFS Filter +CVE-2022-43588 (A null pointer dereference vulnerability exists in the handle_ioctl_83 ...) + NOT-FOR-US: Callback technologies CBFS Filter +CVE-2022-43587 + REJECTED +CVE-2022-43586 + REJECTED +CVE-2022-43585 + REJECTED +CVE-2022-43584 + REJECTED +CVE-2022-43583 + REJECTED +CVE-2022-43582 + RESERVED +CVE-2022-43581 (IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, ...) + NOT-FOR-US: IBM +CVE-2022-43580 + RESERVED +CVE-2022-43579 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) + NOT-FOR-US: IBM +CVE-2022-43578 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) + NOT-FOR-US: IBM +CVE-2022-43577 + RESERVED +CVE-2022-43576 + RESERVED +CVE-2022-43575 + RESERVED +CVE-2022-43574 ("IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21 ...) + NOT-FOR-US: IBM +CVE-2022-43573 (IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to e ...) + NOT-FOR-US: IBM +CVE-2022-43572 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, sending ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43571 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43570 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43569 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authe ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43568 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a View a ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43567 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43566 (In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authe ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43565 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43564 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43563 (In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43562 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk E ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43561 (In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-43560 + RESERVED +CVE-2022-43559 + RESERVED +CVE-2022-43558 + RESERVED +CVE-2022-43557 (The BD BodyGuard\u2122 infusion pumps specified allow for access throu ...) + NOT-FOR-US: BD BodyGuard +CVE-2022-43556 (Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9 ...) + NOT-FOR-US: Concrete CMS +CVE-2022-43555 (Ivanti Avalanche Printer Device Service Missing Authentication Local P ...) + NOT-FOR-US: Ivanti +CVE-2022-43554 (Ivanti Avalanche Smart Device Service Missing Authentication Local Pri ...) + NOT-FOR-US: Ivanti +CVE-2022-43553 (A remote code execution vulnerability in EdgeRouters (Version 2.0.9-ho ...) + NOT-FOR-US: EdgeRouters +CVE-2022-43552 (A use after free vulnerability exists in curl <7.87.0. Curl can be ask ...) + {DSA-5330-1 DLA-3288-1} + - curl 7.86.0-3 (bug #1026830) + NOTE: https://curl.se/docs/CVE-2022-43552.html + NOTE: Introduced by (telnet): https://github.com/curl/curl/commit/b7eeb6e67fca686f840eacd6b8394edb58b07482 (curl-7_16_0) + NOTE: Introduced by (smb): https://github.com/curl/curl/commit/aec2e865f06669b9cb5d26cc1148d70bc418b163 (curl-7_40_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 (curl-7_87_0) +CVE-2022-43551 (A vulnerability exists in curl <7.87.0 HSTS check that could be bypass ...) + - curl 7.86.0-3 (bug #1026829) + [bullseye] - curl (curl is not built with HSTS support) + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2022-43551.html + NOTE: Introduced by: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) + NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/9e71901634e276dd050481c4320f046bebb1bc28 (curl-7_87_0) +CVE-2022-43550 (A command injection vulnerability exists in Jitsi before commit 8aa7be ...) + - jitsi +CVE-2022-43549 (Improper authentication in Veeam Backup for Google Cloud v1.0 and v3.0 ...) + NOT-FOR-US: Veeam +CVE-2022-43548 (A OS Command Injection vulnerability exists in Node.js versions <14.21 ...) + {DSA-5326-1 DLA-3344-1} + - nodejs 18.12.1+dfsg-1 (bug #1023518) + NOTE: https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 + NOTE: https://hackerone.com/reports/1710652 + NOTE: Fixed by: https://github.com/nodejs/node/commit/2b433af094fb79cf80f086038b7f36342cb6826f (v14.x) +CVE-2022-43547 + RESERVED +CVE-2022-43546 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + NOT-FOR-US: Siemens +CVE-2022-43545 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + NOT-FOR-US: Siemens +CVE-2022-43542 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-43541 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-43540 (A vulnerability exists in the ClearPass OnGuard macOS agent that allow ...) + NOT-FOR-US: Aruba +CVE-2022-43539 (A vulnerability exists in the ClearPass Policy Manager cluster communi ...) + NOT-FOR-US: Aruba +CVE-2022-43538 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-43537 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-43536 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-43535 (A vulnerability in the ClearPass OnGuard Windows agent could allow mal ...) + NOT-FOR-US: Aruba +CVE-2022-43534 (A vulnerability in the ClearPass OnGuard Linux agent could allow malic ...) + NOT-FOR-US: Aruba +CVE-2022-43533 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...) + NOT-FOR-US: Aruba +CVE-2022-43532 (A vulnerability in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-43531 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-43530 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-43529 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) + NOT-FOR-US: Aruba +CVE-2022-43528 (Under certain configurations, an attacker can login to Aruba EdgeConne ...) + NOT-FOR-US: Aruba +CVE-2022-43527 (Multiple vulnerabilities within the web-based management interface of ...) + NOT-FOR-US: Aruba +CVE-2022-43526 (Multiple vulnerabilities within the web-based management interface of ...) + NOT-FOR-US: Aruba +CVE-2022-43525 (Multiple vulnerabilities within the web-based management interface of ...) + NOT-FOR-US: Aruba +CVE-2022-43524 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) + NOT-FOR-US: Aruba +CVE-2022-43523 (Multiple vulnerabilities in the web-based management interface of Arub ...) + NOT-FOR-US: Aruba +CVE-2022-43522 (Multiple vulnerabilities in the web-based management interface of Arub ...) + NOT-FOR-US: Aruba +CVE-2022-43521 (Multiple vulnerabilities in the web-based management interface of Arub ...) + NOT-FOR-US: Aruba +CVE-2022-43520 (Multiple vulnerabilities in the web-based management interface of Arub ...) + NOT-FOR-US: Aruba +CVE-2022-43519 (Multiple vulnerabilities in the web-based management interface of Arub ...) + NOT-FOR-US: Aruba +CVE-2022-43518 (An authenticated path traversal vulnerability exists in the Aruba Edge ...) + NOT-FOR-US: Aruba +CVE-2022-43517 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...) + NOT-FOR-US: Siemens +CVE-2022-43516 (A Firewall Rule which allows all incoming TCP connections to all progr ...) + - zabbix (Specific to Windows) +CVE-2022-43515 (Zabbix Frontend provides a feature that allows admins to maintain the ...) + {DLA-3538-1} + - zabbix 1:6.0.13+dfsg-1 (bug #1026847) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-22050 + NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa58889ba54b2350e211a5f315baabbaf7228045 (4.0.45rc1) + NOTE: Fixed by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e (5.0.30rc1) +CVE-2022-43514 (A vulnerability has been identified in Automation License Manager V5 ( ...) + NOT-FOR-US: Automation License Manager +CVE-2022-43513 (A vulnerability has been identified in Automation License Manager V5 ( ...) + NOT-FOR-US: Automation License Manager +CVE-2022-43499 (Stored cross-site scripting vulnerability in SHIRASAGI versions prior ...) + NOT-FOR-US: SHIRASAGI +CVE-2022-43492 (Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43491 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43490 (Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43488 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Dynamic Pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43482 (Missing Authorization vulnerability in Appointment Booking Calendar pl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43481 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Coupons fo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43480 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Magn ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43479 (Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a r ...) + NOT-FOR-US: SHIRASAGI +CVE-2022-43476 + RESERVED +CVE-2022-43472 + RESERVED +CVE-2022-43471 + RESERVED +CVE-2022-43469 (Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43463 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cust ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43462 (Auth. SQL Injection (SQLi) vulnerability inAdeel Ahmed'sIP Blacklist C ...) + NOT-FOR-US: Adeel Ahmed's IP Blacklist +CVE-2022-43461 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43459 (Cross-Site Request Forgery (CSRF) vulnerability in Forms by CaptainFor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43458 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43453 + RESERVED +CVE-2022-43450 (Authorization Bypass Through User-Controlled Key vulnerability in XWP ...) + TODO: check +CVE-2022-43445 + RESERVED +CVE-2022-43441 (A code execution vulnerability exists in the Statement Bindings functi ...) + {DSA-5373-1} + - node-sqlite3 5.1.5+ds1-1 + [buster] - node-sqlite3 (Vulnerable code not present) + NOTE: https://github.com/TryGhost/node-sqlite3/security/advisories/GHSA-jqv5-7xpx-qj74 + NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/edb1934dd222ae55632e120d8f64552d5191c781 (v5.1.5) +CVE-2022-43439 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + NOT-FOR-US: Siemens +CVE-2022-43438 (The Administrator function of EasyTest has an Incorrect Authorization ...) + NOT-FOR-US: EasyTest +CVE-2022-43437 (The Download function\u2019s parameter of EasyTest has insufficient va ...) + NOT-FOR-US: EasyTest +CVE-2022-43436 (The File Upload function of EasyTest has insufficient filtering for sp ...) + NOT-FOR-US: EasyTest +CVE-2022-42888 (Unauth. Privilege Escalation vulnerability inARMember premium plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42884 + RESERVED +CVE-2022-42883 (Sensitive Information Disclosure vulnerability discovered by Quiz And ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42882 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42880 (Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Uplo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42699 (Auth. Remote Code Execution vulnerability inEasy WP SMTP plugin <= 1.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42698 (Unauth. Arbitrary File Upload vulnerability in WordPress Api2Cart Brid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42497 (Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector pl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42494 (Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42485 (Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galax ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42479 + RESERVED +CVE-2022-42462 (Auth. Stored Cross-Site Scripting (XSS) vulnerability inAdeel Ahmed'sI ...) + NOT-FOR-US: Adeel Ahmed's IP Blacklist +CVE-2022-42461 (Broken Access Control vulnerability in miniOrange's Google Authenticat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42460 (Broken Access Control vulnerability leading to Stored Cross-Site Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42459 (Auth. WordPress Options Change vulnerability in Image Hover Effects Ul ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41996 (Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada p ...) + NOT-FOR-US: WordPress theme +CVE-2022-41995 + RESERVED +CVE-2022-41992 (A memory corruption vulnerability exists in the VHD File Format parsin ...) + NOT-FOR-US: PowerISO +CVE-2022-41990 + RESERVED +CVE-2022-41987 (Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes Badge ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41980 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mantenimien ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41978 (Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41840 (Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41839 (Broken Access Control vulnerability in WordPress LoginPress plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41831 (Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett W ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41805 (Cross-Site Request Forgery (CSRF) vulnerability in Booster for WooComm ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41791 (Auth. (subscriber+) CSV Injection vulnerability in ProfileGrid plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41790 + RESERVED +CVE-2022-41788 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soleda ...) + NOT-FOR-US: WordPress theme +CVE-2022-41786 + RESERVED +CVE-2022-41785 (Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Gall ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41781 (Broken Access Control vulnerability in Permalink Manager Lite plugin < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41698 + RESERVED +CVE-2022-41695 + RESERVED +CVE-2022-41692 (Missing Authorization vulnerability in Appointment Hour Booking plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41685 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Viszt P\ ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41652 (Bypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41619 + RESERVED +CVE-2022-41554 (Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40968 (Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affil ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40963 (Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40698 (Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz A ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40695 (Multiple Cross-Site Scripting (CSRF) vulnerabilities in SEO Redirectio ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40692 (Cross-Site Request Forgery (CSRF) vulnerability inWP Sunshine Sunshine ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40687 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40686 (Cross-Site Request Forgery (CSRF) vulnerability in Creative Mail plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38971 (Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post For ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38716 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Moto ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38702 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38356 (Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Word ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38075 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3648 + RESERVED +CVE-2022-3647 (A vulnerability, which was classified as problematic, was found in Red ...) + - redis (unimportant) + NOTE: https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3 + NOTE: Crash inside the crash report when redis already crashed due to calling an invalid + NOTE: function pointer, negligible security impact +CVE-2022-3646 (A vulnerability, which was classified as problematic, has been found i ...) + {DLA-3245-1 DLA-3173-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://git.kernel.org/linus/d0d51a97063db4704a5ef6bc978dddab1636a306 (6.1-rc1) +CVE-2022-3645 + RESERVED +CVE-2022-3644 (The collection remote for pulp_ansible stores tokens in plaintext inst ...) + NOT-FOR-US: Pulp (Red Hat) +CVE-2022-3643 (Guests can trigger NIC interface reset/abort/crash via netback It is p ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.1.4-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://xenbits.xen.org/xsa/advisory-423.html + NOTE: https://git.kernel.org/linus/ad7f402ae4f466647c3a669b8a6f3e5d4271c84a +CVE-2022-3642 + REJECTED +CVE-2022-3641 (Elevation of privilege in the Azure SQL Data Source in Devolutions Rem ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-36401 (Cross-Site Request Forgery (CSRF) vulnerability inTeraWallet \u2013 Fo ...) + NOT-FOR-US: TeraWallet +CVE-2022-3640 (A vulnerability, which was classified as critical, was found in Linux ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.8-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/0d0e2d032811280b927650ff3c15fe5020e82533 +CVE-2022-3639 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3638 + REJECTED +CVE-2022-3637 (A vulnerability has been found in Linux Kernel and classified as probl ...) + - bluez (Vulnerable code introduced and fixed in between 5.64 and 5.65, no Debian release affected) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1d6cfb8e625a944010956714c1802bc1e1fc6c4f (5.65) + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=6f02010ce0043ec2e17eb15f2a1dd42f6c64e223 (5.65) +CVE-2022-3636 (A vulnerability, which was classified as critical, was found in Linux ...) + - linux (No vulnerable code in any upstream or Debian released version) + NOTE: https://git.kernel.org/linus/17a5f6a78dc7b8db385de346092d7d9f9dc24df6 +CVE-2022-3635 (A vulnerability, which was classified as critical, has been found in L ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/3f4093e2bf4673f218c0bf17d8362337c400e77b (6.0-rc1) +CVE-2022-3634 (The Contact Form 7 Database Addon WordPress plugin before 1.2.6.5 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3633 (A vulnerability classified as problematic has been found in Linux Kern ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/8c21c54a53ab21842f5050fa090f26b03c0313d6 (6.0-rc1) +CVE-2022-3632 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3631 (The OAuth Client by DigitialPixies WordPress plugin through 1.1.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3630 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fb24771faf72a2fd62b3b6287af3c610c3ec9cf1 (6.0-rc1) +CVE-2022-3629 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/7e97cfed9929eaabc41829c395eb0d1350fccb9d (6.0-rc1) +CVE-2022-3628 (A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.8-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/29/1 +CVE-2022-3627 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/411 +CVE-2022-3626 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemset in libtiff/tif ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/426 +CVE-2022-3625 (A vulnerability was found in Linux Kernel. It has been classified as c ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6b4db2e528f650c7fb712961aac36455468d5902 (6.0-rc1) +CVE-2022-3624 (A vulnerability was found in Linux Kernel and classified as problemati ...) + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4f5d33f4f798b1c6d92b613f0087f639d9836971 (6.0-rc1) +CVE-2022-3623 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) + {DSA-5324-1 DLA-3349-1} + - linux 6.0.3-1 + [buster] - linux (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/fac35ba763ed07ba93154c95ffc0c4a55023707f (6.1-rc1) +CVE-2022-3622 (The Blog2Social plugin for WordPress is vulnerable to authorization b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3621 (A vulnerability was found in Linux Kernel. It has been classified as p ...) + {DLA-3245-1 DLA-3173-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://git.kernel.org/linus/21a87d88c2253350e115029f14fe2a10a7e6c856 (6.1-rc1) +CVE-2022-3620 (A vulnerability was found in Exim and classified as problematic. This ...) + - exim4 4.96-7 (bug #1022556; unimportant) + [bullseye] - exim4 (Vulnerable code not present) + [buster] - exim4 (Vulnerable code not present) + NOTE: Introduced by: https://git.exim.org/exim.git/commit/92583637b25b6bde926f9ca6be7b085e5ac8b1e6 (exim-4.95-RC0) + NOTE: Fixed by: https://git.exim.org/exim.git/commit/12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 + NOTE: Debian binary packages not built with DMARC support +CVE-2022-3619 (A vulnerability has been found in Linux Kernel and classified as probl ...) + - linux 6.0.8-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7c9524d929648935bac2bbb4c20437df8f9c3f42 +CVE-2022-3618 (The Spacer WordPress plugin before 3.0.7 does not sanitize and escapes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3617 + RESERVED +CVE-2022-3616 (Attackers can create long chains of CAs that would lead to OctoRPKI ex ...) + - cfrpki 1.4.4-1 + [bullseye] - cfrpki (Minor issue) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-pmw9-567p-68pc +CVE-2022-3615 + RESERVED +CVE-2022-3614 (In affected versions of Octopus Deploy users of certain browsers using ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-3613 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3612 + RESERVED +CVE-2022-3611 (An information disclosure vulnerability has been identified in the Len ...) + NOT-FOR-US: Lenovo +CVE-2022-3610 (The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3609 (The GetYourGuide Ticketing WordPress plugin before 1.0.4 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3608 (Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpm ...) + NOT-FOR-US: phpmyfaq +CVE-2022-3607 (Failure to Sanitize Special Elements into a Different Plane (Special E ...) + - octoprint (bug #718591) +CVE-2022-3606 (A vulnerability was found in Linux Kernel. It has been classified as p ...) + - libbpf 1.1.0-1 (bug #1023717) + [bullseye] - libbpf (Minor issue) + NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/a3abae5122f30b83baebd4e4dd8ba4578a87cd4b (v0.2) + NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/3a3ef0c1d09e1894740db71cdcb7be0bfd713671 (v1.1.0) +CVE-2022-3605 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3604 + RESERVED +CVE-2022-3603 (The Export customers list csv for WooCommerce, WordPress users csv, ex ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3602 (A buffer overrun can be triggered in X.509 certificate verification, s ...) + - openssl 3.0.7-1 + [bullseye] - openssl (Only affects 3.0) + [buster] - openssl (Only affects 3.0) + NOTE: https://www.openssl.org/news/secadv/20221101.txt + NOTE: https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=fe3b639dc19b325846f4f6801f2f4604f56e3de3 (openssl-3.0.7) + NOTE: https://github.com/colmmacc/CVE-2022-3602 +CVE-2022-3601 (The Image Hover Effects Css3 WordPress plugin through 4.5 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3600 (The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3599 (LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection in tools ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/398 + NOTE: Same fix as for CVE-2022-4645, CVE-2023-30086 and CVE-2023-30774. + NOTE: The fix causes CVE-2023-2908. +CVE-2022-3598 (LibTIFF 4.4.0 has an out-of-bounds write in extractContigSamplesShifte ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/435 +CVE-2022-3597 (LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/236b7191f04c60d09ee836ae13b50f812c841047 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/413 +CVE-2021-46846 (Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integ ...) + NOT-FOR-US: HPE +CVE-2020-36607 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2016-20017 (D-Link DSL-2750B devices before 1.05 allow remote unauthenticated comm ...) + NOT-FOR-US: D-Link +CVE-2016-20016 (MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108 ...) + NOT-FOR-US: MVPower CCTV DVR models +CVE-2022-43435 (Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disable ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43434 (Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier progra ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43433 (Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disable ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43432 (Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically di ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43431 (Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43430 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43429 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43428 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implem ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43427 (Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43426 (Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SEC ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43425 (Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not esca ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43424 (Jenkins Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier impl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43423 (Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43422 (Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43421 (A missing permission check in Jenkins Tuleap Git Branch Source Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43420 (Jenkins Contrast Continuous Application Security Plugin 3.9 and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43419 (Jenkins Katalon Plugin 1.0.32 and earlier stores API keys unencrypted ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43418 (A cross-site request forgery (CSRF) vulnerability in Jenkins Katalon P ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43417 (Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43416 (Jenkins Katalon Plugin 1.0.32 and earlier implements an agent/controll ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43415 (Jenkins REPO Plugin 1.15.0 and earlier does not configure its XML pars ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43414 (Jenkins NUnit Plugin 0.27 and earlier implements an agent-to-controlle ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43413 (Jenkins Job Import Plugin 3.5 and earlier does not perform a permissio ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43412 (Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-c ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43411 (Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comp ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43410 (Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides inf ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43409 (Jenkins Pipeline: Supporting APIs Plugin 838.va_3a_087b_4055b and earl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43408 (Jenkins Pipeline: Stage View Plugin 2.26 and earlier does not correctl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43407 (Jenkins Pipeline: Input Step Plugin 451.vf1a_a_4f405289 and earlier do ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43406 (A sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43405 (A sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries P ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43404 (A sandbox bypass vulnerability involving crafted constructor bodies an ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43403 (A sandbox bypass vulnerability involving casting an array-like value t ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43402 (A sandbox bypass vulnerability involving various casts performed impli ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43401 (A sandbox bypass vulnerability involving various casts performed impli ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-43400 (A vulnerability has been identified in Siveillance Video Mobile Server ...) + NOT-FOR-US: Siveillance Video Mobile Server V2022 R2 +CVE-2022-3596 (An information leak was found in OpenStack's undercloud. This flaw all ...) + NOT-FOR-US: undercloud +CVE-2022-3595 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) + - linux (Vulnerable code not in any released version in Debian and upstream) + NOTE: https://git.kernel.org/linus/b854b4ee66437e6e1622fda90529c814978cb4ca +CVE-2022-3594 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/93e2be344a7db169b7119de21ac1bf253b8c6907 (6.1-rc1) +CVE-2022-3593 + REJECTED +CVE-2022-3592 (A symlink following vulnerability was found in Samba, where a user can ...) + [experimental] - samba 2:4.17.2+dfsg-1 + - samba (Vulnerable code only in 4.17.0 and later) + NOTE: https://www.samba.org/samba/security/CVE-2022-3592.html +CVE-2022-43399 + REJECTED +CVE-2022-43398 (A vulnerability has been identified in POWER METER SICAM Q200 family ( ...) + NOT-FOR-US: Siemens +CVE-2022-43397 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-43396 (In the fix for CVE-2022-24697, a blacklist is used to filter user inpu ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2022-3591 (Use After Free in GitHub repository vim/vim prior to 9.0.0789.) + - vim 2:9.0.0813-1 (unimportant) + NOTE: https://huntr.dev/bounties/a5a998c2-4b07-47a7-91be-dbc1886b3921 + NOTE: https://github.com/vim/vim/commit/8f3c3c6cd044e3b5bf08dbfa3b3f04bb3f711bad (v9.0.0789) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3590 (WordPress is affected by an unauthenticated blind SSRF in the pingback ...) + - wordpress (bug #1033251) + [bookworm] - wordpress (Minor issue) + [bullseye] - wordpress (Minor issue) + [buster] - wordpress (Minor issue) + NOTE: https://www.sonarsource.com/blog/wordpress-core-unauthenticated-blind-ssrf/ +CVE-2022-3589 (An API Endpoint used by Miele's "AppWash" MobileApp in all versions wa ...) + NOT-FOR-US: Miele's "AppWash" MobileApp +CVE-2022-3588 + RESERVED +CVE-2022-3587 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3586 (A flaw was found in the Linux kernel\u2019s networking code. A use-aft ...) + {DLA-3173-1} + - linux 5.19.11-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/9efd23297cca530bb35e1848665805d3fcdd7889 (6.0-rc5) +CVE-2022-3585 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3584 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-3583 (A vulnerability was found in SourceCodester Canteen Management System ...) + NOT-FOR-US: SourceCodester Canteen Management System +CVE-2022-3582 (A vulnerability has been found in SourceCodester Simple Cold Storage M ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3581 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Cashier Queuing System +CVE-2022-3580 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Cashier Queuing System +CVE-2022-3579 (A vulnerability classified as critical was found in SourceCodester Cas ...) + NOT-FOR-US: SourceCodester Cashier Queuing System +CVE-2022-3578 (The ProfileGrid WordPress plugin before 5.1.1 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3577 (An out-of-bounds memory write flaw was found in the Linux kernel\u2019 ...) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fc4ef9d5724973193bfa5ebed181dba6de3a56db (5.19-rc1) +CVE-2022-3576 (A vulnerability regarding out-of-bounds read is found in the session p ...) + NOT-FOR-US: Synology DiskStation Manager (DSM) +CVE-2022-43395 + RESERVED +CVE-2022-43394 + RESERVED +CVE-2022-43393 (An improper check for unusual or exceptional conditions in the HTTP re ...) + NOT-FOR-US: Zyxel +CVE-2022-43392 (A buffer overflow vulnerability in the parameter of web server in Zyxe ...) + NOT-FOR-US: Zyxel +CVE-2022-43391 (A buffer overflow vulnerability in the parameter of the CGI program in ...) + NOT-FOR-US: Zyxel +CVE-2022-43390 (A command injection vulnerability in the CGI program of Zyxel NR7101 f ...) + NOT-FOR-US: Zyxel +CVE-2022-43389 (A buffer overflow vulnerability in the library of the web server in Zy ...) + NOT-FOR-US: Zyxel +CVE-2022-43388 + RESERVED +CVE-2022-43387 + RESERVED +CVE-2022-43386 + RESERVED +CVE-2022-43385 + RESERVED +CVE-2022-43384 + RESERVED +CVE-2022-43383 + RESERVED +CVE-2022-43382 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with eleva ...) + NOT-FOR-US: IBM +CVE-2022-43381 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-43380 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-43379 + RESERVED +CVE-2022-42496 (OS command injection vulnerability in Nako3edit, editor component of n ...) + NOT-FOR-US: Nako3edit +CVE-2022-41777 (Improper check or handling of exceptional conditions vulnerability in ...) + NOT-FOR-US: Nako3edit +CVE-2022-41642 (OS command injection vulnerability in Nadesiko3 (PC Version) v3.3.61 a ...) + NOT-FOR-US: Nako3edit +CVE-2022-3575 (Frauscher Sensortechnik GmbH FDS102 for FAdC R2 and FAdCi R2 v2.8.0 to ...) + NOT-FOR-US: Frauscher Sensortechnik +CVE-2022-3574 (The WPForms Pro WordPress plugin before 1.7.7 does not validate its fo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3573 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3572 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3571 + RESERVED +CVE-2022-3570 (Multiple heap buffer overflows in tiffcrop.c utility in libtiff librar ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-5 (bug #1022555) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/cfbb883bf6ea7bedcb04177cc4e52d304522fdff (v4.5.0rc1) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/381 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/386 +CVE-2022-3569 (Due to an issue with incorrect sudo permissions, Zimbra Collaboration ...) + NOT-FOR-US: Zimbra +CVE-2022-3568 (The ImageMagick Engine plugin for WordPress is vulnerable to deseriali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-43378 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) + NOT-FOR-US: Schneider +CVE-2022-43377 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + NOT-FOR-US: Schneider +CVE-2022-43376 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider +CVE-2022-43375 + RESERVED +CVE-2022-43374 + RESERVED +CVE-2022-43373 + RESERVED +CVE-2022-43372 (Emlog Pro v1.7.1 was discovered to contain a reflected cross-site scri ...) + NOT-FOR-US: Emlog Pro +CVE-2022-43371 + RESERVED +CVE-2022-43370 + RESERVED +CVE-2022-43369 (AutoTaxi Stand Management System v1.0 was discovered to contain a cros ...) + NOT-FOR-US: AutoTaxi Stand Management System +CVE-2022-43368 + RESERVED +CVE-2022-43367 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injec ...) + NOT-FOR-US: IP-COM EW9 +CVE-2022-43366 (IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to acces ...) + NOT-FOR-US: IP-COM EW9 +CVE-2022-43365 (IP-COM EW9 V15.11.0.14(9732) was discovered to contain a buffer overfl ...) + NOT-FOR-US: IP-COM EW9 +CVE-2022-43364 (An access control issue in the password reset page of IP-COM EW9 V15.1 ...) + NOT-FOR-US: IP-COM EW9 +CVE-2022-43363 (Telegram Web 15.3.1 allows XSS via a certain payload derived from a Ta ...) + NOT-FOR-US: Telegram Web +CVE-2022-43362 (Senayan Library Management System v9.4.2 was discovered to contain a S ...) + NOT-FOR-US: Senayan Library Management System +CVE-2022-43361 (Senayan Library Management System v9.4.2 was discovered to contain a c ...) + NOT-FOR-US: Senayan Library Management System +CVE-2022-43360 + RESERVED +CVE-2022-43359 (Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c was discovered ...) + NOT-FOR-US: Gifdec +CVE-2022-43358 (Stack overflow vulnerability in ast_selectors.cpp: in function Sass::C ...) + - libsass (bug #1051895) + [bookworm] - libsass (Minor issue) + [bullseye] - libsass (Minor issue) + [buster] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/3178 +CVE-2022-43357 (Stack overflow vulnerability in ast_selectors.cpp in function Sass::Co ...) + - libsass (bug #1051893) + [bookworm] - libsass (Minor issue) + [bullseye] - libsass (Minor issue) + [buster] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/3177 +CVE-2022-43356 + RESERVED +CVE-2022-43355 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43354 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43353 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43352 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43351 (Sanitization Management System v1.0 was discovered to contain an arbit ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43350 (Sanitization Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Sanitization Management System +CVE-2022-43349 + RESERVED +CVE-2022-43348 + RESERVED +CVE-2022-43347 + RESERVED +CVE-2022-43346 + RESERVED +CVE-2022-43345 + RESERVED +CVE-2022-43344 + RESERVED +CVE-2022-43343 (N-Prolog v1.91 was discovered to contain a global buffer overflow vuln ...) + NOT-FOR-US: N-Prolog +CVE-2022-43342 (A stored cross-site scripting (XSS) vulnerability in the Add function ...) + NOT-FOR-US: Eramba GRC Software +CVE-2022-43341 + RESERVED +CVE-2022-43340 (A Cross-Site Request Forgery (CSRF) in dzzoffice 2.02.1_SC_UTF8 allows ...) + NOT-FOR-US: dzzoffice +CVE-2022-43339 + RESERVED +CVE-2022-43338 + RESERVED +CVE-2022-43337 + RESERVED +CVE-2022-43336 + RESERVED +CVE-2022-43335 + RESERVED +CVE-2022-43334 + RESERVED +CVE-2022-43333 (Telenia Software s.r.l TVox before v22.0.17 was discovered to contain ...) + NOT-FOR-US: Telenia Software s.r.l TVox +CVE-2022-43332 (A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows ...) + NOT-FOR-US: Wondercms +CVE-2022-43331 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43330 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43329 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43328 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43327 + RESERVED +CVE-2022-43326 (An Insecure Direct Object Reference (IDOR) vulnerability in the passwo ...) + NOT-FOR-US: Telos Alliance Omnia MPX Node +CVE-2022-43325 (An unauthenticated command injection vulnerability in the product lice ...) + NOT-FOR-US: Telos Alliance Omnia MPX Node +CVE-2022-43324 + RESERVED +CVE-2022-43323 (EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request ...) + NOT-FOR-US: EyouCMS +CVE-2022-43322 + RESERVED +CVE-2022-43321 (Shopwind v3.4.3 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: Shopwind +CVE-2022-43320 (FeehiCMS v2.1.1 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: FeehiCMS +CVE-2022-43319 (An information disclosure vulnerability in the component vcs/downloadF ...) + NOT-FOR-US: Simple E-Learning System +CVE-2022-43318 (Human Resource Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Human Resource Management System +CVE-2022-43317 (A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Hu ...) + NOT-FOR-US: Human Resource Management System +CVE-2022-43316 + RESERVED +CVE-2022-43315 + RESERVED +CVE-2022-43314 + RESERVED +CVE-2022-43313 + RESERVED +CVE-2022-43312 + RESERVED +CVE-2022-43311 + RESERVED +CVE-2022-43310 (An Uncontrolled Search Path Element in Foxit Software released Foxit R ...) + NOT-FOR-US: Foxit Reader +CVE-2022-43309 (Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to ...) + NOT-FOR-US: Supermicro +CVE-2022-43308 (INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers ...) + NOT-FOR-US: INTELBRAS +CVE-2022-43307 + RESERVED +CVE-2022-43306 (The d8s-timer for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-timer +CVE-2022-43305 (The d8s-python for python, as distributed on PyPI, included a potentia ...) + NOT-FOR-US: d8s-python +CVE-2022-43304 (The d8s-timer for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-timer +CVE-2022-43303 (The d8s-strings for python, as distributed on PyPI, included a potenti ...) + NOT-FOR-US: d8s-strings +CVE-2022-43302 + RESERVED +CVE-2022-43301 + RESERVED +CVE-2022-43300 + RESERVED +CVE-2022-43299 + RESERVED +CVE-2022-43298 + RESERVED +CVE-2022-43297 + RESERVED +CVE-2022-43296 + RESERVED +CVE-2022-43295 (XPDF v4.04 was discovered to contain a stack overflow via the function ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-43294 (Tasmota before commit 066878da4d4762a9b6cb169fdf353e804d735cfd was dis ...) + NOT-FOR-US: Tasmota +CVE-2022-43293 (Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitra ...) + NOT-FOR-US: Wacom +CVE-2022-43292 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43291 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43290 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43289 (Deark v.1.6.2 was discovered to contain a stack overflow via the do_pr ...) + NOT-FOR-US: Deark +CVE-2022-43288 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43287 + RESERVED +CVE-2022-43286 (Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug c ...) + NOT-FOR-US: njs +CVE-2022-43285 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-43284 (Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation vi ...) + NOT-FOR-US: njs +CVE-2022-43283 (wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.) + - wabt 1.0.30-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/1985 + NOTE: Crash in CLI tool, no security impact +CVE-2022-43282 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) + - wabt 1.0.30-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/1983 + NOTE: Crash in CLI tool, no security impact +CVE-2022-43281 (wasm-interp v1.0.29 was discovered to contain a heap overflow via the ...) + - wabt 1.0.30-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/1981 + NOTE: Crash in CLI tool, no security impact +CVE-2022-43280 (wasm-interp v1.0.29 was discovered to contain an out-of-bounds read vi ...) + - wabt 1.0.30-1 (unimportant) + NOTE: https://github.com/WebAssembly/wabt/issues/1982 + NOTE: Crash in CLI tool, no security impact +CVE-2022-43279 (LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerabil ...) + - limesurvey (bug #472802) +CVE-2022-43278 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43277 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43274 + RESERVED +CVE-2022-43273 + RESERVED +CVE-2022-43272 (DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Ass ...) + [experimental] - dcmtk 3.6.8~git20221013.51be018-1 + - dcmtk 3.6.7-8 (bug #1027165) + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://github.com/songxpu/bug_report/tree/master/DCMTK/memory_leak_in_3.6.7 + NOTE: Fixed by: https://github.com/DCMTK/dcmtk/commit/c34f4e46e672ad21accf04da0dc085e43be6f5e1 +CVE-2022-43271 (Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered t ...) + NOT-FOR-US: Inhabit Systems Pty Ltd Move CRM +CVE-2022-43270 + RESERVED +CVE-2022-43269 + RESERVED +CVE-2022-43268 + RESERVED +CVE-2022-43267 + RESERVED +CVE-2022-43266 + RESERVED +CVE-2022-43265 (An arbitrary file upload vulnerability in the component /pages/save_us ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43264 (Arobas Music Guitar Pro for iPad and iPhone before v1.10.2 allows atta ...) + NOT-FOR-US: Arobas Music Guitar Pro for iPad and iPhone +CVE-2022-43263 (A cross-site scripting (XSS) vulnerability in Arobas Music Guitar Pro ...) + NOT-FOR-US: Arobas Music Guitar Pro for iPad and iPhone +CVE-2022-43262 (Human Resource Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Human Resource Management System +CVE-2022-43261 + RESERVED +CVE-2022-43260 (Tenda AC18 V15.03.05.19(6318) was discovered to contain a stack overfl ...) + NOT-FOR-US: Tenda +CVE-2022-43259 (Tenda AC15 V15.03.05.18 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-43258 + RESERVED +CVE-2022-43257 + RESERVED +CVE-2022-43256 (SeaCms before v12.6 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: SeaCms +CVE-2022-43255 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...) + {DSA-5411-1} + - gpac (unimportant) + NOTE: https://github.com/gpac/gpac/issues/2285 + NOTE: https://github.com/gpac/gpac/commit/d82e1340d7fd5ceea205e0f173500102f3237eb4 + NOTE: Negligible security impact +CVE-2022-43254 (GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a mem ...) + - gpac (unimportant) + NOTE: https://github.com/gpac/gpac/issues/2284 + NOTE: https://github.com/gpac/gpac/commit/4520e38aa030f059264c69b426bd8133206fbfe6 + NOTE: Negligible security impact +CVE-2022-43253 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1025816) + NOTE: https://github.com/strukturag/libde265/issues/348 +CVE-2022-43252 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/347 +CVE-2022-43251 + RESERVED +CVE-2022-43250 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/346 +CVE-2022-43249 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.11-1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/345 + NOTE: https://github.com/strukturag/libde265/pull/373 +CVE-2022-43248 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1025816) + NOTE: https://github.com/strukturag/libde265/issues/349 +CVE-2022-43247 + RESERVED +CVE-2022-43246 + RESERVED +CVE-2022-43245 (Libde265 v1.0.8 was discovered to contain a segmentation violation via ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.11-1 (bug #1029357) + NOTE: https://github.com/strukturag/libde265/issues/352 + NOTE: https://github.com/strukturag/libde265/commit/ad291690a8c92218b9e86738edd45ed64736b246 (v1.0.10) +CVE-2022-43244 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/342 +CVE-2022-43243 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1025816) + NOTE: https://github.com/strukturag/libde265/issues/339 +CVE-2022-43242 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/340 +CVE-2022-43241 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/338 +CVE-2022-43240 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/335 +CVE-2022-43239 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/341 +CVE-2022-43238 (Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/338 +CVE-2022-43237 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/344 +CVE-2022-43236 (Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vuln ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/343 +CVE-2022-43235 (Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulne ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.9-1.1 (bug #1027179) + NOTE: https://github.com/strukturag/libde265/issues/337 +CVE-2022-43234 (An arbitrary file upload vulnerability in the /attachments component o ...) + NOT-FOR-US: Hoosk CMS +CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43231 (Canteen Management System v1.0 was discovered to contain an arbitrary ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43230 (Simple Cold Storage Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-43229 (Simple Cold Storage Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Barangay Management System +CVE-2022-43227 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43226 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43225 + RESERVED +CVE-2022-43224 + RESERVED +CVE-2022-43223 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) + NOT-FOR-US: Open5GS +CVE-2022-43222 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) + NOT-FOR-US: Open5GS +CVE-2022-43221 (open5gs v2.4.11 was discovered to contain a memory leak in the compone ...) + NOT-FOR-US: Open5GS +CVE-2022-43220 + RESERVED +CVE-2022-43219 + RESERVED +CVE-2022-43218 + RESERVED +CVE-2022-43217 + RESERVED +CVE-2022-43216 + RESERVED +CVE-2022-43215 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-43214 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-43213 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-43212 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-43211 + RESERVED +CVE-2022-43210 + RESERVED +CVE-2022-43209 + RESERVED +CVE-2022-43208 + RESERVED +CVE-2022-43207 + RESERVED +CVE-2022-43206 + RESERVED +CVE-2022-43205 + RESERVED +CVE-2022-43204 + RESERVED +CVE-2022-43203 + RESERVED +CVE-2022-43202 + RESERVED +CVE-2022-43201 + RESERVED +CVE-2022-43200 + RESERVED +CVE-2022-43199 + RESERVED +CVE-2022-43198 + RESERVED +CVE-2022-43197 + RESERVED +CVE-2022-43196 (dedecmdv6 v6.1.9 is vulnerable to Arbitrary file deletion via file_man ...) + NOT-FOR-US: dedecmdv6 +CVE-2022-43195 + RESERVED +CVE-2022-43194 + RESERVED +CVE-2022-43193 + RESERVED +CVE-2022-43192 (An arbitrary file upload vulnerability in the component /dede/file_man ...) + NOT-FOR-US: Dedecms +CVE-2022-43191 + RESERVED +CVE-2022-43190 + RESERVED +CVE-2022-43189 + RESERVED +CVE-2022-43188 + RESERVED +CVE-2022-43187 + RESERVED +CVE-2022-43186 + RESERVED +CVE-2022-43185 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43184 (D-Link DIR878 1.30B08 Hotfix_04 was discovered to contain a command in ...) + NOT-FOR-US: D-Link +CVE-2022-43183 (XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) vi ...) + NOT-FOR-US: XXL-Job +CVE-2022-43182 + RESERVED +CVE-2022-43181 + RESERVED +CVE-2022-43180 + RESERVED +CVE-2022-43179 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-43178 + RESERVED +CVE-2022-43177 + RESERVED +CVE-2022-43176 + RESERVED +CVE-2022-43175 + RESERVED +CVE-2022-43174 + RESERVED +CVE-2022-43173 + RESERVED +CVE-2022-43172 + RESERVED +CVE-2022-43171 (A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinf ...) + NOT-FOR-US: LIEF +CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the Dashboard Con ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users Access ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43168 (Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43167 (A stored cross-site scripting (XSS) vulnerability in the Users Alerts ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43166 (A stored cross-site scripting (XSS) vulnerability in the Global Entiti ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the Global Variab ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the Global Lists ...) + NOT-FOR-US: Rukovoditel +CVE-2022-43163 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43162 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43161 + RESERVED +CVE-2022-43160 + RESERVED +CVE-2022-43159 + RESERVED +CVE-2022-43158 + RESERVED +CVE-2022-43157 + RESERVED +CVE-2022-43156 + RESERVED +CVE-2022-43155 + RESERVED +CVE-2022-43154 + RESERVED +CVE-2022-43153 + RESERVED +CVE-2022-43152 (tsMuxer v2.6.16 was discovered to contain a heap overflow via the func ...) + NOT-FOR-US: tsMuxer +CVE-2022-43151 (timg v1.4.4 was discovered to contain a memory leak via the function t ...) + - timg 1.4.5-1 (unimportant) + NOTE: https://github.com/hzeller/timg/issues/92 + NOTE: https://github.com/hzeller/timg/commit/e9667ea2c811aa9eb399b631aef9bba0d3711834 (v1.4.5) + NOTE: Memory leak in terminal application, no security impact +CVE-2022-43150 + RESERVED +CVE-2022-43149 + RESERVED +CVE-2022-43148 (rtf2html v0.2.0 was discovered to contain a heap overflow in the compo ...) + NOT-FOR-US: rtf2html +CVE-2022-43147 + RESERVED +CVE-2022-43146 (An arbitrary file upload vulnerability in the image upload function of ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43145 + RESERVED +CVE-2022-43144 (A cross-site scripting (XSS) vulnerability in Canteen Management Syste ...) + NOT-FOR-US: Canteen Management System +CVE-2022-43143 (A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 ...) + NOT-FOR-US: Beekeeper Studio +CVE-2022-43142 (A cross-site scripting (XSS) vulnerability in the add-fee.php componen ...) + NOT-FOR-US: Password Storage Application +CVE-2022-43141 + RESERVED +CVE-2022-43140 (kkFileView v4.1.0 was discovered to contain a Server-Side Request Forg ...) + NOT-FOR-US: kkFileView +CVE-2022-43139 + RESERVED +CVE-2022-43138 (Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows atta ...) + - dolibarr +CVE-2022-43137 + RESERVED +CVE-2022-43136 + RESERVED +CVE-2022-43135 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43134 + RESERVED +CVE-2022-43133 + RESERVED +CVE-2022-43132 + RESERVED +CVE-2022-43131 + RESERVED +CVE-2022-43130 + RESERVED +CVE-2022-43129 + RESERVED +CVE-2022-43128 + REJECTED +CVE-2022-43127 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43126 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43125 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43124 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43123 + RESERVED +CVE-2022-43122 + RESERVED +CVE-2022-43121 (A cross-site scripting (XSS) vulnerability in the CMS Field Add page o ...) + NOT-FOR-US: Subrion CMS +CVE-2022-43120 (A cross-site scripting (XSS) vulnerability in the /panel/fields/add co ...) + NOT-FOR-US: Subrion CMS +CVE-2022-43119 (A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 a ...) + NOT-FOR-US: Clansphere CMS +CVE-2022-43118 (A cross-site scripting (XSS) vulnerability in flatCore-CMS v2.1.0 allo ...) + NOT-FOR-US: flatCore-CMS +CVE-2022-43117 (Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 w ...) + NOT-FOR-US: Sourcecodester Password Storage Application in PHP/OOP and MySQL +CVE-2022-43116 + RESERVED +CVE-2022-43115 + RESERVED +CVE-2022-43114 + RESERVED +CVE-2022-43113 + RESERVED +CVE-2022-43112 + RESERVED +CVE-2022-43111 + RESERVED +CVE-2022-43110 + RESERVED +CVE-2022-43109 (D-Link DIR-823G v1.0.2 was found to contain a command injection vulner ...) + NOT-FOR-US: D-Link +CVE-2022-43108 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43107 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43106 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43105 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43104 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43103 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43102 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43101 (Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-43100 + RESERVED +CVE-2022-43099 + RESERVED +CVE-2022-43098 + RESERVED +CVE-2022-43097 (Phpgurukul User Registration & User Management System v3.0 was discove ...) + NOT-FOR-US: Phpgurukul User Registration & User Management System +CVE-2022-43096 (Mediatrix 4102 before v48.5.2718 allows local attackers to gain root a ...) + NOT-FOR-US: Mediatrix +CVE-2022-43095 + RESERVED +CVE-2022-43094 + RESERVED +CVE-2022-43093 + RESERVED +CVE-2022-43092 + RESERVED +CVE-2022-43091 + RESERVED +CVE-2022-43090 + RESERVED +CVE-2022-43089 + RESERVED +CVE-2022-43088 + RESERVED +CVE-2022-43087 + RESERVED +CVE-2022-43086 (Restaurant POS System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Restaurant POS System +CVE-2022-43085 (An arbitrary file upload vulnerability in add_product.php of Restauran ...) + NOT-FOR-US: Restaurant POS System +CVE-2022-43084 (A cross-site scripting (XSS) vulnerability in admin-add-vehicle.php of ...) + NOT-FOR-US: Vehicle Booking System +CVE-2022-43083 (An arbitrary file upload vulnerability in admin-add-vehicle.php of Veh ...) + NOT-FOR-US: Vehicle Booking System +CVE-2022-43082 (A cross-site scripting (XSS) vulnerability in /fastfood/purchase.php o ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-43081 (Fast Food Ordering System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-43080 + RESERVED +CVE-2022-43079 (A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of Tr ...) + NOT-FOR-US: Train Scheduler App +CVE-2022-43078 (A cross-site scripting (XSS) vulnerability in /admin/add-fee.php of We ...) + NOT-FOR-US: Web-Based Student Clearance System +CVE-2022-43077 + RESERVED +CVE-2022-43076 (A cross-site scripting (XSS) vulnerability in /admin/edit-admin.php of ...) + NOT-FOR-US: Web-Based Student Clearance System +CVE-2022-43075 + RESERVED +CVE-2022-43074 (AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulne ...) + NOT-FOR-US: AyaCMS +CVE-2022-43073 + RESERVED +CVE-2022-43072 + RESERVED +CVE-2022-43071 (A stack overflow in the Catalog::readPageLabelTree2(Object*) function ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-43070 + RESERVED +CVE-2022-43069 + RESERVED +CVE-2022-43068 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43067 + RESERVED +CVE-2022-43066 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43065 + RESERVED +CVE-2022-43064 + RESERVED +CVE-2022-43063 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43062 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43061 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-43060 + RESERVED +CVE-2022-43059 + RESERVED +CVE-2022-43058 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43057 + RESERVED +CVE-2022-43056 + RESERVED +CVE-2022-43055 + RESERVED +CVE-2022-43054 + RESERVED +CVE-2022-43053 + RESERVED +CVE-2022-43052 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43051 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-43050 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-43049 (Canteen Management System Project v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Canteen Management System Project +CVE-2022-43048 + RESERVED +CVE-2022-43047 + RESERVED +CVE-2022-43046 (Food Ordering Management System v1.0 was discovered to contain a cross ...) + NOT-FOR-US: Food Ordering Management System +CVE-2022-43045 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2277 + NOTE: https://github.com/gpac/gpac/commit/c5249ee4b62dfc604fecb4dce2fc480b3e388bbb +CVE-2022-43044 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2282 + NOTE: https://github.com/gpac/gpac/commit/8a0e8e4ab13348cb1ab8e93b950a03d93f158a35 +CVE-2022-43043 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2276 + NOTE: https://github.com/gpac/gpac/commit/6bff06cdb8e9b4e8ed2e789ee9340877759536fd +CVE-2022-43042 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2278 + NOTE: https://github.com/gpac/gpac/commit/3661da280b3eba75490e75ff20ad440c66e24de9 +CVE-2022-43041 + RESERVED +CVE-2022-43040 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2280 + NOTE: https://github.com/gpac/gpac/commit/f17dae31ebf6ea7af8c512165d9b954c2a6ea46e +CVE-2022-43039 (GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segm ...) + - gpac (bug #1033116; bug #1051866) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2281 + NOTE: https://github.com/gpac/gpac/commit/62dbd5caad6b89b33535dfa19ef65419f0378303 +CVE-2022-43038 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) + NOT-FOR-US: Bento4 +CVE-2022-43037 (An issue was discovered in Bento4 1.6.0-639. There is a memory leak in ...) + NOT-FOR-US: Bento4 +CVE-2022-43036 + RESERVED +CVE-2022-43035 (An issue was discovered in Bento4 v1.6.0-639. There is a heap-buffer-o ...) + NOT-FOR-US: Bento4 +CVE-2022-43034 (An issue was discovered in Bento4 v1.6.0-639. There is a heap buffer o ...) + NOT-FOR-US: Bento4 +CVE-2022-43033 (An issue was discovered in Bento4 1.6.0-639. There is a bad free in th ...) + NOT-FOR-US: Bento4 +CVE-2022-43032 (An issue was discovered in Bento4 v1.6.0-639. There is a memory leak i ...) + NOT-FOR-US: Bento4 +CVE-2022-43031 (DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery ...) + NOT-FOR-US: DedeCMS +CVE-2022-43030 (Siyucms v6.1.7 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Siyucms +CVE-2022-43029 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43028 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43027 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43026 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43025 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43024 (Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-43023 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: OpenCATS +CVE-2022-43022 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: OpenCATS +CVE-2022-43021 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: OpenCATS +CVE-2022-43020 (OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: OpenCATS +CVE-2022-43019 (OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE ...) + NOT-FOR-US: OpenCATS +CVE-2022-43018 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: OpenCATS +CVE-2022-43017 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: OpenCATS +CVE-2022-43016 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: OpenCATS +CVE-2022-43015 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: OpenCATS +CVE-2022-43014 (OpenCATS v0.9.6 was discovered to contain a reflected cross-site scrip ...) + NOT-FOR-US: OpenCATS +CVE-2022-43013 + RESERVED +CVE-2022-43012 + RESERVED +CVE-2022-43011 + RESERVED +CVE-2022-43010 + RESERVED +CVE-2022-43009 + RESERVED +CVE-2022-43008 + RESERVED +CVE-2022-43007 + RESERVED +CVE-2022-43006 + RESERVED +CVE-2022-43005 + RESERVED +CVE-2022-43004 + RESERVED +CVE-2022-43003 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) + NOT-FOR-US: D-Link +CVE-2022-43002 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) + NOT-FOR-US: D-Link +CVE-2022-43001 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) + NOT-FOR-US: D-Link +CVE-2022-43000 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) + NOT-FOR-US: D-Link +CVE-2022-42999 (D-Link DIR-816 A2 1.10 B05 was discovered to contain multiple command ...) + NOT-FOR-US: D-Link +CVE-2022-42998 (D-Link DIR-816 A2 1.10 B05 was discovered to contain a stack overflow ...) + NOT-FOR-US: D-Link +CVE-2022-42997 + RESERVED +CVE-2022-42996 + RESERVED +CVE-2022-42995 + RESERVED +CVE-2022-42994 + RESERVED +CVE-2022-42993 (Password Storage Application v1.0 was discovered to contain a cross-si ...) + NOT-FOR-US: Password Storage Application +CVE-2022-42992 (Multiple stored cross-site scripting (XSS) vulnerabilities in Train Sc ...) + NOT-FOR-US: Train Scheduler App +CVE-2022-42991 (A stored cross-site scripting (XSS) vulnerability in Simple Online Pub ...) + NOT-FOR-US: Simple Online Public Access Catalog +CVE-2022-42990 (Food Ordering Management System v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: Food Ordering Management System +CVE-2022-42989 (ERP Sankhya before v4.11b81 was discovered to contain a cross-site scr ...) + NOT-FOR-US: ERP Sankhya +CVE-2022-42988 + RESERVED +CVE-2022-42987 + RESERVED +CVE-2022-3567 (A vulnerability has been found in Linux Kernel and classified as probl ...) + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/364f997b5cfe1db0d63a390fe7c801fa2b3115f6 (6.1-rc1) +CVE-2022-3566 (A vulnerability, which was classified as problematic, was found in Lin ...) + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/f49cd2f4d6170d27a2c61f1fecb03d8a70c91f57 (6.1-rc1) +CVE-2022-3565 (A vulnerability, which was classified as critical, has been found in L ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/2568a7e0832ee30b0a351016d03062ab4e0e0a3f (6.1-rc1) +CVE-2022-3564 (A vulnerability classified as critical was found in Linux Kernel. Affe ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.8-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/3aff8aaca4e36dc8b17eaa011684881a80238966 +CVE-2022-3563 (A vulnerability classified as problematic has been found in Linux Kern ...) + - bluez 5.65-1 + [bullseye] - bluez (Vulnerable code introduced later) + [buster] - bluez (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e3c92f1f786f0b55440bd908b55894d0c792cf0e (5.65) + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=bc3a76f01f461db19381f1922cdaeac222dfd374 (5.56) +CVE-2022-3562 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2022-3561 (Cross-site Scripting (XSS) - Generic in GitHub repository librenms/lib ...) + NOT-FOR-US: LibreNMS +CVE-2022-3560 (A flaw was found in pesign. The pesign package provides a systemd serv ...) + - pesign 116-1 (bug #1030168) + [bookworm] - pesign (Minor issue) + [bullseye] - pesign (Minor issue) + [buster] - pesign (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/31/6 + NOTE: https://www.openwall.com/lists/oss-security/2023/02/01/2 + NOTE: https://github.com/rhboot/pesign/commit/d8a8c259994d0278c59b30b41758a8dd0abff998 (116) +CVE-2022-3559 (A vulnerability was found in Exim and classified as problematic. This ...) + - exim4 4.96-4 + [bullseye] - exim4 (Minor issue) + [buster] - exim4 (Minor issue) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2915 + NOTE: https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 +CVE-2022-3558 (The Import and export users and customers WordPress plugin before 1.20 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3557 + RESERVED +CVE-2022-3556 + RESERVED +CVE-2022-3555 + REJECTED +CVE-2022-3554 + REJECTED +CVE-2022-3553 (A vulnerability, which was classified as problematic, was found in X.o ...) + - xorg-server 2:21.1.4-1 (unimportant) + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/dfd057996b26420309c324ec844a5ba6dd07eda3 + NOTE: Affects the XQuartz (X11 server and client libraries for macOS) component +CVE-2022-3552 (Unrestricted Upload of File with Dangerous Type in GitHub repository b ...) + NOT-FOR-US: boxbilling +CVE-2022-3551 (A vulnerability, which was classified as problematic, has been found i ...) + {DSA-5278-1 DLA-3185-1} + - xorg-server 2:21.1.4-3 + - xwayland 2:22.1.5-1 + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/18f91b950e22c2a342a4fbc55e9ddf7534a707d2 +CVE-2022-3550 (A vulnerability classified as critical was found in X.org Server. Affe ...) + {DSA-5278-1 DLA-3185-1} + - xorg-server 2:21.1.4-3 + - xwayland 2:22.1.5-1 + NOTE: https://gitlab.freedesktop.org/xorg/xserver/commit/11beef0b7f1ed290348e45618e5fa0d2bffcb72e +CVE-2022-3549 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3548 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3547 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3546 (A vulnerability was found in SourceCodester Simple Cold Storage Manage ...) + NOT-FOR-US: SourceCodester Simple Cold Storage Management System +CVE-2022-3545 (A vulnerability has been found in Linux Kernel and classified as criti ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.0.2-1 + NOTE: https://git.kernel.org/linus/02e1a114fdb71e59ee6770294166c30d437bf86a (6.0-rc1) +CVE-2022-3544 (A vulnerability, which was classified as problematic, was found in Lin ...) + - linux 6.0.2-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1c8e2349f2d033f634d046063b704b2ca6c46972 (6.0) +CVE-2022-3543 (A vulnerability, which was classified as problematic, has been found i ...) + - linux 6.0.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7a62ed61367b8fd01bae1e18e30602c25060d824 (6.1-rc1) +CVE-2022-3542 + REJECTED +CVE-2022-3541 (A vulnerability classified as critical has been found in Linux Kernel. ...) + - linux 6.0.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/12aece8b01507a2d357a1861f470e83621fbb6f2 (6.1-rc1) +CVE-2022-3540 (An issue has been discovered in hunter2 affecting all versions before ...) + NOT-FOR-US: hunter2 +CVE-2022-3539 (The Testimonials WordPress plugin before 2.7, super-testimonial-pro Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3538 (The Webmaster Tools Verification WordPress plugin through 1.2 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3537 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.2 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3536 (The Role Based Pricing for WooCommerce WordPress plugin before 1.6.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42986 + REJECTED +CVE-2022-42985 (The ScratchLogin extension through 1.1 for MediaWiki does not escape v ...) + NOT-FOR-US: MediaWiki extension ScratchLogin +CVE-2022-42984 (WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL ...) + NOT-FOR-US: WoWonder Social Network Platform +CVE-2022-42983 (anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login au ...) + NOT-FOR-US: anji-plus AJ-Report +CVE-2022-42982 (BKG Professional NtripCaster 2.0.39 allows querying information over t ...) + NOT-FOR-US: BKG Professional NtripCaster +CVE-2022-42981 + RESERVED +CVE-2022-42980 (go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a productio ...) + NOT-FOR-US: go-admin (aka GO Admin) +CVE-2022-42979 (Information disclosure due to an insecure hostname validation in the R ...) + NOT-FOR-US: RYDE +CVE-2022-42978 (In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, ...) + NOT-FOR-US: Atlassian Confluence addon +CVE-2022-42977 (The Netic User Export add-on before 1.3.5 for Atlassian Confluence has ...) + NOT-FOR-US: Atlassian Confluence addon +CVE-2022-42976 + RESERVED +CVE-2022-42975 (socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin w ...) + NOT-FOR-US: Phoenix +CVE-2022-42974 + RESERVED +CVE-2022-42973 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) + NOT-FOR-US: Schneider +CVE-2022-42972 (A CWE-732: Incorrect Permission Assignment for Critical Resource vulne ...) + NOT-FOR-US: Schneider +CVE-2022-42971 (A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerabili ...) + NOT-FOR-US: Schneider +CVE-2022-42970 (A CWE-306: Missing Authentication for Critical Function The software d ...) + NOT-FOR-US: Schneider +CVE-2022-3535 + REJECTED +CVE-2022-3534 (A vulnerability classified as critical has been found in Linux Kernel. ...) + - libbpf 1.1.0-1 (bug #1023717) + [bullseye] - libbpf (Minor issue) + NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/7ac1547f32f060d84b06c74edbb2c6896cc07949 (v0.2) + NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/54caf920db0e489de90f3aaaa41e2a51ddbcd084 (v1.1.0) +CVE-2022-3533 (A vulnerability was found in Linux Kernel. It has been rated as proble ...) + - libbpf 1.1.0-1 (bug #1023717) + [bullseye] - libbpf (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/libbpf/libbpf/commit/557499a13ede6ea86883d070af06621fe990572f (v0.8.0) + NOTE: Fixed by: https://github.com/libbpf/libbpf/commit/881a10980b7ded995da5d9cc1919992c36c9d2be (v1.1.0) +CVE-2022-3532 + REJECTED +CVE-2022-3531 + REJECTED +CVE-2022-3530 + REJECTED +CVE-2022-3529 + REJECTED +CVE-2022-3528 + REJECTED +CVE-2022-3527 + REJECTED +CVE-2022-3526 (A vulnerability classified as problematic was found in Linux Kernel. T ...) + - linux 5.17.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e16b859872b87650bb55b12cca5a5fcdc49c1442 +CVE-2022-3525 (Deserialization of Untrusted Data in GitHub repository librenms/libren ...) + NOT-FOR-US: LibreNMS +CVE-2022-3524 (A vulnerability was found in Linux Kernel. It has been declared as pro ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.7-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/3c52c6bb831f6335c176a0fc7214e26f43adbd11 +CVE-2022-3523 (A vulnerability was found in Linux Kernel. It has been classified as p ...) + - linux 6.1.4-1 + NOTE: https://git.kernel.org/linus/16ce101db85db694a91380aa4c89b25530871d33 +CVE-2022-3522 + REJECTED +CVE-2022-3521 (A vulnerability has been found in Linux Kernel and classified as probl ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.10-1 (unimportant) + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/ec7eede369fe5b0d085ac51fdbb95184f87bfc6c + NOTE: In Debian CONFIG_AF_KCM is not set +CVE-2022-42969 (The py library through 1.11.0 for Python allows remote attackers to co ...) + - python-py (unimportant) + NOTE: https://github.com/pytest-dev/py/issues/287 + NOTE: Negligible security impact and disputed upstream + NOTE: https://github.com/pytest-dev/py/issues/287#issuecomment-1283784766 +CVE-2022-42968 (Gitea before 1.17.3 does not sanitize and escape refs in the git backe ...) + - gitea +CVE-2022-42967 (Caret is vulnerable to an XSS attack when the user opens a crafted Mar ...) + NOT-FOR-US: Caret +CVE-2022-42966 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + - python-cleo (Vulnerable code introduced later; cf #1024018) + NOTE: https://research.jfrog.com/vulnerabilities/cleo-redos-xray-257186/ + NOTE: https://github.com/python-poetry/cleo/issues/284 + NOTE: Introduced with: https://github.com/python-poetry/cleo/commit/de55578da25c6b1736b8b818f21c1bacf7c2475d (1.0.0a1) + NOTE: Fixed by: https://github.com/python-poetry/cleo/commit/b5b9a04d2caf58bf7cf94eb7ae4a1ebbe60ea455 +CVE-2022-42965 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: snowflake-connector-python +CVE-2022-42964 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + - pymatgen 2023.06.23+dfsg1-1 (bug #1024017) + [bookworm] - pymatgen (Minor issue) + NOTE: https://research.jfrog.com/vulnerabilities/pymatgen-redos-xray-257184/ + NOTE: https://github.com/materialsproject/pymatgen/issues/2755 +CVE-2022-3520 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0813-1 (unimportant) + NOTE: https://huntr.dev/bounties/c1db3b70-f4fe-481f-8a24-0b1449c94246 + NOTE: https://github.com/vim/vim/commit/36343ae0fb7247e060abfd35fb8e4337b33abb4b (v9.0.0765) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3519 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-3518 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Sanitization Management System +CVE-2022-42963 + RESERVED +CVE-2022-42962 + RESERVED +CVE-2022-42961 (An issue was discovered in wolfSSL before 5.5.0. A fault injection att ...) + - wolfssl 5.5.3-1 (bug #1023574) + [bullseye] - wolfssl (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.0-stable +CVE-2022-42960 (EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.1 ...) + NOT-FOR-US: EqualWeb Accessibility Widget +CVE-2022-42959 + RESERVED +CVE-2022-42958 + RESERVED +CVE-2022-42957 + RESERVED +CVE-2022-42956 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...) + NOT-FOR-US: PassWork extension for Chrome +CVE-2022-42955 (The PassWork extension 5.0.9 for Chrome and other browsers allows an a ...) + NOT-FOR-US: PassWork extension for Chrome +CVE-2022-42954 (Keyfactor EJBCA before 7.10.0 allows XSS.) + NOT-FOR-US: Keyfactor EJBCA +CVE-2022-42953 (Certain ZKTeco products (ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM) ...) + NOT-FOR-US: ZKTeco +CVE-2022-42952 + RESERVED +CVE-2022-42951 (An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6 ...) + NOT-FOR-US: Couchbase Server +CVE-2022-42950 (An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x ...) + NOT-FOR-US: Couchbase Server +CVE-2022-42949 (Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissi ...) + NOT-FOR-US: Silverstripe +CVE-2017-20149 (The Mikrotik RouterOS web server allows memory corruption in releases ...) + NOT-FOR-US: Mikrotik +CVE-2022-42948 (Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are d ...) + NOT-FOR-US: Cobalt Strike +CVE-2022-42947 (A maliciously crafted X_B file when parsed through Autodesk Maya 2023 ...) + NOT-FOR-US: Autodesk +CVE-2022-42946 (Parsing a maliciously crafted X_B and PRT file can force Autodesk Maya ...) + NOT-FOR-US: Autodesk +CVE-2022-42945 (DWG TrueViewTM 2023 version has a DLL Search Order Hijacking vulnerabi ...) + NOT-FOR-US: Autodesk +CVE-2022-42944 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) + NOT-FOR-US: Autodesk +CVE-2022-42943 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) + NOT-FOR-US: Autodesk +CVE-2022-42942 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) + NOT-FOR-US: Autodesk +CVE-2022-42941 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) + NOT-FOR-US: Autodesk +CVE-2022-42940 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) + NOT-FOR-US: Autodesk +CVE-2022-42939 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) + NOT-FOR-US: Autodesk +CVE-2022-42938 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) + NOT-FOR-US: Autodesk +CVE-2022-42937 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-42936 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-42935 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-42934 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-42933 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-42932 (Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported m ...) + {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} + - firefox 106.0-1 + - firefox-esr 102.4.0esr-1 + - thunderbird 1:102.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42932 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42932 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42932 +CVE-2022-42931 (Logins saved by Firefox should be managed by the Password Manager comp ...) + - firefox 106.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42931 +CVE-2022-42930 (If two Workers were simultaneously initializing their CacheStorage, a ...) + - firefox 106.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42930 +CVE-2022-42929 (If a website called `window.print()` in a particular way, it could cau ...) + {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} + - firefox 106.0-1 + - firefox-esr 102.4.0esr-1 + - thunderbird 1:102.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42929 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42929 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42929 +CVE-2022-42928 (Certain types of allocations were missing annotations that, if the Gar ...) + {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} + - firefox 106.0-1 + - firefox-esr 102.4.0esr-1 + - thunderbird 1:102.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42928 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42928 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42928 +CVE-2022-42927 (A same-origin policy violation could have allowed the theft of cross-o ...) + {DSA-5262-1 DSA-5259-1 DLA-3170-1 DLA-3156-1} + - firefox 106.0-1 + - firefox-esr 102.4.0esr-1 + - thunderbird 1:102.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-44/#CVE-2022-42927 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-45/#CVE-2022-42927 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-46/#CVE-2022-42927 +CVE-2022-42926 + RESERVED +CVE-2022-42925 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...) + NOT-FOR-US: Forma LMS +CVE-2022-42924 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) + NOT-FOR-US: Forma LMS +CVE-2022-42923 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) + NOT-FOR-US: Forma LMS +CVE-2022-42922 + RESERVED +CVE-2022-42921 + RESERVED +CVE-2022-42920 (Apache Commons BCEL has a number of APIs that would normally only allo ...) + - bcel 6.5.0-2 + [bullseye] - bcel 6.5.0-1+deb11u1 + [buster] - bcel 6.2-1+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2022/11/04/6 + NOTE: https://www.openwall.com/lists/oss-security/2022/11/04/8 + NOTE: https://github.com/apache/commons-bcel/pull/147 + NOTE: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 + NOTE: Duplicate of CVE-2022-34169. But CVE-2022-34169 was assigned for Apache Xalan Java XSLT library, + NOTE: whereeas CVE-2022-42920 is associated with bcel itself. +CVE-2022-3517 (A vulnerability was found in the minimatch package. This flaw allows a ...) + {DLA-3271-1} + - node-minimatch 3.0.5+~3.0.5-1 + [bullseye] - node-minimatch 3.0.4+~3.0.3-1+deb11u1 + NOTE: https://github.com/grafana/grafana-image-renderer/issues/329 + NOTE: https://github.com/isaacs/minimatch/commit/a8763f4388e51956be62dc6025cec1126beeb5e6 (v3.0.5) + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/20b4b562830680867feb75f9c635aca08e5c86ff + NOTE: Regression follow-up: https://github.com/isaacs/minimatch/commit/e4cd43462340ca6b21212b68c9e314d8cdd9861a +CVE-2022-3516 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2022-47629 (Libksba before 1.6.3 is prone to an integer overflow vulnerability in ...) + {DSA-5305-1 DLA-3248-1} + - libksba 1.6.3-1 + NOTE: https://dev.gnupg.org/T6284 + NOTE: Fixed by: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070 (libksba-1.6.3) +CVE-2022-3515 (A vulnerability was found in the Libksba library due to an integer ove ...) + {DSA-5255-1 DLA-3153-1} + - libksba 1.6.2-1 (bug #1021928) + NOTE: https://gnupg.org/blog/20221017-pepe-left-the-ksba.html + NOTE: https://dev.gnupg.org/T6230 + NOTE: https://dev.gnupg.org/rK4b7d9cd4a018898d7714ce06f3faf2626c14582b +CVE-2022-3514 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3513 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to disconne ...) + NOT-FOR-US: Cloudflare +CVE-2022-3511 (The Awesome Support WordPress plugin before 6.1.2 does not ensure that ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3510 (A parsing issue similar to CVE-2022-3171, but with Message-Type Extens ...) + [experimental] - protobuf 3.21.7-1 + - protobuf 3.21.9-3 + [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) + [buster] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) + NOTE: https://github.com/protocolbuffers/protobuf/commit/db7c17803320525722f45c1d26fc08bc41d1bf48 + NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 +CVE-2022-3509 (A parsing issue similar to CVE-2022-3171, but with textformat in proto ...) + [experimental] - protobuf 3.21.7-1 + - protobuf 3.21.9-3 + [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) + [buster] - protobuf (Too intrusive to backport, requires significant refactoring via CVE-2022-3171) + NOTE: https://github.com/protocolbuffers/protobuf/commit/a3888f53317a8018e7a439bac4abeb8f3425d5e9 (v21.7, v3.21.7) + NOTE: CPU DoS in protobuf-java, requires significant refactoring via CVE-2022-3171 +CVE-2022-3508 + RESERVED +CVE-2022-3507 + RESERVED +CVE-2022-3506 (Cross-site Scripting (XSS) - Stored in GitHub repository barrykooij/re ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3505 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) + NOT-FOR-US: SourceCodester +CVE-2022-3504 (A vulnerability was found in SourceCodester Sanitization Management Sy ...) + NOT-FOR-US: SourceCodester +CVE-2022-42919 (Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows lo ...) + - python3.11 3.11.0-2 + - python3.10 3.10.8-2 + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + [buster] - python3.7 (Vulnerable functionality backported later in 3.7.8) + - python2.7 (Vulnerable code introduced later) + NOTE: https://github.com/python/cpython/issues/97514 + NOTE: https://github.com/python/cpython/commit/4686d77a04570a663164c03193d9def23c89b122 (3.11-branch) + NOTE: https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2 (3.10-branch) + NOTE: https://github.com/python/cpython/commit/b43496c01a554cf41ae654a0379efae18609ad39 (3.9-branch) + NOTE: The patch for 3.9 and later only removes the default preference for abstract sockets which + NOTE: prevents CVE-2022-42919. Versions 3.8.4 and 3.7.8 are not vulnerable by default (but issue present) + NOTE: though users would need to make specific uncommon multiprocessing API calls specifying their own + NOTE: forkserver control socket path. Earlier 3.x versions are not vulnerable. +CVE-2022-3503 (A vulnerability was found in SourceCodester Purchase Order Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3502 (A vulnerability was found in Human Resource Management System 1.0. It ...) + NOT-FOR-US: Human Resource Management System +CVE-2022-3501 (Article template contents with sensitive data could be accessed from a ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 8.x, so won't affect Znuny which forked from 6.x +CVE-2022-3500 (A vulnerability was found in keylime. This security issue happens in s ...) + NOT-FOR-US: keylime +CVE-2022-42918 + RESERVED +CVE-2022-42917 + RESERVED +CVE-2022-42916 (In curl before 7.86.0, the HSTS check could be bypassed to trick it in ...) + - curl 7.86.0-1 + [bullseye] - curl (curl is not built with HSTS support) + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2022-42916.html + NOTE: Introduced with: https://github.com/curl/curl/commit/7385610d0c74c6a254fea5e4cd6e1d559d848c8c (curl-7_74_0) + NOTE: Enabled by default since: https://github.com/curl/curl/commit/d71ff2b9db566b3f4b2eb29441c2df86715d4339 (curl-7_77_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/53bcf55b4538067e6dc36242168866becb987bb7 (curl-7_86_0) +CVE-2022-42915 (curl before 7.86.0 has a double free. If curl is told to use an HTTP p ...) + - curl 7.86.0-1 + [bullseye] - curl (Vulnerable code not present) + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2022-42915.html + NOTE: Introduced by: https://github.com/curl/curl/commit/51c0ebcff2140c38ff389b4fcfb8216f5e9d198c (curl-7_77_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/55e1875729f9d9fc7315cec611bffbd2c817ad89 (curl-7_86_0) +CVE-2022-42914 + RESERVED +CVE-2022-42913 + RESERVED +CVE-2022-42912 + RESERVED +CVE-2022-42911 + RESERVED +CVE-2022-42910 + RESERVED +CVE-2022-42909 (WEPA Print Away does not verify that a user has authorization to acces ...) + NOT-FOR-US: WEPA Print Away +CVE-2022-42908 (WEPA Print Away is vulnerable to a stored XSS. It does not properly sa ...) + NOT-FOR-US: WEPA Print Away +CVE-2022-3499 (An authenticated attacker could utilize the identical agent and cluste ...) + NOT-FOR-US: Nessus +CVE-2022-3498 + RESERVED +CVE-2022-3497 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3496 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3495 (A vulnerability has been found in SourceCodester Simple Online Public ...) + NOT-FOR-US: SourceCodester +CVE-2022-3494 (The Complianz WordPress plugin before 6.3.4, and Complianz Premium Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3493 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Human Resource Management System +CVE-2022-3492 (A vulnerability classified as critical was found in SourceCodester Hum ...) + NOT-FOR-US: SourceCodester Human Resource Management System +CVE-2022-3491 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0813-1 (unimportant) + NOTE: https://huntr.dev/bounties/6e6e05c2-2cf7-4aa5-a817-a62007bf92cb + NOTE: https://github.com/vim/vim/commit/3558afe9e9e904cabb8475392d859f2d2fc21041 (v9.0.0742) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3490 (The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3489 (The WP Hide WordPress plugin through 0.0.2 does not have authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3488 (Processing of repeated responses to the same query, where both respons ...) + - bind9 (Only affects Supported Preview Edition/Subscription Edition) +CVE-2022-3487 + REJECTED +CVE-2022-3486 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3485 (In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated rem ...) + NOT-FOR-US: IFM Moneo Appliance +CVE-2022-3484 (The WPB Show Core WordPress plugin does not sanitize and escape a para ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3483 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3482 (An improper access control issue in GitLab CE/EE affecting all version ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3481 (The WooCommerce Dropshipping WordPress plugin before 4.4 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3480 (A remote, unauthenticated attacker could cause a denial-of-service of ...) + NOT-FOR-US: PHOENIX +CVE-2022-3479 (A vulnerability found in nss. By this security vulnerability, nss clie ...) + - nss 2:3.87-1 (bug #1021786) + [bullseye] - nss (Vulnerable code not present) + [buster] - nss (The vulnerable code was introduced later) + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 + NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/a7f363511333b8062945557607691002fd6e40b9 +CVE-2022-42907 + RESERVED +CVE-2022-42905 (In wolfSSL before 5.5.2, if callback functions are enabled (via the WO ...) + - wolfssl 5.5.3-1 + [bullseye] - wolfssl (Minor issue) + NOTE: Fixed in 5.5.2 (https://www.wolfssl.com/docs/security-vulnerabilities/) +CVE-2022-42904 (Zoho ManageEngine ADManager Plus through 7151 allows authenticated adm ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-42903 (Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileg ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-42902 (In Linaro Automated Validation Architecture (LAVA) before 2022.10, the ...) + {DSA-5260-1 DLA-3192-1} + - lava 2022.10-1 (bug #1021737) + NOTE: https://git.lavasoftware.org/lava/lava/-/merge_requests/1834 + NOTE: https://git.lavasoftware.org/lava/lava/-/commit/e66b74cd6c175ff8826b8f3431740963be228b52?merge_request_iid=1834 +CVE-2022-42901 (Bentley MicroStation and MicroStation-based applications may be affect ...) + NOT-FOR-US: Bentley +CVE-2022-42900 (Bentley MicroStation and MicroStation-based applications may be affect ...) + NOT-FOR-US: Bentley +CVE-2022-42899 (Bentley MicroStation and MicroStation-based applications may be affect ...) + NOT-FOR-US: Bentley +CVE-2022-42898 (PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x befo ...) + {DSA-5287-1 DSA-5286-1 DLA-3213-1 DLA-3206-1} + - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) + - krb5 1.20.1-1 (bug #1024267) + - samba 2:4.17.3+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2022-42898.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15203 + NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583 (master) + NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/b99de751dd35360c0fccac74a40f4a60dbf1ceea (krb5-1.20.1-final) + NOTE: MIT-krb5: https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 (krb5-1.19.4-final) + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c + NOTE: Heimdal: https://github.com/heimdal/heimdal/commit/0c56257bdac80da015878fffdb0f8a42b8d73246 (heimdal-7.7.1) + NOTE: Heimdal regression: https://github.com/heimdal/heimdal/pull/1025 + NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 + NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 +CVE-2022-42897 (Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthe ...) + NOT-FOR-US: Array Networks +CVE-2022-3478 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-42906 (powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbi ...) + {DLA-3277-1} + - powerline-gitstatus 1.3.2-1 + [bullseye] - powerline-gitstatus 1.3.2-0+deb11u1 + NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/issues/45 + NOTE: https://github.com/jaspernbrouwer/powerline-gitstatus/pull/46 +CVE-2022-42896 (There are use-after-free vulnerabilities in the Linux kernel's net/blu ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.10-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/711f8c3fb3db61897080468586b970c87c61d9e4 + NOTE: https://git.kernel.org/linus/f937b758a188d6fd328a81367087eddbb2fce50f + NOTE: https://github.com/google/security-research/security/advisories/GHSA-pf87-6c9q-jvm4 +CVE-2022-42895 (There is an infoleak vulnerability in the Linux kernel's net/bluetooth ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.7-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://git.kernel.org/linus/b1a2cd50c0357f243b7435a732b4e62ba3157a2e + NOTE: https://github.com/google/security-research/security/advisories/GHSA-vccx-8h74-2357 +CVE-2022-42894 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42893 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42892 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42891 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42890 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...) + {DSA-5264-1 DLA-3169-1} + - batik 1.16+dfsg-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/3 + NOTE: https://issues.apache.org/jira/browse/BATIK-1345 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904549 +CVE-2022-3477 (The tagDiv Composer WordPress plugin before 3.5, required by the Newsp ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3476 + RESERVED +CVE-2022-3475 + RESERVED +CVE-2022-3474 (A bad credential handling in the remote assets API for Bazel versions ...) + - bazel (bug #979846) +CVE-2022-3473 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2022-3472 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3471 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3470 (A vulnerability was found in SourceCodester Human Resource Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-3469 (The WP Attachments WordPress plugin before 5.0.5 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3468 + RESERVED +CVE-2022-3467 (A vulnerability classified as critical was found in Jiusi OA. Affected ...) + NOT-FOR-US: Jiusi OA +CVE-2022-3466 (The version of cri-o as released for Red Hat OpenShift Container Platf ...) + - cri-o (bug #979702) +CVE-2022-3465 (A vulnerability classified as critical was found in Mediabridge Medial ...) + NOT-FOR-US: Mediabridge Medialink +CVE-2022-3464 (A vulnerability classified as problematic has been found in puppyCMS u ...) + NOT-FOR-US: puppyCMS +CVE-2022-3463 (The Contact Form Plugin WordPress plugin before 4.3.13 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3462 (The Highlight Focus WordPress plugin through 1.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42889 (Apache Commons Text performs variable interpolation, allowing properti ...) + - commons-text 1.10.0-1 (bug #1021787) + [bullseye] - commons-text (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/4 + NOTE: https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/ + NOTE: https://blogs.apache.org/security/entry/cve-2022-42889 +CVE-2022-42878 (Null pointer dereference for some Intel(R) Trace Analyzer and Collecto ...) + NOT-FOR-US: Intel +CVE-2022-42877 + RESERVED +CVE-2022-42876 + RESERVED +CVE-2022-42875 + RESERVED +CVE-2022-42874 + RESERVED +CVE-2022-42873 + RESERVED +CVE-2022-42872 + RESERVED +CVE-2022-42871 + RESERVED +CVE-2022-42870 + RESERVED +CVE-2022-42869 + RESERVED +CVE-2022-42868 + RESERVED +CVE-2022-42487 + RESERVED +CVE-2022-42480 + RESERVED +CVE-2022-41997 + RESERVED +CVE-2022-41984 (Protection mechanism failure for some Intel(R) Arc(TM) graphics cards ...) + NOT-FOR-US: Intel +CVE-2022-41982 (Uncontrolled search path element in the Intel(R) VTune(TM) Profiler so ...) + NOT-FOR-US: Intel +CVE-2022-41784 (Improper access control in kernel mode driver for the Intel(R) OFU sof ...) + NOT-FOR-US: Intel +CVE-2022-41693 (Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition ...) + NOT-FOR-US: Intel +CVE-2022-41687 (Insecure inherited permissions in the HotKey Services for some Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-40221 + RESERVED +CVE-2022-3461 (In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 ma ...) + NOT-FOR-US: PHOENIX +CVE-2022-3460 (In affected versions of Octopus Deploy it is possible for certain type ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-3459 + RESERVED +CVE-2022-3458 (A vulnerability has been found in SourceCodester Human Resource Manage ...) + NOT-FOR-US: SourceCodester +CVE-2022-42867 (A use after free issue was addressed with improved memory management. ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-42866 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-42865 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42864 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2022-42863 (A memory corruption issue was addressed with improved state management ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-42862 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-42861 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-42860 (This issue was addressed with improved checks to prevent unauthorized ...) + NOT-FOR-US: Apple +CVE-2022-42859 (Multiple issues were addressed by removing the vulnerable code. This i ...) + NOT-FOR-US: Apple +CVE-2022-42858 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-42857 + REJECTED +CVE-2022-42856 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-42855 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-42854 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42853 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2022-42852 (The issue was addressed with improved memory handling. This issue is f ...) + {DSA-5309-1 DSA-5308-1 DLA-3274-1} + - webkit2gtk 2.38.3-1 + - wpewebkit 2.38.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0011.html +CVE-2022-42851 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42850 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42849 (An access issue existed with privileged API calls. This issue was addr ...) + NOT-FOR-US: Apple +CVE-2022-42848 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-42847 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-42846 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42845 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42844 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42843 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-42842 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42841 (A type confusion issue was addressed with improved checks. This issue ...) + NOT-FOR-US: Apple +CVE-2022-42840 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42839 + RESERVED +CVE-2022-42838 (An issue with app access to camera data was addressed with improved lo ...) + NOT-FOR-US: Apple +CVE-2022-42837 (An issue existed in the parsing of URLs. This issue was addressed with ...) + NOT-FOR-US: Apple +CVE-2022-42836 + RESERVED +CVE-2022-42835 + REJECTED +CVE-2022-42834 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2022-42833 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2022-42832 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-42831 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-42830 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42829 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-42828 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42827 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-42826 (A use after free issue was addressed with improved memory management. ...) + {DSA-5341-1 DSA-5340-1 DLA-3308-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0001.html +CVE-2022-42825 (This issue was addressed by removing additional entitlements. This iss ...) + NOT-FOR-US: Apple +CVE-2022-42824 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5274-1 DSA-5273-1 DLA-3183-1} + - webkit2gtk 2.38.2-1 + - wpewebkit 2.38.2-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0010.html +CVE-2022-42823 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-5274-1 DSA-5273-1 DLA-3183-1} + - webkit2gtk 2.38.2-1 + - wpewebkit 2.38.2-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0010.html +CVE-2022-42822 + REJECTED +CVE-2022-42821 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-42820 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-42819 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2022-42818 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-42817 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-42816 + RESERVED +CVE-2022-42815 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-42814 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-42813 (A certificate validation issue existed in the handling of WKWebView. T ...) + NOT-FOR-US: Apple +CVE-2022-42812 + RESERVED +CVE-2022-42811 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2022-42810 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42809 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42808 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-42807 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-42806 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-42805 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2022-42804 + REJECTED +CVE-2022-42803 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-42802 + REJECTED +CVE-2022-42801 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-42800 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-42799 (The issue was addressed with improved UI handling. This issue is fixed ...) + {DSA-5274-1 DSA-5273-1 DLA-3183-1} + - webkit2gtk 2.38.2-1 + - wpewebkit 2.38.2-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0010.html +CVE-2022-42798 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-42797 (An injection issue was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2022-42796 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-42795 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2022-42794 + REJECTED +CVE-2022-42793 (An issue in code signature validation was addressed with improved chec ...) + NOT-FOR-US: Apple +CVE-2022-42792 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-42791 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2022-42790 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-42789 (An issue in code signature validation was addressed with improved chec ...) + NOT-FOR-US: Apple +CVE-2022-42788 (A permissions issue existed. This issue was addressed with improved pe ...) + NOT-FOR-US: Apple +CVE-2022-42787 (Multiple W&T products of the Comserver Series use a small number space ...) + NOT-FOR-US: Wiesemann & Theis GmbH products +CVE-2022-42786 (Multiple W&T Products of the ComServer Series are prone to an XSS atta ...) + NOT-FOR-US: Wiesemann & Theis GmbH products +CVE-2022-42785 (Multiple W&T products of the ComServer Series are prone to an authenti ...) + NOT-FOR-US: Wiesemann & Theis GmbH products +CVE-2022-42784 (A vulnerability has been identified in LOGO! 12/24RCE (All versions >= ...) + NOT-FOR-US: Siemens +CVE-2022-3457 (Origin Validation Error in GitHub repository ikus060/rdiffweb prior to ...) + - rdiffweb (bug #969974) +CVE-2022-3456 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3455 + RESERVED +CVE-2022-3454 + RESERVED +CVE-2022-3453 (A vulnerability was found in SourceCodester Book Store Management Syst ...) + NOT-FOR-US: SourceCodester Book Store Management System +CVE-2022-3452 (A vulnerability was found in SourceCodester Book Store Management Syst ...) + NOT-FOR-US: SourceCodester Book Store Management System +CVE-2022-42783 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42782 (In wlan driver, there is a possible missing permission check, This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-42781 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42780 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42779 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42778 (In windows manager service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-42777 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-42776 (In UscAIEngine service, there is a missing permission check. This coul ...) + NOT-FOR-US: Unisoc +CVE-2022-42775 (In camera driver, there is a possible memory corruption due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2022-42774 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42773 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42772 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42771 (In wlan driver, there is a race condition, This could lead to local de ...) + NOT-FOR-US: Unisoc +CVE-2022-42770 (In wlan driver, there is a race condition, This could lead to local de ...) + NOT-FOR-US: Unisoc +CVE-2022-42769 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42768 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42767 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42766 (In wlan driver, there is a possible missing permission check, This cou ...) + NOT-FOR-US: Unisoc +CVE-2022-42765 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42764 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42763 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42762 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42761 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42760 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42759 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42758 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42757 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42756 (In sensor driver, there is a possible buffer overflow due to a missing ...) + NOT-FOR-US: Unisoc +CVE-2022-42755 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-42754 (In npu driver, there is a memory corruption due to a use after free. T ...) + NOT-FOR-US: Unisoc +CVE-2022-42753 (SalonERP version 3.0.2 allows an external attacker to steal the cookie ...) + NOT-FOR-US: SalonERP +CVE-2022-42752 + RESERVED +CVE-2022-42751 (CandidATS version 3.0.0 allows an external attacker to elevate privile ...) + NOT-FOR-US: CandidATS +CVE-2022-42750 (CandidATS version 3.0.0 allows an external attacker to steal the cooki ...) + NOT-FOR-US: CandidATS +CVE-2022-42749 (CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows a ...) + NOT-FOR-US: CandidATS +CVE-2022-42748 (CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, ...) + NOT-FOR-US: CandidATS +CVE-2022-42747 (CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows ...) + NOT-FOR-US: CandidATS +CVE-2022-42746 (CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, all ...) + NOT-FOR-US: CandidATS +CVE-2022-42745 (CandidATS version 3.0.0 allows an external attacker to read arbitrary ...) + NOT-FOR-US: CandidATS +CVE-2022-42744 (CandidATS version 3.0.0 allows an external attacker to perform CRUD op ...) + NOT-FOR-US: CandidATS +CVE-2022-42743 (deep-parse-json version 1.0.2 allows an external attacker to edit or a ...) + NOT-FOR-US: deep-parse-json Nodejs module +CVE-2022-42742 + REJECTED +CVE-2022-42741 + REJECTED +CVE-2022-42740 + REJECTED +CVE-2022-42739 + REJECTED +CVE-2022-42738 + REJECTED +CVE-2022-42737 + REJECTED +CVE-2022-42736 + RESERVED +CVE-2022-41797 (Improper authorization in handler for custom URL scheme vulnerability ...) + NOT-FOR-US: Lemon8 App +CVE-2022-3451 (The Product Stock Manager WordPress plugin before 1.0.5 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3450 (Use after free in Peer Connection in Google Chrome prior to 106.0.5249 ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3449 (Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.1 ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3448 (Use after free in Permissions API in Google Chrome prior to 106.0.5249 ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3447 (Inappropriate implementation in Custom Tabs in Google Chrome on Androi ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3446 (Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.11 ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3445 (Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowe ...) + {DSA-5253-1} + - chromium 106.0.5249.119-1 + [buster] - chromium (see DSA 5046) +CVE-2022-42735 (Improper Privilege Management vulnerability in Apache Software Foundat ...) + NOT-FOR-US: Apache ShenYu +CVE-2022-42734 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42733 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-42732 (A vulnerability has been identified in syngo Dynamics (All versions < ...) + NOT-FOR-US: syngo Dynamics +CVE-2022-3444 (Insufficient data validation in File System API in Google Chrome prior ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) + NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html +CVE-2022-3443 (Insufficient data validation in File System API in Google Chrome prior ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) + NOTE: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html +CVE-2022-3442 (A vulnerability was found in Crealogix EBICS 7.0. It has been rated as ...) + NOT-FOR-US: Crealogix EBICS +CVE-2022-3441 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3440 (The Rock Convert WordPress plugin before 2.11.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3439 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3438 (Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.0a4.) + - rdiffweb (bug #969974) +CVE-2022-42731 (mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows ...) + NOT-FOR-US: django-mfa2 +CVE-2022-42730 + RESERVED +CVE-2022-42729 + RESERVED +CVE-2022-42728 + RESERVED +CVE-2022-42727 + RESERVED +CVE-2022-42726 + RESERVED +CVE-2022-42725 (Warpinator through 1.2.14 allows access outside of an intended directo ...) + NOT-FOR-US: Warpinator +CVE-2022-42724 (app/Controller/UsersController.php in MISP before 2.4.164 allows attac ...) + NOT-FOR-US: MISP +CVE-2022-42723 + RESERVED +CVE-2022-42722 (In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers ...) + {DSA-5257-1 DLA-3173-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 + NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u + NOTE: https://github.com/PurpleVsGreen/beacown +CVE-2022-42721 (A list management bug in BSS handling in the mac80211 stack in the Lin ...) + {DSA-5257-1 DLA-3173-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 + NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u + NOTE: https://github.com/PurpleVsGreen/beacown +CVE-2022-42720 (Various refcounting bugs in the multi-BSS handling in the mac80211 sta ...) + {DSA-5257-1 DLA-3173-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 + NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u + NOTE: https://github.com/PurpleVsGreen/beacown +CVE-2022-42719 (A use-after-free in the mac80211 stack when parsing a multi-BSSID elem ...) + {DSA-5257-1 DLA-3173-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 + NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u + NOTE: https://github.com/PurpleVsGreen/beacown +CVE-2022-42718 (Incorrect default permissions in the installation folder for NI LabVIE ...) + NOT-FOR-US: NI LabVIEW +CVE-2022-42717 (An issue was discovered in Hashicorp Packer before 2.3.1. The recommen ...) + NOT-FOR-US: Hashicorp Packer +CVE-2022-42716 (An issue was discovered in the Arm Mali GPU Kernel Driver. There is a ...) + NOT-FOR-US: Arm Mali GPU Kernel Driver +CVE-2022-42715 (A reflected XSS vulnerability exists in REDCap before 12.04.18 in the ...) + NOT-FOR-US: REDCap +CVE-2022-42714 + RESERVED +CVE-2022-42713 + RESERVED +CVE-2022-42712 + RESERVED +CVE-2022-42711 (In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application ...) + NOT-FOR-US: Progress WhatsUp Gold +CVE-2022-42710 (Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.3 ...) + NOT-FOR-US: Nice Linear eMerge E3-Series +CVE-2022-42709 + RESERVED +CVE-2022-42708 + RESERVED +CVE-2022-42707 (In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22. ...) + - mahara +CVE-2022-42706 (An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 t ...) + {DSA-5358-1 DLA-3335-1} + - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30176 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-009.html + NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=81f10e847efdbe8ec264062ee234e1098c29b3f6 +CVE-2022-42705 (A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.1 ...) + {DSA-5358-1 DLA-3335-1} + - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30244 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-008.html + NOTE: https://git.asterisk.org/gitweb/?p=asterisk/asterisk.git;a=commit;h=7684c9e907fb85f5c58b025d9e385ad2600f12a2 +CVE-2022-42704 (A cross-site scripting (XSS) vulnerability in Employee Service Center ...) + NOT-FOR-US: Employee Service Center +CVE-2022-3437 (A heap-based buffer overflow vulnerability was found in Samba within t ...) + {DSA-5287-1 DLA-3206-1} + - samba 2:4.16.6+dfsg-1 + - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) + NOTE: https://www.samba.org/samba/security/CVE-2022-3437.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15134 + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-45j3-5v39-rf9j + NOTE: https://github.com/heimdal/heimdal/commit/f6edaafcfefd843ca1b1a041f942a853d85ee7c3 (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/c9cc34334bd64b08fe91a2f720262462e9f6bb49 (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/a587a4bcb28d5b9047f332573b1e7c8f89ca3edd (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/c758910eaad3c0de2cfb68830a661c4739675a7d (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/414b2a77fd61c26d64562e3800dc5578d9d0f15d (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/be9bbd93ed8f204b4bc1b92d1bc3c16aac194696 (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/c8407ca079294d76a5ed140ba5b546f870d23ed2 (heimdal-7.7.1) + NOTE: https://github.com/heimdal/heimdal/commit/8fb508a25a6a47289c73e3f4339352a73a396eef (heimdal-7.7.1) + NOTE: In scope for continued Samba support + NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 + NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 +CVE-2021-46845 + RESERVED +CVE-2020-36606 + RESERVED +CVE-2019-25077 + RESERVED +CVE-2022-42703 (mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free relat ...) + - linux 5.19.11-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/2555283eb40df89945557273121e9393ef9b542b (6.0-rc4) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2351 + NOTE: https://googleprojectzero.blogspot.com/2022/12/exploiting-CVE-2022-42703-bringing-back-the-stack-attack.html +CVE-2022-3436 (A vulnerability classified as critical was found in SourceCodester Web ...) + NOT-FOR-US: SourceCodester Web-Based Student Clearance System +CVE-2022-42488 (OpenHarmony-v3.1.2 and prior versions have a Missing permission valida ...) + NOT-FOR-US: OpenHarmony +CVE-2022-42464 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...) + NOT-FOR-US: OpenHarmony +CVE-2022-42463 (OpenHarmony-v3.1.2 and prior versions have an authenication bypass vul ...) + NOT-FOR-US: OpenHarmony +CVE-2022-41686 (OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have a ...) + NOT-FOR-US: OpenHarmony +CVE-2022-3434 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) + NOT-FOR-US: SourceCodester Web-Based Student Clearance System +CVE-2022-3435 (A vulnerability classified as problematic has been found in Linux Kern ...) + {DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://lore.kernel.org/netdev/20221005181257.8897-1-dsahern@kernel.org/T/#u +CVE-2022-42697 + RESERVED +CVE-2022-42696 + RESERVED +CVE-2022-42695 + RESERVED +CVE-2022-42694 + RESERVED +CVE-2022-42693 + RESERVED +CVE-2022-42692 + RESERVED +CVE-2022-42691 + RESERVED +CVE-2022-42690 + RESERVED +CVE-2022-42689 + RESERVED +CVE-2022-42688 + RESERVED +CVE-2022-42687 + RESERVED +CVE-2022-42686 + RESERVED +CVE-2022-42685 + RESERVED +CVE-2022-42684 + RESERVED +CVE-2022-42683 + RESERVED +CVE-2022-42682 + RESERVED +CVE-2022-42681 + RESERVED +CVE-2022-42680 + RESERVED +CVE-2022-42679 + RESERVED +CVE-2022-42678 + RESERVED +CVE-2022-42677 + RESERVED +CVE-2022-42676 + RESERVED +CVE-2022-42675 + RESERVED +CVE-2022-42674 + RESERVED +CVE-2022-42673 + RESERVED +CVE-2022-42672 + RESERVED +CVE-2022-42671 + RESERVED +CVE-2022-42670 + RESERVED +CVE-2022-42669 + RESERVED +CVE-2022-42668 + RESERVED +CVE-2022-42667 + RESERVED +CVE-2022-42666 + RESERVED +CVE-2022-42665 + RESERVED +CVE-2022-42664 + RESERVED +CVE-2022-42663 + RESERVED +CVE-2022-42662 + RESERVED +CVE-2022-42661 + RESERVED +CVE-2022-42660 + RESERVED +CVE-2022-42659 + RESERVED +CVE-2022-42658 + RESERVED +CVE-2022-42657 + RESERVED +CVE-2022-42656 + RESERVED +CVE-2022-42655 + RESERVED +CVE-2022-42654 + RESERVED +CVE-2022-42653 + RESERVED +CVE-2022-42652 + RESERVED +CVE-2022-42651 + RESERVED +CVE-2022-42650 + RESERVED +CVE-2022-42649 + RESERVED +CVE-2022-42648 + RESERVED +CVE-2022-42647 + RESERVED +CVE-2022-42646 + RESERVED +CVE-2022-42645 + RESERVED +CVE-2022-42644 + RESERVED +CVE-2022-42643 + RESERVED +CVE-2022-42642 + RESERVED +CVE-2022-42641 + RESERVED +CVE-2022-42640 + RESERVED +CVE-2022-42639 + RESERVED +CVE-2022-42638 + RESERVED +CVE-2022-42637 + RESERVED +CVE-2022-42636 + RESERVED +CVE-2022-42635 + RESERVED +CVE-2022-42634 + RESERVED +CVE-2022-42633 + RESERVED +CVE-2022-42632 + RESERVED +CVE-2022-42631 + RESERVED +CVE-2022-42630 + RESERVED +CVE-2022-42629 + RESERVED +CVE-2022-42628 + RESERVED +CVE-2022-42627 + RESERVED +CVE-2022-42626 + RESERVED +CVE-2022-42625 + RESERVED +CVE-2022-42624 + RESERVED +CVE-2022-42623 + RESERVED +CVE-2022-42622 + RESERVED +CVE-2022-42621 + RESERVED +CVE-2022-42620 + RESERVED +CVE-2022-42619 + RESERVED +CVE-2022-42618 + RESERVED +CVE-2022-42617 + RESERVED +CVE-2022-42616 + RESERVED +CVE-2022-42615 + RESERVED +CVE-2022-42614 + RESERVED +CVE-2022-42613 + RESERVED +CVE-2022-42612 + RESERVED +CVE-2022-42611 + RESERVED +CVE-2022-42610 + RESERVED +CVE-2022-42609 + RESERVED +CVE-2022-42608 + RESERVED +CVE-2022-42607 + RESERVED +CVE-2022-42606 + RESERVED +CVE-2022-42605 + RESERVED +CVE-2022-42604 + RESERVED +CVE-2022-42603 + RESERVED +CVE-2022-42602 + RESERVED +CVE-2022-42601 + RESERVED +CVE-2022-42600 + RESERVED +CVE-2022-42599 + RESERVED +CVE-2022-42598 + RESERVED +CVE-2022-42597 + RESERVED +CVE-2022-42596 + RESERVED +CVE-2022-42595 + RESERVED +CVE-2022-42594 + RESERVED +CVE-2022-42593 + RESERVED +CVE-2022-42592 + RESERVED +CVE-2022-42591 + RESERVED +CVE-2022-42590 + RESERVED +CVE-2022-42589 + RESERVED +CVE-2022-42588 + RESERVED +CVE-2022-42587 + RESERVED +CVE-2022-42586 + RESERVED +CVE-2022-42585 + RESERVED +CVE-2022-42584 + RESERVED +CVE-2022-42583 + RESERVED +CVE-2022-42582 + RESERVED +CVE-2022-42581 + RESERVED +CVE-2022-42580 + RESERVED +CVE-2022-42579 + RESERVED +CVE-2022-42578 + RESERVED +CVE-2022-42577 + RESERVED +CVE-2022-42576 + RESERVED +CVE-2022-42575 + RESERVED +CVE-2022-42574 + RESERVED +CVE-2022-42573 + RESERVED +CVE-2022-42572 + RESERVED +CVE-2022-42571 + RESERVED +CVE-2022-42570 + RESERVED +CVE-2022-42569 + RESERVED +CVE-2022-42568 + RESERVED +CVE-2022-42567 + RESERVED +CVE-2022-42566 + RESERVED +CVE-2022-42565 + RESERVED +CVE-2022-42564 + RESERVED +CVE-2022-42563 + RESERVED +CVE-2022-42562 + RESERVED +CVE-2022-42561 + RESERVED +CVE-2022-42560 + RESERVED +CVE-2022-42559 + RESERVED +CVE-2022-42558 + RESERVED +CVE-2022-42557 + RESERVED +CVE-2022-42556 + RESERVED +CVE-2022-42555 + RESERVED +CVE-2022-42554 + RESERVED +CVE-2022-42553 + RESERVED +CVE-2022-42552 + RESERVED +CVE-2022-42551 + RESERVED +CVE-2022-42550 + RESERVED +CVE-2022-42549 + RESERVED +CVE-2022-42548 + RESERVED +CVE-2022-42547 + RESERVED +CVE-2022-42546 + RESERVED +CVE-2022-42545 + RESERVED +CVE-2022-42544 (In getView of AddAppNetworksFragment.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2022-42543 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-42542 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-42541 (Remote code execution) + NOT-FOR-US: Google Chromecast +CVE-2022-42540 (Elevation of privilege) + NOT-FOR-US: Google Chromecast +CVE-2022-42539 (Information disclosure) + NOT-FOR-US: Google Chromecast +CVE-2022-42538 (Elevation of privilege) + NOT-FOR-US: Google Chromecast +CVE-2022-42537 (Remote code execution) + NOT-FOR-US: Google Chromecast +CVE-2022-42536 (Remote code execution) + NOT-FOR-US: Google Chromecast +CVE-2022-42535 (In a query in MmsSmsProvider.java, there is a possible access to restr ...) + NOT-FOR-US: Android +CVE-2022-42534 (In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-42533 (In shared_metadata_init of SharedMetadata.cpp, there is a possible out ...) + NOT-FOR-US: Google Pixel +CVE-2022-42532 (In Pixel firmware, there is a possible out of bounds read due to a mis ...) + NOT-FOR-US: Android +CVE-2022-42531 (In mmu_map_for_fw of gs_ldfw_load.c, there is a possible mitigation by ...) + NOT-FOR-US: Android +CVE-2022-42530 (In Pixel firmware, there is a possible out of bounds read due to a mis ...) + NOT-FOR-US: Android +CVE-2022-42529 (Product: AndroidVersions: Android kernelAndroid ID: A-235292841Referen ...) + NOT-FOR-US: Android +CVE-2022-42528 (In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic ...) + NOT-FOR-US: Android +CVE-2022-42527 (In cd_SsParseMsg of cd_SsCodec.c, there is a possible crash due to a m ...) + NOT-FOR-US: Android +CVE-2022-42526 (In ConvertUtf8ToUcs2 of radio_hal_utils.cpp, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2022-42525 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-42524 (In sms_GetTpUdlIe of sms_PduCodec.c, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2022-42523 (In fillSetupDataCallInfo_V1_6 of ril_service_1_6.cpp, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-42522 (In DoSetCarrierConfig of miscservice.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-42521 (In encode of wlandata.cpp, there is a possible out of bounds write due ...) + NOT-FOR-US: Android +CVE-2022-42520 (In ServiceInterface::HandleRequest of serviceinterface.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2022-42519 (In CdmaBroadcastSmsConfigsRequestData::encode of cdmasmsdata.cpp, ther ...) + NOT-FOR-US: Android +CVE-2022-42518 (In BroadcastSmsConfigsRequestData::encode of smsdata.cpp, there is a p ...) + NOT-FOR-US: Android +CVE-2022-42517 (In MiscService::DoOemSetTcsFci of miscservice.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-42516 (In ProtocolSimBuilderLegacy::BuildSimGetGbaAuth of protocolsimbuilderl ...) + NOT-FOR-US: Android +CVE-2022-42515 (In MiscService::DoOemSetRtpPktlossThreshold of miscservice.cpp, there ...) + NOT-FOR-US: Android +CVE-2022-42514 (In ProtocolImsBuilder::BuildSetConfig of protocolimsbuilder.cpp, there ...) + NOT-FOR-US: Android +CVE-2022-42513 (In ProtocolEmbmsBuilder::BuildSetSession of protocolembmsbuilder.cpp, ...) + NOT-FOR-US: Android +CVE-2022-42512 (In VsimOperationDataExt::encode of vsimdata.cpp, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-42511 (In EmbmsSessionData::encode of embmsdata.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-42510 (In StringsRequestData::encode of requestdata.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-42509 (In CallDialReqData::encode of callreqdata.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-42508 (In ProtocolCallBuilder::BuildSendUssd of protocolcallbuilder.cpp, ther ...) + NOT-FOR-US: Android +CVE-2022-42507 (In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.c ...) + NOT-FOR-US: Android +CVE-2022-42506 (In SimUpdatePbEntry::encode of simdata.cpp, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2022-42505 (In ProtocolMiscBuilder::BuildSetSignalReportCriteria of protocolmiscbu ...) + NOT-FOR-US: Android +CVE-2022-42504 (In CallDialReqData::encodeCallNumber of callreqdata.cpp, there is a po ...) + NOT-FOR-US: Android +CVE-2022-42503 (In ProtocolMiscBuilder::BuildSetLinkCapaReportCriteria of protocolmisc ...) + NOT-FOR-US: Android +CVE-2022-42502 (In FacilityLock::Parse of simdata.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2022-42501 (In HexString2Value of util.cpp, there is a possible out of bounds writ ...) + NOT-FOR-US: Android +CVE-2022-42500 (In OEM_OnRequest of sced.cpp, there is a possible shell command execut ...) + NOT-FOR-US: Android +CVE-2022-42499 (In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2022-42498 (In Pixel cellular firmware, there is a possible out of bounds write du ...) + NOT-FOR-US: Android +CVE-2022-3433 (The aeson library is not safe to use to consume untrusted JSON input. ...) + - haskell-aeson 2.0.3.0-1 (bug #1009678) + [bullseye] - haskell-aeson (Minor issue) + [buster] - haskell-aeson (Minor issue) + [stretch] - haskell-aeson (Minor issue) + NOTE: https://cs-syd.eu/posts/2021-09-11-json-vulnerability + NOTE: https://github.com/haskell/aeson/issues/864 + NOTE: https://github.com/haskell/aeson/commit/582a844d8028f62e409048a4caae187b27e8e697 (v2.0.1.0) +CVE-2022-3432 (A potential vulnerability in a driver used during manufacturing proces ...) + NOT-FOR-US: Lenovo +CVE-2022-3431 (A potential vulnerability in a driver used during manufacturing proces ...) + NOT-FOR-US: Lenovo +CVE-2022-3430 (A potential vulnerability in the WMI Setup driver on some consumer Len ...) + NOT-FOR-US: Lenovo +CVE-2022-42493 (Several OS command injection vulnerabilities exist in the m2m binary o ...) + NOT-FOR-US: Siretta +CVE-2022-42492 (Several OS command injection vulnerabilities exist in the m2m binary o ...) + NOT-FOR-US: Siretta +CVE-2022-42491 (Several OS command injection vulnerabilities exist in the m2m binary o ...) + NOT-FOR-US: Siretta +CVE-2022-42490 (Several OS command injection vulnerabilities exist in the m2m binary o ...) + NOT-FOR-US: Siretta +CVE-2022-42484 (An OS command injection vulnerability exists in the httpd logs/view.cg ...) + NOT-FOR-US: FreshTomato +CVE-2022-42483 + RESERVED +CVE-2022-42482 + RESERVED +CVE-2022-42481 + RESERVED +CVE-2022-42478 (An Improper Restriction of Excessive Authentication Attempts [CWE-307] ...) + NOT-FOR-US: Fortinet +CVE-2022-42477 (An improper input validation vulnerability [CWE-20] in FortiAnalyzer v ...) + NOT-FOR-US: Fortinet +CVE-2022-42476 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) + NOT-FOR-US: Fortinet +CVE-2022-42475 (A heap-based buffer overflow vulnerability [CWE-122]in FortiOS SSL-VPN ...) + NOT-FOR-US: FortiOS SSL-VPN +CVE-2022-42474 (A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS v ...) + NOT-FOR-US: Fortinet +CVE-2022-42473 (A missing authentication for a critical function vulnerability in Fort ...) + NOT-FOR-US: FortiGuard +CVE-2022-42472 (A improper neutralization of crlf sequences in http headers ('http res ...) + NOT-FOR-US: Fortinet +CVE-2022-42471 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) + NOT-FOR-US: FortiGuard +CVE-2022-42470 (A relative path traversal vulnerability in Fortinet FortiClient (Windo ...) + NOT-FOR-US: Fortinet +CVE-2022-42469 (A permissive list of allowed inputs vulnerability [CWE-183] in FortiGa ...) + NOT-FOR-US: Fortinet +CVE-2022-41999 (A denial of service vulnerability exists in the DDS native tile readin ...) + {DSA-5384-1 DLA-3382-1} + [experimental] - openimageio 2.4.7.1+dfsg-1 + - openimageio 2.4.7.1+dfsg-2 (bug #1027808) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1635 + NOTE: https://github.com/OpenImageIO/oiio/pull/3625 + NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b +CVE-2022-41991 (A heap-based buffer overflow vulnerability exists in the m2m DELETE_FI ...) + NOT-FOR-US: Siretta +CVE-2022-41988 (An information disclosure vulnerability exists in the OpenImageIO::dec ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.3.21.0+dfsg-1 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1643 + NOTE: https://github.com/OpenImageIO/oiio/commit/e9103925bb2aeed36b01b3805f36959f5d1a2e18#diff-8496b368a265f99b41e3c06bf99a5ea82d4f40fff1919ee79caa26ae033b3a06R118 + NOTE: https://github.com/OpenImageIO/oiio/pull/3632 +CVE-2022-41838 (A code execution vulnerability exists in the DDS scanline parsing func ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1634 + NOTE: https://github.com/OpenImageIO/oiio/commit/e44400feac32d455b49e9c8baffa52ed855ba59b +CVE-2022-41837 (An out-of-bounds write vulnerability exists in the OpenImageIO::add_ex ...) + {DSA-5384-1 DLA-3518-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1636 + NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b +CVE-2022-41632 + RESERVED +CVE-2022-41630 + RESERVED +CVE-2022-41154 (A directory traversal vulnerability exists in the m2m DELETE_FILE cmd ...) + NOT-FOR-US: Siretta +CVE-2022-40222 (An OS command injection vulnerability exists in the m2m DELETE_FILE cm ...) + NOT-FOR-US: Siretta +CVE-2022-38451 (A directory traversal vulnerability exists in the httpd update.cgi fun ...) + NOT-FOR-US: FreshTomato +CVE-2022-38091 + RESERVED +CVE-2022-3429 (A denial-of-service vulnerability was found in the firmware used in Le ...) + NOT-FOR-US: Lenovo +CVE-2022-3428 + RESERVED +CVE-2022-3427 (The Corner Ad plugin for WordPress is vulnerable to Cross-Site Request ...) + NOT-FOR-US: Corner Ad plugin for WordPress +CVE-2022-3426 (The Advanced WP Columns WordPress plugin through 2.0.6 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3425 (The Analyticator WordPress plugin before 6.5.6 unserializes user input ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3424 (A use-after-free flaw was found in the Linux kernel\u2019s SGI GRU dri ...) + {DLA-3404-1 DLA-3403-1} + - linux 6.1.4-1 (unimportant) + [bullseye] - linux 5.10.178-1 + NOTE: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/ + NOTE: https://git.kernel.org/linus/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc + NOTE: SGI_GRU not enabled in any Debian kernel +CVE-2022-3423 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + NOT-FOR-US: nocodb +CVE-2022-3422 (Account Takeover :: when see the info i can see the hash pass i can cr ...) + NOT-FOR-US: ToolJet +CVE-2022-3421 (An attacker can pre-create the `/Applications/Google\ Drive.app/Conten ...) + NOT-FOR-US: Drive for Desktop MacOS +CVE-2022-3420 (The Official Integration for Billingo WordPress plugin before 3.4.0 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3419 (The Automatic User Roles Switcher WordPress plugin before 1.1.2 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42468 (Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote ...) + NOT-FOR-US: Apache Flume +CVE-2022-42467 (When running in prototype mode, the h2 webconsole module (accessible f ...) + NOT-FOR-US: Apache Isis +CVE-2022-42466 (Prior to 2.0.0-M9, it was possible for an end-user to set the value of ...) + NOT-FOR-US: Apache Isis +CVE-2022-42458 (Authentication bypass using an alternate path or channel vulnerability ...) + NOT-FOR-US: bingo!CMS +CVE-2022-42001 (Cross-site Scripting (XSS) vulnerability in BlueSpiceBookshelf extensi ...) + NOT-FOR-US: Bluespice extension +CVE-2022-42000 (Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile ext ...) + NOT-FOR-US: Bluespice extension +CVE-2022-41986 (Information disclosure vulnerability in Android App 'IIJ SmartKey' ver ...) + NOT-FOR-US: Android App 'IIJ SmartKey' +CVE-2022-41814 (Cross-site Scripting (XSS) vulnerability in BlueSpiceFoundation extens ...) + NOT-FOR-US: Bluespice extension +CVE-2022-41796 (Untrusted search path vulnerability in the installer of Content Transf ...) + NOT-FOR-US: installer of Content Transfer (for Windows) +CVE-2022-41789 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...) + NOT-FOR-US: Bluespice skin +CVE-2022-41611 (Cross-site Scripting (XSS) vulnerability in BlueSpiceDiscovery skin of ...) + NOT-FOR-US: Bluespice skin +CVE-2022-3418 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3417 (The WPtouch WordPress plugin before 4.3.45 unserialises the content of ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3416 (The WPtouch WordPress plugin before 4.3.45 does not properly validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3415 (The Chat Bubble WordPress plugin before 2.3 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3414 (A vulnerability was found in SourceCodester Web-Based Student Clearanc ...) + NOT-FOR-US: SourceCodester Web-Based Student Clearance System +CVE-2022-3413 (Incorrect authorization during display of Audit Events in GitLab EE af ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3412 + RESERVED +CVE-2022-3411 (A lack of length validation in GitLab CE/EE affecting all versions fro ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3410 + RESERVED +CVE-2022-3409 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...) + NOT-FOR-US: OpenBMC +CVE-2022-3408 (The WP Word Count WordPress plugin through 3.2.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3407 (I some cases, when the device is USB-tethered to a host PC, and the de ...) + NOT-FOR-US: Motorola +CVE-2022-42457 (Generex CS141 through 2.10 allows remote command execution by administ ...) + NOT-FOR-US: Generex CS141 +CVE-2022-42456 + RESERVED +CVE-2022-42455 (ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b ...) + NOT-FOR-US: ASUS +CVE-2022-42454 (Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-t ...) + NOT-FOR-US: HCL +CVE-2022-42453 (There are insufficient warnings when a Fixlet is imported by a user. T ...) + NOT-FOR-US: HCL +CVE-2022-42452 (HCL Launch is vulnerable to HTML injection. HTML code is stored and in ...) + NOT-FOR-US: HCL +CVE-2022-42451 (Certain credentials within the BigFix Patch Management Download Plug-i ...) + NOT-FOR-US: HCL +CVE-2022-42450 + RESERVED +CVE-2022-42449 + RESERVED +CVE-2022-42448 + RESERVED +CVE-2022-42447 (HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). Thi ...) + NOT-FOR-US: HCL +CVE-2022-42446 (Starting with Sametime 12, anonymous users are enabled by default. Aft ...) + NOT-FOR-US: HCL +CVE-2022-42445 (HCL Launch could allow a user with administrative privileges, includin ...) + NOT-FOR-US: HCL +CVE-2022-42444 (IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 thr ...) + NOT-FOR-US: IBM +CVE-2022-42443 + RESERVED +CVE-2022-42442 (IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 2 ...) + NOT-FOR-US: IBM +CVE-2022-42441 + RESERVED +CVE-2022-42440 + RESERVED +CVE-2022-42439 (IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 an ...) + NOT-FOR-US: IBM +CVE-2022-42438 (IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows ...) + NOT-FOR-US: IBM +CVE-2022-42437 + RESERVED +CVE-2022-42436 (IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could a ...) + NOT-FOR-US: IBM +CVE-2022-42435 (IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0. ...) + NOT-FOR-US: IBM +CVE-2022-42433 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-42432 (This vulnerability allows local attackers to disclose sensitive inform ...) + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/559c36c5a8d730c49ef805a72b213d3bba155cc8 (6.0-rc7) +CVE-2022-42431 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Tesla vehicles +CVE-2022-42430 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Tesla vehicles +CVE-2022-42429 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42428 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42427 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42426 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42425 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42424 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-42423 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42422 + RESERVED +CVE-2022-42421 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42420 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42419 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42418 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42417 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42416 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42415 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42414 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42413 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42412 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42411 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42410 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42409 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42408 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42407 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42406 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42405 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42404 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42403 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42402 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42401 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42400 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42399 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42398 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42397 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42396 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42395 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42394 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42393 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42392 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42391 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42390 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42389 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42388 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42387 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42386 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42385 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42384 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42383 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42382 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42381 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42380 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42379 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42378 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42377 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42376 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42375 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42374 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42373 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42372 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42371 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42370 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42369 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-42368 + RESERVED +CVE-2022-42367 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42366 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42365 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42364 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42363 + RESERVED +CVE-2022-42362 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42361 + RESERVED +CVE-2022-42360 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42359 + RESERVED +CVE-2022-42358 + RESERVED +CVE-2022-42357 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42356 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42355 + RESERVED +CVE-2022-42354 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42353 + RESERVED +CVE-2022-42352 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42351 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42350 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42349 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42348 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42347 + RESERVED +CVE-2022-42346 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42345 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-42344 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-42343 (Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-42342 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-42341 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-42340 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-42339 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-42338 + REJECTED +CVE-2022-42337 + REJECTED +CVE-2022-42336 (Mishandling of guest SSBD selection on AMD hardware The current logic ...) + - xen 4.17.1+2-gb773c48e36-1 (bug #1036298) + [bullseye] - xen (Vulnerable code not present) + [buster] - xen (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/05/16/5 + NOTE: https://xenbits.xen.org/xsa/advisory-431.html +CVE-2022-42335 (x86 shadow paging arbitrary pointer dereference In environments where ...) + - xen 4.17.1+2-gb773c48e36-1 (bug #1034842) + [bullseye] - xen (Vulnerable code not present) + [buster] - xen (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/04/25/1 + NOTE: https://xenbits.xen.org/xsa/advisory-430.html +CVE-2022-42334 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...) + {DSA-5378-1} + - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) + [buster] - xen (DSA 4677-1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2 + NOTE: https://xenbits.xen.org/xsa/advisory-428.html +CVE-2022-42333 (x86/HVM pinned cache attributes mis-handling T[his CNA information rec ...) + {DSA-5378-1} + - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) + [buster] - xen (DSA 4677-1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/2 + NOTE: https://xenbits.xen.org/xsa/advisory-428.html +CVE-2022-42332 (x86 shadow plus log-dirty mode use-after-free In environments where ho ...) + {DSA-5378-1} + - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) + [buster] - xen (DSA 4677-1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/1 + NOTE: https://xenbits.xen.org/xsa/advisory-427.html +CVE-2022-42331 (x86: speculative vulnerability in 32bit SYSCALL path Due to an oversig ...) + {DSA-5378-1} + - xen 4.17.0+74-g3eac216e6e-1 (bug #1033297) + [buster] - xen (DSA 4677-1) + NOTE: https://www.openwall.com/lists/oss-security/2023/03/21/3 + NOTE: https://xenbits.xen.org/xsa/advisory-429.html +CVE-2022-42330 (Guests can cause Xenstore crash via soft reset When a guest issues a " ...) + - xen 4.17.0+24-g2f8851c37f-2 (bug #1029830) + [bullseye] - xen (Only affects 4.17) + [buster] - xen (Only affects 4.17) + NOTE: https://xenbits.xen.org/xsa/advisory-425.html +CVE-2022-42329 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://xenbits.xen.org/xsa/advisory-424.html + NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5 +CVE-2022-42328 (Guests can trigger deadlock in Linux netback driver T[his CNA informat ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.12-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://xenbits.xen.org/xsa/advisory-424.html + NOTE: https://git.kernel.org/linus/74e7e1efdad45580cc3839f2a155174cf158f9b5 +CVE-2022-42327 (x86: unintended memory sharing between guests On Intel systems that su ...) + - xen 4.16.2+90-g0d39a6d1ae-1 + [bullseye] - xen (Vulnerable code introduced later in 4.16) + [buster] - xen (Vulnerable code introduced later in 4.16) + NOTE: https://xenbits.xen.org/xsa/advisory-412.html +CVE-2022-42326 (Xenstore: Guests can create arbitrary number of nodes via transactions ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-421.html +CVE-2022-42325 (Xenstore: Guests can create arbitrary number of nodes via transactions ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-421.html +CVE-2022-42324 (Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-420.html +CVE-2022-42323 (Xenstore: Cooperating guests can create arbitrary numbers of nodes T[h ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-419.html +CVE-2022-42322 (Xenstore: Cooperating guests can create arbitrary numbers of nodes T[h ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-419.html +CVE-2022-42321 (Xenstore: Guests can crash xenstored via exhausting the stack Xenstore ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-418.html +CVE-2022-42320 (Xenstore: Guests can get access to Xenstore nodes of deleted domains A ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-417.html +CVE-2022-42319 (Xenstore: Guests can cause Xenstore to not free temporary memory When ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-416.html +CVE-2022-42318 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42317 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42316 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42315 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42314 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42313 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42312 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42311 (Xenstore: guests can let run xenstored out of memory T[his CNA informa ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-326.html +CVE-2022-42310 (Xenstore: Guests can create orphaned Xenstore nodes By creating multip ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-415.html +CVE-2022-42309 (Xenstore: Guests can crash xenstored Due to a bug in the fix of XSA-11 ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-414.html +CVE-2022-42308 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...) + NOT-FOR-US: Veritas +CVE-2022-42307 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) + NOT-FOR-US: Veritas +CVE-2022-42306 (An issue was discovered in Veritas NetBackup through 8.2 and related V ...) + NOT-FOR-US: Veritas +CVE-2022-42305 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) + NOT-FOR-US: Veritas +CVE-2022-42304 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) + NOT-FOR-US: Veritas +CVE-2022-42303 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) + NOT-FOR-US: Veritas +CVE-2022-42302 (An issue was discovered in Veritas NetBackup through 10.0 and related ...) + NOT-FOR-US: Veritas +CVE-2022-42301 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) + NOT-FOR-US: Veritas +CVE-2022-42300 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) + NOT-FOR-US: Veritas +CVE-2022-42299 (An issue was discovered in Veritas NetBackup through 10.0.0.1 and rela ...) + NOT-FOR-US: Veritas +CVE-2022-42298 + REJECTED +CVE-2022-42297 + REJECTED +CVE-2022-42296 + REJECTED +CVE-2022-42295 + REJECTED +CVE-2022-42294 + REJECTED +CVE-2022-42293 + REJECTED +CVE-2022-42292 (NVIDIA GeForce Experience contains a vulnerability in the NVContainer ...) + NOT-FOR-US: NVIDIA +CVE-2022-42291 (NVIDIA GeForce Experience contains a vulnerability in the installer, w ...) + NOT-FOR-US: NVIDIA +CVE-2022-42290 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42289 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42288 (NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthor ...) + NOT-FOR-US: NVIDIA +CVE-2022-42287 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42286 (DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code ...) + NOT-FOR-US: NVIDIA +CVE-2022-42285 (DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization ...) + NOT-FOR-US: NVIDIA +CVE-2022-42284 (NVIDIA BMC stores user passwords in an obfuscated form in a database a ...) + NOT-FOR-US: NVIDIA +CVE-2022-42283 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42282 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42281 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, w ...) + NOT-FOR-US: NVIDIA +CVE-2022-42280 (NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an ...) + NOT-FOR-US: NVIDIA +CVE-2022-42279 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42278 (NVIDIA BMC contains a vulnerability in SPX REST API, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42277 (NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, ...) + NOT-FOR-US: NVIDIA +CVE-2022-42276 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, whe ...) + NOT-FOR-US: NVIDIA +CVE-2022-42275 (NVIDIA BMC IPMI handler allows an unauthenticated host to write to a h ...) + NOT-FOR-US: NVIDIA +CVE-2022-42274 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42273 (NVIDIA BMC contains a vulnerability in libwebsocket, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42272 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42271 (NVIDIA BMC contains a vulnerability in IPMI handler, where an authoriz ...) + NOT-FOR-US: NVIDIA +CVE-2022-42270 (NVIDIA distributions of Linux contain a vulnerability in nvdla_emu_tas ...) + NOT-FOR-US: NVIDIA +CVE-2022-42269 (NVIDIA Trusted OS contains a vulnerability in an SMC call handler, whe ...) + NOT-FOR-US: NVIDIA +CVE-2022-42268 (Omniverse Kit contains a vulnerability in the reference applications C ...) + NOT-FOR-US: NVIDIA +CVE-2022-42267 (NVIDIA GPU Display Driver for Windows contains a vulnerability where a ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-42266 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-42265 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 515.86.01-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers (Only affects R515) + [buster] - nvidia-graphics-drivers (Only affects R515) +CVE-2022-42264 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42263 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42262 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) +CVE-2022-42261 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) +CVE-2022-42260 (NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) +CVE-2022-42259 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42258 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42257 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42256 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42255 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers (Non-free not supported) + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42254 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-42253 + RESERVED +CVE-2022-42252 (If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10. ...) + {DSA-5381-1 DLA-3384-1} + - tomcat9 9.0.68-1 + - tomcat8 + NOTE: https://lists.apache.org/thread/zzcxzvqfdqn515zfs3dxb7n8gty589sq + NOTE: https://github.com/apache/tomcat/commit/4c7f4fd09d2cc1692112ef70b8ee23a7a037ae77 (9.0.68) + NOTE: https://github.com/apache/tomcat/commit/a1c07906d8dcaf7957e5cc97f5cdbac7d18a205a (8.5.83) +CVE-2022-3406 + RESERVED +CVE-2022-3405 (Code execution and sensitive information disclosure due to excessive p ...) + NOT-FOR-US: Acronis +CVE-2022-3404 + REJECTED +CVE-2022-3403 + REJECTED +CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to Stored Cro ...) + NOT-FOR-US: Log HTTP Requests plugin for WordPress +CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code execution ...) + NOT-FOR-US: Bricks theme for WordPress +CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization bypass d ...) + NOT-FOR-US: Bricks theme for WordPress +CVE-2022-3399 + RESERVED +CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + NOT-FOR-US: OMRON CX-Programmer +CVE-2022-3397 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + NOT-FOR-US: OMRON CX-Programmer +CVE-2022-3396 (OMRON CX-Programmer 9.78 and prior is vulnerable to an Out-of-Bounds W ...) + NOT-FOR-US: OMRON CX-Programmer +CVE-2022-3395 (The WP All Export Pro WordPress plugin before 1.7.9 uses the contents ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3394 (The WP All Export Pro WordPress plugin before 1.7.9 does not limit som ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3393 (The Post to CSV by BestWebSoft WordPress plugin through 1.4.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3392 (The WP Humans.txt WordPress plugin through 1.0.6 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3391 (The Retain Live Chat WordPress plugin through 0.1 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-42251 + RESERVED +CVE-2022-42250 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42249 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42248 (QlikView 12.60.2 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: QlikView +CVE-2022-42247 (pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: pfSense +CVE-2022-42246 (Doufox 0.0.4 contains a CSRF vulnerability that can add system adminis ...) + NOT-FOR-US: Doufox +CVE-2022-42245 (Dreamer CMS 4.0.01 is vulnerable to SQL Injection.) + NOT-FOR-US: Dreamer CMS +CVE-2022-42244 + RESERVED +CVE-2022-42243 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42242 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42241 (Simple Cold Storage Management System v1.0 is vulnerable to SQL inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42240 + RESERVED +CVE-2022-42239 + RESERVED +CVE-2022-42238 (A Vertical Privilege Escalation issue in Merchandise Online Store v.1. ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-42237 (A SQL Injection issue in Merchandise Online Store v.1.0 allows an atta ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-42236 (A Stored XSS issue in Merchandise Online Store v.1.0 allows to injecti ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-42235 (A Stored XSS issue in Student Clearance System v.1.0 allows the inject ...) + NOT-FOR-US: Student Clearance System +CVE-2022-42234 (There is a file inclusion vulnerability in the template management mod ...) + NOT-FOR-US: UCMS +CVE-2022-42233 (Tenda 11N with firmware version V5.07.33_cn suffers from an Authentica ...) + NOT-FOR-US: Tenda +CVE-2022-42232 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42231 + RESERVED +CVE-2022-42230 (Simple Cold Storage Management System v1.0 is vulnerable to SQL Inject ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2022-42229 (Wedding Planner v1.0 is vulnerable to Arbitrary code execution via pac ...) + NOT-FOR-US: Wedding Planner +CVE-2022-42228 + RESERVED +CVE-2022-42227 (jsonlint 1.0 is vulnerable to heap-buffer-overflow via /home/hjsz/json ...) + NOT-FOR-US: p-ranav/jsonlint (different from src:jsonlint) +CVE-2022-42226 + RESERVED +CVE-2022-42225 (Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vu ...) + NOT-FOR-US: Jumpserver +CVE-2022-42224 + RESERVED +CVE-2022-42223 + RESERVED +CVE-2022-42222 + RESERVED +CVE-2022-42221 (Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, ...) + NOT-FOR-US: Netgear +CVE-2022-42220 + RESERVED +CVE-2022-42219 + RESERVED +CVE-2022-42218 (Open Source SACCO Management System v1.0 vulnerable to SQL Injection v ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-42217 + RESERVED +CVE-2022-42216 + RESERVED +CVE-2022-42215 + RESERVED +CVE-2022-42214 + RESERVED +CVE-2022-42213 + RESERVED +CVE-2022-42212 + RESERVED +CVE-2022-42211 + RESERVED +CVE-2022-42210 + RESERVED +CVE-2022-42209 + RESERVED +CVE-2022-42208 + RESERVED +CVE-2022-42207 + RESERVED +CVE-2022-42206 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...) + NOT-FOR-US: PHPGurukul Hospital Management System +CVE-2022-42205 (PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cr ...) + NOT-FOR-US: PHPGurukul Hospital Management System +CVE-2022-42204 + RESERVED +CVE-2022-42203 + RESERVED +CVE-2022-42202 (TP-Link TL-WR841N 8.0 4.17.16 Build 120201 Rel.54750n is vulnerable to ...) + NOT-FOR-US: TP-Link +CVE-2022-42201 (Simple Exam Reviewer Management System v1.0 is vulnerable to Insecure ...) + NOT-FOR-US: Simple Exam Reviewer Management System +CVE-2022-42200 (Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cr ...) + NOT-FOR-US: Simple Exam Reviewer Management System +CVE-2022-42199 (Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Sit ...) + NOT-FOR-US: Simple Exam Reviewer Management System +CVE-2022-42198 (In Simple Exam Reviewer Management System v1.0 the User List function ...) + NOT-FOR-US: Simple Exam Reviewer Management System +CVE-2022-42197 (In Simple Exam Reviewer Management System v1.0 the User List function ...) + NOT-FOR-US: Simple Exam Reviewer Management System +CVE-2022-42196 + RESERVED +CVE-2022-42195 + RESERVED +CVE-2022-42194 + RESERVED +CVE-2022-42193 + RESERVED +CVE-2022-42192 + RESERVED +CVE-2022-42191 + RESERVED +CVE-2022-42190 + RESERVED +CVE-2022-42189 (Emlog Pro 1.6.0 plugins upload suffers from a remote code execution (R ...) + NOT-FOR-US: Emlog Pro +CVE-2022-42188 (In Lavalite 9.0.0, the XSRF-TOKEN cookie is vulnerable to path travers ...) + NOT-FOR-US: Lavalite CMS +CVE-2022-42187 (Hustoj 22.09.22 has a XSS Vulnerability in /admin/problem_judge.php.) + NOT-FOR-US: Hustoj +CVE-2022-42186 + RESERVED +CVE-2022-42185 + RESERVED +CVE-2022-42184 + RESERVED +CVE-2022-42183 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side ...) + NOT-FOR-US: Precisely Spectrum Spatial Analyst +CVE-2022-42182 (Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Tr ...) + NOT-FOR-US: Precisely Spectrum Spatial Analyst +CVE-2022-42181 + RESERVED +CVE-2022-42180 + RESERVED +CVE-2022-42179 + RESERVED +CVE-2022-42178 + RESERVED +CVE-2022-42177 + RESERVED +CVE-2022-42176 (In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in con ...) + NOT-FOR-US: PCTechSoft PCSecure +CVE-2022-42175 (Insecure Direct Object Reference vulnerability in WHMCS module SolusVM ...) + NOT-FOR-US: WHMCS module SolusVM +CVE-2022-42174 + RESERVED +CVE-2022-42173 + RESERVED +CVE-2022-42172 + RESERVED +CVE-2022-42171 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42170 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42169 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42168 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42167 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42166 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42165 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42164 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42163 (Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /g ...) + NOT-FOR-US: Tenda +CVE-2022-42162 + RESERVED +CVE-2022-42161 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...) + NOT-FOR-US: D-Link +CVE-2022-42160 (D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command i ...) + NOT-FOR-US: D-Link +CVE-2022-42159 (D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable ...) + NOT-FOR-US: D-Link +CVE-2022-42158 + RESERVED +CVE-2022-42157 + RESERVED +CVE-2022-42156 (D-Link COVR 1200,1203 v1.08 was discovered to contain a command inject ...) + NOT-FOR-US: D-Link +CVE-2022-42155 + RESERVED +CVE-2022-42154 (An arbitrary file upload vulnerability in the component /apiadmin/uplo ...) + NOT-FOR-US: 74cmsSE +CVE-2022-42153 + RESERVED +CVE-2022-42152 + RESERVED +CVE-2022-42151 + RESERVED +CVE-2022-42150 (TinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnera ...) + NOT-FOR-US: TinyLab linux-lab +CVE-2022-42149 (kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via ...) + NOT-FOR-US: kkFileView +CVE-2022-42148 + RESERVED +CVE-2022-42147 (kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via control ...) + NOT-FOR-US: kkFileView +CVE-2022-42146 + RESERVED +CVE-2022-42145 + RESERVED +CVE-2022-42144 + RESERVED +CVE-2022-42143 (Open Source SACCO Management System v1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-42142 (Online Tours & Travels Management System v1.0 is vulnerable to Arbitra ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-42141 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Cross Site Scrip ...) + NOT-FOR-US: Delta Electronics +CVE-2022-42140 (Delta Electronics DX-2100-L1-CN 2.42 is vulnerable to Command Injectio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-42139 (Delta Electronics DVW-W02W2-E2 1.5.0.10 is vulnerable to Command Injec ...) + NOT-FOR-US: Delta Electronics +CVE-2022-42138 + RESERVED +CVE-2022-42137 + RESERVED +CVE-2022-42136 (Authenticated mail users, under specific circumstances, could add file ...) + NOT-FOR-US: MailEnable +CVE-2022-42135 + RESERVED +CVE-2022-42134 + RESERVED +CVE-2022-42133 + RESERVED +CVE-2022-42132 (The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4. ...) + NOT-FOR-US: Liferay +CVE-2022-42131 (Certain Liferay products are affected by: Missing SSL Certificate Vali ...) + NOT-FOR-US: Liferay +CVE-2022-42130 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3. ...) + NOT-FOR-US: Liferay +CVE-2022-42129 (An Insecure direct object reference (IDOR) vulnerability in the Dynami ...) + NOT-FOR-US: Liferay +CVE-2022-42128 (The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3. ...) + NOT-FOR-US: Liferay +CVE-2022-42127 (The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, an ...) + NOT-FOR-US: Liferay +CVE-2022-42126 (The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, a ...) + NOT-FOR-US: Liferay +CVE-2022-42125 (Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 thr ...) + NOT-FOR-US: Liferay +CVE-2022-42124 (ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Lifera ...) + NOT-FOR-US: Liferay +CVE-2022-42123 (A Zip slip vulnerability in the Elasticsearch Connector in Liferay Por ...) + NOT-FOR-US: Liferay +CVE-2022-42122 (A SQL injection vulnerability in the Friendly Url module in Liferay Po ...) + NOT-FOR-US: Liferay +CVE-2022-42121 (A SQL injection vulnerability in the Layout module in Liferay Portal 7 ...) + NOT-FOR-US: Liferay +CVE-2022-42120 (A SQL injection vulnerability in the Fragment module in Liferay Portal ...) + NOT-FOR-US: Liferay +CVE-2022-42119 (Certain Liferay products are vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Liferay +CVE-2022-42118 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...) + NOT-FOR-US: Liferay +CVE-2022-42117 (A Cross-site scripting (XSS) vulnerability in the Frontend Taglib modu ...) + NOT-FOR-US: Frontend Taglib module in Liferay +CVE-2022-42116 (A Cross-site scripting (XSS) vulnerability in the Frontend Editor modu ...) + NOT-FOR-US: Frontend Editor module's integration with CKEditor in Liferay +CVE-2022-42115 (Cross-site scripting (XSS) vulnerability in the Object module's edit o ...) + NOT-FOR-US: module in Liferay +CVE-2022-42114 (A Cross-site scripting (XSS) vulnerability in the Role module's edit r ...) + NOT-FOR-US: module in Liferay +CVE-2022-42113 (A Cross-site scripting (XSS) vulnerability in Document Library module ...) + NOT-FOR-US: module in Liferay +CVE-2022-42112 (A Cross-site scripting (XSS) vulnerability in the Portal Search module ...) + NOT-FOR-US: module in Liferay +CVE-2022-42111 (A Cross-site scripting (XSS) vulnerability in the Sharing module's use ...) + NOT-FOR-US: Liferay +CVE-2022-42110 (A Cross-site scripting (XSS) vulnerability in the Announcements module ...) + NOT-FOR-US: Liferay +CVE-2022-42109 (Online-shopping-system-advanced 1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online-shopping-system-advanced +CVE-2022-42108 + RESERVED +CVE-2022-42107 + RESERVED +CVE-2022-42106 + RESERVED +CVE-2022-42105 + RESERVED +CVE-2022-42104 + RESERVED +CVE-2022-42103 + RESERVED +CVE-2022-42102 + RESERVED +CVE-2022-42101 + RESERVED +CVE-2022-42100 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) + NOT-FOR-US: KLiK SocialMediaWebsit +CVE-2022-42099 (KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that all ...) + NOT-FOR-US: KLiK SocialMediaWebsit +CVE-2022-42098 (KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection ...) + NOT-FOR-US: KLiK SocialMediaWebsite +CVE-2022-42097 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) + - backdrop (bug #914257) +CVE-2022-42096 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) + - backdrop (bug #914257) +CVE-2022-42095 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) + - backdrop (bug #914257) +CVE-2022-42094 (Backdrop CMS version 1.23.0 was discovered to contain a stored cross-s ...) + - backdrop (bug #914257) +CVE-2022-42093 + RESERVED +CVE-2022-42092 (Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via 'th ...) + - backdrop (bug #914257) +CVE-2022-42091 + RESERVED +CVE-2022-42090 + RESERVED +CVE-2022-42089 + RESERVED +CVE-2022-42088 + RESERVED +CVE-2022-42087 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...) + NOT-FOR-US: Tenda +CVE-2022-42086 (Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable t ...) + NOT-FOR-US: Tenda +CVE-2022-42085 + RESERVED +CVE-2022-42084 + RESERVED +CVE-2022-42083 + RESERVED +CVE-2022-42082 + RESERVED +CVE-2022-42081 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) + NOT-FOR-US: Tenda +CVE-2022-42080 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) + NOT-FOR-US: Tenda +CVE-2022-42079 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered t ...) + NOT-FOR-US: Tenda +CVE-2022-42078 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...) + NOT-FOR-US: Tenda +CVE-2022-42077 (Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to ...) + NOT-FOR-US: Tenda +CVE-2022-42076 + RESERVED +CVE-2022-42075 (Wedding Planner v1.0 is vulnerable to arbitrary code execution.) + NOT-FOR-US: Wedding Planner +CVE-2022-42074 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-42073 (Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Inje ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-42072 + RESERVED +CVE-2022-42071 (Online Birth Certificate Management System version 1.0 suffers from a ...) + NOT-FOR-US: Online Birth Certificate Management System +CVE-2022-42070 (Online Birth Certificate Management System version 1.0 is vulnerable t ...) + NOT-FOR-US: Online Birth Certificate Management System +CVE-2022-42069 (Online Birth Certificate Management System version 1.0 suffers from a ...) + NOT-FOR-US: Online Birth Certificate Management System +CVE-2022-42068 + RESERVED +CVE-2022-42067 (Online Birth Certificate Management System version 1.0 suffers from an ...) + NOT-FOR-US: Online Birth Certificate Management System +CVE-2022-42066 (Online Examination System version 1.0 suffers from a cross site script ...) + NOT-FOR-US: Online Examination System +CVE-2022-42065 + RESERVED +CVE-2022-42064 (Online Diagnostic Lab Management System version 1.0 remote exploit tha ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-42063 + RESERVED +CVE-2022-42062 + RESERVED +CVE-2022-42061 + RESERVED +CVE-2022-42060 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) + NOT-FOR-US: Tenda +CVE-2022-42059 + RESERVED +CVE-2022-42058 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) + NOT-FOR-US: Tenda +CVE-2022-42057 + RESERVED +CVE-2022-42056 + RESERVED +CVE-2022-42055 (Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT De ...) + NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System +CVE-2022-42054 (Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet ...) + NOT-FOR-US: GL.iNet GoodCloud IoT Device Management System +CVE-2022-42053 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) + NOT-FOR-US: Tenda +CVE-2022-42052 + RESERVED +CVE-2022-42051 + RESERVED +CVE-2022-42050 + RESERVED +CVE-2022-42049 + RESERVED +CVE-2022-42048 + RESERVED +CVE-2022-42047 + RESERVED +CVE-2022-42046 (wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary ...) + NOT-FOR-US: HeavenBurnsRed +CVE-2022-42045 (Certain Zemana products are vulnerable to Arbitrary code injection. Th ...) + NOT-FOR-US: Zemana +CVE-2022-42044 (The d8s-asns package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-asns +CVE-2022-42043 (The d8s-xml package for Python, as distributed on PyPI, included a pot ...) + NOT-FOR-US: d8s-xml +CVE-2022-42042 (The d8s-networking package for Python, as distributed on PyPI, include ...) + NOT-FOR-US: d8s-networking +CVE-2022-42041 (The d8s-file-system package for Python, as distributed on PyPI, includ ...) + NOT-FOR-US: d8s-file-system +CVE-2022-42040 (The d8s-algorithms package for Python, as distributed on PyPI, include ...) + NOT-FOR-US: d8s-algorithms +CVE-2022-42039 (The d8s-lists package for Python, as distributed on PyPI, included a p ...) + NOT-FOR-US: d8s-lists +CVE-2022-42038 (The d8s-ip-addresses package for Python, as distributed on PyPI, inclu ...) + NOT-FOR-US: d8s-ip-addresses +CVE-2022-42037 (The d8s-asns package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-asns +CVE-2022-42036 (The d8s-urls package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-urls +CVE-2022-42035 + RESERVED +CVE-2022-42034 (Wedding Planner v1.0 is vulnerable to arbitrary code execution via use ...) + NOT-FOR-US: Wedding Planner +CVE-2022-42033 + RESERVED +CVE-2022-42032 + RESERVED +CVE-2022-42031 + RESERVED +CVE-2022-42030 + RESERVED +CVE-2022-42029 (Chamilo 1.11.16 is affected by an authenticated local file inclusion v ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-42028 + RESERVED +CVE-2022-42027 + RESERVED +CVE-2022-42026 + RESERVED +CVE-2022-42025 + RESERVED +CVE-2022-42024 + RESERVED +CVE-2022-42023 + RESERVED +CVE-2022-42022 + RESERVED +CVE-2022-42021 (Best Student Result Management System v1.0 is vulnerable to SQL Inject ...) + NOT-FOR-US: Best Student Result Management System +CVE-2022-42020 + RESERVED +CVE-2022-42019 + RESERVED +CVE-2022-42018 + RESERVED +CVE-2022-42017 + RESERVED +CVE-2022-42016 + RESERVED +CVE-2022-42015 + RESERVED +CVE-2022-42014 + RESERVED +CVE-2022-42013 + RESERVED +CVE-2022-42012 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) + {DSA-5250-1 DLA-3142-1} + - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/236f16e444e88a984cf12b09225e0f8efa6c5b44 +CVE-2022-42011 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) + {DSA-5250-1 DLA-3142-1} + - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/079bbf16186e87fb0157adf8951f19864bc2ed69 +CVE-2022-42010 (An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x bef ...) + {DSA-5250-1 DLA-3142-1} + - dbus 1.14.4-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/06/1 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/9d07424e9011e3bbe535e83043d335f3093d2916 +CVE-2022-3390 + RESERVED +CVE-2022-42009 (SpringEL injection in the server agent in Apache Ambari version 2.7.0 ...) + NOT-FOR-US: Apache Ambari +CVE-2022-3389 (Path Traversal in GitHub repository ikus060/rdiffweb prior to 2.4.10.) + - rdiffweb (bug #969974) +CVE-2022-42008 + RESERVED +CVE-2022-42007 + RESERVED +CVE-2022-42006 + RESERVED +CVE-2022-42005 + RESERVED +CVE-2022-42004 (In FasterXML jackson-databind before 2.13.4, resource exhaustion can o ...) + {DSA-5283-1 DLA-3207-1} + - jackson-databind 2.14.0-1 + NOTE: https://github.com/FasterXML/jackson-databind/issues/3582 + NOTE: https://github.com/FasterXML/jackson-databind/commit/063183589218fec19a9293ed2f17ec53ea80ba88 (jackson-databind-2.13.4) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50490 +CVE-2022-42003 (In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion c ...) + {DSA-5283-1 DLA-3207-1} + - jackson-databind 2.14.0-1 + NOTE: https://github.com/FasterXML/jackson-databind/issues/3590 + NOTE: https://github.com/FasterXML/jackson-databind/commit/d78d00ee7b5245b93103fef3187f70543d67ca33 (jackson-databind-2.14.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51020 +CVE-2022-42002 (SonicJS through 0.6.0 allows file overwrite. It has the following muta ...) + NOT-FOR-US: SonicJS +CVE-2022-41981 (A stack-based buffer overflow vulnerability exists in the TGA file for ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1628 + NOTE: Prerequisite: https://github.com/OpenImageIO/oiio/commit/bc9c931092e973d5250dd22a714cf035827dae6d + NOTE: https://github.com/OpenImageIO/oiio/commit/19121dc4f0cca1e0ff53d616043d482f23169249 +CVE-2022-41977 (An out of bounds read vulnerability exists in the way OpenImageIO vers ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.3.21.0+dfsg-1 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1627 + NOTE: https://github.com/OpenImageIO/oiio/pull/3628 +CVE-2022-41794 (A heap based buffer overflow vulnerability exists in the PSD thumbnail ...) + {DSA-5384-1 DLA-3518-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1626 + NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b +CVE-2022-41684 (A heap out of bounds read vulnerability exists in the OpenImageIO mast ...) + {DSA-5384-1 DLA-3518-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1632 + NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b +CVE-2022-41649 (A heap out of bounds read vulnerability exists in the handling of IPTC ...) + {DSA-5384-1 DLA-3518-1} + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1631 + NOTE: https://github.com/OpenImageIO/oiio/commit/884dfd6b7c1fd6130390853b5074ddeb48f2f19b +CVE-2022-41639 (A heap based buffer overflow vulnerability exists in tile decoding cod ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.3.21.0+dfsg-1 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1633 + NOTE: https://github.com/OpenImageIO/oiio/pull/3632 +CVE-2022-38143 (A heap out-of-bounds write vulnerability exists in the way OpenImageIO ...) + - openimageio 2.4.7.1+dfsg-2 (bug #1027143) + [bullseye] - openimageio (The vulnerable code was introduced later) + [buster] - openimageio (The vulnerable code was introduced later) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1630 + NOTE: https://github.com/OpenImageIO/oiio/pull/3620 +CVE-2022-36354 (A heap out-of-bounds read vulnerability exists in the RLA format parse ...) + {DSA-5384-1 DLA-3382-1} + - openimageio 2.3.21.0+dfsg-1 (bug #1027143) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1629 + NOTE: https://github.com/OpenImageIO/oiio/pull/3624 +CVE-2022-3388 (An input validation vulnerability exists in the Monitor Pro interface ...) + NOT-FOR-US: MicroSCADA +CVE-2022-3387 (Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path tr ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2022-3386 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2022-3385 (Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack ...) + NOT-FOR-US: Advantech R-SeeNet +CVE-2022-3384 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) + NOT-FOR-US: Ultimate Member plugin for WordPress +CVE-2022-3383 (The Ultimate Member plugin for WordPress is vulnerable to Remote Code ...) + NOT-FOR-US: Ultimate Member plugin for WordPress +CVE-2022-3382 (HIWIN Robot System Software version 3.3.21.9869 does not properly addr ...) + NOT-FOR-US: HIWIN Robot System Software +CVE-2022-41983 (On specific hardware platforms, on BIG-IP versions 16.1.x before 16.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41976 (An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 buil ...) + NOT-FOR-US: Scada-LTS +CVE-2022-41975 (RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Win ...) + NOT-FOR-US: RealVNC +CVE-2022-41974 (multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to ...) + {DSA-5366-1 DLA-3250-1} + - multipath-tools 0.9.4-1 (bug #1022742) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2 + NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt + NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/9acda0c47b143f2ef6123957d2ccd24ea995dc04 (0.7.0) + NOTE: Fix included in https://github.com/opensvc/multipath-tools/pull/46 + NOTE: Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2, CVE fix) + NOTE: https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2) +CVE-2022-41973 (multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to ...) + {DSA-5366-1 DLA-3250-1} + - multipath-tools 0.9.4-1 (bug #1022742) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/24/2 + NOTE: https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt + NOTE: Introduced by: https://github.com/opensvc/multipath-tools/commit/65d0a633e066223d361cd1a254ebdfe36a133a5c (0.7.7) + NOTE: Fix included in https://github.com/opensvc/multipath-tools/pull/46 + NOTE: Fixed by (merge): https://github.com/opensvc/multipath-tools/commit/c4912a639b7ff527aa11d665944594926ff94a7a (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/f812466f68b8e020818c6454d7b7a7e278bc99f6 (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/d139bcf0842bc0a16beab86e1349ed65b150bf0c (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/2a1ff3154c1d5de423c303ca3bc9ed9727b4e523 (0.9.2) + NOTE: https://github.com/opensvc/multipath-tools/commit/cb57b930fa690ab79b3904846634681685e3470f (0.9.2, CVE fix) + NOTE: https://github.com/opensvc/multipath-tools/commit/994811a29332161ec150f1d9822ff460cfc0f316 (0.9.2) + NOTE: The fix for CVE-2022-41973 switches to use /run instead of /dev/shm which is a backward + NOTE: incompatible change (which can be overriden but leaving CVE open). +CVE-2022-41972 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2022-41971 (Nextcould Talk android is a video and audio conferencing app for Nextc ...) + NOT-FOR-US: NextCloud Talk +CVE-2022-41970 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) + - nextcloud-server (bug #941708) +CVE-2022-41969 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) + - nextcloud-server (bug #941708) +CVE-2022-41968 (Nextcloud Server is an open source personal cloud server. Prior to ver ...) + - nextcloud-server (bug #941708) +CVE-2022-41967 (Dragonfly is a Java runtime dependency management library. Dragonfly v ...) + NOT-FOR-US: Dragonfly +CVE-2022-41966 (XStream serializes Java objects to XML and back again. Versions prior ...) + {DSA-5315-1 DLA-3267-1} + - libxstream-java 1.4.20-1 (bug #1027754) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j563-grx4-pjpv + NOTE: https://x-stream.github.io/CVE-2022-41966.html + NOTE: Fixed by: https://github.com/x-stream/xstream/commit/e9151f221b4969fb15b1e946d5d61dcdd459a391 (XSTREAM_1_4_20) +CVE-2022-41965 (Opencast is a free, open-source platform to support the management of ...) + NOT-FOR-US: Opencast +CVE-2022-41964 (BigBlueButton is an open source web conferencing system. This vulnerab ...) + NOT-FOR-US: BigBlueButton +CVE-2022-41963 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-41962 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-41961 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-41960 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-41959 + RESERVED +CVE-2022-41958 (super-xray is a web vulnerability scanning tool. Versions prior to 0.7 ...) + NOT-FOR-US: super-xray +CVE-2022-41957 (Muhammara is a node module with c/cpp bindings to modify PDF with Java ...) + NOT-FOR-US: Muhammara Nodejs module +CVE-2022-41956 (Autolab is a course management service, initially developed by a team ...) + NOT-FOR-US: Autolab +CVE-2022-41955 (Autolab is a course management service, initially developed by a team ...) + NOT-FOR-US: Autolab +CVE-2022-41954 (MPXJ is an open source library to read and write project plans from a ...) + NOT-FOR-US: MPXJ +CVE-2022-41953 (Git GUI is a convenient graphical tool that comes with Git for Windows ...) + NOT-FOR-US: Git for Windows +CVE-2022-41952 (Synapse before 1.52.0 with URL preview functionality enabled will atte ...) + - matrix-synapse 1.53.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4822-jvwx-w47h + NOTE: https://github.com/matrix-org/synapse/pull/11784 + NOTE: https://github.com/matrix-org/synapse/pull/11936 + NOTE: First bugfix in 1.52.0 but 1.53.0 does fully fix the issue. +CVE-2022-41951 (OroPlatform is a PHP Business Application Platform (BAP) designed to m ...) + NOT-FOR-US: OroPlatform +CVE-2022-41950 (super-xray is the GUI alternative for vulnerability scanning tool xray ...) + NOT-FOR-US: super-xray +CVE-2022-41949 (DHIS 2 is an open source information system for data capture, manageme ...) + NOT-FOR-US: DHIS +CVE-2022-41948 (DHIS 2 is an open source information system for data capture, manageme ...) + NOT-FOR-US: DHIS +CVE-2022-41947 (DHIS 2 is an open source information system for data capture, manageme ...) + NOT-FOR-US: DHIS +CVE-2022-41946 (pgjdbc is an open source postgresql JDBC Driver. In affected versions ...) + {DLA-3218-1} + - libpgjava 42.5.1-1 + [bullseye] - libpgjava (Minor issue) + NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h + NOTE: https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5 (REL42.5.1-rc1) +CVE-2022-41945 (super-xray is a vulnerability scanner (xray) GUI launcher. In version ...) + NOT-FOR-US: super-xray +CVE-2022-41944 (Discourse is an open-source discussion platform. In stable versions pr ...) + NOT-FOR-US: Discourse +CVE-2022-41943 (sourcegraph is a code intelligence platform. As a site admin it was po ...) + NOT-FOR-US: Sourcegraph +CVE-2022-41942 (Sourcegraph is a code intelligence platform. In versions prior to 4.1. ...) + NOT-FOR-US: Sourcegraph +CVE-2022-41941 (GLPI is a Free Asset and IT Management Software package. Versions 10.0 ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qqqm-7h6v-7cf4 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-41940 (Engine.IO is the implementation of transport-based cross-browser/cross ...) + NOT-FOR-US: Engine.io +CVE-2022-41939 (knative.dev/func is is a client library and CLI enabling the developme ...) + NOT-FOR-US: knative.dev/func +CVE-2022-41938 (Flarum is an open source discussion platform. Flarum's page title syst ...) + NOT-FOR-US: Flarum +CVE-2022-41937 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41936 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41935 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41934 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41933 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41932 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-41931 (xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Dir ...) + NOT-FOR-US: XWiki +CVE-2022-41930 (org.xwiki.platform:xwiki-platform-user-profile-ui is missing authoriza ...) + NOT-FOR-US: XWiki +CVE-2022-41929 (org.xwiki.platform:xwiki-platform-oldcore is missing authorization in ...) + NOT-FOR-US: XWiki +CVE-2022-41928 (XWiki Platform vulnerable to Improper Neutralization of Directives in ...) + NOT-FOR-US: XWiki +CVE-2022-41927 (XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that ...) + NOT-FOR-US: XWiki +CVE-2022-41926 (Nextcould talk android is the android OS implementation of the nextclo ...) + NOT-FOR-US: Nextcould +CVE-2022-41925 (A vulnerability identified in the Tailscale client allows a malicious ...) + NOT-FOR-US: Tailscale +CVE-2022-41924 (A vulnerability identified in the Tailscale Windows client allows a ma ...) + NOT-FOR-US: Tailscale +CVE-2022-41923 (Grails Spring Security Core plugin is vulnerable to privilege escalati ...) + NOT-FOR-US: Grails Spring Security Core plugin +CVE-2022-41922 (`yiisoft/yii` before version 1.1.27 are vulnerable to Remote Code Exec ...) + - yii (bug #597899) +CVE-2022-41921 (Discourse is an open-source discussion platform. Prior to version 2.9. ...) + NOT-FOR-US: Discourse +CVE-2022-41920 (Lancet is a general utility library for the go programming language. A ...) + NOT-FOR-US: Lancet +CVE-2022-41919 (Fastify is a web framework with minimal overhead and plugin architectu ...) + NOT-FOR-US: Fastify +CVE-2022-41918 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) + - opensearch (Fixed before initial upload to archive) +CVE-2022-41917 (OpenSearch is a community-driven, open source fork of Elasticsearch an ...) + - opensearch (Fixed before initial upload to archive) +CVE-2022-41916 (Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Version ...) + {DSA-5287-1 DLA-3206-1} + - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-mgqr-gvh6-23cx + NOTE: https://github.com/heimdal/heimdal/commit/eb87af0c2d189c25294c7daf483a47b03af80c2c (heimdal-7.7.1) +CVE-2022-41915 (Netty project is an event-driven asynchronous network application fram ...) + {DSA-5316-1 DLA-3268-1} + - netty 1:4.1.48-6 (bug #1027180) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-hh82-3pmq-7frp + NOTE: Fixed by https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4 (netty-4.1.86.Final) +CVE-2022-41914 (Zulip is an open-source team collaboration tool. For organizations wit ...) + NOT-FOR-US: Zulip +CVE-2022-41913 (Discourse-calendar is a plugin for the Discourse messaging platform wh ...) + NOT-FOR-US: Discourse plugin +CVE-2022-41912 (The crewjam/saml go library prior to version 0.4.9 is vulnerable to an ...) + - golang-github-crewjam-saml 0.4.10-1 (bug #1025187) + NOTE: https://github.com/crewjam/saml/security/advisories/GHSA-j2jp-wvqg-wc2g + NOTE: https://github.com/crewjam/saml/commit/aee3fb1edeeaf1088fcb458727e0fd863d277f8b (v0.4.9) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2368 +CVE-2022-41911 (TensorFlow is an open source platform for machine learning. When print ...) + - tensorflow (bug #804612) +CVE-2022-41910 (TensorFlow is an open source platform for machine learning. The functi ...) + - tensorflow (bug #804612) +CVE-2022-41909 (TensorFlow is an open source platform for machine learning. An input ` ...) + - tensorflow (bug #804612) +CVE-2022-41908 (TensorFlow is an open source platform for machine learning. An input ` ...) + - tensorflow (bug #804612) +CVE-2022-41907 (TensorFlow is an open source platform for machine learning. When `tf.r ...) + - tensorflow (bug #804612) +CVE-2022-41906 (OpenSearch Notifications is a notifications plugin for OpenSearch that ...) + NOT-FOR-US: OpenSearch plugin +CVE-2022-41905 (WsgiDAV is a generic and extendable WebDAV server based on WSGI. Imple ...) + NOT-FOR-US: WsgiDAV +CVE-2022-41904 (Element iOS is an iOS Matrix client provided by Element. It is based o ...) + NOT-FOR-US: Element iOS +CVE-2022-41903 (Git is distributed revision control system. `git log` can display comm ...) + {DSA-5332-1 DLA-3282-1} + - git 1:2.39.1-0.1 (bug #1029114) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4 + NOTE: https://github.com/git/git/commit/a244dc5b0a629290881641467c7a545de7508ab2 + NOTE: https://github.com/git/git/commit/81dc898df9b4b4035534a927f3234a3839b698bf + NOTE: https://github.com/git/git/commit/b49f309aa16febeddb65e82526640a91bbba3be3 + NOTE: https://github.com/git/git/commit/f6e0b9f38987ad5e47bab551f8760b70689a5905 + NOTE: https://github.com/git/git/commit/1de69c0cdd388b0a5b7bdde0bfa0bda514a354b0 + NOTE: https://github.com/git/git/commit/48050c42c73c28b0c001d63d11dffac7e116847b + NOTE: https://github.com/git/git/commit/522cc87fdc25449222a5894a428eebf4b8d5eaa9 + NOTE: https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d + NOTE: https://github.com/git/git/commit/937b71cc8b5b998963a7f9a33312ba3549d55510 + NOTE: https://github.com/git/git/commit/81c2d4c3a5ba0e6ab8c348708441fed170e63a82 + NOTE: https://github.com/git/git/commit/f930a2394303b902e2973f4308f96529f736b8bc + NOTE: https://github.com/git/git/commit/304a50adff6480ede46b68f7545baab542cbfb46 + NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf +CVE-2022-41902 (TensorFlow is an open source platform for machine learning. The functi ...) + - tensorflow (bug #804612) +CVE-2022-41901 (TensorFlow is an open source platform for machine learning. An input ` ...) + - tensorflow (bug #804612) +CVE-2022-41900 (TensorFlow is an open source platform for machine learning. The securi ...) + - tensorflow (bug #804612) +CVE-2022-41899 (TensorFlow is an open source platform for machine learning. Inputs `de ...) + - tensorflow (bug #804612) +CVE-2022-41898 (TensorFlow is an open source platform for machine learning. If `Sparse ...) + - tensorflow (bug #804612) +CVE-2022-41897 (TensorFlow is an open source platform for machine learning. If `Fracti ...) + - tensorflow (bug #804612) +CVE-2022-41896 (TensorFlow is an open source platform for machine learning. If `Thread ...) + - tensorflow (bug #804612) +CVE-2022-41895 (TensorFlow is an open source platform for machine learning. If `Mirror ...) + - tensorflow (bug #804612) +CVE-2022-41894 (TensorFlow is an open source platform for machine learning. The refere ...) + - tensorflow (bug #804612) +CVE-2022-41893 (TensorFlow is an open source platform for machine learning. If `tf.raw ...) + - tensorflow (bug #804612) +CVE-2022-41892 (Arches is a web platform for creating, managing, & visualizing geospat ...) + NOT-FOR-US: Arches +CVE-2022-41891 (TensorFlow is an open source platform for machine learning. If `tf.raw ...) + - tensorflow (bug #804612) +CVE-2022-41890 (TensorFlow is an open source platform for machine learning. If `BCast: ...) + - tensorflow (bug #804612) +CVE-2022-41889 (TensorFlow is an open source platform for machine learning. If a list ...) + - tensorflow (bug #804612) +CVE-2022-41888 (TensorFlow is an open source platform for machine learning. When runni ...) + - tensorflow (bug #804612) +CVE-2022-41887 (TensorFlow is an open source platform for machine learning. `tf.keras. ...) + - tensorflow (bug #804612) +CVE-2022-41886 (TensorFlow is an open source platform for machine learning. When `tf.r ...) + - tensorflow (bug #804612) +CVE-2022-41885 (TensorFlow is an open source platform for machine learning. When `tf.r ...) + - tensorflow (bug #804612) +CVE-2022-41884 (TensorFlow is an open source platform for machine learning. If a numpy ...) + - tensorflow (bug #804612) +CVE-2022-41883 (TensorFlow is an open source platform for machine learning. When ops t ...) + - tensorflow (bug #804612) +CVE-2022-41882 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63 + NOTE: https://github.com/nextcloud/desktop/pull/5039 + NOTE: https://github.com/nextcloud/server/pull/34559 +CVE-2022-41881 (Netty project is an event-driven asynchronous network application fram ...) + {DSA-5316-1 DLA-3268-1} + - netty 1:4.1.48-6 (bug #1027180) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v + NOTE: Fixed by https://github.com/netty/netty/commit/cd91cf3c99123bd1e53fd6a1de0e3d1922f05bb2 (netty-4.1.86.Final) +CVE-2022-41880 (TensorFlow is an open source platform for machine learning. When the ` ...) + - tensorflow (bug #804612) +CVE-2022-41879 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-41878 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-41877 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + {DLA-3654-1} + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pmv3-wpw4-pw5h + NOTE: https://github.com/FreeRDP/FreeRDP/commit/6655841cf2a00b764f855040aecb8803cfc5eaba +CVE-2022-41876 (ezplatform-graphql is a GraphQL server implementation for Ibexa DXP an ...) + NOT-FOR-US: ezplatform-graphql +CVE-2022-41875 (A remote code execution (RCE) vulnerability in Optica allows unauthent ...) + NOT-FOR-US: Optica +CVE-2022-41874 (Tauri is a framework for building binaries for all major desktop platf ...) + NOT-FOR-US: Tauri +CVE-2022-41873 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2022-41872 + RESERVED +CVE-2022-41871 + RESERVED +CVE-2022-41870 (AP Manager in Innovaphone before 13r2 Service Release 17 allows comman ...) + NOT-FOR-US: Innovaphone +CVE-2022-41869 + RESERVED +CVE-2022-41868 + RESERVED +CVE-2022-41867 + RESERVED +CVE-2022-41866 + RESERVED +CVE-2022-41865 + RESERVED +CVE-2022-41864 + RESERVED +CVE-2022-41863 + RESERVED +CVE-2022-41862 (In PostgreSQL, a modified, unauthenticated server can send an untermin ...) + - postgresql-15 15.2-1 + - postgresql-13 + [bullseye] - postgresql-13 13.10-0+deb11u1 + - postgresql-11 (Vulnerable code introduced later) + NOTE: https://www.postgresql.org/about/news/postgresql-152-147-1310-1214-and-1119-released-2592/ + NOTE: Fixed in 15.2, 14.7, 13.10, 12.14 + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 (REL_12_14) + NOTE: GSSAPI encryption support introduced in https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=b0b39f72b9904bcb80f97b35837ccff1578aa4b8 (REL_12_BETA1) +CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...) + {DLA-3342-1} + - freeradius 3.2.0+dfsg-1 + [bullseye] - freeradius (Minor issue) + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26) + NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data") +CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...) + {DLA-3342-1} + - freeradius 3.2.0+dfsg-1 + [bullseye] - freeradius (Minor issue) + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26) + NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM") +CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...) + {DLA-3342-1} + - freeradius 3.2.0+dfsg-1 + [bullseye] - freeradius (Minor issue) + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937 (release_3_0_26) +CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...) + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/ec4eb8a86ade4d22633e1da2a7d85a846b7d1798 (5.18-rc2) +CVE-2022-41857 + REJECTED +CVE-2022-41856 + REJECTED +CVE-2022-41855 + REJECTED +CVE-2022-41854 (Those using Snakeyaml to parse untrusted YAML files may be vulnerable ...) + - snakeyaml 1.33-1 (unimportant) + [buster] - snakeyaml 1.23-1+deb10u1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355 + NOTE: No suitable for parsing untrusted YAML, see README.Debian.security +CVE-2022-41853 (Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb ...) + {DSA-5313-1 DLA-3234-1} + - hsqldb 2.7.1-1 (bug #1023573) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50212#c7 + NOTE: http://hsqldb.org/doc/2.0/guide/sqlroutines-chapt.html#src_jrt_access_control + NOTE: https://sourceforge.net/p/hsqldb/svn/6614/ +CVE-2022-41852 + REJECTED +CVE-2022-41851 (A vulnerability has been identified in JTTK (All versions < V11.1.1.0) ...) + NOT-FOR-US: JTTK +CVE-2022-41836 (When an 'Attack Signature False Positive Mode' enabled security policy ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41835 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41833 (In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::coll ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41832 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41813 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41806 (In versions 16.1.x before 16.1.3.2 and 15.1.x before 15.1.5.1, when BI ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41800 (In all versions of BIG-IP, when running in Appliance mode, an authenti ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41787 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41780 (In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.4.0 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41770 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41694 (In BIG-IP versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41691 (When a BIG-IP Advanced WAF/ASM security policy is configured on a virt ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41624 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.2, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41622 (In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site reque ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-41617 (In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x bef ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-36795 (In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-3381 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3380 (The Customizer Export/Import WordPress plugin before 0.9.5 unserialize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3379 (Horner Automation's Cscape version 9.90 SP7 and prior does not properl ...) + NOT-FOR-US: Horner Automation's Cscape +CVE-2022-3378 (Horner Automation's Cscape version 9.90 SP 7 and prior does not proper ...) + NOT-FOR-US: Horner Automation's Cscape +CVE-2022-3377 (Horner Automation's Cscape version 9.90 SP 6 and prior does not proper ...) + NOT-FOR-US: Horner Automation's Cscape +CVE-2022-3376 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) + - rdiffweb (bug #969974) +CVE-2022-3375 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3374 (The Ocean Extra WordPress plugin before 2.0.5 unserialises the content ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3373 (Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allo ...) + {DSA-5245-1} + - chromium 106.0.5249.91-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3372 (There is a CSRF vulnerability on Netman-204 version 02.05. An attacker ...) + NOT-FOR-US: Netman-204 +CVE-2022-3371 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3370 (Use after free in Custom Elements in Google Chrome prior to 106.0.5249 ...) + {DSA-5245-1} + - chromium 106.0.5249.91-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3369 (An Improper Access Control vulnerability in the bdservicehost.exe comp ...) + NOT-FOR-US: Bitdefender +CVE-2022-3368 (A vulnerability within the Software Updater functionality of Avira Sec ...) + NOT-FOR-US: Avira +CVE-2021-46844 + RESERVED +CVE-2021-46843 + RESERVED +CVE-2021-46842 + RESERVED +CVE-2022-41847 (An issue was discovered in Bento4 1.6.0-639. A memory leak exists in A ...) + NOT-FOR-US: Bento4 +CVE-2022-41846 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) + NOT-FOR-US: Bento4 +CVE-2022-41845 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) + NOT-FOR-US: Bento4 +CVE-2022-41844 (An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch( ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-41843 (An issue was discovered in Xpdf 4.04. There is a crash in convertToTyp ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-41842 (An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_F ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-41841 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) + NOT-FOR-US: Bento4 +CVE-2022-41829 + RESERVED +CVE-2022-41828 (In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or ...) + NOT-FOR-US: Amazon AWS Redshift JDBC Driver +CVE-2022-41827 + RESERVED +CVE-2022-41826 + RESERVED +CVE-2022-41825 + RESERVED +CVE-2022-41824 + RESERVED +CVE-2022-41823 + RESERVED +CVE-2022-41822 + RESERVED +CVE-2022-41821 + RESERVED +CVE-2022-41820 + RESERVED +CVE-2022-41819 + RESERVED +CVE-2022-41818 + RESERVED +CVE-2022-41817 + RESERVED +CVE-2022-41816 + RESERVED +CVE-2022-41815 + RESERVED +CVE-2022-41804 (Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some ...) + {DSA-5474-1 DLA-3537-1} + - intel-microcode 3.20230808.1 (bug #1043305) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00837.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 +CVE-2022-41803 + RESERVED +CVE-2022-41801 (Uncontrolled resource consumption in the Intel(R) Connect M Android ap ...) + NOT-FOR-US: Intel +CVE-2022-41799 (Improper access control vulnerability in GROWI prior to v5.1.4 (v5 ser ...) + NOT-FOR-US: GROWI +CVE-2022-41782 + RESERVED +CVE-2022-41771 (Incorrect permission assignment for critical resource in some Intel(R) ...) + NOT-FOR-US: Intel +CVE-2022-41769 (Improper access control in the Intel(R) Connect M Android application ...) + NOT-FOR-US: Intel +CVE-2022-41699 (Incorrect permission assignment for critical resource in some Intel(R) ...) + NOT-FOR-US: Intel +CVE-2022-41621 (Improper access control in some Intel(R) QAT drivers for Windows befor ...) + NOT-FOR-US: Intel +CVE-2022-40972 (Improper access control in some Intel(R) QAT drivers for Windows befor ...) + NOT-FOR-US: Intel +CVE-2022-38973 (Improper access control for some Intel(R) Arc(TM) graphics cards A770 ...) + NOT-FOR-US: Intel +CVE-2022-3367 + RESERVED +CVE-2022-3366 (The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3365 + RESERVED +CVE-2022-3364 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3363 (Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2 ...) + - rdiffweb (bug #969974) +CVE-2022-3362 (Insufficient Session Expiration in GitHub repository ikus060/rdiffweb ...) + - rdiffweb (bug #969974) +CVE-2022-41850 (roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel th ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://lore.kernel.org/all/20220904193115.GA28134@ubuntu/t/#u +CVE-2022-41849 (drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has ...) + {DLA-3245-1 DLA-3244-1} + - linux 6.0.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://lore.kernel.org/all/20220925133243.GA383897@ubuntu/T/ +CVE-2022-41848 (drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/lkml/20220919040251.GA302541@ubuntu/T/#rc85e751f467b3e6f9ccef92cfa7fb8a6cc50c270 + NOTE: Negligible security impact, would need physical access to "exploit" +CVE-2022-41812 + REJECTED +CVE-2022-41811 + REJECTED +CVE-2022-41810 + REJECTED +CVE-2022-41809 + REJECTED +CVE-2022-41779 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41778 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41776 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41773 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-41772 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41702 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-41701 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-41697 (A user enumeration vulnerability exists in the login functionality of ...) + NOT-FOR-US: Ghost CMS +CVE-2022-41688 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41683 + RESERVED +CVE-2022-41657 (Delta Electronics InfraSuite Device Master Versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41654 (An authentication bypass vulnerability exists in the newsletter subscr ...) + NOT-FOR-US: Ghost CMS +CVE-2022-41653 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...) + NOT-FOR-US: Daikin +CVE-2022-41651 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HERO ...) + NOT-FOR-US: HEIDENHAIN Controller TNC 640 +CVE-2022-41644 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service of Haas ...) + NOT-FOR-US: Haas Controller +CVE-2022-41629 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a smartphone-b ...) + NOT-FOR-US: AliveCor +CVE-2022-41613 (Bentley Systems MicroStation Connectversions 10.17.0.209 and prior a ...) + NOT-FOR-US: Bentley +CVE-2022-41607 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) +CVE-2022-41555 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-41133 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-40981 (All versions of ETIC Telecom Remote Access Server (RAS) 4.5.0 and prio ...) + NOT-FOR-US: ETIC Telecom Remote Access Server (RAS) +CVE-2022-40967 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-40965 (The affected product DIAEnergie (versions prior to v1.9.01.002) is vul ...) + NOT-FOR-US: DIAEnergie +CVE-2022-40703 (CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Ka ...) + NOT-FOR-US: AliveCor Kardia App +CVE-2022-40204 (A cross-site scripting (XSS) vulnerability exists in all current versi ...) + NOT-FOR-US: Digital Alert Systems DASDEC software +CVE-2022-40202 (The database backup function in Delta Electronics InfraSuite Device Ma ...) + NOT-FOR-US: Delta Electronics +CVE-2022-40201 (Bentley Systems MicroStation Connectversions 10.17.0.209 and prior a ...) + NOT-FOR-US: Bentley +CVE-2022-40190 (SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflec ...) + NOT-FOR-US: SAUTER Controls moduWeb firmware +CVE-2022-38355 (Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and pr ...) + NOT-FOR-US: Daikin +CVE-2022-38142 (Delta Electronics InfraSuite Device Master versions 00.00.01a and prio ...) + NOT-FOR-US: Delta Electronics +CVE-2022-3361 (The Ultimate Member plugin for WordPress is vulnerable to directory tr ...) + NOT-FOR-US: Ultimate Member plugin for WordPress +CVE-2022-3360 (The LearnPress WordPress plugin before 4.1.7.2 unserialises user input ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3359 (The Shortcodes and extra features for Phlox theme WordPress plugin bef ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3358 (OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_me ...) + - openssl 3.0.7-1 (bug #1021620) + [bullseye] - openssl (Only affects 3.x) + [buster] - openssl (Only affects 3.x) + NOTE: https://www.openssl.org/news/secadv/20221011.txt +CVE-2022-3357 (The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3356 + RESERVED +CVE-2022-3355 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...) + NOT-FOR-US: inventree +CVE-2022-41768 + RESERVED +CVE-2022-41767 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) + {DSA-5246-1 DLA-3148-1} + - mediawiki 1:1.35.8-1 + NOTE: https://phabricator.wikimedia.org/T316304 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836891 +CVE-2022-41766 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) + - mediawiki (Vulnerable code not present, only affects 1.37 and later) + NOTE: https://phabricator.wikimedia.org/T307278 +CVE-2022-41765 (An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x ...) + {DSA-5246-1 DLA-3148-1} + - mediawiki 1:1.35.8-1 + NOTE: https://phabricator.wikimedia.org/T309894 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/836892 +CVE-2022-41764 + RESERVED +CVE-2022-41763 (An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exi ...) + NOT-FOR-US: NOKIA AMS +CVE-2022-41762 + RESERVED +CVE-2022-41761 + RESERVED +CVE-2022-41760 + RESERVED +CVE-2022-41759 + RESERVED +CVE-2022-41758 + RESERVED +CVE-2022-41757 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: Arm Mali GPU Kernel Driver +CVE-2022-41756 + RESERVED +CVE-2022-41755 + RESERVED +CVE-2022-41754 + RESERVED +CVE-2022-41753 + RESERVED +CVE-2022-41752 + RESERVED +CVE-2022-41751 (Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by pl ...) + {DSA-5294-1 DLA-3219-1} + - jhead 1:3.06.0.1-3 (bug #1022028) + NOTE: https://github.com/Matthias-Wandel/jhead/pull/57 + NOTE: https://github.com/Matthias-Wandel/jhead/commit/6985da52c9ad4f5f6c247269cb5508fae34a971c + NOTE: https://github.com/Matthias-Wandel/jhead/commit/3fe905cf674f8dbac8a89e58cee1b4850abf9530 + NOTE: Fixes are insufficient: https://github.com/Matthias-Wandel/jhead/issues/60 + NOTE: https://github.com/Matthias-Wandel/jhead/commit/ec67262b8e5a4b05d8ad6898a09f1dc3fc032062 + NOTE: Further followup (bug #1023303): https://github.com/Matthias-Wandel/jhead/issues/65 +CVE-2022-41750 + RESERVED +CVE-2022-41749 (An origin validation error vulnerability in Trend Micro Apex One agent ...) + NOT-FOR-US: Trend Micro +CVE-2022-41748 (A registry permissions vulnerability in the Trend Micro Apex One Data ...) + NOT-FOR-US: Trend Micro +CVE-2022-41747 (An improper certification validation vulnerability in Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2022-41746 (A forced browsing vulnerability in Trend Micro Apex One could allow an ...) + NOT-FOR-US: Trend Micro +CVE-2022-41745 (An Out-of-Bounds access vulnerability in Trend Micro Apex One could al ...) + NOT-FOR-US: Trend Micro +CVE-2022-41744 (A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One ...) + NOT-FOR-US: Trend Micro +CVE-2022-41700 (Insecure inherited permissions in some Intel(R) NUC Pro Software Suite ...) + NOT-FOR-US: Intel +CVE-2022-41646 (Insufficient control flow management in the Intel(R) IPP Cryptography ...) + NOT-FOR-US: Intel +CVE-2022-41628 (Uncontrolled search path element in the HotKey Services for some Intel ...) + NOT-FOR-US: Intel +CVE-2022-41614 (Insufficiently protected credentials in the Intel(R) ON Event Series A ...) + NOT-FOR-US: Intel +CVE-2022-40974 (Incomplete cleanup in the Intel(R) IPP Cryptography software before ve ...) + NOT-FOR-US: Intel +CVE-2022-40685 (Insufficiently protected credentials in the Intel(R) DCM software befo ...) + NOT-FOR-US: Intel +CVE-2022-40207 (Improper access control in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-38101 (Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update ...) + NOT-FOR-US: Intel +CVE-2022-37410 + RESERVED +CVE-2022-37409 (Insufficient control flow management for the Intel(R) IPP Cryptography ...) + NOT-FOR-US: Intel +CVE-2022-41743 (NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in t ...) + NOT-FOR-US: NGINX Plus +CVE-2022-41742 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...) + {DSA-5281-1 DLA-3203-1} + - nginx 1.22.1-1 + NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1) + NOTE: Only affects the nginx-extras binary package +CVE-2022-41741 (NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source ...) + {DSA-5281-1 DLA-3203-1} + - nginx 1.22.1-1 + NOTE: https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea (release-1.22.1) + NOTE: Only affects the nginx-extras binary package +CVE-2022-41740 (IBM Robotic Process Automation 20.12 through 21.0.6 could allow an att ...) + NOT-FOR-US: IBM +CVE-2022-41739 (IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access ...) + NOT-FOR-US: IBM +CVE-2022-41738 + RESERVED +CVE-2022-41737 + RESERVED +CVE-2022-41736 (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5 ...) + NOT-FOR-US: IBM +CVE-2022-41735 (IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through ...) + NOT-FOR-US: IBM +CVE-2022-41734 (IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2022-41733 (IBM InfoSphere Information Server 11.7 could allow a remote attacked t ...) + NOT-FOR-US: IBM +CVE-2022-41732 (IBM Maximo Mobile 8.7 and 8.8 stores user credentials in plain clear t ...) + NOT-FOR-US: IBM +CVE-2022-41731 (IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-41730 + RESERVED +CVE-2022-41729 + RESERVED +CVE-2022-41728 + RESERVED +CVE-2022-41727 (An attacker can craft a malformed TIFF image which will consume a sign ...) + - golang-golang-x-image 0.5.0-1 + [bullseye] - golang-golang-x-image (Minor issue) + [buster] - golang-golang-x-image (Limited support, minor issue, DoS) +CVE-2022-41726 + RESERVED +CVE-2022-41725 (A denial of service is possible from excessive resource consumption in ...) + - golang-1.20 1.20.1-1 + [experimental] - golang-1.19 1.19.6-1 + - golang-1.19 1.19.6-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E + NOTE: https://go.dev/issue/58006 +CVE-2022-41724 (Large handshake records may cause panics in crypto/tls. Both clients a ...) + - golang-1.20 1.20.1-1 + [experimental] - golang-1.19 1.19.6-1 + - golang-1.19 1.19.6-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 (Vulnerable code introduced later) + NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E + NOTE: https://go.dev/issue/58001 + NOTE: https://github.com/golang/go/commit/66c58b946beaa38de35241c3f64ec358f5ad03f1 (master) + NOTE: Introduced by: https://github.com/golang/go/commit/4c8b09e9183390d6ab80d3f53a9fe5f6ace92f06 (go1.12beta1) + NOTE: Introduced by: https://github.com/golang/go/commit/6435d0cfbf72f405f31430e60766add6d6762fe1 (go1.12beta1) +CVE-2022-41723 (A maliciously crafted HTTP/2 stream could cause excessive CPU consumpt ...) + - golang-1.20 1.20.1-1 + [experimental] - golang-1.19 1.19.6-1 + - golang-1.19 1.19.6-2 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + - golang-golang-x-net 1:0.7.0+dfsg-1 + [bullseye] - golang-golang-x-net (Minor issue) + NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E + NOTE: https://go.dev/issue/57855 +CVE-2022-41722 (A path traversal vulnerability exists in filepath.Clean on Windows. On ...) + - golang-1.20 1.20.1-1 (unimportant) + [experimental] - golang-1.19 1.19.6-1 + - golang-1.19 1.19.6-2 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) + NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E + NOTE: Only affects code cross compiled on Debian for Windows binaries +CVE-2022-41721 (A request smuggling attack is possible when using MaxBytesHandler. Whe ...) + - golang-golang-x-net 1:0.4.0+dfsg-1 + [bullseye] - golang-golang-x-net (Vulnerable code not present) + [buster] - golang-golang-x-net (Vulnerable code not present) + NOTE: https://go-review.googlesource.com/c/net/+/447396 + NOTE: https://github.com/golang/go/issues/56352 + NOTE: https://pkg.go.dev/vuln/GO-2023-1495 + NOTE: Fixed in https://go.googlesource.com/net/+/702349b0e8628371f0e5ba0c10407448d60a67b1 (v0.2.0) + NOTE: Introduced in https://go.googlesource.com/net/+/1d687d428aca0546c0ca84160c8700ee521e9fb9 (v0.1.0) +CVE-2022-41720 (On Windows, restricted files can be accessed via os.DirFS and http.Dir ...) + - golang-1.19 1.19.4-1 (unimportant) + - golang-1.18 1.18.9-1 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) + NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU + NOTE: https://go.dev/issue/56694 + NOTE: Only affects code cross compiled on Debian for Windows binaries +CVE-2022-41719 (Unmarshal can panic on some inputs, possibly allowing for denial of se ...) + NOT-FOR-US: shamaton/msgpack +CVE-2022-41718 + RESERVED +CVE-2022-41717 (An attacker can cause excessive memory growth in a Go server accepting ...) + - golang-1.19 1.19.4-1 + - golang-1.18 1.18.9-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + - golang-golang-x-net 1:0.4.0+dfsg-1 + [bullseye] - golang-golang-x-net (Minor issue) + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU + NOTE: https://go.dev/issue/56350 + NOTE: https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4) + NOTE: https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9) + NOTE: https://github.com/golang/net/commit/1e63c2f08a10a150fa02c50ece89b340ae64efe4 (v0.4.0) +CVE-2022-41716 (Due to unsanitized NUL values, attackers may be able to maliciously se ...) + - golang-1.19 1.19.3-1 (unimportant) + - golang-1.18 1.18.8-1 (unimportant) + - golang-1.15 (unimportant) + - golang-1.11 (unimportant) + NOTE: https://go.dev/issue/56284 + NOTE: https://go.dev/cl/446916 + NOTE: https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ + NOTE: Only affects code cross compiled on Debian for Windows binaries +CVE-2022-41715 (Programs which compile regular expressions from untrusted sources may ...) + - golang-1.19 1.19.2-1 + - golang-1.18 1.18.7-1 + - golang-1.17 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/55949 + NOTE: https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2) + NOTE: https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7) +CVE-2022-41714 (fastest-json-copy version 1.0.1 allows an external attacker to edit or ...) + NOT-FOR-US: fastest-json-copy Nodejs module +CVE-2022-41713 (deep-object-diff version 1.1.0 allows an external attacker to edit or ...) + NOT-FOR-US: deep-object-diff Nodejs module +CVE-2022-41712 (Frappe version 14.10.0 allows an external attacker to remotely obtain ...) + NOT-FOR-US: Frappe Framework +CVE-2022-41711 (Badaso version 2.6.0 allows an unauthenticated remote attacker to exec ...) + NOT-FOR-US: Badaso +CVE-2022-41710 (Markdownify version 1.4.1 allows an external attacker to remotely obta ...) + NOT-FOR-US: Markdownify +CVE-2022-41709 (Markdownify version 1.4.1 allows an external attacker to execute arbit ...) + NOT-FOR-US: Markdownify +CVE-2022-41708 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) + NOT-FOR-US: Relatedcode's Messenger +CVE-2022-41707 (Relatedcode's Messenger version 7bcd20b allows an authenticated extern ...) + NOT-FOR-US: Relatedcode's Messenger +CVE-2022-41706 (Browsershot version 3.57.2 allows an external attacker to remotely obt ...) + NOT-FOR-US: Browsershot +CVE-2022-41705 (Badaso version 2.6.3 allows an unauthenticated remote attacker to exec ...) + NOT-FOR-US: Badaso +CVE-2022-41704 (A vulnerability in Batik of Apache XML Graphics allows an attacker to ...) + {DSA-5264-1 DLA-3169-1} + - batik 1.16+dfsg-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/2 + NOTE: https://issues.apache.org/jira/browse/BATIK-1338 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1904320 +CVE-2022-41703 (A vulnerability in the SQL Alchemy connector of Apache Superset allows ...) + NOT-FOR-US: Apache Superset +CVE-2022-41690 (Improper access control in the Intel(R) Retail Edge Mobile iOS applica ...) + NOT-FOR-US: Intel +CVE-2022-41689 (Improper access control in some Intel In-Band Manageability software b ...) + NOT-FOR-US: Intel +CVE-2022-41682 + RESERVED +CVE-2022-41681 (There is a vulnerability on Forma LMS version 3.1.0 and earlier that c ...) + NOT-FOR-US: Forma LMS +CVE-2022-41680 (Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL inje ...) + NOT-FOR-US: Forma LMS +CVE-2022-41679 (Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scri ...) + NOT-FOR-US: Forma LMS +CVE-2022-41678 (Once an user is authenticated on Jolokia, he can potentially trigger a ...) + - activemq 5.17.6+dfsg-1 + NOTE: https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl + NOTE: https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt +CVE-2022-41677 (An information disclosure vulnerability was discovered in Bosch IP cam ...) + NOT-FOR-US: Bosch +CVE-2022-41658 (Insecure inherited permissions in the Intel(R) VTune(TM) Profiler soft ...) + NOT-FOR-US: Intel +CVE-2022-41637 + RESERVED +CVE-2022-41626 + RESERVED +CVE-2022-41341 + RESERVED +CVE-2022-40689 + RESERVED +CVE-2022-40688 + RESERVED +CVE-2022-38787 (Improper input validation in firmware for some Intel(R) FPGA products ...) + NOT-FOR-US: Intel +CVE-2022-38786 (Improper access control in some Intel Battery Life Diagnostic Tool sof ...) + NOT-FOR-US: Intel +CVE-2022-3354 (A vulnerability has been found in Open5GS up to 2.4.10 and classified ...) + NOT-FOR-US: Open5GS +CVE-2022-3353 (A vulnerability exists in the IEC 61850 communication stack that affec ...) + NOT-FOR-US: Hitachi +CVE-2022-3352 (Use After Free in GitHub repository vim/vim prior to 9.0.0614.) + {DLA-3204-1} + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/d058f182-a49b-40c7-9234-43d4c5a29f60 + NOTE: https://github.com/vim/vim/commit/ef976323e770315b5fca544efb6b2faa25674d15 (v9.0.0614) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3351 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Only affects Gitlab EE) +CVE-2022-3350 (The Contact Bank WordPress plugin through 3.0.30 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3349 (A vulnerability was found in Sony PS4 and PS5. It has been classified ...) + NOT-FOR-US: Sony +CVE-2022-3348 (Just like in the previous report, an attacker could steal the account ...) + NOT-FOR-US: ToolJet +CVE-2021-46841 (This issue was addressed by using HTTPS when sending information over ...) + NOT-FOR-US: Apple +CVE-2022-41676 (Raiden MAILD Mail Server website mail field has insufficient filtering ...) + NOT-FOR-US: Raiden MAILD Mail Server +CVE-2022-41675 (A remote attacker with general user privilege can inject malicious cod ...) + NOT-FOR-US: Raiden MAILD Mail Server +CVE-2022-41674 (An issue was discovered in the Linux kernel before 5.19.16. Attackers ...) + {DSA-5257-1 DLA-3173-1} + - linux 6.0.2-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/13/2 + NOTE: https://lore.kernel.org/netdev/20221013100522.46346-1-johannes@sipsolutions.net/T/#u + NOTE: https://github.com/PurpleVsGreen/beacown +CVE-2022-41673 + RESERVED +CVE-2022-41672 (In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn' ...) + - airflow (bug #819700) +CVE-2022-41671 (A CWE-89: Improper Neutralization of Special Elements used in SQL Comm ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41670 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41669 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41668 (A CWE-704: Incorrect Project Conversion vulnerability exists that allo ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41667 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41666 (A CWE-347: Improper Verification of Cryptographic Signature vulnerabil ...) + NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE +CVE-2022-41665 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) + NOT-FOR-US: Siemens +CVE-2022-41664 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-41663 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-41662 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-41661 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-41660 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-41656 + RESERVED +CVE-2022-41655 (Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Ord ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41650 + RESERVED +CVE-2022-41647 + RESERVED +CVE-2022-41643 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Acce ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41640 (Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41638 (Auth. Stored Cross-Site Scripting (XSS) in Pop-Up Chop Chop plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41635 (Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Ship ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41634 (Cross-Site Request Forgery (CSRF) vulnerability in Media Library Folde ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41633 (Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41623 (Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping an ...) + NOT-FOR-US: Villatheme ALD +CVE-2022-41620 (Cross-Site Request Forgery (CSRF) vulnerability inSeoSamba for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41618 (Unauthenticated Error Log Disclosure vulnerability in Media Library As ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41616 (Improper Neutralization of Formula Elements in a CSV File vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41615 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41612 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shar ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41609 (Auth. (subscriber+) Server-Side Request Forgery (SSRF) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41608 (Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgar ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41606 (HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 job ...) + - nomad (bug #1021670) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420 +CVE-2022-41605 + RESERVED +CVE-2022-41604 (Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows lo ...) + NOT-FOR-US: Check Point ZoneAlarm Extreme Security +CVE-2022-41603 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41602 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41601 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41600 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41599 (The system service has a vulnerability that causes incorrect return va ...) + NOT-FOR-US: Huawei +CVE-2022-41598 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41597 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41596 (The system tool has inconsistent serialization and deserialization. Su ...) + NOT-FOR-US: Huawei +CVE-2022-41595 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41594 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41593 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41592 (The phones have the heap overflow, out-of-bounds read, and null pointe ...) + NOT-FOR-US: Huawei +CVE-2022-41591 (The backup module has a path traversal vulnerability. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2022-41590 (Some smartphones have authentication-related (including session manage ...) + NOT-FOR-US: Huawei +CVE-2022-41589 (The DFX unwind stack module of the ArkCompiler has a vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2022-41588 (The home screen module has a vulnerability in service logic processing ...) + NOT-FOR-US: Huawei +CVE-2022-41587 (Uncaptured exceptions in the home screen module. Successful exploitati ...) + NOT-FOR-US: Huawei +CVE-2022-41586 (The communication framework module has a vulnerability of not truncati ...) + NOT-FOR-US: Huawei +CVE-2022-41585 (The kernel module has an out-of-bounds read vulnerability.Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-41584 (The kernel module has an out-of-bounds read vulnerability.Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-41583 (The storage maintenance and debugging module has an array out-of-bound ...) + NOT-FOR-US: Huawei +CVE-2022-41582 (The security module has configuration defects.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-41581 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...) + NOT-FOR-US: Huawei +CVE-2022-41580 (The HW_KEYMASTER module has a vulnerability of not verifying the data ...) + NOT-FOR-US: Huawei +CVE-2022-41579 (There is an insufficient authentication vulnerability in some Huawei b ...) + NOT-FOR-US: Huawei +CVE-2022-41578 (The MPTCP module has an out-of-bounds write vulnerability.Successful e ...) + NOT-FOR-US: Huawei +CVE-2022-41577 (The kernel server has a vulnerability of not verifying the length of t ...) + NOT-FOR-US: Huawei +CVE-2022-41576 (The rphone module has a script that can be maliciously modified.Succes ...) + NOT-FOR-US: Huawei +CVE-2022-41575 (A credential-exposure vulnerability in the support-bundle mechanism in ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-41574 (An access-control vulnerability in Gradle Enterprise 2022.4 through 20 ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-41573 + RESERVED +CVE-2022-41572 + RESERVED +CVE-2022-41571 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local f ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-41570 (An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthe ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-41569 + RESERVED +CVE-2022-41315 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in Ezoic plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41155 (Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41136 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41135 (Unauth. Plugin Settings Change vulnerability in Modula plugin <= 2.6.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41134 (Cross-Site Request Forgery (CSRF) inOptinlyHQ Optinly \u2013 Exit Inte ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41132 (Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40975 + RESERVED +CVE-2022-40966 (Authentication bypass vulnerability in multiple Buffalo network device ...) + NOT-FOR-US: Buffalo +CVE-2022-40702 + RESERVED +CVE-2022-40700 + RESERVED +CVE-2022-40699 (Cross-Site Scripting (XSS) vulnerability in Dario Curvino Yasr \u2013 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40697 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in3com ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40694 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40311 (Auth. (admin+) Stored Cross-Site Scripting (XSS) in Fatcat Apps Analyt ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40218 + RESERVED +CVE-2022-40216 (Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Mes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40209 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inXylus The ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40203 + RESERVED +CVE-2022-40192 (Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40130 (Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40128 (Cross-Site Request Forgery (CSRF) vulnerability in Advanced Order Expo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-39044 (Hidden functionality vulnerability in multiple Buffalo network devices ...) + NOT-FOR-US: Buffalo +CVE-2022-38467 (Reflected Cross-Site Scripting (XSS) vulnerability inCRM Perks Forms \ ...) + NOT-FOR-US: CRM Perks +CVE-2022-38456 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38141 + RESERVED +CVE-2022-38063 (Cross-Site Request Forgery (CSRF) vulnerability in Social Login WP plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38057 + RESERVED +CVE-2022-38055 + RESERVED +CVE-2022-36418 + RESERVED +CVE-2022-36399 + RESERVED +CVE-2022-35730 (Cross-Site Request Forgery (CSRF) vulnerability inOceanwp sticky heade ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34840 (Use of hard-coded credentials vulnerability in multiple Buffalo networ ...) + NOT-FOR-US: Buffalo +CVE-2022-3347 (DNSSEC validation is not performed correctly. An attacker can cause th ...) + NOT-FOR-US: goresolver +CVE-2022-3346 (DNSSEC validation is not performed correctly. An attacker can cause th ...) + NOT-FOR-US: goresolver +CVE-2022-3345 + RESERVED +CVE-2022-3344 (A flaw was found in the KVM's AMD nested virtualization (SVM). A malic ...) + - linux 6.0.12-1 + NOTE: https://lore.kernel.org/lkml/20221020093055.224317-5-mlevitsk@redhat.com/T/ +CVE-2022-3343 (The WPQA Builder WordPress plugin before 5.9.3 (which is a companion p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3342 (The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserializa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3341 (A null pointer dereference issue was discovered in 'FFmpeg' in decode_ ...) + {DLA-3454-1} + - ffmpeg 7:5.1-1 + [bullseye] - ffmpeg (Minor issue, wait until fixed in 4.3.x) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2157054 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cf652cef49d74afe3d454f27d49eb1a1394951e (n5.1) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/08f0a18c3488b2fb8297ebba3684792da8a6606e (n4.1.11) +CVE-2022-3340 (XML External Entity (XXE) vulnerability in Trellix IPS Manager prior t ...) + NOT-FOR-US: Trellix IPS Manager +CVE-2022-3339 (A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5 ...) + NOT-FOR-US: Trellix ePolicy Orchestrator +CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update ...) + NOT-FOR-US: Trellix ePolicy Orchestrator +CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP mobile cl ...) + NOT-FOR-US: Cloudflare +CVE-2022-3336 (The Event Monster WordPress plugin before 1.2.0 does not have CSRF che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 u ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3334 (The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the conten ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3333 (A vulnerability, which was classified as problematic, was found in Zep ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3332 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Food Ordering Management System +CVE-2022-3331 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Only affects EE) +CVE-2022-3330 (It was possible for a guest user to read a todo targeting an inaccessi ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3329 + RESERVED +CVE-2022-30544 (Cross-Site Request Forgery (CSRF) in MiKa'sOSM \u2013 OpenStreetMap pl ...) + NOT-FOR-US: MiKa +CVE-2022-27628 (Cross-Site Request Forgery (CSRF) vulnerability inAA-TeamWZone \u2013 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26375 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mamm ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46840 (The HW_KEYMASTER module has an out-of-bounds access vulnerability in p ...) + NOT-FOR-US: Huawei +CVE-2021-46839 (The HW_KEYMASTER module has a vulnerability of missing bounds check on ...) + NOT-FOR-US: Huawei +CVE-2020-36605 (Incorrect Default Permissions vulnerability in Hitachi Infrastructure ...) + NOT-FOR-US: Hitachi +CVE-2022-41568 (LINE client for iOS before 12.17.0 might be crashed by sharing an inva ...) + NOT-FOR-US: LINE client for iOS +CVE-2022-41567 (The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO Busine ...) + NOT-FOR-US: BusinessConnect UI component of TIBCO +CVE-2022-41566 (The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contai ...) + NOT-FOR-US: TIBCO +CVE-2022-41565 (The Web Application component of TIBCO Software Inc.'s TIBCO EBX and T ...) + NOT-FOR-US: TIBCO +CVE-2022-41564 (The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIB ...) + NOT-FOR-US: TIBCO +CVE-2022-41563 (The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports S ...) + NOT-FOR-US: TIBCO +CVE-2022-41562 (The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperRepor ...) + NOT-FOR-US: TIBCO +CVE-2022-41561 (The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperR ...) + NOT-FOR-US: TIBCO +CVE-2022-41560 (The Statement Set Upload via the Web Client component of TIBCO Softwar ...) + NOT-FOR-US: TIBCO +CVE-2022-41559 (The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contain ...) + NOT-FOR-US: TIBCO +CVE-2022-41558 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...) + NOT-FOR-US: TIBCO +CVE-2022-41342 (Improper buffer restrictions in the Intel(R) C++ Compiler Classic befo ...) + NOT-FOR-US: Intel +CVE-2022-41314 (Uncontrolled search path in some Intel(R) Network Adapter installer so ...) + NOT-FOR-US: Intel +CVE-2022-40982 (Information exposure through microarchitectural state after transient ...) + {DSA-5475-1 DSA-5474-1 DLA-3537-1 DLA-3525-1 DLA-3524-1} + - linux 6.4.4-3 + - intel-microcode 3.20230808.1 (bug #1043305) + NOTE: https://www.openwall.com/lists/oss-security/2023/08/08/5 + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/gather-data-sampling.html + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00828.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230808 + NOTE: https://downfall.page/ +CVE-2022-40971 (Incorrect default permissions for the Intel(R) HDMI Firmware Update To ...) + NOT-FOR-US: Intel +CVE-2022-40970 + RESERVED +CVE-2022-40964 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3596-1} + - firmware-nonfree (bug #1051892) + [bookworm] - firmware-nonfree (Non-free not supported) + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html + NOTE: Fixed upstream in linux-firmware/20230804 +CVE-2022-40210 (Exposure of data element to wrong session in the Intel DCM software be ...) + NOT-FOR-US: Intel +CVE-2022-40196 (Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler befo ...) + NOT-FOR-US: Intel +CVE-2022-38136 (Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for ...) + NOT-FOR-US: Intel +CVE-2022-38099 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Co ...) + NOT-FOR-US: Intel +CVE-2022-3328 + RESERVED + {DSA-5292-1 DLA-3215-1} + - snapd 2.57.6-1 + NOTE: https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/d9d8c2f6f6c0310bd10e3061030e8bf9e9e49949 (2.57.6) + NOTE: https://github.com/snapcore/snapd/commit/1816f8dd9e33c252b6aa6c7e6205baa9161c2d4c (2.57.6) + NOTE: https://github.com/snapcore/snapd/releases/tag/2.57.6 + NOTE: https://www.openwall.com/lists/oss-security/2022/11/30/2 +CVE-2022-3327 (Missing Authentication for Critical Function in GitHub repository ikus ...) + - rdiffweb (bug #969974) +CVE-2022-3326 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) + - rdiffweb (bug #969974) +CVE-2022-3325 (Improper access control in the GitLab CE/EE API affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3324 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) + {DLA-3182-1} + - vim 2:9.0.0626-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/e414e55b-f332-491f-863b-c18dca97403c/ + NOTE: https://github.com/vim/vim/commit/8279af514ca7e5fd3c31cf13b0864163d1a0bfeb (v9.0.0598) +CVE-2022-3323 (An SQL injection vulnerability in Advantech iView 5.7.04.6469. The spe ...) + NOT-FOR-US: Advantech iView +CVE-2022-41557 + RESERVED +CVE-2022-41556 (A resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 coul ...) + {DSA-5243-1} + - lighttpd 1.4.67-1 + [buster] - lighttpd (vulnerable code inserted in lighttpd-1.4.55-211-gbcddbe18) + NOTE: https://github.com/lighttpd/lighttpd1.4/pull/115 + NOTE: Introduced by: https://github.com/lighttpd/lighttpd1.4/commit/bcddbe186f010e2964f7551141c0b8350b36817d (lighttpd-1.4.56-rc1) + NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50 (lighttpd-1.4.67) +CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior to v22. ...) + NOT-FOR-US: BookStack +CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which, when enab ...) + NOT-FOR-US: Cloudflare +CVE-2022-3321 (It was possible to bypass Lock WARP switch feature https://developers ...) + NOT-FOR-US: Cloudflare +CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust Secure We ...) + NOT-FOR-US: Cloudflare +CVE-2022-3319 + RESERVED +CVE-2022-3318 (Use after free in ChromeOS Notifications in Google Chrome on ChromeOS ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3317 (Insufficient validation of untrusted input in Intents in Google Chrome ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3316 (Insufficient validation of untrusted input in Safe Browsing in Google ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3315 (Type confusion in Blink in Google Chrome prior to 106.0.5249.62 allowe ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3314 (Use after free in logging in Google Chrome prior to 106.0.5249.62 allo ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3313 (Incorrect security UI in full screen in Google Chrome prior to 106.0.5 ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3312 (Insufficient validation of untrusted input in VPN in Google Chrome on ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3311 (Use after free in import in Google Chrome prior to 106.0.5249.62 allow ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3310 (Insufficient policy enforcement in custom tabs in Google Chrome on And ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3309 (Use after free in assistant in Google Chrome on ChromeOS prior to 106. ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3308 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3307 (Use after free in media in Google Chrome prior to 106.0.5249.62 allowe ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3306 (Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5 ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3305 (Use after free in survey in Google Chrome on ChromeOS prior to 106.0.5 ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3304 (Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed ...) + {DSA-5244-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3303 (A race condition flaw was found in the Linux kernel sound subsystem du ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.19.11-1 + NOTE: https://git.kernel.org/linus/8423f0b6d513b259fdab9c9bf4aaa6188d054c2d (6.0-rc5) +CVE-2022-3302 (The Spam protection, AntiSpam, FireWall by CleanTalk WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3301 (Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdif ...) + - rdiffweb (bug #969974) +CVE-2022-3300 (The Form Maker by 10Web WordPress plugin before 1.15.6 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41553 (Insertion of Sensitive Information into Temporary File vulnerability i ...) + NOT-FOR-US: Hitachi +CVE-2022-41552 (Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastruc ...) + NOT-FOR-US: Hitachi +CVE-2022-41551 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Garage Management System +CVE-2022-41550 (GNU oSIP v5.3.0 was discovered to contain an integer overflow via the ...) + - libosip2 5.3.0-2.1 (bug #1021662) + [bullseye] - libosip2 (Minor issue) + [buster] - libosip2 (Minor issue) + NOTE: https://savannah.gnu.org/bugs/?63103 + NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=f77f16c832c3c37589c2b749f01b644dc44a55b5 +CVE-2022-41549 + RESERVED +CVE-2022-41548 + RESERVED +CVE-2022-41547 (Mobile Security Framework (MobSF) v0.9.2 and below was discovered to c ...) + NOT-FOR-US: Mobile Security Framework +CVE-2022-41546 + RESERVED +CVE-2022-41545 + RESERVED +CVE-2022-41544 (GetSimple CMS v3.3.16 was discovered to contain a remote code executio ...) + NOT-FOR-US: GetSimple CMS +CVE-2022-41543 + RESERVED +CVE-2022-41542 (devhub 0.102.0 was discovered to contain a broken session control.) + NOT-FOR-US: devhub +CVE-2022-41541 (TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack b ...) + NOT-FOR-US: TP-Link +CVE-2022-41540 (The web app client of TP-Link AX10v1 V1_211117 uses hard-coded cryptog ...) + NOT-FOR-US: TP-Link +CVE-2022-41539 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...) + NOT-FOR-US: Wedding Planner +CVE-2022-41538 (Wedding Planner v1.0 was discovered to contain an arbitrary file uploa ...) + NOT-FOR-US: Wedding Planner +CVE-2022-41537 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-41536 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41535 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41534 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-41533 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-41532 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41531 + RESERVED +CVE-2022-41530 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41529 + RESERVED +CVE-2022-41528 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41527 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41526 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41525 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41524 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41523 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41522 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an u ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41521 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41520 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain an a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41519 + RESERVED +CVE-2022-41518 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41517 (TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a st ...) + NOT-FOR-US: TOTOLINK +CVE-2022-41516 + RESERVED +CVE-2022-41515 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41514 (Open Source SACCO Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Open Source SACCO Management System +CVE-2022-41513 (Online Diagnostic Lab Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-41512 (An arbitrary file upload vulnerability in the component /php_action/ed ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-41511 + RESERVED +CVE-2022-41510 + RESERVED +CVE-2022-41509 + RESERVED +CVE-2022-41508 + RESERVED +CVE-2022-41507 + RESERVED +CVE-2022-41506 + RESERVED +CVE-2022-41505 (An access control issue on TP-LInk Tapo C200 V1 devices allows physica ...) + NOT-FOR-US: TP-Link +CVE-2022-41504 (An arbitrary file upload vulnerability in the component /php_action/ed ...) + NOT-FOR-US: Billing System Project +CVE-2022-41503 + RESERVED +CVE-2022-41502 + RESERVED +CVE-2022-41501 + RESERVED +CVE-2022-41500 (EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request F ...) + NOT-FOR-US: Eyoucms +CVE-2022-41499 + RESERVED +CVE-2022-41498 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-41497 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...) + NOT-FOR-US: ClipperCMS +CVE-2022-41496 (iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery ( ...) + NOT-FOR-US: iCMS +CVE-2022-41495 (ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forge ...) + NOT-FOR-US: ClipperCMS +CVE-2022-41494 + RESERVED +CVE-2022-41493 + RESERVED +CVE-2022-41492 + RESERVED +CVE-2022-41491 + RESERVED +CVE-2022-41490 + RESERVED +CVE-2022-41489 (WAYOS LQ_09 22.03.17V was discovered to contain a Cross-Site Request F ...) + NOT-FOR-US: WAYOS +CVE-2022-41488 + RESERVED +CVE-2022-41487 + RESERVED +CVE-2022-41486 + RESERVED +CVE-2022-41485 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) + NOT-FOR-US: Tenda +CVE-2022-41484 (Tenda AC1900 AP500(US)_V1_180320(Beta) was discovered to contain a buf ...) + NOT-FOR-US: Tenda +CVE-2022-41483 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) + NOT-FOR-US: Tenda +CVE-2022-41482 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) + NOT-FOR-US: Tenda +CVE-2022-41481 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) + NOT-FOR-US: Tenda +CVE-2022-41480 (Tenda AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 was discovered to ...) + NOT-FOR-US: Tenda +CVE-2022-41479 (The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ...) + NOT-FOR-US: DevExpress +CVE-2022-41478 + RESERVED +CVE-2022-41477 (A security issue was discovered in WeBid <=1.2.2. A Server-Side Reques ...) + NOT-FOR-US: WeBid +CVE-2022-41476 + RESERVED +CVE-2022-41475 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...) + NOT-FOR-US: RPCMS +CVE-2022-41474 (RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (C ...) + NOT-FOR-US: RPCMS +CVE-2022-41473 (RPCMS v3.0.2 was discovered to contain a reflected cross-site scriptin ...) + NOT-FOR-US: RPCMS +CVE-2022-41472 (74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: 74cmsSE +CVE-2022-41471 (74cmsSE v3.12.0 allows authenticated attackers with low-level privileg ...) + NOT-FOR-US: 74cmsSE +CVE-2022-41470 + RESERVED +CVE-2022-41469 + RESERVED +CVE-2022-41468 + RESERVED +CVE-2022-41467 + RESERVED +CVE-2022-41466 + RESERVED +CVE-2022-41465 + RESERVED +CVE-2022-41464 + RESERVED +CVE-2022-41463 + RESERVED +CVE-2022-41462 + RESERVED +CVE-2022-41461 + RESERVED +CVE-2022-41460 + RESERVED +CVE-2022-41459 + RESERVED +CVE-2022-41458 + RESERVED +CVE-2022-41457 + RESERVED +CVE-2022-41456 + RESERVED +CVE-2022-41455 + RESERVED +CVE-2022-41454 + RESERVED +CVE-2022-41453 + RESERVED +CVE-2022-41452 + RESERVED +CVE-2022-41451 + RESERVED +CVE-2022-41450 + RESERVED +CVE-2022-41449 + RESERVED +CVE-2022-41448 + RESERVED +CVE-2022-41447 + RESERVED +CVE-2022-41446 (An access control issue in /Admin/dashboard.php of Record Management S ...) + NOT-FOR-US: Record Management System +CVE-2022-41445 (A cross-site scripting (XSS) vulnerability in Record Management System ...) + NOT-FOR-US: Record Management System +CVE-2022-41444 (Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted P ...) + - cacti 1.2.22+ds1-1 + [bullseye] - cacti (Minor issue) + [buster] - cacti (Minor issue) + NOTE: https://gist.github.com/enferas/9079535112e4f4ff2c1d2ce1c099d4c2 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/ccb8b62de0f27f59d5e6073c2ae577a9ca7adaf8 (release/1.2.22) +CVE-2022-41443 (phpipam v1.5.0 was discovered to contain a header injection vulnerabil ...) + - phpipam (bug #731713) +CVE-2022-41442 (PicUploader v2.6.3 was discovered to contain cross-site scripting (XSS ...) + NOT-FOR-US: PicUploader +CVE-2022-41441 (Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 ...) + NOT-FOR-US: ReQlogic +CVE-2022-41440 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-41439 (Billing System Project v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Billing System Project +CVE-2022-41438 + RESERVED +CVE-2022-41437 (Billing System Project v1.0 was discovered to contain a remote code ex ...) + NOT-FOR-US: Billing System Project +CVE-2022-41436 (An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to acc ...) + NOT-FOR-US: OXHOO +CVE-2022-41435 (OpenWRT LuCI version git-22.140.66206-02913be was discovered to contai ...) + NOT-FOR-US: OpenWRT LuCI +CVE-2022-41434 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-41433 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-41432 (EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-41431 (xzs v3.8.0 was discovered to contain a cross-site scripting (XSS) vuln ...) + NOT-FOR-US: xzs +CVE-2022-41430 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) + NOT-FOR-US: Bento4 +CVE-2022-41429 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) + NOT-FOR-US: Bento4 +CVE-2022-41428 (Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP ...) + NOT-FOR-US: Bento4 +CVE-2022-41427 (Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_A ...) + NOT-FOR-US: Bento4 +CVE-2022-41426 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) + NOT-FOR-US: Bento4 +CVE-2022-41425 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation v ...) + NOT-FOR-US: Bento4 +CVE-2022-41424 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) + NOT-FOR-US: Bento4 +CVE-2022-41423 (Bento4 v1.6.0-639 was discovered to contain a segmentation violation i ...) + NOT-FOR-US: Bento4 +CVE-2022-41422 + RESERVED +CVE-2022-41421 + RESERVED +CVE-2022-41420 (nasm v2.16 was discovered to contain a stack overflow in the Ndisasm c ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392810 + NOTE: Negligible security impact +CVE-2022-41419 (Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_ ...) + NOT-FOR-US: Bento4 +CVE-2022-41418 (An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/Upload ...) + NOT-FOR-US: BlogEngine.NET +CVE-2022-41417 (BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with " ...) + NOT-FOR-US: BlogEngine.NET +CVE-2022-41416 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-41415 (Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a sta ...) + NOT-FOR-US: Acer +CVE-2022-41414 (An insecure default in the component auth.login.prompt.enabled of Life ...) + NOT-FOR-US: Liferay +CVE-2022-41413 (perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Reques ...) + NOT-FOR-US: perfSONAR +CVE-2022-41412 (An issue in the graphData.cgi component of perfSONAR v4.4.5 and prior ...) + NOT-FOR-US: perfSONAR +CVE-2022-41411 + RESERVED +CVE-2022-41410 + RESERVED +CVE-2022-41409 (Integer overflow vulnerability in pcre2test before 10.41 allows attack ...) + - pcre2 10.42-1 (unimportant) + NOTE: https://github.com/PCRE2Project/pcre2/issues/141 + NOTE: https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 + NOTE: Infinite loop in CLI tool, no security impact +CVE-2022-41408 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Online Pet Shop +CVE-2022-41407 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Online Pet Shop +CVE-2022-41406 (An arbitrary file upload vulnerability in the /admin/admin_pic.php com ...) + NOT-FOR-US: Church Management System +CVE-2022-41405 + RESERVED +CVE-2022-41404 (An issue in the fetch() method in the BasicProfile class of org.ini4j ...) + {DLA-3209-1} + - ini4j 0.5.4-1 + NOTE: https://sourceforge.net/p/ini4j/bugs/56/ +CVE-2022-41403 (OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL i ...) + NOT-FOR-US: OpenCart plugin +CVE-2022-41402 + RESERVED +CVE-2022-41401 (OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vul ...) + - openrefine 3.6.1-1 + NOTE: https://github.com/ixSly/CVE-2022-41401 + NOTE: https://github.com/OpenRefine/OpenRefine/issues/4918 + NOTE: https://github.com/OpenRefine/OpenRefine/commit/8cb2fec45dd90fda8ed9608c691f6bb8ed721cd2 (3.6-beta1) +CVE-2022-41400 (Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encryp ...) + NOT-FOR-US: Sage +CVE-2022-41399 (The optional Web Screens feature for Sage 300 through version 2022 use ...) + NOT-FOR-US: Sage +CVE-2022-41398 (The optional Global Search feature for Sage 300 through version 2022 u ...) + NOT-FOR-US: Sage +CVE-2022-41397 (The optional Web Screens and Global Search features for Sage 300 throu ...) + NOT-FOR-US: Sage +CVE-2022-41396 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) + NOT-FOR-US: Tenda +CVE-2022-41395 (Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to c ...) + NOT-FOR-US: Tenda +CVE-2022-41394 + RESERVED +CVE-2022-41393 + RESERVED +CVE-2022-41392 (A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 ...) + NOT-FOR-US: TotalJS CMS +CVE-2022-41391 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: OcoMon +CVE-2022-41390 (OcoMon v4.0 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: OcoMon +CVE-2022-41389 + RESERVED +CVE-2022-41388 + RESERVED +CVE-2022-41387 (The d8s-pdfs package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-pdfs +CVE-2022-41386 (The d8s-utility package for Python, as distributed on PyPI, included a ...) + NOT-FOR-US: d8s-utility +CVE-2022-41385 (The d8s-html package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-html +CVE-2022-41384 (The d8s-domains package for Python, as distributed on PyPI, included a ...) + NOT-FOR-US: d8s-domains +CVE-2022-41383 (The d8s-archives package for Python, as distributed on PyPI, included ...) + NOT-FOR-US: d8s-archives +CVE-2022-41382 (The d8s-json package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-json +CVE-2022-41381 (The d8s-utility package for Python, as distributed on PyPI, included a ...) + NOT-FOR-US: d8s-utility +CVE-2022-41380 (The d8s-yaml package for Python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-yaml +CVE-2022-41379 (An arbitrary file upload vulnerability in the component /leave_system/ ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-41378 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-41377 (Online Pet Shop We App v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-41376 (Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross- ...) + NOT-FOR-US: Metro UI +CVE-2022-41375 + RESERVED +CVE-2022-41374 + RESERVED +CVE-2022-41373 + RESERVED +CVE-2022-41372 + RESERVED +CVE-2022-41371 + RESERVED +CVE-2022-41370 + RESERVED +CVE-2022-41369 + RESERVED +CVE-2022-41368 + RESERVED +CVE-2022-41367 + RESERVED +CVE-2022-41366 + RESERVED +CVE-2022-41365 + RESERVED +CVE-2022-41364 + RESERVED +CVE-2022-41363 + RESERVED +CVE-2022-41362 + RESERVED +CVE-2022-41361 + RESERVED +CVE-2022-41360 + RESERVED +CVE-2022-41359 + RESERVED +CVE-2022-41358 (A stored cross-site scripting (XSS) vulnerability in Garage Management ...) + NOT-FOR-US: Garage Management System +CVE-2022-41357 + RESERVED +CVE-2022-41356 + RESERVED +CVE-2022-41355 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-41354 (An access control issue in Argo CD v2.4.12 and below allows unauthenti ...) + NOT-FOR-US: ArgoCD +CVE-2022-41353 + RESERVED +CVE-2022-41352 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ...) + NOT-FOR-US: Zimbra +CVE-2022-41351 (In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, on ...) + NOT-FOR-US: Zimbra +CVE-2022-41350 (In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail ...) + NOT-FOR-US: Zimbra +CVE-2022-41349 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose acce ...) + NOT-FOR-US: Zimbra +CVE-2022-41348 (An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occ ...) + NOT-FOR-US: Zimbra +CVE-2022-41347 (An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e ...) + NOT-FOR-US: Zimbra +CVE-2022-41346 + RESERVED + NOT-FOR-US: Mediawiki extension OAuth +CVE-2022-41345 + RESERVED + NOT-FOR-US: Mediawiki extension Translate +CVE-2022-41344 + RESERVED + NOT-FOR-US: Mediawiki extension PageTriage +CVE-2022-40984 (Stack-based buffer overflow in WTViewerE series WTViewerE 761941 from ...) + NOT-FOR-US: WTViewerE +CVE-2022-3299 (A vulnerability was found in Open5GS up to 2.4.10. It has been declare ...) + NOT-FOR-US: Open5GS +CVE-2022-3298 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-41343 (registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote f ...) + - php-dompdf (Vulnerable code introduced later) + NOTE: https://github.com/dompdf/dompdf/issues/2994 + NOTE: https://github.com/dompdf/dompdf/pull/2995 + NOTE: https://github.com/dompdf/dompdf/releases/tag/v2.0.1 + NOTE: https://tantosec.com/blog/cve-2022-41343/ +CVE-2022-36368 (Multiple stored cross-site scripting vulnerabilities in the web user i ...) + NOT-FOR-US: IPFire +CVE-2022-41340 (The secp256k1-js package before 1.1.0 for Node.js implements ECDSA wit ...) + NOT-FOR-US: Node secp256k1-js +CVE-2022-41339 (In Zoho ManageEngine Mobile Device Manager Plus before 10.1.2207.5, th ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-41338 + RESERVED +CVE-2022-41337 + RESERVED +CVE-2022-3297 (Use After Free in GitHub repository vim/vim prior to 9.0.0579.) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c + NOTE: https://github.com/vim/vim/commit/0ff01835a40f549c5c4a550502f62a2ac9ac447c (v9.0.0579) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3296 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. ...) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 + NOTE: https://github.com/vim/vim/commit/96b9bf8f74af8abf1e30054f996708db7dc285be (v9.0.0577) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3295 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3294 (Users may have access to secure endpoints in the control plane network ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2022-3293 (Email addresses were leaked in WebHook logs in GitLab EE affecting all ...) + - gitlab (Only affects Gitlab EE) +CVE-2022-3292 (Use of Cache Containing Sensitive Information in GitHub repository iku ...) + - rdiffweb (bug #969974) +CVE-2022-41336 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2022-41335 (A relative path traversal vulnerability[CWE-23] in Fortinet FortiOS ve ...) + NOT-FOR-US: Fortinet +CVE-2022-41334 (An improper neutralization of input during web page generation [CWE-79 ...) + NOT-FOR-US: Fortinet +CVE-2022-41333 (An uncontrolled resource consumption vulnerability [CWE-400] in FortiR ...) + NOT-FOR-US: Fortinet +CVE-2022-41332 + RESERVED +CVE-2022-41331 (A missing authentication for critical function vulnerability [CWE-306] ...) + NOT-FOR-US: Fortinet +CVE-2022-41330 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: Fortinet +CVE-2022-41329 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortinet +CVE-2022-41328 (A improper limitation of a pathname to a restricted directory vulnerab ...) + NOT-FOR-US: Fortinet +CVE-2022-41327 (A cleartext transmission of sensitive information vulnerability [CWE-3 ...) + NOT-FOR-US: Fortinet +CVE-2022-3291 (Serialization of sensitive data in GitLab EE affecting all versions fr ...) + - gitlab (Only affects Gitlab EE) +CVE-2022-3290 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) + - rdiffweb (bug #969974) +CVE-2022-3289 + RESERVED +CVE-2022-3288 (A branch/tag name confusion in GitLab CE/EE affecting all versions pri ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3287 (When creating an OPERATOR user account on the BMC, the redfish plugin ...) + - fwupd 1.8.5-1 + [bullseye] - fwupd (Minor issue) + [buster] - fwupd (Vulnerable code introduced in 1.7.0) + NOTE: https://github.com/fwupd/fwupd/commit/ea676855f2119e36d433fbd2ed604039f53b2091 (1.8.5) +CVE-2022-3286 (Lack of IP address checking in GitLab EE affecting all versions from 1 ...) + - gitlab (Only affects Gitlab EE) +CVE-2022-3285 (Bypass of healthcheck endpoint allow list affecting all versions from ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3284 (Download key for a file in a vault was passed in an insecure way that ...) + NOT-FOR-US: M-Files +CVE-2022-3283 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3282 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41326 (The web conferencing component of Mitel MiCollab through 9.6.0.13 coul ...) + NOT-FOR-US: Mitel +CVE-2022-41325 (An integer overflow in the VNC module in VideoLAN VLC Media Player thr ...) + {DSA-5297-1 DLA-3216-1} + - vlc 3.0.18-1 + NOTE: https://www.videolan.org/security/sb-vlc3018.html + NOTE: https://code.videolan.org/videolan/vlc/-/issues/27335 +CVE-2022-41324 + RESERVED +CVE-2022-41323 (In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, i ...) + {DSA-5254-1} + - python-django 3:3.2.16-1 + [buster] - python-django (Vulnerable code not present) + NOTE: https://www.djangoproject.com/weblog/2022/oct/04/security-releases/ + NOTE: https://www.openwall.com/lists/oss-security/2022/10/04/2 + NOTE: https://github.com/django/django/commit/e5ea2842941967f06cefa10865f303b39c95279f (main) + NOTE: https://github.com/django/django/commit/9d656ea51d9ea7105c0c0785783ac29d426a7d25 (4.1.2) + NOTE: https://github.com/django/django/commit/5b6b257fa7ec37ff27965358800c67e2dd11c924 (3.2.16) +CVE-2022-41321 + RESERVED +CVE-2022-41320 (Veritas System Recovery (VSR) versions 18 and 21 store a network desti ...) + NOT-FOR-US: Veritas System Recovery (VSR) +CVE-2022-41319 (A Reflected Cross-Site Scripting (XSS) vulnerability affects the Verit ...) + NOT-FOR-US: Veritas +CVE-2022-41316 (HashiCorp Vault and Vault Enterprise\u2019s TLS certificate auth metho ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2022-3281 (WAGO Series PFC100/PFC200, Series Touch Panel 600, Compact Controller ...) + NOT-FOR-US: WAGO +CVE-2022-3280 (An open redirect in GitLab CE/EE affecting all versions from 10.1 prio ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3279 (An unhandled exception in job log parsing in GitLab CE/EE affecting al ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3278 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.055 ...) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612/ + NOTE: https://github.com/vim/vim/commit/69082916c8b5d321545d60b9f5facad0a2dd5a4e (v9.0.0552) + NOTE: Crash in CLI toool, no security impact +CVE-2023-3637 (An uncontrolled resource consumption flaw was found in openstack-neutr ...) + - neutron (Fix for CVE-2022-3277 not applied) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2222270 +CVE-2022-3277 (An uncontrolled resource consumption flaw was found in openstack-neutr ...) + - neutron (bug #1027150) + [bookworm] - neutron (Minor issue) + [bullseye] - neutron (Minor issue) + [buster] - neutron (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129193 +CVE-2020-36604 (hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in t ...) + - node-hoek 9.0.3+~5.0.0+~4.0.0-1 + [buster] - node-hoek (Vulnerable code not present) + NOTE: https://github.com/hapijs/hoek/issues/352 + NOTE: Fixed by: https://github.com/hapijs/hoek/commit/948baf98634a5c206875b67d11368f133034fa90 (v9.0.3) +CVE-2022-3276 (Command injection is possible in the puppetlabs-mysql module prior to ...) + - puppet-module-puppetlabs-mysql (bug #1027154) + [bookworm] - puppet-module-puppetlabs-mysql (Minor issue) + [bullseye] - puppet-module-puppetlabs-mysql (Minor issue) + [buster] - puppet-module-puppetlabs-mysql (Minor issue) + NOTE: https://puppet.com/security/cve/CVE-2022-3276 + NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0) + NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0) + NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/6f531ad85c22ceeb5076347e6998e1d25b056dfd (v13.0.0) + NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/e70e7fd130aaa2fe1cefe4ccb628b304ad3c180a (v13.0.0) +CVE-2022-3275 (Command injection is possible in the puppetlabs-apt module prior to ve ...) + - puppet-module-puppetlabs-apt 9.0.1-1 (bug #1023625) + [bullseye] - puppet-module-puppetlabs-apt (Minor issue) + [buster] - puppet-module-puppetlabs-apt (Minor issue, rare condition, follow buster status) + NOTE: https://puppet.com/security/cve/CVE-2022-3275 + NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/c26ad2a54f318b4d6fbe55f837b00cd6afd9f1eb (v9.0.0) +CVE-2022-3274 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-3273 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3272 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) + - rdiffweb (bug #969974) +CVE-2022-3271 + RESERVED +CVE-2022-3270 (In multiple products by Festo a remote unauthenticated attacker could ...) + NOT-FOR-US: Festo +CVE-2022-3269 (Session Fixation in GitHub repository ikus060/rdiffweb prior to 2.4.7.) + - rdiffweb (bug #969974) +CVE-2022-3268 (Weak Password Requirements in GitHub repository ikus060/minarca prior ...) + NOT-FOR-US: minarca +CVE-2022-3267 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-3266 (An out-of-bounds read can occur when decoding H264 video. This results ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-3266 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-3266 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3266 +CVE-2022-41322 (In Kitty before 0.26.2, insufficient validation in the desktop notific ...) + - kitty 0.21.2-2 (bug #1020582) + [bullseye] - kitty (Minor issue) + [buster] - kitty (Minor issue) + NOTE: https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f (v0.26.2) +CVE-2022-41318 (A buffer over-read was discovered in libntlmauth in Squid 2.5 through ...) + {DSA-5258-1 DLA-3151-1} + - squid 5.7-1 (bug #1020586) + - squid3 + NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/2 + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_2.patch + NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_2.patch (5.7) +CVE-2022-41317 (An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5. ...) + {DSA-5258-1 DLA-3151-1} + - squid 5.7-1 (bug #1020587) + - squid3 + NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/1 + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch + NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch (5.7) +CVE-2022-41313 (A stored cross-site scripting vulnerability exists in the web applicat ...) + NOT-FOR-US: Moxa +CVE-2022-41312 (A stored cross-site scripting vulnerability exists in the web applicat ...) + NOT-FOR-US: Moxa +CVE-2022-41311 (A stored cross-site scripting vulnerability exists in the web applicat ...) + NOT-FOR-US: Moxa +CVE-2022-40691 (An information disclosure vulnerability exists in the web application ...) + NOT-FOR-US: Moxa +CVE-2022-40214 + REJECTED +CVE-2022-3265 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3264 + RESERVED +CVE-2022-41310 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-41309 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-41308 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) + NOT-FOR-US: Autodesk +CVE-2022-41307 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) + NOT-FOR-US: Autodesk +CVE-2022-41306 (A maliciously crafted PCT file when consumed through DesignReview.exe ...) + NOT-FOR-US: Autodesk +CVE-2022-41305 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) + NOT-FOR-US: Autodesk +CVE-2022-41304 (An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version ...) + NOT-FOR-US: Autodesk +CVE-2022-41303 (A user may be tricked into opening a malicious FBX file which may expl ...) + NOT-FOR-US: Autodesk +CVE-2022-41302 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. ...) + NOT-FOR-US: Autodesk +CVE-2022-41301 (A maliciously crafted PKT file when consumed through SubassemblyCompos ...) + NOT-FOR-US: Autodesk +CVE-2022-41300 + RESERVED +CVE-2022-41299 (IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2022-41298 + RESERVED +CVE-2022-41297 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...) + NOT-FOR-US: IBM +CVE-2022-41296 (IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery ...) + NOT-FOR-US: IBM +CVE-2022-41295 + RESERVED +CVE-2022-41294 (IBM Robotic Process Automation 21.0.0, 21.0.1, 21.0.2, 21.0.3, and 21. ...) + NOT-FOR-US: IBM +CVE-2022-41293 + RESERVED +CVE-2022-41292 + RESERVED +CVE-2022-41291 (IBM InfoSphere Information Server 11.7 does not invalidate session aft ...) + NOT-FOR-US: IBM +CVE-2022-41290 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-41289 + RESERVED +CVE-2022-41288 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41287 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41286 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41285 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41284 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41283 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41282 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41281 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41280 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41279 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41278 (A vulnerability has been identified in JT2Go (All versions < V14.1.0.6 ...) + NOT-FOR-US: Siemens +CVE-2022-41277 + RESERVED +CVE-2022-41276 + RESERVED +CVE-2022-41275 (In SAP SolutionManager (Enterprise Search) -versions 740, and 750, an ...) + NOT-FOR-US: SAP +CVE-2022-41274 (SAP Disclosure Management - version 10.1, allows an authenticated atta ...) + NOT-FOR-US: SAP +CVE-2022-41273 (Due to improper input sanitization in SAP Sourcing and SAP Contract Li ...) + NOT-FOR-US: SAP +CVE-2022-41272 (An unauthenticated attacker over the network can attach to an open int ...) + NOT-FOR-US: SAP +CVE-2022-41271 (An unauthenticated user can attach to an open interface exposed throug ...) + NOT-FOR-US: SAP +CVE-2022-41270 + RESERVED +CVE-2022-41269 + RESERVED +CVE-2022-41268 (In some SAP standard roles in SAP Business Planning and Consolidation ...) + NOT-FOR-US: SAP +CVE-2022-41267 (SAP Business Objects Platform - versions 420, and 430, allows an attac ...) + NOT-FOR-US: SAP +CVE-2022-41266 (Due to a lack of proper input validation, SAP Commerce Webservices 2.0 ...) + NOT-FOR-US: SAP +CVE-2022-41265 + RESERVED +CVE-2022-41264 (Due to the unrestricted scope of the RFC function module, SAP BASIS - ...) + NOT-FOR-US: SAP +CVE-2022-41263 (Due to a missing authentication check, SAP Business Objects Business I ...) + NOT-FOR-US: SAP +CVE-2022-41262 (Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Prov ...) + NOT-FOR-US: SAP +CVE-2022-41261 (SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an auth ...) + NOT-FOR-US: SAP +CVE-2022-41260 (SAP Financial Consolidation - version 1010, does not sufficiently enco ...) + NOT-FOR-US: SAP +CVE-2022-41259 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...) + NOT-FOR-US: SAP +CVE-2022-41258 (Due to insufficient input validation, SAP Financial Consolidation - ve ...) + NOT-FOR-US: SAP +CVE-2022-41257 + RESERVED +CVE-2022-41256 + RESERVED +CVE-2022-41223 (The Director database component of MiVoice Connect through 19.3 (22.22 ...) + NOT-FOR-US: Mitel +CVE-2022-41221 (The client in OpenText Archive Center Administration through 21.2 allo ...) + NOT-FOR-US: OpenText Archive Center Administration +CVE-2022-40224 (A denial of service vulnerability exists in the web server functionali ...) + NOT-FOR-US: Moxa +CVE-2022-3263 (The security descriptor of Measuresoft ScadaPro Server version 6.7 has ...) + NOT-FOR-US: Measuresoft ScadaPro Server +CVE-2022-3262 (A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst ...) + NOT-FOR-US: OpenShift +CVE-2022-3261 (A flaw was found in OpenStack. Multiple components show plain-text pas ...) + NOTE: Permission management for logfiles is under the local administrator's purview +CVE-2022-3260 (The response header has not enabled X-FRAME-OPTIONS, Which helps preve ...) + NOT-FOR-US: Openshift +CVE-2022-3259 (Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which ...) + NOT-FOR-US: Openshift +CVE-2022-3258 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: HYPR Workforce Access +CVE-2022-3257 (Mattermost version 7.1.x and earlier fails to sufficiently process a s ...) + - mattermost-server (bug #823556) +CVE-2022-3256 (Use After Free in GitHub repository vim/vim prior to 9.0.0530.) + {DLA-3204-1} + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/8336a3df-212a-4f8d-ae34-76ef1f936bb3 + NOTE: https://github.com/vim/vim/commit/8ecfa2c56b4992c7f067b92488aa9acea5a454ad (v9.0.0530) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3255 (If an attacker can control a script that is executed in the victim's b ...) + NOT-FOR-US: pimcore +CVE-2022-3254 (The WordPress Classifieds Plugin WordPress plugin before 4.3 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-41255 (Jenkins CONS3RT Plugin 1.0.0 and earlier stores Cons3rt API token unen ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41254 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41253 (A cross-site request forgery (CSRF) vulnerability in Jenkins CONS3RT P ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41252 (Missing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41251 (A missing permission check in Jenkins Apprenda Plugin 2.2.0 and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41250 (A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and ea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41249 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpC ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41248 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier does not mask the B ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41247 (Jenkins BigPanda Notifier Plugin 1.4.0 and earlier stores the BigPanda ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41246 (A missing permission check in Jenkins Worksoft Execution Manager Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41245 (A cross-site request forgery (CSRF) vulnerability in Jenkins Worksoft ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41244 (Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perfor ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41243 (Jenkins SmallTest Plugin 1.0.4 and earlier does not perform hostname v ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41242 (A missing permission check in Jenkins extreme-feedback Plugin 1.7 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41241 (Jenkins RQM Plugin 2.8 and earlier does not configure its XML parser t ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41240 (Jenkins Walti Plugin 1.0.1 and earlier does not escape the information ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41239 (Jenkins DotCi Plugin 2.40.00 and earlier does not escape the GitHub us ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41238 (A missing permission check in Jenkins DotCi Plugin 2.40.00 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41237 (Jenkins DotCi Plugin 2.40.00 and earlier does not configure its YAML p ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41236 (A cross-site request forgery (CSRF) vulnerability in Jenkins Security ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41235 (Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functiona ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41234 (Jenkins Rundeck Plugin 3.6.11 and earlier does not protect access to t ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41233 (Jenkins Rundeck Plugin 3.6.11 and earlier does not perform Run/Artifac ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41232 (A cross-site request forgery (CSRF) vulnerability in Jenkins Build-Pub ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41231 (Jenkins Build-Publisher Plugin 1.22 and earlier allows attackers with ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41230 (Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a per ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41229 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.134 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41228 (A missing permission check in Jenkins NS-ND Integration Performance Pu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41227 (A cross-site request forgery (CSRF) vulnerability in Jenkins NS-ND Int ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41226 (Jenkins Compuware Common Configuration Plugin 1.0.14 and earlier does ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41225 (Jenkins Anchore Container Image Scanner Plugin 1.0.24 and earlier does ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-41224 (Jenkins 2.367 through 2.369 (both inclusive) does not escape tooltips ...) + - jenkins +CVE-2022-41220 (md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a d ...) + NOT-FOR-US: md2roff +CVE-2022-41219 + RESERVED +CVE-2022-41218 (In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10 ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.4-1 + NOTE: https://lore.kernel.org/all/87sfklgozd.wl-tiwai@suse.de/ + NOTE: https://www.openwall.com/lists/oss-security/2022/09/23/4 + NOTE: https://git.kernel.org/linus/fd3d91ab1c6ab0628fe642dd570b56302c30a792 +CVE-2022-41217 (Cloudflow contains a unauthenticated file upload vulnerability, which ...) + NOT-FOR-US: Cloudflow +CVE-2022-41216 (Local File Inclusion vulnerability within Cloudflow allows attackers t ...) + NOT-FOR-US: Cloudflow +CVE-2022-41215 (SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated ...) + NOT-FOR-US: SAP +CVE-2022-41214 (Due to insufficient input validation, SAP NetWeaver Application Server ...) + NOT-FOR-US: SAP +CVE-2022-41213 + RESERVED +CVE-2022-41212 (Due to insufficient input validation, SAP NetWeaver Application Server ...) + NOT-FOR-US: SAP +CVE-2022-41211 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41210 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...) + NOT-FOR-US: SAP +CVE-2022-41209 (SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, ...) + NOT-FOR-US: SAP +CVE-2022-41208 (Due to insufficient input validation, SAP Financial Consolidation - ve ...) + NOT-FOR-US: SAP +CVE-2022-41207 (SAP Biller Direct allows an unauthenticated attacker to craft a legiti ...) + NOT-FOR-US: SAP +CVE-2022-41206 (SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) ...) + NOT-FOR-US: SAP +CVE-2022-41205 (SAP GUI allows an authenticated attacker to execute scripts in the loc ...) + NOT-FOR-US: SAP +CVE-2022-41204 (An attacker can change the content of an SAP Commerce - versions 1905, ...) + NOT-FOR-US: SAP +CVE-2022-41203 (In some workflow of SAP BusinessObjects BI Platform (Central Managemen ...) + NOT-FOR-US: SAP +CVE-2022-41202 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41201 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41200 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41199 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41198 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41197 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41196 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41195 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41194 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41193 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41192 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41191 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41190 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41189 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41188 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41187 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41186 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41185 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41184 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41183 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41182 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41181 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41180 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41179 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41178 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41177 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41176 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41175 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41174 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41173 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41172 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41171 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41170 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41169 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41168 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41167 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-41166 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-41165 + RESERVED +CVE-2022-41164 + RESERVED +CVE-2022-41163 + RESERVED +CVE-2022-41162 + RESERVED +CVE-2022-41161 + RESERVED +CVE-2022-41160 + RESERVED +CVE-2022-41159 + RESERVED +CVE-2022-41158 (Remote code execution vulnerability can be achieved by using cookie va ...) + NOT-FOR-US: eyoom +CVE-2022-41157 (A specific file on the sERP server if Kyungrinara(ERP solution) has a ...) + NOT-FOR-US: Kyungrinara +CVE-2022-41156 (Remote code execution vulnerability due to insufficient verification o ...) + NOT-FOR-US: OndiskPlayerAgent +CVE-2022-41153 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41152 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41151 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41150 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41149 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41148 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41147 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41146 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41145 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41144 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41143 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange +CVE-2022-41142 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-41141 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Windscribe +CVE-2022-41140 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-40983 (An integer overflow vulnerability exists in the QML QtScript Reflect A ...) + - qt6-declarative 6.4.2+dfsg~rc1-2 (unimportant) + - qtdeclarative-opensource-src (unimportant) + - qtdeclarative-opensource-src-gles (unimportant) + NOTE: Not considered a security issue, QML only supported from a trusted source + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1650 + NOTE: https://www.qt.io/blog/regarding-recent-reported-security-vulnerabilities-from-cisco-talos + NOTE: https://bugreports.qt.io/browse/QTBUG-107619 + NOTE: https://codereview.qt-project.org/c/qt/qtdeclarative/+/437921 +CVE-2022-40693 (A cleartext transmission vulnerability exists in the web application f ...) + NOT-FOR-US: Moxa +CVE-2022-41222 (mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via ...) + {DLA-3173-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2347 + NOTE: https://git.kernel.org/linus/97113eb39fa7972722ff490b947d8af023e1f6a2 (5.14-rc1) +CVE-2022-41139 (MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist (aka the gi ...) + NOT-FOR-US: MITRE CALDERA +CVE-2022-41138 (In Zutty before 0.13, DECRQSS in text written to the terminal can achi ...) + - zutty 0.13.0.20220910.112547+dfsg1-1 + NOTE: https://github.com/tomszilagyi/zutty/commit/bde7458c60a7bafe08bbeaafbf861eb865edfa38 (0.13) +CVE-2022-41137 + RESERVED +CVE-2022-40704 (A XSS vulnerability was found in phoromatic_r_add_test_details.php in ...) + - phoronix-test-suite +CVE-2022-40208 (In Moodle, insufficient limitations in some quiz web services made it ...) + - moodle +CVE-2022-38066 (An OS command injection vulnerability exists in the httpd SNMP functio ...) + NOT-FOR-US: Siretta +CVE-2022-3253 + RESERVED +CVE-2022-3252 (Improper detection of complete HTTP body decompression SwiftNIO Extras ...) + NOT-FOR-US: Swift (different from src:swift) +CVE-2022-3251 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + NOT-FOR-US: minarca +CVE-2022-3250 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + - rdiffweb (bug #969974) +CVE-2022-3249 (The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3248 (A flaw was found in OpenShift API, as admission checks do not enforce ...) + NOT-FOR-US: OpenShift +CVE-2022-3247 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3246 (The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3245 (HTML injection attack is closely related to Cross-site Scripting (XSS) ...) + NOT-FOR-US: microweber +CVE-2022-3244 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not h ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3243 (The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3242 (Code Injection in GitHub repository microweber/microweber prior to 1.3 ...) + NOT-FOR-US: microweber +CVE-2022-3241 (The Build App Online WordPress plugin before 1.0.19 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20148 (In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on G ...) + NOT-FOR-US: ebuild package for Logcheck on Gentoo +CVE-2017-20147 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...) + NOT-FOR-US: ebuild package for SmokePing on Gentoo +CVE-2016-20015 (In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gent ...) + NOT-FOR-US: ebuild package for SmokePing on Gentoo +CVE-2022-41131 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Airflow Hive provider +CVE-2022-41130 + RESERVED +CVE-2022-41129 + RESERVED +CVE-2022-41128 (Windows Scripting Languages Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41127 (Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On ...) + NOT-FOR-US: Microsoft +CVE-2022-41126 + RESERVED +CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41124 + RESERVED +CVE-2022-41123 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41122 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41121 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41120 (Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-41119 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41118 (Windows Scripting Languages Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41117 + RESERVED +CVE-2022-41116 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-41115 (Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-41114 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41113 (Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41112 + RESERVED +CVE-2022-41111 + RESERVED +CVE-2022-41110 + RESERVED +CVE-2022-41109 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41108 + RESERVED +CVE-2022-41107 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41106 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41105 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41104 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41103 (Microsoft Word Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41102 (Windows Overlay Filter Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41101 (Windows Overlay Filter Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41100 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-41099 (BitLocker Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41098 (Windows GDI+ Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41097 (Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-41096 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41095 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41094 (Windows Hyper-V Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41093 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-41092 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41090 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-41089 (.NET Framework Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41088 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-41087 + RESERVED +CVE-2022-41086 (Windows Group Policy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41085 (Azure CycleCloud Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41084 + RESERVED +CVE-2022-41083 (Visual Studio Code Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41081 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-41080 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41079 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41078 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41077 (Windows Fax Compose Form Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41076 (PowerShell Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41075 + RESERVED +CVE-2022-41074 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41072 + RESERVED +CVE-2022-41071 + RESERVED +CVE-2022-41070 + RESERVED +CVE-2022-41069 + RESERVED +CVE-2022-41068 + RESERVED +CVE-2022-41067 + RESERVED +CVE-2022-41066 (Microsoft Business Central Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41065 + RESERVED +CVE-2022-41064 (.NET Framework Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41063 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41062 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41061 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41060 (Microsoft Word Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41059 + RESERVED +CVE-2022-41058 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-41057 (Windows HTTP.sys Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41056 (Network Policy Server (NPS) RADIUS Protocol Denial of Service Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-41055 (Windows Human Interface Device Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41054 (Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-41053 (Windows Kerberos Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41052 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41051 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41050 (Windows Extensible File Allocation Table Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-41049 (Windows Mark of the Web Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41048 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41047 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-41046 + RESERVED +CVE-2022-41045 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-41044 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-41043 (Microsoft Office Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41042 (Visual Studio Code Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41041 + RESERVED +CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41039 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-41038 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-41037 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-41036 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-41035 (Microsoft Edge (Chromium-based) Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41034 (Visual Studio Code Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-41033 (Windows COM+ Event System Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2022-41032 (NuGet Client Elevation of Privilege Vulnerability.) + - nuget (Vulnerable code not present) + NOTE: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41032 + NOTE: https://github.com/NuGet/NuGet.Client/commit/3c1bf9decc8a114c091a6164c42f524ae2bb1e21 (6.3.1.1) +CVE-2022-41031 (Microsoft Word Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-40129 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2022-41030 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41029 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41028 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41027 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41026 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41025 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41024 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41023 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41022 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41021 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41020 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41019 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41018 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41017 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41016 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41015 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41014 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41013 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41012 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41011 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41010 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41009 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41008 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41007 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41006 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41005 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41004 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41003 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41002 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41001 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-41000 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40999 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40998 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40997 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40996 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40995 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40994 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40993 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40992 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40991 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40990 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40989 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40988 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40987 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40986 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40985 (Several stack-based buffer overflow vulnerabilities exist in the Detra ...) + NOT-FOR-US: Siretta +CVE-2022-40980 (A potential unathenticated file deletion vulnerabilty on Trend Micro M ...) + NOT-FOR-US: Trend Micro +CVE-2022-40979 (In JetBrains TeamCity before 2022.04.4 environmental variables of "pas ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-40978 (The installer of JetBrains IntelliJ IDEA before 2022.2.2 was vulnerabl ...) + NOT-FOR-US: installer of JetBrains IntelliJ IDEA +CVE-2022-40977 (A path traversal vulnerability was discovered in Pilz PASvisu Server b ...) + NOT-FOR-US: Pilz PASvisu Server +CVE-2022-40976 (A path traversal vulnerability was discovered in multiple Pilz product ...) + NOT-FOR-US: Pilz +CVE-2022-40969 (An os command injection vulnerability exists in the httpd delfile.cgi ...) + NOT-FOR-US: Siretta +CVE-2022-40962 (Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, And ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40962 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40962 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40962 +CVE-2022-40961 (During startup, a graphics driver with an unexpected name could lead t ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40961 +CVE-2022-40960 (Concurrent use of the URL parser with non-UTF-8 data was not thread-sa ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40960 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40960 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40960 +CVE-2022-40959 (During iframe navigation, certain pages did not have their FeaturePoli ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40959 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40959 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40959 +CVE-2022-40958 (By injecting a cookie with certain special characters, an attacker on ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40958 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40958 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40958 +CVE-2022-40957 (Inconsistent data in instruction and data cache when creating wasm cod ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40957 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40957 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40957 +CVE-2022-40956 (When injecting an HTML base element, some requests would ignore the CS ...) + {DSA-5238-1 DSA-5237-1 DLA-3123-1 DLA-3121-1} + - firefox 105.0-1 + - firefox-esr 102.3.0esr-1 + - thunderbird 1:102.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-40/#CVE-2022-40956 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-41/#CVE-2022-40956 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-40956 +CVE-2022-40955 (In versions of Apache InLong prior to 1.3.0, an attacker with sufficie ...) + NOT-FOR-US: Apache InLong +CVE-2022-40954 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Airflow Spark provider +CVE-2022-40701 (A directory traversal vulnerability exists in the httpd delfile.cgi fu ...) + NOT-FOR-US: Siretta +CVE-2022-40220 (An OS command injection vulnerability exists in the httpd txt/restore. ...) + NOT-FOR-US: Siretta +CVE-2022-39045 (A file write vulnerability exists in the httpd upload.cgi functionalit ...) + NOT-FOR-US: Siretta +CVE-2022-38715 (A leftover debug code vulnerability exists in the httpd shell.cgi func ...) + NOT-FOR-US: Siretta +CVE-2022-38459 (A stack-based buffer overflow vulnerability exists in the httpd downfi ...) + NOT-FOR-US: Siretta +CVE-2022-38088 (A directory traversal vulnerability exists in the httpd downfile.cgi f ...) + NOT-FOR-US: Siretta +CVE-2022-36279 (A stack-based buffer overflow vulnerability exists in the httpd delfil ...) + NOT-FOR-US: Siretta +CVE-2022-3240 (The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: "Follow Me Plugin" plugin for WordPress +CVE-2022-3239 (A flaw use after free in the Linux kernel video4linux driver was found ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/c08eadca1bdfa099e20a32f8fa4b52b2f672236d (5.18-rc1) +CVE-2022-3238 (A double-free flaw was found in the Linux kernel\u2019s NTFS3 subsyste ...) + - linux (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: NTFS3 driver not enabled in Debian + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127927 +CVE-2022-3237 (The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40953 + RESERVED +CVE-2022-40952 + RESERVED +CVE-2022-40951 + RESERVED +CVE-2022-40950 + RESERVED +CVE-2022-40949 + RESERVED +CVE-2022-40948 + RESERVED +CVE-2022-40947 + RESERVED +CVE-2022-40946 (On D-Link DIR-819 Firmware Version 1.06 Hardware Version A1 devices, i ...) + NOT-FOR-US: D-Link +CVE-2022-40945 + RESERVED +CVE-2022-40944 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...) + NOT-FOR-US: Dairy Farm Shop Management System +CVE-2022-40943 (Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection v ...) + NOT-FOR-US: Dairy Farm Shop Management System +CVE-2022-40942 (Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40941 + RESERVED +CVE-2022-40940 + RESERVED +CVE-2022-40939 (In certain Secustation products the administrator account password can ...) + NOT-FOR-US: Secustation +CVE-2022-40938 + RESERVED +CVE-2022-40937 + RESERVED +CVE-2022-40936 + RESERVED +CVE-2022-40935 (Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_sh ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-40934 (Online Pet Shop We App v1.0 is vulnerable to SQL injection via /pet_sh ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-40933 (Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injectio ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-40932 (In Zoo Management System v1.0, there is an arbitrary file upload vulne ...) + NOT-FOR-US: Zoo Management System +CVE-2022-40931 (dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (X ...) + NOT-FOR-US: dutchcoders Transfer.sh +CVE-2022-40930 + RESERVED +CVE-2022-40929 (XXL-JOB 2.2.0 has a Command execution vulnerability in background task ...) + NOT-FOR-US: XXL-JOB +CVE-2022-40928 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-40927 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-40926 (Online Leave Management System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-40925 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) + NOT-FOR-US: Zoo Management System +CVE-2022-40924 (Zoo Management System v1.0 has an arbitrary file upload vulnerability ...) + NOT-FOR-US: Zoo Management System +CVE-2022-40923 (A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address fu ...) + NOT-FOR-US: LIEF +CVE-2022-40922 (A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse funct ...) + NOT-FOR-US: LIEF +CVE-2022-40921 (DedeCMS V5.7.99 was discovered to contain an arbitrary file upload vul ...) + NOT-FOR-US: DedeCMS +CVE-2022-40920 + RESERVED +CVE-2022-40919 + RESERVED +CVE-2022-40918 (Buffer overflow in firmware lewei_cam binary version 2.0.10 in Force 1 ...) + NOT-FOR-US: firmware lewei_cam binary +CVE-2022-40917 + RESERVED +CVE-2022-40916 + RESERVED +CVE-2022-40915 + RESERVED +CVE-2022-40914 + RESERVED +CVE-2022-40913 + RESERVED +CVE-2022-40912 (ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnera ...) + NOT-FOR-US: ETAP Lighting International NV ETAP Safety Manager +CVE-2022-40911 + RESERVED +CVE-2022-40910 + RESERVED +CVE-2022-40909 + RESERVED +CVE-2022-40908 + RESERVED +CVE-2022-40907 + RESERVED +CVE-2022-40906 + RESERVED +CVE-2022-40905 + RESERVED +CVE-2022-40904 + RESERVED +CVE-2022-40903 (Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 d ...) + NOT-FOR-US: Aiphone +CVE-2022-40902 + RESERVED +CVE-2022-40901 + RESERVED +CVE-2022-40900 + RESERVED +CVE-2022-40899 (An issue discovered in Python Charmers Future 0.18.2 and earlier allow ...) + - python-future (bug #1031699) + [bookworm] - python-future (Minor issue) + [bullseye] - python-future (Minor issue) + [buster] - python-future (Minor issue) + NOTE: https://github.com/PythonCharmers/python-future/pull/610 + NOTE: https://github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76f (v0.18.3) +CVE-2022-40898 (An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 ...) + - wheel 0.38.0-1 (unimportant) + NOTE: https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0 + NOTE: https://github.com/pypa/wheel/issues/498 + NOTE: Negligible security impact +CVE-2022-40897 (Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remo ...) + - setuptools 65.6.3-1 + [bullseye] - setuptools (Minor issue) + NOTE: https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be (v65.5.1) +CVE-2022-40896 (A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments ...) + - pygments 2.15.1+dfsg-1 + [bookworm] - pygments (Minor issue) + [bullseye] - pygments (Minor issue) + [buster] - pygments (Minor issue) + NOTE: https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages-part-2/ + NOTE: https://github.com/pygments/pygments/issues/2356 + NOTE: https://github.com/pygments/pygments/issues/2355 + NOTE: https://github.com/pygments/pygments/commit/dd52102c38ebe78cd57748e09f38929fd283ad04 (2.14.0) + NOTE: https://github.com/pygments/pygments/commit/97eb3d5ec7c1b3ea4fcf9dee30a2309cf92bd194 (2.15.0) + NOTE: https://github.com/pygments/pygments/commit/fdf182a7af85b1deeeb637ca970d31935e7c9d52 (2.15.1) +CVE-2022-40895 (In certain Nedi products, a vulnerability in the web UI of NeDi login ...) + NOT-FOR-US: NeDi +CVE-2022-40894 + RESERVED +CVE-2022-40893 + RESERVED +CVE-2022-40892 + RESERVED +CVE-2022-40891 + RESERVED +CVE-2022-40890 (A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlie ...) + NOT-FOR-US: Open5GS +CVE-2022-40889 (Phpok 6.1 has a deserialization vulnerability via framework/phpok_call ...) + NOT-FOR-US: Phpok +CVE-2022-40888 + RESERVED +CVE-2022-40887 (SourceCodester Best Student Result Management System 1.0 is vulnerable ...) + NOT-FOR-US: SourceCodester Best Student Result Management System +CVE-2022-40886 (DedeCMS 5.7.98 has a file upload vulnerability in the background.) + NOT-FOR-US: DedeCMS +CVE-2022-40885 (Bento4 v1.6.0-639 has a memory allocation issue that can cause denial ...) + NOT-FOR-US: Bento4 +CVE-2022-40884 (Bento4 1.6.0 has memory leaks via the mp4fragment.) + NOT-FOR-US: Bento4 +CVE-2022-40883 + RESERVED +CVE-2022-40882 + RESERVED +CVE-2022-40881 (SolarView Compact 6.00 was discovered to contain a command injection v ...) + NOT-FOR-US: SolarView Compact +CVE-2022-40880 + RESERVED +CVE-2022-40879 (kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the ...) + NOT-FOR-US: kkFileView +CVE-2022-40878 (In Exam Reviewer Management System 1.0, an authenticated attacker can ...) + NOT-FOR-US: Exam Reviewer Management System +CVE-2022-40877 (Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Exam Reviewer Management System +CVE-2022-40876 (In Tenda ax1803 v1.0.0.1, the http requests handled by the fromAdvSetM ...) + NOT-FOR-US: Tenda +CVE-2022-40875 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow in the ...) + NOT-FOR-US: Tenda +CVE-2022-40874 (Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow vulner ...) + NOT-FOR-US: Tenda +CVE-2022-40873 + RESERVED +CVE-2022-40872 (An SQL injection vulnerability issue was discovered in Sourcecodester ...) + NOT-FOR-US: Sourcecodester Simple E-Learning System +CVE-2022-40871 (Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By defaul ...) + - dolibarr +CVE-2022-40870 (The Web Client of Parallels Remote Application Server v18.0 is vulnera ...) + NOT-FOR-US: Parallels +CVE-2022-40869 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) + NOT-FOR-US: Tenda +CVE-2022-40868 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + NOT-FOR-US: Tenda +CVE-2022-40867 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + NOT-FOR-US: Tenda +CVE-2022-40866 (Tenda W20E router V15.11.0.6 (US_W20EV4.0br_V15.11.0.6(1068_1546_841)_ ...) + NOT-FOR-US: Tenda +CVE-2022-40865 (Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnera ...) + NOT-FOR-US: Tenda +CVE-2022-40864 (Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulner ...) + NOT-FOR-US: Tenda +CVE-2022-40863 + RESERVED +CVE-2022-40862 (Tenda AC15 and AC18 router V15.03.05.19 contains stack overflow vulner ...) + NOT-FOR-US: Tenda +CVE-2022-40861 (Tenda AC18 router V15.03.05.19 contains a stack overflow vulnerability ...) + NOT-FOR-US: Tenda +CVE-2022-40860 (Tenda AC15 router V15.03.05.19 contains a stack overflow vulnerability ...) + NOT-FOR-US: Tenda +CVE-2022-40859 + RESERVED +CVE-2022-40858 + RESERVED +CVE-2022-40857 + RESERVED +CVE-2022-40856 + RESERVED +CVE-2022-40855 (Tenda W20E router V15.11.0.6 contains a stack overflow in the function ...) + NOT-FOR-US: Tenda +CVE-2022-40854 (Tenda AC18 router contained a stack overflow vulnerability in /goform/ ...) + NOT-FOR-US: Tenda +CVE-2022-40853 (Tenda AC15 router V15.03.05.19 contains a stack overflow via the list ...) + NOT-FOR-US: Tenda +CVE-2022-40852 + RESERVED +CVE-2022-40851 (Tenda AC15 V15.03.05.19 contained a stack overflow via the function fr ...) + NOT-FOR-US: Tenda +CVE-2022-40850 + RESERVED +CVE-2022-40849 (ThinkCMF version 6.0.7 is affected by Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: ThinkCMF +CVE-2022-40848 + RESERVED +CVE-2022-40847 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), there exists a ...) + NOT-FOR-US: Tenda +CVE-2022-40846 (In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross ...) + NOT-FOR-US: Tenda +CVE-2022-40845 (The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by ...) + NOT-FOR-US: Tenda +CVE-2022-40844 (In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15E ...) + NOT-FOR-US: Tenda +CVE-2022-40843 (The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to im ...) + NOT-FOR-US: Tenda +CVE-2022-40842 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Serve ...) + NOT-FOR-US: NdkAdvancedCustomizationFields +CVE-2022-40841 (A cross-site scripting (XSS) vulnerability in NdkAdvancedCustomization ...) + NOT-FOR-US: NdkAdvancedCustomizationFields +CVE-2022-40840 (ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross ...) + NOT-FOR-US: NdkAdvancedCustomizationFields +CVE-2022-40839 (A SQL injection vulnerability in the height and width parameter in Ndk ...) + NOT-FOR-US: NdkAdvancedCustomizationFields +CVE-2022-40838 + RESERVED +CVE-2022-40837 + RESERVED +CVE-2022-40836 + RESERVED +CVE-2022-40835 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40834 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40833 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40832 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40831 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40830 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40829 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40828 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40827 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40826 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40825 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40824 (B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL ...) + - codeigniter (bug #471583) +CVE-2022-40823 + RESERVED +CVE-2022-40822 + RESERVED +CVE-2022-40821 + RESERVED +CVE-2022-40820 + RESERVED +CVE-2022-40819 + RESERVED +CVE-2022-40818 + RESERVED +CVE-2022-40817 (Zammad 5.2.1 has a fine-grained permission model that allows to config ...) + - zammad (bug #841355) +CVE-2022-40816 (Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset ...) + - zammad (bug #841355) +CVE-2022-40815 + RESERVED +CVE-2022-40814 + RESERVED +CVE-2022-40813 + RESERVED +CVE-2022-40812 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-pdfs for python +CVE-2022-40811 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-urls for python +CVE-2022-40810 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-ip-addresses for python +CVE-2022-40809 (The d8s-dicts for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-dicts for python +CVE-2022-40808 (The d8s-dates for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-dates for python +CVE-2022-40807 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) + NOT-FOR-US: d8s-domains for python +CVE-2022-40806 (The d8s-uuids for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-uuids for python +CVE-2022-40805 (The d8s-urls for python 0.1.0, as distributed on PyPI, included a pote ...) + NOT-FOR-US: d8s-urls for python +CVE-2022-40804 + RESERVED +CVE-2022-40803 + RESERVED +CVE-2022-40802 + RESERVED +CVE-2022-40801 + RESERVED +CVE-2022-40800 + RESERVED +CVE-2022-40799 (Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B1 ...) + NOT-FOR-US: D-Link +CVE-2022-40798 (OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a req ...) + NOT-FOR-US: OcoMon +CVE-2022-40797 (Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, be ...) + NOT-FOR-US: Roxy Fileman +CVE-2022-40796 + RESERVED +CVE-2022-40795 + RESERVED +CVE-2022-40794 + RESERVED +CVE-2022-40793 + RESERVED +CVE-2022-40792 + RESERVED +CVE-2022-40791 + RESERVED +CVE-2022-40790 + RESERVED +CVE-2022-40789 + RESERVED +CVE-2022-40788 + RESERVED +CVE-2022-40787 + RESERVED +CVE-2022-40786 + RESERVED +CVE-2022-40785 (Unsanitized input when setting a locale file leads to shell injection ...) + NOT-FOR-US: mIPC camera firmware +CVE-2022-40784 (Unlimited strcpy on user input when setting a locale file leads to sta ...) + NOT-FOR-US: mIPC camera firmware +CVE-2022-40783 + RESERVED +CVE-2022-40782 + RESERVED +CVE-2022-40781 + RESERVED +CVE-2022-40780 + RESERVED +CVE-2022-40779 + RESERVED +CVE-2022-40778 (A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefend ...) + NOT-FOR-US: OPSWAT MetaDefender ICAP Server +CVE-2022-40777 (Interspire Email Marketer through 6.5.0 allows arbitrary file upload v ...) + NOT-FOR-US: Interspire Email Marketer +CVE-2022-40776 + RESERVED +CVE-2022-40775 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) + NOT-FOR-US: Bento4 +CVE-2022-40774 (An issue was discovered in Bento4 through 1.6.0-639. There is a NULL p ...) + NOT-FOR-US: Bento4 +CVE-2022-40773 (Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-40772 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-40771 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-40770 (Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulner ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-40769 (profanity through 1.60 has only four billion possible RNG initializati ...) + NOT-FOR-US: profanity (not same as src:profanity) +CVE-2022-40768 (drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local us ...) + {DLA-3245-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/09/09/1 + NOTE: https://git.kernel.org/linus/6022f210461fef67e6e676fd8544ca02d1bcfa7a +CVE-2022-40767 + RESERVED +CVE-2022-40766 (Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page S ...) + NOT-FOR-US: Modern Campus Omni CMS (formerly OU Campus) +CVE-2022-40765 (A vulnerability in the Edge Gateway component of Mitel MiVoice Connect ...) + NOT-FOR-US: Mitel +CVE-2022-40764 (Snyk CLI before 1.996.0 allows arbitrary command execution, affecting ...) + NOT-FOR-US: Snyk CLI +CVE-2022-3236 (A code injection vulnerability in the User Portal and Webadmin allows ...) + NOT-FOR-US: Sophos +CVE-2022-40763 + RESERVED +CVE-2022-3235 (Use After Free in GitHub repository vim/vim prior to 9.0.0490.) + {DLA-3204-1} + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/96d5f7a0-a834-4571-b73b-0fe523b941af + NOTE: https://github.com/vim/vim/commit/1c3dd8ddcba63c1af5112e567215b3cec2de11d0 (v9.0.0490) + NOTE: Crash in CLI tool, no security impact +CVE-2022-40762 (A Memory Allocation with Excessive Size Value vulnerablity in the TEE_ ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40761 (The function tee_obj_free in Samsung mTower through 0.3.0 allows a tru ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40760 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40759 (A NULL pointer dereference issue in the TEE_MACCompareFinal function i ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40758 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_Ci ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40757 (A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MA ...) + NOT-FOR-US: Samsung mTower +CVE-2022-40756 (If folder security is misconfigured for Actian Zen PSQL BEFORE Patch U ...) + NOT-FOR-US: Actian +CVE-2022-40755 (JasPer 3.0.6 allows denial of service via a reachable assertion in the ...) + - jasper + NOTE: https://github.com/jasper-software/jasper/issues/338 +CVE-2022-3234 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + {DLA-3182-1} + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/90fdf374-bf04-4386-8a23-38c83b88f0da/ + NOTE: https://github.com/vim/vim/commit/c249913edc35c0e666d783bfc21595cf9f7d9e0d (v9.0.0483) + NOTE: Crash in CLI tool, no security impact +CVE-2022-40754 (In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in t ...) + - airflow (bug #819700) +CVE-2022-40753 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-40752 (IBM InfoSphere DataStage 11.7 is vulnerable to a command injection vul ...) + NOT-FOR-US: IBM +CVE-2022-40751 (IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7 ...) + NOT-FOR-US: IBM +CVE-2022-40750 (IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-s ...) + NOT-FOR-US: IBM +CVE-2022-40749 + RESERVED +CVE-2022-40748 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-40747 ("IBM InfoSphere Information Server 11.7 is vulnerable to an XML Extern ...) + NOT-FOR-US: IBM +CVE-2022-40746 (IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 co ...) + NOT-FOR-US: IBM +CVE-2022-40745 + RESERVED +CVE-2022-40744 + RESERVED +CVE-2022-40743 (Improper Input Validation vulnerability for the xdebug plugin in Apach ...) + - trafficserver 9.1.4+ds-1 + [bullseye] - trafficserver (Vulnerable code not present) + [buster] - trafficserver (Vulnerable code not present) + NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 + NOTE: https://github.com/apache/trafficserver/commit/eb5efe19e68e51db58a6320b4a99e3fc83336a14 (master) + NOTE: https://github.com/apache/trafficserver/commit/20c857a785da93fa0e3263597207b5ef35b65b7c (v9.1.x) +CVE-2022-3233 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-3232 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-3231 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2022-3230 + RESERVED +CVE-2022-3229 (Because the web management interface for Unified Intents' Unified Remo ...) + NOT-FOR-US: Unified Remote +CVE-2022-3228 (Using custom code, an attacker can write into name or description fiel ...) + NOT-FOR-US: Host Engineering +CVE-2022-40742 (Mail SQR Expert system has a Local File Inclusion vulnerability. An un ...) + NOT-FOR-US: Mail SQR Expert system +CVE-2022-40741 (Mail SQR Expert\u2019s specific function has insufficient filtering fo ...) + NOT-FOR-US: Mail SQR Expert system +CVE-2022-40740 (Realtek GPON router has insufficient filtering for special characters. ...) + NOT-FOR-US: Realtek +CVE-2022-40739 (Ragic report generation page has insufficient filtering for special ch ...) + NOT-FOR-US: Ragic +CVE-2022-3227 + RESERVED +CVE-2022-3226 (An OS command injection vulnerability allows admins to execute code vi ...) + NOT-FOR-US: Sophos +CVE-2022-3225 (Improper Control of Dynamically-Managed Code Resources in GitHub repos ...) + NOT-FOR-US: budibase +CVE-2022-3224 (Misinterpretation of Input in GitHub repository ionicabizau/parse-url ...) + NOT-FOR-US: Node parse-url +CVE-2022-3223 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3222 (Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-D ...) + {DSA-5411-1} + - gpac (bug #1033116; bug #1051866) + [buster] - gpac (EOL in buster LTS) + NOTE: https://huntr.dev/bounties/b29c69fa-3eac-41e4-9d4f-d861aba18235/ + NOTE: https://github.com/gpac/gpac/commit/4e7736d7ec7bf64026daa611da951993bb42fdaf +CVE-2022-3221 (Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffwe ...) + - rdiffweb (bug #969974) +CVE-2022-3220 (The Advanced Comment Form WordPress plugin before 1.2.1 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40738 (An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer de ...) + NOT-FOR-US: Bento4 +CVE-2022-40737 (An issue was discovered in Bento4 through 1.6.0-639. A buffer over-rea ...) + NOT-FOR-US: Bento4 +CVE-2022-40736 (An issue was discovered in Bento4 1.6.0-639. There ie excessive memory ...) + NOT-FOR-US: Bento4 +CVE-2022-40735 (The Diffie-Hellman Key Agreement Protocol allows use of long exponents ...) + NOTE: Generic Diffie-Hellman protocol issue +CVE-2022-40734 (UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 al ...) + NOT-FOR-US: Laravel Filemanager +CVE-2022-40733 + RESERVED +CVE-2022-40732 + RESERVED +CVE-2022-40731 + RESERVED +CVE-2022-40730 + RESERVED +CVE-2022-40729 + RESERVED +CVE-2022-40728 + RESERVED +CVE-2022-40727 + RESERVED +CVE-2022-40726 + RESERVED +CVE-2022-40725 (PingID Desktop prior to the latest released version 1.7.4 contains a v ...) + NOT-FOR-US: PingID +CVE-2022-40724 (The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint ...) + NOT-FOR-US: PingID +CVE-2022-40723 (The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS ...) + NOT-FOR-US: PingID +CVE-2022-40722 (A misconfiguration of RSA padding implemented in the PingID Adapter fo ...) + NOT-FOR-US: PingID +CVE-2022-40721 (Arbitrary file upload vulnerability in php uploader) + NOT-FOR-US: php uploader +CVE-2022-40720 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-40719 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-40718 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-40717 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-40716 (HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13. ...) + - consul (bug #1027161) + [bullseye] - consul (Minor issue) + [buster] - consul (Vulnerable Code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-20-consul-service-mesh-intention-bypass-with-malicious-certificate-signing-request/44628 + NOTE: https://github.com/hashicorp/consul/commit/ae822d752ad36007e353249691a0ef318cf55d08 (v1.11.9) +CVE-2022-40715 (An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Trave ...) + NOT-FOR-US: NOKIA +CVE-2022-40714 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) + NOT-FOR-US: NOKIA +CVE-2022-40713 (An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path ...) + NOT-FOR-US: NOKIA +CVE-2022-40712 (An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists u ...) + NOT-FOR-US: NOKIA +CVE-2022-40711 (PrimeKey EJBCA 7.9.0.2 Community allows stored XSS in the End Entity s ...) + NOT-FOR-US: PrimeKey EJBCA +CVE-2022-40710 (A link following vulnerability in Trend Micro Deep Security 20 and Clo ...) + NOT-FOR-US: Trend Micro +CVE-2022-40709 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) + NOT-FOR-US: Trend Micro +CVE-2022-40708 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) + NOT-FOR-US: Trend Micro +CVE-2022-40707 (An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 an ...) + NOT-FOR-US: Trend Micro +CVE-2022-3219 (GnuPG can be made to spin on a relatively small input by (for example) ...) + - gnupg2 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2127010 + NOTE: https://dev.gnupg.org/D556 + NOTE: https://dev.gnupg.org/T5993 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/8 + NOTE: GnuPG upstream is not implementing this change. +CVE-2022-3218 (Due to a reliance on client-side authentication, the WiFi Mouse (Mouse ...) + NOT-FOR-US: Necta LLC +CVE-2022-3217 (When logging in to a VBASE runtime project via Web-Remote, the product ...) + NOT-FOR-US: VBASE +CVE-2018-25047 (In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...) + {DLA-3262-1} + - smarty3 3.1.47-1 (bug #1019897) + [bullseye] - smarty3 (Minor issue) + - smarty4 4.2.1-1 (bug #1019896) + NOTE: https://github.com/smarty-php/smarty/issues/454 + NOTE: https://github.com/smarty-php/smarty/commit/f1f7ee6e34c14a8a9dfa5c6ef894d39277a93938 (v3.1.47) + NOTE: https://github.com/smarty-php/smarty/commit/55ea25d1f50f0406fb1ccedd212c527977793fc9 (v4.2.1) +CVE-2022-40706 + RESERVED +CVE-2022-40705 (An Improper Restriction of XML External Entity Reference vulnerability ...) + NOT-FOR-US: Apache SOAP +CVE-2022-40696 + RESERVED +CVE-2022-40684 (An authentication bypass using an alternate path or channel [CWE-288] ...) + NOT-FOR-US: FortiGuard +CVE-2022-40683 (A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may all ...) + NOT-FOR-US: Fortinet +CVE-2022-40682 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...) + NOT-FOR-US: Fortinet +CVE-2022-40681 (A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7. ...) + NOT-FOR-US: FortiGuard +CVE-2022-40680 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2022-40679 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: Fortinet +CVE-2022-40678 (An insufficiently protected credentials in Fortinet FortiNAC versions ...) + NOT-FOR-US: Fortinet +CVE-2022-40677 (A improper neutralization of argument delimiters in a command ('argume ...) + NOT-FOR-US: Fortinet +CVE-2022-40676 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortinet +CVE-2022-40675 (Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through ...) + NOT-FOR-US: Fortinet +CVE-2022-40672 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40671 (Cross-Site Request Forgery (CSRF) vulnerability in Rate my Post \u2013 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40632 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40312 (Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP \u20 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40310 (Authenticated (subscriber+) Race Condition vulnerability in Rate my Po ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40223 (Nonce token leakage and missing authorization in SearchWP premium plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40219 (Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Swit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40217 (Authenticated (admin+) Arbitrary File Edit/Upload vulnerability in Xpl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40215 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40213 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40211 + RESERVED +CVE-2022-40206 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40205 (Insecure direct object references (IDOR) vulnerability in the wpForo F ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40193 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40131 (Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Page ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38974 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38468 (Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress G ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38461 (Broken Access Control vulnerability in WPML Multilingual CMS premium p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38454 (Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Opt ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38104 (Auth. WordPress Options Change (siteurl, users_can_register, default_r ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38079 (Cross-Site Request Forgery (CSRF) vulnerability Backup Scheduler plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38074 (SQL Injection vulnerability in VeronaLabs WP Statistics plugin<= 13.2. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38073 (Multiple Authenticated (custom specific plugin role) Persistent Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36424 (Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36417 (Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forg ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36404 (Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35238 (Unauthenticated Plugin Settings Change vulnerability in Awesome Filter ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33978 (Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3216 (A vulnerability has been found in Nintendo Game Boy Color and classifi ...) + NOT-FOR-US: Nintendo Game Boy Color +CVE-2022-3215 (NIOHTTP1 and projects using it for generating HTTP responses can be su ...) + NOT-FOR-US: swift-nio +CVE-2022-3214 (Delta Industrial Automation's DIAEnergy, an industrial energy manageme ...) + NOT-FOR-US: Delta +CVE-2022-3213 (A heap buffer overflow issue was found in ImageMagick. When an applica ...) + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1021141) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126824 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/30ccf9a0da1f47161b5935a95be854fe84e6c2a2 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1aea203eb36409ce6903b9e41fe7cb70030e8750 (6.9.12-62) +CVE-2022-3212 (::from_request would ...) + NOT-FOR-US: axum_core rust crate +CVE-2022-3211 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-30545 (Auth. Reflected Cross-Site Scripting (XSS) vulnerability in 5 Anker Co ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36603 (The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 an ...) + NOT-FOR-US: HoYoVerse (formerly miHoYo) Genshin Impact +CVE-2022-40674 (libexpat before 2.4.9 has a use-after-free in the doContent function i ...) + {DSA-5236-1 DLA-3119-1} + - expat 2.4.8-2 (bug #1019761) + NOTE: https://github.com/libexpat/libexpat/pull/629 + NOTE: https://github.com/libexpat/libexpat/pull/640 + NOTE: https://github.com/libexpat/libexpat/commit/4a32da87e931ba54393d465bb77c40b5c33d343b +CVE-2022-40673 (KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods ...) + NOT-FOR-US: KDiskMark +CVE-2022-40670 + RESERVED +CVE-2022-40669 + REJECTED +CVE-2022-40668 + REJECTED +CVE-2022-40667 + REJECTED +CVE-2022-40666 + REJECTED +CVE-2022-40665 + REJECTED +CVE-2022-40664 (Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shi ...) + - shiro (bug #1021671) + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue, too little detail) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/12/1 +CVE-2022-40663 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40662 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40661 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40660 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40659 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40658 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40657 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40656 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40655 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NIKON +CVE-2022-40654 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40653 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40652 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40651 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40650 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40649 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40642 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40641 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40640 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40637 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-40636 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ansys SpaceClaim +CVE-2022-3210 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2022-31735 (OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium ...) + NOT-FOR-US: OpenAM (different from src:openam) +CVE-2021-46838 + RESERVED +CVE-2022-40635 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) + NOT-FOR-US: Crafter Studio of Crafter CMS +CVE-2022-40634 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) + NOT-FOR-US: Crafter Studio of Crafter CMS +CVE-2022-40631 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-38097 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2022-37332 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2022-32774 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2022-3209 (The soledad WordPress theme before 8.2.5 does not sanitise the {id,dat ...) + NOT-FOR-US: WordPress theme +CVE-2022-3208 (The Simple File List WordPress plugin before 4.4.12 does not implement ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3207 (The Simple File List WordPress plugin before 4.4.12 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3206 (The Passster WordPress plugin before 3.5.5.5.2 stores the password ins ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3205 (Cross site scripting in automation controller UI in Red Hat Ansible Au ...) + NOT-FOR-US: Red Hat Ansible Automation Controller +CVE-2022-3204 (A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation ...) + {DLA-3371-1} + - unbound 1.16.3-1 + [bullseye] - unbound 1.13.1-1+deb11u1 + NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt + NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/137719522a8ea5b380fbb6206d2466f402f5b554 (release-1.16.3) +CVE-2022-3203 (On ORing net IAP-420(+) with FW version 2.0m a telnet server is enable ...) + NOT-FOR-US: ORing net IAP-420(+) +CVE-2022-3202 (A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journal ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/a53046291020ec41e09181396c1e829287b48d47 (5.18-rc1) +CVE-2022-3201 (Insufficient validation of untrusted input in DevTools in Google Chrom ...) + {DSA-5244-1 DSA-5230-1} + - chromium 106.0.5249.61-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3200 (Heap buffer overflow in Internals in Google Chrome prior to 105.0.5195 ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3199 (Use after free in Frames in Google Chrome prior to 105.0.5195.125 allo ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3198 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3197 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3196 (Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3195 (Out of bounds write in Storage in Google Chrome prior to 105.0.5195.12 ...) + {DSA-5230-1} + - chromium 105.0.5195.125-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3194 + RESERVED +CVE-2022-3193 (An HTML injection/reflected Cross-site scripting (XSS) vulnerability w ...) + NOT-FOR-US: ovirt-engine +CVE-2022-40630 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + NOT-FOR-US: Tacitine Firewall +CVE-2022-40629 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + NOT-FOR-US: Tacitine Firewall +CVE-2022-40628 (This vulnerability exists in Tacitine Firewall, all versions of EN6200 ...) + NOT-FOR-US: Tacitine Firewall +CVE-2022-40627 + RESERVED +CVE-2022-40626 (An unauthenticated user can create a link with reflected Javascript co ...) + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-21350 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/55eb14d0a394b362d5df00ed9e06a3918472deec (6.0.7rc1) +CVE-2022-40625 + RESERVED +CVE-2022-40624 (pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execut ...) + NOT-FOR-US: pfSense +CVE-2022-40623 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...) + NOT-FOR-US: WAVLINK +CVE-2022-40622 (The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030 ...) + NOT-FOR-US: WAVLINK +CVE-2022-40621 (Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31 ...) + NOT-FOR-US: WAVLINK +CVE-2022-40620 + RESERVED +CVE-2022-40619 + RESERVED +CVE-2022-40618 + RESERVED +CVE-2022-40617 (strongSwan before 5.9.8 allows remote attackers to cause a denial of s ...) + {DSA-5249-1 DLA-3143-1} + - strongswan 5.9.8-1 (bug #1021271) + NOTE: https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html + NOTE: Patch: https://download.strongswan.org/security/CVE-2022-40617/ +CVE-2022-40616 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow ...) + NOT-FOR-US: IBM +CVE-2022-40615 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnera ...) + NOT-FOR-US: IBM +CVE-2022-40614 + RESERVED +CVE-2022-40613 + RESERVED +CVE-2022-40612 + RESERVED +CVE-2022-40611 + RESERVED +CVE-2022-40610 + RESERVED +CVE-2022-40609 (IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a re ...) + NOT-FOR-US: IBM +CVE-2022-40608 (IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File System ...) + NOT-FOR-US: IBM +CVE-2022-40607 (IBM Spectrum Scale 5.1 could allow users with permissions to create po ...) + NOT-FOR-US: IBM +CVE-2022-3192 (Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows C ...) + NOT-FOR-US: ABB +CVE-2022-3191 (Insertion of Sensitive Information into Log File vulnerability in Hita ...) + NOT-FOR-US: Hitachi +CVE-2022-3190 (Infinite loop in the F5 Ethernet Trailer protocol dissector in Wiresha ...) + - wireshark 3.6.8-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (vulernable code not present, poc does not trigger) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/18307 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-06.html +CVE-2022-3189 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3188 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3187 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3186 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3185 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3184 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3183 (Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulne ...) + NOT-FOR-US: Dataprobe iBoot-PDU FW +CVE-2022-3182 (Improper Access Control vulnerability in the Duo SMS two-factor of Dev ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-40606 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...) + NOT-FOR-US: MITRE CALDERA +CVE-2022-40605 (MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Deb ...) + NOT-FOR-US: MITRE CALDERA +CVE-2022-40604 (In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily ...) + - airflow (bug #819700) +CVE-2022-40603 (A cross-site scripting (XSS) vulnerability in the CGI program of Zyxel ...) + NOT-FOR-US: Zyxel +CVE-2022-40602 (A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG ...) + NOT-FOR-US: Zyxel +CVE-2022-40601 + REJECTED +CVE-2022-40600 + REJECTED +CVE-2022-40599 + REJECTED +CVE-2022-40598 + REJECTED +CVE-2022-40597 + REJECTED +CVE-2022-40596 + REJECTED +CVE-2022-40595 + REJECTED +CVE-2022-40594 + REJECTED +CVE-2022-40593 + REJECTED +CVE-2022-40592 + REJECTED +CVE-2022-40591 + REJECTED +CVE-2022-40590 + REJECTED +CVE-2022-40589 + REJECTED +CVE-2022-40588 + REJECTED +CVE-2022-40587 + REJECTED +CVE-2022-40586 + REJECTED +CVE-2022-40585 + REJECTED +CVE-2022-40584 + REJECTED +CVE-2022-40583 + REJECTED +CVE-2022-40582 + REJECTED +CVE-2022-40581 + REJECTED +CVE-2022-40580 + REJECTED +CVE-2022-40579 + REJECTED +CVE-2022-40578 + REJECTED +CVE-2022-40577 + REJECTED +CVE-2022-40576 + REJECTED +CVE-2022-40575 + REJECTED +CVE-2022-40574 + REJECTED +CVE-2022-40573 + REJECTED +CVE-2022-40572 + REJECTED +CVE-2022-40571 + REJECTED +CVE-2022-40570 + REJECTED +CVE-2022-40569 + REJECTED +CVE-2022-40568 + REJECTED +CVE-2022-40567 + REJECTED +CVE-2022-40566 + REJECTED +CVE-2022-40565 + REJECTED +CVE-2022-40564 + REJECTED +CVE-2022-40563 + REJECTED +CVE-2022-40562 + REJECTED +CVE-2022-40561 + REJECTED +CVE-2022-40560 + REJECTED +CVE-2022-40559 + REJECTED +CVE-2022-40558 + REJECTED +CVE-2022-40557 + REJECTED +CVE-2022-40556 + REJECTED +CVE-2022-40555 + REJECTED +CVE-2022-40554 + REJECTED +CVE-2022-40553 + REJECTED +CVE-2022-40552 + REJECTED +CVE-2022-40551 + REJECTED +CVE-2022-40550 + REJECTED +CVE-2022-40549 + REJECTED +CVE-2022-40548 + REJECTED +CVE-2022-40547 + REJECTED +CVE-2022-40546 + REJECTED +CVE-2022-40545 + REJECTED +CVE-2022-40544 + REJECTED +CVE-2022-40543 + REJECTED +CVE-2022-40542 + REJECTED +CVE-2022-40541 + REJECTED +CVE-2022-40540 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Qualcomm +CVE-2022-40539 (Memory corruption in Automotive Android OS due to improper validation ...) + NOT-FOR-US: Qualcomm +CVE-2022-40538 (Transient DOS due to reachable assertion in modem while processing sib ...) + NOT-FOR-US: Qualcomm +CVE-2022-40537 (Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_ ...) + NOT-FOR-US: Qualcomm +CVE-2022-40536 (Transient DOS due to improper authentication in modem while receiving ...) + NOT-FOR-US: Qualcomm +CVE-2022-40535 (Transient DOS due to buffer over-read in WLAN while sending a packet t ...) + NOT-FOR-US: Qualcomm +CVE-2022-40534 (Memory corruption due to improper validation of array index in Audio.) + NOT-FOR-US: Qualcomm +CVE-2022-40533 (Transient DOS due to untrusted Pointer Dereference in core while sendi ...) + NOT-FOR-US: Qualcomm +CVE-2022-40532 (Memory corruption due to integer overflow or wraparound in WLAN while ...) + NOT-FOR-US: Qualcomm +CVE-2022-40531 (Memory corruption in WLAN due to incorrect type cast while sending WMI ...) + NOT-FOR-US: Qualcomm +CVE-2022-40530 (Memory corruption in WLAN due to integer overflow to buffer overflow i ...) + NOT-FOR-US: Qualcomm +CVE-2022-40529 (Memory corruption due to improper access control in kernel while proce ...) + NOT-FOR-US: Qualcomm +CVE-2022-40528 + RESERVED +CVE-2022-40527 (Transient DOS due to reachable assertion in WLAN while processing PEER ...) + NOT-FOR-US: Qualcomm +CVE-2022-40526 + RESERVED +CVE-2022-40525 (Information disclosure in Linux Networking Firmware due to unauthorize ...) + NOT-FOR-US: Qualcomm +CVE-2022-40524 (Memory corruption due to buffer over-read in Modem while processing Se ...) + NOT-FOR-US: Qualcomm +CVE-2022-40523 (Information disclosure in Kernel due to indirect branch misprediction.) + NOT-FOR-US: Qualcomm +CVE-2022-40522 (Memory corruption in Linux Networking due to double free while handlin ...) + NOT-FOR-US: Qualcomm +CVE-2022-40521 (Transient DOS due to improper authorization in Modem) + NOT-FOR-US: Qualcomm +CVE-2022-40520 (Memory corruption due to stack-based buffer overflow in Core) + NOT-FOR-US: Qualcomm +CVE-2022-40519 (Information disclosure due to buffer overread in Core) + NOT-FOR-US: Qualcomm +CVE-2022-40518 (Information disclosure due to buffer overread in Core) + NOT-FOR-US: Qualcomm +CVE-2022-40517 (Memory corruption in core due to stack-based buffer overflow) + NOT-FOR-US: Qualcomm +CVE-2022-40516 (Memory corruption in Core due to stack-based buffer overflow.) + NOT-FOR-US: Qualcomm +CVE-2022-40515 (Memory corruption in Video due to double free while playing 3gp clip w ...) + NOT-FOR-US: Qualcomm +CVE-2022-40514 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Snapdragon +CVE-2022-40513 (Transient DOS due to uncontrolled resource consumption in WLAN firmwar ...) + NOT-FOR-US: Snapdragon +CVE-2022-40512 (Transient DOS in WLAN Firmware due to buffer over-read while processin ...) + NOT-FOR-US: Snapdragon +CVE-2022-40511 + RESERVED +CVE-2022-40510 (Memory corruption due to buffer copy without checking size of input in ...) + NOT-FOR-US: Qualcomm +CVE-2022-40509 + RESERVED +CVE-2022-40508 (Transient DOS due to reachable assertion in Modem while processing con ...) + NOT-FOR-US: Qualcomm +CVE-2022-40507 (Memory corruption due to double free in Core while mapping HLOS addres ...) + NOT-FOR-US: Qualcomm +CVE-2022-40506 + RESERVED +CVE-2022-40505 (Information disclosure due to buffer over-read in Modem while parsing ...) + NOT-FOR-US: Qualcomm +CVE-2022-40504 (Transient DOS due to reachable assertion in Modem when UE received Dow ...) + NOT-FOR-US: Qualcomm +CVE-2022-40503 (Information disclosure due to buffer over-read in Bluetooth Host while ...) + NOT-FOR-US: Qualcomm +CVE-2022-40502 (Transient DOS due to improper input validation in WLAN Host.) + NOT-FOR-US: Snapdragon +CVE-2022-3181 (An Improper Input Validation vulnerability exists in Trihedral VTScada ...) + NOT-FOR-US: Trihedral VTScada +CVE-2022-3180 + RESERVED +CVE-2022-3179 (Weak Password Requirements in GitHub repository ikus060/rdiffweb prior ...) + - rdiffweb (bug #969974) +CVE-2022-3178 (Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.) + - gpac (Fix for CVE-2022-30976 not applied) + NOTE: https://huntr.dev/bounties/f022fc50-3dfd-450a-ab47-3d75d2bf44c0 + NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3 + NOTE: Introduced by the fix for CVE-2022-30976. +CVE-2022-3177 + RESERVED +CVE-2022-3176 (There exists a use-after-free in io_uring in the Linux kernel. Signalf ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.17.3-1 + NOTE: https://kernel.dance/#fc78b2fc21f10c4c9c4d5d659a685710ffa63659 +CVE-2022-3175 (Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior ...) + - rdiffweb (bug #969974) +CVE-2022-3174 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub ...) + - rdiffweb (bug #969974) +CVE-2022-40501 + RESERVED +CVE-2022-40500 + RESERVED +CVE-2022-40499 + RESERVED +CVE-2022-40498 + RESERVED +CVE-2022-40497 (Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were disc ...) + NOT-FOR-US: Wazuh +CVE-2022-40496 + RESERVED +CVE-2022-40495 + RESERVED +CVE-2022-40494 (NPS before v0.26.10 was discovered to contain an authentication bypass ...) + NOT-FOR-US: NPS (network penetration server) +CVE-2022-40493 + RESERVED +CVE-2022-40492 + RESERVED +CVE-2022-40491 + RESERVED +CVE-2022-40490 + RESERVED +CVE-2022-40489 (ThinkCMF version 6.0.7 is affected by a Cross Site Request Forgery (CS ...) + NOT-FOR-US: ThinkCMF +CVE-2022-40488 (ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Fo ...) + NOT-FOR-US: ProcessWire +CVE-2022-40487 (ProcessWire v3.0.200 was discovered to contain multiple cross-site scr ...) + NOT-FOR-US: ProcessWire +CVE-2022-40486 (TP Link Archer AX10 V1 Firmware Version 1.3.1 Build 20220401 Rel. 5745 ...) + NOT-FOR-US: TP Link +CVE-2022-40485 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40484 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40483 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40482 (The authentication method in Laravel 8.x through 9.x before 9.32.0 was ...) + NOT-FOR-US: Laravel +CVE-2022-40481 + RESERVED +CVE-2022-40480 (Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was dis ...) + NOT-FOR-US: Microchip Technology NRF5340-DK DT100112 +CVE-2022-40479 + RESERVED +CVE-2022-40478 + RESERVED +CVE-2022-40477 + RESERVED +CVE-2022-40476 (A null pointer dereference issue was discovered in fs/io_uring.c in th ...) + - linux (Vulnerable code never released in Debian unstable) + NOTE: https://lore.kernel.org/lkml/CAO4S-mdVW5GkODk0+vbQexNAAJZopwzFJ9ACvRCJ989fQ4A6Ow@mail.gmail.com/ + NOTE: https://git.kernel.org/linus/386e4fb6962b9f248a80f8870aea0870ca603e89 (5.19-rc4) +CVE-2022-40475 (TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-40474 + RESERVED +CVE-2022-40473 + RESERVED +CVE-2022-40472 (ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721. ...) + NOT-FOR-US: ZKTeco Xiamen Information Technology ZKBio Time +CVE-2022-40471 (Remote Code Execution in Clinic's Patient Management System v 1.0 allo ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-40470 (Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripti ...) + NOT-FOR-US: Phpgurukul Blood Donor Management System +CVE-2022-40469 (iKuai OS v3.6.7 was discovered to contain an authenticated remote code ...) + NOT-FOR-US: iKuai8 +CVE-2022-40468 (Potential leak of left-over heap data if custom error page templates c ...) + - tinyproxy 1.11.1-2 (bug #1021015) + [bullseye] - tinyproxy (Minor issue) + [buster] - tinyproxy (Minor issue) + NOTE: https://github.com/tinyproxy/tinyproxy/issues/457 + NOTE: https://github.com/tinyproxy/tinyproxy/commit/3764b8551463b900b5b4e3ec0cd9bb9182191cb7 +CVE-2022-40467 + RESERVED +CVE-2022-40466 + RESERVED +CVE-2022-40465 + RESERVED +CVE-2022-40464 + RESERVED +CVE-2022-40463 + RESERVED +CVE-2022-40462 + RESERVED +CVE-2022-40461 + RESERVED +CVE-2022-40460 + RESERVED +CVE-2022-40459 + RESERVED +CVE-2022-40458 + RESERVED +CVE-2022-40457 + RESERVED +CVE-2022-40456 + RESERVED +CVE-2022-40455 + RESERVED +CVE-2022-40454 + RESERVED +CVE-2022-40453 + RESERVED +CVE-2022-40452 + RESERVED +CVE-2022-40451 + RESERVED +CVE-2022-40450 + RESERVED +CVE-2022-40449 + RESERVED +CVE-2022-40448 + RESERVED +CVE-2022-40447 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...) + NOT-FOR-US: ZZCMS +CVE-2022-40446 (ZZCMS 2022 was discovered to contain a SQL injection vulnerability via ...) + NOT-FOR-US: ZZCMS +CVE-2022-40445 + RESERVED +CVE-2022-40444 (ZZCMS 2022 was discovered to contain a full path disclosure vulnerabil ...) + NOT-FOR-US: ZZCMS +CVE-2022-40443 (An absolute path traversal vulnerability in ZZCMS 2022 allows attacker ...) + NOT-FOR-US: ZZCMS +CVE-2022-40442 + RESERVED +CVE-2022-40441 + RESERVED +CVE-2022-40440 (mxGraph v4.2.2 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: mxGraph +CVE-2022-40439 (An memory leak issue was discovered in AP4_StdcFileByteStream::Create ...) + NOT-FOR-US: Bento4 +CVE-2022-40438 (Buffer overflow vulnerability in function AP4_MemoryByteStream::WriteP ...) + NOT-FOR-US: Bento4 +CVE-2022-40437 + RESERVED +CVE-2022-40436 + RESERVED +CVE-2022-40435 (Employee Performance Evaluation System v1.0 was discovered to contain ...) + NOT-FOR-US: Employee Performance Evaluation System +CVE-2022-40434 (Softr v2.0 was discovered to be vulnerable to HTML injection via the N ...) + NOT-FOR-US: Softr +CVE-2022-40433 (An issue was discovered in function ciMethodBlocks::make_block_at in O ...) + {DSA-5331-1} + - openjdk-11 11.0.17+8-1 + NOTE: https://github.com/openjdk/jdk11u-dev/commit/fb76f0e7beb0e79eabf63399fc09923a0b3a04d2 (jdk-11.0.17-ga) + NOTE: https://bugs.openjdk.org/browse/JDK-8283441 +CVE-2022-40432 (The d8s-strings for python, as distributed on PyPI, included a potenti ...) + NOT-FOR-US: d8s-strings for python +CVE-2022-40431 (The d8s-pdfs for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-pdfs for python +CVE-2022-40430 (The d8s-utility for python, as distributed on PyPI, included a potenti ...) + NOT-FOR-US: d8s-utility for python +CVE-2022-40429 (The d8s-ip-addresses for python, as distributed on PyPI, included a po ...) + NOT-FOR-US: d8s-ip-addresses for python +CVE-2022-40428 (The d8s-mpeg for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-mpeg for python +CVE-2022-40427 (The d8s-domains for python, as distributed on PyPI, included a potenti ...) + NOT-FOR-US: d8s-domains for python +CVE-2022-40426 (The d8s-asns for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-asns for python +CVE-2022-40425 (The d8s-html for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-html for python +CVE-2022-40424 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-urls for python +CVE-2022-40423 + RESERVED +CVE-2022-40422 + RESERVED +CVE-2022-40421 + RESERVED +CVE-2022-40420 + RESERVED +CVE-2022-40419 + RESERVED +CVE-2022-40418 + RESERVED +CVE-2022-40417 + RESERVED +CVE-2022-40416 + RESERVED +CVE-2022-40415 + RESERVED +CVE-2022-40414 + RESERVED +CVE-2022-40413 + RESERVED +CVE-2022-40412 + RESERVED +CVE-2022-40411 + RESERVED +CVE-2022-40410 + RESERVED +CVE-2022-40409 + RESERVED +CVE-2022-40408 (FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: FeehiCMS +CVE-2022-40407 (A zip slip vulnerability in the file upload function of Chamilo v1.11 ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-40406 + RESERVED +CVE-2022-40405 (WoWonder Social Network Platform v4.1.2 was discovered to contain a SQ ...) + NOT-FOR-US: WoWonder Social Network Platform +CVE-2022-40404 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40403 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40402 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-40401 + RESERVED +CVE-2022-40400 + RESERVED +CVE-2022-40399 + RESERVED +CVE-2022-40398 + RESERVED +CVE-2022-40397 + RESERVED +CVE-2022-40396 + RESERVED +CVE-2022-40395 + RESERVED +CVE-2022-40394 + RESERVED +CVE-2022-40393 + RESERVED +CVE-2022-40392 + RESERVED +CVE-2022-40391 + RESERVED +CVE-2022-40390 + RESERVED +CVE-2022-40389 + RESERVED +CVE-2022-40388 + RESERVED +CVE-2022-40387 + RESERVED +CVE-2022-40386 + RESERVED +CVE-2022-40385 + RESERVED +CVE-2022-40384 + RESERVED +CVE-2022-40383 + RESERVED +CVE-2022-40382 + RESERVED +CVE-2022-40381 + RESERVED +CVE-2022-40380 + RESERVED +CVE-2022-40379 + RESERVED +CVE-2022-40378 + RESERVED +CVE-2022-40377 + RESERVED +CVE-2022-40376 + RESERVED +CVE-2022-40375 + RESERVED +CVE-2022-40374 + RESERVED +CVE-2022-40373 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.1.1 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2022-40372 + RESERVED +CVE-2022-40371 + RESERVED +CVE-2022-40370 + RESERVED +CVE-2022-40369 + RESERVED +CVE-2022-40368 + RESERVED +CVE-2022-40367 + RESERVED +CVE-2022-40366 + RESERVED +CVE-2022-40365 (Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5 ...) + NOT-FOR-US: ouqiang gocron (not the same as src:golang-github-go-co-op-gocron) +CVE-2022-40364 + RESERVED +CVE-2022-40363 (A buffer overflow in the component nfc_device_load_mifare_ul_data of F ...) + NOT-FOR-US: Flipper Devices +CVE-2022-40362 + RESERVED +CVE-2022-40361 + RESERVED +CVE-2022-40360 + RESERVED +CVE-2022-40359 (Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via craf ...) + NOT-FOR-US: kfm +CVE-2022-40358 (An issue was discovered in AjaXplorer 4.2.3, allows attackers to cause ...) + - ajaxplorer (bug #668381) +CVE-2022-40357 (A security issue was discovered in Z-BlogPHP <= 1.7.2. A Server-Side R ...) + NOT-FOR-US: Z-BlogPHP +CVE-2022-40356 + RESERVED +CVE-2022-40355 + RESERVED +CVE-2022-40354 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40353 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40352 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40351 + RESERVED +CVE-2022-40350 + RESERVED +CVE-2022-40349 + RESERVED +CVE-2022-40348 (Cross Site Scripting (XSS) vulnerability in Intern Record System versi ...) + NOT-FOR-US: Intern Record System +CVE-2022-40347 (SQL Injection vulnerability in Intern Record System version 1.0 in /in ...) + NOT-FOR-US: Intern Record System +CVE-2022-40346 + RESERVED +CVE-2022-40345 + RESERVED +CVE-2022-40344 + RESERVED +CVE-2022-40343 + RESERVED +CVE-2022-40342 + RESERVED +CVE-2022-40341 (mojoPortal v2.7 was discovered to contain an arbitrary file upload vul ...) + NOT-FOR-US: mojoPortal +CVE-2022-40340 + RESERVED +CVE-2022-40339 + RESERVED +CVE-2022-40338 + RESERVED +CVE-2022-40337 (OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows ...) + NOT-FOR-US: OASES (aka Open Aviation Strategic Engineering System) +CVE-2022-40336 + RESERVED +CVE-2022-40335 + RESERVED +CVE-2022-40334 + RESERVED +CVE-2022-40333 + RESERVED +CVE-2022-40332 + RESERVED +CVE-2022-40331 + RESERVED +CVE-2022-40330 + RESERVED +CVE-2022-40329 + RESERVED +CVE-2022-40328 + RESERVED +CVE-2022-40327 + RESERVED +CVE-2022-40326 + RESERVED +CVE-2022-40325 (SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, ak ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-40324 (SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, a ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-40323 (SysAid Help Desk before 22.1.65 allows XSS in the Password Services mo ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-40322 (SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.) + NOT-FOR-US: SysAid Help Desk +CVE-2022-40321 + RESERVED +CVE-2022-3173 (Improper Authentication in GitHub repository snipe/snipe-it prior to 6 ...) + - snipe-it (bug #1005172) +CVE-2022-40320 (cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffe ...) + - libconfuse 3.3-3 (bug #1019596) + [bullseye] - libconfuse 3.3-2+deb11u1 + NOTE: https://github.com/libconfuse/libconfuse/issues/163 + NOTE: Fixed by: https://github.com/libconfuse/libconfuse/commit/d73777c2c3566fb2647727bb56d9a2295b81669b +CVE-2022-40319 (The LISTSERV 17 web interface allows remote attackers to conduct Insec ...) + NOT-FOR-US: LISTSERV +CVE-2022-40318 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) + {DLA-3573-1} + - frr 8.4.1-1 (bug #1035829) + [bullseye] - frr 7.5.1-1.1+deb11u2 + NOTE: https://github.com/FRRouting/frr/issues/13427 + NOTE: https://github.com/FRRouting/frr/issues/13480 + NOTE: https://github.com/FRRouting/frr/commit/1117baca3c592877a4d8a13ed6a1d9bd83977487 (base_8.4) +CVE-2022-40317 (OpenKM 6.3.11 allows stored XSS related to the javascript: subst ...) + NOT-FOR-US: OpenKM +CVE-2022-40316 (The H5P activity attempts report did not filter by groups, which in se ...) + - moodle +CVE-2022-40315 (A limited SQL injection risk was identified in the "browse list of use ...) + - moodle +CVE-2022-40314 (A remote code execution risk when restoring backup files originating f ...) + - moodle +CVE-2022-40313 (Recursive rendering of Mustache template helpers containing user input ...) + - moodle +CVE-2022-40309 (Users with write permissions to a repository can delete arbitrary dire ...) + NOT-FOR-US: Apache Archiva +CVE-2022-40308 (If anonymous read enabled, it's possible to read the database file dir ...) + NOT-FOR-US: Apache Archiva +CVE-2022-40199 (Directory traversal vulnerability in EC-CUBE 3 series (EC-CUBE 3.0.0 t ...) + NOT-FOR-US: EC-CUBE +CVE-2022-38975 (DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-C ...) + NOT-FOR-US: EC-CUBE +CVE-2022-37346 (EC-CUBE plugin 'Product Image Bulk Upload Plugin' 1.0.0 and 4.1.0 cont ...) + NOT-FOR-US: EC-CUBE +CVE-2022-3172 (A security issue was discovered in kube-apiserver that allows an aggr ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2022-3171 (A parsing issue with binary data in protobuf-java core and lite versio ...) + [experimental] - protobuf 3.21.7-1 + - protobuf 3.21.9-3 + [bullseye] - protobuf (Too intrusive to backport, requires significant refactoring) + [buster] - protobuf (Too intrusive to backport, requires significant refactoring) + NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-h4h5-3hr4-j3g2 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10664 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10665 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10666 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10667 + NOTE: https://github.com/protocolbuffers/protobuf/pull/10668 + NOTE: CPU DoS in protobuf-java, fixed by significant refactoring +CVE-2022-3170 (An out-of-bounds access issue was found in the Linux kernel sound subs ...) + - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125879 + NOTE: https://git.kernel.org/linus/6ab55ec0a938c7f943a4edba3d6514f775983887 (6.0-rc4) + NOTE: https://git.kernel.org/linus/5934d9a0383619c14df91af8fd76261dc3de2f5f (6.0-rc4) +CVE-2022-40307 (An issue was discovered in the Linux kernel through 5.19.8. drivers/fi ...) + {DSA-5257-1 DLA-3173-1 DLA-3131-1} + - linux 5.19.11-1 + NOTE: https://git.kernel.org/linus/9cb636b5f6a8cc6d1b50809ec8f8d33ae0c84c95 +CVE-2022-40306 (The login form /Login in ECi Printanista Hub (formerly FMAudit Printsc ...) + NOT-FOR-US: ECi Printanista Hub +CVE-2022-40305 (A Server-Side Request Forgery issue in Canto Cumulus through 11.1.3 al ...) + NOT-FOR-US: Canto Cumulus +CVE-2022-40304 (An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ...) + {DSA-5271-1 DLA-3172-1} + - libxml2 2.9.14+dfsg-1.1 (bug #1022225) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b (v2.10.3) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2335 +CVE-2022-40303 (An issue was discovered in libxml2 before 2.10.3. When parsing a multi ...) + {DSA-5271-1 DLA-3172-1} + - libxml2 2.9.14+dfsg-1.1 (bug #1022224) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 (v2.10.3) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2336 +CVE-2022-40302 (An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By cra ...) + {DLA-3573-1} + - frr 8.4.1-1 (bug #1035829) + [bullseye] - frr 7.5.1-1.1+deb11u2 + NOTE: https://github.com/FRRouting/frr/issues/13427 + NOTE: https://github.com/FRRouting/frr/issues/13480 + NOTE: https://github.com/FRRouting/frr/commit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) +CVE-2022-40301 + RESERVED +CVE-2022-40300 (Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-40299 (In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., b ...) + [experimental] - singular 1:4.3.1-p1+ds-1 + - singular (unimportant) + NOTE: https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c (Release-4-3-1) + NOTE: https://github.com/Singular/Singular/issues/1137 + NOTE: Neutralised by kernel hardening (fs.protected_symlinks = 1) +CVE-2022-40298 (Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited p ...) + NOT-FOR-US: Crestron +CVE-2022-40297 (UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be use ...) + NOT-FOR-US: UBports Ubuntu Touch +CVE-2022-40296 (The application was vulnerable to a Server-Side Request Forgery attack ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40295 (The application was vulnerable to an authenticated information disclos ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40294 (The application was identified to have an CSV injection in data export ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40293 (The application was vulnerable to a session fixation that could be use ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40292 (The application allowed for Unauthenticated User Enumeration by intera ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40291 (The application was vulnerable to Cross-Site Request Forgery (CSRF) at ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40290 (The application was vulnerable to an unauthenticated Reflected Cross-S ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40289 (The application was vulnerable to an authenticated Stored Cross-Site S ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40288 (The application was vulnerable to an authenticated Stored Cross-Site S ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40287 (The application was found to be vulnerable to an authenticated Stored ...) + NOT-FOR-US: PHP Point of Sale +CVE-2022-40286 + RESERVED +CVE-2022-40285 + RESERVED +CVE-2022-40284 (A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted ...) + {DSA-5270-1 DLA-3201-1} + - ntfs-3g 1:2022.10.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/31/2 + NOTE: https://github.com/tuxera/ntfs-3g/commit/18bfc676119a1188e8135287b8327b0760ba44a1 (2022.10.3) + NOTE: https://github.com/tuxera/ntfs-3g/commit/76c3a799a97fbcedeeeca57f598be508ae2a1656 (2022.10.3) +CVE-2022-40283 + RESERVED +CVE-2022-40282 (The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authe ...) + NOT-FOR-US: Hirschmann BAT-C2 +CVE-2022-40281 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) + NOT-FOR-US: Samsung TizenRT +CVE-2022-40280 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) + NOT-FOR-US: Samsung TizenRT +CVE-2022-40279 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) + NOT-FOR-US: Samsung TizenRT +CVE-2022-40278 (An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PR ...) + NOT-FOR-US: Samsung TizenRT +CVE-2022-40277 (Joplin version 2.8.8 allows an external attacker to execute arbitrary ...) + NOT-FOR-US: Joplin +CVE-2022-40276 (Zettlr version 2.3.0 allows an external attacker to remotely obtain ar ...) + NOT-FOR-US: Zettlr +CVE-2022-40275 + RESERVED +CVE-2022-40274 (Gridea version 0.9.3 allows an external attacker to execute arbitrary ...) + NOT-FOR-US: Gridea +CVE-2022-40273 + REJECTED +CVE-2022-40272 + REJECTED +CVE-2022-40271 + REJECTED +CVE-2022-40270 + REJECTED +CVE-2022-40269 (Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric ...) + NOT-FOR-US: Mitsubishi +CVE-2022-40268 (Improper Restriction of Rendered UI Layers or Frames vulnerability in ...) + NOT-FOR-US: Mitsubishi +CVE-2022-40267 (Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerabilit ...) + NOT-FOR-US: Mitsubishi +CVE-2022-40266 (Improper Input Validation vulnerability in Mitsubishi Electric GOT2000 ...) + NOT-FOR-US: Mitsubishi +CVE-2022-40265 (Improper Input Validation vulnerability in Mitsubishi Electric Corpora ...) + NOT-FOR-US: Mitsubishi +CVE-2022-40264 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Mitsubishi Electric +CVE-2022-40263 (BD Totalys MultiProcessor, versions 1.70 and earlier, contain hardcode ...) + NOT-FOR-US: BD Totalys MultiProcessor +CVE-2022-40262 (A potential attacker can execute an arbitrary code at the time of the ...) + NOT-FOR-US: AMI +CVE-2022-40261 (An attacker can exploit this vulnerability to elevate privileges from ...) + NOT-FOR-US: AMI +CVE-2022-40260 + RESERVED +CVE-2022-40259 (MegaRAC Default Credentials Vulnerability) + NOT-FOR-US: AMI MegaRAC Redfish +CVE-2022-40258 (AMI Megarac Weak password hashes for Redfish & API) + NOT-FOR-US: AMI +CVE-2022-40257 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...) + NOT-FOR-US: CERT/CC VINCE +CVE-2022-40256 + RESERVED +CVE-2022-40255 + RESERVED +CVE-2022-40254 + RESERVED +CVE-2022-40253 + RESERVED +CVE-2022-40252 + RESERVED +CVE-2022-40251 + RESERVED +CVE-2022-40250 (An attacker can exploit this vulnerability to elevate privileges from ...) + NOT-FOR-US: AMI +CVE-2022-40249 + RESERVED +CVE-2022-40248 (An HTML injection vulnerability exists in CERT/CC VINCE software prior ...) + NOT-FOR-US: CERT/CC VINCE +CVE-2022-40247 + RESERVED +CVE-2022-40246 (A potential attacker can write one byte by arbitrary address at the ti ...) + NOT-FOR-US: AMI +CVE-2022-40245 + RESERVED +CVE-2022-40244 + RESERVED +CVE-2022-40243 + RESERVED +CVE-2022-40242 (MegaRAC Default Credentials Vulnerability) + NOT-FOR-US: MegaRAC +CVE-2022-40241 + RESERVED +CVE-2022-40240 + RESERVED +CVE-2022-40239 + RESERVED +CVE-2022-40238 (A Remote Code Injection vulnerability exists in CERT software prior to ...) + NOT-FOR-US: CERT software +CVE-2022-3169 (A flaw was found in the Linux kernel. A denial of service flaw may occ ...) + {DLA-3244-1} + - linux 6.0.10-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125341 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214771 +CVE-2022-3168 + REJECTED +CVE-2019-25076 (The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.1 ...) + - openvswitch (bug #1021740) + [bookworm] - openvswitch (Minor issue) + [bullseye] - openvswitch (Minor issue) + [buster] - openvswitch (Minor issue) + NOTE: https://arxiv.org/abs/2011.09107 + NOTE: https://sites.google.com/view/tuple-space-explosion + NOTE: https://dl.acm.org/doi/10.1145/3359989.3365431 + NOTE: https://www.youtube.com/watch?v=5cHpzVK0D28 + NOTE: https://www.youtube.com/watch?v=DSC3m-Bww64 +CVE-2022-40237 (IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service atta ...) + NOT-FOR-US: IBM +CVE-2022-40236 + RESERVED +CVE-2022-40235 ("IBM InfoSphere Information Server 11.7 could allow a user to cause a ...) + NOT-FOR-US: IBM +CVE-2022-40234 (Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1 ...) + NOT-FOR-US: IBM +CVE-2022-40233 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-40232 (IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, ...) + NOT-FOR-US: IBM +CVE-2022-40231 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 a ...) + NOT-FOR-US: IBM +CVE-2022-40230 ("IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invali ...) + NOT-FOR-US: IBM +CVE-2022-40229 + RESERVED +CVE-2022-40228 (IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-40227 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) + NOT-FOR-US: Siemens +CVE-2022-40226 (A vulnerability has been identified in SICAM P850 (All versions < V3.1 ...) + NOT-FOR-US: Siemens +CVE-2022-40225 + REJECTED +CVE-2022-40200 (Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Foru ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40198 (Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech Tera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40197 + RESERVED +CVE-2022-40195 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40194 (Unauthenticated Sensitive Information Disclosure vulnerability in Cust ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40191 (Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40189 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Airflow Pig provider +CVE-2022-40132 (Cross-Site Request Forgery (CSRF) vulnerability in Seriously Simple Po ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38976 + RESERVED +CVE-2022-38704 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38703 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38470 (Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews fo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38460 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38144 (Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpFor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38140 (Auth. (contributor+)Arbitrary File Upload inSEO Plugin by Squirrly SEO ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38139 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Stati ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38137 (Cross-Site Request Forgery (CSRF) vulnerability in Analytify plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38135 (Broken Access Control vulnerability in Dean Oakley's Photospace Galler ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38134 (Authenticated (subscriber+) Broken Access Control vulnerability in Cus ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38098 + RESERVED +CVE-2022-38095 (Cross-Site Request Forgery (CSRF) vulnerability in AlgolPlus Advanced ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38086 (Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38085 (Cross-Site Request Forgery (CSRF) vulnerability in Read more By Adam p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38077 (Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, E ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37342 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36790 + RESERVED +CVE-2022-36388 (Cross-Site Request Forgery (CSRF) vulnerability in YDS Support Ticket ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36356 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36340 (Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOpt ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36299 + RESERVED +CVE-2022-36295 + RESERVED +CVE-2022-3167 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + - rdiffweb (bug #969974) +CVE-2022-3166 (Rockwell Automation was made aware that the webservers of the Microlog ...) + NOT-FOR-US: Rockwell +CVE-2022-3165 (An integer underflow issue was found in the QEMU VNC server while proc ...) + - qemu 1:7.2+dfsg-1 (bug #1021019) + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2129739 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/0bf41cab93e5c72dcda717abd625698b59d9ba3e (v6.1.0-rc0) + NOTE: Proposed fix: https://lists.nongnu.org/archive/html/qemu-devel/2022-09/msg03948.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/d307040b18bfcb1393b910f1bae753d5c12a4dc7 (v7.2.0-rc0) +CVE-2022-3164 + RESERVED +CVE-2022-3163 + RESERVED +CVE-2022-40188 (Knot Resolver before 5.5.3 allows remote attackers to cause a denial o ...) + {DLA-3139-1} + - knot-resolver 5.5.3-1 + [bullseye] - knot-resolver (Minor issue) + NOTE: https://github.com/CZ-NIC/knot-resolver/commit/f6577a20e493c7fbdac124d7544bf1846b084185 (v5.5.3) + NOTE: https://www.knot-resolver.cz/2022-09-21-knot-resolver-5.5.3.html +CVE-2022-40187 (Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communicati ...) + NOT-FOR-US: Foresight GC3 Launch Monitor +CVE-2022-40186 (An issue was discovered in HashiCorp Vault and Vault Enterprise before ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2022-40185 + RESERVED +CVE-2022-40184 (Incomplete filtering of JavaScript code in different configuration fie ...) + NOT-FOR-US: Bosch +CVE-2022-40183 (An error in the URL handler of the VIDEOJET multi 4000 may lead to a r ...) + NOT-FOR-US: Bosch +CVE-2022-40182 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40181 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40180 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40179 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40178 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40177 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-40176 (A vulnerability has been identified in Desigo PXM30-1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-3162 (Users authorized to list or watch one type of namespaced custom resour ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here +CVE-2022-3161 (The APDFL.dll contains a memory corruption vulnerability while parsing ...) + NOT-FOR-US: Siemens +CVE-2022-3160 (The APDFL.dll contains an out-of-bounds write past the fixed-length h ...) + NOT-FOR-US: Siemens +CVE-2022-3159 (The APDFL.dll contains a stack-based buffer overflow vulnerability tha ...) + NOT-FOR-US: Siemens +CVE-2022-3158 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-3157 (A vulnerability exists in the Rockwell Automation controllers that all ...) + NOT-FOR-US: Rockwell +CVE-2022-3156 (A remote code execution vulnerability exists in Rockwell Automation St ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-40175 + REJECTED +CVE-2022-40174 + REJECTED +CVE-2022-40173 + REJECTED +CVE-2022-40172 + REJECTED +CVE-2022-40171 + REJECTED +CVE-2022-40170 + REJECTED +CVE-2022-40169 + REJECTED +CVE-2022-40168 + REJECTED +CVE-2022-40167 + REJECTED +CVE-2022-40166 + REJECTED +CVE-2022-40165 + REJECTED +CVE-2022-40164 + REJECTED +CVE-2022-40163 + REJECTED +CVE-2022-40162 + REJECTED +CVE-2022-40161 + REJECTED +CVE-2022-40160 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...) + NOTE: Invalid oss-fuzz report against libcommons-jxpath-java + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47053 +CVE-2022-40159 (** DISPUTED ** This record was originally reported by the oss-fuzz pro ...) + NOTE: Invalid oss-fuzz report against libcommons-jxpath-java + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47057 +CVE-2022-40158 + REJECTED +CVE-2022-40157 + REJECTED +CVE-2022-40156 + REJECTED +CVE-2022-40155 + REJECTED +CVE-2022-40154 + REJECTED +CVE-2022-40153 + REJECTED +CVE-2022-40152 (Those using Woodstox to parse XML data may be vulnerable to Denial of ...) + - libwoodstox-java (bug #1032089) + [bookworm] - libwoodstox-java (Minor issue) + [bullseye] - libwoodstox-java (Minor issue) + [buster] - libwoodstox-java (Minor issue) + NOTE: https://github.com/x-stream/xstream/issues/304 + NOTE: https://github.com/advisories/GHSA-3f7h-mf4q-vrm4 +CVE-2022-40151 (Those using Xstream to seralize XML data may be vulnerable to Denial o ...) + - libxstream-java (unimportant) + NOTE: https://github.com/x-stream/xstream/issues/304 + NOTE: https://github.com/x-stream/xstream/issues/314 + NOTE: https://x-stream.github.io/CVE-2022-40151.html + NOTE: https://github.com/advisories/GHSA-f8cc-g7j8-xxpm + NOTE: Only solution for the issue is to catch the StackOverflowError in the client code + NOTE: calling XStream. +CVE-2022-40150 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) + {DSA-5312-1 DLA-3259-1} + - libjettison-java 1.5.3-1 (bug #1022553) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46549 + NOTE: https://github.com/jettison-json/jettison/issues/45 +CVE-2022-40149 (Those using Jettison to parse untrusted XML or JSON data may be vulner ...) + {DSA-5312-1 DLA-3184-1} + - libjettison-java 1.5.1-1 (bug #1022554) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46538 + NOTE: https://github.com/jettison-json/jettison/issues/45 + NOTE: https://github.com/jettison-json/jettison/commit/395f8625bcf688743872c8e7f59360d372e77811 (jettison-1.5.1) +CVE-2022-40148 + REJECTED +CVE-2022-40147 (A vulnerability has been identified in Industrial Edge Management (All ...) + NOT-FOR-US: Siemens +CVE-2022-40146 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) + {DLA-3619-1} + - batik 1.15+dfsg-1 (bug #1020589) + [bullseye] - batik (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/3 + NOTE: https://issues.apache.org/jira/browse/BATIK-1335 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903910 + NOTE: https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading +CVE-2022-40145 (This vulnerable is about a potential code injection when an attacker h ...) + - apache-karaf (bug #881297) +CVE-2022-3155 (When saving or opening an email attachment on macOS, Thunderbird did n ...) + - thunderbird (Only affects MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/#CVE-2022-3155 +CVE-2022-3154 (The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3153 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.040 ...) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a + NOTE: https://github.com/vim/vim/commit/1540d334a04d874c2aa9d26b82dbbcd4bc5a78de (v9.0.0404) + NOTE: Crash in CLI toool, no security impact +CVE-2022-3152 (Unverified Password Change in GitHub repository phpfusion/phpfusion pr ...) + NOT-FOR-US: PHP-Fusion +CVE-2022-3151 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3150 (The WP Custom Cursors WordPress plugin before 3.2 does not properly sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3149 (The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3148 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-40144 (A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a ...) + NOT-FOR-US: Trend Micro +CVE-2022-40143 (A link following local privilege escalation vulnerability in Trend Mic ...) + NOT-FOR-US: Trend Micro +CVE-2022-40142 (A security link following local privilege escalation vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2022-40141 (A vulnerability in Trend Micro Apex One and Apex One as a Service coul ...) + NOT-FOR-US: Trend Micro +CVE-2022-40140 (An origin validation error vulnerability in Trend Micro Apex One and A ...) + NOT-FOR-US: Trend Micro +CVE-2022-40139 (Improper validation of some components used by the rollback mechanism ...) + NOT-FOR-US: Trend Micro +CVE-2022-40138 (An integer conversion error in Hermes bytecode generation, prior to co ...) + NOT-FOR-US: Facebook Hermes +CVE-2022-40133 (A use-after-free(UAF) vulnerability was found in function 'vmw_execbuf ...) + - linux 6.1.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2075 +CVE-2022-38457 (A use-after-free(UAF) vulnerability was found in function 'vmw_cmd_res ...) + - linux 6.1.7-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2074 +CVE-2022-38096 (A NULL pointer dereference vulnerability was found in vmwgfx driver in ...) + NOTE: PoC has been removed, original reporter is unresponsive and not reproducible + NOTE: It's unclear whether this was a really issue in the first place +CVE-2022-36402 (An integer overflow vulnerability was found in vmwgfx driver in driver ...) + - linux + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2072 + NOTE: Might be OpenAnolis specific issues, check when Bugzilla entries are public +CVE-2022-36280 (An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.4-1 + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=2071 + NOTE: https://git.kernel.org/linus/4cf949c7fafe21e085a4ee386bb2dade9067316e +CVE-2022-3147 (Mattermost version 7.0.x and earlier fails to sufficiently limit the i ...) + - mattermost-server (bug #823556) +CVE-2022-3146 (A flaw was found in tripleo-ansible. Due to an insecure default config ...) + NOT-FOR-US: tripleo-ansible +CVE-2022-3145 (An open redirect vulnerability exists in Okta OIDC Middleware prior to ...) + NOT-FOR-US: Okta +CVE-2022-3144 (The Wordfence Security \u2013 Firewall & Malware Scan plugin for WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3143 (wildfly-elytron: possible timing attacks via use of unsafe comparator. ...) + NOT-FOR-US: WildFly Elytron +CVE-2022-40137 (A buffer overflow in the WMI SMI Handler in some Lenovo models may all ...) + NOT-FOR-US: Lenovo +CVE-2022-40136 (An information leak vulnerability in SMI Handler used to configure pla ...) + NOT-FOR-US: Lenovo +CVE-2022-40135 (An information leak vulnerability in the Smart USB Protection SMI Hand ...) + NOT-FOR-US: Lenovo +CVE-2022-40134 (An information leak vulnerability in the SMI Set BIOS Password SMI Han ...) + NOT-FOR-US: Lenovo +CVE-2022-40127 (A vulnerability in Example Dags of Apache Airflow allows an attacker w ...) + - airflow (bug #819700) +CVE-2022-38972 (Cross-site scripting vulnerability in Movable Type plugin A-Form versi ...) + NOT-FOR-US: Movable Type plugin +CVE-2022-3142 (The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3141 (The Translate Multilingual sites WordPress plugin before 2.3.3 is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3140 (LibreOffice supports Office URI Schemes to enable browser integration ...) + {DSA-5252-1 DLA-3368-1} + - libreoffice 1:7.4.1~rc2-3 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-3140 +CVE-2022-3139 (The We\u2019re Open! WordPress plugin before 1.42 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3138 (Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawi ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3137 (The Taskbuilder WordPress plugin before 1.0.8 does not validate and sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3136 (The Social Rocket WordPress plugin before 1.3.3 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-40126 (A misconfiguration in the Service Mode profile directory of Clash for ...) + NOT-FOR-US: Clash for Windows +CVE-2022-40125 + RESERVED +CVE-2022-40124 + RESERVED +CVE-2022-40123 (mojoPortal v2.7 was discovered to contain a path traversal vulnerabili ...) + NOT-FOR-US: mojoPortal +CVE-2022-40122 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40121 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40120 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40119 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40118 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40117 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40115 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40114 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40113 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-40112 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) + NOT-FOR-US: TOTOLINK +CVE-2022-40111 (In TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 in the sha ...) + NOT-FOR-US: TOTOLINK +CVE-2022-40110 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) + NOT-FOR-US: TOTOLINK +CVE-2022-40109 (TOTOLINK A3002R TOTOLINK-A3002R-He-V1.1.1-B20200824.0128 is vulnerable ...) + NOT-FOR-US: TOTOLINK +CVE-2022-40108 + RESERVED +CVE-2022-40107 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40106 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40105 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40104 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40103 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40102 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40101 (Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-40100 (Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection ...) + NOT-FOR-US: Tenda +CVE-2022-40099 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40098 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40097 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40096 + RESERVED +CVE-2022-40095 + RESERVED +CVE-2022-40094 + RESERVED +CVE-2022-40093 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40092 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40091 (Online Tours & Travels Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Online Tours & Travels Management System +CVE-2022-40090 (An issue was discovered in function TIFFReadDirectory libtiff before 4 ...) + - tiff 4.5.0-2 + [bullseye] - tiff (Minor issue) + [buster] - tiff (Minor issue, DoS) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/455 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/386 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/d093eb5d961e21ba51420bc22382c514683a4d91 (v4.5.0rc1) + NOTE: The specific PoC starts triggering with https://gitlab.com/libtiff/libtiff/-/commit/7db4f2b62206b9cba6cda538e0f296df0ac371bd (v4.4.0) + NOTE: but the patch mentions this is an older, more general issue, requiring prior incomplete fix from: + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/f01c22704826d1587fb8d91b253752b13c6713ba (v4.0.10) + NOTE: so let's assume versions < v4.4.0 are vulnerable. +CVE-2022-40089 (A remote file inclusion (RFI) vulnerability in Simple College Website ...) + NOT-FOR-US: Simple College Website +CVE-2022-40088 (Simple College Website v1.0 was discovered to contain a reflected cros ...) + NOT-FOR-US: Simple College Website +CVE-2022-40087 (Simple College Website v1.0 was discovered to contain an arbitrary fil ...) + NOT-FOR-US: Simple College Website +CVE-2022-40086 + RESERVED +CVE-2022-40085 + RESERVED +CVE-2022-40084 (OpenCRX before v5.2.2 was discovered to be vulnerable to password enum ...) + NOT-FOR-US: OpenCRX +CVE-2022-40083 (Labstack Echo v4.8.0 was discovered to contain an open redirect vulner ...) + - golang-github-labstack-echo 4.11.1-1 + [bookworm] - golang-github-labstack-echo (Minor issue) + - golang-github-labstack-echo.v2 (Vulnerable code not present) + - golang-github-labstack-echo.v3 (Vulnerable code not present) + NOTE: https://github.com/labstack/echo/commit/0ac4d74402391912ff6da733bb09fd4c3980b4e1 (v4.9.0) + NOTE: https://github.com/labstack/echo/issues/2259 +CVE-2022-40082 (Hertz v0.3.0 ws discovered to contain a path traversal vulnerability v ...) + NOT-FOR-US: Hertz +CVE-2022-40081 + RESERVED +CVE-2022-40080 (Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in th ...) + NOT-FOR-US: Aspire +CVE-2022-40079 + RESERVED +CVE-2022-40078 + RESERVED +CVE-2022-40077 + RESERVED +CVE-2022-40076 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) + NOT-FOR-US: Tenda +CVE-2022-40075 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40074 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40073 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40072 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40071 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40070 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/http ...) + NOT-FOR-US: Tenda +CVE-2022-40069 (]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/ht ...) + NOT-FOR-US: Tenda +CVE-2022-40068 (Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/http ...) + NOT-FOR-US: Tenda +CVE-2022-40067 (Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/htt ...) + NOT-FOR-US: Tenda +CVE-2022-40066 + RESERVED +CVE-2022-40065 + RESERVED +CVE-2022-40064 + RESERVED +CVE-2022-40063 + RESERVED +CVE-2022-40062 + RESERVED +CVE-2022-40061 + RESERVED +CVE-2022-40060 + RESERVED +CVE-2022-40059 + RESERVED +CVE-2022-40058 + RESERVED +CVE-2022-40057 + RESERVED +CVE-2022-40056 + RESERVED +CVE-2022-40055 (An issue in GX Group GPON ONT Titanium 2122A T2122-V1.26EXL allows att ...) + NOT-FOR-US: GX Group GPON ONT Titanium 2122A T2122-V1.26EXL +CVE-2022-40054 + RESERVED +CVE-2022-40053 + RESERVED +CVE-2022-40052 + RESERVED +CVE-2022-40051 + RESERVED +CVE-2022-40050 (ZFile v4.1.1 was discovered to contain an arbitrary file upload vulner ...) + NOT-FOR-US: ZFile +CVE-2022-40049 (SQL injection vulnerability in sourcecodester Theme Park Ticketing Sys ...) + NOT-FOR-US: Theme Park Ticketing System +CVE-2022-40048 (Flatpress v1.2.1 was discovered to contain a remote code execution (RC ...) + NOT-FOR-US: Flatpress +CVE-2022-40047 (Flatpress v1.2.1 was discovered to contain a reflected cross-site scri ...) + NOT-FOR-US: Flatpress +CVE-2022-40046 + RESERVED +CVE-2022-40045 + RESERVED +CVE-2022-40044 (Centreon v20.10.18 was discovered to contain a cross-site scripting (X ...) + - centreon-web (bug #913903) +CVE-2022-40043 (Centreon v20.10.18 was discovered to contain a SQL injection vulnerabi ...) + - centreon-web (bug #913903) +CVE-2022-40042 + RESERVED +CVE-2022-40041 + RESERVED +CVE-2022-40040 + RESERVED +CVE-2022-40039 + RESERVED +CVE-2022-40038 + RESERVED +CVE-2022-40037 (An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to ...) + NOT-FOR-US: Rawchen blog-ssm +CVE-2022-40036 (An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to ...) + NOT-FOR-US: Rawchen blog-ssm +CVE-2022-40035 (File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing atta ...) + NOT-FOR-US: Rawchen blog-ssm +CVE-2022-40034 (Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1. ...) + NOT-FOR-US: Rawchen blog-ssm +CVE-2022-40033 + RESERVED +CVE-2022-40032 (SQL Injection vulnerability in Simple Task Managing System version 1.0 ...) + NOT-FOR-US: Simple Task Managing System +CVE-2022-40031 + RESERVED +CVE-2022-40030 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-40029 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-40028 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-40027 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-40026 (SourceCodester Simple Task Managing System v1.0 was discovered to cont ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-40025 + RESERVED +CVE-2022-40024 + RESERVED +CVE-2022-40023 (Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denia ...) + {DLA-3116-1} + - mako 1.2.2+ds1-1 + [bullseye] - mako (Minor issue) + NOTE: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (rel_1_2_2) + NOTE: https://github.com/sqlalchemy/mako/issues/366 +CVE-2022-40022 (Microchip Technology (Microsemi) SyncServer S650 was discovered to con ...) + NOT-FOR-US: Microchip Technology +CVE-2022-40021 (QVidium Technologies Amino A140 (prior to firmware version 1.0.0-283) ...) + NOT-FOR-US: QVidium Technologies Amino A140 +CVE-2022-40020 + RESERVED +CVE-2022-40019 + RESERVED +CVE-2022-40018 + RESERVED +CVE-2022-40017 + RESERVED +CVE-2022-40016 (Use After Free (UAF) vulnerability in ireader media-server before comm ...) + NOT-FOR-US: ireader media-server +CVE-2022-40015 + RESERVED +CVE-2022-40014 + RESERVED +CVE-2022-40013 + RESERVED +CVE-2022-40012 + RESERVED +CVE-2022-40011 (Cross Site Scripting (XSS) vulnerability in typora through 1.38 allows ...) + NOT-FOR-US: typora +CVE-2022-40010 (Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was dis ...) + NOT-FOR-US: Tenda +CVE-2022-40009 (SWFTools commit 772e55a was discovered to contain a heap-use-after-fre ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/190 +CVE-2022-40008 (SWFTools commit 772e55a was discovered to contain a heap-buffer overfl ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/188 +CVE-2022-40007 + RESERVED +CVE-2022-40006 + RESERVED +CVE-2022-40005 (Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command inject ...) + NOT-FOR-US: Intelbras WiFiber 120AC inMesh +CVE-2022-40004 (Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows ...) + NOT-FOR-US: Things Board +CVE-2022-40003 + RESERVED +CVE-2022-40002 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2022-40001 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2022-40000 (Cross Site Scripting (XSS) vulnerability in FeehiCMS-2.1.1 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2022-39999 + RESERVED +CVE-2022-39998 + RESERVED +CVE-2022-39997 + RESERVED +CVE-2022-39996 + RESERVED +CVE-2022-39995 + RESERVED +CVE-2022-39994 + RESERVED +CVE-2022-39993 + RESERVED +CVE-2022-39992 + RESERVED +CVE-2022-39991 + RESERVED +CVE-2022-39990 + RESERVED +CVE-2022-39989 (An issue was discovered in Fighting Cock Information System 1.0, which ...) + NOT-FOR-US: Fighting Cock Information System +CVE-2022-39988 (A cross-site scripting (XSS) vulnerability in Centreon 22.04.0 allows ...) + - centreon-web (bug #913903) +CVE-2022-39987 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an ...) + NOT-FOR-US: RaspAP +CVE-2022-39986 (A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows un ...) + NOT-FOR-US: RaspAP +CVE-2022-39985 + RESERVED +CVE-2022-39984 + RESERVED +CVE-2022-39983 (File upload vulnerability in Instantdeveloper RD3 22.0.8500, allows at ...) + NOT-FOR-US: Instantdeveloper RD3 +CVE-2022-39982 + RESERVED +CVE-2022-39981 + RESERVED +CVE-2022-39980 + RESERVED +CVE-2022-39979 + RESERVED +CVE-2022-39978 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-39977 (Online Pet Shop We App v1.0 was discovered to contain an arbitrary fil ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2022-39976 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-39975 (The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Life ...) + NOT-FOR-US: Liferay +CVE-2022-39974 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...) + NOT-FOR-US: WASM3 +CVE-2022-39973 + RESERVED +CVE-2022-39972 + RESERVED +CVE-2022-39971 + RESERVED +CVE-2022-39970 + RESERVED +CVE-2022-39969 + RESERVED +CVE-2022-39968 + RESERVED +CVE-2022-39967 + RESERVED +CVE-2022-39966 + RESERVED +CVE-2022-39965 + RESERVED +CVE-2022-39964 + RESERVED +CVE-2022-39963 + RESERVED +CVE-2022-39962 + RESERVED +CVE-2022-39961 + RESERVED +CVE-2022-39960 (The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not ...) + NOT-FOR-US: Atlassian +CVE-2022-3135 (The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3134 (Use After Free in GitHub repository vim/vim prior to 9.0.0389.) + {DLA-3182-1} + - vim 2:9.0.0626-1 (bug #1019590) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc + NOTE: https://github.com/vim/vim/commit/ccfde4d028e891a41e3548323c3d47b06fb0b83e (v9.0.0389) +CVE-2022-39959 (Panini Everest Engine 2.0.4 allows unprivileged users to create a file ...) + NOT-FOR-US: Panini Everest Engine +CVE-2022-39958 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) + {DLA-3293-1} + - modsecurity-crs 3.3.4-1 (bug #1021137) + [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) + NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ +CVE-2022-39957 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a response bo ...) + {DLA-3293-1} + - modsecurity-crs 3.3.4-1 (bug #1021137) + [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) + NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ +CVE-2022-39956 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) + {DLA-3293-1} + - modsecurity-crs 3.3.4-1 (bug #1021137) + [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) + NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ + NOTE: Depends on changes to be done in src:libmodsecurity3 / src:modsecurity-apache, cf. + NOTE: https://bugs.debian.org/1020303 +CVE-2022-39955 (The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rul ...) + {DLA-3293-1} + - modsecurity-crs 3.3.4-1 (bug #1021137) + [bullseye] - modsecurity-crs (Minor issues; will be fixed in point release) + NOTE: https://coreruleset.org/20220919/crs-version-3-3-3-and-3-2-2-covering-several-cves/ +CVE-2022-39954 (An improper restriction of xml external entity reference in Fortinet F ...) + NOT-FOR-US: Fortinet +CVE-2022-39953 (A improper privilege management in Fortinet FortiNAC version 9.4.0 thr ...) + NOT-FOR-US: Fortinet +CVE-2022-39952 (A external control of file name or path in Fortinet FortiNAC versions ...) + NOT-FOR-US: Fortinet +CVE-2022-39951 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-39950 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2022-39949 (An improper control of a resource through its lifetime vulnerability [ ...) + NOT-FOR-US: FortiGuard +CVE-2022-39948 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) + NOT-FOR-US: Fortinet +CVE-2022-39947 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-39946 (An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 an ...) + NOT-FOR-US: Fortinet +CVE-2022-39945 (An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, ...) + NOT-FOR-US: FortiGuard +CVE-2022-39944 (In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deser ...) + NOT-FOR-US: Apache Linkis +CVE-2022-39943 + REJECTED +CVE-2022-39942 + REJECTED +CVE-2022-39941 + REJECTED +CVE-2022-39940 + REJECTED +CVE-2022-39939 + REJECTED +CVE-2022-39938 + REJECTED +CVE-2022-39937 + REJECTED +CVE-2022-39936 + REJECTED +CVE-2022-39935 + REJECTED +CVE-2022-39934 + REJECTED +CVE-2022-39933 + REJECTED +CVE-2022-39932 + REJECTED +CVE-2022-39931 + REJECTED +CVE-2022-39930 + REJECTED +CVE-2022-39929 + REJECTED +CVE-2022-39928 + REJECTED +CVE-2022-39927 + REJECTED +CVE-2022-39926 + REJECTED +CVE-2022-39925 + REJECTED +CVE-2022-39924 + REJECTED +CVE-2022-39923 + REJECTED +CVE-2022-39922 + REJECTED +CVE-2022-39921 + REJECTED +CVE-2022-39920 + REJECTED +CVE-2022-39919 + REJECTED +CVE-2022-39918 + REJECTED +CVE-2022-39917 + REJECTED +CVE-2022-39916 + REJECTED +CVE-2022-39915 (Improper access control vulnerability in Calendar prior to versions 11 ...) + NOT-FOR-US: Samsung +CVE-2022-39914 (Exposure of Sensitive Information from an Unauthorized Actor vulnerabi ...) + NOT-FOR-US: Samsung +CVE-2022-39913 (Exposure of Sensitive Information to an Unauthorized Actor in Persona ...) + NOT-FOR-US: Samsung +CVE-2022-39912 (Improper handling of insufficient permissions vulnerability in setSecu ...) + NOT-FOR-US: Samsung +CVE-2022-39911 (Improper check or handling of exceptional conditions vulnerability in ...) + NOT-FOR-US: Samsung +CVE-2022-39910 (Improper access control vulnerability in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-39909 (Insufficient verification of data authenticity vulnerability in Samsun ...) + NOT-FOR-US: Samsung +CVE-2022-39908 (TOCTOU vulnerability in Samsung decoding library for video thumbnails ...) + NOT-FOR-US: Samsung +CVE-2022-39907 (Integer overflow vulnerability in Samsung decoding library for video t ...) + NOT-FOR-US: Samsung +CVE-2022-39906 (Improper access control vulnerability in SecTelephonyProvider prior to ...) + NOT-FOR-US: Samsung +CVE-2022-39905 (Implicit intent hijacking vulnerability in Telecom application prior t ...) + NOT-FOR-US: Samsung +CVE-2022-39904 (Exposure of Sensitive Information vulnerability in Samsung Settings pr ...) + NOT-FOR-US: Samsung +CVE-2022-39903 (Improper access control vulnerability in RCS call prior to SMR Dec-202 ...) + NOT-FOR-US: Samsung +CVE-2022-39902 (Improper authorization in Exynos baseband prior to SMR DEC-2022 Releas ...) + NOT-FOR-US: Samsung +CVE-2022-39901 (Improper authentication in Exynos baseband prior to SMR DEC-2022 Relea ...) + NOT-FOR-US: Samsung +CVE-2022-39900 (Improper access control vulnerability in Nice Catch prior to SMR Dec-2 ...) + NOT-FOR-US: Samsung +CVE-2022-39899 (Improper authentication vulnerability in Samsung WindowManagerService ...) + NOT-FOR-US: Samsung +CVE-2022-39898 (Improper access control vulnerability in IIccPhoneBook prior to SMR De ...) + NOT-FOR-US: Samsung +CVE-2022-39897 (Exposure of Sensitive Information vulnerability in kernel prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-39896 (Improper access control vulnerabilities in Contacts prior to SMR Dec-2 ...) + NOT-FOR-US: Samsung +CVE-2022-39895 (Improper access control vulnerability in ContactListUtils in Phone pri ...) + NOT-FOR-US: Samsung +CVE-2022-39894 (Improper access control vulnerability in ContactListStartActivityHelpe ...) + NOT-FOR-US: Samsung +CVE-2022-39893 (Sensitive information exposure vulnerability in FmmBaseModel in Galaxy ...) + NOT-FOR-US: Samsung +CVE-2022-39892 (Improper access control in Samsung Pass prior to version 4.0.05.1 allo ...) + NOT-FOR-US: Samsung +CVE-2022-39891 (Heap overflow vulnerability in parse_pce function in libsavsaudio.so i ...) + NOT-FOR-US: Samsung +CVE-2022-39890 (Improper Authorization in Samsung Billing prior to version 5.0.56.0 al ...) + NOT-FOR-US: Samsung +CVE-2022-39889 (Improper access control vulnerability in GalaxyWatch4Plugin prior to v ...) + NOT-FOR-US: Samsung +CVE-2022-39888 + RESERVED +CVE-2022-39887 (Improper access control vulnerability in clearAllGlobalProxy in MiscPo ...) + NOT-FOR-US: Samsung +CVE-2022-39886 (Improper access control vulnerability in IpcRxServiceModeBigDataInfo i ...) + NOT-FOR-US: Samsung +CVE-2022-39885 (Improper access control vulnerability in BootCompletedReceiver_CMCC in ...) + NOT-FOR-US: Samsung +CVE-2022-39884 (Improper access control vulnerability in IImsService prior to SMR Nov- ...) + NOT-FOR-US: Samsung +CVE-2022-39883 (Improper authorization vulnerability in StorageManagerService prior to ...) + NOT-FOR-US: Samsung +CVE-2022-39882 (Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsm ...) + NOT-FOR-US: Samsung +CVE-2022-39881 (Improper input validation vulnerability for processing SIB12 PDU in Ex ...) + NOT-FOR-US: Samsung +CVE-2022-39880 (Improper input validation vulnerability in DualOutFocusViewer prior to ...) + NOT-FOR-US: Samsung +CVE-2022-39879 (Improper authorization vulnerability in?CallBGProvider prior to SMR No ...) + NOT-FOR-US: Samsung +CVE-2022-39878 (Improper access control vulnerability in Samsung Checkout prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-39877 (Improper access control vulnerability in ProfileSharingAccount in Grou ...) + NOT-FOR-US: Samsung +CVE-2022-39876 (Insertion of Sensitive Information into Log in PushRegIdUpdateClient o ...) + NOT-FOR-US: Samsung +CVE-2022-39875 (Improper component protection vulnerability in Samsung Account prior t ...) + NOT-FOR-US: Samsung +CVE-2022-39874 (Sensitive log information leakage vulnerability in Samsung Account pri ...) + NOT-FOR-US: Samsung +CVE-2022-39873 (Improper authorization vulnerability in Samsung Internet prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-39872 (Improper restriction of broadcasting Intent in ShareLive prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-39871 (Improper access control vulnerability cloudNotificationManager.java in ...) + NOT-FOR-US: Samsung +CVE-2022-39870 (Improper access control vulnerability in cloudNotificationManager.java ...) + NOT-FOR-US: Samsung +CVE-2022-39869 (Improper access control vulnerability in cloudNotificationManager.java ...) + NOT-FOR-US: Samsung +CVE-2022-39868 (Improper access control vulnerability in GedSamsungAccount.kt SmartThi ...) + NOT-FOR-US: Samsung +CVE-2022-39867 (Improper access control vulnerability in cloudNotificationManager.java ...) + NOT-FOR-US: Samsung +CVE-2022-39866 (Improper access control vulnerability in RegisteredEventMediator.kt Sm ...) + NOT-FOR-US: Samsung +CVE-2022-39865 (Improper access control vulnerability in ContentsSharingActivity.java ...) + NOT-FOR-US: Samsung +CVE-2022-39864 (Improper access control vulnerability in WifiSetupLaunchHelper in Smar ...) + NOT-FOR-US: Samsung +CVE-2022-39863 (Intent redirection vulnerability in Samsung Account prior to version 1 ...) + NOT-FOR-US: Samsung +CVE-2022-39862 (Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Rel ...) + NOT-FOR-US: Samsung +CVE-2022-39861 (Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to ...) + NOT-FOR-US: Samsung +CVE-2022-39860 (Improper access control vulnerability in QuickShare prior to version 1 ...) + NOT-FOR-US: Samsung +CVE-2022-39859 (Implicit intent hijacking vulnerability in UPHelper library prior to v ...) + NOT-FOR-US: Samsung +CVE-2022-39858 (Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera p ...) + NOT-FOR-US: Samsung +CVE-2022-39857 (Improper access control vulnerability in CameraTestActivity in Factory ...) + NOT-FOR-US: Samsung +CVE-2022-39856 (Improper access control vulnerability in imsservice application prior ...) + NOT-FOR-US: Samsung +CVE-2022-39855 (Improper access control vulnerability in FACM application prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-39854 (Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows un ...) + NOT-FOR-US: Samsung +CVE-2022-39853 (A use after free vulnerability in perf-mgr driver prior to SMR Oct-202 ...) + NOT-FOR-US: Samsung +CVE-2022-39852 (A heap-based overflow vulnerability in makeContactAGIF in libagifencod ...) + NOT-FOR-US: Samsung +CVE-2022-39851 (Improper access control vulnerability in CocktailBarService prior to S ...) + NOT-FOR-US: Samsung +CVE-2022-39850 (Improper access control in mum_container_policy service prior to SMR O ...) + NOT-FOR-US: Samsung +CVE-2022-39849 (Improper access control in knox_vpn_policy service prior to SMR Oct-20 ...) + NOT-FOR-US: Samsung +CVE-2022-39848 (Exposure of sensitive information in AT_Distributor prior to SMR Oct-2 ...) + NOT-FOR-US: Samsung +CVE-2022-39847 (Use after free vulnerability in set_nft_pid and signal_handler functio ...) + NOT-FOR-US: Samsung +CVE-2022-39846 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22 ...) + NOT-FOR-US: Samstung +CVE-2022-39845 (Improper validation of integrity check vulnerability in Samsung Kies p ...) + NOT-FOR-US: Samsung +CVE-2022-39844 (Improper validation of integrity check vulnerability in Smart Switch P ...) + NOT-FOR-US: Samsung +CVE-2022-3133 (OS Command Injection in GitHub repository jgraph/drawio prior to 20.3. ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3132 (The Goolytics WordPress plugin before 1.1.2 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3131 (The Search Logger WordPress plugin through 0.9 does not properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3130 (A vulnerability classified as critical has been found in codeprojects ...) + NOT-FOR-US: codeprojects Online Driving School +CVE-2022-3129 (A vulnerability was found in codeprojects Online Driving School. It ha ...) + NOT-FOR-US: codeprojects Online Driving School +CVE-2022-3128 (The Donation Thermometer WordPress plugin before 2.1.3 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3127 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3126 (The Frontend File Manager Plugin WordPress plugin before 21.4 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3125 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3124 (The Frontend File Manager Plugin WordPress plugin before 21.3 allows a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3123 (Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain ...) + - dokuwiki (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/d72a979b-57db-4201-9500-66b49a5c1345/ + NOTE: https://github.com/splitbrain/dokuwiki/commit/63e9a247c072008a031f9db39fa496f6aca489b6 +CVE-2022-3122 (A vulnerability was found in SourceCodester Clinics Patient Management ...) + NOT-FOR-US: SourceCodester Clinics Patient Management System +CVE-2022-3121 (A vulnerability was found in SourceCodester Online Employee Leave Mana ...) + NOT-FOR-US: SourceCodester Online Employee Leave Management System +CVE-2022-39843 (123elf Lotus 1-2-3 before 1.0.0rc3 for Linux, and Lotus 1-2-3 R3 for U ...) + NOT-FOR-US: Lotus 1-2-3 +CVE-2022-39842 (An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu ...) + {DSA-5257-1 DLA-3173-1 DLA-3131-1} + - linux 5.19.6-1 (unimportant) + NOTE: https://git.kernel.org/linus/a09d2d00af53b43c6f11e6ab3cb58443c2cac8a7 (5.19-rc4) + NOTE: Driver not enabled in Debian configs +CVE-2022-39841 + RESERVED +CVE-2022-39840 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...) + NOT-FOR-US: Cotonti Siena +CVE-2022-39839 (Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a ...) + NOT-FOR-US: Cotonti Siena +CVE-2022-39838 (Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file ...) + NOT-FOR-US: Systematic FIX Adapter (ALFAFX) +CVE-2022-39837 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) + NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) +CVE-2022-39836 (An issue was discovered in Connected Vehicle Systems Alliance (COVESA) ...) + NOT-FOR-US: Connected Vehicle Systems Alliance (COVESA) +CVE-2022-39835 (An issue was discovered in Gajim through 1.4.7. The vulnerability allo ...) + - gajim 1.5.0-1 + [bullseye] - gajim (Minor issue) + [buster] - gajim (Minor issue, intrusive to backport) + NOTE: https://dev.gajim.org/gajim/gajim/-/commit/af02c6bd53fad4e0065951597bd7ec801c002067 (1.5.0) +CVE-2022-39834 (A stored XSS vulnerability was discovered in adminweb/ra/viewendentity ...) + NOT-FOR-US: PrimeKey EJBCA +CVE-2022-39833 (FileCloud Versions 20.2 and later allows remote attackers to potential ...) + NOT-FOR-US: FileCloud +CVE-2022-39832 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) + - pspp 1.6.2-2 (bug #1019598) + [bullseye] - pspp (Minor issue) + [buster] - pspp (Minor issue) + NOTE: https://savannah.gnu.org/bugs/index.php?63000 + NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version +CVE-2022-39831 (An issue was discovered in PSPP 1.6.2. There is a heap-based buffer ov ...) + - pspp 1.6.2-2 (bug #1019597) + [bullseye] - pspp (Minor issue) + [buster] - pspp (Minor issue) + NOTE: https://savannah.gnu.org/bugs/?62977 + NOTE: Starting with 1.6.2-2, pspp-dump-sav is no longer installed, using that as the fixed version +CVE-2022-39830 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...) + NOT-FOR-US: Samsung mTower +CVE-2022-39829 (There is a NULL pointer dereference in aes256_encrypt in Samsung mTowe ...) + NOT-FOR-US: Samsung mTower +CVE-2022-39828 (sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on th ...) + NOT-FOR-US: Samsung mTower +CVE-2022-39827 + RESERVED +CVE-2022-39826 + RESERVED +CVE-2022-39825 + RESERVED +CVE-2022-39824 (Server-side JavaScript injection in Appsmith through 1.7.14 allows rem ...) + NOT-FOR-US: Appsmith +CVE-2022-39823 (An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x bef ...) + NOT-FOR-US: Softing +CVE-2022-39822 + RESERVED +CVE-2022-39821 (In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an ...) + NOT-FOR-US: NOKIA +CVE-2022-39820 + RESERVED +CVE-2022-39819 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...) + NOT-FOR-US: NOKIA +CVE-2022-39818 + RESERVED +CVE-2022-39817 (In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs ...) + NOT-FOR-US: NOKIA +CVE-2022-39816 (In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (clearte ...) + NOT-FOR-US: NOKIA +CVE-2022-39815 (In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities ...) + NOT-FOR-US: NOKIA +CVE-2022-39814 (In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the ...) + NOT-FOR-US: NOKIA +CVE-2022-39813 (Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored ...) + NOT-FOR-US: Italtel NetMatch-S CI +CVE-2022-39812 (Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal un ...) + NOT-FOR-US: Italtel NetMatch-S CI +CVE-2022-39811 (Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control unde ...) + NOT-FOR-US: Italtel NetMatch-S CI +CVE-2022-39810 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...) + NOT-FOR-US: WSO2 Enterprise Integrator +CVE-2022-39809 (An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflect ...) + NOT-FOR-US: WSO2 Enterprise Integrator +CVE-2022-38701 (OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerabili ...) + NOT-FOR-US: OpenHarmony +CVE-2022-38700 (OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnera ...) + NOT-FOR-US: OpenHarmony +CVE-2022-38081 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...) + NOT-FOR-US: OpenHarmony +CVE-2022-38064 (OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnera ...) + NOT-FOR-US: OpenHarmony +CVE-2022-36423 (OpenHarmony-v3.1.2 and prior versions have an incorrect configuration ...) + NOT-FOR-US: OpenHarmony +CVE-2022-3120 (A vulnerability classified as critical was found in SourceCodester Cli ...) + NOT-FOR-US: SourceCodester Clinics Patient Management System +CVE-2022-3119 (The OAuth client Single Sign On WordPress plugin before 3.0.4 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3118 (A vulnerability was found in Sourcecodehero ERP System Project. It has ...) + NOT-FOR-US: Sourcecodehero ERP System Project +CVE-2022-39808 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-39807 (Due to lack of proper memory management, when a victim opens manipulat ...) + NOT-FOR-US: SAP +CVE-2022-39806 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-39805 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-39804 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-39803 (Due to lack of proper memory management, when a victim opens a manipul ...) + NOT-FOR-US: SAP +CVE-2022-39802 (SAP Manufacturing Execution - versions 15.1, 15.2, 15.3, allows an att ...) + NOT-FOR-US: SAP +CVE-2022-39801 (SAP GRC Access control Emergency Access Management allows an authentic ...) + NOT-FOR-US: SAP +CVE-2022-39800 (SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible t ...) + NOT-FOR-US: SAP +CVE-2022-39799 (An attacker with no prior authentication could craft and send maliciou ...) + NOT-FOR-US: SAP +CVE-2022-3117 + REJECTED +CVE-2022-3116 (The Heimdal Software Kerberos 5 implementation is vulnerable to a null ...) + - heimdal (Vulnerable code introduced in master branch only) + NOTE: https://www.kb.cert.org/vuls/id/730793 + NOTE: Introduced by: https://github.com/heimdal/heimdal/commit/4fb6a6adc9d5593079e37addb40fd80834df77b4 + NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/7a19658c1f4fc4adf85bb7bea96caae5ba57b33e + NOTE: Different issue from CVE-2021-44758 +CVE-2022-3115 (An issue was discovered in the Linux kernel through 5.16-rc6. malidp_c ...) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + NOTE: https://git.kernel.org/linus/73c3ed7495c67b8fbdc31cf58e6ca8757df31a33 (5.19-rc1) +CVE-2022-3114 (An issue was discovered in the Linux kernel through 5.16-rc6. imx_regi ...) + - linux 5.19.6-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ed713e2bc093239ccd380c2ce8ae9e4162f5c037 (5.19-rc1) +CVE-2022-3113 (An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcod ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e25a89f743b18c029bfbe5e1663ae0c7190912b0 (5.18-rc1) +CVE-2022-3112 (An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_s ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c8c80c996182239ff9b05eda4db50184cf3b2e99 (5.18-rc1) +CVE-2022-3111 (An issue was discovered in the Linux kernel through 5.16-rc6. free_cha ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/6dee930f6f6776d1e5a7edf542c6863b47d9f078 (5.18-rc1) +CVE-2022-3110 (An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_ini ...) + - linux 5.18.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f94b47c6bde624d6c07f43054087607c52054a95 (5.19-rc1) +CVE-2022-3109 (An issue was discovered in the FFmpeg package, where vp3_decode_frame ...) + {DSA-5394-1 DLA-3454-1} + - ffmpeg 7:5.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/656cb0450aeb73b25d7d26980af342b37ac4c568 (n5.1) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7694a44baaaa4786995590a8ba2b16acd8ef8177 (n4.3.6) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/51efa68ec0b4f42b5b124b8987fb68f60a929c4f (n4.1.11) +CVE-2022-3108 (An issue was discovered in the Linux kernel through 5.16-rc6. kfd_pars ...) + - linux 5.16.7-1 + NOTE: https://git.kernel.org/linus/abfaf0eee97925905e742aa3b0b72e04a918fa9e (5.17-rc1) +CVE-2022-3107 (An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_g ...) + - linux 5.16.18-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/886e44c9298a6b428ae046e2fa092ca52e822e6a (5.17) +CVE-2022-3106 (An issue was discovered in the Linux kernel through 5.16-rc6. ef100_up ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/407ecd1bd726f240123f704620d46e285ff30dd9 (5.16-rc6) +CVE-2022-3105 (An issue was discovered in the Linux kernel through 5.16-rc6. uapi_fin ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7694a7de22c53a312ea98960fcafc6ec62046531 (5.16) +CVE-2022-3104 (An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_AR ...) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/4a9800c81d2f34afb66b4b42e0330ae8298019a2 (5.19-rc1) +CVE-2022-3103 (off-by-one in io_uring module.) + - linux (Vulnerable code not present, introduced and fixed in 6.0 cycle) + NOTE: https://git.kernel.org/linus/47abea041f897d64dbd5777f0cf7745148f85d75 (6.0-rc3) +CVE-2022-3102 + RESERVED +CVE-2022-3101 (A flaw was found in tripleo-ansible. Due to an insecure default config ...) + NOT-FOR-US: tripleo-ansible +CVE-2022-3100 (A flaw was found in the openstack-barbican component. This issue allow ...) + {DSA-5247-1 DLA-3136-1} + - barbican 1:15.0.0~rc3-1 (bug #1021139) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 + NOTE: https://review.opendev.org/c/openstack/barbican/+/859852 +CVE-2022-39798 + RESERVED +CVE-2022-39797 + RESERVED +CVE-2022-39796 + RESERVED +CVE-2022-39795 + RESERVED +CVE-2022-39794 + RESERVED +CVE-2022-39793 + RESERVED +CVE-2022-39792 + RESERVED +CVE-2022-39791 + RESERVED +CVE-2022-39790 + RESERVED +CVE-2022-39789 + RESERVED +CVE-2022-39788 + RESERVED +CVE-2022-39787 + RESERVED +CVE-2022-39786 + RESERVED +CVE-2022-39785 + RESERVED +CVE-2022-39784 + RESERVED +CVE-2022-39783 + RESERVED +CVE-2022-39782 + RESERVED +CVE-2022-39781 + RESERVED +CVE-2022-39780 + RESERVED +CVE-2022-39779 + RESERVED +CVE-2022-39778 + RESERVED +CVE-2022-39777 + RESERVED +CVE-2022-39776 + RESERVED +CVE-2022-39775 + RESERVED +CVE-2022-39774 + RESERVED +CVE-2022-39773 + RESERVED +CVE-2022-39772 + RESERVED +CVE-2022-39771 + RESERVED +CVE-2022-39770 + RESERVED +CVE-2022-39769 + RESERVED +CVE-2022-39768 + RESERVED +CVE-2022-39767 + RESERVED +CVE-2022-39766 + RESERVED +CVE-2022-39765 + RESERVED +CVE-2022-39764 + RESERVED +CVE-2022-39763 + RESERVED +CVE-2022-39762 + RESERVED +CVE-2022-39761 + RESERVED +CVE-2022-39760 + RESERVED +CVE-2022-39759 + RESERVED +CVE-2022-39758 + RESERVED +CVE-2022-39757 + RESERVED +CVE-2022-39756 + RESERVED +CVE-2022-39755 + RESERVED +CVE-2022-39754 + RESERVED +CVE-2022-39753 + RESERVED +CVE-2022-39752 + RESERVED +CVE-2022-39751 + RESERVED +CVE-2022-39750 + RESERVED +CVE-2022-39749 + RESERVED +CVE-2022-39748 + RESERVED +CVE-2022-39747 + RESERVED +CVE-2022-39746 + RESERVED +CVE-2022-39745 + RESERVED +CVE-2022-39744 + RESERVED +CVE-2022-39743 + RESERVED +CVE-2022-39742 + RESERVED +CVE-2022-39741 + RESERVED +CVE-2022-39740 + RESERVED +CVE-2022-39739 + RESERVED +CVE-2022-39738 + RESERVED +CVE-2022-39737 + RESERVED +CVE-2022-39736 + RESERVED +CVE-2022-39735 + RESERVED +CVE-2022-39734 + RESERVED +CVE-2022-39733 + RESERVED +CVE-2022-39732 + RESERVED +CVE-2022-39731 + RESERVED +CVE-2022-39730 + RESERVED +CVE-2022-39729 + RESERVED +CVE-2022-39728 + RESERVED +CVE-2022-39727 + RESERVED +CVE-2022-39726 + RESERVED +CVE-2022-39725 + RESERVED +CVE-2022-39724 + RESERVED +CVE-2022-39723 + RESERVED +CVE-2022-39722 + RESERVED +CVE-2022-39721 + RESERVED +CVE-2022-39720 + RESERVED +CVE-2022-39719 + RESERVED +CVE-2022-39718 + RESERVED +CVE-2022-39717 + RESERVED +CVE-2022-39716 + RESERVED +CVE-2022-39715 + RESERVED +CVE-2022-39714 + RESERVED +CVE-2022-39713 + RESERVED +CVE-2022-39712 + RESERVED +CVE-2022-39711 + RESERVED +CVE-2022-39710 + RESERVED +CVE-2022-39709 + RESERVED +CVE-2022-39708 + RESERVED +CVE-2022-39707 + RESERVED +CVE-2022-39706 + RESERVED +CVE-2022-39705 + RESERVED +CVE-2022-39704 + RESERVED +CVE-2022-39703 + RESERVED +CVE-2022-39702 + RESERVED +CVE-2022-39701 + RESERVED +CVE-2022-39700 + RESERVED +CVE-2022-39699 + RESERVED +CVE-2022-39698 + RESERVED +CVE-2022-39697 + RESERVED +CVE-2022-39696 + RESERVED +CVE-2022-39695 + RESERVED +CVE-2022-39694 + RESERVED +CVE-2022-39693 + RESERVED +CVE-2022-39692 + RESERVED +CVE-2022-39691 + RESERVED +CVE-2022-39690 + RESERVED +CVE-2022-39689 + RESERVED +CVE-2022-39688 + RESERVED +CVE-2022-39687 + RESERVED +CVE-2022-39686 + RESERVED +CVE-2022-39685 + RESERVED +CVE-2022-39684 + RESERVED +CVE-2022-39683 + RESERVED +CVE-2022-39682 + RESERVED +CVE-2022-39681 + RESERVED +CVE-2022-39680 + RESERVED +CVE-2022-39679 + RESERVED +CVE-2022-39678 + RESERVED +CVE-2022-39677 + RESERVED +CVE-2022-39676 + RESERVED +CVE-2022-39675 + RESERVED +CVE-2022-39674 + RESERVED +CVE-2022-39673 + RESERVED +CVE-2022-39672 + RESERVED +CVE-2022-39671 + RESERVED +CVE-2022-39670 + RESERVED +CVE-2022-39669 + RESERVED +CVE-2022-39668 + RESERVED +CVE-2022-39667 + RESERVED +CVE-2022-39666 + RESERVED +CVE-2022-39665 + RESERVED +CVE-2022-39664 + RESERVED +CVE-2022-39663 + RESERVED +CVE-2022-39662 + RESERVED +CVE-2022-39661 + RESERVED +CVE-2022-39660 + RESERVED +CVE-2022-39659 + RESERVED +CVE-2022-39658 + RESERVED +CVE-2022-39657 + RESERVED +CVE-2022-39656 + RESERVED +CVE-2022-39655 + RESERVED +CVE-2022-39654 + RESERVED +CVE-2022-39653 + RESERVED +CVE-2022-39652 + RESERVED +CVE-2022-39651 + RESERVED +CVE-2022-39650 + RESERVED +CVE-2022-39649 + RESERVED +CVE-2022-39648 + RESERVED +CVE-2022-39647 + RESERVED +CVE-2022-39646 + RESERVED +CVE-2022-39645 + RESERVED +CVE-2022-39644 + RESERVED +CVE-2022-39643 + RESERVED +CVE-2022-39642 + RESERVED +CVE-2022-39641 + RESERVED +CVE-2022-39640 + RESERVED +CVE-2022-39639 + RESERVED +CVE-2022-39638 + RESERVED +CVE-2022-39637 + RESERVED +CVE-2022-39636 + RESERVED +CVE-2022-39635 + RESERVED +CVE-2022-39634 + RESERVED +CVE-2022-39633 + RESERVED +CVE-2022-39632 + RESERVED +CVE-2022-39631 + RESERVED +CVE-2022-39630 + RESERVED +CVE-2022-39629 + RESERVED +CVE-2022-39628 + RESERVED +CVE-2022-39627 + RESERVED +CVE-2022-39626 + RESERVED +CVE-2022-39625 + RESERVED +CVE-2022-39624 + RESERVED +CVE-2022-39623 + RESERVED +CVE-2022-39622 + RESERVED +CVE-2022-39621 + RESERVED +CVE-2022-39620 + RESERVED +CVE-2022-39619 + RESERVED +CVE-2022-39618 + RESERVED +CVE-2022-39617 + RESERVED +CVE-2022-39616 + RESERVED +CVE-2022-39615 + RESERVED +CVE-2022-39614 + RESERVED +CVE-2022-39613 + RESERVED +CVE-2022-39612 + RESERVED +CVE-2022-39611 + RESERVED +CVE-2022-39610 + RESERVED +CVE-2022-39609 + RESERVED +CVE-2022-39608 + RESERVED +CVE-2022-39607 + RESERVED +CVE-2022-39606 + RESERVED +CVE-2022-39605 + RESERVED +CVE-2022-39604 + RESERVED +CVE-2022-39603 + RESERVED +CVE-2022-39602 + RESERVED +CVE-2022-39601 + RESERVED +CVE-2022-39600 + RESERVED +CVE-2022-39599 + RESERVED +CVE-2022-39598 + RESERVED +CVE-2022-39597 + RESERVED +CVE-2022-39596 + RESERVED +CVE-2022-39595 + RESERVED +CVE-2022-39594 + RESERVED +CVE-2022-39593 + RESERVED +CVE-2022-39592 + RESERVED +CVE-2022-39591 + RESERVED +CVE-2022-39590 + RESERVED +CVE-2022-39589 + RESERVED +CVE-2022-39588 + RESERVED +CVE-2022-39587 + RESERVED +CVE-2022-39586 + RESERVED +CVE-2022-39585 + RESERVED +CVE-2022-39584 + RESERVED +CVE-2022-39583 + RESERVED +CVE-2022-39582 + RESERVED +CVE-2022-39581 + RESERVED +CVE-2022-39580 + RESERVED +CVE-2022-39579 + RESERVED +CVE-2022-39578 + RESERVED +CVE-2022-39577 + RESERVED +CVE-2022-39576 + RESERVED +CVE-2022-39575 + RESERVED +CVE-2022-39574 + RESERVED +CVE-2022-39573 + RESERVED +CVE-2022-39572 + RESERVED +CVE-2022-39571 + RESERVED +CVE-2022-39570 + RESERVED +CVE-2022-39569 + RESERVED +CVE-2022-39568 + RESERVED +CVE-2022-39567 + RESERVED +CVE-2022-39566 + RESERVED +CVE-2022-39565 + RESERVED +CVE-2022-39564 + RESERVED +CVE-2022-39563 + RESERVED +CVE-2022-39562 + RESERVED +CVE-2022-39561 + RESERVED +CVE-2022-39560 + RESERVED +CVE-2022-39559 + RESERVED +CVE-2022-39558 + RESERVED +CVE-2022-39557 + RESERVED +CVE-2022-39556 + RESERVED +CVE-2022-39555 + RESERVED +CVE-2022-39554 + RESERVED +CVE-2022-39553 + RESERVED +CVE-2022-39552 + RESERVED +CVE-2022-39551 + RESERVED +CVE-2022-39550 + RESERVED +CVE-2022-39549 + RESERVED +CVE-2022-39548 + RESERVED +CVE-2022-39547 + RESERVED +CVE-2022-39546 + RESERVED +CVE-2022-39545 + RESERVED +CVE-2022-39544 + RESERVED +CVE-2022-39543 + RESERVED +CVE-2022-39542 + RESERVED +CVE-2022-39541 + RESERVED +CVE-2022-39540 + RESERVED +CVE-2022-39539 + RESERVED +CVE-2022-39538 + RESERVED +CVE-2022-39537 + RESERVED +CVE-2022-39536 + RESERVED +CVE-2022-39535 + RESERVED +CVE-2022-39534 + RESERVED +CVE-2022-39533 + RESERVED +CVE-2022-39532 + RESERVED +CVE-2022-39531 + RESERVED +CVE-2022-39530 + RESERVED +CVE-2022-39529 + RESERVED +CVE-2022-39528 + RESERVED +CVE-2022-39527 + RESERVED +CVE-2022-39526 + RESERVED +CVE-2022-39525 + RESERVED +CVE-2022-39524 + RESERVED +CVE-2022-39523 + RESERVED +CVE-2022-39522 + RESERVED +CVE-2022-39521 + RESERVED +CVE-2022-39520 + RESERVED +CVE-2022-39519 + RESERVED +CVE-2022-39518 + RESERVED +CVE-2022-39517 + RESERVED +CVE-2022-39516 + RESERVED +CVE-2022-39515 + RESERVED +CVE-2022-39514 + RESERVED +CVE-2022-39513 + RESERVED +CVE-2022-39512 + RESERVED +CVE-2022-39511 + RESERVED +CVE-2022-39510 + RESERVED +CVE-2022-39509 + RESERVED +CVE-2022-39508 + RESERVED +CVE-2022-39507 + RESERVED +CVE-2022-39506 + RESERVED +CVE-2022-39505 + RESERVED +CVE-2022-39504 + RESERVED +CVE-2022-39503 + RESERVED +CVE-2022-39502 + RESERVED +CVE-2022-39501 + RESERVED +CVE-2022-39500 + RESERVED +CVE-2022-39499 + RESERVED +CVE-2022-39498 + RESERVED +CVE-2022-39497 + RESERVED +CVE-2022-39496 + RESERVED +CVE-2022-39495 + RESERVED +CVE-2022-39494 + RESERVED +CVE-2022-39493 + RESERVED +CVE-2022-39492 + RESERVED +CVE-2022-39491 + RESERVED +CVE-2022-39490 + RESERVED +CVE-2022-39489 + RESERVED +CVE-2022-39488 + RESERVED +CVE-2022-39487 + RESERVED +CVE-2022-39486 + RESERVED +CVE-2022-39485 + RESERVED +CVE-2022-39484 + RESERVED +CVE-2022-39483 + RESERVED +CVE-2022-39482 + RESERVED +CVE-2022-39481 + RESERVED +CVE-2022-39480 + RESERVED +CVE-2022-39479 + RESERVED +CVE-2022-39478 + RESERVED +CVE-2022-39477 + RESERVED +CVE-2022-39476 + RESERVED +CVE-2022-39475 + RESERVED +CVE-2022-39474 + RESERVED +CVE-2022-39473 + RESERVED +CVE-2022-39472 + RESERVED +CVE-2022-39471 + RESERVED +CVE-2022-39470 + RESERVED +CVE-2022-39469 + RESERVED +CVE-2022-39468 + RESERVED +CVE-2022-39467 + RESERVED +CVE-2022-39466 + RESERVED +CVE-2022-39465 + RESERVED +CVE-2022-39464 + RESERVED +CVE-2022-39463 + RESERVED +CVE-2022-39462 + RESERVED +CVE-2022-39461 + RESERVED +CVE-2022-39460 + RESERVED +CVE-2022-39459 + RESERVED +CVE-2022-39458 + RESERVED +CVE-2022-39457 + RESERVED +CVE-2022-39456 + RESERVED +CVE-2022-39455 + RESERVED +CVE-2022-39454 + RESERVED +CVE-2022-39453 + RESERVED +CVE-2022-39452 + RESERVED +CVE-2022-39451 + RESERVED +CVE-2022-39450 + RESERVED +CVE-2022-39449 + RESERVED +CVE-2022-39448 + RESERVED +CVE-2022-39447 + RESERVED +CVE-2022-39446 + RESERVED +CVE-2022-39445 + RESERVED +CVE-2022-39444 + RESERVED +CVE-2022-39443 + RESERVED +CVE-2022-39442 + RESERVED +CVE-2022-39441 + RESERVED +CVE-2022-39440 + RESERVED +CVE-2022-39439 + RESERVED +CVE-2022-39438 + RESERVED +CVE-2022-39437 + RESERVED +CVE-2022-39436 + RESERVED +CVE-2022-39435 + RESERVED +CVE-2022-39434 + RESERVED +CVE-2022-39433 + RESERVED +CVE-2022-39432 + RESERVED +CVE-2022-39431 + RESERVED +CVE-2022-39430 + RESERVED +CVE-2022-39429 (Vulnerability in the Java VM component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2022-39428 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + NOT-FOR-US: Oracle +CVE-2022-39427 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39426 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39425 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39424 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39423 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.38-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39422 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.38-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39421 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-39420 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-39419 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2022-39418 + RESERVED +CVE-2022-39417 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-39416 + RESERVED +CVE-2022-39415 + RESERVED +CVE-2022-39414 + RESERVED +CVE-2022-39413 + RESERVED +CVE-2022-39412 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2022-39411 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-39410 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-39409 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-39408 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-39407 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-39406 (Vulnerability in the PeopleSoft Enterprise Common Components product o ...) + NOT-FOR-US: Oracle +CVE-2022-39405 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2022-39404 (Vulnerability in the MySQL Installer product of Oracle MySQL (componen ...) + NOT-FOR-US: Oracle +CVE-2022-39403 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) + NOT-FOR-US: Oracle (MySQL Shell) +CVE-2022-39402 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-39401 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-39400 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-39399 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-11 11.0.17+8-1 + - openjdk-17 17.0.5+8-1 +CVE-2022-39398 (tasklists is a tasklists plugin for GLPI (Kanban). Versions prior to 2 ...) + NOT-FOR-US: GLPI plugin +CVE-2022-39397 (aliyun-oss-client is a rust client for Alibaba Cloud OSS. Users of thi ...) + NOT-FOR-US: aliyun-oss-client +CVE-2022-39396 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-39395 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) + NOT-FOR-US: Vela +CVE-2022-39394 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + NOT-FOR-US: wasmtime +CVE-2022-39393 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + NOT-FOR-US: wasmtime +CVE-2022-39392 (Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0 ...) + NOT-FOR-US: wasmtime +CVE-2022-39391 + RESERVED +CVE-2022-39390 + REJECTED +CVE-2022-39389 (Lightning Network Daemon (lnd) is an implementation of a lightning bit ...) + NOT-FOR-US: Lightning Network Daemon +CVE-2022-39388 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-39387 (XWiki OIDC has various tools to manipulate OpenID Connect protocol in ...) + NOT-FOR-US: XWiki +CVE-2022-39386 (@fastify/websocket provides WebSocket support for Fastify. Any applica ...) + NOT-FOR-US: @fastify/websocket +CVE-2022-39385 (Discourse is the an open source discussion platform. In some rare case ...) + NOT-FOR-US: Discourse +CVE-2022-39384 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2022-39383 (KubeVela is an open source application delivery platform. Users using ...) + NOT-FOR-US: KubeVela +CVE-2022-39382 (Keystone is a headless CMS for Node.js \u2014 built with GraphQL and R ...) + NOT-FOR-US: Keystone CMS +CVE-2022-39381 (Muhammara is a node module with c/cpp bindings to modify PDF with js f ...) + NOT-FOR-US: Muhammara Nodejs module +CVE-2022-39380 (Wire web-app is part of Wire communications. Versions prior to 2022-11 ...) + NOT-FOR-US: Wire webapp +CVE-2022-39379 (Fluentd collects events from various data sources and writes them to f ...) + - fluentd (bug #926692) +CVE-2022-39378 (Discourse is a platform for community discussion. Under certain condit ...) + NOT-FOR-US: Discourse +CVE-2022-39377 (sysstat is a set of system performance tools for the Linux operating s ...) + {DLA-3188-1} + - sysstat 12.6.1-1 (bug #1023832) + [bullseye] - sysstat (Minor issue) + NOTE: https://github.com/sysstat/sysstat/security/advisories/GHSA-q8r6-g56f-9w7x + NOTE: https://github.com/sysstat/sysstat/commit/9c4eaf150662ad40607923389d4519bc83b93540 (v12.7.1) + NOTE: The original fix is incomplete and opens up CVE-2023-33204. +CVE-2022-39376 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6rh5-m5g7-327w + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39375 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-fxcx-93fq-8r9g + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39374 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.68.0-1 + NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-p9qp-c452-f9r7 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2209956 +CVE-2022-39373 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cw37-q82c-w546 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39372 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5rj7-95qc-89h2 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39371 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7wc-728f-6mm8 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39370 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6c2p-wgx9-vrjc + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39369 (phpCAS is an authentication library that allows PHP applications to ea ...) + {DLA-3485-1} + - php-cas 1.6.0-1 (bug #1023571) + NOTE: https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64 + NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163 (1.6.0) +CVE-2022-39368 (Eclipse Californium is a Java implementation of RFC7252 - Constrained ...) + NOT-FOR-US: Eclipse Californium +CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment delivery. ...) + NOT-FOR-US: QTIWorks +CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version 0.8.45, ...) + NOT-FOR-US: DataHub +CVE-2022-39365 (Pimcore is an open source data and experience management platform. Pri ...) + NOT-FOR-US: Pimcore +CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-39363 + RESERVED +CVE-2022-39362 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) + NOT-FOR-US: Metabase +CVE-2022-39361 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) + NOT-FOR-US: Metabase +CVE-2022-39360 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) + NOT-FOR-US: Metabase +CVE-2022-39359 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) + NOT-FOR-US: Metabase +CVE-2022-39358 (Metabase is data visualization software. Prior to versions 0.44.5, 1.4 ...) + NOT-FOR-US: Metabase +CVE-2022-39357 (Winter is a free, open-source content management system based on the L ...) + NOT-FOR-US: Winter +CVE-2022-39356 (Discourse is a platform for community discussion. Users who receive an ...) + NOT-FOR-US: Discourse +CVE-2022-39355 (Discourse Patreon enables syncronization between Discourse Groups and ...) + NOT-FOR-US: Discourse Patreon +CVE-2022-39354 (SputnikVM, also called evm, is a Rust implementation of Ethereum Virtu ...) + NOT-FOR-US: Rust crate evm +CVE-2022-39353 (xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) ...) + {DLA-3260-1} + - node-xmldom 0.8.6-1 (bug #1024736) + [bullseye] - node-xmldom 0.5.0-1+deb11u2 + NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-crh6-fp67-6883 + NOTE: https://github.com/jindw/xmldom/issues/150 +CVE-2022-39352 (OpenFGA is a high-performance authorization/permission engine inspired ...) + NOT-FOR-US: OpenFGA +CVE-2022-39351 (Dependency-Track is a Component Analysis platform that allows organiza ...) + NOT-FOR-US: Dependency-Track +CVE-2022-39350 (@dependencytrack/frontend is a Single Page Application (SPA) used in D ...) + NOT-FOR-US: @dependencytrack/frontend +CVE-2022-39349 (The Tasks.org Android app is an open-source app for to-do lists and re ...) + NOT-FOR-US: Tasks.org Android app +CVE-2022-39348 (Twisted is an event-based framework for internet applications. Started ...) + {DLA-3212-1} + - twisted 22.4.0-4 (bug #1023359) + [bullseye] - twisted (Minor issue) + NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647 + NOTE: Introduced by: https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4 + NOTE: Fixed by: https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b (twisted-22.10.0rc1) +CVE-2022-39347 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + {DLA-3654-1} + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg + NOTE: https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d +CVE-2022-39346 (Nextcloud server is an open source personal cloud server. Affected ver ...) + - nextcloud-server (bug #941708) +CVE-2022-39345 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) + NOT-FOR-US: Gin-vue-admin +CVE-2022-39344 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2022-39343 (Azure RTOS FileX is a FAT-compatible file system that\u2019s fully int ...) + NOT-FOR-US: Azure RTOS FileX +CVE-2022-39342 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) + NOT-FOR-US: OpenFGA +CVE-2022-39341 (OpenFGA is an authorization/permission engine. Versions prior to versi ...) + NOT-FOR-US: OpenFGA +CVE-2022-39340 (OpenFGA is an authorization/permission engine. Prior to version 0.2.4, ...) + NOT-FOR-US: OpenFGA +CVE-2022-39339 (user_oidc is an OpenID Connect user backend for Nextcloud. In versions ...) + NOT-FOR-US: Nextcloud addon +CVE-2022-39338 (user_oidc is an OpenID Connect user backend for Nextcloud. Versions pr ...) + NOT-FOR-US: Nextcloud addon +CVE-2022-39337 + RESERVED +CVE-2022-39336 + RESERVED +CVE-2022-39335 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.69.0-1 + NOTE: https://matrix.org/blog/2023/05/24/disclosing-synapse-security-advisories/ + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-45cj-f97f-ggwv +CVE-2022-39334 (Nextcloud also ships a CLI utility called nextcloudcmd which is someti ...) + - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv + NOTE: https://github.com/nextcloud/desktop/issues/4927 + NOTE: https://github.com/nextcloud/desktop/pull/5022 +CVE-2022-39333 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) + - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8 + NOTE: https://github.com/nextcloud/desktop/pull/4972 + NOTE: https://hackerone.com/reports/1711847 +CVE-2022-39332 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) + - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p + NOTE: https://github.com/nextcloud/desktop/pull/4972 + NOTE: https://hackerone.com/reports/1668028 +CVE-2022-39331 (Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...) + - nextcloud-desktop 3.6.1-1 + [bullseye] - nextcloud-desktop (Minor issue) + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5 + NOTE: https://github.com/nextcloud/desktop/pull/4944 + NOTE: https://hackerone.com/reports/1668028 +CVE-2022-39330 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-39329 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-39328 (Grafana is an open-source platform for monitoring and observability. V ...) + - grafana +CVE-2022-39327 (Azure CLI is the command-line interface for Microsoft Azure. In versio ...) + - azure-cli (Windows-specific vulnerabilities) + NOTE: https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 + NOTE: https://github.com/Azure/azure-cli/pull/23514 + NOTE: https://github.com/Azure/azure-cli/pull/24015 +CVE-2022-39326 (kartverket/github-workflows are shared reusable workflows for GitHub A ...) + NOT-FOR-US: kartverket/github-workflows +CVE-2022-39325 (BaserCMS is a content management system with a japanese language focus ...) + NOT-FOR-US: BaserCMS +CVE-2022-39324 (Grafana is an open-source platform for monitoring and observability. P ...) + - grafana +CVE-2022-39323 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cp6q-9p4x-8hr9 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39322 (@keystone-6/core is a core package for Keystone 6, a content managemen ...) + NOT-FOR-US: Keystone CMS +CVE-2022-39321 (GitHub Actions Runner is the application that runs a job from a GitHub ...) + NOT-FOR-US: GitHub Actions Runner +CVE-2022-39320 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j +CVE-2022-39319 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + {DLA-3654-1} + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh + NOTE: https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 +CVE-2022-39318 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + {DLA-3654-1} + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea +CVE-2022-39317 (FreeRDP is a free remote desktop protocol library and clients. Affecte ...) + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh +CVE-2022-39316 (FreeRDP is a free remote desktop protocol library and clients. In affe ...) + {DLA-3654-1} + - freerdp2 2.9.0+dfsg1-1 (bug #1024511) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm + NOTE: https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 +CVE-2022-39315 (Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6 ...) + NOT-FOR-US: Kirby CMS +CVE-2022-39314 (Kirby is a flat-file CMS. In versions prior to 3.5.8.2, 3.6.6.2, 3.7.5 ...) + NOT-FOR-US: Kirby CMS +CVE-2022-39313 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-39312 (Dataease is an open source data visualization analysis tool. Dataease ...) + NOT-FOR-US: Dataease +CVE-2022-39311 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) + NOT-FOR-US: GoCD +CVE-2022-39310 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) + NOT-FOR-US: GoCD +CVE-2022-39309 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) + NOT-FOR-US: GoCD +CVE-2022-39308 (GoCD is a continuous delivery server. GoCD helps you automate and stre ...) + NOT-FOR-US: GoCD +CVE-2022-39307 (Grafana is an open-source platform for monitoring and observability. W ...) + - grafana +CVE-2022-39306 (Grafana is an open-source platform for monitoring and observability. V ...) + - grafana +CVE-2022-39305 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) + NOT-FOR-US: Gin-vue-admin +CVE-2022-39304 (ghinstallation provides transport, which implements http.RoundTripper ...) + NOT-FOR-US: ghinstallation +CVE-2022-39303 (Ree6 is a moderation bot. This vulnerability allows manipulation of SQ ...) + NOT-FOR-US: Ree6 +CVE-2022-39302 (Ree6 is a moderation bot. This vulnerability would allow other server ...) + NOT-FOR-US: Ree6 +CVE-2022-39301 (sra-admin is a background rights management system that separates the ...) + NOT-FOR-US: sra-admin +CVE-2022-39300 (node SAML is a SAML 2.0 library based on the SAML implementation of pa ...) + NOT-FOR-US: Node saml +CVE-2022-39299 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) + NOT-FOR-US: Passport-SAML +CVE-2022-39298 (MelisFront is the engine that displays website hosted on Melis Platfor ...) + NOT-FOR-US: MelisFront +CVE-2022-39297 (MelisCms provides a full CMS for Melis Platform, including templating ...) + NOT-FOR-US: MelisCms +CVE-2022-39296 (MelisAssetManager provides deliveries of Melis Platform's assets locat ...) + NOT-FOR-US: MelisAssetManager +CVE-2022-39295 (Knowage is an open source suite for modern business analytics alternat ...) + NOT-FOR-US: Knowage +CVE-2022-39294 (conduit-hyper integrates a conduit application with the hyper server. ...) + NOT-FOR-US: conduit-hyper +CVE-2022-39293 (Azure RTOS USBX is a high-performance USB host, device, and on-the-go ...) + NOT-FOR-US: Azure RTOS USBX +CVE-2022-39292 (Slack Morphism is a modern client library for Slack Web/Events API/Soc ...) + NOT-FOR-US: Slack Morphism +CVE-2022-39291 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-cfcx-v52x-jh74 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/73d9f2482cdcb238506388798d3cf92546f9e40c + NOTE: https://github.com/ZoneMinder/zoneminder/commit/cb3fc5907da21a5111ae54128a5d0b49ae755e9b + NOTE: https://github.com/ZoneMinder/zoneminder/commit/de2866f9574a2bf2690276fad53c91d607825408 + NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-39290 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) + NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-xgv6-qv6c-399q + NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-39289 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) + NOTE: https://github.com/ZoneMinder/zoneminder/commit/34ffd92bf123070cab6c83ad4cfe6297dd0ed0b4 + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-mpcx-3gvh-9488 + NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-39288 (fastify is a fast and low overhead web framework, for Node.js. Affecte ...) + NOT-FOR-US: Node fastify +CVE-2022-39287 (tiny-csrf is a Node.js cross site request forgery (CSRF) protection mi ...) + NOT-FOR-US: tiny-csrf Nodejs module +CVE-2022-39286 (Jupyter Core is a package for the core common functionality of Jupyter ...) + {DSA-5422-1 DLA-3195-1} + - jupyter-core 4.11.2-1 (bug #1023361) + NOTE: https://github.com/jupyter/jupyter_core/security/advisories/GHSA-m678-f26j-3hrp + NOTE: https://github.com/jupyter/jupyter_core/commit/1118c8ce01800cb689d51f655f5ccef19516e283 (4.11.2) +CVE-2022-39285 (ZoneMinder is a free, open source Closed-circuit television software a ...) + - zoneminder 1.36.31+dfsg1-1 (unimportant; bug #1021565) + NOTE: https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-h6xp-cvwv-q433 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/c0a4c05e84eea0f6ccf7169c014efe5422c9ba0d + NOTE: https://github.com/ZoneMinder/zoneminder/commit/d289eb48601a76e34feea3c1683955337b1fae59 + NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-39284 (CodeIgniter is a PHP full-stack web framework. In versions prior to 4. ...) + - codeigniter (bug #471583) +CVE-2022-39283 (FreeRDP is a free remote desktop protocol library and clients. All Fre ...) + {DLA-3654-1} + - freerdp2 2.8.1+dfsg1-1 (bug #1021659) + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh + NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/be793c3bb776c1bbda9156b427408d5a5eb00f70 (not confirmed by upstream) +CVE-2022-39282 (FreeRDP is a free remote desktop protocol library and clients. FreeRDP ...) + {DLA-3654-1} + - freerdp2 2.8.1+dfsg1-1 (bug #1021659) + [bullseye] - freerdp2 (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq + NOTE: patch likely: https://github.com/FreeRDP/FreeRDP/commit/60aac2abf0740dd36b62712fba91498fd6e055fe (not confirmed by upstream) +CVE-2022-39281 (fat_free_crm is a an open source, Ruby on Rails customer relationship ...) + NOT-FOR-US: fat_free_crm +CVE-2022-39280 (dparse is a parser for Python dependency files. dparse in versions bef ...) + NOT-FOR-US: dparse (parser for Python dependency files) +CVE-2022-39279 (discourse-chat is a plugin for the Discourse message board which adds ...) + NOT-FOR-US: discourse-chat plugin for Discourse +CVE-2022-39278 (Istio is an open platform-independent service mesh that provides traff ...) + NOT-FOR-US: Istio +CVE-2022-39277 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rhcw-8r7g-8pwc + NOTE: https://huntr.dev/bounties/8e047ae1-7a7c-48e0-bee3-d1c36e52ff42/ + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39276 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-8vwg-7x42-7v6p + NOTE: https://huntr.dev/bounties/7a88f92b-1ee2-4ca8-9cf8-05fcf6cfe73f/ + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39275 (Saleor is a headless, GraphQL commerce platform. In affected versions ...) + NOT-FOR-US: Saleor +CVE-2022-39274 (LoRaMac-node is a reference implementation and documentation of a LoRa ...) + NOT-FOR-US: LoRaMac-node +CVE-2022-39273 (FlyteAdmin is the control plane for the data processing platform Flyte ...) + NOT-FOR-US: FlyteAdmin +CVE-2022-39272 (Flux is an open and extensible continuous delivery solution for Kubern ...) + NOT-FOR-US: Flux +CVE-2022-39271 (Traefik (pronounced traffic) is a modern HTTP reverse proxy and load b ...) + - traefik (bug #983289) +CVE-2022-39270 (DiscoTOC is a Discourse theme component that generates a table of cont ...) + NOT-FOR-US: DiscoTOC Discourse theme +CVE-2022-39269 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5358-1 DLA-3335-1} + - asterisk 1:20.3.0~dfsg+~cs6.13.40431413-1 (bug #1032092) + - pjproject + - ring 20230206.0~ds1-1 + [bullseye] - ring (Vulnerable code introduced later) + [buster] - ring (Vulnerable code introduced later) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-wx5m-cj97-4wwg + NOTE: Introduced by: https://github.com/pjsip/pjproject/commit/db4f8f23b9962b4e567faa0784608174376ead8f (2.11) + NOTE: Fixed by: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc (2.13) +CVE-2022-39268 (### Impact In a CSRF attack, an innocent end user is tricked by an att ...) + NOT-FOR-US: orchest/orchest +CVE-2022-39267 (Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB ...) + NOT-FOR-US: Bifrost +CVE-2022-39266 (isolated-vm is a library for nodejs which gives the user access to v8' ...) + NOT-FOR-US: isolated-vm +CVE-2022-39265 (MyBB is a free and open source forum software. The _Mail Settings_ \u2 ...) + NOT-FOR-US: MyBB +CVE-2022-39264 (nheko is a desktop client for the Matrix communication application. Al ...) + - nheko 0.10.2-1 + [bullseye] - nheko (Vulnerable code not present) + [buster] - nheko (Vulnerable code not present) + NOTE: https://github.com/Nheko-Reborn/nheko/security/advisories/GHSA-8jcp-8jq4-5mm7 + NOTE: https://github.com/Nheko-Reborn/nheko/commit/67bee15a389f9b8a9f6c3a340558d1e2319e7199 (v0.10.2) + NOTE: Support for secrets in keychain: https://github.com/Nheko-Reborn/nheko/commit/7b46aa2a6e4fdb71632128a94b6645613631d8d4 (v0.8.0) +CVE-2022-39263 (`@next-auth/upstash-redis-adapter` is the Upstash Redis adapter for Ne ...) + NOT-FOR-US: next-auth/upstash-redis-adapter +CVE-2022-39262 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-4x48-q2wr-cpg4 + NOTE: https://huntr.dev/bounties/54fc907e-6983-4c24-b249-1440aac1643c/ + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39261 (Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x ...) + {DSA-5248-1 DLA-3147-1} + - php-twig 3.4.3-1 (bug #1020991) + - twig + NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-52m2-vc4m-jj33 + NOTE: https://github.com/twigphp/Twig/commit/35f3035c5deb0041da7b84daf02dea074ddc7a0b (v1.44.7, v2.15.3, v3.4.3) +CVE-2022-39260 (Git is an open source, scalable, distributed revision control system. ...) + {DSA-5332-1 DLA-3239-1} + - git 1:2.38.1-1 (bug #1022046) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 + NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u + NOTE: https://github.com/git/git/commit/32696a4cbe90929ae79ea442f5102c513ce3dfaa (v2.30.6) + NOTE: https://github.com/git/git/commit/71ad7fe1bcec2a115bd0ab187240348358aa7f21 (v2.30.6) + NOTE: https://github.com/git/git/commit/0ca6ead81edd4fb1984b69aae87c1189e3025530 (v2.30.6) +CVE-2022-39259 (jadx is a set of command line and GUI tools for producing Java source ...) + NOT-FOR-US: jadx +CVE-2022-39258 (mailcow is a mailserver suite. A vulnerability innversions prior to 20 ...) + NOT-FOR-US: mailcow +CVE-2022-39257 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...) + NOT-FOR-US: Matrix iOS SDK +CVE-2022-39256 (Orckestra C1 CMS is a .NET based Web Content Management System. A vuln ...) + NOT-FOR-US: Orckestra C1 CMS +CVE-2022-39255 (Matrix iOS SDK allows developers to build iOS apps compatible with Mat ...) + NOT-FOR-US: Matrix iOS SDK +CVE-2022-39254 (matrix-nio is a Python Matrix client library, designed according to sa ...) + - python-matrix-nio 0.20.0-1 + NOTE: https://github.com/poljar/matrix-nio/security/advisories/GHSA-w4pr-4vjg-hffh + NOTE: https://github.com/poljar/matrix-nio/commit/b1cbf234a831daa160673defd596e6450e9c29f0 (0.20.0) +CVE-2022-39253 (Git is an open source, scalable, distributed revision control system. ...) + {DSA-5332-1 DLA-3239-1} + - git 1:2.38.1-1 (bug #1022046) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/5 + NOTE: https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u + NOTE: https://github.com/git/git/commit/6f054f9fb3a501c35b55c65e547a244f14c38d56 (v2.30.6) + NOTE: https://github.com/git/git/commit/7de0c306f7b758d3fb537c18c2751f6250cea7a0 (v2.30.6) + NOTE: https://github.com/git/git/commit/8a96dbcb339d25ba1813632319ea4052bc586ddf (v2.30.6) + NOTE: https://github.com/git/git/commit/99f4abb8dae4c9c604e5d5cf255958bbe537b928 (v2.30.6) + NOTE: https://github.com/git/git/commit/f8d510ed0b357787c8d035d64f240bd82b424dc4 (v2.30.6) + NOTE: https://github.com/git/git/commit/ac7e57fa288260341bdbd5e9abcdd24eaf214740 (v2.30.6) + NOTE: https://github.com/git/git/commit/225d2d50ccef4baae410a96b9dc9e3978d164826 (v2.30.6) + NOTE: https://github.com/git/git/commit/0f21b8f468566b991eea60bb7bdf2fce9265e367 (v2.30.6) + NOTE: https://github.com/git/git/commit/0d3beb71dad7906f576b0de9cea32164549163fe (v2.30.6) + NOTE: https://github.com/git/git/commit/f4a32a550f9d40471fb42ed1e5c8612dfe4a83b1 (v2.30.6) + NOTE: https://github.com/git/git/commit/a1d4f67c12ac172f835e6d5e4e0a197075e2146b (v2.30.6) +CVE-2022-39252 (matrix-rust-sdk is an implementation of a Matrix client-server library ...) + NOT-FOR-US: matrix-rust-sdk +CVE-2022-39251 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) + - node-matrix-js-sdk (bug #1021136) + [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) + [buster] - node-matrix-js-sdk (Can wait for next update) + NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-r48r-j8fx-mq2c + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 + NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients +CVE-2022-39250 (Matrix JavaScript SDK is the Matrix Client-Server software development ...) + - node-matrix-js-sdk (bug #1021136) + [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) + [buster] - node-matrix-js-sdk (Can wait for next update) + NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-5w8r-8pgj-5jmf + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 + NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients +CVE-2022-39249 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) + - node-matrix-js-sdk (bug #1021136) + [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) + [buster] - node-matrix-js-sdk (Can wait for next update) + NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-6263-x97c-c4gg + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 + NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3061 + NOTE: https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients +CVE-2022-39248 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...) + NOT-FOR-US: Matrix SDK for Android +CVE-2022-39247 + RESERVED +CVE-2022-39246 (matrix-android-sdk2 is the Matrix SDK for Android. Prior to version 1. ...) + NOT-FOR-US: Matrix SDK for Android +CVE-2022-39245 (Mist is the command-line interface for the makedeb Package Repository. ...) + NOT-FOR-US: Makedeb Mist +CVE-2022-39244 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5358-1 DLA-3549-1 DLA-3335-1} + - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 + - pjproject + - ring 20230206.0~ds1-1 + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-fq45-m3f7-3mhj + NOTE: https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae +CVE-2022-39243 (NuProcess is an external process execution implementation for Java. In ...) + NOT-FOR-US: NuProcess +CVE-2022-39242 (Frontier is an Ethereum compatibility layer for Substrate. Prior to co ...) + NOT-FOR-US: Frontier +CVE-2022-39241 (Discourse is a platform for community discussion. A malicious admin co ...) + NOT-FOR-US: Discourse +CVE-2022-39240 (MyGraph is a permission management system. Versions prior to 1.0.4 are ...) + NOT-FOR-US: MyGraph +CVE-2022-39239 (netlify-ipx is an on-Demand image optimization for Netlify using ipx. ...) + NOT-FOR-US: netlify-ipx +CVE-2022-39238 (Arvados is an open source platform for managing and analyzing biomedic ...) + NOT-FOR-US: Arvados +CVE-2022-39237 (syslabs/sif is the Singularity Image Format (SIF) reference implementa ...) + - golang-github-sylabs-sif 2.8.3-1 (bug #1023570) + [bullseye] - golang-github-sylabs-sif (Minor issue) + - singularity-container 3.10.3+ds1-1 + NOTE: https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8 + NOTE: https://github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254 (v2.8.1) + NOTE: https://github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52 (v2.8.1) +CVE-2022-39236 (Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. ...) + - node-matrix-js-sdk (bug #1021136) + [bullseye] - node-matrix-js-sdk (Incompatible with current Matrix implementations) + [buster] - node-matrix-js-sdk (Minor issue) + NOTE: https://github.com/matrix-org/matrix-js-sdk/security/advisories/GHSA-hvv8-5v86-r45x + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/a587d7c36026fe1fcf93dfff63588abee359be76 + NOTE: https://github.com/matrix-org/matrix-spec-proposals/pull/3488 +CVE-2022-39235 + RESERVED +CVE-2022-39234 (GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Fre ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-pgcx-mc58-3gmg + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-39233 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2022-39232 (Discourse is an open source discussion platform. Starting with version ...) + NOT-FOR-US: Discourse +CVE-2022-39231 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-39230 (fhir-works-on-aws-authz-smart is an implementation of the authorizatio ...) + NOT-FOR-US: fhir-works-on-aws-authz-smart +CVE-2022-39229 (Grafana is an open source data visualization platform for metrics, log ...) + - grafana +CVE-2022-39228 (vantage6 is a privacy preserving federated learning infrastructure for ...) + NOT-FOR-US: vantage6 +CVE-2022-39227 (python-jwt is a module for generating and verifying JSON Web Tokens. V ...) + NOT-FOR-US: python-jwt (not the same as src:pyjwt) +CVE-2022-39226 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2022-39225 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-39224 (Arr-pm is an RPM reader/writer library written in Ruby. Versions prior ...) + NOT-FOR-US: arr-pm +CVE-2022-39223 + RESERVED +CVE-2022-39222 (Dex is an identity service that uses OpenID Connect to drive authentic ...) + - coreos-dex (bug #879562) +CVE-2022-39221 (McWebserver mod runs a simple HTTP server alongside the Minecraft serv ...) + NOT-FOR-US: McWebserver +CVE-2022-39220 (SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are su ...) + NOT-FOR-US: SFTPGo +CVE-2022-39219 (Bifrost is a middleware package which can synchronize MySQL/MariaDB bi ...) + NOT-FOR-US: Bifrost +CVE-2022-39218 (The JS Compute Runtime for Fastly's Compute@Edge platform provides the ...) + NOT-FOR-US: Fastly +CVE-2022-39217 (some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub ...) + NOT-FOR-US: GitHub Advanced Security to CSV +CVE-2022-39216 (Combodo iTop is an open source, web-based IT service management platfo ...) + NOT-FOR-US: Combodo +CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...) + NOT-FOR-US: Tauri +CVE-2022-39214 (Combodo iTop is an open source, web-based IT service management platfo ...) + NOT-FOR-US: Combodo +CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...) + NOT-FOR-US: go-cvss +CVE-2022-39212 (Nextcloud Talk is an open source chat, video & audio calls client for ...) + NOT-FOR-US: Nextcloud Talk +CVE-2022-39211 (Nextcloud server is an open source personal cloud platform. In affecte ...) + - nextcloud-server (bug #941708) +CVE-2022-39210 (Nextcloud android is the official Android client for the Nextcloud hom ...) + NOT-FOR-US: Nextcloud android +CVE-2022-39209 (cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and renderin ...) + - cmark-gfm 0.29.0.gfm.6-2 (bug #1020588) + [bookworm] - cmark-gfm (Minor issue) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - python-cmarkgfm (bug #1034887) + [bookworm] - python-cmarkgfm (Minor issue) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - ghostwriter 2.1.6+ds-1 (unimportant) + - ruby-commonmarker (bug #1034888) + [bookworm] - ruby-commonmarker (Minor issue) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + - r-cran-commonmark 1.8.1-1 + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-cgh3-p57x-9q7q + NOTE: https://github.com/github/cmark-gfm/commit/cfcaa0068bf319974fdec283416fcee5035c2d70 (0.29.0.gfm.6) + NOTE: For ghostwriter just a hang/crash in GUI tool, no security impact +CVE-2022-39208 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) + NOT-FOR-US: Onedev +CVE-2022-39207 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) + NOT-FOR-US: Onedev +CVE-2022-39206 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) + NOT-FOR-US: Onedev +CVE-2022-39205 (Onedev is an open source, self-hosted Git Server with CI/CD and Kanban ...) + NOT-FOR-US: Onedev +CVE-2022-39204 + RESERVED +CVE-2022-39203 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...) + NOT-FOR-US: matrix-appservice-irc +CVE-2022-39202 (matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. ...) + NOT-FOR-US: matrix-appservice-irc +CVE-2022-39201 (Grafana is an open source observability and data visualization platfor ...) + - grafana +CVE-2022-39200 (Dendrite is a Matrix homeserver written in Go. In affected versions ev ...) + NOT-FOR-US: Dendrite +CVE-2022-39199 (immudb is a database with built-in cryptographic proof and verificatio ...) + NOT-FOR-US: immudb +CVE-2022-39198 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.12 a ...) + NOT-FOR-US: Apache Dubbo +CVE-2022-3099 (Use After Free in GitHub repository vim/vim prior to 9.0.0360.) + {DLA-3182-1} + - vim 2:9.0.0626-1 (bug #1019590) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e + NOTE: https://github.com/vim/vim/commit/35d21c6830fc2d68aca838424a0e786821c5891c (v9.0.0360) +CVE-2022-3098 (The Login Block IPs WordPress plugin through 1.0.0 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3097 (The Plugin LBstopattack WordPress plugin before 1.1.3 does not use non ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3096 (The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3095 (The implementation of backslash parsing in the Dart URI class for vers ...) + NOT-FOR-US: Dart language (different from src:dart) +CVE-2022-3094 (Sending a flood of dynamic DNS updates may cause `named` to allocate l ...) + {DSA-5329-1} + - bind9 1:9.18.11-1 + [buster] - bind9 (Upstream considers this a minor issue before 9.16) + NOTE: https://kb.isc.org/docs/cve-2022-3094 +CVE-2022-39197 (An XSS (Cross Site Scripting) vulnerability was found in HelpSystems C ...) + NOT-FOR-US: Cobalt Strike +CVE-2022-39196 (Blackboard Learn 1.10.1 allows remote authenticated users to read unin ...) + NOT-FOR-US: Blackboard Learn +CVE-2022-39195 (A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web inte ...) + NOT-FOR-US: LISTSERV +CVE-2022-39194 (An issue was discovered in the MediaWiki through 1.38.2. The community ...) + NOT-FOR-US: MediaWiki extension GrowthExperiments +CVE-2022-39193 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2022-39192 + RESERVED + NOT-FOR-US: Mediawiki extension IPInfo +CVE-2022-39191 + RESERVED + NOT-FOR-US: Mediawiki extension OAuth +CVE-2022-39190 (An issue was discovered in net/netfilter/nf_tables_api.c in the Linux ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/e02f0d3970404bfea385b6edb86f2d936db0ea2b (6.0-rc3) +CVE-2022-39187 (Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripti ...) + NOT-FOR-US: Rumpus +CVE-2022-39186 (EXFO - BV-10 Performance Endpoint Unit misconfiguration. System config ...) + NOT-FOR-US: EXFO +CVE-2022-39185 (EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. U ...) + NOT-FOR-US: EXFO +CVE-2022-39184 (EXFO - BV-10 Performance Endpoint Unit authentication bypass User can ...) + NOT-FOR-US: EXFO +CVE-2022-39183 (Moodle Plugin - SAML Auth may allow Open Redirect through unspecified ...) + NOT-FOR-US: Moodle plugin +CVE-2022-39182 (H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 i ...) + NOT-FOR-US: H C Mingham-Smith Ltd - Tardis 2000 +CVE-2022-39181 (GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). ...) + NOT-FOR-US: GLPI plugin +CVE-2022-39180 (College Management System v1.0 - SQL Injection (SQLi). By inserting SQ ...) + NOT-FOR-US: College Management System +CVE-2022-39179 (College Management System v1.0 - Authenticated remote code execution. ...) + NOT-FOR-US: College Management System +CVE-2022-39178 (Webvendome - webvendome Internal Server IP Disclosure. Send GET Reques ...) + NOT-FOR-US: Webvendome +CVE-2022-39177 (BlueZ before 5.59 allows physically proximate attackers to cause a den ...) + {DLA-3157-1} + - bluez 5.61-1 + [bullseye] - bluez (Minor issue) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b (5.59) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a (5.59) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4 (5.60) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37 (5.61) + NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 +CVE-2022-39176 (BlueZ before 5.59 allows physically proximate attackers to obtain sens ...) + {DLA-3157-1} + - bluez 5.61-1 + [bullseye] - bluez (Minor issue) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e2b0f0d8d63e1223bb714a9efb37e2257818268b (5.59) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=7a80d2096f1b7125085e21448112aa02f49f5e9a (5.59) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=0388794dc5fdb73a4ea88bcf148de0a12b4364d4 (5.60) + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e21680c9355a0f9d5ef6d4a5ae032de274e87b37 (5.61) + NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1977968 +CVE-2022-39175 + RESERVED +CVE-2022-39174 + RESERVED +CVE-2022-39173 (In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow ...) + - wolfssl 5.5.3-1 (bug #1021021) + [bullseye] - wolfssl (Minor issue) +CVE-2022-39172 (A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) ...) + NOT-FOR-US: mbsupport openVIVA c2 +CVE-2022-39171 + RESERVED +CVE-2022-39170 (libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_f ...) + - dwarfutils (Vulnerable code introduced later) + NOTE: https://github.com/davea42/libdwarf-code/issues/132 + NOTE: Introduced after: https://github.com/davea42/libdwarf-code/commit/d3ba444c4e4891545552590d9d36c2049197678e + NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/428235e3d132fb62faf7732735fdbb034d6264b4 + NOTE: https://www.prevanders.net/dwarfbug.html#DW202208-001 +CVE-2022-39169 + RESERVED +CVE-2022-39168 (IBM Robotic Process Automation Clients are vulnerable to proxy credent ...) + NOT-FOR-US: IBM +CVE-2022-39167 (IBM Spectrum Virtualize 8.5, 8.4, 8.3, 8.2, and 7.8, under certain con ...) + NOT-FOR-US: IBM +CVE-2022-39166 (IBM Security Guardium 11.4 could allow a privileged user to obtain sen ...) + NOT-FOR-US: IBM +CVE-2022-39165 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-39164 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-39163 + RESERVED +CVE-2022-39162 + RESERVED +CVE-2022-39161 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere ...) + NOT-FOR-US: IBM +CVE-2022-39160 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2022-3093 (This vulnerability allows physical attackers to execute arbitrary code ...) + NOT-FOR-US: Tesla vehicles +CVE-2022-3092 (GE CIMPICITY versions 2022 and prior is vulnerable to an out-of- ...) + NOT-FOR-US: GE CIMPICITY +CVE-2022-3091 (RONDS EPM version 1.19.5 has a vulnerability in which a function could ...) + NOT-FOR-US: RONDS EPM +CVE-2022-3090 (Red Lion Controls Crimson 3.0 versions 707.000 and prior, Crimson 3.1 ...) + NOT-FOR-US: Red Lion Controls Crimson +CVE-2022-3089 (Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credent ...) + NOT-FOR-US: Echelon +CVE-2022-3088 (UC-8100A-ME-T System Image: Versions v1.0 to v1.6, UC-2100 System Imag ...) + NOT-FOR-US: Moxa +CVE-2022-3087 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...) + NOT-FOR-US: Fuji +CVE-2022-3086 (Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerabl ...) + NOT-FOR-US: Moxa +CVE-2022-3085 (Fuji Electric Tellus Lite V-Simulator versions 4.0.12.0 and prior are ...) + NOT-FOR-US: Fuji +CVE-2022-3084 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a fa ...) + NOT-FOR-US: GE CIMPICITY +CVE-2022-3083 (All versions of Landis+Gyr E850 (ZMQ200) are vulnerable toCWE-784: Rel ...) + NOT-FOR-US: Landis+Gyr E850 +CVE-2022-39189 (An issue was discovered the x86 KVM subsystem in the Linux kernel befo ...) + {DSA-5480-1 DLA-3623-1} + - linux 5.19.6-1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2309 + NOTE: https://git.kernel.org/linus/6cd88243c7e03845a450795e134b488fc2afb736 (5.19-rc2) +CVE-2022-39188 (An issue was discovered in include/asm-generic/tlb.h in the Linux kern ...) + {DSA-5257-1 DLA-3173-1 DLA-3131-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2329 + NOTE: https://lore.kernel.org/stable/CAG48ez3SEqOPcPCYGHVZv4iqEApujD5VtM3Re-tCKLDEFdEdbg@mail.gmail.com/ + NOTE: https://git.kernel.org/linus/b67fbebd4cf980aecbcc750e1462128bffe8ae15 +CVE-2022-39159 + REJECTED +CVE-2022-39158 (Affected devices improperly handle partial HTTP requests which makes t ...) + NOT-FOR-US: Siemens +CVE-2022-39157 (A vulnerability has been identified in Parasolid V34.0 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39156 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39155 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39154 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39153 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39152 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39151 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39150 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39149 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39148 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39147 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39146 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39145 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39144 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39143 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39142 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39141 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39140 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39139 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39138 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39137 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-39136 (A vulnerability has been identified in JT2Go (All versions < V14.1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-39135 (Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRAC ...) + NOT-FOR-US: Apache Calcite +CVE-2022-39134 (In audio driver, there is a use after free due to a race condition. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-39133 (In wlan driver, there is a possible missing bounds check, This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-39132 (In camera driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39131 (In camera driver, there is a possible memory corruption due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2022-39130 (In face detect driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-39129 (In face detect driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-39128 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39127 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39126 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39125 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39124 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39123 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39122 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39121 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39120 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39119 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39118 (In sprd_sysdump driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-39117 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-39116 (In sprd_sysdump driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-39115 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39114 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39113 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39112 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39111 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39110 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39109 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39108 (In Music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-39107 (In Soundrecorder service, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-39106 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39105 (In sensor driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-39104 (In contacts service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-39103 (In Gallery service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39102 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39101 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39100 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39099 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39098 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39097 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39096 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39095 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39094 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39093 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39092 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39091 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39090 (In power management service, there is a missing permission check. This ...) + NOT-FOR-US: Unisoc +CVE-2022-39089 (In mlog service, there is a possible out of bounds read due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-39088 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39087 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39086 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39085 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39084 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39083 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39082 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39081 (In network service, there is a missing permission check. This could le ...) + NOT-FOR-US: Unisoc +CVE-2022-39080 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-3082 (The miniOrange Discord Integration WordPress plugin before 2.1.6 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3081 + RESERVED +CVE-2022-3080 (By sending specific queries to the resolver, an attacker can cause nam ...) + {DSA-5235-1} + - bind9 1:9.18.7-1 + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-3080 + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/b9e2f3333d0d29deb3ef932aa7aeb28086f153bd (v9_18_7) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/3f68e2ad838b3c12a725ccb1082a54b0e8b69562 (v9_16_33) +CVE-2022-3079 (Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow ...) + NOT-FOR-US: Festo +CVE-2022-3078 (An issue was discovered in the Linux kernel through 5.16-rc6. There is ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/e6a21a14106d9718aa4f8e115b1e474888eeba44 (5.18-rc1) +CVE-2022-3077 (A buffer overflow vulnerability was found in the Linux kernel Intel\u2 ...) + - linux 5.18.2-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2123309 + NOTE: https://git.kernel.org/linus/690b2549b19563ec5ad53e5c82f6a944d910086e (5.19-rc1) +CVE-2022-3076 (The CM Download Manager WordPress plugin before 2.8.6 allows high priv ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3075 (Insufficient data validation in Mojo in Google Chrome prior to 105.0.5 ...) + {DSA-5225-1} + - chromium 105.0.5195.102-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3074 (The Slider Hero WordPress plugin before 8.4.4 does not escape the slid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3073 (Quanos "SCHEMA ST4" example web templates in version Bootstrap 2019 v2 ...) + NOT-FOR-US: Quanos "SCHEMA ST4" example web templates +CVE-2022-3072 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2006-20001 (A carefully crafted If: request header can cause a memory read, or wri ...) + {DSA-5376-1 DLA-3351-1} + - apache2 2.4.55-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/5 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001 +CVE-2022-XXXX [wordpress 6.0.3] + - wordpress 6.0.3+dfsg1-1 (bug #1022575) + [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 + [buster] - wordpress 5.0.18+dfsg1-0+deb10u1 + NOTE: https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/ + NOTE: Some issues covered by CVE-2022-43497, CVE-2022-43500 and CVE-2022-43504 +CVE-2022-XXXX [wordpress 6.0.2] + - wordpress 6.0.2+dfsg1-1 (bug #1018863) + [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 + [buster] - wordpress 5.0.17+dfsg1-0+deb10u1 + NOTE: https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/ + NOTE: https://core.trac.wordpress.org/changeset/53973 (5.0) +CVE-2022-39079 + RESERVED +CVE-2022-39078 + RESERVED +CVE-2022-3070 (The Generate PDF WordPress plugin before 3.6 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3071 (Use after free in Tab Strip in Google Chrome on Chrome OS, Lacros prio ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-39077 + RESERVED +CVE-2022-39076 + RESERVED +CVE-2022-39075 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + NOT-FOR-US: ZTE +CVE-2022-39074 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + NOT-FOR-US: ZTE +CVE-2022-39073 (There is a command injection vulnerability in ZTE MF286R, Due to insuf ...) + NOT-FOR-US: ZTE +CVE-2022-39072 (There is a SQL injection vulnerability in Some ZTE Mobile Internet pro ...) + NOT-FOR-US: ZTE +CVE-2022-39071 (There is an unauthorized access vulnerability in some ZTE mobile phone ...) + NOT-FOR-US: ZTE +CVE-2022-39070 (There is an access control vulnerability in some ZTE PON OLT products. ...) + NOT-FOR-US: ZTE +CVE-2022-39069 (There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of ...) + NOT-FOR-US: ZTE +CVE-2022-39068 + RESERVED +CVE-2022-39067 (There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of ...) + NOT-FOR-US: ZTE +CVE-2022-39066 (There is a SQL injection vulnerability in ZTE MF286R. Due to insuffici ...) + NOT-FOR-US: ZTE +CVE-2022-39065 (A single malformed IEEE 802.15.4 (Zigbee) frame makes the TR\xc5DFRI g ...) + NOT-FOR-US: Ikea +CVE-2022-39064 (An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame ma ...) + NOT-FOR-US: Ikea +CVE-2022-39063 (When Open5GS UPF receives a PFCP Session Establishment Request, it sto ...) + NOT-FOR-US: Open5GS UPF +CVE-2022-39062 (A vulnerability has been identified in SICAM TOOLBOX II (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-39061 (ChangingTech MegaServiSignAdapter component has a vulnerability of Out ...) + NOT-FOR-US: ChangingTech MegaServiSignAdapter +CVE-2022-39060 (ChangingTech MegaServiSignAdapter component has a vulnerability of imp ...) + NOT-FOR-US: ChangingTech MegaServiSignAdapter +CVE-2022-39059 (ChangingTech MegaServiSignAdapter component has a path traversal vulne ...) + NOT-FOR-US: ChangingTech MegaServiSignAdapter +CVE-2022-39058 (RAVA certification validation system has a path traversal vulnerabilit ...) + NOT-FOR-US: RAVA certification validation system +CVE-2022-39057 (RAVA certificate validation system has insufficient filtering for spec ...) + NOT-FOR-US: RAVA certification validation system +CVE-2022-39056 (RAVA certificate validation system has insufficient validation for use ...) + NOT-FOR-US: RAVA certification validation system +CVE-2022-39055 (RAVA certificate validation system has inadequate filtering for URL pa ...) + NOT-FOR-US: RAVA certification validation system +CVE-2022-39054 (Cowell enterprise travel management system has insufficient filtering ...) + NOT-FOR-US: Cowell enterprise travel management system +CVE-2022-39053 (Heimavista Rpage has insufficient filtering for platform web URL. An u ...) + NOT-FOR-US: Heimavista Rpage +CVE-2022-39052 (An external attacker is able to send a specially crafted email (with m ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out + NOTE: Was also tracked as #1024560 +CVE-2022-39051 (Attacker might be able to execute malicious Perl code in the Template ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2022-39050 (An attacker who is logged into OTRS as an admin user may manipulate cu ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2022-39049 (An attacker who is logged into OTRS as an admin user may manipulate th ...) + NOT-FOR-US: OTRS + NOTE: Could possibly affect Znuny, we'll let their security team figure it out +CVE-2022-3069 (The WordLift WordPress plugin before 3.37.2 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3068 (Improper Privilege Management in GitHub repository octoprint/octoprint ...) + - octoprint (bug #718591) +CVE-2022-39048 (A XSS vulnerability was identified in the ServiceNow UI page assessmen ...) + NOT-FOR-US: ServiceNow Tokyo +CVE-2022-39046 (An issue was discovered in the GNU C Library (glibc) 2.36. When the sy ...) + - glibc (Vulnerable code introduced later) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29536 + NOTE: https://sourceware.org/pipermail/libc-alpha/2022-August/141707.html + NOTE: Introduced by: https://sourceware.org/git/?p=glibc.git;a=commit;h=a583b6add407c17cdcd4146be3876061a5e1d555 (glibc-2.36) + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=52a5be0df411ef3ff45c10c7c308cb92993d15b1 +CVE-2022-3067 (An issue has been discovered in the Import functionality of GitLab CE/ ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3066 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3065 (Improper Access Control in GitHub repository jgraph/drawio prior to 20 ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-3064 (Parsing malicious or large YAML documents can consume excessive amount ...) + {DLA-3479-1} + - golang-yaml.v2 2.2.8-1 + NOTE: https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 (v2.2.4) +CVE-2022-3063 + REJECTED +CVE-2022-3062 (The Simple File List WordPress plugin before 4.4.12 does not escape pa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3061 (Found Linux Kernel flaw in the i740 driver. The Userspace program coul ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.18.2-1 + NOTE: https://git.kernel.org/linus/15cf0b82271b1823fb02ab8c377badba614d95d5 (5.18-rc5) +CVE-2022-39043 (Juiker app stores debug logs which contains sensitive information to m ...) + NOT-FOR-US: Juiker app stores +CVE-2022-39042 (aEnrich a+HRD has improper validation for login function. An unauthent ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-39041 (aEnrich a+HRD has insufficient user input validation for specific API ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-39040 (aEnrich a+HRD log read function has a path traversal vulnerability. An ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-39039 (aEnrich\u2019s a+HRD has inadequate filtering for specific URL paramet ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-39038 (Agentflow BPM enterprise management system has improper authentication ...) + NOT-FOR-US: Agentflow BPM enterprise management system +CVE-2022-39037 (Agentflow BPM file download function has a path traversal vulnerabilit ...) + NOT-FOR-US: Agentflow BPM file download function +CVE-2022-39036 (The file upload function of Agentflow BPM has insufficient filtering f ...) + NOT-FOR-US: Agentflow BPM +CVE-2022-39035 (Smart eVision has insufficient filtering for special characters in the ...) + NOT-FOR-US: Smart eVision +CVE-2022-39034 (Smart eVision has a path traversal vulnerability in the Report API fun ...) + NOT-FOR-US: Smart eVision +CVE-2022-39033 (Smart eVision\u2019s file acquisition function has a path traversal vu ...) + NOT-FOR-US: Smart eVision +CVE-2022-39032 (Smart eVision has an improper privilege management vulnerability. A re ...) + NOT-FOR-US: Smart eVision +CVE-2022-39031 (Smart eVision has insufficient authorization for task acquisition func ...) + NOT-FOR-US: Smart eVision +CVE-2022-39030 (smart eVision has inadequate authorization for system information quer ...) + NOT-FOR-US: Smart eVision +CVE-2022-39029 (Smart eVision has inadequate authorization for the database query func ...) + NOT-FOR-US: Smart eVision +CVE-2022-39027 (U-Office Force Forum function has insufficient filtering for special c ...) + NOT-FOR-US: U-Office Force +CVE-2022-39026 (U-Office Force UserDefault page has insufficient filtering for special ...) + NOT-FOR-US: U-Office Force +CVE-2022-39025 (U-Office Force PrintMessage function has insufficient filtering for sp ...) + NOT-FOR-US: U-Office Force +CVE-2022-39024 (U-Office Force Bulletin function has insufficient filtering for specia ...) + NOT-FOR-US: U-Office Force +CVE-2022-39023 (U-Office Force Download function has a path traversal vulnerability. A ...) + NOT-FOR-US: U-Office Force +CVE-2022-39022 (U-Office Force Download function has a path traversal vulnerability. A ...) + NOT-FOR-US: U-Office Force +CVE-2022-39021 (U-Office Force login function has an Open Redirect vulnerability. An u ...) + NOT-FOR-US: U-Office Force +CVE-2022-39020 (Multiple instances of XSS (stored and reflected) was found in the appl ...) + NOT-FOR-US: Schoolbox +CVE-2022-39019 (Broken access controls on PDFtron WebviewerUI in M-Files Hubshare befo ...) + NOT-FOR-US: M-Files Hubshare +CVE-2022-39018 (Broken access controls on PDFtron data in M-Files Hubshare before 3.3. ...) + NOT-FOR-US: M-Files Hubshare +CVE-2022-39017 (Improper input validation and output encoding in all comments fields, ...) + NOT-FOR-US: M-Files Hubshare +CVE-2022-39016 (Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 al ...) + NOT-FOR-US: M-Files Hubshare +CVE-2022-38400 (Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated atta ...) + NOT-FOR-US: Mailform Pro CGI +CVE-2022-33941 (PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injec ...) + NOT-FOR-US: PowerCMS +CVE-2022-3060 (Improper control of a resource identifier in Error Tracking in GitLab ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3059 (The application was vulnerable to multiple instances of SQL injection ...) + NOT-FOR-US: Schoolbox +CVE-2022-3058 (Use after free in Sign-In Flow in Google Chrome prior to 105.0.5195.52 ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3057 (Inappropriate implementation in iframe Sandbox in Google Chrome prior ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3056 (Insufficient policy enforcement in Content Security Policy in Google C ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3055 (Use after free in Passwords in Google Chrome prior to 105.0.5195.52 al ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3054 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3053 (Inappropriate implementation in Pointer Lock in Google Chrome on Mac p ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3052 (Heap buffer overflow in Window Manager in Google Chrome on Chrome OS, ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3051 (Heap buffer overflow in Exosphere in Google Chrome on Chrome OS, Lacro ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3050 (Heap buffer overflow in WebUI in Google Chrome on Chrome OS prior to 1 ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3049 (Use after free in SplitScreen in Google Chrome on Chrome OS, Lacros pr ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3048 (Inappropriate implementation in Chrome OS lockscreen in Google Chrome ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3047 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3046 (Use after free in Browser Tag in Google Chrome prior to 105.0.5195.52 ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3045 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3044 (Inappropriate implementation in Site Isolation in Google Chrome prior ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3043 (Heap buffer overflow in Screen Capture in Google Chrome on Chrome OS p ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3042 (Use after free in PhoneHub in Google Chrome on Chrome OS prior to 105. ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3041 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3040 (Use after free in Layout in Google Chrome prior to 105.0.5195.52 allow ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3039 (Use after free in WebSQL in Google Chrome prior to 105.0.5195.52 allow ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3038 (Use after free in Network Service in Google Chrome prior to 105.0.5195 ...) + {DSA-5223-1} + - chromium 105.0.5195.52-1 + [buster] - chromium (see DSA 5046) +CVE-2022-3037 (Use After Free in GitHub repository vim/vim prior to 9.0.0322.) + - vim 2:9.0.0626-1 (bug #1019590; unimportant) + [buster] - vim (quickfixtextfunc added in 8.2.0869) + NOTE: https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 + NOTE: https://github.com/vim/vim/commit/4f1b083be43f351bc107541e7b0c9655a5d2c0bb (v9.0.0322) + NOTE: Crash in CLI tool, no security impact +CVE-2022-3036 (The Gettext override translations WordPress plugin before 2.0.0 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3035 (Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-i ...) + - snipe-it (bug #1005172) +CVE-2022-3034 (When receiving an HTML email that specified to load an iframe (Only affects ESR102) + [buster] - thunderbird (Only affects ESR102) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3034 +CVE-2022-39015 (Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker t ...) + NOT-FOR-US: SAP +CVE-2022-39014 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) + NOT-FOR-US: SAP +CVE-2022-39013 (Under certain conditions an authenticated attacker can get access to O ...) + NOT-FOR-US: SAP +CVE-2022-39012 (Huawei Aslan Children's Watch has an improper input validation vulnera ...) + NOT-FOR-US: Huawei +CVE-2022-39011 (The HISP module has a vulnerability of bypassing the check of the data ...) + NOT-FOR-US: Huawei +CVE-2022-39010 (The HwChrService module has a vulnerability in permission control. Suc ...) + NOT-FOR-US: Huawei +CVE-2022-39009 (The WLAN module has a vulnerability in permission verification. Succes ...) + NOT-FOR-US: Huawei +CVE-2022-39008 (The NFC module has bundle serialization/deserialization vulnerabilitie ...) + NOT-FOR-US: Huawei +CVE-2022-39007 (The location module has a vulnerability of bypassing permission verifi ...) + NOT-FOR-US: Huawei +CVE-2022-39006 (The MPTCP module has the race condition vulnerability. Successful expl ...) + NOT-FOR-US: Huawei +CVE-2022-39005 (The MPTCP module has the memory leak vulnerability. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-39004 (The MPTCP module has the memory leak vulnerability. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-39003 (Buffer overflow vulnerability in the video framework. Successful explo ...) + NOT-FOR-US: Huawei +CVE-2022-39002 (Double free vulnerability in the storage module. Successful exploitati ...) + NOT-FOR-US: Huawei +CVE-2022-39001 (The number identification module has a path traversal vulnerability. S ...) + NOT-FOR-US: Huawei +CVE-2022-39000 (The iAware module has a vulnerability in managing malicious apps.Succe ...) + NOT-FOR-US: Huawei +CVE-2022-38999 (The AOD module has the improper update of reference count vulnerabilit ...) + NOT-FOR-US: Huawei +CVE-2022-38998 (The HISP module has a vulnerability of not verifying the data transfer ...) + NOT-FOR-US: Huawei +CVE-2022-38997 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38996 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38995 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38994 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38993 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38992 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38991 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38990 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38989 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38988 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38987 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38986 (The HIPP module has a vulnerability of bypassing the check of the data ...) + NOT-FOR-US: Huawei +CVE-2022-38985 (The facial recognition module has a vulnerability in input validation. ...) + NOT-FOR-US: Huawei +CVE-2022-38984 (The HIPP module has a vulnerability of not verifying the data transfer ...) + NOT-FOR-US: Huawei +CVE-2022-38983 (The BT Hfp Client module has a Use-After-Free (UAF) vulnerability.Succ ...) + NOT-FOR-US: Huawei +CVE-2022-38982 (The fingerprint module has service logic errors.Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38981 (The HwAirlink module has an out-of-bounds read vulnerability.Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-38980 (The HwAirlink module has a heap overflow vulnerability in processing d ...) + NOT-FOR-US: Huawei +CVE-2022-38979 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38978 (The secure OS module has configuration defects. Successful exploitatio ...) + NOT-FOR-US: Huawei +CVE-2022-38977 (The HwAirlink module has a heap overflow vulnerability.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2022-38970 (ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access C ...) + NOT-FOR-US: ieGeek IG20 hipcam RealServer +CVE-2022-38969 + RESERVED +CVE-2022-38968 + RESERVED +CVE-2022-38967 + RESERVED +CVE-2022-38966 + RESERVED +CVE-2022-38965 + RESERVED +CVE-2022-38964 + RESERVED +CVE-2022-38963 + RESERVED +CVE-2022-38962 + RESERVED +CVE-2022-38961 + RESERVED +CVE-2022-38960 + RESERVED +CVE-2022-38959 + RESERVED +CVE-2022-38958 + RESERVED +CVE-2022-38957 + RESERVED +CVE-2022-38956 (An exploitable firmware downgrade vulnerability was discovered on the ...) + NOT-FOR-US: Netgear +CVE-2022-38955 (An exploitable firmware modification vulnerability was discovered on t ...) + NOT-FOR-US: Netgear +CVE-2022-38954 + RESERVED +CVE-2022-38953 + RESERVED +CVE-2022-38952 + RESERVED +CVE-2022-38951 + RESERVED +CVE-2022-38950 + RESERVED +CVE-2022-38949 + RESERVED +CVE-2022-38948 + RESERVED +CVE-2022-38947 + RESERVED +CVE-2022-38946 + RESERVED +CVE-2022-38945 + RESERVED +CVE-2022-38944 + RESERVED +CVE-2022-38943 + RESERVED +CVE-2022-38942 + RESERVED +CVE-2022-38941 + RESERVED +CVE-2022-38940 + RESERVED +CVE-2022-38939 + RESERVED +CVE-2022-38938 + RESERVED +CVE-2022-38937 + RESERVED +CVE-2022-38936 (An issue has been found in PBC through 2022-8-27. A SEGV issue detecte ...) + NOT-FOR-US: PBC +CVE-2022-38935 (An issue was discovered in NiterForum version 2.5.0-beta in /src/main/ ...) + NOT-FOR-US: NiterForum +CVE-2022-38934 (readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabiliti ...) + NOT-FOR-US: readelf in ToaruOS +CVE-2022-38933 + RESERVED +CVE-2022-38932 (readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsi ...) + NOT-FOR-US: readelf in ToaruOS +CVE-2022-38931 (A Server-Side Request Forgery (SSRF) in fetch_net_file_upload function ...) + NOT-FOR-US: baijiacms +CVE-2022-38930 + RESERVED +CVE-2022-38929 + RESERVED +CVE-2022-38928 (XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2 ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38927 + RESERVED +CVE-2022-38926 + RESERVED +CVE-2022-38925 + RESERVED +CVE-2022-38924 + RESERVED +CVE-2022-38923 (BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Head ...) + NOT-FOR-US: BluePage CMS +CVE-2022-38922 (BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Heade ...) + NOT-FOR-US: BluePage CMS +CVE-2022-38921 + RESERVED +CVE-2022-38920 + RESERVED +CVE-2022-38919 + RESERVED +CVE-2022-38918 + RESERVED +CVE-2022-38917 + RESERVED +CVE-2022-38916 (A file upload vulnerability exists in the storage feature of pagekit 1 ...) + NOT-FOR-US: Pagekit CMS +CVE-2022-38915 + RESERVED +CVE-2022-38914 + RESERVED +CVE-2022-38913 + RESERVED +CVE-2022-38912 + RESERVED +CVE-2022-38911 + RESERVED +CVE-2022-38910 + RESERVED +CVE-2022-38909 + RESERVED +CVE-2022-38908 + RESERVED +CVE-2022-38907 + RESERVED +CVE-2022-38906 + RESERVED +CVE-2022-38905 + RESERVED +CVE-2022-38904 + RESERVED +CVE-2022-38903 + RESERVED +CVE-2022-38902 (A Cross-site scripting (XSS) vulnerability in the Blog module - add ne ...) + NOT-FOR-US: Liferay +CVE-2022-38901 (A Cross-site scripting (XSS) vulnerability in the Document and Media m ...) + NOT-FOR-US: Liferay +CVE-2022-38900 (decode-uri-component 0.2.0 is vulnerable to Improper Input Validation ...) + NOT-FOR-US: Node decode-uri-component +CVE-2022-38899 + RESERVED +CVE-2022-38898 + RESERVED +CVE-2022-38897 + RESERVED +CVE-2022-38896 + RESERVED +CVE-2022-38895 + RESERVED +CVE-2022-38894 + RESERVED +CVE-2022-38893 + RESERVED +CVE-2022-38892 + RESERVED +CVE-2022-38891 + RESERVED +CVE-2022-38890 (Nginx NJS v0.7.7 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-38889 + RESERVED +CVE-2022-38888 + RESERVED +CVE-2022-38887 (The d8s-python for python, as distributed on PyPI, included a potentia ...) + NOT-FOR-US: d8s-python for python +CVE-2022-38886 (The d8s-xml for python, as distributed on PyPI, included a potential c ...) + NOT-FOR-US: d8s-xml for python +CVE-2022-38885 (The d8s-netstrings for python, as distributed on PyPI, included a pote ...) + NOT-FOR-US: d8s-netstrings for python +CVE-2022-38884 (The d8s-grammars for python, as distributed on PyPI, included a potent ...) + NOT-FOR-US: d8s-grammars for python +CVE-2022-38883 (The d8s-math for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-math for python +CVE-2022-38882 (The d8s-json for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-json for python +CVE-2022-38881 (The d8s-archives for python, as distributed on PyPI, included a potent ...) + NOT-FOR-US: d8s-archives for python +CVE-2022-38880 (The d8s-urls for python, as distributed on PyPI, included a potential ...) + NOT-FOR-US: d8s-urls for python +CVE-2022-38879 + RESERVED +CVE-2022-38878 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38877 (Garage Management System v1.0 is vulnerable to Arbitrary code executio ...) + NOT-FOR-US: Garage Management System +CVE-2022-38876 + RESERVED +CVE-2022-38875 + RESERVED +CVE-2022-38874 + RESERVED +CVE-2022-38873 (D-Link devices DAP-2310 v2.10rc036 and earlier, DAP-2330 v1.06rc020 an ...) + NOT-FOR-US: D-Link +CVE-2022-38872 + RESERVED +CVE-2022-38871 (In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.) + NOT-FOR-US: free5GC +CVE-2022-38870 (Free5gc v3.2.1 is vulnerable to Information disclosure.) + NOT-FOR-US: free5GC +CVE-2022-38869 + RESERVED +CVE-2022-38868 (SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol ...) + NOT-FOR-US: Ehoney +CVE-2022-38867 (SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 ...) + NOT-FOR-US: rttys +CVE-2022-38866 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2403#comment:2 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/373517da3bb5781726565eb3114a2697b13f00f2 (r38388) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38865 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2401 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/33d9295663c37a37216633d7e3f07e7155da6144 (r38386) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38864 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (bug #1021013) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2406 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/36546389ef9fb6b0e0540c5c3f212534c34b0e94 (r38391) +CVE-2022-38863 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2405 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/b5e745b4bfab2835103a060094fae3c6cc1ba17d (r38393) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38862 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + NOTE: Unreproducible issue, probably a bug in the reporter's ASAN setup + NOTE: https://trac.mplayerhq.hu/ticket/2400 + NOTE: https://trac.mplayerhq.hu/ticket/2404 +CVE-2022-38861 (The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (bug #1021013) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2407 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2622e7fbe3605a2f3b4f74900197fefeedc0d2e1 (r38402) +CVE-2022-38860 (Certain The MPlayer Project products are vulnerable to Divide By Zero ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2402 + NOTE: Duplicate of https://trac.mplayerhq.hu/ticket/2401 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/62fe0c63cf4fba91efd29bbc85309280e1a99a47 (r38389) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38859 + RESERVED +CVE-2022-38858 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2396 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/92e0d0b1a04dfdd4ac741e0d07005e3ece2c92ca (r38385) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38857 + RESERVED +CVE-2022-38856 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) + NOTE: https://trac.mplayerhq.hu/ticket/2395 + NOTE: Crash in CLI tool, no security impact +CVE-2022-38855 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2392 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/2f6e69e59e2614acdde5505b049c48f80a3d0eb7 (r38384) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38854 + RESERVED +CVE-2022-38853 (Certain The MPlayer Project products are vulnerable to Buffer Overflow ...) + - mplayer 2:1.5+svn38408-1 (unimportant) + NOTE: https://trac.mplayerhq.hu/ticket/2398 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) + NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38852 + RESERVED +CVE-2022-38851 (Certain The MPlayer Project products are vulnerable to Out-of-bounds R ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2393 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/58db9292a414ebf13a2cacdb3ffa967fb9036935 (r38382) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38850 (The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide ...) + {DLA-3255-1} + - mplayer 2:1.5+svn38408-1 (unimportant) + [bullseye] - mplayer 2:1.4+ds1-1+deb11u1 + NOTE: https://trac.mplayerhq.hu/ticket/2399 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/d19ea1ce173e95c31b0e8acbe471ea26c292be2b (r38390) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38849 + RESERVED +CVE-2022-38848 + RESERVED +CVE-2022-38847 + RESERVED +CVE-2022-38846 (EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing th ...) + NOT-FOR-US: EspoCRM +CVE-2022-38845 (Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote ...) + NOT-FOR-US: EspoCRM +CVE-2022-38844 (CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authen ...) + NOT-FOR-US: EspoCRM +CVE-2022-38843 (EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowi ...) + NOT-FOR-US: EspoCRM +CVE-2022-38842 + RESERVED +CVE-2022-38841 (Linksys AX3200 1.1.00 is vulnerable to OS command injection by authent ...) + NOT-FOR-US: Linksys +CVE-2022-38840 (cgi-bin/xmlstatus.cgi in G\xfcralp MAN-EAM-0003 3.2.4 is vulnerable to ...) + NOT-FOR-US: Gueralp MAN-EAM-0003 +CVE-2022-38839 + RESERVED +CVE-2022-38838 + RESERVED +CVE-2022-38837 + RESERVED +CVE-2022-38836 + RESERVED +CVE-2022-38835 + RESERVED +CVE-2022-38834 + RESERVED +CVE-2022-38833 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38832 (School Activity Updates with SMS Notification v1.0 is vulnerable to SQ ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38831 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) + NOT-FOR-US: Tenda +CVE-2022-38830 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) + NOT-FOR-US: Tenda +CVE-2022-38829 (Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/ ...) + NOT-FOR-US: Tenda +CVE-2022-38828 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38827 (TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow vi ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38826 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary c ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38825 + RESERVED +CVE-2022-38824 + RESERVED +CVE-2022-38823 (In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38822 + RESERVED +CVE-2022-38821 + RESERVED +CVE-2022-38820 + RESERVED +CVE-2022-38819 + RESERVED +CVE-2022-38818 + RESERVED +CVE-2022-38817 (Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Acces ...) + NOT-FOR-US: Dapr Dashboard +CVE-2022-38816 + RESERVED +CVE-2022-38815 + RESERVED +CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...) + NOT-FOR-US: FiberHome +CVE-2022-38813 (PHPGurukul Blood Donor Management System 1.0 does not properly restric ...) + NOT-FOR-US: PHPGurukul Blood Donor Management System +CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.) + NOT-FOR-US: AeroCMS +CVE-2022-38811 + RESERVED +CVE-2022-38810 + RESERVED +CVE-2022-38809 + RESERVED +CVE-2022-38808 (ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportE ...) + NOT-FOR-US: ywoa +CVE-2022-38807 + RESERVED +CVE-2022-38806 + RESERVED +CVE-2022-38805 + RESERVED +CVE-2022-38804 + RESERVED +CVE-2022-38803 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect A ...) + NOT-FOR-US: Zkteco BioTime +CVE-2022-38802 (Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect A ...) + NOT-FOR-US: Zkteco BioTime +CVE-2022-38801 (In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack a ...) + NOT-FOR-US: Zkteco BioTime +CVE-2022-38800 + RESERVED +CVE-2022-38799 + RESERVED +CVE-2022-38798 + RESERVED +CVE-2022-38797 + RESERVED +CVE-2022-38796 (A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an ...) + NOT-FOR-US: Feehi CMS +CVE-2022-38453 (Multiple binary application files on the CMS8000 device are compiled w ...) + NOT-FOR-US: Contec Health +CVE-2022-38399 (Missing protection mechanism for alternate hardware interface in SmaCa ...) + NOT-FOR-US: SmaCam +CVE-2022-38138 (The Triangle Microworks IEC 61850 Library (Any client or server using ...) + NOT-FOR-US: Triangle Microworks IEC 61850 Library +CVE-2022-38100 (The CMS800 device fails while attempting to parse malformed network da ...) + NOT-FOR-US: Contec Health +CVE-2022-38069 (Multiple globally default credentials exist across all CMS8000 devices ...) + NOT-FOR-US: Contec Health +CVE-2022-36385 (A threat actor with momentary access to the device can plug in a USB d ...) + NOT-FOR-US: Contec Health +CVE-2022-3033 (If a Thunderbird user replied to a crafted HTML email containing a (Only affects ESR102) + [buster] - thunderbird (Only affects ESR102) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3033 +CVE-2022-3032 (When receiving an HTML email that contained an iframe ele ...) + - thunderbird 1:102.2.1-1 + [bullseye] - thunderbird (Only affects ESR102) + [buster] - thunderbird (Only affects ESR102) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-3032 +CVE-2022-3031 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-3030 (An improper access control issue in GitLab CE/EE affecting all version ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3029 (In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mi ...) + - routinator (bug #929024) +CVE-2022-3028 (A race condition was found in the Linux kernel's IP framework for tran ...) + {DLA-3173-1 DLA-3131-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + NOTE: https://lore.kernel.org/all/YtoWqEkKzvimzWS5@gondor.apana.org.au/T/ + NOTE: https://git.kernel.org/linus/ba953a9d89a00c078b85f4b190bc1dde66fe16b5 (6.0-rc3) +CVE-2022-3027 (The CMS8000 device does not properly control or sanitize the SSID name ...) + NOT-FOR-US: CMS8000 device +CVE-2022-3026 (The WP Users Exporter plugin for WordPress is vulnerable to CSV Inject ...) + NOT-FOR-US: WP Users Exporter plugin for WordPress +CVE-2022-3025 (The Bitcoin / Altcoin Faucet WordPress plugin through 1.6.0 does not h ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3024 (The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3023 (Use of Externally-Controlled Format String in GitHub repository pingca ...) + NOT-FOR-US: pingcap/tidb +CVE-2022-3022 + REJECTED +CVE-2022-3021 (The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-3020 + RESERVED +CVE-2021-46836 (Implementation of the WLAN module interfaces has the information discl ...) + NOT-FOR-US: Huawei +CVE-2022-3019 (The forgot password token basically just makes us capable of taking ov ...) + NOT-FOR-US: ToolJet +CVE-2022-39028 (telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and ...) + {DLA-3205-1} + - inetutils 2:2.3-5 + [bullseye] - inetutils 2:2.0-1+deb11u1 + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2022-08/msg00002.html + NOTE: https://pierrekim.github.io/blog/2022-08-24-2-byte-dos-freebsd-netbsd-telnetd-netkit-telnetd-inetutils-telnetd-kerberos-telnetd.html +CVE-2022-38795 (In Gitea through 1.17.1, repo cloning can occur in the migration funct ...) + - gitea +CVE-2022-38794 (Zaver through 2020-12-15 allows directory traversal via the GET /.. su ...) + NOT-FOR-US: Zaver +CVE-2022-38793 + RESERVED +CVE-2022-38792 (The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code ...) + - python-exotel (Vulnerable backdoored version not uploaded to Debian) + NOTE: https://github.com/jertel/elastalert2/pull/931 + NOTE: https://github.com/sarathsp06/exotel-py/issues/10 +CVE-2022-38791 (In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compr ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-28719 + NOTE: MariaDB fixed in 10.3.36, 10.5.17, 10.6.9 +CVE-2022-38790 (Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting ( ...) + NOT-FOR-US: Weave GitOps Enterprise +CVE-2022-38789 (An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It a ...) + NOT-FOR-US: Airties Smart Wi-Fi +CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00 ...) + NOT-FOR-US: Nokia +CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE affecting all ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor ...) + - froxlor (bug #581792) +CVE-2022-3016 (Use After Free in GitHub repository vim/vim prior to 9.0.0286.) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 + NOTE: https://github.com/vim/vim/commit/6d24a51b94beb1991cddce221f90b455e2d50db7 (v9.0.0286) + NOTE: Crash in CLI toool, no security impact +CVE-2022-3015 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: oretnom23 Fast Food Ordering System +CVE-2022-3014 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-3013 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Simple Task Managing System +CVE-2022-3012 (A vulnerability was found in oretnom23 Fast Food Ordering System. It h ...) + NOT-FOR-US: oretnom23 Fast Food Ordering System +CVE-2022-38065 (A privilege escalation vulnerability exists in the oslo.privsep functi ...) + - python-oslo.privsep (unimportant; bug #1033114) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1599 + NOTE: Deemed as additional hardening, but not a security issue by upstream: + NOTE: https://bugs.launchpad.net/oslo.privsep/+bug/1989008 +CVE-2022-3011 + RESERVED +CVE-2022-38785 + REJECTED +CVE-2022-38784 (Poppler prior to and including 22.08.0 contains an integer overflow in ...) + {DSA-5224-1 DLA-3120-1} + - poppler 22.08.0-2.1 (bug #1018971) + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/27354e9d9696ee2bc063910a6c9a6b27c5184a52 (poppler-22.09.0) + NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf + NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 + NOTE: https://www.openwall.com/lists/oss-security/2022/09/02/11 + NOTE: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html +CVE-2022-38783 + RESERVED +CVE-2022-38782 + RESERVED +CVE-2022-38781 + RESERVED +CVE-2022-38780 + RESERVED +CVE-2022-38779 (An open redirect issue was discovered in Kibana that could lead to a u ...) + - kibana (bug #700337) +CVE-2022-38778 (A flaw (CVE-2022-38900) was discovered in one of Kibana\u2019s third p ...) + - kibana (bug #700337) +CVE-2022-38777 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...) + NOT-FOR-US: Elastic Endpoint Security +CVE-2022-38776 + RESERVED +CVE-2022-38775 (An issue was discovered in the rollback feature of Elastic Endpoint Se ...) + NOT-FOR-US: Elastic Endpoint Security +CVE-2022-38774 (An issue was discovered in the quarantine feature of Elastic Endpoint ...) + NOT-FOR-US: Elastic Endpoint Security +CVE-2022-38773 (Affected devices do not contain an Immutable Root of Trust in Hardware ...) + NOT-FOR-US: Siemens +CVE-2022-3010 + RESERVED +CVE-2022-3009 + RESERVED +CVE-2022-3008 (The tinygltf library uses the C library function wordexp() to perform ...) + {DSA-5232-1} + - tinygltf 2.5.0+dfsg-5 (bug #1019357) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49053 + NOTE: https://github.com/syoyo/tinygltf/issues/368 + NOTE: https://github.com/syoyo/tinygltf/commit/52ff00a38447f06a17eab1caa2cf0730a119c751 +CVE-2022-3007 (The vulnerability exists in Syska SW100 Smartwatch due to an improper ...) + NOT-FOR-US: Syska +CVE-2022-3006 + RESERVED +CVE-2022-3005 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-3004 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-3003 + RESERVED +CVE-2022-3002 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-3001 (This vulnerability exists in Milesight Video Management Systems (VMS), ...) + NOT-FOR-US: Milesight Video Management Systems (VMS) +CVE-2022-3000 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-38772 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-38771 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) + NOT-FOR-US: Transtek +CVE-2022-38770 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) + NOT-FOR-US: Transtek +CVE-2022-38769 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) + NOT-FOR-US: Transtek +CVE-2022-38768 (The mobile application in Transtek Mojodat FAM (Fixed Asset Management ...) + NOT-FOR-US: Transtek +CVE-2022-38767 (An issue was discovered in Wind River VxWorks 6.9 and 7, that allows a ...) + NOT-FOR-US: Wind River VxWorks +CVE-2022-38766 (The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MH ...) + NOT-FOR-US: Renault +CVE-2022-38765 (Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately e ...) + NOT-FOR-US: Canon Medical Informatics Vitrea +CVE-2022-38764 (A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below ...) + NOT-FOR-US: Trend Micro +CVE-2022-38763 + RESERVED +CVE-2022-38762 + RESERVED +CVE-2022-38761 + RESERVED +CVE-2022-38760 + RESERVED +CVE-2022-38759 + RESERVED +CVE-2022-38758 (Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to ve ...) + NOT-FOR-US: Micro Focus +CVE-2022-38757 (A vulnerability has been identified in Micro Focus ZENworks 2020 Updat ...) + NOT-FOR-US: Micro Focus +CVE-2022-38756 (A vulnerability has been identified in Micro Focus GroupWise Web in ve ...) + NOT-FOR-US: Micro Focus +CVE-2022-38755 (A vulnerability has been identified in Micro Focus Filr in versions pr ...) + NOT-FOR-US: Micro Focus +CVE-2022-38754 (A potential vulnerability has been identified in Micro Focus Operation ...) + NOT-FOR-US: Micro Focus +CVE-2022-38753 (This update resolves a multi-factor authentication bypass attack) + NOT-FOR-US: Micro Focus +CVE-2022-2999 + RESERVED +CVE-2022-2998 (Use after free in Browser Creation in Google Chrome prior to 104.0.511 ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300 +CVE-2022-2997 (Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.) + - snipe-it (bug #1005172) +CVE-2022-2996 (A flaw was found in the python-scciclient when making an HTTPS connect ...) + {DLA-3180-1} + - python-scciclient 0.12.3-2 (bug #1018213) + [bullseye] - python-scciclient (Minor issue) + NOTE: https://opendev.org/x/python-scciclient/commit/274dca0344b65b4ac113d3271d21c17e970a636c (0.12) +CVE-2022-2995 (Incorrect handling of the supplementary groups in the CRI-O container ...) + - cri-o (bug #979702) +CVE-2022-2994 + RESERVED +CVE-2022-38752 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) + - snakeyaml 1.33-1 (bug #1021014; unimportant) + NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 (not public) + NOTE: Deemed a false positive by upstream, only added a test +CVE-2022-38751 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) + {DLA-3132-1} + - snakeyaml 1.31-1 + [bullseye] - snakeyaml 1.28-1+deb11u1 + NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039 + NOTE: Fixed by https://bitbucket.org/snakeyaml/snakeyaml/commits/f3ab4e0f54c37ddb10f00b71d04187bb0ef1799c (snakeyaml-1.31) + NOTE: Fixed by https://bitbucket.org/snakeyaml/snakeyaml/commits/6aedd33a811f7347c5dae2940e75940966f59466 (snakeyaml-1.31) +CVE-2022-38750 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) + {DLA-3132-1} + - snakeyaml 1.31-1 + [bullseye] - snakeyaml 1.28-1+deb11u1 + NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027 + NOTE: Test case: https://bitbucket.org/snakeyaml/snakeyaml/commits/a8a072311547574274036f4a1b91a751b397a055 (snakeyaml-1.31) +CVE-2022-38749 (Using snakeYAML to parse untrusted YAML files may be vulnerable to Den ...) + {DLA-3132-1} + - snakeyaml 1.31-1 + [bullseye] - snakeyaml 1.28-1+deb11u1 + NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024 + NOTE: Also fixed by the patch for CVE-2022-25857. +CVE-2022-38748 + RESERVED +CVE-2022-38747 + RESERVED +CVE-2022-38746 + RESERVED +CVE-2022-38745 (Apache OpenOffice versions before 4.1.14 may be configured to add an e ...) + {DLA-3526-1} + - libreoffice 1:7.3.1-1 + [bullseye] - libreoffice 1:7.0.4-4+deb11u6 + NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878 + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745 +CVE-2022-2993 (There is an error in the condition of the last if-statement in the fun ...) + NOT-FOR-US: zephyr-rtos +CVE-2022-2992 (A vulnerability in GitLab CE/EE affecting all versions from 11.10 prio ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2991 (A heap-based buffer overflow was found in the Linux kernel's LightNVM ...) + - linux 5.15.3-1 (unimportant) + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-960/ + NOTE: CONFIG_NVM not enabled in Debian +CVE-2022-2990 (An incorrect handling of the supplementary groups in the Buildah conta ...) + - golang-github-containers-buildah 1.28.0+ds1-2 + [bullseye] - golang-github-containers-buildah (Minor issue) + NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ + NOTE: https://github.com/containers/buildah/pull/4200 + NOTE: https://github.com/containers/buildah/commit/9934b17365083ce966b44c5ce3c7e052f516e255 (v1.28.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121453 +CVE-2022-2989 (An incorrect handling of the supplementary groups in the Podman contai ...) + [experimental] - libpod 4.3.1+ds1-1 + - libpod 4.3.1+ds1-4 (bug #1019591) + [bullseye] - libpod (Minor issue) + NOTE: https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2121445 + NOTE: https://github.com/containers/podman/pull/15696 + NOTE: https://github.com/containers/podman/commit/21540161f20daffd884eba99b2cc31373c9a0ec4 (v4.2.0-rhel) + NOTE: https://github.com/containers/podman/commit/5c7f28336171f0a5137edd274e45608120d31289 (v4.3.0-rc1) +CVE-2022-2988 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause s ...) + NOT-FOR-US: Schneider +CVE-2022-2987 (The Ldap WP Login / Active Directory Integration WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2986 (Enabling and disabling installed H5P libraries did not include the nec ...) + - moodle +CVE-2021-46835 (There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Suc ...) + NOT-FOR-US: Huawei +CVE-2020-36602 (There is an out-of-bounds read and write vulnerability in some headset ...) + NOT-FOR-US: Huawei +CVE-2022-38744 (An unauthenticated attacker with network access to a victim's Rockwell ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-38743 (Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-38742 (Rockwell Automation ThinManager ThinServer versions 11.0.0 - 13.0.0 is ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-38741 + REJECTED +CVE-2022-38740 + REJECTED +CVE-2022-38739 + REJECTED +CVE-2022-38738 + REJECTED +CVE-2022-38737 + REJECTED +CVE-2022-38736 + REJECTED +CVE-2022-38735 + REJECTED +CVE-2022-38734 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0.8 ...) + NOT-FOR-US: StorageGRID +CVE-2022-38733 (OnCommand Insight versions 7.3.1 through 7.3.14 are susceptible to an ...) + NOT-FOR-US: NetApp +CVE-2022-38732 (SnapCenter versions prior to 4.7 shipped without Content Security Poli ...) + NOT-FOR-US: SnapCenter (NetAPP) +CVE-2022-38731 (Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal ...) + NOT-FOR-US: Qaelum +CVE-2022-2985 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-2984 (In jpg driver, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2022-2983 (The Salat Times WordPress plugin before 3.2.2 does not sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2982 (Use After Free in GitHub repository vim/vim prior to 9.0.0260.) + - vim 2:9.0.0626-1 (bug #1019590; unimportant) + [buster] - vim (quickfixtextfunc added in 8.2.0869) + NOTE: https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be + NOTE: https://github.com/vim/vim/commit/d6c67629ed05aae436164eec474832daf8ba7420 (v9.0.0260) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2981 (The Download Monitor WordPress plugin before 4.5.98 does not ensure th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2980 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.025 ...) + - vim 2:9.0.0626-1 (unimportant) + NOTE: https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea + NOTE: https://github.com/vim/vim/commit/80525751c5ce9ed82c41d83faf9ef38667bf61b1 (9.0.0259) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2979 (Opening a specially crafted file could cause the affected product to f ...) + NOT-FOR-US: Omron +CVE-2022-2978 (A flaw use after free in the Linux kernel NILFS file system was found ...) + {DLA-3245-1} + - linux 6.0.2-1 + [bullseye] - linux 5.10.148-1 + NOTE: https://lore.kernel.org/linux-fsdevel/20220816040859.659129-1-dzm91@hust.edu.cn/T/#u +CVE-2022-38730 (Docker Desktop for Windows before 4.6 allows attackers to overwrite an ...) + NOT-FOR-US: Docker Desktop +CVE-2022-38729 + RESERVED +CVE-2022-38728 + RESERVED +CVE-2022-38727 + RESERVED +CVE-2022-38726 + RESERVED +CVE-2022-38725 (An integer overflow in the RFC3164 parser in One Identity syslog-ng 3. ...) + {DSA-5369-1 DLA-3348-1} + - syslog-ng 3.38.1-1 + NOTE: https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-7932-4fc6-pvmc + NOTE: https://github.com/syslog-ng/syslog-ng/pull/4110 +CVE-2022-38724 (Silverstripe silverstripe/framework through 4.11.0, silverstripe/asset ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38723 (Gravitee API Management before 3.15.13 allows path traversal through H ...) + NOT-FOR-US: Gravitee API Management +CVE-2022-38722 + RESERVED +CVE-2022-38721 + RESERVED +CVE-2022-38720 + RESERVED +CVE-2022-38719 + RESERVED +CVE-2022-38718 + RESERVED +CVE-2022-38717 + RESERVED +CVE-2022-2977 (A flaw was found in the Linux kernel implementation of proxied virtual ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/7e0438f83dc769465ee663bb5dcf8cc154940712 (5.18-rc1) +CVE-2022-2976 + RESERVED +CVE-2022-2975 (A vulnerability related to weak permissions was detected in Avaya Aura ...) + NOT-FOR-US: Avaya +CVE-2022-2974 + RESERVED +CVE-2020-36601 (Out-of-bounds write vulnerability in the kernel modules. Successful ex ...) + NOT-FOR-US: Huawei +CVE-2020-36600 (Out-of-bounds write vulnerability in the power consumption module. Suc ...) + NOT-FOR-US: Huawei +CVE-2022-38714 + RESERVED +CVE-2022-38713 + RESERVED +CVE-2022-38712 ("IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services ...) + NOT-FOR-US: IBM +CVE-2022-38711 + RESERVED +CVE-2022-38710 ("IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensi ...) + NOT-FOR-US: IBM +CVE-2022-38709 (IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pa ...) + NOT-FOR-US: IBM +CVE-2022-38708 (IBM Cognos Analytics 11.1.7 11.2.0, and 11.2.1 could be vulnerable to ...) + NOT-FOR-US: IBM +CVE-2022-38707 (IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obt ...) + NOT-FOR-US: IBM +CVE-2022-38706 + RESERVED +CVE-2022-38705 (IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2022-38458 (A cleartext transmission vulnerability exists in the Remote Management ...) + NOT-FOR-US: Netgear +CVE-2022-38394 (Use of hard-coded credentials for the telnet server of CentreCOM AR260 ...) + NOT-FOR-US: CentreCOM AR260S +CVE-2022-38094 (OS command injection vulnerability in the telnet function of CentreCOM ...) + NOT-FOR-US: CentreCOM AR260S +CVE-2022-37337 (A command execution vulnerability exists in the access control functio ...) + NOT-FOR-US: Netgear +CVE-2022-36429 (A command execution vulnerability exists in the ubus backend communica ...) + NOT-FOR-US: Netgear +CVE-2022-35273 (OS command injection vulnerability in GUI setting page of CentreCOM AR ...) + NOT-FOR-US: CentreCOM AR260S +CVE-2022-34869 (Undocumented hidden command that can be executed from the telnet funct ...) + NOT-FOR-US: CentreCOM AR260S +CVE-2022-2973 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + NOT-FOR-US: libIEC61850 +CVE-2022-2972 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + NOT-FOR-US: libIEC61850 +CVE-2022-2971 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + NOT-FOR-US: libIEC61850 +CVE-2022-2970 (MZ Automation's libIEC61850 (versions 1.4 and prior; version 1.5 prior ...) + NOT-FOR-US: libIEC61850 +CVE-2022-2969 (Delta Industrial Automation DIALink versions prior to v1.5.0.0 Beta 4 ...) + NOT-FOR-US: Delta Industrial Automation DIALink +CVE-2022-2968 + RESERVED +CVE-2022-2967 (Prosys OPC UA Simulation Server version prior to v5.3.0-64 and UA Modb ...) + NOT-FOR-US: Prosys OPC UA Simulation Server +CVE-2022-2966 (Out-of-bounds Read vulnerability in Delta Electronics DOPSoft.This iss ...) + NOT-FOR-US: Delta Electronics DOPSoft +CVE-2022-2965 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + NOT-FOR-US: NotrinosERP +CVE-2022-2964 (A flaw was found in the Linux kernel\u2019s driver for the ASIX AX8817 ...) + - linux 5.16.10-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 (5.17-rc4) +CVE-2022-2963 (A vulnerability found in jasper. This security vulnerability happens b ...) + - jasper (unimportant) + NOTE: https://github.com/jasper-software/jasper/issues/332 + NOTE: https://github.com/jasper-software/jasper/commit/d99636fad60629785efd1ef72da772a8ef68f54c + NOTE: memory leak on invalid command line options before exit() +CVE-2022-2962 (A DMA reentrancy issue was found in the Tulip device emulation in QEMU ...) + - qemu 1:7.1+dfsg-2 (bug #1018055) + [bullseye] - qemu (Vulnerable code not present) + [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120631 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1171 + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/36a894aeb64a2e02871016da1c37d4a4ca109182 (v7.2.0-rc0) + NOTE: Introduced by https://gitlab.com/qemu-project/qemu/-/commit/398f9a84ac7132e38caf7b066273734b3bf619ff (v7.0.0-rc0) +CVE-2022-2961 (A use-after-free flaw was found in the Linux kernel\u2019s PLP Rose fu ...) + - linux (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2120595 + NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch +CVE-2022-2960 + RESERVED +CVE-2022-2959 (A race condition was found in the Linux kernel's watch queue due to a ...) + - linux 5.18.2-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-CAN-17291/ + NOTE: https://git.kernel.org/linus/189b0ddc245139af81198d1a3637cac74f96e13a (5.19-rc1) +CVE-2022-2958 (The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2957 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script +CVE-2022-2956 (A vulnerability classified as problematic has been found in ConsoleTVs ...) + NOT-FOR-US: Noxen +CVE-2022-2955 + RESERVED +CVE-2022-2954 + RESERVED +CVE-2022-38699 (Armoury Crate Service\u2019s logging function has insufficient validat ...) + NOT-FOR-US: Armoury Crate Service +CVE-2022-38698 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-38697 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-38696 + RESERVED +CVE-2022-38695 + RESERVED +CVE-2022-38694 + RESERVED +CVE-2022-38693 + RESERVED +CVE-2022-38692 + RESERVED +CVE-2022-38691 + RESERVED +CVE-2022-38690 (In camera driver, there is a possible memory corruption due to imprope ...) + NOT-FOR-US: Unisoc +CVE-2022-38689 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-38688 (In telephony service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-38687 (In messaging service, there is a missing permission check. This could ...) + NOT-FOR-US: Unisoc +CVE-2022-38686 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38685 (In bluetooth service, there is a possible missing permission check. Th ...) + NOT-FOR-US: Unisoc +CVE-2022-38684 (In contacts service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38683 (In contacts service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38682 (In contacts service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38681 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38680 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38679 (In music service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-38678 (In contacts service, there is a missing permission check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38677 (In cell service, there is a missing permission check. This could lead ...) + NOT-FOR-US: Unisoc +CVE-2022-38676 (In gpu driver, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: Unisoc +CVE-2022-38675 (In gpu driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Unisoc +CVE-2022-38674 (In wlan driver, there is a possible missing params check. This could l ...) + NOT-FOR-US: Unisoc +CVE-2022-38673 (In face detect driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-38672 (In face detect driver, there is a possible out of bounds write due to ...) + NOT-FOR-US: Unisoc +CVE-2022-38671 (In camera driver, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Unisoc +CVE-2022-38670 (In soundrecorder service, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-38669 (In soundrecorder service, there is a missing permission check. This co ...) + NOT-FOR-US: Unisoc +CVE-2022-38668 (HTTP applications (servers) based on Crow through 1.0+4 may reveal pot ...) + NOT-FOR-US: CrowCpp +CVE-2022-38667 (HTTP applications (servers) based on Crow through 1.0+4 may allow a Us ...) + NOT-FOR-US: CrowCpp +CVE-2022-2953 (LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tool ...) + {DSA-5333-1} + - tiff 4.4.0-6 (unimportant; bug #1024670) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/414 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba + NOTE: Crash in CLI tool, no security impact +CVE-2022-2952 (GE CIMPICITY versions 2022 and prior is vulnerable when data from a ...) + NOT-FOR-US: GE CIMPICITY +CVE-2022-2951 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) + NOT-FOR-US: Altair HyperView Player +CVE-2022-2950 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) + NOT-FOR-US: Altair HyperView Player +CVE-2022-2949 (Altair HyperView Playerversions 2021.1.0.27 and priorare vulnerable to ...) + NOT-FOR-US: Altair HyperView Player +CVE-2022-2948 (GE CIMPICITY versions 2022 and prior is vulnerable to a heap-based b ...) + NOT-FOR-US: GE CIMPICITY +CVE-2022-2947 (Altair HyperView Playerversions 2021.1.0.27 and prior perform operatio ...) + NOT-FOR-US: Altair HyperView Player +CVE-2022-38666 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-38665 (Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ p ...) + NOT-FOR-US: Jenkins CollabNet Plugins Plugin +CVE-2022-38664 (Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlie ...) + NOT-FOR-US: Jenkins Job Configuration History Plugin +CVE-2022-38663 (Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., re ...) + NOT-FOR-US: Jenkins Git Plugin +CVE-2022-38662 (In HCL Digital Experience, URLs can be constructed to redirect users t ...) + NOT-FOR-US: HCL +CVE-2022-38661 (HCL Workload Automation could allow a local user to overwrite key syst ...) + NOT-FOR-US: HCL +CVE-2022-38660 (HCL XPages applications are susceptible to a Cross Site Request Forger ...) + NOT-FOR-US: HCL +CVE-2022-38659 (In specific scenarios, on Windows the operator credentials may be encr ...) + NOT-FOR-US: HCL +CVE-2022-38658 (BigFix deployments that have installed the Notification Service on Win ...) + NOT-FOR-US: HCL +CVE-2022-38657 (An open redirect to malicious sites can occur when accessing the "Feed ...) + NOT-FOR-US: HCL +CVE-2022-38656 (HCL Commerce, when using Elasticsearch, can allow a remote attacker to ...) + NOT-FOR-US: HCL +CVE-2022-38655 (BigFix WebUI non-master operators are missing controls that prevent th ...) + NOT-FOR-US: HCL +CVE-2022-38654 (HCL Domino is susceptible to an information disclosure vulnerability. ...) + NOT-FOR-US: HCL +CVE-2022-38653 (In HCL Digital Experience, customized XSS payload can be constructed s ...) + NOT-FOR-US: HCL +CVE-2022-38652 (A remote insecure deserialization vulnerability exixsts in VMWare Hype ...) + NOT-FOR-US: VMware +CVE-2022-38651 (A security filter misconfiguration exists in VMware Hyperic Server 5.8 ...) + NOT-FOR-US: VMware +CVE-2022-38650 (A remote unauthenticated insecure deserialization vulnerability exists ...) + NOT-FOR-US: VMware +CVE-2022-38649 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Airflow Pinot provider +CVE-2022-38648 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) + {DLA-3619-1} + - batik 1.15+dfsg-1 (bug #1020589) + [bullseye] - batik (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/4 + NOTE: https://issues.apache.org/jira/browse/BATIK-1333 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903625 +CVE-2022-2946 (Use After Free in GitHub repository vim/vim prior to 9.0.0246.) + {DLA-3182-1} + - vim 2:9.0.0626-1 (bug #1019590; unimportant) + NOTE: https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 + NOTE: https://github.com/vim/vim/commit/adce965162dd89bf29ee0e5baf53652e7515762c (v9.0.0246) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2945 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2944 + RESERVED +CVE-2022-2943 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for Wordpre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2942 + RESERVED +CVE-2022-2941 (The WP-UserOnline plugin for WordPress has multiple Stored Cross-Site ...) + NOT-FOR-US: WP-UserOnline plugin for WordPress +CVE-2022-2940 + RESERVED +CVE-2022-2939 (The WP Cerber Security plugin for WordPress is vulnerable to security ...) + NOT-FOR-US: WP Cerber Security plugin for WordPress +CVE-2022-2938 (A flaw was found in the Linux kernel's implementation of Pressure Stal ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/a06247c6804f1a7c86a2e5398a4c1f1db1471848 (5.17-rc2) +CVE-2022-2937 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress +CVE-2022-2936 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress +CVE-2022-2935 (The Image Hover Effects Ultimate plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Image Hover Effects Ultimate plugin for WordPress +CVE-2022-2934 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) + NOT-FOR-US: WordPress Page Builder +CVE-2022-2933 (The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: 0mk Shortener plugin for WordPress +CVE-2022-2932 (Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mob ...) + NOT-FOR-US: Mobiledoc Kit +CVE-2022-2931 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2930 (Unverified Password Change in GitHub repository octoprint/octoprint pr ...) + - octoprint (bug #718591) +CVE-2022-2929 (In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a syst ...) + {DSA-5251-1 DLA-3146-1} + - isc-dhcp 4.4.3-2.1 (bug #1021320) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 + NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ + NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ + NOTE: https://kb.isc.org/docs/cve-2022-2929 +CVE-2022-2928 (In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, whe ...) + {DSA-5251-1 DLA-3146-1} + - isc-dhcp 4.4.3-2.1 (bug #1021320) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/05/1 + NOTE: https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ + NOTE: https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/ + NOTE: https://kb.isc.org/docs/cve-2022-2928 +CVE-2022-2927 (Weak Password Requirements in GitHub repository notrinos/notrinoserp p ...) + NOT-FOR-US: NotrinosERP +CVE-2022-2926 (The Download Manager WordPress plugin before 3.2.55 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38647 + RESERVED +CVE-2022-38646 + RESERVED +CVE-2022-38645 + RESERVED +CVE-2022-38644 + RESERVED +CVE-2022-38643 + RESERVED +CVE-2022-38642 + RESERVED +CVE-2022-38641 + RESERVED +CVE-2022-38640 + RESERVED +CVE-2022-38639 (A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 al ...) + NOT-FOR-US: Markdown-Nice +CVE-2022-38638 (Casdoor v1.97.3 was discovered to contain an arbitrary file write vuln ...) + NOT-FOR-US: Casdoor +CVE-2022-38637 (Hospital Management System v1.0 was discovered to contain multiple SQL ...) + NOT-FOR-US: Hospital Management System +CVE-2022-38636 + REJECTED +CVE-2022-38635 + RESERVED +CVE-2022-38634 + RESERVED +CVE-2022-38633 (Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vu ...) + NOT-FOR-US: Genymotion Desktop +CVE-2022-38632 + RESERVED +CVE-2022-38631 + RESERVED +CVE-2022-38630 + RESERVED +CVE-2022-38629 + RESERVED +CVE-2022-38628 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...) + NOT-FOR-US: Nortek Linear eMerge E3-Series +CVE-2022-38627 (Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, ...) + NOT-FOR-US: Nortek Linear eMerge E3-Series +CVE-2022-38626 + RESERVED +CVE-2022-38625 (Patlite NH-FB v1.46 and below was discovered to contain insufficient f ...) + NOT-FOR-US: Patlite NH-FB +CVE-2022-38624 + RESERVED +CVE-2022-38623 + RESERVED +CVE-2022-38622 + RESERVED +CVE-2022-38621 (Doufox v0.0.4 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Doufox +CVE-2022-38620 + RESERVED +CVE-2022-38619 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: SmartVista +CVE-2022-38618 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: SmartVista SVFE2 +CVE-2022-38617 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: SmartVista SVFE2 +CVE-2022-38616 (SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: SmartVista +CVE-2022-38615 (SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL inject ...) + NOT-FOR-US: SmartVista +CVE-2022-38614 (An issue in the IGB Files and OutfileService features of SmartVista Ca ...) + NOT-FOR-US: SmartVista +CVE-2022-38613 (A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows au ...) + NOT-FOR-US: SmartVista +CVE-2022-38612 + RESERVED +CVE-2022-38611 (Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attack ...) + NOT-FOR-US: Watchdog Anti-Virus +CVE-2022-38610 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Garage Management System +CVE-2022-38609 + RESERVED +CVE-2022-38608 + RESERVED +CVE-2022-38607 + RESERVED +CVE-2022-38606 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Garage Management System +CVE-2022-38605 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Church Management System +CVE-2022-38604 (Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain ...) + NOT-FOR-US: Wacom +CVE-2022-38603 + RESERVED +CVE-2022-38602 + RESERVED +CVE-2022-38601 + RESERVED +CVE-2022-38600 (Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf ...) + - mplayer 2:1.5+svn38408-1 (unimportant; bug #1021013) + NOTE: https://trac.mplayerhq.hu/ticket/2390#comment:2 + NOTE: https://git.ffmpeg.org/gitweb/mplayer.git/commit/59792bad144c11b21b27171a93a36e3fbd21eb5e (r38380) + NOTE: Followup: https://git.ffmpeg.org/gitweb/mplayer.git/commit/48ca1226397974bb2bc53de878411f88a80fe1f8 (r38392) + NOTE: Memory leak in CLI tool, no security impact +CVE-2022-38599 (Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was disco ...) + NOT-FOR-US: Teleport +CVE-2022-38598 + RESERVED +CVE-2022-38597 + RESERVED +CVE-2022-38596 + RESERVED +CVE-2022-38595 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Church Management System +CVE-2022-38594 (Church Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Church Management System +CVE-2022-38593 + RESERVED +CVE-2022-38592 + RESERVED +CVE-2022-38591 + RESERVED +CVE-2022-38590 + RESERVED +CVE-2022-38589 + RESERVED +CVE-2022-38588 + RESERVED +CVE-2022-38587 + RESERVED +CVE-2022-38586 + RESERVED +CVE-2022-38585 + RESERVED +CVE-2022-38584 + RESERVED +CVE-2022-38583 (On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in ...) + NOT-FOR-US: Sage +CVE-2022-38582 (Incorrect access control in the anti-virus driver wsdkd.sys of Watchdo ...) + NOT-FOR-US: Watchdog Antivirus +CVE-2022-38581 + RESERVED +CVE-2022-38580 (Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery ...) + NOT-FOR-US: Zalando Skipper +CVE-2022-38579 + RESERVED +CVE-2022-38578 + RESERVED +CVE-2022-38577 (ProcessMaker before v3.5.4 was discovered to contain insecure permissi ...) + NOT-FOR-US: ProcessMaker +CVE-2022-38576 (Interview Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Interview Management System +CVE-2022-38575 + RESERVED +CVE-2022-38574 + RESERVED +CVE-2022-38573 (10-Strike Network Inventory Explorer v9.3 was discovered to contain a ...) + NOT-FOR-US: 10-Strike Network Inventory Explorer +CVE-2022-38572 + RESERVED +CVE-2022-38571 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow i ...) + NOT-FOR-US: Tenda +CVE-2022-38570 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in ...) + NOT-FOR-US: Tenda +CVE-2022-38569 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in ...) + NOT-FOR-US: Tenda +CVE-2022-38568 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) + NOT-FOR-US: Tenda +CVE-2022-38567 (Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vu ...) + NOT-FOR-US: Tenda +CVE-2022-38566 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) + NOT-FOR-US: Tenda +CVE-2022-38565 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) + NOT-FOR-US: Tenda +CVE-2022-38564 (Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-38563 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) + NOT-FOR-US: Tenda +CVE-2022-38562 (Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overf ...) + NOT-FOR-US: Tenda +CVE-2022-38561 + RESERVED +CVE-2022-38560 + RESERVED +CVE-2022-38559 + RESERVED +CVE-2022-38558 + RESERVED +CVE-2022-38557 (D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulner ...) + NOT-FOR-US: D-Link +CVE-2022-38556 (Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulner ...) + NOT-FOR-US: Trendnet +CVE-2022-38555 (Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_ ...) + NOT-FOR-US: Linksys +CVE-2022-38554 + RESERVED +CVE-2022-38553 (Academy Learning Management System before v5.9.1 was discovered to con ...) + NOT-FOR-US: Academy Learning Management System +CVE-2022-38552 + RESERVED +CVE-2022-38551 + RESERVED +CVE-2022-38550 (A stored cross-site scripting (XSS) vulnerability in the /weibo/list c ...) + NOT-FOR-US: Jeesns +CVE-2022-38549 + RESERVED +CVE-2022-38548 + RESERVED +CVE-2022-38547 (A post-authentication command injection vulnerability in the CLI comma ...) + NOT-FOR-US: Zyxel +CVE-2022-38546 (A DNS misconfiguration was found in Zyxel NBG7510 firmware versions pr ...) + NOT-FOR-US: Zyxel +CVE-2022-38545 (Valine v1.4.18 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Valine +CVE-2022-38544 + RESERVED +CVE-2022-38543 + RESERVED +CVE-2022-38542 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: Archery +CVE-2022-38541 (Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL inject ...) + NOT-FOR-US: Archery +CVE-2022-38540 (Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: Archery +CVE-2022-38539 (Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: Archery +CVE-2022-38538 (Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vul ...) + NOT-FOR-US: Archery +CVE-2022-38537 (Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL inject ...) + NOT-FOR-US: Archery +CVE-2022-38536 + RESERVED +CVE-2022-38535 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38534 (TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code exe ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38533 (In GNU Binutils before 2.40, there is a heap-buffer-overflow in the er ...) + - binutils 2.39.50.20221208-2 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29482 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797 + NOTE: binutils not covered by security support +CVE-2022-38532 (Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered t ...) + NOT-FOR-US: Micro-Star +CVE-2022-38531 (FPT G-97RG6M R4.2.98.035 and G-97RG3 R4.2.43.078 are vulnerable to Rem ...) + NOT-FOR-US: FPT router +CVE-2022-38530 (GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a sta ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1019595) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2216 + NOTE: https://github.com/gpac/gpac/commit/4e56ad72ac1afb4e049a10f2d99e7512d7141f9d +CVE-2022-38529 (tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflo ...) + - tinyexr 1.0.1+dfsg-4 + [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1 + NOTE: https://github.com/syoyo/tinyexr/issues/169 + NOTE: https://github.com/syoyo/tinyexr/commit/82984a37d1dba67000a35b083b26df5e57a2bb72 +CVE-2022-38528 (Open Asset Import Library (assimp) commit 3c253ca was discovered to co ...) + - assimp (bug #1021018) + [bookworm] - assimp (Minor issue) + [bullseye] - assimp (Minor issue) + [buster] - assimp (Minor issue) + NOTE: https://github.com/assimp/assimp/issues/4662 +CVE-2022-38527 (UCMS v1.6.0 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: UCMS +CVE-2022-38526 + RESERVED +CVE-2022-38525 + RESERVED +CVE-2022-38524 + RESERVED +CVE-2022-38523 + RESERVED +CVE-2022-38522 + RESERVED +CVE-2022-38521 + RESERVED +CVE-2022-38520 + RESERVED +CVE-2022-38519 + RESERVED +CVE-2022-38518 + RESERVED +CVE-2022-38517 + RESERVED +CVE-2022-38516 + RESERVED +CVE-2022-38515 + RESERVED +CVE-2022-38514 + RESERVED +CVE-2022-38513 + RESERVED +CVE-2022-38512 (The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, ...) + NOT-FOR-US: Liferay +CVE-2022-38511 (TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLINK +CVE-2022-38510 (Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow ...) + NOT-FOR-US: Tenda +CVE-2022-38509 (Wedding Planner v1.0 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Wedding Planner +CVE-2022-38508 + RESERVED +CVE-2022-38507 + RESERVED +CVE-2022-38506 + RESERVED +CVE-2022-38505 + RESERVED +CVE-2022-38504 + RESERVED +CVE-2022-38503 + RESERVED +CVE-2022-38502 + RESERVED +CVE-2022-38501 + RESERVED +CVE-2022-38500 + RESERVED +CVE-2022-38499 + RESERVED +CVE-2022-38498 + RESERVED +CVE-2022-38497 (LIEF commit 365a16a was discovered to contain a segmentation violation ...) + NOT-FOR-US: LIEF +CVE-2022-38496 (LIEF commit 365a16a was discovered to contain a reachable assertion ab ...) + NOT-FOR-US: LIEF +CVE-2022-38495 (LIEF commit 365a16a was discovered to contain a heap-buffer overflow v ...) + NOT-FOR-US: LIEF +CVE-2022-38078 (Movable Type XMLRPC API provided by Six Apart Ltd. contains a command ...) + - movabletype-opensource +CVE-2022-2925 (Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appw ...) + NOT-FOR-US: appwrite +CVE-2022-2924 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-2923 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.024 ...) + - vim 2:9.0.0242-1 (unimportant) + NOTE: https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 + NOTE: https://github.com/vim/vim/commit/6669de1b235843968e88844ca6d3c8dec4b01a9e (v9.0.0240) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38494 + RESERVED +CVE-2022-38493 (Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA priva ...) + - rhonabwy 1.1.7-1 + [bullseye] - rhonabwy (Vulnerable code not present) + NOTE: https://github.com/babelouest/rhonabwy/commit/dd528b3aabd13863f855a68e76966e4e019fc399 +CVE-2022-38492 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) + NOT-FOR-US: EasyVista +CVE-2022-38491 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) + NOT-FOR-US: EasyVista +CVE-2022-38490 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. ...) + NOT-FOR-US: EasyVista +CVE-2022-38489 (An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 ...) + NOT-FOR-US: EasyVista +CVE-2022-38488 (logrocket-oauth2-example through 2020-05-27 allows SQL injection via t ...) + NOT-FOR-US: logrocket-oauth2-example +CVE-2022-38487 + RESERVED +CVE-2022-38486 + RESERVED +CVE-2022-2922 (Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform ...) + NOT-FOR-US: DNNPlatform +CVE-2022-2921 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) + NOT-FOR-US: NotrinosERP +CVE-2022-38485 (A directory traversal vulnerability exists in the AgeVolt Portal prior ...) + NOT-FOR-US: AgeVolt Portal +CVE-2022-38484 (An arbitrary file upload and directory traversal vulnerability exist i ...) + NOT-FOR-US: AgeVolt Portal +CVE-2022-38483 + RESERVED +CVE-2022-38482 (A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 bef ...) + NOT-FOR-US: Mega HOPEX +CVE-2022-38481 (An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The ap ...) + NOT-FOR-US: Mega HOPEX +CVE-2022-38480 + RESERVED +CVE-2022-38479 + RESERVED +CVE-2022-38478 (Members the Mozilla Fuzzing Team reported memory safety bugs present i ...) + {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} + - firefox 104.0-1 + - firefox-esr 102.2.0esr-1 + - thunderbird 1:102.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38478 +CVE-2022-38477 (Mozilla developer Nika Layzell and the Mozilla Fuzzing Team reported m ...) + - firefox 104.0-1 + - firefox-esr 102.2.0esr-1 + [bullseye] - firefox-esr (Vulnerable code not present in the ESR91 version) + [buster] - firefox-esr (Vulnerable code not present in the ESR91 version) + - thunderbird 1:102.2.0-1 + [bullseye] - thunderbird (Vulnerable code not present in the 91.x version) + [buster] - thunderbird (Vulnerable code not present in the 91.x version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38477 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38477 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38477 +CVE-2022-38476 (A data race could occur in the PK11_ChangePW function, po ...) + - firefox-esr 102.2.0esr-1 + [bullseye] - firefox-esr (Vulnerable code not present in the ESR91 version) + [buster] - firefox-esr (Vulnerable code not present in the ESR91 version) + - thunderbird 1:102.2.0-1 + [bullseye] - thunderbird (Vulnerable code not present in the 91.x version) + [buster] - thunderbird (Vulnerable code not present in the 91.x version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38476 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38476 +CVE-2022-38475 (An attacker could have written a value to the first element in a zero- ...) + - firefox 104.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38475 +CVE-2022-38474 (A website that had permission to access the microphone could record au ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38474 +CVE-2022-38473 (A cross-origin iframe referencing an XSLT document would inherit the p ...) + {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} + - firefox 104.0-1 + - firefox-esr 102.2.0esr-1 + - thunderbird 1:102.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38473 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38473 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38473 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38473 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38473 +CVE-2022-38472 (An attacker could have abused XSLT error handling to associate attacke ...) + {DSA-5221-1 DSA-5217-1 DLA-3097-1 DLA-3080-1} + - firefox 104.0-1 + - firefox-esr 102.2.0esr-1 + - thunderbird 1:102.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/#CVE-2022-38472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/#CVE-2022-38472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/#CVE-2022-38472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/#CVE-2022-38472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/#CVE-2022-38472 +CVE-2022-38471 + RESERVED +CVE-2022-38452 (A command execution vulnerability exists in the hidden telnet service ...) + NOT-FOR-US: Netgear +CVE-2022-2920 + RESERVED +CVE-2022-2919 + RESERVED +CVE-2022-2918 + RESERVED +CVE-2022-2917 + RESERVED +CVE-2022-2916 + RESERVED +CVE-2022-2915 (A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 app ...) + NOT-FOR-US: SonicWall +CVE-2022-2914 + RESERVED +CVE-2022-2913 (The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2912 (The Craw Data WordPress plugin through 1.0.0 does not implement nonce ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2911 + RESERVED +CVE-2022-2910 + RESERVED +CVE-2022-2909 (A vulnerability was found in SourceCodester Simple and Nice Shopping C ...) + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script +CVE-2022-38466 (A vulnerability has been identified in CoreShield One-Way Gateway (OWG ...) + NOT-FOR-US: CoreShield One-Way Gateway (OWG) +CVE-2022-38465 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2022-38089 (Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/ ...) + NOT-FOR-US: Exment +CVE-2022-38080 (Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedo ...) + NOT-FOR-US: Exment +CVE-2022-37333 (SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5. ...) + NOT-FOR-US: Exment +CVE-2022-2908 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2907 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2906 (An attacker can leverage this flaw to gradually erode available memory ...) + - bind9 1:9.18.7-1 + [bullseye] - bind9 (Vulnerable code introduced later) + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-2906 + NOTE: Introduced after: https://gitlab.isc.org/isc-projects/bind9/-/commit/e18777c7582d54d227714882e9e79746ce48e002 (v9_17_20) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/73df5c80538970ee1fbc4fe3348109bdc281e197 (v9_18_7) +CVE-2022-2905 (An out-of-bounds memory read flaw was found in the Linux kernel's BPF ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/26/1 +CVE-2022-2904 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2903 (The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2902 + RESERVED +CVE-2022-2901 (Improper Authorization in GitHub repository chatwoot/chatwoot prior to ...) + NOT-FOR-US: chatwoot +CVE-2022-2900 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...) + NOT-FOR-US: Node parse-url +CVE-2022-38464 + RESERVED +CVE-2022-38463 (ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS ...) + NOT-FOR-US: ServiceNow +CVE-2022-38462 (Silverstripe silverstripe/framework through 4.11 is vulnerable to XSS ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38450 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-38449 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-38448 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38447 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38446 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38445 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38444 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38443 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) + NOT-FOR-US: Adobe +CVE-2022-38442 (Adobe Dimension versions 3.4.5 is affected by a Use After Free vulnera ...) + NOT-FOR-US: Adobe +CVE-2022-38441 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) + NOT-FOR-US: Adobe +CVE-2022-38440 (Adobe Dimension versions 3.4.5 is affected by an out-of-bounds read vu ...) + NOT-FOR-US: Adobe +CVE-2022-38439 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-38438 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-38437 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-38436 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38435 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38434 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38433 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38432 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38431 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38430 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38429 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38428 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38427 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38426 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38425 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-38424 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38423 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38422 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38421 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38420 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38419 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38418 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-38417 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-38416 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-38415 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-38414 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-38413 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-38412 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2022-38411 (Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2022-38410 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38409 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38408 (Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-38407 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38406 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38405 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38404 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38403 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38402 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38401 (Adobe InCopy version 17.3 (and earlier) and 16.4.2 (and earlier) are a ...) + NOT-FOR-US: Adobe +CVE-2022-38102 (Improper Input validation in firmware for some Intel(R) Converged Secu ...) + NOT-FOR-US: Intel +CVE-2022-38090 (Improper isolation of shared resources in some Intel(R) Processors whe ...) + {DLA-3379-1} + - intel-microcode 3.20230214.1 (bug #1031334) + [bullseye] - intel-microcode 3.20230214.1~deb11u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 +CVE-2022-38084 + RESERVED +CVE-2022-38083 (Improper initialization in the BIOS firmware for some Intel(R) Process ...) + NOT-FOR-US: Intel +CVE-2022-38072 (An improper array index validation vulnerability exists in the stl_fix ...) + NOT-FOR-US: ADMesh +CVE-2022-38071 + RESERVED +CVE-2022-37408 + RESERVED +CVE-2022-37343 (Improper access control in the BIOS firmware for some Intel(R) Process ...) + NOT-FOR-US: Intel +CVE-2022-36788 (A heap-based buffer overflow vulnerability exists in the TriangleMesh ...) + - slic3r (bug #1034848) + [bookworm] - slic3r (Minor issue) + [bullseye] - slic3r (Minor issue) + [buster] - slic3r (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1593 +CVE-2022-36420 + RESERVED +CVE-2022-36419 + RESERVED +CVE-2022-34652 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-33310 + RESERVED +CVE-2022-2899 + RESERVED +CVE-2022-2898 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2022-2897 (Measuresoft ScadaPro Server and Client (All Versions) do not properly ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2022-2896 (Measuresoft ScadaPro Server (All Versions) allows use after free while ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2022-2895 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2022-2894 (Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX c ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2022-2893 (RONDS EPM version 1.19.5 does not properly validate the filename para ...) + NOT-FOR-US: RONDS EPM +CVE-2022-2892 (Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmain ...) + NOT-FOR-US: Measuresoft ScadaPro +CVE-2021-46834 (A permission bypass vulnerability in Huawei cross device task manageme ...) + NOT-FOR-US: Huawei +CVE-2020-36599 (lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before ...) + [experimental] - ruby-omniauth 2.0.4-1~exp1 + - ruby-omniauth 2.0.4-2 + [bullseye] - ruby-omniauth (Minor issue) + [buster] - ruby-omniauth (Minor issue) + NOTE: https://github.com/omniauth/omniauth/commit/43a396f181ef7d0ed2ec8291c939c95e3ed3ff00 (v2.0.0-rc1) +CVE-2020-36598 + RESERVED +CVE-2020-36597 + RESERVED +CVE-2020-36596 + RESERVED +CVE-2020-36595 + RESERVED +CVE-2020-36594 + RESERVED +CVE-2020-36593 + RESERVED +CVE-2020-36592 + RESERVED +CVE-2022-38398 (Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XM ...) + {DLA-3619-1} + - batik 1.15+dfsg-1 (bug #1020589) + [bullseye] - batik (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/09/22/2 + NOTE: https://issues.apache.org/jira/browse/BATIK-1331 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1903462 + NOTE: https://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading +CVE-2022-38397 + RESERVED +CVE-2022-2891 (The WP 2FA WordPress plugin before 2.3.0 uses comparison operators tha ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2890 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-2889 (Use After Free in GitHub repository vim/vim prior to 9.0.0225.) + - vim 2:9.0.0229-1 (unimportant) + NOTE: https://huntr.dev/bounties/d1ac9817-825d-49ce-b514-1d5b12b6bdaa + NOTE: https://github.com/vim/vim/commit/91c7cbfe31bbef57d5fcf7d76989fc159f73ef15 (v9.0.0225) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2888 (If an attacker comes into the possession of a victim's OctoPrint sessi ...) + - octoprint (bug #718591) +CVE-2022-2887 (The WP Server Health Stats WordPress plugin before 1.7.0 does not esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2886 (A vulnerability, which was classified as critical, was found in Larave ...) + NOTE: Additional misreport for laravel, likely to be rejected +CVE-2022-2885 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-38396 (HP Factory Preinstalled Images on certain systems that shipped with Wi ...) + NOT-FOR-US: HP +CVE-2022-38395 (HP Support Assistant uses HP Performance Tune-up as a diagnostic tool. ...) + NOT-FOR-US: HP +CVE-2022-38393 (A denial of service vulnerability exists in the cfg_server cm_processC ...) + NOT-FOR-US: Asus +CVE-2022-2884 (A vulnerability in GitLab CE/EE affecting all versions from 11.3.4 pri ...) + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/ +CVE-2022-2883 (In affected versions of Octopus Deploy it is possible to upload a zipb ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2881 (The underlying bug might cause read past end of the buffer and either ...) + - bind9 1:9.18.7-1 + [bullseye] - bind9 (Flawed code present in 9.16 but masked by the way the httpd objects are reset between messages) + [buster] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-2881 + NOTE: Exposed after (but not only requirement): https://gitlab.isc.org/isc-projects/bind9/-/commit/69c1ee1ce9f801aaa082bb3abf5969b46699f70a (v9_17_4) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/13333db69f9b9710a98c86f44276e01e95420fa0 (v9_18_7) +CVE-2022-2880 (Requests forwarded by ReverseProxy include the raw query parameters fr ...) + - golang-1.19 1.19.2-1 + - golang-1.18 1.18.7-1 + - golang-1.17 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/54663 + NOTE: https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2) + NOTE: https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7) +CVE-2022-2879 (Reader.Read does not set a limit on the maximum size of file headers. ...) + - golang-1.19 1.19.2-1 + - golang-1.18 1.18.7-1 + - golang-1.17 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/54853 + NOTE: https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2) + NOTE: https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7) +CVE-2022-2878 + RESERVED +CVE-2022-2877 (The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2876 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester +CVE-2022-39047 (Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vu ...) + - freeciv 3.0.3-1 (bug #1017579) + [bullseye] - freeciv (Minor issue) + [buster] - freeciv (Minor issue) + NOTE: https://osdn.net/projects/freeciv/ticket/45299 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/05/1 +CVE-2022-38392 (Certain 5400 RPM hard drives, for laptops and other PCs in approximate ...) + NOT-FOR-US: Microsoft +CVE-2022-2875 + RESERVED +CVE-2022-2874 (NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.022 ...) + - vim 2:9.0.0229-1 (unimportant) + NOTE: https://huntr.dev/bounties/95f97dfe-247d-475d-9740-b7adc71f4c79 + NOTE: https://github.com/vim/vim/commit/4875d6ab068f09df88d24d81de40dcd8d56e243d (v9.0.0224) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2873 (An out-of-bounds memory access flaw was found in the Linux kernel Inte ...) + {DSA-5324-1 DLA-3403-1 DLA-3349-1} + - linux 6.1.4-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2119048 + NOTE: https://lore.kernel.org/lkml/20220729093451.551672-1-zheyuma97@gmail.com/T/ + NOTE: https://git.kernel.org/linus/39244cc754829bf707dccd12e2ce37510f5b1f8d +CVE-2022-2872 (Unrestricted Upload of File with Dangerous Type in GitHub repository o ...) + - octoprint (bug #718591) +CVE-2022-2871 (Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notr ...) + NOT-FOR-US: NotrinosERP +CVE-2022-38391 (IBM Spectrum Control 5.4 uses weaker than expected cryptographic algor ...) + NOT-FOR-US: IBM +CVE-2022-38390 (Multiple IBM Business Automation Workflow versions are vulnerable to c ...) + NOT-FOR-US: IBM +CVE-2022-38389 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...) + NOT-FOR-US: IBM +CVE-2022-38388 (IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a loc ...) + NOT-FOR-US: IBM +CVE-2022-38387 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...) + NOT-FOR-US: IBM +CVE-2022-38386 + RESERVED +CVE-2022-38385 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allo ...) + NOT-FOR-US: IBM +CVE-2022-38384 + RESERVED +CVE-2022-38383 + RESERVED +CVE-2022-38382 + RESERVED +CVE-2022-38105 (An information disclosure vulnerability exists in the cm_processREQ_NC ...) + NOT-FOR-US: Asus +CVE-2022-2870 (A vulnerability was found in laravel 5.1 and classified as problematic ...) + NOTE: Additional misreport for laravel, likely to be rejected +CVE-2022-2869 (libtiff's tiffcrop tool has a uint32_t underflow which leads to out of ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0~rc1-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/352 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) +CVE-2022-2868 (libtiff's tiffcrop utility has a improper input validation flaw that c ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0~rc1-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/335 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/294 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) +CVE-2022-2867 (libtiff's tiffcrop utility has a uint32_t underflow that can lead to o ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0~rc1-1 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/350 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/351 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/07d79fcac2ead271b60e32aeb80f7b4f3be9ac8c (v4.4.0rc1) +CVE-2022-2866 (FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of- ...) + NOT-FOR-US: FATEK FvDesigner +CVE-2022-2865 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: demon image annotation plugin for WordPress +CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221.) + - vim 2:9.0.0229-1 (unimportant) + [buster] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/71180988-1ab6-4311-bca8-e9a879b06765 + NOTE: https://github.com/vim/vim/commit/1889f499a4f248cd84e0e0bf6d0d820016774494 (v9.0.0221) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2861 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2860 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2859 (Use after free in Chrome OS Shell in Google Chrome prior to 104.0.5112 ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2858 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.10 ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2857 (Use after free in Blink in Google Chrome prior to 104.0.5112.101 allow ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2856 (Insufficient validation of untrusted input in Intents in Google Chrome ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2855 (Use after free in ANGLE in Google Chrome prior to 104.0.5112.101 allow ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2854 (Use after free in SwiftShader in Google Chrome prior to 104.0.5112.101 ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2853 (Heap buffer overflow in Downloads in Google Chrome on Android prior to ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2852 (Use after free in FedCM in Google Chrome prior to 104.0.5112.101 allow ...) + {DSA-5212-1} + - chromium 104.0.5112.101-1 + [buster] - chromium (see DSA 5046) +CVE-2022-38381 (An improper handling of malformed request vulnerability [CWE-228] exis ...) + NOT-FOR-US: FortiGuard +CVE-2022-38380 (An improper access control [CWE-284] vulnerability in FortiOS version ...) + NOT-FOR-US: FortiGuard +CVE-2022-38379 (Improper neutralization of input during web page generation [CWE-79] i ...) + NOT-FOR-US: FortiGuard +CVE-2022-38378 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...) + NOT-FOR-US: Fortinet +CVE-2022-38377 (An improper access control vulnerability [CWE-284] in FortiManager 7.2 ...) + NOT-FOR-US: FortiGuard +CVE-2022-38376 (Multiple improper neutralization of input during web page generation ( ...) + NOT-FOR-US: Fortinet +CVE-2022-38375 (An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC ...) + NOT-FOR-US: Fortinet +CVE-2022-38374 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2022-38373 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2022-38372 (A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3 ...) + NOT-FOR-US: FortiGuard +CVE-2022-38371 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2022-38370 (Apache IoTDB grafana-connector version 0.13.0 contains an interface wi ...) + NOT-FOR-US: Apache IoTDB +CVE-2022-38369 (Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users ...) + NOT-FOR-US: Apache IoTDB +CVE-2022-2851 + RESERVED +CVE-2022-2850 (A flaw was found In 389-ds-base. When the Content Synchronization plug ...) + {DLA-3399-1} + - 389-ds-base 2.3.1-1 (bug #1018054) + [bullseye] - 389-ds-base (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2118691 + NOTE: https://github.com/389ds/389-ds-base/issues/4711#issuecomment-1205100979 + NOTE: https://github.com/389ds/389-ds-base/issues/5418 + NOTE: https://github.com/389ds/389-ds-base/commit/513a763b551848e5532ec22bb0086464aa09252f (main) + NOTE: https://github.com/389ds/389-ds-base/commit/19632a4b8de5ba0abe05cdfe514a7ada07d0c299 (389-ds-base-2.0.17) + NOTE: https://github.com/389ds/389-ds-base/commit/be599560c9bbb17570f5eeb5aac1919a8d333567 (389-ds-base-1.4.4) + NOTE: https://github.com/389ds/389-ds-base/commit/bd566957f85c889f13cd24f903c91c16c955acbd (389-ds-base-1.3.10) + NOTE: Results from an incomplete fix for CVE-2021-3514 +CVE-2022-2849 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0229-1 (unimportant) + NOTE: https://huntr.dev/bounties/389aeccd-deb9-49ae-9b6a-24c12d79b02e + NOTE: https://github.com/vim/vim/commit/f6d39c31d2177549a986d170e192d8351bd571e2 (v9.0.0220) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2848 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PTC +CVE-2022-2847 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Guest Management System +CVE-2022-2846 (The Calendar Event Multi View WordPress plugin before 1.4.07 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2845 (Improper Validation of Specified Quantity in Input in GitHub repositor ...) + - vim 2:9.0.0229-1 (unimportant) + NOTE: https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445 + NOTE: https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c (v9.0.0218) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2844 (A vulnerability classified as problematic has been found in MotoPress ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2843 (A vulnerability was found in MotoPress Timetable and Event Schedule. I ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2842 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2841 (A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.1561 ...) + NOT-FOR-US: CrowdStrike Falcon +CVE-2022-2840 (The Zephyr Project Manager WordPress plugin before 3.2.5 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2839 (The Zephyr Project Manager WordPress plugin before 3.2.55 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2838 (In Eclipse Sphinx\u2122 before version 0.13.1, Apache Xerces XML Parse ...) + NOT-FOR-US: Eclipse Sphinx +CVE-2022-2837 (A flaw was found in coreDNS. This flaw allows a malicious user to redi ...) + - coredns (bug #880676) +CVE-2022-2836 + RESERVED +CVE-2022-2835 (A flaw was found in coreDNS. This flaw allows a malicious user to rero ...) + - coredns (bug #880676) +CVE-2022-2834 (The Helpful WordPress plugin before 4.5.26 puts the exported logs and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2833 (Endless Infinite loop in Blender-thumnailing due to logical bugs.) + - blender 3.2.2+dfsg-1 (unimportant) + NOTE: https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512 + NOTE: https://developer.blender.org/T99711 + NOTE: Hang in CLI tool, no security impact +CVE-2022-2832 (A flaw was found in Blender 3.3.0. A null pointer dereference exists i ...) + - blender (unimportant) + NOTE: https://developer.blender.org/T99706 + NOTE: https://developer.blender.org/D15463 + NOTE: https://developer.blender.org/rB00dc7477022acdd969e4d709a235c0be819efa6c + NOTE: Debian binary packages not build with WITH_HEADLESS +CVE-2022-2831 (A flaw was found in Blender 3.3.0. An interger overflow in source/blen ...) + - blender 3.2.2+dfsg-1 + [bullseye] - blender (Minor issue) + [buster] - blender (The vulnerable code is not present) + NOTE: https://developer.blender.org/T99705 + NOTE: https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2 + NOTE: https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535 +CVE-2022-2830 (Deserialization of Untrusted Data vulnerability in the message process ...) + NOT-FOR-US: Bitdefender +CVE-2022-38368 (An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x ...) + NOT-FOR-US: Aviatrix Gateway +CVE-2022-38367 (The Netic User Export add-on before 2.0.6 for Atlassian Jira does not ...) + NOT-FOR-US: Netic User Export add-on for Atlassian Jira +CVE-2022-38366 + RESERVED +CVE-2022-38365 + RESERVED +CVE-2022-38364 + RESERVED +CVE-2022-38363 + RESERVED +CVE-2022-2829 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-2828 (In affected versions of Octopus Server it is possible to reveal inform ...) + NOT-FOR-US: Octopus Server +CVE-2022-2827 (AMI MegaRAC User Enumeration Vulnerability) + NOT-FOR-US: MegaRAC +CVE-2022-2826 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-38362 (Apache Airflow Docker's Provider prior to 3.0.0 shipped with an exampl ...) + - airflow (bug #819700) +CVE-2022-38361 + RESERVED +CVE-2022-38360 + RESERVED +CVE-2022-38359 (Cross-site request forgery attacks can be carried out against the Eyes ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-38358 (Improper neutralization of input during web page generation leaves the ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-38357 (Improper neutralization of special elements leaves the Eyes of Network ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2022-38354 + RESERVED +CVE-2022-38353 + RESERVED +CVE-2022-38352 (ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerabi ...) + NOT-FOR-US: ThinkPHP +CVE-2022-38351 (A vulnerability in Suprema BioStar (aka Bio Star) 2 v2.8.16 allows att ...) + NOT-FOR-US: Suprema Bio Star +CVE-2022-38350 + RESERVED +CVE-2022-38349 (An issue was discovered in Poppler 22.08.0. There is a reachable asser ...) + - poppler 22.12.0-2 + [bullseye] - poppler (Minor issue) + [buster] - poppler (Minor issue) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1282 + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4564a002bcb6094cc460bc0d5ddff9423fe6dd28 (poppler-22.09.0) +CVE-2022-38348 + RESERVED +CVE-2022-38347 + RESERVED +CVE-2022-38346 + RESERVED +CVE-2022-38345 + RESERVED +CVE-2022-38344 + RESERVED +CVE-2022-38343 + RESERVED +CVE-2022-38342 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) + NOT-FOR-US: Safe Software FME Server +CVE-2022-38341 (Safe Software FME Server v2021.2.5 and below does not employ server-si ...) + NOT-FOR-US: Safe Software FME Server +CVE-2022-38340 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discover ...) + NOT-FOR-US: Safe Software FME Server +CVE-2022-38339 (Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a c ...) + NOT-FOR-US: Safe Software FME Server +CVE-2022-38338 + RESERVED +CVE-2022-38337 (When aborting a SFTP connection, MobaXterm before v22.1 sends a hardco ...) + NOT-FOR-US: MobaXterm +CVE-2022-38336 (An access control issue in MobaXterm before v22.1 allows attackers to ...) + NOT-FOR-US: MobaXterm +CVE-2022-38335 (Vtiger CRM v7.4.0 was discovered to contain a stored cross-site script ...) + NOT-FOR-US: Vtiger CRM +CVE-2022-38334 (XPDF v4.04 and earlier was discovered to contain a stack overflow via ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38333 (Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to co ...) + NOT-FOR-US: OpenWrt +CVE-2022-38332 + RESERVED +CVE-2022-38331 + RESERVED +CVE-2022-38330 + RESERVED +CVE-2022-38329 (An issue was discovered in Shopxian CMS 3.0.0. There is a CSRF vulnera ...) + NOT-FOR-US: Shopxian CMS +CVE-2022-38328 + RESERVED +CVE-2022-38327 + RESERVED +CVE-2022-38326 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) + NOT-FOR-US: Tenda +CVE-2022-38325 (Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03. ...) + NOT-FOR-US: Tenda +CVE-2022-38324 + RESERVED +CVE-2022-38323 (Event Management System v1.0 was discovered to contain an arbitrary fi ...) + NOT-FOR-US: Event Management System +CVE-2022-38322 + RESERVED +CVE-2022-38321 + RESERVED +CVE-2022-38320 + RESERVED +CVE-2022-38319 + RESERVED +CVE-2022-38318 + RESERVED +CVE-2022-38317 + RESERVED +CVE-2022-38316 + RESERVED +CVE-2022-38315 + RESERVED +CVE-2022-38314 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38313 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38312 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38311 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38310 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38309 (Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-38308 (TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLink +CVE-2022-38307 (LIEF commit 5d1d643 was discovered to contain a segmentation violation ...) + NOT-FOR-US: LIEF +CVE-2022-38306 (LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow i ...) + NOT-FOR-US: LIEF +CVE-2022-36403 (Untrusted search path vulnerability in the installer of Device Softwar ...) + NOT-FOR-US: Ricoh +CVE-2022-2825 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PTC +CVE-2022-2824 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: OpenEMR +CVE-2022-2823 (The Slider, Gallery, and Carousel by MetaSlider WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2822 (An attacker can freely brute force username and password and can takeo ...) + - octoprint (bug #718591) +CVE-2022-2821 (Missing Critical Step in Authentication in GitHub repository namelessm ...) + NOT-FOR-US: NamelessMC/Nameless +CVE-2022-2820 (Session Fixation in GitHub repository namelessmc/nameless prior to v2. ...) + NOT-FOR-US: NamelessMC/Nameless +CVE-2022-2819 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0229-1 (unimportant) + [buster] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 + NOTE: https://github.com/vim/vim/commit/d1d8f6bacb489036d0fd479c9dd3c0102c988889 (v9.0.0211) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2818 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + NOT-FOR-US: Cockpit-HQ/Cockpit +CVE-2022-38305 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: AeroCMS +CVE-2022-38304 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-38303 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-38302 (Online Leave Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Online Leave Management System +CVE-2022-38301 (Onedev v7.4.14 contains a path traversal vulnerability which allows at ...) + NOT-FOR-US: Onedev +CVE-2022-38300 + RESERVED +CVE-2022-38299 (An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attack ...) + NOT-FOR-US: Appsmith +CVE-2022-38298 (Appsmith v1.7.11 was discovered to allow attackers to execute an authe ...) + NOT-FOR-US: Appsmith +CVE-2022-38297 (UCMS v1.6.0 contains an authentication bypass vulnerability which is e ...) + NOT-FOR-US: UCMS +CVE-2022-38296 (Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-38295 (Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulner ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-38294 + RESERVED +CVE-2022-38293 + RESERVED +CVE-2022-38292 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...) + NOT-FOR-US: SLiMS Senayan Library Management System +CVE-2022-38291 (SLiMS Senayan Library Management System v9.4.2 was discovered to conta ...) + NOT-FOR-US: SLiMS Senayan Library Management System +CVE-2022-38290 + RESERVED +CVE-2022-38289 + REJECTED +CVE-2022-38288 + RESERVED +CVE-2022-38287 + REJECTED +CVE-2022-38286 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/role/list.) + NOT-FOR-US: JFinal CMS +CVE-2022-38285 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list.) + NOT-FOR-US: JFinal CMS +CVE-2022-38284 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/department ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38283 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/video/list.) + NOT-FOR-US: JFinal CMS +CVE-2022-38282 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/ ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38281 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/site/list.) + NOT-FOR-US: JFinal CMS +CVE-2022-38280 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/image/list.) + NOT-FOR-US: JFinal CMS +CVE-2022-38279 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/imagealbum/ ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38278 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/friendlylin ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38277 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/folderrollp ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38276 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/foldernotic ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38275 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/contact/lis ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38274 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/comment/lis ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38273 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38272 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/article/lis ...) + NOT-FOR-US: JFinal CMS +CVE-2022-38271 + RESERVED +CVE-2022-38270 + RESERVED +CVE-2022-38269 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38268 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38267 (School Activity Updates with SMS Notification v1.0 was discovered to c ...) + NOT-FOR-US: School Activity Updates with SMS Notification +CVE-2022-38266 (An issue in the Leptonica linked library (v1.79.0) allows attackers to ...) + {DLA-3233-1} + - leptonlib 1.82.0-1 + [bullseye] - leptonlib 1.79.0-1.1+deb11u1 + NOTE: https://github.com/DanBloomberg/leptonica/commit/f062b42c0ea8dddebdc6a152fd16152de215d614 (1.81.0) + NOTE: https://github.com/tesseract-ocr/tesseract/issues/3498 +CVE-2022-38265 (Apartment Visitor Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Apartment Visitor Management System +CVE-2022-38264 + RESERVED +CVE-2022-38263 + RESERVED +CVE-2022-38262 + RESERVED +CVE-2022-38261 + RESERVED +CVE-2022-38260 (Interview Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Interview Management System +CVE-2022-38259 + RESERVED +CVE-2022-38258 (A local file inclusion (LFI) vulnerability in D-Link DIR 819 v1.06 all ...) + NOT-FOR-US: D-Link +CVE-2022-38257 + RESERVED +CVE-2022-38256 (TastyIgniter v3.5.0 was discovered to contain a cross-site scripting ( ...) + NOT-FOR-US: TastyIgniter +CVE-2022-38255 (Interview Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Interview Management System +CVE-2022-38254 (Nagios XI before v5.8.7 was discovered to contain a cross-site scripti ...) + NOT-FOR-US: Nagios XI +CVE-2022-38253 + RESERVED +CVE-2022-38252 + RESERVED +CVE-2022-38251 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: Nagios XI +CVE-2022-38250 (Nagios XI v5.8.6 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: Nagios XI +CVE-2022-38249 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: Nagios XI +CVE-2022-38248 (Nagios XI before v5.8.7 was discovered to contain multiple cross-site ...) + NOT-FOR-US: Nagios XI +CVE-2022-38247 (Nagios XI v5.8.6 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: Nagios XI +CVE-2022-38246 + RESERVED +CVE-2022-38245 + RESERVED +CVE-2022-38244 + RESERVED +CVE-2022-38243 + RESERVED +CVE-2022-38242 + RESERVED +CVE-2022-38241 + RESERVED +CVE-2022-38240 + RESERVED +CVE-2022-38239 + RESERVED +CVE-2022-38238 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38237 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38236 (XPDF commit ffaf11c was discovered to contain a global-buffer overflow ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38235 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38234 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38233 (XPDF commit ffaf11c was discovered to contain a segmentation violation ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38232 + RESERVED +CVE-2022-38231 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38230 (XPDF commit ffaf11c was discovered to contain a floating point excepti ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38229 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38228 (XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38227 (XPDF commit ffaf11c was discovered to contain a stack overflow via __a ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38226 + RESERVED +CVE-2022-38225 + RESERVED +CVE-2022-38224 + RESERVED +CVE-2022-38223 (There is an out-of-bounds write in checkType located in etc.c in w3m 0 ...) + {DLA-3541-1} + - w3m 0.5.3+git20230121-1 (bug #1019599) + [bullseye] - w3m 0.5.3+git20210102-6+deb11u1 + NOTE: https://github.com/tats/w3m/issues/242 + NOTE: Initial fix: https://github.com/tats/w3m/commit/419ca82d57c72242817b55e2eaa4cdbf6916e7fa + NOTE: Follow-up fix: https://github.com/tats/w3m/commit/25fb402cea405b263466c627f32513d186a38ade +CVE-2022-38222 (There is a use-after-free issue in JBIG2Stream::close() located in JBI ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-38221 (A buffer overflow in the FTcpListener thread in The Isle Evrima (the d ...) + NOT-FOR-US: The Isle Evrima +CVE-2022-38220 (An XSS vulnerability exists within Quest KACE Systems Management Appli ...) + NOT-FOR-US: Quest KACE Systems Management Appliance (SMA) +CVE-2022-38219 + RESERVED +CVE-2022-38218 + RESERVED +CVE-2022-2817 (Use After Free in GitHub repository vim/vim prior to 9.0.0213.) + - vim 2:9.0.0229-1 (unimportant) + [buster] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/a7b7d242-3d88-4bde-a681-6c986aff886f + NOTE: https://github.com/vim/vim/commit/249e1b903a9c0460d618f6dcc59aeb8c03b24b20 (v9.0.0213) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2816 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.) + - vim 2:9.0.0229-1 (unimportant) + NOTE: https://huntr.dev/bounties/e2a83037-fcf9-4218-b2b9-b7507dacde58 + NOTE: https://github.com/vim/vim/commit/dbdd16b62560413abcc3c8e893cc3010ccf31666 (v9.0.0212) + NOTE: Crash in CLI tool, no security impact +CVE-2022-38217 + RESERVED +CVE-2022-2815 (Insecure Storage of Sensitive Information in GitHub repository publify ...) + NOT-FOR-US: Publify +CVE-2022-2814 (A vulnerability has been found in SourceCodester Simple and Nice Shopp ...) + NOT-FOR-US: SourceCodester Simple and Nice Shopping Cart Script +CVE-2022-2813 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester +CVE-2022-2812 (A vulnerability classified as critical was found in SourceCodester Gue ...) + NOT-FOR-US: SourceCodester +CVE-2022-2811 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester +CVE-2022-2810 + RESERVED +CVE-2022-38216 (An integer overflow exists in Mapbox's closed source gl-native library ...) + NOT-FOR-US: Mapbox +CVE-2022-38215 + RESERVED +CVE-2022-38214 + RESERVED +CVE-2022-38213 + RESERVED +CVE-2022-38212 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) + NOT-FOR-US: Esri +CVE-2022-38211 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) + NOT-FOR-US: Esri +CVE-2022-38210 (There is a reflected HTML injection vulnerability in Esri Portal for A ...) + NOT-FOR-US: Esri +CVE-2022-38209 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2022-38208 (There is an unvalidated redirect vulnerability in Esri Portal for ArcG ...) + NOT-FOR-US: Esri +CVE-2022-38207 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2022-38206 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2022-38205 (In some non-default installations of Esri Portal for ArcGIS versions 1 ...) + NOT-FOR-US: Esri +CVE-2022-38204 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri +CVE-2022-38203 (Protections against potential Server-Side Request Forgery (SSRF) vulne ...) + NOT-FOR-US: Esri +CVE-2022-38202 (There is a path traversal vulnerability in Esri ArcGIS Server versions ...) + NOT-FOR-US: Esri +CVE-2022-38201 (An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS ...) + NOT-FOR-US: Esri Portal for ArcGIS Quick Capture Web Designer +CVE-2022-38200 (A cross site scripting vulnerability exists in some map service config ...) + NOT-FOR-US: ArcGIS Server +CVE-2022-38199 (A remote file download issue can occur in some capabilities of Esri Ar ...) + NOT-FOR-US: ArcGIS Server +CVE-2022-38198 (There is a reflected cross site scripting issue in the Esri ArcGIS Ser ...) + NOT-FOR-US: Esri ArcGIS Server +CVE-2022-38197 (Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redir ...) + NOT-FOR-US: Esri ArcGIS Server +CVE-2022-38196 (Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vul ...) + NOT-FOR-US: Esri ArcGIS Server +CVE-2022-38195 (There is as reflected cross site scripting issue in Esri ArcGIS Server ...) + NOT-FOR-US: Esri ArcGIS Server +CVE-2022-38194 (In Esri Portal for ArcGIS versions 10.8.1, a system property is not pr ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38193 (There is a code injection vulnerability in Esri Portal for ArcGIS vers ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38192 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38191 (There is an HTML injection issue in Esri Portal for ArcGIS versions 10 ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38190 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38189 (A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for A ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38188 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38187 (Prior to version 10.9.0, the sharing/rest/content/features/analyze end ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38186 (There is a reflected XSS vulnerability in Esri Portal for ArcGIS versi ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38185 + RESERVED +CVE-2022-38184 (There is an improper access control vulnerability in Portal for ArcGIS ...) + NOT-FOR-US: Esri Portal for ArcGIS +CVE-2022-38183 (In Gitea before 1.16.9, it was possible for users to add existing issu ...) + - gitea +CVE-2022-38182 + RESERVED +CVE-2022-38181 (The Arm Mali GPU kernel driver allows unprivileged users to access fre ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-2809 (A vulnerability in bmcweb of OpenBMC Project allows user to cause deni ...) + NOT-FOR-US: OpenBMC +CVE-2022-38180 (In JetBrains Ktor before 2.1.0 the wrong authentication provider could ...) + NOT-FOR-US: JetBrains Ktor +CVE-2022-38179 (JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Downloa ...) + NOT-FOR-US: JetBrains Ktor +CVE-2022-38178 (By spoofing the target resolver with responses that have a malformed E ...) + {DSA-5235-1 DLA-3138-1} + - bind9 1:9.18.7-1 + NOTE: https://kb.isc.org/docs/cve-2022-38178 + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/7c0028cfad2ae5fdf82c4d02d3b8b3a1e96dc6ec (v9_18_7) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/1af23378ebb11da2eb0f412e4563d6c4165fbd3d (v9_16_33) +CVE-2022-38177 (By spoofing the target resolver with responses that have a malformed E ...) + {DSA-5235-1 DLA-3138-1} + - bind9 1:9.17.20-1 + NOTE: https://kb.isc.org/docs/cve-2022-38177 + NOTE: Fixed by (while refactoring): https://gitlab.isc.org/isc-projects/bind9/-/commit/d4eb6e0a57a7eeb42328ff66865fa66688603c17 (v9_17_20) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/5b2282afff760b1ed3471f6666bdfe8e1d34e590 (v9_16_33) +CVE-2022-2808 (Authorization Bypass Through User-Controlled Key vulnerability in Alga ...) + NOT-FOR-US: Algan +CVE-2022-2807 (SQL Injection vulnerability in Algan Software Prens Student Informatio ...) + NOT-FOR-US: Algan +CVE-2022-2806 (It was found that the ovirt-log-collector/sosreport collects the RHV a ...) + NOT-FOR-US: ovirt-log-collector +CVE-2022-2805 (A flaw was found in ovirt-engine, which leads to the logging of plaint ...) + NOT-FOR-US: ovirt-engine +CVE-2022-2804 (A vulnerability was found in SourceCodester Zoo Management System. It ...) + NOT-FOR-US: SourceCodester Zoo Management System +CVE-2022-2803 (A vulnerability was found in SourceCodester Zoo Management System and ...) + NOT-FOR-US: SourceCodester Zoo Management System +CVE-2022-2802 (A vulnerability has been found in SourceCodester Gas Agency Management ...) + NOT-FOR-US: SourceCodester Gas Agency Management System +CVE-2022-2801 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Automated Beer Parlour Billing System +CVE-2022-2800 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2799 (The Affiliates Manager WordPress plugin before 2.9.14 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2798 (The Affiliates Manager WordPress plugin before 2.9.14 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2797 (A vulnerability classified as critical was found in SourceCodester Stu ...) + NOT-FOR-US: SourceCodester Student Information System +CVE-2022-2796 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-2795 (By flooding the target resolver with queries exploiting this flaw an a ...) + {DSA-5235-1 DLA-3138-1} + - bind9 1:9.18.7-1 + NOTE: https://kb.isc.org/docs/cve-2022-2795 + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/e2014ba9e3b4236b0384ba17abfb2c9a155412f6 (v9_18_7) + NOTE: Fixed by: https://gitlab.isc.org/isc-projects/bind9/-/commit/bf2ea6d8525bfd96a84dad221ba9e004adb710a8 (v9_16_33) +CVE-2022-38176 (An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect priv ...) + NOT-FOR-US: YSoft +CVE-2022-38175 + RESERVED +CVE-2022-38174 + RESERVED +CVE-2022-38173 + RESERVED +CVE-2022-38172 (ServiceNow through San Diego Patch 3 allows XSS via the name field dur ...) + NOT-FOR-US: ServiceNow +CVE-2022-38171 (Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 d ...) + NOT-FOR-US: xpdf (relevant issue for Poppler tracked as CVE-2022-38784) + NOTE: This is CVE-2021-30860 in Apple CoreGraphics and CVE-2022-38171 in xpdf + NOTE: https://gist.github.com/zmanion/b2ed0d1a0cec163ecd07d5e3d9740dc6 +CVE-2022-2794 (Certain HP PageWide Pro Printers may be vulnerable to a potential deni ...) + NOT-FOR-US: HP +CVE-2022-2793 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) + NOT-FOR-US: Emerson +CVE-2022-2792 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) + NOT-FOR-US: Emerson +CVE-2022-2791 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) + NOT-FOR-US: Emerson Electric's Proficy Machine Edition +CVE-2022-2790 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) + NOT-FOR-US: Emerson +CVE-2022-2789 (Emerson Electric's Proficy Machine Edition Version 9.00 and prior is v ...) + NOT-FOR-US: Emerson +CVE-2022-2788 (Emerson Electric's Proficy Machine Edition Version 9.80 and prior is v ...) + NOT-FOR-US: Emerson +CVE-2022-2787 (Schroot before 1.6.13 had too permissive rules on chroot or session na ...) + {DSA-5213-1 DLA-3075-1} + - schroot 1.6.12-2 + NOTE: https://codeberg.org/shelter/reschroot/commit/6f7166a285e1e97aea390be633591f9791b29a6d +CVE-2022-38170 (In Apache Airflow prior to 2.3.4, an insecure umask was configured for ...) + - airflow (bug #819700) +CVE-2022-38082 + RESERVED +CVE-2022-2786 + RESERVED +CVE-2022-2785 (There exists an arbitrary memory read within the Linux Kernel BPF - Co ...) + - linux 5.19.6-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/86f44fcec22ce2979507742bc53db8400e454f46 (6.0-rc1) +CVE-2022-2784 + RESERVED +CVE-2022-2783 (In affected versions of Octopus Server it was identified that a sessio ...) + NOT-FOR-US: Octopus +CVE-2022-2782 (In affected versions of Octopus Server it is possible for a session to ...) + NOT-FOR-US: Octopus Server +CVE-2022-2781 (In affected versions of Octopus Server it was identified that the same ...) + NOT-FOR-US: Octopus +CVE-2022-2780 (In affected versions of Octopus Server it is possible to use the Git C ...) + NOT-FOR-US: Octopus +CVE-2022-2779 (A vulnerability classified as critical was found in SourceCodester Gas ...) + NOT-FOR-US: SourceCodester Gas Agency Management System +CVE-2022-2778 (In affected versions of Octopus Deploy it is possible to bypass rate l ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2777 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-2776 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2775 (The Fast Flow WordPress plugin before 1.2.13 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2774 (A vulnerability was found in SourceCodester Library Management System. ...) + NOT-FOR-US: SourceCodester Library Management System +CVE-2022-2773 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) + NOT-FOR-US: SourceCodester Apartment Visitor Management System +CVE-2022-2772 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) + NOT-FOR-US: SourceCodester Apartment Visitor Management System +CVE-2022-2771 (A vulnerability has been found in SourceCodester Simple Online Book St ...) + NOT-FOR-US: SourceCodester Simple Online Book Store System +CVE-2022-2770 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Simple Online Book Store System +CVE-2022-2769 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2768 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Library Management System +CVE-2022-2767 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Online Admission System +CVE-2022-2766 (A vulnerability was found in SourceCodester Loan Management System. It ...) + NOT-FOR-US: SourceCodester Loan Management System +CVE-2022-2765 (A vulnerability was found in SourceCodester Company Website CMS 1.0. I ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2764 (A flaw was found in Undertow. Denial of service can be achieved as Und ...) + - undertow 2.2.21-1 + NOTE: https://issues.redhat.com/browse/UNDERTOW-2048 + NOTE: https://github.com/undertow-io/undertow/pull/1382 + NOTE: https://github.com/undertow-io/undertow/pull/1386 + NOTE: https://github.com/undertow-io/undertow/commit/09d4dc44da0eb7a0cfa5d943de32e06c7cb2f7d2 (2.2.21.Final) + NOTE: https://github.com/undertow-io/undertow/commit/05ab8777ed7cc3510acf4550102e5e38fc706fd1 (2.2.21.Final) + NOTE: https://github.com/undertow-io/undertow/commit/f60972d29949c6c7c557d591171e89c74013edd0 (2.2.21.Final) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2117506 +CVE-2022-2763 (The WP Socializer WordPress plugin before 7.3 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2762 (The AdminPad WordPress plugin before 2.2 does not have CSRF check when ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2761 (An information disclosure issue in GitLab CE/EE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2760 (In affected versions of Octopus Deploy it is possible to reveal the Sp ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-38169 + RESERVED +CVE-2022-38168 (Broken Access Control in User Authentication in Avaya Scopia Pathfinde ...) + NOT-FOR-US: Avaya Scopia Pathfinder +CVE-2022-38167 (The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.) + NOT-FOR-US: Nintex Workflow plugin for SharePoint +CVE-2022-38166 (In F-Secure Endpoint Protection for Windows and macOS before channel w ...) + NOT-FOR-US: F-Secure +CVE-2022-38165 (Arbitrary file write in F-Secure Policy Manager through 2022-08-10 all ...) + NOT-FOR-US: WithSecure +CVE-2022-38164 (WithSecure through 2022-08-10 allows attackers to cause a denial of se ...) + NOT-FOR-US: WithSecure +CVE-2022-38163 (A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Br ...) + NOT-FOR-US: WithSecure +CVE-2022-38162 (Reflected cross-site scripting (XSS) vulnerabilities in WithSecure thr ...) + NOT-FOR-US: WithSecure +CVE-2022-38161 (The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on ...) + NOT-FOR-US: Gumstix Overo SBC +CVE-2022-38160 + RESERVED +CVE-2022-38159 + RESERVED +CVE-2022-38158 + RESERVED +CVE-2022-38157 + RESERVED +CVE-2022-38156 (A remote command injection issues exists in the web server of the Krat ...) + NOT-FOR-US: Kratos SpectralNet +CVE-2022-38155 (TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted applicatio ...) + NOT-FOR-US: Samsung mTower +CVE-2022-38154 + RESERVED +CVE-2022-38153 (An issue was discovered in wolfSSL before 5.5.0 (when --enable-session ...) + - wolfssl 5.5.3-1 (bug #1021021) + [bullseye] - wolfssl (Vulnerable code not present and session tickets not enabled) + NOTE: https://github.com/wolfSSL/wolfssl/pull/5476 +CVE-2022-38152 (An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client ...) + - wolfssl 5.5.3-1 (bug #1021021) + [bullseye] - wolfssl (Minor issue) + NOTE: https://github.com/wolfSSL/wolfssl/pull/5468 +CVE-2022-38151 + RESERVED +CVE-2022-38149 (HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose ...) + NOT-FOR-US: Consul Template +CVE-2022-38148 (Silverstripe silverstripe/framework through 4.11 allows SQL Injection.) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38147 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 3 o ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38146 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 2 o ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38145 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-38133 (In JetBrains TeamCity before 2022.04.3 the private SSH key could be wr ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-38132 (Command injection vulnerability in Linksys MR8300 router while Registr ...) + NOT-FOR-US: Linksys +CVE-2022-38131 (RStudio Connect prior to 2023.01.0 is affected by an Open Redirect iss ...) + NOT-FOR-US: RStudio Connect +CVE-2022-38130 (The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip ...) + NOT-FOR-US: Keysight Sensor Management Server +CVE-2022-38129 (A path traversal vulnerability exists in the com.keysight.tentacle.lic ...) + NOT-FOR-US: Keysight Sensor Management Server +CVE-2022-38128 + REJECTED +CVE-2022-38127 + REJECTED +CVE-2022-38126 + REJECTED +CVE-2022-38125 (Improper Restriction of Communication Channel to Intended Endpoints vu ...) + NOT-FOR-US: Secomea +CVE-2022-38124 (Debug tool in Secomea SiteManager allows logged-in administrator to mo ...) + NOT-FOR-US: Secomea +CVE-2022-38123 (Improper Input Validation of plugin files in Administrator Interface o ...) + NOT-FOR-US: Secomea +CVE-2022-38122 (UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. A ...) + NOT-FOR-US: UPSMON PRO +CVE-2022-38121 (UPSMON PRO configuration file stores user password in plaintext under ...) + NOT-FOR-US: UPSMON PRO +CVE-2022-38120 (UPSMON PRO\u2019s has a path traversal vulnerability. A remote attacke ...) + NOT-FOR-US: UPSMON PRO +CVE-2022-38119 (UPSMON Pro login function has insufficient authentication. An unauthen ...) + NOT-FOR-US: UPSMON PRO +CVE-2022-38118 (OAKlouds Portal website\u2019s Meeting Room has insufficient validatio ...) + NOT-FOR-US: OAKlouds +CVE-2022-38117 (Juiker app hard-coded its AES key in the source code. A physical attac ...) + NOT-FOR-US: Juiker app +CVE-2022-38116 (Le-yan Personnel and Salary Management System has hard-coded database ...) + NOT-FOR-US: Le-yan Personnel and Salary Management System +CVE-2022-38103 (Insecure inherited permissions in the Intel(R) NUC Software Studio Ser ...) + NOT-FOR-US: Intel +CVE-2022-38092 + RESERVED +CVE-2022-38087 (Exposure of resource to wrong sphere in BIOS firmware for some Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-38076 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) + {DLA-3596-1} + - firmware-nonfree (bug #1051892) + [bookworm] - firmware-nonfree (Non-free not supported) + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html + NOTE: Fixed upstream in linux-firmware/20230804 +CVE-2022-38060 (A privilege escalation vulnerability exists in the sudo functionality ...) + - kolla (bug #804128) + NOTE: https://bugs.launchpad.net/kolla/+bug/1985784 +CVE-2022-38056 (Improper neutralization in the Intel(R) EMA software before version 1. ...) + NOT-FOR-US: Intel +CVE-2022-37336 (Improper input validation in BIOS firmware for some Intel(R) NUC may a ...) + NOT-FOR-US: Intel +CVE-2022-37329 (Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Sta ...) + NOT-FOR-US: Intel +CVE-2022-36406 + RESERVED +CVE-2022-36351 (Improper input validation in some Intel(R) PROSet/Wireless WiFi and Ki ...) + {DLA-3596-1} + - firmware-nonfree (bug #1051892) + [bookworm] - firmware-nonfree (Non-free not supported) + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html + NOTE: Fixed upstream in linux-firmware/20230804 +CVE-2022-33893 + RESERVED +CVE-2022-2759 (Delta Electronics Delta Robot Automation Studio (DRAS) versions prior ...) + NOT-FOR-US: Delta Electronics +CVE-2022-2758 (Passwords are not adequately encrypted during the communication proces ...) + NOT-FOR-US: LS Industrial Systems (LSIS) Co. Ltd +CVE-2022-2757 (Due to the lack of adequately implemented access-control rules, all ve ...) + NOT-FOR-US: Kingspan TMS300 CS +CVE-2022-2756 (Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavi ...) + NOT-FOR-US: Kareadita/Kavita +CVE-2022-2755 + RESERVED +CVE-2022-2754 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2753 (The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2752 (A vulnerability in the web server of Secomea GateManager allows a loca ...) + NOT-FOR-US: Secomea +CVE-2022-2751 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2750 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2749 (A vulnerability was found in SourceCodester Gym Management System. It ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2748 (A vulnerability was found in SourceCodester Simple Online Book Store S ...) + NOT-FOR-US: SourceCodester Simple Online Book Store System +CVE-2022-2747 (A vulnerability was found in SourceCodester Simple Online Book Store a ...) + NOT-FOR-US: SourceCodester Simple Online Book Store System +CVE-2022-2746 (A vulnerability has been found in SourceCodester Simple Online Book St ...) + NOT-FOR-US: SourceCodester Simple Online Book Store System +CVE-2022-2745 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2744 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-38150 (In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cau ...) + - varnish 7.1.1-1 + [bullseye] - varnish (Vulnerable code not present) + [buster] - varnish (Vulnerable code not present) + NOTE: https://varnish-cache.org/security/VSV00009.html + NOTE: Introduced by: https://github.com/varnishcache/varnish-cache/commit/f4dffe593b04a33f07423db3f9dc69eb428b2e85 (varnish-7.0.0) + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/c5fd097e5cce8b461c6443af02b3448baef2491d (master) + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/19544fdc6649bd294f25314d9f609b4979b1fe48 (varnish-7.1.1) +CVE-2022-38115 (Insecure method vulnerability in which allowed HTTP methods are disclo ...) + NOT-FOR-US: Solarwinds +CVE-2022-38114 (This vulnerability occurs when a web server fails to correctly process ...) + NOT-FOR-US: Solarwinds +CVE-2022-38113 (This vulnerability discloses build and services versions in the server ...) + NOT-FOR-US: Solarwinds +CVE-2022-38112 (In DPA 2022.4 and older releases, generated heap memory dumps contain ...) + NOT-FOR-US: SolarWinds +CVE-2022-38111 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-38110 (In Database Performance Analyzer (DPA) 2022.4 and older releases, cert ...) + NOT-FOR-US: SolarWinds +CVE-2022-38109 + RESERVED +CVE-2022-38108 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-38107 (Sensitive information could be displayed when a detailed technical err ...) + NOT-FOR-US: SolarWinds +CVE-2022-38106 (This vulnerability happens in the web client versions 15.3.0 to Serv-U ...) + NOT-FOR-US: Serv-U +CVE-2022-38093 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in All in O ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38070 (Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38068 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38067 (Unauthenticated Event Deletion vulnerability in Totalsoft Event Calend ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38062 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38061 (Authenticated (author+) CSV Injection vulnerability in Export Post Inf ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38059 (Cross-Site Request Forgery (CSRF) vulnerability in Alexey Trofimov's A ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38058 (Authenticated (subscriber+) Plugin Setting change vulnerability in WP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-38054 (In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserv ...) + - airflow (bug #819700) +CVE-2022-37412 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37411 (Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza's Cap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37407 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37405 (Cross-Site Request Forgery (CSRF) vulnerability in Mickey Kay's Better ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37404 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37403 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37402 (Stored Cross-site Scripting (XSS) vulnerability in AFS Analytics plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37344 (Missing Access Control vulnerability in PHP Crafts Accommodation Syste ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37339 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37338 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37335 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37330 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37328 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36798 (Cross-Site Request Forgery (CSRF) vulnerability in Topdigitaltrends Me ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36796 (Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36793 (Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36791 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36428 (Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Stage Rock ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36427 (Missing Access Control vulnerability in About Rentals. Inc. About Rent ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36425 (Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36422 (Rating increase/decrease via race condition in Lester 'GaMerZ' Chan WP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36405 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36394 (Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36390 (Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36387 (Broken Access Control vulnerability in Alessio Caiazza's About Me plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36383 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36376 (Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36373 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Wa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36365 (Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36358 (Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36355 (Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36352 + RESERVED +CVE-2022-36347 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36345 (Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35726 (Broken Authentication vulnerability in yotuwp Video Gallery plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35725 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35277 (Cross-Site Request Forgery (CSRF) vulnerability in GetResponse plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35275 (Authenticated (shop manager+) Reflected Cross-Site Scripting (XSS) vul ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35242 (Unauthenticated plugin settings change vulnerability in 59sec THE Lead ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35235 (Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-31474 (Directory Traversal vulnerability in iThemes BackupBuddy plugin 8.5.8. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29476 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 D ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2743 (Integer overflow in Window Manager in Google Chrome on Chrome OS and L ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2742 (Use after free in Exosphere in Google Chrome on Chrome OS and Lacros p ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2741 (The denial-of-service can be triggered by transmitting a carefully cra ...) + NOT-FOR-US: zephyr-rtos +CVE-2022-2740 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2739 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...) + NOT-FOR-US: Red Hat specific release error +CVE-2022-2738 (The version of podman as released for Red Hat Enterprise Linux 7 Extra ...) + NOT-FOR-US: Red Hat specific release error +CVE-2022-2737 (The WP STAGING WordPress plugin before 2.9.18 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2736 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2735 (A vulnerability was found in the PCS project. This issue occurs due to ...) + {DSA-5226-1} + - pcs 0.11.3-2 (bug #1018930) + [buster] - pcs (Vulnerable code not present, see #1018930) + NOTE: https://www.openwall.com/lists/oss-security/2022/09/01/4 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116815 + NOTE: https://github.com/ClusterLabs/pcs/commit/de068e2066e377d1cc77edf25aed0198e4c77f7b +CVE-2022-2734 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + NOT-FOR-US: OpenEMR +CVE-2022-2733 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) + NOT-FOR-US: OpenEMR +CVE-2022-2732 (Missing Authorization in GitHub repository openemr/openemr prior to 7. ...) + NOT-FOR-US: OpenEMR +CVE-2022-2731 (Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/op ...) + NOT-FOR-US: OpenEMR +CVE-2022-2730 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: OpenEMR +CVE-2022-2729 (Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr ...) + NOT-FOR-US: OpenEMR +CVE-2022-2728 (A vulnerability was found in SourceCodester Gym Management System. It ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2727 (A vulnerability was found in SourceCodester Gym Management System. It ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2726 (A vulnerability classified as critical has been found in SEMCMS. This ...) + NOT-FOR-US: SEMCMS +CVE-2022-38053 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-38052 + RESERVED +CVE-2022-38051 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-38050 (Win32k Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38049 (Microsoft Office Graphics Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38048 (Microsoft Office Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38047 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-38046 (Web Account Manager Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38045 (Server Service Remote Protocol Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38044 (Windows CD-ROM File System Driver Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38043 (Windows Security Support Provider Interface Information Disclosure Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-38042 (Active Directory Domain Services Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38041 (Windows Secure Channel Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38040 (Microsoft ODBC Driver Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38039 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-38038 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-38037 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-38036 (Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38035 + RESERVED +CVE-2022-38034 (Windows Workstation Service Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38033 (Windows Server Remotely Accessible Registry Keys Information Disclosur ...) + NOT-FOR-US: Microsoft +CVE-2022-38032 (Windows Portable Device Enumerator Service Security Feature Bypass Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-38031 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-38030 (Windows USB Serial Driver Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38029 (Windows ALPC Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38028 (Windows Print Spooler Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38027 (Windows Storage Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38026 (Windows DHCP Client Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38025 (Windows Distributed File System (DFS) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-38024 + RESERVED +CVE-2022-38023 (Netlogon RPC Elevation of Privilege Vulnerability) + - samba 2:4.17.4+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2022-38023.html + NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 + NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 +CVE-2022-38022 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-38021 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-38020 (Visual Studio Code Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38019 (AV1 Video Extension Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38018 + RESERVED +CVE-2022-38017 (StorSimple 8000 Series Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38016 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-38015 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38014 (Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-38013 (.NET Core and Visual Studio Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38012 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38011 (Raw Image Extension Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38010 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38009 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38008 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38007 (Azure Guest Configuration and Azure Arc-enabled servers Elevation of P ...) + NOT-FOR-US: Microsoft +CVE-2022-38006 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38005 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38004 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-38003 (Windows Resilient File System Elevation of Privilege.) + NOT-FOR-US: Microsoft +CVE-2022-38002 + RESERVED +CVE-2022-38001 (Microsoft Office Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-38000 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-37999 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-37998 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...) + NOT-FOR-US: Microsoft +CVE-2022-37997 (Windows Graphics Component Elevation of Privilege Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-37996 (Windows Kernel Memory Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37995 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-37994 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-37993 (Windows Group Policy Preference Client Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-37992 (Windows Group Policy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37991 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-37990 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-37989 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-37988 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-37987 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-37986 (Windows Win32k Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37985 (Windows Graphics Component Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37984 (Windows WLAN Service Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37983 (Microsoft DWM Core Library Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37982 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-37981 (Windows Event Logging Service Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37980 (Windows DHCP Client Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37979 (Windows Hyper-V Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37978 (Windows Active Directory Certificate Services Security Feature Bypass.) + NOT-FOR-US: Microsoft +CVE-2022-37977 (Local Security Authority Subsystem Service (LSASS) Denial of Service V ...) + NOT-FOR-US: Microsoft +CVE-2022-37976 (Active Directory Certificate Services Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-37975 (Windows Group Policy Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37974 (Windows Mixed Reality Developer Tools Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-37973 (Windows Local Session Manager (LSM) Denial of Service Vulnerability. T ...) + NOT-FOR-US: Microsoft +CVE-2022-37972 (Microsoft Endpoint Configuration Manager Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37971 (Microsoft Windows Defender Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37970 (Windows DWM Core Library Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-37969 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-37968 (Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-37967 (Windows Kerberos Elevation of Privilege Vulnerability) + - samba 2:4.17.4+dfsg-1 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Domain controller functionality is EOLed, see DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-37967.html + NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 + NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 +CVE-2022-37966 (Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability) + - samba 2:4.17.4+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2022-37966.html + NOTE: possible samba 4.13,4.15 regression: https://bugzilla.samba.org/show_bug.cgi?id=15243 + NOTE: and https://bugs.launchpad.net/ubuntu/+source/samba/+bug/2003867 +CVE-2022-37965 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-37964 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37963 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37962 (Microsoft PowerPoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37961 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37960 + RESERVED +CVE-2022-37959 (Network Device Enrollment Service (NDES) Security Feature Bypass Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-37958 (SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2022-37957 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37956 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37955 (Windows Group Policy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37954 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-37953 (An HTTP response splitting vulnerability exists in the AM Gateway Chal ...) + NOT-FOR-US: GE Gas Power +CVE-2022-37952 (A reflected cross-site scripting (XSS) vulnerability exists in the iHi ...) + NOT-FOR-US: iHistorian Data Display of WorkstationST +CVE-2022-37951 + REJECTED +CVE-2022-37950 + REJECTED +CVE-2022-37949 + REJECTED +CVE-2022-37948 + REJECTED +CVE-2022-37947 + REJECTED +CVE-2022-37946 + REJECTED +CVE-2022-37945 + REJECTED +CVE-2022-37944 + REJECTED +CVE-2022-37943 + REJECTED +CVE-2022-37942 + REJECTED +CVE-2022-37941 + REJECTED +CVE-2022-37940 (Potential security vulnerabilities have been identified in the HPE Fle ...) + NOT-FOR-US: HPE +CVE-2022-37939 (A potential security vulnerability has been identified in HPE Superdom ...) + NOT-FOR-US: HPE +CVE-2022-37938 (Unauthenticated server side request forgery in HPE Serviceguard Manage ...) + NOT-FOR-US: HPE +CVE-2022-37937 (Pre-auth memory corruption in HPE Serviceguard) + NOT-FOR-US: HPE +CVE-2022-37936 (Unauthenticated Java deserialization vulnerability in Serviceguard Man ...) + NOT-FOR-US: HPE +CVE-2022-37935 (HPE OneView for VMware vCenter, in certain circumstances, may disclose ...) + NOT-FOR-US: HPE OneView for VMware vCenter +CVE-2022-37934 (A potential security vulnerability has been identified in HPE OfficeCo ...) + NOT-FOR-US: HPE +CVE-2022-37933 (A potential security vulnerability has been identified in HPE Superdom ...) + NOT-FOR-US: HPE +CVE-2022-37932 (A potential security vulnerability has been identified in Hewlett Pack ...) + NOT-FOR-US: HPE +CVE-2022-37931 (A vulnerability in NetBatch-Plus software allows unauthorized access t ...) + NOT-FOR-US: HPE +CVE-2022-37930 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) + NOT-FOR-US: HPE +CVE-2022-37929 (Improper Privilege Management vulnerability in Hewlett Packard Enterpr ...) + NOT-FOR-US: HPE +CVE-2022-37928 (Insufficient Verification of Data Authenticity vulnerability in Hewlet ...) + NOT-FOR-US: HPE +CVE-2022-37927 (URL Redirection to Untrusted Site ('Open Redirect') vulnerability in H ...) + NOT-FOR-US: HPE +CVE-2022-37926 (A vulnerability within the web-based management interface of EdgeConne ...) + NOT-FOR-US: Aruba +CVE-2022-37925 (A vulnerability within the web-based management interface of Aruba Edg ...) + NOT-FOR-US: Aruba +CVE-2022-37924 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-37923 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-37922 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-37921 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-37920 (Vulnerabilities in the Aruba EdgeConnect Enterprise command line inter ...) + NOT-FOR-US: Aruba +CVE-2022-37919 (A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An ...) + NOT-FOR-US: Aruba +CVE-2022-37918 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) + NOT-FOR-US: Aruba +CVE-2022-37917 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) + NOT-FOR-US: Aruba +CVE-2022-37916 (Vulnerabilities in the AirWave Management Platform web-based managemen ...) + NOT-FOR-US: Aruba +CVE-2022-37915 (A vulnerability in the web-based management interface of Aruba EdgeCon ...) + NOT-FOR-US: Aruba +CVE-2022-37914 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...) + NOT-FOR-US: Aruba +CVE-2022-37913 (Vulnerabilities in the web-based management interface of Aruba EdgeCon ...) + NOT-FOR-US: Aruba +CVE-2022-37912 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37911 (Due to improper restrictions on XML entities multiple vulnerabilities ...) + NOT-FOR-US: Aruba +CVE-2022-37910 (A buffer overflow vulnerability exists in the ArubaOS command line int ...) + NOT-FOR-US: Aruba +CVE-2022-37909 (Aruba has identified certain configurations of ArubaOS that can lead t ...) + NOT-FOR-US: Aruba +CVE-2022-37908 (An authenticated attacker can impact the integrity of the ArubaOS boot ...) + NOT-FOR-US: Aruba +CVE-2022-37907 (A vulnerability exists in the ArubaOS bootloader on 7xxx series contro ...) + NOT-FOR-US: Aruba +CVE-2022-37906 (An authenticated path traversal vulnerability exists in the ArubaOS co ...) + NOT-FOR-US: Aruba +CVE-2022-37905 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...) + NOT-FOR-US: Aruba +CVE-2022-37904 (Vulnerabilities in ArubaOS running on 7xxx series controllers exist th ...) + NOT-FOR-US: Aruba +CVE-2022-37903 (A vulnerability exists that allows an authenticated attacker to overwr ...) + NOT-FOR-US: Aruba +CVE-2022-37902 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37901 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37900 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37899 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37898 (Authenticated command injection vulnerabilities exist in the ArubaOS c ...) + NOT-FOR-US: Aruba +CVE-2022-37897 (There is a command injection vulnerability that could lead to unauthen ...) + NOT-FOR-US: Aruba +CVE-2022-37896 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...) + NOT-FOR-US: Aruba +CVE-2022-37895 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) + NOT-FOR-US: Aruba +CVE-2022-37894 (An unauthenticated Denial of Service (DoS) vulnerability exists in the ...) + NOT-FOR-US: Aruba +CVE-2022-37893 (An authenticated command injection vulnerability exists in the Aruba I ...) + NOT-FOR-US: Aruba +CVE-2022-37892 (A vulnerability in the Aruba InstantOS and ArubaOS 10 web management i ...) + NOT-FOR-US: Aruba +CVE-2022-37891 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...) + NOT-FOR-US: Aruba +CVE-2022-37890 (Unauthenticated buffer overflow vulnerabilities exist within the Aruba ...) + NOT-FOR-US: Aruba +CVE-2022-37889 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2022-37888 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2022-37887 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2022-37886 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2022-37885 (There are buffer overflow vulnerabilities in multiple underlying servi ...) + NOT-FOR-US: Aruba +CVE-2022-37884 (A vulnerability exists in the ClearPass Policy Manager Guest User Inte ...) + NOT-FOR-US: Aruba +CVE-2022-37883 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37882 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37881 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37880 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37879 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37878 (Vulnerabilities in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-37877 (A vulnerability in the ClearPass OnGuard macOS agent could allow malic ...) + NOT-FOR-US: Aruba +CVE-2022-2725 (A vulnerability was found in SourceCodester Company Website CMS. It ha ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2724 (A vulnerability was found in SourceCodester Employee Management System ...) + NOT-FOR-US: SourceCodester Employee Management System +CVE-2022-2723 (A vulnerability was found in SourceCodester Employee Management System ...) + NOT-FOR-US: SourceCodester Employee Management System +CVE-2022-2722 (A vulnerability was found in SourceCodester Simple Student Information ...) + NOT-FOR-US: SourceCodester Simple Student Information System +CVE-2022-2721 (In affected versions of Octopus Server it is possible for target disco ...) + NOT-FOR-US: Octopus Server +CVE-2022-2720 (In affected versions of Octopus Server it was identified that when a s ...) + NOT-FOR-US: Octopus Server +CVE-2021-46833 + RESERVED +CVE-2021-46832 + RESERVED +CVE-2022-37876 + RESERVED +CVE-2022-37875 + RESERVED +CVE-2022-37874 + RESERVED +CVE-2022-37873 + RESERVED +CVE-2022-37872 + RESERVED +CVE-2022-37871 + RESERVED +CVE-2022-37870 + RESERVED +CVE-2022-37869 + RESERVED +CVE-2022-37868 + RESERVED +CVE-2022-37867 + RESERVED +CVE-2022-37866 (When Apache Ivy downloads artifacts from a repository it stores them i ...) + NOT-FOR-US: Apache Ivy +CVE-2022-37865 (With Apache Ivy 2.4.0 an optional packaging attribute has been introdu ...) + NOT-FOR-US: Apache Ivy +CVE-2022-37864 (A vulnerability has been identified in Solid Edge (All Versions < SE20 ...) + NOT-FOR-US: Solid Edge +CVE-2022-35733 (Missing authentication for critical function vulnerability in UNIMO Te ...) + NOT-FOR-US: Technology digital video recorders firmware +CVE-2022-2719 (In ImageMagick, a crafted file could trigger an assertion failure when ...) + - imagemagick (Specific to IM7) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2116537 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/716496e6df0add89e9679d6da9c0afca814cfe49 +CVE-2022-2718 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2717 (The JoomSport \u2013 for Sports: Team & League, Football, Hockey & mor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2716 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2715 (A vulnerability has been found in SourceCodester Employee Management S ...) + NOT-FOR-US: SourceCodester Employee Management System +CVE-2022-2714 (Improper Handling of Length Parameter Inconsistency in GitHub reposito ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2022-2713 (Insufficient Session Expiration in GitHub repository cockpit-hq/cockpi ...) + NOT-FOR-US: Cockpit-HQ/Cockpit +CVE-2022-2712 (In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability ...) + - glassfish +CVE-2022-2711 (The Import any XML or CSV File to WordPress plugin before 3.6.9 is not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2710 (The Scroll To Top WordPress plugin before 1.4.1 does not escape some o ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2709 (The Float to Top Button WordPress plugin through 2.3.6 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37863 + RESERVED +CVE-2022-37862 + RESERVED +CVE-2022-37861 (There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 ...) + NOT-FOR-US: Tenhot TWS-100 router +CVE-2022-37860 (The web configuration interface of the TP-Link M7350 V3 with firmware ...) + NOT-FOR-US: TP-Link +CVE-2022-37859 + RESERVED +CVE-2022-37858 + RESERVED +CVE-2022-37857 (bilde2910 Hauk v1.6.1 requires a hardcoded password which by default i ...) + NOT-FOR-US: bilde2910 Hauk +CVE-2022-37856 + RESERVED +CVE-2022-37855 + RESERVED +CVE-2022-37854 + RESERVED +CVE-2022-37853 + RESERVED +CVE-2022-37852 + RESERVED +CVE-2022-37851 + RESERVED +CVE-2022-37850 + RESERVED +CVE-2022-37849 + RESERVED +CVE-2022-37848 + RESERVED +CVE-2022-37847 + RESERVED +CVE-2022-37846 + RESERVED +CVE-2022-37845 + RESERVED +CVE-2022-37844 + RESERVED +CVE-2022-37843 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37842 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat. ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37841 (In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded passwo ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37840 (In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downlo ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37839 (TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflo ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37838 + RESERVED +CVE-2022-37837 + RESERVED +CVE-2022-37836 + RESERVED +CVE-2022-37835 (Torguard VPN 4.8, has a vulnerability that allows an attacker to dump ...) + NOT-FOR-US: Torguard VPN +CVE-2022-37834 + RESERVED +CVE-2022-37833 + RESERVED +CVE-2022-37832 (Mutiny 7.2.0-10788 suffers from Hardcoded root password.) + NOT-FOR-US: Mutiny +CVE-2022-37831 + RESERVED +CVE-2022-37830 (Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: Interway a.s WebJET CMS +CVE-2022-37829 + RESERVED +CVE-2022-37828 + RESERVED +CVE-2022-37827 + RESERVED +CVE-2022-37826 + RESERVED +CVE-2022-37825 + RESERVED +CVE-2022-37824 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37823 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37822 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37821 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37820 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37819 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37818 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37817 (Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-37816 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37815 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37814 (Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack ove ...) + NOT-FOR-US: Tenda +CVE-2022-37813 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37812 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37811 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37810 (Tenda AC1206 V15.03.06.23 was discovered to contain a command injectio ...) + NOT-FOR-US: Tenda +CVE-2022-37809 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37808 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37807 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37806 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37805 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37804 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37803 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37802 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37801 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37800 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37799 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37798 (Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-37797 (In lighttpd 1.4.65, mod_wstunnel does not initialize a handler functio ...) + {DSA-5243-1 DLA-3133-1} + - lighttpd 1.4.66-1 + NOTE: https://redmine.lighttpd.net/issues/3165 + NOTE: https://git.lighttpd.net/lighttpd/lighttpd1.4/commit/971773f1fae600074b46ef64f3ca1f76c227985f (lighttpd-1.4.66) +CVE-2022-37796 (In Simple Online Book Store System 1.0 in /admin_book.php the Title, A ...) + NOT-FOR-US: Simple Online Book Store System +CVE-2022-37795 + RESERVED +CVE-2022-37794 (In Library Management System 1.0 the /card/in-card.php file id_no para ...) + NOT-FOR-US: Library Management System +CVE-2022-37793 + RESERVED +CVE-2022-37792 + RESERVED +CVE-2022-37791 + RESERVED +CVE-2022-37790 + RESERVED +CVE-2022-37789 + RESERVED +CVE-2022-37788 + RESERVED +CVE-2022-37787 (An issue was discovered in WeCube platform 3.2.2. A DOM XSS vulnerabil ...) + NOT-FOR-US: WeCube +CVE-2022-37786 (An issue was discovered in WeCube Platform 3.2.2. There are multiple C ...) + NOT-FOR-US: WeCube +CVE-2022-37785 (An issue was discovered in WeCube Platform 3.2.2. Cleartext passwords ...) + NOT-FOR-US: WeCube +CVE-2022-37784 + RESERVED +CVE-2022-37783 (All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hash ...) + NOT-FOR-US: Craft CMS +CVE-2022-37782 + RESERVED +CVE-2022-37781 (fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __i ...) + - fdkaac (unimportant; bug #1017754) + NOTE: https://github.com/nu774/fdkaac/issues/54 + NOTE: https://github.com/nu774/fdkaac/commit/ecddb7d63306e01d137d65bbbe7b78c1e779943c + NOTE: Crash in CLI tool, no security impact +CVE-2022-37780 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) + NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers +CVE-2022-37779 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) + NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers +CVE-2022-37778 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1. ...) + NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers +CVE-2022-37777 (Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.1 ...) + NOT-FOR-US: Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers +CVE-2022-37776 + RESERVED +CVE-2022-37775 (Genesys PureConnect Interaction Web Tools Chat Service (up to at least ...) + NOT-FOR-US: Genesys PureConnect Interaction Web Tools Chat Service +CVE-2022-37774 (There is a broken access control vulnerability in the Maarch RM 2.8.3 ...) + NOT-FOR-US: Maarch RM +CVE-2022-37773 (An authenticated SQL Injection vulnerability in the statistics page (/ ...) + NOT-FOR-US: Maarch RM +CVE-2022-37772 (Maarch RM 2.8.3 solution contains an improper restriction of excessive ...) + NOT-FOR-US: Maarch RM +CVE-2022-37771 (IObit Malware Fighter v9.2 for Microsoft Windows lacks tamper protecti ...) + NOT-FOR-US: IObit Malware Fighter +CVE-2022-37770 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) + - libjpeg 0.0~git20220805.54ec643-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/79 + NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 + NOTE: Crash in CLI tool, no security impact +CVE-2022-37769 (libjpeg commit 281daa9 was discovered to contain a segmentation fault ...) + - libjpeg 0.0~git20220805.54ec643-1 (bug #1025339) + [bullseye] - libjpeg (Minor issue) + NOTE: https://github.com/thorfdbg/libjpeg/issues/78 + NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 +CVE-2022-37768 (libjpeg commit 281daa9 was discovered to contain an infinite loop via ...) + - libjpeg 0.0~git20220805.54ec643-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/77 + NOTE: https://github.com/thorfdbg/libjpeg/commit/281daa9ccee18742b83a77cd29bd2726b69b7977 + NOTE: Hang in CLI tool, no security impact +CVE-2022-37767 (Pebble Templates 3.1.5 allows attackers to bypass a protection mechani ...) + NOT-FOR-US: Pebble Templates +CVE-2022-37766 + RESERVED +CVE-2022-37765 + RESERVED +CVE-2022-37764 + RESERVED +CVE-2022-37763 + RESERVED +CVE-2022-37762 + RESERVED +CVE-2022-37761 + RESERVED +CVE-2022-37760 + RESERVED +CVE-2022-37759 + RESERVED +CVE-2022-37758 + RESERVED +CVE-2022-37757 + RESERVED +CVE-2022-37756 + RESERVED +CVE-2022-37755 + RESERVED +CVE-2022-37754 + RESERVED +CVE-2022-37753 + RESERVED +CVE-2022-37752 + RESERVED +CVE-2022-37751 + RESERVED +CVE-2022-37750 + RESERVED +CVE-2022-37749 + RESERVED +CVE-2022-37748 + RESERVED +CVE-2022-37747 + RESERVED +CVE-2022-37746 + RESERVED +CVE-2022-37745 + RESERVED +CVE-2022-37744 + RESERVED +CVE-2022-37743 + RESERVED +CVE-2022-37742 + RESERVED +CVE-2022-37741 + RESERVED +CVE-2022-37740 + RESERVED +CVE-2022-37739 + RESERVED +CVE-2022-37738 + RESERVED +CVE-2022-37737 + RESERVED +CVE-2022-37736 + RESERVED +CVE-2022-37735 + RESERVED +CVE-2022-37734 (graphql-java before19.0 is vulnerable to Denial of Service. An attacke ...) + NOT-FOR-US: graphql-java +CVE-2022-37733 + RESERVED +CVE-2022-37732 + RESERVED +CVE-2022-37731 (ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts mal ...) + NOT-FOR-US: ftcms +CVE-2022-37730 (In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerabili ...) + NOT-FOR-US: ftcms +CVE-2022-37729 + RESERVED +CVE-2022-37728 + RESERVED +CVE-2022-37727 + RESERVED +CVE-2022-37726 + RESERVED +CVE-2022-37725 + RESERVED +CVE-2022-37724 (Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary ...) + NOT-FOR-US: Project Wonder WebObjects +CVE-2022-37723 + RESERVED +CVE-2022-37722 + RESERVED +CVE-2022-37721 (PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when ...) + NOT-FOR-US: PyroCMS +CVE-2022-37720 (Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scriptin ...) + NOT-FOR-US: Orchard CMS +CVE-2022-37719 (A Cross-Site Request Forgery (CSRF) in the management portal of JetNex ...) + NOT-FOR-US: JetNexus +CVE-2022-37718 (The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was di ...) + NOT-FOR-US: JetNexus +CVE-2022-37717 + RESERVED +CVE-2022-37716 + RESERVED +CVE-2022-37715 + RESERVED +CVE-2022-37714 + RESERVED +CVE-2022-37713 + RESERVED +CVE-2022-37712 + RESERVED +CVE-2022-37711 + RESERVED +CVE-2022-37710 (Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ...) + NOT-FOR-US: Patterson Dental Eaglesoft +CVE-2022-37709 (Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is ...) + NOT-FOR-US: Tesla +CVE-2022-37708 + REJECTED +CVE-2022-37707 + RESERVED +CVE-2022-37706 (enlightenment_sys in Enlightenment before 0.25.4 allows local users to ...) + {DSA-5233-1 DLA-3115-1} + - e17 0.25.4-1 + NOTE: https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit + NOTE: https://git.enlightenment.org/enlightenment/enlightenment/commit/cc7faeccf77fef8b0ae70e312a21e4cde087e141 +CVE-2022-37705 (A privilege escalation flaw was found in Amanda 3.5.1 in which the bac ...) + {DLA-3681-1} + - amanda 1:3.5.1-10 (bug #1029829) + [bullseye] - amanda (Minor issue) + NOTE: https://github.com/MaherAzzouzi/CVE-2022-37705 + NOTE: https://github.com/zmanda/amanda/issues/192 + NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2 + NOTE: https://github.com/zmanda/amanda/pull/196 + NOTE: https://github.com/zmanda/amanda/commit/43c5b32f46186f3ed78fe6c7503096fa9ad1236c +CVE-2022-37704 (Amanda 3.5.1 allows privilege escalation from the regular user backup ...) + {DLA-3330-1} + - amanda 1:3.5.1-10 (bug #1029829) + [bullseye] - amanda (Minor issue) + NOTE: https://github.com/MaherAzzouzi/CVE-2022-37704 + NOTE: https://github.com/zmanda/amanda/issues/192 + NOTE: https://marc.info/?l=amanda-hackers&m=167437716918603&w=2 + NOTE: https://github.com/zmanda/amanda/pull/197 + NOTE: https://github.com/zmanda/amanda/commit/e890d08e16ea0621966a7ae35cce53ccb44a472e + NOTE: Followup: https://github.com/zmanda/amanda/pull/202 +CVE-2022-37703 (In Amanda 3.5.1, an information leak vulnerability was found in the ca ...) + {DLA-3681-1} + - amanda 1:3.5.1-10 (bug #1021017) + [bullseye] - amanda (Minor issue) + NOTE: https://github.com/MaherAzzouzi/CVE-2022-37703 + NOTE: https://github.com/zmanda/amanda/issues/192 + NOTE: https://github.com/zmanda/amanda/pull/198 + NOTE: https://github.com/zmanda/amanda/commit/b1dd708728fcab5e3a49ba5c0fb754776242efc3 +CVE-2022-37702 + RESERVED +CVE-2022-37701 + RESERVED +CVE-2022-37700 (Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obt ...) + NOT-FOR-US: Zentao Demo15 +CVE-2022-37699 + RESERVED +CVE-2022-37698 + RESERVED +CVE-2022-37697 + RESERVED +CVE-2022-37696 + RESERVED +CVE-2022-37695 + RESERVED +CVE-2022-37694 + RESERVED +CVE-2022-37693 + RESERVED +CVE-2022-37692 + RESERVED +CVE-2022-37691 + RESERVED +CVE-2022-37690 + RESERVED +CVE-2022-37689 + RESERVED +CVE-2022-37688 + RESERVED +CVE-2022-37687 + RESERVED +CVE-2022-37686 + RESERVED +CVE-2022-37685 + RESERVED +CVE-2022-37684 + RESERVED +CVE-2022-37683 + RESERVED +CVE-2022-37682 + RESERVED +CVE-2022-37681 (Hitachi Kokusai Electric Newtork products for monitoring system (Camer ...) + NOT-FOR-US: Hitachi Kokusai Electric Inc ISnex HC-IP9100HD +CVE-2022-37680 (An improper authentication for critical function issue in Hitachi Koku ...) + NOT-FOR-US: Hitachi +CVE-2022-37679 (Miniblog.Core v1.0 was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: Miniblog.Core +CVE-2022-37678 + RESERVED +CVE-2022-37677 + RESERVED +CVE-2022-37676 + RESERVED +CVE-2022-37675 + RESERVED +CVE-2022-37674 + RESERVED +CVE-2022-37673 + RESERVED +CVE-2022-37672 + RESERVED +CVE-2022-37671 + RESERVED +CVE-2022-37670 + RESERVED +CVE-2022-37669 + RESERVED +CVE-2022-37668 + RESERVED +CVE-2022-37667 + RESERVED +CVE-2022-37666 + RESERVED +CVE-2022-37665 + RESERVED +CVE-2022-37664 + RESERVED +CVE-2022-37663 + RESERVED +CVE-2022-37662 + RESERVED +CVE-2022-37661 (SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remo ...) + NOT-FOR-US: SmartRG +CVE-2022-37660 + RESERVED +CVE-2022-37659 + RESERVED +CVE-2022-37658 + RESERVED +CVE-2022-37657 + RESERVED +CVE-2022-37656 + RESERVED +CVE-2022-37655 + RESERVED +CVE-2022-37654 + RESERVED +CVE-2022-37653 + RESERVED +CVE-2022-37652 + RESERVED +CVE-2022-37651 + RESERVED +CVE-2022-37650 + RESERVED +CVE-2022-37649 + RESERVED +CVE-2022-37648 + RESERVED +CVE-2022-37647 + RESERVED +CVE-2022-37646 + RESERVED +CVE-2022-37645 + RESERVED +CVE-2022-37644 + RESERVED +CVE-2022-37643 + RESERVED +CVE-2022-37642 + RESERVED +CVE-2022-37641 + RESERVED +CVE-2022-37640 + RESERVED +CVE-2022-37639 + RESERVED +CVE-2022-37638 + RESERVED +CVE-2022-37637 + RESERVED +CVE-2022-37636 + RESERVED +CVE-2022-37635 + RESERVED +CVE-2022-37634 + RESERVED +CVE-2022-37633 + RESERVED +CVE-2022-37632 + RESERVED +CVE-2022-37631 + RESERVED +CVE-2022-37630 + RESERVED +CVE-2022-37629 + RESERVED +CVE-2022-37628 + RESERVED +CVE-2022-37627 + RESERVED +CVE-2022-37626 + RESERVED +CVE-2022-37625 + RESERVED +CVE-2022-37624 + RESERVED +CVE-2022-37623 (Prototype pollution vulnerability in function resolveShims in resolve- ...) + NOT-FOR-US: browserify-shim +CVE-2022-37622 + RESERVED +CVE-2022-37621 (Prototype pollution vulnerability in function resolveShims in resolve- ...) + NOT-FOR-US: browserify-shim +CVE-2022-37620 (A Regular Expression Denial of Service (ReDoS) flaw was found in kanga ...) + - html-minifier (bug #857108) +CVE-2022-37619 + RESERVED +CVE-2022-37618 + RESERVED +CVE-2022-37617 (Prototype pollution vulnerability in function resolveShims in resolve- ...) + NOT-FOR-US: Node browserify-shim +CVE-2022-37616 (A prototype pollution vulnerability exists in the function copy in dom ...) + {DLA-3154-1} + - node-xmldom 0.8.3-1 (bug #1021618) + [bullseye] - node-xmldom 0.5.0-1+deb11u1 + NOTE: https://github.com/xmldom/xmldom/issues/436 + NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj + NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd (0.9.0-beta.2) + NOTE: Fixed by: https://github.com/xmldom/xmldom/commit/7c0d4b7fbf74079060a2f135a369adeeccaf4b18 (0.8.3) +CVE-2022-37615 + RESERVED +CVE-2022-37614 (Prototype pollution vulnerability in function enable in mockery.js in ...) + NOT-FOR-US: Node mockery +CVE-2022-37613 + RESERVED +CVE-2022-37612 + RESERVED +CVE-2022-37611 (Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the pa ...) + NOT-FOR-US: Node gh-pages +CVE-2022-37610 + RESERVED +CVE-2022-37609 (Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 v ...) + NOT-FOR-US: Node js-beautify +CVE-2022-37608 + RESERVED +CVE-2022-37607 + RESERVED +CVE-2022-37606 + RESERVED +CVE-2022-37605 + RESERVED +CVE-2022-37604 + RESERVED +CVE-2022-37603 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...) + - node-loader-utils 2.0.4-1 + [bullseye] - node-loader-utils 2.0.0-1+deb11u1 + [buster] - node-loader-utils (Vulnerable regex introduced in upstream v1.2.0) + NOTE: https://github.com/webpack/loader-utils/issues/213 + NOTE: https://github.com/webpack/loader-utils/pull/225 + NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4) +CVE-2022-37602 (Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 vi ...) + NOT-FOR-US: karma-runner grunt-karma +CVE-2022-37601 (Prototype pollution vulnerability in function parseQuery in parseQuery ...) + {DLA-3258-1} + - node-loader-utils 2.0.3-1 + [bullseye] - node-loader-utils 2.0.0-1+deb11u1 + NOTE: https://github.com/webpack/loader-utils/issues/212 + NOTE: https://github.com/webpack/loader-utils/commit/a93cf6f4702012030f6b5ee8340d5c95ec1c7d4c (v2.0.3) +CVE-2022-37600 + RESERVED +CVE-2022-37599 (A Regular expression denial of service (ReDoS) flaw was found in Funct ...) + - node-loader-utils 2.0.4-1 + [bullseye] - node-loader-utils 2.0.0-1+deb11u1 + [buster] - node-loader-utils (Vulnerable regex introduced in upstream v1.2.0) + NOTE: https://github.com/webpack/loader-utils/issues/211 + NOTE: https://github.com/webpack/loader-utils/pull/225 + NOTE: https://github.com/webpack/loader-utils/commit/ac09944dfacd7c4497ef692894b09e63e09a5eeb (v2.0.4) +CVE-2022-37598 (Prototype pollution vulnerability in function DEFNODE in ast.js in mis ...) + - uglify-js (unimportant) + - uglifyjs (unimportant) + NOTE: https://github.com/mishoo/UglifyJS/issues/5699 + NOTE: Issue is not considered valid from upstream in + NOTE: https://github.com/mishoo/UglifyJS/issues/5721#issuecomment-1292849604 +CVE-2022-37597 + RESERVED +CVE-2022-37596 + RESERVED +CVE-2022-37595 + RESERVED +CVE-2022-37594 + RESERVED +CVE-2022-37593 + RESERVED +CVE-2022-37592 + RESERVED +CVE-2022-37591 + RESERVED +CVE-2022-37590 + RESERVED +CVE-2022-37589 + RESERVED +CVE-2022-37588 + RESERVED +CVE-2022-37587 + RESERVED +CVE-2022-37586 + RESERVED +CVE-2022-37585 + RESERVED +CVE-2022-37584 + RESERVED +CVE-2022-37583 + RESERVED +CVE-2022-37582 + RESERVED +CVE-2022-37581 + RESERVED +CVE-2022-37580 + RESERVED +CVE-2022-37579 + RESERVED +CVE-2022-37578 + RESERVED +CVE-2022-37577 + RESERVED +CVE-2022-37576 + RESERVED +CVE-2022-37575 + RESERVED +CVE-2022-37574 + RESERVED +CVE-2022-37573 + RESERVED +CVE-2022-37572 + RESERVED +CVE-2022-37571 + RESERVED +CVE-2022-37570 + RESERVED +CVE-2022-37569 + RESERVED +CVE-2022-37568 + RESERVED +CVE-2022-37567 + RESERVED +CVE-2022-37566 + RESERVED +CVE-2022-37565 + RESERVED +CVE-2022-37564 + RESERVED +CVE-2022-37563 + RESERVED +CVE-2022-37562 + RESERVED +CVE-2022-37561 + RESERVED +CVE-2022-37560 + RESERVED +CVE-2022-37559 + RESERVED +CVE-2022-37558 + RESERVED +CVE-2022-37557 + RESERVED +CVE-2022-37556 + RESERVED +CVE-2022-37555 + RESERVED +CVE-2022-37554 + RESERVED +CVE-2022-37553 + RESERVED +CVE-2022-37552 + RESERVED +CVE-2022-37551 + RESERVED +CVE-2022-37550 + RESERVED +CVE-2022-37549 + RESERVED +CVE-2022-37548 + RESERVED +CVE-2022-37547 + RESERVED +CVE-2022-37546 + RESERVED +CVE-2022-37545 + RESERVED +CVE-2022-37544 + RESERVED +CVE-2022-37543 + RESERVED +CVE-2022-37542 + RESERVED +CVE-2022-37541 + RESERVED +CVE-2022-37540 + RESERVED +CVE-2022-37539 + RESERVED +CVE-2022-37538 + RESERVED +CVE-2022-37537 + RESERVED +CVE-2022-37536 + RESERVED +CVE-2022-37535 + RESERVED +CVE-2022-37534 + RESERVED +CVE-2022-37533 + RESERVED +CVE-2022-37532 + RESERVED +CVE-2022-37531 + RESERVED +CVE-2022-37530 + RESERVED +CVE-2022-37529 + RESERVED +CVE-2022-37528 + RESERVED +CVE-2022-37527 + RESERVED +CVE-2022-37526 + RESERVED +CVE-2022-37525 + RESERVED +CVE-2022-37524 + RESERVED +CVE-2022-37523 + RESERVED +CVE-2022-37522 + RESERVED +CVE-2022-37521 + RESERVED +CVE-2022-37520 + RESERVED +CVE-2022-37519 + RESERVED +CVE-2022-37518 + RESERVED +CVE-2022-37517 + RESERVED +CVE-2022-37516 + RESERVED +CVE-2022-37515 + RESERVED +CVE-2022-37514 + RESERVED +CVE-2022-37513 + RESERVED +CVE-2022-37512 + RESERVED +CVE-2022-37511 + RESERVED +CVE-2022-37510 + RESERVED +CVE-2022-37509 + RESERVED +CVE-2022-37508 + RESERVED +CVE-2022-37507 + RESERVED +CVE-2022-37506 + RESERVED +CVE-2022-37505 + RESERVED +CVE-2022-37504 + RESERVED +CVE-2022-37503 + RESERVED +CVE-2022-37502 + RESERVED +CVE-2022-37501 + RESERVED +CVE-2022-37500 + RESERVED +CVE-2022-37499 + RESERVED +CVE-2022-37498 + RESERVED +CVE-2022-37497 + RESERVED +CVE-2022-37496 + RESERVED +CVE-2022-37495 + RESERVED +CVE-2022-37494 + RESERVED +CVE-2022-37493 + RESERVED +CVE-2022-37492 + RESERVED +CVE-2022-37491 + RESERVED +CVE-2022-37490 + RESERVED +CVE-2022-37489 + RESERVED +CVE-2022-37488 + RESERVED +CVE-2022-37487 + RESERVED +CVE-2022-37486 + RESERVED +CVE-2022-37485 + RESERVED +CVE-2022-37484 + RESERVED +CVE-2022-37483 + RESERVED +CVE-2022-37482 + RESERVED +CVE-2022-37481 + RESERVED +CVE-2022-37480 + RESERVED +CVE-2022-37479 + RESERVED +CVE-2022-37478 + RESERVED +CVE-2022-37477 + RESERVED +CVE-2022-37476 + RESERVED +CVE-2022-37475 + RESERVED +CVE-2022-37474 + RESERVED +CVE-2022-37473 + RESERVED +CVE-2022-37472 + RESERVED +CVE-2022-37471 + RESERVED +CVE-2022-37470 + RESERVED +CVE-2022-37469 + RESERVED +CVE-2022-37468 + RESERVED +CVE-2022-37467 + RESERVED +CVE-2022-37466 + RESERVED +CVE-2022-37465 + RESERVED +CVE-2022-37464 + RESERVED +CVE-2022-37463 + RESERVED +CVE-2022-37462 (A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget i ...) + NOT-FOR-US: Upstream Works Agent Desktop for Cisco Finesse +CVE-2022-37461 (Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical V ...) + NOT-FOR-US: Canon Medical Vitrea View +CVE-2022-37460 + RESERVED +CVE-2022-37459 (Ampere Altra devices before 1.08g and Ampere Altra Max devices before ...) + NOT-FOR-US: Ampere +CVE-2022-37458 (Discourse through 2.8.7 allows admins to send invitations to arbitrary ...) + NOT-FOR-US: Discourse +CVE-2022-37457 + RESERVED +CVE-2022-37456 + RESERVED +CVE-2022-37455 + RESERVED +CVE-2022-37454 (The Keccak XKCP SHA-3 reference implementation before fdc6fef has an i ...) + {DSA-5277-1 DSA-5269-1 DSA-5267-1 DLA-3243-1 DLA-3175-1 DLA-3174-1} + - php8.1 8.1.12-1 + - php7.4 + - php7.3 + - python3.10 3.10.9-1 (unimportant) + - python3.9 (unimportant) + - python3.7 + - python2.7 (Vulnerable code introduced later) + - pysha3 1.0.2-5 (bug #1023030) + - pypy3 7.3.9+dfsg-5 + [buster] - pypy3 (Vulnerable code not present before we switch to the 3.6 branch in 7.1.1+dfsg-1) + NOTE: https://github.com/XKCP/XKCP/security/advisories/GHSA-6w4m-2xhg-2658 + NOTE: https://github.com/XKCP/XKCP/commit/fdc6fef075f4e81d6b1bc38364248975e08e340a + NOTE: https://mouha.be/sha-3-buffer-overflow/ + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81738 + NOTE: PHP fixed in: 7.4.33, 8.0.25, 8.1.12 + NOTE: For PHP, introduced in: https://github.com/php/php-src/commit/91663a92d1697fc30a7ba4687d73e0f63ec2baa1 (php-7.2.0alpha1) + NOTE: Fixed by: https://github.com/php/php-src/commit/248f647724e385bfb8d83aa5b5a5ca3c4ee2c7fd (php-8.2.0RC5) + NOTE: https://github.com/python/cpython/issues/98517 + NOTE: https://github.com/python/cpython/commit/0e4e058602d93b88256ff90bbef501ba20be9dd3 (v3.10.9) + NOTE: https://github.com/python/cpython/commit/857efee6d2d43c5c12fc7e377ce437144c728ab8 (v3.9.16) + NOTE: https://github.com/python/cpython/commit/948c6794711458fd148a3fa62296cadeeb2ed631 (v3.8.16) + NOTE: https://github.com/python/cpython/commit/8088c90044ba04cd5624b278340ebf934dbee4a5 (v3.7.16) + NOTE: For Python, introduced in: https://github.com/python/cpython/commit/6fe2a75b645044ca2b5dac03e8d850567b547a9a (3.6) + NOTE: Versions which have the OpenSSL sha3 delegation are not affected by the issue and only ship + NOTE: source-wise the bundled _sha3 XKCP module code. + NOTE: OpenSSL sha3 delegation added in https://github.com/python/cpython/commit/d5b3f6b7f9fc74438009af63f1de01bd77be9385 (v3.9.0b1) + NOTE: https://python-security.readthedocs.io/vuln/sha3-buffer-overflow.html + NOTE: pypy3 fix: https://foss.heptapod.net/pypy/pypy/-/commit/860b897b2611a4099ef9c63ce848fdec89c74b31 +CVE-2022-37453 (An issue was discovered in Softing OPC UA C++ SDK before 6.10. A buffe ...) + NOT-FOR-US: Softing +CVE-2022-2708 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2707 (A vulnerability classified as critical was found in SourceCodester Onl ...) + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System +CVE-2022-2706 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Online Class and Exam Scheduling System +CVE-2022-2705 (A vulnerability was found in SourceCodester Simple Student Information ...) + NOT-FOR-US: SourceCodester Simple Student Information System +CVE-2022-2704 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) + NOT-FOR-US: SourceCodester Simple E-Learning System +CVE-2022-2703 (A vulnerability was found in SourceCodester Gym Management System. It ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2702 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2701 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Simple E-Learning System +CVE-2022-2700 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2699 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) + NOT-FOR-US: SourceCodester Simple E-Learning System +CVE-2022-2698 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) + NOT-FOR-US: SourceCodester Simple E-Learning System +CVE-2022-2697 (A vulnerability was found in SourceCodester Simple E-Learning System. ...) + NOT-FOR-US: SourceCodester Simple E-Learning System +CVE-2022-2696 (The Restaurant Menu \u2013 Food Ordering System \u2013 Table Reservati ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2695 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2694 (A vulnerability was found in SourceCodester Company Website CMS and cl ...) + NOT-FOR-US: SourceCodester Company Website CMS +CVE-2022-2693 (A vulnerability has been found in SourceCodester Electronic Medical Re ...) + NOT-FOR-US: SourceCodester Electronic Medical Records System +CVE-2022-2692 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Wedding Hall Booking System +CVE-2022-2691 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Wedding Hall Booking System +CVE-2022-2690 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: SourceCodester Wedding Hall Booking System +CVE-2022-2689 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester Wedding Hall Booking System +CVE-2022-2688 (A vulnerability was found in SourceCodester Expense Management System. ...) + NOT-FOR-US: SourceCodester Expense Management System +CVE-2022-37452 (Exim before 4.95 has a heap-based buffer overflow for the alias list i ...) + {DLA-3082-1} + - exim4 4.94.2-5 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/06/8 + NOTE: https://github.com/ivd38/exim_overflow + NOTE: https://github.com/Exim/exim/commit/d4bc023436e4cce7c23c5f8bb5199e178b4cc743 (exim-4.95-RC0) +CVE-2022-37451 (Exim before 4.96 has an invalid free in pam_converse in auths/call_pam ...) + - exim4 4.95-4 + [bullseye] - exim4 (Vulnerable code not present) + [buster] - exim4 (Vulnerable code not present) + NOTE: https://github.com/ivd38/exim_invalid_free + NOTE: https://github.com/Exim/exim/commit/51be321b27825c01829dffd90f11bfff256f7e42 (exim-4.96-RC0) + NOTE: Introduced in https://github.com/Exim/exim/commit/1e30b0199daf7a7a882458251a3dc10d45d4c7d1 (exim-4.95-RC0) +CVE-2022-37450 (Go Ethereum (aka geth) through 1.10.21 allows attackers to increase re ...) + - golang-github-go-ethereum (bug #890541) +CVE-2022-37449 + REJECTED +CVE-2022-37448 + REJECTED +CVE-2022-37447 + REJECTED +CVE-2022-37446 + REJECTED +CVE-2022-37445 + REJECTED +CVE-2022-37444 + REJECTED +CVE-2022-37443 + REJECTED +CVE-2022-37442 + REJECTED +CVE-2022-37441 + REJECTED +CVE-2022-37440 + REJECTED +CVE-2022-2687 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: SourceCodester Gym Management System +CVE-2022-2686 (A vulnerability, which was classified as problematic, was found in ore ...) + NOT-FOR-US: oretnom23 Fast Food Ordering System +CVE-2022-2685 (A vulnerability was found in SourceCodester Interview Management Syste ...) + NOT-FOR-US: SourceCodester Interview Management System +CVE-2022-2684 (A vulnerability has been found in SourceCodester Apartment Visitor Man ...) + NOT-FOR-US: SourceCodester Apartment Visitor Management System +CVE-2022-2683 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Simple Food Ordering System +CVE-2022-2682 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2022-2681 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: Online Student Admission System +CVE-2022-2680 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Church Management System +CVE-2022-2679 (A vulnerability was found in SourceCodester Interview Management Syste ...) + NOT-FOR-US: SourceCodester Interview Management System +CVE-2022-2678 (A vulnerability was found in SourceCodester Alphaware Simple E-Commerc ...) + NOT-FOR-US: SourceCodester Alphaware Simple E-Commerce System +CVE-2022-2677 (A vulnerability was found in SourceCodester Apartment Visitor Manageme ...) + NOT-FOR-US: SourceCodester Apartment Visitor Management System +CVE-2022-2676 (A vulnerability was found in SourceCodester Electronic Medical Records ...) + NOT-FOR-US: SourceCodester Electronic Medical Records System +CVE-2022-37439 (In Splunk Enterprise and Universal Forwarder versions in the following ...) + NOT-FOR-US: Splunk +CVE-2022-37438 (In Splunk Enterprise versions in the following table, an authenticated ...) + NOT-FOR-US: Splunk +CVE-2022-37437 (When using Ingest Actions to configure a destination that resides on A ...) + NOT-FOR-US: Splunk +CVE-2022-37436 (Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the ...) + {DSA-5376-1 DLA-3351-1} + - apache2 2.4.55-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/7 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436 +CVE-2022-37435 (Apache ShenYu Admin has insecure permissions, which may allow low-priv ...) + NOT-FOR-US: Apache ShenYu +CVE-2022-37433 + RESERVED +CVE-2022-37432 + RESERVED +CVE-2022-2675 (Using off-the-shelf commodity hardware, the Unitree Go 1 robotics plat ...) + NOT-FOR-US: Unitree Go 1 robotics platform +CVE-2022-2674 (A vulnerability was found in SourceCodester Best Fee Management System ...) + NOT-FOR-US: SourceCodester +CVE-2022-2673 (A vulnerability was found in Rigatur Online Booking and Hotel Manageme ...) + NOT-FOR-US: Rigatur Online Booking and Hotel Management System +CVE-2022-2672 (A vulnerability was found in SourceCodester Garage Management System. ...) + NOT-FOR-US: SourceCodester +CVE-2022-2671 (A vulnerability was found in SourceCodester Garage Management System a ...) + NOT-FOR-US: SourceCodester +CVE-2022-2670 + RESERVED +CVE-2022-2669 (The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2668 (An issue was discovered in Keycloak that allows arbitrary Javascript t ...) + NOT-FOR-US: Keycloak +CVE-2022-37434 (zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl ...) + {DSA-5218-1 DLA-3103-1} + - zlib 1:1.2.11.dfsg-4.1 (bug #1016710) + - libz-mingw-w64 1.2.12+dfsg-2 + [bullseye] - libz-mingw-w64 (Minor issue) + [buster] - libz-mingw-w64 (Minor issue) + NOTE: https://github.com/ivd38/zlib_overflow + NOTE: https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 + NOTE: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d +CVE-2022-37431 (A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS ...) + NOT-FOR-US: dotCMS +CVE-2022-37430 (Silverstripe silverstripe/framework through 4.11 allows XSS vulnerabil ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-37429 (Silverstripe silverstripe/framework through 4.11 allows XSS (issue 1 o ...) + NOT-FOR-US: SilverStripe CMS +CVE-2022-37428 (PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when pro ...) + - pdns-recursor 4.7.2-1 + [bullseye] - pdns-recursor (Minor issue) + [buster] - pdns-recursor (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/23/1 + NOTE: https://downloads.powerdns.com/patches/2022-02/ +CVE-2022-37427 + RESERVED +CVE-2022-37426 (Unrestricted Upload of File with Dangerous Type vulnerability in OpenN ...) + - opennebula +CVE-2022-37425 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + - opennebula +CVE-2022-37424 (Files or Directories Accessible to External Parties vulnerability in O ...) + - opennebula +CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x befor ...) + NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher) +CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without authenticat ...) + NOT-FOR-US: Payara +CVE-2022-37421 (Silverstripe silverstripe/cms through 4.11.0 allows XSS.) + NOT-FOR-US: SilverStripe CMS +CVE-2022-37420 + RESERVED +CVE-2022-37419 + RESERVED +CVE-2022-37418 (The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, ...) + NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Nissan, Kia and Hyundai vehicles +CVE-2022-37417 + RESERVED +CVE-2022-37416 (Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory ...) + NOT-FOR-US: Android +CVE-2022-37415 (The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buff ...) + NOT-FOR-US: Uniwill SparkIO.sys driver +CVE-2022-37414 + RESERVED +CVE-2022-37413 + RESERVED +CVE-2022-37401 (Apache OpenOffice supports the storage of passwords for web connection ...) + NOT-FOR-US: Apache OpenOffice +CVE-2022-37400 (Apache OpenOffice supports the storage of passwords for web connection ...) + NOT-FOR-US: Apache OpenOffice +CVE-2022-37399 + RESERVED +CVE-2022-37398 (A stack-based buffer overflow vulnerability was found inside ADM when ...) + NOT-FOR-US: ASUSTOR Data Master (ADM) +CVE-2022-36350 (Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 t ...) + NOT-FOR-US: PukiWiki +CVE-2022-2667 (A vulnerability was found in SourceCodester Loan Management System and ...) + NOT-FOR-US: SourceCodester +CVE-2022-2666 (A vulnerability has been found in SourceCodester Loan Management Syste ...) + NOT-FOR-US: SourceCodester +CVE-2022-2665 (A vulnerability classified as critical was found in SourceCodester Sim ...) + NOT-FOR-US: SourceCodester +CVE-2022-2664 (A vulnerability classified as critical has been found in Private Cloud ...) + NOT-FOR-US: Private Cloud Management Platform +CVE-2020-36591 + RESERVED +CVE-2020-36590 + RESERVED +CVE-2020-36589 + RESERVED +CVE-2020-36588 + RESERVED +CVE-2020-36587 + RESERVED +CVE-2020-36586 + RESERVED +CVE-2020-36585 + RESERVED +CVE-2020-36584 + RESERVED +CVE-2020-36583 + RESERVED +CVE-2020-36582 + RESERVED +CVE-2020-36581 + RESERVED +CVE-2020-36580 + RESERVED +CVE-2020-36579 + RESERVED +CVE-2020-36578 + RESERVED +CVE-2020-36577 + RESERVED +CVE-2020-36576 + RESERVED +CVE-2020-36575 + RESERVED +CVE-2020-36574 + RESERVED +CVE-2020-36573 + RESERVED +CVE-2020-36572 + RESERVED +CVE-2020-36571 + RESERVED +CVE-2020-36570 + RESERVED +CVE-2022-2663 (An issue was found in the Linux kernel in nf_conntrack_irc where the m ...) + {DSA-5257-1 DLA-3173-1 DLA-3131-1} + - linux 6.0.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/30/1 +CVE-2022-2662 (Sequi PortBloque S has a improper authentication issues which may allo ...) + NOT-FOR-US: Sequi PortBloque S +CVE-2022-2661 (Sequi PortBloque S has an improper authorization vulnerability, which ...) + NOT-FOR-US: Sequi PortBloque S +CVE-2022-2660 (Delta Industrial Automation DIALink versions 1.4.0.0 and prior arevuln ...) + NOT-FOR-US: Delta Industrial Automation +CVE-2022-2659 + RESERVED +CVE-2022-2658 (The WP Spell Check WordPress plugin before 9.13 does not escape ignore ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2657 (The Multivendor Marketplace Solution for WooCommerce WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2656 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Multi Language Hotel Management Software +CVE-2022-2655 (The Classified Listing Pro WordPress plugin before 2.0.20 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2654 (The Classima WordPress theme before 2.1.11 and some of its required pl ...) + NOT-FOR-US: WordPress theme +CVE-2022-2653 (With this vulnerability an attacker can read many sensitive files like ...) + NOT-FOR-US: plankanban/planka +CVE-2022-2652 (Depending on the way the format strings in the card label are crafted ...) + - v4l2loopback 0.12.7-1 (unimportant; bug #1016685) + NOTE: https://huntr.dev/bounties/1b055da5-7a9e-4409-99d7-030280d242d5 + NOTE: https://github.com/umlaeute/v4l2loopback/commit/e4cd225557486c420f6a34411f98c575effd43dd (main) + NOTE: https://github.com/umlaeute/v4l2loopback/commit/64a216af4c09c9ba9326057d7e78994271827eff (v0.12.6) + NOTE: Negligible security impact +CVE-2022-2651 (Authentication Bypass by Primary Weakness in GitHub repository bookwyr ...) + NOT-FOR-US: BookWyrm +CVE-2022-2650 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: wger +CVE-2022-2649 + RESERVED +CVE-2022-2648 (A vulnerability was found in SourceCodester Multi Language Hotel Manag ...) + NOT-FOR-US: SourceCodester Multi Language Hotel Management Software +CVE-2022-2647 (A vulnerability was found in jeecg-boot. It has been declared as criti ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-37397 (An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based ...) + NOT-FOR-US: YugabyteDB +CVE-2022-37345 (Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kit ...) + NOT-FOR-US: Intel +CVE-2022-37334 (Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro ...) + NOT-FOR-US: Intel +CVE-2022-37327 (Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) ...) + NOT-FOR-US: Intel +CVE-2022-36789 (Improper access control in BIOS firmware for some Intel(R) NUC 10 Perf ...) + NOT-FOR-US: Intel +CVE-2022-36391 (Incorrect default permissions for the Intel(R) NUC Pro Software Suite ...) + NOT-FOR-US: Intel +CVE-2022-36339 (Improper input validation in firmware for Intel(R) NUC 8 Compute Eleme ...) + NOT-FOR-US: Intel +CVE-2022-35400 + RESERVED +CVE-2022-35276 (Improper access control in BIOS firmware for some Intel(R) NUC 8 Compu ...) + NOT-FOR-US: Intel +CVE-2022-34152 (Improper input validation in BIOS firmware for some Intel(R) NUC Board ...) + NOT-FOR-US: Intel +CVE-2022-32766 (Improper input validation for some Intel(R) BIOS firmware may allow a ...) + NOT-FOR-US: Intel +CVE-2022-2646 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Online Admission System +CVE-2022-2645 (A vulnerability has been found in SourceCodester Garage Management Sys ...) + NOT-FOR-US: SourceCodester Garage Management System +CVE-2022-2644 (A vulnerability was found in SourceCodester Online Admission System an ...) + NOT-FOR-US: SourceCodester Online Admission System +CVE-2022-2643 (A vulnerability has been found in SourceCodester Online Admission Syst ...) + NOT-FOR-US: SourceCodester Online Admission System +CVE-2022-2642 (Horner Automation\u2019s RCC 972 firmware version 15.40 contains globa ...) + NOT-FOR-US: Horner Automation +CVE-2022-2641 (Horner Automation\u2019s RCC 972 with firmware version 15.40 has a sta ...) + NOT-FOR-US: Horner Automation +CVE-2022-2640 (The Config-files of Horner Automation\u2019s RCC 972 with firmware ver ...) + NOT-FOR-US: Horner Automation +CVE-2022-37396 (In JetBrains Rider before 2022.2 Trust and Open Project dialog could b ...) + NOT-FOR-US: JetBrains +CVE-2022-37395 (A Huawei device has an input verification vulnerability. Successful ex ...) + NOT-FOR-US: Huawei +CVE-2022-37394 (An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 2 ...) + - nova 2:26.0.0~rc1-3 (bug #1016980) + [bullseye] - nova (Minor issue) + [buster] - nova (Minor issue) + NOTE: https://bugs.launchpad.net/ossa/+bug/1981813 + NOTE: https://review.opendev.org/c/openstack/nova/+/849985 + NOTE: https://review.opendev.org/c/openstack/nova/+/850003 +CVE-2022-2639 (An integer coercion error was found in the openvswitch kernel module. ...) + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/cefa91b2332d7009bc0be5d951d6cbbf349f90f8 (5.18-rc4) +CVE-2022-2638 (The Export All URLs WordPress plugin before 4.4 does not validate the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2637 (Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storag ...) + NOT-FOR-US: Hitachi +CVE-2022-2636 (Improper Control of Generation of Code ('Code Injection') in GitHub re ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-2635 (The Autoptimize WordPress plugin before 3.1.1 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37393 (Zimbra's sudo configuration permits the zimbra user to execute the zms ...) + NOT-FOR-US: Zimbra +CVE-2022-2634 (An attacker may be able to execute malicious actions due to the lack o ...) + NOT-FOR-US: Digi ConnectPort X2D +CVE-2022-37392 (Improper Check for Unusual or Exceptional Conditions vulnerability in ...) + {DSA-5311-1 DLA-3385-1} + - trafficserver 9.1.4+ds-1 + NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 + NOTE: https://github.com/apache/trafficserver/commit/3b9cbf873a77bb7f9297f2b16496a290e0cf7de1 (master) + NOTE: https://github.com/apache/trafficserver/commit/0ba19c72b70a25e3dfbbc3f507427314ba2afd80 (v9.1.x) +CVE-2022-37391 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37390 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37389 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37388 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37387 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37386 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37385 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37384 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37383 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37382 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37381 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37380 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37379 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37378 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37377 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37376 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-37375 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37374 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37373 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37372 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37371 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37370 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37369 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37368 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37367 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37366 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37365 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37364 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37363 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37362 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37361 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37360 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37359 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37358 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37357 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37356 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37355 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37354 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37353 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37352 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37351 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37350 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-37349 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: PDF-XChange Editor +CVE-2022-2633 (The All-in-One Video Gallery plugin for WordPress is vulnerable to arb ...) + NOT-FOR-US: All-in-One Video Gallery plugin for WordPress +CVE-2022-2632 + RESERVED +CVE-2022-2631 (Improper Access Control in GitHub repository tooljet/tooljet prior to ...) + NOT-FOR-US: ToolJet +CVE-2022-2630 (An improper access control issue in GitLab CE/EE affecting all version ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2629 (The Top Bar WordPress plugin before 3.0.4 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2628 (The DSGVO All in one for WP WordPress plugin before 4.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2627 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...) + NOT-FOR-US: WordPress theme +CVE-2022-2626 (Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-37348 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) + NOT-FOR-US: Trend Micro +CVE-2022-37347 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) + NOT-FOR-US: Trend Micro +CVE-2022-37341 + RESERVED +CVE-2022-37340 (Uncontrolled search path in some Intel(R) QAT drivers for Windows befo ...) + NOT-FOR-US: Intel +CVE-2022-37326 (Docker Desktop for Windows before 4.6.0 allows attackers to delete (or ...) + NOT-FOR-US: Docker Desktop +CVE-2022-37325 (In Sangoma Asterisk through 16.28.0, 17.x and 18.x through 18.14.0, an ...) + {DSA-5358-1 DLA-3335-1} + - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-30103 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-007.html +CVE-2022-37324 + RESERVED +CVE-2022-37323 + RESERVED +CVE-2022-37322 + RESERVED +CVE-2022-37321 + RESERVED +CVE-2022-37320 + RESERVED +CVE-2022-37319 + RESERVED +CVE-2022-37318 (Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflect ...) + NOT-FOR-US: Archer +CVE-2022-37317 (Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerabi ...) + NOT-FOR-US: Archer +CVE-2022-37316 (Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API ...) + NOT-FOR-US: Archer +CVE-2022-37315 (graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion i ...) + NOT-FOR-US: graphql-go +CVE-2022-37314 + RESERVED +CVE-2022-37313 (OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protecti ...) + NOT-FOR-US: OX App Suite +CVE-2022-37312 (OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via ...) + NOT-FOR-US: OX App Suite +CVE-2022-37311 (OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via ...) + NOT-FOR-US: OX App Suite +CVE-2022-37310 (OX App Suite through 7.10.6 allows XSS via a malicious capability to t ...) + NOT-FOR-US: OX App Suite +CVE-2022-37309 (OX App Suite through 7.10.6 allows XSS via script code within a contac ...) + NOT-FOR-US: OX App Suite +CVE-2022-37308 (OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail m ...) + NOT-FOR-US: OX App Suite +CVE-2022-37307 (OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, ...) + NOT-FOR-US: OX App Suite +CVE-2022-37306 (OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.) + NOT-FOR-US: OX App Suite +CVE-2022-37305 (The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicle ...) + NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Honda vehicles +CVE-2022-36426 + RESERVED +CVE-2022-36397 (Incorrect default permissions in the software installer for some Intel ...) + NOT-FOR-US: Intel +CVE-2022-36369 (Improper access control in some QATzip software maintained by Intel(R) ...) + NOT-FOR-US: Intel +CVE-2022-36353 + RESERVED +CVE-2022-36348 (Active debug code in some Intel (R) SPS firmware before version SPS_E5 ...) + NOT-FOR-US: Intel +CVE-2022-36291 + RESERVED +CVE-2022-36281 + RESERVED +CVE-2022-33940 + RESERVED +CVE-2022-2625 (A vulnerability was found in PostgreSQL. This attack requires permissi ...) + {DLA-3072-1} + - postgresql-14 14.5-1 + - postgresql-13 + [bullseye] - postgresql-13 13.8-0+deb11u1 + - postgresql-11 + NOTE: https://www.postgresql.org/support/security/CVE-2022-2625/ +CVE-2022-2624 (Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 al ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2623 (Use after free in Offline in Google Chrome on Android prior to 104.0.5 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2622 (Insufficient validation of untrusted input in Safe Browsing in Google ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2621 (Use after free in Extensions in Google Chrome prior to 104.0.5112.79 a ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2620 (Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2619 (Insufficient validation of untrusted input in Settings in Google Chrom ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2618 (Insufficient validation of untrusted input in Internals in Google Chro ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2617 (Use after free in Extensions API in Google Chrome prior to 104.0.5112. ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2616 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2615 (Insufficient policy enforcement in Cookies in Google Chrome prior to 1 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2614 (Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2613 (Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2612 (Side-channel information leakage in Keyboard input in Google Chrome pr ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2611 (Inappropriate implementation in Fullscreen API in Google Chrome on And ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2610 (Insufficient policy enforcement in Background Fetch in Google Chrome p ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2609 (Use after free in Nearby Share in Google Chrome on Chrome OS prior to ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2608 (Use after free in Overview Mode in Google Chrome on Chrome OS prior to ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2607 (Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2606 (Use after free in Managed devices API in Google Chrome prior to 104.0. ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2605 (Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 all ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2604 (Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.7 ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2603 (Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allo ...) + {DSA-5201-1} + - chromium 104.0.5112.79-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2602 [io_uring/af_unix: defer registered files gc to io_uring release] + RESERVED + {DSA-5257-1 DLA-3173-1} + - linux 6.0.3-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0091bfc81741b8d3aeb3b7ab8636f911b2de6e80 + NOTE: https://www.openwall.com/lists/oss-security/2022/10/18/4 + NOTE: https://blog.hacktivesecurity.com/index.php/2022/12/21/cve-2022-2602-dirtycred-file-exploitation-applied-on-an-io_uring-uaf/ +CVE-2021-46831 + RESERVED +CVE-2022-37304 + REJECTED +CVE-2022-37303 + REJECTED +CVE-2022-37302 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: EcoStruxure Control Expert +CVE-2022-37301 (A CWE-191: Integer Underflow (Wrap or Wraparound) vulnerability exists ...) + NOT-FOR-US: Modicon +CVE-2022-37300 (A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vul ...) + NOT-FOR-US: EcoStruxure Control Expert, EcoStruxure Process Expert, and Modicon Controllers M580 and M340 +CVE-2022-2601 (A buffer overflow was found in grub_font_construct_glyph(). A maliciou ...) + {DSA-5280-1 DLA-3190-2 DLA-3190-1} + - grub2 2.06-5 + NOTE: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html +CVE-2022-2600 (The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set re ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2599 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2598 (Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0 ...) + {DLA-3182-1} + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/2f08363a-47a2-422d-a7de-ce96a89ad08e/ + NOTE: https://github.com/vim/vim/commit/4e677b9c40ccbc5f090971b31dc2fe07bf05541d (v9.0.0101) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2597 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2596 (Inefficient Regular Expression Complexity in GitHub repository node-fe ...) + - node-fetch (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/a7e6a136-0a4b-46c4-ad20-802f1dd60bf7/ + NOTE: Introduced in: https://github.com/node-fetch/node-fetch/commit/2d80b0bb3fb746ff77cfe604f21ef9e47352ece0 (v3.1.0) + NOTE: https://github.com/node-fetch/node-fetch/commit/28802387292baee467e042e168d92597b5bbbe3d (v3.2.10) +CVE-2022-2595 (Improper Authorization in GitHub repository kromitgmbh/titra prior to ...) + NOT-FOR-US: Titra +CVE-2022-2594 (The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Cu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2593 (The Better Search Replace WordPress plugin before 1.4.1 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37299 (An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal ...) + NOT-FOR-US: Shirne CMS +CVE-2022-37298 (Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnera ...) + NOT-FOR-US: Shinken Solutions Shinken Monitoring +CVE-2022-37297 + RESERVED +CVE-2022-37296 + RESERVED +CVE-2022-37295 + RESERVED +CVE-2022-37294 + RESERVED +CVE-2022-37293 + RESERVED +CVE-2022-37292 (Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This over ...) + NOT-FOR-US: Tenda +CVE-2022-37291 + RESERVED +CVE-2022-37290 (GNOME Nautilus 42.2 allows a NULL pointer dereference and get_basename ...) + - nautilus 43.2-1 (unimportant) + NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/issues/2376 + NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/merge_requests/1001 + NOTE: https://gitlab.gnome.org/GNOME/nautilus/-/commit/75992c6797094413a546c5b4867b13450b2a1959 (43.2) + NOTE: Crash in GUI tool, no security impact +CVE-2022-37289 + RESERVED +CVE-2022-37288 + RESERVED +CVE-2022-37287 + RESERVED +CVE-2022-37286 + RESERVED +CVE-2022-37285 + RESERVED +CVE-2022-37284 + RESERVED +CVE-2022-37283 + RESERVED +CVE-2022-37282 + RESERVED +CVE-2022-37281 + RESERVED +CVE-2022-37280 + RESERVED +CVE-2022-37279 + RESERVED +CVE-2022-37278 + RESERVED +CVE-2022-37277 + RESERVED +CVE-2022-37276 + RESERVED +CVE-2022-37275 + RESERVED +CVE-2022-37274 + RESERVED +CVE-2022-37273 + RESERVED +CVE-2022-37272 + RESERVED +CVE-2022-37271 + RESERVED +CVE-2022-37270 + RESERVED +CVE-2022-37269 + RESERVED +CVE-2022-37268 + RESERVED +CVE-2022-37267 + RESERVED +CVE-2022-37266 (Prototype pollution vulnerability in function extend in babel.js in st ...) + NOT-FOR-US: stealjs +CVE-2022-37265 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the alias ...) + NOT-FOR-US: stealjs +CVE-2022-37264 (Prototype pollution vulnerability in stealjs steal 2.2.4 via the optio ...) + NOT-FOR-US: stealjs +CVE-2022-37263 + RESERVED +CVE-2022-37262 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) + NOT-FOR-US: stealjs +CVE-2022-37261 + RESERVED +CVE-2022-37260 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) + NOT-FOR-US: stealjs +CVE-2022-37259 (A Regular Expression Denial of Service (ReDoS) flaw was found in steal ...) + NOT-FOR-US: stealjs +CVE-2022-37258 (Prototype pollution vulnerability in function convertLater in npm-conv ...) + NOT-FOR-US: stealjs +CVE-2022-37257 (Prototype pollution vulnerability in function convertLater in npm-conv ...) + NOT-FOR-US: stealjs +CVE-2022-37256 + RESERVED +CVE-2022-37255 (TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed vi ...) + NOT-FOR-US: TP-Link +CVE-2022-37254 (DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Backg ...) + NOT-FOR-US: DolphinPHP +CVE-2022-37253 (Persistent cross-site scripting (XSS) in Crime Reporting System 1.0 al ...) + NOT-FOR-US: Crime Reporting System +CVE-2022-37252 + RESERVED +CVE-2022-37251 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Draf ...) + NOT-FOR-US: Craft CMS +CVE-2022-37250 (Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /a ...) + NOT-FOR-US: Craft CMS +CVE-2022-37249 + RESERVED +CVE-2022-37248 (Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/ ...) + NOT-FOR-US: Craft CMS +CVE-2022-37247 (Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) ...) + NOT-FOR-US: Craft CMS +CVE-2022-37246 (Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the fil ...) + NOT-FOR-US: Craft CMS +CVE-2022-37245 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37244 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37243 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37242 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulne ...) + NOT-FOR-US: MDaemon +CVE-2022-37241 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37240 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37239 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37238 (MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulner ...) + NOT-FOR-US: MDaemon +CVE-2022-37237 (An attacker can send malicious RTMP requests to make the ZLMediaKit se ...) + NOT-FOR-US: ZLMediaKit +CVE-2022-37236 + RESERVED +CVE-2022-37235 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) + NOT-FOR-US: Netgear +CVE-2022-37234 (Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1. ...) + NOT-FOR-US: Netgear +CVE-2022-37233 + RESERVED +CVE-2022-37232 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buff ...) + NOT-FOR-US: Netgear +CVE-2022-37231 + RESERVED +CVE-2022-37230 + RESERVED +CVE-2022-37229 + RESERVED +CVE-2022-37228 + RESERVED +CVE-2022-37227 + RESERVED +CVE-2022-37226 + RESERVED +CVE-2022-37225 + RESERVED +CVE-2022-37224 + RESERVED +CVE-2022-37223 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37222 + RESERVED +CVE-2022-37221 + RESERVED +CVE-2022-37220 + RESERVED +CVE-2022-37219 + RESERVED +CVE-2022-37218 + RESERVED +CVE-2022-37217 + RESERVED +CVE-2022-37216 + RESERVED +CVE-2022-37215 + RESERVED +CVE-2022-37214 + RESERVED +CVE-2022-37213 + RESERVED +CVE-2022-37212 + RESERVED +CVE-2022-37211 + RESERVED +CVE-2022-37210 + RESERVED +CVE-2022-37209 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37208 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37207 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37206 + RESERVED +CVE-2022-37205 (JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do no ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37204 (Final CMS 5.1.0 is vulnerable to SQL Injection.) + NOT-FOR-US: JFinal CMS +CVE-2022-37203 (JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do n ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37202 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/advicefeedb ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37201 (JFinal CMS 5.1.0 is vulnerable to SQL Injection.) + NOT-FOR-US: JFinal CMS +CVE-2022-37200 + RESERVED +CVE-2022-37199 (JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system ...) + NOT-FOR-US: JFinal CMS +CVE-2022-37198 + RESERVED +CVE-2022-37197 (IOBit IOTransfer V4 is vulnerable to Unquoted Service Path.) + NOT-FOR-US: IOBit +CVE-2022-37196 + RESERVED +CVE-2022-37195 + RESERVED +CVE-2022-37194 + RESERVED +CVE-2022-37193 (Chipolo ONE Bluetooth tracker (2020) Chipolo iOS app version 4.13.0 is ...) + NOT-FOR-US: Chipolo +CVE-2022-37192 + RESERVED +CVE-2022-37191 (The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to ...) + NOT-FOR-US: CuppaCMS +CVE-2022-37190 (CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenti ...) + NOT-FOR-US: CuppaCMS +CVE-2022-37189 (DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), l ...) + NOT-FOR-US: DDMAL MEI2Volpiano +CVE-2022-37188 + RESERVED +CVE-2022-37187 + RESERVED +CVE-2022-37186 (In LemonLDAP::NG before 2.0.15. some sessions are not deleted when the ...) + {DLA-3287-1} + - lemonldap-ng 2.0.15+ds-1 + [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15) +CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...) + NOT-FOR-US: EMS system of the Office of the Thai Basic Education Commission +CVE-2022-37184 (The application manage_website.php on Garage Management System 1.0 is ...) + NOT-FOR-US: Garage Management System +CVE-2022-37183 (Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/ ...) + - piwigo +CVE-2022-37182 + RESERVED +CVE-2022-37181 (72crm 9.0 has an Arbitrary file upload vulnerability.) + NOT-FOR-US: 72crm +CVE-2022-37180 + RESERVED +CVE-2022-37179 + RESERVED +CVE-2022-37178 (An issue was discovered in 72crm 9.0. There is a SQL Injection vulnera ...) + NOT-FOR-US: 72crm +CVE-2022-37177 (HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cry ...) + NOT-FOR-US: HireVue Hiring Platform +CVE-2022-37176 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vul ...) + NOT-FOR-US: Tenda +CVE-2022-37175 (Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflo ...) + NOT-FOR-US: Tenda +CVE-2022-37174 + RESERVED +CVE-2022-37173 (An issue in the installer of gvim 9.0.0000 allows authenticated attack ...) + NOT-FOR-US: gvim Windows installer +CVE-2022-37172 (Incorrect access control in the install directory (C:\msys64) of Msys2 ...) + NOT-FOR-US: Msys2 +CVE-2022-37171 + RESERVED +CVE-2022-37170 + RESERVED +CVE-2022-37169 + RESERVED +CVE-2022-37168 + RESERVED +CVE-2022-37167 + RESERVED +CVE-2022-37166 + RESERVED +CVE-2022-37165 + RESERVED +CVE-2022-37164 (Inoda OnTrack v3.4 employs a weak password policy which allows attacke ...) + NOT-FOR-US: Inoda OnTrack +CVE-2022-37163 (Bminusl IHateToBudget v1.5.7 employs a weak password policy which allo ...) + NOT-FOR-US: Bminusl IHateToBudget +CVE-2022-37162 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Claroline +CVE-2022-37161 (Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Claroline +CVE-2022-37160 (Claroline 13.5.7 and prior allows an authenticated attacker to elevate ...) + NOT-FOR-US: Claroline +CVE-2022-37159 (Claroline 13.5.7 and prior is vulnerable to Remote code execution via ...) + NOT-FOR-US: Claroline +CVE-2022-37158 (RuoYi v3.8.3 has a Weak password vulnerability in the management syste ...) + NOT-FOR-US: RuoYi +CVE-2022-37157 + RESERVED +CVE-2022-37156 + RESERVED +CVE-2022-37155 (RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to ...) + {DSA-5190-1} + - spip 4.1.5+dfsg-1 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html + NOTE: https://spawnzii.github.io/posts/2022/07/how-we-have-pwned-root-me-in-2022/ +CVE-2022-37154 + RESERVED +CVE-2022-37153 (An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vu ...) + NOT-FOR-US: Artica Proxy +CVE-2022-37152 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-37151 (There is an unauthorized access vulnerability in Online Diagnostic Lab ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-37150 (An issue was discovered in Online Diagnostic Lab Management System 1.0 ...) + NOT-FOR-US: Online Diagnostic Lab Management System +CVE-2022-37149 (WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...) + NOT-FOR-US: WAVLINK +CVE-2022-37148 + RESERVED +CVE-2022-37147 + RESERVED +CVE-2022-37146 (The PlexTrac platform prior to version 1.28.0 allows for username enum ...) + NOT-FOR-US: PlexTrac +CVE-2022-37145 (The PlexTrac platform prior to version 1.17.0 does not restrict excess ...) + NOT-FOR-US: PlexTrac +CVE-2022-37144 (The PlexTrac platform prior to API version 1.17.0 does not restrict ex ...) + NOT-FOR-US: PlexTrac +CVE-2022-37143 + RESERVED +CVE-2022-37142 + RESERVED +CVE-2022-37141 + RESERVED +CVE-2022-37140 (PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). ...) + NOT-FOR-US: PayMoney +CVE-2022-37139 (Loan Management System version 1.0 suffers from a persistent cross sit ...) + NOT-FOR-US: Loan Management System +CVE-2022-37138 (Loan Management System 1.0 is vulnerable to SQL Injection at the login ...) + NOT-FOR-US: Loan Management System +CVE-2022-37137 (PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during ...) + NOT-FOR-US: PayMoney +CVE-2022-37136 + RESERVED +CVE-2022-37135 + RESERVED +CVE-2022-37134 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via ...) + NOT-FOR-US: D-Link +CVE-2022-37133 (D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentica ...) + NOT-FOR-US: D-Link +CVE-2022-37132 + RESERVED +CVE-2022-37131 + RESERVED +CVE-2022-37130 (In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a comma ...) + NOT-FOR-US: D-Link +CVE-2022-37129 (D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection vi ...) + NOT-FOR-US: D-Link +CVE-2022-37128 (In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized wit ...) + NOT-FOR-US: D-Link +CVE-2022-37127 + RESERVED +CVE-2022-37126 + RESERVED +CVE-2022-37125 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...) + NOT-FOR-US: D-Link +CVE-2022-37124 + RESERVED +CVE-2022-37123 (D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection vi ...) + NOT-FOR-US: D-Link +CVE-2022-37122 (Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, App ...) + NOT-FOR-US: Carel pCOWeb HVAC BACnet Gateway +CVE-2022-37121 + RESERVED +CVE-2022-37120 + RESERVED +CVE-2022-37119 + RESERVED +CVE-2022-37118 + RESERVED +CVE-2022-37117 + RESERVED +CVE-2022-37116 + RESERVED +CVE-2022-37115 + RESERVED +CVE-2022-37114 + RESERVED +CVE-2022-37113 (Bluecms 1.6 has SQL injection in line 132 of admin/area.php) + NOT-FOR-US: Bluecms +CVE-2022-37112 (BlueCMS 1.6 has SQL injection in line 55 of admin/model.php) + NOT-FOR-US: Bluecms +CVE-2022-37111 (BlueCMS 1.6 has SQL injection in line 132 of admin/article.php) + NOT-FOR-US: Bluecms +CVE-2022-37110 + RESERVED +CVE-2022-37109 (patrickfuller camp up to and including commit bbd53a256ed70e79bd875808 ...) + NOT-FOR-US: patrickfuller camp +CVE-2022-37108 (An injection vulnerability in the syslog-ng configuration wizard in Se ...) + NOT-FOR-US: Securonix Snypr +CVE-2022-37107 + RESERVED +CVE-2022-37106 + RESERVED +CVE-2022-37105 + RESERVED +CVE-2022-37104 + RESERVED +CVE-2022-37103 + RESERVED +CVE-2022-37102 + RESERVED +CVE-2022-37101 + RESERVED +CVE-2022-37100 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37099 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37098 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37097 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37096 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37095 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37094 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37093 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37092 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37091 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37090 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37089 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37088 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37087 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37086 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37085 (H3C H200 H200V100R004 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: H3C +CVE-2022-37084 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37083 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37082 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37081 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37080 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37079 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37078 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37077 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37076 (TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37075 (TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-37074 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37073 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37072 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37071 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37070 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command in ...) + NOT-FOR-US: H3C +CVE-2022-37069 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37068 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37067 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37066 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-37065 + RESERVED +CVE-2022-37064 + RESERVED +CVE-2022-37063 (All FLIR AX8 thermal sensor cameras versions up to and including 1.46. ...) + NOT-FOR-US: FLIR AX8 +CVE-2022-37062 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...) + NOT-FOR-US: FLIR AX8 +CVE-2022-37061 (All FLIR AX8 thermal sensor cameras version up to and including 1.46.1 ...) + NOT-FOR-US: FLIR AX8 +CVE-2022-37060 (FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is ...) + NOT-FOR-US: FLIR AX8 +CVE-2022-37059 (Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows ...) + NOT-FOR-US: Subrion CMS +CVE-2022-37058 + RESERVED +CVE-2022-37057 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) + NOT-FOR-US: D-Link +CVE-2022-37056 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) + NOT-FOR-US: D-Link +CVE-2022-37055 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b ...) + NOT-FOR-US: D-Link +CVE-2022-37054 + RESERVED +CVE-2022-37053 (TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htd ...) + NOT-FOR-US: Trendnet +CVE-2022-37052 (A reachable Object::getString assertion in Poppler 22.07.0 allows atta ...) + - poppler 22.08.0-2 + [bullseye] - poppler (Minor issue) + [buster] - poppler (Minor issue) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278 + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c (poppler-22.08.0) +CVE-2022-37051 (An issue was discovered in Poppler 22.07.0. There is a reachable abort ...) + {DLA-3620-1} + - poppler 22.08.0-2 + [bullseye] - poppler (Minor issue) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b (poppler-22.08.0) +CVE-2022-37050 (In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers t ...) + {DLA-3620-1} + - poppler 22.08.0-2 + [bullseye] - poppler (Minor issue) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 (poppler-22.08.0) +CVE-2022-37049 (The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/736 + NOTE: https://github.com/appneta/tcpreplay/issues/718 + NOTE: Crash in CLI tool, no security impact +CVE-2022-37048 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/735 + NOTE: Crash in CLI tool, no security impact +CVE-2022-37047 (The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/734 + NOTE: Crash in CLI tool, no security impact +CVE-2022-37046 + RESERVED +CVE-2022-37045 + RESERVED +CVE-2022-37044 (In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?actio ...) + NOT-FOR-US: Zimbra +CVE-2022-37043 (An issue was discovered in the webmail component in Zimbra Collaborati ...) + NOT-FOR-US: Zimbra +CVE-2022-37042 (Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functio ...) + NOT-FOR-US: Zimbra +CVE-2022-37041 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) + NOT-FOR-US: Zimbra +CVE-2022-2592 (A lack of length validation in Snippet descriptions in GitLab CE/EE af ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2591 (A vulnerability classified as critical has been found in TEM FLEX-1085 ...) + NOT-FOR-US: TEM +CVE-2022-37040 + RESERVED +CVE-2022-37039 + RESERVED +CVE-2022-37038 + RESERVED +CVE-2022-2590 (A race condition was found in the way the Linux kernel's memory subsys ...) + - linux 5.18.16-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/linux-mm/20220808073232.8808-1-david@redhat.com/ + NOTE: https://lore.kernel.org/all/b314c287-5fc2-9f61-53f6-33282a2bed92@redhat.com/ + NOTE: https://www.openwall.com/lists/oss-security/2022/08/08/1 +CVE-2022-2589 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) + - fava 1.23.1-1 (bug #1016971) + [bullseye] - fava (Minor issue) + [buster] - fava (Minor issue) + NOTE: https://huntr.dev/bounties/8705800d-cf2f-433d-9c3e-dbef6a3f7e08/ + NOTE: https://github.com/beancount/fava/commit/68bbb6e39319deb35ab9f18d0b6aa9fa70472539 (v1.22.3) +CVE-2022-37037 + RESERVED +CVE-2022-37036 + RESERVED +CVE-2022-37035 (An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_ ...) + - frr 8.4.1-1 (bug #1016978) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/11698 + NOTE: https://github.com/FRRouting/frr/pull/11926 + NOTE: https://github.com/FRRouting/frr/commit/71ca5b09bc71e8cbe38177cf41e83fe164e52eee +CVE-2022-37034 (In dotCMS 5.x-22.06, it is possible to call the TempResource multiple ...) + NOT-FOR-US: dotCMS +CVE-2022-37033 (In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary f ...) + NOT-FOR-US: dotCMS +CVE-2022-37032 (An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 ma ...) + {DSA-5362-1 DLA-3211-1} + - frr 8.4.1-1 (bug #1021016) + NOTE: Fixed by: https://github.com/FRRouting/frr/commit/ff6db1027f8f36df657ff2e5ea167773752537ed +CVE-2022-37031 + RESERVED +CVE-2022-37030 (Weak permissions on the configuration file in the PAM module in Grommu ...) + NOT-FOR-US: Gromox +CVE-2022-37029 + RESERVED +CVE-2022-37028 (ISAMS 22.2.3.2 is prone to stored Cross-site Scripting (XSS) attack on ...) + NOT-FOR-US: ISAMS +CVE-2022-37027 (Ahsay AhsayCBS 9.1.4.0 allows an authenticated system user to inject a ...) + NOT-FOR-US: Ahsay AhsayCBS +CVE-2022-37026 (In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before ...) + {DLA-3491-1} + - erlang 1:24.3.4.5+dfsg-1 (bug #1024632) + [bullseye] - erlang 1:23.2.6+dfsg-1+deb11u1 + NOTE: https://erlangforums.com/t/otp-25-1-released/1854 + NOTE: Fixed by: https://github.com/erlang/otp/commit/cd5024867e7b7d3a6e94194af9e01e1fb77e36c9 (OTP-23.3.4.15) + NOTE: Followup: https://github.com/erlang/otp/commit/6a1baa36e4e6c1b682e8b48e0c141602e0b8e6e5 (OTP-23.3.4.17) + NOTE: Fixed by: https://github.com/erlang/otp/commit/254f2728902bc7e80a67726ebbc1a0b3ab7742eb (OTP-24.3.4.2) + NOTE: Followup: https://github.com/erlang/otp/commit/33e7570e075e0b84efef91b2f307fcf938517b1c (OTP-24.3.4.3) +CVE-2022-37025 (An improper privilege management vulnerability in McAfee Security Scan ...) + NOT-FOR-US: McAfee +CVE-2022-37024 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-2588 + RESERVED + {DSA-5207-1 DLA-3131-1 DLA-3102-1} + - linux 5.18.16-1 + NOTE: https://lore.kernel.org/netdev/20220809170518.164662-1-cascardo@canonical.com/T/#u + NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/6 +CVE-2022-2587 (Out of bounds write in Chrome OS Audio Server in Google Chrome on Chro ...) + - chromium (Chrome on Chrome OS) +CVE-2022-2586 + RESERVED + {DSA-5207-1 DLA-3131-1 DLA-3102-1} + - linux 5.18.16-1 + NOTE: https://lore.kernel.org/netfilter-devel/20220809170148.164591-1-cascardo@canonical.com/T/#t + NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/5 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/5 +CVE-2022-2585 + RESERVED + {DSA-5207-1 DLA-3102-1} + - linux 5.18.16-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/lkml/20220809170751.164716-1-cascardo@canonical.com/T/#u + NOTE: https://www.openwall.com/lists/oss-security/2022/08/09/7 +CVE-2022-2584 (The dag-pb codec can panic when decoding invalid blocks.) + NOT-FOR-US: go-codec-dagpb +CVE-2022-2583 (A race condition can cause incorrect HTTP request routing.) + NOT-FOR-US: ntbosscher/gobase +CVE-2022-2582 (The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext along ...) + - golang-github-aws-aws-sdk-go 1.34.22-1 + [buster] - golang-github-aws-aws-sdk-go (Limited support, minor issue, hash leak, invasive, follow bullseye DSAs/point-releases) + NOTE: https://github.com/aws/aws-sdk-go/commit/35fa6ddf45c061e0f08d3a3b5119f8f4da38f6d1 (v1.33.0) +CVE-2021-4239 (The Noise protocol implementation suffers from weakened cryptographic ...) + - golang-github-flynn-noise (Fixed with initial upload to archive) + NOTE: https://github.com/flynn/noise/pull/44 + NOTE: https://pkg.go.dev/vuln/GO-2022-0425 +CVE-2021-4238 (Randomly-generated alphanumeric strings contain significantly less ent ...) + - golang-github-masterminds-goutils (Fixed in initial upload to the archive) + NOTE: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1 + NOTE: https://pkg.go.dev/vuln/GO-2022-0411 +CVE-2021-4237 + RESERVED +CVE-2021-4236 (Web Sockets do not execute any AuthenticateMethod methods which may be ...) + NOT-FOR-US: ecnepsnai/web +CVE-2021-4235 (Due to unbounded alias chasing, a maliciously crafted YAML file can ca ...) + {DLA-3479-1} + - golang-yaml.v2 2.2.8-1 + NOTE: https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3) + NOTE: https://github.com/go-yaml/yaml/pull/375 + NOTE: https://pkg.go.dev/vuln/GO-2021-0061 +CVE-2020-36569 (Authentication is globally bypassed in github.com/nanobox-io/golang-na ...) + NOT-FOR-US: golang-nanoauth +CVE-2020-36568 (Unsanitized input in the query parser in github.com/revel/revel before ...) + - golang-github-revel-revel 1.0.0-1 + [buster] - golang-github-revel-revel (Limited support, minor issue, DoS) + NOTE: https://github.com/revel/revel/pull/1427 + NOTE: https://github.com/revel/revel/commit/d160ecb72207824005b19778594cbdc272e8a605 (v1.0.0) + NOTE: https://github.com/revel/revel/issues/1424 + NOTE: https://pkg.go.dev/vuln/GO-2020-0003 +CVE-2020-36567 (Unsanitized input in the default logger in github.com/gin-gonic/gin be ...) + - golang-github-gin-gonic-gin 1.6.3-1 + [buster] - golang-github-gin-gonic-gin (Limited support, minor issue) + NOTE: https://github.com/gin-gonic/gin/pull/2237 + NOTE: https://github.com/gin-gonic/gin/commit/a71af9c144f9579f6dbe945341c1df37aaf09c0d (v1.6.0) +CVE-2020-36566 (Due to improper path sanitization, archives containing relative file p ...) + NOT-FOR-US: Go whyrusleeping/tar-utils +CVE-2020-36565 (Due to improper sanitization of user input on Windows, the static file ...) + - golang-github-labstack-echo (Windows-specific) + - golang-github-labstack-echo.v2 (Windows-specific) + - golang-github-labstack-echo.v3 (Windows-specific) + NOTE: https://github.com/labstack/echo/pull/1718 + NOTE: https://github.com/labstack/echo/commit/4422e3b66b9fd498ed1ae1d0242d660d0ed3faaa + NOTE: https://pkg.go.dev/vuln/GO-2021-0051 +CVE-2020-36564 (Due to improper validation of caller input, validation is silently dis ...) + NOT-FOR-US: nosurf +CVE-2020-36563 (XML Digital Signatures generated and validated using this package use ...) + NOT-FOR-US: go-saml +CVE-2019-25075 (HTML injection combined with path traversal in the Email service in Gr ...) + NOT-FOR-US: Gravitee API Management +CVE-2019-25074 + RESERVED +CVE-2019-25073 (Improper path sanitization in github.com/goadesign/goa before v3.0.9, ...) + NOT-FOR-US: github.com/goadesign/goa +CVE-2016-15005 (CSRF tokens are generated using math/rand, which is not a cryptographi ...) + NOT-FOR-US: github.com/dinever/golf +CVE-2022-37023 (Apache Geode versions prior to 1.15.0 are vulnerable to a deserializat ...) + NOT-FOR-US: Apache Geode +CVE-2022-37022 (Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a dese ...) + NOT-FOR-US: Apache Geode +CVE-2022-37021 (Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable t ...) + NOT-FOR-US: Apache Geode +CVE-2022-2581 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/0bedbae2-82ae-46ae-aa68-1c28b309b60b/ + NOTE: https://github.com/vim/vim/commit/f50940531dd57135fe60aa393ac9d3281f352d88 (v9.0.0105) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2580 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim (Interpolation introduced in 8.2.4930; no released version in Debian affected) + NOTE: https://huntr.dev/bounties/c5f2f1d4-0441-4881-b19c-055acaa16249/ + NOTE: Introduced in: https://github.com/vim/vim/commit/0abc2871c105882ed1c1effb9a7757fad8a395bd (v8.2.4930) + NOTE: Fixed by: https://github.com/vim/vim/commit/1e56bda9048a9625bce6e660938c834c5c15b07d (v9.0.0104) +CVE-2022-2579 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester +CVE-2022-2578 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester +CVE-2022-2577 (A vulnerability classified as critical was found in SourceCodester Gar ...) + NOT-FOR-US: SourceCodester +CVE-2022-2576 (In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS r ...) + NOT-FOR-US: Eclipse Californium +CVE-2022-2575 (The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2574 (The Meks Easy Social Share WordPress plugin before 1.2.8 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2573 + RESERVED +CVE-2020-36562 (Due to unchecked type assertions, maliciously crafted messages can cau ...) + NOT-FOR-US: shiyanhui/dht +CVE-2020-36561 (Due to improper path sanitization, archives containing relative file p ...) + NOT-FOR-US: github.com/yi-ge/unzip +CVE-2020-36560 (Due to improper path sanitization, archives containing relative file p ...) + NOT-FOR-US: github.com/artdarek/unzip +CVE-2020-36559 (Due to improper sanitization of user input, HTTPEngine.Handle allows f ...) + NOT-FOR-US: aah framework +CVE-2019-25072 (Due to support of Gzip compression in request bodies, as well as a lac ...) + - tendermint-go-common + [buster] - tendermint-go-common (Limited support, minor issue, DoS) +CVE-2018-25046 (Due to improper path sanitization, archives containing relative file p ...) + NOT-FOR-US: GO code.cloudfoundry.org/archiver +CVE-2017-20146 (Usage of the CORS handler may apply improper CORS headers, allowing th ...) + - golang-github-gorilla-handlers 1.3.0-1 + NOTE: https://github.com/gorilla/handlers/pull/116 + NOTE: https://github.com/gorilla/handlers/commit/90663712d74cb411cbef281bc1e08c19d1a76145 (v1.3.0) +CVE-2015-10004 (Token validation methods are susceptible to a timing side-channel duri ...) + NOT-FOR-US: Go robbert229/jwt +CVE-2014-125026 (LZ4 bindings use a deprecated C API that is vulnerable to memory corru ...) + NOT-FOR-US: golz4 (Golang interface to LZ4) +CVE-2013-10005 (The RemoteAddr and LocalAddr methods on the returned net.Conn may call ...) + NOT-FOR-US: btcsuite +CVE-2022-37020 + RESERVED +CVE-2022-37019 + RESERVED +CVE-2022-37018 (A potential vulnerability has been identified in the system BIOS for c ...) + NOT-FOR-US: HPE +CVE-2022-37017 (Symantec Endpoint Protection (Windows) agent, prior to 14.3 RU6/14.3 R ...) + NOT-FOR-US: Symantec Endpoint Protection (Windows) agent +CVE-2022-37016 (Symantec Endpoint Protection (Windows) agent may be susceptible to a P ...) + NOT-FOR-US: Symantec Endpoint Protection (Windows) agent +CVE-2022-37015 (Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4. ...) + NOT-FOR-US: Symantec Endpoint Detection and Response (SEDR) Appliance +CVE-2022-37014 + RESERVED +CVE-2022-2572 (In affected versions of Octopus Server where access is managed by an e ...) + NOT-FOR-US: Octopus Server +CVE-2022-2571 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0135-1 (unimportant) + [buster] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/2e5a1dc4-2dfb-4e5f-8c70-e1ede21f3571/ + NOTE: https://github.com/vim/vim/commit/a6f9e300161f4cb54713da22f65b261595e8e614 (v9.0.0102) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2570 + REJECTED +CVE-2022-37013 (This vulnerability allows remote attackers to create a denial-of-servi ...) + NOT-FOR-US: Unified Automation +CVE-2022-37012 (This vulnerability allows remote attackers to create a denial-of-servi ...) + NOT-FOR-US: Unified Automation +CVE-2022-37011 (A vulnerability has been identified in Mendix SAML (Mendix 7 compatibl ...) + NOT-FOR-US: Siemens +CVE-2022-37010 (In JetBrains IntelliJ IDEA before 2022.2 email address validation in t ...) + - intellij-idea (bug #747616) +CVE-2022-37009 (In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Va ...) + - intellij-idea (bug #747616) +CVE-2022-2569 (The affected device stores sensitive information in cleartext, which m ...) + NOT-FOR-US: ARC Informatique +CVE-2022-2568 (A privilege escalation flaw was found in the Ansible Automation Platfo ...) + NOT-FOR-US: Red Hat Ansible Automation Platform +CVE-2022-2567 (The Form Builder CP WordPress plugin before 1.2.32 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2566 (A heap out-of-bounds memory write exists in FFMPEG since version 5.1. ...) + - ffmpeg 7:5.1.1-1 + [bullseye] - ffmpeg (Vulnerable code not present) + [buster] - ffmpeg (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2126833 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f53f0d09ea4c9c7f7354f018a87ef840315207d (n5.1.1) + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ab77b878f1205225c6de1370fb0e998dbcc8bc69 (n5.1) + NOTE: https://github.com/google/security-research/security/advisories/GHSA-vhxg-9wfx-7fcj +CVE-2022-2565 (The Simple Payment Donations & Subscriptions WordPress plugin before 4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2564 (Prototype Pollution in GitHub repository automattic/mongoose prior to ...) + NOT-FOR-US: Mongoose +CVE-2022-2563 (The Tutor LMS WordPress plugin before 2.0.10 does not escape some cour ...) + NOT-FOR-US: WordPress plugin +CVE-2022-37008 (The recovery module has a vulnerability of bypassing the verification ...) + NOT-FOR-US: Huawei +CVE-2022-37007 (The chinadrm module has an out-of-bounds read vulnerability. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-37006 (Permission control vulnerability in the network module. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2022-37005 (The Settings application has an argument injection vulnerability. Succ ...) + NOT-FOR-US: Huawei +CVE-2022-37004 (The Settings application has a vulnerability of bypassing the out-of-b ...) + NOT-FOR-US: Huawei +CVE-2022-37003 (The AOD module has a vulnerability in permission assignment. Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-37002 (The SystemUI module has a privilege escalation vulnerability. Successf ...) + NOT-FOR-US: Huawei +CVE-2022-37001 (The diag-router module has a vulnerability in intercepting excessive l ...) + NOT-FOR-US: Huawei +CVE-2022-37000 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36999 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36998 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36997 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36996 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36995 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36994 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36993 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36992 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36991 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36990 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36989 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36988 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36987 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36986 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36985 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36984 (An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, ...) + NOT-FOR-US: Veritas +CVE-2022-36983 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36982 (This vulnerability allows remote attackers to read arbitrary files on ...) + NOT-FOR-US: Ivanti +CVE-2022-36981 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ivanti +CVE-2022-36980 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36979 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36978 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ivanti +CVE-2022-36977 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ivanti +CVE-2022-36976 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36975 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36974 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ivanti +CVE-2022-36973 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36972 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ivanti +CVE-2022-36971 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ivanti +CVE-2022-36970 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: AVEVA +CVE-2022-36969 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: AVEVA +CVE-2022-36968 (In Progress WS_FTP Server prior to version 8.7.3, forms within the adm ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2022-36967 (In Progress WS_FTP Server prior to version 8.7.3, multiple reflected c ...) + NOT-FOR-US: Progress WS_FTP Server +CVE-2022-36966 (Users with Node Management rights were able to view and edit all nodes ...) + NOT-FOR-US: SolarWinds +CVE-2022-36965 (Insufficient sanitization of inputs in QoE application input field cou ...) + NOT-FOR-US: Solarwinds +CVE-2022-36964 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-36963 (The SolarWinds Platform was susceptible to the Command Injection Vulne ...) + NOT-FOR-US: SolarWinds +CVE-2022-36962 (SolarWinds Platform was susceptible to Command Injection. This vulnera ...) + NOT-FOR-US: SolarWinds +CVE-2022-36961 (A vulnerable component of Orion Platform was vulnerable to SQL Injecti ...) + NOT-FOR-US: Solarwinds +CVE-2022-36960 (SolarWinds Platform was susceptible to Improper Input Validation. This ...) + NOT-FOR-US: SolarWinds +CVE-2022-36959 + RESERVED +CVE-2022-36958 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-36957 (SolarWinds Platform was susceptible to the Deserialization of Untruste ...) + NOT-FOR-US: SolarWinds +CVE-2022-36956 (In Veritas NetBackup, the NetBackup Client allows arbitrary command ex ...) + NOT-FOR-US: Veritas +CVE-2022-36955 (In Veritas NetBackup, an attacker with unprivileged local access to a ...) + NOT-FOR-US: Veritas +CVE-2022-36954 (In Veritas NetBackup OpsCenter, under specific conditions, an authenti ...) + NOT-FOR-US: Veritas +CVE-2022-36953 (In Veritas NetBackup OpsCenter, certain endpoints could allow an unaut ...) + NOT-FOR-US: Veritas +CVE-2022-36952 (In Veritas NetBackup OpsCenter, a hard-coded credential exists that co ...) + NOT-FOR-US: Veritas +CVE-2022-36951 (In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may ...) + NOT-FOR-US: Veritas +CVE-2022-36950 (In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may ...) + NOT-FOR-US: Veritas +CVE-2022-36949 (In Veritas NetBackup OpsCenter, an attacker with local access to a Net ...) + NOT-FOR-US: Veritas +CVE-2022-36948 (In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affec ...) + NOT-FOR-US: Veritas +CVE-2022-36947 (Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7 ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2022-36946 (nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel th ...) + {DSA-5207-1 DLA-3131-1 DLA-3102-1} + - linux 5.18.16-1 + NOTE: https://marc.info/?l=netfilter-devel&m=165883202007292&w=2 + NOTE: Fixed by: https://git.kernel.org/linus/99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 +CVE-2022-36945 (The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicle ...) + NOT-FOR-US: Remote Keyless Entry (RKE) receiving unit on Mazda vehicles +CVE-2022-36944 (Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR ...) + - scala (Vulnerable code introduced later) + NOTE: https://github.com/scala/scala/pull/10118 + NOTE: https://github.com/scala/scala/commit/f24c226211eb340c999d810013efbff35a49863f (v2.13.9) +CVE-2022-36797 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...) + NOT-FOR-US: Intel +CVE-2022-36794 (Improper condition check in some Intel(R) SPS firmware before version ...) + NOT-FOR-US: Intel +CVE-2022-36792 + RESERVED +CVE-2022-36421 + RESERVED +CVE-2022-36416 (Protection mechanism failure in the Intel(R) Ethernet 500 Series Contr ...) + NOT-FOR-US: Intel +CVE-2022-36393 + RESERVED +CVE-2022-36366 + RESERVED +CVE-2022-36349 (Insecure default variable initialization in BIOS firmware for some Int ...) + NOT-FOR-US: Intel +CVE-2022-34653 + RESERVED +CVE-2022-33145 + RESERVED +CVE-2022-2562 + RESERVED +CVE-2022-2561 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: QuickOPC +CVE-2022-2560 (This vulnerability allows remote attackers to delete arbitrary files o ...) + NOT-FOR-US: EnterpriseDT CompleteFTP Server +CVE-2022-2559 (The Fluent Support WordPress plugin before 1.5.8 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2558 (The Simple Job Board WordPress plugin before 2.10.0 is susceptible to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2557 (The Team WordPress plugin before 4.1.2 contains a file which could all ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46830 (A path traversal vulnerability exists within GoAnywhere MFT before 6.8 ...) + NOT-FOR-US: GoAnywhere MFT +CVE-2022-36943 (SSZipArchive versions 2.5.3 and older contain an arbitrary file write ...) + NOT-FOR-US: SSZipArchive +CVE-2022-36942 + RESERVED +CVE-2022-36941 + RESERVED +CVE-2022-36940 + RESERVED +CVE-2022-36939 + RESERVED +CVE-2022-36938 (DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b ...) + NOT-FOR-US: ReDex (Android Bytecode Optimizer) +CVE-2022-36937 (HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections ...) + - hhvm +CVE-2022-36936 + RESERVED +CVE-2022-36935 + RESERVED +CVE-2022-36934 (An integer overflow in WhatsApp could result in remote code execution ...) + NOT-FOR-US: WhatsApp +CVE-2022-36933 + RESERVED +CVE-2022-36932 + RESERVED +CVE-2022-36931 + RESERVED +CVE-2022-36930 (Zoom Rooms for Windows installers before version 5.13.0 contain a loca ...) + NOT-FOR-US: Zoom +CVE-2022-36929 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...) + NOT-FOR-US: Zoom +CVE-2022-36928 (Zoom for Android clients before version 5.13.0 contain a path traversa ...) + NOT-FOR-US: Zoom +CVE-2022-36927 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...) + NOT-FOR-US: Zoom +CVE-2022-36926 (Zoom Rooms for macOS clients before version 5.11.3 contain a local pri ...) + NOT-FOR-US: Zoom +CVE-2022-36925 (Zoom Rooms for macOS clients before version 5.11.4 contain an insecure ...) + NOT-FOR-US: Zoom +CVE-2022-36924 (The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local ...) + NOT-FOR-US: Zoom +CVE-2022-36923 (Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-2556 (The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJA ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2555 (The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2554 (The Enable Media Replace WordPress plugin before 4.0.0 does not ensure ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2553 (The authfile directive in the booth config file is ignored, preventing ...) + {DSA-5194-1} + - booth 1.0-268-gdce51f9-1 + NOTE: https://github.com/ClusterLabs/booth/issues/114 +CVE-2022-2552 (The Duplicator WordPress plugin before 1.4.7 does not authenticate or ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2551 (The Duplicator WordPress plugin before 1.4.7 discloses the url of the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2550 (OS Command Injection in GitHub repository hestiacp/hestiacp prior to 1 ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-2549 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1. ...) + - gpac 2.0.0+dfsg1-4 (bug #1016142) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + NOTE: https://huntr.dev/bounties/c93083dc-177c-4ba0-ba83-9d7fb29a5537 + NOTE: https://github.com/gpac/gpac/commit/0102c5d4db7fdbf08b5b591b2a6264de33867a07 +CVE-2022-36922 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not es ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36921 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36920 (A cross-site request forgery (CSRF) vulnerability in Jenkins Coverity ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36919 (A missing permission check in Jenkins Coverity Plugin 1.11.4 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36918 (Jenkins Buckminster Plugin 1.1.1 and earlier does not perform a permis ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36917 (A missing permission check in Jenkins Google Cloud Backup Plugin 0.6 a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36916 (A cross-site request forgery (CSRF) vulnerability in Jenkins Google Cl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36915 (Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a pe ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36914 (Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36913 (Jenkins Openstack Heat Plugin 1.5 and earlier does not perform permiss ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36912 (A missing permission check in Jenkins Openstack Heat Plugin 1.5 and ea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36911 (A cross-site request forgery (CSRF) vulnerability in Jenkins Openstack ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36910 (Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not pe ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36909 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36908 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36907 (A missing permission check in Jenkins OpenShift Deployer Plugin 1.2.0 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36906 (A cross-site request forgery (CSRF) vulnerability in Jenkins OpenShift ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36905 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.2 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36904 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not perform ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36903 (A missing permission check in Jenkins Repository Connector Plugin 2.2. ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36902 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36901 (Jenkins HTTP Request Plugin 1.15 and earlier stores HTTP Request passw ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36900 (Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36899 (Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not re ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36898 (A missing permission check in Jenkins Compuware ISPW Operations Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36897 (A missing permission check in Jenkins Compuware Xpediter Code Coverage ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36896 (A missing permission check in Jenkins Compuware Source Code Download f ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36895 (A missing permission check in Jenkins Compuware Topaz Utilities Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36894 (An arbitrary file write vulnerability in Jenkins CLIF Performance Test ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36893 (Jenkins rpmsign-plugin Plugin 0.5.0 and earlier does not perform a per ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36892 (Jenkins rhnpush-plugin Plugin 0.5.1 and earlier does not perform a per ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36891 (A missing permission check in Jenkins Deployer Framework Plugin 85.v1d ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36890 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36889 (Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does no ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36888 (A missing permission check in Jenkins HashiCorp Vault Plugin 354.vdb_8 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36887 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job Confi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36886 (A cross-site request forgery (CSRF) vulnerability in Jenkins External ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36885 (Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comp ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36884 (The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36883 (A missing permission check in Jenkins Git Plugin 4.11.3 and earlier al ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36882 (A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36881 (Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-36880 (The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows ...) + NOT-FOR-US: Webmin module +CVE-2022-36879 (An issue was discovered in the Linux kernel through 5.18.14. xfrm_expa ...) + {DSA-5207-1 DLA-3131-1 DLA-3102-1} + - linux 5.18.16-1 + NOTE: https://git.kernel.org/linus/f85daf0e725358be78dfd208dea5fd665d8cb901 (v5.19-rc8) +CVE-2022-36878 (Exposure of Sensitive Information in Find My Mobile prior to version 7 ...) + NOT-FOR-US: Samsung +CVE-2022-36877 (Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsun ...) + NOT-FOR-US: Samsung +CVE-2022-36876 (Improper authorization in UPI payment in Samsung Pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-36875 (Improper restriction of broadcasting Intent in SaWebViewRelayActivity ...) + NOT-FOR-US: Samsung +CVE-2022-36874 (Improper Handling of Insufficient Permissions or Privileges vulnerabil ...) + NOT-FOR-US: Samsung +CVE-2022-36873 (Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLi ...) + NOT-FOR-US: Samsung +CVE-2022-36872 (Pending Intent hijacking vulnerability in SpayNotification in Samsung ...) + NOT-FOR-US: Samsung +CVE-2022-36871 (Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung P ...) + NOT-FOR-US: Samsung +CVE-2022-36870 (Pending Intent hijacking vulnerability in MTransferNotificationManager ...) + NOT-FOR-US: Samsung +CVE-2022-36869 (Improper access control vulnerability in ContactsDumpActivity of?Conta ...) + NOT-FOR-US: Samsung +CVE-2022-36868 (Improper restriction of broadcasting Intent in MouseNKeyHidDevice prio ...) + NOT-FOR-US: Samsung +CVE-2022-36867 (Improper access control vulnerability in Editor Lite prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-36866 (Improper access control vulnerability in Broadcaster in Group Sharing ...) + NOT-FOR-US: Samsung +CVE-2022-36865 (Improper access control in Group Sharing prior to versions 13.0.6.15 i ...) + NOT-FOR-US: Samsung +CVE-2022-36864 (Improper access control and intent redirection in Samsung Email prior ...) + NOT-FOR-US: Samsung +CVE-2022-36863 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc f ...) + NOT-FOR-US: Samsung +CVE-2022-36862 (A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct ...) + NOT-FOR-US: Samsung +CVE-2022-36861 (Custom permission misuse vulnerability in SystemUI prior to SMR Sep-20 ...) + NOT-FOR-US: Samsung +CVE-2022-36860 (A heap-based overflow vulnerability in LoadEnvironment function in lib ...) + NOT-FOR-US: Samsung +CVE-2022-36859 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-36858 (A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() ...) + NOT-FOR-US: Samsung +CVE-2022-36857 (Improper Authorization vulnerability in Photo Editor prior to SMR Sep- ...) + NOT-FOR-US: Samsung +CVE-2022-36856 (Improper access control vulnerability in Telecom application prior to ...) + NOT-FOR-US: Samsung +CVE-2022-36855 (A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-36854 (Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-36853 (Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 all ...) + NOT-FOR-US: Samsung +CVE-2022-36852 (Improper Authorization vulnerability in Video Editor prior to SMR Sep- ...) + NOT-FOR-US: Samsung +CVE-2022-36851 (Improper access control vulnerability in Samsung pass prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-36850 (Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 R ...) + NOT-FOR-US: Samsung +CVE-2022-36849 (Use after free vulnerability in sdp_mm_set_process_sensitive function ...) + NOT-FOR-US: Samsung +CVE-2022-36848 (Improper Authorization vulnerability in setDualDARPolicyCmd prior to S ...) + NOT-FOR-US: Samsung +CVE-2022-36847 (Use after free vulnerability in mtp_send_signal function of MTP driver ...) + NOT-FOR-US: Samsung +CVE-2022-36846 (A heap-based overflow vulnerability in ConstructDictionary function in ...) + NOT-FOR-US: Samsung +CVE-2022-36845 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...) + NOT-FOR-US: Samsung +CVE-2022-36844 (A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() ...) + NOT-FOR-US: Samsung +CVE-2022-36843 (A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in ...) + NOT-FOR-US: Samsung +CVE-2022-36842 (A heap-based overflow vulnerability in prepareRecogLibrary function in ...) + NOT-FOR-US: Samsung +CVE-2022-36841 (A heap-based overflow vulnerability in PrepareRecogLibrary_Part functi ...) + NOT-FOR-US: Samsung +CVE-2022-36840 (DLL hijacking vulnerability in Samsung Update Setup prior to version 2 ...) + NOT-FOR-US: Samsung +CVE-2022-36839 (SQL injection vulnerability via IAPService in Samsung Checkout prior t ...) + NOT-FOR-US: Samsung +CVE-2022-36838 (Implicit Intent hijacking vulnerability in Galaxy Wearable prior to ve ...) + NOT-FOR-US: Samsung +CVE-2022-36837 (Intent redirection vulnerability using implicit intent in Samsung emai ...) + NOT-FOR-US: Samsung +CVE-2022-36836 (Unprotected provider vulnerability in Charm by Samsung prior to versio ...) + NOT-FOR-US: Samsung +CVE-2022-36835 (Implicit Intent hijacking vulnerability in Samsung Internet Browser pr ...) + NOT-FOR-US: Samsung +CVE-2022-36834 (Exposure of Sensitive Information vulnerability in Game Launcher prior ...) + NOT-FOR-US: Samsung +CVE-2022-36833 (Improper Privilege Management vulnerability in Game Optimizing Service ...) + NOT-FOR-US: Samsung +CVE-2022-36832 (Improper access control vulnerability in WebApp in Cameralyzer prior t ...) + NOT-FOR-US: Samsung +CVE-2022-36831 (Path traversal vulnerability in UriFileUtils of Samsung Notes prior to ...) + NOT-FOR-US: Samsung +CVE-2022-36830 (PendingIntent hijacking vulnerability in cancelAlarmManager in Charm b ...) + NOT-FOR-US: Samsung +CVE-2022-36829 (PendingIntent hijacking vulnerability in releaseAlarm in Charm by Sams ...) + NOT-FOR-US: Samsung +CVE-2022-36828 + RESERVED +CVE-2022-36827 + REJECTED +CVE-2022-36826 + RESERVED +CVE-2022-36825 + RESERVED +CVE-2022-36824 + RESERVED +CVE-2022-36823 + RESERVED +CVE-2022-36822 + RESERVED +CVE-2022-36821 + RESERVED +CVE-2022-36820 + RESERVED +CVE-2022-36819 + RESERVED +CVE-2022-36818 + RESERVED +CVE-2022-36817 + RESERVED +CVE-2022-36816 + REJECTED +CVE-2022-36815 + RESERVED +CVE-2022-36814 + RESERVED +CVE-2022-36813 + RESERVED +CVE-2022-36812 + RESERVED +CVE-2022-36811 + RESERVED +CVE-2022-36810 + RESERVED +CVE-2022-36809 + RESERVED +CVE-2022-36808 + RESERVED +CVE-2022-36807 + RESERVED +CVE-2022-36806 + RESERVED +CVE-2022-36805 + RESERVED +CVE-2022-36804 (Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7 ...) + NOT-FOR-US: Atlassian +CVE-2022-36803 (The MasterUserEdit API in Atlassian Jira Align Server before version 1 ...) + NOT-FOR-US: Atlassian +CVE-2022-36802 (The ManageJiraConnectors API in Atlassian Jira Align before version 10 ...) + NOT-FOR-US: Atlassian +CVE-2022-36801 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2022-36800 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2022-36799 (This issue exists to document that a security improvement in the way t ...) + NOT-FOR-US: Atlassian +CVE-2022-35401 (An authentication bypass vulnerability exists in the get_IFTTTTtoken.c ...) + NOT-FOR-US: Asus +CVE-2022-2548 + RESERVED +CVE-2022-2547 (A crafted HTTP packet without a content-type header can create a denia ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-36787 (webvendome - webvendome SQL Injection. SQL Injection in the Parameter ...) + NOT-FOR-US: Webvendome +CVE-2022-36786 (DLINK - DSL-224 Post-auth RCE. DLINK router version 3.0.8 has an inter ...) + NOT-FOR-US: DLINK +CVE-2022-36785 (D-Link \u2013 G integrated Access Device4 Information Disclosure & Aut ...) + NOT-FOR-US: DLINK +CVE-2022-36784 (Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo w ...) + NOT-FOR-US: Elsight +CVE-2022-36783 (AlgoSec \u2013 FireFlow Reflected Cross-Site-Scripting (RXSS) A malici ...) + NOT-FOR-US: AlgoSec +CVE-2022-36782 (Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerabi ...) + NOT-FOR-US: Pal Electronics Systems +CVE-2022-36781 (WiseConnect - ScreenConnect Session Code Bypass. An attacker would hav ...) + NOT-FOR-US: WiseConnect +CVE-2022-36780 (Avdor CIS - crystal quality Credentials Management Errors. The product ...) + NOT-FOR-US: Avdor CIS +CVE-2022-36779 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...) + NOT-FOR-US: PROSCEND +CVE-2022-36778 (insert HTML / js code inside input how to get to the vulnerable input ...) + NOT-FOR-US: Synel - eHarmony +CVE-2022-36777 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM Q ...) + NOT-FOR-US: IBM +CVE-2022-36776 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-36775 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and ...) + NOT-FOR-US: IBM +CVE-2022-36774 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-36773 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XM ...) + NOT-FOR-US: IBM +CVE-2022-36772 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2022-36771 (IBM QRadar User Behavior Analytics could allow an authenticated user t ...) + NOT-FOR-US: IBM +CVE-2022-36770 + RESERVED +CVE-2022-36769 (IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to up ...) + NOT-FOR-US: IBM +CVE-2022-36768 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-2546 (The All-in-One WP Migration WordPress plugin before 7.63 uses the wron ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2545 + RESERVED +CVE-2022-2544 (The Ninja Job Board WordPress plugin before 1.3.3 does not protect the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2543 (The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin befor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2542 (The uContext for Clickbank plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: uContext for Clickbank plugin for WordPress +CVE-2022-2541 (The uContext for Amazon plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: uContext for Amazon plugin for WordPress +CVE-2022-2540 (The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: Link Optimizer Lite plugin for WordPress +CVE-2022-2539 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2538 (The WP Hide & Security Enhancer WordPress plugin before 1.8 does not e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-XXXX [spip: XSS alowing priviledge escalation] + - spip 4.1.5+dfsg-1 + [bullseye] - spip 3.2.11-3+deb11u5 + [buster] - spip 3.2.4-1+deb10u9 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sortie-de-SPIP-4-1-5-SPIP-4-0-8-et-SPIP-3-2-16.html?lang=fr +CVE-2022-36767 + RESERVED +CVE-2022-36766 + RESERVED +CVE-2022-36765 + RESERVED +CVE-2022-36764 + RESERVED +CVE-2022-36763 + RESERVED +CVE-2022-36762 + RESERVED +CVE-2022-36761 + RESERVED +CVE-2022-36760 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) + {DSA-5376-1 DLA-3351-1} + - apache2 2.4.55-1 + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760 +CVE-2022-36759 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Online Food Ordering System +CVE-2022-36758 + RESERVED +CVE-2022-36757 + REJECTED +CVE-2022-36756 (DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/ ...) + NOT-FOR-US: D-Link +CVE-2022-36755 (D-Link DIR845L A1 contains a authentication vulnerability via an AUTHO ...) + NOT-FOR-US: D-Link +CVE-2022-36754 (Expense Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Expense Management System +CVE-2022-36753 + RESERVED +CVE-2022-36752 (png2webp v1.0.4 was discovered to contain an out-of-bounds write via t ...) + NOT-FOR-US: png2webp +CVE-2022-36751 + RESERVED +CVE-2022-36750 (Clinic's Patient Management System v1.0 is vulnerable to SQL injection ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-36749 (RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection ...) + NOT-FOR-US: RPi-Jukebox-RFID +CVE-2022-36748 (PicUploader v2.6.3 was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: PicUploader +CVE-2022-36747 (Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vu ...) + NOT-FOR-US: Cobub Razor +CVE-2022-36746 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: LibreNMS +CVE-2022-36745 (LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: LibreNMS +CVE-2022-36744 + RESERVED +CVE-2022-36743 + RESERVED +CVE-2022-36742 + RESERVED +CVE-2022-36741 + RESERVED +CVE-2022-36740 + RESERVED +CVE-2022-36739 + RESERVED +CVE-2022-36738 + RESERVED +CVE-2022-36737 + RESERVED +CVE-2022-36736 (Jitsi-2.10.5550 was discovered to contain a vulnerability in its web U ...) + NOT-FOR-US: Disputed Jitsi issue +CVE-2022-36735 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36734 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36733 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36732 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36731 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36730 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36729 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36728 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36727 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36726 + RESERVED +CVE-2022-36725 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36724 + RESERVED +CVE-2022-36723 + RESERVED +CVE-2022-36722 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36721 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36720 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36719 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36718 + RESERVED +CVE-2022-36717 + RESERVED +CVE-2022-36716 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36715 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36714 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36713 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36712 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36711 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36710 + RESERVED +CVE-2022-36709 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36708 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36707 + REJECTED +CVE-2022-36706 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36705 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36704 (Library Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Library Management System +CVE-2022-36703 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36702 + RESERVED +CVE-2022-36701 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36700 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36699 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36698 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36697 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36696 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36695 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36694 + RESERVED +CVE-2022-36693 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36692 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36691 + RESERVED +CVE-2022-36690 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36689 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36688 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36687 (Ingredients Stock Management System v1.0 was discovered to contain an ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36686 (Ingredients Stock Management System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Ingredients Stock Management System +CVE-2022-36685 + RESERVED +CVE-2022-36684 + RESERVED +CVE-2022-36683 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36682 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36681 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36680 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36679 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36678 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36677 + RESERVED +CVE-2022-36676 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36675 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36674 (Simple Task Scheduling System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-36673 + RESERVED +CVE-2022-36672 (Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key locat ...) + NOT-FOR-US: Novel-Plus +CVE-2022-36671 (Novel-Plus v3.6.2 was discovered to contain an arbitrary file download ...) + NOT-FOR-US: Novel-Plus +CVE-2022-36670 (PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamp ...) + NOT-FOR-US: PCProtect Endpoint +CVE-2022-36669 (Hospital Information System version 1.0 suffers from a remote SQL inje ...) + NOT-FOR-US: Hospital Information System +CVE-2022-36668 (Garage Management System 1.0 is vulnerable to Stored Cross Site Script ...) + NOT-FOR-US: Garage Management System +CVE-2022-36667 (Garage Management System 1.0 is vulnerable to the Remote Code Executio ...) + NOT-FOR-US: Garage Management System +CVE-2022-36666 + RESERVED +CVE-2022-36665 + RESERVED +CVE-2022-36664 (Password Manager for IIS 2.0 has a cross-site scripting (XSS) vulnerab ...) + NOT-FOR-US: Password Manager for IIS +CVE-2022-36663 (Gluu Oxauth before v4.4.1 allows attackers to execute blind SSRF (Serv ...) + NOT-FOR-US: Gluu Oxauth +CVE-2022-36662 + RESERVED +CVE-2022-36661 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...) + NOT-FOR-US: xhyve +CVE-2022-36660 (xhyve commit dfbe09b was discovered to contain a stack buffer overflow ...) + NOT-FOR-US: xhyve +CVE-2022-36659 (xhyve commit dfbe09b was discovered to contain a NULL pointer derefere ...) + NOT-FOR-US: xhyve +CVE-2022-36658 + RESERVED +CVE-2022-36657 (Library Management System v1.0 was discovered to contain a cross-site ...) + NOT-FOR-US: Library Management System +CVE-2022-36656 + RESERVED +CVE-2022-36655 + RESERVED +CVE-2022-36654 + RESERVED +CVE-2022-36653 + RESERVED +CVE-2022-36652 + RESERVED +CVE-2022-36651 + RESERVED +CVE-2022-36650 + RESERVED +CVE-2022-36649 + RESERVED +CVE-2022-36648 (The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device ...) + - qemu (bug #1052670) + [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) + [buster] - qemu (Minor issue, revisit when fixed upstream) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-06/msg04469.html +CVE-2022-36647 (PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overfl ...) + - davs2 (bug #1019358) + NOTE: https://github.com/pkuvcl/davs2/issues/29 + NOTE: Fixed by: https://github.com/pkuvcl/davs2/commit/b41cf117452e2d73d827f02d3e30aa20f1c721ac +CVE-2022-36646 + RESERVED +CVE-2022-36645 + RESERVED +CVE-2022-36644 + RESERVED +CVE-2022-36643 + RESERVED +CVE-2022-36642 (A local file disclosure vulnerability in /appConfig/userDB.json of Tel ...) + NOT-FOR-US: Telos Alliance Omnia MPX Node +CVE-2022-36641 + RESERVED +CVE-2022-36640 (influxData influxDB before v1.8.10 contains no authentication mechanis ...) + - influxdb (unimportant) + NOTE: If InfluxDB is deployed on publicly accessible endpoint, it is recommended + NOTE: to enable authentication. +CVE-2022-36639 (A stored cross-site scripting (XSS) vulnerability in /client.php of Ga ...) + NOT-FOR-US: Garage Management System +CVE-2022-36638 (An access control issue in the component print.php of Garage Managemen ...) + NOT-FOR-US: Garage Management System +CVE-2022-36637 (Garage Management System v1.0 was discovered to contain a persistent c ...) + NOT-FOR-US: Garage Management System +CVE-2022-36636 (Garage Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Garage Management System +CVE-2022-36635 (ZKteco ZKBioSecurity V5000 4.1.3 was discovered to contain a SQL injec ...) + NOT-FOR-US: ZKteco +CVE-2022-36634 (An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows a ...) + NOT-FOR-US: ZKteco +CVE-2022-36633 (Teleport 9.3.6 is vulnerable to Command injection leading to Remote Co ...) + NOT-FOR-US: Teleport +CVE-2022-36632 + RESERVED +CVE-2022-36631 + RESERVED +CVE-2022-36630 + RESERVED +CVE-2022-36629 + RESERVED +CVE-2022-36628 + RESERVED +CVE-2022-36627 + RESERVED +CVE-2022-36626 + RESERVED +CVE-2022-36625 + RESERVED +CVE-2022-36624 + RESERVED +CVE-2022-36623 + RESERVED +CVE-2022-36622 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...) + NOT-FOR-US: Samsung Electronics mTower +CVE-2022-36621 (Samsung Electronics mTower v0.3.0 and earlier was discovered to contai ...) + NOT-FOR-US: Samsung Electronics mTower +CVE-2022-36620 (D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnera ...) + NOT-FOR-US: D-Link +CVE-2022-36619 (In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without a ...) + NOT-FOR-US: D-Link +CVE-2022-36618 + RESERVED +CVE-2022-36617 (Arq Backup 7.19.5.0 and below stores backup encryption passwords using ...) + NOT-FOR-US: Arq Backup +CVE-2022-36616 (TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was di ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36615 (TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a h ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36614 (TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a har ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36613 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a har ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36612 (TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a ha ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36611 (TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a har ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36610 (TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hard ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36609 (Clinic's Patient Management System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-36608 + RESERVED +CVE-2022-36607 + RESERVED +CVE-2022-36606 (Ywoa before v6.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: Ywoa +CVE-2022-36605 (Yimioa v6.1 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: Yimioa +CVE-2022-36604 (An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and belo ...) + NOT-FOR-US: Canaan Avalon ASIC Miner +CVE-2022-36603 (InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contai ...) + NOT-FOR-US: InnoSilicon T3T+ t2t+_soc_20190911_151433.swu +CVE-2022-36602 (InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote ...) + NOT-FOR-US: InnoSilicon A10 +CVE-2022-36601 (The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 ...) + NOT-FOR-US: JasMiner-X4-Server-20220621-090907 +CVE-2022-36600 (BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting ( ...) + NOT-FOR-US: BlogEngine +CVE-2022-36599 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-36598 + RESERVED +CVE-2022-36597 + RESERVED +CVE-2022-36596 + RESERVED +CVE-2022-36595 + RESERVED +CVE-2022-36594 (Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: MyBatis Mapper +CVE-2022-36593 (kkFileView v4.0.0 was discovered to contain an arbitrary file deletion ...) + NOT-FOR-US: kkFileView +CVE-2022-36592 + RESERVED +CVE-2022-36591 + RESERVED +CVE-2022-36590 + RESERVED +CVE-2022-36589 + RESERVED +CVE-2022-36588 (In D-Link DAP1650 v1.04 firmware, the fileaccess.cgi program in the fi ...) + NOT-FOR-US: D-Link +CVE-2022-36587 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...) + NOT-FOR-US: Tenda +CVE-2022-36586 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, there is a buffer ove ...) + NOT-FOR-US: Tenda +CVE-2022-36585 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, in httpd binary, the ...) + NOT-FOR-US: Tenda +CVE-2022-36584 (In Tenda G3 US_G3V3.0br_V15.11.0.6(7663)_EN_TDE, the getsinglepppuser ...) + NOT-FOR-US: Tenda +CVE-2022-36583 (DedeCMS V5.7.97 was discovered to contain multiple cross-site scriptin ...) + NOT-FOR-US: DedeCMS +CVE-2022-36582 (An arbitrary file upload vulnerability in the component /php_action/cr ...) + NOT-FOR-US: Garage Management System +CVE-2022-36581 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-36580 (An arbitrary file upload vulnerability in the component /admin/product ...) + NOT-FOR-US: Online Ordering System +CVE-2022-36579 (Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: Wellcms +CVE-2022-36578 (jizhicms v2.3.1 has SQL injection in the background.) + NOT-FOR-US: jizhicms +CVE-2022-36577 (An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerabil ...) + NOT-FOR-US: jizhicms +CVE-2022-36576 + RESERVED +CVE-2022-36575 + RESERVED +CVE-2022-36574 + RESERVED +CVE-2022-36573 (A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allo ...) + NOT-FOR-US: Pagekit CMS +CVE-2022-36572 (Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to con ...) + NOT-FOR-US: Sinsiu Sinsiu Enterprise Website System +CVE-2022-36571 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-36570 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-36569 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-36568 (Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-36567 + RESERVED +CVE-2022-36566 (Rengine v1.3.0 was discovered to contain a command injection vulnerabi ...) + NOT-FOR-US: Rengine +CVE-2022-36565 (Incorrect access control in the install directory (C:\Wamp64) of Wamp ...) + NOT-FOR-US: Wamp +CVE-2022-36564 (Incorrect access control in the install directory (C:\Strawberry) of S ...) + NOT-FOR-US: StrawberryPerl +CVE-2022-36563 (Incorrect access control in the install directory (C:\RailsInstaller) ...) + NOT-FOR-US: Rubyinstaller2 +CVE-2022-36562 (Incorrect access control in the install directory (C:\Ruby31-x64) of R ...) + NOT-FOR-US: Rubyinstaller2 +CVE-2022-36561 (XPDF v4.0.4 was discovered to contain a segmentation violation via the ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-36560 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...) + NOT-FOR-US: Seiko SkyBridge MB-A200 +CVE-2022-36559 (Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain ...) + NOT-FOR-US: Seiko SkyBridge MB-A200 +CVE-2022-36558 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded ...) + NOT-FOR-US: Seiko SkyBridge MB-A100/A110 +CVE-2022-36557 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...) + NOT-FOR-US: Seiko SkyBridge MB-A100/A110 +CVE-2022-36556 (Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contai ...) + NOT-FOR-US: Seiko SkyBridge MB-A100/A110 +CVE-2022-36555 (Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash ...) + NOT-FOR-US: Hytec Inter HWL-2511-SS +CVE-2022-36554 (A command injection vulnerability in the CLI (Command Line Interface) ...) + NOT-FOR-US: Hytec Inter HWL-2511-SS +CVE-2022-36553 (Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a co ...) + NOT-FOR-US: Hytec Inter HWL-2511-SS +CVE-2022-36552 (Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an is ...) + NOT-FOR-US: Tenda +CVE-2022-36551 (A Server Side Request Forgery (SSRF) in the Data Import module in Hear ...) + NOT-FOR-US: Heartex +CVE-2022-36550 + RESERVED +CVE-2022-36549 + RESERVED +CVE-2022-36548 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stor ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36547 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a refl ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36546 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cros ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36545 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36544 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36543 (Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36542 (An access control issue in the component /ip/admin/ of Edoc-doctor-app ...) + NOT-FOR-US: Edoc-doctor-appointment-system +CVE-2022-36541 + RESERVED +CVE-2022-36540 + RESERVED +CVE-2022-36539 (WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID ...) + NOT-FOR-US: WeDayCare B.V Ouderapp +CVE-2022-36538 + RESERVED +CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...) + NOT-FOR-US: ZK Framework +CVE-2022-36536 (An issue in the component post_applogin.php of Super Flexible Software ...) + NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery +CVE-2022-36535 + RESERVED +CVE-2022-36534 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and ...) + NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery +CVE-2022-36533 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and ...) + NOT-FOR-US: Super Flexible Software GmbH & Co. KG Syncovery +CVE-2022-36532 (Bolt CMS contains a vulnerability in version 5.1.12 and below that all ...) + NOT-FOR-US: Bolt CMS +CVE-2022-36531 + RESERVED +CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...) + NOT-FOR-US: rageframe +CVE-2022-36529 (Kensite CMS v1.0 was discovered to contain multiple SQL injection vuln ...) + NOT-FOR-US: Kensite CMS +CVE-2022-36528 + RESERVED +CVE-2022-36527 (Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or ...) + NOT-FOR-US: Jfinal CMS +CVE-2022-36526 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) + NOT-FOR-US: D-Link +CVE-2022-36525 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) + NOT-FOR-US: D-Link +CVE-2022-36524 (D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) + NOT-FOR-US: D-Link +CVE-2022-36523 (D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 ...) + NOT-FOR-US: D-Link +CVE-2022-36522 (Mikrotik RouterOs through stable v6.48.3 was discovered to contain an ...) + NOT-FOR-US: Mikrotik +CVE-2022-36521 (Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers ...) + NOT-FOR-US: cskefu +CVE-2022-36520 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36519 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36518 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36517 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36516 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36515 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36514 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36513 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36512 + RESERVED +CVE-2022-36511 (H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack over ...) + NOT-FOR-US: H3C +CVE-2022-36510 (H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injec ...) + NOT-FOR-US: H3C +CVE-2022-36509 (H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injec ...) + NOT-FOR-US: H3C +CVE-2022-36508 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36507 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36506 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36505 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36504 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36503 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36502 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36501 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36500 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36499 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36498 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36497 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36496 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36495 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36494 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36493 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36492 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36491 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36490 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36489 (H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack ov ...) + NOT-FOR-US: H3C +CVE-2022-36488 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36487 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36486 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36485 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36484 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36483 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36482 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36481 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36480 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36479 (TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36478 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36477 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36476 + RESERVED +CVE-2022-36475 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36474 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36473 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36472 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36471 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36470 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36469 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36468 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36467 (H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-36466 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36465 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36464 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36463 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36462 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36461 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36460 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36459 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36458 (TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36457 + RESERVED +CVE-2022-36456 (TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36455 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...) + NOT-FOR-US: TOTOLINK +CVE-2022-36454 (A vulnerability in the MiCollab Client API of Mitel MiCollab through 9 ...) + NOT-FOR-US: Mitel +CVE-2022-36453 (A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 thr ...) + NOT-FOR-US: Mitel +CVE-2022-36452 (A vulnerability in the web conferencing component of Mitel MiCollab th ...) + NOT-FOR-US: Mitel +CVE-2022-36451 (A vulnerability in the MiCollab Client server component of Mitel MiCol ...) + NOT-FOR-US: Mitel +CVE-2022-36450 (Obsidian 0.14.x and 0.15.x before 0.15.5 allows obsidian://hook-get-ad ...) + NOT-FOR-US: Obsidian +CVE-2022-36449 (An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privi ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-36448 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-36447 (An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. ...) + NOT-FOR-US: Chia Network CAT1 Standard +CVE-2022-36446 (software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a U ...) + - webmin +CVE-2022-36445 + RESERVED +CVE-2022-36444 (An issue was discovered in Atos Unify OpenScape SBC 9 and 10 before 10 ...) + NOT-FOR-US: Atos Unify OpenScape SBC +CVE-2022-36443 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The de ...) + NOT-FOR-US: Zebra Enterprise Home Screen +CVE-2022-36442 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By usi ...) + NOT-FOR-US: Zebra Enterprise Home Screen +CVE-2022-36441 (An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gb ...) + NOT-FOR-US: Zebra Enterprise Home Screen +CVE-2022-36440 (A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the pee ...) + {DLA-3573-1} + - frr 8.4.1-1 + [bullseye] - frr 7.5.1-1.1+deb11u2 + NOTE: https://github.com/FRRouting/frr/issues/13202 + NOTE: https://github.com/FRRouting/frrcommit/3e46b43e3788f0f87bae56a86b54d412b4710286 (base_8.4) + NOTE: https://github.com/spwpun/pocs/blob/main/frr-bgpd.md +CVE-2022-2537 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2536 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) + NOT-FOR-US: Transposh WordPress Translation plugin for WordPress +CVE-2022-2535 (The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2534 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2533 (An issue has been discovered in GitLab affecting all versions starting ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2532 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2531 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-2530 + REJECTED +CVE-2022-2529 (sflow decode package does not employ sufficient packet sanitisation wh ...) + NOT-FOR-US: goflow +CVE-2022-2528 (In affected versions of Octopus Deploy it is possible to upload a pack ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-36439 (AsusSoftwareManager.exe in ASUS System Control Interface on ASUS perso ...) + NOT-FOR-US: ASUS +CVE-2022-36438 (AsusSwitch.exe on ASUS personal computers (running Windows) sets weak ...) + NOT-FOR-US: ASUS +CVE-2022-36437 (The Connection handler in Hazelcast and Hazelcast Jet allows a remote ...) + - hazelcast (bug #745640) +CVE-2022-36436 (OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap ...) + NOT-FOR-US: OSU Open Source Lab VNCAuthProxy +CVE-2022-36435 + RESERVED +CVE-2022-36434 + RESERVED +CVE-2022-36433 (The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plu ...) + NOT-FOR-US: Amasty Blog Pro +CVE-2022-36432 (The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Mag ...) + NOT-FOR-US: Amasty Blog Pro plugin for Magento +CVE-2022-36431 (An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise ...) + NOT-FOR-US: Rocket TRUfusion Enterprise +CVE-2022-36430 + RESERVED +CVE-2022-2527 (An issue in Incident Timelines has been discovered in GitLab CE/EE aff ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2021-46829 (GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buf ...) + {DSA-5228-1} + - gdk-pixbuf 2.42.8+dfsg-1 + [buster] - gdk-pixbuf (Vulnerable code not present; GIF animation support added later) + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/190 + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/121 + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/6976bdc8ee9dd2c2954f91066f7b0f643769a379 (2.42.8) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/23/1 + NOTE: http://www.openwall.com/lists/oss-security/2022/07/25/1 +CVE-2022-2526 (A use-after-free vulnerability was found in systemd. This issue occurs ...) + - systemd 240-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2109926 + NOTE: https://github.com/systemd/systemd/commit/d973d94dec349fb676fdd844f6fe2ada3538f27c (v240) +CVE-2022-2525 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + - calibre-web (bug #982690) +CVE-2022-2524 + RESERVED +CVE-2017-20145 (A vulnerability was found in Tecrail Responsive Filemanger up to 9.10. ...) + NOT-FOR-US: Tecrail Responsive Filemanger +CVE-2017-20144 (A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1. ...) + NOT-FOR-US: Anvsoft PDFMate PDF Converter Pro +CVE-2022-36400 (Path traversal in the installer software for some Intel(r) NUC Kit Wir ...) + NOT-FOR-US: Intel +CVE-2022-36392 (Improper input validation in some firmware for Intel(R) AMT and Intel( ...) + NOT-FOR-US: Intel +CVE-2022-36384 (Unquoted search path in the installer software for some Intel(r) NUC K ...) + NOT-FOR-US: Intel +CVE-2022-36382 (Out-of-bounds write in firmware for some Intel(R) Ethernet Network Con ...) + NOT-FOR-US: Intel +CVE-2022-36380 (Uncontrolled search path in the installer software for some Intel(r) N ...) + NOT-FOR-US: Intel +CVE-2022-36370 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards ...) + NOT-FOR-US: Intel +CVE-2022-36283 + RESERVED +CVE-2022-34864 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector softwa ...) + NOT-FOR-US: Intel +CVE-2022-34859 + RESERVED +CVE-2022-33963 (Incorrect default permissions in the software installer for Intel(R) U ...) + NOT-FOR-US: Intel +CVE-2022-2523 (Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/ ...) + - fava 1.23.1-1 (bug #1016971) + [bullseye] - fava (Minor issue) + [buster] - fava (Minor issue) + NOTE: https://huntr.dev/bounties/2a1802d8-1c2e-4919-96a7-d4dcf7ffcf8f + NOTE: https://github.com/beancount/fava/commit/dccfb6a2f4567f35ce2e9a78e24f92ebf946bc9b (v1.22.2) +CVE-2022-36381 (OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor W ...) + NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 +CVE-2022-36293 (Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-00 ...) + NOT-FOR-US: Nintendo Wi-Fi Network Adaptor WAP-001 +CVE-2022-35734 ('Hulu / \u30d5\u30fc\u30eb\u30fc' App for Android from version 3.0.47 ...) + NOT-FOR-US: Hulu App for Android +CVE-2022-34156 ('Hulu / \u30d5\u30fc\u30eb\u30fc' App for iOS versions prior to 3.0.81 ...) + NOT-FOR-US: Hulu App for Android +CVE-2022-36415 (A DLL hijacking vulnerability exists in the uninstaller in Scooter Bey ...) + NOT-FOR-US: Scooter Beyond Compare +CVE-2022-36414 (There is an elevation of privilege breakout vulnerability in the Windo ...) + NOT-FOR-US: Scooter Beyond Compare +CVE-2022-36413 (Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a b ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-36412 (In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests ...) + NOT-FOR-US: Zoho +CVE-2022-36411 + RESERVED +CVE-2022-36410 + RESERVED +CVE-2022-36409 + RESERVED +CVE-2022-36408 + REJECTED +CVE-2022-36398 (Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool ...) + NOT-FOR-US: Intel +CVE-2022-36396 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) + NOT-FOR-US: Intel +CVE-2022-36395 + RESERVED +CVE-2022-36377 (Insecure inherited permissions in some Intel(R) Wireless Adapter Drive ...) + NOT-FOR-US: Intel +CVE-2022-36374 (Improper access control in some Intel(R) Aptio* V UEFI Firmware Integr ...) + NOT-FOR-US: Intel +CVE-2022-36287 (Uncaught exception in the FCS Server software maintained by Intel befo ...) + NOT-FOR-US: Intel +CVE-2022-36278 (Insufficient control flow management in the Intel(R) Battery Life Diag ...) + NOT-FOR-US: Intel +CVE-2022-34855 (Path traversal for the Intel(R) NUC Pro Software Suite before version ...) + NOT-FOR-US: Intel +CVE-2022-34153 (Improper initialization in the Intel(R) Battery Life Diagnostic Tool s ...) + NOT-FOR-US: Intel +CVE-2022-34147 (Improper input validation in BIOS firmware for some Intel(R) NUC 9 Ext ...) + NOT-FOR-US: Intel +CVE-2022-31137 (Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Kee ...) + NOT-FOR-US: Roxy-WI +CVE-2022-2522 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0135-1 (unimportant; bug #1016068) + NOTE: https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 + NOTE: https://github.com/vim/vim/commit/5fa9f23a63651a8abdb074b4fc2ec9b1adc6b089 (v9.0.0061) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2521 (It was found in libtiff 4.4.0rc1 that there is an invalid pointer free ...) + {DSA-5333-1} + - tiff 4.4.0-6 (unimportant; bug #1024670) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/422 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba + NOTE: Crash in CLI tool, no security impact +CVE-2022-2520 (A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion f ...) + {DSA-5333-1} + - tiff 4.4.0-6 (unimportant; bug #1024670) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/424 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba + NOTE: Crash in CLI tool, no security impact +CVE-2022-2519 (There is a double free or corruption in rotateImage() at tiffcrop.c:88 ...) + {DSA-5333-1} + - tiff 4.4.0-6 (unimportant; bug #1024670) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/423 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/378 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/8fe3735942ea1d90d8cef843b55b3efe8ab6feaf + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/bad48e90b410df32172006c7876da449ba62cdba + NOTE: Crash in CLI tool, no security impact +CVE-2022-2518 (The Stockists Manager for Woocommerce plugin for WordPress is vulnerab ...) + NOT-FOR-US: Stockists Manager for Woocommerce plugin for WordPress +CVE-2022-2517 (The Beaver Builder \u2013 WordPress Page Builder for WordPress is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2516 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...) + NOT-FOR-US: Visual Composer Website Builder plugin for WordPress +CVE-2018-25045 (Django REST framework (aka django-rest-framework) before 3.9.1 allows ...) + {DSA-5186-1} + - djangorestframework 3.10.2-1 + NOTE: https://github.com/encode/django-rest-framework/commit/4bb9a3c48427867ef1e46f7dee945a4c25a4f9b8 (3.9.1) +CVE-2022-36407 + RESERVED +CVE-2022-36389 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36386 (Authenticated Arbitrary Code Execution vulnerability in Soflyy Import ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36379 (Cross-Site Request Forgery (CSRF) leading to plugin settings update in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36378 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36375 (Authenticated (high role user) WordPress Options Change vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36371 + RESERVED +CVE-2022-36357 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webpsilo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36346 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foun ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36344 (An unquoted search path vulnerability exists in 'JustSystems JUST Onli ...) + NOT-FOR-US: JustSystems +CVE-2022-36343 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36341 (Authenticated (subscriber+) plugin settings change leading to Stored C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36296 (Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND pl ...) + NOT-FOR-US: JumpDEMAND +CVE-2022-36292 (Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36288 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36285 (Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Up ...) + NOT-FOR-US: WordPress plugin +CVE-2022-36284 (Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerc ...) + NOT-FOR-US: WooCommerce addon +CVE-2022-36282 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35882 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34868 (Authenticated Arbitrary Settings Update vulnerability in YooMoney \u04 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34867 (Unauthenticated Sensitive Information Disclosure vulnerability in WP L ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34857 (Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP P ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34658 (Multiple Authenticated (contributor+) Persistent Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34656 (Authenticated (admin+) Cross-Site Scripting (XSS) vulnerability in wpd ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34648 (Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34344 + RESERVED +CVE-2022-34154 (Authenticated (author or higher user role) Arbitrary File Upload vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33970 (Authenticated WordPress Options Change vulnerability in Biplob018 Shor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33969 (Authenticated WordPress Options Change vulnerability in Biplob Adhikar ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33943 (Authenticated (contributor or higher user role) Cross-Site Scripting ( ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33201 (Cross-Site Request Forgery (CSRF) vulnerability in MailerLite \u2013 S ...) + NOT-FOR-US: MailerLite +CVE-2022-33142 (Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in W ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2515 (The Simple Banner plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: Simple Banner plugin for WordPress +CVE-2022-2514 (The time and filter parameters in Fava prior to v1.22 are vulnerable t ...) + - fava 1.23.1-1 (bug #1016971) + [bullseye] - fava (Minor issue) + [buster] - fava (Minor issue) + NOTE: https://huntr.dev/bounties/dbf77139-4384-4dc5-9994-45a5e0747429 + NOTE: https://github.com/beancount/fava/commit/ca9e3882c7b5fbf5273ba52340b9fea6a99f3711 (v1.22) +CVE-2022-2513 (A vulnerability exists in the Intelligent Electronic Device (IED) Conn ...) + NOT-FOR-US: Hitachi +CVE-2022-2512 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2511 (Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" ...) + NOT-FOR-US: BlueSpice +CVE-2022-2510 (Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" ...) + NOT-FOR-US: BlueSpice +CVE-2022-36372 (Improper buffer restrictions in some Intel(R) NUC BIOS firmware may al ...) + NOT-FOR-US: Intel +CVE-2022-36367 (Incorrect default permissions in the Intel(R) Support Android applicat ...) + NOT-FOR-US: Intel +CVE-2022-36364 (Apache Calcite Avatica JDBC driver creates HTTP client instances based ...) + NOT-FOR-US: Apache Calcite +CVE-2022-36298 + RESERVED +CVE-2022-35729 (Out of bounds read in firmware for OpenBMC in some Intel(R) platforms ...) + NOT-FOR-US: Intel +CVE-2022-34848 (Uncontrolled search path for the Intel(R) NUC Pro Software Suite befor ...) + NOT-FOR-US: Intel +CVE-2022-34846 + RESERVED +CVE-2022-34657 (Improper input validation in firmware for some Intel(R) PCSD BIOS befo ...) + NOT-FOR-US: Intel +CVE-2022-33196 (Incorrect default permissions in some memory controller configurations ...) + {DLA-3379-1} + - intel-microcode 3.20230214.1 (bug #1031334) + [bullseye] - intel-microcode 3.20230214.1~deb11u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 +CVE-2022-32570 (Improper authentication in the Intel(R) Quartus Prime Pro and Standard ...) + NOT-FOR-US: Intel +CVE-2022-32232 + RESERVED +CVE-2022-2509 (A vulnerability found in gnutls. This security flaw happens because of ...) + {DSA-5203-1 DLA-3070-1} + - gnutls28 3.7.7-1 + NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2022-07-07 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1383 (restricted) + NOTE: https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2 +CVE-2022-2508 (In affected versions of Octopus Server it is possible to reveal the ex ...) + NOT-FOR-US: Octopus Server +CVE-2022-2507 (In affected versions of Octopus Deploy it is possible to render user s ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2506 + RESERVED +CVE-2022-36363 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) + NOT-FOR-US: LOGO! +CVE-2022-36362 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) + NOT-FOR-US: LOGO! +CVE-2022-36361 (A vulnerability has been identified in LOGO! 12/24RCE (All versions), ...) + NOT-FOR-US: LOGO! +CVE-2022-36360 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + NOT-FOR-US: LOGO! +CVE-2022-35239 (The image file management page of SolarView Compact SV-CPT-MC310 Ver.7 ...) + NOT-FOR-US: SolarView Compact SV-CPT-MC310 +CVE-2022-2505 (Mozilla developers and the Mozilla Fuzzing Team reported memory safety ...) + - firefox 103.0-1 + - thunderbird 1:102.1.0-1 + [bullseye] - thunderbird (Only affects 102 ESR) + [buster] - thunderbird (Only affects 102 ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2505 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-2505 +CVE-2022-2504 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: SDD-Baro +CVE-2022-2503 (Dm-verity is used for extending root-of-trust to root filesystems. Loa ...) + - linux 5.18.2-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 (5.19-rc1) + NOTE: https://github.com/google/security-research/security/advisories/GHSA-6vq3-w69p-w63m +CVE-2022-2502 (A vulnerability exists in the HCI IEC 60870-5-104 function included in ...) + NOT-FOR-US: HCI +CVE-2022-36359 (An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...) + {DSA-5254-1} + - python-django 3:3.2.15-1 + [buster] - python-django (Vulnerable code introduced in 2.1) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/03/1 + NOTE: https://github.com/django/django/commit/bd062445cffd3f6cc6dcd20d13e2abed818fa173 (main) + NOTE: https://github.com/django/django/commit/b3e4494d759202a3b6bf247fd34455bf13be5b80 (3.2.15) + NOTE: Introduced by: https://github.com/django/django/commit/a177f854c34718e473bcd0a2dc6c4fd935c8e327 +CVE-2022-36342 + RESERVED +CVE-2022-36338 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-36337 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-36336 (A link following vulnerability in the scanning function of Trend Micro ...) + NOT-FOR-US: Trend Micro +CVE-2022-36297 + RESERVED +CVE-2022-36286 + RESERVED +CVE-2022-35732 + RESERVED +CVE-2022-35731 + RESERVED +CVE-2022-35727 + RESERVED +CVE-2022-34852 + RESERVED +CVE-2022-34849 (Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows ...) + NOT-FOR-US: Intel +CVE-2022-29494 (Improper input validation in firmware for OpenBMC in some Intel(R) pla ...) + NOT-FOR-US: Intel +CVE-2022-29493 (Uncaught exception in webserver for the Integrated BMC in some Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-2501 (An improper access control issue in GitLab EE affecting all versions f ...) + - gitlab (Specific to EE) +CVE-2022-2500 (A cross-site scripting issue has been discovered in GitLab CE/EE affec ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2499 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-2498 (An issue in pipeline subscriptions in GitLab EE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2497 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2496 + RESERVED +CVE-2020-36558 (A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX ...) + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/6cd1ed50efd88261298577cd92a14f2768eddeeb (v5.6-rc3) +CVE-2020-36557 (A race condition in the Linux kernel before 5.6.2 between the VT_DISAL ...) + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/ca4463bf8438b403596edd0ec961ca0d4fbe0220 (v5.7-rc1) +CVE-2022-36335 + RESERVED +CVE-2022-36334 + RESERVED +CVE-2022-36333 + RESERVED +CVE-2022-36332 + RESERVED +CVE-2022-36331 (Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDis ...) + NOT-FOR-US: Western Digital +CVE-2022-36330 (A buffer overflow vulnerability was discovered on firmware version val ...) + NOT-FOR-US: Western Digital +CVE-2022-36329 (An improper privilege management issue that could allow an attacker to ...) + NOT-FOR-US: Western Digital +CVE-2022-36328 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Western Digital +CVE-2022-36327 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Western Digital +CVE-2022-36326 (An uncontrolled resource consumption vulnerability issue that could ar ...) + NOT-FOR-US: Western Digital +CVE-2022-36325 (Affected devices do not properly sanitize data introduced by an user w ...) + NOT-FOR-US: Siemens +CVE-2022-36324 (Affected devices do not properly handle the renegotiation of SSL/TLS p ...) + NOT-FOR-US: Siemens +CVE-2022-36323 (Affected devices do not properly sanitize an input field. This could ...) + NOT-FOR-US: Siemens +CVE-2022-36322 (In JetBrains TeamCity before 2022.04.2 build parameter injection was p ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-36321 (In JetBrains TeamCity before 2022.04.2 the private SSH key could be wr ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-36320 (Mozilla developers and the Mozilla Fuzzing Team reported memory safety ...) + - firefox 103.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36320 +CVE-2022-36319 (When combining CSS properties for overflow and transform, the mouse cu ...) + {DSA-5195-1 DSA-5193-1} + - firefox 103.0-1 + - firefox-esr 91.12.0esr-1 + - thunderbird 1:102.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36319 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36319 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36319 +CVE-2022-36318 (When visiting directory listings for `chrome://` URLs as source text, ...) + {DSA-5195-1 DSA-5193-1} + - firefox 103.0-1 + - firefox-esr 91.12.0esr-1 + - thunderbird 1:102.1.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36318 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/#CVE-2022-36318 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36318 +CVE-2022-36317 (When visiting a website with an overly long URL, the user interface wo ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36317 +CVE-2022-36316 (When using the Performance API, an attacker was able to notice subtle ...) + - firefox 103.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36316 +CVE-2022-36315 (When loading a script with Subresource Integrity, attackers with an in ...) + - firefox 103.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36315 +CVE-2022-36314 (When opening a Windows shortcut from the local filesystem, an attacker ...) + - firefox (Windows-specific) + - thunderbird (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-36314 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-32/#CVE-2022-36314 +CVE-2022-36313 (An issue was discovered in the file-type package before 16.5.4 and 17. ...) + NOT-FOR-US: Node file-type +CVE-2022-2495 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-2494 (Cross-site Scripting (XSS) - Stored in GitHub repository openemr/opene ...) + NOT-FOR-US: openemr +CVE-2022-2493 (Data Access from Outside Expected Data Manager Component in GitHub rep ...) + NOT-FOR-US: openemr +CVE-2022-2492 (A vulnerability was found in SourceCodester Library Management System ...) + NOT-FOR-US: SourceCodester +CVE-2022-2491 (A vulnerability has been found in SourceCodester Library Management Sy ...) + NOT-FOR-US: SourceCodester +CVE-2022-2490 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester +CVE-2022-2489 (A vulnerability was found in SourceCodester Simple E-Learning System 1 ...) + NOT-FOR-US: SourceCodester +CVE-2022-2488 (A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classifie ...) + NOT-FOR-US: WAVLINK +CVE-2022-2487 (A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and clas ...) + NOT-FOR-US: WAVLINK +CVE-2022-2486 (A vulnerability, which was classified as critical, was found in WAVLIN ...) + NOT-FOR-US: WAVLINK +CVE-2021-46828 (In libtirpc before 1.3.3rc1, remote attackers could exhaust the file d ...) + {DSA-5200-1 DLA-3071-1} + - libtirpc 1.3.2-2.1 (bug #1015873) + NOTE: Fixed by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=86529758570cef4c73fb9b9c4104fdc510f701ed (libtirpc-1-3-3-rc1) + NOTE: Introduced by: http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=b2c9430f46c4ac848957fb8adaac176a3f6ac03f (libtirpc-0-3-3-rc3) +CVE-2022-36312 (Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF pro ...) + NOT-FOR-US: Airspan AirVelocity 1500 software +CVE-2022-36311 (Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vu ...) + NOT-FOR-US: Airspan AirVelocity 1500 software +CVE-2022-36310 (Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had N ...) + NOT-FOR-US: Airspan AirVelocity 1500 software +CVE-2022-36309 (Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have ...) + NOT-FOR-US: Airspan AirVelocity 1500 software +CVE-2022-36308 (Airspan AirVelocity 1500 web management UI displays SNMP credentials i ...) + NOT-FOR-US: Airspan AirVelocity 1500 +CVE-2022-36307 (The AirVelocity 1500 prints SNMP credentials on its physically accessi ...) + NOT-FOR-US: Airspan AirVelocity 1500 +CVE-2022-36306 (An authenticated attacker can enumerate and download sensitive files, ...) + NOT-FOR-US: Airspan AirVelocity 1500 +CVE-2022-36294 + RESERVED +CVE-2022-36290 + RESERVED +CVE-2022-36289 (Protection mechanism failure in the Intel(R) Media SDK software before ...) + NOT-FOR-US: Intel +CVE-2022-35883 (NULL pointer dereference in the Intel(R) Media SDK software before ver ...) + NOT-FOR-US: Intel +CVE-2022-35274 + RESERVED +CVE-2022-35237 + RESERVED +CVE-2022-34860 + RESERVED +CVE-2022-34843 (Integer overflow in the Intel(R) Trace Analyzer and Collector software ...) + NOT-FOR-US: Intel +CVE-2022-33949 + RESERVED +CVE-2022-32575 (Out-of-bounds write in the Intel(R) Trace Analyzer and Collector softw ...) + NOT-FOR-US: Intel +CVE-2022-2485 (Any attempt (good or bad) to log into AutomationDirect Stride Field I/ ...) + NOT-FOR-US: AutomationDirect +CVE-2022-2484 (The signature check in the Nokia ASIK AirScale system module version 4 ...) + NOT-FOR-US: Nokia +CVE-2022-2483 (The bootloader in the Nokia ASIK AirScale system module (versions 4740 ...) + NOT-FOR-US: Nokia +CVE-2022-2482 (A vulnerability exists in Nokia\u2019s ASIK AirScale system module (ve ...) + NOT-FOR-US: Nokia +CVE-2022-2481 (Use after free in Views in Google Chrome prior to 103.0.5060.134 allow ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2480 (Use after free in Service Worker API in Google Chrome prior to 103.0.5 ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2479 (Insufficient validation of untrusted input in File in Google Chrome on ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2478 (Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-2477 (Use after free in Guest View in Google Chrome prior to 103.0.5060.134 ...) + {DSA-5187-1} + - chromium 103.0.5060.134-1 + [buster] - chromium (see DSA 5046) +CVE-2022-36305 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: Vesta +CVE-2022-36304 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: Vesta +CVE-2022-36303 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: Vesta +CVE-2022-36302 (File path manipulation vulnerability in BF-OS version 3.00 up to and i ...) + NOT-FOR-US: BF-OS +CVE-2022-36301 (BF-OS version 3.x up to and including 3.83 do not enforce strong passw ...) + NOT-FOR-US: BF-OS +CVE-2022-36300 + RESERVED +CVE-2022-30706 (Open redirect vulnerability in Booked versions prior to 3.3 allows a r ...) + NOT-FOR-US: Booked +CVE-2022-2476 (A null pointer dereference bug was found in wavpack-5.4.0 The results ...) + - wavpack 5.5.0-1 (bug #1015790) + [bullseye] - wavpack (Minor issue) + [buster] - wavpack (Minor issue) + NOTE: https://github.com/dbry/WavPack/issues/121 + NOTE: https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac (5.5.0) +CVE-2022-2475 (Haas Controller version 100.20.000.1110 has insufficient granularity o ...) + NOT-FOR-US: Haas Controller +CVE-2022-2474 (Authentication is currently unsupported in Haas Controller version 100 ...) + NOT-FOR-US: Haas Controller +CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WP-UserOnline plugin for WordPress +CVE-2022-2472 (Improper Initialization vulnerability in the local server component of ...) + NOT-FOR-US: EZVIZ CS-C6N-A0-1C2WFR +CVE-2022-2471 (Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detectio ...) + NOT-FOR-US: EZVIZ Motion Detection in various camera models +CVE-2022-2470 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-2469 (GNU SASL libgsasl server-side read-out-of-bounds with malicious authen ...) + {DSA-5189-1} + - gsasl 2.0.1-1 + NOTE: Advisory: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00001.html + NOTE: Reproducing issue: https://lists.gnu.org/archive/html/help-gsasl/2022-07/msg00002.html + NOTE: Fixed by: https://gitlab.com/gsasl/gsasl/-/commit/796e4197f696261c1f872d7576371232330bcc30 (v2.0.1) +CVE-2022-2468 (A vulnerability was found in SourceCodester Garage Management System 1 ...) + NOT-FOR-US: SourceCodester Garage Management +CVE-2022-2467 (A vulnerability has been found in SourceCodester Garage Management Sys ...) + NOT-FOR-US: SourceCodester Garage Management +CVE-2016-15004 (A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. I ...) + NOT-FOR-US: InfiniteWP +CVE-2022-35735 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35728 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35272 (In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35245 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35243 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35241 (In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Insta ...) + NOT-FOR-US: F5 +CVE-2022-35240 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-35236 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34865 (In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and a ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34862 (In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34851 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34844 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34655 (In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-34651 (In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-33968 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-33962 (In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-33947 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-33203 (In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-32455 (In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-31473 (In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-30535 (In versions 2.x before 2.3.0 and all versions of 1.x, An attacker auth ...) + NOT-FOR-US: F5 +CVE-2022-2466 (It was found that Quarkus 2.10.x does not terminate HTTP requests head ...) + NOT-FOR-US: quarkusio/quarkus +CVE-2022-2465 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-2464 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-2463 (Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6. ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-2462 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) + NOT-FOR-US: Transposh WordPress Translation plugin for WordPress +CVE-2022-2461 (The Transposh WordPress Translation plugin for WordPress is vulnerable ...) + NOT-FOR-US: Transposh WordPress Translation plugin for WordPress +CVE-2022-36277 (The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' pa ...) + NOT-FOR-US: TCMAN GIM +CVE-2022-36276 (TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' p ...) + NOT-FOR-US: TCMAN GIM +CVE-2022-2460 (The WPDating WordPress plugin before 7.4.0 does not properly escape us ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2459 (An issue has been discovered in GitLab EE affecting all versions befor ...) + - gitlab (Specific to EE) +CVE-2022-2458 (XML external entity injection(XXE) is a vulnerability that allows an a ...) + NOT-FOR-US: Red Hat Process Automation Manager +CVE-2022-2457 (A flaw was found in Red Hat Process Automation Manager 7 where an atta ...) + NOT-FOR-US: Red Hat Process Automation Manager +CVE-2022-2456 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-36275 + RESERVED +CVE-2022-36274 + RESERVED +CVE-2022-36273 (Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform ...) + NOT-FOR-US: Tenda +CVE-2022-36272 (Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-36271 (Outbyte PC Repair Installation File 1.7.112.7856 is vulnerable to Dll ...) + NOT-FOR-US: Outbyte PC Repair Installation File +CVE-2022-36270 (Clinic's Patient Management System v1.0 has arbitrary code execution v ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-36269 + RESERVED +CVE-2022-36268 + RESERVED +CVE-2022-36267 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Una ...) + NOT-FOR-US: Airspan AirSpot +CVE-2022-36266 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a sto ...) + NOT-FOR-US: Airspan AirSpot +CVE-2022-36265 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hid ...) + NOT-FOR-US: Airspan AirSpot +CVE-2022-36264 (In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Un ...) + NOT-FOR-US: Airspan AirSpot +CVE-2022-36263 (StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access ...) + NOT-FOR-US: StreamLabs Desktop Application +CVE-2022-36262 (An issue was discovered in taocms 3.0.2. in the website settings that ...) + NOT-FOR-US: taocms +CVE-2022-36261 (An arbitrary file deletion vulnerability was discovered in taocms 3.0. ...) + NOT-FOR-US: taocms +CVE-2022-36260 + RESERVED +CVE-2022-36259 (A SQL injection vulnerability in ConnectionFactory.java in sazanrjb In ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-36258 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-36257 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-36256 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-36255 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-36254 (Multiple persistent cross-site scripting (XSS) vulnerabilities in inde ...) + NOT-FOR-US: tramyardg Hotel Management System +CVE-2022-36253 + RESERVED +CVE-2022-36252 + RESERVED +CVE-2022-36251 (Clinic's Patient Management System v1.0 is vulnerable to Cross Site Sc ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-36250 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36249 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36248 + RESERVED +CVE-2022-36247 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36246 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36245 + RESERVED +CVE-2022-36244 (Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36243 (Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2. ...) + NOT-FOR-US: Shop Beat Solutions +CVE-2022-36242 (Clinic's Patient Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-36241 + RESERVED +CVE-2022-36240 + RESERVED +CVE-2022-36239 + RESERVED +CVE-2022-36238 + RESERVED +CVE-2022-36237 + RESERVED +CVE-2022-36236 + RESERVED +CVE-2022-36235 + RESERVED +CVE-2022-36234 (SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af44 ...) + NOT-FOR-US: SimpleNetwork TCP Server +CVE-2022-36233 (Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form ...) + NOT-FOR-US: Tenda +CVE-2022-36232 + RESERVED +CVE-2022-36231 (pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby cod ...) + NOT-FOR-US: pdf_info gem +CVE-2022-36230 + RESERVED +CVE-2022-36229 + RESERVED +CVE-2022-36228 (Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Perm ...) + NOT-FOR-US: Nokelock Smart padlock +CVE-2022-36227 (In libarchive before 3.6.2, the software does not check for an error a ...) + {DLA-3294-1} + - libarchive 3.6.2-1 (bug #1024669) + [bullseye] - libarchive (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/1754 + NOTE: https://github.com/libarchive/libarchive/pull/1759 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/bff38efe8c110469c5080d387bec62a6ca15b1a5 +CVE-2022-36226 (SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /Si ...) + NOT-FOR-US: SiteServerCMS +CVE-2022-36225 (EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (C ...) + NOT-FOR-US: Eyoucms +CVE-2022-36224 (XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).) + NOT-FOR-US: XunRuiCMS +CVE-2022-36223 (In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS s ...) + NOT-FOR-US: Emby Server +CVE-2022-36222 (Nokia Fastmile 3tg00118abad52 devices shipped by Optus are shipped wit ...) + NOT-FOR-US: Nokia +CVE-2022-36221 (Nokia Fastmile 3tg00118abad52 is affected by an authenticated path tra ...) + NOT-FOR-US: Nokia +CVE-2022-36220 (Kiosk breakout (without quit password) in Safe Exam Browser (Windows) ...) + NOT-FOR-US: Safe Exam Browser +CVE-2022-36219 + RESERVED +CVE-2022-36218 + RESERVED +CVE-2022-36217 + RESERVED +CVE-2022-36216 (DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code exec ...) + NOT-FOR-US: DedeCMS +CVE-2022-36215 (DedeBIZ v6 was discovered to contain a remote code execution vulnerabi ...) + NOT-FOR-US: DedeBIZ +CVE-2022-36214 + RESERVED +CVE-2022-36213 + RESERVED +CVE-2022-36212 + RESERVED +CVE-2022-36211 + RESERVED +CVE-2022-36210 + RESERVED +CVE-2022-36209 + RESERVED +CVE-2022-36208 + RESERVED +CVE-2022-36207 + RESERVED +CVE-2022-36206 + RESERVED +CVE-2022-36205 + RESERVED +CVE-2022-36204 + RESERVED +CVE-2022-36203 (Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: Doctor's Appointment System +CVE-2022-36202 (Doctor's Appointment System1.0 is vulnerable to Incorrect Access Contr ...) + NOT-FOR-US: Doctor's Appointment System +CVE-2022-36201 (Doctor\u2019s Appointment System v1.0 is vulnerable to Blind SQLi via ...) + NOT-FOR-US: Doctor's Appointment System +CVE-2022-36200 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submi ...) + NOT-FOR-US: FiberHome VDSL2 Modem +CVE-2022-36199 + RESERVED +CVE-2022-36198 (Multiple SQL injections detected in Bus Pass Management System 1.0 via ...) + NOT-FOR-US: Bus Pass Management System +CVE-2022-36197 (BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: BigTree CMS +CVE-2022-36196 + RESERVED +CVE-2022-36195 + RESERVED +CVE-2022-36194 (Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the ...) + - centreon-web (bug #913903) +CVE-2022-36193 (SQL injection in School Management System 1.0 allows remote attackers ...) + NOT-FOR-US: School Management System +CVE-2022-36192 + RESERVED +CVE-2022-36191 (A heap-buffer-overflow had occurred in function gf_isom_dovi_config_ge ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1019595) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2218 + NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 +CVE-2022-36190 (GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerabili ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1019595) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/2220 + NOTE: Fixed along with: https://github.com/gpac/gpac/issues/2218 + NOTE: https://github.com/gpac/gpac/commit/fef6242c69be4f7ba22b32578e4b62648a3d4ed3 +CVE-2022-36189 + RESERVED +CVE-2022-36188 + RESERVED +CVE-2022-36187 + RESERVED +CVE-2022-36186 (A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNK ...) + - gpac 2.0.0+dfsg1-4 (bug #1019595) + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/2223 + NOTE: https://github.com/gpac/gpac/commit/b43f9d1a4b4e33d08edaef6d313e6ce4bdf554d3 +CVE-2022-36185 + RESERVED +CVE-2022-36184 + RESERVED +CVE-2022-36183 + RESERVED +CVE-2022-36182 (Hashicorp Boundary v0.8.0 is vulnerable to Clickjacking which allow fo ...) + NOT-FOR-US: HashiCorp Boundary +CVE-2022-36181 + RESERVED +CVE-2022-36180 (Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /f ...) + {DLA-3487-1} + - fusiondirectory + [bullseye] - fusiondirectory (Minor issue) + NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ + NOTE: https://github.com/fusiondirectory/fusiondirectory/commit/fadebb79b932a0260bdb8723eb23694a3ae62366 (fusiondirectory-1.3.1) +CVE-2022-36179 (Fusiondirectory 1.3 suffers from Improper Session Handling.) + {DLA-3487-1} + - fusiondirectory + [bullseye] - fusiondirectory (Minor issue) + NOTE: https://yoroi.company/research/cve-advisory-full-disclosure-multiple-vulnerabilities/ + NOTE: https://github.com/fusiondirectory/fusiondirectory/commit/d84cf05573b52df98418adf3716daf365e8da745 (fusiondirectory-1.3.1) +CVE-2022-36178 + RESERVED +CVE-2022-36177 + RESERVED +CVE-2022-36176 + RESERVED +CVE-2022-36175 + RESERVED +CVE-2022-36174 (FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2 ...) + NOT-FOR-US: FreshService +CVE-2022-36173 (FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 a ...) + NOT-FOR-US: FreshService +CVE-2022-36172 + RESERVED +CVE-2022-36171 (MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.) + NOT-FOR-US: MapGIS IGServer +CVE-2022-36170 (MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end an ...) + NOT-FOR-US: MapGIS IGServer +CVE-2022-36169 + RESERVED +CVE-2022-36168 (A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. ...) + NOT-FOR-US: Wuzhicms +CVE-2022-36167 + RESERVED +CVE-2022-36166 + RESERVED +CVE-2022-36165 + RESERVED +CVE-2022-36164 + RESERVED +CVE-2022-36163 + RESERVED +CVE-2022-36162 + RESERVED +CVE-2022-36161 (Orange Station 1.0 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Orange Station +CVE-2022-36160 + RESERVED +CVE-2022-36159 (Contec FXA3200 version 1.13 and under were discovered to contain a har ...) + NOT-FOR-US: Contec FXA3200 +CVE-2022-36158 (Contec FXA3200 version 1.13.00 and under suffers from Insecure Permiss ...) + NOT-FOR-US: Contec FXA3200 +CVE-2022-36157 (XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Per ...) + NOT-FOR-US: XXL-JOB +CVE-2022-36156 + RESERVED +CVE-2022-36155 (tifig v0.2.2 was discovered to contain a resource allocation issue via ...) + NOT-FOR-US: tifig +CVE-2022-36154 + RESERVED +CVE-2022-36153 (tifig v0.2.2 was discovered to contain a segmentation violation via st ...) + NOT-FOR-US: tifig +CVE-2022-36152 (tifig v0.2.2 was discovered to contain a memory leak via operator new[ ...) + NOT-FOR-US: tifig +CVE-2022-36151 (tifig v0.2.2 was discovered to contain a segmentation violation via ge ...) + NOT-FOR-US: tifig +CVE-2022-36150 (tifig v0.2.2 was discovered to contain a heap-buffer overflow via __as ...) + NOT-FOR-US: tifig +CVE-2022-36149 (tifig v0.2.2 was discovered to contain a heap-use-after-free via temIn ...) + NOT-FOR-US: tifig +CVE-2022-36148 (fdkaac commit 53fe239 was discovered to contain a floating point excep ...) + - fdkaac (unimportant; bug #1017751) + NOTE: https://github.com/nu774/fdkaac/issues/52 + NOTE: https://github.com/nu774/fdkaac/commit/4ec1422bd951a137225ffa4052da120e2ab0a0f4 (v1.0.3) + NOTE: Crash in CLI tool, no security impact +CVE-2022-36147 + RESERVED +CVE-2022-36146 (SWFMill commit 53d7690 was discovered to contain a memory allocation i ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/65 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36145 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/64 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36144 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) + - swfmill (bug #1019600) + [bullseye] - swfmill (Minor issue) + [buster] - swfmill (Minor issue) + NOTE: https://github.com/djcsdy/swfmill/issues/63 +CVE-2022-36143 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/62 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36142 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/61 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36141 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/58 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36140 (SWFMill commit 53d7690 was discovered to contain a segmentation violat ...) + - swfmill (unimportant) + NOTE: https://github.com/djcsdy/swfmill/issues/57 + NOTE: Crash in CLI tool, no security impact +CVE-2022-36139 (SWFMill commit 53d7690 was discovered to contain a heap-buffer overflo ...) + - swfmill (bug #1019600) + [bullseye] - swfmill (Minor issue) + [buster] - swfmill (Minor issue) + NOTE: https://github.com/djcsdy/swfmill/issues/56 +CVE-2022-36138 + RESERVED +CVE-2022-36137 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) + NOT-FOR-US: ChurchCRM +CVE-2022-36136 (ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers t ...) + NOT-FOR-US: ChurchCRM +CVE-2022-36135 + RESERVED +CVE-2022-36134 + RESERVED +CVE-2022-36133 (The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices wit ...) + NOT-FOR-US: Epson +CVE-2022-36132 + RESERVED +CVE-2022-36131 (The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to s ...) + NOT-FOR-US: Atlassian addon +CVE-2022-36130 (HashiCorp Boundary up to 0.10.1 did not properly perform data integrit ...) + NOT-FOR-US: HashiCorp Boundary +CVE-2022-36129 (HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clu ...) + NOT-FOR-US: HashiCorp Vault +CVE-2022-2455 (A business logic issue in the handling of large repositories in all ve ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-36128 + RESERVED +CVE-2022-36127 (A vulnerability in Apache SkyWalking NodeJS Agent prior to 0.5.1. The ...) + NOT-FOR-US: Apache SkyWalking +CVE-2022-2454 (Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1015788) + [buster] - gpac (No longer supported in LTS; Minor issue) + NOTE: https://huntr.dev/bounties/105d40d0-46d7-461e-9f8e-20c4cdea925f + NOTE: https://github.com/gpac/gpac/commit/faa75edde3dfeba1e2cf6ffa48e45a50f1042096 +CVE-2022-2453 (Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.) + - gpac 2.0.0+dfsg1-4 (bug #1015788) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + NOTE: https://huntr.dev/bounties/c8c964de-046a-41b2-9ff5-e25cfdb36b5a + NOTE: https://github.com/gpac/gpac/commit/dc7de8d3d604426c7a6e628d90cb9fb88e7b4c2c +CVE-2022-2452 + RESERVED +CVE-2022-2451 + RESERVED +CVE-2022-36126 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2022-2450 (The reSmush.it : the only free Image Optimizer & compress plugin WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2449 (The reSmush.it : the only free Image Optimizer & compress plugin WordP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2448 (The reSmush.it WordPress plugin before 0.4.6 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2447 (A flaw was found in Keystone. There is a time lag (up to one hour in a ...) + - python-keystonemiddleware 10.1.0-4 (bug #1021272) + [bullseye] - python-keystonemiddleware (Minor issue) + [buster] - python-keystonemiddleware (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2105419 + NOTE: https://review.opendev.org/c/openstack/keystonemiddleware/+/860481 +CVE-2017-20143 (A vulnerability, which was classified as critical, has been found in I ...) + NOT-FOR-US: Itech Movie Portal Script +CVE-2017-20142 (A vulnerability classified as critical was found in Itech Movie Portal ...) + NOT-FOR-US: Itech Movie Portal Script +CVE-2017-20141 (A vulnerability classified as critical has been found in Itech Movie P ...) + NOT-FOR-US: Itech Movie Portal Script +CVE-2017-20140 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...) + NOT-FOR-US: Itech Movie Portal Script +CVE-2017-20139 (A vulnerability was found in Itech Movie Portal Script 7.36. It has be ...) + NOT-FOR-US: Itech Movie Portal Script +CVE-2016-15003 (A vulnerability has been found in FileZilla Client 3.17.0.0 and classi ...) + - filezilla (Installer not relevant to Debian) +CVE-2015-10003 (A vulnerability, which was classified as problematic, was found in Fil ...) + NOT-FOR-US: FileZilla server +CVE-2022-36125 (It is possible to crash (panic) an application by providing a corrupte ...) + NOT-FOR-US: Apache Avro +CVE-2022-36124 (It is possible for a Reader to consume memory beyond the allowed const ...) + NOT-FOR-US: Apache Avro +CVE-2022-36123 (The Linux kernel before 5.18.13 lacks a certain clear operation for th ...) + - linux 5.18.14-1 + [bullseye] - linux (Vulnerability introduced later) + [buster] - linux (Vulnerability introduced later) + NOTE: https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md + NOTE: https://sick.codes/sick-2022-128 +CVE-2022-36122 (The Automox Agent before 40 on Windows incorrectly sets permissions on ...) + NOT-FOR-US: Automox +CVE-2022-36121 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36120 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36119 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36118 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36117 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36116 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36115 (An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In ...) + NOT-FOR-US: Blue Prism Enterprise +CVE-2022-36114 (Cargo is a package manager for the rust programming language. It was d ...) + - cargo 0.63.1-1 (bug #1021142) + [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue) + - rust-cargo 0.66.0-1 (bug #1021143) + [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue) + NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-2hvr-h6gw-qrxp + NOTE: https://github.com/rust-lang/cargo/commit/d1f9553c825f6d7481453be8d58d0e7f117988a7 +CVE-2022-36113 (Cargo is a package manager for the rust programming language. After a ...) + - cargo 0.63.1-1 (bug #1021142) + [bullseye] - cargo (Minor issue) + [buster] - cargo (Minor issue) + - rust-cargo 0.66.0-1 (bug #1021143) + [bullseye] - rust-cargo (Minor issue) + [buster] - rust-cargo (Minor issue) + NOTE: https://github.com/rust-lang/cargo/security/advisories/GHSA-rfj2-q3h3-hm5j + NOTE: https://github.com/rust-lang/cargo/commit/97b80919e404b0768ea31ae329c3b4da54bed05a +CVE-2022-36112 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-36111 (immudb is a database with built-in cryptographic proof and verificatio ...) + NOT-FOR-US: immudb +CVE-2022-36110 (Netmaker makes networks with WireGuard. Prior to version 0.15.1, Impro ...) + NOT-FOR-US: Netmaker +CVE-2022-36109 (Moby is an open-source project created by Docker to enable software co ...) + - docker.io 20.10.19+dfsg1-1 (bug #1019601) + [bullseye] - docker.io (Minor issue) + [buster] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4 + NOTE: https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32 +CVE-2022-36108 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2022-36107 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2022-36106 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2022-36105 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2022-36104 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2022-36103 (Talos Linux is a Linux distribution built for Kubernetes deployments. ...) + NOT-FOR-US: Talos Linux +CVE-2022-36102 (Shopware is an open source e-commerce software. In affected versions i ...) + NOT-FOR-US: Shopware +CVE-2022-36101 (Shopware is an open source e-commerce software. In affected versions t ...) + NOT-FOR-US: Shopware +CVE-2022-36100 (XWiki Platform Applications Tag and XWiki Platform Tag UI are tag appl ...) + NOT-FOR-US: XWiki +CVE-2022-36099 (XWiki Platform Wiki UI Main Wiki is software for managing subwikis on ...) + NOT-FOR-US: XWiki +CVE-2022-36098 (XWiki Platform Mentions UI is a user interface for mentioning users in ...) + NOT-FOR-US: XWiki +CVE-2022-36097 (XWiki Platform Attachment UI provides a macro to easily upload and sel ...) + NOT-FOR-US: XWiki +CVE-2022-36096 (The XWiki Platform Index UI is an Index of all pages, attachments, orp ...) + NOT-FOR-US: XWiki +CVE-2022-36095 (XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 a ...) + NOT-FOR-US: XWiki +CVE-2022-36094 (XWiki Platform Web Parent POM contains Web resources for the XWiki pla ...) + NOT-FOR-US: XWiki +CVE-2022-36093 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...) + NOT-FOR-US: XWiki +CVE-2022-36092 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) + NOT-FOR-US: XWiki +CVE-2022-36091 (XWiki Platform Web Templates are templates for XWiki Platform, a gener ...) + NOT-FOR-US: XWiki +CVE-2022-36090 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) + NOT-FOR-US: XWiki +CVE-2022-36089 (KubeVela is an application delivery platform Users using KubeVela's Ve ...) + NOT-FOR-US: KubeVela +CVE-2022-36088 (GoCD is a continuous delivery server. Windows installations via either ...) + NOT-FOR-US: GoCD +CVE-2022-36087 (OAuthLib is an implementation of the OAuth request-signing logic for P ...) + - python-oauthlib 3.2.1-1 (bug #1019710) + [bullseye] - python-oauthlib (Vulnerable code introduced later) + [buster] - python-oauthlib (Vulnerable code introduced later) + NOTE: https://github.com/oauthlib/oauthlib/security/advisories/GHSA-3pgj-pg6c-r5p7 + NOTE: Introduced with: https://github.com/oauthlib/oauthlib/commit/2b8a44855a51ad5a5b0c348a08c2564a2e197ea2 (v3.1.1) + NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/e514826eea15f2b62bbc13da407b71552ef5ff4c + NOTE: Fixed by: https://github.com/oauthlib/oauthlib/commit/5d85c61998692643dd9d17e05d2646e06ce391e8 +CVE-2022-36086 (linked_list_allocator is an allocator usable for no_std systems. Prior ...) + NOT-FOR-US: linked_list_allocator +CVE-2022-36085 (Open Policy Agent (OPA) is an open source, general-purpose policy engi ...) + NOT-FOR-US: Open Policy Agent (OPA) +CVE-2022-36084 (cruddl is software for creating a GraphQL API for a database, using th ...) + NOT-FOR-US: cruddl +CVE-2022-36083 (JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS w ...) + - node-jose 4.9.2-1 + NOTE: https://github.com/panva/jose/security/advisories/GHSA-jv3g-j58f-9mq9 + NOTE: https://github.com/panva/jose/commit/03d6d013bf6e070e85adfe5731f526978e3e8e4d (v4.9.2) +CVE-2022-36082 (mangadex-downloader is a command-line tool to download manga from Mang ...) + NOT-FOR-US: mangadex-downloader +CVE-2022-36081 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...) + NOT-FOR-US: Wikmd +CVE-2022-36080 (Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, ...) + NOT-FOR-US: Wikmd +CVE-2022-36079 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-36078 (Binary provides encoding/decoding in Borsh and other formats. The vuln ...) + NOT-FOR-US: gagliardetto/Binary (tool to provide encoding/decoding in Borsh and other formats) +CVE-2022-36077 (The Electron framework enables writing cross-platform desktop applicat ...) + - electron (bug #842420) +CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) + NOT-FOR-US: NodeBB +CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...) + NOT-FOR-US: Nextcloud files access control App +CVE-2022-36074 (Nextcloud server is an open source personal cloud product. Affected ve ...) + - nextcloud-server (bug #941708) +CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & email ...) + NOT-FOR-US: RubyGems.org is the Ruby community gem host +CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...) + NOT-FOR-US: SilverwareGames.io +CVE-2022-36071 (SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and Web ...) + NOT-FOR-US: SFTPGo +CVE-2022-36070 (Poetry is a dependency manager for Python. To handle dependencies that ...) + - poetry-core (Windows-specific) + NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-j4j9-7hg9-97g6 + NOTE: https://github.com/python-poetry/poetry-core/pull/205 +CVE-2022-36069 (Poetry is a dependency manager for Python. When handling dependencies ...) + - poetry-core 1.0.7-1 + NOTE: https://github.com/python-poetry/poetry/security/advisories/GHSA-9xgj-fcgf-x6mw + NOTE: https://github.com/python-poetry/poetry-core/pull/202 + NOTE: Backport to 1.0 branch: https://github.com/python-poetry/poetry-core/pull/203 + NOTE: https://github.com/python-poetry/poetry-core/commit/cc84be60ac9af549664051c2684621db51d05ff1 (1.1.0a7) + NOTE: https://github.com/python-poetry/poetry-core/commit/13a13ac7f8f2b596c68830da6fa8c059af59e1ac (1.0.5) +CVE-2022-36068 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2022-36067 (vm2 is a sandbox that can run untrusted code with whitelisted Node's b ...) + NOT-FOR-US: Node vm2 +CVE-2022-36066 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2022-36065 (GrowthBook is an open-source platform for feature flagging and A/B tes ...) + NOT-FOR-US: GrowthBook +CVE-2022-36064 (Shescape is a shell escape package for JavaScript. An Inefficient Regu ...) + NOT-FOR-US: Shescape +CVE-2022-36063 (Azure RTOS USBx is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Azure RTOS USBx +CVE-2022-36062 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2022-36061 (Elrond go is the go implementation for the Elrond Network protocol. In ...) + NOT-FOR-US: Elrond go +CVE-2022-36060 (matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. E ...) + NOT-FOR-US: matrix-react-sdk +CVE-2022-36059 (matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for Jav ...) + - node-matrix-js-sdk (bug #1018970) + [bullseye] - node-matrix-js-sdk (Minor issue) + [buster] - node-matrix-js-sdk (Minor issue) + - thunderbird 1:102.2.1-1 + [bullseye] - thunderbird (Only affects ESR102) + [buster] - thunderbird (Only affects ESR102) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/#CVE-2022-36059 + NOTE: https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0 + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/8716c1ab9ba93659173b806097c46a2be115199f (v19.4.0) +CVE-2022-36058 (Elrond go is the go implementation for the Elrond Network protocol. In ...) + NOT-FOR-US: Elrond go +CVE-2022-36057 (Discourse-Chat is an asynchronous messaging plugin for the Discourse o ...) + NOT-FOR-US: Discourse-Chat +CVE-2022-36056 (Cosign is a project under the sigstore organization which aims to make ...) + NOT-FOR-US: Cosign +CVE-2022-36055 (Helm is a tool for managing Charts. Charts are packages of pre-configu ...) + - helm-kubernetes (bug #910799) +CVE-2022-36054 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2022-36053 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2022-36052 (Contiki-NG is an open-source, cross-platform operating system for Next ...) + NOT-FOR-US: Contiki-NG +CVE-2022-36051 (ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**A ...) + NOT-FOR-US: ZITADEL +CVE-2022-36050 + RESERVED +CVE-2022-36049 (Flux2 is a tool for keeping Kubernetes clusters in sync with sources o ...) + NOT-FOR-US: Flux project fluxcd +CVE-2022-36048 (Zulip is an open-source team collaboration tool with topic-based threa ...) + NOT-FOR-US: Zulip +CVE-2022-36047 + RESERVED +CVE-2022-36046 (Next.js is a React framework that can provide building blocks to creat ...) + NOT-FOR-US: Next.js +CVE-2022-36045 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...) + NOT-FOR-US: NodeBB +CVE-2022-36044 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36043 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36042 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36041 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36040 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36039 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2022-36038 (CircuitVerse is an open-source platform which allows users to construc ...) + NOT-FOR-US: CircuitVerse +CVE-2022-36037 (kirby is a content management system (CMS) that adapts to many differe ...) + NOT-FOR-US: Kirby CMS +CVE-2022-36036 (mdx-mermaid provides plug and play access to Mermaid in MDX. There is ...) + NOT-FOR-US: mdx-mermaid +CVE-2022-36035 (Flux is a tool for keeping Kubernetes clusters in sync with sources of ...) + NOT-FOR-US: Flux +CVE-2022-36034 (nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS ...) + NOT-FOR-US: nitrado.js +CVE-2022-36033 (jsoup is a Java HTML parser, built for HTML editing, cleaning, scrapin ...) + - jsoup 1.15.3-1 (bug #1018931) + [bullseye] - jsoup (Minor issue, preserveRelativeLinks option is disabled by default) + [buster] - jsoup (Minor issue, preserveRelativeLinks option is disabled by default) + NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-gp7f-rwcx-9369 + NOTE: https://github.com/jhy/jsoup/commit/4ea768d96b3d232e63edef9594766d44597b3882 (jsoup-1.15.3) +CVE-2022-36032 (ReactPHP HTTP is a streaming HTTP client and server implementation for ...) + NOT-FOR-US: ReactPHP HTTP +CVE-2022-36031 (Directus is a free and open-source data platform for headless content ...) + NOT-FOR-US: Directus +CVE-2022-36030 (Project-nexus is a general-purpose blog website framework. Affected ve ...) + NOT-FOR-US: Project-nexus +CVE-2022-36029 + RESERVED +CVE-2022-36028 + RESERVED +CVE-2022-36027 (TensorFlow is an open source platform for machine learning. When conve ...) + - tensorflow (bug #804612) +CVE-2022-36026 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-36025 (Besu is a Java-based Ethereum client. In versions newer than 22.1.3 an ...) + NOT-FOR-US: Hyperledger Besu +CVE-2022-36024 (py-cord is a an API wrapper for Discord written in Python. Bots creati ...) + NOT-FOR-US: py-cord +CVE-2022-36023 (Hyperledger Fabric is an enterprise-grade permissioned distributed led ...) + NOT-FOR-US: Hyperledger Fabric +CVE-2022-36022 (Deeplearning4J is a suite of tools for deploying and training deep lea ...) + NOT-FOR-US: Deeplearning4J +CVE-2022-36021 (Redis is an in-memory database that persists on disk. Authenticated us ...) + {DLA-3361-1} + - redis 5:7.0.9-1 + [bullseye] - redis (Minor issue) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-jr7j-rfj5-8xqv + NOTE: https://github.com/redis/redis/commit/dcbfcb916ca1a269b3feef86ee86835294758f84 + NOTE: https://github.com/redis/redis/commit/0825552565e5fdab2e87950579c4f0bedded3e3c (7.0.9) +CVE-2022-36020 (The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, ...) + NOT-FOR-US: typo3/html-sanitizer +CVE-2022-36019 (TensorFlow is an open source platform for machine learning. If `FakeQu ...) + - tensorflow (bug #804612) +CVE-2022-36018 (TensorFlow is an open source platform for machine learning. If `Ragged ...) + - tensorflow (bug #804612) +CVE-2022-36017 (TensorFlow is an open source platform for machine learning. If `Requan ...) + - tensorflow (bug #804612) +CVE-2022-36016 (TensorFlow is an open source platform for machine learning. When `tens ...) + - tensorflow (bug #804612) +CVE-2022-36015 (TensorFlow is an open source platform for machine learning. When `Rang ...) + - tensorflow (bug #804612) +CVE-2022-36014 (TensorFlow is an open source platform for machine learning. When `mlir ...) + - tensorflow (bug #804612) +CVE-2022-36013 (TensorFlow is an open source platform for machine learning. When `mlir ...) + - tensorflow (bug #804612) +CVE-2022-36012 (TensorFlow is an open source platform for machine learning. When `mlir ...) + - tensorflow (bug #804612) +CVE-2022-36011 (TensorFlow is an open source platform for machine learning. When `mlir ...) + - tensorflow (bug #804612) +CVE-2022-36010 (This library allows strings to be parsed as functions and stored as a ...) + NOT-FOR-US: oxyno-zeta +CVE-2022-36009 (gomatrixserverlib is a Go library for matrix protocol federation. Dend ...) + NOT-FOR-US: gomatrixserverlib +CVE-2022-36008 (Frontier is Substrate's Ethereum compatibility layer. A security issue ...) + NOT-FOR-US: Frontier +CVE-2022-36007 (Venice is a Clojure inspired sandboxed Lisp dialect with excellent Jav ...) + NOT-FOR-US: Venice +CVE-2022-36006 (Arvados is an open source platform for managing, processing, and shari ...) + NOT-FOR-US: Arvados +CVE-2022-36005 (TensorFlow is an open source platform for machine learning. When `tf.q ...) + - tensorflow (bug #804612) +CVE-2022-36004 (TensorFlow is an open source platform for machine learning. When `tf.r ...) + - tensorflow (bug #804612) +CVE-2022-36003 (TensorFlow is an open source platform for machine learning. When `Rand ...) + - tensorflow (bug #804612) +CVE-2022-36002 (TensorFlow is an open source platform for machine learning. When `Unba ...) + - tensorflow (bug #804612) +CVE-2022-36001 (TensorFlow is an open source platform for machine learning. When `Draw ...) + - tensorflow (bug #804612) +CVE-2022-36000 (TensorFlow is an open source platform for machine learning. When `mlir ...) + - tensorflow (bug #804612) +CVE-2022-35999 (TensorFlow is an open source platform for machine learning. When `Conv ...) + - tensorflow (bug #804612) +CVE-2022-35998 (TensorFlow is an open source platform for machine learning. If `EmptyT ...) + - tensorflow (bug #804612) +CVE-2022-35997 (TensorFlow is an open source platform for machine learning. If `tf.spa ...) + - tensorflow (bug #804612) +CVE-2022-35996 (TensorFlow is an open source platform for machine learning. If `Conv2D ...) + - tensorflow (bug #804612) +CVE-2022-35995 (TensorFlow is an open source platform for machine learning. When `Audi ...) + - tensorflow (bug #804612) +CVE-2022-35994 (TensorFlow is an open source platform for machine learning. When `Coll ...) + - tensorflow (bug #804612) +CVE-2022-35993 (TensorFlow is an open source platform for machine learning. When `SetS ...) + - tensorflow (bug #804612) +CVE-2022-35992 (TensorFlow is an open source platform for machine learning. When `Tens ...) + - tensorflow (bug #804612) +CVE-2022-35991 (TensorFlow is an open source platform for machine learning. When `Tens ...) + - tensorflow (bug #804612) +CVE-2022-35990 (TensorFlow is an open source platform for machine learning. When `tf.q ...) + - tensorflow (bug #804612) +CVE-2022-35989 (TensorFlow is an open source platform for machine learning. When `MaxP ...) + - tensorflow (bug #804612) +CVE-2022-35988 (TensorFlow is an open source platform for machine learning. When `tf.l ...) + - tensorflow (bug #804612) +CVE-2022-35987 (TensorFlow is an open source platform for machine learning. `DenseBinc ...) + - tensorflow (bug #804612) +CVE-2022-35986 (TensorFlow is an open source platform for machine learning. If `Ragged ...) + - tensorflow (bug #804612) +CVE-2022-35985 (TensorFlow is an open source platform for machine learning. If `LRNGra ...) + - tensorflow (bug #804612) +CVE-2022-35984 (TensorFlow is an open source platform for machine learning. `Parameter ...) + - tensorflow (bug #804612) +CVE-2022-35983 (TensorFlow is an open source platform for machine learning. If `Save` ...) + - tensorflow (bug #804612) +CVE-2022-35982 (TensorFlow is an open source platform for machine learning. If `Sparse ...) + - tensorflow (bug #804612) +CVE-2022-35981 (TensorFlow is an open source platform for machine learning. `Fractiona ...) + - tensorflow (bug #804612) +CVE-2022-35980 (OpenSearch Security is a plugin for OpenSearch that offers encryption, ...) + NOT-FOR-US: OpenSearch Security plugin for OpenSearch +CVE-2022-35979 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35978 (Minetest is a free open-source voxel game engine with easy modding and ...) + - minetest 5.5.0+dfsg+~1.9.0mt4+dfsg-2 (bug #1017548) + [bullseye] - minetest (Minor issue) + [buster] - minetest (Minor issue) + NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-663q-pcjw-27cc + NOTE: https://github.com/minetest/minetest/commit/da71e86633d0b27cd02d7aac9fdac625d141ca13 (5.6.0) +CVE-2022-35977 (Redis is an in-memory database that persists on disk. Authenticated us ...) + - redis 5:7.0.8-1 + [bullseye] - redis (Minor issue; requires authed user) + [buster] - redis (Minor issue; requires authed user) + NOTE: https://github.com/redis/redis/commit/6c25c6b7da116e110e89a5db45eeae743879e7ea (7.0.8) +CVE-2022-35976 (The GitOps Tools Extension for VSCode relies on kubeconfigs in order t ...) + NOT-FOR-US: GitOps Tools Extension for VSCode +CVE-2022-35975 (The GitOps Tools Extension for VSCode can make it easier to manage Flu ...) + NOT-FOR-US: GitOps Tools Extension for VSCode +CVE-2022-35974 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35973 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35972 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35971 (TensorFlow is an open source platform for machine learning. If `FakeQu ...) + - tensorflow (bug #804612) +CVE-2022-35970 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35969 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35968 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35967 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35966 (TensorFlow is an open source platform for machine learning. If `Quanti ...) + - tensorflow (bug #804612) +CVE-2022-35965 (TensorFlow is an open source platform for machine learning. If `LowerB ...) + - tensorflow (bug #804612) +CVE-2022-35964 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35963 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35962 (Zulip is an open source team chat and Zulip Mobile is an app for iOS a ...) + NOT-FOR-US: Zulip +CVE-2022-35961 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2022-35960 (TensorFlow is an open source platform for machine learning. In `core/k ...) + - tensorflow (bug #804612) +CVE-2022-35959 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35958 + REJECTED +CVE-2022-35957 (Grafana is an open-source platform for monitoring and observability. V ...) + - grafana +CVE-2022-35956 (This Rails gem adds two methods to the ActiveRecord::Base class that a ...) + NOT-FOR-US: Ruby gem activerecord-update-by-case +CVE-2022-35955 + RESERVED +CVE-2022-35954 (The GitHub Actions ToolKit provides a set of packages to make creating ...) + NOT-FOR-US: GitHub Actions ToolKit +CVE-2022-35953 (BookWyrm is a social network for tracking your reading, talking about ...) + NOT-FOR-US: BookWyrm +CVE-2022-35952 (TensorFlow is an open source platform for machine learning. The `Unbat ...) + - tensorflow (bug #804612) +CVE-2022-35951 (Redis is an in-memory database that persists on disk. Versions 7.0.0 a ...) + - redis 5:7.0.5-1 (bug #1020512) + [bullseye] - redis (Vulnerable code not present) + [buster] - redis (Vulnerable code not present) + NOTE: https://github.com/redis/redis/commit/fa6815e14ea5adff93c5cd7be513c02a7c6e3f2a (7.0.5) +CVE-2022-35950 (OroCommerce is an open-source Business to Business Commerce applicatio ...) + NOT-FOR-US: OroCommerce +CVE-2022-35949 (undici is an HTTP/1.1 client, written from scratch for Node.js.`undici ...) + - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-8qr4-xgw6-wmr3 + NOTE: https://github.com/nodejs/undici/commit/124f7ebf705366b2e1844dff721928d270f87895 (v5.8.2) +CVE-2022-35948 (undici is an HTTP/1.1 client, written from scratch for Node.js.`=< und ...) + - node-undici 5.8.2+dfsg1+~cs18.9.18.1-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-f772-66g8-q5h3 + NOTE: https://github.com/nodejs/undici/commit/66165d604fd0aee70a93ed5c44ad4cc2df395f80 (v5.8.2) +CVE-2022-35947 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-35946 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-35945 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-35944 (October is a self-hosted Content Management System (CMS) platform base ...) + NOT-FOR-US: October CMS +CVE-2022-35943 (Shield is an authentication and authorization framework for CodeIgnite ...) + - codeigniter (bug #471583) +CVE-2022-35942 (Improper input validation on the `contains` LoopBack filter may allow ...) + NOT-FOR-US: PostgreSQL connector for LoopBack +CVE-2022-35941 (TensorFlow is an open source platform for machine learning. The `AvgPo ...) + - tensorflow (bug #804612) +CVE-2022-35940 (TensorFlow is an open source platform for machine learning. The `Ragge ...) + - tensorflow (bug #804612) +CVE-2022-35939 (TensorFlow is an open source platform for machine learning. The `Scatt ...) + - tensorflow (bug #804612) +CVE-2022-35938 (TensorFlow is an open source platform for machine learning. The `Gathe ...) + - tensorflow (bug #804612) +CVE-2022-35937 (TensorFlow is an open source platform for machine learning. The `Gathe ...) + - tensorflow (bug #804612) +CVE-2022-35936 (Ethermint is an Ethereum library. In Ethermint running versions before ...) + NOT-FOR-US: Ethermint +CVE-2022-35935 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35934 (TensorFlow is an open source platform for machine learning. The implem ...) + - tensorflow (bug #804612) +CVE-2022-35933 (This package is a PrestaShop module that allows users to post reviews ...) + NOT-FOR-US: PrestaShop +CVE-2022-35932 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. Pr ...) + NOT-FOR-US: Nextcloud Talk +CVE-2022-35931 (Nextcloud Password Policy is an app that enables a Nextcloud server ad ...) + NOT-FOR-US: Nextcloud Password Policy +CVE-2022-35930 (PolicyController is a utility used to enforce supply chain policy in K ...) + NOT-FOR-US: sigstore/policy-controller +CVE-2022-35929 (cosign is a container signing and verification utility. In versions pr ...) + NOT-FOR-US: Cosign +CVE-2022-35928 (AES Crypt is a file encryption software for multiple platforms. AES Cr ...) + NOT-FOR-US: AES Crypt +CVE-2022-35927 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + NOT-FOR-US: Contiki-NG +CVE-2022-35926 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + NOT-FOR-US: Contiki-NG +CVE-2022-35925 (BookWyrm is a social network for tracking reading. Versions prior to 0 ...) + NOT-FOR-US: BookWyrm +CVE-2022-35924 (NextAuth.js is a complete open source authentication solution for Next ...) + NOT-FOR-US: Node NextAuth.js +CVE-2022-35923 (v8n is a javascript validation library. Versions of v8n prior to 1.5.1 ...) + NOT-FOR-US: Node v8n +CVE-2022-35922 (Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In ve ...) + NOT-FOR-US: Rust crate websocket +CVE-2022-35921 (fof/byobu is a private discussions extension for Flarum forum. Affecte ...) + NOT-FOR-US: Sanicfof/byobu (different from src:byobu) +CVE-2022-35920 (Sanic is an opensource python web server/framework. Affected versions ...) + NOT-FOR-US: Sanic +CVE-2022-35919 (MinIO is a High Performance Object Storage released under GNU Affero G ...) + NOT-FOR-US: MinIO +CVE-2022-35918 (Streamlit is a data oriented application development framework for pyt ...) + NOT-FOR-US: Streamlit +CVE-2022-35917 (Solana Pay is a protocol and set of reference implementations that ena ...) + NOT-FOR-US: Solana Pay +CVE-2022-35916 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2022-35915 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2022-35914 (/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for ...) + NOT-FOR-US: htmlawed module for GLPI +CVE-2022-35913 (Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a ...) + NOT-FOR-US: Samourai Wallet Stonewallx2 +CVE-2022-35912 (In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x b ...) + - grails (bug #473213) +CVE-2022-35911 (On Patlite NH-FB series devices through 1.46, remote attackers can cau ...) + NOT-FOR-US: Patlite NH-FB +CVE-2022-35910 (In Jellyfin before 10.8, stored XSS allows theft of an admin access to ...) + - jellyfin (bug #994189) +CVE-2022-35909 (In Jellyfin before 10.8, the /users endpoint has incorrect access cont ...) + - jellyfin (bug #994189) +CVE-2022-35908 (Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitiz ...) + NOT-FOR-US: Cambium Enterprise Wi-Fi System Software +CVE-2022-35907 + RESERVED +CVE-2022-35906 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35905 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35904 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35903 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35902 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35901 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35900 (An issue was discovered in Bentley MicroStation before 10.17.0.x and B ...) + NOT-FOR-US: Bantley MicroStation +CVE-2022-35899 (There is an unquoted service path in ASUSTeK Aura Ready Game SDK servi ...) + NOT-FOR-US: ASUSTeK +CVE-2022-35898 (OpenText BizManager before 16.6.0.1 does not perform proper validation ...) + NOT-FOR-US: OpenText BizManager +CVE-2022-35897 (An stack buffer overflow vulnerability leads to arbitrary code executi ...) + NOT-FOR-US: Insyde +CVE-2022-35896 (An issue SMM memory leak vulnerability in SMM driver (SMRAM was discov ...) + NOT-FOR-US: Insyde +CVE-2022-35895 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-35894 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-35893 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-35892 + RESERVED +CVE-2022-35891 + RESERVED +CVE-2022-35890 (An issue was discovered in Inductive Automation Ignition before 7.9.20 ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2022-35889 + RESERVED +CVE-2022-35888 (Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow att ...) + NOT-FOR-US: Ampere Altra and Ampere Altra Max devices +CVE-2022-35887 (Four format string injection vulnerabilities exist in the web interfac ...) + NOT-FOR-US: Abode Systems +CVE-2022-35886 (Four format string injection vulnerabilities exist in the web interfac ...) + NOT-FOR-US: Abode Systems +CVE-2022-35885 (Four format string injection vulnerabilities exist in the web interfac ...) + NOT-FOR-US: Abode Systems +CVE-2022-35884 (Four format string injection vulnerabilities exist in the web interfac ...) + NOT-FOR-US: Abode Systems +CVE-2022-35881 (Four format string injection vulnerabilities exist in the UPnP logging ...) + NOT-FOR-US: Abode Systems +CVE-2022-35880 (Four format string injection vulnerabilities exist in the UPnP logging ...) + NOT-FOR-US: Abode Systems +CVE-2022-35879 (Four format string injection vulnerabilities exist in the UPnP logging ...) + NOT-FOR-US: Abode Systems +CVE-2022-35878 (Four format string injection vulnerabilities exist in the UPnP logging ...) + NOT-FOR-US: Abode Systems +CVE-2022-33938 (A format string injection vulnerability exists in the ghome_process_co ...) + NOT-FOR-US: Abode Systems +CVE-2022-35877 (Four format string injection vulnerabilities exist in the XCMD testWif ...) + NOT-FOR-US: Abode Systems +CVE-2022-35876 (Four format string injection vulnerabilities exist in the XCMD testWif ...) + NOT-FOR-US: Abode Systems +CVE-2022-35875 (Four format string injection vulnerabilities exist in the XCMD testWif ...) + NOT-FOR-US: Abode Systems +CVE-2022-35874 (Four format string injection vulnerabilities exist in the XCMD testWif ...) + NOT-FOR-US: Abode Systems +CVE-2022-35244 (A format string injection vulnerability exists in the XCMD getVarHA fu ...) + NOT-FOR-US: Abode Systems +CVE-2022-2446 + RESERVED +CVE-2022-2445 + REJECTED +CVE-2022-2444 (The Visualizer: Tables and Charts Manager for WordPress plugin for Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2443 (The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2442 (The Migration, Backup, Staging \u2013 WPvivid plugin for WordPress is ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2441 (The ImageMagick Engine plugin for WordPress is vulnerable to remote co ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2440 + RESERVED +CVE-2022-2439 + RESERVED +CVE-2022-2438 (The Broken Link Checker plugin for WordPress is vulnerable to deserial ...) + NOT-FOR-US: Broken Link Checker plugin for WordPress +CVE-2022-2437 (The Feed Them Social \u2013 for Twitter feed, Youtube and more plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2436 (The Download Manager plugin for WordPress is vulnerable to deserializa ...) + NOT-FOR-US: Download Manager plugin for WordPress +CVE-2022-2435 (The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2434 (The String Locator plugin for WordPress is vulnerable to deserializati ...) + NOT-FOR-US: String Locator plugin for WordPress +CVE-2022-2433 (The WordPress Infinite Scroll \u2013 Ajax Load More plugin for WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2432 (The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable t ...) + NOT-FOR-US: Ecwid Ecommerce Shopping Cart plugin for WordPress +CVE-2022-2431 (The Download Manager plugin for WordPress is vulnerable to arbitrary f ...) + NOT-FOR-US: Download Manager plugin for WordPress +CVE-2022-2430 (The Visual Composer Website Builder plugin for WordPress is vulnerable ...) + NOT-FOR-US: Visual Composer Website Builder plugin for WordPress +CVE-2022-2429 (The Ultimate SMS Notifications for WooCommerce plugin for WordPress is ...) + NOT-FOR-US: Ultimate SMS Notifications for WooCommerce plugin for WordPress +CVE-2022-2428 (A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting ...) + [experimental] - gitlab 15.2.3+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/ +CVE-2022-2427 + RESERVED +CVE-2022-2426 (The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2425 (The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2424 (The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2423 (The DW Promobar WordPress plugin through 1.0.4 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2422 (Due to improper input validation in the Feathers js library, it is pos ...) + NOT-FOR-US: Feathers js library +CVE-2022-2421 (Due to improper type validation in attachment parsing the Socket.io js ...) + - node-socket.io (bug #707166) +CVE-2022-2420 (A vulnerability was found in URVE Web Manager. It has been rated as cr ...) + NOT-FOR-US: URVE Web Manager +CVE-2022-2419 (A vulnerability was found in URVE Web Manager. It has been declared as ...) + NOT-FOR-US: URVE Web Manager +CVE-2022-2418 (A vulnerability was found in URVE Web Manager. It has been classified ...) + NOT-FOR-US: URVE Web Manager +CVE-2022-2417 (Insufficient validation in GitLab CE/EE affecting all versions from 12 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2416 (In affected versions of Octopus Deploy it is possible for a low privil ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2415 (Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) +CVE-2022-35873 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ignition +CVE-2022-35872 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ignition +CVE-2022-35871 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ignition +CVE-2022-35870 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Ignition +CVE-2022-35869 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Ignition +CVE-2022-35868 (A vulnerability has been identified in TIA Multiuser Server V14 (All v ...) + NOT-FOR-US: TIA Multiuser Server +CVE-2022-35867 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: xhyve +CVE-2022-35866 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Vinchin Backup and Recovery +CVE-2022-35865 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: BMC Track-It! +CVE-2022-35864 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: BMC Track-It! +CVE-2022-2414 (Access to external entities when parsing XML documents can lead to XML ...) + - dogtag-pki 11.0.6-1 (bug #1014957) + [bullseye] - dogtag-pki (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2104676 + NOTE: https://github.com/dogtagpki/pki/pull/4021 + NOTE: https://github.com/dogtagpki/pki/commit/4e893243d72ad766558c10c907841f5f9c047055 +CVE-2022-2413 + RESERVED +CVE-2022-2412 (The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2411 (The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2410 (The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2409 (The Rough Chart WordPress plugin through 1.0.0 does not properly escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2408 (The Guest account feature in Mattermost version 6.7.0 and earlier fail ...) + - mattermost-server (bug #823556) +CVE-2022-2407 (The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2406 (The legacy Slack import feature in Mattermost version 6.7.0 and earlie ...) + - mattermost-server (bug #823556) +CVE-2022-2405 (The WP Popup Builder WordPress plugin before 1.2.9 does not have autho ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2404 (The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2403 (A credentials leak was found in the OpenShift Container Platform. The ...) + NOT-FOR-US: OpenShift +CVE-2022-35863 + RESERVED +CVE-2022-35862 + RESERVED +CVE-2022-35861 (pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a ...) + - pyenv (bug #978149) +CVE-2022-35860 (Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically ...) + NOT-FOR-US: Corsair +CVE-2022-35859 + RESERVED +CVE-2022-35858 (The TEE_PopulateTransientObject and __utee_from_attr functions in Sams ...) + NOT-FOR-US: Samsung mTower +CVE-2022-35857 (kvf-admin through 2022-02-12 allows remote attackers to execute arbitr ...) + NOT-FOR-US: kvf-admin +CVE-2022-35856 + RESERVED +CVE-2022-35855 + RESERVED +CVE-2022-35854 + RESERVED +CVE-2022-35853 + RESERVED +CVE-2022-35852 + RESERVED +CVE-2022-35851 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2022-35850 (An improper neutralization of script-related HTML tags in a web page v ...) + NOT-FOR-US: Fortinet +CVE-2022-35849 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2022-35848 + RESERVED +CVE-2022-35847 (An improper neutralization of special elements used in a template engi ...) + NOT-FOR-US: FortiGuard +CVE-2022-35846 (An improper restriction of excessive authentication attempts vulnerabi ...) + NOT-FOR-US: FortiGuard +CVE-2022-35845 (Multiple improper neutralization of special elements used in an OS Com ...) + NOT-FOR-US: FortiGuard +CVE-2022-35844 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2022-35843 (An authentication bypass by assumed-immutable data vulnerability [CWE- ...) + NOT-FOR-US: FortiGuard +CVE-2022-35842 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: FortiGuard +CVE-2022-35841 (Windows Enterprise App Management Service Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-35840 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-35839 + RESERVED +CVE-2022-35838 (HTTP V3 Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35837 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35836 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-35835 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-35834 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-35833 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35832 (Windows Event Tracing Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35831 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-35830 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35829 (Service Fabric Explorer Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-35828 (Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2022-35827 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35826 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35825 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35824 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35823 (Microsoft SharePoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35822 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-35821 (Azure Sphere Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35820 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35819 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35818 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35817 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35816 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35815 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35814 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35813 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35812 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35811 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35810 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35809 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35808 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35807 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35806 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35805 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-35804 (SMB Client and Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35803 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-35802 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35801 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35800 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35799 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35798 (Azure Arc Jumpstart Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35797 (Windows Hello Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35796 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35795 (Windows Error Reporting Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35794 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35793 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35792 (Storage Spaces Direct Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35791 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35790 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35789 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35788 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35787 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35786 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35785 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35784 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35783 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35782 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35781 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35780 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35779 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35778 + RESERVED +CVE-2022-35777 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35776 (Azure Site Recovery Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35775 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35774 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35773 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35772 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35771 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35770 (Windows NTLM Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-35769 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35768 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35767 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35766 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35765 (Storage Spaces Direct Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35764 (Storage Spaces Direct Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35763 (Storage Spaces Direct Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35762 (Storage Spaces Direct Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35761 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35760 (Microsoft ATA Port Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35759 (Windows Local Security Authority (LSA) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35758 (Windows Kernel Memory Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35757 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-35756 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35755 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35754 (Unified Write Filter Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35753 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35752 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35751 (Windows Hyper-V Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35750 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35749 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35748 (HTTP.sys Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35747 (Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35746 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-35745 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35744 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-35743 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-35742 (Microsoft Outlook Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-2402 (The vulnerability in the driver dlpfde.sys enables a user logged into ...) + NOT-FOR-US: ESET +CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost version ...) + - mattermost-server (bug #823556) +CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...) + {DLA-3495-1} + - php-dompdf 2.0.2+dfsg-1 (bug #1015874) + [bullseye] - php-dompdf (Minor issue) + NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a + NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a +CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allow ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) +CVE-2022-35741 (Apache CloudStack version 4.5.0 and later has a SAML 2.0 authenticatio ...) + NOT-FOR-US: Apache CloudStack +CVE-2022-2398 (The WordPress Comments Fields WordPress plugin before 4.1 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2397 + RESERVED +CVE-2022-2396 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: Simple e-Learning System +CVE-2022-35740 (dotCMS before 22.06 allows remote attackers to bypass intended access ...) + NOT-FOR-US: dotCMS +CVE-2022-35739 (PRTG Network Monitor through 22.2.77.2204 does not prevent custom inpu ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2022-35738 + RESERVED +CVE-2022-35737 (SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-b ...) + - sqlite3 3.39.2-1 (unimportant) + - sqlite (unimportant) + NOTE: https://sqlite.org/forum/forumpost/3607259d3c + NOTE: Debian sqlite3 packages not compiled with -DSQLITE_ENABLE_STAT4 + NOTE: https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/ +CVE-2022-35736 + RESERVED +CVE-2022-35724 (It is possible to provide data to be read that leads the reader to loo ...) + NOT-FOR-US: Apache Avro +CVE-2022-35723 + RESERVED +CVE-2022-35722 (IBM Jazz for Service Management is vulnerable to stored cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-35721 (IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-si ...) + NOT-FOR-US: IBM +CVE-2022-35720 (IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Sec ...) + NOT-FOR-US: IBM +CVE-2022-35719 (IBM MQ Internet Pass-Thru 2.1, 9.2 LTS and 9.2 CD stores potentially s ...) + NOT-FOR-US: IBM +CVE-2022-35718 + RESERVED +CVE-2022-35717 ("IBM InfoSphere Information Server 11.7 could allow a locally authenti ...) + NOT-FOR-US: IBM +CVE-2022-35716 (IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7 ...) + NOT-FOR-US: IBM +CVE-2022-35715 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2022-35714 (IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scriptin ...) + NOT-FOR-US: IBM +CVE-2022-34861 + RESERVED +CVE-2022-34842 + RESERVED +CVE-2022-34649 + RESERVED +CVE-2022-34489 + RESERVED +CVE-2022-33979 + RESERVED +CVE-2022-33966 + RESERVED +CVE-2022-33144 + RESERVED +CVE-2022-29870 + RESERVED +CVE-2022-27170 (Protection mechanism failure in the Intel(R) Media SDK software before ...) + NOT-FOR-US: Intel +CVE-2022-2395 (The weForms WordPress plugin before 1.6.14 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2394 (Puppet Bolt prior to version 3.24.0 will print sensitive parameters wh ...) + NOT-FOR-US: Puppet Bolt +CVE-2021-46827 (An issue was discovered in Oxygen XML WebHelp before 22.1 build 202108 ...) + NOT-FOR-US: Oxygen XML WebHelp +CVE-2022-35713 (Adobe Photoshop versions 22.5.8 (and earlier) and 23.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-35712 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-35711 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-35710 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-35709 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35708 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35707 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35706 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35705 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35704 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35703 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35702 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35701 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35700 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35699 (Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-35698 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-35697 (Adobe Experience Manager Core Components version 2.20.6 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-35696 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-35695 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-35694 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-35693 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-35692 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-35691 (Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30 ...) + NOT-FOR-US: Adobe +CVE-2022-35690 (Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-35689 (Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-35688 + RESERVED +CVE-2022-35687 + RESERVED +CVE-2022-35686 + RESERVED +CVE-2022-35685 + RESERVED +CVE-2022-35684 + RESERVED +CVE-2022-35683 + RESERVED +CVE-2022-35682 + RESERVED +CVE-2022-35681 + RESERVED +CVE-2022-35680 + RESERVED +CVE-2022-35679 + RESERVED +CVE-2022-35678 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35677 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-35676 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-35675 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-35674 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-35673 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-35672 (Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 ...) + NOT-FOR-US: Adobe +CVE-2022-35671 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35670 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35669 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) + NOT-FOR-US: Adobe +CVE-2022-35668 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35667 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35666 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35665 (Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 ...) + NOT-FOR-US: Adobe +CVE-2022-35664 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-35663 + RESERVED +CVE-2022-35662 + RESERVED +CVE-2022-35661 + RESERVED +CVE-2022-35660 + RESERVED +CVE-2022-35659 + RESERVED +CVE-2022-35658 + RESERVED +CVE-2022-35657 + RESERVED +CVE-2022-35656 (Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated ...) + NOT-FOR-US: Pega Platform +CVE-2022-35655 (Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a m ...) + NOT-FOR-US: Pega Platform +CVE-2022-35654 (Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an ...) + NOT-FOR-US: Pega Platform +CVE-2022-35653 (A reflected XSS issue was identified in the LTI module of Moodle. The ...) + - moodle +CVE-2022-35652 (An open redirect issue was found in Moodle due to improper sanitizatio ...) + - moodle +CVE-2022-35651 (A stored XSS and blind SSRF vulnerability was found in Moodle, occurs ...) + - moodle +CVE-2022-35650 (The vulnerability was found in Moodle, occurs due to input validation ...) + - moodle +CVE-2022-35649 (The vulnerability was found in Moodle, occurs due to improper input va ...) + - moodle +CVE-2022-33977 (untangle is a python library to convert XML data to python objects. un ...) + - python-untangle 1.2.1-1 + NOTE: https://github.com/stchris/untangle/releases/tag/1.2.1 + NOTE: https://github.com/stchris/untangle/pull/94 +CVE-2022-31471 (untangle is a python library to convert XML data to python objects. un ...) + - python-untangle 1.2.1-1 + NOTE: https://github.com/stchris/untangle/releases/tag/1.2.1 + NOTE: https://github.com/stchris/untangle/pull/94 +CVE-2022-2393 (A flaw was found in pki-core, which could allow a user to get a certif ...) + - dogtag-pki (bug #1034802) + [bullseye] - dogtag-pki (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2101046 +CVE-2022-2392 (The Lana Downloads Manager WordPress plugin before 1.8.0 is affected b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2391 (The Inspiro PRO WordPress plugin does not sanitize the portfolio slide ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2390 (Apps developed with Google Play Services SDK incorrectly had the mutab ...) + NOT-FOR-US: Apps developed with Google Play Services SDK +CVE-2022-2389 (The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newslet ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2388 (The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2387 (The Easy Digital Downloads WordPress plugin before 3.0 does not have C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2386 (The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35648 (Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO211719 ...) + NOT-FOR-US: Nautilus treadmills +CVE-2022-35647 + RESERVED +CVE-2022-35646 (IBM Security Verify Governance, Identity Manager 10.0.1 software compo ...) + NOT-FOR-US: IBM +CVE-2022-35645 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo A ...) + NOT-FOR-US: IBM +CVE-2022-35644 + RESERVED +CVE-2022-35643 (IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with syst ...) + NOT-FOR-US: IBM +CVE-2022-35642 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2022-35641 + RESERVED +CVE-2022-35640 + RESERVED +CVE-2022-35639 (IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do no ...) + NOT-FOR-US: IBM +CVE-2022-35638 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 a ...) + NOT-FOR-US: IBM +CVE-2022-35637 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) + NOT-FOR-US: IBM +CVE-2022-35636 + RESERVED +CVE-2022-35635 + RESERVED +CVE-2022-35634 + RESERVED +CVE-2022-35633 + RESERVED +CVE-2022-35632 (The Velociraptor GUI contains an editor suggestion feature that can di ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2022-35631 (On MacOS and Linux, it may be possible to perform a symlink attack by ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2022-35630 (A cross-site scripting (XSS) issue in generating a collection report m ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2022-35629 (Due to a bug in the handling of the communication between the client a ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2022-35628 (A SQL injection issue was discovered in the lux extension before 17.6. ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-35627 + RESERVED +CVE-2022-2385 (A security issue was discovered in aws-iam-authenticator where an allo ...) + NOT-FOR-US: Kubernetes aws-iam-authenticator +CVE-2022-2384 (The Digital Publications by Supsystic WordPress plugin before 1.7.4 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2383 (The Feed Them Social WordPress plugin before 3.0.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2382 (The Product Slider for WooCommerce WordPress plugin before 2.5.7 has f ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2381 (The E Unlocked - Student Result WordPress plugin through 1.0.4 is lack ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2380 (The Linux kernel was found vulnerable out of bounds memory access in t ...) + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 (5.18-rc1) +CVE-2022-2379 (The Easy Student Results WordPress plugin through 2.2.8 lacks authoris ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2378 (The Easy Student Results WordPress plugin through 2.2.8 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2377 (The Directorist WordPress plugin before 7.3.0 does not have authorisat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2376 (The Directorist WordPress plugin before 7.3.1 discloses the email addr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2375 (The WP Sticky Button WordPress plugin before 1.4.1 does not have autho ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2374 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2373 (The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is mi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2372 (The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2371 (The YaySMTP WordPress plugin before 2.2.1 does not have proper authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2370 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2369 (The YaySMTP WordPress plugin before 2.2.1 does not have capability che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2368 (Authentication Bypass by Spoofing in GitHub repository microweber/micr ...) + NOT-FOR-US: microweber +CVE-2022-2367 (The WSM Downloader WordPress plugin through 1.4.0 allows only specific ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35626 + RESERVED +CVE-2022-35625 + RESERVED +CVE-2022-35624 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be ...) + NOT-FOR-US: Nordic nRF5 SDK for Mesh +CVE-2022-35623 (In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be ...) + NOT-FOR-US: Nordic nRF5 SDK for Mesh +CVE-2022-35622 + RESERVED +CVE-2022-35621 (Access control vulnerability in Evoh NFT EvohClaimable contract with s ...) + NOT-FOR-US: Evoh NFT EvohClaimable contract +CVE-2022-35620 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...) + NOT-FOR-US: D-Link +CVE-2022-35619 (D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remot ...) + NOT-FOR-US: D-Link +CVE-2022-35618 + RESERVED +CVE-2022-35617 + RESERVED +CVE-2022-35616 + RESERVED +CVE-2022-35615 + RESERVED +CVE-2022-35614 + RESERVED +CVE-2022-35613 (Konker v2.3.9 was to discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: Konker +CVE-2022-35612 (A cross-site scripting (XSS) vulnerability in MQTTRoute v3.3 and below ...) + NOT-FOR-US: MQTTRoute +CVE-2022-35611 (A Cross-Site Request Forgery (CSRF) in MQTTRoute v3.3 and below allows ...) + NOT-FOR-US: MQTTRoute +CVE-2022-35610 + RESERVED +CVE-2022-35609 + RESERVED +CVE-2022-35608 + RESERVED +CVE-2022-35607 + RESERVED +CVE-2022-35606 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35605 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35604 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35603 (A SQL injection vulnerability in CustomerDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35602 (A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryMan ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35601 (A SQL injection vulnerability in SupplierDAO.java in sazanrjb Inventor ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35600 + RESERVED +CVE-2022-35599 (A SQL injection vulnerability in Stocks.java in sazanrjb InventoryMana ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35598 (A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb ...) + NOT-FOR-US: sazanrjb InventoryManagementSystem +CVE-2022-35597 + RESERVED +CVE-2022-35596 + RESERVED +CVE-2022-35595 + RESERVED +CVE-2022-35594 + RESERVED +CVE-2022-35593 + RESERVED +CVE-2022-35592 + RESERVED +CVE-2022-35591 + RESERVED +CVE-2022-35590 (A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows ...) + NOT-FOR-US: ForkCMS +CVE-2022-35589 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...) + NOT-FOR-US: ForkCMS +CVE-2022-35588 + RESERVED +CVE-2022-35587 (A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows re ...) + NOT-FOR-US: ForkCMS +CVE-2022-35586 + RESERVED +CVE-2022-35585 (A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 ...) + NOT-FOR-US: ForkCMS +CVE-2022-35584 + RESERVED +CVE-2022-35583 (wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to g ...) + - wkhtmltopdf (unimportant) + NOTE: https://cyber-guy.gitbook.io/cyber-guys-blog/blogs/initial-access-via-pdf-file-silently + NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/5249 + NOTE: By design, wkhtmltopdf retrieves external resources. If it is employed inside + NOTE: a protected network in an automated way, a malicious actor may access internal + NOTE: resources. A user of wkhtmltopdf should restrict such access. +CVE-2022-35582 (Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulner ...) + NOT-FOR-US: Penta Security Systems +CVE-2022-35581 + RESERVED +CVE-2022-35580 + RESERVED +CVE-2022-35579 + RESERVED +CVE-2022-35578 + RESERVED +CVE-2022-35577 + RESERVED +CVE-2022-35576 + RESERVED +CVE-2022-35575 + RESERVED +CVE-2022-35574 + RESERVED +CVE-2022-35573 + RESERVED +CVE-2022-35572 (On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lowe ...) + NOT-FOR-US: Linksys +CVE-2022-35571 + RESERVED +CVE-2022-35570 + RESERVED +CVE-2022-35569 (Blogifier v3.0 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: Blogifier +CVE-2022-35568 + RESERVED +CVE-2022-35567 + RESERVED +CVE-2022-35566 + RESERVED +CVE-2022-35565 + RESERVED +CVE-2022-35564 + RESERVED +CVE-2022-35563 + RESERVED +CVE-2022-35562 + RESERVED +CVE-2022-35561 (A stack overflow vulnerability exists in /goform/WifiMacFilterSet in T ...) + NOT-FOR-US: Tenda +CVE-2022-35560 (A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda ...) + NOT-FOR-US: Tenda +CVE-2022-35559 (A stack overflow vulnerability exists in /goform/setAutoPing in Tenda ...) + NOT-FOR-US: Tenda +CVE-2022-35558 (A stack overflow vulnerability exists in /goform/WifiMacFilterGet in T ...) + NOT-FOR-US: Tenda +CVE-2022-35557 (A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda ...) + NOT-FOR-US: Tenda +CVE-2022-35556 + RESERVED +CVE-2022-35555 (A command injection vulnerability exists in /goform/exeCommand in Tend ...) + NOT-FOR-US: Tenda +CVE-2022-35554 (Multiple reflected XSS vulnerabilities occur when handling error messa ...) + NOT-FOR-US: BPC SmartVista +CVE-2022-35553 + RESERVED +CVE-2022-35552 + RESERVED +CVE-2022-35551 + RESERVED +CVE-2022-35550 + RESERVED +CVE-2022-35549 + RESERVED +CVE-2022-35548 + RESERVED +CVE-2022-35547 + RESERVED +CVE-2022-35546 + RESERVED +CVE-2022-35545 + RESERVED +CVE-2022-35544 + RESERVED +CVE-2022-35543 + RESERVED +CVE-2022-35542 + RESERVED +CVE-2022-35541 + RESERVED +CVE-2022-35540 (Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attack ...) + NOT-FOR-US: AgileConfig +CVE-2022-35539 + RESERVED +CVE-2022-35538 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35537 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35536 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35535 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35534 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35533 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35532 + RESERVED +CVE-2022-35531 + RESERVED +CVE-2022-35530 + RESERVED +CVE-2022-35529 + RESERVED +CVE-2022-35528 + RESERVED +CVE-2022-35527 + RESERVED +CVE-2022-35526 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no ...) + NOT-FOR-US: WAVLINK +CVE-2022-35525 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35524 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35523 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35522 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35521 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35520 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35519 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has ...) + NOT-FOR-US: WAVLINK +CVE-2022-35518 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35517 (WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no fi ...) + NOT-FOR-US: WAVLINK +CVE-2022-35516 (DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code exec ...) + NOT-FOR-US: DedeCMS +CVE-2022-35515 + RESERVED +CVE-2022-35514 + RESERVED +CVE-2022-35513 (The Blink1Control2 application <= 2.2.7 uses weak password encryption ...) + NOT-FOR-US: Blink1Control2 application +CVE-2022-35512 + RESERVED +CVE-2022-35511 + RESERVED +CVE-2022-35510 + RESERVED +CVE-2022-35509 (An issue was discovered in EyouCMS 1.5.8. There is a Storage XSS vulne ...) + NOT-FOR-US: Eyoucms +CVE-2022-35508 (Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are v ...) + NOT-FOR-US: Proxmox +CVE-2022-35507 (A response-header CRLF injection vulnerability in the Proxmox Virtual ...) + NOT-FOR-US: Proxmox +CVE-2022-35506 (TripleCross v0.1.0 was discovered to contain a stack overflow which oc ...) + NOT-FOR-US: TripleCross +CVE-2022-35505 (A segmentation fault in TripleCross v0.1.0 occurs when sending a contr ...) + NOT-FOR-US: TripleCross +CVE-2022-35504 + RESERVED +CVE-2022-35503 + RESERVED +CVE-2022-35502 + RESERVED +CVE-2022-35501 (Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 ...) + NOT-FOR-US: Amasty Blog Pro +CVE-2022-35500 (Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via lea ...) + NOT-FOR-US: Amasty Blog +CVE-2022-35499 + RESERVED +CVE-2022-35498 + RESERVED +CVE-2022-35497 + RESERVED +CVE-2022-35496 + RESERVED +CVE-2022-35495 + RESERVED +CVE-2022-35494 + RESERVED +CVE-2022-35493 (A Cross-site scripting (XSS) vulnerability in json search parse and th ...) + NOT-FOR-US: eShop - Multipurpose Ecommerce Store Website +CVE-2022-35492 + RESERVED +CVE-2022-35491 (TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for ro ...) + NOT-FOR-US: TOTOLINK +CVE-2022-35490 (Zammad 5.2.0 is vulnerable to privilege escalation. Zammad has a preve ...) + - zammad (bug #841355) +CVE-2022-35489 (In Zammad 5.2.0, customers who have secondary organizations assigned w ...) + - zammad (bug #841355) +CVE-2022-35488 (In Zammad 5.2.0, an attacker could manipulate the rate limiting in the ...) + - zammad (bug #841355) +CVE-2022-35487 (Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not cor ...) + - zammad (bug #841355) +CVE-2022-35486 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35485 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35484 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35483 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35482 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35481 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35480 + RESERVED +CVE-2022-35479 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35478 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35477 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35476 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35475 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-35474 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35473 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35472 (OTFCC v0.10.4 was discovered to contain a global overflow via /release ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35471 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-35470 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35469 (OTFCC v0.10.4 was discovered to contain a segmentation violation via / ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35468 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-35467 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-35466 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35465 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35464 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35463 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35462 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35461 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35460 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35459 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-35458 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35457 + RESERVED +CVE-2022-35456 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35455 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35454 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35453 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35452 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35451 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35450 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35449 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35448 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35447 (OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /re ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see #1019602 +CVE-2022-35446 + RESERVED +CVE-2022-35445 + RESERVED +CVE-2022-35444 + RESERVED +CVE-2022-35443 + RESERVED +CVE-2022-35442 + RESERVED +CVE-2022-35441 + RESERVED +CVE-2022-35440 + RESERVED +CVE-2022-35439 + RESERVED +CVE-2022-35438 + RESERVED +CVE-2022-35437 + RESERVED +CVE-2022-35436 + RESERVED +CVE-2022-35435 + RESERVED +CVE-2022-35434 (jpeg-quantsmooth before commit 8879454 contained a floating point exce ...) + - jpegqs 1.20210408-3 (bug #1017608) + NOTE: https://github.com/ilyakurdyukov/jpeg-quantsmooth/commit/8879454401722ea603c6e3abfafdeb30c0880c8e + NOTE: https://github.com/ilyakurdyukov/jpeg-quantsmooth/issues/25 +CVE-2022-35433 (ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered ...) + NOT-FOR-US: ffjpeg +CVE-2022-35432 + RESERVED +CVE-2022-35431 + RESERVED +CVE-2022-35430 + RESERVED +CVE-2022-35429 + RESERVED +CVE-2022-35428 + RESERVED +CVE-2022-35427 + RESERVED +CVE-2022-35426 (UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file P ...) + NOT-FOR-US: UCMS +CVE-2022-35425 + RESERVED +CVE-2022-35424 + RESERVED +CVE-2022-35423 + RESERVED +CVE-2022-35422 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Web Based Quiz System +CVE-2022-35421 (Online Tours And Travels Management System v1.0 was discovered to cont ...) + NOT-FOR-US: Online Tours And Travels Management System +CVE-2022-35420 + RESERVED +CVE-2022-35419 + RESERVED +CVE-2022-35418 + RESERVED +CVE-2022-35417 + RESERVED +CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang co ...) + NOT-FOR-US: H3C SSL VPN +CVE-2022-35415 (An improper input validation in NI System Configuration Manager before ...) + NOT-FOR-US: NI +CVE-2022-35414 (softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized r ...) + {DLA-3099-1} + - qemu 1:7.1+dfsg-1 (unimportant; bug #1014958) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/1065 + NOTE: https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c (v7.1.0-rc0) + NOTE: https://sick.codes/sick-2022-113 + NOTE: Not deemed a security issue per https://www.qemu.org/docs/master/system/security.html#security-requirements +CVE-2022-2366 (Incorrect default configuration for trusted IP header in Mattermost ve ...) + - mattermost-server (bug #823556) +CVE-2022-2365 (Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium ...) + NOT-FOR-US: Trilium Notes +CVE-2022-2364 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: Simple Parking Management System +CVE-2022-2363 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Simple Parking Management System +CVE-2022-2362 (The Download Manager WordPress plugin before 3.2.50 prioritizes gettin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2361 (The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35413 (WAPPLES through 6.0 has a hardcoded systemi account. A threat actor co ...) + NOT-FOR-US: Penta Security Systems Inc WAPPLES +CVE-2022-35412 (Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinar ...) + NOT-FOR-US: Digital Guardian Agent +CVE-2022-2360 + RESERVED +CVE-2022-2359 + RESERVED +CVE-2022-2358 + RESERVED +CVE-2022-2357 (The WSM Downloader WordPress plugin through 1.4.0 allows any visitor t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2356 (The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2355 (The Easy Username Updater WordPress plugin before 1.0.5 does not imple ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2354 (The WP-DBManager WordPress plugin before 2.80.8 does not prevent admin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35411 (rpc.py through 0.6.0 allows Remote Code Execution because an unpickle ...) + NOT-FOR-US: rpc.py +CVE-2022-35410 (mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ dir ...) + {DSA-5185-1} + - mat2 0.13.0-1 + NOTE: https://0xacab.org/jvoisin/mat2/-/commit/beebca4bf1cd3b935824c966ce077e7bcf610385 + NOTE: https://0xacab.org/jvoisin/mat2/-/issues/174 + NOTE: https://dustri.org/b/mat2-0130.html +CVE-2022-35409 (An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0 ...) + {DLA-3249-1} + - mbedtls 2.28.1-1 + [bullseye] - mbedtls (Minor issue) + NOTE: https://github.com/Mbed-TLS/mbedtls-docs/blob/5e9790353d2d9e41e85262eebe52fd90bb49f1e0/security-advisories/advisories/mbedtls-security-advisory-2022-07.md + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/f333dfab4a6c2d8a604a61558a8f783145161de4 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/e5af9fabf7d68e3807b6ea78792794b8352dbba2 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/862acb84033840b7e6376a4155ed5be2a6a4e117 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/a39170bbed1f5a69f108ea19fe3510c3643d53ab (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/33f41a8fa858128d5e9a1d1e1afbd4e63f24d444 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/4353d3d593cda3849a04c676288e0c790fa86a3c (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/3c036f54cc3a25e4d6b8003202b7e640522f4621 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/6b4f062cde84b9df57275676c428508ec6e41211 (v2.28.1) + NOTE: https://github.com/Mbed-TLS/mbedtls/commit/719c723afc63930d3472a12c0edb654a7d08d6b9 (v2.28.1) +CVE-2022-35408 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-35407 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-35406 (A URL disclosure issue was discovered in Burp Suite before 2022.6. If ...) + - burpsuite (bug #832943) +CVE-2022-35405 (Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-35404 (ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 ...) + NOT-FOR-US: ManageEngine Password Manager Pro +CVE-2022-35403 (Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-35402 + RESERVED +CVE-2022-2353 (Prior to microweber/microweber v1.2.20, due to improper neutralization ...) + NOT-FOR-US: microweber +CVE-2022-2352 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2351 (The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2350 (The Disable User Login WordPress plugin through 1.0.1 does not have au ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2349 + REJECTED +CVE-2022-2348 + REJECTED +CVE-2022-2347 (There exists an unchecked length field in UBoot. The U-Boot DFU implem ...) + [experimental] - u-boot 2023.01~rc2+dfsg-1 + - u-boot 2023.01~rc4+dfsg-2 (bug #1014959) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/08/2 + NOTE: https://source.denx.de/u-boot/u-boot/-/commit/fbce985e28eaca3af82afecc11961aadaf971a7e (v2023.01-rc2) +CVE-2022-35399 + REJECTED +CVE-2022-35398 + REJECTED +CVE-2022-35397 + REJECTED +CVE-2022-35396 + REJECTED +CVE-2022-35395 + REJECTED +CVE-2022-35394 + REJECTED +CVE-2022-35393 + REJECTED +CVE-2022-35392 + REJECTED +CVE-2022-35391 + REJECTED +CVE-2022-35390 + REJECTED +CVE-2022-35389 + REJECTED +CVE-2022-35388 + REJECTED +CVE-2022-35387 + REJECTED +CVE-2022-35386 + REJECTED +CVE-2022-35385 + REJECTED +CVE-2022-35384 + REJECTED +CVE-2022-35383 + REJECTED +CVE-2022-35382 + REJECTED +CVE-2022-35381 + REJECTED +CVE-2022-35380 + REJECTED +CVE-2022-35379 + REJECTED +CVE-2022-35378 + REJECTED +CVE-2022-35377 + REJECTED +CVE-2022-35376 + REJECTED +CVE-2022-35375 + REJECTED +CVE-2022-35374 + REJECTED +CVE-2022-35373 + REJECTED +CVE-2022-35372 + REJECTED +CVE-2022-35371 + REJECTED +CVE-2022-35370 + REJECTED +CVE-2022-35369 + REJECTED +CVE-2022-35368 + REJECTED +CVE-2022-35367 + REJECTED +CVE-2022-35366 + REJECTED +CVE-2022-35365 + REJECTED +CVE-2022-35364 + REJECTED +CVE-2022-35363 + REJECTED +CVE-2022-35362 + REJECTED +CVE-2022-35361 + REJECTED +CVE-2022-35360 + REJECTED +CVE-2022-35359 + REJECTED +CVE-2022-35358 + REJECTED +CVE-2022-35357 + REJECTED +CVE-2022-35356 + REJECTED +CVE-2022-35355 + REJECTED +CVE-2022-35354 + REJECTED +CVE-2022-35353 + REJECTED +CVE-2022-35352 + REJECTED +CVE-2022-35351 + REJECTED +CVE-2022-35350 + REJECTED +CVE-2022-35349 + REJECTED +CVE-2022-35348 + REJECTED +CVE-2022-35347 + REJECTED +CVE-2022-35346 + REJECTED +CVE-2022-35345 + REJECTED +CVE-2022-35344 + REJECTED +CVE-2022-35343 + REJECTED +CVE-2022-35342 + REJECTED +CVE-2022-35341 + REJECTED +CVE-2022-35340 + REJECTED +CVE-2022-35339 + REJECTED +CVE-2022-35338 + REJECTED +CVE-2022-35337 + REJECTED +CVE-2022-35336 + REJECTED +CVE-2022-35335 + REJECTED +CVE-2022-35334 + REJECTED +CVE-2022-35333 + REJECTED +CVE-2022-35332 + REJECTED +CVE-2022-35331 + REJECTED +CVE-2022-35330 + REJECTED +CVE-2022-35329 + REJECTED +CVE-2022-35328 + REJECTED +CVE-2022-35327 + REJECTED +CVE-2022-35326 + REJECTED +CVE-2022-35325 + REJECTED +CVE-2022-35324 + REJECTED +CVE-2022-35323 + REJECTED +CVE-2022-35322 + REJECTED +CVE-2022-35321 + REJECTED +CVE-2022-35320 + REJECTED +CVE-2022-35319 + REJECTED +CVE-2022-35318 + REJECTED +CVE-2022-35317 + REJECTED +CVE-2022-35316 + REJECTED +CVE-2022-35315 + REJECTED +CVE-2022-35314 + REJECTED +CVE-2022-35313 + REJECTED +CVE-2022-35312 + REJECTED +CVE-2022-35311 + REJECTED +CVE-2022-35310 + REJECTED +CVE-2022-35309 + REJECTED +CVE-2022-35308 + REJECTED +CVE-2022-35307 + REJECTED +CVE-2022-35306 + REJECTED +CVE-2022-35305 + REJECTED +CVE-2022-35304 + REJECTED +CVE-2022-35303 + REJECTED +CVE-2022-35302 + REJECTED +CVE-2022-35301 + REJECTED +CVE-2022-35300 + REJECTED +CVE-2022-33939 (CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP45 ...) + NOT-FOR-US: Yokogawa CENTUM CS 3000 +CVE-2022-2346 (In affected versions of Octopus Deploy it is possible for a low privil ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2345 (Use After Free in GitHub repository vim/vim prior to 9.0.0046.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/1eed7009-db6d-487b-bc41-8f2fd260483f + NOTE: https://github.com/vim/vim/commit/32acf1f1a72ebb9d8942b9c9d80023bf1bb668ea (v9.0.0047) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2344 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/4a095ed9-3125-464a-b656-c31b437e1996 + NOTE: https://github.com/vim/vim/commit/baefde14550231f6468ac2ed2ed495bc381c0c92 (v9.0.0046) + NOTE: Crash in CLI tool, no security impact +CVE-2020-36556 + RESERVED +CVE-2020-36555 + RESERVED +CVE-2020-36554 + RESERVED +CVE-2022-2343 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/2ecb4345-2fc7-4e7f-adb0-83a20bb458f5 + NOTE: https://github.com/vim/vim/commit/caea66442d86e7bbba3bf3dc202c3c0d549b9853 (v9.0.0045) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2342 (Cross-site Scripting (XSS) - Stored in GitHub repository outline/outli ...) + NOT-FOR-US: outline +CVE-2022-2341 (The Simple Page Transition WordPress plugin through 1.4.1 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2340 (The W-DALIL WordPress plugin through 2.0 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-35299 (SAP SQL Anywhere - version 17.0, and SAP IQ - version 16.1, allows an ...) + NOT-FOR-US: SAP +CVE-2022-35298 (SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not suffici ...) + NOT-FOR-US: SAP +CVE-2022-35297 (The application SAP Enable Now does not sufficiently encode user-contr ...) + NOT-FOR-US: SAP +CVE-2022-35296 (Under certain conditions, the application SAP BusinessObjects Business ...) + NOT-FOR-US: SAP +CVE-2022-35295 (In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files ...) + NOT-FOR-US: SAP +CVE-2022-35294 (An attacker with basic business user privileges could craft and upload ...) + NOT-FOR-US: SAP +CVE-2022-35293 (Due to insecure session management, SAP Enable Now allows an unauthent ...) + NOT-FOR-US: SAP +CVE-2022-35292 (In SAP Business One application when a service is created, the executa ...) + NOT-FOR-US: SAP +CVE-2022-35291 (Due to misconfigured application endpoints, SAP SuccessFactors attachm ...) + NOT-FOR-US: SAP +CVE-2022-35290 (Under certain conditions SAP Authenticator for Android allows an attac ...) + NOT-FOR-US: SAP +CVE-2022-35289 (A write-what-where condition in hermes caused by an integer overflow, ...) + NOT-FOR-US: Facebook Hermes +CVE-2022-35288 (IBM Security Verify Information Queue 10.0.2 could allow a user to obt ...) + NOT-FOR-US: IBM +CVE-2022-35287 (IBM Security Verify Information Queue 10.0.2 contains hard-coded crede ...) + NOT-FOR-US: IBM +CVE-2022-35286 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2022-35285 (IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2022-35284 (IBM Security Verify Information Queue 10.0.2 could disclose sensitive ...) + NOT-FOR-US: IBM +CVE-2022-35283 (IBM Security Verify Information Queue 10.0.2 could allow an authentica ...) + NOT-FOR-US: IBM +CVE-2022-35282 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-35281 (IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maxi ...) + NOT-FOR-US: IBM +CVE-2022-35280 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not req ...) + NOT-FOR-US: IBM +CVE-2022-35279 ("IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0 ...) + NOT-FOR-US: IBM +CVE-2022-35278 (In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show mal ...) + NOT-FOR-US: Apache ActiveMQ Artemis +CVE-2022-34850 (An OS command injection vulnerability exists in the web_server /action ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-34845 (A firmware update vulnerability exists in the sysupgrade functionality ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33975 + RESERVED +CVE-2022-33897 (A directory traversal vulnerability exists in the web_server /ajax/rem ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33150 (An OS command injection vulnerability exists in the js_package install ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-2339 (With this SSRF vulnerability, an attacker can reach internal addresses ...) + NOT-FOR-US: nocodb +CVE-2022-2338 (Softing Secure Integration Server V1.22 is vulnerable to authenticatio ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-2337 (A crafted HTTP packet with a missing HTTP URI can create a denial-of-s ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-2336 (Softing Secure Integration Server, edgeConnector, and edgeAggregator s ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-2335 (A crafted HTTP packet with a -1 content-length header can create a den ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-2334 (The application searches for a library dll that is not found. If an at ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-2333 (If an attacker manages to trick a valid user into loading a malicious ...) + NOT-FOR-US: Honeywell +CVE-2022-2332 (A local unprivileged attacker may escalate to administrator privileges ...) + NOT-FOR-US: Honeywell +CVE-2022-35271 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35270 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35269 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35268 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35267 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35266 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35265 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35264 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35263 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35262 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35261 (A denial of service vulnerability exists in the web_server hashFirst f ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-35260 (curl can be told to parse a `.netrc` file for credentials. If that fil ...) + - curl 7.86.0-1 + [bullseye] - curl (Vulnerable code not present) + [buster] - curl (Vulnerable code not present) + NOTE: https://curl.se/docs/CVE-2022-35260.html + NOTE: introduced by: https://github.com/curl/curl/commit/eeaae10c0fb27aa066fdc296074edeacfdeb6522 (curl-7_84_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/c97ec984fb2bc919a3aa863e0476dffa377b184c (curl-7_86_0) +CVE-2022-35259 (XML Injection with Endpoint Manager 2022. 3 and below causing a downlo ...) + NOT-FOR-US: Ivanti +CVE-2022-35258 (An unauthenticated attacker can cause a denial-of-service to the follo ...) + NOT-FOR-US: Ivanti +CVE-2022-35257 (A local privilege escalation vulnerability in UI Desktop for Windows ( ...) + NOT-FOR-US: UI Desktop for Windows +CVE-2022-35256 (The llhttp parser in the http module in Node v18.7.0 does not correctl ...) + {DSA-5326-1} + - nodejs 18.10.0+dfsg-1 + [buster] - nodejs (llhttp dependency/embedding introduced in 12.x) + - llhttp (bug #977716) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-header-fields-medium-cve-2022-35256 + NOTE: https://hackerone.com/reports/1888760 + NOTE: https://github.com/nodejs/node/commit/2e92e5b71d071cb989d8d109d278427041a47e44 (main) + NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.20.1) +CVE-2022-35255 (A weak randomness in WebCrypto keygen vulnerability exists in Node.js ...) + {DSA-5326-1} + - nodejs 18.10.0+dfsg-1 + [buster] - nodejs (Vulnerable code introduced later) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#weak-randomness-in-webcrypto-keygen-high-cve-2022-35255 + NOTE: https://github.com/nodejs/node/commit/0c2a5723beff39d1f62daec96b5389da3d427e79 (v18.9.1) + NOTE: Introduced by https://github.com/nodejs/node/commit/dae283d96fd31ad0f30840a7e55ac97294f505ac (v15.0.0) +CVE-2022-35254 (An unauthenticated attacker can cause a denial-of-service to the follo ...) + NOT-FOR-US: Ivanti +CVE-2022-35253 + REJECTED +CVE-2022-35252 (When curl is used to retrieve and parse cookies from a HTTP(S) server, ...) + {DLA-3288-1} + - curl 7.85.0-1 (bug #1018831) + [bullseye] - curl 7.74.0-1.3+deb11u3 + NOTE: https://curl.se/docs/CVE-2022-35252.html + NOTE: Fixed by: https://github.com/curl/curl/commit/8dfc93e573ca740544a2d79ebb0ed786592c65c3 (curl-7_85_0) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/31/2 + NOTE: https://daniel.haxx.se/blog/2022/09/05/a-bug-that-was-23-years-old-or-not/ +CVE-2022-35251 (A cross-site scripting vulnerability exists in Rocket.chat (Vulnerable code introduced later) +CVE-2022-2326 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-35234 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out- ...) + NOT-FOR-US: Trend Micro +CVE-2022-35233 + RESERVED +CVE-2022-35232 + RESERVED +CVE-2022-35231 + RESERVED +CVE-2022-33896 (A buffer underflow vulnerability exists in the way Hword of Hancom Off ...) + NOT-FOR-US: Hancom Office +CVE-2022-2325 (The Invitation Based Registrations WordPress plugin through 2.2.84 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2324 (Improperly Implemented Security Check vulnerability in the SonicWall H ...) + NOT-FOR-US: SonicWall +CVE-2022-2323 (Improper neutralization of special elements used in a user input allow ...) + NOT-FOR-US: SonicWall +CVE-2022-2322 + RESERVED +CVE-2022-2321 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + NOT-FOR-US: Nakama +CVE-2022-35230 (An authenticated user can create a link with reflected Javascript code ...) + {DLA-3390-1} + [experimental] - zabbix 1:6.0.6+dfsg-1 + - zabbix 1:6.0.7+dfsg-2 (bug #1014994) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-21305 + NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/3b47a97676ee9ca4e16566f1931c456459108eae (5.0.25rc1) +CVE-2022-35229 (An authenticated user can create a link with reflected Javascript code ...) + {DLA-3390-1} + [experimental] - zabbix 1:6.0.6+dfsg-1 + - zabbix 1:6.0.7+dfsg-2 (bug #1014992) + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-21306 + NOTE: Fixed in: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/b546c3f10ce98b0c914e5fc4114bd43042880c3c (5.0.25rc1) +CVE-2022-35228 (SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve ...) + NOT-FOR-US: SAP +CVE-2022-35227 (A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, ...) + NOT-FOR-US: SAP +CVE-2022-35226 (SAP Data Services Management allows an attacker to copy the data from ...) + NOT-FOR-US: SAP +CVE-2022-35225 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2022-35224 (SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7 ...) + NOT-FOR-US: SAP +CVE-2022-35223 (EasyUse MailHunter Ultimate\u2019s cookie deserialization function has ...) + NOT-FOR-US: EasyUse MailHunter Ultimate +CVE-2022-35222 (HiCOS Citizen verification component has a stack-based buffer overflow ...) + NOT-FOR-US: HiCOS Citizen verification component +CVE-2022-35221 (Teamplus Pro community discussion has an \u2018allocation of resource ...) + NOT-FOR-US: Teamplus Pro community discussion +CVE-2022-35220 (Teamplus Pro community discussion function has an \u2018allocation of ...) + NOT-FOR-US: Teamplus Pro community discussion +CVE-2022-35219 (The NHI card\u2019s web service component has a stack-based buffer ove ...) + NOT-FOR-US: The NHI card +CVE-2022-35218 (The NHI card\u2019s web service component has a heap-based buffer over ...) + NOT-FOR-US: The NHI card +CVE-2022-35217 (The NHI card\u2019s web service component has a stack-based buffer ove ...) + NOT-FOR-US: NHI card +CVE-2022-35216 (OMICARD EDM\u2019s mail image relay function has a path traversal vuln ...) + NOT-FOR-US: OMICARD EDM +CVE-2022-2320 (A flaw was found in the Xorg-x11-server. The specific flaw exists with ...) + {DSA-5199-1 DLA-3068-1} + - xorg-server 2:21.1.4-1 (bug #1014903) + - xwayland 2:22.1.3-1 + NOTE: Introduced by: https://github.com/freedesktop/xorg-xserver/commit/c06e27b2f6fd9f7b9f827623a48876a225264132 (xorg-server-1.5.99.1) + NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/dd8caf39e9e15d8f302e54045dd08d8ebf1025dc + NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac + NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1 +CVE-2022-2319 (A flaw was found in the Xorg-x11-server. An out-of-bounds access issue ...) + {DSA-5199-1 DLA-3068-1} + - xorg-server 2:21.1.4-1 (bug #1014903) + - xwayland 2:22.1.3-1 + NOTE: Fixed by: https://github.com/freedesktop/xorg-xserver/commit/6907b6ea2b4ce949cb07271f5b678d5966d9df42 + NOTE: Required for fixes: https://github.com/freedesktop/xorg-xserver/commit/f1070c01d616c5f21f939d5ebc533738779451ac + NOTE: https://www.openwall.com/lists/oss-security/2022/07/12/1 +CVE-2022-2317 (The Simple Membership WordPress plugin before 4.1.3 allows user to cha ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2316 (HTML injection vulnerability in secure messages of Devolutions Server ...) + NOT-FOR-US: Devolutions Server +CVE-2022-2315 (Database Software Accreditation Tracking/Presentation Module product b ...) + NOT-FOR-US: Database Software Accreditation Tracking/Presentation Module product +CVE-2022-2314 (The VR Calendar WordPress plugin through 2.3.2 lets any user execute a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2313 (A DLL hijacking vulnerability in the MA Smart Installer for Windows pr ...) + NOT-FOR-US: MA Smart Installer for Windows +CVE-2022-2312 (The Student Result or Employee Database WordPress plugin before 1.7.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2311 (The Find and Replace All WordPress plugin before 1.3 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2310 (An authentication bypass vulnerability in Skyhigh SWG in main releases ...) + NOT-FOR-US: Skyhigh SWG +CVE-2022-2309 (NULL Pointer Dereference allows attackers to cause a denial of service ...) + - lxml 4.9.1-1 (bug #1014766) + [bullseye] - lxml (Minor issue) + [buster] - lxml (Minor issue) + - libxml2 2.9.14+dfsg-1.3 (bug #1039991) + [bookworm] - libxml2 2.9.14+dfsg-1.3~deb12u1 + [bullseye] - libxml2 (Minor issue) + [buster] - libxml2 (Minor issue) + NOTE: https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba/ + NOTE: https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f (lxml-4.9.1) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/378 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5930fe01963136ab92125feec0c6204d9c9225dc (v2.10.0) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/a82ea25fc83f563c574ddb863d6c17d9c5abdbd2 (v2.10.0) +CVE-2022-2308 (A flaw was found in vDPA with VDUSE backend. There are currently no ch ...) + - linux 6.0.2-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2103900 + NOTE: https://git.kernel.org/linus/46f8a29272e51b6df7393d58fc5cb8967397ef2b (6.0) +CVE-2022-2318 (There are use-after-free vulnerabilities caused by timer handler in ne ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/03/2 + NOTE: https://git.kernel.org/linus/9cc02ede696272c5271a401e4f27c262359bc2f6 (5.19-rc5) +CVE-2022-35215 + RESERVED +CVE-2022-35214 + RESERVED +CVE-2022-35213 (Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to ...) + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap +CVE-2022-35212 (osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scr ...) + NOT-FOR-US: osCommerce2 +CVE-2022-35211 + RESERVED +CVE-2022-35210 + RESERVED +CVE-2022-35209 + RESERVED +CVE-2022-35208 + RESERVED +CVE-2022-35207 + RESERVED +CVE-2022-35206 (Null pointer dereference vulnerability in Binutils readelf 2.38.50 via ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29290 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed + NOTE: binutils not covered by security support +CVE-2022-35205 (An issue was discovered in Binutils readelf 2.38.50, reachable asserti ...) + - binutils 2.38.50.20220627-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=29289 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5 + NOTE: binutils not covered by security support +CVE-2022-35204 (Vitejs Vite before v2.9.13 was discovered to allow attackers to perfor ...) + NOT-FOR-US: Vitejs Vite +CVE-2022-35203 (An access control issue in TrendNet TV-IP572PI v1.0 allows unauthentic ...) + NOT-FOR-US: TrendNet TV-IP572PI +CVE-2022-35202 + RESERVED +CVE-2022-35201 (Tenda-AC18 V15.03.05.05 was discovered to contain a remote command exe ...) + NOT-FOR-US: Tenda +CVE-2022-35200 + RESERVED +CVE-2022-35199 + RESERVED +CVE-2022-35198 (Contract Management System v2.0 contains a weak default password which ...) + NOT-FOR-US: Contract Management System +CVE-2022-35197 + RESERVED +CVE-2022-35196 (TestLink v1.9.20 was discovered to contain a Cross-Site Request Forger ...) + NOT-FOR-US: TestLink +CVE-2022-35195 (TestLink 1.9.20 Raijin was discovered to contain a broken access contr ...) + NOT-FOR-US: TestLink +CVE-2022-35194 (TestLink v1.9.20 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: TestLink +CVE-2022-35193 (TestLink v1.9.20 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: TestLink +CVE-2022-35192 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...) + NOT-FOR-US: D-Link +CVE-2022-35191 (D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmw ...) + NOT-FOR-US: D-Link +CVE-2022-35190 + RESERVED +CVE-2022-35189 + RESERVED +CVE-2022-35188 + RESERVED +CVE-2022-35187 + RESERVED +CVE-2022-35186 + RESERVED +CVE-2022-35185 + RESERVED +CVE-2022-35184 + RESERVED +CVE-2022-35183 + RESERVED +CVE-2022-35182 + RESERVED +CVE-2022-35181 + RESERVED +CVE-2022-35180 + RESERVED +CVE-2022-35179 + RESERVED +CVE-2022-35178 + RESERVED +CVE-2022-35177 + RESERVED +CVE-2022-35176 + RESERVED +CVE-2022-35175 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Barangay +CVE-2022-35174 (A stored cross-site scripting (XSS) vulnerability in Kirby's Starterki ...) + NOT-FOR-US: Kirby +CVE-2022-35173 (An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a bre ...) + NOT-FOR-US: Nginx NJS +CVE-2022-35172 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2022-35171 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...) + NOT-FOR-US: SAP +CVE-2022-35170 (SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30 ...) + NOT-FOR-US: SAP +CVE-2022-35169 (SAP BusinessObjects Business Intelligence Platform (LCM) - versions 42 ...) + NOT-FOR-US: SAP +CVE-2022-35168 (Due to improper input sanitization of XML input in SAP Business One - ...) + NOT-FOR-US: SAP +CVE-2022-35167 (Printix Cloud Print Management v1.3.1149.0 for Windows was discovered ...) + NOT-FOR-US: Printix Cloud Print Management +CVE-2022-35166 (libjpeg commit 842c7ba was discovered to contain an infinite loop via ...) + - libjpeg (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/7 + NOTE: Hang in CLI tool, no security impact +CVE-2022-35165 (An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows at ...) + NOT-FOR-US: Bento4 +CVE-2022-35164 (LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a hea ...) + - libredwg (bug #595191) +CVE-2022-35163 (Complete Online Job Search System v1.0 was discovered to contain a cro ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-35162 (Complete Online Job Search System v1.0 was discovered to contain a cro ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-35161 (GVRET Stable Release as of Aug 15, 2015 was discovered to contain a bu ...) + NOT-FOR-US: GVRET +CVE-2022-35160 + RESERVED +CVE-2022-35159 + RESERVED +CVE-2022-35158 (A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows ...) + NOT-FOR-US: TScanCode +CVE-2022-35157 + RESERVED +CVE-2022-35156 (Bus Pass Management System 1.0 was discovered to contain a SQL Injecti ...) + NOT-FOR-US: Bus Pass Management System +CVE-2022-35155 (Bus Pass Management System v1.0 was discovered to contain a reflected ...) + NOT-FOR-US: Bus Pass Management System +CVE-2022-35154 (Shopro Mall System v1.3.8 was discovered to contain a SQL injection vu ...) + NOT-FOR-US: Shopro Mall System +CVE-2022-35153 (FusionPBX 5.0.1 was discovered to contain a command injection vulnerab ...) + NOT-FOR-US: FusionPBX +CVE-2022-35152 + RESERVED +CVE-2022-35151 (kkFileView v4.1.0 was discovered to contain multiple cross-site script ...) + NOT-FOR-US: kkFileview +CVE-2022-35150 (Baijicms v4 was discovered to contain an arbitrary file upload vulnera ...) + NOT-FOR-US: Baijicms +CVE-2022-35149 + RESERVED +CVE-2022-35148 (maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain ...) + NOT-FOR-US: maccms10 +CVE-2022-35147 (DoraCMS v2.18 and earlier allows attackers to bypass login authenticat ...) + NOT-FOR-US: DoraCMS +CVE-2022-35146 + RESERVED +CVE-2022-35145 + RESERVED +CVE-2022-35144 (Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: gilbitron/Renato +CVE-2022-35143 (Renato v0.17.0 employs weak password complexity requirements, allowing ...) + NOT-FOR-US: gilbitron/Renato +CVE-2022-35142 (An issue in Renato v0.17.0 allows attackers to cause a Denial of Servi ...) + NOT-FOR-US: gilbitron/Renato +CVE-2022-35141 + RESERVED +CVE-2022-35140 + RESERVED +CVE-2022-35139 + RESERVED +CVE-2022-35138 + RESERVED +CVE-2022-35137 (DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain mult ...) + NOT-FOR-US: DGIOT Lightweight industrial IoT +CVE-2022-35136 (Boodskap IoT Platform v4.4.9-02 allows attackers to make unauthenticat ...) + NOT-FOR-US: Boodskap IoT Platform +CVE-2022-35135 (Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privilege ...) + NOT-FOR-US: Boodskap IoT Platform +CVE-2022-35134 (Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) ...) + NOT-FOR-US: Boodskap IoT Platform +CVE-2022-35133 (A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allo ...) + - cherrytree (No vulnerable version ever uploaded, introduced in 0.99.44 and fixed in 0.99.45) + NOTE: https://drive.google.com/file/d/1Pidkh2MAQkue81dS7SI-d16Vun_s5tot/view?usp=sharing + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1202513 + NOTE: https://github.com/giuspen/cherrytree/issues/2099 +CVE-2022-35132 (Usermin through 1.850 allows a remote authenticated user to execute OS ...) + NOT-FOR-US: Usermin +CVE-2022-35131 (Joplin v2.8.8 allows attackers to execute arbitrary commands via a cra ...) + NOT-FOR-US: Joplin +CVE-2022-35130 + RESERVED +CVE-2022-35129 + RESERVED +CVE-2022-35128 + RESERVED +CVE-2022-35127 + RESERVED +CVE-2022-35126 + RESERVED +CVE-2022-35125 + RESERVED +CVE-2022-35124 + RESERVED +CVE-2022-35123 + RESERVED +CVE-2022-35122 (An access control issue in Ecowitt GW1100 Series Weather Stations <=GW ...) + NOT-FOR-US: Ecowitt GW1100 Series Weather Stations +CVE-2022-35121 (Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Novel-Plus +CVE-2022-35120 (IXPdata EasyInstall 6.6.14725 contains an access control issue.) + NOT-FOR-US: IXPdata EasyInstall +CVE-2022-35119 + RESERVED +CVE-2022-35118 (PyroCMS v3.9 was discovered to contain multiple cross-site scripting ( ...) + NOT-FOR-US: PyroCMS +CVE-2022-35117 (Clinic's Patient Management System v1.0 was discovered to contain a cr ...) + NOT-FOR-US: Clinic's Patient Management System +CVE-2022-35116 + RESERVED +CVE-2022-35115 (IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to ...) + NOT-FOR-US: IceWarp WebClient DC2 +CVE-2022-35114 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/185 +CVE-2022-35113 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/185 +CVE-2022-35112 + RESERVED +CVE-2022-35111 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/184 +CVE-2022-35110 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/184 +CVE-2022-35109 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/18 +CVE-2022-35108 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/184 +CVE-2022-35107 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/184 +CVE-2022-35106 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35105 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/183 +CVE-2022-35104 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35103 + RESERVED +CVE-2022-35102 + RESERVED +CVE-2022-35101 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35100 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35099 (SWFTools commit 772e55a2 was discovered to contain a stack overflow vi ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35098 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35097 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35096 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35095 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35094 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35093 (SWFTools commit 772e55a2 was discovered to contain a global buffer ove ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35092 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35091 (SWFTools commit 772e55a2 was discovered to contain a floating point ex ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/182 +CVE-2022-35090 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35089 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35088 (SWFTools commit 772e55a2 was discovered to contain a heap buffer-overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35087 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35086 (SWFTools commit 772e55a2 was discovered to contain a segmentation viol ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35085 (SWFTools commit 772e55a2 was discovered to contain a memory leak via / ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/181 +CVE-2022-35084 + RESERVED +CVE-2022-35083 + RESERVED +CVE-2022-35082 + RESERVED +CVE-2022-35081 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/183 +CVE-2022-35080 (SWFTools commit 772e55a2 was discovered to contain a heap-buffer overf ...) + - swftools + NOTE: https://github.com/matthiaskramm/swftools/issues/183 +CVE-2022-35079 + RESERVED +CVE-2022-35078 + RESERVED +CVE-2022-35077 + RESERVED +CVE-2022-35076 + RESERVED +CVE-2022-35075 + RESERVED +CVE-2022-35074 + RESERVED +CVE-2022-35073 + RESERVED +CVE-2022-35072 + RESERVED +CVE-2022-35071 + RESERVED +CVE-2022-35070 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35069 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35068 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35067 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35066 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35065 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35064 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35063 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35062 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35061 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35060 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35059 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35058 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35057 + RESERVED +CVE-2022-35056 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35055 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35054 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35053 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35052 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35051 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35050 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35049 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35048 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35047 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35046 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35045 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35044 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35043 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35042 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35041 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35040 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see as well #1019602 +CVE-2022-35039 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35038 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35037 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35036 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35035 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35034 (OTFCC commit 617837b was discovered to contain a heap buffer overflow ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35033 + RESERVED +CVE-2022-35032 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35031 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35030 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35029 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35028 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35027 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35026 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35025 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35024 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35023 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35022 (OTFCC commit 617837b was discovered to contain a segmentation violatio ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35021 (OTFCC commit 617837b was discovered to contain a global buffer overflo ...) + - texlive-bin (unimportant) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Crash in CLI tool, no security impact and affected code not built, see as well #1019602 +CVE-2022-35020 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35019 (Advancecomp v2.3 was discovered to contain a segmentation fault.) + - advancecomp 2.4-1 (bug #1019592) + [bullseye] - advancecomp (Minor issue) + [buster] - advancecomp (Minor issue) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md +CVE-2022-35018 (Advancecomp v2.3 was discovered to contain a segmentation fault.) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35017 (Advancecomp v2.3 was discovered to contain a heap buffer overflow.) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35017.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35016 (Advancecomp v2.3 was discovered to contain a heap buffer overflow.) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35015 (Advancecomp v2.3 was discovered to contain a heap buffer overflow via ...) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35015.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35014 (Advancecomp v2.3 contains a segmentation fault.) + - advancecomp 2.4-1 (unimportant; bug #1019592) + NOTE: https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35014.md + NOTE: Crash in CLI tool, no security impact +CVE-2022-35013 (PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at / ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35012 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35011 (PNGDec commit 8abf6be was discovered to contain a global buffer overfl ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35010 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35009 (PNGDec commit 8abf6be was discovered to contain a memory allocation pr ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35008 (PNGDec commit 8abf6be was discovered to contain a stack overflow via / ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35007 (PNGDec commit 8abf6be was discovered to contain a heap buffer overflow ...) + NOT-FOR-US: bitbank2/PNGdec +CVE-2022-35006 + RESERVED +CVE-2022-35005 + RESERVED +CVE-2022-35004 (JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT a ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-35003 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-35002 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-35001 + RESERVED +CVE-2022-35000 (JPEGDEC commit be4843c was discovered to contain a segmentation fault ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-34999 (JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-34998 (JPEGDEC commit be4843c was discovered to contain a global buffer overf ...) + NOT-FOR-US: bitbank2/JPEGDEC +CVE-2022-34997 + RESERVED +CVE-2022-34996 + RESERVED +CVE-2022-34995 + RESERVED +CVE-2022-34994 + RESERVED +CVE-2022-34993 (Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code ...) + NOT-FOR-US: Totolink +CVE-2022-34992 (Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the ...) + NOT-FOR-US: viruscamp/luadec +CVE-2022-34991 (Paymoney v3.3 was discovered to contain multiple reflected cross-site ...) + NOT-FOR-US: Paymoney +CVE-2022-34990 + RESERVED +CVE-2022-34989 (Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: PaymoneyFruits Bazar +CVE-2022-34988 (Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross ...) + NOT-FOR-US: Inout Blockchain AltExchanger +CVE-2022-34987 + RESERVED +CVE-2022-34986 + RESERVED +CVE-2022-34985 + RESERVED +CVE-2022-34984 + RESERVED +CVE-2022-34983 (The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execu ...) + NOT-FOR-US: scu-captchaC +CVE-2022-34982 (The eziod package in PyPI before v0.0.1 included a code execution back ...) + NOT-FOR-US: eziod +CVE-2022-34981 (The PyCrowdTangle package in PyPI before v0.0.1 included a code execut ...) + NOT-FOR-US: PyCrowdTangle +CVE-2022-34980 + RESERVED +CVE-2022-34979 + RESERVED +CVE-2022-34978 + RESERVED +CVE-2022-34977 + RESERVED +CVE-2022-34976 + RESERVED +CVE-2022-34975 + RESERVED +CVE-2022-34974 (D-Link DIR810LA1_FW102B22 was discovered to contain a command injectio ...) + NOT-FOR-US: D-Link +CVE-2022-34973 (D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow ...) + NOT-FOR-US: D-Link +CVE-2022-34972 (So Filter Shop v3.x was discovered to contain multiple blind SQL injec ...) + NOT-FOR-US: So Filter Shop +CVE-2022-34971 (An arbitrary file upload vulnerability in the Advertising Management m ...) + NOT-FOR-US: Feehi CMS +CVE-2022-34970 (Crow before 1.0+4 has a heap-based buffer overflow via the function qs ...) + NOT-FOR-US: CrowCpp +CVE-2022-34969 (PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereferen ...) + NOT-FOR-US: pingcap/tidb +CVE-2022-34968 (An issue in the fetch_step function in Percona Server for MySQL v8.0.2 ...) + NOT-FOR-US: Percona Server for MySQL v8 +CVE-2022-34967 (The assertion `stmt->Dbc->FirstStmt' failed in MonetDB Database Server ...) + NOT-FOR-US: MonetDB +CVE-2022-34966 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34965 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34964 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34963 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34962 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34961 (OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered ...) + NOT-FOR-US: OpenTeknik +CVE-2022-34960 (The container package in MikroTik RouterOS 7.4beta4 allows an attacker ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2022-34959 + RESERVED +CVE-2022-34958 + RESERVED +CVE-2022-34957 + RESERVED +CVE-2022-34956 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection ...) + NOT-FOR-US: Pligg CMS +CVE-2022-34955 (Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection ...) + NOT-FOR-US: Pligg CMS +CVE-2022-34954 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34953 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34952 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34951 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34950 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34949 (Pharmacy Management System v1.0 was discovered to contain multiple SQL ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34948 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34947 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34946 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34945 (Pharmacy Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-34944 + RESERVED +CVE-2022-34943 + REJECTED +CVE-2022-34942 + RESERVED +CVE-2022-34941 + RESERVED +CVE-2022-34940 + RESERVED +CVE-2022-34939 + RESERVED +CVE-2022-34938 + RESERVED +CVE-2022-34937 (Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forge ...) + NOT-FOR-US: Yuba u5cms +CVE-2022-34936 + RESERVED +CVE-2022-34935 + RESERVED +CVE-2022-34934 + RESERVED +CVE-2022-34933 + RESERVED +CVE-2022-34932 + RESERVED +CVE-2022-34931 + RESERVED +CVE-2022-34930 + RESERVED +CVE-2022-34929 + RESERVED +CVE-2022-34928 (JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: JFinal CMS +CVE-2022-34927 (MilkyTracker v1.03.00 was discovered to contain a stack overflow via t ...) + - milkytracker 1.04.00+dfsg-1 (unimportant; bug #1016578) + NOTE: https://github.com/milkytracker/MilkyTracker/commit/3a5474f9102cbdc10fbd9e7b1b2c8d3f3f45d91b (v1.04.00) + NOTE: https://github.com/milkytracker/MilkyTracker/issues/275 + NOTE: Crash in GUI tool, no security impact +CVE-2022-34926 + RESERVED +CVE-2022-34925 + RESERVED +CVE-2022-34924 (Lanling OA Landray Office Automation (OA) internal patch number #13338 ...) + NOT-FOR-US: Lanling OA Landray Office Automation +CVE-2022-34923 + RESERVED +CVE-2022-34922 + RESERVED +CVE-2022-34921 + RESERVED +CVE-2022-34920 + RESERVED +CVE-2022-34919 (The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 ...) + NOT-FOR-US: Zengenti Contensis Classic +CVE-2022-34918 (An issue was discovered in the Linux kernel through 5.18.9. A type con ...) + {DSA-5191-1} + - linux 5.18.14-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/02/3 + NOTE: https://www.randorisec.fr/crack-linux-firewall/ +CVE-2022-2307 (A lack of cascading deletes in GitLab CE/EE affecting all versions sta ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-34917 (A security vulnerability has been identified in Apache Kafka. It affec ...) + - kafka (bug #786460) +CVE-2022-34916 (Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote ...) + NOT-FOR-US: Apache Flume +CVE-2022-2306 (Old session tokens can be used to authenticate to the application and ...) + NOT-FOR-US: Nakama +CVE-2022-2305 (The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2304 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) + {DLA-3182-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/eb7402f3-025a-402f-97a7-c38700d9548a/ + NOTE: https://github.com/vim/vim/commit/54e5fed6d27b747ff152cdb6edfb72ff60e70939 (v9.0.0035) +CVE-2022-2303 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2302 (Multiple Lenze products of the cabinet series skip the password verifi ...) + NOT-FOR-US: Lenze +CVE-2022-2301 (Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.) + - chafa 1.10.3-1 (unimportant) + NOTE: https://huntr.dev/bounties/f6b9114b-671d-4948-b946-ffe5c9aeb816/ + NOTE: https://github.com/hpjansson/chafa/commit/56fabfa18a6880b4cb66047fa6557920078048d9 (1.12.0) + NOTE: https://github.com/hpjansson/chafa/commit/a52325294cc018d4fa9a7f29668faea24362b94c (1.10.3) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2300 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-2299 (The Allow SVG Files WordPress plugin through 1.1 does not sanitise upl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2298 (A vulnerability has been found in SourceCodester Clinics Patient Manag ...) + NOT-FOR-US: Clinics Patient Management System +CVE-2022-2297 (A vulnerability, which was classified as critical, was found in Source ...) + NOT-FOR-US: Clinics Patient Management System +CVE-2022-2296 (Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior ...) + {DSA-5180-1} + - chromium 103.0.5060.114-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2295 (Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed ...) + {DSA-5180-1} + - chromium 103.0.5060.114-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2294 (Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.11 ...) + {DSA-5180-1} + - chromium 103.0.5060.114-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + - webkit2gtk 2.36.6-1 (unimportant) + [bullseye] - webkit2gtk 2.36.6-1~deb11u1 + [buster] - webkit2gtk 2.36.6-1~deb10u1 + - wpewebkit 2.36.6-1 (unimportant) + [bullseye] - wpewebkit 2.36.6-1~deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 + NOTE: Debian WebKitGTK and WPE WebKit binary packages are built without LibWebRTC + NOTE: https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2294.html +CVE-2022-2293 (A vulnerability classified as problematic was found in SourceCodester ...) + NOT-FOR-US: Simple Sales Management System +CVE-2022-2292 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: Hotel Management System +CVE-2022-2291 (A vulnerability was found in SourceCodester Hotel Management System 2. ...) + NOT-FOR-US: Hotel Management System +CVE-2022-34915 + RESERVED +CVE-2022-34914 (Webswing before 22.1.3 allows X-Forwarded-For header injection. The cl ...) + NOT-FOR-US: Webswing +CVE-2022-34913 (md2roff 1.7 has a stack-based buffer overflow via a Markdown file cont ...) + NOT-FOR-US: md2roff +CVE-2022-34912 (An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1 ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.7-1 + NOTE: https://phabricator.wikimedia.org/T308473 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ +CVE-2022-34911 (An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.7-1 + NOTE: https://phabricator.wikimedia.org/T308471 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/805208 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ +CVE-2022-2290 (Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/tril ...) + NOT-FOR-US: Trilium Notes +CVE-2022-2289 (Use After Free in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/7447d2ea-db5b-4883-adf4-1eaf7deace64/ + NOTE: https://github.com/vim/vim/commit/c5274dd12224421f2430b30c53b881b9403d649e (v9.0.0026) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2288 (Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (vulnerable code introduced in 8.2.4763) + [buster] - vim (vulnerable code introduced in 8.2.4763) + NOTE: https://huntr.dev/bounties/a71bdcb7-4e9b-4650-ab6a-fe8e3e9852ad/ + NOTE: https://github.com/vim/vim/commit/c6fdb15d423df22e1776844811d082322475e48a (v9.0.0025) +CVE-2022-34910 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) + NOT-FOR-US: A4N (Aremis 4 Nomad) +CVE-2022-34909 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) + NOT-FOR-US: A4N (Aremis 4 Nomad) +CVE-2022-34908 (An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 ...) + NOT-FOR-US: A4N (Aremis 4 Nomad) +CVE-2022-34907 (An authentication bypass vulnerability exists in FileWave before 14.6. ...) + NOT-FOR-US: FileWave +CVE-2022-34906 (A hard-coded cryptographic key is used in FileWave before 14.6.3 and 1 ...) + NOT-FOR-US: FileWave +CVE-2022-34905 + RESERVED +CVE-2022-34904 + RESERVED +CVE-2022-34863 + RESERVED +CVE-2022-34856 + RESERVED +CVE-2022-34854 (Improper access control in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-34841 (Improper buffer restrictions in the Intel(R) Media SDK software before ...) + NOT-FOR-US: Intel +CVE-2022-34488 (Improper buffer restrictions in the firmware for some Intel(R) NUC Lap ...) + NOT-FOR-US: Intel +CVE-2022-34346 (Out-of-bounds read in the Intel(R) Media SDK software before version 2 ...) + NOT-FOR-US: Intel +CVE-2022-33972 (Incorrect calculation in microcode keying mechanism for some 3rd Gener ...) + {DLA-3379-1} + - intel-microcode 3.20230214.1 (bug #1031334) + [bullseye] - intel-microcode 3.20230214.1~deb11u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 +CVE-2022-33197 + RESERVED +CVE-2022-32581 + RESERVED +CVE-2022-30531 (Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows ...) + NOT-FOR-US: Intel +CVE-2022-2287 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/654aa069-3a9d-45d3-9a52-c1cf3490c284/ + NOTE: https://github.com/vim/vim/commit/5e59ea54c0c37c2f84770f068d95280069828774 (v9.0.0021) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2286 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/fe7681fb-2318-436b-8e65-daf66cd597d8/ + NOTE: https://github.com/vim/vim/commit/f12129f1714f7d2301935bb21d896609bdac221c (v9.0.0020) +CVE-2022-34902 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34901 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34900 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34899 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34898 + RESERVED +CVE-2022-34897 + RESERVED +CVE-2022-34896 + RESERVED +CVE-2022-34895 + RESERVED +CVE-2022-34894 (In JetBrains Hub before 2022.2.14799, insufficient access control allo ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-2285 (Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9 ...) + {DLA-3182-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/64574b28-1779-458d-a221-06c434042736/ + NOTE: https://github.com/vim/vim/commit/27efc62f5d86afcb2ecb7565587fe8dea4b036fe (v9.0.0018) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2284 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/571d25ce-8d53-4fa0-b620-27f2a8a14874/ + NOTE: https://github.com/vim/vim/commit/3d51ce18ab1be4f9f6061568a4e7fabf00b21794 (v9.0.0017) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2283 + RESERVED +CVE-2022-2282 + REJECTED +CVE-2022-2281 (An information disclosure vulnerability in GitLab EE affecting all ver ...) + - gitlab (Specific to Gitlab EE) +CVE-2022-2280 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-2279 (NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi pri ...) + - libmobi 0.11+dfsg-1 + NOTE: https://huntr.dev/bounties/68c249e2-779d-4871-b7e3-851f03aca2de/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/c0699c8693c47f14a2e57dec7292e862ac7adf9c (v0.11) +CVE-2022-2278 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2277 (Improper Input Validation vulnerability exists in the Hitachi Energy M ...) + NOT-FOR-US: Hitachi +CVE-2021-4234 (OpenVPN Access Server 2.10 and prior versions are susceptible to resen ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2022-34893 (Trend Micro Security 2022 (consumer) has a link following vulnerabilit ...) + NOT-FOR-US: Trend Micro +CVE-2022-34892 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34891 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34890 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels +CVE-2022-34889 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2022-34888 (The Remote Mount feature can potentially be abused by valid, authentic ...) + NOT-FOR-US: Lenovo +CVE-2022-34887 (Standard users can directly operate and set printer configuration info ...) + NOT-FOR-US: Lenovo +CVE-2022-34886 (A remote code execution vulnerability was found in the firmware used i ...) + NOT-FOR-US: Lenovo +CVE-2022-34885 (An improper input sanitization vulnerability in the Motorola MR2600 ro ...) + NOT-FOR-US: Motorola +CVE-2022-34884 (A buffer overflow exists in the Remote Presence subsystem which can po ...) + NOT-FOR-US: Lenovo +CVE-2022-34883 (OS Command Injection vulnerability in Hitachi RAID Manager Storage Rep ...) + NOT-FOR-US: Hitachi +CVE-2022-34882 (Information Exposure Through an Error Message vulnerability in Hitachi ...) + NOT-FOR-US: Hitachi +CVE-2022-34881 (Generation of Error Message Containing Sensitive Information vulnerabi ...) + NOT-FOR-US: Hitachi +CVE-2022-34880 + RESERVED +CVE-2022-34879 (Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time ...) + NOT-FOR-US: VICIdial +CVE-2022-34878 (SQL Injection vulnerability in User Stats interface (/vicidial/user_st ...) + NOT-FOR-US: VICIdial +CVE-2022-34877 (SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicid ...) + NOT-FOR-US: VICIdial +CVE-2022-34876 (SQL Injection vulnerability in admin interface (/vicidial/admin.php) o ...) + NOT-FOR-US: VICIdial +CVE-2022-34903 (GnuPG through 2.3.6, in unusual situations where an attacker possesses ...) + {DSA-5174-1} + - gnupg2 2.2.35-3 (bug #1014157) + NOTE: https://dev.gnupg.org/T6027 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/30/1 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=34c649b3601383cd11dbc76221747ec16fd68e1b +CVE-2022-34875 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-34874 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-34873 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-34872 (This vulnerability allows remote attackers to disclose sensitive infor ...) + - centreon-web (bug #913903) +CVE-2022-34871 (This vulnerability allows remote attackers to escalate privileges on a ...) + - centreon-web (bug #913903) +CVE-2022-34870 (Apache Geode versions up to 1.15.0 are vulnerable to a Cross-Site Scri ...) + NOT-FOR-US: Apache Geode +CVE-2022-34858 (Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34853 (Multiple Authenticated (contributor or higher user role) Persistent Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34847 + RESERVED +CVE-2022-34839 (Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34838 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...) + NOT-FOR-US: ABB Zenon +CVE-2022-34837 (Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8 ...) + NOT-FOR-US: ABB Zenon +CVE-2022-34836 (Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the use ...) + NOT-FOR-US: ABB Zenon +CVE-2022-34654 (Cross-Site Request Forgery (CSRF) in Virgial Berveling'sManage Notific ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34650 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34487 (Unauthenticated Arbitrary Option Update vulnerability in biplob018's S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34347 (Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34155 (Improper Authentication vulnerability in miniOrange OAuth Single Sign ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34149 (Authentication Bypass vulnerability in miniOrange WP OAuth Server plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34148 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33974 (Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33965 (Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osama ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33961 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wasp ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33960 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33901 (Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33900 (PHP Object Injection vulnerability in Easy Digital Downloads plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33198 (Unauthenticated WordPress Options Change vulnerability in Biplob Adhik ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33191 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33177 (Cross-Site Request Forgery (CSRF) vulnerability in WPdevelop/Oplugins ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32970 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in The ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32776 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adva ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32587 (Cross-Site Request Forgery (CSRF) vulnerability in CodeAndMore WP Page ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30998 (Multiple Authenticated (subscriber or higher user role) SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30705 (Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29495 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29489 (Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27235 (Multiple Broken Access Control vulnerabilities in Social Share Buttons ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26366 (Cross-Site Request Forgery (CSRF) inAdRotate Banner Manager Plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25952 (Cross-Site Request Forgery (CSRF) vulnerability in Keywordrush Content ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2276 (The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2275 (The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2274 (The OpenSSL 3.0.4 release introduced a serious bug in the RSA implemen ...) + - openssl 3.0.4-2 (bug #1013441) + [bullseye] - openssl (Vulnerable code not present) + [buster] - openssl (Vulnerable code not present) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4d8a88c134df634ba610ff8db1eb8478ac5fd345 + NOTE: https://github.com/openssl/openssl/issues/18625 + NOTE: https://www.openssl.org/news/secadv/20220705.txt +CVE-2022-2273 (The Simple Membership WordPress plugin before 4.1.3 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2272 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Sante PACS Server +CVE-2022-2271 (The WP Database Backup WordPress plugin before 5.9 does not escape som ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2270 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2269 (The Website File Changes Monitor WordPress plugin before 1.8.3 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2268 (The Import any XML or CSV File to WordPress plugin before 3.6.8 accept ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2267 (The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJA ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2266 (University Library Automation System developed by Yordam Bilgi Teknolo ...) + NOT-FOR-US: University Library Automation System +CVE-2022-2265 (The Identity and Directory Management System developed by \xc7ekino Bi ...) + NOT-FOR-US: Teknolojileri +CVE-2022-2264 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/2241c773-02c9-4708-b63e-54aef99afa6c/ + NOTE: Fixed by: https://github.com/vim/vim/commit/d25f003342aca9889067f2e839963dfeccf1fe05 (v9.0.0011) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2263 (A vulnerability was found in Online Hotel Booking System 1.0 and class ...) + NOT-FOR-US: Online Hotel Booking System +CVE-2022-2262 (A vulnerability has been found in Online Hotel Booking System 1.0 and ...) + NOT-FOR-US: Online Hotel Booking System +CVE-2022-2261 (The WPIDE WordPress plugin before 3.0 does not sanitize and validate t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2260 (The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34835 (In Das U-Boot through 2022.07-rc5, an integer signedness error and res ...) + - u-boot 2022.07+dfsg-1 (bug #1014529) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (Minor issue) + NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/486113.html + NOTE: https://source.denx.de/u-boot/u-boot/-/commit/8f8c04bf1ebbd2f72f1643e7ad9617dafa6e5409 (v2022.07-rc6) +CVE-2022-34834 (An issue was discovered in VERMEG AgileReporter 21.3. Attackers can ga ...) + NOT-FOR-US: VERMEG AgileReporter +CVE-2022-34833 (An issue was discovered in VERMEG AgileReporter 21.3. An admin can ent ...) + NOT-FOR-US: VERMEG AgileReporter +CVE-2022-34832 (An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur vi ...) + NOT-FOR-US: VERMEG AgileReporter +CVE-2022-34831 (An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, rela ...) + NOT-FOR-US: Keyfactor +CVE-2022-34830 (An Arm product family through 2022-06-29 has a TOCTOU Race Condition t ...) + NOT-FOR-US: ARM +CVE-2022-34829 (Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of se ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-34828 + RESERVED +CVE-2022-34827 (Carel Boss Mini 1.5.0 has Improper Access Control.) + NOT-FOR-US: Carel Boss Mini +CVE-2022-34826 (In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passp ...) + NOT-FOR-US: Couchbase Server +CVE-2022-34825 (Uncontrolled Search Path Element in CLUSTERPRO X 5.0 for Windows and e ...) + NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER +CVE-2022-34824 (Weak File and Folder Permissions vulnerability in CLUSTERPRO X 5.0 for ...) + NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER +CVE-2022-34823 (Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earl ...) + NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER +CVE-2022-34822 (Path traversal vulnerability in CLUSTERPRO X 5.0 for Windows and earli ...) + NOT-FOR-US: CLUSTERPRO and EXPRESSCLUSTER +CVE-2022-2259 (In affected versions of Octopus Deploy it is possible for a user to vi ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2258 (In affected versions of Octopus Deploy it is possible for a user to vi ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89 + NOTE: https://github.com/vim/vim/commit/083692d598139228e101b8c521aaef7bcf256e9a (v9.0.0009) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...) + NOT-FOR-US: Keycloak +CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...) + {DLA-3111-1} + - mod-wsgi 4.9.0-1.1 (bug #1016476) + [bullseye] - mod-wsgi 4.7.1-3+deb11u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563 + NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3) + NOTE: WSGITrustedProxies and vulnerable code introduced in https://github.com/GrahamDumpleton/mod_wsgi/commit/543fc33c23b4cb5e623d574b7efbf85c8dedb396 (4.4.10) +CVE-2022-34821 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + NOT-FOR-US: Siemens +CVE-2022-34820 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-34819 (A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-34818 (Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perfo ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34817 (A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Jo ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34816 (Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencry ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34815 (A cross-site request forgery (CSRF) vulnerability in Jenkins Request R ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34814 (Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not cor ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34813 (A missing permission check in Jenkins XPath Configuration Viewer Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34812 (A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Con ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34811 (A missing permission check in Jenkins XPath Configuration Viewer Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34810 (A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34809 (Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in it ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34808 (Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unen ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34807 (Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password u ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34806 (Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34805 (Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unen ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34804 (Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain te ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34803 (Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34802 (Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34801 (Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34800 (Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens une ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34799 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a passwo ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34798 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perfor ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34797 (A cross-site request forgery (CSRF) vulnerability in Jenkins Deploymen ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34796 (A missing permission check in Jenkins Deployment Dashboard Plugin 1.0. ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34795 (Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34794 (Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier all ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34793 (Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parse ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34792 (A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34791 (Jenkins Validating Email Parameter Plugin 1.10 and earlier does not es ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34790 (Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34789 (A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Re ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34788 (Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34787 (Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34786 (Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34785 (Jenkins build-metrics Plugin 1.3 and earlier does not perform permissi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34784 (Jenkins build-metrics Plugin 1.3 does not escape the build description ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34783 (Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptio ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34782 (An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34781 (Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0. ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34780 (A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34779 (A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34778 (Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders th ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34777 (Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fiel ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34776 (Tabit - giftcard stealth. Several APIs on the web system display, with ...) + NOT-FOR-US: Tabit +CVE-2022-34775 (Tabit - Excessive data exposure. Another endpoint mapped by the tiny u ...) + NOT-FOR-US: Tabit +CVE-2022-34774 (Tabit - Arbitrary account modification. One of the endpoints mapped by ...) + NOT-FOR-US: Tabit +CVE-2022-34773 (Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configura ...) + NOT-FOR-US: Tabit +CVE-2022-34772 (Tabit - password enumeration. Description: Tabit - password enumeratio ...) + NOT-FOR-US: Tabit +CVE-2022-34771 (Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tab ...) + NOT-FOR-US: Tabit +CVE-2022-34770 (Tabit - sensitive information disclosure. Several APIs on the web syst ...) + NOT-FOR-US: Tabit +CVE-2022-34769 (PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (w ...) + NOT-FOR-US: Michlol +CVE-2022-34768 (insert HTML / js code inside input how to get to the vulnerable input ...) + NOT-FOR-US: Supersmart.me +CVE-2022-34767 (Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone t ...) + NOT-FOR-US: ALLNET +CVE-2022-34766 + RESERVED +CVE-2022-2254 (A user with administrative privileges in Distributed Data Systems WebH ...) + NOT-FOR-US: Distributed Data Systems WebHMI +CVE-2022-2253 (A user with administrative privileges in Distributed Data Systems WebH ...) + NOT-FOR-US: Distributed Data Systems WebHMI +CVE-2022-2252 (Open Redirect in GitHub repository microweber/microweber prior to 1.2. ...) + NOT-FOR-US: microweber +CVE-2022-2251 (Improper sanitization of branch names in GitLab Runner affecting all v ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2250 (An open redirect vulnerability in GitLab EE/CE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-46826 + RESERVED +CVE-2021-46825 (Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to ...) + NOT-FOR-US: Symantec +CVE-2022-33967 (squashfs filesystem implementation of U-Boot versions from v2020.10-rc ...) + - u-boot 2022.07+dfsg-1 + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (SquashFS support added in 2020.10) + NOTE: https://lists.denx.de/pipermail/u-boot/2022-June/487467.html + NOTE: https://source.denx.de/u-boot/u-boot/-/commit/7f7fb9937c6cb49dd35153bd6708872b390b0a44 (v2022.07-rc6) +CVE-2022-2249 (Privilege escalation related vulnerabilities were discovered in Avaya ...) + NOT-FOR-US: Avaya +CVE-2022-2248 + RESERVED +CVE-2022-2247 + RESERVED +CVE-2022-2246 + REJECTED +CVE-2022-34765 (A CWE-73: External Control of File Name or Path vulnerability exists t ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34764 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34763 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34762 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34761 (A CWE-476: NULL Pointer Dereference vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34760 (A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vuln ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34759 (A CWE-787: Out-of-bounds Write vulnerability exists that could cause a ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34758 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34757 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34756 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34755 (A CWE-427 - Uncontrolled Search Path Element vulnerability exists that ...) + NOT-FOR-US: Schneider +CVE-2022-34754 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34753 (A CWE-78: Improper Neutralization of Special Elements used in an OS Co ...) + NOT-FOR-US: Schneider Electric +CVE-2022-34752 + RESERVED +CVE-2022-34751 + RESERVED +CVE-2022-34750 (An issue was discovered in MediaWiki through 1.38.1. The lemma length ...) + NOT-FOR-US: MediaWiki extension WikiBase +CVE-2022-34749 (In mistune through 2.0.2, support of inline markup is implemented by u ...) + - mistune 2.0.3-1 (bug #1016089) + [bullseye] - mistune (Minor issue) + [buster] - mistune (Minor issue) + NOTE: https://github.com/lepture/mistune/commit/a6d43215132fe4f3d93f8d7e90ba83b16a0838b2 (v2.0.3) +CVE-2022-34748 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-34747 (A format string vulnerability in Zyxel NAS326 firmware versions prior ...) + NOT-FOR-US: Zyxel +CVE-2022-34746 (An insufficient entropy vulnerability caused by the improper use of ra ...) + NOT-FOR-US: Zyxel +CVE-2022-34743 (The AT commands of the USB port have an out-of-bounds read vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2022-34742 (The system module has a read/write vulnerability. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2022-34741 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-34740 (The NFC module has a buffer overflow vulnerability. Successful exploit ...) + NOT-FOR-US: Huawei +CVE-2022-34739 (The fingerprint module has a vulnerability of overflow in arithmetic a ...) + NOT-FOR-US: Huawei +CVE-2022-34738 (The SystemUI module has a vulnerability in permission control. If this ...) + NOT-FOR-US: Huawei +CVE-2022-34737 (The application security module has a vulnerability in permission assi ...) + NOT-FOR-US: Huawei +CVE-2022-34736 (The frame scheduling module has a null pointer dereference vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2022-34735 (The frame scheduling module has a null pointer dereference vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2022-2245 (The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check wh ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2244 (An improper authorization vulnerability in GitLab EE/CE affecting all ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2243 (An access control vulnerability in GitLab EE/CE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2242 (The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to i ...) + NOT-FOR-US: Kuka +CVE-2022-2241 (The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2240 (The Request a Quote WordPress plugin through 2.3.7 does not validate u ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2239 (The Request a Quote WordPress plugin before 2.3.9 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2238 (A vulnerability was found in the search-api container in Red Hat Advan ...) + NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes 2 / Stolostron +CVE-2022-2237 (A flaw was found in the Keycloak Node.js Adapter. This flaw allows an ...) + NOT-FOR-US: Keycloak +CVE-2022-2236 + RESERVED +CVE-2022-2235 (Insufficient sanitization in GitLab EE's external issue tracker affect ...) + - gitlab (Specific to EE) +CVE-2017-20138 (A vulnerability was found in Itech Auction Script 6.49. It has been cl ...) + NOT-FOR-US: Itech +CVE-2017-20137 (A vulnerability was found in Itech B2B Script 4.28. It has been rated ...) + NOT-FOR-US: Itech +CVE-2017-20136 (A vulnerability classified as critical has been found in Itech Classif ...) + NOT-FOR-US: Itech +CVE-2017-20135 (A vulnerability classified as critical was found in Itech Dating Scrip ...) + NOT-FOR-US: Itech +CVE-2017-20134 (A vulnerability, which was classified as critical, has been found in I ...) + NOT-FOR-US: Itech +CVE-2017-20133 (A vulnerability, which was classified as critical, was found in Itech ...) + NOT-FOR-US: Itech +CVE-2017-20132 (A vulnerability was found in Itech Multi Vendor Script 6.49 and classi ...) + NOT-FOR-US: Itech +CVE-2017-20131 (A vulnerability was found in Itech News Portal 6.28. It has been class ...) + NOT-FOR-US: Itech +CVE-2017-20130 (A vulnerability was found in Itech Real Estate Script 3.12. It has bee ...) + NOT-FOR-US: Itech +CVE-2017-20129 (A vulnerability was found in LogoStore. It has been classified as crit ...) + NOT-FOR-US: LogoStore +CVE-2017-20128 (A vulnerability has been found in KB Messages PHP Script 1.0 and class ...) + NOT-FOR-US: KB Messages PHP Script +CVE-2017-20127 (A vulnerability was found in KB Login Authentication Script 1.1 and cl ...) + NOT-FOR-US: KB Login Authentication Script +CVE-2017-20126 (A vulnerability was found in KB Affiliate Referral Script 1.0. It has ...) + NOT-FOR-US: KB Affiliate Referral Script +CVE-2022-34745 + RESERVED +CVE-2022-34744 + RESERVED +CVE-2022-2234 (An authenticated mySCADA myPRO 8.26.0 user may be able to modify param ...) + NOT-FOR-US: mySCADA myPRO +CVE-2022-2233 (The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Req ...) + NOT-FOR-US: Banner Cycler plugin for WordPress +CVE-2022-2232 + RESERVED +CVE-2022-2231 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/8dae6ab4-7a7a-4716-a65c-9b090fa057b5 + NOTE: https://github.com/vim/vim/commit/79481367a457951aabd9501b510fd7e3eb29c3d8 (v8.2.5169) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2230 (A Stored Cross-Site Scripting vulnerability in the project settings pa ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2229 (An improper authorization issue in GitLab CE/EE affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2228 (Information exposure in GitLab EE affecting all versions from 12.0 pri ...) + - gitlab (Specific to EE) +CVE-2022-2227 (Improper access control in the runner jobs API in GitLab CE/EE affecti ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2226 (An OpenPGP digital signature includes information about the date when ...) + {DSA-5175-1} + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2226 +CVE-2017-20125 (A vulnerability classified as critical was found in Online Hotel Booki ...) + NOT-FOR-US: Online Hotel Booking System Pro +CVE-2017-20124 (A vulnerability classified as critical has been found in Online Hotel ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20123 (A vulnerability was found in Viscosity 1.6.7. It has been classified a ...) + NOT-FOR-US: Viscosity on Windows and macOS +CVE-2017-20122 (A vulnerability classified as problematic was found in Bitrix Site Man ...) + NOT-FOR-US: Bitrix Site Manager +CVE-2022-34734 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34733 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-34732 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34731 (Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-34730 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34729 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34728 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34727 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34726 (Microsoft ODBC Driver Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34725 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34724 (Windows DNS Server Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34723 (Windows DPAPI (Data Protection Application Programming Interface) Info ...) + NOT-FOR-US: Microsoft +CVE-2022-34722 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2022-34721 (Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2022-34720 (Windows Internet Key Exchange (IKE) Extension Denial of Service Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-34719 (Windows Distributed File System (DFS) Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34717 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34716 (.NET Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34715 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34714 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-34713 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-34712 (Windows Defender Credential Guard Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34711 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34710 (Windows Defender Credential Guard Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34709 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-34708 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34707 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34706 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-34705 (Windows Defender Credential Guard Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34704 (Windows Defender Credential Guard Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34703 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-34702 (Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-34701 (Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-34700 (Microsoft Dynamics CRM (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-34699 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34698 + RESERVED +CVE-2022-34697 + RESERVED +CVE-2022-34696 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34695 + RESERVED +CVE-2022-34694 + RESERVED +CVE-2022-34693 + RESERVED +CVE-2022-34692 (Microsoft Exchange Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34691 (Active Directory Domain Services Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34690 (Windows Fax Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34689 (Windows CryptoAPI Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-34688 + RESERVED +CVE-2022-34687 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34686 (Azure RTOS GUIX Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34685 (Azure RTOS GUIX Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-34684 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers (Non-free not supported) + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34683 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-34682 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34681 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-34680 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34679 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34678 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2022-34677 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34676 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + NOT-FOR-US: NVIDIA vGPU driver +CVE-2022-34675 (NVIDIA Display Driver for Linux contains a vulnerability in the Virtua ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34674 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34673 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 515.86.01-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers (Only affects R515) + [buster] - nvidia-graphics-drivers (Only affects R515) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34672 (NVIDIA Control Panel for Windows contains a vulnerability where an una ...) + NOT-FOR-US: NVIDIA +CVE-2022-34671 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-34670 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + {DLA-3418-1} + - nvidia-graphics-drivers 510.108.03-1 (bug #1025279) + [bullseye] - nvidia-graphics-drivers 470.161.03-1 + [buster] - nvidia-graphics-drivers (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-340xx (bug #1025280) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.157-1 (bug #1025281) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.157-1~deb11u1 + - nvidia-graphics-drivers-tesla 510.108.03-1 (bug #1025287) + - nvidia-graphics-drivers-tesla-418 (bug #1025282) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.216.04-1 (bug #1025283) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.216.04-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1025284) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.161.03-1 (bug #1025285) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.161.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.108.03-1 (bug #1025286) + - nvidia-open-gpu-kernel-modules 515.86.01-1 +CVE-2022-34669 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-34668 (NVFLARE, versions prior to 2.1.4, contains a vulnerability that deseri ...) + NOT-FOR-US: NVFLARE +CVE-2022-34667 (NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnera ...) + [experimental] - nvidia-cuda-toolkit 11.8.0-1 + - nvidia-cuda-toolkit 11.8.0-2 (bug #1021625) + [bullseye] - nvidia-cuda-toolkit (Non-free not supported) + [buster] - nvidia-cuda-toolkit (Minor issue) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5373 +CVE-2022-34666 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.141.03-1 + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 +CVE-2022-34665 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.141.03-1 + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 +CVE-2022-34664 + RESERVED +CVE-2022-34663 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2022-34662 (When users add resources to the resource center with a relation path w ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-34661 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-34660 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-2225 (By using warp-cli subcommands (disable-ethernet, disable-wifi), it was ...) + NOT-FOR-US: Cloudflare Warp +CVE-2022-2224 (The WordPress plugin Gallery for Social Photo is vulnerable to Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2223 (The WordPress plugin Image Slider is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2222 (The Download Monitor WordPress plugin before 4.5.91 does not ensure th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2221 (Information Exposure vulnerability in My Account Settings of Devolutio ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-2220 + REJECTED +CVE-2022-2219 (The Unyson WordPress plugin before 2.7.27 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2218 (Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/p ...) + NOT-FOR-US: Node parse-url +CVE-2022-2217 (Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/ ...) + NOT-FOR-US: Node parse-url +CVE-2022-2216 (Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/pa ...) + NOT-FOR-US: Node parse-url +CVE-2022-2215 (The GiveWP WordPress plugin before 2.21.3 does not properly sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36553 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) + NOT-FOR-US: Multi Restaurant Table Reservation System +CVE-2020-36552 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) + NOT-FOR-US: Multi Restaurant Table Reservation System +CVE-2020-36551 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) + NOT-FOR-US: Multi Restaurant Table Reservation System +CVE-2020-36550 (Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Resta ...) + NOT-FOR-US: Multi Restaurant Table Reservation System +CVE-2017-20121 (A vulnerability was found in Teradici Management Console 2.2.0. It has ...) + NOT-FOR-US: Teradici Management Console +CVE-2017-20120 (A vulnerability classified as problematic was found in TrueConf Server ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20119 (A vulnerability classified as problematic has been found in TrueConf S ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20118 (A vulnerability was found in TrueConf Server 4.3.7. It has been rated ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20117 (A vulnerability was found in TrueConf Server 4.3.7. It has been declar ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20116 (A vulnerability was found in TrueConf Server 4.3.7. It has been classi ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20115 (A vulnerability was found in TrueConf Server 4.3.7 and classified as p ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20114 (A vulnerability has been found in TrueConf Server 4.3.7 and classified ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20113 (A vulnerability, which was classified as problematic, was found in Tru ...) + NOT-FOR-US: TrueConf Server +CVE-2017-20112 (A vulnerability has been found in IVPN Client 2.6.6120.33863 and class ...) + NOT-FOR-US: IVPN Client +CVE-2017-20111 (A vulnerability, which was classified as critical, was found in Teleop ...) + NOT-FOR-US: Teleopti WFM +CVE-2017-20110 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Teleopti WFM +CVE-2017-20109 (A vulnerability classified as problematic was found in Teleopti WFM up ...) + NOT-FOR-US: Teleopti WFM +CVE-2022-34659 (A vulnerability has been identified in Simcenter STAR-CCM+ (All versio ...) + NOT-FOR-US: Siemens +CVE-2022-34647 + RESERVED +CVE-2022-34646 + RESERVED +CVE-2022-34345 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) + NOT-FOR-US: Intel +CVE-2022-34157 (Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with I ...) + NOT-FOR-US: Intel +CVE-2022-33964 (Improper input validation in the Intel(R) SUR software before version ...) + NOT-FOR-US: Intel +CVE-2022-33946 (Improper authentication in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-33190 (Improper input validation in the Intel(R) SUR software before version ...) + NOT-FOR-US: Intel +CVE-2022-32971 (Improper authentication in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-32579 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) + NOT-FOR-US: Intel +CVE-2022-31476 (Improper access control in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-30692 (Improper conditions check in the Intel(R) SUR software before version ...) + NOT-FOR-US: Intel +CVE-2022-29514 (Improper access control in the Intel(R) SUR software before version 2. ...) + NOT-FOR-US: Intel +CVE-2022-27168 (Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 ...) + NOT-FOR-US: LiteCart +CVE-2022-2214 (A vulnerability was found in SourceCodester Library Management System ...) + NOT-FOR-US: SourceCodester Library Management System +CVE-2022-2213 (A vulnerability was found in SourceCodester Library Management System ...) + NOT-FOR-US: SourceCodester Library Management System +CVE-2022-2212 (A vulnerability was found in SourceCodester Library Management System ...) + NOT-FOR-US: SourceCodester Library Management System +CVE-2022-34645 + RESERVED +CVE-2022-34644 + RESERVED +CVE-2022-34643 (RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implemen ...) + NOT-FOR-US: RISCV ISA Sim +CVE-2022-34642 (The component mcontrol.action in RISCV ISA Sim commit ac466a21df442c59 ...) + NOT-FOR-US: RISCV ISA Sim +CVE-2022-34641 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...) + NOT-FOR-US: CVA6 +CVE-2022-34640 (The *tval of ecall/ebreak in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf ...) + NOT-FOR-US: CVA6 +CVE-2022-34639 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standa ...) + NOT-FOR-US: CVA6 +CVE-2022-34638 + RESERVED +CVE-2022-34637 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an inc ...) + NOT-FOR-US: CVA6 +CVE-2022-34636 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom co ...) + NOT-FOR-US: CVA6 +CVE-2022-34635 (The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a9 ...) + NOT-FOR-US: CVA6 +CVE-2022-34634 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted ...) + NOT-FOR-US: CVA6 +CVE-2022-34633 (CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted ...) + NOT-FOR-US: CVA6 +CVE-2022-34632 (Rocket-Chip commit 4f8114374d8824dfdec03f576a8cd68bebce4e56 was discov ...) + NOT-FOR-US: Rocket-Chip +CVE-2022-34631 + RESERVED +CVE-2022-34630 + RESERVED +CVE-2022-34629 + RESERVED +CVE-2022-34628 + RESERVED +CVE-2022-34627 + RESERVED +CVE-2022-34626 + RESERVED +CVE-2022-34625 (Mealie1.0.0beta3 was discovered to contain a Server-Side Template Inje ...) + NOT-FOR-US: hay-kot/mealie +CVE-2022-34624 (Mealie1.0.0beta3 does not terminate download tokens after a user logs ...) + NOT-FOR-US: Mealie +CVE-2022-34623 (Mealie1.0.0beta3 is vulnerable to user enumeration via timing response ...) + NOT-FOR-US: Mealie +CVE-2022-34622 + RESERVED +CVE-2022-34621 (Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object ...) + NOT-FOR-US: Mealie +CVE-2022-34620 + RESERVED +CVE-2022-34619 (A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 all ...) + NOT-FOR-US: hay-kot/mealie +CVE-2022-34618 (A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 ...) + NOT-FOR-US: hay-kot/mealie +CVE-2022-34617 + RESERVED +CVE-2022-34616 + RESERVED +CVE-2022-34615 (Mealie 1.0.0beta3 employs weak password requirements which allows atta ...) + NOT-FOR-US: Mealie +CVE-2022-34614 + RESERVED +CVE-2022-34613 (Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability whic ...) + NOT-FOR-US: hay-kot/mealie +CVE-2022-34612 (Rizin v0.4.0 and below was discovered to contain an integer overflow v ...) + NOT-FOR-US: Rizin +CVE-2022-34611 (A cross-site scripting (XSS) vulnerability in /index.php/?p=report of ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-34610 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34609 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34608 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34607 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34606 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34605 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34604 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34603 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34602 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34601 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34600 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34599 (H3C Magic R200 R200V200R004L02 was discovered to contain a stack overf ...) + NOT-FOR-US: H3C Magic +CVE-2022-34598 (The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 por ...) + NOT-FOR-US: udpserver in H3C Magic R100 V200R004 and V100R005 +CVE-2022-34597 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...) + NOT-FOR-US: Tenda +CVE-2022-34596 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...) + NOT-FOR-US: Tenda +CVE-2022-34595 (Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injecti ...) + NOT-FOR-US: Tenda +CVE-2022-34594 (Advanced School Management System v1.0 was discovered to contain a cro ...) + NOT-FOR-US: Advanced School Management System +CVE-2022-34593 (DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read ...) + NOT-FOR-US: DPTech VPN +CVE-2022-34592 (Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a co ...) + NOT-FOR-US: Wavlink +CVE-2022-34591 + RESERVED +CVE-2022-34590 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-34589 + RESERVED +CVE-2022-34588 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-34587 + RESERVED +CVE-2022-34586 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-34585 + RESERVED +CVE-2022-34584 + RESERVED +CVE-2022-34583 + RESERVED +CVE-2022-34582 + RESERVED +CVE-2022-34581 + RESERVED +CVE-2022-34580 (Advanced School Management System v1.0 was discovered to contain a cro ...) + NOT-FOR-US: Advanced School Management System +CVE-2022-34579 + RESERVED +CVE-2022-34578 (Open Source Point of Sale v3.3.7 was discovered to contain an arbitrar ...) + NOT-FOR-US: Open Source Point of Sale +CVE-2022-34577 (A vulnerability in adm.cgi of WAVLINK WN535 G3 M35G3R.V5030.180927 all ...) + NOT-FOR-US: Wavlink +CVE-2022-34576 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M ...) + NOT-FOR-US: Wavlink +CVE-2022-34575 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) + NOT-FOR-US: Wavlink +CVE-2022-34574 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) + NOT-FOR-US: Wavlink +CVE-2022-34573 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) + NOT-FOR-US: Wavlink +CVE-2022-34572 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) + NOT-FOR-US: Wavlink +CVE-2022-34571 (An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD ...) + NOT-FOR-US: Wavlink +CVE-2022-34570 (WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an inf ...) + NOT-FOR-US: Wavlink +CVE-2022-34569 + RESERVED +CVE-2022-34568 (SDL v1.2 was discovered to contain a use-after-free via the XFree func ...) + - libsdl1.2 1.2.15+dfsg2-8 (bug #1016352) + [bullseye] - libsdl1.2 (Minor issue) + [buster] - libsdl1.2 (Minor issue) + NOTE: https://github.com/libsdl-org/SDL-1.2/issues/863 + NOTE: https://github.com/libsdl-org/SDL-1.2/commit/d7e00208738a0bc6af302723fe64908ac35b777b +CVE-2022-34567 (An issue in \Roaming\Mango\Plugins of University of Texas Multi-image ...) + NOT-FOR-US: Mango +CVE-2022-34566 + RESERVED +CVE-2022-34565 + RESERVED +CVE-2022-34564 + RESERVED +CVE-2022-34563 + RESERVED +CVE-2022-34562 + RESERVED +CVE-2022-34561 + RESERVED +CVE-2022-34560 + RESERVED +CVE-2022-34559 + RESERVED +CVE-2022-34558 (WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon ...) + NOT-FOR-US: WMCore +CVE-2022-34557 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Barangay Management System +CVE-2022-34556 (PicoC v3.2.2 was discovered to contain a NULL pointer dereference at v ...) + NOT-FOR-US: PicoC +CVE-2022-34555 (TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to conta ...) + NOT-FOR-US: TP-Link +CVE-2022-34554 + RESERVED +CVE-2022-34553 + RESERVED +CVE-2022-34552 + RESERVED +CVE-2022-34551 (Sims v1.0 was discovered to allow path traversal when downloading atta ...) + NOT-FOR-US: Sims +CVE-2022-34550 (Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulne ...) + NOT-FOR-US: Sims +CVE-2022-34549 (Sims v1.0 was discovered to contain an arbitrary file upload vulnerabi ...) + NOT-FOR-US: Sims +CVE-2022-34548 + RESERVED +CVE-2022-34547 + RESERVED +CVE-2022-34546 + RESERVED +CVE-2022-34545 + RESERVED +CVE-2022-34544 + RESERVED +CVE-2022-34543 + RESERVED +CVE-2022-34542 + RESERVED +CVE-2022-34541 + RESERVED +CVE-2022-34540 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34539 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34538 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34537 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34536 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows attacker ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34535 (Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthen ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34534 (Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to ac ...) + NOT-FOR-US: Digital Watchdog +CVE-2022-34533 + RESERVED +CVE-2022-34532 + RESERVED +CVE-2022-34531 (DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE ...) + NOT-FOR-US: DedeCMS +CVE-2022-34530 (An issue in the login and reset password functionality of Backdrop CMS ...) + - backdrop (bug #914257) +CVE-2022-34529 (WASM3 v0.5.0 was discovered to contain a segmentation fault via the co ...) + NOT-FOR-US: WASM3 +CVE-2022-34528 (D-Link DSL-3782 v1.03 and below was discovered to contain a stack over ...) + NOT-FOR-US: D-Link +CVE-2022-34527 (D-Link DSL-3782 v1.03 and below was discovered to contain a command in ...) + NOT-FOR-US: D-Link +CVE-2022-34526 (A stack overflow was discovered in the _TIFFVGetField function of Tiff ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-4 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/433 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990 +CVE-2022-34525 + RESERVED +CVE-2022-34524 + RESERVED +CVE-2022-34523 + RESERVED +CVE-2022-34522 + RESERVED +CVE-2022-34521 + RESERVED +CVE-2022-34520 (Radare2 v5.7.2 was discovered to contain a NULL pointer dereference vi ...) + - radare2 (bug #1016979) + NOTE: https://github.com/radareorg/radare2/issues/20354 + NOTE: https://github.com/radareorg/radare2/commit/fc285cecb8469f0262db0170bf6dd7c01d9b8ed5 (5.7.4) +CVE-2022-34519 + RESERVED +CVE-2022-34518 + RESERVED +CVE-2022-34517 + RESERVED +CVE-2022-34516 + RESERVED +CVE-2022-34515 + RESERVED +CVE-2022-34514 + RESERVED +CVE-2022-34513 + RESERVED +CVE-2022-34512 + RESERVED +CVE-2022-34511 + RESERVED +CVE-2022-34510 + RESERVED +CVE-2022-34509 (The wikifaces package in PyPI v1.0 included a code execution backdoor ...) + NOT-FOR-US: wikifaces +CVE-2022-34508 + RESERVED +CVE-2022-34507 + RESERVED +CVE-2022-34506 + RESERVED +CVE-2022-34505 + RESERVED +CVE-2022-34504 + RESERVED +CVE-2022-34503 (QPDF v8.4.2 was discovered to contain a heap buffer overflow via the f ...) + - qpdf 9.0.0-1 (unimportant) + NOTE: https://github.com/qpdf/qpdf/issues/701 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5 + NOTE: Negligible security impact +CVE-2022-34502 (Radare2 v5.7.0 was discovered to contain a heap buffer overflow via th ...) + - radare2 (bug #1016979) + NOTE: https://github.com/radareorg/radare2/issues/20336 + NOTE: https://github.com/radareorg/radare2/commit/b4ca66f5d4363d68a6379e5706353b3bde5104a4 (5.7.2) +CVE-2022-34501 (The bin-collection package in PyPI before v0.1 included a code executi ...) + NOT-FOR-US: bin-collection +CVE-2022-34500 (The bin-collect package in PyPI before v0.1 included a code execution ...) + NOT-FOR-US: bin-collect +CVE-2022-34499 + RESERVED +CVE-2022-34498 + RESERVED +CVE-2022-34497 + RESERVED +CVE-2022-34496 (Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upl ...) + NOT-FOR-US: Hiby R3 PRO firmware +CVE-2022-34495 (rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel be ...) + - linux 5.18.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/c2eecefec5df1306eafce28ccdf1ca159a552ecc (5.19-rc1) +CVE-2022-34494 (rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the L ...) + - linux 5.18.5-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/1680939e9ecf7764fba8689cfb3429c2fe2bb23c (5.19-rc1) +CVE-2022-2211 (A vulnerability was found in libguestfs. This issue occurs while calcu ...) + - libguestfs 1:1.46.2-1 + [bullseye] - libguestfs (Minor issue) + [buster] - libguestfs (Minor issue) + - guestfs-tools 1.48.3-4 (bug #1014764) + [bookworm] - guestfs-tools 1.48.2-1+deb12u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100862 + NOTE: In 1:1.46.2-1 of src:libguestfs the tools were split out to src:guestfs-tools, marking that as fixed version + NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029274.html + NOTE: https://listman.redhat.com/archives/libguestfs/2022-June/029277.html + NOTE: https://github.com/libguestfs/libguestfs-common/commit/35467027f657de76aca34b48a6f23e9608b23a57 + NOTE: Documentation: https://github.com/libguestfs/libguestfs/commit/99844660b48ed809e37378262c65d63df6ce4a53 +CVE-2022-2210 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/020845f8-f047-4072-af0f-3726fe1aea25 + NOTE: https://github.com/vim/vim/commit/c101abff4c6756db4f5e740fde289decb9452efa (v8.2.5164) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2209 + REJECTED +CVE-2022-2208 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.516 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/7bfe3d5b-568f-4c34-908f-a39909638cc1 + NOTE: https://github.com/vim/vim/commit/cd38bb4d83c942c4bad596835c6766cbf32e5195 (v8.2.5163) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2207 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant; bug #1015984) + NOTE: https://huntr.dev/bounties/05bc6051-4dc3-483b-ae56-cf23346b97b9 + NOTE: https://github.com/vim/vim/commit/0971c7a4e537ea120a6bb2195960be8d0815e97b (v8.2.5162) + NOTE: Crash in CLI tool, no security impact +CVE-2022-34493 + RESERVED +CVE-2022-34492 + RESERVED +CVE-2022-34491 + REJECTED +CVE-2022-34490 + RESERVED +CVE-2022-2206 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/01d01e74-55d0-4d9e-878e-79ba599be668 + NOTE: https://github.com/vim/vim/commit/e178af5a586ea023622d460779fdcabbbfac0908 (v8.2.5160) + NOTE: Crash in CLI tool, no security impact +CVE-2022-34486 (Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allow ...) + NOT-FOR-US: PukiWiki +CVE-2022-27637 (Reflected cross-site scripting vulnerability in PukiWiki versions 1.5. ...) + NOT-FOR-US: PukiWiki +CVE-2022-2205 + RESERVED + - firefox 103.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/#CVE-2022-2205 +CVE-2022-2204 + RESERVED +CVE-2017-20108 (A vulnerability classified as problematic has been found in Easy Table ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20107 (A vulnerability, which was classified as problematic, was found in Sha ...) + NOT-FOR-US: ShadeYouVPN.com Client +CVE-2017-20106 (A vulnerability, which was classified as critical, has been found in L ...) + NOT-FOR-US: Lithium Forum +CVE-2017-20105 (A vulnerability was found in Simplessus 3.7.7. It has been rated as cr ...) + NOT-FOR-US: Simplessus +CVE-2017-20104 (A vulnerability was found in Simplessus 3.7.7. It has been declared as ...) + NOT-FOR-US: Simplessus +CVE-2017-20103 (A vulnerability classified as critical has been found in Kama Click Co ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20102 (A vulnerability was found in Album Lock 4.0 and classified as critical ...) + NOT-FOR-US: Album Lock +CVE-2017-20101 (A vulnerability, which was classified as problematic, was found in Pro ...) + NOT-FOR-US: ProjectSend +CVE-2017-20100 (A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been ra ...) + NOT-FOR-US: Air Transfer +CVE-2017-20099 (A vulnerability was found in Analytics Stats Counter Statistics Plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20098 (A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34150 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...) + NOT-FOR-US: MiCODUS +CVE-2022-33944 (The main MiCODUS MV720 GPS tracker web server has an authenticated ins ...) + NOT-FOR-US: MiCODUS +CVE-2022-2203 + RESERVED +CVE-2022-2202 + RESERVED +CVE-2022-2201 + RESERVED +CVE-2022-2200 (If an object prototype was corrupted by an attacker, they would have b ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-2200 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-2200 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-2200 +CVE-2022-2199 (The main MiCODUS MV720 GPS tracker web server has a reflected cross-si ...) + NOT-FOR-US: MiCODUS +CVE-2022-34485 (Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team r ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34485 +CVE-2022-34484 (The Mozilla Fuzzing Team reported potential vulnerabilities present in ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34484 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34484 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34484 +CVE-2022-34483 (An attacker who could have convinced a user to drag and drop an image ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34483 +CVE-2022-34482 (An attacker who could have convinced a user to drag and drop an image ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34482 +CVE-2022-34481 (In the nsTArray_Impl::ReplaceElementsAt() function, an in ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34481 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34481 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34481 +CVE-2022-34480 (Within the lg_init() function, if several allocations suc ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34480 +CVE-2022-34479 (A malicious website that could create a popup could have resized the p ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34479 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34479 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34479 +CVE-2022-34478 (The ms-msdt, search, and search-ms (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34478 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34478 +CVE-2022-34477 (The MediaError message property should be consistent to avoid leaking ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34477 +CVE-2022-34476 (ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP cou ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34476 +CVE-2022-34475 (SVG <use> tags that referenced a same-origin docume ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34475 +CVE-2022-34474 (Even when an iframe was sandboxed with allow-top-navigation-by-u ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34474 +CVE-2022-34473 (The HTML Sanitizer should have sanitized the href attribu ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34473 +CVE-2022-34472 (If there was a PAC URL set and the server that hosts the PAC was not r ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34472 +CVE-2022-34471 (When downloading an update for an addon, the downloaded addon update's ...) + - firefox 102.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34471 +CVE-2022-34470 (Session history navigations may have led to a use-after-free and poten ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34470 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34470 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34470 +CVE-2022-34469 (When a TLS Certificate error occurs on a domain protected by the HSTS ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34469 +CVE-2022-34468 (An iframe that was not permitted to run scripts could do so if the use ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 102.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-24/#CVE-2022-34468 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-34468 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-34468 +CVE-2022-34467 (A vulnerability has been identified in Mendix Excel Importer Module (M ...) + NOT-FOR-US: Siemens +CVE-2022-34466 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2022-34465 (A vulnerability has been identified in Parasolid V33.1 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-34464 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) + NOT-FOR-US: Siemens +CVE-2022-2198 (The WPQA Builder WordPress plugin before 5.7 which is a companion plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2197 (By using a specific credential string, an attacker with network access ...) + NOT-FOR-US: Exemys +CVE-2022-2196 (A regression exists in the Linux Kernel within KVM: nVMX that allowed ...) + {DLA-3404-1} + - linux 6.1.15-1 + [bullseye] - linux 5.10.178-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2e7eab81425ad6c875f2ed47c0ce01e78afc38a5 +CVE-2022-2195 + RESERVED +CVE-2022-2194 (The Accept Stripe Payments WordPress plugin before 2.0.64 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2019-25071 (A vulnerability was found in Apple iPhone up to 12.4.1. It has been de ...) + NOT-FOR-US: Apple iPhone +CVE-2022-34463 + RESERVED +CVE-2022-34462 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) + NOT-FOR-US: EMC +CVE-2022-34461 + REJECTED +CVE-2022-34460 (Prior Dell BIOS versions contain an improper input validation vulnerab ...) + NOT-FOR-US: Dell +CVE-2022-34459 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...) + NOT-FOR-US: Dell +CVE-2022-34458 (Dell Command | Update, Dell Update, and Alienware Update versions prio ...) + NOT-FOR-US: Dell +CVE-2022-34457 (Dell command configuration, version 4.8 and prior, contains improper f ...) + NOT-FOR-US: Dell +CVE-2022-34456 (Dell EMC Metro node, Version(s) prior to 7.1, contain a Code Injection ...) + NOT-FOR-US: EMC +CVE-2022-34455 + RESERVED +CVE-2022-34454 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buff ...) + NOT-FOR-US: Dell +CVE-2022-34453 (Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper acc ...) + NOT-FOR-US: Dell +CVE-2022-34452 (PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* con ...) + NOT-FOR-US: Dell +CVE-2022-34451 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) + NOT-FOR-US: Dell +CVE-2022-34450 (PowerPath Management Appliance with version 3.3 contains Privilege Esc ...) + NOT-FOR-US: Dell +CVE-2022-34449 (PowerPath Management Appliance with versions 3.3 & 3.2* contains a Har ...) + NOT-FOR-US: Dell +CVE-2022-34448 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) + NOT-FOR-US: Dell +CVE-2022-34447 (PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* co ...) + NOT-FOR-US: Dell +CVE-2022-34446 (PowerPath Management Appliance with versions 3.3 & 3.2* contains Autho ...) + NOT-FOR-US: Dell +CVE-2022-34445 (Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak enc ...) + NOT-FOR-US: Dell +CVE-2022-34444 (Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an inf ...) + NOT-FOR-US: Dell +CVE-2022-34443 (Dell Rugged Control Center, versions prior to 4.5, contain an Improper ...) + NOT-FOR-US: Dell +CVE-2022-34442 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) + NOT-FOR-US: EMC +CVE-2022-34441 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) + NOT-FOR-US: EMC +CVE-2022-34440 (Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a ...) + NOT-FOR-US: EMC +CVE-2022-34439 (Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of ...) + NOT-FOR-US: Dell +CVE-2022-34438 (Dell PowerScale OneFS, versions 8.2.x-9.4.0.x, contain a privilege con ...) + NOT-FOR-US: Dell +CVE-2022-34437 (Dell PowerScale OneFS, versions 8.2.2-9.3.0, contain an OS command inj ...) + NOT-FOR-US: Dell +CVE-2022-34436 (Dell iDRAC8 version 2.83.83.83 and prior contain an improper input val ...) + NOT-FOR-US: Dell +CVE-2022-34435 (Dell iDRAC9 version 6.00.02.00 and prior contain an improper input val ...) + NOT-FOR-US: Dell +CVE-2022-34434 (Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an ...) + NOT-FOR-US: Dell +CVE-2022-34433 + RESERVED +CVE-2022-34432 (Dell Hybrid Client below 1.8 version contains a gedit vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-34431 (Dell Hybrid Client below 1.8 version contains a guest user profile cor ...) + NOT-FOR-US: Dell +CVE-2022-34430 (Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability ...) + NOT-FOR-US: Dell +CVE-2022-34429 (Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability ...) + NOT-FOR-US: Dell +CVE-2022-34428 (Dell Hybrid Client prior to version 1.8 contains a Regular Expression ...) + NOT-FOR-US: Dell +CVE-2022-34427 (Dell Container Storage Modules 1.2 contains an OS Command Injection in ...) + NOT-FOR-US: Dell +CVE-2022-34426 (Dell Container Storage Modules 1.2 contains an Improper Limitation of ...) + NOT-FOR-US: Dell +CVE-2022-34425 (Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vu ...) + NOT-FOR-US: Dell +CVE-2022-34424 (Networking OS10, versions 10.5.1.x, 10.5.2.x, and 10.5.3.x contain a v ...) + NOT-FOR-US: Dell +CVE-2022-34423 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34422 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34421 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34420 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34419 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34418 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34417 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34416 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34415 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34414 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34413 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34412 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34411 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34410 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34409 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34408 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34407 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34406 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34405 (An improper access control vulnerability was identified in the Realtek ...) + NOT-FOR-US: Dell +CVE-2022-34404 (Dell System Update, version 2.0.0 and earlier, contains an Improper Ce ...) + NOT-FOR-US: Dell +CVE-2022-34403 (Dell BIOS contains a Stack based buffer overflow vulnerability. A loca ...) + NOT-FOR-US: Dell +CVE-2022-34402 (Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service ...) + NOT-FOR-US: Dell +CVE-2022-34401 (Dell BIOS contains a stack based buffer overflow vulnerability. A loca ...) + NOT-FOR-US: Dell +CVE-2022-34400 (Dell BIOS contains a heap buffer overflow vulnerability. A local attac ...) + NOT-FOR-US: Dell +CVE-2022-34399 (Dell Alienware m17 R5 BIOS version prior to 1.2.2 contain a buffer acc ...) + NOT-FOR-US: Dell +CVE-2022-34398 (Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-34397 (Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Ena ...) + NOT-FOR-US: Dell +CVE-2022-34396 (Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earli ...) + NOT-FOR-US: Dell +CVE-2022-34395 + REJECTED +CVE-2022-34394 (Dell OS10, version 10.5.3.4, contains an Improper Certificate Validati ...) + NOT-FOR-US: Dell +CVE-2022-34393 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-34392 (SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insu ...) + NOT-FOR-US: Dell +CVE-2022-34391 (Dell Client BIOS Versions prior to the remediated version contain an i ...) + NOT-FOR-US: Dell +CVE-2022-34390 (Dell BIOS contains a use of uninitialized variable vulnerability. A lo ...) + NOT-FOR-US: Dell +CVE-2022-34389 (Dell SupportAssist contains a rate limit bypass issues in screenmeet A ...) + NOT-FOR-US: Dell +CVE-2022-34388 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...) + NOT-FOR-US: Dell +CVE-2022-34387 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Suppor ...) + NOT-FOR-US: Dell +CVE-2022-34386 (Dell SupportAssist for Home PCs (version 3.11.4 and prior) and Support ...) + NOT-FOR-US: Dell +CVE-2022-34385 (SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssis ...) + NOT-FOR-US: Dell +CVE-2022-34384 (Dell SupportAssist Client Consumer (version 3.11.1 and prior), Support ...) + NOT-FOR-US: Dell +CVE-2022-34383 (Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operat ...) + NOT-FOR-US: Dell +CVE-2022-34382 (Dell Command Update, Dell Update and Alienware Update versions prior t ...) + NOT-FOR-US: Dell +CVE-2022-34381 + RESERVED +CVE-2022-34380 (Dell CloudLink 7.1.3 and all earlier versions contain an Authenticatio ...) + NOT-FOR-US: Dell +CVE-2022-34379 (Dell EMC CloudLink 7.1.2 and all prior versions contain an Authenticat ...) + NOT-FOR-US: EMC +CVE-2022-34378 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...) + NOT-FOR-US: Dell +CVE-2022-34377 (Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM co ...) + NOT-FOR-US: Dell +CVE-2022-34376 (Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input ...) + NOT-FOR-US: Dell +CVE-2022-34375 (Dell Container Storage Modules 1.2 contains a path traversal vulnerabi ...) + NOT-FOR-US: Dell +CVE-2022-34374 (Dell Container Storage Modules 1.2 contains an OS command injection in ...) + NOT-FOR-US: Dell +CVE-2022-34373 (Dell Command | Integration Suite for System Center, versions prior to ...) + NOT-FOR-US: Dell +CVE-2022-34372 (Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an ...) + NOT-FOR-US: Dell +CVE-2022-34371 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) + NOT-FOR-US: Dell +CVE-2022-34370 + RESERVED +CVE-2022-34369 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9. ...) + NOT-FOR-US: Dell +CVE-2022-34368 (Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0. ...) + NOT-FOR-US: EMC +CVE-2022-34367 (Dell EMC Data Protection Central versions 19.1, 19.2, 19.3, 19.4, 19.5 ...) + NOT-FOR-US: Dell +CVE-2022-34366 (Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Ove ...) + NOT-FOR-US: Dell +CVE-2022-34365 (WMS 3.7 contains a Path Traversal Vulnerability in Device API. An atta ...) + NOT-FOR-US: Dell +CVE-2022-34364 (Dell BSAFE SSL-J when used in debug mode can reveal unnecessary inform ...) + NOT-FOR-US: Dell +CVE-2022-34363 + RESERVED +CVE-2022-2193 (Insecure Direct Object Reference vulnerability in HYPR Server before v ...) + NOT-FOR-US: HYPR +CVE-2022-2192 (Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 al ...) + NOT-FOR-US: HYPR +CVE-2022-2191 (In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 v ...) + - jetty9 (Specific to 10.x) + NOTE: https://github.com/eclipse/jetty.project/issues/8161 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 +CVE-2022-34362 (IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection ...) + NOT-FOR-US: IBM +CVE-2022-34361 (IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographi ...) + NOT-FOR-US: IBM +CVE-2022-34360 + RESERVED +CVE-2022-34359 + RESERVED +CVE-2022-34358 (IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2022-34357 + RESERVED +CVE-2022-34356 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-34355 (IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6 ...) + NOT-FOR-US: IBM +CVE-2022-34354 (IBM Sterling Partner Engagement Manager 2.0 allows encrypted storage o ...) + NOT-FOR-US: IBM +CVE-2022-34353 + RESERVED +CVE-2022-34352 (IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a ...) + NOT-FOR-US: IBM +CVE-2022-34351 (IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allo ...) + NOT-FOR-US: IBM +CVE-2022-34350 (IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, ...) + NOT-FOR-US: IBM +CVE-2022-34349 + RESERVED +CVE-2022-34348 (IBM Sterling Partner Engagement Manager 6.1 is vulnerable to an XML Ex ...) + NOT-FOR-US: IBM +CVE-2022-2190 (The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2189 (The WP Video Lightbox WordPress plugin before 1.9.5 does not escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2188 (Privilege escalation vulnerability in DXL Broker for Windows prior to ...) + NOT-FOR-US: Trellix +CVE-2022-2187 (The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2186 (The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20097 (A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20096 (A vulnerability classified as problematic has been found in WP-SpamFre ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20095 (A vulnerability classified as critical was found in Simple Ads Manager ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20094 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20093 (A vulnerability, which was classified as problematic, was found in Dow ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20092 (A vulnerability classified as problematic was found in Google Analytic ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34343 + RESERVED +CVE-2022-34342 + RESERVED +CVE-2022-34341 + RESERVED +CVE-2022-34340 + RESERVED +CVE-2022-34339 ("IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials i ...) + NOT-FOR-US: IBM +CVE-2022-34338 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclo ...) + NOT-FOR-US: IBM +CVE-2022-34337 + RESERVED +CVE-2022-34336 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-34335 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could ...) + NOT-FOR-US: IBM +CVE-2022-34334 (IBM Sterling Partner Engagement Manager 2.0 does not invalidate sessio ...) + NOT-FOR-US: IBM +CVE-2022-34333 (IBM Sterling Order Management 10.0 does not require that users should ...) + NOT-FOR-US: IBM +CVE-2022-34332 + RESERVED +CVE-2022-34331 (After performing a sequence of Power FW950, FW1010 maintenance operat ...) + NOT-FOR-US: IBM +CVE-2022-34330 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) + NOT-FOR-US: IBM +CVE-2022-34329 (IBM CICS TX 11.7 could allow an attacker to obtain sensitive informati ...) + NOT-FOR-US: IBM +CVE-2022-34328 (PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_ ...) + NOT-FOR-US: PMB +CVE-2022-32284 (Use of insufficiently random values vulnerability exists in Vnet/IP co ...) + NOT-FOR-US: YOKOGAWA +CVE-2022-2185 (A critical issue has been discovered in GitLab affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2184 (The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2183 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/d74ca3f9-380d-4c0a-b61c-11113cc98975 + NOTE: https://github.com/vim/vim/commit/8eba2bd291b347e3008aa9e565652d51ad638cfa (v8.2.5151) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2182 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/238d8650-3beb-4831-a8f7-6f0b597a6fb8 + NOTE: https://github.com/vim/vim/commit/f7c7c3fad6d2135d558f3b36d0d1a943118aeb5e (v8.2.5150) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2181 (The Advanced WordPress Reset WordPress plugin before 1.6 does not esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46824 (Cross Site Scripting (XSS) vulnerability in sourcecodester School File ...) + NOT-FOR-US: sourcecodester School File Management System +CVE-2022-34327 + RESERVED +CVE-2022-34326 (In ambiot amb1_sdk (aka SDK for Ameba1) before 2022-06-20 on Realtek R ...) + NOT-FOR-US: Realtek +CVE-2022-34325 (DMA transactions which are targeted at input buffers used for the Stor ...) + NOT-FOR-US: Insyde +CVE-2022-34324 (Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow a ...) + NOT-FOR-US: Sage +CVE-2022-34323 (Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4 ...) + NOT-FOR-US: Sage +CVE-2022-34322 (Multiple XSS issues were discovered in Sage Enterprise Intelligence 20 ...) + NOT-FOR-US: Sage +CVE-2022-34321 + RESERVED +CVE-2022-34320 (IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms th ...) + NOT-FOR-US: IBM +CVE-2022-34319 (IBM CICS TX 11.7 uses weaker than expected cryptographic algorithms th ...) + NOT-FOR-US: IBM +CVE-2022-34318 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...) + NOT-FOR-US: IBM +CVE-2022-34317 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...) + NOT-FOR-US: IBM +CVE-2022-34316 (IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web sc ...) + NOT-FOR-US: IBM +CVE-2022-34315 (IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerabi ...) + NOT-FOR-US: IBM +CVE-2022-34314 (IBM CICS TX 11.1 could disclose sensitive information to a local user ...) + NOT-FOR-US: IBM +CVE-2022-34313 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) + NOT-FOR-US: IBM +CVE-2022-34312 (IBM CICS TX 11.1 allows web pages to be stored locally which can be re ...) + NOT-FOR-US: IBM +CVE-2022-34311 + RESERVED +CVE-2022-34310 + RESERVED +CVE-2022-34309 + RESERVED +CVE-2022-34308 (IBM CICS TX 11.1 could allow a local user to cause a denial of service ...) + NOT-FOR-US: IBM +CVE-2022-34307 (IBM CICS TX 11.1 does not set the secure attribute on authorization to ...) + NOT-FOR-US: IBM +CVE-2022-34306 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header in ...) + NOT-FOR-US: IBM +CVE-2022-34305 (In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 ...) + - tomcat9 9.0.65-1 (unimportant) + - tomcat8 (unimportant) + NOTE: https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k + NOTE: https://github.com/apache/tomcat/commit/8b60af90b99945379c2d1003277e0cabc6776bac (9.0.65) + NOTE: https://github.com/apache/tomcat/commit/5f6c88b054b0e4fbccff8b7f15974ed55d59a9f7 (8.5.82) + NOTE: Only an issue in the Form authentication example from the examples web application +CVE-2022-34304 + RESERVED +CVE-2022-34303 (A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacke ...) + NOT-FOR-US: Eurosoft (UK) shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker +CVE-2022-34302 (A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. ...) + NOT-FOR-US: New Horizon Datasys Inc shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker +CVE-2022-34301 (A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-0 ...) + NOT-FOR-US: CryptoPro Secure Disk shim + NOTE: This transitively affects Secure Boot as used in Debian, but tracking DBX updates + NOTE: is out of scope for the Debian Security Tracker +CVE-2022-34300 (In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::D ...) + - tinyexr 1.0.1+dfsg-4 (bug #1014980) + [bullseye] - tinyexr 1.0.0+dfsg-1+deb11u1 + NOTE: https://github.com/syoyo/tinyexr/issues/167 + NOTE: https://github.com/syoyo/tinyexr/pull/175 +CVE-2022-34299 (There is a heap-based buffer over-read in libdwarf 0.4.0. This issue i ...) + - dwarfutils (bug #1014493) + [bookworm] - dwarfutils (Minor issue) + [bullseye] - dwarfutils (Minor issue) + [buster] - dwarfutils (Minor issue) + [stretch] - dwarfutils (Minor issue) + NOTE: https://github.com/davea42/libdwarf-code/commit/7ef09e1fc9ba07653dd078edb2408631c7969162 + NOTE: https://github.com/davea42/libdwarf-code/issues/119 + NOTE: https://www.prevanders.net/dwarfbug.html#DW202206-001 +CVE-2022-34298 (The NT auth module in OpenAM before 14.6.6 allows a "replace Samba use ...) + NOT-FOR-US: OpenAM (different from src:openam) +CVE-2022-34297 (Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload in ...) + - yii (bug #597899) +CVE-2022-34296 (In Zalando Skipper before 0.13.218, a query predicate could be bypasse ...) + NOT-FOR-US: Zalando Skipper +CVE-2022-34295 (totd before 1.5.3 does not properly randomize mesg IDs.) + NOT-FOR-US: totd +CVE-2022-34294 (totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DN ...) + NOT-FOR-US: totd +CVE-2022-34293 (wolfSSL before 5.4.0 allows remote attackers to cause a denial of serv ...) + - wolfssl 5.5.3-1 (bug #1016981) + [bullseye] - wolfssl (Minor issue) + NOTE: http://www.openwall.com/lists/oss-security/2022/08/08/6 +CVE-2022-34292 (Docker Desktop for Windows before 4.6.0 allows attackers to overwrite ...) + NOT-FOR-US: Docker Desktop +CVE-2022-34291 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34290 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34289 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34288 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34287 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34286 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34285 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34284 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34283 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34282 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34281 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34280 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34279 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34278 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34277 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34276 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34275 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34274 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34273 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34272 (A vulnerability has been identified in PADS Standard/Plus Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-34271 (A vulnerability in import module of Apache Atlas allows an authenticat ...) + NOT-FOR-US: Apache Atlas +CVE-2022-2180 (The GREYD.SUITE WordPress theme does not properly validate uploaded cu ...) + NOT-FOR-US: WordPress theme +CVE-2022-2179 (The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 ...) + NOT-FOR-US: Rockwell +CVE-2022-2178 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Saysis Computer Starcities +CVE-2022-2177 (Kayrasoft product before version 2 has an unauthenticated SQL Injectio ...) + NOT-FOR-US: Kayrasoft +CVE-2022-2176 + REJECTED +CVE-2022-2175 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/7f0481c2-8b57-4324-b47c-795d1ea67e55 + NOTE: https://github.com/vim/vim/commit/6046aded8da002b08d380db29de2ba0268b6616e (v8.2.5148) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2174 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-2173 (The Advanced Database Cleaner WordPress plugin before 3.1.1 does not e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2172 (The LinkWorth WordPress plugin before 3.3.4 does not implement nonce c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2171 (The Progressive License WordPress plugin through 1.1.0 is lacking any ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2170 (The Microsoft Advertising Universal Event Tracking (UET) WordPress plu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2169 (The Loading Page with Loading Screen WordPress plugin before 1.0.83 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2168 (The Download Manager WordPress plugin before 3.2.44 does not escape a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2167 (The Newspaper WordPress theme before 12 does not sanitise a parameter ...) + NOT-FOR-US: WordPress theme +CVE-2022-34270 + RESERVED +CVE-2022-34269 + RESERVED +CVE-2022-34268 + RESERVED +CVE-2022-34267 + RESERVED +CVE-2022-34266 (The libtiff-4.0.3-35.amzn2.0.1 package for LibTIFF on Amazon Linux 2 a ...) + NOT-FOR-US: libtiff-4.0.3-35.amzn2.0.1 Amazon package +CVE-2022-34265 (An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0 ...) + {DSA-5254-1 DLA-3164-1} + - python-django 2:4.0.6-1 (bug #1014541) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/04/2 + NOTE: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/ + NOTE: https://github.com/django/django/commit/54eb8a374d5d98594b264e8ec22337819b37443c (main) + NOTE: https://github.com/django/django/commit/0dc9c016fadb71a067e5a42be30164e3f96c0492 (4.0.6) + NOTE: https://github.com/django/django/commit/a9010fe5555e6086a9d9ae50069579400ef0685e (3.2.14) +CVE-2022-34264 (Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update ...) + NOT-FOR-US: Adobe +CVE-2022-34263 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-34262 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-34261 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-34260 (Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-34259 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34258 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34257 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34256 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34255 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34254 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34253 (Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34252 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe InCopy +CVE-2022-34251 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe InCopy +CVE-2022-34250 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe InCopy +CVE-2022-34249 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe InCopy +CVE-2022-34248 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34247 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34246 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34245 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34244 (Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34243 (Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-34242 (Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and ear ...) + NOT-FOR-US: Adobe +CVE-2022-34241 (Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and ear ...) + NOT-FOR-US: Adobe +CVE-2022-34240 + RESERVED +CVE-2022-34239 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34238 (Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and ...) + NOT-FOR-US: Adobe +CVE-2022-34237 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34236 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34235 (Adobe Premiere Elements version 2020v20 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-34234 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34233 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34232 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34231 + RESERVED +CVE-2022-34230 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34229 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34228 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34227 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34226 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34225 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34224 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34223 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34222 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34221 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34220 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34219 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34218 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-34217 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34216 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34215 (Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 ...) + NOT-FOR-US: Adobe +CVE-2022-34214 + RESERVED +CVE-2022-34213 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34212 (A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34211 (A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34210 (A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earli ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34209 (A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34208 (A missing permission check in Jenkins Beaker builder Plugin 1.10 and e ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker bu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34206 (A missing permission check in Jenkins Jianliao Notification Plugin 1.1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34205 (A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34204 (A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier al ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34203 (A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34202 (Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypte ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34201 (A missing permission check in Jenkins Convertigo Mobile Platform Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Convertig ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34199 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passw ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34198 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34197 (Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the na ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34196 (Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape t ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34195 (Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34194 (Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape th ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34193 (Jenkins Package Version Plugin 1.0.1 and earlier does not escape the n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34192 (Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34191 (Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and ea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34190 (Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34189 (Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape th ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34188 (Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34187 (Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not es ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34186 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier doe ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34185 (Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the na ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34184 (Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not e ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34183 (Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34182 (Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34181 (Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controll ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34180 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not corr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34179 (Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specif ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34178 (Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34177 (Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34176 (Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-34175 (Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some ...) + - jenkins +CVE-2022-34174 (In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...) + - jenkins +CVE-2022-34173 (In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the bui ...) + - jenkins +CVE-2022-34172 (In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons une ...) + - jenkins +CVE-2022-34171 (In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) + - jenkins +CVE-2022-34170 (In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 throug ...) + - jenkins +CVE-2022-2166 (Improper Restriction of Excessive Authentication Attempts in GitHub re ...) + - mastodon (bug #859741) +CVE-2022-34169 (The Apache Xalan Java XSLT library is vulnerable to an integer truncat ...) + {DSA-5256-1 DSA-5192-1 DSA-5188-1 DLA-3155-1} + - openjdk-8 8u342-b07-1 + - openjdk-11 11.0.16+8-1 + - openjdk-17 17.0.4+8-1 + - bcel 6.5.0-2 (bug #1015860) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/19/5 + NOTE: https://github.com/openjdk/jdk/commit/41ef2b249073450172e11163a4d05762364b1297 + NOTE: Bug is most likely only in bcel which libxalan2-java depends on. + NOTE: https://github.com/apache/commons-bcel/pull/147 + NOTE: https://github.com/apache/commons-bcel/commit/f3267cbcc900f80851d561bdd16b239d936947f5 +CVE-2022-34168 + RESERVED +CVE-2022-34151 (Use of hard-coded credentials vulnerability exists in Machine automati ...) + NOT-FOR-US: OMRON Industrial Automation +CVE-2022-33971 (Authentication bypass by capture-replay vulnerability exists in Machin ...) + NOT-FOR-US: OMRON Industrial Automation +CVE-2022-33208 (Authentication bypass by capture-replay vulnerability exists in Machin ...) + NOT-FOR-US: OMRON Industrial Automation +CVE-2022-2165 (Insufficient data validation in URL formatting in Google Chrome prior ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2164 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2163 (Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0. ...) + {DSA-5187-1 DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2162 (Insufficient policy enforcement in File System API in Google Chrome on ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2161 (Use after free in WebApp Provider in Google Chrome prior to 103.0.5060 ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2160 (Insufficient policy enforcement in DevTools in Google Chrome on Window ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2159 + RESERVED +CVE-2022-2158 (Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2157 (Use after free in Interest groups in Google Chrome prior to 103.0.5060 ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2156 (Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed ...) + {DSA-5168-1} + - chromium 103.0.5060.53-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2155 (A vulnerability exists in the affected versions of Lumada APM\u2019s U ...) + NOT-FOR-US: Lumada +CVE-2022-2154 + REJECTED +CVE-2022-2153 (A flaw was found in the Linux kernel\u2019s KVM when attempting to set ...) + {DSA-5173-1 DLA-3173-1 DLA-3131-1 DLA-3065-1} + - linux 5.17.3-1 + [bullseye] - linux 5.10.140-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069736 + NOTE: https://git.kernel.org/linus/7ec37d1cbe17d8189d9562178d8b29167fe1c31a (5.18-rc1) + NOTE: https://git.kernel.org/linus/00b5f37189d24ac3ed46cb7f11742094778c46ce (5.18-rc1) + NOTE: https://git.kernel.org/linus/b1e34d325397a33d97d845e312d7cf2a8b646b44 (5.18-rc1) +CVE-2022-2152 (The Duplicate Page and Post WordPress plugin before 2.8 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2151 (The Best Contact Management Software WordPress plugin through 3.7.3 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2150 + RESERVED +CVE-2022-2149 (The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2148 (The LinkedIn Company Updates WordPress plugin through 1.5.3 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2147 (Cloudflare Warp for Windows from version 2022.2.95.0 contained an unqu ...) + NOT-FOR-US: Cloudflare Warp for Windows +CVE-2022-2146 (The Import CSV Files WordPress plugin through 1.0 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2145 (Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed cre ...) + NOT-FOR-US: Cloudflare WARP client for Windows +CVE-2022-2144 (The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-34167 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-s ...) + NOT-FOR-US: IBM +CVE-2022-34166 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-34165 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSph ...) + NOT-FOR-US: IBM +CVE-2022-34164 (IBM CICS TX 11.1 could allow a local user to impersonate another legit ...) + NOT-FOR-US: IBM +CVE-2022-34163 (IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by imp ...) + NOT-FOR-US: IBM +CVE-2022-34162 (IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking ...) + NOT-FOR-US: IBM +CVE-2022-34161 (IBM CICS TX 11.1 is vulnerable to cross-site request forgery which cou ...) + NOT-FOR-US: IBM +CVE-2022-34160 (IBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection ...) + NOT-FOR-US: IBM +CVE-2022-34159 + RESERVED +CVE-2022-34158 (A carefully crafted invocation on the Image plugin could trigger an CS ...) + - jspwiki +CVE-2022-2143 (The affected product is vulnerable to two instances of command injecti ...) + NOT-FOR-US: iView +CVE-2022-2142 (The affected product is vulnerable to a SQL injection with high attack ...) + NOT-FOR-US: iView +CVE-2022-2141 (SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker wi ...) + NOT-FOR-US: MiCODUS +CVE-2022-2140 (Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable inpu ...) + NOT-FOR-US: Elcomplus SmartICS +CVE-2022-2139 (The affected product is vulnerable to directory traversal, which may a ...) + NOT-FOR-US: iView +CVE-2022-2138 (The affected product is vulnerable due to missing authentication, whic ...) + NOT-FOR-US: iView +CVE-2022-2137 (The affected product is vulnerable to two SQL injections that require ...) + NOT-FOR-US: iView +CVE-2022-2136 (The affected product is vulnerable to multiple SQL injections that req ...) + NOT-FOR-US: iView +CVE-2022-2135 (The affected product is vulnerable to multiple SQL injections, which m ...) + NOT-FOR-US: iView +CVE-2022-2134 (Allocation of Resources Without Limits or Throttling in GitHub reposit ...) + NOT-FOR-US: inventree +CVE-2022-2133 (The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2132 (A permissive list of allowed inputs flaw was found in DPDK. This issue ...) + {DSA-5222-1 DLA-3092-1} + [experimental] - dpdk 22.11~rc2-1 + - dpdk 22.11.1-2 (bug #1019589) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=1031 + NOTE: https://git.dpdk.org/dpdk/commit/?id=71bd0cc536ad6d84188d947d6f24c17400d8f623 (main) + NOTE: https://git.dpdk.org/dpdk/commit/?id=dc1516e260a0df272b218392faf6db3cbf45e717 (main) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=f167022606b5ccca27a627ae599538ce2348ef67 (v21.11.2) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=e12d415556994d0901c317f6338ed2961185465f (v21.11.2) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=8fff8520f356635f6ac3755df1d04f9f1d097968 (v20.11.6) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=089e01b375eb8e5394603308d17ee84b551ff369 (v20.11.6) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=5b3c25e6ee2c68887aae166aed57d0b4af91fa60 (v19.11.13) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=e73049ea26a588518bde750f46ac700462a598ed (v19.11.13) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/4 +CVE-2022-2131 (OpenKM Community Edition in its 6.3.10 version and before was using XM ...) + NOT-FOR-US: OpenKM +CVE-2022-2130 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-XXXX [vlc issues fixed in 3.0.13] + - vlc 3.0.16-1 + [buster] - vlc 3.0.17.4-0+deb10u1 + NOTE: https://www.videolan.org/security/sb-vlc3013.html + NOTE: Tracking issues fixed in DSA-5165-1 without CVEs +CVE-2022-34146 (Transient DOS due to improper input validation in WLAN Host while pars ...) + NOT-FOR-US: Qualcomm +CVE-2022-34145 (Transient DOS due to buffer over-read in WLAN Host while parsing frame ...) + NOT-FOR-US: Qualcomm +CVE-2022-34144 (Transient DOS due to reachable assertion in Modem during OSI decode sc ...) + NOT-FOR-US: Qualcomm +CVE-2022-34143 + RESERVED +CVE-2022-34142 + RESERVED +CVE-2022-34141 + RESERVED +CVE-2022-34140 (A stored cross-site scripting (XSS) vulnerability in /index.php?r=site ...) + NOT-FOR-US: Feehi CMS +CVE-2022-34139 + RESERVED +CVE-2022-34138 (Insecure direct object references (IDOR) in the web server of Biltema ...) + NOT-FOR-US: Biltema IP and Baby Camera +CVE-2022-34137 + RESERVED +CVE-2022-34136 + RESERVED +CVE-2022-34135 + RESERVED +CVE-2022-34134 (Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Requ ...) + NOT-FOR-US: Benjamin BALET Jorani +CVE-2022-34133 (Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scri ...) + NOT-FOR-US: Benjamin BALET Jorani +CVE-2022-34132 (Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Benjamin BALET Jorani +CVE-2022-34131 + RESERVED +CVE-2022-34130 + RESERVED +CVE-2022-34129 + RESERVED +CVE-2022-34128 (The Cartography (aka positions) plugin before 6.0.1 for GLPI allows re ...) + NOT-FOR-US: GLPI plugin +CVE-2022-34127 (The Managentities plugin before 4.0.2 for GLPI allows reading local fi ...) + NOT-FOR-US: GLPI plugin +CVE-2022-34126 (The Activity plugin before 3.1.1 for GLPI allows reading local files v ...) + NOT-FOR-US: GLPI plugin +CVE-2022-34125 (front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows at ...) + NOT-FOR-US: GLPI plugin +CVE-2022-34124 + RESERVED +CVE-2022-34123 + RESERVED +CVE-2022-34122 + RESERVED +CVE-2022-34121 (Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-34120 (Barangay Management System v1.0 was discovered to contain a remote cod ...) + NOT-FOR-US: Barangay Management System +CVE-2022-34119 + RESERVED +CVE-2022-34118 + RESERVED +CVE-2022-34117 + RESERVED +CVE-2022-34116 + RESERVED +CVE-2022-34115 (DataEase v1.11.1 was discovered to contain a arbitrary file write vuln ...) + NOT-FOR-US: Dataease +CVE-2022-34114 (Dataease v1.11.1 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: Dataease +CVE-2022-34113 (An issue in the component /api/plugin/upload of Dataease v1.11.1 allow ...) + NOT-FOR-US: Dataease +CVE-2022-34112 (An access control issue in the component /api/plugin/uninstall Dataeas ...) + NOT-FOR-US: Dataease +CVE-2022-34111 + RESERVED +CVE-2022-34110 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...) + NOT-FOR-US: Micro-Star +CVE-2022-34109 (An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0 ...) + NOT-FOR-US: Micro-Star +CVE-2022-34108 (An issue in the Feature Navigator of Micro-Star International MSI Feat ...) + NOT-FOR-US: Micro-Star +CVE-2022-34107 + RESERVED +CVE-2022-34106 + RESERVED +CVE-2022-34105 + RESERVED +CVE-2022-34104 + RESERVED +CVE-2022-34103 + RESERVED +CVE-2022-34102 (Insufficient access control vulnerability was discovered in the Crestr ...) + NOT-FOR-US: Crestron +CVE-2022-34101 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...) + NOT-FOR-US: Crestron +CVE-2022-34100 (A vulnerability was discovered in the Crestron AirMedia Windows Applic ...) + NOT-FOR-US: Crestron +CVE-2022-34099 + RESERVED +CVE-2022-34098 + RESERVED +CVE-2022-34097 + RESERVED +CVE-2022-34096 + RESERVED +CVE-2022-34095 + RESERVED +CVE-2022-34094 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + NOT-FOR-US: Portal do Software Publico Brasileiro i3geo +CVE-2022-34093 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + NOT-FOR-US: Portal do Software Publico Brasileiro i3geo +CVE-2022-34092 (Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to c ...) + NOT-FOR-US: Portal do Software Publico Brasileiro i3geo +CVE-2022-34091 + RESERVED +CVE-2022-34090 + RESERVED +CVE-2022-34089 + RESERVED +CVE-2022-34088 + RESERVED +CVE-2022-34087 + RESERVED +CVE-2022-34086 + RESERVED +CVE-2022-34085 + RESERVED +CVE-2022-34084 + RESERVED +CVE-2022-34083 + RESERVED +CVE-2022-34082 + RESERVED +CVE-2022-34081 + RESERVED +CVE-2022-34080 + RESERVED +CVE-2022-34079 + RESERVED +CVE-2022-34078 + RESERVED +CVE-2022-34077 + RESERVED +CVE-2022-34076 + RESERVED +CVE-2022-34075 + RESERVED +CVE-2022-34074 + RESERVED +CVE-2022-34073 + RESERVED +CVE-2022-34072 + RESERVED +CVE-2022-34071 + RESERVED +CVE-2022-34070 + RESERVED +CVE-2022-34069 + RESERVED +CVE-2022-34068 + RESERVED +CVE-2022-34067 (Warehouse Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Warehouse Management System +CVE-2022-34066 (The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to cont ...) + NOT-FOR-US: Texercise package in PyPI +CVE-2022-34065 (The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contai ...) + NOT-FOR-US: Rondolu-YT-Concate package in PyPI +CVE-2022-34064 (The Zibal package in PyPI v1.0.0 was discovered to contain a code exec ...) + NOT-FOR-US: Zibal package in PyPI +CVE-2022-34063 + RESERVED +CVE-2022-34062 + RESERVED +CVE-2022-34061 (The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to ...) + NOT-FOR-US: Catly-Translate package in PyPI +CVE-2022-34060 (The Togglee package in PyPI version v0.0.8 was discovered to contain a ...) + NOT-FOR-US: Togglee package in PyPI +CVE-2022-34059 (The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a c ...) + NOT-FOR-US: Sixfab-Tool in PyPI +CVE-2022-34058 + RESERVED +CVE-2022-34057 (The Scoptrial package in PyPI version v0.0.5 was discovered to contain ...) + NOT-FOR-US: Scoptrial package in PyPI +CVE-2022-34056 (The Watertools package in PyPI v0.0.0 was discovered to contain a code ...) + NOT-FOR-US: Watertools package in PyPI +CVE-2022-34055 (The drxhello package in PyPI v0.0.1 was discovered to contain a code e ...) + NOT-FOR-US: drxhello package in PyPI +CVE-2022-34054 (The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain ...) + NOT-FOR-US: Perdido package in PyPI +CVE-2022-34053 (The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a ...) + NOT-FOR-US: DR-Web-Engine package in PyPI +CVE-2022-34052 + RESERVED +CVE-2022-34051 + RESERVED +CVE-2022-34050 + RESERVED +CVE-2022-34049 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...) + NOT-FOR-US: WAVLINK +CVE-2022-34048 (Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflect ...) + NOT-FOR-US: WAVLINK +CVE-2022-34047 (An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows ...) + NOT-FOR-US: WAVLINK +CVE-2022-34046 (An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows a ...) + NOT-FOR-US: WAVLINK +CVE-2022-34045 (Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardc ...) + NOT-FOR-US: WAVLINK +CVE-2022-34044 + RESERVED +CVE-2022-34043 (Incorrect permissions for the folder C:\ProgramData\NoMachine\var\unin ...) + NOT-FOR-US: NoMachine Windows builds +CVE-2022-34042 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Barangay Management System +CVE-2022-34041 + RESERVED +CVE-2022-34040 + RESERVED +CVE-2022-34039 + RESERVED +CVE-2022-34038 (Etcd v3.5.4 allows remote attackers to cause a denial of service via f ...) + - etcd (unimportant) + NOTE: https://github.com/etcd-io/etcd/pull/14022 + NOTE: https://github.com/etcd-io/etcd/pull/14452 + NOTE: Fixed by: https://github.com/etcd-io/etcd/commit/5a315ef88fbfa454e02d27b0b8acb4f89457cd90 + NOTE: Negligible (and upstream disputed) security impact +CVE-2022-34037 (An out-of-bounds read in the rewrite function at /modules/caddyhttp/re ...) + NOT-FOR-US: Caddy +CVE-2022-34036 + RESERVED +CVE-2022-34035 (HTMLDoc v1.9.12 and below was discovered to contain a heap overflow vi ...) + - htmldoc 1.9.12-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/426 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3 (v1.9.12) + NOTE: Crash in CLI tool, no security impact +CVE-2022-34034 + RESERVED +CVE-2022-34033 (HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_h ...) + - htmldoc 1.9.12-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/425 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e (v1.9.12) +CVE-2022-34032 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-34031 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-34030 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-34029 (Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via n ...) + NOT-FOR-US: njs +CVE-2022-34028 (Nginx NJS v0.7.5 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-34027 (Nginx NJS v0.7.4 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-34026 (ICEcoder v8.1 allows attackers to execute a directory traversal.) + NOT-FOR-US: ICEcoder +CVE-2022-34025 (Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: Vesta +CVE-2022-34024 (Barangay Management System v1.0 was discovered to contain an arbitrary ...) + NOT-FOR-US: Barangay Management System +CVE-2022-34023 (Barangay Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Barangay Management System +CVE-2022-34022 (SQL injection vulnerability in ResIOT IOT Platform + LoRaWAN Network S ...) + NOT-FOR-US: ResIOT IOT Platform +CVE-2022-34021 (Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Plat ...) + NOT-FOR-US: ResIOT IOT Platform +CVE-2022-34020 (Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT P ...) + NOT-FOR-US: DellResIOT +CVE-2022-34019 + RESERVED +CVE-2022-34018 + RESERVED +CVE-2022-34017 + RESERVED +CVE-2022-34016 + RESERVED +CVE-2022-34015 + RESERVED +CVE-2022-34014 + RESERVED +CVE-2022-34013 (OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery ...) + NOT-FOR-US: OneBlog +CVE-2022-34012 (Insecure permissions in OneBlog v2.3.4 allows low-level administrators ...) + NOT-FOR-US: OneBlog +CVE-2022-34011 (OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery ...) + NOT-FOR-US: OneBlog +CVE-2022-34010 + RESERVED +CVE-2022-34009 (Fossil 2.18 on Windows allows attackers to cause a denial of service ( ...) + - fossil (Windows-specific) +CVE-2022-34008 (Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privile ...) + NOT-FOR-US: Comodo Antivirus +CVE-2022-34007 (EQS Integrity Line Professional through 2022-07-01 allows a stored XSS ...) + NOT-FOR-US: EQS Integrity Line +CVE-2022-34006 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...) + NOT-FOR-US: TitanFTP +CVE-2022-34005 (An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2 ...) + NOT-FOR-US: TitanFTP +CVE-2022-34004 + RESERVED +CVE-2022-34003 + RESERVED +CVE-2022-34002 (The \u2018document\u2019 parameter of PDS Vista 7\u2019s /application/ ...) + NOT-FOR-US: PDS Vista +CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronousl ...) + NOT-FOR-US: Unit4 +CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...) + - jpeg-xl (Fixed before initial upload to unstable, only affected experimental, bug #1013265) + NOTE: https://github.com/libjxl/libjxl/issues/1477 + NOTE: https://github.com/libjxl/libjxl/commit/aff17c4a57eb1e4d7ef00ea728d33cdb5b2ca9da +CVE-2022-33948 (HOME SPOT CUBE2 V102 contains an OS command injection vulnerability du ...) + NOT-FOR-US: HOME SPOT CUBE2 V102 +CVE-2022-33999 + RESERVED +CVE-2022-33998 + RESERVED +CVE-2022-33997 + RESERVED +CVE-2022-33996 (Incorrect permission management in Devolutions Server before 2022.2 al ...) + NOT-FOR-US: Devolutions Server +CVE-2022-33995 (A path traversal issue in entry attachments in Devolutions Remote Desk ...) + NOT-FOR-US: Devolutions +CVE-2022-33994 (The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by ...) + NOT-FOR-US: Gutenberg plugin for WordPress +CVE-2017-20091 (A vulnerability was found in File Manager Plugin 3.0.1. It has been cl ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20090 (A vulnerability was found in Global Content Blocks Plugin 2.1.5. It ha ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20089 (A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has bee ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20088 (A vulnerability classified as problematic has been found in Atahualpa ...) + NOT-FOR-US: WordPress theme +CVE-2017-20087 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20086 (A vulnerability, which was classified as critical, was found in VaultP ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20085 (A vulnerability has been found in Atahualpa Theme and classified as pr ...) + NOT-FOR-US: WordPress theme +CVE-2017-20084 (A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.8 ...) + NOT-FOR-US: JUNG Smart Visu Server +CVE-2017-20083 (A vulnerability, which was classified as critical, was found in JUNG S ...) + NOT-FOR-US: JUNG Smart Visu Server +CVE-2017-20082 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: JUNG Smart Visu Server +CVE-2022-33993 (Misinterpretation of special domain name characters in DNRD (aka Domai ...) + NOT-FOR-US: dnrd +CVE-2022-33992 (DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS que ...) + NOT-FOR-US: dnrd +CVE-2022-33991 (dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with ...) + NOT-FOR-US: dproxy +CVE-2022-33990 (Misinterpretation of special domain name characters in dproxy-nexgen ( ...) + NOT-FOR-US: dproxy +CVE-2022-33989 (dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selec ...) + NOT-FOR-US: dproxy +CVE-2022-33988 (dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID ...) + NOT-FOR-US: dproxy +CVE-2022-33987 (The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allow ...) + - node-got 11.8.3+~cs58.7.37-3 (bug #1013264) + [bullseye] - node-got 11.8.1+~cs53.13.17-3+deb11u1 + [buster] - node-got (vulnerability introduced later) + NOTE: https://github.com/sindresorhus/got/pull/2047 + NOTE: Fixed by: https://github.com/sindresorhus/got/commit/861ccd9ac2237df762a9e2beed7edd88c60782dc (v12.1.0) + NOTE: buster tested against CVE here https://salsa.debian.org/js-team/node-got/-/commit/47a15e189e39c29281532131675a998e1c0a9f8e +CVE-2022-33986 (DMA attacks on the parameter buffer used by the VariableRuntimeDxe sof ...) + NOT-FOR-US: Insyde +CVE-2022-33985 (DMA transactions which are targeted at input buffers used for the NvmE ...) + NOT-FOR-US: Insyde +CVE-2022-33984 (DMA transactions which are targeted at input buffers used for the SdMm ...) + NOT-FOR-US: Insyde +CVE-2022-33983 (DMA transactions which are targeted at input buffers used for the NvmE ...) + NOT-FOR-US: Insyde +CVE-2022-33982 (DMA attacks on the parameter buffer used by the Int15ServiceSmm softwa ...) + NOT-FOR-US: Insyde +CVE-2022-33976 + RESERVED +CVE-2022-33973 (Improper access control in the Intel(R) WAPI Security software for Win ...) + NOT-FOR-US: Intel +CVE-2022-33898 (Insecure inherited permissions in some Intel(R) NUC Watchdog Timer ins ...) + NOT-FOR-US: Intel +CVE-2022-32764 (Description: Race condition in the Intel(R) DSA software before versio ...) + NOT-FOR-US: Intel +CVE-2022-32582 (Improper access control in firmware for some Intel(R) NUC Boards, Inte ...) + NOT-FOR-US: Intel +CVE-2022-32577 (Improper input validation in BIOS Firmware for some Intel(R) NUC Kits ...) + NOT-FOR-US: Intel +CVE-2022-32576 (Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before ve ...) + NOT-FOR-US: Intel +CVE-2022-30530 (Protection mechanism failure in the Intel(R) DSA software before versi ...) + NOT-FOR-US: Intel +CVE-2022-29895 + RESERVED +CVE-2022-29871 (Improper access control in the Intel(R) CSME software installer before ...) + NOT-FOR-US: Intel +CVE-2022-33981 (drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/28/1 + NOTE: https://git.kernel.org/linus/233087ca063686964a53c829d547c7571e3f67bf (5.18-rc5) +CVE-2022-33980 (Apache Commons Configuration performs variable interpolation, allowing ...) + {DSA-5290-1} + - commons-configuration2 2.8.0-1 (bug #1014960) + [buster] - commons-configuration2 (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/5 +CVE-2022-2129 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/3aaf06e7-9ae1-454d-b8ca-8709c98e5352 + NOTE: https://github.com/vim/vim/commit/d6211a52ab9f53b82f884561ed43d2fe4d24ff7d (v8.2.5126) +CVE-2022-2128 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) + NOT-FOR-US: Trudesk +CVE-2022-2127 (An out-of-bounds read vulnerability was found in Samba due to insuffic ...) + {DSA-5477-1} + - samba 2:4.18.5+dfsg-1 + NOTE: https://www.samba.org/samba/security/CVE-2022-2127.html + NOTE: In scope for continued Samba support +CVE-2022-2126 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + {DLA-3053-1} + - vim 2:9.0.0135-1 (unimportant; bug #1015984) + NOTE: https://huntr.dev/bounties/8d196d9b-3d10-41d2-9f70-8ef0d08c946e + NOTE: https://github.com/vim/vim/commit/156d3911952d73b03d7420dc3540215247db0fe8 (v8.2.5123) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2125 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant; bug #1015984) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/17dab24d-beec-464d-9a72-5b6b11283705 + NOTE: https://github.com/vim/vim/commit/0e8e938d497260dd57be67b4966cb27a5f72376f (v8.2.5122) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2124 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) + {DLA-3053-1} + - vim 2:9.0.0135-1 (unimportant; bug #1015984) + NOTE: https://huntr.dev/bounties/8e9e056d-f733-4540-98b6-414bf36e0b42 + NOTE: https://github.com/vim/vim/commit/2f074f4685897ab7212e25931eeeb0212292829f (v8.2.5120) + NOTE: Crash in CLI tool, no security impact +CVE-2021-46823 (python-ldap before 3.4.0 is vulnerable to a denial of service when lda ...) + - python-ldap 3.4.0-1 + [bullseye] - python-ldap (Minor issue) + [buster] - python-ldap (Minor issue) + [stretch] - python-ldap (Minor issue) + NOTE: https://github.com/python-ldap/python-ldap/security/advisories/GHSA-r8wq-qrxc-hmcm +CVE-2021-46822 (The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoa ...) + - libjpeg-turbo 1:2.1.1-1 + [bullseye] - libjpeg-turbo (Minor issue) + [buster] - libjpeg-turbo (Minor issue) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/f35fd27ec641c42d6b115bfa595e483ec58188d2 (2.1.0) +CVE-2017-20081 (A vulnerability, which was classified as critical, was found in Hindu ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20080 (A vulnerability, which was classified as critical, has been found in H ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20079 (A vulnerability classified as critical was found in Hindu Matrimonial ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20078 (A vulnerability classified as critical has been found in Hindu Matrimo ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20077 (A vulnerability was found in Hindu Matrimonial Script. It has been rat ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20076 (A vulnerability was found in Hindu Matrimonial Script. It has been dec ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20075 (A vulnerability was found in Hindu Matrimonial Script. It has been cla ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20074 (A vulnerability was found in Hindu Matrimonial Script and classified a ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20073 (A vulnerability has been found in Hindu Matrimonial Script and classif ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20072 (A vulnerability, which was classified as critical, was found in Hindu ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20071 (A vulnerability, which was classified as critical, has been found in H ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20070 (A vulnerability classified as critical was found in Hindu Matrimonial ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20069 (A vulnerability classified as critical has been found in Hindu Matrimo ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20068 (A vulnerability was found in Hindu Matrimonial Script. It has been rat ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20067 (A vulnerability was found in Hindu Matrimonial Script. It has been dec ...) + NOT-FOR-US: Hindu Matrimonial Script +CVE-2017-20066 (A vulnerability has been found in Adminer Login 1.4.4 and classified a ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20065 (A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classifi ...) + NOT-FOR-US: Supsystic Popup Plugin +CVE-2017-20064 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declar ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20063 (A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classi ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20062 (A vulnerability was found in Elefant CMS 1.3.12-RC and classified as p ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20061 (A vulnerability has been found in Elefant CMS 1.3.12-RC and classified ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20060 (A vulnerability, which was classified as problematic, was found in Ele ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20059 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20058 (A vulnerability classified as problematic was found in Elefant CMS 1.3 ...) + NOT-FOR-US: Elefant CMS +CVE-2017-20057 (A vulnerability classified as problematic has been found in Elefant CM ...) + NOT-FOR-US: Elefant CMS +CVE-2022-33959 (IBM Sterling Order Management 10.0 could allow a user to bypass valida ...) + NOT-FOR-US: IBM +CVE-2022-33958 + RESERVED +CVE-2022-33957 + RESERVED +CVE-2022-33956 + RESERVED +CVE-2022-33955 (IBM CICS TX 11.1 could allow allow an attacker with physical access to ...) + NOT-FOR-US: IBM +CVE-2022-33954 + RESERVED +CVE-2022-33953 (IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user wi ...) + NOT-FOR-US: IBM +CVE-2022-33952 + RESERVED +CVE-2022-33951 + RESERVED +CVE-2022-33950 + RESERVED +CVE-2022-33945 (Improper input validation in some Intel(R) Server board and Intel(R) S ...) + NOT-FOR-US: Intel +CVE-2022-33942 (Protection mechanism failure in the Intel(R) DCM software before versi ...) + NOT-FOR-US: Intel +CVE-2022-33902 (Insufficient control flow management in the Intel(R) Quartus Prime Pro ...) + NOT-FOR-US: Intel +CVE-2022-33899 + RESERVED +CVE-2022-33895 + RESERVED +CVE-2022-33894 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2022-33892 (Path traversal in the Intel(R) Quartus Prime Pro and Standard edition ...) + NOT-FOR-US: Intel +CVE-2022-33209 (Improper input validation in the firmware for some Intel(R) NUC Laptop ...) + NOT-FOR-US: Intel +CVE-2022-33200 + RESERVED +CVE-2022-33188 + RESERVED +CVE-2022-33176 (Improper input validation in BIOS firmware for some Intel(R) NUC 11 Pe ...) + NOT-FOR-US: Intel +CVE-2022-33143 + RESERVED +CVE-2022-33141 + RESERVED +CVE-2022-32762 + RESERVED +CVE-2022-32584 + RESERVED +CVE-2022-32580 + RESERVED +CVE-2022-32578 (Improper access control for the Intel(R) NUC Pro Software Suite before ...) + NOT-FOR-US: Intel +CVE-2022-32571 + RESERVED +CVE-2022-32288 + RESERVED +CVE-2022-32233 + RESERVED +CVE-2022-32231 (Improper initialization in the BIOS firmware for some Intel(R) Process ...) + NOT-FOR-US: Intel +CVE-2022-31477 (Improper initialization for some Intel(R) NUC BIOS firmware may allow ...) + NOT-FOR-US: Intel +CVE-2022-30704 (Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-30691 (Uncontrolled resource consumption in the Intel(R) Support Android appl ...) + NOT-FOR-US: Intel +CVE-2022-30606 + RESERVED +CVE-2022-30537 + RESERVED +CVE-2022-30297 (Cross-site scripting in the Intel(R) EMA software before version 1.8.0 ...) + NOT-FOR-US: Intel +CVE-2022-29924 + RESERVED +CVE-2022-29921 + RESERVED +CVE-2022-26084 + RESERVED +CVE-2022-2123 (The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF whi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2122 (DOS / potential heap overwrite in qtdemux using zlib decompression. In ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0003.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/14d306da6da51a762c4dc701d161bb52ab66d774 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/92b5eb1da30fda054daf2f3d30bb4b806910b234 (1.20.3) +CVE-2022-2121 (OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer derefer ...) + - dcmtk 3.6.7-1 (bug #1014044) + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://support.dcmtk.org/redmine/issues/1021 + NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=3e996a2749a9355c9b680fa464ecfd9ab9ff567f (DCMTK-3.6.7) +CVE-2022-2120 (OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) i ...) + - dcmtk 3.6.7-6 (bug #1017743) + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://support.dcmtk.org/redmine/issues/1021 + NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc +CVE-2022-2119 (OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SC ...) + - dcmtk 3.6.7-6 (bug #1017743) + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://support.dcmtk.org/redmine/issues/1021 + NOTE: Fixed by: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=f06a867513524664a1b03dfcf812d8b60fdd02cc +CVE-2022-2118 (The 404s WordPress plugin before 3.5.1 does not sanitise and escape it ...) + NOT-FOR-US: WordPress plugin +CVE-2014-125025 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6e42ccb9dbc13836cd52cda594f819d17af9afa2 (n2.2-rc1) +CVE-2014-125024 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4c3e1956ee35fdcc5ffdb28782050164b4623c0b (n2.2-rc1) +CVE-2014-125023 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2240e2078d53d3cfce8ff1dda64e58fa72038602 (n2.2-rc1) +CVE-2014-125022 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1713eec29add37b654ec6bf262b843d139c1ffc6 (n2.2-rc1) +CVE-2014-125021 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5430839144c6da0160e8e0cfb0c8db01de432e94 (n2.2-rc1) +CVE-2014-125020 (A vulnerability has been found in FFmpeg 2.0 and classified as critica ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1f097d168d9cad473dd44010a337c1413a9cd198 (n2.2-rc1) +CVE-2014-125019 (A vulnerability, which was classified as problematic, was found in FFm ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=b25e84b7399bd91605596b67d761d3464dbe8a6e (n2.2-rc1) +CVE-2014-125018 (A vulnerability, which was classified as problematic, has been found i ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a3b85f3a7952c54a2c36ba1797f7e0cde9f85aa (n2.2-rc1) +CVE-2014-125017 (A vulnerability classified as critical was found in FFmpeg 2.0. This v ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=77bb0004bbe18f1498cfecdc68db5f10808b6599 (n2.2-rc1) +CVE-2014-125016 (A vulnerability was found in FFmpeg 2.0. It has been rated as problema ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e5c7229999182ad1cef13b9eca050dba7a5a08da (n2.2-rc1) +CVE-2014-125015 (A vulnerability classified as critical has been found in FFmpeg 2.0. A ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=18f94df8af04f2c02a25a7dec512289feff6517f (n2.2-rc1) +CVE-2014-125014 (A vulnerability classified as problematic was found in FFmpeg 2.0. Aff ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d1e6602665d5ec1b7e211ab27b298c26139f82cc (n2.2-rc1) +CVE-2014-125013 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c919e1ca2ecfc47d796382973ba0e48b8f6f92a2 (n2.2-rc1) +CVE-2014-125012 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a392bf657015c9a79a5a13adfbfb15086c1943b9 (n2.2-rc1) +CVE-2014-125011 (A vulnerability was found in FFmpeg 2.0. It has been declared as probl ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=d42ec8433c687fcbccefa51a7716d81920218e4f (n2.2-rc1) +CVE-2014-125010 (A vulnerability was found in FFmpeg 2.0. It has been rated as critical ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=91253839e14cce9793ee93f184cef609ca8195d5 (n2.2-rc1) +CVE-2014-125009 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=61d59703c91869f4e5cdacd8d6be52f8b89d4ba4 (n2.2-rc1) +CVE-2014-125008 (A vulnerability classified as problematic has been found in FFmpeg 2.0 ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg in unstable) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f5d1d1e4667ba346ea7e0f97e6d2756bc9d4abde (n2.3) +CVE-2014-125007 (A vulnerability classified as problematic was found in FFmpeg 2.0. Aff ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg in unstable) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=dfefc9097e9b4bb20442e65454a40043bd189b3d (n2.3) +CVE-2014-125006 (A vulnerability, which was classified as problematic, has been found i ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c55ff393340998faae887dfac19e7ef128e1e58 (n2.2-rc1) +CVE-2014-125005 (A vulnerability, which was classified as problematic, was found in FFm ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3edc3b159503d512c919b3d5902f7026e961823a (n2.2-rc1) +CVE-2014-125004 (A vulnerability has been found in FFmpeg 2.0 and classified as problem ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=6ba02602aa7fc7d38db582e75b8b093fb3c1608d (n2.2-rc1) +CVE-2014-125003 (A vulnerability was found in FFmpeg 2.0 and classified as problematic. ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8001e9f7d17e90b4b0898ba64e3b8bbd716c513c (n2.2-rc1) +CVE-2014-125002 (A vulnerability was found in FFmpeg 2.0. It has been classified as pro ...) + - ffmpeg (Fixed before re-introduction to Debian as src:ffmpeg) + NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=f1caaa1c61310beba705957e6366f0392a0b005b (n2.2-rc1) +CVE-2022-33937 (Dell GeoDrive, Versions 1.0 - 2.2, contain a Path Traversal Vulnerabil ...) + NOT-FOR-US: Dell +CVE-2022-33936 (Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerab ...) + NOT-FOR-US: EMC +CVE-2022-33935 (Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a ...) + NOT-FOR-US: EMC +CVE-2022-33934 (Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple s ...) + NOT-FOR-US: Dell +CVE-2022-33933 + REJECTED +CVE-2022-33932 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) + NOT-FOR-US: Dell +CVE-2022-33931 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33930 (Dell Wyse Management Suite 3.6.1 and below contains Information Disclo ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33929 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33928 (Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Pass ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33927 (Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33926 (Dell Wyse Management Suite 3.6.1 and below contains an improper access ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33925 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33924 (Dell Wyse Management Suite 3.6.1 and below contains an Improper Access ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-33923 (Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Inj ...) + NOT-FOR-US: Dell +CVE-2022-33922 (Dell GeoDrive, versions prior to 2.2, contains Insecure File and Folde ...) + NOT-FOR-US: Dell +CVE-2022-33921 (Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking ...) + NOT-FOR-US: Dell +CVE-2022-33920 (Dell GeoDrive, versions prior to 2.2, contains an Unquoted File Path v ...) + NOT-FOR-US: Dell +CVE-2022-33919 (Dell GeoDrive, versions 2.1 - 2.2, contains an information disclosure ...) + NOT-FOR-US: Dell +CVE-2022-33918 (Dell GeoDrive, Versions 2.1 - 2.2, contains an information disclosure ...) + NOT-FOR-US: Dell +CVE-2022-33917 (An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29 ...) + NOT-FOR-US: ARM Mali +CVE-2022-2117 (The GiveWP plugin for WordPress is vulnerable to Sensitive Information ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2116 (The Contact Form DB WordPress plugin before 1.8.0 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2115 (The Popup Anything WordPress plugin before 2.1.7 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2114 (The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2113 (Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inv ...) + NOT-FOR-US: inventree +CVE-2022-2112 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: inventree +CVE-2022-2111 (Unrestricted Upload of File with Dangerous Type in GitHub repository i ...) + NOT-FOR-US: inventree +CVE-2022-2110 + RESERVED +CVE-2022-2109 + RESERVED +CVE-2022-33916 (OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacke ...) + NOT-FOR-US: OPC UA .NET Standard Reference Server +CVE-2022-33915 (Versions of the Amazon AWS Apache Log4j hotpatch package before log4j- ...) + NOT-FOR-US: Specific to Amazon AWS Apache Log4j hotpatch package +CVE-2022-33914 + RESERVED +CVE-2022-33913 (In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, fil ...) + - mahara +CVE-2022-33912 (A permission issue affects users that deployed the shipped version of ...) + NOT-FOR-US: Check MK as packaged by upstream +CVE-2022-33911 (An issue was discovered in Couchbase Server 7.x before 7.0.4. Field na ...) + NOT-FOR-US: Couchbase Server +CVE-2022-33910 (An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers ...) + - mantis +CVE-2022-33909 (DMA transactions which are targeted at input buffers used for the HddP ...) + NOT-FOR-US: Insyde +CVE-2022-33908 (DMA transactions which are targeted at input buffers used for the SdHo ...) + NOT-FOR-US: Insyde +CVE-2022-33907 (DMA transactions which are targeted at input buffers used for the soft ...) + NOT-FOR-US: Insyde +CVE-2022-33906 (DMA transactions which are targeted at input buffers used for the FwBl ...) + NOT-FOR-US: Insyde +CVE-2022-33905 (DMA transactions which are targeted at input buffers used for the Ahci ...) + NOT-FOR-US: Insyde +CVE-2022-33904 + RESERVED +CVE-2022-33903 (Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging ...) + - tor 0.4.7.8-1 + [bullseye] - tor (Only affects 0.4.7.x) + [buster] - tor (Only affects 0.4.7.x) + [stretch] - tor (Only affects 0.4.7.x) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2099227 + NOTE: https://gitlab.torproject.org/tpo/core/tor/-/issues/40626 + NOTE: https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html + NOTE: https://github.com/torproject/tor/commit/b0496d40197dd5b4fb7b694c1410082d4e34dda6 (tor-0.4.7.8) +CVE-2022-33891 (The Apache Spark UI offers the possibility to enable ACLs via the conf ...) + - apache-spark (bug #802194) +CVE-2022-33890 (A maliciously crafted PCT or DWF file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-33889 (A maliciously crafted GIF or JPEG files when parsed through Autodesk D ...) + NOT-FOR-US: Autodesk +CVE-2022-33888 (A malicious crafted Dwg2Spd file when processed through Autodesk DWG a ...) + NOT-FOR-US: Autodesk +CVE-2022-33887 (A maliciously crafted PDF file when parsed through Autodesk AutoCAD 20 ...) + NOT-FOR-US: Autodesk +CVE-2022-33886 (A maliciously crafted MODEL and SLDPRT file can be used to write beyon ...) + NOT-FOR-US: Autodesk +CVE-2022-33885 (A maliciously crafted X_B, CATIA, and PDF file when parsed through Aut ...) + NOT-FOR-US: Autodesk +CVE-2022-33884 (Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 ...) + NOT-FOR-US: Autodesk +CVE-2022-33883 (A malicious crafted file consumed through Moldflow Synergy, Moldflow A ...) + NOT-FOR-US: Autodesk +CVE-2022-33882 (Under certain conditions, an attacker could create an unintended spher ...) + NOT-FOR-US: Autodesk +CVE-2022-33881 (Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 ...) + NOT-FOR-US: Autodesk +CVE-2022-33311 (Browse restriction bypass vulnerability in Address Book of Cybozu Offi ...) + NOT-FOR-US: Cybozu +CVE-2022-33151 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) + NOT-FOR-US: Cybozu +CVE-2022-32583 (Operation restriction bypass vulnerability in Scheduler of Cybozu Offi ...) + NOT-FOR-US: Cybozu +CVE-2022-32544 (Operation restriction bypass vulnerability in Project of Cybozu Office ...) + NOT-FOR-US: Cybozu +CVE-2022-32453 (HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 ...) + NOT-FOR-US: Cybozu +CVE-2022-32283 (Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10 ...) + NOT-FOR-US: Cybozu +CVE-2022-30693 (Information disclosure vulnerability in the system configuration of Cy ...) + NOT-FOR-US: Cybozu +CVE-2022-30604 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) + NOT-FOR-US: Cybozu +CVE-2022-29891 (Browse restriction bypass vulnerability in Custom Ap of Cybozu Office ...) + NOT-FOR-US: Cybozu +CVE-2022-29487 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 a ...) + NOT-FOR-US: Cybozu +CVE-2022-28715 (Cross-site scripting vulnerability in the specific parameters of Cyboz ...) + NOT-FOR-US: Cybozu +CVE-2022-25986 (Browse restriction bypass vulnerability in Scheduler of Cybozu Office ...) + NOT-FOR-US: Cybozu +CVE-2022-2108 (The plugin Wbcom Designs \u2013 BuddyPress Group Reviews for WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2107 (The MiCODUS MV720 GPS tracker API server has an authentication mechani ...) + NOT-FOR-US: MiCODUS +CVE-2022-2106 (Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficient ...) + NOT-FOR-US: Elcomplus SmartICS +CVE-2022-2105 (Client-side JavaScript controls may be bypassed to change user credent ...) + NOT-FOR-US: Secheron +CVE-2022-2104 (The www-data (Apache web server) account is configured to run sudo wit ...) + NOT-FOR-US: Secheron +CVE-2022-2103 (An attacker with weak credentials could access the TCP port via an ope ...) + NOT-FOR-US: Secheron +CVE-2022-2102 (Controls limiting uploads to certain file extensions may be bypassed. ...) + NOT-FOR-US: Secheron +CVE-2022-2101 (The Download Manager plugin for WordPress is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33880 (hms-staff.php in Projectworlds Hospital Management System Mini-Project ...) + NOT-FOR-US: Projectworlds Hospital Management System Mini-Project +CVE-2022-33879 (The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in ...) + - tika (bug #1015002) + [bullseye] - tika (Minor issue) + [buster] - tika (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/27/5 +CVE-2022-33878 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: FortiGuard +CVE-2022-33877 (An incorrect default permission [CWE-276] vulnerability in FortiClient ...) + NOT-FOR-US: Fortinet +CVE-2022-33876 (Multiple instances of improper input validation vulnerability in Forti ...) + NOT-FOR-US: FortiGuard +CVE-2022-33875 (An improper neutralization of special elements used in an SQL Command ...) + NOT-FOR-US: FortiGuard +CVE-2022-33874 (An improper neutralization of special elements used in an OS Command ( ...) + NOT-FOR-US: Fortiguard +CVE-2022-33873 (An improper neutralization of special elements used in an OS Command ( ...) + NOT-FOR-US: Fortiguard +CVE-2022-33872 (An improper neutralization of special elements used in an OS Command ( ...) + NOT-FOR-US: Fortiguard +CVE-2022-33871 (A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb vers ...) + NOT-FOR-US: Fortinet +CVE-2022-33870 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: FortiGuard +CVE-2022-33869 (An improper neutralization of special elements used in an OS command v ...) + NOT-FOR-US: Fortinet +CVE-2022-2100 (The Page Generator WordPress plugin before 1.6.5 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2099 (The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2098 (Weak Password Requirements in GitHub repository kromitgmbh/titra prior ...) + NOT-FOR-US: Titra +CVE-2020-36549 (A vulnerability classified as critical was found in GE Voluson S8. Aff ...) + NOT-FOR-US: GE Healthcare +CVE-2020-36548 (A vulnerability classified as problematic has been found in GE Voluson ...) + NOT-FOR-US: GE Healthcare +CVE-2020-36547 (A vulnerability was found in GE Voluson S8. It has been rated as criti ...) + NOT-FOR-US: GE Healthcare +CVE-2022-33868 + RESERVED +CVE-2022-33867 + RESERVED +CVE-2022-33866 + RESERVED +CVE-2022-33865 + RESERVED +CVE-2022-33864 + RESERVED +CVE-2022-33863 + RESERVED +CVE-2022-33862 + RESERVED +CVE-2022-33861 + RESERVED +CVE-2022-33860 + RESERVED +CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...) + NOT-FOR-US: Eaton Foreseer EPMS +CVE-2022-33858 + RESERVED +CVE-2022-33857 + RESERVED +CVE-2022-33856 + RESERVED +CVE-2022-33855 + RESERVED +CVE-2022-33854 + RESERVED +CVE-2022-33853 + RESERVED +CVE-2022-33852 + RESERVED +CVE-2022-33851 + RESERVED +CVE-2022-33850 + RESERVED +CVE-2022-33849 + RESERVED +CVE-2022-33848 + RESERVED +CVE-2022-33847 + RESERVED +CVE-2022-33846 + RESERVED +CVE-2022-33845 + RESERVED +CVE-2022-33844 + RESERVED +CVE-2022-33843 + RESERVED +CVE-2022-33842 + RESERVED +CVE-2022-33841 + RESERVED +CVE-2022-33840 + RESERVED +CVE-2022-33839 + RESERVED +CVE-2022-33838 + RESERVED +CVE-2022-33837 + RESERVED +CVE-2022-33836 + RESERVED +CVE-2022-33835 + RESERVED +CVE-2022-33834 + RESERVED +CVE-2022-33833 + RESERVED +CVE-2022-33832 + RESERVED +CVE-2022-33831 + RESERVED +CVE-2022-33830 + RESERVED +CVE-2022-33829 + RESERVED +CVE-2022-33828 + RESERVED +CVE-2022-33827 + RESERVED +CVE-2022-33826 + RESERVED +CVE-2022-33825 + RESERVED +CVE-2022-33824 + RESERVED +CVE-2022-33823 + RESERVED +CVE-2022-33822 + RESERVED +CVE-2022-33821 + RESERVED +CVE-2022-33820 + RESERVED +CVE-2022-33819 + RESERVED +CVE-2022-33818 + RESERVED +CVE-2022-33817 + RESERVED +CVE-2022-33816 + RESERVED +CVE-2022-33815 + RESERVED +CVE-2022-33814 + RESERVED +CVE-2022-33813 + RESERVED +CVE-2022-33812 + RESERVED +CVE-2022-33811 + RESERVED +CVE-2022-33810 + RESERVED +CVE-2022-33809 + RESERVED +CVE-2022-33808 + RESERVED +CVE-2022-33807 + RESERVED +CVE-2022-33806 + RESERVED +CVE-2022-33805 + RESERVED +CVE-2022-33804 + RESERVED +CVE-2022-33803 + RESERVED +CVE-2022-33802 + RESERVED +CVE-2022-33801 + RESERVED +CVE-2022-33800 + RESERVED +CVE-2022-33799 + RESERVED +CVE-2022-33798 + RESERVED +CVE-2022-33797 + RESERVED +CVE-2022-33796 + RESERVED +CVE-2022-33795 + RESERVED +CVE-2022-33794 + RESERVED +CVE-2022-33793 + RESERVED +CVE-2022-33792 + RESERVED +CVE-2022-33791 + RESERVED +CVE-2022-33790 + RESERVED +CVE-2022-33789 + RESERVED +CVE-2022-33788 + RESERVED +CVE-2022-33787 + RESERVED +CVE-2022-33786 + RESERVED +CVE-2022-33785 + RESERVED +CVE-2022-33784 + RESERVED +CVE-2022-33783 + RESERVED +CVE-2022-33782 + RESERVED +CVE-2022-33781 + RESERVED +CVE-2022-33780 + RESERVED +CVE-2022-33779 + RESERVED +CVE-2022-33778 + RESERVED +CVE-2022-33777 + RESERVED +CVE-2022-33776 + RESERVED +CVE-2022-33775 + RESERVED +CVE-2022-33774 + RESERVED +CVE-2022-33773 + RESERVED +CVE-2022-33772 + RESERVED +CVE-2022-33771 + RESERVED +CVE-2022-33770 + RESERVED +CVE-2022-33769 + RESERVED +CVE-2022-33768 + RESERVED +CVE-2022-33767 + RESERVED +CVE-2022-33766 + RESERVED +CVE-2022-33765 + RESERVED +CVE-2022-33764 + RESERVED +CVE-2022-33763 + RESERVED +CVE-2022-33762 + RESERVED +CVE-2022-33761 + RESERVED +CVE-2022-33760 + RESERVED +CVE-2022-33759 + RESERVED +CVE-2022-2097 (AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimi ...) + {DSA-5343-1 DLA-3325-1} + - openssl 3.0.5-1 (bug #1023424) + NOTE: https://www.openssl.org/news/secadv/20220705.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93 (openssl-3.0.5) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=919925673d6c9cfed3c1085497f5dfbbed5fc431 (OpenSSL_1_1_1q) +CVE-2022-2096 + RESERVED +CVE-2022-2095 (An improper access control check in GitLab CE/EE affecting all version ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-2094 (The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2093 (The WP Duplicate Page WordPress plugin before 1.3 does not sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2092 (The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2091 (The Cache Images WordPress plugin before 3.2.1 does not implement nonc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2090 (The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2089 (The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33758 + RESERVED +CVE-2022-33757 (An authenticated attacker could read Nessus Debug Log file attachments ...) + NOT-FOR-US: Nessus +CVE-2022-33756 (CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulner ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33755 (CA Automic Automation 12.2 and 12.3 contain an insecure input handling ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33754 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33753 (CA Automic Automation 12.2 and 12.3 contain an insecure file creation ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33752 (CA Automic Automation 12.2 and 12.3 contain an insufficient input vali ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33751 (CA Automic Automation 12.2 and 12.3 contain an insecure memory handlin ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33750 (CA Automic Automation 12.2 and 12.3 contain an authentication error vu ...) + NOT-FOR-US: CA Automic Automation +CVE-2022-33749 (XAPI open file limit DoS It is possible for an unauthenticated client ...) + - xen-api + NOTE: https://xenbits.xen.org/xsa/advisory-413.html +CVE-2022-33748 (lock order inversion in transitive grant copy handling As part of XSA- ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-411.html +CVE-2022-33747 (Arm: unbounded memory consumption for 2nd-level page tables Certain ac ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-409.html +CVE-2022-33746 (P2M pool freeing may take excessively long The P2M pool backing second ...) + {DSA-5272-1} + - xen 4.16.2+90-g0d39a6d1ae-1 (bug #1021668) + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-410.html +CVE-2022-33745 (insufficient TLB flush for x86 PV guests in shadow mode For migration ...) + {DSA-5272-1} + - xen 4.16.2-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-408.html + NOTE: All versions of Xen with the XSA-401 fixes applied are vulnerable +CVE-2022-33744 (Arm guests can cause Dom0 DoS via PV devices When mapping pages of gue ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + NOTE: https://xenbits.xen.org/xsa/advisory-406.html +CVE-2022-33743 (network backend may cause Linux netfront to use freed SKBs While addin ...) + {DSA-5191-1} + - linux 5.18.14-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-405.html +CVE-2022-33742 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + - xen 4.16.2-1 + [bullseye] - xen (Too intrusive too backport) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-403.html +CVE-2022-33741 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + - xen 4.16.2-1 + [bullseye] - xen (Too intrusive too backport) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-403.html +CVE-2022-33740 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + - xen 4.16.2-1 + [bullseye] - xen (Too intrusive too backport) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-403.html +CVE-2022-33739 (CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing v ...) + NOT-FOR-US: CA Clarity +CVE-2022-33738 (OpenVPN Access Server before 2.11 uses a weak random generator used to ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2022-33737 (The OpenVPN Access Server installer creates a log file readable for ev ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2022-33736 (A vulnerability has been identified in Opcenter Quality V13.1 (All ver ...) + NOT-FOR-US: Siemens +CVE-2022-33202 (Authentication bypass vulnerability in the setup screen of L2Blocker(o ...) + NOT-FOR-US: L2Blocker +CVE-2022-2088 (An authenticated user with admin privileges may be able to terminate a ...) + NOT-FOR-US: Elcomplus SmartICS +CVE-2022-2087 (A vulnerability, which was classified as problematic, was found in Sou ...) + NOT-FOR-US: SourceCodester Bank Management System +CVE-2022-2086 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SourceCodester Bank Management System +CVE-2022-33735 (There is a password verification vulnerability in WS7200-10 11.0.2.13. ...) + NOT-FOR-US: Huawei +CVE-2022-33734 (Sensitive information exposure in onCharacteristicChanged in Charm by ...) + NOT-FOR-US: Samsung +CVE-2022-33733 (Sensitive information exposure in onCharacteristicRead in Charm by Sam ...) + NOT-FOR-US: Samsung +CVE-2022-33732 (Improper access control vulnerability in Samsung Dex for PC prior to S ...) + NOT-FOR-US: Samsung +CVE-2022-33731 (Improper access control vulnerability in DesktopSystemUI prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-33730 (Heap-based buffer overflow vulnerability in Samsung Dex for PC prior t ...) + NOT-FOR-US: Samsung +CVE-2022-33729 (Improper restriction of broadcasting Intent in ConfirmConnectActivity ...) + NOT-FOR-US: Samsung +CVE-2022-33728 (Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 R ...) + NOT-FOR-US: Samsung +CVE-2022-33727 (A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Au ...) + NOT-FOR-US: Samsung +CVE-2022-33726 (Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Au ...) + NOT-FOR-US: Samsung +CVE-2022-33725 (A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-33724 (Exposure of Sensitive Information in Samsung Dialer application?prior ...) + NOT-FOR-US: Samsung +CVE-2022-33723 (A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug- ...) + NOT-FOR-US: Samsung +CVE-2022-33722 (Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug ...) + NOT-FOR-US: Samsung +CVE-2022-33721 (A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-202 ...) + NOT-FOR-US: Samsung +CVE-2022-33720 (Improper authentication vulnerability in AppLock prior to SMR Aug-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-33719 (Improper input validation in baseband prior to SMR Aug-2022 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2022-33718 (An improper access control vulnerability in Wi-Fi Service prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-33717 (A missing input validation before memory read in SEM TA prior to SMR A ...) + NOT-FOR-US: Samsung +CVE-2022-33716 (An absence of variable initialization in ICCC TA prior to SMR Aug-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-33715 (Improper access control and path traversal vulnerability in LauncherPr ...) + NOT-FOR-US: Samsung +CVE-2022-33714 (Improper access control vulnerability in SemWifiApBroadcastReceiver pr ...) + NOT-FOR-US: Samsung +CVE-2022-33713 (Implicit Intent hijacking vulnerability in Samsung Cloud prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-33712 (Intent redirection vulnerability using implict intent in Camera prior ...) + NOT-FOR-US: Samsung +CVE-2022-33711 (Improper validation of integrity check vulnerability in Samsung USB Dr ...) + NOT-FOR-US: Samsung +CVE-2022-33710 (Improper input validation vulnerability in BillingPackageInsraller in ...) + NOT-FOR-US: Samsung +CVE-2022-33709 (Improper input validation vulnerability in ApexPackageInstaller in Gal ...) + NOT-FOR-US: Samsung +CVE-2022-33708 (Improper input validation vulnerability in AppsPackageInstaller in Gal ...) + NOT-FOR-US: Samsung +CVE-2022-33707 (Improper identifier creation logic in Find My Mobile prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-33706 (Improper access control vulnerability in Samsung Gallery prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-33705 (Information exposure in Calendar prior to version 12.3.05.10000 allows ...) + NOT-FOR-US: Samsung +CVE-2022-33704 (Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior ...) + NOT-FOR-US: Samsung +CVE-2022-33703 (Improper validation vulnerability in CACertificateInfo prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2022-33702 (Improper authorization vulnerability in Knoxguard prior to SMR Jul-202 ...) + NOT-FOR-US: Samsung +CVE-2022-33701 (Improper access control vulnerability in KnoxCustomManagerService prio ...) + NOT-FOR-US: Samsung +CVE-2022-33700 (Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prio ...) + NOT-FOR-US: Samsung +CVE-2022-33699 (Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prio ...) + NOT-FOR-US: Samsung +CVE-2022-33698 (Exposure of Sensitive Information in Telecom application prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-33697 (Sensitive information exposure vulnerability in ImsServiceSwitchBase i ...) + NOT-FOR-US: Samsung +CVE-2022-33696 (Exposure of Sensitive Information in Telephony service prior to SMR Ju ...) + NOT-FOR-US: Samsung +CVE-2022-33695 (Use of improper permission in InputManagerService prior to SMR Jul-202 ...) + NOT-FOR-US: Samsung +CVE-2022-33694 (Exposure of Sensitive Information in CSC application prior to SMR Jul- ...) + NOT-FOR-US: Samsung +CVE-2022-33693 (Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-33692 (Exposure of Sensitive Information in Messaging application prior to SM ...) + NOT-FOR-US: Samsung +CVE-2022-33691 (A possible race condition vulnerability in score driver prior to SMR J ...) + NOT-FOR-US: Samsung +CVE-2022-33690 (Improper input validation in Contacts Storage prior to SMR Jul-2022 Re ...) + NOT-FOR-US: Samsung +CVE-2022-33689 (Improper access control vulnerability in TelephonyUI prior to SMR Jul- ...) + NOT-FOR-US: Samsung +CVE-2022-33688 (Sensitive information exposure vulnerability in EventType in SecTeleph ...) + NOT-FOR-US: Samsung +CVE-2022-33687 (Exposure of Sensitive Information in telephony-common.jar prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-33686 (Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul- ...) + NOT-FOR-US: Samsung +CVE-2022-33685 (Unprotected dynamic receiver in Wearable Manager Service prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-33684 (The Apache Pulsar C++ Client does not verify peer TLS certificates whe ...) + NOT-FOR-US: Apache Pulsar +CVE-2022-33683 (Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Clie ...) + NOT-FOR-US: Apache Pulsar +CVE-2022-33682 (TLS hostname verification cannot be enabled in the Pulsar Broker's Jav ...) + NOT-FOR-US: Apache Pulsar +CVE-2022-33681 (Delayed TLS hostname verification in the Pulsar Java Client and the Pu ...) + NOT-FOR-US: Apache Pulsar +CVE-2022-33680 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-33679 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33678 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33677 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33676 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33675 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33674 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33673 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33672 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33671 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33670 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-33669 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33668 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33667 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33666 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33665 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33664 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33663 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33662 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33661 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33660 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33659 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33658 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33657 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33656 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33655 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33654 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33653 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33652 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33651 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33650 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33649 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33648 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33647 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33646 (Azure Batch Node Agent Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33645 (Windows TCP/IP Driver Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-33644 (Xbox Live Save Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33643 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33642 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33641 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33640 (System Center Operations Manager: Open Management Infrastructure (OMI) ...) + NOT-FOR-US: Microsoft +CVE-2022-33639 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-33638 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-33637 (Microsoft Defender for Endpoint Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33636 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33635 (Windows GDI+ Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-33634 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-33633 (Skype for Business and Lync Remote Code Execution Vulnerability) + NOT-FOR-US: Skype for Business and Lync +CVE-2022-33632 (Microsoft Office Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33631 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-33630 + RESERVED +CVE-2022-33629 + RESERVED +CVE-2022-33628 + RESERVED +CVE-2022-33627 + RESERVED +CVE-2022-33626 + RESERVED +CVE-2022-33625 + RESERVED +CVE-2022-33624 + RESERVED +CVE-2022-33623 + RESERVED +CVE-2022-33622 + RESERVED +CVE-2022-33621 + RESERVED +CVE-2022-33620 + RESERVED +CVE-2022-33619 + RESERVED +CVE-2022-33618 + RESERVED +CVE-2022-33617 + RESERVED +CVE-2022-33616 + RESERVED +CVE-2022-33615 + RESERVED +CVE-2022-33614 + RESERVED +CVE-2022-33613 + RESERVED +CVE-2022-33612 + RESERVED +CVE-2022-33611 + RESERVED +CVE-2022-33610 + RESERVED +CVE-2022-33609 + RESERVED +CVE-2022-33608 + RESERVED +CVE-2022-33607 + RESERVED +CVE-2022-33606 + RESERVED +CVE-2022-33605 + RESERVED +CVE-2022-33604 + RESERVED +CVE-2022-33603 + RESERVED +CVE-2022-33602 + RESERVED +CVE-2022-33601 + RESERVED +CVE-2022-33600 + RESERVED +CVE-2022-33599 + RESERVED +CVE-2022-33598 + RESERVED +CVE-2022-33597 + RESERVED +CVE-2022-33596 + RESERVED +CVE-2022-33595 + RESERVED +CVE-2022-33594 + RESERVED +CVE-2022-33593 + RESERVED +CVE-2022-33592 + RESERVED +CVE-2022-33591 + RESERVED +CVE-2022-33590 + RESERVED +CVE-2022-33589 + RESERVED +CVE-2022-33588 + RESERVED +CVE-2022-33587 + RESERVED +CVE-2022-33586 + RESERVED +CVE-2022-33585 + RESERVED +CVE-2022-33584 + RESERVED +CVE-2022-33583 + RESERVED +CVE-2022-33582 + RESERVED +CVE-2022-33581 + RESERVED +CVE-2022-33580 + RESERVED +CVE-2022-33579 + RESERVED +CVE-2022-33578 + RESERVED +CVE-2022-33577 + RESERVED +CVE-2022-33576 + RESERVED +CVE-2022-33575 + RESERVED +CVE-2022-33574 + RESERVED +CVE-2022-33573 + RESERVED +CVE-2022-33572 + RESERVED +CVE-2022-33571 + RESERVED +CVE-2022-33570 + RESERVED +CVE-2022-33569 + RESERVED +CVE-2022-33568 + RESERVED +CVE-2022-33567 + RESERVED +CVE-2022-33566 + RESERVED +CVE-2022-33565 + RESERVED +CVE-2022-33564 + RESERVED +CVE-2022-33563 + RESERVED +CVE-2022-33562 + RESERVED +CVE-2022-33561 + RESERVED +CVE-2022-33560 + RESERVED +CVE-2022-33559 + RESERVED +CVE-2022-33558 + RESERVED +CVE-2022-33557 + RESERVED +CVE-2022-33556 + RESERVED +CVE-2022-33555 + RESERVED +CVE-2022-33554 + RESERVED +CVE-2022-33553 + RESERVED +CVE-2022-33552 + RESERVED +CVE-2022-33551 + RESERVED +CVE-2022-33550 + RESERVED +CVE-2022-33549 + RESERVED +CVE-2022-33548 + RESERVED +CVE-2022-33547 + RESERVED +CVE-2022-33546 + RESERVED +CVE-2022-33545 + RESERVED +CVE-2022-33544 + RESERVED +CVE-2022-33543 + RESERVED +CVE-2022-33542 + RESERVED +CVE-2022-33541 + RESERVED +CVE-2022-33540 + RESERVED +CVE-2022-33539 + RESERVED +CVE-2022-33538 + RESERVED +CVE-2022-33537 + RESERVED +CVE-2022-33536 + RESERVED +CVE-2022-33535 + RESERVED +CVE-2022-33534 + RESERVED +CVE-2022-33533 + RESERVED +CVE-2022-33532 + RESERVED +CVE-2022-33531 + RESERVED +CVE-2022-33530 + RESERVED +CVE-2022-33529 + RESERVED +CVE-2022-33528 + RESERVED +CVE-2022-33527 + RESERVED +CVE-2022-33526 + RESERVED +CVE-2022-33525 + RESERVED +CVE-2022-33524 + RESERVED +CVE-2022-33523 + RESERVED +CVE-2022-33522 + RESERVED +CVE-2022-33521 + RESERVED +CVE-2022-33520 + RESERVED +CVE-2022-33519 + RESERVED +CVE-2022-33518 + RESERVED +CVE-2022-33517 + RESERVED +CVE-2022-33516 + RESERVED +CVE-2022-33515 + RESERVED +CVE-2022-33514 + RESERVED +CVE-2022-33513 + RESERVED +CVE-2022-33512 + RESERVED +CVE-2022-33511 + RESERVED +CVE-2022-33510 + RESERVED +CVE-2022-33509 + RESERVED +CVE-2022-33508 + RESERVED +CVE-2022-33507 + RESERVED +CVE-2022-33506 + RESERVED +CVE-2022-33505 + RESERVED +CVE-2022-33504 + RESERVED +CVE-2022-33503 + RESERVED +CVE-2022-33502 + RESERVED +CVE-2022-33501 + RESERVED +CVE-2022-33500 + RESERVED +CVE-2022-33499 + RESERVED +CVE-2022-33498 + RESERVED +CVE-2022-33497 + RESERVED +CVE-2022-33496 + RESERVED +CVE-2022-33495 + RESERVED +CVE-2022-33494 + RESERVED +CVE-2022-33493 + RESERVED +CVE-2022-33492 + RESERVED +CVE-2022-33491 + RESERVED +CVE-2022-33490 + RESERVED +CVE-2022-33489 + RESERVED +CVE-2022-33488 + RESERVED +CVE-2022-33487 + RESERVED +CVE-2022-33486 + RESERVED +CVE-2022-33485 + RESERVED +CVE-2022-33484 + RESERVED +CVE-2022-33483 + RESERVED +CVE-2022-33482 + RESERVED +CVE-2022-33481 + RESERVED +CVE-2022-33480 + RESERVED +CVE-2022-33479 + RESERVED +CVE-2022-33478 + RESERVED +CVE-2022-33477 + RESERVED +CVE-2022-33476 + RESERVED +CVE-2022-33475 + RESERVED +CVE-2022-33474 + RESERVED +CVE-2022-33473 + RESERVED +CVE-2022-33472 + RESERVED +CVE-2022-33471 + RESERVED +CVE-2022-33470 + RESERVED +CVE-2022-33469 + RESERVED +CVE-2022-33468 + RESERVED +CVE-2022-33467 + RESERVED +CVE-2022-33466 + RESERVED +CVE-2022-33465 + RESERVED +CVE-2022-33464 + RESERVED +CVE-2022-33463 + RESERVED +CVE-2022-33462 + RESERVED +CVE-2022-33461 + RESERVED +CVE-2022-33460 + RESERVED +CVE-2022-33459 + RESERVED +CVE-2022-33458 + RESERVED +CVE-2022-33457 + RESERVED +CVE-2022-33456 + RESERVED +CVE-2022-33455 + RESERVED +CVE-2022-33454 + RESERVED +CVE-2022-33453 + RESERVED +CVE-2022-33452 + RESERVED +CVE-2022-33451 + RESERVED +CVE-2022-33450 + RESERVED +CVE-2022-33449 + RESERVED +CVE-2022-33448 + RESERVED +CVE-2022-33447 + RESERVED +CVE-2022-33446 + RESERVED +CVE-2022-33445 + RESERVED +CVE-2022-33444 + RESERVED +CVE-2022-33443 + RESERVED +CVE-2022-33442 + RESERVED +CVE-2022-33441 + RESERVED +CVE-2022-33440 + RESERVED +CVE-2022-33439 + RESERVED +CVE-2022-33438 + RESERVED +CVE-2022-33437 + RESERVED +CVE-2022-33436 + RESERVED +CVE-2022-33435 + RESERVED +CVE-2022-33434 + RESERVED +CVE-2022-33433 + RESERVED +CVE-2022-33432 + RESERVED +CVE-2022-33431 + RESERVED +CVE-2022-33430 + RESERVED +CVE-2022-33429 + RESERVED +CVE-2022-33428 + RESERVED +CVE-2022-33427 + RESERVED +CVE-2022-33426 + RESERVED +CVE-2022-33425 + RESERVED +CVE-2022-33424 + RESERVED +CVE-2022-33423 + RESERVED +CVE-2022-33422 + RESERVED +CVE-2022-33421 + RESERVED +CVE-2022-33420 + RESERVED +CVE-2022-33419 + RESERVED +CVE-2022-33418 + RESERVED +CVE-2022-33417 + RESERVED +CVE-2022-33416 + RESERVED +CVE-2022-33415 + RESERVED +CVE-2022-33414 + RESERVED +CVE-2022-33413 + RESERVED +CVE-2022-33412 + RESERVED +CVE-2022-33411 + RESERVED +CVE-2022-33410 + RESERVED +CVE-2022-33409 + RESERVED +CVE-2022-33408 + RESERVED +CVE-2022-33407 + RESERVED +CVE-2022-33406 + RESERVED +CVE-2022-33405 + RESERVED +CVE-2022-33404 + RESERVED +CVE-2022-33403 + RESERVED +CVE-2022-33402 + RESERVED +CVE-2022-33401 + RESERVED +CVE-2022-33400 + RESERVED +CVE-2022-33399 + RESERVED +CVE-2022-33398 + RESERVED +CVE-2022-33397 + RESERVED +CVE-2022-33396 + RESERVED +CVE-2022-33395 + RESERVED +CVE-2022-33394 + RESERVED +CVE-2022-33393 + RESERVED +CVE-2022-33392 + RESERVED +CVE-2022-33391 + RESERVED +CVE-2022-33390 + RESERVED +CVE-2022-33389 + RESERVED +CVE-2022-33388 + RESERVED +CVE-2022-33387 + RESERVED +CVE-2022-33386 + RESERVED +CVE-2022-33385 + RESERVED +CVE-2022-33384 + RESERVED +CVE-2022-33383 + RESERVED +CVE-2022-33382 + RESERVED +CVE-2022-33381 + RESERVED +CVE-2022-33380 + RESERVED +CVE-2022-33379 + RESERVED +CVE-2022-33378 + RESERVED +CVE-2022-33377 + RESERVED +CVE-2022-33376 + RESERVED +CVE-2022-33375 + RESERVED +CVE-2022-33374 + RESERVED +CVE-2022-33373 + RESERVED +CVE-2022-33372 + RESERVED +CVE-2022-33371 + RESERVED +CVE-2022-33370 + RESERVED +CVE-2022-33369 + RESERVED +CVE-2022-33368 + RESERVED +CVE-2022-33367 + RESERVED +CVE-2022-33366 + RESERVED +CVE-2022-33365 + RESERVED +CVE-2022-33364 + RESERVED +CVE-2022-33363 + RESERVED +CVE-2022-33362 + RESERVED +CVE-2022-33361 + RESERVED +CVE-2022-33360 + RESERVED +CVE-2022-33359 + RESERVED +CVE-2022-33358 + RESERVED +CVE-2022-33357 + RESERVED +CVE-2022-33356 + RESERVED +CVE-2022-33355 + RESERVED +CVE-2022-33354 + RESERVED +CVE-2022-33353 + RESERVED +CVE-2022-33352 + RESERVED +CVE-2022-33351 + RESERVED +CVE-2022-33350 + RESERVED +CVE-2022-33349 + RESERVED +CVE-2022-33348 + RESERVED +CVE-2022-33347 + RESERVED +CVE-2022-33346 + RESERVED +CVE-2022-33345 + RESERVED +CVE-2022-33344 + RESERVED +CVE-2022-33343 + RESERVED +CVE-2022-33342 + RESERVED +CVE-2022-33341 + RESERVED +CVE-2022-33340 + RESERVED +CVE-2022-33339 + RESERVED +CVE-2022-33338 + RESERVED +CVE-2022-33337 + RESERVED +CVE-2022-33336 + RESERVED +CVE-2022-33335 + RESERVED +CVE-2022-33334 + RESERVED +CVE-2022-33333 + RESERVED +CVE-2022-33332 + RESERVED +CVE-2022-33331 + RESERVED +CVE-2022-33330 + RESERVED +CVE-2022-2085 (A NULL pointer dereference vulnerability was found in Ghostscript, whi ...) + - ghostscript 9.56.0~dfsg-1 + [bullseye] - ghostscript (Vulnerable code not present) + [buster] - ghostscript (Vulnerable code not present) + [stretch] - ghostscript (Vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704945 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ae1061d948d88667bdf51d47d918c4684d0f67df (ghostpdl-9.56.0rc1) + NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;h=6f332dd0baee0135ebff0bf25c56e9adff0f944a (ghostpdl-9.55.0rc1) +CVE-2022-2084 (Sensitive data could be exposed in world readable logs of cloud-init b ...) + - cloud-init 22.2-2 (bug #1014247) + [bullseye] - cloud-init (Vulnerable code not present, introduced in 22.2) + [buster] - cloud-init (Vulnerable code not present, introduced in 22.2) + NOTE: https://github.com/canonical/cloud-init/commit/4d467b14363d800b2185b89790d57871f11ea88c + NOTE: https://bugs.launchpad.net/cloud-init/+bug/1978422 +CVE-2022-2083 (The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-33329 (Multiple command injection vulnerabilities exist in the web_server aja ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33328 (Multiple command injection vulnerabilities exist in the web_server aja ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33327 (Multiple command injection vulnerabilities exist in the web_server aja ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33326 (Multiple command injection vulnerabilities exist in the web_server aja ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33325 (Multiple command injection vulnerabilities exist in the web_server aja ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33324 (Improper Resource Shutdown or Release vulnerability in Mitsubishi Elec ...) + NOT-FOR-US: Mitsubishi +CVE-2022-33323 (Active Debug Code vulnerability in robot controller of Mitsubishi Elec ...) + NOT-FOR-US: Mitsubishi +CVE-2022-33322 (Cross-site scripting vulnerability in Mitsubishi Electric consumer ele ...) + NOT-FOR-US: Mitsubishi Electric +CVE-2022-33321 (Cleartext Transmission of Sensitive Information vulnerability due to t ...) + NOT-FOR-US: Mitsubishi Electric +CVE-2022-33320 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) + NOT-FOR-US: ICONICS +CVE-2022-33319 (Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 ...) + NOT-FOR-US: ICONICS +CVE-2022-33318 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) + NOT-FOR-US: ICONICS +CVE-2022-33317 (Inclusion of Functionality from Untrusted Control Sphere vulnerability ...) + NOT-FOR-US: ICONICS +CVE-2022-33316 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) + NOT-FOR-US: ICONICS +CVE-2022-33315 (Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 v ...) + NOT-FOR-US: ICONICS +CVE-2022-33314 (Multiple command injection vulnerabilities exist in the web_server act ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33313 (Multiple command injection vulnerabilities exist in the web_server act ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33312 (Multiple command injection vulnerabilities exist in the web_server act ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-33309 (Transient DOS due to buffer over-read in WLAN Firmware while parsing s ...) + NOT-FOR-US: Qualcomm +CVE-2022-33308 + RESERVED +CVE-2022-33307 (Memory Corruption due to double free in automotive when a bad HLOS add ...) + NOT-FOR-US: Qualcomm +CVE-2022-33306 (Transient DOS due to buffer over-read in WLAN while processing an inco ...) + NOT-FOR-US: Qualcomm +CVE-2022-33305 (Transient DOS due to NULL pointer dereference in Modem while sending i ...) + NOT-FOR-US: Qualcomm +CVE-2022-33304 (Transient DOS due to NULL pointer dereference in Modem while performin ...) + NOT-FOR-US: Qualcomm +CVE-2022-33303 (Transient DOS due to uncontrolled resource consumption in Linux kernel ...) + NOT-FOR-US: Qualcomm +CVE-2022-33302 (Memory corruption due to improper validation of array index in User Id ...) + NOT-FOR-US: Qualcomm +CVE-2022-33301 (Memory corruption due to incorrect type conversion or cast in audio wh ...) + NOT-FOR-US: Qualcomm +CVE-2022-33300 (Memory corruption in Automotive Android OS due to improper input valid ...) + NOT-FOR-US: Qualcomm +CVE-2022-33299 (Transient DOS due to null pointer dereference in Bluetooth HOST while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33298 (Memory corruption due to use after free in Modem while modem initializ ...) + NOT-FOR-US: Qualcomm +CVE-2022-33297 (Information disclosure due to buffer overread in Linux sensors) + NOT-FOR-US: Qualcomm +CVE-2022-33296 (Memory corruption due to integer overflow to buffer overflow in Modem ...) + NOT-FOR-US: Qualcomm +CVE-2022-33295 (Information disclosure in Modem due to buffer over-read while parsing ...) + NOT-FOR-US: Qualcomm +CVE-2022-33294 (Transient DOS in Modem due to NULL pointer dereference while receiving ...) + NOT-FOR-US: Qualcomm +CVE-2022-33293 + RESERVED +CVE-2022-33292 (Memory corruption in Qualcomm IPC due to use after free while receivin ...) + NOT-FOR-US: Qualcomm +CVE-2022-33291 (Information disclosure in Modem due to buffer over-read while receivin ...) + NOT-FOR-US: Qualcomm +CVE-2022-33290 (Transient DOS in Bluetooth HOST due to null pointer dereference when a ...) + NOT-FOR-US: Qualcomm +CVE-2022-33289 (Memory corruption occurs in Modem due to improper validation of array ...) + NOT-FOR-US: Qualcomm +CVE-2022-33288 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Qualcomm +CVE-2022-33287 (Information disclosure in Modem due to buffer over-read while getting ...) + NOT-FOR-US: Qualcomm +CVE-2022-33286 (Transient DOS due to buffer over-read in WLAN while processing 802.11 ...) + NOT-FOR-US: Qualcomm +CVE-2022-33285 (Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA a ...) + NOT-FOR-US: Qualcomm +CVE-2022-33284 (Information disclosure due to buffer over-read in WLAN while parsing B ...) + NOT-FOR-US: Qualcomm +CVE-2022-33283 (Information disclosure due to buffer over-read in WLAN while WLAN fram ...) + NOT-FOR-US: Qualcomm +CVE-2022-33282 (Memory corruption in Automotive Multimedia due to integer overflow to ...) + NOT-FOR-US: Qualcomm +CVE-2022-33281 (Memory corruption due to improper validation of array index in compute ...) + NOT-FOR-US: Qualcomm +CVE-2022-33280 (Memory corruption due to access of uninitialized pointer in Bluetooth ...) + NOT-FOR-US: Qualcomm +CVE-2022-33279 (Memory corruption due to stack based buffer overflow in WLAN having in ...) + NOT-FOR-US: Qualcomm +CVE-2022-33278 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Qualcomm +CVE-2022-33277 (Memory corruption in modem due to buffer copy without checking size of ...) + NOT-FOR-US: Qualcomm +CVE-2022-33276 (Memory corruption due to buffer copy without checking size of input in ...) + NOT-FOR-US: Qualcomm +CVE-2022-33275 (Memory corruption due to improper validation of array index in WLAN HA ...) + NOT-FOR-US: Qualcomm +CVE-2022-33274 (Memory corruption in android core due to improper validation of array ...) + NOT-FOR-US: Qualcomm +CVE-2022-33273 (Information disclosure due to buffer over-read in Trusted Execution En ...) + NOT-FOR-US: Qualcomm +CVE-2022-33272 (Transient DOS in modem due to reachable assertion.) + NOT-FOR-US: Qualcomm +CVE-2022-33271 (Information disclosure due to buffer over-read in WLAN while parsing N ...) + NOT-FOR-US: Qualcomm +CVE-2022-33270 (Transient DOS due to time-of-check time-of-use race condition in Modem ...) + NOT-FOR-US: Qualcomm +CVE-2022-33269 (Memory corruption due to integer overflow or wraparound in Core while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33268 (Information disclosure due to buffer over-read in Bluetooth HOST while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33267 (Memory corruption in Linux while sending DRM request.) + NOT-FOR-US: Qualcomm +CVE-2022-33266 (Memory corruption in Audio due to integer overflow to buffer overflow ...) + NOT-FOR-US: Qualcomm +CVE-2022-33265 (Memory corruption due to information exposure in Powerline Communicati ...) + NOT-FOR-US: Qualcomm +CVE-2022-33264 (Memory corruption in modem due to stack based buffer overflow while pa ...) + NOT-FOR-US: Qualcomm +CVE-2022-33263 (Memory corruption due to use after free in Core when multiple DCI clie ...) + NOT-FOR-US: Qualcomm +CVE-2022-33262 + RESERVED +CVE-2022-33261 + RESERVED +CVE-2022-33260 (Memory corruption due to stack based buffer overflow in core while sen ...) + NOT-FOR-US: Qualcomm +CVE-2022-33259 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Qualcomm +CVE-2022-33258 (Information disclosure due to buffer over-read in modem while reading ...) + NOT-FOR-US: Qualcomm +CVE-2022-33257 (Memory corruption in Core due to time-of-check time-of-use race condit ...) + NOT-FOR-US: Qualcomm +CVE-2022-33256 (Memory corruption due to improper validation of array index in Multi-m ...) + NOT-FOR-US: Qualcomm +CVE-2022-33255 (Information disclosure due to buffer over-read in Bluetooth HOST while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33254 (Transient DOS due to reachable assertion in Modem while processing SIB ...) + NOT-FOR-US: Qualcomm +CVE-2022-33253 (Transient DOS due to buffer over-read in WLAN while parsing corrupted ...) + NOT-FOR-US: Qualcomm +CVE-2022-33252 (Information disclosure due to buffer over-read in WLAN while handling ...) + NOT-FOR-US: Qualcomm +CVE-2022-33251 (Transient DOS due to reachable assertion in Modem because of invalid n ...) + NOT-FOR-US: Qualcomm +CVE-2022-33250 (Transient DOS due to reachable assertion in modem when network repeate ...) + NOT-FOR-US: Qualcomm +CVE-2022-33249 + RESERVED +CVE-2022-33248 (Memory corruption in User Identity Module due to integer overflow to b ...) + NOT-FOR-US: Qualcomm +CVE-2022-33247 + RESERVED +CVE-2022-33246 (Memory corruption in Audio due to use of out-of-range pointer offset w ...) + NOT-FOR-US: Qualcomm +CVE-2022-33245 (Memory corruption in WLAN due to use after free) + NOT-FOR-US: Qualcomm +CVE-2022-33244 (Transient DOS due to reachable assertion in modem during MIB reception ...) + NOT-FOR-US: Qualcomm +CVE-2022-33243 (Memory corruption due to improper access control in Qualcomm IPC.) + NOT-FOR-US: Qualcomm +CVE-2022-33242 (Memory corruption due to improper authentication in Qualcomm IPC while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33241 + RESERVED +CVE-2022-33240 (Memory corruption in Audio due to incorrect type cast during audio use ...) + NOT-FOR-US: Qualcomm +CVE-2022-33239 (Transient DOS due to loop with unreachable exit condition in WLAN firm ...) + NOT-FOR-US: Snapdragon +CVE-2022-33238 (Transient DOS due to loop with unreachable exit condition in WLAN whil ...) + NOT-FOR-US: Qualcomm +CVE-2022-33237 (Transient DOS due to buffer over-read in WLAN firmware while processin ...) + NOT-FOR-US: Snapdragon +CVE-2022-33236 (Transient DOS due to buffer over-read in WLAN firmware while parsing c ...) + NOT-FOR-US: Snapdragon +CVE-2022-33235 (Information disclosure due to buffer over-read in WLAN firmware while ...) + NOT-FOR-US: Qualcomm +CVE-2022-33234 (Memory corruption in video due to configuration weakness. in Snapdrago ...) + NOT-FOR-US: Snapdragon +CVE-2022-33233 (Memory corruption due to configuration weakness in modem wile sending ...) + NOT-FOR-US: Qualcomm +CVE-2022-33232 (Memory corruption due to buffer copy without checking size of input wh ...) + NOT-FOR-US: Qualcomm +CVE-2022-33231 (Memory corruption due to double free in core while initializing the en ...) + NOT-FOR-US: Qualcomm +CVE-2022-33230 (Memory corruption in FM Host due to buffer copy without checking the s ...) + NOT-FOR-US: Qualcomm +CVE-2022-33229 (Information disclosure due to buffer over-read in Modem while using st ...) + NOT-FOR-US: Qualcomm +CVE-2022-33228 (Information disclosure sue to buffer over-read in modem while processi ...) + NOT-FOR-US: Qualcomm +CVE-2022-33227 (Memory corruption in Linux android due to double free while calling un ...) + NOT-FOR-US: Qualcomm +CVE-2022-33226 (Memory corruption due to buffer copy without checking the size of inpu ...) + NOT-FOR-US: Qualcomm +CVE-2022-33225 (Memory corruption due to use after free in trusted application environ ...) + NOT-FOR-US: Qualcomm +CVE-2022-33224 (Memory corruption in core due to buffer copy without check9ing the siz ...) + NOT-FOR-US: Qualcomm +CVE-2022-33223 (Transient DOS in Modem due to null pointer dereference while processin ...) + NOT-FOR-US: Qualcomm +CVE-2022-33222 (Information disclosure due to buffer over-read while parsing DNS respo ...) + NOT-FOR-US: Qualcomm +CVE-2022-33221 (Information disclosure in Trusted Execution Environment due to buffer ...) + NOT-FOR-US: Qualcomm +CVE-2022-33220 (Information disclosure in Automotive multimedia due to buffer over-rea ...) + NOT-FOR-US: Qualcomm +CVE-2022-33219 (Memory corruption in Automotive due to integer overflow to buffer over ...) + NOT-FOR-US: Qualcomm +CVE-2022-33218 (Memory corruption in Automotive due to improper input validation.) + NOT-FOR-US: Qualcomm +CVE-2022-33217 (Memory corruption in Qualcomm IPC due to buffer copy without checking ...) + NOT-FOR-US: Qualcomm +CVE-2022-33216 (Transient Denial-of-service in Automotive due to improper input valida ...) + NOT-FOR-US: Qualcomm +CVE-2022-33215 + RESERVED +CVE-2022-33214 (Memory corruption in display due to time-of-check time-of-use of metad ...) + NOT-FOR-US: Snapdragon +CVE-2022-33213 (Memory corruption in modem due to buffer overflow while processing a P ...) + NOT-FOR-US: Qualcomm +CVE-2022-33212 + RESERVED +CVE-2022-33211 (memory corruption in modem due to improper check while calculating siz ...) + NOT-FOR-US: Qualcomm +CVE-2022-33210 (Memory corruption in automotive multimedia due to use of out-of-range ...) + NOT-FOR-US: Snapdragon +CVE-2022-33146 (Open redirect vulnerability in web2py versions prior to 2.22.5 allows ...) + - web2py +CVE-2022-32585 (A command execution vulnerability exists in the clish art2 functionali ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-28127 (A data removal vulnerability exists in the web_server /action/remove/ ...) + NOT-FOR-US: Robustel R1510 +CVE-2022-2082 + RESERVED +CVE-2022-2081 + RESERVED +CVE-2022-2080 (The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2079 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...) + NOT-FOR-US: nocodb +CVE-2022-2078 (A vulnerability was found in the Linux kernel's nft_set_desc_concat_pa ...) + {DSA-5161-1} + - linux 5.18.2-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2096178 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/02/1 + NOTE: https://git.kernel.org/linus/fecf31ee395b0295f2d7260aa29946b7605f7c85 (5.19-rc1) +CVE-2022-33207 (Four OS command injection vulnerabilities exists in the web interface ...) + NOT-FOR-US: Abode Systems +CVE-2022-33206 (Four OS command injection vulnerabilities exists in the web interface ...) + NOT-FOR-US: Abode Systems +CVE-2022-33205 (Four OS command injection vulnerabilities exists in the web interface ...) + NOT-FOR-US: Abode Systems +CVE-2022-33204 (Four OS command injection vulnerabilities exists in the web interface ...) + NOT-FOR-US: Abode Systems +CVE-2022-33195 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) + NOT-FOR-US: Abode Systems +CVE-2022-33194 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) + NOT-FOR-US: Abode Systems +CVE-2022-33193 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) + NOT-FOR-US: Abode Systems +CVE-2022-33192 (Four OS command injection vulnerabilities exist in the XCMD testWifiAP ...) + NOT-FOR-US: Abode Systems +CVE-2022-33189 (An OS command injection vulnerability exists in the XCMD setAlexa func ...) + NOT-FOR-US: Abode Systems +CVE-2022-32775 (An integer overflow vulnerability exists in the web interface /action/ ...) + NOT-FOR-US: Abode Systems +CVE-2022-32773 (An OS command injection vulnerability exists in the XCMD doDebug funct ...) + NOT-FOR-US: Abode Systems +CVE-2022-32586 (An OS command injection vulnerability exists in the web interface /act ...) + NOT-FOR-US: Abode Systems +CVE-2022-32574 (A double-free vulnerability exists in the web interface /action/ipcamS ...) + NOT-FOR-US: Abode Systems +CVE-2022-32454 (A stack-based buffer overflow vulnerability exists in the XCMD setIPCa ...) + NOT-FOR-US: Abode Systems +CVE-2022-30603 (An OS command injection vulnerability exists in the web interface /act ...) + NOT-FOR-US: Abode Systems +CVE-2022-30541 (An OS command injection vulnerability exists in the XCMD setUPnP funct ...) + NOT-FOR-US: Abode Systems +CVE-2022-29889 (A hard-coded password vulnerability exists in the telnet functionality ...) + NOT-FOR-US: Abode Systems +CVE-2022-29520 (An OS command injection vulnerability exists in the console_main_loop ...) + NOT-FOR-US: Abode Systems +CVE-2022-29472 (An OS command injection vulnerability exists in the web interface util ...) + NOT-FOR-US: Abode Systems +CVE-2022-27804 (An os command injection vulnerability exists in the web interface util ...) + NOT-FOR-US: Abode Systems +CVE-2022-2077 + REJECTED +CVE-2022-2076 + REJECTED +CVE-2022-2075 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2074 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2073 (Code Injection in GitHub repository getgrav/grav prior to 1.7.34.) + NOT-FOR-US: Grav CMS +CVE-2021-46821 + RESERVED +CVE-2022-33187 (Brocade SANnav before v2.2.1 logs usernames and encoded passwords in ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-33186 (A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2022-33185 (Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1 ...) + NOT-FOR-US: Brocade +CVE-2022-33184 (A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS vers ...) + NOT-FOR-US: Brocade +CVE-2022-33183 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) + NOT-FOR-US: Brocade +CVE-2022-33182 (A privilege escalation vulnerability in Brocade Fabric OS CLI before B ...) + NOT-FOR-US: Brocade +CVE-2022-33181 (An information disclosure vulnerability in Brocade Fabric OS CLI befor ...) + NOT-FOR-US: Brocade +CVE-2022-33180 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) + NOT-FOR-US: Brocade +CVE-2022-33179 (A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1 ...) + NOT-FOR-US: Brocade +CVE-2022-33178 (A vulnerability in the radius authentication system of Brocade Fabric ...) + NOT-FOR-US: Brocade +CVE-2022-33175 (Power Distribution Units running on Powertek firmware (multiple brands ...) + NOT-FOR-US: Powertek +CVE-2022-33174 (Power Distribution Units running on Powertek firmware (multiple brands ...) + NOT-FOR-US: Powertek +CVE-2022-33173 (An algorithm-downgrade issue was discovered in Couchbase Server before ...) + NOT-FOR-US: Couchbase Server +CVE-2022-33172 (de.fac2 1.34 allows bypassing the User Presence protection mechanism w ...) + NOT-FOR-US: de.fac2 +CVE-2022-33171 (The findOne function in TypeORM before 0.3.0 can either be supplied wi ...) + NOT-FOR-US: TypeORM +CVE-2022-33170 + RESERVED +CVE-2022-33169 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-33168 (IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause ...) + NOT-FOR-US: IBM +CVE-2022-33167 + RESERVED +CVE-2022-33166 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a p ...) + NOT-FOR-US: IBM +CVE-2022-33165 (IBM Security Directory Server 6.4.0 could allow a remote attacker to t ...) + NOT-FOR-US: IBM +CVE-2022-33164 (IBM Security Directory Server 7.2.0 could allow a remote attacker to t ...) + NOT-FOR-US: IBM +CVE-2022-33163 (IBM Security Directory Suite VA 8.0.1 specifies permissions for a secu ...) + NOT-FOR-US: IBM +CVE-2022-33162 + RESERVED +CVE-2022-33161 (IBM Security Directory Server 6.4.0 could allow a remote attacker to o ...) + NOT-FOR-US: IBM +CVE-2022-33160 (IBM Security Directory Suite 8.0.1 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2022-33159 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user cre ...) + NOT-FOR-US: IBM +CVE-2022-33158 (Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulner ...) + NOT-FOR-US: Trend Micro +CVE-2022-33157 (The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 a ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-33156 (The matomo_integration (aka Matomo Integration) extension before 1.3.2 ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-33155 (The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-33154 (The schema (aka Embedding schema.org vocabulary) extension before 1.13 ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-33153 + RESERVED +CVE-2022-33152 + RESERVED +CVE-2022-33149 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-33148 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-33147 (A sql injection vulnerability exists in the ObjectYPT functionality of ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-33140 (The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 an ...) + NOT-FOR-US: Apache NiFi +CVE-2022-33139 (A vulnerability has been identified in Cerberus DMS (All versions), De ...) + NOT-FOR-US: Siemens +CVE-2022-33138 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-33137 (A vulnerability has been identified in SIMATIC MV540 H (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-33136 + RESERVED +CVE-2022-33135 + RESERVED +CVE-2022-33134 + RESERVED +CVE-2022-33133 + RESERVED +CVE-2022-33132 + RESERVED +CVE-2022-33131 + RESERVED +CVE-2022-33130 + RESERVED +CVE-2022-33129 + RESERVED +CVE-2022-33128 (RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a ...) + NOT-FOR-US: RG-EG series gateway EG350 EG_RGOS +CVE-2022-33127 (The function that calls the diff tool in Diffy 3.4.1 does not properly ...) + - ruby-diffy (Windows-specific) +CVE-2022-33126 + RESERVED +CVE-2022-33125 + RESERVED +CVE-2022-33124 (AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, whi ...) + NOTE: Disputed aiohttp issue +CVE-2022-33123 + RESERVED +CVE-2022-33122 (A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 al ...) + NOT-FOR-US: EyouCMS +CVE-2022-33121 (A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers ...) + NOT-FOR-US: MiniCMS +CVE-2022-33120 + RESERVED +CVE-2022-33119 (NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contai ...) + NOT-FOR-US: NUUO Network Video Recorder NVRsolo +CVE-2022-33118 + RESERVED +CVE-2022-33117 + RESERVED +CVE-2022-33116 (An issue in the jmpath variable in /modules/mindmap/index.php of GUnet ...) + NOT-FOR-US: GUnet Open eClass Platform +CVE-2022-33115 + RESERVED +CVE-2022-33114 (Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Jfinal CMS +CVE-2022-33113 (Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or ...) + NOT-FOR-US: Jfinal CMS +CVE-2022-33112 + RESERVED +CVE-2022-33111 + RESERVED +CVE-2022-33110 + RESERVED +CVE-2022-33109 + RESERVED +CVE-2022-33108 (XPDF v4.04 was discovered to contain a stack overflow vulnerability vi ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-33107 (ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerabi ...) + NOT-FOR-US: ThinkPHP +CVE-2022-33106 (WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate ...) + NOT-FOR-US: WiJungle NGFW +CVE-2022-33105 (Redis v7.0 was discovered to contain a memory leak via the component s ...) + - redis (No vulnerable version 7.x was uploaded to unstable) + NOTE: https://github.com/redis/redis/commit/4a7a4e42db8ff757cdf3f4a824f66426036034ef (7.0.1) + NOTE: https://github.com/redis/redis/pull/10753 + NOTE: https://github.com/redis/redis/pull/10829 +CVE-2022-33104 + RESERVED +CVE-2022-33103 (Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an ...) + - u-boot 2022.07+dfsg-1 (bug #1014528) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (SquashFS support added in 2020.10) + NOTE: https://lore.kernel.org/all/CALO=DHFB+yBoXxVr5KcsK0iFdg+e7ywko4-e+72kjbcS8JBfPw@mail.gmail.com/ + NOTE: https://lore.kernel.org/all/20220609140206.297405-1-miquel.raynal@bootlin.com/ + NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/2ac0baab4aff1a0b45067d0b62f00c15f4e86856 (v2022.07-rc5) +CVE-2022-33102 + RESERVED +CVE-2022-33101 + RESERVED +CVE-2022-33100 + RESERVED +CVE-2022-33099 (An issue in the component luaG_runerror of Lua v5.4.4 and below leads ...) + - lua5.4 5.4.4-3 (bug #1014935) + [bullseye] - lua5.4 (Minor issue) + - lua5.3 (Specific to 5.4) + - lua5.2 (Specific to 5.4) + - lua5.1 (Specific to 5.4) + - lua50 (Specific to 5.4) + NOTE: https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf + NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00035.html + NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00042.html + NOTE: https://lua-users.org/lists/lua-l/2022-05/msg00073.html +CVE-2022-33098 (Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting ...) + NOT-FOR-US: Magnolia CMS +CVE-2022-33097 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33096 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33095 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33094 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33093 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33092 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-33091 + RESERVED +CVE-2022-33090 + RESERVED +CVE-2022-33089 + RESERVED +CVE-2022-33088 + RESERVED +CVE-2022-33087 (A stack overflow in the function DM_ In fillobjbystr() of TP-Link Arch ...) + NOT-FOR-US: TP-Link +CVE-2022-33086 + RESERVED +CVE-2022-33085 (ESPCMS P8 was discovered to contain an authenticated remote code execu ...) + NOT-FOR-US: ESPCMS +CVE-2022-33084 + RESERVED +CVE-2022-33083 + RESERVED +CVE-2022-33082 (An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10 ...) + NOT-FOR-US: Open Policy Agent +CVE-2022-33081 + RESERVED +CVE-2022-33080 + RESERVED +CVE-2022-33079 + RESERVED +CVE-2022-33078 + RESERVED +CVE-2022-33077 (An access control issue in nopcommerce v4.50.2 allows attackers to arb ...) + NOT-FOR-US: nopcommerce +CVE-2022-33076 + RESERVED +CVE-2022-33075 (A stored cross-site scripting (XSS) vulnerability in the Add Classific ...) + NOT-FOR-US: Zoo Management System +CVE-2022-33074 + RESERVED +CVE-2022-33073 + RESERVED +CVE-2022-33072 + RESERVED +CVE-2022-33071 + RESERVED +CVE-2022-33070 (Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shif ...) + - protobuf-c 1.4.1-1 + [bullseye] - protobuf-c (Minor issue) + [buster] - protobuf-c (Minor issue) + NOTE: https://github.com/protobuf-c/protobuf-c/issues/506 + NOTE: https://github.com/protobuf-c/protobuf-c/pull/508 + NOTE: https://github.com/protobuf-c/protobuf-c/commit/6e389ce2c34355d36009a8fb1666bed29fa2d4f4 (v1.4.1) +CVE-2022-33069 (Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder ...) + NOT-FOR-US: Ethereum +CVE-2022-33068 (An integer overflow in the component hb-ot-shape-fallback.cc of Harfbu ...) + - harfbuzz 5.2.0-2 (bug #1013673) + [bullseye] - harfbuzz (Minor issue) + [buster] - harfbuzz (Minor issue) + [stretch] - harfbuzz (Minor issue) + NOTE: https://github.com/harfbuzz/harfbuzz/issues/3557 + NOTE: https://github.com/harfbuzz/harfbuzz/commit/62e803b36173fd096d7ad460dd1d1db9be542593 +CVE-2022-33067 (Lrzip v0.651 was discovered to contain multiple invalid arithmetic shi ...) + - lrzip (unimportant) + NOTE: https://github.com/ckolivas/lrzip/issues/224 + NOTE: Crash in CLI tool, no security impact +CVE-2022-33066 + RESERVED +CVE-2022-33065 (Multiple signed integers overflow in function au_read_header in src/au ...) + - libsndfile (bug #1051891) + [bookworm] - libsndfile (Minor issue) + [bullseye] - libsndfile (Minor issue) + [buster] - libsndfile (Minor issue) + NOTE: https://github.com/libsndfile/libsndfile/issues/833 + NOTE: https://github.com/libsndfile/libsndfile/issues/789 + NOTE: https://github.com/libsndfile/libsndfile/commit/0754562e13d2e63a248a1c82f90b30bc0ffe307c +CVE-2022-33064 (An off-by-one error in function wav_read_header in src/wav.c in Libsnd ...) + - libsndfile (bug #1051890) + [bookworm] - libsndfile (Minor issue) + [bullseye] - libsndfile (Minor issue) + [buster] - libsndfile (Minor issue) + NOTE: https://github.com/libsndfile/libsndfile/issues/832 +CVE-2022-33063 + RESERVED +CVE-2022-33062 + RESERVED +CVE-2022-33061 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33060 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33059 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33058 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33057 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33056 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33055 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33054 + RESERVED +CVE-2022-33053 + RESERVED +CVE-2022-33052 + RESERVED +CVE-2022-33051 + RESERVED +CVE-2022-33050 + RESERVED +CVE-2022-33049 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33048 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33047 (OTFCC v0.10.4 was discovered to contain a heap buffer overflow after f ...) + - texlive-bin (unimportant; bug #1019602) + [bullseye] - texlive-bin (Vulnerable code not present) + [buster] - texlive-bin (Vulnerable code not present) + NOTE: Affected code not built, see #1019602 +CVE-2022-33046 + RESERVED +CVE-2022-33045 + RESERVED +CVE-2022-33044 + RESERVED +CVE-2022-33043 (A cross-site scripting (XSS) vulnerability in the batch add function o ...) + NOT-FOR-US: Urtracker Premium +CVE-2022-33042 (Online Railway Reservation System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Online Railway Reservation System +CVE-2022-33041 + RESERVED +CVE-2022-33040 + RESERVED +CVE-2022-33039 + RESERVED +CVE-2022-33038 + RESERVED +CVE-2022-33037 (A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute ar ...) + NOT-FOR-US: Orwell-Dev-Cpp +CVE-2022-33036 (A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execut ...) + NOT-FOR-US: Embarcadero Dev-CPP +CVE-2022-33035 (XLPD v7.0.0094 and below contains an unquoted service path vulnerabili ...) + NOT-FOR-US: XLPD +CVE-2022-33034 (LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via t ...) + - libredwg (bug #595191) +CVE-2022-33033 (LibreDWG v0.12.4.4608 was discovered to contain a double-free via the ...) + - libredwg (bug #595191) +CVE-2022-33032 (LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow ...) + - libredwg (bug #595191) +CVE-2022-33031 + RESERVED +CVE-2022-33030 + RESERVED +CVE-2022-33029 + RESERVED +CVE-2022-33028 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) + - libredwg (bug #595191) +CVE-2022-33027 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) + - libredwg (bug #595191) +CVE-2022-33026 (LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow ...) + - libredwg (bug #595191) +CVE-2022-33025 (LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free ...) + - libredwg (bug #595191) +CVE-2022-33024 (There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_ ...) + - libredwg (bug #595191) +CVE-2022-33023 (CVA6 commit 909d85a gives incorrect permission to use special multipli ...) + NOT-FOR-US: CVA6 +CVE-2022-33022 + RESERVED +CVE-2022-33021 (CVA6 commit 909d85a accesses invalid memory when reading the value of ...) + NOT-FOR-US: CVA6 +CVE-2022-33020 + RESERVED +CVE-2022-33019 + RESERVED +CVE-2022-33018 + RESERVED +CVE-2022-33017 + RESERVED +CVE-2022-33016 + REJECTED +CVE-2022-33015 + REJECTED +CVE-2022-33014 + REJECTED +CVE-2022-33013 + RESERVED +CVE-2022-33012 (Microweber v1.2.15 was discovered to allow attackers to perform an acc ...) + NOT-FOR-US: microweber +CVE-2022-33011 (Known v1.3.1+2020120201 was discovered to allow attackers to perform a ...) + NOT-FOR-US: Known +CVE-2022-33010 + RESERVED +CVE-2022-33009 (A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 ...) + NOT-FOR-US: LightCMS +CVE-2022-33008 + RESERVED +CVE-2022-33007 (TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discov ...) + NOT-FOR-US: TRENDnet Wi-Fi routers +CVE-2022-33006 + RESERVED +CVE-2022-33005 (A cross-site scripting (XSS) vulnerability in the System Settings/IOT ...) + NOT-FOR-US: Delta Electronics +CVE-2022-33004 (The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contai ...) + NOT-FOR-US: Beginner package in PyPI +CVE-2022-33003 (The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain ...) + NOT-FOR-US: watools package in PyPI +CVE-2022-33002 (The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to conta ...) + NOT-FOR-US: KGExplore package in PyPI +CVE-2022-33001 (The AAmiles package in PyPI v0.1.0 was discovered to contain a code ex ...) + NOT-FOR-US: AAmiles package in PyPI +CVE-2022-33000 (The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to cont ...) + NOT-FOR-US: ML-Scanner package in PyPI +CVE-2022-32999 (The cloudlabeling package in PyPI v0.0.1 was discovered to contain a c ...) + NOT-FOR-US: cloudlabeling package in PyPI +CVE-2022-32998 (The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was d ...) + NOT-FOR-US: cryptoasset-data-downloader package in PyPI +CVE-2022-32997 (The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered ...) + NOT-FOR-US: RootInteractive package in PyPI +CVE-2022-32996 (The django-navbar-client package of v0.9.50 to v1.0.1 was discovered t ...) + NOT-FOR-US: django-navbar-client +CVE-2022-32995 (Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forger ...) + NOT-FOR-US: Halo CMS +CVE-2022-32994 (Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vul ...) + NOT-FOR-US: Halo CMS +CVE-2022-32993 (TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access contro ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32992 (Online Tours And Travels Management System v1.0 was discovered to cont ...) + NOT-FOR-US: Online Tours And Travels Management System +CVE-2022-32991 (Web Based Quiz System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Web Based Quiz System +CVE-2022-32990 (An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allow ...) + - gimp 2.10.32-1 (unimportant) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8230 + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/24c962b95e5c740dff7a87a1f0ccdbf6c0a8c21e (master) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/a842869247eb2cae2b40476b5d93f88d8b01aa27 (master) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/22af0bcfe67c1c86381f33975ca7fdbde6b36b39 (master) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/e7d4b580e514029f28dc9bd59c66187e166db47c (GIMP_2_10_32) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/744959433647bdefcdf00b3f0d575f6812cd0d6d (GIMP_2_10_32) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/6ab90ecbbd7cc95901933f62227fd140c0576d55 (GIMP_2_10_32) + NOTE: NOTE: Crash in GUI application, no security impact +CVE-2022-32989 + RESERVED +CVE-2022-32988 (Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1. ...) + NOT-FOR-US: Asus +CVE-2022-32987 (Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=man ...) + NOT-FOR-US: Simple Bakery Shop Management System +CVE-2022-32986 + RESERVED +CVE-2022-32761 (An information disclosure vulnerability exists in the aVideoEncoderRec ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32760 (A denial of service vulnerability exists in the XCMD doDebug functiona ...) + NOT-FOR-US: Abode Systems +CVE-2022-32572 (An os command injection vulnerability exists in the aVideoEncoder wget ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32282 (An improper password check exists in the login functionality of WWBN A ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-30547 (A directory traversal vulnerability exists in the unzipDirectory funct ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-30534 (An OS command injection vulnerability exists in the aVideoEncoder chun ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-29477 (An authentication bypass vulnerability exists in the web interface /ac ...) + NOT-FOR-US: Abode Systems +CVE-2022-29475 (An information disclosure vulnerability exists in the XFINDER function ...) + NOT-FOR-US: Abode Systems +CVE-2022-28710 (An information disclosure vulnerability exists in the chunkFile functi ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-27805 (An authentication bypass vulnerability exists in the GHOME control fun ...) + NOT-FOR-US: Abode Systems +CVE-2022-2072 (The Name Directory WordPress plugin before 1.25.3 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2071 (The Name Directory WordPress plugin before 1.25.4 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2070 (In Grandstream GSD3710 in its 1.0.11.13 version, it's possible to over ...) + NOT-FOR-US: Grandstream +CVE-2022-2069 (The APDFL.dll in Siemens JT2Go prior to V13.3.0.5 and Siemens Teamcent ...) + NOT-FOR-US: Siemens +CVE-2022-2068 (In addition to the c_rehash shell command injection identified in CVE- ...) + {DSA-5169-1} + - openssl 3.0.4-1 + NOTE: https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa (openssl-3.0.4) + NOTE: https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7 (OpenSSL_1_1_1p) + NOTE: https://github.com/openssl/openssl/commit/7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9 (not public, 1.0.2zf) + NOTE: https://www.openssl.org/news/secadv/20220621.txt +CVE-2022-2067 (SQL Injection in GitHub repository francoisjacquet/rosariosis prior to ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2022-2066 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...) + NOT-FOR-US: neorazorx/facturascripts +CVE-2022-2065 (Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/fac ...) + NOT-FOR-US: neorazorx/facturascripts +CVE-2022-2064 (Insufficient Session Expiration in GitHub repository nocodb/nocodb pri ...) + NOT-FOR-US: nocodb +CVE-2022-2063 (Improper Privilege Management in GitHub repository nocodb/nocodb prior ...) + NOT-FOR-US: nocodb +CVE-2022-2062 (Generation of Error Message Containing Sensitive Information in GitHub ...) + NOT-FOR-US: nocodb +CVE-2022-2061 (Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior ...) + - chafa 1.12.1-1 (unimportant) + NOTE: https://github.com/hpjansson/chafa/commit/e6ce3746cdcf0836b9dae659a5aed15d73a080d8 + NOTE: https://huntr.dev/bounties/365ab61f-9a63-421c-97e6-21d4653021f0/ + NOTE: Crash in CLI tool, no security impact +CVE-2022-2060 (Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/doli ...) + - dolibarr +CVE-2022-2059 (In Pandora FMS v7.0NG.761 and below, in the agent creation section, th ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46820 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...) + NOT-FOR-US: XOS-Shop +CVE-2020-36546 + RESERVED +CVE-2020-36545 + RESERVED +CVE-2017-20056 (A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It ...) + NOT-FOR-US: weblizar User Login Log Plugin +CVE-2017-20055 (A vulnerability classified as problematic has been found in BestWebSof ...) + NOT-FOR-US: BestWebSoft Contact Form Plugin +CVE-2017-20054 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...) + NOT-FOR-US: XYZScripts Contact Form Manager Plugin +CVE-2017-20053 (A vulnerability was found in XYZScripts Contact Form Manager Plugin. I ...) + NOT-FOR-US: XYZScripts Contact Form Manager Plugin +CVE-2017-20052 (A vulnerability classified as problematic was found in Python 2.7.13. ...) + NOT-FOR-US: pgadmin on Windows +CVE-2022-2058 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-3 (bug #1014494) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/428 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab +CVE-2022-2057 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-3 (bug #1014494) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/427 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab +CVE-2022-2056 (Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.4.0-3 (bug #1014494) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/415 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/346 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/dd1bcc7abb26094e93636e85520f0d8f81ab0fab +CVE-2022-2055 + RESERVED +CVE-2022-2054 (Code Injection in GitHub repository nuitka/nuitka prior to 0.9.) + - nuitka 0.9+ds-1 (bug #1012762) + [bullseye] - nuitka (Minor issue) + [buster] - nuitka (Minor issue) + [stretch] - nuitka (Minor issue) + NOTE: https://huntr.dev/bounties/ea4a842c-c48c-4aae-a599-3305125c63a7/ + NOTE: https://github.com/nuitka/nuitka/commit/09647745d7cbb6ff32f9fa948f19d5558b32bcad +CVE-2022-32985 (libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.0 ...) + NOT-FOR-US: Nexans FTTO GigaSwitch +CVE-2022-32984 (BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain s ...) + NOT-FOR-US: BTCPay Server +CVE-2022-32983 (Knot Resolver through 5.5.1 may allow DNS cache poisoning when there i ...) + - knot-resolver (unimportant) + NOTE: Just a clarifying documentation update: https://github.com/CZ-NIC/knot-resolver/commit/ccb9d9794db5eb757c33becf65cb1cf48ecfd968 +CVE-2022-32982 + RESERVED +CVE-2022-32981 (An issue was discovered in the Linux kernel through 5.18.3 on powerpc ...) + - linux 5.18.5-1 (unimportant) + [bullseye] - linux 5.10.127-1 + [buster] - linux 4.19.249-1 + [stretch] - linux (powerpc not supported in LTS) + NOTE: https://git.kernel.org/linus/8e1278444446fc97778a5e5c99bca1ce0bbc5ec9 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/3 + NOTE: 32-bit powerpc not a release architecture +CVE-2022-32980 + RESERVED +CVE-2022-32767 + RESERVED +CVE-2022-32979 + RESERVED +CVE-2022-32978 (There is an assertion failure in SingleComponentLSScan::ParseMCU in si ...) + - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/75 + NOTE: https://github.com/thorfdbg/libjpeg/commit/4746b577931e926a49e50de9720a4946de3069a7 + NOTE: Crash in CLI tool, no security impact +CVE-2022-32977 + RESERVED +CVE-2022-32976 + RESERVED +CVE-2022-32975 + RESERVED +CVE-2022-32974 (An authenticated attacker could read arbitrary files from the underlyi ...) + NOT-FOR-US: Nessus +CVE-2022-32973 (An authenticated attacker could create an audit file that bypasses Pow ...) + NOT-FOR-US: Nessus +CVE-2022-32972 (Infoblox BloxOne Endpoint for Windows through 2.2.7 allows DLL injecti ...) + NOT-FOR-US: Infoblox BloxOne Endpoint for Windows +CVE-2022-32969 (MetaMask before 10.11.3 might allow an attacker to access a user's sec ...) + NOT-FOR-US: MetaTask +CVE-2022-32968 + RESERVED +CVE-2022-32967 (RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An un ...) + NOT-FOR-US: RTL8111EP-CG/RTL8111FP-CGm +CVE-2022-32966 (RTL8168FP-CG Dash remote management function has missing authorization ...) + NOT-FOR-US: RTL8168FP-CG +CVE-2022-32965 (OMICARD EDM has a hard-coded machine key. An unauthenticated remote at ...) + NOT-FOR-US: OMICARD EDM +CVE-2022-32964 (OMICARD EDM\u2019s API function has insufficient validation for user i ...) + NOT-FOR-US: OMICARD EDM +CVE-2022-32963 (OMICARD EDM\u2019s mail file relay function has a path traversal vulne ...) + NOT-FOR-US: OMICARD EDM +CVE-2022-32962 (HiCOS\u2019 client-side citizen certificate component has a double fre ...) + NOT-FOR-US: HICOS +CVE-2022-32961 (HICOS\u2019 client-side citizen digital certificate component has a st ...) + NOT-FOR-US: HICOS +CVE-2022-32960 (HiCOS\u2019 client-side citizen digital certificate component has a st ...) + NOT-FOR-US: HICOS +CVE-2022-32959 (HiCOS\u2019 client-side citizen digital certificate component has a st ...) + NOT-FOR-US: HICOS +CVE-2022-32958 (A remote attacker with general user privilege can send a message to Te ...) + NOT-FOR-US: TeamPlus Pro +CVE-2022-32588 (An out-of-bounds write vulnerability exists in the PICT parsing pctwre ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2022-32281 + RESERVED +CVE-2022-2053 (When a POST request comes through AJP and the request exceeds the max- ...) + - undertow 2.2.18-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2095862 + NOTE: https://github.com/undertow-io/undertow/commit/10ad8964162162ce6d441e951cb9efcdaa585916 +CVE-2022-2052 (Multiple Trumpf Products in multiple versions use default privileged W ...) + NOT-FOR-US: TRUMPF +CVE-2022-2051 + RESERVED +CVE-2022-2050 (The WP-Paginate WordPress plugin before 2.1.9 does not escape one of i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32957 + RESERVED +CVE-2022-32956 + RESERVED +CVE-2022-32955 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32954 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32953 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32952 + REJECTED +CVE-2022-32951 + REJECTED +CVE-2022-32950 + RESERVED +CVE-2022-32949 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32948 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-32947 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32946 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32945 (An access issue was addressed with additional sandbox restrictions on ...) + NOT-FOR-US: Apple +CVE-2022-32944 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-32943 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32942 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32941 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32940 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32939 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32938 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2022-32937 + RESERVED +CVE-2022-32936 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2022-32935 (A lock screen issue was addressed with improved state management. This ...) + NOT-FOR-US: Apple +CVE-2022-32934 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32933 [A website may be able to track the websites a user visited in Safari private browsing mode] + {DSA-5241-1 DSA-5240-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2022-32932 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32931 + RESERVED +CVE-2022-32930 + REJECTED +CVE-2022-32929 (A permissions issue was addressed with additional restrictions. This i ...) + NOT-FOR-US: Apple +CVE-2022-32928 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32927 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32926 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32925 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-32924 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32923 (A correctness issue in the JIT was addressed with improved checks. Thi ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0010.html +CVE-2022-32922 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-32921 + REJECTED +CVE-2022-32920 (The issue was addressed with improved checks. This issue is fixed in X ...) + NOT-FOR-US: Apple Xcode +CVE-2022-32919 [Visiting a website that frames malicious content may lead to UI spoofing] + {DSA-5341-1 DSA-5340-1} + - webkit2gtk 2.38.4-1 + - wpewebkit 2.38.4-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0010.html +CVE-2022-32918 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32917 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32916 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + NOT-FOR-US: Apple +CVE-2022-32915 (A type confusion issue was addressed with improved checks. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32914 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-32913 (The issue was addressed with additional restrictions on the observabil ...) + NOT-FOR-US: Apple +CVE-2022-32912 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + - webkit2gtk (only affects macOS) + - wpewebkit (only affects macOS) + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html +CVE-2022-32911 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32910 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32909 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-32908 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-32907 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32906 (This issue was addressed with using HTTPS when sending information ove ...) + NOT-FOR-US: Apple +CVE-2022-32905 (This issue was addressed with improved validation of symlinks. This is ...) + NOT-FOR-US: Apple +CVE-2022-32904 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2022-32903 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-32902 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32901 + REJECTED +CVE-2022-32900 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32899 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32898 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32897 + RESERVED +CVE-2022-32896 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32895 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2022-32894 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-32893 (An out-of-bounds write issue was addressed with improved bounds checki ...) + {DSA-5220-1 DSA-5219-1 DLA-3087-1} + - webkit2gtk 2.36.7-1 + - wpewebkit 2.36.7-1 + NOTE: https://wpewebkit.org/security/WSA-2022-0008.html +CVE-2022-32892 (An access issue was addressed with improvements to the sandbox. This i ...) + NOT-FOR-US: Apple +CVE-2022-32891 (The issue was addressed with improved UI handling. This issue is fixed ...) + {DSA-5211-1 DSA-5210-1 DLA-3073-1} + - webkit2gtk 2.36.6-1 + - wpewebkit 2.36.6-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html +CVE-2022-32890 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32889 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32888 (An out-of-bounds write issue was addressed with improved bounds checki ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0010.html +CVE-2022-32887 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32886 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-5241-1 DSA-5240-1 DLA-3124-1} + - webkit2gtk 2.38.0-1 + - wpewebkit 2.38.0-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0009.html +CVE-2022-32885 (A memory corruption issue was addressed with improved validation. This ...) + {DSA-5397-1 DSA-5396-1 DLA-3419-1} + - webkit2gtk 2.40.1-1 + - wpewebkit 2.38.6-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2022-32884 + REJECTED +CVE-2022-32883 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32882 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32881 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32880 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32879 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32878 + REJECTED +CVE-2022-32877 (A configuration issue was addressed with additional restrictions. This ...) + NOT-FOR-US: Apple +CVE-2022-32876 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32875 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32874 + REJECTED +CVE-2022-32873 + REJECTED +CVE-2022-32872 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32871 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32870 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32869 + RESERVED +CVE-2022-32868 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32867 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32866 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32865 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32864 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32863 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-32862 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32861 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32860 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2022-32859 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32858 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32857 (This issue was addressed by using HTTPS when sending information over ...) + NOT-FOR-US: Apple +CVE-2022-32856 + REJECTED +CVE-2022-32855 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32854 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32853 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-32852 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-32851 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-32850 + REJECTED +CVE-2022-32849 (An information disclosure issue was addressed by removing the vulnerab ...) + NOT-FOR-US: Apple +CVE-2022-32848 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32847 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32846 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32845 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32844 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2022-32843 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-32842 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-32841 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32840 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32839 (The issue was addressed with improved bounds checks. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32838 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32837 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32836 (This issue was addressed with improved state management. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-32835 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-32834 (An access issue was addressed with improvements to the sandbox. This i ...) + NOT-FOR-US: Apple +CVE-2022-32833 (An issue existed with the file paths used to store website data. The i ...) + NOT-FOR-US: Apple +CVE-2022-32832 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-32830 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + NOT-FOR-US: Apple +CVE-2022-32829 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32828 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32827 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-32826 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2022-32825 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32824 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32823 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2022-32822 + REJECTED +CVE-2022-32821 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-32820 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-32819 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32818 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32817 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + NOT-FOR-US: Apple +CVE-2022-32816 (The issue was addressed with improved UI handling. This issue is fixed ...) + {DSA-5211-1 DSA-5210-1 DLA-3073-1} + - webkit2gtk 2.36.6-1 + - wpewebkit 2.36.6-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 +CVE-2022-32815 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32814 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2022-32813 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32812 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32811 (A memory corruption vulnerability was addressed with improved locking. ...) + NOT-FOR-US: Apple +CVE-2022-32810 (The issue was addressed with improved memory handling. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32809 + REJECTED +CVE-2022-32808 + REJECTED +CVE-2022-32807 (This issue was addressed with improved file handling. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-32806 + REJECTED +CVE-2022-32805 (The issue was addressed with improved handling of caches. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-32804 + REJECTED +CVE-2022-32803 + RESERVED +CVE-2022-32802 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32801 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32800 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32799 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + NOT-FOR-US: Apple +CVE-2022-32798 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-32797 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32796 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-32795 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32794 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-32793 (Multiple out-of-bounds write issues were addressed with improved bound ...) + NOT-FOR-US: Apple +CVE-2022-32792 (An out-of-bounds write issue was addressed with improved input validat ...) + {DSA-5211-1 DSA-5210-1 DLA-3073-1} + - webkit2gtk 2.36.6-1 + - wpewebkit 2.36.6-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/28/2 + NOTE: https://starlabs.sg/blog/2022/09-step-by-step-walkthrough-of-cve-2022-32792/ +CVE-2022-32791 + REJECTED +CVE-2022-32790 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-32789 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32788 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2022-32787 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-32786 (An issue in the handling of environment variables was addressed with i ...) + NOT-FOR-US: Apple +CVE-2022-32785 (A null pointer dereference was addressed with improved validation. Thi ...) + NOT-FOR-US: Apple +CVE-2022-32784 (The issue was addressed with improved UI handling. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32783 (A logic issue was addressed with improved checks. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2022-32782 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32781 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2022-32780 + RESERVED +CVE-2022-32779 + REJECTED +CVE-2022-32778 (An information disclosure vulnerability exists in the cookie functiona ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32777 (An information disclosure vulnerability exists in the cookie functiona ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32772 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32771 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32770 (A cross-site scripting (xss) vulnerability exists in the footer alerts ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32763 (A cross-site scripting (xss) sanitization vulnerability bypass exists ...) + NOT-FOR-US: Lansweeper +CVE-2022-30690 (A cross-site scripting (xss) vulnerability exists in the image403 func ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-28712 (A cross-site scripting (xss) vulnerability exists in the videoAddNew f ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-26842 (A reflected cross-site scripting (xss) vulnerability exists in the cha ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-2049 (In affected versions of Octopus Deploy it is possible to perform a Reg ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-2048 (In Eclipse Jetty HTTP/2 server implementation, when encountering an in ...) + {DSA-5198-1 DLA-3079-1} + - jetty9 9.4.48-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j + NOTE: https://github.com/eclipse/jetty.project/issues/7935 +CVE-2022-2047 (In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, a ...) + {DSA-5198-1 DLA-3079-1} + - jetty9 9.4.48-1 + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-cj7v-27pg-wf7q + NOTE: https://github.com/eclipse/jetty.project/pull/8146 +CVE-2022-2046 (The Directorist WordPress plugin before 7.2.3 allows administrators to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2045 + RESERVED +CVE-2022-2044 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) + NOT-FOR-US: MOXA +CVE-2022-2043 (MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bou ...) + NOT-FOR-US: MOXA +CVE-2022-2042 (Use After Free in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/8628b4cd-4055-4059-aed4-64f7fdc10eba + NOTE: https://github.com/vim/vim/commit/2813f38e021c6e6581c0c88fcf107e41788bc835 (v8.2.5072) + NOTE: Crash in CLI tool, no security impact +CVE-2022-2041 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2040 (The Brizy WordPress plugin before 2.4.2 does not sanitise and escape s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46819 + RESERVED +CVE-2021-46818 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-46817 (Adobe Media Encoder version 15.4 (and earlier) are affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-46816 (Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2022-32769 (Multiple authentication bypass vulnerabilities exist in the objects id ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32768 (Multiple authentication bypass vulnerabilities exist in the objects id ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-32759 + RESERVED +CVE-2022-32758 + RESERVED +CVE-2022-32757 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequ ...) + NOT-FOR-US: IBM +CVE-2022-32756 + RESERVED +CVE-2022-32755 (IBM Security Directory Server 6.4.0 is vulnerable to an XML External E ...) + NOT-FOR-US: IBM +CVE-2022-32754 + RESERVED +CVE-2022-32753 + RESERVED +CVE-2022-32752 (IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a r ...) + NOT-FOR-US: IBM +CVE-2022-32751 + RESERVED +CVE-2022-32750 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-32749 (Improper Check for Unusual or Exceptional Conditions vulnerability han ...) + {DSA-5311-1 DLA-3385-1} + - trafficserver 9.1.4+ds-1 + NOTE: https://lists.apache.org/thread/mrj2lg4s0hf027rk7gz8t7hbn9xpfg02 + NOTE: https://github.com/apache/trafficserver/pull/9243 + NOTE: https://github.com/apache/trafficserver/commit/71a80d1abb3fbcb2e30ff850c8bca0a371589b5a (master) + NOTE: https://github.com/apache/trafficserver/commit/590f87304b233791169af3d5899c5ba135bb61fa (9.1.x) +CVE-2022-32748 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) + NOT-FOR-US: Schneider +CVE-2022-32747 (A CWE-290: Authentication Bypass by Spoofing vulnerability exists that ...) + NOT-FOR-US: Schneider +CVE-2022-32746 (A flaw was found in the Samba AD LDAP server. The AD DC database audit ...) + {DSA-5205-1} + - samba 2:4.16.4+dfsg-1 (bug #1016449) + [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-32746.html +CVE-2022-32745 (A flaw was found in Samba. Samba AD users can cause the server to acce ...) + {DSA-5205-1} + - samba 2:4.16.4+dfsg-1 (bug #1016449) + [buster] - samba (Only affects 4.13 and later) + NOTE: https://www.samba.org/samba/security/CVE-2022-32745.html +CVE-2022-32744 (A flaw was found in Samba. The KDC accepts kpasswd requests encrypted ...) + {DSA-5205-1} + - samba 2:4.16.4+dfsg-1 (bug #1016449) + [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-32744.html +CVE-2022-32743 (Samba does not validate the Validated-DNS-Host-Name right for the dNSH ...) + [experimental] - samba 2:4.17.0+dfsg-1 + - samba 2:4.17.2+dfsg-3 (bug #1021022) + [bullseye] - samba (Minor issue) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14833 +CVE-2022-32742 (A flaw was found in Samba. Some SMB1 write requests were not correctly ...) + {DSA-5205-1} + - samba 2:4.16.4+dfsg-1 (bug #1016449) + NOTE: https://www.samba.org/samba/security/CVE-2022-32742.html +CVE-2022-32741 (Attacker is able to determine if the provided username exists (and it' ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x +CVE-2022-32740 (A reply to a forwarded email article by a 3rd party could unintensiona ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x +CVE-2022-32739 (When Secure::DisableBanner system configuration has been disabled and ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x +CVE-2022-32573 (A directory traversal vulnerability exists in the AssetActions.aspx ad ...) + NOT-FOR-US: Lansweeper +CVE-2022-30605 (A privilege escalation vulnerability exists in the session id function ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-29886 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...) + NOT-FOR-US: ESTsoft Alyac +CVE-2022-29517 (A directory traversal vulnerability exists in the HelpdeskActions.aspx ...) + NOT-FOR-US: Lansweeper +CVE-2022-29511 (A directory traversal vulnerability exists in the KnowledgebasePageAct ...) + NOT-FOR-US: Lansweeper +CVE-2022-29468 (A cross-site request forgery (CSRF) vulnerability exists in WWBN AVide ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-28703 (A stored cross-site scripting vulnerability exists in the HdConfigActi ...) + NOT-FOR-US: Lansweeper +CVE-2022-27498 (A directory traversal vulnerability exists in the TicketTemplateAction ...) + NOT-FOR-US: Lansweeper +CVE-2022-2039 (The Free Live Chat Support plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2038 + RESERVED +CVE-2022-2037 (Excessive Attack Surface in GitHub repository tooljet/tooljet prior to ...) + NOT-FOR-US: ToolJet +CVE-2022-32738 + REJECTED +CVE-2022-32737 + REJECTED +CVE-2022-32736 + REJECTED +CVE-2022-32735 + REJECTED +CVE-2022-32734 + REJECTED +CVE-2022-32733 + REJECTED +CVE-2022-32732 + REJECTED +CVE-2022-32731 + REJECTED +CVE-2022-32730 + REJECTED +CVE-2022-32729 + REJECTED +CVE-2022-32728 + REJECTED +CVE-2022-32727 + REJECTED +CVE-2022-32726 + REJECTED +CVE-2022-32725 + REJECTED +CVE-2022-32724 + REJECTED +CVE-2022-32723 + REJECTED +CVE-2022-32722 + REJECTED +CVE-2022-32721 + REJECTED +CVE-2022-32720 + REJECTED +CVE-2022-32719 + REJECTED +CVE-2022-32718 + REJECTED +CVE-2022-32717 + REJECTED +CVE-2022-32716 + REJECTED +CVE-2022-32715 + REJECTED +CVE-2022-32714 + REJECTED +CVE-2022-32713 + REJECTED +CVE-2022-32712 + REJECTED +CVE-2022-32711 + REJECTED +CVE-2022-32710 + REJECTED +CVE-2022-32709 + REJECTED +CVE-2022-32708 + REJECTED +CVE-2022-32707 + REJECTED +CVE-2022-32706 + REJECTED +CVE-2022-32705 + REJECTED +CVE-2022-32704 + REJECTED +CVE-2022-32703 + REJECTED +CVE-2022-32702 + REJECTED +CVE-2022-32701 + REJECTED +CVE-2022-32700 + REJECTED +CVE-2022-32699 + REJECTED +CVE-2022-32698 + REJECTED +CVE-2022-32697 + REJECTED +CVE-2022-32696 + REJECTED +CVE-2022-32695 + REJECTED +CVE-2022-32694 + REJECTED +CVE-2022-32693 + REJECTED +CVE-2022-32692 + REJECTED +CVE-2022-32691 + REJECTED +CVE-2022-32690 + REJECTED +CVE-2022-32689 + REJECTED +CVE-2022-32688 + REJECTED +CVE-2022-32687 + REJECTED +CVE-2022-32686 + REJECTED +CVE-2022-32685 + REJECTED +CVE-2022-32684 + REJECTED +CVE-2022-32683 + REJECTED +CVE-2022-32682 + REJECTED +CVE-2022-32681 + REJECTED +CVE-2022-32680 + REJECTED +CVE-2022-32679 + REJECTED +CVE-2022-32678 + REJECTED +CVE-2022-32677 + REJECTED +CVE-2022-32676 + REJECTED +CVE-2022-32675 + REJECTED +CVE-2022-32674 + REJECTED +CVE-2022-32673 + REJECTED +CVE-2022-32672 + REJECTED +CVE-2022-32671 + REJECTED +CVE-2022-32670 + REJECTED +CVE-2022-32669 + REJECTED +CVE-2022-32668 + REJECTED +CVE-2022-32667 + REJECTED +CVE-2022-32666 (In Wi-Fi, there is a possible low throughput due to misrepresentation ...) + NOT-FOR-US: MediaTek +CVE-2022-32665 (In Boa, there is a possible command injection due to improper input va ...) + NOT-FOR-US: MediaTek +CVE-2022-32664 (In Config Manager, there is a possible command injection due to improp ...) + NOT-FOR-US: MediaTek +CVE-2022-32663 (In Wi-Fi driver, there is a possible system crash due to null pointer ...) + NOT-FOR-US: MediaTek +CVE-2022-32662 + RESERVED +CVE-2022-32661 + RESERVED +CVE-2022-32660 + RESERVED +CVE-2022-32659 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32658 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32657 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32656 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32655 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32654 (In Wi-Fi driver, there is a possible undefined behavior due to incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-32653 (In mtk-aie, there is a possible use after free due to a logic error. T ...) + NOT-FOR-US: MediaTek +CVE-2022-32652 (In mtk-aie, there is a possible use after free due to a logic error. T ...) + NOT-FOR-US: MediaTek +CVE-2022-32651 (In mtk-aie, there is a possible use after free due to a logic error. T ...) + NOT-FOR-US: MediaTek +CVE-2022-32650 (In mtk-isp, there is a possible use after free due to a logic error. T ...) + NOT-FOR-US: MediaTek +CVE-2022-32649 (In jpeg, there is a possible use after free due to a logic error. This ...) + NOT-FOR-US: MediaTek +CVE-2022-32648 (In disp, there is a possible use after free due to a race condition. T ...) + NOT-FOR-US: MediaTek +CVE-2022-32647 (In ccu, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: MediaTek +CVE-2022-32646 (In gpu drm, there is a possible stack overflow due to a missing bounds ...) + NOT-FOR-US: MediaTek +CVE-2022-32645 (In vow, there is a possible information disclosure due to a race condi ...) + NOT-FOR-US: MediaTek +CVE-2022-32644 (In vow, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek +CVE-2022-32643 (In ccd, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek +CVE-2022-32642 (In ccd, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek +CVE-2022-32641 (In meta wifi, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-32640 (In meta wifi, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-32639 (In watchdog, there is a possible out of bounds read due to a missing b ...) + NOT-FOR-US: MediaTek +CVE-2022-32638 (In isp, there is a possible out of bounds write due to a race conditio ...) + NOT-FOR-US: MediaTek +CVE-2022-32637 (In hevc decoder, there is a possible out of bounds write due to a miss ...) + NOT-FOR-US: MediaTek +CVE-2022-32636 (In keyinstall, there is a possible out of bounds write due to an integ ...) + NOT-FOR-US: MediaTek +CVE-2022-32635 (In gps, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek +CVE-2022-32634 (In ccci, there is a possible out of bounds write due to improper input ...) + NOT-FOR-US: Mediatek +CVE-2022-32633 (In Wi-Fi, there is a possible memory access violation due to a logic e ...) + NOT-FOR-US: Mediatek +CVE-2022-32632 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...) + NOT-FOR-US: Mediatek +CVE-2022-32631 (In Wi-Fi, there is a possible out of bounds write due to improper inpu ...) + NOT-FOR-US: Mediatek +CVE-2022-32630 (In throttling, there is a possible out of bounds write due to an incor ...) + NOT-FOR-US: Mediatek +CVE-2022-32629 (In isp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2022-32628 (In isp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2022-32627 + RESERVED +CVE-2022-32626 (In display, there is a possible out of bounds write due to an incorrec ...) + NOT-FOR-US: Mediatek +CVE-2022-32625 (In display, there is a possible out of bounds write due to an incorrec ...) + NOT-FOR-US: Mediatek +CVE-2022-32624 (In throttling, there is a possible out of bounds write due to an incor ...) + NOT-FOR-US: Mediatek +CVE-2022-32623 (In mdp, there is a possible out of bounds write due to incorrect error ...) + NOT-FOR-US: MediaTek +CVE-2022-32622 (In gz, there is a possible memory corruption due to a missing bounds c ...) + NOT-FOR-US: Mediatek +CVE-2022-32621 (In isp, there is a possible out of bounds write due to a race conditio ...) + NOT-FOR-US: Mediatek +CVE-2022-32620 (In mpu, there is a possible memory corruption due to a logic error. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-32619 (In keyinstall, there is a possible out of bounds write due to an incor ...) + NOT-FOR-US: Mediatek +CVE-2022-32618 (In typec, there is a possible out of bounds write due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2022-32617 (In typec, there is a possible out of bounds write due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2022-32616 (In isp, there is a possible out of bounds write due to uninitialized d ...) + NOT-FOR-US: Mediatek +CVE-2022-32615 (In ccd, there is a possible out of bounds write due to uninitialized d ...) + NOT-FOR-US: Mediatek +CVE-2022-32614 (In audio, there is a possible memory corruption due to a logic error. ...) + NOT-FOR-US: Mediatek +CVE-2022-32613 (In vcu, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: Mediatek +CVE-2022-32612 (In vcu, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-32611 (In isp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2022-32610 (In vcu, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-32609 (In vcu, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-32608 (In jpeg, there is a possible use after free due to a race condition. T ...) + NOT-FOR-US: Mediatek +CVE-2022-32607 (In aee, there is a possible use after free due to a missing bounds che ...) + NOT-FOR-US: Mediatek +CVE-2022-32606 + RESERVED +CVE-2022-32605 (In isp, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: Mediatek +CVE-2022-32604 + RESERVED +CVE-2022-32603 (In gpu drm, there is a possible out of bounds write due to improper in ...) + NOT-FOR-US: Mediatek +CVE-2022-32602 (In keyinstall, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2022-32601 (In telephony, there is a possible permission bypass due to a parcel fo ...) + NOT-FOR-US: Mediatek +CVE-2022-32600 + RESERVED +CVE-2022-32599 (In rpmb, there is a possible out of bounds write due to a logic error. ...) + NOT-FOR-US: MediaTek +CVE-2022-32598 (In widevine, there is a possible out of bounds write due to an incorre ...) + NOT-FOR-US: Mediatek +CVE-2022-32597 (In widevine, there is a possible out of bounds write due to an incorre ...) + NOT-FOR-US: Mediatek +CVE-2022-32596 (In widevine, there is a possible out of bounds write due to an incorre ...) + NOT-FOR-US: Mediatek +CVE-2022-32595 (In widevine, there is a possible out of bounds read due to an incorrec ...) + NOT-FOR-US: MediaTek +CVE-2022-32594 (In widevine, there is a possible out of bounds write due to an incorre ...) + NOT-FOR-US: Mediatek +CVE-2022-32593 (In vowe, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2022-32592 (In cpu dvfs, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Mediatek +CVE-2022-32591 (In ril, there is a possible system crash due to an incorrect bounds ch ...) + NOT-FOR-US: Mediatek +CVE-2022-32590 (In wlan, there is a possible use after free due to an incorrect status ...) + NOT-FOR-US: Mediatek +CVE-2022-32589 (In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an ...) + NOT-FOR-US: Mediatek +CVE-2022-32569 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC M1 ...) + NOT-FOR-US: Intel +CVE-2022-32568 + RESERVED +CVE-2022-32567 (The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jir ...) + NOT-FOR-US: Appfire Jira Misc Custom Fields (JMCF) app +CVE-2022-32566 + RESERVED +CVE-2022-32565 (An issue was discovered in Couchbase Server before 7.0.4. The Backup S ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32564 (An issue was discovered in Couchbase Server before 7.0.4. In couchbase ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32563 (An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Ad ...) + NOT-FOR-US: Couchbase Sync Gateway +CVE-2022-32562 (An issue was discovered in Couchbase Server before 7.0.4. Operations m ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32561 (An issue was discovered in Couchbase Server before 6.6.5 and 7.x befor ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32560 (An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks r ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32559 (An issue was discovered in Couchbase Server before 7.0.4. Random HTTP ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32558 (An issue was discovered in Couchbase Server before 7.0.4. Sample bucke ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32557 (An issue was discovered in Couchbase Server before 7.0.4. The Index Se ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32556 (An issue was discovered in Couchbase Server before 7.0.4. A private ke ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32555 (Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7 ...) + NOT-FOR-US: Unisys Data Exchange Management Studio +CVE-2022-32554 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + NOT-FOR-US: Pure Storage FlashArray +CVE-2022-32553 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + NOT-FOR-US: Pure Storage FlashArray +CVE-2022-32552 (Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1 ...) + NOT-FOR-US: Pure Storage FlashArray +CVE-2022-30944 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) + NOT-FOR-US: Intel +CVE-2022-30601 (Insufficiently protected credentials for Intel(R) AMT and Intel(R) Sta ...) + NOT-FOR-US: Intel +CVE-2022-30542 (Improper input validation in the firmware for some Intel(R) Server Boa ...) + NOT-FOR-US: Intel +CVE-2022-30539 (Use after free in the BIOS firmware for some Intel(R) Processors may a ...) + NOT-FOR-US: Intel +CVE-2022-29920 + RESERVED +CVE-2022-29896 + RESERVED +CVE-2022-29523 (Improper conditions check in the Open CAS software maintained by Intel ...) + NOT-FOR-US: Intel +CVE-2022-28699 (Improper input validation for some Intel(R) NUC BIOS firmware may allo ...) + NOT-FOR-US: Intel +CVE-2022-28697 (Improper access control in firmware for Intel(R) AMT and Intel(R) Stan ...) + NOT-FOR-US: Intel +CVE-2022-2036 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2022-32551 (Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traver ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-32550 (An issue was discovered in AgileBits 1Password, involving the method v ...) + NOT-FOR-US: AgileBits 1Password +CVE-2022-32549 (Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are v ...) + NOT-FOR-US: Apache Sling +CVE-2022-32289 (Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Build ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32280 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) + NOT-FOR-US: WordPress plugin +CVE-2022-31475 (Authenticated (custom plugin role) Arbitrary File Read via Export func ...) + NOT-FOR-US: Sygnoos +CVE-2022-30536 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Flore ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30337 (Cross-Site Request Forgery (CSRF) vulnerability in JoomUnited WP Meta ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29923 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28700 (Authenticated Arbitrary File Creation via Export function vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28666 (Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28612 (Improper Access Control vulnerability leading to multiple Authenticate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25649 (Multiple Improper Access Control vulnerabilities in StoreApps Affiliat ...) + NOT-FOR-US: WooCommerce addon +CVE-2022-2035 (A reflected cross-site scripting (XSS) vulnerability exists in the pla ...) + NOT-FOR-US: SCORM Engine +CVE-2022-2034 (The Sensei LMS WordPress plugin before 4.5.0 does not have proper perm ...) + NOT-FOR-US: WordPress plugin +CVE-2022-2033 + RESERVED +CVE-2022-2032 (In Pandora FMS v7.0NG.761 and below, in the file manager section, the ...) + NOT-FOR-US: Pandora FMS +CVE-2022-2031 (A flaw was found in Samba. The security vulnerability occurs when KDC ...) + {DSA-5205-1} + - samba 2:4.16.4+dfsg-1 (bug #1016449) + [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-2031.html +CVE-2022-2030 (A directory traversal vulnerability caused by specific character seque ...) + NOT-FOR-US: Zyxel +CVE-2022-2029 (Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra ...) + NOT-FOR-US: kromitgmbh/titra +CVE-2022-2028 (Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/t ...) + NOT-FOR-US: kromitgmbh/titra +CVE-2022-2027 (Improper Neutralization of Formula Elements in a CSV File in GitHub re ...) + NOT-FOR-US: kromitgmbh/titra +CVE-2022-2026 (Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/ti ...) + NOT-FOR-US: kromitgmbh/titra +CVE-2022-2025 (an attacker with knowledge of user/pass of Grandstream GSD3710 in its ...) + NOT-FOR-US: Grandstream +CVE-2017-20051 (A vulnerability was found in InnoSetup Installer. It has been declared ...) + NOT-FOR-US: InnoSetup +CVE-2022-32548 (An issue was discovered on certain DrayTek Vigor routers before July 2 ...) + NOT-FOR-US: DrayTek Vigor router +CVE-2022-32547 (In ImageMagick, there is load of misaligned address for type 'double', ...) + {DLA-3429-1} + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) + [bullseye] - imagemagick (Minor issue) + [stretch] - imagemagick (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091813 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/5033 + NOTE: https://github.com/ImageMagick/ImageMagick/pull/5034 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 (7.1.0-30) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dc070da861a015d3c97488fdcca6063b44d47a7b (6.9.12-45) +CVE-2023-34151 (A vulnerability was found in ImageMagick. This security flaw ouccers a ...) + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1036999) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/6341 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 (7.1.1-10) + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/133089f716f23ce0b80d89ccc1fd680960235512 (6.9.12-88) +CVE-2022-32546 (A vulnerability was found in ImageMagick, causing an outside the range ...) + {DLA-3429-1} + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) + [bullseye] - imagemagick (Minor issue) + [stretch] - imagemagick (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091812 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4985 + NOTE: https://github.com/ImageMagick/ImageMagick/pull/4986 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f221ea0fa3171f0f4fdf74ac9d81b203b9534c23 (7.1.0-29) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/29c8abce0da56b536542f76a9ddfebdaab5b2943 (6.9.12-44) +CVE-2022-32545 (A vulnerability was found in ImageMagick, causing an outside the range ...) + {DLA-3429-1} + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1016442) + [bullseye] - imagemagick (Minor issue) + [stretch] - imagemagick (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091811 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4962 + NOTE: https://github.com/ImageMagick/ImageMagick/pull/4963 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/9c9a84cec4ab28ee0b57c2b9266d6fbe68183512 (7.1.0-28) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa (6.9.12-43) +CVE-2022-32543 (An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5. ...) + NOT-FOR-US: ESTsoft Alyac +CVE-2022-32542 + RESERVED +CVE-2022-32541 + RESERVED +CVE-2022-32540 (Information Disclosure in Operator Client application in BVMS 10.1.1, ...) + NOT-FOR-US: Information Disclosure in Operator Client application in BVMS nd VIDEOJET Decoder VJD-7513 +CVE-2022-32539 + RESERVED +CVE-2022-32538 + RESERVED +CVE-2022-32537 (A vulnerability exists which could allow an unauthorized user to learn ...) + NOT-FOR-US: Medtronic +CVE-2022-2024 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.) + NOT-FOR-US: Go Git Service +CVE-2022-2023 (Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk ...) + NOT-FOR-US: Trudesk +CVE-2017-20050 + REJECTED +CVE-2017-20049 (A vulnerability, was found in legacy Axis devices such as P3225 and M3 ...) + NOT-FOR-US: AXIS +CVE-2017-20048 + REJECTED +CVE-2017-20047 + REJECTED +CVE-2017-20046 + REJECTED +CVE-2022-32536 (The user access rights validation in the web server of the Bosch Ether ...) + NOT-FOR-US: Bosch +CVE-2022-32535 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 run ...) + NOT-FOR-US: Bosch +CVE-2022-32534 (The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and ...) + NOT-FOR-US: Bosch +CVE-2022-32533 (Apache Jetspeed-2 does not sufficiently filter untrusted user input by ...) + NOT-FOR-US: Apache Portals Jetspeed +CVE-2022-32532 (Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured ...) + - shiro (bug #1014820) + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/28/2 +CVE-2022-32531 (The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does ...) + - bookkeeper (bug #1026233) + NOTE: https://lists.apache.org/thread/xyk2lfc7lzof8mksmwyympbqxts1b5s9 +CVE-2022-2022 (Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb ...) + NOT-FOR-US: nocodb +CVE-2022-2021 + RESERVED +CVE-2022-2020 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: SourceCodester Prison Management System +CVE-2022-2019 (A vulnerability classified as critical was found in SourceCodester Pri ...) + NOT-FOR-US: SourceCodester Prison Management System +CVE-2022-2018 (A vulnerability classified as critical has been found in SourceCodeste ...) + NOT-FOR-US: SourceCodester Prison Management System +CVE-2022-2017 (A vulnerability was found in SourceCodester Prison Management System 1 ...) + NOT-FOR-US: SourceCodester Prison Management System +CVE-2022-2016 (Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/ ...) + NOT-FOR-US: neorazorx/facturascripts +CVE-2022-2015 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-2014 (Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.) + NOT-FOR-US: jgraph/drawio +CVE-2022-32530 (A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists th ...) + NOT-FOR-US: Geo SCADA Mobile +CVE-2022-32529 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32528 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider +CVE-2022-32527 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32526 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32525 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32524 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32523 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32522 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider +CVE-2022-32521 (A CWE 502: Deserialization of Untrusted Data vulnerability exists that ...) + NOT-FOR-US: Schneider +CVE-2022-32520 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...) + NOT-FOR-US: Schneider +CVE-2022-32519 (A CWE-257: Storing Passwords in a Recoverable Format vulnerability exi ...) + NOT-FOR-US: Schneider +CVE-2022-32518 (A CWE-522: Insufficiently Protected Credentials vulnerability exists t ...) + NOT-FOR-US: Schneider +CVE-2022-32517 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) + NOT-FOR-US: Schneider +CVE-2022-32516 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + NOT-FOR-US: Schneider +CVE-2022-32515 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + NOT-FOR-US: Schneider +CVE-2022-32514 (A CWE-287: Improper Authentication vulnerability exists that could all ...) + NOT-FOR-US: Schneider +CVE-2022-32513 (A CWE-521: Weak Password Requirements vulnerability exists that could ...) + NOT-FOR-US: Schneider +CVE-2022-32512 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider +CVE-2022-32511 (jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a s ...) + - ruby-jmespath 1.6.1-1 (bug #1014807) + [bullseye] - ruby-jmespath (Minor issue) + NOTE: https://github.com/jmespath/jmespath.rb/pull/55 + NOTE: https://github.com/jmespath/jmespath.rb/commit/e8841280053a9d9a0c90f36223f926c8b9e4ec49 (v1.6.1) +CVE-2022-32510 + RESERVED +CVE-2022-32509 + RESERVED +CVE-2022-32508 + RESERVED +CVE-2022-32507 + RESERVED +CVE-2022-32506 + RESERVED +CVE-2022-32505 + RESERVED +CVE-2022-32504 + RESERVED +CVE-2022-32503 + RESERVED +CVE-2022-32502 + RESERVED +CVE-2022-32501 + RESERVED +CVE-2022-32500 + RESERVED +CVE-2022-32499 + RESERVED +CVE-2022-2013 (In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if ...) + NOT-FOR-US: Octopus Server +CVE-2022-2012 + RESERVED +CVE-2022-2011 (Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allow ...) + {DSA-5163-1} + - chromium 102.0.5005.115-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2010 (Out of bounds read in compositing in Google Chrome prior to 102.0.5005 ...) + {DSA-5163-1} + - chromium 102.0.5005.115-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2009 + RESERVED +CVE-2022-2008 (Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed ...) + {DSA-5163-1} + - chromium 102.0.5005.115-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2007 (Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allo ...) + {DSA-5163-1} + - chromium 102.0.5005.115-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-2006 (AutomationDirect DirectLOGIC has a DLL vulnerability in the install di ...) + NOT-FOR-US: AutomationDirect +CVE-2022-2005 (AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism ...) + NOT-FOR-US: AutomationDirect +CVE-2022-2004 (AutomationDirect DirectLOGIC is vulnerable to a a specially crafted pa ...) + NOT-FOR-US: AutomationDirect +CVE-2022-2003 (AutomationDirect DirectLOGIC is vulnerable to a specifically crafted s ...) + NOT-FOR-US: AutomationDirect +CVE-2022-2002 (GE CIMPICITY versions 2022 and prior is vulnerable when data from ...) + NOT-FOR-US: GE CIMPICITY +CVE-2022-2001 (The DX Share Selection plugin for WordPress is vulnerable to Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32498 (Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijackin ...) + NOT-FOR-US: Dell +CVE-2022-32497 + REJECTED +CVE-2022-32496 + REJECTED +CVE-2022-32495 + REJECTED +CVE-2022-32494 + REJECTED +CVE-2022-32493 (Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A loc ...) + NOT-FOR-US: Dell +CVE-2022-32492 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32491 (Dell Client BIOS contains a Buffer Overflow vulnerability. A local aut ...) + NOT-FOR-US: Dell +CVE-2022-32490 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32489 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32488 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32487 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32486 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32485 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32484 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32483 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32482 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-32481 (Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a p ...) + NOT-FOR-US: Dell +CVE-2022-32480 (Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9 ...) + NOT-FOR-US: Dell +CVE-2022-32479 + REJECTED +CVE-2022-32478 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32477 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32476 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32475 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32474 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32473 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32472 + REJECTED +CVE-2022-32471 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32470 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32469 (An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5. ...) + NOT-FOR-US: Insyde +CVE-2022-32468 + RESERVED +CVE-2022-32467 + RESERVED +CVE-2022-32466 + RESERVED +CVE-2022-32465 + RESERVED +CVE-2022-32464 + RESERVED +CVE-2022-32463 + RESERVED +CVE-2022-32462 + RESERVED +CVE-2022-32461 + RESERVED +CVE-2022-32460 + RESERVED +CVE-2022-32459 + RESERVED +CVE-2022-32458 (Digiwin BPM has a XML External Entity Injection (XXE) vulnerability du ...) + NOT-FOR-US: Digiwin +CVE-2022-32457 (Digiwin BPM has inadequate filtering for URL parameter. An unauthentic ...) + NOT-FOR-US: Digiwin +CVE-2022-32456 (Digiwin BPM\u2019s function has insufficient validation for user input ...) + NOT-FOR-US: Digiwin +CVE-2022-30707 (Violation of secure design principles exists in the communication of C ...) + NOT-FOR-US: CAMS for HIS +CVE-2022-30532 (In affected versions of Octopus Deploy, there is no logging of changes ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-29890 (In affected versions of Octopus Server the help sidebar can be customi ...) + NOT-FOR-US: Octopus Server +CVE-2022-2000 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/f61a64e2-d163-461b-a77e-46ab38e021f0 + NOTE: https://github.com/vim/vim/commit/44a3f3353e0407e9fffee138125a6927d1c9e7e5 (v8.2.5063) +CVE-2022-1999 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1998 (A use after free in the Linux kernel File System notify functionality ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ee12595147ac1fbfb5bcb23837e26dd58d94b15d (5.17-rc3) +CVE-2022-1997 (Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacqu ...) + NOT-FOR-US: francoisjacquet/rosariosis +CVE-2022-1996 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + - golang-github-emicklei-go-restful 3.10.2-1 (bug #1012763) + [bullseye] - golang-github-emicklei-go-restful (Minor issue) + [buster] - golang-github-emicklei-go-restful (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1/ + NOTE: https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10 (v3.8.0) +CVE-2022-1995 (The Malware Scanner WordPress plugin before 4.5.2 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1994 (The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator ...) + NOT-FOR-US: WordPress plugin +CVE-2017-20045 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been d ...) + NOT-FOR-US: Navetti PricePoint +CVE-2017-20044 (A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been c ...) + NOT-FOR-US: Navetti PricePoint +CVE-2017-20043 (A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified ...) + NOT-FOR-US: Navetti PricePoint +CVE-2017-20042 (A vulnerability has been found in Navetti PricePoint 4.6.0.0 and class ...) + NOT-FOR-US: Navetti PricePoint +CVE-2017-20041 (A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been ...) + NOT-FOR-US: Ucweb UC Browser +CVE-2022-32452 + RESERVED +CVE-2022-32451 + RESERVED +CVE-2022-32450 (AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symb ...) + NOT-FOR-US: AnyDesk +CVE-2022-32449 (TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command inj ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32448 + RESERVED +CVE-2022-32447 + RESERVED +CVE-2022-32446 + RESERVED +CVE-2022-32445 + RESERVED +CVE-2022-32444 (An issue was discovered in u5cms verion 8.3.5 There is a URL redirecti ...) + NOT-FOR-US: u5cms +CVE-2022-32443 + RESERVED +CVE-2022-32442 (u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When ...) + NOT-FOR-US: u5cms +CVE-2022-32441 (A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause ...) + NOT-FOR-US: Hex Rays Ida Pro +CVE-2022-32440 + RESERVED +CVE-2022-32439 + RESERVED +CVE-2022-32438 + RESERVED +CVE-2022-32437 + RESERVED +CVE-2022-32436 + RESERVED +CVE-2022-32435 + RESERVED +CVE-2022-32434 (EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow ...) + NOT-FOR-US: EIPStackGroup OpENer +CVE-2022-32433 (itsourcecode Advanced School Management System v1.0 is vulnerable to A ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32432 + RESERVED +CVE-2022-32431 + RESERVED +CVE-2022-32430 (An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers ...) + NOT-FOR-US: Lin CMS +CVE-2022-32429 (An authentication-bypass issue in the component http://MYDEVICEIP/cgi- ...) + NOT-FOR-US: Mega System Technologies Inc MSNSwitch +CVE-2022-32428 + RESERVED +CVE-2022-32427 (PrinterLogic Windows Client through 25.0.0.676 allows attackers to exe ...) + NOT-FOR-US: PrinterLogic Windows Client +CVE-2022-32426 + RESERVED +CVE-2022-32425 (The login function of Mealie v1.0.0beta-2 allows attackers to enumerat ...) + NOT-FOR-US: Mealie +CVE-2022-32424 + RESERVED +CVE-2022-32423 + RESERVED +CVE-2022-32422 + RESERVED +CVE-2022-32421 + RESERVED +CVE-2022-32420 (College Management System v1.0 was discovered to contain a remote code ...) + NOT-FOR-US: College Management System +CVE-2022-32419 + RESERVED +CVE-2022-32418 + RESERVED +CVE-2022-32417 (PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE ...) + NOT-FOR-US: PbootCMS +CVE-2022-32416 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32415 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/? ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32414 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-32413 (An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers ...) + NOT-FOR-US: Dice +CVE-2022-32412 (An issue in the /template/edit component of HongCMS v3.0 allows attack ...) + NOT-FOR-US: HongCMS +CVE-2022-32411 (An issue in the languages config file of HongCMS v3.0 allows attackers ...) + NOT-FOR-US: HongCMS +CVE-2022-32410 + RESERVED +CVE-2022-32409 (A local file inclusion (LFI) vulnerability in the component codemirror ...) + NOT-FOR-US: Portal do Software Publico Brasileiro i3geo +CVE-2022-32408 + RESERVED +CVE-2022-32407 (Softr v2.0 was discovered to contain a Cross-Site Scripting (XSS) vuln ...) + NOT-FOR-US: Softr +CVE-2022-32406 (GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the ...) + NOT-FOR-US: GtkRadiant +CVE-2022-32405 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32404 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32403 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32402 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32401 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32400 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32399 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32398 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32397 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32396 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32395 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32394 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32393 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32392 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32391 (Prison Management System v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Prison Management System +CVE-2022-32390 + RESERVED +CVE-2022-32389 (Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in ...) + NOT-FOR-US: Isode SWIFT (different than src:swift) +CVE-2022-32388 + RESERVED +CVE-2022-32387 (In Kentico before 13.0.66, attackers can achieve Denial of Service via ...) + NOT-FOR-US: Kentico +CVE-2022-32386 (Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-32385 (Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allo ...) + NOT-FOR-US: Tenda +CVE-2022-32384 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-32383 (Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-32382 + RESERVED +CVE-2022-32381 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32380 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32379 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32378 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32377 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32376 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32375 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32374 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32373 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32372 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32371 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32370 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32369 + RESERVED +CVE-2022-32368 (itsourcecode Advanced School Management System v1.0 is vulnerable to S ...) + NOT-FOR-US: itsourcecode Advanced School Management System +CVE-2022-32367 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32366 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32365 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32364 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32363 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32362 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32361 + RESERVED +CVE-2022-32360 + RESERVED +CVE-2022-32359 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32358 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/c ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32357 + RESERVED +CVE-2022-32356 + RESERVED +CVE-2022-32355 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32354 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32353 (Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/a ...) + NOT-FOR-US: Product Show Room Site +CVE-2022-32352 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32351 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32350 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32349 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32348 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32347 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32346 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32345 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32344 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32343 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32342 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32341 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32340 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32339 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32338 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32337 (Hospital's Patient Records Management System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Hospital's Patient Records Management System +CVE-2022-32336 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32335 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32334 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32333 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32332 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32331 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32330 (Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffo ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32329 + RESERVED +CVE-2022-32328 (Fast Food Ordering System v1.0 is vulnerable to Delete any file. via / ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32327 + RESERVED +CVE-2022-32326 + RESERVED +CVE-2022-32325 (JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation wh ...) + - jpegoptim (unimportant) + NOTE: https://github.com/tjko/jpegoptim/issues/107 + NOTE: Crash in CLI tool, no security impact +CVE-2022-32324 (PDFAlto v0.4 was discovered to contain a heap buffer overflow via the ...) + NOT-FOR-US: PDFAlto +CVE-2022-32323 (AutoTrace v0.40.0 was discovered to contain a heap overflow via the Re ...) + - autotrace +CVE-2022-32322 + RESERVED +CVE-2022-32321 + RESERVED +CVE-2022-32320 (A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium ...) + NOT-FOR-US: Ferdi +CVE-2022-32319 + RESERVED +CVE-2022-32318 (Fast Food Ordering System v1.0 was discovered to contain a persistent ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-32317 (The MPlayer Project v1.5 was discovered to contain a heap use-after-fr ...) + NOTE: PoC file has vanished, but anyway a crash in a GUI is tool is not considered a security issue +CVE-2022-32316 + RESERVED +CVE-2022-32315 + RESERVED +CVE-2022-32314 + RESERVED +CVE-2022-32313 + RESERVED +CVE-2022-32312 + RESERVED +CVE-2022-32311 (Ingredient Stock Management System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: Ingredient Stock Management System +CVE-2022-32310 (An access control issue in Ingredient Stock Management System v1.0 all ...) + NOT-FOR-US: Ingredient Stock Management System +CVE-2022-32309 + RESERVED +CVE-2022-32308 (Cross Site Scripting (XSS) vulnerability in uBlock Origin extension be ...) + {DLA-3062-1} + - ublock-origin 1.42.0+dfsg-1 + [bullseye] - ublock-origin 1.42.0+dfsg-1~deb11u1 + [buster] - ublock-origin 1.42.0+dfsg-1~deb10u1 + NOTE: https://github.com/uBlockOrigin/uBlock-issues/issues/1992 + NOTE: https://github.com/gorhill/uBlock/commit/e1e2ba3d5d00112f74464ddcc9f561f065dd3623 (1.41.5b2) + NOTE: https://github.com/gorhill/uBlock/commit/60072e7996e58cd7cca5186fde742d83cc6a612c (1.41.7b0) +CVE-2022-32307 + RESERVED +CVE-2022-32306 + RESERVED +CVE-2022-32305 + RESERVED +CVE-2022-32304 + RESERVED +CVE-2022-32303 + RESERVED +CVE-2022-32302 (Theme Park Ticketing System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Theme Park Ticketing System +CVE-2022-32301 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: YoudianCMS +CVE-2022-32300 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: YoudianCMS +CVE-2022-32299 (YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: YoudianCMS +CVE-2022-32298 (Toybox v0.8.7 was discovered to contain a NULL pointer dereference via ...) + - toybox (Vulnerable code not uploaded yet) + NOTE: https://github.com/landley/toybox/issues/346 + NOTE: Introduced by: https://github.com/landley/toybox/commit/a9d0e2386f5f494bb9b4e9d56f6b95b40d7579d4 (0.8.7) + NOTE: Fixed by: https://github.com/landley/toybox/commit/6d4847934fc0fe47a3254ce6c0396d197a780cf4 +CVE-2022-32297 (Piwigo v12.2.0 was discovered to contain SQL injection vulnerability v ...) + - piwigo +CVE-2022-32295 (On Ampere Altra and AltraMax devices before SRP 1.09, the Altra refere ...) + NOT-FOR-US: Ampere devices +CVE-2022-32294 (Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-l ...) + NOT-FOR-US: Zimbra +CVE-2022-32293 (In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HT ...) + {DSA-5231-1 DLA-3144-1 DLA-3105-1} + - connman 1.41-2 (bug #1016976) + NOTE: https://lore.kernel.org/connman/20220801080043.4861-1-wagi@monom.org/ + NOTE: https://lore.kernel.org/connman/20220801080043.4861-3-wagi@monom.org/ + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200190 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=72343929836de80727a27d6744c869dff045757c + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=416bfaff988882c553c672e5bfc2d4f648d29e8a +CVE-2022-32292 (In ConnMan through 1.41, remote attackers able to send HTTP requests t ...) + {DSA-5231-1 DLA-3105-1} + - connman 1.41-2 (bug #1016976) + NOTE: https://lore.kernel.org/connman/20220801080043.4861-5-wagi@monom.org/ + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1200189 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d1a5ede5d255bde8ef707f8441b997563b9312bd +CVE-2022-32291 (In Real Player through 20.1.0.312, attackers can execute arbitrary cod ...) + NOT-FOR-US: Real Player +CVE-2022-32290 (The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorre ...) + NOT-FOR-US: Northern.tech Mender +CVE-2017-20040 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...) + NOT-FOR-US: SICUNET Access Controller +CVE-2017-20039 (A vulnerability was found in SICUNET Access Controller 0.32-05z. It ha ...) + NOT-FOR-US: SICUNET Access Controller +CVE-2017-20038 (A vulnerability was found in SICUNET Access Controller 0.32-05z and cl ...) + NOT-FOR-US: SICUNET Access Controller +CVE-2017-20037 (A vulnerability has been found in SICUNET Access Controller 0.32-05z a ...) + NOT-FOR-US: SICUNET Access Controller +CVE-2017-20036 (A vulnerability, which was classified as problematic, was found in PHP ...) + - phplist (bug #612288) +CVE-2017-20035 (A vulnerability, which was classified as problematic, has been found i ...) + - phplist (bug #612288) +CVE-2017-20034 (A vulnerability classified as problematic was found in PHPList 3.2.6. ...) + - phplist (bug #612288) +CVE-2017-20033 (A vulnerability classified as problematic has been found in PHPList 3. ...) + - phplist (bug #612288) +CVE-2017-20032 (A vulnerability was found in PHPList 3.2.6. It has been rated as criti ...) + - phplist (bug #612288) +CVE-2017-20031 (A vulnerability was found in PHPList 3.2.6. It has been declared as pr ...) + - phplist (bug #612288) +CVE-2017-20030 (A vulnerability was found in PHPList 3.2.6. It has been classified as ...) + - phplist (bug #612288) +CVE-2017-20029 (A vulnerability was found in PHPList 3.2.6 and classified as critical. ...) + - phplist (bug #612288) +CVE-2017-20028 (A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been c ...) + NOT-FOR-US: HumHub +CVE-2017-20027 (A vulnerability was found in HumHub up to 1.0.1 and classified as prob ...) + NOT-FOR-US: HumHub +CVE-2017-20026 (A vulnerability has been found in HumHub up to 1.0.1 and classified as ...) + NOT-FOR-US: HumHub +CVE-2017-20025 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20024 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It ha ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20023 (A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and cl ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20022 (A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 a ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20021 (A vulnerability, which was classified as critical, was found in Solare ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20020 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20019 (A vulnerability classified as problematic was found in Solare Solar-Lo ...) + NOT-FOR-US: Solare Solar-Log +CVE-2017-20018 (A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classifie ...) + NOT-FOR-US: XAMPP +CVE-2016-15002 (A vulnerability, which was classified as critical, was found in MONyog ...) + NOT-FOR-US: MONyog Ultimate +CVE-2019-25070 (** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS u ...) + NOT-FOR-US: WolfCMS +CVE-2019-25069 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Axios Italia Axios RE +CVE-2019-25068 (A vulnerability classified as critical was found in Axios Italia Axios ...) + NOT-FOR-US: Axios Italia Axios RE +CVE-2019-25067 (A vulnerability, which was classified as critical, was found in Podman ...) + - libpod 3.0.0+dfsg1-1 + NOTE: https://vuldb.com/?id.143949 + NOTE: https://www.exploit-db.com/exploits/47500 + NOTE: exploit demo script on client uses Python podman code which is not in Debian + NOTE: refers to old versions of remote code which never made it to a Debian release + NOTE: issue probably present in all versions with varlink, starting 1.6.2+dfsg-1 + NOTE: upstream (Fedora/RedHat) refuses to look into it: https://bugzilla.redhat.com/show_bug.cgi?id=2097496 +CVE-2019-25066 (A vulnerability has been found in ajenti 2.1.31 and classified as crit ...) + - ajenti (bug #792019) +CVE-2019-25065 (A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as ...) + NOT-FOR-US: OpenNetAdmin +CVE-2018-25044 (A vulnerability, which was classified as critical, has been found in u ...) + NOT-FOR-US: uTorrent +CVE-2018-25043 (A vulnerability classified as critical was found in uTorrent. This vul ...) + NOT-FOR-US: uTorrent +CVE-2018-25042 (A vulnerability classified as critical has been found in uTorrent. Thi ...) + NOT-FOR-US: uTorrent +CVE-2018-25041 (A vulnerability was found in uTorrent. It has been rated as critical. ...) + NOT-FOR-US: uTorrent +CVE-2018-25040 (A vulnerability was found in uTorrent Web. It has been declared as cri ...) + NOT-FOR-US: uTorrent +CVE-2018-25039 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been de ...) + NOT-FOR-US: Thomson TCW710 +CVE-2018-25038 (A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been cl ...) + NOT-FOR-US: Thomson TCW710 +CVE-2018-25037 (A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified ...) + NOT-FOR-US: Thomson TCW710 +CVE-2018-25036 (A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classi ...) + NOT-FOR-US: Thomson TCW710 +CVE-2018-25035 (A vulnerability, which was classified as problematic, was found in Tho ...) + NOT-FOR-US: Thomson TCW710 +CVE-2018-25034 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Thomson TCW710 +CVE-2017-20017 (A vulnerability, which was classified as critical, has been found in T ...) + NOT-FOR-US: Genealogy Sitebuilding +CVE-2020-36544 (A vulnerability has been found in SialWeb CMS and classified as proble ...) + NOT-FOR-US: SialWeb CMS +CVE-2020-36543 (A vulnerability, which was classified as critical, was found in SialWe ...) + NOT-FOR-US: SialWeb CMS +CVE-2020-36542 (A vulnerability classified as critical has been found in Demokratian. ...) + NOT-FOR-US: Demokratian +CVE-2020-36541 (A vulnerability was found in Demokratian. It has been rated as critica ...) + NOT-FOR-US: Demokratian +CVE-2020-36540 (A vulnerability, which was classified as critical, was found in Neetai ...) + NOT-FOR-US: Neetai Tech +CVE-2020-36539 (A vulnerability was found in L\xf3gico y Creativo 1.0 and classified a ...) + NOT-FOR-US: Logico y Creativo +CVE-2020-36538 (A vulnerability was found in Eatan CMS. It has been declared as critic ...) + NOT-FOR-US: Eatan CMS +CVE-2020-36537 (A vulnerability was found in Everywhere CMS. It has been classified as ...) + NOT-FOR-US: Everywhere CMS +CVE-2020-36536 (A vulnerability was found in Brandbugle. It has been rated as critical ...) + NOT-FOR-US: Brandbugle +CVE-2020-36535 (A vulnerability classified as critical has been found in MINMAX. This ...) + NOT-FOR-US: MINMAX +CVE-2020-36534 (A vulnerability was found in easyii CMS. It has been classified as pro ...) + NOT-FOR-US: easyii CMS +CVE-2020-36533 (A vulnerability was found in Klapp App and classified as problematic. ...) + NOT-FOR-US: Klapp App +CVE-2020-36532 (A vulnerability has been found in Klapp App and classified as problema ...) + NOT-FOR-US: Klapp App +CVE-2020-36531 (A vulnerability, which was classified as critical, has been found in S ...) + NOT-FOR-US: SevOne Network Management System +CVE-2020-36530 (A vulnerability classified as critical was found in SevOne Network Man ...) + NOT-FOR-US: SevOne Network Management System +CVE-2020-36529 (A vulnerability classified as critical has been found in SevOne Networ ...) + NOT-FOR-US: SevOne Network Management System +CVE-2019-25064 (A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has b ...) + NOT-FOR-US: CoreHR Core Portal +CVE-2019-25063 (A vulnerability was found in Sricam IP CCTV Camera. It has been classi ...) + NOT-FOR-US: Sricam IP CCTV Camera +CVE-2019-25062 (A vulnerability was found in Sricam IP CCTV Camera and classified as c ...) + NOT-FOR-US: Sricam IP CCTV Camera +CVE-2022-32296 (The Linux kernel before 5.17.9 allows TCP servers to identify clients ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.17.11-1 + [bullseye] - linux 5.10.127-1 + NOTE: https://git.kernel.org/linus/4c2c8f03a5ab7cb04ec64724d7d176d00bcc91e5 (5.18-rc6) +CVE-2022-32287 (A relative path traversal vulnerability in a FileUtil class used by th ...) + NOT-FOR-US: Apache UIMA +CVE-2022-32286 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...) + NOT-FOR-US: Siemens +CVE-2022-32285 (A vulnerability has been identified in Mendix SAML Module (Mendix 7 co ...) + NOT-FOR-US: Siemens +CVE-2022-32279 + RESERVED +CVE-2022-32278 (XFCE 4.16 allows attackers to execute arbitrary code because xdg-open ...) + {DSA-5164-1 DLA-3056-1} + - exo 4.16.4-1 (bug #1013129) + NOTE: https://gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f (exo-4.16.4) +CVE-2022-32277 (Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Refer ...) + NOT-FOR-US: Squiz Matrix CMS +CVE-2022-32276 (Grafana 8.4.3 allows unauthenticated access via (for example) a /dashb ...) + - grafana +CVE-2022-32275 (Grafana 8.4.3 allows reading files via (for example) a /dashboard/snap ...) + - grafana +CVE-2022-31472 (Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4. ...) + NOT-FOR-US: Cybozu +CVE-2022-29521 + RESERVED +CVE-2022-29465 (An out-of-bounds write vulnerability exists in the PSD Header processi ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2022-25958 + RESERVED +CVE-2022-1993 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.) + NOT-FOR-US: Go Git Service +CVE-2022-1992 (Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.) + NOT-FOR-US: Go Git Service +CVE-2022-1991 (A vulnerability classified as problematic has been found in Fast Food ...) + NOT-FOR-US: Fast Food Ordering System +CVE-2022-1990 (The Nested Pages WordPress plugin before 3.1.21 does not escape and sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1989 (All CODESYS Visualization versions before V4.2.0.0 generate a login di ...) + NOT-FOR-US: CODESYS Visualization +CVE-2022-1988 (Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/fa ...) + NOT-FOR-US: neorazorx/facturascripts +CVE-2022-32274 (The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to s ...) + NOT-FOR-US: JIRA addon +CVE-2022-32273 (As a result of an observable discrepancy in returned messages, OPSWAT ...) + NOT-FOR-US: OPSWAT MetaDefender Core +CVE-2022-32272 (OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1 ...) + NOT-FOR-US: OPSWAT MetaDefender Core +CVE-2022-32271 (In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code ...) + NOT-FOR-US: Real Player +CVE-2022-32270 (In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows do ...) + NOT-FOR-US: Real Player +CVE-2022-32269 (In Real Player 20.0.8.310, the G2 Control allows injection of unsafe j ...) + NOT-FOR-US: Real Player +CVE-2022-32268 (StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A fl ...) + NOT-FOR-US: StarWind SAN and NAS +CVE-2022-32267 (DMA transactions which are targeted at input buffers used for the SmmR ...) + NOT-FOR-US: Insyde +CVE-2022-32266 (DMA attacks on the parameter buffer used by a software SMI handler use ...) + NOT-FOR-US: Insyde +CVE-2022-32265 (qDecoder before 12.1.0 does not ensure that the percent character is f ...) + NOT-FOR-US: qDecoder +CVE-2022-32264 (sys/netinet/tcp_timer.h in FreeBSD before 7.0 contains a denial-of-ser ...) + NOT-FOR-US: FreeBSD +CVE-2022-32263 (Pexip Infinity before 28.1 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-32262 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32261 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32260 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32259 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32258 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32257 + RESERVED +CVE-2022-32256 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32255 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32254 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32253 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32252 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32251 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-32250 (net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allow ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.18.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/31/1 + NOTE: https://git.kernel.org/linus/520778042ccca019f3ffa136dd0ca565c486cedd + NOTE: Was previously also tracked as CVE-2022-1966 + NOTE: https://github.com/theori-io/CVE-2022-32250-exploit + NOTE: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/ + NOTE: https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/ +CVE-2022-32249 (Under special integration scenario of SAP Business one and SAP HANA - ...) + NOT-FOR-US: SAP +CVE-2022-32248 (Due to missing input validation in the Manage Checkbooks component of ...) + NOT-FOR-US: SAP +CVE-2022-32247 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2022-32246 (SAP Busines Objects Business Intelligence Platform (Visual Difference ...) + NOT-FOR-US: SAP +CVE-2022-32245 (SAP BusinessObjects Business Intelligence Platform (Open Document) - v ...) + NOT-FOR-US: SAP +CVE-2022-32244 (Under certain conditions an attacker authenticated as a CMS administra ...) + NOT-FOR-US: SAP +CVE-2022-32243 (When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) ...) + NOT-FOR-US: SAP +CVE-2022-32242 (When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files r ...) + NOT-FOR-US: SAP +CVE-2022-32241 (When a user opens manipulated Portable Document Format (.pdf, PDFView. ...) + NOT-FOR-US: SAP +CVE-2022-32240 (When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) ...) + NOT-FOR-US: SAP +CVE-2022-32239 (When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files receive ...) + NOT-FOR-US: SAP +CVE-2022-32238 (When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) ...) + NOT-FOR-US: SAP +CVE-2022-32237 (When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCor ...) + NOT-FOR-US: SAP +CVE-2022-32236 (When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files rece ...) + NOT-FOR-US: SAP +CVE-2022-32235 (When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) fil ...) + NOT-FOR-US: SAP +CVE-2022-1987 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + - libmobi 0.11+dfsg-1 + NOTE: https://huntr.dev/bounties/e8197737-7557-443e-a59f-2a86e8dda75f/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/612562bc1ea38f1708b044e7a079c47a05b1291d (v0.11) +CVE-2022-1986 (OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.) + NOT-FOR-US: Go Git Service +CVE-2022-32234 (An out of bounds write in hermes, while handling large arrays, prior t ...) + NOT-FOR-US: Facebook Hermes +CVE-2022-30943 (Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon ...) + NOT-FOR-US: Cybozu +CVE-2022-30602 (Operation restriction bypass in multiple applications of Cybozu Garoon ...) + NOT-FOR-US: Cybozu +CVE-2022-29926 + REJECTED +CVE-2022-29512 (Exposure of sensitive information to an unauthorized actor issue in mu ...) + NOT-FOR-US: Cybozu +CVE-2022-1985 (The Download Manager Plugin for WordPress is vulnerable to reflected C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1984 (This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Des ...) + NOT-FOR-US: HYPR +CVE-2022-1983 (Incorrect authorization in GitLab EE affecting all versions from 10.7 ...) + - gitlab (Specific to EE) +CVE-2022-1982 (Uncontrolled resource consumption in Mattermost version 6.6.0 and earl ...) + - mattermost-server (bug #823556) +CVE-2022-1981 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2022-1980 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...) + NOT-FOR-US: SourceCodester Product Show Room Site +CVE-2022-1979 (A vulnerability was found in SourceCodester Product Show Room Site 1.0 ...) + NOT-FOR-US: SourceCodester Product Show Room Site +CVE-2022-1978 + RESERVED +CVE-2022-1977 (The Import Export All WordPress Images, Users & Post Types WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32230 (Microsoft Windows SMBv3 suffers from a null pointer dereference in ver ...) + NOT-FOR-US: Microsoft +CVE-2022-32229 (A information disclosure vulnerability exists in Rockert.Chat (Only affects Windows) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dll-hijacking-on-windows-high-cve-2022-32223 +CVE-2022-32222 (A cryptographic vulnerability exists on Node.js on linux in versions o ...) + - nodejs (Specific to Node 18 and nodejs-distributed binaries) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#attempt-to-read-openssl-cnf-from-home-iojs-build-upon-startup-medium-cve-2022-32222 + NOTE: https://github.com/nodejs/node/commit/a5fc2deb43f85dc2195a1fe1683b9c2e7443b001 +CVE-2022-32221 (When doing HTTP(S) transfers, libcurl might erroneously use the read c ...) + {DSA-5330-1 DLA-3288-1} + - curl 7.86.0-1 + NOTE: https://curl.se/docs/CVE-2022-32221.html + NOTE: https://github.com/curl/curl/issues/9507 + NOTE: Fixed by: https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9 (curl-7_86_0) +CVE-2022-32220 (An information disclosure vulnerability exists in Rocket.Chat (llhttp dependency/embedding introduced in 12.x) + - llhttp (bug #977716) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-incorrect-parsing-of-multi-line-transfer-encoding-medium-cve-2022-32215 + NOTE: https://hackerone.com/reports/1630667 + NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) + NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#http-request-smuggling-due-to-incorrect-parsing-of-multi-line-transfer-encoding-medium-improper-fix-for-cve-2022-32215 +CVE-2022-32214 (The llhttp parser (llhttp dependency/embedding introduced in 12.x) + - llhttp (bug #977716) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-improper-delimiting-of-header-fields-medium-cve-2022-32214 + NOTE: https://hackerone.com/reports/1630669 + NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) + NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) +CVE-2022-32213 (The llhttp parser (llhttp dependency/embedding introduced in 12.x) + - llhttp (bug #977716) + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#http-request-smuggling-flawed-parsing-of-transfer-encoding-medium-cve-2022-32213 + NOTE: https://hackerone.com/reports/1630668 + NOTE: https://github.com/nodejs/node/commit/da0fda0fe81d372e24c0cb11aec37534985708dd (v14.x) + NOTE: https://github.com/nodejs/node/commit/a9f1146b8827855e342834458a71f2367346ace0 (v14.x) + NOTE: https://github.com/nodejs/node/commit/d9b71f4c241fa31cc2a48331a4fc28c15937875a (main) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/#cve-2022-32213-bypass-via-obs-fold-mechanic-medium-cve-2022-32213 +CVE-2022-32212 (A OS Command Injection vulnerability exists in Node.js versions <14.20 ...) + {DSA-5326-1 DLA-3137-1} + - nodejs 18.6.0+dfsg-3 + NOTE: https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-ip-addresses-high-cve-2022-32212 + NOTE: https://github.com/nodejs/node/commit/48c5aa5cab718d04473fa2761d532657c84b8131 (v14.x) + NOTE: https://github.com/nodejs/node/commit/a1121b456c54b16d980881f821cd700c6a4ca537 (14.20.1) (follow-up) + NOTE: https://github.com/nodejs/node/commit/1aa5036c31ac2a9b2a2528af454675ad412f1464 (main) + NOTE: https://github.com/nodejs/node/commit/b358fb27a4253c6827378a64163448c04301e19c (main) (follow-up) +CVE-2022-32211 (A SQL injection vulnerability exists in Rocket.Chat (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2022-32207.html + NOTE: Introduced by: https://github.com/curl/curl/commit/b834890a3fa3f525cd8ef4e99554cdb4558d7e1b (curl-7_69_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/20f9dd6bae50b7223171b17ba7798946e74f877f (curl-7_84_0) +CVE-2022-32206 (curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ...) + {DSA-5197-1 DLA-3085-1} + - curl 7.84.0-1 + NOTE: https://curl.se/docs/CVE-2022-32206.html + NOTE: Introduced by: https://github.com/curl/curl/commit/dbcced8e32b50c068ac297106f0502ee200a1ebd (curl-7_57_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/3a09fbb7f264c67c438d01a30669ce325aa508e2 (curl-7_84_0) +CVE-2022-32205 (A malicious server can serve excessive amounts of `Set-Cookie:` header ...) + {DSA-5197-1} + - curl 7.84.0-1 + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2022-32205.html + NOTE: Introduced by: https://github.com/curl/curl/commit/ed35d6590e72c23c568af1e3b8ac6e4e2d883888 (curl-7_71_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/48d7064a49148f03942380967da739dcde1cdc24 (curl-7_84_0) +CVE-2022-31734 (Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. co ...) + NOT-FOR-US: Cisco +CVE-2022-1976 (A flaw was found in the Linux kernel\u2019s implementation of IO-URING ...) + - linux 5.18.14-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9cae36a094e7e9d6e5fe8b6dcd4642138b3eb0c7 (5.19-rc1) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/14/2 +CVE-2022-1975 (There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an at ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.17.11-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/2 + NOTE: https://git.kernel.org/linus/4071bf121d59944d5cd2238de0642f3d7995a997 (5.18-rc6) +CVE-2022-1974 (A use-after-free flaw was found in the Linux kernel's NFC core functio ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.17.11-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/05/1 + NOTE: https://git.kernel.org/linus/da5c0f119203ad9728920456a0f52a6d850c01cd (5.18-rc6) +CVE-2022-1973 (A use-after-free flaw was found in the Linux kernel in log_replay in f ...) + - linux 5.18.5-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f26967b9f7a830e228bb13fb41bd516ddd9d789d (5.19-rc1) +CVE-2022-1972 + REJECTED +CVE-2022-32204 + RESERVED +CVE-2022-32203 + RESERVED +CVE-2022-1971 (The NextCellent Gallery WordPress plugin through 1.9.35 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1970 (keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri p ...) + NOT-FOR-US: Keycloak +CVE-2022-1969 (The Mobile browser color select plugin for WordPress is vulnerable to ...) + NOT-FOR-US: Mobile browser color select plugin for WordPress +CVE-2022-1968 (Use After Free in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3053-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/949090e5-f4ea-4edf-bd79-cd98f0498a5b + NOTE: https://github.com/vim/vim/commit/409510c588b1eec1ae33511ae97a21eb8e110895 (v8.2.5050) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1967 (The WP Championship WordPress plugin before 9.3 is lacking CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1966 + REJECTED +CVE-2022-1965 (Multiple products of CODESYS implement a improper error handling. A lo ...) + NOT-FOR-US: CODESYS +CVE-2022-1964 (The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise u ...) + NOT-FOR-US: WordPress plugin +CVE-2022-32202 (In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::Fe ...) + - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/commit/51c3241b6da39df30f016b63f43f31c4011222c7 + NOTE: https://github.com/thorfdbg/libjpeg/issues/74 + NOTE: Crash in CLI tool, no security impact +CVE-2022-32201 (In libjpeg 1.63, there is a NULL pointer dereference in Component::Sub ...) + - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/commit/ea6315164b1649ff932a396b7600eac4bffcfaba + NOTE: https://github.com/thorfdbg/libjpeg/issues/73 + NOTE: Crash in CLI tool, no security impact +CVE-2022-32200 (libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_strin ...) + - dwarfutils (bug #1012515) + [bookworm] - dwarfutils (Minor issue) + [bullseye] - dwarfutils (Minor issue) + [buster] - dwarfutils (Minor issue) + [stretch] - dwarfutils (Minor issue) + NOTE: Fixed by: https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 + NOTE: https://github.com/davea42/libdwarf-code/issues/116 + NOTE: https://www.prevanders.net/dwarfbug.html#DW202205-001 +CVE-2022-32199 (db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrar ...) + NOT-FOR-US: ScriptCase +CVE-2022-32198 + RESERVED +CVE-2022-32197 + RESERVED +CVE-2022-32196 + RESERVED +CVE-2022-32195 (Open edX platform before 2022-06-06 allows XSS via the "next" paramete ...) + NOT-FOR-US: Open edX +CVE-2022-32194 + RESERVED +CVE-2022-32193 (Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Info ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32192 (Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Inform ...) + NOT-FOR-US: Couchbase Server +CVE-2022-32191 + RESERVED +CVE-2022-32190 (JoinPath and URL.JoinPath do not remove ../ path elements appended to ...) + - golang-1.19 1.19.1-1 + - golang-1.18 (Vulnerable code introduced in 1.19) + - golang-1.17 (Vulnerable code introduced in 1.19) + - golang-1.15 (Vulnerable code introduced in 1.19) + - golang-1.11 (Vulnerable code introduced in 1.19) + NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s + NOTE: https://github.com/golang/go/issues/54385 + NOTE: https://github.com/golang/go/commit/28335508913a46e05ef0c04a18e8a1a6beb775ec (go1.19.1) +CVE-2022-32189 (A too-short encoded message can cause a panic in Float.GobDecode and R ...) + - golang-1.19 1.19-1 + - golang-1.18 1.18.5-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53871 + NOTE: https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU + NOTE: https://github.com/golang/go/commit/055113ef364337607e3e72ed7d48df67fde6fc66 (master, go1.19) + NOTE: https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (go1.18.5) + NOTE: https://github.com/golang/go/commit/703c8ab7e5ba75c95553d4e249309297abad7102 (go1.17.13) +CVE-2022-32188 + RESERVED +CVE-2022-32187 + RESERVED +CVE-2022-32186 + RESERVED +CVE-2022-32185 + RESERVED +CVE-2022-32184 + RESERVED +CVE-2022-32183 + RESERVED +CVE-2022-32182 + RESERVED +CVE-2022-32181 + RESERVED +CVE-2022-32180 + RESERVED +CVE-2022-32179 + RESERVED +CVE-2022-32178 + RESERVED +CVE-2022-32177 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable ...) + NOT-FOR-US: Gin-Vue-Admin +CVE-2022-32176 (In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3b are vulnerable to ...) + NOT-FOR-US: Gin-Vue-Admin +CVE-2022-32175 (In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to ...) + NOT-FOR-US: AdGuardHome +CVE-2022-32174 (In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cro ...) + NOT-FOR-US: Go Git Service +CVE-2022-32173 (In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow ...) + NOT-FOR-US: Orchard CMS +CVE-2022-32172 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...) + NOT-FOR-US: ZincSearch +CVE-2022-32171 (In Zinc, versions v0.1.9 through v0.3.1 are vulnerable to Stored Cross ...) + NOT-FOR-US: ZincSearch +CVE-2022-32170 (The \u201cBytebase\u201d application does not restrict low privilege u ...) + NOT-FOR-US: Bytebase +CVE-2022-32169 (The \u201cBytebase\u201d application does not restrict low privilege u ...) + NOT-FOR-US: Bytebase +CVE-2022-32168 (Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking wh ...) + NOT-FOR-US: Notepad++ +CVE-2022-32167 (Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cros ...) + NOT-FOR-US: Cloudreve +CVE-2022-32166 (In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer o ...) + {DLA-3168-1} + - openvswitch 2.13.0+dfsg1-1 + NOTE: https://github.com/openvswitch/ovs/commit/2ed6505555cdcb46f9b1f0329d1491b75290fc73 (v2.12.0) +CVE-2022-32165 + RESERVED +CVE-2022-32164 + RESERVED +CVE-2022-32163 + RESERVED +CVE-2022-32162 + RESERVED +CVE-2022-32161 + RESERVED +CVE-2022-32160 + RESERVED +CVE-2022-32159 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) + NOT-FOR-US: openlibrary +CVE-2022-1963 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-4233 + RESERVED +CVE-2022-32158 (Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2. ...) + NOT-FOR-US: Splunk Enterprise deployment servers +CVE-2022-32157 (Splunk Enterprise deployment servers in versions before 9.0 allow unau ...) + NOT-FOR-US: Splunk Enterprise deployment servers +CVE-2022-32156 (In Splunk Enterprise and Universal Forwarder versions before 9.0, the ...) + NOT-FOR-US: Splunk Enterprise and Universal Forwarder +CVE-2022-32155 (In universal forwarder versions before 9.0, management services are av ...) + NOT-FOR-US: Splunk Enterprise and Universal Forwarder +CVE-2022-32154 (Dashboards in Splunk Enterprise versions before 9.0 might let an attac ...) + NOT-FOR-US: Dashboards in Splunk Enterprise +CVE-2022-32153 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-32152 (Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and S ...) + NOT-FOR-US: Splunk Enterprise +CVE-2022-32151 (The httplib and urllib Python libraries that Splunk shipped with Splun ...) + NOT-FOR-US: Splunk +CVE-2022-32150 + RESERVED +CVE-2022-32149 (An attacker may cause a denial of service by crafting an Accept-Langua ...) + - golang-golang-x-text 0.3.8-1 (bug #1021785) + [bullseye] - golang-golang-x-text (Minor issue) + - golang-x-text + [buster] - golang-x-text (Limited support, minor issue, follow bullseye DSAs/point-releases (renamed package)) + NOTE: https://groups.google.com/g/golang-dev/c/qfPIly0X7aU + NOTE: https://go.dev/issue/56152 + NOTE: https://github.com/golang/text/commit/434eadcdbc3b0256971992e8c70027278364c72c (v0.3.8) +CVE-2022-32148 (Improper exposure of client IP addresses in net/http before Go 1.17.12 ...) + - golang-1.19 1.19~rc1-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://github.com/golang/go/issues/53423 + NOTE: https://github.com/golang/go/commit/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a (go1.19rc1) + NOTE: https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (go1.18.4) + NOTE: https://github.com/golang/go/commit/ed2f33e1a7e0d18f61bd56f7ee067331d612c27e (go1.17.12) +CVE-2022-32147 + RESERVED +CVE-2022-32146 + RESERVED +CVE-2022-32145 (A vulnerability has been identified in Teamcenter Active Workspace V5. ...) + NOT-FOR-US: Siemens +CVE-2022-32144 + RESERVED +CVE-2022-32143 (In multiple CODESYS products, file download and upload function allows ...) + NOT-FOR-US: CODESYS +CVE-2022-32142 (Multiple CODESYS Products are prone to a out-of bounds read or write a ...) + NOT-FOR-US: CODESYS +CVE-2022-32141 (Multiple CODESYS Products are prone to a buffer over read. A low privi ...) + NOT-FOR-US: CODESYS +CVE-2022-32140 (Multiple CODESYS products are affected to a buffer overflow.A low priv ...) + NOT-FOR-US: CODESYS +CVE-2022-32139 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + NOT-FOR-US: CODESYS +CVE-2022-32138 (In multiple CODESYS products, a remote attacker may craft a request wh ...) + NOT-FOR-US: CODESYS +CVE-2022-32137 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + NOT-FOR-US: CODESYS +CVE-2022-32136 (In multiple CODESYS products, a low privileged remote attacker may cra ...) + NOT-FOR-US: CODESYS +CVE-2022-30997 (Use of hard-coded credentials vulnerability exists in STARDOM FCN Cont ...) + NOT-FOR-US: Yokogawa Electric Corporation +CVE-2022-29519 (Cleartext transmission of sensitive information vulnerability exists i ...) + NOT-FOR-US: Yokogawa Electric Corporation +CVE-2022-1962 (Uncontrolled recursion in the Parse functions in go/parser before Go 1 ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53616 + NOTE: https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879 (go1.19rc2) + NOTE: https://github.com/golang/go/commit/0d1615b23f9a558aa0a1957b4c81596220eb8ec4 (go1.18.4) + NOTE: https://github.com/golang/go/commit/ba8788ebcead55e99e631c6a1157ad7b35535d11 (go1.17.12) +CVE-2022-1961 (The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1960 (The MyCSS WordPress plugin through 1.1 does not have CSRF check in pla ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1959 (AppLock version 7.9.29 allows an attacker with physical access to the ...) + NOT-FOR-US: AppLock +CVE-2022-1958 (A vulnerability classified as critical has been found in FileCloud. Af ...) + NOT-FOR-US: FileCloud +CVE-2022-1957 (The Comment License WordPress plugin before 1.4.0 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1956 (The Shortcut Macros WordPress plugin through 1.3 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1955 (Session 1.13.0 allows an attacker with physical access to the victim's ...) + NOT-FOR-US: oxen-io/session-android +CVE-2022-1954 (A Regular Expression Denial of Service vulnerability in GitLab CE/EE a ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1953 (The Product Configurator for WooCommerce WordPress plugin before 1.2.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1952 (The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1951 (The core plugin for kitestudio WordPress plugin before 2.3.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1950 (The Youzify WordPress plugin before 1.2.0 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1949 (An access control bypass vulnerability found in 389-ds-base. That mish ...) + - 389-ds-base 2.3.1-1 (bug #1016446) + [buster] - 389-ds-base (Too intrusive too backport) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2091781 + NOTE: https://github.com/389ds/389-ds-base/issues/5170 + NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/a444d3454bd719ac161c30d638983ab0ff66f1b8 (389-ds-base-2.0.16) + NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/26a994544d77c088cc548ce408fe7b3c33e37f80 (389-ds-base-2.0.16) + NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/00f044f1244a7961636ee16b61e66d884a01c154 (389-ds-base-2.0.16) +CVE-2022-32135 + RESERVED +CVE-2022-32134 + RESERVED +CVE-2022-32133 + RESERVED +CVE-2022-32132 + RESERVED +CVE-2022-32131 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32130 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32129 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32128 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32127 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32126 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32125 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32124 (74cmsSE v3.5.1 was discovered to contain a reflective cross-site scrip ...) + NOT-FOR-US: 74cmsSE +CVE-2022-32123 + RESERVED +CVE-2022-32122 + RESERVED +CVE-2022-32121 + RESERVED +CVE-2022-32120 + RESERVED +CVE-2022-32119 (Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary ...) + NOT-FOR-US: Arox School ERP Pro +CVE-2022-32118 (Arox School ERP Pro v1.0 was discovered to contain a cross-site script ...) + NOT-FOR-US: Arox School ERP Pro +CVE-2022-32117 (Jerryscript v2.4.0 was discovered to contain a stack buffer overflow v ...) + - iotjs (Issue not yet present in bundled jerryscript) +CVE-2022-32116 + RESERVED +CVE-2022-32115 (An issue in the isSVG() function of Known v1.2.2+2020061101 allows att ...) + NOT-FOR-US: Known +CVE-2022-32114 (An unrestricted file upload vulnerability in the Add New Assets functi ...) + NOT-FOR-US: Strapi +CVE-2022-32113 + RESERVED +CVE-2022-32112 + RESERVED +CVE-2022-32111 + RESERVED +CVE-2022-32110 + RESERVED +CVE-2022-32109 + RESERVED +CVE-2022-32108 + RESERVED +CVE-2022-32107 + RESERVED +CVE-2022-32106 + RESERVED +CVE-2022-32105 + RESERVED +CVE-2022-32104 + RESERVED +CVE-2022-32103 + RESERVED +CVE-2022-32102 + RESERVED +CVE-2022-32101 (kkcms v1.3.7 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: kkcms +CVE-2022-32100 + RESERVED +CVE-2022-32099 + RESERVED +CVE-2022-32098 + RESERVED +CVE-2022-32097 + RESERVED +CVE-2022-32096 (Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via ...) + - rhonabwy 1.1.5-1 + [bullseye] - rhonabwy (Minor issue) + NOTE: https://github.com/babelouest/rhonabwy/commit/b4c2923a1ba4fabf9b55a89244127e153a3e549b (1.1.5) +CVE-2022-32095 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-32094 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-32093 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-32092 (D-Link DIR-645 v1.03 was discovered to contain a command injection vul ...) + NOT-FOR-US: D-Link +CVE-2022-32091 (MariaDB v10.7 was discovered to contain an use-after-poison in in __in ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26431 +CVE-2022-32090 + RESERVED +CVE-2022-32089 (MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault ...) + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26410 +CVE-2022-32088 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26419 + NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 +CVE-2022-32087 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26437 + NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 +CVE-2022-32086 (MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26412 + NOTE: Fixed in: 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 +CVE-2022-32085 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26407 + NOTE: Fixed in: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4 +CVE-2022-32084 (MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26427 +CVE-2022-32083 (MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation faul ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-26047 + NOTE: Fixed in: 10.2.44, 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3 +CVE-2022-32082 (MariaDB v10.5 to v10.7 was discovered to contain an assertion failure ...) + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.5 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26433 +CVE-2022-32081 (MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison i ...) + - mariadb-10.6 1:10.6.9-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26420 +CVE-2022-32080 + RESERVED +CVE-2022-32079 + RESERVED +CVE-2022-32078 + RESERVED +CVE-2022-32077 + RESERVED +CVE-2022-32076 + RESERVED +CVE-2022-32075 + RESERVED +CVE-2022-32074 (A stored cross-site scripting (XSS) vulnerability in the component aud ...) + NOT-FOR-US: osTicket-plugins +CVE-2022-32073 (WolfSSH v1.4.7 was discovered to contain an integer overflow via the f ...) + - wolfssh (bug #983449) +CVE-2022-32072 + RESERVED +CVE-2022-32071 + RESERVED +CVE-2022-32070 + RESERVED +CVE-2022-32069 + RESERVED +CVE-2022-32068 + RESERVED +CVE-2022-32067 + RESERVED +CVE-2022-32066 + RESERVED +CVE-2022-32065 (An arbitrary file upload vulnerability in the background management mo ...) + NOT-FOR-US: RuoYi +CVE-2022-32064 + RESERVED +CVE-2022-32063 + RESERVED +CVE-2022-32062 + RESERVED +CVE-2022-32061 (An arbitrary file upload vulnerability in the Select User function und ...) + - snipe-it (bug #1005172) +CVE-2022-32060 (An arbitrary file upload vulnerability in the Update Branding Settings ...) + - snipe-it (bug #1005172) +CVE-2022-32059 + RESERVED +CVE-2022-32058 (An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-W ...) + NOT-FOR-US: TP-Link +CVE-2022-32057 + RESERVED +CVE-2022-32056 (Online Accreditation Management v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: Online Accreditation Management +CVE-2022-32055 (Inout Homestay v2.2 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: Inout Homestay +CVE-2022-32054 (Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to co ...) + NOT-FOR-US: Tenda +CVE-2022-32053 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32052 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32051 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32050 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32049 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32048 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32047 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32046 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32045 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32044 (TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack ...) + NOT-FOR-US: TOTOLINK +CVE-2022-32043 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32042 + RESERVED +CVE-2022-32041 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32040 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32039 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32038 + RESERVED +CVE-2022-32037 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32036 (Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow v ...) + NOT-FOR-US: Tenda +CVE-2022-32035 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32034 (Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the ...) + NOT-FOR-US: Tenda +CVE-2022-32033 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-32032 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-32031 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-32030 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-32029 + RESERVED +CVE-2022-32028 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32027 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32026 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32025 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32024 (Car Rental Management System v1.0 is vulnerable to SQL Injection via c ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32023 + RESERVED +CVE-2022-32022 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32021 (Car Rental Management System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32020 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32019 (Car Rental Management System v1.0 is vulnerable to Arbitrary code exec ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-32018 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32017 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32016 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32015 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32014 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32013 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32012 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32011 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32010 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32009 + RESERVED +CVE-2022-32008 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32007 (Complete Online Job Search System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-32006 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32005 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32004 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32003 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32002 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32001 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-32000 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31999 + RESERVED +CVE-2022-31998 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31997 + RESERVED +CVE-2022-31996 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31995 + RESERVED +CVE-2022-31994 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31993 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31992 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31991 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31990 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31989 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31988 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31987 + RESERVED +CVE-2022-31986 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31985 (Badminton Center Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-31984 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31983 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31982 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31981 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31980 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31979 + RESERVED +CVE-2022-31978 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31977 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31976 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31975 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31974 (Online Fire Reporting System v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31973 (Online Fire Reporting System v1.0 is vulnerable to Delete any file via ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31972 + RESERVED +CVE-2022-31971 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) + NOT-FOR-US: ChatBot App with Suggestion +CVE-2022-31970 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) + NOT-FOR-US: ChatBot App with Suggestion +CVE-2022-31969 (ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /s ...) + NOT-FOR-US: ChatBot App with Suggestion +CVE-2022-31968 + RESERVED +CVE-2022-31967 + RESERVED +CVE-2022-31966 (ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via ...) + NOT-FOR-US: ChatBot App with Suggestion +CVE-2022-31965 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31964 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31963 + RESERVED +CVE-2022-31962 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31961 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31960 + RESERVED +CVE-2022-31959 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31958 + RESERVED +CVE-2022-31957 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31956 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31955 + RESERVED +CVE-2022-31954 + RESERVED +CVE-2022-31953 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31952 (Rescue Dispatch Management System v1.0 is vulnerable to SQL injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31951 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31950 + RESERVED +CVE-2022-31949 + RESERVED +CVE-2022-31948 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31947 + RESERVED +CVE-2022-31946 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31945 (Rescue Dispatch Management System v1.0 is vulnerable to Delete any fil ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31944 + RESERVED +CVE-2022-31943 (MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnera ...) + NOT-FOR-US: MCMS +CVE-2022-31942 + RESERVED +CVE-2022-31941 (Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-31940 + RESERVED +CVE-2022-31939 + RESERVED +CVE-2022-31938 + RESERVED +CVE-2022-31937 (Netgear N300 wireless router wnr2000v4-V1.0.0.70 was discovered to con ...) + NOT-FOR-US: Netgear +CVE-2022-31936 + RESERVED +CVE-2022-31935 + RESERVED +CVE-2022-31934 + RESERVED +CVE-2022-31933 + RESERVED +CVE-2022-31932 + RESERVED +CVE-2022-31931 + RESERVED +CVE-2022-31930 + RESERVED +CVE-2022-31929 + RESERVED +CVE-2022-31928 + RESERVED +CVE-2022-31927 + RESERVED +CVE-2022-31926 + RESERVED +CVE-2022-31925 + RESERVED +CVE-2022-31924 + RESERVED +CVE-2022-31923 + RESERVED +CVE-2022-31922 + RESERVED +CVE-2022-31921 + RESERVED +CVE-2022-31920 + RESERVED +CVE-2022-31919 + RESERVED +CVE-2022-31918 + RESERVED +CVE-2022-31917 + RESERVED +CVE-2022-31916 + RESERVED +CVE-2022-31915 + RESERVED +CVE-2022-31914 (Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Zoo Management System +CVE-2022-31913 (Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scriptin ...) + NOT-FOR-US: Online Discussion Forum Site +CVE-2022-31912 (Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps ...) + NOT-FOR-US: Online Tutor Portal Site +CVE-2022-31911 (Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via / ...) + NOT-FOR-US: Online Discussion Forum Site +CVE-2022-31910 (Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (X ...) + NOT-FOR-US: Online Tutor Portal Site +CVE-2022-31909 + RESERVED +CVE-2022-31908 (Student Registration and Fee Payment System v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Student Registration and Fee Payment System +CVE-2022-31907 + RESERVED +CVE-2022-31906 (Online Fire Reporting System v1.0 is vulnerable to Cross Site Scriptin ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31905 + RESERVED +CVE-2022-31904 (EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to ...) + NOT-FOR-US: EGT-Kommunikationstechnik UG Mediacenter +CVE-2022-31903 + RESERVED +CVE-2022-31902 (Notepad++ v8.4.1 was discovered to contain a stack overflow via the co ...) + NOT-FOR-US: Notepad++ +CVE-2022-31901 (Buffer overflow in function Notepad_plus::addHotSpot in Notepad++ v8.4 ...) + NOT-FOR-US: Notepad++ +CVE-2022-31900 + RESERVED +CVE-2022-31899 + RESERVED +CVE-2022-31898 (gl-inet GL-MT300N-V2 Mango v3.212 and GL-AX1800 Flint v3.214 were disc ...) + NOT-FOR-US: gl-inet GL-MT300N-V2 Mango and GL-AX1800 Flint +CVE-2022-31897 (SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site S ...) + NOT-FOR-US: SourceCodester Zoo Management System +CVE-2022-31896 + RESERVED +CVE-2022-31895 + RESERVED +CVE-2022-31894 + RESERVED +CVE-2022-31893 + RESERVED +CVE-2022-31892 + RESERVED +CVE-2022-31891 + RESERVED +CVE-2022-31890 (SQL Injection vulnerability in audit/class.audit.php in osTicket osTic ...) + NOT-FOR-US: osTicket +CVE-2022-31889 (Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs. ...) + NOT-FOR-US: osTicket +CVE-2022-31888 (Session Fixation vulnerability in in function login in class.auth.php ...) + NOT-FOR-US: osTicket +CVE-2022-31887 (Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability ...) + NOT-FOR-US: Marval MSM +CVE-2022-31886 (Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery ...) + NOT-FOR-US: Marval MSM +CVE-2022-31885 (Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to ...) + NOT-FOR-US: Marval MSM +CVE-2022-31884 (Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability ...) + NOT-FOR-US: Marval MSM +CVE-2022-31883 (Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference ( ...) + NOT-FOR-US: Marval MSM +CVE-2022-31882 + RESERVED +CVE-2022-31881 + RESERVED +CVE-2022-31880 + RESERVED +CVE-2022-31879 (Online Fire Reporting System 1.0 is vulnerable to SQL Injection via th ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31878 + RESERVED +CVE-2022-31877 (An issue in the component MSI.TerminalServer.exe of MSI Center v1.0.41 ...) + NOT-FOR-US: MSI Center +CVE-2022-31876 (netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorr ...) + NOT-FOR-US: Netgear +CVE-2022-31875 (Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnera ...) + NOT-FOR-US: Trendnet +CVE-2022-31874 (ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in ...) + NOT-FOR-US: ASUS +CVE-2022-31873 (Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnera ...) + NOT-FOR-US: Trendnet +CVE-2022-31872 + RESERVED +CVE-2022-31871 + RESERVED +CVE-2022-31870 + RESERVED +CVE-2022-31869 + RESERVED +CVE-2022-31868 + RESERVED +CVE-2022-31867 + RESERVED +CVE-2022-31866 + RESERVED +CVE-2022-31865 + RESERVED +CVE-2022-31864 + RESERVED +CVE-2022-31863 + RESERVED +CVE-2022-31862 + RESERVED +CVE-2022-31861 (Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 ...) + NOT-FOR-US: ThingsBoard IoT Platform +CVE-2022-31860 (An issue was discovered in OpenRemote through 1.0.4 allows attackers t ...) + NOT-FOR-US: OpenRemote +CVE-2022-31859 + RESERVED +CVE-2022-31858 + RESERVED +CVE-2022-31857 + RESERVED +CVE-2022-31856 (Newsletter Module v3.x was discovered to contain a SQL injection vulne ...) + NOT-FOR-US: OpenCart Newsletter Module +CVE-2022-31855 + RESERVED +CVE-2022-31854 (Codoforum v5.1 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: Codoforum +CVE-2022-31853 + RESERVED +CVE-2022-31852 + RESERVED +CVE-2022-31851 + RESERVED +CVE-2022-31850 + RESERVED +CVE-2022-31849 (MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to con ...) + NOT-FOR-US: MERCURY +CVE-2022-31848 + RESERVED +CVE-2022-31847 (A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M ...) + NOT-FOR-US: WAVLINK +CVE-2022-31846 (A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180 ...) + NOT-FOR-US: WAVLINK +CVE-2022-31845 (A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.1 ...) + NOT-FOR-US: WAVLINK +CVE-2022-31844 + RESERVED +CVE-2022-31843 + RESERVED +CVE-2022-31842 + RESERVED +CVE-2022-31841 + RESERVED +CVE-2022-31840 + RESERVED +CVE-2022-31839 + RESERVED +CVE-2022-31838 + RESERVED +CVE-2022-31837 + RESERVED +CVE-2022-31836 (The leafInfo.match() function in Beego v2.0.3 and below uses path.join ...) + NOT-FOR-US: Beego +CVE-2022-31835 + RESERVED +CVE-2022-31834 + RESERVED +CVE-2022-31833 + RESERVED +CVE-2022-31832 + RESERVED +CVE-2022-31831 + RESERVED +CVE-2022-31830 (Kity Minder v1.3.5 was discovered to contain a Server-Side Request For ...) + NOT-FOR-US: Kity Minder +CVE-2022-31829 + RESERVED +CVE-2022-31828 + RESERVED +CVE-2022-31827 (MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forg ...) + NOT-FOR-US: MonstaFTP +CVE-2022-31826 + RESERVED +CVE-2022-31825 + RESERVED +CVE-2022-31824 + RESERVED +CVE-2022-31823 + RESERVED +CVE-2022-31822 + RESERVED +CVE-2022-31821 + RESERVED +CVE-2022-31820 + RESERVED +CVE-2022-31819 + RESERVED +CVE-2022-31818 + RESERVED +CVE-2022-31817 + RESERVED +CVE-2022-31816 + RESERVED +CVE-2022-31815 + RESERVED +CVE-2022-31814 (pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execut ...) + NOT-FOR-US: pfSense +CVE-2022-1948 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab (Vulnerable code introduced later) + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1947 (Use of Incorrect Operator in GitHub repository polonel/trudesk prior t ...) + NOT-FOR-US: Trudesk +CVE-2022-1946 (The Gallery WordPress plugin before 2.0.0 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-31813 (Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* h ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/8 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-31813 + NOTE: https://github.com/apache/httpd/commit/956f708b094698ac9ad570d640d4f30eb0df7305 + NOTE: https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html +CVE-2022-31812 + RESERVED +CVE-2022-31811 + RESERVED +CVE-2022-31810 (A vulnerability has been identified in SiPass integrated (All versions ...) + NOT-FOR-US: SiPass +CVE-2022-31809 + RESERVED +CVE-2022-31808 (A vulnerability has been identified in SiPass integrated AC5102 (ACC-G ...) + NOT-FOR-US: SiPass +CVE-2022-31807 + RESERVED +CVE-2022-31806 (In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2. ...) + NOT-FOR-US: CODESYS +CVE-2022-31805 (In the CODESYS Development System multiple components in multiple vers ...) + NOT-FOR-US: CODESYS +CVE-2022-31804 (The CODESYS Gateway Server V2 does not verifiy that the size of a requ ...) + NOT-FOR-US: CODESYS +CVE-2022-31803 (In CODESYS Gateway Server V2 an insufficient check for the activity of ...) + NOT-FOR-US: CODESYS +CVE-2022-31802 (In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a pa ...) + NOT-FOR-US: CODESYS +CVE-2022-31801 (An unauthenticated, remote attacker could upload malicious logic to th ...) + NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool +CVE-2022-31800 (An unauthenticated, remote attacker could upload malicious logic to de ...) + NOT-FOR-US: ProConOS/ProConOS eCLR SDK and MULTIPROG Engineering tool +CVE-2022-1945 (The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1944 (When the feature is configured, improper authorization in the Interact ...) + [experimental] - gitlab 14.9.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1943 (A flaw out of bounds memory write in the Linux kernel UDF file system ...) + - linux 5.17.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2086412 + NOTE: Fixed by: https://git.kernel.org/linus/c1ad35dd0548ce947d97aaf92f7f2f9a202951cf (5.18-rc7) +CVE-2022-1942 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/67ca4d3b-9175-43c1-925c-72a7091bc071 + NOTE: https://github.com/vim/vim/commit/71223e2db87c2bf3b09aecb46266b56cda26191d (v8.2.5043) +CVE-2022-1941 (A parsing vulnerability for the MessageSet type in the ProtocolBuffers ...) + {DLA-3393-1} + [experimental] - protobuf 3.20.2-1 + - protobuf 3.21.9-3 + [bullseye] - protobuf 3.12.4-1+deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2022/09/27/1 + NOTE: https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf + NOTE: https://github.com/protocolbuffers/protobuf/commit/806d7e4ce6f1fd0545cae226b94cb0249ea495c7 (v3.20.2) + NOTE: https://github.com/protocolbuffers/protobuf/commit/7764c864bd5acdf60230a7b8fd29816170d0d04e (main) +CVE-2022-1940 (A Stored Cross-Site Scripting vulnerability in Jira integration in Git ...) + - gitlab (Vulnerable code introduced later) + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1939 (The Allow svg files WordPress plugin before 1.1 does not properly vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1938 (The Awin Data Feed WordPress plugin before 1.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1937 (The Awin Data Feed WordPress plugin before 1.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-XXXX [Sanitizing and other XSS protections] + - spip 4.1.2+dfsg-1 + [bullseye] - spip 3.2.11-3+deb11u4 + [buster] - spip 3.2.4-1+deb10u8 + NOTE: https://git.spip.net/spip/spip/commit/3b99287c9e1f7b9aee4c7e22b2a233fde5becd86 + NOTE: https://git.spip.net/spip/spip/commit/edb6a01c6dd2420ed5e125385252d37b86f93d68 + NOTE: https://git.spip.net/spip-team/securite/issues/3597 (not public) + NOTE: https://git.spip.net/spip/spip/commit/b28e1f9a39dd54e0f0bbfe3b211160e71d2562b7 + NOTE: https://git.spip.net/spip-team/securite/issues/3602 (not public) + NOTE: https://git.spip.net/spip/spip/commit/772a4baeda4eed24cbe8953fa60e7c7dcd6859a2 + NOTE: https://git.spip.net/spip-team/securite/issues/3698 (not public) + NOTE: https://git.spip.net/spip/spip/commit/e9a03a38d5ee606b79d795f8e28c29d4eb74838e + NOTE: https://git.spip.net/spip-team/securite/issues/3702 (not public) + NOTE: https://git.spip.net/spip/spip/commit/d99890f66906ab52aa18f9df6109e694192bc54e + NOTE: https://git.spip.net/spip-team/securite/issues/3703 (not public) + NOTE: https://git.spip.net/spip/spip/commit/97845aa30aa8d845d88b86715eab53b1de5e9c6d + NOTE: https://git.spip.net/spip-team/securite/issues/3728 (not public) + NOTE: https://git.spip.net/spip/spip/commit/754677579b34a1705a83b8d2674baaba17472b4d + NOTE: https://git.spip.net/spip/spip/commit/871777b0f56ce92c26fde3a3a53c625eb68dcff6 + NOTE: https://git.spip.net/spip-team/securite/issues/4494 (not public) + NOTE: https://git.spip.net/spip/spip/commit/901f583021938d4b1b1632cc8ec51950a1f3e988 + NOTE: https://git.spip.net/spip/spip/commit/ac67fc5be53e2e085c0599144a217b440dd72fa1 + NOTE: https://git.spip.net/spip/spip/commit/2ce34e62ebe457d06339d5b3cb92852d1d80635c + NOTE: https://git.spip.net/spip/spip/commit/8283532c94dac9f08c1fd250b433491d3fe22c84 + NOTE: https://git.spip.net/spip-team/securite/issues/3733 (not public) + NOTE: https://git.spip.net/spip/svp/commit/bf0ff95ac535f1aa53e6a946ea739fd71106f182 + NOTE: https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-1-2-SPIP-4-0-7-SPIP-3-2.html?lang=fr +CVE-2022-31798 (Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /car ...) + NOT-FOR-US: Nortek Linear eMerge E3-Series devices +CVE-2022-31797 + RESERVED +CVE-2022-1936 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) + [experimental] - gitlab 14.9.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1935 (Incorrect authorization in GitLab EE affecting all versions from 12.0 ...) + [experimental] - gitlab 14.9.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1934 (Use After Free in GitHub repository mruby/mruby prior to 3.2.) + - mruby (Vulnerable code introduced after 3.0) + NOTE: https://huntr.dev/bounties/99e6df06-b9f7-4c53-a722-6bb89fbfb51f/ + NOTE: https://github.com/mruby/mruby/commit/aa7f98dedb68d735a1665d3a289036c88b0c47ce +CVE-2022-31796 (libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRe ...) + - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/71 + NOTE: https://github.com/thorfdbg/libjpeg/commit/187035b9726710b4fe11d565c7808975c930895d + NOTE: Crash in CLI tool, no security impact +CVE-2022-31795 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...) + NOT-FOR-US: Fujitsu +CVE-2022-31794 (An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control ...) + NOT-FOR-US: Fujitsu +CVE-2022-1933 (The CDI WordPress plugin before 5.1.9 does not sanitise and escape a p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1932 (The Rezgo Online Booking WordPress plugin before 4.1.8 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-31799 (Bottle before 0.12.20 mishandles errors during early request binding.) + {DSA-5159-1 DLA-3048-1} + - python-bottle 0.12.20-1 + NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/e140e1b54da721a660f2eb9d58a106b7b3ff2f00 (0.12.20) +CVE-2022-1931 (Incorrect Synchronization in GitHub repository polonel/trudesk prior t ...) + NOT-FOR-US: Trudesk +CVE-2022-1930 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: ethereum/eth-account +CVE-2022-1929 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: devcert Nodejs module +CVE-2022-1928 (Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gite ...) + - gitea +CVE-2022-1927 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/945107ef-0b27-41c7-a03c-db99def0e777 + NOTE: https://github.com/vim/vim/commit/4d97a565ae8be0d4debba04ebd2ac3e75a0c8010 (v8.2.5037) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1926 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) + NOT-FOR-US: Trudesk +CVE-2022-31793 (do_request in request.c in muhttpd before 1.1.7 allows remote attacker ...) + NOT-FOR-US: Arris +CVE-2022-31792 (A stored cross-site scripting (XSS) vulnerability exists in the manage ...) + NOT-FOR-US: WatchGuard Firebox and XTM appliances +CVE-2022-31791 (WatchGuard Firebox and XTM appliances allow a local attacker (that has ...) + NOT-FOR-US: WatchGuard Firebox and XTM appliances +CVE-2022-31790 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...) + NOT-FOR-US: WatchGuard Firebox and XTM appliances +CVE-2022-31789 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...) + NOT-FOR-US: WatchGuard Firebox and XTM appliances +CVE-2022-31788 (IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccess ...) + NOT-FOR-US: IdeaLMS +CVE-2022-31787 (IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO) + NOT-FOR-US: IdeaLMS +CVE-2022-31786 (IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaL ...) + NOT-FOR-US: IdeaLMS +CVE-2022-31785 + RESERVED +CVE-2022-31784 (A vulnerability in the management interface of MiVoice Business throug ...) + NOT-FOR-US: Mitel +CVE-2022-31783 (Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTr ...) + - liblouis 3.22.0-1 (bug #1011984) + [bullseye] - liblouis (Minor issue) + [buster] - liblouis (Minor issue) + NOTE: https://github.com/liblouis/liblouis/issues/1214 + NOTE: https://github.com/liblouis/liblouis/commit/2e4772befb2b1c37cb4b9d6572945115ee28630a (v3.22.0) +CVE-2022-31782 (ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based bu ...) + - freetype 2.12.1+dfsg-3 (unimportant) + NOTE: https://gitlab.freedesktop.org/freetype/freetype-demos/-/issues/8 + NOTE: Only impact the ftbench in freetype2-demos +CVE-2022-31781 (Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expressio ...) + NOT-FOR-US: Apache Tapestry +CVE-2022-31780 (Improper Input Validation vulnerability in HTTP/2 frame handling of Ap ...) + {DSA-5206-1 DLA-3279-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2022-31779 (Improper Input Validation vulnerability in HTTP/2 header parsing of Ap ...) + {DSA-5206-1 DLA-3385-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2022-31778 (Improper Input Validation vulnerability in handling the Transfer-Encod ...) + {DSA-5206-1 DLA-3385-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2022-31777 (A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2. ...) + - apache-spark (bug #802194) +CVE-2022-31776 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-31775 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-31774 (IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-31773 (IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2022-31772 (IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow ...) + NOT-FOR-US: IBM +CVE-2022-31771 + RESERVED +CVE-2022-31770 (IBM App Connect Enterprise Certified Container 4.2 could allow a user ...) + NOT-FOR-US: IBM +CVE-2022-31769 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow ...) + NOT-FOR-US: IBM +CVE-2022-31768 (IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. ...) + NOT-FOR-US: IBM +CVE-2022-31767 (IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker t ...) + NOT-FOR-US: IBM +CVE-2022-31766 (A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (Al ...) + NOT-FOR-US: Siemens +CVE-2022-31765 (Affected devices do not properly authorize the change password functio ...) + NOT-FOR-US: Siemens +CVE-2022-31764 + RESERVED + NOT-FOR-US: Apache ShardingSphere ElasticJob-UI +CVE-2022-1925 (DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decom ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) +CVE-2022-1924 (DOS / potential heap overwrite in mkv demuxing using lzo decompression ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) +CVE-2022-1923 (DOS / potential heap overwrite in mkv demuxing using bzip decompressio ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) +CVE-2022-1922 (DOS / potential heap overwrite in mkv demuxing using zlib decompressio ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1225 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ad6012159acf18c6b5c0f4edf037e8c9a2dbc966 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/fafb028196c78062892261d4e042e646ef8e518b (1.20.3) +CVE-2022-1921 (Integer overflow in avidemux element in gst_avi_demux_invert function ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0001.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1224 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/f503caad676971933dc0b52c4b313e5ef0d6dbb0 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0d9ce6c9412006c7bf2aefd1992e7d6ba16e93b7 (1.20.3) +CVE-2022-1920 (Integer overflow in matroskademux element in gst_matroska_demux_add_wv ...) + {DSA-5204-1 DLA-3069-1} + - gst-plugins-good1.0 1.20.3-1 + NOTE: https://gstreamer.freedesktop.org/security/sa-2022-0004.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/1226 + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/cf887f1b8e228bff6e19829e6d03995d70ad739d + NOTE: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/0df0dd7fe388174e4835eda4526b47f470a56370 (1.20.3) +CVE-2022-1919 (Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allow ...) + - firefox 101.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-1919 +CVE-2022-1918 (The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site ...) + NOT-FOR-US: ToolBar to Share plugin for WordPress +CVE-2022-1917 + RESERVED +CVE-2022-1916 (The Active Products Tables for WooCommerce. Professional products tabl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1915 (The WP Zillow Review Slider WordPress plugin before 2.4 does not escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1914 (The Clean-Contact WordPress plugin through 1.6 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1913 (The Add Post URL WordPress plugin through 2.1.0 does not have CSRF che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1912 (The Button Widget Smartsoft plugin for WordPress is vulnerable to Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1911 (Error in parser function in M-Files Server versions before 22.6.11534. ...) + NOT-FOR-US: M-Files Server +CVE-2022-1910 (The Shortcodes and extra features for Phlox WordPress plugin before 2. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1909 (Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organ ...) + NOT-FOR-US: organizr +CVE-2022-1908 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + - libmobi 0.11+dfsg-1 (bug #1011971) + NOTE: https://huntr.dev/bounties/a7436e88-0488-4bd4-816f-2e2c803e93e8 + NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11) +CVE-2022-1907 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + - libmobi 0.11+dfsg-1 (bug #1011971) + NOTE: https://huntr.dev/bounties/4eb0fa3e-4480-4fb5-8ec0-fbcd71de6012 + NOTE: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba (v0.11) +CVE-2022-1906 (The Copyright Proof WordPress plugin through 4.16 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1905 (The Events Made Easy WordPress plugin before 2.2.81 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1904 (The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1903 (The ARMember WordPress plugin before 3.4.8 is vulnerable to account ta ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36528 (A vulnerability, which was classified as critical, was found in Platin ...) + NOT-FOR-US: Platinum Mobile +CVE-2022-31763 (The kernel module has the null pointer and out-of-bounds array vulnera ...) + NOT-FOR-US: Huawei +CVE-2022-31762 (The AMS module has a vulnerability in input validation. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2022-31761 (Configuration defects in the secure OS module. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2022-31760 (Dialog boxes can still be displayed even if the screen is locked in ca ...) + NOT-FOR-US: Huawei +CVE-2022-31759 (AppLink has a vulnerability of accessing uninitialized pointers. Succe ...) + NOT-FOR-US: Huawei +CVE-2022-31758 (The kernel module has the race condition vulnerability. Successful exp ...) + NOT-FOR-US: Huawei +CVE-2022-31757 (The setting module has a vulnerability of improper use of APIs. Succes ...) + NOT-FOR-US: Huawei +CVE-2022-31756 (The fingerprint sensor module has design defects. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2022-31755 (The communication module has a vulnerability of improper permission pr ...) + NOT-FOR-US: Huawei +CVE-2022-31754 (Logical defects in code implementation in some products. Successful ex ...) + NOT-FOR-US: Huawei +CVE-2022-31753 (The voice wakeup module has a vulnerability of using externally-contro ...) + NOT-FOR-US: Huawei +CVE-2022-31752 (Missing authorization vulnerability in the system components. Successf ...) + NOT-FOR-US: Huawei +CVE-2022-31751 (The kernel emcom module has multi-thread contention. Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2022-31750 + RESERVED +CVE-2022-1902 (A flaw was found in the Red Hat Advanced Cluster Security for Kubernet ...) + NOT-FOR-US: StackRox Kubernetes Security Platform +CVE-2022-1901 (In affected versions of Octopus Deploy it is possible to unmask sensit ...) + NOT-FOR-US: Octopus Deploy +CVE-2022-1900 (The Copify plugin for WordPress is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: Copify plugin for WordPress +CVE-2021-46815 + REJECTED +CVE-2021-46814 (The video framework has an out-of-bounds memory read/write vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2021-46813 (Vulnerability of residual files not being deleted after an update in t ...) + NOT-FOR-US: Huawei +CVE-2021-46812 (The Device Manager has a vulnerability in multi-device interaction. Su ...) + NOT-FOR-US: Huawei +CVE-2021-46811 (HwSEServiceAPP has a vulnerability in permission management. Successfu ...) + NOT-FOR-US: Huawei +CVE-2020-36527 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Atlassian +CVE-2020-36526 (A vulnerability classified as problematic was found in Countdown Timer ...) + NOT-FOR-US: Atlassian +CVE-2020-36525 (A vulnerability classified as problematic has been found in Linking. T ...) + NOT-FOR-US: Linking +CVE-2020-36524 (A vulnerability was found in Refined Toolkit. It has been rated as pro ...) + NOT-FOR-US: Atlassian +CVE-2020-36523 (A vulnerability was found in PlantUML 6.43. It has been declared as pr ...) + NOT-FOR-US: Atlassian PlantUML plugin +CVE-2022-31749 + RESERVED +CVE-2022-31748 (Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon ...) + - firefox 101.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31748 +CVE-2022-31747 (Mozilla developers Andrew McCreight, Nicolas B. Pierron, and the Mozil ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31747 +CVE-2022-31746 (Internal URLs are protected by a secret UUID key, which could have bee ...) + - firefox (Specific to Firefox on iOS) + NOTE: https://www.mozilla.org/security/advisories/mfsa2022-27/ +CVE-2022-31745 (If array shift operations are not used, the Garbage Collector may have ...) + - firefox 101.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31745 +CVE-2022-31744 (An attacker could have injected CSS into stylesheets accessible via in ...) + {DSA-5175-1 DSA-5172-1 DLA-3064-1} + - firefox 101.0-1 + - firefox-esr 91.11.0esr-1 + - thunderbird 1:91.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-25/#CVE-2022-31744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-26/#CVE-2022-31744 +CVE-2022-31743 (Firefox's HTML parser did not correctly interpret HTML comment tags, r ...) + - firefox 101.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31743 +CVE-2022-31742 (An attacker could have exploited a timing attack by sending a large nu ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31742 +CVE-2022-31741 (A crafted CMS message could have been processed incorrectly, leading t ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31741 +CVE-2022-31740 (On arm64, WASM code could have resulted in incorrect assembly generati ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31740 +CVE-2022-31739 (When downloading files on Windows, the % character was not escaped, wh ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31739 +CVE-2022-31738 (When exiting fullscreen mode, an iframe could have confused the browse ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31738 +CVE-2022-31737 (A malicious webpage could have caused an out-of-bounds write in WebGL, ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31737 +CVE-2022-31736 (A malicious website could have learned the size of a cross-origin reso ...) + {DSA-5158-1 DSA-5156-1 DLA-3041-1 DLA-3040-1} + - firefox 101.0-1 + - firefox-esr 91.10.0esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-20/#CVE-2022-31736 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-21/#CVE-2022-31736 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-31736 +CVE-2022-1899 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/8a3dc5cb-08b3-4807-82b2-77f08c137a04 + NOTE: https://github.com/radareorg/radare2/commit/193f4fe01d7f626e2ea937450f2e0c4604420e9d +CVE-2022-1898 (Use After Free in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3053-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/45aad635-c2f1-47ca-a4f9-db5b25979cea + NOTE: https://github.com/vim/vim/commit/e2fa213cf571041dbd04ab0329303ffdc980678a (v8.2.5024) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1897 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/82c12151-c283-40cf-aa05-2e39efa89118 + NOTE: https://github.com/vim/vim/commit/338f1fc0ee3ca929387448fe464579d6113fa76a (v8.2.5023) +CVE-2022-1896 (The underConstruction WordPress plugin before 1.21 does not sanitise o ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1895 (The underConstruction WordPress plugin before 1.20 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1894 (The Popup Builder WordPress plugin before 4.1.11 does not escape and s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4232 (A vulnerability classified as problematic has been found in Zoo Manage ...) + NOT-FOR-US: Zoo Management System +CVE-2022-31733 (Starting with diego-release 2.55.0 and up to 2.69.0, and starting with ...) + NOT-FOR-US: diego-release +CVE-2022-31732 + RESERVED +CVE-2022-31731 + RESERVED +CVE-2022-31730 + RESERVED +CVE-2022-31729 + RESERVED +CVE-2022-31728 + RESERVED +CVE-2022-31727 + RESERVED +CVE-2022-31726 + RESERVED +CVE-2022-31725 + RESERVED +CVE-2022-31724 + RESERVED +CVE-2022-31723 + RESERVED +CVE-2022-31722 + RESERVED +CVE-2022-31721 + RESERVED +CVE-2022-31720 + RESERVED +CVE-2022-31719 + RESERVED +CVE-2022-31718 + RESERVED +CVE-2022-31717 + RESERVED +CVE-2022-31716 + RESERVED +CVE-2022-31715 + RESERVED +CVE-2022-31714 + RESERVED +CVE-2022-31713 + RESERVED +CVE-2022-31712 + RESERVED +CVE-2022-31711 (VMware vRealize Log Insight contains an Information Disclosure Vulnera ...) + NOT-FOR-US: VMware +CVE-2022-31710 (vRealize Log Insight contains a deserialization vulnerability. An unau ...) + NOT-FOR-US: VMware +CVE-2022-31709 + RESERVED +CVE-2022-31708 (vRealize Operations (vROps) contains a broken access control vulnerabi ...) + NOT-FOR-US: VMware +CVE-2022-31707 (vRealize Operations (vROps) contains a privilege escalation vulnerabil ...) + NOT-FOR-US: VMware +CVE-2022-31706 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...) + NOT-FOR-US: VMware +CVE-2022-31705 (VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds writ ...) + NOT-FOR-US: VMware +CVE-2022-31704 (The vRealize Log Insight contains a broken access control vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2022-31703 (The vRealize Log Insight contains a Directory Traversal Vulnerability. ...) + NOT-FOR-US: VMware +CVE-2022-31702 (vRealize Network Insight (vRNI) contains a command injection vulnerabi ...) + NOT-FOR-US: VMware +CVE-2022-31701 (VMware Workspace ONE Access and Identity Manager contain a broken auth ...) + NOT-FOR-US: VMware +CVE-2022-31700 (VMware Workspace ONE Access and Identity Manager contain an authentica ...) + NOT-FOR-US: VMware +CVE-2022-31699 (VMware ESXi contains a heap-overflow vulnerability. A malicious local ...) + NOT-FOR-US: VMware +CVE-2022-31698 (The vCenter Server contains a denial-of-service vulnerability in the c ...) + NOT-FOR-US: VMware +CVE-2022-31697 (The vCenter Server contains an information disclosure vulnerability du ...) + NOT-FOR-US: VMware +CVE-2022-31696 (VMware ESXi contains a memory corruption vulnerability that exists in ...) + NOT-FOR-US: VMware +CVE-2022-31695 + RESERVED +CVE-2022-31694 (InstallBuilder Qt installers built with versions previous to 22.10 try ...) + NOT-FOR-US: InstallBuilder Qt installers +CVE-2022-31693 (VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) c ...) + NOT-FOR-US: VMware +CVE-2022-31692 (Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 co ...) + - libspring-security-2.0-java +CVE-2022-31691 (Spring Tools 4 for Eclipse version 4.16.0 and below as well as VSCode ...) + NOT-FOR-US: Spring Tools 4 for Eclipse +CVE-2022-31690 (Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, ...) + - libspring-security-2.0-java +CVE-2022-31689 (VMware Workspace ONE Assist prior to 22.10 contains a Session fixation ...) + NOT-FOR-US: VMware +CVE-2022-31688 (VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross- ...) + NOT-FOR-US: VMware +CVE-2022-31687 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Co ...) + NOT-FOR-US: VMware +CVE-2022-31686 (VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentic ...) + NOT-FOR-US: VMware +CVE-2022-31685 (VMware Workspace ONE Assist prior to 22.10 contains an Authentication ...) + NOT-FOR-US: VMware +CVE-2022-31684 (Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log reques ...) + NOT-FOR-US: Reactor Netty, different from src:netty +CVE-2022-31683 (Concourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an ...) + NOT-FOR-US: VMware +CVE-2022-31682 (VMware Aria Operations contains an arbitrary file read vulnerability. ...) + NOT-FOR-US: VMware +CVE-2022-31681 (VMware ESXi contains a null-pointer deference vulnerability. A malicio ...) + NOT-FOR-US: VMware +CVE-2022-31680 (The vCenter Server contains an unsafe deserialisation vulnerability in ...) + NOT-FOR-US: VMware +CVE-2022-31679 (Applications that allow HTTP PATCH access to resources exposed by Spri ...) + NOT-FOR-US: VMware +CVE-2022-31678 (VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) ...) + NOT-FOR-US: VMware +CVE-2022-31677 (An Insufficient Session Expiration issue was discovered in the Pinnipe ...) + NOT-FOR-US: Pinniped Supervisor +CVE-2022-31676 (VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege es ...) + {DSA-5215-1 DLA-3081-1} + - open-vm-tools 2:12.1.0-1 (bug #1018012) + NOTE: Fixed by: https://github.com/vmware/open-vm-tools/commit/70a74758bfe0042c27f15ce590fb21a2bc54d745 (stable-12.1.0) + NOTE: https://github.com/vmware/open-vm-tools/blob/CVE-2022-31676.patch/1205-Properly-check-authorization-on-incoming-guestOps-re.patch + NOTE: https://www.vmware.com/security/advisories/VMSA-2022-0024.html +CVE-2022-31675 (VMware vRealize Operations contains an authentication bypass vulnerabi ...) + NOT-FOR-US: VMware +CVE-2022-31674 (VMware vRealize Operations contains an information disclosure vulnerab ...) + NOT-FOR-US: VMware +CVE-2022-31673 (VMware vRealize Operations contains an information disclosure vulnerab ...) + NOT-FOR-US: VMware +CVE-2022-31672 (VMware vRealize Operations contains a privilege escalation vulnerabili ...) + NOT-FOR-US: VMware +CVE-2022-31671 + RESERVED +CVE-2022-31670 + RESERVED +CVE-2022-31669 + RESERVED +CVE-2022-31668 + RESERVED +CVE-2022-31667 + RESERVED +CVE-2022-31666 + RESERVED +CVE-2022-31665 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31664 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31663 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31662 (VMware Workspace ONE Access, Identity Manager, Connectors and vRealize ...) + NOT-FOR-US: VMware +CVE-2022-31661 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31660 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31659 (VMware Workspace ONE Access and Identity Manager contain a remote code ...) + NOT-FOR-US: VMware +CVE-2022-31658 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31657 (VMware Workspace ONE Access and Identity Manager contain a URL injecti ...) + NOT-FOR-US: VMware +CVE-2022-31656 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-31655 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...) + NOT-FOR-US: VMware +CVE-2022-31654 (VMware vRealize Log Insight in versions prior to 8.8.2 contain a store ...) + NOT-FOR-US: VMware +CVE-2022-31653 + RESERVED +CVE-2022-31652 + RESERVED +CVE-2022-31651 (In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.1 (bug #1012516) + NOTE: https://sourceforge.net/p/sox/bugs/360/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2022-31650 (In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwri ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.1 (bug #1012516) + NOTE: https://sourceforge.net/p/sox/bugs/360/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2022-31649 (ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Inf ...) + - owncloud +CVE-2022-31648 (Talend Administration Center is vulnerable to a reflected Cross-Site S ...) + NOT-FOR-US: Talend Administration Center +CVE-2022-31647 (Docker Desktop before 4.6.0 on Windows allows attackers to delete any ...) + NOT-FOR-US: Docker Desktop +CVE-2022-31646 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31645 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31644 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31643 (A potential security vulnerability has been identified in the system B ...) + NOT-FOR-US: HP +CVE-2022-31642 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31641 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31640 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-31639 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-31638 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-31637 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-31636 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-31635 (Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-31634 + RESERVED +CVE-2022-31633 + RESERVED +CVE-2022-31632 + RESERVED +CVE-2022-31631 + RESERVED + {DSA-5363-1 DLA-3345-1} + - php8.2 8.2.1-1 + - php8.1 + - php7.4 + - php7.3 + NOTE: Fixed in 8.0.27, 8.1.14, 8.2.1 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81740 + NOTE: Fixed by: https://github.com/php/php-src/commit/921b6813da3237a83e908998483f46ae3d8bacba (php-8.0.27) + NOTE: Improvement: https://github.com/php/php-src/commit/a6a80eefe0413c91acd922bc58590a4db7979af0 +CVE-2022-31630 (In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imagelo ...) + {DSA-5277-1} + - php8.1 8.1.12-1 + - php7.4 + - php7.3 (Vulnerable code introduced later) + NOTE: Fixed in 8.1.12, 8.0.25, 7.4.33 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81739 + NOTE: Introduced by: https://github.com/php/php-src/commit/88b603768f8e5074ad5cbdccc1e0779089fac9d0 (php-7.4.0alpha2) + NOTE: Fixed by: https://github.com/php/php-src/commit/ac45ce85c8750a6fb9745093180674d029acc5bd (PHP-8.1.12) +CVE-2022-31629 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability en ...) + {DSA-5277-1 DLA-3243-1} + - php8.1 8.1.12-1 (bug #1021138) + - php7.4 + - php7.3 + NOTE: Fixed in 8.1.11, 7.4.32 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81727 + NOTE: https://github.com/php/php-src/commit/0611be4e82887cee0de6c4cbae320d34eec946ca +CVE-2022-31628 (In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompresso ...) + {DSA-5277-1 DLA-3243-1} + - php8.1 8.1.12-1 (bug #1021138) + - php7.4 + - php7.3 + NOTE: Fixed in 8.1.11, 7.4.32 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81726 + NOTE: https://github.com/php/php-src/commit/404e8bdb68350931176a5bdc86fc417b34fb583d + NOTE: https://github.com/php/php-src/commit/432bf196d59bcb661fcf9cb7029cea9b43f490af +CVE-2022-31627 (In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as fi ...) + - php8.1 8.1.12-1 (bug #1016972) + - php7.4 (Only affects 8.1 and later) + - php7.3 (Only affects 8.1 and later) + NOTE: Fixed in 8.1.8 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81723 + NOTE: https://github.com/php/php-src/commit/ca6d511fa54b34d5b75bf120a86482a1b9e1e686 +CVE-2022-31626 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) + {DSA-5179-1 DLA-3243-1} + - php8.1 8.1.7-1 (bug #1014533) + - php7.4 + - php7.3 + - php7.0 + [stretch] - php7.0 (Minor issue; can be fixed in next update) + NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81719 + NOTE: https://github.com/php/php-src/commit/58006537fc5f133ae8549efe5118cde418b3ace9 (php-7.4.30) +CVE-2022-31625 (In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x belo ...) + {DSA-5179-1 DLA-3243-1} + - php8.1 8.1.7-1 (bug #1014533) + - php7.4 + - php7.3 + - php7.0 + [stretch] - php7.0 (Minor issue; can be fixed in next update) + NOTE: Fixed in 7.4.30, 8.0.20, 8.1.7 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=81720 + NOTE: https://github.com/php/php-src/commit/55f6895f4b4c677272fd4ee1113acdbd99c4b5ab (php-7.4.30) +CVE-2022-31624 (MariaDB Server before 10.7 is vulnerable to Denial of Service. While e ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26556 + NOTE: https://github.com/MariaDB/server/commit/d627d00b13ab2f2c0954ea7b77202470cb102944 (mariadb-10.2.41) +CVE-2022-31623 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) + - mariadb-10.6 1:10.6.6-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + - mariadb-10.1 + NOTE: https://github.com/MariaDB/server/pull/1938 + NOTE: https://github.com/MariaDB/server/commit/7c30bc38a588b22b01f11130cfe99e7f36accf94 (mariadb-10.2.42) +CVE-2022-31622 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) + - mariadb-10.6 1:10.6.6-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26561 + NOTE: https://github.com/MariaDB/server/commit/e1eb39a446c30b8459c39fd7f2ee1c55a36e97d2 (mariadb-10.2.42) +CVE-2022-31621 (MariaDB Server before 10.7 is vulnerable to Denial of Service. In extr ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26574 + NOTE: https://github.com/MariaDB/server/commit/b1351c15946349f9daa7e5297fb2ac6f3139e4a8 (mariadb-10.2.41) +CVE-2022-31620 (In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an ...) + - libjpeg 0.0~git20220615.842c7ba-1 (unimportant) + NOTE: https://github.com/thorfdbg/libjpeg/issues/70 + NOTE: https://github.com/thorfdbg/libjpeg/commit/ef4a29a62ab48b8dc235f4af52cfd6319eda9a6a + NOTE: Crash in CLI tool, no security impact +CVE-2022-30533 (Cross-site scripting vulnerability in Modern Events Calendar Lite vers ...) + NOT-FOR-US: Modern Events Calendar Lite +CVE-2022-1893 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + NOT-FOR-US: Trudesk +CVE-2022-1892 (A buffer overflow in the SystemBootManagerDxe driver in some Lenovo No ...) + NOT-FOR-US: Lenovo +CVE-2022-1891 (A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo No ...) + NOT-FOR-US: Lenovo +CVE-2022-1890 (A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook p ...) + NOT-FOR-US: Lenovo +CVE-2022-1889 (The Newsletter WordPress plugin before 7.4.6 does not escape and sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1888 (Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer ...) + NOT-FOR-US: Fuji Electric +CVE-2021-4231 (A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It ha ...) + NOT-FOR-US: angular/angular - replacement for deprecated angularjs + NOTE: AngularJS upstream support has officially ended as of January 2022 +CVE-2022-31619 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-1887 (The search term could have been specified externally to trigger SQL in ...) + - firefox (Only affects Firefox for iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-23/#CVE-2022-1887 +CVE-2022-1886 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/fa0ad526-b608-45b3-9ebc-f2b607834d6a + NOTE: https://github.com/vim/vim/commit/2a585c85013be22f59f184d49612074fd9b115d7 (v8.2.5016) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1885 (The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1884 + RESERVED +CVE-2022-1883 (SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2. ...) + NOT-FOR-US: camptocamp/terraboard +CVE-2022-1882 (A use-after-free flaw was found in the Linux kernel\u2019s pipes funct ...) + - linux 5.18.16-1 (unimportant) + [bullseye] - linux 5.10.136-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2089701 + NOTE: https://lore.kernel.org/lkml/20220507115605.96775-1-tcs.kernel@gmail.com/T/ + NOTE: https://ssd-disclosure.com/ssd-advisory-linux-config_watch_queue-lpe/ + NOTE: CONFIG_WATCH_QUEUE is not enabled in Debian builds +CVE-2022-27176 (Incomplete filtering of special elements vulnerability exists in RevoW ...) + NOT-FOR-US: RevoWorks +CVE-2022-1881 (In affected versions of Octopus Server an Insecure Direct Object Refer ...) + NOT-FOR-US: Octopus Server +CVE-2022-1880 + RESERVED +CVE-2022-1879 + RESERVED +CVE-2022-1878 + RESERVED +CVE-2022-1877 + RESERVED +CVE-2022-31618 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2022-31617 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31616 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31615 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1016615) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 (bug #1016617) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) +CVE-2022-31614 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2022-31613 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31612 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31611 (NVIDIA GeForce Experience contains an uncontrolled search path vulnera ...) + NOT-FOR-US: NVIDIA +CVE-2022-31610 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31609 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA +CVE-2022-31608 (NVIDIA GPU Display Driver for Linux contains a vulnerability in an opt ...) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1016615) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 (bug #1016617) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) +CVE-2022-31607 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 470.141.03-1 (bug #1016614) + [bullseye] - nvidia-graphics-drivers 470.141.03-1~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1016615) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.154-1 (bug #1016616) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.154-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 (bug #1016617) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported) + - nvidia-graphics-drivers-tesla-450 450.203.03-1 (bug #1016618) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.203.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 460.106.00-3 (bug #1016619) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + NOTE: 460.106.00-3 turned the package into a metapackage to aid switching to nvidia-graphics-drivers-tesla-470 + - nvidia-graphics-drivers-tesla-470 470.141.03-1 (bug #1016620) + [bullseye] - nvidia-graphics-drivers-tesla-470 470.141.03-1~deb11u1 + - nvidia-graphics-drivers-tesla-510 510.85.02-1 (bug #1016621) +CVE-2022-31606 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2022-31605 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its util ...) + NOT-FOR-US: NVFLARE +CVE-2022-31604 (NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI ...) + NOT-FOR-US: NVFLARE +CVE-2022-31603 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...) + NOT-FOR-US: NVIDIA +CVE-2022-31602 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, whe ...) + NOT-FOR-US: NVIDIA +CVE-2022-31601 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, wh ...) + NOT-FOR-US: NVIDIA +CVE-2022-31600 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, wher ...) + NOT-FOR-US: NVIDIA +CVE-2022-31599 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a ...) + NOT-FOR-US: NVIDIA +CVE-2022-1876 (Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005. ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1875 (Inappropriate implementation in PDF in Google Chrome prior to 102.0.50 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1874 (Insufficient policy enforcement in Safe Browsing in Google Chrome on M ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1873 (Insufficient policy enforcement in COOP in Google Chrome prior to 102. ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1872 (Insufficient policy enforcement in Extensions API in Google Chrome pri ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1871 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1870 (Use after free in App Service in Google Chrome prior to 102.0.5005.61 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1869 (Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://securitylab.github.com/advisories/GHSL-2022-043_Chromium/ +CVE-2022-1868 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1867 (Insufficient validation of untrusted input in Data Transfer in Google ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1866 (Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 1 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1865 (Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 al ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1864 (Use after free in WebApp Installs in Google Chrome prior to 102.0.5005 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1863 (Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 a ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1862 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1861 (Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1860 (Use after free in UI Foundations in Google Chrome on Chrome OS prior t ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1859 (Use after free in Performance Manager in Google Chrome prior to 102.0. ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1858 (Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1857 (Insufficient policy enforcement in File System API in Google Chrome pr ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1856 (Use after free in User Education in Google Chrome prior to 102.0.5005. ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1855 (Use after free in Messaging in Google Chrome prior to 102.0.5005.61 al ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1854 (Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowe ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1853 (Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 a ...) + {DSA-5148-1} + - chromium 102.0.5005.61-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1852 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s K ...) + {DSA-5161-1} + - linux 5.18.2-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/fee060cd52d69c114b62d1a2948ea9648b5131f9 +CVE-2022-1851 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3053-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/f8af901a-9a46-440d-942a-8f815b59394d + NOTE: https://github.com/vim/vim/commit/78d52883e10d71f23ab72a3d8b9733b00da8c9ad (v8.2.5013) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1850 (Path Traversal in GitHub repository filegator/filegator prior to 7.8.0 ...) + NOT-FOR-US: filegator +CVE-2022-1849 (Session Fixation in GitHub repository filegator/filegator prior to 7.8 ...) + NOT-FOR-US: filegator +CVE-2022-1848 (Business Logic Errors in GitHub repository erudika/para prior to 1.45. ...) + NOT-FOR-US: erudika/para +CVE-2022-1847 (The Rotating Posts WordPress plugin through 1.11 does not have CSRF ch ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1846 (The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1845 (The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1844 (The WP Sentry WordPress plugin through 1.0 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1843 (The MailPress WordPress plugin through 7.2.1 does not have CSRF checks ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1842 (The OpenBook Book Data WordPress plugin through 3.5.2 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4230 (A vulnerability has been found in Airfield Online and classified as pr ...) + NOT-FOR-US: Airfield Online +CVE-2021-4229 (A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has b ...) + - node-ua-parser-js (Vulnerable versions not uploaded to Debian) + NOTE: https://github.com/advisories/GHSA-pjwm-rvh2-c87w + NOTE: https://github.com/faisalman/ua-parser-js/issues/536 + NOTE: https://vuldb.com/?id.185453 +CVE-2014-125001 (A vulnerability classified as critical has been found in Cardo Systems ...) + NOT-FOR-US: Cardo Systems Scala Rider Q3 +CVE-2013-10004 (A vulnerability classified as critical was found in Telecommunication ...) + NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite +CVE-2013-10003 (A vulnerability classified as critical has been found in Telecommunica ...) + NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite +CVE-2013-10002 (A vulnerability was found in Telecommunication Software SAMwin Contact ...) + NOT-FOR-US: Telecommunication Software SAMwin Contact Center Suite +CVE-2022-31598 (Due to insufficient input validation, SAP Business Objects - version 4 ...) + NOT-FOR-US: SAP +CVE-2022-31597 (Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAP ...) + NOT-FOR-US: SAP +CVE-2022-31596 (Under certain conditions, an attacker authenticated as a CMS administr ...) + NOT-FOR-US: SAP +CVE-2022-31595 (SAP Financial Consolidation - version 1010,\ufffddoes not perform nece ...) + NOT-FOR-US: SAP +CVE-2022-31594 (A highly privileged user can exploit SUID-root program to escalate his ...) + NOT-FOR-US: SAP +CVE-2022-31593 (SAP Business One client - version 10.0 allows an attacker with low pri ...) + NOT-FOR-US: SAP +CVE-2022-31592 (The application SAP Enterprise Extension Defense Forces & Public Secur ...) + NOT-FOR-US: SAP +CVE-2022-31591 (SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a s ...) + NOT-FOR-US: SAP +CVE-2022-31590 (SAP PowerDesigner Proxy - version 16.7, allows an attacker with low pr ...) + NOT-FOR-US: SAP +CVE-2022-31589 (Due to improper authorization check, business users who are using Isra ...) + NOT-FOR-US: SAP +CVE-2022-31588 (The zippies/testplatform repository through 2016-07-19 on GitHub allow ...) + NOT-FOR-US: zippies/testplatform +CVE-2022-31587 (The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on Gi ...) + NOT-FOR-US: yuriyouzhou/KG-fashion-chatbot +CVE-2022-31586 (The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 ...) + NOT-FOR-US: unizar-30226-2019-06/ChangePop-Back +CVE-2022-31585 (The umeshpatil-dev/Home__internet repository through 2020-08-28 on Git ...) + NOT-FOR-US: umeshpatil-dev/Home__internet +CVE-2022-31584 (The stonethree/s3label repository through 2019-08-14 on GitHub allows ...) + NOT-FOR-US: stonethree/s3label +CVE-2022-31583 (The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 ...) + NOT-FOR-US: sravaniboinepelli/AutomatedQuizEval +CVE-2022-31582 (The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows ...) + NOT-FOR-US: shaolo1/VideoServer +CVE-2022-31581 (The scorelab/OpenMF repository before 2022-05-03 on GitHub allows abso ...) + NOT-FOR-US: scorelab/OpenMF +CVE-2022-31580 (The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitH ...) + NOT-FOR-US: sanojtharindu/caretakerr-api +CVE-2022-31579 (The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows ...) + NOT-FOR-US: ralphjzhang/iasset +CVE-2022-31578 (The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows ...) + NOT-FOR-US: piaoyunsoft/bt_lnmp +CVE-2022-31577 (The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on G ...) + NOT-FOR-US: longmaoteamtf/audio_aligner_app +CVE-2022-31576 (The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitH ...) + NOT-FOR-US: heidi-luong1109/shackerpanel +CVE-2022-31575 (The duducosmos/livro_python repository through 2018-06-06 on GitHub al ...) + NOT-FOR-US: duducosmos/livro_python +CVE-2022-31574 (The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub ...) + NOT-FOR-US: deepaliupadhyay/RealEstate +CVE-2022-31573 (The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub al ...) + NOT-FOR-US: chainer/chainerrl-visualizer +CVE-2022-31572 (The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows ...) + NOT-FOR-US: ceee-vip/cockybook +CVE-2022-31571 (The akashtalole/python-flask-restful-api repository through 2019-09-16 ...) + NOT-FOR-US: akashtalole/python-flask-restful-api +CVE-2022-31570 (The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 o ...) + NOT-FOR-US: adriankoczuruek/ceneo-web-scrapper +CVE-2022-31569 + REJECTED +CVE-2022-31568 (The Rexians/rex-web repository through 2022-06-05 on GitHub allows abs ...) + NOT-FOR-US: Rexians/rex-web +CVE-2022-31567 (The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute ...) + NOT-FOR-US: DSABenchmark/DSAB +CVE-2022-31566 (The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows abs ...) + NOT-FOR-US: DSAB-local/DSAB +CVE-2022-31565 (The yogson/syrabond repository through 2020-05-25 on GitHub allows abs ...) + NOT-FOR-US: yogson/syrabond +CVE-2022-31564 (The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows ...) + NOT-FOR-US: woduq1414/munhak-moa +CVE-2022-31563 (The whmacmac/vprj repository through 2022-04-06 on GitHub allows absol ...) + NOT-FOR-US: whmacmac/vprj +CVE-2022-31562 (The waveyan/internshipsystem repository through 2018-05-22 on GitHub a ...) + NOT-FOR-US: waveyan/internshipsystem +CVE-2022-31561 (The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on ...) + NOT-FOR-US: varijkapil13/Sphere_ImageBackend +CVE-2022-31560 (The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows ...) + NOT-FOR-US: uncleYiba/photo_tag +CVE-2022-31559 (The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows ...) + NOT-FOR-US: tsileo/flask-yeoman +CVE-2022-31558 (The tooxie/shiva-server repository through 0.10.0 on GitHub allows abs ...) + NOT-FOR-US: tooxie/shiva-server +CVE-2022-31557 (The seveas/golem repository through 2016-05-17 on GitHub allows absolu ...) + NOT-FOR-US: seveas/golem +CVE-2022-31556 (The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHu ...) + NOT-FOR-US: rusyasoft/TrainEnergyServer +CVE-2022-31555 (The romain20100/nursequest repository through 2018-02-22 on GitHub all ...) + NOT-FOR-US: romain20100/nursequest +CVE-2022-31554 (The rohitnayak/movie-review-sentiment-analysis repository through 2017 ...) + NOT-FOR-US: rohitnayak/movie-review-sentiment-analysis +CVE-2022-31553 (The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub a ...) + NOT-FOR-US: rainsoupah/sleep-learner +CVE-2022-31552 (The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on Gi ...) + NOT-FOR-US: project-anuvaad/anuvaad-corpus +CVE-2022-31551 (The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub ...) + NOT-FOR-US: pleomax00/flask-mongo-skel +CVE-2022-31550 (The olmax99/pyathenastack repository through 2019-11-08 on GitHub allo ...) + NOT-FOR-US: olmax99/pyathenastack +CVE-2022-31549 (The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub a ...) + NOT-FOR-US: olmax99/helm-flask-celery +CVE-2022-31548 (The nrlakin/homepage repository through 2017-03-06 on GitHub allows ab ...) + NOT-FOR-US: nrlakin/homepage +CVE-2022-31547 (The noamezekiel/sphere repository through 2020-05-31 on GitHub allows ...) + NOT-FOR-US: noamezekiel/sphere +CVE-2022-31546 (The nlpweb/glance repository through 2014-06-27 on GitHub allows absol ...) + NOT-FOR-US: nlpweb/glance +CVE-2022-31545 (The ml-inory/ModelConverter repository through 2021-04-26 on GitHub al ...) + NOT-FOR-US: ml-inory/ModelConverter +CVE-2022-31544 (The meerstein/rbtm repository through 1.5 on GitHub allows absolute pa ...) + NOT-FOR-US: meerstein/rbtm +CVE-2022-31543 (The maxtortime/SetupBox repository through 1.0 on GitHub allows absolu ...) + NOT-FOR-US: maxtortime/SetupBox +CVE-2022-31542 (The mandoku/mdweb repository through 2015-05-07 on GitHub allows absol ...) + NOT-FOR-US: mandoku/mdweb +CVE-2022-31541 (The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on Git ...) + NOT-FOR-US: lyubolp/Barry-Voice-Assistant +CVE-2022-31540 (The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on ...) + NOT-FOR-US: kumardeepak/hin-eng-preprocessing +CVE-2022-31539 (The kotekan/kotekan repository through 2021.11 on GitHub allows absolu ...) + NOT-FOR-US: kotekan/kotekan +CVE-2022-31538 (The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on Git ...) + NOT-FOR-US: joaopedro-fg/mp-m08-interface +CVE-2022-31537 (The jmcginty15/Solar-system-simulator repository through 2021-07-26 on ...) + NOT-FOR-US: jmcginty15/Solar-system-simulator +CVE-2022-31536 (The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub all ...) + NOT-FOR-US: jaygarza1982/ytdl-sync +CVE-2022-31535 (The freefood89/Fishtank repository through 2015-06-24 on GitHub allows ...) + NOT-FOR-US: freefood89/Fishtank +CVE-2022-31534 (The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub all ...) + NOT-FOR-US: echoleegroup/PythonWeb +CVE-2022-31533 (The decentraminds/umbral repository through 2020-01-15 on GitHub allow ...) + NOT-FOR-US: decentraminds/umbral +CVE-2022-31532 (The dankolbman/travel_blahg repository through 2016-01-16 on GitHub al ...) + NOT-FOR-US: dankolbman/travel_blahg +CVE-2022-31531 (The dainst/cilantro repository through 0.0.4 on GitHub allows absolute ...) + NOT-FOR-US: dainst/cilantro +CVE-2022-31530 (The csm-aut/csm repository through 3.5 on GitHub allows absolute path ...) + NOT-FOR-US: csm-aut/csm +CVE-2022-31529 (The cinemaproject/monorepo repository through 2021-03-03 on GitHub all ...) + NOT-FOR-US: cinemaproject/monorepo +CVE-2022-31528 (The bonn-activity-maps/bam_annotation_tool repository through 2021-08- ...) + NOT-FOR-US: bonn-activity-maps/bam_annotation_tool +CVE-2022-31527 (The Wildog/flask-file-server repository through 2020-02-20 on GitHub a ...) + NOT-FOR-US: Wildog/flask-file-server +CVE-2022-31526 (The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub all ...) + NOT-FOR-US: ThundeRatz/ThunderDocs +CVE-2022-31525 (The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute p ...) + NOT-FOR-US: SummaLabs/DLS +CVE-2022-31524 (The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub ...) + NOT-FOR-US: PureStorage-OpenConnect/swagger +CVE-2022-31523 (The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows abso ...) + NOT-FOR-US: PaddlePaddle/Anakin +CVE-2022-31522 (The NotVinay/karaokey repository through 2019-12-11 on GitHub allows a ...) + NOT-FOR-US: NotVinay/karaokey +CVE-2022-31521 (The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows abs ...) + NOT-FOR-US: Niyaz-Mohamed/mosaic +CVE-2022-31520 (The Luxas98/logstash-management-api repository through 2020-05-04 on G ...) + NOT-FOR-US: Luxas98/logstash-management-api +CVE-2022-31519 (The Lukasavicus/WindMill repository through 1.0 on GitHub allows absol ...) + NOT-FOR-US: Lukasavicus/WindMill +CVE-2022-31518 (The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository thr ...) + NOT-FOR-US: JustAnotherSoftwareDeveloper/Python-Recipe-Database +CVE-2022-31517 (The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows abs ...) + NOT-FOR-US: HolgerGraef/MSM +CVE-2022-31516 (The Harveyzyh/Python repository through 2022-05-04 on GitHub allows ab ...) + NOT-FOR-US: Harveyzyh/Python +CVE-2022-31515 (The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute ...) + NOT-FOR-US: Delor4/CarceresBE +CVE-2022-31514 (The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub ...) + NOT-FOR-US: Caoyongqi912/Fan_Platform +CVE-2022-31513 (The BolunHan/Krypton repository through 2021-06-03 on GitHub allows ab ...) + NOT-FOR-US: BolunHan/Krypton +CVE-2022-31512 (The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows ab ...) + NOT-FOR-US: Atom02/flask-mvc +CVE-2022-31511 (The AFDudley/equanimity repository through 2014-04-23 on GitHub allows ...) + NOT-FOR-US: AFDudley/equanimity +CVE-2022-31510 (The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub all ...) + NOT-FOR-US: sergeKashkin/Simple-RAT +CVE-2022-31509 (The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows ...) + NOT-FOR-US: iedadata/usap-dc-website +CVE-2022-31508 (The idayrus/evoting repository before 2022-05-08 on GitHub allows abso ...) + NOT-FOR-US: idayrus/evoting +CVE-2022-31507 (The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolut ...) + NOT-FOR-US: ganga-devs/ganga +CVE-2022-31506 (The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows ...) + NOT-FOR-US: cmusatyalab/opendiamond +CVE-2022-31505 (The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub a ...) + NOT-FOR-US: cheo0/MercadoEnLineaBack +CVE-2022-31504 (The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 ...) + NOT-FOR-US: ChangeWeDer/BaiduWenkuSpider_flaskWeb +CVE-2022-31503 (The orchest/orchest repository before 2022.05.0 on GitHub allows absol ...) + NOT-FOR-US: orchest/orchest +CVE-2022-31502 (The operatorequals/wormnest repository through 0.4.7 on GitHub allows ...) + NOT-FOR-US: operatorequals/wormnest +CVE-2022-31501 (The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allow ...) + NOT-FOR-US: ChaoticOnyx/OnyxForum +CVE-2022-31500 (In KNIME Analytics Platform below 4.6.0, the Windows installer sets im ...) + NOT-FOR-US: KNIME Analytics Platform +CVE-2022-31499 (Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauth ...) + NOT-FOR-US: Nortek Linear eMerge E3-Series devices +CVE-2022-31498 (LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialo ...) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31497 (LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigat ...) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31496 (LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_sit ...) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31495 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page ...) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31494 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31493 (LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31492 (Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 ...) + NOT-FOR-US: LibreHealth EHR Base +CVE-2022-31491 + RESERVED +CVE-2022-31490 + RESERVED +CVE-2022-31489 (Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inouti ...) + NOT-FOR-US: Inout Blockchain AltExchanger +CVE-2022-31488 (Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_mark ...) + NOT-FOR-US: Inout Blockchain AltExchanger +CVE-2022-31487 (Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger ...) + NOT-FOR-US: Inout Blockchain AltExchanger +CVE-2022-31486 (An authenticated attacker can send a specially crafted route to the \u ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31485 (An unauthenticated attacker can send a specially crafted packets to up ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31484 (An unauthenticated attacker can send a specially crafted network packe ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31483 (An authenticated attacker can upload a file with a filename including ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31482 (An unauthenticated attacker can send a specially crafted unauthenticat ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31481 (An unauthenticated attacker can send a specially crafted update file t ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31480 (An unauthenticated attacker could arbitrarily upload firmware files to ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31479 (An unauthenticated attacker can update the hostname with a specially c ...) + NOT-FOR-US: HID Mercury Intelligent Controllers +CVE-2022-31478 (The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to l ...) + NOT-FOR-US: UserTakeOver plugin for ILIAS +CVE-2022-1841 (In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parame ...) + NOT-FOR-US: zephyr-rtos +CVE-2022-1840 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Home Clean Services Management System +CVE-2022-1839 (A vulnerability classified as critical was found in Home Clean Service ...) + NOT-FOR-US: Home Clean Services Management System +CVE-2022-1838 (A vulnerability classified as critical has been found in Home Clean Se ...) + NOT-FOR-US: Home Clean Services Management System +CVE-2022-1837 (A vulnerability was found in Home Clean Services Management System 1.0 ...) + NOT-FOR-US: Home Clean Services Management System +CVE-2022-31470 (An XSS vulnerability in the index_mobile_changepass.hsp reset-password ...) + NOT-FOR-US: Axigen Mobile WebMail +CVE-2022-31469 (OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrate ...) + NOT-FOR-US: OX App Suite +CVE-2022-31468 (OX App Suite through 8.2 allows XSS via an attachment or OX Drive cont ...) + NOT-FOR-US: OX App Suite +CVE-2022-31467 (A DLL hijacking vulnerability in the installed for Quick Heal Total Se ...) + NOT-FOR-US: Quick Heal Total Security +CVE-2022-31466 (Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total ...) + NOT-FOR-US: Quick Heal Total Security +CVE-2022-31465 (A vulnerability has been identified in Xpedition Designer VX.2.10 (All ...) + NOT-FOR-US: Siemens +CVE-2022-31464 (Insecure permissions configuration in Adaware Protect v1.2.439.4251 al ...) + NOT-FOR-US: Adaware +CVE-2022-31463 (Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetoot ...) + NOT-FOR-US: Owl Labs Meeting Owl +CVE-2022-31462 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device v ...) + NOT-FOR-US: Owl Labs Meeting Owl +CVE-2022-31461 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passc ...) + NOT-FOR-US: Owl Labs Meeting Owl +CVE-2022-31460 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering M ...) + NOT-FOR-US: Owl Labs Meeting Owl +CVE-2022-31459 (Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcod ...) + NOT-FOR-US: Owl Labs Meeting Owl +CVE-2022-31458 (RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning ...) + NOT-FOR-US: RTX TRAP +CVE-2022-31457 (RTX TRAP v1.0 allows attackers to perform a directory traversal via a ...) + NOT-FOR-US: RTX TRAP +CVE-2022-31456 (A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows a ...) + NOT-FOR-US: Truedesk +CVE-2022-31455 (* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows ...) + NOT-FOR-US: Truedesk +CVE-2022-31454 (Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) v ...) + - yii (bug #597899) +CVE-2022-31453 + RESERVED +CVE-2022-31452 + RESERVED +CVE-2022-31451 + RESERVED +CVE-2022-31450 + RESERVED +CVE-2022-31449 + RESERVED +CVE-2022-31448 + RESERVED +CVE-2022-31447 (An XML external entity (XXE) injection vulnerability in Magicpin v3.4 ...) + NOT-FOR-US: Magicpin +CVE-2022-31446 (Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to cont ...) + NOT-FOR-US: Tenda +CVE-2022-31445 + RESERVED +CVE-2022-31444 + RESERVED +CVE-2022-31443 + RESERVED +CVE-2022-31442 + RESERVED +CVE-2022-31441 + RESERVED +CVE-2022-31440 + RESERVED +CVE-2022-31439 + RESERVED +CVE-2022-31438 + RESERVED +CVE-2022-31437 + RESERVED +CVE-2022-31436 + RESERVED +CVE-2022-31435 + RESERVED +CVE-2022-31434 + RESERVED +CVE-2022-31433 + RESERVED +CVE-2022-31432 + RESERVED +CVE-2022-31431 + RESERVED +CVE-2022-31430 + RESERVED +CVE-2022-31429 + RESERVED +CVE-2022-31428 + RESERVED +CVE-2022-31427 + RESERVED +CVE-2022-31426 + RESERVED +CVE-2022-31425 + RESERVED +CVE-2022-31424 + RESERVED +CVE-2022-31423 + RESERVED +CVE-2022-31422 + RESERVED +CVE-2022-31421 + RESERVED +CVE-2022-31420 + RESERVED +CVE-2022-31419 + RESERVED +CVE-2022-31418 + RESERVED +CVE-2022-31417 + RESERVED +CVE-2022-31416 + RESERVED +CVE-2022-31415 (Online Fire Reporting System v1.0 was discovered to contain a SQL inje ...) + NOT-FOR-US: Online Fire Reporting System +CVE-2022-31414 (D-Link DIR-1960 firmware DIR-1960_A1_1.11 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2022-31413 + RESERVED +CVE-2022-31412 + RESERVED +CVE-2022-31411 + RESERVED +CVE-2022-31410 + RESERVED +CVE-2022-31409 + RESERVED +CVE-2022-31408 + RESERVED +CVE-2022-31407 + RESERVED +CVE-2022-31406 + RESERVED +CVE-2022-31405 (MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext ...) + NOT-FOR-US: MV iDigital Clinic Enterprise +CVE-2022-31404 + RESERVED +CVE-2022-31403 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: ITOP +CVE-2022-31402 (ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: ITOP +CVE-2022-31401 + RESERVED +CVE-2022-31400 (A cross-site scripting (XSS) vulnerability in /staff/setup/email-addre ...) + NOT-FOR-US: Helpdeskz +CVE-2022-31399 + RESERVED +CVE-2022-31398 (A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fiel ...) + NOT-FOR-US: Helpdeskz +CVE-2022-31397 + RESERVED +CVE-2022-31396 + RESERVED +CVE-2022-31395 (Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware ...) + NOT-FOR-US: Algo Communication Products +CVE-2022-31394 (Hyperium Hyper before 0.14.19 does not allow for customization of the ...) + - rust-hyper 0.14.19-1 +CVE-2022-31393 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...) + NOT-FOR-US: Jizhicms +CVE-2022-31392 + RESERVED +CVE-2022-31391 + RESERVED +CVE-2022-31390 (Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forger ...) + NOT-FOR-US: Jizhicms +CVE-2022-31389 + RESERVED +CVE-2022-31388 + RESERVED +CVE-2022-31387 + RESERVED +CVE-2022-31386 (A Server-Side Request Forgery (SSRF) in the getFileBinary function of ...) + NOT-FOR-US: nbnbk cms +CVE-2022-31385 + RESERVED +CVE-2022-31384 (Directory Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Directory Management System +CVE-2022-31383 (Directory Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Directory Management System +CVE-2022-31382 (Directory Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Directory Management System +CVE-2022-31381 + RESERVED +CVE-2022-31380 + RESERVED +CVE-2022-31379 + RESERVED +CVE-2022-31378 + RESERVED +CVE-2022-31377 + RESERVED +CVE-2022-31376 + RESERVED +CVE-2022-31375 + RESERVED +CVE-2022-31374 (An arbitrary file upload vulnerability /images/background/1.php in of ...) + NOT-FOR-US: SolarView Compact +CVE-2022-31373 (SolarView Compact v6.0 was discovered to contain a cross-site scriptin ...) + NOT-FOR-US: SolarView Compact +CVE-2022-31372 (Wiris Mathtype v7.28.0 was discovered to contain a path traversal vuln ...) + NOT-FOR-US: Wiris Mathtype +CVE-2022-31371 + RESERVED +CVE-2022-31370 + RESERVED +CVE-2022-31369 + RESERVED +CVE-2022-31368 + RESERVED +CVE-2022-31367 (Strapi before 3.6.10 and 4.x before 4.1.10 mishandles hidden attribute ...) + NOT-FOR-US: Strapi +CVE-2022-31366 (An arbitrary file upload vulnerability in the apiImportLabs function i ...) + NOT-FOR-US: EVE-NG +CVE-2022-31365 + RESERVED +CVE-2022-31364 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...) + NOT-FOR-US: Cypress +CVE-2022-31363 (Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107 ...) + NOT-FOR-US: Cypress +CVE-2022-31362 (Docebo Community Edition v4.0.5 and below was discovered to contain an ...) + NOT-FOR-US: Docebo +CVE-2022-31361 (Docebo Community Edition v4.0.5 and below was discovered to contain a ...) + NOT-FOR-US: Docebo +CVE-2022-31360 + RESERVED +CVE-2022-31359 + RESERVED +CVE-2022-31358 (A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtua ...) + NOT-FOR-US: Proxmox Virtual Environment +CVE-2022-31357 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31356 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31355 (Online Ordering System v2.3.2 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31354 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31353 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31352 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31351 (Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31350 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31349 + RESERVED +CVE-2022-31348 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31347 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31346 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31345 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31344 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31343 (Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31342 (Online Car Wash Booking System v1.0 is vulnerable to Delete any file v ...) + NOT-FOR-US: Online Car Wash Booking System +CVE-2022-31341 + RESERVED +CVE-2022-31340 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) + NOT-FOR-US: Simple Inventory System +CVE-2022-31339 (Simple Inventory System v1.0 is vulnerable to SQL Injection via /inven ...) + NOT-FOR-US: Simple Inventory System +CVE-2022-31338 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31337 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31336 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31335 (Online Ordering System 2.3.2 is vulnerable to SQL Injection via /order ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31334 + RESERVED +CVE-2022-31333 + RESERVED +CVE-2022-31332 + RESERVED +CVE-2022-31331 + RESERVED +CVE-2022-31330 + RESERVED +CVE-2022-31329 (Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31328 (Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31327 (Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection ...) + NOT-FOR-US: Online Ordering System +CVE-2022-31326 + RESERVED +CVE-2022-31325 (There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'Per ...) + NOT-FOR-US: ChurchCRM +CVE-2022-31324 (An arbitrary file download vulnerability in the downloadAction() funct ...) + NOT-FOR-US: Penta Security Systems Inc WAPPLES +CVE-2022-31323 + RESERVED +CVE-2022-31322 (Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attacke ...) + NOT-FOR-US: Penta Security Systems Inc WAPPLES +CVE-2022-31321 (The foldername parameter in Bolt 5.1.7 was discovered to have incorrec ...) + NOT-FOR-US: Bolt CMS +CVE-2022-31320 + RESERVED +CVE-2022-31319 + RESERVED +CVE-2022-31318 + RESERVED +CVE-2022-31317 + RESERVED +CVE-2022-31316 + RESERVED +CVE-2022-31315 + RESERVED +CVE-2022-31314 + RESERVED +CVE-2022-31313 (api-res-py package in PyPI 0.1 is vulnerable to a code execution backd ...) + NOT-FOR-US: api-res-py +CVE-2022-31312 + RESERVED +CVE-2022-31311 (An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allow ...) + NOT-FOR-US: WAVLINK +CVE-2022-31310 + RESERVED +CVE-2022-31309 (A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5 ...) + NOT-FOR-US: WAVLINK +CVE-2022-31308 (A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V503 ...) + NOT-FOR-US: WAVLINK +CVE-2022-31307 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-31306 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-31305 + RESERVED +CVE-2022-31304 + RESERVED +CVE-2022-31303 (maccms10 was discovered to contain a stored cross-site scripting (XSS) ...) + NOT-FOR-US: maccms10 +CVE-2022-31302 (maccms8 was discovered to contain a stored cross-site scripting (XSS) ...) + NOT-FOR-US: maccms8 +CVE-2022-31301 (Haraj v3.7 was discovered to contain a stored cross-site scripting (XS ...) + NOT-FOR-US: Haraj +CVE-2022-31300 (A cross-site scripting vulnerability in the DM Section component of Ha ...) + NOT-FOR-US: Haraj +CVE-2022-31299 (Haraj v3.7 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: Haraj +CVE-2022-31298 (A cross-site scripting vulnerability in the ads comment section of Har ...) + NOT-FOR-US: Haraj +CVE-2022-31297 + RESERVED +CVE-2022-31296 (Online Discussion Forum Site 1 was discovered to contain a blind SQL i ...) + NOT-FOR-US: Online Discussion Forum Site +CVE-2022-31295 (An issue in the delete_post() function of Online Discussion Forum Site ...) + NOT-FOR-US: Online Discussion Forum Site +CVE-2022-31294 (An issue in the save_users() function of Online Discussion Forum Site ...) + NOT-FOR-US: Online Discussion Forum Site +CVE-2022-31293 + RESERVED +CVE-2022-31292 + RESERVED +CVE-2022-31291 (An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows atta ...) + {DLA-3231-1} + - dlt-daemon 2.18.6-2.1 (bug #1014534) + [bullseye] - dlt-daemon 2.18.6-1+deb11u1 + NOTE: https://github.com/COVESA/dlt-daemon/pull/376 + NOTE: https://github.com/COVESA/dlt-daemon/commit/6a3bd901d825c7206797e36ea98e10a218f5aad2 +CVE-2022-31290 (A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 ...) + NOT-FOR-US: Known +CVE-2022-31289 + REJECTED +CVE-2022-31288 + RESERVED +CVE-2022-31287 (An issue was discovered in Bento4 v1.2. There is an allocation size re ...) + NOT-FOR-US: Bento4 +CVE-2022-31286 + RESERVED +CVE-2022-31285 (An issue was discovered in Bento4 1.2. The allocator is out of memory ...) + NOT-FOR-US: Bento4 +CVE-2022-31284 + RESERVED +CVE-2022-31283 + RESERVED +CVE-2022-31282 (Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation ...) + NOT-FOR-US: Bento4 +CVE-2022-31281 + RESERVED +CVE-2022-31280 + RESERVED +CVE-2022-31279 + REJECTED +CVE-2022-31278 + RESERVED +CVE-2022-31277 (Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay at ...) + NOT-FOR-US: Xiaomi Lamp +CVE-2022-31276 + RESERVED +CVE-2022-31275 + RESERVED +CVE-2022-31274 + RESERVED +CVE-2022-31273 (An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smp ...) + NOT-FOR-US: TopIDP3000 Topsec Operating System +CVE-2022-31272 + RESERVED +CVE-2022-31271 + RESERVED +CVE-2022-31270 + RESERVED +CVE-2022-30540 (The affected product is vulnerable to a heap-based buffer overflow via ...) + NOT-FOR-US: Horner Automation +CVE-2022-29488 (The affected product is vulnerable to an out-of-bounds read via uninit ...) + NOT-FOR-US: Horner Automation +CVE-2022-28690 (The affected product is vulnerable to an out-of-bounds write via unini ...) + NOT-FOR-US: Horner Automation +CVE-2022-27184 (The affected product is vulnerable to an out-of-bounds write, which ma ...) + NOT-FOR-US: Horner Automation +CVE-2022-1836 + REJECTED +CVE-2022-1835 + REJECTED +CVE-2022-1834 (When displaying the sender of an email, and the sender name contained ...) + {DSA-5158-1 DLA-3041-1} + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/#CVE-2022-1834 +CVE-2022-1833 (A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using O ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2022-1832 (The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1831 (The WPlite WordPress plugin through 1.3.1 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1830 (The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not ha ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1829 (The Inline Google Maps WordPress plugin through 5.11 does not have CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1828 (The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1827 (The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1826 (The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1825 (Cross-site Scripting (XSS) - Reflected in GitHub repository collective ...) + NOT-FOR-US: collectiveaccess/providence +CVE-2022-1824 (An uncontrolled search path vulnerability in McAfee Consumer Product R ...) + NOT-FOR-US: McAfee +CVE-2022-1823 (Improper privilege management vulnerability in McAfee Consumer Product ...) + NOT-FOR-US: McAfee +CVE-2022-1822 (The Zephyr Project Manager plugin for WordPress is vulnerable to Refle ...) + NOT-FOR-US: Zephyr Project Manager plugin for WordPress +CVE-2022-1821 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + [experimental] - gitlab 14.9.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1820 (The Keep Backup Daily plugin for WordPress is vulnerable to Reflected ...) + NOT-FOR-US: Keep Backup Daily plugin for WordPress +CVE-2022-1819 (A vulnerability, which was classified as problematic, was found in Stu ...) + NOT-FOR-US: Student Information System +CVE-2022-1818 (The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1817 (A vulnerability, which was classified as problematic, was found in Bad ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-1816 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Zoo Management System +CVE-2022-1815 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1814 (The WP Admin Style WordPress plugin through 0.1.2 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30549 (Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earl ...) + NOT-FOR-US: Fuji +CVE-2022-29524 (Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and ear ...) + NOT-FOR-US: Fuji +CVE-2022-29506 (Out-of-bounds read vulnerability exist in the simulator module contain ...) + NOT-FOR-US: Fuji +CVE-2022-1813 (OS Command Injection in GitHub repository yogeshojha/rengine prior to ...) + NOT-FOR-US: yogeshojha/rengine +CVE-2022-1812 (Integer Overflow or Wraparound in GitHub repository publify/publify pr ...) + NOT-FOR-US: Publify +CVE-2022-1811 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) + NOT-FOR-US: Publify +CVE-2022-1810 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: Publify +CVE-2022-31269 (Nortek Linear eMerge E3-Series devices through 0.32-09c place admin cr ...) + NOT-FOR-US: Nortek Linear eMerge E3-Series devices +CVE-2022-31268 (A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading we ...) + NOT-FOR-US: Gitblit +CVE-2022-31267 (Gitblit 1.9.2 allows privilege escalation via the Config User Service: ...) + NOT-FOR-US: Gitblit +CVE-2022-31266 (In ILIAS through 7.10, lack of verification when changing an email add ...) + - ilias (bug #195688) +CVE-2022-31265 (The replay feature in the client in Wargaming World of Warships 0.11.4 ...) + NOT-FOR-US: client in Wargaming World of Warships +CVE-2022-31264 (Solana solana_rbpf before 0.2.29 has an addition integer overflow via ...) + NOT-FOR-US: Solana rBPF +CVE-2022-31263 (app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail ...) + - mastodon (bug #859741) +CVE-2022-31262 (An exploitable local privilege escalation vulnerability exists in GOG ...) + NOT-FOR-US: GOG Galaxy +CVE-2022-31261 (An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x throu ...) + NOT-FOR-US: Morpheus +CVE-2022-1809 (Access of Uninitialized Pointer in GitHub repository radareorg/radare2 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/0730a95e-c485-4ff2-9a5d-bb3abfda0b17 + NOTE: https://github.com/radareorg/radare2/commit/919e3ac1a13f753c73e7a8e8d8bb4a143218732d +CVE-2022-31260 (In Montala ResourceSpace through 9.8 before r19636, csv_export_results ...) + NOT-FOR-US: Montala ResourceSpace +CVE-2022-31259 (The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 a ...) + NOT-FOR-US: Beego +CVE-2022-31258 (In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1. ...) + - check-mk +CVE-2022-1808 (Execution with Unnecessary Privileges in GitHub repository polonel/tru ...) + NOT-FOR-US: Trudesk +CVE-2022-31257 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Mendix +CVE-2022-31256 (A Improper Link Resolution Before File Access ('Link Following') vulne ...) + - sendmail (Vulnerability in SUSE-specific script used in sentmail-client.service service unit) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1204696 +CVE-2022-31255 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) + NOT-FOR-US: Uyuni +CVE-2022-31254 (A Incorrect Default Permissions vulnerability in rmt-server-regsharing ...) + NOT-FOR-US: SAP +CVE-2022-31253 (A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory ...) + - openldap (SuSE-specific packaging issue) +CVE-2022-31252 (A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enter ...) + NOT-FOR-US: OpenSUSE +CVE-2022-31251 (A Incorrect Default Permissions vulnerability in the packaging of the ...) + - slurm-wlm (SUSE specific packaging issue) +CVE-2022-31250 (A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of o ...) + NOT-FOR-US: keylime +CVE-2022-31249 (A Improper Neutralization of Special Elements used in an OS Command (' ...) + NOT-FOR-US: Rancher +CVE-2022-31248 (A Observable Response Discrepancy vulnerability in spacewalk-java of S ...) + NOT-FOR-US: Uyuni +CVE-2022-31247 (An Improper Authorization vulnerability in SUSE Rancher, allows any us ...) + NOT-FOR-US: Rancher +CVE-2022-1807 (Multiple SQLi vulnerabilities in Webadmin allow for privilege escalati ...) + NOT-FOR-US: Sophos +CVE-2022-1806 (Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rt ...) + NOT-FOR-US: RTX +CVE-2022-31246 (paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the ...) + NOT-FOR-US: Electrum +CVE-2022-31245 (mailcow before 2022-05d allows a remote authenticated user to inject O ...) + NOT-FOR-US: mailcow +CVE-2022-31244 (Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows f ...) + NOT-FOR-US: Nokia +CVE-2022-31243 (Update description and links DMA transactions which are targeted at in ...) + NOT-FOR-US: Insyde +CVE-2022-31242 + REJECTED +CVE-2022-31241 + RESERVED +CVE-2022-31240 + RESERVED +CVE-2022-1805 (When connecting to Amazon Workspaces, the SHA256 presented by AWS conn ...) + NOT-FOR-US: Tera2 +CVE-2022-1804 + RESERVED +CVE-2022-1803 (Improper Restriction of Rendered UI Layers or Frames in GitHub reposit ...) + NOT-FOR-US: Trudesk +CVE-2022-1802 (If an attacker was able to corrupt the methods of an Array object in J ...) + {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} + - firefox 100.0.2-1 + - firefox-esr 91.9.1esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1802 + NOTE: https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 +CVE-2020-36522 + RESERVED +CVE-2022-31239 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) + NOT-FOR-US: Dell +CVE-2022-31238 (Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9. ...) + NOT-FOR-US: Dell +CVE-2022-31237 (Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and ...) + NOT-FOR-US: Dell +CVE-2022-31236 + RESERVED +CVE-2022-31235 + RESERVED +CVE-2022-31234 (Dell EMC PowerStore, contain(s) an Improper Restriction of Excessive A ...) + NOT-FOR-US: Dell +CVE-2022-31233 (Unisphere for PowerMax versions before 9.2.3.15 contain a privilege es ...) + NOT-FOR-US: Dell +CVE-2022-31232 (SmartFabric storage software version 1.0.0 contains a Command-Injectio ...) + NOT-FOR-US: SmartFabric storage software +CVE-2022-31231 + RESERVED +CVE-2022-31230 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky c ...) + NOT-FOR-US: Dell +CVE-2022-31229 (Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message ...) + NOT-FOR-US: Dell +CVE-2022-31228 (Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vu ...) + NOT-FOR-US: Dell +CVE-2022-31227 + REJECTED +CVE-2022-31226 (Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability ...) + NOT-FOR-US: Dell +CVE-2022-31225 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-31224 (Dell BIOS versions contain an Improper Protection Against Voltage and ...) + NOT-FOR-US: Dell +CVE-2022-31223 (Dell BIOS versions contain an Improper Neutralization of Null Byte vul ...) + NOT-FOR-US: Dell +CVE-2022-31222 (Dell BIOS versions contain a Missing Release of Resource after Effecti ...) + NOT-FOR-US: Dell +CVE-2022-31221 (Dell BIOS versions contain an Information Exposure vulnerability. A lo ...) + NOT-FOR-US: Dell +CVE-2022-31220 (Dell BIOS versions contain an Unchecked Return Value vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-31219 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) + NOT-FOR-US: Drive Composer +CVE-2022-31218 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) + NOT-FOR-US: Drive Composer +CVE-2022-31217 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) + NOT-FOR-US: Drive Composer +CVE-2022-31216 (Vulnerabilities in the Drive Composer allow a low privileged attacker ...) + NOT-FOR-US: Drive Composer +CVE-2022-1801 (The Very Simple Contact Form WordPress plugin before 11.6 exposes the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1800 (The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1799 (Incorrect signature trust exists within Google Play services SDK play- ...) + NOT-FOR-US: Google Play +CVE-2022-1798 (A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0. ...) + NOT-FOR-US: KubeVirt +CVE-2022-31215 (In certain Goverlan products, the Windows Firewall is temporarily turn ...) + NOT-FOR-US: Goverlan +CVE-2022-31214 (A Privilege Context Switching issue was discovered in join.c in Fireja ...) + {DSA-5167-1 DLA-3061-1} + - firejail 0.9.68-4 (bug #1012510) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/10 + NOTE: https://github.com/netblue30/firejail/commit/27cde3d7d1e4e16d4190932347c7151dc2a84c50 (0.9.70) + NOTE: https://github.com/netblue30/firejail/commit/04ff0edf74395ddcbbcec955279c74ed9a6c0f86 (0.9.70) + NOTE: https://github.com/netblue30/firejail/commit/dab835e7a0eb287822016f5ae4e87f46e1d363e7 (0.9.70) + NOTE: https://github.com/netblue30/firejail/commit/1884ea22a90d225950d81c804f1771b42ae55f54 (0.9.70) + NOTE: https://github.com/netblue30/firejail/files/8913178/CVE-2022-31214.zip (0.9.58.2 - 0.9.68 backports) +CVE-2022-31213 (An issue was discovered in dbus-broker before 31. Multiple NULL pointe ...) + - dbus-broker 30-1 + [bullseye] - dbus-broker 26-1+deb11u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094722 + NOTE: "CHANGES WITH 30:" mention: Fix NULL-derefs in the XML configuration parser. Empty XML tags could + NOTE: have caused NULL-derefs before. +CVE-2022-31212 (An issue was discovered in dbus-broker before 31. It depends on c-uitl ...) + - dbus-broker 30-1 (bug #1013343) + [bullseye] - dbus-broker 26-1+deb11u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2094718 + NOTE: Fixed by: https://github.com/c-util/c-shquote/commit/7fd15f8e272136955f7ffc37df29fbca9ddceca1 (v1.0.0) +CVE-2022-31211 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank ...) + NOT-FOR-US: Infiray +CVE-2022-31210 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file ...) + NOT-FOR-US: Infiray +CVE-2022-31209 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware con ...) + NOT-FOR-US: Infiray +CVE-2022-31208 (An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The webserver co ...) + NOT-FOR-US: Infiray +CVE-2022-31207 (The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP ...) + NOT-FOR-US: Omron +CVE-2022-31206 (The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX seri ...) + NOT-FOR-US: Omron +CVE-2022-31205 (In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, ...) + NOT-FOR-US: Omron +CVE-2022-31204 (Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use ...) + NOT-FOR-US: Omron +CVE-2022-31203 + RESERVED +CVE-2022-31202 (The export function in SoftGuard Web (SGW) before 5.1.5 allows directo ...) + NOT-FOR-US: SoftGuard Web +CVE-2022-31201 (SoftGuard Web (SGW) before 5.1.5 allows HTML injection.) + NOT-FOR-US: SoftGuard Web +CVE-2022-31200 (Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELangu ...) + NOT-FOR-US: Atmail +CVE-2022-31199 (Remote code execution vulnerabilities exist in the Netwrix Auditor Use ...) + NOT-FOR-US: Netwrix Auditor +CVE-2022-1797 (A malformed Class 3 common industrial protocol message with a cached c ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-31198 (OpenZeppelin Contracts is a library for secure smart contract developm ...) + NOT-FOR-US: OpenZeppelin +CVE-2022-31197 (PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to conn ...) + {DLA-3140-1} + - libpgjava 42.4.1-1 (bug #1016662) + [bullseye] - libpgjava (Minor issue) + NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2 + NOTE: https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637 (REL42.4.1-rc1) +CVE-2022-31196 (Databasir is a database metadata management platform. Databasir <= 1.0 ...) + NOT-FOR-US: Databasir +CVE-2022-31195 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31194 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31193 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31192 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31191 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31190 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31189 (DSpace open source software is a repository application which provides ...) + NOT-FOR-US: DSpace +CVE-2022-31188 (CVAT is an opensource interactive video and image annotation tool for ...) + NOT-FOR-US: cvat-ai/cvat +CVE-2022-31187 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31186 (NextAuth.js is a complete open source authentication solution for Next ...) + NOT-FOR-US: NextAuth.js +CVE-2022-31185 (mprweb is a hosting platform for the makedeb Package Repository. Email ...) + NOT-FOR-US: makedeb/mprweb +CVE-2022-31184 (Discourse is the an open source discussion platform. In affected versi ...) + NOT-FOR-US: Discourse +CVE-2022-31183 (fs2 is a compositional, streaming I/O library for Scala. When establis ...) + NOT-FOR-US: typelevel/fs2 +CVE-2022-31182 (Discourse is the an open source discussion platform. In affected versi ...) + NOT-FOR-US: Discourse +CVE-2022-31181 (PrestaShop is an Open Source e-commerce platform. In versions from 1.6 ...) + NOT-FOR-US: PrestaShop +CVE-2022-31180 (Shescape is a simple shell escape package for JavaScript. Affected ver ...) + NOT-FOR-US: Node shescape +CVE-2022-31179 (Shescape is a simple shell escape package for JavaScript. Versions pri ...) + NOT-FOR-US: Node shescape +CVE-2022-31178 (eLabFTW is an electronic lab notebook manager for research teams. A vu ...) + NOT-FOR-US: eLabFTW +CVE-2022-31177 (Flask-AppBuilder is an application development framework built on top ...) + - flask-appbuilder (Fixed with initial upload to Debian) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-32ff-4g79-vgfc +CVE-2022-31176 (Grafana Image Renderer is a Grafana backend plugin that handles render ...) + NOT-FOR-US: Grafana Image Renderer +CVE-2022-31175 (CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vu ...) + NOT-FOR-US: ckeditor5-{markdown-gfm,html-support,html-embed} CKEditor 5 packages +CVE-2022-31174 + RESERVED +CVE-2022-31173 (Juniper is a GraphQL server library for Rust. Affected versions of Jun ...) + NOT-FOR-US: graphql-rust/juniper +CVE-2022-31172 (OpenZeppelin Contracts is a library for smart contract development. Ve ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2022-31171 + REJECTED +CVE-2022-31170 (OpenZeppelin Contracts is a library for smart contract development. Ve ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2022-31169 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in Wa ...) + NOT-FOR-US: wasmtime +CVE-2022-31168 (Zulip is an open source team chat tool. Due to an incorrect authorizat ...) + NOT-FOR-US: Zulip +CVE-2022-31167 (XWiki Platform Security Parent POM contains the security APIs for XWik ...) + NOT-FOR-US: XWiki +CVE-2022-31166 (XWiki Platform Old Core is a core package for XWiki Platform, a generi ...) + NOT-FOR-US: XWiki +CVE-2022-31165 + RESERVED +CVE-2022-31164 (Tovy is a a staff management system for Roblox groups. A vulnerability ...) + NOT-FOR-US: Tovy +CVE-2022-31163 (TZInfo is a Ruby library that provides access to time zone data and al ...) + {DLA-3077-1} + - ruby-tzinfo 2.0.4-2 + NOTE: https://github.com/tzinfo/tzinfo/security/advisories/GHSA-5cm2-9h8c-rvfx + NOTE: https://github.com/tzinfo/tzinfo/commit/9eddbb5c0e682736f61d0dd803b6031a5db9eadf (v0.3.61) + NOTE: https://github.com/tzinfo/tzinfo/commit/9905ca93abf7bf3e387bd592406e403cd18334c7 (v1.2.10) +CVE-2022-31162 (Slack Morphism is an async client library for Rust. Prior to 0.41.0, i ...) + NOT-FOR-US: Slack Morphism +CVE-2022-31161 (Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived ...) + NOT-FOR-US: Roxy-WI +CVE-2022-31160 (jQuery UI is a curated set of user interface interactions, effects, wi ...) + {DLA-3230-1} + - jqueryui 1.13.2+dfsg-1 (bug #1015982) + [bullseye] - jqueryui (Minor issue) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-h6gj-6jjq-h8g9 + NOTE: https://github.com/jquery/jquery-ui/commit/8cc5bae1caa1fcf96bf5862c5646c787020ba3f9 (1.13.2) +CVE-2022-31159 (The AWS SDK for Java enables Java developers to work with Amazon Web S ...) + NOT-FOR-US: AWS SDK for Java +CVE-2022-31158 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...) + NOT-FOR-US: LTI +CVE-2022-31157 (LTI 1.3 Tool Library is a library used for building IMS-certified LTI ...) + NOT-FOR-US: LTI +CVE-2022-31156 (Gradle is a build tool. Dependency verification is a security feature ...) + - gradle (Vulnerable node not yet uploaded; introduced in 6.2) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-j6wc-xfg8-jx2j +CVE-2022-31155 (Sourcegraph is an opensource code search and navigation engine. In Sou ...) + NOT-FOR-US: Sourcegraph +CVE-2022-31154 (Sourcegraph is an opensource code search and navigation engine. It is ...) + NOT-FOR-US: Sourcegraph +CVE-2022-31153 (OpenZeppelin Contracts for Cairo is a library for contract development ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2022-31152 (Synapse is an open-source Matrix homeserver written and maintained by ...) + - matrix-synapse 1.63.0-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jhjh-776m-4765 + NOTE: https://github.com/matrix-org/synapse/pull/13087 + NOTE: https://github.com/matrix-org/synapse/pull/13088 +CVE-2022-31151 (Authorization headers are cleared on cross-origin redirect. However, c ...) + - node-undici 5.8.0+dfsg1+~cs18.9.16-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-q768-x9m6-m9qp + NOTE: https://github.com/nodejs/undici/issues/872 + NOTE: https://hackerone.com/reports/1635514 +CVE-2022-31150 (undici is an HTTP/1.1 client, written from scratch for Node.js. It is ...) + - node-undici 5.8.0+dfsg1+~cs18.9.16-1 + NOTE: https://github.com/nodejs/undici/security/advisories/GHSA-3cvr-822r-rqcc + NOTE: https://hackerone.com/reports/409943 + NOTE: https://github.com/nodejs/undici/releases/tag/v5.8.0 +CVE-2022-31149 (ActivityWatch open-source automated time tracker. Versions prior to 0. ...) + - activitywatch (bug #990173) +CVE-2022-31148 (Shopware is an open source e-commerce software. In versions from 5.7.0 ...) + NOT-FOR-US: Shopware +CVE-2022-31147 (The jQuery Validation Plugin (jquery-validation) provides drop-in vali ...) + NOT-FOR-US: jquery-validation +CVE-2022-31146 (Wasmtime is a standalone runtime for WebAssembly. There is a bug in th ...) + NOT-FOR-US: wasmtime +CVE-2022-31145 (FlyteAdmin is the control plane for Flyte responsible for managing ent ...) + NOT-FOR-US: FlyteAdmin +CVE-2022-31144 (Redis is an in-memory database that persists on disk. A specially craf ...) + - redis 5:7.0.4-1 + [bullseye] - redis (Only affects 7.x) + [buster] - redis (Only affects 7.x) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-96f7-42fg-2jrh + NOTE: https://github.com/redis/redis/commit/15ae4e29e537e7ec37f0df1825d9fb2beea67124 +CVE-2022-31143 (GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31142 (@fastify/bearer-auth is a Fastify plugin to require bearer Authorizati ...) + NOT-FOR-US: @fastify/bearer-auth +CVE-2022-31141 + RESERVED +CVE-2022-31140 (Valinor is a PHP library that helps to map any input into a strongly-t ...) + NOT-FOR-US: Valinor (different from src:valinor) +CVE-2022-31139 (UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & s ...) + NOT-FOR-US: UnsafeAccessor +CVE-2022-31138 (mailcow is a mailserver suite. Prior to mailcow-dockerized version 202 ...) + NOT-FOR-US: mailcow +CVE-2022-31136 (Bookwyrm is an open source social reading and reviewing program. Versi ...) + NOT-FOR-US: Bookwyrm +CVE-2022-31135 (Akashi is an open source server implementation of the Attorney Online ...) + NOT-FOR-US: Akashi +CVE-2022-31134 (Zulip is an open-source team collaboration tool. Zulip Server versions ...) + NOT-FOR-US: Zulip +CVE-2022-31133 (HumHub is an Open Source Enterprise Social Network. Affected versions ...) + NOT-FOR-US: HumHub +CVE-2022-31132 (Nextcloud Mail is an email application for the nextcloud personal clou ...) + NOT-FOR-US: Nextcloud Mail +CVE-2022-31131 (Nextcloud mail is a Mail app for the Nextcloud home server product. Ve ...) + NOT-FOR-US: Nextcloud Mail app +CVE-2022-31130 (Grafana is an open source observability and data visualization platfor ...) + - grafana +CVE-2022-31129 (moment is a JavaScript date library for parsing, validating, manipulat ...) + {DLA-3295-1} + - node-moment 2.29.4+ds-1 (bug #1014845) + [bullseye] - node-moment 2.29.1+ds-2+deb11u2 + NOTE: https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 (2.29.4) + NOTE: https://github.com/moment/moment/pull/6015#issuecomment-1152961973 + NOTE: https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g +CVE-2022-31128 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2022-31127 (NextAuth.js is a complete open source authentication solution for Next ...) + NOT-FOR-US: NextAuth.js +CVE-2022-31126 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...) + NOT-FOR-US: Roxy-wi +CVE-2022-31125 (Roxy-wi is an open source web interface for managing Haproxy, Nginx, A ...) + NOT-FOR-US: Roxy-wi +CVE-2022-31124 (openssh_key_parser is an open source Python package providing utilitie ...) + NOT-FOR-US: openssh_key_parser +CVE-2022-31123 (Grafana is an open source observability and data visualization platfor ...) + - grafana +CVE-2022-31122 (Wire is an encrypted communication and collaboration platform. Version ...) + NOT-FOR-US: wire-webapp +CVE-2022-31121 (Hyperledger Fabric is a permissioned distributed ledger framework. In ...) + NOT-FOR-US: Hyperledger Fabric +CVE-2022-31120 (Nextcloud server is an open source personal cloud solution. The audit ...) + - nextcloud-server (bug #941708) +CVE-2022-31119 (Nextcloud Mail is an email application for the nextcloud personal clou ...) + NOT-FOR-US: Nextcloud Mail +CVE-2022-31118 (Nextcloud server is an open source personal cloud solution. In affecte ...) + - nextcloud-server (bug #941708) +CVE-2022-31117 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...) + - ujson 5.4.0-1 + [bullseye] - ujson (Minor issue) + [buster] - ujson (Minor issue) + NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-fm67-cv37-96ff + NOTE: https://github.com/ultrajson/ultrajson/commit/9c20de0f77b391093967e25d01fb48671104b15b (5.4.0) +CVE-2022-31116 (UltraJSON is a fast JSON encoder and decoder written in pure C with bi ...) + - ujson 5.4.0-1 + [bullseye] - ujson (Minor issue) + [buster] - ujson (Minor issue) + NOTE: https://github.com/ultrajson/ultrajson/security/advisories/GHSA-wpqr-jcpx-745r + NOTE: https://github.com/ultrajson/ultrajson/commit/67ec07183342589d602e0fcf7bb1ff3e19272687 (5.4.0) +CVE-2022-31115 (opensearch-ruby is a community-driven, open source fork of elasticsear ...) + NOT-FOR-US: opensearch-ruby +CVE-2022-31114 + RESERVED +CVE-2022-31113 (Canarytokens is an open source tool which helps track activity and act ...) + NOT-FOR-US: thinkst/canarytokens +CVE-2022-31112 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-31111 (Frontier is Substrate's Ethereum compatibility layer. In affected vers ...) + NOT-FOR-US: Frontier +CVE-2022-31110 (RSSHub is an open source, extensible RSS feed generator. In commits pr ...) + NOT-FOR-US: RSSHub +CVE-2022-31109 (laminas-diactoros is a PHP package containing implementations of the P ...) + NOT-FOR-US: laminas-diactoros +CVE-2022-31108 (Mermaid is a JavaScript based diagramming and charting tool that uses ...) + - node-mermaid (bug #1014540) + [bullseye] - node-mermaid (Minor issue) + NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-x3vm-38hw-55wf + NOTE: https://github.com/mermaid-js/mermaid/commit/0ae1bdb61adff1cd485caff8c62ec6b8ac57b225 +CVE-2022-31107 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2022-31106 (Underscore.deep is a collection of Underscore mixins that operate on n ...) + NOT-FOR-US: Underscore.deep +CVE-2022-31105 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-31104 (Wasmtime is a standalone runtime for WebAssembly. In affected versions ...) + NOT-FOR-US: wasmtime +CVE-2022-31103 (lettersanitizer is a DOM-based HTML email sanitizer for in-browser ema ...) + NOT-FOR-US: Node lettersanitizer +CVE-2022-31102 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-31101 (prestashop/blockwishlist is a prestashop extension which adds a block ...) + NOT-FOR-US: prestashop extension +CVE-2022-31100 (rulex is a new, portable, regular expression language. When parsing un ...) + NOT-FOR-US: rulex-rs/pomsky +CVE-2022-31099 (rulex is a new, portable, regular expression language. When parsing un ...) + NOT-FOR-US: rulex-rs/pomsky +CVE-2022-31098 (Weave GitOps is a simple open source developer platform for people who ...) + NOT-FOR-US: Weave GitOps +CVE-2022-31097 (Grafana is an open-source platform for monitoring and observability. V ...) + - grafana +CVE-2022-31096 (Discourse is an open source discussion platform. Under certain conditi ...) + NOT-FOR-US: Discourse +CVE-2022-31095 (discourse-chat is a chat plugin for the Discourse application. Version ...) + NOT-FOR-US: discourse-chat +CVE-2022-31094 (ScratchTools is a web extension designed to make interacting with the ...) + NOT-FOR-US: ScratchTools +CVE-2022-31093 (NextAuth.js is a complete open source authentication solution for Next ...) + NOT-FOR-US: NextAuth.js +CVE-2022-31092 (Pimcore is an Open Source Data & Experience Management Platform. Pimco ...) + NOT-FOR-US: Pimcore +CVE-2022-31091 (Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` he ...) + {DSA-5246-1} + - guzzle 7.4.5-1 (bug #1014492) + - mediawiki 1:1.35.7-1 + [buster] - mediawiki (Embedded Guzzle copy not present) + NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-q559-8m2m-g699 + NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) +CVE-2022-31090 (Guzzle, an extensible PHP HTTP client. `Authorization` headers on requ ...) + {DSA-5246-1} + - guzzle 7.4.5-1 (bug #1014492) + - mediawiki 1:1.35.7-1 + [buster] - mediawiki (Embedded Guzzle copy not present) + NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-25mq-v84q-4j7r + NOTE: https://github.com/guzzle/guzzle/commit/1dd98b0564cb3f6bd16ce683cb755f94c10fbd82 (7.4.5) +CVE-2022-31089 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-31088 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) + {DSA-5177-1} + - ldap-account-manager 8.0.1-1 + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-wxf8-9x99-6gp4 + NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) +CVE-2022-31087 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) + {DSA-5177-1} + - ldap-account-manager 8.0.1-1 + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q8g5-45m4-q95p + NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) +CVE-2022-31086 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) + {DSA-5177-1} + - ldap-account-manager 8.0.1-1 + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-q9pc-x84w-982x + NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) +CVE-2022-31085 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) + {DSA-5177-1} + - ldap-account-manager 8.0.1-1 + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-6m3q-5c84-6h6j + NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) +CVE-2022-31084 (LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. ...) + {DSA-5177-1} + - ldap-account-manager 8.0.1-1 + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-r387-grjx-qgvw + NOTE: Merge: https://github.com/LDAPAccountManager/lam/commit/f1d5d04952f39a1b4ea203d3964fa88e1429dfd4 (lam_8_0) +CVE-2022-31083 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Node parse-server +CVE-2022-31082 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31081 (HTTP::Daemon is a simple http server class written in perl. Versions p ...) + {DLA-3127-1} + - libhttp-daemon-perl 6.14-1.1 (bug #1014808) + [bullseye] - libhttp-daemon-perl 6.12-1+deb11u1 + NOTE: https://github.com/libwww-perl/HTTP-Daemon/security/advisories/GHSA-cg8c-pxmv-w7cf + NOTE: Refactoring/renaming prerequisite: https://github.com/libwww-perl/HTTP-Daemon/commit/331d5c1d1f0e48e6b57ef738c2a8509b1eb53376 + NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/e84475de51d6fd7b29354a997413472a99db70b2 + NOTE: Fixed by: https://github.com/libwww-perl/HTTP-Daemon/commit/8dc5269d59e2d5d9eb1647d82c449ccd880f7fd0 + NOTE: Testcase: https://github.com/libwww-perl/HTTP-Daemon/commit/faebad54455c2c2919e234202362570925fb99d1 +CVE-2022-31080 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31079 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31078 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31077 (KubeEdge is built upon Kubernetes and extends native containerized app ...) + NOT-FOR-US: KubeEdge +CVE-2022-31076 (KubeEdge is built upon Kubernetes and extends native containerized app ...) + NOT-FOR-US: KubeEdge +CVE-2022-31075 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31074 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31073 (KubeEdge is an open source system for extending native containerized a ...) + NOT-FOR-US: KubeEdge +CVE-2022-31072 (Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24 ...) + - ruby-octokit (No vulnerable version was uploaded to the archive) + NOTE: https://github.com/octokit/octokit.rb/security/advisories/GHSA-g28x-pgr3-qqx6 +CVE-2022-31071 (Octopoller is a micro gem for polling and retrying. Version 0.2.0 of t ...) + NOT-FOR-US: Octopoller +CVE-2022-31070 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...) + NOT-FOR-US: NestJS Proxy +CVE-2022-31069 (NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to ...) + NOT-FOR-US: NestJS Proxy +CVE-2022-31068 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31067 + RESERVED +CVE-2022-31066 (EdgeX Foundry is an open source project for building a common open fra ...) + NOT-FOR-US: EdgeX Foundry +CVE-2022-31065 (BigBlueButton is an open source web conferencing system. In affected v ...) + NOT-FOR-US: BigBlueButton +CVE-2022-31064 (BigBlueButton is an open source web conferencing system. Users in meet ...) + NOT-FOR-US: BigBlueButton +CVE-2022-31063 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2022-31062 (### Impact A plugin public script can be used to read content of syste ...) + NOT-FOR-US: GLPI plugin +CVE-2022-31061 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31060 (Discourse is an open-source discussion platform. Prior to version 2.8. ...) + NOT-FOR-US: Discourse +CVE-2022-31059 (Discourse Calendar is a calendar plugin for Discourse, an open-source ...) + NOT-FOR-US: Discourse Calendar is a calendar plugin for Discourse +CVE-2022-31058 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2022-31057 (Shopware is an open source e-commerce software made in Germany. Versio ...) + NOT-FOR-US: Shopware +CVE-2022-31056 (GLPI is a Free Asset and IT Management Software package, Data center m ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-31055 (kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) c ...) + NOT-FOR-US: KCTF +CVE-2022-31054 (Argo Events is an event-driven workflow automation framework for Kuber ...) + NOT-FOR-US: Argo +CVE-2022-31053 (Biscuit is an authentication and authorization token for microservices ...) + NOT-FOR-US: Biscuit +CVE-2022-31052 (Synapse is an open source home server implementation for the Matrix ch ...) + - matrix-synapse 1.61.1-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 + NOTE: https://github.com/matrix-org/synapse/commit/fa1308061802ac7b7d20e954ba7372c5ac292333 +CVE-2022-31051 (semantic-release is an open source npm package for automated version m ...) + NOT-FOR-US: Node semantic-release +CVE-2022-31050 (TYPO3 is an open source web content management system. Prior to versio ...) + NOT-FOR-US: Typo3 +CVE-2022-31049 (TYPO3 is an open source web content management system. Prior to versio ...) + NOT-FOR-US: Typo3 +CVE-2022-31048 (TYPO3 is an open source web content management system. Prior to versio ...) + NOT-FOR-US: Typo3 +CVE-2022-31047 (TYPO3 is an open source web content management system. Prior to versio ...) + NOT-FOR-US: Typo3 +CVE-2022-31046 (TYPO3 is an open source web content management system. Prior to versio ...) + NOT-FOR-US: Typo3 +CVE-2022-31045 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-31044 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2022-31043 (Guzzle is an open source PHP HTTP client. In affected versions `Author ...) + {DSA-5246-1} + - guzzle 7.4.4-1 (bug #1012821) + - mediawiki 1:1.35.7-1 + [buster] - mediawiki (Embedded Guzzle copy not present) + NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-w248-ffj2-4v5q + NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) +CVE-2022-31042 (Guzzle is an open source PHP HTTP client. In affected versions the `Co ...) + {DSA-5246-1} + - guzzle 7.4.4-1 (bug #1012821) + - mediawiki 1:1.35.7-1 + [buster] - mediawiki (Embedded Guzzle copy not present) + NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-f2wf-25xc-69c9 + NOTE: https://github.com/guzzle/guzzle/commit/e3ff079b22820c2029d4c2a87796b6a0b8716ad8 (7.4.4) +CVE-2022-31041 (Open Forms is an application for creating and publishing smart forms. ...) + NOT-FOR-US: Open Forms +CVE-2022-31040 (Open Forms is an application for creating and publishing smart forms. ...) + NOT-FOR-US: Open Forms +CVE-2022-31039 (Greenlight is a simple front-end interface for your BigBlueButton serv ...) + NOT-FOR-US: Greenlight (front-end interface for your BigBlueButton) +CVE-2022-31038 (Gogs is an open source self-hosted Git service. In versions of gogs pr ...) + NOT-FOR-US: Go Git Service +CVE-2022-31037 (OroCommerce is an open-source Business to Business Commerce applicatio ...) + NOT-FOR-US: OroCommerce +CVE-2022-31036 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-31035 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-31034 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-31033 (The Mechanize library is used for automating interaction with websites ...) + - ruby-mechanize 2.8.5-1 (bug #1014809) + [bullseye] - ruby-mechanize (Minor issue) + [buster] - ruby-mechanize (Minor issue) + NOTE: https://github.com/sparklemotion/mechanize/security/advisories/GHSA-64qm-hrgp-pgr9 + NOTE: Prerequisite to clear credential headers when redirecting to cross site + NOTE: https://github.com/sparklemotion/mechanize/commit/17e5381032c90caf240ac3d2e52b353f40c18d83 (v2.8.0) + NOTE: Fixed by: https://github.com/sparklemotion/mechanize/commit/907c778001625cb9daa686d5019c939cb416e45b (v2.8.5) +CVE-2022-31032 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2022-31031 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5358-1 DLA-3549-1 DLA-3335-1} + - asterisk 1:20.0.1~dfsg+~cs6.12.40431414-1 (bug #1017004) + - pjproject + - ring 20230206.0~ds1-1 (bug #1017005) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-26j7-ww69-c4qj + NOTE: https://github.com/pjsip/pjproject/commit/450baca94f475345542c6953832650c390889202 +CVE-2022-31030 (containerd is an open source container runtime. A bug was found in the ...) + {DSA-5162-1} + - containerd 1.6.6~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-5ffw-gxpp-mxpf +CVE-2022-31029 (AdminLTE is a Pi-hole Dashboard for stats and configuration. In affect ...) + NOT-FOR-US: AdminLTE +CVE-2022-31028 (MinIO is a multi-cloud object storage solution. Starting with version ...) + NOT-FOR-US: MinIO +CVE-2022-31027 (OAuthenticator is an OAuth token library for the JupyerHub login handl ...) + NOT-FOR-US: OAuthenticator +CVE-2022-31026 (Trilogy is a client library for MySQL. When authenticating, a maliciou ...) + NOT-FOR-US: Trilogy +CVE-2022-31025 (Discourse is an open source platform for community discussion. Prior t ...) + NOT-FOR-US: Discourse +CVE-2022-31024 (richdocuments is the repository for NextCloud Collabra, the app for Ne ...) + NOT-FOR-US: richdocuments +CVE-2022-31023 (Play Framework is a web framework for Java and Scala. Verions prior to ...) + NOT-FOR-US: Play Framework +CVE-2022-31022 (Bleve is a text indexing library for go. Bleve includes HTTP utilities ...) + - golang-github-blevesearch-bleve (unimportant) + NOTE: https://github.com/blevesearch/bleve/security/advisories/GHSA-9w9f-6mg8-jp7w + NOTE: Fix only documents a shortcoming +CVE-2022-31021 + RESERVED +CVE-2022-31020 (Indy Node is the server portion of a distributed ledger purpose-built ...) + NOT-FOR-US: Indy Node +CVE-2022-31019 (Vapor is a server-side Swift HTTP web framework. When using automatic ...) + NOT-FOR-US: Vapor +CVE-2022-31018 (Play Framework is a web framework for Java and Scala. A denial of serv ...) + NOT-FOR-US: Play Framework +CVE-2022-31017 (Zulip is an open-source team collaboration tool. Versions 2.1.0 throug ...) + - zulip-server (bug #800052) +CVE-2022-31016 (Argo CD is a declarative continuous deployment for Kubernetes. Argo CD ...) + NOT-FOR-US: Argo CD +CVE-2022-31015 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) + - waitress 2.1.2-1 (bug #1012315) + [bullseye] - waitress (Only affects 2.1.x) + [buster] - waitress (Only affects 2.1.x) + [stretch] - waitress (Vulnerable code not present) + NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw + NOTE: https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48 (v2.1.2) + NOTE: https://github.com/Pylons/waitress/issues/374 + NOTE: https://github.com/Pylons/waitress/pull/377 +CVE-2022-31014 (Nextcloud server is an open source personal cloud server. Affected ver ...) + - nextcloud-server (bug #941708) +CVE-2022-31013 (Chat Server is the chat server for Vartalap, an open-source messaging ...) + NOT-FOR-US: chat server for Vartalap +CVE-2022-31012 (Git for Windows is a fork of Git that contains Windows-specific patche ...) + NOT-FOR-US: Git for Windows +CVE-2022-31011 (TiDB is an open-source NewSQL database that supports Hybrid Transactio ...) + NOT-FOR-US: TiDB +CVE-2022-31010 + RESERVED +CVE-2022-31009 (wire-ios is an iOS client for the Wire secure messaging application. I ...) + NOT-FOR-US: wire-ios +CVE-2022-31008 (RabbitMQ is a multi-protocol messaging and streaming broker. In affect ...) + - rabbitmq-server 3.10.8-1 + [bullseye] - rabbitmq-server (Minor issue) + [buster] - rabbitmq-server (Vulnerable code introduced later) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-v9gv-xp36-jgj8 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/4841 + NOTE: obfuscation introduced in (built-in) Shovel plugin in: https://github.com/rabbitmq/rabbitmq-server/commit/6dbdc991c3111aa4ffa12a150b1402cf5c5e798e (v3.10.0-beta.2) + NOTE: obfuscation introduced in (built-in) Federation plugin in: https://github.com/rabbitmq/rabbitmq-server/commit/c1b5812cee6ac038737d62ca0b32cfd2db537653 (v3.8.10-rc.1) + NOTE: set_credentials_obfuscation_secret introduced in: https://github.com/rabbitmq/rabbitmq-server/commit/5ea51050452ea45874e89166090cb825c1277656 (v3.8.10) +CVE-2022-31007 (eLabFTW is an electronic lab notebook manager for research teams. Prio ...) + NOT-FOR-US: eLabFTW +CVE-2022-31006 (indy-node is the server portion of Hyperledger Indy, a distributed led ...) + NOT-FOR-US: Indy Node +CVE-2022-31005 (Vapor is an HTTP web framework for Swift. Users of Vapor prior to vers ...) + NOT-FOR-US: Vapor +CVE-2022-31004 (CVEProject/cve-services is an open source project used to operate the ...) + NOT-FOR-US: CVEProject/cve-services +CVE-2022-31003 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + {DSA-5410-1 DLA-3091-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) + [stretch] - sofia-sip (Minor issue) + NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8w5j-6g2j-pxcp + NOTE: https://github.com/freeswitch/sofia-sip/commit/907f2ac0ee504c93ebfefd676b4632a3575908c9 (v1.13.8) +CVE-2022-31002 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + {DSA-5410-1 DLA-3091-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) + [stretch] - sofia-sip (Minor issue) + NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-g3x6-p824-x6hm + NOTE: https://github.com/freeswitch/sofia-sip/commit/51841eb53679434a386fb2dcbca925dcc48d58ba (v1.13.8) +CVE-2022-31001 (Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Age ...) + {DSA-5410-1 DLA-3091-1} + - sofia-sip 1.12.11+20110422.1+1e14eea~dfsg-3 (bug #1016974) + [stretch] - sofia-sip (Minor issue) + NOTE: https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-79jq-hh82-cv9g + NOTE: https://github.com/freeswitch/sofia-sip/commit/a99804b336d0e16d26ab7119d56184d2d7110a36 (v1.13.8) +CVE-2022-31000 (solidus_backend is the admin interface for the Solidus e-commerce fram ...) + NOT-FOR-US: Solidus e-commerce framework +CVE-2022-30999 (FriendsofFlarum (FoF) Upload is an extension that handles file uploads ...) + NOT-FOR-US: FriendsofFlarum +CVE-2022-30996 + REJECTED +CVE-2022-30995 (Sensitive information disclosure due to improper authentication. The f ...) + NOT-FOR-US: Acronis +CVE-2022-30994 (Cleartext transmission of sensitive information. The following product ...) + NOT-FOR-US: Acronis +CVE-2022-30993 (Cleartext transmission of sensitive information. The following product ...) + NOT-FOR-US: Acronis +CVE-2022-30992 (Open redirect via user-controlled query parameter. The following produ ...) + NOT-FOR-US: Acronis +CVE-2022-30991 (HTML injection via report name. The following products are affected: A ...) + NOT-FOR-US: Acronis +CVE-2022-30990 (Sensitive information disclosure due to insecure folder permissions. T ...) + NOT-FOR-US: Acronis +CVE-2022-30989 + RESERVED +CVE-2022-30988 + RESERVED +CVE-2022-30987 + RESERVED +CVE-2022-30986 + RESERVED +CVE-2022-30985 + RESERVED +CVE-2022-30984 (A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Age ...) + NOT-FOR-US: Rubrik CDM +CVE-2022-30983 + RESERVED +CVE-2022-30982 (An issue was discovered in Gentics CMS before 5.43.1. There is stored ...) + NOT-FOR-US: Gentics CMS +CVE-2022-30981 (An issue was discovered in Gentics CMS before 5.43.1. By uploading a m ...) + NOT-FOR-US: Gentics CMS +CVE-2022-30980 + RESERVED +CVE-2022-30979 + RESERVED +CVE-2022-30978 + RESERVED +CVE-2022-30977 + RESERVED +CVE-2022-29496 (A stack-based buffer overflow vulnerability exists in the BlynkConsole ...) + NOT-FOR-US: BlynkConsole +CVE-2022-1796 (Use After Free in GitHub repository vim/vim prior to 8.2.4979.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/f6739b58-49f9-4056-a843-bf76bbc1253e + NOTE: https://github.com/vim/vim/commit/28d032cc688ccfda18c5bbcab8b50aba6e18cde5 (v8.2.4979) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1795 (Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/9c312763-41a6-4fc7-827b-269eb86efcbc + NOTE: https://github.com/gpac/gpac/commit/c535bad50d5812d27ee5b22b54371bddec411514 +CVE-2022-1794 (The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as pla ...) + NOT-FOR-US: CODESYS +CVE-2022-1793 (The Private Files WordPress plugin through 0.40 is missing CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1792 (The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1791 (The One Click Plugin Updater WordPress plugin through 2.4.14 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1790 (The New User Email Set Up WordPress plugin through 0.5.2 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1789 (With shadow paging enabled, the INVPCID instruction results in a call ...) + {DSA-5161-1} + - linux 5.17.11-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/9f46c187e2e680ecd9de7983e4d081c3391acc76 +CVE-2022-1788 (Due to missing checks the Change Uploaded File Permissions WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1787 (The Sideblog WordPress plugin through 6.0 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1786 (A use-after-free flaw was found in the Linux kernel\u2019s io_uring su ...) + {DSA-5161-1} + - linux 5.14.6-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/4 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/28/1 + NOTE: https://blog.kylebot.net/2022/10/16/CVE-2022-1786/ +CVE-2022-1785 (Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.) + {DLA-3204-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + [stretch] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/8c969cba-eef2-4943-b44a-4e3089599109 + NOTE: https://github.com/vim/vim/commit/e2bd8600b873d2cd1f9d667c28cba8b1dba18839 (v8.2.4977) +CVE-2022-1784 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1783 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab (Vulnerable code introduced later) + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1782 (Cross-site Scripting (XSS) - Generic in GitHub repository erudika/para ...) + NOT-FOR-US: erudika/para +CVE-2022-1781 (The postTabs WordPress plugin through 2.10.6 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1780 (The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1779 (The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1778 (Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X ...) + NOT-FOR-US: Hitachi +CVE-2022-1777 (The Filr WordPress plugin before 1.2.2.1 does not have authorisation c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1776 (The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30976 (GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcsl ...) + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2179 + NOTE: https://github.com/gpac/gpac/commit/915e2cba715f36b7cc29e28888117831ca143d78 + NOTE: When fixing this issue make sure to as well apply (cf. CVE-2022-3178) + NOTE: https://github.com/gpac/gpac/commit/77510778516803b7f7402d7423c6d6bef50254c3 + NOTE: to not open that issue. +CVE-2022-30975 (In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL p ...) + {DSA-5291-1} + - mujs 1.2.0-3 + NOTE: https://github.com/ccxvii/mujs/issues/161 + NOTE: https://github.com/ccxvii/mujs/commit/910acc807c3c057e1c0726160808f3a9f37b40ec + NOTE: https://github.com/ccxvii/mujs/commit/f5b3c703e18725e380b83427004632e744f85a6f +CVE-2022-30974 (compile in regexp.c in Artifex MuJS through 1.2.0 results in stack con ...) + {DSA-5291-1} + - mujs 1.2.0-3 + NOTE: https://github.com/ccxvii/mujs/issues/162 + NOTE: https://github.com/ccxvii/mujs/commit/160ae29578054dc09fd91e5401ef040d52797e61 + NOTE: https://github.com/ccxvii/mujs/commit/799b62bf065b006e2bcb1c80044eab2b10412ecf +CVE-2022-1775 (Weak Password Requirements in GitHub repository polonel/trudesk prior ...) + NOT-FOR-US: Trudesk +CVE-2022-1774 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1773 (The WP Athletics WordPress plugin through 1.1.7 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1772 (The Google Places Reviews WordPress plugin before 2.0.0 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1771 (Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/faa74175-5317-4b71-a363-dfc39094ecbb + NOTE: https://github.com/vim/vim/commit/51f0bfb88a3554ca2dde777d78a59880d1ee37a8 (v8.2.4975) + NOTE: Crash in CLI tool, no security impact +CVE-2019-25061 (The random_password_generator (aka RandomPasswordGenerator) gem throug ...) + NOT-FOR-US: bvsatyaram/random_password_generator +CVE-2022-30973 (We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the ...) + - tika (Affected release which missed the fix was never shipped, issue tracked via CVE-2022-30126) + NOTE: http://www.openwall.com/lists/oss-security/2022/05/31/2 +CVE-2022-1770 (Improper Privilege Management in GitHub repository polonel/trudesk pri ...) + NOT-FOR-US: Trudesk +CVE-2022-1769 (Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/522076b2-96cb-4df6-a504-e6e2f64c171c + NOTE: https://github.com/vim/vim/commit/4748c4bd64610cf943a431d215bb1aad51f8d0b4 (v8.2.4974) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1768 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) + NOT-FOR-US: RSVPMaker plugin for WordPress +CVE-2022-1767 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1766 (Anchore Enterprise anchorectl version 0.1.4 improperly stored credenti ...) + NOT-FOR-US: Anchore +CVE-2022-1765 (The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1764 (The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1763 (Due to missing checks the Static Page eXtended WordPress plugin throug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1762 (The iQ Block Country WordPress plugin before 1.2.20 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1761 (The Peter\u2019s Collaboration E-mails WordPress plugin through 2.2.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1760 + RESERVED +CVE-2022-1759 (The RB Internal Links WordPress plugin through 2.0.16 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1758 (The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1757 (The pagebar WordPress plugin before 2.70 does not have CSRF check in p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1756 (The Newsletter WordPress plugin before 7.4.5 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1755 (The SVG Support WordPress plugin before 2.5 does not properly handle S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30972 (A cross-site request forgery (CSRF) vulnerability in Jenkins Storable ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30971 (Jenkins Storable Configs Plugin 1.0 and earlier does not configure its ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30970 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier references Dropd ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30969 (A cross-site request forgery (CSRF) vulnerability in Jenkins Autocompl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30968 (Jenkins vboxwrapper Plugin 1.3 and earlier does not escape the name an ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30967 (Jenkins Selection tasks Plugin 1.0 and earlier does not escape the nam ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30966 (Jenkins Random String Parameter Plugin 1.0 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30965 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30964 (Jenkins Multiselect parameter Plugin 1.3 and earlier does not escape t ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30963 (Jenkins JDK Parameter Plugin 1.0 and earlier does not escape the name ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30962 (Jenkins Global Variable String Parameter Plugin 1.2 and earlier does n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30961 (Jenkins Autocomplete Parameter Plugin 1.1 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30960 (Jenkins Application Detector Plugin 1.0.8 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30959 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30958 (A cross-site request forgery (CSRF) vulnerability in Jenkins SSH Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30957 (A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier all ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30956 (Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL scheme ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30955 (Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30954 (Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permis ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30953 (A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30952 (Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allo ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30951 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30950 (Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30949 (Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to config ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30948 (Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to con ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30947 (Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30946 (A cross-site request forgery (CSRF) vulnerability in Jenkins Script Se ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-30945 (Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allow ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-1754 (Integer Overflow or Wraparound in GitHub repository polonel/trudesk pr ...) + NOT-FOR-US: Trudesk +CVE-2022-1753 (A vulnerability, which was classified as critical, was found in WoWond ...) + NOT-FOR-US: WoWonder +CVE-2022-1752 (Unrestricted Upload of File with Dangerous Type in GitHub repository p ...) + NOT-FOR-US: Trudesk +CVE-2022-1751 + RESERVED +CVE-2022-1750 (The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Sticky Popup plugin for WordPress +CVE-2022-1749 (The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Requ ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1748 (Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnecto ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-1747 (The authentication mechanism used by voters to activate a voting sessi ...) + NOT-FOR-US: Dominion +CVE-2022-1746 (The authentication mechanism used by poll workers to administer voting ...) + NOT-FOR-US: Dominion +CVE-2022-1745 (The authentication mechanism used by technicians on the tested version ...) + NOT-FOR-US: Dominion +CVE-2022-1744 (Applications on the tested version of Dominion Voting Systems ImageCas ...) + NOT-FOR-US: Dominion +CVE-2022-1743 (The tested version of Dominion Voting System ImageCast X can be manipu ...) + NOT-FOR-US: Dominion +CVE-2022-1742 (The tested version of Dominion Voting Systems ImageCast X allows for r ...) + NOT-FOR-US: Dominion +CVE-2022-1741 (The tested version of Dominion Voting Systems ImageCast X has a Termin ...) + NOT-FOR-US: Dominion +CVE-2022-1740 (The tested version of Dominion Voting Systems ImageCast X\u2019s on-sc ...) + NOT-FOR-US: Dominion +CVE-2022-1739 (The tested version of Dominion Voting Systems ImageCast X does not val ...) + NOT-FOR-US: Dominion +CVE-2022-1738 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to an ou ...) + NOT-FOR-US: Fuji Electric +CVE-2022-1737 (Pyramid Solutions' affected products, the Developer and DLL kits for E ...) + NOT-FOR-US: Pyramid Solutions +CVE-2013-10001 (A vulnerability was found in HTC One/Sense 4.x. It has been rated as p ...) + NOT-FOR-US: HTC One/Sense +CVE-2022-30942 + RESERVED +CVE-2022-30941 + RESERVED +CVE-2022-30940 + RESERVED +CVE-2022-30939 + RESERVED +CVE-2022-30938 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...) + NOT-FOR-US: Siemens +CVE-2022-30937 (A vulnerability has been identified in EN100 Ethernet module DNP3 IP v ...) + NOT-FOR-US: Siemens +CVE-2022-30792 (In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ...) + NOT-FOR-US: CODESYS +CVE-2022-30791 (In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled res ...) + NOT-FOR-US: CODESYS +CVE-2022-30758 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) + NOT-FOR-US: Samsung +CVE-2022-30757 (Improper authorization in isemtelephony prior to SMR Jul-2022 Release ...) + NOT-FOR-US: Samsung +CVE-2022-30756 (Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-202 ...) + NOT-FOR-US: Samsung +CVE-2022-30755 (Improper authentication vulnerability in AppLock prior to SMR Jul-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-30754 (Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul- ...) + NOT-FOR-US: Samsung +CVE-2022-30753 (Improper use of a unique device ID in unprotected SecSoterService prio ...) + NOT-FOR-US: Samsung +CVE-2022-30752 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) + NOT-FOR-US: Samsung +CVE-2022-30751 (Improper access control vulnerability in sendDHCPACKBroadcast function ...) + NOT-FOR-US: Samsung +CVE-2022-30750 (Improper access control vulnerability in updateLastConnectedClientInfo ...) + NOT-FOR-US: Samsung +CVE-2022-30749 (Improper access control vulnerability in Smart Things prior to 1.7.85. ...) + NOT-FOR-US: Samsung +CVE-2022-30748 (Unprotected dynamic receiver in Samsung Members prior to version 4.2.0 ...) + NOT-FOR-US: Samsung +CVE-2022-30747 (PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85. ...) + NOT-FOR-US: Samsung +CVE-2022-30746 (Missing caller check in Smart Things prior to version 1.7.85.12 allows ...) + NOT-FOR-US: Samsung +CVE-2022-30745 (Improper access control vulnerability in Quick Share prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-30744 (DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to ve ...) + NOT-FOR-US: Samsung +CVE-2022-30743 (Improper privilege management vulnerability in Samsung Account prior t ...) + NOT-FOR-US: Samsung +CVE-2022-30742 (Sensitive information exposure vulnerability in FmmExtraOperation of F ...) + NOT-FOR-US: Samsung +CVE-2022-30741 (Sensitive information exposure vulnerability in SimChangeAlertManger o ...) + NOT-FOR-US: Samsung +CVE-2022-30740 (Improper auto-fill algorithm in Samsung Internet prior to version 17.0 ...) + NOT-FOR-US: Samsung +CVE-2022-30739 (Improper privilege management vulnerability in Samsung Account prior t ...) + NOT-FOR-US: Samsung +CVE-2022-30738 (Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows ...) + NOT-FOR-US: Samsung +CVE-2022-30737 (Implicit Intent hijacking vulnerability in Samsung Account prior to ve ...) + NOT-FOR-US: Samsung +CVE-2022-30736 (Improper privilege management vulnerability in Samsung Account prior t ...) + NOT-FOR-US: Samsung +CVE-2022-30735 (Improper privilege management vulnerability in Samsung Account prior t ...) + NOT-FOR-US: Samsung +CVE-2022-30734 (Sensitive information exposure in Sign-out log in Samsung Account prio ...) + NOT-FOR-US: Samsung +CVE-2022-30733 (Sensitive information exposure in Sign-in log in Samsung Account prior ...) + NOT-FOR-US: Samsung +CVE-2022-30732 (Exposure of Sensitive Information vulnerability in Samsung Account pri ...) + NOT-FOR-US: Samsung +CVE-2022-30731 (Improper access control vulnerability in My Files prior to version 13. ...) + NOT-FOR-US: Samsung +CVE-2022-30730 (Improper authorization in Samsung Pass prior to 1.0.00.33 allows physi ...) + NOT-FOR-US: Samsung +CVE-2022-30729 (Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2 ...) + NOT-FOR-US: Samsung +CVE-2022-30728 (Information exposure vulnerability in ScanPool prior to SMR Jun-2022 R ...) + NOT-FOR-US: Samsung +CVE-2022-30727 (Improper handling of insufficient permissions vulnerability in addAppP ...) + NOT-FOR-US: Samsung +CVE-2022-30726 (Unprotected component vulnerability in DeviceSearchTrampoline in SecSe ...) + NOT-FOR-US: Samsung +CVE-2022-30725 (Broadcasting Intent including the BluetoothDevice object without prope ...) + NOT-FOR-US: Samsung +CVE-2022-30724 (Broadcasting Intent including the BluetoothDevice object without prope ...) + NOT-FOR-US: Samsung +CVE-2022-30723 (Broadcasting Intent including the BluetoothDevice object without prope ...) + NOT-FOR-US: Samsung +CVE-2022-30722 (Implicit Intent hijacking vulnerability in Samsung Account prior to SM ...) + NOT-FOR-US: Samsung +CVE-2022-30721 (Improper input validation check logic vulnerability in libsmkvextracto ...) + NOT-FOR-US: Samsung +CVE-2022-30720 (Improper input validation check logic vulnerability in libsmkvextracto ...) + NOT-FOR-US: Samsung +CVE-2022-30719 (Improper input validation check logic vulnerability in libsmkvextracto ...) + NOT-FOR-US: Samsung +CVE-2022-30718 + RESERVED +CVE-2022-30717 (Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allo ...) + NOT-FOR-US: Samsung +CVE-2022-30716 (Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast pri ...) + NOT-FOR-US: Samsung +CVE-2022-30715 (Improper access control vulnerability in DofViewer prior to SMR Jun-20 ...) + NOT-FOR-US: Samsung +CVE-2022-30714 (Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2 ...) + NOT-FOR-US: Samsung +CVE-2022-30713 (Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-30712 (Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-30711 (Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 R ...) + NOT-FOR-US: Samsung +CVE-2022-30710 (Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-30709 (Improper input validation check logic vulnerability in SECRIL prior to ...) + NOT-FOR-US: Samsung +CVE-2022-29888 (A leftover debug code vulnerability exists in the httpd port 4444 uplo ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-25932 (The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes f ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-1736 + RESERVED + - gnome-remote-desktop 42.1.1-2 (unimportant) + NOTE: https://bugs.launchpad.net/ubuntu/+source/gnome-remote-desktop/+bug/1973028/comments/3 + NOTE: The CVE is assigned based on the Ubuntu policy strongly discouraging open ports by + NOTE: default (https://wiki.ubuntu.com/Security/Features#ports) and the fact that the user + NOTE: service was enabled by default (and not automatically enabled anymore since 42.1.1-2) + NOTE: Not treated as a security issue in Debian, whether to start the daemon or not is ultimately + NOTE: up to the local admin +CVE-2022-1735 (Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/c9f85608-ff11-48e4-933d-53d1759d44d9 + NOTE: https://github.com/vim/vim/commit/7ce5b2b590256ce53d6af28c1d203fb3bc1d2d97 (v8.2.4969) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1734 (A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in driver ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.17.11-1 (unimportant) + [bullseye] - linux 5.10.120-1 + NOTE: https://git.kernel.org/linus/d270453a0d9ec10bb8a802a142fb1b3601a83098 (5.18-rc6) + NOTE: Support for Marvell NFC devices (CONFIG_NFC_MRVL) not enabled +CVE-2022-1733 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/6ff03b27-472b-4bef-a2bf-410fae65ff0a + NOTE: https://github.com/vim/vim/commit/60ae0e71490c97f2871a6344aca61cacf220f813 (v8.2.4968) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1732 (The Rename wp-login.php WordPress plugin through 2.6.0 does not have C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1731 (Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to ...) + NOT-FOR-US: Metasonic Doc WebClient +CVE-2022-1730 (Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1729 (A race condition was found the Linux kernel in perf_event_open() which ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.17.11-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/20/2 + NOTE: https://git.kernel.org/linus/3ac6487e584a1eb54071dbe1212e05b884136704 +CVE-2022-1728 (Allowing long password leads to denial of service in polonel/trudesk i ...) + NOT-FOR-US: Trudesk +CVE-2022-1727 (Improper Input Validation in GitHub repository jgraph/drawio prior to ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1726 (Bootstrap Tables XSS vulnerability with Table Export plug-in when expo ...) + - zoneminder (unimportant) + NOTE: https://huntr.dev/bounties/9b85cc33-0395-4c31-8a42-3a94beb2efea + NOTE: src:zoneminder embedds bootstrap-table-export.js in debian/missing-sources/ + NOTE: https://github.com/wenzhixin/bootstrap-table/commit/66ef886d5d325777c8727274c9e018f9c17bc0b9 (1.20.2) + NOTE: NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-1725 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.495 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/4363cf07-233e-4d0a-a1d5-c731a400525c + NOTE: https://github.com/vim/vim/commit/b62dc5e7825bc195efe3041d5b3a9f1528359e1c (v8.2.4959) + NOTE: Negligible security impact; crash in CLI tool +CVE-2022-1724 (The Simple Membership WordPress plugin before 4.1.1 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1723 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1722 (SSRF in editor's proxy via IPv6 link-local address in GitHub repositor ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1721 (Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1720 (Buffer Over-read in function grab_file_name in GitHub repository vim/v ...) + {DLA-3182-1 DLA-3053-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/5ccfb386-7eb9-46e5-98e5-243ea4b358a8 + NOTE: https://github.com/vim/vim/commit/395bd1f6d3edc9f7edb5d1f2d7deaf5a9e3ab93c (v8.2.4956) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1719 (Reflected XSS on ticket filter function in GitHub repository polonel/t ...) + NOT-FOR-US: Trudesk +CVE-2022-1718 (The trudesk application allows large characters to insert in the input ...) + NOT-FOR-US: Trudesk +CVE-2022-30936 + RESERVED +CVE-2022-30935 (An authorization bypass in b2evolution allows remote, unauthenticated ...) + NOT-FOR-US: b2evolution CMS +CVE-2022-30934 + RESERVED +CVE-2022-30933 + RESERVED +CVE-2022-30932 + REJECTED +CVE-2022-30931 (Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross ...) + NOT-FOR-US: Employee Leaves Management System (ELMS) +CVE-2022-30930 (Tourism Management System Version: V 3.2 is affected by: Cross Site Re ...) + NOT-FOR-US: Tourism Management System Version +CVE-2022-30929 (Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed ...) + NOT-FOR-US: Mini-Tmall +CVE-2022-30928 + RESERVED +CVE-2022-30927 (A SQL injection vulnerability exists in Simple Task Scheduling System ...) + NOT-FOR-US: Simple Task Scheduling System +CVE-2022-30926 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30925 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30924 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30923 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30922 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30921 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30920 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30919 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30918 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30917 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30916 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30915 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30914 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30913 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30912 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30911 + RESERVED +CVE-2022-30910 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30909 (H3C Magic R100 R100V100R005 was discovered to contain a stack overflow ...) + NOT-FOR-US: H3C +CVE-2022-30908 + RESERVED +CVE-2022-30907 + RESERVED +CVE-2022-30906 + RESERVED +CVE-2022-30905 + RESERVED +CVE-2022-30904 (In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vul ...) + NOT-FOR-US: Bestechnic Bluetooth Mesh SDK +CVE-2022-30903 (Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA ...) + NOT-FOR-US: Nokia "G-2425G-A" Bharti Airtel Routers Hardware +CVE-2022-30902 + RESERVED +CVE-2022-30901 + RESERVED +CVE-2022-30900 + RESERVED +CVE-2022-30899 (A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the ...) + NOT-FOR-US: PartKeepr +CVE-2022-30898 (A Cross-site request forgery (CSRF) vulnerability in Cscms music porta ...) + NOT-FOR-US: Cscms music portal system +CVE-2022-30897 + RESERVED +CVE-2022-30896 + RESERVED +CVE-2022-30895 + RESERVED +CVE-2022-30894 + RESERVED +CVE-2022-30893 + RESERVED +CVE-2022-30892 + RESERVED +CVE-2022-30891 + RESERVED +CVE-2022-30890 + RESERVED +CVE-2022-30889 + RESERVED +CVE-2022-30888 + RESERVED +CVE-2022-30887 (Pharmacy Management System v1.0 was discovered to contain a remote cod ...) + NOT-FOR-US: Pharmacy Management System +CVE-2022-30886 (School Dormitory Management System v1.0 was discovered to contain a SQ ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30885 (The pyesasky for python, as distributed on PyPI, included a code-execu ...) + NOT-FOR-US: pyesasky +CVE-2022-30884 + RESERVED +CVE-2022-30883 + RESERVED +CVE-2022-30882 (pyanxdns package in PyPI version 0.2 is vulnerable to code execution b ...) + NOT-FOR-US: pyanxdns +CVE-2022-30881 + RESERVED +CVE-2022-30880 + RESERVED +CVE-2022-30879 + RESERVED +CVE-2022-30878 + RESERVED +CVE-2022-30877 (The keep for python, as distributed on PyPI, included a code-execution ...) + NOT-FOR-US: keep (shell command keeper) +CVE-2022-30876 + RESERVED +CVE-2022-30875 (Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Er ...) + - dolibarr +CVE-2022-30874 (There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet ...) + NOT-FOR-US: NukeViet CMS +CVE-2022-30873 + RESERVED +CVE-2022-30872 + RESERVED +CVE-2022-30871 + RESERVED +CVE-2022-30870 + RESERVED +CVE-2022-30869 + RESERVED +CVE-2022-30868 + RESERVED +CVE-2022-30867 + RESERVED +CVE-2022-30866 + RESERVED +CVE-2022-30865 + RESERVED +CVE-2022-30864 + RESERVED +CVE-2022-30863 (FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_ti ...) + NOT-FOR-US: FUDForum +CVE-2022-30862 + RESERVED +CVE-2022-30861 (FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in For ...) + NOT-FOR-US: FUDForum +CVE-2022-30860 (FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload F ...) + NOT-FOR-US: FUDForum +CVE-2022-30859 + RESERVED +CVE-2022-30858 (An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnima ...) + NOT-FOR-US: ngiflib +CVE-2022-30857 + RESERVED +CVE-2022-30856 + RESERVED +CVE-2022-30855 + RESERVED +CVE-2022-30854 + RESERVED +CVE-2022-30853 + RESERVED +CVE-2022-30852 (Known v1.3.1 was discovered to contain an Insecure Direct Object Refer ...) + NOT-FOR-US: Known +CVE-2022-30851 + RESERVED +CVE-2022-30850 + RESERVED +CVE-2022-30849 + RESERVED +CVE-2022-30848 + RESERVED +CVE-2022-30847 + RESERVED +CVE-2022-30846 + RESERVED +CVE-2022-30845 + RESERVED +CVE-2022-30844 + RESERVED +CVE-2022-30843 (Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/cl ...) + NOT-FOR-US: Room-rent-portal-site +CVE-2022-30842 (Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Sit ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30841 + RESERVED +CVE-2022-30840 + RESERVED +CVE-2022-30839 (Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Room-rent-portal-site +CVE-2022-30838 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30837 (Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: Toll-tax-management-system +CVE-2022-30836 (Wedding Management System v1.0 is vulnerable to SQL Injection. via Wed ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30835 (Wedding Management System v1.0 is vulnerable to SQL Injection. via /We ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30834 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30833 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30832 (Wedding Management System v1.0 is vulnerable to SQL Injection via /Wed ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30831 (Wedding Management System v1.0 is vulnerable to SQL Injection via Wedd ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30830 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30829 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30828 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30827 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30826 (Wedding Management System v1.0 is vulnerable to SQL Injection via admi ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30825 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30824 + RESERVED +CVE-2022-30823 (Wedding Management System v1.0 is vulnerable to SQL Injection via \adm ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30822 (In Wedding Management System v1.0, there is an arbitrary file upload v ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30821 (In Wedding Management System v1.0, the editing function of the "Servic ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30820 (In Wedding Management v1.0, there is an arbitrary file upload vulnerab ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30819 (In Wedding Management System v1.0, there is an arbitrary file upload v ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30818 (Wedding Management System v1.0 is vulnerable to SQL injection via /Wed ...) + NOT-FOR-US: Wedding Management System +CVE-2022-30817 (Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Simple Bus Ticket Booking System +CVE-2022-30816 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.p ...) + NOT-FOR-US: elitecms +CVE-2022-30815 (elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.ph ...) + NOT-FOR-US: elitecms +CVE-2022-30814 (elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.p ...) + NOT-FOR-US: elitecms +CVE-2022-30813 (elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php.) + NOT-FOR-US: elitecms +CVE-2022-30812 + RESERVED +CVE-2022-30811 + RESERVED +CVE-2022-30810 (elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php.) + NOT-FOR-US: elitecms +CVE-2022-30809 (elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php? ...) + NOT-FOR-US: elitecms +CVE-2022-30808 (elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/man ...) + NOT-FOR-US: elitecms +CVE-2022-30807 + RESERVED +CVE-2022-30806 + RESERVED +CVE-2022-30805 + RESERVED +CVE-2022-30804 (elitecms v1.01 is vulnerable to Delete any file via /admin/delete_imag ...) + NOT-FOR-US: elitecms +CVE-2022-30803 + RESERVED +CVE-2022-30802 + RESERVED +CVE-2022-30801 + RESERVED +CVE-2022-30800 + RESERVED +CVE-2022-30799 (Online Ordering System v1.0 by oretnom23 has SQL injection via store/o ...) + NOT-FOR-US: Online Ordering System +CVE-2022-30798 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-30797 (Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection ...) + NOT-FOR-US: Online Ordering System +CVE-2022-30796 + RESERVED +CVE-2022-30795 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-30794 (Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Online Ordering System +CVE-2022-30793 + RESERVED +CVE-2022-30790 (Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2 ...) + [experimental] - u-boot 2022.07~rc4+dfsg-1 + - u-boot 2022.07+dfsg-1 (bug #1014470) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (Minor issue) + [stretch] - u-boot (Minor issue) + NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ + NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4) +CVE-2022-30789 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_ch ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/6efc1305c1951c1d72181f449f2fab68fa25fae8 (2022.5.17) +CVE-2022-30788 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mf ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/a8818cf779d3a32f2f52337c6f258c16719625a3 (2022.5.17) + NOTE: https://github.com/tuxera/ntfs-3g/commit/bce5734a757fd59d70a52f4d4fe9abe260629b3a (2022.5.17) +CVE-2022-30787 (An integer underflow in fuse_lib_readdir enables arbitrary memory read ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/fb28eef6f1c26170566187c1ab7dc913a13ea43c (2022.5.17) + NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt + NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ +CVE-2022-30786 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_na ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/838b6e35b43062353998853eab50cd0675201ed7 (2022.5.17) + NOTE: https://github.com/tuxera/ntfs-3g/commit/5ce8941bf47291cd6ffe7cdb1797253f1cc3a86f (2022.5.17) +CVE-2022-30785 (A file handle created in fuse_lib_opendir, and later used in fuse_lib_ ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/fb28eef6f1c26170566187c1ab7dc913a13ea43c (2022.5.17) + NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt + NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ +CVE-2022-30784 (A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_v ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/60717a846deaaea47e50ce58872869f7bd1103b5 (2022.5.17) +CVE-2022-30783 (An invalid return code in fuse_kern_mount enables intercepting of libf ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/2 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-6mv4-4v73-xw58 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/4 + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/7f81935f32e58e8fec22bc46683b1b067469405f (2022.5.17) + NOTE: https://unparalleled.eu/publications/2022/advisory-unpar-2022-0.txt + NOTE: https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ +CVE-2022-30782 (Openmoney API through 2020-06-29 uses the JavaScript Math.random funct ...) + NOT-FOR-US: Openmoney +CVE-2022-30781 (Gitea before 1.16.7 does not escape git fetch remote.) + - gitea +CVE-2022-30780 (Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a den ...) + - lighttpd 1.4.59-1 + [buster] - lighttpd (Vulnerable code introduced later) + [stretch] - lighttpd (Vulnerable code introduced later) + NOTE: https://podalirius.net/en/cves/2022-30780/ + NOTE: https://github.com/p0dalirius/CVE-2022-30780-lighttpd-denial-of-service + NOTE: https://redmine.lighttpd.net/issues/3059 + NOTE: Fixed by: https://github.com/lighttpd/lighttpd1.4/commit/b03b86f47b0d5a553137f081fadc482b4af1372d (lighttpd-1.4.59) +CVE-2022-30779 + REJECTED +CVE-2022-30778 + REJECTED +CVE-2022-30777 (Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from param ...) + NOT-FOR-US: Parallels H-Sphere +CVE-2022-30776 (atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter ...) + - atmailopen +CVE-2022-30775 (xpdf 4.04 allocates excessive memory when presented with crafted input ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-30774 (DMA attacks on the parameter buffer used by the PnpSmm driver could ch ...) + NOT-FOR-US: Insyde +CVE-2022-30773 (DMA attacks on the parameter buffer used by the IhisiSmm driver could ...) + NOT-FOR-US: Insyde +CVE-2022-30772 (Manipulation of the input address in PnpSmm function 0x52 could be use ...) + NOT-FOR-US: Insyde +CVE-2022-30771 (Initialization function in PnpSmm could lead to SMRAM corruption when ...) + NOT-FOR-US: Insyde +CVE-2022-30770 (Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and ...) + NOT-FOR-US: Terminalfour +CVE-2022-30769 (Session fixation exists in ZoneMinder through 1.36.12 as an attacker c ...) + - zoneminder (unimportant) + NOTE: https://medium.com/@dk50u1/session-fixation-in-zoneminder-up-to-v1-36-12-3c850b1fbbf3 + NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-30768 (A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows ...) + - zoneminder (unimportant) + NOTE: https://medium.com/@dk50u1/stored-xss-in-zoneminder-up-to-v1-36-12-f26b4bb68c31 + NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-30767 (nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and throu ...) + [experimental] - u-boot 2022.07~rc4+dfsg-1 + - u-boot 2022.07+dfsg-1 (bug #1014471) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (Incorrect fix for CVE-2019-14196 not applied) + [stretch] - u-boot (Incorrect fix for CVE-2019-14196 not applied) + NOTE: Introduced by: https://github.com/u-boot/u-boot/commit/5d14ee4e53a81055d34ba280cb8fd90330f22a96 (v2019.10-rc4) + NOTE: https://lists.denx.de/pipermail/u-boot/2022-May/483952.html + NOTE: https://securitylab.github.com/research/uboot-rce-nfs-vulnerability/ + NOTE: Issue exists because of an incorrect fix for CVE-2019-14196. + NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/bdbf7a05e26f3c5fd437c99e2755ffde186ddc80 (v2022.07-rc4) +CVE-2022-30766 + RESERVED +CVE-2022-30765 (Calibre-Web before 0.6.18 allows user table SQL Injection.) + - calibre-web (bug #982690) +CVE-2022-30764 + RESERVED +CVE-2022-30763 (Janet before 1.22.0 mishandles arrays.) + - janet (bug #983003) +CVE-2022-30762 + RESERVED +CVE-2022-30761 + RESERVED +CVE-2022-30760 (An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG F ...) + NOT-FOR-US: fn2Web +CVE-2022-30759 (In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sud ...) + NOT-FOR-US: Nokia +CVE-2022-30708 (Webmin through 1.991, when the Authentic theme is used, allows remote ...) + - webmin +CVE-2022-1717 (The Custom Share Buttons with Floating Sidebar WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1716 (Keep My Notes v1.80.147 allows an attacker with physical access to the ...) + NOT-FOR-US: Keep My Notes +CVE-2022-30703 (Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an expo ...) + NOT-FOR-US: Trend Micro +CVE-2022-30702 (Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out- ...) + NOT-FOR-US: Trend Micro +CVE-2022-30701 (An uncontrolled search path element vulnerability in Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2022-30700 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2022-30699 (NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable ...) + {DLA-3371-1} + - unbound 1.16.2-1 (bug #1016493) + [bullseye] - unbound 1.13.1-1+deb11u1 + NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt + NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) +CVE-2022-30698 (NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable t ...) + {DLA-3371-1} + - unbound 1.16.2-1 (bug #1016493) + [bullseye] - unbound 1.13.1-1+deb11u1 + NOTE: https://www.nlnetlabs.nl/downloads/unbound/CVE-2022-30698_CVE-2022-30699.txt + NOTE: https://github.com/NLnetLabs/unbound/commit/f6753a0f1018133df552347a199e0362fc1dac68 (release-1.16.2) +CVE-2022-30697 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis +CVE-2022-30696 (Local privilege escalation due to a DLL hijacking vulnerability. The f ...) + NOT-FOR-US: Acronis +CVE-2022-30695 (Local privilege escalation due to excessive permissions assigned to ch ...) + NOT-FOR-US: Acronis +CVE-2022-30694 (The login endpoint /FormLogin in affected web services does not apply ...) + NOT-FOR-US: Siemens +CVE-2022-30543 (A leftover debug code vulnerability exists in the console infct functi ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-29485 (Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and ...) + NOT-FOR-US: SHIRASAGI +CVE-2022-29481 (A leftover debug code vulnerability exists in the console nvram functi ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-28689 (A leftover debug code vulnerability exists in the console support func ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26023 (A leftover debug code vulnerability exists in the console verify funct ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-1715 (Account Takeover in GitHub repository neorazorx/facturascripts prior t ...) + NOT-FOR-US: neorazorx/facturascripts +CVE-2022-1714 (Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/1c22055b-b015-47a8-a57b-4982978751d0 + NOTE: https://github.com/radareorg/radare2/commit/3ecdbf8e21186a9c5a4d3cfa3b1e9fd27045340e +CVE-2022-1713 (SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1712 (The LiveSync for WordPress plugin through 1.0 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1711 (Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1710 (The Appointment Hour Booking WordPress plugin before 1.3.56 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1709 (The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1708 (A vulnerability was found in CRI-O that causes memory or disk space ex ...) + - cri-o (bug #979702) +CVE-2022-1707 (The Google Tag Manager for WordPress plugin for WordPress is vulnerabl ...) + NOT-FOR-US: Google Tag Manager for WordPress plugin for WordPress +CVE-2022-1706 (A vulnerability was found in Ignition where ignition configs are acces ...) + - ignition 2.14.0+ds1-1 (bug #1014716) + NOTE: https://github.com/coreos/ignition/issues/1300 + NOTE: https://github.com/coreos/ignition/pull/1350 +CVE-2021-46279 (Session fixation and insufficient session expiration vulnerabilities a ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2021-45925 (Observable discrepancies in the login process allow an attacker to gue ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2021-44776 (A broken access control vulnerability in the SubNet_handler_func funct ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2021-44769 (An improper input validation vulnerability in the TLS certificate gene ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2021-44467 (A broken access control vulnerability in the KillDupUsr_func function ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2021-4228 (Use of hard-coded TLS certificate by default allows an attacker to per ...) + NOT-FOR-US: Lanner Inc IAC-AST2500A standard firmware +CVE-2022-30689 (HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not cor ...) + NOT-FOR-US: HashiCorp Vault +CVE-2022-30688 (needrestart 0.8 through 3.5 before 3.6 is prone to local privilege esc ...) + {DSA-5137-1 DLA-3013-1} + - needrestart 3.6-1 (bug #1011154) + NOTE: https://github.com/liske/needrestart/commit/e6e58136e1e3c92296e2e810cb8372a5fe0dbd30 (v3.6) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/17/9 +CVE-2022-30687 (Trend Micro Maximum Security 2022 is vulnerable to a link following vu ...) + NOT-FOR-US: Trend Micro +CVE-2022-30686 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30685 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30684 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30683 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30682 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30681 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30680 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30679 (Adobe Experience Manager version 6.5.14 (and earlier) is affected by a ...) + NOT-FOR-US: Adobe +CVE-2022-30678 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30677 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-30676 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30675 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30674 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30673 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30672 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30671 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-30670 (RoboHelp Server earlier versions than RHS 11 Update 3 are affected by ...) + NOT-FOR-US: RoboHelp Server +CVE-2022-30669 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30668 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30667 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30666 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30665 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30664 (Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2022-30663 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30662 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30661 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30660 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30659 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30658 (Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-30657 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30656 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30655 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30654 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30653 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30652 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30651 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30650 (Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-30649 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30648 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30647 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30646 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30645 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30644 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30643 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30642 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30641 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30640 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30639 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30638 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30637 (Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-30636 + RESERVED +CVE-2022-30635 (Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.1 ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53615 + NOTE: https://github.com/golang/go/commit/6fa37e98ea4382bf881428ee0c150ce591500eb7 (go1.19rc2) + NOTE: https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (go1.18.4) + NOTE: https://github.com/golang/go/commit/cd54600b866db0ad068ab8df06c7f5f6cb55c9b3 (go1.17.12) +CVE-2022-30634 (Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 o ...) + - golang-1.18 (Only affects Go on Windows) + - golang-1.17 (Only affects Go on Windows) + - golang-1.15 (Only affects Go on Windows) + - golang-1.11 (Only affects Go on Windows) + - golang-1.8 (Only affects Go on Windows) + - golang-1.7 (Only affects Go on Windows) + NOTE: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg + NOTE: https://go.dev/issue/52561 + NOTE: https://github.com/golang/go/commit/32dedaa69e22f1a058ae90b9484fd4c3b46fbcbf (go1.18.3) + NOTE: https://github.com/golang/go/commit/2be03d789de905a4b050ff5f3a51b724e1b09494 (go1.17.11) +CVE-2022-30633 (Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53611 + NOTE: https://github.com/golang/go/commit/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 (go1.19rc2) + NOTE: https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (go1.18.4) + NOTE: https://github.com/golang/go/commit/2678d0c957193dceef336c969a9da74dd716a827 (go1.17.12) +CVE-2022-30632 (Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53416 + NOTE: https://github.com/golang/go/commit/ac68c6c683409f98250d34ad282b9e1b0c9095ef (go1.19rc2) + NOTE: https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (go1.18.4) + NOTE: https://github.com/golang/go/commit/76f8b7304d1f7c25834e2a0cc9e88c55276c47df (go1.17.12) +CVE-2022-30631 (Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17. ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://go.dev/issue/53168 + NOTE: https://github.com/golang/go/commit/b2b8872c876201eac2d0707276c6999ff3eb185e (go1.19rc2) + NOTE: https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (go1.18.4) + NOTE: https://github.com/golang/go/commit/0117dee7dccbbd7803d88f65a2ce8bd686219ad3 (go1.17.12) +CVE-2022-30630 (Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18. ...) + - golang-1.19 1.19~rc2-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 (Introduced in 1.16) + - golang-1.11 (Introduced in 1.16) + NOTE: https://go.dev/issue/53415 + NOTE: https://github.com/golang/go/commit/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 (go1.19rc2) + NOTE: https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (go1.18.4) + NOTE: https://github.com/golang/go/commit/8c1d8c836270615cfb5b229932269048ef59ac07 (go1.17.12) + NOTE: Introduced by https://github.com/golang/go/commit/b64202bc29b9c1cf0118878d1c0acc9cdb2308f6 (go1.16beta1) + NOTE: io/fs/Glob.go introduced in 1.16; see CVE-2022-30632 for similar older code in path/filepath/ +CVE-2022-30629 (Non-random values for ticket_age_add in session tickets in crypto/tls ...) + - golang-1.18 1.18.3-1 + - golang-1.17 1.17.11-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + - golang-1.8 + [stretch] - golang-1.8 (Vulnerable code - TLS1.3 - introduced later) + - golang-1.7 + [stretch] - golang-1.7 (Vulnerable code - TLS1.3 - introduced later) + NOTE: https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg + NOTE: https://go.dev/issue/52814 + NOTE: https://github.com/golang/go/commit/c838098c327a1b6d63446f4722e943b02d235d78 (go1.18.3) + NOTE: https://github.com/golang/go/commit/c15a8e2dbb5ac376a6ed890735341b812d6b965c (go1.17.11) +CVE-2022-30628 (It was possible to download all receipts without authentication. Must ...) + NOT-FOR-US: Supersmart.me +CVE-2022-30627 (This vulnerability affects all of the company's products that also inc ...) + NOT-FOR-US: Chcnav +CVE-2022-30626 (Browsing the path: http://ip/wifi_ap_pata_get.cmd, will show in the na ...) + NOT-FOR-US: Chcnav +CVE-2022-30625 (Directory listing is a web server function that displays the directory ...) + NOT-FOR-US: Chcnav +CVE-2022-30624 (Browsing the admin.html page allows the user to reset the admin passwo ...) + NOT-FOR-US: Chcnav +CVE-2022-30623 (The server checks the user's cookie in a non-standard way, and a value ...) + NOT-FOR-US: Chcnav +CVE-2022-30622 (Disclosure of information - the system allows you to view usernames an ...) + NOT-FOR-US: Chcnav +CVE-2022-30621 (Allows a remote user to read files on the camera's OS "GetFileContent. ...) + NOT-FOR-US: Cellinx +CVE-2022-30620 (On Cellinx Camera with guest enabled, attacker with web access can ele ...) + NOT-FOR-US: Cellinx +CVE-2022-30619 (Editable SQL Queries behind Base64 encoding sending from the Client-Si ...) + NOT-FOR-US: Agile Point +CVE-2022-30618 (An authenticated user with access to the Strapi admin panel can view p ...) + NOT-FOR-US: Strapi +CVE-2022-30617 (An authenticated user with access to the Strapi admin panel can view p ...) + NOT-FOR-US: Strapi +CVE-2022-29525 (Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded cred ...) + NOT-FOR-US: Rakuten Casa +CVE-2022-28704 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...) + NOT-FOR-US: Rakuten Casa +CVE-2022-26834 (Improper access control vulnerability in Rakuten Casa version AP_F_V1_ ...) + NOT-FOR-US: Rakuten Casa +CVE-2022-1705 (Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 cli ...) + - golang-1.19 1.19~rc1-1 + - golang-1.18 1.18.4-1 + - golang-1.17 1.17.13-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 (Introduced in 1.15) + NOTE: https://go.dev/issue/53188 + NOTE: https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f (go1.19rc1) + NOTE: https://github.com/golang/go/commit/222ee24a0046ae61679f4d97967e3b4058a3b90e (go1.18.4) + NOTE: https://github.com/golang/go/commit/d13431c37ab62f9755f705731536ff74e7165b08 (go1.17.12) + NOTE: Introduced by https://github.com/golang/go/commit/d5734d4f2dd1168dc3df94f2b9912299aea0c0ac (go1.15beta1) +CVE-2022-1704 (Due to an XML external entity reference, the software parses XML in th ...) + NOT-FOR-US: Ignition +CVE-2022-1703 (Improper neutralization of special elements in the SonicWall SSL-VPN S ...) + NOT-FOR-US: SonicWall +CVE-2022-1702 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) + NOT-FOR-US: SonicWall +CVE-2022-1701 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) + NOT-FOR-US: SonicWall +CVE-2022-1700 (Improper Restriction of XML External Entity Reference ('XXE') vulnerab ...) + NOT-FOR-US: Forcepoint +CVE-2022-30616 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2022-30615 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2022-30614 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a den ...) + NOT-FOR-US: IBM +CVE-2022-30613 (IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a ...) + NOT-FOR-US: IBM +CVE-2022-30612 + RESERVED +CVE-2022-30611 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2022-30610 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2022-30609 + RESERVED +CVE-2022-30608 ("IBM InfoSphere Information Server 11.7 is vulnerable to cross-site re ...) + NOT-FOR-US: IBM +CVE-2022-30607 (IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 2 ...) + NOT-FOR-US: IBM +CVE-2022-30546 (Out-of-bounds read vulnerability exists in the simulator module contai ...) + NOT-FOR-US: Fuji Electric V-SFT +CVE-2022-30538 (Out-of-bounds write vulnerability exists in the simulator module conta ...) + NOT-FOR-US: Fuji Electric V-SFT +CVE-2022-29925 (Access of uninitialized pointer vulnerability exists in the simulator ...) + NOT-FOR-US: Fuji Electric V-SFT +CVE-2022-29522 (Use after free vulnerability exists in the simulator module contained ...) + NOT-FOR-US: Fuji Electric V-SFT +CVE-2022-29482 ('Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 imp ...) + NOT-FOR-US: 'Mobaoku-Auction&Flea Market' App for iOS +CVE-2022-27231 (Cross-site scripting vulnerability exists in WP Statistics versions pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26302 (Heap-based buffer overflow exists in the simulator module contained in ...) + NOT-FOR-US: Fuji Electric V-SFT +CVE-2022-1699 (Uncontrolled Resource Consumption in GitHub repository causefx/organiz ...) + NOT-FOR-US: organizr +CVE-2022-1698 (Allowing long password leads to denial of service in GitHub repository ...) + NOT-FOR-US: organizr +CVE-2022-1697 (Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed th ...) + NOT-FOR-US: Okta +CVE-2022-1696 + RESERVED +CVE-2022-1695 (The WP Simple Adsense Insertion WordPress plugin before 2.1 does not p ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1694 (The Useful Banner Manager WordPress plugin through 1.6.1 does not perf ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1693 + RESERVED +CVE-2022-1692 (The CP Image Store with Slideshow WordPress plugin before 1.0.68 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1691 (The Realty Workstation WordPress plugin before 1.0.15 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1690 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1689 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1688 (The Note Press WordPress plugin through 0.1.10 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1687 (The Logo Slider WordPress plugin through 1.4.8 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1686 (The Five Minute Webshop WordPress plugin through 1.3.2 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1685 (The Five Minute Webshop WordPress plugin through 1.3.2 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1684 (The Cube Slider WordPress plugin through 1.2 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1683 (The amtyThumb WordPress plugin through 4.2.0 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1682 (Reflected Xss using url based payload in GitHub repository neorazorx/f ...) + NOT-FOR-US: facturascripts +CVE-2022-1681 (Authentication Bypass Using an Alternate Path or Channel in GitHub rep ...) + NOT-FOR-US: Requarks wiki.js +CVE-2022-XXXX [RUSTSEC-2022-0022] + - rust-hyper 0.14.19-1 + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0022.html +CVE-2022-XXXX [RUSTSEC-2022-0021] + - rust-crossbeam-queue 0.3.5-1 + [bullseye] - rust-crossbeam-queue (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0021.html +CVE-2022-XXXX [RUSTSEC-2022-0019] + - rust-crossbeam-channel 0.4.4-1 + [bullseye] - rust-crossbeam-channel (Minor issue) + [buster] - rust-crossbeam-channel (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0019.html +CVE-2022-XXXX [RUSTSEC-2022-0020] + - rust-crossbeam 0.8.1-1 + [bullseye] - rust-crossbeam (Minor issue) + [buster] - rust-crossbeam (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0020.html + NOTE: advisory seems wrong about fixed version, should be >= 0.8.0 +CVE-2022-30600 (A flaw was found in moodle where logic used to count failed login atte ...) + - moodle +CVE-2022-30599 (A flaw was found in moodle where an SQL injection risk was identified ...) + - moodle +CVE-2022-30598 (A flaw was found in moodle where global search results could include a ...) + - moodle +CVE-2022-30597 (A flaw was found in moodle where the description user field was not hi ...) + - moodle +CVE-2022-30596 (A flaw was found in moodle where ID numbers displayed when bulk alloca ...) + - moodle +CVE-2022-30595 (libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow i ...) + - pillow 9.1.1-1 + [bullseye] - pillow (Vulnerable code introduced later) + [buster] - pillow (Vulnerable code introduced later) + [stretch] - pillow (Vulnerable code introduced later) + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html#security + NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/0d729941a89af9e00d9d01d14ec144ab358410cd (9.1.0) + NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/c846cc881ebe34e3518412c2e3636433d9947280 (9.1.1) +CVE-2022-30593 + RESERVED +CVE-2022-30592 (liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1. ...) + NOT-FOR-US: LiteSpeed QUIC (aka LSQUIC) +CVE-2022-30591 (quic-go through 0.27.0 allows remote attackers to cause a denial of se ...) + NOT-FOR-US: quic-go +CVE-2022-30590 + RESERVED +CVE-2022-30589 + RESERVED +CVE-2022-30588 + RESERVED +CVE-2022-30587 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-30586 (Gradle Enterprise through 2022.2.2 has Incorrect Access Control that l ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-30585 (The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an ...) + NOT-FOR-US: Archer +CVE-2022-30584 (Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access ...) + NOT-FOR-US: Archer +CVE-2022-30583 + RESERVED +CVE-2022-30582 + RESERVED +CVE-2022-30581 + RESERVED +CVE-2022-30580 (Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 ...) + - golang-1.18 (Only affects Go on Windows) + - golang-1.17 (Only affects Go on Windows) + - golang-1.15 (Only affects Go on Windows) + - golang-1.11 (Only affects Go on Windows) + - golang-1.8 (Only affects Go on Windows) + - golang-1.7 (Only affects Go on Windows) + NOTE: https://go.dev/issue/52574 +CVE-2022-30579 (The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analy ...) + NOT-FOR-US: TIBCO +CVE-2022-30578 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons co ...) + NOT-FOR-US: TIBCO +CVE-2022-30577 (The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a ...) + NOT-FOR-US: TIBCO +CVE-2022-30576 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) + NOT-FOR-US: TIBCO +CVE-2022-30575 (The Web Console component of TIBCO Software Inc.'s TIBCO Data Science ...) + NOT-FOR-US: TIBCO +CVE-2022-30574 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) + NOT-FOR-US: TIBCO +CVE-2022-30573 (The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community ...) + NOT-FOR-US: TIBCO +CVE-2022-30572 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) + NOT-FOR-US: TIBCO +CVE-2022-30571 (The iWay Service Manager Console component of TIBCO Software Inc.'s TI ...) + NOT-FOR-US: TIBCO +CVE-2022-30570 (The Column Based Security component of TIBCO Software Inc.'s TIBCO Dat ...) + NOT-FOR-US: TIBCO +CVE-2022-30569 + RESERVED +CVE-2022-30568 + RESERVED +CVE-2022-30567 + RESERVED +CVE-2022-30566 + RESERVED +CVE-2022-30565 + RESERVED +CVE-2022-30564 (Some Dahua embedded products have a vulnerability of unauthorized modi ...) + NOT-FOR-US: Dahua +CVE-2022-30563 (When an attacker uses a man-in-the-middle attack to sniff the request ...) + NOT-FOR-US: Dahua +CVE-2022-30562 (If the user enables the https function on the device, an attacker can ...) + NOT-FOR-US: Dahua +CVE-2022-30561 (When an attacker uses a man-in-the-middle attack to sniff the request ...) + NOT-FOR-US: Dahua +CVE-2022-30560 (When an attacker obtaining the administrative account and password, or ...) + NOT-FOR-US: Dahua +CVE-2022-30559 + RESERVED +CVE-2022-30558 + RESERVED +CVE-2022-30557 (Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion is ...) + NOT-FOR-US: Foxit PDF Reader and PDF Editor +CVE-2022-1680 (An account takeover issue has been discovered in GitLab EE affecting a ...) + [experimental] - gitlab 14.9.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ +CVE-2022-1679 (A use-after-free flaw was found in the Linux kernel\u2019s Atheros wir ...) + {DLA-3173-1 DLA-3131-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2084125 + NOTE: https://lore.kernel.org/lkml/87ilqc7jv9.fsf@kernel.org/t/ +CVE-2022-1678 (An issue was discovered in the Linux Kernel from 4.18 to 4.19, an impr ...) + - linux 5.2.6-1 + [buster] - linux 4.19.232-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.openanolis.cn/show_bug.cgi?id=61 + NOTE: https://lore.kernel.org/all/20200602080425.93712-1-kerneljasonxing@gmail.com/ + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0a70f118475e037732557796accd0878a00fc25a +CVE-2022-30594 (The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTR ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2276 + NOTE: https://git.kernel.org/linus/ee1fee900537b5d9560e9f937402de5ddc8412f3 (5.18-rc1) +CVE-2022-30556 (Apache HTTP Server 2.4.53 and earlier may return lengths to applicatio ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/7 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30556 + NOTE: https://github.com/apache/httpd/commit/3a561759fcb37af179585adb8478922dc9bc6a85 +CVE-2022-30555 + RESERVED +CVE-2022-30554 + RESERVED +CVE-2022-30553 + RESERVED +CVE-2022-30552 (Das U-Boot 2022.01 has a Buffer Overflow.) + [experimental] - u-boot 2022.07~rc4+dfsg-1 + - u-boot 2022.07+dfsg-1 (bug #1014470) + [bullseye] - u-boot (Minor issue) + [buster] - u-boot (Minor issue) + [stretch] - u-boot (Minor issue) + NOTE: https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ + NOTE: Fixed by: https://source.denx.de/u-boot/u-boot/-/commit/b85d130ea0cac152c21ec38ac9417b31d41b5552 (v2022.07-rc4) +CVE-2022-30551 (OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause ...) + NOT-FOR-US: OPC UA Legacy Java Stack +CVE-2022-30550 (An issue was discovered in the auth component in Dovecot 2.2 and 2.3 b ...) + {DLA-3122-1} + - dovecot 1:2.3.19.1+dfsg1-2 (bug #1016351) + [bullseye] - dovecot 1:2.3.13+dfsg1-2+deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2022/07/06/9 + NOTE: https://github.com/dovecot/core/commit/7bad6a24160e34bce8f10e73dbbf9e5fbbcd1904 + NOTE: https://github.com/dovecot/core/commit/a1022072e2ce36f853873d910287f466165b184b +CVE-2022-1677 (In OpenShift Container Platform, a user with permissions to create or ...) + NOT-FOR-US: OpenShift +CVE-2022-1676 + REJECTED +CVE-2022-1675 + RESERVED +CVE-2022-1674 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/a74ba4a4-7a39-4a22-bde3-d2f8ee07b385 + NOTE: https://github.com/vim/vim/commit/a59f2dfd0cf9ee1a584d3de5b7c2d47648e79060 (v8.2.4938) + NOTE: Negligible security impact; crash in CLI tool +CVE-2022-1673 (The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1672 (The Insights from Google PageSpeed WordPress plugin before 4.0.7 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1671 (A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/r ...) + - linux 5.17.3-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2083992 + NOTE: Fixed by: https://git.kernel.org/linus/ff8376ade4f668130385839cef586a0990f8ef87 (5.18-rc1) +CVE-2022-30548 (Uncontrolled search path element in the Intel(R) Glorp software may al ...) + NOT-FOR-US: Intel +CVE-2022-30339 (Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solu ...) + NOT-FOR-US: Intel +CVE-2022-30338 (Incorrect default permissions in the Intel(R) VROC software before ver ...) + NOT-FOR-US: Intel +CVE-2022-30296 (Insufficiently protected credentials in the Intel(R) Datacenter Group ...) + NOT-FOR-US: Intel +CVE-2022-29919 (Use after free in the Intel(R) VROC software before version 7.7.6.1003 ...) + NOT-FOR-US: Intel +CVE-2022-29893 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...) + NOT-FOR-US: Intel +CVE-2022-29887 (Cross-site Scripting (XSS) in some Intel(R) Manageability Commander so ...) + NOT-FOR-US: Intel +CVE-2022-29515 (Missing release of memory after effective lifetime in firmware for Int ...) + NOT-FOR-US: Intel +CVE-2022-29508 (Null pointer dereference in the Intel(R) VROC software before version ...) + NOT-FOR-US: Intel +CVE-2022-29507 (Insufficiently protected credentials in the Intel(R) Team Blue mobile ...) + NOT-FOR-US: Intel +CVE-2022-29478 + RESERVED +CVE-2022-29470 (Improper access control in the Intel\xae DTT Software before version 8 ...) + NOT-FOR-US: Intel +CVE-2022-28693 + RESERVED + NOT-FOR-US: Intel + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html +CVE-2022-27877 + RESERVED +CVE-2022-27808 (Insufficient control flow management in some Intel(R) Ethernet Control ...) + NOT-FOR-US: Intel +CVE-2022-26844 (Insufficiently protected credentials in the installation binaries for ...) + NOT-FOR-US: Intel +CVE-2022-26374 (Uncontrolled search path in the installation binaries for Intel(R) SEA ...) + NOT-FOR-US: Intel +CVE-2022-26373 (Non-transparent sharing of return predictor targets between contexts i ...) + {DSA-5207-1 DLA-3131-1 DLA-3102-1} + - linux 5.18.16-1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html + NOTE: https://git.kernel.org/linus/2b1299322016731d56807aa49254a5ea3080b6b3 + NOTE: https://git.kernel.org/linus/ba6e31af2be96c4d0536f2152ed6f7b6c11bca47 +CVE-2022-26344 (Incorrect default permissions in the installation binaries for Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-25976 (Improper input validation in the Intel(R) VROC software before version ...) + NOT-FOR-US: Intel +CVE-2022-1670 (When generating a user invitation code in Octopus Server, the validity ...) + NOT-FOR-US: Octopus Server +CVE-2022-1669 (A buffer overflow vulnerability has been detected in the firewall func ...) + NOT-FOR-US: Circutor +CVE-2022-1668 (Weak default root user credentials allow remote attackers to easily ob ...) + NOT-FOR-US: Secheron SEPCOS +CVE-2022-1667 (Client-side JavaScript controls may be bypassed by directly running a ...) + NOT-FOR-US: Secheron SEPCOS +CVE-2022-1666 (The default password for the web application\u2019s root user (the ven ...) + NOT-FOR-US: Secheron SEPCOS +CVE-2022-1665 (A set of pre-production kernel packages of Red Hat Enterprise Linux fo ...) + NOT-FOR-US: pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture +CVE-2022-1664 (Dpkg::Source::Archive in dpkg, the Debian package management system, b ...) + {DSA-5147-1 DLA-3022-1} + - dpkg 1.21.8 + NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=7a6c03cb34d4a09f35df2f10779cbf1b70a5200b (1.21.8) + NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=58814cacee39c4ce9e2cd0e3a3b9b57ad437eff5 (1.20.10) + NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=1f23dddc17f69c9598477098c7fb9936e15fa495 (1.19.8) + NOTE: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=faa4c92debe45412bfcf8a44f26e827800bb24be (1.18.26) +CVE-2022-1663 (The Stop Spam Comments WordPress plugin through 0.2.1.2 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30529 (File upload vulnerability in asith-eranga ISIC tour booking through ve ...) + NOT-FOR-US: asith-eranga ISIC tour booking +CVE-2022-30528 (SQL Injection vulnerability in asith-eranga ISIC tour booking through ...) + NOT-FOR-US: asith-eranga ISIC tour booking +CVE-2022-30527 (A vulnerability has been identified in SINEC NMS (All versions < V2.0) ...) + NOT-FOR-US: Siemens +CVE-2022-1662 (In convert2rhel, there's an ansible playbook named ansible/run-convert ...) + NOT-FOR-US: Red Hat convert2rhel +CVE-2022-1661 (The affected products are vulnerable to directory traversal, which may ...) + NOT-FOR-US: Keysight N6854A and N6841A +CVE-2022-1660 (The affected products are vulnerable of untrusted data due to deserial ...) + NOT-FOR-US: Keysight N6854A and N6841A +CVE-2022-1659 (Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an ...) + NOT-FOR-US: JupiterX Core +CVE-2022-1658 (Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary p ...) + NOT-FOR-US: Jupiter Theme +CVE-2022-1657 (Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) ...) + NOT-FOR-US: Jupiter Theme +CVE-2022-1656 (Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-i ...) + NOT-FOR-US: JupiterX Theme +CVE-2022-1655 (An Incorrect Permission Assignment for Critical Resource flaw was foun ...) + - horizon (Red Hat-specific packaging issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2075681 + NOTE: Seems to be specific to the way Red Hat distributes Horizon, the Debian + NOTE: package defaults to SESSION_COOKIE_HTTPONLY = True +CVE-2022-1654 (Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any au ...) + NOT-FOR-US: Jupiter Theme and JupiterX Core Plugin +CVE-2022-1653 (The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1652 (Linux Kernel could allow a local attacker to execute arbitrary code on ...) + {DSA-5173-1} + - linux 5.17.11-1 + [bullseye] - linux 5.10.120-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/10/1 +CVE-2022-1651 (A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in ...) + - linux 5.17.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ecd1735f14d6ac868ae5d8b7a2bf193fa11f388b (5.18-rc1) +CVE-2022-1650 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + {DLA-3235-1} + - node-eventsource 2.0.2+~1.1.8-1 + [bullseye] - node-eventsource 1.0.7-1+deb11u1 + [stretch] - node-eventsource (not covered by security support) + NOTE: https://huntr.dev/bounties/dc9e467f-be5d-4945-867d-1044d27e9b8e/ + NOTE: https://github.com/eventsource/eventsource/commit/10ee0c4881a6ba2fe65ec18ed195ac35889583c4 (v2.0.2) +CVE-2022-1649 (Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/c07e4918-cf86-4d2e-8969-5fb63575b449 + NOTE: https://github.com/radareorg/radare2/commit/a5aafb99c3965259c84ddcf45a91144bf7eb4cf1 +CVE-2022-1648 (Pandora FMS v7.0NG.760 and below allows a relative path traversal in F ...) + NOT-FOR-US: Pandora FMS +CVE-2022-1647 (The FormCraft WordPress plugin before 1.2.6 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30526 (A privilege escalation vulnerability was identified in the CLI command ...) + NOT-FOR-US: Zyxel +CVE-2022-30525 (A OS command injection vulnerability in the CGI program of Zyxel USG F ...) + NOT-FOR-US: Zyxel +CVE-2022-1646 (The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1645 (The Amazon Link WordPress plugin through 3.2.10 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1644 (The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1643 (The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30524 (There is an invalid memory access in the TextLine class in TextOutputD ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-30523 (Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below i ...) + NOT-FOR-US: Trend Micro +CVE-2022-30522 (If Apache HTTP Server 2.4.53 is configured to do transformations with ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-30522 + NOTE: https://github.com/apache/httpd/commit/db47781128e42bd49f55076665b3f6ca4e2bc5e2 + NOTE: https://github.com/apache/httpd/commit/96c75bba15b6ce20eb8d34aad717a046c000b233 +CVE-2022-1642 (A program using swift-corelibs-foundation is vulnerable to a denial of ...) + NOT-FOR-US: swift-corelibs-foundation +CVE-2022-1641 (Use after free in Web UI Diagnostics in Google Chrome on Chrome OS pri ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1640 (Use after free in Sharing in Google Chrome prior to 101.0.4951.64 allo ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1639 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowe ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1638 (Heap buffer overflow in V8 Internationalization in Google Chrome prior ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1637 (Inappropriate implementation in Web Contents in Google Chrome prior to ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1636 (Use after free in Performance APIs in Google Chrome prior to 101.0.495 ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1635 (Use after free in Permission Prompts in Google Chrome prior to 101.0.4 ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1634 (Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 a ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1633 (Use after free in Sharesheet in Google Chrome on Chrome OS prior to 10 ...) + {DSA-5134-1} + - chromium 101.0.4951.64-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1632 (An Improper Certificate Validation attack was found in Openshift. A re ...) + NOT-FOR-US: OpenShift +CVE-2022-1631 (Users Account Pre-Takeover or Users Account Takeover. in GitHub reposi ...) + NOT-FOR-US: microweber +CVE-2022-1630 (The WP-EMail WordPress plugin before 2.69.0 does not protect its log d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1629 (Buffer Over-read in function find_next_quote in GitHub repository vim/ ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/e26d08d4-1886-41f0-9af4-f3e1bf3d52ee + NOTE: https://github.com/vim/vim/commit/53a70289c2712808e6d4e88927e03cac01b470dd (v8.2.4925) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1628 (The Simple SEO plugin for WordPress is vulnerable to attribute-based s ...) + NOT-FOR-US: Simple SEO plugin for WordPress +CVE-2022-1627 (The My Private Site WordPress plugin before 3.0.8 does not have CSRF c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1626 (The Sharebar WordPress plugin through 1.4.1 does not have CSRF check i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1625 (The New User Approve WordPress plugin before 2.4 does not have CSRF ch ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1624 (The Latest Tweets Widget WordPress plugin through 1.1.4 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30521 (The LAN-side Web-Configuration Interface has Stack-based Buffer Overfl ...) + NOT-FOR-US: D-Link +CVE-2022-30520 + RESERVED +CVE-2022-30519 (XSS in signing form in Reprise Software RLM License Administration v14 ...) + NOT-FOR-US: Reprise Software RLM License Administration +CVE-2022-30518 (ChatBot Application with a Suggestion Feature 1.0 was discovered to co ...) + NOT-FOR-US: ChatBot Application with a Suggestion Feature +CVE-2022-30517 (Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Mogu +CVE-2022-30516 (In Hospital-Management-System v1.0, the editid parameter in the doctor ...) + NOT-FOR-US: Hospital-Management-System +CVE-2022-30515 (ZKTeco BioTime 8.5.4 is missing authentication on folders containing e ...) + NOT-FOR-US: ZKTeco BioTime +CVE-2022-30514 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30513 (School Dormitory Management System v1.0 is vulnerable to reflected cro ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30512 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30511 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30510 (School Dormitory Management System 1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: School Dormitory Management System +CVE-2022-30509 + RESERVED +CVE-2022-30508 (DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vuln ...) + NOT-FOR-US: DedeCMS +CVE-2022-30507 + RESERVED +CVE-2022-30506 (An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, a ...) + NOT-FOR-US: MCMS +CVE-2022-30505 + RESERVED +CVE-2022-30504 + RESERVED +CVE-2022-30503 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-30502 + RESERVED +CVE-2022-30501 + RESERVED +CVE-2022-30500 (Jfinal cms 5.1.0 is vulnerable to SQL Injection.) + NOT-FOR-US: Jfinal cms +CVE-2022-30499 + RESERVED +CVE-2022-30498 + RESERVED +CVE-2022-30497 + RESERVED +CVE-2022-30496 (SQL injection in Logon Page of IDCE MV's application, version 1.0, all ...) + NOT-FOR-US: IDCE MV's application +CVE-2022-30495 (In oretnom23 Automotive Shop Management System v1.0, the name id param ...) + NOT-FOR-US: oretnom23 Automotive Shop Management System +CVE-2022-30494 (In oretnom23 Automotive Shop Management System v1.0, the first and las ...) + NOT-FOR-US: oretnom23 Automotive Shop Management System +CVE-2022-30493 (In oretnom23 Automotive Shop Management System v1.0, the product id pa ...) + NOT-FOR-US: oretnom23 Automotive Shop Management System +CVE-2022-30492 + RESERVED +CVE-2022-30491 + RESERVED +CVE-2022-30490 (Badminton Center Management System V1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-30489 (WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: WAVLINK +CVE-2022-30488 + RESERVED +CVE-2022-30487 + RESERVED +CVE-2022-30486 + RESERVED +CVE-2022-30485 + RESERVED +CVE-2022-30484 + RESERVED +CVE-2022-30483 + RESERVED +CVE-2022-30482 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable ...) + NOT-FOR-US: Ecommerce-project-with-php-and-mysqli-Fruits-Bazar +CVE-2022-30481 (Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Inje ...) + NOT-FOR-US: Food-order-and-table-reservation-system +CVE-2022-30480 + RESERVED +CVE-2022-30479 + RESERVED +CVE-2022-30478 (Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable t ...) + NOT-FOR-US: Ecommerce-project-with-php-and-mysqli-Fruits-Bazar +CVE-2022-30477 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + NOT-FOR-US: Tenda +CVE-2022-30476 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + NOT-FOR-US: Tenda +CVE-2022-30475 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + NOT-FOR-US: Tenda +CVE-2022-30474 (Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to conta ...) + NOT-FOR-US: Tenda +CVE-2022-30473 (Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffe ...) + NOT-FOR-US: Tenda +CVE-2022-30472 (Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer ...) + NOT-FOR-US: Tenda +CVE-2022-30471 + RESERVED +CVE-2022-30470 (In Afian Filerun 20220202 Changing the "search_tika_path" variable to ...) + NOT-FOR-US: Afian Filerun +CVE-2022-30469 (In Afian Filerun 20220202, lack of sanitization of the POST parameter ...) + NOT-FOR-US: Afian Filerun +CVE-2022-30468 + RESERVED +CVE-2022-30467 (Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of serv ...) + NOT-FOR-US: Joy ebike Wolf Manufacturing +CVE-2022-30466 (joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authe ...) + NOT-FOR-US: joyebike Joy ebike Wolf Manufacturing +CVE-2022-30465 + RESERVED +CVE-2022-30464 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Sit ...) + NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP +CVE-2022-30463 (Automotive Shop Management System v1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-30462 (Water-billing-management-system v1.0 is affected by: Cross Site Script ...) + NOT-FOR-US: Water-billing-management-system +CVE-2022-30461 (Water-billing-management-system v1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Water-billing-management-system +CVE-2022-30460 (Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripti ...) + NOT-FOR-US: Simple Social Networking Site +CVE-2022-30459 (ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: ChatBot App with Suggestion in PHP/OOP +CVE-2022-30458 (Automotive Shop Management System v1.0 is vulnerable to Cross Site Scr ...) + NOT-FOR-US: Automotive Shop Management System +CVE-2022-30457 + REJECTED +CVE-2022-30456 (Badminton Center Management System 1.0 is vulnerable to Cross Site Scr ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-30455 (Badminton Center Management System 1.0 is vulnerable to SQL Injection ...) + NOT-FOR-US: Badminton Center Management System +CVE-2022-30454 (Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vlogg ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30453 (ShopWind <= 3.4.2 has a RCE vulnerability in Database.php) + NOT-FOR-US: ShopWind +CVE-2022-30452 (ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php) + NOT-FOR-US: ShopWind +CVE-2022-30451 (An authenticated user could execute code via a SQLi vulnerability in w ...) + NOT-FOR-US: waimairenCMS +CVE-2022-30450 (A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 vi ...) + NOT-FOR-US: waimairenCMS +CVE-2022-30449 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...) + NOT-FOR-US: Hospital Management System in PHP with Source Code (HMS) +CVE-2022-30448 (Hospital Management System in PHP with Source Code (HMS) 1.0 was disco ...) + NOT-FOR-US: Hospital Management System in PHP with Source Code (HMS) +CVE-2022-30447 + RESERVED +CVE-2022-30446 + RESERVED +CVE-2022-30445 + RESERVED +CVE-2022-30444 + RESERVED +CVE-2022-30443 + RESERVED +CVE-2022-30442 + RESERVED +CVE-2022-30441 + RESERVED +CVE-2022-30440 + RESERVED +CVE-2022-30439 + RESERVED +CVE-2022-30438 + RESERVED +CVE-2022-30437 + RESERVED +CVE-2022-30436 + RESERVED +CVE-2022-30435 + RESERVED +CVE-2022-30434 + RESERVED +CVE-2022-30433 + RESERVED +CVE-2022-30432 + RESERVED +CVE-2022-30431 + RESERVED +CVE-2022-30430 + RESERVED +CVE-2022-30429 (Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow ...) + NOT-FOR-US: Neos CMS +CVE-2022-30428 (In ginadmin through 05-10-2022, the incoming path value is not filtere ...) + NOT-FOR-US: ginadmin +CVE-2022-30427 (In ginadmin through 05-10-2022 the incoming path value is not filtered ...) + NOT-FOR-US: ginadmin +CVE-2022-30426 (There is a stack buffer overflow vulnerability, which could lead to ar ...) + NOT-FOR-US: Acer +CVE-2022-30425 (Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a ...) + NOT-FOR-US: Tenda +CVE-2022-30424 + RESERVED +CVE-2022-30423 (Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execu ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30422 (Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0 ...) + NOT-FOR-US: Proietti Tech srl Planet Time Enterprise +CVE-2022-30421 (Improper Authentication vulnerability in Toshiba Storage Security Soft ...) + NOT-FOR-US: Toshiba +CVE-2022-30420 + RESERVED +CVE-2022-30419 + RESERVED +CVE-2022-30418 + RESERVED +CVE-2022-30417 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30416 + RESERVED +CVE-2022-30415 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30414 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30413 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30412 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30411 (Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injec ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30410 + RESERVED +CVE-2022-30409 + RESERVED +CVE-2022-30408 (Covid-19 Travel Pass Management System v1.0 is vulnerable to file dele ...) + NOT-FOR-US: Covid-19 Travel Pass Management System +CVE-2022-30407 (Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Pharmacy Sales And Inventory System +CVE-2022-30406 + RESERVED +CVE-2022-30405 + RESERVED +CVE-2022-30404 (College Management System v1.0 is vulnerable to SQL Injection via /Col ...) + NOT-FOR-US: College Management System +CVE-2022-30403 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30402 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30401 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30400 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30399 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30398 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30397 + RESERVED +CVE-2022-30396 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30395 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30394 + RESERVED +CVE-2022-30393 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30392 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30391 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30390 + RESERVED +CVE-2022-30389 + RESERVED +CVE-2022-30388 + RESERVED +CVE-2022-30387 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30386 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30385 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30384 (Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30383 + RESERVED +CVE-2022-30382 + RESERVED +CVE-2022-30381 (Merchandise Online Store v1.0 is vulnerable to file deletion via /vlog ...) + NOT-FOR-US: Merchandise Online Store +CVE-2022-30380 + RESERVED +CVE-2022-30379 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Simple Social Networking Site +CVE-2022-30378 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Simple Social Networking Site +CVE-2022-30377 + RESERVED +CVE-2022-30376 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL ...) + NOT-FOR-US: Sourcecodester Simple Social Networking Site +CVE-2022-30375 (Sourcecodester Simple Social Networking Site v1.0 is vulnerable to fil ...) + NOT-FOR-US: Sourcecodester Simple Social Networking Site +CVE-2022-30374 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30373 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30372 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30371 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30370 (Air Cargo Management System 1.0 is vulnerable to SQL Injection via /ac ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30369 + RESERVED +CVE-2022-30368 + RESERVED +CVE-2022-30367 (Air Cargo Management System v1.0 is vulnerable to file deletion via /a ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-30366 + RESERVED +CVE-2022-30365 + RESERVED +CVE-2022-30364 + RESERVED +CVE-2022-30363 + RESERVED +CVE-2022-30362 + RESERVED +CVE-2022-30361 + RESERVED +CVE-2022-30360 + RESERVED +CVE-2022-30359 + RESERVED +CVE-2022-30358 + RESERVED +CVE-2022-30357 + RESERVED +CVE-2022-30356 + RESERVED +CVE-2022-30355 + RESERVED +CVE-2022-30354 + RESERVED +CVE-2022-30353 + RESERVED +CVE-2022-30352 (phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanit ...) + NOT-FOR-US: phpABook +CVE-2022-30351 (PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having w ...) + NOT-FOR-US: PDFZorro PDFZorro Online +CVE-2022-30350 (Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable t ...) + NOT-FOR-US: Avanquest Software RAD PDF (PDFEscape Online) +CVE-2022-30349 (siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: siteserver SSCMS +CVE-2022-30348 + RESERVED +CVE-2022-30347 + RESERVED +CVE-2022-30346 + RESERVED +CVE-2022-30345 + RESERVED +CVE-2022-30344 + RESERVED +CVE-2022-30343 + RESERVED +CVE-2022-30342 + RESERVED +CVE-2022-30341 + RESERVED +CVE-2022-30340 + RESERVED +CVE-2022-30336 + RESERVED +CVE-2022-30335 (Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via ...) + NOT-FOR-US: Bonanza Wealth Management System +CVE-2022-26041 (Directory traversal vulnerability in RCCMD 4.26 and earlier allows a r ...) + NOT-FOR-US: RCCMD +CVE-2022-1623 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) + {DSA-5333-1} + - tiff 4.4.0~rc1-1 + [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) + NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 +CVE-2022-1622 (LibTIFF master branch has an out-of-bounds read in LZWDecode in libtif ...) + {DSA-5333-1} + - tiff 4.4.0~rc1-1 + [buster] - tiff (Vulnerable code introduced later, PoCs don't trigger) + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a (v4.4.0rc1) + NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/3079627ea0dee150e6a208cec8381de611bb842b (v4.4.0rc1) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/410 +CVE-2022-1621 (Heap buffer overflow in vim_strncpy find_word in GitHub repository vim ...) + {DLA-3204-1 DLA-3011-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/520ce714-bfd2-4646-9458-f52cd22bb2fb + NOTE: https://github.com/vim/vim/commit/7c824682d2028432ee082703ef0ab399867a089b (v8.2.4919) + NOTE: Crash in CLI tool, no security impact +CVE-2018-25033 (ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_ ...) + {DLA-3019-1} + - admesh 0.98.4-2 (bug #1010770) + [bullseye] - admesh (Minor issue; can be fixed via point release) + [buster] - admesh (Minor issue; can be fixed via point release) + NOTE: https://github.com/admesh/admesh/issues/28 + NOTE: https://github.com/admesh/admesh/commit/e84d8353f1347e1f26f0a95770d92ba14e6ede38 +CVE-2022-1620 (NULL Pointer Dereference in function vim_regexec_string at regexp.c:27 ...) + - vim 2:9.0.0135-1 (unimportant) + NOTE: https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51 + NOTE: https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f (v8.2.4901) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1619 (Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub r ...) + {DLA-3204-1 DLA-3011-1} + - vim 2:9.0.0135-1 (bug #1015984; unimportant) + NOTE: https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450 + NOTE: https://github.com/vim/vim/commit/ef02f16609ff0a26ffc6e20263523424980898fe (v8.2.4899) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1618 + RESERVED +CVE-2022-1617 + RESERVED +CVE-2022-30334 (Brave before 1.34, when a Private Window with Tor Connectivity is used ...) + - brave-browser (bug #864795) +CVE-2022-30333 (RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal ...) + {DLA-3534-1} + - unrar-nonfree 1:6.1.7-1 (bug #1010837) + [bullseye] - unrar-nonfree 1:6.0.3-1+deb11u1 + [buster] - unrar-nonfree 1:5.6.6-1+deb10u1 + [stretch] - unrar-nonfree (Non-free not supported) + - rar 2:6.20~b1-0.1 (bug #1012228) + [bullseye] - rar 2:6.20-0.1~deb11u1 + [stretch] - rar (Non-free not supported) + NOTE: 6.12 application version corresponds to 6.1.7 source version: + NOTE: https://github.com/debian-calibre/unrar-nonfree/compare/upstream/6.1.6...upstream/6.1.7 +CVE-2022-30332 (In Talend Administration Center 7.3.1.20200219 before TAC-15950, the F ...) + NOT-FOR-US: Talend +CVE-2022-30331 (The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows in ...) + NOT-FOR-US: TigerGraph +CVE-2022-30330 (In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface ...) + NOT-FOR-US: KeepKey firmware +CVE-2022-30329 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. A ...) + NOT-FOR-US: TRENDnet +CVE-2022-30328 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) + NOT-FOR-US: TRENDnet +CVE-2022-30327 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) + NOT-FOR-US: TRENDnet +CVE-2022-30326 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) + NOT-FOR-US: TRENDnet +CVE-2022-30325 (An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. T ...) + NOT-FOR-US: TRENDnet +CVE-2022-30324 (HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were im ...) + - nomad (In Debian Nomad doesn't bundle go-getter, but build depends a shared deb) +CVE-2022-30323 (go-getter up to 1.5.11 and 2.0.2 panicked when processing password-pro ...) + - golang-github-hashicorp-go-getter (bug #1011741) + [bookworm] - golang-github-hashicorp-go-getter (Minor issue) + [bullseye] - golang-github-hashicorp-go-getter (Minor issue) + [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 + NOTE: https://github.com/hashicorp/go-getter/pull/359 + NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) +CVE-2022-30322 (go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustio ...) + - golang-github-hashicorp-go-getter (bug #1011741) + [bookworm] - golang-github-hashicorp-go-getter (Minor issue) + [bullseye] - golang-github-hashicorp-go-getter (Minor issue) + [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 + NOTE: https://github.com/hashicorp/go-getter/pull/359 + NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) +CVE-2022-30321 (go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go- ...) + - golang-github-hashicorp-go-getter (bug #1011741) + [bookworm] - golang-github-hashicorp-go-getter (Minor issue) + [bullseye] - golang-github-hashicorp-go-getter (Minor issue) + [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 + NOTE: https://github.com/hashicorp/go-getter/pull/359 + NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) +CVE-2022-1616 (Use after free in append_command in GitHub repository vim/vim prior to ...) + {DLA-3182-1 DLA-3011-1} + - vim 2:9.0.0135-1 (bug #1015984) + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2 + NOTE: https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c (v8.2.4895) +CVE-2022-30320 (Saia Burgess Controls (SBC) PCD through 2022-05-06 uses a Broken or Ri ...) + NOT-FOR-US: Saia Burgess Controls +CVE-2022-30319 (Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authenticati ...) + NOT-FOR-US: Saia Burgess Controls +CVE-2022-30318 (Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. Acco ...) + NOT-FOR-US: Honeywell +CVE-2022-30317 (Honeywell Experion LX through 2022-05-06 has Missing Authentication fo ...) + NOT-FOR-US: Honeywell +CVE-2022-30316 (Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verificati ...) + NOT-FOR-US: Honeywell +CVE-2022-30315 (Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 ...) + NOT-FOR-US: Honeywell +CVE-2022-30314 (Honeywell Experion PKS Safety Manager 5.02 uses Hard-coded Credentials ...) + NOT-FOR-US: Honeywell +CVE-2022-30313 (Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing A ...) + NOT-FOR-US: Honeywell +CVE-2022-30312 (The Trend Controls IC protocol through 2022-05-06 allows Cleartext Tra ...) + NOT-FOR-US: Trend Controls IC protocol +CVE-2022-30311 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) + NOT-FOR-US: Festo +CVE-2022-30310 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) + NOT-FOR-US: Festo +CVE-2022-30309 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) + NOT-FOR-US: Festo +CVE-2022-30308 (In Festo Controller CECC-X-M1 product family in multiple versions, the ...) + NOT-FOR-US: Festo +CVE-2022-30307 (A key management error vulnerability [CWE-320] affecting the RSA SSH h ...) + NOT-FOR-US: FortiGuard +CVE-2022-30306 (A stack-based buffer overflow vulnerability [CWE-121] in the CA sign f ...) + NOT-FOR-US: Fortinet +CVE-2022-30305 (An insufficient logging [CWE-778] vulnerability in FortiSandbox versio ...) + NOT-FOR-US: FortiGuard +CVE-2022-30304 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: Fortinet +CVE-2022-30303 (Animproper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-30302 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiDece ...) + NOT-FOR-US: Fortinet +CVE-2022-30301 (A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through ...) + NOT-FOR-US: Fortinet +CVE-2022-30300 (A relative path traversal vulnerability [CWE-23] in FortiWeb 7.0.0 thr ...) + NOT-FOR-US: Fortinet +CVE-2022-30299 (A path traversal vulnerability [CWE-23] in the API of FortiWeb 7.0.0 t ...) + NOT-FOR-US: Fortinet +CVE-2022-30298 (An improper privilege management vulnerability [CWE-269] in Fortinet F ...) + NOT-FOR-US: FortiGuard +CVE-2022-29509 (Directory traversal vulnerability in T&D Data Server (Japanese Edition ...) + NOT-FOR-US: T&D Data Server +CVE-2022-29483 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...) + NOT-FOR-US: ABB e-Design +CVE-2022-28702 (Incorrect Default Permissions vulnerability in ABB e-Design allows att ...) + NOT-FOR-US: ABB e-Design +CVE-2022-1615 (In Samba, GnuTLS gnutls_rnd() can fail and give predictable random val ...) + [experimental] - samba 2:4.17.0+dfsg-1 + - samba 2:4.16.5+dfsg-2 (bug #1021024) + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Vulnerable code introduced later) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15103 + NOTE: https://gitlab.com/samba-team/samba/-/merge_requests/2644 + NOTE: Introduced by: https://gitlab.com/samba-team/samba/-/commit/664eed2e926f8f572b81e6d7c8e09b7ccbafb908 (samba-4.12.0) + NOTE: Fixed by: https://gitlab.com/samba-team/samba/-/commit/9849e7440e30853c61a80ce1f11b7b244ed766fe (samba-4.17.0rc1) +CVE-2022-1614 (The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1613 (The Restricted Site Access WordPress plugin before 7.3.2 prioritizes g ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1612 (The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1611 (The Bulk Page Creator WordPress plugin before 1.1.4 does not protect i ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1610 (The Seamless Donations WordPress plugin before 5.1.9 does not have CSR ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1609 + RESERVED +CVE-2022-1608 (The OnePress Social Locker WordPress plugin through 5.6.2 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1607 (Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus Sys ...) + NOT-FOR-US: ABB +CVE-2022-1606 (Incorrect privilege assignment in M-Files Server versions before 22.3. ...) + NOT-FOR-US: M-Files Server +CVE-2022-1605 (The Email Users WordPress plugin through 4.8.8 does not have CSRF chec ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1604 (The MailerLite WordPress plugin before 1.5.4 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1603 (The Mail Subscribe List WordPress plugin before 2.1.4 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30295 (uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable D ...) + - uclibc (unimportant) + NOTE: https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/ + NOTE: https://mailman.openadk.org/mailman3/hyperkitty/list/devel@uclibc-ng.org/thread/6JWRW3P4VN54J5FHUDK7IQOU4V35HHDZ/ + NOTE: src:uclibc switched to the uClibc-ng source codebase with the 1.0.20-1 upload. +CVE-2022-30294 + REJECTED +CVE-2022-30293 (In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based bu ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.1-1 +CVE-2022-29894 (Strapi v3.x.x versions and earlier contain a stored cross-site scripti ...) + NOT-FOR-US: Strapi +CVE-2022-1602 (A potential security vulnerability has been identified in HP ThinPro 7 ...) + NOT-FOR-US: HP +CVE-2022-1601 (The User Access Manager WordPress plugin before 2.2.18 prioritizes get ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1600 (The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1599 (The Admin Management Xtended WordPress plugin before 2.4.5 does not ha ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1598 (The WPQA Builder WordPress plugin before 5.5 which is a companion to t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1597 (The WPQA Builder WordPress plugin before 5.4, used as a companion for ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1596 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: ABB REX640 +CVE-2022-1595 (The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1594 (The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1593 (The Site Offline or Coming Soon WordPress plugin through 1.6.6 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1592 (Server-Side Request Forgery in scout in GitHub repository clinical-gen ...) + NOT-FOR-US: clinical-genomics/scout +CVE-2022-1591 (The WordPress Ping Optimizer WordPress plugin before 2.35.1.3.0 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1590 (A vulnerability was found in Bludit 3.13.1. It has been declared as pr ...) + NOT-FOR-US: Bludit +CVE-2022-1589 (The Change wp-admin login WordPress plugin before 1.1.0 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30292 (Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lac ...) + - squirrel3 (bug #1014539) + [bullseye] - squirrel3 (Minor issue) + [buster] - squirrel3 (Minor issue) + [stretch] - squirrel3 (Minor issue) + NOTE: https://github.com/albertodemichelis/squirrel/commit/a6413aa690e0bdfef648c68693349a7b878fe60d + NOTE: https://github.com/sprushed/CVE-2022-30292 +CVE-2022-30291 + RESERVED +CVE-2022-30290 (In OpenCTI through 5.2.4, a broken access control vulnerability has be ...) + NOT-FOR-US: OpenCTI +CVE-2022-30289 (A stored Cross-site Scripting (XSS) vulnerability was identified in th ...) + NOT-FOR-US: OpenCTI +CVE-2022-30288 (Agoo before 2.14.3 does not reject GraphQL fragment spreads that form ...) + NOT-FOR-US: Ruby gem agoo +CVE-2022-30287 (Horde Groupware Webmail Edition through 5.2.22 allows a reflection inj ...) + {DLA-3090-1} + - php-horde-turba 4.2.25-6 (bug #1012279) + NOTE: https://blog.sonarsource.com/horde-webmail-rce-via-email/ + NOTE: https://lists.horde.org/archives/horde/Week-of-Mon-20220530/059225.html + NOTE: Possible alternative patch: https://github.com/horde/turba/pull/7 + NOTE: Fixed by: https://github.com/horde/turba/commit/0d1e74802dd2ff8758c5b1dd5323a0101d49897d (v4.2.26) + NOTE: Fixed by: https://github.com/horde/turba/commit/3bccab322af4ae96d5925f0ce9f9af0978af924b (v4.2.26) +CVE-2022-30286 (pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 ...) + NOT-FOR-US: pyscriptjs +CVE-2022-30285 (In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash ...) + NOT-FOR-US: Quest KACE System Management Appliance +CVE-2022-30284 (In the python-libnmap package through 0.7.2 for Python, remote command ...) + NOTE: Bogus python-libnmap issue +CVE-2022-30283 (In UsbCoreDxe, tampering with the contents of the USB working buffer u ...) + NOT-FOR-US: Insyde +CVE-2022-30282 + RESERVED +CVE-2022-30281 + RESERVED +CVE-2022-30280 (/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF ...) + NOT-FOR-US: Nokia +CVE-2022-30279 (An issue was discovered in Stormshield Network Security (SNS) 4.3.x be ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2022-30278 (A vulnerability in Black Duck Hub\u2019s embedded MadCap Flare documen ...) + NOT-FOR-US: Black Duck Hub +CVE-2022-30277 (BD Synapsys\u2122, versions 4.20, 4.20 SR1, and 4.30, contain an insuf ...) + NOT-FOR-US: BD Synapsys +CVE-2022-30276 (The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an au ...) + NOT-FOR-US: Motorola +CVE-2022-30275 (The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cl ...) + NOT-FOR-US: Motorola +CVE-2022-30274 (The Motorola ACE1000 RTU through 2022-05-02 uses ECB encryption unsafe ...) + NOT-FOR-US: Motorola +CVE-2022-30273 (The Motorola MDLC protocol through 2022-05-02 mishandles message integ ...) + NOT-FOR-US: Motorola +CVE-2022-30272 (The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integr ...) + NOT-FOR-US: Motorola +CVE-2022-30271 (The Motorola ACE1000 RTU through 2022-05-02 ships with a hardcoded SSH ...) + NOT-FOR-US: Motorola +CVE-2022-30270 (The Motorola ACE1000 RTU through 2022-05-02 has default credentials. I ...) + NOT-FOR-US: Motorola +CVE-2022-30269 (Motorola ACE1000 RTUs through 2022-05-02 mishandle application integri ...) + NOT-FOR-US: Motorola +CVE-2022-30268 + RESERVED +CVE-2022-30267 + RESERVED +CVE-2022-30266 + RESERVED +CVE-2022-30265 + RESERVED +CVE-2022-30264 (The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perfo ...) + NOT-FOR-US: Emerson +CVE-2022-30263 + RESERVED +CVE-2022-30262 (The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mish ...) + NOT-FOR-US: Emerson +CVE-2022-30261 + RESERVED +CVE-2022-30260 (Emerson DeltaV Distributed Control System (DCS) has insufficient verif ...) + NOT-FOR-US: Emerson DeltaV Distributed Control System (DCS) +CVE-2022-1588 + REJECTED +CVE-2022-1587 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) + {DLA-3363-1} + - pcre2 10.40-1 (bug #1011954) + [bullseye] - pcre2 10.36-2+deb11u1 + [stretch] - pcre2 (Minor issue) + NOTE: https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0 (pcre2-10.40) +CVE-2022-1586 (An out-of-bounds read vulnerability was discovered in the PCRE2 librar ...) + {DLA-3363-1} + - pcre2 10.40-1 (bug #1011954) + [bullseye] - pcre2 10.36-2+deb11u1 + [stretch] - pcre2 (Minor issue) + NOTE: https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a (pcre2-10.40) + NOTE: https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c (pcre2-10.40) +CVE-2022-1585 (The Project Source Code Download WordPress plugin through 1.0.0 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30259 + RESERVED +CVE-2022-30258 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) + NOT-FOR-US: Technitium DNS Server +CVE-2022-30257 (An issue was discovered in Technitium DNS Server through 8.0.2 that al ...) + NOT-FOR-US: Technitium DNS Server +CVE-2022-30256 (An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allo ...) + {DSA-5441-1 DLA-3457-1} + - maradns 2.0.13-1.5 (bug #1033252) + NOTE: https://maradns.samiam.org/security.html#CVE-2022-30256 + NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-manylabel-TTL.patch + NOTE: https://raw.githubusercontent.com/samboy/MaraDNS/73af12e71890055f1728c1b7ccd900401f2fdf03/deadwood-github/update/3.4.03/deadwood-3.4.02-cname-TTL.patch +CVE-2022-30255 + RESERVED +CVE-2022-30254 + RESERVED +CVE-2022-30253 + RESERVED +CVE-2022-30252 + RESERVED +CVE-2022-30251 + RESERVED +CVE-2022-30250 + RESERVED +CVE-2022-30249 + RESERVED +CVE-2022-30248 + RESERVED +CVE-2022-30247 + RESERVED +CVE-2022-30246 + RESERVED +CVE-2022-30245 (Honeywell Alerton Compass Software 1.6.5 allows unauthenticated config ...) + NOT-FOR-US: Honeywell +CVE-2022-30244 (Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allow ...) + NOT-FOR-US: Honeywell +CVE-2022-30243 (Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticat ...) + NOT-FOR-US: Honeywell +CVE-2022-30242 (Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allow ...) + NOT-FOR-US: Honeywell +CVE-2022-30241 (The jquery.json-viewer library through 1.4.0 for Node.js does not prop ...) + NOT-FOR-US: Node jquery.json-viewer +CVE-2022-30240 (An argument injection vulnerability in the browser-based authenticatio ...) + NOT-FOR-US: Magnitude Simba Amazon Redshift JDBC Driver +CVE-2022-30239 (An argument injection vulnerability in the browser-based authenticatio ...) + NOT-FOR-US: Magnitude Simba Amazon Athena JDBC Driver +CVE-2022-30238 (A CWE-287: Improper Authentication vulnerability exists that could all ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30237 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists t ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30236 (A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability e ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30235 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30234 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30233 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30232 (A CWE-20: Improper Input Validation vulnerability exists that could ca ...) + NOT-FOR-US: Schneider Electric +CVE-2022-30231 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) + NOT-FOR-US: Siemens +CVE-2022-30230 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) + NOT-FOR-US: Siemens +CVE-2022-30229 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) + NOT-FOR-US: Siemens +CVE-2022-30228 (A vulnerability has been identified in SICAM GridEdge Essential ARM (A ...) + NOT-FOR-US: Siemens +CVE-2022-1584 (Reflected XSS in GitHub repository microweber/microweber prior to 1.2. ...) + NOT-FOR-US: microweber +CVE-2022-1583 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1582 (The External Links in New Window / New Tab WordPress plugin before 1.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1581 (The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1580 (The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1579 (The function check_is_login_page() uses headers for the IP check, whic ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1578 (The My wpdb WordPress plugin before 2.5 is missing CSRF check when run ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1577 (The Database Backup for WordPress plugin before 2.5.2 does not have CS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1576 (The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1575 (Arbitrary Code Execution through Sanitizer Bypass in GitHub repository ...) + NOT-FOR-US: jgraph/drawio +CVE-2022-1574 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1573 (The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1572 (The HTML2WP WordPress plugin through 1.0.0 does not have authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1571 (Cross-site scripting - Reflected in Create Subaccount in GitHub reposi ...) + NOT-FOR-US: facturascripts +CVE-2022-1570 (The Files Download Delay WordPress plugin before 1.0.7 does not have a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1569 (The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1568 (The Team Members WordPress plugin before 5.1.1 does not escape some of ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46810 + RESERVED +CVE-2021-46809 + RESERVED +CVE-2021-46808 + RESERVED +CVE-2021-46807 + RESERVED +CVE-2021-46806 + RESERVED +CVE-2021-46805 + RESERVED +CVE-2021-46804 + RESERVED +CVE-2021-46803 + RESERVED +CVE-2021-46802 + RESERVED +CVE-2021-46801 + RESERVED +CVE-2021-46800 + RESERVED +CVE-2021-46799 + REJECTED +CVE-2021-46798 + RESERVED +CVE-2021-46797 + RESERVED +CVE-2021-46796 + REJECTED +CVE-2021-46795 (A TOCTOU (time-of-check to time-of-use) vulnerability exists where an ...) + NOT-FOR-US: AMD +CVE-2021-46794 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...) + NOT-FOR-US: AMD +CVE-2021-46793 + REJECTED +CVE-2021-46792 (Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow a ...) + NOT-FOR-US: AMD +CVE-2021-46791 (Insufficient input validation during parsing of the System Management ...) + NOT-FOR-US: AMD +CVE-2022-30227 + RESERVED +CVE-2022-30226 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30225 (Windows Media Player Network Sharing Service Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-30224 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-30223 (Windows Hyper-V Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30222 (Windows Shell Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30221 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30220 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-30219 + RESERVED +CVE-2022-30218 + RESERVED +CVE-2022-30217 + RESERVED +CVE-2022-30216 (Windows Server Service Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30215 (Active Directory Federation Services Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-30214 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30213 (Windows GDI+ Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30212 (Windows Connected Devices Platform Service Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-30211 (Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-30210 + RESERVED +CVE-2022-30209 (Windows IIS Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30208 (Windows Security Account Manager (SAM) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30207 + RESERVED +CVE-2022-30206 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30205 (Windows Group Policy Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30204 + RESERVED +CVE-2022-30203 (Windows Boot Manager Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30202 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-30201 + RESERVED +CVE-2022-30200 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30199 + RESERVED +CVE-2022-30198 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-30197 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30196 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30195 + RESERVED +CVE-2022-30194 (Windows WebBrowser Control Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30193 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2022-30192 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-30191 + RESERVED +CVE-2022-30190 (Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-30189 (Windows Autopilot Device Management and Enrollment Client Spoofing Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-30188 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-30187 (Azure Storage Library Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30186 + RESERVED +CVE-2022-30185 + RESERVED +CVE-2022-30184 (.NET and Visual Studio Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft .NET +CVE-2022-30183 + RESERVED +CVE-2022-30182 + RESERVED +CVE-2022-30181 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30180 (Azure RTOS GUIX Studio Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30179 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-30178 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-30177 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-30176 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30175 (Azure RTOS GUIX Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30174 (Microsoft Office Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30173 (Microsoft Excel Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30172 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-30171 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-30170 (Windows Credential Roaming Service Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-30169 + RESERVED +CVE-2022-30168 (Microsoft Photos App Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30167 (AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2022-30166 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-30165 (Windows Kerberos Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30164 (Kerberos AppContainer Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30163 (Windows Hyper-V Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30162 (Windows Kernel Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30161 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30160 (Windows Advanced Local Procedure Call Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-30159 (Microsoft Office Information Disclosure Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-30158 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-30157 (Microsoft SharePoint Server Remote Code Execution Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-30156 + RESERVED +CVE-2022-30155 (Windows Kernel Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30154 (Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Pr ...) + NOT-FOR-US: Microsoft +CVE-2022-30153 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30152 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-30151 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2022-30150 (Windows Defender Remote Credential Guard Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-30149 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30148 (Windows Desired State Configuration (DSC) Information Disclosure Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-30147 (Windows Installer Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30146 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30145 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-30144 (Windows Bluetooth Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30143 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30142 (Windows File History Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30141 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30140 (Windows iSCSI Discovery Service Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30139 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-30138 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-30137 (Azure Service Fabric Container Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30136 (Windows Network File System Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30135 (Windows Media Center Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30134 (Microsoft Exchange Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30133 (Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-30132 (Windows Container Manager Service Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2022-30131 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-30130 (.NET Framework Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-30129 (Visual Studio Code Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-30128 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-30127 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-1567 (The WP-JS plugin for WordPress contains a script called wp-js.php with ...) + NOT-FOR-US: WP-JS plugin for WordPress +CVE-2022-1566 (The Quotes llama WordPress plugin before 1.0.0 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1565 (The plugin WP All Import is vulnerable to arbitrary file uploads due t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1564 (The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1563 + RESERVED +CVE-2022-1562 (The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploade ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1561 (Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions ...) + NOT-FOR-US: Lura Project +CVE-2022-1560 (The Amministrazione Aperta WordPress plugin before 3.8 does not valida ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1559 (The Clipr WordPress plugin through 1.2.3 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1558 (The Curtain WordPress plugin through 1.0.2 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1557 (The ULeak Security & Monitoring WordPress plugin through 1.2.3 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1556 (The StaffList WordPress plugin before 3.1.5 does not properly sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1555 (DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/micro ...) + NOT-FOR-US: microweber +CVE-2022-1554 (Path Traversal due to `send_file` call in GitHub repository clinical-g ...) + NOT-FOR-US: clinical-genomics/scout +CVE-2022-30126 (In Apache Tika, a regular expression in our StandardsText class, used ...) + - tika (bug #1015002) + [bullseye] - tika (Minor issue) + [buster] - tika (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/3 +CVE-2022-1553 (Leaking password protected articles content due to improper access con ...) + NOT-FOR-US: Publify +CVE-2022-1552 (A flaw was found in PostgreSQL. There is an issue with incomplete effo ...) + {DSA-5136-1 DSA-5135-1} + - postgresql-14 14.3-1 + - postgresql-13 + - postgresql-11 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=ab49ce7c3414ac19e4afb386d7843ce2d2fb8bda (REL_14_3) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=677a494789062ca88e0142a17bedd5415f6ab0aa (REL_14_3) +CVE-2019-25060 (The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30125 + RESERVED +CVE-2022-30124 (An improper authentication vulnerability exists in Rocket.Chat Mobile ...) + NOT-FOR-US: Rocket.Chat Mobile App +CVE-2022-30123 (A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 a ...) + {DSA-5530-1 DLA-3095-1} + - ruby-rack 2.2.4-1 + NOTE: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8 + NOTE: https://github.com/advisories/GHSA-wq4h-7r42-5hrr + NOTE: https://github.com/rack/rack/commit/b426cc224908ec6ed6eb8729325392b048215d88 (main) +CVE-2022-30122 (A possible denial of service vulnerability exists in Rack <2.0.9.1, <2 ...) + {DSA-5530-1 DLA-3095-1} + - ruby-rack 2.2.4-1 + NOTE: https://groups.google.com/g/ruby-security-ann/c/L2Axto442qk + NOTE: https://github.com/advisories/GHSA-hxqx-xwvh-44m2 + NOTE: https://github.com/rack/rack/commit/d286516cbd58fbb2ad6944ce9040e9ba96d9371a (3.0.0.beta1) + NOTE: https://github.com/rack/rack/commit/a872bcce127a6f4a0f16af8f28b686955ba32814 (2.2.3.1) + NOTE: https://github.com/rack/rack/commit/41be3d7f3fd73ccf246ad97c3831d02f99d2ce84 (2.1.4.1) +CVE-2022-30121 (The \u201cLANDesk(R) Management Agent\u201d service exposes a socket a ...) + NOT-FOR-US: Ivanti +CVE-2022-30120 (XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. Whe ...) + NOT-FOR-US: Concrete CMS +CVE-2022-30119 (XSS in /dashboard/reports/logs/view - old browsers only. When using In ...) + NOT-FOR-US: Concrete CMS +CVE-2022-30118 (Title for CVE: XSS in /dashboard/system/express/entities/forms/save_co ...) + NOT-FOR-US: Concrete CMS +CVE-2022-30117 (Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow t ...) + NOT-FOR-US: Concrete CMS +CVE-2022-30116 + RESERVED +CVE-2022-30115 (Using its HSTS support, curl can be instructed to use HTTPS directly i ...) + - curl 7.83.1-1 + [bullseye] - curl (Vulnerable code introduced later) + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/6 + NOTE: https://curl.se/docs/CVE-2022-30115.html + NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/fae6fea209a2d4db1582f608bd8cc8000721733a (curl-7_83_1) +CVE-2022-1551 (The SP Project & Document Manager WordPress plugin before 4.58 uses an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1550 + REJECTED +CVE-2022-1549 (The WP Athletics WordPress plugin through 1.1.7 does not sanitize para ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1548 (Mattermost Playbooks plugin 1.25 and earlier fails to properly restric ...) + NOT-FOR-US: Mattermost Playbooks plugin +CVE-2022-1547 (The Check & Log Email WordPress plugin before 1.0.6 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1546 (The WooCommerce - Product Importer WordPress plugin through 1.5.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-30114 (A heap-based buffer overflow in a network service in Fastweb FASTGate ...) + NOT-FOR-US: Fastweb +CVE-2022-30113 (Electronic mall system 1.0_build20200203 is affected vulnerable to SQL ...) + NOT-FOR-US: Electronic mall system +CVE-2022-30112 + RESERVED +CVE-2022-30111 (Due to the use of an insecure algorithm for rolling codes in MCK Smart ...) + NOT-FOR-US: MCK Smartlock +CVE-2022-30110 (The file preview functionality in Jirafeau < 4.4.0, which is enabled b ...) + NOT-FOR-US: Jirafeau +CVE-2022-30109 + RESERVED +CVE-2022-30108 + RESERVED +CVE-2022-30107 + RESERVED +CVE-2022-30106 + RESERVED +CVE-2022-30105 (In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden ...) + NOT-FOR-US: Belkin +CVE-2022-30104 + RESERVED +CVE-2022-30103 + RESERVED +CVE-2022-30102 + RESERVED +CVE-2022-30101 + RESERVED +CVE-2022-30100 + RESERVED +CVE-2022-30099 + RESERVED +CVE-2022-30098 + RESERVED +CVE-2022-30097 + RESERVED +CVE-2022-30096 + RESERVED +CVE-2022-30095 + RESERVED +CVE-2022-30094 + RESERVED +CVE-2022-30093 + RESERVED +CVE-2022-30092 + RESERVED +CVE-2022-30091 + RESERVED +CVE-2022-30090 + RESERVED +CVE-2022-30089 + RESERVED +CVE-2022-30088 + RESERVED +CVE-2022-30087 + RESERVED +CVE-2022-30086 + RESERVED +CVE-2022-30085 + RESERVED +CVE-2022-30084 + RESERVED +CVE-2022-30083 (EllieGrid Android Application version 3.4.1 is vulnerable to Code Inje ...) + NOT-FOR-US: EllieGrid Android Application +CVE-2022-30082 + RESERVED +CVE-2022-30081 + RESERVED +CVE-2022-30080 + RESERVED +CVE-2022-30079 (Command injection vulnerability was discovered in Netgear R6200 v2 fir ...) + NOT-FOR-US: Netgear +CVE-2022-30078 (NETGEAR R6200_V2 firmware versions through R6200v2-V1.0.3.12_10.1.11 a ...) + NOT-FOR-US: Netgear +CVE-2022-30077 + RESERVED +CVE-2022-30076 (ENTAB ERP 1.0 allows attackers to discover users' full names via a bru ...) + NOT-FOR-US: ENTAB ERP +CVE-2022-30075 (In TP-Link Router AX50 firmware 210730 and older, import of a maliciou ...) + NOT-FOR-US: TP-Link +CVE-2022-30074 + RESERVED +CVE-2022-30073 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/ ...) + NOT-FOR-US: WBCE CMS +CVE-2022-30072 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\ ...) + NOT-FOR-US: WBCE CMS +CVE-2022-30071 + RESERVED +CVE-2022-30070 + RESERVED +CVE-2022-30069 + RESERVED +CVE-2022-30068 + RESERVED +CVE-2022-30067 (GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a ...) + {DLA-3659-1} + - gimp 2.10.32-1 (unimportant) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/issues/8120 + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/4f99f1fcfd892ead19831b5adcd38a99d71214b6 (master) + NOTE: https://gitlab.gnome.org/GNOME/gimp/-/commit/8cd6d05232795ac31076013db1c6be3dc67e8e09 (gimp-2-10) + NOTE: Crash in GUI application, no security impact +CVE-2022-30066 + RESERVED +CVE-2022-30065 (A use-after-free in Busybox 1.35-x's awk applet leads to denial of ser ...) + - busybox 1:1.36.1-1 (unimportant) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=14781 + NOTE: https://git.busybox.net/busybox/commit/?id=e63d7cdfdac78c6fd27e9e63150335767592b85e (1_36_0) + NOTE: Crash in CLI tool, no security impact +CVE-2022-30064 + RESERVED +CVE-2022-30063 (ftcms <=2.1 was discovered to be vulnerable to code execution attacks ...) + NOT-FOR-US: ftcms +CVE-2022-30062 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via ...) + NOT-FOR-US: ftcms +CVE-2022-30061 (ftcms <=2.1 was discovered to be vulnerable to directory traversal att ...) + NOT-FOR-US: ftcms +CVE-2022-30060 (ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write vi ...) + NOT-FOR-US: ftcms +CVE-2022-30059 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vu ...) + NOT-FOR-US: Shopwind +CVE-2022-30058 (Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download ...) + NOT-FOR-US: Shopwind +CVE-2022-30057 (Shopwind <=v3.4.2 was discovered to contain a stored cross-site script ...) + NOT-FOR-US: Shopwind +CVE-2022-30056 + RESERVED +CVE-2022-30055 (Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that ...) + NOT-FOR-US: Prime95 +CVE-2022-30054 (In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerab ...) + NOT-FOR-US: Covid 19 Travel Pass Management +CVE-2022-30053 (In Toll Tax Management System 1.0, the id parameter appears to be vuln ...) + NOT-FOR-US: Toll Tax Management System +CVE-2022-30052 (In Home Clean Service System 1.0, the password parameter is vulnerable ...) + NOT-FOR-US: Home Clean Service System +CVE-2022-30051 + RESERVED +CVE-2022-30050 (Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Gnuboard +CVE-2022-30049 (A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attacker ...) + NOT-FOR-US: Rebuild +CVE-2022-30048 (Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-30047 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-30046 + RESERVED +CVE-2022-30045 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + - mapcache (unimportant; bug #1014389) + - scilab (unimportant; bug #1014391) + - netcdf 1:4.9.0-1 + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/29/ + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2022-30044 + RESERVED +CVE-2022-30043 + RESERVED +CVE-2022-30042 + RESERVED +CVE-2022-30041 + RESERVED +CVE-2022-30040 (Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulne ...) + NOT-FOR-US: Tenda +CVE-2022-30039 + RESERVED +CVE-2022-30038 + RESERVED +CVE-2022-30037 (XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP fi ...) + NOT-FOR-US: XunRuiCMS +CVE-2022-30036 (MA Lighting grandMA2 Light has a password of root for the root account ...) + NOT-FOR-US: MA Lighting grandMA2 Light +CVE-2022-30035 + RESERVED +CVE-2022-30034 (Flower, a web UI for the Celery Python RPC framework, all versions as ...) + NOT-FOR-US: Flower +CVE-2022-30033 (Tenda TX9 Pro V22.03.02.10 is vulnerable to Buffer Overflow via the fu ...) + NOT-FOR-US: Tenda +CVE-2022-30032 + RESERVED +CVE-2022-30031 + RESERVED +CVE-2022-30030 + RESERVED +CVE-2022-30029 + RESERVED +CVE-2022-30028 (Dradis Professional Edition before 4.3.0 allows attackers to change an ...) + NOT-FOR-US: Dradis +CVE-2022-30027 + RESERVED +CVE-2022-30026 + RESERVED +CVE-2022-30025 (SQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence ...) + NOT-FOR-US: tCredence Analytics iDEAL Wealth and Funds +CVE-2022-30024 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmwa ...) + NOT-FOR-US: TP-Link +CVE-2022-30023 (Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Comma ...) + NOT-FOR-US: Tenda +CVE-2022-30022 + RESERVED +CVE-2022-30021 + RESERVED +CVE-2022-30020 + RESERVED +CVE-2022-30019 + RESERVED +CVE-2022-30018 (Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Prote ...) + NOT-FOR-US: Mobotix Control Center (MxCC) +CVE-2022-30017 (Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-30016 (Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Acces ...) + NOT-FOR-US: Rescue Dispatch Management System +CVE-2022-30015 (In Simple Food Website 1.0, a moderation can put the Cross Site Script ...) + NOT-FOR-US: Simple Food Website +CVE-2022-30014 (Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site ...) + NOT-FOR-US: Lumidek Associates Simple Food Website +CVE-2022-30013 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...) + NOT-FOR-US: totaljs CMS +CVE-2022-30012 (In the POST request of the appointment.php page of HMS v.0, there are ...) + NOT-FOR-US: HMS +CVE-2022-30011 (In HMS 1.0 when requesting appointment.php through POST, multiple para ...) + NOT-FOR-US: HMS +CVE-2022-30010 + RESERVED +CVE-2022-30009 + RESERVED +CVE-2022-30008 + RESERVED +CVE-2022-30007 (GXCMS V1.5 has a file upload vulnerability in the background. The vuln ...) + NOT-FOR-US: GXCMS +CVE-2022-30006 + RESERVED +CVE-2022-30005 + RESERVED +CVE-2022-30004 (Sourcecodester Online Market Place Site v1.0 suffers from an unauthent ...) + NOT-FOR-US: Sourcecodester Online Market Place Site +CVE-2022-30003 (Sourcecodester Online Market Place Site 1.0 is vulnerable to Cross Sit ...) + NOT-FOR-US: Sourcecodester Online Market Place Site +CVE-2022-30002 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) + NOT-FOR-US: Sourcecodester Insurance Management System +CVE-2022-30001 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) + NOT-FOR-US: Sourcecodester Insurance Management System +CVE-2022-30000 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) + NOT-FOR-US: Sourcecodester Insurance Management System +CVE-2022-29999 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) + NOT-FOR-US: Sourcecodester Insurance Management System +CVE-2022-29998 (Insurance Management System 1.0 is vulnerable to SQL Injection via /in ...) + NOT-FOR-US: Sourcecodester Insurance Management System +CVE-2022-29997 + RESERVED +CVE-2022-29996 + RESERVED +CVE-2022-29995 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29994 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29993 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29992 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29991 + RESERVED +CVE-2022-29990 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29989 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29988 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29987 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29986 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29985 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29984 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29983 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29982 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29981 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29980 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29979 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29978 (There is a floating point exception error in sixel_encoder_do_resize, ...) + - libsixel (bug #1014527) + [bookworm] - libsixel (Minor issue) + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/libsixel/libsixel/issues/63 + NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/166 +CVE-2022-29977 (There is an assertion failure error in stbi__jpeg_huff_decode, stb_ima ...) + - libsixel (bug #1014526) + [bookworm] - libsixel (Minor issue) + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/libsixel/libsixel/issues/62 + NOTE: Previously also reported in https://github.com/saitoha/libsixel/issues/165 +CVE-2022-29976 (An Authenticated Reflected Cross-site scripting at BCC Parameter was d ...) + NOT-FOR-US: MDaemon +CVE-2022-29975 (An Authenticated Reflected Cross-site scripting at CC Parameter was di ...) + NOT-FOR-US: MDaemon +CVE-2022-29974 + RESERVED +CVE-2022-29973 (relan exFAT 1.3.0 allows local users to obtain sensitive information ( ...) + [experimental] - fuse-exfat 1.4.0-1 + - fuse-exfat (bug #1014538) + [bookworm] - fuse-exfat (Minor issue) + [bullseye] - fuse-exfat (Minor issue) + [buster] - fuse-exfat (Minor issue) + [stretch] - fuse-exfat (Minor issue) + NOTE: https://github.com/relan/exfat/issues/185 + NOTE: https://github.com/relan/exfat/commit/d7e780da261d6c74fc7583d987f841c92c468838 (v1.4.0) + NOTE: https://github.com/relan/exfat/commit/d8d66f9a651b4223102af982b926043769c9428c (v1.4.0) +CVE-2022-29972 (An argument injection vulnerability in the browser-based authenticatio ...) + NOT-FOR-US: Magnitude Simba Amazon Redshift ODBC Driver +CVE-2022-29971 (An argument injection vulnerability in the browser-based authenticatio ...) + NOT-FOR-US: Magnitude Simba Amazon Athena ODBC Driver +CVE-2022-29970 (Sinatra before 2.2.0 does not validate that the expanded path matches ...) + {DLA-3166-1} + - ruby-sinatra 2.2.2-1 (bug #1014717) + NOTE: https://github.com/sinatra/sinatra/commit/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e (v2.2.0) +CVE-2022-29969 (The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rs ...) + NOT-FOR-US: RSS extension for MediaWiki +CVE-2022-29968 (An issue was discovered in the Linux kernel through 5.17.5. io_rw_init ...) + - linux 5.17.6-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/32452a3eb8b64e01e2be717f518c0be046975b9d (5.18-rc5) +CVE-2022-1545 (It was possible to disclose details of confidential notes created via ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-46790 (ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow i ...) + {DSA-5160-1 DLA-3055-1} + - ntfs-3g 1:2022.5.17-1 (bug #1011770) + NOTE: https://github.com/tuxera/ntfs-3g/issues/16 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/26/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-xchm-ph5h-hw4x + NOTE: Patches: https://github.com/tuxera/ntfs-3g/compare/2021.8.22...2022.5.17 + NOTE: https://github.com/tuxera/ntfs-3g/commit/96412e28e5c7ac2d15f1cff8c825330bbb60976e (2022.5.17) +CVE-2022-1544 (Formula Injection/CSV Injection due to Improper Neutralization of Form ...) + NOT-FOR-US: yii-helpers +CVE-2022-29967 (static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6. ...) + - glewlwyd 2.7.0-1 + [bullseye] - glewlwyd (Minor issue) + [buster] - glewlwyd (Minor issue) + NOTE: https://github.com/babelouest/glewlwyd/commit/e3f7245c33897bf9b3a75acfcdb8b7b93974bf11 +CVE-2022-29966 + RESERVED +CVE-2022-29965 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) + NOT-FOR-US: Emerson +CVE-2022-29964 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) + NOT-FOR-US: Emerson +CVE-2022-29963 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) + NOT-FOR-US: Emerson +CVE-2022-29962 (The Emerson DeltaV Distributed Control System (DCS) controllers and IO ...) + NOT-FOR-US: Emerson +CVE-2022-29961 + RESERVED +CVE-2022-29960 (Emerson OpenBSI through 2022-04-29 uses weak cryptography. It is an en ...) + NOT-FOR-US: Emerson +CVE-2022-29959 (Emerson OpenBSI through 2022-04-29 mishandles credential storage. It i ...) + NOT-FOR-US: Emerson +CVE-2022-29958 (JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. Th ...) + NOT-FOR-US: JTEKT TOYOPUC PLCs +CVE-2022-29957 (The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 ...) + NOT-FOR-US: Emerson +CVE-2022-29956 + RESERVED +CVE-2022-29955 + RESERVED +CVE-2022-29954 + RESERVED +CVE-2022-29953 (The Bently Nevada 3700 series of condition monitoring equipment throug ...) + NOT-FOR-US: Bently +CVE-2022-29952 (Bently Nevada condition monitoring equipment through 2022-04-29 mishan ...) + NOT-FOR-US: Bently +CVE-2022-29951 (JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They u ...) + NOT-FOR-US: JTEKT TOYOPUC PLCs +CVE-2022-29950 (Experian Hunter 1.16 allows remote authenticated users to modify assum ...) + NOT-FOR-US: Experian Hunter +CVE-2022-29949 + RESERVED +CVE-2022-29948 (Due to an insecure design, the Lepin EP-KP001 flash drive through KP00 ...) + NOT-FOR-US: Lepin +CVE-2022-29947 (Woodpecker before 0.15.1 allows XSS via build logs because web/src/com ...) + - woodpecker (bug #1008934) +CVE-2022-29946 + RESERVED +CVE-2022-29945 (DJI drone devices sold in 2017 through 2022 broadcast unencrypted info ...) + NOT-FOR-US: DJI drone devices +CVE-2022-29944 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29943 (Talend Administration Center has a vulnerability that allows an authen ...) + NOT-FOR-US: Talend Administration Center +CVE-2022-29942 (Talend Administration Center has a vulnerability that allows an authen ...) + NOT-FOR-US: Talend Administration Center +CVE-2022-29941 + RESERVED +CVE-2022-29940 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters f ...) + NOT-FOR-US: LibreHealth EHR +CVE-2022-29939 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters d ...) + NOT-FOR-US: LibreHealth EHR +CVE-2022-29938 (In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter pa ...) + NOT-FOR-US: LibreHealth EHR +CVE-2022-29937 (USU Oracle Optimization before 5.17.5 allows authenticated DataCollect ...) + NOT-FOR-US: USU Oracle Optimization +CVE-2022-29936 (USU Oracle Optimization before 5.17 allows authenticated quantum users ...) + NOT-FOR-US: USU Oracle Optimization +CVE-2022-29935 (USU Oracle Optimization before 5.17.5 allows attackers to discover the ...) + NOT-FOR-US: USU Oracle Optimization +CVE-2022-29934 (USU Oracle Optimization before 5.17.5 lacks Polkit authentication, whi ...) + NOT-FOR-US: USU Oracle Optimization +CVE-2022-29933 (Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who ...) + NOT-FOR-US: Craft CMS +CVE-2022-29932 (The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an ...) + NOT-FOR-US: PRIMEUR +CVE-2022-29931 (The administration interface of the Raytion Custom Security Manager (R ...) + NOT-FOR-US: Raytion +CVE-2022-29930 (SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the s ...) + NOT-FOR-US: JetBrains Ktor +CVE-2022-29929 (In JetBrains TeamCity before 2022.04 potential XSS via Referrer header ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-29928 (In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-29927 (In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-29922 (Improper Input Validation vulnerability in the handling of a specially ...) + NOT-FOR-US: Hitachi +CVE-2022-29918 (Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzz ...) + - firefox 100.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29918 +CVE-2022-29917 (Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and t ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29917 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29917 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29917 +CVE-2022-29916 (Firefox behaved slightly differently for already known resources when ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29916 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29916 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29916 +CVE-2022-29915 (The Performance API did not properly hide the fact whether a request c ...) + - firefox 100.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29915 +CVE-2022-29914 (When reusing existing popups Firefox would have allowed them to cover ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29914 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29914 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29914 +CVE-2022-29913 (The parent process would not properly check whether the Speech Synthes ...) + {DSA-5141-1 DLA-3020-1} + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29913 +CVE-2022-29912 (Requests initiated through reader mode did not properly omit cookies w ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29912 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29912 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29912 +CVE-2022-29911 (An improper implementation of the new iframe sandbox keyword all ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29911 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29911 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29911 +CVE-2022-29910 (When closed or sent to the background, Firefox for Android would not p ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29910 +CVE-2022-29909 (Documents in deeply-nested cross-origin browsing contexts could have o ...) + {DSA-5141-1 DSA-5129-1 DLA-3020-1 DLA-2994-1} + - firefox 100.0-1 + - firefox-esr 91.9.0esr-1 + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/#CVE-2022-29909 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/#CVE-2022-29909 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-29909 +CVE-2022-29492 (Improper Input Validation vulnerability in the handling of a malformed ...) + NOT-FOR-US: Hitachi +CVE-2022-29490 (Improper Authorization vulnerability exists in the Workplace X WebUI o ...) + NOT-FOR-US: Workplace X +CVE-2022-1543 (Improper handling of Length parameter in GitHub repository erudika/sco ...) + NOT-FOR-US: scoold +CVE-2022-1542 (The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1541 (The Video Slider WordPress plugin before 1.4.8 does not sanitize or es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1540 (The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1539 (The Exports and Reports WordPress plugin before 0.9.2 does not sanitiz ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1538 + RESERVED +CVE-2022-1537 (file.copy operations in GruntJS are vulnerable to a TOCTOU race condit ...) + {DLA-3383-1} + - grunt 1.5.3-1 + [bullseye] - grunt 1.3.0-1+deb11u2 + NOTE: https://huntr.dev/bounties/0179c3e5-bc02-4fc9-8491-a1a319b51b4d/ + NOTE: https://github.com/gruntjs/grunt/commit/58016ffac5ed9338b63ecc2a63710f5027362bae (v1.5.3) +CVE-2022-1536 (A vulnerability has been found in automad up to 1.10.9 and classified ...) + NOT-FOR-US: automad +CVE-2022-1535 + RESERVED +CVE-2022-1534 (Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszews ...) + - libmobi 0.11+dfsg-1 (bug #1011971) + NOTE: https://huntr.dev/bounties/9a90ffa1-38f5-4685-9c00-68ba9068ce3d + NOTE: https://github.com/bfabiszewski/libmobi/commit/fb1ab50e448ddbed746fd27ae07469bc506d838b (v0.11) +CVE-2022-1533 (Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0. ...) + - libmobi 0.11+dfsg-1 (bug #1011971) + NOTE: https://huntr.dev/bounties/cb574ce1-fbf7-42ea-9e6a-91e17adecdc3 + NOTE: https://github.com/bfabiszewski/libmobi/commit/eafc415bc6067e72577f70d6dd5acbf057ce6e6f (v0.11) +CVE-2022-1532 (Themify WordPress plugin before 1.3.8 does not sanitise and escape the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1531 (SQL injection vulnerability in ARAX-UI Synonym Lookup functionality in ...) + NOT-FOR-US: RTX +CVE-2022-1530 (Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehel ...) + NOT-FOR-US: livehelperchat +CVE-2022-1529 (An attacker could have sent a message to the parent process where the ...) + {DSA-5158-1 DSA-5143-1 DLA-3041-1 DLA-3021-1} + - firefox 100.0.2-1 + - firefox-esr 91.9.1esr-1 + - thunderbird 1:91.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-19/#CVE-2022-1529 + NOTE: https://www.zerodayinitiative.com/blog/2022/8/17/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-1 + NOTE: https://www.zerodayinitiative.com/blog/2022/8/23/but-you-told-me-you-were-safe-attacking-the-mozilla-firefox-renderer-part-2 +CVE-2022-1528 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1527 (The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4227 + RESERVED +CVE-2022-29908 (The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 ...) + NOT-FOR-US: Fabasoft +CVE-2022-29907 (The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d ...) + NOT-FOR-US: MediaWiki Nimbus skin +CVE-2022-29906 (The admin API module in the QuizGame extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki QuizGame extension +CVE-2022-29905 (The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d ...) + NOT-FOR-US: MediaWiki FanBoxes extension +CVE-2022-29904 (The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e ...) + NOT-FOR-US: MediaWiki SemanticDrilldown extension +CVE-2022-29903 (The Private Domains extension for MediaWiki through 1.37.2 (before 1ad ...) + NOT-FOR-US: MediaWiki Private Domains extension +CVE-2022-29902 + RESERVED +CVE-2022-1526 (A vulnerability, which was classified as problematic, was found in Eml ...) + NOT-FOR-US: Emlog Pro +CVE-2022-29901 (Intel microprocessor generations 6 to 8 are affected by a new Spectre ...) + {DSA-5207-1 DLA-3245-1 DLA-3102-1} + - linux 5.18.14-1 + NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ + NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html +CVE-2022-29900 (Mis-trained branch predictions for return instructions may allow arbit ...) + {DSA-5207-1 DSA-5184-1 DLA-3102-1} + - linux 5.18.14-1 + [buster] - linux (Mitigation is too invasive to backport) + - xen 4.16.2-1 + [buster] - xen (DSA 4677-1) + NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ + NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 + NOTE: https://xenbits.xen.org/xsa/advisory-407.html +CVE-2022-29899 + REJECTED +CVE-2022-29898 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) + NOT-FOR-US: RAD-ISM-900-EN +CVE-2022-29897 (On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user c ...) + NOT-FOR-US: RAD-ISM-900-EN +CVE-2022-29892 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) + NOT-FOR-US: Cybozu +CVE-2022-29885 (The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 ...) + {DSA-5265-1 DLA-3160-1} + - tomcat9 9.0.63-1 + - tomcat8 + [stretch] - tomcat8 (Minor issue) + NOTE: https://github.com/apache/tomcat/commit/eaafd28296c54d983e28a47953c1f5cb2c334f48 (9.0.63) + NOTE: https://github.com/apache/tomcat/commit/b679bc627f5a4ea6510af95adfb7476b07eba890 (8.5.79) +CVE-2022-29884 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2022-29883 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29882 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29881 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29880 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29879 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29878 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29877 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29876 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29875 (A vulnerability has been identified in Biograph Horizon PET/CT Systems ...) + NOT-FOR-US: Siemens +CVE-2022-29874 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29873 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29872 (A vulnerability has been identified in SICAM P850 (All versions < V3.0 ...) + NOT-FOR-US: Siemens +CVE-2022-29518 (Screen Creator Advance2, HMI GC-A2 series, and Real time remote monito ...) + NOT-FOR-US: Koyo Screen Creator Advance2 +CVE-2022-29513 (Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10. ...) + NOT-FOR-US: Cybozu +CVE-2022-29484 (Operation restriction bypass vulnerability in Space of Cybozu Garoon 4 ...) + NOT-FOR-US: Cybozu +CVE-2022-29471 (Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon a ...) + NOT-FOR-US: Cybozu +CVE-2022-29467 (Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to ...) + NOT-FOR-US: Cybozu +CVE-2022-28718 (Operation restriction bypass vulnerability in Bulletin of Cybozu Garoo ...) + NOT-FOR-US: Cybozu +CVE-2022-28713 (Improper authentication vulnerability in Scheduler of Cybozu Garoon 4. ...) + NOT-FOR-US: Cybozu +CVE-2022-28692 (Improper input validation vulnerability in Scheduler of Cybozu Garoon ...) + NOT-FOR-US: Cybozu +CVE-2022-27807 (Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 ...) + NOT-FOR-US: Cybozu +CVE-2022-27803 (Improper input validation vulnerability in Space of Cybozu Garoon 4.0. ...) + NOT-FOR-US: Cybozu +CVE-2022-27661 (Operation restriction bypass vulnerability in Workflow of Cybozu Garoo ...) + NOT-FOR-US: Cybozu +CVE-2022-27627 (Cross-site scripting vulnerability in Organization's Information of Cy ...) + NOT-FOR-US: Cybozu +CVE-2022-26368 (Browse restriction bypass and operation restriction bypass vulnerabili ...) + NOT-FOR-US: Cybozu +CVE-2022-26054 (Operation restriction bypass vulnerability in Link of Cybozu Garoon 4. ...) + NOT-FOR-US: Cybozu +CVE-2022-26051 (Operation restriction bypass vulnerability in Portal of Cybozu Garoon ...) + NOT-FOR-US: Cybozu +CVE-2022-1525 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) + NOT-FOR-US: Cognex 3D-A1000 Dimensioning System +CVE-2022-1524 (LRM version 2.4 and lower does not implement TLS encryption. A malicio ...) + NOT-FOR-US: LRM +CVE-2022-1523 (Fuji Electric D300win prior to version 3.7.1.17 is vulnerable to a wri ...) + NOT-FOR-US: Fuji Electric +CVE-2022-1522 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) + NOT-FOR-US: Cognex 3D-A1000 Dimensioning System +CVE-2022-1521 (LRM does not implement authentication or authorization by default. A m ...) + NOT-FOR-US: LRM +CVE-2022-1520 (When viewing an email message A, which contains an attached message B, ...) + {DSA-5141-1 DLA-3020-1} + - thunderbird 1:91.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-18/#CVE-2022-1520 +CVE-2022-1519 (LRM does not restrict the types of files that can be uploaded to the a ...) + NOT-FOR-US: LRM +CVE-2022-1518 (LRM contains a directory traversal vulnerability that can allow a mali ...) + NOT-FOR-US: LRM +CVE-2022-1517 (LRM utilizes elevated privileges. An unauthenticated malicious actor c ...) + NOT-FOR-US: LRM +CVE-2022-1516 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s X ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.17.3-1 (unimportant) + NOTE: Fixed by: https://git.kernel.org/linus/7781607938c8371d4c2b243527430241c62e39c2 (5.18-rc1) + NOTE: CONFIG_X25 is not set in Debian +CVE-2022-1515 (A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarRea ...) + - libmatio 1.5.22-1 + [bullseye] - libmatio (Minor issue) + [buster] - libmatio (Minor issue) + NOTE: https://github.com/tbeu/matio/issues/186 + NOTE: Fixed by: https://github.com/tbeu/matio/commit/b53b62b756920f4c1509f4ee06427f66c3b5c9c4 (v1.5.22) +CVE-2022-1514 (Stored XSS via upload plugin functionality in zip format in GitHub rep ...) + NOT-FOR-US: facturascripts +CVE-2022-1513 (A potential vulnerability was reported in Lenovo PCManager prior to ve ...) + NOT-FOR-US: Lenovo +CVE-2022-1512 (The ScrollReveal.js Effects WordPress plugin through 1.2 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1511 (Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4 ...) + - snipe-it (bug #1005172) +CVE-2022-1510 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1509 (Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp pri ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-29868 (1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a ...) + NOT-FOR-US: 1Password +CVE-2022-29867 + RESERVED +CVE-2022-29866 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaus ...) + NOT-FOR-US: OPC UA .NET Standard Stack +CVE-2022-29865 (OPC UA .NET Standard Stack allows a remote attacker to bypass the appl ...) + NOT-FOR-US: OPC UA .NET Standard Stack +CVE-2022-29864 (OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause ...) + NOT-FOR-US: OPC UA .NET Standard Stack +CVE-2022-29863 (OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a ...) + NOT-FOR-US: OPC UA .NET Standard Stack +CVE-2022-29862 (An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remot ...) + NOT-FOR-US: OPC UA .NET Standard Stack +CVE-2022-29861 + RESERVED +CVE-2022-29860 + RESERVED +CVE-2022-29859 (component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for ...) + NOT-FOR-US: SDK for Ameba1 +CVE-2022-29858 (Silverstripe silverstripe/assets through 1.10 is vulnerable to imprope ...) + NOT-FOR-US: Silverstripe CMS +CVE-2022-29857 + RESERVED +CVE-2022-29856 (A hardcoded cryptographic key in Automation360 22 allows an attacker t ...) + NOT-FOR-US: Automation360 +CVE-2022-29855 (Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have " ...) + NOT-FOR-US: Mitel +CVE-2022-29854 (A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, ...) + NOT-FOR-US: Mitel +CVE-2022-29853 (OX App Suite through 8.2 allows XSS via a certain complex hierarchy th ...) + NOT-FOR-US: OX App Suite +CVE-2022-29852 (OX App Suite through 8.2 allows XSS because BMFreehand10 and image/x-f ...) + NOT-FOR-US: OX App Suite +CVE-2022-29851 (documentconverter in OX App Suite through 7.10.6, in a non-default con ...) + NOT-FOR-US: OX App Suite +CVE-2022-29850 (Various Lexmark products through 2022-04-27 allow an attacker who has ...) + NOT-FOR-US: Lexmark +CVE-2022-29849 (In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SU ...) + NOT-FOR-US: Progress OpenEdge +CVE-2022-29848 (In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, i ...) + NOT-FOR-US: Progress Ipswitch WhatsUp Gold +CVE-2022-29847 (In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, i ...) + NOT-FOR-US: Progress Ipswitch WhatsUp Gold +CVE-2022-29846 (In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it ...) + NOT-FOR-US: Progress Ipswitch WhatsUp Gold +CVE-2022-29845 (In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, i ...) + NOT-FOR-US: Progress Ipswitch WhatsUp Gold +CVE-2022-29844 (A vulnerability in the FTP service of Western Digital My Cloud OS 5 de ...) + NOT-FOR-US: Western Digital +CVE-2022-29843 (A command injection vulnerability in the DDNS service configuration of ...) + NOT-FOR-US: Western Digital +CVE-2022-29842 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Western Digital +CVE-2022-29841 (Improper Neutralization of Special Elements used in an OS Command ('OS ...) + NOT-FOR-US: Western Digital +CVE-2022-29840 (Server-Side Request Forgery (SSRF) vulnerability that could allow a ro ...) + NOT-FOR-US: Western Digital +CVE-2022-29839 (Insufficiently Protected Credentials vulnerability in the remote backu ...) + NOT-FOR-US: Western Digital +CVE-2022-29838 (Improper Authentication vulnerability in the encrypted volumes and aut ...) + NOT-FOR-US: Western Digital +CVE-2022-29837 (A path traversal vulnerability was addressed in Western Digital My Clo ...) + NOT-FOR-US: Western Digital +CVE-2022-29836 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Western Digital +CVE-2022-29835 (WD Discovery software executable files were signed with an unsafe SHA- ...) + NOT-FOR-US: WD Discovery software +CVE-2022-29834 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: ICONICS +CVE-2022-29833 (Insufficiently Protected Credentials vulnerability in Mitsubishi Elect ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29832 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29831 (Use of Hard-coded Password vulnerability in Mitsubishi Electric Corpor ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29830 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29829 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29828 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29827 (Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electr ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29826 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29825 (Use of Hard-coded Password vulnerability in Mitsubishi Electric GX Wor ...) + NOT-FOR-US: Mitsubishi +CVE-2022-29824 (In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...) + {DSA-5142-1 DLA-3012-1} + - libxml2 2.9.14+dfsg-1 (bug #1010526) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab (v2.9.14) + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd (master) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2272 +CVE-2022-29516 (The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 35 ...) + NOT-FOR-US: FUJITSU +CVE-2022-29823 (Feather-Sequalize cleanQuery method uses insecure recursive logic to f ...) + NOT-FOR-US: Feather js library +CVE-2022-29822 (Due to improper parameter filtering in the Feathers js library, which ...) + NOT-FOR-US: Feather js library +CVE-2022-29821 (In JetBrains Rider before 2022.1 local code execution via links in ReS ...) + NOT-FOR-US: JetBrains Rider +CVE-2022-29820 (In JetBrains PyCharm before 2022.1 exposure of the debugger port to th ...) + - pycharm (bug #742394) +CVE-2022-29819 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via link ...) + - intellij-idea (bug #747616) +CVE-2022-29818 (In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal ...) + - intellij-idea (bug #747616) +CVE-2022-29817 (In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messa ...) + - intellij-idea (bug #747616) +CVE-2022-29816 (In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messa ...) + - intellij-idea (bug #747616) +CVE-2022-29815 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via work ...) + - intellij-idea (bug #747616) +CVE-2022-29814 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML ...) + - intellij-idea (bug #747616) +CVE-2022-29813 (In JetBrains IntelliJ IDEA before 2022.1 local code execution via cust ...) + - intellij-idea (bug #747616) +CVE-2022-29812 (In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about ...) + - intellij-idea (bug #747616) +CVE-2022-29811 (In JetBrains Hub before 2022.1.14638 stored XSS via project icon was p ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-1508 (An out-of-bounds read flaw was found in the Linux kernel\u2019s io_uri ...) + - linux 5.15.3-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/89c2b3b74918200e46699338d7bcc19b1ea12110 (5.15-rc1) +CVE-2022-1507 (chafa: NULL Pointer Dereference in function gif_internal_decode_frame ...) + - chafa 1.10.2-1 (unimportant) + NOTE: https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95/ + NOTE: https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9 (1.10.2) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1506 (The WP Born Babies WordPress plugin through 1.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1505 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) + NOT-FOR-US: RSVPMaker plugin for WordPress +CVE-2022-1504 (XSS in /demo/module/?module=HERE in GitHub repository microweber/micro ...) + NOT-FOR-US: microweber +CVE-2022-29810 (The Hashicorp go-getter library before 1.5.11 does not redact an SSH k ...) + - golang-github-hashicorp-go-getter (Vulnerable code introduced later) + NOTE: https://github.com/hashicorp/go-getter/commit/36b68b2f68a3ed10ee7ecbb0cb9f6b1dc5da49cc (v1.5.11) + NOTE: introduced in https://github.com/hashicorp/go-getter/commit/854150ffed2dc250662096b4309b3510a13e0574 (v1.5.8) +CVE-2022-29809 + RESERVED +CVE-2022-1503 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: GetSimple CMS +CVE-2022-1502 (Permissions were not properly verified in the API on projects using ve ...) + NOT-FOR-US: Octopus Server +CVE-2022-1501 (Inappropriate implementation in iframe in Google Chrome prior to 101.0 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1500 (Insufficient data validation in Dev Tools in Google Chrome prior to 10 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1499 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1498 (Inappropriate implementation in HTML Parser in Google Chrome prior to ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1497 (Inappropriate implementation in Input in Google Chrome prior to 101.0. ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1496 (Use after free in File Manager in Google Chrome prior to 101.0.4951.41 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1495 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1494 (Insufficient data validation in Trusted Types in Google Chrome prior t ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1493 (Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 al ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1492 (Insufficient data validation in Blink Editing in Google Chrome prior t ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1491 (Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 al ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1490 (Use after free in Browser Switcher in Google Chrome prior to 101.0.495 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1489 (Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1488 (Inappropriate implementation in Extensions API in Google Chrome prior ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1487 (Use after free in Ozone in Google Chrome prior to 101.0.4951.41 allowe ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1486 (Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1485 (Use after free in File System API in Google Chrome prior to 101.0.4951 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1484 (Heap buffer overflow in Web UI Settings in Google Chrome prior to 101. ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1483 (Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1482 (Inappropriate implementation in WebGL in Google Chrome prior to 101.0. ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1481 (Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951. ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1480 + REJECTED +CVE-2022-1479 (Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowe ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1478 (Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1477 (Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allow ...) + {DSA-5125-1} + - chromium 101.0.4951.41-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1476 (The All-in-One WP Migration plugin for WordPress is vulnerable to arbi ...) + NOT-FOR-US: All-in-One WP Migration plugin for WordPress +CVE-2022-1475 (An integer overflow vulnerability was found in FFmpeg versions before ...) + {DSA-5124-1} + - ffmpeg 7:4.4.2-1 + [buster] - ffmpeg (Vulnerable code not present) + [stretch] - ffmpeg (Vulnerable code not present) + NOTE: https://trac.ffmpeg.org/ticket/9651 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=757da974b21833529cc41bdcc9684c29660cdfa8 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e9e2ddbc6c78cc18b76093617f82c920e58a8d1f (n4.4.2) + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fa2e4afe8d0a23fac37392ef6506cfc9841f8d3d (n4.3.4) +CVE-2022-1474 (The WP Event Manager WordPress plugin before 3.1.28 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1473 (The OPENSSL_LH_flush() function, which empties a hash table, contains ...) + [experimental] - openssl 3.0.3-1 + - openssl (Only affects OpenSSL 3.0) + NOTE: https://www.openssl.org/news/secadv/20220503.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=64c85430f95200b6b51fe9475bd5203f7c19daf1 (openssl-3.0.3) +CVE-2022-1472 (The Better Find and Replace WordPress plugin before 1.3.6 does not pro ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1471 (SnakeYaml's Constructor() class does not restrict types which can be i ...) + - snakeyaml (unimportant) + NOTE: https://github.com/google/security-research/security/advisories/GHSA-mjmj-j48q-9wg2 +CVE-2022-1470 (The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1469 (The FiboSearch WordPress plugin before 1.17.0 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29808 (In Quest KACE Systems Management Appliance (SMA) through 12.0, predict ...) + NOT-FOR-US: Quest KACE System Management Appliance +CVE-2022-29807 (A SQL injection vulnerability exists within Quest KACE Systems Managem ...) + NOT-FOR-US: Quest KACE System Management Appliance +CVE-2022-29806 (ZoneMinder before 1.36.13 allows remote code execution via an invalid ...) + - zoneminder 1.36.13+dfsg1-1 (unimportant) + NOTE: https://forums.zoneminder.com/viewtopic.php?t=31638 + NOTE: https://github.com/ZoneMinder/zoneminder/commit/9fee64b62fbdff5bf5ece1d617f1f53c7b1967cb + NOTE: Only supported for trusted users/behind auth, see README.debian.security +CVE-2022-29805 (A Java Deserialization vulnerability in the Fishbowl Server in Fishbow ...) + NOT-FOR-US: Fishbowl Inventory +CVE-2022-29804 (Incorrect conversion of certain invalid paths to valid, absolute paths ...) + - golang-1.18 (Only affects Go on Windows) + - golang-1.17 (Only affects Go on Windows) + - golang-1.15 (Only affects Go on Windows) + - golang-1.11 (Only affects Go on Windows) + - golang-1.8 (Only affects Go on Windows) + - golang-1.7 (Only affects Go on Windows) + NOTE: https://go.dev/issue/52476 +CVE-2022-29803 + RESERVED +CVE-2022-29802 + RESERVED +CVE-2022-1468 (On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-1467 (Windows OS can be configured to overlay a \u201clanguage bar\u201d on ...) + NOT-FOR-US: AVEVA +CVE-2022-1466 (Due to improper authorization, Red Hat Single Sign-On is vulnerable to ...) + NOT-FOR-US: Red Hat Single Sign-On / Keycloak +CVE-2022-29801 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-29800 (A time-of-check-time-of-use (TOCTOU) race condition vulnerability was ...) + - networkd-dispatcher 2.2.3-1 (unimportant; bug #1010303) + NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ + NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe + NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133 + NOTE: No security impact in Debian, see #1010303 +CVE-2022-29799 (A vulnerability was found in networkd-dispatcher. This flaw exists bec ...) + - networkd-dispatcher 2.2.3-1 (unimportant; bug #1010303) + NOTE: https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ + NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/074ff68f08d64a963a13e3cfc4fb3e3fb9006dfe + NOTE: https://gitlab.com/craftyguy/networkd-dispatcher/-/commit/2e226ee027bdc8022f0e10470318f89f25dc6133 + NOTE: No security impact in Debian, see #1010303 +CVE-2022-29798 (There is a denial of service vulnerability in CV81-WDM FW versions 01. ...) + NOT-FOR-US: Huawei +CVE-2022-29797 (There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46 ...) + NOT-FOR-US: Huawei +CVE-2022-29796 (The HiAIserver has a vulnerability in verifying the validity of the we ...) + NOT-FOR-US: Huawei +CVE-2022-29795 (The frame scheduling module has a null pointer dereference vulnerabili ...) + NOT-FOR-US: Huawei +CVE-2022-29794 (The frame scheduling module has a Use After Free (UAF) vulnerability.S ...) + NOT-FOR-US: Huawei +CVE-2022-29793 (There is a configuration defect in the activation lock of mobile phone ...) + NOT-FOR-US: Huawei +CVE-2022-29792 (The chip component has a vulnerability of disclosing CPU SNs.Successfu ...) + NOT-FOR-US: Huawei +CVE-2022-29791 (The HiAIserver has a vulnerability in verifying the validity of the we ...) + NOT-FOR-US: Huawei +CVE-2022-29790 (The graphics acceleration service has a vulnerability in multi-thread ...) + NOT-FOR-US: Huawei +CVE-2022-29789 (The HiAIserver has a vulnerability in verifying the validity of the pr ...) + NOT-FOR-US: Huawei +CVE-2022-27174 (Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CU ...) + NOT-FOR-US: EC-CUBE +CVE-2022-1465 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.9 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1464 (Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the ...) + NOT-FOR-US: Go Git Service +CVE-2022-1463 (The Booking Calendar plugin for WordPress is vulnerable to PHP Object ...) + NOT-FOR-US: Booking Calendar plugin for WordPress +CVE-2022-1462 (An out-of-bounds read flaw was found in the Linux kernel\u2019s TeleTY ...) + {DLA-3131-1} + - linux 5.18.14-1 + [bullseye] - linux 5.10.136-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2078466 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/27/2 +CVE-2022-1461 (Non Privilege User can Enable or Disable Registered in GitHub reposito ...) + NOT-FOR-US: OpenEMR +CVE-2022-1460 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1459 (Non-Privilege User Can View Patient\u2019s Disclosures in GitHub repos ...) + NOT-FOR-US: OpenEMR +CVE-2022-1458 (Stored XSS Leads To Session Hijacking in GitHub repository openemr/ope ...) + NOT-FOR-US: OpenEMR +CVE-2022-1457 (Store XSS in title parameter executing at EditUser Page & EditProducto ...) + NOT-FOR-US: facturascripts +CVE-2022-1456 (The Poll Maker WordPress plugin before 4.0.2 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46789 (Configuration defects in the secure OS module. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-46788 (Third-party pop-up window coverage vulnerability in the iConnect modul ...) + NOT-FOR-US: Huawei +CVE-2021-46787 (The AMS module has a vulnerability of improper permission control.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-46786 (The audio module has a vulnerability in verifying the parameters passe ...) + NOT-FOR-US: Huawei +CVE-2021-46785 (The Property module has a vulnerability in permission control.This vul ...) + NOT-FOR-US: Huawei +CVE-2022-29788 (libmobi before v0.10 contains a NULL pointer dereference via the compo ...) + - libmobi 0.11+dfsg-1 + NOTE: https://github.com/bfabiszewski/libmobi/commit/ce0ab6586069791b1e8e2a42f44318e581c39939 (v0.11) +CVE-2022-29787 + RESERVED +CVE-2022-29786 + RESERVED +CVE-2022-29785 + RESERVED +CVE-2022-29784 (PublicCMS V4.0.202204.a and below contains an information leak via the ...) + NOT-FOR-US: PublicCMS +CVE-2022-29783 + RESERVED +CVE-2022-29782 + RESERVED +CVE-2022-29781 + RESERVED +CVE-2022-29780 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-29779 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation in ...) + NOT-FOR-US: njs +CVE-2022-29778 (D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due ...) + NOT-FOR-US: D-Link +CVE-2022-29777 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) + NOT-FOR-US: Onlyoffice Document Server +CVE-2022-29776 (Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and belo ...) + NOT-FOR-US: Onlyoffice Document Server +CVE-2022-29775 (iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication vi ...) + NOT-FOR-US: iSpyConnect iSpy +CVE-2022-29774 (iSpy v7.2.2.0 is vulnerable to remote command execution via path trave ...) + NOT-FOR-US: iSpyConnect iSpy +CVE-2022-29773 (An access control issue in aleksis/core/util/auth_helpers.py: ClientPr ...) + NOT-FOR-US: AlekSIS +CVE-2022-29772 + RESERVED +CVE-2022-29771 + RESERVED +CVE-2022-29770 (XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: XXL-Job +CVE-2022-29769 + RESERVED +CVE-2022-29768 + RESERVED +CVE-2022-29767 (adbyby v2.7 allows external users to make connections via port 8118. T ...) + NOT-FOR-US: adbyby +CVE-2022-29766 + RESERVED +CVE-2022-29765 + RESERVED +CVE-2022-29764 + RESERVED +CVE-2022-29763 + RESERVED +CVE-2022-29762 + RESERVED +CVE-2022-29761 + RESERVED +CVE-2022-29760 + RESERVED +CVE-2022-29759 + RESERVED +CVE-2022-29758 + RESERVED +CVE-2022-29757 + RESERVED +CVE-2022-29756 + RESERVED +CVE-2022-29755 + RESERVED +CVE-2022-29754 + RESERVED +CVE-2022-29753 + RESERVED +CVE-2022-29752 + RESERVED +CVE-2022-29751 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29750 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29749 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29748 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29747 (Simple Client Management System 1.0 is vulnerable to SQL Injection via ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2022-29746 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2022-29745 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2022-29744 + RESERVED +CVE-2022-29743 + RESERVED +CVE-2022-29742 + RESERVED +CVE-2022-29741 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2022-29740 + RESERVED +CVE-2022-29739 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2022-29738 (Money Transfer Management System 1.0 is vulnerable to SQL Injection vi ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2022-29737 + RESERVED +CVE-2022-29736 + RESERVED +CVE-2022-29735 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows ...) + NOT-FOR-US: Delta Controls enteliTOUCH +CVE-2022-29734 (A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 ...) + NOT-FOR-US: ICT Protege GX/WX +CVE-2022-29733 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) + NOT-FOR-US: Delta Controls enteliTOUCH +CVE-2022-29732 (Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was dis ...) + NOT-FOR-US: Delta Controls enteliTOUCH +CVE-2022-29731 (An access control issue in ICT Protege GX/WX 2.08 allows attackers to ...) + NOT-FOR-US: ICT Protege GX/WX +CVE-2022-29730 (USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered t ...) + NOT-FOR-US: USR IOT 4G LTE Industrial Cellular VPN Router +CVE-2022-29729 (Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak ...) + NOT-FOR-US: Verizon 4G LTE Network Extender GA4.38 +CVE-2022-29728 (Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-s ...) + NOT-FOR-US: Survey Sparrow Enterprise Survey Software +CVE-2022-29727 (Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site ...) + NOT-FOR-US: Survey Sparrow Enterprise Survey Software +CVE-2022-29726 + RESERVED +CVE-2022-29725 (An arbitrary file upload in the image upload component of wityCMS v0.6 ...) + NOT-FOR-US: wityCMS +CVE-2022-29724 + RESERVED +CVE-2022-29723 + RESERVED +CVE-2022-29722 + RESERVED +CVE-2022-29721 (74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: 74cmsSE +CVE-2022-29720 (74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulner ...) + NOT-FOR-US: 74cmsSE +CVE-2022-29719 + RESERVED +CVE-2022-29718 (Caddy v2.4 was discovered to contain an open redirect vulnerability. A ...) + - caddy (Fixed before initial upload to Debian to unstable; did affect experimental upload) + NOTE: https://github.com/caddyserver/caddy/pull/4499 + NOTE: https://github.com/caddyserver/caddy/commit/3fe2c73dd04f7769a9d9673236cb94b79ac45659 (v2.5.0-beta.1) +CVE-2022-29717 + RESERVED +CVE-2022-29716 + RESERVED +CVE-2022-29715 + RESERVED +CVE-2022-29714 + RESERVED +CVE-2022-29713 + RESERVED +CVE-2022-29712 (LibreNMS v22.3.0 was discovered to contain multiple command injection ...) + NOT-FOR-US: LibreNMS +CVE-2022-29711 (LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: LibreNMS +CVE-2022-29710 (A cross-site scripting (XSS) vulnerability in uploadConfirm.php of Lim ...) + - limesurvey (bug #472802) +CVE-2022-29709 (CommuniLink Internet Limited CLink Office v2.0 was discovered to conta ...) + NOT-FOR-US: CommuniLink Internet Limited CLink Office +CVE-2022-29708 + RESERVED +CVE-2022-29707 + RESERVED +CVE-2022-29706 + RESERVED +CVE-2022-29705 + RESERVED +CVE-2022-29704 (BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: BrowsBox CMS +CVE-2022-29703 + RESERVED +CVE-2022-29702 + RESERVED +CVE-2022-29701 (A lack of rate limiting in the 'forgot password' feature of Zammad v5. ...) + - zammad (bug #841355) +CVE-2022-29700 (A lack of password length restriction in Zammad v5.1.0 allows for the ...) + - zammad (bug #841355) +CVE-2022-29699 + RESERVED +CVE-2022-29698 + RESERVED +CVE-2022-29697 + RESERVED +CVE-2022-29696 + RESERVED +CVE-2022-29695 (Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplet ...) + NOT-FOR-US: Unicorn Engine +CVE-2022-29694 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL p ...) + NOT-FOR-US: Unicorn Engine +CVE-2022-29693 (Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory ...) + NOT-FOR-US: Unicorn Engine +CVE-2022-29692 (Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulne ...) + NOT-FOR-US: Unicorn Engine +CVE-2022-29691 + RESERVED +CVE-2022-29690 + RESERVED +CVE-2022-29689 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29688 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29687 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29686 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29685 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29684 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29683 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29682 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29681 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29680 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29679 + RESERVED +CVE-2022-29678 + RESERVED +CVE-2022-29677 + RESERVED +CVE-2022-29676 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29675 + RESERVED +CVE-2022-29674 + RESERVED +CVE-2022-29673 + RESERVED +CVE-2022-29672 + RESERVED +CVE-2022-29671 + RESERVED +CVE-2022-29670 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29669 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29668 + RESERVED +CVE-2022-29667 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29666 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29665 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29664 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29663 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29662 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29661 (CSCMS Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29660 (CSCMS Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: CSCMS Music Portal System +CVE-2022-29659 (Responsive Online Blog v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Responsive Online Blog +CVE-2022-29658 + RESERVED +CVE-2022-29657 + RESERVED +CVE-2022-29656 (Wedding Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Wedding Management System +CVE-2022-29655 (An arbitrary file upload vulnerability in the Upload Photos module of ...) + NOT-FOR-US: Wedding Management System +CVE-2022-29654 (Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm ...) + - nasm 2.16.01-1 (unimportant) + NOTE: Duplicate of CVE-2022-44370 +CVE-2022-29653 (OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vu ...) + NOT-FOR-US: OFCMS +CVE-2022-29652 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29651 (An arbitrary file upload vulnerability in the Select Image function of ...) + NOT-FOR-US: Online Food Ordering System +CVE-2022-29650 (Online Food Ordering System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Online Food Ordering System +CVE-2022-29649 (Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: Qsmart Next +CVE-2022-29648 (A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows ...) + NOT-FOR-US: Jfinal CMS +CVE-2022-29647 (An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability t ...) + NOT-FOR-US: MCMS +CVE-2022-29646 (An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29645 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29644 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29643 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29642 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29641 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29640 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29639 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29638 (TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 we ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29637 (An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows at ...) + NOT-FOR-US: Mindoc +CVE-2022-29636 + RESERVED +CVE-2022-29635 + RESERVED +CVE-2022-29634 + RESERVED +CVE-2022-29633 (An access control issue in Linglong v1.0 allows attackers to access th ...) + NOT-FOR-US: Linglong +CVE-2022-29632 (An arbitrary file upload vulnerability in the component /course/api/up ...) + NOT-FOR-US: Roncoo Education +CVE-2022-29631 (Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vul ...) + - jodd (bug #1013270) + [buster] - jodd (Minor issue) + NOTE: https://github.com/oblac/jodd-http/issues/9 + NOTE: Fixed by: https://github.com/oblac/jodd-http/commit/e50f573c8f6a39212ade68c6eb1256b2889fa8a6 (v6.2.1) +CVE-2022-29630 + RESERVED +CVE-2022-29629 + RESERVED +CVE-2022-29628 (A cross-site scripting (XSS) vulnerability in /omps/seller of Online M ...) + NOT-FOR-US: Online Market Place Site +CVE-2022-29627 (An insecure direct object reference (IDOR) in Online Market Place Site ...) + NOT-FOR-US: Online Market Place Site +CVE-2022-29626 + RESERVED +CVE-2022-29625 + RESERVED +CVE-2022-29624 (An arbitrary file upload vulnerability in the Add File function of TPC ...) + NOT-FOR-US: TPCMS +CVE-2022-29623 (An arbitrary file upload vulnerability in the file upload module of Co ...) + NOT-FOR-US: expressjs/connect-multiparty +CVE-2022-29622 (An arbitrary file upload vulnerability in formidable v3.1.4 allows att ...) + - node-formidable 3.2.4+20220519git81dd350+~cs4.0.9-1 (unimportant; bug #1011341) + NOTE: https://github.com/node-formidable/formidable/issues/856 + NOTE: https://medium.com/@zsolt.imre/cve-2022-29622-in-vulnerability-analysis-5cf783c3721 +CVE-2022-29621 + RESERVED +CVE-2022-29620 (FileZilla v3.59.0 allows attackers to obtain cleartext passwords of co ...) + NOT-FOR-US: Disputed Filezilla issue +CVE-2022-29619 (Under certain conditions SAP BusinessObjects Business Intelligence Pla ...) + NOT-FOR-US: SAP +CVE-2022-29618 (Due to insufficient input validation, SAP NetWeaver Development Infras ...) + NOT-FOR-US: SAP +CVE-2022-29617 (Due to improper error handling an authenticated user can crash CLA ass ...) + NOT-FOR-US: CLA assistant +CVE-2022-29616 (SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to l ...) + NOT-FOR-US: SAP +CVE-2022-29615 (SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Ecli ...) + NOT-FOR-US: SAP +CVE-2022-29614 (SAP startservice - of SAP NetWeaver Application Server ABAP, Applicati ...) + NOT-FOR-US: SAP +CVE-2022-29613 (Due to insufficient input validation, SAP Employee Self Service allows ...) + NOT-FOR-US: SAP +CVE-2022-29612 (SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22 ...) + NOT-FOR-US: SAP +CVE-2022-29611 (SAP NetWeaver Application Server for ABAP and ABAP Platform do not per ...) + NOT-FOR-US: SAP +CVE-2022-29610 (SAP NetWeaver Application Server ABAP allows an authenticated attacker ...) + NOT-FOR-US: SAP +CVE-2022-29609 (An issue was discovered in ONOS 2.5.1. An intent with the same source ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29608 (An issue was discovered in ONOS 2.5.1. An intent with a port that is a ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29607 (An issue was discovered in ONOS 2.5.1. Modification of an existing int ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29606 (An issue was discovered in ONOS 2.5.1. An intent with a large port num ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29605 (An issue was discovered in ONOS 2.5.1. IntentManager attempts to insta ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29604 (An issue was discovered in ONOS 2.5.1. An intent with an uppercase let ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-29603 (A SQL Injection vulnerability exists in UniverSIS UniverSIS-API throug ...) + NOT-FOR-US: UniverSIS +CVE-2022-29602 (The gridelements (aka Grid Elements) extension through 7.6.1, 8.x thro ...) + NOT-FOR-US: Typo3 extension +CVE-2022-29601 (The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 a ...) + NOT-FOR-US: Typo3 extension +CVE-2022-29600 (The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO ...) + NOT-FOR-US: Typo3 extension +CVE-2022-1455 (The Call Now Button WordPress plugin before 1.1.2 does not escape a pa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1454 + RESERVED +CVE-2022-1453 (The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQ ...) + NOT-FOR-US: RSVPMaker plugin for WordPress +CVE-2022-1452 (Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function i ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/c8f4c2de-7d96-4ad4-857a-c099effca2d6 + NOTE: https://github.com/radareorg/radare2/commit/ecc44b6a2f18ee70ac133365de0e509d26d5e168 +CVE-2022-1451 (Out-of-bounds Read in r_bin_java_constant_value_attr_new function in G ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/229a2e0d-9e5c-402f-9a24-57fa2eb1aaa7 + NOTE: https://github.com/radareorg/radare2/commit/0927ed3ae99444e7b47b84e43118deb10fe37529 +CVE-2019-25059 (Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this ...) + {DLA-2989-1} + - ghostscript 9.27~dfsg-1 + NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=430e219ea17a2650577d70021399c4ead05869e0 + NOTE: Issue exists because of an incomplete fix for CVE-2019-3839 +CVE-2022-29599 (In Apache Maven maven-shared-utils prior to version 3.3.3, the Command ...) + {DSA-5242-1 DLA-3086-1 DLA-3059-1} + - maven-shared-utils 3.3.4-1 (bug #1012314) + NOTE: https://github.com/apache/maven-shared-utils/pull/40 + NOTE: https://issues.apache.org/jira/browse/MSHARED-297 + NOTE: https://github.com/apache/maven-shared-utils/commit/f751e614c09df8de1a080dc1153931f3f68991c9 (maven-shared-utils-3.3.1) +CVE-2022-1450 + RESERVED +CVE-2022-1449 + RESERVED +CVE-2022-1448 + RESERVED +CVE-2022-1447 + RESERVED +CVE-2022-1446 + RESERVED +CVE-2022-1445 (Stored Cross Site Scripting vulnerability in the checked_out_to parame ...) + - snipe-it (bug #1005172) +CVE-2022-1444 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/b438a940-f8a4-4872-b030-59bdd1ab72aa + NOTE: https://github.com/radareorg/radare2/commit/14189710859c27981adb4c2c2aed2863c1859ec5 +CVE-2022-1443 + RESERVED +CVE-2022-1442 (The Metform WordPress plugin is vulnerable to sensitive information di ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29598 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...) + NOT-FOR-US: Solutions Atlantic Regulatory Reporting System (RRS +CVE-2022-29597 (Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerabl ...) + NOT-FOR-US: Solutions Atlantic Regulatory Reporting System (RRS) +CVE-2022-29596 (MicroStrategy Enterprise Manager 2022 allows authentication bypass by ...) + NOT-FOR-US: MicroStrategy Enterprise Manager +CVE-2022-29595 + RESERVED +CVE-2022-29594 (eG Agent before 7.2 has weak file permissions that enable escalation o ...) + NOT-FOR-US: eG Agent +CVE-2022-29593 (relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1. ...) + NOT-FOR-US: Dingtian +CVE-2022-1441 (MP4Box is a component of GPAC-2.0.0, which is a widely-used third-part ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2175 + NOTE: https://github.com/gpac/gpac/commit/3dbe11b37d65c8472faf0654410068e5500b3adb +CVE-2022-29592 (Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_r ...) + NOT-FOR-US: Tenda +CVE-2022-29591 (Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer over ...) + NOT-FOR-US: Tenda +CVE-2022-29590 + RESERVED +CVE-2022-29589 (Crypt Server before 3.3.0 allows XSS in the index view. This is relate ...) + NOT-FOR-US: Crypt Server +CVE-2022-29588 (Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext pass ...) + NOT-FOR-US: Konica Minolta bizhub MFP devices +CVE-2022-29587 (Konica Minolta bizhub MFP devices before 2022-04-14 have an internal C ...) + NOT-FOR-US: Konica Minolta bizhub MFP devices +CVE-2022-29586 (Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Es ...) + NOT-FOR-US: Konica Minolta bizhub MFP devices +CVE-2022-29585 (In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using ...) + - mahara +CVE-2022-29584 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS ...) + - mahara +CVE-2022-29583 (service_windows.go in the kardianos service package for Go omits quoti ...) + - golang-github-kardianos-service (Windows-specific issue) + NOTE: https://github.com/kardianos/service/pull/290 +CVE-2022-29581 (Improper Update of Reference Count vulnerability in net/sched of Linux ...) + {DSA-5173-1} + - linux 5.17.6-1 + [bullseye] - linux 5.10.113-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3db09e762dc79584a69c10d74a6b98f89a9979f8 (5.18-rc4) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/18/2 +CVE-2022-29580 (There exists a path traversal vulnerability in the Android Google Sear ...) + NOT-FOR-US: Android Google Search app +CVE-2022-29579 + RESERVED +CVE-2022-1440 (Command Injection vulnerability in git-interface@2.1.1 in GitHub repos ...) + NOT-FOR-US: git-interface Nodejs module +CVE-2022-1439 (Reflected XSS on demo.microweber.org/demo/module/ in GitHub repository ...) + NOT-FOR-US: microweber +CVE-2022-1438 (A flaw was found in Keycloak. Under specific circumstances, HTML entit ...) + NOT-FOR-US: Keycloak +CVE-2022-1437 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/af6c3e9e-b7df-4d80-b48f-77fdd17b4038 + NOTE: https://github.com/radareorg/radare2/commit/669a404b6d98d5db409a5ebadae4e94b34ef5136 +CVE-2022-1436 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1435 (The WPCargo Track & Trace WordPress plugin before 6.9.5 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1434 (The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly ...) + [experimental] - openssl 3.0.3-1 + - openssl (Only affects OpenSSL 3.0) + NOTE: https://www.openssl.org/news/secadv/20220503.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7d56a74a96828985db7354a55227a511615f732b (openssl-3.0.3) +CVE-2022-1433 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1432 (Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/oc ...) + - octoprint (bug #718591) +CVE-2022-1431 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1430 (Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octopr ...) + - octoprint (bug #718591) +CVE-2022-1429 (SQL injection in GridHelperService.php in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2022-1428 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - octoprint (bug #718591) +CVE-2022-29582 (In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free ...) + {DSA-5127-1} + - linux 5.17.3-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/04/22/4 + NOTE: https://git.kernel.org/linus/e677edbcabee849bfdd43f1602bccbecf736a646 + NOTE: https://ruia-ruia.github.io/2022/08/05/CVE-2022-29582-io-uring/ +CVE-2022-29578 (Meridian Cooperative Utility Software versions 22.02 and 22.03 allows ...) + NOT-FOR-US: Meridian Cooperative Utility Software +CVE-2022-29577 (OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE ...) + - libowasp-antisamy-java (Incomplete fix for CVE-2022-28367 not applied) + NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) +CVE-2022-29576 + RESERVED +CVE-2022-29575 + RESERVED +CVE-2022-29574 + RESERVED +CVE-2022-29573 + RESERVED +CVE-2022-29572 + RESERVED +CVE-2022-29571 + RESERVED +CVE-2022-29570 + RESERVED +CVE-2022-29569 + RESERVED +CVE-2022-29568 + RESERVED +CVE-2022-29567 (The default configuration of a TreeGrid component uses Object::toStrin ...) + NOT-FOR-US: Vaadin +CVE-2022-29566 (The Bulletproofs 2017/1066 paper mishandles Fiat-Shamir generation bec ...) + NOT-FOR-US: Bulletproofs +CVE-2022-1427 (Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby ...) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/23b6f0a9-64f5-421e-a55f-b5b7a671f301 + NOTE: https://github.com/mruby/mruby/commit/a4d97934d51cb88954cc49161dc1d151f64afb6b +CVE-2022-29565 + RESERVED +CVE-2022-29564 (Jamf Private Access before 2022-05-16 has Incorrect Access Control, in ...) + NOT-FOR-US: Jamf +CVE-2022-29563 + RESERVED +CVE-2022-29562 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: RUGGEDCOM +CVE-2022-29561 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: RUGGEDCOM +CVE-2022-29560 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: RUGGEDCOM +CVE-2022-1426 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1425 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1424 (The Ask me WordPress theme before 6.8.2 does not perform CSRF checks f ...) + NOT-FOR-US: WordPress theme +CVE-2022-1423 (Improper access control in the CI/CD cache mechanism in GitLab CE/EE a ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1422 (The Discy WordPress theme before 5.2 does not check for CSRF tokens in ...) + NOT-FOR-US: WordPress theme +CVE-2022-1421 (The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX ac ...) + NOT-FOR-US: WordPress theme +CVE-2022-1420 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + - vim 2:8.2.4793-1 (unimportant) + [buster] - vim (method call operator -> introduced in 8.1.1803) + NOTE: https://huntr.dev/bounties/a4323ef8-90ea-4e1c-90e9-c778f0ecf326 + NOTE: https://github.com/vim/vim/commit/8b91e71441069b1dde9ac9ff9d9a829b1b4aecca (v8.2.4774) + NOTE: Crash in CLI tool, no security impact +CVE-2021-46784 (In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due ...) + {DSA-5171-1} + - squid 5.6-1 + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-f5cp-6rh3-284w + NOTE: https://github.com/squid-cache/squid/commit/780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b (v4) + NOTE: Squid 5: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2021_7.patch + NOTE: https://megamansec.github.io/Squid-Security-Audit/gopher-assert.html +CVE-2022-29559 + RESERVED +CVE-2022-29558 (Realtek rtl819x-SDK before v3.6.1 allows command injection over the we ...) + NOT-FOR-US: Realtek +CVE-2022-29557 (LexisNexis Firco Compliance Link 3.7 allows CSRF.) + NOT-FOR-US: LexisNexis Firco Compliance Link +CVE-2022-29556 (The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise ...) + NOT-FOR-US: mendersoftware/iot-manager +CVE-2022-29555 (The Deviceconnect microservice through 1.3.0 in Northern.tech Mender E ...) + NOT-FOR-US: mendersoftware/deviceconnect +CVE-2022-29554 + RESERVED +CVE-2022-29553 + RESERVED +CVE-2022-29552 + RESERVED +CVE-2022-29551 + RESERVED +CVE-2022-29550 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It writes "ps ...) + NOT-FOR-US: Qualys +CVE-2022-29549 (An issue was discovered in Qualys Cloud Agent 4.8.0-49. It executes pr ...) + NOT-FOR-US: Qualys +CVE-2022-29548 (A reflected XSS issue exists in the Management Console of several WSO2 ...) + NOT-FOR-US: WSO2 +CVE-2022-29547 (The CreateRedirect extension before 2022-04-14 for MediaWiki does not ...) + NOT-FOR-US: CreateRedirect MediaWiki extension +CVE-2022-29546 (HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of servic ...) + NOT-FOR-US: HtmlUnit NekoHtml +CVE-2022-29545 + RESERVED +CVE-2022-29544 + RESERVED +CVE-2022-29543 + RESERVED +CVE-2022-29542 + RESERVED +CVE-2022-29541 + RESERVED +CVE-2022-29540 (resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issu ...) + NOT-FOR-US: RESI Gemini-Net +CVE-2022-29539 (resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Inject ...) + NOT-FOR-US: RESI Gemini-Net +CVE-2022-29538 (RESI Gemini-Net Web 4.2 is affected by Improper Access Control in auth ...) + NOT-FOR-US: RESI Gemini-Net +CVE-2022-29537 (gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a hea ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2173 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/1773b7a34bc08734aee7d3f5dfe65d06389fe15a +CVE-2022-29536 (In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document c ...) + {DSA-5208-1 DLA-3074-1} + - epiphany-browser 42.2-1 (bug #1009959) + [stretch] - epiphany-browser (Vulnerable code not present) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106 + NOTE: Introduced by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/232c613472b38ff0d0d97338f366024ddb9cd228 (3.29.2) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 +CVE-2022-29535 (Zoho ManageEngine OPManager through 125588 allows SQL Injection via a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-29534 (An issue was discovered in MISP before 2.4.158. In UsersController.php ...) + NOT-FOR-US: MISP +CVE-2022-29533 (An issue was discovered in MISP before 2.4.158. There is XSS in app/Co ...) + NOT-FOR-US: MISP +CVE-2022-29532 (An issue was discovered in MISP before 2.4.158. There is XSS in the ce ...) + NOT-FOR-US: MISP +CVE-2022-29531 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...) + NOT-FOR-US: MISP +CVE-2022-29530 (An issue was discovered in MISP before 2.4.158. There is stored XSS in ...) + NOT-FOR-US: MISP +CVE-2022-29529 (An issue was discovered in MISP before 2.4.158. There is stored XSS vi ...) + NOT-FOR-US: MISP +CVE-2022-29528 (An issue was discovered in MISP before 2.4.158. PHAR deserialization c ...) + NOT-FOR-US: MISP +CVE-2022-1419 (The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_ ...) + {DSA-5173-1} + - linux 5.5.13-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/21/1 + NOTE: Fixed by: https://git.kernel.org/linus/4b848f20eda5974020f043ca14bacf7a7e634fc8 (5.6-rc2) +CVE-2022-1418 (The Social Stickers WordPress plugin through 2.2.9 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29527 (Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable ...) + NOT-FOR-US: Amazon AWS amazon-ssm-agent +CVE-2022-29526 (Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...) + - golang-1.18 1.18.2-1 + - golang-1.17 1.17.10-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 (Vulnerable code introduced later) + - golang-1.8 (Vulnerable code introduced later) + - golang-1.7 (Vulnerable code introduced later) + NOTE: https://go.dev/issue/52313 + NOTE: https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU + NOTE: Master : https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c + NOTE: Branch.go1.17 : https://github.com/golang/go/commit/04781d14d2d33acbaf70f77e3a58ae0f3c90757c (1.17.10) + NOTE: Branch.go1.18 : https://github.com/golang/go/commit/c0599c5b781de023974519194df6b0c4ebb0adff (1.18.2) + NOTE: Introduced by: https://github.com/golang/go/commit/60f78765022a59725121d3b800268adffe78bde3 (go1.15rc1) +CVE-2022-1417 (Improper access control in GitLab CE/EE affecting all versions startin ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1416 (Missing sanitization of data in Pipeline error messages in GitLab CE/E ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1415 (A flaw was found where some utility classes in Drools core did not use ...) + NOT-FOR-US: drools +CVE-2022-1414 (3scale API Management 2 does not perform adequate sanitation for user ...) + NOT-FOR-US: 3scale API Management +CVE-2022-1413 (Missing input masking in GitLab CE/EE affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1412 (The Log WP_Mail WordPress plugin through 0.1 saves sent email in a pub ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1411 (Unrestructed file upload in GitHub repository yetiforcecompany/yetifor ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-1410 (OS Command Injection vulnerability in the db_optimize component of Dev ...) + NOT-FOR-US: Device42 Asset Management Appliance +CVE-2022-1409 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1408 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1407 (The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29510 (Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB B ...) + NOT-FOR-US: Intel +CVE-2022-29505 (Due to build misconfiguration in openssl dependency, LINE for Windows ...) + NOT-FOR-US: LINE for Windows +CVE-2022-29486 (Improper buffer restrictions in the Hyperscan library maintained by In ...) + NOT-FOR-US: Intel +CVE-2022-29469 + RESERVED +CVE-2022-29466 (Improper input validation in firmware for Intel(R) SPS before version ...) + NOT-FOR-US: Intel +CVE-2022-29262 (Improper buffer restrictions in some Intel(R) Server Board BIOS firmwa ...) + NOT-FOR-US: Intel +CVE-2022-28858 (Improper buffer restriction in the firmware for some Intel(R) NUC Lapt ...) + NOT-FOR-US: Intel +CVE-2022-27497 (Null pointer dereference in firmware for Intel(R) AMT before version 1 ...) + NOT-FOR-US: Intel +CVE-2022-27493 (Improper initialization in the firmware for some Intel(R) NUC Laptop K ...) + NOT-FOR-US: Intel +CVE-2022-26424 + RESERVED +CVE-2022-25899 (Authentication bypass for the Open AMT Cloud Toolkit software maintain ...) + NOT-FOR-US: Intel +CVE-2022-1406 (Improper input validation in GitLab CE/EE affecting all versions from ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-29504 + REJECTED +CVE-2022-29503 (A memory corruption vulnerability exists in the libpthread linuxthread ...) + - uclibc (unimportant) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1517 + NOTE: Just for cross-compiling, not used for actual packages +CVE-2022-1405 (CNCSoft: All versions prior to 1.01.32 does not properly sanitize inpu ...) + NOT-FOR-US: CNCSoft +CVE-2022-1404 (Delta Electronics CNCSoft (All versions prior to 1.01.32) does not pro ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1403 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) + NOT-FOR-US: ASDA-Soft +CVE-2022-1402 (ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input ...) + NOT-FOR-US: ASDA-Soft +CVE-2022-1401 (Improper Access Control vulnerability in the /Exago/WrImageResource.ad ...) + NOT-FOR-US: Device42 Asset Management Appliance +CVE-2022-1400 (Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi ...) + NOT-FOR-US: Device42 Asset Management Appliance +CVE-2022-1399 (An Argument Injection or Modification vulnerability in the "Change Sec ...) + NOT-FOR-US: Device42 CMDB +CVE-2022-1398 (The External Media without Import WordPress plugin through 1.1.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1397 (API Privilege Escalation in GitHub repository alextselegidis/easyappoi ...) + NOT-FOR-US: alextselegidis/easyappointments +CVE-2022-1396 (The Donorbox WordPress plugin before 7.1.7 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1395 (The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1394 (The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1393 (The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1392 (The Videos sync PDF WordPress plugin through 1.7.4 does not validate t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1391 (The Cab fare calculator WordPress plugin before 1.0.4 does not validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1390 (The Admin Word Count Column WordPress plugin through 2.2 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-XXXX [snort privilege escalation due to insecure use of logrotate] + - snort (bug #1009820) + [bullseye] - snort (Minor issue) + [buster] - snort (Minor issue) + [stretch] - snort (Minor issue) +CVE-2022-29502 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) + - slurm-wlm 21.08.8.2-1 (bug #1010632) + [bullseye] - slurm-wlm (Vulnerable code introduced later; affects only 21.08.x) + - slurm-llnl (Vulnerable code introduced later; affects only 21.08.x) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html + NOTE: https://github.com/SchedMD/slurm/commit/351669e7db3b5bc84b5791dc3626d683b8abe18e (slurm-21-08-8-1) +CVE-2022-29501 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) + {DSA-5166-1} + - slurm-wlm 21.08.8.2-1 (bug #1010633) + - slurm-llnl + [buster] - slurm-llnl (Too intrusive to backport) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html + NOTE: https://github.com/SchedMD/slurm/commit/ef62acfd2a566afc5187c554e908e4aa975211a1 (slurm-21-08-8-1) + NOTE: https://github.com/SchedMD/slurm/commit/863c763c241db46039c27c4b7438ef5d33defb12 (slurm-20-11-9-1) +CVE-2022-29500 (SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control tha ...) + {DSA-5166-1} + - slurm-wlm 21.08.8.2-1 (bug #1010634) + - slurm-llnl + [buster] - slurm-llnl (Too intrusive to backport) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2022/000072.html + NOTE: https://github.com/SchedMD/slurm/commit/500787548cf3da22cc69ca2111ce51f77543849b (slurm-21-08-8-1) + NOTE: https://github.com/SchedMD/slurm/commit/5b78f713f4b2e390ce80ad754b1240ad36e355ee (slurm-20-11-9-1) +CVE-2022-29499 (The Service Appliance component in Mitel MiVoice Connect through 19.2 ...) + NOT-FOR-US: Mitel +CVE-2022-29498 (Blazer before 2.6.0 allows SQL Injection. In certain circumstances, an ...) + NOT-FOR-US: Blazer +CVE-2022-29497 + RESERVED +CVE-2022-29491 (On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29480 (On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29479 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29474 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29473 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29464 (Certain WSO2 products allow unrestricted file upload with resultant re ...) + NOT-FOR-US: WSO2 +CVE-2022-29463 + RESERVED +CVE-2022-29462 + RESERVED +CVE-2022-29461 + RESERVED +CVE-2022-29460 + RESERVED +CVE-2022-29459 + RESERVED +CVE-2022-29458 (ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmen ...) + {DLA-3167-1} + - ncurses 6.3+20220423-1 (bug #1009870) + [bullseye] - ncurses 6.2+20201114-2+deb11u1 + [stretch] - ncurses (Minor issue) + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html + NOTE: https://invisible-island.net/ncurses/NEWS.html#t20220416 +CVE-2022-29457 (Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Ex ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-29263 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28859 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions pri ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28716 (On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28714 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28708 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions pri ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28707 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28706 (On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28705 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28701 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profil ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28695 (On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-28691 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27880 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27878 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27875 (On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27806 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27662 (On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions pri ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27659 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27636 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27634 (On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27495 (On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plan ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27230 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27189 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27182 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-27181 (On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions pr ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26890 (On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26835 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26517 (On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26415 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26372 (On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26370 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26340 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26130 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-26071 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-25990 (On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-25946 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-1389 (On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-1388 (On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-29456 + RESERVED +CVE-2022-29455 (DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elemen ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29454 (Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Mes ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29453 (Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29452 (Authenticated (editor or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29451 (Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vul ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29450 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Ma ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29449 (Authenticated (contributor or higher user role) Stored Cross-Site Scri ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29448 (Authenticated (admin or higher user role) Local File Inclusion (LFI) v ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29447 (Authenticated (administrator or higher user role) Local File Inclusion ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29446 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29445 (Authenticated (administrator or higher role) Local File Inclusion (LFI ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29444 (Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29443 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29442 (Authenticated (subscriber or higher user role) Stored Cross-Site Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29441 (Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29440 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29439 (Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by Nex ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29438 (Authenticated (author or higher user role) Persistent Cross-Site Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29437 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Sl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29436 (Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokm ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29435 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Stokmann' ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29434 (Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29433 (Authenticated (contributor or higher role) Cross-Site Scripting (XSS) ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29432 (Multiple Authenticated (administrator or higher user role) Persistent ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29431 (Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29430 (Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29429 (Remote Code Execution (RCE) in Alexander Stokmann's Code Snippets Exte ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29428 (Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29427 (Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disabl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29426 (Authenticated (contributor or higher user role) Reflected Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29425 (Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files U ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29424 (Authenticated (admin or higher user role) Reflected Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29423 (Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29422 (Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29421 (Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat's Cou ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29420 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29419 (SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29418 (Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29417 (Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adapti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29416 (Unauth. Reflected Cross-Site Scripting (XSS) vulnerability inAfterpay ...) + NOT-FOR-US: AfterPay +CVE-2022-29415 (Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29414 (Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WP ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29413 (Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29412 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit \ ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29411 (SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u97f3\u4e50\u64 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29410 (Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit \u ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29409 + RESERVED +CVE-2022-29408 (Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital' ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29407 + RESERVED +CVE-2022-29406 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28717 (Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C ...) + NOT-FOR-US: Rebooter +CVE-2022-27632 (Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT ...) + NOT-FOR-US: Rebooter +CVE-2022-1387 (The No Future Posts WordPress plugin through 1.4 does not escape its s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1386 (The Fusion Builder WordPress plugin before 3.6.2, used in the Avada th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29405 (In Apache Archiva, any registered user can reset password for any user ...) + NOT-FOR-US: Apache Archiva +CVE-2022-1385 (Mattermost 6.4.x and earlier fails to properly invalidate pending emai ...) + - mattermost-server (bug #823556) +CVE-2022-1384 (Mattermost version 6.4.x and earlier fails to properly check the plugi ...) + - mattermost-server (bug #823556) +CVE-2022-1383 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/02b4b563-b946-4343-9092-38d1c5cd60c9 + NOTE: https://github.com/radareorg/radare2/commit/1dd65336f0f0c351d6ea853efcf73cf9c0030862 +CVE-2022-1382 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/d8b6d239-6d7b-4783-b26b-5be848c01aa1 + NOTE: https://github.com/radareorg/radare2/commit/48f0ea79f99174fb0a62cb2354e13496ce5b7c44 +CVE-2022-29404 (In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/5 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-29404 + NOTE: https://github.com/apache/httpd/commit/ce259c4061905bf834f9af51c92456cfe8335ddc +CVE-2022-1381 (global heap buffer overflow in skip_range in GitHub repository vim/vim ...) + - vim 2:8.2.4793-1 + [bullseye] - vim (affects visual range parsing, which was added in 8.2.4633) + [buster] - vim (affects visual range parsing, which was added in 8.2.4633) + NOTE: https://huntr.dev/bounties/55f9c0e8-c221-48b6-a00e-bdcaebaba4a4/ + NOTE: https://github.com/vim/vim/commit/f50808ed135ab973296bca515ae4029b321afe47 (v8.2.4763) +CVE-2022-29403 + RESERVED +CVE-2022-29402 (TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protecti ...) + NOT-FOR-US: TP-Link +CVE-2022-29401 + RESERVED +CVE-2022-29400 + RESERVED +CVE-2022-29399 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29398 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29397 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29396 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29395 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29394 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29393 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29392 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29391 (TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29390 + RESERVED +CVE-2022-29389 + RESERVED +CVE-2022-29388 + RESERVED +CVE-2022-29387 + RESERVED +CVE-2022-29386 + RESERVED +CVE-2022-29385 + RESERVED +CVE-2022-29384 + RESERVED +CVE-2022-29383 (NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovere ...) + NOT-FOR-US: Netgear +CVE-2022-29382 + RESERVED +CVE-2022-29381 + RESERVED +CVE-2022-29380 (Academy-LMS v4.3 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: Academy-LMS +CVE-2022-29379 (Nginx NJS v0.7.3 was discovered to contain a stack overflow in the fun ...) + NOT-FOR-US: njs +CVE-2022-29378 + RESERVED +CVE-2022-29377 (Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a st ...) + NOT-FOR-US: TOTOLINK +CVE-2022-29376 (Xampp for Windows v8.1.4 and below was discovered to contain insecure ...) + NOT-FOR-US: XAMPP for Windows +CVE-2022-29375 + RESERVED +CVE-2022-29374 + RESERVED +CVE-2022-29373 + RESERVED +CVE-2022-29372 + RESERVED +CVE-2022-29371 + RESERVED +CVE-2022-29370 + RESERVED +CVE-2022-29369 (Nginx NJS v0.7.2 was discovered to contain a segmentation violation vi ...) + NOT-FOR-US: njs +CVE-2022-29368 (Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was di ...) + NOT-FOR-US: Moddable SDK +CVE-2022-29367 + RESERVED +CVE-2022-29366 + RESERVED +CVE-2022-29365 + RESERVED +CVE-2022-29364 + RESERVED +CVE-2022-29363 (Phpok v6.1 was discovered to contain a deserialization vulnerability v ...) + NOT-FOR-US: qinggan phpok +CVE-2022-29362 (A cross-site scripting (XSS) vulnerability in /navigation/create?Paren ...) + NOT-FOR-US: ZKEACMS +CVE-2022-29361 (Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below ...) + NOTE: Disputed Werkzeug issue, no security impact + NOTE: https://github.com/pallets/werkzeug/issues/2420 +CVE-2022-29360 (The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted em ...) + {DLA-3435-1} + - rainloop (bug #1004548) + NOTE: https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/ + NOTE: https://github.com/RainLoop/rainloop-webmail/issues/2142 +CVE-2022-29359 (A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs ...) + NOT-FOR-US: School Club Application System +CVE-2022-29358 (epub2txt2 v2.04 was discovered to contain an integer overflow via the ...) + - epub2txt2 (bug #1004115) +CVE-2022-29357 + RESERVED +CVE-2022-29356 + RESERVED +CVE-2022-29355 + RESERVED +CVE-2022-29354 (An arbitrary file upload vulnerability in the file upload module of Ke ...) + NOT-FOR-US: keystonejs/keystone +CVE-2022-29353 (An arbitrary file upload vulnerability in the file upload module of Gr ...) + NOT-FOR-US: jaydenseric/graphql-upload +CVE-2022-29352 + RESERVED +CVE-2022-29351 (An arbitrary file upload vulnerability in the file upload module of Ti ...) + NOT-FOR-US: tiddlywiki +CVE-2022-29350 + RESERVED +CVE-2022-29349 (kkFileView v4.0.0 was discovered to contain a cross-site scripting (XS ...) + NOT-FOR-US: kkFileview +CVE-2022-29348 + RESERVED +CVE-2022-29347 (An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attacke ...) + NOT-FOR-US: Web@rchiv +CVE-2022-29346 + RESERVED +CVE-2022-29345 + RESERVED +CVE-2022-29344 + RESERVED +CVE-2022-29343 + RESERVED +CVE-2022-29342 + RESERVED +CVE-2022-29341 + RESERVED +CVE-2022-29340 (GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vul ...) + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/commit/37592ad86c6ca934d34740012213e467acc4a3b0 + NOTE: https://github.com/gpac/gpac/issues/2163 +CVE-2022-29339 (In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils ...) + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/commit/9ea93a2ec8f555ceed1ee27294cf94822f14f10f + NOTE: https://github.com/gpac/gpac/issues/2165 +CVE-2022-29338 + RESERVED +CVE-2022-29337 (C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command ...) + NOT-FOR-US: CDATA +CVE-2022-29336 + RESERVED +CVE-2022-29335 + RESERVED +CVE-2022-29334 (An issue in H v1.0 allows attackers to bypass authentication via a ses ...) + NOT-FOR-US: SiJiDo/H +CVE-2022-29333 (A vulnerability in CyberLink Power Director v14 allows attackers to es ...) + NOT-FOR-US: CyberLink PowerDirector +CVE-2022-29332 (D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An atta ...) + NOT-FOR-US: D-Link +CVE-2022-29331 + RESERVED +CVE-2022-29330 (Missing access control in the backup system of Telesoft VitalPBX befor ...) + NOT-FOR-US: Telesoft +CVE-2022-29329 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap ...) + NOT-FOR-US: D-Link +CVE-2022-29328 (D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack ...) + NOT-FOR-US: D-Link +CVE-2022-29327 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29326 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29325 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29324 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29323 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29322 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29321 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflo ...) + NOT-FOR-US: D-Link +CVE-2022-29320 (MiniTool Partition Wizard v12.0 contains an unquoted service path whic ...) + NOT-FOR-US: MiniTool Partition Wizard +CVE-2022-29319 + RESERVED +CVE-2022-29318 (An arbitrary file upload vulnerability in the New Entry module of Car ...) + NOT-FOR-US: Car Rental Management System +CVE-2022-29317 (Simple Bus Ticket Booking System v1.0 was discovered to contain multip ...) + NOT-FOR-US: Simple Bus Ticket Booking System +CVE-2022-29316 (Complete Online Job Search System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Complete Online Job Search System +CVE-2022-29315 (Invicti Acunetix before 14 allows CSV injection via the Description fi ...) + NOT-FOR-US: Invicti Acunetix +CVE-2022-29314 + RESERVED +CVE-2022-29313 + RESERVED +CVE-2022-29312 + RESERVED +CVE-2022-29311 + RESERVED +CVE-2022-29310 + RESERVED +CVE-2022-29309 (mysiteforme v2.2.1 was discovered to contain a Server-Side Request For ...) + NOT-FOR-US: mysiteforme +CVE-2022-29308 + RESERVED +CVE-2022-29307 (IonizeCMS v1.0.8.1 was discovered to contain a command injection vulne ...) + NOT-FOR-US: Ionize CMS +CVE-2022-29306 (IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Ionize CMS +CVE-2022-29305 (imgurl v2.31 was discovered to contain a Blind SQL injection vulnerabi ...) + NOT-FOR-US: imgURL +CVE-2022-29304 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-29303 (SolarView Compact ver.6.00 was discovered to contain a command injecti ...) + NOT-FOR-US: SolarView Compact +CVE-2022-29302 (SolarView Compact ver.6.00 was discovered to contain a local file disc ...) + NOT-FOR-US: SolarView Compact +CVE-2022-29301 + REJECTED +CVE-2022-29300 + RESERVED +CVE-2022-29299 + REJECTED +CVE-2022-29298 (SolarView Compact ver.6.00 allows attackers to access sensitive files ...) + NOT-FOR-US: SolarView Compact +CVE-2022-29297 + RESERVED +CVE-2022-29296 (A reflected cross-site scripting (XSS) vulnerability in the login port ...) + NOT-FOR-US: Avantune Genialcloud ProJ +CVE-2022-29295 + RESERVED +CVE-2022-29294 + RESERVED +CVE-2022-29293 + RESERVED +CVE-2022-29292 + RESERVED +CVE-2022-29291 + RESERVED +CVE-2022-29290 + RESERVED +CVE-2022-29289 + RESERVED +CVE-2022-29288 + RESERVED +CVE-2022-29287 (Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vul ...) + NOT-FOR-US: Kentico CMS +CVE-2022-29286 (Pexip Infinity 27 before 28.0 allows remote attackers to trigger exces ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-29285 + RESERVED +CVE-2022-29284 + RESERVED +CVE-2022-29283 + RESERVED +CVE-2022-29282 + RESERVED +CVE-2022-29281 (Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of ...) + NOT-FOR-US: Notable +CVE-2022-29280 + REJECTED +CVE-2022-29279 (Use of a untrusted pointer allows tampering with SMRAM and OS memory i ...) + NOT-FOR-US: Insyde +CVE-2022-29278 (Incorrect pointer checks within the NvmExpressDxe driver can allow tam ...) + NOT-FOR-US: Insyde +CVE-2022-29277 (Incorrect pointer checks within the the FwBlockServiceSmm driver can a ...) + NOT-FOR-US: Insyde +CVE-2022-29276 (SMI functions in AhciBusDxe use untrusted inputs leading to corruption ...) + NOT-FOR-US: Insyde +CVE-2022-29275 (In UsbCoreDxe, untrusted input may allow SMRAM or OS memory tampering ...) + NOT-FOR-US: Insyde +CVE-2022-29274 + RESERVED +CVE-2022-29273 (pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in th ...) + NOT-FOR-US: pfSense +CVE-2022-29272 (In Nagios XI through 5.8.5, an open redirect vulnerability exists in t ...) + NOT-FOR-US: Nagios XI +CVE-2022-29271 (In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorre ...) + NOT-FOR-US: Nagios XI +CVE-2022-29270 (In Nagios XI through 5.8.5, it is possible for a user without password ...) + NOT-FOR-US: Nagios XI +CVE-2022-29269 (In Nagios XI through 5.8.5, in the schedule report function, an authen ...) + NOT-FOR-US: Nagios XI +CVE-2022-29268 + REJECTED +CVE-2022-29267 + RESERVED +CVE-2022-1380 (Stored Cross Site Scripting vulnerability in Item name parameter in Gi ...) + - snipe-it (bug #1005172) +CVE-2022-1379 (URL Restriction Bypass in GitHub repository plantuml/plantuml prior to ...) + - plantuml (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/0d737527-86e1-41d1-9d37-b2de36bc063a + NOTE: https://github.com/plantuml/plantuml/commit/93e5964e5f35914f3f7b89de620c596795550083 (v1.2022.5) + NOTE: Introduced in https://github.com/plantuml/plantuml/commit/3192fa218c2ad0420d03de70f57f8521e1de315d (v1.2020.11) +CVE-2022-29266 (In APache APISIX before 3.13.1, the jwt-auth plugin has a security iss ...) + NOT-FOR-US: Apache APISIX +CVE-2022-1378 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1377 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1376 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1375 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1374 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1373 (The \u201crestore configuration\u201d feature of Softing Secure Integr ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-1372 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1371 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1370 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1369 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1368 (The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (335 ...) + NOT-FOR-US: Cognex 3D-A1000 Dimensioning System +CVE-2022-1367 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1366 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1365 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) + NOT-FOR-US: lquixada/cross-fetch +CVE-2022-29265 (Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML ...) + NOT-FOR-US: Apache NiFi +CVE-2022-1364 (Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 ...) + {DSA-5121-1} + - chromium 100.0.4896.127-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1363 + RESERVED +CVE-2022-1362 (The affected On-Premise cnMaestro is vulnerable inside a specific rout ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1361 (The affected On-Premise cnMaestro is vulnerable to a pre-auth data exf ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1360 (The affected On-Premise cnMaestro is vulnerable to execution of code o ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1359 (The affected On-Premise cnMaestro is vulnerable to an arbitrary file-w ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1358 (The affected On-Premise is vulnerable to data exfiltration through imp ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1357 (The affected On-Premise cnMaestro allows an unauthenticated attacker t ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1356 (cnMaestro is vulnerable to a local privilege escalation. By default, a ...) + NOT-FOR-US: Cambium Networks cnMaestro +CVE-2022-1355 (A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.3.0-8 (bug #1011160) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/400 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/323 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2 +CVE-2022-1354 (A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFR ...) + {DSA-5333-1 DLA-3278-1} + - tiff 4.3.0-7 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/319 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 + NOTE: Introduced by: https://gitlab.com/libtiff/libtiff/-/commit/7057734d986001b7fd6d2afde9667da7754ff2cc (v4.0.9) +CVE-2022-1353 (A vulnerability was found in the pfkey_register function in net/key/af ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.17.3-1 + NOTE: https://git.kernel.org/linus/9a564bccb78a76740ea9d75a259942df8143d02c (5.17) +CVE-2022-1352 (Due to an insecure direct object reference vulnerability in Gitlab EE/ ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1351 (Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10 ...) + NOT-FOR-US: pimcore +CVE-2022-29264 (An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitra ...) + - coreboot (unimportant) + NOTE: https://review.coreboot.org/c/coreboot/+/63478 + NOTE: Introduced by: https://github.com/coreboot/coreboot/commit/afb7a814783cda12f5b72167163b9109ee1d15a7 (4.13) + NOTE: Fixed by: https://github.com/coreboot/coreboot/commit/d7c371619a287a3a74e23fc3fcff4793a12deba6 (4.17) + NOTE: src:coreutils builds only the utilities +CVE-2022-28719 (Missing authentication for critical function in AssetView prior to Ver ...) + NOT-FOR-US: AssetView +CVE-2022-1350 (A vulnerability classified as problematic was found in GhostPCL 9.55.0 ...) + - ghostscript (unimportant) + NOTE: https://vuldb.com/?id.197290 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=705156 + NOTE: https://bugs.ghostscript.com/attachment.cgi?id=22323 + NOTE: Issue is in GhostPCL sourcewise shipped in src:ghostscript + NOTE: Upstream report is as per 2022-04-15 not yet public +CVE-2022-1349 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1348 (A vulnerability was found in logrotate in how the state file is create ...) + - logrotate 3.20.1-1 (bug #1011644) + [bullseye] - logrotate 3.18.0-2+deb11u1 + [buster] - logrotate (Vulnerable code introduced later) + [stretch] - logrotate (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/25/3 + NOTE: Introduced by: https://github.com/logrotate/logrotate/commit/f46d0bdfc9c53515c13880c501f4d2e1e7dd8b25 (3.17.0) + NOTE: https://github.com/logrotate/logrotate/pull/446 + NOTE: Fixed by: https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9 (3.20.0) + NOTE: Fixed by: https://github.com/logrotate/logrotate/commit/addbd293242b0b78aa54f054e6c1d249451f137d (3.20.1) + NOTE: Packages are built with --with-state-file-path=/var/lib/logrotate/status + NOTE: but /var/lib/logrotate has 0755 permissions, allowing a user to aquire a lock on the file. +CVE-2022-1347 (Stored XSS in the "Username" & "Email" input fields leads to account t ...) + NOT-FOR-US: organizr +CVE-2022-1346 (Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1 ...) + NOT-FOR-US: organizr +CVE-2022-1345 (Stored XSS viva .svg file upload in GitHub repository causefx/organizr ...) + NOT-FOR-US: organizr +CVE-2022-29261 + RESERVED +CVE-2022-29260 + RESERVED +CVE-2022-29259 + RESERVED +CVE-2022-29258 (XWiki Platform Filter UI provides a generic user interface to convert ...) + NOT-FOR-US: XWiki +CVE-2022-29257 (Electron is a framework for writing cross-platform desktop application ...) + - electron (bug #842420) +CVE-2022-29256 (sharp is an application for Node.js image processing. Prior to version ...) + NOT-FOR-US: lovell/sharp +CVE-2022-29255 (Vyper is a Pythonic Smart Contract Language for the ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2022-29254 (silverstripe-omnipay is a SilverStripe integration with Omnipay PHP pa ...) + NOT-FOR-US: Silverstripe CMS +CVE-2022-29253 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-29252 (XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. S ...) + NOT-FOR-US: XWiki +CVE-2022-29251 (XWiki Platform Flamingo Theme UI is a tool that allows customization a ...) + NOT-FOR-US: XWiki +CVE-2022-29250 (GLPI is a Free Asset and IT Management Software package, that provides ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5w33-4wrx-8hvw + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-29249 (JavaEZ is a library that adds new functions to make Java easier. A wea ...) + NOT-FOR-US: JavaEZLib/JavaEZ +CVE-2022-29248 (Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 ...) + {DSA-5246-1} + - guzzle 7.4.4-1 (bug #1011636) + - mediawiki 1:1.35.7-1 + [buster] - mediawiki (Embedded Guzzle copy not present) + NOTE: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 + NOTE: https://phabricator.wikimedia.org/T308473 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/807225/ + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/ +CVE-2022-29247 (Electron is a framework for writing cross-platform desktop application ...) + - electron (bug #842420) +CVE-2022-29246 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Microsoft +CVE-2022-29245 (SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 ...) + NOT-FOR-US: SSH.NET +CVE-2022-29244 (npm pack ignores root-level .gitignore and .npmignore file exclusion d ...) + NOT-FOR-US: Node pack +CVE-2022-29243 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-29242 (GOST engine is a reference implementation of the Russian GOST crypto a ...) + - libengine-gost-openssl1.1 (bug #1012512) + [bullseye] - libengine-gost-openssl1.1 (Minor issue) + [buster] - libengine-gost-openssl1.1 (Minor issue) + - libengine-gost-openssl (Fixed with initial upload to the archive) + NOTE: https://github.com/gost-engine/engine/security/advisories/GHSA-2rmw-8wpg-vgw5 + NOTE: https://github.com/gost-engine/engine/commit/7df766124f87768b43b9e8947c5a01e17545772c (v3.0.1) + NOTE: https://github.com/gost-engine/engine/commit/b2b4d629f100eaee9f5942a106b1ccefe85b8808 (v3.0.1) + NOTE: https://github.com/gost-engine/engine/commit/c6655a0b620a3e31f085cc906f8073fe81b2fad3 (v3.0.1) +CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, APIs, and ...) + - jupyter-server 1.17.1-1 (bug #1013271) + [bullseye] - jupyter-server (Minor issue) + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g +CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...) + NOT-FOR-US: Scylla +CVE-2022-29239 + RESERVED +CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...) + - jupyter-notebook 6.4.12-1 (bug #1013272) + [bullseye] - jupyter-notebook (Minor issue) + [buster] - jupyter-notebook (Minor issue) + NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-v7vq-3x77-87vg +CVE-2022-29237 (Opencast is a free and open source solution for automated video captur ...) + NOT-FOR-US: Opencast +CVE-2022-29236 (BigBlueButton is an open source web conferencing system. Starting in v ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29235 (BigBlueButton is an open source web conferencing system. Starting in v ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29234 (BigBlueButton is an open source web conferencing system. Starting in v ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29233 (BigBlueButton is an open source web conferencing system. In BigBlueBut ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29232 (BigBlueButton is an open source web conferencing system. Starting with ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29231 + RESERVED +CVE-2022-29230 (Hydrogen is a React-based framework for building dynamic, Shopify-powe ...) + NOT-FOR-US: Shopify/hydrogen +CVE-2022-29229 (CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject ...) + NOT-FOR-US: cassproject/CASS +CVE-2022-29228 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) + - envoyproxy (bug #987544) +CVE-2022-29227 (Envoy is a cloud-native high-performance edge/middle/service proxy. In ...) + - envoyproxy (bug #987544) +CVE-2022-29226 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) + - envoyproxy (bug #987544) +CVE-2022-29225 (Envoy is a cloud-native high-performance proxy. In versions prior to 1 ...) + - envoyproxy (bug #987544) +CVE-2022-29224 (Envoy is a cloud-native high-performance proxy. Versions of envoy prio ...) + - envoyproxy (bug #987544) +CVE-2022-29223 (Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded st ...) + NOT-FOR-US: Microsoft +CVE-2022-29222 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) + - snowflake 2.2.0-1 (bug #1011458) + NOTE: https://github.com/pion/dtls/security/advisories/GHSA-w45j-f832-hxvh + NOTE: https://github.com/pion/dtls/commit/d2f797183a9f044ce976e6df6f362662ca722412 (v2.1.5) + NOTE: https://github.com/pion/dtls/releases/tag/v2.1.5 +CVE-2022-29221 (Smarty is a template engine for PHP, facilitating the separation of pr ...) + {DSA-5151-1 DLA-3033-1} + - smarty4 4.1.1-1 (bug #1011757) + - smarty3 3.1.45-1 (bug #1011758) + - smarty + NOTE: https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c + NOTE: https://github.com/smarty-php/smarty/commit/64ad6442ca1da31cefdab5c9874262b702cccddd (v4.1.1) + NOTE: https://github.com/smarty-php/smarty/commit/3606c4717ed6348e114a610ff1e446048dcd0345 (v3.1.45) +CVE-2022-29220 (github-action-merge-dependabot is an action that automatically approve ...) + NOT-FOR-US: github-action-merge-dependabot +CVE-2022-29219 (Lodestar is a TypeScript implementation of the Ethereum Consensus spec ...) + NOT-FOR-US: chainsafe/lodestar +CVE-2022-29218 (RubyGems is a package registry used to supply software for the Ruby la ...) + NOT-FOR-US: rubygems/rubygems.org +CVE-2022-29217 (PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple ...) + - pyjwt 2.4.0-1 (bug #1011747) + [bullseye] - pyjwt (Vulnerable code not present) + [buster] - pyjwt (Vulnerable code not present) + [stretch] - pyjwt (Vulnerable code not present) + NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-ffqj-6fqr-9h24 + NOTE: https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc (2.4.0) + NOTE: https://github.com/jpadilla/pyjwt/releases/tag/2.4.0 +CVE-2022-29216 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29215 (RegionProtect is a plugin that allows users to manage certain events i ...) + NOT-FOR-US: PocketMine plugin +CVE-2022-29214 (NextAuth.js (next-auth) is am open source authentication solution for ...) + NOT-FOR-US: NextAuth.js +CVE-2022-29213 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29212 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29211 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29210 (TensorFlow is an open source platform for machine learning. In version ...) + - tensorflow (bug #804612) +CVE-2022-29209 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29208 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29207 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29206 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29205 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29204 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29203 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29202 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29201 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29200 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29199 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29198 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29197 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29196 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29195 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29194 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29193 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29192 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29191 (TensorFlow is an open source platform for machine learning. Prior to v ...) + - tensorflow (bug #804612) +CVE-2022-29190 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) + - snowflake 2.2.0-1 (bug #1011457) + NOTE: https://github.com/pion/dtls/security/advisories/GHSA-cm8f-h6j3-p25c + NOTE: https://github.com/pion/dtls/commit/e0b2ce3592e8e7d73713ac67b363a2e192a4cecf (v2.1.4) + NOTE: https://github.com/pion/dtls/releases/tag/v2.1.4 +CVE-2022-29189 (Pion DTLS is a Go implementation of Datagram Transport Layer Security. ...) + - snowflake 2.2.0-1 (bug #1011457) + NOTE: https://github.com/pion/dtls/security/advisories/GHSA-cx94-mrg9-rq4j + NOTE: https://github.com/pion/dtls/commit/a6397ff7282bc56dc37a68ea9211702edb4de1de (v2.1.4) + NOTE: https://github.com/pion/dtls/releases/tag/v2.1.4 +CVE-2022-29188 (Smokescreen is an HTTP proxy. The primary use case for Smokescreen is ...) + NOT-FOR-US: Smokescreen +CVE-2022-29187 (Git is a distributed revision control system. Git prior to versions 2. ...) + {DSA-5332-1 DLA-3239-1} + - git 1:2.37.2-1 (bug #1014848) + NOTE: https://lists.q42.co.uk/pipermail/git-announce/2022-July/001250.html + NOTE: https://github.com/git/git/commit/3b0bf2704980b1ed6018622bdf5377ec22289688 (v2.30.5) + NOTE: https://github.com/git/git/commit/ae9abbb63eea74441e3e8b153dc6ec1f94c373b4 (v2.30.5) (regression) + NOTE: https://github.com/git/git/commit/5f1a3fec8c304decaa9af2bf503712050a4a84e0 (v2.30.5) (regression test) + NOTE: https://github.com/git/git/commit/b9063afda17a2aa6310423c9f7b776c41f753091 (v2.30.5) (regression test) + NOTE: https://github.com/git/git/commit/6b11e3d52e919cce91011f4f9025e6f4b61375f2 (v2.30.5) (regression) + NOTE: Relates to CVE-2022-24765. +CVE-2022-29186 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2022-29185 (totp-rs is a Rust library that permits the creation of 2FA authentific ...) + NOT-FOR-US: Rust crate totp-rs +CVE-2022-29184 (GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0 ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2022-29183 (GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4. ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2022-29182 (GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21 ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2022-29181 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri pri ...) + - ruby-nokogiri 1.13.7+dfsg-1 (unimportant) + NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m + NOTE: https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7 (v1.13.6) + NOTE: Binary package do not contain the Java extension, as the package is built with + NOTE: export DH_RUBY_GEM_INSTALL_EXCLUDE = ext/java/* +CVE-2022-29180 (A vulnerability in which attackers could forge HTTP requests to manipu ...) + NOT-FOR-US: charmbracelet/charm +CVE-2022-29179 (Cilium is open source software for providing and securing network conn ...) + - cilium (bug #858303) +CVE-2022-29178 (Cilium is open source software for providing and securing network conn ...) + - cilium (bug #858303) +CVE-2022-29177 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) + - golang-github-go-ethereum (bug #890541) +CVE-2022-29176 (Rubygems is a package registry used to supply software for the Ruby la ...) + NOT-FOR-US: rubygems/rubygems.org +CVE-2022-29175 + REJECTED +CVE-2022-29174 (countly-server is the server-side part of Countly, a product analytics ...) + NOT-FOR-US: countly-server +CVE-2022-29173 (go-tuf is a Go implementation of The Update Framework (TUF). go-tuf do ...) + - golang-github-endophage-gotuf + [stretch] - golang-github-endophage-gotuf (Vulnerable code not present) + NOTE: upstream location has changed since the version in stretch. + NOTE: https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d + NOTE: https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj +CVE-2022-29172 (Auth0 is an authentication broker that supports both social and enterp ...) + NOT-FOR-US: Auth0 +CVE-2022-29171 (Sourcegraph is a fast and featureful code search and navigation engine ...) + NOT-FOR-US: Sourcegraph +CVE-2022-29170 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana (Specific to Grafana Enterprise) +CVE-2022-29169 (BigBlueButton is an open source web conferencing system. Versions star ...) + NOT-FOR-US: BigBlueButton +CVE-2022-29168 (Wire is a secure messaging application. Wire is vulnerable to arbitrar ...) + NOT-FOR-US: wire-webapp +CVE-2022-29167 (Hawk is an HTTP authentication scheme providing mechanisms for making ...) + {DLA-3246-1} + - node-hawk 9.0.1-1 + [bullseye] - node-hawk 8.0.1+dfsg-2+deb11u1 + NOTE: https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq + NOTE: https://github.com/mozilla/hawk/pull/286 + NOTE: https://github.com/mozilla/hawk/commit/ade134119bf1fdc4909d00f5a952c966f0075ad3 +CVE-2022-29166 (matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerab ...) + NOT-FOR-US: Matrix-appservice-bridge +CVE-2022-29165 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-29164 (Argo Workflows is an open source container-native workflow engine for ...) + NOT-FOR-US: Argo Workflows +CVE-2022-29163 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-29162 (runc is a CLI tool for spawning and running containers on Linux accord ...) + {DLA-3369-1} + - runc 1.1.3+ds1-1 + [bullseye] - runc 1.0.0~rc93+ds1-5+deb11u2 + [stretch] - runc (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/12/1 + NOTE: https://github.com/opencontainers/runc/commit/364ec0f1b4fa188ad96049c590ecb42fa70ea165 (v1.1.2) + NOTE: https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65 (main) +CVE-2022-29161 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-29160 (Nextcloud Android is the Android client for Nextcloud, a self-hosted p ...) + NOT-FOR-US: Nextcloud Android app +CVE-2022-29159 (Nextcloud Deck is a Kanban-style project & personal management tool fo ...) + NOT-FOR-US: Nextcloud Deck +CVE-2022-29158 (Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expressio ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-1344 (Stored XSS due to no sanitization in the filename in GitHub repository ...) + NOT-FOR-US: organizr +CVE-2022-1343 (The function `OCSP_basic_verify` verifies the signer certificate on an ...) + [experimental] - openssl 3.0.3-1 + - openssl (Only affects OpenSSL 3.0) + NOTE: https://www.openssl.org/news/secadv/20220503.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a (openssl-3.0.3) +CVE-2022-1342 (A lack of password masking in Devolutions Remote Desktop Manager allow ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-1341 (An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write e ...) + - bwm-ng 0.6.3-1 (unimportant) + NOTE: https://github.com/vgropp/bwm-ng/issues/26 + NOTE: https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17 + NOTE: No security impact +CVE-2022-1340 (Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecomp ...) + NOT-FOR-US: yetiforcecrm +CVE-2022-1339 (SQL injection in ElementController.php in GitHub repository pimcore/pi ...) + NOT-FOR-US: pimcore +CVE-2022-1338 (The Easily Generate Rest API Url WordPress plugin through 1.0.0 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1337 (The image proxy component in Mattermost version 6.4.1 and earlier allo ...) + - mattermost-server (bug #823556) +CVE-2022-1336 (The Carousel CK WordPress plugin through 1.1.0 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1335 (The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1334 (The WP YouTube Live WordPress plugin before 1.8.3 does not validate, s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1333 (Mattermost Playbooks plugin v1.24.0 and earlier fails to properly chec ...) + NOT-FOR-US: Mattermost Playbooks plugin +CVE-2015-20107 (In Python (aka CPython) up to 3.10.8, the mailcap module does not add ...) + {DLA-3477-1 DLA-3432-1} + - python3.10 3.10.6-1 + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python3.5 + [stretch] - python3.5 (Minor issue) + - python2.7 + [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) + [stretch] - python2.7 (Minor issue) + NOTE: https://bugs.python.org/issue24778 + NOTE: https://github.com/python/cpython/issues/68966 + NOTE: https://github.com/python/cpython/pull/91993 +CVE-2022-29157 + RESERVED +CVE-2022-29156 (drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16 ...) + - linux 5.16.12-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: Fixedy by: https://git.kernel.org/linus/8700af2cc18c919b2a83e74e0479038fd113c15d (5.17-rc6) +CVE-2022-29155 (In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection ...) + {DSA-5140-1 DLA-3017-1} + - openldap 2.5.12+dfsg-1 + NOTE: https://bugs.openldap.org/show_bug.cgi?id=9815 + NOTE: https://git.openldap.org/openldap/openldap/-/commit/87df6c19915042430540931d199a39105544a134 (master) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/40f3ae4f5c9a8baf75b237220f62c436a571d66e (OPENLDAP_REL_ENG_2_5_12) + NOTE: back-sql backend to slapd is enabled but considered experimental upstream. +CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malicious re ...) + - rsync 3.2.5-1 (bug #1016543) + [bullseye] - rsync (Minor issue; for untrusted remote sending hosts additional protective measures can be taken) + [buster] - rsync (Minor issue; for untrusted remote sending hosts additional protective measures can be taken. Not backportable without cmdline interface changes.) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/02/1 + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=b7231c7d02cfb65d291af74ff66e7d8c507ee871 (v3.2.5pre1) + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7e5424b806e8eea053016268ad186276e9083b77 (v3.2.5pre1) + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3d7015afa223494e3318495c2f5de9cb49229da9 (v3.2.5pre1) + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a (v3.2.5pre1) +CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...) + - consul 1.9.17+dfsg2-1 (bug #1017982) + [bullseye] - consul (Minor issue) + [buster] - consul (Intrusive to backport) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 + NOTE: https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19 (v1.9.17) +CVE-2022-29152 (The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an ...) + NOT-FOR-US: Ericom +CVE-2022-29151 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-29150 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-29149 (Azure Open Management Infrastructure (OMI) Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-29148 (Visual Studio Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29147 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-29146 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-29145 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft .NET +CVE-2022-29144 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-29143 (Microsoft SQL Server Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29142 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-29141 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29140 (Windows Print Spooler Information Disclosure Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-29139 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29138 (Windows Clustered Shared Volume Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29137 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29136 + RESERVED +CVE-2022-29135 (Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-29134 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-29133 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-29132 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-29131 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29130 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29129 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29128 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-29127 (BitLocker Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29126 (Tablet Windows User Interface Application Core Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2022-29125 (Windows Push Notifications Apps Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29124 + RESERVED +CVE-2022-29123 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-29122 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-29121 (Windows WLAN AutoConfig Service Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29120 (Windows Clustered Shared Volume Information Disclosure Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-29119 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-29118 + RESERVED +CVE-2022-29117 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft .NET +CVE-2022-29116 (Windows Kernel Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29115 (Windows Fax Service Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29114 (Windows Print Spooler Information Disclosure Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-29113 (Windows Digital Media Receiver Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29112 (Windows Graphics Component Information Disclosure Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-29111 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-29110 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-29109 (Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-29108 (Microsoft SharePoint Server Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29107 (Microsoft Office Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29106 (Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-29105 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2022-29104 (Windows Print Spooler Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-29103 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-29102 (Windows Failover Cluster Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-29101 + REJECTED +CVE-2022-29100 + REJECTED +CVE-2022-29099 + REJECTED +CVE-2022-29098 (Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak ...) + NOT-FOR-US: Dell +CVE-2022-29097 (Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in De ...) + NOT-FOR-US: Dell +CVE-2022-29096 (Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross- ...) + NOT-FOR-US: Dell +CVE-2022-29095 (Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Del ...) + NOT-FOR-US: Dell SupportAssist +CVE-2022-29094 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...) + NOT-FOR-US: Dell SupportAssist +CVE-2022-29093 (Dell SupportAssist Client Consumer versions (3.10.4 and versions prior ...) + NOT-FOR-US: Dell SupportAssist +CVE-2022-29092 (Dell SupportAssist Client Consumer versions (3.11.0 and versions prior ...) + NOT-FOR-US: Dell SupportAssist +CVE-2022-29091 (Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0. ...) + NOT-FOR-US: Dell +CVE-2022-29090 (Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data E ...) + NOT-FOR-US: Dell Wyse Management Suite +CVE-2022-29089 (Dell Networking OS10, versions prior to October 2021 with Smart Fabric ...) + NOT-FOR-US: Dell +CVE-2022-29088 + REJECTED +CVE-2022-29087 + REJECTED +CVE-2022-29086 + REJECTED +CVE-2022-29085 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0 ...) + NOT-FOR-US: Dell +CVE-2022-29084 (Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5 ...) + NOT-FOR-US: Dell +CVE-2022-29083 (Prior Dell BIOS versions contain an Improper Authentication vulnerabil ...) + NOT-FOR-US: Dell +CVE-2022-29082 (Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0 ...) + NOT-FOR-US: EMC +CVE-2022-1332 (One of the API in Mattermost version 6.4.1 and earlier fails to proper ...) + - mattermost-server (bug #823556) +CVE-2022-1331 (In four instances DMARS (All versions prior to v2.1.10.24) does not pr ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1330 (stored xss due to unsantized anchor url in GitHub repository alvarotri ...) + NOT-FOR-US: fullpage.js +CVE-2022-1329 (The Elementor Website Builder plugin for WordPress is vulnerable to un ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1328 (Buffer Overflow in uudecoder in Mutt affecting all versions starting f ...) + {DLA-2999-1} + - mutt 2.2.3-1 (bug #1009734) + [bullseye] - mutt 2.0.5-4.1+deb11u1 + [buster] - mutt 1.10.1-2.1+deb10u6 + - neomutt 20220429+dfsg1-1 (bug #1009735) + [bullseye] - neomutt (Minor issue) + [buster] - neomutt (Minor issue) + NOTE: https://gitlab.com/muttmua/mutt/-/issues/404 + NOTE: https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 + NOTE: https://gitlab.com/neomutt/neomutt/-/commit/ee7cb4e461c1cdf0ac14817b03687d5908b85f84 +CVE-2022-1327 (The Image Gallery WordPress plugin before 1.1.6 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1326 (The Form - Contact Form WordPress plugin through 1.2.0 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1325 (A flaw was found in Clmg, where with the help of a maliciously crafted ...) + - cimg 3.1.6+dfsg-1 (bug #1018941) + [bullseye] - cimg (Minor issue) + [buster] - cimg (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2074549 + NOTE: https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 (v3.1.0) + NOTE: https://github.com/GreycLab/CImg/issues/343 + NOTE: https://github.com/GreycLab/CImg/pull/348 + NOTE: https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/ +CVE-2022-1324 (The Event Timeline WordPress plugin through 1.1.5 does not sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1323 (The Discy WordPress theme before 5.0 lacks authorization checks then p ...) + NOT-FOR-US: WordPress theme +CVE-2022-1322 (The Coming Soon - Under Construction WordPress plugin through 1.1.9 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1321 (The miniOrange's Google Authenticator WordPress plugin before 5.5.6 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1320 (The Sliderby10Web WordPress plugin before 1.2.52 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-29081 (Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pr ...) + NOT-FOR-US: ZOHO ManageEngine +CVE-2022-29080 (The npm-dependency-versions package through 0.3.0 for Node.js allows c ...) + NOT-FOR-US: Node npm-dependency-versions +CVE-2022-29079 + RESERVED +CVE-2022-29078 (The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js ...) + - node-ejs 3.1.7-1 (bug #1010359) + [bullseye] - node-ejs 2.5.7-3+deb11u1 + [buster] - node-ejs 2.5.7-1+deb10u1 + [stretch] - node-ejs (Node not covered by security support) + NOTE: https://eslam.io/posts/ejs-server-side-template-injection-rce/ + NOTE: https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf (v3.1.7) +CVE-2022-29077 (A heap-based buffer overflow exists in rippled before 1.8.5. The vulne ...) + NOT-FOR-US: XRP rippled +CVE-2022-29076 + RESERVED +CVE-2022-29075 + RESERVED +CVE-2022-29074 + RESERVED +CVE-2022-29073 + RESERVED +CVE-2022-29072 (7-Zip through 21.07 on Windows allows privilege escalation and command ...) + NOT-FOR-US: 7-Zip on Windows +CVE-2022-29071 (This advisory documents an internally found vulnerability in the on pr ...) + NOT-FOR-US: Arista +CVE-2022-29070 + RESERVED +CVE-2022-29069 + RESERVED +CVE-2022-29068 + RESERVED +CVE-2022-29067 + RESERVED +CVE-2022-29066 + RESERVED +CVE-2022-29065 + RESERVED +CVE-2022-29064 + RESERVED +CVE-2022-1319 (A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improp ...) + - undertow 2.2.17-1 (bug #1016448) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2073890 +CVE-2022-1318 (Hills ComNav version 3002-19 suffers from a weak communication channel ...) + NOT-FOR-US: Hills ComNav +CVE-2022-1317 + RESERVED +CVE-2022-1316 (Incorrect Permission Assignment for Critical Resource in GitHub reposi ...) + NOT-FOR-US: ZeroTierOne +CVE-2022-29063 (The Solr plugin of Apache OFBiz is configured by default to automatica ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-29062 (Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet ...) + NOT-FOR-US: FortiGuard +CVE-2022-29061 (An improper neutralization of special elements used in an OS command ( ...) + NOT-FOR-US: FortiGuard +CVE-2022-29060 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...) + NOT-FOR-US: Fortinet +CVE-2022-29059 + RESERVED +CVE-2022-29058 (An improper neutralization of special elements [CWE-89] used in an OS ...) + NOT-FOR-US: FortiGuard +CVE-2022-29057 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortinet +CVE-2022-29056 (A improper restriction of excessive authentication attempts vulnerabil ...) + NOT-FOR-US: Fortinet +CVE-2022-29055 (A access of uninitialized pointer in Fortinet FortiOS version 7.2.0, 7 ...) + NOT-FOR-US: FortiGuard +CVE-2022-29054 (A missing cryptographic steps vulnerability [CWE-325]in the functions ...) + NOT-FOR-US: Fortinet +CVE-2022-29053 (A missing cryptographic steps vulnerability [CWE-325] in the functions ...) + NOT-FOR-US: FortiGuard +CVE-2022-29052 (Jenkins Google Compute Engine Plugin 4.3.8 and earlier stores private ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29051 (Missing permission checks in Jenkins Publish Over FTP Plugin 1.16 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29050 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29049 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29048 (A cross-site request forgery (CSRF) vulnerability in Jenkins Subversio ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29047 (Jenkins Pipeline: Shared Groovy Libraries Plugin 564.ve62a_4eb_b_e039 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29046 (Jenkins Subversion Plugin 2.15.3 and earlier does not escape the name ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29045 (Jenkins promoted builds Plugin 873.v6149db_d64130 and earlier, except ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29044 (Jenkins Node and Label parameter Plugin 1.10.3 and earlier does not es ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29043 (Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29042 (Jenkins Job Generator Plugin 1.22 and earlier does not escape the name ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29041 (Jenkins Jira Plugin 3.7 and earlier, except 3.6.1, does not escape the ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29040 (Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the na ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29039 (Jenkins Gerrit Trigger Plugin 2.35.2 and earlier does not escape the n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29038 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29037 (Jenkins CVS Plugin 2.19 and earlier does not escape the name and descr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29036 (Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 108 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-29035 (In JetBrains Ktor Native before version 2.0.0 random values used for n ...) + NOT-FOR-US: JetBrains Ktor +CVE-2022-29034 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-29033 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-29032 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-29031 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-29030 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-29029 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-29028 (A vulnerability has been identified in JT2Go (All versions < V13.3.0.3 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2022-1315 + RESERVED +CVE-2022-1314 (Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1313 (Use after free in tab groups in Google Chrome prior to 100.0.4896.88 a ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1312 (Use after free in storage in Google Chrome prior to 100.0.4896.88 allo ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1311 (Use after free in shell in Google Chrome on ChromeOS prior to 100.0.48 ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1310 (Use after free in regular expressions in Google Chrome prior to 100.0. ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1309 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1308 (Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allo ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1307 (Inappropriate implementation in full screen in Google Chrome on Androi ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1306 (Inappropriate implementation in compositing in Google Chrome prior to ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1305 (Use after free in storage in Google Chrome prior to 100.0.4896.88 allo ...) + {DSA-5120-1} + - chromium 100.0.4896.88-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1304 (An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46. ...) + - e2fsprogs 1.46.6~rc1-1 (bug #1010263) + [bullseye] - e2fsprogs (Minor issue) + [buster] - e2fsprogs (Minor issue) + [stretch] - e2fsprogs (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2069726 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2068113 + NOTE: https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u + NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=maint&id=ab51d587bb9b229b1fade1afd02e1574c1ba5c76 +CVE-2022-1303 (The Slide Anything WordPress plugin before 2.3.44 does not sanitize an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1302 (In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthe ...) + NOT-FOR-US: MZ Automation LibIEC61850 +CVE-2022-1301 (The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1300 (Multiple Version of TRUMPF TruTops products expose a service function ...) + NOT-FOR-US: TRUMPF TruTops +CVE-2022-1299 (The Slideshow WordPress plugin through 2.3.1 does not sanitize and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1298 (The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Ta ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1297 (Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repo ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac + NOTE: https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6 +CVE-2022-1296 (Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub reposit ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 + NOTE: https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6 +CVE-2022-1295 (Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior ...) + NOT-FOR-US: fullpage.js +CVE-2022-1294 (The IMDB info box WordPress plugin through 2.0 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1293 (The embedded neutralization of Script-Related HTML Tag, was by-passed ...) + NOT-FOR-US: Ercom citadel +CVE-2022-1292 (The c_rehash script does not properly sanitise shell metacharacters to ...) + {DSA-5139-1 DLA-3008-1} + - openssl 1.1.1o-1 + NOTE: https://www.openssl.org/news/secadv/20220503.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 (openssl-3.0.3) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 (OpenSSL_1_1_1o) +CVE-2022-29027 + RESERVED +CVE-2022-29026 + RESERVED +CVE-2022-29025 + RESERVED +CVE-2022-29024 + RESERVED +CVE-2022-29023 (A buffer overflow vulnerability exists in the razermouse driver of Ope ...) + - openrazer 3.3.0+dfsg-1 (unimportant) + NOTE: https://github.com/openrazer/openrazer/pull/1790 + NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) + NOTE: Negligible security impact +CVE-2022-29022 (A buffer overflow vulnerability exists in the razeraccessory driver of ...) + - openrazer 3.3.0+dfsg-1 (unimportant) + NOTE: https://github.com/openrazer/openrazer/pull/1790 + NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) + NOTE: Negligible security impact +CVE-2022-29021 (A buffer overflow vulnerability exists in the razerkbd driver of OpenR ...) + - openrazer 3.3.0+dfsg-1 (unimportant) + NOTE: https://github.com/openrazer/openrazer/pull/1790 + NOTE: https://github.com/openrazer/openrazer/commit/7e8a04feb378a679f1bcdcae079a5100cc45663b (v3.3.0) + NOTE: Negligible security impact +CVE-2022-29020 (ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS ...) + NOT-FOR-US: ForestBlog +CVE-2022-29019 + RESERVED +CVE-2022-29018 + RESERVED +CVE-2022-29017 (Bento4 v1.6.0.0 was discovered to contain a segmentation fault via the ...) + NOT-FOR-US: Bento4 +CVE-2022-29016 + RESERVED +CVE-2022-29015 + RESERVED +CVE-2022-29014 (A local file inclusion vulnerability in Razer Sila Gaming Router v2.0. ...) + NOT-FOR-US: Razer Sila Gaming Router +CVE-2022-29013 (A command injection in the command parameter of Razer Sila Gaming Rout ...) + NOT-FOR-US: Razer Sila Gaming Router +CVE-2022-29012 + RESERVED +CVE-2022-29011 + RESERVED +CVE-2022-29010 + RESERVED +CVE-2022-29009 (Multiple SQL injection vulnerabilities via the username and password p ...) + NOT-FOR-US: Cyber Cafe Management System Project +CVE-2022-29008 (An insecure direct object reference (IDOR) vulnerability in the viewid ...) + NOT-FOR-US: Bus Pass Management System +CVE-2022-29007 (Multiple SQL injection vulnerabilities via the username and password p ...) + NOT-FOR-US: Dairy Farm Shop Management System +CVE-2022-29006 (Multiple SQL injection vulnerabilities via the username and password p ...) + NOT-FOR-US: Directory Management System +CVE-2022-29005 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...) + NOT-FOR-US: Online Birth Certificate System +CVE-2022-29004 (Diary Management System v1.0 was discovered to contain a cross-site sc ...) + NOT-FOR-US: Diary Management System +CVE-2022-29003 + RESERVED +CVE-2022-29002 (A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers ...) + NOT-FOR-US: xxl-job +CVE-2022-29001 (In SpringBootMovie <=1.2, the uploaded file suffix parameter is not fi ...) + NOT-FOR-US: SpringBootMovie +CVE-2022-29000 + RESERVED +CVE-2022-28999 (Insecure permissions in the install directories and binaries of Dev-CP ...) + NOT-FOR-US: Bloodshed Dev-C++ +CVE-2022-28998 (Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer ove ...) + NOT-FOR-US: Xlight FTP +CVE-2022-28997 (CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forger ...) + NOT-FOR-US: CSZCMS +CVE-2022-28996 + RESERVED +CVE-2022-28995 (Rengine v1.0.2 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: reNgine +CVE-2022-28994 (Small HTTP Server version 3.06 suffers from a remote buffer overflow v ...) + NOT-FOR-US: Small HTTP Server +CVE-2022-28993 (Multi Store Inventory Management System v1.0 allows attackers to perfo ...) + NOT-FOR-US: Multi Store Inventory Management System +CVE-2022-28992 (A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v ...) + NOT-FOR-US: Online Banquet Booking System +CVE-2022-28991 (Multi Store Inventory Management System v1.0 was discovered to contain ...) + NOT-FOR-US: Multi Store Inventory Management System +CVE-2022-28990 (WASM3 v0.5.0 was discovered to contain a heap overflow via the compone ...) + NOT-FOR-US: wasm3 +CVE-2022-28989 + RESERVED +CVE-2022-28988 + RESERVED +CVE-2022-28987 (Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to p ...) + NOT-FOR-US: ZOHO ManageEngine +CVE-2022-28986 (LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: ...) + NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle +CVE-2022-28985 (A stored cross-site scripting (XSS) vulnerability in the addNewPost co ...) + - orangehrm (bug #786622) + NOTE: https://github.com/orangehrm/orangehrm/issues/1217 +CVE-2022-28984 + RESERVED +CVE-2022-28983 + RESERVED +CVE-2022-28982 (A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 th ...) + NOT-FOR-US: Liferay +CVE-2022-28981 (Path traversal vulnerability in the Hypermedia REST APIs module in Lif ...) + NOT-FOR-US: Liferay +CVE-2022-28980 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...) + NOT-FOR-US: Liferay +CVE-2022-28979 (Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pa ...) + NOT-FOR-US: Liferay +CVE-2022-28978 (Stored cross-site scripting (XSS) vulnerability in the Site module's u ...) + NOT-FOR-US: Liferay +CVE-2022-28977 (HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Lif ...) + NOT-FOR-US: Liferay +CVE-2022-28976 + RESERVED +CVE-2022-28975 + RESERVED +CVE-2022-28974 + RESERVED +CVE-2022-28973 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-28972 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-28971 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-28970 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via th ...) + NOT-FOR-US: Tenda +CVE-2022-28969 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-28968 + RESERVED +CVE-2022-28967 + RESERVED +CVE-2022-28966 (Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code ...) + NOT-FOR-US: wasm3 +CVE-2022-28965 (Multiple DLL hijacking vulnerabilities via the components instup.exe a ...) + NOT-FOR-US: avast AV +CVE-2022-28964 (An arbitrary file write vulnerability in Avast Premium Security before ...) + NOT-FOR-US: avast AV +CVE-2022-28963 + RESERVED +CVE-2022-28962 (Online Sports Complex Booking System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Sourcecodester Online Sports Complex Booking System +CVE-2022-28961 (Spip Web Framework v3.1.13 and below was discovered to contain multipl ...) + {DSA-4798-1} + - spip 3.2.8-1 + NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr + NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 + NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf +CVE-2022-28960 (A PHP injection vulnerability in Spip before v3.2.8 allows attackers t ...) + {DSA-4798-1} + - spip 3.2.8-1 + NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html?lang=fr + NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 + NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf +CVE-2022-28959 (Multiple cross-site scripting (XSS) vulnerabilities in the component / ...) + {DSA-4798-1} + - spip 3.2.8-1 + NOTE: https://blog.spip.net/Mise-a-jour-CRITIQUE-de-securite-SPIP-3-2-8-et-SPIP-3-1-13.html + NOTE: https://thinkloveshare.com/en/hacking/rce_on_spip_and_root_me/ + NOTE: https://www.root-me.org/fr/Informations/Faiblesses-decouvertes/ + NOTE: https://github.com/spip/SPIP/commit/0394b44774555ae8331b6e65e35065dfa0bb41e4 (v4.0.0) + NOTE: https://github.com/spip/SPIP/commit/6c1650713fc948318852ace759aab8f1a84791cf +CVE-2022-28958 + REJECTED +CVE-2022-28957 + RESERVED +CVE-2022-28956 (An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows ...) + NOT-FOR-US: D-Link +CVE-2022-28955 (An access control issue in D-Link DIR816L_FW206b01 allows unauthentica ...) + NOT-FOR-US: D-Link +CVE-2022-28954 + RESERVED +CVE-2022-28953 + RESERVED +CVE-2022-28952 + RESERVED +CVE-2022-28951 + RESERVED +CVE-2022-28950 + RESERVED +CVE-2022-28949 + RESERVED +CVE-2022-28948 (An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...) + - golang-gopkg-yaml.v3 3.0.1-1 (bug #1011338) + [bullseye] - golang-gopkg-yaml.v3 (Minor issue) + NOTE: https://github.com/go-yaml/yaml/issues/666 + NOTE: https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754 (v3.0.0) +CVE-2022-28947 + RESERVED +CVE-2022-28946 (An issue in the component ast/parser.go of Open Policy Agent v0.39.0 c ...) + NOT-FOR-US: Open Policy Agent +CVE-2022-28945 (An issue in Webbank WeCube v3.2.2 allows attackers to execute a direct ...) + NOT-FOR-US: Webbank WeCube +CVE-2022-28944 (Certain EMCO Software products are affected by: CWE-494: Download of C ...) + NOT-FOR-US: EMCO +CVE-2022-28943 + RESERVED +CVE-2022-28942 + RESERVED +CVE-2022-28941 + RESERVED +CVE-2022-28940 (In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be acc ...) + NOT-FOR-US: H3C MagicR100 +CVE-2022-28939 + RESERVED +CVE-2022-28938 + RESERVED +CVE-2022-28937 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) + NOT-FOR-US: FISCO-BCOS +CVE-2022-28936 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) + NOT-FOR-US: FISCO-BCOS +CVE-2022-28935 (Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20 ...) + NOT-FOR-US: Totolink +CVE-2022-28934 + RESERVED +CVE-2022-28933 + RESERVED +CVE-2022-28932 (D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecu ...) + NOT-FOR-US: D-Link +CVE-2022-28931 + RESERVED +CVE-2022-28930 (ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: ERP-Pro +CVE-2022-28929 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: kabirkhyrul/HMS +CVE-2022-28928 + RESERVED +CVE-2022-28927 (A remote code execution (RCE) vulnerability in Subconverter v0.7.2 all ...) + NOT-FOR-US: tindy2013/subconverter +CVE-2022-28926 + RESERVED +CVE-2022-28925 + RESERVED +CVE-2022-28924 (An information disclosure vulnerability in UniverSIS-Students before v ...) + NOT-FOR-US: UniverSIS +CVE-2022-28923 (Caddy v2.4.6 was discovered to contain an open redirection vulnerabili ...) + - caddy 2.5.2-1 + NOTE: https://lednerb.de/en/publications/responsible-disclosure/caddy-open-redirect-vulnerability/ + NOTE: https://github.com/caddyserver/caddy/commit/78b5356f2b1945a90de1ef7f2c7669d82098edbd (v2.5.0-beta.1) +CVE-2022-28922 + RESERVED +CVE-2022-28921 (A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEn ...) + NOT-FOR-US: BlogEngine.NET +CVE-2022-28920 (Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting ...) + NOT-FOR-US: Baidu Tieba +CVE-2022-28919 (HTMLCreator release_stable_2020-07-29 was discovered to contain a cros ...) + - dokuwiki 0.0.20220731.a-1 (bug #1011056) + [bullseye] - dokuwiki (Minor issue) + [buster] - dokuwiki (Minor issue) + NOTE: https://github.com/splitbrain/dokuwiki/issues/3651 + NOTE: https://github.com/splitbrain/dokuwiki/commit/d3233986baa7dfe44490b805ae2e4296fad59401 +CVE-2022-28918 (GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletio ...) + NOT-FOR-US: GreenCMS +CVE-2022-28917 (Tenda AX12 v22.03.01.21_cn was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-28916 + RESERVED +CVE-2022-28915 (D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injec ...) + NOT-FOR-US: D-Link +CVE-2022-28914 + RESERVED +CVE-2022-28913 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28912 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28911 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28910 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28909 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28908 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28907 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28906 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28905 (TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-28904 + RESERVED +CVE-2022-28903 + RESERVED +CVE-2022-28902 + RESERVED +CVE-2022-28901 (A command injection vulnerability in the component /SetTriggerLEDBlink ...) + NOT-FOR-US: D-Link +CVE-2022-28900 + RESERVED +CVE-2022-28899 + RESERVED +CVE-2022-28898 + RESERVED +CVE-2022-28897 + RESERVED +CVE-2022-28896 (A command injection vulnerability in the component /setnetworksettings ...) + NOT-FOR-US: D-Link +CVE-2022-28895 (A command injection vulnerability in the component /setnetworksettings ...) + NOT-FOR-US: D-Link +CVE-2022-28894 + RESERVED +CVE-2022-28893 (The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xp ...) + {DSA-5161-1} + - linux 5.17.3-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/f00432063db1a0db484e85193eccc6845435b80e (5.18-rc2) +CVE-2022-28892 (Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to ...) + - mahara +CVE-2022-28891 + RESERVED +CVE-2022-27629 (Cross-site request forgery (CSRF) vulnerability in 'MicroPayments - Pa ...) + NOT-FOR-US: MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership +CVE-2022-1291 (XSS vulnerability with default `onCellHtmlData` function in GitHub rep ...) + NOT-FOR-US: Trudesk +CVE-2022-1290 (Stored XSS in "Name", "Group Name" & "Title" in GitHub repository polo ...) + NOT-FOR-US: Trudesk +CVE-2022-1289 (A denial of service vulnerability was found in tildearrow Furnace. It ...) + - furnace (bug #1008592) +CVE-2022-28890 (A vulnerability in the RDF/XML parser of Apache Jena allows an attacke ...) + - apache-jena 4.5.0-1 (bug #1014982) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/04/1 +CVE-2021-4226 (RSFirewall tries to identify the original IP address by looking at dif ...) + NOT-FOR-US: RSFirewall +CVE-2022-28889 (In Apache Druid 0.22.1 and earlier, the server did not set appropriate ...) + - druid (bug #825797) +CVE-2022-1288 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: School Club Application System +CVE-2022-1287 (A vulnerability classified as critical was found in School Club Applic ...) + NOT-FOR-US: School Club Application System +CVE-2022-1286 (heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repositor ...) + - mruby 3.0.0-4 + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9 + NOTE: https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189/ +CVE-2022-28888 (Spryker Commerce OS 1.4.2 allows Remote Command Execution.) + NOT-FOR-US: Spryker Commerce OS +CVE-2022-28887 (Multiple Denial-of-Service (DoS) vulnerability was discovered in F-Sec ...) + NOT-FOR-US: F-Secure +CVE-2022-28886 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) + NOT-FOR-US: F-Secure +CVE-2022-28885 (A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd ...) + NOT-FOR-US: WithSecure +CVE-2022-28884 (A Denial-of-Service vulnerability was discovered in the F-Secure and W ...) + NOT-FOR-US: WithSecure +CVE-2022-28883 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & W ...) + NOT-FOR-US: F-Secure & WithSecure products +CVE-2022-28882 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & W ...) + NOT-FOR-US: F-Secure & WithSecure products +CVE-2022-28881 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2022-28880 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...) + NOT-FOR-US: F-Secure +CVE-2022-28879 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2022-28878 (A Denial-of-Service vulnerability was discovered in the F-Secure Atlan ...) + NOT-FOR-US: F-Secure +CVE-2022-28877 (This vulnerability allows local user to delete arbitrary file in the s ...) + NOT-FOR-US: F-Secure +CVE-2022-28876 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2022-28875 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2022-28874 (Multiple Denial-of-Service vulnerabilities was discovered in the F-Sec ...) + NOT-FOR-US: F-Secure +CVE-2022-28873 (A vulnerability affecting F-Secure SAFE browser was discovered. An att ...) + NOT-FOR-US: F-Secure +CVE-2022-28872 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) + NOT-FOR-US: F-Secure +CVE-2022-28871 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2022-28870 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) + NOT-FOR-US: F-Secure +CVE-2022-28869 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) + NOT-FOR-US: F-Secure +CVE-2022-28868 (An Address bar spoofing vulnerability was discovered in Safe Browser f ...) + NOT-FOR-US: F-Secure +CVE-2022-28867 (An issue was discovered in Nokia NetAct 22 through the Administration ...) + NOT-FOR-US: Nokia +CVE-2022-28866 (Multiple Improper Access Control was discovered in Nokia AirFrame BMC ...) + NOT-FOR-US: Nokia AirFrame BMC Web GUI +CVE-2022-28865 (An issue was discovered in Nokia NetAct 22 through the Site Configurat ...) + NOT-FOR-US: Nokia +CVE-2022-28864 (An issue was discovered in Nokia NetAct 22 through the Administration ...) + NOT-FOR-US: Nokia +CVE-2022-28863 (An issue was discovered in Nokia NetAct 22. A remote user, authenticat ...) + NOT-FOR-US: Nokia +CVE-2022-28862 (In Archibus Web Central before 26.2, multiple SQL Injection vulnerabil ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2022-28861 (The server in Citilog 8.0 allows an attacker (in a man in the middle p ...) + NOT-FOR-US: Citilog +CVE-2022-28860 (An authentication downgrade in the server in Citilog 8.0 allows an att ...) + NOT-FOR-US: Citilog +CVE-2022-1285 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...) + NOT-FOR-US: Go Git Service +CVE-2022-28857 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28856 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28855 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28854 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28853 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28852 (Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28851 (Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected b ...) + NOT-FOR-US: Adobe +CVE-2022-28850 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28849 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...) + NOT-FOR-US: Adobe +CVE-2022-28848 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28847 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28846 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28845 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28844 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28843 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28842 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Us ...) + NOT-FOR-US: Adobe +CVE-2022-28841 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28840 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28839 (Adobe Bridge version 12.0.1 (and earlier versions) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2022-28838 (Acrobat Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033 ...) + NOT-FOR-US: Adobe +CVE-2022-28837 (Acrobat Pro DC version 22.001.2011x (and earlier), 20.005.3033x (and e ...) + NOT-FOR-US: Adobe +CVE-2022-28836 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-28835 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-28834 (Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are ...) + NOT-FOR-US: Adobe +CVE-2022-28833 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28832 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28831 (Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) ar ...) + NOT-FOR-US: Adobe +CVE-2022-28830 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28829 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28828 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28827 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28826 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28825 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28824 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28823 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28822 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28821 (Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2022-28820 (ACS Commons version 5.1.x (and earlier) suffers from a Reflected Cross ...) + NOT-FOR-US: Adobe +CVE-2022-28819 (Adobe Character Animator versions 4.4.2 (and earlier) and 22.3 (and ea ...) + NOT-FOR-US: Adobe +CVE-2022-28818 (ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected ...) + NOT-FOR-US: Adobe +CVE-2022-28817 + REJECTED +CVE-2022-28816 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28815 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28814 (Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in V ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28813 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28812 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28811 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-28810 (Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-28809 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2022-28808 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2022-28807 (An issue was discovered in Open Design Alliance Drawings SDK before 20 ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2022-28806 (An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9 ...) + NOT-FOR-US: Fujitsu +CVE-2022-28805 (singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) ...) + - lua5.4 5.4.4-2 (bug #1010265) + [bullseye] - lua5.4 (Minor issue) + - lua5.3 (Specific to 5.4, see #1010265) + - lua5.2 (Specific to 5.4, see #1010265) + - lua5.1 (Specific to 5.4, see #1010265) + - lua50 (Specific to 5.4, see #1010265) + NOTE: https://github.com/lua/lua/commit/1f3c6f4534c6411313361697d98d1145a1f030fa + NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00001.html + NOTE: http://lua-users.org/lists/lua-l/2022-02/msg00070.html +CVE-2022-28804 + RESERVED +CVE-2022-28803 (In SilverStripe Framework through 2022-04-07, Stored XSS can occur in ...) + NOT-FOR-US: Silverstripe CMS +CVE-2022-28802 (Code by Zapier before 2022-08-17 allowed intra-account privilege escal ...) + NOT-FOR-US: Zapier +CVE-2022-28801 + RESERVED +CVE-2022-28800 + RESERVED +CVE-2022-28799 (The TikTok application before 23.7.3 for Android allows account takeov ...) + NOT-FOR-US: TikTok Android app +CVE-2022-28798 + RESERVED +CVE-2022-28797 + RESERVED +CVE-2022-28795 (A vulnerability within the Avira Password Manager Browser Extensions p ...) + NOT-FOR-US: Avira Password Manager Browser Extensions +CVE-2022-28794 (Sensitive information exposure in low-battery dumpstate log prior to S ...) + NOT-FOR-US: Samsung +CVE-2022-28793 (Given the TEE is compromised and controlled by the attacker, improper ...) + NOT-FOR-US: Samsung +CVE-2022-28792 (DLL hijacking vulnerability in Gear IconX PC Manager prior to version ...) + NOT-FOR-US: Gear IconX PC Manager +CVE-2022-28791 (Improper input validation vulnerability in InstallAgent in Galaxy Stor ...) + NOT-FOR-US: Samsung +CVE-2022-28790 (Improper authentication in Link to Windows Service prior to version 2. ...) + NOT-FOR-US: Samsung +CVE-2022-28789 (Unprotected activities in Voice Note prior to version 21.3.51.11 allow ...) + NOT-FOR-US: Samsung / Voice Note +CVE-2022-28788 (Improper buffer size check logic in aviextractor library prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-28787 (Improper buffer size check logic in wmfextractor library prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-28786 (Improper buffer size check logic in aviextractor library prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-28785 (Improper buffer size check logic in aviextractor library prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-28784 (Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Re ...) + NOT-FOR-US: Samsung / Galaxy Themes +CVE-2022-28783 (Improper validation of removing package name in Galaxy Themes prior to ...) + NOT-FOR-US: Samsung / Galaxy Themes +CVE-2022-28782 (Improper access control vulnerability in Contents To Window prior to S ...) + NOT-FOR-US: Samsung +CVE-2022-28781 (Improper input validation in Settings prior to SMR-May-2022 Release 1 ...) + NOT-FOR-US: Samsung / Settings +CVE-2022-28780 (Improper access control vulnerability in Weather prior to SMR May-2022 ...) + NOT-FOR-US: Samsung / Weather +CVE-2022-28779 (Uncontrolled search path element vulnerability in Samsung Android USB ...) + NOT-FOR-US: Samsung +CVE-2022-28778 (Improper access control vulnerability in Samsung Security Supporter pr ...) + NOT-FOR-US: Samsung +CVE-2022-28777 (Improper access control vulnerability in Samsung Members prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-28776 (Improper access control vulnerability in Galaxy Store prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-28775 (Improper access control vulnerability in Samsung Flow prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-28774 (Under certain conditions, the SAP Host Agent logfile shows information ...) + NOT-FOR-US: SAP +CVE-2022-28773 (Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Interne ...) + NOT-FOR-US: SAP +CVE-2022-28772 (By overlong input values an attacker may force overwrite of the intern ...) + NOT-FOR-US: SAP +CVE-2022-28771 (Due to missing authentication check, SAP Business one License service ...) + NOT-FOR-US: SAP +CVE-2022-28770 (Due to insufficient input validation, SAPUI5 library(vbm) - versions 7 ...) + NOT-FOR-US: SAP +CVE-2022-28769 + RESERVED +CVE-2022-28768 (The Zoom Client for Meetings Installer for macOS (Standard and for IT ...) + NOT-FOR-US: Zoom +CVE-2022-28767 + RESERVED +CVE-2022-28766 (Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 ...) + NOT-FOR-US: Zoom +CVE-2022-28765 + RESERVED +CVE-2022-28764 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-28763 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-28762 (Zoom Client for Meetings for macOS (Standard and for IT Admin) startin ...) + NOT-FOR-US: Zoom +CVE-2022-28761 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 ...) + NOT-FOR-US: Zoom +CVE-2022-28760 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) + NOT-FOR-US: Zoom +CVE-2022-28759 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) + NOT-FOR-US: Zoom +CVE-2022-28758 (Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 ...) + NOT-FOR-US: Zoom +CVE-2022-28757 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) + NOT-FOR-US: Zoom +CVE-2022-28756 (The Zoom Client for Meetings for macOS (Standard and for IT Admin) sta ...) + NOT-FOR-US: Zoom +CVE-2022-28755 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-28754 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...) + NOT-FOR-US: Zoom +CVE-2022-28753 (Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 ...) + NOT-FOR-US: Zoom +CVE-2022-28752 (Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are ...) + NOT-FOR-US: Zoom +CVE-2022-28751 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) bef ...) + NOT-FOR-US: Zoom +CVE-2022-28750 (Zoom On-Premise Meeting Connector Zone Controller (ZC) before version ...) + NOT-FOR-US: Zoom +CVE-2022-28749 (Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 ...) + NOT-FOR-US: Zoom +CVE-2022-28748 + REJECTED +CVE-2022-28747 (Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2 ...) + NOT-FOR-US: GoSecure Titan Inbox Detection & Response (IDR) +CVE-2022-28746 + RESERVED +CVE-2022-28745 + RESERVED +CVE-2022-28744 + RESERVED +CVE-2022-28743 (Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Fosc ...) + NOT-FOR-US: Foscam R2C IP camera +CVE-2022-28742 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ h ...) + NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System +CVE-2022-28741 (aEnrich a+HRD 5.x Learning Management Key Performance Indicator System ...) + NOT-FOR-US: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System +CVE-2022-28740 (aEnrich eHRD Learning Management Key Performance Indicator System 5+ e ...) + NOT-FOR-US: aEnrich eHRD Learning Management Key Performance Indicator System +CVE-2022-28739 (There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, ...) + {DLA-3450-1} + - ruby3.0 3.0.4-1 (bug #1009956) + - ruby2.7 (bug #1009957) + [bullseye] - ruby2.7 (Minor issue, fix with next Ruby security release) + - ruby2.5 + - ruby2.3 + [stretch] - ruby2.3 (Minor issue; fix in next LTS release) + NOTE: https://github.com/ruby/ruby/commit/69f9992ed41920389d4185141a14f02f89a4d306 (v2_6_10) + NOTE: https://github.com/ruby/ruby/commit/c9c2245c0a25176072e02db9254f0e0c84c805cd (v2_7_6) + NOTE: https://github.com/ruby/ruby/commit/3fa771ddedac25560be57f4055f1767e6c810f58 (v3_0_4) + NOTE: https://github.com/ruby/ruby/commit/8d142ecff9af7d60728b8cfa9138e8623985c428 (v3_1_2) + NOTE: https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/ +CVE-2022-28738 (A double free was found in the Regexp compiler in Ruby 3.x before 3.0. ...) + - ruby3.0 3.0.4-1 (bug #1009958) + - ruby2.7 (Vulnerable code not present) + - ruby2.5 (Vulnerable code not present) + - ruby2.3 (Vulnerable code not present) + NOTE: https://github.com/ruby/ruby/commit/052ec6d2585c3ace95671013d336f5543624ef3d (v3_0_4) + NOTE: https://github.com/ruby/ruby/commit/73f45e5e96ccc13a131f7c0122cf8600ce5b930f (v3_1_2) + NOTE: https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/ +CVE-2022-28737 (There's a possible overflow in handle_image() when shim tries to load ...) + - shim 15.6-1 + [bullseye] - shim 15.6-1~deb11u1 + [buster] - shim (Fix via point update) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 + NOTE: https://github.com/rhboot/shim/commit/e99bdbb827a50cde019393d3ca1e89397db221a7 (15.6) + NOTE: https://github.com/rhboot/shim/commit/159151b6649008793d6204a34d7b9c41221fb4b0 (15.6) +CVE-2022-28736 (There's a use-after-free vulnerability in grub_cmd_chainloader() funct ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2022-28735 (The GRUB2's shim_lock verifier allows non-kernel files to be loaded on ...) + - grub2 2.06-3 (bug #1001057) + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2022-28734 (Out-of-bounds write when handling split HTTP headers; When handling sp ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2022-28733 (Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2022-28732 (A carefully crafted request on WeblogPlugin could trigger an XSS vulne ...) + - jspwiki +CVE-2022-28731 (A carefully crafted request on UserPreferences.jsp could trigger an CS ...) + - jspwiki +CVE-2022-28730 (A carefully crafted request on AJAXPreview.jsp could trigger an XSS vu ...) + - jspwiki +CVE-2022-28729 + RESERVED +CVE-2022-28728 + RESERVED +CVE-2022-28727 + RESERVED +CVE-2022-28726 + RESERVED +CVE-2022-28725 + RESERVED +CVE-2022-28724 + RESERVED +CVE-2022-28723 + RESERVED +CVE-2022-28722 (Certain HP Print Products are potentially vulnerable to Buffer Overflo ...) + NOT-FOR-US: HP +CVE-2022-28721 (Certain HP Print Products are potentially vulnerable to Remote Code Ex ...) + NOT-FOR-US: HP +CVE-2022-28720 + RESERVED +CVE-2022-28711 (A memory corruption vulnerability exists in the cgi.c unescape functio ...) + NOT-FOR-US: ArduPilot APWeb +CVE-2022-28709 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) + NOT-FOR-US: Intel +CVE-2022-28698 + RESERVED +CVE-2022-28696 (Uncontrolled search path in the Intel(R) Distribution for Python befor ...) + NOT-FOR-US: Intel +CVE-2022-28694 + RESERVED +CVE-2022-28688 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: AVEVA +CVE-2022-28687 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: AVEVA +CVE-2022-28686 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: AVEVA +CVE-2022-28685 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: AVEVA +CVE-2022-28684 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: DevExpress +CVE-2022-28683 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28682 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28681 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-28680 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28679 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28678 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28677 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28676 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28675 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28674 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28673 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28672 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28671 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28670 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-28669 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-28668 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-28667 (Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi software be ...) + NOT-FOR-US: Intel +CVE-2022-28665 (A memory corruption vulnerability exists in the httpd unescape functio ...) + NOT-FOR-US: FreshTomato +CVE-2022-28664 (A memory corruption vulnerability exists in the httpd unescape functio ...) + NOT-FOR-US: FreshTomato +CVE-2022-28611 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...) + NOT-FOR-US: Intel +CVE-2022-28126 (Improper input validation in some Intel(R) XMM(TM) 7560 Modem software ...) + NOT-FOR-US: Intel +CVE-2022-27879 (Improper buffer restrictions in the BIOS firmware for some Intel(R) Pr ...) + NOT-FOR-US: Intel +CVE-2022-27876 + RESERVED +CVE-2022-27874 (Improper authentication in some Intel(R) XMM(TM) 7560 Modem software b ...) + NOT-FOR-US: Intel +CVE-2022-27639 (Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before ...) + NOT-FOR-US: Intel +CVE-2022-27638 (Uncontrolled search path element in the Intel(R) Advanced Link Analyze ...) + NOT-FOR-US: Intel +CVE-2022-27631 (A memory corruption vulnerability exists in the httpd unescape functio ...) + NOT-FOR-US: DD-WRT +CVE-2022-27499 (Premature release of resource during expected lifetime in the Intel(R) ...) + NOT-FOR-US: Intel +CVE-2022-27234 (Server-side request forgery in the CVAT software maintained by Intel(R ...) + NOT-FOR-US: Intel +CVE-2022-27187 (Uncontrolled search path element in the Intel(R) Quartus Prime Standar ...) + NOT-FOR-US: Intel +CVE-2022-27173 + RESERVED +CVE-2022-26845 (Improper authentication in firmware for Intel(R) AMT before versions 1 ...) + NOT-FOR-US: Intel +CVE-2022-26841 (Insufficient control flow management for the Intel(R) SGX SDK software ...) + NOT-FOR-US: Intel +CVE-2022-26837 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2022-26833 (An improper authentication vulnerability exists in the REST API functi ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26515 + RESERVED +CVE-2022-26513 (Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software befor ...) + NOT-FOR-US: Intel +CVE-2022-26509 (Improper conditions check in the Intel(R) SGX SDK software may allow a ...) + NOT-FOR-US: Intel +CVE-2022-26508 (Improper authentication in the Intel(R) SDP Tool before version 3.0.0 ...) + NOT-FOR-US: Intel +CVE-2022-26376 (A memory corruption vulnerability exists in the httpd unescape functio ...) + NOT-FOR-US: Asuswrt +CVE-2022-26369 (Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before ...) + NOT-FOR-US: Intel +CVE-2022-26367 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...) + NOT-FOR-US: Intel +CVE-2022-26341 (Insufficiently protected credentials in software in Intel(R) AMT SDK b ...) + NOT-FOR-US: Intel +CVE-2022-26079 (Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software ...) + NOT-FOR-US: Intel +CVE-2022-26047 (Improper input validation for some Intel(R) PROSet/Wireless WiFi, Inte ...) + NOT-FOR-US: Intel +CVE-2022-26045 (Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem softw ...) + NOT-FOR-US: Intel +CVE-2022-25868 + RESERVED +CVE-2022-1284 (heap-use-after-free in GitHub repository radareorg/radare2 prior to 5. ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 + NOTE: https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6 +CVE-2022-1283 (NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHu ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 + NOTE: https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 +CVE-2022-1282 (The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not prop ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1281 (The Photo Gallery WordPress plugin through 1.6.3 does not properly esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1280 (A use-after-free vulnerability was found in drm_lease_held in drivers/ ...) + - linux 5.15.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/12/3 +CVE-2022-1279 (A vulnerability in the encryption implementation of EBICS messages in ...) + NOT-FOR-US: ebics-java +CVE-2022-1278 (A flaw was found in WildFly, where an attacker can see deployment name ...) + - wildfly (bug #752018) +CVE-2022-1277 (Inavitas Solar Log product has an unauthenticated SQL Injection vulner ...) + NOT-FOR-US: Inavitas Solar Log +CVE-2022-1276 (Out-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby pr ...) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25 + NOTE: https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6 +CVE-2022-1275 (The BannerMan WordPress plugin through 0.2.4 does not sanitize or esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1274 (A flaw was found in Keycloak in the execute-actions-email endpoint. Th ...) + NOT-FOR-US: Keycloak +CVE-2022-1273 (The Import WP WordPress plugin before 2.4.6 does not validate the impo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1272 + RESERVED +CVE-2022-1270 (In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.) + {DSA-5288-1 DLA-3200-1} + - graphicsmagick 1.4+really1.3.38-1 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/664/ + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/94f4bcf448ad +CVE-2022-1269 (The Fast Flow WordPress plugin before 1.2.12 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1268 (The Donate Extra WordPress plugin through 2.02 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1267 (The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1266 (The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1265 (The BulletProof Security WordPress plugin before 6.1 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1264 (The affected product may allow an attacker with access to the Ignition ...) + NOT-FOR-US: Ignition +CVE-2022-1262 (A command injection vulnerability in the protest binary allows an atta ...) + NOT-FOR-US: D-Link Routers +CVE-2022-1261 (Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) ...) + NOT-FOR-US: MatrikonOPC +CVE-2022-1260 + REJECTED +CVE-2022-1259 (A flaw was found in Undertow. A potential security issue in flow contr ...) + - undertow (Incomplete fix not released to any suite) +CVE-2022-1258 (A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) ...) + NOT-FOR-US: McAfee +CVE-2022-1257 (Insecure storage of sensitive information vulnerability in MA for Linu ...) + NOT-FOR-US: McAfee +CVE-2022-1256 (A local privilege escalation vulnerability in MA for Windows prior to ...) + NOT-FOR-US: McAfee +CVE-2022-1255 (The Import and export users and customers WordPress plugin before 1.19 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1254 (A URL redirection vulnerability in Skyhigh SWG in main releases 10.x p ...) + NOT-FOR-US: Skyhigh SWG +CVE-2022-1253 (Heap-based Buffer Overflow in GitHub repository strukturag/libde265 pr ...) + {DSA-5346-1} + - libde265 1.0.8-1.1 (bug #1014977) + [buster] - libde265 (Vulnerable code introduced later) + [stretch] - libde265 (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/1-other-strukturag/libde265/ + NOTE: https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8 +CVE-2022-1252 (Use of a Broken or Risky Cryptographic Algorithm in GitHub repository ...) + NOT-FOR-US: gnuboard5 +CVE-2022-1251 (The Ask me WordPress theme before 6.8.4 does not perform nonce checks ...) + NOT-FOR-US: WordPress theme +CVE-2022-1250 (The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1248 (A vulnerability was found in SAP Information System 1.0 which has been ...) + NOT-FOR-US: SAP +CVE-2022-1247 (An issue found in linux-kernel that leads to a race condition in rose_ ...) + - linux (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066799 + NOTE: Mitigated by hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch +CVE-2022-1246 + REJECTED +CVE-2022-1245 (A privilege escalation flaw was found in the token exchange feature of ...) + NOT-FOR-US: Keycloak +CVE-2022-1244 (heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 + NOTE: https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 +CVE-2022-1243 (CRHTLF can lead to invalid protocol extraction potentially leading to ...) + NOT-FOR-US: URI.js +CVE-2022-1242 + RESERVED +CVE-2022-1241 (The Ask me WordPress theme before 6.8.2 does not properly sanitise and ...) + NOT-FOR-US: WordPress theme +CVE-2022-28796 (jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel ...) + - linux (Vulnerable code not present) + NOTE: https:/git.kernel.org/linus/cc16eecae687912238ee6efbff71ad31e2bc414e (5.18-rc1) +CVE-2022-28663 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-28662 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-28661 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-1271 (An arbitrary file write vulnerability was found in GNU gzip's zgrep ut ...) + {DSA-5123-1 DSA-5122-1 DLA-2977-1 DLA-2976-1} + - xz-utils 5.2.5-2.1 (bug #1009167) + - gzip 1.12-1 (bug #1009168) + NOTE: https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch + NOTE: https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 + NOTE: https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=dc9740df61e575e8c3148b7bd3c147a81ea00c7c (v1.12) + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=d74a30d45c6834c8e9f87115197370fe86656d81 (v1.12) + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=c99f320d5c0fd98fe88d9cea5407eb7ad9d50e8a (v1.12) + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=6543c09c6ecfb1630085d440b76511953bc5a2cb (v1.12) + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=0e2d07fc2c4393cfb9dbab580d0bee4525b9c9b3 (v1.12) + NOTE: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=5e1fc8b92c1af9382365aef0f9130341ee1d2c76 (v1.12) + NOTE: Improves further the fix: https://git.savannah.gnu.org/cgit/gzip.git/commit/?id=9d3248751178939713a39115cf68ec8a11506cc9 (v1.12) + NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/8 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-619/ +CVE-2022-1263 (A NULL pointer dereference issue was found in KVM when releasing a vCP ...) + - linux 5.17.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/04/07/1 + NOTE: https://www.spinics.net/lists/kvm/msg273052.html +CVE-2022-1249 (A NULL pointer dereference flaw was found in pesign's cms_set_pw_data( ...) + - pesign (Vulnerable code introduced later) + NOTE: https://github.com/rhboot/pesign/pull/79 + NOTE: Introduced by: https://github.com/rhboot/pesign/commit/12f16710ee44ef64ddb044a3523c3c4c4d90039a (114) + NOTE: Fixed by: https://github.com/rhboot/pesign/commit/b879dda52f8122de697d145977c285fb0a022d76 (115) +CVE-2022-1240 (Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub reposi ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc + NOTE: https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 +CVE-2022-1239 (The HubSpot WordPress plugin before 8.8.15 does not validate the proxy ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1238 (Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository ra ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/47422cdf-aad2-4405-a6a1-6f63a3a93200 + NOTE: https://github.com/radareorg/radare2/commit/c40a4f9862104ede15d0ba05ccbf805923070778 +CVE-2022-1237 (Improper Validation of Array Index in GitHub repository radareorg/rada ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/ad3c9c4c-76e7-40c8-bd4a-c095acd8bb40 + NOTE: https://github.com/radareorg/radare2/commit/2d782cdaa2112c10b8dd5e7a93c134b2ada9c1a6 +CVE-2022-1236 (Weak Password Requirements in GitHub repository weseek/growi prior to ...) + NOT-FOR-US: GROWI +CVE-2022-28660 (The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x b ...) + NOT-FOR-US: Grafana Enterprise Logs +CVE-2022-28659 + RESERVED +CVE-2022-28658 + RESERVED +CVE-2022-28657 + RESERVED +CVE-2022-28656 + RESERVED +CVE-2022-28655 + RESERVED +CVE-2022-28654 + RESERVED +CVE-2022-28653 + RESERVED +CVE-2022-28652 + RESERVED +CVE-2022-1235 (Weak secrethash can be brute-forced in GitHub repository livehelpercha ...) + NOT-FOR-US: livehelperchat +CVE-2022-1234 (XSS in livehelperchat in GitHub repository livehelperchat/livehelperch ...) + NOT-FOR-US: livehelperchat +CVE-2022-1233 (URL Confusion When Scheme Not Supplied in GitHub repository medialize/ ...) + NOT-FOR-US: URI.js +CVE-2022-1232 (Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a ...) + {DSA-5114-1} + - chromium 100.0.4896.75-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-28651 (In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get pass ...) + - intellij-idea (bug #747616) +CVE-2022-28650 (In JetBrains YouTrack before 2022.1.43700 it was possible to inject Ja ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-28649 (In JetBrains YouTrack before 2022.1.43563 it was possible to include a ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-28648 (In JetBrains YouTrack before 2022.1.43563 HTML code from the issue des ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-28647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28645 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2022-28644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28642 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28641 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28640 (A potential local adjacent arbitrary code execution vulnerability that ...) + NOT-FOR-US: HPE +CVE-2022-28639 (A remote potential adjacent denial of service (DoS) and potential adja ...) + NOT-FOR-US: HPE +CVE-2022-28638 (An isolated local disclosure of information and potential isolated loc ...) + NOT-FOR-US: HPE +CVE-2022-28637 (A local Denial of Service (DoS) and local arbitrary code execution vul ...) + NOT-FOR-US: HPE +CVE-2022-28636 (A potential local arbitrary code execution and a local denial of servi ...) + NOT-FOR-US: HPE +CVE-2022-28635 (A potential local arbitrary code execution and a local denial of servi ...) + NOT-FOR-US: HPE +CVE-2022-28634 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28633 (A local disclosure of sensitive information and a local unauthorized d ...) + NOT-FOR-US: HPE +CVE-2022-28632 (A potential arbitrary code execution and a denial of service (DoS) vul ...) + NOT-FOR-US: HPE +CVE-2022-28631 (A potential arbitrary code execution and a denial of service (DoS) vul ...) + NOT-FOR-US: HPE +CVE-2022-28630 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28629 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28628 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28627 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28626 (A local arbitrary code execution vulnerability was discovered in HPE I ...) + NOT-FOR-US: HPE +CVE-2022-28625 (A local disclosure of sensitive information vulnerability was discover ...) + NOT-FOR-US: HPE +CVE-2022-28624 (A potential security vulnerability has been identified in certain HPE ...) + NOT-FOR-US: HPE +CVE-2022-28623 (Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploi ...) + NOT-FOR-US: HPE +CVE-2022-28622 (A potential security vulnerability has been identified in HPE StoreOnc ...) + NOT-FOR-US: HPE +CVE-2022-28621 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: HPE +CVE-2022-28620 (A remote authentication bypass vulnerability was discovered in HPE Cra ...) + NOT-FOR-US: HPE +CVE-2022-28619 (A potential security vulnerability has been identified in the installe ...) + NOT-FOR-US: HPE +CVE-2022-28618 (A command injection security vulnerability has been identified in HPE ...) + NOT-FOR-US: HPE +CVE-2022-28617 (A remote bypass security restrictions vulnerability was discovered in ...) + NOT-FOR-US: HPE OneView +CVE-2022-28616 (A remote server-side request forgery (ssrf) vulnerability was discover ...) + NOT-FOR-US: HPE OneView +CVE-2022-28615 (Apache HTTP Server 2.4.53 and earlier may crash or disclose informatio ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/9 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28615 + NOTE: https://github.com/apache/httpd/commit/6503d09ab51047554c384a6d03646ce1a8848120 +CVE-2022-28614 (The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/4 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28614 + NOTE: https://github.com/apache/httpd/commit/8c14927162cf3b4f810683e1c5505e9ef9e1f123 +CVE-2022-28613 (A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU5 ...) + NOT-FOR-US: HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware +CVE-2022-28610 + RESERVED +CVE-2022-26838 (Path traversal vulnerability in Importing Mobile Device Data of Cybozu ...) + NOT-FOR-US: Cybozu +CVE-2022-1231 (XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantu ...) + - plantuml (bug #1039989) + [bookworm] - plantuml (Minor issue) + [bullseye] - plantuml (Minor issue) + [buster] - plantuml (Minor issue) + NOTE: https://huntr.dev/bounties/27db9509-6cd3-4148-8d70-5942f3837604/ + NOTE: https://github.com/plantuml/plantuml/commit/c9137be051ce98b3e3e27f65f54ec7d9f8886903 (v1.2022.4) +CVE-2022-1230 (This vulnerability allows local attackers to execute arbitrary code on ...) + NOT-FOR-US: Samsung +CVE-2022-1229 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-1228 (The Opensea WordPress plugin before 1.0.3 does not sanitize and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1227 (A privilege escalation flaw was found in Podman. This flaw allows an a ...) + - libpod 3.4.7+ds1-1 + [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2 + - golang-github-containers-psgo 1.7.1+ds1-1 (bug #1020907) + [bullseye] - golang-github-containers-psgo 1.5.2-1+deb11u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070368 + NOTE: https://github.com/containers/psgo/pull/92 + NOTE: https://github.com/containers/psgo/commit/d9467da9f563a9de1ece79dcae86b37b1db75443 (v1.7.2) +CVE-2022-1226 + RESERVED +CVE-2022-1225 (Incorrect Privilege Assignment in GitHub repository phpipam/phpipam pr ...) + - phpipam (bug #731713) +CVE-2022-1224 (Improper Authorization in GitHub repository phpipam/phpipam prior to 1 ...) + - phpipam (bug #731713) +CVE-2022-1223 (Incorrect Authorization in GitHub repository phpipam/phpipam prior to ...) + - phpipam (bug #731713) +CVE-2022-1222 (Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/f8cb85b8-7ff3-47f1-a9a6-7080eb371a3d + NOTE: https://github.com/gpac/gpac/commit/7f060bbb72966cae80d6fee338d0b07fa3fc06e1 +CVE-2022-1221 (The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1220 (The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1219 (SQL injection in RecyclebinController.php in GitHub repository pimcore ...) + NOT-FOR-US: pimcore +CVE-2022-1218 (The Domain Replace WordPress plugin through 1.3.8 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1217 (The Custom TinyMCE Shortcode Button WordPress plugin through 1.1 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1216 (The Advanced Image Sitemap WordPress plugin through 1.2 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1215 (A format string vulnerability was found in libinput) + - libinput 1.20.1-1 + [bullseye] - libinput (Minor issue) + [buster] - libinput (Minor issue) + [stretch] - libinput (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/04/20/2 + NOTE: https://gitlab.freedesktop.org/libinput/libinput/-/commit/2a8b8fde90d63d48ce09ddae44142674bbca1c28 + NOTE: https://lists.x.org/archives/xorg-announce/2022-April/003159.html + NOTE: Introduced by: https://gitlab.freedesktop.org/libinput/libinput/-/commit/d4b76be18b9bcbdb497de1040855d80972c3bbb2 (1.9.902 / 1.10 release) +CVE-2021-46783 + RESERVED +CVE-2022-28609 + RESERVED +CVE-2022-28608 + RESERVED +CVE-2022-28607 (An issue was discovered in asith-eranga ISIC tour booking through vers ...) + NOT-FOR-US: asith-eranga ISIC tour booking +CVE-2022-28606 (An arbitrary file upload vulnerability exists in Wenzhou Huoyin Inform ...) + NOT-FOR-US: BossCMS +CVE-2022-28605 (Hardcoded admin token in SoundBar apps in Linkplay SDK 1.00 allows rem ...) + NOT-FOR-US: LinkPlay Sound Bar +CVE-2022-28604 + RESERVED +CVE-2022-28603 + RESERVED +CVE-2022-28602 + RESERVED +CVE-2022-28601 (A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA ...) + NOT-FOR-US: LMS Doctor Simple 2 Factor Authentication Plugin For Moodle +CVE-2022-28600 + RESERVED +CVE-2022-28599 (A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1 ...) + NOT-FOR-US: FUEL-CMS +CVE-2022-28598 (Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does no ...) + NOT-FOR-US: Frappe ERPNext +CVE-2022-28597 + RESERVED +CVE-2022-28596 + RESERVED +CVE-2022-28595 + RESERVED +CVE-2022-28594 + RESERVED +CVE-2022-28593 + RESERVED +CVE-2022-28592 + RESERVED +CVE-2022-28591 + RESERVED +CVE-2022-28590 (A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 v ...) + NOT-FOR-US: Pixelimity +CVE-2022-28589 (A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 al ...) + NOT-FOR-US: Pixelimity +CVE-2022-28588 (In SpringBootMovie <=1.2 when adding movie names, malicious code can b ...) + NOT-FOR-US: SpringBootMovie +CVE-2022-28587 + RESERVED +CVE-2022-28586 (XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript ...) + NOT-FOR-US: Hoosk +CVE-2022-28585 (EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php) + NOT-FOR-US: EmpireCMS +CVE-2022-28584 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28583 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28582 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28581 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28580 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28579 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28578 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28577 (It is found that there is a command injection vulnerability in the del ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28576 + RESERVED +CVE-2022-28575 (It is found that there is a command injection vulnerability in the set ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28574 + RESERVED +CVE-2022-28573 (D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injectio ...) + NOT-FOR-US: D-Link +CVE-2022-28572 (Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vu ...) + NOT-FOR-US: Tenda +CVE-2022-28571 (D-link 882 DIR882A1_FW130B06 was discovered to contain a command injec ...) + NOT-FOR-US: D-Link +CVE-2022-28570 + RESERVED +CVE-2022-28569 + RESERVED +CVE-2022-28568 (Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File U ...) + NOT-FOR-US: Sourcecodester Doctor's Appointment System +CVE-2022-28567 + RESERVED +CVE-2022-28566 + RESERVED +CVE-2022-28565 + RESERVED +CVE-2022-28564 + RESERVED +CVE-2022-28563 + RESERVED +CVE-2022-28562 + RESERVED +CVE-2022-28561 (There is a stack overflow vulnerability in the /goform/setMacFilterCfg ...) + NOT-FOR-US: Tenda +CVE-2022-28560 (There is a stack overflow vulnerability in the goform/fast_setting_wif ...) + NOT-FOR-US: Tenda +CVE-2022-28559 + RESERVED +CVE-2022-28558 + RESERVED +CVE-2022-28557 (There is a command injection vulnerability at the /goform/setsambacfg ...) + NOT-FOR-US: Tenda +CVE-2022-28556 (Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to ...) + NOT-FOR-US: Tenda +CVE-2022-28555 + RESERVED +CVE-2022-28554 + RESERVED +CVE-2022-28553 + RESERVED +CVE-2022-28552 (Cscms 4.1 is vulnerable to SQL Injection. Log into the background, ope ...) + NOT-FOR-US: Cscms +CVE-2022-28551 + RESERVED +CVE-2022-28550 (Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via ...) + - jhead 1:3.08-1 + [bookworm] - jhead (Minor issue) + [bullseye] - jhead (Minor issue) + [buster] - jhead (Minor issue) + NOTE: https://github.com/Matthias-Wandel/jhead/issues/51 + NOTE: https://github.com/Matthias-Wandel/jhead/commit/9688daa7de7eb7bdc6b2223c33eb9ccc2f668b88 (3.08) +CVE-2022-28549 + RESERVED +CVE-2022-28548 + RESERVED +CVE-2022-28547 + RESERVED +CVE-2022-28546 + RESERVED +CVE-2022-28545 (FUDforum 3.1.1 is vulnerable to Stored XSS.) + NOT-FOR-US: FUDforum +CVE-2022-28544 (Path traversal vulnerability in unzip method of InstallAgentCommonHelp ...) + NOT-FOR-US: Samsung +CVE-2022-28543 (Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 ...) + NOT-FOR-US: Samsung +CVE-2022-28542 (Improper sanitization of incoming intent in Galaxy Store prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-28541 (Uncontrolled search path element vulnerability in Samsung Update prior ...) + NOT-FOR-US: Samsung +CVE-2022-28540 + RESERVED +CVE-2022-28539 + RESERVED +CVE-2022-28538 + RESERVED +CVE-2022-28537 + RESERVED +CVE-2022-28536 + RESERVED +CVE-2022-28535 + RESERVED +CVE-2022-28534 + RESERVED +CVE-2022-28533 (Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Inj ...) + NOT-FOR-US: Sourcecodester Medical Hub Directory Site +CVE-2022-28532 + RESERVED +CVE-2022-28531 (Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerab ...) + NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System +CVE-2022-28530 (Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnera ...) + NOT-FOR-US: Sourcecodester Covid-19 Directory on Vaccination System +CVE-2022-28529 + RESERVED +CVE-2022-28528 (bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: bloofoxCMS +CVE-2022-28527 (dhcms v20170919 was discovered to contain an arbitrary folder deletion ...) + NOT-FOR-US: dhcms +CVE-2022-28526 + RESERVED +CVE-2022-28525 (ED01-CMS v20180505 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: ED01-CMS +CVE-2022-28524 (ED01-CMS v20180505 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: ED01-CMS +CVE-2022-28523 (HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/ ...) + NOT-FOR-US: HongCMS +CVE-2022-28522 (ZCMS v20170206 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: ZCMS +CVE-2022-28521 (ZCMS v20170206 was discovered to contain a file inclusion vulnerabilit ...) + NOT-FOR-US: ZCMS +CVE-2022-28520 + RESERVED +CVE-2022-28519 + RESERVED +CVE-2022-28518 + RESERVED +CVE-2022-28517 + RESERVED +CVE-2022-28516 + RESERVED +CVE-2022-28515 + RESERVED +CVE-2022-28514 + RESERVED +CVE-2022-28513 + RESERVED +CVE-2022-28512 (A SQL injection vulnerability exists in Sourcecodester Fantastic Blog ...) + NOT-FOR-US: Sourcecodester Fantastic Blog CMS +CVE-2022-28511 + RESERVED +CVE-2022-28510 + RESERVED +CVE-2022-28509 + RESERVED +CVE-2022-28508 (An XSS issue was discovered in browser_search_plugin.php in MantisBT b ...) + - mantis +CVE-2022-28507 (Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 versio ...) + NOT-FOR-US: Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 +CVE-2022-28506 (There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RG ...) + - giflib (unimportant) + NOTE: https://sourceforge.net/p/giflib/bugs/159/ + NOTE: https://sourceforge.net/p/giflib/code/merge-requests/11/ + NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact +CVE-2022-28505 (Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system ...) + NOT-FOR-US: Jfinal_cms +CVE-2022-28504 + RESERVED +CVE-2022-28503 + RESERVED +CVE-2022-28502 + RESERVED +CVE-2022-28501 + RESERVED +CVE-2022-28500 + RESERVED +CVE-2022-28499 + RESERVED +CVE-2022-28498 + RESERVED +CVE-2022-28497 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28496 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28495 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28494 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contai ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28493 (A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28492 (TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attacke ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28491 (TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command inje ...) + NOT-FOR-US: TOTOLINK +CVE-2022-28490 + RESERVED +CVE-2022-28489 + RESERVED +CVE-2022-28488 (The function wav_format_write in libwav.c in libwav through 2017-04-20 ...) + NOT-FOR-US: libwav +CVE-2022-28487 (Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_che ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/723 + NOTE: https://github.com/appneta/tcpreplay/pull/720 + NOTE: Crash in CLI tool, no security impact +CVE-2022-28486 + RESERVED +CVE-2022-28485 + RESERVED +CVE-2022-28484 + RESERVED +CVE-2022-28483 + RESERVED +CVE-2022-28482 + RESERVED +CVE-2022-28481 (CSV-Safe gem < 3.0.0 doesn't filter out special characters which could ...) + NOT-FOR-US: zvory/csv-safe +CVE-2022-28480 (ALLMediaServer 1.6 is vulnerable to Buffer Overflow via MediaServer.ex ...) + NOT-FOR-US: ALLMediaServer +CVE-2022-28479 (SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored ...) + NOT-FOR-US: SeedDMS +CVE-2022-28478 (SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The " ...) + NOT-FOR-US: SeedDMS +CVE-2022-28477 (WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: WBCE CMS +CVE-2022-28476 + RESERVED +CVE-2022-28475 + RESERVED +CVE-2022-28474 + RESERVED +CVE-2022-28473 + RESERVED +CVE-2022-28472 + RESERVED +CVE-2022-28471 (In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c con ...) + NOT-FOR-US: ffjpeg +CVE-2022-28470 (marcador package in PyPI 0.1 through 0.13 included a code-execution ba ...) + NOT-FOR-US: joajfreitas/marcador +CVE-2022-28469 + RESERVED +CVE-2022-28468 (Payroll Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Payroll Management System +CVE-2022-28467 (Online Student Admission v1.0 was discovered to contain a SQL injectio ...) + NOT-FOR-US: Online Student Admission +CVE-2022-28466 + RESERVED +CVE-2022-28465 + RESERVED +CVE-2022-28464 (Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which ...) + NOT-FOR-US: Apifox +CVE-2022-28463 (ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.) + {DLA-3429-1 DLA-3007-1} + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) + [bullseye] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca3654ebf7a439dc736f56f083c9aa98e4464b7f + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4988 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e6ea5876e0228165ee3abc6e959aa174cee06680 +CVE-2022-28462 (novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.) + NOT-FOR-US: Novel-plus +CVE-2022-28461 (mingyuefusu Library Management System all versions as of 03-27-2022 is ...) + NOT-FOR-US: mingyuefusu Library Management System +CVE-2022-28460 + RESERVED +CVE-2022-28459 + RESERVED +CVE-2022-28458 + RESERVED +CVE-2022-28457 + RESERVED +CVE-2022-28456 + RESERVED +CVE-2022-28455 + RESERVED +CVE-2022-28454 (Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: Limbas +CVE-2022-28453 + RESERVED +CVE-2022-28452 (Red Planet Laundry Management System 1.0 is vulnerable to SQL Injectio ...) + NOT-FOR-US: Red Planet Laundry Management System +CVE-2022-28451 (nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup ...) + NOT-FOR-US: nopCommerce +CVE-2022-28450 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the ...) + NOT-FOR-US: nopCommerce +CVE-2022-28449 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At App ...) + NOT-FOR-US: nopCommerce +CVE-2022-28448 (nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An att ...) + NOT-FOR-US: nopCommerce +CVE-2022-28447 + RESERVED +CVE-2022-28446 + RESERVED +CVE-2022-28445 (KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulner ...) + NOT-FOR-US: KiteCMS +CVE-2022-28444 (UCMS v1.6 was discovered to contain an arbitrary file read vulnerabili ...) + NOT-FOR-US: UCMS +CVE-2022-28443 (UCMS v1.6 was discovered to contain an arbitrary file deletion vulnera ...) + NOT-FOR-US: UCMS +CVE-2022-28442 + RESERVED +CVE-2022-28441 + RESERVED +CVE-2022-28440 (An arbitrary file upload vulnerability in UCMS v1.6 allows attackers t ...) + NOT-FOR-US: UCMS +CVE-2022-28439 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28438 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28437 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28436 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28435 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28434 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28433 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28432 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28431 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28430 + RESERVED +CVE-2022-28429 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28428 + RESERVED +CVE-2022-28427 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28426 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28425 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28424 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28423 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28422 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28421 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28420 (Baby Care System v1.0 was discovered to contain a SQL injection vulner ...) + NOT-FOR-US: Baby Care System +CVE-2022-28419 + RESERVED +CVE-2022-28418 + RESERVED +CVE-2022-28417 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-28416 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-28415 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-28414 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-28413 (Car Driving School Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: Car Driving School Management System +CVE-2022-28412 (Car Driving School Managment System v1.0 was discovered to contain a S ...) + NOT-FOR-US: Car Driving School Managment System +CVE-2022-28411 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-28410 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-28409 + RESERVED +CVE-2022-28408 + RESERVED +CVE-2022-28407 + RESERVED +CVE-2022-28406 + RESERVED +CVE-2022-28405 + RESERVED +CVE-2022-28404 + RESERVED +CVE-2022-28403 + RESERVED +CVE-2022-28402 + RESERVED +CVE-2022-28401 + RESERVED +CVE-2022-28400 + RESERVED +CVE-2022-28399 + RESERVED +CVE-2022-28398 + RESERVED +CVE-2022-28397 (An arbitrary file upload vulnerability in the file upload module of Gh ...) + NOT-FOR-US: Ghost CMS +CVE-2022-28396 + REJECTED +CVE-2022-28395 + RESERVED +CVE-2022-28394 (EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) ...) + NOT-FOR-US: Trend Micro +CVE-2022-28393 + RESERVED +CVE-2022-28392 + RESERVED +CVE-2022-28391 (BusyBox through 1.35.0 allows remote attackers to execute arbitrary co ...) + - busybox (bug #1010264) + [bookworm] - busybox (Minor issue) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue) + NOTE: https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661 +CVE-2022-28390 (ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kerne ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.17.3-1 + NOTE: https://git.kernel.org/linus/c70222752228a62135cee3409dccefd494a24646 (5.18-rc1) +CVE-2022-28389 (mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux ker ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.17.3-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/04c9b00ba83594a29813d6b1fb8fdc93a3915174 (5.18-rc1) +CVE-2022-28388 (usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux ker ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.17.3-1 + NOTE: https://git.kernel.org/linus/3d3925ff6433f98992685a9679613a2cc97f3ce2 (5.18-rc1) +CVE-2022-28387 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-28386 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-28385 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-28384 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-28383 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-28382 (An issue was discovered in certain Verbatim drives through 2022-03-31. ...) + NOT-FOR-US: Verbatim USB drives +CVE-2022-1214 + REJECTED +CVE-2022-1213 (SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/li ...) + NOT-FOR-US: livehelperchat +CVE-2022-1212 (Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby ...) + - mruby 3.0.0-4 (bug #1009044) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/9fcc06d0-08e4-49c8-afda-2cae40946abe/ + NOTE: https://github.com/mruby/mruby/commit/3cf291f72224715942beaf8553e42ba8891ab3c6 +CVE-2022-28381 (Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflo ...) + NOT-FOR-US: ALLMediaServer +CVE-2022-28380 (The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) all ...) + NOT-FOR-US: 9front +CVE-2022-28379 (jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item dele ...) + NOT-FOR-US: jc21.com Nginx Proxy Manager +CVE-2022-28378 (Craft CMS before 3.7.29 allows XSS.) + NOT-FOR-US: Craft CMS +CVE-2022-1211 (A vulnerability classified as critical has been found in tildearrow Fu ...) + - furnace (bug #1008592) +CVE-2022-28377 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) + NOT-FOR-US: Verizon +CVE-2022-28376 (Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyon ...) + NOT-FOR-US: Verizon +CVE-2022-28375 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...) + NOT-FOR-US: Verizon +CVE-2022-28374 (Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property ...) + NOT-FOR-US: Verizon +CVE-2022-28373 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly ...) + NOT-FOR-US: Verizon +CVE-2022-28372 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) + NOT-FOR-US: Verizon +CVE-2022-28371 (On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit ...) + NOT-FOR-US: Verizon +CVE-2022-28370 (On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the R ...) + NOT-FOR-US: Verizon +CVE-2022-28369 (Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate ...) + NOT-FOR-US: Verizon +CVE-2022-28368 (Dompdf 1.2.1 allows remote code execution via a .php file in the src:u ...) + - php-dompdf (Vulnerable code introduced in 0.8.0, fixed in 1.2.1) + NOTE: https://snyk.io/blog/security-alert-php-pdf-library-dompdf-rce/ + NOTE: https://positive.security/blog/dompdf-rce + NOTE: https://github.com/dompdf/dompdf/issues/2598 + NOTE: https://github.com/dompdf/dompdf/pull/2808 + NOTE: https://github.com/dompdf/dompdf/commit/4c70e1025bcd9b7694b95dd552499bd83cd6141d (v1.2.1) + NOTE: Vulnerability introduced by: + NOTE: https://github.com/dompdf/dompdf/commit/0e0261b7bce372b3a05b712a023f6f742a22d57e (v0.8.0) +CVE-2022-28367 (OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1010154) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + [stretch] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/commit/0199e7e194dba5e7d7197703f43ebe22401e61ae (v1.6.6) + NOTE: Make sure to fix the issue completely and include the commit otherwise opening CVE-2022-29577 + NOTE: https://github.com/nahsra/antisamy/commit/32e273507da0e964b58c50fd8a4c94c9d9363af0 (v1.6.7) +CVE-2022-28366 (Certain Neko-related HTML parsers allow a denial of service via crafte ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1010154) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + [stretch] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/releases/tag/v1.6.6 + NOTE: https://github.com/nahsra/antisamy/issues/174 +CVE-2022-28365 (Reprise License Manager 14.2 is affected by an Information Disclosure ...) + NOT-FOR-US: Reprise License Manager +CVE-2022-28364 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) + NOT-FOR-US: Reprise License Manager +CVE-2022-28363 (Reprise License Manager 14.2 is affected by a reflected cross-site scr ...) + NOT-FOR-US: Reprise License Manager +CVE-2022-28362 + RESERVED +CVE-2022-28361 + RESERVED +CVE-2022-28360 + RESERVED +CVE-2022-28359 + RESERVED +CVE-2022-28358 + RESERVED +CVE-2022-28357 (NATS nats-server 2.2.0 through 2.7.4 allows directory traversal becaus ...) + - nats-server (Fixed with initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2022-28357.txt +CVE-2022-28356 (In the Linux kernel before 5.17.1, a refcount leak bug was found in ne ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.16.18-1 + NOTE: https://git.kernel.org/linus/764f4eb6846f5475f1244767d24d25dd86528a4a + NOTE: https://www.openwall.com/lists/oss-security/2022/04/06/1 +CVE-2022-28355 (randomUUID in Scala.js before 1.10.0 generates predictable values.) + NOT-FOR-US: Scala.js +CVE-2022-28354 (In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php dat ...) + NOT-FOR-US: MyBB plugin +CVE-2022-28353 (In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL ...) + NOT-FOR-US: MyBB plugin +CVE-2022-1210 (A vulnerability classified as problematic was found in LibTIFF 4.3.0. ...) + - tiff (unimportant) + [bullseye] - tiff (Minor issue) + [buster] - tiff (Minor issue) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/402 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46782 (The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46781 (The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46780 (The Easy Google Maps WordPress plugin before 1.9.32 does not escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28351 + RESERVED +CVE-2022-28350 (Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-28349 (Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-28348 (Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 t ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-28347 (A SQL injection issue was discovered in QuerySet.explain() in Django 2 ...) + {DSA-5254-1} + - python-django 2:3.2.13-1 (bug #1009677) + [buster] - python-django (Vulnerable code not present) + [stretch] - python-django (Vulnerable code not present) + NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ + NOTE: https://github.com/django/django/commit/6723a26e59b0b5429a0c5873941e01a2e1bdbb81 (main) + NOTE: https://github.com/django/django/commit/00b0fc50e1738c7174c495464a5ef069408a4402 (4.0.4) + NOTE: https://github.com/django/django/commit/9e19accb6e0a00ba77d5a95a91675bf18877c72d (3.2.13) + NOTE: https://github.com/django/django/commit/29a6c98b4c13af82064f993f0acc6e8fafa4d3f5 (2.2.28) +CVE-2022-28346 (An issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13 ...) + {DSA-5254-1 DLA-3177-1 DLA-2982-1} + - python-django 2:3.2.13-1 (bug #1009677) + NOTE: https://www.djangoproject.com/weblog/2022/apr/11/security-releases/ + NOTE: https://github.com/django/django/commit/93cae5cb2f9a4ef1514cf1a41f714fef08005200 (main) + NOTE: https://github.com/django/django/commit/800828887a0509ad1162d6d407e94d8de7eafc60 (4.0.4) + NOTE: https://github.com/django/django/commit/2044dac5c6968441be6f534c4139bcf48c5c7e48 (3.2.13) + NOTE: https://github.com/django/django/commit/2c09e68ec911919360d5f8502cefc312f9e03c5d (2.2.28) +CVE-2022-28345 (The Signal app before 5.34 for iOS allows URI spoofing via RTLO inject ...) + NOT-FOR-US: Signal app on iOS +CVE-2022-28344 + RESERVED +CVE-2022-28343 + RESERVED +CVE-2022-28342 + RESERVED +CVE-2022-1209 (The Ultimate Member plugin for WordPress is vulnerable to open redirec ...) + NOT-FOR-US: Ultimate Member plugin for WordPress +CVE-2022-1208 (The Ultimate Member plugin for WordPress is vulnerable to Stored Cross ...) + NOT-FOR-US: Ultimate Member plugin for WordPress +CVE-2022-1207 (Out-of-bounds read in GitHub repository radareorg/radare2 prior to 5.6 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/7b979e76-ae54-4132-b455-0833e45195eb + NOTE: https://github.com/radareorg/radare2/commit/605785b65dd356d46d4487faa41dbf90943b8bc1 +CVE-2022-28341 + RESERVED +CVE-2022-28340 + RESERVED +CVE-2022-28339 + RESERVED +CVE-2022-28338 + RESERVED +CVE-2022-28337 + RESERVED +CVE-2022-28336 + RESERVED +CVE-2022-28335 + RESERVED +CVE-2022-28334 + RESERVED +CVE-2022-28333 + RESERVED +CVE-2022-28332 + RESERVED +CVE-2022-28331 (On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond ...) + - apr (Only affects Windows) + NOTE: https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r +CVE-2022-28330 (Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bound ...) + - apache2 (Windows specific) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/3 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-28330 +CVE-2022-28329 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-28328 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-1206 + RESERVED +CVE-2022-1205 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s A ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.17.6-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/4 +CVE-2022-1204 (A use-after-free flaw was found in the Linux kernel\u2019s Amateur Rad ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.17.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/2 +CVE-2022-1203 (The Content Mask WordPress plugin before 1.8.4.1 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1202 (The WP-CRM WordPress plugin through 1.2.1 does not validate and saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1201 (NULL Pointer Dereference in mrb_vm_exec with super in GitHub repositor ...) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/6f930add-c9d8-4870-ae56-d4bd8354703b + NOTE: https://github.com/mruby/mruby/commit/00acae117da1b45b318dc36531a7b0021b8097ae +CVE-2022-28327 (The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1 ...) + - golang-1.18 1.18.1-1 + - golang-1.17 1.17.9-1 + NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 + NOTE: https://go.dev/issue/52075 +CVE-2022-28326 + RESERVED + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2022-28325 + RESERVED + NOT-FOR-US: MobileFrontend MediaWiki extension +CVE-2022-28324 + RESERVED + NOT-FOR-US: Echo MediaWiki extension +CVE-2022-28323 (An issue was discovered in MediaWiki through 1.37.2. The SecurePoll ex ...) + NOT-FOR-US: SecurePoll MediaWiki extension +CVE-2022-28322 + RESERVED + NOT-FOR-US: CentralAuth MediaWiki extension +CVE-2022-28321 (The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows ...) + - pam (Vulnerability introduced to SUSE-specific patch) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197654 +CVE-2022-28320 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28319 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28318 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28317 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28316 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28315 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28314 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28313 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2022-28312 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2022-28311 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28310 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28309 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2022-28308 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2022-28307 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28306 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28305 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28304 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28303 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28302 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28301 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-28300 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-27188 (OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4. ...) + NOT-FOR-US: CENTUM +CVE-2022-26034 (Improper authentication vulnerability in the communication protocol pr ...) + NOT-FOR-US: CENTUM +CVE-2022-1200 + RESERVED +CVE-2021-4225 (The SP Project & Document Manager WordPress plugin before 4.24 allows ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28299 + RESERVED +CVE-2022-28298 + RESERVED +CVE-2022-28297 + RESERVED +CVE-2022-28296 + RESERVED +CVE-2022-28295 + RESERVED +CVE-2022-28294 + RESERVED +CVE-2022-28293 + RESERVED +CVE-2022-28292 + RESERVED +CVE-2022-28291 (Insufficiently Protected Credentials: An authenticated user with debug ...) + NOT-FOR-US: Nessus +CVE-2022-28290 (Reflective Cross-Site Scripting vulnerability in WordPress Country Sel ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28289 (Mozilla developers and community members Nika Layzell, Andrew McCreigh ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28289 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28289 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28289 +CVE-2022-28288 (Mozilla developers and community members Randell Jesup, Sebastian Heng ...) + - firefox 99.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28288 +CVE-2022-28287 (In unusual circumstances, selecting text could cause text selection ca ...) + - firefox 99.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28287 +CVE-2022-28286 (Due to a layout change, iframe contents could have been rendered outsi ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28286 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28286 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28286 +CVE-2022-28285 (When generating the assembly code for MLoadTypedArrayElementHole ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28285 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28285 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28285 +CVE-2022-28284 (SVG's <use> element could have been used to load un ...) + - firefox 99.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28284 +CVE-2022-28283 (The sourceMapURL feature in devtools was missing security checks that ...) + - firefox 99.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28283 +CVE-2022-28282 (By using a link with rel="localization" a use-after-free ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28282 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28282 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28282 + NOTE: https://github.com/Pwnrin/CVE-2022-28282 +CVE-2022-28281 (If a compromised content process sent an unexpected number of WebAuthN ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-28281 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-28281 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-28281 +CVE-2022-1199 (A flaw was found in the Linux kernel. This flaw allows an attacker to ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.16.18-1 + [buster] - linux 4.19.235-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/5 +CVE-2022-1198 (A use-after-free vulnerabilitity was discovered in drivers/net/hamradi ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.16.18-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/04/02/3 +CVE-2022-1197 (When importing a revoked key that specified key compromise as the revo ...) + {DSA-5118-1 DLA-2978-1} + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1197 +CVE-2022-1196 (After a VR Process is destroyed, a reference to it may have been retai ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1196 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1196 +CVE-2022-1195 (A use-after-free vulnerability was found in the Linux kernel in driver ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.15.15-1 + [buster] - linux 4.19.232-1 + [stretch] - linux 4.9.303-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056381 +CVE-2022-1194 (The Mobile Events Manager WordPress plugin before 1.4.8 does not prope ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1193 (Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1192 (The Turn off all comments WordPress plugin through 1.0 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46779 (Insufficient input validation in SVC_ECC_PRIMITIVE system call in a co ...) + NOT-FOR-US: AMD +CVE-2021-46778 (Execution unit scheduler contention may lead to a side channel vulnera ...) + NOT-FOR-US: AMD +CVE-2021-46777 + RESERVED +CVE-2021-46776 + RESERVED +CVE-2021-46775 (Improper input validation in ABL may enable an attacker with physical ...) + NOT-FOR-US: AMD +CVE-2021-46774 (Insufficient DRAM address validation in System Management Unit (SMU) m ...) + NOT-FOR-US: AMD +CVE-2021-46773 (Insufficient input validation in ABL may enable a privileged attacker ...) + NOT-FOR-US: AMD +CVE-2021-46772 + RESERVED +CVE-2021-46771 (Insufficient validation of addresses in AMD Secure Processor (ASP) fir ...) + NOT-FOR-US: AMD +CVE-2021-46770 + RESERVED +CVE-2021-46769 (Insufficient syscall input validation in the ASP Bootloader may allow ...) + NOT-FOR-US: AMD +CVE-2021-46768 (Insufficient input validation in SEV firmware may allow an attacker to ...) + NOT-FOR-US: AMD +CVE-2021-46767 (Insufficient input validation in the ASP may allow an attacker with ph ...) + NOT-FOR-US: AMD +CVE-2021-46766 (Improper clearing of sensitive data in the ASP Bootloader may expose s ...) + NOT-FOR-US: AMD +CVE-2021-46765 (Insufficient input validation in ASP may allow an attacker with a comp ...) + NOT-FOR-US: AMD +CVE-2021-46764 (Improper validation of DRAM addresses in SMU may allow an attacker to ...) + NOT-FOR-US: AMD +CVE-2021-46763 (Insufficient input validation in the SMU may enable a privileged attac ...) + NOT-FOR-US: AMD +CVE-2021-46762 (Insufficient input validation in the SMU may allow an attacker to corr ...) + NOT-FOR-US: AMD +CVE-2021-46761 + REJECTED +CVE-2021-46760 (A malicious or compromised UApp or ABL can send a malformed system cal ...) + NOT-FOR-US: AMD +CVE-2021-46759 (Improper syscall input validation in AMD TEE (Trusted Execution Enviro ...) + NOT-FOR-US: AMD +CVE-2021-46758 (Insufficient validation of SPI flash addresses in the ASP (AMD Secure ...) + NOT-FOR-US: AMD +CVE-2021-46757 + RESERVED +CVE-2021-46756 (Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AM ...) + NOT-FOR-US: AMD +CVE-2021-46755 (Failure to unmap certain SysHub mappings in error paths of the ASP (AM ...) + NOT-FOR-US: AMD +CVE-2021-46754 (Insufficient input validation in the ASP (AMD Secure Processor) bootlo ...) + NOT-FOR-US: AMD +CVE-2021-46753 (Failure to validate the length fields of the ASP (AMD Secure Processor ...) + NOT-FOR-US: AMD +CVE-2021-46752 + RESERVED +CVE-2021-46751 + RESERVED +CVE-2021-46750 + RESERVED +CVE-2021-46749 (Insufficient bounds checking in ASP (AMD Secure Processor) may allow f ...) + NOT-FOR-US: AMD +CVE-2021-46748 (Insufficient bounds checking in the ASP (AMD Secure Processor) may all ...) + NOT-FOR-US: AMD +CVE-2021-46747 + RESERVED +CVE-2021-46746 + RESERVED +CVE-2021-46745 + RESERVED +CVE-2021-46744 (An attacker with access to a malicious hypervisor may be able to infer ...) + NOT-FOR-US: AMD +CVE-2022-28280 + RESERVED +CVE-2022-28279 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28278 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28277 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28276 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28275 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28274 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28273 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28272 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28271 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28270 (Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-28269 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28268 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28267 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28266 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28265 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28264 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28263 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28262 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28261 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28260 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28259 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28258 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28257 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28256 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28255 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28254 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28253 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28252 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28251 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28250 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28249 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28248 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28247 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28246 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28245 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28244 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28243 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28242 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28241 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28240 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28239 (Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (an ...) + NOT-FOR-US: Adobe +CVE-2022-28238 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28237 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28236 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28235 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28234 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28233 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28232 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28231 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28230 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-28229 (The hash functionality in userver before 42059b6319661583b3080cab9b595 ...) + NOT-FOR-US: userver +CVE-2022-28228 (Out-of-bounds read was discovered in YDB server. An attacker could con ...) + NOT-FOR-US: YDB server +CVE-2022-28227 + RESERVED +CVE-2022-28226 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...) + NOT-FOR-US: Yandex Browser +CVE-2022-28225 (Local privilege vulnerability in Yandex Browser for Windows prior to 2 ...) + NOT-FOR-US: Yandex Browser +CVE-2022-28224 (Clusters using Calico (version 3.22.1 and below), Calico Enterprise (v ...) + NOT-FOR-US: Calico +CVE-2022-1191 (SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperch ...) + NOT-FOR-US: livehelperchat +CVE-2022-1190 (Improper handling of user input in GitLab CE/EE versions 8.3 prior to ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1189 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1188 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1187 (The WordPress WP YouTube Live Plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1186 (The WordPress plugin Be POPIA Compliant exposed sensitive information ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28223 (Tekon KIO devices through 2022-03-30 allow an authenticated admin user ...) + NOT-FOR-US: Tekon KIO devices +CVE-2022-28222 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28221 (The CleanTalk AntiSpam plugin <= 5.173 for WordPress is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-28220 (Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffe ...) + NOT-FOR-US: Apache James +CVE-2022-1185 (A denial of service vulnerability when rendering RDoc files in GitLab ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1184 (A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() i ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2070205 + NOTE: https://git.kernel.org/linus/65f8ea4cd57dbd46ea13b41dc8bac03176b04233 +CVE-2022-1183 (On vulnerable configurations, the named daemon may, in some circumstan ...) + - bind9 1:9.18.3-1 + [bullseye] - bind9 (Vulnerable code not present) + [buster] - bind9 (Vulnerable code not present) + [stretch] - bind9 (Vulnerable code not present) + NOTE: https://kb.isc.org/v1/docs/cve-2022-1183 +CVE-2022-1182 (The Visual Slide Box Builder WordPress plugin through 3.2.9 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1181 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...) + NOT-FOR-US: OpenEMR +CVE-2022-1180 (Reflected Cross Site Scripting in GitHub repository openemr/openemr pr ...) + NOT-FOR-US: OpenEMR +CVE-2022-1179 (Non-Privilege User Can Created New Rule and Lead to Stored Cross Site ...) + NOT-FOR-US: OpenEMR +CVE-2022-1178 (Stored Cross Site Scripting in GitHub repository openemr/openemr prior ...) + NOT-FOR-US: OpenEMR +CVE-2022-1177 (Accounting User Can Download Patient Reports in openemr in GitHub repo ...) + NOT-FOR-US: OpenEMR +CVE-2022-1176 (Loose comparison causes IDOR on multiple endpoints in GitHub repositor ...) + NOT-FOR-US: livehelperchat +CVE-2022-1175 (Improper neutralization of user input in GitLab CE/EE versions 14.4 be ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1174 (A potential DoS vulnerability was discovered in Gitlab CE/EE versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1173 (stored xss in GitHub repository getgrav/grav prior to 1.7.33.) + NOT-FOR-US: Grav CMS +CVE-2022-1172 (Null Pointer Dereference Caused Segmentation Fault in GitHub repositor ...) + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/a26cb79c-9257-4fbf-98c5-a5a331efa264/ + NOTE: https://github.com/gpac/gpac/issues/2153 + NOTE: https://github.com/gpac/gpac/commit/55a183e6b8602369c04ea3836e05436a79fbc7f8 +CVE-2022-1171 (The Vertical scroll recent post WordPress plugin before 14.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1170 (In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there ...) + NOT-FOR-US: Wordpress theme +CVE-2022-1169 (There is a XSS vulnerability in Careerfy.) + NOT-FOR-US: Wordpress theme +CVE-2022-1168 (There is a Cross-Site Scripting vulnerability in the JobSearch WP JobS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1167 (There are unauthenticated reflected Cross-Site Scripting (XSS) vulnera ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1166 (The JobMonster Theme was vulnerable to Directory Listing in the /wp-co ...) + NOT-FOR-US: Wordpress theme +CVE-2022-1165 (The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1164 (The Wyzi Theme was affected by reflected XSS vulnerabilities in the bu ...) + NOT-FOR-US: Wordpress theme +CVE-2022-28219 (Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-28218 (An issue was discovered in CipherMail Webmail Messenger 1.1.1 through ...) + NOT-FOR-US: CipherMail Webmail Messenger +CVE-2022-28217 (Some part of SAP NetWeaver (EP Web Page Composer) does not sufficientl ...) + NOT-FOR-US: SAP +CVE-2022-28216 (SAP BusinessObjects Business Intelligence Platform (BI Workspace) - ve ...) + NOT-FOR-US: SAP +CVE-2022-28215 (SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, ...) + NOT-FOR-US: SAP +CVE-2022-28214 (During an update of SAP BusinessObjects Enterprise, Central Management ...) + NOT-FOR-US: SAP +CVE-2022-28213 (When a user access SOAP Web services in SAP BusinessObjects Business I ...) + NOT-FOR-US: SAP +CVE-2022-28212 + RESERVED + NOT-FOR-US: FlaggedRevs MediaWiki extension +CVE-2022-28211 + RESERVED + NOT-FOR-US: TimedMediaHandler MediaWiki extension +CVE-2022-28210 + RESERVED + NOT-FOR-US: JsonConfig MediaWiki extension +CVE-2022-28209 (An issue was discovered in Mediawiki through 1.37.1. The check for the ...) + NOT-FOR-US: MediaWiki AntiSpoof extension +CVE-2022-28208 + RESERVED + NOT-FOR-US: WikiBase MediaWiki extension +CVE-2022-28207 + RESERVED + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2022-28206 (An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidat ...) + NOT-FOR-US: MediaWiki FileImporter extension +CVE-2022-28205 (An issue was discovered in MediaWiki through 1.37.1. The CentralAuth e ...) + NOT-FOR-US: MediaWiki CentralAuth extension +CVE-2022-28204 (A denial-of-service issue was discovered in MediaWiki 1.37.x before 1. ...) + - mediawiki (Only affects 1.37 and later) + NOTE: https://phabricator.wikimedia.org/T297754 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ +CVE-2022-28203 (A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1 ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.6-1 + [stretch] - mediawiki (Fix along in next security release) + NOTE: https://phabricator.wikimedia.org/T297731 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ +CVE-2022-28202 (An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.6-1 + [stretch] - mediawiki (Fix along in next security release) + NOTE: https://phabricator.wikimedia.org/T297543 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ +CVE-2022-28201 (An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36 ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.6-1 + [stretch] - mediawiki (Fix along in next security release) + NOTE: https://phabricator.wikimedia.org/T297571 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/ +CVE-2022-28200 (NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, ...) + NOT-FOR-US: NVIDIA +CVE-2022-28199 (NVIDIA\u2019s distribution of the Data Plane Development Kit (MLNX_DPD ...) + {DSA-5222-1} + [experimental] - dpdk 22.11~rc2-1 + - dpdk 22.11.1-2 (bug #1019589) + [buster] - dpdk (Vulnerable code introduced later) + NOTE: https://git.dpdk.org/dpdk/commit/?id=60b254e3923d007bcadbb8d410f95ad89a2f13fa (main) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=25c01bd32374b0c3cbc260f3e3872408d749cb45 (v21.11.2) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=ef311075d21b4f68c8ccfc46a00cda7c2a0bf4cc (v20.11.6) + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=8b090f2664e9d014cd8fa0fde90597aaf4349e7e (v19.11.13) + NOTE: https://www.openwall.com/lists/oss-security/2022/08/29/3 +CVE-2022-28198 (NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its conf ...) + NOT-FOR-US: NVIDIA +CVE-2022-28197 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) + NOT-FOR-US: NVIDIA Jetson Linux Driver Package +CVE-2022-28196 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) + NOT-FOR-US: NVIDIA Jetson Linux Driver Package +CVE-2022-28195 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) + NOT-FOR-US: NVIDIA Jetson Linux Driver Package +CVE-2022-28194 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) + NOT-FOR-US: NVIDIA Jetson Linux Driver Package +CVE-2022-28193 (NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cbo ...) + NOT-FOR-US: NVIDIA Jetson Linux Driver Package +CVE-2022-28192 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-418 (bug #1011143) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) + - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28191 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28190 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28189 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28188 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28187 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28186 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28185 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1011141) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.151-1 (bug #1011142) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 (bug #1011143) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) + - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28184 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28183 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28182 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2022-28181 (NVIDIA GPU Display Driver for Windows and Linux contains a vulnerabili ...) + - nvidia-graphics-drivers 470.129.06-1 (bug #1011140) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (bug #1011141) + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia anymore) + - nvidia-graphics-drivers-legacy-390xx 390.151-1 (bug #1011142) + [bullseye] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb11u1 + [buster] - nvidia-graphics-drivers-legacy-390xx 390.151-1~deb10u1 + - nvidia-graphics-drivers-tesla-418 (bug #1011143) + [bullseye] - nvidia-graphics-drivers-tesla-418 (Non-free not supported, driver is EOLed and updates impossible) + - nvidia-graphics-drivers-tesla-450 450.191.01-1 (bug #1011144) + [bullseye] - nvidia-graphics-drivers-tesla-450 450.191.01-1~deb11u1 + - nvidia-graphics-drivers-tesla-460 (bug #1011145) + [bullseye] - nvidia-graphics-drivers-tesla-460 (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.129.06-1 (bug #1011146) + [bullseye] - nvidia-graphics-drivers-tesla-470 (Non-free not supported) + [experimental] - nvidia-graphics-drivers-tesla-510 510.73.08-1 + - nvidia-graphics-drivers-tesla-510 510.73.08-2 (bug #1011147) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5353 +CVE-2022-28180 + RESERVED +CVE-2022-28179 + RESERVED +CVE-2022-28178 + RESERVED +CVE-2022-28177 + RESERVED +CVE-2022-28176 + RESERVED +CVE-2022-28175 + RESERVED +CVE-2022-28174 + RESERVED +CVE-2022-28173 (The web server of some Hikvision wireless bridge products have an acce ...) + NOT-FOR-US: Hikvision +CVE-2022-28172 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...) + NOT-FOR-US: Hikvision +CVE-2022-28171 (The web module in some Hikvision Hybrid SAN/Cluster Storage products h ...) + NOT-FOR-US: Hikvision +CVE-2022-1163 (Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minew ...) + NOT-FOR-US: minewebcms +CVE-2022-1162 (A hardcoded password was set for accounts registered using an OmniAuth ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1161 (An attacker with the ability to modify a user program may change user ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-1160 (heap buffer overflow in get_one_sourceline in GitHub repository vim/vi ...) + - vim (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a6f3222d-2472-439d-8881-111138a5694c/ + NOTE: Introduced by: https://github.com/vim/vim/commit/85b43c6cb7d56919e245622f4e42db6d8bee4194 (v8.2.4603) + NOTE: Fixed by: https://github.com/vim/vim/commit/2bdad6126778f907c0b98002bfebf0e611a3f5db (v8.2.4647) +CVE-2022-28170 (Brocade Fabric OS Web Application services before Brocade Fabric v9.1. ...) + NOT-FOR-US: Brocade +CVE-2022-28169 (Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric O ...) + NOT-FOR-US: Brocade +CVE-2022-28168 (In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1 ...) + NOT-FOR-US: Brocade +CVE-2022-28167 (Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2 ...) + NOT-FOR-US: Brocade +CVE-2022-28166 (In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before ...) + NOT-FOR-US: Brocade +CVE-2022-28165 (A vulnerability in the role-based access control (RBAC) functionality ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-28164 (Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symme ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-28163 (In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints asso ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-28162 (Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentic ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-28161 (An information exposure through log file vulnerability in Brocade SANN ...) + NOT-FOR-US: Brocade SANnav +CVE-2022-1159 (Rockwell Automation Studio 5000 Logix Designer (all versions) are vuln ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-1158 (A flaw was found in KVM. When updating a guest's page table entry, vm_ ...) + {DSA-5127-1} + - linux 5.17.3-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2a8859f373b0a86f0ece8ec8312607eacf12485d (5.18-rc1) + NOTE: https://www.openwall.com/lists/oss-security/2022/04/08/4 +CVE-2022-1157 (Missing sanitization of logged exception messages in all versions prio ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1156 (The Books & Papers WordPress plugin through 0.20210223 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1155 (Old sessions are not blocked by the login enable function. in GitHub r ...) + - snipe-it (bug #1005172) +CVE-2022-1154 (Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8 ...) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/7f0ec6bc-ea0e-45b0-8128-caac72d23425 + NOTE: https://github.com/vim/vim/commit/b55986c52d4cd88a22d0b0b0e8a79547ba13e1d5 (v8.2.4646) + NOTE: Crash in CLI tool, no security impact +CVE-2022-1153 (The LayerSlider WordPress plugin before 7.1.2 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1152 (The Menubar WordPress plugin before 5.8 does not sanitise and escape t ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1151 + RESERVED +CVE-2022-1150 + RESERVED +CVE-2022-1149 + RESERVED +CVE-2022-28160 (Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28159 (Jenkins Tests Selector Plugin 1.3.3 and earlier does not escape the Pr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28158 (A missing permission check in Jenkins Pipeline: Phoenix AutoTest Plugi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28157 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28156 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier allows attac ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28155 (Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not con ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28154 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28153 (Jenkins SiteMonitor Plugin 0.6 and earlier does not escape URLs of sit ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28152 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28151 (A missing permission check in Jenkins Job and Node ownership Plugin 0. ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28150 (A cross-site request forgery (CSRF) vulnerability in Jenkins Job and N ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28149 (Jenkins Job and Node ownership Plugin 0.13.0 and earlier does not esca ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28148 (The file browser in Jenkins Continuous Integration with Toad Edge Plug ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28147 (A missing permission check in Jenkins Continuous Integration with Toad ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28146 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28145 (Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier d ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28144 (Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28143 (A cross-site request forgery (CSRF) vulnerability in Jenkins Proxmox P ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28142 (Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28141 (Jenkins Proxmox Plugin 0.5.0 and earlier stores the Proxmox Datacenter ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28140 (Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28139 (A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.1 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28138 (A cross-site request forgery (CSRF) vulnerability in Jenkins RocketCha ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28137 (A missing permission check in Jenkins JiraTestResultReporter Plugin 16 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28136 (A cross-site request forgery (CSRF) vulnerability in Jenkins JiraTestR ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28135 (Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28134 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28133 (Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-28132 + RESERVED +CVE-2022-28131 (Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17. ...) + - golang-1.18 1.18.4-1 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://github.com/golang/go/issues/53614 + NOTE: https://github.com/golang/go/commit/08c46ed43d80bbb67cb904944ea3417989be4af3 (go1.19rc2) + NOTE: https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96 (go1.18.4) + NOTE: https://github.com/golang/go/commit/58facfbe7db2fbb9afed794b281a70bdb12a60ae (go1.17.12) +CVE-2022-28130 + RESERVED +CVE-2022-28129 (Improper Input Validation vulnerability in HTTP/1.1 header parsing of ...) + {DSA-5206-1 DLA-3279-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2022-1148 (Improper authorization in GitLab Pages included with GitLab CE/EE affe ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1147 + RESERVED +CVE-2022-1146 (Inappropriate implementation in Resource Timing in Google Chrome prior ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1145 (Use after free in Extensions in Google Chrome prior to 100.0.4896.60 a ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1144 (Use after free in WebUI in Google Chrome prior to 100.0.4896.60 allowe ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1143 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1142 (Heap buffer overflow in WebUI in Google Chrome prior to 100.0.4896.60 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1141 (Use after free in File Manager in Google Chrome prior to 100.0.4896.60 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1140 + RESERVED +CVE-2022-1139 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1138 (Inappropriate implementation in Web Cursor in Google Chrome prior to 1 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1137 (Inappropriate implementation in Extensions in Google Chrome prior to 1 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1136 (Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 al ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1135 (Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.6 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1134 (Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1133 (Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1132 (Inappropriate implementation in Virtual Keyboard in Google Chrome on C ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1131 (Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allo ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1130 (Insufficient validation of trust input in WebOTP in Google Chrome on A ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1129 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1128 (Inappropriate implementation in Web Share API in Google Chrome on Wind ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1127 (Use after free in QR Code Generator in Google Chrome prior to 100.0.48 ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1126 + RESERVED +CVE-2022-1125 (Use after free in Portals in Google Chrome prior to 100.0.4896.60 allo ...) + {DSA-5112-1} + - chromium 100.0.4896.60-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1124 (An improper authorization issue has been discovered in GitLab CE/EE af ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1123 (The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46743 (In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., ...) + NOT-FOR-US: Firebase PHP-JWT +CVE-2020-36521 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2022-28128 (Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and ear ...) + NOT-FOR-US: AttacheCase +CVE-2022-27496 (Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and ...) + NOT-FOR-US: Zero-channel BBS Plus +CVE-2022-25348 (Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and ear ...) + NOT-FOR-US: AttacheCase +CVE-2022-1122 (A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in ...) + {DLA-2975-1} + - openjpeg2 2.5.0-1 + [bullseye] - openjpeg2 (Minor issue) + [buster] - openjpeg2 (Minor issue) + NOTE: https://github.com/uclouvain/openjpeg/issues/1368 + NOTE: https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d +CVE-2022-1121 (A lack of appropriate timeouts in GitLab Pages included in GitLab CE/E ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1120 (Missing filtering in an error message in GitLab CE/EE affecting all ve ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1119 (The Simple File List WordPress plugin is vulnerable to Arbitrary File ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1118 (Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbenc ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-1117 (A vulnerability was found in fapolicyd. The vulnerability occurs due t ...) + NOT-FOR-US: fapolicyd +CVE-2022-1116 (Integer Overflow or Wraparound vulnerability in io_uring of Linux Kern ...) + - linux (Vulnerable code not present; introduced in 5.4.24; fixed in 5.4.189) +CVE-2022-1115 (A heap-buffer-overflow flaw was found in ImageMagick\u2019s PushShortP ...) + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1013282) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (code is introduced later) + [stretch] - imagemagick (code is introduced later) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4974 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick6/commit/1f860f52bd8d58737ad883072203391096b30b51 (6.9.12-44) + NOTE: Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef476 (6.9.10-88) +CVE-2022-1114 (A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInf ...) + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Minor issue) + [stretch] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4947 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/78f03b619d08d7c2e0fcaccab407e3ac93c2ee8f +CVE-2022-1113 (The Flower Delivery by Florist One WordPress plugin through 3.7 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1112 (The Autolinks WordPress plugin through 1.0.1 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1111 (A business logic error in Project Import in GitLab CE/EE versions 14.9 ...) + - gitlab 15.10.8+ds1-2 +CVE-2020-36520 + RESERVED +CVE-2022-28125 + RESERVED +CVE-2022-28124 + RESERVED +CVE-2022-28123 + RESERVED +CVE-2022-28122 + RESERVED +CVE-2022-28121 + RESERVED +CVE-2022-28120 (Beijing Runnier Network Technology Co., Ltd Open virtual simulation ex ...) + NOT-FOR-US: Beijing Runnier Network Technology +CVE-2022-28119 + RESERVED +CVE-2022-28118 (SiteServer CMS v7.x allows attackers to execute arbitrary code via a c ...) + NOT-FOR-US: SiteServer CMS +CVE-2022-28117 (A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate ...) + NOT-FOR-US: Navigate CMS +CVE-2022-28116 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-28115 (Online Sports Complex Booking v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Online Sports Complex Booking +CVE-2022-28114 (DSCMS v3.0 was discovered to contain an arbitrary file deletion vulner ...) + NOT-FOR-US: DSCMS +CVE-2022-28113 (An issue in upload.csp of FANTEC GmbH MWiD25-DS Firmware v2.000.030 al ...) + NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware +CVE-2022-28112 + RESERVED +CVE-2022-28111 (MyBatis PageHelper v1.x.x-v3.7.0 v4.0.0-v5.0.0,v5.1.0-v5.3.0 was disco ...) + NOT-FOR-US: MyBatis PageHelper +CVE-2022-28110 (Hotel Management System v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Hotel Management System +CVE-2022-28109 (Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in ...) + NOT-FOR-US: Selenium +CVE-2022-28108 (Selenium Server (Grid) before 4 allows CSRF because it permits non-JSO ...) + NOT-FOR-US: Selenium +CVE-2022-28107 + RESERVED +CVE-2022-28106 (Online Sports Complex Booking System v1.0 was discovered to allow atta ...) + NOT-FOR-US: Online Sports Complex Booking System +CVE-2022-28105 (Online Sports Complex Booking System v1.0 was discovered to contain a ...) + NOT-FOR-US: Online Sports Complex Booking System +CVE-2022-28104 (Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file u ...) + NOT-FOR-US: Foxit PDF Editor +CVE-2022-28103 + RESERVED +CVE-2022-28102 (A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Ge ...) + NOT-FOR-US: PHP MySQL Admin Panel Generator +CVE-2022-28101 (Turtlapp Turtle Note v0.7.2.6 does not filter the tag during ma ...) + NOT-FOR-US: Turtlapp Turtle Note +CVE-2022-28100 + RESERVED +CVE-2022-28099 (Poultry Farm Management System v1.0 was discovered to contain a SQL in ...) + NOT-FOR-US: Poultry Farm Management System +CVE-2022-28098 + RESERVED +CVE-2022-28097 + RESERVED +CVE-2022-28096 (Skycaiji v2.4 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Skycaiji +CVE-2022-28095 + RESERVED +CVE-2022-28094 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...) + NOT-FOR-US: SCBS Online Sports Venue Reservation System +CVE-2022-28093 (SCBS Online Sports Venue Reservation System v1.0 was discovered to con ...) + NOT-FOR-US: SCBS Online Sports Venue Reservation System +CVE-2022-28092 + RESERVED +CVE-2022-28091 + RESERVED +CVE-2022-28090 (Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forg ...) + NOT-FOR-US: Jspxcms +CVE-2022-28089 + RESERVED +CVE-2022-28088 + RESERVED +CVE-2022-28087 + RESERVED +CVE-2022-28086 + RESERVED +CVE-2022-28085 (A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in ...) + - htmldoc 1.9.15-2 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u3 + [buster] - htmldoc 1.9.3-1+deb10u4 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/480 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/46c8ec2b9bccb8ccabff52d998c5eee77a228348 + NOTE: Crash in CLI tool, no security impact +CVE-2022-28084 + RESERVED +CVE-2022-28083 + RESERVED +CVE-2022-28082 (Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow ...) + NOT-FOR-US: Tenda +CVE-2022-28081 (A reflected cross-site scripting (XSS) vulnerability in the component ...) + NOT-FOR-US: khaled-alshamaa/ar-php +CVE-2022-28080 (Royal Event Management System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Royal Event Management System +CVE-2022-28079 (College Management System v1.0 was discovered to contain a SQL injecti ...) + NOT-FOR-US: College Management System +CVE-2022-28078 (Home Owners Collection Management v1 was discovered to contain a refle ...) + NOT-FOR-US: Home Owners Collection Management +CVE-2022-28077 (Home Owners Collection Management v1 was discovered to contain a refle ...) + NOT-FOR-US: Home Owners Collection Management +CVE-2022-28076 (Seacms v11.6 was discovered to contain a remote command execution (RCE ...) + NOT-FOR-US: Seacms +CVE-2022-28075 + RESERVED +CVE-2022-28074 (Halo-1.5.0 was discovered to contain a stored cross-site scripting (XS ...) + NOT-FOR-US: Halo +CVE-2022-28073 (A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4. ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/59a9dfb60acf8b5c0312061cffd9693fc9526053 (5.5.0) +CVE-2022-28072 (A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4 ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/027cd9b7274988bb1af866539ba6c2fa2ff63e45 (5.5.0) +CVE-2022-28071 (A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5 ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/65448811e5b9582a19cf631e03cfcaa025a92ef5 (5.5.0) +CVE-2022-28070 (A null pointer deference in __core_anal_fcn function in radare2 5.4.2 ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/4aff1bb00224de4f5bc118f987dfd5d2fe3450d0 (5.5.0) +CVE-2022-28069 (A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/49b0cebfdf0db9704e36f8a5533f1df6d3e2ed3a (5.5.0) +CVE-2022-28068 (A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4. ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/commit/637f4bd1af6752e28e0a9998e954e2e9ce6fa992 (5.5.0) +CVE-2022-28067 (An incorrect access control issue in Sandboxie Classic v5.55.13 allows ...) + NOT-FOR-US: Sandboxie Classic +CVE-2022-28066 + REJECTED +CVE-2022-28065 + RESERVED +CVE-2022-28064 + RESERVED +CVE-2022-28063 (Simple Bakery Shop Management System v1.0 contains a file disclosure v ...) + NOT-FOR-US: Simple Bakery Shop Management System +CVE-2022-28062 (Car Rental System v1.0 contains an arbitrary file upload vulnerability ...) + NOT-FOR-US: Car Rental System +CVE-2022-28061 + RESERVED +CVE-2022-28060 (SQL Injection vulnerability in Victor CMS v1.0, via the user_name para ...) + NOT-FOR-US: Victor CMS +CVE-2022-28059 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) + NOT-FOR-US: Verydows +CVE-2022-28058 (Verydows v2.0 was discovered to contain an arbitrary file deletion vul ...) + NOT-FOR-US: Verydows +CVE-2022-28057 + RESERVED +CVE-2022-28056 (ShopXO v2.2.5 and below was discovered to contain a system re-install ...) + NOT-FOR-US: ShopXO +CVE-2022-28055 (Fusionpbx v4.4 and below contains a command injection vulnerability vi ...) + NOT-FOR-US: Fusionpbx +CVE-2022-28054 (Improper sanitization of trigger action scripts in VanDyke Software VS ...) + NOT-FOR-US: VanDyke Software VShell +CVE-2022-28053 (Typemill v1.5.3 was discovered to contain an arbitrary file upload vul ...) + NOT-FOR-US: Typemill +CVE-2022-28052 (Directory Traversal vulnerability in file cn/roothub/store/FileSystemS ...) + NOT-FOR-US: Roothub +CVE-2022-28051 (The "Add category" functionality inside the "Global Keywords" menu in ...) + NOT-FOR-US: SeedDMS +CVE-2022-28050 + RESERVED +CVE-2022-28049 (NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference v ...) + NOT-FOR-US: njs +CVE-2022-28048 (STB v2.27 was discovered to contain an integer shift of invalid size i ...) + - libstb 0.0~git20230129.5736b15+ds-1 (unimportant) + NOTE: https://github.com/nothings/stb/issues/1293 + NOTE: https://github.com/nothings/stb/pull/1297 + NOTE: Negligible security impact + NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 + NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 + NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee + NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d +CVE-2022-28047 + RESERVED +CVE-2022-28046 + RESERVED +CVE-2022-28045 + RESERVED +CVE-2022-28044 (Irzip v0.640 was discovered to contain a heap memory corruption via th ...) + {DSA-5145-1 DLA-3005-1} + - lrzip 0.650-1 + NOTE: https://github.com/ckolivas/lrzip/issues/216 + NOTE: Fixed by: https://github.com/ckolivas/lrzip/commit/5faf80cd53ecfd16b636d653483144cd12004f46 (v0.650) +CVE-2022-28043 + RESERVED +CVE-2022-28042 (stb_image.h v2.27 was discovered to contain an heap-based use-after-fr ...) + {DLA-3305-1} + - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1289 + NOTE: https://github.com/nothings/stb/pull/1297 + NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 + NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 + NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee + NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d +CVE-2022-28041 (stb_image.h v2.27 was discovered to contain an integer overflow via th ...) + {DLA-3305-1} + - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014531) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1292 + NOTE: https://github.com/nothings/stb/pull/1297 + NOTE: https://github.com/nothings/stb/commit/84b94010a7b08003cc3fb93635582849398e7ae2 + NOTE: https://github.com/nothings/stb/commit/96fe76c21308653d22672e986dd39506f6871421 + NOTE: https://github.com/nothings/stb/commit/47164e4086c1349ef3042fb04e0f7f7ceaf1fcee + NOTE: https://github.com/nothings/stb/commit/5cfc2a744ad7047cda2396cc67772f313a46093d +CVE-2022-28040 + RESERVED +CVE-2022-28039 + RESERVED +CVE-2022-28038 + RESERVED +CVE-2022-28037 + RESERVED +CVE-2022-28036 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_nav ...) + NOT-FOR-US: AtomCMS +CVE-2022-28035 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_bl ...) + NOT-FOR-US: AtomCMS +CVE-2022-28034 (AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_lis ...) + NOT-FOR-US: AtomCMS +CVE-2022-28033 (Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads ...) + NOT-FOR-US: AtomCMS +CVE-2022-28032 (AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pag ...) + NOT-FOR-US: AtomCMS +CVE-2022-28031 + RESERVED +CVE-2022-28030 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-28029 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-28028 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-28027 + RESERVED +CVE-2022-28026 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Student Grading System +CVE-2022-28025 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Student Grading System +CVE-2022-28024 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Student Grading System +CVE-2022-28023 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Purchase Order Management System +CVE-2022-28022 (Purchase Order Management System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Purchase Order Management System +CVE-2022-28021 (Purchase Order Management System v1.0 was discovered to contain a remo ...) + NOT-FOR-US: Purchase Order Management System +CVE-2022-28020 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28019 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28018 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28017 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28016 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28015 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28014 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28013 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28012 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28011 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28010 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28009 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28008 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28007 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28006 (Attendance and Payroll System v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Attendance and Payroll System +CVE-2022-28005 (An issue was discovered in the 3CX Phone System Management Console pri ...) + NOT-FOR-US: 3CX Phone System Management Console +CVE-2022-28004 + RESERVED +CVE-2022-28003 + RESERVED +CVE-2022-28002 (Movie Seat Reservation v1 was discovered to contain an unauthenticated ...) + NOT-FOR-US: Movie Seat Reservation +CVE-2022-28001 (Movie Seat Reservation v1 was discovered to contain a SQL injection vu ...) + NOT-FOR-US: Movie Seat Reservation +CVE-2022-28000 (Car Rental System v1.0 was discovered to contain a SQL injection vulne ...) + NOT-FOR-US: Car Rental System +CVE-2022-27999 + RESERVED +CVE-2022-27998 + RESERVED +CVE-2022-27997 + RESERVED +CVE-2022-27996 + RESERVED +CVE-2022-27995 + RESERVED +CVE-2022-27994 + RESERVED +CVE-2022-27993 + RESERVED +CVE-2022-27992 (Zoo Management System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Zoo Management System +CVE-2022-27991 (Online Banking System in PHP v1 was discovered to contain multiple SQL ...) + NOT-FOR-US: Online Banking System in PHP +CVE-2022-27990 + RESERVED +CVE-2022-27989 + RESERVED +CVE-2022-27988 + RESERVED +CVE-2022-27987 + RESERVED +CVE-2022-27986 + RESERVED +CVE-2022-27985 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: CuppaCMS +CVE-2022-27984 (CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: CuppaCMS +CVE-2022-27983 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an ...) + NOT-FOR-US: RG-NBR-E Enterprise Gateway RG-NBR2100G-E +CVE-2022-27982 (RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a ...) + NOT-FOR-US: RG-NBR-E Enterprise Gateway RG-NBR2100G-E +CVE-2022-27981 + RESERVED +CVE-2022-27980 + RESERVED +CVE-2022-27979 (A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows at ...) + NOT-FOR-US: ToolJet +CVE-2022-27978 (Tooljet v1.6 does not properly handle missing values in the API, allow ...) + NOT-FOR-US: ToolJet +CVE-2022-27977 + RESERVED +CVE-2022-27976 + RESERVED +CVE-2022-27975 + RESERVED +CVE-2022-27974 + RESERVED +CVE-2022-27973 + RESERVED +CVE-2022-27972 + RESERVED +CVE-2022-27971 + RESERVED +CVE-2022-27970 + RESERVED +CVE-2022-27969 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) + NOT-FOR-US: Cynet 360 Web Portal +CVE-2022-27968 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) + NOT-FOR-US: Cynet 360 Web Portal +CVE-2022-27967 (Cynet 360 Web Portal before v4.5 was discovered to allow attackers to ...) + NOT-FOR-US: Cynet 360 Web Portal +CVE-2022-27966 (Xshell v7.0.0099 and below contains a binary hijack vulnerability whic ...) + NOT-FOR-US: NetSarang Xshell +CVE-2022-27965 (Xlpd v7.0.0094 and below contains a binary hijack vulnerability which ...) + NOT-FOR-US: NetSarang Xlpd +CVE-2022-27964 (Xmanager v7.0.0096 and below contains a binary hijack vulnerability wh ...) + NOT-FOR-US: NetSarang Xmanager +CVE-2022-27963 (Xftp 7.0.0088p and below contains a binary hijack vulnerability which ...) + NOT-FOR-US: NetSarang Xftp +CVE-2022-27962 (Bluecms 1.6 has a SQL injection vulnerability at cooike.) + NOT-FOR-US: BlueCMS +CVE-2022-27961 (A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in O ...) + NOT-FOR-US: OFCMS +CVE-2022-27960 (Insecure permissions configured in the user_id parameter at SysUserCon ...) + NOT-FOR-US: OFCMS +CVE-2022-27959 + RESERVED +CVE-2022-27958 (Insecure permissions configured in the userid parameter at /user/getus ...) + NOT-FOR-US: FEBS-Security +CVE-2022-27957 + RESERVED +CVE-2022-27956 + RESERVED +CVE-2022-27955 + RESERVED +CVE-2022-27954 + RESERVED +CVE-2022-27953 + RESERVED +CVE-2022-27952 (An arbitrary file upload vulnerability in the file upload module of Pa ...) + NOT-FOR-US: PayloadCMS +CVE-2022-27951 + RESERVED +CVE-2022-27950 (In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory ...) + - linux 5.16.11-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/817b8b9c5396d2b2d92311b46719aad5d3339dbe (5.17-rc5) + NOTE: https://www.openwall.com/lists/oss-security/2022/03/13/1 +CVE-2022-27949 (A vulnerability in UI of Apache Airflow allows an attacker to view unm ...) + - airflow (bug #819700) +CVE-2022-27948 (Certain Tesla vehicles through 2022-03-26 allow attackers to open the ...) + NOT-FOR-US: Tesla +CVE-2022-1110 (A buffer overflow vulnerability in Lenovo Smart Standby Driver prior t ...) + NOT-FOR-US: Lenovo +CVE-2022-1109 (An incorrect default permissions vulnerability in Lenovo Leyun cloud m ...) + NOT-FOR-US: Lenovo +CVE-2022-1108 (A potential vulnerability due to improper buffer validation in the SMI ...) + NOT-FOR-US: Lenovo +CVE-2022-1107 (During an internal product security audit a potential vulnerability du ...) + NOT-FOR-US: Lenovo +CVE-2022-27947 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) + NOT-FOR-US: NETGEAR +CVE-2022-27946 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) + NOT-FOR-US: NETGEAR +CVE-2022-27945 (NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to ex ...) + NOT-FOR-US: NETGEAR +CVE-2022-27944 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an e ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-27943 (libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in ...) + - gcc-12 (unimportant) + NOTE: Negligible security impact + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105039 +CVE-2022-27942 (tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_ ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/719 + NOTE: Crash in CLI tool, no security impact +CVE-2022-27941 (tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/716 + NOTE: Crash in CLI tool, no security impact +CVE-2022-27940 (tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/718 + NOTE: Crash in CLI tool, no security impact +CVE-2022-27939 (tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_ ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/717 + NOTE: Crash in CLI tool, no security impact +CVE-2022-27938 (stb_image.h (aka the stb image loader) 2.19, as used in libsixel and o ...) + - libstb (unimportant) + NOTE: Negligible security impact +CVE-2022-27937 (Pexip Infinity before 27.3 allows remote attackers to trigger excessiv ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27936 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27935 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27934 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27933 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27932 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27931 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27930 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27929 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-27928 (Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a s ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-1106 (use after free in mrb_vm_exec in GitHub repository mruby/mruby prior t ...) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/16b9d0ea-71ed-41bc-8a88-2deb4c20be8f + NOTE: https://github.com/mruby/mruby/commit/7f5a490d09f4d56801ac3a3e4e39e03e1471b44c + NOTE: Vulnerable code introduced in https://github.com/mruby/mruby/commit/b137eb2678cfba8d6ffcddff5326ebe8eb7f6a24 (3.1.0-rc) +CVE-2022-1105 (An improper access control vulnerability in GitLab CE/EE affecting all ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1104 (The Popup Maker WordPress plugin before 1.16.5 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1103 (The Advanced Uploader WordPress plugin through 4.2 allows any authenti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27927 (A SQL injection vulnerability exists in Microfinance Management System ...) + NOT-FOR-US: Microfinance Management System +CVE-2022-27926 (A reflected cross-site scripting (XSS) vulnerability in the /public/la ...) + NOT-FOR-US: Zimbra +CVE-2022-27925 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functiona ...) + NOT-FOR-US: Zimbra +CVE-2022-27924 (Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticate ...) + NOT-FOR-US: Zimbra +CVE-2022-27923 + RESERVED +CVE-2022-27922 + RESERVED +CVE-2022-27921 + RESERVED +CVE-2022-27920 (libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functi ...) + - libkiwix 10.1.0+dfsg-1 (bug #1008483) + [bullseye] - libkiwix (Vulnerable code introduced later) + [buster] - libkiwix (Vulnerable code introduced later) + NOTE: https://github.com/kiwix/libkiwix/issues/728 + NOTE: https://github.com/kiwix/libkiwix/pull/721 +CVE-2022-27919 (Gradle Enterprise before 2022.1 allows remote code execution if the in ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-27918 + REJECTED +CVE-2022-27917 + REJECTED +CVE-2022-27916 + REJECTED +CVE-2022-27915 + REJECTED +CVE-2022-27914 (An issue was discovered in Joomla! 4.0.0 through 4.2.4. Inadequate fil ...) + NOT-FOR-US: Joomla! +CVE-2022-27913 (An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate fil ...) + NOT-FOR-US: Joomla! +CVE-2022-27912 (An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with pub ...) + NOT-FOR-US: Joomla! +CVE-2022-27911 (An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosur ...) + NOT-FOR-US: Joomla! +CVE-2022-27910 (In Joomla component 'Joomlatools - DOCman 3.5.13 (and likely most vers ...) + NOT-FOR-US: Joomla component +CVE-2022-27909 (In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can ch ...) + NOT-FOR-US: Joomla component jDownloads +CVE-2022-27908 (Zoho ManageEngine OpManager before 125588 (and before 125603) is vulne ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-27907 (Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2022-27906 (Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To ...) + NOT-FOR-US: Mendelson OFTP2 +CVE-2022-27905 (In ControlUp Real-Time Agent before 8.6, an unquoted path can result i ...) + NOT-FOR-US: ControlUp Real-Time Agent +CVE-2022-27904 (Automox Agent for macOS before version 39 was vulnerable to a time-of- ...) + NOT-FOR-US: Automox Agent installation package on macOS +CVE-2022-27903 (An OS Command Injection vulnerability in the configuration parser of E ...) + NOT-FOR-US: EVE-NG Professional +CVE-2022-27902 + REJECTED +CVE-2022-27901 + RESERVED +CVE-2022-27900 + RESERVED +CVE-2022-27899 + RESERVED +CVE-2022-27898 + RESERVED +CVE-2022-27897 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...) + NOT-FOR-US: Palantir +CVE-2022-27896 (Information Exposure Through Log Files vulnerability discovered in Fou ...) + NOT-FOR-US: Foundry Code-Workbooks +CVE-2022-27895 (Information Exposure Through Log Files vulnerability discovered in Fou ...) + NOT-FOR-US: Foundry +CVE-2022-27894 (The Foundry Blobster service was found to have a cross-site scripting ...) + NOT-FOR-US: Foundry Blobster service +CVE-2022-27893 (The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - ...) + NOT-FOR-US: Foundry Magritte plugin osisoft-pi-web-connector +CVE-2022-27892 (Palantir Gotham versions prior to 3.22.11.2 included an unauthenticate ...) + NOT-FOR-US: Palantir +CVE-2022-27891 (Palantir Gotham included an unauthenticated endpoint that listed all a ...) + NOT-FOR-US: Palantir +CVE-2022-27890 (It was discovered that the sls-logging was not verifying hostnames in ...) + NOT-FOR-US: sls-logging +CVE-2022-27889 (The Multipass service was found to have code paths that could be abuse ...) + NOT-FOR-US: Palantir +CVE-2022-27888 (Foundry Issues service versions 2.244.0 to 2.249.0 was found to be log ...) + NOT-FOR-US: Foundry Issues service +CVE-2022-1102 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester +CVE-2022-1101 (A vulnerability was found in SourceCodester Royale Event Management Sy ...) + NOT-FOR-US: SourceCodester +CVE-2022-1100 (A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1099 (Adding a very large number of tags to a runner in GitLab CE/EE affecti ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-1098 (Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vu ...) + NOT-FOR-US: Delta Electronics DIAEnergie +CVE-2021-46742 (The multi-window module has a vulnerability of unauthorized insertion ...) + NOT-FOR-US: Harmony OS +CVE-2021-46741 (The basic framework and setting module have defects, which were introd ...) + NOT-FOR-US: Huawei +CVE-2021-46740 (The device authentication service module has a defect vulnerability in ...) + NOT-FOR-US: Harmony OS +CVE-2022-27887 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: Maccms +CVE-2022-27886 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: Maccms +CVE-2022-27885 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) + NOT-FOR-US: Maccms +CVE-2022-27884 (Maccms v10 was discovered to contain a reflected cross-site scripting ...) + NOT-FOR-US: Maccms +CVE-2022-27883 (A link following vulnerability in Trend Micro Antivirus for Mac 11.5 c ...) + NOT-FOR-US: Trend Micro +CVE-2022-27882 (slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedn ...) + NOT-FOR-US: slaacd from OpenBSD +CVE-2022-27881 (engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buff ...) + NOT-FOR-US: slaacd from OpenBSD +CVE-2022-27873 (An attacker can force the victim\u2019s device to perform arbitrary HT ...) + NOT-FOR-US: Autodesk +CVE-2022-27872 (A maliciously crafted PDF file may be used to dereference a pointer fo ...) + NOT-FOR-US: Autodesk +CVE-2022-27871 (Autodesk AutoCAD product suite, Revit, Design Review and Navisworks re ...) + NOT-FOR-US: Autodesk +CVE-2022-27870 (A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to ...) + NOT-FOR-US: Autodesk +CVE-2022-27869 (A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced ...) + NOT-FOR-US: Autodesk +CVE-2022-27868 (A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to ...) + NOT-FOR-US: Autodesk +CVE-2022-27867 (A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 20 ...) + NOT-FOR-US: Autodesk +CVE-2022-27866 (A maliciously crafted TIFF file when consumed through DesignReview.exe ...) + NOT-FOR-US: Autodesk +CVE-2022-27865 (A maliciously crafted TGA or PCX file may be used to write beyond the ...) + NOT-FOR-US: Autodesk +CVE-2022-27864 (A Double Free vulnerability allows remote attackers to execute arbitra ...) + NOT-FOR-US: Autodesk +CVE-2022-27186 + RESERVED +CVE-2022-27177 (A Python format string issue leading to information disclosure and pot ...) + NOT-FOR-US: Netflix ConsoleMe +CVE-2022-27171 + RESERVED +CVE-2022-26371 + RESERVED +CVE-2022-26064 + RESERVED +CVE-2022-1097 (NSSToken objects were referenced via direct points, and c ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-1097 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-1097 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-1097 +CVE-2022-1096 (Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a ...) + {DSA-5110-1} + - chromium 99.0.4844.84-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-1095 (The Mihdan: No External Links WordPress plugin before 5.0.2 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1094 (The amr users WordPress plugin before 4.59.4 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1093 (The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1092 (The myCred WordPress plugin before 2.4.3.1 does not have authorisation ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1091 (The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 c ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1090 (The Good & Bad Comments WordPress plugin through 1.0.0 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1089 (The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1088 (The Page Security & Membership WordPress plugin through 1.5.15 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1087 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: htmly +CVE-2022-1086 (A vulnerability was found in DolphinPHP up to 1.5.0 and classified as ...) + NOT-FOR-US: DolphinPHP +CVE-2022-1085 (A vulnerability was found in CLTPHP up to 6.0. It has been declared as ...) + NOT-FOR-US: CLTPHP +CVE-2022-1084 (A vulnerability classified as critical was found in SourceCodester One ...) + NOT-FOR-US: SourceCodester +CVE-2022-1083 (A vulnerability classified as critical has been found in Microfinance ...) + NOT-FOR-US: Microfinance Management System +CVE-2022-1082 (A vulnerability was found in SourceCodester Microfinance Management Sy ...) + NOT-FOR-US: Microfinance Management System +CVE-2022-1081 (A vulnerability was found in SourceCodester Microfinance Management Sy ...) + NOT-FOR-US: Microfinance Management System +CVE-2022-1080 (A vulnerability was found in SourceCodester One Church Management Syst ...) + NOT-FOR-US: SourceCodester +CVE-2022-1079 (A vulnerability classified as problematic has been found in SourceCode ...) + NOT-FOR-US: SourceCodester +CVE-2022-1078 (A vulnerability was found in SourceCodester College Website Management ...) + NOT-FOR-US: SourceCodester +CVE-2022-1077 (A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has ...) + NOT-FOR-US: TEM FLEX-1080 and FLEX-1085 +CVE-2022-1076 (A vulnerability was found in Automatic Question Paper Generator System ...) + NOT-FOR-US: Automatic Question Paper Generator System +CVE-2022-1075 (A vulnerability was found in College Website Management System 1.0 and ...) + NOT-FOR-US: College Website Management System +CVE-2022-1074 (A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified a ...) + NOT-FOR-US: TEM FLEX-1085 +CVE-2022-1073 (A vulnerability was found in Automatic Question Paper Generator 1.0. I ...) + NOT-FOR-US: Automatic Question Paper Generator +CVE-2022-1072 + REJECTED +CVE-2022-27494 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) + NOT-FOR-US: Aethon TUG Home Base Server +CVE-2022-26423 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) + NOT-FOR-US: Aethon TUG Home Base Server +CVE-2022-1071 (User after free in mrb_vm_exec in GitHub repository mruby/mruby prior ...) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + NOTE: https://huntr.dev/bounties/6597ece9-07af-415b-809b-919ce0a17cf3 + NOTE: https://github.com/mruby/mruby/commit/aaa28a508903041dd7399d4159a8ace9766b022f +CVE-2022-1070 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) + NOT-FOR-US: Aethon TUG Home Base Server +CVE-2022-1069 (A crafted HTTP packet with a large content-length header can create a ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2022-1068 (Modbus Tools Modbus Slave (versions 7.4.2 and prior) is vulnerable to ...) + NOT-FOR-US: Modbus Tools Modbus Slave +CVE-2022-1067 (Navigating to a specific URL with a patient ID number will result in t ...) + NOT-FOR-US: LifePoint Informatics Patient Portal +CVE-2022-27863 (Sensitive Information Exposure in E4J s.r.l. VikBooking Hotel Booking ...) + NOT-FOR-US: Vikbooking +CVE-2022-27862 (Arbitrary File Upload leading to RCE in E4J s.r.l. VikBooking Hotel Bo ...) + NOT-FOR-US: Vikbooking +CVE-2022-27861 (Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <=4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27860 (Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27859 (Multiple Authenticated (contributor or higher user role) Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27858 (CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27857 + RESERVED +CVE-2022-27856 (Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27855 (Cross-Site Request Forgery (CSRF) vulnerability in Fatcat Apps Analyti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27854 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27853 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27852 (Multiple Unauthenticated Stored Cross-Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27851 (Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) < ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27850 (Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27849 (Sensitive Information Disclosure (sac-export.csv) in Simple Ajax Chat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27848 (Authenticated (admin+ user) Stored Cross-Site Scripting (XSS) in Moder ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27847 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27846 (Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slide ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27845 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27844 (Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, S ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1066 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) + NOT-FOR-US: Aethon TUG Home Base Server +CVE-2022-1065 (A vulnerability within the authentication process of Abacus ERP allows ...) + NOT-FOR-US: Abacus ERP +CVE-2022-1064 (SQL injection through marking blog comments on bulk as spam in GitHub ...) + NOT-FOR-US: forkcms +CVE-2022-1063 (The Thank Me Later WordPress plugin through 3.3.4 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1062 (The th23 Social WordPress plugin through 1.2.0 does not sanitise and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1061 (Heap Buffer Overflow in parseDragons in GitHub repository radareorg/ra ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/a7546dae-01c5-4fb0-8a8e-c04ea4e9bac7 + NOTE: https://github.com/radareorg/radare2/commit/d4ce40b516ffd70cf2e9e36832d8de139117d522 +CVE-2018-25032 (zlib before 1.2.12 allows memory corruption when deflating (i.e., when ...) + {DSA-5111-1 DLA-2993-1 DLA-2968-1} + - zlib 1:1.2.11.dfsg-4 (bug #1008265) + - libz-mingw-w64 1.2.11+dfsg-5 + [bullseye] - libz-mingw-w64 (Minor issue) + [buster] - libz-mingw-w64 (Minor issue) + NOTE: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/24/1 + NOTE: Details: https://www.openwall.com/lists/oss-security/2022/03/26/1 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/27/1 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/1 +CVE-2022-27843 (DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 all ...) + NOT-FOR-US: Samsung +CVE-2022-27842 (DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22 ...) + NOT-FOR-US: Samsung +CVE-2022-27841 (Improper exception handling in Samsung Pass prior to version 3.7.07.5 ...) + NOT-FOR-US: Samsung +CVE-2022-27840 (Improper access control vulnerability in SamsungRecovery prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-27839 (Improper authentication vulnerability in SecretMode in Samsung Interne ...) + NOT-FOR-US: Samsung +CVE-2022-27838 (Improper access control vulnerability in FactoryCamera prior to versio ...) + NOT-FOR-US: Samsung +CVE-2022-27837 (A vulnerability using PendingIntent in Accessibility prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-27836 (Improper access control and path traversal vulnerability in Storage Ma ...) + NOT-FOR-US: Samsung +CVE-2022-27835 (Improper boundary check in UWB firmware prior to SMR Apr-2022 Release ...) + NOT-FOR-US: Samsung +CVE-2022-27834 (Use after free vulnerability in dsp_context_unload_graph function of D ...) + NOT-FOR-US: Samsung +CVE-2022-27833 (Improper input validation in DSP driver prior to SMR Apr-2022 Release ...) + NOT-FOR-US: Samsung +CVE-2022-27832 (Improper boundary check in media.extractor library prior to SMR Apr-20 ...) + NOT-FOR-US: Samsung +CVE-2022-27831 (Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior ...) + NOT-FOR-US: Samsung +CVE-2022-27830 (Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-27829 (Improper validation vulnerability in VerifyCredentialResponse prior to ...) + NOT-FOR-US: Samsung +CVE-2022-27828 (Improper validation vulnerability in MediaMonitorEvent prior to SMR Ap ...) + NOT-FOR-US: Samsung +CVE-2022-27827 (Improper validation vulnerability in MediaMonitorDimension prior to SM ...) + NOT-FOR-US: Samsung +CVE-2022-27826 (Improper validation vulnerability in SemSuspendDialogInfo prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-27825 (Improper size check in sapefd_parse_meta_HEADER function of libsapeext ...) + NOT-FOR-US: Samsung +CVE-2022-27824 (Improper size check of in sapefd_parse_meta_DESCRIPTION function of li ...) + NOT-FOR-US: Samsung +CVE-2022-27823 (Improper size check in sapefd_parse_meta_HEADER_old function of libsap ...) + NOT-FOR-US: Samsung +CVE-2022-27822 (Information exposure vulnerability in ril property setting prior to SM ...) + NOT-FOR-US: Samsung +CVE-2022-27821 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...) + NOT-FOR-US: Samsung +CVE-2022-27820 (OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the T ...) + - zaproxy (bug #897142) +CVE-2022-27819 (SWHKD 1.1.5 allows unsafe parsing via the -c option. An information le ...) + NOT-FOR-US: SWHKD +CVE-2022-27818 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be a ...) + NOT-FOR-US: SWHKD +CVE-2022-27817 (SWHKD 1.1.5 consumes the keyboard events of unintended users. This cou ...) + NOT-FOR-US: SWHKD +CVE-2022-27816 (SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be da ...) + NOT-FOR-US: SWHKD +CVE-2022-27815 (SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an ...) + NOT-FOR-US: SWHKD +CVE-2022-27814 (SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option.) + NOT-FOR-US: SWHKD +CVE-2022-27813 (Motorola MTM5000 series firmwares lack properly configured memory prot ...) + NOT-FOR-US: Motorola +CVE-2022-27812 (Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2 ...) + NOT-FOR-US: Flooding SNS firewall +CVE-2022-27811 (GNOME OCRFeeder before 0.8.4 allows OS command injection via shell met ...) + - ocrfeeder 0.8.5-1 (bug #1008320) + [bullseye] - ocrfeeder (Minor issue) + [buster] - ocrfeeder (Minor issue) + [stretch] - ocrfeeder (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/merge_requests/13 + NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/9209bce8afaf6fde19cdac7f5eaea1b744c3e79e (0.8.5) + NOTE: https://gitlab.gnome.org/GNOME/ocrfeeder/-/commit/afea0e722f1d14eaf14bf0e5ebb444d3271ff1ef (0.8.5) +CVE-2022-27810 (It was possible to trigger an infinite recursion condition in the erro ...) + NOT-FOR-US: Facebook Hermes +CVE-2022-27809 + RESERVED +CVE-2022-27802 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27801 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27800 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27799 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27798 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27797 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27796 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27795 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27794 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27793 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27792 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27791 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27790 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27789 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27788 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27787 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27786 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27785 (Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-27784 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) + NOT-FOR-US: Adobe +CVE-2022-27783 (Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earl ...) + NOT-FOR-US: Adobe +CVE-2022-27660 (A denial of service vulnerability exists in the confctl_set_guest_wlan ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-27633 (An information disclosure vulnerability exists in the confctl_get_gues ...) + NOT-FOR-US: TCL LinkHub Mesh Wifi +CVE-2022-27630 (An information disclosure vulnerability exists in the confctl_get_mast ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-27185 (A denial of service vulnerability exists in the confctl_set_master_wla ...) + NOT-FOR-US: TCL LinkHub Mesh Wifi +CVE-2022-27178 (A denial of service vulnerability exists in the confctl_set_wan_cfg fu ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-26346 (A denial of service vulnerability exists in the ucloud_del_node functi ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-1060 + RESERVED +CVE-2022-27782 (libcurl would reuse a previously created connection even when a TLS or ...) + {DSA-5197-1 DLA-3085-1} + - curl 7.83.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/5 + NOTE: https://curl.se/docs/CVE-2022-27782.html + NOTE: Fixed by: https://github.com/curl/curl/commit/f18af4f874cecab82a9797e8c7541e0990c7a64c (curl-7_83_1) + NOTE: Fixed by: https://github.com/curl/curl/commit/1645e9b44505abd5cbaf65da5282c3f33b5924a5 (curl-7_83_1) +CVE-2022-27781 (libcurl provides the `CURLOPT_CERTINFO` option to allow applications t ...) + {DSA-5197-1 DLA-3085-1} + - curl 7.83.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/4 + NOTE: https://curl.se/docs/CVE-2022-27781.html + NOTE: Introduced by: https://github.com/curl/curl/commit/f6c335d63f2da025a0a3efde1fe59e3bb7189b70 (curl-7_34_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/curl-7_83_1) +CVE-2022-27780 (The curl URL parser wrongly accepts percent-encoded URL separators lik ...) + - curl 7.83.1-1 + [bullseye] - curl (Vulnerable code introduced later) + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/3 + NOTE: https://curl.se/docs/CVE-2022-27780.html + NOTE: Introduced by: https://github.com/curl/curl/commit/9a8564a920188e49d5bd8c1c8573ddef97f6e03a (curl-7_80_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/914aaab9153764ef8fa4178215b8ad89d3ac263a (curl-7_83_1) +CVE-2022-27779 (libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) ...) + - curl 7.83.1-1 + [bullseye] - curl (Vulnerable code introduced later) + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/2 + NOTE: https://curl.se/docs/CVE-2022-27779.html + NOTE: Introduced by: https://github.com/curl/curl/commit/b27ad8e1d3e68eb3214fcbb398ca436873aa7c67 (curl-7_82_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/7e92d12b4e6911f424678a133b19de670e183a59 (curl-7_83_1) +CVE-2022-27778 (A use of incorrectly resolved name vulnerability fixed in 7.83.1 might ...) + - curl 7.83.1-1 + [bullseye] - curl (Vulnerable code introduced later) + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/11/1 + NOTE: https://curl.se/docs/CVE-2022-27778.html + NOTE: Fixed by: https://github.com/curl/curl/commit/8c7ee9083d0d719d0a77ab20d9cc2ae84eeea7f3 (curl-7_83_1) +CVE-2022-27777 (A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 wh ...) + {DSA-5372-1 DLA-3093-1} + - rails 2:6.1.6.1+dfsg-1 (bug #1016982) + NOTE: https://discuss.rubyonrails.org/t/cve-2022-27777-possible-xss-vulnerability-in-action-view-tag-helpers/80534 + NOTE: Fixed by: https://github.com/rails/rails/commit/123f42a573f7fcbf391885c135ca809f21615180 (v6.1.5.1) + NOTE: Regression fix: https://github.com/rails/rails/commit/7c2da9e51c5c02643f30d83aaad3ed5062adcad8 (6.1.6) + NOTE: Fixed by: https://github.com/rails/rails/commit/36a6dad07d572a0098c29d6d96a226638a7caa38 (v6.0.4.8) + NOTE: Regression fix: https://github.com/rails/rails/commit/1b5df893d82a27da907e9b8b75deff13179d1df3 (v6.0.5) + NOTE: Fixed by: https://github.com/rails/rails/commit/1278c0f0b4a18ea199f92b666b8b94954a74c20b (v5.2.7.1) + NOTE: Regression fix: https://github.com/rails/rails/commit/a1b8a9b5e5a905d0aeabf532e3f6b74116d5cce6 (v5.2.8) +CVE-2022-27776 (A insufficiently protected credentials vulnerability in fixed in curl ...) + {DSA-5197-1 DLA-3085-1} + - curl 7.83.0-1 (bug #1010252) + NOTE: https://curl.se/docs/CVE-2022-27776.html + NOTE: Fixed by: https://github.com/curl/curl/commit/6e659993952aa5f90f48864be84a1bbb047fc258 (curl-7_83_0) +CVE-2022-27775 (An information disclosure vulnerability exists in curl 7.65.0 to 7.82. ...) + {DSA-5197-1} + - curl 7.83.0-1 (bug #1010253) + [buster] - curl (Vulnerable code introduced later) + [stretch] - curl (Vulnerable code introduced later) + NOTE: https://curl.se/docs/CVE-2022-27775.html + NOTE: Introduced by: https://github.com/curl/curl/commit/2d0e9b40d3237b1450cbbfbcb996da244d964898 (curl-7_65_0) + NOTE: Fixed by: https://github.com/curl/curl/commit/058f98dc3fe595f21dc26a5b9b1699e519ba5705 (curl-7_83_0) +CVE-2022-27774 (An insufficiently protected credentials vulnerability exists in curl 4 ...) + {DSA-5197-1 DLA-3288-1} + - curl 7.83.0-1 (bug #1010254) + NOTE: https://curl.se/docs/CVE-2022-27774.html + NOTE: Fixed by: https://github.com/curl/curl/commit/620ea21410030a9977396b4661806bc187231b79 (curl-7_83_0) + NOTE: Followup: https://github.com/curl/curl/commit/139a54ed0a172adaaf1a78d6f4fff50b2c3f9e08 (curl-7_83_0) +CVE-2022-27773 (A privilege escalation vulnerability is identified in Ivanti EPM (LAND ...) + NOT-FOR-US: Ivanti +CVE-2022-27772 (spring-boot versions prior to version v2.2.11.RELEASE was vulnerable t ...) + NOT-FOR-US: Spring Boot +CVE-2022-27771 + RESERVED +CVE-2022-27770 + RESERVED +CVE-2022-27769 + RESERVED +CVE-2022-27768 + RESERVED +CVE-2022-27767 + RESERVED +CVE-2022-27766 + RESERVED +CVE-2022-27765 + RESERVED +CVE-2022-27764 + RESERVED +CVE-2022-27763 + RESERVED +CVE-2022-27762 + RESERVED +CVE-2022-27761 + RESERVED +CVE-2022-27760 + RESERVED +CVE-2022-27759 + RESERVED +CVE-2022-27758 + RESERVED +CVE-2022-27757 + RESERVED +CVE-2022-27756 + RESERVED +CVE-2022-27755 + RESERVED +CVE-2022-27754 + RESERVED +CVE-2022-27753 + RESERVED +CVE-2022-27752 + RESERVED +CVE-2022-27751 + RESERVED +CVE-2022-27750 + RESERVED +CVE-2022-27749 + RESERVED +CVE-2022-27748 + RESERVED +CVE-2022-27747 + RESERVED +CVE-2022-27746 + RESERVED +CVE-2022-27745 + RESERVED +CVE-2022-27744 + RESERVED +CVE-2022-27743 + RESERVED +CVE-2022-27742 + RESERVED +CVE-2022-27741 + RESERVED +CVE-2022-27740 + RESERVED +CVE-2022-27739 + RESERVED +CVE-2022-27738 + RESERVED +CVE-2022-27737 + RESERVED +CVE-2022-27736 + RESERVED +CVE-2022-27735 + RESERVED +CVE-2022-27734 + RESERVED +CVE-2022-27733 + RESERVED +CVE-2022-27732 + RESERVED +CVE-2022-27731 + RESERVED +CVE-2022-27730 + RESERVED +CVE-2022-27729 + RESERVED +CVE-2022-27728 + RESERVED +CVE-2022-27727 + RESERVED +CVE-2022-27726 + RESERVED +CVE-2022-27725 + RESERVED +CVE-2022-27724 + RESERVED +CVE-2022-27723 + RESERVED +CVE-2022-27722 + RESERVED +CVE-2022-27721 + RESERVED +CVE-2022-27720 + RESERVED +CVE-2022-27719 + RESERVED +CVE-2022-27718 + RESERVED +CVE-2022-27717 + RESERVED +CVE-2022-27716 + RESERVED +CVE-2022-27715 + RESERVED +CVE-2022-27714 + RESERVED +CVE-2022-27713 + RESERVED +CVE-2022-27712 + RESERVED +CVE-2022-27711 + RESERVED +CVE-2022-27710 + RESERVED +CVE-2022-27709 + RESERVED +CVE-2022-27708 + RESERVED +CVE-2022-27707 + RESERVED +CVE-2022-27706 + RESERVED +CVE-2022-27705 + RESERVED +CVE-2022-27704 + RESERVED +CVE-2022-27703 + RESERVED +CVE-2022-27702 + RESERVED +CVE-2022-27701 + RESERVED +CVE-2022-27700 + RESERVED +CVE-2022-27699 + RESERVED +CVE-2022-27698 + RESERVED +CVE-2022-27697 + RESERVED +CVE-2022-27696 + RESERVED +CVE-2022-27695 + RESERVED +CVE-2022-27694 + RESERVED +CVE-2022-27693 + RESERVED +CVE-2022-27692 + RESERVED +CVE-2022-27691 + RESERVED +CVE-2022-27690 + RESERVED +CVE-2022-27689 + RESERVED +CVE-2022-27688 + RESERVED +CVE-2022-27687 + RESERVED +CVE-2022-27686 + RESERVED +CVE-2022-27685 + RESERVED +CVE-2022-27684 + RESERVED +CVE-2022-27683 + RESERVED +CVE-2022-27682 + RESERVED +CVE-2022-27681 + RESERVED +CVE-2022-27680 + RESERVED +CVE-2022-27679 + RESERVED +CVE-2022-27678 + RESERVED +CVE-2022-27677 (Failure to validate privileges during installation of AMD Ryzen\u2122 ...) + NOT-FOR-US: AMD +CVE-2022-27676 + REJECTED +CVE-2022-27675 + REJECTED +CVE-2022-27674 (Insufficient validation in the IOCTL input/output buffer in AMD \u03bc ...) + NOT-FOR-US: AMD +CVE-2022-27673 (Insufficient access controls in the AMD Link Android app may potential ...) + NOT-FOR-US: AMD +CVE-2022-27672 (When SMT is enabled, certain AMD processors may speculatively execute ...) + - linux 6.1.12-1 + - xen 4.17.0+46-gaaf74a532c-1 (bug #1031567) + [bullseye] - xen (Vulnerable code not present) + [buster] - xen (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2023/02/14/4 + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1045 + NOTE: https://xenbits.xen.org/xsa/advisory-426.html + NOTE: https://kernel.org/doc/html//next/admin-guide/hw-vuln/cross-thread-rsb.html +CVE-2022-27671 (A CSRF token visible in the URL may possibly lead to information discl ...) + NOT-FOR-US: SAP +CVE-2022-27670 (SAP SQL Anywhere - version 17.0, allows an authenticated attacker to p ...) + NOT-FOR-US: SAP +CVE-2022-27669 (An unauthenticated user can use functions of XML Data Archiving Servic ...) + NOT-FOR-US: SAP +CVE-2022-27668 (Depending on the configuration of the route permission table in file ' ...) + NOT-FOR-US: SAP +CVE-2022-27667 (Under certain conditions, SAP BusinessObjects Business Intelligence pl ...) + NOT-FOR-US: SAP +CVE-2022-1059 (Aethon TUG Home Base Server versions prior to version 24 are affected ...) + NOT-FOR-US: Aethon TUG Home Base Server +CVE-2022-1058 (Open Redirect on login in GitHub repository go-gitea/gitea prior to 1. ...) + - gitea +CVE-2022-1057 (The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 do ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46739 + RESERVED +CVE-2022-27666 (A heap buffer overflow flaw was found in IPsec ESP transformation code ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.16.18-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/ebe48d368e97d007bfeb76fcb065d6cfc4c96645 (5.17-rc8) +CVE-2022-27665 (Reflected XSS (via AngularJS sandbox escape expressions) exists in Pro ...) + NOT-FOR-US: Progress Ipswitch WS_FTP Server +CVE-2022-27664 (In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers ca ...) + - golang-1.19 1.19.1-1 + - golang-1.18 1.18.6-1 + - golang-1.17 + - golang-1.15 + [bullseye] - golang-1.15 (Minor issue) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, follow bullseye DSAs/point-releases) + - golang-golang-x-net 1:0.0+git20221012.0b7e1fb+dfsg-1 + [bullseye] - golang-golang-x-net (Minor issue) + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/x49AQzIVX-s + NOTE: https://github.com/golang/go/issues/54658 + NOTE: https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1) + NOTE: https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6) + NOTE: https://github.com/golang/net/commit/f3363e06e74cdc304618bf31d898b78590103527 (v0.1.0) +CVE-2022-27663 + RESERVED +CVE-2022-27658 (Under certain conditions, SAP Innovation management - version 2.0, all ...) + NOT-FOR-US: SAP +CVE-2022-27657 (A highly privileged remote attacker, can gain unauthorized access to d ...) + NOT-FOR-US: SAP +CVE-2022-27656 (The Web administration UI of SAP Web Dispatcher and the Internet Commu ...) + NOT-FOR-US: SAP +CVE-2022-27655 (When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) receive ...) + NOT-FOR-US: SAP +CVE-2022-27654 (When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) rece ...) + NOT-FOR-US: SAP +CVE-2022-26518 (An OS command injection vulnerability exists in the console infactory_ ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26422 + RESERVED +CVE-2022-26420 (An OS command injection vulnerability exists in the console infactory_ ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26075 (An OS command injection vulnerability exists in the console infactory_ ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-1056 (Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers ...) + - tiff 4.4.0~rc1-1 (unimportant) + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/391 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/307 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c (v4.4.0rc1) + NOTE: Crash in CLI tool, no security impact +CVE-2022-28352 (WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4. ...) + - weechat 3.4.1-1 + [bullseye] - weechat (Vulnerable code introduced later) + [buster] - weechat (Vulnerable code introduced later) + [stretch] - weechat (Vulnerable code introduced later) + NOTE: https://weechat.org/doc/security/WSA-2022-1/ + NOTE: https://github.com/weechat/weechat/issues/1763 + NOTE: Fixed by: https://github.com/weechat/weechat/commit/710247891cdfd4e66ee6d1715e93626def6871f1 (v3.4.1) + NOTE: weechat.network.gnutls_ca_system/gnutls_ca_user introduced by: https://github.com/weechat/weechat/commit/c588ee21bc8fd33678893d5c67616033281032e3 (v3.2-rc1) +CVE-2022-27653 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-27652 (A flaw was found in cri-o, where containers were incorrectly started w ...) + - cri-o (bug #979702) +CVE-2022-27651 (A flaw was found in buildah where containers were incorrectly started ...) + [experimental] - golang-github-containers-buildah 1.27.0+ds1-2 + - golang-github-containers-buildah 1.28.0+ds1-2 (bug #1009882) + [bullseye] - golang-github-containers-buildah (Minor issue) + NOTE: https://github.com/containers/buildah/commit/e7e55c988c05dd74005184ceb64f097a0cfe645b (v1.25.1) + NOTE: https://github.com/containers/buildah/security/advisories/GHSA-c3g4-w6cv-6v7h +CVE-2022-27650 (A flaw was found in crun where containers were incorrectly started wit ...) + - crun 1.5+dfsg-1 (bug #1009881) + [bullseye] - crun 0.17+dfsg-1+deb11u1 + NOTE: https://github.com/containers/crun/commit/b847d146d496c9d7beba166fd595488e85488562 (1.4.4) +CVE-2022-27649 (A flaw was found in Podman, where containers were started incorrectly ...) + - libpod 3.4.6+ds1-1 (bug #1020906) + [bullseye] - libpod 3.0.1+dfsg1-3+deb11u2 + NOTE: https://github.com/containers/podman/releases/tag/v4.0.3 + NOTE: https://github.com/containers/podman/commit/aafa80918a245edcbdaceb1191d749570f1872d0 (main) + NOTE: https://github.com/containers/podman/commit/7b368768c2990b9781b2b6813e1c7f91c7e6cb13 (v4.0.3) +CVE-2022-27648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: KOYO Screen Creator +CVE-2022-27647 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2022-27646 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2022-27645 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2022-27644 (This vulnerability allows network-adjacent attackers to compromise the ...) + NOT-FOR-US: Netgear +CVE-2022-27643 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2022-27642 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2022-27641 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2022-27640 (A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-1055 (A use-after-free exists in the Linux Kernel in tc_new_tfilter that cou ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (5.17-rc3) +CVE-2022-1054 (The RSVP and Event Management Plugin WordPress plugin before 2.7.8 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1053 (Keylime does not enforce that the agent registrar data is the same whe ...) + NOT-FOR-US: Keylime +CVE-2022-1052 (Heap Buffer Overflow in iterate_chained_fixups in GitHub repository ra ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/3b3b7f77-ab8d-4de3-999b-eeec0a3eebe7 + NOTE: https://github.com/radareorg/radare2/commit/0052500c1ed5bf8263b26b9fd7773dbdc6f170c4 +CVE-2022-1051 (The WPQA Builder Plugin WordPress plugin before 5.2, used as a compani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1050 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) + {DLA-3362-1} + - qemu 1:7.1+dfsg-2 (bug #1014589) + [bullseye] - qemu (Minor issue) + [stretch] - qemu (rdma devices introduced in v2.12) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/31c4b6fb0293e359f9ef8a61892667e76eea4c99 (master, after v7.2.0) + NOTE: PVRDMA support not enabled in the binary packages until 1:3.1+dfsg-3, disabled again in 1:3.1+dfsg-4 until 1:4.1-1 +CVE-2022-1049 (A flaw was found in the Pacemaker configuration tool (pcs). The pcs da ...) + {DSA-5226-1 DLA-3108-1} + - pcs 0.11.3-1 + [stretch] - pcs (Vulnerable code introduced later, ./pcs/daemon/ not present) + NOTE: https://huntr.dev/bounties/7aa921fc-a568-4fd8-96f4-7cd826246aa5 + NOTE: https://github.com/ClusterLabs/pcs/commit/fb860005117dc9e092649687dfa1304fb423efc5 + NOTE: Introduced by https://github.com/ClusterLabs/pcs/commit/8378cf1a81efc0cd421483234943057e2be0a8ed (v0.10) +CVE-2022-1048 (A use-after-free flaw was found in the Linux kernel\u2019s sound subsy ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.16.18-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066706 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/4 +CVE-2022-1047 (The Themify Post Type Builder Search Addon WordPress plugin before 1.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1046 (The Visual Form Builder WordPress plugin before 3.0.7 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1045 (Stored XSS viva .svg file upload in GitHub repository polonel/trudesk ...) + NOT-FOR-US: Trudesk +CVE-2022-1044 (Sensitive Data Exposure Due To Insecure Storage Of Profile Image in Gi ...) + NOT-FOR-US: Trudesk +CVE-2022-1043 (A flaw was found in the Linux kernel\u2019s io_uring implementation. T ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997328 + NOTE: https://git.kernel.org/linus/a30f895ad3239f45012e860d4f94c1a388b36d14 (5.14-rc7) + NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-1043.c +CVE-2022-1042 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...) + NOT-FOR-US: Zyphyr +CVE-2022-1041 (In Zephyr bluetooth mesh core stack, an out-of-bound write vulnerabili ...) + NOT-FOR-US: Zyphyr +CVE-2022-27635 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3596-1} + - firmware-nonfree (bug #1051892) + [bookworm] - firmware-nonfree (Non-free not supported) + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00766.html + NOTE: Fixed upstream in linux-firmware/20230804 +CVE-2022-27626 (A vulnerability regarding concurrent execution using shared resource w ...) + NOT-FOR-US: Synology +CVE-2022-27625 (A vulnerability regarding improper restriction of operations within th ...) + NOT-FOR-US: Synology +CVE-2022-27624 (A vulnerability regarding improper restriction of operations within th ...) + NOT-FOR-US: Synology +CVE-2022-27623 (Missing authentication for critical function vulnerability in iSCSI ma ...) + NOT-FOR-US: Synology DiskStation Manager (DSM) +CVE-2022-27622 (Server-Side Request Forgery (SSRF) vulnerability in Package Center fun ...) + NOT-FOR-US: Synology DiskStation Manager (DSM) +CVE-2022-27621 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-27620 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-27619 (Cleartext transmission of sensitive information vulnerability in authe ...) + NOT-FOR-US: Synology Note Station Client +CVE-2022-27618 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-27617 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-27616 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-27615 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-27614 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: Synology +CVE-2022-27613 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2022-27612 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Synology +CVE-2022-27611 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-27610 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-27609 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...) + NOT-FOR-US: Forcepoint One Endpoint +CVE-2022-27608 (Forcepoint One Endpoint prior to version 22.01 installed on Microsoft ...) + NOT-FOR-US: Forcepoint One Endpoint +CVE-2022-27607 (Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom ...) + NOT-FOR-US: Bento4 +CVE-2022-27606 + RESERVED +CVE-2022-27605 + RESERVED +CVE-2022-27604 + RESERVED +CVE-2022-27603 + RESERVED +CVE-2022-27602 + RESERVED +CVE-2022-27601 + RESERVED +CVE-2022-27600 + RESERVED +CVE-2022-27599 (An insertion of sensitive information into Log file vulnerability has ...) + NOT-FOR-US: QNAP +CVE-2022-27598 (A vulnerability has been reported to affect QNAP operating systems. If ...) + NOT-FOR-US: QNAP +CVE-2022-27597 (A vulnerability has been reported to affect QNAP operating systems. If ...) + NOT-FOR-US: QNAP +CVE-2022-27596 (A vulnerability has been reported to affect QNAP device running QuTS h ...) + NOT-FOR-US: QNAP +CVE-2022-27595 + RESERVED +CVE-2022-27594 + RESERVED +CVE-2022-27593 (An externally controlled reference to a resource vulnerability has bee ...) + NOT-FOR-US: QNAP +CVE-2022-27592 + RESERVED +CVE-2022-27591 + RESERVED +CVE-2022-27590 + RESERVED +CVE-2022-27589 + RESERVED +CVE-2022-27588 (We have already fixed this vulnerability in the following versions of ...) + NOT-FOR-US: QNAP +CVE-2022-27587 + RESERVED +CVE-2022-27586 (Password recovery vulnerability in SICK SIM1004 Partnumber 1098148 wit ...) + NOT-FOR-US: SICK SIM1004 Partnumber 1098148 +CVE-2022-27585 (Password recovery vulnerability in SICK SIM1000 FX Partnumber 1097816 ...) + NOT-FOR-US: SICK SIM1000 FX Partnumber 1097816 and 1097817 +CVE-2022-27584 (Password recovery vulnerability in SICK SIM2000ST Partnumber 1080579 a ...) + NOT-FOR-US: SICK SIM2000ST Partnumber 2086502 and 1080579 +CVE-2022-27583 (A remote unprivileged attacker can interact with the configuration int ...) + NOT-FOR-US: Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 +CVE-2022-27582 (Password recovery vulnerability in SICK SIM4000 (PPC) Partnumber 10787 ...) + NOT-FOR-US: SICK SICK SIM4000 (PPC) Partnumber 1078787 +CVE-2022-27581 (Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmwa ...) + NOT-FOR-US: SICK +CVE-2022-27580 (A deserialization vulnerability in a .NET framework class used and not ...) + NOT-FOR-US: SICK +CVE-2022-27579 (A deserialization vulnerability in a .NET framework class used and not ...) + NOT-FOR-US: SICK +CVE-2022-27578 (An attacker can perform a privilege escalation through the SICK OEE if ...) + NOT-FOR-US: SICK +CVE-2022-27577 (The vulnerability in the MSC800 in all versions before 4.15 allows for ...) + NOT-FOR-US: SICK +CVE-2022-27576 (Information exposure vulnerability in Samsung DeX Home prior to SMR Ap ...) + NOT-FOR-US: Samsung +CVE-2022-27575 (Information exposure vulnerability in One UI Home prior to SMR April-2 ...) + NOT-FOR-US: Samsung +CVE-2022-27574 (Improper input validation vulnerability in parser_iloc and sheifd_find ...) + NOT-FOR-US: Samsung +CVE-2022-27573 (Improper input validation vulnerability in parser_infe and sheifd_find ...) + NOT-FOR-US: Samsung +CVE-2022-27572 (Heap-based buffer overflow vulnerability in parser_ipma function of li ...) + NOT-FOR-US: Samsung +CVE-2022-27571 (Heap-based buffer overflow vulnerability in sheifd_get_info_image func ...) + NOT-FOR-US: Samsung +CVE-2022-27570 (Heap-based buffer overflow vulnerability in parser_single_iref functio ...) + NOT-FOR-US: Samsung +CVE-2022-27569 (Heap-based buffer overflow vulnerability in parser_infe function in li ...) + NOT-FOR-US: Samsung +CVE-2022-27568 (Heap-based buffer overflow vulnerability in parser_iloc function in li ...) + NOT-FOR-US: Samsung +CVE-2022-27567 (Null pointer dereference vulnerability in parser_hvcC function of libs ...) + NOT-FOR-US: Samsung +CVE-2022-27566 + RESERVED +CVE-2022-27565 + RESERVED +CVE-2022-27564 + RESERVED +CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault Expres ...) + NOT-FOR-US: HCL +CVE-2022-27562 + RESERVED +CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...) + NOT-FOR-US: HCL +CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials.) + NOT-FOR-US: HCL +CVE-2022-27559 + RESERVED +CVE-2022-27558 (HCL iNotes is susceptible to a Broken Password Strength Checks vulnera ...) + NOT-FOR-US: HCL +CVE-2022-27557 + RESERVED +CVE-2022-27556 + RESERVED +CVE-2022-27555 + RESERVED +CVE-2022-27554 + RESERVED +CVE-2022-27553 + RESERVED +CVE-2022-27552 + RESERVED +CVE-2022-27551 (HCL Launch could allow an authenticated user to obtain sensitive infor ...) + NOT-FOR-US: HCL +CVE-2022-27550 + RESERVED +CVE-2022-27549 (HCL Launch may store certain data for recurring activities in a plain ...) + NOT-FOR-US: HCL +CVE-2022-27548 (HCL Launch stores user credentials in plain clear text which can be re ...) + NOT-FOR-US: HCL +CVE-2022-27547 (HCL iNotes is susceptible to a link to non-existent domain vulnerabili ...) + NOT-FOR-US: HCL +CVE-2022-27546 (HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vu ...) + NOT-FOR-US: HCL +CVE-2022-27545 (BigFix Web Reports authorized users may perform HTML injection for the ...) + NOT-FOR-US: BigFix Web Reports +CVE-2022-27544 (BigFix Web Reports authorized users may see SMTP credentials in clear ...) + NOT-FOR-US: BigFix Web Reports +CVE-2022-27543 + RESERVED +CVE-2022-27542 + RESERVED +CVE-2022-27541 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-27540 + RESERVED +CVE-2022-27539 (Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have b ...) + NOT-FOR-US: HP +CVE-2022-27538 (A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has be ...) + NOT-FOR-US: HP +CVE-2022-27537 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-27536 (Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be ca ...) + - golang-1.18 (MacOS-specific) + - golang-1.17 (MacOS-specific) + NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 + NOTE: https://go.dev/issue/51759 +CVE-2022-27535 (Kaspersky VPN Secure Connection for Windows version up to 21.5 was vul ...) + NOT-FOR-US: Kaspersky VPN Secure Connection for Windows +CVE-2022-27534 (Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security ...) + NOT-FOR-US: Kaspersky +CVE-2022-27533 + RESERVED +CVE-2022-27532 (A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can b ...) + NOT-FOR-US: Autodesk +CVE-2022-27531 (A maliciously crafted TIF file can be forced to read beyond allocated ...) + NOT-FOR-US: Autodesk +CVE-2022-27530 (A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, ...) + NOT-FOR-US: Autodesk +CVE-2022-27529 (A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2 ...) + NOT-FOR-US: Autodesk +CVE-2022-27528 (A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 c ...) + NOT-FOR-US: Autodesk +CVE-2022-27527 (A Memory Corruption vulnerability may lead to code execution through m ...) + NOT-FOR-US: Autodesk +CVE-2022-27526 (A malicious crafted TGA file when consumed through DesignReview.exe ap ...) + NOT-FOR-US: Autodesk +CVE-2022-27525 (A malicious crafted .dwf or .pct file when consumed through DesignRevi ...) + NOT-FOR-US: Autodesk +CVE-2022-27524 (An out-of-bounds read can be exploited in Autodesk TrueView 2022 may l ...) + NOT-FOR-US: Autodesk +CVE-2022-27523 (A buffer over-read can be exploited in Autodesk TrueView 2022 may lead ...) + NOT-FOR-US: Autodesk +CVE-2022-27522 + RESERVED +CVE-2022-27521 + RESERVED +CVE-2022-27520 + RESERVED +CVE-2022-27519 + RESERVED +CVE-2022-27518 (Unauthenticated remote arbitrary code execution) + NOT-FOR-US: Citrix +CVE-2022-27517 + RESERVED +CVE-2022-27516 (User login brute force protection functionality bypass) + NOT-FOR-US: Citrix +CVE-2022-27515 + RESERVED +CVE-2022-27514 + RESERVED +CVE-2022-27513 (Remote desktop takeover via phishing) + NOT-FOR-US: Citrix +CVE-2022-27512 (Temporary disruption of the ADM license service. The impact of this in ...) + NOT-FOR-US: Citrix +CVE-2022-27511 (Corruption of the system by a remote, unauthenticated user. The impact ...) + NOT-FOR-US: Citrix +CVE-2022-27510 (Unauthorized access to Gateway user capabilities) + NOT-FOR-US: Citrix +CVE-2022-27509 (Unauthenticated redirection to a malicious website) + NOT-FOR-US: Citrix +CVE-2022-27508 (Unauthenticated denial of service) + NOT-FOR-US: Citrix +CVE-2022-27507 (Authenticated denial of service) + NOT-FOR-US: Citrix +CVE-2022-27506 (Hard-coded credentials allow administrators to access the shell via th ...) + NOT-FOR-US: Citrix +CVE-2022-27505 (Reflected cross site scripting (XSS)) + NOT-FOR-US: Citrix +CVE-2022-27504 + RESERVED +CVE-2022-27503 (Cross-site Scripting (XSS) vulnerability in Citrix StoreFront affects ...) + NOT-FOR-US: Citrix +CVE-2022-27502 (RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privil ...) + NOT-FOR-US: RealVNC VNC Server +CVE-2022-27501 + RESERVED +CVE-2022-27500 (Incorrect default permissions for the Intel(R) Support Android applica ...) + NOT-FOR-US: Intel +CVE-2022-27233 (XML injection in the Quartus(R) Prime Programmer included in the Intel ...) + NOT-FOR-US: Intel +CVE-2022-27229 (Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7D ...) + NOT-FOR-US: Intel +CVE-2022-27183 (The Monitoring Console app configured in Distributed mode allows for a ...) + NOT-FOR-US: Splunk +CVE-2022-27180 (Uncontrolled search path in the Intel(R) MacCPUID software before vers ...) + NOT-FOR-US: Intel +CVE-2022-26889 (In Splunk Enterprise versions before 8.1.2, the uri path to load a rel ...) + NOT-FOR-US: Splunk +CVE-2022-26888 (Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard ed ...) + NOT-FOR-US: Intel +CVE-2022-26840 (Improper neutralization in the Intel(R) Quartus Prime Pro and Standard ...) + NOT-FOR-US: Intel +CVE-2022-26070 (When handling a mismatched pre-authentication cookie, the application ...) + NOT-FOR-US: Splunk +CVE-2022-26024 (Improper access control in the Intel(R) NUC HDMI Firmware Update Tool ...) + NOT-FOR-US: Intel +CVE-2022-26017 (Improper access control in the Intel(R) DSA software for before versio ...) + NOT-FOR-US: Intel +CVE-2022-25841 (Uncontrolled search path elements in the Intel(R) Datacenter Group Eve ...) + NOT-FOR-US: Intel +CVE-2022-1040 (An authentication bypass vulnerability in the User Portal and Webadmin ...) + NOT-FOR-US: Sophos +CVE-2022-1039 (The weak password on the web user interface can be exploited via HTTP ...) + NOT-FOR-US: Red Lion +CVE-2022-1038 (A potential security vulnerability has been identified in the HP Jumps ...) + NOT-FOR-US: HP +CVE-2022-27492 (An integer underflow in WhatsApp could have caused remote code executi ...) + NOT-FOR-US: WhatsApp +CVE-2022-27491 (A improper verification of source of a communication channel in Fortin ...) + NOT-FOR-US: FortiGuard +CVE-2022-27490 (A exposure of sensitive information to an unauthorized actor in Fortin ...) + NOT-FOR-US: Fortinet +CVE-2022-27489 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-27488 (A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise v ...) + NOT-FOR-US: FortiGuard +CVE-2022-27487 (A improper privilege management in Fortinet FortiSandbox version 4.2.0 ...) + NOT-FOR-US: Fortinet +CVE-2022-27486 + RESERVED +CVE-2022-27485 (A improper neutralization of special elements used in an sql command ( ...) + NOT-FOR-US: Fortinet +CVE-2022-27484 (A unverified password change in Fortinet FortiADC version 6.2.0 throug ...) + NOT-FOR-US: FortiGuard +CVE-2022-27483 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-27482 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-27481 (A vulnerability has been identified in SCALANCE W1788-1 M12 (All versi ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-27480 (A vulnerability has been identified in SICAM A8000 CP-8031 (All versio ...) + NOT-FOR-US: Siemens +CVE-2022-27479 (Apache Superset before 1.4.2 is vulnerable to SQL injection in chart d ...) + NOT-FOR-US: Apache Superset +CVE-2022-27478 (Victor v1.0 was discovered to contain a remote code execution (RCE) vu ...) + NOT-FOR-US: Victor CMS +CVE-2022-27477 (Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: Newbee-Mall +CVE-2022-27476 (A cross-site scripting (XSS) vulnerability at /admin/goods/update in N ...) + NOT-FOR-US: Newbee-Mall +CVE-2022-27475 (Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-syste ...) + NOT-FOR-US: tramyardg hotel-mgmt-system +CVE-2022-27474 (SuiteCRM v7.11.23 was discovered to allow remote code execution via a ...) + NOT-FOR-US: SuiteCRM +CVE-2022-27473 (SQL injection vulnerability in Topics Searching feature of Roothub 2.6 ...) + NOT-FOR-US: Roothub +CVE-2022-27472 (SQL injection vulnerability in Topics Counting feature of Roothub 2.6. ...) + NOT-FOR-US: Roothub +CVE-2022-27471 + RESERVED +CVE-2022-27470 (SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memor ...) + - libsdl2-ttf 2.0.18+dfsg-3 (bug #1010671) + [bullseye] - libsdl2-ttf (Vulnerable code not present) + [buster] - libsdl2-ttf (Vulnerable code not present) + [stretch] - libsdl2-ttf (Vulnerable code not present) + NOTE: https://github.com/libsdl-org/SDL_ttf/commit/db1b41ab8bde6723c24b866e466cad78c2fa0448 + NOTE: https://github.com/libsdl-org/SDL_ttf/issues/187 + NOTE: Introduced in https://github.com/libsdl-org/SDL_ttf/commit/31589bd7316d946d2eb122afaed68bc9b9b0fceb +CVE-2022-27469 (Monstaftp v2.10.3 was discovered to allow attackers to execute Server- ...) + NOT-FOR-US: Monstaftp +CVE-2022-27468 (Monstaftp v2.10.3 was discovered to contain an arbitrary file upload w ...) + NOT-FOR-US: Monstaftp +CVE-2022-27467 + RESERVED +CVE-2022-27466 (MCMS v5.2.27 was discovered to contain a SQL injection vulnerability i ...) + NOT-FOR-US: MCMS +CVE-2022-27465 + RESERVED +CVE-2022-27464 + RESERVED +CVE-2022-27463 (Open redirect vulnerability in objects/login.json.php in WWBN AVideo t ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-27462 (Cross Site Scripting (XSS) vulnerability in objects/function.php in fu ...) + NOT-FOR-US: WWBN AVideo +CVE-2022-27461 (In nopCommerce 4.50.1, an open redirect vulnerability can be triggered ...) + NOT-FOR-US: nopCommerce +CVE-2022-27460 + RESERVED +CVE-2022-27459 + RESERVED +CVE-2022-27458 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28099 +CVE-2022-27457 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-28098 +CVE-2022-27456 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28093 +CVE-2022-27455 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-28097 +CVE-2022-27454 + RESERVED +CVE-2022-27453 + RESERVED +CVE-2022-27452 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28090 +CVE-2022-27451 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-28094 +CVE-2022-27450 + RESERVED +CVE-2022-27449 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28089 +CVE-2022-27448 (There is an Assertion failure in MariaDB Server v10.9 and below via 'n ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28095 +CVE-2022-27447 (MariaDB Server v10.9 and below was discovered to contain a use-after-f ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28099 +CVE-2022-27446 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-28082 +CVE-2022-27445 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-28081 + NOTE: https://jira.mariadb.org/browse/MDEV-19398 +CVE-2022-27444 (MariaDB Server v10.9 and below was discovered to contain a segmentatio ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-28080 +CVE-2022-27443 + RESERVED +CVE-2022-27442 (TPCMS v3.2 allows attackers to access the ThinkPHP log directory and o ...) + NOT-FOR-US: TPCMS +CVE-2022-27441 (A stored cross-site scripting (XSS) vulnerability in TPCMS v3.2 allows ...) + NOT-FOR-US: TPCMS +CVE-2022-27440 + RESERVED +CVE-2022-27439 + RESERVED +CVE-2022-27438 (Caphyon Ltd Advanced Installer 19.3 and earlier and many products that ...) + NOT-FOR-US: Caphyon Ltd Advanced Installer +CVE-2022-27437 + RESERVED +CVE-2022-27436 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...) + NOT-FOR-US: Ecommerce-Website +CVE-2022-27435 (An unrestricted file upload at /public/admin/index.php?add_product of ...) + NOT-FOR-US: ashymuzuro/Full-Ecommece-Website +CVE-2022-27434 (UNIT4 TETA Mobile Edition (ME) before 29.5.HF17 was discovered to cont ...) + NOT-FOR-US: UNIT4 +CVE-2022-27433 + RESERVED +CVE-2022-27432 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...) + NOT-FOR-US: Pluck CMS +CVE-2022-27431 (Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Wuzhicms +CVE-2022-27430 + RESERVED +CVE-2022-27429 (Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forger ...) + NOT-FOR-US: Jizhicms +CVE-2022-27428 (A stored cross-site scripting (XSS) vulnerability in /index.php/album/ ...) + NOT-FOR-US: GalleryCMS +CVE-2022-27427 + REJECTED +CVE-2022-27426 (A Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows at ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-27425 (Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-27424 + RESERVED +CVE-2022-27423 (Chamilo LMS v1.11.13 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-27422 (A reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1 ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-27421 (Chamilo LMS v1.11.13 lacks validation on the user modification form, a ...) + NOT-FOR-US: Chamilo LMS +CVE-2022-27420 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-27419 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...) + [experimental] - rtl-433 21.12+git20220718+ds-1 + - rtl-433 21.12+git20220718+ds-2 (bug #1009788) + [bullseye] - rtl-433 (Vulnerable code introduced later) + NOTE: https://github.com/merbanan/rtl_433/issues/2012 + NOTE: Introduced by: https://github.com/merbanan/rtl_433/commit/1a9b05cb1b9af1a639fa765ee4a7939ca7d6dd32 (21.12) + NOTE: Fixed by: https://github.com/merbanan/rtl_433/commit/37455483889bd1c641bdaafc493d1cc236b74904 +CVE-2022-27418 (Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math ...) + - tcpreplay 4.4.1-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/703 + NOTE: https://github.com/appneta/tcpreplay/pull/712 + NOTE: https://github.com/appneta/tcpreplay/commit/e2ac765a25e902728b6d4a825358aa536e6668c2 (v4.4.1) + NOTE: https://github.com/appneta/tcpreplay/commit/7248ddb7ddd363b15b86e65022773f791764c33a (v4.4.1) + NOTE: https://github.com/appneta/tcpreplay/commit/b63f1697c9eae73c7880882e14f9a0ec9545f19a (v4.4.1) + NOTE: NOTE: Crash in CLI tool, no security impact +CVE-2022-27417 + RESERVED +CVE-2022-27416 (Tcpreplay v4.4.1 was discovered to contain a double-free via __interce ...) + - tcpreplay 4.4.1-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/702 + NOTE: https://github.com/appneta/tcpreplay/pull/711 + NOTE: https://github.com/appneta/tcpreplay/commit/9297ac29af91324e3f94580b8ffc2a40a4d59e98 (v4.4.1) + NOTE: https://github.com/appneta/tcpreplay/commit/45cb2ac23213861749d82ad3524f46e347d308a3 (v4.4.1) + NOTE: NOTE: Crash in CLI tool, no security impact +CVE-2022-27415 + RESERVED +CVE-2022-27414 + RESERVED +CVE-2022-27413 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-27412 (Explore CMS v1.0 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: Explore CMS +CVE-2022-27411 (TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLINK +CVE-2022-27410 + RESERVED +CVE-2022-27409 + RESERVED +CVE-2022-27408 + RESERVED +CVE-2022-27407 + RESERVED +CVE-2022-27406 (FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovere ...) + - freetype 2.11.1+dfsg-2 (bug #1010183) + [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 + [buster] - freetype 2.9.1-3+deb10u3 + [stretch] - freetype (Minor issue) + NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140 + NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/0c2bdb01a2e1d24a3e592377a6d0822856e10df2 (VER-2-12-0) +CVE-2022-27405 (FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovere ...) + - freetype 2.11.1+dfsg-2 (bug #1010183) + [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 + [buster] - freetype 2.9.1-3+deb10u3 + [stretch] - freetype (Minor issue) + NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139 + NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 (VER-2-12-0) +CVE-2022-27404 (FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovere ...) + - freetype 2.11.1+dfsg-2 (bug #1010183) + [bullseye] - freetype 2.10.4+dfsg-1+deb11u1 + [buster] - freetype 2.9.1-3+deb10u3 + [stretch] - freetype (Minor issue) + NOTE: https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138 + NOTE: Fixed by: https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db (VER-2-12-0) +CVE-2022-27403 + RESERVED +CVE-2022-27402 + RESERVED +CVE-2022-27401 + RESERVED +CVE-2022-27400 + RESERVED +CVE-2022-27399 + RESERVED +CVE-2022-27398 + RESERVED +CVE-2022-27397 + RESERVED +CVE-2022-27396 + RESERVED +CVE-2022-27395 + RESERVED +CVE-2022-27394 + RESERVED +CVE-2022-27393 + RESERVED +CVE-2022-27392 + RESERVED +CVE-2022-27391 + RESERVED +CVE-2022-27390 + RESERVED +CVE-2022-27389 + RESERVED +CVE-2022-27388 + RESERVED +CVE-2022-27387 (MariaDB Server v10.7 and below was discovered to contain a global buff ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26422 +CVE-2022-27386 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26406 +CVE-2022-27385 (An issue in the component Used_tables_and_const_cache::used_tables_and ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.13-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.5 onwards) + - mariadb-10.1 (Only affects MariaDB 10.5 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26415 +CVE-2022-27384 (An issue in the component Item_subselect::init_expr_cache_tracker of M ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26047 +CVE-2022-27383 (MariaDB Server v10.6 and below was discovered to contain an use-after- ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26323 +CVE-2022-27382 (MariaDB Server v10.7 and below was discovered to contain a segmentatio ...) + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 (Only affects MariaDB 10.4 onwards) + - mariadb-10.1 (Only affects MariaDB 10.4 onwards) + NOTE: https://jira.mariadb.org/browse/MDEV-26402 +CVE-2022-27381 (An issue in the component Field::set_default of MariaDB Server v10.6 a ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26061 +CVE-2022-27380 (An issue in the component my_decimal::operator= of MariaDB Server v10. ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26280 +CVE-2022-27379 (An issue in the component Arg_comparator::compare_real_fixed of MariaD ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26353 +CVE-2022-27378 (An issue in the component Create_tmp_table::finalize of MariaDB Server ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26423 +CVE-2022-27377 (MariaDB Server v10.6.3 and below was discovered to contain an use-afte ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26281 +CVE-2022-27376 (MariaDB Server v10.6.5 and below was discovered to contain an use-afte ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.8-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + - mariadb-10.1 + NOTE: https://jira.mariadb.org/browse/MDEV-26354 +CVE-2022-27375 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) + NOT-FOR-US: Tenda +CVE-2022-27374 (Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Requ ...) + NOT-FOR-US: Tenda +CVE-2022-27373 (Shanghai Feixun Data Communication Technology Co., Ltd router fir302b ...) + NOT-FOR-US: Shanghai Feixun Data Communication Technology Co +CVE-2022-27372 + RESERVED +CVE-2022-27371 + RESERVED +CVE-2022-27370 + RESERVED +CVE-2022-27369 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27368 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27367 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27366 (Cscms Music Portal System v4.2 was discovered to contain a blind SQL i ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27365 (Cscms Music Portal System v4.2 was discovered to contain a SQL injecti ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27364 + RESERVED +CVE-2022-27363 + RESERVED +CVE-2022-27362 + RESERVED +CVE-2022-27361 + RESERVED +CVE-2022-27360 (SpringBlade v3.2.0 and below was discovered to contain a SQL injection ...) + NOT-FOR-US: SpringBlade +CVE-2022-27359 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a th ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-27358 + RESERVED +CVE-2022-27357 (Ecommerce-Website v1 was discovered to contain an arbitrary file uploa ...) + NOT-FOR-US: Ecommerce-Website +CVE-2022-27356 + RESERVED +CVE-2022-27355 + RESERVED +CVE-2022-27354 + RESERVED +CVE-2022-27353 + RESERVED +CVE-2022-27352 (Simple House Rental System v1 was discovered to contain an arbitrary f ...) + NOT-FOR-US: Simple House Rental System +CVE-2022-27351 (Zoo Management System v1.0 was discovered to contain an arbitrary file ...) + NOT-FOR-US: Zoo Management System +CVE-2022-27350 + RESERVED +CVE-2022-27349 (Social Codia SMS v1 was discovered to contain an arbitrary file upload ...) + NOT-FOR-US: Social Codia SMS +CVE-2022-27348 (Social Codia SMS v1 was discovered to contain a stored cross-site scri ...) + NOT-FOR-US: Social Codia SMS +CVE-2022-27347 + RESERVED +CVE-2022-27346 (Ecommece-Website v1.1.0 was discovered to contain an arbitrary file up ...) + NOT-FOR-US: Ecommerce-Website +CVE-2022-27345 + RESERVED +CVE-2022-27344 + RESERVED +CVE-2022-27343 + RESERVED +CVE-2022-27342 (Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Link-Admin +CVE-2022-27341 (JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: JFinalCMS +CVE-2022-27340 (MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/sav ...) + NOT-FOR-US: MCMS +CVE-2022-27339 + RESERVED +CVE-2022-27338 + RESERVED +CVE-2022-27337 (A logic error in the Hints::Hints function of Poppler v22.03.0 allows ...) + {DSA-5224-1 DLA-3120-1} + - poppler 22.08.0-2 (bug #1010695) + [stretch] - poppler (Minor issue) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1230 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74 (poppler-22.04.0) +CVE-2022-27336 (Seacms v11.6 was discovered to contain a remote code execution (RCE) v ...) + NOT-FOR-US: Seacms +CVE-2022-27335 + RESERVED +CVE-2022-27334 + RESERVED +CVE-2022-27333 (idcCMS v1.10 was discovered to contain an issue which allows attackers ...) + NOT-FOR-US: idcCMS +CVE-2022-27332 (An access control issue in Zammad v5.0.3 allows attackers to write ent ...) + - zammad (bug #841355) +CVE-2022-27331 (An access control issue in Zammad v5.0.3 broadcasts administrative con ...) + - zammad (bug #841355) +CVE-2022-27330 (A cross-site scripting (XSS) vulnerability in /public/admin/index.php? ...) + NOT-FOR-US: E-Commerce Website +CVE-2022-27329 + RESERVED +CVE-2022-27328 + RESERVED +CVE-2022-27327 + RESERVED +CVE-2022-27326 + RESERVED +CVE-2022-27325 + RESERVED +CVE-2022-27324 + RESERVED +CVE-2022-27323 + RESERVED +CVE-2022-27322 + RESERVED +CVE-2022-27321 + RESERVED +CVE-2022-27320 + RESERVED +CVE-2022-27319 + RESERVED +CVE-2022-27318 + RESERVED +CVE-2022-27317 + RESERVED +CVE-2022-27316 + RESERVED +CVE-2022-27315 + RESERVED +CVE-2022-27314 + RESERVED +CVE-2022-27313 (An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attac ...) + - gitea +CVE-2022-27312 + RESERVED +CVE-2022-27311 (Gibbon v3.4.4 and below allows attackers to execute a Server-Side Requ ...) + NOT-FOR-US: amro/Gibbon +CVE-2022-27310 + RESERVED +CVE-2022-27309 + RESERVED +CVE-2022-27308 (A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimp ...) + NOT-FOR-US: PHProjekt PhpSimplyGest +CVE-2022-27307 + RESERVED +CVE-2022-27306 + REJECTED +CVE-2022-27305 (Gibbon v23 does not generate a new session ID cookie after a user auth ...) + NOT-FOR-US: GibbonEdu/core +CVE-2022-27304 (Student Grading System v1.0 was discovered to contain a SQL injection ...) + NOT-FOR-US: Student Grading System +CVE-2022-27303 + RESERVED +CVE-2022-27302 + RESERVED +CVE-2022-27301 + RESERVED +CVE-2022-27300 + RESERVED +CVE-2022-27299 (Hospital Management System v1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-27298 + RESERVED +CVE-2022-27297 + RESERVED +CVE-2022-27296 + RESERVED +CVE-2022-27295 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27294 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27293 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27292 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27291 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27290 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27289 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27288 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27287 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27286 (D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in ...) + NOT-FOR-US: D-Link +CVE-2022-27285 + RESERVED +CVE-2022-27284 + RESERVED +CVE-2022-27283 + RESERVED +CVE-2022-27282 + RESERVED +CVE-2022-27281 + RESERVED +CVE-2022-27280 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27279 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27278 + RESERVED +CVE-2022-27277 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27276 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27275 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27274 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27273 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27272 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27271 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27270 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27269 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27268 (InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 ...) + NOT-FOR-US: InHand Networks InRouter 900 Industrial 4G Router +CVE-2022-27267 + RESERVED +CVE-2022-27266 + RESERVED +CVE-2022-27265 + RESERVED +CVE-2022-27264 + RESERVED +CVE-2022-27263 (An arbitrary file upload vulnerability in the file upload module of St ...) + NOT-FOR-US: Strapi +CVE-2022-27262 (An arbitrary file upload vulnerability in the file upload module of Sk ...) + NOT-FOR-US: Skipper +CVE-2022-27261 (An arbitrary file write vulnerability in Express-FileUpload v1.3.1 all ...) + NOT-FOR-US: Express-FileUpload +CVE-2022-27260 (An arbitrary file upload vulnerability in the file upload component of ...) + NOT-FOR-US: ButterCMS +CVE-2022-27259 + RESERVED +CVE-2022-27232 + RESERVED +CVE-2022-27179 (A malicious actor having access to the exported configuration file may ...) + NOT-FOR-US: Red Lion +CVE-2022-26519 (There is no limit to the number of attempts to authenticate for the lo ...) + NOT-FOR-US: Hills ComNav +CVE-2022-26516 (Authorized users may install a maliciously modified package file when ...) + NOT-FOR-US: Red Lion +CVE-2022-26419 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple ...) + NOT-FOR-US: Omron CX-Position +CVE-2022-26417 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use af ...) + NOT-FOR-US: Omron CX-Position +CVE-2022-26022 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-o ...) + NOT-FOR-US: Omron CX-Position +CVE-2022-25959 (Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory c ...) + NOT-FOR-US: Omron CX-Position +CVE-2022-1037 (The EXMAGE WordPress plugin before 1.0.7 does to ensure that images ad ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1036 (Able to create an account with long password leads to memory corruptio ...) + NOT-FOR-US: microweber +CVE-2022-1035 (Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpa ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1016443) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/851942a4-1d64-4553-8fdc-9fccd167864b + NOTE: https://github.com/gpac/gpac/commit/3718d583c6ade191dc7979c64f48c001ca6f0243 +CVE-2022-1034 (There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10. ...) + NOT-FOR-US: ShowDoc +CVE-2022-1033 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) + NOT-FOR-US: Crater +CVE-2022-1032 (Insecure deserialization of not validated module file in GitHub reposi ...) + NOT-FOR-US: Crater +CVE-2022-1031 (Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/37da2cd6-0b46-4878-a32e-acbfd8f6f457 + NOTE: https://github.com/radareorg/radare2/commit/a7ce29647fcb38386d7439696375e16e093d6acb +CVE-2022-27258 (Multiple Cross-Site Scripting (XSS) vulnerabilities in Hubzilla 7.0.3 ...) + - hubzilla (bug #950399) +CVE-2022-27257 (A PHP Local File Inclusion vulneraility in the default Redbasic theme ...) + NOT-FOR-US: Redbasic theme for Hubzilla +CVE-2022-27256 (A PHP Local File inclusion vulnerability in the Redbasic theme for Hub ...) + NOT-FOR-US: Redbasic theme for Hubzilla +CVE-2022-27255 (In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function th ...) + NOT-FOR-US: Realtek eCos RSDK +CVE-2022-27254 (The remote keyless system on Honda Civic 2018 vehicles sends the same ...) + NOT-FOR-US: Honda +CVE-2022-27253 + RESERVED +CVE-2022-27252 + RESERVED +CVE-2022-27251 + RESERVED +CVE-2022-27250 (The UNISOC chipset through 2022-03-15 allows attackers to obtain remot ...) + NOT-FOR-US: UNISOC +CVE-2022-1030 (Okta Advanced Server Access Client for Linux and macOS prior to versio ...) + NOT-FOR-US: Okta Advanced Server Access Client +CVE-2022-1029 (The Limit Login Attempts WordPress plugin before 4.0.72 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1028 (The WordPress Security Firewall, Malware Scanner, Secure Login and Bac ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27249 (An unrestricted file upload vulnerability in IdeaRE RefTree before 202 ...) + NOT-FOR-US: IdeaRE RefTree +CVE-2022-27248 (A directory traversal vulnerability in IdeaRE RefTree before 2021.09.1 ...) + NOT-FOR-US: IdeaRE RefTree +CVE-2022-27247 (onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an att ...) + NOT-FOR-US: cdSoft Winhotel.MX +CVE-2022-27246 (An issue was discovered in MISP before 2.4.156. An SVG org logo (which ...) + NOT-FOR-US: MISP +CVE-2022-27245 (An issue was discovered in MISP before 2.4.156. app/Model/Server.php d ...) + NOT-FOR-US: MISP +CVE-2022-27244 (An issue was discovered in MISP before 2.4.156. A malicious site admin ...) + NOT-FOR-US: MISP +CVE-2022-27243 (An issue was discovered in MISP before 2.4.156. app/View/Users/terms.c ...) + NOT-FOR-US: MISP +CVE-2022-27242 (A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G E ...) + NOT-FOR-US: OpenV2G / Siemens +CVE-2022-27241 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2022-1027 (The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1026 (Kyocera multifunction printers running vulnerable versions of Net View ...) + NOT-FOR-US: Kyocera printers +CVE-2022-1025 (All unpatched versions of Argo CD starting with v1.0.0 are vulnerable ...) + NOT-FOR-US: Argo CD +CVE-2022-1024 + REJECTED +CVE-2022-1023 (The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1022 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) + NOT-FOR-US: chatwoot +CVE-2022-1021 (Insecure Storage of Sensitive Information in GitHub repository chatwoo ...) + NOT-FOR-US: chatwoot +CVE-2022-1020 (The Product Table for WooCommerce (wooproducttable) WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27240 (scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer ...) + - glewlwyd 2.6.1-2 + [bullseye] - glewlwyd (Minor issue) + [buster] - glewlwyd (Minor issue) + NOTE: https://github.com/babelouest/glewlwyd/commit/4c5597c155bfbaf6491cf6b83479d241ae66940a (v2.6.2) +CVE-2022-29869 (cifs-utils through 6.14, with verbose logging, can cause an informatio ...) + {DSA-5157-1 DLA-3009-1} + - cifs-utils 2:6.14-1.1 (bug #1010818) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15026 + NOTE: https://github.com/piastry/cifs-utils/pull/7 + NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379 (cifs-utils-6.15) +CVE-2022-27239 (In cifs-utils through 6.14, a stack-based buffer overflow when parsing ...) + {DSA-5157-1 DLA-3009-1} + - cifs-utils 2:6.14-1.1 (bug #1010818) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=15025 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197216 + NOTE: https://github.com/piastry/cifs-utils/pull/7 + NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=007c07fd91b6d42f8bd45187cf78ebb06801139d (cifs-utils-6.15) +CVE-2022-27238 (BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross ...) + NOT-FOR-US: BigBlueButton +CVE-2022-27237 (There is a cross-site scripting (XSS) vulnerability in an NI Web Serve ...) + NOT-FOR-US: NI +CVE-2022-27236 + RESERVED +CVE-2022-26887 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26667 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26666 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26514 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26349 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-25880 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-1019 (Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vu ...) + NOT-FOR-US: Automated Logic WebCtrl Server +CVE-2022-1018 (When opening a malicious solution file provided by an attacker, the ap ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-27172 (A hard-coded password vulnerability exists in the console infactory fu ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-1017 + RESERVED +CVE-2022-1016 (A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.16.18-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5 + NOTE: Fixed by: https://git.kernel.org/linus/4c905f6740a365464e91467aa50916555b28213d +CVE-2022-1015 (A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_ ...) + - linux 5.16.18-1 + [bullseye] - linux (Vulnerability introduced later in 5.12-rc1) + [buster] - linux (Vulnerability introduced later in 5.12-rc1) + [stretch] - linux (Vulnerability introduced later in 5.12-rc1) + NOTE: https://www.openwall.com/lists/oss-security/2022/03/28/5 + NOTE: Introduced by: https://git.kernel.org/linus/49499c3e6e18b7677a63316f3ff54a16533dc28f (4.1-rc1) + NOTE: Exploitable after: https://git.kernel.org/linus/345023b0db315648ccc3c1a36aee88304a8b4d91 (5.12-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/6e1acfa387b9ff82cfc7db8cc3b6959221a95851 +CVE-2022-1014 (The WP Contacts Manager WordPress plugin through 2.2.4 fails to proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1013 (The Personal Dictionary WordPress plugin before 1.3.4 fails to properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1012 (A memory leak problem was found in the TCP source port generation algo ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.17.11-1 + [bullseye] - linux 5.10.127-1 + NOTE: https://git.kernel.org/linus/b2d057560b8107c633b39aabe517ff9d93f285e3 (5.18-rc6) +CVE-2022-1011 (A use-after-free flaw was found in the Linux kernel\u2019s FUSE filesy ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.16.18-1 + [bullseye] - linux 5.10.106-1 + NOTE: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 (5.17-rc8) +CVE-2022-1010 (The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1009 (The Smush WordPress plugin before 3.9.9 does not sanitise and escape a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1008 (The One Click Demo Import WordPress plugin before 3.1.0 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1007 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1006 (The Advanced Booking Calendar WordPress plugin before 1.7.1 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1005 (The WP Statistics WordPress plugin before 13.2.2 does not sanitise the ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1004 (Accounted time is shown in the Ticket Detail View (External Interface) ...) + NOT-FOR-US: OTRS + NOTE: Issue is listed as specific to 7.x and 8.x, so won't affect Znuny which forked from 6.x +CVE-2022-1003 (One of the API in Mattermost version 6.3.0 and earlier fails to proper ...) + - mattermost-server (bug #823556) +CVE-2022-1002 (Mattermost 6.3.0 and earlier fails to properly sanitize the HTML conte ...) + - mattermost-server (bug #823556) +CVE-2022-1001 (The WP Downgrade WordPress plugin before 1.2.3 only perform client sid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-1000 (Path Traversal in GitHub repository prasathmani/tinyfilemanager prior ...) + NOT-FOR-US: prasathmani/tinyfilemanager +CVE-2022-27228 (In the vote (aka "Polls, Votes") module before 21.0.100 of Bitrix Site ...) + NOT-FOR-US: Bitrix Site Manager +CVE-2022-27227 (In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and ...) + - pdns-recursor 4.6.1-1 + [bullseye] - pdns-recursor (Minor issue) + [buster] - pdns-recursor (Minor issue) + [stretch] - pdns-recursor (Minor issue) + - pdns 4.6.1-1 + [bullseye] - pdns (Minor issue) + [buster] - pdns (Minor issue) + [stretch] - pdns (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/03/25/1 +CVE-2022-27226 (A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 ...) + NOT-FOR-US: iRZ Mobile Routers +CVE-2022-0999 (An authenticated user may be able to misuse parameters to inject arbit ...) + NOT-FOR-US: mySCADA myPRO +CVE-2022-0998 (An integer overflow flaw was found in the Linux kernel\u2019s virtio d ...) + - linux 5.15.15-1 (unimportant) + [bullseye] - linux 5.10.92-1 + [buster] - linux (ulnerable code not present) + [stretch] - linux (ulnerable code not present) + NOTE: https://git.kernel.org/linus/3ed21c1451a14d139e1ceb18f2fa70865ce3195a (5.16-rc6) + NOTE: CONFIG_VHOST_VDPA not set in Debian +CVE-2022-0997 (Improper file permissions in the CommandPost, Collector, and Sensor co ...) + NOT-FOR-US: Fidelis +CVE-2022-0996 (A vulnerability was found in the 389 Directory Server that allows expi ...) + {DLA-3399-1} + - 389-ds-base 2.0.15-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064769 + NOTE: https://github.com/389ds/389-ds-base/issues/5221 + NOTE: https://github.com/389ds/389-ds-base/commit/b7fd028e5e67686afea617beb1791e9f3e7a4cb9 (389-ds-base-2.1.1) + NOTE: https://github.com/389ds/389-ds-base/commit/e6431d959bf3cd07160c5b1822802d5f532d956a (389-ds-base-2.0.15) +CVE-2022-0995 (An out-of-bounds (OOB) memory write flaw was found in the Linux kernel ...) + - linux 5.16.18-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063786 +CVE-2022-0994 (The Hummingbird WordPress plugin before 3.3.2 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-27225 (Gradle Enterprise before 2021.4.3 relies on cleartext data transmissio ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-27224 (An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6 ...) + NOT-FOR-US: Galleon NTS-6002-GPS +CVE-2022-27223 (In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16 ...) + {DLA-3065-1} + - linux 5.16.12-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/7f14c7227f342d9932f9b918893c8814f86d2a0d (5.17-rc6) +CVE-2022-27222 + RESERVED +CVE-2022-0993 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0992 (The SiteGround Security plugin for WordPress is vulnerable to authenti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0991 (Insufficient Session Expiration in GitHub repository admidio/admidio p ...) + NOT-FOR-US: admidio +CVE-2022-0990 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) + - calibre-web (bug #982690) +CVE-2020-36519 (Mimecast Email Security before 2020-01-10 allows any admin to spoof an ...) + NOT-FOR-US: Mimecast Email Security +CVE-2022-27221 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-27220 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-27219 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-27194 (A vulnerability has been identified in SIMATIC PCS neo (Administration ...) + NOT-FOR-US: Siemens +CVE-2022-0989 (An unprivileged user could use the functionality of the NS WooCommerce ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0988 (Delta Electronics DIAEnergie (Version 1.7.5 and prior) is vulnerable t ...) + NOT-FOR-US: Delta Electronics +CVE-2022-0987 (A flaw was found in PackageKit in the way some of the methods exposed ...) + - packagekit (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064315 + NOTE: Negligible security impact +CVE-2022-0986 (Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repositor ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-0985 (Insufficient capability checks could allow users with the moodle/site: ...) + - moodle +CVE-2022-0984 (Users with the capability to configure badge criteria (teachers and ma ...) + - moodle +CVE-2022-0983 (An SQL injection risk was identified in Badges code relating to config ...) + - moodle +CVE-2022-0982 (The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suff ...) + NOT-FOR-US: ACCEL-PPP +CVE-2022-0981 (A flaw was found in Quarkus. The state and potentially associated perm ...) + NOT-FOR-US: Quarkus +CVE-2022-27218 (Jenkins incapptic connect uploader Plugin 1.15 and earlier stores toke ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27217 (Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passw ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27216 (Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passw ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27215 (A missing permission check in Jenkins Release Helper Plugin 1.3.3 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27214 (A cross-site request forgery (CSRF) vulnerability in Jenkins Release H ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27213 (Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27212 (Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27211 (A missing permission check in Jenkins Kubernetes Continuous Deploy Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27210 (A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernete ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27209 (A missing permission check in Jenkins Kubernetes Continuous Deploy Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27208 (Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows u ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27207 (Jenkins global-build-stats Plugin 1.5 and earlier does not escape mult ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27206 (Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLa ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27205 (A missing permission check in Jenkins Extended Choice Parameter Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27204 (A cross-site request forgery vulnerability in Jenkins Extended Choice ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27203 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27202 (Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27201 (Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27200 (Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier doe ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27199 (A missing permission check in Jenkins CloudBees AWS Credentials Plugin ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27198 (A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27197 (Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL va ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27196 (Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27195 (Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environ ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-27193 (CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (X ...) + NOT-FOR-US: CVRF-CSAF-Converter +CVE-2022-27192 (The Reporting module in Aseco Lietuva document management system DVS A ...) + NOT-FOR-US: Aseco +CVE-2022-27191 (The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1 ...) + - golang-go.crypto 1:0.0~git20220315.3147a52-1 + [bullseye] - golang-go.crypto (Minor issue) + [buster] - golang-go.crypto (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ + NOTE: https://github.com/golang/crypto/commit/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d +CVE-2022-27190 + RESERVED +CVE-2022-27175 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26839 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26836 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26338 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26069 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26065 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26059 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-26013 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-25980 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-25347 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vul ...) + NOT-FOR-US: Delta Electronics +CVE-2022-0980 (Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0979 (Use after free in Safe Browsing in Google Chrome on Android prior to 9 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0978 (Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0977 (Use after free in Browser UI in Google Chrome on Chrome OS prior to 99 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0976 (Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 all ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0975 (Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0974 (Use after free in Splitscreen in Google Chrome on Chrome OS prior to 9 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0973 (Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0972 (Use after free in Extensions in Google Chrome prior to 99.0.4844.74 al ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0971 (Use after free in Blink Layout in Google Chrome on Android prior to 99 ...) + {DSA-5104-1} + - chromium 99.0.4844.74-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-46738 + RESERVED +CVE-2021-46737 + RESERVED +CVE-2021-46736 + RESERVED +CVE-2021-46735 + RESERVED +CVE-2021-46734 + RESERVED +CVE-2021-46733 + RESERVED +CVE-2021-46732 + RESERVED +CVE-2021-46731 + RESERVED +CVE-2021-46730 + RESERVED +CVE-2021-46729 + RESERVED +CVE-2021-46728 + RESERVED +CVE-2021-46727 + RESERVED +CVE-2021-46726 + RESERVED +CVE-2021-46725 + RESERVED +CVE-2021-46724 + RESERVED +CVE-2021-46723 + RESERVED +CVE-2021-46722 + RESERVED +CVE-2021-46721 + RESERVED +CVE-2021-46720 + RESERVED +CVE-2021-46719 + RESERVED +CVE-2021-46718 + RESERVED +CVE-2021-46717 + RESERVED +CVE-2021-46716 + RESERVED +CVE-2021-46715 + RESERVED +CVE-2021-46714 + RESERVED +CVE-2021-46713 + RESERVED +CVE-2021-46712 + RESERVED +CVE-2021-46711 + RESERVED +CVE-2021-46710 + RESERVED +CVE-2022-27169 (An information disclosure vulnerability exists in the OAS Engine Secur ...) + NOT-FOR-US: Open Automation Software +CVE-2022-27167 (Privilege escalation vulnerability in Windows products of ESET, spol. ...) + NOT-FOR-US: ESET +CVE-2022-27166 (A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS ...) + - jspwiki +CVE-2022-26511 (WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening ...) + NOT-FOR-US: WPS Presentation +CVE-2022-26510 (A firmware update vulnerability exists in the iburn firmware checks fu ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26303 (An external config control vulnerability exists in the OAS Engine Secu ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26082 (A file write vulnerability exists in the OAS Engine SecureTransferFile ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26081 (The installer of WPS Office Version 10.8.0.5745 insecurely load shcore ...) + NOT-FOR-US: WPS Office +CVE-2022-26077 (A cleartext transmission of sensitive information vulnerability exists ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26067 (An information disclosure vulnerability exists in the OAS Engine Secur ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26043 (An external config control vulnerability exists in the OAS Engine Secu ...) + NOT-FOR-US: Open Automation Software +CVE-2022-26026 (A denial of service vulnerability exists in the OAS Engine SecureConfi ...) + NOT-FOR-US: Open Automation Software +CVE-2022-25969 (The installer of WPS Office Version 10.8.0.6186 insecurely load VERSIO ...) + NOT-FOR-US: WPS Office +CVE-2022-25949 (The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Ve ...) + NOT-FOR-US: KINGSOFT +CVE-2022-0970 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...) + NOT-FOR-US: Grav CMS +CVE-2022-0969 (The Image optimization & Lazy Load by Optimole WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0968 (The microweber application allows large characters to insert in the in ...) + NOT-FOR-US: microweber +CVE-2022-0967 (Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in Gi ...) + NOT-FOR-US: ShowDoc +CVE-2022-0966 (Stored XSS via File Upload in star7th/showdoc in GitHub repository sta ...) + NOT-FOR-US: ShowDoc +CVE-2022-0965 (Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc ...) + NOT-FOR-US: ShowDoc +CVE-2022-0964 (Stored XSS viva .webmv file upload in GitHub repository star7th/showdo ...) + NOT-FOR-US: ShowDoc +CVE-2022-0963 (Unrestricted XML Files Leads to Stored XSS in GitHub repository microw ...) + NOT-FOR-US: microweber +CVE-2022-0962 (Stored XSS viva .webma file upload in GitHub repository star7th/showdo ...) + NOT-FOR-US: ShowDoc +CVE-2022-0961 (The microweber application allows large characters to insert in the in ...) + NOT-FOR-US: microweber +CVE-2022-0960 (Stored XSS viva .properties file upload in GitHub repository star7th/s ...) + NOT-FOR-US: ShowDoc +CVE-2022-0959 (A malicious, but authorised and authenticated user can construct an HT ...) + - pgadmin4 (bug #834129) +CVE-2022-0958 (The Mark Posts WordPress plugin before 2.0.1 does not escape new marke ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0957 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...) + NOT-FOR-US: ShowDoc +CVE-2022-0956 (Stored XSS via File Upload in GitHub repository star7th/showdoc prior ...) + NOT-FOR-US: ShowDoc +CVE-2022-0955 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data- ...) + NOT-FOR-US: pimcore +CVE-2022-0954 (Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's O ...) + NOT-FOR-US: microweber +CVE-2022-0953 (The Anti-Malware Security and Brute-Force Firewall WordPress plugin be ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0952 (The Sitemap by click5 WordPress plugin before 1.0.36 does not have aut ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0951 (File Upload Restriction Bypass leading to Stored XSS Vulnerability in ...) + NOT-FOR-US: ShowDoc +CVE-2022-0950 (Unrestricted Upload of File with Dangerous Type in GitHub repository s ...) + NOT-FOR-US: ShowDoc +CVE-2022-0949 (The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0948 (The Order Listener for WooCommerce WordPress plugin before 3.2.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-XXXX [wordpress 5.9.2] + - wordpress 5.9.2+dfsg1-1 (bug #1007145; bug #1007005) + [bullseye] - wordpress 5.7.8+dfsg1-0+deb11u1 + [buster] - wordpress 5.0.17+dfsg1-0+deb10u1 + [stretch] - wordpress 4.7.23+dfsg-0+deb9u1 + NOTE: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/ +CVE-2022-27165 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_m ...) + NOT-FOR-US: CSZ CMS +CVE-2022-27164 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_vi ...) + NOT-FOR-US: CSZ CMS +CVE-2022-27163 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_ed ...) + NOT-FOR-US: CSZ CMS +CVE-2022-27162 (CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...) + NOT-FOR-US: CSZ CMS +CVE-2022-27161 (Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_ ...) + NOT-FOR-US: CSZ CMS +CVE-2022-27160 + RESERVED +CVE-2022-27159 + RESERVED +CVE-2022-27158 (pearweb < 1.32 suffers from Deserialization of Untrusted Data.) + NOT-FOR-US: pearweb +CVE-2022-27157 (pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via ...) + NOT-FOR-US: pearweb +CVE-2022-27156 (Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.) + NOT-FOR-US: Daylight Studio Fuel CMS +CVE-2022-27155 + RESERVED +CVE-2022-27154 + RESERVED +CVE-2022-27153 + RESERVED +CVE-2022-27152 (Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a R ...) + NOT-FOR-US: Roku devices +CVE-2022-27151 + RESERVED +CVE-2022-27150 + RESERVED +CVE-2022-27149 + REJECTED +CVE-2022-27148 (GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integ ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2067 + NOTE: https://github.com/gpac/gpac/commit/0cd19f4db70615d707e0e6202933c2ea0c1d36df (v2.0.0) +CVE-2022-27147 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free v ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2109 + NOTE: https://github.com/gpac/gpac/commit/9723dd0955894f2cb7be13b94cf7a47f2754b893 (v2.0.0) +CVE-2022-27146 (GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vu ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2120 + NOTE: https://github.com/gpac/gpac/commit/f0a41d178a2dc5ac185506d9fa0b0a58356b16f7 (v2.0.0) +CVE-2022-27145 (GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow v ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/commit/d7daa8aeb6df4b6c3ec102622e1599279310a19e (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/2108 +CVE-2022-27144 + RESERVED +CVE-2022-27143 + RESERVED +CVE-2022-27142 + RESERVED +CVE-2022-27141 + RESERVED +CVE-2022-27140 (An arbitrary file upload vulnerability in the file upload module of ex ...) + NOT-FOR-US: Express FileUpload +CVE-2022-27139 (An arbitrary file upload vulnerability in the file upload module of Gh ...) + NOT-FOR-US: Ghost CMS +CVE-2022-27138 + RESERVED +CVE-2022-27137 + RESERVED +CVE-2022-27136 + RESERVED +CVE-2022-27135 (xpdf 4.03 has heap buffer overflow in the function readXRefTable locat ...) + - xpdf (Debian uses poppler, which is not affected) + NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 +CVE-2022-27134 (EOSIO batdappboomx v327c04cf has an Access-control vulnerability in th ...) + NOT-FOR-US: EOSIO/eos +CVE-2022-27133 (zbzcms v1.0 was discovered to contain an arbitrary file deletion vulne ...) + NOT-FOR-US: zbzcms +CVE-2022-27132 + RESERVED +CVE-2022-27131 (An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzc ...) + NOT-FOR-US: zbzcms +CVE-2022-27130 + RESERVED +CVE-2022-27129 (An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1 ...) + NOT-FOR-US: zbzcms +CVE-2022-27128 (An incorrect access control issue at /admin/run_ajax.php in zbzcms v1. ...) + NOT-FOR-US: zbzcms +CVE-2022-27127 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: zbzcms +CVE-2022-27126 (zbzcms v1.0 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: zbzcms +CVE-2022-27125 (zbzcms v1.0 was discovered to contain a stored cross-site scripting (X ...) + NOT-FOR-US: zbzcms +CVE-2022-27124 (Insurance Management System 1.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Insurance Management System +CVE-2022-27123 (Employee Performance Evaluation v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: Employee Performance Evaluation +CVE-2022-27122 + RESERVED +CVE-2022-27121 + RESERVED +CVE-2022-27120 + RESERVED +CVE-2022-27119 + RESERVED +CVE-2022-27118 + RESERVED +CVE-2022-27117 + RESERVED +CVE-2022-27116 + RESERVED +CVE-2022-27115 (In Studio-42 elFinder 2.1.60, there is a vulnerability that causes rem ...) + NOT-FOR-US: Studio-42 elFinder +CVE-2022-27114 (There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg functio ...) + {DLA-3004-1} + - htmldoc 1.9.15-2 + [bullseye] - htmldoc 1.9.11-4+deb11u3 + [buster] - htmldoc 1.9.3-1+deb10u4 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/471 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/31f780487e5ddc426888638786cdc47631687275 +CVE-2022-27113 + RESERVED +CVE-2022-27112 + RESERVED +CVE-2022-27111 (Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send ...) + NOT-FOR-US: Jfinal_CMS +CVE-2022-27110 (OrangeHRM 4.10 is vulnerable to a Host header injection redirect via v ...) + - orangehrm (bug #786622) +CVE-2022-27109 (OrangeHRM 4.10 suffers from a Referer header injection redirect vulner ...) + - orangehrm (bug #786622) +CVE-2022-27108 (OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR ...) + - orangehrm (bug #786622) +CVE-2022-27107 (OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" sectio ...) + - orangehrm (bug #786622) +CVE-2022-27106 + RESERVED +CVE-2022-27105 (InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripti ...) + NOT-FOR-US: InMailX Outlook Plugin +CVE-2022-27104 (An Unauthenticated time-based blind SQL injection vulnerability exists ...) + NOT-FOR-US: Forma LMS +CVE-2022-27103 (element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el- ...) + NOT-FOR-US: element-plus +CVE-2022-27102 + RESERVED +CVE-2022-27101 + RESERVED +CVE-2022-27100 + RESERVED +CVE-2022-27099 + RESERVED +CVE-2022-27098 + RESERVED +CVE-2022-27097 + RESERVED +CVE-2022-27096 + RESERVED +CVE-2022-27095 (BattlEye v0.9 contains an unquoted service path which allows attackers ...) + NOT-FOR-US: BattlEye +CVE-2022-27094 (Sony PlayMemories Home v6.0 contains an unquoted service path which al ...) + NOT-FOR-US: Sony PlayMemories Home +CVE-2022-27093 + RESERVED +CVE-2022-27092 + REJECTED +CVE-2022-27091 + RESERVED +CVE-2022-27090 (Cscms Music Portal System v4.2 was discovered to contain a redirection ...) + NOT-FOR-US: Cscms Music Portal System +CVE-2022-27089 (In Fujitsu PlugFree Network <= 7.3.0.3, an Unquoted service path in PF ...) + NOT-FOR-US: Fujitsu PlugFree Network +CVE-2022-27088 (Ivanti DSM Remote <= 6.3.1.1862 is vulnerable to an unquoted service p ...) + NOT-FOR-US: Ivanti +CVE-2022-27087 + RESERVED +CVE-2022-27086 + RESERVED +CVE-2022-27085 + RESERVED +CVE-2022-27084 + RESERVED +CVE-2022-27083 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27082 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27081 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27080 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27079 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27078 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27077 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27076 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-27075 + RESERVED +CVE-2022-27074 + RESERVED +CVE-2022-27073 + RESERVED +CVE-2022-27072 + RESERVED +CVE-2022-27071 + RESERVED +CVE-2022-27070 + RESERVED +CVE-2022-27069 + RESERVED +CVE-2022-27068 + RESERVED +CVE-2022-27067 + RESERVED +CVE-2022-27066 + RESERVED +CVE-2022-27065 + RESERVED +CVE-2022-27064 (Musical World v1 was discovered to contain an arbitrary file upload vu ...) + NOT-FOR-US: Musical World +CVE-2022-27063 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: AeroCMS +CVE-2022-27062 (AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting ...) + NOT-FOR-US: AeroCMS +CVE-2022-27061 (AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: AeroCMS +CVE-2022-27060 + RESERVED +CVE-2022-27059 + RESERVED +CVE-2022-27058 + RESERVED +CVE-2022-27057 + RESERVED +CVE-2022-27056 + RESERVED +CVE-2022-27055 (ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage v ...) + NOT-FOR-US: ecjia-daojia +CVE-2022-27054 + RESERVED +CVE-2022-27053 + RESERVED +CVE-2022-27052 (FreeFtpd version 1.0.13 and below contains an unquoted service path vu ...) + NOT-FOR-US: FreeFtpd +CVE-2022-27051 + RESERVED +CVE-2022-27050 (BitComet Service for Windows before version 1.8.6 contains an unquoted ...) + NOT-FOR-US: BitComet Service for Windows +CVE-2022-27049 (Raidrive before v2021.12.35 allows attackers to arbitrarily move log f ...) + NOT-FOR-US: Raidrive +CVE-2022-27048 (A vulnerability has been discovered in Moxa MGate which allows an atta ...) + NOT-FOR-US: Moxa +CVE-2022-27047 (mogu_blog_cms 5.2 suffers from upload arbitrary files without any limi ...) + NOT-FOR-US: mogu_blog_cms +CVE-2022-27046 (libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in ...) + - libsixel 1.10.3-1 + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/157 + NOTE: https://github.com/libsixel/libsixel/issues/27 + NOTE: https://github.com/libsixel/libsixel/pull/28 + NOTE: Fixed by: https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8 (v1.10.1) +CVE-2022-27045 + RESERVED +CVE-2022-27044 (libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c: ...) + - libsixel 1.10.3-1 + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/156 + NOTE: https://github.com/libsixel/libsixel/issues/25 + NOTE: https://github.com/libsixel/libsixel/pull/26 + NOTE: Fixed by: https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42 (v1.10.0) +CVE-2022-27043 (Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Ne ...) + NOT-FOR-US: Yearning +CVE-2022-27042 + RESERVED +CVE-2022-27041 (Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 ...) + NOT-FOR-US: OpenSIS +CVE-2022-27040 + RESERVED +CVE-2022-27039 + RESERVED +CVE-2022-27038 + RESERVED +CVE-2022-27037 + RESERVED +CVE-2022-27036 + RESERVED +CVE-2022-27035 + RESERVED +CVE-2022-27034 + RESERVED +CVE-2022-27033 + RESERVED +CVE-2022-27032 + RESERVED +CVE-2022-27031 + RESERVED +CVE-2022-27030 + RESERVED +CVE-2022-27029 + RESERVED +CVE-2022-27028 + RESERVED +CVE-2022-27027 + RESERVED +CVE-2022-27026 + RESERVED +CVE-2022-27025 + RESERVED +CVE-2022-27024 + RESERVED +CVE-2022-27023 + RESERVED +CVE-2022-27022 (There is a stack overflow vulnerability in the SetSysTimeCfg() functio ...) + NOT-FOR-US: Tenda +CVE-2022-27021 + RESERVED +CVE-2022-27020 + RESERVED +CVE-2022-27019 + RESERVED +CVE-2022-27018 + RESERVED +CVE-2022-27017 + RESERVED +CVE-2022-27016 (There is a stack overflow vulnerability in the SetStaticRouteCfg() fun ...) + NOT-FOR-US: Tenda +CVE-2022-27015 + RESERVED +CVE-2022-27014 + RESERVED +CVE-2022-27013 + RESERVED +CVE-2022-27012 + RESERVED +CVE-2022-27011 + RESERVED +CVE-2022-27010 + RESERVED +CVE-2022-27009 + RESERVED +CVE-2022-27008 (nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Arr ...) + NOT-FOR-US: njs +CVE-2022-27007 (nginx njs 0.7.2 is affected suffers from Use-after-free in njs_functio ...) + NOT-FOR-US: njs +CVE-2022-27006 + RESERVED +CVE-2022-27005 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) + NOT-FOR-US: TOTOLINK +CVE-2022-27004 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) + NOT-FOR-US: TOTOLINK +CVE-2022-27003 (Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.61 ...) + NOT-FOR-US: TOTOLINK +CVE-2022-27002 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...) + NOT-FOR-US: Arris +CVE-2022-27001 (Arris TR3300 v1.0.13 were discovered to contain a command injection vu ...) + NOT-FOR-US: Arris +CVE-2022-27000 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26999 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26998 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26997 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26996 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26995 (Arris TR3300 v1.0.13 was discovered to contain a command injection vul ...) + NOT-FOR-US: Arris +CVE-2022-26994 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) + NOT-FOR-US: Arris +CVE-2022-26993 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) + NOT-FOR-US: Arris +CVE-2022-26992 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) + NOT-FOR-US: Arris +CVE-2022-26991 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) + NOT-FOR-US: Arris +CVE-2022-26990 (Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1 ...) + NOT-FOR-US: Arris +CVE-2022-26989 + RESERVED +CVE-2022-26988 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...) + NOT-FOR-US: TP-Link +CVE-2022-26987 (TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1 ...) + NOT-FOR-US: TP-Link +CVE-2022-26986 (SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers ...) + NOT-FOR-US: ImpressCMS +CVE-2022-26985 + RESERVED +CVE-2022-26984 + RESERVED +CVE-2022-26983 + RESERVED +CVE-2022-26982 (SimpleMachinesForum 2.1.1 and earlier allows remote authenticated admi ...) + NOT-FOR-US: Simple Machines Forum (SMF) +CVE-2022-0947 (A vulnerability in ABB ARG600 Wireless Gateway series that could allow ...) + NOT-FOR-US: ABB ARG600 Wireless Gateway +CVE-2022-0946 (Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc ...) + NOT-FOR-US: ShowDoc +CVE-2022-0945 (Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHu ...) + NOT-FOR-US: ShowDoc +CVE-2022-0944 (Template injection in connection test endpoint leads to RCE in GitHub ...) + NOT-FOR-US: sqlpad +CVE-2022-0943 (Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim ...) + {DLA-3182-1 DLA-3053-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/9e4de32f-ad5f-4830-b3ae-9467b5ab90a1 + NOTE: https://github.com/vim/vim/commit/5c68617d395f9d7b824f68475b24ce3e38d653a3 (v8.2.4563) + NOTE: Crash in CLI tool, no security impact +CVE-2022-26981 (Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in ...) + - liblouis 3.22.0-1 (bug #1008009) + [bullseye] - liblouis (Minor issue) + [buster] - liblouis (Minor issue) + NOTE: https://github.com/liblouis/liblouis/issues/1171 + NOTE: https://github.com/liblouis/liblouis/pull/1185 + NOTE: https://github.com/liblouis/liblouis/commit/73751be7a5617bfff4a735ae095203a2d3ec50ef (v3.22.0) +CVE-2022-26980 (Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.) + - teampass (bug #730180) +CVE-2022-0942 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) + NOT-FOR-US: ShowDoc +CVE-2022-0941 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) + NOT-FOR-US: ShowDoc +CVE-2022-0940 (Stored XSS due to Unrestricted File Upload in GitHub repository star7t ...) + NOT-FOR-US: ShowDoc +CVE-2022-0939 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) + - calibre-web (bug #982690) +CVE-2022-0938 (Stored XSS via file upload in GitHub repository star7th/showdoc prior ...) + NOT-FOR-US: ShowDoc +CVE-2021-46709 (phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows para ...) + - phpliteadmin 1.9.8.2-2 + [bullseye] - phpliteadmin 1.9.8.2-1+deb11u1 + [buster] - phpliteadmin 1.9.7.1-2+deb10u1 + NOTE: https://bitbucket.org/phpliteadmin/public/issues/399/xss-vulnerability + NOTE: https://bitbucket.org/phpliteadmin/public/pull-requests/16/fix-an-xss-vulnerability-with-the-newrows +CVE-2022-26979 (Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NU ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-26978 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26977 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26976 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26975 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26974 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26973 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26972 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26971 (Barco Control Room Management Suite web application, which is part of ...) + NOT-FOR-US: Barco Control Room Management Suite +CVE-2022-26970 + RESERVED +CVE-2022-26969 (In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS ...) + NOT-FOR-US: Directus +CVE-2022-26968 + RESERVED +CVE-2022-26967 (GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It c ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-4 (bug #1007224) + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2138 + NOTE: https://github.com/gpac/gpac/commit/ea1eca00fd92fa17f0e25ac25652622924a9a6a0 +CVE-2022-26966 (An issue was discovered in the Linux kernel before 5.16.12. drivers/ne ...) + {DLA-3065-1} + - linux 5.16.12-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/e9da0b56fe27206b49f39805f7dcda8a89379062 (5.17-rc6) +CVE-2022-26965 (In Pluck 4.7.16, an admin user can use the theme upload functionality ...) + NOT-FOR-US: Pluck CMS +CVE-2022-26964 (Weak password derivation for export in Devolutions Remote Desktop Mana ...) + NOT-FOR-US: Devolutions Remote Desktop Manager +CVE-2022-26963 + RESERVED +CVE-2022-26962 + RESERVED +CVE-2022-26961 + RESERVED +CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...) + NOT-FOR-US: std42 elFinder +CVE-2022-26959 (There are two full (read/write) Blind/Time-based SQL injection vulnera ...) + NOT-FOR-US: Northstar Club Management +CVE-2022-26958 + RESERVED +CVE-2022-26957 + RESERVED +CVE-2022-26956 + RESERVED +CVE-2022-26955 + RESERVED +CVE-2022-0937 (Stored xss in showdoc through file upload in GitHub repository star7th ...) + NOT-FOR-US: ShowDoc +CVE-2022-26954 (Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.5 ...) + NOT-FOR-US: NopCommerce +CVE-2022-26953 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) + NOT-FOR-US: Digi Passport Firmware +CVE-2022-26952 (Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflo ...) + NOT-FOR-US: Digi Passport Firmware +CVE-2022-26951 (Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerabil ...) + NOT-FOR-US: Archer +CVE-2022-26950 (Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vu ...) + NOT-FOR-US: Archer +CVE-2022-26949 (Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access co ...) + NOT-FOR-US: Archer +CVE-2022-26948 (The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1. ...) + NOT-FOR-US: Archer +CVE-2022-26947 (Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerab ...) + NOT-FOR-US: Archer +CVE-2022-0936 (Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autol ...) + NOT-FOR-US: Autolab +CVE-2022-26946 + RESERVED +CVE-2022-26945 (go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless r ...) + - golang-github-hashicorp-go-getter (bug #1011741) + [bookworm] - golang-github-hashicorp-go-getter (Minor issue) + [bullseye] - golang-github-hashicorp-go-getter (Minor issue) + [buster] - golang-github-hashicorp-go-getter (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930 + NOTE: https://github.com/hashicorp/go-getter/pull/359 + NOTE: https://github.com/hashicorp/go-getter/commit/a2ebce998f8d4105bd4b78d6c99a12803ad97a45 (v1.6.0) +CVE-2022-26944 (Percona XtraBackup 2.4.20 unintentionally writes the command line to a ...) + - percona-xtrabackup + NOTE: https://jira.percona.com/browse/PXB-2722 +CVE-2022-26943 (The Motorola MTM5000 series firmwares generate TETRA authentication ch ...) + NOT-FOR-US: Motorola +CVE-2022-26942 (The Motorola MTM5000 series firmwares lack pointer validation on argum ...) + NOT-FOR-US: Motorola +CVE-2022-26941 (A format string vulnerability exists in Motorola MTM5000 series firmwa ...) + NOT-FOR-US: Motorola +CVE-2022-26940 (Remote Desktop Protocol Client Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26939 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-26938 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-26937 (Windows Network File System Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26936 (Windows Server Service Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26935 (Windows WLAN AutoConfig Service Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26934 (Windows Graphics Component Information Disclosure Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-26933 (Windows NTFS Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26932 (Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2022-26931 (Windows Kerberos Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26930 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-26929 (.NET Framework Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26928 (Windows Photo Import API Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26927 (Windows Graphics Component Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26926 (Windows Address Book Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26925 (Windows LSA Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26924 (YARP Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26923 (Active Directory Domain Services Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26922 + RESERVED +CVE-2022-26921 (Visual Studio Code Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26920 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26919 (Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execu ...) + NOT-FOR-US: Microsoft +CVE-2022-26918 (Windows Fax Compose Form Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26917 (Windows Fax Compose Form Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26916 (Windows Fax Compose Form Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26915 (Windows Secure Channel Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26914 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26913 (Windows Authentication Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26912 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26911 (Skype for Business Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26910 (Skype for Business and Lync Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26909 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26908 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26907 (Azure SDK for .NET Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26906 + RESERVED +CVE-2022-26905 (Microsoft Edge (Chromium-based) Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26904 (Windows User Profile Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26903 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26902 + RESERVED +CVE-2022-26901 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26900 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26899 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26898 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26897 (Azure Site Recovery Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26896 (Azure Site Recovery Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26895 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26894 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26893 + RESERVED +CVE-2022-26892 + RESERVED +CVE-2022-26891 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26061 (A heap-based buffer overflow vulnerability exists in the gif2h5 functi ...) + - hdf5 (bug #1031726) + [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) + [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) + [buster] - hdf5 (Minor issue, revisit when fixed upstream) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1487 +CVE-2022-25972 (An out-of-bounds write vulnerability exists in the gif2h5 functionalit ...) + - hdf5 (bug #1031726) + [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) + [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) + [buster] - hdf5 (Minor issue, revisit when fixed upstream) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1485 +CVE-2022-25942 (An out-of-bounds read vulnerability exists in the gif2h5 functionality ...) + - hdf5 (bug #1031726) + [bookworm] - hdf5 (Minor issue, revisit when fixed upstream) + [bullseye] - hdf5 (Minor issue, revisit when fixed upstream) + [buster] - hdf5 (Minor issue, revisit when fixed upstream) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1486 +CVE-2022-0935 (Host Header injection in password Reset in GitHub repository livehelpe ...) + NOT-FOR-US: livehelperchat +CVE-2022-26886 + RESERVED +CVE-2022-26885 (When using tasks to read config files, there is a risk of database pas ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-26884 (Users can read any files by log server, Apache DolphinScheduler users ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was found in dn ...) + - dnsmasq 2.87-1 (bug #1014715) + [bullseye] - dnsmasq (Minor issue) + [buster] - dnsmasq (Minor issue) + [stretch] - dnsmasq (Minor issue) + NOTE: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 (v2.87rc1) +CVE-2022-0933 + RESERVED +CVE-2022-0932 (Missing Authorization in GitHub repository saleor/saleor prior to 3.1. ...) + NOT-FOR-US: saleor +CVE-2022-0931 + RESERVED +CVE-2022-0930 (File upload filter bypass leading to stored XSS in GitHub repository m ...) + NOT-FOR-US: microweber +CVE-2022-0929 (XSS on dynamic_text module in GitHub repository microweber/microweber ...) + NOT-FOR-US: microweber +CVE-2022-0928 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-0927 + RESERVED +CVE-2022-0926 (File upload filter bypass leading to stored XSS in GitHub repository m ...) + NOT-FOR-US: microweber +CVE-2022-0925 + REJECTED +CVE-2022-26883 + RESERVED +CVE-2022-26882 + RESERVED +CVE-2022-26881 + RESERVED +CVE-2022-26880 + RESERVED +CVE-2022-26879 + RESERVED +CVE-2022-26877 (Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local ...) + NOT-FOR-US: Asana Desktop +CVE-2022-26876 + RESERVED +CVE-2022-26875 + RESERVED +CVE-2022-26873 (A potential attacker can execute an arbitrary code at the time of the ...) + NOT-FOR-US: AMI +CVE-2022-26872 (AMI Megarac Password reset interception via API) + NOT-FOR-US: AMI +CVE-2022-26871 (An arbitrary file upload vulnerability in Trend Micro Apex Central cou ...) + NOT-FOR-US: Trend Micro +CVE-2022-26870 (Dell PowerStore versions 2.1.0.x contain an Authentication bypass vuln ...) + NOT-FOR-US: Dell +CVE-2022-26869 (Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open ...) + NOT-FOR-US: Dell +CVE-2022-26868 (Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnera ...) + NOT-FOR-US: EMC PowerStore +CVE-2022-26867 (PowerStore SW v2.1.1.0 supports the option to export data to either a ...) + NOT-FOR-US: Dell +CVE-2022-26866 (Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site ...) + NOT-FOR-US: Dell +CVE-2022-26865 (Dell Support Assist OS Recovery versions before 5.5.2 contain an Authe ...) + NOT-FOR-US: Dell SupportAssist +CVE-2022-26864 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-26863 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-26862 (Prior Dell BIOS versions contain an Input Validation vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-26861 (Dell BIOS versions contain an Insecure Automated Optimization vulnerab ...) + NOT-FOR-US: Dell +CVE-2022-26860 (Dell BIOS versions contain a stack-based buffer overflow vulnerability ...) + NOT-FOR-US: Dell +CVE-2022-26859 (Dell BIOS contains a race condition vulnerability. A local attacker co ...) + NOT-FOR-US: Dell +CVE-2022-26858 (Dell BIOS versions contain an Improper Authentication vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-26857 (Dell OpenManage Enterprise Versions 3.8.3 and prior contain an imprope ...) + NOT-FOR-US: Dell OpenManage Enterprise +CVE-2022-26856 (Dell EMC Repository Manager version 3.4.0 contains a plain-text passwo ...) + NOT-FOR-US: EMC +CVE-2022-26855 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect d ...) + NOT-FOR-US: Dell +CVE-2022-26854 (Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptograph ...) + NOT-FOR-US: Dell +CVE-2022-26853 + REJECTED +CVE-2022-26852 (Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable see ...) + NOT-FOR-US: Dell +CVE-2022-26851 (Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name f ...) + NOT-FOR-US: Dell +CVE-2022-0924 (Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers t ...) + {DSA-5108-1} + - tiff 4.3.0-6 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/278 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/311 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/88d79a45a31c74cba98c697892fed5f7db8b963a +CVE-2021-46708 (The swagger-ui-dist package before 4.1.3 for Node.js could allow a rem ...) + - node-swagger-ui (bug #871461) + - swagger-ui (bug #895422) +CVE-2020-36518 (jackson-databind before 2.13.0 allows a Java StackOverflow exception a ...) + {DSA-5283-1 DLA-3207-1 DLA-2990-1} + - jackson-databind 2.13.2.2-1 (bug #1007109) + NOTE: https://github.com/FasterXML/jackson-databind/issues/2816 +CVE-2018-25031 (Swagger UI before 4.1.3 could allow a remote attacker to conduct spoof ...) + - node-swagger-ui (bug #871461) + - swagger-ui (bug #895422) +CVE-2022-26850 (When creating or updating credentials for single-user access, Apache N ...) + NOT-FOR-US: Apache NiFi +CVE-2022-0923 (Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a ...) + NOT-FOR-US: Delta Electronics +CVE-2022-0922 (The software does not perform any authentication for critical system f ...) + NOT-FOR-US: Rockwell Automation +CVE-2022-0921 (Abusing Backup/Restore feature to achieve Remote Code Execution in Git ...) + NOT-FOR-US: microweber +CVE-2022-0920 (The Salon booking system Free and Pro WordPress plugins before 7.6.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0919 (The Salon booking system Free and pro WordPress plugins before 7.6.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0918 (A vulnerability was discovered in the 389 Directory Server that allows ...) + {DLA-3399-1} + - 389-ds-base 2.0.15-1.1 (bug #1016445) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2055815 + NOTE: https://github.com/389ds/389-ds-base/issues/5242 + NOTE: https://github.com/389ds/389-ds-base/commit/caad47ab207d7c5d61521ec4d33091db559c315a (master) + NOTE: https://github.com/389ds/389-ds-base/commit/f46ab49c9f06b503f5ec8147f2c01dcacdb6a375 (389-ds-base-2.0.16) +CVE-2022-0917 + RESERVED +CVE-2022-0916 (An issue was discovered in Logitech Options. The OAuth 2.0 state param ...) + NOT-FOR-US: Logitech +CVE-2022-0915 (There is a Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerabi ...) + NOT-FOR-US: Logitech Sync for Windows +CVE-2022-0914 (The Export All URLs WordPress plugin before 4.3 does not have CSRF in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0913 (Integer Overflow or Wraparound in GitHub repository microweber/microwe ...) + NOT-FOR-US: microweber +CVE-2022-0912 (Unrestricted Upload of File with Dangerous Type in GitHub repository m ...) + NOT-FOR-US: microweber +CVE-2022-0911 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-26878 (drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a ...) + - linux 5.16.7-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ad7cb5f6fa5f7ea37208c98a9457dd98025a89ca (5.17-rc1) +CVE-2022-26849 + RESERVED +CVE-2022-26848 + RESERVED +CVE-2022-26843 (Insufficient visual distinction of homoglyphs presented to user in the ...) + NOT-FOR-US: Intel +CVE-2022-26832 (.NET Framework Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-26831 (Windows Lightweight Directory Access Protocol (LDAP) Denial of Service ...) + NOT-FOR-US: Microsoft +CVE-2022-26830 (DiskUsage.exe Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26829 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26828 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26827 (Windows File Server Resource Management Service Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2022-26826 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26825 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26824 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26823 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26822 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26821 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26820 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26819 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26818 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26817 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26816 (Windows DNS Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26815 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26814 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26813 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26812 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26811 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26810 (Windows File Server Resource Management Service Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2022-26809 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26808 (Windows File Explorer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26807 (Windows Work Folder Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26806 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26805 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26804 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26803 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26802 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26801 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26800 + RESERVED +CVE-2022-26799 + RESERVED +CVE-2022-26798 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26797 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26796 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26795 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26794 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26793 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26792 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26791 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26790 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26789 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26788 (PowerShell Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26787 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26786 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26785 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-26784 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-26783 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-26512 (Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel ...) + NOT-FOR-US: Intel +CVE-2022-26425 (Uncontrolled search path element in the Intel(R) oneAPI Collective Com ...) + NOT-FOR-US: Intel +CVE-2022-26421 (Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Comp ...) + NOT-FOR-US: Intel +CVE-2022-26342 (A buffer overflow vulnerability exists in the confsrv ucloud_set_node_ ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-26076 (Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Ne ...) + NOT-FOR-US: Intel +CVE-2022-26062 (Uncontrolled search path element in the Intel(R) Trace Analyzer and Co ...) + NOT-FOR-US: Intel +CVE-2022-26052 (Uncontrolled search path element in the Intel(R) MPI Library before ve ...) + NOT-FOR-US: Intel +CVE-2022-26032 (Uncontrolled search path element in the Intel(R) Distribution for Pyth ...) + NOT-FOR-US: Intel +CVE-2022-26009 (A stack-based buffer overflow vulnerability exists in the confsrv uclo ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-25996 (A stack-based buffer overflow vulnerability exists in the confsrv addT ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-25987 (Improper handling of Unicode encoding in source code to be compiled by ...) + NOT-FOR-US: Intel +CVE-2022-25915 (Improper access control vulnerability in ELECOM LAN routers (WRC-1167G ...) + NOT-FOR-US: ELECOM LAN routers +CVE-2022-25905 (Uncontrolled search path element in the Intel(R) oneAPI Data Analytics ...) + NOT-FOR-US: Intel +CVE-2022-0910 (A downgrade from two-factor authentication to one-factor authenticatio ...) + NOT-FOR-US: Zyxel +CVE-2022-0909 (Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to ...) + {DSA-5108-1} + - tiff 4.3.0-6 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/393 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/310 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/32ea0722ee68f503b7a3f9b2d557acb293fc8cde +CVE-2022-0908 (Null source pointer passed as an argument to memcpy() function within ...) + {DSA-5108-1} + - tiff 4.3.0-6 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a95b799f65064e4ba2e2dfc206808f86faf93e85 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/383 +CVE-2022-0907 (Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libt ...) + {DSA-5108-1} + - tiff 4.3.0-6 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/392 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/314 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/40b00cfb32256d377608b4d4cd30fac338d0a0bc +CVE-2022-26782 (Multiple improper input validation vulnerabilities exists in the libnv ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26781 (Multiple improper input validation vulnerabilities exists in the libnv ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26780 (Multiple improper input validation vulnerabilities exists in the libnv ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26779 (Apache CloudStack prior to 4.16.1.0 used insecure random number genera ...) + NOT-FOR-US: Apache CloudStack +CVE-2022-0906 (Unrestricted file upload leads to stored XSS in GitHub repository micr ...) + NOT-FOR-US: microweber +CVE-2022-0905 (Missing Authorization in GitHub repository go-gitea/gitea prior to 1.1 ...) + - gitea +CVE-2022-0904 (A stack overflow bug in the document extractor in Mattermost Server in ...) + - mattermost-server (bug #823556) +CVE-2022-0903 (A call stack overflow bug in the SAML login feature in Mattermost serv ...) + - mattermost-server (bug #823556) +CVE-2022-0902 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: ABB +CVE-2022-0901 (The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sa ...) + NOT-FOR-US: WordPress plugins +CVE-2022-0900 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: DivvyDrive +CVE-2022-0899 (The Header Footer Code Manager WordPress plugin before 1.1.24 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0898 (The IgniteUp WordPress plugin through 3.4.1 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0897 (A flaw was found in the libvirt nwfilter driver. The virNWFilterObjLis ...) + - libvirt 8.2.0-1 (bug #1009075) + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Minor issue) + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36 (v8.2.0-rc1) +CVE-2022-0896 (Improper Neutralization of Special Elements Used in a Template Engine ...) + NOT-FOR-US: microweber +CVE-2022-0895 (Static Code Injection in GitHub repository microweber/microweber prior ...) + NOT-FOR-US: microweber +CVE-2022-0894 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0893 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0892 (The Export All URLs WordPress plugin before 4.2 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46707 + RESERVED +CVE-2021-46706 + RESERVED +CVE-2021-46705 (A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE ...) + - grub2 (SuSE-specific code change) +CVE-2022-26778 (Veritas System Recovery (VSR) 18 and 21 stores a network destination p ...) + NOT-FOR-US: Veritas +CVE-2022-26777 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-0891 (A heap buffer overflow in ExtractImageSection function in tiffcrop.c i ...) + {DSA-5108-1} + - tiff 4.3.0-6 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/380 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/382 +CVE-2022-0890 (NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2 ...) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Minor issue) + NOTE: https://huntr.dev/bounties/68e09ec1-6cc7-48b8-981d-30f478c70276/ + NOTE: https://github.com/mruby/mruby/commit/da48e7dbb20024c198493b8724adae1b842083aa +CVE-2022-26776 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26775 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2022-26774 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26773 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26772 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-26771 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-26770 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-26769 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-26768 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-26767 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26766 (A certificate parsing issue was addressed with improved checks. This i ...) + NOT-FOR-US: Apple +CVE-2022-26765 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2022-26764 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-26763 (An out-of-bounds access issue was addressed with improved bounds check ...) + NOT-FOR-US: Apple +CVE-2022-26762 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2022-26761 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2022-26760 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-26759 + RESERVED +CVE-2022-26758 + RESERVED +CVE-2022-26757 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-26756 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-26755 (This issue was addressed with improved environment sanitization. This ...) + NOT-FOR-US: Apple +CVE-2022-26754 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26753 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26752 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26751 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-26750 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26749 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26748 (An out-of-bounds write issue was addressed with improved input validat ...) + NOT-FOR-US: Apple +CVE-2022-26747 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26746 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-26745 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-26744 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-26743 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26742 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26741 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-26740 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26739 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26738 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26737 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26736 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26735 + REJECTED +CVE-2022-26734 + REJECTED +CVE-2022-26733 + REJECTED +CVE-2022-26732 + REJECTED +CVE-2022-26731 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26730 (A memory corruption issue existed in the processing of ICC profiles. T ...) + NOT-FOR-US: Apple +CVE-2022-26729 + REJECTED +CVE-2022-26728 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-26727 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2022-26726 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26725 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26724 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2022-26723 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-26722 (A memory initialization issue was addressed. This issue is fixed in Se ...) + NOT-FOR-US: Apple +CVE-2022-26721 (A memory initialization issue was addressed. This issue is fixed in Se ...) + NOT-FOR-US: Apple +CVE-2022-26720 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26719 (A memory corruption issue was addressed with improved state management ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0005.html +CVE-2022-26718 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-26717 (A use after free issue was addressed with improved memory management. ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0005.html +CVE-2022-26716 (A memory corruption issue was addressed with improved state management ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0005.html +CVE-2022-26715 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-26714 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-26713 + RESERVED +CVE-2022-26712 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-26711 (An integer overflow issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-26710 (A use after free issue was addressed with improved memory management. ...) + {DSA-5183-1 DSA-5182-1} + - webkit2gtk 2.36.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0006.html +CVE-2022-26709 (A use after free issue was addressed with improved memory management. ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0005.html +CVE-2022-26708 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26707 (An issue in the handling of environment variables was addressed with i ...) + NOT-FOR-US: Apple +CVE-2022-26706 (An access issue was addressed with additional sandbox restrictions on ...) + NOT-FOR-US: Apple +CVE-2022-26705 + REJECTED +CVE-2022-26704 (A validation issue existed in the handling of symlinks and was address ...) + NOT-FOR-US: Apple +CVE-2022-26703 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2022-26702 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-26701 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-26700 (A memory corruption issue was addressed with improved state management ...) + {DSA-5155-1 DSA-5154-1} + - webkit2gtk 2.36.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.3-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0005.html +CVE-2022-26699 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-26698 (An out-of-bounds read issue was addressed with improved bounds checkin ...) + NOT-FOR-US: Apple +CVE-2022-26697 (An out-of-bounds read issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-26696 (This issue was addressed with improved environment sanitization. This ...) + NOT-FOR-US: Apple +CVE-2022-26695 + RESERVED +CVE-2022-26694 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26693 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-26692 + REJECTED +CVE-2022-26691 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5149-1 DLA-3029-1} + - cups 2.4.2-1 (bug #1011769) + NOTE: Fixed by: https://github.com/OpenPrinting/cups/commit/de4f8c196106033e4c372dce3e91b9d42b0b9444 (v2.4.2) + NOTE: Followup (fix comment): https://github.com/OpenPrinting/cups/commit/411b6136f450a583ee08c3880fa09dbe837eb3f1 +CVE-2022-26690 (Description: A race condition was addressed with additional validation ...) + NOT-FOR-US: Apple +CVE-2022-26689 + REJECTED +CVE-2022-26688 (An issue in the handling of symlinks was addressed with improved valid ...) + NOT-FOR-US: Apple +CVE-2022-26687 + RESERVED +CVE-2022-26686 + RESERVED +CVE-2022-26685 + RESERVED +CVE-2022-26684 + RESERVED +CVE-2022-26683 + RESERVED +CVE-2022-26682 + RESERVED +CVE-2022-26681 + RESERVED +CVE-2022-26680 + RESERVED +CVE-2022-26679 + RESERVED +CVE-2022-26678 + RESERVED +CVE-2022-26677 + RESERVED +CVE-2022-0889 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0888 (The Ninja Forms - File Uploads Extension WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0887 (The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0886 + REJECTED +CVE-2022-0885 (The Member Hero WordPress plugin through 1.0.9 lacks authorization che ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0884 (The Profile Builder WordPress plugin before 3.6.8 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0883 (SLM has an issue with Windows Unquoted/Trusted Service Paths Security ...) + NOT-FOR-US: SnowGlobe Licence Manager +CVE-2022-0882 (A bug exists where an attacker can read the kernel log through exposed ...) + NOT-FOR-US: Google fuchsia +CVE-2022-0881 (Insecure Storage of Sensitive Information in GitHub repository chocobo ...) + - peertube (bug #950821) +CVE-2022-26847 (SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access ...) + {DSA-5093-1 DLA-2949-1} + - spip 4.0.5-1 + NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html +CVE-2022-26846 (SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated ed ...) + {DSA-5093-1 DLA-2949-1} + - spip 4.0.5-1 + NOTE: https://git.spip.net/spip/medias/commit/3014b845da2dd8ad15ff04b50fd9dbba388a9ca2 + NOTE: https://blog.spip.net/Mise-a-jour-critique-de-securite-sorties-de-SPIP-4-0-5-et-SPIP-3-2-14.html +CVE-2022-26676 (aEnrich a+HRD has inadequate privilege restrictions, an unauthenticate ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-26675 (aEnrich a+HRD has inadequate filtering for special characters in URLs. ...) + NOT-FOR-US: aEnrich a+HRD +CVE-2022-26674 (ASUS RT-AX88U has a Format String vulnerability, which allows an unaut ...) + NOT-FOR-US: ASUS +CVE-2022-26673 (ASUS RT-AX88U has insufficient filtering for special characters in the ...) + NOT-FOR-US: ASUS +CVE-2022-26672 (ASUS WebStorage has a hardcoded API Token in the APP source code. An u ...) + NOT-FOR-US: ASUS +CVE-2022-26671 (Taiwan Secom Dr.ID Access Control system\u2019s login page has a hard- ...) + NOT-FOR-US: Taiwan Secom Dr.ID Access Control system +CVE-2022-26670 (D-Link DIR-878 has inadequate filtering for special characters in the ...) + NOT-FOR-US: D-Link +CVE-2022-26669 (ASUS Control Center is vulnerable to SQL injection. An authenticated r ...) + NOT-FOR-US: ASUS +CVE-2022-26668 (ASUS Control Center API has a broken access control vulnerability. An ...) + NOT-FOR-US: ASUS +CVE-2022-26665 (An Insecure Direct Object Reference issue exists in the Tyler Odyssey ...) + NOT-FOR-US: Tyler Odyssey platform +CVE-2022-26664 + RESERVED +CVE-2022-26663 + RESERVED +CVE-2022-26662 (An XML Entity Expansion (XEE) issue was discovered in Tryton Applicati ...) + {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1} + - tryton-proteus 6.0.5-1 + - tryton-server 6.0.16-1 + NOTE: https://bugs.tryton.org/issue11244 + NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 +CVE-2022-26661 (An XXE issue was discovered in Tryton Application Platform (Server) 5. ...) + {DSA-5099-1 DSA-5098-1 DLA-2946-1 DLA-2945-1} + - tryton-proteus 6.0.5-1 + - tryton-server 6.0.16-1 + NOTE: https://bugs.tryton.org/issue11219 + NOTE: https://discuss.tryton.org/t/security-release-for-issue11219-and-issue11244/5059 +CVE-2022-26660 (RunAsSpc 4.0 uses a universal and recoverable encryption key. In posse ...) + NOT-FOR-US: RunAsSpc +CVE-2022-26659 (Docker Desktop installer on Windows in versions before 4.6.0 allows an ...) + NOT-FOR-US: Docker Desktop installer on Windows +CVE-2022-26658 + RESERVED +CVE-2022-26657 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-26656 (Pexip Infinity before 27.3 allows remote attackers to trigger a softwa ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-26655 (Pexip Infinity 27.x before 27.3 has Improper Input Validation. The cli ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-26654 (Pexip Infinity before 27.3 allows remote attackers to force a software ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-26653 (Zoho ManageEngine Remote Access Plus before 10.1.2137.15 allows guest ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-26652 (NATS nats-server before 2.7.4 allows Directory Traversal (with write a ...) + - nats-server (Fixed before initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2022-26652.txt + NOTE: https://github.com/nats-io/nats-server/security/advisories/GHSA-6h3m-36w8-hv68 + NOTE: http://www.openwall.com/lists/oss-security/2022/03/10/1 +CVE-2022-26651 (An issue was discovered in Asterisk through 19.x and Certified Asteris ...) + {DSA-5285-1 DLA-3194-1} + - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Fix in next upload) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29838 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-003.html +CVE-2022-25943 (The installer of WPS Office for Windows versions prior to v11.2.0.1025 ...) + NOT-FOR-US: WPS Office for Windows +CVE-2022-0880 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) + NOT-FOR-US: ShowDoc +CVE-2022-26650 (In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pat ...) + NOT-FOR-US: Apache ShenYu +CVE-2022-26649 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-26648 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-26647 (A vulnerability has been identified in SCALANCE X200-4P IRT (All versi ...) + NOT-FOR-US: Siemens +CVE-2022-26646 (Online Banking System Protect v1.0 was discovered to contain a local f ...) + NOT-FOR-US: Sourcecodester Banking System +CVE-2022-26645 (A remote code execution (RCE) vulnerability in Online Banking System P ...) + NOT-FOR-US: Sourcecodester Banking System +CVE-2022-26644 (Online Banking System Protect v1.0 was discovered to contain multiple ...) + NOT-FOR-US: Sourcecodester Banking System +CVE-2022-26643 (An issue in EasyIO CPT Graphics v0.8 allows attackers to discover vali ...) + NOT-FOR-US: EasyIO CPT Graphics +CVE-2022-26642 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) + NOT-FOR-US: TP-Link +CVE-2022-26641 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) + NOT-FOR-US: TP-Link +CVE-2022-26640 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) + NOT-FOR-US: TP-Link +CVE-2022-26639 (TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflo ...) + NOT-FOR-US: TP-Link +CVE-2022-26638 + RESERVED +CVE-2022-26637 + RESERVED +CVE-2022-26636 + RESERVED +CVE-2022-26635 (PHP-Memcached v2.2.0 and below contains an improper NULL termination w ...) + NOTE: Disputed issue, not considered a security issue by upstream: + NOTE: https://github.com/php-memcached-dev/php-memcached/issues/519#issuecomment-1259303434 + NOTE: https://xhzeem.me/posts/Php5-memcached-Injection-Bypass/read/ + NOTE: https://github.com/php-memcached-dev/php-memcached/issues/519 +CVE-2022-26634 (HMA VPN v5.3.5913.0 contains an unquoted service path which allows att ...) + NOT-FOR-US: HMA VPN +CVE-2022-26633 (Simple Student Quarterly Result/Grade System v1.0 was discovered to co ...) + NOT-FOR-US: Simple Student Quarterly Result/Grade System +CVE-2022-26632 (Multi-Vendor Online Groceries Management System v1.0 was discovered to ...) + NOT-FOR-US: Multi-Vendor Online Groceries Management System +CVE-2022-26631 (Automatic Question Paper Generator v1.0 contains a Time-Based Blind SQ ...) + NOT-FOR-US: Automatic Question Paper Generator +CVE-2022-26630 (Jellycms v3.8.1 and below was discovered to contain an arbitrary file ...) + NOT-FOR-US: Jellycms +CVE-2022-26629 (An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.3 ...) + NOT-FOR-US: SoroushPlus+ Messenger +CVE-2022-26628 (Matrimony v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Matrimony +CVE-2022-26627 (Online Project Time Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: Online Project Time Management System +CVE-2022-26626 + RESERVED +CVE-2022-26625 + RESERVED +CVE-2022-26624 (Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site sc ...) + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap +CVE-2022-26623 + RESERVED +CVE-2022-26622 + RESERVED +CVE-2022-26621 + RESERVED +CVE-2022-26620 + REJECTED +CVE-2022-26619 (Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbi ...) + NOT-FOR-US: Halo Blog CMS +CVE-2022-26618 + RESERVED +CVE-2022-26617 + RESERVED +CVE-2022-26616 (PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to pe ...) + NOT-FOR-US: PKP Vendor Open Journal System +CVE-2022-26615 (A cross-site scripting (XSS) vulnerability in College Website Content ...) + NOT-FOR-US: SourceCodester Simple College Website +CVE-2022-26614 + RESERVED +CVE-2022-26613 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: PHP-CMS +CVE-2022-26612 (In Apache Hadoop, The unTar function uses unTarUsingJava function on W ...) + - hadoop (bug #793644) +CVE-2022-26611 + RESERVED +CVE-2022-26610 + RESERVED +CVE-2022-26609 + RESERVED +CVE-2022-26608 + RESERVED +CVE-2022-26607 (A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 ...) + NOT-FOR-US: baigo CMS +CVE-2022-26606 + RESERVED +CVE-2022-26605 (eZiosuite v2.0.7 contains an authenticated arbitrary file upload via t ...) + NOT-FOR-US: eZiosuite +CVE-2022-26604 + RESERVED +CVE-2022-26603 + RESERVED +CVE-2022-26602 + RESERVED +CVE-2022-26601 + RESERVED +CVE-2022-26600 + RESERVED +CVE-2022-26599 + RESERVED +CVE-2022-26598 + RESERVED +CVE-2022-26597 (Cross-site scripting (XSS) vulnerability in the Layout module's Open G ...) + NOT-FOR-US: Liferay +CVE-2022-26596 (Cross-site scripting (XSS) vulnerability in Journal module's web conte ...) + NOT-FOR-US: Liferay +CVE-2022-26595 (Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 1 ...) + NOT-FOR-US: Liferay +CVE-2022-26594 (Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal ...) + NOT-FOR-US: Liferay +CVE-2022-26593 (Cross-site scripting (XSS) vulnerability in the Asset module's asset c ...) + NOT-FOR-US: Liferay +CVE-2022-26592 (Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector ...) + - libsass (bug #1051894) + [bookworm] - libsass (Minor issue) + [bullseye] - libsass (Minor issue) + [buster] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/3174 +CVE-2022-26591 (FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attac ...) + NOT-FOR-US: FANTEC GmbH MWiD25-DS Firmware +CVE-2022-26590 + RESERVED +CVE-2022-26589 (A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attack ...) + NOT-FOR-US: Pluck CMS +CVE-2022-26588 (A Cross-Site Request Forgery (CSRF) in IceHrm 31.0.0.OS allows attacke ...) + NOT-FOR-US: IceHrm +CVE-2022-26587 + RESERVED +CVE-2022-26586 + RESERVED +CVE-2022-26585 (Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnera ...) + NOT-FOR-US: Mingsoft MCMS +CVE-2022-26584 + RESERVED +CVE-2022-26583 + RESERVED +CVE-2022-26582 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) + NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo +CVE-2022-26581 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) + NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo +CVE-2022-26580 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) + NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo +CVE-2022-26579 (PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allo ...) + NOT-FOR-US: PAX Technology A930 PayDroid 7.1.1 Virgo +CVE-2022-26578 + RESERVED +CVE-2022-26577 + RESERVED +CVE-2022-26576 + RESERVED +CVE-2022-26575 + RESERVED +CVE-2022-26574 + RESERVED +CVE-2022-26573 (Maccms v10 was discovered to contain multiple reflected cross-site scr ...) + NOT-FOR-US: Maccms +CVE-2022-26572 (Xerox ColorQube 8580 was discovered to contain an access control issue ...) + NOT-FOR-US: Xerox ColorQube +CVE-2022-26571 + RESERVED +CVE-2022-26570 + RESERVED +CVE-2022-26569 + RESERVED +CVE-2022-26568 + RESERVED +CVE-2022-26567 + RESERVED +CVE-2022-26566 + RESERVED +CVE-2022-26565 (A cross-site scripting (XSS) vulnerability in Totaljs all versions bef ...) + NOT-FOR-US: Totaljs CMS +CVE-2022-26564 (HotelDruid Hotel Management Software v3.0.3 contains a cross-site scri ...) + - hoteldruid 3.0.4-1 + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) +CVE-2022-26563 (An issue was discovered in Tildeslash Monit before 5.31.0, allows remo ...) + - monit 1:5.32.0-1 + [bullseye] - monit (Minor issue) + NOTE: https://bitbucket.org/tildeslash/monit/commits/6ecaab1d375f33165fe98d06d92f36c949c0ea11 (release-5-32-0) +CVE-2022-26562 (An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2 ...) + {DLA-3354-1} + - kopanocore (bug #1016973) + NOTE: https://jira.kopano.io/browse/KC-2021 +CVE-2022-26561 + RESERVED +CVE-2022-26560 + RESERVED +CVE-2022-26559 + RESERVED +CVE-2022-26558 + RESERVED +CVE-2022-26557 + RESERVED +CVE-2022-26556 + RESERVED +CVE-2022-26555 (A stored cross-site scripting (XSS) vulnerability in the Add a Button ...) + NOT-FOR-US: Eova +CVE-2022-26554 + RESERVED +CVE-2022-26553 + RESERVED +CVE-2022-26552 + RESERVED +CVE-2022-26551 + RESERVED +CVE-2022-26550 + RESERVED +CVE-2022-26549 + RESERVED +CVE-2022-26548 + RESERVED +CVE-2022-26547 + RESERVED +CVE-2022-26546 (Hospital Management System v1.0 was discovered to lack an authorizatio ...) + NOT-FOR-US: Hospital Management System +CVE-2022-26545 + RESERVED +CVE-2022-26544 + RESERVED +CVE-2022-26543 + RESERVED +CVE-2022-26542 + RESERVED +CVE-2022-26541 + RESERVED +CVE-2022-26540 + RESERVED +CVE-2022-26539 + RESERVED +CVE-2022-26538 + RESERVED +CVE-2022-26537 + RESERVED +CVE-2022-26536 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-26535 + RESERVED +CVE-2022-26534 (FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where ...) + NOT-FOR-US: FISCO-BCOS +CVE-2022-26533 (Alist v2.1.0 and below was discovered to contain a cross-site scriptin ...) + NOT-FOR-US: Alist +CVE-2022-25960 + RESERVED +CVE-2022-0879 (The Caldera Forms WordPress plugin before 1.9.7 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0878 (Electric Vehicle (EV) commonly utilises the Combined Charging System ( ...) + NOT-FOR-US: Combined Charging System +CVE-2022-0877 (Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/ ...) + NOT-FOR-US: bookstack +CVE-2022-0876 (The Social comments by WpDevArt WordPress plugin before 2.5.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0875 (The Google Authenticator WordPress plugin before 1.0.5 does not have C ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0874 (The WP Social Buttons WordPress plugin through 2.1 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0873 (The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26532 (A argument injection vulnerability in the 'packet-trace' CLI command o ...) + NOT-FOR-US: Zyxel +CVE-2022-26531 (Multiple improper input validation flaws were identified in some CLI c ...) + NOT-FOR-US: Zyxel +CVE-2022-26530 (swaylock before 1.6 allows attackers to trigger a crash and achieve un ...) + - swaylock 1.6-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2066596 + NOTE: https://github.com/swaywm/swaylock/commit/1d1c75b6316d21933069a9d201f966d84099f6ca (1.6) + NOTE: https://github.com/swaywm/swaylock/pull/219 +CVE-2022-26529 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) + NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK +CVE-2022-26528 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) + NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK +CVE-2022-26527 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) + NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK +CVE-2022-26526 (Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Min ...) + NOT-FOR-US: Anaconda Python +CVE-2022-26525 + RESERVED +CVE-2022-26524 + RESERVED +CVE-2022-26523 + RESERVED +CVE-2022-26522 + RESERVED +CVE-2022-26521 (Abantecart through 1.3.2 allows remote authenticated administrators to ...) + NOT-FOR-US: Abantecart +CVE-2022-0872 + RESERVED +CVE-2022-26019 (Improper access control vulnerability in pfSense CE and pfSense Plus ( ...) + NOT-FOR-US: pfSense +CVE-2022-24299 (Improper input validation vulnerability in pfSense CE and pfSense Plus ...) + NOT-FOR-US: pfSense +CVE-2022-0871 (Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.) + NOT-FOR-US: Go Git Service +CVE-2022-0870 (Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prio ...) + NOT-FOR-US: Go Git Service +CVE-2022-0869 (Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.1 ...) + NOT-FOR-US: Spirit forum software +CVE-2022-26507 (A heap-based buffer overflow exists in XML Decompression DecodeTreeBlo ...) + NOT-FOR-US: Schneider Electric +CVE-2022-26506 + RESERVED +CVE-2022-26505 (A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 a ...) + {DLA-2973-1} + - minidlna 1.3.0+dfsg-2.2 (bug #1006798) + [bullseye] - minidlna 1.3.0+dfsg-2+deb11u1 + [buster] - minidlna 1.2.1+dfsg-2+deb10u3 + NOTE: https://sourceforge.net/p/minidlna/git/ci/c21208508dbc131712281ec5340687e5ae89e940/ + NOTE: https://www.openwall.com/lists/oss-security/2022/03/03/1 +CVE-2022-26504 (Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10. ...) + NOT-FOR-US: Veeam +CVE-2022-26503 (Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, ...) + NOT-FOR-US: Veeam +CVE-2022-26502 + REJECTED +CVE-2022-26501 (Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control ...) + NOT-FOR-US: Veeam +CVE-2022-26500 (Improper limitation of path names in Veeam Backup & Replication 9.5U3, ...) + NOT-FOR-US: Veeam +CVE-2022-26499 (An SSRF issue was discovered in Asterisk through 19.x. When using STIR ...) + {DSA-5285-1 DLA-3194-1} + - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29476 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-002.html +CVE-2022-26498 (An issue was discovered in Asterisk through 19.x. When using STIR/SHAK ...) + {DSA-5285-1 DLA-3194-1} + - asterisk 1:18.11.2~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29872 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-001.html +CVE-2022-26497 (BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have ...) + NOT-FOR-US: BigBlueButton +CVE-2022-26496 (In nbd-server in nbd before 3.24, there is a stack-based buffer overfl ...) + {DSA-5100-1} + - nbd 1:3.24-1 (bug #1006915) + [stretch] - nbd (NBD_OPT_INFO/NBD_OPT_GO introduced later, in 3.16) + NOTE: https://lists.debian.org/nbd/2022/01/msg00036.html + NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html +CVE-2022-26495 (In nbd-server in nbd before 3.24, there is an integer overflow with a ...) + {DSA-5100-1 DLA-2944-1} + - nbd 1:3.24-1 (bug #1006915) + NOTE: https://lists.debian.org/nbd/2022/01/msg00037.html +CVE-2022-26494 (An XSS was identified in the Admin Web interface of PrimeKey SignServe ...) + NOT-FOR-US: PrimeKey SignServer +CVE-2022-26493 (Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP ...) + NOT-FOR-US: Drupal SAML provider +CVE-2022-26492 + RESERVED +CVE-2022-26491 (An issue was discovered in Pidgin before 2.14.9. A remote attacker who ...) + {DLA-3043-1} + - pidgin 2.14.9-1 + [bullseye] - pidgin (Minor issue) + [buster] - pidgin (Minor issue) + NOTE: https://pidgin.im/about/security/advisories/cve-2022-26491/ + NOTE: https://keep.imfreedom.org/pidgin/pidgin/rev/13cdb7956bdc +CVE-2022-26489 + RESERVED +CVE-2022-26488 (In Python before 3.10.3 on Windows, local users can gain privileges be ...) + - python3.10 (Windows-specific) + - python3.9 (Windows-specific) + - python3.7 (Windows-specific) + - python3.5 (Windows-specific) + - python2.7 (Windows-specific) +CVE-2022-26487 + REJECTED +CVE-2021-46704 (In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to ...) + NOT-FOR-US: GenieACS +CVE-2021-46703 (In the IsolatedRazorEngine component of Antaris RazorEngine through 4. ...) + NOT-FOR-US: Antaris RazorEngine +CVE-2020-36517 (An information leak in Nabu Casa Home Assistant Operating System and H ...) + NOT-FOR-US: Nabu +CVE-2022-0868 (Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.) + NOT-FOR-US: Node urijs +CVE-2022-26490 (st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in t ...) + {DSA-5173-1 DSA-5127-1 DLA-3065-1} + - linux 5.16.18-1 + NOTE: https://git.kernel.org/linus/4fbcc1a4cb20fe26ad0225679c536c80f1648221 (5.17-rc1) +CVE-2022-26486 (An unexpected message in the WebGPU IPC framework could lead to a use- ...) + {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1} + - firefox 99.0-1 + - firefox-esr 91.6.1esr-1 + - thunderbird 1:91.6.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26486 +CVE-2022-26485 (Removing an XSLT parameter during processing could have lead to an exp ...) + {DSA-5094-1 DSA-5090-1 DLA-2939-1 DLA-2933-1} + - firefox 99.0-1 + - firefox-esr 91.6.1esr-1 + - thunderbird 1:91.6.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/#CVE-2022-26485 +CVE-2022-26484 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) + NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM) +CVE-2022-26483 (An issue was discovered in Veritas InfoScale Operations Manager (VIOM) ...) + NOT-FOR-US: Veritas InfoScale Operations Manager (VIOM) +CVE-2022-26482 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. o ...) + NOT-FOR-US: Poly +CVE-2022-26481 (An issue was discovered in Poly Studio before 3.7.0. Command Injection ...) + NOT-FOR-US: Poly +CVE-2022-26480 + RESERVED +CVE-2022-26479 (An issue was discovered in Poly EagleEye Director II before 2.2.2.1. E ...) + NOT-FOR-US: Poly +CVE-2022-26478 + RESERVED +CVE-2022-26477 (The Security Team noticed that the termination condition of the for lo ...) + NOT-FOR-US: Apache SystemDS +CVE-2022-0867 (The Pricing Table WordPress plugin before 3.6.1 fails to properly sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0866 (This is a concurrency issue that can result in the wrong caller princi ...) + - wildfly (bug #752018) +CVE-2022-0865 (Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cau ...) + {DSA-5108-1} + - tiff 4.3.0-5 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/385 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/306 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/a1c933dabd0e1c54a412f3f84ae0aa58115c6067 +CVE-2022-26476 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-26475 (In wlan, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: Mediatek +CVE-2022-26474 (In sensorhub, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Mediatek +CVE-2022-26473 (In vdec fmt, there is a possible use after free due to improper lockin ...) + NOT-FOR-US: Mediatek +CVE-2022-26472 (In ims, there is a possible escalation of privilege due to a parcel fo ...) + NOT-FOR-US: Mediatek +CVE-2022-26471 (In telephony, there is a possible escalation of privilege due to a par ...) + NOT-FOR-US: Mediatek +CVE-2022-26470 (In aie, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: Mediatek +CVE-2022-26469 (In MtkEmail, there is a possible escalation of privilege due to fragme ...) + NOT-FOR-US: Mediatek +CVE-2022-26468 (In preloader (usb), there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-26467 (In rpmb, there is a possible out of bounds write due to an incorrect b ...) + NOT-FOR-US: Mediatek +CVE-2022-26466 (In audio ipi, there is a possible out of bounds write due to an intege ...) + NOT-FOR-US: Mediatek +CVE-2022-26465 (In audio ipi, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Mediatek +CVE-2022-26464 (In vow, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: Mediatek +CVE-2022-26463 (In vow, there is a possible out of bounds read due to an incorrect bou ...) + NOT-FOR-US: Mediatek +CVE-2022-26462 (In vow, there is a possible out of bounds read due to an incorrect bou ...) + NOT-FOR-US: Mediatek +CVE-2022-26461 (In vow, there is a possible undefined behavior due to an API misuse. T ...) + NOT-FOR-US: Mediatek +CVE-2022-26460 (In vow, there is a possible out of bounds write due to an incorrect bo ...) + NOT-FOR-US: Mediatek +CVE-2022-26459 (In vow, there is a possible out of bounds read due to an integer overf ...) + NOT-FOR-US: Mediatek +CVE-2022-26458 (In vow, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2022-26457 (In vow, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Mediatek +CVE-2022-26456 (In vow, there is a possible information disclosure due to a symbolic l ...) + NOT-FOR-US: Mediatek +CVE-2022-26455 (In gz, there is a possible memory corruption due to incorrect error ha ...) + NOT-FOR-US: Mediatek +CVE-2022-26454 (In teei, there is a possible memory corruption due to an integer overf ...) + NOT-FOR-US: Mediatek +CVE-2022-26453 (In teei, there is a possible memory corruption due to a use after free ...) + NOT-FOR-US: Mediatek +CVE-2022-26452 (In isp, there is a possible use after free due to improper locking. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-26451 (In ged, there is a possible use after free due to improper locking. Th ...) + NOT-FOR-US: Mediatek +CVE-2022-26450 (In apusys, there is a possible use after free due to a race condition. ...) + NOT-FOR-US: Mediatek +CVE-2022-26449 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2022-26448 (In apusys, there is a possible out of bounds write due to a missing bo ...) + NOT-FOR-US: Mediatek +CVE-2022-26447 (In BT firmware, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: Mediatek +CVE-2022-26446 (In Modem 4G RRC, there is a possible system crash due to improper inpu ...) + NOT-FOR-US: Mediatek +CVE-2022-26445 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26444 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26443 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26442 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26441 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26440 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26439 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26438 (In wifi driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek +CVE-2022-26437 (In httpclient, there is a possible out of bounds write due to uninitia ...) + NOT-FOR-US: MediaTek +CVE-2022-26436 (In emi mpu, there is a possible out of bounds read due to a missing bo ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26435 (In mailbox, there is a possible out of bounds write due to type confus ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26434 (In mailbox, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26433 (In mailbox, there is a possible out of bounds write due to type confus ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26432 (In mailbox, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26431 (In mailbox, there is a possible out of bounds write due to a missing b ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26430 (In mailbox, there is a possible out of bounds write due to type confus ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26429 (In cta, there is a possible way to write permission usage records of a ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26428 (In video codec, there is a possible memory corruption due to a race co ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26427 (In camera isp, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26426 (In camera isp, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-26418 + REJECTED +CVE-2022-26416 + REJECTED +CVE-2022-26414 (A potential buffer overflow vulnerability was identified in some inter ...) + NOT-FOR-US: Zyxel +CVE-2022-26413 (A command injection vulnerability in the CGI program of Zyxel VMG3312- ...) + NOT-FOR-US: Zyxel +CVE-2022-26348 (Command Centre Server is vulnerable to SQL Injection via Windows Regis ...) + NOT-FOR-US: gallagher +CVE-2022-26347 + REJECTED +CVE-2022-26339 + REJECTED +CVE-2022-26123 + REJECTED +CVE-2022-26087 + REJECTED +CVE-2022-26078 (Gallagher Controller 6000 is vulnerable to a Denial of Service attack ...) + NOT-FOR-US: Gallagher +CVE-2022-26058 + REJECTED +CVE-2022-26055 + REJECTED +CVE-2022-26053 + REJECTED +CVE-2022-26039 + REJECTED +CVE-2022-26031 + REJECTED +CVE-2022-26027 + REJECTED +CVE-2022-25997 + REJECTED +CVE-2022-25968 + REJECTED +CVE-2022-25957 + REJECTED +CVE-2022-25920 + REJECTED +CVE-2022-25889 + REJECTED +CVE-2022-21224 + REJECTED +CVE-2022-0864 (The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0863 (The WP SVG Icons WordPress plugin through 3.2.3 does not properly vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0862 (A lack of password change protection vulnerability in a depreciated AP ...) + NOT-FOR-US: McAfee +CVE-2022-0861 (A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orche ...) + NOT-FOR-US: McAfee +CVE-2022-0860 (Improper Authorization in GitHub repository cobbler/cobbler prior to 3 ...) + - cobbler +CVE-2022-0859 (McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 a ...) + NOT-FOR-US: McAfee +CVE-2022-0858 (A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolic ...) + NOT-FOR-US: McAfee +CVE-2022-0857 (A reflected cross-site scripting (XSS) vulnerability in McAfee Enterpr ...) + NOT-FOR-US: McAfee +CVE-2022-0856 (libcaca is affected by a Divide By Zero issue via img2txt, which allow ...) + - libcaca (unimportant) + NOTE: https://github.com/cacalabs/libcaca/issues/65 + NOTE: Crash in CLI tool, no security impact +CVE-2022-0855 (Improper Resolution of Path Equivalence in GitHub repository microwebe ...) + NOT-FOR-US: microweber (whmcs_plugin) +CVE-2022-0854 (A memory leak flaw was found in the Linux kernel\u2019s DMA subsystem, ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.17.3-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058395 + NOTE: https://git.kernel.org/linus/ddbd89deb7d32b1fbb879f48d68fda1a8ac58e8e (5.17-rc6) + NOTE: https://git.kernel.org/linus/901c7280ca0d5e2b4a8929fbe0bfb007ac2a6544 (5.18-rc1) +CVE-2022-0853 (A flaw was found in JBoss-client. The vulnerability occurs due to a me ...) + NOT-FOR-US: jboss-client +CVE-2022-0852 (There is a flaw in convert2rhel. convert2rhel passes the Red Hat accou ...) + NOT-FOR-US: Red Hat convert2rhel +CVE-2022-0851 (There is a flaw in convert2rhel. When the --activationkey option is us ...) + NOT-FOR-US: Red Hat convert2rhel +CVE-2022-0850 (A vulnerability was found in linux kernel, where an information leak o ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2060606 +CVE-2022-0849 (Use After Free in r_reg_get_name_idx in GitHub repository radareorg/ra ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/29c5f76e-5f1f-43ab-a0c8-e31951e407b6 + NOTE: https://github.com/radareorg/radare2/commit/10517e3ff0e609697eb8cde60ec8dc999ee5ea24 +CVE-2022-0848 (OS Command Injection in GitHub repository part-db/part-db prior to 0.5 ...) + NOT-FOR-US: part-db +CVE-2022-26412 + RESERVED +CVE-2022-26411 + RESERVED +CVE-2022-26410 + RESERVED +CVE-2022-26409 + RESERVED +CVE-2022-26408 + RESERVED +CVE-2022-26407 + RESERVED +CVE-2022-26406 + RESERVED +CVE-2022-26405 + RESERVED +CVE-2022-26404 + RESERVED +CVE-2022-26403 + RESERVED +CVE-2022-26402 + RESERVED +CVE-2022-26401 + RESERVED +CVE-2022-26400 + RESERVED +CVE-2022-26399 + RESERVED +CVE-2022-26398 + RESERVED +CVE-2022-26397 + RESERVED +CVE-2022-26396 + RESERVED +CVE-2022-26395 + RESERVED +CVE-2022-26394 (The Baxter Spectrum WBM does not perform mutual authentication with th ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2022-26393 (The Baxter Spectrum WBM is susceptible to format string attacks via ap ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2022-26392 (The Baxter Spectrum WBM (v16, v16D38) and Baxter Spectrum WBM (v17, v1 ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2022-26391 + RESERVED +CVE-2022-26390 (The Baxter Spectrum Wireless Battery Module (WBM) stores network crede ...) + NOT-FOR-US: Baxter Spectrum Wireless Battery Module (WBM) +CVE-2022-26389 + RESERVED +CVE-2022-26388 + RESERVED +CVE-2022-0847 (A flaw was found in the way the "flags" member of the new pipe buffer ...) + {DSA-5092-1} + - linux 5.16.11-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/9d2231c5d74e13b2a0546fee6737ee4446017903 (5.17-rc6) + NOTE: https://www.openwall.com/lists/oss-security/2022/03/07/1 + NOTE: https://dirtypipe.cm4all.com/ + NOTE: https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/ +CVE-2022-0846 (The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0845 (Code Injection in GitHub repository pytorchlightning/pytorch-lightning ...) + NOT-FOR-US: pytorchlightning +CVE-2022-26387 (When installing an add-on, Firefox verified the signature before promp ...) + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} + - firefox 98.0-1 + - firefox-esr 91.7.0esr-1 + - thunderbird 1:91.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26387 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26387 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26387 +CVE-2022-26386 (Previously Firefox for macOS and Linux would download temporary files ...) + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} + - firefox-esr 91.7.0esr-1 + - thunderbird 1:91.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26386 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26386 +CVE-2022-26385 (In unusual circumstances, an individual thread may outlive the thread' ...) + - firefox 98.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26385 +CVE-2022-26384 (If an attacker could control the contents of an iframe sandboxed with ...) + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} + - firefox 98.0-1 + - firefox-esr 91.7.0esr-1 + - thunderbird 1:91.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26384 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26384 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26384 +CVE-2022-26383 (When resizing a popup after requesting fullscreen access, the popup wo ...) + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} + - firefox 98.0-1 + - firefox-esr 91.7.0esr-1 + - thunderbird 1:91.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26383 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26383 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26383 +CVE-2022-26382 (While the text displayed in Autofill tooltips cannot be directly read ...) + - firefox 98.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26382 +CVE-2022-26381 (An attacker could have caused a use-after-free by forcing a text reflo ...) + {DSA-5106-1 DSA-5097-1 DLA-2961-1 DLA-2942-1} + - firefox 98.0-1 + - firefox-esr 91.7.0esr-1 + - thunderbird 1:91.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-26381 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-11/#CVE-2022-26381 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-12/#CVE-2022-26381 +CVE-2022-26380 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-26379 + RESERVED +CVE-2022-26378 + RESERVED +CVE-2022-26377 (Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling' ...) + - apache2 2.4.54-1 (bug #1012513) + [bullseye] - apache2 2.4.54-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://www.openwall.com/lists/oss-security/2022/06/08/2 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-26377 + NOTE: https://github.com/apache/httpd/commit/f7f15f3d8bfe3032926c8c39eb8434529f680bd4 +CVE-2022-26073 (A denial of service vulnerability exists in the libxm_av.so DemuxCmdIn ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2022-25989 (An authentication bypass vulnerability exists in the libxm_av.so getpe ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2022-0844 + REJECTED +CVE-2022-0843 (Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup ...) + - firefox 98.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-10/#CVE-2022-0843 +CVE-2022-0842 (A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orche ...) + NOT-FOR-US: McAfee +CVE-2022-0841 (OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0. ...) + NOT-FOR-US: ljharb/npm-lockfile +CVE-2022-0840 (The Easy Social Icons WordPress plugin before 3.2.1 does not properly ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0839 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + NOT-FOR-US: liquibase +CVE-2022-0838 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-0837 (The Amelia WordPress plugin before 1.0.48 does not have proper authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0836 (The SEMA API WordPress plugin before 4.02 does not properly sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26365 (Linux disk/nic frontends data leaks T[his CNA information record relat ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + - xen 4.16.2-1 (bug #1014414) + [bullseye] - xen (Too intrusive too backport) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-403.html +CVE-2022-26364 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...) + {DSA-5184-1} + - xen 4.16.2-1 (bug #1014414) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-402.html +CVE-2022-26363 (x86 pv: Insufficient care with non-coherent mappings T[his CNA informa ...) + {DSA-5184-1} + - xen 4.16.2-1 (bug #1014414) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-402.html +CVE-2022-26362 (x86 pv: Race condition in typeref acquisition Xen maintains a type ref ...) + {DSA-5184-1} + - xen 4.16.2-1 (bug #1014414) + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-401.html + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2294 +CVE-2022-26361 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-400.html +CVE-2022-26360 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-400.html +CVE-2022-26359 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-400.html +CVE-2022-26358 (IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA in ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-400.html +CVE-2022-26357 (race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-399.html +CVE-2022-26356 (Racy interactions between dirty vram tracking and paging log dirty hyp ...) + {DSA-5117-1} + - xen 4.16.1-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-397.html +CVE-2022-26355 (Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deplo ...) + NOT-FOR-US: Citrix +CVE-2022-26354 (A flaw was found in the vhost-vsock device of QEMU. In case of error, ...) + {DSA-5133-1 DLA-3099-1 DLA-2970-1} + - qemu 1:7.0+dfsg-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063257 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/8d1b247f3748ac4078524130c6d7ae42b6140aaf + NOTE: vulnerable code in buster in vhost_vsock_send_transport_reset +CVE-2022-26353 (A flaw was found in the virtio-net device of QEMU. This flaw was inadv ...) + {DSA-5133-1} + - qemu 1:7.0+dfsg-1 + [buster] - qemu (Original upstream fix for CVE-2021-3748 not applied, new fix applied in DSA) + [stretch] - qemu (Original upstream fix for CVE-2021-3748 not applied) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2063197 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2022-03/msg02438.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/abe300d9d894f7138e1af7c8e9c88c04bfe98b37 (v7.0.0-rc0) + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0) + NOTE: Introduced by the original fix for CVE-2021-3748. +CVE-2022-0835 (AVEVA System Platform 2020 stores sensitive information in cleartext, ...) + NOT-FOR-US: AVEVA +CVE-2022-0834 (The Amelia WordPress plugin is vulnerable to Cross-Site Scripting due ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0833 (The Church Admin WordPress plugin before 3.4.135 does not have authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0832 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0831 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0830 (The FormBuilder WordPress plugin through 1.08 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0829 (Improper Authorization in GitHub repository webmin/webmin prior to 1.9 ...) + - webmin +CVE-2022-0828 (The Download Manager WordPress plugin before 3.2.34 uses the uniqid ph ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0827 (The Bestbooks WordPress plugin through 2.6.3 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0826 (The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0825 (The Amelia WordPress plugin before 1.0.49 does not have proper authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0824 (Improper Access Control to Remote Code Execution in GitHub repository ...) + - webmin +CVE-2022-0823 (An improper control of interaction frequency vulnerability in Zyxel GS ...) + NOT-FOR-US: Zyxel +CVE-2022-26352 (An issue was discovered in the ContentResource API in dotCMS 3.0 throu ...) + NOT-FOR-US: dotCMS +CVE-2022-26351 + REJECTED +CVE-2022-26350 + RESERVED +CVE-2022-26345 (Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP ...) + NOT-FOR-US: Intel +CVE-2022-26343 (Improper access control in the BIOS firmware for some Intel(R) Process ...) + NOT-FOR-US: Intel +CVE-2022-26337 (Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 a ...) + NOT-FOR-US: Trend Micro +CVE-2022-26336 (A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allow ...) + NOT-FOR-US: poi-scratchpad +CVE-2022-26335 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-26334 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-26304 + RESERVED +CVE-2022-26131 (Power Line Communications PLC4TRUCKS J2497 trailer receivers are susce ...) + NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer receivers +CVE-2022-26124 (Improper buffer restrictions in BIOS firmware for some Intel(R) NUC Bo ...) + NOT-FOR-US: Intel +CVE-2022-26086 (Uncontrolled search path element in the PresentMon software maintained ...) + NOT-FOR-US: Intel +CVE-2022-26083 + RESERVED +CVE-2022-26074 (Incomplete cleanup in a firmware subsystem for Intel(R) SPS before ver ...) + NOT-FOR-US: Intel +CVE-2022-26072 + RESERVED +CVE-2022-26056 + RESERVED +CVE-2022-26038 + RESERVED +CVE-2022-26037 + RESERVED +CVE-2022-26028 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler software b ...) + NOT-FOR-US: Intel +CVE-2022-26006 (Improper input validation in the BIOS firmware for some Intel(R) Proce ...) + NOT-FOR-US: Intel +CVE-2022-25999 (Uncontrolled search path element in the Intel(R) Enpirion(R) Digital P ...) + NOT-FOR-US: Intel +CVE-2022-25992 (Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi- ...) + NOT-FOR-US: Intel +CVE-2022-25966 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + NOT-FOR-US: Intel +CVE-2022-25922 (Power Line Communications PLC4TRUCKS J2497 trailer brake controllers i ...) + NOT-FOR-US: Power Line Communications PLC4TRUCKS J2497 trailer brake controllers +CVE-2022-25917 (Uncaught exception in the firmware for some Intel(R) Server Board M50C ...) + NOT-FOR-US: Intel +CVE-2022-25909 + RESERVED +CVE-2022-25870 + RESERVED +CVE-2022-25864 (Uncontrolled search path in some Intel(R) oneMKL software before versi ...) + NOT-FOR-US: Intel +CVE-2022-0822 (Cross-site Scripting (XSS) - Reflected in GitHub repository orchardcms ...) + NOT-FOR-US: Orchard CMS +CVE-2022-0821 (Improper Authorization in GitHub repository orchardcms/orchardcore pri ...) + NOT-FOR-US: Orchard CMS +CVE-2022-0820 (Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/or ...) + NOT-FOR-US: Orchard CMS +CVE-2022-0819 (Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.) + - dolibarr +CVE-2022-0818 (The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0817 (The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0816 + RESERVED +CVE-2022-0815 (Improper access control vulnerability in McAfee WebAdvisor Chrome and ...) + NOT-FOR-US: McAfee +CVE-2022-0814 (The Ubigeo de Per\xfa para Woocommerce WordPress plugin before 3.6.4 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0813 (PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially ...) + - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/ + NOTE: https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information + NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/c04f85f2bb96c442086d9ad057953567cc794486 + NOTE: Negligible security impact +CVE-2022-0811 (A flaw was found in CRI-O in the way it set kernel options for a pod. ...) + - cri-o (bug #979702) +CVE-2022-26333 + REJECTED +CVE-2022-26332 (Cipi 3.1.15 allows Add Server stored XSS via the /api/servers name fie ...) + NOT-FOR-US: Cipi +CVE-2022-26331 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2022-26330 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2022-26329 (File existence disclosure vulnerability in NetIQ Identity Manager plug ...) + NOT-FOR-US: Micro Focus +CVE-2022-26328 + RESERVED +CVE-2022-26327 + RESERVED +CVE-2022-26326 (Potential open redirection vulnerability when URL is crafted in specif ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2022-26325 (Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Man ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2022-26324 + RESERVED +CVE-2022-26323 + RESERVED +CVE-2022-26322 + RESERVED +CVE-2022-26321 + RESERVED +CVE-2022-26320 (The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in cert ...) + NOT-FOR-US: Fujifilm +CVE-2022-26319 (An installer search patch element vulnerability in Trend Micro Portabl ...) + NOT-FOR-US: Trend Micro +CVE-2022-26318 (On WatchGuard Firebox and XTM appliances, an unauthenticated user can ...) + NOT-FOR-US: WatchGuard +CVE-2022-26317 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Mendix (Siemens) +CVE-2022-26316 + RESERVED +CVE-2022-26315 (qrcp through 0.8.4, in receive mode, allows ../ Directory Traversal vi ...) + NOT-FOR-US: qrcp +CVE-2022-26314 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) + NOT-FOR-US: Mendix (Siemens) +CVE-2022-26313 (A vulnerability has been identified in Mendix Forgot Password Appstore ...) + NOT-FOR-US: Mendix (Siemens) +CVE-2022-26312 + RESERVED +CVE-2022-26311 (Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to ...) + NOT-FOR-US: Couchbase Operator +CVE-2022-26310 (Pandora FMS v7.0NG.760 and below allows an improper authorization in U ...) + NOT-FOR-US: Pandora FMS +CVE-2022-26309 (Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk opera ...) + NOT-FOR-US: Pandora FMS +CVE-2022-26308 (Pandora FMS v7.0NG.760 and below allows an improper access control in ...) + NOT-FOR-US: Pandora FMS +CVE-2022-26307 (LibreOffice supports the storage of passwords for web connections in t ...) + {DLA-3368-1} + - libreoffice 1:7.3.3~rc1-2 + [bullseye] - libreoffice 1:7.0.4-4+deb11u2 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307 +CVE-2022-26306 (LibreOffice supports the storage of passwords for web connections in t ...) + {DLA-3368-1} + - libreoffice 1:7.3.3~rc1-2 + [bullseye] - libreoffice 1:7.0.4-4+deb11u2 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306 +CVE-2022-26305 (An Improper Certificate Validation vulnerability in LibreOffice existe ...) + {DLA-3368-1} + - libreoffice 1:7.3.2~rc2-1 + [bullseye] - libreoffice 1:7.0.4-4+deb11u2 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305 +CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: TuziCMS +CVE-2022-26300 (EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the fu ...) + NOT-FOR-US: EOS +CVE-2022-26299 + RESERVED +CVE-2022-26298 + RESERVED +CVE-2022-26297 + RESERVED +CVE-2022-26296 (BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was di ...) + NOT-FOR-US: BOOM CPU +CVE-2022-26295 (A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user ...) + NOT-FOR-US: Online Project Time Management System +CVE-2022-26294 + RESERVED +CVE-2022-26293 (Online Project Time Management System v1.0 was discovered to contain a ...) + NOT-FOR-US: Online Project Time Management System +CVE-2022-26292 + RESERVED +CVE-2022-26291 (lrzip v0.641 was discovered to contain a multiple concurrency use-afte ...) + {DSA-5145-1 DLA-2981-1} + - lrzip 0.650-1 + NOTE: https://github.com/ckolivas/lrzip/issues/206 + NOTE: https://github.com/ckolivas/lrzip/commit/4b3942103b57c639c8e0f31d6d5fd7bac53bbdf4 (v0.650) + NOTE: clear_rulist() introduced by CVE-2021-27345+CVE-2021-27347 fix +CVE-2022-26290 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-26289 (Tenda M3 1.10 V1.0.0.12(4856) was discovered to contain a command inje ...) + NOT-FOR-US: Tenda +CVE-2022-26288 + RESERVED +CVE-2022-26287 + RESERVED +CVE-2022-26286 + RESERVED +CVE-2022-26285 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Simple Subscription Website +CVE-2022-26284 (Simple Client Management System v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: Simple Client Management System +CVE-2022-26283 (Simple Subscription Website v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Simple Subscription Website +CVE-2022-26282 + RESERVED +CVE-2022-26281 (BigAnt Server v5.6.06 was discovered to contain an incorrect access co ...) + NOT-FOR-US: BigAnt Server +CVE-2022-26280 (Libarchive v3.6.0 was discovered to contain an out-of-bounds read via ...) + - libarchive 3.6.2-1 (bug #1008953) + [bullseye] - libarchive (Minor issue) + [buster] - libarchive (Vulnerable code not present) + [stretch] - libarchive (Vulnerable code not present) + NOTE: https://github.com/libarchive/libarchive/issues/1672 + NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/121035c83e18b70d3128e9ac966109ebedb7e516 (v3.4.0) + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff (v3.6.1) +CVE-2022-26279 (EyouCMS v1.5.5 was discovered to have no access control in the compone ...) + NOT-FOR-US: EyouCMS +CVE-2022-26278 (Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-26277 + RESERVED +CVE-2022-26276 (An issue in index.php of OneNav v0.9.14 allows attackers to perform di ...) + NOT-FOR-US: OneNav +CVE-2022-26275 + RESERVED +CVE-2022-26274 + RESERVED +CVE-2022-26273 (EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\con ...) + NOT-FOR-US: EyouCMS +CVE-2022-26272 (A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows ...) + NOT-FOR-US: Ionize CMS +CVE-2022-26271 (74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulner ...) + NOT-FOR-US: 74cmsSE +CVE-2022-26270 + RESERVED +CVE-2022-26269 (Suzuki Connect v1.0.15 allows attackers to tamper with displayed messa ...) + NOT-FOR-US: Suzuki Connect +CVE-2022-26268 (Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: Xiaohuanxiong +CVE-2022-26267 (Piwigo v12.2.0 was discovered to contain an information leak via the a ...) + - piwigo +CVE-2022-26266 (Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability ...) + - piwigo +CVE-2022-26265 (Contao Managed Edition v1.5.0 was discovered to contain a remote comma ...) + NOT-FOR-US: Contao Managed Edition +CVE-2022-26264 + RESERVED +CVE-2022-26263 (Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scrip ...) + NOT-FOR-US: Yonyou u8 +CVE-2022-26262 + RESERVED +CVE-2022-26261 + RESERVED +CVE-2022-26260 (Simple-Plist v1.3.0 was discovered to contain a prototype pollution vu ...) + NOT-FOR-US: Simple-Plist +CVE-2022-26259 (A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, ...) + NOT-FOR-US: Xiongmai +CVE-2022-26258 (D-Link DIR-820L 1.05B03 was discovered to contain remote command execu ...) + NOT-FOR-US: D-Link +CVE-2022-26257 + RESERVED +CVE-2022-26256 + RESERVED +CVE-2022-26255 (Clash for Windows v0.19.8 was discovered to allow arbitrary code execu ...) + NOT-FOR-US: Clash for Windows +CVE-2022-26254 (WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovere ...) + NOT-FOR-US: WoWonder +CVE-2022-26253 + RESERVED +CVE-2022-26252 (aaPanel v6.8.21 was discovered to be vulnerable to directory traversal ...) + NOT-FOR-US: aaPanel +CVE-2022-26251 (The HTTP interface of Synaman v5.1 and below was discovered to allow a ...) + NOT-FOR-US: Synaman +CVE-2022-26250 (Synaman v5.1 and below was discovered to contain weak file permissions ...) + NOT-FOR-US: Synaman +CVE-2022-26249 (Survey King v0.3.0 does not filter data properly when exporting excel ...) + NOT-FOR-US: Survey King +CVE-2022-26248 + RESERVED +CVE-2022-26247 (TMS v2.28.0 contains an insecure permissions vulnerability via the com ...) + NOT-FOR-US: TMS +CVE-2022-26246 (TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vul ...) + NOT-FOR-US: TMS +CVE-2022-26245 (Falcon-plus v0.3 was discovered to contain a SQL injection vulnerabili ...) + NOT-FOR-US: Falcon-plus +CVE-2022-26244 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) + NOT-FOR-US: Hospital Management System +CVE-2022-26243 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) + NOT-FOR-US: Tenda +CVE-2022-26242 + RESERVED +CVE-2022-26241 + RESERVED +CVE-2022-26240 (The default privileges for the running service Normand Message Buffer ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26239 (The default privileges for the running service Normand License Manager ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26238 (The default privileges for the running service Normand Service Manager ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26237 (The default privileges for the running service Normand Viewer Service ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26236 (The default privileges for the running service Normand Remisol Advance ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26235 (A vulnerability was discovered in the Remisol Advance v2.0.12.1 and be ...) + NOT-FOR-US: Beckman Coulter Remisol Advance +CVE-2022-26234 + RESERVED +CVE-2022-26233 (Barco Control Room Management through Suite 2.9 Build 0275 was discove ...) + NOT-FOR-US: Barco Control Room Management +CVE-2022-26232 + RESERVED +CVE-2022-26231 + RESERVED +CVE-2022-26230 + RESERVED +CVE-2022-26229 + RESERVED +CVE-2022-26228 + RESERVED +CVE-2022-26227 + RESERVED +CVE-2022-26226 + RESERVED +CVE-2022-26225 + RESERVED +CVE-2022-26224 + RESERVED +CVE-2022-26223 + RESERVED +CVE-2022-26222 + RESERVED +CVE-2022-26221 + RESERVED +CVE-2022-26220 + RESERVED +CVE-2022-26219 + RESERVED +CVE-2022-26218 + RESERVED +CVE-2022-26217 + RESERVED +CVE-2022-26216 + RESERVED +CVE-2022-26215 + RESERVED +CVE-2022-26214 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26213 (Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to cont ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26212 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26211 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26210 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26209 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26208 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26207 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26206 (Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26205 (Marky commit 3686565726c65756e was discovered to contain a remote code ...) + NOT-FOR-US: Marky +CVE-2022-26204 + RESERVED +CVE-2022-26203 + RESERVED +CVE-2022-26202 + RESERVED +CVE-2022-26201 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Victor CMS +CVE-2022-26200 + REJECTED +CVE-2022-26199 + RESERVED +CVE-2022-26198 (Notable v1.8.4 does not filter text editing, allowing attackers to exe ...) + NOT-FOR-US: Notable +CVE-2022-26197 (Joget DX 7 was discovered to contain a cross-site scripting (XSS) vuln ...) + NOT-FOR-US: Joget +CVE-2022-26196 + RESERVED +CVE-2022-26195 + RESERVED +CVE-2022-26194 + RESERVED +CVE-2022-26193 + RESERVED +CVE-2022-26192 + RESERVED +CVE-2022-26191 + RESERVED +CVE-2022-26190 + RESERVED +CVE-2022-26189 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26188 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26187 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26186 (TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2022-26185 + RESERVED +CVE-2022-26184 (Poetry v1.1.9 and below was discovered to contain an untrusted search ...) + - poetry (Fixed before initial release) +CVE-2022-26183 (PNPM v6.15.1 and below was discovered to contain an untrusted search p ...) + - pnpm (bug #985669) +CVE-2022-26182 + RESERVED +CVE-2022-26181 (Dropbox Lepton v1.2.1-185-g2a08b77 was discovered to contain a heap-bu ...) + - lepton + NOTE: https://github.com/dropbox/lepton/issues/154 +CVE-2022-26180 (qdPM 9.2 allows Cross-Site Request Forgery (CSRF) via the index.php/my ...) + NOT-FOR-US: qdPM +CVE-2022-26179 + RESERVED +CVE-2022-26178 + RESERVED +CVE-2022-26177 + RESERVED +CVE-2022-26176 + RESERVED +CVE-2022-26175 + RESERVED +CVE-2022-26174 (A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 ...) + NOT-FOR-US: Beekeeper Studio +CVE-2022-26173 (JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery ( ...) + NOT-FOR-US: JForum2 +CVE-2022-26172 + RESERVED +CVE-2022-26171 (Bank Management System v1.o was discovered to contain a SQL injection ...) + NOT-FOR-US: Bank Management System +CVE-2022-26170 (Simple Mobile Comparison Website v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Mobile Comparison Website +CVE-2022-26169 (Air Cargo Management System v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Air Cargo Management System +CVE-2022-26168 + RESERVED +CVE-2022-26167 + RESERVED +CVE-2022-26166 + RESERVED +CVE-2022-26165 + RESERVED +CVE-2022-26164 + RESERVED +CVE-2022-26163 + RESERVED +CVE-2022-26162 + RESERVED +CVE-2022-26161 + RESERVED +CVE-2022-26160 + RESERVED +CVE-2022-26159 (The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote ...) + NOT-FOR-US: Ametys CMS +CVE-2022-26158 (An issue was discovered in the web application in Cherwell Service Man ...) + NOT-FOR-US: Cherwell Service Management (CSM) +CVE-2022-26157 (An issue was discovered in the web application in Cherwell Service Man ...) + NOT-FOR-US: Cherwell Service Management (CSM) +CVE-2022-26156 (An issue was discovered in the web application in Cherwell Service Man ...) + NOT-FOR-US: Cherwell Service Management (CSM) +CVE-2022-26155 (An issue was discovered in the web application in Cherwell Service Man ...) + NOT-FOR-US: Cherwell Service Management (CSM) +CVE-2022-26154 + RESERVED +CVE-2022-26153 + RESERVED +CVE-2022-26152 + RESERVED +CVE-2022-26151 (Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10. ...) + NOT-FOR-US: Citrix XenMobile Server +CVE-2022-26150 + RESERVED +CVE-2022-26080 (Use of Insufficiently Random Values vulnerability in ABB Pulsar Plus S ...) + NOT-FOR-US: ABB +CVE-2022-26057 (Vulnerabilities in the Mint WorkBench allow a low privileged attacker ...) + NOT-FOR-US: Mind Workbench +CVE-2022-0812 (An information leak flaw was found in NFS over RDMA in the net/sunrpc/ ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.7.10-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058955 + NOTE: https://git.kernel.org/linus/912288442cb2f431bf3c8cb097a5de83bc6dbac1 (5.8-rc6) +CVE-2022-0810 + RESERVED +CVE-2022-0809 (Out of bounds memory access in WebXR in Google Chrome prior to 99.0.48 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0808 (Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0807 (Inappropriate implementation in Autofill in Google Chrome prior to 99. ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0806 (Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a r ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0805 (Use after free in Browser Switcher in Google Chrome prior to 99.0.4844 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0804 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0803 (Inappropriate implementation in Permissions in Google Chrome prior to ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0802 (Inappropriate implementation in Full screen mode in Google Chrome on A ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0801 (Inappropriate implementation in HTML parser in Google Chrome prior to ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0800 (Heap buffer overflow in Cast UI in Google Chrome prior to 99.0.4844.51 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0799 (Insufficient policy enforcement in Installer in Google Chrome on Windo ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0798 (Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 a ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0797 (Out of bounds memory access in Mojo in Google Chrome prior to 99.0.484 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0796 (Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0795 (Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0794 (Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allo ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0793 (Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0792 (Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 all ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0791 (Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allow ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0790 (Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allow ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0789 (Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 a ...) + {DSA-5089-1} + - chromium 99.0.4844.51-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html +CVE-2022-0788 (The WP Fundraising Donation and Crowdfunding Platform WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0787 (The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0786 (The KiviCare WordPress plugin before 2.3.9 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0785 (The Daily Prayer Time WordPress plugin before 2022.03.01 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0784 (The Title Experiments Free WordPress plugin before 9.0.1 does not sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0783 (The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0782 (The Donations WordPress plugin through 1.8 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0781 (The Nirweb support WordPress plugin before 2.8.2 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0780 (The SearchIQ WordPress plugin before 3.9 contains a flag to disable th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0779 (The User Meta WordPress plugin before 2.4.4 does not validate the file ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0778 (The BN_mod_sqrt() function, which computes a modular square root, cont ...) + {DSA-5103-1 DLA-2953-1 DLA-2952-1} + - openssl 1.1.1n-1 + - openssl1.0 + NOTE: https://www.openssl.org/news/secadv/20220315.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 (OpenSSL_1_1_1n) +CVE-2022-0777 (Weak Password Recovery Mechanism for Forgotten Password in GitHub repo ...) + NOT-FOR-US: microweber +CVE-2022-0776 (Cross-site Scripting (XSS) - DOM in GitHub repository hakimel/reveal.j ...) + NOT-FOR-US: hakimel/reveal.js +CVE-2022-0775 + RESERVED +CVE-2022-0774 + RESERVED +CVE-2022-0773 (The Documentor WordPress plugin through 1.5.3 fails to sanitize and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0772 (Cross-site Scripting (XSS) - Stored in GitHub repository librenms/libr ...) + NOT-FOR-US: LibreNMS +CVE-2022-0771 (The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0770 (The Translate WordPress with GTranslate WordPress plugin before 2.9.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0769 (The Users Ultra WordPress plugin through 3.1.0 fails to properly sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0768 (Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltub ...) + NOT-FOR-US: rudloff/alltube +CVE-2022-26149 (MODX Revolution through 2.8.3-pl allows remote authenticated administr ...) + NOT-FOR-US: MODX Revolution +CVE-2022-26148 (An issue was discovered in Grafana through 7.3.4, when integrated with ...) + - grafana +CVE-2022-26147 (The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injecti ...) + NOT-FOR-US: Quectel RG502Q-EA modem +CVE-2022-26146 (Tricentis qTest before 10.4 allows stored XSS by an authenticated atta ...) + NOT-FOR-US: Tricentis qTest +CVE-2022-26145 + RESERVED +CVE-2022-26144 (An XSS issue was discovered in MantisBT before 2.25.3. Improper escapi ...) + - mantis +CVE-2022-26143 (The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 F ...) + NOT-FOR-US: Mitel +CVE-2022-26142 + RESERVED +CVE-2022-26141 + RESERVED +CVE-2022-26140 + RESERVED +CVE-2022-26139 + RESERVED +CVE-2022-26138 (The Atlassian Questions For Confluence app for Confluence Server and D ...) + NOT-FOR-US: Atlassian +CVE-2022-26137 (A vulnerability in multiple Atlassian products allows a remote, unauth ...) + NOT-FOR-US: Atlassian +CVE-2022-26136 (A vulnerability in multiple Atlassian products allows a remote, unauth ...) + NOT-FOR-US: Atlassian +CVE-2022-26135 (A vulnerability in Mobile Plugin for Jira Data Center and Server allow ...) + NOT-FOR-US: Atlassian +CVE-2022-26134 (In affected versions of Confluence Server and Data Center, an OGNL inj ...) + NOT-FOR-US: Atlassian Confluence Server and Data Center +CVE-2022-26133 (SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center ve ...) + NOT-FOR-US: Atlassian Bitbucket Data Center +CVE-2022-26132 + RESERVED +CVE-2022-0767 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) + - calibre-web (bug #982690) +CVE-2022-0766 (Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calib ...) + - calibre-web (bug #982690) +CVE-2021-46702 (Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to informati ...) + NOT-FOR-US: Tor Browser (on Windows) +CVE-2020-36516 (An issue was discovered in the Linux kernel through 5.16.11. The mixed ...) + - linux 5.16.7-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux 4.19.232-1 + NOTE: https://dl.acm.org/doi/10.1145/3372297.3417884 + NOTE: https://git.kernel.org/linus/23f57406b82de51809d5812afd96f210f8b627f3 +CVE-2022-26129 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) + - frr 8.4.1-1 (bug #1008010) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/10503 +CVE-2022-26128 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...) + - frr 8.4.1-1 (bug #1008010) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/10502 +CVE-2022-26127 (A buffer overflow vulnerability exists in FRRouting through 8.1.0 due ...) + - frr 8.4.1-1 (bug #1008010) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/10487 +CVE-2022-26126 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) + - frr 8.4.1-1 (bug #1008010) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/10505 +CVE-2022-26125 (Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due t ...) + - frr 8.4.1-1 (bug #1008010) + [bullseye] - frr (Minor issue) + [buster] - frr (Minor issue) + NOTE: https://github.com/FRRouting/frr/issues/10507 +CVE-2022-26122 (An insufficient verification of data authenticity vulnerability [CWE-3 ...) + NOT-FOR-US: FortiGuard +CVE-2022-26121 (An exposure of resource to wrong sphere vulnerability [CWE-668] in For ...) + NOT-FOR-US: FortiGuard +CVE-2022-26120 (Multiple improper neutralization of special elements used in an SQL Co ...) + NOT-FOR-US: Fortinet +CVE-2022-26119 (A improper authentication vulnerability in Fortinet FortiSIEM before 6 ...) + NOT-FOR-US: FortiGuard +CVE-2022-26118 (A privilege chaining vulnerability [CWE-268] in FortiManager and Forti ...) + NOT-FOR-US: Fortinet +CVE-2022-26117 (An empty password in configuration file vulnerability [CWE-258] in For ...) + NOT-FOR-US: Fortinet +CVE-2022-26116 (Multiple improper neutralization of special elements used in SQL comma ...) + NOT-FOR-US: Fortiguard FortiNAC +CVE-2022-26115 (A use of password hash with insufficient computational effort vulnerab ...) + NOT-FOR-US: Fortinet +CVE-2022-26114 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2022-26113 (An execution with unnecessary privileges vulnerability [CWE-250] in Fo ...) + NOT-FOR-US: Fortinet +CVE-2022-26112 (In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and ...) + NOT-FOR-US: Apache Pinot +CVE-2022-26042 (An OS command injection vulnerability exists in the daretools binary f ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26007 (An OS command injection vulnerability exists in the console factory fu ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26002 (A stack-based buffer overflow vulnerability exists in the console fact ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-25995 (A command execution vulnerability exists in the console inhand functio ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-0765 (The Loco Translate WordPress plugin before 2.6.1 does not properly rem ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0764 (Arbitrary Command Injection in GitHub repository strapi/strapi prior t ...) + NOT-FOR-US: strapi +CVE-2022-0763 (Cross-site Scripting (XSS) - Stored in GitHub repository microweber/mi ...) + NOT-FOR-US: microweber +CVE-2022-0762 (Incorrect Authorization in GitHub repository microweber/microweber pri ...) + NOT-FOR-US: microweber +CVE-2021-4224 + RESERVED +CVE-2022-26111 (The BeanShell components of IRISNext through 9.8.28 allow execution of ...) + NOT-FOR-US: IRISNext +CVE-2022-26110 (An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before ...) + {DSA-5144-1 DLA-2984-1} + - condor (bug #1008634) + NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0003 + NOTE: https://github.com/htcondor/htcondor/commit/1cae7601d796725e7f5dd73fedf37f6fbbe379ca (V8_8_16) + NOTE: https://github.com/htcondor/htcondor/commit/8568e8ba65c9490f30a1089b6d4f8910e4bfbd6b (V8_8_16) +CVE-2022-26109 (When a user opens a manipulated Portable Document Format (.pdf, PDFVie ...) + NOT-FOR-US: SAP +CVE-2022-26108 (When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) receiv ...) + NOT-FOR-US: SAP +CVE-2022-26107 (When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d ...) + NOT-FOR-US: SAP +CVE-2022-26106 (When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmC ...) + NOT-FOR-US: SAP +CVE-2022-26105 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2022-26104 (SAP Financial Consolidation - version 10.1, does not perform necessary ...) + NOT-FOR-US: SAP +CVE-2022-26103 (Under certain conditions, SAP NetWeaver (Real Time Messaging Framework ...) + NOT-FOR-US: SAP +CVE-2022-26102 (Due to missing authorization check, SAP NetWeaver Application Server f ...) + NOT-FOR-US: SAP +CVE-2022-26101 (Fiori launchpad - versions 754, 755, 756, does not sufficiently encode ...) + NOT-FOR-US: Fiori launchpad +CVE-2022-26100 (SAPCAR - version 7.22, does not contain sufficient input validation on ...) + NOT-FOR-US: SAPCAR +CVE-2022-26099 (Null pointer dereference vulnerability in parser_infe function of libs ...) + NOT-FOR-US: Samsung +CVE-2022-26098 (Heap-based buffer overflow vulnerability in sheifd_create function of ...) + NOT-FOR-US: Samsung +CVE-2022-26097 (Null pointer dereference vulnerability in parser_unknown_property func ...) + NOT-FOR-US: Samsung +CVE-2022-26096 (Null pointer dereference vulnerability in parser_ispe function in libs ...) + NOT-FOR-US: Samsung +CVE-2022-26095 (Null pointer dereference vulnerability in parser_colr function in libs ...) + NOT-FOR-US: Samsung +CVE-2022-26094 (Null pointer dereference vulnerability in parser_auxC function in libs ...) + NOT-FOR-US: Samsung +CVE-2022-26093 (Null pointer dereference vulnerability in parser_irot function in libs ...) + NOT-FOR-US: Samsung +CVE-2022-26092 (Improper boundary check in Quram Agif library prior to SMR Apr-2022 Re ...) + NOT-FOR-US: Samsung +CVE-2022-26091 (Improper access control vulnerability in Knox Manage prior to SMR Apr- ...) + NOT-FOR-US: Samsung +CVE-2022-26090 (Improper access control vulnerability in SamsungContacts prior to SMR ...) + NOT-FOR-US: Samsung +CVE-2022-26089 + RESERVED +CVE-2022-26088 (An issue was discovered in BMC Remedy before 22.1. Email-based Inciden ...) + NOT-FOR-US: BMC Remedy +CVE-2022-0761 + RESERVED +CVE-2022-0760 (The Simple Link Directory WordPress plugin before 7.7.2 does not valid ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0759 (A flaw was found in all versions of kubeclient up to (but not includin ...) + - ruby-kubeclient 4.9.3-1 (bug #1014780) + [bullseye] - ruby-kubeclient (Minor issue) + [buster] - ruby-kubeclient (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2058404 + NOTE: https://github.com/ManageIQ/kubeclient/issues/554 + NOTE: https://github.com/ManageIQ/kubeclient/pull/556 + NOTE: https://github.com/ManageIQ/kubeclient/issues/555 + NOTE: https://github.com/ManageIQ/kubeclient/pull/556 +CVE-2022-26085 (An OS command injection vulnerability exists in the httpd wlscan_ASP f ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26068 (This affects the package pistacheio/pistache before 0.0.3.20220425. It ...) + - pistache (Fixed with initial upload to Debian) + NOTE: https://github.com/pistacheio/pistache/pull/1065 + NOTE: https://github.com/pistacheio/pistache/commit/4ba6da096611d11849aa37ee342c032a306ee885 (0.0.5) +CVE-2022-26066 + RESERVED +CVE-2022-26063 + RESERVED +CVE-2022-26060 + RESERVED +CVE-2022-26050 + RESERVED +CVE-2022-26049 (This affects the package com.diffplug.gradle:goomph before 3.37.2. It ...) + NOT-FOR-US: com.diffplug.gradle:goomph +CVE-2022-26048 + RESERVED +CVE-2022-26046 + RESERVED +CVE-2022-26044 + RESERVED +CVE-2022-26040 + RESERVED +CVE-2022-26036 + RESERVED +CVE-2022-26035 + RESERVED +CVE-2022-26033 + RESERVED +CVE-2022-26030 + RESERVED +CVE-2022-26029 + RESERVED +CVE-2022-26025 + RESERVED +CVE-2022-26021 + RESERVED +CVE-2022-26020 (An information disclosure vulnerability exists in the router configura ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-26018 + RESERVED +CVE-2022-26016 + RESERVED +CVE-2022-26015 + RESERVED +CVE-2022-26014 + RESERVED +CVE-2022-26012 + RESERVED +CVE-2022-26011 + RESERVED +CVE-2022-26010 + RESERVED +CVE-2022-26008 + RESERVED +CVE-2022-26005 + RESERVED +CVE-2022-26004 + RESERVED +CVE-2022-26003 + RESERVED +CVE-2022-26001 + RESERVED +CVE-2022-26000 + RESERVED +CVE-2022-25998 + RESERVED +CVE-2022-25994 + RESERVED +CVE-2022-25993 + RESERVED +CVE-2022-25991 + RESERVED +CVE-2022-25988 + RESERVED +CVE-2022-25985 + RESERVED +CVE-2022-25984 + RESERVED +CVE-2022-25983 + RESERVED +CVE-2022-25982 + RESERVED +CVE-2022-25981 + RESERVED +CVE-2022-25979 (Versions of the package jsuites before 5.0.1 are vulnerable to Cross-s ...) + NOT-FOR-US: Node jsuites +CVE-2022-25978 (All versions of the package github.com/usememos/memos/server are vulne ...) + NOT-FOR-US: github.com/usememos/memos/server +CVE-2022-25977 + RESERVED +CVE-2022-25975 + RESERVED +CVE-2022-25974 + RESERVED +CVE-2022-25973 (All versions of package mc-kill-port are vulnerable to Arbitrary Comma ...) + NOT-FOR-US: Node mc-kill-port +CVE-2022-25971 + RESERVED +CVE-2022-25970 + RESERVED +CVE-2022-25967 (Versions of the package eta before 2.0.0 are vulnerable to Remote Code ...) + NOT-FOR-US: Eta +CVE-2022-25965 + RESERVED +CVE-2022-25964 + RESERVED +CVE-2022-25963 + RESERVED +CVE-2022-25962 (All versions of the package vagrant.js are vulnerable to Command Injec ...) + NOT-FOR-US: vagrant.js +CVE-2022-25961 + RESERVED +CVE-2022-25956 + RESERVED +CVE-2022-25955 + RESERVED +CVE-2022-25954 + RESERVED +CVE-2022-25953 + RESERVED +CVE-2022-25951 + RESERVED +CVE-2022-25950 + RESERVED +CVE-2022-25948 (The package liquidjs before 10.0.0 are vulnerable to Information Expos ...) + NOT-FOR-US: Node liquidjs +CVE-2022-25947 + RESERVED +CVE-2022-25945 + RESERVED +CVE-2022-25944 + RESERVED +CVE-2022-25941 + RESERVED +CVE-2022-25940 (All versions of package lite-server are vulnerable to Denial of Servic ...) + NOT-FOR-US: Node lite-server +CVE-2022-25939 + RESERVED +CVE-2022-25938 + RESERVED +CVE-2022-25937 (Versions of the package glance before 3.0.9 are vulnerable to Director ...) + NOT-FOR-US: Node glance +CVE-2022-25936 (Versions of the package servst before 2.0.3 are vulnerable to Director ...) + NOT-FOR-US: Node servst +CVE-2022-25935 + RESERVED +CVE-2022-25934 + RESERVED +CVE-2022-25933 + RESERVED +CVE-2022-25931 (All versions of package easy-static-server are vulnerable to Directory ...) + NOT-FOR-US: Node easy-static-server +CVE-2022-25930 + RESERVED +CVE-2022-25929 (The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to C ...) + NOT-FOR-US: Node smoothie +CVE-2022-25928 + RESERVED +CVE-2022-25927 (Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, fr ...) + - node-ua-parser-js 0.8.1+ds+~0.7.36-3 + [bullseye] - node-ua-parser-js (Minor issue) + [buster] - node-ua-parser-js (Minor issue, ReDoS) + NOTE: https://github.com/faisalman/ua-parser-js/commit/a6140a17dd0300a35cfc9cff999545f267889411 + NOTE: https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450 + NOTE: https://github.com/faisalman/ua-parser-js/security/advisories/GHSA-fhg7-m89q-25r3 +CVE-2022-25926 (Versions of the package window-control before 1.4.5 are vulnerable to ...) + NOT-FOR-US: Node window-control +CVE-2022-25925 + RESERVED +CVE-2022-25924 + RESERVED +CVE-2022-25923 (Versions of the package exec-local-bin before 1.2.0 are vulnerable to ...) + NOT-FOR-US: Node exec-local-bin +CVE-2022-25921 (All versions of package morgan-json are vulnerable to Arbitrary Code E ...) + NOT-FOR-US: Node morgan-json +CVE-2022-25919 + RESERVED +CVE-2022-25918 (The package shescape from 1.5.10 and before 1.6.1 are vulnerable to Re ...) + NOT-FOR-US: shescape +CVE-2022-25916 (Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to C ...) + NOT-FOR-US: Node mt7688-wiscan +CVE-2022-25914 (The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerab ...) + NOT-FOR-US: com.google.cloud.tools:jib-core +CVE-2022-25913 + RESERVED +CVE-2022-25912 (The package simple-git before 3.15.0 are vulnerable to Remote Code Exe ...) + NOT-FOR-US: Node simple-git +CVE-2022-25911 + RESERVED +CVE-2022-25910 + RESERVED +CVE-2022-25908 (All versions of the package create-choo-electron are vulnerable to Com ...) + NOT-FOR-US: create-choo-electron stability +CVE-2022-25907 (The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Poll ...) + NOT-FOR-US: voodoocreation/ts-deepmerge +CVE-2022-25906 (All versions of the package is-http2 are vulnerable to Command Injecti ...) + NOT-FOR-US: Node is-http2 +CVE-2022-25904 (All versions of package safe-eval are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node safe-eval +CVE-2022-25903 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...) + NOT-FOR-US: Rust crate opcua +CVE-2022-25902 + RESERVED +CVE-2022-25901 (Versions of the package cookiejar before 2.1.4 are vulnerable to Regul ...) + {DLA-3561-1} + - node-cookiejar 2.1.4+~2.1.2-1 + [bullseye] - node-cookiejar 2.1.2-1+deb11u1 + NOTE: https://security.snyk.io/vuln/SNYK-JS-COOKIEJAR-3149984 + NOTE: https://github.com/bmeck/node-cookiejar/pull/39 + NOTE: https://github.com/bmeck/node-cookiejar/commit/a9a320c3c49d65df491f5721969cfbf9e128d9af + NOTE: https://github.com/bmeck/node-cookiejar/commit/eaa00021caf6ae09449dde826108153b578348e5 + NOTE: https://github.com/bmeck/node-cookiejar/commit/ccb012da6dcfd58aaed792824f83d7227df8dea1 +CVE-2022-25900 (All versions of package git-clone are vulnerable to Command Injection ...) + NOT-FOR-US: Node git-clone +CVE-2022-25898 (The package jsrsasign before 10.5.25 are vulnerable to Improper Verifi ...) + NOT-FOR-US: Node jsrsasign +CVE-2022-25897 (The package org.eclipse.milo:sdk-server before 0.6.8 are vulnerable to ...) + NOT-FOR-US: org.eclipse.milo:sdk-server +CVE-2022-25896 (This affects the package passport before 0.6.0. When a user logs in or ...) + - passportjs 0.6.0+~1.0.0-1 (bug #1014385) + [bullseye] - passportjs (Minor issue) + [buster] - passportjs (Minor issue) + NOTE: https://github.com/jaredhanson/passport/commit/42630cbd1ffd44d146ff96f0a4be6f3c12f81d75 (v0.6.0) + NOTE: https://github.com/jaredhanson/passport/pull/900 + NOTE: https://snyk.io/vuln/SNYK-JS-PASSPORT-2840631 +CVE-2022-25895 (All versions of package lite-dev-server are vulnerable to Directory Tr ...) + NOT-FOR-US: Node lite-dev-server +CVE-2022-25894 (All versions of the package com.bstek.uflo:uflo-core are vulnerable to ...) + NOT-FOR-US: com.bstek.uflo:uflo-core +CVE-2022-25893 (The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Executi ...) + NOT-FOR-US: Node vm2 +CVE-2022-25892 (The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all v ...) + NOT-FOR-US: Muhammara Nodejs module +CVE-2022-25891 (The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are v ...) + NOT-FOR-US: github.com/containrrr/shoutrrr/pkg/util +CVE-2022-25890 (All versions of the package wifey are vulnerable to Command Injection ...) + NOT-FOR-US: wifey +CVE-2022-25888 (The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) ...) + NOT-FOR-US: Rust crate opcua +CVE-2022-25887 (The package sanitize-html before 2.7.1 are vulnerable to Regular Expre ...) + - node-sanitize-html 2.7.1+~2.6.2-1 (bug #1019219) + NOTE: https://github.com/apostrophecms/sanitize-html/commit/b4682c12fd30e12e82fa2d9b766de91d7d2cd23c (2.7.1) + NOTE: https://github.com/apostrophecms/sanitize-html/pull/557 + NOTE: https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526 +CVE-2022-25886 + RESERVED +CVE-2022-25885 (The package muhammara before 2.6.0; all versions of package hummus are ...) + NOT-FOR-US: Muhammara Nodejs module +CVE-2022-25884 + RESERVED +CVE-2022-25883 (Versions of the package semver before 7.5.2 are vulnerable to Regular ...) + - node-semver 7.5.4+~7.5.0-1 + [bookworm] - node-semver (Minor issue) + [bullseye] - node-semver (Minor issue) + [buster] - node-semver (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 + NOTE: https://github.com/npm/node-semver/pull/564 + NOTE: https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441 (v7.5.2) +CVE-2022-25882 (Versions of the package onnx before 1.13.0 are vulnerable to Directory ...) + NOT-FOR-US: onnx +CVE-2022-25881 (This affects versions of the package http-cache-semantics before 4.1.1 ...) + NOT-FOR-US: Node http-cache-semantics +CVE-2022-25879 + RESERVED +CVE-2022-25878 (The package protobufjs before 6.11.3 are vulnerable to Prototype Pollu ...) + NOT-FOR-US: protobufjs/protobuf.js +CVE-2022-25877 + RESERVED +CVE-2022-25876 (The package link-preview-js before 2.1.16 are vulnerable to Server-sid ...) + NOT-FOR-US: Node link-preview-js +CVE-2022-25875 (The package svelte before 3.49.0 are vulnerable to Cross-site Scriptin ...) + NOT-FOR-US: svelte +CVE-2022-25874 + RESERVED +CVE-2022-25873 (The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable ...) + NOT-FOR-US: Node vuetify +CVE-2022-25872 (All versions of package fast-string-search are vulnerable to Out-of-bo ...) + NOT-FOR-US: Node fast-string-search +CVE-2022-25871 (All versions of package querymen are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node querymen +CVE-2022-25869 (All versions of package angular are vulnerable to Cross-site Scripting ...) + - angular.js (bug #1036694) + [bookworm] - angular.js (Minor issue) + [bullseye] - angular.js (Minor issue) + [buster] - angular.js (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-JS-ANGULAR-2949781 +CVE-2022-25867 (The package io.socket:socket.io-client before 2.0.1 are vulnerable to ...) + NOT-FOR-US: socket.io-client-java +CVE-2022-25866 (The package czproject/git-php before 4.0.3 are vulnerable to Command I ...) + NOT-FOR-US: git-php +CVE-2022-25865 (The package workspace-tools before 0.18.4 are vulnerable to Command In ...) + NOT-FOR-US: microsoft/workspace-tools +CVE-2022-25863 (The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.1 ...) + NOT-FOR-US: Node gatsby-plugin-mdx +CVE-2022-25862 (This affects the package sds from 0.0.0. The library could be tricked ...) + NOT-FOR-US: Node sds +CVE-2022-25861 + RESERVED +CVE-2022-25860 (Versions of the package simple-git before 3.16.0 are vulnerable to Rem ...) + NOT-FOR-US: Node simple-git +CVE-2022-25859 + RESERVED +CVE-2022-25858 (The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vuln ...) + - node-terser 4.8.1-1 + [bullseye] - node-terser (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-JS-TERSER-2806366 + NOTE: https://github.com/terser/terser/commit/a4da7349fdc92c05094f41d33d06d8cd4e90e76b (v5.14.2) + NOTE: https://github.com/terser/terser/commit/d8cc5691be980d663c29cc4d5ce67e852d597012 (v4.8.1) +CVE-2022-25857 (The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable t ...) + {DLA-3132-1} + - snakeyaml 1.31-1 (bug #1019218) + [bullseye] - snakeyaml 1.28-1+deb11u1 + NOTE: https://bitbucket.org/snakeyaml/snakeyaml/issues/525 + NOTE: https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174 + NOTE: https://security.snyk.io/vuln/SNYK-JAVA-ORGYAML-2806360 +CVE-2022-25856 (The package github.com/argoproj/argo-events/sensors/artifacts before 1 ...) + NOT-FOR-US: github.com/argoproj/argo-events/sensors/artifacts +CVE-2022-25855 (All versions of the package create-choo-app3 are vulnerable to Command ...) + NOT-FOR-US: create-choo-app3 +CVE-2022-25854 (This affects the package @yaireo/tagify before 4.9.8. The package is u ...) + NOT-FOR-US: Tagify +CVE-2022-25853 (All versions of the package semver-tags are vulnerable to Command Inje ...) + NOT-FOR-US: Node semver-tags +CVE-2022-25852 (All versions of package pg-native; all versions of package libpq are v ...) + NOT-FOR-US: Node pgnative +CVE-2022-25851 (The package jpeg-js before 0.4.4 are vulnerable to Denial of Service ( ...) + NOT-FOR-US: jpeg-js +CVE-2022-25850 (The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnera ...) + NOT-FOR-US: hoppscotch proxyscotch +CVE-2022-25849 (The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site S ...) + NOT-FOR-US: joyqi/hyper-down +CVE-2022-25848 (This affects all versions of package static-dev-server. This is becaus ...) + NOT-FOR-US: static-dev-server +CVE-2022-25847 (All versions of the package serve-lite are vulnerable to Cross-site Sc ...) + NOT-FOR-US: serve-lite +CVE-2022-25846 + RESERVED +CVE-2022-25845 (The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deser ...) + NOT-FOR-US: com.alibaba:fastjson +CVE-2022-25844 (The package angular after 1.7.0 are vulnerable to Regular Expression D ...) + - angular.js (bug #1014779) + [bookworm] - angular.js (Minor issue) + [bullseye] - angular.js (Minor issue) + [buster] - angular.js (Minor issue, probably even not-affected) + [stretch] - angular.js (Nodejs in stretch not covered by security support) + NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-2772735 +CVE-2022-25843 + RESERVED +CVE-2022-25842 (All versions of package com.alibaba.oneagent:one-java-agent-plugin are ...) + NOT-FOR-US: alibaba one-java-agent +CVE-2022-25840 + RESERVED +CVE-2022-25839 (The package url-js before 2.1.0 are vulnerable to Improper Input Valid ...) + NOT-FOR-US: Node url-js +CVE-2022-25767 (All versions of package com.bstek.ureport:ureport2-console are vulnera ...) + NOT-FOR-US: youseries/ureport +CVE-2022-25766 (The package ungit before 1.5.20 are vulnerable to Remote Code Executio ...) + NOT-FOR-US: NodeJS ungit +CVE-2022-25765 (The package pdfkit from 0.0.0 are vulnerable to Command Injection wher ...) + NOT-FOR-US: Node pdfkit +CVE-2022-25764 + RESERVED +CVE-2022-25761 (The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before ...) + - open62541 (bug #985909) +CVE-2022-25760 (All versions of package accesslog are vulnerable to Arbitrary Code Inj ...) + NOT-FOR-US: accesslog Nodejs module +CVE-2022-25759 (The package convert-svg-core before 0.6.2 are vulnerable to Remote Cod ...) + NOT-FOR-US: Node convert-svg-core +CVE-2022-25758 (All versions of package scss-tokenizer are vulnerable to Regular Expre ...) + - node-scss-tokenizer (bug #885456) +CVE-2022-25648 (The package git before 1.11.0 are vulnerable to Command Injection via ...) + {DLA-3303-1} + - ruby-git 1.13.1-1 (bug #1009926) + [bullseye] - ruby-git (Minor issue) + NOTE: https://github.com/ruby-git/ruby-git/pull/569 + NOTE: Fixed by: https://github.com/ruby-git/ruby-git/commit/291ca0946bec7164b90ad5c572ac147f512c7159 (v1.11.0) + NOTE: https://security.snyk.io/vuln/SNYK-RUBY-GIT-2421270 +CVE-2022-25647 (The package com.google.code.gson:gson before 2.8.9 are vulnerable to D ...) + {DSA-5227-1 DLA-3100-1 DLA-3001-1} + - libgoogle-gson-java 2.9.0-1 (bug #1010670) + NOTE: https://github.com/google/gson/pull/1991 + NOTE: https://github.com/google/gson/commit/e6fae590cf2a758c47cd5a17f9bf3780ce62c986 (gson-parent-2.8.9) + NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLECODEGSON-1730327 +CVE-2022-25646 (All versions of package x-data-spreadsheet are vulnerable to Cross-sit ...) + NOT-FOR-US: Node x-data-spreadsheet +CVE-2022-25645 (All versions of package dset are vulnerable to Prototype Pollution via ...) + NOT-FOR-US: Node dset +CVE-2022-25644 (All versions of package @pendo324/get-process-by-name are vulnerable t ...) + NOT-FOR-US: Node @pendo324/get-process-by-name +CVE-2022-25354 (The package set-in before 2.0.3 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node set-in +CVE-2022-25353 + RESERVED +CVE-2022-25352 (The package libnested before 1.5.2 are vulnerable to Prototype Polluti ...) + NOT-FOR-US: libnested +CVE-2022-25351 + RESERVED +CVE-2022-25350 (All versions of the package puppet-facter are vulnerable to Command In ...) + NOT-FOR-US: Node puppet-facter (different from src:facter) +CVE-2022-25349 (All versions of package materialize-css are vulnerable to Cross-site S ...) + - materialize (bug #1014727) + NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2766498 + NOTE: https://security.snyk.io/vuln/SNYK-JS-MATERIALIZECSS-2324800 + NOTE: https://github.com/materializecss/materialize/blob/main/js/autocomplete.js#L310 + NOTE: https://github.com/Dogfalo/materialize/blob/v1-dev/js/autocomplete.js#L285 +CVE-2022-25346 + RESERVED +CVE-2022-25345 (All versions of package @discordjs/opus are vulnerable to Denial of Se ...) + NOT-FOR-US: @discordjs/opus +CVE-2022-25324 (All versions of package bignum are vulnerable to Denial of Service (Do ...) + NOT-FOR-US: justmoon/node-bignum +CVE-2022-25304 (All versions of package opcua; all versions of package asyncua are vul ...) + - python-opcua (bug #1021274) + [bullseye] - python-opcua (Minor issue) + [buster] - python-opcua (Minor issue) + NOTE: https://github.com/FreeOpcUa/python-opcua/issues/1466 + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-OPCUA-2988730 +CVE-2022-25303 (The package whoogle-search before 0.7.2 are vulnerable to Cross-site S ...) + NOT-FOR-US: whoogle-search +CVE-2022-25302 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...) + NOT-FOR-US: ASNeG/OpcUaStack +CVE-2022-25301 (All versions of package jsgui-lang-essentials are vulnerable to Protot ...) + NOT-FOR-US: jsgui-lang-essentials +CVE-2022-25300 + RESERVED +CVE-2022-25233 + RESERVED +CVE-2022-25232 + RESERVED +CVE-2022-25231 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) + NOT-FOR-US: node-opcua/node-opcua +CVE-2022-25171 (The package p4 before 0.0.7 are vulnerable to Command Injection via th ...) + NOT-FOR-US: Node p4 +CVE-2022-24913 (Versions of the package com.fasterxml.util:java-merge-sort before 1.1. ...) + NOT-FOR-US: com.fasterxml.util:java-merge-sort +CVE-2022-24912 (The package github.com/runatlantis/atlantis/server/controllers/events ...) + NOT-FOR-US: github.com/runatlantis/atlantis +CVE-2022-24909 + RESERVED +CVE-2022-24441 (The package snyk before 1.1064.0 are vulnerable to Code Injection when ...) + NOT-FOR-US: Snyk +CVE-2022-24440 (The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1 ...) + NOT-FOR-US: cocoapods-downloader +CVE-2022-24439 (All versions of package gitpython are vulnerable to Remote Code Execut ...) + {DLA-3502-1} + - python-git 3.1.30-1 (bug #1027163) + [bullseye] - python-git (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-GITPYTHON-3113858 + NOTE: https://github.com/gitpython-developers/GitPython/commit/787359d80d80225095567340aa5e7ec01847fa9a (3.1.30) + NOTE: https://github.com/gitpython-developers/GitPython/commit/678a8fe08dd466fcfe8676294b52887955138960 (3.1.30) + NOTE: Follow-up fix: https://github.com/gitpython-developers/GitPython/commit/ca965ecc81853bca7675261729143f54e5bf4cdd (3.1.32, pending CVE request with Snyk) +CVE-2022-24438 + RESERVED +CVE-2022-24437 (The package git-pull-or-clone before 2.0.2 are vulnerable to Command I ...) + NOT-FOR-US: Node git-pull-or-clone +CVE-2022-24434 (This affects all versions of package dicer. A malicious attacker can s ...) + - node-superagent (Vulnerable code only exists in Debian autopkgtest support) + NOTE: https://github.com/mscdex/busboy/issues/250 + NOTE: https://github.com/mscdex/dicer/pull/22/commits/b7fca2e93e8e9d4439d8acc5c02f5e54a0112dac + NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2838865 + NOTE: https://snyk.io/vuln/SNYK-JS-DICER-2311764 +CVE-2022-24433 (The package simple-git before 3.3.0 are vulnerable to Command Injectio ...) + NOT-FOR-US: simple-git +CVE-2022-24431 (All versions of package abacus-ext-cmdline are vulnerable to Command I ...) + NOT-FOR-US: abacus-ext-cmdline +CVE-2022-24430 + RESERVED +CVE-2022-24429 (The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary ...) + NOT-FOR-US: Node convert-svg-core +CVE-2022-24381 (All versions of package asneg/opcuastack are vulnerable to Denial of S ...) + NOT-FOR-US: ASNeG/OpcUaStack +CVE-2022-24377 (The package cycle-import-check before 1.3.2 are vulnerable to Command ...) + NOT-FOR-US: cycle-import-check +CVE-2022-24376 (All versions of package git-promise are vulnerable to Command Injectio ...) + NOT-FOR-US: Node git-promise +CVE-2022-24375 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) + NOT-FOR-US: node-opcua/node-opcua +CVE-2022-24373 (The package react-native-reanimated before 3.0.0-rc.1 are vulnerable t ...) + NOT-FOR-US: react-native-reanimated +CVE-2022-24298 (All versions of package freeopcua/freeopcua are vulnerable to Denial o ...) + NOT-FOR-US: FreeOpcUa/freeopcua +CVE-2022-24279 (The package madlib-object-utils before 0.1.8 are vulnerable to Prototy ...) + NOT-FOR-US: madlib-object-utils +CVE-2022-24278 (The package convert-svg-core before 0.6.4 are vulnerable to Directory ...) + NOT-FOR-US: Node convert-svg-core +CVE-2022-24068 + RESERVED +CVE-2022-24066 (The package simple-git before 3.5.0 are vulnerable to Command Injectio ...) + NOT-FOR-US: simple-git +CVE-2022-24065 (The package cookiecutter before 2.1.1 are vulnerable to Command Inject ...) + - cookiecutter (bug #1013279) + [bookworm] - cookiecutter (Minor issue) + [bullseye] - cookiecutter (Minor issue) + [buster] - cookiecutter (Minor issue) + [stretch] - cookiecutter (Minor issue) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-COOKIECUTTER-2414281 + NOTE: https://github.com/cookiecutter/cookiecutter/releases/tag/2.1.1 + NOTE: https://github.com/cookiecutter/cookiecutter/commit/fdffddb31fd2b46344dfa317531ff155e7999f77 +CVE-2022-23923 (All versions of package jailed are vulnerable to Sandbox Bypass via an ...) + NOT-FOR-US: Node jailed +CVE-2022-23920 + RESERVED +CVE-2022-23915 (The package weblate from 0 and before 4.11.1 are vulnerable to Remote ...) + - weblate (bug #745661) +CVE-2022-23812 (This affects the package node-ipc from 10.1.1 and before 10.1.3. This ...) + NOT-FOR-US: Node ipc +CVE-2022-23811 + RESERVED +CVE-2022-22984 (The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2 ...) + NOT-FOR-US: Snyk +CVE-2022-22143 (The package convict before 6.2.2 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node convict +CVE-2022-22138 (All versions of package fast-string-search are vulnerable to Denial of ...) + NOT-FOR-US: Node fast-string-search +CVE-2022-21811 + RESERVED +CVE-2022-21810 (All versions of the package smartctl are vulnerable to Command Injecti ...) + NOT-FOR-US: Node smartctl +CVE-2022-21803 (This affects the package nconf before 0.11.4. When using the memory en ...) + NOT-FOR-US: node nconf +CVE-2022-21802 (The package grapesjs before 0.19.5 are vulnerable to Cross-site Script ...) + NOT-FOR-US: grapejs +CVE-2022-21797 (The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary ...) + {DLA-3193-2} + - joblib 1.2.0-1 (bug #1020820) + [bullseye] - joblib 0.17.0-4+deb11u1 + NOTE: https://github.com/joblib/joblib/issues/1128 + NOTE: https://github.com/joblib/joblib/pull/1321 + NOTE: Better fix: https://github.com/joblib/joblib/pull/1327 + NOTE: Fixed by: https://github.com/joblib/joblib/commit/54f4d21f098591c77b48c9acfffaa4cf0a45282b (1.2.0) + NOTE: https://security.snyk.io/vuln/SNYK-PYTHON-JOBLIB-3027033 +CVE-2022-21235 (The package github.com/masterminds/vcs before 1.13.3 are vulnerable to ...) + NOT-FOR-US: github.com/masterminds/vcs +CVE-2022-21232 + RESERVED +CVE-2022-21231 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node deep-get-set +CVE-2022-21230 (This affects all versions of package org.nanohttpd:nanohttpd. Whenever ...) + NOT-FOR-US: NanoHTTPD Java +CVE-2022-21227 (The package sqlite3 before 5.0.3 are vulnerable to Denial of Service ( ...) + - node-sqlite3 5.0.6+ds1-1 + [bullseye] - node-sqlite3 5.0.0+ds1-1+deb11u1 + [buster] - node-sqlite3 (Vulnerable code introduced later) + [stretch] - node-sqlite3 (Nodejs in stretch not covered by security support) + NOTE: https://github.com/advisories/GHSA-9qrh-qjmc-5w2p + NOTE: Fixed by: https://github.com/TryGhost/node-sqlite3/commit/593c9d498be2510d286349134537e3bf89401c4a (v5.0.3) + NOTE: https://security.snyk.io/vuln/SNYK-JS-SQLITE3-2388645 + NOTE: Introduced by: https://github.com/TryGhost/node-sqlite3/commit/dd3ef522088bb5cafede25b9fe661f892b6f10ba (v5.0.0) +CVE-2022-21223 (The package cocoapods-downloader before 1.6.2 are vulnerable to Comman ...) + NOT-FOR-US: cocoapods-downloader +CVE-2022-21222 (The package css-what before 2.1.3 are vulnerable to Regular Expression ...) + {DLA-3350-1} + - node-css-what 5.0.1-1 (bug #1032188) + [bullseye] - node-css-what 4.0.0-3+deb11u1 + NOTE: https://security.snyk.io/vuln/SNYK-JS-CSSWHAT-3035488 + NOTE: ReDoS issue fixed with rewrite of module to TypeScript + NOTE: Not fixed in 4.0.0 see https://sources.debian.org/src/node-css-what/4.0.0-3/src/parse.ts/#L84 + NOTE: Fixed by https://github.com/fb55/css-what/pull/503/commits/46b0dbd6f38fb375da02208426f93f87f7169b7e +CVE-2022-21221 (The package github.com/valyala/fasthttp before 1.34.0 are vulnerable t ...) + NOT-FOR-US: github.com/valyala/fasthttp +CVE-2022-21213 (This affects all versions of package mout. The deepFillIn function can ...) + NOT-FOR-US: mout +CVE-2022-21211 (This affects all versions of package posix. When invoking the toString ...) + NOT-FOR-US: Node posix +CVE-2022-21208 (The package node-opcua before 2.74.0 are vulnerable to Denial of Servi ...) + NOT-FOR-US: node-opcua/node-opcua +CVE-2022-21195 (All versions of package url-regex are vulnerable to Regular Expression ...) + NOT-FOR-US: AlexFlipnote/url_regex +CVE-2022-21192 (All versions of the package serve-lite are vulnerable to Directory Tra ...) + NOT-FOR-US: serve-lite +CVE-2022-21191 (Versions of the package global-modules-path before 3.0.0 are vulnerabl ...) + NOT-FOR-US: Node global-modules-path +CVE-2022-21190 (This affects the package convict before 6.2.3. This is a bypass of [CV ...) + NOT-FOR-US: Node convict +CVE-2022-21189 (The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-al ...) + NOT-FOR-US: dexie +CVE-2022-21187 (The package libvcs before 0.11.1 are vulnerable to Command Injection v ...) + NOT-FOR-US: libvcs +CVE-2022-21186 (The package @acrontum/filesystem-template before 0.0.2 are vulnerable ...) + NOT-FOR-US: acrontum/filesystem-template +CVE-2022-21169 (The package express-xss-sanitizer before 1.1.3 are vulnerable to Proto ...) + NOT-FOR-US: express-xss-sanitizer +CVE-2022-21167 (All versions of package masuit.tools.core are vulnerable to Arbitrary ...) + NOT-FOR-US: masuit.tools +CVE-2022-21165 (All versions of package font-converter are vulnerable to Arbitrary Com ...) + NOT-FOR-US: zgec/node-js-font-converter +CVE-2022-21164 (The package node-lmdb before 0.9.7 are vulnerable to Denial of Service ...) + NOT-FOR-US: Node lmdb +CVE-2022-21149 (The package s-cart/s-cart before 6.9; the package s-cart/core before 6 ...) + NOT-FOR-US: s-cart/core +CVE-2022-21144 (This affects all versions of package libxmljs. When invoking the libxm ...) + NOT-FOR-US: Node libxmljs +CVE-2022-21129 (Versions of the package nemo-appium before 0.0.9 are vulnerable to Com ...) + NOT-FOR-US: nemo-appium +CVE-2022-21126 (The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to ...) + NOT-FOR-US: com.github.samtools:htsjdk +CVE-2022-21122 (The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Exe ...) + NOT-FOR-US: Node metacalc +CVE-2022-0758 (Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cr ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2022-0757 (Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL I ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2022-0756 (Missing Authorization in GitHub repository salesagility/suitecrm prior ...) + NOT-FOR-US: SuiteCRM +CVE-2022-0755 (Missing Authorization in GitHub repository salesagility/suitecrm prior ...) + NOT-FOR-US: SuiteCRM +CVE-2022-0754 (SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12 ...) + NOT-FOR-US: SuiteCRM +CVE-2022-0753 (Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/h ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-0752 (Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hes ...) + NOT-FOR-US: Hestia Control Panel +CVE-2022-0751 (Inaccurate display of Snippet files containing special characters in a ...) + [experimental] - gitlab 14.6.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2022-0750 (The Photoswipe Masonry Gallery WordPress plugin is vulnerable to Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0749 (This affects all versions of package SinGooCMS.Utility. The socket cli ...) + NOT-FOR-US: SinGooCMS +CVE-2022-0748 (The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Ex ...) + NOT-FOR-US: Node post-loader +CVE-2022-0747 (The Infographic Maker WordPress plugin before 4.3.8 does not validate ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0746 (Business Logic Errors in GitHub repository dolibarr/dolibarr prior to ...) + - dolibarr +CVE-2022-0745 (The Like Button Rating WordPress plugin before 2.6.45 allows any logge ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0744 + RESERVED +CVE-2022-25838 (Laravel Fortify before 1.11.1 allows reuse within a short time window, ...) + NOT-FOR-US: Laravel Fortify +CVE-2022-25837 (Bluetooth\xae Pairing in Bluetooth Core Specification v1.0B through v5 ...) + NOT-FOR-US: Bluetooth protocol issue +CVE-2022-25836 (Bluetooth\xae Low Energy Pairing in Bluetooth Core Specification v4.0 ...) + NOT-FOR-US: Bluetooth protocol issue +CVE-2022-25835 + RESERVED +CVE-2022-25834 (In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, ...) + - percona-xtrabackup +CVE-2022-25833 (Improper authentication in ImsService prior to SMR Apr-2022 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2022-25832 (Improper authentication vulnerability in S Secure prior to SMR Apr-202 ...) + NOT-FOR-US: Samsung +CVE-2022-25831 (Improper access control vulnerability in S Secure prior to SMR Apr-202 ...) + NOT-FOR-US: Samsung +CVE-2022-25830 (Information Exposure vulnerability in Galaxy Watch3 Plugin prior to ve ...) + NOT-FOR-US: Samsung +CVE-2022-25829 (Information Exposure vulnerability in Watch Active2 Plugin prior to ve ...) + NOT-FOR-US: Samsung +CVE-2022-25828 (Information Exposure vulnerability in Watch Active Plugin prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-25827 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-25826 (Information Exposure vulnerability in Galaxy S3 Plugin prior to versio ...) + NOT-FOR-US: Samsung +CVE-2022-25825 (Improper access control vulnerability in Samsung Account prior to vers ...) + NOT-FOR-US: Samsung +CVE-2022-25824 (Improper access control vulnerability in BixbyTouch prior to version 2 ...) + NOT-FOR-US: Samsung +CVE-2022-25823 (Information Exposure vulnerability in Galaxy Watch Plugin prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-25822 (An use after free vulnerability in sdp driver prior to SMR Mar-2022 Re ...) + NOT-FOR-US: Samsung +CVE-2022-25821 (Improper use of SMS buffer pointer in Shannon baseband prior to SMR Ma ...) + NOT-FOR-US: Samsung +CVE-2022-25820 (A vulnerable design in fingerprint matching algorithm prior to SMR Mar ...) + NOT-FOR-US: Samsung +CVE-2022-25819 (OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Rele ...) + NOT-FOR-US: Samsung +CVE-2022-25818 (Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 a ...) + NOT-FOR-US: Samsung +CVE-2022-25817 (Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2022-25816 (Improper authentication in Samsung Lock and mask apps setting prior to ...) + NOT-FOR-US: Samsung +CVE-2022-25815 (PendingIntent hijacking vulnerability in Weather application prior to ...) + NOT-FOR-US: Samsung +CVE-2022-25814 (PendingIntent hijacking vulnerability in Wearable Manager Installer pr ...) + NOT-FOR-US: Samsung +CVE-2022-0743 (Cross-site Scripting (XSS) - Stored in GitHub repository getgrav/grav ...) + NOT-FOR-US: Grav CMS +CVE-2019-25058 (An issue was discovered in USBGuard before 1.1.0. On systems with the ...) + {DLA-2979-1} + [experimental] - usbguard 1.1.0+ds-1 + - usbguard 1.1.0+ds-2 (bug #1008026) + [bullseye] - usbguard (Minor issue) + [buster] - usbguard (Minor issue) + NOTE: https://github.com/USBGuard/usbguard/issues/273 + NOTE: https://github.com/USBGuard/usbguard/issues/403 + NOTE: https://github.com/USBGuard/usbguard/pull/531 +CVE-2022-25813 (In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-25812 (The Transposh WordPress Translation WordPress plugin before 1.0.8 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25811 (The Transposh WordPress Translation WordPress plugin through 1.0.8 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25810 (The Transposh WordPress Translation WordPress plugin through 1.0.8 exp ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0742 (Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a rem ...) + - linux 5.16.14-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2d3916f3189172d5c69d33065c3c21119fe539fc (5.17-rc7) + NOTE: https://www.openwall.com/lists/oss-security/2022/03/15/3 +CVE-2022-0741 (Improper input validation in all versions of GitLab CE/EE using sendma ...) + [experimental] - gitlab 14.6.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2022-0740 (Incorrect authorization in the Asana integration's branch restriction ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0739 (The BookingPress WordPress plugin before 1.0.11 fails to properly sani ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0738 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab (Vulnerable code introduced later) + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2022-0737 (The Text Hover WordPress plugin before 4.2 does not sanitize and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0736 (Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1. ...) + NOT-FOR-US: mlflow +CVE-2022-0735 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + [experimental] - gitlab 14.6.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2021-4223 + RESERVED +CVE-2022-25809 (Improper Neutralization of audio output from 3rd and 4th Generation Am ...) + NOT-FOR-US: Amazon Echo Dot devices +CVE-2022-25808 + RESERVED +CVE-2022-25807 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) + NOT-FOR-US: IGEL UMS +CVE-2022-25806 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) + NOT-FOR-US: IGEL UMS +CVE-2022-25805 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) + NOT-FOR-US: IGEL UMS +CVE-2022-25804 (An issue was discovered in the IGEL Universal Management Suite (UMS) 6 ...) + NOT-FOR-US: IGEL UMS +CVE-2022-25803 (Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect ...) + - request-tracker5 5.0.3+dfsg-1 +CVE-2022-25802 (Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 ...) + {DSA-5181-1} + - request-tracker5 5.0.3+dfsg-1 + - request-tracker4 4.4.6+dfsg-1 +CVE-2022-25801 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...) + NOT-FOR-US: Best Practical RT for Incident Response +CVE-2022-25800 (Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x be ...) + NOT-FOR-US: Best Practical RT for Incident Response +CVE-2022-25799 (An open redirect vulnerability exists in CERT/CC VINCE software prior ...) + NOT-FOR-US: CERT/CC VINCE +CVE-2022-25798 + RESERVED +CVE-2022-25797 (A maliciously crafted PDF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) + NOT-FOR-US: Autodesk +CVE-2022-25796 (A Double Free vulnerability allows remote malicious actors to execute ...) + NOT-FOR-US: Autodesk +CVE-2022-25795 (A Memory Corruption Vulnerability in Autodesk TrueView 2022 and 2021 m ...) + NOT-FOR-US: Autodesk +CVE-2022-25794 (An Out-Of-Bounds Read Vulnerability in Autodesk FBX Review version 1.5 ...) + NOT-FOR-US: Autodesk +CVE-2022-25793 (A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, ...) + NOT-FOR-US: Autodesk +CVE-2022-25792 (A maliciously crafted DXF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) + NOT-FOR-US: Autodesk +CVE-2022-25791 (A Memory Corruption vulnerability for DWF and DWFX files in Autodesk A ...) + NOT-FOR-US: Autodesk +CVE-2022-25790 (A maliciously crafted DWF file in Autodesk AutoCAD 2022, 2021, 2020, 2 ...) + NOT-FOR-US: Autodesk +CVE-2022-25789 (A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022 ...) + NOT-FOR-US: Autodesk +CVE-2022-25788 (A maliciously crafted JT file in Autodesk AutoCAD 2022 may be used to ...) + NOT-FOR-US: Autodesk +CVE-2022-25787 (Information Exposure Through Query Strings in GET Request vulnerabilit ...) + NOT-FOR-US: Secomea +CVE-2022-25786 (Unprotected Alternate Channel vulnerability in debug console of GateMa ...) + NOT-FOR-US: Secomea +CVE-2022-25785 (Stack-based Buffer Overflow vulnerability in SiteManager allows logged ...) + NOT-FOR-US: Secomea +CVE-2022-25784 (Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager all ...) + NOT-FOR-US: Secomea +CVE-2022-25783 (Insufficient Logging vulnerability in web server of Secomea GateManage ...) + NOT-FOR-US: Secomea +CVE-2022-25782 (Improper Handling of Insufficient Privileges vulnerability in Web UI o ...) + NOT-FOR-US: Secomea +CVE-2022-25781 (Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateMana ...) + NOT-FOR-US: Secomea +CVE-2022-25780 (Information Exposure vulnerability in web UI of Secomea GateManager al ...) + NOT-FOR-US: Secomea +CVE-2022-25779 (Logging of Excessive Data vulnerability in audit log of Secomea GateMa ...) + NOT-FOR-US: Secomea +CVE-2022-25778 (Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea G ...) + NOT-FOR-US: Secomea +CVE-2022-25777 + RESERVED +CVE-2022-25776 + RESERVED +CVE-2022-25775 + RESERVED +CVE-2022-25774 + RESERVED +CVE-2022-25773 + RESERVED +CVE-2022-25772 (A cross-site scripting (XSS) vulnerability in the web tracking compone ...) + NOT-FOR-US: Mautic +CVE-2022-25771 + RESERVED +CVE-2022-25770 + RESERVED +CVE-2022-25769 + RESERVED +CVE-2022-25768 + RESERVED +CVE-2022-25763 (Improper Input Validation vulnerability in HTTP/2 request validation o ...) + {DSA-5206-1 DLA-3279-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2022-21182 (A privilege escalation vulnerability exists in the router configuratio ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-0734 (A cross-site scripting vulnerability was identified in the CGI program ...) + NOT-FOR-US: Zyxel +CVE-2022-0733 + RESERVED +CVE-2022-0732 (The backend infrastructure shared by multiple mobile device monitoring ...) + NOT-FOR-US: Various vendors for Mobile device monitoring services +CVE-2022-0731 (Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr ...) + - dolibarr +CVE-2022-26874 (lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows ...) + {DLA-3089-1 DLA-3045-1} + - php-horde-mime-viewer 2.2.4+debian0-1 + NOTE: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email/ + NOTE: Introduced by: https://github.com/horde/Mime_Viewer/commit/325a7ae2663dd9c50e85fe515033454669f16f28 + NOTE: Fixed by: https://github.com/horde/Mime_Viewer/commit/02b46cec1a7e8f1a6835b628850cd56b85963bb5 (2.2.4) +CVE-2022-25762 (If a web application sends a WebSocket message concurrently with the W ...) + - tomcat9 9.0.22-1 + - tomcat8 + [stretch] - tomcat8 (Possibly backwards incompatible changes) + NOTE: https://github.com/apache/tomcat/commit/e2d5a040b962a904db5264b3cb3282c6b05f823c (9.0.21) + NOTE: https://github.com/apache/tomcat/commit/7046644bf361b89afc246b6643e24ce2ae60cacc (9.0.21) + NOTE: https://github.com/apache/tomcat/commit/339b40bc07bdba9ded565929b9a3448c5a78f015 (9.0.21) + NOTE: https://github.com/apache/tomcat/commit/65fb1ee548111021edde247f3b3c409ec95a5183 (9.0.21) + NOTE: https://github.com/apache/tomcat/commit/01f2cf25b270a84d0daeefc4f215aa2f56e1df99 (8.5.76) +CVE-2022-25757 (In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys ...) + NOT-FOR-US: Apache APISIX +CVE-2022-25756 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25755 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25754 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25753 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25752 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25751 (A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCA ...) + NOT-FOR-US: Siemens SCALANCE +CVE-2022-25750 (Memory corruption in BTHOST due to double free while music playback an ...) + NOT-FOR-US: Qualcomm +CVE-2022-25749 (Transient Denial-of-Service in WLAN due to buffer over-read while pars ...) + NOT-FOR-US: Qualcomm +CVE-2022-25748 (Memory corruption in WLAN due to integer overflow to buffer overflow w ...) + NOT-FOR-US: Qualcomm +CVE-2022-25747 (Information disclosure in modem due to improper input validation durin ...) + NOT-FOR-US: Qualcomm +CVE-2022-25746 (Memory corruption in kernel due to missing checks when updating the ac ...) + NOT-FOR-US: Qualcomm +CVE-2022-25745 (Memory corruption in modem due to improper input validation while hand ...) + NOT-FOR-US: Qualcomm +CVE-2022-25744 + RESERVED +CVE-2022-25743 (Memory corruption in graphics due to use-after-free while importing gr ...) + NOT-FOR-US: Snapdragon +CVE-2022-25742 (Denial of service in modem due to infinite loop while parsing IGMPv2 p ...) + NOT-FOR-US: Snapdragon +CVE-2022-25741 (Denial of service in WLAN due to potential null pointer dereference wh ...) + NOT-FOR-US: Snapdragon +CVE-2022-25740 (Memory corruption in modem due to buffer overwrite while building an I ...) + NOT-FOR-US: Qualcomm +CVE-2022-25739 (Denial of service in modem due to missing null check while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25738 (Information disclosure in modem due to buffer over-red while performin ...) + NOT-FOR-US: Qualcomm +CVE-2022-25737 (Information disclosure in modem due to missing NULL check while readi ...) + NOT-FOR-US: Qualcomm +CVE-2022-25736 (Denial of service in WLAN due to out-of-bound read happens while proce ...) + NOT-FOR-US: Qualcomm +CVE-2022-25735 (Denial of service in modem due to missing null check while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25734 (Denial of service in modem due to missing null check while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25733 (Denial of service in modem due to null pointer dereference while proce ...) + NOT-FOR-US: Qualcomm +CVE-2022-25732 (Information disclosure in modem due to buffer over read in dns client ...) + NOT-FOR-US: Qualcomm +CVE-2022-25731 (Information disclosure in modem due to buffer over-read while processi ...) + NOT-FOR-US: Qualcomm +CVE-2022-25730 (Information disclosure in modem due to improper check of IP type while ...) + NOT-FOR-US: Qualcomm +CVE-2022-25729 (Memory corruption in modem due to improper length check while copying ...) + NOT-FOR-US: Qualcomm +CVE-2022-25728 (Information disclosure in modem due to buffer over-read while processi ...) + NOT-FOR-US: Qualcomm +CVE-2022-25727 (Memory Corruption in modem due to improper length check while copying ...) + NOT-FOR-US: Snapdragon +CVE-2022-25726 (Information disclosure in modem data due to array out of bound access ...) + NOT-FOR-US: Qualcomm +CVE-2022-25725 (Denial of service in MODEM due to improper pointer handling) + NOT-FOR-US: Qualcomm +CVE-2022-25724 (Memory corruption in graphics due to buffer overflow while validating ...) + NOT-FOR-US: Snapdragon +CVE-2022-25723 (Memory corruption in multimedia due to use after free during callback ...) + NOT-FOR-US: Snapdragon +CVE-2022-25722 (Information exposure in DSP services due to improper handling of freei ...) + NOT-FOR-US: Qualcomm +CVE-2022-25721 (Memory corruption in video driver due to type confusion error during v ...) + NOT-FOR-US: Qualcomm +CVE-2022-25720 (Memory corruption in WLAN due to out of bound array access during conn ...) + NOT-FOR-US: Qualcomm +CVE-2022-25719 (Information disclosure in WLAN due to improper length check while proc ...) + NOT-FOR-US: Qualcomm +CVE-2022-25718 (Cryptographic issue in WLAN due to improper check on return value whil ...) + NOT-FOR-US: Qualcomm +CVE-2022-25717 (Memory corruption in display due to double free while allocating frame ...) + NOT-FOR-US: Qualcomm +CVE-2022-25716 (Memory corruption in Multimedia Framework due to unsafe access to the ...) + NOT-FOR-US: Qualcomm +CVE-2022-25715 (Memory corruption in display driver due to incorrect type casting whil ...) + NOT-FOR-US: Qualcomm +CVE-2022-25714 + RESERVED +CVE-2022-25713 (Memory corruption in Automotive due to Improper Restriction of Operati ...) + NOT-FOR-US: Qualcomm +CVE-2022-25712 (Memory corruption in camera due to buffer copy without checking size o ...) + NOT-FOR-US: Snapdragon +CVE-2022-25711 (Memory corruption in camera due to improper validation of array index ...) + NOT-FOR-US: Snapdragon +CVE-2022-25710 (Denial of service due to null pointer dereference when GATT is disconn ...) + NOT-FOR-US: Snapdragon +CVE-2022-25709 (Memory corruption in modem due to use of out of range pointer offset w ...) + NOT-FOR-US: Qualcomm +CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...) + NOT-FOR-US: Qualcomm +CVE-2022-25707 + RESERVED +CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...) + NOT-FOR-US: Qualcomm +CVE-2022-25705 (Memory corruption in modem due to integer overflow to buffer overflow ...) + NOT-FOR-US: Qualcomm +CVE-2022-25704 + RESERVED +CVE-2022-25703 + RESERVED +CVE-2022-25702 (Denial of service in modem due to reachable assertion while processing ...) + NOT-FOR-US: Snapdragon +CVE-2022-25701 + RESERVED +CVE-2022-25700 + RESERVED +CVE-2022-25699 + RESERVED +CVE-2022-25698 (Memory corruption in SPI buses due to improper input validation while ...) + NOT-FOR-US: Snapdragon +CVE-2022-25697 (Memory corruption in i2c buses due to improper input validation while ...) + NOT-FOR-US: Snapdragon +CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...) + NOT-FOR-US: Qualcomm +CVE-2022-25695 (Memory corruption in MODEM due to Improper Validation of Array Index w ...) + NOT-FOR-US: Snapdragon +CVE-2022-25694 (Memory corruption in Modem due to usage of Out-of-range pointer offset ...) + NOT-FOR-US: Qualcomm +CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...) + NOT-FOR-US: Qualcomm +CVE-2022-25692 (Denial of service in Modem due to reachable assertion while processing ...) + NOT-FOR-US: Snapdragon +CVE-2022-25691 (Denial of service in Modem due to reachable assertion while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...) + NOT-FOR-US: Qualcomm +CVE-2022-25689 (Denial of service in Modem due to reachable assertion in Snapdragon Mo ...) + NOT-FOR-US: Qualcomm +CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...) + NOT-FOR-US: Qualcomm +CVE-2022-25687 (memory corruption in video due to buffer overflow while parsing asf cl ...) + NOT-FOR-US: Snapdragon +CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...) + NOT-FOR-US: Qualcomm +CVE-2022-25685 (Denial of service in Modem module due to improper authorization while ...) + NOT-FOR-US: Snapdragon +CVE-2022-25684 + RESERVED +CVE-2022-25683 + RESERVED +CVE-2022-25682 (Memory corruption in MODEM UIM due to usage of out of range pointer of ...) + NOT-FOR-US: Qualcomm +CVE-2022-25681 (Possible memory corruption in kernel while performing memory access du ...) + NOT-FOR-US: Qualcomm +CVE-2022-25680 (Memory corruption in multimedia due to buffer overflow while processin ...) + NOT-FOR-US: Snapdragon +CVE-2022-25679 (Denial of service in video due to improper access control in broadcast ...) + NOT-FOR-US: Snapdragon +CVE-2022-25678 (Memory correction in modem due to buffer overwrite during coap connect ...) + NOT-FOR-US: Qualcomm +CVE-2022-25677 (Memory corruption in diag due to use after free while processing dci p ...) + NOT-FOR-US: Qualcomm +CVE-2022-25676 (Information disclosure in video due to buffer over-read while parsing ...) + NOT-FOR-US: Snapdragon +CVE-2022-25675 (Denial of service due to reachable assertion in modem while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25674 (Cryptographic issues in WLAN during the group key handshake of the WPA ...) + NOT-FOR-US: Snapdragon +CVE-2022-25673 (Denial of service in MODEM due to reachable assertion while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25672 (Denial of service in MODEM due to reachable assertion while processing ...) + NOT-FOR-US: Qualcomm +CVE-2022-25671 (Denial of service in MODEM due to reachable assertion in Snapdragon Mo ...) + NOT-FOR-US: Snapdragon +CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...) + NOT-FOR-US: Qualcomm +CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...) + NOT-FOR-US: Qualcomm +CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...) + NOT-FOR-US: Snapdragon +CVE-2022-25667 (Information disclosure in kernel due to improper handling of ICMP requ ...) + NOT-FOR-US: Snapdragon +CVE-2022-25666 (Memory corruption due to use after free in service while trying to acc ...) + NOT-FOR-US: Snapdragon +CVE-2022-25665 (Information disclosure due to buffer over read in kernel in Snapdragon ...) + NOT-FOR-US: Snapdragon +CVE-2022-25664 (Information disclosure due to exposure of information while GPU reads ...) + NOT-FOR-US: Snapdragon +CVE-2022-25663 (Possible buffer overflow due to lack of buffer length check during man ...) + NOT-FOR-US: Snapdragon +CVE-2022-25662 (Information disclosure due to untrusted pointer dereference in kernel ...) + NOT-FOR-US: Snapdragon +CVE-2022-25661 (Memory corruption due to untrusted pointer dereference in kernel in Sn ...) + NOT-FOR-US: Snapdragon +CVE-2022-25660 (Memory corruption due to double free issue in kernel in Snapdragon Aut ...) + NOT-FOR-US: Snapdragon +CVE-2022-25659 (Memory corruption due to buffer overflow while parsing MKV clips with ...) + NOT-FOR-US: Qualcomm +CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attempting ...) + NOT-FOR-US: Qualcomm +CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing inval ...) + NOT-FOR-US: Qualcomm +CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...) + NOT-FOR-US: Qualcomm +CVE-2022-25655 (Memory corruption in WLAN HAL while arbitrary value is passed in WMI U ...) + NOT-FOR-US: Qualcomm +CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...) + NOT-FOR-US: Qualcomm +CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...) + NOT-FOR-US: Qualcomm +CVE-2022-25652 (Cryptographic issues in BSP due to improper hash verification in Snapd ...) + NOT-FOR-US: Qualcomm +CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2022-25172 (An information disclosure vulnerability exists in the web interface se ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-25170 (The affected product is vulnerable to a stack-based buffer overflow wh ...) + NOT-FOR-US: FATEK Automation +CVE-2022-24910 (A buffer overflow vulnerability exists in the httpd parse_ping_result ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-23985 (The affected product is vulnerable to an out-of-bounds write while pro ...) + NOT-FOR-US: FATEK Automation +CVE-2022-21809 (A file write vulnerability exists in the httpd upload.cgi functionalit ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-21238 (A cross-site scripting (xss) vulnerability exists in the info.jsp func ...) + NOT-FOR-US: InHand Networks InRouter302 +CVE-2022-21209 (The affected product is vulnerable to an out-of-bounds read while proc ...) + NOT-FOR-US: FATEK Automation +CVE-2022-0730 (Under certain ldap conditions, Cacti authentication can be bypassed wi ...) + {DSA-5298-1 DLA-3252-1 DLA-2965-1} + - cacti 1.2.20+ds1-1 (bug #1008693) + NOTE: https://github.com/Cacti/cacti/issues/4562 + NOTE: https://github.com/Cacti/cacti/commit/1386bdbf7f845a32e24ac9415f3ebb7932e77fe7 (1.2.x) + NOTE: https://github.com/Cacti/cacti/commit/8694bf28edad723585915a97b95fbf5b1816a02b (1.2.x) + NOTE: https://github.com/Cacti/cacti/commit/0bb77ee9b4d1c7a99e0140b88789e050e523e628 (1.2.x) +CVE-2022-0729 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/f3f3d992-7bd6-4ee5-a502-ae0e5f8016ea + NOTE: https://github.com/vim/vim/commit/6456fae9ba8e72c74b2c0c499eaf09974604ff30 (v8.2.4440) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0728 (The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0727 (Improper Access Control in GitHub repository chocobozzz/peertube prior ...) + - peertube (bug #950821) +CVE-2022-0726 (Missing Authorization in GitHub repository chocobozzz/peertube prior t ...) + - peertube (bug #950821) +CVE-2022-0725 (A flaw was found in keepass. The vulnerability occurs due to logging t ...) + NOTE: Non-issue, broken report against keepass2, couldn't be reproduced with + NOTE: Debian, Fedora and by upstream, see bug #1008022 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052696 + NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/da7546b7e1/ + NOTE: https://sourceforge.net/p/keepass/discussion/329220/thread/33d6afdc/ +CVE-2022-0724 (Insecure Storage of Sensitive Information in GitHub repository microwe ...) + NOT-FOR-US: microweber +CVE-2022-0723 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-0722 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: Node parse-url +CVE-2022-0721 (Insertion of Sensitive Information Into Debugging Code in GitHub repos ...) + NOT-FOR-US: microweber +CVE-2022-0720 (The Amelia WordPress plugin before 1.0.47 does not have proper authori ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0719 (Cross-site Scripting (XSS) - Reflected in GitHub repository microweber ...) + NOT-FOR-US: microweber +CVE-2022-0718 (A flaw was found in python-oslo-utils. Due to improper parsing, passwo ...) + {DLA-3106-1} + - python-oslo.utils 4.10.1-1 + [bullseye] - python-oslo.utils (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056850 + NOTE: https://bugs.launchpad.net/oslo.utils/+bug/1949623 + NOTE: Fixed by: https://opendev.org/openstack/oslo.utils/commit/6e17ae1f7959c64dfd20a5f67edf422e702426aa (4.12.1) + NOTE: Fixed by: https://opendev.org/openstack/oslo.utils/commit/5ce8a7f0f8ecec7a85a23ec3d7a7fb1cad14ceba (4.10.1) +CVE-2022-25643 (seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with es ...) + - seatd 0.6.4-1 (bug #1006308) + NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E +CVE-2022-25642 (Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted ch ...) + NOT-FOR-US: Obyte (formerly Byteball) Wallet +CVE-2022-25641 (Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and Phant ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-25640 (In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a re ...) + - wolfssl 5.2.0-1 + [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 + NOTE: https://github.com/wolfSSL/wolfssl/pull/4831 + NOTE: https://github.com/wolfSSL/wolfssl/commit/3cdb1c639da94a9dc8c75590d0ec475e7f27c226 (v5.2.0-stable) + NOTE: https://github.com/wolfSSL/wolfssl/commit/b60d2dccce9110fd2b985d99063e524e39bdf6f7 (v5.2.0-stable) +CVE-2022-25639 + RESERVED +CVE-2022-25638 (In wolfSSL before 5.2.0, certificate validation may be bypassed during ...) + - wolfssl 5.2.0-1 + [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 + NOTE: https://github.com/wolfSSL/wolfssl/pull/4813 + NOTE: https://github.com/wolfSSL/wolfssl/commit/e13861bcde8015bb99ddb034224afb66e2fb89b8 (v5.2.0-stable) + NOTE: https://github.com/wolfSSL/wolfssl/commit/08047b2d959ee5e21a4a2c672308f45fec61f059 (v5.2.0-stable) +CVE-2022-25637 + RESERVED +CVE-2022-25635 (Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnera ...) + NOT-FOR-US: Realtek Linux/Android Bluetooth Mesh SDK +CVE-2022-25634 (Qt through 5.15.8 and 6.x through 6.2.3 can load system library files ...) + - qt6-base (Vulnerable code specific to Windows platform) + - qtbase-opensource-src (Vulnerable code specific to Windows platform) + - qtbase-opensource-src-gles (Vulnerable code is specific to Windows platform) + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396440 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396689 +CVE-2022-25633 + RESERVED +CVE-2022-25632 + RESERVED +CVE-2022-25631 (Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may ...) + NOT-FOR-US: Symantec +CVE-2022-25630 (An authenticated user can embed malicious content with XSS into the ad ...) + NOT-FOR-US: Symantec Messaging Gateway +CVE-2022-25629 (An authenticated user who has the privilege to add/edit annotations on ...) + NOT-FOR-US: Symantec Messaging Gateway +CVE-2022-25628 (An authenticated user can perform XML eXternal Entity injection in Man ...) + NOT-FOR-US: Symantec Identity Manager +CVE-2022-25627 (An authenticated administrator who has physical access to the environm ...) + NOT-FOR-US: Symantec Identity Manager +CVE-2022-25626 (An unauthenticated user can access Identity Manager\u2019s management ...) + NOT-FOR-US: Symantec Identity Manager +CVE-2022-25625 (A malicious unauthorized PAM user can access the administration config ...) + NOT-FOR-US: Symantec +CVE-2022-25624 + RESERVED +CVE-2022-25623 (The Symantec Management Agent is susceptible to a privilege escalation ...) + NOT-FOR-US: Symantec +CVE-2022-25325 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...) + NOT-FOR-US: CX-Programmer +CVE-2022-25234 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...) + NOT-FOR-US: CX-Programmer +CVE-2022-25230 (Use after free vulnerability in CX-Programmer v9.76.1 and earlier whic ...) + NOT-FOR-US: CX-Programmer +CVE-2022-21219 (Out-of-bounds read vulnerability in CX-Programmer v9.76.1 and earlier ...) + NOT-FOR-US: CX-Programmer +CVE-2022-21124 (Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier ...) + NOT-FOR-US: CX-Programmer +CVE-2022-0717 (Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/27a851a5-7ebf-409b-854f-b2614771e8f9 + NOTE: https://github.com/mruby/mruby/commit/f72315575f78a9a773adbce0ee7d3ec33434cb76 +CVE-2022-0716 + RESERVED +CVE-2022-0715 (A CWE-287: Improper Authentication vulnerability exists that could cau ...) + NOT-FOR-US: Schneider Electric +CVE-2022-0714 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4 ...) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/db70e8db-f309-4f3c-986c-e69d2415c3b3 + NOTE: https://github.com/vim/vim/commit/4e889f98e95ac05d7c8bd3ee933ab4d47820fdfa (v8.2.4436) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0713 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/d35b3dff-768d-4a09-a742-c18ca8f56d3c + NOTE: https://github.com/radareorg/radare2/commit/a35f89f86ed12161af09330e92e5a213014e46a1 +CVE-2022-25636 (net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 a ...) + {DSA-5095-1} + - linux 5.16.11-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/2 + NOTE: https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ +CVE-2022-25622 (A vulnerability has been identified in SIMATIC CFU DIQ, SIMATIC CFU PA ...) + NOT-FOR-US: Siemens +CVE-2022-25621 (UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and ...) + NOT-FOR-US: UUNIVERGE +CVE-2022-25620 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + NOT-FOR-US: Profelis IT Consultancy SambaBox +CVE-2022-25619 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Profelis IT Consultancy SambaBox +CVE-2022-25618 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25617 (Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets pl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25616 + RESERVED +CVE-2022-25615 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom \u2013 Zoom ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25614 (Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom \u2013 Zoom ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25613 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in F ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25612 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25611 (Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planne ...) + NOT-FOR-US: Simple Event Planner plugin +CVE-2022-25610 (Unauthenticated Stored Cross-Site Scripting (XSS) in Simple Ajax Chat ...) + NOT-FOR-US: Simple Ajax Chat +CVE-2022-25609 (Stored Cross-Site Scripting (XSS) in Yoo Slider \u2013 Image Slider & ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25608 (Cross-Site Request Forgery (CSRF) in Yoo Slider \u2013 Image Slider & ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25607 (Authenticated (author or higher user role) SQL Injection (SQLi) vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25606 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25605 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25604 (Authenticated (contributor of higher user role) Stored Cross-Site Scri ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25603 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25602 (Nonce token leak vulnerability leading to arbitrary file upload, theme ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25601 (Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25600 (Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marke ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25599 (Cross-Site Request Forgery (CSRF) vulnerability leading to event delet ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25598 (Apache DolphinScheduler user registration is vulnerable to Regular exp ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2022-0712 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/1e572820-e502-49d1-af0e-81833e2eb466 + NOTE: https://github.com/radareorg/radare2/commit/515e592b9bea0612bc63d8e93239ff35bcf645c7 +CVE-2022-0711 (A flaw was found in the way HAProxy processed HTTP responses containin ...) + {DSA-5102-1} + - haproxy 2.4.13-1 + [buster] - haproxy (Vulnerable code introduced later) + [stretch] - haproxy (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053666 + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=bfb15ab34ead85f64cd6da0e9fb418c9cd14cee8 (v2.6-dev2) + NOTE: https://git.haproxy.org/?p=haproxy-2.4.git;a=commit;h=86032c309b1f42177826deaa39f7c26903a074ca (v2.4.13) + NOTE: https://git.haproxy.org/?p=haproxy-2.2.git;a=commit;h=eb1bdcb7cf6e7bd1690f7dcc6d97de3d79b54cdc (v2.2.21) +CVE-2022-0710 (The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0709 (The Booking Package WordPress plugin before 1.5.29 requires a token fo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0708 (Mattermost 6.3.0 and earlier fails to protect email addresses of the c ...) + - mattermost-server (bug #823556) + NOTE: MMSA-2022-0082 + NOTE: https://mattermost.com/security-updates/ +CVE-2022-0707 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0706 (The Easy Digital Downloads WordPress plugin before 2.11.6 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0705 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0704 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0703 (The GD Mylist WordPress plugin through 1.1.1 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0702 (The Petfinder Listings WordPress plugin through 1.0.18 does not escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0701 (The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Re ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0700 (The Simple Tracking WordPress plugin before 1.7 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0699 (A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 ...) + - shapelib 1.5.0-3 (bug #1022557) + [bullseye] - shapelib (Minor issue) + [buster] - shapelib (Minor issue) + NOTE: https://github.com/OSGeo/shapelib/commit/c75b9281a5b9452d92e1682bdfe6019a13ed819f + NOTE: https://github.com/OSGeo/shapelib/issues/39 +CVE-2022-25597 (ASUS RT-AC86U\u2019s LPD service has insufficient filtering for specia ...) + NOT-FOR-US: ASUS +CVE-2022-25596 (ASUS RT-AC56U\u2019s configuration function has a heap-based buffer ov ...) + NOT-FOR-US: ASUS +CVE-2022-25595 (ASUS RT-AC86U has improper user request handling, which allows an unau ...) + NOT-FOR-US: ASUS +CVE-2022-25594 (Microprogram\u2019s parking lot management system is vulnerable to sen ...) + NOT-FOR-US: Microprogram parking lot management system +CVE-2022-25593 + RESERVED +CVE-2022-25592 + RESERVED +CVE-2022-25591 (BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file de ...) + NOT-FOR-US: BlogEngine.NET +CVE-2022-25590 (SurveyKing v0.2.0 was discovered to retain users' session cookies afte ...) + NOT-FOR-US: SurveyKing +CVE-2022-25589 + RESERVED +CVE-2022-25588 + RESERVED +CVE-2022-25587 + RESERVED +CVE-2022-25586 + RESERVED +CVE-2022-25585 (Unioncms v1.0.13 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: Unioncms +CVE-2022-25584 (Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3 ...) + NOT-FOR-US: FlexWATCH FW3170-PS-E +CVE-2022-25583 + RESERVED +CVE-2022-25582 (A stored cross-site scripting (XSS) vulnerability in the Column module ...) + NOT-FOR-US: ClassCMS +CVE-2022-25581 (Classcms v2.5 and below contains an arbitrary file upload via the comp ...) + NOT-FOR-US: Classcms +CVE-2022-25580 + RESERVED +CVE-2022-25579 + RESERVED +CVE-2022-25578 (taocms v3.0.2 allows attackers to execute code injection via arbitrari ...) + NOT-FOR-US: taocms +CVE-2022-25577 (ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password ...) + NOT-FOR-US: ALF-BanCO +CVE-2022-25576 (Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: Anchor CMS +CVE-2022-25575 (Multiple cross-site scripting (XSS) vulnerabilities in Parking Managem ...) + NOT-FOR-US: Parking Management System +CVE-2022-25574 (A stored cross-site scripting (XSS) vulnerability in the upload functi ...) + NOT-FOR-US: douphp +CVE-2022-25573 + RESERVED +CVE-2022-25572 + RESERVED +CVE-2022-25571 (Bluedon Information Security Technologies Co.,Ltd Internet Access Dete ...) + NOT-FOR-US: Bluedon +CVE-2022-25570 (In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to ...) + NOT-FOR-US: Passwordstate +CVE-2022-25569 (Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static S ...) + NOT-FOR-US: Bettini SGSetup +CVE-2022-25568 (MotionEye v0.42.1 and below allows attackers to access sensitive infor ...) + NOT-FOR-US: MotionEye +CVE-2022-25567 + RESERVED +CVE-2022-25566 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25565 + RESERVED +CVE-2022-25564 + RESERVED +CVE-2022-25563 + RESERVED +CVE-2022-25562 + RESERVED +CVE-2022-25561 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) + NOT-FOR-US: Tenda +CVE-2022-25560 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) + NOT-FOR-US: Tenda +CVE-2022-25559 + RESERVED +CVE-2022-25558 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25557 (Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow in the ...) + NOT-FOR-US: Tenda +CVE-2022-25556 (Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in ...) + NOT-FOR-US: Tenda +CVE-2022-25555 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25554 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25553 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25552 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25551 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25550 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25549 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25548 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25547 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25546 (Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in th ...) + NOT-FOR-US: Tenda +CVE-2022-25545 + RESERVED +CVE-2022-25544 + RESERVED +CVE-2022-25543 + RESERVED +CVE-2022-25542 + RESERVED +CVE-2022-25541 + RESERVED +CVE-2022-25540 + RESERVED +CVE-2022-25539 + RESERVED +CVE-2022-25538 + RESERVED +CVE-2022-25537 + RESERVED +CVE-2022-25536 + RESERVED +CVE-2022-25535 + RESERVED +CVE-2022-25534 + RESERVED +CVE-2022-25533 + RESERVED +CVE-2022-25532 + RESERVED +CVE-2022-25531 + RESERVED +CVE-2022-25530 + RESERVED +CVE-2022-25529 + RESERVED +CVE-2022-25528 + RESERVED +CVE-2022-25527 + RESERVED +CVE-2022-25526 + RESERVED +CVE-2022-25525 + RESERVED +CVE-2022-25524 + RESERVED +CVE-2022-25523 (TypesetterCMS v5.1 was discovered to contain a Cross-Site Request Forg ...) + NOT-FOR-US: TypesetterCMS +CVE-2022-25522 + RESERVED +CVE-2022-25521 (NUUO v03.11.00 was discovered to contain access control issue.) + NOT-FOR-US: UNNO +CVE-2022-25520 + RESERVED +CVE-2022-25519 + RESERVED +CVE-2022-25518 (In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a ...) + NOT-FOR-US: CMDBuild +CVE-2022-25517 (MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerab ...) + NOT-FOR-US: MyBatis plus +CVE-2022-25516 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. + NOTE: https://github.com/nothings/stb/issues/1287 +CVE-2022-25515 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. + NOTE: https://github.com/nothings/stb/issues/1288 +CVE-2022-25514 (stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow ...) + NOTE: libstb non issue, stb_truetype.h explicitly marked as unsuitable for untrusted font files + NOTE: The stb_truetype API does not know the length of the input font file and therefore cannot bounds check it. + NOTE: https://github.com/nothings/stb/issues/1286 +CVE-2022-25513 + RESERVED +CVE-2022-25512 (FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Webso ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25511 (An issue in the ?filename= argument of the route /DataPackageTable in ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25510 (FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25509 + RESERVED +CVE-2022-25508 (An access control issue in the component /ManageRoute/postRoute of Fre ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25507 (FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25506 (FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vuln ...) + NOT-FOR-US: FreeTAKServer +CVE-2022-25505 (Taocms v3.0.2 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Taocms +CVE-2022-25504 + RESERVED +CVE-2022-25503 + RESERVED +CVE-2022-25502 + RESERVED +CVE-2022-25501 + RESERVED +CVE-2022-25500 + RESERVED +CVE-2022-25499 + RESERVED +CVE-2022-25498 (CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: CuppaCMS +CVE-2022-25497 (CuppaCMS v1.0 was discovered to contain an arbitrary file read via the ...) + NOT-FOR-US: CuppaCMS +CVE-2022-25496 + RESERVED +CVE-2022-25495 (The component /jquery_file_upload/server/php/index.php of CuppaCMS v1. ...) + NOT-FOR-US: CuppaCMS +CVE-2022-25494 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-25493 (HMS v1.0 was discovered to contain a reflected cross-site scripting (X ...) + NOT-FOR-US: HMS +CVE-2022-25492 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) + NOT-FOR-US: HMS +CVE-2022-25491 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) + NOT-FOR-US: HMS +CVE-2022-25490 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) + NOT-FOR-US: HMS +CVE-2022-25489 (Atom CMS v2.0 was discovered to contain a reflected cross-site scripti ...) + NOT-FOR-US: Atom CMS +CVE-2022-25488 (Atom CMS v2.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Atom CMS +CVE-2022-25487 (Atom CMS v2.0 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: Atom CMS +CVE-2022-25486 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...) + NOT-FOR-US: CuppaCMS +CVE-2022-25485 (CuppaCMS v1.0 was discovered to contain a local file inclusion via the ...) + NOT-FOR-US: CuppaCMS +CVE-2022-25484 (tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet ...) + - tcpreplay 4.4.2-1 (unimportant; bug #1018057) + NOTE: https://github.com/appneta/tcpreplay/issues/715 + NOTE: Crash in CLI tool, no security impact +CVE-2022-25483 + RESERVED +CVE-2022-25482 + RESERVED +CVE-2022-25481 (ThinkPHP Framework v5.0.24 was discovered to be configured without the ...) + NOT-FOR-US: ThinkPHP Framework +CVE-2022-25480 + RESERVED +CVE-2022-25479 + RESERVED +CVE-2022-25478 + RESERVED +CVE-2022-25477 + RESERVED +CVE-2022-25476 + RESERVED +CVE-2022-25475 + RESERVED +CVE-2022-25474 + RESERVED +CVE-2022-25473 + RESERVED +CVE-2022-25472 + RESERVED +CVE-2022-25471 (An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6. ...) + NOT-FOR-US: OpenEMR +CVE-2022-25470 + RESERVED +CVE-2022-25469 + RESERVED +CVE-2022-25468 + RESERVED +CVE-2022-25467 + RESERVED +CVE-2022-25466 + RESERVED +CVE-2022-25465 (Espruino 2v11 release was discovered to contain a stack buffer overflo ...) + NOT-FOR-US: Espruino +CVE-2022-25464 (A stored cross-site scripting (XSS) vulnerability in the component /ad ...) + NOT-FOR-US: DoraCMS +CVE-2022-25463 + RESERVED +CVE-2022-25462 (Yafu v2.0 contains a segmentation fault via the component /factor/avx- ...) + NOT-FOR-US: Yafu +CVE-2022-25461 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25460 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25459 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25458 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25457 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25456 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25455 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25454 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25453 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25452 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25451 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25450 (Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25449 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25448 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25447 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25446 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25445 (Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25444 + RESERVED +CVE-2022-25443 + RESERVED +CVE-2022-25442 + RESERVED +CVE-2022-25441 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) + NOT-FOR-US: Tenda +CVE-2022-25440 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25439 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25438 (Tenda AC9 v15.03.2.21 was discovered to contain a remote command execu ...) + NOT-FOR-US: Tenda +CVE-2022-25437 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25436 + RESERVED +CVE-2022-25435 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25434 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25433 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25432 + RESERVED +CVE-2022-25431 (Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflo ...) + NOT-FOR-US: Tenda +CVE-2022-25430 + RESERVED +CVE-2022-25429 (Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via ...) + NOT-FOR-US: Tenda +CVE-2022-25428 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25427 (Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via t ...) + NOT-FOR-US: Tenda +CVE-2022-25426 + RESERVED +CVE-2022-25425 + RESERVED +CVE-2022-25424 + RESERVED +CVE-2022-25423 + RESERVED +CVE-2022-25422 + RESERVED +CVE-2022-25421 + RESERVED +CVE-2022-25420 (NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerab ...) + NOT-FOR-US: NTT Resonant Incorporated goo blog App Web Application +CVE-2022-25419 + RESERVED +CVE-2022-25418 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-25417 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-25416 + RESERVED +CVE-2022-25415 + RESERVED +CVE-2022-25414 (Tenda AC9 V15.03.2.21_cn was discovered to contain a stack overflow vi ...) + NOT-FOR-US: Tenda +CVE-2022-25413 (Maxsite CMS v108 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: Maxsite CMS +CVE-2022-25412 (Maxsite CMS v180 was discovered to contain multiple arbitrary file del ...) + NOT-FOR-US: Maxsite CMS +CVE-2022-25411 (A Remote Code Execution (RCE) vulnerability at /admin/options in Maxsi ...) + NOT-FOR-US: Maxsite CMS +CVE-2022-25410 (Maxsite CMS v180 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: Maxsite CMS +CVE-2022-25409 (Hospital Management System v1.0 was discovered to contain a stored cro ...) + NOT-FOR-US: Hospital Management System +CVE-2022-25408 (Hospital Management System v1.0 was discovered to contain a stored cro ...) + NOT-FOR-US: Hospital Management System +CVE-2022-25407 (Hospital Management System v1.0 was discovered to contain a stored cro ...) + NOT-FOR-US: Hospital Management System +CVE-2022-25406 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Tongda2000 +CVE-2022-25405 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Tongda2000 +CVE-2022-25404 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Tongda2000 +CVE-2022-25403 (HMS v1.0 was discovered to contain a SQL injection vulnerability via t ...) + NOT-FOR-US: HMS +CVE-2022-25402 (An incorrect access control issue in HMS v1.0 allows unauthenticated a ...) + NOT-FOR-US: HMS +CVE-2022-25401 (The copy function of the file manager in Cuppa CMS v1.0 allows any fil ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-25400 + RESERVED +CVE-2022-25399 (Simple Real Estate Portal System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Real Estate Portal System +CVE-2022-25398 (Auto Spare Parts Management v1.0 was discovered to contain a SQL injec ...) + NOT-FOR-US: Auto Spare Parts Management +CVE-2022-25397 + RESERVED +CVE-2022-25396 (Cosmetics and Beauty Product Online Store v1.0 was discovered to conta ...) + NOT-FOR-US: Cosmetics and Beauty Product Online Store +CVE-2022-25395 (Cosmetics and Beauty Product Online Store v1.0 was discovered to conta ...) + NOT-FOR-US: Cosmetics and Beauty Product Online Store +CVE-2022-25394 (Medical Store Management System v1.0 was discovered to contain a SQL i ...) + NOT-FOR-US: Medical Store Management System +CVE-2022-25393 (Simple Bakery Shop Management v1.0 was discovered to contain a SQL inj ...) + NOT-FOR-US: Simple Bakery Shop Management +CVE-2022-25392 + RESERVED +CVE-2022-25391 + RESERVED +CVE-2022-25390 (DCN Firewall DCME-520 was discovered to contain a remote command execu ...) + NOT-FOR-US: DCN Firewall +CVE-2022-25389 (DCN Firewall DCME-520 was discovered to contain an arbitrary file down ...) + NOT-FOR-US: DCN Firewall +CVE-2022-25388 + RESERVED +CVE-2022-25387 + RESERVED +CVE-2022-25386 + RESERVED +CVE-2022-25385 + RESERVED +CVE-2022-25384 + RESERVED +CVE-2022-25383 + RESERVED +CVE-2022-25382 + RESERVED +CVE-2022-25381 + RESERVED +CVE-2022-25380 + RESERVED +CVE-2022-25379 + RESERVED +CVE-2022-25378 + RESERVED +CVE-2022-25377 + RESERVED +CVE-2022-25376 + RESERVED +CVE-2022-25375 (An issue was discovered in drivers/usb/gadget/function/rndis.c in the ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.10-1 + NOTE: https://github.com/szymonh/rndis-co + NOTE: https://www.openwall.com/lists/oss-security/2022/02/21/1 + NOTE: https://git.kernel.org/linus/38ea1eac7d88072bbffb630e2b3db83ca649b826 (5.17-rc4) +CVE-2022-25374 (HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v2 ...) + NOT-FOR-US: HashiCorp Terraform Enterprise +CVE-2022-25373 (Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-25372 (Pritunl Client through 1.2.3019.52 on Windows allows local privilege e ...) + NOT-FOR-US: Pritunl Client +CVE-2022-0698 (Microweber version 1.3.1 allows an unauthenticated user to perform an ...) + NOT-FOR-US: microweber +CVE-2022-0697 (Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.) + NOT-FOR-US: Archivy +CVE-2022-0696 (NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.442 ...) + {DLA-3204-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/7416c2cb-1809-4834-8989-e84ff033f15f/ + NOTE: https://github.com/vim/vim/commit/0f6e28f686dbb59ab3b562408ab9b2234797b9b1 (v8.2.4428) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0695 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/bdbddc0e-fb06-4211-a90b-7cbedcee2bea + NOTE: https://github.com/radareorg/radare2/commit/634b886e84a5c568d243e744becc6b3223e089cf +CVE-2021-46701 (PreMiD 2.2.0 allows unintended access via the websocket transport. An ...) + NOT-FOR-US: PreMiD +CVE-2022-25371 (Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/b ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-25370 (Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-webs ...) + NOT-FOR-US: Apache OFBiz +CVE-2022-25355 (EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handl ...) + NOT-FOR-US: EC-CUBE +CVE-2022-0694 (The Advanced Booking Calendar WordPress plugin before 1.7.0 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0693 (The Master Elements WordPress plugin through 8.0 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0692 (Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to ...) + NOT-FOR-US: alltube +CVE-2022-0691 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + {DLA-3336-1} + - node-url-parse 1.5.9+~1.4.8-1 + [bullseye] - node-url-parse 1.5.3-1+deb11u1 + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/57124ed5-4b68-4934-8325-2c546257f2e4 + NOTE: https://github.com/unshiftio/url-parse/commit/0e3fb542d60ddbf6933f22eb9b1e06e25eaa5b63 (1.5.9) +CVE-2022-25369 + RESERVED +CVE-2022-25368 (Spectre BHB is a variant of Spectre-v2 in which malicious code uses th ...) + NOTE: https://amperecomputing.com/products/security-bulletins/impact-of-spectre-bhb-on-ampere.html + NOTE: This is a CVE specific for the impact of Spectre-BHB on Ampere +CVE-2022-0690 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + NOT-FOR-US: microweber +CVE-2022-0689 (Use multiple time the one-time coupon in Packagist microweber/microweb ...) + NOT-FOR-US: microweber +CVE-2022-0688 (Business Logic Errors in Packagist microweber/microweber prior to 1.2. ...) + NOT-FOR-US: microweber +CVE-2022-0687 (The Amelia WordPress plugin before 1.0.47 stores image blobs into actu ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0686 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + {DLA-3336-1} + - node-url-parse 1.5.9+~1.4.8-1 + [bullseye] - node-url-parse 1.5.3-1+deb11u1 + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/55fd06cd-9054-4d80-83be-eb5a454be78c + NOTE: https://github.com/unshiftio/url-parse/commit/d5c64791ef496ca5459ae7f2176a31ea53b127e5 (1.5.8) +CVE-2022-0685 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/27230da3-9b1a-4d5d-8cdf-4b1e62fcd782 + NOTE: https://github.com/vim/vim/commit/5921aeb5741fc6e84c870d68c7c35b93ad0c9f87 (v8.2.4418) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0684 (The WP Home Page Menu WordPress plugin before 3.1 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46700 (In libsixel 1.8.6, sixel_encoder_output_without_macro (called from six ...) + - libsixel (bug #1014469) + [bookworm] - libsixel (Minor issue) + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/158 +CVE-2021-4222 (The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25367 + RESERVED +CVE-2022-25366 (Cryptomator through 1.6.5 allows DYLIB injection because, although it ...) + NOT-FOR-US: Cryptomator +CVE-2022-25365 (Docker Desktop before 4.5.1 on Windows allows attackers to move arbitr ...) + NOT-FOR-US: Docker Desktop +CVE-2022-25364 (In Gradle Enterprise before 2021.4.2, the default built-in build cache ...) + NOT-FOR-US: Gradle Enterprise +CVE-2022-25363 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) + NOT-FOR-US: WatchGuard +CVE-2022-25362 + RESERVED +CVE-2022-25361 (WatchGuard Firebox and XTM appliances allow an unauthenticated remote ...) + NOT-FOR-US: WatchGuard +CVE-2022-25360 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) + NOT-FOR-US: WatchGuard +CVE-2022-25359 (On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, un ...) + NOT-FOR-US: ICL ScadaFlex II SCADA Controller +CVE-2022-25358 (A ..%2F path traversal vulnerability exists in the path handler of awf ...) + NOT-FOR-US: awful-salmonella-tar +CVE-2022-25357 (Pexip Infinity 27.x before 27.2 has Improper Access Control. An attack ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-25356 (Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dl ...) + NOT-FOR-US: Alt-N Technologies Mdaemon +CVE-2022-25344 (An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.27 ...) + NOT-FOR-US: Kyocera +CVE-2022-25343 (An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 de ...) + NOT-FOR-US: Kyocera +CVE-2022-25342 (An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 de ...) + NOT-FOR-US: Kyocera +CVE-2022-25341 + RESERVED +CVE-2022-25340 + RESERVED +CVE-2022-25339 (ownCloud owncloud/android 2.20 has Incorrect Access Control for local ...) + NOT-FOR-US: Owncloud client for Android +CVE-2022-25338 (ownCloud owncloud/android before 2.20 has Incorrect Access Control for ...) + NOT-FOR-US: Owncloud client for Android +CVE-2022-24914 + RESERVED +CVE-2022-24436 (Observable behavioral in power management throttling for some Intel(R) ...) + NOT-FOR-US: hardware vulnerability in Intel CPUs + NOTE: https://www.hertzbleed.com/ + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00698.html +CVE-2022-24378 (Improper initialization in the Intel(R) Data Center Manager software b ...) + NOT-FOR-US: Intel +CVE-2022-24067 + RESERVED +CVE-2022-23403 (Improper input validation in the Intel(R) Data Center Manager software ...) + NOT-FOR-US: Intel +CVE-2022-23182 (Improper access control in the Intel(R) Data Center Manager software b ...) + NOT-FOR-US: Intel +CVE-2022-22139 (Uncontrolled search path in the Intel(R) XTU software before version 7 ...) + NOT-FOR-US: Intel +CVE-2022-21225 (Improper neutralization in the Intel(R) Data Center Manager software b ...) + NOT-FOR-US: Intel +CVE-2022-21198 (Time-of-check time-of-use race condition in the BIOS firmware for some ...) + NOT-FOR-US: Intel +CVE-2022-21183 + RESERVED +CVE-2016-20014 (In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does no ...) + - libpam-tacplus (bug #1009966) + [buster] - libpam-tacplus (Minor issue) + [stretch] - libpam-tacplus (Minor issue) + NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/e4c00eba70a0f72c4de77b5f072c69708ec2beab (v1.4.1) +CVE-2016-20013 (sha256crypt and sha512crypt through 0.6 allow attackers to cause a den ...) + NOTE: https://akkadia.org/drepper/SHA-crypt.txt + NOTE: https://pthree.org/2018/05/23/do-not-use-sha256crypt-sha512crypt-theyre-dangerous/ + NOTE: https://twitter.com/solardiz/status/795601240151457793 + NOTE: Inherent algorithmic flaw, applications can set password limits or instead use a + NOTE: different hashing algorithm +CVE-2022-25337 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + NOT-FOR-US: Ibexa +CVE-2022-25336 (Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x bef ...) + NOT-FOR-US: Ibexa +CVE-2022-25335 (RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for s ...) + NOT-FOR-US: RigoBlock Dragos +CVE-2022-25334 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...) + NOT-FOR-US: Texas Instruments +CVE-2022-25333 (The Texas Instruments OMAP L138 (secure variants) trusted execution en ...) + NOT-FOR-US: Texas Instruments +CVE-2022-25332 (The AES implementation in the Texas Instruments OMAP L138 (secure vari ...) + NOT-FOR-US: Texas Instruments +CVE-2022-25331 (Uncaught exceptions that can be generated in Trend Micro ServerProtect ...) + NOT-FOR-US: Trend Micro +CVE-2022-25330 (Integer overflow conditions that exist in Trend Micro ServerProtect 6. ...) + NOT-FOR-US: Trend Micro +CVE-2022-25329 (Trend Micro ServerProtect 6.0/5.8 Information Server uses a static cre ...) + NOT-FOR-US: Trend Micro +CVE-2022-25328 (The bash_completion script for fscrypt allows injection of commands vi ...) + - fscrypt 0.3.3-1 (bug #1006485) + [bullseye] - fscrypt (Minor issue) + [buster] - fscrypt (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 + NOTE: https://github.com/google/fscrypt/commit/fa1a1fdbdea65829ce24a6b6f86ce2961e465b02 +CVE-2022-25327 (The PAM module for fscrypt doesn't adequately validate fscrypt metadat ...) + - fscrypt 0.3.3-1 (bug #1006485) + [bullseye] - fscrypt (Minor issue) + [buster] - fscrypt (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 + NOTE: https://github.com/google/fscrypt/commit/1a47718420317f893831b0223153d56005d5b02b + NOTE: https://github.com/google/fscrypt/commit/74e870b7bd1585b4b509da47e0e75db66336e576 + NOTE: https://github.com/google/fscrypt/commit/b44fbe71e1e93c47050322af51725bac997641e0 +CVE-2022-25326 (fscrypt through v0.3.2 creates a world-writable directory by default w ...) + - fscrypt 0.3.3-1 (bug #1006485) + [bullseye] - fscrypt (Minor issue) + [buster] - fscrypt (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/24/1 + NOTE: https://github.com/google/fscrypt/commit/6e355131670ad014e45f879475ddf800f0080d41 +CVE-2022-23183 (Missing authorization vulnerability in Advanced Custom Fields versions ...) + NOT-FOR-US: WordPress plugin +CVE-2022-21179 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mai ...) + NOT-FOR-US: EC-CUBE +CVE-2022-0683 (The Essential Addons for Elementor Lite WordPress plugin is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0682 + RESERVED +CVE-2022-0681 (The Simple Membership WordPress plugin before 4.1.0 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0680 (The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing u ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0679 (The Narnoo Distributor WordPress plugin through 2.5.1 fails to validat ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0678 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + NOT-FOR-US: microweber +CVE-2022-0677 (Improper Handling of Length Parameter Inconsistency vulnerability in t ...) + NOT-FOR-US: Bitdefender +CVE-2021-4221 (If a domain name contained a RTL character, it would cause the domain ...) + - firefox (Only affects Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-4221 +CVE-2022-25323 (ZEROF Web Server 2.0 allows /admin.back XSS.) + NOT-FOR-US: ZEROF Web Server +CVE-2022-25322 (ZEROF Web Server 2.0 allows /HandleEvent SQL Injection.) + NOT-FOR-US: ZEROF Web Server +CVE-2022-25321 (An issue was discovered in Cerebrate through 1.4. XSS could occur in t ...) + NOT-FOR-US: Cerebrate +CVE-2022-25320 (An issue was discovered in Cerebrate through 1.4. Username enumeration ...) + NOT-FOR-US: Cerebrate +CVE-2022-25319 (An issue was discovered in Cerebrate through 1.4. Endpoints could be o ...) + NOT-FOR-US: Cerebrate +CVE-2022-25318 (An issue was discovered in Cerebrate through 1.4. An incorrect sharing ...) + NOT-FOR-US: Cerebrate +CVE-2022-25317 (An issue was discovered in Cerebrate through 1.4. genericForm allows r ...) + NOT-FOR-US: Cerebrate +CVE-2022-25316 + RESERVED +CVE-2022-25312 (An XML external entity (XXE) injection vulnerability was discovered in ...) + NOT-FOR-US: Apache Any23 +CVE-2022-21132 (Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg ...) + NOT-FOR-US: pfSense +CVE-2022-0676 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/5ad814a1-5dd3-43f4-869b-33b8dab78485 + NOTE: https://github.com/radareorg/radare2/commit/c84b7232626badd075caf3ae29661b609164bac6 +CVE-2022-0675 (In certain situations it is possible for an unmanaged rule to exist on ...) + - puppet-module-puppetlabs-firewall 3.4.0-1 (bug #1006749) + [bullseye] - puppet-module-puppetlabs-firewall (Minor issue) + [buster] - puppet-module-puppetlabs-firewall (Minor issue) + NOTE: https://github.com/puppetlabs/puppetlabs-firewall/pull/1030/commits/2c0047e09be82dd9e1aa4d93c0cb103f83d2a01e (3.4.0) + NOTE: https://puppet.com/security/cve/CVE-2022-0675 + NOTE: https://forge.puppet.com/modules/puppetlabs/firewall/3.4.0 +CVE-2022-25315 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...) + {DSA-5085-1 DLA-2935-1} + - expat 2.4.5-1 + NOTE: https://github.com/libexpat/libexpat/pull/559 + NOTE: https://github.com/libexpat/libexpat/commit/eb0362808b4f9f1e2345a0cf203b8cc196d776d9 +CVE-2022-25314 (In Expat (aka libexpat) before 2.4.5, there is an integer overflow in ...) + {DSA-5085-1} + - expat 2.4.5-1 + [stretch] - expat (Vulnerable code introduced later) + NOTE: https://github.com/libexpat/libexpat/pull/560 + NOTE: https://github.com/libexpat/libexpat/commit/efcb347440ade24b9f1054671e6bd05e60b4cafd +CVE-2022-25313 (In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack ex ...) + {DSA-5085-1 DLA-2935-1} + - expat 2.4.5-1 + NOTE: https://github.com/libexpat/libexpat/pull/558 + NOTE: https://github.com/libexpat/libexpat/commit/9b4ce651b26557f16103c3a366c91934ecd439ab +CVE-2022-25311 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...) + NOT-FOR-US: Siemens +CVE-2022-25310 (A segmentation fault (SEGV) flaw was found in the Fribidi package and ...) + {DLA-2974-1} + - fribidi 1.0.8-2.1 (bug #1008793) + [bullseye] - fribidi 1.0.8-2+deb11u1 + [buster] - fribidi 1.0.5-3.1+deb10u2 + NOTE: https://github.com/fribidi/fribidi/issues/183 + NOTE: https://github.com/fribidi/fribidi/pull/186 + NOTE: https://github.com/fribidi/fribidi/commit/175850b03e1af251d705c1d04b2b9b3c1c06e48f +CVE-2022-25309 (A heap-based buffer overflow flaw was found in the Fribidi package and ...) + {DLA-2974-1} + - fribidi 1.0.8-2.1 (bug #1008793) + [bullseye] - fribidi 1.0.8-2+deb11u1 + [buster] - fribidi 1.0.5-3.1+deb10u2 + NOTE: https://github.com/fribidi/fribidi/issues/182 + NOTE: https://github.com/fribidi/fribidi/pull/185 + NOTE: https://github.com/fribidi/fribidi/commit/f22593b82b5d1668d1997dbccd10a9c31ffea3b3 +CVE-2022-25308 (A stack-based buffer overflow flaw was found in the Fribidi package. T ...) + {DLA-2974-1} + - fribidi 1.0.8-2.1 (bug #1008793) + [bullseye] - fribidi 1.0.8-2+deb11u1 + [buster] - fribidi 1.0.5-3.1+deb10u2 + NOTE: https://github.com/fribidi/fribidi/issues/181 + NOTE: https://github.com/fribidi/fribidi/pull/184 + NOTE: https://github.com/fribidi/fribidi/commit/ad3a19e6372b1e667128ed1ea2f49919884587e1 +CVE-2022-25307 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25306 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25305 (The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-21158 (A stored cross-site scripting vulnerability in marktext versions prior ...) + NOT-FOR-US: marktext +CVE-2022-0674 (The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0673 (A flaw was found in LemMinX in versions prior to 0.19.0. Cache poisoni ...) + NOT-FOR-US: LemMinX +CVE-2022-0672 (A flaw was found in LemMinX in versions prior to 0.19.0. Insecure redi ...) + NOT-FOR-US: LemMinX +CVE-2022-0671 (A flaw was found in vscode-xml in versions prior to 0.19.0. Schema dow ...) + NOT-FOR-US: vscode-xml +CVE-2022-0670 (A flaw was found in Openstack manilla owning a Ceph File system "share ...) + - ceph 16.2.10+ds-1 (bug #1016069) + [bullseye] - ceph (Minor issue) + [buster] - ceph (The volumes manager module was added in Ceph 14) + NOTE: https://ceph.io/en/news/blog/2022/v17-2-2-quincy-released/ + NOTE: https://docs.ceph.com/en/latest/security/CVE-2022-0670/ + NOTE: https://github.com/ceph/ceph/pull/47229 +CVE-2022-0669 (A flaw was found in dpdk. This flaw allows a malicious vhost-user mast ...) + {DSA-5130-1} + - dpdk 20.11.5-1 (bug #1010641) + [buster] - dpdk (Vulnerable code introduced later) + [stretch] - dpdk (Vulnerable code introduced later) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=922 + NOTE: Introduced by: https://github.com/DPDK/dpdk/commit/d87f1a1cb7b666550bb53e39c1d85d9f7b861e6f (v19.11-rc1) + NOTE: Fixed by: https://github.com/DPDK/dpdk/commit/af74f7db384ed149fe42b21dbd7975f8a54ef227 (v22.03-rc4) +CVE-2022-0668 (JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Byp ...) + NOT-FOR-US: JFrog Artifactory +CVE-2022-0667 (When the vulnerability is triggered the BIND process will exit. BIND 9 ...) + - bind9 1:9.18.1-1 + [bullseye] - bind9 (Vulnerable code introduced later) + [buster] - bind9 (Vulnerable code introduced later) + [stretch] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-0667 +CVE-2022-0666 (CRLF Injection leads to Stack Trace Exposure due to lack of filtering ...) + NOT-FOR-US: microweber +CVE-2022-0665 (Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.) + NOT-FOR-US: pimcore +CVE-2022-0664 (Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker ...) + NOT-FOR-US: Go github.com/gravitl/netmaker +CVE-2022-0663 (The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0662 (The AdRotate WordPress plugin before 5.8.23 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0661 (The Ad Injection WordPress plugin through 1.2.0.19 does not properly s ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0660 (Generation of Error Message Containing Sensitive Information in Packag ...) + NOT-FOR-US: microweber +CVE-2022-0659 (The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0658 (The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0657 (The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0656 (The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not v ...) + NOT-FOR-US: WordPress plugin +CVE-2022-26520 (In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or pro ...) + {DSA-5196-1} + - libpgjava 42.3.3-1 + [stretch] - libpgjava (Requires control over connection properties) + NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-673j-qm5f-xpv8 + NOTE: https://github.com/pgjdbc/pgjdbc/commit/f6d47034a4ce292e1a659fa00963f6f713117064 (REL42.3.3-rc1) +CVE-2022-25299 (This affects the package cesanta/mongoose before 7.6. The unsafe handl ...) + - phantomjs + [buster] - phantomjs (Vulnerable code introduced later) + [stretch] - phantomjs (Vulnerable code introduced later) + NOTE: https://github.com/cesanta/mongoose/commit/c65c8fdaaa257e0487ab0aaae9e8f6b439335945 + NOTE: https://snyk.io/vuln/SNYK-UNMANAGED-CESANTAMONGOOSE-2404180 +CVE-2022-25298 (This affects the package sprinfall/webcc before 0.3.0. It is possible ...) + NOT-FOR-US: webcc +CVE-2022-25297 (This affects the package drogonframework/drogon before 1.7.5. The unsa ...) + NOT-FOR-US: drogon +CVE-2022-25296 (The package bodymen from 0.0.0 are vulnerable to Prototype Pollution v ...) + NOT-FOR-US: Node bodymen +CVE-2022-25295 (This affects the package github.com/gophish/gophish before 0.12.0. The ...) + NOT-FOR-US: gophish +CVE-2022-25294 (Proofpoint Insider Threat Management Agent for Windows relies on an in ...) + NOT-FOR-US: Proofpoint Insider Threat Management Agent for Windows +CVE-2022-25293 (A systemd stack-based buffer overflow in WatchGuard Firebox and XTM ap ...) + NOT-FOR-US: WatchGuard +CVE-2022-25292 (A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM ap ...) + NOT-FOR-US: WatchGuard +CVE-2022-25291 (An integer overflow in WatchGuard Firebox and XTM appliances allows an ...) + NOT-FOR-US: WatchGuard +CVE-2022-25290 (WatchGuard Firebox and XTM appliances allow an authenticated remote at ...) + NOT-FOR-US: WatchGuard +CVE-2022-25289 + RESERVED +CVE-2022-25288 + RESERVED +CVE-2022-25287 + RESERVED +CVE-2022-25286 + RESERVED +CVE-2022-25285 + RESERVED +CVE-2022-25284 + RESERVED +CVE-2022-25283 + RESERVED +CVE-2022-25282 + RESERVED +CVE-2022-25281 + RESERVED +CVE-2022-25280 + RESERVED +CVE-2022-25279 + RESERVED +CVE-2022-25278 (Under certain circumstances, the Drupal core form API evaluates form e ...) + - drupal7 (Only affects Drupal 8 and 9) + NOTE: https://www.drupal.org/sa-core-2022-013 +CVE-2022-25277 (Drupal core sanitizes filenames with dangerous extensions upon upload ...) + - drupal7 (Only affects Drupal 8 and 9) + NOTE: https://www.drupal.org/sa-core-2022-014 +CVE-2022-25276 (The Media oEmbed iframe route does not properly validate the iframe do ...) + - drupal7 (Only affects Drupal 8 and 9) + NOTE: https://www.drupal.org/sa-core-2022-015 +CVE-2022-25275 (In some situations, the Image module does not correctly check access t ...) + - drupal7 + NOTE: https://www.drupal.org/sa-core-2022-012 +CVE-2022-25274 (Drupal 9.3 implemented a generic entity access API for entity revision ...) + - drupal7 (Only affects Drupal 9) + NOTE: https://www.drupal.org/sa-core-2022-009 +CVE-2022-25273 (Drupal core's form API has a vulnerability where certain contributed o ...) + - drupal7 (Only affects Drupal 8 and 9) + NOTE: https://www.drupal.org/sa-core-2022-008 +CVE-2022-25272 + RESERVED +CVE-2022-25270 (The Quick Edit module does not properly check entity access in some ci ...) + NOT-FOR-US: Drupal 9.x +CVE-2022-25269 (Passwork On-Premise Edition before 4.6.13 has multiple XSS issues.) + NOT-FOR-US: Passwork On-Premise +CVE-2022-25268 (Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, ...) + NOT-FOR-US: Passwork On-Premise +CVE-2022-25267 (Passwork On-Premise Edition before 4.6.13 allows migration/uploadExpor ...) + NOT-FOR-US: Passwork On-Premise +CVE-2022-25266 (Passwork On-Premise Edition before 4.6.13 allows migration/downloadExp ...) + NOT-FOR-US: Passwork On-Premise +CVE-2022-25265 (In the Linux kernel through 5.16.10, certain binary files may have the ...) + - linux (unimportant) + NOTE: https://github.com/x0reaxeax/exec-prot-bypass + NOTE: Not considered a security flaw. If desired because no need for backward compatibility + NOTE: can be mitigated through a LSM. +CVE-2022-25264 (In JetBrains TeamCity before 2021.2.3, environment variables of the "p ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-25263 (JetBrains TeamCity before 2021.2.3 was vulnerable to OS command inject ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-25262 (In JetBrains Hub before 2022.1.14434, SAML request takeover was possib ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-25261 (JetBrains TeamCity before 2021.2.2 was vulnerable to reflected XSS.) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-25260 (JetBrains Hub before 2021.1.14276 was vulnerable to blind Server-Side ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-25259 (JetBrains Hub before 2021.1.14276 was vulnerable to reflected XSS.) + NOT-FOR-US: JetBrains Hub +CVE-2022-25258 (An issue was discovered in drivers/usb/gadget/composite.c in the Linux ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.10-1 + NOTE: https://github.com/szymonh/d-os-descriptor + NOTE: https://git.kernel.org/linus/75e5b4849b81e19e9efe1654b30d7f3151c33c2c (5.17-rc4) +CVE-2022-0655 + REJECTED +CVE-2022-0654 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + NOT-FOR-US: Node request-retry +CVE-2022-0653 (The Profile Builder \u2013 User Profile & User Registration Forms Word ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0652 (Confd log files contain local users', including root\u2019s, SHA512cry ...) + NOT-FOR-US: Sophos UTM +CVE-2022-0651 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0650 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-0649 (The AdRotate WordPress plugin before 5.8.23 does not escape Group Name ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46699 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2022-25257 + RESERVED +CVE-2022-25256 (SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRend ...) + NOT-FOR-US: SAS Web Report Studio +CVE-2022-25255 (In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux ...) + - qt6-base 6.2.4+dfsg-4 + - qtbase-opensource-src 5.15.2+dfsg-15 + [bullseye] - qtbase-opensource-src (Minor issue) + [buster] - qtbase-opensource-src (Breaks existing behaviour and upstream also skipped from 5.12 branch) + [stretch] - qtbase-opensource-src (Vulnerable code introduced later) + - qtbase-opensource-src-gles 5.15.4+dfsg-2 + [bullseye] - qtbase-opensource-src-gles (Minor issue) + [buster] - qtbase-opensource-src-gles (Breaks existing behaviour and upstream also skipped from 5.12 branch) + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/393113 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/394914 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/396020 + NOTE: https://github.com/qt/qtbase/commit/ab6915f0efb12cfe48d1f126f4a828212f853ce5 (v6.2.4) + NOTE: https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff + NOTE: https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff + NOTE: https://www.qt.io/blog/security-advisory-qprocess +CVE-2022-25254 + RESERVED +CVE-2022-25253 + RESERVED +CVE-2022-25252 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) + NOT-FOR-US: PTC +CVE-2022-25251 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) + NOT-FOR-US: PTC +CVE-2022-25250 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) + NOT-FOR-US: PTC +CVE-2022-25249 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) + NOT-FOR-US: PTC +CVE-2022-25248 (When connecting to a certain port Axeda agent (All versions) and Axeda ...) + NOT-FOR-US: PTC +CVE-2022-25247 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...) + NOT-FOR-US: PTC +CVE-2022-25246 (Axeda agent (All versions) and Axeda Desktop Server for Windows (All v ...) + NOT-FOR-US: PTC +CVE-2022-24374 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) + NOT-FOR-US: a-blog cms +CVE-2022-23916 (Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series vers ...) + NOT-FOR-US: a-blog cms +CVE-2022-23810 (Template injection (Improper Neutralization of Special Elements Used i ...) + NOT-FOR-US: a-blog cms +CVE-2022-21142 (Authentication bypass vulnerability in a-blog cms Ver.2.8.x series ver ...) + NOT-FOR-US: a-blog cms +CVE-2022-0648 (The Team Circle Image Slider With Lightbox WordPress plugin before 1.0 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0647 (The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0646 (A flaw use after free in the Linux kernel Management Component Transpo ...) + - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/all/20220211011552.1861886-1-jk@codeconstruct.com.au/T/ +CVE-2022-0645 (Open redirect vulnerability via endpoint authorize_and_redirect/?redir ...) + NOT-FOR-US: posthog +CVE-2022-0644 + REJECTED +CVE-2022-0643 (The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0642 (The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0641 (The Popup Like box WordPress plugin before 3.6.1 does not sanitize and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0640 (The Pricing Table Builder WordPress plugin before 1.1.5 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0639 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + {DLA-3336-1} + - node-url-parse 1.5.7-1 + [bullseye] - node-url-parse (Minor issue) + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/83a6bc9a-b542-4a38-82cd-d995a1481155 + NOTE: https://github.com/unshiftio/url-parse/commit/ef45a1355375a8244063793a19059b4f62fc8788 (1.5.7) +CVE-2022-0638 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) + NOT-FOR-US: microweber +CVE-2022-0637 (open redirect in pollbot (pollbot.services.mozilla.com) in versions be ...) + NOT-FOR-US: pollbot +CVE-2022-0636 (A denial of service vulnerability was reported in Lenovo Thin Installe ...) + NOT-FOR-US: Lenovo +CVE-2022-0635 (Versions affected: BIND 9.18.0 When a vulnerable version of named rece ...) + - bind9 1:9.18.1-1 + [bullseye] - bind9 (Vulnerable code introduced later) + [buster] - bind9 (Vulnerable code introduced later) + [stretch] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-0635 +CVE-2022-0634 (The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorizati ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0633 (The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0632 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/3e5bb8f6-30fd-4553-86dd-761e9459ce1b + NOTE: https://github.com/mruby/mruby/commit/44f591aa8f7091e6ca6cb418e428ae6d4ceaf77d +CVE-2022-0631 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/9bdc49ca-6697-4adc-a785-081e1961bf40 + NOTE: https://github.com/mruby/mruby/commit/47068ae07a5fa3aa9a1879cdfe98a9ce0f339299 +CVE-2022-0630 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/f7cdd680-1a7f-4992-b4b8-44b5e4ba3e32 + NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad +CVE-2022-0629 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/95e2b0da-e480-4ee8-9324-a93a2ab0a877/ + NOTE: https://github.com/vim/vim/commit/34f8117dec685ace52cd9e578e2729db278163fc (v8.2.4397) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0628 (The Mega Menu WordPress plugin before 3.0.8 does not sanitize and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0627 (The Amelia WordPress plugin before 1.0.47 does not sanitize and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0626 (The Advanced Admin Search WordPress plugin before 1.1.6 does not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0625 (The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0624 (Authorization Bypass Through User-Controlled Key in GitHub repository ...) + NOT-FOR-US: Node parse-path +CVE-2022-25271 (Drupal core's form API has a vulnerability where certain contributed o ...) + {DLA-2925-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2022-003 + NOTE: https://git.drupalcode.org/project/drupal/-/commit/43c757167380643b5f73287a63a8739731a5b712 +CVE-2022-25245 (Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know ...) + NOT-FOR-US: Zoho +CVE-2022-25244 (Vault Enterprise clusters using the tokenization transform feature can ...) + NOT-FOR-US: HashiCorp Vault +CVE-2022-25243 ("Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the ...) + NOT-FOR-US: HashiCorp Vault +CVE-2022-25242 (In FileCloud before 21.3, file upload is not protected against Cross-S ...) + NOT-FOR-US: FileCloud +CVE-2022-25241 (In FileCloud before 21.3, the CSV user import functionality is vulnera ...) + NOT-FOR-US: FileCloud +CVE-2022-25240 + RESERVED +CVE-2022-25239 + RESERVED +CVE-2022-25238 (Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside ...) + NOT-FOR-US: Silverstripe CMS +CVE-2022-25237 (Bonita Web 2021.2 is affected by a authentication/authorization bypass ...) + NOT-FOR-US: Bonita Web +CVE-2022-25236 (xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to in ...) + {DSA-5085-1 DLA-2935-1} + - expat 2.4.5-1 (bug #1005895) + NOTE: https://github.com/libexpat/libexpat/pull/561 + NOTE: https://github.com/libexpat/libexpat/commit/6881a4fc8596307ab9ff2e85e605afa2e413ab71 + NOTE: https://github.com/libexpat/libexpat/commit/a2fe525e660badd64b6c557c2b1ec26ddc07f6e4 + NOTE: https://github.com/libexpat/libexpat/commit/2de077423fb22750ebea599677d523b53cb93b1d + NOTE: Relaxed fix: https://github.com/libexpat/libexpat/pull/577 + NOTE: https://github.com/libexpat/libexpat/commit/2ba6c76fca21397959145e18c5ef376201209020 + NOTE: https://github.com/libexpat/libexpat/commit/e0f852db1e3b1e6d34922c68a653c3cc4b85361c + NOTE: https://github.com/libexpat/libexpat/commit/5dd52182972a35f2251a07784eda35d3d52d3e07 + NOTE: https://github.com/libexpat/libexpat/commit/c57bea96b73eee1c6d5e288f0f57efbf5238e49a +CVE-2022-25235 (xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain valid ...) + {DSA-5085-1 DLA-2935-1} + - expat 2.4.5-1 (bug #1005894) + NOTE: https://github.com/libexpat/libexpat/pull/562 + NOTE: https://github.com/libexpat/libexpat/commit/ee2a5b50e7d1940ba8745715b62ceb9efd3a96da + NOTE: https://github.com/libexpat/libexpat/commit/3f0a0cb644438d4d8e3294cd0b1245d0edb0c6c6 + NOTE: https://github.com/libexpat/libexpat/commit/c85a3025e7a1be086dc34e7559fbc543914d047f + NOTE: https://github.com/libexpat/libexpat/commit/6a5510bc6b7efe743356296724e0b38300f05379 +CVE-2022-25229 (Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' fiel ...) + NOT-FOR-US: Popcorn Time +CVE-2022-25228 (CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQ ...) + NOT-FOR-US: CandidATS +CVE-2022-25227 (Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS ...) + NOT-FOR-US: Thinfinity VNC +CVE-2022-25226 (ThinVNC version 1.0b1 allows an unauthenticated user to bypass the aut ...) + NOT-FOR-US: ThinVNC +CVE-2022-25225 (Network Olympus version 1.8.0 allows an authenticated admin user to in ...) + NOT-FOR-US: Network Olympus +CVE-2022-25224 (Proton v0.2.0 allows an attacker to create a malicious link inside a m ...) + NOT-FOR-US: steventhanna/proton +CVE-2022-25223 (Money Transfer Management System Version 1.0 allows an authenticated u ...) + NOT-FOR-US: Money Transfer Management System +CVE-2022-25222 (Money Transfer Management System Version 1.0 allows an unauthenticated ...) + NOT-FOR-US: Money Transfer Management System +CVE-2022-25221 (Money Transfer Management System Version 1.0 allows an attacker to inj ...) + NOT-FOR-US: Money Transfer Management System +CVE-2022-25220 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...) + NOT-FOR-US: PeteReport +CVE-2022-25219 (A null byte interaction error has been discovered in the code that the ...) + NOT-FOR-US: Phicomm +CVE-2022-25218 (The use of the RSA algorithm without OAEP, or any other padding scheme ...) + NOT-FOR-US: Phicomm +CVE-2022-25217 (Use of a hard-coded cryptographic key pair by the telnetd_startup serv ...) + NOT-FOR-US: Phicomm +CVE-2022-25216 (An absolute path traversal vulnerability allows a remote attacker to d ...) + NOT-FOR-US: DVDFab Player +CVE-2022-25215 (Improper access control on the LocalMACConfig.asp interface allows an ...) + NOT-FOR-US: Phicomm +CVE-2022-25214 (Improper access control on the LocalClientList.asp interface allows an ...) + NOT-FOR-US: Phicomm +CVE-2022-25213 (Improper physical access control and use of hard-coded credentials in ...) + NOT-FOR-US: Phicomm +CVE-2022-24915 (The absence of filters when loading some sections in the web applicati ...) + NOT-FOR-US: IPCOMM +CVE-2022-24432 (Persistent cross-site scripting (XSS) in the web interface of ipDIO al ...) + NOT-FOR-US: IPCOMM +CVE-2022-22985 (The absence of filters when loading some sections in the web applicati ...) + NOT-FOR-US: IPCOMM +CVE-2022-21146 (Persistent cross-site scripting in the web interface of ipDIO allows a ...) + NOT-FOR-US: IPCOMM +CVE-2022-0623 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad + NOTE: https://huntr.dev/bounties/5b908ac7-d8f1-4fcd-9355-85df565f7580 +CVE-2022-0622 (Generation of Error Message Containing Sensitive Information in Packag ...) + - snipe-it (bug #1005172) +CVE-2022-0621 (The dTabs WordPress plugin through 1.4 does not sanitize and escape th ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0620 (The Delete Old Orders WordPress plugin through 0.2 does not sanitize a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0619 (The Database Peek WordPress plugin through 1.2 does not sanitize and e ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25209 (Jenkins Chef Sinatra Plugin 1.20 and earlier does not configure its XM ...) + NOT-FOR-US: Jenkins Chef Sinatra Plugin +CVE-2022-25175 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier use ...) + NOT-FOR-US: Jenkins Pipeline: Multibranch Plugin +CVE-2022-25169 (The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may ...) + - tika (bug #1015002) + [bullseye] - tika (Minor issue) + [buster] - tika (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/16/4 +CVE-2022-25168 (Apache Hadoop's FileUtil.unTar(File, File) API does not escape the inp ...) + - hadoop (bug #793644) +CVE-2022-25167 (Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote c ...) + NOT-FOR-US: Apache Flume +CVE-2022-24435 (Cross-site scripting vulnerability in phpUploader v1.2 and earlier all ...) + NOT-FOR-US: phpUploader +CVE-2022-23986 (SQL injection vulnerability in the phpUploader v1.2 and earlier allows ...) + NOT-FOR-US: phpUploader +CVE-2022-21159 (A denial of service vulnerability exists in the parseNormalModeParamet ...) + NOT-FOR-US: MZ Automation +CVE-2022-0618 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + NOT-FOR-US: swift-nio-http2 +CVE-2022-0617 (A flaw null pointer dereference in the Linux kernel UDF file system fu ...) + {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.7-1 + NOTE: https://git.kernel.org/linus/7fc3b7c2981bbd1047916ade327beccb90994eee + NOTE: https://git.kernel.org/linus/ea8569194b43f0f01f0a84c689388542c7254a1f +CVE-2022-0616 (The Amelia WordPress plugin before 1.0.47 does not have CSRF check in ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0615 (Use-after-free in eset_rtp kernel module used in ESET products for Lin ...) + NOT-FOR-US: ESET +CVE-2022-0614 (Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a980ce4d-c359-4425-92c4-e844c0055879 + NOTE: https://github.com/mruby/mruby/commit/ff3a5ebed6ffbe3e70481531cfb969b497aa73ad +CVE-2022-0613 (Authorization Bypass Through User-Controlled Key in NPM urijs prior to ...) + - node-urijs (bug #902083) + NOTE: https://github.com/medialize/uri.js/commit/6ea641cc8648b025ed5f30b090c2abd4d1a5249f (v1.19.8) +CVE-2021-4220 + REJECTED +CVE-2021-4219 (A flaw was found in ImageMagick. The vulnerability occurs due to impro ...) + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1013282) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Vulnerable code introduced later) + [stretch] - imagemagick (Vulnerable code introduced later) + NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/b51ead044753d771646fe1dfd6fb1db0b562a5f0 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4626 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7f1b2b9b816baaa956381ff80c3b120e83faa95 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c10351c16b8d2cabd11d2627a02de522570f6ceb +CVE-2022-25212 (A cross-site request forgery (CSRF) vulnerability in Jenkins SWAMP Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25211 (A missing permission check in Jenkins SWAMP Plugin 1.2.6 and earlier a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25210 (Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier uses static ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25208 (A missing permission check in Jenkins Chef Sinatra Plugin 1.20 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25207 (A cross-site request forgery (CSRF) vulnerability in Jenkins Chef Sina ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25206 (A missing check in Jenkins dbCharts Plugin 0.5.2 and earlier allows at ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25205 (A cross-site request forgery (CSRF) vulnerability in Jenkins dbCharts ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25204 (Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25203 (Jenkins Team Views Plugin 0.9.0 and earlier does not escape team names ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25202 (Jenkins Promoted Builds (Simple) Plugin 1.9 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25201 (Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25200 (A cross-site request forgery (CSRF) vulnerability in Jenkins Checkmarx ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25199 (A missing permission check in Jenkins SCP publisher Plugin 1.8 and ear ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25198 (A cross-site request forgery (CSRF) vulnerability in Jenkins SCP publi ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25197 (Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implement ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25196 (Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25195 (A missing permission check in Jenkins autonomiq Plugin 1.15 and earlie ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25194 (A cross-site request forgery (CSRF) vulnerability in Jenkins autonomiq ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25193 (Missing permission checks in Jenkins Snow Commander Plugin 1.10 and ea ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25192 (A cross-site request forgery (CSRF) vulnerability in Jenkins Snow Comm ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25191 (Jenkins Agent Server Parameter Plugin 1.0 and earlier does not escape ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25190 (A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25189 (Jenkins Custom Checkbox Parameter Plugin 1.1 and earlier does not esca ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25188 (Jenkins Fortify Plugin 20.2.34 and earlier does not sanitize the appNa ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25187 (Jenkins Support Core Plugin 2.79 and earlier does not redact some sens ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25186 (Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functional ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25185 (Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escap ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25184 (Jenkins Pipeline: Build Step Plugin 2.15 and earlier reveals password ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25183 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25182 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25181 (A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25180 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier include ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25179 (Jenkins Pipeline: Multibranch Plugin 706.vd43c65dec013 and earlier fol ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25178 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25177 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25176 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier follows ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25174 (Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25173 (Jenkins Pipeline: Groovy Plugin 2648.va9433432b33c and earlier uses th ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-25166 (An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible ...) + NOT-FOR-US: Amazon AWS VPN Client +CVE-2022-25165 (An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race ...) + NOT-FOR-US: Amazon AWS VPN Client +CVE-2022-25164 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25163 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC- ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25162 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25161 (Improper Input Validation vulnerability in Mitsubishi Electric MELSEC ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25160 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25159 (Authentication Bypass by Capture-replay vulnerability in Mitsubishi El ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25158 (Cleartext Storage of Sensitive Information vulnerability in Mitsubishi ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25157 (Use of Password Hash Instead of Password for Authentication vulnerabil ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25156 (Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F seri ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25155 (Use of Password Hash Instead of Password for Authentication vulnerabil ...) + NOT-FOR-US: Mitsubishi +CVE-2022-25154 (A DLL hijacking vulnerability in Samsung portable SSD T5 PC software b ...) + NOT-FOR-US: Samsung portable SSD T5 +CVE-2022-25153 (The ITarian Endpoint Manage Communication Client, prior to version 6.4 ...) + NOT-FOR-US: ITarian Endpoint Manage Communication Client +CVE-2022-25152 (The ITarian platform (SAAS / on-premise) offers the possibility to run ...) + NOT-FOR-US: ITarian platform +CVE-2022-25151 (Within the Service Desk module of the ITarian platform (SAAS and on-pr ...) + NOT-FOR-US: ITarian platform +CVE-2022-25150 (In Malwarebytes Binisoft Windows Firewall Control before 6.8.1.0, prog ...) + NOT-FOR-US: Malwarebytes Binisoft Windows Firewall Control +CVE-2022-25149 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + NOT-FOR-US: WordPress plugin +CVE-2022-25148 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0612 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0611 (Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.) + - snipe-it (bug #1005172) +CVE-2019-25057 (In Corda before 4.1, the meaning of serialized data can be modified vi ...) + NOT-FOR-US: Corda +CVE-2022-25147 (Integer Overflow or Wraparound vulnerability in apr_base64 functions o ...) + {DSA-5364-1 DLA-3332-1} + - apr-util 1.6.3-1 + NOTE: https://lists.apache.org/thread/np5gjqlohc4f62lr09vrn61vl44cylh8 + NOTE: http://svn.apache.org/r1904728 +CVE-2022-0610 (Inappropriate implementation in Gamepad API in Google Chrome prior to ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0609 (Use after free in Animation in Google Chrome prior to 98.0.4758.102 al ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0608 (Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allow ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0607 (Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0606 (Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowe ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0605 (Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0604 (Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758 ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0603 (Use after free in File Manager in Google Chrome on Chrome OS prior to ...) + {DSA-5079-1} + - chromium 98.0.4758.102-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + NOTE: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html +CVE-2022-0602 (Cross-site Scripting (XSS) - DOM in GitHub repository tastyigniter/tas ...) + NOT-FOR-US: TastyIgniter +CVE-2022-0601 (The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0600 (The Conference Scheduler WordPress plugin before 2.4.3 does not saniti ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0599 (The Mapping Multiple URLs Redirect Same Page WordPress plugin through ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0598 (The Login with phone number WordPress plugin before 1.3.8 does not san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0597 (Open Redirect in Packagist microweber/microweber prior to 1.2.11.) + NOT-FOR-US: microweber +CVE-2022-0596 (Improper Validation of Specified Quantity in Input in Packagist microw ...) + NOT-FOR-US: microweber +CVE-2022-0595 (The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0594 (The Professional Social Sharing Buttons, Icons & Related Posts WordPre ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0593 (The Login with phone number WordPress plugin before 1.3.7 includes a f ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0592 (The MapSVG WordPress plugin before 6.2.20 does not validate and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0591 (The FormCraft WordPress plugin before 3.8.28 does not validate the URL ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0590 (The BulletProof Security WordPress plugin before 5.8 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0589 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) + NOT-FOR-US: LibreNMS +CVE-2022-0588 (Missing Authorization in Packagist librenms/librenms prior to 22.2.0.) + NOT-FOR-US: LibreNMS +CVE-2022-0587 (Improper Authorization in Packagist librenms/librenms prior to 22.2.0.) + NOT-FOR-US: LibreNMS +CVE-2021-46687 (JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable t ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-46270 (JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Contr ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-45730 (JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Con ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-45721 (JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-45074 (JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken A ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-41834 (JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable t ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-23163 (JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable t ...) + NOT-FOR-US: JFrog Artifactory +CVE-2022-25146 (The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 throug ...) + NOT-FOR-US: Liferay +CVE-2022-25145 + RESERVED +CVE-2022-25144 + RESERVED +CVE-2022-25143 + RESERVED +CVE-2022-25142 + RESERVED +CVE-2022-25141 + RESERVED +CVE-2022-25140 + RESERVED +CVE-2022-25139 (njs through 0.7.0, used in NGINX, was discovered to contain a heap use ...) + NOT-FOR-US: njs +CVE-2022-25138 (Axelor Open Suite v5.0 was discovered to contain a stored cross-site s ...) + NOT-FOR-US: Axelor Open Suite +CVE-2022-25137 (A command injection vulnerability in the function recvSlaveUpgstatus o ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25136 (A command injection vulnerability in the function meshSlaveUpdate of T ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25135 (A command injection vulnerability in the function recv_mesh_info_sync ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25134 (A command injection vulnerability in the function setUpgradeFW of TOTO ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25133 (A command injection vulnerability in the function isAssocPriDevice of ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25132 (A command injection vulnerability in the function meshSlaveDlfw of TOT ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25131 (A command injection vulnerability in the function recvSlaveCloudCheckS ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25130 (A command injection vulnerability in the function updateWifiInfo of TO ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25129 + RESERVED +CVE-2022-25128 + RESERVED +CVE-2022-25127 + RESERVED +CVE-2022-25126 + RESERVED +CVE-2022-25125 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: MCMS +CVE-2022-25124 + RESERVED +CVE-2022-25123 + RESERVED +CVE-2022-25122 + RESERVED +CVE-2022-25121 + RESERVED +CVE-2022-25120 + RESERVED +CVE-2022-25119 + RESERVED +CVE-2022-25118 + RESERVED +CVE-2022-25117 + RESERVED +CVE-2022-25116 + RESERVED +CVE-2022-25115 (A remote code execution (RCE) vulnerability in the Avatar parameter un ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25114 (Event Management v1.0 was discovered to contain a reflected cross-site ...) + NOT-FOR-US: Event Management +CVE-2022-25113 + RESERVED +CVE-2022-25112 + RESERVED +CVE-2022-25111 + RESERVED +CVE-2022-25110 + RESERVED +CVE-2022-25109 + RESERVED +CVE-2022-25108 (Foxit PDF Reader and Editor before 11.2.1 and PhantomPDF before 10.1.7 ...) + NOT-FOR-US: Foxit +CVE-2022-25107 + RESERVED +CVE-2022-25106 (D-Link DIR-859 v1.05 was discovered to contain a stack-based buffer ov ...) + NOT-FOR-US: D-Link +CVE-2022-25105 + RESERVED +CVE-2022-25104 (HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file ...) + NOT-FOR-US: HorizontCMS +CVE-2022-25103 + RESERVED +CVE-2022-25102 + RESERVED +CVE-2022-25101 (A vulnerability in the component /templates/install.php of WBCE CMS v1 ...) + NOT-FOR-US: WBCE CMS +CVE-2022-25100 + RESERVED +CVE-2022-25099 (A vulnerability in the component /languages/index.php of WBCE CMS v1.5 ...) + NOT-FOR-US: WBCE CMS +CVE-2022-25098 (ECTouch v2 suffers from arbitrary file deletion due to insufficient fi ...) + NOT-FOR-US: ECTouch +CVE-2022-25097 + RESERVED +CVE-2022-25096 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25095 (Home Owners Collection Management System v1.0 allows unauthenticated a ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25094 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25093 + RESERVED +CVE-2022-25092 + RESERVED +CVE-2022-25091 (Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow a ...) + NOT-FOR-US: Infopop Ultimate Bulletin Board +CVE-2022-25090 (Printix Secure Cloud Print Management through 1.3.1106.0 creates a tem ...) + NOT-FOR-US: Printix Secure Cloud Print Management +CVE-2022-25089 (Printix Secure Cloud Print Management through 1.3.1106.0 incorrectly u ...) + NOT-FOR-US: Printix Secure Cloud Print Management +CVE-2022-25088 + RESERVED +CVE-2022-25087 + RESERVED +CVE-2022-25086 + RESERVED +CVE-2022-25085 + RESERVED +CVE-2022-25084 (TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command i ...) + NOT-FOR-US: TOTOLink +CVE-2022-25083 (TOTOLink A860R V4.1.2cu.5182_B20201027 was discovered to contain a com ...) + NOT-FOR-US: TOTOLink +CVE-2022-25082 (TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were ...) + NOT-FOR-US: TOTOLink +CVE-2022-25081 (TOTOLink T10 V5.9c.5061_B20200511 was discovered to contain a command ...) + NOT-FOR-US: TOTOLink +CVE-2022-25080 (TOTOLink A830R V5.9c.4729_B20191112 was discovered to contain a comman ...) + NOT-FOR-US: TOTOLink +CVE-2022-25079 (TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a com ...) + NOT-FOR-US: TOTOLink +CVE-2022-25078 (TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a co ...) + NOT-FOR-US: TOTOLink +CVE-2022-25077 (TOTOLink A3100R V4.1.2cu.5050_B20200504 was discovered to contain a co ...) + NOT-FOR-US: TOTOLink +CVE-2022-25076 (TOTOLink A800R V4.1.2cu.5137_B20200730 was discovered to contain a com ...) + NOT-FOR-US: TOTOLink +CVE-2022-25075 (TOTOLink A3000RU V5.9c.2280_B20180512 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLink +CVE-2022-25074 (TP-Link TL-WR902AC(US)_V3_191209 routers were discovered to contain a ...) + NOT-FOR-US: TP-Link +CVE-2022-25073 (TL-WR841Nv14_US_0.9.1_4.18 routers were discovered to contain a stack ...) + NOT-FOR-US: TP-Link +CVE-2022-25072 (TP-Link Archer A54 Archer A54(US)_V1_210111 routers were discovered to ...) + NOT-FOR-US: TP-Link +CVE-2022-25071 + RESERVED +CVE-2022-25070 + RESERVED +CVE-2022-25069 (Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scr ...) + NOT-FOR-US: MarkText +CVE-2022-25068 + RESERVED +CVE-2022-25067 + RESERVED +CVE-2022-25066 + RESERVED +CVE-2022-25065 + RESERVED +CVE-2022-25064 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a remote ...) + NOT-FOR-US: TP-Link +CVE-2022-25063 + RESERVED +CVE-2022-25062 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain an intege ...) + NOT-FOR-US: TP-Link +CVE-2022-25061 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) + NOT-FOR-US: TP-Link +CVE-2022-25060 (TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command ...) + NOT-FOR-US: TP-Link +CVE-2022-25059 + RESERVED +CVE-2022-25058 + RESERVED +CVE-2022-25057 + RESERVED +CVE-2022-25056 + RESERVED +CVE-2022-25055 + RESERVED +CVE-2022-25054 + RESERVED +CVE-2022-25053 + RESERVED +CVE-2022-25052 + RESERVED +CVE-2022-25051 (An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when deco ...) + [experimental] - rtl-433 21.12+git20220718+ds-1 + - rtl-433 21.12+git20220718+ds-2 (bug #1008000) + [bullseye] - rtl-433 (Minor issue) + NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 + NOTE: https://github.com/merbanan/rtl_433/issues/1960 + NOTE: https://huntr.dev/bounties/78eee103-bd61-4b4f-b054-04ad996b39e7/ +CVE-2022-25050 (rtl_433 21.12 was discovered to contain a stack overflow in the functi ...) + [experimental] - rtl-433 21.12+git20220718+ds-1 + - rtl-433 21.12+git20220718+ds-2 (bug #1008000) + [bullseye] - rtl-433 (Minor issue) + NOTE: https://github.com/merbanan/rtl_433/commit/2dad7b9fc67a1d0bfbe520fbd821678b8f8cc7a8 + NOTE: https://github.com/merbanan/rtl_433/issues/1960 + NOTE: https://huntr.dev/bounties/6c9cd35f-a206-4fdf-b6d1-fcd50926c2d9/ +CVE-2022-25049 + RESERVED +CVE-2022-25048 (Command injection vulnerability in CWP v0.9.8.1126 that allows normal ...) + NOT-FOR-US: CWP +CVE-2022-25047 (The password reset token in CWP v0.9.8.1126 is generated using known o ...) + NOT-FOR-US: CWP +CVE-2022-25046 (A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows ...) + NOT-FOR-US: CWP +CVE-2022-25045 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25044 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...) + NOT-FOR-US: Espruino +CVE-2022-25043 + RESERVED +CVE-2022-25042 + RESERVED +CVE-2022-25041 (OpenEMR v6.0.0 was discovered to contain an incorrect access control i ...) + NOT-FOR-US: OpenEMR +CVE-2022-25040 + RESERVED +CVE-2022-25039 + RESERVED +CVE-2022-25038 + RESERVED +CVE-2022-25037 + RESERVED +CVE-2022-25036 + RESERVED +CVE-2022-25035 + RESERVED +CVE-2022-25034 + RESERVED +CVE-2022-25033 + RESERVED +CVE-2022-25032 + RESERVED +CVE-2022-25031 (Remote Desktop Commander Suite Agent before v4.8 contains an unquoted ...) + NOT-FOR-US: Remote Desktop Commander Suite Agent +CVE-2022-25030 + RESERVED +CVE-2022-25029 + REJECTED +CVE-2022-25028 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25027 (The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2 ...) + NOT-FOR-US: Rocket TRUfusion Portal +CVE-2022-25026 (A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2 ...) + NOT-FOR-US: Rocket TRUfusion Portal +CVE-2022-25025 + RESERVED +CVE-2022-25024 (The json2xml package through 3.12.0 for Python allows an error in type ...) + NOT-FOR-US: json2xml +CVE-2022-25023 (Audio File commit 004065d was discovered to contain a heap-buffer over ...) + NOT-FOR-US: AudioFile (different from src:audiofile) +CVE-2022-25022 (A cross-site scripting (XSS) vulnerability in Htmly v2.8.1 allows atta ...) + NOT-FOR-US: Htmly +CVE-2022-25021 + RESERVED +CVE-2022-25020 (A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows att ...) + - pluxml (bug #1008264) + [buster] - pluxml (EOL in buster LTS) + NOTE: https://github.com/MoritzHuppert/CVE-2022-25020/blob/main/CVE-2022-25020.pdf +CVE-2022-25019 + REJECTED +CVE-2022-25018 (Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary c ...) + - pluxml (bug #1008264) + [buster] - pluxml (EOL in buster LTS) + NOTE: https://github.com/MoritzHuppert/CVE-2022-25018/blob/main/CVE-2022-25018.pdf +CVE-2022-25017 (Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulner ...) + NOT-FOR-US: Hitron CHITA +CVE-2022-25016 (Home Owners Collection Management System v1.0 was discovered to contai ...) + NOT-FOR-US: Home Owners Collection Management System +CVE-2022-25015 (A stored cross-site scripting (XSS) vulnerability in Ice Hrm 30.0.0.OS ...) + NOT-FOR-US: Ice Hrm +CVE-2022-25014 (Ice Hrm 30.0.0.OS was discovered to contain a reflected cross-site scr ...) + NOT-FOR-US: Ice Hrm +CVE-2022-25013 (Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-s ...) + NOT-FOR-US: Ice Hrm +CVE-2022-25012 (Argus Surveillance DVR v4.0 employs weak password encryption.) + NOT-FOR-US: Argus Surveillance DVR +CVE-2022-25011 + RESERVED +CVE-2022-25010 (The component /rootfs in RageFile of Stepmania v5.1b2 and below allows ...) + NOT-FOR-US: StepMania +CVE-2022-25009 + RESERVED +CVE-2022-25008 (totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B202 ...) + NOT-FOR-US: TOTOLINK +CVE-2022-25007 + RESERVED +CVE-2022-25006 + RESERVED +CVE-2022-25005 + RESERVED +CVE-2022-25004 (Hospital Patient Record Management System v1.0 was discovered to conta ...) + NOT-FOR-US: Hospital Patient Record Management System +CVE-2022-25003 (Hospital Patient Record Management System v1.0 was discovered to conta ...) + NOT-FOR-US: Hospital Patient Record Management System +CVE-2022-25002 + RESERVED +CVE-2022-25001 + RESERVED +CVE-2022-25000 + RESERVED +CVE-2022-24999 (qs before 6.10.3, as used in Express before 4.17.3 and other products, ...) + {DLA-3299-1} + - node-qs 6.10.3+ds+~6.9.7-1 + [bullseye] - node-qs 6.9.4+ds-1+deb11u1 + NOTE: https://github.com/ljharb/qs/pull/428 + NOTE: https://github.com/n8tz/CVE-2022-24999 +CVE-2022-24998 + RESERVED +CVE-2022-24997 + RESERVED +CVE-2022-24996 + RESERVED +CVE-2022-24995 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda +CVE-2022-24994 + RESERVED +CVE-2022-24993 + RESERVED +CVE-2022-24992 (A vulnerability in the component process.php of QR Code Generator v5.2 ...) + NOT-FOR-US: QR Code Generator +CVE-2022-24991 + RESERVED +CVE-2022-24990 (TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover ...) + NOT-FOR-US: TerraMaster NAS +CVE-2022-24989 (TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute ...) + NOT-FOR-US: TerraMaster NAS +CVE-2022-24988 (In galois_2p8 before 0.1.2, PrimitivePolynomialField::new has an off-b ...) + NOT-FOR-US: galois_2p8 +CVE-2022-24987 + RESERVED +CVE-2022-24986 (KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, b ...) + - kcron 4:21.12.3-1 + [bullseye] - kcron (Minor issue) + [buster] - kcron (Minor issue) + [stretch] - kcron (Minor issue, too intrusive to backport) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/25/3 + NOTE: https://invent.kde.org/system/kcron/-/commit/ef4266e3d5ea741c4d4f442a2cb12a317d7502a1 + NOTE: https://invent.kde.org/system/kcron/-/merge_requests/14 (followup fix) + NOTE: https://kde.org/info/security/advisory-20220216-1.txt +CVE-2022-24985 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) + NOT-FOR-US: JQueryForm.com +CVE-2022-24984 (Forms generated by JQueryForm.com before 2022-02-05 (if file-upload ca ...) + NOT-FOR-US: JQueryForm.com +CVE-2022-24983 (Forms generated by JQueryForm.com before 2022-02-05 allow remote attac ...) + NOT-FOR-US: JQueryForm.com +CVE-2022-24982 (Forms generated by JQueryForm.com before 2022-02-05 allows a remote au ...) + NOT-FOR-US: JQueryForm.com +CVE-2022-24981 (A reflected cross-site scripting (XSS) vulnerability in forms generate ...) + NOT-FOR-US: JQueryForm.com +CVE-2022-0586 (Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17813 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-01.html +CVE-2022-0585 (Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6. ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2054049 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-02.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17829 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17842 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17847 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17855 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17891 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17925 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17926 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17931 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17932 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17933 +CVE-2022-0584 + RESERVED +CVE-2022-0583 (Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3 ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17840 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-03.html +CVE-2022-0582 (Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17882 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-04.html +CVE-2022-0581 (Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3. ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17935 + NOTE: https://www.wireshark.org/security/wnpa-sec-2022-05.html +CVE-2022-0580 (Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0 ...) + NOT-FOR-US: LibreNMS +CVE-2022-24980 (An issue was discovered in the Kitodo.Presentation (aka dif) extension ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-24979 (An issue was discovered in the Varnishcache extension before 2.0.1 for ...) + NOT-FOR-US: TYPO3 extension +CVE-2022-24978 (Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privil ...) + NOT-FOR-US: Zoho +CVE-2022-24977 (ImpressCMS before 1.4.2 allows unauthenticated remote code execution v ...) + NOT-FOR-US: ImpressCMS +CVE-2022-0579 (Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.) + - snipe-it (bug #1005172) +CVE-2022-0578 (Code Injection in GitHub repository publify/publify prior to 9.2.8.) + NOT-FOR-US: Publify +CVE-2022-24976 (Atheme IRC Services before 7.2.12, when used in conjunction with InspI ...) + - atheme-services 7.2.12-1 + [bullseye] - atheme-services (Minor issue; can be fixed via point release) + [buster] - atheme-services (Minor issue; can be fixed via point release) + [stretch] - atheme-services (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/4 + NOTE: https://github.com/atheme/atheme/commit/4e664c75d0b280a052eb8b5e81aa41944e593c52 +CVE-2022-0577 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + {DLA-2950-1} + - python-scrapy 2.6.1-1 (bug #1008234) + [bullseye] - python-scrapy 2.4.1-2+deb11u1 + [buster] - python-scrapy 1.5.1-1+deb10u1 + NOTE: https://github.com/advisories/GHSA-cjvr-mfj7-j4j8 + NOTE: https://huntr.dev/bounties/3da527b1-2348-4f69-9e88-2e11a96ac585 + NOTE: https://github.com/scrapy/scrapy/commit/8ce01b3b76d4634f55067d6cfdf632ec70ba304a +CVE-2022-0576 (Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms pr ...) + NOT-FOR-US: LibreNMS +CVE-2022-0575 (Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms pri ...) + NOT-FOR-US: LibreNMS +CVE-2022-0574 (Improper Access Control in GitHub repository publify/publify prior to ...) + NOT-FOR-US: Publify +CVE-2022-0573 (JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure ...) + NOT-FOR-US: JFrog Artifactory +CVE-2022-0572 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/bf3e0643-03e9-4436-a1c8-74e7111c32bf + NOTE: https://github.com/vim/vim/commit/6e28703a8e41f775f64e442c5d11ce1ff599aa3f (v8.2.4359) +CVE-2022-0571 (Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-t ...) + - phoronix-test-suite +CVE-2022-0570 (Heap-based Buffer Overflow in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/65a7632e-f95b-4836-b1a7-9cb95e5124f1 + NOTE: https://github.com/mruby/mruby/commit/38b164ace7d6ae1c367883a3d67d7f559783faad +CVE-2022-0569 (Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.) + - snipe-it (bug #1005172) +CVE-2022-24975 (The --mirror documentation for Git through 2.35.1 does not mention the ...) + - git (unimportant) + NOTE: https://wwws.nightwatchcybersecurity.com/2022/02/11/gitbleed/ + NOTE: CVE is specifically about --mirror documentation not mentioning the availability + NOTE: of deleted content. +CVE-2022-24974 (Links may not be rewritten according to policy in some specially forma ...) + NOT-FOR-US: Proofpoint email-isolation +CVE-2022-24973 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-24972 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: TP-Link +CVE-2022-24971 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24970 + RESERVED +CVE-2022-24969 (bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, th ...) + NOT-FOR-US: Apache Dubbo +CVE-2022-24968 (In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoo ...) + NOT-FOR-US: Mellium +CVE-2022-24967 (Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting ( ...) + NOT-FOR-US: Black Rainbow NIMBUS +CVE-2022-24966 + RESERVED +CVE-2022-24965 + RESERVED +CVE-2022-24964 + RESERVED +CVE-2022-24963 (Integer Overflow or Wraparound vulnerability in apr_encode functions o ...) + {DSA-5370-1} + - apr 1.7.2-1 + [buster] - apr (Vulnerable code introduced later) + NOTE: https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9 + NOTE: http://svn.apache.org/r1904675 +CVE-2022-24962 + RESERVED +CVE-2022-0568 + RESERVED +CVE-2022-0567 (A flaw was found in ovn-kubernetes. This flaw allows a system administ ...) + NOT-FOR-US: Openshift/ovn-kubernetes +CVE-2022-0566 (It may be possible for an attacker to craft an email message that caus ...) + {DSA-5086-1 DLA-2930-1} + - thunderbird 1:91.6.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/#CVE-2022-0566 +CVE-2022-0565 (Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.) + NOT-FOR-US: pimcore +CVE-2021-22590 + RESERVED +CVE-2020-22592 + RESERVED +CVE-2022-24961 (In Portainer Agent before 2.11.1, an API server can continue running e ...) + NOT-FOR-US: Portainer +CVE-2022-24960 (A use after free vulnerability was discovered in PDFTron SDK version 9 ...) + NOT-FOR-US: PDFTron +CVE-2022-24959 (An issue was discovered in the Linux kernel before 5.16.5. There is a ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1} + - linux 5.16.7-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/29eb31542787e1019208a2e1047bb7c76c069536 (5.17-rc2) +CVE-2022-24958 (drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 m ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: Fixed by: https://git.kernel.org/linus/89f3594d0de58e8a57d92d497dea9fee3d4b9cda (5.17-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/501e38a5531efbd77d5c73c0ba838a889bfc1d74 (5.17-rc1) +CVE-2022-24957 (DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficie ...) + NOT-FOR-US: DHC Vision eQMS +CVE-2022-24956 (An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort- ...) + NOT-FOR-US: Shopware B2B-Suite +CVE-2022-24955 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) + NOT-FOR-US: Foxit +CVE-2022-24954 (Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have ...) + NOT-FOR-US: Foxit +CVE-2022-24953 (The Crypt_GPG extension before 1.6.7 for PHP does not prevent addition ...) + - php-crypt-gpg 1.6.7-1 (bug #1005921) + [bullseye] - php-crypt-gpg 1.6.4-2+deb11u1 + NOTE: https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7) +CVE-2022-24952 (Several denial of service vulnerabilities exist in Eternal Terminal pr ...) + - eternal-terminal (bug #861635) +CVE-2022-24951 (A race condition exists in Eternal Terminal prior to version 6.2.0 whi ...) + - eternal-terminal (bug #861635) +CVE-2022-24950 (A race condition exists in Eternal Terminal prior to version 6.2.0 tha ...) + - eternal-terminal (bug #861635) +CVE-2022-24949 (A privilege escalation to root exists in Eternal Terminal prior to ver ...) + - eternal-terminal (bug #861635) +CVE-2022-24948 (A carefully crafted user preferences for submission could trigger an X ...) + - jspwiki +CVE-2022-24947 (Apache JSPWiki user preferences form is vulnerable to CSRF attacks, wh ...) + - jspwiki +CVE-2022-24946 (Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC ...) + NOT-FOR-US: Mitsubishi +CVE-2022-24945 + REJECTED +CVE-2022-24944 + REJECTED +CVE-2022-24943 + REJECTED +CVE-2022-24942 (Heap based buffer overflow in HTTP Server functionality in Micrium uC- ...) + NOT-FOR-US: Micrium uC-HTTP +CVE-2022-24941 + REJECTED +CVE-2022-24940 + REJECTED +CVE-2022-24939 (A malformed packet containing an invalid destination address, causes a ...) + NOT-FOR-US: Ember ZNet +CVE-2022-24938 (A malformed packet causes a stack overflow in the Ember ZNet stack. Th ...) + NOT-FOR-US: Ember ZNet +CVE-2022-24937 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) + NOT-FOR-US: Ember ZNet +CVE-2022-24936 (Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader ver ...) + NOT-FOR-US: Silicon Labs Gecko Bootloader +CVE-2022-24935 (Lexmark products through 2022-02-10 have Incorrect Access Control.) + NOT-FOR-US: Lexmark +CVE-2022-24934 (wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remo ...) + NOT-FOR-US: Kingsoft WPS Office +CVE-2022-24933 + RESERVED +CVE-2022-24932 (Improper Protection of Alternate Path vulnerability in Setup wizard pr ...) + NOT-FOR-US: Samsung +CVE-2022-24931 (Improper access control vulnerability in dynamic receiver in ApkInstal ...) + NOT-FOR-US: Samsung +CVE-2022-24930 (An Improper access control vulnerability in StRetailModeReceiver in We ...) + NOT-FOR-US: Samsung +CVE-2022-24929 (Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows ...) + NOT-FOR-US: Samsung +CVE-2022-24928 (Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Relea ...) + NOT-FOR-US: Samsung +CVE-2022-24927 (Improper privilege management vulnerability in Samsung Video Player pr ...) + NOT-FOR-US: Samsung +CVE-2022-24926 (Improper input validation vulnerability in SmartTagPlugin prior to ver ...) + NOT-FOR-US: Samsung +CVE-2022-24925 (Improper input validation vulnerability in SettingsProvider prior to A ...) + NOT-FOR-US: Samsung +CVE-2022-24924 (An improper access control in LiveWallpaperService prior to versions 3 ...) + NOT-FOR-US: Samsung +CVE-2022-24923 (Improper access control vulnerability in Samsung SearchWidget prior to ...) + NOT-FOR-US: Samsung +CVE-2022-24922 + RESERVED +CVE-2022-24921 (regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows st ...) + {DLA-3395-1 DLA-2986-1 DLA-2985-1} + - golang-1.18 1.18~rc1-1 + - golang-1.17 1.17.8-1 + - golang-1.15 + [bullseye] - golang-1.15 1.15.15-1~deb11u4 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/51112 + NOTE: https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk + NOTE: https://github.com/golang/go/commit/ac071634c487eb6ac5422652de3c7c18fba7c522 (go1.17.8) + NOTE: https://github.com/golang/go/commit/452f24ae94f38afa3704d4361d91d51218405c0a (go1.18rc1) +CVE-2022-24920 + RESERVED +CVE-2022-24919 (An authenticated user can create a link with reflected Javascript code ...) + {DLA-3390-1 DLA-2980-1} + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-20680 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) +CVE-2022-24918 (An authenticated user can create a link with reflected Javascript code ...) + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (The vulnerable code was introduced later) + [stretch] - zabbix (The vulnerable code was introduced later) + NOTE: https://support.zabbix.com/browse/ZBX-20680 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) +CVE-2022-24917 (An authenticated user can create a link with reflected Javascript code ...) + {DLA-3390-1 DLA-2980-1} + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-20680 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) +CVE-2022-24911 + RESERVED +CVE-2022-0564 (A vulnerability in Qlik Sense Enterprise on Windows could allow an rem ...) + NOT-FOR-US: Qlik Sense Enterprise +CVE-2022-24916 (Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing b ...) + NOT-FOR-US: Optimism +CVE-2022-24908 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-24907 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2022-24906 (Nextcloud Deck is a Kanban-style project & personal management tool fo ...) + NOT-FOR-US: Nextcloud Deck +CVE-2022-24905 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-24904 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-24903 (Rsyslog is a rocket-fast system for log processing. Modules for TCP sy ...) + {DSA-5150-1 DLA-3016-1} + - rsyslog 8.2204.1-1 (bug #1010619) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/05/3 + NOTE: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243 + NOTE: https://github.com/rsyslog/rsyslog/commit/89955b0bcb1ff105e1374aad7e0e993faa6a038f (v8.2204.1) + NOTE: Introduced by (plugins/imptcp/imptcp.c): https://github.com/rsyslog/rsyslog/commit/0381a0de64a5a048c3d48b79055bd9848d0c7fc2 (v8.27.0, CVE-2018-16881) + NOTE: Introduced by (runtime/tcps_sess.c): https://github.com/rsyslog/rsyslog/commit/01feb44bf1d091ec45ff425a096a0169f290da4b (v8.27.0) + NOTE: Introduced by (contrib/imhttp/imhttp.c): https://github.com/rsyslog/rsyslog/commit/6102f6083cfa73fe4a91e3d34c4d1dc924465278 (v8.2010.0) +CVE-2022-24902 (TkVideoplayer is a simple library to play video files in tkinter. Unco ...) + NOT-FOR-US: TkVideoplayer +CVE-2022-24901 (Improper validation of the Apple certificate URL in the Apple Game Cen ...) + NOT-FOR-US: parse-server +CVE-2022-24900 (Piano LED Visualizer is software that allows LED lights to light up as ...) + NOT-FOR-US: Piano LED Visualizer +CVE-2022-24899 (Contao is a powerful open source CMS that allows you to create profess ...) + NOT-FOR-US: Contao CMS +CVE-2022-24898 (org.xwiki.commons:xwiki-commons-xml is a common module used by other X ...) + NOT-FOR-US: Xwiki +CVE-2022-24897 (APIs to evaluate content with Velocity is a package for APIs to evalua ...) + NOT-FOR-US: Xwiki +CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developments a ...) + NOT-FOR-US: Tuleap +CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3493-1} + - symfony 5.4.20+dfsg-1 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m + NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4 +CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...) + {DLA-3493-1} + - symfony 5.4.20+dfsg-1 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u2 + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv + NOTE: https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb +CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...) + NOT-FOR-US: ESP-IDF +CVE-2022-24892 (Shopware is an open source e-commerce software platform. Starting with ...) + NOT-FOR-US: Shopware +CVE-2022-24891 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...) + - libowasp-esapi-java 2.4.0.0-1 (bug #1010339) + [bullseye] - libowasp-esapi-java (Minor issue) + [buster] - libowasp-esapi-java (Minor issue) + [stretch] - libowasp-esapi-java (Minor issue) + NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-q77q-vx4q-xx6q + NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/ESAPI-security-bulletin8.pdf + NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt +CVE-2022-24890 (Nextcloud Talk is a video and audio conferencing app for Nextcloud. In ...) + NOT-FOR-US: Nextcloud talk app +CVE-2022-24889 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-24888 (Nextcloud Server is the file server software for Nextcloud, a self-hos ...) + - nextcloud-server (bug #941708) +CVE-2022-24887 (Nextcloud Talk is a video and audio conferencing app for Nextcloud, a ...) + NOT-FOR-US: Nextcloud talk app +CVE-2022-24886 (Nextcloud Android app is the Android client for Nextcloud, a self-host ...) + NOT-FOR-US: Nextcloud Android app +CVE-2022-24885 (Nextcloud Android app is the Android client for Nextcloud, a self-host ...) + NOT-FOR-US: Nextcloud Android app +CVE-2022-24884 (ecdsautils is a tiny collection of programs used for ECDSA (keygen, si ...) + {DSA-5132-1 DLA-2997-1} + - ecdsautils 0.4.1-1 + NOTE: https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw + NOTE: https://github.com/freifunk-gluon/ecdsautils/commit/1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 (v0.4.1) +CVE-2022-24883 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) + {DLA-3654-1} + - freerdp2 2.7.0+dfsg1-1 + [bullseye] - freerdp2 (Minor issue) + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/4661492e5a617199457c8074bad22f766a116cdc + NOTE: Fixed by (backport): https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144 +CVE-2022-24882 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). ...) + - freerdp2 2.7.0+dfsg1-1 + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Minor issue) + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh + NOTE: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/95 + NOTE: Pull request for stable 2.0 branch: https://github.com/FreeRDP/FreeRDP/pull/7750 +CVE-2022-24881 (Ballcat Codegen provides the function of online editing code to genera ...) + NOT-FOR-US: Ballcat Codegen +CVE-2022-24880 (flask-session-captcha is a package which allows users to extend Flask ...) + NOT-FOR-US: flask-session-captcha +CVE-2022-24879 (Shopware is an open source e-commerce software platform. Versions prio ...) + NOT-FOR-US: Shopware +CVE-2022-24878 (Flux is an open and extensible continuous delivery solution for Kubern ...) + NOT-FOR-US: Flux project fluxcd +CVE-2022-24877 (Flux is an open and extensible continuous delivery solution for Kubern ...) + NOT-FOR-US: Flux project fluxcd +CVE-2022-24876 (GLPI is a Free Asset and IT Management Software package, that provides ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-33g2-m556-gccr + NOTE: https://github.com/glpi-project/glpi/commit/9a3c7487c8761eaa8f3b07589d6dcdfa5d1e4ed6 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-24875 (The CVEProject/cve-services is an open source project used to operate ...) + NOT-FOR-US: CVEProject cve-services +CVE-2022-24874 + REJECTED +CVE-2022-24873 (Shopware is an open source e-commerce software platform. Prior to vers ...) + NOT-FOR-US: Shopware +CVE-2022-24872 (Shopware is an open commerce platform based on Symfony Framework and V ...) + NOT-FOR-US: Shopware +CVE-2022-24871 (Shopware is an open commerce platform based on Symfony Framework and V ...) + NOT-FOR-US: Shopware +CVE-2022-24870 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...) + NOT-FOR-US: Combodo iTop +CVE-2022-24869 (GLPI is a Free Asset and IT Management Software package, that provides ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-24868 (GLPI is a Free Asset and IT Management Software package, that provides ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-24867 (GLPI is a Free Asset and IT Management Software package, that provides ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-24866 (Discourse Assign is a plugin for assigning users to a topic in Discour ...) + NOT-FOR-US: Discourse +CVE-2022-24865 (HumHub is an Open Source Enterprise Social Network. In affected versio ...) + NOT-FOR-US: HumHub +CVE-2022-24864 (Origin Protocol is a blockchain based project. The Origin Protocol pro ...) + NOT-FOR-US: Origin Protocol +CVE-2022-24863 (http-swagger is an open source wrapper to automatically generate RESTf ...) + NOT-FOR-US: http-swagger +CVE-2022-24862 (Databasir is a team-oriented relational database model document manage ...) + NOT-FOR-US: Databasir +CVE-2022-24861 (Databasir is a team-oriented relational database model document manage ...) + NOT-FOR-US: Databasir +CVE-2022-24860 (Databasir is a team-oriented relational database model document manage ...) + NOT-FOR-US: Databasir +CVE-2022-24859 (PyPDF2 is an open source python PDF library capable of splitting, merg ...) + {DLA-3451-1 DLA-3039-1} + - pypdf2 1.27.9-1 (bug #1009879) + [bullseye] - pypdf2 (Minor issue) + NOTE: https://github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79 + NOTE: https://github.com/py-pdf/PyPDF2/issues/329 + NOTE: https://github.com/py-pdf/PyPDF2/pull/740 +CVE-2022-24858 (next-auth v3 users before version 3.29.2 are impacted. next-auth versi ...) + NOT-FOR-US: NextAuth.js +CVE-2022-24857 (django-mfa3 is a library that implements multi factor authentication f ...) + NOT-FOR-US: django-mfa3 +CVE-2022-24856 (FlyteConsole is the web user interface for the Flyte platform. FlyteCo ...) + NOT-FOR-US: flyteorg/flyteconsole +CVE-2022-24855 (Metabase is an open source business intelligence and analytics applica ...) + NOT-FOR-US: Metabase +CVE-2022-24854 (Metabase is an open source business intelligence and analytics applica ...) + NOT-FOR-US: Metabase +CVE-2022-24853 (Metabase is an open source business intelligence and analytics applica ...) + NOT-FOR-US: Metabase +CVE-2022-24852 + RESERVED +CVE-2022-24851 (LDAP Account Manager (LAM) is an open source web frontend for managing ...) + {DSA-5177-1} + - ldap-account-manager 7.9.1-1 + [stretch] - ldap-account-manager (Minor issue) + NOTE: https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-f2fr-cccr-583v + NOTE: https://github.com/LDAPAccountManager/lam/commit/3c6f09a3579e048e224eb5a4c4e3eefaa8bccd49 + NOTE: https://github.com/LDAPAccountManager/lam/issues/170 +CVE-2022-24850 (Discourse is an open source platform for community discussion. A categ ...) + NOT-FOR-US: Discourse +CVE-2022-24849 (DisCatSharp is a Discord API wrapper for .NET. Users of versions 9.8.5 ...) + NOT-FOR-US: DisCatSharp +CVE-2022-24848 (DHIS2 is an information system for data capture, management, validatio ...) + NOT-FOR-US: DHIS2 +CVE-2022-24847 (GeoServer is an open source software server written in Java that allow ...) + NOT-FOR-US: geoserver +CVE-2022-24846 (GeoWebCache is a tile caching server implemented in Java. The GeoWebCa ...) + NOT-FOR-US: geowebcache +CVE-2022-24845 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2022-24844 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) + NOT-FOR-US: Gin-vue-admin +CVE-2022-24843 (Gin-vue-admin is a backstage management system based on vue and gin, w ...) + NOT-FOR-US: Gin-vue-admin +CVE-2022-24842 (MinIO is a High Performance Object Storage released under GNU Affero G ...) + NOT-FOR-US: MinIO +CVE-2022-24841 (fleetdm/fleet is an open source device management, built on osquery. A ...) + NOT-FOR-US: Fleet +CVE-2022-24840 (django-s3file is a lightweight file upload input for Django and Amazon ...) + NOT-FOR-US: django-s3file +CVE-2022-24839 (org.cyberneko.html is an html parser written in Java. The fork of `org ...) + - nekohtml 1.9.22.noko2-0.1 (bug #1021739) + [bullseye] - nekohtml (Minor issue) + [buster] - nekohtml (Minor issue) + [stretch] - nekohtml (Minor issue) + NOTE: https://github.com/sparklemotion/nekohtml/security/advisories/GHSA-9849-p7jc-9rmv + NOTE: https://github.com/sparklemotion/nekohtml/commit/a800fce3b079def130ed42a408ff1d09f89e773d +CVE-2022-24838 (Nextcloud Calendar is a calendar application for the nextcloud framewo ...) + NOT-FOR-US: Nextcloud Calendar +CVE-2022-24837 (HedgeDoc is an open-source, web-based, self-hosted, collaborative mark ...) + NOT-FOR-US: HedgeDoc +CVE-2022-24836 (Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< ...) + {DLA-3149-1 DLA-3003-1} + - ruby-nokogiri 1.13.5+dfsg-1 (bug #1009787) + NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8 + NOTE: https://github.com/sparklemotion/nokogiri/commit/e444525ef1634b675cd1cf52d39f4320ef0aecfd +CVE-2022-24835 + RESERVED +CVE-2022-24834 (Redis is an in-memory database that persists on disk. A specially craf ...) + - redis 5:7.0.12-1 + [bookworm] - redis (Minor issue) + [bullseye] - redis (Minor issue) + [buster] - redis (Minor issue) + NOTE: https://raw.githubusercontent.com/redis/redis/7.0/00-RELEASENOTES + NOTE: https://github.com/redis/redis/commit/936cfa464f371666c46bff59f7c4247d48973ec6 (7.2-rc3) + NOTE: https://github.com/redis/redis/commit/f6a7c9f9ec9354702cc3143310a24bf3d1507b03 (7.0.12) + NOTE: https://github.com/redis/redis/pull/12398 +CVE-2022-24833 (PrivateBin is minimalist, open source online pastebin clone where the ...) + NOT-FOR-US: PrivateBin +CVE-2022-24832 (GoCD is an open source a continuous delivery server. The bundled gocd- ...) + NOT-FOR-US: GoCD +CVE-2022-24831 (OpenClinica is an open source software for Electronic Data Capture (ED ...) + NOT-FOR-US: OpenClinica +CVE-2022-24830 (OpenClinica is an open source software for Electronic Data Capture (ED ...) + NOT-FOR-US: OpenClinica +CVE-2022-24829 (Garden is an automation platform for Kubernetes development and testin ...) + NOT-FOR-US: Garden +CVE-2022-24828 (Composer is a dependency manager for the PHP programming language. Int ...) + - composer 2.2.12-1 (bug #1009960) + [bullseye] - composer 2.0.9-2+deb11u1 + [buster] - composer 1.8.4-1+deb10u2 + [stretch] - composer (Minor issue) + NOTE: https://github.com/composer/composer/commit/2c40c53637c5c7e43fff7c09d3d324d632734709 (2.2.12) + NOTE: https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6 +CVE-2022-24827 (Elide is a Java library that lets you stand up a GraphQL/JSON-API web ...) + NOT-FOR-US: Elide +CVE-2022-24826 (On Windows, if Git LFS operates on a malicious repository with a `..ex ...) + NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) +CVE-2022-24825 (Smokescreen is a simple HTTP proxy that fogs over naughty URLs. The pr ...) + NOT-FOR-US: Smokescreen +CVE-2022-24824 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2022-24823 (Netty is an open-source, asynchronous event-driven network application ...) + - netty (unimportant; bug #1010693) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-269q-hmxg-m83q + NOTE: https://github.com/netty/netty/commit/185f8b2756a36aaa4f973f1a2a025e7d981823f1 + NOTE: Issue exists because of isufficient fix for CVE-2021-21290 + NOTE: Impacts only applications running on Java version 6 and lower. +CVE-2022-24822 (Podium is a library for building micro frontends. @podium/layout is a ...) + NOT-FOR-US: Podium# +CVE-2022-24821 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-24820 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-24819 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-24818 (GeoTools is an open source Java library that provides tools for geospa ...) + NOT-FOR-US: GeoTools +CVE-2022-24817 (Flux2 is an open and extensible continuous delivery solution for Kuber ...) + NOT-FOR-US: Flux project fluxcd +CVE-2022-24816 (JAI-EXT is an open-source project which aims to extend the Java Advanc ...) + NOT-FOR-US: JAI-EXT +CVE-2022-24815 (JHipster is a development platform to quickly generate, develop, & dep ...) + NOT-FOR-US: JHipster +CVE-2022-24814 (Directus is a real-time API and App dashboard for managing SQL databas ...) + NOT-FOR-US: Directus +CVE-2022-24813 (CreateWiki is Miraheze's MediaWiki extension for requesting & creating ...) + NOT-FOR-US: Miraheze CreateWiki +CVE-2022-24812 (Grafana is an open-source platform for monitoring and observability. W ...) + - grafana (Only affects Grafana Enterprise) +CVE-2022-24811 (Combodi iTop is a web based IT Service Management tool. Prior to versi ...) + NOT-FOR-US: Combodi +CVE-2022-24810 [A malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24809 [A malformed OID in a GET-NEXT to the nsVacmAccessTable can cause a NULL pointer dereference] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24808 [A malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24807 [A malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24806 [Improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24805 [A buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB can cause an out-of-bounds memory access] + RESERVED + {DSA-5209-1 DLA-3088-1} + - net-snmp 5.9.3+dfsg-1 (bug #1016139) + NOTE: https://fossies.org/linux/net-snmp/CHANGES (fixed in 5.9.3) + NOTE: https://github.com/net-snmp/net-snmp/commit/67ebb43e9038b2dae6e74ae8838b36fcc10fc937 (v5.9.2.pre1) + NOTE: https://github.com/net-snmp/net-snmp/commit/9a0cd7c00947d5e1c6ceb54558d454f87c3b8341 (v5.9.2.pre1) +CVE-2022-24804 (Discourse is an open source platform for community discussion. In stab ...) + NOT-FOR-US: Discourse +CVE-2022-24803 (Asciidoctor-include-ext is Asciidoctor\u2019s standard include process ...) + [experimental] - ruby-asciidoctor-include-ext 0.4.0-1 + - ruby-asciidoctor-include-ext 0.4.0-2 (bug #1009035) + [bullseye] - ruby-asciidoctor-include-ext (Minor issue) + NOTE: https://github.com/jirutka/asciidoctor-include-ext/security/advisories/GHSA-v222-6mr4-qj29 + NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/c7ea001a597c7033575342c51483dab7b87ae155 (v0.4.0) + NOTE: https://github.com/jirutka/asciidoctor-include-ext/commit/cbaccf3de533cbca224bf61d0b74e4b84d41d8ee (v0.4.0) +CVE-2022-24802 (deepmerge-ts is a typescript library providing functionality to deep m ...) + NOT-FOR-US: deepmerge-ts +CVE-2022-24801 (Twisted is an event-based framework for internet applications, support ...) + {DLA-2991-1} + - twisted 22.4.0-1 (bug #1009030) + [bullseye] - twisted 20.3.0-7+deb11u1 + [buster] - twisted 18.9.0-3+deb10u1 + NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-c2jg-hw38-jrqq + NOTE: https://github.com/twisted/twisted/releases/tag/twisted-22.4.0rc1 + NOTE: https://github.com/twisted/twisted/commit/592217e951363d60e9cd99c5bbfd23d4615043ac (twisted-22.04.0rc1) +CVE-2022-24800 (October/System is the system module for October CMS, a self-hosted CMS ...) + NOT-FOR-US: October CMS +CVE-2022-24799 (wire-webapp is the web application interface for the wire messaging se ...) + NOT-FOR-US: wire-webapp +CVE-2022-24798 (Internet Routing Registry daemon version 4 is an IRR database server, ...) + NOT-FOR-US: Internet Routing Registry daemon (iird) +CVE-2022-24797 (Pomerium is an identity-aware access proxy. In distributed service mod ...) + NOT-FOR-US: Pomerium +CVE-2022-24796 (RaspberryMatic is a free and open-source operating system for running ...) + NOT-FOR-US: RaspberryMatic +CVE-2022-24795 (yajl-ruby is a C binding to the YAJL JSON parsing and generation libra ...) + {DLA-3516-1 DLA-3492-1} + - ruby-yajl 1.4.3-1 (bug #1014803) + [bullseye] - ruby-yajl (Minor issue) + [buster] - ruby-yajl (Minor issue) + [stretch] - ruby-yajl (Minor issue) + - yajl 2.1.0-4 (bug #1040036) + [bookworm] - yajl 2.1.0-3+deb12u2 + [bullseye] - yajl 2.1.0-3+deb11u2 + - burp (bug #1040146) + [bookworm] - burp (Minor issue) + [bullseye] - burp (Minor issue) + - epics-base (bug #1040159) + [bookworm] - epics-base (Minor issue) + - r-cran-jsonlite 1.8.8+dfsg-1 (bug #1040161) + [bookworm] - r-cran-jsonlite (Minor issue) + [bullseye] - r-cran-jsonlite (Minor issue) + [buster] - r-cran-jsonlite (Minor issue) + - xqilla (Vulnerable code not present; embeds not-affected ancient yajl version) + NOTE: xqilla's embedded yajl is ancient (around 0.2.2), not having the vulnerable code + NOTE: https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm + NOTE: https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6 + NOTE: https://github.com/brianmario/yajl-ruby/commit/e8de283a6d64f0902740fd09e858fc3d7d803161 + NOTE: https://github.com/lloyd/yajl/issues/239 +CVE-2022-24794 (Express OpenID Connect is an Express JS middleware implementing sign o ...) + NOT-FOR-US: Express OpenID Connect +CVE-2022-24793 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} + - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 + NOTE: https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a +CVE-2022-24792 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3194-1 DLA-3036-1} + - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (unimportant) + NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-rwgw-vwxg-q799 + NOTE: https://github.com/pjsip/pjproject/commit/947bc1ee6d05be10204b918df75a503415fd3213 + NOTE: should only affect 32bit builds. +CVE-2022-24791 (Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cran ...) + NOT-FOR-US: wasmtime +CVE-2022-24790 (Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...) + {DSA-5146-1 DLA-3083-1} + - puma 5.6.4-1 (bug #1008723) + [stretch] - puma (possibly introduces regressions) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9 + NOTE: https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5 (5-6-stable) + NOTE: https://github.com/puma/puma/commit/6c514e70f5ae0ff14c9b0091fa84bfa39b022025 (v5.6.3) +CVE-2022-24789 (C1 CMS is an open-source, .NET based Content Management System (CMS). ...) + NOT-FOR-US: C1 CMS +CVE-2022-24788 (Vyper is a pythonic Smart Contract Language for the ethereum virtual m ...) + NOT-FOR-US: Vyper +CVE-2022-24787 (Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual M ...) + NOT-FOR-US: Vyper +CVE-2022-24786 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3194-1} + - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + [stretch] - pjproject (Vulnerable code not present) + - ring 20230206.0~ds1-1 (unimportant) + NOTE: code is present in ring but ring only uses the pjsip code, not pjmedia + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-vhxv-phmx-g52q + NOTE: https://github.com/pjsip/pjproject/commit/11559e49e65bdf00922ad5ae28913ec6a198d508 +CVE-2022-24785 (Moment.js is a JavaScript date library for parsing, validating, manipu ...) + {DLA-3295-1} + - node-moment 2.29.2+ds-1 (bug #1009327) + [bullseye] - node-moment 2.29.1+ds-2+deb11u1 + [stretch] - node-moment (Nodejs in stretch not covered by security support) + NOTE: https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4 + NOTE: https://github.com/moment/moment/commit/4211bfc8f15746be4019bba557e29a7ba83d54c5 (2.29.2) +CVE-2022-24784 (Statamic is a Laravel and Git powered CMS. Before versions 3.2.39 and ...) + NOT-FOR-US: Statamic +CVE-2022-24783 (Deno is a runtime for JavaScript and TypeScript. The versions of Deno ...) + NOT-FOR-US: Deno +CVE-2022-24782 (Discourse is an open source discussion platform. Versions 2.8.2 and pr ...) + NOT-FOR-US: Discourse +CVE-2022-24781 (Geon is a board game based on solving questions about the Pythagorean ...) + NOT-FOR-US: Geon +CVE-2022-24780 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodi +CVE-2022-24779 + RESERVED +CVE-2022-24778 (The imgcrypt library provides API exensions for containerd to support ...) + NOT-FOR-US: imgcrypt +CVE-2022-24777 (grpc-swift is the Swift language implementation of gRPC, a remote proc ...) + NOT-FOR-US: grpc-swift +CVE-2022-24776 (Flask-AppBuilder is an application development framework, built on top ...) + - flask-appbuilder (Fixed before initial upload to archive) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-2ccw-7px8-vmpf + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1804 +CVE-2022-24775 (guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8 ...) + - php-guzzlehttp-psr7 1.8.5-1 (bug #1008236) + [bullseye] - php-guzzlehttp-psr7 1.7.0-1+deb11u1 + [buster] - php-guzzlehttp-psr7 1.4.2-0.1+deb10u1 + NOTE: https://github.com/guzzle/psr7/security/advisories/GHSA-q7rv-6hp3-vh96 +CVE-2022-24774 (CycloneDX BOM Repository Server is a bill of materials (BOM) repositor ...) + NOT-FOR-US: CycloneDX BOM Repository Server +CVE-2022-24773 (Forge (also called `node-forge`) is a native implementation of Transpo ...) + - node-node-forge 1.3.0~dfsg-1 + [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 + [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 + NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr + NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) +CVE-2022-24772 (Forge (also called `node-forge`) is a native implementation of Transpo ...) + - node-node-forge 1.3.0~dfsg-1 + [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 + [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 + NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g + NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) +CVE-2022-24771 (Forge (also called `node-forge`) is a native implementation of Transpo ...) + - node-node-forge 1.3.0~dfsg-1 + [bullseye] - node-node-forge 0.10.0~dfsg-3+deb11u1 + [buster] - node-node-forge 0.8.1~dfsg-1+deb10u1 + NOTE: https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765 + NOTE: https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df1 (v1.3.0) +CVE-2022-24770 (`gradio` is an open source framework for building interactive machine ...) + NOT-FOR-US: gradio +CVE-2022-24769 (Moby is an open-source project created by Docker to enable and acceler ...) + {DSA-5162-1} + - containerd 1.6.2~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c9cp-9c75-9v8c +CVE-2022-24768 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-24767 (GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when ...) + NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) +CVE-2022-24766 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) + - mitmproxy 8.1.1-1 (bug #1008948) + [bullseye] - mitmproxy (Minor issue) + [buster] - mitmproxy (Minor issue) + [stretch] - mitmproxy (Minor issue, intrusive to backport) + NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-gcx2-gvj7-pxv3 + NOTE: https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b (v8.0.0) +CVE-2022-24765 (Git for Windows is a fork of Git containing Windows-specific patches. ...) + {DSA-5332-1 DLA-3239-1} + - git 1:2.35.2-1 + [stretch] - git (Minor issue) + NOTE: https://github.com/git/git/commit/6e7ad1e4c22e7038975ba37c7413374fe566b064 (v2.30.3) + NOTE: https://github.com/git/git/commit/bdc77d1d685be9c10b88abb281a42bc620548595 (v2.30.3) + NOTE: https://github.com/git/git/commit/8959555cee7ec045958f9b6dd62e541affb7e7d9 (v2.30.3) + NOTE: https://github.com/git/git/commit/fdcad5a53e14bd397e4fa323e7fd0c3bf16dd373 (v2.30.3) + NOTE: https://github.com/git/git/commit/cb95038137e9e66fc6a6b4a0e8db62bcc521b709 (v2.30.3) (doc) + NOTE: https://github.com/git/git/commit/e47363e5a8bdf5144059d664c45c0975243ef05b (v2.30.4) (regression) + NOTE: https://github.com/git/git/commit/bb50ec3cc300eeff3aba7a2bea145aabdb477d31 (v2.30.4) (regression) + NOTE: https://github.com/git/git/commit/0f85c4a30b072a26d74af8bbf63cc8f6a5dfc1b8 (v2.30.4) (functional change mitigation / opt-out) + NOTE: https://lore.kernel.org/git/xmqqv8veb5i6.fsf@gitster.g/ + NOTE: Limitations of ownership checking for the CVE fix: + NOTE: https://lore.kernel.org/git/CAKJfoCEgiNvQJGt=rGYTaKQ1i2ihrPmX2Sz3Zxg-y66L+1Qh6g@mail.gmail.com/ + NOTE: https://github.blog/2022-04-12-git-security-vulnerability-announced/ + NOTE: See CVE-2022-29187 for further fixes +CVE-2022-24764 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m + NOTE: https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 +CVE-2022-24763 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-3036-1} + - asterisk 1:18.14.0~~rc1~dfsg+~cs6.12.40431414-1 (bug #1014976) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4 + NOTE: https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 +CVE-2022-24762 (sysend.js is a library that allows a user to send messages between pag ...) + NOT-FOR-US: sysend.js +CVE-2022-24761 (Waitress is a Web Server Gateway Interface server for Python 2 and 3. ...) + {DSA-5138-1 DLA-3000-1} + - waitress 2.1.1-1 (bug #1008013) + NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 + NOTE: https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 (v2.1.1) +CVE-2022-24760 (Parse Server is an open source http web server backend. In versions pr ...) + NOT-FOR-US: Parse Server +CVE-2022-24759 (`@chainsafe/libp2p-noise` contains TypeScript implementation of noise ...) + NOT-FOR-US: chainsafe/libp2p-noise +CVE-2022-24758 (The Jupyter notebook is a web-based notebook environment for interacti ...) + - jupyter-notebook 6.4.12-1 (bug #1014771) + [bullseye] - jupyter-notebook (Minor issue) + [buster] - jupyter-notebook (Minor issue) + NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-m87f-39q9-6f55 + NOTE: https://github.com/jupyter/notebook/commit/c219ce43c1ea25123fa70d264e7735bdf4585b1e (6.4.10) +CVE-2022-24757 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...) + - jupyter-server 1.16.0-1 (bug #1008319) + [bullseye] - jupyter-server (Minor issue) + NOTE: https://github.com/jupyter-server/jupyter_server/commit/a5683aca0b0e412672ac6218d09f74d44ca0de5a (v1.15.4) + NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-p737-p57g-4cpr +CVE-2022-24756 (Bareos is open source software for backup, archiving, and recovery of ...) + - bareos + [buster] - bareos (PAM support not yet present) + [stretch] - bareos (PAM support not yet present) + NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j + NOTE: https://github.com/bareos/bareos/pull/1115 + NOTE: https://github.com/bareos/bareos/pull/1119 + NOTE: https://github.com/bareos/bareos/pull/1121 + NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/ +CVE-2022-24755 (Bareos is open source software for backup, archiving, and recovery of ...) + - bareos + [buster] - bareos (PAM support not yet present) + [stretch] - bareos (PAM support not yet present) + NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26 + NOTE: https://github.com/bareos/bareos/pull/1115 + NOTE: https://github.com/bareos/bareos/pull/1119 + NOTE: https://github.com/bareos/bareos/pull/1121 + NOTE: https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/ +CVE-2022-24754 (PJSIP is a free and open source multimedia communication library writt ...) + {DLA-3549-1 DLA-2962-1} + - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 + NOTE: https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 +CVE-2022-24753 (Stripe CLI is a command-line tool for the Stripe eCommerce platform. A ...) + NOT-FOR-US: Stripe CLI +CVE-2022-24752 (SyliusGridBundle is a package of generic data grids for Symfony applic ...) + NOT-FOR-US: SyliusGridBundle +CVE-2022-24751 (Zulip is an open source group chat application. Starting with version ...) + - zulip-server (bug #800052) +CVE-2022-24750 (UltraVNC is a free and open source remote pc access software. A vulner ...) + NOT-FOR-US: UltraVNC +CVE-2022-24749 (Sylius is an open source eCommerce platform. In versions prior to 1.9. ...) + NOT-FOR-US: Sylius +CVE-2022-24748 (Shopware is an open commerce platform based on the Symfony php Framewo ...) + NOT-FOR-US: Shopware +CVE-2022-24747 (Shopware is an open commerce platform based on the Symfony php Framewo ...) + NOT-FOR-US: Shopware +CVE-2022-24746 (Shopware is an open commerce platform based on the Symfony php Framewo ...) + NOT-FOR-US: Shopware +CVE-2022-24745 (Shopware is an open commerce platform based on the Symfony php Framewo ...) + NOT-FOR-US: Shopware +CVE-2022-24744 (Shopware is an open commerce platform based on the Symfony php Framewo ...) + NOT-FOR-US: Shopware +CVE-2022-24743 (Sylius is an open source eCommerce platform. Prior to versions 1.10.11 ...) + NOT-FOR-US: Sylius +CVE-2022-24742 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...) + NOT-FOR-US: Sylius +CVE-2022-24741 (Nextcloud server is an open source, self hosted cloud style services p ...) + - nextcloud-server (bug #941708) +CVE-2022-24740 (Volto is a ReactJS-based frontend for the Plone Content Management Sys ...) + NOT-FOR-US: Volto +CVE-2022-24739 (alltube is an html front end for youtube-dl. On releases prior to 3.0. ...) + NOT-FOR-US: alltube +CVE-2022-24738 (Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. ...) + NOT-FOR-US: Evmos +CVE-2022-24737 (HTTPie is a command-line HTTP client. HTTPie has the practical concept ...) + - httpie 3.2.1-1 (bug #1008011) + [bullseye] - httpie (Minor issue) + [buster] - httpie (Minor issue) + [stretch] - httpie (Minor issue) + NOTE: https://github.com/httpie/httpie/security/advisories/GHSA-9w4w-cpc8-h2fq + NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0) +CVE-2022-24736 (Redis is an in-memory database that persists on disk. Prior to version ...) + [experimental] - redis 5:7.0.0-1 + - redis 5:7.0.1-4 + [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) + [buster] - redis (Minor issue; requires authed user; problematic to backport patch) + [stretch] - redis (Minor issue, problematic to backport patch to embedded Lua engine) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-3qpw-7686-5984 + NOTE: https://github.com/redis/redis/pull/10651 +CVE-2022-24735 (Redis is an in-memory database that persists on disk. By exploiting we ...) + [experimental] - redis 5:7.0.0-1 + - redis 5:7.0.1-4 + [bullseye] - redis (Minor issue; requires authed user; problematic to backport patch) + [buster] - redis (Minor issue; requires authed user; problematic to backport patch) + [stretch] - redis (Minor issue; requires authed user; problematic to backport patch) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-647m-2wmq-qmvq + NOTE: https://github.com/redis/redis/pull/10651 +CVE-2022-24734 (MyBB is a free and open source forum software. In affected versions th ...) + NOT-FOR-US: MyBB +CVE-2022-24733 (Sylius is an open source eCommerce platform. Prior to versions 1.9.10, ...) + NOT-FOR-US: Sylius +CVE-2022-24732 (Maddy Mail Server is an open source SMTP compatible email server. Vers ...) + NOT-FOR-US: Maddy Mail Server +CVE-2022-24731 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-24730 (Argo CD is a declarative, GitOps continuous delivery tool for Kubernet ...) + NOT-FOR-US: Argo CD +CVE-2022-24729 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) + - ckeditor 4.19.0+dfsg-1 + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + - ckeditor3 (bug #1015217) + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + [stretch] - ckeditor3 (EOL'd for stretch) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-f6rf-9m92-x2hh +CVE-2022-24728 (CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. ...) + - ckeditor 4.19.0+dfsg-1 + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + - ckeditor3 (bug #1015217) + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + [stretch] - ckeditor3 (EOL'd for stretch) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-4fc4-4p5g-6w89 + NOTE: https://github.com/ckeditor/ckeditor4/commit/d158413449692d920a778503502dcb22881bc949 (4.18.0) + NOTE: MITRE's referenced patch (above) does not seem related +CVE-2022-24727 + REJECTED +CVE-2022-24726 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-24725 (Shescape is a shell escape package for JavaScript. An issue in version ...) + NOT-FOR-US: Node shescape +CVE-2022-24724 (cmark-gfm is GitHub's extended version of the C reference implementati ...) + - cmark-gfm 0.29.0.gfm.3-3 (bug #1006756) + [bullseye] - cmark-gfm (Minor issue) + [buster] - cmark-gfm (Minor issue) + - ghostwriter 2.1.6+ds-1 (bug #1006757) + [bullseye] - ghostwriter (Vulnerable code not present) + [buster] - ghostwriter (Vulnerable code not present) + - python-cmarkgfm 0.7.0-1 (bug #1006758) + [bullseye] - python-cmarkgfm (Minor issue) + [buster] - python-cmarkgfm (Minor issue) + - ruby-commonmarker 0.23.4-1 (bug #1006759) + [bullseye] - ruby-commonmarker (Minor issue) + [buster] - ruby-commonmarker (Minor issue) + - r-cran-commonmark 1.8.0-1 (bug #1006760) + [bullseye] - r-cran-commonmark (Minor issue) + [buster] - r-cran-commonmark (Minor issue) + NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x + NOTE: https://github.com/github/cmark-gfm/releases/tag/0.29.0.gfm.3 + NOTE: https://github.com/github/cmark-gfm/commit/ac80f7b56522ffa158e1f0c14a611ffccacd4027 (0.29.0.gfm.3) + NOTE: https://github.com/gjtorikian/commonmarker/26ff69679d1bf53adf43279236a7f74d06013f4c (v0.23.4) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2258 +CVE-2022-24723 (URI.js is a Javascript URL mutation library. Before version 1.19.9, wh ...) + - node-urijs (bug #902083) + NOTE: https://github.com/medialize/uri.js/commit/86d10523a6f6e8dc4300d99d671335ee362ad316 (v1.19.9) + NOTE: https://github.com/medialize/URI.js/releases/tag/v1.19.9 +CVE-2022-24722 (VIewComponent is a framework for building view components in Ruby on R ...) + NOT-FOR-US: VIewComponent +CVE-2022-24721 (CometD is a scalable comet implementation for web messaging. In any ve ...) + NOT-FOR-US: CometD +CVE-2022-24720 (image_processing is an image processing wrapper for libvips and ImageM ...) + {DSA-5310-1} + - ruby-image-processing 1.10.3-2 (bug #1007225) + NOTE: https://github.com/janko/image_processing/security/advisories/GHSA-cxf7-qrc5-9446 + NOTE: https://github.com/janko/image_processing/commit/038e4574e8f4f4b636a62394e09983c71980dada (v1.12.2) +CVE-2022-24719 (Fluture-Node is a FP-style HTTP and streaming utils for Node based on ...) + NOT-FOR-US: Fluture-Node +CVE-2022-24718 (ssr-pages is an HTML page builder for the purpose of server-side rende ...) + NOT-FOR-US: ssr-pages +CVE-2022-24717 (ssr-pages is an HTML page builder for the purpose of server-side rende ...) + NOT-FOR-US: ssr-pages +CVE-2022-24716 (Icinga Web 2 is an open source monitoring web interface, framework and ...) + - icingaweb2 2.9.6-1 + [bullseye] - icingaweb2 (Vulnerable code not present) + [buster] - icingaweb2 (Vulnerable code not present) + [stretch] - icingaweb2 (vulnerable code not present) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-5p3f-rh28-8frw + NOTE: https://github.com/Icinga/icingaweb2/commit/9931ed799650f5b8d5e1dc58ea3415a4cdc5773d +CVE-2022-24715 (Icinga Web 2 is an open source monitoring web interface, framework and ...) + - icingaweb2 2.9.6-1 + [bullseye] - icingaweb2 (Minor issue) + [buster] - icingaweb2 (Minor issue) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-v9mv-h52f-7g63 + NOTE: https://github.com/Icinga/icingaweb2/commit/a06d915467ca943a4b406eb9587764b8ec34cafb +CVE-2022-24714 (Icinga Web 2 is an open source monitoring web interface, framework and ...) + - icingaweb2 2.9.6-1 + [bullseye] - icingaweb2 (Minor issue) + [buster] - icingaweb2 (Minor issue) + [stretch] - icingaweb2 (vulnerable code not present) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-qcmg-vr56-x9wf + NOTE: https://github.com/Icinga/icingaweb2/commit/6e989d05a1568a6733a3d912001251acc51d9293 +CVE-2022-24713 (regex is an implementation of regular expressions for the Rust languag ...) + {DSA-5118-1 DSA-5113-1 DLA-2978-1 DLA-2971-1} + - firefox 99.0-1 + - firefox-esr 91.8.0esr-1 + - thunderbird 1:91.8.0-1 + - rust-regex 1.5.5-1 (bug #1007176) + [bullseye] - rust-regex (Minor issue) + [buster] - rust-regex (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2022-0013.html + NOTE: https://github.com/rust-lang/regex/security/advisories/GHSA-m5pq-gvj9-9vr8 + NOTE: https://github.com/rust-lang/regex/commit/ae70b41d4f46641dbc45c7a4f87954aea356283e (1.5.5) + NOTE: https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-13/#CVE-2022-24713 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/#CVE-2022-24713 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-15/#CVE-2022-24713 +CVE-2022-24712 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) + - codeigniter (bug #471583) +CVE-2022-24711 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) + - codeigniter (bug #471583) +CVE-2022-24710 (Weblate is a copyleft software web-based continuous localization syste ...) + - weblate (bug #745661) +CVE-2022-24709 (@awsui/components-react is the main AWS UI package which contains Reac ...) + NOT-FOR-US: Node components-react +CVE-2022-24708 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2022-24707 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2022-24706 (In Apache CouchDB prior to 3.2.2, an attacker can access an improperly ...) + - couchdb + NOTE: https://www.openwall.com/lists/oss-security/2022/04/26/1 +CVE-2022-24705 (The rad_packet_recv function in radius/packet.c suffers from a memcpy ...) + NOT-FOR-US: ACCEL-PPP +CVE-2022-24704 (The rad_packet_recv function in opt/src/accel-pppd/radius/packet.c suf ...) + NOT-FOR-US: ACCEL-PPP +CVE-2022-23922 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) + NOT-FOR-US: WIN-911 +CVE-2022-23104 (WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguratio ...) + NOT-FOR-US: WIN-911 +CVE-2022-0563 (A flaw was found in the util-linux chfn and chsh utilities when compil ...) + - util-linux (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2053151 + NOTE: https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u + NOTE: https://github.com/util-linux/util-linux/commit/faa5a3a83ad0cb5e2c303edbfd8cd823c9d94c17 + NOTE: util-linux in Debian does build with readline support but chfn and chsh are provided + NOTE: by src:shadow and util-linux is configured with --disable-chfn-chsh +CVE-2022-0562 (Null source pointer passed as an argument to memcpy() function within ...) + {DSA-5108-1 DLA-2932-1} + - tiff 4.3.0-4 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/561599c99f987dc32ae110370cfdd7df7975586b +CVE-2022-0561 (Null source pointer passed as an argument to memcpy() function within ...) + {DSA-5108-1 DLA-2932-1} + - tiff 4.3.0-4 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/362 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/eecb0712f4c3a5b449f70c57988260a667ddbdef +CVE-2022-0560 (Open Redirect in Packagist microweber/microweber prior to 1.2.11.) + NOT-FOR-US: microweber +CVE-2022-0559 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/aa80adb7-e900-44a5-ad05-91f3ccdfc81e + NOTE: https://github.com/radareorg/radare2/commit/b5cb90b28ec71fda3504da04e3cc94a362807f5e +CVE-2022-0558 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + NOT-FOR-US: microweber +CVE-2022-0557 (OS Command Injection in Packagist microweber/microweber prior to 1.2.1 ...) + NOT-FOR-US: microweber +CVE-2022-24703 + RESERVED +CVE-2022-24702 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF ...) + NOT-FOR-US: WinAPRS +CVE-2022-24701 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in nationa ...) + NOT-FOR-US: WinAPRS +CVE-2022-24700 (An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI ad ...) + NOT-FOR-US: WinAPRS +CVE-2022-0556 (A local privilege escalation vulnerability caused by incorrect permiss ...) + NOT-FOR-US: Zyxel +CVE-2022-0555 + RESERVED +CVE-2022-0554 (Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior ...) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/7e8f6cd0-b5ee-48a2-8255-6a86f4c46c71/ + NOTE: https://github.com/vim/vim/commit/e3537aec2f8d6470010547af28dcbd83d41461b8 (v8.2.4327) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0553 (There is no check to see if slot 0 is being uploaded from the device t ...) + NOT-FOR-US: Zephyr +CVE-2022-0552 (A flaw was found in the original fix for the netty-codec-http CVE-2021 ...) + NOT-FOR-US: Red Hat OpenShift Logging elasticsearch6 container +CVE-2022-24699 + RESERVED +CVE-2022-24698 + RESERVED +CVE-2022-24697 (Kylin's cube designer function has a command injection vulnerability w ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2022-0551 (Improper Input Validation vulnerability in project file upload in Nozo ...) + NOT-FOR-US: Nozomi Networks +CVE-2022-0550 (Improper Input Validation vulnerability in custom report logo upload i ...) + NOT-FOR-US: Nozomi Networks +CVE-2022-0549 (An issue has been discovered in GitLab CE/EE affecting all versions be ...) + [experimental] - gitlab 14.6.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2022-0548 + RESERVED +CVE-2022-24696 (Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a ...) + NOT-FOR-US: Mirametrix Glance +CVE-2022-24695 (Bluetooth Classic in Bluetooth Core Specification through 5.3 does not ...) + NOT-FOR-US: Bluetooth protocol issue +CVE-2022-24694 (In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before ...) + - mahara +CVE-2022-24693 (Baicells Nova436Q and Neutrino 430 devices with firmware through QRTB ...) + NOT-FOR-US: Baicells Nova436Q and Neutrino 430 devices +CVE-2022-24692 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The n ...) + NOT-FOR-US: DSK DSKNet +CVE-2022-24691 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A SQL ...) + NOT-FOR-US: DSK DSKNet +CVE-2022-24690 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. A Pre ...) + NOT-FOR-US: DSK DSKNet +CVE-2022-24689 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mi ...) + NOT-FOR-US: DSK DSKNet +CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The T ...) + NOT-FOR-US: DSK DSKNet +CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...) + - consul 1.9.17+dfsg2-1 (bug #1006487) + [bullseye] - consul (EOL in Bullseye) + [buster] - consul (Vulnerable Code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/ + NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (v1.9.15) +CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 +CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561 + NOTE: https://github.com/hashicorp/nomad/issues/12038 +CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562 + NOTE: https://github.com/hashicorp/nomad/issues/12039 + NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6) +CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560 +CVE-2022-24682 (An issue was discovered in the Calendar feature in Zimbra Collaboratio ...) + NOT-FOR-US: Zimbra +CVE-2022-24681 (Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the we ...) + NOT-FOR-US: Zoho +CVE-2022-24680 (A security link following local privilege escalation vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2022-24679 (A security link following local privilege escalation vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2022-24678 (An security agent resource exhaustion denial-of-service vulnerability ...) + NOT-FOR-US: Trend Micro +CVE-2022-24677 (Admin.php in HYBBS2 through 2.3.2 allows remote code execution because ...) + NOT-FOR-US: HYBBS2 +CVE-2022-24676 (update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file ...) + NOT-FOR-US: HYBBS2 +CVE-2022-24675 (encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode ...) + - golang-1.18 1.18.1-1 + - golang-1.17 1.17.9-1 + NOTE: https://groups.google.com/g/golang-announce/c/oecdBNLOml8 + NOTE: https://go.dev/issue/51853 +CVE-2022-24674 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Canon +CVE-2022-24673 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Canon +CVE-2022-24672 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Canon +CVE-2022-24383 (The affected product is vulnerable to an out-of-bounds read, which may ...) + NOT-FOR-US: Fuji Electric +CVE-2022-21228 (The affected product is vulnerable to a stack-based buffer overflow, w ...) + NOT-FOR-US: Fuji Electric +CVE-2022-21214 (The affected product is vulnerable to a heap-based buffer overflow, wh ...) + NOT-FOR-US: Fuji Electric +CVE-2022-21202 (The affected product is vulnerable to an out-of-bounds read, which may ...) + NOT-FOR-US: Fuji Electric +CVE-2022-21168 (The affected product is vulnerable due to an invalid pointer initializ ...) + NOT-FOR-US: Fuji Electric +CVE-2022-24671 (A link following privilege escalation vulnerability in Trend Micro Ant ...) + NOT-FOR-US: Trend Micro +CVE-2022-24670 (An attacker can use the unrestricted LDAP queries to determine configu ...) + NOT-FOR-US: forgerock +CVE-2022-24669 (It may be possible to gain some details of the deployment through a we ...) + NOT-FOR-US: forgerock +CVE-2022-0547 (OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass ...) + {DLA-2992-1} + - openvpn 2.5.6-1 (bug #1008015) + [bullseye] - openvpn (Minor issue) + [buster] - openvpn (Minor issue) + NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2022-0547 + NOTE: https://github.com/OpenVPN/openvpn/commit/58ec3bb4aac77131118dbbc39a65181e7847adee (v2.4.12) + NOTE: https://github.com/OpenVPN/openvpn/commit/af3e382649d96ae77cc5e42be8270f355e5cfec5 (v2.5.6) +CVE-2022-0546 (A missing bounds check in the image loader used in Blender 3.x and 2.9 ...) + {DSA-5176-1 DLA-3060-1} + - blender 3.1.2+dfsg-1 + NOTE: Issue: https://developer.blender.org/T94572 + NOTE: Patch: https://developer.blender.org/D11952 + NOTE: https://developer.blender.org/rB77616082f44da5258faf9ec0d53618c721b88c62 (v3.1.0) + NOTE: https://developer.blender.org/rB1ee4e6bf31ff32f87f9cd1eafa548d6811794380 (v2.93.9) +CVE-2022-0545 (An integer overflow in the processing of loaded 2D images leads to a w ...) + {DSA-5176-1 DLA-3060-1} + - blender 3.1.2+dfsg-1 + NOTE: Issue: https://developer.blender.org/T94629 + NOTE: Patch: https://developer.blender.org/D13744 + NOTE: https://developer.blender.org/rB82858ca3f4e6dc6f840af9306c350900abd491fc (v3.1.0) + NOTE: https://developer.blender.org/rBe07f16776bca5e9494e6b143170f31d5eeb160ce (v2.93.8) + NOTE: https://developer.blender.org/rB63fdcbb5889e31b5f07d8d5c8e923cc57900fe1b (v2.83.19) +CVE-2022-0544 (An integer underflow in the DDS loader of Blender leads to an out-of-b ...) + {DSA-5176-1 DLA-3060-1} + - blender 3.1.2+dfsg-1 + NOTE: Issue: https://developer.blender.org/T94661 + NOTE: https://developer.blender.org/rBd9dd8c287f57716a827483973c31bbb2face2816 (v3.1.0) + NOTE: https://developer.blender.org/rBbbad834f1c2a1f7030ed9741c486b23241e8885e (v2.93.8) + NOTE: https://developer.blender.org/rB0ac83d05d7cccec436bb939e0aa768f6a3d77d72 (v2.83.19) +CVE-2022-0543 (It was discovered, that redis, a persistent key-value database, due to ...) + {DSA-5081-1} + - redis 5:6.0.16-2 (bug #1005787) + [stretch] - redis (Lua support plus packaging issue introduced later) + NOTE: https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce +CVE-2022-0542 (Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoo ...) + NOT-FOR-US: chatwoot +CVE-2022-0541 (The flo-launch WordPress plugin before 2.4.1 injects code into wp-conf ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0540 (A vulnerability in Jira Seraph allows a remote, unauthenticated attack ...) + NOT-FOR-US: Jira Seraph +CVE-2022-0539 (Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_c ...) + NOT-FOR-US: beanstalk_console +CVE-2022-0538 (Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStr ...) + - jenkins +CVE-2022-0537 (The MapPress Maps for WordPress plugin before 2.73.13 allows a high pr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0536 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + - node-follow-redirects 1.14.8+~1.14.0-1 + [bullseye] - node-follow-redirects 1.13.1-1+deb11u1 + [buster] - node-follow-redirects (Minor issue, too intrusive to backport) + NOTE: https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db/ + NOTE: https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445 (v1.14.8) +CVE-2022-0535 (The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0534 (A vulnerability was found in htmldoc version 1.9.15 where the stack ou ...) + {DLA-2928-1} + - htmldoc 1.9.15-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u2 + [buster] - htmldoc 1.9.3-1+deb10u3 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/463 + NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50 (v1.9.15) + NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 (v1.9.15) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0533 (The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0532 (An incorrect sysctls validation vulnerability was found in CRI-O 1.18 ...) + - cri-o (bug #979702) +CVE-2022-0531 (The Migration, Backup, Staging WordPress plugin before 0.9.70 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0530 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) + {DSA-5202-1 DLA-3118-1} + - unzip 6.0-27 (bug #1010355) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051395 + NOTE: https://github.com/ByteHackr/unzip_poc + NOTE: Unclear status, checking with upstream +CVE-2022-0529 (A flaw was found in Unzip. The vulnerability occurs during the convers ...) + {DSA-5202-1 DLA-3118-1} + - unzip 6.0-27 (bug #1010355) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2051402 + NOTE: https://github.com/ByteHackr/unzip_poc + NOTE: Unclear status, checking with upstream +CVE-2021-46681 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46680 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46679 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46678 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46677 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2021-46676 (A XSS vulnerability exist in Pandora FMS version 756 and below, that a ...) + NOT-FOR-US: Pandora FMS +CVE-2022-24668 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + NOT-FOR-US: swift-nio-http2 +CVE-2022-24667 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + NOT-FOR-US: swift-nio-http2 +CVE-2022-24666 (A program using swift-nio-http2 is vulnerable to a denial of service a ...) + NOT-FOR-US: swift-nio-http2 +CVE-2022-0528 (Server-Side Request Forgery (SSRF) in GitHub repository transloadit/up ...) + NOT-FOR-US: Node uppy +CVE-2022-0527 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) + NOT-FOR-US: chatwoot +CVE-2022-0526 (Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chat ...) + NOT-FOR-US: chatwoot +CVE-2022-0525 (Out-of-bounds Read in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/e19e109f-acf0-4048-8ee8-1b10a870f1e9 + NOTE: https://github.com/mruby/mruby/commit/0849a2885f81cfd82134992c06df3ccd59052ac7 +CVE-2022-0524 (Business Logic Errors in GitHub repository publify/publify prior to 9. ...) + NOT-FOR-US: Publify +CVE-2022-0523 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/9d8d6ae0-fe00-40b9-ae1e-b0e8103bac69 + NOTE: https://github.com/radareorg/radare2/commit/35482cb760db10f87a62569e2f8872dbd95e9269 +CVE-2022-0522 (Access of Memory Location Before Start of Buffer in NPM radare2.js pri ...) + NOT-FOR-US: Node radare2.js +CVE-2022-0521 (Access of Memory Location After End of Buffer in GitHub repository rad ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/4d436311-bbf1-45a3-8774-bdb666d7f7ca + NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 +CVE-2022-0520 (Use After Free in NPM radare2.js prior to 5.6.2.) + NOT-FOR-US: Node radare2.js +CVE-2022-0519 (Buffer Access with Incorrect Length Value in GitHub repository radareo ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/af85b9e1-d1cf-4c0e-ba12-525b82b7c1e3 + NOTE: https://github.com/radareorg/radare2/commit/6c4428f018d385fc80a33ecddcb37becea685dd5 +CVE-2022-0518 (Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prio ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/10051adf-7ddc-4042-8fd0-8e9e0c5b1184 + NOTE: https://github.com/radareorg/radare2/commit/9650e3c352f675687bf6c6f65ff2c4a3d0e288fa +CVE-2022-0517 (Mozilla VPN can load an OpenSSL configuration file from an unsecured d ...) + NOT-FOR-US: Mozilla VPN +CVE-2022-0516 (A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/k ...) + {DSA-5092-1} + - linux 5.16.10-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/2c212e1baedcd782b2535a3f86bc491977677c0e + NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/2 +CVE-2022-24665 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) + NOT-FOR-US: PHP Everywhere +CVE-2022-24664 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) + NOT-FOR-US: PHP Everywhere +CVE-2022-24663 (PHP Everywhere <= 2.0.3 included functionality that allowed execution ...) + NOT-FOR-US: PHP Everywhere +CVE-2022-24662 + RESERVED +CVE-2022-24661 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2022-24660 (The debug interface of Goldshell ASIC Miners v2.2.1 and below was disc ...) + NOT-FOR-US: Goldshell ASIC Miners +CVE-2022-24659 (Goldshell ASIC Miners v2.2.1 and below was discovered to contain a pat ...) + NOT-FOR-US: Goldshell ASIC Miners +CVE-2022-24658 + RESERVED +CVE-2022-24657 (Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded crede ...) + NOT-FOR-US: Goldshell ASIC Miners +CVE-2022-24656 (HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting ...) + NOT-FOR-US: HexoEditor +CVE-2022-24655 (A stack overflow vulnerability exists in the upnpd service in Netgear ...) + NOT-FOR-US: Netgear +CVE-2022-24654 (Authenticated stored cross-site scripting (XSS) vulnerability in "Fiel ...) + NOT-FOR-US: Intelbras ATA 200 +CVE-2022-24653 + RESERVED +CVE-2022-24652 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...) + NOT-FOR-US: sentcms +CVE-2022-24651 (sentcms 4.0.x allows remote attackers to cause arbitrary file uploads ...) + NOT-FOR-US: sentcms +CVE-2022-24650 + RESERVED +CVE-2022-24649 + RESERVED +CVE-2022-24648 + RESERVED +CVE-2022-24647 (Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vu ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-24646 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-24645 + RESERVED +CVE-2022-24644 (ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code e ...) + NOT-FOR-US: KeyMouse +CVE-2022-24643 (A stored cross-site scripting (XSS) issue was discovered in the OpenEM ...) + NOT-FOR-US: OpenEMR +CVE-2022-24642 + RESERVED +CVE-2022-24641 + RESERVED +CVE-2022-24640 + RESERVED +CVE-2022-24639 + RESERVED +CVE-2022-24638 + RESERVED +CVE-2022-24637 (Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote ...) + NOT-FOR-US: Open Web Analytics (OWA) +CVE-2022-24636 + RESERVED +CVE-2022-24635 + RESERVED +CVE-2022-24634 + RESERVED +CVE-2022-24633 (All versions of FileCloud prior to 21.3 are vulnerable to user enumera ...) + NOT-FOR-US: FileCloud +CVE-2022-24632 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24631 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24630 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24629 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24628 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24627 (An issue was discovered in AudioCodes Device Manager Express through 7 ...) + NOT-FOR-US: AudioCodes Device Manager Express +CVE-2022-24626 + RESERVED +CVE-2022-24625 + RESERVED +CVE-2022-24624 + RESERVED +CVE-2022-24623 + RESERVED +CVE-2022-24622 + RESERVED +CVE-2022-24621 + RESERVED +CVE-2022-24620 (Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XS ...) + - piwigo +CVE-2022-24619 + RESERVED +CVE-2022-24618 (Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and e ...) + NOT-FOR-US: Heimdal Premium Security +CVE-2022-24617 + RESERVED +CVE-2022-24616 + RESERVED +CVE-2022-24615 (zip4j up to v2.10.0 can throw various uncaught exceptions while parsin ...) + - zip4j 2.10.0-1 + [bullseye] - zip4j (Minor issue) + NOTE: https://github.com/srikanth-lingala/zip4j/issues/377 +CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor up to 2 ...) + - libmetadata-extractor-java (unimportant) + NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561 + NOTE: Fixed in 2.18.0 but per upstream there's no real security impact: + NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784 +CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...) + - libmetadata-extractor-java (unimportant) + NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561 + NOTE: Fixed in 2.18.0 but per upstream there's no real security impact: + NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784 +CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...) + NOT-FOR-US: EyesOfNetwork (EON) eonweb +CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...) + NOT-FOR-US: Z-Wave devices +CVE-2022-24610 (Settings/network settings/wireless settings on the Alecto DVC-215IP ca ...) + NOT-FOR-US: Alecto +CVE-2022-24609 (Luocms v2.0 is affected by an incorrect access control vulnerability. ...) + NOT-FOR-US: Luocms +CVE-2022-24608 (Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/s ...) + NOT-FOR-US: Luocms +CVE-2022-24607 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_ok.php.) + NOT-FOR-US: Luocms +CVE-2022-24606 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.) + NOT-FOR-US: Luocms +CVE-2022-24605 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.) + NOT-FOR-US: Luocms +CVE-2022-24604 (Luocms v2.0 is affected by SQL Injection in /admin/link/link_mod.php.) + NOT-FOR-US: Luocms +CVE-2022-24603 (Luocms v2.0 is affected by SQL Injection in /admin/news/sort_mod.php.) + NOT-FOR-US: Luocms +CVE-2022-24602 (Luocms v2.0 is affected by SQL Injection in /admin/news/news_mod.php.) + NOT-FOR-US: Luocms +CVE-2022-24601 (Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.p ...) + NOT-FOR-US: Luocms +CVE-2022-24600 (Luocms v2.0 is affected by SQL Injection through /admin/login.php. An ...) + NOT-FOR-US: Luocms +CVE-2022-24599 (In autofile Audio File Library 0.3.6, there exists one memory leak vul ...) + {DLA-3650-1} + - audiofile 0.3.6-6 (bug #1008017) + [bookworm] - audiofile (Minor issue) + [bullseye] - audiofile (Minor issue) + [stretch] - audiofile (Minor issue) + NOTE: https://github.com/mpruett/audiofile/issues/60 +CVE-2022-24598 + RESERVED +CVE-2022-24597 + RESERVED +CVE-2022-24596 + RESERVED +CVE-2022-24595 (Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0. ...) + NOT-FOR-US: Automotive Grade Linux Kooky Koi +CVE-2022-24594 (In waline 1.6.1, an attacker can submit messages using X-Forwarded-For ...) + NOT-FOR-US: waline +CVE-2022-24593 + RESERVED +CVE-2022-24592 + RESERVED +CVE-2022-24591 + RESERVED +CVE-2022-24590 (A stored cross-site scripting (XSS) vulnerability in the Add Link func ...) + - backdrop (bug #914257) +CVE-2022-24589 (Burden v3.0 was discovered to contain a stored cross-site scripting (X ...) + NOT-FOR-US: Burden +CVE-2022-24588 (Flatpress v1.2.1 was discovered to contain a cross-site scripting (XSS ...) + NOT-FOR-US: Flatpress +CVE-2022-24587 (A stored cross-site scripting (XSS) vulnerability in the component cor ...) + - pluxml (bug #1008264) + [buster] - pluxml (EOL in buster LTS) + NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24587/CVE-2022-24587.pdf +CVE-2022-24586 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) + - pluxml (bug #1008264) + [buster] - pluxml (EOL in buster LTS) + NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24586/CVE-2022-24586.pdf +CVE-2022-24585 (A stored cross-site scripting (XSS) vulnerability in the component /co ...) + - pluxml (bug #1008264) + [buster] - pluxml (EOL in buster LTS) + NOTE: https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24585/CVE-2022-24585.pdf +CVE-2022-24584 (Incorrect access control in Yubico OTP functionality of the YubiKey ha ...) + NOT-FOR-US: yubico.com +CVE-2022-24583 + RESERVED +CVE-2022-24582 (Accounting Journal Management 1.0 is vulnerable to XSS-PHPSESSID-Hijac ...) + NOT-FOR-US: Accounting Journal Management +CVE-2022-24581 (ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture v ...) + NOT-FOR-US: ACEweb Online Portal +CVE-2022-24580 + REJECTED +CVE-2022-24579 + RESERVED +CVE-2022-24578 (GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddStrin ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/1691cca3-ab54-4259-856b-751be2395b11/ + NOTE: https://github.com/gpac/gpac/commit/b5741da08e88e8dcc8da0a7669b92405b9862850 (v2.0.0) +CVE-2022-24577 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/0758b3a2-8ff2-45fc-8543-7633d605d24e/ + NOTE: https://github.com/gpac/gpac/commit/586e817dcd531bb3e75438390f1f753cfe6e940a (v2.0.0) +CVE-2022-24576 (GPAC 1.0.1 is affected by Use After Free through MP4Box.) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2061 + NOTE: https://huntr.dev/bounties/011ac07c-6139-4f43-b745-424143e60ac7/ + NOTE: https://github.com/gpac/gpac/commit/96699aabae042f8f55cf8a85fa5758e3db752bae (v2.0.0) +CVE-2022-24575 (GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2058 + NOTE: https://huntr.dev/bounties/1d9bf402-f756-4583-9a1d-436722609c1e/ + NOTE: https://github.com/gpac/gpac/commit/b13e9986aa1134c764b0d84f0f66328429b9c2eb (v2.0.0) +CVE-2022-24574 (GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_f ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://huntr.dev/bounties/a08437cc-25aa-4116-8069-816f78a2247c/ + NOTE: https://github.com/gpac/gpac/issues/2055 + NOTE: https://github.com/gpac/gpac/commit/9f8510835b97a729baf3646a3171bf51b4a8592e (v2.0.0) +CVE-2022-24573 (A stored cross-site scripting (XSS) vulnerability in the admin interfa ...) + NOT-FOR-US: Element-IT +CVE-2022-24572 (Car Driving School Management System v1.0 is affected by Cross Site Sc ...) + NOT-FOR-US: Car Driving School Management System +CVE-2022-24571 (Car Driving School Management System v1.0 is affected by SQL injection ...) + NOT-FOR-US: Car Driving School Management System +CVE-2022-24570 + RESERVED +CVE-2022-24569 + RESERVED +CVE-2022-24568 (Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Reque ...) + NOT-FOR-US: Novel-plus +CVE-2022-24567 + RESERVED +CVE-2022-24566 (In Checkmk <=2.0.0p19 fixed in 2.0.0p20 and Checkmk <=1.6.0p27 fixed i ...) + - check-mk +CVE-2022-24565 (Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1 ...) + - check-mk +CVE-2022-24564 (Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability ...) + - check-mk +CVE-2022-24563 (In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: Genixcms +CVE-2022-24562 (In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send G ...) + NOT-FOR-US: IOBit +CVE-2022-24561 + RESERVED +CVE-2022-24560 + RESERVED +CVE-2022-24559 + RESERVED +CVE-2022-24558 + RESERVED +CVE-2022-24557 + RESERVED +CVE-2022-24556 + RESERVED +CVE-2022-24555 + RESERVED +CVE-2022-24554 + RESERVED +CVE-2022-24553 (An issue was found in Zfaka <= 1.4.5. The verification of the backgrou ...) + NOT-FOR-US: Zfaka +CVE-2022-24552 (A flaw was found in the REST API in StarWind Stack. REST command, whic ...) + NOT-FOR-US: StarWind +CVE-2022-24551 (A flaw was found in StarWind Stack. The endpoint for setting a new pas ...) + NOT-FOR-US: StarWind +CVE-2022-24550 (Windows Telephony Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24549 (Windows AppX Package Manager Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24548 (Microsoft Defender Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24547 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24546 (Windows DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24545 (Windows Kerberos Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24544 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24543 (Windows Upgrade Assistant Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24542 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24541 (Windows Server Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24540 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24539 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-24538 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24537 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24536 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24535 + RESERVED +CVE-2022-24534 (Win32 Stream Enumeration Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24533 (Remote Desktop Protocol Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24532 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24531 + RESERVED +CVE-2022-24530 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24529 + RESERVED +CVE-2022-24528 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24527 (Windows Endpoint Configuration Manager Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-24526 (Visual Studio Code Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24525 (Windows Update Stack Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24524 + RESERVED +CVE-2022-24523 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24522 (Skype Extension for Chrome Information Disclosure Vulnerability) + NOT-FOR-US: Skype Extension for Chrome +CVE-2022-24521 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-24520 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24519 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24518 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24517 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24516 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24515 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24514 + RESERVED +CVE-2022-24513 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24512 (.NET and Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2022-24511 (Microsoft Office Word Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24510 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24509 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24508 (Win32 File Enumeration Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24507 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2022-24506 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24505 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24504 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-24503 (Remote Desktop Protocol Client Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24502 (Windows HTML Platforms Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24501 (VP9 Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24500 (Windows SMB Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24499 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24498 (Windows iSCSI Target Service Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24497 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24496 (Windows Local Security Authority (LSA) Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-24495 (Windows Direct Show - Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24494 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2022-24493 (Microsoft Local Security Authority (LSA) Server Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2022-24492 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24491 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24490 (Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-24489 (Cluster Client Failover (CCF) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24488 (Windows Desktop Bridge Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24487 (Windows Local Security Authority (LSA) Remote Code Execution Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-24486 (Windows Kerberos Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24485 (Win32 File Enumeration Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24484 (Windows Cluster Shared Volume (CSV) Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24483 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24482 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24481 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-24480 (Outlook for Android Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-24479 (Connected User Experiences and Telemetry Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-24478 + RESERVED +CVE-2022-24477 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24476 + RESERVED +CVE-2022-24475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24474 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24473 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24472 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24471 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24470 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24469 (Azure Site Recovery Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24468 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24467 (Azure Site Recovery Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24466 (Windows Hyper-V Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-24465 (Microsoft Intune Portal for iOS Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24464 (.NET and Visual Studio Denial of Service Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2022-24463 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24462 (Microsoft Word Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24461 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24460 (Tablet Windows User Interface Application Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2022-24459 (Windows Fax and Scan Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24458 + RESERVED +CVE-2022-24457 (HEIF Image Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24456 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24455 (Windows CD-ROM Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24454 (Windows Security Support Provider Interface Elevation of Privilege Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-24453 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24452 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24451 (VP9 Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-24450 (NATS nats-server before 2.7.2 has Incorrect Access Control. Any authen ...) + - nats-server (Fixed before initial upload to Debian) + NOTE: https://advisories.nats.io/CVE/CVE-2022-24450.txt +CVE-2022-24449 (Solar appScreener through 3.10.4, when a valid license is not present, ...) + NOT-FOR-US: Solar appScreener +CVE-2022-24448 (An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.1 ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.7-1 + NOTE: Fixed by: https://git.kernel.org/linus/ac795161c93699d600db16c1a8cc23a65a1eceaf (5.17-rc2) +CVE-2022-24447 (An issue was discovered in Zoho ManageEngine Key Manager Plus before 6 ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-24446 (An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-24445 + REJECTED +CVE-2022-24444 (Silverstripe silverstripe/framework through 4.10 allows Session Fixati ...) + NOT-FOR-US: Silverstripe CMS +CVE-2022-24443 + RESERVED +CVE-2022-24442 (JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server- ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-24428 (Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2. ...) + NOT-FOR-US: Dell +CVE-2022-24427 + REJECTED +CVE-2022-24426 (Dell Command | Update, Dell Update, and Alienware Update version 4.4.0 ...) + NOT-FOR-US: Dell +CVE-2022-24425 + REJECTED +CVE-2022-24424 (Dell EMC AppSync versions from 3.9 to 4.3 contain a path traversal vul ...) + NOT-FOR-US: EMC +CVE-2022-24423 (Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service v ...) + NOT-FOR-US: EMC +CVE-2022-24422 (Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, con ...) + NOT-FOR-US: Dell +CVE-2022-24421 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24420 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24419 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24418 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24417 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24416 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24415 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2022-24414 (Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is expos ...) + NOT-FOR-US: EMC +CVE-2022-24413 (Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-t ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-24412 (Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling ...) + NOT-FOR-US: EMC +CVE-2022-24411 (Dell PowerScale OneFS 8.2.2 and above contain an elevation of privileg ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-24410 (Dell BIOS contains an information exposure vulnerability. An unauthent ...) + NOT-FOR-US: Dell +CVE-2022-24409 (Dell BSAFE SSL-J contains remediation for a covert timing channel vuln ...) + NOT-FOR-US: Dell +CVE-2022-24380 + RESERVED +CVE-2022-22147 + RESERVED +CVE-2022-21130 + RESERVED +CVE-2022-0515 (Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/ ...) + NOT-FOR-US: Crater +CVE-2022-0514 (Business Logic Errors in GitHub repository crater-invoice/crater prior ...) + NOT-FOR-US: Crater +CVE-2022-0513 (The WP Statistics WordPress plugin is vulnerable to SQL Injection due ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0512 (Authorization Bypass Through User-Controlled Key in NPM url-parse prio ...) + {DLA-3336-1} + - node-url-parse 1.5.7-1 + [bullseye] - node-url-parse (Minor issue) + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/6d1bc51f-1876-4f5b-a2c2-734e09e8e05b + NOTE: https://github.com/unshiftio/url-parse/commit/9be7ee88afd2bb04e4d5a1a8da9a389ac13f8c40 (1.5.6) +CVE-2022-0511 (Mozilla developers and community members Gabriele Svelto, Sebastian He ...) + - firefox 97.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-0511 +CVE-2022-0510 (Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore pr ...) + NOT-FOR-US: pimcore +CVE-2022-0509 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + NOT-FOR-US: pimcore +CVE-2022-0508 (Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/pee ...) + - peertube (bug #950821) +CVE-2022-0507 (Found a potential security vulnerability inside the Pandora API. Affec ...) + NOT-FOR-US: Pandora FMS +CVE-2022-0506 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + NOT-FOR-US: microweber +CVE-2022-0505 (Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber p ...) + NOT-FOR-US: microweber +CVE-2022-0504 (Generation of Error Message Containing Sensitive Information in Packag ...) + NOT-FOR-US: microweber +CVE-2022-0503 (The WordPress Multisite Content Copier/Updater WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0502 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2021-46675 + RESERVED +CVE-2021-46674 + RESERVED +CVE-2021-46673 + RESERVED +CVE-2021-46672 + RESERVED +CVE-2013-20004 (A flaw was found in StarWind iSCSI target. StarWind service does not l ...) + NOT-FOR-US: StarWind +CVE-2007-20001 (A flaw was found in StarWind iSCSI target. An attacker could script st ...) + NOT-FOR-US: StarWind +CVE-2022-24408 (A vulnerability has been identified in SINUMERIK MC (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2022-0501 (Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstal ...) + NOT-FOR-US: beanstalk_console +CVE-2022-0500 (A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leadi ...) + - linux 5.16.10-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044578 +CVE-2022-0499 (The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0498 + REJECTED +CVE-2022-0497 (A vulnerbiility was found in Openscad, where a .scad file with no trai ...) + - openscad 2021.01-4 (unimportant; bug #1005641) + NOTE: https://github.com/openscad/openscad/issues/4043 + NOTE: Crash in CLI tool, no security impact +CVE-2022-0496 (A vulnerbiility was found in Openscad, where a DXF-format drawing with ...) + - openscad 2021.01-4 (unimportant; bug #1005641) + NOTE: https://github.com/openscad/openscad/issues/4037 + NOTE: Crash in CLI tool, no security impact +CVE-2022-0495 (The library automation system product KOHA developed by Parantez Tekno ...) + NOT-FOR-US: KOHA library automation system +CVE-2022-0494 (A kernel information leak flaw was identified in the scsi_ioctl functi ...) + {DSA-5173-1 DSA-5161-1 DLA-3065-1} + - linux 5.16.14-1 + NOTE: https://git.kernel.org/linus/cc8f7fe1f5eab010191aa4570f27641876fa1267 (5.17-rc5) +CVE-2022-0493 (The String locator WordPress plugin before 2.5.0 does not properly val ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46671 (options.c in atftp before 0.7.5 reads past the end of an array, and co ...) + {DLA-3028-1} + - atftp 0.7.git20210915-1 (bug #1004974) + [bullseye] - atftp 0.7.git20120829-3.3+deb11u2 + [buster] - atftp 0.7.git20120829-3.2~deb10u3 + NOTE: https://sourceforge.net/p/atftp/code/ci/9cf799c40738722001552618518279e9f0ef62e5 (v0.7.5) +CVE-2022-24407 (In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does ...) + {DSA-5087-1 DLA-2931-1} + [experimental] - cyrus-sasl2 2.1.28+dfsg-1 + - cyrus-sasl2 2.1.28+dfsg-2 + NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc (cyrus-sasl-2.1.28) + NOTE: Fixed by: https://github.com/cyrusimap/cyrus-sasl/commit/2d2e97b0eb53fa7f87a3bf1529d8f712dd954480 (master) + NOTE: https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +CVE-2022-24406 (OX App Suite through 7.10.6 allows SSRF because multipart/form-data bo ...) + NOT-FOR-US: OX App Suite +CVE-2022-24405 (OX App Suite through 7.10.6 allows OS Command Injection via a serializ ...) + NOT-FOR-US: OX App Suite +CVE-2022-24404 (Lack of cryptographic integrity check on TETRA air-interface encrypted ...) + NOT-FOR-US: TETRA +CVE-2022-24403 (The TETRA TA61 identity encryption function internally uses a 64-bit v ...) + NOT-FOR-US: TETRA TA61 +CVE-2022-24402 (The TETRA TEA1 keystream generator implements a key register initializ ...) + NOT-FOR-US: TETRA +CVE-2022-24401 (Adversary-induced keystream re-use on TETRA air-interface encrypted tr ...) + NOT-FOR-US: TETRA +CVE-2022-24400 (A flaw in the TETRA authentication procecure allows a MITM adversary t ...) + NOT-FOR-US: TETRA +CVE-2022-24382 (Improper input validation in firmware for some Intel(R) NUCs may allow ...) + NOT-FOR-US: Intel +CVE-2022-24379 (Improper input validation in some Intel(R) Server System M70KLP Family ...) + NOT-FOR-US: Intel +CVE-2022-24297 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) + NOT-FOR-US: Intel +CVE-2022-23917 + RESERVED +CVE-2022-23914 + RESERVED +CVE-2022-22730 (Improper authentication in the Intel(R) Edge Insights for Industrial s ...) + NOT-FOR-US: Intel +CVE-2022-21807 (Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler s ...) + NOT-FOR-US: Intel +CVE-2022-21795 + RESERVED +CVE-2022-21233 (Improper isolation of shared resources in some Intel(R) Processors may ...) + {DLA-3379-1} + - intel-microcode 3.20220809.1 + [bullseye] - intel-microcode 3.20230214.1~deb11u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220809 +CVE-2022-21128 (Insufficient control flow management in the Intel(R) Advisor software ...) + NOT-FOR-US: Intel +CVE-2022-0492 (A vulnerability was found in the Linux kernel\u2019s cgroup_release_ag ...) + {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/04/1 + NOTE: https://git.kernel.org/linus/24f6008564183aa120d07c03d9289519c2fe02af +CVE-2022-0491 + RESERVED +CVE-2022-0490 + RESERVED +CVE-2022-0489 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + [experimental] - gitlab 14.6.5+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2022-0488 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/23520 +CVE-2022-24399 (The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST s ...) + NOT-FOR-US: SAP +CVE-2022-24398 (Under certain conditions SAP Business Objects Business Intelligence Pl ...) + NOT-FOR-US: SAP +CVE-2022-24397 (SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, doe ...) + NOT-FOR-US: SAP +CVE-2022-24396 (The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does n ...) + NOT-FOR-US: SAP +CVE-2022-24395 (SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.3 ...) + NOT-FOR-US: SAP +CVE-2022-24394 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + NOT-FOR-US: Fidelis +CVE-2022-24393 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + NOT-FOR-US: Fidelis +CVE-2022-24392 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + NOT-FOR-US: Fidelis +CVE-2022-24391 (Vulnerability in Fidelis Network and Deception CommandPost enables SQL ...) + NOT-FOR-US: Fidelis +CVE-2022-24390 (Vulnerability in rconfig \u201cremote_text_file\u201d enables an attac ...) + NOT-FOR-US: Fidelis +CVE-2022-24389 (Vulnerability in rconfig \u201ccert_utils\u201d enables an attacker wi ...) + NOT-FOR-US: Fidelis +CVE-2022-24388 (Vulnerability in rconfig \u201cdate\u201d enables an attacker with use ...) + NOT-FOR-US: Fidelis +CVE-2022-24387 (With administrator or admin privileges the application can be tricked ...) + NOT-FOR-US: SmarterTrack +CVE-2022-24386 (Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterToo ...) + NOT-FOR-US: SmarterTrack +CVE-2022-24385 (A Direct Object Access vulnerability in SmarterTools SmarterTrack lead ...) + NOT-FOR-US: SmarterTrack +CVE-2022-24384 (Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack ...) + NOT-FOR-US: SmarterTrack +CVE-2022-21241 (Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a rem ...) + NOT-FOR-US: CSV+ +CVE-2022-0487 (A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in ...) + {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.10-1 (unimportant) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1194516 + NOTE: https://lore.kernel.org/all/20220114075934.302464-1-gregkh@linuxfoundation.org/ + NOTE: https://git.kernel.org/linus/bd2db32e7c3e35bd4d9b8bbff689434a50893546 (5.17-rc4) + NOTE: CONFIG_MMC_MOXART is not set in Debian. +CVE-2022-0486 (Improper file permissions in the CommandPost, Collector, Sensor, and S ...) + NOT-FOR-US: Fidelis +CVE-2022-0485 (A flaw was found in the copying tool `nbdcopy` of libnbd. When perform ...) + - libnbd 1.10.5-1 (bug #1005307) + [bullseye] - libnbd (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2050324 + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/8d444b41d09a700c7ee6f9182a649f3f2d325abb (v1.11.8) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/9219d2e70c770d8efb98d6e8eaf68e8e354631e3 (v1.10.4) + NOTE: Fixed by: https://gitlab.com/nbdkit/libnbd/-/commit/6c8f2f859926b82094fb5e85c446ea099700fa10 (v1.6.6) + NOTE: https://listman.redhat.com/archives/libguestfs/2022-February/msg00104.html +CVE-2022-0484 (Lack of validation of URLs causes Mirantis Container Cloud Lens Extens ...) + NOT-FOR-US: Mirantis Container Cloud Lens +CVE-2022-0483 (Local privilege escalation due to insecure folder permissions. The fol ...) + NOT-FOR-US: Acronis VSS Doctor +CVE-2022-0482 (Exposure of Private Personal Information to an Unauthorized Actor in G ...) + NOT-FOR-US: easyappointments +CVE-2022-24372 (Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary ...) + NOT-FOR-US: Linksys +CVE-2022-24371 + RESERVED +CVE-2022-24370 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-24369 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24368 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2022-24367 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24366 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24365 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24364 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24363 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24362 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24361 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24360 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24359 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24358 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24357 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24356 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2022-24355 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-24354 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-24353 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-24352 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2022-24351 (TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2022-24350 (An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5. ...) + NOT-FOR-US: Insyde +CVE-2022-24349 (An authenticated user can create a link with reflected XSS payload for ...) + {DLA-3390-1 DLA-2980-1} + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + NOTE: https://support.zabbix.com/browse/ZBX-20680 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/ff70e709719e4e9f25f5d187637fd53fd61c8bbe (5.0.21rc1) +CVE-2022-24348 (Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal ...) + NOT-FOR-US: Argo CD +CVE-2022-24347 (JetBrains YouTrack before 2021.4.36872 was vulnerable to stored XSS vi ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-24346 (In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via R ...) + - intellij-idea (bug #747616) +CVE-2022-24345 (In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (with ...) + - intellij-idea (bug #747616) +CVE-2022-24344 (JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-24343 (In JetBrains YouTrack before 2021.4.31698, a custom logo could be set ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2022-24342 (In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF w ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24341 (In JetBrains TeamCity before 2021.2.1, editing a user account to chang ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24340 (In JetBrains TeamCity before 2021.2.1, XXE during the parsing of the c ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24339 (JetBrains TeamCity before 2021.2.1 was vulnerable to stored XSS.) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24338 (JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24337 (In JetBrains TeamCity before 2021.2, health items of pull requests wer ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24336 (In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24335 (JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Tim ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24334 (In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24333 (In JetBrains TeamCity before 2021.2, blind SSRF via an XML-RPC call wa ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24332 (In JetBrains TeamCity before 2021.2, a logout action didn't remove a R ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24331 (In JetBrains TeamCity before 2021.1.4, GitLab authentication impersona ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24330 (In JetBrains TeamCity before 2021.2.1, a redirection to an external si ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2022-24329 (In JetBrains Kotlin before 1.6.0, it was not possible to lock dependen ...) + - kotlin (bug #1007243) + NOTE: https://blog.jetbrains.com/blog/2022/02/08/jetbrains-security-bulletin-q4-2021/ + NOTE: https://youtrack.jetbrains.com/issue/KT-49449 (not public) +CVE-2022-24328 (In JetBrains Hub before 2021.1.13956, an unprivileged user could perfo ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-24327 (In JetBrains Hub before 2021.1.13890, integration with JetBrains Accou ...) + NOT-FOR-US: JetBrains Hub +CVE-2022-24326 + RESERVED +CVE-2022-24325 + RESERVED +CVE-2022-23402 (The following Yokogawa Electric products hard-code the password for CA ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-23401 (The following Yokogawa Electric products contain insecure DLL loading ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-22729 (CAMS for HIS Server contained in the following Yokogawa Electric produ ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-22151 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-22148 ('Root Service' service implemented in the following Yokogawa Electric ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-22145 (CAMS for HIS Log Server contained in the following Yokogawa Electric p ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-22141 ('Long-term Data Archive Package' service implemented in the following ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-21808 (Path traversal vulnerability exists in CAMS for HIS Server contained i ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-21194 (The following Yokogawa Electric products do not change the passwords o ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-21177 (There is a path traversal vulnerability in CAMS for HIS Log Server con ...) + NOT-FOR-US: Yokogawa Electric products +CVE-2022-0481 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://huntr.dev/bounties/54725c8c-87f4-41b6-878c-01d8e0ee7027 + NOTE: https://github.com/mruby/mruby/commit/ae3c99767a27f5c6c584162e2adc6a5d0eb2c54e +CVE-2022-24324 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24323 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24322 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24321 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24320 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24319 (A CWE-295: Improper Certificate Validation vulnerability exists that c ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24318 (A CWE-326: Inadequate Encryption Strength vulnerability exists that co ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24317 (A CWE-862: Missing Authorization vulnerability exists that could cause ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24316 (A CWE-665: Improper Initialization vulnerability exists that could cau ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24315 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause de ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24314 (A CWE-125: Out-of-bounds Read vulnerability exists that could cause me ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24313 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24312 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24311 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24310 (A CWE-190: Integer Overflow or Wraparound vulnerability exists that co ...) + NOT-FOR-US: Schneider Electric +CVE-2022-24309 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2022-0480 (A flaw was found in the filelock_init in fs/locks.c function in the Li ...) + - linux 5.15.3-1 + [bullseye] - linux (Minor issue) + [buster] - linux (Minor issue) + [stretch] - linux (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2049700 + NOTE: https://git.kernel.org/linus/0f12156dff2862ac54235fc72703f18770769042 (5.15-rc1) +CVE-2022-0479 (The Popup Builder WordPress plugin before 4.1.1 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0478 (The Event Manager and Tickets Selling for WooCommerce WordPress plugin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0477 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0476 (Denial of Service in GitHub repository radareorg/radare2 prior to 5.6. ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/81ddfbda-6c9f-4b69-83ff-85b15141e35d + NOTE: https://github.com/radareorg/radare2/commit/27fe8031782d3a06c3998eaa94354867864f9f1b +CVE-2022-0475 (Malicious translator is able to inject JavaScript code in few translat ...) + NOT-FOR-US: OTRS + NOTE: Only affects 7.x/8.x, so won't affect znuny fork packaged in Debian +CVE-2022-0474 (Full list of recipients from customer users in a contact field could b ...) + NOT-FOR-US: OTRS + NOTE: Only affects 8.x, so won't affect znuny fork packaged in Debian +CVE-2022-0473 (OTRS administrators can configure dynamic field and inject malicious J ...) + NOT-FOR-US: OTRS + NOTE: Only affects 7.x, so won't affect znuny fork packaged in Debian +CVE-2022-24308 (Automox Agent prior to version 37 on Windows and Linux and Version 36 ...) + NOT-FOR-US: Automox +CVE-2022-24307 (Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access cont ...) + - mastodon (bug #859741) +CVE-2022-24306 (Zoho ManageEngine SharePoint Manager Plus before 4329 allows account t ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-24305 (Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-24304 + REJECTED +CVE-2022-24303 (Pillow before 9.0.1 allows attackers to delete files because spaces in ...) + - pillow 9.0.1-1 + [bullseye] - pillow (Minor issue) + [buster] - pillow (Minor issue) + [stretch] - pillow (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2052682 + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html#security + NOTE: https://github.com/python-pillow/Pillow/commit/427221ef5f19157001bf8b1ad7cfe0b905ca8c26 (9.0.1) +CVE-2022-24302 (In Paramiko before 2.10.1, a race condition (between creation and chmo ...) + {DLA-3104-1 DLA-2959-1} + - paramiko 2.10.3-1 (bug #1008012) + [bullseye] - paramiko (Minor issue) + NOTE: https://github.com/paramiko/paramiko/commit/4c491e299c9b800358b16fa4886d8d94f45abe2e (2.10.1) +CVE-2022-24296 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air ...) + NOT-FOR-US: Mitsubishi +CVE-2022-24295 (Okta Advanced Server Access Client for Windows prior to version 1.57.0 ...) + NOT-FOR-US: Okta Advanced Server Access Client +CVE-2022-22986 (Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, ...) + NOT-FOR-US: Netcommunity OG410X and OG810X series +CVE-2022-0472 (Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/ ...) + NOT-FOR-US: jsdecena/laracom +CVE-2022-0471 (The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-24294 (A regular expression used in Apache MXNet (incubating) is vulnerable t ...) + NOT-FOR-US: Apache MXNet +CVE-2022-24293 (Certain HP Print devices may be vulnerable to potential information di ...) + NOT-FOR-US: HP +CVE-2022-24292 (Certain HP Print devices may be vulnerable to potential information di ...) + NOT-FOR-US: HP +CVE-2022-24291 (Certain HP Print devices may be vulnerable to potential information di ...) + NOT-FOR-US: HP +CVE-2022-24290 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Teamcenter /Siemens +CVE-2022-24289 (Hessian serialization is a network protocol that supports object-based ...) + NOT-FOR-US: Apache Cayenne +CVE-2022-24288 (In Apache Airflow, prior to version 2.2.4, some example DAGs did not p ...) + - airflow (bug #819700) +CVE-2022-24287 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) + NOT-FOR-US: Siemens +CVE-2022-21799 (Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R ...) + NOT-FOR-US: ELECOM +CVE-2022-21173 (Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 f ...) + NOT-FOR-US: ELECOM +CVE-2022-0470 (Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758. ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0469 (Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0468 (Use after free in Payments in Google Chrome prior to 98.0.4758.80 allo ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0467 (Inappropriate implementation in Pointer Lock in Google Chrome on Windo ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0466 (Inappropriate implementation in Extensions Platform in Google Chrome p ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0465 (Use after free in Extensions in Google Chrome prior to 98.0.4758.80 al ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0464 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0463 (Use after free in Accessibility in Google Chrome prior to 98.0.4758.80 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0462 (Inappropriate implementation in Scroll in Google Chrome prior to 98.0. ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0461 (Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0460 (Use after free in Window Dialogue in Google Chrome prior to 98.0.4758. ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0459 (Use after free in Screen Capture in Google Chrome prior to 98.0.4758.8 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0458 (Use after free in Thumbnail Tab Strip in Google Chrome prior to 98.0.4 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0457 (Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0456 (Use after free in Web Search in Google Chrome prior to 98.0.4758.80 al ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0455 (Inappropriate implementation in Full Screen Mode in Google Chrome on A ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0454 (Heap buffer overflow in ANGLE in Google Chrome prior to 98.0.4758.80 a ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0453 (Use after free in Reader Mode in Google Chrome prior to 98.0.4758.80 a ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0452 (Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 ...) + {DSA-5068-1} + - chromium 98.0.4758.80-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0451 (Dart SDK contains the HTTPClient in dart:io library whcih includes aut ...) + NOT-FOR-US: Dart SDK +CVE-2022-0450 (The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0449 (The Flexi WordPress plugin before 4.20 does not sanitise and escape va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0448 (The CP Blocks WordPress plugin before 1.0.15 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0447 (The Post Grid WordPress plugin before 2.1.16 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0446 (The Simple Banner WordPress plugin before 2.12.0 does not properly san ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0445 (The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Conse ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0444 (The Backup, Restore and Migrate WordPress Sites With the XCloner Plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0443 (Use After Free in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/b987c8cb-bbbe-4601-8a6c-54ff907c6b51 + NOTE: https://github.com/vim/vim/commit/9b4a80a66544f2782040b641498754bcb5b8d461 (v8.2.4281) + NOTE: Crash in CLI tool, no security issue +CVE-2022-0442 (The UsersWP WordPress plugin before 1.2.3.1 is missing access controls ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0441 (The MasterStudy LMS WordPress plugin before 2.7.6 does to validate som ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0440 (The Catch Themes Demo Import WordPress plugin before 2.1.1 does not va ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0439 (The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0438 + RESERVED +CVE-2021-46670 + RESERVED +CVE-2022-24286 (Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00. ...) + NOT-FOR-US: Acer +CVE-2022-24285 (Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege ...) + NOT-FOR-US: Acer +CVE-2022-24284 + RESERVED +CVE-2022-24283 + RESERVED +CVE-2022-0437 (Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.) + NOT-FOR-US: Node karma +CVE-2022-0436 (Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.) + {DLA-3386-1} + [experimental] - grunt 1.5.2-1 + - grunt 1.5.2-2 (bug #1009676) + [bullseye] - grunt 1.3.0-1+deb11u1 + [stretch] - grunt (Minor issue) + NOTE: https://github.com/gruntjs/grunt/commit/aad3d4521c3098fb255fb2db8f2e1d691a033665 (v1.5.0) + NOTE: https://github.com/gruntjs/grunt/pull/1740 + NOTE: https://huntr.dev/bounties/f55315e9-9f6d-4dbb-8c40-bae50c1ae92b +CVE-2021-46669 (MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_ ...) + {DLA-3114-1} + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.18-0+deb11u1 + - mariadb-10.3 + NOTE: https://jira.mariadb.org/browse/MDEV-25638 +CVE-2021-46668 (MariaDB through 10.5.9 allows an application crash via certain long SE ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25787 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46667 (MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-26350 + NOTE: Fixed in MariaDB: 10.2.41, 10.3.32, 10.4.22, 10.5.13, 10.6.5 +CVE-2021-46666 (MariaDB before 10.6.2 allows an application crash because of mishandli ...) + - mariadb-10.6 (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25635 + NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 +CVE-2021-46665 (MariaDB through 10.5.9 allows a sql_parse.cc application crash because ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25636 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46664 (MariaDB through 10.5.9 allows an application crash in sub_select_postj ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25761 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46663 (MariaDB through 10.5.13 allows a ha_maria::extra application crash via ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-26351 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-46662 (MariaDB through 10.5.9 allows a set_var.cc application crash via certa ...) + - mariadb-10.6 1:10.6.5-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25637 + NOTE: https://jira.mariadb.org/browse/MDEV-22464 + NOTE: Fixed in MariaDB: 10.3.32, 10.4.22, 10.5.13, 10.6.5 +CVE-2021-46661 (MariaDB through 10.5.9 allows an application crash in find_field_in_ta ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25766 + NOTE: Fixed in MariaDB: 10.7.3, 10.6.7, 10.5.15, 10.4.24, 10.3.34, 10.2.43 +CVE-2021-4218 (A flaw was found in the Linux kernel\u2019s implementation of reading ...) + - linux (Vulnerable code not present; specific to CentOS/RHEL) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048359 + NOTE: Issue is specific to CentOS/RHEL. In mainline, xprtrdma always used copy_to_user() + NOTE: until the general conversion of sysctls to use a kernel buffer. +CVE-2022-24282 (A vulnerability has been identified in SINEC NMS (All versions >= V1.0 ...) + NOT-FOR-US: Siemens +CVE-2022-24281 (A vulnerability has been identified in SINEC NMS (All versions < V1.0. ...) + NOT-FOR-US: Siemens +CVE-2022-24280 (Improper Input Validation vulnerability in Proxy component of Apache P ...) + NOT-FOR-US: Apache Pulsar +CVE-2022-24277 + RESERVED +CVE-2022-24276 + RESERVED +CVE-2022-24275 + RESERVED +CVE-2022-24274 + RESERVED +CVE-2022-24273 + RESERVED +CVE-2022-24272 (An authenticated user may trigger an invariant assertion during comman ...) + - mongodb + [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-63968 +CVE-2022-23400 (A stack-based buffer overflow vulnerability exists in the IGXMPXMLPars ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2022-0435 (A stack overflow flaw was found in the Linux kernel's TIPC protocol fu ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.10-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/10/1 + NOTE: Fixed by: https://git.kernel.org/linus/9aa422ad326634b76309e8ff342c246800621216 +CVE-2022-0434 (The Page View Count WordPress plugin before 2.4.15 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0433 (A NULL pointer dereference flaw was found in the Linux kernel's BPF su ...) + - linux (Vulnerable code newer in a supported Debian release; only affected experimental) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2048259 + NOTE: Fixed by: https://git.kernel.org/linus/3ccdcee28415c4226de05438b4d89eb5514edf73 (5.17-rc1) +CVE-2022-0432 (Prototype Pollution in GitHub repository mastodon/mastodon prior to 3. ...) + - mastodon (bug #859741) +CVE-2022-0431 (The Insights from Google PageSpeed WordPress plugin before 4.0.4 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0430 (Exposure of Sensitive Information to an Unauthorized Actor in GitHub r ...) + - httpie 3.2.1-1 (bug #1014765) + [bullseye] - httpie (Minor issue) + [buster] - httpie (Minor issue) + [stretch] - httpie (Minor issue) + NOTE: https://huntr.dev/bounties/dafb2e4f-c6b6-4768-8ef5-b396cd6a801f + NOTE: Fixed by: https://github.com/httpie/httpie/commit/65ab7d5caaaf2f95e61f9dd65441801c2ddee38b (3.1.0) +CVE-2022-0429 (The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin befo ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0428 (The Content Egg WordPress plugin before 5.3.0 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0427 (Missing sanitization of HTML attributes in Jupyter notebooks in all ve ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0426 (The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0425 (A DNS rebinding vulnerability in the Irker IRC Gateway integration in ...) + NOT-FOR-US: Irker +CVE-2022-0424 (The Popup by Supsystic WordPress plugin before 1.10.9 does not have an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0423 (The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0422 (The White Label CMS WordPress plugin before 2.2.9 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0421 (The Five Star Restaurant Reservations WordPress plugin before 2.4.12 d ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0420 (The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-24271 + RESERVED +CVE-2022-24270 + RESERVED +CVE-2022-24269 + RESERVED +CVE-2022-24268 + RESERVED +CVE-2022-24267 + RESERVED +CVE-2022-24266 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-24265 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-24264 (Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Cuppa CMS +CVE-2022-24263 (Hospital Management System v4.0 was discovered to contain a SQL inject ...) + NOT-FOR-US: Hospital Management System +CVE-2022-24262 (The config restore function of Voipmonitor GUI before v24.96 does not ...) + NOT-FOR-US: Voipmonitor +CVE-2022-24261 + RESERVED +CVE-2022-24260 (A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows ...) + NOT-FOR-US: Voipmonitor +CVE-2022-24259 (An incorrect check in the component cdr.php of Voipmonitor GUI before ...) + NOT-FOR-US: Voipmonitor +CVE-2022-24258 + RESERVED +CVE-2022-24257 + RESERVED +CVE-2022-24256 + RESERVED +CVE-2022-24255 (Extensis Portfolio v4.0 was discovered to contain hardcoded credential ...) + NOT-FOR-US: Extensis Portfolio +CVE-2022-24254 (An unrestricted file upload vulnerability in the Backup/Restore Archiv ...) + NOT-FOR-US: Extensis Portfolio +CVE-2022-24253 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...) + NOT-FOR-US: Extensis Portfolio +CVE-2022-24252 (An unrestricted file upload vulnerability in the FileTransferServlet c ...) + NOT-FOR-US: Extensis Portfolio +CVE-2022-24251 (Extensis Portfolio v4.0 was discovered to contain an authenticated unr ...) + NOT-FOR-US: Extensis Portfolio +CVE-2022-24250 + RESERVED +CVE-2022-24249 (A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2081 + NOTE: https://github.com/gpac/gpac/commit/71f9871fc210e60df041b58c84572782b4849de9 (v2.0.0) +CVE-2022-24248 (RiteCMS version 3.1.0 and below suffers from an arbitrary file deletio ...) + NOT-FOR-US: RiteCMS +CVE-2022-24247 (RiteCMS version 3.1.0 and below suffers from an arbitrary file overwri ...) + NOT-FOR-US: RiteCMS +CVE-2022-24246 + RESERVED +CVE-2022-24245 + RESERVED +CVE-2022-24244 + RESERVED +CVE-2022-24243 + RESERVED +CVE-2022-24242 + RESERVED +CVE-2022-24241 (ACEweb Online Portal 3.5.065 was discovered to contain an External Con ...) + NOT-FOR-US: ACEweb Online Portal +CVE-2022-24240 (ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection ...) + NOT-FOR-US: ACEweb Online Portal +CVE-2022-24239 (ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted ...) + NOT-FOR-US: ACEweb Online Portal +CVE-2022-24238 (ACEweb Online Portal 3.5.065 was discovered to contain a cross-site sc ...) + NOT-FOR-US: ACEweb Online Portal +CVE-2022-24237 (The snaptPowered2 component of Snapt Aria v12.8 was discovered to cont ...) + NOT-FOR-US: Snapt Aria +CVE-2022-24236 (An insecure permissions vulnerability in Snapt Aria v12.8 allows unaut ...) + NOT-FOR-US: Snapt Aria +CVE-2022-24235 (A Cross-Site Request Forgery (CSRF) in the management portal of Snapt ...) + NOT-FOR-US: Snapt Aria +CVE-2022-24234 + RESERVED +CVE-2022-24233 + RESERVED +CVE-2022-24232 (A local file inclusion in Hospital Patient Record Management System v1 ...) + NOT-FOR-US: Hospital Patient Record Management System +CVE-2022-24231 (Simple Student Information System v1.0 was discovered to contain a SQL ...) + NOT-FOR-US: Simple Student Information System +CVE-2022-24230 + RESERVED +CVE-2022-24229 (A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Serv ...) + NOT-FOR-US: ONLYOFFICE +CVE-2022-24228 + RESERVED +CVE-2022-24227 (A cross-site scripting (XSS) vulnerability in BoltWire v7.10 and v 8.0 ...) + NOT-FOR-US: BoltWire +CVE-2022-24226 (Hospital Management System v4.0 was discovered to contain a blind SQL ...) + NOT-FOR-US: Hospital Management System +CVE-2022-24225 + RESERVED +CVE-2022-24224 + RESERVED +CVE-2022-24223 (AtomCMS v2.0 was discovered to contain a SQL injection vulnerability v ...) + NOT-FOR-US: AtomCMS +CVE-2022-24222 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: eliteCMS +CVE-2022-24221 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: eliteCMS +CVE-2022-24220 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: eliteCMS +CVE-2022-24219 (eliteCMS v1.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: eliteCMS +CVE-2022-24218 (An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers ...) + NOT-FOR-US: eliteCMS +CVE-2022-24217 + RESERVED +CVE-2022-24216 + RESERVED +CVE-2022-24215 + RESERVED +CVE-2022-24214 + RESERVED +CVE-2022-24213 + RESERVED +CVE-2022-24212 + RESERVED +CVE-2022-24211 + RESERVED +CVE-2022-24210 + RESERVED +CVE-2022-24209 + RESERVED +CVE-2022-24208 + RESERVED +CVE-2022-24207 + RESERVED +CVE-2022-24206 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Tongda2000 +CVE-2022-24205 + RESERVED +CVE-2022-24204 + RESERVED +CVE-2022-24203 + RESERVED +CVE-2022-24202 + RESERVED +CVE-2022-24201 + RESERVED +CVE-2022-24200 + RESERVED +CVE-2022-24199 + RESERVED +CVE-2022-24198 (iText v7.1.17 was discovered to contain an out-of-bounds exception via ...) + NOT-FOR-US: iText +CVE-2022-24197 (iText v7.1.17 was discovered to contain a stack-based buffer overflow ...) + NOT-FOR-US: iText +CVE-2022-24196 (iText v7.1.17, up to (exluding)": 7.1.18 and 7.2.2 was discovered to c ...) + NOT-FOR-US: iText +CVE-2022-24195 + RESERVED +CVE-2022-24194 + RESERVED +CVE-2022-24193 (CasaOS before v0.2.7 was discovered to contain a command injection vul ...) + NOT-FOR-US: CasaOS +CVE-2022-24192 + RESERVED +CVE-2022-24191 (In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can l ...) + - htmldoc 1.9.15-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u3 + [buster] - htmldoc 1.9.3-1+deb10u4 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/fb0334a51300988e9b83b9870d4063e86002b077 (v1.9.15) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/470 + NOTE: Hang in CLI tool, no security impact +CVE-2022-24190 (The /device/acceptBind end-point for Ourphoto App version 1.4.1 does n ...) + NOT-FOR-US: Ourphoto App +CVE-2022-24189 (The user_token authorization header on the Ourphoto App version 1.4.1 ...) + NOT-FOR-US: Ourphoto App +CVE-2022-24188 (The /device/signin end-point for the Ourphoto App version 1.4.1 disclo ...) + NOT-FOR-US: Ourphoto App +CVE-2022-24187 (The user_id and device_id on the Ourphoto App version 1.4.1 /device/* ...) + NOT-FOR-US: Ourphoto App +CVE-2022-24186 + RESERVED +CVE-2022-24185 + RESERVED +CVE-2022-24184 + RESERVED +CVE-2022-24183 + RESERVED +CVE-2022-24182 + RESERVED +CVE-2022-24181 (Cross-site scripting (XSS) via Host Header injection in PKP Open Journ ...) + NOT-FOR-US: PKP Open Journals System +CVE-2022-24180 + RESERVED +CVE-2022-24179 + RESERVED +CVE-2022-24178 + RESERVED +CVE-2022-24177 (A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej ...) + NOT-FOR-US: Ex libris ALEPH 500 +CVE-2022-24176 + RESERVED +CVE-2022-24175 + RESERVED +CVE-2022-24174 + RESERVED +CVE-2022-24173 + RESERVED +CVE-2022-24172 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24171 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24170 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24169 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24168 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24167 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24166 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24165 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24164 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2022-24163 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24162 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24161 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) + NOT-FOR-US: Tenda routers +CVE-2022-24160 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24159 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24158 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24157 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24156 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24155 (Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in ...) + NOT-FOR-US: Tenda routers +CVE-2022-24154 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24153 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24152 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24151 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24150 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) + NOT-FOR-US: Tenda routers +CVE-2022-24149 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24148 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) + NOT-FOR-US: Tenda routers +CVE-2022-24147 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24146 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24145 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24144 (Tenda AX3 v16.03.12.10_CN was discovered to contain a command injectio ...) + NOT-FOR-US: Tenda routers +CVE-2022-24143 (Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to con ...) + NOT-FOR-US: Tenda routers +CVE-2022-24142 (Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow i ...) + NOT-FOR-US: Tenda routers +CVE-2022-24141 (The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to d ...) + NOT-FOR-US: iTop VPN +CVE-2022-24140 (IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, ...) + NOT-FOR-US: IOBit Advanced System Care +CVE-2022-24139 (In IOBit Advanced System Care (AscService.exe) 15, an attacker with SE ...) + NOT-FOR-US: IOBit Advanced System Care +CVE-2022-24138 (IOBit Advanced System Care (Asc.exe) 15 and Action Download Center bot ...) + NOT-FOR-US: IOBit Advanced System Care +CVE-2022-24137 + RESERVED +CVE-2022-24136 (Hospital Management System v1.0 is affected by an unrestricted upload ...) + NOT-FOR-US: Hospital Management System +CVE-2022-24135 (QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: QingScan +CVE-2022-24134 + RESERVED +CVE-2022-24133 + RESERVED +CVE-2022-24132 (phpshe V1.8 is affected by a denial of service (DoS) attack in the reg ...) + NOT-FOR-US: phpshe +CVE-2022-24131 (DouPHP v1.6 Release 20220121 is affected by Cross Site Scripting (XSS) ...) + NOT-FOR-US: DouPHP +CVE-2022-21170 (Improper check for certificate revocation in i-FILTER Ver.10.45R01 and ...) + NOT-FOR-US: i-FILTER +CVE-2022-0419 (NULL Pointer Dereference in GitHub repository radareorg/radare2 prior ...) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/1f84e79d-70e7-4b29-8b48-a108f81c89aa + NOTE: https://github.com/radareorg/radare2/commit/feaa4e7f7399c51ee6f52deb84dc3f795b4035d6 (5.6.0) + NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ +CVE-2022-0418 (The Event List WordPress plugin before 0.8.8 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0417 (Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3053-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/fc86bc8d-c866-4ade-8b7f-e49cec306d1a/ + NOTE: https://github.com/vim/vim/commit/652dee448618589de5528a9e9a36995803f5557a (v8.2.4245) +CVE-2022-0416 + RESERVED +CVE-2022-0415 (Remote Command Execution in uploading repository file in GitHub reposi ...) + NOT-FOR-US: Go Git Service +CVE-2022-24130 (xterm through Patch 370, when Sixel support is enabled, allows attacke ...) + {DLA-2913-1} + - xterm 370-2 (bug #1004689) + [bullseye] - xterm 366-1+deb11u1 + [buster] - xterm 344-1+deb10u2 + NOTE: https://twitter.com/nickblack/status/1487731459398025216 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/2 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/30/3 + NOTE: https://github.com/ThomasDickey/xterm-snapshots/commit/1584fc227673264661250d3a8d673c168ac9512d +CVE-2022-24129 (The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allow ...) + NOT-FOR-US: Shibboleth identity provider OIDC OP plugin +CVE-2022-24128 (Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege esc ...) + NOT-FOR-US: Timescale TimescaleDB +CVE-2022-24127 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Pr ...) + NOT-FOR-US: REDCap +CVE-2022-24126 (A buffer overflow in the NRSessionSearchResult parser in Bandai Namco ...) + NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III +CVE-2022-24125 (The matchmaking servers of Bandai Namco FromSoftware Dark Souls III th ...) + NOT-FOR-US: Bandai Namco FromSoftware Dark Souls III +CVE-2022-24124 (The query API in Casdoor before 1.13.1 has a SQL injection vulnerabili ...) + NOT-FOR-US: Casdoor +CVE-2022-24123 (MarkText through 0.16.3 does not sanitize the input of a mermaid block ...) + NOT-FOR-US: MarkText +CVE-2022-24121 (SQL Injection vulnerability discovered in Unified Office Total Connect ...) + NOT-FOR-US: Unified Office +CVE-2021-46660 (Signiant Manager+Agents before 15.1 allows XML External Entity (XXE) a ...) + NOT-FOR-US: Signiant Manager+Agents +CVE-2021-46659 (MariaDB before 10.7.2 allows an application crash because it does not ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25631 + NOTE: Fixed in MariaDB: 10.2.42, 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2 +CVE-2021-46658 (save_window_function_values in MariaDB before 10.6.3 allows an applica ...) + - mariadb-10.6 (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25630 + NOTE: Fixed in MariaDB: 10.2.40, 10.3.31, 10.4.21, 10.5.12, 10.6.3 +CVE-2021-46657 (get_sort_by_table in MariaDB before 10.6.2 allows an application crash ...) + - mariadb-10.6 (Fixed before initial upload to Debian) + - mariadb-10.5 1:10.5.11-1 + [bullseye] - mariadb-10.5 (Minor issue, will be fixed in next point release) + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.31-0+deb10u1 + NOTE: https://jira.mariadb.org/browse/MDEV-25629 + NOTE: Fixed in MariaDB: 10.2.39, 10.3.30, 10.4.20, 10.5.11, 10.6.2 +CVE-2022-0414 (Improper Validation of Specified Quantity in Input in Packagist doliba ...) + - dolibarr +CVE-2022-0413 (Use After Free in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/563d1e8f-5c3d-4669-941c-3216f4a87c38 + NOTE: https://github.com/vim/vim/commit/37f47958b8a2a44abc60614271d9537e7f14e51a (v8.2.4253) + NOTE: Crash in CLI tool, no security issue +CVE-2022-0412 (The TI WooCommerce Wishlist WordPress plugin before 1.40.1, TI WooComm ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0411 (The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0410 (The WP Visitor Statistics (Real Time Traffic) WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-24122 (kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivil ...) + - linux 5.15.15-2 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/29/1 + NOTE: https://git.kernel.org/linus/f9d87929d451d3e649699d0f1d74f71f77ad38f5 +CVE-2022-24120 (Certain General Electric Renewable Energy products store cleartext cre ...) + NOT-FOR-US: General Electric Renewable Energy products +CVE-2022-24119 (Certain General Electric Renewable Energy products have a hidden featu ...) + NOT-FOR-US: General Electric Renewable Energy products +CVE-2022-24118 (Certain General Electric Renewable Energy products allow attackers to ...) + NOT-FOR-US: General Electric Renewable Energy products +CVE-2022-24117 (Certain General Electric Renewable Energy products download firmware w ...) + NOT-FOR-US: General Electric Renewable Energy products +CVE-2022-24116 (Certain General Electric Renewable Energy products have inadequate enc ...) + NOT-FOR-US: General Electric Renewable Energy products +CVE-2022-24115 (Local privilege escalation due to unrestricted loading of unsigned lib ...) + NOT-FOR-US: Acronis +CVE-2022-24114 (Local privilege escalation due to race condition on application startu ...) + NOT-FOR-US: Acronis +CVE-2022-24113 (Local privilege escalation due to excessive permissions assigned to ch ...) + NOT-FOR-US: Acronis +CVE-2022-0409 (Unrestricted Upload of File with Dangerous Type in Packagist showdoc/s ...) + NOT-FOR-US: ShowDoc +CVE-2022-0408 (Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/5e635bad-5cf6-46cd-aeac-34ef224e179d + NOTE: https://github.com/vim/vim/commit/06f15416bb8d5636200a10776f1752c4d6e49f31 (v8.2.4247) + NOTE: Crash in CLI tool, no security issue +CVE-2022-0407 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + - vim 2:8.2.4659-1 (unimportant) + [buster] - vim (The vulnerable code is not present) + [stretch] - vim (The vulnerable code is not present) + NOTE: https://huntr.dev/bounties/81822bf7-aafe-4d37-b836-1255d46e572c + NOTE: https://github.com/vim/vim/commit/44db8213d38c39877d2148eff6a72f4beccfb94e (v8.2.4219) + NOTE: Crash in CLI tool, no security issue +CVE-2022-24112 (An attacker can abuse the batch-requests plugin to send requests to by ...) + NOT-FOR-US: Apache APISIX +CVE-2022-0406 (Improper Authorization in GitHub repository janeczku/calibre-web prior ...) + - calibre-web (bug #982690) +CVE-2022-0405 (Improper Access Control in GitHub repository janeczku/calibre-web prio ...) + - calibre-web (bug #982690) +CVE-2022-0404 (The Material Design for Contact Form 7 WordPress plugin through 2.6.4 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0403 (The Library File Manager WordPress plugin before 5.2.3 is using an out ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0402 + RESERVED +CVE-2022-0401 (Path Traversal in NPM w-zip prior to 1.0.12.) + NOT-FOR-US: Node w-zip +CVE-2022-0400 (An out-of-bounds read vulnerability was discovered in linux kernel in ...) + - linux (unimportant) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044575 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2040604 (not public) + NOTE: non issue, no security impact +CVE-2022-0399 (The Advanced Product Labels for WooCommerce WordPress plugin before 1. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0398 (The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0397 (The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 d ...) + NOT-FOR-US: WordPress plugin +CVE-2018-25030 (A vulnerability classified as problematic has been found in Mirmay Sec ...) + NOT-FOR-US: Mirmay Secure Private Browser and File Manager +CVE-2017-20016 (A vulnerability has been found in WEKA INTEREST Security Scanner up to ...) + NOT-FOR-US: WEKA INTEREST +CVE-2017-20015 (A vulnerability, which was classified as problematic, was found in WEK ...) + NOT-FOR-US: WEKA INTEREST +CVE-2017-20014 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: WEKA INTEREST +CVE-2017-20013 (A vulnerability classified as problematic was found in WEKA INTEREST S ...) + NOT-FOR-US: WEKA INTEREST +CVE-2017-20012 (A vulnerability classified as problematic has been found in WEKA INTER ...) + NOT-FOR-US: WEKA INTEREST +CVE-2017-20011 (A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It ha ...) + NOT-FOR-US: WEKA INTEREST +CVE-2015-10002 (A vulnerability classified as problematic has been found in Kiddoware ...) + NOT-FOR-US: Kiddoware Kids Place +CVE-2010-10001 (A vulnerability, which was classified as problematic, was found in She ...) + NOT-FOR-US: Grabit +CVE-2008-10001 (A vulnerability, which was classified as problematic, has been found i ...) + NOT-FOR-US: Pro2col Stingray FTS +CVE-2005-10001 (A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and clas ...) + NOT-FOR-US: Netegrity SiteMinder +CVE-2003-5003 (A vulnerability was found in ISS BlackICE PC Protection. It has been r ...) + NOT-FOR-US: ISS BlackICE +CVE-2003-5002 (A vulnerability was found in ISS BlackICE PC Protection. It has been d ...) + NOT-FOR-US: ISS BlackICE +CVE-2003-5001 (A vulnerability was found in ISS BlackICE PC Protection and classified ...) + NOT-FOR-US: ISS BlackICE +CVE-2022-24111 (In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios cr ...) + - mahara +CVE-2022-24110 (Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' ...) + NOT-FOR-US: Kiteworks managed file transfer +CVE-2022-24109 (An issue was discovered in ONOS 2.5.1. To attack an intent installed b ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-24108 (The Skyoftech So Listing Tabs module 2.2.0 for OpenCart allows a remot ...) + NOT-FOR-US: OpenCart plugin +CVE-2022-24107 (Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.) + - xpdf (Debian uses poppler, which is not affected) +CVE-2022-24106 (In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing ...) + - poppler (bug #1021669; unimportant) + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1297 + NOTE: Code only compiled with -DENABLE_DCTDECODER=unmaintained +CVE-2022-24105 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-24104 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-24103 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-24102 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-24101 (Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (a ...) + NOT-FOR-US: Adobe +CVE-2022-24100 + RESERVED +CVE-2022-24099 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-24098 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-24097 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-24096 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-24095 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-24094 (Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-24093 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2022-24092 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2022-24091 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2022-24090 (Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-24089 + RESERVED +CVE-2022-24088 + RESERVED +CVE-2022-24087 + RESERVED +CVE-2022-24086 (Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earli ...) + NOT-FOR-US: Adobe +CVE-2022-24085 + RESERVED +CVE-2022-24084 + RESERVED +CVE-2022-24083 (Password authentication bypass vulnerability for local accounts can be ...) + NOT-FOR-US: Pega +CVE-2022-24082 (If an on-premise installation of the Pega Platform is configured with ...) + NOT-FOR-US: Pega Platform +CVE-2022-24081 + RESERVED +CVE-2022-24080 + RESERVED +CVE-2022-24079 + RESERVED +CVE-2022-24078 + RESERVED +CVE-2022-24077 (Naver Cloud Explorer Beta allows the attacker to execute arbitrary cod ...) + NOT-FOR-US: Naver Cloud Explorer +CVE-2022-24076 + RESERVED +CVE-2022-24075 (Whale browser before 3.12.129.18 allowed extensions to replace JavaScr ...) + NOT-FOR-US: Whale browser +CVE-2022-24074 (Whale Bridge, a default extension in Whale browser before 3.12.129.18, ...) + NOT-FOR-US: Whale Bridge +CVE-2022-24073 (The Web Request API in Whale browser before 3.12.129.18 allowed to den ...) + NOT-FOR-US: Whale browser +CVE-2022-24072 (The devtools API in Whale browser before 3.12.129.18 allowed extension ...) + NOT-FOR-US: Whale browser +CVE-2022-24071 (A Built-in extension in Whale browser before 3.12.129.46 allows attack ...) + NOT-FOR-US: Whale browser +CVE-2022-24070 (Subversion's mod_dav_svn is vulnerable to memory corruption. While loo ...) + {DSA-5119-1} + - subversion 1.14.2-1 + [stretch] - subversion (Vulnerable codepaths added in 1.10.0-alpha1) + NOTE: https://subversion.apache.org/security/CVE-2022-24070-advisory.txt +CVE-2022-0396 (BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9 ...) + - bind9 1:9.18.1-1 + [bullseye] - bind9 1:9.16.27-1~deb11u1 + [buster] - bind9 (Vulnerable code introduced later) + [stretch] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2022-0396 +CVE-2022-0395 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0394 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0393 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + - vim 2:8.2.4659-1 (unimportant) + [buster] - vim (The vulnerable code is not present) + [stretch] - vim (The vulnerable code is not present) + NOTE: https://huntr.dev/bounties/ecc8f488-01a0-477f-848f-e30b8e524bba + NOTE: https://github.com/vim/vim/commit/a4bc2dd7cccf5a4a9f78b58b6f35a45d17164323 (v8.2.4233) + NOTE: Crash in CLI tool, no security impact +CVE-2022-24069 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2022-24064 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24063 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24062 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24061 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24060 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24059 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24058 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24057 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24056 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24055 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Sante DICOM Viewer +CVE-2022-24054 + RESERVED +CVE-2022-24053 + RESERVED +CVE-2022-24052 (MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Es ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-366/ +CVE-2022-24051 (MariaDB CONNECT Storage Engine Format String Privilege Escalation Vuln ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-318/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-365/ +CVE-2022-24050 (MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vul ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-364/ +CVE-2022-24049 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Sonos One Speaker +CVE-2022-24048 (MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege E ...) + - mariadb-10.6 1:10.6.7-1 + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + NOTE: Fixed in MariaDB: 10.6.6, 10.5.14, 10.4.23, 10.3.33, 10.2.42 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-363/ +CVE-2022-24047 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: BMC Track-It! +CVE-2022-24046 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Sonos One Speaker +CVE-2022-24045 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24044 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24043 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24042 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24041 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24040 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2022-24039 (A vulnerability has been identified in Desigo PXC4 (All versions < V02 ...) + NOT-FOR-US: Siemens +CVE-2022-24038 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access v ...) + NOT-FOR-US: Karmasis informatics solutions +CVE-2022-24037 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access ...) + NOT-FOR-US: Karmasis informatics solutions +CVE-2022-24036 (Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vu ...) + NOT-FOR-US: Karmasis +CVE-2022-23921 (Exploitation of this vulnerability may result in local privilege escal ...) + NOT-FOR-US: GE +CVE-2022-22987 (The affected product has a hardcoded private key available inside the ...) + NOT-FOR-US: Advantech +CVE-2022-21798 (The affected product is vulnerable due to cleartext transmission of cr ...) + NOT-FOR-US: GE +CVE-2022-21154 (An integer overflow vulnerability exists in the fltSaveCMP functionali ...) + NOT-FOR-US: LeadTools +CVE-2022-0392 (Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.) + {DLA-3204-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + [stretch] - vim (vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/d00a2acd-1935-4195-9d5b-4115ef6b3126 + NOTE: https://github.com/vim/vim/commit/806d037671e133bd28a7864248763f643967973a (v8.2.4218) +CVE-2022-0391 (A flaw was found in Python, specifically within the urllib.parse modul ...) + {DLA-3575-1} + - python3.9 3.9.7-1 + [bullseye] - python3.9 (Minor issue) + - python3.7 + [buster] - python3.7 (Minor issue, different approach to sanitization; regressions reports) + - python3.5 + - python3.4 + - python2.7 + [bullseye] - python2.7 2.7.18-8+deb11u1 + NOTE: https://bugs.python.org/issue43882 + NOTE: Regressions reported for django, boto-core and cloud-init + NOTE: Fixed by: https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 (v3.10.0b1) + NOTE: Followup for 3.10.x: https://github.com/python/cpython/commit/24f1d1a8a2c4aa58a606b4b6d5fa4305a3b91705 (v3.10.0b2) + NOTE: Fixed by: https://github.com/python/cpython/commit/491fde0161d5e527eeff8586dd3972d7d3a631a7 (v3.9.5) + NOTE: Followup for 3.9.x: https://github.com/python/cpython/commit/8a595744e696a0fb92dccc5d4e45da41571270a1 (v3.9.6) + NOTE: Fixed by: https://github.com/python/cpython/commit/515a7bc4e13645d0945b46a8e1d9102b918cd407 (v3.8.11) + NOTE: Fixed by: https://github.com/python/cpython/commit/f4dac7ec55477a6c5d965e594e74bd6bda786903 (v3.7.11) + NOTE: Fixed by: https://github.com/python/cpython/commit/6c472d3a1d334d4eeb4a25eba7bf3b01611bf667 (v3.6.14) +CVE-2022-0390 (Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0389 (The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0388 (The Interactive Medical Drawing of Human Body WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4217 (A flaw was found in unzip. The vulnerability occurs due to improper ha ...) + - unzip (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044583 + NOTE: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 + NOTE: Crash in CLI tool, no security impact +CVE-2021-4216 (A Floating point exception (division-by-zero) flaw was found in Mupdf ...) + - mupdf 1.20.0+ds1-1 (unimportant) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704834 + NOTE: https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf (1.20.0-rc1) + NOTE: Negligible security impact, crash in CLI tool +CVE-2022-24035 (An issue was discovered in ONOS 2.5.1. The purge-requested intent rema ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2022-24034 + RESERVED +CVE-2022-24033 + RESERVED +CVE-2022-24032 (Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enu ...) + NOT-FOR-US: Adenza AxiomSL ControllerView +CVE-2022-24031 (An issue was discovered in NvmExpressDxe in Insyde InsydeH2O with kern ...) + NOT-FOR-US: Insyde +CVE-2022-24030 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2022-24029 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24028 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24027 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24026 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24025 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24024 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24023 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24022 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24021 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24020 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24019 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24018 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24017 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24016 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24015 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24014 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24013 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24012 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24011 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24010 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24009 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24008 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24007 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24006 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-24005 (A buffer overflow vulnerability exists in the GetValue functionality o ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-0387 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0386 (A post-auth SQL injection vulnerability in the Mail Manager potentiall ...) + NOT-FOR-US: Sophos Mail Manager +CVE-2022-0385 (The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and es ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0384 (The Video Conferencing with Zoom WordPress plugin before 3.8.17 does n ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46656 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46655 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46654 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-46653 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46652 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-46651 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46650 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46649 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46648 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46647 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46646 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46642 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46641 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46640 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46637 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46636 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46635 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46634 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46633 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46632 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46631 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46630 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46629 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46628 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46627 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46626 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46625 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46624 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46623 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46622 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46621 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46620 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46619 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46618 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46617 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46615 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46614 (Bentley MicroStation CONNECT 10.16.0.80 J2K File Parsing Out-Of-Bounds ...) + NOT-FOR-US: Bentley +CVE-2021-46613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46612 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46611 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46610 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46608 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46607 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46606 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46605 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46604 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46603 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46602 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46601 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46600 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46599 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46598 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46597 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46596 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46595 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46594 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46593 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46592 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46591 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46590 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46589 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46588 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46587 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46586 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46585 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46584 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46583 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46582 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46581 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46580 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46579 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46578 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46577 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46576 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46575 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46574 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46573 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46572 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46571 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46570 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley +CVE-2021-46569 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46568 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46567 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46566 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46565 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46564 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46563 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2021-46562 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley +CVE-2022-24004 (A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Me ...) + NOT-FOR-US: REDCap +CVE-2022-24003 (Exposure of Sensitive Information vulnerability in Bixby Vision prior ...) + NOT-FOR-US: Samsung +CVE-2022-24002 (Improper Authorization vulnerability in Link Sharing prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-24001 (Information disclosure vulnerability in Edge Panel prior to Android S( ...) + NOT-FOR-US: Samsung +CVE-2022-24000 (PendingIntent hijacking vulnerability in DataUsageReminderReceiver pri ...) + NOT-FOR-US: Samsung +CVE-2022-23999 (PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb- ...) + NOT-FOR-US: Samsung +CVE-2022-23998 (Improper access control vulnerability in Camera prior to versions 11.1 ...) + NOT-FOR-US: Samsung +CVE-2022-23997 (Unprotected component vulnerability in StTheaterModeDurationAlarmRecei ...) + NOT-FOR-US: Samsung +CVE-2022-23996 (Unprotected component vulnerability in StTheaterModeReceiver in Wear O ...) + NOT-FOR-US: Samsung +CVE-2022-23995 (Unprotected component vulnerability in StBedtimeModeAlarmReceiver in W ...) + NOT-FOR-US: Samsung +CVE-2022-23994 (An Improper access control vulnerability in StBedtimeModeReceiver in W ...) + NOT-FOR-US: Samsung +CVE-2022-23993 (/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus bef ...) + NOT-FOR-US: pfSense +CVE-2022-23992 (XCOM Data Transport for Windows, Linux, and UNIX 11.6 releases contain ...) + NOT-FOR-US: XCOM Data Transport +CVE-2022-23991 + RESERVED +CVE-2022-23990 (Expat (aka libexpat) before 2.4.4 has an integer overflow in the doPro ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-3 + NOTE: https://github.com/libexpat/libexpat/pull/551 + NOTE: Introduced with: https://github.com/libexpat/libexpat/commit/cb8a4c756d057b948c1b41e7185dd69ef3ade3fb (R_1_95_4) + NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/ede41d1e186ed2aba88a06e84cac839b770af3a1 (R_2_4_4) +CVE-2022-23989 (In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.1 ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2022-23988 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23987 (The WS Form LITE and Pro WordPress plugins before 1.8.176 do not sanit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23984 (Sensitive information disclosure discovered in wpDiscuz WordPress plug ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23983 (Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Sett ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23982 (The vulnerability discovered in WordPress Perfect Brands for WooCommer ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23981 (The vulnerability allows Subscriber+ level users to create brands in W ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23980 (Cross-Site Scripting (XSS) vulnerability discovered in Yasr \u2013 Yet ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23979 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23978 + RESERVED +CVE-2022-23977 + RESERVED +CVE-2022-23976 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on ...) + NOT-FOR-US: Access Demo Importer +CVE-2022-23975 (Cross-Site Request Forgery (CSRF) in Access Demo Importer <= 1.0.7 on ...) + NOT-FOR-US: Access Demo Importer +CVE-2022-23974 (In 0.9.3 or older versions of Apache Pinot segment upload path allowed ...) + NOT-FOR-US: Apache Pinot +CVE-2022-23103 (A stack-based buffer overflow vulnerability exists in the confsrv conf ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-0383 (The WP Review Slider WordPress plugin before 11.0 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0382 (An information leak flaw was found due to uninitialized memory in the ...) + - linux 5.15.15-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/d6d86830705f173fca6087a3e67ceaf68db80523 +CVE-2022-0381 (The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0380 (The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0379 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + NOT-FOR-US: microweber +CVE-2022-0378 (Cross-site Scripting (XSS) - Reflected in Packagist microweber/microwe ...) + NOT-FOR-US: microweber +CVE-2022-0377 (Users of the LearnPress WordPress plugin before 4.1.5 can upload an im ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0376 (The User Meta WordPress plugin before 2.4.3 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0375 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0374 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0373 (Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0372 (Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior ...) + NOT-FOR-US: Crater +CVE-2021-46561 (controller/org.controller/org.controller.js in the CVE Services API 1. ...) + NOT-FOR-US: controller/org.controller/org.controller.js in the CVE Services API +CVE-2018-25029 (The Z-Wave specification requires that S2 security can be downgraded t ...) + NOT-FOR-US: Z-Wave specification +CVE-2013-20003 (Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (usin ...) + NOT-FOR-US: Z-Wave devices +CVE-2022-23973 (ASUS RT-AX56U\u2019s user profile configuration function is vulnerable ...) + NOT-FOR-US: Asus RT-AX56U +CVE-2022-23972 (ASUS RT-AX56U\u2019s SQL handling function has an SQL injection vulner ...) + NOT-FOR-US: Asus RT-AX56U +CVE-2022-23971 (ASUS RT-AX56U\u2019s update_PLC/PORT file has a path traversal vulnera ...) + NOT-FOR-US: Asus RT-AX56U +CVE-2022-23970 (ASUS RT-AX56U\u2019s update_json function has a path traversal vulnera ...) + NOT-FOR-US: Asus RT-AX56U +CVE-2022-23969 + RESERVED +CVE-2022-23968 (Xerox VersaLink devices on specific versions of firmware before 2022-0 ...) + NOT-FOR-US: Xerox +CVE-2022-23967 + REJECTED +CVE-2022-23966 + RESERVED +CVE-2022-23965 + RESERVED +CVE-2022-23964 + RESERVED +CVE-2022-23963 + RESERVED +CVE-2022-23962 + RESERVED +CVE-2022-23961 + RESERVED +CVE-2022-23960 (Certain Arm Cortex and Neoverse processors through 2022-03-08 do not p ...) + {DSA-5173-1 DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ + NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/spectre-bhb + NOTE: https://xenbits.xen.org/xsa/advisory-398.html +CVE-2022-23959 (In Varnish Cache before 6.6.2 and 7.x before 7.0.2, Varnish Cache 6.0 ...) + {DSA-5088-1 DLA-2920-1} + - varnish 7.1.0-5 (bug #1004433) + NOTE: https://varnish-cache.org/security/VSV00008.html + NOTE: https://docs.varnish-software.com/security/VSV00008/ + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/fceaefd4d59a3b5d5a4903a3f420e35eb430d0d4 (master) + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/9ed39d1f796369caafb647fe37b729c07f332327 (6.6.2) + NOTE: Test case: https://github.com/varnishcache/varnish-cache/commit/ec531e16b9cd139bbf8971c5b306561c669681f4 (6.6.2) +CVE-2022-23958 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23957 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23956 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23955 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23954 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23953 (Potential vulnerabilities have been identified in the BIOS for some HP ...) + NOT-FOR-US: HP +CVE-2022-23952 (In Keylime before 6.3.0, current keylime installer installs the keylim ...) + NOT-FOR-US: Keylime +CVE-2022-23951 (In Keylime before 6.3.0, quote responses from the agent can contain po ...) + NOT-FOR-US: Keylime +CVE-2022-23950 (In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path fo ...) + NOT-FOR-US: Keylime +CVE-2022-23949 (In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue ag ...) + NOT-FOR-US: Keylime +CVE-2022-23948 (A flaw was found in Keylime before 6.3.0. The logic in the Keylime age ...) + NOT-FOR-US: Keylime +CVE-2022-0371 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/350476 +CVE-2022-0370 (Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat ...) + NOT-FOR-US: livehelperchat +CVE-2022-0369 + RESERVED +CVE-2021-46560 (The firmware on Moxa TN-5900 devices through 3.1 allows command inject ...) + NOT-FOR-US: Moxa +CVE-2021-46559 (The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm ...) + NOT-FOR-US: Moxa +CVE-2019-25056 (In Bromite through 78.0.3904.130, there are adblock rules in the relea ...) + NOT-FOR-US: Bromite +CVE-2022-23947 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + {DSA-5214-1 DLA-3078-1 DLA-2998-1} + - kicad 6.0.2+dfsg-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460 + NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700 + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3 (master) + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3 (6.0.2) +CVE-2022-23946 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + {DSA-5214-1 DLA-3078-1 DLA-2998-1} + - kicad 6.0.2+dfsg-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1460 + NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10700 + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/54b20cb0492ee20eb9efaff478eaa51fe17b4ca3 (master) + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/a7fbdfe9182fe075d1f36cf1f23432b28caf03b3 (6.0.2) +CVE-2022-23945 (Missing authentication on ShenYu Admin when register by HTTP. This iss ...) + NOT-FOR-US: Apache ShenYu Admin +CVE-2022-23944 (User can access /plugin api without authentication. This issue affecte ...) + NOT-FOR-US: Apache ShenYu Admin +CVE-2022-23943 (Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server all ...) + {DLA-2960-1} + - apache2 2.4.53-1 + [bullseye] - apache2 2.4.53-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-23943 + NOTE: Fixed by: https://svn.apache.org/r1898695 + NOTE: Fixed by: https://svn.apache.org/r1898772 +CVE-2022-23942 (Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initializ ...) + NOT-FOR-US: Apache Doris (different from src:doris) +CVE-2022-21184 (An information disclosure vulnerability exists in the License registra ...) + NOT-FOR-US: Bachmann Visutec GmbH Atvise +CVE-2022-0368 (Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/bca9ce1f-400a-4bf9-9207-3f3187cb3fa9/ + NOTE: https://github.com/vim/vim/commit/8d02ce1ed75d008c34a5c9aaa51b67cbb9d33baa (v8.2.4217) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0367 (A heap-based buffer overflow flaw was found in libmodbus in function m ...) + {DLA-3098-1} + - libmodbus 3.1.6-2.1 (bug #1021270) + [bullseye] - libmodbus (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045571 + NOTE: https://github.com/stephane/libmodbus/issues/614 + NOTE: Fixed by: https://github.com/stephane/libmodbus/commit/b4ef4c17d618eba0adccc4c7d9e9a1ef809fc9b6 (v3.1.7) +CVE-2022-0366 (An authenticated and authorized agent user could potentially gain admi ...) + NOT-FOR-US: Sophos +CVE-2022-0365 (The affected product is vulnerable to an authenticated OS command inje ...) + NOT-FOR-US: Ricon Mobile +CVE-2022-0364 (The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0363 (The myCred WordPress plugin before 2.4.3.1 does not have any authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0362 (SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.) + NOT-FOR-US: ShowDoc +CVE-2022-0361 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/a055618c-0311-409c-a78a-99477121965b + NOTE: https://github.com/vim/vim/commit/dc5490e2cbc8c16022a23b449b48c1bd0083f366 (v8.2.4215) +CVE-2022-0360 (The Easy Drag And drop All Import : WP Ultimate CSV Importer WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0359 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/a3192d90-4f82-4a67-b7a6-37046cc88def + NOTE: https://github.com/vim/vim/commit/85b6747abc15a7a81086db31289cf1b8b17e6cb1 (v8.2.4214) +CVE-2022-0358 (A flaw was found in the QEMU virtio-fs shared file system daemon (virt ...) + {DSA-5133-1} + - qemu 1:7.0+dfsg-1 + [buster] - qemu (Vulnerable code not present) + [stretch] - qemu (virtiofsd added in 5.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/449e8171f96a6a944d1f3b7d3627ae059eae21ca +CVE-2022-0357 (Unquoted Search Path or Element vulnerability in the Vulnerability Sca ...) + NOT-FOR-US: Bitdefender +CVE-2022-0356 + RESERVED +CVE-2021-4215 + REJECTED +CVE-2021-4214 (A heap overflow flaw was found in libpngs' pngimage.c program. This fl ...) + - libpng1.6 (unimportant) + NOTE: https://github.com/glennrp/libpng/issues/302 + NOTE: Crash in CLI package, not shipped in binary packages +CVE-2021-4213 (A flaw was found in JSS, where it did not properly free up all memory. ...) + - jss 5.2.0-1 (bug #1014770) + [bullseye] - jss (Minor issue) + [buster] - jss (Minor issue) + [stretch] - jss (revisit when/if fix is complete) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2042900 + NOTE: https://github.com/dogtagpki/jss/commit/5922560a78d0dee61af8a33cc9cfbf4cfa291448 (v5.2.0-beta1) + NOTE: https://github.com/dogtagpki/jss/commit/3aabe0e9d59b0a42e68ac8cd0468f9c5179967d2 (v5.2.0-beta1) +CVE-2022-23941 + RESERVED +CVE-2022-23940 (SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execu ...) + NOT-FOR-US: SuiteCRM +CVE-2022-23939 + RESERVED +CVE-2022-23938 + RESERVED +CVE-2022-23937 (In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to ...) + NOT-FOR-US: Wind River +CVE-2022-23936 + RESERVED +CVE-2022-23935 (lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ / ...) + - libimage-exiftool-perl 12.38+dfsg-1 + [bullseye] - libimage-exiftool-perl (Minor issue) + [buster] - libimage-exiftool-perl (Minor issue) + [stretch] - libimage-exiftool-perl (Minor issue) + NOTE: https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582 (12.38) +CVE-2022-23934 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23933 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23932 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23931 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23930 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23929 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23928 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23927 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23926 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23925 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23924 (Potential vulnerabilities have been identified in the system BIOS of c ...) + NOT-FOR-US: HP +CVE-2022-23919 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-23918 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-23399 (A stack-based buffer overflow vulnerability exists in the confsrv set_ ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-22144 (A hard-coded password vulnerability exists in the libcommonprod.so pro ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-22140 (An os command injection vulnerability exists in the confsrv ucloud_add ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-21201 (A stack-based buffer overflow vulnerability exists in the confers uclo ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-21178 (An os command injection vulnerability exists in the confsrv ucloud_add ...) + NOT-FOR-US: TCL LinkHub Mesh Wi-Fi +CVE-2022-0355 (Improper Removal of Sensitive Information Before Storage or Transfer i ...) + NOT-FOR-US: simple-get nodejs module +CVE-2022-0354 (A vulnerability was reported in Lenovo System Update that could allow ...) + NOT-FOR-US: Lenovo +CVE-2022-0353 (A denial of service vulnerability was reported in the Lenovo HardwareS ...) + NOT-FOR-US: Lenovo +CVE-2021-4212 (A potential vulnerability in the SMI callback function used in the Leg ...) + NOT-FOR-US: Lenovo +CVE-2021-4211 (A potential vulnerability in the SMI callback function used in the SMB ...) + NOT-FOR-US: Lenovo +CVE-2021-4210 (A potential vulnerability in the SMI callback function used in the NVM ...) + NOT-FOR-US: Lenovo +CVE-2022-23913 (In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker coul ...) + NOT-FOR-US: Apache ActiveMQ Artemis +CVE-2022-23912 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23911 (The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23910 + RESERVED +CVE-2022-23909 (There is an unquoted service path in Sherpa Connector Service (SherpaC ...) + NOT-FOR-US: Sherpa Connector Service +CVE-2022-23908 + RESERVED +CVE-2022-23907 (CMS Made Simple v2.2.15 was discovered to contain a reflected cross-si ...) + NOT-FOR-US: CMS Made Simple +CVE-2022-23906 (CMS Made Simple v2.2.15 was discovered to contain a Remote Command Exe ...) + NOT-FOR-US: CMS Made Simple +CVE-2022-23905 + RESERVED +CVE-2022-23904 (Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request For ...) + NOT-FOR-US: Rainworx Auctionworx +CVE-2022-23903 (A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-ad ...) + NOT-FOR-US: pear-admin-think +CVE-2022-23902 (Tongda2000 v11.10 was discovered to contain a SQL injection vulnerabil ...) + NOT-FOR-US: Tongda2000 +CVE-2022-23901 (A stack overflow re2c 2.2 exists due to infinite recursion issues in s ...) + - re2c 3.0-1 (unimportant) + NOTE: https://github.com/skvadrik/re2c/issues/394 + NOTE: https://github.com/skvadrik/re2c/commit/a3473fd7be829cb33907cb08612f955133c70a96 (3.0) + NOTE: https://github.com/skvadrik/re2c/commit/039c18949190c5de5397eba504d2c75dad2ea9ca (3.0) + NOTE: Crash im CLI tool, no security impact +CVE-2022-23900 (A command injection vulnerability in the API of the Wavlink WL-WN531P3 ...) + NOT-FOR-US: Wavlink +CVE-2022-23899 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: MCMS +CVE-2022-23898 (MCMS v5.2.5 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: MCMS +CVE-2022-23897 + RESERVED +CVE-2022-23896 (Admidio 4.1.2 version is affected by stored cross-site scripting (XSS) ...) + NOT-FOR-US: Admidio +CVE-2022-23895 + RESERVED +CVE-2022-23894 + RESERVED +CVE-2022-23893 + RESERVED +CVE-2022-23892 + RESERVED +CVE-2022-23891 + RESERVED +CVE-2022-23890 + RESERVED +CVE-2022-23889 (The comment function in YzmCMS v6.3 was discovered as being able to be ...) + NOT-FOR-US: YzmCMS +CVE-2022-23888 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgey (CSR ...) + NOT-FOR-US: YzmCMS +CVE-2022-23887 (YzmCMS v6.3 was discovered to contain a Cross-Site Request Forgery (CS ...) + NOT-FOR-US: YzmCMS +CVE-2022-23886 + RESERVED +CVE-2022-23885 + RESERVED +CVE-2022-23884 (Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overf ...) + NOT-FOR-US: Mojang Bedrock Dedicated Server +CVE-2022-23883 + RESERVED +CVE-2022-23882 (TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\B ...) + NOT-FOR-US: TuziCMS +CVE-2022-23881 (ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execut ...) + NOT-FOR-US: zzzcms +CVE-2022-23880 (An arbitrary file upload vulnerability in the File Management function ...) + NOT-FOR-US: taoCMS +CVE-2022-23879 + RESERVED +CVE-2022-23878 (seacms V11.5 is affected by an arbitrary code execution vulnerability ...) + NOT-FOR-US: seacms +CVE-2022-23877 + RESERVED +CVE-2022-23876 + RESERVED +CVE-2022-23875 + RESERVED +CVE-2022-23874 + RESERVED +CVE-2022-23873 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Victor CMS +CVE-2022-23872 (Emlog pro v1.1.1 was discovered to contain a stored cross-site scripti ...) + NOT-FOR-US: Emlog pro +CVE-2022-23871 (Multiple cross-site scripting (XSS) vulnerabilities in the component o ...) + NOT-FOR-US: Gibbon CMS +CVE-2022-23870 + RESERVED +CVE-2022-23869 (In RuoYi v4.7.2 through the WebUI, user test1 does not have permission ...) + NOT-FOR-US: RuoYi +CVE-2022-23868 (RuoYi v4.7.2 contains a CSV injection vulnerability through ruoyi-admi ...) + NOT-FOR-US: RuoYi +CVE-2022-23867 + RESERVED +CVE-2022-23866 + RESERVED +CVE-2022-23865 (Nyron 1.0 is affected by a SQL injection vulnerability through Nyron/L ...) + NOT-FOR-US: Nyron +CVE-2022-0352 (Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6 ...) + - calibre-web (bug #982690) +CVE-2022-0351 (Access of Memory Location Before Start of Buffer in GitHub repository ...) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/8b36db58-b65c-4298-be7f-40b9e37fd161 + NOTE: https://github.com/vim/vim/commit/fe6fb267e6ee5c5da2f41889e4e0e0ac5bf4b89d (v8.2.4206) +CVE-2022-0350 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) + NOT-FOR-US: vditor +CVE-2022-0349 (The NotificationX WordPress plugin before 2.3.9 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0348 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + NOT-FOR-US: pimcore +CVE-2022-0347 (The LoginPress | Custom Login Page Customizer WordPress plugin before ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0346 (The XML Sitemap Generator for Google WordPress plugin before 2.0.4 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0345 (The Customize WordPress Emails and Alerts WordPress plugin before 1.8. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0344 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/37015 +CVE-2022-0343 (A local attacker, as a different local user, may be able to send a HTT ...) + NOT-FOR-US: Android +CVE-2022-0342 (An authentication bypass vulnerability in the CGI program of Zyxel USG ...) + NOT-FOR-US: Zyxel +CVE-2021-46558 (Multiple cross-site scripting (XSS) vulnerabilities in the Add User mo ...) + NOT-FOR-US: Issabel +CVE-2021-46557 (Vicidial 2.14-783a was discovered to contain a cross-site scripting (X ...) + NOT-FOR-US: Vicidial +CVE-2021-46556 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46555 + RESERVED +CVE-2021-46554 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46553 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46552 + RESERVED +CVE-2021-46551 + RESERVED +CVE-2021-46550 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46549 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46548 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46547 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46546 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46545 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46544 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46543 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46542 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46541 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46540 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46539 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46538 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46537 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46536 + RESERVED +CVE-2021-46535 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46534 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46533 + RESERVED +CVE-2021-46532 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46531 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46530 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46529 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46528 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46527 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46526 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46525 (Cesanta MJS v2.20.0 was discovered to contain a heap-use-after-free vi ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46524 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46523 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46522 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46521 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46520 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46519 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46518 (Cesanta MJS v2.20.0 was discovered to contain a heap buffer overflow v ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46517 (There is an Assertion `mjs_stack_size(&mjs->scopes) > 0' failed at src ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46516 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46515 (There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len' fai ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46514 (There is an Assertion 'ppos != NULL && mjs_is_number(*ppos)' failed at ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46513 (Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46512 (Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46511 (There is an Assertion `m->len >= sizeof(v)' failed at src/mjs_core.c i ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46510 (There is an Assertion `s < mjs->owned_strings.buf + mjs->owned_strings ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46509 (Cesanta MJS v2.20.0 was discovered to contain a stack overflow via snq ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46508 (There is an Assertion `i < parts_cnt' failed at src/mjs_bcode.c in Ces ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-46507 (Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg ...) + NOT-FOR-US: Jsish +CVE-2021-46506 (There is an Assertion 'v->d.lval != v' failed at src/jsiValue.c in Jsi ...) + NOT-FOR-US: Jsish +CVE-2021-46505 (Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x ...) + NOT-FOR-US: Jsish +CVE-2021-46504 (There is an Assertion 'vp != resPtr' failed at jsiEval.c in Jsish v3.5 ...) + NOT-FOR-US: Jsish +CVE-2021-46503 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) + NOT-FOR-US: Jsish +CVE-2021-46502 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/ ...) + NOT-FOR-US: Jsish +CVE-2021-46501 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortS ...) + NOT-FOR-US: Jsish +CVE-2021-46500 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_A ...) + NOT-FOR-US: Jsish +CVE-2021-46499 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) + NOT-FOR-US: Jsish +CVE-2021-46498 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_w ...) + NOT-FOR-US: Jsish +CVE-2021-46497 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_U ...) + NOT-FOR-US: Jsish +CVE-2021-46496 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_O ...) + NOT-FOR-US: Jsish +CVE-2021-46495 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Delet ...) + NOT-FOR-US: Jsish +CVE-2021-46494 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_V ...) + NOT-FOR-US: Jsish +CVE-2021-46493 + RESERVED +CVE-2021-46492 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Fu ...) + NOT-FOR-US: Jsish +CVE-2021-46491 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Co ...) + NOT-FOR-US: Jsish +CVE-2021-46490 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Number ...) + NOT-FOR-US: Jsish +CVE-2021-46489 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_D ...) + NOT-FOR-US: Jsish +CVE-2021-46488 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) + NOT-FOR-US: Jsish +CVE-2021-46487 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x ...) + NOT-FOR-US: Jsish +CVE-2021-46486 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_Ar ...) + NOT-FOR-US: Jsish +CVE-2021-46485 (Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_Va ...) + NOT-FOR-US: Jsish +CVE-2021-46484 (Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_I ...) + NOT-FOR-US: Jsish +CVE-2021-46483 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Bool ...) + NOT-FOR-US: Jsish +CVE-2021-46482 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via Numb ...) + NOT-FOR-US: Jsish +CVE-2021-46481 (Jsish v3.5.0 was discovered to contain a memory leak via linenoise at ...) + NOT-FOR-US: Jsish +CVE-2021-46480 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiV ...) + NOT-FOR-US: Jsish +CVE-2021-46479 + RESERVED +CVE-2021-46478 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiC ...) + NOT-FOR-US: Jsish +CVE-2021-46477 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegE ...) + NOT-FOR-US: Jsish +CVE-2021-46476 + RESERVED +CVE-2021-46475 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ ...) + NOT-FOR-US: Jsish +CVE-2021-46474 (Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiE ...) + NOT-FOR-US: Jsish +CVE-2021-46473 + RESERVED +CVE-2021-46472 + RESERVED +CVE-2021-46471 + RESERVED +CVE-2021-46470 + RESERVED +CVE-2021-46469 + RESERVED +CVE-2021-46468 + RESERVED +CVE-2021-46467 + RESERVED +CVE-2021-46466 + RESERVED +CVE-2021-46465 + RESERVED +CVE-2021-46464 + RESERVED +CVE-2021-46463 (njs through 0.7.1, used in NGINX, was discovered to contain a control ...) + NOT-FOR-US: njs +CVE-2021-46462 (njs through 0.7.1, used in NGINX, was discovered to contain a segmenta ...) + NOT-FOR-US: njs +CVE-2021-46461 (njs through 0.7.0, used in NGINX, was discovered to contain an out-of- ...) + NOT-FOR-US: njs +CVE-2021-46460 + RESERVED +CVE-2021-46459 (Victor CMS v1.0 was discovered to contain multiple SQL injection vulne ...) + NOT-FOR-US: Victor CMS +CVE-2021-46458 (Victor CMS v1.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Victor CMS +CVE-2021-46457 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46456 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46455 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46454 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46453 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46452 (D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46451 (An SQL Injection vulnerabilty exists in Sourcecodester Online Project ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46450 + RESERVED +CVE-2021-46449 + RESERVED +CVE-2021-46448 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46447 (A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46446 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46445 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46444 (H.H.G Multistore v5.1.0 and below was discovered to contain a SQL inje ...) + NOT-FOR-US: H.H.G Multistore +CVE-2021-46443 + REJECTED +CVE-2021-46442 (In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass auth ...) + NOT-FOR-US: D-Link +CVE-2021-46441 (In the "webupg" binary of D-Link DIR-825 G1, because of the lack of pa ...) + NOT-FOR-US: D-Link +CVE-2021-46440 (Storing passwords in a recoverable format in the DOCUMENTATION plugin ...) + NOT-FOR-US: Strapi +CVE-2021-46439 + REJECTED +CVE-2021-46438 + RESERVED +CVE-2021-46437 (An issue was discovered in ZZCMS 2021. There is a cross-site scripting ...) + NOT-FOR-US: zzcms +CVE-2021-46436 (An issue was discovered in ZZCMS 2021. There is a SQL injection vulner ...) + NOT-FOR-US: zzcms +CVE-2021-46435 + RESERVED +CVE-2021-46434 (EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/ap ...) + NOT-FOR-US: EMQ X Dashboard +CVE-2021-46433 (In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template ...) + NOT-FOR-US: fenom +CVE-2021-46432 + RESERVED +CVE-2021-46431 + RESERVED +CVE-2021-46430 + RESERVED +CVE-2021-46429 + RESERVED +CVE-2021-46428 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester S ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46427 (An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46426 (phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find ...) + - phpipam (bug #731713) +CVE-2021-46425 + RESERVED +CVE-2021-46424 (Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion ...) + NOT-FOR-US: Telesquare +CVE-2021-46423 (Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file do ...) + NOT-FOR-US: Telesquare +CVE-2021-46422 (Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vuln ...) + NOT-FOR-US: Telesquare +CVE-2021-46421 (Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an un ...) + NOT-FOR-US: Franklin Fueling Systems +CVE-2021-46420 (Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an ...) + NOT-FOR-US: Franklin Fueling Systems +CVE-2021-46419 (An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 ...) + NOT-FOR-US: Telesquare +CVE-2021-46418 (An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 ...) + NOT-FOR-US: Telesquare +CVE-2021-46417 (Insecure handling of a download function leads to disclosure of intern ...) + NOT-FOR-US: Franklin Fueling Systems +CVE-2021-46416 (Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware versio ...) + NOT-FOR-US: SMA SUNNY TRIPOWER inverter +CVE-2021-46415 + RESERVED +CVE-2021-46414 + RESERVED +CVE-2021-46413 + RESERVED +CVE-2021-46412 + RESERVED +CVE-2021-46411 + RESERVED +CVE-2021-46410 + RESERVED +CVE-2021-46409 + RESERVED +CVE-2021-46408 (Tenda AX12 v22.03.01.21 was discovered to contain a stack buffer overf ...) + NOT-FOR-US: Tenda +CVE-2021-46407 + RESERVED +CVE-2021-46406 + RESERVED +CVE-2021-46405 + RESERVED +CVE-2021-46404 + RESERVED +CVE-2022-23864 + RESERVED +CVE-2022-23863 (Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authen ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-23862 + RESERVED +CVE-2022-23861 + RESERVED +CVE-2022-23860 + RESERVED +CVE-2022-23859 + RESERVED +CVE-2022-23858 (A flaw was found in the REST API. An improperly handled REST API call ...) + NOT-FOR-US: StarWind Command Center +CVE-2022-23857 (model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to ...) + NOT-FOR-US: Navidrome +CVE-2022-23856 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) + NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) +CVE-2022-23855 (An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 ...) + NOT-FOR-US: Saviynt Enterprise Identity Cloud (EIC) +CVE-2022-23854 (AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerabl ...) + NOT-FOR-US: AVEVA InTouch Access Anywhere +CVE-2022-23853 (The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 a ...) + - kate 4:21.12.2-1 + [bullseye] - kate (Minor issue) + [buster] - kate (Minor issue) + [stretch] - kate (Minor issue) + - ktexteditor 5.93.0-1 (bug #1010180) + [bullseye] - ktexteditor (Minor issue) + [buster] - ktexteditor (Minor issue) + [stretch] - ktexteditor (Minor issue) + NOTE: https://kde.org/info/security/advisory-20220131-1.txt + NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/804e49444c093fe58ec0df2ab436565e50dc147e + NOTE: KTextEditor: Fixed by: https://commits.kde.org/ktexteditor/c80f935c345de2e2fb10635202800839ca9697bf + NOTE: Kate: prerequisites: + NOTE: https://commits.kde.org/kate/361dd43e42994829dbdb35e78fb7698d27cbb0e2 + NOTE: https://commits.kde.org/kate/6fc3bf6e5bd540e842e32c4a959c2158c8573be5 + NOTE: https://commits.kde.org/kate/92a9c65e30b4b63b8b116eb5c8dcb1e1a2d867bc + NOTE: Fixed by: https://commits.kde.org/kate/c5d66f3b70ae4778d6162564309aee95f643e7c9 + NOTE: Fixed by: https://commits.kde.org/kate/7e08a58fb50d28ba96aedd5f5cd79a9479b4a0ad +CVE-2022-23852 (Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML ...) + {DSA-5073-1 DLA-2935-1 DLA-2904-1} + - expat 2.4.3-2 + NOTE: https://github.com/libexpat/libexpat/pull/550 + NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 (R_2_4_4) + NOTE: Tests: https://github.com/libexpat/libexpat/commit/acf956f14bf79a5e6383a969aaffec98bfbc2e44 +CVE-2022-23851 + RESERVED +CVE-2022-0341 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) + NOT-FOR-US: vditor +CVE-2022-0340 + RESERVED +CVE-2021-4209 (A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash ...) + {DLA-3070-1} + - gnutls28 3.7.3-2 + [bullseye] - gnutls28 3.7.1-5+deb11u1 + [stretch] - gnutls28 (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2044156 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1306 + NOTE: https://gitlab.com/gnutls/gnutls/-/merge_requests/1503 + NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568 (3.7.3) +CVE-2022-24300 (Minetest before 5.4.0 allows attackers to add or modify arbitrary meta ...) + {DSA-5075-1} + - minetest 5.4.1+repack-1 (bug #1004223) + [stretch] - minetest (games are not supported in LTS) + NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf + NOTE: Fixed by: https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae (5.4.0) + NOTE: When fixing this issue the fix for GHSA-7q63-4fq2-hqcr should be included, + NOTE: which is not a vulnerability by itself, and won't get a CVE assigned: + NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-7q63-4fq2-hqcr + NOTE: https://github.com/minetest/minetest/commit/8d6a0b917ce1e7f4f1017835af0ca76e79c98c38 (5.2.0) +CVE-2022-24301 (In Minetest before 5.4.0, players can add or subtract items from a dif ...) + {DSA-5075-1} + - minetest 5.4.1+repack-1 + [stretch] - minetest (games are not supported in LTS) + NOTE: https://github.com/minetest/minetest/security/advisories/GHSA-fvwv-qcq6-wmp5 + NOTE: Fixed by: https://github.com/minetest/minetest/commit/3693b6871eba268ecc79b3f52d00d3cefe761131 (5.4.0) +CVE-2022-23850 (xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through ...) + - epub2txt2 (bug #1004115) +CVE-2022-23849 (The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 ...) + NOT-FOR-US: Devolutions Password Hub for iOS +CVE-2022-0339 (Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.) + - calibre-web (bug #982690) +CVE-2022-0338 (Insertion of Sensitive Information into Log File in Conda loguru prior ...) + - loguru (unimportant) + NOTE: https://huntr.dev/bounties/359bea50-2bc6-426a-b2f9-175d401b1ed0/ + NOTE: Document best practices for security: https://github.com/delgan/loguru/commit/ea39375e62f9b8f18e2ca798a5c0fb8c972b7eaa + NOTE: loguru documents security considerations and best practices to follow +CVE-2022-23848 (In Alluxio before 2.7.3, the logserver does not validate the input str ...) + NOT-FOR-US: Alluxio +CVE-2022-23847 + RESERVED +CVE-2022-23846 + RESERVED +CVE-2022-23845 + RESERVED +CVE-2022-23844 + RESERVED +CVE-2022-23843 + RESERVED +CVE-2022-23842 + RESERVED +CVE-2022-23841 + RESERVED +CVE-2022-23840 + RESERVED +CVE-2022-23839 + RESERVED +CVE-2022-23838 + RESERVED +CVE-2022-23837 (In api.rb in Sidekiq before 5.2.10 and 6.4.0, there is no limit on the ...) + {DLA-3360-1 DLA-2943-1} + - ruby-sidekiq 6.4.1+dfsg-1 (bug #1004193) + [bullseye] - ruby-sidekiq (Minor issue) + NOTE: https://github.com/mperham/sidekiq/commit/7785ac1399f1b28992adb56055f6acd88fd1d956 (v6.4.0) +CVE-2022-23836 + RESERVED +CVE-2022-23835 (The Visual Voice Mail (VVM) application through 2022-02-24 for Android ...) + NOT-FOR-US: Visual Voice Mail (VVM) application +CVE-2022-0337 (Inappropriate implementation in File System API in Google Chrome on Wi ...) + - chromium (Chrome on Windows) +CVE-2022-0336 (The Samba AD DC includes checks when adding service principals names ( ...) + [experimental] - samba 2:4.16.0+dfsg-1 + - samba 2:4.16.0+dfsg-2 (bug #1004694) + [bullseye] - samba 2:4.13.13+dfsg-1~deb11u3 + [buster] - samba (Minor issue; affects Samba as AD DC; EOLed. See DSA-5015-1) + NOTE: https://www.samba.org/samba/security/CVE-2022-0336.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14950 +CVE-2022-23834 + RESERVED +CVE-2022-23833 (An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27 ...) + {DSA-5254-1 DLA-3191-1 DLA-2906-1} + - python-django 2:3.2.12-1 (bug #1004752) + NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ + NOTE: https://github.com/django/django/commit/fc18f36c4ab94399366ca2f2007b3692559a6f23 (main) + NOTE: https://github.com/django/django/commit/f9c7d48fdd6f198a6494a9202f90242f176e4fc9 (4.0.2) + NOTE: https://github.com/django/django/commit/d16133568ef9c9b42cb7a08bdf9ff3feec2e5468 (3.2.12) + NOTE: https://github.com/django/django/commit/c477b761804984c932704554ad35f78a2e230c6a (2.2.27) +CVE-2022-23832 + REJECTED +CVE-2022-23831 (Insufficient validation of the IOCTL input buffer in AMD \u03bcProf ma ...) + NOT-FOR-US: AMD +CVE-2022-23830 (SMM configuration may not be immutable, as intended, when SNP is enabl ...) + NOT-FOR-US: AMD +CVE-2022-23829 + RESERVED +CVE-2022-23828 + RESERVED +CVE-2022-23827 + REJECTED +CVE-2022-23826 + RESERVED +CVE-2022-23825 (Aliases in the branch predictor may cause some AMD processors to predi ...) + {DSA-5184-1} + - xen 4.16.2-1 + [bullseye] - xen (Fix along in next DSA) + [buster] - xen (DSA 4677-1) + NOTE: https://comsec.ethz.ch/research/microarch/retbleed/ + NOTE: https://comsec.ethz.ch/wp-content/files/retbleed_addendum_sec22.pdf + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037 + NOTE: https://xenbits.xen.org/xsa/advisory-407.html + NOTE: Followup (which did not got a new CVE allocated by AMD): + NOTE: https://xenbits.xen.org/xsa/advisory-422.html + NOTE: https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion.pdf +CVE-2022-23824 (IBPB may not prevent return branch predictions from being specified by ...) + {DSA-5378-1} + - xen 4.16.2+90-g0d39a6d1ae-1 + [buster] - xen (DSA 4677-1) + NOTE: https://xenbits.xen.org/xsa/advisory-422.html + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1040 +CVE-2022-23823 (A potential vulnerability in some AMD processors using frequency scali ...) + NOT-FOR-US: hardware vulnerability in AMD CPUs + NOTE: https://www.hertzbleed.com/ + NOTE: https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1038 +CVE-2022-23822 (In this physical attack, an attacker may potentially exploit the Zynq- ...) + NOT-FOR-US: Zynq-7000 SoC First Stage Boot Loader (FSBL) +CVE-2022-23821 (Improper access control in System Management Mode (SMM) may allow an a ...) + NOT-FOR-US: AMD +CVE-2022-23820 (Failure to validate the AMD SMM communication buffer may allow an atta ...) + NOT-FOR-US: AMD +CVE-2022-23819 + RESERVED +CVE-2022-23818 (Insufficient input validation on the model specific register: VM_HSAVE ...) + NOT-FOR-US: AMD +CVE-2022-23817 + RESERVED +CVE-2022-23816 + REJECTED +CVE-2022-23815 + RESERVED +CVE-2022-23814 (Failure to validate addresses provided by software to BIOS commands ma ...) + NOT-FOR-US: AMD +CVE-2022-23813 (The software interfaces to ASP and SMU may not enforce the SNP memory ...) + NOT-FOR-US: AMD +CVE-2022-22146 (Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allo ...) + NOT-FOR-US: TransmitMail +CVE-2022-21193 (Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allow ...) + NOT-FOR-US: TransmitMail +CVE-2022-21176 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-21143 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-21141 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-0335 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) + - moodle +CVE-2022-0334 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) + - moodle +CVE-2022-0333 (A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, ...) + - moodle +CVE-2022-0332 (A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injectio ...) + - moodle +CVE-2022-0331 (An information disclosure vulnerability in Webadmin allows an unauthen ...) + NOT-FOR-US: Sophos +CVE-2022-0330 (A random memory access flaw was found in the Linux kernel's GPU i915 k ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-2 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/12 + NOTE: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c +CVE-2022-0329 + REJECTED +CVE-2022-0328 (The Simple Membership WordPress plugin before 4.0.9 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0327 (The Master Addons for Elementor WordPress plugin before 1.8.5 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46403 + RESERVED +CVE-2021-4208 (The ExportFeed WordPress plugin through 2.0.1.0 does not sanitise and ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23809 + RESERVED +CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...) + - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59 + NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available) +CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before ...) + - phpmyadmin 4:5.1.3+dfsg1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32 + NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages) + NOTE: 2FA support is not packaged in Debian +CVE-2022-23806 (Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x bef ...) + {DLA-3395-1 DLA-2986-1 DLA-2985-1} + - golang-1.18 1.18~rc1-1 + - golang-1.17 1.17.7-1 + - golang-1.15 + [bullseye] - golang-1.15 1.15.15-1~deb11u3 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50974 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/e16331902340c02bdf1831b5508df2307b871ef6 (go1.17.7) +CVE-2022-23805 (A security out-of-bounds read information disclosure vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2022-23804 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + {DSA-5214-1 DLA-3078-1 DLA-2998-1} + - kicad 6.0.2+dfsg-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453 + NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719 + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2) + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master) +CVE-2022-23803 (A stack-based buffer overflow vulnerability exists in the Gerber Viewe ...) + {DSA-5214-1 DLA-3078-1 DLA-2998-1} + - kicad 6.0.2+dfsg-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2022-1453 + NOTE: https://gitlab.com/kicad/code/kicad/-/issues/10719 + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/927afe313d1f104391814ee7d5d9cca0a520aa50 (6.0.2) + NOTE: https://gitlab.com/kicad/code/kicad/-/commit/7ed569058c516974c47b4a506daa3daea4248e05 (master) +CVE-2022-23802 (Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The ...) + NOT-FOR-US: Joomla Guru extension +CVE-2022-23801 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS a ...) + NOT-FOR-US: Joomla! +CVE-2022-23800 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate con ...) + NOT-FOR-US: Joomla! +CVE-2022-23799 (An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific ...) + NOT-FOR-US: Joomla! +CVE-2022-23798 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 throug ...) + NOT-FOR-US: Joomla! +CVE-2022-23797 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) + NOT-FOR-US: Joomla! +CVE-2022-23796 (An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input ...) + NOT-FOR-US: Joomla! +CVE-2022-23795 (An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 throug ...) + NOT-FOR-US: Joomla! +CVE-2022-23794 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) + NOT-FOR-US: Joomla! +CVE-2022-23793 (An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 throug ...) + NOT-FOR-US: Joomla! +CVE-2022-0326 (NULL Pointer Dereference in Homebrew mruby prior to 3.2.) + - mruby (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/mruby/mruby/commit/dccd66f9efecd0a974b735c62836fe566015cf37 (3.1.0-rc) + NOTE: Fixed by: https://github.com/mruby/mruby/commit/b611c43a5de061ec21b343967e1b64c45c373d7e +CVE-2022-0325 + RESERVED +CVE-2022-0324 (There is a vulnerability in DHCPv6 packet parsing code that could be e ...) + NOT-FOR-US: SONiC +CVE-2021-46402 + RESERVED +CVE-2022-23792 + RESERVED +CVE-2022-23791 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager +CVE-2022-23790 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager +CVE-2022-23789 + RESERVED +CVE-2022-23788 + RESERVED +CVE-2022-23787 + RESERVED +CVE-2022-23786 + RESERVED +CVE-2022-23785 + RESERVED +CVE-2022-23784 + RESERVED +CVE-2022-23783 + RESERVED +CVE-2022-23782 + RESERVED +CVE-2022-23781 + RESERVED +CVE-2022-23780 + RESERVED +CVE-2022-21147 (An out of bounds read vulnerability exists in the malware scan functio ...) + NOT-FOR-US: ESTsoft Alyac +CVE-2022-0323 (Improper Neutralization of Special Elements Used in a Template Engine ...) + NOT-FOR-US: Mustache (implementation in PHP) +CVE-2022-0322 (A flaw was found in the sctp_make_strreset_req function in net/sctp/sm ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/a2d859e3fc97e79d907761550dbc03ff1b36479c (5.15-rc6) +CVE-2022-0321 (The WP Voting Contest WordPress plugin before 3.0 does not sanitise an ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0320 (The Essential Addons for Elementor WordPress plugin before 5.0.5 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0319 (Out-of-bounds Read in vim/vim prior to 8.2.) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/ba622fd2-e6ef-4ad9-95b4-17f87b68755b + NOTE: https://github.com/vim/vim/commit/05b27615481e72e3b338bb12990fb3e0c2ecc2a9 (v8.2.4154) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0318 (Heap-based Buffer Overflow in vim/vim prior to 8.2.) + {DLA-3204-1} + - vim 2:8.2.4659-1 (bug #1004859; unimportant) + [stretch] - vim (Fix introduces a test regression) + NOTE: https://huntr.dev/bounties/0d10ba02-b138-4e68-a284-67f781a62d08 + NOTE: https://github.com/vim/vim/commit/57df9e8a9f9ae1aafdde9b86b10ad907627a87dc (v8.2.4151) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0317 (An improper input validation vulnerability in go-attestation before 0. ...) + NOT-FOR-US: go-attestation +CVE-2022-0316 (The WeStand WordPress theme before 2.1, footysquare WordPress theme, a ...) + NOT-FOR-US: WordPress theme +CVE-2022-0315 (Insecure Temporary File in GitHub repository horovod/horovod prior to ...) + NOT-FOR-US: horovod +CVE-2022-23779 (Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the insta ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2022-23778 + RESERVED +CVE-2022-23777 + RESERVED +CVE-2022-23776 + RESERVED +CVE-2022-23775 (TrueStack Direct Connect 1.4.7 has Incorrect Access Control.) + NOT-FOR-US: TrueStack +CVE-2022-23774 (Docker Desktop before 4.4.4 on Windows allows attackers to move arbitr ...) + NOT-FOR-US: Docker Desktop +CVE-2022-23773 (cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret ...) + - golang-1.18 1.18~rc1-1 + - golang-1.17 1.17.7-1 + - golang-1.15 + [bullseye] - golang-1.15 1.15.15-1~deb11u3 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, requires branching access in hostile repository, intrusive patch, different code) + - golang-1.8 + [stretch] - golang-1.8 (vgo/modfetch module not present) + - golang-1.7 + [stretch] - golang-1.7 (vgo/modfetch module not present) + NOTE: https://github.com/golang/go/issues/35671 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/fbcc30a2c9d076b27b4b411e2cec91ec13528081 (go1.17.7) +CVE-2022-23772 (Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17. ...) + {DLA-2986-1 DLA-2985-1} + - golang-1.18 1.18~beta2-1 + - golang-1.17 1.17.7-1 + - golang-1.15 + [bullseye] - golang-1.15 1.15.15-1~deb11u3 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, DoS, code is different, importing Rat.SetString from 1.16 causes arm64-specific test suite failures) + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50699 + NOTE: https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ + NOTE: https://github.com/golang/go/commit/539d430efb5043cc6a2d4d4fcd2866b11717039a (go1.17.7) +CVE-2022-23771 (This vulnerability occurs in user accounts creation and deleteion rela ...) + NOT-FOR-US: IPTIME NAS products +CVE-2022-23770 (This vulnerability could allow a remote attacker to execute remote com ...) + NOT-FOR-US: Smart Wing CMS +CVE-2022-23769 (Remote code execution vulnerability due to insufficient user privilege ...) + NOT-FOR-US: reverseWall-MDS +CVE-2022-23768 (This Vulnerability in NIS-HAP11AC is caused by an exposed external por ...) + NOT-FOR-US: NIS-HAP11AC +CVE-2022-23767 (This vulnerability of SecureGate is SQL-Injection using login without ...) + NOT-FOR-US: SecureGate +CVE-2022-23766 (An improper input validation vulnerability leading to arbitrary file e ...) + NOT-FOR-US: BigFileAgent +CVE-2022-23765 (This vulnerability occured by sending a malicious POST request to a sp ...) + NOT-FOR-US: ipTIME NAS product +CVE-2022-23764 (The vulnerability causing from insufficient verification procedures fo ...) + NOT-FOR-US: WebCube for Windows +CVE-2022-23763 (Origin validation error vulnerability in NeoRS\u2019s ActiveX moudle a ...) + NOT-FOR-US: NeoRS for Windows +CVE-2022-23762 + RESERVED +CVE-2022-23761 + RESERVED +CVE-2022-23760 + RESERVED +CVE-2022-23759 + RESERVED +CVE-2022-23758 + RESERVED +CVE-2022-23757 + RESERVED +CVE-2022-23756 + RESERVED +CVE-2022-23755 + RESERVED +CVE-2022-23754 + RESERVED +CVE-2022-23753 + RESERVED +CVE-2022-23752 + RESERVED +CVE-2022-23751 + RESERVED +CVE-2022-23750 + RESERVED +CVE-2022-23749 + RESERVED +CVE-2022-23748 (mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable ...) + NOT-FOR-US: Zoom +CVE-2022-23747 (In Sony Xperia series 1, 5, and Pro, an out of bound memory access can ...) + NOT-FOR-US: Sony +CVE-2022-23746 (The IPsec VPN blade has a dedicated portal for downloading and connect ...) + NOT-FOR-US: IPsec VPN blade +CVE-2022-23745 (A potential memory corruption issue was found in Capsule Workspace And ...) + NOT-FOR-US: Checkpoint Harmony Capsule Workspace +CVE-2022-23744 (Check Point Endpoint before version E86.50 failed to protect against s ...) + NOT-FOR-US: Check Point +CVE-2022-23743 (Check Point ZoneAlarm before version 15.8.200.19118 allows a local act ...) + NOT-FOR-US: Check Point ZoneAlarm +CVE-2022-23742 (Check Point Endpoint Security Client for Windows versions earlier than ...) + NOT-FOR-US: Check Point Enterprise Endpoint +CVE-2022-23741 (An incorrect authorization vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-23740 (CRITICAL: An improper neutralization of argument delimiters in a comma ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-23739 (An incorrect authorization vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-23738 (An improper cache key vulnerability was identified in GitHub Enterpris ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-23737 (An improper privilege management vulnerability was identified in GitHu ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2022-23736 + RESERVED +CVE-2022-23735 + RESERVED +CVE-2022-23734 (A deserialization of untrusted data vulnerability was identified in Gi ...) + NOT-FOR-US: Github Enterprise Server +CVE-2022-23733 (A stored XSS vulnerability was identified in GitHub Enterprise Server ...) + NOT-FOR-US: Github Enterprise Server +CVE-2022-23732 (A path traversal vulnerability was identified in GitHub Enterprise Ser ...) + NOT-FOR-US: Github Enterprise Server +CVE-2022-23731 (V8 javascript engine (heap vulnerability) can cause privilege escalati ...) + NOT-FOR-US: LG +CVE-2022-23730 (The public API error causes for the attacker to be able to bypass API ...) + NOT-FOR-US: LG +CVE-2022-23729 (When the device is in factory state, it can be access the shell withou ...) + NOT-FOR-US: LGE +CVE-2022-23728 (Attacker can reset the device with AT Command in the process of reboot ...) + NOT-FOR-US: LG +CVE-2022-23727 (There is a privilege escalation vulnerability in some webOS TVs. Due t ...) + NOT-FOR-US: LG +CVE-2022-23726 (PingCentral versions prior to listed versions expose Spring Boot actua ...) + NOT-FOR-US: pingidentity +CVE-2022-23725 (PingID Windows Login prior to 2.8 does not properly set permissions on ...) + NOT-FOR-US: pingidentity +CVE-2022-23724 (Use of static encryption key material allows forging an authentication ...) + NOT-FOR-US: pingidentity +CVE-2022-23723 (An MFA bypass vulnerability exists in the PingFederate PingOne MFA Int ...) + NOT-FOR-US: pingidentity +CVE-2022-23722 (When a password reset mechanism is configured to use the Authenticatio ...) + NOT-FOR-US: pingidentity +CVE-2022-23721 (PingID integration for Windows login prior to 2.9 does not handle dupl ...) + NOT-FOR-US: PingID +CVE-2022-23720 (PingID Windows Login prior to 2.8 does not alert or halt operation if ...) + NOT-FOR-US: PingID Integration for Windows Login +CVE-2022-23719 (PingID Windows Login prior to 2.8 does not authenticate communication ...) + NOT-FOR-US: PingID Integration for Windows Login +CVE-2022-23718 (PingID Windows Login prior to 2.8 uses known vulnerable components tha ...) + NOT-FOR-US: PingID Integration for Windows Login +CVE-2022-23717 (PingID Windows Login prior to 2.8 is vulnerable to a denial of service ...) + NOT-FOR-US: PingID Integration for Windows Login +CVE-2022-23716 (A flaw was discovered in ECE before 3.1.1 that could lead to the discl ...) + NOT-FOR-US: Elastic Cloud Enterprise +CVE-2022-23715 (A flaw was discovered in ECE before 3.4.0 that might lead to the discl ...) + NOT-FOR-US: Elastic Cloud Enterprise +CVE-2022-23714 (A local privilege escalation (LPE) issue was discovered in the ransomw ...) + NOT-FOR-US: Elastic Endpoint Security for Windows +CVE-2022-23713 (A cross-site-scripting (XSS) vulnerability was discovered in the Vega ...) + NOT-FOR-US: Kibana addon +CVE-2022-23712 (A Denial of Service flaw was discovered in Elasticsearch. Using this v ...) + - elasticsearch +CVE-2022-23711 (A vulnerability in Kibana could expose sensitive information related t ...) + - kibana (bug #700337) +CVE-2022-23710 (A cross-site-scripting (XSS) vulnerability was discovered in the Data ...) + - kibana (bug #700337) +CVE-2022-23709 (A flaw was discovered in Kibana in which users with Read access to the ...) + - kibana (bug #700337) +CVE-2022-23708 (A flaw was discovered in Elasticsearch 7.17.0\u2019s upgrade assistant ...) + - elasticsearch +CVE-2022-23707 (An XSS vulnerability was found in Kibana index patterns. Using this vu ...) + - kibana (bug #700337) +CVE-2022-23706 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) + NOT-FOR-US: HPE OneView +CVE-2022-23705 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) + NOT-FOR-US: HPE +CVE-2022-23704 (A potential security vulnerability has been identified in Integrated L ...) + NOT-FOR-US: HPE +CVE-2022-23703 (A security vulnerability has been identified in HPE Nimble Storage Hyb ...) + NOT-FOR-US: HPE +CVE-2022-23702 (A potential security vulnerability has been identified in HPE Superdom ...) + NOT-FOR-US: HPE +CVE-2022-23701 (A potential remote host header injection security vulnerability has be ...) + NOT-FOR-US: HPE +CVE-2022-23700 (A local unauthorized read access to files vulnerability was discovered ...) + NOT-FOR-US: HPE +CVE-2022-23699 (A local authentication restriction bypass vulnerability was discovered ...) + NOT-FOR-US: HPE +CVE-2022-23698 (A remote unauthenticated disclosure of information vulnerability was d ...) + NOT-FOR-US: HPE +CVE-2022-23697 (A remote cross-site scripting (xss) vulnerability was discovered in HP ...) + NOT-FOR-US: HPE +CVE-2022-23696 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-23695 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-23694 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-23693 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-23692 (Vulnerabilities in the web-based management interface of ClearPass Pol ...) + NOT-FOR-US: Aruba +CVE-2022-23691 (A vulnerability exists in certain AOS-CX switch models which could all ...) + NOT-FOR-US: Aruba +CVE-2022-23690 (A vulnerability in the web-based management interface of AOS-CX could ...) + NOT-FOR-US: Aruba +CVE-2022-23689 (Multiple vulnerabilities exist in the processing of packet data by the ...) + NOT-FOR-US: Aruba +CVE-2022-23688 (Multiple vulnerabilities exist in the processing of packet data by the ...) + NOT-FOR-US: Aruba +CVE-2022-23687 (Multiple vulnerabilities exist in the processing of packet data by the ...) + NOT-FOR-US: Aruba +CVE-2022-23686 (Multiple vulnerabilities exist in the processing of packet data by the ...) + NOT-FOR-US: Aruba +CVE-2022-23685 (A vulnerability in the ClearPass Policy Manager web-based management i ...) + NOT-FOR-US: Aruba +CVE-2022-23684 (A vulnerability in the web-based management interface of AOS-CX could ...) + NOT-FOR-US: Aruba +CVE-2022-23683 (Authenticated command injection vulnerabilities exist in the AOS-CX Ne ...) + NOT-FOR-US: Aruba +CVE-2022-23682 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...) + NOT-FOR-US: Aruba +CVE-2022-23681 (Multiple vulnerabilities exist in the AOS-CX command line interface th ...) + NOT-FOR-US: Aruba +CVE-2022-23680 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...) + NOT-FOR-US: Aruba +CVE-2022-23679 (AOS-CX lacks Anti-CSRF protections in place for state-changing operati ...) + NOT-FOR-US: Aruba +CVE-2022-23678 (A vulnerability in the Aruba Virtual Intranet Access (VIA) client for ...) + NOT-FOR-US: Aruba +CVE-2022-23677 (A remote execution of arbitrary code vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2022-23676 (A remote execution of arbitrary code vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2022-23675 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23674 (A remote authenticated stored cross-site scripting (xss) vulnerability ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23673 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23672 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23671 (A remote authenticated information disclosure vulnerability was discov ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23670 (A remote authenticated information disclosure vulnerability was discov ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23669 (A remote authorization bypass vulnerability was discovered in Aruba Cl ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23668 (A remote authenticated server-side request forgery (ssrf) vulnerabilit ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23667 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23666 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23665 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23664 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23663 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23662 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23661 (A authenticated remote command injection vulnerability was discovered ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23660 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23659 (A remote reflected cross site scripting (xss) vulnerability was discov ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23658 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23657 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba Networks ClearPass +CVE-2022-23656 (Zulip is an open source team chat app. The `main` development branch o ...) + - zulip-server (bug #800052) +CVE-2022-23655 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...) + NOT-FOR-US: October CMS +CVE-2022-23654 (Wiki.js is a wiki app built on Node.js. In affected versions an authen ...) + NOT-FOR-US: Wiki.js +CVE-2022-23653 (B2 Command Line Tool is the official command line tool for the backbla ...) + NOT-FOR-US: B2 (CLI tool for Backblaze) +CVE-2022-23652 (capsule-proxy is a reverse proxy for Capsule Operator which provides m ...) + NOT-FOR-US: capsule-proxy +CVE-2022-23651 (b2-sdk-python is a python library to access cloud storage provided by ...) + NOT-FOR-US: b2-sdk-python +CVE-2022-23650 (Netmaker is a platform for creating and managing virtual overlay netwo ...) + NOT-FOR-US: Netmaker +CVE-2022-23649 (Cosign provides container signing, verification, and storage in an OCI ...) + NOT-FOR-US: Cosign +CVE-2022-23648 (containerd is a container runtime available as a daemon for Linux and ...) + {DSA-5091-1} + - containerd 1.6.1~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/02/1 +CVE-2022-23647 (Prism is a syntax highlighting library. Starting with version 1.14.0 a ...) + - node-prismjs 1.27.0+dfsg+~1.26.0-1 + [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u2 + NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-3949-f494-cm99 + NOTE: https://github.com/PrismJS/prism/issues/3340 + NOTE: https://github.com/PrismJS/prism/pull/3341 + NOTE: https://github.com/PrismJS/prism/commit/e002e78c343154e1c0ddf9d6a0bb85689e1a5c7c (v1.27.0) +CVE-2022-23646 (Next.js is a React framework. Starting with version 10.0.0 and prior t ...) + NOT-FOR-US: next.js +CVE-2022-23645 (swtpm is a libtpms-based TPM emulator with socket, character device, a ...) + - swtpm 0.7.1-1 + NOTE: https://github.com/stefanberger/swtpm/security/advisories/GHSA-2qgm-8xf4-3hqw + NOTE: https://github.com/stefanberger/swtpm/commit/9f740868fc36761de27df3935513bdebf8852d19 +CVE-2022-23644 (BookWyrm is a decentralized social network for tracking reading habits ...) + NOT-FOR-US: BookWyrm +CVE-2022-23643 (Sourcegraph is a code search and navigation engine. Sourcegraph versio ...) + NOT-FOR-US: Sourcegraph +CVE-2022-23642 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) + NOT-FOR-US: Sourcegraph +CVE-2022-23641 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2022-23640 (Excel-Streaming-Reader is an easy-to-use implementation of a streaming ...) + NOT-FOR-US: Excel-Streaming-Reader +CVE-2022-23639 (crossbeam-utils provides atomics, synchronization primitives, scoped t ...) + - rust-crossbeam-utils 0.8.8-1 + [bullseye] - rust-crossbeam-utils (Minor issue) + [buster] - rust-crossbeam-utils (Minor issue) + - rust-crossbeam-utils-0.7 + NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-qc84-gqf4-9926 + NOTE: https://github.com/crossbeam-rs/crossbeam/pull/781 +CVE-2022-23638 (svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scri ...) + NOT-FOR-US: darylldoyle svg-sanitizer +CVE-2022-23637 (K-Box is a web-based application to manage documents, images, videos a ...) + NOT-FOR-US: K-Box +CVE-2022-23636 (Wasmtime is an open source runtime for WebAssembly & WASI. Prior to ve ...) + NOT-FOR-US: wasmtime +CVE-2022-23635 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-23634 (Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` ...) + {DSA-5146-1 DLA-3083-1 DLA-3023-1} + - puma 5.6.4-1 (bug #1005391) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h + NOTE: https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb (v5.6.3) + NOTE: Related issue to CVE-2022-23633 for src:rails +CVE-2022-23633 (Action Pack is a framework for handling and responding to web requests ...) + {DSA-5372-1 DLA-3093-1} + - rails 2:6.1.4.6+dfsg-1 (bug #1005389) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/11/5 + NOTE: Fixed by: https://github.com/rails/rails/commit/07d9600172a18b45791c89e95a642e13fc367545 (v6.1.4.5) + NOTE: Followup: https://github.com/rails/rails/commit/d1267768e9f57ebcf86ff7f011aca7fb08e733eb (v6.1.4.6) + NOTE: Fixed by: https://github.com/rails/rails/commit/e9015f91dd685472f915f8aa1eb18b0e0763e013 (v6.0.4.5) + NOTE: Followup: https://github.com/rails/rails/commit/f85b396e5a0019eb614e4ee436ea713089696833 (v6.0.4.6) + NOTE: Fixed by: https://github.com/rails/rails/commit/ddaf5058350b3a72f59b7c3e0d713678354b9a08 (v5.2.6.1) + NOTE: Followup: https://github.com/rails/rails/commit/676ad96fa5d9d0213babc32c9bad8190597a00d1 (v5.2.6.2) +CVE-2022-23632 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) + - traefik (bug #983289) +CVE-2022-23631 (superjson is a program to allow JavaScript expressions to be serialize ...) + NOT-FOR-US: superjson +CVE-2022-23630 (Gradle is a build tool with a focus on build automation and support fo ...) + - gradle (Vulnerable node not yet uploaded; introduced in 6.2) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-9pf5-88jw-3qgr + NOTE: https://github.com/gradle/gradle/commit/88ab9b652933bc3b2e3161b31ad8b8f4f0516351 (v7.4.0-RC2) +CVE-2022-23629 + RESERVED +CVE-2022-23628 (OPA is an open source, general-purpose policy engine. Under certain co ...) + NOT-FOR-US: OPA +CVE-2022-23627 (ArchiSteamFarm (ASF) is a C# application with primary purpose of idlin ...) + NOT-FOR-US: ArchiSteamFarm +CVE-2022-23626 (m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Erro ...) + NOT-FOR-US: m1k1o/blog +CVE-2022-23625 (Wire-ios is a messaging application using the wire protocol on apple's ...) + NOT-FOR-US: Wire-ios +CVE-2022-23624 (Frourio-express is a minimal full stack framework, for TypeScript. Fro ...) + NOT-FOR-US: Frourio-express +CVE-2022-23623 (Frourio is a full stack framework, for TypeScript. Frourio users who u ...) + NOT-FOR-US: Frourio +CVE-2022-23622 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23619 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23618 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23617 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23616 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23615 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2022-23614 (Twig is an open source template language for PHP. When in a sandbox mo ...) + {DSA-5107-1} + - php-twig 3.3.8-1 + - twig + [buster] - twig (The vulnerable code was introduced later) + [stretch] - twig (The vulnerable code was introduced later) + NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-5mv2-rx3q-4w2v + NOTE: https://github.com/twigphp/Twig/pull/3641 + NOTE: https://github.com/twigphp/Twig/commit/2eb33080558611201b55079d07ac88f207b466d5 (v3.3.8) +CVE-2022-23613 (xrdp is an open source remote desktop protocol (RDP) server. In affect ...) + - xrdp 0.9.17-2.1 (bug #1005304) + [bullseye] - xrdp (Vulnerable code not present) + [buster] - xrdp (Vulnerable code not present) + [stretch] - xrdp (Vulnerable code not present) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32 + NOTE: Introduced by: https://github.com/neutrinolabs/xrdp/commit/738e346f810c97d578df9e99a36520616ee201be (v0.9.17) + NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/4def30ab8ea445cdc06832a44c3ec40a506a0ffa +CVE-2022-23612 (OpenMRS is a patient-based medical record system focusing on giving pr ...) + NOT-FOR-US: OpenMRS +CVE-2022-23611 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) + NOT-FOR-US: iTunesRPC-Remastered +CVE-2022-23610 (wire-server provides back end services for Wire, an open source messen ...) + NOT-FOR-US: wire-server +CVE-2022-23609 (iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows ...) + NOT-FOR-US: iTunesRPC-Remastered +CVE-2022-23608 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-005.html + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 + NOTE: https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f +CVE-2022-23607 (treq is an HTTP library inspired by requests but written on top of Twi ...) + {DLA-2954-1} + - python-treq 22.2.0-0.1 (bug #1005041) + [bullseye] - python-treq (Minor issue) + [buster] - python-treq (Minor issue) + NOTE: https://github.com/twisted/treq/security/advisories/GHSA-fhpf-pp6p-55qc + NOTE: https://github.com/twisted/treq/commit/1da6022cc880bbcff59321abe02bf8498b89efb2 (release-22.1.0) +CVE-2022-23606 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2022-23605 (Wire webapp is a web client for the wire messaging protocol. In versio ...) + NOT-FOR-US: Wire webapp +CVE-2022-23604 (x26-Cogs is a repository of cogs made by Twentysix for the Red Discord ...) + NOT-FOR-US: x26-Cogs +CVE-2022-23603 (iTunesRPC-Remastered is a discord rich presence application for use wi ...) + NOT-FOR-US: iTunesRPC-Remastered +CVE-2022-23602 (Nimforum is a lightweight alternative to Discourse written in Nim. In ...) + NOT-FOR-US: Nimforum +CVE-2022-23601 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony (Vulnerable code not present; no Debian released version contained the vulnerable code) + NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms + NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50 +CVE-2022-23600 (fleet is an open source device management, built on osquery. Versions ...) + NOT-FOR-US: Fleet +CVE-2022-23599 (Products.ATContentTypes are the core content types for Plone 2.1 - 4.3 ...) + NOT-FOR-US: Plone +CVE-2022-23598 (laminas-form is a package for validating and displaying simple and com ...) + NOT-FOR-US: laminas-form +CVE-2022-23597 (Element Desktop is a Matrix client for desktop platforms with Element ...) + NOT-FOR-US: Element Desktop +CVE-2022-23596 (Junrar is an open source java RAR archive library. In affected version ...) + NOT-FOR-US: Junrar +CVE-2022-23595 (Tensorflow is an Open Source Machine Learning Framework. When building ...) + - tensorflow (bug #804612) +CVE-2022-23594 (Tensorflow is an Open Source Machine Learning Framework. The TFG diale ...) + - tensorflow (bug #804612) +CVE-2022-23593 (Tensorflow is an Open Source Machine Learning Framework. The `simplify ...) + - tensorflow (bug #804612) +CVE-2022-23592 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow's ...) + - tensorflow (bug #804612) +CVE-2022-23591 (Tensorflow is an Open Source Machine Learning Framework. The `GraphDef ...) + - tensorflow (bug #804612) +CVE-2022-23590 (Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` ...) + - tensorflow (bug #804612) +CVE-2022-23589 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + - tensorflow (bug #804612) +CVE-2022-23588 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + - tensorflow (bug #804612) +CVE-2022-23587 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + - tensorflow (bug #804612) +CVE-2022-23586 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + - tensorflow (bug #804612) +CVE-2022-23585 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + - tensorflow (bug #804612) +CVE-2022-23584 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + - tensorflow (bug #804612) +CVE-2022-23583 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + - tensorflow (bug #804612) +CVE-2022-23582 (Tensorflow is an Open Source Machine Learning Framework. A malicious u ...) + - tensorflow (bug #804612) +CVE-2022-23581 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) + - tensorflow (bug #804612) +CVE-2022-23580 (Tensorflow is an Open Source Machine Learning Framework. During shape ...) + - tensorflow (bug #804612) +CVE-2022-23579 (Tensorflow is an Open Source Machine Learning Framework. The Grappler ...) + - tensorflow (bug #804612) +CVE-2022-23578 (Tensorflow is an Open Source Machine Learning Framework. If a graph no ...) + - tensorflow (bug #804612) +CVE-2022-23577 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23576 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23575 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23574 (Tensorflow is an Open Source Machine Learning Framework. There is a ty ...) + - tensorflow (bug #804612) +CVE-2022-23573 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23572 (Tensorflow is an Open Source Machine Learning Framework. Under certain ...) + - tensorflow (bug #804612) +CVE-2022-23571 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + - tensorflow (bug #804612) +CVE-2022-23570 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + - tensorflow (bug #804612) +CVE-2022-23569 (Tensorflow is an Open Source Machine Learning Framework. Multiple oper ...) + - tensorflow (bug #804612) +CVE-2022-23568 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23567 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23566 (Tensorflow is an Open Source Machine Learning Framework. TensorFlow is ...) + - tensorflow (bug #804612) +CVE-2022-23565 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23564 (Tensorflow is an Open Source Machine Learning Framework. When decoding ...) + - tensorflow (bug #804612) +CVE-2022-23563 (Tensorflow is an Open Source Machine Learning Framework. In multiple p ...) + - tensorflow (bug #804612) +CVE-2022-23562 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-23561 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23560 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23559 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23558 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23557 (Tensorflow is an Open Source Machine Learning Framework. An attacker c ...) + - tensorflow (bug #804612) +CVE-2022-23556 (CodeIgniter is a PHP full-stack web framework. This vulnerability may ...) + - codeigniter (bug #471583) +CVE-2022-23555 (authentik is an open-source Identity Provider focused on flexibility a ...) + NOT-FOR-US: authentik +CVE-2022-23554 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...) + NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine) +CVE-2022-23553 (Alpine is a scaffolding library in Java. Alpine prior to version 1.10. ...) + NOT-FOR-US: Alpine Java scaffolding library (different from src:alpine) +CVE-2022-23552 (Grafana is an open-source platform for monitoring and observability. S ...) + - grafana +CVE-2022-23551 (aad-pod-identity assigns Azure Active Directory identities to Kubernet ...) + NOT-FOR-US: aad-pod-identity +CVE-2022-23550 + RESERVED +CVE-2022-23549 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2022-23548 (Discourse is an option source discussion platform. Prior to version 2. ...) + NOT-FOR-US: Discourse +CVE-2022-23537 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5358-1 DLA-3549-1 DLA-3335-1} + - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) + - ring 20230206.0~ds1-1 + - pjproject + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w + NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 +CVE-2022-23547 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5358-1 DLA-3549-1 DLA-3335-1} + - asterisk 1:20.4.0~dfsg+~cs6.13.40431414-1 (bug #1032092) + - ring 20230206.0~ds1-1 + - pjproject + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w + NOTE: https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1 + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr + NOTE: https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36 +CVE-2022-23546 (In version 2.9.0.beta14 of Discourse, an open-source discussion platfo ...) + NOT-FOR-US: Discourse +CVE-2022-23545 + RESERVED +CVE-2022-23544 (MeterSphere is a one-stop open source continuous testing platform, cov ...) + NOT-FOR-US: MeterSphere +CVE-2022-23543 (Silverware Games is a social network where people can play games onlin ...) + NOT-FOR-US: Silverware Games +CVE-2022-23542 (OpenFGA is an authorization/permission engine built for developers and ...) + NOT-FOR-US: OpenFGA +CVE-2022-23541 (jsonwebtoken is an implementation of JSON Web Tokens. Versions `<= 8.5 ...) + NOT-FOR-US: jsonwebtoken node module +CVE-2022-23540 (In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm def ...) + NOT-FOR-US: jsonwebtoken node module +CVE-2022-23539 (Versions `<=8.5.1` of `jsonwebtoken` library could be misconfigured so ...) + NOT-FOR-US: jsonwebtoken node module +CVE-2022-23538 (github.com/sylabs/scs-library-client is the Go client for the Singular ...) + - singularity-container 3.11.0+ds1-1 + NOTE: https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7 + NOTE: https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa + TODO: check details, might as well affect golang-github-apptainer-container-library-client +CVE-2022-23536 (Cortex provides multi-tenant, long term storage for Prometheus. A loca ...) + NOT-FOR-US: Cortex (multi-tenant, long term storage for Prometheus) +CVE-2022-23535 (LiteDB is a small, fast and lightweight .NET NoSQL embedded database. ...) + NOT-FOR-US: LiteDB +CVE-2022-23534 + RESERVED +CVE-2022-23533 + RESERVED +CVE-2022-23532 (APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j tha ...) + NOT-FOR-US: APOC +CVE-2022-23531 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...) + NOT-FOR-US: GuardDog +CVE-2022-23530 (GuardDog is a CLI tool to identify malicious PyPI packages. Versions p ...) + NOT-FOR-US: GuardDog +CVE-2022-23529 + REJECTED +CVE-2022-23528 + RESERVED +CVE-2022-23527 (mod_auth_openidc is an OpenID Certified\u2122 authentication and autho ...) + {DLA-3499-1} + - libapache2-mod-auth-openidc 2.4.12.2-1 (bug #1026444) + [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u2 + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-q6f2-285m-gr53 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/87119f44b9a88312dbc1f752d720bcd2371b94a8 (v2.4.12.2) +CVE-2022-23526 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) + - helm-kubernetes (bug #910799) +CVE-2022-23525 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) + - helm-kubernetes (bug #910799) +CVE-2022-23524 (Helm is a tool for managing Charts, pre-configured Kubernetes resource ...) + - helm-kubernetes (bug #910799) +CVE-2022-23523 (In versions prior to 0.8.1, the linux-loader crate uses the offsets an ...) + NOT-FOR-US: Rust crate linux-loader +CVE-2022-23522 (MindsDB is an open source machine learning platform. An unsafe extract ...) + NOT-FOR-US: mindsdb +CVE-2022-23521 (Git is distributed revision control system. gitattributes are a mechan ...) + {DSA-5332-1 DLA-3282-1} + - git 1:2.39.1-0.1 (bug #1029114) + NOTE: https://www.openwall.com/lists/oss-security/2023/01/17/4 + NOTE: https://github.com/git/git/commit/eb22e7dfa23da6bd9aed9bd1dad69e1e8e167d24 + NOTE: https://github.com/git/git/commit/8d0d48cf2157cfb914db1f53b3fe40785b86f3aa + NOTE: https://github.com/git/git/commit/24557209500e6ed618f04a8795a111a0c491a29c + NOTE: https://github.com/git/git/commit/34ace8bad02bb14ecc5b631f7e3daaa7a9bba7d9 + NOTE: https://github.com/git/git/commit/447ac906e189535e77dcb1f4bbe3f1bc917d4c12 + NOTE: https://github.com/git/git/commit/e1e12e97ac73ded85f7d000da1063a774b3cc14f + NOTE: https://github.com/git/git/commit/a60a66e409c265b2944f18bf43581c146812586d + NOTE: https://github.com/git/git/commit/d74b1fd54fdbc45966d12ea907dece11e072fb2b + NOTE: https://github.com/git/git/commit/dfa6b32b5e599d97448337ed4fc18dd50c90758f + NOTE: https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579 + NOTE: https://github.com/git/git/files/10430260/X41-OSTIF-Gitlab-Git-Security-Audit-20230117-public.pdf +CVE-2022-23520 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + {DLA-3566-1} + - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) + NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8 + NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md + NOTE: https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d (v1.4.4) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 (v1.4.4) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c (v1.5.0) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0) + NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1. +CVE-2022-23519 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + {DLA-3566-1} + - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) + NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h + NOTE: https://github.com/flavorjones/loofah/blob/main/docs/2022-10-decision-on-cdata-nodes.md + NOTE: https://github.com/rails/rails-html-sanitizer/commit/e6d52d3b6db99d07399498b1287997302d444a8d (v1.4.4) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/0713caf2ee23801cfb85e37065cf406368b20082 (v1.4.4) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/68ccf7e1dbaa425cc4a8651d5f583e754ef5061c (v1.5.0) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/373fc6295918c4b0aad02111e869f4e0c6fc788b (v1.5.0) + NOTE: Replaces CVE-2022-32209 fix, requires 'cdata_escape' from ruby-loofah >= 2.19.1. +CVE-2022-23518 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + {DLA-3566-1} + - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) + NOTE: https://github.com/rails/rails-html-sanitizer/issues/135 + NOTE: https://github.com/rails/rails-html-sanitizer/commit/d1223a29cb3e4151cdcb6ba6c8431708d8ce40a6 (v1.4.4) + NOTE: https://github.com/rails/rails-html-sanitizer/commit/bb6dfcbaaf9c5c8c4f77555557693c08d4d4ab48 (v1.5.0) + NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m +CVE-2022-23517 (rails-html-sanitizer is responsible for sanitizing HTML fragments in R ...) + {DLA-3566-1} + - ruby-rails-html-sanitizer 1.4.4-1 (bug #1027153) + NOTE: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w + NOTE: https://github.com/rails/rails-html-sanitizer/commit/56c61c0cebd1e493e8ad7bca2a0191609a4a6979 +CVE-2022-23516 (Loofah is a general library for manipulating and transforming HTML/XML ...) + {DLA-3565-1} + - ruby-loofah 2.19.1-1 (bug #1026083) + [bullseye] - ruby-loofah (Minor issue) + NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm + NOTE: https://github.com/flavorjones/loofah/commit/86f7f6364491b0099d215db858ecdc0c89ded040 +CVE-2022-23515 (Loofah is a general library for manipulating and transforming HTML/XML ...) + {DLA-3565-1} + - ruby-loofah 2.19.1-1 (bug #1026083) + [bullseye] - ruby-loofah (Minor issue) + NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx + NOTE: https://github.com/flavorjones/loofah/commit/415677f3cf7f9254f42f811e784985cd63c7407f +CVE-2022-23514 (Loofah is a general library for manipulating and transforming HTML/XML ...) + {DLA-3565-1} + - ruby-loofah 2.19.1-1 (bug #1026083) + [bullseye] - ruby-loofah (Minor issue) + NOTE: https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh + NOTE: https://github.com/flavorjones/loofah/commit/a6e0a1ab90675a17b1b2be189129d94139e4b143 +CVE-2022-23513 (Pi-Hole is a network-wide ad blocking via your own Linux hardware, Adm ...) + NOT-FOR-US: Pi-Hole +CVE-2022-23512 (MeterSphere is a one-stop open source continuous testing platform. Ver ...) + NOT-FOR-US: MeterSphere +CVE-2022-23511 (A privilege escalation issue exists within the Amazon CloudWatch Agent ...) + NOT-FOR-US: Amazon CloudWatch Agent +CVE-2022-23510 (cube-js is a headless business intelligence platform. In version 0.31. ...) + NOT-FOR-US: cube-js +CVE-2022-23509 (Weave GitOps is a simple open source developer platform for people who ...) + NOT-FOR-US: Weave GitOps +CVE-2022-23508 (Weave GitOps is a simple open source developer platform for people who ...) + NOT-FOR-US: Weave GitOps +CVE-2022-23507 (Tendermint is a high-performance blockchain consensus engine for Byzan ...) + NOT-FOR-US: Tendermint +CVE-2022-23506 (Spinnaker is an open source, multi-cloud continuous delivery platform ...) + NOT-FOR-US: Spinnaker +CVE-2022-23505 (Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens auth ...) + NOT-FOR-US: Passport-wsfed-saml2 +CVE-2022-23504 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo3 +CVE-2022-23503 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo3 +CVE-2022-23502 (TYPO3 is an open source PHP based web content management system. In ve ...) + NOT-FOR-US: Typo3 +CVE-2022-23501 (TYPO3 is an open source PHP based web content management system. In ve ...) + NOT-FOR-US: Typo3 +CVE-2022-23500 (TYPO3 is an open source PHP based web content management system. In ve ...) + NOT-FOR-US: Typo3 +CVE-2022-23499 (HTML sanitizer is written in PHP, aiming to provide XSS-safe markup ba ...) + NOT-FOR-US: Typo3 extension +CVE-2022-23498 (Grafana is an open-source platform for monitoring and observability. W ...) + - grafana (Specific to Grafana Enterprise) +CVE-2022-23497 (FreshRSS is a free, self-hostable RSS aggregator. User configuration f ...) + NOT-FOR-US: FreshRSS +CVE-2022-23496 (Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to ...) + NOT-FOR-US: Yet Another UserAgent Analyzer (Yauaa) +CVE-2022-23495 (go-merkledag implements the 'DAGService' interface and adds two ipld n ...) + NOT-FOR-US: go-merkledag +CVE-2022-23494 (tinymce is an open source rich text editor. A cross-site scripting (XS ...) + - tinymce + [buster] - tinymce (Minor issue) + NOTE: https://github.com/tinymce/tinymce/commit/6923d85eba6de3e08ebc9c5a387b5abdaa21150e + NOTE: https://github.com/tinymce/tinymce/commit/8bb2d2646d4e1a718fce61a775fa22e9d317b32d + NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-gg8r-xjwq-4w92 +CVE-2022-23493 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-59wp-3wq6-jh5v + NOTE: https://github.com/neutrinolabs/xrdp/commit/030db5524be7616967ae9e7d26b3d4477cf6082d +CVE-2022-23492 (go-libp2p is the offical libp2p implementation in the Go programming l ...) + NOT-FOR-US: go-libp2p +CVE-2022-23491 (Certifi is a curated collection of Root Certificates for validating th ...) + - python-certifi (unimportant) + NOTE: https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8 + NOTE: Debian's python-certifi is patched to return the location of Debian-provided CA certificates +CVE-2022-23490 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-23489 + RESERVED +CVE-2022-23488 (BigBlueButton is an open source web conferencing system. Versions prio ...) + NOT-FOR-US: BigBlueButton +CVE-2022-23487 (js-libp2p is the official javascript Implementation of libp2p networki ...) + NOT-FOR-US: js-libp2p +CVE-2022-23486 (libp2p-rust is the official rust language Implementation of the libp2p ...) + NOT-FOR-US: libp2p-rust +CVE-2022-23485 (Sentry is an error tracking and performance monitoring platform. In ve ...) + NOT-FOR-US: Sentry +CVE-2022-23484 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rqfx-5fv8-q9c6 + NOTE: https://github.com/neutrinolabs/xrdp/commit/c2c6efb1d377be6baaa4acbc9d3700490fe92887 +CVE-2022-23483 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-38rw-9ch2-fcxq + NOTE: https://github.com/neutrinolabs/xrdp/commit/35cca701c753db65d3c05b7ea4fff9bd09e76661 +CVE-2022-23482 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3375-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-56pq-2pm9-7fhm + NOTE: https://github.com/neutrinolabs/xrdp/commit/1e42426db59120c6596d673f1bb2dc8b0312e692 +CVE-2022-23481 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3375-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hm75-9jcg-p7hq + NOTE: https://github.com/neutrinolabs/xrdp/commit/bc6b052959697b205d15108fb88e7c7e38c15bee +CVE-2022-23480 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3375-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-3jmx-f6hv-95wg + NOTE: https://github.com/neutrinolabs/xrdp/commit/ae7c17e1f629156cce21f7f1b568d849c63bdc3f +CVE-2022-23479 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-pgx2-3fjj-fqqh + NOTE: https://github.com/neutrinolabs/xrdp/commit/60864014b733c10881c078048560858067fe5d0f +CVE-2022-23478 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2f49-wwpm-78pj + NOTE: https://github.com/neutrinolabs/xrdp/commit/6cb54a1c26b53617e1c79a0abc96d03c4add1eb8 +CVE-2022-23477 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1} + - xrdp 0.9.21.1-1 (bug #1025879) + [buster] - xrdp (Code not present) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-hqw2-jx2c-wrr2 + NOTE: https://github.com/neutrinolabs/xrdp/commit/96afae1ec559f9befa1c222f92f0d982e410c864 +CVE-2022-23476 (Nokogiri is an open source XML and HTML library for the Ruby programmi ...) + - ruby-nokogiri 1.13.10+dfsg-1 + [bullseye] - ruby-nokogiri (Introduced in 1.13.8) + [buster] - ruby-nokogiri (Introduced in 1.13.8) + NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-qv4q-mr5r-qprj + NOTE: https://github.com/sparklemotion/nokogiri/commit/9fe0761c47c0d4270d1a5220cfd25de080350d50 (v1.13.10) +CVE-2022-23475 (daloRADIUS is an open source RADIUS web management application. daloRa ...) + NOT-FOR-US: daloRADIUS +CVE-2022-23474 (Editor.js is a block-style editor with clean JSON output. Versions pri ...) + NOT-FOR-US: Editor.js +CVE-2022-23473 (Tuleap is an Open Source Suite to improve management of software devel ...) + NOT-FOR-US: Tuleap +CVE-2022-23472 (Passeo is an open source python password generator. Versions prior to ...) + NOT-FOR-US: Passeo +CVE-2022-23471 (containerd is an open source container runtime. A bug was found in con ...) + - containerd 1.6.12~ds1-1 + [bullseye] - containerd 1.4.13~ds1-1~deb11u3 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9 + NOTE: https://github.com/containerd/containerd/commit/a05d175400b1145e5e6a735a6710579d181e7fb0 +CVE-2022-23470 (Galaxy is an open-source platform for data analysis. An arbitrary file ...) + NOT-FOR-US: Galaxy +CVE-2022-23469 (Traefik is an open source HTTP reverse proxy and load balancer. Versio ...) + - traefik (bug #983289) +CVE-2022-23468 (xrdp is an open source project which provides a graphical login to rem ...) + {DSA-5502-1 DLA-3370-1} + - xrdp 0.9.21.1-1 (bug #1025879) + NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8c2f-mw8m-qpx6 + NOTE: https://github.com/neutrinolabs/xrdp/commit/43cf272b1138462c1bdfc48ef7e9142208194382 +CVE-2022-23467 (OpenRazer is an open source driver and user-space daemon to control Ra ...) + - openrazer 3.5.1+dfsg-1 + [bullseye] - openrazer (Minor issue) + [buster] - openrazer (Minor issue) + NOTE: https://github.com/openrazer/openrazer/security/advisories/GHSA-39hg-jvc9-fg7h + NOTE: https://github.com/openrazer/openrazer/commit/33aa7f07d54ae066f201c6d298cb4a2181cb90e6 (v3.5.1) +CVE-2022-23466 (teler is an real-time intrusion detection and threat alert dashboard. ...) + NOT-FOR-US: teler +CVE-2022-23465 (SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24 ...) + NOT-FOR-US: SwiftTerm +CVE-2022-23464 (Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnera ...) + NOT-FOR-US: Nepxion +CVE-2022-23463 (Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerab ...) + NOT-FOR-US: Nepxion +CVE-2022-23462 (IOWOW is a C utility library and persistent key/value storage engine. ...) + NOT-FOR-US: IOWOW +CVE-2022-23461 (Jodit Editor is a WYSIWYG editor written in pure TypeScript without th ...) + NOT-FOR-US: Jodit Editor +CVE-2022-23460 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...) + NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp) +CVE-2022-23459 (Jsonxx or Json++ is a JSON parser, writer and reader written in C++. I ...) + NOT-FOR-US: github.com/hjiang/jsonxx/ (different from src:libjsoncpp) +CVE-2022-23458 (Toast UI Grid is a component to display and edit data. Versions prior ...) + NOT-FOR-US: Toast UI Grid +CVE-2022-23457 (ESAPI (The OWASP Enterprise Security API) is a free, open source, web ...) + - libowasp-esapi-java 2.4.0.0-1 (bug #1010339) + [bullseye] - libowasp-esapi-java (Minor issue) + [buster] - libowasp-esapi-java (Minor issue) + [stretch] - libowasp-esapi-java (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2022-008_The_OWASP_Enterprise_Security_API/ + NOTE: https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-8m5h-hrqm-pxm2 + NOTE: https://github.com/ESAPI/esapi-java-legacy/blob/develop/documentation/esapi4java-core-2.3.0.0-release-notes.txt +CVE-2022-0314 (The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitis ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0313 (The Float menu WordPress plugin before 4.3.1 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0312 + RESERVED +CVE-2022-0299 + RESERVED +CVE-2022-23456 (Potential arbitrary file deletion vulnerability has been identified in ...) + NOT-FOR-US: HP +CVE-2022-23455 (Potential security vulnerabilities have been identified in HP Support ...) + NOT-FOR-US: HP +CVE-2022-23454 (Potential security vulnerabilities have been identified in HP Support ...) + NOT-FOR-US: HP +CVE-2022-23453 (Potential security vulnerabilities have been identified in HP Support ...) + NOT-FOR-US: HP +CVE-2022-23452 (An authorization flaw was found in openstack-barbican, where anyone wi ...) + - barbican 1:14.0.0~rc1-2 + [bullseye] - barbican (Minor issue) + [buster] - barbican (Minor issue) + [stretch] - barbican (Minor issue) + NOTE: https://storyboard.openstack.org/#!/story/2009297 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025090 +CVE-2022-23451 (An authorization flaw was found in openstack-barbican. The default pol ...) + - barbican 1:14.0.0~rc1-2 + [bullseye] - barbican (Minor issue) + [buster] - barbican (Minor issue) + [stretch] - barbican (Minor issue) + NOTE: https://storyboard.openstack.org/#!/story/2009253 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025089 +CVE-2022-23450 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) + NOT-FOR-US: Siemens SIMATIC +CVE-2022-23449 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) + NOT-FOR-US: Siemens SIMATIC +CVE-2022-23448 (A vulnerability has been identified in SIMATIC Energy Manager Basic (A ...) + NOT-FOR-US: Siemens SIMATIC +CVE-2022-23447 (An improper limitation of a pathname to a restricted directory ('Path ...) + NOT-FOR-US: Fortinet +CVE-2022-23446 (A improper control of a resource through its lifetime in Fortinet Fort ...) + NOT-FOR-US: Fortinet +CVE-2022-23445 + RESERVED +CVE-2022-23444 + RESERVED +CVE-2022-23443 (An improper access control in Fortinet FortiSOAR before 7.2.0 allows u ...) + NOT-FOR-US: FortiGuard +CVE-2022-23442 (An improper access control vulnerability [CWE-284] in FortiOS versions ...) + NOT-FOR-US: FortiGuard +CVE-2022-23441 (A use of hard-coded cryptographic key vulnerability [CWE-321] in Forti ...) + NOT-FOR-US: Fortinet +CVE-2022-23440 (A use of hard-coded cryptographic key vulnerability [CWE-321] in the r ...) + NOT-FOR-US: Fortinet +CVE-2022-23439 + RESERVED +CVE-2022-23438 (An improper neutralization of input during web page generation ('Cross ...) + NOT-FOR-US: Fortinet +CVE-2022-23437 (There's a vulnerability within the Apache Xerces Java (XercesJ) XML pa ...) + - libxerces2-java (bug #1016975) + [bookworm] - libxerces2-java (revisit when/if fix is complete) + [bullseye] - libxerces2-java (revisit when/if fix is complete) + [buster] - libxerces2-java (revisit when/if fix is complete) + [stretch] - libxerces2-java (revisit when/if fix is complete) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/3 +CVE-2022-0311 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0310 (Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.46 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0309 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0308 (Use after free in Data Transfer in Google Chrome on Chrome OS prior to ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0307 (Use after free in Optimization Guide in Google Chrome prior to 97.0.46 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0306 (Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0305 (Inappropriate implementation in Service Worker API in Google Chrome pr ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0304 (Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 all ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0303 + RESERVED + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0302 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0301 (Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.9 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0300 (Use after free in Text Input Method Editor in Google Chrome on Android ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0298 (Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 al ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0297 (Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowe ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0296 (Use after free in Printing in Google Chrome prior to 97.0.4692.99 allo ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0295 (Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allow ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0294 (Inappropriate implementation in Push messaging in Google Chrome prior ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0293 (Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0292 (Inappropriate implementation in Fenced Frames in Google Chrome prior t ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0291 (Inappropriate implementation in Storage in Google Chrome prior to 97.0 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0290 (Use after free in Site isolation in Google Chrome prior to 97.0.4692.9 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0289 (Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 ...) + {DSA-5054-1} + - chromium 97.0.4692.99-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0288 (The Ad Inserter WordPress plugin before 2.7.10, Ad Inserter Pro WordPr ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0287 (The myCred WordPress plugin before 2.4.4.1 does not have any authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0286 (A flaw was found in the Linux kernel. A null pointer dereference in bo ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) +CVE-2022-0285 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + NOT-FOR-US: pimcore +CVE-2022-0284 (A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixel ...) + - imagemagick (Specific to IM7) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2045943 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4729 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7 +CVE-2022-0283 (An issue has been discovered affecting GitLab versions prior to 13.5. ...) + - gitlab 15.10.8+ds1-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/349422 +CVE-2022-0282 (Cross-site Scripting in Packagist microweber/microweber prior to 1.2.1 ...) + NOT-FOR-US: microweber +CVE-2022-0281 (Exposure of Sensitive Information to an Unauthorized Actor in Packagis ...) + NOT-FOR-US: microweber +CVE-2022-0280 (A race condition vulnerability exists in the QuickClean feature of McA ...) + NOT-FOR-US: McAfee +CVE-2022-0279 (The AnyComment WordPress plugin before 0.2.18 is affected by a race co ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0278 (Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber ...) + NOT-FOR-US: microweber +CVE-2022-0277 (Incorrect Permission Assignment for Critical Resource in Packagist mic ...) + NOT-FOR-US: microweber +CVE-2021-46401 + RESERVED +CVE-2021-46400 + RESERVED +CVE-2022-23436 + RESERVED +CVE-2022-23435 (decoding.c in android-gif-drawable before 1.2.24 does not limit the ma ...) + NOT-FOR-US: android-gif-drawable +CVE-2022-23434 (A vulnerability using PendingIntent in Bixby Vision prior to versions ...) + NOT-FOR-US: Samsung +CVE-2022-23433 (Improper access control vulnerability in Reminder prior to versions 12 ...) + NOT-FOR-US: Samsung +CVE-2022-23432 (An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw pri ...) + NOT-FOR-US: Samsung +CVE-2022-23431 (An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release ...) + NOT-FOR-US: Samsung +CVE-2022-23430 + RESERVED +CVE-2022-23429 (An improper boundary check in audio hal service prior to SMR Feb-2022 ...) + NOT-FOR-US: Samsung +CVE-2022-23428 (An improper boundary check in eden_runtime hal service prior to SMR Fe ...) + NOT-FOR-US: Samsung +CVE-2022-23427 (PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver pri ...) + NOT-FOR-US: Samsung +CVE-2022-23426 (A vulnerability using PendingIntent in DeX Home and DeX for PC prior t ...) + NOT-FOR-US: Samsung +CVE-2022-23425 (Improper input validation in Exynos baseband prior to SMR Feb-2022 Rel ...) + NOT-FOR-US: Samsung +CVE-2022-23424 + RESERVED +CVE-2022-23423 + RESERVED +CVE-2022-23422 + RESERVED +CVE-2022-23421 + RESERVED +CVE-2022-23420 + RESERVED +CVE-2022-23419 + RESERVED +CVE-2022-23418 + RESERVED +CVE-2022-23417 + RESERVED +CVE-2022-23416 + RESERVED +CVE-2022-23415 + RESERVED +CVE-2022-23414 + RESERVED +CVE-2022-23413 + RESERVED +CVE-2022-23412 + RESERVED +CVE-2022-23411 + RESERVED +CVE-2022-23410 (AXIS IP Utility before 4.18.0 allows for remote code execution and loc ...) + NOT-FOR-US: AXIS IP Utility +CVE-2022-23409 (The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to ...) + NOT-FOR-US: Craft CMS +CVE-2022-23408 (wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situatio ...) + - wolfssl 5.1.1-1 (bug #1004181) + [bullseye] - wolfssl (Vulnerable code introduced later) + NOTE: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-511-jan-3rd-2022 + NOTE: https://github.com/wolfSSL/wolfssl/pull/4710 + NOTE: Introduced by: https://github.com/wolfSSL/wolfssl/commit/2871fc670f448e5f7cab7101479cb5b88e4d21f4 (WCv5.0-RC9) + NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/73b4cc9476f6355a91138f545f3fd007ce058255 (master) + NOTE: Fixed by: https://github.com/wolfSSL/wolfssl/commit/f3038b7aa5512572a04c14becee799ef275a6736 (v5.1.1-stable) +CVE-2022-23407 + RESERVED +CVE-2022-23406 + RESERVED +CVE-2022-23405 + RESERVED +CVE-2022-23404 + RESERVED +CVE-2022-0276 + RESERVED +CVE-2022-0275 + RESERVED +CVE-2022-23398 + RESERVED +CVE-2022-23397 (The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to ...) + NOT-FOR-US: Cedar Gate EZ-NET portal +CVE-2022-23396 + RESERVED +CVE-2022-23395 (jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead ...) + - jquery-goodies (unimportant) + NOTE: https://github.com/advisories/GHSA-gcx5-3p5f-f8vp + NOTE: https://security.snyk.io/vuln/SNYK-UBUNTU1804-CHROMIUMBROWSER-2415268 + NOTE: https://github.com/js-cookie/js-cookie/issues/766 + NOTE: Sanitizing should be dealt with at the application level, non issue for js-cookie +CVE-2022-23394 + RESERVED +CVE-2022-23393 + RESERVED +CVE-2022-23392 + RESERVED +CVE-2022-23391 (A cross-site scripting (XSS) vulnerability in Pybbs v6.0 allows attack ...) + NOT-FOR-US: Pybbs +CVE-2022-23390 (An issue in the getType function of BBS Forum v5.3 and below allows at ...) + NOT-FOR-US: BBS Forum +CVE-2022-23389 (PublicCMS v4.0 was discovered to contain a remote code execution (RCE) ...) + NOT-FOR-US: PublicCMS +CVE-2022-23388 + RESERVED +CVE-2022-23387 (An issue was discovered in taocms 3.0.2. This is a SQL blind injection ...) + NOT-FOR-US: taocms +CVE-2022-23386 + RESERVED +CVE-2022-23385 + RESERVED +CVE-2022-23384 (YzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin ...) + NOT-FOR-US: YzmCMS +CVE-2022-23383 (YzmCMS v6.3 is affected by broken access control. Without login, unaut ...) + NOT-FOR-US: YzmCMS +CVE-2022-23382 (Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170 ...) + NOT-FOR-US: Shenzhen Hichip Vision Technology IP Camera Firmware +CVE-2022-23381 + RESERVED +CVE-2022-23380 (There is a SQL injection vulnerability in the background of taocms 3.0 ...) + NOT-FOR-US: taocms +CVE-2022-23379 (Emlog v6.0 was discovered to contain a SQL injection vulnerability via ...) + NOT-FOR-US: Emlog +CVE-2022-23378 (A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 ver ...) + NOT-FOR-US: TastyIgniter +CVE-2022-23377 (Archeevo below 5.0 is affected by local file inclusion through file=~/ ...) + NOT-FOR-US: Archeevo +CVE-2022-23376 (WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on ...) + NOT-FOR-US: WikiDocs +CVE-2022-23375 (WikiDocs version 0.1.18 has an authenticated remote code execution vul ...) + NOT-FOR-US: WikiDocs +CVE-2022-23374 + RESERVED +CVE-2022-23373 + RESERVED +CVE-2022-23372 + RESERVED +CVE-2022-23371 + RESERVED +CVE-2022-23370 + RESERVED +CVE-2022-23369 + RESERVED +CVE-2022-23368 + RESERVED +CVE-2022-23367 (Fulusso v1.1 was discovered to contain a DOM-based cross-site scriptin ...) + NOT-FOR-US: Fulusso +CVE-2022-23366 (HMS v1.0 was discovered to contain a SQL injection vulnerability via p ...) + NOT-FOR-US: HMS (Hospital Managment System) +CVE-2022-23365 (HMS v1.0 was discovered to contain a SQL injection vulnerability via d ...) + NOT-FOR-US: HMS (Hospital Managment System) +CVE-2022-23364 (HMS v1.0 was discovered to contain a SQL injection vulnerability via a ...) + NOT-FOR-US: HMS (Hospital Managment System) +CVE-2022-23363 (Online Banking System v1.0 was discovered to contain a SQL injection v ...) + NOT-FOR-US: Online Banking System +CVE-2022-23362 + RESERVED +CVE-2022-23361 + RESERVED +CVE-2022-23360 + RESERVED +CVE-2022-23359 + RESERVED +CVE-2022-23358 (EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In ...) + NOT-FOR-US: EasyCMS +CVE-2022-23357 (mozilo2.0 was discovered to be vulnerable to directory traversal attac ...) + NOT-FOR-US: mozilo +CVE-2022-23356 + RESERVED +CVE-2022-23355 + RESERVED +CVE-2022-23354 + RESERVED +CVE-2022-23353 + RESERVED +CVE-2022-23352 (An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23351 + RESERVED +CVE-2022-23350 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cros ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23349 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cros ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23348 (BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak p ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23347 (BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23346 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23345 (BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorr ...) + NOT-FOR-US: BigAnt Software BigAnt Server +CVE-2022-23344 + RESERVED +CVE-2022-23343 + RESERVED +CVE-2022-23342 (The Hyland Onbase Application Server releases prior to 20.3.58.1000 an ...) + NOT-FOR-US: Hyland Onbase Application Server +CVE-2022-23341 + RESERVED +CVE-2022-23340 (Joplin 2.6.10 allows remote attackers to execute system commands throu ...) + NOT-FOR-US: Joplin +CVE-2022-23339 + RESERVED +CVE-2022-23338 + RESERVED +CVE-2022-23337 (DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: DedeCMS +CVE-2022-23336 (S-CMS v5.0 was discovered to contain a SQL injection vulnerability in ...) + NOT-FOR-US: S-CMS +CVE-2022-23335 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Metinfo +CVE-2022-23334 (The Robot application in Ip-label Newtest before v8.5R0 was discovered ...) + NOT-FOR-US: Ip-label Newtest +CVE-2022-23333 + RESERVED +CVE-2022-23332 (Command injection vulnerability in Manual Ping Form (Web UI) in Shenzh ...) + NOT-FOR-US: Ejoin Information Technology +CVE-2022-23331 (In DataEase v1.6.1, an authenticated user can gain unauthorized access ...) + NOT-FOR-US: DataEase +CVE-2022-23330 (A remote code execution (RCE) vulnerability in HelloWorldAddonControll ...) + NOT-FOR-US: jpress +CVE-2022-23329 (A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJ ...) + NOT-FOR-US: UJCMS Jspxcms +CVE-2022-23328 (A design flaw in all versions of Go-Ethereum allows an attacker node t ...) + - golang-github-go-ethereum (bug #890541) +CVE-2022-23327 (A design flaw in Go-Ethereum 1.10.12 and older versions allows an atta ...) + - golang-github-go-ethereum (bug #890541) +CVE-2022-23326 + RESERVED +CVE-2022-23325 + RESERVED +CVE-2022-23324 + RESERVED +CVE-2022-23323 + RESERVED +CVE-2022-23322 + RESERVED +CVE-2022-23321 (A persistent cross-site scripting (XSS) vulnerability exists on two in ...) + NOT-FOR-US: XMPie +CVE-2022-23320 (XMPie uStore 12.3.7244.0 allows for administrators to generate reports ...) + NOT-FOR-US: XMPie uStore +CVE-2022-23319 (A segmentation fault during PCF file parsing in pcf2bdf versions >=1.0 ...) + - pcf2bdf 1.07-1 (unimportant) + NOTE: https://github.com/ganaware/pcf2bdf/issues/5 + NOTE: https://github.com/advisories/GHSA-p4gv-mjgc-3g68 + NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/3555aab4f3cfbec199141122177750a4351b8e79 (1.07) + NOTE: Crash in CLI tool, no security impact +CVE-2022-23318 (A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker ...) + - pcf2bdf 1.07-1 (unimportant) + NOTE: https://github.com/ganaware/pcf2bdf/issues/4 + NOTE: https://github.com/advisories/GHSA-mhwp-x94h-mg49 + NOTE: Fixed by: https://github.com/ganaware/pcf2bdf/commit/aaf16808e4bb8d96eeab5f684df6550912a9e694 (1.07) + NOTE: Crash in CLI tool, no security impact +CVE-2022-23317 (CobaltStrike <=4.5 HTTP(S) listener does not determine whether the req ...) + NOT-FOR-US: CobaltStrike +CVE-2022-23316 (An issue was discovered in taoCMS v3.0.2. There is an arbitrary file r ...) + NOT-FOR-US: taocms +CVE-2022-23315 (MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnera ...) + NOT-FOR-US: MCMS +CVE-2022-23314 (MCMS v5.2.4 was discovered to contain a SQL injection vulnerability vi ...) + NOT-FOR-US: MCMS +CVE-2022-23313 + RESERVED +CVE-2022-22137 (A memory corruption vulnerability exists in the ioca_mys_rgb_allocate ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2022-21801 (A denial of service vulnerability exists in the netserver recv_command ...) + NOT-FOR-US: Reolink +CVE-2022-21796 (A memory corruption vulnerability exists in the netserver parse_comman ...) + NOT-FOR-US: Reolink +CVE-2022-0274 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) + NOT-FOR-US: Orchard CMS +CVE-2022-0273 (Improper Access Control in Pypi calibreweb prior to 0.6.16.) + - calibre-web (bug #982690) +CVE-2022-0272 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + NOT-FOR-US: detekt for Kotlin +CVE-2022-0271 (The LearnPress WordPress plugin before 4.1.6 does not sanitise and esc ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0270 (Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes im ...) + NOT-FOR-US: bored-agent +CVE-2022-0269 (Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm ...) + NOT-FOR-US: yetiforce-crm +CVE-2022-0268 (Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to ...) + NOT-FOR-US: Grav CMS +CVE-2022-0267 (The AdRotate WordPress plugin before 5.8.22 does not sanitise and esca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46399 + RESERVED +CVE-2021-46398 (A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.1 ...) + NOT-FOR-US: FileBrowser +CVE-2021-46397 + RESERVED +CVE-2021-46396 + RESERVED +CVE-2021-46395 + RESERVED +CVE-2021-46394 (There is a stack buffer overflow vulnerability in the formSetPPTPServe ...) + NOT-FOR-US: Tenda +CVE-2021-46393 (There is a stack buffer overflow vulnerability in the formSetPPTPServe ...) + NOT-FOR-US: Tenda +CVE-2021-46392 + RESERVED +CVE-2021-46391 + RESERVED +CVE-2021-46390 (An access control issue in the authentication module of Lexar_F35 v1.0 ...) + NOT-FOR-US: Lexar +CVE-2021-46389 (IIPImage High Resolution Streaming Image Server prior to commit 882925 ...) + NOT-FOR-US: IIPImage High Resolution Streaming Image Server +CVE-2021-46388 + REJECTED +CVE-2021-46387 (ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross S ...) + NOT-FOR-US: ZyXEL +CVE-2021-46386 (File upload vulnerability in mingSoft MCMS through 5.2.5, allows remot ...) + NOT-FOR-US: MCMS +CVE-2021-46385 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injec ...) + NOT-FOR-US: MCMS +CVE-2021-46384 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: RCE. The ...) + NOT-FOR-US: MCMS +CVE-2021-46383 (https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injec ...) + NOT-FOR-US: MCMS +CVE-2021-46382 (Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access ...) + NOT-FOR-US: Netgear +CVE-2021-46381 (Local File Inclusion due to path traversal in D-Link DAP-1620 leads to ...) + NOT-FOR-US: D-Link +CVE-2021-46380 + REJECTED +CVE-2021-46379 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...) + NOT-FOR-US: D-Link +CVE-2021-46378 (DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access contro ...) + NOT-FOR-US: D-Link +CVE-2021-46377 (There is a front-end sql injection vulnerability in cszcms 1.2.9 via c ...) + NOT-FOR-US: cszcms +CVE-2021-46376 + RESERVED +CVE-2021-46375 + RESERVED +CVE-2021-46374 + RESERVED +CVE-2021-46373 + RESERVED +CVE-2021-46372 (Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When w ...) + NOT-FOR-US: Scoold +CVE-2021-46371 (antd-admin 5.5.0 is affected by an incorrect access control vulnerabil ...) + NOT-FOR-US: antd-admin +CVE-2021-46370 + RESERVED +CVE-2021-46369 + RESERVED +CVE-2021-46368 (TRIGONE Remote System Monitor 3.61 is vulnerable to an unquoted path s ...) + NOT-FOR-US: TRIGONE Remote System Monitor +CVE-2021-46367 (RiteCMS version 3.1.0 and below suffers from a remote code execution v ...) + NOT-FOR-US: RiteCMS +CVE-2021-46366 (An issue in the Login page of Magnolia CMS v6.2.3 and below allows att ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46365 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46364 (A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and be ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46363 (An issue in the Export function of Magnolia v6.2.3 and below allows at ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46362 (A Server-Side Template Injection (SSTI) vulnerability in the Registrat ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46361 (An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allo ...) + NOT-FOR-US: Magnolia CMS +CVE-2021-46360 (Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and e ...) + NOT-FOR-US: Composr-CMS +CVE-2021-46359 (FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerabilit ...) + NOT-FOR-US: FISCO-BCOS +CVE-2021-46358 + RESERVED +CVE-2021-46357 + RESERVED +CVE-2021-46356 + RESERVED +CVE-2021-46355 (OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To expl ...) + NOT-FOR-US: OCS Inventory (not the same as ocsinventory-server) +CVE-2021-46354 (Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-46353 (An information disclosure in web interface in D-Link DIR-X1860 before ...) + NOT-FOR-US: D-Link +CVE-2021-46352 + RESERVED +CVE-2021-46351 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4940 +CVE-2021-46350 (There is an Assertion 'ecma_is_value_object (value)' failed at jerrysc ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4953 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4936 +CVE-2021-46349 (There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECM ...) + - iotjs (bug #1004288) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4937 +CVE-2021-46348 (There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' fa ...) + - iotjs (bug #1004288) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4961 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4941 +CVE-2021-46347 (There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4954 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4938 +CVE-2021-46346 (There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustme ...) + - iotjs (bug #1004288) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4955 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4939 +CVE-2021-46345 (There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4946 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4920 +CVE-2021-46344 (There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4950 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4928 +CVE-2021-46343 (There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4947 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4921 +CVE-2021-46342 (There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4952 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4934 +CVE-2021-46341 + RESERVED +CVE-2021-46340 (There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_ST ...) + - iotjs (bug #1004288) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4964 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4924 +CVE-2021-46339 (There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_siz ...) + NOTE: Not considered a security issue by iotjs project + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4935 +CVE-2021-46338 (There is an Assertion 'ecma_is_lexical_environment (object_p)' failed ...) + - iotjs (bug #1004288) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4943 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4933 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4900 +CVE-2021-46337 (There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser- ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4951 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4930 +CVE-2021-46336 (There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' faile ...) + - iotjs (Vulnerable code not yet introduced) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4949 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4927 +CVE-2021-46335 (Moddable SDK v11.5.0 was discovered to contain a NULL pointer derefere ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46334 (Moddable SDK v11.5.0 was discovered to contain a stack buffer overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46333 (Moddable SDK v11.5.0 was discovered to contain an invalid memory acces ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46332 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46331 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46330 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46329 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46328 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46327 (Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability vi ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46326 (Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow ...) + NOT-FOR-US: Moddable SDK +CVE-2021-46325 (Espruino 2v10.246 was discovered to contain a stack buffer overflow vi ...) + NOT-FOR-US: Espruino +CVE-2021-46324 (Espruino 2v11.251 was discovered to contain a stack buffer overflow vi ...) + NOT-FOR-US: Espruino +CVE-2021-46323 (Espruino 2v11.251 was discovered to contain a SEGV vulnerability via s ...) + NOT-FOR-US: Espruino +CVE-2021-46322 (Duktape v2.99.99 was discovered to contain a SEGV vulnerability via th ...) + {DLA-3378-1} + - duktape 2.7.0-1 + [bullseye] - duktape 2.5.0-2+deb11u1 + NOTE: https://github.com/svaarala/duktape/issues/2448 + NOTE: https://github.com/svaarala/duktape/pull/2451 + NOTE: https://github.com/svaarala/duktape/commit/fc75060165a011ff5ec43bfebea0c37a3d1baca1 + NOTE: https://github.com/svaarala/duktape/commit/a851d8a5687356b1d6ad0f8f39d6226947f17b27 (v2.7.0) +CVE-2021-46321 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46320 (In OpenZeppelin <=v4.4.0, initializer functions that are invoked separ ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-46319 (Remote Code Execution (RCE) vulnerability exists in D-Link Router DIR- ...) + NOT-FOR-US: D-Link DIR-846 Router +CVE-2021-46318 + RESERVED +CVE-2021-46317 + RESERVED +CVE-2021-46316 + RESERVED +CVE-2021-46315 (Remote Command Execution (RCE) vulnerability exists in HNAP1/control/S ...) + NOT-FOR-US: D-Link +CVE-2021-46314 (A Remote Command Execution (RCE) vulnerability exists in HNAP1/control ...) + NOT-FOR-US: D-Link +CVE-2021-46313 (The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentat ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2039 + NOTE: https://github.com/gpac/gpac/commit/ee969d3c4c425ecb25999eb68ada616925b58eba (v2.0.0) +CVE-2021-46312 (An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in all ...) + - djvulibre (bug #1052669) + [bookworm] - djvulibre (Minor issue) + [bullseye] - djvulibre (Minor issue) + [buster] - djvulibre (Minor issue) + NOTE: https://sourceforge.net/p/djvu/bugs/344/ +CVE-2021-46311 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2038 + NOTE: https://github.com/gpac/gpac/commit/ad19e0c4504a89ca273442b1b1483ae7adfb9491 (v2.0.0) +CVE-2021-46310 (An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows at ...) + - djvulibre (bug #1052668) + [bookworm] - djvulibre (Minor issue) + [bullseye] - djvulibre (Minor issue) + [buster] - djvulibre (Minor issue) + NOTE: https://sourceforge.net/p/djvu/bugs/345/ +CVE-2021-46309 (An SQL Injection vulnerability exists in Sourcecodester Employee and V ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46308 (An SQL Injection vulnerability exists in Sourcecodester Online Railway ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46307 (An SQL Injection vulnerability exists in Projectworlds Online Examinat ...) + NOT-FOR-US: Projectworlds Online Examination System +CVE-2021-46306 + RESERVED +CVE-2021-46305 + RESERVED +CVE-2022-23312 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2022-23311 + RESERVED +CVE-2022-23310 + RESERVED +CVE-2022-23309 + RESERVED +CVE-2022-23308 (valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...) + {DLA-2972-1} + - libxml2 2.9.13+dfsg-1 (bug #1006489) + [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u1 + [buster] - libxml2 2.9.4+dfsg1-7+deb10u3 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/327 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e (v2.9.13) +CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist remdex/l ...) + NOT-FOR-US: livehelperchat +CVE-2022-0265 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + - hazelcast (bug #745640) + NOTE: https://github.com/hazelcast/hazelcast/commit/4d6b666cd0291abd618c3b95cdbb51aa4208e748 (v5.1-DR7) + NOTE: https://huntr.dev/bounties/d63972a2-b910-480a-a86b-d1f75d24d563/ +CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) + {DLA-2905-1} + - apache-log4j1.2 1.2.17-11 (bug #1004482) + [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 + [buster] - apache-log4j1.2 1.2.17-8+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5 +CVE-2022-23306 + RESERVED +CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) + {DLA-2905-1} + - apache-log4j1.2 1.2.17-11 (bug #1004482) + [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 + [buster] - apache-log4j1.2 1.2.17-8+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4 +CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) + NOT-FOR-US: pimcore +CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) + NOT-FOR-US: pimcore +CVE-2022-0261 (Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.) + {DLA-3182-1 DLA-3011-1} + - vim 2:8.2.4659-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/fa795954-8775-4f23-98c6-d4d4d3fe8a82 + NOTE: https://github.com/vim/vim/commit/9f8c304c8a390ade133bac29963dc8e56ab14cbc (v8.2.4120) +CVE-2022-0260 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0259 + REJECTED +CVE-2022-0258 (pimcore is vulnerable to Improper Neutralization of Special Elements u ...) + NOT-FOR-US: pimcore +CVE-2022-0257 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: pimcore +CVE-2022-0256 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: pimcore +CVE-2022-0255 (The Database Backup for WordPress plugin before 2.5.1 does not properl ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0254 (The WordPress Zero Spam WordPress plugin before 5.2.11 does not proper ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0253 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2022-0252 (The GiveWP WordPress plugin before 2.17.3 does not escape the json par ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0251 (Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimco ...) + NOT-FOR-US: pimcore +CVE-2022-0250 (The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0249 (A vulnerability was discovered in GitLab starting with version 12. Git ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0248 (The Contact Form Submissions WordPress plugin before 1.7.3 does not sa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0247 (An issue exists in Fuchsia where VMO data can be modified through acce ...) + NOT-FOR-US: Fuchsia +CVE-2022-0246 (The settings of the iQ Block Country WordPress plugin before 1.2.13 ca ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23304 (The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplica ...) + - wpa 2:2.10-1 + [bullseye] - wpa (Minor issue) + [buster] - wpa (Minor issue) + [stretch] - wpa (Minor issue) + NOTE: https://w1.fi/security/2022-1/ + NOTE: Issue exists because of an incomplete fix for CVE-2019-9495 +CVE-2022-23303 (The implementations of SAE in hostapd before 2.10 and wpa_supplicant b ...) + - wpa 2:2.10-1 + [bullseye] - wpa (Minor issue) + [buster] - wpa (Minor issue) + [stretch] - wpa (CVE-2019-9494 was not applied and is marked as ignored) + NOTE: https://w1.fi/security/2022-1/ + NOTE: Issue exists because of an incomplete fix for CVE-2019-9494 +CVE-2022-0264 (A vulnerability was found in the Linux kernel's eBPF verifier when han ...) + - linux 5.15.5-2 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7d3baf0afa3aa9102d6a521a8e4c41888bb79882 (5.16-rc6) +CVE-2022-0245 (Cross-Site Request Forgery (CSRF) in GitHub repository livehelperchat/ ...) + NOT-FOR-US: livehelperchat +CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0243 (Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.C ...) + NOT-FOR-US: Orchard CMS +CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) + {DLA-2905-1} + - apache-log4j1.2 1.2.17-11 (bug #1004482) + [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 + [buster] - apache-log4j1.2 1.2.17-8+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3 +CVE-2022-22142 (Reflected cross-site scripting vulnerability in the checkbox of php_ma ...) + NOT-FOR-US: php_mailform +CVE-2022-21805 (Reflected cross-site scripting vulnerability in the attached file name ...) + NOT-FOR-US: php_mailform +CVE-2022-0242 (Unrestricted Upload of File with Dangerous Type in GitHub repository c ...) + NOT-FOR-US: Crater +CVE-2022-0241 + RESERVED +CVE-2022-0240 (mruby is vulnerable to NULL Pointer Dereference) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Minor issue) + NOTE: https://huntr.dev/bounties/5857eced-aad9-417d-864e-0bdf17226cbb/ + NOTE: https://github.com/mruby/mruby/commit/31fa3304049fc406a201a72293cce140f0557dca +CVE-2022-0239 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: corenlp +CVE-2022-0238 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) + - phoronix-test-suite +CVE-2022-23301 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23300 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23299 (Windows PDEV Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23298 (Windows NT OS Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23297 (Windows NT Lan Manager Datagram Receiver Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2022-23296 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23295 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23294 (Windows Event Tracing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23293 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-23292 (Microsoft Power BI Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23291 (Windows DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23290 (Windows Inking COM Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23289 + RESERVED +CVE-2022-23288 (Windows DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23287 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23286 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-23285 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23284 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23283 (Windows ALPC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23282 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23281 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-23280 (Microsoft Outlook for Mac Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23279 (Windows ALPC Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-23278 (Microsoft Defender for Endpoint Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23277 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23276 (SQL Server for Linux Containers Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23275 + RESERVED +CVE-2022-23274 (Microsoft Dynamics GP Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23273 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23272 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23271 (Microsoft Dynamics GP Elevation Of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23270 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-23269 (Microsoft Dynamics GP Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23268 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23267 (.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft .NET +CVE-2022-23266 (Microsoft Defender for IoT Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23265 (Microsoft Defender for IoT Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23264 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23263 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23262 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23261 (Microsoft Edge (Chromium-based) Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23260 + RESERVED +CVE-2022-23259 (Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23258 (Microsoft Edge for Android Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23257 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23256 (Azure Data Explorer Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-23255 (Microsoft OneDrive for Android Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23254 (Microsoft Power BI Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23253 (Windows Point-to-Point Tunneling Protocol Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-23252 (Microsoft Office Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-23251 + RESERVED +CVE-2022-23250 + RESERVED +CVE-2022-23249 + RESERVED +CVE-2022-23248 + RESERVED +CVE-2022-23247 + RESERVED +CVE-2022-23246 + RESERVED +CVE-2022-23245 + RESERVED +CVE-2022-23244 + RESERVED +CVE-2022-23243 + RESERVED +CVE-2022-23242 (TeamViewer Linux versions before 15.28 do not properly execute a delet ...) + NOT-FOR-US: TeamViewer +CVE-2022-23241 (Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock co ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2022-23240 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) + NOT-FOR-US: Active IQ Unified Manager +CVE-2022-23239 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) + NOT-FOR-US: Active IQ Unified Manager +CVE-2022-23238 (Linux deployments of StorageGRID (formerly StorageGRID Webscale) versi ...) + NOT-FOR-US: StorageGRID (formerly StorageGRID Webscale) +CVE-2022-23237 (E-Series SANtricity OS Controller Software 11.x versions through 11.70 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2022-23236 (E-Series SANtricity OS Controller Software versions 11.40 through 11.7 ...) + NOT-FOR-US: E-Series SANtricity OS Controller Software +CVE-2022-23235 (Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Win ...) + NOT-FOR-US: Active IQ Unified Manager / Netapp +CVE-2022-23234 (SnapCenter versions prior to 4.5 are susceptible to a vulnerability wh ...) + NOT-FOR-US: SnapCenter +CVE-2022-23233 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...) + NOT-FOR-US: StorageGRID Webscale +CVE-2022-23232 (StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 a ...) + NOT-FOR-US: StorageGRID Webscale +CVE-2022-23231 + RESERVED +CVE-2022-23230 + RESERVED +CVE-2022-23229 + RESERVED +CVE-2022-23228 (Pexip Infinity before 27.0 has improper WebRTC input validation. An un ...) + NOT-FOR-US: Pexip Infinity +CVE-2022-23227 (NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to uploa ...) + NOT-FOR-US: NUUO NVRmini2 +CVE-2022-23226 + RESERVED +CVE-2022-23225 + RESERVED +CVE-2022-23224 + RESERVED +CVE-2022-23223 (On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that d ...) + NOT-FOR-US: Apache ShenYu Admin +CVE-2022-23221 (H2 Console before 2.1.210 allows remote attackers to execute arbitrary ...) + {DSA-5076-1 DLA-2923-1} + - h2database 2.1.210-1 + NOTE: https://github.com/h2database/h2database/releases/tag/version-2.1.210 + NOTE: Fixed by https://github.com/h2database/h2database/commit/eb75633d0dfa86341e6ef77a861665c4a0f16ab8 + NOTE: https://github.com/h2database/h2database/issues/3360#issuecomment-1018351050 +CVE-2022-23220 (USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...) + {DSA-5052-1} + - usbview 2.0-21-g6fe2f4f-2.1 + [stretch] - usbview (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/21/1 + NOTE: Introduced by: https://github.com/gregkh/usbview/commit/ddefeba3f67d6a6f394eb57352254c1c8a312671 (v2.1) + NOTE: Fixed by: https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b (v2.2) + NOTE: Hardening: https://github.com/gregkh/usbview/commit/1282782301570b3ee27f82f4f34c2c1a82bfd91a (v2.2) +CVE-2022-0237 (Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privi ...) + NOT-FOR-US: Rapid7 Insight Agent +CVE-2022-0236 (The WP Import Export WordPress plugin (both free and premium versions) ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0235 (node-fetch is vulnerable to Exposure of Sensitive Information to an Un ...) + {DLA-3222-1} + - node-fetch 2.6.1-7 + [bullseye] - node-fetch 2.6.1-5+deb11u1 + NOTE: https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/ + NOTE: Fixed by: https://github.com/node-fetch/node-fetch/commit/f5d3cf5e2579cb8f4c76c291871e69696aef8f80 (v3.1.1) +CVE-2022-0234 (The WOOCS WordPress plugin before 1.3.7.5 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0233 (The ProfileGrid \u2013 User Profiles, Memberships, Groups and Communit ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0232 (The User Registration, Login & Landing Pages WordPress plugin is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0231 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: livehelperchat +CVE-2022-0230 (The Better WordPress Google XML Sitemaps WordPress plugin through 1.4. ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0229 (The miniOrange's Google Authenticator WordPress plugin before 5.5 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0228 (The Popup Builder WordPress plugin before 4.0.7 does not validate and ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46304 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2022-23222 (kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local ...) + {DSA-5050-1} + - linux 5.15.15-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/1 +CVE-2022-23219 (The deprecated compatibility function clnt_create in the sunrpc module ...) + {DLA-3152-1} + - glibc 2.33-3 + [bullseye] - glibc 2.31-13+deb11u3 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22542 +CVE-2022-23218 (The deprecated compatibility function svcunix_create in the sunrpc mod ...) + {DLA-3152-1} + - glibc 2.33-3 + [bullseye] - glibc 2.31-13+deb11u3 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28768 +CVE-2022-23217 + RESERVED +CVE-2022-23216 + RESERVED +CVE-2022-23215 + RESERVED +CVE-2022-23214 + RESERVED +CVE-2022-23213 + RESERVED +CVE-2022-23212 + RESERVED +CVE-2022-23211 + RESERVED +CVE-2022-23210 + RESERVED +CVE-2022-23209 + RESERVED +CVE-2022-23208 + RESERVED +CVE-2022-23207 + RESERVED +CVE-2022-0227 + REJECTED +CVE-2021-46303 + RESERVED +CVE-2021-46302 + RESERVED +CVE-2021-46301 + RESERVED +CVE-2021-46300 + RESERVED +CVE-2021-46299 + RESERVED +CVE-2021-46298 + RESERVED +CVE-2021-46297 + RESERVED +CVE-2021-46296 + RESERVED +CVE-2021-46295 + RESERVED +CVE-2021-46294 + RESERVED +CVE-2021-46293 + RESERVED +CVE-2021-46292 + RESERVED +CVE-2021-46291 + RESERVED +CVE-2021-46290 + RESERVED +CVE-2021-46289 + RESERVED +CVE-2021-46288 + RESERVED +CVE-2021-46287 + RESERVED +CVE-2021-46286 + RESERVED +CVE-2021-46285 + RESERVED +CVE-2021-46284 + RESERVED +CVE-2022-0226 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: livehelperchat +CVE-2022-0225 (A flaw was found in Keycloak. This flaw allows a privileged attacker t ...) + NOT-FOR-US: Keycloak +CVE-2022-0224 (dolibarr is vulnerable to Improper Neutralization of Special Elements ...) + - dolibarr +CVE-2022-0223 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider +CVE-2022-0222 (A CWE-269: Improper Privilege Management vulnerability exists that cou ...) + NOT-FOR-US: Modicon +CVE-2022-0221 (A CWE-611: Improper Restriction of XML External Entity Reference vulne ...) + NOT-FOR-US: Schneider Electric +CVE-2022-0220 (The check_privacy_settings AJAX action of the WordPress GDPR WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0219 (Improper Restriction of XML External Entity Reference in GitHub reposi ...) + NOT-FOR-US: jadx +CVE-2022-0218 (The WP HTML Mail WordPress plugin is vulnerable to unauthorized access ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0216 (A use-after-free vulnerability was found in the LSI53C895A SCSI Host B ...) + {DLA-3362-1} + - qemu 1:7.1+dfsg-1 (bug #1014590) + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036953 + NOTE: https://starlabs.sg/advisories/22/22-0216/ + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/972 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/6c8fa961da5e60f574bb52fd3ad44b1e9e8ad4b8 (v7.1.0-rc0) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/4367a20cc442c56b05611b4224de9a61908f9eac (v7.1.0-rc0) +CVE-2022-0215 (The Login/Signup Popup, Waitlist Woocommerce ( Back in stock notifier ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0214 (The Custom Popup Builder WordPress plugin before 1.3.1 autoload data f ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0213 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.4659-1 (unimportant) + NOTE: https://huntr.dev/bounties/f3afe1a5-e6f8-4579-b68a-6e5c7e39afed + NOTE: Fixed by: https://github.com/vim/vim/commit/de05bb25733c3319e18dca44e9b59c6ee389eb26 (v8.2.4074) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0212 (The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0211 (The Shield Security WordPress plugin before 13.0.6 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-45729 (The Privilege Escalation vulnerability discovered in the WP Google Map ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44779 (Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44777 (Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44760 (Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability disc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4207 (A flaw was found in the QXL display device emulation in QEMU. A double ...) + {DSA-5133-1 DLA-3099-1} + - qemu 1:7.0+dfsg-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036966 + NOTE: https://starlabs.sg/advisories/21/21-4207/ + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9569f5cb5b4bffa9d3ebc8ba7da1e03830a9a895 (v7.0.0-rc4) +CVE-2021-4206 (A flaw was found in the QXL display device emulation in QEMU. An integ ...) + {DSA-5133-1 DLA-3099-1} + - qemu 1:7.0+dfsg-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036998 + NOTE: https://starlabs.sg/advisories/21/21-4206/ + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/fa892e9abb728e76afcf27323ab29c57fb0fe7aa (v7.0.0-rc4) +CVE-2021-4205 + RESERVED +CVE-2021-31567 (Authenticated (admin+) Arbitrary File Download vulnerability discovere ...) + NOT-FOR-US: WordPress plugin +CVE-2021-26256 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23227 (Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23209 (Multiple Authenticated (admin user role) Persistent Cross-Site Scripti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23174 (Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-23150 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23206 (In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unpr ...) + NOT-FOR-US: Apache Traffic Control +CVE-2022-23205 (Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2022-23204 (Adobe Premiere Rush versions 2.0 and earlier are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2022-23203 (Adobe Photoshop versions 22.5.4 (and earlier) and 23.1 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2022-23202 (Adobe Creative Cloud Desktop version 2.7.0.13 (and earlier) is affecte ...) + NOT-FOR-US: Adobe +CVE-2022-23201 (Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflec ...) + NOT-FOR-US: Adobe +CVE-2022-23200 (Adobe After Effects versions 22.1.1 (and earlier) and 18.4.3 (and earl ...) + NOT-FOR-US: Adobe +CVE-2022-23199 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23198 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23197 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23196 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23195 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23194 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23193 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23192 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23191 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23190 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23189 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23188 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23187 (Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer ...) + NOT-FOR-US: Adobe +CVE-2022-23186 (Adobe Illustrator versions 25.4.3 (and earlier) and 26.0.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2022-23185 + RESERVED +CVE-2022-23184 (In affected Octopus Server versions when the server HTTP and HTTPS bin ...) + NOT-FOR-US: Octopus Server +CVE-2022-23181 (The fix for bug CVE-2020-9484 introduced a time of check, time of use ...) + {DSA-5265-1 DLA-3160-1} + - tomcat9 9.0.58-1 + - tomcat8 + [stretch] - tomcat8 (Minor issue; local race condition) + NOTE: https://lists.apache.org/thread/l8x62p3k19yfcb208jo4zrb83k5mfwg9 + NOTE: https://github.com/apache/tomcat/commit/1385c624b4a1e994426e810075c850edc38a700e (9.0.57) + NOTE: https://github.com/apache/tomcat/commit/97943959ba721ad5e8e8ba765a68d2b153348530 (8.5.74) + NOTE: Issue introduced by the fix for CVE-2020-9484 +CVE-2022-23180 + RESERVED +CVE-2022-23179 + RESERVED +CVE-2022-21199 (An information disclosure vulnerability exists due to the hardcoded TL ...) + NOT-FOR-US: Reolink +CVE-2022-0217 (It was discovered that an internal Prosody library to load XML based o ...) + {DSA-5047-1} + - prosody 0.11.12-1 (bug #1003696) + [stretch] - prosody (websocket module introduced in 0.10.0; internal XML API only used on trusted data) + NOTE: https://prosody.im/security/advisory_20220113/ + NOTE: Patch: https://prosody.im/security/advisory_20220113/1.patch + NOTE: https://hg.prosody.im/0.11/raw-rev/783056b4e448 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/3 + NOTE: Regression: https://issues.prosody.im/1711 + NOTE: Regression fix: https://hg.prosody.im/trunk/rev/e5e0ab93d7f4 +CVE-2022-0210 (The Random Banner WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0209 (The Mitsol Social Post Feed WordPress plugin before 1.11 does not esca ...) + NOT-FOR-US: Mitsol Social Post Feed plugin for WordPress +CVE-2022-0208 (The MapPress Maps for WordPress plugin before 2.73.4 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0207 (A race condition was found in vdsm. Functionality to obfuscate sensiti ...) + - vdsm (bug #668538) +CVE-2022-0206 (The NewStatPress WordPress plugin before 1.3.6 does not properly escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0205 (The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escap ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0204 (A heap overflow vulnerability was found in bluez in versions prior to ...) + {DLA-3157-1} + - bluez 5.64-1 (bug #1003712) + [bullseye] - bluez (Minor issue) + [stretch] - bluez (Minor issue) + NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-479m-xcq5-9g2q + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=591c546c536b42bef696d027f64aa22434f8c3f0 (5.63) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039807 +CVE-2022-0203 (Improper Access Control in GitHub repository crater-invoice/crater pri ...) + NOT-FOR-US: Crater +CVE-2022-0202 + RESERVED +CVE-2022-0201 (The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalin ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0200 (Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0199 (The Coming soon and Maintenance mode WordPress plugin before 3.6.8 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-23178 (An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. ...) + NOT-FOR-US: Crestron devices +CVE-2022-23177 + RESERVED +CVE-2022-23176 (WatchGuard Firebox and XTM appliances allow a remote attacker with unp ...) + NOT-FOR-US: WatchGuard +CVE-2022-23175 + RESERVED +CVE-2022-23174 + RESERVED +CVE-2022-23173 (this vulnerability affect user that even not allowed to access via the ...) + NOT-FOR-US: Priority +CVE-2022-23172 (An attacker can access to "Forgot my password" button, as soon as he p ...) + NOT-FOR-US: Priority +CVE-2022-23171 (AtlasVPN - Privilege Escalation Lack of proper security controls on na ...) + NOT-FOR-US: AtlasVPN +CVE-2022-23170 (SysAid - Okta SSO integration - was found vulnerable to XML External E ...) + NOT-FOR-US: SysAid +CVE-2022-23169 (attacker needs to craft a SQL payload. the vulnerable parameter is "ag ...) + NOT-FOR-US: Amodat +CVE-2022-23168 (The attacker could get access to the database. The SQL injection is in ...) + NOT-FOR-US: Amodat +CVE-2022-23167 (Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename ...) + NOT-FOR-US: Amodat +CVE-2022-23166 (Sysaid \u2013 Sysaid Local File Inclusion (LFI) \u2013 An unauthentica ...) + NOT-FOR-US: SysAid +CVE-2022-23165 (Sysaid \u2013 Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The ...) + NOT-FOR-US: SysAid +CVE-2022-23164 + REJECTED +CVE-2022-23163 (Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-23162 + REJECTED +CVE-2022-23161 (Dell PowerScale OneFS versions 8.2.x - 9.3.0.x contain a denial-of-ser ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-23160 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contains an Improper Hand ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-23159 (Dell PowerScale OneFS, 8.2.2 - 9.3.0.x, contain a missing release of m ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-23158 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...) + NOT-FOR-US: Dell +CVE-2022-23157 (Wyse Device Agent version 14.6.1.4 and below contain a sensitive data ...) + NOT-FOR-US: Dell +CVE-2022-23156 (Wyse Device Agent version 14.6.1.4 and below contain an Improper Authe ...) + NOT-FOR-US: Dell +CVE-2022-23155 (Dell Wyse Management Suite versions 2.0 through 3.5.2 contain an unres ...) + NOT-FOR-US: Dell +CVE-2022-23154 + RESERVED +CVE-2022-23153 + RESERVED +CVE-2022-23152 + RESERVED +CVE-2022-23151 + RESERVED +CVE-2022-23150 + RESERVED +CVE-2022-23149 + RESERVED +CVE-2022-23148 + RESERVED +CVE-2022-23147 + RESERVED +CVE-2022-23146 + RESERVED +CVE-2022-23145 + RESERVED +CVE-2022-23144 (There is a broken access control vulnerability in ZTE ZXvSTB product. ...) + NOT-FOR-US: ZTE +CVE-2022-23143 (ZTE OTCP product is impacted by a permission and access control vulner ...) + NOT-FOR-US: ZTE +CVE-2022-23142 (ZXEN CG200 has a DoS vulnerability. An attacker could construct and se ...) + NOT-FOR-US: ZXEN CG200 +CVE-2022-23141 (ZXMP M721 has an information leak vulnerability. Since the serial port ...) + NOT-FOR-US: ZXMP M721 +CVE-2022-23140 + RESERVED +CVE-2022-23139 (ZTE's ZXMP M721 product has a permission and access control vulnerabil ...) + NOT-FOR-US: ZTE ZXMP M721 +CVE-2022-23138 (ZTE's MF297D product has cryptographic issues vulnerability. Due to th ...) + NOT-FOR-US: ZTE +CVE-2022-23137 (ZTE's ZXCDN product has a reflective XSS vulnerability. The attacker c ...) + NOT-FOR-US: ZXCDN +CVE-2022-23136 (There is a stored XSS vulnerability in ZTE home gateway product. An at ...) + NOT-FOR-US: ZTE +CVE-2022-23135 (There is a directory traversal vulnerability in some home gateway prod ...) + NOT-FOR-US: ZTE +CVE-2022-23134 (After the initial setup process, some steps of setup.php file are reac ...) + {DLA-2914-1} + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Vulnerable code not present; session data not stored in cookies) + [buster] - zabbix (Vulnerable code not present) + NOTE: https://support.zabbix.com/browse/ZBX-20384 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/aa0fecfbcc9794bc00206630a7424575dfc944df (5.0.19rc2) + NOTE: 4.0 and 5.0 are not affected: https://support.zabbix.com/browse/ZBX-20384?focusedCommentId=648239&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-648239 +CVE-2022-23133 (An authenticated user can create a hosts group from the configuration ...) + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (Vulnerable code introduced later, and reverted with the fix) + [stretch] - zabbix (Vulnerable code introduced later, and reverted with the fix) + NOTE: https://support.zabbix.com/browse/ZBX-20388 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/74b8716a73c324e6cdbdda1de434e7872740a908 (5.0.19rc1) + NOTE: Introduced by: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/f3654d0173ea244a2319a093f7c4e27ad9086dc3 (4.4.0alpha3) +CVE-2022-23132 (During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability i ...) + - zabbix 1:6.0.7+dfsg-2 + [bullseye] - zabbix (Minor issue) + [buster] - zabbix (Not using RPM or DAC_OVERRIDE in Debian installs) + [stretch] - zabbix (Not using RPM or DAC_OVERRIDE in Debian installs, zbx_ipc_service_init_env() not present) + NOTE: https://support.zabbix.com/browse/ZBX-20341 + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/019fbd9b5cc9c455304f1a48460435ca474ba2ac (5.0.18) +CVE-2022-23131 (In the case of instances where the SAML SSO authentication is enabled ...) + - zabbix (Only affects 5.4 and later) + NOTE: https://support.zabbix.com/browse/ZBX-20350 + NOTE: Only affects 5.4 and later per https://www.zabbix.com/de/security_advisories +CVE-2022-23130 (Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versi ...) + NOT-FOR-US: Mitsubishi +CVE-2022-23129 (Plaintext Storage of a Password vulnerability in Mitsubishi Electric M ...) + NOT-FOR-US: Mitsubishi +CVE-2022-23128 (Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Elect ...) + NOT-FOR-US: Mitsubishi +CVE-2022-23127 (Cross-site Scripting vulnerability in Mitsubishi Electric MC Works64 v ...) + NOT-FOR-US: Mitsubishi +CVE-2022-23126 (TeslaMate before 1.25.1 (when using the default Docker configuration) ...) + NOT-FOR-US: TeslaMate +CVE-2022-0198 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: corenlp +CVE-2022-0197 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) + - phoronix-test-suite +CVE-2022-0196 (phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)) + - phoronix-test-suite +CVE-2022-0195 + RESERVED +CVE-2021-46283 (nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/ad9f151e560b016b6ad3280b48e42fa11e1a5440 (5.13-rc7) +CVE-2022-23125 (This vulnerability allows remote attackers to execute arbitrary code o ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/d801ed421800bcd5df9045f7327c92cd4fc944aa +CVE-2022-23124 (This vulnerability allows remote attackers to disclose sensitive infor ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: 4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far +CVE-2022-23123 (This vulnerability allows remote attackers to disclose sensitive infor ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/a6fbccb0f2478108add188df023cfbb7428aac33 + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far +CVE-2022-23122 (This vulnerability allows remote attackers to execute arbitrary code o ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far +CVE-2022-23121 (This vulnerability allows remote attackers to execute arbitrary code o ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/0c0465e4e85a27105b61b3918df8f8df0565367c + NOTE: https://github.com/Netatalk/Netatalk/commit/62d4013c62be3b1b4a14f37057cb1c8f393c5fd1 +CVE-2022-23120 (A code injection vulnerability in Trend Micro Deep Security and Cloud ...) + NOT-FOR-US: Trend Micro +CVE-2022-23119 (A directory traversal vulnerability in Trend Micro Deep Security and C ...) + NOT-FOR-US: Trend Micro +CVE-2022-23118 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements fu ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23117 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23116 (Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionali ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23115 (Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch tas ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23114 (Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unenc ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23113 (Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23112 (A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23111 (A cross-site request forgery (CSRF) vulnerability in Jenkins Publish O ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23110 (Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the S ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23109 (Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault c ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23108 (Jenkins Badge Plugin 1.9 and earlier does not escape the description a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23107 (Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not re ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23106 (Jenkins Configuration as Code Plugin 1.55 and earlier used a non-const ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23105 (Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-23102 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2022-21236 (An information disclosure vulnerability exists due to a web server mis ...) + NOT-FOR-US: Reolink +CVE-2022-21217 (An out-of-bounds write vulnerability exists in the device TestEmail fu ...) + NOT-FOR-US: Reolink +CVE-2022-21134 (A firmware update vulnerability exists in the "update" firmw ...) + NOT-FOR-US: Reolink +CVE-2022-0194 (This vulnerability allows remote attackers to execute arbitrary code o ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/4a8f6c964d5ca86df27c50e50dc1b60d39c9b76d + NOTE: Causes a regression: + NOTE: https://sourceforge.net/p/netatalk/mailman/netatalk-devel/thread/49864b1b-6aa1-6859-3f53-a2018598b8ce%40synology.com/#msg37632074 + NOTE: Probably the same as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1013303 + NOTE: 3.1.13~ds-2 merged a patch: https://salsa.debian.org/netatalk-team/netatalk/-/commit/9b7e96c9023402d4f7aa49e28e13aef31aeb1caf + NOTE: but not reviewed/merged upstream so far +CVE-2022-0193 (The Complianz WordPress plugin before 6.0.0 does not escape the s para ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0192 (A DLL search path vulnerability was reported in Lenovo PCManager prior ...) + NOT-FOR-US: Lenovo +CVE-2022-0191 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 do ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0190 (The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0189 (The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise a ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0188 (The CMP WordPress plugin before 4.0.19 allows any user, even not logge ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0187 + RESERVED +CVE-2022-0186 (The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0185 (A heap-based buffer overflow flaw was found in the way the legacy_pars ...) + {DSA-5050-1} + - linux 5.15.15-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/7 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/14 + NOTE: https://www.willsroot.io/2022/01/cve-2022-0185.html +CVE-2022-0184 (Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR59 ...) + NOT-FOR-US: TEPRA +CVE-2022-0183 (Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 ...) + NOT-FOR-US: MIRUPASS +CVE-2020-36515 + RESERVED +CVE-2022-23101 (OX App Suite through 7.10.6 allows XSS via appHandler in a deep link i ...) + NOT-FOR-US: OX App Suite +CVE-2022-23100 (OX App Suite through 7.10.6 allows OS Command Injection via Documentco ...) + NOT-FOR-US: OX App Suite +CVE-2022-23099 (OX App Suite through 7.10.6 allows XSS by forcing block-wise read.) + NOT-FOR-US: OX App Suite +CVE-2022-23098 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) + {DSA-5231-1 DLA-3144-1 DLA-2915-1} + - connman 1.36-2.4 (bug #1004935) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 + NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=d8708b85c1e8fe25af7803e8a20cf20e7201d8a4 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c34313a196515c80fe78a2862ad78174b985be5 +CVE-2022-23097 (An issue was discovered in the DNS proxy in Connman through 1.40. forw ...) + {DSA-5231-1 DLA-3144-1 DLA-2915-1} + - connman 1.36-2.4 (bug #1004935) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 + NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 +CVE-2022-23096 (An issue was discovered in the DNS proxy in Connman through 1.40. The ...) + {DSA-5231-1 DLA-3144-1 DLA-2915-1} + - connman 1.36-2.4 (bug #1004935) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/1 + NOTE: https://lore.kernel.org/connman/20220125090026.5108-1-wagi@monom.org/ + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=e5a313736e13c90d19085e953a26256a198e4950 +CVE-2022-23095 (Open Design Alliance Drawings SDK before 2022.12.1 mishandles the load ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2022-23094 (Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of ...) + {DSA-5048-1} + - libreswan 4.6-1 + [buster] - libreswan (Vulnerable code introduced in 4.2) + NOTE: https://github.com/libreswan/libreswan/issues/585 + NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094.txt + NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.2-4.3.patch (4.2-4.3) + NOTE: https://libreswan.org/security/CVE-2022-23094/CVE-2022-23094-libreswan-4.4-4.5.patch (4.4-4.5) +CVE-2022-23093 + RESERVED +CVE-2022-23092 + RESERVED +CVE-2022-23091 + RESERVED +CVE-2022-23090 + RESERVED +CVE-2022-23089 + RESERVED +CVE-2022-23088 + RESERVED +CVE-2022-23087 + RESERVED +CVE-2022-23086 + RESERVED +CVE-2022-23085 + RESERVED +CVE-2022-23084 + RESERVED +CVE-2022-23083 (NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transf ...) + NOT-FOR-US: NetMaster +CVE-2022-23082 (In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path trave ...) + NOT-FOR-US: WhiteSource CureKit +CVE-2022-23081 (In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are ...) + NOT-FOR-US: openlibrary +CVE-2022-23080 (In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to ser ...) + NOT-FOR-US: directus +CVE-2022-23079 (In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host he ...) + NOT-FOR-US: motor-admin +CVE-2022-23078 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to open ...) + NOT-FOR-US: habitica +CVE-2022-23077 (In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM X ...) + NOT-FOR-US: habitica +CVE-2022-23076 + RESERVED +CVE-2022-23075 + RESERVED +CVE-2022-23074 (In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cro ...) + NOT-FOR-US: Recipes +CVE-2022-23073 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) + NOT-FOR-US: Recipes +CVE-2022-23072 (In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cros ...) + NOT-FOR-US: Recipes +CVE-2022-23071 (In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side ...) + NOT-FOR-US: Recipes +CVE-2022-23070 + RESERVED +CVE-2022-23069 + RESERVED +CVE-2022-23068 (ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection wh ...) + NOT-FOR-US: ToolJet +CVE-2022-23067 (ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via ...) + NOT-FOR-US: ToolJet +CVE-2022-23066 (In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Ca ...) + NOT-FOR-US: Solana rBPF +CVE-2022-23065 (In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS ...) + NOT-FOR-US: Vendure +CVE-2022-23064 (In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Head ...) + - snipe-it (bug #1005172) +CVE-2022-23063 (In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Ses ...) + NOT-FOR-US: Shopizer +CVE-2022-23062 + RESERVED +CVE-2022-23061 (In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently del ...) + NOT-FOR-US: Shopizer +CVE-2022-23060 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...) + NOT-FOR-US: Shopizer +CVE-2022-23059 (A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer v ...) + NOT-FOR-US: Shopizer +CVE-2022-23058 (ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulne ...) + NOT-FOR-US: ERPNext +CVE-2022-23057 (In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-S ...) + NOT-FOR-US: ERPNext +CVE-2022-23056 (In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable t ...) + NOT-FOR-US: ERPNext +CVE-2022-23055 (In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Mi ...) + NOT-FOR-US: ERPNext +CVE-2022-23054 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + NOT-FOR-US: Openmct +CVE-2022-23053 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + NOT-FOR-US: Openmct +CVE-2022-23052 (PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vu ...) + NOT-FOR-US: PeteReport +CVE-2022-23051 (PeteReport Version 0.5 allows an authenticated admin user to inject pe ...) + NOT-FOR-US: PeteReport +CVE-2022-23050 (ManageEngine AppManager15 (Build No:15510) allows an authenticated adm ...) + NOT-FOR-US: ManageEngine Applications Manager +CVE-2022-23049 (Exponent CMS 2.6.0patch2 allows an authenticated user to inject persis ...) + NOT-FOR-US: Exponent CMS +CVE-2022-23048 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload ...) + NOT-FOR-US: Exponent CMS +CVE-2022-23047 (Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject ...) + NOT-FOR-US: Exponent CMS +CVE-2022-23046 (PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL senten ...) + - phpipam (bug #731713) +CVE-2022-23045 (PhpIPAM v1.4.4 allows an authenticated admin user to inject persistent ...) + - phpipam (bug #731713) +CVE-2022-23044 (Tiny File Manager version 2.4.8 allows an unauthenticated remote attac ...) + NOT-FOR-US: Tiny File Manager +CVE-2022-23043 (Zenario CMS 9.2 allows an authenticated admin user to bypass the file ...) + NOT-FOR-US: Zenario CMS +CVE-2022-23042 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23041 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23040 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23039 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23038 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23037 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23036 (Linux PV device frontends vulnerable to attacks by backends T[his CNA ...) + {DLA-3065-1} + - linux 5.16.14-1 + [bullseye] - linux 5.10.106-1 + [buster] - linux 4.19.235-1 + NOTE: https://xenbits.xen.org/xsa/advisory-396.html +CVE-2022-23035 (Insufficient cleanup of passed-through device IRQs The management of I ...) + {DSA-5117-1} + - xen 4.16.0+51-g0941d6cb-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-395.html +CVE-2022-23034 (A PV guest could DoS Xen while unmapping a grant To address XSA-380, r ...) + {DSA-5117-1} + - xen 4.16.0+51-g0941d6cb-1 + [buster] - xen (DSA 4677-1) + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-394.html +CVE-2022-23033 (arm: guest_physmap_remove_page not removing the p2m mappings The funct ...) + {DSA-5117-1} + - xen 4.16.0+51-g0941d6cb-1 + [buster] - xen (Vulnerable code introduced later) + [stretch] - xen (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-393.html +CVE-2022-23032 (In all versions before 7.2.1.4, when proxy settings are configured in ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23031 (On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23030 (On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23029 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23028 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23027 (On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23026 (On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x befo ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23025 (On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23024 (On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23023 (On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23022 (On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is config ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23021 (On BIG-IP version 16.1.x before 16.1.2, when any of the following conf ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23020 (On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' se ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23019 (On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23018 (On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23017 (On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x b ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23016 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23015 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23014 (On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG- ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23013 (On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23012 (On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23011 (On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23010 (On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23009 (On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated ad ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23008 (On NGINX Controller API Management versions 3.18.0-3.19.0, an authenti ...) + NOT-FOR-US: F5 BIG-IP +CVE-2022-23007 + RESERVED +CVE-2022-23006 (A stack-based buffer overflow vulnerability was found on Western Digit ...) + NOT-FOR-US: Western Digital +CVE-2022-23005 (Western Digital has identified a weakness in the UFS standard that cou ...) + NOT-FOR-US: Western Digital +CVE-2022-23004 (When computing a shared secret or point multiplication on the NIST P-2 ...) + NOT-FOR-US: Western Digital +CVE-2022-23003 (When computing a shared secret or point multiplication on the NIST P-2 ...) + NOT-FOR-US: Western Digital +CVE-2022-23002 (When compressing or decompressing a point on the NIST P-256 elliptic c ...) + NOT-FOR-US: Western Digital +CVE-2022-23001 (When compressing or decompressing elliptic curve points using the Swee ...) + NOT-FOR-US: Western Digital +CVE-2022-23000 (The Western Digital My Cloud Web App [https://os5.mycloud.com/] uses a ...) + NOT-FOR-US: Western Digital +CVE-2022-22999 (Western Digital My Cloud devices are vulnerable to a cross side script ...) + NOT-FOR-US: Western Digital +CVE-2022-22998 (Implemented protections on AWS credentials that were not properly prot ...) + NOT-FOR-US: Western Digital +CVE-2022-22997 (Addressed a remote code execution vulnerability by resolving a command ...) + NOT-FOR-US: Western Digital +CVE-2022-22996 (The G-RAID 4/8 Software Utility setups for Windows were affected by a ...) + NOT-FOR-US: Western Digital Windows setup +CVE-2022-22995 (The combination of primitives offered by SMB and AFP in their default ...) + - netatalk 3.1.18~ds-1 (bug #1053545) + [bullseye] - netatalk (Minor issue) + NOTE: https://netatalk.sourceforge.io/CVE-2022-22995.php + NOTE: https://github.com/Netatalk/netatalk/pull/509 + NOTE: https://github.com/Netatalk/netatalk/commit/9eb6d9d0ac17dca210ccbf05476a925a6b379dfb +CVE-2022-22994 (A remote code execution vulnerability was discovered on Western Digita ...) + NOT-FOR-US: Western Digital +CVE-2022-22993 (A limited SSRF vulnerability was discovered on Western Digital My Clou ...) + NOT-FOR-US: Western Digital +CVE-2022-22992 (A command injection remote code execution vulnerability was discovered ...) + NOT-FOR-US: Western Digital +CVE-2022-22991 (A malicious user on the same LAN could use DNS spoofing followed by a ...) + NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware +CVE-2022-22990 (A limited authentication bypass vulnerability was discovered that coul ...) + NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware +CVE-2022-22989 (My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vul ...) + NOT-FOR-US: Western Digital / My Cloud OS 5 Firmware +CVE-2022-22988 (File and directory permissions have been corrected to prevent unintend ...) + NOT-FOR-US: Western Digital +CVE-2022-21234 (An SQL injection vulnerability exists in the EchoAssets.aspx functiona ...) + NOT-FOR-US: Lansweeper +CVE-2022-21210 (An SQL injection vulnerability exists in the AssetActions.aspx functio ...) + NOT-FOR-US: Lansweeper +CVE-2022-21145 (A stored cross-site scripting vulnerability exists in the WebUserActio ...) + NOT-FOR-US: Lansweeper +CVE-2022-0182 (Stored cross-site scripting vulnerability in Quiz And Survey Master ve ...) + NOT-FOR-US: Quiz And Survey Master +CVE-2022-0181 (Reflected cross-site scripting vulnerability in Quiz And Survey Master ...) + NOT-FOR-US: Quiz And Survey Master +CVE-2022-0180 (Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Mas ...) + NOT-FOR-US: Quiz And Survey Master +CVE-2022-0179 (snipe-it is vulnerable to Missing Authorization) + - snipe-it (bug #1005172) +CVE-2022-0178 (Missing Authorization vulnerability in snipe snipe/snipe-it.This issue ...) + - snipe-it (bug #1005172) +CVE-2022-0177 + REJECTED +CVE-2021-4204 (An out-of-bounds (OOB) memory access flaw was found in the Linux kerne ...) + - linux 5.17.3-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/4 +CVE-2022-22983 (VMware Workstation (16.x prior to 16.2.4) contains an unprotected stor ...) + NOT-FOR-US: VMware +CVE-2022-22982 (The vCenter Server contains a server-side request forgery (SSRF) vulne ...) + NOT-FOR-US: VMWare +CVE-2022-22981 + RESERVED +CVE-2022-22980 (A Spring Data MongoDB application is vulnerable to SpEL Injection when ...) + NOT-FOR-US: Spring Data MongoDB +CVE-2022-22979 (In Spring Cloud Function versions prior to 3.2.6, it is possible for a ...) + NOT-FOR-US: Spring Cloud Function +CVE-2022-22978 (In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and olde ...) + - libspring-security-2.0-java +CVE-2022-22977 (VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML Ex ...) + NOT-FOR-US: VMware +CVE-2022-22976 (Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, a ...) + - libspring-security-2.0-java +CVE-2022-22975 (An issue was discovered in the Pinniped Supervisor with either LADPIde ...) + NOT-FOR-US: vmware-tanzu/pinniped +CVE-2022-22974 + RESERVED +CVE-2022-22973 (VMware Workspace ONE Access and Identity Manager contain a privilege e ...) + NOT-FOR-US: VMware +CVE-2022-22972 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22971 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) + - libspring-java (unimportant) + NOTE: https://tanzu.vmware.com/security/cve-2022-22971 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2022-22970 (In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupp ...) + - libspring-java (unimportant) + NOTE: https://tanzu.vmware.com/security/cve-2022-22970 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2022-22969 ( Spring Security OAuth versions 2.5.x prior to 2.5. ...) + NOT-FOR-US: spring-security-oauth +CVE-2022-22968 (In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older ...) + - libspring-java (unimportant) + NOTE: https://tanzu.vmware.com/security/cve-2022-22968 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2022-22967 (An issue was discovered in SaltStack Salt in versions before 3002.9, 3 ...) + - salt (bug #1013872) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release-june-21st-2022/ + NOTE: Fixed by: https://github.com/saltstack/salt/commit/e068a34ccb2e17ae7224f8016a24b727f726d4c8 (v3004.2) +CVE-2022-22966 (An authenticated, high privileged malicious actor with network access ...) + NOT-FOR-US: VMware +CVE-2022-22965 (A Spring MVC or Spring WebFlux application running on JDK 9+ may be vu ...) + - libspring-java (unimportant) + NOTE: https://bugalert.org/content/notices/2022-03-30-spring.html + NOTE: https://tanzu.vmware.com/security/cve-2022-22965 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2022-22964 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...) + NOT-FOR-US: VMware +CVE-2022-22963 (In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported v ...) + NOT-FOR-US: Spring Cloud Function +CVE-2022-22962 (VMware Horizon Agent for Linux (prior to 22.x) contains a local privil ...) + NOT-FOR-US: VMware +CVE-2022-22961 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22960 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22959 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22958 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22957 (VMware Workspace ONE Access, Identity Manager and vRealize Automation ...) + NOT-FOR-US: VMware +CVE-2022-22956 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2022-22955 (VMware Workspace ONE Access has two authentication bypass vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2022-22954 (VMware Workspace ONE Access and Identity Manager contain a remote code ...) + NOT-FOR-US: VMware +CVE-2022-22953 (VMware HCX update addresses an information disclosure vulnerability. A ...) + NOT-FOR-US: VMware +CVE-2022-22952 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...) + NOT-FOR-US: VMware +CVE-2022-22951 (VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to ...) + NOT-FOR-US: VMware +CVE-2022-22950 (n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versi ...) + - libspring-java (unimportant) + NOTE: https://tanzu.vmware.com/security/cve-2022-22950 + NOTE: Only supported for building applications shipped in Debian, see README.Debian.security +CVE-2022-22949 + RESERVED +CVE-2022-22948 (The vCenter Server contains an information disclosure vulnerability du ...) + NOT-FOR-US: VMware +CVE-2022-22947 (In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applicat ...) + NOT-FOR-US: Spring Cloud Gateway +CVE-2022-22946 (In spring cloud gateway versions prior to 3.1.1+ , applications that a ...) + NOT-FOR-US: Spring Cloud Gateway +CVE-2022-22945 (VMware NSX Edge contains a CLI shell injection vulnerability. A malici ...) + NOT-FOR-US: VMware +CVE-2022-22944 (VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS ...) + NOT-FOR-US: VMware +CVE-2022-22943 (VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains ...) + NOT-FOR-US: VMware +CVE-2022-22942 (The vmwgfx driver contains a local privilege escalation vulnerability ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1} + - linux 5.15.15-2 + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/27/4 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/03/1 + NOTE: Fixed by: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c + NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942-dc.c + NOTE: https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c +CVE-2022-22941 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) + - salt 3004.1+dfsg-1 (bug #1008945) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ +CVE-2022-22940 + RESERVED +CVE-2022-22939 (VMware Cloud Foundation contains an information disclosure vulnerabili ...) + NOT-FOR-US: VMware +CVE-2022-22938 (VMware Workstation (16.x prior to 16.2.2) and Horizon Client for Windo ...) + NOT-FOR-US: VMware +CVE-2022-22937 + RESERVED +CVE-2022-22936 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) + - salt 3004.1+dfsg-1 (bug #1008945) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ +CVE-2022-22935 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) + - salt 3004.1+dfsg-1 (bug #1008945) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ +CVE-2022-22934 (An issue was discovered in SaltStack Salt in versions before 3002.8, 3 ...) + - salt 3004.1+dfsg-1 (bug #1008945) + NOTE: https://saltproject.io/security_announcements/salt-security-advisory-release/ +CVE-2022-22933 + RESERVED +CVE-2022-22932 (Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...) + - apache-karaf (bug #881297) +CVE-2022-22931 (Fix of CVE-2021-40525 do not prepend delimiters upon valid directory v ...) + NOT-FOR-US: Apache James +CVE-2022-22930 (A remote code execution (RCE) vulnerability in the Template Management ...) + NOT-FOR-US: MCMS +CVE-2022-22929 (MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerabil ...) + NOT-FOR-US: MCMS +CVE-2022-22928 (MCMS v5.2.4 was discovered to have a hardcoded shiro-key, allowing att ...) + NOT-FOR-US: MCMS +CVE-2022-22927 + RESERVED +CVE-2022-22926 + RESERVED +CVE-2022-22925 + RESERVED +CVE-2022-22924 + RESERVED +CVE-2022-22923 + RESERVED +CVE-2022-22922 (TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovere ...) + NOT-FOR-US: TP-Link +CVE-2022-22921 + RESERVED +CVE-2022-22920 + RESERVED +CVE-2022-22919 (Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SS ...) + NOT-FOR-US: Adenza AxiomSL ControllerView +CVE-2022-22918 + RESERVED +CVE-2022-22917 + RESERVED +CVE-2022-22916 (O2OA v6.4.7 was discovered to contain a remote code execution (RCE) vu ...) + NOT-FOR-US: O2OA +CVE-2022-22915 + RESERVED +CVE-2022-22914 (An incorrect access control issue in the component FileManager of Ovid ...) + NOT-FOR-US: Ovidentia CMS +CVE-2022-22913 + RESERVED +CVE-2022-22912 (Prototype pollution vulnerability via .parse() in Plist before v3.0.4 ...) + NOT-FOR-US: Node Plist.js +CVE-2022-22911 + RESERVED +CVE-2022-22910 + RESERVED +CVE-2022-22909 (HotelDruid v3.0.3 was discovered to contain a remote code execution (R ...) + - hoteldruid 3.0.4-1 (bug #1006750) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) + NOTE: https://github.com/0z09e/CVE-2022-22909 +CVE-2022-22908 (SangforCSClient.exe in Sangfor VDI Client 5.4.2.1006 allows attackers, ...) + NOT-FOR-US: Sangfor VDI Client +CVE-2022-22907 + RESERVED +CVE-2022-22906 + RESERVED +CVE-2022-22905 + RESERVED +CVE-2022-22904 + RESERVED +CVE-2022-22903 + RESERVED +CVE-2022-22902 + RESERVED +CVE-2022-22901 (There is an Assertion in 'context_p->next_scanner_info_p->type == SCAN ...) + - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4916 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/f3a420b672927037beb4508d7bdd68fb25d2caf6 +CVE-2022-22900 + RESERVED +CVE-2022-22899 (Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenti ...) + NOT-FOR-US: Core FTP / SFTP Server +CVE-2022-22898 + RESERVED +CVE-2022-22897 (A SQL injection vulnerability in the product_all_one_img and image_pro ...) + NOT-FOR-US: ApolloTheme AP PageBuilder +CVE-2022-22896 + RESERVED +CVE-2022-22895 (Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4850 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4882 +CVE-2022-22894 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 +CVE-2022-22893 (Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_lo ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4901 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4945 +CVE-2022-22892 (There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_valu ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4872 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 +CVE-2022-22891 (Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via e ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4871 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4885 +CVE-2022-22890 (There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4849 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4847 +CVE-2022-22889 + RESERVED +CVE-2022-22888 (Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_ ...) + - iotjs (bug #1004298) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4877 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4848 +CVE-2022-22887 + RESERVED +CVE-2022-22886 + RESERVED +CVE-2022-22885 (Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL cert ...) + NOT-FOR-US: Hutool +CVE-2022-22884 + RESERVED +CVE-2022-22883 + RESERVED +CVE-2022-22882 + RESERVED +CVE-2022-22881 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-22880 (Jeecg-boot v3.0 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: Jeecg-boot +CVE-2022-22879 + RESERVED +CVE-2022-22878 + RESERVED +CVE-2022-22877 + RESERVED +CVE-2022-22876 + RESERVED +CVE-2022-22875 + RESERVED +CVE-2022-22874 + RESERVED +CVE-2022-22873 + RESERVED +CVE-2022-22872 + RESERVED +CVE-2022-22871 + RESERVED +CVE-2022-22870 + RESERVED +CVE-2022-22869 + RESERVED +CVE-2022-22868 (Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting ( ...) + NOT-FOR-US: Gibbon CMS +CVE-2022-22867 + RESERVED +CVE-2022-22866 + RESERVED +CVE-2022-22865 + RESERVED +CVE-2022-22864 + RESERVED +CVE-2022-22863 + RESERVED +CVE-2022-22862 + RESERVED +CVE-2022-22861 + RESERVED +CVE-2022-22860 + RESERVED +CVE-2022-22859 + RESERVED +CVE-2022-22858 + RESERVED +CVE-2022-22857 + RESERVED +CVE-2022-22856 + RESERVED +CVE-2022-22855 + RESERVED +CVE-2022-22854 (An access control issue in hprms/admin/?page=user/list of Hospital Pat ...) + NOT-FOR-US: Hospital Patient Record Management System +CVE-2022-22853 (A stored cross-site scripting (XSS) vulnerability in Hospital Patient ...) + NOT-FOR-US: Hospital Patient Record Management System +CVE-2022-22852 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + NOT-FOR-US: Sourcecodtester +CVE-2022-22851 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + NOT-FOR-US: Sourcecodtester +CVE-2022-22850 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodt ...) + NOT-FOR-US: Sourcecodtester +CVE-2022-22849 + RESERVED +CVE-2022-22149 (A SQL injection vulnerability exists in the HelpdeskEmailActions.aspx ...) + NOT-FOR-US: Lansweeper +CVE-2022-0176 (The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0175 (A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). ...) + - virglrenderer (Introduced in 0.9.0 with refactor) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2039003 + NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 + NOTE: Code refactored in https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/7899e057327848300b18d8f03aa3789e00ed0221 (0.9.0) + NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/b05bb61f454eeb8a85164c8a31510aeb9d79129c +CVE-2022-0174 (Improper Validation of Specified Quantity in Input vulnerability in do ...) + - dolibarr +CVE-2022-0173 (radare2 is vulnerable to Out-of-bounds Read) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/727d8600-88bc-4dde-8dea-ee3d192600e5 + NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c +CVE-2022-0172 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0171 (A flaw was found in the Linux kernel. The existing KVM SEV API has a v ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.18.2-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2038940 +CVE-2022-0170 (peertube is vulnerable to Improper Access Control) + - peertube (bug #950821) +CVE-2022-0169 (The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not vali ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0168 (A denial of service (DOS) issue was found in the Linux kernel\u2019s s ...) + {DSA-5127-1} + - linux 5.17.3-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037386 +CVE-2022-0167 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0166 (A privilege escalation vulnerability in the McAfee Agent prior to 5.7. ...) + NOT-FOR-US: McAfee +CVE-2022-0165 (The Page Builder KingComposer WordPress plugin through 2.9.6 does not ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0164 (The Coming soon and Maintenance mode WordPress plugin before 3.5.3 doe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0163 (The Smart Forms WordPress plugin before 2.6.71 does not have authorisa ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0162 (The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 ...) + NOT-FOR-US: TP-Link +CVE-2022-0161 (The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0160 + RESERVED +CVE-2021-46269 + RESERVED +CVE-2021-46268 + RESERVED +CVE-2021-46267 + RESERVED +CVE-2021-46266 + RESERVED +CVE-2021-46265 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46264 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46263 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46262 (Tenda AC Series Router AC11_V02.03.01.104_CN was discovered to contain ...) + NOT-FOR-US: Tenda +CVE-2021-46261 + RESERVED +CVE-2021-46260 + RESERVED +CVE-2021-46259 + RESERVED +CVE-2021-46258 + RESERVED +CVE-2021-46257 + RESERVED +CVE-2021-46256 + RESERVED +CVE-2021-46255 (eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to ...) + NOT-FOR-US: eyouCMS +CVE-2021-46254 + RESERVED +CVE-2021-46253 (A cross-site scripting (XSS) vulnerability in the Create Post function ...) + NOT-FOR-US: Anchor CMS +CVE-2021-46252 (A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of S ...) + NOT-FOR-US: scratch-confirmaccount-v3 +CVE-2021-46251 (A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46250 (An issue in SOA2Login::commented of ScratchOAuth2 before commit a91879 ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46249 (An authorization bypass exploited by a user-controlled key in Specific ...) + NOT-FOR-US: ScratchOAuth2 +CVE-2021-46248 + RESERVED +CVE-2021-46247 (The use of a hard-coded cryptographic key significantly increases the ...) + NOT-FOR-US: ASUS +CVE-2021-46246 + RESERVED +CVE-2021-46245 + RESERVED +CVE-2021-46244 (A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the functi ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1327 + NOTE: https://github.com/advisories/GHSA-vrxh-5gxg-rmhm + NOTE: https://github.com/HDFGroup/hdf5/issues/2242 + NOTE: https://github.com/HDFGroup/hdf5/pull/2243 + NOTE: https://github.com/HDFGroup/hdf5/commit/0b4e9cf976438f0a6df7719518d1b1bb96c2caca + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-46243 (An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1- ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1326 + NOTE: https://github.com/advisories/GHSA-2rqw-mg55-mp69 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-46242 (HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1329 + NOTE: https://github.com/advisories/GHSA-x9pw-hh7v-wjpf + NOTE: https://github.com/HDFGroup/hdf5/pull/2255 + NOTE: https://github.com/HDFGroup/hdf5/commit/24700e8f0607e9a3782c843528e2c5a892d4d6f6 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-46241 + RESERVED +CVE-2021-46240 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2028 + NOTE: https://github.com/gpac/gpac/commit/31eb879ea67b3a6ff67d3211f4c6b83369d4898d (v2.0.0) +CVE-2021-46239 (The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2026 + NOTE: https://github.com/gpac/gpac/commit/4e1215758fa89455e8de1262df36f11740bb1bc4 (v2.0.0) +CVE-2021-46238 (GPAC v1.1.0 was discovered to contain a stack overflow via the functio ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2027 + NOTE: https://github.com/gpac/gpac/commit/4b9736ab8c9274db5858e5bf9fe0470bc3e7b6cf (v2.0.0) +CVE-2021-46237 (An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 v ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2033 + NOTE: https://github.com/gpac/gpac/commit/3cc122ad664a2355cce9784f50b59c6272d43f00 (v2.0.0) +CVE-2021-46236 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2024 + NOTE: https://github.com/gpac/gpac/commit/6a5effb57153cb05e72f6e9bd72afefc334a673d (v2.0.0) +CVE-2021-46235 + RESERVED +CVE-2021-46234 (A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2023 + NOTE: https://github.com/gpac/gpac/commit/70c6f6f832dccff814a19a74d87b97b3d68a4af5 +CVE-2021-46233 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46232 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46231 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46230 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46229 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46228 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46227 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46226 (D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a co ...) + NOT-FOR-US: D-Link +CVE-2021-46225 (A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allo ...) + NOT-FOR-US: libMeshb +CVE-2021-46224 + RESERVED +CVE-2021-46223 + RESERVED +CVE-2021-46222 + RESERVED +CVE-2021-46221 + RESERVED +CVE-2021-46220 + RESERVED +CVE-2021-46219 + RESERVED +CVE-2021-46218 + RESERVED +CVE-2021-46217 + RESERVED +CVE-2021-46216 + RESERVED +CVE-2021-46215 + RESERVED +CVE-2021-46214 + RESERVED +CVE-2021-46213 + RESERVED +CVE-2021-46212 + RESERVED +CVE-2021-46211 + RESERVED +CVE-2021-46210 + RESERVED +CVE-2021-46209 + RESERVED +CVE-2021-46208 + RESERVED +CVE-2021-46207 + RESERVED +CVE-2021-46206 + RESERVED +CVE-2021-46205 + RESERVED +CVE-2021-46204 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) + NOT-FOR-US: taocms +CVE-2021-46203 (Taocms v3.0.2 was discovered to contain an arbitrary file read vulnera ...) + NOT-FOR-US: taocms +CVE-2021-46202 + RESERVED +CVE-2021-46201 (An SQL Injection vulnerability exists in Sourcecodester Online Resort ...) + NOT-FOR-US: Sourcecodester Online Resort Management System +CVE-2021-46200 (An SQL Injection vulnerability exists in Sourcecodester Simple Music C ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46199 + RESERVED +CVE-2021-46198 (An SQL Injection vulnerability exists in Sourceodester Courier Managem ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46197 + RESERVED +CVE-2021-46196 + RESERVED +CVE-2021-46195 (GCC v12.0 was discovered to contain an uncontrolled recursion via the ...) + - binutils 2.37.90.20220207-1 (unimportant) + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103841 + NOTE: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab + NOTE: binutils not covered by security support +CVE-2021-46194 + RESERVED +CVE-2021-46193 + RESERVED +CVE-2021-46192 + RESERVED +CVE-2021-46191 + RESERVED +CVE-2021-46190 + RESERVED +CVE-2021-46189 + RESERVED +CVE-2021-46188 + RESERVED +CVE-2021-46187 + RESERVED +CVE-2021-46186 + RESERVED +CVE-2021-46185 + RESERVED +CVE-2021-46184 + RESERVED +CVE-2021-46183 + RESERVED +CVE-2021-46182 + RESERVED +CVE-2021-46181 + RESERVED +CVE-2021-46180 + RESERVED +CVE-2021-46179 (Reachable Assertion vulnerability in upx before 4.0.0 allows attackers ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/545 + NOTE: https://github.com/upx/upx/commit/4a9c46253e308d60b550e9f529e7d37daf978be5 (v3.99) + NOTE: https://github.com/upx/upx/commit/2d6987252ef4cec9b9051e3e161977ab88b67aac (v3.99) + NOTE: https://github.com/upx/upx/commit/fcdf0e92c1a2d89188ec7b50fb9b40ef51362560 (v3.99) + NOTE: https://github.com/upx/upx/commit/be23f93ee6853a688fb9a920c9ee5222aa212303 (v3.99) + NOTE: Crash in CLI tool, no security impact +CVE-2021-46178 + RESERVED +CVE-2021-46177 + RESERVED +CVE-2021-46176 + RESERVED +CVE-2021-46175 + RESERVED +CVE-2021-46174 (Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump ...) + - binutils 2.37.90.20220207-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28753 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cad4d6b91e97b6962807d33c04ed7e7797788438 (binutils-2_38) + NOTE: binutils not covered by security support +CVE-2021-46173 + RESERVED +CVE-2021-46172 + RESERVED +CVE-2021-46171 (Modex v2.11 was discovered to contain a NULL pointer dereference in se ...) + NOT-FOR-US: Modex +CVE-2021-46170 (An issue was discovered in JerryScript commit a6ab5e9. There is an Use ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4917 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4942/commits/5e1fdd1d1e75105b43392b4bb3996099cdc50f3d +CVE-2021-46169 (Modex v2.11 was discovered to contain an Use-After-Free vulnerability ...) + NOT-FOR-US: Modex +CVE-2021-46168 (Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() ...) + NOT-FOR-US: Spin +CVE-2021-46167 (An access control issue in the authentication module of wizplat PD065 ...) + NOT-FOR-US: wizplat secure flash +CVE-2021-44458 (Linux users running Lens 5.2.6 and earlier could be compromised by vis ...) + NOT-FOR-US: Lens +CVE-2021-4203 (A use-after-free read flaw was found in sock_getsockopt() in net/core/ ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux 4.9.290-1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2230 + NOTE: https://git.kernel.org/linus/35306eb23814444bd4021f8a1c3047d3cb0c8b2b (5.15-rc4) +CVE-2021-4202 (A use-after-free flaw was found in nci_request in net/nfc/nci/core.c i ...) + {DSA-5096-1 DLA-2940-1} + - linux 5.15.5-1 (unimportant) + [bullseye] - linux 5.10.84-1 + NOTE: CONFIG_NFC_NCI not enabled in Debian +CVE-2021-23218 (When running with FIPS mode enabled, Mirantis Container Runtime 20.10. ...) + NOT-FOR-US: Mirantis Container Runtime +CVE-2021-23154 (In Lens prior to 5.3.4, custom helm chart configuration creates helm c ...) + NOT-FOR-US: Lens +CVE-2022-0159 (orchardcore is vulnerable to Improper Neutralization of Input During W ...) + NOT-FOR-US: orchardcore +CVE-2022-0158 (vim is vulnerable to Heap-based Buffer Overflow) + - vim 2:8.2.4659-1 (unimportant) + [buster] - vim (The vulnerable code was introduced later) + [stretch] - vim (The vulnerable code was introduced later) + NOTE: https://huntr.dev/bounties/ac5d7005-07c6-4a0a-b251-ba9cdbf6738b/ + NOTE: https://github.com/vim/vim/commit/5f25c3855071bd7e26255c68bf458b1b5cf92f39 (v8.2.4049) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0157 (phoronix-test-suite is vulnerable to Improper Neutralization of Input ...) + - phoronix-test-suite +CVE-2022-22848 + RESERVED +CVE-2022-22847 (Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Se ...) + NOT-FOR-US: Formpipe Lasernet +CVE-2022-22846 (The dnslib package through 0.9.16 for Python does not verify that the ...) + - python-dnslib 0.9.18-1 + [bullseye] - python-dnslib (Minor issue) + [buster] - python-dnslib (Minor issue) + NOTE: https://github.com/paulc/dnslib/issues/30 + NOTE: https://github.com/paulc/dnslib/commit/76e8677699ed098387d502c57980f58da642aeba +CVE-2022-22845 (QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167 ...) + NOT-FOR-US: QXIP SIPCAPTURE homer-app for HOMER +CVE-2022-22844 (LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c i ...) + {DSA-5108-1 DLA-2932-1} + - tiff 4.3.0-3 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/355 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/287 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/03047a26952a82daaa0792957ce211e0aa51bc64 +CVE-2022-22843 + RESERVED +CVE-2022-22842 + RESERVED +CVE-2022-22841 + RESERVED +CVE-2022-22840 + RESERVED +CVE-2022-22839 + RESERVED +CVE-2022-22838 + RESERVED +CVE-2022-22837 + RESERVED +CVE-2022-22836 (CoreFTP Server before 727 allows directory traversal (for file creatio ...) + NOT-FOR-US: CoreFTP +CVE-2022-22835 (An issue was discovered in OverIT Geocall before version 8.0. An authe ...) + NOT-FOR-US: OverIT Geocall +CVE-2022-22834 (An issue was discovered in OverIT Geocall before 8.0. An authenticated ...) + NOT-FOR-US: OverIT Geocall +CVE-2022-22833 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obta ...) + NOT-FOR-US: Servisnet Tessa +CVE-2022-22832 (An issue was discovered in Servisnet Tessa 0.0.2. Authorization data i ...) + NOT-FOR-US: Servisnet Tessa +CVE-2022-22831 (An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add ...) + NOT-FOR-US: Servisnet Tessa +CVE-2022-22830 + RESERVED +CVE-2022-22829 + RESERVED +CVE-2022-22828 (An insecure direct object reference for the file-download URL in Synam ...) + NOT-FOR-US: Synametrics +CVE-2021-46166 (Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46165 (Zoho ManageEngine Desktop Central before 10.0.662, during startup, lau ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46164 (Zoho ManageEngine Desktop Central before 10.0.662 allows remote code e ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46163 (Kentico Xperience 13.0.44 allows XSS via an XML document to the Media ...) + NOT-FOR-US: Kentico Xperience CMS +CVE-2022-0156 (vim is vulnerable to Use After Free) + - vim 2:8.2.4659-1 (unimportant) + [buster] - vim (vim9script functionality not present in buster and earlier) + NOTE: https://huntr.dev/bounties/47dded34-3767-4725-8c7c-9dcb68c70b36 + NOTE: https://github.com/vim/vim/commit/9f1a39a5d1cd7989ada2d1cb32f97d84360e050f (v8.2.4040) + NOTE: Crash in CLI tool, no security impact +CVE-2022-22827 (storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an in ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22826 (nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 ha ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22825 (lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integ ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22824 (defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22823 (build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22822 (addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an i ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1003474) + NOTE: https://github.com/libexpat/libexpat/pull/539 + NOTE: https://github.com/libexpat/libexpat/commit/9f93e8036e842329863bf20395b8fb8f73834d9e (R_2_4_3) +CVE-2022-22821 (NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in wh ...) + NOT-FOR-US: NVIDIA NeMo +CVE-2022-22820 (Due to the lack of media file checks before rendering, it was possible ...) + NOT-FOR-US: LINE +CVE-2022-22819 (NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55 ...) + NOT-FOR-US: NXP +CVE-2022-22818 (The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3 ...) + {DSA-5254-1 DLA-3191-1 DLA-2906-1} + - python-django 2:3.2.12-1 (bug #1004752) + NOTE: https://www.djangoproject.com/weblog/2022/feb/01/security-releases/ + NOTE: https://github.com/django/django/commit/394517f07886495efcf79f95c7ee402a9437bd68 (main) + NOTE: https://github.com/django/django/commit/01422046065d2b51f8f613409cad2c81b39487e5 (4.0.2) + NOTE: https://github.com/django/django/commit/1a1e8278c46418bde24c86a65443b0674bae65e2 (3.2.12) + NOTE: https://github.com/django/django/commit/c27a7eb9f40b64990398978152e62b6ff839c2e6 (2.2.27) +CVE-2022-22817 (PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitra ...) + {DSA-5053-1 DLA-2893-1} + - pillow 9.0.0-1 + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-builtins-available-to-imagemath-eval + NOTE: https://github.com/python-pillow/Pillow/commit/8531b01d6cdf0b70f256f93092caa2a5d91afc11 (9.0.0) + NOTE: Fillowup in 9.0.1: https://github.com/python-pillow/Pillow/commit/c930be0758ac02cf15a2b8d5409d50d443550581 +CVE-2022-22816 (path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read d ...) + {DSA-5053-1 DLA-2893-1} + - pillow 9.0.0-1 + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling + NOTE: https://github.com/python-pillow/Pillow/commit/c48271ab354db49cdbd740bc45e13be4f0f7993c (9.0.0) +CVE-2022-22815 (path_getbbox in path.c in Pillow before 9.0.0 improperly initializes I ...) + {DSA-5053-1 DLA-2893-1} + - pillow 9.0.0-1 + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-imagepath-path-array-handling + NOTE: https://github.com/python-pillow/Pillow/commit/1e092419b6806495c683043ab3feb6ce264f3b9c (9.0.0) +CVE-2022-22814 (The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege ...) + NOT-FOR-US: ASUS +CVE-2022-0155 (follow-redirects is vulnerable to Exposure of Private Personal Informa ...) + - node-follow-redirects 1.14.7+~1.13.1-1 + [bullseye] - node-follow-redirects 1.13.1-1+deb11u1 + [buster] - node-follow-redirects (Minor issue, too intrusive to backport) + NOTE: https://huntr.dev/bounties/fc524e4b-ebb6-427d-ab67-a64181020406 + NOTE: https://github.com/follow-redirects/follow-redirects/issues/183 + NOTE: https://github.com/follow-redirects/follow-redirects/commit/8b347cbcef7c7b72a6e9be20f5710c17d6163c22 (v1.14.7) +CVE-2022-22813 (A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an a ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22812 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22811 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22810 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22809 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22808 (A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22807 (A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulner ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22806 (A CWE-294: Authentication Bypass by Capture-replay vulnerability exist ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22805 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22804 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22803 + RESERVED +CVE-2022-22802 + RESERVED +CVE-2022-22801 + RESERVED +CVE-2022-22800 + RESERVED +CVE-2022-22799 + RESERVED +CVE-2022-22798 (Sysaid \u2013 Pro Plus Edition, SysAid Help Desk Broken Access Control ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-22797 (Sysaid \u2013 sysaid Open Redirect - An Attacker can change the redire ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-22796 (Sysaid \u2013 Sysaid System Takeover - An attacker can bypass the auth ...) + NOT-FOR-US: SysAid Help Desk +CVE-2022-22795 (Signiant - Manager+Agents XML External Entity (XXE) - Extract internal ...) + NOT-FOR-US: Signiant Manager+Agents +CVE-2022-22794 (Cybonet - PineApp Mail Relay Unauthenticated Sql Injection. Attacker c ...) + NOT-FOR-US: Cybonet +CVE-2022-22793 (Cybonet - PineApp Mail Relay Local File Inclusion. Attacker can send a ...) + NOT-FOR-US: Cybonet +CVE-2022-22792 (MobiSoft - MobiPlus User Take Over and Improper Handling of url Parame ...) + NOT-FOR-US: MobiSoft +CVE-2022-22791 (SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into ...) + NOT-FOR-US: SYNEL +CVE-2022-22790 (SYNEL - eharmony Directory Traversal. Directory Traversal - is an atta ...) + NOT-FOR-US: SYNEL +CVE-2022-22789 (Charactell - FormStorm Enterprise Account takeover \u2013 An attacker ...) + NOT-FOR-US: Charactell - FormStorm Enterprise +CVE-2022-22788 (The Zoom Opener installer is downloaded by a user from the Launch meet ...) + NOT-FOR-US: Zoom +CVE-2022-22787 (The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-22786 (The Zoom Client for Meetings for Windows before version 5.10.0 and Zoo ...) + NOT-FOR-US: Zoom +CVE-2022-22785 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-22784 (The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Wind ...) + NOT-FOR-US: Zoom +CVE-2022-22783 (A vulnerability in Zoom On-Premise Meeting Connector Controller versio ...) + NOT-FOR-US: Zoom +CVE-2022-22782 (The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom ...) + NOT-FOR-US: Zoom +CVE-2022-22781 (The Zoom Client for Meetings for MacOS (Standard and for IT Admin) pri ...) + NOT-FOR-US: Zoom +CVE-2022-22780 (The Zoom Client for Meetings chat functionality was susceptible to Zip ...) + NOT-FOR-US: Zoom +CVE-2022-22779 (The Keybase Clients for macOS and Windows before version 5.9.0 fails t ...) + NOT-FOR-US: Keybase on MacOS & Windows +CVE-2022-22778 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + NOT-FOR-US: TIBCO +CVE-2022-22777 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + NOT-FOR-US: TIBCO +CVE-2022-22776 (The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnec ...) + NOT-FOR-US: TIBCO +CVE-2022-22775 (The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Ente ...) + NOT-FOR-US: TIBCO +CVE-2022-22774 (The DOM XML parser and SAX XML parser components of TIBCO Software Inc ...) + NOT-FOR-US: TIBCO +CVE-2022-22773 (The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) + NOT-FOR-US: TIBCO +CVE-2022-22772 (The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s ...) + NOT-FOR-US: TIBCO Managed File Transfer Platform +CVE-2022-22771 (The Server component of TIBCO Software Inc.'s TIBCO JasperReports Libr ...) + - jasperreports + [stretch] - jasperreports (cannot be supported due to lack of information) + NOTE: https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771 +CVE-2022-22770 (The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe cont ...) + NOT-FOR-US: TIBCO +CVE-2022-22769 (The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX ...) + NOT-FOR-US: TIBCO +CVE-2022-22768 + RESERVED +CVE-2022-22767 (Specific BD Pyxis\u2122 products were installed with default credentia ...) + NOT-FOR-US: BD Pyxis +CVE-2022-22766 (Hardcoded credentials are used in specific BD Pyxis products. If explo ...) + NOT-FOR-US: BD Pyxis +CVE-2022-22765 (BD Viper LT system, versions 2.0 and later, contains hardcoded credent ...) + NOT-FOR-US: BD Viper LT system +CVE-2022-22764 (Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported m ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox 97.0-1 + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22764 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22764 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22764 +CVE-2022-22763 (When a worker is shutdown, it was possible to cause script to run late ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22763 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22763 +CVE-2022-22762 (Under certain circumstances, a JavaScript alert (or prompt) could have ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22762 +CVE-2022-22761 (Web-accessible extension pages (pages with a moz-extension:// scheme) ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox 97.0-1 + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22761 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22761 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22761 +CVE-2022-22760 (When importing resources using Web Workers, error messages would disti ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox 97.0-1 + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22760 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22760 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22760 +CVE-2022-22759 (If a document created a sandboxed iframe without allow-scripts\* (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22758 +CVE-2022-22757 (Remote Agent, used in WebDriver, did not validate the Host or Origin h ...) + - firefox 97.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22757 +CVE-2022-22756 (If a user was convinced to drag and drop an image to their desktop or ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox 97.0-1 + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22756 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22756 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22756 +CVE-2022-22755 (By using XSL Transforms, a malicious webserver could have served a use ...) + - firefox 97.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22755 +CVE-2022-22754 (If a user installed an extension of a particular type, the extension c ...) + {DSA-5074-1 DSA-5069-1 DLA-2921-1 DLA-2916-1} + - firefox 97.0-1 + - firefox-esr 91.6.0esr-1 + - thunderbird 1:91.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22754 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22754 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22754 +CVE-2022-22753 (A Time-of-Check Time-of-Use bug existed in the Maintenance (Updater) S ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-04/#CVE-2022-22753 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-05/#CVE-2022-22753 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-06/#CVE-2022-22753 +CVE-2022-22752 (Mozilla developers Christian Holler and Jason Kratzer reported memory ...) + - firefox 96.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22752 +CVE-2022-22751 (Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, J ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22751 +CVE-2022-22750 (By generally accepting and passing resource handles across processes, ...) + - firefox (Only affects Windows and MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22750 +CVE-2022-22749 (When scanning QR codes, Firefox for Android would have allowed navigat ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22749 +CVE-2022-22748 (Malicious websites could have confused Firefox into showing the wrong ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22748 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22748 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22748 +CVE-2022-22747 (After accepting an untrusted certificate, handling an empty pkcs7 sequ ...) + {DSA-5062-1 DSA-5045-1 DSA-5044-1 DLA-2898-1 DLA-2881-1 DLA-2880-1} + - nss 2:3.73-1 + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22747 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22747 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1735028 + NOTE: https://hg.mozilla.org/projects/nss/rev/7ff99e71f3e37faed12bc3cc90a3eed27e3418d0 +CVE-2022-22746 (A race condition could have allowed bypassing the fullscreen notificat ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22746 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22746 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22746 +CVE-2022-22745 (Securitypolicyviolation events could have leaked cross-origin informat ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22745 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22745 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22745 +CVE-2022-22744 (The constructed curl command from the "Copy as curl" feature in DevToo ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22744 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22744 +CVE-2022-22743 (When navigating from inside an iframe while requesting fullscreen acce ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22743 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22743 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22743 +CVE-2022-22742 (When inserting text while in edit mode, some characters might have lea ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22742 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22742 +CVE-2022-22741 (When resizing a popup while requesting fullscreen access, the popup wo ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22741 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22741 +CVE-2022-22740 (Certain network request objects were freed too early when releasing a ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22740 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22740 +CVE-2022-22739 (Malicious websites could have tricked users into accepting launching a ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22739 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22739 +CVE-2022-22738 (Applying a CSS filter effect could have accessed out of bounds memory. ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22738 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22738 +CVE-2022-22737 (Constructing audio sinks could have lead to a race condition when play ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2022-22737 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2022-22737 +CVE-2022-22736 (If Firefox was installed to a world-writable directory, a local privil ...) + - firefox (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2022-22736 +CVE-2022-22735 (The Simple Quotation WordPress plugin through 1.3.2 does not have auth ...) + NOT-FOR-US: WordPress plugin +CVE-2022-22734 (The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF ...) + NOT-FOR-US: WordPress plugin +CVE-2022-22733 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...) + NOT-FOR-US: Apache ShardingSphere ElasticJob-UI +CVE-2022-0154 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0153 (SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.) + NOT-FOR-US: forkcms +CVE-2022-0152 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0151 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0150 (The WP Accessibility Helper (WAH) WordPress plugin before 0.6.0.7 does ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0149 (The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affe ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0148 (The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0147 (The Cookie Information | Free GDPR Consent Solution WordPress plugin b ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0146 + RESERVED +CVE-2022-0145 (Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkc ...) + NOT-FOR-US: forkcms +CVE-2021-46162 (A vulnerability has been identified in Simcenter Femap (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-46161 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46160 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46159 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46158 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46157 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46156 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46155 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46154 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46153 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46152 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-46151 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2022-22732 (A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists t ...) + NOT-FOR-US: Schneider +CVE-2022-22731 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Schneider +CVE-2022-0144 (shelljs is vulnerable to Improper Privilege Management) + - node-shelljs 0.8.5+~cs0.8.10-1 + [bullseye] - node-shelljs (Minor issue) + [buster] - node-shelljs (Minor issue) + [stretch] - node-shelljs (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c/ + NOTE: https://github.com/shelljs/shelljs/issues/1058 + NOTE: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c (v0.8.5) +CVE-2022-0143 (When the LDAP connector is started with StartTLS configured, unauthent ...) + NOT-FOR-US: ForgeRock +CVE-2022-0142 (The Visual Form Builder WordPress plugin before 3.0.8 is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0141 (The Visual Form Builder WordPress plugin before 3.0.8 does not enforce ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0140 (The Visual Form Builder WordPress plugin before 3.0.6 does not perform ...) + NOT-FOR-US: WordPress plugin +CVE-2021-46150 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2021-46149 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension UniversalLanguageSelector +CVE-2021-46148 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension SecurePoll +CVE-2021-46147 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension MassEditRegex +CVE-2021-46146 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + NOT-FOR-US: MediaWiki extension WikiBaseMediainfo +CVE-2022-22728 (A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buf ...) + {DLA-3269-1} + - libapreq2 2.17-1 (bug #1018191) + [bullseye] - libapreq2 2.13-7+deb11u1 + NOTE: https://www.openwall.com/lists/oss-security/2022/08/25/3 +CVE-2022-22727 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22726 (A CWE-20: Improper Input Validation vulnerability exists that could al ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22725 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22724 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists that ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22723 (A CWE-120: Buffer Copy without Checking Size of Input vulnerability ex ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22722 (A CWE-798: Use of Hard-coded Credentials vulnerability exists that cou ...) + NOT-FOR-US: Schneider Electric +CVE-2022-22721 (If LimitXMLRequestBody is set to allow request bodies larger than 350M ...) + {DLA-2960-1} + - apache2 2.4.53-1 + [bullseye] - apache2 2.4.53-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22721 + NOTE: Fixed by: https://svn.apache.org/r1898693 +CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier fails to close inbound connectio ...) + {DLA-2960-1} + - apache2 2.4.53-1 + [bullseye] - apache2 2.4.53-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22720 + NOTE: Fixed by: https://svn.apache.org/r1898692 +CVE-2022-22719 (A carefully crafted request body can cause a read to a random memory a ...) + {DLA-2960-1} + - apache2 2.4.53-1 + [bullseye] - apache2 2.4.53-1~deb11u1 + [buster] - apache2 2.4.38-3+deb10u8 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-22719 + NOTE: Fixed by: https://svn.apache.org/r1898694 +CVE-2022-22718 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22717 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22716 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22715 (Named Pipe File System Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22714 + RESERVED +CVE-2022-22713 (Windows Hyper-V Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-22712 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22711 (Windows BitLocker Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22710 (Windows Common Log File System Driver Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22709 (VP9 Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21806 (A use-after-free vulnerability exists in the mips_collector appsrv_ser ...) + NOT-FOR-US: Anker Eufy Homebase +CVE-2022-0139 (Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.) + - radare2 (bug #1014478) + NOTE: https://huntr.dev/bounties/3dcb6f40-45cd-403b-929f-db123fde32c0/ + NOTE: https://github.com/radareorg/radare2/commit/37897226a1a31f982bfefdc4aeefc2e50355c73c (5.6.0) +CVE-2022-0138 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-0137 (A heap buffer overflow in image_set_mask function of HTMLDOC before 1. ...) + - htmldoc 1.9.15-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/461 + NOTE: Fixed by: https://github.com/michaelrsweet/htmldoc/commit/71fe87878c9cbc3db429f5e5c70f28e4b3d96e3b (v1.9.15) + NOTE: Crash in CLI tool, no security impact +CVE-2022-0136 (A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0135 (An out-of-bounds write issue was found in the VirGL virtual OpenGL ren ...) + {DLA-3232-1} + - virglrenderer 0.10.0-1 (bug #1009073) + [bullseye] - virglrenderer 0.8.2-5+deb11u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2037790 + NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/-/merge_requests/654 + NOTE: Fixed by: https://gitlab.freedesktop.org/virgl/virglrenderer/-/commit/95e581fd181b213c2ed7cdc63f2abc03eaaa77ec (0.10.0) + NOTE: Depends on the fix for CVE-2019-18391 +CVE-2022-0134 (The AnyComment WordPress plugin before 0.2.18 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2022-0133 (peertube is vulnerable to Improper Access Control) + - peertube (bug #950821) +CVE-2022-0132 (peertube is vulnerable to Server-Side Request Forgery (SSRF)) + - peertube (bug #950821) +CVE-2022-0131 (Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API ...) + NOT-FOR-US: Jimoty App for Android +CVE-2021-4201 (Missing access control in ForgeRock Access Management 7.1.0 and earlie ...) + NOT-FOR-US: ForgeRock +CVE-2022-22708 + RESERVED +CVE-2022-22707 (In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded functi ...) + {DSA-5040-1} + - lighttpd 1.4.64-1 + [stretch] - lighttpd (Vulnerable code not present; the issue was introduced in later versions) + NOTE: https://redmine.lighttpd.net/issues/3134 + NOTE: https://github.com/lighttpd/lighttpd1.4/commit/8c62a890e23f5853b1a562b03fe3e1bccc6e7664 +CVE-2022-22706 (Arm Mali GPU Kernel Driver allows a non-privileged user to achieve wri ...) + NOT-FOR-US: ARM Mali GPU driver +CVE-2022-22705 + RESERVED +CVE-2022-22704 (The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes a ...) + NOT-FOR-US: zabbix-agent2 package for Alpine +CVE-2022-22703 (In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cl ...) + NOT-FOR-US: Stormshield SSO Agent +CVE-2022-22702 (PartKeepr versions up to v1.4.0, in the functionality to upload attach ...) + NOT-FOR-US: PartKeepr +CVE-2022-22701 (PartKeepr versions up to v1.4.0, loads attachments using a URL while c ...) + NOT-FOR-US: PartKeepr +CVE-2022-22700 (CyberArk Identity versions up to and including 22.1 in the 'StartAuthe ...) + NOT-FOR-US: CyberArk Identity +CVE-2022-22699 + RESERVED +CVE-2022-22698 + RESERVED +CVE-2022-22697 + RESERVED +CVE-2022-22696 + RESERVED +CVE-2022-22695 + RESERVED +CVE-2022-22694 + RESERVED +CVE-2022-22693 + RESERVED +CVE-2022-22692 + RESERVED +CVE-2022-22691 (The password reset component deployed within Umbraco uses the hostname ...) + NOT-FOR-US: Umbraco CMS +CVE-2022-22690 (Within the Umbraco CMS, a configuration element named "UmbracoApplicat ...) + NOT-FOR-US: Umbraco CMS +CVE-2022-22689 (CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, an ...) + NOT-FOR-US: CA Harvest Software Change Manager +CVE-2022-22688 (Improper neutralization of special elements used in a command ('Comman ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-22687 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2022-22686 (Cross-Site Request Forgery (CSRF) vulnerability in webapi component in ...) + NOT-FOR-US: Synology +CVE-2022-22685 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-22684 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2022-22683 (Buffer copy without checking size of input ('Classic Buffer Overflow') ...) + NOT-FOR-US: Synology +CVE-2022-22682 (Improper neutralization of input during web page generation ('Cross-si ...) + NOT-FOR-US: Synology +CVE-2022-22681 (Session fixation vulnerability in access control management in Synolog ...) + NOT-FOR-US: Synology +CVE-2022-22680 (Exposure of sensitive information to an unauthorized actor vulnerabili ...) + NOT-FOR-US: Synology +CVE-2022-22679 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2022-22150 (A memory corruption vulnerability exists in the JavaScript engine of F ...) + NOT-FOR-US: Foxit +CVE-2022-0130 (Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remo ...) + NOT-FOR-US: Tenable +CVE-2021-46145 (The keyfob subsystem in Honda Civic 2012 vehicles allows a replay atta ...) + NOT-FOR-US: keyfob subsystem in Honda Civic 2012 vehicles +CVE-2021-46143 (In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an int ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 + NOTE: https://github.com/libexpat/libexpat/issues/532 + NOTE: https://github.com/libexpat/libexpat/pull/538 + NOTE: https://github.com/libexpat/libexpat/commit/85ae9a2d7d0e9358f356b33977b842df8ebaec2b (R_2_4_3) +CVE-2021-46142 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) + {DSA-5063-1 DLA-2883-1} + - uriparser 0.9.6+dfsg-1 + NOTE: https://github.com/uriparser/uriparser/issues/122 + NOTE: https://github.com/uriparser/uriparser/commit/c0483990e6b5b454f7c8752b36760cfcb0d093f5 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/pull/124 +CVE-2021-46141 (An issue was discovered in uriparser before 0.9.6. It performs invalid ...) + {DSA-5063-1 DLA-2883-2 DLA-2883-1} + - uriparser 0.9.6+dfsg-1 + NOTE: https://github.com/uriparser/uriparser/issues/121 + NOTE: https://github.com/uriparser/uriparser/commit/987b046e41f407d17c622e580fc82a5e834b4329 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/commit/b1a34743bc1472e055d886e29e9b53f670eb3282 (uriparser-0.9.6) + NOTE: https://github.com/uriparser/uriparser/pull/124 +CVE-2022-22678 + RESERVED +CVE-2022-0129 (Uncontrolled search path element vulnerability in McAfee TechCheck pri ...) + NOT-FOR-US: McAfee +CVE-2022-0128 (vim is vulnerable to Out-of-bounds Read) + - vim 2:8.2.4659-1 + [bullseye] - vim (Vulnerable code introduced later) + [buster] - vim (Vulnerable code introduced later) + [stretch] - vim (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/63f51299-008a-4112-b85b-1e904aadd4ba + NOTE: Introduced by: https://github.com/vim/vim/commit/bdc0f1c6986e5d64f647e0924a4de795b47c549a (v8.2.2806) + NOTE: Fixed by: https://github.com/vim/vim/commit/d3a117814d6acbf0dca3eff1a7626843b9b3734a (v8.2.4009) +CVE-2022-0127 + RESERVED +CVE-2022-0126 + RESERVED +CVE-2022-0125 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0124 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0123 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-4200 (A Improper Privilege Management vulnerability in SUSE Rancher allows w ...) + NOT-FOR-US: Rancher +CVE-2022-22677 (A logic issue in the handling of concurrent media was addressed with i ...) + {DSA-5183-1 DSA-5182-1} + - webkit2gtk 2.36.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0006.html +CVE-2022-22676 (An event handler validation issue in the XPC Services API was addresse ...) + NOT-FOR-US: Apple +CVE-2022-22675 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22674 (An out-of-bounds read issue existed that led to the disclosure of kern ...) + NOT-FOR-US: Apple +CVE-2022-22673 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22672 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2022-22671 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2022-22670 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2022-22669 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22668 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-22667 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22666 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-22665 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-22664 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22663 (This issue was addressed with improved checks to prevent unauthorized ...) + NOT-FOR-US: Apple +CVE-2022-22662 (A cookie management issue was addressed with improved state management ...) + {DSA-5116-1 DSA-5115-1} + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0006.html +CVE-2022-22661 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22660 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2022-22659 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22658 (An input validation issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-22657 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2022-22656 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2022-22655 (An access issue was addressed with improvements to the sandbox. This i ...) + NOT-FOR-US: Apple +CVE-2022-22654 (A user interface issue was addressed. This issue is fixed in watchOS 8 ...) + NOT-FOR-US: Apple +CVE-2022-22653 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-22652 (The GSMA authentication panel could be presented on the lock screen. T ...) + NOT-FOR-US: Apple +CVE-2022-22651 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22650 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22649 + REJECTED +CVE-2022-22648 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22647 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22646 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2022-22645 + REJECTED +CVE-2022-22644 (A privacy issue existed in the handling of Contact cards. This was add ...) + NOT-FOR-US: Apple +CVE-2022-22643 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22642 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22641 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22640 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-22639 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22638 (A null pointer dereference was addressed with improved validation. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22637 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html +CVE-2022-22636 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22635 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22634 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2022-22633 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-22632 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22631 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22630 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22629 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-5116-1 DSA-5115-1} + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html +CVE-2022-22628 (A use after free issue was addressed with improved memory management. ...) + {DSA-5116-1 DSA-5115-1} + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html +CVE-2022-22627 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22626 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22625 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2022-22624 (A use after free issue was addressed with improved memory management. ...) + {DSA-5116-1 DSA-5115-1} + - webkit2gtk 2.36.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.36.0-2 + NOTE: https://webkitgtk.org/security/WSA-2022-0004.html +CVE-2022-22623 + REJECTED +CVE-2022-22622 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22621 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22620 (A use after free issue was addressed with improved memory management. ...) + {DSA-5084-1 DSA-5083-1} + - webkit2gtk 2.34.6-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.6-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0003.html +CVE-2022-22619 + RESERVED +CVE-2022-22618 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22617 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22616 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2022-22615 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22614 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2022-22613 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22612 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2022-22611 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2022-22610 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2022-22609 (The issue was addressed with additional permissions checks. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22607 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22606 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22605 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22604 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22603 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22602 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22601 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2022-22600 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2022-22599 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2022-22598 (An issue with app access to camera metadata was addressed with improve ...) + NOT-FOR-US: Apple +CVE-2022-22597 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-22596 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-22595 + RESERVED +CVE-2022-22594 (A cross-origin issue in the IndexDB API was addressed with improved in ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2022-22593 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2022-22591 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2022-22589 (A validation issue was addressed with improved input sanitization. Thi ...) + {DSA-5084-1 DSA-5083-1} + - webkit2gtk 2.34.5-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.5-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0002.html +CVE-2022-22588 (A resource exhaustion issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2022-22587 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2022-22586 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2022-22585 (An issue existed within the path validation logic for symlinks. This i ...) + NOT-FOR-US: Apple +CVE-2022-22584 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2022-22583 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2022-22582 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2022-22581 + RESERVED +CVE-2022-22580 + RESERVED +CVE-2022-22579 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2022-22578 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2022-22577 (An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could al ...) + {DSA-5372-1 DLA-3093-1} + - rails 2:6.1.6.1+dfsg-1 (bug #1011941) + NOTE: https://discuss.rubyonrails.org/t/cve-2022-22577-possible-xss-vulnerability-in-action-pack/80533 + NOTE: https://github.com/rails/rails/commit/2b820a2a69fa50cffa74b4aedc57bf92ed6910ec (v6.1.5.1) + NOTE: https://github.com/rails/rails/commit/5299b57d596ea274f77f5ffee2b79c6ee0255508 (v6.0.4.8) + NOTE: https://github.com/rails/rails/commit/d2253115ac2b30f5f7210670af906cebf79cf809 (v5.2.7.1) +CVE-2022-22576 (An improper authentication vulnerability exists in curl 7.33.0 to and ...) + {DSA-5197-1 DLA-3085-1} + - curl 7.83.0-1 (bug #1010295) + NOTE: https://curl.se/docs/CVE-2022-22576.html + NOTE: Fixed by: https://github.com/curl/curl/commit/852aa5ad351ea53e5f01d2f44b5b4370c2bf5425 (curl-7_83_0) +CVE-2022-22575 + RESERVED +CVE-2022-22574 + RESERVED +CVE-2022-22573 + RESERVED +CVE-2022-22572 (A non-admin user with user management permission can escalate his priv ...) + NOT-FOR-US: Incapptic +CVE-2022-22571 (An authenticated high privileged user can perform a stored XSS attack ...) + NOT-FOR-US: Incapptic +CVE-2022-22570 (A buffer overflow vulnerability found in the UniFi Door Access Reader ...) + NOT-FOR-US: UniFi Door Access Reader Lite +CVE-2022-22569 + RESERVED +CVE-2022-22568 + RESERVED +CVE-2022-0122 (forge is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: forge +CVE-2022-0121 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: hoppscotch +CVE-2022-22567 (Select Dell Client Commercial and Consumer platforms are vulnerable to ...) + NOT-FOR-US: Dell +CVE-2022-22566 (Select Dell Client Commercial and Consumer platforms contain a pre-boo ...) + NOT-FOR-US: Dell +CVE-2022-22565 (Dell PowerScale OneFS, versions 9.0.0-9.3.0, contain an improper autho ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22564 (Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptogr ...) + NOT-FOR-US: EMC +CVE-2022-22563 (Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant informa ...) + NOT-FOR-US: EMC +CVE-2022-22562 (Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handli ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22561 (Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contain an improper res ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22560 (Dell EMC PowerScale OneFS 8.1.x - 9.1.x contain hard coded credentials ...) + NOT-FOR-US: EMC +CVE-2022-22559 (Dell PowerScale OneFS, version 9.3.0, contains a use of a broken or ri ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22558 (Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 792 ...) + NOT-FOR-US: Dell +CVE-2022-22557 (PowerStore contains Plain-Text Password Storage Vulnerability in Power ...) + NOT-FOR-US: Dell +CVE-2022-22556 (Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerab ...) + NOT-FOR-US: Dell +CVE-2022-22555 (Dell EMC PowerStore, contains an OS command injection Vulnerability. A ...) + NOT-FOR-US: Dell +CVE-2022-22554 (Dell EMC System Update, version 1.9.2 and prior, contain an Unprotecte ...) + NOT-FOR-US: EMC +CVE-2022-22553 (Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction o ...) + NOT-FOR-US: EMC +CVE-2022-22552 (Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerabil ...) + NOT-FOR-US: EMC +CVE-2022-22551 (DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensi ...) + NOT-FOR-US: EMC +CVE-2022-22550 (Dell PowerScale OneFS, versions 8.2.2 and above, contain a password di ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22549 (Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Va ...) + NOT-FOR-US: Dell PowerScale OneFS +CVE-2022-22548 + RESERVED +CVE-2022-22547 (Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows ...) + NOT-FOR-US: SAP +CVE-2022-22546 (Due to improper HTML encoding in input control summary, an authorized ...) + NOT-FOR-US: SAP +CVE-2022-22545 (A high privileged user who has access to transaction SM59 can read con ...) + NOT-FOR-US: SAP +CVE-2022-22544 (Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720 ...) + NOT-FOR-US: SAP +CVE-2022-22543 (SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform ( ...) + NOT-FOR-US: SAP +CVE-2022-22542 (S/4HANA Supplier Factsheet exposes the private address and bank detail ...) + NOT-FOR-US: SAP +CVE-2022-22541 (SAP BusinessObjects Business Intelligence Platform - versions 420, 430 ...) + NOT-FOR-US: SAP +CVE-2022-22540 (SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731 ...) + NOT-FOR-US: SAP +CVE-2022-22539 (When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) receiv ...) + NOT-FOR-US: SAP +CVE-2022-22538 (When a user opens a manipulated Adobe Illustrator file format (.ai, ai ...) + NOT-FOR-US: SAP +CVE-2022-22537 (When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3 ...) + NOT-FOR-US: SAP +CVE-2022-22536 (SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Serve ...) + NOT-FOR-US: SAP +CVE-2022-22535 (SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necess ...) + NOT-FOR-US: SAP +CVE-2022-22534 (Due to insufficient encoding of user input, SAP NetWeaver allows an un ...) + NOT-FOR-US: SAP +CVE-2022-22533 (Due to improper error handling in SAP NetWeaver Application Server Jav ...) + NOT-FOR-US: SAP +CVE-2022-22532 (In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7. ...) + NOT-FOR-US: SAP +CVE-2022-22531 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) + NOT-FOR-US: SAP +CVE-2022-22530 (The F0743 Create Single Payment application of SAP S/4HANA - versions ...) + NOT-FOR-US: SAP +CVE-2022-22529 (SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficie ...) + NOT-FOR-US: SAP +CVE-2022-22528 (SAP Adaptive Server Enterprise (ASE) - version 16.0, installation make ...) + NOT-FOR-US: SAP +CVE-2022-22527 + RESERVED +CVE-2022-0120 (Inappropriate implementation in Passwords in Google Chrome prior to 97 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0119 + RESERVED +CVE-2022-0118 (Inappropriate implementation in WebShare in Google Chrome prior to 97. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0117 (Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0116 (Inappropriate implementation in Compositing in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0115 (Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0114 (Out of bounds memory access in Blink Serial API in Google Chrome prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0113 (Inappropriate implementation in Blink in Google Chrome prior to 97.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0112 (Incorrect security UI in Browser UI in Google Chrome prior to 97.0.469 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0111 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0110 (Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0109 (Inappropriate implementation in Autofill in Google Chrome prior to 97. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0108 (Inappropriate implementation in Navigation in Google Chrome prior to 9 ...) + {DSA-5397-1 DSA-5396-1 DSA-5046-1 DLA-3419-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + - webkit2gtk 2.40.1-1 + - wpewebkit 2.38.6-1 + NOTE: https://webkitgtk.org/security/WSA-2023-0003.html +CVE-2022-0107 (Use after free in File Manager API in Google Chrome on Chrome OS prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0106 (Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0105 (Use after free in PDF Accessibility in Google Chrome prior to 97.0.469 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0104 (Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0103 (Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0102 (Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0101 (Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0100 (Heap buffer overflow in Media streams API in Google Chrome prior to 97 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0099 (Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0098 (Use after free in Screen Capture in Google Chrome on Chrome OS prior t ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0097 (Inappropriate implementation in DevTools in Google Chrome prior to 97. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0096 (Use after free in Storage in Google Chrome prior to 97.0.4692.71 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2022-0095 + REJECTED +CVE-2022-0094 + REJECTED +CVE-2022-0093 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0092 + RESERVED +CVE-2022-0091 + RESERVED +CVE-2022-0090 (An issue has been discovered affecting GitLab versions prior to 14.4.5 ...) + - gitlab 15.10.8+ds1-2 +CVE-2022-0089 + RESERVED +CVE-2022-0088 (Cross-Site Request Forgery (CSRF) in GitHub repository yourls/yourls p ...) + NOT-FOR-US: yourls +CVE-2021-46140 + RESERVED +CVE-2021-46139 + RESERVED +CVE-2021-46138 + RESERVED +CVE-2021-46137 + RESERVED +CVE-2021-46136 + RESERVED +CVE-2021-46135 + RESERVED +CVE-2021-46134 + RESERVED +CVE-2021-46133 + RESERVED +CVE-2021-46132 + RESERVED +CVE-2021-46131 + RESERVED +CVE-2021-45722 + RESERVED +CVE-2021-45110 + RESERVED +CVE-2021-45073 + RESERVED +CVE-2021-44778 + RESERVED +CVE-2021-44468 + RESERVED +CVE-2021-44456 + RESERVED +CVE-2021-44452 + RESERVED +CVE-2021-43352 + RESERVED +CVE-2021-4199 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) + NOT-FOR-US: Bitdefender +CVE-2021-4198 (A NULL Pointer Dereference vulnerability in the messaging_ipc.dll comp ...) + NOT-FOR-US: Bitdefender +CVE-2021-31564 + RESERVED +CVE-2021-23229 + RESERVED +CVE-2022-22526 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-22525 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-22524 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-22523 (An improper authentication vulnerability exists in the Carlo Gavazzi U ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-22522 (In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server i ...) + NOT-FOR-US: Carlo Gavazzi Controls SpA +CVE-2022-22521 (In Miele Benchmark Programming Tool with versions Prior to 1.2.71, exe ...) + NOT-FOR-US: Miele +CVE-2022-22520 (A remote, unauthenticated attacker can enumerate valid users by sendin ...) + NOT-FOR-US: mymbCONNECT24 +CVE-2022-22519 (A remote, unauthenticated attacker can send a specific crafted HTTP or ...) + NOT-FOR-US: CODESYS +CVE-2022-22518 (A bug in CmpUserMgr component can lead to only partially applied secur ...) + NOT-FOR-US: CODESYS +CVE-2022-22517 (An unauthenticated, remote attacker can disrupt existing communication ...) + NOT-FOR-US: CODESYS +CVE-2022-22516 (The SysDrv3S driver in the CODESYS Control runtime system on Microsoft ...) + NOT-FOR-US: CODESYS +CVE-2022-22515 (A remote, authenticated attacker could utilize the control program of ...) + NOT-FOR-US: CODESYS +CVE-2022-22514 (An authenticated, remote attacker can gain access to a dereferenced po ...) + NOT-FOR-US: CODESYS +CVE-2022-22513 (An authenticated remote attacker can cause a null pointer dereference ...) + NOT-FOR-US: CODESYS +CVE-2022-22512 (Hard-coded credentials in Web-UI of multiple VARTA Storage products in ...) + NOT-FOR-US: VARTA Storage products +CVE-2022-22511 (Various configuration pages of the device are vulnerable to reflected ...) + NOT-FOR-US: VDE +CVE-2022-22510 (Codesys Profinet in version V4.2.0.0 is prone to null pointer derefere ...) + NOT-FOR-US: Codesys +CVE-2022-22509 (In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect ...) + NOT-FOR-US: Phoenix Contact FL SWITCH Series +CVE-2022-22508 (Improper Input Validation vulnerability in multiple CODESYS V3 product ...) + NOT-FOR-US: CODESYS +CVE-2022-22507 + REJECTED +CVE-2022-22506 + RESERVED +CVE-2022-22505 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a v ...) + NOT-FOR-US: IBM +CVE-2022-22504 + RESERVED +CVE-2022-22503 (IBM Robotic Process Automation 21.0.0 could allow a remote attacker to ...) + NOT-FOR-US: IBM +CVE-2022-22502 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2022-22501 + RESERVED +CVE-2022-22500 + RESERVED +CVE-2022-22499 + RESERVED +CVE-2022-22498 + RESERVED +CVE-2022-22497 (IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due ...) + NOT-FOR-US: IBM +CVE-2022-22496 (While a user account for the IBM Spectrum Protect Server 8.1.0.000 thr ...) + NOT-FOR-US: IBM +CVE-2022-22495 (IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attac ...) + NOT-FOR-US: IBM +CVE-2022-22494 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could ...) + NOT-FOR-US: IBM +CVE-2022-22493 (IBM WebSphere Automation for Cloud Pak for Watson AIOps 1.4.2 is vulne ...) + NOT-FOR-US: IBM +CVE-2022-22492 + RESERVED +CVE-2022-22491 + RESERVED +CVE-2022-22490 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2022-22489 (IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable t ...) + NOT-FOR-US: IBM +CVE-2022-22488 (IBM OpenBMC OP910 and OP940 could allow a privileged user to cause a d ...) + NOT-FOR-US: IBM +CVE-2022-22487 (An IBM Spectrum Protect storage agent could allow a remote attacker to ...) + NOT-FOR-US: IBM +CVE-2022-22486 (IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an X ...) + NOT-FOR-US: IBM +CVE-2022-22485 (In some cases, an unsuccessful attempt to log into IBM Spectrum Protec ...) + NOT-FOR-US: IBM +CVE-2022-22484 (IBM Spectrum Protect Operations Center 8.1.12 and 8.1.13 could allow a ...) + NOT-FOR-US: IBM +CVE-2022-22483 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) + NOT-FOR-US: IBM +CVE-2022-22482 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) + NOT-FOR-US: IBM +CVE-2022-22481 (IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a ...) + NOT-FOR-US: IBM +CVE-2022-22480 (IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function co ...) + NOT-FOR-US: IBM +CVE-2022-22479 (IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-22478 (IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user crede ...) + NOT-FOR-US: IBM +CVE-2022-22477 (IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2022-22476 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and ...) + NOT-FOR-US: IBM +CVE-2022-22475 (IBM WebSphere Application Server Liberty and Open Liberty 17.0.0.3 thr ...) + NOT-FOR-US: IBM +CVE-2022-22474 (IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsv ...) + NOT-FOR-US: IBM +CVE-2022-22473 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + NOT-FOR-US: IBM +CVE-2022-22472 (IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through ...) + NOT-FOR-US: IBM +CVE-2022-22471 + RESERVED +CVE-2022-22470 (IBM Security Verify Governance 10.0 stores user credentials in plain c ...) + NOT-FOR-US: IBM +CVE-2022-22469 + RESERVED +CVE-2022-22468 + RESERVED +CVE-2022-22467 + RESERVED +CVE-2022-22466 (IBM Security Verify Governance 10.0 contains hard-coded credentials, s ...) + NOT-FOR-US: IBM +CVE-2022-22465 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) + NOT-FOR-US: IBM +CVE-2022-22464 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) + NOT-FOR-US: IBM +CVE-2022-22463 (IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, an ...) + NOT-FOR-US: IBM +CVE-2022-22462 (IBM Security Verify Governance, Identity Manager virtual appliance com ...) + NOT-FOR-US: IBM +CVE-2022-22461 (IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker th ...) + NOT-FOR-US: IBM +CVE-2022-22460 (IBM Security Verify Identity Manager 10.0 contains sensitive informati ...) + NOT-FOR-US: IBM +CVE-2022-22459 + RESERVED +CVE-2022-22458 (IBM Security Verify Governance, Identity Manager 10.0.1 stores user cr ...) + NOT-FOR-US: IBM +CVE-2022-22457 (IBM Security Verify Governance, Identity Manager 10.0.1 stores sensiti ...) + NOT-FOR-US: IBM +CVE-2022-22456 (IBM Security Verify Governance, Identity Manager 10.0.1 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2022-22455 (IBM Security Verify Governance Identity Manager 10.0 virtual appliance ...) + NOT-FOR-US: IBM +CVE-2022-22454 (IBM InfoSphere Information Server 11.7 could allow a locally authentic ...) + NOT-FOR-US: IBM +CVE-2022-22453 (IBM Security Verify Identity Manager 10.0 uses weaker than expected cr ...) + NOT-FOR-US: IBM +CVE-2022-22452 (IBM Security Verify Identity Manager 10.0 uses an inadequate account l ...) + NOT-FOR-US: IBM +CVE-2022-22451 + RESERVED +CVE-2022-22450 (IBM Security Verify Identity Manager 10.0 could allow a privileged use ...) + NOT-FOR-US: IBM +CVE-2022-22449 (IBM Security Verify Governance, Identity Manager 10.01 could allow a r ...) + NOT-FOR-US: IBM +CVE-2022-22448 + RESERVED +CVE-2022-22447 (IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to pote ...) + NOT-FOR-US: IBM +CVE-2022-22446 + RESERVED +CVE-2022-22445 (An attacker that gains service access to the FSP (POWER9 only) or gain ...) + NOT-FOR-US: IBM +CVE-2022-22444 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploi ...) + NOT-FOR-US: IBM +CVE-2022-22443 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-22442 ("IBM InfoSphere Information Server 11.7 could allow an authenticated u ...) + NOT-FOR-US: IBM +CVE-2022-22441 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2022-22440 + RESERVED +CVE-2022-22439 + RESERVED +CVE-2022-22438 + RESERVED +CVE-2022-22437 + RESERVED +CVE-2022-22436 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2022-22435 (IBM Maximo Asset Management 7.6.1.2 is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2022-22434 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2022-22433 (IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to Exte ...) + NOT-FOR-US: IBM +CVE-2022-22432 + RESERVED +CVE-2022-22431 + RESERVED +CVE-2022-22430 + RESERVED +CVE-2022-22429 + RESERVED +CVE-2022-22428 + RESERVED +CVE-2022-22427 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-22426 (IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could ...) + NOT-FOR-US: IBM +CVE-2022-22425 ("IBM InfoSphere Information Server 11.7 is potentially vulnerable to C ...) + NOT-FOR-US: IBM +CVE-2022-22424 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain s ...) + NOT-FOR-US: IBM +CVE-2022-22423 (IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7. ...) + NOT-FOR-US: IBM +CVE-2022-22422 + RESERVED +CVE-2022-22421 + RESERVED +CVE-2022-22420 + RESERVED +CVE-2022-22419 + RESERVED +CVE-2022-22418 + RESERVED +CVE-2022-22417 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) + NOT-FOR-US: IBM +CVE-2022-22416 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) + NOT-FOR-US: IBM +CVE-2022-22415 (A vulnerability exists where an IBM Robotic Process Automation 21.0.1 ...) + NOT-FOR-US: IBM +CVE-2022-22414 (IBM Robotic Process Automation 21.0.2 could allow a local user to obta ...) + NOT-FOR-US: IBM +CVE-2022-22413 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2022-22412 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2022-22411 (IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an a ...) + NOT-FOR-US: IBM +CVE-2022-22410 (IBM Watson Query with Cloud Pak for Data as a Service could allow an a ...) + NOT-FOR-US: IBM +CVE-2022-22409 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensit ...) + NOT-FOR-US: IBM +CVE-2022-22408 + RESERVED +CVE-2022-22407 + RESERVED +CVE-2022-22406 + RESERVED +CVE-2022-22405 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2022-22404 (IBM App Connect Enterprise Certified Container Dashboard UI (IBM App C ...) + NOT-FOR-US: IBM +CVE-2022-22403 + RESERVED +CVE-2022-22402 (IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2022-22401 (IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or per ...) + NOT-FOR-US: IBM +CVE-2022-22400 + RESERVED +CVE-2022-22399 + RESERVED +CVE-2022-22398 + RESERVED +CVE-2022-22397 + RESERVED +CVE-2022-22396 (Credentials are printed in clear text in the IBM Spectrum Protect Plus ...) + NOT-FOR-US: IBM +CVE-2022-22395 + RESERVED +CVE-2022-22394 (The IBM Spectrum Protect 8.1.14.000 server could allow a remote attack ...) + NOT-FOR-US: IBM +CVE-2022-22393 (IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , w ...) + NOT-FOR-US: IBM +CVE-2022-22392 (IBM Planning Analytics Local 2.0 could allow an attacker to upload arb ...) + NOT-FOR-US: IBM +CVE-2022-22391 (IBM Aspera High-Speed Transfer 4.3.1 and earlier could allow an authen ...) + NOT-FOR-US: IBM +CVE-2022-22390 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 ma ...) + NOT-FOR-US: IBM +CVE-2022-22389 (IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is ...) + NOT-FOR-US: IBM +CVE-2022-22388 + RESERVED +CVE-2022-22387 (IBM Application Gateway is vulnerable to cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2022-22386 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) + NOT-FOR-US: IBM +CVE-2022-22385 (IBM Security Verify Privilege On-Premises 11.5 could disclose sensitiv ...) + NOT-FOR-US: IBM +CVE-2022-22384 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2022-22383 + RESERVED +CVE-2022-22382 + RESERVED +CVE-2022-22381 + RESERVED +CVE-2022-22380 (IBM Security Verify Privilege On-Premises 11.5 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2022-22379 + RESERVED +CVE-2022-22378 + RESERVED +CVE-2022-22377 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote at ...) + NOT-FOR-US: IBM +CVE-2022-22376 + RESERVED +CVE-2022-22375 (IBM Security Verify Privilege On-Premises 11.5 could allow a remote au ...) + NOT-FOR-US: IBM +CVE-2022-22374 (The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subj ...) + NOT-FOR-US: IBM +CVE-2022-22373 (An improper validation vulnerability in IBM InfoSphere Information Ser ...) + NOT-FOR-US: IBM +CVE-2022-22372 + RESERVED +CVE-2022-22371 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 d ...) + NOT-FOR-US: IBM +CVE-2022-22370 (IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 ...) + NOT-FOR-US: IBM +CVE-2022-22369 (IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwri ...) + NOT-FOR-US: IBM +CVE-2022-22368 (IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cry ...) + NOT-FOR-US: IBM +CVE-2022-22367 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 co ...) + NOT-FOR-US: IBM +CVE-2022-22366 (IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 st ...) + NOT-FOR-US: IBM +CVE-2022-22365 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax ...) + NOT-FOR-US: IBM +CVE-2022-22364 + RESERVED +CVE-2022-22363 + RESERVED +CVE-2022-22362 + RESERVED +CVE-2022-22361 (IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20 ...) + NOT-FOR-US: IBM +CVE-2022-22360 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) + NOT-FOR-US: IBM +CVE-2022-22359 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) + NOT-FOR-US: IBM +CVE-2022-22358 (IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22. ...) + NOT-FOR-US: IBM +CVE-2022-22357 + RESERVED +CVE-2022-22356 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumera ...) + NOT-FOR-US: IBM +CVE-2022-22355 (IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of serv ...) + NOT-FOR-US: IBM +CVE-2022-22354 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum C ...) + NOT-FOR-US: IBM +CVE-2022-22353 (IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 c ...) + NOT-FOR-US: IBM +CVE-2022-22352 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) + NOT-FOR-US: IBM +CVE-2022-22351 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trust ...) + NOT-FOR-US: IBM +CVE-2022-22350 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2022-22349 (IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0. ...) + NOT-FOR-US: IBM +CVE-2022-22348 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...) + NOT-FOR-US: IBM +CVE-2022-22347 + RESERVED +CVE-2022-22346 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is ...) + NOT-FOR-US: IBM +CVE-2022-22345 (IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2022-22344 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2022-22343 + RESERVED +CVE-2022-22342 + RESERVED +CVE-2022-22341 + RESERVED +CVE-2022-22340 + RESERVED +CVE-2022-22339 (IBM Planning Analytics 2.0 is vulnerable to server-side request forger ...) + NOT-FOR-US: IBM +CVE-2022-22338 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 i ...) + NOT-FOR-US: IBM +CVE-2022-22337 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 c ...) + NOT-FOR-US: IBM +CVE-2022-22336 (IBM Sterling External Authentication Server and IBM Sterling Secure Pr ...) + NOT-FOR-US: IBM +CVE-2022-22335 + RESERVED +CVE-2022-22334 (IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2022-22333 (IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterli ...) + NOT-FOR-US: IBM +CVE-2022-22332 (IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2022-22331 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote auth ...) + NOT-FOR-US: IBM +CVE-2022-22330 (IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensiti ...) + NOT-FOR-US: IBM +CVE-2022-22329 (IBM Control Desk 7.6.1 does not set the secure attribute on authorizat ...) + NOT-FOR-US: IBM +CVE-2022-22328 (IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious u ...) + NOT-FOR-US: IBM +CVE-2022-22327 (IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker ...) + NOT-FOR-US: IBM +CVE-2022-22326 (IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0 ...) + NOT-FOR-US: IBM +CVE-2022-22325 (IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensi ...) + NOT-FOR-US: IBM +CVE-2022-22324 + RESERVED +CVE-2022-22323 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...) + NOT-FOR-US: IBM +CVE-2022-22322 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2022-22321 (IBM MQ Appliance 9.2 CD and 9.2 LTS local messaging users stored with ...) + NOT-FOR-US: IBM +CVE-2022-22320 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) + NOT-FOR-US: IBM +CVE-2022-22319 (IBM Robotic Process Automation 21.0.1 could allow a register user on t ...) + NOT-FOR-US: IBM +CVE-2022-22318 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...) + NOT-FOR-US: IBM +CVE-2022-22317 (IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidat ...) + NOT-FOR-US: IBM +CVE-2022-22316 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and a ...) + NOT-FOR-US: IBM +CVE-2022-22315 (IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user w ...) + NOT-FOR-US: IBM +CVE-2022-22314 (IBM Planning Analytics Local 2.0 allows web pages to be stored locally ...) + NOT-FOR-US: IBM +CVE-2022-22313 (IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than ...) + NOT-FOR-US: IBM +CVE-2022-22312 (IBM Security Identity Manager (IBM Security Verify Password Synchroniz ...) + NOT-FOR-US: IBM +CVE-2022-22311 (IBM Security Verify Access could allow a user, using man in the middle ...) + NOT-FOR-US: IBM +CVE-2022-22310 (IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 c ...) + NOT-FOR-US: IBM +CVE-2022-22309 (The POWER systems FSP is vulnerable to unauthenticated logins through ...) + NOT-FOR-US: IBM +CVE-2022-22308 (IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI ...) + NOT-FOR-US: IBM +CVE-2022-22307 (IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to ...) + NOT-FOR-US: IBM +CVE-2022-0087 (keystone is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: KeystoneJS +CVE-2021-46130 + RESERVED +CVE-2022-22306 (An improper certificate validation vulnerability [CWE-295] in FortiOS ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2022-22305 (An improper certificate validation vulnerability [CWE-295] inFortiMana ...) + NOT-FOR-US: FortiGuard +CVE-2022-22304 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: Fortinet +CVE-2022-22303 (An exposure of sensitive system information to an unauthorized control ...) + NOT-FOR-US: FortiGuard +CVE-2022-22302 (A clear text storage of sensitive information (CWE-312) vulnerability ...) + NOT-FOR-US: Fortinet +CVE-2022-22301 (An improper neutralization of special elements used in an OS Command v ...) + NOT-FOR-US: FortiGuard +CVE-2022-22300 (A improper handling of insufficient permissions or privileges in Forti ...) + NOT-FOR-US: FortiGuard +CVE-2022-22299 (A format string vulnerability [CWE-134] in the command line interprete ...) + NOT-FOR-US: FortiNet +CVE-2022-22298 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: Fortinet +CVE-2022-22297 (An incomplete filtering of one or more instances of special elements v ...) + NOT-FOR-US: FortiGuard +CVE-2022-22296 (Sourcecodester Hospital's Patient Records Management System 1.0 is vul ...) + NOT-FOR-US: Sourcecodester +CVE-2022-22295 (Metinfo v7.5.0 was discovered to contain a SQL injection vulnerability ...) + NOT-FOR-US: Metinfo +CVE-2022-22294 (A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker ...) + NOT-FOR-US: zfaka +CVE-2022-0086 (uppy is vulnerable to Server-Side Request Forgery (SSRF)) + NOT-FOR-US: Node uppy +CVE-2022-0085 (Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf ...) + - php-dompdf (Vulnerable code introduced in 0.7.0, fixed in 2.0.0) + NOTE: Fixed by: https://github.com/dompdf/dompdf/commit/bb1ef65011a14730b7cfbe73506b4bb8a03704bd (v2.0.0) + NOTE: Introduced by https://github.com/dompdf/dompdf/commit/7454ec8f6f765e3b1d4dbbde72c9dcb38479f37e (v0.7.0-beta) + NOTE: https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9f31236 +CVE-2022-0084 (A flaw was found in XNIO, specifically in the notifyReadClosed method. ...) + - jboss-xnio 3.8.7-2 (bug #1013280) + [bullseye] - jboss-xnio (Minor issue) + [buster] - jboss-xnio (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2064226 + NOTE: Fixed by https://github.com/xnio/xnio/commit/b05531de0433f498af26f9aec6c0e944c3c1689c +CVE-2021-46129 + RESERVED +CVE-2021-46128 + RESERVED +CVE-2021-46127 + RESERVED +CVE-2021-46126 + RESERVED +CVE-2021-46125 + RESERVED +CVE-2021-46124 + RESERVED +CVE-2021-46123 + RESERVED +CVE-2021-46122 (Tp-Link TL-WR840N (EU) v6.20 Firmware (0.9.1 4.17 v0001.0 Build 201124 ...) + NOT-FOR-US: TP-Link TL-WR840N +CVE-2021-46121 + RESERVED +CVE-2021-46120 + RESERVED +CVE-2021-46119 + RESERVED +CVE-2021-46118 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + NOT-FOR-US: jpress +CVE-2021-46117 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.modu ...) + NOT-FOR-US: jpress +CVE-2021-46116 (jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web. ...) + NOT-FOR-US: jpress +CVE-2021-46115 (jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateCon ...) + NOT-FOR-US: jpress +CVE-2021-46114 (jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.Produ ...) + NOT-FOR-US: jpress +CVE-2021-46113 (In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote ...) + NOT-FOR-US: MartDevelopers KEA-Hotel-ERP open source +CVE-2021-46112 + RESERVED +CVE-2021-46111 + RESERVED +CVE-2021-46110 (Online Shopping Portal v3.1 was discovered to contain multiple time-ba ...) + NOT-FOR-US: Online Shopping Portal +CVE-2021-46109 (Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) ...) + NOT-FOR-US: ASUS +CVE-2021-46108 (D-Link DSL-2730E CT-20131125 devices allow XSS via the username parame ...) + NOT-FOR-US: D-Link +CVE-2021-46107 (Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server S ...) + NOT-FOR-US: Ligeo Archives Ligeo Basics +CVE-2021-46106 + RESERVED +CVE-2021-46105 + RESERVED +CVE-2021-46104 (An issue was discovered in webp_server_go 0.4.0. There is a directory ...) + NOT-FOR-US: webp_server_go +CVE-2021-46103 + RESERVED +CVE-2021-46102 (From version 0.2.14 to 0.2.16 for Solana rBPF, function "relocate" in ...) + NOT-FOR-US: Solana rBPF +CVE-2021-46101 (In Git for windows through 2.34.1 when using git pull to update the lo ...) + NOT-FOR-US: Git for Windows +CVE-2021-46100 + RESERVED +CVE-2021-46099 + RESERVED +CVE-2021-46098 + RESERVED +CVE-2021-46097 (Dolphinphp v1.5.0 contains a remote code execution vulnerability in /a ...) + NOT-FOR-US: Dolphinphp +CVE-2021-46096 + RESERVED +CVE-2021-46095 + RESERVED +CVE-2021-46094 + RESERVED +CVE-2021-46093 (eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads ...) + NOT-FOR-US: eliteCMS +CVE-2021-46092 + RESERVED +CVE-2021-46091 + RESERVED +CVE-2021-46090 + RESERVED +CVE-2021-46089 (In JeecgBoot 3.0, there is a SQL injection vulnerability that can oper ...) + NOT-FOR-US: JeecgBoot +CVE-2021-46088 (Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Exe ...) + NOTE: Zabbix security feature, not a vulnerability per se + NOTE: closed upstream as a "feature", then changed in 5.4 to make the attack less likely + NOTE: https://github.com/paalbra/zabbix-zbxsec-7 + NOTE: https://www.zabbix.com/documentation/3.0/en/manual/config/notifications/action/operation/remote_command + NOTE: https://www.zabbix.com/documentation/current/en/manual/config/notifications/action/operation/remote_command#access-permissions +CVE-2021-46087 (In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the ba ...) + NOT-FOR-US: jfinal_cms +CVE-2021-46086 (xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front e ...) + NOT-FOR-US: xzs-mysql +CVE-2021-46085 (OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level admi ...) + NOT-FOR-US: OneBlog +CVE-2021-46084 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: uscat +CVE-2021-46083 (uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: uscat +CVE-2021-46082 (Moxa TN-5900 v3.1 series routers, MGate 5109 v2.2 series protocol gate ...) + NOT-FOR-US: Moxa +CVE-2021-46081 + RESERVED +CVE-2021-46080 (A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46079 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46078 (An Unrestricted File Upload vulnerability exists in Sourcecodester Veh ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46077 + RESERVED +CVE-2021-46076 (Sourcecodester Vehicle Service Management System 1.0 is vulnerable to ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46075 (A Privilege Escalation vulnerability exists in Sourcecodester Vehicle ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46074 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46073 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46072 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46071 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46070 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46069 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46068 (A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Se ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46067 (In Vehicle Service Management System 1.0 an attacker can steal the coo ...) + NOT-FOR-US: Sourcecodester Vehicle Service Management System +CVE-2021-46066 + RESERVED +CVE-2021-46065 (A Cross-site scripting (XSS) vulnerability in Secondary Email Field in ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-46064 (IrfanView 4.59 is vulnerable to buffer overflow via the function at ad ...) + NOT-FOR-US: IrfanView +CVE-2021-46063 (MCMS v5.2.5 was discovered to contain a Server Side Template Injection ...) + NOT-FOR-US: MCMS +CVE-2021-46062 (MCMS v5.2.5 was discovered to contain an arbitrary file deletion vulne ...) + NOT-FOR-US: MCMS +CVE-2021-46061 (An SQL Injection vulnerability exists in Sourcecodester Computer and M ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46060 + REJECTED +CVE-2021-46059 + REJECTED +CVE-2021-46058 + REJECTED +CVE-2021-46057 + RESERVED +CVE-2021-46056 + RESERVED +CVE-2021-46055 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4413 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46054 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4410 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46053 (A Denial of Service vulnerability exists in Binaryen 103. The program ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4392 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46052 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4411 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46051 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2011 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46050 (A Stack Overflow vulnerability exists in Binaryen 103 via the printf_c ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4391 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46049 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fi ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2013 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46048 (A Denial of Service vulnerability exists in Binaryen 104 due to an ass ...) + - binaryen (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4412 + NOTE: Crash in CLI tool, no security impact +CVE-2021-46047 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hi ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2008 + NOTE: https://github.com/gpac/gpac/commit/dd2e8b1b9378a9679de8e7e5dcb2d7841acd5dbd (v2.0.0) +CVE-2021-46046 (A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_si ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2005 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46045 (GPAC 1.0.1 is affected by: Abort failed. The impact is: cause a denial ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2007 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46044 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1via ShiftMetaOf ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2006 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46043 (A Pointer Dereference Vulnerability exits in GPAC 1.0.1 in the gf_list ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2001 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46042 (A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the _fsee ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2002 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46041 (A Segmentation Fault Vulnerability exists in GPAC 1.0.1 via the co64_b ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2004 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46040 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the finpla ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2003 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46039 (A Pointer Dereference Vulnerabilty exists in GPAC 1.0.1 via the shift_ ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1999 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46038 (A Pointer Dereference vulnerability exists in GPAC 1.0.1 in unlink_chu ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/2000 + NOTE: https://github.com/gpac/gpac/commit/f5a778edd1febd574ff9558d2faa57133bdb4a5f (v2.0.0) +CVE-2021-46037 (MCMS v5.2.4 was discovered to contain an arbitrary file deletion vulne ...) + NOT-FOR-US: MCMS +CVE-2021-46036 (An arbitrary file upload vulnerability in the component /ms/file/uploa ...) + NOT-FOR-US: MCMS +CVE-2021-46035 + RESERVED +CVE-2021-46034 (A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vu ...) + NOT-FOR-US: ForestBlog +CVE-2021-46033 (In ForestBlog, as of 2021-12-28, File upload can bypass verification.) + NOT-FOR-US: ForestBlog +CVE-2021-46032 + RESERVED +CVE-2021-46031 + RESERVED +CVE-2021-46030 (There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuar ...) + NOT-FOR-US: JavaQuarkBBS +CVE-2021-46029 + RESERVED +CVE-2021-46028 (In mblog <= 3.5.0 there is a CSRF vulnerability in the background arti ...) + NOT-FOR-US: mblog +CVE-2021-46027 (mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the backgro ...) + NOT-FOR-US: mysiteforme +CVE-2021-46026 (mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting ( ...) + NOT-FOR-US: mysiteforme +CVE-2021-46025 (A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. ...) + NOT-FOR-US: OneBlog +CVE-2021-46024 (Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL I ...) + NOT-FOR-US: Projectworlds online-shopping-webvsite-in-php +CVE-2021-46023 (An Untrusted Pointer Dereference was discovered in function mrb_vm_exe ...) + - mruby 3.1.0-1 + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + NOTE: https://github.com/mruby/mruby/issues/5613 +CVE-2021-46022 (An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset ...) + - recutils (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html + NOTE: Negligible security impact +CVE-2021-46021 (An Use-After-Free vulnerability in rec_record_destroy() at rec-record. ...) + - recutils (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00008.html + NOTE: Negligible security impact +CVE-2021-46020 (An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can ...) + - mruby 3.1.0-1 (bug #1014968) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (revisit when/if fix is complete) + NOTE: https://github.com/mruby/mruby/issues/5613 + NOTE: https://github.com/mruby/mruby/commit/a137ef12f981b517f1e6b64e39edc7ac15d7e1eb + NOTE: https://github.com/mruby/mruby/commit/d3b7601af96c9e0eeba4c89359289661c755a74a +CVE-2021-46019 (An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GN ...) + - recutils (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00009.html + NOTE: Negligible security impact +CVE-2021-46018 + RESERVED +CVE-2021-46017 + RESERVED +CVE-2021-46016 + RESERVED +CVE-2021-46015 + RESERVED +CVE-2021-46014 + RESERVED +CVE-2021-46013 (An unrestricted file upload vulnerability exists in Sourcecodester Fre ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46012 + REJECTED +CVE-2021-46011 + RESERVED +CVE-2021-46010 (Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random V ...) + NOT-FOR-US: TOTOLINK +CVE-2021-46009 (In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or B ...) + NOT-FOR-US: TOTOLINK +CVE-2021-46008 (In totolink a3100r V5.9c.4577, the hard-coded telnet password can be d ...) + NOT-FOR-US: TOTOLINK +CVE-2021-46007 (totolink a3100r V5.9c.4577 is vulnerable to os command injection. The ...) + NOT-FOR-US: TOTOLINK +CVE-2021-46006 (In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like functio ...) + NOT-FOR-US: TOTOLINK +CVE-2021-46005 (Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross ...) + NOT-FOR-US: Sourcecodester +CVE-2021-46004 + RESERVED +CVE-2021-46003 + RESERVED +CVE-2021-46002 + RESERVED +CVE-2021-46001 + RESERVED +CVE-2021-46000 + RESERVED +CVE-2021-45999 + RESERVED +CVE-2021-45998 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) + NOT-FOR-US: D-Link +CVE-2021-45997 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45996 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45995 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45994 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45993 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45992 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45991 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45990 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45989 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45988 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45987 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45986 (Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contai ...) + NOT-FOR-US: Tenda routers +CVE-2021-45985 (In Lua 5.4.3, an erroneous finalizer called during a tail call leads t ...) + - lua5.4 5.4.4-1 + [bullseye] - lua5.4 (Minor issue) + - lua5.3 (Specific to 5.4) + - lua5.2 (Specific to 5.4) + - lua5.1 (Specific to 5.4) + - lua50 (Specific to 5.4) + NOTE: https://www.lua.org/bugs.html#5.4.3-11 + NOTE: https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 (v5.4.4) + NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00019.html +CVE-2021-4197 (An unprivileged write to the file handler flaw in the Linux kernel's c ...) + {DSA-5173-1 DSA-5127-1} + - linux 5.15.15-1 + NOTE: https://lore.kernel.org/lkml/20211209214707.805617-1-tj@kernel.org/T/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035652 +CVE-2021-46144 (Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML ...) + {DSA-5037-1 DLA-2878-1} + [experimental] - roundcube 1.6~beta+dfsg-1 + - roundcube 1.6.0+dfsg-1 (bug #1003027) + NOTE: https://github.com/roundcube/roundcubemail/commit/8894fddd59b770399eed4ef8d4da5773913b5bf0 (1.5.2) + NOTE: https://github.com/roundcube/roundcubemail/commit/b2400a4b592e3094b6c84e6000d512f99ae0eed8 (1.4.13) + NOTE: https://roundcube.net/news/2021/12/30/update-1.5.2-released + NOTE: https://roundcube.net/news/2021/12/30/security-update-1.4.13-released +CVE-2022-0083 (livehelperchat is vulnerable to Generation of Error Message Containing ...) + NOT-FOR-US: livehelperchat +CVE-2022-0082 + RESERVED +CVE-2022-22293 (admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstra ...) + - dolibarr +CVE-2022-0081 + RESERVED +CVE-2021-45984 + RESERVED +CVE-2021-45983 (NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.) + NOT-FOR-US: NetScout +CVE-2021-45982 (NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged ...) + NOT-FOR-US: NetScout +CVE-2021-45981 (NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.) + NOT-FOR-US: NetScout +CVE-2021-45980 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45979 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45978 (Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote atta ...) + NOT-FOR-US: Foxit +CVE-2021-45977 (JetBrains IntelliJ IDEA 2021.3.1 Preview, IntelliJ IDEA 2021.3.1 RC, P ...) + - intellij-idea (bug #747616) +CVE-2021-45976 + RESERVED +CVE-2021-45975 (In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerabi ...) + NOT-FOR-US: Acer +CVE-2021-45974 + RESERVED +CVE-2021-45973 + RESERVED +CVE-2021-45972 (The giftrans function in giftrans 1.12.2 contains a stack-based buffer ...) + - giftrans (bug #1002739; unimportant) + NOTE: Negligible security impact; crash in CLI tool +CVE-2021-45971 (An issue was discovered in SdHostDriver in Insyde InsydeH2O with kerne ...) + NOT-FOR-US: Insyde +CVE-2021-45970 (An issue was discovered in IdeBusDxe in Insyde InsydeH2O with kernel 5 ...) + NOT-FOR-US: Insyde +CVE-2021-45969 (An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-45968 (An issue was discovered in xmppserver jar in the XMPP Server component ...) + NOT-FOR-US: Pascom Cloud Phone System +CVE-2021-45967 (An issue was discovered in Pascom Cloud Phone System before 7.20.x. A ...) + NOT-FOR-US: Pascom Cloud Phone System +CVE-2021-45966 (An issue was discovered in Pascom Cloud Phone System before 7.20.x. In ...) + NOT-FOR-US: Pascom Cloud Phone System +CVE-2021-45965 + RESERVED +CVE-2021-45964 + RESERVED +CVE-2021-45963 + RESERVED +CVE-2021-45962 + RESERVED +CVE-2021-45961 + RESERVED +CVE-2022-0080 (mruby is vulnerable to Heap-based Buffer Overflow) + - mruby 3.0.0-3 + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (Minor issue) + NOTE: https://huntr.dev/bounties/59a70392-4864-4ce3-8e35-6ac2111d1e2e/ + NOTE: https://github.com/mruby/mruby/commit/28ccc664e5dcd3f9d55173e9afde77c4705a9ab6 +CVE-2021-45960 (In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) pla ...) + {DSA-5073-1 DLA-2904-1} + - expat 2.4.3-1 (bug #1002994) + NOTE: https://github.com/libexpat/libexpat/issues/531 + NOTE: https://github.com/libexpat/libexpat/pull/534 + NOTE: Fixed by: https://github.com/libexpat/libexpat/commit/0adcb34c49bee5b19bd29b16a578c510c23597ea (R_2_4_3) +CVE-2022-0079 (showdoc is vulnerable to Generation of Error Message Containing Sensit ...) + NOT-FOR-US: ShowDoc +CVE-2022-0078 + RESERVED +CVE-2021-45959 + REJECTED +CVE-2021-45958 (UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow ...) + {DLA-2929-1} + - ujson 5.2.0-1 (bug #1005140) + [bullseye] - ujson (Minor issue) + [buster] - ujson (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009 + NOTE: https://github.com/ultrajson/ultrajson/issues/501 + NOTE: https://github.com/ultrajson/ultrajson/issues/502 + NOTE: https://github.com/ultrajson/ultrajson/pull/504 + NOTE: Fixed by: https://github.com/ultrajson/ultrajson/pull/519 +CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...) + - dnsmasq (unimportant) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml + NOTE: Non issue, result of poorly automated fuzzing effort +CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...) + - libredwg (bug #595191) +CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...) + {DSA-5038-1 DLA-2879-1} + - ghostscript 9.55.0~dfsg-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703902 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7 +CVE-2021-45948 (Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-base ...) + - assimp 5.1.1~ds0-1 + [bullseye] - assimp (Vulnerable code not present) + [buster] - assimp (Vulnerable code not present) + [stretch] - assimp (M3D format support not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34416 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/assimp/OSV-2021-775.yaml + NOTE: https://github.com/assimp/assimp/pull/4146 + NOTE: https://github.com/assimp/assimp/commit/30f17aa2064b86c0096f0ec701b9e8ea9312fef2 (v5.1.0) + NOTE: Introduced by: https://github.com/assimp/assimp/commit/a622e109a0739435e3e2f05bfbedba0e8385282d (v5.1.0.rc1) +CVE-2021-45947 (Wasm3 0.5.0 has an out-of-bounds write in Runtime_Release (called from ...) + NOT-FOR-US: wasm3 +CVE-2021-45946 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + NOT-FOR-US: wasm3 +CVE-2021-45945 + REJECTED +CVE-2021-45944 (Ghostscript GhostPDL 9.50 through 9.53.3 has a use-after-free in sampl ...) + {DSA-5038-1 DLA-2879-1} + - ghostscript 9.54.0~dfsg-5 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29903 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ghostscript/OSV-2021-237.yaml + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7861fcad13c497728189feafb41cd57b5b50ea25 +CVE-2021-45943 (GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::C ...) + {DSA-5239-1 DLA-3129-1 DLA-2877-1} + [experimental] - gdal 3.4.1~rc1+dfsg-1~exp1 + - gdal 3.4.1+dfsg-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41993 + NOTE: https://github.com/OSGeo/gdal/pull/4944 + NOTE: https://github.com/OSGeo/gdal/commit/93913a849dc1d217a40dbf9d6e6a3a23c42b61a6 (master) + NOTE: Backport to 3.4: https://github.com/OSGeo/gdal/pull/4947 + NOTE: https://github.com/OSGeo/gdal/commit/9b2bcbc47d1649adc0ab65b801f96f56156cf017 (v3.4.1RC1) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2021-1651.yaml +CVE-2021-45942 (OpenEXR 3.1.x before 3.1.4 has a heap-based buffer overflow in Imf_3_1 ...) + {DSA-5299-1 DLA-3236-1} + [experimental] - openexr 3.1.4-1 + - openexr 3.1.5-2 (bug #1014828) + [stretch] - openexr (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1209 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/11cad77da87c4fa2aab7d58dd5339e254db7937e +CVE-2021-45941 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in _ ...) + - libbpf 0.7.0-2 + [bullseye] - libbpf (No actionable information, revisit when/if more details available) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml + NOTE: Fixed in 0.7.0 upstream per identified range of commits + NOTE: It's unclear if 0.3 is affected, the introducing commit presented by oss-fuzz is misleading + NOTE: since that refers to the first version when oss-fuzz started to test libbpf. If anyone confirms + NOTE: via bisecting that 0.3.0 is affected, this can be revisited +CVE-2021-45940 (libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (4 bytes) in _ ...) + - libbpf 0.7.0-2 + [bullseye] - libbpf (No actionable information, revisit when/if more details available) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40868 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1562.yaml + NOTE: Fixed in 0.7.0 upstream per identified range of commits + NOTE: It's unclear if 0.3 is affected, the introducing commit presented by oss-fuzz is misleading + NOTE: since that refers to the first version when oss-fuzz started to test libbpf. If anyone confirms + NOTE: via bisecting that 0.3.0 is affected, this can be revisited +CVE-2021-45939 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: uWebSockets +CVE-2021-45938 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45937 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45936 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttDecode_Di ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45935 (Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K: ...) + - libgrokj2k 9.7.5-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39021 + NOTE: Vague oss-fuzzer report and referenced fix isn't in the upstream repo + NOTE: Marking 9.7.5-1 as fixed based on identified patch date +CVE-2021-45934 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow in MqttClient_De ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45933 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (8 bytes) in Mqt ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45932 (wolfSSL wolfMQTT 1.9 has a heap-based buffer overflow (4 bytes) in Mqt ...) + NOT-FOR-US: wolfMQTT +CVE-2021-45931 (HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...) + - harfbuzz (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml + NOTE: https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81 (2.9.1) + NOTE: introduced in https://github.com/harfbuzz/harfbuzz/commit/f0c3804fa292ef3be41cc8d1cdea8239f00e2295 (2.9.1) + NOTE: vulnerable code not present in 2.9.0 git tag, error in CVE description +CVE-2021-45930 (Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-o ...) + {DLA-3539-1 DLA-2895-1 DLA-2885-1} + - qtsvg-opensource-src 5.15.2-4 (bug #1002991) + [bullseye] - qtsvg-opensource-src (Minor issue) + [buster] - qtsvg-opensource-src (Minor issue) + - qt4-x11 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37025 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37306 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-1121.yaml + NOTE: https://bugreports.qt.io/browse/QTBUG-96044 + NOTE: https://github.com/qt/qtsvg/commit/36cfd9efb9b22b891adee9c48d30202289cfa620 (dev) + NOTE: https://github.com/qt/qtsvg/commit/79bb9f51fa374106a612d17c9d98d35d807be670 (v6.2.2) + NOTE: https://github.com/qt/qtsvg/commit/a3b753c2d077313fc9eb93af547051b956e383fc (v5.12.12) +CVE-2021-45929 (Wasm3 0.5.0 has an out-of-bounds write in CompileBlock (called from Co ...) + NOT-FOR-US: wasm3 +CVE-2021-45928 (libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other produ ...) + - jpeg-xl (Vulnerable code not present in a released Debian version; fixed before inital upload to Debian) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36456 + NOTE: https://github.com/libjxl/libjxl/issues/360 + NOTE: https://github.com/libjxl/libjxl/pull/365 + NOTE: Introduced by: https://github.com/libjxl/libjxl/pull/205 (v0.6) + NOTE: Fixed by: https://github.com/libjxl/libjxl/commit/1c05e110d69b457696366fb4e762057b6855349b (v0.6) +CVE-2021-45927 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + NOTE: Apparently an ozz-fuzz false positive + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187 +CVE-2021-45926 (MDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0 ...) + NOTE: Apparently an ozz-fuzz false positive + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 +CVE-2021-4196 + RESERVED +CVE-2021-4195 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: Firmanet Software and Technology Customer Relation Manager +CVE-2022-22292 (Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release ...) + NOT-FOR-US: Samsung +CVE-2022-22291 (Logging of excessive data vulnerability in telephony prior to SMR Feb- ...) + NOT-FOR-US: Samsung +CVE-2022-22290 (Incorrect download source UI in Downloads in Samsung Internet prior to ...) + NOT-FOR-US: Samsung +CVE-2022-22289 (Improper access control vulnerability in S Assistant prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-22288 (Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 ...) + NOT-FOR-US: Samsung +CVE-2022-22287 (Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 ...) + NOT-FOR-US: Samsung +CVE-2022-22286 (A vulnerability using PendingIntent in Bixby Routines prior to version ...) + NOT-FOR-US: Samsung +CVE-2022-22285 (A vulnerability using PendingIntent in Reminder prior to version 12.2. ...) + NOT-FOR-US: Samsung +CVE-2022-22284 (Improper authentication vulnerability in Samsung Internet prior to 16. ...) + NOT-FOR-US: Samsung +CVE-2022-22283 (Improper session management vulnerability in Samsung Health prior to 6 ...) + NOT-FOR-US: Samsung +CVE-2021-45732 (Netgear Nighthawk R6700 version 1.0.4.120 makes use of a hardcoded cre ...) + NOT-FOR-US: Netgear +CVE-2021-45077 (Netgear Nighthawk R6700 version 1.0.4.120 stores sensitive information ...) + NOT-FOR-US: Netgear +CVE-2021-44466 (Bitmask Riseup VPN 0.21.6 contains a local privilege escalation flaw d ...) + NOT-FOR-US: Bitmask Riseup VPN +CVE-2021-4194 (bookstack is vulnerable to Improper Access Control) + NOT-FOR-US: bookstack +CVE-2021-4193 (vim is vulnerable to Out-of-bounds Read) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/92c1940d-8154-473f-84ce-0de43b0c2eb0 + NOTE: Fixed by: https://github.com/vim/vim/commit/94f3192b03ed27474db80b4d3a409e107140738b (v8.2.3950) + NOTE: Crash in CLI tool, no security impact +CVE-2021-4192 (vim is vulnerable to Use After Free) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/6dd9cb2e-a940-4093-856e-59b502429f22 + NOTE: Fixed by: https://github.com/vim/vim/commit/4c13e5e6763c6eb36a343a2b8235ea227202e952 (v8.2.3949) + NOTE: Crash in CLI tool, no security impact +CVE-2021-4191 (An issue has been discovered in GitLab CE/EE affecting versions 13.0 t ...) + [experimental] - gitlab 14.6.5+ds1 + - gitlab 15.10.8+ds1-2 + NOTE: https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/ +CVE-2021-23147 (Netgear Nighthawk R6700 version 1.0.4.120 does not have sufficient pro ...) + NOT-FOR-US: Netgear +CVE-2022-22282 (SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier ver ...) + NOT-FOR-US: SonicWall +CVE-2022-22281 (A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender W ...) + NOT-FOR-US: SonicWall +CVE-2022-22280 (Improper Neutralization of Special Elements used in an SQL Command lea ...) + NOT-FOR-US: Sonicwall +CVE-2022-22279 (A post-authentication arbitrary file read vulnerability impacting end- ...) + NOT-FOR-US: Sonicwall +CVE-2022-22278 (A vulnerability in SonicOS CFS (Content filtering service) returns a l ...) + NOT-FOR-US: SonicWall +CVE-2022-22277 (A vulnerability in SonicOS SNMP service resulting exposure of Wireless ...) + NOT-FOR-US: SonicWall +CVE-2022-22276 (A vulnerability in SonicOS SNMP service resulting exposure of sensitiv ...) + NOT-FOR-US: SonicWall +CVE-2022-22275 (Improper Restriction of TCP Communication Channel in HTTP/S inbound tr ...) + NOT-FOR-US: SonicWall +CVE-2022-22274 (A Stack-based buffer overflow vulnerability in the SonicOS via HTTP re ...) + NOT-FOR-US: Sonicwall +CVE-2022-22273 (Improper neutralization of Special Elements leading to OS Command Inje ...) + NOT-FOR-US: Sonicwall +CVE-2022-22272 (Improper authorization in TelephonyManager prior to SMR Jan-2022 Relea ...) + NOT-FOR-US: Samsung +CVE-2022-22271 (A missing input validation before memory copy in TIMA trustlet prior t ...) + NOT-FOR-US: Samsung +CVE-2022-22270 (An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan- ...) + NOT-FOR-US: Samsung +CVE-2022-22269 (Keeping sensitive data in unprotected BluetoothSettingsProvider prior ...) + NOT-FOR-US: Samsung +CVE-2022-22268 (Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 ...) + NOT-FOR-US: Samsung +CVE-2022-22267 (Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior ...) + NOT-FOR-US: Samsung +CVE-2022-22266 ((Applicable to China models only) Unprotected WifiEvaluationService in ...) + NOT-FOR-US: Samsung +CVE-2022-22265 (An improper check or handling of exceptional conditions in NPU driver ...) + NOT-FOR-US: Samsung +CVE-2022-22264 (Improper sanitization of incoming intent in Dressroom prior to SMR Jan ...) + NOT-FOR-US: Samsung +CVE-2022-22263 (Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Rele ...) + NOT-FOR-US: Samsung +CVE-2021-45919 (Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.) + NOT-FOR-US: Studio 42 elFinder +CVE-2021-4190 (Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (The vulnerable code is not present) + [stretch] - wireshark (The vulnerable code is not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-22.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17811 +CVE-2021-4189 (A flaw was found in Python, specifically in the FTP (File Transfer Pro ...) + {DLA-3477-1 DLA-3432-1 DLA-2919-1} + - python3.10 (Fixed before initial upload to Debian unstable) + - python3.9 3.9.7-1 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python3.5 + [stretch] - python3.5 (Minor issue) + [experimental] - python2.7 2.7.18-13.1~exp1 + - python2.7 2.7.18-13.1 + [bullseye] - python2.7 (Python 2.7 in Bullseye not covered by security support) + NOTE: https://bugs.python.org/issue43285 + NOTE: https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e (master) + NOTE: https://github.com/python/cpython/commit/7dcb4baa4f0fde3aef5122a8e9f6a41853ec9335 (v3.9.3) + NOTE: https://github.com/python/cpython/commit/79373951b3eab585d42e0f0ab83718cbe1d0ee33 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/4134f154ae2f621f25c5d698cc0f1748035a1b88 (v3.6.14) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2036020 +CVE-2022-22262 (ROG Live Service\u2019s function for deleting temp files created by in ...) + NOT-FOR-US: ROG Live +CVE-2022-0077 + RESERVED +CVE-2022-0076 + RESERVED +CVE-2022-0075 + RESERVED +CVE-2022-0074 (Untrusted Search Path vulnerability in LiteSpeed Technologies OpenLite ...) + NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server Container +CVE-2022-0073 (Improper Input Validation vulnerability in LiteSpeed Technologies Open ...) + NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards +CVE-2022-0072 (Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSp ...) + NOT-FOR-US: LiteSpeed Technologies OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards +CVE-2022-0071 (Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mim ...) + NOT-FOR-US: Amazon Web Services hotpatch +CVE-2022-0070 (Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package st ...) + NOT-FOR-US: Amazon Web Services hotpatch +CVE-2022-0069 + RESERVED +CVE-2022-0068 + RESERVED +CVE-2022-0067 + RESERVED +CVE-2022-0066 + RESERVED +CVE-2022-0065 + RESERVED +CVE-2022-0064 + RESERVED +CVE-2022-0063 + RESERVED +CVE-2022-0062 + RESERVED +CVE-2022-0061 + RESERVED +CVE-2022-0060 + RESERVED +CVE-2022-0059 + RESERVED +CVE-2022-0058 + RESERVED +CVE-2022-0057 + RESERVED +CVE-2022-0056 + RESERVED +CVE-2022-0055 + RESERVED +CVE-2022-0054 + RESERVED +CVE-2022-0053 + RESERVED +CVE-2022-0052 + RESERVED +CVE-2022-0051 + RESERVED +CVE-2022-0050 + RESERVED +CVE-2022-0049 + RESERVED +CVE-2022-0048 + RESERVED +CVE-2022-0047 + RESERVED +CVE-2022-0046 + RESERVED +CVE-2022-0045 + RESERVED +CVE-2022-0044 + RESERVED +CVE-2022-0043 + RESERVED +CVE-2022-0042 + RESERVED +CVE-2022-0041 + RESERVED +CVE-2022-0040 + RESERVED +CVE-2022-0039 + RESERVED +CVE-2022-0038 + RESERVED +CVE-2022-0037 + RESERVED +CVE-2022-0036 + RESERVED +CVE-2022-0035 + RESERVED +CVE-2022-0034 + RESERVED +CVE-2022-0033 + RESERVED +CVE-2022-0032 + RESERVED +CVE-2022-0031 (A local privilege escalation (PE) vulnerability in the Palo Alto Netwo ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0030 (An authentication bypass vulnerability in the Palo Alto Networks PAN-O ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0029 (An improper link resolution vulnerability in the Palo Alto Networks Co ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0028 (A PAN-OS URL filtering policy misconfiguration could allow a network-b ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0027 (An improper authorization vulnerability in Palo Alto Network Cortex XS ...) + NOT-FOR-US: Palo Alto Networks software +CVE-2022-0026 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2022-0025 (A local privilege escalation (PE) vulnerability exists in Palo Alto Ne ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2022-0024 (A vulnerability exists in Palo Alto Networks PAN-OS software that enab ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2022-0023 (An improper handling of exceptional conditions vulnerability exists in ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0022 (Usage of a weak cryptographic algorithm in Palo Alto Networks PAN-OS s ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0021 (An information exposure through log file vulnerability exists in the P ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0020 (A stored cross-site scripting (XSS) vulnerability in Palo Alto Network ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0019 (An insufficiently protected credentials vulnerability exists in the Pa ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0018 (An information exposure vulnerability exists in the Palo Alto Networks ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0017 (An improper link resolution before file access ('link following') vuln ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0016 (An improper handling of exceptional conditions vulnerability exists wi ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0015 (A local privilege escalation (PE) vulnerability exists in the Palo Alt ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0014 (An untrusted search path vulnerability exists in the Palo Alto Network ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0013 (A file information exposure vulnerability exists in the Palo Alto Netw ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0012 (An improper link resolution before file access vulnerability exists in ...) + NOT-FOR-US: Palo Alto Networks +CVE-2022-0011 (PAN-OS software provides options to exclude specific websites from URL ...) + NOT-FOR-US: Palo Alto Networks +CVE-2021-45918 (NHI\u2019s health insurance web service component has insufficient val ...) + NOT-FOR-US: NHIs health insurance web service component +CVE-2021-45917 (The server-request receiver function of Shockwall system has an improp ...) + NOT-FOR-US: Shockwall system +CVE-2021-45916 (The programming function of Shockwall system has an improper input val ...) + NOT-FOR-US: Shockwall system +CVE-2021-45915 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...) + NOT-FOR-US: LuxSoft LuxCal +CVE-2021-45914 (In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attack ...) + NOT-FOR-US: LuxSoft LuxCal +CVE-2021-4188 (mruby is vulnerable to NULL Pointer Dereference) + - mruby (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/78533fb9-f3e0-47c2-86dc-d1f96d5bea28 + NOTE: Fixed by: https://github.com/mruby/mruby/commit/27d1e0132a0804581dca28df042e7047fd27eaa8 +CVE-2021-45913 (A hardcoded key in ControlUp Real-Time Agent (cuAgent.exe) before 8.2. ...) + NOT-FOR-US: ControlUp Real-Time Agent +CVE-2021-45912 (An unauthenticated Named Pipe channel in Controlup Real-Time Agent (cu ...) + NOT-FOR-US: ControlUp Real-Time Agent +CVE-2021-44775 (Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107691 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/74532a0839b57337cc26ffc66b2884039e68f23b +CVE-2021-44465 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...) + - odoo (Fixed in initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/107692 +CVE-2021-4187 (vim is vulnerable to Use After Free) + - vim 2:8.2.3995-1 + [bullseye] - vim (Minor issue) + [buster] - vim (Vulnerable code introduced later) + [stretch] - vim (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a8bee03a-6e2e-43bf-bee3-4968c5386a2e + NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) + NOTE: Fixed by: https://github.com/vim/vim/commit/4bf1006cae7e87259ccd5219128c3dba75774441 (v8.2.3923) +CVE-2021-45911 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + {DLA-2937-1} + - gif2apng (bug #1002687) + [bullseye] - gif2apng 1.9+srconly-3+deb11u1 + [buster] - gif2apng 1.9+srconly-2+deb10u1 +CVE-2021-45910 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + {DLA-2937-1} + - gif2apng (bug #1002667) + [bullseye] - gif2apng 1.9+srconly-3+deb11u1 + [buster] - gif2apng 1.9+srconly-2+deb10u1 +CVE-2021-45909 (An issue was discovered in gif2apng 1.9. There is a heap-based buffer ...) + {DLA-2937-1} + - gif2apng (bug #1002668) + [bullseye] - gif2apng 1.9+srconly-3+deb11u1 + [buster] - gif2apng 1.9+srconly-2+deb10u1 +CVE-2021-45908 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) + - gif2apng (bug #1002669; unimportant) + NOTE: Negligible security impact +CVE-2021-45907 (An issue was discovered in gif2apng 1.9. There is a stack-based buffer ...) + - gif2apng (bug #1002669; unimportant) + NOTE: Negligible security impact +CVE-2021-45906 (OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.) + NOT-FOR-US: OpenWrt +CVE-2021-45905 (OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen.) + NOT-FOR-US: OpenWrt +CVE-2021-45904 (OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.) + NOT-FOR-US: OpenWrt +CVE-2021-45903 (A persistent cross-site scripting (XSS) issue in the web interface of ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45902 + RESERVED +CVE-2021-45901 (The password-reset form in ServiceNow Orlando provides different respo ...) + NOT-FOR-US: ServiceNow Orlando +CVE-2021-45900 (Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. ...) + NOT-FOR-US: Vivoh Webinar Manager +CVE-2021-45899 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserializatio ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45898 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusio ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45897 (SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code executi ...) + NOT-FOR-US: SuiteCRM +CVE-2021-45896 (Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an ...) + NOT-FOR-US: Nokia FastMile 3TG00118ABAD52 devices +CVE-2021-45895 (Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows ...) + NOT-FOR-US: Netgen Tags Bundle +CVE-2021-45894 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) + NOT-FOR-US: Softwarebuero Zauner ARC +CVE-2021-45893 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) + NOT-FOR-US: Softwarebuero Zauner ARC +CVE-2021-45892 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4. There is ...) + NOT-FOR-US: Softwarebuero Zauner ARC +CVE-2021-45891 (An issue was discovered in Softwarebuero Zauner ARC 4.2.0.4., that all ...) + NOT-FOR-US: Softwarebuero Zauner ARC +CVE-2021-45890 (basic/BasicAuthProvider.java in AuthGuard before 0.9.0 allows authenti ...) + NOT-FOR-US: AuthGuard +CVE-2021-45889 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Several ...) + NOT-FOR-US: PONTON X/P Messenger +CVE-2021-45888 (An issue was discovered in PONTON X/P Messenger before 3.11.2. The nav ...) + NOT-FOR-US: PONTON X/P Messenger +CVE-2021-45887 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to ...) + NOT-FOR-US: PONTON X/P Messenger +CVE-2021-45886 (An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CS ...) + NOT-FOR-US: PONTON X/P Messenger +CVE-2021-45885 (An issue was discovered in Stormshield Network Security (SNS) 4.2.2 th ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-4186 (Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows den ...) + - wireshark 3.6.0-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (The vulnerable code is not present) + [stretch] - wireshark (The vulnerable code is not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-16.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17737 +CVE-2021-4185 (Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3 ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-17.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17745 +CVE-2021-4184 (Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3 ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-18.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17754 +CVE-2021-4183 (Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of se ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (The vulnerable code is not present) + [stretch] - wireshark (The vulnerable code is not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-19.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17755 +CVE-2021-4182 (Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 ...) + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark (The vulnerable code is not present) + [stretch] - wireshark (The vulnerable code is not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-20.html + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17801 +CVE-2021-4181 (Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3. ...) + {DLA-2967-1} + - wireshark 3.6.2-1 + [bullseye] - wireshark (Minor issue) + [buster] - wireshark 2.6.20-0+deb10u4 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-21.html + NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/5429 +CVE-2021-45884 (In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based a ...) + - brave-browser (bug #864795) +CVE-2021-45883 + RESERVED +CVE-2021-45882 + RESERVED +CVE-2021-45881 + RESERVED +CVE-2021-45880 + RESERVED +CVE-2021-45879 + RESERVED +CVE-2021-45878 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrec ...) + NOT-FOR-US: GARO Wallbox +CVE-2021-45877 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard cod ...) + NOT-FOR-US: GARO Wallbox +CVE-2021-45876 (Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthen ...) + NOT-FOR-US: GARO Wallbox +CVE-2021-45875 + RESERVED +CVE-2021-45874 + RESERVED +CVE-2021-45873 + RESERVED +CVE-2021-45872 + RESERVED +CVE-2021-45871 + RESERVED +CVE-2021-45870 + RESERVED +CVE-2021-45869 + RESERVED +CVE-2021-45868 (In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not vali ...) + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.232-1 + [stretch] - linux 4.9.303-1 + NOTE: https://git.kernel.org/linus/9bf3d20331295b1ecb81f4ed9ef358c51699a050 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=214655 + NOTE: https://www.openwall.com/lists/oss-security/2022/03/17/1 +CVE-2021-45867 + RESERVED +CVE-2021-45866 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester Student Attendance Management System +CVE-2021-45865 (A File Upload vulnerability exists in Sourcecodester Student Attendanc ...) + NOT-FOR-US: Sourcecodester Student Attendance Management System +CVE-2021-45864 (tsMuxer git-c6a0277 was discovered to contain a segmentation fault via ...) + NOT-FOR-US: tsMuxer +CVE-2021-45863 (tsMuxer git-2678966 was discovered to contain a heap-based buffer over ...) + NOT-FOR-US: tsMuxer +CVE-2021-45862 + RESERVED +CVE-2021-45861 (There is an Assertion `num <= INT_BIT' failed at BitStreamReader::skip ...) + NOT-FOR-US: tsMuxer +CVE-2021-45860 (An integer overflow in DTSStreamReader::findFrame() of tsMuxer git-267 ...) + NOT-FOR-US: tsMuxer +CVE-2021-45859 + RESERVED +CVE-2021-45858 + RESERVED +CVE-2021-45857 + RESERVED +CVE-2021-45856 (Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buf ...) + NOT-FOR-US: Accu-Time Systems MAXIMUS +CVE-2021-45855 + RESERVED +CVE-2021-45854 + RESERVED +CVE-2021-45853 + RESERVED +CVE-2021-45852 (An issue was discovered in Projectworlds Hospital Management System v1 ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-45851 (A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carri ...) + NOT-FOR-US: FUXA +CVE-2021-45850 + RESERVED +CVE-2021-45849 + RESERVED +CVE-2021-45848 (Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later all ...) + - nicotine-plus (bug #966000) +CVE-2021-45847 (Several missing input validations in the 3MF parser component of Slic3 ...) + - slic3r (unimportant) + NOTE: https://github.com/slic3r/Slic3r/issues/5118 + NOTE: https://github.com/slic3r/Slic3r/issues/5119 + NOTE: https://github.com/slic3r/Slic3r/issues/5120 + NOTE: Crash in GUI tool, no security impact +CVE-2021-45846 (A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker ...) + - slic3r (unimportant) + NOTE: https://github.com/slic3r/Slic3r/issues/5117 + NOTE: Crash in GUI tool, no security impact +CVE-2021-45845 (The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS comma ...) + {DSA-5229-1} + - freecad 0.19.4+dfsg1-1 + [buster] - freecad (Vulnerable code introduced in 0.19) + [stretch] - freecad (Vulnerable code introduced in 0.19) + NOTE: https://github.com/FreeCAD/FreeCAD/pull/5306 + NOTE: Introduced by: https://github.com/FreeCAD/FreeCAD/commit/dfc4e53f67785841b9bf106a79ccf5a6f7b0d524 + NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/169eb655f30180b95e5923be2eb3bc4de6e02406 (master) + NOTE: Fixed by: https://github.com/FreeCAD/FreeCAD/commit/a73f442f88725e08f36a3614e690bdef24c3dee3 (0.19.4) + NOTE: https://tracker.freecad.org/view.php?id=4810 +CVE-2021-45844 (Improper sanitization in the invocation of ODA File Converter from Fre ...) + {DSA-5229-1 DLA-3076-1 DLA-2934-1} + - freecad 0.19.4+dfsg1-1 (bug #1005747) + NOTE: Fixed by; https://github.com/FreeCAD/FreeCAD/commit/1742d7ff82af1653253c4a4183c262c9af3b26d6 (master) + NOTE: Fxied by: https://github.com/FreeCAD/FreeCAD/commit/ad6977f940d3e64d78a4367452d9a338ad43fa1c (0.19.4) + NOTE: https://tracker.freecad.org/view.php?id=4809 +CVE-2021-45843 (glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (X ...) + NOT-FOR-US: glFusion CMS +CVE-2021-45842 (It is possible to obtain the first administrator's hash set up in Terr ...) + NOT-FOR-US: Terramaster +CVE-2021-45841 (In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attack ...) + NOT-FOR-US: Terramaster +CVE-2021-45840 (It is possible to execute arbitrary commands as root in Terramaster F4 ...) + NOT-FOR-US: Terramaster +CVE-2021-45839 (It is possible to obtain the first administrator's hash set up on the ...) + NOT-FOR-US: Terramaster +CVE-2021-45838 + RESERVED +CVE-2021-45837 (It is possible to execute arbitrary commands as root in Terramaster F4 ...) + NOT-FOR-US: Terramaster +CVE-2021-45836 (An authenticated attacker can execute arbitrary commands as root in Te ...) + NOT-FOR-US: Terramaster +CVE-2021-45835 (The Online Admission System 1.0 allows an unauthenticated attacker to ...) + NOT-FOR-US: Online Admission System +CVE-2021-45834 (An attacker can upload or transfer files of dangerous types to the Ope ...) + NOT-FOR-US: OpenDocMan +CVE-2021-45833 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 vi ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1313 + NOTE: https://github.com/advisories/GHSA-x57p-jwp6-4v79 + NOTE: https://github.com/HDFGroup/hdf5/pull/2241 + NOTE: https://github.com/HDFGroup/hdf5/commit/4e0277c35a5a6e8eb84058a905efa06bb3915985 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-45832 (A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1315 + NOTE: https://github.com/advisories/GHSA-hvh7-f5p9-68g8 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-45831 (A Null Pointer Dereference vulnerability exitgs in GPAC 1.0.1 in MP4Bo ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1990 + NOTE: https://github.com/gpac/gpac/commit/4613a35362e15a6df90453bd632d083645e5a765 (v2.0.0) +CVE-2021-45830 (A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1314 + NOTE: https://github.com/advisories/GHSA-5h2h-fjjr-x9m2 + NOTE: https://github.com/HDFGroup/hdf5/issues/2228 + NOTE: https://github.com/HDFGroup/hdf5/pull/2229 + NOTE: https://github.com/HDFGroup/hdf5/commit/659bc99fd139e16fdf47b31b635f158b72e3f5a4 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-45829 (HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denia ...) + - hdf5 (unimportant) + NOTE: https://github.com/HDFGroup/hdf5/issues/1317 + NOTE: https://github.com/advisories/GHSA-23gx-cm6v-952g + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2021-45828 + RESERVED +CVE-2021-45827 + RESERVED +CVE-2021-45826 + RESERVED +CVE-2021-45825 + RESERVED +CVE-2021-45824 + RESERVED +CVE-2021-45823 + RESERVED +CVE-2021-45822 (A cross-site scripting vulnerability is present in Xbtit 3.1. The stor ...) + NOT-FOR-US: Xbtit +CVE-2021-45821 (A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid pa ...) + NOT-FOR-US: Xbtit +CVE-2021-45820 + RESERVED +CVE-2021-45819 (Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service ...) + NOT-FOR-US: Wordline HIDCCEMonitorSVC +CVE-2021-45818 (SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability wh ...) + NOT-FOR-US: SAFARI Montage +CVE-2021-45817 + REJECTED +CVE-2021-45816 + RESERVED +CVE-2021-45815 (Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Script ...) + NOT-FOR-US: Quectel UC20 UMTS/HSPA+ UC20 +CVE-2021-45814 (Nettmp NNT 5.1 is affected by a SQL injection vulnerability. An attack ...) + NOT-FOR-US: Nettmp NNT +CVE-2021-45813 (SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vu ...) + NOT-FOR-US: SLICAN WebCTI +CVE-2021-45812 (NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site ...) + NOT-FOR-US: NUUO Network Video Recorder NVRsolo +CVE-2021-45811 (A SQL injection vulnerability in the "Search" functionality of "ticket ...) + NOT-FOR-US: osTicket +CVE-2021-45810 (Multiple versions of GlobalProtect-openconnect are affected by incorre ...) + NOT-FOR-US: GlobalProtect-openconnect +CVE-2021-45809 (GlobalProtect-openconnect versions prior to 1.4.3 are affected by inco ...) + NOT-FOR-US: GlobalProtect-openconnect +CVE-2021-45808 (jpress v4.2.0 allows users to register an account by default. With the ...) + NOT-FOR-US: jpress +CVE-2021-45807 (jpress v4.2.0 is vulnerable to command execution via io.jpress.web.adm ...) + NOT-FOR-US: jpress +CVE-2021-45806 (jpress v4.2.0 admin panel provides a function through which attackers ...) + NOT-FOR-US: jpress +CVE-2021-45805 + RESERVED +CVE-2021-45804 + RESERVED +CVE-2021-45803 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) + NOT-FOR-US: MartDevelopers iResturant +CVE-2021-45802 (MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Inje ...) + NOT-FOR-US: MartDevelopers iResturant +CVE-2021-45801 + RESERVED +CVE-2021-45800 + RESERVED +CVE-2021-45799 + RESERVED +CVE-2021-45798 + RESERVED +CVE-2021-45797 + RESERVED +CVE-2021-45796 + RESERVED +CVE-2021-45795 + RESERVED +CVE-2021-45794 (Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/sys ...) + NOT-FOR-US: Slims9 Bulian +CVE-2021-45793 (Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.ph ...) + NOT-FOR-US: Slims9 Bulian +CVE-2021-45792 (Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admi ...) + NOT-FOR-US: Slims9 Bulian +CVE-2021-45791 (Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bib ...) + NOT-FOR-US: Slims8 Akasia +CVE-2021-45790 (An arbitrary file upload vulnerability was found in Metersphere v1.15. ...) + NOT-FOR-US: Metersphere +CVE-2021-45789 (An arbitrary file read vulnerability was found in Metersphere v1.15.4, ...) + NOT-FOR-US: Metersphere +CVE-2021-45788 (Time-based SQL Injection vulnerabilities were found in Metersphere v1. ...) + NOT-FOR-US: Metersphere +CVE-2021-45787 (There is a stored Cross Site Scripting (XSS) vulnerability in maccms v ...) + NOT-FOR-US: maccms +CVE-2021-45786 (In maccms v10, an attacker can log in through /index.php/user/login in ...) + NOT-FOR-US: maccms +CVE-2021-45785 + RESERVED +CVE-2021-45784 + RESERVED +CVE-2021-45783 (Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory ...) + NOT-FOR-US: Bookeen Notea Firmware +CVE-2021-45782 + REJECTED +CVE-2021-45781 + REJECTED +CVE-2021-45780 + REJECTED +CVE-2021-45779 + REJECTED +CVE-2021-45778 + REJECTED +CVE-2021-45777 + RESERVED +CVE-2021-45776 + RESERVED +CVE-2021-45775 + REJECTED +CVE-2021-45774 + REJECTED +CVE-2021-45773 (A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec ...) + NOT-FOR-US: lib60870 +CVE-2021-45772 + RESERVED +CVE-2021-45771 + RESERVED +CVE-2021-45770 + RESERVED +CVE-2021-45769 (A NULL pointer dereference in AcseConnection_parseMessage at src/mms/i ...) + NOT-FOR-US: libiec61850 +CVE-2021-45768 + RESERVED +CVE-2021-45767 (GPAC 1.1.0 was discovered to contain an invalid memory address derefer ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1982 + NOTE: https://github.com/gpac/gpac/commit/830548acd030467e857f4cf0b79af8ebf1e04dde (v2.0.0) +CVE-2021-45766 + RESERVED +CVE-2021-45765 + RESERVED +CVE-2021-45764 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1971 + NOTE: https://github.com/gpac/gpac/commit/e54df17892bee983d09d9437e44e6a1528fb46cb (v2.0.0) +CVE-2021-45763 (GPAC v1.1.0 was discovered to contain an invalid call in the function ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1974 + NOTE: https://github.com/gpac/gpac/commit/d2f74e49f2cb8d687c0dc38f66b99e3c5c7d7fec (v2.0.0) +CVE-2021-45762 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1978 + NOTE: https://github.com/gpac/gpac/commit/6d647f6e458c9b727eae1a8077d27fa433ced788 (v2.0.0) +CVE-2021-45761 (ROPium v3.1 was discovered to contain an invalid memory address derefe ...) + NOT-FOR-US: ROPium +CVE-2021-45760 (GPAC v1.1.0 was discovered to contain an invalid memory address derefe ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1966 + NOTE: https://github.com/gpac/gpac/commit/5041fcbaa904a89d280561905a163171b3828cea (v2.0.0) +CVE-2021-45759 + RESERVED +CVE-2021-45758 + RESERVED +CVE-2021-45757 (ASUS AC68U <=3.0.0.4.385.20852 is affected by a buffer overflow in blo ...) + NOT-FOR-US: ASUS RT-AC68U +CVE-2021-45756 (Asus RT-AC68U <3.0.0.4.385.20633 and RT-AC5300 <3.0.0.4.384.82072 are ...) + NOT-FOR-US: ASUS RT-AC68U +CVE-2021-45755 + RESERVED +CVE-2021-45754 + RESERVED +CVE-2021-45753 + RESERVED +CVE-2021-45752 + RESERVED +CVE-2021-45751 + RESERVED +CVE-2021-45750 + RESERVED +CVE-2021-45749 + RESERVED +CVE-2021-45748 + RESERVED +CVE-2021-45747 + RESERVED +CVE-2021-45746 (A Directory Traversal vulnerability exists in WeBankPartners wecube-pl ...) + NOT-FOR-US: WeBankPartners +CVE-2021-45745 (A Stored Cross Site Scripting (XSS) vulnerability exists in Bludit 3.1 ...) + NOT-FOR-US: Bludit +CVE-2021-45744 (A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.1 ...) + NOT-FOR-US: Bludit +CVE-2021-45743 + RESERVED +CVE-2021-45742 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a comm ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45741 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45740 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45739 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45738 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45737 (TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stac ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45736 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45735 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45734 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a sta ...) + NOT-FOR-US: TOTOLINK +CVE-2021-45733 (TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to contain a com ...) + NOT-FOR-US: TOTOLINK +CVE-2021-4180 (An information exposure flaw in openstack-tripleo-heat-templates allow ...) + - tripleo-heat-templates + NOTE: https://bugs.launchpad.net/tripleo/+bug/1955397 +CVE-2021-4179 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-45720 (An issue was discovered in the lru crate before 0.7.1 for Rust. The it ...) + NOT-FOR-US: Rust crate lru +CVE-2021-45719 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45718 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45717 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45716 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45715 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45714 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45713 (An issue was discovered in the rusqlite crate 0.25.x before 0.25.4 and ...) + NOT-FOR-US: Rust crate rusqlite +CVE-2021-45712 (An issue was discovered in the rust-embed crate before 6.3.0 for Rust. ...) + NOT-FOR-US: Rust crate rust-embed +CVE-2021-45711 (An issue was discovered in the simple_asn1 crate 0.6.0 before 0.6.1 fo ...) + NOT-FOR-US: Rust crate simple_asn1 +CVE-2021-45710 (An issue was discovered in the tokio crate before 1.8.4, and 1.9.x thr ...) + - rust-tokio 1.15.0-1 + [bullseye] - rust-tokio (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0124.html + NOTE: https://github.com/tokio-rs/tokio/issues/4225 +CVE-2021-45709 (An issue was discovered in the crypto2 crate through 2021-10-08 for Ru ...) + NOT-FOR-US: Rust crate crypto2 +CVE-2021-45708 (An issue was discovered in the abomonation crate through 2021-10-17 fo ...) + NOT-FOR-US: Rust crate abomonation +CVE-2021-45707 (An issue was discovered in the nix crate 0.16.0 and later before 0.20. ...) + - rust-nix 0.23.0-1 + [bullseye] - rust-nix (Minor issue) + [buster] - rust-nix (Introduced in 0.16) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html +CVE-2021-45706 (An issue was discovered in the zeroize_derive crate before 1.1.1 for R ...) + NOT-FOR-US: Rust crate zeroize_derive +CVE-2021-45705 (An issue was discovered in the nanorand crate before 0.6.1 for Rust. T ...) + NOT-FOR-US: Rust crate nanorand +CVE-2021-45704 (An issue was discovered in the metrics-util crate before 0.7.0 for Rus ...) + NOT-FOR-US: Rust crate metrics-util +CVE-2021-45703 (An issue was discovered in the tectonic_xdv crate before 0.1.12 for Ru ...) + NOT-FOR-US: Rust crate tectonic_xdv +CVE-2021-45702 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) + NOT-FOR-US: Rust crate tremor-script +CVE-2021-45701 (An issue was discovered in the tremor-script crate before 0.11.6 for R ...) + NOT-FOR-US: Rust crate tremor-script +CVE-2021-45700 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Attac ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45699 (An issue was discovered in the ckb crate before 0.40.0 for Rust. Remot ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45698 (An issue was discovered in the ckb crate before 0.40.0 for Rust. A get ...) + NOT-FOR-US: Rust crate ckb +CVE-2021-45697 (An issue was discovered in the molecule crate before 0.7.2 for Rust. A ...) + NOT-FOR-US: Rust crate molecule +CVE-2021-45696 (An issue was discovered in the sha2 crate 0.9.7 before 0.9.8 for Rust. ...) + - rust-sha2 (Only affetced 0.9.7, never uploaded to the archive) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0100.html +CVE-2021-45695 (An issue was discovered in the mopa crate through 2021-06-01 for Rust. ...) + NOT-FOR-US: Rust crate mopa +CVE-2021-45694 (An issue was discovered in the rdiff crate through 2021-02-03 for Rust ...) + NOT-FOR-US: Rust crate rdiff +CVE-2021-45693 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45692 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45691 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45690 (An issue was discovered in the messagepack-rs crate through 2021-01-26 ...) + NOT-FOR-US: Rust crate messagepack-rs +CVE-2021-45689 (An issue was discovered in the gfx-auxil crate through 2021-01-07 for ...) + NOT-FOR-US: Rust crate gfx-auxil +CVE-2021-45688 (An issue was discovered in the ash crate before 0.33.1 for Rust. util: ...) + NOT-FOR-US: Rust crate ash +CVE-2021-45687 (An issue was discovered in the raw-cpuid crate before 9.1.1 for Rust. ...) + NOT-FOR-US: Rust crate raw-cpuid +CVE-2021-45686 (An issue was discovered in the csv-sniffer crate through 2021-01-05 fo ...) + NOT-FOR-US: Rust crate csv-sniffer +CVE-2021-45685 (An issue was discovered in the columnar crate through 2021-01-07 for R ...) + NOT-FOR-US: Rust crate columnar +CVE-2021-45684 (An issue was discovered in the flumedb crate through 2021-01-07 for Ru ...) + NOT-FOR-US: Rust crate flumedb +CVE-2021-45683 (An issue was discovered in the binjs_io crate through 2021-01-03 for R ...) + NOT-FOR-US: Rust crate binjs +CVE-2021-45682 (An issue was discovered in the bronzedb-protocol crate through 2021-01 ...) + NOT-FOR-US: Rust crate bronzedb-protocol +CVE-2021-45681 (An issue was discovered in the derive-com-impl crate before 0.1.2 for ...) + NOT-FOR-US: Rust crate derive-com-impl +CVE-2021-45680 (An issue was discovered in the vec-const crate before 2.0.0 for Rust. ...) + NOT-FOR-US: Rust crate vec-const +CVE-2021-45111 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107683 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/d326153e016f93c22f40ad8fb146bb4108bb94dc +CVE-2021-45071 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107697 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/609b6503af97af5cf00ff497760f71cd71860c48 +CVE-2021-44547 (A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 all ...) + - odoo (Vulnerable code introduced later) + NOTE: https://github.com/odoo/odoo/issues/107696 +CVE-2021-44476 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107684 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/be2c857a2e19b0a752555ab377ce5e1cb081a186 +CVE-2021-44475 + RESERVED +CVE-2021-44461 (Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise ...) + NOT-FOR-US: Odoo Enterprise Edition +CVE-2021-44460 (Improper access control in Odoo Community 13.0 and earlier and Odoo En ...) + - odoo (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/107685 +CVE-2021-4178 (A arbitrary code execution flaw was found in the Fabric 8 Kubernetes c ...) + NOT-FOR-US: fabric8io/kubernetes-client + NOTE: https://github.com/fabric8io/kubernetes-client/issues/3653 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034388 +CVE-2021-4177 (livehelperchat is vulnerable to Generation of Error Message Containing ...) + NOT-FOR-US: livehelperchat +CVE-2021-4176 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4175 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-26947 (Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and O ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107694 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/e451c4fbffa9472cd3686492e8ba41430ab3b235 +CVE-2021-23186 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107688 + NOTE: https://github.com/odoo/odoo/commit/c1d6d4a1d9148275213c7f3c286658366df03bd7 +CVE-2021-23178 (Improper access control in Odoo Community 15.0 and earlier and Odoo En ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107690 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/5ac55247b576312ea4f1f274c94d955dd23335d1 +CVE-2021-23176 (Improper access control in reporting engine of l10n_fr_fec module in O ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107682 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f166400c7ddd1bc571fcad52d18d2371f2c3fd87 +CVE-2021-23166 (A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterpr ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107687 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/1f1e03ff29f711dd26cfbcadc60b7d03fdb59ed7 +CVE-2020-36514 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) + NOT-FOR-US: Rust crate acc_reader +CVE-2020-36513 (An issue was discovered in the acc_reader crate through 2020-12-27 for ...) + NOT-FOR-US: Rust crate acc_reader +CVE-2020-36512 (An issue was discovered in the buffoon crate through 2020-12-31 for Ru ...) + NOT-FOR-US: Rust crate buffoon +CVE-2020-36511 (An issue was discovered in the bite crate through 2020-12-31 for Rust. ...) + NOT-FOR-US: Rust crate bite +CVE-2019-25055 (An issue was discovered in the libpulse-binding crate before 2.6.0 for ...) + NOT-FOR-US: Rust crate libpulse-binding +CVE-2019-25054 (An issue was discovered in the pnet crate before 0.27.2 for Rust. Ther ...) + NOT-FOR-US: Rust crate pnet +CVE-2018-25028 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) + NOT-FOR-US: Rust crate libpulse-binding +CVE-2018-25027 (An issue was discovered in the libpulse-binding crate before 1.2.1 for ...) + NOT-FOR-US: Rust crate libpulse-binding +CVE-2018-25026 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25025 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25024 (An issue was discovered in the actix-web crate before 0.7.15 for Rust. ...) + NOT-FOR-US: Rust crate actix-web +CVE-2018-25023 (An issue was discovered in the smallvec crate before 0.6.13 for Rust. ...) + - rust-smallvec 1.1.0-1 + [buster] - rust-smallvec (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2018-0018.html + NOTE: https://github.com/servo/rust-smallvec/issues/126 +CVE-2021-4174 + RESERVED +CVE-2021-4173 (vim is vulnerable to Use After Free) + - vim 2:8.2.3995-1 + [bullseye] - vim (Minor issue) + [buster] - vim (Vulnerable code introduced later) + [stretch] - vim (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/a1b236b9-89fb-4ccf-9689-ba11b471e766 + NOTE: Introduced after: https://github.com/vim/vim/commit/04b12697838b232b8b17c553ccc74cf1f1bdb81c (v8.2.0695) + NOTE: Fixed by: https://github.com/vim/vim/commit/9c23f9bb5fe435b28245ba8ac65aa0ca6b902c04 (v8.2.3902) +CVE-2021-4172 (Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showd ...) + NOT-FOR-US: ShowDoc +CVE-2021-4171 (calibre-web is vulnerable to Business Logic Errors) + - calibre-web (bug #982690) +CVE-2021-45679 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45678 (NETGEAR RAX200 devices before 1.0.5.132 are affected by insecure code.) + NOT-FOR-US: Netgear +CVE-2021-45677 (Certain NETGEAR devices are affected by stored XSS. This affects GS108 ...) + NOT-FOR-US: Netgear +CVE-2021-45676 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45675 (Certain NETGEAR devices are affected by stored XSS. This affects R6120 ...) + NOT-FOR-US: Netgear +CVE-2021-45674 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) + NOT-FOR-US: Netgear +CVE-2021-45673 (Certain NETGEAR devices are affected by stored XSS. This affects R7000 ...) + NOT-FOR-US: Netgear +CVE-2021-45672 (Certain NETGEAR devices are affected by Stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-45671 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45670 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45669 (Certain NETGEAR devices are affected by stored XSS. This affects RAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45668 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45667 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45666 (Certain NETGEAR devices are affected by stored XSS. This affects CBR40 ...) + NOT-FOR-US: Netgear +CVE-2021-45665 (Certain NETGEAR devices are affected by stored XSS. This affects EAX20 ...) + NOT-FOR-US: Netgear +CVE-2021-45664 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2021-45663 (NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2021-45662 (NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2021-45661 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45660 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45659 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45658 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45657 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45656 (Certain NETGEAR devices are affected by server-side injection. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45655 (NETGEAR R6400 devices before 1.0.1.70 are affected by server-side inje ...) + NOT-FOR-US: Netgear +CVE-2021-45654 (NETGEAR XR1000 devices before 1.0.0.58 are affected by disclosure of s ...) + NOT-FOR-US: Netgear +CVE-2021-45653 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45652 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45651 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45650 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45649 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45648 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45647 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45646 (NETGEAR R7000 devices before 1.0.11.116 are affected by disclosure of ...) + NOT-FOR-US: Netgear +CVE-2021-45645 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45644 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45643 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45642 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45641 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45640 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-45639 (Certain NETGEAR devices are affected by reflected XSS. This affects CB ...) + NOT-FOR-US: Netgear +CVE-2021-45638 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45637 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45636 (NETGEAR D7000 devices before 1.0.1.82 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-45635 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45634 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45633 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45632 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45631 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45630 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45629 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45628 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45627 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45626 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45625 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45624 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45623 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45622 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45621 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45620 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45619 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45618 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45617 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45616 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45615 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45614 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45613 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45612 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45611 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45610 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45609 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-45608 (Certain D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital d ...) + NOT-FOR-US: D-Link, Edimax, NETGEAR, TP-Link, Tenda, and Western Digital devices +CVE-2021-45607 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45606 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45605 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45604 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45603 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2021-45602 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45601 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45600 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45599 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45598 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45597 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45596 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45595 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45594 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45593 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45592 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45591 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45590 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45589 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45588 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45587 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45586 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45585 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45584 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45583 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45582 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45581 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45580 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45579 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45578 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45577 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45576 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45575 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45574 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45573 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-45572 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45571 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45570 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45569 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45568 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45567 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45566 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45565 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45564 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45563 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45562 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45561 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45560 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45559 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45558 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45557 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45556 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45555 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45554 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45553 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45552 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45551 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45550 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45549 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45548 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45547 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45546 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45545 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45544 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45543 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45542 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45541 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45540 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45539 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45538 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45537 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45536 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45535 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45534 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45533 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45532 (NETGEAR R8000 devices before 1.0.4.76 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2021-45531 (NETGEAR D6220 devices before 1.0.0.76 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2021-45530 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45529 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45528 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45527 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45526 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45525 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-45524 (NETGEAR R8000 devices before 1.0.4.62 are affected by a buffer overflo ...) + NOT-FOR-US: Netgear +CVE-2021-45523 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) + NOT-FOR-US: Netgear +CVE-2021-45522 (NETGEAR XR1000 devices before 1.0.0.58 are affected by a hardcoded pas ...) + NOT-FOR-US: Netgear +CVE-2021-45521 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45520 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-45519 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45518 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45517 (NETGEAR XR1000 devices before 1.0.0.58 are affected by denial of servi ...) + NOT-FOR-US: Netgear +CVE-2021-45516 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45515 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45514 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) + NOT-FOR-US: Netgear +CVE-2021-45513 (NETGEAR XR1000 devices before 1.0.0.58 are affected by command injecti ...) + NOT-FOR-US: Netgear +CVE-2021-45512 (Certain NETGEAR devices are affected by weak cryptography. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-45511 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45510 (NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication ...) + NOT-FOR-US: Netgear +CVE-2021-45509 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45508 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45507 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45506 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45505 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45504 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45503 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45502 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45501 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45500 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45499 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-45498 (NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication ...) + NOT-FOR-US: Netgear +CVE-2021-45497 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45496 (NETGEAR D7000 devices before 1.0.1.82 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45495 (NETGEAR D7000 devices before 1.0.1.68 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2021-45494 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2021-45493 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: Netgear +CVE-2021-4170 (calibre-web is vulnerable to Improper Neutralization of Input During W ...) + - calibre-web (bug #982690) +CVE-2021-4169 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-45492 (In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configu ...) + NOT-FOR-US: Sage ERP +CVE-2021-4168 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-45491 (3CX System through 2022-03-17 stores cleartext passwords in a database ...) + NOT-FOR-US: 3CX +CVE-2021-45490 (The client applications in 3CX on Windows, the 3CX app for iOS, and th ...) + NOT-FOR-US: 3CX +CVE-2021-45489 (In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employ ...) + NOT-FOR-US: NetBSD +CVE-2021-45488 (In NetBSD through 9.2, there is an information leak in the TCP ISN (IS ...) + NOT-FOR-US: NetBSD +CVE-2021-45487 (In NetBSD through 9.2, the IPv4 ID generation algorithm does not use a ...) + NOT-FOR-US: NetBSD +CVE-2021-45486 (In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4 ...) + - linux 5.10.38-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://arxiv.org/pdf/2112.09604.pdf + NOTE: https://git.kernel.org/linus/aa6dd211e4b1dde9d5dc25d699d35f789ae7eeba (5.13-rc1) +CVE-2021-45485 (In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6 ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://arxiv.org/pdf/2112.09604.pdf + NOTE: https://git.kernel.org/linus/62f20e068ccc50d6ab66fdb72ba90da2b9418c99 (5.14-rc1) +CVE-2021-45484 (In NetBSD through 9.2, the IPv6 fragment ID generation algorithm emplo ...) + NOT-FOR-US: NetBSD +CVE-2021-45483 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Fram ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 +CVE-2021-45482 (In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Cont ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 +CVE-2021-45481 (In WebKitGTK before 2.32.4, there is incorrect memory allocation in We ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 +CVE-2021-45480 (An issue was discovered in the Linux kernel before 5.15.11. There is a ...) + {DSA-5096-1 DSA-5050-1 DLA-2941-1} + - linux 5.15.15-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/5f9562ebe710c307adc5f666bf1a2162ee7977c0 +CVE-2021-4167 + RESERVED +CVE-2021-45479 (Improper Neutralization of Input During Web Page Generation vulnerabil ...) + NOT-FOR-US: Yordam Information Technologies Library Automation System +CVE-2021-45478 (Improper Handling of Parameters vulnerability in Bordam Information Te ...) + NOT-FOR-US: Bordam Information Technologies Library Automation System +CVE-2021-45477 (Improper Handling of Parameters vulnerability in Bordam Information Te ...) + NOT-FOR-US: Bordam Information Technologies Library Automation System +CVE-2021-45476 (Yordam Library Information Document Automation product before version ...) + NOT-FOR-US: Yordam Library Information Document Automation +CVE-2021-45475 (Yordam Library Information Document Automation product before version ...) + NOT-FOR-US: Yordam Library Information Document Automation +CVE-2021-4166 (vim is vulnerable to Out-of-bounds Read) + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/229df5dd-5507-44e9-832c-c70364bdf035 + NOTE: https://github.com/vim/vim/commit/6f98371532fcff911b462d51bc64f2ce8a6ae682 (v8.2.3884) + NOTE: Crash in CLI tool, no security impact +CVE-2021-4165 + RESERVED +CVE-2021-4164 (calibre-web is vulnerable to Cross-Site Request Forgery (CSRF)) + - calibre-web (bug #982690) +CVE-2021-4163 + RESERVED +CVE-2021-4162 (archivy is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: archivy +CVE-2021-45474 (In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporte ...) + NOT-FOR-US: FileImporter MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/Id1c8910aeac5b452fbabeddab70360765518223e + NOTE: https://phabricator.wikimedia.org/T296605 +CVE-2021-45473 (In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which ...) + NOT-FOR-US: WikiBase MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/I3cd080a1a7dacd7396d37ee0c98cff0b4e241f8d + NOTE: https://phabricator.wikimedia.org/T294693 +CVE-2021-45472 (In MediaWiki through 1.37, XSS can occur in Wikibase because an extern ...) + NOT-FOR-US: WikiBase MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/I37ece1dfdc80d38055067c9c4fa73ba591acd8bd + NOTE: https://phabricator.wikimedia.org/T297570 +CVE-2021-45471 (In MediaWiki through 1.37, blocked IP addresses are allowed to edit En ...) + NOT-FOR-US: EntitySchema MediaWiki extension + NOTE: https://gerrit.wikimedia.org/r/q/Iac86cf63bd014ef99e83dccfce9b8942e15d2bf9 + NOTE: https://gerrit.wikimedia.org/r/q/Id9af124427bcd1e85301d2140a38bf47bbc5622c + NOTE: https://phabricator.wikimedia.org/T296578 +CVE-2021-45470 (lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular express ...) + NOT-FOR-US: cve-search +CVE-2021-4161 (The affected products contain vulnerable firmware, which could allow a ...) + NOT-FOR-US: Moxa +CVE-2021-45469 (In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...) + {DSA-5096-1 DSA-5050-1 DLA-2941-1} + - linux 5.15.15-1 + [stretch] - linux (Minor issue; f2fs is not supportable) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=215235 +CVE-2021-45468 (Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote ...) + NOT-FOR-US: Imperva Web Application Firewall +CVE-2021-45467 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-45466 (In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-45465 + RESERVED +CVE-2021-4160 (There is a carry propagation bug in the MIPS32 and MIPS64 squaring pro ...) + {DSA-5103-1} + - openssl 1.1.1m-1 + [stretch] - openssl (This is MIPS-specific and we don't support MIPS for stretch-security) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9e726506cd2a3fd9c0f12daf8cc1fe934c7dddb (OpenSSL_1_1_1m) + NOTE: https://mta.openssl.org/pipermail/openssl-announce/2022-January/000214.html + NOTE: https://www.openssl.org/news/secadv/20220128.txt +CVE-2021-4159 (A vulnerability was found in the Linux kernel's EBPF verifier when han ...) + {DLA-3131-1} + - linux 5.7.6-1 + [stretch] - linux (Too risky to backport, and mitigated by default) + NOTE: Fixed by: https://git.kernel.org/linus/294f2fc6da27620a506e6c050241655459ccd6bd (5.7-rc1) +CVE-2021-45464 (kvmtool through 39181fc allows an out-of-bounds write, related to virt ...) + - kvmtool (bug #1006290) + NOTE: https://www.kalmarunionen.dk/writeups/2021/hxp-2021/lkvm/ +CVE-2021-45463 (load_cache in GEGL before 0.4.34 allows shell expansion when a pathnam ...) + - gegl 1:0.4.34-1 (bug #1002661) + [bullseye] - gegl (Minor issue) + [buster] - gegl (Minor issue) + [stretch] - gegl (Minor issue; can be fixed later) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34) + NOTE: Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34) +CVE-2021-45462 (In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF.) + NOT-FOR-US: Open5GS +CVE-2021-4158 (A NULL pointer dereference issue was found in the ACPI code of QEMU. A ...) + - qemu 1:6.2+dfsg-2 + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035002 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/770 + NOTE: Introduced in: https://gitlab.com/qemu-project/qemu/-/commit/b32bd763a1ca929677e22ae1c51cb3920921bdce (v6.0.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/9bd6565ccee68f72d5012e24646e12a1c662827e + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg03692.html +CVE-2021-45461 (FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 1 ...) + NOT-FOR-US: FreePBX +CVE-2021-45460 (A vulnerability has been identified in SICAM PQ Analyzer (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-4157 (An out of memory bounds write flaw (1 or 2 bytes of memory) in the Lin ...) + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/ed34695e15aba74f45247f1ee2cf7e09d449f925 (5.13-rc1) +CVE-2021-4156 (An out-of-bounds read flaw was found in libsndfile's FLAC codec functi ...) + {DLA-3126-1 DLA-3058-1} + - libsndfile 1.1.0-1 (bug #1014713) + [bullseye] - libsndfile (Minor issue) + NOTE: https://github.com/libsndfile/libsndfile/issues/731 + NOTE: https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (1.1.0beta1) +CVE-2021-4155 (A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS ...) + {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034813 + NOTE: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 (5.16) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/1 +CVE-2020-36510 (The 15Zine WordPress theme before 3.3.0 does not sanitise and escape t ...) + NOT-FOR-US: WordPress theme +CVE-2022-22261 (The HiAIserver has a vulnerability in verifying the validity of the we ...) + NOT-FOR-US: HarmonyOS +CVE-2022-22260 (The kernel module has a UAF vulnerability.Successful exploitation of t ...) + NOT-FOR-US: HarmonyOS +CVE-2022-22259 (There is an improper authentication vulnerability in FLMG-10 10.0.1.0( ...) + NOT-FOR-US: Huawei +CVE-2022-22258 (The Wi-Fi module has an event notification vulnerability.Successful ex ...) + NOT-FOR-US: Harmony OS +CVE-2022-22257 (The customization framework has a vulnerability of improper permission ...) + NOT-FOR-US: Harmony OS +CVE-2022-22256 (The DFX module has an access control vulnerability.Successful exploita ...) + NOT-FOR-US: Harmony OS +CVE-2022-22255 (The application framework has a common DoS vulnerability.Successful ex ...) + NOT-FOR-US: Harmony OS +CVE-2022-22254 (A permission bypass vulnerability exists when the NFC CAs access the T ...) + NOT-FOR-US: Harmony OS +CVE-2022-22253 (The DFX module has a vulnerability of improper validation of integrity ...) + NOT-FOR-US: Harmony OS +CVE-2022-22252 (The DFX module has a UAF vulnerability.Successful exploitation of this ...) + NOT-FOR-US: HarmonyOS +CVE-2022-22251 (On cSRX Series devices software permission issues in the container fil ...) + NOT-FOR-US: Juniper +CVE-2022-22250 (An Improper Control of a Resource Through its Lifetime vulnerability i ...) + NOT-FOR-US: Juniper +CVE-2022-22249 (An Improper Control of a Resource Through its Lifetime vulnerability i ...) + NOT-FOR-US: Juniper +CVE-2022-22248 (An Incorrect Permission Assignment vulnerability in shell processing o ...) + NOT-FOR-US: Juniper +CVE-2022-22247 (An Improper Input Validation vulnerability in ingress TCP segment proc ...) + NOT-FOR-US: Juniper +CVE-2022-22246 (A PHP Local File Inclusion (LFI) vulnerability in the J-Web component ...) + NOT-FOR-US: Juniper +CVE-2022-22245 (A Path Traversal vulnerability in the J-Web component of Juniper Netwo ...) + NOT-FOR-US: Juniper +CVE-2022-22244 (An XPath Injection vulnerability in the J-Web component of Juniper Net ...) + NOT-FOR-US: Juniper +CVE-2022-22243 (An XPath Injection vulnerability due to Improper Input Validation in t ...) + NOT-FOR-US: Juniper +CVE-2022-22242 (A Cross-site Scripting (XSS) vulnerability in the J-Web component of J ...) + NOT-FOR-US: Juniper +CVE-2022-22241 (An Improper Input Validation vulnerability in the J-Web component of J ...) + NOT-FOR-US: Juniper +CVE-2022-22240 (An Allocation of Resources Without Limits or Throttling and a Missing ...) + NOT-FOR-US: Juniper +CVE-2022-22239 (An Execution with Unnecessary Privileges vulnerability in Management D ...) + NOT-FOR-US: Juniper +CVE-2022-22238 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22237 (An Improper Authentication vulnerability in the kernel of Juniper Netw ...) + NOT-FOR-US: Juniper +CVE-2022-22236 (An Access of Uninitialized Pointer vulnerability in SIP Application La ...) + NOT-FOR-US: Juniper +CVE-2022-22235 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22234 (An Improper Preservation of Consistency Between Independent Representa ...) + NOT-FOR-US: Juniper +CVE-2022-22233 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22232 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...) + NOT-FOR-US: Juniper +CVE-2022-22231 (An Unchecked Return Value to NULL Pointer Dereference vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22230 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) + NOT-FOR-US: Juniper +CVE-2022-22229 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: Juniper +CVE-2022-22228 (An Improper Validation of Specified Type of Input vulnerability in the ...) + NOT-FOR-US: Juniper +CVE-2022-22227 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22226 (In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Unc ...) + NOT-FOR-US: Juniper +CVE-2022-22225 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in t ...) + NOT-FOR-US: Juniper +CVE-2022-22224 (An Improper Check or Handling of Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22223 (On QFX10000 Series devices using Juniper Networks Junos OS when config ...) + NOT-FOR-US: Juniper +CVE-2022-22222 + RESERVED +CVE-2022-22221 (An Improper Neutralization of Special Elements vulnerability in the do ...) + NOT-FOR-US: Juniper +CVE-2022-22220 (A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in R ...) + NOT-FOR-US: Juniper +CVE-2022-22219 (Due to the Improper Handling of an Unexpected Data Type in the process ...) + NOT-FOR-US: Juniper +CVE-2022-22218 (On SRX Series devices, an Improper Check for Unusual or Exceptional Co ...) + NOT-FOR-US: Juniper +CVE-2022-22217 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22216 (An Exposure of Sensitive Information to an Unauthorized Actor vulnerab ...) + NOT-FOR-US: Juniper +CVE-2022-22215 (A Missing Release of File Descriptor or Handle after Effective Lifetim ...) + NOT-FOR-US: Juniper +CVE-2022-22214 (An Improper Input Validation vulnerability in the Packet Forwarding En ...) + NOT-FOR-US: Juniper +CVE-2022-22213 (A vulnerability in Handling of Undefined Values in the routing protoco ...) + NOT-FOR-US: Juniper +CVE-2022-22212 (An Allocation of Resources Without Limits or Throttling vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22211 (A limitless resource allocation vulnerability in FPC resources of Juni ...) + NOT-FOR-US: Juniper +CVE-2022-22210 (A NULL Pointer Dereference vulnerability in the Packet Forwarding Engi ...) + NOT-FOR-US: Juniper +CVE-2022-22209 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22208 (A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of ...) + NOT-FOR-US: Juniper +CVE-2022-22207 (A Use After Free vulnerability in the Advanced Forwarding Toolkit (AFT ...) + NOT-FOR-US: Juniper +CVE-2022-22206 (A Buffer Overflow vulnerability in the PFE of Juniper Networks Junos O ...) + NOT-FOR-US: Juniper +CVE-2022-22205 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22204 (An Improper Release of Memory Before Removing Last Reference vulnerabi ...) + NOT-FOR-US: Juniper +CVE-2022-22203 (An Incorrect Comparison vulnerability in PFE of Juniper Networks Junos ...) + NOT-FOR-US: Juniper +CVE-2022-22202 (An Improper Handling of Exceptional Conditions vulnerability on specif ...) + NOT-FOR-US: Juniper +CVE-2022-22201 (An Improper Validation of Specified Index, Position, or Offset in Inpu ...) + NOT-FOR-US: Juniper +CVE-2022-22200 + REJECTED +CVE-2022-22199 + REJECTED +CVE-2022-22198 (An Access of Uninitialized Pointer vulnerability in the SIP ALG of Jun ...) + NOT-FOR-US: Juniper +CVE-2022-22197 (An Operation on a Resource after Expiration or Release vulnerability i ...) + NOT-FOR-US: Juniper +CVE-2022-22196 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22195 (An Improper Update of Reference Count vulnerability in the kernel of J ...) + NOT-FOR-US: Juniper +CVE-2022-22194 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22193 (An Improper Handling of Unexpected Data Type vulnerability in the Rout ...) + NOT-FOR-US: Juniper +CVE-2022-22192 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22191 (A Denial of Service (DoS) vulnerability in the processing of a flood o ...) + NOT-FOR-US: Juniper +CVE-2022-22190 (An Improper Access Control vulnerability in the Juniper Networks Parag ...) + NOT-FOR-US: Juniper +CVE-2022-22189 (An Incorrect Ownership Assignment vulnerability in Juniper Networks Co ...) + NOT-FOR-US: Juniper +CVE-2022-22188 (An Uncontrolled Memory Allocation vulnerability leading to a Heap-base ...) + NOT-FOR-US: Juniper +CVE-2022-22187 (An Improper Privilege Management vulnerability in the Windows Installe ...) + NOT-FOR-US: Juniper +CVE-2022-22186 (Due to an Improper Initialization vulnerability in Juniper Networks Ju ...) + NOT-FOR-US: Juniper +CVE-2022-22185 (A vulnerability in Juniper Networks Junos OS on SRX Series, allows a n ...) + NOT-FOR-US: Juniper +CVE-2022-22184 (An Improper Input Validation vulnerability in the Routing Protocol Dae ...) + NOT-FOR-US: Juniper +CVE-2022-22183 (An Improper Access Control vulnerability in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2022-22182 (A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos O ...) + NOT-FOR-US: Juniper +CVE-2022-22181 (A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Junip ...) + NOT-FOR-US: Juniper +CVE-2022-22180 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22179 (A Improper Validation of Specified Index, Position, or Offset in Input ...) + NOT-FOR-US: Juniper +CVE-2022-22178 (A Stack-based Buffer Overflow vulnerability in the flow processing dae ...) + NOT-FOR-US: Juniper +CVE-2022-22177 (A release of illegal memory vulnerability in the snmpd daemon of Junip ...) + NOT-FOR-US: Juniper +CVE-2022-22176 (An Improper Validation of Syntactic Correctness of Input vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22175 (An Improper Locking vulnerability in the SIP ALG of Juniper Networks J ...) + NOT-FOR-US: Juniper +CVE-2022-22174 (A vulnerability in the processing of inbound IPv6 packets in Juniper N ...) + NOT-FOR-US: Juniper +CVE-2022-22173 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22172 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22171 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2022-22170 (A Missing Release of Resource after Effective Lifetime vulnerability i ...) + NOT-FOR-US: Juniper +CVE-2022-22169 (An Improper Initialization vulnerability in the routing protocol daemo ...) + NOT-FOR-US: Juniper +CVE-2022-22168 (An Improper Validation of Specified Type of Input vulnerability in the ...) + NOT-FOR-US: Juniper +CVE-2022-22167 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) + NOT-FOR-US: Juniper +CVE-2022-22166 (An Improper Validation of Specified Quantity in Input vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2022-22165 + REJECTED +CVE-2022-22164 (An Improper Initialization vulnerability in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2022-22163 (An Improper Input Validation vulnerability in the Juniper DHCP daemon ...) + NOT-FOR-US: Juniper +CVE-2022-22162 (A Generation of Error Message Containing Sensitive Information vulnera ...) + NOT-FOR-US: Juniper +CVE-2022-22161 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) + NOT-FOR-US: Juniper +CVE-2022-22160 (An Unchecked Error Condition vulnerability in the subscriber managemen ...) + NOT-FOR-US: Juniper +CVE-2022-22159 (A vulnerability in the NETISR network queue functionality of Juniper N ...) + NOT-FOR-US: Juniper +CVE-2022-22158 + REJECTED +CVE-2022-22157 (A traffic classification vulnerability in Juniper Networks Junos OS on ...) + NOT-FOR-US: Juniper +CVE-2022-22156 (An Improper Certificate Validation weakness in the Juniper Networks Ju ...) + NOT-FOR-US: Juniper +CVE-2022-22155 (An Uncontrolled Resource Consumption vulnerability in the handling of ...) + NOT-FOR-US: Juniper +CVE-2022-22154 (In a Junos Fusion scenario an External Control of Critical State Data ...) + NOT-FOR-US: Juniper +CVE-2022-22153 (An Insufficient Algorithmic Complexity combined with an Allocation of ...) + NOT-FOR-US: Juniper +CVE-2022-22152 (A Protection Mechanism Failure vulnerability in the REST API of Junipe ...) + NOT-FOR-US: Juniper +CVE-2022-21800 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-21215 (This vulnerability could allow an attacker to force the server to crea ...) + NOT-FOR-US: Airspan Networks +CVE-2022-21196 (MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior ...) + NOT-FOR-US: Airspan Networks +CVE-2022-21155 (A specially crafted packet sent to the Fernhill SCADA Server Version 3 ...) + NOT-FOR-US: Fernhill SCADA Server +CVE-2022-21137 (Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based b ...) + NOT-FOR-US: Omron CX-One +CVE-2021-45459 (lib/cmd.js in the node-windows package before 1.0.0-beta.6 for Node.js ...) + NOT-FOR-US: Node windows +CVE-2021-4154 (A use-after-free flaw was found in cgroup1_parse_param in kernel/cgrou ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/3b0462726e7ef281c35a7a4ae33e93ee2bc9975b (5.14-rc2) +CVE-2021-4153 + RESERVED +CVE-2021-4152 + RESERVED +CVE-2021-4151 + RESERVED +CVE-2022-22136 + RESERVED +CVE-2022-22135 + RESERVED +CVE-2022-22134 + RESERVED +CVE-2022-22133 + RESERVED +CVE-2022-22132 + RESERVED +CVE-2022-22131 + RESERVED +CVE-2022-22130 + RESERVED +CVE-2022-22129 + RESERVED +CVE-2022-22128 (Tableau discovered a path traversal vulnerability affecting Tableau Se ...) + NOT-FOR-US: Tableau Server Administration Agent +CVE-2022-22127 (Tableau is aware of a broken access control vulnerability present in T ...) + NOT-FOR-US: Tableau Server +CVE-2022-22126 (Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via ...) + NOT-FOR-US: Openmct +CVE-2022-22125 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) + NOT-FOR-US: Halo +CVE-2022-22124 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) + NOT-FOR-US: Halo +CVE-2022-22123 (In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored ...) + NOT-FOR-US: Halo +CVE-2022-22122 + REJECTED +CVE-2022-22121 (In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injectio ...) + NOT-FOR-US: NocoDB +CVE-2022-22120 (In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrep ...) + NOT-FOR-US: NocoDB +CVE-2022-22119 + RESERVED +CVE-2022-22118 + RESERVED +CVE-2022-22117 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 allow unrestricted f ...) + NOT-FOR-US: Directus +CVE-2022-22116 (In Directus, versions 9.0.0-alpha.4 through 9.4.1 are vulnerable to st ...) + NOT-FOR-US: Directus +CVE-2022-22115 (In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Si ...) + NOT-FOR-US: Teedy +CVE-2022-22114 (In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross ...) + NOT-FOR-US: Teedy +CVE-2022-22113 (In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22112 (In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an ap ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22111 (In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22110 (In Daybyday CRM, versions 1.1 through 2.2.0 enforce weak password requ ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22109 (In Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scri ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22108 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missin ...) + NOT-FOR-US: DayByDay CRM +CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...) + NOT-FOR-US: Snapdragon +CVE-2022-22105 (Memory corruption in bluetooth due to integer overflow while processin ...) + NOT-FOR-US: Qualcomm +CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages ...) + NOT-FOR-US: Snapdragon +CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...) + NOT-FOR-US: Snapdragon +CVE-2022-22102 (Memory corruption in multimedia due to incorrect type conversion while ...) + NOT-FOR-US: Snapdragon +CVE-2022-22101 (Denial of service in multimedia due to uncontrolled resource consumpti ...) + NOT-FOR-US: Snapdragon +CVE-2022-22100 (Memory corruption in multimedia due to improper check on received expo ...) + NOT-FOR-US: Snapdragon +CVE-2022-22099 (Memory corruption in multimedia due to improper validation of array in ...) + NOT-FOR-US: Snapdragon +CVE-2022-22098 (Memory corruption in multimedia driver due to untrusted pointer derefe ...) + NOT-FOR-US: Snapdragon +CVE-2022-22097 (Memory corruption in graphic driver due to use after free while callin ...) + NOT-FOR-US: Snapdragon +CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...) + NOT-FOR-US: Qualcomm +CVE-2022-22095 (Memory corruption in synx driver due to use-after-free condition in th ...) + NOT-FOR-US: Qualcomm +CVE-2022-22094 (memory corruption in Kernel due to race condition while getting mappin ...) + NOT-FOR-US: Qualcomm +CVE-2022-22093 (Memory corruption or temporary denial of service due to improper handl ...) + NOT-FOR-US: Qualcomm +CVE-2022-22092 (Memory corruption in kernel due to use after free issue in Snapdragon ...) + NOT-FOR-US: Qualcomm +CVE-2022-22091 (Improper authorization of a replayed LTE security mode command can lea ...) + NOT-FOR-US: Qualcomm +CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...) + NOT-FOR-US: Snapdragon +CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...) + NOT-FOR-US: Qualcomm +CVE-2022-22088 (Memory corruption in Bluetooth HOST due to buffer overflow while parsi ...) + NOT-FOR-US: Qualcomm +CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...) + NOT-FOR-US: Snapdragon +CVE-2022-22086 (Memory corruption in video due to double free while parsing 3gp clip w ...) + NOT-FOR-US: Snapdragon +CVE-2022-22085 (Memory corruption in video due to buffer overflow while reading the dt ...) + NOT-FOR-US: Snapdragon +CVE-2022-22084 (Memory corruption when extracting qcp audio file due to lack of check ...) + NOT-FOR-US: Snapdragon +CVE-2022-22083 (Denial of service due to memory corruption while extracting ape header ...) + NOT-FOR-US: Snapdragon +CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...) + NOT-FOR-US: Snapdragon +CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Snapdrago ...) + NOT-FOR-US: Qualcomm +CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...) + NOT-FOR-US: Snapdragon +CVE-2022-22079 (Denial of service while processing fastboot flash command on mmc due t ...) + NOT-FOR-US: Qualcomm +CVE-2022-22078 (Denial of service in BOOT when partition size for a particular partiti ...) + NOT-FOR-US: Snapdragon +CVE-2022-22077 (Memory corruption in graphics due to use-after-free in graphics dispat ...) + NOT-FOR-US: Snapdragon +CVE-2022-22076 (information disclosure due to cryptographic issue in Core during RPMB ...) + NOT-FOR-US: Qualcomm +CVE-2022-22075 (Information Disclosure in Graphics during GPU context switch.) + NOT-FOR-US: Qualcomm +CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in ...) + NOT-FOR-US: Qualcomm +CVE-2022-22073 + RESERVED +CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...) + NOT-FOR-US: Snapdragon +CVE-2022-22071 (Possible use after free when process shell memory is freed using IOCTL ...) + NOT-FOR-US: Snapdragon +CVE-2022-22070 (Memory corruption in audio due to lack of check of invalid routing add ...) + NOT-FOR-US: Snapdragon +CVE-2022-22069 (Devices with keyprotect off may store unencrypted keybox in RPMB and c ...) + NOT-FOR-US: Snapdragon +CVE-2022-22068 (kernel event may contain unexpected content which is not generated by ...) + NOT-FOR-US: Snapdragon +CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...) + NOT-FOR-US: Snapdragon +CVE-2022-22066 (Memory corruption occurs while processing command received from HLOS d ...) + NOT-FOR-US: Qualcomm +CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...) + NOT-FOR-US: Snapdragon +CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...) + NOT-FOR-US: Snapdragon +CVE-2022-22063 (Memory corruption in Core due to improper configuration in boot remapp ...) + NOT-FOR-US: Qualcomm +CVE-2022-22062 (An out-of-bounds read can occur while parsing a server certificate due ...) + NOT-FOR-US: Snapdragon +CVE-2022-22061 (Out of bounds writing is possible while verifying device IDs due to im ...) + NOT-FOR-US: Snapdragon +CVE-2022-22060 (Assertion occurs while processing Reconfiguration message due to impro ...) + NOT-FOR-US: Qualcomm +CVE-2022-22059 (Memory corruption due to out of bound read while parsing a video file ...) + NOT-FOR-US: Snapdragon +CVE-2022-22058 (Memory corruption due to use after free issue in kernel while processi ...) + NOT-FOR-US: Qualcomm +CVE-2022-22057 (Use after free in graphics fence due to a race condition while closing ...) + NOT-FOR-US: Snapdragon +CVE-2022-22056 (The Le-yan dental management system contains a hard-coded credentials ...) + NOT-FOR-US: Le-yan dental management system +CVE-2022-22055 (The Le-yan dental management system contains an SQL-injection vulnerab ...) + NOT-FOR-US: Le-yan dental management system +CVE-2022-22054 (ASUS RT-AX56U\u2019s login function contains a path traversal vulnerab ...) + NOT-FOR-US: ASUS +CVE-2021-45458 (Apache Kylin provides encryption classes PasswordPlaceholderConfigurer ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45457 (In Apache Kylin, Cross-origin requests with credentials are allowed to ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45456 (Apache kylin checks the legitimacy of the project before executing som ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-45455 + RESERVED +CVE-2021-45454 (Ampere Altra before SRP 1.08b and Altra Max before SRP 2.05 allow info ...) + NOT-FOR-US: Ampere Altra +CVE-2021-45453 + RESERVED +CVE-2021-45452 (Storage.save in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 b ...) + {DLA-3191-1} + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django 2:2.2.26-1~deb11u1 + [stretch] - python-django (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/8d2f7cff76200cbd2337b2cf1707e383eb1fb54b (3.2.11) + NOTE: https://github.com/django/django/commit/4cb35b384ceef52123fc66411a73c36a706825e1 (2.2.26) +CVE-2021-4150 (A use-after-free flaw was found in the add_partition in block/partitio ...) + - linux (Vulnerability introduced and fixed in experimental) + NOTE: https://git.kernel.org/linus/9fbfabfda25d8774c5a08634fdd2da000a924890 (5.15-rc7) +CVE-2021-4149 (A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tre ...) + {DLA-3065-1} + - linux 5.14.16-1 + [buster] - linux 4.19.235-1 + NOTE: https://git.kernel.org/linus/19ea40dddf1833db868533958ca066f368862211 (5.15-rc6) +CVE-2021-4148 (A vulnerability was found in the Linux kernel's block_invalidatepage i ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://lkml.org/lkml/2021/9/17/1037 + NOTE: https://lkml.org/lkml/2021/9/12/323 +CVE-2021-4147 (A flaw was found in the libvirt libxl driver. A malicious guest could ...) + - libvirt 7.10.0-2 (bug #1002535) + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2034195 + NOTE: https://listman.redhat.com/archives/libvir-list/2021-November/msg00908.html + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5 + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d + NOTE: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340 +CVE-2021-4146 (Business Logic Errors in GitHub repository pimcore/pimcore prior to 10 ...) + NOT-FOR-US: pimcore +CVE-2021-4145 (A NULL pointer dereference issue was found in the block mirror layer o ...) + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/d44dae1a7cf782ec9235746ebb0e6c1a20dd7288 (v6.1.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/66fed30c9cd11854fc878a4eceb507e915d7c9cd (v6.2.0-rc0) +CVE-2021-4144 (TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 2 ...) + NOT-FOR-US: TP-Link +CVE-2021-45451 (In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass ...) + - mbedtls (Vulnerable code introduced later) + NOTE: https://github.com/ARMmbed/mbedtls/commit/cae590905363747d26fb5617b71bd567541a2f39 (mbedtls-3.1.0) +CVE-2021-45450 (In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv ...) + - mbedtls (Vulnerable code introduced later) + NOTE: https://github.com/ARMmbed/mbedtls/commit/c423acbe0f7957d8ef1e6036c2429c9f79c6f05e (mbedtls-2.28.0) + NOTE: https://github.com/ARMmbed/mbedtls/commit/4c224fe3ccbe527a2b7d55a927f1f09511ff1b83 (mbedtls-2.28.0) +CVE-2021-45449 (Docker Desktop version 4.3.0 and 4.3.1 has a bug that may log sensitiv ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2021-45448 (Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.2 ...) + NOT-FOR-US: Pentaho Business Analytics Server +CVE-2021-45447 (Hitachi Vantara Pentaho Business Analytics Server versions before 9.3. ...) + NOT-FOR-US: Hitachi +CVE-2021-45446 (A vulnerability in Hitachi Vantara Pentaho Business Analytics Server ...) + NOT-FOR-US: Hitachi +CVE-2021-45445 (Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 h ...) + NOT-FOR-US: Unisys +CVE-2021-45444 (In zsh before 5.8.1, an attacker can achieve code execution if they co ...) + {DSA-5078-1 DLA-2926-1} + - zsh 5.8.1-1 + NOTE: https://sourceforge.net/p/zsh/code/ci/c187154f47697cdbf822c2f9d714d570ed4a0fd1/ + NOTE: https://sourceforge.net/p/zsh/code/ci/fdb8b0ce6244ff26bf55e0fd825310a58d0d3156/ + NOTE: https://sourceforge.net/p/zsh/code/ci/bdc4d70a7e033b754e68a8659a037ea0fc5f38de/ +CVE-2021-45443 + RESERVED +CVE-2021-4143 (Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutto ...) + NOT-FOR-US: BigBlueButton +CVE-2017-20010 + RESERVED + NOT-FOR-US: MODX Revolution +CVE-2017-20009 + RESERVED + NOT-FOR-US: MODX Revolution +CVE-2012-20001 (PrestaShop before 1.5.2 allows XSS via the " +CVE-2021-45327 (Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...) + - gitea +CVE-2021-45326 (Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before ...) + - gitea +CVE-2021-45325 (Server Side Request Forgery (SSRF) vulneraility exists in Gitea before ...) + - gitea +CVE-2021-45324 + RESERVED +CVE-2021-45323 + RESERVED +CVE-2021-45322 + RESERVED +CVE-2021-45321 + RESERVED +CVE-2021-45320 + RESERVED +CVE-2021-45319 + RESERVED +CVE-2021-45318 + RESERVED +CVE-2021-45317 + RESERVED +CVE-2021-45316 + RESERVED +CVE-2021-45315 + RESERVED +CVE-2021-45314 + RESERVED +CVE-2021-45313 + RESERVED +CVE-2021-45312 + RESERVED +CVE-2021-45311 + RESERVED +CVE-2021-45310 (Sangoma Technologies Corporation Switchvox Version 102409 is affected ...) + NOT-FOR-US: Sangoma Technologies Corporation Switchvox +CVE-2021-45309 + RESERVED +CVE-2021-45308 + RESERVED +CVE-2021-45307 + RESERVED +CVE-2021-45306 + RESERVED +CVE-2021-45305 + RESERVED +CVE-2021-45304 + RESERVED +CVE-2021-45303 + RESERVED +CVE-2021-45302 + RESERVED +CVE-2021-45301 + RESERVED +CVE-2021-45300 + RESERVED +CVE-2021-45299 + RESERVED +CVE-2021-45298 + RESERVED +CVE-2021-45297 (An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (No longer supported in LTS; Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1973 + NOTE: https://github.com/gpac/gpac/commit/fb13af36286b9d898e332e8762a286eb83bd1770 (v2.0.0) +CVE-2021-45296 + RESERVED +CVE-2021-45295 + RESERVED +CVE-2021-45294 + RESERVED +CVE-2021-45293 (A Denial of Service vulnerability exists in Binaryen 103 due to an Inv ...) + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4384 + NOTE: https://github.com/WebAssembly/binaryen/pull/4388 + NOTE: https://github.com/WebAssembly/binaryen/commit/b1f6298ed8756bdc3336429c04b92ba58d000b49 (version_104) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45292 (The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to c ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1958 + NOTE: https://github.com/gpac/gpac/commit/3dafcb5e71e9ffebb50238784dcad8b105da81f6 (v2.0.0) +CVE-2021-45291 (The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cau ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1955 + NOTE: https://github.com/gpac/gpac/commit/a07c64979af592aad56bc175157b7397e43fa9cc (v2.0.0) +CVE-2021-45290 (A Denial of Service vulnerability exits in Binaryen 103 due to an asse ...) + - binaryen 104-1 (unimportant) + NOTE: https://github.com/WebAssembly/binaryen/issues/4383 + NOTE: https://github.com/WebAssembly/binaryen/pull/4389 + NOTE: https://github.com/WebAssembly/binaryen/commit/62d83d5fcad015ce52f0f3122eab9df1c629cafb (version_104) + NOTE: Crash in CLI tool, no security impact +CVE-2021-45289 (A vulnerability exists in GPAC 1.0.1 due to an omission of security-re ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Vulnerable code not present) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1972 + NOTE: https://github.com/gpac/gpac/commit/5e1f084e0c6ad2736c9913715c4abb57c554209d (v2.0.0) +CVE-2021-45288 (A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1956 + NOTE: https://github.com/gpac/gpac/commit/9bbce9634cba1128aa4b96d590be578ae3ce80b3 (v2.0.0) +CVE-2021-45287 + RESERVED +CVE-2021-45286 (Directory Traversal vulnerability exists in ZZCMS 2021 via the skin pa ...) + NOT-FOR-US: ZZCMS +CVE-2021-45285 + RESERVED +CVE-2021-45284 + RESERVED +CVE-2021-45283 + RESERVED +CVE-2021-45282 + RESERVED +CVE-2021-45281 (QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: QuickBox Pro +CVE-2021-45280 + RESERVED +CVE-2021-45279 + RESERVED +CVE-2021-45278 + RESERVED +CVE-2021-45277 + RESERVED +CVE-2021-45276 + RESERVED +CVE-2021-45275 + RESERVED +CVE-2021-45274 + RESERVED +CVE-2021-45273 + RESERVED +CVE-2021-45272 + RESERVED +CVE-2021-45271 + RESERVED +CVE-2021-45270 + RESERVED +CVE-2021-45269 + RESERVED +CVE-2021-45268 (A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop C ...) + - backdrop (bug #914257) +CVE-2021-45267 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1965 + NOTE: https://github.com/gpac/gpac/commit/29f31f431b18278b94c659452562e8a027436487 (v2.0.0) +CVE-2021-45266 (A null pointer dereference vulnerability exists in gpac 1.1.0 via the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1985 + NOTE: https://github.com/gpac/gpac/commit/76b9e3f578a056fee07a4b317f5b36a83d01810e (v2.0.0) +CVE-2021-45265 + RESERVED +CVE-2021-45264 + RESERVED +CVE-2021-45263 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_dele ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1975 + NOTE: https://github.com/gpac/gpac/commit/b232648da3b111a0efe500501ee8ca8f32b616e9 (v2.0.0) +CVE-2021-45262 (An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_comma ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1980 + NOTE: https://github.com/gpac/gpac/commit/ef86a8eba3b166b885dec219066dd3a47501e03a (v2.0.0) +CVE-2021-45261 (An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ...) + - patch (unimportant) + NOTE: https://savannah.gnu.org/bugs/?61685 + NOTE: Negligible security impact +CVE-2021-45260 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the l ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1979 + NOTE: https://github.com/gpac/gpac/issues/1977 + NOTE: https://github.com/gpac/gpac/commit/5e5e9c48b1a61e3844e9fbe26292305ab4c06d04 (v2.0.0) + NOTE: Reported twice upstream, fix is in issue 1977 - identical report in issue 1979 +CVE-2021-45259 (An Invalid pointer reference vulnerability exists in gpac 1.1.0 via th ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1986 + NOTE: https://github.com/gpac/gpac/commit/654c796482c2609aa736315f9273d6c5912e0a29 (v2.0.0) +CVE-2021-45258 (A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_de ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1970 + NOTE: https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad (v2.0.0) +CVE-2021-45257 (An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392790 + NOTE: Negligible security impact +CVE-2021-45256 (A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392789 + NOTE: Crash in CLI tool, no security impact +CVE-2021-45255 (The email parameter from ajax.php of Video Sharing Website 1.0 appears ...) + NOT-FOR-US: Video Sharing Website +CVE-2021-45254 + RESERVED +CVE-2021-45253 (The id parameter in view_storage.php from Simple Cold Storage Manageme ...) + NOT-FOR-US: Simple Cold Storage Management System +CVE-2021-45252 (Multiple SQL injection vulnerabilities are found on Simple Forum-Discu ...) + NOT-FOR-US: Simple Forum-Discussion System +CVE-2021-45251 + RESERVED +CVE-2021-45250 + RESERVED +CVE-2021-45249 + RESERVED +CVE-2021-45248 + RESERVED +CVE-2021-45247 + RESERVED +CVE-2021-45246 + RESERVED +CVE-2021-45245 + RESERVED +CVE-2021-45244 + RESERVED +CVE-2021-45243 + RESERVED +CVE-2021-45242 + RESERVED +CVE-2021-45241 + RESERVED +CVE-2021-45240 + RESERVED +CVE-2021-45239 + RESERVED +CVE-2021-45238 + RESERVED +CVE-2021-45237 + RESERVED +CVE-2021-45236 + RESERVED +CVE-2021-45235 + RESERVED +CVE-2021-45234 + RESERVED +CVE-2021-4142 (The Candlepin component of Red Hat Satellite was affected by an improp ...) + NOT-FOR-US: Red Hat Satellite / Candlepin +CVE-2021-4141 + REJECTED +CVE-2021-4140 (It was possible to construct specific XSLT markup that would be able t ...) + {DSA-5045-1 DSA-5044-1 DLA-2881-1 DLA-2880-1} + - firefox 96.0-1 + - firefox-esr 91.5.0esr-1 + - thunderbird 1:91.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-01/#CVE-2021-4140 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-02/#CVE-2021-4140 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-03/#CVE-2021-4140 +CVE-2021-4139 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-4138 (Improved Host header checks to reject requests not sent to a well-know ...) + - geckodriver (bug #989456) +CVE-2022-22053 + RESERVED +CVE-2022-22052 + RESERVED +CVE-2022-22051 + RESERVED +CVE-2022-22050 (Windows Fax Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22049 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-22048 (BitLocker Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22047 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-22046 + RESERVED +CVE-2022-22045 (Windows.Devices.Picker.dll Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22044 + RESERVED +CVE-2022-22043 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-22042 (Windows Hyper-V Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22041 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22040 (Internet Information Services Dynamic Compression Module Denial of Ser ...) + NOT-FOR-US: Microsoft +CVE-2022-22039 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22038 (Remote Procedure Call Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22037 (Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2022-22036 (Performance Counters for Windows Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22035 (Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-22034 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22033 + RESERVED +CVE-2022-22032 + RESERVED +CVE-2022-22031 (Windows Credential Guard Domain-joined Public Key Elevation of Privile ...) + NOT-FOR-US: Microsoft +CVE-2022-22030 + RESERVED +CVE-2022-22029 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22028 (Windows Network File System Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22027 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22026 (Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privileg ...) + NOT-FOR-US: Microsoft +CVE-2022-22025 (Windows Internet Information Services Cachuri Module Denial of Service ...) + NOT-FOR-US: Microsoft +CVE-2022-22024 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22023 (Windows Portable Device Enumerator Service Security Feature Bypass Vul ...) + NOT-FOR-US: Microsoft +CVE-2022-22022 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22021 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-22020 + RESERVED +CVE-2022-22019 (Remote Procedure Call Runtime Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-22018 (HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-22017 (Remote Desktop Client Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-22016 (Windows PlayToManager Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-22015 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-22014 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-22013 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-22012 (Windows LDAP Remote Code Execution Vulnerability. This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2022-22011 (Windows Graphics Component Information Disclosure Vulnerability. This ...) + NOT-FOR-US: Microsoft +CVE-2022-22010 (Media Foundation Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22009 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22008 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22007 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22006 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22005 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22004 (Microsoft Office ClickToRun Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22003 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22002 (Windows User Account Profile Picture Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-22001 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-22000 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21999 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21998 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21997 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21996 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21995 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21994 (Windows DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21993 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-21992 (Windows Mobile Device Management Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21991 (Visual Studio Code Remote Development Extension Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2022-21990 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21989 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21988 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21987 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21986 (.NET Denial of Service Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2022-21985 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-21984 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21983 (Win32 Stream Enumeration Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21982 + RESERVED +CVE-2022-21981 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21980 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21979 (Microsoft Exchange Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21978 (Microsoft Exchange Server Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21977 (Media Foundation Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21976 + RESERVED +CVE-2022-21975 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21974 (Roaming Security Rights Management Services Remote Code Execution Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-21973 (Windows Media Center Update Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21972 (Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-21971 (Windows Runtime Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21970 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2022-21969 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21968 (Microsoft SharePoint Server Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21967 (Xbox Live Auth Manager for Windows Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21966 + RESERVED +CVE-2022-21965 (Microsoft Teams Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21964 (Remote Desktop Licensing Diagnoser Information Disclosure Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21963 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21962 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21961 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21960 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21959 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21958 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21957 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21956 + RESERVED +CVE-2022-21955 + RESERVED +CVE-2022-21954 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. ...) + NOT-FOR-US: Microsoft +CVE-2021-45233 + RESERVED +CVE-2021-45232 (In Apache APISIX Dashboard before 2.10.1, the Manager API uses two fra ...) + NOT-FOR-US: Apache APISIX Dashboard +CVE-2021-45231 (A link following privilege escalation vulnerability in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-45230 (In Apache Airflow prior to 2.2.0. This CVE applies to a specific case ...) + - airflow (bug #819700) +CVE-2021-45229 (It was discovered that the "Trigger DAG with config" screen was suscep ...) + - airflow (bug #819700) +CVE-2021-45228 (An XSS issue was discovered in COINS Construction Cloud 11.12. Due to ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45227 (An issue was discovered in COINS Construction Cloud 11.12. Due to an i ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45226 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45225 (An issue was discovered in COINS Construction Cloud 11.12. Due to impr ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45224 (An issue was discovered in COINS Construction Cloud 11.12. In several ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45223 (An issue was discovered in COINS Construction Cloud 11.12. Due to insu ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45222 (An issue was discovered in COINS Construction Cloud 11.12. Due to logi ...) + NOT-FOR-US: COINS Construction Cloud +CVE-2021-45221 + RESERVED +CVE-2021-45220 + RESERVED +CVE-2021-45219 + RESERVED +CVE-2021-45218 + RESERVED +CVE-2021-45217 + RESERVED +CVE-2021-45216 + RESERVED +CVE-2021-45215 + RESERVED +CVE-2021-45214 + RESERVED +CVE-2021-45213 + RESERVED +CVE-2021-45212 + RESERVED +CVE-2021-45211 + RESERVED +CVE-2021-45210 + RESERVED +CVE-2021-45209 + RESERVED +CVE-2021-45208 + RESERVED +CVE-2021-45207 + RESERVED +CVE-2021-45206 + RESERVED +CVE-2021-45205 + RESERVED +CVE-2021-45204 + RESERVED +CVE-2021-45203 + RESERVED +CVE-2021-45202 + RESERVED +CVE-2021-45201 + RESERVED +CVE-2021-45200 + RESERVED +CVE-2021-45199 + RESERVED +CVE-2021-45198 + RESERVED +CVE-2021-45197 + RESERVED +CVE-2021-45196 + RESERVED +CVE-2021-45195 + RESERVED +CVE-2021-45194 + RESERVED +CVE-2021-45193 + RESERVED +CVE-2021-45192 + RESERVED +CVE-2021-45191 + RESERVED +CVE-2021-45190 + RESERVED +CVE-2021-45189 + RESERVED +CVE-2021-45188 + RESERVED +CVE-2021-45187 + RESERVED +CVE-2021-45186 + RESERVED +CVE-2021-45185 + RESERVED +CVE-2021-45184 + RESERVED +CVE-2021-45183 + RESERVED +CVE-2021-45182 + RESERVED +CVE-2021-45181 + RESERVED +CVE-2021-45180 + RESERVED +CVE-2021-45179 + RESERVED +CVE-2021-45178 + RESERVED +CVE-2021-45177 + RESERVED +CVE-2021-45176 + RESERVED +CVE-2021-45175 + RESERVED +CVE-2021-45174 + RESERVED +CVE-2021-45173 + RESERVED +CVE-2021-45172 + RESERVED +CVE-2021-45171 + RESERVED +CVE-2021-45170 + RESERVED +CVE-2021-45169 + RESERVED +CVE-2021-45168 + RESERVED +CVE-2021-45167 + RESERVED +CVE-2021-45166 + RESERVED +CVE-2021-45165 + RESERVED +CVE-2021-45164 + RESERVED +CVE-2021-45163 + RESERVED +CVE-2021-45162 + RESERVED +CVE-2021-45161 + RESERVED +CVE-2021-45160 + RESERVED +CVE-2021-45159 + RESERVED +CVE-2021-45158 + RESERVED +CVE-2021-45157 + RESERVED +CVE-2021-45156 + RESERVED +CVE-2021-45155 + RESERVED +CVE-2021-45154 + RESERVED +CVE-2021-45153 + RESERVED +CVE-2021-45152 + RESERVED +CVE-2021-45151 + RESERVED +CVE-2021-45150 + RESERVED +CVE-2021-45149 + RESERVED +CVE-2021-45148 + RESERVED +CVE-2021-45147 + RESERVED +CVE-2021-45146 + RESERVED +CVE-2021-45145 + RESERVED +CVE-2021-45144 + RESERVED +CVE-2021-45143 + RESERVED +CVE-2021-45142 + RESERVED +CVE-2021-45141 + RESERVED +CVE-2021-45140 + RESERVED +CVE-2021-45139 + RESERVED +CVE-2021-45138 + RESERVED +CVE-2021-45137 + RESERVED +CVE-2021-45136 + RESERVED +CVE-2021-45135 + RESERVED +CVE-2021-45134 + RESERVED +CVE-2021-45133 + RESERVED +CVE-2021-45132 + RESERVED +CVE-2021-45131 + RESERVED +CVE-2021-45130 + RESERVED +CVE-2021-45129 + RESERVED +CVE-2021-45128 + RESERVED +CVE-2021-45127 + RESERVED +CVE-2021-45126 + RESERVED +CVE-2021-45125 + RESERVED +CVE-2021-45124 + RESERVED +CVE-2021-45123 + RESERVED +CVE-2021-45122 + RESERVED +CVE-2021-45121 + RESERVED +CVE-2021-45120 + RESERVED +CVE-2021-45119 + RESERVED +CVE-2021-45118 + RESERVED +CVE-2021-45117 (The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not hand ...) + NOT-FOR-US: OPCFoundation/UA-Nodeset +CVE-2021-45116 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) + {DLA-3177-1} + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django 2:2.2.26-1~deb11u1 + [stretch] - python-django (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/c7fe895bca06daf12cc1670b56eaf72a1ef27a16 (3.2.11) + NOTE: https://github.com/django/django/commit/c9f648ccfac5ab90fb2829a66da4f77e68c7f93a (2.2.26) +CVE-2021-45115 (An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11 ...) + {DLA-3177-1} + - python-django 2:3.2.11-1 (bug #1003113) + [bullseye] - python-django 2:2.2.26-1~deb11u1 + [stretch] - python-django (Minor issue; fix in next update) + NOTE: https://www.djangoproject.com/weblog/2022/jan/04/security-releases/ + NOTE: https://github.com/django/django/commit/a8b32fe13bcaed1c0b772fdc53de84abc224fb20 (3.2.11) + NOTE: https://github.com/django/django/commit/2135637fdd5ce994de110affef9e67dffdf77277 (2.2.26) +CVE-2021-45106 (A vulnerability has been identified in SICAM TOOLBOX II (All versions) ...) + NOT-FOR-US: Siemens +CVE-2021-44463 (Missing DLLs, if replaced by an insider, could allow an attacker to ac ...) + NOT-FOR-US: Emerson +CVE-2021-44462 (This vulnerability can be exploited by parsing maliciously crafted pro ...) + NOT-FOR-US: Horner Automation Cscape EnvisionRV +CVE-2021-4137 + RESERVED +CVE-2021-4136 (vim is vulnerable to Heap-based Buffer Overflow) + - vim 2:8.2.3995-1 (bug #1002534; unimportant) + [buster] - vim (Vulnerable code introduced later) + [stretch] - vim (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/5c6b93c1-2d27-4e98-a931-147877b8c938 + NOTE: Introduced by: https://github.com/vim/vim/commit/2949cfdbe4335b9abcfeda1be4dfc52090ee1df6 (v8.2.2257) + NOTE: Fixed by: https://github.com/vim/vim/commit/605ec91e5a7330d61be313637e495fa02a6dc264 (v8.2.3847) + NOTE: Crash in CLI tool, no security impact +CVE-2021-4135 (A memory leak vulnerability was found in the Linux kernel's eBPF for t ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.15.15-1 (unimportant) + [bullseye] - linux 5.10.92-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 (5.16-rc6) + NOTE: CONFIG_NETDEVSIM is not set in Debian +CVE-2021-4134 (The Fancy Product Designer WordPress plugin is vulnerable to SQL Injec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4133 (A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 ...) + NOT-FOR-US: Keycloak +CVE-2021-4132 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4131 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: livehelperchat +CVE-2021-4130 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) + - snipe-it (bug #1005172) +CVE-2021-4129 (Mozilla developers and community members Julian Hector, Randell Jesup, ...) + {DSA-5034-1 DSA-5026-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4129 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-4129 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-4129 +CVE-2021-4128 (When transitioning in and out of fullscreen mode, a graphics object wa ...) + - firefox (Only affects MacOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-4128 +CVE-2021-4127 (An out of date graphics library (Angle) likely contained vulnerabiliti ...) + {DSA-4876-1 DSA-4874-1} + - firefox-esr 78.9.0esr-1 + - thunderbird 1:78.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-11/#CVE-2021-4127 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/#CVE-2021-4127 +CVE-2021-4126 (When receiving an OpenPGP/MIME signed email message that contains an a ...) + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-4126 +CVE-2021-26264 (A specially crafted script could cause the DeltaV Distributed Control ...) + NOT-FOR-US: DeltaV Distributed Control System Controllers +CVE-2021-23173 (The affected product is vulnerable to an improper access control, whic ...) + NOT-FOR-US: Philips +CVE-2021-23157 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a he ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-23138 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a st ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-45379 (Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access cont ...) + - glewlwyd 2.6.1-1 + [bullseye] - glewlwyd 2.5.2-2+deb11u2 + [buster] - glewlwyd (Vulnerable code introduced later) + NOTE: https://github.com/babelouest/glewlwyd/commit/125281f1c0d4b6a8b49f7e55a757205a2ef01fbe (v2.6.1) +CVE-2022-21953 (A Missing Authorization vulnerability in of SUSE Rancher allows authen ...) + NOT-FOR-US: Rancher +CVE-2022-21952 (A Missing Authentication for Critical Function vulnerability in spacew ...) + NOT-FOR-US: Uyuni +CVE-2022-21951 (A Cleartext Transmission of Sensitive Information vulnerability in SUS ...) + NOT-FOR-US: Rancher +CVE-2022-21950 (A Improper Access Control vulnerability in the systemd service of cana ...) + NOT-FOR-US: SuSE +CVE-2022-21949 (A Improper Restriction of XML External Entity Reference vulnerability ...) + - ruby-xmlhash 1.3.6-3.1 (bug #1010667) + [bullseye] - ruby-xmlhash (Minor issue) + [buster] - ruby-xmlhash (Minor issue) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1197928 + NOTE: https://github.com/coolo/xmlhash/commit/544e614e2674ad26b97a234baa013723c829b751 (1.3.8) +CVE-2022-21948 (An Improper Neutralization of Input During Web Page Generation ('Cross ...) + NOT-FOR-US: OpenSuSE paste +CVE-2022-21947 (A Exposure of Resource to Wrong Sphere vulnerability in Rancher Deskto ...) + NOT-FOR-US: Rancher +CVE-2022-21946 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: SUSE cscreen +CVE-2022-21945 (A Insecure Temporary File vulnerability in cscreen of openSUSE Factory ...) + NOT-FOR-US: SUSE cscreen +CVE-2022-21944 (A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd ...) + NOT-FOR-US: SUSE packaging issue in watchman +CVE-2021-45105 (Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...) + {DSA-5024-1 DLA-2852-1} + - apache-log4j2 2.17.0-1 (bug #1001891) + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45105 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3230 +CVE-2021-31566 (An improper link resolution flaw can occur while extracting an archive ...) + {DLA-3202-1 DLA-2987-1} + - libarchive 3.5.2-1 (bug #1001990) + [bullseye] - libarchive 3.4.3-2+deb11u1 + NOTE: https://github.com/libarchive/libarchive/issues/1566 + NOTE: https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043 (v3.5.2) + NOTE: https://github.com/libarchive/libarchive/commit/e2ad1a2c3064fa9eba6274b3641c4c1beed25c0b (v3.5.2) +CVE-2021-23177 (An improper link resolution flaw while extracting an archive can lead ...) + {DLA-3202-1 DLA-2987-1} + - libarchive 3.5.2-1 (bug #1001986) + [bullseye] - libarchive 3.4.3-2+deb11u1 + NOTE: https://github.com/libarchive/libarchive/issues/1565 + NOTE: https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad (v3.5.2) +CVE-2022-21943 + RESERVED +CVE-2022-21942 + RESERVED +CVE-2022-21941 (All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable ...) + NOT-FOR-US: Sensormatic Electronics, LLC +CVE-2022-21940 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...) + NOT-FOR-US: Johnson Controls +CVE-2022-21939 (Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Cont ...) + NOT-FOR-US: Johnson Controls +CVE-2022-21938 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...) + NOT-FOR-US: Metasys +CVE-2022-21937 (Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 ...) + NOT-FOR-US: Metasys +CVE-2022-21936 (On Metasys ADX Server version 12.0 running MVE, an Active Directory us ...) + NOT-FOR-US: Metasys ADX Server +CVE-2022-21935 (A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and ...) + NOT-FOR-US: Metasys +CVE-2022-21934 (Under certain circumstances an authenticated user could lock other use ...) + NOT-FOR-US: Johnson Controls Metasys +CVE-2021-45104 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) + - condor (Vulnerable code introduced later) + NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0002 +CVE-2021-45103 (An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x befo ...) + - condor (Vulnerable code introduced later) + NOTE: https://htcondor.org/security/vulnerabilities/HTCONDOR-2022-0001 +CVE-2021-45102 (An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x befor ...) + - condor (Only affects 9.0.0 and above) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0004/ +CVE-2021-45101 (An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, ...) + - condor (bug #1002540) + [buster] - condor (Patch is too intrusive to backport) + [stretch] - condor (Patch is too destructive to backport it; Patch does not apply cleanly. Too many calls in patch, not existed in this version of the software) + NOTE: https://research.cs.wisc.edu/htcondor/security/vulnerabilities/HTCONDOR-2021-0003/ + NOTE: https://github.com/htcondor/htcondor/commit/8b311dee6dee6be518e65381e020fb74848b552b (V8_8_14) +CVE-2021-45099 (The addon.stdin service in addon-ssh (aka Home Assistant Community Add ...) + NOT-FOR-US: Home Assistant Community Add-on: SSH & Web Terminal +CVE-2021-45098 (An issue was discovered in Suricata before 6.0.4. It is possible to by ...) + - suricata 1:6.0.4-1 + [bullseye] - suricata (Minor issue) + [buster] - suricata (Minor issue) + [stretch] - suricata (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 + NOTE: https://github.com/OISF/suricata/commit/50e2b973eeec7172991bf8f544ab06fb782b97df + NOTE: https://redmine.openinfosecfoundation.org/issues/4710 +CVE-2021-45097 (KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in ...) + NOT-FOR-US: NIME Server +CVE-2021-45096 (KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external X ...) + NOT-FOR-US: KNIME Analytics Platform +CVE-2021-45094 (Imprivata Privileged Access Management (formally Xton Privileged Acces ...) + NOT-FOR-US: Imprivata Privileged Access Management +CVE-2021-45093 + RESERVED +CVE-2021-45092 (Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachab ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-45091 (Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45090 (Stormshield Endpoint Security before 2.1.2 allows remote code executio ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45089 (Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Co ...) + NOT-FOR-US: Stormshield Endpoint Security +CVE-2021-45088 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1 DLA-3074-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45087 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1 DLA-3074-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45086 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1} + - epiphany-browser 41.2-1 + [buster] - epiphany-browser (Embedded PDF viewer introduced later) + [stretch] - epiphany-browser (Embedded PDF viewer introduced later) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45085 (XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before ...) + {DSA-5042-1 DLA-3074-1} + - epiphany-browser 41.2-1 + [stretch] - epiphany-browser (WebKit browser, not covered by security support in stretch) + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1612 + NOTE: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1045 +CVE-2021-45084 + RESERVED +CVE-2021-45083 (An issue was discovered in Cobbler before 3.3.1. Files in /etc/cobbler ...) + - cobbler +CVE-2021-45082 (An issue was discovered in Cobbler before 3.3.1. In the templar.py fil ...) + - cobbler +CVE-2021-45081 (An issue was discovered in Cobbler through 3.3.1. Routines in several ...) + - cobbler +CVE-2021-45080 + RESERVED +CVE-2021-45079 (In strongSwan before 5.9.5, a malicious responder can send an EAP-Succ ...) + {DSA-5056-1 DLA-2909-1} + - strongswan 5.9.5-1 + NOTE: https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html + NOTE: Patches: https://download.strongswan.org/security/CVE-2021-45079/ +CVE-2021-45078 (stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows ...) + - binutils 2.37.50.20220106-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28694 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=161e87d12167b1e36193385485c1f6ce92f74f02 + NOTE: binutils not covered by security support +CVE-2021-4125 (It was found that the original fix for log4j CVE-2021-44228 and CVE-20 ...) + NOT-FOR-US: OpenShift metering hive containers +CVE-2021-42550 (In logback version 1.2.7 and prior versions, an attacker with the requ ...) + - logback 1:1.2.8-1 + [bullseye] - logback (Minor issue) + [buster] - logback (Minor issue) + [stretch] - logback (Minor issue) + NOTE: https://jira.qos.ch/browse/LOGBACK-1591 + NOTE: https://github.com/qos-ch/logback/commit/21d772f2bc2ed780b01b4fe108df7e29707763f1 (v_1.2.8) +CVE-2021-44771 + REJECTED +CVE-2021-4124 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) + - janus (unimportant) + NOTE: https://huntr.dev/bounties/a6ca142e-60aa-4d6f-b231-5d1bcd1b7190 + NOTE: https://github.com/meetecho/janus-gateway/commit/f62bba6513ec840761f2434b93168106c7c65a3d + NOTE: Issues only in janus-demos built from src:janus +CVE-2021-4123 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: livehelperchat +CVE-2021-4122 (It was found that a specially crafted LUKS header could trick cryptset ...) + {DSA-5070-1} + - cryptsetup 2:2.4.3-1 (bug #1003686) + [buster] - cryptsetup (Vulnerable code not present; does not support online LUKS2 reencryption) + [stretch] - cryptsetup (Vulnerable code not present; does not support LUKS2) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/13/2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2032401 + NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/commit/0113ac2d889c5322659ad0596d4cfc6da53e356c + NOTE: 2.4 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/de98f011418c62e7b825a8ce3256e8fcdc84756e + NOTE: 2.3 branch: https://gitlab.com/cryptsetup/cryptsetup/-/commit/60addcffa6794c29dccf33d8db5347f24b75f2fc +CVE-2021-4121 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-23151 + REJECTED +CVE-2021-45100 (The ksmbd server through 3.4.2, as used in the Linux kernel through 5. ...) + - linux 5.15.15-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://github.com/cifsd-team/ksmbd/issues/550 + NOTE: https://github.com/cifsd-team/ksmbd/pull/551 + NOTE: https://marc.info/?l=linux-kernel&m=163961726017023&w=2 + NOTE: SMB_SERVER enabled only as module since 5.16~rc1-1~exp1. +CVE-2021-45095 (pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 ...) + {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-1 + NOTE: https://lore.kernel.org/all/20211209082839.33985-1-hbh25y@gmail.com/ +CVE-2021-45070 + RESERVED +CVE-2021-45069 + RESERVED +CVE-2021-45068 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45067 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45066 + RESERVED +CVE-2021-45065 + RESERVED +CVE-2021-45064 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45063 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45062 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45061 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45060 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-45059 (Adobe InDesign version 16.4 (and earlier) is affected by a use-after-f ...) + NOT-FOR-US: Adobe +CVE-2021-45058 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-45057 (Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-45056 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45055 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45054 (Adobe InCopy version 16.4 (and earlier) is affected by a use-after-fre ...) + NOT-FOR-US: Adobe +CVE-2021-45053 (Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-45052 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-45051 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-4120 (snapd 2.54.2 fails to perform sufficient validation of snap content in ...) + - snapd 2.54.3-1 + [bullseye] - snapd 2.49-1+deb11u1 + [buster] - snapd (Minor issue, intrusive backport) + NOTE: https://bugs.launchpad.net/snapd/+bug/1949368 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/18/2 +CVE-2021-45050 + RESERVED +CVE-2021-45049 + RESERVED +CVE-2021-45048 + RESERVED +CVE-2021-45047 + RESERVED +CVE-2021-45046 (It was found that the fix to address CVE-2021-44228 in Apache Log4j 2. ...) + {DSA-5022-1} + - apache-log4j2 2.16.0-1 (bug #1001729) + [stretch] - apache-log4j2 (JndiLookup class has been removed) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/4 + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-45046 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3221 + NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ +CVE-2021-45045 + RESERVED +CVE-2021-45044 + RESERVED +CVE-2021-44768 (Delta Electronics CNCSoft (Version 1.01.30) and prior) is vulnerable t ...) + NOT-FOR-US: Delta Electronics +CVE-2021-44544 (DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-sit ...) + NOT-FOR-US: DIAEnergie +CVE-2021-44471 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) + NOT-FOR-US: DIAEnergie +CVE-2021-4119 (bookstack is vulnerable to Improper Access Control) + NOT-FOR-US: bookstack +CVE-2021-4118 (pytorch-lightning is vulnerable to Deserialization of Untrusted Data) + NOT-FOR-US: pytorch-lightning +CVE-2021-4117 (yetiforcecrm is vulnerable to Business Logic Errors) + NOT-FOR-US: yetiforcecrm +CVE-2021-4116 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4115 (There is a flaw in polkit which can allow an unprivileged user to caus ...) + [experimental] - policykit-1 0.120-6 + - policykit-1 0.105-32 (bug #1005784) + [bullseye] - policykit-1 (Minor issue) + [buster] - policykit-1 (Vulnerable code not present, patch introducing issue not backported) + [stretch] - policykit-1 (Vulnerable code not present, patch introducing issue not backported) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2007534 + NOTE: https://securitylab.github.com/advisories/GHSL-2021-077-polkit/ + NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/41cb093f554da8772362654a128a84dd8a5542a7 + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/141 + NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 + NOTE: Debian backported 0.113 commits in 0.105-26 +CVE-2021-4114 + REJECTED +CVE-2021-4113 + REJECTED +CVE-2021-4112 (A flaw was found in ansible-tower where the default installation is vu ...) + NOT-FOR-US: Ansible Tower +CVE-2021-4111 (yetiforcecrm is vulnerable to Business Logic Errors) + NOT-FOR-US: yetiforcecrm +CVE-2021-31558 (DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site ...) + NOT-FOR-US: DIAEnergie +CVE-2021-23228 (DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross- ...) + NOT-FOR-US: DIAEnergie +CVE-2022-21933 (ASUS VivoMini/Mini PC device has an improper input validation vulnerab ...) + NOT-FOR-US: ASUS +CVE-2022-21932 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-21931 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) + NOT-FOR-US: Microsoft +CVE-2022-21930 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) + NOT-FOR-US: Microsoft +CVE-2022-21929 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. T ...) + NOT-FOR-US: Microsoft +CVE-2022-21928 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21927 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21926 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21925 (Windows BackupKey Remote Protocol Security Feature Bypass Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21924 (Workstation Service Remote Protocol Security Feature Bypass Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2022-21923 + RESERVED +CVE-2022-21922 (Remote Procedure Call Runtime Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21921 (Windows Defender Credential Guard Security Feature Bypass Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21920 (Windows Kerberos Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21919 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...) + NOT-FOR-US: Microsoft +CVE-2022-21918 (DirectX Graphics Kernel File Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21917 (HEVC Video Extensions Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21916 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21915 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2022-21914 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-21913 (Local Security Authority (Domain Policy) Remote Protocol Security Feat ...) + NOT-FOR-US: Microsoft +CVE-2022-21912 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...) + NOT-FOR-US: Microsoft +CVE-2022-21911 (.NET Framework Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft .NET +CVE-2022-21910 (Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21909 + RESERVED +CVE-2022-21908 (Windows Installer Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21907 (HTTP Protocol Stack Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21906 (Windows Defender Application Control Security Feature Bypass Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21905 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21904 (Windows GDI Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21903 (Windows GDI Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21902 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21901 (Windows Hyper-V Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21900 (Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21899 (Windows Extensible Firmware Interface Security Feature Bypass Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2022-21898 (DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ...) + NOT-FOR-US: Microsoft +CVE-2022-21897 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2022-21896 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21895 (Windows User Profile Service Elevation of Privilege Vulnerability. Thi ...) + NOT-FOR-US: Microsoft +CVE-2022-21894 (Secure Boot Security Feature Bypass Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21893 (Remote Desktop Protocol Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21892 (Windows Resilient File System (ReFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2022-21891 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21890 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21889 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21888 (Windows Modern Execution Server Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21887 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...) + NOT-FOR-US: Microsoft +CVE-2022-21886 + RESERVED +CVE-2022-21885 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2022-21884 (Local Security Authority Subsystem Service Elevation of Privilege Vuln ...) + NOT-FOR-US: Microsoft +CVE-2022-21883 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21882 (Win32k Elevation of Privilege Vulnerability. This CVE ID is unique fro ...) + NOT-FOR-US: Microsoft +CVE-2022-21881 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-21880 (Windows GDI+ Information Disclosure Vulnerability. This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2022-21879 (Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2022-21878 (Windows Geolocation Service Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21877 (Storage Spaces Controller Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21876 (Win32k Information Disclosure Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21875 (Windows Storage Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21874 (Windows Security Center API Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21873 (Tile Data Repository Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21872 (Windows Event Tracing Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21871 (Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Priv ...) + NOT-FOR-US: Microsoft +CVE-2022-21870 (Tablet Windows User Interface Application Core Elevation of Privilege ...) + NOT-FOR-US: Microsoft +CVE-2022-21869 (Clipboard User Service Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21868 (Windows Devices Human Interface Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21867 (Windows Push Notifications Apps Elevation Of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21866 (Windows System Launcher Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21865 (Connected Devices Platform Service Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21864 (Windows UI Immersive Server API Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21863 (Windows StateRepository API Server file Elevation of Privilege Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2022-21862 (Windows Application Model Core API Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2022-21861 (Task Flow Data Engine Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21860 (Windows AppContracts API Server Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21859 (Windows Accounts Control Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21858 (Windows Bind Filter Driver Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21857 (Active Directory Domain Services Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21856 + RESERVED +CVE-2022-21855 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21854 + RESERVED +CVE-2022-21853 + RESERVED +CVE-2022-21852 (Windows DWM Core Library Elevation of Privilege Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21851 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-21850 (Remote Desktop Client Remote Code Execution Vulnerability. This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2022-21849 (Windows IKE Extension Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21848 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21847 (Windows Hyper-V Denial of Service Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21846 (Microsoft Exchange Server Remote Code Execution Vulnerability. This CV ...) + NOT-FOR-US: Microsoft +CVE-2022-21845 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21844 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2022-21843 (Windows IKE Extension Denial of Service Vulnerability. This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2022-21842 (Microsoft Word Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21841 (Microsoft Excel Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21840 (Microsoft Office Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21839 (Windows Event Tracing Discretionary Access Control List Denial of Serv ...) + NOT-FOR-US: Microsoft +CVE-2022-21838 (Windows Cleanup Manager Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21837 (Microsoft SharePoint Server Remote Code Execution Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21836 (Windows Certificate Spoofing Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21835 (Microsoft Cryptographic Services Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2022-21834 (Windows User-mode Driver Framework Reflector Driver Elevation of Privi ...) + NOT-FOR-US: Microsoft +CVE-2022-21833 (Virtual Machine IDE Drive Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2021-45043 (HD-Network Real-time Monitoring System 2.0 allows ../ directory traver ...) + NOT-FOR-US: HD-Network Real-time Monitoring System +CVE-2021-45042 (In HashiCorp Vault and Vault Enterprise before 1.7.7, 1.8.x before 1.8 ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-45041 (SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL i ...) + NOT-FOR-US: SuiteCRM +CVE-2021-4110 (mruby is vulnerable to NULL Pointer Dereference) + - mruby 3.0.0-2 (bug #1001768) + [bullseye] - mruby (Minor issue) + [buster] - mruby (Minor issue) + [stretch] - mruby (revisit when/if fix is complete) + NOTE: https://huntr.dev/bounties/4ce5dc47-2512-4c87-8609-453adc8cad20 + NOTE: https://github.com/mruby/mruby/commit/f5e10c5a79a17939af763b1dcf5232ce47e24a34 +CVE-2021-4109 + RESERVED +CVE-2021-4108 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2022-0010 (Insertion of Sensitive Information into Log File vulnerability in ABB ...) + NOT-FOR-US: ABB +CVE-2021-45040 (The Spatie media-library-pro library through 1.17.10 and 2.x through 2 ...) + NOT-FOR-US: spatie/laravel-medialibrary +CVE-2021-45039 (Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10. ...) + NOT-FOR-US: Uniview IP Camera +CVE-2021-45038 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki (Vulnerable code not present) + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T297574 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-45037 + RESERVED +CVE-2021-45036 (Velneo vClient on its 28.1.3 version, could allow an attacker with kno ...) + NOT-FOR-US: Velneo vClient +CVE-2021-45035 (Velneo vClient on its 28.1.3 version, does not correctly check the cer ...) + NOT-FOR-US: Velneo vClient +CVE-2021-45034 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2021-45033 (A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O ...) + NOT-FOR-US: Siemens +CVE-2021-45032 + REJECTED +CVE-2021-45031 (A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in ...) + NOT-FOR-US: MEPSAN +CVE-2021-45030 + RESERVED +CVE-2021-45029 (Groovy Code Injection & SpEL Injection which lead to Remote Code Execu ...) + NOT-FOR-US: Apache ShenYu +CVE-2021-45028 + RESERVED +CVE-2021-45027 (An arbitrary file download vulnerability in Oliver v5 Library Server V ...) + NOT-FOR-US: Oliver Library Server +CVE-2021-45026 (ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2 ...) + NOT-FOR-US: ASG technologies +CVE-2021-45025 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...) + NOT-FOR-US: ASG technologies +CVE-2021-45024 (ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform ...) + NOT-FOR-US: ASG technologies +CVE-2021-45023 + RESERVED +CVE-2021-45022 + RESERVED +CVE-2021-45021 + RESERVED +CVE-2021-45020 + RESERVED +CVE-2021-45019 + RESERVED +CVE-2021-45018 (Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via ...) + NOT-FOR-US: CatFish (not same as src:catfish) +CVE-2021-45017 (Cross Site Request Forgery (CSRF) vulnerability exits in Catfish <=6.1 ...) + NOT-FOR-US: CatFish (not same as src:catfish) +CVE-2021-45016 + RESERVED +CVE-2021-45015 (taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\inclu ...) + NOT-FOR-US: taocms +CVE-2021-45014 (There is an upload sql injection vulnerability in the background of ta ...) + NOT-FOR-US: taocms +CVE-2021-45013 + RESERVED +CVE-2021-45012 + RESERVED +CVE-2021-45011 + RESERVED +CVE-2021-45010 (A path traversal vulnerability in the file upload functionality in tin ...) + NOT-FOR-US: Tiny File Manager +CVE-2021-45009 + RESERVED +CVE-2021-45008 (Plesk CMS 18.0.37 is affected by an insecure permissions vulnerability ...) + NOT-FOR-US: Plesk CMS +CVE-2021-45007 (Plesk 18.0.37 is affected by a Cross Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: Plesk +CVE-2021-45006 + RESERVED +CVE-2021-45005 (Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow w ...) + - mujs 1.1.3-4 + [bullseye] - mujs 1.1.0-1+deb11u1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704749 (not public) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=df8559e7bdbc6065276e786217eeee70f28fce66 (1.2.0) +CVE-2021-45004 + RESERVED +CVE-2021-45003 (Laundry Booking Management System 1.0 (Latest) and previous versions a ...) + NOT-FOR-US: Laundry Booking Management System +CVE-2021-45002 + RESERVED +CVE-2021-45001 + RESERVED +CVE-2021-45000 + RESERVED +CVE-2021-44999 + RESERVED +CVE-2021-44998 + RESERVED +CVE-2021-44997 + RESERVED +CVE-2021-44996 + RESERVED +CVE-2021-44995 + RESERVED +CVE-2021-44994 (There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0' ...) + - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4894 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4944 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4895 +CVE-2021-44993 (There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at ...) + - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4876 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4878 +CVE-2021-44992 (There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at ...) + - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4875 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4879 +CVE-2021-44991 + RESERVED +CVE-2021-44990 + RESERVED +CVE-2021-44989 + RESERVED +CVE-2021-44988 (Jerryscript v3.0.0 and below was discovered to contain a stack overflo ...) + - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4891 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4890 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4899 +CVE-2021-44987 + RESERVED +CVE-2021-44986 + RESERVED +CVE-2021-44985 + RESERVED +CVE-2021-44984 + RESERVED +CVE-2021-44983 (In taocms 3.0.1 after logging in to the background, there is an Arbitr ...) + NOT-FOR-US: taocms +CVE-2021-44982 + RESERVED +CVE-2021-44981 (In QuickBox Pro v2.5.8 and below, the config.php file has a variable w ...) + NOT-FOR-US: QuickBox Pro +CVE-2021-44980 + RESERVED +CVE-2021-44979 + RESERVED +CVE-2021-44978 (iCMS <= 8.0.0 allows users to add and render a comtom template, which ...) + NOT-FOR-US: iCMS +CVE-2021-44977 (In iCMS <=8.0.0, a directory traversal vulnerability allows an attacke ...) + NOT-FOR-US: iCMS +CVE-2021-44976 + RESERVED +CVE-2021-44975 (radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/cor ...) + - radare2 (bug #1014490) + NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ + NOTE: Fixed in 5.6.0 +CVE-2021-44974 (radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Derefere ...) + - radare2 (bug #1014490) + NOTE: https://census-labs.com/news/2022/05/24/multiple-vulnerabilities-in-radare2/ + NOTE: Fixed in 5.5.4 +CVE-2021-44973 + RESERVED +CVE-2021-44972 + RESERVED +CVE-2021-44971 (Multiple Tenda devices are affected by authentication bypass, such as ...) + NOT-FOR-US: Tenda +CVE-2021-44970 (MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: MiniCMS +CVE-2021-44969 (Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) v ...) + NOT-FOR-US: Taocms +CVE-2021-44968 (A Use after Free vulnerability exists in IOBit Advanced SystemCare 15 ...) + NOT-FOR-US: IOBit Advanced SystemCare +CVE-2021-44967 (A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 ...) + - limesurvey (bug #472802) +CVE-2021-44966 (SQL injection bypass authentication vulnerability in PHPGURUKUL Employ ...) + NOT-FOR-US: PHPGURUKUL Employee Record Management System +CVE-2021-44965 (Directory traversal vulnerability in /admin/includes/* directory for P ...) + NOT-FOR-US: PHPGURUKUL Employee Record Management System +CVE-2021-44964 (Use after free in garbage collector and finalizer of lgc.c in Lua inte ...) + - lua5.4 5.4.4-1 + [bullseye] - lua5.4 (Minor issue, GC/finalizer changes intrusive to backport) + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00186.html + NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00007.html + NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00015.html + NOTE: http://lua-users.org/lists/lua-l/2021-12/msg00030.html + NOTE: https://github.com/Lua-Project/lua-5.4.4-sandbox-escape-with-new-vulnerability + NOTE: https://github.com/lua/lua/commit/0bfc572e51d9035a615ef6e9523f736c9ffa8e57 + NOTE: https://github.com/lua/lua/commit/066e0f93c4901e601d93e31fb700f8f66f95feb8 + NOTE: https://github.com/lua/lua/commit/cf613cdc6fa367257fc61c256f63d917350858b5 + NOTE: https://github.com/lua/lua/commit/86ec152433baf8daf39f03a59c6842cbe33a179d + NOTE: https://github.com/lua/lua/commit/597a53bbc681089d85b082b46c2e2428dec43b86 +CVE-2021-44963 + RESERVED +CVE-2021-44962 (An out-of-bounds read vulnerability exists in the GCode::extrude() fun ...) + - slic3r (unimportant) + NOTE: https://hackmd.io/KSI1bwGfSyO7T8UCf0HeTw + NOTE: Crash in GUI tool, no security impact +CVE-2021-44961 (A memory leakage flaw exists in the class PerimeterGenerator of Slic3r ...) + - slic3r (unimportant) + NOTE: https://hackmd.io/nDT_UKLyRQendxDwil9A4w + NOTE: memory overusage in GUI tool, no security impact +CVE-2021-44960 (In SVGPP SVG++ library 1.3.0, the XMLDocument::getRoot function in the ...) + {DLA-3376-1} + - svgpp 1.3.0+dfsg1-5 (bug #1014599) + [bullseye] - svgpp (Minor issue) + NOTE: https://github.com/svgpp/svgpp/issues/101 + NOTE: https://github.com/svgpp/svgpp/commit/0bc57f2cc6d9d86a0fa1ce73e508c2b5994b4b91 +CVE-2021-44959 + RESERVED +CVE-2021-44958 + RESERVED +CVE-2021-44957 (Global buffer overflow vulnerability exist in ffjpeg through 01.01.202 ...) + NOT-FOR-US: ffjpeg +CVE-2021-44956 (Two Heap based buffer overflow vulnerabilities exist in ffjpeg through ...) + NOT-FOR-US: ffjpeg +CVE-2021-44955 + RESERVED +CVE-2021-44954 (In QVIS NVR DVR before 2021-12-13, an attacker can escalate privileges ...) + NOT-FOR-US: QVIS NVR DVR +CVE-2021-44953 + RESERVED +CVE-2021-44952 + RESERVED +CVE-2021-44951 + RESERVED +CVE-2021-44950 + RESERVED +CVE-2021-44949 (glFusion CMS 1.7.9 is affected by an access control vulnerability via ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44948 + REJECTED +CVE-2021-44947 + RESERVED +CVE-2021-44946 + RESERVED +CVE-2021-44945 + RESERVED +CVE-2021-44944 + RESERVED +CVE-2021-44943 + RESERVED +CVE-2021-44942 (glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44941 + RESERVED +CVE-2021-44940 + RESERVED +CVE-2021-44939 + RESERVED +CVE-2021-44938 + RESERVED +CVE-2021-44937 (glFusion CMS v1.7.9 is affected by an arbitrary user registration vuln ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44936 + RESERVED +CVE-2021-44935 (glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vul ...) + NOT-FOR-US: glFusion CMS +CVE-2021-44934 + RESERVED +CVE-2021-44933 + RESERVED +CVE-2021-44932 + RESERVED +CVE-2021-44931 + RESERVED +CVE-2021-44930 + RESERVED +CVE-2021-44929 + RESERVED +CVE-2021-44928 + RESERVED +CVE-2021-44927 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1960 + NOTE: https://github.com/gpac/gpac/commit/eaea647cc7dec7b452c17e72f4ce46be35348c92 (v2.0.0) +CVE-2021-44926 (A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in t ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1961 + NOTE: https://github.com/gpac/gpac/commit/f73da86bf32992f62b9ff2b9c9e853e3c97edf8e (v2.0.0) +CVE-2021-44925 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1967 + NOTE: https://github.com/gpac/gpac/commit/a5a8dbcdd95666f763fe59ab65154ae9271a18f2 (v2.0.0) +CVE-2021-44924 (An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log func ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1959 + NOTE: https://github.com/gpac/gpac/commit/e2acb1511d1e69115141ea3080afd1cce6a15497 (v2.0.0) +CVE-2021-44923 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1962 + NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) +CVE-2021-44922 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the B ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1969 + NOTE: https://github.com/gpac/gpac/issues/1968 + NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) +CVE-2021-44921 (A null pointer dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1964 + NOTE: https://github.com/gpac/gpac/commit/5b4a6417a90223f1ef6c0b41b055716f7bfbbca2 (v2.0.0) +CVE-2021-44920 (An invalid memory address dereference vulnerability exists in gpac 1.1 ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1957 + NOTE: https://github.com/gpac/gpac/commit/339fe399e7c8eab748bab76e9e6a9da7e117eeb4 (v2.0.0) +CVE-2021-44919 (A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_a ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1963 + NOTE: https://github.com/gpac/gpac/issues/1962 + NOTE: https://github.com/gpac/gpac/commit/8a3c021109d26894c3cb85c9d7cda5780a3a2229 (v2.0.0) +CVE-2021-44918 (A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the g ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1968 + NOTE: https://github.com/gpac/gpac/commit/75474199cf7187868fa4be4e76377db3c659ee9a (v2.0.0) +CVE-2021-44917 (A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d ...) + - gnuplot 5.4.2+dfsg2-2 (unimportant; bug #1002539) + [bullseye] - gnuplot 5.4.1+dfsg1-1+deb11u1 + NOTE: https://sourceforge.net/p/gnuplot/bugs/2474/ + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/8938dfc937348f1d4e7b3d6ef6d44209b1d89473/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/acab14de21e323254507fca85f964e471258ac82/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/4cc2a4c83bc95470caa525cda52fba683e95bbb9/ (master) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/7285b0c578a067d8d9fe0566ccefaee131f62087/ (branch-5-4-stable) + NOTE: https://sourceforge.net/p/gnuplot/gnuplot-main/ci/bac7cf51333242999ecb66883fd6076168ec3441/ (branch-5-4-stable) + NOTE: Crash in CLI tool, negligible security impact +CVE-2021-44916 (Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a ...) + NOT-FOR-US: Open-AudIT +CVE-2021-44915 (Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerabi ...) + NOT-FOR-US: taocms +CVE-2021-44914 + RESERVED +CVE-2021-44913 + RESERVED +CVE-2021-44912 (In XE 1.116, when uploading the Normal button, there is no restriction ...) + NOT-FOR-US: XE +CVE-2021-44911 (XE before 1.11.6 is vulnerable to Unrestricted file upload via modules ...) + NOT-FOR-US: XE +CVE-2021-44910 + RESERVED +CVE-2021-44909 + RESERVED +CVE-2021-44908 (SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via cont ...) + NOT-FOR-US: SailsJS Sails.jsSailsJS Sails.js +CVE-2021-44907 + REJECTED +CVE-2021-44906 (Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.j ...) + - node-minimist 1.2.6+~cs5.3.2-1 + [bullseye] - node-minimist 1.2.5+~cs5.3.1-2+deb11u1 + [buster] - node-minimist 1.2.0-1+deb10u2 + [stretch] - node-minimist (Nodejs in stretch not covered by security support) + NOTE: https://github.com/substack/minimist/issues/164 + NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 + NOTE: The initial fix for prototype pollution (cf. SNYK-JS-MINIMIST-559764) in setKey() + NOTE: was insufficient. +CVE-2021-44905 (Incorrect permissions in the Bluetooth Services in the Fortessa FTBTLD ...) + NOT-FOR-US: Fortessa +CVE-2021-44904 + RESERVED +CVE-2021-44903 (Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to ...) + NOT-FOR-US: Micro-Star International (MSI) Center Pro +CVE-2021-44902 + RESERVED +CVE-2021-44901 (Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerabl ...) + NOT-FOR-US: Micro-Star International (MSI) Dragon Center +CVE-2021-44900 (Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerabl ...) + NOT-FOR-US: Micro-Star International (MSI) App Player +CVE-2021-44899 (Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to mul ...) + NOT-FOR-US: Micro-Star International (MSI) Center +CVE-2021-44898 + RESERVED +CVE-2021-44897 + RESERVED +CVE-2021-44896 (DMP Roadmap before 3.0.4 allows XSS.) + NOT-FOR-US: DMP Roadmap +CVE-2021-44895 + RESERVED +CVE-2021-44894 + RESERVED +CVE-2021-44893 + RESERVED +CVE-2021-44892 (A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x v ...) + NOT-FOR-US: ThinkPHP +CVE-2021-44891 + RESERVED +CVE-2021-44890 + RESERVED +CVE-2021-44889 + RESERVED +CVE-2021-44888 + RESERVED +CVE-2021-44887 + RESERVED +CVE-2021-44886 (In Zammad 5.0.2, agents can configure "out of office" periods and subs ...) + - zammad (bug #841355) +CVE-2021-44885 + RESERVED +CVE-2021-44884 + RESERVED +CVE-2021-44883 + RESERVED +CVE-2021-44882 (D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a ...) + NOT-FOR-US: D-Link +CVE-2021-44881 (D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to co ...) + NOT-FOR-US: D-Link +CVE-2021-44880 (D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882 ...) + NOT-FOR-US: D-Link +CVE-2021-44879 (In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, ...) + - linux 5.16.7-1 + [stretch] - linux (Minor issue; f2fs is not supportable) + NOTE: https://www.openwall.com/lists/oss-security/2022/02/12/1 + NOTE: Fixed by: https://git.kernel.org/linus/9056d6489f5a41cfbb67f719d2c0ce61ead72d9f (5.17-rc1) +CVE-2021-44878 (If an OpenID Connect provider supports the "none" algorithm (i.e., tok ...) + NOT-FOR-US: Pac4j +CVE-2021-44877 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect A ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44876 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44875 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumer ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44874 (Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure de ...) + NOT-FOR-US: Dalmark Systems Systeam +CVE-2021-44873 + RESERVED +CVE-2021-44872 + RESERVED +CVE-2021-44871 + RESERVED +CVE-2021-44870 + RESERVED +CVE-2021-44869 + RESERVED +CVE-2021-44868 (A problem was found in ming-soft MCMS v5.1. There is a sql injection v ...) + NOT-FOR-US: ming-soft MCMS +CVE-2021-44867 + RESERVED +CVE-2021-44866 (An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The ...) + NOT-FOR-US: Online-Movie-Ticket-Booking-System +CVE-2021-44865 + RESERVED +CVE-2021-44864 (TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buff ...) + NOT-FOR-US: TP-Link +CVE-2021-44863 + RESERVED +CVE-2021-44862 (Netskope client is impacted by a vulnerability where an authenticated, ...) + NOT-FOR-US: Netskope +CVE-2021-44861 + RESERVED +CVE-2021-44860 (An out-of-bounds read vulnerability exists when reading a TIF file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44859 (An out-of-bounds read vulnerability exists when reading a TGA file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44858 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1 DLA-2847-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki 1:1.31.16-1+deb10u2 + NOTE: https://phabricator.wikimedia.org/T297322 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44857 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5021-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki (Vulnerable code not present) + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T297322 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44856 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5246-1 DLA-3117-1} + - mediawiki 1:1.35.5-1 + [stretch] - mediawiki (Minor issue) + NOTE: https://phabricator.wikimedia.org/T271037 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44855 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5246-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki (Vulnerable code not present) + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T293589 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44854 (An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36 ...) + {DSA-5246-1} + - mediawiki 1:1.35.5-1 + [buster] - mediawiki (Vulnerable code not present) + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T292763 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/QEN3EK4JXAVJMJ5GF3GYOAKNJPEKFQYA/ +CVE-2021-44853 + RESERVED +CVE-2021-44852 (An issue was discovered in BS_RCIO64.sys in Biostar RACING GT Evo 2.1. ...) + NOT-FOR-US: Biostar RACING GT Evo +CVE-2021-44851 + RESERVED +CVE-2021-44850 (On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot i ...) + NOT-FOR-US: Xilinx Zynq-7000 SoC device +CVE-2021-44849 + RESERVED +CVE-2021-44848 (In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns dif ...) + NOT-FOR-US: Cibele Thinfinity VirtualUI +CVE-2021-44847 (A stack-based buffer overflow in handle_request function in DHT.c in t ...) + - libtoxcore 0.2.13-1 (bug #1001711) + [bullseye] - libtoxcore (Minor issue) + [buster] - libtoxcore (Minor issue) + NOTE: https://github.com/TokTok/c-toxcore/pull/1718 + NOTE: https://blog.tox.chat/2021/12/stack-based-buffer-overflow-vulnerability-in-udp-packet-handling-in-toxcore-cve-2021-44847/ + NOTE: Introduced by: https://github.com/TokTok/c-toxcore/commit/71260e38e8d12547b0e55916daf6cadd72f52e19 (v0.1.9) + NOTE: Fixed by: https://github.com/TokTok/c-toxcore/commit/1b02bad36864fdfc36694e3f96d2dc6c58a891e4 (v0.2.13) +CVE-2021-44846 + RESERVED +CVE-2021-44845 + RESERVED +CVE-2021-44844 + RESERVED +CVE-2021-44843 + RESERVED +CVE-2021-44842 + RESERVED +CVE-2021-44841 + RESERVED +CVE-2021-44840 (An issue was discovered in Delta RM 1.2. Using an privileged account, ...) + NOT-FOR-US: Delta RM +CVE-2021-44839 (An issue was discovered in Delta RM 1.2. It is possible to request a n ...) + NOT-FOR-US: Delta RM +CVE-2021-44838 (An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax ...) + NOT-FOR-US: Delta RM +CVE-2021-44837 (An issue was discovered in Delta RM 1.2. It is possible for an unprivi ...) + NOT-FOR-US: Delta RM +CVE-2021-44836 (An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/r ...) + NOT-FOR-US: Delta RM +CVE-2021-44835 (An issue was discovered in Active Intelligent Visualization 5. The Vdc ...) + NOT-FOR-US: Active Intelligent Visualization +CVE-2021-44834 + RESERVED +CVE-2021-4107 (yetiforcecrm is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: yetiforcecrm +CVE-2021-4106 (A vulnerability in Snow Inventory Java Scanner allows an attacker to r ...) + NOT-FOR-US: Snow Inventory Java Scanner +CVE-2021-4105 (Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewal ...) + NOT-FOR-US: BG-TEK +CVE-2018-25022 (The Onion module in toxcore before 0.2.2 doesn't restrict which packet ...) + - libtoxcore 0.2.2-1 + NOTE: https://blog.tox.chat/2018/04/security-vulnerability-and-new-toxcore-release + NOTE: https://github.com/TokTok/c-toxcore/issues/873 + NOTE: https://github.com/TokTok/c-toxcore/pull/872 +CVE-2018-25021 (The TCP Server module in toxcore before 0.2.8 doesn't free the TCP pri ...) + - libtoxcore 0.2.8-1 + NOTE: https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/ + NOTE: https://github.com/TokTok/c-toxcore/issues/1214 + NOTE: https://github.com/TokTok/c-toxcore/pull/1216 +CVE-2021-44833 (The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions for the c ...) + NOT-FOR-US: CLI for Amazon AWS OpenSearch +CVE-2021-4104 (JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted ...) + {DLA-2905-1} + - apache-log4j1.2 1.2.17-11 + [bullseye] - apache-log4j1.2 1.2.17-10+deb11u1 + [buster] - apache-log4j1.2 1.2.17-8+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/1 + NOTE: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126 + NOTE: Issue for Log4j 1.2 when specifically configured to use JMSAppender (not the default) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/13/2 +CVE-2021-4103 (Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vd ...) + NOT-FOR-US: vditor +CVE-2021-44832 (Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fi ...) + {DLA-2870-1} + - apache-log4j2 2.17.1-1 (bug #1002813) + [bullseye] - apache-log4j2 2.17.1-1~deb11u1 + [buster] - apache-log4j2 2.17.1-1~deb10u1 + NOTE: https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3293 + NOTE: https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143 + NOTE: https://github.com/apache/logging-log4j2/commit/05db5f9527254632b59aed2a1d78a32c5ab74f16 (log4j-2.17.1-rc1) + NOTE: Fixed in 2.17.1, 2.12.4 and 2.3.2 +CVE-2022-21832 + RESERVED +CVE-2022-21831 (A code injection vulnerability exists in the Active Storage >= v5.2.0 ...) + {DSA-5372-1 DLA-3093-1} + - rails 2:6.1.4.7+dfsg-1 (bug #1011940) + NOTE: https://github.com/advisories/GHSA-w749-p3v6-hccq + NOTE: https://github.com/rails/rails/commit/b0b5eaf477c907819ead1808d09bfaae3eb4cc54 (v6.1.4.7) + NOTE: https://github.com/rails/rails/commit/92f64fec3136baabbebac97073c5213ea055dc53 (v6.0.4.7) + NOTE: https://github.com/rails/rails/commit/94e2f00d2abedbea1ef62fc775d031ffda00662c (v5.2.6.3) +CVE-2022-21830 (A blind self XSS vulnerability exists in RocketChat LiveChat (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4101 (Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.466 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4100 (Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.11 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4099 (Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4098 (Insufficient data validation in Mojo in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4097 (phpservermon is vulnerable to Improper Neutralization of CRLF Sequence ...) + NOT-FOR-US: phpservermon +CVE-2021-4096 (The Fancy Product Designer plugin for WordPress is vulnerable to Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2022-21822 (NVIDIA FLARE contains a vulnerability in the admin interface, where an ...) + NOT-FOR-US: NVIDIA +CVE-2022-21821 (NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in ...) + [experimental] - nvidia-cuda-toolkit 11.6.2-1 + - nvidia-cuda-toolkit 11.6.2-2 (bug #1008695) + [bullseye] - nvidia-cuda-toolkit (Non-free not supported) + [buster] - nvidia-cuda-toolkit (Non-free not supported) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5334 +CVE-2022-21820 (NVIDIA DCGM contains a vulnerability in nvhostengine, where a network ...) + NOT-FOR-US: NVIDIA +CVE-2022-21819 (NVIDIA distributions of Jetson Linux contain a vulnerability where an ...) + NOT-FOR-US: NVIDIA +CVE-2022-21818 (NVIDIA License System contains a vulnerability in the installation scr ...) + NOT-FOR-US: NVIDIA License System +CVE-2022-21817 (NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CO ...) + NOT-FOR-US: NVIDIA +CVE-2022-21816 (NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manag ...) + NOT-FOR-US: NVIDIA vGPU software +CVE-2022-21815 (NVIDIA GPU Display Driver for Windows contains a vulnerability in the ...) + NOT-FOR-US: NVIDIA GPU Display Driver for Windows +CVE-2022-21814 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) +CVE-2022-21813 (NVIDIA GPU Display Driver for Linux contains a vulnerability in the ke ...) + - nvidia-graphics-drivers 470.103.01-1 (bug #1004847) + [bullseye] - nvidia-graphics-drivers 470.129.06-5~deb11u1 + [buster] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-tesla-470 470.103.01-1 (bug #1004853) +CVE-2021-44795 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44794 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44793 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Single Connect +CVE-2021-44792 (Single Connect does not perform an authorization check when using the ...) + NOT-FOR-US: Kron Single Connect +CVE-2021-44791 (In Apache Druid 0.22.1 and earlier, certain specially-crafted links re ...) + - druid (bug #825797) +CVE-2021-44790 (A carefully crafted request body can cause a buffer overflow in the mo ...) + {DSA-5035-1 DLA-2907-1} + - apache2 2.4.52-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44790 + NOTE: Fixed by: https://svn.apache.org/r1896039 +CVE-2021-4095 (A NULL pointer dereference was found in the Linux kernel's KVM when di ...) + - linux 5.17.3-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://lore.kernel.org/kvm/CAFcO6XOmoS7EacN_n6v4Txk7xL7iqRa2gABg3F7E3Naf5uG94g@mail.gmail.com/ + NOTE: https://patchwork.kernel.org/project/kvm/patch/20211121125451.9489-12-dwmw2@infradead.org/ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2031194 +CVE-2021-4094 + RESERVED +CVE-2021-4093 (A flaw was found in the KVM's AMD code for supporting the Secure Encry ...) + - linux 5.14.16-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/95e16b4792b0429f1933872f743410f00e590c55 (5.15-rc7) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028584 +CVE-2021-4092 (yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: yetiforcecrm +CVE-2021-4091 (A double-free was found in the way 389-ds-base handles virtual attribu ...) + {DLA-3399-1} + - 389-ds-base 2.0.15-1 + [stretch] - 389-ds-base (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030307 + NOTE: Introduced by: https://github.com/389ds/389-ds-base/commit/74c666b83e3e1789c2ef3f7935c327bd7555193e (389-ds-base-1.3.6.4) + NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/3553bce44d95e70f2cf13f26bb8866ecde9f7a7b (389-ds-base-2.0.15) + NOTE: Fixed by: https://github.com/389ds/389-ds-base/commit/a3c298f8140d3e4fa1bd5a670f1bb965a21a9b7b (389-ds-base-2.2.0) +CVE-2021-4090 (An out-of-bounds (OOB) memory write flaw was found in the NFSD in the ...) + - linux 5.15.5-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2025101 + NOTE: https://git.kernel.org/linus/c0019b7db1d7ac62c711cda6b357a659d46428fe (5.16-rc2) +CVE-2022-21812 (Improper access control in the Intel(R) HAXM software before version 7 ...) + NOT-FOR-US: Intel +CVE-2022-21804 (Out-of-bounds write in software for the Intel QAT Driver for Windows b ...) + NOT-FOR-US: Intel +CVE-2022-21794 (Improper authentication in BIOS firmware for some Intel(R) NUC Boards, ...) + NOT-FOR-US: Intel +CVE-2022-21793 (Insufficient control flow management in the Intel(R) Ethernet 500 Seri ...) + NOT-FOR-US: Intel +CVE-2022-21239 (Out-of-bounds read in software for the Intel QAT Driver for Windows be ...) + NOT-FOR-US: Intel +CVE-2022-21229 (Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Ki ...) + NOT-FOR-US: Intel +CVE-2022-21226 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) + NOT-FOR-US: Intel +CVE-2022-21206 + RESERVED +CVE-2022-21188 + RESERVED +CVE-2022-21185 + RESERVED +CVE-2022-21175 + RESERVED +CVE-2022-21171 + RESERVED +CVE-2022-21163 (Improper access control in the Crypto API Toolkit for Intel(R) SGX bef ...) + NOT-FOR-US: Intel +CVE-2022-21162 (Uncontrolled search path for the Intel(R) HDMI Firmware Update tool fo ...) + NOT-FOR-US: Intel +CVE-2022-21161 + RESERVED +CVE-2022-21156 (Access of uninitialized pointer in the Intel(R) Trace Analyzer and Col ...) + NOT-FOR-US: Intel +CVE-2022-21152 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + NOT-FOR-US: Intel +CVE-2022-21150 + RESERVED +CVE-2022-21148 (Improper access control in the Intel(R) Edge Insights for Industrial s ...) + NOT-FOR-US: Intel +CVE-2022-21135 + RESERVED +CVE-2021-44789 + RESERVED +CVE-2021-44788 + RESERVED +CVE-2021-44787 + RESERVED +CVE-2021-44786 + RESERVED +CVE-2021-44785 + RESERVED +CVE-2021-44784 + RESERVED +CVE-2021-44783 + RESERVED +CVE-2021-44782 + RESERVED +CVE-2021-44781 + RESERVED +CVE-2021-44780 + RESERVED +CVE-2021-44764 + RESERVED +CVE-2021-4089 (snipe-it is vulnerable to Improper Access Control) + - snipe-it (bug #1005172) +CVE-2021-37408 + RESERVED +CVE-2021-31565 + RESERVED +CVE-2021-26261 + RESERVED +CVE-2021-26255 + RESERVED +CVE-2021-23189 + RESERVED +CVE-2021-23175 (NVIDIA GeForce Experience contains a vulnerability in user authorizati ...) + NOT-FOR-US: NVIDIA GeForce Experience +CVE-2021-23171 + RESERVED +CVE-2021-23170 + RESERVED +CVE-2021-23148 + RESERVED +CVE-2021-44759 (Improper Authentication vulnerability in TLS origin validation of Apac ...) + {DSA-5153-1} + - trafficserver 9.1.0+ds-1 + NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6 + NOTE: Mark first 9.x version as fixed version, as the issue only affects versions + NOTE: 8.x up to 8.1.3. + NOTE: https://github.com/apache/trafficserver/commit/d3f36f79820ea10c26573c742b1bbc370c351716 (8.1.x) +CVE-2021-4088 (SQL injection vulnerability in Data Loss Protection (DLP) ePO extensio ...) + NOT-FOR-US: McAfee +CVE-2021-4087 + RESERVED +CVE-2021-4086 + RESERVED +CVE-2021-4085 + RESERVED +CVE-2021-4084 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-4083 (A read-after-free memory flaw was found in the Linux kernel's garbage ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.5-2 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/linus/054aa8d439b9185d4f5eb9a90282d1ce74772969 (5.16-rc4) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2247 +CVE-2021-4082 (pimcore is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: Pimcore +CVE-2021-4081 (pimcore is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: Pimcore +CVE-2021-44758 (Heimdal before 7.7.1 allows attackers to cause a NULL pointer derefere ...) + {DSA-5287-1 DLA-3206-1} + - heimdal 7.8.git20221115.a6cf945+dfsg-1 (bug #1024187) + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-69h9-669w-88xv + NOTE: https://github.com/heimdal/heimdal/commit/f9ec7002cdd526ae84fbacbf153162e118f22580 (heimdal-7.7.1) +CVE-2021-44757 (Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Centr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44756 + RESERVED +CVE-2021-44755 + RESERVED +CVE-2021-44754 + RESERVED +CVE-2021-44753 + RESERVED +CVE-2021-44752 + RESERVED +CVE-2021-44751 (A vulnerability affecting F-Secure SAFE browser was discovered. A mali ...) + NOT-FOR-US: F-Secure +CVE-2021-44750 (An arbitrary code execution vulnerability was found in the F-Secure Su ...) + NOT-FOR-US: F-Secure +CVE-2021-44749 (A vulnerability affecting F-Secure SAFE browser protection was discove ...) + NOT-FOR-US: F-Secure +CVE-2021-44748 (A vulnerability affecting F-Secure SAFE browser was discovered whereby ...) + NOT-FOR-US: F-Secure +CVE-2021-44747 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) + NOT-FOR-US: F-Secure +CVE-2021-44746 (UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior ...) + NOT-FOR-US: UNIVERGE +CVE-2021-44745 + RESERVED +CVE-2021-44744 + RESERVED +CVE-2021-44743 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44742 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44741 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44740 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44739 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) + NOT-FOR-US: Adobe +CVE-2021-44545 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + {DLA-3380-1} + - firmware-nonfree 20220913-1 + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html + NOTE: Fixed upstream in 20220815 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 +CVE-2021-44457 + RESERVED +CVE-2021-44454 (Improper input validation in a third-party component for Intel(R) Quar ...) + NOT-FOR-US: Intel +CVE-2021-43351 + RESERVED +CVE-2021-4080 (crater is vulnerable to Unrestricted Upload of File with Dangerous Typ ...) + NOT-FOR-US: Crater +CVE-2021-26946 + REJECTED +CVE-2021-26254 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) + NOT-FOR-US: Intel +CVE-2021-23188 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + NOT-FOR-US: Intel +CVE-2021-23168 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(T ...) + {DLA-3380-1} + - firmware-nonfree 20220913-1 + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html + NOTE: Fixed upstream in 20220815 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 +CVE-2021-23152 (Improper access control in the Intel(R) Advisor software before versio ...) + NOT-FOR-US: Intel +CVE-2021-23145 + REJECTED +CVE-2021-XXXX [Rainloop stores passwords in cleartext in logfile] + - rainloop 1.14.0-1 (bug #962629) + [buster] - rainloop (Minor issue) + NOTE: https://github.com/RainLoop/rainloop-webmail/issues/1872 +CVE-2021-44738 (Buffer overflow vulnerability has been identified in Lexmark devices t ...) + NOT-FOR-US: Lexmark +CVE-2021-44737 (PJL directory traversal vulnerability in Lexmark devices through 2021- ...) + NOT-FOR-US: Lexmark +CVE-2021-44736 (The initial admin account setup wizard on Lexmark devices allow unauth ...) + NOT-FOR-US: Lexmark +CVE-2021-44735 (Embedded web server command injection vulnerability in Lexmark devices ...) + NOT-FOR-US: Lexmark +CVE-2021-44734 (Embedded web server input sanitization vulnerability in Lexmark device ...) + NOT-FOR-US: Lexmark +CVE-2021-44733 (A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2030747 +CVE-2021-44732 (Mbed TLS before 3.0.1 has a double free in certain out-of-memory condi ...) + {DLA-3249-1} + [experimental] - mbedtls 2.28.0-0.1 + - mbedtls 2.28.0-0.3 (bug #1002631) + [bullseye] - mbedtls (Minor issue) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 + NOTE: https://github.com/ARMmbed/mbedtls/commit/eb490aabf6a9f47c074ec476d0d4997c2362cdbc (mbedtls-2.16.12) +CVE-2021-44731 (A race condition existed in the snapd 2.54.2 snap-confine binary when ...) + {DSA-5080-1} + - snapd 2.54.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 +CVE-2021-44730 (snapd 2.54.2 did not properly validate the location of the snap-confin ...) + {DSA-5080-1} + - snapd 2.54.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2022/02/17/2 +CVE-2021-44729 + RESERVED +CVE-2021-44728 + RESERVED +CVE-2021-44727 + RESERVED +CVE-2021-44726 (KNIME Server before 4.13.4 allows XSS via the old WebPortal login page ...) + NOT-FOR-US: KNIME Server +CVE-2021-44725 (KNIME Server before 4.13.4 allows directory traversal in a request for ...) + NOT-FOR-US: KNIME Server +CVE-2021-44724 + RESERVED +CVE-2021-44723 + RESERVED +CVE-2021-44722 + RESERVED +CVE-2021-44721 + RESERVED +CVE-2021-44720 (In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the a ...) + NOT-FOR-US: Ivanti +CVE-2021-44719 (Docker Desktop 4.3.0 has Incorrect Access Control.) + NOT-FOR-US: Docker Desktop on MacOS +CVE-2021-44718 (wolfSSL through 5.0.0 allows an attacker to cause a denial of service ...) + - wolfssl 5.1.1-1 + [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 + NOTE: https://github.com/wolfSSL/wolfssl/pull/4629 +CVE-2021-44717 (Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operat ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.5-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/50057 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/e46abcb816fb20663483f84fe52e370790a99bee (go1.17.5) + NOTE: https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.16.12) +CVE-2021-44716 (net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontro ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.5-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 + - golang-1.8 + - golang-1.7 + - golang-golang-x-net 1:0.0+git20211209.491a49a+dfsg-1 + [bullseye] - golang-golang-x-net (Minor issue) + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support, minor issue, follow bullseye DSAs/point-releases) + [stretch] - golang-golang-x-net-dev (Limited support in stretch) + NOTE: https://github.com/golang/go/issues/50058 + NOTE: https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ + NOTE: https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5) + NOTE: https://github.com/golang/go/commit/d0aebe3e74fe14799f97ddd3f01129697c6a290a (go1.16.12) + NOTE: https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70 +CVE-2021-44715 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44714 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44713 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44712 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44711 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44710 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44709 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44708 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44707 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44706 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44705 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44704 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44703 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44702 (Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), ...) + NOT-FOR-US: Adobe +CVE-2021-44701 (Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (an ...) + NOT-FOR-US: Adobe +CVE-2021-44700 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44699 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44698 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44697 (Adobe Audition versions 14.4 (and earlier), and 22.0 (and earlier)are ...) + NOT-FOR-US: Adobe +CVE-2021-44696 (Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-44695 (Affected devices don't process correctly certain special crafted packe ...) + NOT-FOR-US: Siemens +CVE-2021-44694 (Affected devices don't process correctly certain special crafted packe ...) + NOT-FOR-US: Siemens +CVE-2021-44693 (Affected devices don't process correctly certain special crafted packe ...) + NOT-FOR-US: Siemens +CVE-2021-4079 (Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4078 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4077 + RESERVED +CVE-2021-4076 (A flaw exists in tang, a network-based cryptographic binding server, w ...) + {DSA-5025-1} + - tang 11-1 + [buster] - tang (Vulnerable code introduced later) + NOTE: https://github.com/latchset/tang/pull/81 + NOTE: Introduced by: https://github.com/latchset/tang/commit/609050586e4863329d2db9b7cb73da5c09eeea2b (v8) + NOTE: Fixed by: https://github.com/latchset/tang/commit/e82459fda10f0630c3414ed2afbc6320bb9ea7c9 (v11) +CVE-2021-44692 (BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the ...) + NOT-FOR-US: BuddyBoss Platform +CVE-2021-44691 + RESERVED +CVE-2021-44690 + RESERVED +CVE-2021-44689 + RESERVED +CVE-2021-44688 + RESERVED +CVE-2021-44687 + RESERVED +CVE-2021-44686 (calibre before 5.32.0 contains a regular expression that is vulnerable ...) + - calibre 5.33.0+dfsg-1 + [bullseye] - calibre (Minor issue) + [buster] - calibre (Minor issue) + [stretch] - calibre (Minor issue) + NOTE: https://bugs.launchpad.net/calibre/+bug/1951979 + NOTE: https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0) +CVE-2021-44685 (Git-it through 4.4.0 allows OS command injection at the Branches Aren' ...) + NOT-FOR-US: git-it +CVE-2021-44684 (naholyr github-todos 3.1.0 is vulnerable to command injection. The ran ...) + NOT-FOR-US: naholyr github-todos +CVE-2021-44683 (The DuckDuckGo browser 7.64.4 on iOS allows Address Bar Spoofing due t ...) + NOT-FOR-US: DuckDuckGo browser +CVE-2021-44682 (An issue (6 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44681 (An issue (5 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44680 (An issue (4 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44679 (An issue (3 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44678 (An issue (2 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44677 (An issue (1 of 6) was discovered in Veritas Enterprise Vault through 1 ...) + NOT-FOR-US: Veritas +CVE-2021-44676 (Zoho ManageEngine Access Manager Plus before 4203 allows anyone to vie ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44675 (Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vuln ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-4075 (snipe-it is vulnerable to Server-Side Request Forgery (SSRF)) + - snipe-it (bug #1005172) +CVE-2021-4074 (The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4073 (The RegistrationMagic WordPress plugin made it possible for unauthenti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4072 (elgg is vulnerable to Improper Neutralization of Input During Web Page ...) + NOT-FOR-US: elgg +CVE-2021-4071 + RESERVED +CVE-2021-44674 (An information exposure issue has been discovered in Opmantek Open-Aud ...) + NOT-FOR-US: Open-AudIT +CVE-2021-44673 (A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via ...) + NOT-FOR-US: Croogo +CVE-2021-44672 + RESERVED +CVE-2021-44671 + RESERVED +CVE-2021-44670 + RESERVED +CVE-2021-44669 + RESERVED +CVE-2021-44668 + RESERVED +CVE-2021-44667 (A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in au ...) + NOT-FOR-US: Nacos +CVE-2021-44666 + RESERVED +CVE-2021-44665 (A Directory Traversal vulnerability exists in the Xerte Project Xerte ...) + NOT-FOR-US: Xerte +CVE-2021-44664 (An Authenticated Remote Code Exection (RCE) vulnerability exists in Xe ...) + NOT-FOR-US: Xerte +CVE-2021-44663 (A Remote Code Execution (RCE) vulnerability exists in the Xerte Projec ...) + NOT-FOR-US: Xerte +CVE-2021-44662 (A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte ...) + NOT-FOR-US: Xerte +CVE-2021-44661 + RESERVED +CVE-2021-44660 + RESERVED +CVE-2021-44659 (Adding a new pipeline in GoCD server version 21.3.0 has a functionalit ...) + NOT-FOR-US: GoCD server +CVE-2021-44658 + RESERVED +CVE-2021-44657 (In StackStorm versions prior to 3.6.0, the jinja interpreter was not r ...) + NOT-FOR-US: StackStorm +CVE-2021-44656 + RESERVED +CVE-2021-44655 (Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQ ...) + NOT-FOR-US: Online Pre-owned/Used Car Showroom Management System +CVE-2021-44654 + RESERVED +CVE-2021-44653 (Online Magazine Management System 1.0 contains a SQL injection authent ...) + NOT-FOR-US: Online Magazine Management System +CVE-2021-44652 (Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44651 (Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44650 (Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote co ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44649 (Django CMS 3.7.3 does not validate the plugin_type parameter while gen ...) + - python-django-cms (bug #516183) +CVE-2021-44648 (GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulner ...) + {DSA-5228-1} + - gdk-pixbuf 2.42.9+dfsg-1 (bug #1014600) + [buster] - gdk-pixbuf (Vulnerable code introduced later) + [stretch] - gdk-pixbuf (Vulnerable code introduced later) + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/136 + NOTE: https://sahildhar.github.io/blogpost/GdkPixbuf-Heap-Buffer-Overflow-in-lzw_decoder_new/ + NOTE: Introduced by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/b88f1ce91a610a4e491a4ad6352183791e78afac (2.39.2) + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130 + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/76eda67dbc3f48c9dd6815a5aaf6014ea4a16771 (2.42.9) + NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/0cf97225c9c227d11fc4ddf9cba8e8480672ee1b (2.42.9) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/19ebba03117aefc9d0312f675f3a210ffdcc4907 (2.42.9) + NOTE: Tests: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/449441210921c8ed417b0c4d5edbccd2d57e23f8 (2.42.9) +CVE-2021-44647 (Lua v5.4.3 and above are affected by SEGV by type confusion in funcnam ...) + - lua5.4 5.4.4-1 (bug #1004189) + [bullseye] - lua5.4 (Minor issue) + - lua5.3 (Specific to 5.4) + - lua5.2 (Specific to 5.4) + - lua5.1 (Specific to 5.4) + - lua50 (Specific to 5.4) + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00195.html + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00204.html + NOTE: Fixed by: https://github.com/lua/lua/commit/1de95e97ef65632a88e08b6184bd9d1ceba7ec2f +CVE-2021-44646 + RESERVED +CVE-2021-44645 + RESERVED +CVE-2021-44644 + RESERVED +CVE-2021-44643 + RESERVED +CVE-2021-44642 + RESERVED +CVE-2021-44641 + RESERVED +CVE-2021-44640 + RESERVED +CVE-2021-44639 + RESERVED +CVE-2021-44638 + RESERVED +CVE-2021-44637 + RESERVED +CVE-2021-44636 + RESERVED +CVE-2021-44635 + RESERVED +CVE-2021-44634 + RESERVED +CVE-2021-44633 + RESERVED +CVE-2021-44632 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44631 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44630 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44629 (A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2. ...) + NOT-FOR-US: TP-Link +CVE-2021-44628 (A Buffer Overflow vulnerabiltiy exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44627 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44626 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44625 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44624 + RESERVED +CVE-2021-44623 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44622 (A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3 ...) + NOT-FOR-US: TP-Link +CVE-2021-44621 + RESERVED +CVE-2021-44620 (A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu. ...) + NOT-FOR-US: TOTOLINK +CVE-2021-44619 + RESERVED +CVE-2021-44618 (A Server-side Template Injection (SSTI) vulnerability exists in Nystud ...) + NOT-FOR-US: Nystudio107 Seomatic +CVE-2021-44617 (A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 ...) + NOT-FOR-US: GLPI plugin +CVE-2021-44616 + RESERVED +CVE-2021-44615 + RESERVED +CVE-2021-44614 + RESERVED +CVE-2021-44613 + RESERVED +CVE-2021-44612 + RESERVED +CVE-2021-44611 + RESERVED +CVE-2021-44610 (Multiple SQL Injection vulnerabilities exist in bloofoxCMS 0.5.2.1 - 0 ...) + NOT-FOR-US: bloofoxCMS +CVE-2021-44609 + RESERVED +CVE-2021-44608 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxC ...) + NOT-FOR-US: bloofoxCMS +CVE-2021-44607 (A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in ...) + NOT-FOR-US: FUEL-CMS +CVE-2021-44606 + RESERVED +CVE-2021-44605 + RESERVED +CVE-2021-44604 + RESERVED +CVE-2021-44603 + RESERVED +CVE-2021-44602 + RESERVED +CVE-2021-44601 + RESERVED +CVE-2021-44600 (The password parameter on Simple Online Mens Salon Management System ( ...) + NOT-FOR-US: Simple Online Mens Salon Management System (MSMS) +CVE-2021-44599 (The id parameter from Online Enrollment Management System 1.0 system a ...) + NOT-FOR-US: Online Enrollment Management System +CVE-2021-44598 (Attendance Management System 1.0 is affected by a Cross Site Scripting ...) + NOT-FOR-US: Attendance Management System +CVE-2021-44597 + REJECTED +CVE-2021-44596 (Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remot ...) + NOT-FOR-US: Wondershare +CVE-2021-44595 (Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to ...) + NOT-FOR-US: Wondershare +CVE-2021-44594 + RESERVED +CVE-2021-44593 (Simple College Website 1.0 is vulnerable to unauthenticated file uploa ...) + NOT-FOR-US: Simple College Website +CVE-2021-44592 + RESERVED +CVE-2021-44591 (In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser ...) + - ming + NOTE: https://github.com/libming/libming/issues/235 +CVE-2021-44590 (In libming 0.4.8, a memory exhaustion vulnerability exist in the funct ...) + - ming + NOTE: https://github.com/libming/libming/issues/236 +CVE-2021-44589 + RESERVED +CVE-2021-44588 + RESERVED +CVE-2021-44587 + RESERVED +CVE-2021-44586 (An issue was discovered in dst-admin v1.3.0. The product has an unauth ...) + NOT-FOR-US: dst-admin +CVE-2021-44585 (A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in ...) + NOT-FOR-US: jeecg-boot +CVE-2021-44584 (Cross-site scripting (XSS) vulnerability in index.php in emlog version ...) + NOT-FOR-US: emlog +CVE-2021-44583 + RESERVED +CVE-2021-44582 (A Privilege Escalation vulnerability exists in Sourcecodester Money Tr ...) + NOT-FOR-US: Sourcecodester Money Transfer Management System +CVE-2021-44581 (An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the i ...) + NOT-FOR-US: Kreado Kreasfero CMS +CVE-2021-44580 + RESERVED +CVE-2021-44579 + RESERVED +CVE-2021-44578 + RESERVED +CVE-2021-44577 + REJECTED +CVE-2021-44576 + REJECTED +CVE-2021-44575 + REJECTED +CVE-2021-44574 + REJECTED +CVE-2021-44573 + REJECTED +CVE-2021-44572 + RESERVED +CVE-2021-44571 + REJECTED +CVE-2021-44570 + REJECTED +CVE-2021-44569 + REJECTED +CVE-2021-44568 (Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv th ...) + - libsolv 0.7.17-1 (unimportant) + NOTE: https://github.com/openSUSE/libsolv/issues/425 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) + NOTE: Issue is fixed in the testcase; negligible security impact +CVE-2021-44567 (An unauthenticated SQL Injection vulnerability exists in RosarioSIS be ...) + NOT-FOR-US: RosarioSIS +CVE-2021-44566 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...) + NOT-FOR-US: RosarioSIS +CVE-2021-44565 (A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before ...) + NOT-FOR-US: RosarioSIS +CVE-2021-44564 (A security vulnerability originally reported in the SYNC2101 product, ...) + NOT-FOR-US: SYNC2101 +CVE-2021-44563 + RESERVED +CVE-2021-44562 + RESERVED +CVE-2021-44561 + RESERVED +CVE-2021-44560 + RESERVED +CVE-2021-44559 + RESERVED +CVE-2021-44558 + RESERVED +CVE-2021-44557 (National Library of the Netherlands multiNER <= c0440948057afc6e3d6b49 ...) + NOT-FOR-US: National Library of the Netherlands multiNER +CVE-2021-44556 (National Library of the Netherlands digger < 6697d1269d981e35e11f24072 ...) + NOT-FOR-US: National Library of the Netherlands digger +CVE-2021-44555 + RESERVED +CVE-2021-44554 (Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate ...) + NOT-FOR-US: Thinfinity VirtualUI +CVE-2021-44553 + RESERVED +CVE-2021-44552 + RESERVED +CVE-2021-44551 + RESERVED +CVE-2021-44550 (An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via ...) + NOT-FOR-US: CoreNLP +CVE-2021-4070 (Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0 ...) + - golang-v2ray-core 4.34.0-7 (bug #1010377) + [bullseye] - golang-v2ray-core (Minor issue) + NOTE: https://huntr.dev/bounties/8da19456-4d89-41ef-9781-a41efd6a1877/ + NOTE: https://github.com/v2fly/v2ray-core/commit/c1af2bfd7aa59a4482aa7f6ec4b9208c1d350b5c +CVE-2021-44549 (Apache Sling Commons Messaging Mail provides a simple layer on top of ...) + NOT-FOR-US: Apache Sling +CVE-2021-4069 (vim is vulnerable to Use After Free) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/0efd6d23-2259-4081-9ff1-3ade26907d74/ + NOTE: https://github.com/vim/vim/commit/e031fe90cf2e375ce861ff5e5e281e4ad229ebb9 (v8.2.3741) + NOTE: Crash in CLI tool, no security impact +CVE-2021-44548 (An Improper Input Validation vulnerability in DataImportHandler of Apa ...) + - lucene-solr (Issue only affects Windows) + NOTE: https://issues.apache.org/jira/browse/SOLR-15826 +CVE-2021-4068 (Insufficient data validation in new tab page in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4067 (Use after free in window manager in Google Chrome on ChromeOS prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4066 (Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4065 (Use after free in autofill in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4064 (Use after free in screen capture in Google Chrome on ChromeOS prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4063 (Use after free in developer tools in Google Chrome prior to 96.0.4664. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4062 (Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4061 (Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4060 + RESERVED +CVE-2021-4059 (Insufficient data validation in loader in Google Chrome prior to 96.0. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4058 (Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4057 (Use after free in file API in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4056 (Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4055 (Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4054 (Incorrect security UI in autofill in Google Chrome prior to 96.0.4664. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4053 (Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4052 (Use after free in web apps in Google Chrome prior to 96.0.4664.93 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-4051 + RESERVED +CVE-2021-44543 (An XSS vulnerability was found in Privoxy which was fixed in cgi_error ...) + {DLA-2844-1} + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy 3.0.28-2+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0e668e9409cbf4ab8bf2d79be204bd4e81a00d85 (v_3_0_33) +CVE-2021-44542 (A memory leak vulnerability was found in Privoxy when handling errors.) + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy (Vulnerable code introduced in 3.0.29) + [stretch] - privoxy (Vulnerable code introduced in 3.0.29) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=c48d1d6d08996116cbcea55cd3fc6c2a558e499a (v_3_0_33) +CVE-2021-44541 (A vulnerability was found in Privoxy which was fixed in process_encryp ...) + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy (Vulnerable code introduced in 3.0.29) + [stretch] - privoxy (Vulnerable code introduced in 3.0.29) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=0509c58045b26463844188e07c5e87c74ea21044 (v_3_0_33) +CVE-2021-44540 (A vulnerability was found in Privoxy which was fixed in get_url_spec_p ...) + {DLA-2844-1} + - privoxy 3.0.33-1 + [bullseye] - privoxy 3.0.32-2+deb11u1 + [buster] - privoxy 3.0.28-2+deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/09/1 + NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=652b4b7cb07592c0912cf938a50fcd009fa29a0a (v_3_0_33) +CVE-2021-43353 (The Crisp Live Chat WordPress plugin is vulnerable to Cross-Site Reque ...) + NOT-FOR-US: WordPress plugin +CVE-2021-41836 (The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4050 (livehelperchat is vulnerable to Improper Neutralization of Input Durin ...) + NOT-FOR-US: livehelperchat +CVE-2021-4049 (livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: livehelperchat +CVE-2021-44539 + RESERVED +CVE-2021-44538 (The olm_session_describe function in Matrix libolm before 3.2.7 is vul ...) + {DSA-5034-1 DLA-2874-1} + - element-web (bug #866502) + - olm 3.2.8~dfsg-1 (bug #1001664) + [bullseye] - olm (Minor issue) + [buster] - olm (Vulnerable code introduced later) + - thunderbird 1:91.4.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-55/#CVE-2021-44538 + NOTE: https://matrix.org/blog/2021/12/13/disclosure-buffer-overflow-in-libolm-and-matrix-js-sdk/ + NOTE: Introduced by: https://gitlab.matrix.org/matrix-org/olm/-/commit/39a1ee0b18f0fced6d7bc293cc9a46ea70ec9e96 (3.1.4) + NOTE: Fixed by: https://gitlab.matrix.org/matrix-org/olm/-/commit/c23ce70fc66c26db5839ddb5a3b46d4c3d3abed6 (3.2.8) +CVE-2021-44537 (ownCloud owncloud/client before 2.9.2 allows Resource Injection by a s ...) + - owncloud-client 2.11.0.8354+dfsg-1 (bug #1014810) + [buster] - owncloud-client (Minor issue) + [stretch] - owncloud-client (OAuth support introduced in 2.4) + NOTE: https://owncloud.com/security-advisories/cve-2021-44537/ +CVE-2021-44536 + RESERVED +CVE-2021-44535 + RESERVED +CVE-2022-21824 (Due to the formatting logic of the "console.table()" function it was n ...) + {DSA-5170-1 DLA-3137-1} + - nodejs 12.22.9~dfsg-1 (bug #1004177) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#prototype-pollution-via-console-table-properties-low-cve-2022-21824 + NOTE: https://github.com/nodejs/node/commit/be69403528da99bf3df9e1dc47186f18ba59cb5e (v12.x) +CVE-2021-44534 + RESERVED +CVE-2021-44533 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle m ...) + {DSA-5170-1} + - nodejs 12.22.9~dfsg-1 (bug #1004177) + [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#incorrect-handling-of-certificate-subject-and-issuer-fields-medium-cve-2021-44533 + NOTE: https://hackerone.com/reports/1429694 + NOTE: https://github.com/nodejs/node/commit/8c2db2c86baff110a1d905ed1e0dd4e1c4fd2dd1 (v12.x) +CVE-2021-44532 (Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (S ...) + {DSA-5170-1} + - nodejs 12.22.9~dfsg-1 (bug #1004177) + [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#certificate-verification-bypass-via-string-injection-medium-cve-2021-44532 + NOTE: https://hackerone.com/reports/1429694 + NOTE: https://github.com/nodejs/node/commit/19873abfb24dce75ffff042efe76dc5633052677 (v12.x) + NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) +CVE-2021-44531 (Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI ...) + {DSA-5170-1} + - nodejs 12.22.9~dfsg-1 (bug #1004177) + [buster] - nodejs (Minor issue, requires MITM and uncommon CA, invasive/hard to backport) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/#improper-handling-of-uri-subject-alternative-names-medium-cve-2021-44531 + NOTE: https://hackerone.com/reports/1429694 + NOTE: https://github.com/nodejs/node/commit/e0fe6a635e5929a364986a6c39dc3585b9ddcd85 (v12.x) + NOTE: https://github.com/nodejs/node/commit/a5c7843cab6fdb9c845edadc2a7b9b30e02c8bf2 (v12.x) +CVE-2021-44530 (An injection vulnerability exists in a third-party library used in Uni ...) + NOT-FOR-US: UniFi Network +CVE-2021-44529 (A code injection vulnerability in the Ivanti EPM Cloud Services Applia ...) + NOT-FOR-US: Ivanti +CVE-2021-44528 (A open redirect vulnerability exists in Action Pack >= 6.0.0 that coul ...) + {DSA-5372-1} + - rails 2:6.1.4.6+dfsg-1 (bug #1001817) + [buster] - rails (Vulnerable code introduced later) + [stretch] - rails (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/14/5 + NOTE: https://github.com/rails/rails/commit/0fccfb9a3097a9c4260c791f1a40b128517e7815 (master) + NOTE: https://github.com/rails/rails/commit/aecba3c301b80e9d5a63c30ea1b287bceaf2c107 (v6.1.4.2) + NOTE: https://github.com/rails/rails/commit/fd6a64fef1d0f7f40a8d4b046da882e83163299c (v6.0.4.2) + NOTE: Introduced by: https://github.com/rails/rails/commit/07ec8062e605ba4e9bd153e1d264b02ac4ab8a0f (v6.0.0.beta1) +CVE-2021-44527 (A vulnerability found in UniFi Switch firmware Version 5.43.35 and ear ...) + NOT-FOR-US: UniFi Switch firmware +CVE-2021-44526 (Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44525 (Zoho ManageEngine PAM360 before build 5303 allows attackers to modify ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-44524 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44523 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44522 (A vulnerability has been identified in SiPass integrated V2.76 (All ve ...) + NOT-FOR-US: SiPass +CVE-2021-44477 (GE Gas Power ToolBoxST Version v04.07.05C suffers from an XML external ...) + NOT-FOR-US: GE Gas Power ToolBoxST +CVE-2021-4048 (An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, an ...) + - lapack 3.10.0-2 (bug #1001902) + [bullseye] - lapack (Minor issue) + [buster] - lapack (Minor issue) + [stretch] - lapack (Minor issue) + - openblas 0.3.18+ds-1 + [bullseye] - openblas (Minor issue) + [buster] - openblas (Minor issue) + [stretch] - openblas (Minor issue) + NOTE: https://github.com/Reference-LAPACK/lapack/pull/625 + NOTE: https://github.com/Reference-LAPACK/lapack/commit/38f3eeee3108b18158409ca2a100e6fe03754781 + NOTE: https://github.com/JuliaLang/julia/issues/42415 + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/337b65133df174796794871b3988cd03426e6d41 (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/2be5ee3cca97a597f2ee2118808a2d5eacea050c (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/fe497efa0510466fd93578aaf9da1ad8ed4edbe7 (v0.3.18) + NOTE: OpenBLAS: https://github.com/xianyi/OpenBLAS/commit/ddb0ff5353637bb5f5ad060c9620e334c143e3d7 (v0.3.18) +CVE-2021-4047 (The release of OpenShift 4.9.6 included four CVE fixes for the haproxy ...) + NOT-FOR-US: Red Hat OpenShift 4.9 incomplete fix for CVE-2021-39242 +CVE-2021-23198 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the passw ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-44521 (When running Apache Cassandra with the following configuration: enable ...) + - cassandra (bug #585905) +CVE-2021-4046 (The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an att ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-4045 (TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, ...) + NOT-FOR-US: TP-Link +CVE-2021-4044 (Internally libssl in OpenSSL calls X509_verify_cert() on the client si ...) + [experimental] - openssl 3.0.1-1 + - openssl (Vulnerable code not present) + NOTE: https://www.openssl.org/news/secadv/20211214.txt +CVE-2021-4043 (NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0 ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (Vulnerable code introduced later, in version 0.7.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) + NOTE: https://huntr.dev/bounties/d7a534cb-df7a-48ba-8ce3-46b1551a9c47 + NOTE: https://github.com/gpac/gpac/issues/2092 + NOTE: https://github.com/gpac/gpac/commit/64a2e1b799352ac7d7aad1989bc06e7b0f2b01db (v2.0.0) + NOTE: Introduced by https://github.com/gpac/gpac/commit/bc1704db1523eb3161af90da44b8394d4512855f +CVE-2021-4042 + REJECTED +CVE-2021-4041 (A flaw was found in ansible-runner. An improper escaping of the shell ...) + - ansible-runner 2.1.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2028074 + NOTE: https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd (2.1.0) +CVE-2021-4040 (A flaw was found in AMQ Broker. This issue can cause a partial interru ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2021-4039 (A command injection vulnerability in the web interface of the Zyxel NW ...) + NOT-FOR-US: Zyxel +CVE-2021-44520 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...) + NOT-FOR-US: Citrix XenMobile Server +CVE-2021-44519 (In Citrix XenMobile Server through 10.12 RP9, there is an Authenticate ...) + NOT-FOR-US: Citrix +CVE-2021-44518 (An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock ...) + NOT-FOR-US: eGeeTouch 3rd Generation Travel Padlock application for Android +CVE-2021-44517 + RESERVED +CVE-2021-44516 + RESERVED +CVE-2021-44515 (Zoho ManageEngine Desktop Central is vulnerable to authentication bypa ...) + NOT-FOR-US: ManageEngine +CVE-2021-44514 (OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles a ...) + NOT-FOR-US: ManageEngine +CVE-2021-44513 (Insecure creation of temporary directories in tmate-ssh-server 2.3.0 a ...) + - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) + [bullseye] - tmate-ssh-server (Minor issue) + NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 +CVE-2021-44512 (World-writable permissions on the /tmp/tmate/sessions directory in tma ...) + - tmate-ssh-server 2.3.0-68-gd7334ee4-1 (bug #1001225) + [bullseye] - tmate-ssh-server (Minor issue) + NOTE: Fixed by: https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/2 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189388 +CVE-2015-20106 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not esc ...) + NOT-FOR-US: WordPress plugin +CVE-2015-20105 (The ClickBank Affiliate Ads WordPress plugin through 1.20 does not hav ...) + NOT-FOR-US: WordPress plugin +CVE-2021-44511 + RESERVED +CVE-2021-44510 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44509 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44508 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44507 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44506 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44505 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44504 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm (bug #1034805) + [bookworm] - fis-gtm (Minor issue) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44503 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44502 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44501 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44500 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44499 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44498 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44497 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44496 (An issue was discovered in FIS GT.M through V7.0-000 (related to the Y ...) + - fis-gtm (bug #1034805) + [bookworm] - fis-gtm (Minor issue) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44495 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44494 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44493 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44492 (An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS ...) + - fis-gtm 7.0-002-1 (bug #1009900) + [bullseye] - fis-gtm (Minor issue) + [buster] - fis-gtm (Minor issue) + [stretch] - fis-gtm (Minor issue) + NOTE: http://tinco.pair.com/bhaskar/gtm/doc/articles/GTM_V7.0-002_Release_Notes.html + NOTE: https://gitlab.com/YottaDB/DB/YDB/-/issues/828 +CVE-2021-44491 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) + NOT-FOR-US: YottaDB +CVE-2021-44490 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) + NOT-FOR-US: YottaDB +CVE-2021-44489 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) + NOT-FOR-US: YottaDB +CVE-2021-44488 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) + NOT-FOR-US: YottaDB +CVE-2021-44487 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44486 (An issue was discovered in YottaDB through r1.32 and V7.0-000. Using c ...) + NOT-FOR-US: YottaDB +CVE-2021-44485 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44484 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44483 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44482 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44481 (An issue was discovered in YottaDB through r1.32 and V7.0-000. A lack ...) + NOT-FOR-US: YottaDB +CVE-2021-44480 (Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who ...) + NOT-FOR-US: Wokka Lokka Q50 devices +CVE-2021-44479 (NXP Kinetis K82 devices have a buffer over-read via a crafted wlength ...) + NOT-FOR-US: NXP Kinetis K82 devices +CVE-2021-44478 (A vulnerability has been identified in Polarion ALM (All versions < V2 ...) + NOT-FOR-US: Siemens +CVE-2021-4038 (Cross Site Scripting (XSS) vulnerability in McAfee Network Security Ma ...) + NOT-FOR-US: McAfee +CVE-2022-21240 (Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may ...) + NOT-FOR-US: Intel +CVE-2022-21237 (Improper buffer access in firmware for some Intel(R) NUCs may allow a ...) + NOT-FOR-US: Intel +CVE-2022-21218 (Uncaught exception in the Intel(R) Trace Analyzer and Collector before ...) + NOT-FOR-US: Intel +CVE-2022-21212 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) + NOT-FOR-US: Intel +CVE-2022-21197 (Improper input validation for some Intel(R) PROSet/Wireless WiFi produ ...) + NOT-FOR-US: Intel +CVE-2022-21172 (Out of bounds write for some Intel(R) PROSet/Wireless WiFi products ma ...) + NOT-FOR-US: Intel +CVE-2022-21160 (Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi pr ...) + NOT-FOR-US: Intel +CVE-2022-21140 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + NOT-FOR-US: Intel +CVE-2022-21139 (Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi ...) + NOT-FOR-US: Intel +CVE-2022-21133 (Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before ...) + NOT-FOR-US: Intel +CVE-2021-44470 (Incorrect default permissions for the Intel(R) Connect M Android appli ...) + NOT-FOR-US: Intel +CVE-2021-4037 (A vulnerability was found in the fs/inode.c:inode_init_owner() functio ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.14.6-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027239 + NOTE: https://git.kernel.org/linus/01ea173e103edd5ec41acec65b9261b87e123fc2 (5.12-rc1) +CVE-2021-4036 + RESERVED +CVE-2021-37409 (Improper access control for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3380-1} + - firmware-nonfree 20220913-1 + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html + NOTE: Fixed upstream in 20220815 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 +CVE-2021-37405 + RESERVED +CVE-2021-33847 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) + NOT-FOR-US: Intel +CVE-2021-26950 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) + NOT-FOR-US: Intel +CVE-2021-26258 (Improper access control for the Intel(R) Killer(TM) Control Center sof ...) + NOT-FOR-US: Intel +CVE-2021-26257 (Improper buffer restrictions in firmware for some Intel(R) Wireless Bl ...) + NOT-FOR-US: Intel +CVE-2021-26251 (Improper input validation in the Intel(R) Distribution of OpenVINO(TM) ...) + NOT-FOR-US: Intel +CVE-2021-23223 (Improper initialization for some Intel(R) PROSet/Wireless WiFi and Kil ...) + {DLA-3380-1} + - firmware-nonfree 20220913-1 + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html + NOTE: Fixed upstream in 20220815 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 +CVE-2021-23179 (Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) ...) + NOT-FOR-US: Intel +CVE-2021-44464 (Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 contains ...) + NOT-FOR-US: Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-44453 (mySCADA myPRO: Versions 8.20.0 and prior has a vulnerable debug interf ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-44451 (Apache Superset up to and including 1.3.2 allowed for registered datab ...) + NOT-FOR-US: Apache Superset +CVE-2021-44450 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44449 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44448 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44447 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44446 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44445 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44444 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44443 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44442 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44441 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44440 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44439 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44438 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44437 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44436 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44435 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44434 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44433 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44432 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44431 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-44430 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-43355 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-41835 (Fresenius Kabi Agilia Link + version 3.0 does not enforce transport la ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-4035 (A stored cross site scripting have been identified at the comments in ...) + NOT-FOR-US: Wocu Monitoring +CVE-2021-33848 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-33846 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-33843 (Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configur ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-31562 (The SSL/TLS configuration of Fresenius Kabi Agilia Link + version 3.0 ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-23236 (Requests may be used to interrupt the normal operation of the device. ...) + NOT-FOR-US: Fresenius Kabi Agilia Link+ +CVE-2021-23233 (Sensitive endpoints in Fresenius Kabi Agilia Link+ v3.0 and prior can ...) + NOT-FOR-US: Fresenius Kabi Agilia Link +CVE-2021-23207 (An attacker with physical access to the host can extract the secrets f ...) + NOT-FOR-US: Fresenius Kabi Vigilant MasterMed +CVE-2021-23196 (The web application on Agilia Link+ version 3.0 implements authenticat ...) + NOT-FOR-US: Agilia Link+ +CVE-2021-23195 (Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2 ...) + NOT-FOR-US: Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) +CVE-2021-44429 (Serva 4.4.0 allows remote attackers to cause a denial of service (daem ...) + NOT-FOR-US: Serva +CVE-2021-44428 (Pinkie 2.15 allows remote attackers to cause a denial of service (daem ...) + NOT-FOR-US: Pinkie +CVE-2021-44427 (An unauthenticated SQL Injection vulnerability in Rosario Student Info ...) + NOT-FOR-US: Rosario Student Information System +CVE-2021-44426 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5 ...) + NOT-FOR-US: AnyDesk +CVE-2021-44425 (An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3 ...) + NOT-FOR-US: AnyDesk +CVE-2021-44424 + RESERVED +CVE-2021-44423 (An out-of-bounds read vulnerability exists when reading a BMP file usi ...) + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer +CVE-2021-44422 (An Improper Input Validation Vulnerability exists when reading a BMP f ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44421 (The pointer-validation logic in util/mem_util.rs in Occlum before 0.26 ...) + NOT-FOR-US: Occlum +CVE-2021-44420 (In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, ...) + - python-django 2:3.2.10-1 + [bullseye] - python-django 2:2.2.25-1~deb11u1 + [buster] - python-django (Vulnerable code not present; is_endpoint support added later) + [stretch] - python-django (Vulnerable code not present; path converters added later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/07/1 + NOTE: https://www.djangoproject.com/weblog/2021/dec/07/security-releases/ + NOTE: https://github.com/django/django/commit/333c65603032c377e682cdbd7388657a5463a05a (3.2.10) + NOTE: https://github.com/django/django/commit/7cf7d74e8a754446eeb85cacf2fef1247e0cb6d7 (2.2.25) +CVE-2021-44419 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44418 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44417 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44416 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44415 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44414 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44413 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44412 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44411 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44410 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44409 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44408 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44407 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44406 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44405 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44404 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44403 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44402 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44401 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44400 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44399 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44398 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44397 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44396 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44395 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44394 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44393 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44392 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44391 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44390 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44389 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44388 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44387 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44386 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44385 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44384 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44383 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44382 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44381 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44380 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44379 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44378 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44377 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44376 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44375 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44374 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44373 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44372 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44371 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44370 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44369 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44368 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44367 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44366 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44365 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44364 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44363 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44362 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44361 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44360 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44359 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44358 (A denial of service vulnerability exists in the cgiserver.cgi JSON com ...) + NOT-FOR-US: Reolink +CVE-2021-44357 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44356 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44355 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-44354 (Multiple denial of service vulnerabilities exist in the cgiserver.cgi ...) + NOT-FOR-US: Reolink +CVE-2021-4034 (A local privilege escalation vulnerability was found on polkit's pkexe ...) + {DSA-5059-1 DLA-2899-1} + - policykit-1 0.105-31.1 + NOTE: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/25/11 +CVE-2021-4033 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: kimai2 +CVE-2019-25053 (A path traversal vulnerability exists in Sage FRP 1000 before November ...) + NOT-FOR-US: Sage +CVE-2021-44353 + RESERVED +CVE-2021-44352 (A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V ...) + NOT-FOR-US: Tenda +CVE-2021-44351 (An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /na ...) + NOT-FOR-US: NavigateCMS +CVE-2021-44350 (SQL Injection vulnerability exists in ThinkPHP5 5.0.x <=5.1.22 via the ...) + NOT-FOR-US: ThinkPHP5 +CVE-2021-44349 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) + NOT-FOR-US: TuziCMS +CVE-2021-44348 (SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parame ...) + NOT-FOR-US: TuziCMS +CVE-2021-44347 (SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Con ...) + NOT-FOR-US: TuziCMS +CVE-2021-44346 + RESERVED +CVE-2021-44345 (Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated ...) + NOT-FOR-US: Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System +CVE-2021-44344 + RESERVED +CVE-2021-44343 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44342 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44341 + RESERVED +CVE-2021-44340 (David Brackeen ok-file-formats dev version is vulnerable to Buffer Ove ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44339 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44338 + RESERVED +CVE-2021-44337 + RESERVED +CVE-2021-44336 + RESERVED +CVE-2021-44335 (David Brackeen ok-file-formats 203defd is vulnerable to Buffer Overflo ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44334 (David Brackeen ok-file-formats 97f78ca is vulnerable to Buffer Overflo ...) + NOT-FOR-US: ok-file-formats +CVE-2021-44333 + RESERVED +CVE-2021-44332 + RESERVED +CVE-2021-44331 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow in function encode_ ...) + NOT-FOR-US: ARM astcenc +CVE-2021-44330 + RESERVED +CVE-2021-44329 + RESERVED +CVE-2021-44328 + RESERVED +CVE-2021-44327 + RESERVED +CVE-2021-44326 + RESERVED +CVE-2021-44325 + RESERVED +CVE-2021-44324 + RESERVED +CVE-2021-44323 + RESERVED +CVE-2021-44322 + RESERVED +CVE-2021-44321 (Mini-Inventory-and-Sales-Management-System is affected by Cross Site R ...) + NOT-FOR-US: Mini-Inventory-and-Sales-Management-System +CVE-2021-44320 + RESERVED +CVE-2021-44319 + RESERVED +CVE-2021-44318 + RESERVED +CVE-2021-44317 (In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us ...) + NOT-FOR-US: Bus Pass Management System +CVE-2021-44316 + RESERVED +CVE-2021-44315 (In Bus Pass Management System v1.0, Directory Listing/Browsing is enab ...) + NOT-FOR-US: Bus Pass Management System +CVE-2021-44314 + RESERVED +CVE-2021-44313 + RESERVED +CVE-2021-44312 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...) + NOT-FOR-US: FACT_core +CVE-2021-44311 + RESERVED +CVE-2021-44310 (An issue was discovered in Firmware Analysis and Comparison Tool v3.2. ...) + NOT-FOR-US: FACT_core +CVE-2021-44309 + RESERVED +CVE-2021-44308 + RESERVED +CVE-2021-44307 + RESERVED +CVE-2021-44306 + RESERVED +CVE-2021-44305 + RESERVED +CVE-2021-44304 + RESERVED +CVE-2021-44303 + RESERVED +CVE-2021-44302 (BaiCloud-cms v2.5.7 was discovered to contain multiple SQL injection v ...) + NOT-FOR-US: BaiCloud-cms +CVE-2021-44301 + RESERVED +CVE-2021-44300 + RESERVED +CVE-2021-44299 (A reflected cross-site scripting (XSS) vulnerability in \lib\packages\ ...) + NOT-FOR-US: Navigate CMS +CVE-2021-44298 + RESERVED +CVE-2021-44297 + RESERVED +CVE-2021-44296 + RESERVED +CVE-2021-44295 + RESERVED +CVE-2021-44294 + RESERVED +CVE-2021-44293 + RESERVED +CVE-2021-44292 + RESERVED +CVE-2021-44291 + RESERVED +CVE-2021-44290 + RESERVED +CVE-2021-44289 + RESERVED +CVE-2021-44288 + RESERVED +CVE-2021-44287 + RESERVED +CVE-2021-44286 + RESERVED +CVE-2021-44285 + RESERVED +CVE-2021-44284 + RESERVED +CVE-2021-44283 (A buffer overflow in the component /Enclave.cpp of Electronics and Tel ...) + NOT-FOR-US: ShieldStore +CVE-2021-44282 + RESERVED +CVE-2021-44281 + RESERVED +CVE-2021-44280 (attendance management system 1.0 is affected by a SQL injection vulner ...) + NOT-FOR-US: attendance management system +CVE-2021-44279 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: LibreNMS +CVE-2021-44278 (Librenms 21.11.0 is affected by a path manipulation vulnerability in i ...) + NOT-FOR-US: LibreNMS +CVE-2021-44277 (Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: LibreNMS +CVE-2021-44276 + RESERVED +CVE-2021-44275 + RESERVED +CVE-2021-44274 + RESERVED +CVE-2021-44273 (e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate va ...) + {DLA-3564-1} + - e2guardian 5.3.5-3 (bug #1003125) + [bullseye] - e2guardian 5.3.4-1+deb11u1 + [stretch] - e2guardian (SSL MITM engine not enabled in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/23/2 + NOTE: https://github.com/e2guardian/e2guardian/issues/707 + NOTE: Fixed by: https://github.com/e2guardian/e2guardian/commit/eae46a7e2a57103aadca903c4a24cca94dc502a2 +CVE-2021-44272 + RESERVED +CVE-2021-44271 + RESERVED +CVE-2021-44270 + RESERVED +CVE-2021-44269 (An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV f ...) + - wavpack 5.5.0-1 (unimportant) + NOTE: https://github.com/dbry/WavPack/issues/110 + NOTE: Fixed by: https://github.com/dbry/WavPack/commit/773f9d0803c6888ae7d5391878d7337f24216f4a + NOTE: Negligible security impact; only impacts the CLI program +CVE-2021-44268 + RESERVED +CVE-2021-44267 + RESERVED +CVE-2021-44266 (GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the mo ...) + NOT-FOR-US: GUnet Open eClass +CVE-2021-44265 + RESERVED +CVE-2021-44264 + RESERVED +CVE-2021-44263 (Gurock TestRail before 7.2.4 mishandles HTML escaping.) + NOT-FOR-US: Gurock TestRail +CVE-2021-44262 (A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, vers ...) + NOT-FOR-US: Netgear +CVE-2021-44261 (A vulnerability is in the 'BRS_top.html' page of the Netgear W104, ver ...) + NOT-FOR-US: Netgear +CVE-2021-44260 (A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, ...) + NOT-FOR-US: WAVLINK +CVE-2021-44259 (A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, versio ...) + NOT-FOR-US: WAVLINK +CVE-2021-44258 + RESERVED +CVE-2021-44257 + RESERVED +CVE-2021-44256 + RESERVED +CVE-2021-44255 (Authenticated remote code execution in MotionEye <= 0.42.1 and Motione ...) + NOT-FOR-US: MotionEye +CVE-2021-44254 + RESERVED +CVE-2021-44253 + RESERVED +CVE-2021-44252 + RESERVED +CVE-2021-44251 + RESERVED +CVE-2021-44250 + RESERVED +CVE-2021-44249 (Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Ti ...) + NOT-FOR-US: Online Motorcycle (Bike) Rental System +CVE-2021-44248 + RESERVED +CVE-2021-44247 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-44246 (Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B201 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-44245 (An SQL Injection vulnerability exists in Courcecodester COVID 19 Testi ...) + NOT-FOR-US: Sourcecodester COVID 19 Testing Management System (CTMS) +CVE-2021-44244 (An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Pa ...) + NOT-FOR-US: Sourcecodester Logistic Hub Parcel's Management System +CVE-2021-44243 + RESERVED +CVE-2021-44242 + RESERVED +CVE-2021-44241 + RESERVED +CVE-2021-44240 + RESERVED +CVE-2021-44239 + RESERVED +CVE-2021-44238 (AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/mod ...) + NOT-FOR-US: AyaCMS +CVE-2021-44237 + RESERVED +CVE-2021-44236 + RESERVED +CVE-2021-4032 (A vulnerability was found in the Linux kernel's KVM subsystem in arch/ ...) + - linux (Vulnerable code introduced in 5.15-rc1; fixed in 5.15-rc7) + NOTE: https://git.kernel.org/linus/f7d8a19f9a056a05c5c509fa65af472a322abfee (5.15-rc7) +CVE-2021-4031 (Syltek application before its 10.22.00 version, does not correctly che ...) + NOT-FOR-US: Syltek +CVE-2021-4030 (A cross-site request forgery vulnerability in the HTTP daemon of the Z ...) + NOT-FOR-US: Zyxel +CVE-2021-4029 (A command injection vulnerability in the CGI program of the Zyxel ARMO ...) + NOT-FOR-US: Zyxel +CVE-2021-4028 (A flaw in the Linux kernel's implementation of RDMA communications man ...) + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2027201 + NOTE: https://git.kernel.org/linus/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d (5.15-rc4) +CVE-2021-4027 + RESERVED +CVE-2021-4026 (bookstack is vulnerable to Improper Access Control) + NOT-FOR-US: bookstack +CVE-2021-4025 + RESERVED +CVE-2021-44235 (Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700 ...) + NOT-FOR-US: SAP +CVE-2021-44234 (SAP Business One - version 10.0, extended log stores information that ...) + NOT-FOR-US: SAP +CVE-2021-44233 (SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, doe ...) + NOT-FOR-US: SAP +CVE-2021-44232 (SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insu ...) + NOT-FOR-US: SAP +CVE-2021-44231 (Internally used text extraction reports allow an attacker to inject co ...) + NOT-FOR-US: SAP +CVE-2022-21792 (In camera isp, there is a possible out of bounds write due to a missin ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21791 (In camera isp, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21790 (In camera isp, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21789 (In audio ipi, there is a possible memory corruption due to a race cond ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21788 (In scp, there is a possible undefined behavior due to incorrect error ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21787 (In audio DSP, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21786 (In audio DSP, there is a possible memory corruption due to improper ca ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21785 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21784 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21783 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21782 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21781 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21780 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21779 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21778 (In vpu, there is a possible information disclosure due to an incorrect ...) + NOT-FOR-US: Mediatek +CVE-2022-21777 (In Autoboot, there is a possible permission bypass due to a missing pe ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21776 (In MDP, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21775 (In sched driver, there is a possible use after free due to improper lo ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21774 (In TEEI driver, there is a possible use after free due to a race condi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21773 (In TEEI driver, there is a possible use after free due to a race condi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21772 (In TEEI driver, there is a possible type confusion due to a race condi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21771 (In GED driver, there is a possible use after free due to a race condit ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21770 (In sound driver, there is a possible information disclosure due to sym ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21769 (In CCCI, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21768 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21767 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21766 (In CCCI, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21765 (In CCCI, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21764 (In telecom service, there is a possible information disclosure due to ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21763 (In telecom service, there is a possible information disclosure due to ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21762 (In apusys driver, there is a possible system crash due to an integer o ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21761 (In apusys driver, there is a possible system crash due to an integer o ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21760 (In apusys driver, there is a possible system crash due to an integer o ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21759 (In power service, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21758 (In ccu, there is a possible memory corruption due to a double free. Th ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21757 (In WIFI Firmware, there is a possible system crash due to a missing co ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21756 (In WLAN driver, there is a possible out of bounds read due to an incor ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21755 (In WLAN driver, there is a possible out of bounds read due to an incor ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21754 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21753 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21752 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21751 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21750 (In WLAN driver, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21749 (In telephony, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21748 (In telephony, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21747 (In imgsensor, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21746 (In imgsensor, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21745 (In WIFI Firmware, there is a possible memory corruption due to a use a ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21744 (In Modem 2G RR, there is a possible out of bounds write due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-21743 (In ion, there is a possible use after free due to an integer overflow. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2021-44230 (PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows ha ...) + - burpsuite (bug #832943) +CVE-2021-44229 + RESERVED +CVE-2021-44228 (Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2. ...) + {DSA-5020-1 DLA-2842-1} + - apache-log4j2 2.15.0-1 (bug #1001478) + - apache-log4j1.2 (Vulnerable code not present) + NOTE: https://github.com/advisories/GHSA-jfh8-c2jp-5v3q + NOTE: https://github.com/apache/logging-log4j2/pull/608 + NOTE: https://www.lunasec.io/docs/blog/log4j-zero-day/ + NOTE: https://issues.apache.org/jira/browse/LOG4J2-3198 + NOTE: https://github.com/apache/logging-log4j2/commit/c77b3cb39312b83b053d23a2158b99ac7de44dd3 + NOTE: The lookup is performed *after* formatting the message, which includes the user input. Hence + NOTE: the vulnerability can still be triggered using a ParametrizedMessage. +CVE-2021-4024 (A flaw was found in podman. The `podman machine` function (used to cre ...) + - libpod 3.4.3+ds1-1 (bug #1000844) + [bullseye] - libpod (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2026675 + NOTE: https://twitter.com/discordianfish/status/1463462371675066371 + NOTE: https://github.com/containers/podman/pull/12283 + NOTE: Introduced by: https://github.com/containers/podman/commit/7ef3981abe2412727840a2886489a08c03a05299 (v3.3.0-rc1) + NOTE: Fixed by: https://github.com/containers/podman/commit/295d87bb0b028e57dc2739791dee4820fe5fcc48 (main) + NOTE: Fixed by: https://github.com/containers/podman/commit/57c5e2246efeaf2fef820a482241f1cc43960c7a (v3.4.3) +CVE-2021-44227 (In GNU Mailman before 2.1.38, a list member or moderator can get a CSR ...) + {DLA-3049-1} + - mailman + [buster] - mailman 1:2.1.29-1+deb10u4 + NOTE: https://bugs.launchpad.net/mailman/+bug/1952384 + NOTE: Patch: https://launchpadlibrarian.net/570827498/patch.txt + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1882 (2.1.38) + NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 + NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1884 (2.1.39) +CVE-2021-44226 (Razer Synapse before 3.7.0228.022817 allows privilege escalation becau ...) + NOT-FOR-US: Razer Synapse +CVE-2021-4023 (A flaw was found in the io-workqueue implementation in the Linux kerne ...) + - linux 5.15.3-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/713b9825a4c47897f66ad69409581e7734a8728e (5.15-rc1) +CVE-2021-4022 (A vulnerability was found in rizin. The bug involves an ELF64 binary f ...) + NOT-FOR-US: Rizin +CVE-2021-44225 (In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...) + {DLA-3388-1} + - keepalived 1:2.2.4-0.2 + [bullseye] - keepalived 1:2.1.5-0.2+deb11u1 + [stretch] - keepalived (Minor issue) + NOTE: https://github.com/acassen/keepalived/pull/2063 + NOTE: https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d +CVE-2021-44224 (A crafted URI sent to httpd configured as a forward proxy (ProxyReques ...) + {DSA-5035-1 DLA-2907-1} + - apache2 2.4.52-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-44224 + NOTE: Fixed by: https://svn.apache.org/r1895955 + NOTE: Fixed by: https://svn.apache.org/r1896044 +CVE-2021-44223 (WordPress before 5.8 lacks support for the Update URI plugin header. T ...) + - wordpress 5.8.1+dfsg1-1 + [bullseye] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) + [buster] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) + [stretch] - wordpress (Minor issue; workarounds/mitigation for older versions can be implemented) + NOTE: WordPress 5.8 introduces a new "Update URI" plugin header. Further mitigation + NOTE: options documented in: + NOTE: https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/ + NOTE: https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ +CVE-2021-44222 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...) + NOT-FOR-US: Siemens +CVE-2021-44221 (A vulnerability has been identified in SIMATIC eaSie Core Package (All ...) + NOT-FOR-US: Siemens +CVE-2021-4021 (A vulnerability was found in Radare2 in versions prior to 5.6.2, 5.6.0 ...) + - radare2 (bug #1014490) + NOTE: https://github.com/radareorg/radare2/issues/19436 + NOTE: https://github.com/radareorg/radare2/commit/3fed0e322d9374891a3412811e5270dc535cea02 +CVE-2021-4020 (janus-gateway is vulnerable to Improper Neutralization of Input During ...) + - janus 0.11.5-4 (unimportant; bug #1000831) + NOTE: https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e/ + NOTE: https://github.com/meetecho/janus-gateway/commit/ba166e9adebfe5343f826c6a9e02299d35414ffd + NOTE: Issues only in janus-demos built from src:janus +CVE-2021-4019 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/d8798584-a6c9-4619-b18f-001b9a6fca92 + NOTE: https://github.com/vim/vim/commit/bd228fd097b41a798f90944b5d1245eddd484142 (v8.2.3669) +CVE-2021-44220 + RESERVED +CVE-2021-44219 (Gin-Vue-Admin before 2.4.6 mishandles a SQL database.) + NOT-FOR-US: Gin-Vue-Admin +CVE-2021-44218 + RESERVED +CVE-2021-44217 (In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting ...) + NOT-FOR-US: Ericsson +CVE-2021-44216 (Northern.tech CFEngine Enterprise before 3.15.5 and 3.18.x before 3.18 ...) + NOT-FOR-US: Northern.tech CFEngine Enterprise Hub +CVE-2021-44215 (Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Pe ...) + NOT-FOR-US: Northern.tech CFEngine Enterprise Hub +CVE-2021-44214 + RESERVED +CVE-2021-44213 (OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/a ...) + NOT-FOR-US: OX App Suite +CVE-2021-44212 (OX App Suite through 7.10.5 allows XSS via a trailing control characte ...) + NOT-FOR-US: OX App Suite +CVE-2021-44211 (OX App Suite through 7.10.5 allows XSS via the class attribute of an e ...) + NOT-FOR-US: OX App Suite +CVE-2021-44210 (OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange ...) + NOT-FOR-US: OX App Suite +CVE-2021-44209 (OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as A ...) + NOT-FOR-US: OX App Suite +CVE-2021-44208 (OX App Suite through 7.10.5 allows XSS via an unknown system message i ...) + NOT-FOR-US: OX App Suite +CVE-2021-44207 (Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials.) + NOT-FOR-US: Acclaim USAHERDS +CVE-2021-4018 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2021-4017 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-44206 (Local privilege escalation due to DLL hijacking vulnerability in Acron ...) + NOT-FOR-US: Acronis +CVE-2021-44205 (Local privilege escalation due to DLL hijacking vulnerability. The fol ...) + NOT-FOR-US: Acronis +CVE-2021-44204 (Local privilege escalation via named pipe due to improper access contr ...) + NOT-FOR-US: Acronis +CVE-2021-44203 (Stored cross-site scripting (XSS) was possible in protection plan deta ...) + NOT-FOR-US: Acronis +CVE-2021-44202 (Stored cross-site scripting (XSS) was possible in activity details. Th ...) + NOT-FOR-US: Acronis +CVE-2021-44201 (Cross-site scripting (XSS) was possible in notification pop-ups. The f ...) + NOT-FOR-US: Acronis +CVE-2021-44200 (Self cross-site scripting (XSS) was possible on devices page. The foll ...) + NOT-FOR-US: Acronis +CVE-2021-44199 (DLL hijacking could lead to denial of service. The following products ...) + NOT-FOR-US: Acronis +CVE-2021-44198 (DLL hijacking could lead to local privilege escalation. The following ...) + NOT-FOR-US: Acronis +CVE-2021-44197 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + NOT-FOR-US: UBIT Information Technologies Student Information Management System +CVE-2021-44196 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Bas ...) + NOT-FOR-US: UBIT Information Technologies Student Information Management System +CVE-2021-4016 (Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper ...) + NOT-FOR-US: Rapid7 Insight Agent +CVE-2021-4015 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2017-20008 (The myCred WordPress plugin before 1.7.8 does not sanitise and escape ...) + NOT-FOR-US: WordPress plugin +CVE-2021-4014 + REJECTED +CVE-2021-4013 + RESERVED +CVE-2021-4012 + RESERVED +CVE-2021-44195 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44194 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44193 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44192 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44191 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44190 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44189 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44188 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44187 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44186 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44185 (Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-44184 + RESERVED +CVE-2021-44183 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44182 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44181 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44180 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-44179 (Adobe Dimension versions 3.4.3 (and earlier) is affected by a memory c ...) + NOT-FOR-US: Adobe +CVE-2021-44178 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44177 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44176 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-44175 + RESERVED +CVE-2021-44174 + RESERVED +CVE-2021-44173 + RESERVED +CVE-2021-44172 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: FortiGuard +CVE-2021-44171 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-44170 (A stack-based buffer overflow vulnerability [CWE-121] in the command l ...) + NOT-FOR-US: Fortinet +CVE-2021-44169 (A improper initialization in Fortinet FortiClient (Windows) version 6. ...) + NOT-FOR-US: Fortinet FortiClient +CVE-2021-44168 (A download of code without integrity check vulnerability in the "execu ...) + NOT-FOR-US: FortiGuard +CVE-2021-44167 (An incorrect permission assignment for critical resource vulnerability ...) + NOT-FOR-US: FortiGuard FortiClient +CVE-2021-44166 (An improper access control vulnerability [CWE-284 ] in FortiToken Mobi ...) + NOT-FOR-US: FortiGuard +CVE-2021-44165 (A vulnerability has been identified in POWER METER SICAM Q100 (All ver ...) + NOT-FOR-US: Siemens +CVE-2021-44164 (Chain Sea ai chatbot system\u2019s file upload function has insufficie ...) + NOT-FOR-US: Chain Sea +CVE-2021-44163 (Chain Sea ai chatbot backend has improper filtering of special charact ...) + NOT-FOR-US: Chain Sea +CVE-2021-44162 (Chain Sea ai chatbot system\u2019s specific file download function has ...) + NOT-FOR-US: Chain Sea +CVE-2021-44161 (Changing MOTP (Mobile One Time Password) system\u2019s specific functi ...) + NOT-FOR-US: MOTP (Mobile One Time Password) system& +CVE-2021-44160 (Carinal Tien Hospital Health Report System\u2019s login page has impro ...) + NOT-FOR-US: Carinal Tien Hospital Health Report System& +CVE-2021-44159 (4MOSAn GCB Doctor\u2019s file upload function has improper user privil ...) + NOT-FOR-US: 4MOSAn GCB Doctor +CVE-2021-44158 (ASUS RT-AX56U Wi-Fi Router is vulnerable to stack-based buffer overflo ...) + NOT-FOR-US: ASUS +CVE-2021-4011 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/e56f61c79fc3cee26d83cda0f84ae56d5979f768 +CVE-2021-4010 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1} + - xorg-server 2:1.20.13-3 + [stretch] - xorg-server (Vulnerable code introduced later) + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/6c4c53010772e3cb4cb8acd54950c8eec9c00d21 +CVE-2021-4009 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/b5196750099ae6ae582e1f46bd0a6dad29550e02 +CVE-2021-4008 (A flaw was found in xorg-x11-server in versions before 21.1.2 and befo ...) + {DSA-5027-1 DLA-2869-1} + - xorg-server 2:1.20.13-3 + - xwayland 2:21.1.4-1 + NOTE: https://lists.x.org/archives/xorg-announce/2021-December/003122.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/ebce7e2d80e7c80e1dda60f2f0bc886f1106ba60 +CVE-2021-4007 (Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local ...) + NOT-FOR-US: Rapid7 Insight Agent +CVE-2021-4006 + RESERVED +CVE-2021-4005 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2022-0009 + RESERVED +CVE-2022-0008 + RESERVED +CVE-2022-0007 + RESERVED +CVE-2022-0006 + RESERVED +CVE-2021-44157 + RESERVED +CVE-2021-44156 + RESERVED +CVE-2021-44155 (An issue was discovered in /goform/login_process in Reprise RLM 14.2. ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44154 (An issue was discovered in Reprise RLM 14.2. By using an admin account ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44153 (An issue was discovered in Reprise RLM 14.2. When editing the license ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44152 (An issue was discovered in Reprise RLM 14.2. Because /goform/change_pa ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44151 (An issue was discovered in Reprise RLM 14.2. As the session cookies ar ...) + NOT-FOR-US: Reprise RLM +CVE-2021-44150 (The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoof ...) + NOT-FOR-US: tusdotnet +CVE-2021-44149 (An issue was discovered in Trusted Firmware OP-TEE Trusted OS through ...) + NOT-FOR-US: Linaro/OP-TEE OP-TEE +CVE-2021-44148 (GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allo ...) + NOT-FOR-US: GL.iNet +CVE-2021-44147 (An XML External Entity issue in Claris FileMaker Pro and Server (inclu ...) + NOT-FOR-US: Claris +CVE-2021-44146 + RESERVED +CVE-2021-44145 (In the TransformXML processor of Apache NiFi before 1.15.1 an authenti ...) + NOT-FOR-US: Apache NiFi +CVE-2021-44144 (Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with ...) + NOT-FOR-US: Croatia Control Asterix +CVE-2021-4004 + RESERVED +CVE-2021-4003 + RESERVED +CVE-2021-4002 (A memory leak flaw in the Linux kernel's hugetlbfs memory usage was fo ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/25/1 + NOTE: https://git.kernel.org/linus/a4a118f2eead1d6c49e00765de89878288d4b890 +CVE-2021-44143 (A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unc ...) + - isync 1.4.4-1 (bug #999804) + [bullseye] - isync (Vulnerable code introduced later) + [buster] - isync (Vulnerable code introduced later) + [stretch] - isync (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/2 +CVE-2021-44142 (The Samba vfs_fruit module uses extended file attributes (EA, xattr) t ...) + {DSA-5071-1} + [experimental] - samba 2:4.16.0+dfsg-1 + - samba 2:4.16.0+dfsg-2 (bug #1004693) + NOTE: https://www.samba.org/samba/security/CVE-2021-44142.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14914 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-244/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-245/ + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-22-246/ +CVE-2021-44141 (All versions of Samba prior to 4.15.5 are vulnerable to a malicious cl ...) + [experimental] - samba 2:4.16.0+dfsg-1 + - samba 2:4.16.0+dfsg-2 (bug #1004692) + [bullseye] - samba (Minor issue; no backport to older versions, mitigations exists) + [buster] - samba (Minor issue; no backport to older versions, mitigations exists) + NOTE: https://www.samba.org/samba/security/CVE-2021-44141.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14911 +CVE-2021-44140 (Remote attackers may delete arbitrary files in a system hosting a JSPW ...) + - jspwiki +CVE-2021-44139 (Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).) + NOT-FOR-US: alibaba/Sentinel +CVE-2021-44138 (There is a Directory traversal vulnerability in Caucho Resin, as distr ...) + NOT-FOR-US: Caucho Technology Resin +CVE-2021-44137 + RESERVED +CVE-2021-44136 + RESERVED +CVE-2021-44135 (pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection ...) + NOT-FOR-US: Pagekit CMS +CVE-2021-44134 + RESERVED +CVE-2021-44133 + RESERVED +CVE-2021-44132 (A command injection vulnerability in the function formImportOMCIShell ...) + NOT-FOR-US: C-DATA ONU4FERW +CVE-2021-44131 + RESERVED +CVE-2021-44130 + RESERVED +CVE-2021-44129 + RESERVED +CVE-2021-44128 + RESERVED +CVE-2021-44127 (In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, ...) + NOT-FOR-US: D-Link +CVE-2021-44126 + RESERVED +CVE-2021-44125 + RESERVED +CVE-2021-44124 (Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Trave ...) + NOT-FOR-US: Hiby Music Hiby OS R3 Pro +CVE-2021-44123 (SPIP 4.0.0 is affected by a remote command execution vulnerability. To ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a (master) + NOTE: https://git.spip.net/spip/spip/commit/97e2888e9c92ad4bd68e8f80079583249714fbfa (v4.0.1) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44122 (SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerab ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/1b8e4f404c2441c15ca6540b9a6d8e50cff219db + NOTE: https://git.spip.net/spip/spip/commit/fea5b5b4507cc9c0b9e91bbfbf34fe40b0bea805 (v3.2.12) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44121 + REJECTED +CVE-2021-44120 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability i ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/spip/commit/d548391d799387d1e93cf1a369d385c72f7d5c81 + NOTE: https://git.spip.net/spip/spip/commit/361cc26080d1377bc55d2cb80736e5cfaf5fd242 (v3.2.12) + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44119 + RESERVED +CVE-2021-44118 (SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. ...) + {DSA-5028-1 DLA-2867-1} + - spip 3.2.12-1 + NOTE: https://git.spip.net/spip/medias/commit/13c293fabd35e2c152379522c29432423936cbba + NOTE: https://git.spip.net/spip/spip/commit/1cf91def15966406ddd0488cf9d1ecd1ae82d47a + NOTE: https://git.spip.net/spip/spip/commit/4ccf90a6912d7fab97e1bd5619770c9236cc7357 + NOTE: https://blog.spip.net/SPIP-4-0-1_SPIP-3-1-12.html +CVE-2021-44117 (A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLigh ...) + NOT-FOR-US: TheDayLightStudio Fuel CMS +CVE-2021-44116 (Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 ...) + NOT-FOR-US: Anchor CMS +CVE-2021-44115 + RESERVED +CVE-2021-44114 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stoc ...) + NOT-FOR-US: Sourcecodester +CVE-2021-44113 + RESERVED +CVE-2021-44112 + RESERVED +CVE-2021-44111 (A Directory Traversal vulnerability exists in S-Cart 6.7 via download ...) + NOT-FOR-US: S-Cart +CVE-2021-44110 + RESERVED +CVE-2021-44109 (A buffer overflow in lib/sbi/message.c in Open5GS 2.3.6 and earlier al ...) + NOT-FOR-US: Open5GS +CVE-2021-44108 (A null pointer dereference in src/amf/namf-handler.c in Open5GS 2.3.6 ...) + NOT-FOR-US: Open5GS +CVE-2021-44107 + RESERVED +CVE-2021-44106 + RESERVED +CVE-2021-44105 + RESERVED +CVE-2021-44104 + RESERVED +CVE-2021-44103 + REJECTED +CVE-2021-44102 + RESERVED +CVE-2021-44101 + RESERVED +CVE-2021-44100 + RESERVED +CVE-2021-44099 + RESERVED +CVE-2021-44098 (EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Inje ...) + NOT-FOR-US: EgavilanMedia +CVE-2021-44097 (EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vuln ...) + NOT-FOR-US: EgavilanMedia +CVE-2021-44096 (EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 ...) + NOT-FOR-US: EgavilanMedia +CVE-2021-44095 (A SQL injection vulnerability exists in ProjectWorlds Hospital Managem ...) + NOT-FOR-US: projectworldsofficial/hospital-management-system-in-php +CVE-2021-44094 (ZrLog 2.2.2 has a remote command execution vulnerability at plugin dow ...) + NOT-FOR-US: zrlog +CVE-2021-44093 (A Remote Command Execution vulnerability on the background in zrlog 2. ...) + NOT-FOR-US: zrlog +CVE-2021-44092 (An SQL Injection vulnerability exists in code-projects Pharmacy Manage ...) + NOT-FOR-US: code-projects Pharmacy Management +CVE-2021-44091 (A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Mu ...) + NOT-FOR-US: Sourcecodester Multi Restaurant Table Reservation System +CVE-2021-44090 (An SQL Injection vulnerability exists in Sourcecodester Online Reviewe ...) + NOT-FOR-US: Sourcecodester Online Reviewer System +CVE-2021-44089 + RESERVED +CVE-2021-44088 (An SQL Injection vulnerability exists in Sourcecodester Attendance and ...) + NOT-FOR-US: Sourcecodester +CVE-2021-44087 (A Remote Code Execution (RCE) vulnerability exists in Sourcecodester A ...) + NOT-FOR-US: Sourcecodester +CVE-2021-44086 + RESERVED +CVE-2021-44085 + RESERVED +CVE-2021-44084 + RESERVED +CVE-2021-44083 + RESERVED +CVE-2021-44082 (textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /tex ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-44081 (A buffer overflow vulnerability exists in the AMF of open5gs 2.1.4. Wh ...) + NOT-FOR-US: Open5GS +CVE-2021-44080 (A Command Injection vulnerability in httpd web server (setup.cgi) in S ...) + NOT-FOR-US: SerComm h500s +CVE-2021-4001 (A race condition was found in the Linux kernel's ebpf verifier between ...) + - linux 5.15.5-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/353050be4c19e102178ccc05988101887c25ae53 +CVE-2021-4000 (showdoc is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: ShowDoc +CVE-2021-3999 (A flaw was found in glibc. An off-by-one buffer overflow and underflow ...) + {DLA-3152-1} + - glibc 2.33-4 + [bullseye] - glibc 2.31-13+deb11u4 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28769 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=472e799a5f2102bc0c3206dbd5a801765fceb39c +CVE-2021-3998 (A flaw was found in glibc. The realpath() function can mistakenly retu ...) + - glibc 2.33-4 + [bullseye] - glibc (Vulnerable code introduced later) + [buster] - glibc (Vulnerable code introduced later) + [stretch] - glibc (Vulnerable code introduced later) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28770 + NOTE: https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/ + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/4 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee8d5e33adb284601c00c94687bc907e10aec9bb + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 + NOTE: introduced in 2.33 by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c6e0b0b5b0b7922cdf0dce2af671e0c7e500df95 +CVE-2021-3997 (A flaw was found in systemd. An uncontrolled recursion in systemd-tmpf ...) + - systemd 250.2-1 (bug #1003467) + [bullseye] - systemd 247.3-7 + [buster] - systemd (Minor issue; not exploitable before upstream commit e535840) + [stretch] - systemd (Minor issue; utility segfault; not exploitable before upstream commit e535840, PoC doesn't segfault on stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024639 + NOTE: https://github.com/systemd/systemd/pull/22070 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/10/2 + NOTE: Exploitable after (but present before): https://github.com/systemd/systemd/commit/e5358401b5df8d395e99815b7a69b8424887472c (v242-rc1) + NOTE: PoC still crashes on jessie/215-17+deb8u14 + NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/3bac86abfa1b1720180840ffb9d06b3d54841c11 + NOTE: Prerequisite/Preparation: https://github.com/systemd/systemd/commit/84ced330020c0bae57bd4628f1f44eec91304e69 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/5b1cf7a9be37e20133c0208005274ce4a5b5c6a1 +CVE-2021-44079 (In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, ...) + NOT-FOR-US: Wazuh +CVE-2021-3996 (A logic error was found in the libmount library of util-linux in the f ...) + {DSA-5055-1} + - util-linux 2.37.3-1 + [buster] - util-linux (Vulnerable code introduced later) + [stretch] - util-linux (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) + NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b (v2.37.3) + NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 +CVE-2021-3995 (A logic error was found in the libmount library of util-linux in the f ...) + {DSA-5055-1} + - util-linux 2.37.3-1 + [buster] - util-linux (Vulnerable code introduced later) + [stretch] - util-linux (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/util-linux/util-linux/commit/5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34-rc1) + NOTE: Fixed by: https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929 (v2.37.3) + NOTE: https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes + NOTE: https://www.openwall.com/lists/oss-security/2022/01/24/2 +CVE-2021-3994 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2021-3993 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-3992 (kimai2 is vulnerable to Improper Access Control) + NOT-FOR-US: kimai2 +CVE-2021-44078 (An issue was discovered in split_region in uc.c in Unicorn Engine befo ...) + NOT-FOR-US: Unicorn Engine +CVE-2021-44077 (Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3991 + RESERVED +CVE-2021-3990 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) + NOT-FOR-US: ShowDoc +CVE-2021-3989 (showdoc is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: ShowDoc +CVE-2021-3988 + RESERVED +CVE-2021-3987 + RESERVED +CVE-2021-3986 + RESERVED +CVE-2021-44076 (An issue was discovered in CrushFTP 9. The creation of a new user thro ...) + NOT-FOR-US: CrushFTP +CVE-2021-44075 + RESERVED +CVE-2021-44074 + RESERVED +CVE-2021-44073 + RESERVED +CVE-2021-44072 + RESERVED +CVE-2021-44071 + RESERVED +CVE-2021-44070 + RESERVED +CVE-2021-44069 + RESERVED +CVE-2021-44068 + RESERVED +CVE-2021-44067 + RESERVED +CVE-2021-44066 + RESERVED +CVE-2021-44065 + RESERVED +CVE-2021-44064 + RESERVED +CVE-2021-44063 + RESERVED +CVE-2021-44062 + RESERVED +CVE-2021-44061 + RESERVED +CVE-2021-44060 + RESERVED +CVE-2021-44059 + RESERVED +CVE-2021-44058 + RESERVED +CVE-2021-44057 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-44056 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-44055 (An missing authorization vulnerability has been reported to affect QNA ...) + NOT-FOR-US: QNAP +CVE-2021-44054 (An open redirect vulnerability has been reported to affect QNAP device ...) + NOT-FOR-US: QNAP +CVE-2021-44053 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-44052 (An improper link resolution before file access ('Link Following') vuln ...) + NOT-FOR-US: QNAP +CVE-2021-44051 (A command injection vulnerability has been reported to affect QNAP NAS ...) + NOT-FOR-US: QNAP +CVE-2021-44050 (CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL inject ...) + NOT-FOR-US: CA Network Flow Analysis (NFA) +CVE-2021-44049 (CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 20 ...) + NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM) +CVE-2021-44048 (An out-of-bounds write vulnerability exists when reading a TIF file us ...) + NOT-FOR-US: Open Design Alliance (ODA) Drawings Explorer +CVE-2021-44047 (A use-after-free vulnerability exists when reading a DWF/DWFX file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44046 (An out-of-bounds write vulnerability exists when reading U3D files in ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44045 (An out-of-bounds write vulnerability exists when reading a DGN file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44044 (An out-of-bounds write vulnerability exists when reading a JPG file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-44043 (An issue was discovered in UiPath App Studio 21.4.4. There is a persis ...) + NOT-FOR-US: UiPath +CVE-2021-44042 (An issue was discovered in UiPath Assistant 21.4.4. User-controlled da ...) + NOT-FOR-US: UiPath +CVE-2021-44041 (UiPath Assistant 21.4.4 will load and execute attacker controlled data ...) + NOT-FOR-US: UiPath +CVE-2021-3985 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: kimai2 +CVE-2021-3984 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (bug #1001896; unimportant) + NOTE: https://huntr.dev/bounties/b114b5a2-18e2-49f0-b350-15994d71426a + NOTE: https://github.com/vim/vim/commit/2de9b7c7c8791da8853a9a7ca9c467867465b655 (v8.2.3625) + NOTE: Crash in CLI tool, no security impact +CVE-2021-3983 (kimai2 is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: kimai2 +CVE-2022-21742 (Realtek USB driver has a buffer overflow vulnerability due to insuffic ...) + NOT-FOR-US: Realtek +CVE-2021-44040 (Improper Input Validation vulnerability in request line parsing of Apa ...) + {DSA-5153-1} + - trafficserver 9.1.2+ds-1 + NOTE: https://lists.apache.org/thread/zblwzcfs9ryhwjr89wz4osw55pxm6dx6 + NOTE: https://github.com/apache/trafficserver/commit/85c319a7f7c0537bee408ea25df6f1a5ed0a4071 + NOTE: https://github.com/apache/trafficserver/commit/c4e6661a5a205b1f60279f0e66aa496023185967 + NOTE: https://github.com/apache/trafficserver/commit/8c6f2ed84ba0d8e6255baceb99ee891ebe1ce473 +CVE-2021-44039 + RESERVED +CVE-2021-44038 (An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod op ...) + - quagga + [buster] - quagga (Minor issue) + [stretch] - quagga (revisit when/if fixed upstream) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1191890 + NOTE: Debian installed systemd unit files install the problematic redhat/*.service + NOTE: files with the unsafe chmod/chown calls in the Debian packaging. +CVE-2021-44037 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 allo ...) + NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) +CVE-2021-44036 (Team Password Manager (aka TeamPasswordManager) before 10.135.236 has ...) + NOT-FOR-US: Team Password Manager (aka TeamPasswordManager) +CVE-2021-44035 (Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads ...) + NOT-FOR-US: Wolters Kluwer TeamMate AM +CVE-2021-3982 (Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed ...) + - gnome-shell (Debian packaging does not set cap_sys_nice+ep on gnome-shell binary) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024174 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/4711 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2284 +CVE-2021-3981 (A flaw in grub2 was found where its configuration file, known as grub. ...) + - grub2 2.06-8 (bug #1001414) + [bullseye] - grub2 (Minor issue) + [buster] - grub2 (Minor issue) + [stretch] - grub2 (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024170 + NOTE: Introduced by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=ab2e53c8a196a595e50f1c836bf756b9db1ae68d (grub-2.06-rc1) + NOTE: https://lists.gnu.org/archive/html/grub-devel/2021-12/msg00013.html + NOTE: Fixed by: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0adec29674561034771c13e446069b41ef41e4d4 +CVE-2021-3980 (elgg is vulnerable to Exposure of Private Personal Information to an U ...) + - elgg (bug #526197) +CVE-2021-3979 (A key length flaw was found in Red Hat Ceph Storage. An attacker can e ...) + {DLA-3629-1} + - ceph 16.2.9+ds-1 + [bullseye] - ceph (Minor issue) + [stretch] - ceph (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/5 + NOTE: https://tracker.ceph.com/issues/54006 + NOTE: https://github.com/ceph/ceph/commit/47c33179f9a15ae95cc1579a421be89378602656 (main) + NOTE: https://github.com/ceph/ceph/commit/f69339e00f582ec64b843ff58b66817975fca0d7 (v16.2.8) +CVE-2021-44034 + RESERVED +CVE-2021-44033 (In Ionic Identity Vault before 5.0.5, the protection mechanism for inv ...) + NOT-FOR-US: Ionic Identity Vault +CVE-2021-44032 (TP-Link Omada SDN Software Controller before 5.0.15 does not check if ...) + NOT-FOR-US: TP-Link +CVE-2021-44031 (An issue was discovered in Quest KACE Desktop Authority before 11.2. / ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44030 (Quest KACE Desktop Authority before 11.2 allows XSS because it does no ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44029 (An issue was discovered in Quest KACE Desktop Authority before 11.2. T ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44028 (XXE can occur in Quest KACE Desktop Authority before 11.2 because the ...) + NOT-FOR-US: Quest KACE Desktop Authority +CVE-2021-44027 + RESERVED +CVE-2021-44024 (A link following denial-of-service vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2021-44023 (A link following denial-of-service (DoS) vulnerability in the Trend Mi ...) + NOT-FOR-US: Trend Micro +CVE-2021-44022 (A reachable assertion vulnerability in Trend Micro Apex One could allo ...) + NOT-FOR-US: Trend Micro +CVE-2021-44021 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-44020 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-44019 (An unnecessary privilege vulnerability in Trend Micro Worry-Free Busin ...) + NOT-FOR-US: Trend Micro +CVE-2021-3978 + RESERVED +CVE-2021-3977 (invoiceninja is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: invoiceninja +CVE-2021-44018 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-44017 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44016 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-44015 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44014 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) + NOT-FOR-US: Siemens +CVE-2021-44013 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44012 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44011 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44010 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44009 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44008 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44007 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44006 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44005 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44004 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44003 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44002 (A vulnerability has been identified in JT Open (All versions < V11.1.1 ...) + NOT-FOR-US: Siemens +CVE-2021-44001 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.5 ...) + NOT-FOR-US: Siemens +CVE-2021-44000 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.7 ...) + NOT-FOR-US: JT2Go / Siemens +CVE-2021-43999 (Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses re ...) + - guacamole-client (bug #1015986) + [stretch] - guacamole-client (SAML is not supported) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/7 +CVE-2021-3976 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: kimai2 +CVE-2021-3975 (A use-after-free flaw was found in libvirt. The qemuMonitorUnregister( ...) + - libvirt 7.6.0-1 + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2024326 + NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7 (v7.1.0-rc2) +CVE-2021-44025 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in han ...) + {DSA-5013-1 DLA-2840-1} + - roundcube 1.5.0+dfsg.1-1 (bug #1000156) + NOTE: https://github.com/roundcube/roundcubemail/issues/8193 + NOTE: https://github.com/roundcube/roundcubemail/commit/faf99bf8a2b7b7562206fa047e8de652861e624a (1.4.12) + NOTE: https://github.com/roundcube/roundcubemail/commit/7d7b1dfeff795390b69905ceb63d6391b5b0dfe7 (1.3.17) +CVE-2021-44026 (Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potentia ...) + {DSA-5013-1 DLA-2840-1} + - roundcube 1.5.0+dfsg.1-1 (bug #1000156) + NOTE: https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d49002817263f1 (1.4.12) + NOTE: https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7296681dcfa (1.3.17) +CVE-2021-43998 (HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 temp ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-43997 (FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code ...) + NOT-FOR-US: Amazon FreeRTOS +CVE-2021-43996 (The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Lar ...) + NOT-FOR-US: Laravel Ignition component +CVE-2021-43995 + RESERVED +CVE-2021-43994 + RESERVED +CVE-2021-43993 + RESERVED +CVE-2021-43992 + RESERVED +CVE-2021-43991 (The Kentico Xperience CMS version 13.0 \u2013 13.0.43 is vulnerable to ...) + NOT-FOR-US: Kentico Xperience CMS +CVE-2021-43990 (The affected product is vulnerable to a network-based attack by threat ...) + NOT-FOR-US: FANUC Roboguide +CVE-2021-43989 (mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, wh ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43988 (The affected product is vulnerable to a network-based attack by threat ...) + NOT-FOR-US: FANUC Roboguide +CVE-2021-43987 (An additional, nondocumented administrative account exists in mySCADA ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43986 (The setup program for the affected product configures its files and fo ...) + NOT-FOR-US: ROBOGUIDE +CVE-2021-43985 (An unauthenticated remote attacker can access mySCADA myPRO Versions 8 ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43984 (mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmw ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43983 (WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to mult ...) + NOT-FOR-US: WECON LeviStudioU +CVE-2021-43982 (Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to ...) + NOT-FOR-US: Delta +CVE-2021-43981 (mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-43980 (The simplified implementation of blocking reads and writes introduced ...) + {DSA-5265-1 DLA-3160-1} + - tomcat9 9.0.62-1 + - tomcat8 + NOTE: https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 + NOTE: https://github.com/apache/tomcat/commit/170e0f792bd18ff031677890ba2fe50eb7a376c1 (9.0.61) + NOTE: https://github.com/apache/tomcat/commit/4a00b0c0890538b9d3107eef8f2e0afadd119beb (8.5.78) +CVE-2021-43979 (Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles conc ...) + NOT-FOR-US: Styra Open Policy Agent (OPA) Gatekeeper +CVE-2021-43978 (Allegro WIndows 3.3.4152.0, embeds software administrator database cre ...) + NOT-FOR-US: Allegro WIndows +CVE-2021-43977 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows X ...) + NOT-FOR-US: SmarterTools +CVE-2021-43976 (In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wi ...) + {DSA-5096-1 DSA-5092-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-2 + NOTE: https://patchwork.kernel.org/project/linux-wireless/patch/YX4CqjfRcTa6bVL+@Zekuns-MBP-16.fios-router.home/ +CVE-2021-43975 (In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in driver ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.15.5-2 + [bullseye] - linux 5.10.84-1 + NOTE: https://lore.kernel.org/netdev/163698540868.13805.17800408021782408762.git-patchwork-notify@kernel.org/T/ +CVE-2021-43974 (An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg en ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43973 (An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysA ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43972 (An unrestricted file copy vulnerability in /UserSelfServiceSettings.js ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43971 (A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITI ...) + NOT-FOR-US: SysAid ITIL +CVE-2021-43970 (An arbitrary file upload vulnerability exists in albumimages.jsp in Qu ...) + NOT-FOR-US: Digium +CVE-2021-43969 (The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected b ...) + NOT-FOR-US: Digium +CVE-2021-43968 + RESERVED +CVE-2021-43967 + RESERVED +CVE-2021-43966 + RESERVED +CVE-2021-43965 + RESERVED +CVE-2021-43964 + RESERVED +CVE-2021-43963 (An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. ...) + NOT-FOR-US: Couchbase Sync Gateway +CVE-2021-43962 + RESERVED +CVE-2021-43961 (Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.) + NOT-FOR-US: Sonatype +CVE-2021-43960 (Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerabili ...) + NOT-FOR-US: Lorensbergs Connect2 +CVE-2021-3974 (vim is vulnerable to Use After Free) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (bug #1001897; unimportant) + NOTE: https://huntr.dev/bounties/e402cb2c-8ec4-4828-a692-c95f8e0de6d4 + NOTE: https://github.com/vim/vim/commit/64066b9acd9f8cffdf4840f797748f938a13f2d6 (v8.2.3612) + NOTE: Crash in CLI tool, no security impact +CVE-2021-3973 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant; bug #1001899) + NOTE: https://huntr.dev/bounties/ce6e8609-77c6-4e17-b9fc-a2e5abed052e + NOTE: https://github.com/vim/vim/commit/615ddd5342b50a6878a907062aa471740bd9a847 (v8.2.3611) + NOTE: Crash in CLI tool, no security impact +CVE-2021-3972 (A potential vulnerability by a driver used during manufacturing proces ...) + NOT-FOR-US: Lenovo +CVE-2021-3971 (A potential vulnerability by a driver used during older manufacturing ...) + NOT-FOR-US: Lenovo +CVE-2021-3970 (A potential vulnerability in LenovoVariable SMI Handler due to insuffi ...) + NOT-FOR-US: Lenovo +CVE-2021-3969 (A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMC ...) + NOT-FOR-US: Lenovo +CVE-2021-3968 (vim is vulnerable to Heap-based Buffer Overflow) + - vim 2:8.2.3995-1 (unimportant; bug #1001900) + [buster] - vim (The vulnerable code is not present) + [stretch] - vim (The vulnerable code is not present) + NOTE: https://huntr.dev/bounties/00d62924-a7b4-4a61-ba29-acab2eaa1528/ + NOTE: https://github.com/vim/vim/commit/a062006b9de0b2947ab5fb376c6e67ef92a8cd69 (v8.2.3610) + NOTE: Crash in CLI tool, no security impact +CVE-2022-21741 (Tensorflow is an Open Source Machine Learning Framework. ### Impact An ...) + - tensorflow (bug #804612) +CVE-2022-21740 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21739 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21738 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21737 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21736 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21735 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21734 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21733 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21732 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21731 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21730 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21729 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21728 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21727 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21726 (Tensorflow is an Open Source Machine Learning Framework. The implement ...) + - tensorflow (bug #804612) +CVE-2022-21725 (Tensorflow is an Open Source Machine Learning Framework. The estimator ...) + - tensorflow (bug #804612) +CVE-2022-21724 (pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was foun ...) + {DSA-5196-1 DLA-3018-1} + - libpgjava 42.3.2-1 + NOTE: https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 + NOTE: https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 (REL42.3.2) +CVE-2022-21723 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + [stretch] - ring (Vulnerable code not present) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-006.html + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm + NOTE: https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 +CVE-2022-21722 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 + NOTE: https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a +CVE-2022-21721 (Next.js is a React framework. Starting with version 12.0.0 and prior t ...) + NOT-FOR-US: next.js +CVE-2022-21720 (GLPI is a free asset and IT management software package. Prior to vers ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-21719 (GLPI is a free asset and IT management software package. All GLPI vers ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2022-21718 (Electron is a framework for writing cross-platform desktop application ...) + - electron (bug #842420) +CVE-2022-21717 + RESERVED +CVE-2022-21716 (Twisted is an event-based framework for internet applications, support ...) + {DLA-2938-1} + - twisted 22.2.0-1 + [bullseye] - twisted 20.3.0-7+deb11u1 + [buster] - twisted 18.9.0-3+deb10u1 + NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-rv6r-3f5q-9rgx + NOTE: https://github.com/twisted/twisted/commit/98387b39e9f0b21462f6abc7a1325dc370fcdeb1 + NOTE: https://twistedmatrix.com/trac/ticket/10284 +CVE-2022-21715 (CodeIgniter4 is the 4.x branch of CodeIgniter, a PHP full-stack web fr ...) + - codeigniter (bug #471583) +CVE-2022-21714 + RESERVED +CVE-2022-21713 (Grafana is an open-source platform for monitoring and observability. A ...) + - grafana +CVE-2022-21712 (twisted is an event-driven networking engine written in Python. In aff ...) + {DLA-2927-1} + - twisted 22.1.0-1 + [bullseye] - twisted 20.3.0-7+deb11u1 + [buster] - twisted 18.9.0-3+deb10u1 + NOTE: https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx + NOTE: https://github.com/twisted/twisted/commit/af8fe78542a6f2bf2235ccee8158d9c88d31e8e2 (twisted-22.1.0rc1) +CVE-2022-21711 (elfspirit is an ELF static analysis and injection framework that parse ...) + NOT-FOR-US: elfspirit +CVE-2022-21710 (ShortDescription is a MediaWiki extension that provides local short de ...) + NOT-FOR-US: ShortDescription MediaWiki extension +CVE-2022-21709 + RESERVED +CVE-2022-21708 (graphql-go is a GraphQL server with a focus on ease of use. In version ...) + - golang-github-graph-gophers-graphql-go 1.3.0-1 + [bullseye] - golang-github-graph-gophers-graphql-go (Minor issue) + [buster] - golang-github-graph-gophers-graphql-go (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/graph-gophers/graphql-go/commit/eae31ca73eb3473c544710955d1dbebc22605bfe (v1.3.0) + NOTE: https://github.com/graph-gophers/graphql-go/security/advisories/GHSA-mh3m-8c74-74xh + NOTE: https://github.com/graph-gophers/graphql-go/pull/492 +CVE-2022-21707 (wasmCloud Host Runtime is a server process that securely hosts and pro ...) + NOT-FOR-US: wasmCloud Host Runtime +CVE-2022-21706 (Zulip is an open-source team collaboration tool with topic-based threa ...) + - zulip-server (bug #800052) +CVE-2022-21705 (Octobercms is a self-hosted CMS platform based on the Laravel PHP Fram ...) + NOT-FOR-US: October CMS +CVE-2022-21704 (log4js-node is a port of log4js to node.js. In affected versions defau ...) + {DLA-3229-1} + - node-log4js 6.4.1+~cs8.3.5-1 + [bullseye] - node-log4js 6.3.0+~cs8.3.10-1+deb11u1 + [stretch] - node-log4js (Nodejs in stretch not covered by security support) + NOTE: https://github.com/log4js-node/log4js-node/pull/1141 (v6.4.1) + NOTE: https://github.com/log4js-node/streamroller/pull/87 + NOTE: https://github.com/log4js-node/log4js-node/security/advisories/GHSA-82v2-mx6x-wq7q + NOTE: https://github.com/log4js-node/log4js-node/blob/v6.4.0/CHANGELOG.md#640 +CVE-2022-21703 (Grafana is an open-source platform for monitoring and observability. A ...) + - grafana +CVE-2022-21702 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2022-21701 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-21700 (Micronaut is a JVM-based, full stack Java framework designed for build ...) + NOT-FOR-US: Micronaut +CVE-2022-21699 (IPython (Interactive Python) is a command shell for interactive comput ...) + {DSA-5065-1 DLA-2896-1} + - ipython 7.31.1-1 (bug #1004122) + NOTE: https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x + NOTE: Fixed by: https://github.com/ipython/ipython/commit/1ec91ebf328bdf3450130de4b4604c79dc1e19d9 + NOTE: Testcase: https://github.com/ipython/ipython/commit/56665dfcf7df8690da46aab1278df8e47b14fe3b + NOTE: https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 +CVE-2022-21698 (client_golang is the instrumentation library for Go applications in Pr ...) + - golang-github-prometheus-client-golang 1.11.1-1 (bug #1008008) + [bullseye] - golang-github-prometheus-client-golang (Minor issue) + [buster] - golang-github-prometheus-client-golang (Limited support, minor issue, DoS in specific conditions, follow bullseye DSAs/point-releases) + [stretch] - golang-github-prometheus-client-golang (Minor issue, DoS in specific conditions, requires rebuilding reverse-dependencies; Limited support in stretch) + NOTE: https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p + NOTE: https://github.com/prometheus/client_golang/pull/962 + NOTE: https://github.com/prometheus/client_golang/pull/987 +CVE-2022-21697 (Jupyter Server Proxy is a Jupyter notebook server extension to proxy w ...) + NOT-FOR-US: Jupyter Server Proxy +CVE-2022-21696 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-68vr-8f46-vc9f +CVE-2022-21695 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-99p8-9p2c-49j4 +CVE-2022-21694 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (unimportant; bug #1014966) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-h29c-wcm8-883h + NOTE: https://github.com/onionshare/onionshare/issues/1389 + NOTE: This isn't a security vulnerability by itself +CVE-2022-21693 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jgm9-xpfj-4fq6 +CVE-2022-21692 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-gjj5-998g-v36v +CVE-2022-21691 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-w9m4-7w72-r766 +CVE-2022-21690 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare 2.2-3+deb11u1 + [buster] - onionshare (Vulnerable code introduced later in v2.0) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-ch22-x2v3-v6vq + NOTE: https://github.com/onionshare/onionshare/commit/8f1e7ac224e54f57e43321bba2c2f9fdb5143bb0 (v2.5) +CVE-2022-21689 (OnionShare is an open source tool that lets you securely and anonymous ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare 2.2-3+deb11u1 + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-jh82-c5jw-pxpc + NOTE: https://github.com/onionshare/onionshare/commit/096178a9e6133fd6ca9d95a00a67bba75ccab377 (v2.5) +CVE-2022-21688 (OnionShare is an open source tool that lets you securely and anonymous ...) + NOTE: The report against OnionShare is just a stop gap, this needs to be tracked down/fixed in Qt + NOTE: https://github.com/onionshare/onionshare/security/advisories/GHSA-x7wr-283h-5h2v +CVE-2022-21687 (gh-ost is a triggerless online schema migration solution for MySQL. Ve ...) + NOT-FOR-US: GitHub Online Schema +CVE-2022-21686 (PrestaShop is an Open Source e-commerce platform. Starting with versio ...) + NOT-FOR-US: PrestaShop +CVE-2022-21685 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) + NOT-FOR-US: Frontier +CVE-2022-21684 (Discourse is an open source discussion platform. Versions prior to 2.7 ...) + NOT-FOR-US: Discourse +CVE-2022-21683 (Wagtail is a Django based content management system focused on flexibi ...) + NOT-FOR-US: Wagtail +CVE-2022-21682 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} + - flatpak 1.12.3-1 + [buster] - flatpak (Intrusive and risky to backport) + [stretch] - flatpak (Intrusive and risky to backport) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-8ch7-5j3h-g4fx + NOTE: https://github.com/flatpak/flatpak/commit/445bddeee657fdc8d2a0a1f0de12975400d4fc1a + NOTE: Documentation: https://github.com/flatpak/flatpak/commit/4d11f77aa7fd3e64cfa80af89d92567ab9e8e6fa + NOTE: 1.12.4 added further changes to avoid regressions for some workflows +CVE-2022-21681 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) + - node-marked 4.0.12+ds+~4.0.1-1 + [bullseye] - node-marked (Minor issue) + [buster] - node-marked (Minor issue) + [stretch] - node-marked (Nodejs in stretch not covered by security support) + NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-5v2h-r2cx-5xgj + NOTE: https://github.com/markedjs/marked/commit/8f806573a3f6c6b7a39b8cdb66ab5ebb8d55a5f5 + NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) + NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 +CVE-2022-21680 (Marked is a markdown parser and compiler. Prior to version 4.0.10, the ...) + - node-marked 4.0.12+ds+~4.0.1-1 + [bullseye] - node-marked (Minor issue) + [buster] - node-marked (Minor issue) + [stretch] - node-marked (Nodejs in stretch not covered by security support) + NOTE: https://github.com/markedjs/marked/commit/c4a3ccd344b6929afa8a1d50ac54a721e57012c0 (4.0.10) + NOTE: https://github.com/markedjs/marked/releases/tag/v4.0.10 + NOTE: https://github.com/markedjs/marked/security/advisories/GHSA-rrrm-qjm4-v8hf +CVE-2022-21679 (Istio is an open platform to connect, manage, and secure microservices ...) + NOT-FOR-US: Istio +CVE-2022-21678 (Discourse is an open source discussion platform. Prior to version 2.8. ...) + NOT-FOR-US: Discourse +CVE-2022-21677 (Discourse is an open source discussion platform. Discourse groups can ...) + NOT-FOR-US: Discourse +CVE-2022-21676 (Engine.IO is the implementation of transport-based cross-browser/cross ...) + NOT-FOR-US: Engine.IO +CVE-2022-21675 (Bytecode Viewer (BCV) is a Java/Android reverse engineering suite. Ver ...) + NOT-FOR-US: Bytecode Viewer +CVE-2022-21674 + RESERVED +CVE-2022-21673 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2022-21672 (make-ca is a utility to deliver and manage a complete PKI configuratio ...) + NOT-FOR-US: make-ca +CVE-2022-21671 (@replit/crosis is a JavaScript client that speaks Replit's container p ...) + NOT-FOR-US: crosis +CVE-2022-21670 (markdown-it is a Markdown parser. Prior to version 1.3.2, special patt ...) + - node-markdown-it 10.0.0+dfsg-6 + [bullseye] - node-markdown-it 10.0.0+dfsg-2+deb11u1 + NOTE: https://github.com/markdown-it/markdown-it/security/advisories/GHSA-6vfc-qv3f-vr6c + NOTE: https://github.com/markdown-it/markdown-it/commit/ffc49ab46b5b751cd2be0aabb146f2ef84986101 (12.3.2) +CVE-2022-21669 (PuddingBot is a group management bot. In version 0.0.6-b933652 and pri ...) + NOT-FOR-US: PuddingBot +CVE-2022-21668 (pipenv is a Python development workflow tool. Starting with version 20 ...) + - pipenv (Vulnerable code not uploaded) + NOTE: https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w + NOTE: https://github.com/pypa/pipenv/releases/tag/v2022.1.8 + NOTE: https://github.com/pypa/pipenv/pull/4899 (v2022.1.8) + NOTE: Introduced by: https://github.com/pypa/pipenv/commit/742988169333ba14a4b2b6f527a604d6f0bc9e09 (v2018.10.9) + NOTE: Fixed by: https://github.com/pypa/pipenv/commit/167909839a95ef5aa379fe12d4564b2b829cc175 (v2022.1.8) +CVE-2022-21667 (soketi is an open-source WebSockets server. There is an unhandled case ...) + NOT-FOR-US: soketi +CVE-2022-21666 (Useful Simple Open-Source CMS (USOC) is a content management system (C ...) + NOT-FOR-US: Useful Simple Open-Source CMS (USOC) +CVE-2022-21665 + RESERVED +CVE-2022-21664 (WordPress is a free and open-source content management system written ...) + {DSA-5039-1 DLA-2884-1} + - wordpress 5.8.3+dfsg1-1 (bug #1003243) + NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86 + NOTE: https://github.com/WordPress/wordpress-develop/commit/c09ccfbc547d75b392dbccc1ef0b4442ccd3c957 +CVE-2022-21663 (WordPress is a free and open-source content management system written ...) + {DSA-5039-1 DLA-2884-1} + - wordpress 5.8.3+dfsg1-1 (bug #1003243) + NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h + NOTE: https://hackerone.com/reports/541469 +CVE-2022-21662 (WordPress is a free and open-source content management system written ...) + {DSA-5039-1 DLA-2884-1} + - wordpress 5.8.3+dfsg1-1 (bug #1003243) + NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w + NOTE: https://hackerone.com/reports/425342 +CVE-2022-21661 (WordPress is a free and open-source content management system written ...) + {DSA-5039-1 DLA-2884-1} + - wordpress 5.8.3+dfsg1-1 (bug #1003243) + NOTE: https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/ + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84 + NOTE: https://github.com/WordPress/wordpress-develop/commit/17efac8c8ec64555eff5cf51a3eff81e06317214 + NOTE: https://hackerone.com/reports/1378209 + NOTE: https://www.zerodayinitiative.com/blog/2022/1/18/cve-2021-21661-exposing-database-info-via-wordpress-sql-injection +CVE-2022-21660 (Gin-vue-admin is a backstage management system based on vue and gin. I ...) + NOT-FOR-US: Gin-vue-admin +CVE-2022-21659 (Flask-AppBuilder is an application development framework, built on top ...) + - flask-appbuilder (Fixed before initial upload to archive) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-wfjw-w6pv-8p7f + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/pull/1775 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/e2b744c258ff62ece9d5ac7172c3b4644ff4c2fe (3.4.4) +CVE-2022-21658 (Rust is a multi-paradigm, general-purpose programming language designe ...) + [experimental] - rustc 1.57.0+dfsg1-1~exp1 + - rustc 1.57.0+dfsg1-1 + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/wg-security-response/tree/master/patches/CVE-2022-21658 + NOTE: https://www.openwall.com/lists/oss-security/2022/01/20/1 +CVE-2022-21657 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2022-21656 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2022-21655 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2022-21654 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2022-21653 (Jawn is an open source JSON parser. Extenders of the `org.typelevel.ja ...) + - jawn (Vulnerable code not uploaded) + NOTE: https://github.com/typelevel/jawn/pull/390 + NOTE: https://github.com/typelevel/jawn/commit/e5ddb114ed5d45ee0a605da06a280207bf9f9f58 (1.3.2) + NOTE: https://github.com/typelevel/jawn/commit/0707e2569f43ff6195f90cc0dfc2d0ca79b51dd1 (1.3.2) +CVE-2022-21652 (Shopware is an open source e-commerce software platform. In affected v ...) + NOT-FOR-US: Shopware +CVE-2022-21651 (Shopware is an open source e-commerce software platform. An open redir ...) + NOT-FOR-US: Shopware +CVE-2022-21650 (Convos is an open source multi-user chat that runs in a web browser. Y ...) + NOT-FOR-US: Convos +CVE-2022-21649 (Convos is an open source multi-user chat that runs in a web browser. C ...) + NOT-FOR-US: Convos +CVE-2022-21648 (Latte is an open source template engine for PHP. Versions since 2.8.0 ...) + - php-nette + [stretch] - php-nette (Sandbox first appeared in Latte 2.8.0 so older versions are not affected.) + NOTE: https://github.com/nette/latte/security/advisories/GHSA-36m2-8rhx-f36j + NOTE: https://github.com/nette/latte/commit/9e1b4f7d70f7a9c3fa6753ffa7d7e450a3d4abb0 +CVE-2022-21647 (CodeIgniter is an open source PHP full-stack web framework. Deserializ ...) + - codeigniter (bug #471583) +CVE-2022-21646 (SpiceDB is a database system for managing security-critical applicatio ...) + NOT-FOR-US: Go SpiceDB +CVE-2022-21645 + RESERVED +CVE-2022-21644 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) + NOT-FOR-US: USOC +CVE-2022-21643 (USOC is an open source CMS with a focus on simplicity. In affected ver ...) + NOT-FOR-US: USOC +CVE-2022-21642 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-43959 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43958 (Various rest resources in Fisheye and Crucible before version 4.8.9 al ...) + NOT-FOR-US: Atlassian +CVE-2021-43957 (Affected versions of Atlassian Fisheye & Crucible allowed remote attac ...) + NOT-FOR-US: Atlassian +CVE-2021-43956 (The jQuery deserialize library in Fisheye and Crucible before version ...) + NOT-FOR-US: Atlassian +CVE-2021-43955 (The /rest-service-fecru/server-v1 resource in Fisheye and Crucible bef ...) + NOT-FOR-US: Atlassian +CVE-2021-43954 (The DefaultRepositoryAdminService class in Fisheye and Crucible before ...) + NOT-FOR-US: Atlassian +CVE-2021-43953 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-43952 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-43951 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43950 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43949 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43948 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43947 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43946 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-43945 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43944 (This issue exists to document that a security improvement in the way t ...) + NOT-FOR-US: Atlassian +CVE-2021-43943 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-43942 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43941 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-43940 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + NOT-FOR-US: Atlassian Confluence +CVE-2021-43939 (Elcomplus SmartPTT is vulnerable when a low-authenticated user can acc ...) + NOT-FOR-US: Elcomplus SmartPTT +CVE-2021-43938 (Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated us ...) + NOT-FOR-US: Elcomplus SmartPTT SCADA Server +CVE-2021-43937 (Elcomplus SmartPTT SCADA Server web application does not, or cannot, s ...) + NOT-FOR-US: Elcomplus SmartPTT SCADA Server +CVE-2021-43936 (The software allows the attacker to upload or transfer files of danger ...) + NOT-FOR-US: Distributed Data Systems +CVE-2021-43935 (The impacted products, when configured to use SSO, are affected by an ...) + NOT-FOR-US: Hillrom +CVE-2021-43934 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...) + NOT-FOR-US: Elcomplus SmartPTT +CVE-2021-43933 (The affected product is vulnerable to a network-based attack by threat ...) + NOT-FOR-US: FANUC Roboguide +CVE-2021-43932 (Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript c ...) + NOT-FOR-US: Elcomplus SmartPTT +CVE-2021-43931 (The authentication algorithm of the WebHMI portal is sound, but the im ...) + NOT-FOR-US: Distributed Data Systems +CVE-2021-43930 (Elcomplus SmartPTT is vulnerable as the backup and restore system does ...) + NOT-FOR-US: Elcomplus SmartPTT +CVE-2021-43929 (Improper neutralization of special elements in output used by a downst ...) + NOT-FOR-US: Synology +CVE-2021-43928 (Improper neutralization of special elements used in an OS command ('OS ...) + NOT-FOR-US: Synology +CVE-2021-43927 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43926 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43925 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-43924 + RESERVED +CVE-2021-43923 + RESERVED +CVE-2021-43922 + RESERVED +CVE-2021-43921 + RESERVED +CVE-2021-43920 + RESERVED +CVE-2021-43919 + RESERVED +CVE-2021-43918 + RESERVED +CVE-2021-43917 + RESERVED +CVE-2021-43916 + RESERVED +CVE-2021-43915 + RESERVED +CVE-2021-43914 + RESERVED +CVE-2021-43913 + RESERVED +CVE-2021-43912 + RESERVED +CVE-2021-43911 + RESERVED +CVE-2021-43910 + RESERVED +CVE-2021-43909 + RESERVED +CVE-2021-43908 (Visual Studio Code Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43907 (Visual Studio Code WSL Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43906 + RESERVED +CVE-2021-43905 (Microsoft Office app Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43904 + RESERVED +CVE-2021-43903 + RESERVED +CVE-2021-43902 + RESERVED +CVE-2021-43901 + RESERVED +CVE-2021-43900 + RESERVED +CVE-2021-43899 (Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-43898 + RESERVED +CVE-2021-43897 + RESERVED +CVE-2021-43896 (Microsoft PowerShell Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43895 + RESERVED +CVE-2021-43894 + RESERVED +CVE-2021-43893 (Windows Encrypting File System (EFS) Elevation of Privilege Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-43892 (Microsoft BizTalk ESB Toolkit Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43891 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43890 (Windows AppX Installer Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43889 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43888 (Microsoft Defender for IoT Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43887 + RESERVED +CVE-2021-43886 + RESERVED +CVE-2021-43885 + RESERVED +CVE-2021-43884 + RESERVED +CVE-2021-43883 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43882 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43881 + RESERVED +CVE-2021-43880 (Windows Mobile Device Management Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43879 + RESERVED +CVE-2021-43878 + RESERVED +CVE-2021-43877 (ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: .NET core +CVE-2021-43876 (Microsoft SharePoint Elevation of Privilege Vulnerability.) + NOT-FOR-US: Microsoft +CVE-2021-43875 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43874 + REJECTED +CVE-2021-43873 + REJECTED +CVE-2021-43872 + REJECTED +CVE-2021-43871 + REJECTED +CVE-2021-43870 + REJECTED +CVE-2021-43869 + REJECTED +CVE-2021-43868 + REJECTED +CVE-2021-43867 + REJECTED +CVE-2021-43866 + REJECTED +CVE-2021-43865 + REJECTED +CVE-2021-43864 + REJECTED +CVE-2021-43863 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-43862 (jQuery Terminal Emulator is a plugin for creating command line interpr ...) + NOT-FOR-US: jQuery Terminal Emulator +CVE-2021-43861 (Mermaid is a Javascript based diagramming and charting tool that uses ...) + - node-mermaid 8.13.8+~cs10.4.16-1 + [bullseye] - node-mermaid 8.7.0+ds+~cs27.17.17-3+deb11u2 + NOTE: https://github.com/mermaid-js/mermaid/security/advisories/GHSA-p3rp-vmj9-gv6v + NOTE: https://github.com/mermaid-js/mermaid/commit/066b7a0d0bda274d94a2f2d21e4323dab5776d83 +CVE-2021-43860 (Flatpak is a Linux application sandboxing and distribution framework. ...) + {DSA-5049-1} + - flatpak 1.12.3-1 + [buster] - flatpak (Intrusive and risky to backport) + [stretch] - flatpak (Intrusive and risky to backport) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-qpjc-vq3c-572j + NOTE: https://github.com/flatpak/flatpak/commit/ba818f504c926baaf6e362be8159cfacf994310e + NOTE: https://github.com/flatpak/flatpak/commit/d9a8f9d8ccc0b7c1135d0ecde006a75d25f66aee + NOTE: https://github.com/flatpak/flatpak/commit/93357d357119093804df05acc32ff335839c6451 + NOTE: https://github.com/flatpak/flatpak/commit/65cbfac982cb1c83993a9e19aa424daee8e9f042 +CVE-2021-43859 (XStream is an open source java library to serialize objects to XML and ...) + {DLA-2924-1} + - libxstream-java 1.4.19-1 + [bullseye] - libxstream-java (Minor issue) + [buster] - libxstream-java (Minor issue) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf + NOTE: https://x-stream.github.io/CVE-2021-43859.html + NOTE: https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672e0c0c3a846 +CVE-2021-43858 (MinIO is a Kubernetes native application for cloud storage. Prior to v ...) + NOT-FOR-US: MinIO +CVE-2021-43857 (Gerapy is a distributed crawler management framework. Gerapy prior to ...) + NOT-FOR-US: Gerapy +CVE-2021-43856 (Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is ...) + NOT-FOR-US: Wiki.js +CVE-2021-43855 (Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is ...) + NOT-FOR-US: Wiki.js +CVE-2021-43854 (NLTK (Natural Language Toolkit) is a suite of open source Python modul ...) + - nltk 3.6.7-1 (bug #1002623) + [bullseye] - nltk (Minor issue) + [buster] - nltk (Minor issue) + [stretch] - nltk (Minor issue) + NOTE: https://github.com/nltk/nltk/security/advisories/GHSA-f8m6-h2c7-8h9x + NOTE: https://github.com/nltk/nltk/issues/2866 + NOTE: https://github.com/nltk/nltk/pull/2869 + NOTE: https://github.com/nltk/nltk/commit/1405aad979c6b8080dbbc8e0858f89b2e3690341 (3.6.6) +CVE-2021-43853 (Ajax.NET Professional (AjaxPro) is an AJAX framework available for Mic ...) + NOT-FOR-US: Ajax.NET Professional +CVE-2021-43852 (OroPlatform is a PHP Business Application Platform. In affected versio ...) + NOT-FOR-US: OroPlatform +CVE-2021-43851 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-43850 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-43849 (cordova-plugin-fingerprint-aio is a plugin provides a single and simpl ...) + NOT-FOR-US: cordova-plugin-fingerprint-aio +CVE-2021-43848 (h2o is an open source http server. In code prior to the `8c0eca3` comm ...) + - h2o (Vulnerable code not yet uploaded) + NOTE: https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4 + NOTE: Introduced by: https://github.com/h2o/h2o/commit/93af1383b248e9284ba5f63211b4fbb4c828d060 + NOTE: Fixed by: https://github.com/h2o/h2o/commit/8c0eca3d9bc1f08e7c6bdf57645f3d54aed7d844 +CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prior to H ...) + NOT-FOR-US: HumHub Social Network Kit Enterprise +CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) + NOT-FOR-US: solidus_frontend +CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh + NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 + NOTE: https://github.com/pjsip/pjproject/pull/2924 +CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) + NOT-FOR-US: MSEdgeRedirect +CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) + NOT-FOR-US: jsx-slack +CVE-2021-43842 (Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and e ...) + NOT-FOR-US: Wiki.js +CVE-2021-43841 (XWiki is a generic wiki platform offering runtime services for applica ...) + NOT-FOR-US: XWiki +CVE-2021-43840 (message_bus is a messaging bus for Ruby processes and web clients. In ...) + NOT-FOR-US: Discourse Message Bus middleware +CVE-2021-43839 (Cronos is a commercial implementation of a blockchain. In Cronos nodes ...) + NOT-FOR-US: Cronos +CVE-2021-43838 (jsx-slack is a library for building JSON objects for Slack Block Kit s ...) + NOT-FOR-US: jsx-slack +CVE-2021-43837 (vault-cli is a configurable command-line interface tool (and python li ...) + NOT-FOR-US: Hashicorp vault-cli +CVE-2021-43836 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-43835 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-43834 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) + NOT-FOR-US: eLabFTW +CVE-2021-43833 (eLabFTW is an electronic lab notebook manager for research teams. In v ...) + NOT-FOR-US: eLabFTW +CVE-2021-43832 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + NOT-FOR-US: Spinnaker +CVE-2021-43831 (Gradio is an open source framework for building interactive machine le ...) + NOT-FOR-US: gradio +CVE-2021-43830 (OpenProject is a web-based project management software. OpenProject ve ...) + NOT-FOR-US: OpenProject +CVE-2021-43829 (PatrOwl is a free and open-source solution for orchestrating Security ...) + NOT-FOR-US: PatrOwl +CVE-2021-43828 (PatrOwl is a free and open-source solution for orchestrating Security ...) + NOT-FOR-US: PatrOwl +CVE-2021-43827 (discourse-footnote is a library providing footnotes for posts in Disco ...) + NOT-FOR-US: discourse-footnote +CVE-2021-43826 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2021-43825 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2021-43824 (Envoy is an open source edge and service proxy, designed for cloud-nat ...) + - envoyproxy (bug #987544) +CVE-2021-43823 (Sourcegraph is a code search and navigation engine. Sourcegraph prior ...) + NOT-FOR-US: Sourcegraph +CVE-2021-43822 (Jackalope Doctrine-DBAL is an implementation of the PHP Content Reposi ...) + NOT-FOR-US: Jackalope Doctrine-DBAL +CVE-2021-43821 (Opencast is an Open Source Lecture Capture & Video Management for Educ ...) + NOT-FOR-US: Opencast +CVE-2021-43820 (Seafile is an open source cloud storage system. A sync token is used i ...) + - seafile-server (bug #865830) + NOTE: https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8 + NOTE: https://github.com/haiwen/seafile-server/pull/520 +CVE-2021-43819 (Stargate-Bukkit is a mod for the minecraft video game which adds a por ...) + NOT-FOR-US: Stargate-Bukkit +CVE-2021-43818 (lxml is a library for processing XML and HTML in the Python language. ...) + {DSA-5043-1 DLA-2871-1} + - lxml 4.7.1-1 (bug #1001885) + NOTE: https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8 + NOTE: https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a (lxml-4.6.5) + NOTE: https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0 (lxml-4.6.5) +CVE-2021-43817 (Collabora Online is a collaborative online office suite based on Libre ...) + NOT-FOR-US: Collabora Online +CVE-2021-43816 (containerd is an open source container runtime. On installations using ...) + - containerd 1.5.9~ds1-1 + [bullseye] - containerd (Vulnerable code introduced in 1.5.0) + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-mvff-h3cj-wj9c + NOTE: Fixed by: https://github.com/containerd/containerd/commit/1407cab509ff0d96baa4f0eb6ff9980270e6e620 +CVE-2021-43815 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana +CVE-2021-43814 (Rizin is a UNIX-like reverse engineering framework and command-line to ...) + NOT-FOR-US: Rizin +CVE-2021-43813 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana +CVE-2021-43812 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) + NOT-FOR-US: Auth0 Next.js SDK +CVE-2021-43811 (Sockeye is an open-source sequence-to-sequence framework for Neural Ma ...) + NOT-FOR-US: Sockeye +CVE-2021-43810 (Admidio is a free open source user management system for websites of o ...) + NOT-FOR-US: Admidio +CVE-2021-43809 (`Bundler` is a package for managing application dependencies in Ruby. ...) + - rubygems 3.3.5-1 + [bullseye] - rubygems (Minor issue) + NOTE: https://github.com/rubygems/rubygems/security/advisories/GHSA-fj7f-vq84-fh43 + NOTE: https://github.com/rubygems/rubygems/commit/90b1ed8b9f8b636aa8c913f7b5a764a2e03d179c (v3.3.0) + NOTE: https://github.com/rubygems/rubygems/pull/5142 +CVE-2021-43808 (Laravel is a web application framework. Laravel prior to versions 8.75 ...) + - php-laravel-framework 6.20.14+dfsg-3 (bug #1001333) + [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1 + NOTE: https://github.com/laravel/framework/security/advisories/GHSA-66hf-2p6w-jqfw + NOTE: https://github.com/laravel/framework/commit/b8174169b1807f36de1837751599e2828ceddb9b (v6.20.42) +CVE-2021-43807 (Opencast is an Open Source Lecture Capture & Video Management for Educ ...) + NOT-FOR-US: Opencast +CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) + NOT-FOR-US: Solidus +CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.12.0~dfsg+~cs6.12.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 + NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e +CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...) + NOT-FOR-US: next.js +CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...) + - etherpad-lite (bug #576998) +CVE-2021-43801 (Mercurius is a GraphQL adapter for Fastify. Any users from Mercurius@8 ...) + NOT-FOR-US: Mercurius +CVE-2021-43800 (Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, dire ...) + NOT-FOR-US: Wiki.js +CVE-2021-43799 (Zulip is an open-source team collaboration tool. Zulip Server installs ...) + - zulip-server (bug #800052) +CVE-2021-43798 (Grafana is an open-source platform for monitoring and observability. G ...) + - grafana +CVE-2021-43797 (Netty is an asynchronous event-driven network application framework fo ...) + {DSA-5316-1 DLA-3268-1} + - netty 1:4.1.48-6 (bug #1001437) + [stretch] - netty (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq + NOTE: https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 (netty-4.1.71.Final) +CVE-2021-43796 + RESERVED +CVE-2021-43795 (Armeria is an open source microservice framework. In affected versions ...) + NOT-FOR-US: Armeria +CVE-2021-43794 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43793 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43792 (Discourse is an open source discussion platform. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-43791 (Zulip is an open source group chat application that combines real-time ...) + - zulip-server (bug #800052) +CVE-2021-43790 (Lucet is a native WebAssembly compiler and runtime. There is a bug in ...) + NOT-FOR-US: Lucet +CVE-2021-43789 (PrestaShop is an Open Source e-commerce web application. Versions of P ...) + NOT-FOR-US: PrestaShop +CVE-2021-43788 (Nodebb is an open source Node.js based forum software. Prior to v1.18. ...) + NOT-FOR-US: Nodebb +CVE-2021-43787 (Nodebb is an open source Node.js based forum software. In affected ver ...) + NOT-FOR-US: Nodebb +CVE-2021-43786 (Nodebb is an open source Node.js based forum software. In affected ver ...) + NOT-FOR-US: Nodebb +CVE-2021-43785 (@joeattardi/emoji-button is a Vanilla JavaScript emoji picker componen ...) + NOT-FOR-US: @joeattardi/emoji-button +CVE-2021-43784 (runc is a CLI tool for spawning and running containers on Linux accord ...) + {DLA-2841-1} + - runc 1.0.3+ds1-1 + [bullseye] - runc (Minor issue; not exploitable in 1.0.0) + [buster] - runc (Minor issue; not exploitable in 1.0.0) + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f + NOTE: https://www.openwall.com/lists/oss-security/2021/12/06/1 + NOTE: Fixed by: https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae +CVE-2021-43783 (@backstage/plugin-scaffolder-backend is the backend for the default Ba ...) + NOT-FOR-US: @backstage/plugin-scaffolder-backend +CVE-2021-43782 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-43781 (Invenio-Drafts-Resources is a submission/deposit module for Invenio, a ...) + NOT-FOR-US: Invenio-Drafts-Resources +CVE-2021-43780 (Redash is a package for data visualization and sharing. In versions 10 ...) + NOT-FOR-US: Redash +CVE-2021-43779 (GLPI is an open source IT Asset Management, issue tracking system and ...) + - glpi (unimportant) + NOTE: https://github.com/pluginsGLPI/addressing/security/advisories/GHSA-q5fp-xpr8-77jh + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-43778 (Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI inst ...) + NOT-FOR-US: GLPI plugin +CVE-2021-43777 (Redash is a package for data visualization and sharing. In Redash vers ...) + NOT-FOR-US: Redash +CVE-2021-43776 (Backstage is an open platform for building developer portals. In affec ...) + NOT-FOR-US: Backstage +CVE-2021-43775 (Aim is an open-source, self-hosted machine learning experiment trackin ...) + NOT-FOR-US: Aim +CVE-2021-3967 (Improper Access Control in GitHub repository zulip/zulip prior to 4.10 ...) + - zulip-server (bug #800052) +CVE-2021-3966 (usb device bluetooth class includes a buffer overflow related to imple ...) + NOT-FOR-US: Zephyr +CVE-2021-3965 (Certain HP DesignJet products may be vulnerable to unauthenticated HTT ...) + NOT-FOR-US: HP +CVE-2021-43774 (A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 ...) + NOT-FOR-US: Fujifilm +CVE-2021-43773 + RESERVED +CVE-2021-43772 (Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability th ...) + NOT-FOR-US: Trend Micro +CVE-2021-43771 (Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an ...) + NOT-FOR-US: Trend Micro +CVE-2021-3964 (elgg is vulnerable to Authorization Bypass Through User-Controlled Key) + - elgg (bug #526197) +CVE-2021-3963 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: kimai2 +CVE-2021-3962 (A flaw was found in ImageMagick where it did not properly sanitize cer ...) + - imagemagick (Specific to 7.x) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4446 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/82775af03bbb10a0a1d0e15c0156c75673b4525e +CVE-2022-21641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 +CVE-2022-21640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21639 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 +CVE-2022-21637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21636 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2022-21635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 +CVE-2022-21634 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21631 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21630 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21629 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21628 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-8 8u352-ga-1 + - openjdk-11 11.0.17+8-1 + - openjdk-17 17.0.5+8-1 +CVE-2022-21627 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-21626 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5331-1 DLA-3307-1} + - openjdk-8 8u352-ga-1 + - openjdk-11 11.0.17+8-1 +CVE-2022-21625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21624 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-8 8u352-ga-1 + - openjdk-11 11.0.17+8-1 + - openjdk-17 17.0.5+8-1 +CVE-2022-21623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21622 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2022-21621 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-21620 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.40-dfsg-1 + NOTE: https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixOVIR +CVE-2022-21619 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1 DSA-5331-1 DLA-3307-1} + - openjdk-8 8u352-ga-1 + - openjdk-11 11.0.17+8-1 + - openjdk-17 17.0.5+8-1 +CVE-2022-21618 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5335-1} + - openjdk-17 17.0.5+8-1 +CVE-2022-21617 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21616 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21615 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21614 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21613 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21612 (Vulnerability in the Oracle Enterprise Data Quality product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21611 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21610 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2022-21608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21606 (Vulnerability in the Oracle Services for Microsoft Transaction Server ...) + NOT-FOR-US: Oracle +CVE-2022-21605 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21603 (Vulnerability in the Oracle Database - Sharding component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2022-21602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21601 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21600 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2022-21599 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21598 (Vulnerability in the Siebel Core - DB Deployment and Configuration pro ...) + NOT-FOR-US: Oracle +CVE-2022-21597 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21596 (Vulnerability in the Oracle Database - Advanced Queuing component of O ...) + NOT-FOR-US: Oracle +CVE-2022-21595 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2022-21594 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.31-1 (bug #1024016) +CVE-2022-21593 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2022-21592 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 +CVE-2022-21591 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21590 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2022-21589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 (Fixed before initial uplod to Debian) +CVE-2022-21588 + RESERVED +CVE-2022-21587 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + NOT-FOR-US: Oracle +CVE-2022-21586 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21585 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21584 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21583 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21582 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21581 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21580 (Vulnerability in the Oracle Financial Services Revenue Management and ...) + NOT-FOR-US: Oracle +CVE-2022-21579 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21578 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21577 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21576 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21575 (Vulnerability in the Oracle WebCenter Sites Support Tools product of O ...) + NOT-FOR-US: Oracle +CVE-2022-21574 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21573 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21572 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21571 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.36-dfsg-1 + NOTE: https://null2root.github.io/blog/2022/07/21/When-Hypervisor-Met-Snapshot-Fuzzing.html +CVE-2022-21570 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2022-21569 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21568 (Vulnerability in the Oracle iReceivables product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2022-21567 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2022-21566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2022-21565 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2022-21564 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21563 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21562 (Vulnerability in the Oracle SOA Suite product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2022-21561 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21560 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21559 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + NOT-FOR-US: Oracle +CVE-2022-21558 (Vulnerability in the Oracle Crystal Ball product of Oracle Constructio ...) + NOT-FOR-US: Oracle +CVE-2022-21557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21556 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21555 (Vulnerability in the MySQL Shell for VS Code product of Oracle MySQL ( ...) + NOT-FOR-US: MySQL Shell for VS Code +CVE-2022-21554 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.36-dfsg-1 +CVE-2022-21553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21552 (Vulnerability in the Oracle WebCenter Content product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2022-21551 (Vulnerability in Oracle GoldenGate (component: Oracle GoldenGate). The ...) + NOT-FOR-US: Oracle +CVE-2022-21550 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21549 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5192-1} + - openjdk-17 17.0.4+8-1 +CVE-2022-21548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21546 + RESERVED +CVE-2022-21545 (Vulnerability in the Oracle iRecruitment product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2022-21544 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21543 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21542 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21541 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5192-1 DSA-5188-1} + - openjdk-8 8u342-b07-1 + - openjdk-11 11.0.16+8-1 + - openjdk-17 17.0.4+8-1 +CVE-2022-21540 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5192-1 DSA-5188-1} + - openjdk-8 8u342-b07-1 + - openjdk-11 11.0.16+8-1 + - openjdk-17 17.0.4+8-1 +CVE-2022-21539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21538 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21536 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21535 (Vulnerability in the MySQL Shell product of Oracle MySQL (component: S ...) + NOT-FOR-US: MySQL Shell +CVE-2022-21534 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21533 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21532 (Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of ...) + NOT-FOR-US: Oracle +CVE-2022-21531 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21530 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21529 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21528 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21527 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21526 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21525 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21524 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21523 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2022-21522 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21521 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21520 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21519 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21518 (Vulnerability in the Oracle Health Sciences Data Management Workbench ...) + NOT-FOR-US: Oracle +CVE-2022-21517 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21516 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21515 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21514 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21513 (Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21512 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21511 (Vulnerability in the Oracle Database - Enterprise Edition Recovery com ...) + NOT-FOR-US: Oracle +CVE-2022-21510 (Vulnerability in the Oracle Database - Enterprise Edition Sharding com ...) + NOT-FOR-US: Oracle +CVE-2022-21509 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21508 (Vulnerability in Oracle Essbase (component: Security and Provisioning) ...) + NOT-FOR-US: Oracle +CVE-2022-21507 + RESERVED +CVE-2022-21506 + RESERVED +CVE-2022-21505 + RESERVED + - linux 5.18.16-1 + [bullseye] - linux 5.10.136-1 + [buster] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2022/07/19/4 + NOTE: https://git.kernel.org/linus/543ce63b664e2c2f9533d089a4664b559c3e6b5b (v5.19-rc8) +CVE-2022-21504 (The code in UEK6 U3 was missing an appropiate file descriptor count to ...) + NOT-FOR-US: Oracle +CVE-2022-21503 (Vulnerability in the Oracle Cloud Infrastructure product of Oracle Clo ...) + NOT-FOR-US: Oracle +CVE-2022-21502 + RESERVED +CVE-2022-21501 + RESERVED +CVE-2022-21500 (Vulnerability in Oracle E-Business Suite (component: Manage Proxies). ...) + NOT-FOR-US: Oracle +CVE-2022-21499 (KGDB and KDB allow read and write access to kernel memory, and thus sh ...) + {DSA-5161-1} + - linux 5.17.11-1 + [buster] - linux (kgdb not enabled) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2022/05/24/7 + NOTE: https://git.kernel.org/linus/eadb2f47a3ced5c64b23b90fd2a3463f63726066 (5.19-rc1) +CVE-2022-21498 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2022-21497 (Vulnerability in the Oracle Web Services Manager product of Oracle Fus ...) + NOT-FOR-US: Oracle +CVE-2022-21496 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5131-1 DSA-5128-1 DLA-3006-1} + - openjdk-8 8u332-ga-1 + - openjdk-11 11.0.15+10-1 + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21495 + RESERVED +CVE-2022-21494 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21493 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21492 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2022-21491 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.34-dfsg-1 +CVE-2022-21490 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21489 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21488 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.34-dfsg-1 +CVE-2022-21487 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.34-dfsg-1 +CVE-2022-21486 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21485 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21484 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21483 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21482 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21481 (Vulnerability in the PeopleSoft Enterprise FIN Cash Management product ...) + NOT-FOR-US: Oracle +CVE-2022-21480 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21479 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21478 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21477 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2022-21476 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5131-1 DSA-5128-1 DLA-3006-1} + - openjdk-8 8u332-ga-1 + - openjdk-11 11.0.15+10-1 (bug #1010597) + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21475 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + NOT-FOR-US: Oracle +CVE-2022-21474 (Vulnerability in the Oracle Banking Trade Finance product of Oracle Fi ...) + NOT-FOR-US: Oracle +CVE-2022-21473 (Vulnerability in the Oracle Banking Treasury Management product of Ora ...) + NOT-FOR-US: Oracle +CVE-2022-21472 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21471 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.34-dfsg-1 +CVE-2022-21470 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21469 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21468 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2022-21467 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) + NOT-FOR-US: Oracle +CVE-2022-21466 (Vulnerability in the Oracle Commerce Guided Search product of Oracle C ...) + NOT-FOR-US: Oracle +CVE-2022-21465 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.34-dfsg-1 +CVE-2022-21464 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21463 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21462 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21461 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21460 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 + - mysql-5.7 +CVE-2022-21459 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21458 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21457 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21456 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21455 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.30-1 (bug #1015789) +CVE-2022-21454 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21453 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21452 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21451 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 + - mysql-5.7 +CVE-2022-21450 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub produc ...) + NOT-FOR-US: Oracle +CVE-2022-21449 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5128-1} + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21448 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2022-21447 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) + NOT-FOR-US: Oracle +CVE-2022-21446 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21445 (Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middle ...) + NOT-FOR-US: Oracle +CVE-2022-21444 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 + - mysql-5.7 +CVE-2022-21443 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5131-1 DSA-5128-1 DLA-3006-1} + - openjdk-8 8u332-ga-1 + - openjdk-11 11.0.15+10-1 + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21442 (Vulnerability in Oracle GoldenGate (component: OGG Core Library). The ...) + NOT-FOR-US: Oracle +CVE-2022-21441 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21440 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21439 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21438 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21437 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21436 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21435 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21434 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5131-1 DSA-5128-1 DLA-3006-1} + - openjdk-8 8u332-ga-1 + - openjdk-11 11.0.15+10-1 + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21433 + RESERVED +CVE-2022-21432 (Vulnerability in the Oracle Database - Enterprise Edition RDBMS Securi ...) + NOT-FOR-US: Oracle +CVE-2022-21431 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21430 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21429 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21428 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21427 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + {DLA-3114-1} + - mysql-8.0 8.0.29-1 + - mysql-5.7 + - mariadb-10.5 1:10.5.8-1 + - mariadb-10.3 + NOTE: Fixed in MariaDB: 10.5.7, 10.4.25, 10.3.35, 10.2.44 +CVE-2022-21426 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5131-1 DSA-5128-1 DLA-3006-1} + - openjdk-8 8u332-ga-1 + - openjdk-11 11.0.15+10-1 + - openjdk-17 17.0.3+7-1 + - openjdk-18 18.0.1+10-1 +CVE-2022-21425 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21424 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21423 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21422 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21421 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2022-21420 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2022-21419 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2022-21418 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21417 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 + - mysql-5.7 +CVE-2022-21416 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21415 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21414 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21413 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21412 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21411 (Vulnerability in the RDBMS Gateway / Generic ODBC Connectivity compone ...) + NOT-FOR-US: Oracle +CVE-2022-21410 (Vulnerability in the Oracle Database - Enterprise Edition Sharding com ...) + NOT-FOR-US: Oracle +CVE-2022-21409 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21408 + RESERVED +CVE-2022-21407 + RESERVED +CVE-2022-21406 + RESERVED +CVE-2022-21405 (Vulnerability in the OSS Support Tools product of Oracle Support Tools ...) + NOT-FOR-US: Oracle +CVE-2022-21404 (Vulnerability in the Helidon product of Oracle Fusion Middleware (comp ...) + NOT-FOR-US: Oracle +CVE-2022-21403 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21402 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21401 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21400 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21399 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21398 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21397 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21396 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21395 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21394 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.32-dfsg-1 +CVE-2022-21393 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2022-21392 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2022-21391 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21390 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21389 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21388 (Vulnerability in the Oracle Communications Pricing Design Center produ ...) + NOT-FOR-US: Oracle +CVE-2022-21387 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + NOT-FOR-US: Oracle +CVE-2022-21386 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21385 (A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivile ...) + - linux 4.19.37-1 + NOTE: https://git.kernel.org/linus/ea010070d0a7497253d5a6f919f6dd107450b31a (4.20) +CVE-2022-21384 + RESERVED +CVE-2022-21383 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + NOT-FOR-US: Oracle +CVE-2022-21382 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + NOT-FOR-US: Oracle +CVE-2022-21381 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + NOT-FOR-US: Oracle +CVE-2022-21380 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21379 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21378 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21377 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21376 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21375 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21374 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21373 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2022-21372 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21371 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21370 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21369 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21368 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21367 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21366 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1} + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21365 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21364 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21363 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) + - mysql-connector-java + [stretch] - mysql-connector-java (MySQL has been replaced with MariaDB) +CVE-2022-21362 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21361 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21360 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21359 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21358 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21357 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21356 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21355 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21354 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2022-21353 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21352 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21351 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21350 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21349 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DLA-2917-1} + - openjdk-8 8u322-ga-1 +CVE-2022-21348 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21347 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21346 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2022-21345 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21344 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21343 + RESERVED +CVE-2022-21342 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21341 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21340 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21339 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21338 (Vulnerability in the Oracle Communications Convergence product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21337 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21336 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21335 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21334 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21333 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21332 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21331 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21330 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21329 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21328 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21327 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21326 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21325 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21324 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21323 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21322 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21321 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21320 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21319 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21318 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21317 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21316 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21315 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21314 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21313 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21312 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21311 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21310 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21309 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21308 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21307 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21306 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21305 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21304 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21303 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21302 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21301 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21300 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) + NOT-FOR-US: Oracle +CVE-2022-21299 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21298 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21297 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21296 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21295 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox (Windows-specific) +CVE-2022-21294 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21293 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21292 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21291 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1} + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21290 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21289 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21288 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21287 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21286 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21285 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21284 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21283 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21282 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21281 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21280 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21279 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + NOT-FOR-US: MySQL Cluster +CVE-2022-21278 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21277 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1} + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21276 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21275 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21274 (Vulnerability in the Oracle Sourcing product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2022-21273 (Vulnerability in the Oracle Project Costing product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2022-21272 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2022-21271 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + - openjdk-8 (Seems specific to Oracle Java) + - openjdk-11 (Seems specific to Oracle Java) +CVE-2022-21270 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21269 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21268 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21267 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21266 (Vulnerability in the Oracle Communications Billing and Revenue Managem ...) + NOT-FOR-US: Oracle +CVE-2022-21265 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21264 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21263 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2022-21262 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21261 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21260 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21259 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21258 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21257 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21256 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21255 (Vulnerability in the Oracle Configurator product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2022-21254 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21253 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21252 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2022-21251 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2022-21250 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2022-21249 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.29-1 +CVE-2022-21248 (Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition ...) + {DSA-5058-1 DSA-5057-1 DLA-2917-1} + - openjdk-8 8u322-ga-1 + - openjdk-11 11.0.14+9-1 + - openjdk-17 17.0.2+8-1 +CVE-2022-21247 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2022-21246 (Vulnerability in the Oracle Communications Operations Monitor product ...) + NOT-FOR-US: Oracle +CVE-2022-21245 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 + - mysql-8.0 8.0.29-1 +CVE-2022-21244 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21243 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2022-21242 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-43770 + RESERVED +CVE-2021-43769 + RESERVED +CVE-2021-43768 + RESERVED +CVE-2021-43767 (Odyssey passes to client unencrypted bytes from man-in-the-middle When ...) + NOT-FOR-US: yandex/odyssey +CVE-2021-43766 (Odyssey passes to server unencrypted bytes from man-in-the-middle When ...) + NOT-FOR-US: yandex/odyssey +CVE-2021-43765 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43764 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43763 (Adobe Dimension versions 3.4.3 (and earlier) are affected by an out-of ...) + NOT-FOR-US: Adobe +CVE-2021-43762 (AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) ...) + NOT-FOR-US: Adobe +CVE-2021-43761 (AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), ...) + NOT-FOR-US: Adobe +CVE-2021-43760 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-43759 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-43758 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-43757 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-43756 (Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected b ...) + NOT-FOR-US: Adobe +CVE-2021-43755 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-43754 (Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bo ...) + NOT-FOR-US: Adobe +CVE-2021-43753 (Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after ...) + NOT-FOR-US: Adobe +CVE-2021-43752 (Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-43751 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-43750 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43749 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43748 (Adobe Premiere Rush versions 1.5.16 (and earlier) are affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-43747 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43746 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) + NOT-FOR-US: Adobe +CVE-2021-3961 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2022-21216 (Insufficient granularity of access control in out-of-band management i ...) + {DLA-3379-1} + - intel-microcode 3.20230214.1 (bug #1031334) + [bullseye] - intel-microcode 3.20230214.1~deb11u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20230214 +CVE-2022-21204 (Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before ...) + NOT-FOR-US: Intel +CVE-2022-21200 + RESERVED +CVE-2022-21174 (Improper access control in a third-party component of Intel(R) Quartus ...) + NOT-FOR-US: Intel +CVE-2022-21157 (Improper access control in the Intel(R) Smart Campus Android applicati ...) + NOT-FOR-US: Intel +CVE-2022-21153 (Improper access control in the Intel(R) Capital Global Summit Android ...) + NOT-FOR-US: Intel +CVE-2022-21151 (Processor optimization removal or modification of security-critical co ...) + {DSA-5178-1} + - intel-microcode 3.20220510.1 (bug #1010947) + [bullseye] - intel-microcode (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html + NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20220510 +CVE-2022-21138 + RESERVED +CVE-2022-21136 (Improper input validation for some Intel(R) Xeon(R) Processors may all ...) + NOT-FOR-US: Intel +CVE-2022-21131 (Improper access control for some Intel(R) Xeon(R) Processors may allow ...) + NOT-FOR-US: Intel +CVE-2021-3960 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Bitdefender +CVE-2021-3959 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-3958 (Improper Handling of Parameters vulnerability in Ipack Automation Syst ...) + NOT-FOR-US: iPack SCADA Automation +CVE-2021-43745 (A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the ...) + NOT-FOR-US: Trilium Notes +CVE-2021-43744 + RESERVED +CVE-2021-43743 + RESERVED +CVE-2021-43742 (CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file ...) + NOT-FOR-US: CMSimple +CVE-2021-43741 (CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability e ...) + NOT-FOR-US: CMSimple +CVE-2021-43740 + RESERVED +CVE-2021-43739 + RESERVED +CVE-2021-43738 (An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...) + NOT-FOR-US: xiaohuanxiong CMS +CVE-2021-43737 (An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF v ...) + NOT-FOR-US: xiaohuanxiong CMS +CVE-2021-43736 (CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnera ...) + NOT-FOR-US: CmsWing +CVE-2021-43735 (CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behav ...) + NOT-FOR-US: CmsWing +CVE-2021-43734 (kkFileview v4.0.0 has arbitrary file read through a directory traversa ...) + NOT-FOR-US: kkFileview +CVE-2021-43733 + RESERVED +CVE-2021-43732 + RESERVED +CVE-2021-43731 + RESERVED +CVE-2021-43730 + RESERVED +CVE-2021-43729 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...) + NOT-FOR-US: Pix-Link MiNi Router +CVE-2021-43728 (Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain ...) + NOT-FOR-US: Pix-Link MiNi Router +CVE-2021-43727 + RESERVED +CVE-2021-43726 + RESERVED +CVE-2021-43725 (There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login. ...) + - spotweb + [buster] - spotweb (Minor issue) + [stretch] - spotweb (Minor issue) + NOTE: https://github.com/spotweb/spotweb/commit/2bfa001689aae96009688a193c64478647ba45a1 + NOTE: https://github.com/spotweb/spotweb/issues/718 +CVE-2021-43724 (A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS throug ...) + NOT-FOR-US: Subrion CMS +CVE-2021-43723 + RESERVED +CVE-2021-43722 (D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main ...) + NOT-FOR-US: D-Link +CVE-2021-43721 (Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markd ...) + NOT-FOR-US: Leanote +CVE-2021-43720 + RESERVED +CVE-2021-43719 + RESERVED +CVE-2021-43718 + RESERVED +CVE-2021-43717 + RESERVED +CVE-2021-43716 + RESERVED +CVE-2021-43715 + RESERVED +CVE-2021-43714 + RESERVED +CVE-2021-43713 + RESERVED +CVE-2021-43712 (Stored XSS in Add New Employee Form in Sourcecodester Employee Daily T ...) + NOT-FOR-US: Sourcecodester Employee Daily Task Management System +CVE-2021-43711 (The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B2020 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-43710 + RESERVED +CVE-2021-43709 + RESERVED +CVE-2021-43708 (The Labeling tool in Titus Classification Suite 18.8.1910.140 allows u ...) + NOT-FOR-US: Titus Classification Suite +CVE-2021-43707 (Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link ...) + NOT-FOR-US: Maccms +CVE-2021-43706 + RESERVED +CVE-2021-43705 + RESERVED +CVE-2021-43704 + RESERVED +CVE-2021-43703 (An Incorrect Access Control vulnerability exists in zzcms less than or ...) + NOT-FOR-US: zzcms +CVE-2021-43702 (ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting ( ...) + NOT-FOR-US: ASUS +CVE-2021-43701 (CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnera ...) + NOT-FOR-US: CSZ CMS +CVE-2021-43700 (An issue was discovered in ApiManager 1.1. there is sql injection vuln ...) + NOT-FOR-US: ApiManager +CVE-2021-43699 + RESERVED +CVE-2021-43698 (phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripti ...) + NOT-FOR-US: phpWhois +CVE-2021-43697 (Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a C ...) + NOT-FOR-US: Workerman-ThinkPHP-Redis +CVE-2021-43696 (twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerab ...) + NOT-FOR-US: twmap +CVE-2021-43695 (issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vu ...) + NOT-FOR-US: issabelPBX +CVE-2021-43694 + RESERVED +CVE-2021-43693 (vesta 0.9.8-24 is affected by a file inclusion vulnerability in file w ...) + NOT-FOR-US: Vesta Control Panel +CVE-2021-43692 (youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross ...) + NOT-FOR-US: youtube-php-mirroring +CVE-2021-43691 (tripexpress v1.1 is affected by a path manipulation vulnerability in f ...) + NOT-FOR-US: tripexpress +CVE-2021-43690 (YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: YurunProxy +CVE-2021-43689 (manage (last update Oct 24, 2017) is affected by a Cross Site Scriptin ...) + NOT-FOR-US: thinkphp manage +CVE-2021-43688 + RESERVED +CVE-2021-43687 (chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulne ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-43686 (nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: nZEDb +CVE-2021-43685 (libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerab ...) + - libretime (bug #888687) +CVE-2021-43684 + RESERVED +CVE-2021-43683 (pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: pictshare +CVE-2021-43682 (thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site ...) + NOT-FOR-US: ThinkPHP BJY Blog +CVE-2021-43681 (SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulne ...) + NOT-FOR-US: SakuraPanel +CVE-2021-43680 + RESERVED +CVE-2021-43679 (ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\e ...) + NOT-FOR-US: ecshop +CVE-2021-43678 (Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vul ...) + NOT-FOR-US: Wechat-php-sdk +CVE-2021-43677 (Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerabili ...) + NOT-FOR-US: Fluxbb +CVE-2021-43676 (matyhtf framework v3.0.5 is affected by a path manipulation vulnerabil ...) + NOT-FOR-US: matyhtf framework +CVE-2021-43675 (Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: Lychee-v3 +CVE-2021-43674 (ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability i ...) + NOT-FOR-US: ThinkUp +CVE-2021-43673 (dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) v ...) + NOT-FOR-US: dzzoffice +CVE-2021-43672 + RESERVED +CVE-2021-43671 + RESERVED +CVE-2021-43670 + RESERVED +CVE-2021-43669 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + NOT-FOR-US: HyperLedger +CVE-2021-43668 (Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a s ...) + - golang-github-go-ethereum (bug #890541) + NOTE: https://github.com/ethereum/go-ethereum/issues/23866 +CVE-2021-43667 (A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0 ...) + NOT-FOR-US: HyperLedger +CVE-2021-43666 (A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier ...) + {DLA-3249-1} + - mbedtls 2.28.0-1 + [bullseye] - mbedtls (Minor issue) + NOTE: https://github.com/ARMmbed/mbedtls/issues/5136 + NOTE: Backport 2.16: https://github.com/ARMmbed/mbedtls/pull/5311 +CVE-2021-43665 + RESERVED +CVE-2021-43664 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...) + NOT-FOR-US: totolink EX300_v2 +CVE-2021-43663 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a co ...) + NOT-FOR-US: totolink EX300_v2 +CVE-2021-43662 (totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.4 ...) + NOT-FOR-US: totolink EX300_v2 +CVE-2021-43661 (totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a re ...) + NOT-FOR-US: totolink EX300_v2 +CVE-2021-43660 + RESERVED +CVE-2021-43659 (In halo 1.4.14, the function point of uploading the avatar, any file c ...) + NOT-FOR-US: Halo +CVE-2021-43658 + RESERVED +CVE-2021-43657 (A Stored Cross-site scripting (XSS) vulnerability via MAster.php in So ...) + NOT-FOR-US: Sourcecodetester Simple Client Management System +CVE-2021-43656 + RESERVED +CVE-2021-43655 + RESERVED +CVE-2021-43654 + RESERVED +CVE-2021-43653 + RESERVED +CVE-2021-43652 + RESERVED +CVE-2021-43651 + RESERVED +CVE-2021-43650 (WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter u ...) + NOT-FOR-US: WebRun - Windows only +CVE-2021-43649 + RESERVED +CVE-2021-43648 + RESERVED +CVE-2021-43647 + RESERVED +CVE-2021-43646 + RESERVED +CVE-2021-43645 + RESERVED +CVE-2021-43644 + RESERVED +CVE-2021-43643 + RESERVED +CVE-2021-43642 + RESERVED +CVE-2021-43641 + RESERVED +CVE-2021-43640 + RESERVED +CVE-2021-43639 + RESERVED +CVE-2021-43638 (Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL ...) + NOT-FOR-US: Amazon +CVE-2021-43637 (Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler ...) + NOT-FOR-US: Amazon +CVE-2021-43636 (Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu ...) + NOT-FOR-US: T10 V2_Firmware +CVE-2021-43635 (A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4. ...) + NOT-FOR-US: Codex +CVE-2021-43634 + RESERVED +CVE-2021-43633 (Sourcecodester Messaging Web Application 1.0 is vulnerable to stored X ...) + NOT-FOR-US: Sourcecodester Messaging Web +CVE-2021-43632 + RESERVED +CVE-2021-43631 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43630 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43629 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43628 (Projectworlds Hospital Management System v1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: Projectworlds Hospital Management System +CVE-2021-43627 + RESERVED +CVE-2021-43626 + RESERVED +CVE-2021-43625 + RESERVED +CVE-2021-43624 + RESERVED +CVE-2021-43623 + RESERVED +CVE-2021-43622 + RESERVED +CVE-2021-43621 + RESERVED +CVE-2021-43620 (An issue was discovered in the fruity crate through 0.2.0 for Rust. Se ...) + NOT-FOR-US: Rust crate fruity +CVE-2021-43619 (Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in ...) + NOT-FOR-US: Trusted Firmware M +CVE-2021-43618 (GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an m ...) + {DLA-2837-1} + - gmp 2:6.2.1+dfsg-3 (bug #994405) + [bullseye] - gmp 2:6.2.1+dfsg-1+deb11u1 + [buster] - gmp 2:6.1.2+dfsg-4+deb10u1 + NOTE: https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html + NOTE: https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e +CVE-2021-43617 (Laravel Framework through 8.70.2 does not sufficiently block the uploa ...) + - php-laravel-framework 6.20.14+dfsg-3 (bug #1002728) + [bullseye] - php-laravel-framework 6.20.14+dfsg-2+deb11u1 + NOTE: https://hosein-vita.medium.com/laravel-8-x-image-upload-bypass-zero-day-852bd806019b +CVE-2021-3957 (kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: kimai2 +CVE-2021-43616 (The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an i ...) + - npm 8.4.1~ds-1 + [bullseye] - npm (Minor issue) + [buster] - npm (Minor issue) + NOTE: https://github.com/npm/cli/issues/2701 + NOTE: https://github.com/npm/cli/commit/457e0ae61bbc55846f5af44afa4066921923490f (v8.4.1) +CVE-2021-43615 (An issue was discovered in HddPassword in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-43614 + RESERVED +CVE-2021-43613 + RESERVED +CVE-2021-43612 (In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decod ...) + {DLA-3389-1} + - lldpd 1.0.13-1 + [bullseye] - lldpd 1.0.11-1+deb11u1 + [stretch] - lldpd (Minor issue) + NOTE: https://github.com/lldpd/lldpd/commit/73d42680fce8598324364dbb31b9bc3b8320adf7 (1.0.13) +CVE-2021-43611 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-43610 (Belledonne Belle-sip before 5.0.20 can crash applications such as Linp ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-43609 (An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A ...) + NOT-FOR-US: Spiceworks +CVE-2021-43608 (Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping of o ...) + - php-doctrine-dbal (Vulnerable code introduced in 3.0.0) + NOTE: Bug was introduced in 3.0.0, and fixed in experimental in 3.1.4+dfsg-1 and + NOTE: only present in experimental suite. + NOTE: https://github.com/doctrine/dbal/security/advisories/GHSA-r7cj-8hjg-x622 +CVE-2021-43607 + RESERVED +CVE-2021-43606 + RESERVED +CVE-2021-43605 + RESERVED +CVE-2021-43604 + RESERVED +CVE-2021-43603 + RESERVED +CVE-2021-43602 + RESERVED +CVE-2021-43601 + RESERVED +CVE-2021-43600 + RESERVED +CVE-2021-43599 + RESERVED +CVE-2021-43598 + RESERVED +CVE-2021-43597 + RESERVED +CVE-2021-43596 + RESERVED +CVE-2021-43595 + RESERVED +CVE-2021-43594 + RESERVED +CVE-2021-43593 + RESERVED +CVE-2021-43592 + RESERVED +CVE-2021-43591 + RESERVED +CVE-2021-43590 (Dell EMC Enterprise Storage Analytics for vRealize Operations, version ...) + NOT-FOR-US: EMC +CVE-2021-43589 (Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior ...) + NOT-FOR-US: EMC +CVE-2021-43588 (Dell EMC Data Protection Central version 19.5 contains an Improper Inp ...) + NOT-FOR-US: EMC +CVE-2021-43587 (Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, ...) + NOT-FOR-US: Dell +CVE-2021-43586 + RESERVED +CVE-2021-43585 + RESERVED +CVE-2021-43584 + RESERVED +CVE-2021-43583 + RESERVED +CVE-2021-3956 (A read-only authentication bypass vulnerability was reported in the Th ...) + NOT-FOR-US: Lenovo +CVE-2021-3955 + RESERVED +CVE-2021-3954 + RESERVED +CVE-2021-3953 + RESERVED +CVE-2021-3952 + RESERVED +CVE-2021-3951 + RESERVED +CVE-2021-43582 (A Use-After-Free Remote Vulnerability exists when reading a DWG file u ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43581 (An Out-of-Bounds Read vulnerability exists when reading a U3D file usi ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43580 + RESERVED +CVE-2021-43579 (A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 ...) + {DLA-2928-1} + - htmldoc 1.9.13-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u1 + [buster] - htmldoc 1.9.3-1+deb10u3 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/27d08989a5a567155d506ac870ae7d8cc88fa58b (v1.9.13) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/453 + NOTE: Crash in CLI tool, no security impact +CVE-2021-3950 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2022-21220 (Improper restriction of XML external entity for Intel(R) Quartus(R) Pr ...) + NOT-FOR-US: Intel +CVE-2022-21207 + RESERVED +CVE-2022-21205 (Improper restriction of XML external entity reference in DSP Builder P ...) + NOT-FOR-US: Intel +CVE-2022-21203 (Improper permissions in the SafeNet Sentinel driver for Intel(R) Quart ...) + NOT-FOR-US: Intel +CVE-2022-21181 (Improper input validation for some Intel(R) PROSet/Wireless WiFi and K ...) + {DLA-3380-1} + - firmware-nonfree 20220913-1 + [bullseye] - firmware-nonfree (Non-free not supported) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html + NOTE: Fixed upstream in 20220815 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=63a87d2f1f7ea029e8d32ed03d972947a7bb60fd + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=87d07fd3d3156b7bb1ff9a8000c316c2f68ffd7c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=447ca4a62cca38d656922ce6ba97610db11cf341 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=31d24ca113ed93d0564c78d6c47d362b9f274a7b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b93bf2c9ce1d4648a8488aa29f2c7e840e6e449b + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=1068c45f16de69c769c500175a91ce1296bb1e27 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=45c5e53ea4964393a12f436bc5c9e2cb1ba6e0a6 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=f7f3d1f40c26fcf1414b9adddb832c4a3afb912c + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=045847edb1ed649d00b5c897615d013833287a04 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=140beaf7d770ea8320c12b6e31a067f9e9d6d441 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=e6185d5197fd1d8015f1c7663582158b9945c075 +CVE-2022-21180 (Improper input validation for some Intel(R) Processors may allow an au ...) + NOT-FOR-US: Intel + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html +CVE-2022-21166 (Incomplete cleanup in specific special register write operations for s ...) + {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} + - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode (Minor issue) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + - xen 4.16.2-1 + [buster] - xen (DSA 4677-1) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#DRPW + NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 + NOTE: https://xenbits.xen.org/xsa/advisory-404.html +CVE-2022-21127 (Incomplete cleanup in specific special register read operations for so ...) + {DSA-5178-1} + - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SRBDS-Update + NOTE: https://xenbits.xen.org/xsa/advisory-404.html +CVE-2022-21125 (Incomplete cleanup of microarchitectural fill buffers on some Intel(R) ...) + {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} + - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode (Minor issue) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + - xen 4.16.2-1 + [buster] - xen (DSA 4677-1) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDS + NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 + NOTE: NOTE: https://xenbits.xen.org/xsa/advisory-404.html +CVE-2022-21123 (Incomplete cleanup of multi-core shared buffers for some Intel(R) Proc ...) + {DSA-5184-1 DSA-5178-1 DSA-5173-1 DLA-3065-1} + - intel-microcode 3.20220510.1 + [bullseye] - intel-microcode (Minor issue) + - linux 5.18.5-1 + [bullseye] - linux 5.10.127-1 + - xen 4.16.2-1 + [buster] - xen (DSA 4677-1) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html + NOTE: https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/processor-mmio-stale-data-vulnerabilities.html#SBDR + NOTE: Linux kernel documentation patch: https://git.kernel.org/linus/4419470191386456e0b8ed4eb06a70b0021798a6 + NOTE: https://xenbits.xen.org/xsa/advisory-404.html +CVE-2021-43578 (Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43577 (Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not confi ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-43576 (Jenkins pom2config Plugin 1.2 and earlier does not configure its XML p ...) + NOT-FOR-US: Jenkins plugin +CVE-2021-42744 (Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive informatio ...) + NOT-FOR-US: Philips +CVE-2021-26262 (Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorre ...) + NOT-FOR-US: Philips +CVE-2021-26248 (Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outs ...) + NOT-FOR-US: Philips +CVE-2021-3949 + RESERVED +CVE-2021-3948 (An incorrect default permissions vulnerability was found in the mig-co ...) + NOT-FOR-US: Migration Toolkit for Containers +CVE-2021-3947 (A stack-buffer-overflow was found in QEMU in the NVME component. The f ...) + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu (Vulnerable code introduced later) + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2021869 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/f432fdfa1215bc3a00468b2e711176be279b0fd2 (v6.0.0-rc0) + NOTE: https://lore.kernel.org/qemu-devel/20211111153125.2258176-1-philmd@redhat.com/ + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/e2c57529c9306e4c9aac75d9879f6e7699584a22 (v6.2.0-rc3) +CVE-2021-3946 + RESERVED +CVE-2021-3945 (django-helpdesk is vulnerable to Improper Neutralization of Input Duri ...) + NOT-FOR-US: django-helpdesk +CVE-2002-20001 (The Diffie-Hellman Key Agreement Protocol allows remote attackers (fro ...) + NOT-FOR-US: Diffie Hellmann kex protocol issue +CVE-2021-3944 (bookstack is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: bookstack +CVE-2021-3943 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle +CVE-2021-43575 (KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with ...) + NOT-FOR-US: KNX ETS6 +CVE-2021-43574 (WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) al ...) + - atmailopen +CVE-2021-43573 (A buffer overflow was discovered on Realtek RTL8195AM devices before 2 ...) + NOT-FOR-US: Realtek +CVE-2021-43572 (The verify function in the Stark Bank Python ECDSA library (aka starkb ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43571 (The verify function in the Stark Bank Node.js ECDSA library (ecdsa-nod ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43570 (The verify function in the Stark Bank Java ECDSA library (ecdsa-java) ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43569 (The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43568 (The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elix ...) + NOT-FOR-US: Stark bank libraries +CVE-2021-43567 + RESERVED +CVE-2021-43566 (All versions of Samba prior to 4.13.16 are vulnerable to a malicious c ...) + [experimental] - samba 2:4.16.0+dfsg-1 + - samba 2:4.16.0+dfsg-2 (bug #1004691) + [bullseye] - samba 2:4.13.13+dfsg-1~deb11u4 + [buster] - samba (Minor issue; no backport to older versions, mitigations exists) + NOTE: https://www.samba.org/samba/security/CVE-2021-43566.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13979 +CVE-2021-43565 (The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of g ...) + - golang-go.crypto 1:0.0~git20211202.5770296-1 + [bullseye] - golang-go.crypto (Minor issue) + [buster] - golang-go.crypto (Limited support, minor issue, follow bullseye DSAs/point-releases) + [stretch] - golang-go.crypto (Limited support in stretch) + NOTE: https://github.com/golang/crypto/commit/5770296d904e90f15f38f77dfc2e43fdf5efc083 + NOTE: https://github.com/golang/go/issues/49932 +CVE-2021-43564 (An issue was discovered in the jobfair (aka Job Fair) extension before ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43563 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43562 (An issue was discovered in the pixxio (aka pixx.io integration or DAM) ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43561 (An XSS issue was discovered in the google_for_jobs (aka Google for Job ...) + NOT-FOR-US: TYPO3 extension +CVE-2021-43560 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle +CVE-2021-43559 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle +CVE-2021-43558 (A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, ...) + - moodle +CVE-2021-3942 (Certain HP Print products and Digital Sending products may be vulnerab ...) + NOT-FOR-US: HP +CVE-2021-43557 (The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri ...) + NOT-FOR-US: Apache Apisix +CVE-2021-3941 (In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division o ...) + {DSA-5299-1 DLA-3236-1} + [experimental] - openexr 3.1.3-1 + - openexr 3.1.5-2 (bug #1014828) + [stretch] - openexr (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019789 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39084 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1153 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/a0cfa81153b2464b864c5fe39a53cb03339092ed +CVE-2021-3940 + REJECTED +CVE-2021-43556 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to a s ...) + NOT-FOR-US: FATEK WinProladder +CVE-2021-43555 (mySCADA myDESIGNER Versions 8.20.0 and prior fails to properly validat ...) + NOT-FOR-US: mySCADA myDESIGNER +CVE-2021-43554 (FATEK WinProladder Versions 3.30_24518 and prior are vulnerable to an ...) + NOT-FOR-US: FATEK WinProladder +CVE-2021-43553 (PI Vision could disclose information to a user with insufficient privi ...) + NOT-FOR-US: OSIsoft +CVE-2021-43552 (The use of a hard-coded cryptographic key significantly increases the ...) + NOT-FOR-US: Philips +CVE-2021-43551 (A remote attacker with write access to PI Vision could inject code int ...) + NOT-FOR-US: OSIsoft +CVE-2021-43550 (The use of a broken or risky cryptographic algorithm is an unnecessary ...) + NOT-FOR-US: Philips +CVE-2021-43549 (A remote authenticated attacker with write access to a PI Server could ...) + NOT-FOR-US: OSIsoft +CVE-2021-43548 (Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives ...) + NOT-FOR-US: Philips +CVE-2021-43547 (TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible ...) + NOT-FOR-US: TwinOaks Computing CoreDX DDS +CVE-2021-43546 (It was possible to recreate previous cursor spoofing attacks against u ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43546 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43546 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43546 +CVE-2021-43545 (Using the Location API in a loop could have caused severe application ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43545 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43545 +CVE-2021-43544 (When receiving a URL through a SEND intent, Firefox would have searche ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43544 +CVE-2021-43543 (Documents loaded with the CSP sandbox directive could have escaped the ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43543 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43543 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43543 +CVE-2021-43542 (Using XMLHttpRequest, an attacker could have identified installed appl ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43542 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43542 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43542 +CVE-2021-43541 (When invoking protocol handlers for external protocols, a supplied par ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43541 +CVE-2021-43540 (WebExtensions with the correct permissions were able to create and ins ...) + - firefox 95.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43540 +CVE-2021-43539 (Failure to correctly record the location of live pointers across wasm ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43539 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43539 +CVE-2021-43538 (By misusing a race in our notification code, an attacker could have fo ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43538 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43538 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43538 +CVE-2021-43537 (An incorrect type conversion of sizes from 64bit to 32bit integers all ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43537 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43537 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43537 +CVE-2021-43536 (Under certain circumstances, asynchronous functions could have caused ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 95.0-1 + - firefox-esr 91.4.0esr-1 + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-52/#CVE-2021-43536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-53/#CVE-2021-43536 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43536 +CVE-2021-43535 (A use-after-free could have occured when an HTTP2 session object was r ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 93.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-43535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43535 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43535 +CVE-2021-43534 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43534 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-43534 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-43534 +CVE-2021-43533 (When parsing internationalized domain names, high bits of the characte ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43533 +CVE-2021-43532 (The 'Copy Image Link' context menu action would copy the final image U ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43532 +CVE-2021-43531 (When a user loaded a Web Extensions context menu, the Web Extension co ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43531 +CVE-2021-43530 (A Universal XSS vulnerability was present in Firefox for Android resul ...) + - firefox 94.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-43530 +CVE-2021-43529 (Thunderbird versions prior to 91.3.0 are vulnerable to the heap overfl ...) + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.3.0-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/6 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1738501 +CVE-2021-43528 (Thunderbird unexpectedly enabled JavaScript in the composition area. T ...) + {DSA-5034-1 DLA-2874-1} + - thunderbird 1:91.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-54/#CVE-2021-43528 +CVE-2021-43527 (NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR a ...) + {DSA-5016-1 DLA-2836-1} + - nss 2:3.73-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/01/4 + NOTE: https://hg.mozilla.org/projects/nss/rev/6b3dc97a8767d9dc5c4c181597d1341d0899aa58 (NSS_3_73_BRANCH) + NOTE: https://hg.mozilla.org/projects/nss/rev/dea71cbef9e03636f37c6cb120f8deccce6e17dd (NSS_3_68_1_BRANCH) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/#CVE-2021-43527 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1737470 (not yet public) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 + NOTE: https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html +CVE-2021-43526 + RESERVED +CVE-2021-43525 + RESERVED +CVE-2021-43524 + RESERVED +CVE-2021-43523 (In uClibc and uClibc-ng before 1.0.39, incorrect handling of special c ...) + - uclibc (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/09/1 + NOTE: https://github.com/wbx-github/uclibc-ng/commit/0f822af0445e5348ce7b7bd8ce1204244f31d174 (v1.0.39) +CVE-2021-43522 (An issue was discovered in Insyde InsydeH2O with kernel 5.1 through 20 ...) + NOT-FOR-US: Insyde +CVE-2021-3939 (Ubuntu-specific modifications to accountsservice (in patch file debian ...) + - accountsservice (Ubuntu specific patch) + NOTE: https://ubuntu.com/security/CVE-2021-3939 +CVE-2021-3938 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2021-3937 + REJECTED +CVE-2021-3936 + RESERVED +CVE-2021-3935 (When PgBouncer is configured to use "cert" authentication, a man-in-th ...) + {DLA-2922-1} + - pgbouncer 1.16.1-1 + [bullseye] - pgbouncer (Minor issue; can be fixed via point release) + [buster] - pgbouncer (Minor issue; can be fixed via point release) + NOTE: https://www.pgbouncer.org/2021/11/pgbouncer-1-16-1 + NOTE: https://github.com/pgbouncer/pgbouncer/releases/tag/pgbouncer_1_16_1 + NOTE: https://github.com/pgbouncer/pgbouncer/commit/e4453c9151a2f5af0a9cb049b302a3f9f9654453 (v1.16.1) +CVE-2021-3934 (ohmyzsh is vulnerable to Improper Neutralization of Special Elements u ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3933 (An integer overflow could occur when OpenEXR processes a crafted file ...) + {DSA-5299-1 DLA-3236-1} + [experimental] - openexr 3.1.3-1 + - openexr 3.1.5-2 (bug #1014828) + [stretch] - openexr (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2019783 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38912 + NOTE: Fixed by: https://github.com/AcademySoftwareFoundation/openexr/commit/5a0adf1aba7d41c6b94ba167c0c4308d2eecfd17 +CVE-2021-43521 (A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_bu ...) + NOT-FOR-US: zlog +CVE-2021-43520 + RESERVED +CVE-2021-43519 (Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 a ...) + - lua5.4 5.4.4-1 (bug #1000228) + [bullseye] - lua5.4 (Minor issue) + - lua5.3 (Vulnerable code not present) + - lua5.2 (Vulnerable code not present) + - lua5.1 (Vulnerable code not present) + - lua50 (Vulnerable code not present) + NOTE: http://lua-users.org/lists/lua-l/2021-10/msg00123.html + NOTE: http://lua-users.org/lists/lua-l/2021-11/msg00015.html + NOTE: Introduced by: https://github.com/lua/lua/commit/287b302acb8d925178e9edb800f0a8d18c7d35f6 (v5.4.2) + NOTE: Fixed by: https://github.com/lua/lua/commit/74d99057a5146755e737c479850f87fd0e3b6868 (v5.4.4) + NOTE: Cf. http://lua-users.org/lists/lua-l/2023-06/msg00059.html + NOTE: Cf. http://lua-users.org/lists/lua-l/2023-06/msg00063.html +CVE-2021-43518 (Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. ...) + - teeworlds 0.7.5-2 (bug #1009070) + [bullseye] - teeworlds (Minor issue) + [buster] - teeworlds (Minor issue) + NOTE: https://github.com/teeworlds/teeworlds/issues/2981 + NOTE: https://github.com/teeworlds/teeworlds/pull/3018 + NOTE: https://github.com/teeworlds/teeworlds/commit/91e5492d4c210f82f1ca6b43a73417fef5463368 + NOTE: https://mmmds.pl/fuzzing-map-parser-part-1-teeworlds/ +CVE-2021-43517 (FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00 ...) + NOT-FOR-US: Xiaongmai +CVE-2021-43516 + RESERVED +CVE-2021-43515 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) + NOT-FOR-US: kimai2 +CVE-2021-43514 + RESERVED +CVE-2021-43513 + RESERVED +CVE-2021-43512 (An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8. ...) + NOT-FOR-US: FlightRadar24 for Android +CVE-2021-43511 + RESERVED +CVE-2021-43510 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43509 (SQL Injection vulnerability exists in Sourcecodester Simple Client Man ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43508 + RESERVED +CVE-2021-43507 + RESERVED +CVE-2021-43506 (An SQL Injection vulnerability exists in Sourcecodester Simple Client ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2021-43505 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourceco ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2021-43504 + RESERVED +CVE-2021-43503 + REJECTED +CVE-2021-43502 + RESERVED +CVE-2021-43501 + RESERVED +CVE-2021-43500 + RESERVED +CVE-2021-43499 + RESERVED +CVE-2021-43498 (An Access Control vulnerability exists in ATutor 2.2.4 in password_rem ...) + NOT-FOR-US: ATutor +CVE-2021-43497 + RESERVED +CVE-2021-43496 (Clustering master branch as of commit 53e663e259bcfc8cdecb56c0bb255bd7 ...) + NOT-FOR-US: Clustering +CVE-2021-43495 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + NOT-FOR-US: AlquistManager +CVE-2021-43494 (OpenCV-REST-API master branch as of commit 69be158c05d4dd5a4aff38fdc68 ...) + NOT-FOR-US: OpenCV-REST-API +CVE-2021-43493 (ServerManagement master branch as of commit 49491cc6f94980e6be7791d17b ...) + NOT-FOR-US: ServerManagement +CVE-2021-43492 (AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9 ...) + NOT-FOR-US: AlquistManager +CVE-2021-43491 + RESERVED +CVE-2021-43490 + RESERVED +CVE-2021-43489 + RESERVED +CVE-2021-43488 + RESERVED +CVE-2021-43487 + RESERVED +CVE-2021-43486 + RESERVED +CVE-2021-43485 + RESERVED +CVE-2021-43484 (A Remote Code Execution (RCE) vulnerability exists in Simple Client Ma ...) + NOT-FOR-US: Sourcecodester Simple Client Management System +CVE-2021-43483 (An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in ...) + NOT-FOR-US: CLARO KAON +CVE-2021-43482 + RESERVED +CVE-2021-43481 (An SQL Injection vulnerability exists in Webtareas 2.4p3 and earlier v ...) + NOT-FOR-US: webTareas +CVE-2021-43480 + RESERVED +CVE-2021-43479 (A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2. ...) + NOT-FOR-US: The-Secretary +CVE-2021-43478 (A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a ...) + NOT-FOR-US: Hoosk +CVE-2021-43477 + RESERVED +CVE-2021-43476 + RESERVED +CVE-2021-43475 + RESERVED +CVE-2021-43474 (An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B0 ...) + NOT-FOR-US: D-Link DIR-823G +CVE-2021-43473 + RESERVED +CVE-2021-43472 + RESERVED +CVE-2021-43471 (In Canon LBP223 printers, the System Manager Mode login does not requi ...) + NOT-FOR-US: Canon +CVE-2021-43470 + RESERVED +CVE-2021-43469 (VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulner ...) + NOT-FOR-US: VINGA +CVE-2021-43468 + RESERVED +CVE-2021-43467 + RESERVED +CVE-2021-43466 (In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with spe ...) + NOT-FOR-US: thymeleaf-spring5 +CVE-2021-43465 + RESERVED +CVE-2021-43464 (A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2. ...) + NOT-FOR-US: Subrion CMS +CVE-2021-43463 (An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a s ...) + NOT-FOR-US: Ext2 File System Driver for Windows +CVE-2021-43462 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...) + NOT-FOR-US: Rumble Mail Server +CVE-2021-43461 (Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server ...) + NOT-FOR-US: Rumble Mail Server +CVE-2021-43460 (An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 ...) + NOT-FOR-US: System Explorer +CVE-2021-43459 (A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Serve ...) + NOT-FOR-US: Rumble Mail Server +CVE-2021-43458 (An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via ...) + NOT-FOR-US: Vembu BDR Suite +CVE-2021-43457 (An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a spec ...) + NOT-FOR-US: no-free_vpn +CVE-2021-43456 (An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0 ...) + NOT-FOR-US: Rumble Mail Server +CVE-2021-43455 (An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a spe ...) + - freelan (Windows only) + NOTE: https://github.com/freelan-developers/freelan/issues/234 + NOTE: https://www.exploit-db.com/exploits/49630 +CVE-2021-43454 (An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.3 ...) + NOT-FOR-US: AnyTXT Searcher for Windows +CVE-2021-43453 (A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4808 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4754 + NOTE: Fixed by; https://github.com/jerryscript-project/jerryscript/commit/efe63a5bbc5106164a08ee2eb415a7a701f5311f +CVE-2021-43452 + RESERVED +CVE-2021-43451 (SQL Injection vulnerability exists in PHPGURUKUL Employee Record Manag ...) + NOT-FOR-US: PHPGURUKUL +CVE-2021-43450 + RESERVED +CVE-2021-43449 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43448 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Inp ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43447 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43446 (ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site S ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43445 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43444 (ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Acce ...) + NOT-FOR-US: ONLYOFFICE +CVE-2021-43443 + RESERVED +CVE-2021-43442 (A Logic Flaw vulnerability exists in i3 International Inc Annexxus Cam ...) + NOT-FOR-US: Annexxus Camera +CVE-2021-43441 (An HTML Injection Vulnerability in iOrder 1.0 allows the remote attack ...) + NOT-FOR-US: iOrder +CVE-2021-43440 (Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 a ...) + NOT-FOR-US: iOrder +CVE-2021-43439 (RCE in Add Review Function in iResturant 1.0 Allows remote attacker to ...) + NOT-FOR-US: iResturant +CVE-2021-43438 (Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to ...) + NOT-FOR-US: iResturant +CVE-2021-43437 (In sourcecodetester Engineers Online Portal as of 10-21-21, an attacke ...) + NOT-FOR-US: sourcecodetester Engineers Online Portal +CVE-2021-43436 (MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payl ...) + NOT-FOR-US: MartDevelopers Inc iResturant +CVE-2021-43435 + RESERVED +CVE-2021-43434 + RESERVED +CVE-2021-43433 + RESERVED +CVE-2021-43432 (A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admi ...) + NOT-FOR-US: Exrick xmall +CVE-2021-43431 + RESERVED +CVE-2021-43430 (An Access Control vulnerability exists in BigAntSoft BigAnt office mes ...) + NOT-FOR-US: BigAnt Server +CVE-2021-43429 (A Denial of Service vulnerability exists in CORTX-S3 Server as of 11/7 ...) + NOT-FOR-US: CORTX-S3 Server +CVE-2021-43428 + RESERVED +CVE-2021-43427 + RESERVED +CVE-2021-43426 + RESERVED +CVE-2021-43425 + RESERVED +CVE-2021-43424 + RESERVED +CVE-2021-43423 + RESERVED +CVE-2021-43422 + RESERVED +CVE-2021-43421 (A File Upload vulnerability exists in Studio-42 elFinder 2.0.4 to 2.1. ...) + NOT-FOR-US: Studio 42 elFinder +CVE-2021-43420 (SQL injection vulnerability in Login.php in Sourcecodester Online Paym ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43419 (An Information Disclosure vulnerability exists in Opay Mobile applicat ...) + NOT-FOR-US: Opay Mobile application +CVE-2021-43418 + RESERVED +CVE-2021-43417 + RESERVED +CVE-2021-43416 + RESERVED +CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 + NOTE: https://github.com/hashicorp/nomad/issues/11542 + NOTE: https://github.com/hashicorp/nomad/pull/11554 + NOTE: https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285 (v1.2.1) +CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43412 (An issue was discovered in GNU Hurd before 0.9 20210404-9. libports ac ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43411 (An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying ...) + - hurd 1:0.9.git20210404-9 +CVE-2021-43410 (Apache Airavata Django Portal allows CRLF log injection because of lac ...) + NOT-FOR-US: Apache Airavata +CVE-2021-3932 (twill is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: twill +CVE-2021-43409 (The \u201cWPO365 | LOGIN\u201d WordPress plugin (up to and including v ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43408 (The "Duplicate Post" WordPress plugin up to and including version 1.1. ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43407 + RESERVED +CVE-2021-43406 (An issue was discovered in FusionPBX before 4.5.30. The fax_post_size ...) + NOT-FOR-US: FusionPBX +CVE-2021-43405 (An issue was discovered in FusionPBX before 4.5.30. The fax_extension ...) + NOT-FOR-US: FusionPBX +CVE-2021-43404 (An issue was discovered in FusionPBX before 4.5.30. The FAX file name ...) + NOT-FOR-US: FusionPBX +CVE-2021-43403 (An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php ...) + NOT-FOR-US: FusionPBX +CVE-2021-43402 + RESERVED +CVE-2021-43401 + RESERVED +CVE-2021-3931 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) + - snipe-it (bug #1005172) +CVE-2021-3930 (An off-by-one error was found in the SCSI device emulation in QEMU. It ...) + {DLA-3099-1 DLA-2970-1} + - qemu 1:6.2+dfsg-1 + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020588 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/546 + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 (v6.2.0-rc0) +CVE-2021-3929 (A DMA reentrancy issue was found in the NVM Express Controller (NVME) ...) + - qemu 1:7.0+dfsg-1 + [bullseye] - qemu (Minor issue; nvme support preliminary supported) + [buster] - qemu (nvme support preliminary supported; PoC doesn't trigger) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2020298 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/556 (generic) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/782 (specific) + NOTE: Proposed patchset (generic): https://lists.nongnu.org/archive/html/qemu-devel/2021-08/msg03692.html + NOTE: Proposed patchset (specific): https://lists.nongnu.org/archive/html/qemu-devel/2022-01/msg04577.html + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/736b01642d85be832385063f278fe7cd4ffb5221 (v7.0.0-rc0) +CVE-2021-43400 (An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after- ...) + {DLA-3157-1} + - bluez 5.62-1 (bug #998626) + [bullseye] - bluez (Minor issue; can be fixed in point release) + [stretch] - bluez (invasive patch, requires post-stretch revamps) + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=93b64d9ca8a2bb663e37904d4b2c702c58a36e4f (5.40) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=838c0dc7641e1c991c0f3027bf94bee4606012f8 (5.62) +CVE-2021-43399 (The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-s ...) + NOT-FOR-US: yubihsm-shell +CVE-2021-43398 (Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in ...) + NOTE: Disputed Crypto++ issue, also see #1000227 + NOTE: https://github.com/weidai11/cryptopp/issues/1080 + NOTE: As per upstream believed to be the expected behaviour: + NOTE: https://github.com/weidai11/cryptopp/issues/1080#issuecomment-996492222 +CVE-2021-43397 (LiquidFiles before 3.6.3 allows remote attackers to elevate their priv ...) + NOT-FOR-US: LiquidFiles +CVE-2021-43395 (An issue was discovered in illumos before f859e7171bb5db34321e45585839 ...) + NOT-FOR-US: Illumos +CVE-2021-43394 (Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, ...) + NOT-FOR-US: Unisys +CVE-2021-43393 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-43392 (STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-43396 (In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, re ...) + - glibc 2.32-5 (unimportant; bug #998622) + [bullseye] - glibc 2.31-13+deb11u3 + [buster] - glibc (Vulnerable code not present) + [stretch] - glibc (Vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28524 + NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=ff012870b2c02a62598c04daa1e54632e020fd7d + NOTE: Introduced by the fix for CVE-2021-3326 / BZ#27256: https://sourceware.org/git/?p=glibc.git;a=commit;h=7d88c6142c6efc160c0ee5e4f85cde382c072888 + NOTE: No security impact per upstream assessment +CVE-2021-43391 (An Out-of-Bounds Read vulnerability exists when reading a DXF file usi ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43390 (An Out-of-Bounds Write vulnerability exists when reading a DGN file us ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43389 (An issue was discovered in the Linux kernel before 5.14.15. There is a ...) + {DSA-5096-1 DLA-2941-1 DLA-2843-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/19/1 + NOTE: https://git.kernel.org/linus/1f3e2e97c003f80c4b087092b225c8787ff91e4d +CVE-2021-43388 (Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store ...) + NOT-FOR-US: Unisys Cargo Mobile Application +CVE-2021-43387 + RESERVED +CVE-2021-43386 + RESERVED +CVE-2021-43385 + RESERVED +CVE-2021-43384 + RESERVED +CVE-2021-43383 + RESERVED +CVE-2021-43382 + RESERVED +CVE-2021-43381 + RESERVED +CVE-2021-43380 + RESERVED +CVE-2021-43379 + RESERVED +CVE-2021-43378 + RESERVED +CVE-2021-43377 + RESERVED +CVE-2021-43376 + RESERVED +CVE-2021-43375 + RESERVED +CVE-2021-43374 + RESERVED +CVE-2021-43373 + RESERVED +CVE-2021-43372 + RESERVED +CVE-2021-43371 + RESERVED +CVE-2021-43370 + RESERVED +CVE-2021-43369 + RESERVED +CVE-2021-43368 + RESERVED +CVE-2021-43367 + RESERVED +CVE-2021-43366 + RESERVED +CVE-2021-43365 + RESERVED +CVE-2021-43364 + RESERVED +CVE-2021-43363 + RESERVED +CVE-2021-43362 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: MedData HBYS software +CVE-2021-43361 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: MedData HBYS software +CVE-2021-43360 (Sunnet eHRD e-mail delivery task schedule\u2019s serialization functio ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-43359 (Sunnet eHRD has broken access control vulnerability, which allows a re ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-43358 (Sunnet eHRD has inadequate filtering for special characters in URLs, w ...) + NOT-FOR-US: Sunnet eHRD +CVE-2021-3928 (vim is vulnerable to Use of Uninitialized Variable) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/29c3ebd2-d601-481c-bf96-76975369d0cd + NOTE: Fixed by: https://github.com/vim/vim/commit/15d9890eee53afc61eb0a03b878a19cb5672f732 (v8.2.3582) + NOTE: Crash in CLI tool, no security impact +CVE-2021-3927 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3995-1 (unimportant) + NOTE: https://huntr.dev/bounties/9c2b2c82-48bb-4be9-ab8f-a48ea252d1b0 + NOTE: Fixed by: https://github.com/vim/vim/commit/0b5b06cb4777d1401fdf83e7d48d287662236e7e (v8.2.3581) + NOTE: Crash in CLI tool, no security impact +CVE-2021-43357 + RESERVED +CVE-2021-43350 (An unauthenticated Apache Traffic Control Traffic Ops user can send a ...) + NOT-FOR-US: Apache Traffic Control +CVE-2021-43349 + RESERVED +CVE-2021-43348 + RESERVED +CVE-2021-43347 + RESERVED +CVE-2021-43346 + RESERVED +CVE-2021-43345 + RESERVED +CVE-2021-43344 + RESERVED +CVE-2021-43343 + RESERVED +CVE-2021-43342 + RESERVED +CVE-2021-43341 + RESERVED +CVE-2021-43340 + RESERVED +CVE-2021-43339 (In Ericsson Network Location before 2021-07-31, it is possible for an ...) + NOT-FOR-US: Ericsson +CVE-2021-43338 + REJECTED +CVE-2021-43337 (SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On ...) + - slurm-wlm (Affects only 21.08 series; vulnerable code introduced later) + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2021/000068.html + NOTE: https://www.schedmd.com/news.php?id=256 +CVE-2021-42743 (A misconfiguration in the node default path allows for local privilege ...) + NOT-FOR-US: Splunk +CVE-2021-3926 + RESERVED +CVE-2021-3925 + RESERVED +CVE-2021-33845 (The Splunk Enterprise REST API allows enumeration of usernames via the ...) + NOT-FOR-US: Splunk +CVE-2021-31559 (A crafted request bypasses S2S TCP Token authentication writing arbitr ...) + NOT-FOR-US: Splunk +CVE-2021-26253 (A potential vulnerability in Splunk Enterprise's implementation of DUO ...) + NOT-FOR-US: Splunk +CVE-2021-43336 (An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43335 + RESERVED +CVE-2021-43334 (BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Grou ...) + NOT-FOR-US: BuddyBoss +CVE-2021-43333 (The Datalogic DXU service on (for example) DL-Axist devices does not r ...) + NOT-FOR-US: Datalogic +CVE-2021-43332 (In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py ad ...) + {DLA-3049-1} + - mailman (bug #1000367) + [buster] - mailman 1:2.1.29-1+deb10u3 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ + NOTE: https://bugs.launchpad.net/mailman/+bug/1949403 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1876 (2.1.36) + NOTE: Regression fix: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1878 (2.1.37) +CVE-2021-43331 (In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user ...) + {DLA-3049-1} + - mailman (bug #1000367) + [buster] - mailman 1:2.1.29-1+deb10u3 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/message/I2X7PSFXIEPLM3UMKZMGOEO3UFYETGRL/ + NOTE: https://bugs.launchpad.net/mailman/+bug/1949401 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1875 (2.1.36) +CVE-2021-43330 + RESERVED +CVE-2021-43329 (A SQL injection vulnerability in license_update.php in Mumara Classic ...) + NOT-FOR-US: Mumara Classic +CVE-2021-43328 + RESERVED +CVE-2021-43327 (An issue was discovered on Renesas RX65 and RX65N devices. With a VCC ...) + NOT-FOR-US: Renesas +CVE-2021-43326 (Automox Agent before 32 on Windows incorrectly sets permissions on a t ...) + NOT-FOR-US: Automox Agent +CVE-2021-43325 (Automox Agent 33 on Windows incorrectly sets permissions on a temporar ...) + NOT-FOR-US: Automox Agent +CVE-2021-43324 (LibreNMS through 21.10.2 allows XSS via a widget title.) + NOT-FOR-US: LibreNMS +CVE-2021-43323 (An issue was discovered in UsbCoreDxe in Insyde InsydeH2O with kernel ...) + NOT-FOR-US: Insyde +CVE-2021-43322 + RESERVED +CVE-2021-43321 + RESERVED +CVE-2021-43320 + REJECTED +CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is vulne ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43318 + RESERVED +CVE-2021-43317 (A heap-based buffer overflows was discovered in upx, during the generi ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/380 + NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43316 (A heap-based buffer overflow was discovered in upx, during the generic ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/381 + NOTE: https://github.com/upx/upx/commit/962c35aa08ef3dcee13d3f7ef6e2d845da912f25 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43315 (A heap-based buffer overflows was discovered in upx, during the generi ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/380 + NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43314 (A heap-based buffer overflows was discovered in upx, during the generi ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/380 + NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43313 (A heap-based buffer overflow was discovered in upx, during the variabl ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/378 + NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43312 (A heap-based buffer overflow was discovered in upx, during the variabl ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/379 + NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43311 (A heap-based buffer overflow was discovered in upx, during the generic ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/380 + NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338 + NOTE: Crash in CLI tool, no security impact +CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a ...) + NOT-FOR-US: Keylime +CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: Node uri-template-lite +CVE-2021-43308 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: Node markdown-link-extractor +CVE-2021-43307 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: Node semver-regex +CVE-2021-43306 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...) + NOT-FOR-US: Node jquery-validation +CVE-2021-43305 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) + {DLA-3176-1} + - clickhouse 18.16.1+ds-7.3 (bug #1008216) + [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 + NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-43304 (Heap buffer overflow in Clickhouse's LZ4 compression codec when parsin ...) + {DLA-3176-1} + - clickhouse 18.16.1+ds-7.3 (bug #1008216) + [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 + NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.11.1~dfsg+~cs6.10.40431413-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 +CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) + NOT-FOR-US: GoAhead Web Server +CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-3924 (grav is vulnerable to Improper Limitation of a Pathname to a Restricte ...) + NOT-FOR-US: Grav CMS +CVE-2021-23222 (A man-in-the-middle attacker can inject false responses to the client' ...) + {DSA-5007-1 DSA-5006-1 DLA-2817-1} + - postgresql-14 14.1-1 + - postgresql-13 + - postgresql-11 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d83cdfdca9d918bbbd6bb209139b94c954da7228 (REL9_6_24) +CVE-2021-23214 (When the server is configured to use trust authentication with a clien ...) + {DSA-5007-1 DSA-5006-1 DLA-2817-1} + - postgresql-14 14.1-1 + - postgresql-13 + - postgresql-11 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/postgresql-141-135-129-1114-1019-and-9624-released-2349/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=046c2c846b741a12e7fd61d8d86bf324a20e3dfc (REL9_6_24) +CVE-2021-43296 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43295 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43294 (Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Ref ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-43293 (Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote au ...) + NOT-FOR-US: Sonatype +CVE-2021-43292 + RESERVED +CVE-2021-43291 + RESERVED +CVE-2021-43290 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2021-43289 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2021-43288 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2021-43287 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. The busine ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2021-43286 (An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacke ...) + NOT-FOR-US: ThoughtWorks GoCD +CVE-2021-43285 + RESERVED +CVE-2021-43284 (An issue was discovered on Victure WR1200 devices through 1.0.3. The r ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43283 (An issue was discovered on Victure WR1200 devices through 1.0.3. A com ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43282 (An issue was discovered on Victure WR1200 devices through 1.0.3. The d ...) + NOT-FOR-US: Victure WR1200 devices +CVE-2021-43281 (MyBB before 1.8.29 allows Remote Code Injection by an admin with the " ...) + NOT-FOR-US: MyBB +CVE-2021-43280 (A stack-based buffer overflow vulnerability exists in the DWF file rea ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43279 (An out-of-bounds write vulnerability exists in the U3D file reading pr ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43278 (An Out-of-bounds Read vulnerability exists in the OBJ file reading pro ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43277 (An out-of-bounds read vulnerability exists in the U3D file reading pro ...) + NOT-FOR-US: Open Design Alliance PRC SDK +CVE-2021-43276 (An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA ...) + NOT-FOR-US: Open Design Alliance ODA Viewer +CVE-2021-43275 (A Use After Free vulnerability exists in the DGN file reading procedur ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43274 (A Use After Free Vulnerability exists in the Open Design Alliance Draw ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43273 (An Out-of-bounds Read vulnerability exists in the DGN file reading pro ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-43272 (An improper handling of exceptional conditions vulnerability exists in ...) + NOT-FOR-US: Open Design Alliance ODA Viewer +CVE-2021-43271 (Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0 ...) + NOT-FOR-US: Riverbed AppResponse +CVE-2021-43270 (Datalust Seq.App.EmailPlus (aka seq-app-htmlemail) 3.1.0-dev-00148, 3. ...) + NOT-FOR-US: Datalust Seq.App.HtmlEmail (aka Seq.App.EmailPlus) +CVE-2021-43269 (In Code42 app before 8.8.0, eval injection allows an attacker to chang ...) + NOT-FOR-US: Code42 app +CVE-2021-43268 (An issue was discovered in VxWorks 6.9 through 7. In the IKE component ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-43266 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exporting col ...) + - mahara +CVE-2021-43265 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag s ...) + - mahara +CVE-2021-43264 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the ...) + - mahara +CVE-2021-43263 + RESERVED +CVE-2021-43262 + RESERVED +CVE-2021-43261 + RESERVED +CVE-2021-43260 + RESERVED +CVE-2021-43259 + RESERVED +CVE-2021-43258 (CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote co ...) + NOT-FOR-US: ChurchInfo +CVE-2021-43257 (Lack of Neutralization of Formula Elements in the CSV API of MantisBT ...) + - mantis +CVE-2021-3923 (A flaw was found in the Linux kernel's implementation of RDMA over inf ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + NOTE: https://git.kernel.org/linus/b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd +CVE-2021-3922 (A race condition vulnerability was reported in IMController, a softwar ...) + NOT-FOR-US: Lenovo +CVE-2021-43267 (An issue was discovered in net/tipc/crypto.c in the Linux kernel befor ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/fa40d9734a57bcbfa79a280189799f76c88f7bb0 (5.15) +CVE-2022-21121 + RESERVED +CVE-2022-21120 + RESERVED +CVE-2022-21119 + RESERVED +CVE-2022-21118 + RESERVED +CVE-2022-21117 + RESERVED +CVE-2022-21116 + RESERVED +CVE-2022-21115 + RESERVED +CVE-2022-21114 + RESERVED +CVE-2022-21113 + RESERVED +CVE-2022-21112 + RESERVED +CVE-2022-21111 + RESERVED +CVE-2022-21110 + RESERVED +CVE-2022-21109 + RESERVED +CVE-2022-21108 + RESERVED +CVE-2022-21107 + RESERVED +CVE-2022-21106 + RESERVED +CVE-2022-21105 + RESERVED +CVE-2022-21104 + RESERVED +CVE-2022-21103 + RESERVED +CVE-2022-21102 + RESERVED +CVE-2022-21101 + RESERVED +CVE-2022-21100 + RESERVED +CVE-2022-21099 + RESERVED +CVE-2022-21098 + RESERVED +CVE-2022-21097 + RESERVED +CVE-2022-21096 + RESERVED +CVE-2022-21095 + RESERVED +CVE-2022-21094 + RESERVED +CVE-2022-21093 + RESERVED +CVE-2022-21092 + RESERVED +CVE-2022-21091 + RESERVED +CVE-2022-21090 + RESERVED +CVE-2022-21089 + RESERVED +CVE-2022-21088 + RESERVED +CVE-2022-21087 + RESERVED +CVE-2022-21086 + RESERVED +CVE-2022-21085 + RESERVED +CVE-2022-21084 + RESERVED +CVE-2022-21083 + RESERVED +CVE-2022-21082 + RESERVED +CVE-2022-21081 + RESERVED +CVE-2022-21080 + RESERVED +CVE-2022-21079 + RESERVED +CVE-2022-21078 + RESERVED +CVE-2022-21077 + RESERVED +CVE-2022-21076 + RESERVED +CVE-2022-21075 + RESERVED +CVE-2022-21074 + RESERVED +CVE-2022-21073 + RESERVED +CVE-2022-21072 + RESERVED +CVE-2022-21071 + RESERVED +CVE-2022-21070 + RESERVED +CVE-2022-21069 + RESERVED +CVE-2022-21068 + RESERVED +CVE-2022-21067 + RESERVED +CVE-2022-21066 + RESERVED +CVE-2022-21065 + RESERVED +CVE-2022-21064 + RESERVED +CVE-2022-21063 + RESERVED +CVE-2022-21062 + RESERVED +CVE-2022-21061 + RESERVED +CVE-2022-21060 + RESERVED +CVE-2022-21059 + RESERVED +CVE-2022-21058 + RESERVED +CVE-2022-21057 + RESERVED +CVE-2022-21056 + RESERVED +CVE-2022-21055 + RESERVED +CVE-2022-21054 + RESERVED +CVE-2022-21053 + RESERVED +CVE-2022-21052 + RESERVED +CVE-2022-21051 + RESERVED +CVE-2022-21050 + RESERVED +CVE-2022-21049 + RESERVED +CVE-2022-21048 + RESERVED +CVE-2022-21047 + RESERVED +CVE-2022-21046 + RESERVED +CVE-2022-21045 + RESERVED +CVE-2022-21044 + RESERVED +CVE-2022-21043 + RESERVED +CVE-2022-21042 + RESERVED +CVE-2022-21041 + RESERVED +CVE-2022-21040 + RESERVED +CVE-2022-21039 + RESERVED +CVE-2022-21038 + RESERVED +CVE-2022-21037 + RESERVED +CVE-2022-21036 + RESERVED +CVE-2022-21035 + RESERVED +CVE-2022-21034 + RESERVED +CVE-2022-21033 + RESERVED +CVE-2022-21032 + RESERVED +CVE-2022-21031 + RESERVED +CVE-2022-21030 + RESERVED +CVE-2022-21029 + RESERVED +CVE-2022-21028 + RESERVED +CVE-2022-21027 + RESERVED +CVE-2022-21026 + RESERVED +CVE-2022-21025 + RESERVED +CVE-2022-21024 + RESERVED +CVE-2022-21023 + RESERVED +CVE-2022-21022 + RESERVED +CVE-2022-21021 + RESERVED +CVE-2022-21020 + RESERVED +CVE-2022-21019 + RESERVED +CVE-2022-21018 + RESERVED +CVE-2022-21017 + RESERVED +CVE-2022-21016 + RESERVED +CVE-2022-21015 + RESERVED +CVE-2022-21014 + RESERVED +CVE-2022-21013 + RESERVED +CVE-2022-21012 + RESERVED +CVE-2022-21011 + RESERVED +CVE-2022-21010 + RESERVED +CVE-2022-21009 + RESERVED +CVE-2022-21008 + RESERVED +CVE-2022-21007 + RESERVED +CVE-2022-21006 + RESERVED +CVE-2022-21005 + RESERVED +CVE-2022-21004 + RESERVED +CVE-2022-21003 + RESERVED +CVE-2022-21002 + RESERVED +CVE-2022-21001 + RESERVED +CVE-2022-21000 + RESERVED +CVE-2022-20999 + RESERVED +CVE-2022-20998 + RESERVED +CVE-2022-20997 + RESERVED +CVE-2022-20996 + RESERVED +CVE-2022-20995 + RESERVED +CVE-2022-20994 + RESERVED +CVE-2022-20993 + RESERVED +CVE-2022-20992 + RESERVED +CVE-2022-20991 + RESERVED +CVE-2022-20990 + RESERVED +CVE-2022-20989 + RESERVED +CVE-2022-20988 + RESERVED +CVE-2022-20987 + RESERVED +CVE-2022-20986 + RESERVED +CVE-2022-20985 + RESERVED +CVE-2022-20984 + RESERVED +CVE-2022-20983 + RESERVED +CVE-2022-20982 + RESERVED +CVE-2022-20981 + RESERVED +CVE-2022-20980 + RESERVED +CVE-2022-20979 + RESERVED +CVE-2022-20978 + RESERVED +CVE-2022-20977 + RESERVED +CVE-2022-20976 + RESERVED +CVE-2022-20975 + RESERVED +CVE-2022-20974 + RESERVED +CVE-2022-20973 + RESERVED +CVE-2022-20972 + RESERVED +CVE-2022-20971 + RESERVED +CVE-2022-20970 + RESERVED +CVE-2022-20969 (A vulnerability in multiple management dashboard pages of Cisco Umbrel ...) + NOT-FOR-US: Cisco +CVE-2022-20968 (A vulnerability in the Cisco Discovery Protocol processing feature of ...) + NOT-FOR-US: Cisco +CVE-2022-20967 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20966 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20965 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20964 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20963 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20962 (A vulnerability in the Localdisk Management feature of Cisco Identity ...) + NOT-FOR-US: Cisco +CVE-2022-20961 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20960 (A vulnerability in Cisco AsyncOS Software for Cisco Email Security App ...) + NOT-FOR-US: Cisco +CVE-2022-20959 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...) + NOT-FOR-US: Cisco +CVE-2022-20958 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2022-20957 + RESERVED +CVE-2022-20956 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20955 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) + NOT-FOR-US: Cisco +CVE-2022-20954 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) + NOT-FOR-US: Cisco +CVE-2022-20953 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) + NOT-FOR-US: Cisco +CVE-2022-20952 (A vulnerability in the scanning engines of Cisco AsyncOS Software for ...) + NOT-FOR-US: Cisco +CVE-2022-20951 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2022-20950 (A vulnerability in the interaction of SIP and Snort 3 for Cisco Firepo ...) + NOT-FOR-US: Cisco +CVE-2022-20949 (A vulnerability in the management web server of Cisco Firepower Threat ...) + NOT-FOR-US: Cisco +CVE-2022-20948 + RESERVED +CVE-2022-20947 (A vulnerability in dynamic access policies (DAP) functionality of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20946 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...) + NOT-FOR-US: Cisco +CVE-2022-20945 (A vulnerability in the 802.11 association frame validation of Cisco Ca ...) + NOT-FOR-US: Cisco +CVE-2022-20944 (A vulnerability in the software image verification functionality of Ci ...) + NOT-FOR-US: Cisco +CVE-2022-20943 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) + NOT-FOR-US: Cisco +CVE-2022-20942 (A vulnerability in the web-based management interface of Cisco Email S ...) + NOT-FOR-US: Cisco +CVE-2022-20941 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2022-20940 (A vulnerability in the TLS handler of Cisco Firepower Threat Defense ( ...) + NOT-FOR-US: Cisco +CVE-2022-20939 + RESERVED +CVE-2022-20938 (A vulnerability in the module import function of the administrative in ...) + NOT-FOR-US: Cisco +CVE-2022-20937 (A vulnerability in a feature that monitors RADIUS requests on Cisco Id ...) + NOT-FOR-US: Cisco +CVE-2022-20936 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20935 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20934 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) + NOT-FOR-US: Cisco +CVE-2022-20933 (A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX ...) + NOT-FOR-US: Cisco +CVE-2022-20932 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20931 + RESERVED +CVE-2022-20930 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2022-20929 (A vulnerability in the upgrade signature verification of Cisco Enterpr ...) + NOT-FOR-US: Cisco +CVE-2022-20928 (A vulnerability in the authentication and authorization flows for VPN ...) + NOT-FOR-US: Cisco +CVE-2022-20927 (A vulnerability in the SSL/TLS client of Cisco Adaptive Security Appli ...) + NOT-FOR-US: Cisco +CVE-2022-20926 (A vulnerability in the web management interface of the Cisco Firepower ...) + NOT-FOR-US: Cisco +CVE-2022-20925 (A vulnerability in the web management interface of the Cisco Firepower ...) + NOT-FOR-US: Cisco +CVE-2022-20924 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...) + NOT-FOR-US: Cisco +CVE-2022-20923 (A vulnerability in the IPSec VPN Server authentication functionality o ...) + NOT-FOR-US: Cisco +CVE-2022-20922 (Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) ...) + NOT-FOR-US: Cisco +CVE-2022-20921 (A vulnerability in the API implementation of Cisco ACI Multi-Site Orch ...) + NOT-FOR-US: Cisco +CVE-2022-20920 (A vulnerability in the SSH implementation of Cisco IOS Software and Ci ...) + NOT-FOR-US: Cisco +CVE-2022-20919 (A vulnerability in the processing of malformed Common Industrial Proto ...) + NOT-FOR-US: Cisco +CVE-2022-20918 (A vulnerability in the Simple Network Management Protocol (SNMP) acces ...) + NOT-FOR-US: Cisco +CVE-2022-20917 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) + NOT-FOR-US: Cisco +CVE-2022-20916 (A vulnerability in the web-based management interface of Cisco IoT Con ...) + NOT-FOR-US: Cisco +CVE-2022-20915 (A vulnerability in the implementation of IPv6 VPN over MPLS (6VPE) wit ...) + NOT-FOR-US: Cisco +CVE-2022-20914 (A vulnerability in the External RESTful Services (ERS) API of Cisco Id ...) + NOT-FOR-US: Cisco +CVE-2022-20913 (A vulnerability in Cisco Nexus Dashboard could allow an authenticated, ...) + NOT-FOR-US: Cisco +CVE-2022-20912 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20911 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20910 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20909 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2022-20908 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2022-20907 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2022-20906 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2022-20905 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20904 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20903 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20902 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20901 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20900 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20899 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20898 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20897 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20896 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20895 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20894 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20893 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20892 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20891 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20890 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20889 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20888 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20887 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20886 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20885 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20884 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20883 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20882 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20881 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20880 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20879 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20878 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20877 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20876 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20875 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20874 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20873 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20872 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20871 + RESERVED +CVE-2022-20870 (A vulnerability in the egress MPLS packet processing function of Cisco ...) + NOT-FOR-US: Cisco +CVE-2022-20869 (A vulnerability in the web-based management interface of Cisco BroadWo ...) + NOT-FOR-US: Cisco +CVE-2022-20868 (A vulnerability in the web-based management interface of Cisco Email S ...) + NOT-FOR-US: Cisco +CVE-2022-20867 (A vulnerability in web-based management interface of the of Cisco Emai ...) + NOT-FOR-US: Cisco +CVE-2022-20866 (A vulnerability in the handling of RSA keys on devices running Cisco A ...) + NOT-FOR-US: Cisco +CVE-2022-20865 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) + NOT-FOR-US: Cisco +CVE-2022-20864 (A vulnerability in the password-recovery disable feature of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2022-20863 (A vulnerability in the messaging interface of Cisco Webex App, formerl ...) + NOT-FOR-US: Cisco +CVE-2022-20862 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20861 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2022-20860 (A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard ...) + NOT-FOR-US: Cisco +CVE-2022-20859 (A vulnerability in the Disaster Recovery framework of Cisco Unified Co ...) + NOT-FOR-US: Cisco +CVE-2022-20858 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2022-20857 (Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unaut ...) + NOT-FOR-US: Cisco +CVE-2022-20856 (A vulnerability in the processing of Control and Provisioning of Wirel ...) + NOT-FOR-US: Cisco +CVE-2022-20855 (A vulnerability in the self-healing functionality of Cisco IOS XE Soft ...) + NOT-FOR-US: Cisco +CVE-2022-20854 (A vulnerability in the processing of SSH connections of Cisco Firepowe ...) + NOT-FOR-US: Cisco +CVE-2022-20853 + RESERVED +CVE-2022-20852 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) + NOT-FOR-US: Cisco +CVE-2022-20851 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) + NOT-FOR-US: Cisco +CVE-2022-20850 (A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software ...) + NOT-FOR-US: Cisco +CVE-2022-20849 + RESERVED +CVE-2022-20848 (A vulnerability in the UDP processing functionality of Cisco IOS XE So ...) + NOT-FOR-US: Cisco +CVE-2022-20847 (A vulnerability in the DHCP processing functionality of Cisco IOS XE W ...) + NOT-FOR-US: Cisco +CVE-2022-20846 + RESERVED +CVE-2022-20845 + RESERVED +CVE-2022-20844 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) + NOT-FOR-US: Cisco +CVE-2022-20843 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20842 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco +CVE-2022-20841 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco +CVE-2022-20840 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20839 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20838 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20837 (A vulnerability in the DNS application layer gateway (ALG) functionali ...) + NOT-FOR-US: Cisco +CVE-2022-20836 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20835 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20834 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20833 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20832 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20831 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20830 (A vulnerability in authentication mechanism of Cisco Software-Defined ...) + NOT-FOR-US: Cisco +CVE-2022-20829 (A vulnerability in the packaging of Cisco Adaptive Security Device Man ...) + NOT-FOR-US: Cisco +CVE-2022-20828 (A vulnerability in the CLI parser of Cisco FirePOWER Software for Adap ...) + NOT-FOR-US: Cisco +CVE-2022-20827 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco +CVE-2022-20826 (A vulnerability in the secure boot implementation of Cisco Secure Fire ...) + NOT-FOR-US: Cisco +CVE-2022-20825 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2022-20824 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) + NOT-FOR-US: Cisco +CVE-2022-20823 (A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS ...) + NOT-FOR-US: Cisco +CVE-2022-20822 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20821 (A vulnerability in the health check RPM of Cisco IOS XR Software could ...) + NOT-FOR-US: Cisco +CVE-2022-20820 (Multiple vulnerabilities in the web interface of Cisco Webex Meetings ...) + NOT-FOR-US: Cisco +CVE-2022-20819 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20818 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...) + NOT-FOR-US: Cisco +CVE-2022-20817 (A vulnerability in Cisco Unified IP Phones could allow an unauthentica ...) + NOT-FOR-US: Cisco +CVE-2022-20816 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20815 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20814 + RESERVED +CVE-2022-20813 (Multiple vulnerabilities in the API and in the web-based management in ...) + NOT-FOR-US: Cisco +CVE-2022-20812 (Multiple vulnerabilities in the API and in the web-based management in ...) + NOT-FOR-US: Cisco +CVE-2022-20811 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) + NOT-FOR-US: Cisco +CVE-2022-20810 (A vulnerability in the Simple Network Management Protocol (SNMP) of Ci ...) + NOT-FOR-US: Cisco +CVE-2022-20809 (Multiple vulnerabilities in the API and web-based management interface ...) + NOT-FOR-US: Cisco +CVE-2022-20808 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...) + NOT-FOR-US: Cisco +CVE-2022-20807 (Multiple vulnerabilities in the API and web-based management interface ...) + NOT-FOR-US: Cisco +CVE-2022-20806 (Multiple vulnerabilities in the API and web-based management interface ...) + NOT-FOR-US: Cisco +CVE-2022-20805 (A vulnerability in the automatic decryption process in Cisco Umbrella ...) + NOT-FOR-US: Cisco +CVE-2022-20804 (A vulnerability in the Cisco Discovery Protocol of Cisco Unified Commu ...) + NOT-FOR-US: Cisco +CVE-2022-20803 (A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) ver ...) + - clamav (Only affects 0.104.x) + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20802 (A vulnerability in the web interface of Cisco Enterprise Chat and Emai ...) + NOT-FOR-US: Cisco +CVE-2022-20801 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20800 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20799 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20798 (A vulnerability in the external authentication functionality of Cisco ...) + NOT-FOR-US: Cisco +CVE-2022-20797 (A vulnerability in the web-based management interface of Cisco Secure ...) + NOT-FOR-US: Cisco +CVE-2022-20796 (On May 4, 2022, the following vulnerability in the ClamAV scanning lib ...) + {DLA-3042-1} + - clamav 0.103.6+dfsg-1 + [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 + [buster] - clamav 0.103.6+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20795 (A vulnerability in the implementation of the Datagram TLS (DTLS) proto ...) + NOT-FOR-US: Cisco +CVE-2022-20794 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...) + NOT-FOR-US: Cisco +CVE-2022-20793 + RESERVED +CVE-2022-20792 (A vulnerability in the regex module used by the signature database loa ...) + {DLA-3042-1} + - clamav 0.103.6+dfsg-1 + [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 + [buster] - clamav 0.103.6+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20791 (A vulnerability in the database user privileges of Cisco Unified Commu ...) + NOT-FOR-US: Cisco +CVE-2022-20790 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20789 (A vulnerability in the software upgrade process of Cisco Unified Commu ...) + NOT-FOR-US: Cisco +CVE-2022-20788 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20787 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20786 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20785 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) + {DLA-3042-1} + - clamav 0.103.6+dfsg-1 + [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 + [buster] - clamav 0.103.6+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20784 (A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cis ...) + NOT-FOR-US: Cisco +CVE-2022-20783 (A vulnerability in the packet processing functionality of Cisco TelePr ...) + NOT-FOR-US: Cisco +CVE-2022-20782 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2022-20781 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) + NOT-FOR-US: Cisco +CVE-2022-20780 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) + NOT-FOR-US: Cisco +CVE-2022-20779 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) + NOT-FOR-US: Cisco +CVE-2022-20778 (A vulnerability in the authentication component of Cisco Webex Meeting ...) + NOT-FOR-US: Cisco +CVE-2022-20777 (Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Softwa ...) + NOT-FOR-US: Cisco +CVE-2022-20776 (Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint ...) + NOT-FOR-US: Cisco +CVE-2022-20775 (Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could all ...) + NOT-FOR-US: Cisco +CVE-2022-20774 (A vulnerability in the web-based management interface of Cisco IP Phon ...) + NOT-FOR-US: Cisco +CVE-2022-20773 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) + NOT-FOR-US: Cisco +CVE-2022-20772 (A vulnerability in Cisco Email Security Appliance (ESA) and Cisco Secu ...) + NOT-FOR-US: Cisco +CVE-2022-20771 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) + {DLA-3042-1} + - clamav 0.103.6+dfsg-1 + [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 + [buster] - clamav 0.103.6+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20770 (On April 20, 2022, the following vulnerability in the ClamAV scanning ...) + {DLA-3042-1} + - clamav 0.103.6+dfsg-1 + [bullseye] - clamav 0.103.6+dfsg-0+deb11u1 + [buster] - clamav 0.103.6+dfsg-0+deb10u1 + NOTE: https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html +CVE-2022-20769 (A vulnerability in the authentication functionality of Cisco Wireless ...) + NOT-FOR-US: Cisco +CVE-2022-20768 (A vulnerability in the logging component of Cisco TelePresence Collabo ...) + NOT-FOR-US: Cisco +CVE-2022-20767 (A vulnerability in the Snort rule evaluation function of Cisco Firepow ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20766 + RESERVED +CVE-2022-20765 (A vulnerability in the web applications of Cisco UCS Director could al ...) + NOT-FOR-US: Cisco +CVE-2022-20764 (Multiple vulnerabilities in the web engine of Cisco TelePresence Colla ...) + NOT-FOR-US: Cisco +CVE-2022-20763 (A vulnerability in the login authorization components of Cisco Webex M ...) + NOT-FOR-US: Cisco +CVE-2022-20762 (A vulnerability in the Common Execution Environment (CEE) ConfD CLI of ...) + NOT-FOR-US: Cisco +CVE-2022-20761 (A vulnerability in the integrated wireless access point (AP) packet pr ...) + NOT-FOR-US: Cisco +CVE-2022-20760 (A vulnerability in the DNS inspection handler of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2022-20759 (A vulnerability in the web services interface for remote access VPN fe ...) + NOT-FOR-US: Cisco +CVE-2022-20758 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) + NOT-FOR-US: Cisco +CVE-2022-20757 (A vulnerability in the connection handling function in Cisco Firepower ...) + NOT-FOR-US: Cisco +CVE-2022-20756 (A vulnerability in the RADIUS feature of Cisco Identity Services Engin ...) + NOT-FOR-US: Cisco +CVE-2022-20755 (Multiple vulnerabilities in the API and web-based management interface ...) + NOT-FOR-US: Cisco +CVE-2022-20754 (Multiple vulnerabilities in the API and web-based management interface ...) + NOT-FOR-US: Cisco +CVE-2022-20753 (A vulnerability in web-based management interface of Cisco Small Busin ...) + NOT-FOR-US: Cisco +CVE-2022-20752 (A vulnerability in Cisco Unified Communications Manager (Unified CM), ...) + NOT-FOR-US: Cisco +CVE-2022-20751 (A vulnerability in the Snort detection engine integration for Cisco Fi ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20750 (A vulnerability in the checkpoint manager implementation of Cisco Redu ...) + NOT-FOR-US: Cisco +CVE-2022-20749 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20748 (A vulnerability in the local malware analysis process of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2022-20747 (A vulnerability in the History API of Cisco SD-WAN vManage Software co ...) + NOT-FOR-US: Cisco +CVE-2022-20746 (A vulnerability in the TCP proxy functionality of Cisco Firepower Thre ...) + NOT-FOR-US: Cisco +CVE-2022-20745 (A vulnerability in the web services interface for remote access VPN fe ...) + NOT-FOR-US: Cisco +CVE-2022-20744 (A vulnerability in the input protection mechanisms of Cisco Firepower ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20743 (A vulnerability in the web management interface of Cisco Firepower Man ...) + NOT-FOR-US: Cisco +CVE-2022-20742 (A vulnerability in an IPsec VPN library of Cisco Adaptive Security App ...) + NOT-FOR-US: Cisco +CVE-2022-20741 (A vulnerability in the web-based management interface of the Network D ...) + NOT-FOR-US: Cisco +CVE-2022-20740 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2022-20739 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) + NOT-FOR-US: Cisco +CVE-2022-20738 (A vulnerability in the Cisco Umbrella Secure Web Gateway service could ...) + NOT-FOR-US: Cisco +CVE-2022-20737 (A vulnerability in the handler for HTTP authentication for resources a ...) + NOT-FOR-US: Cisco +CVE-2022-20736 (A vulnerability in the web-based management interface of Cisco AppDyna ...) + NOT-FOR-US: Cisco +CVE-2022-20735 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2022-20734 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) + NOT-FOR-US: Cisco +CVE-2022-20733 (A vulnerability in the login page of Cisco Identity Services Engine (I ...) + NOT-FOR-US: Cisco +CVE-2022-20732 (A vulnerability in the configuration file protections of Cisco Virtual ...) + NOT-FOR-US: Cisco +CVE-2022-20731 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) + NOT-FOR-US: Cisco +CVE-2022-20730 (A vulnerability in the Security Intelligence feed feature of Cisco Fir ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20729 (A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Softwar ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20728 (A vulnerability in the client forwarding code of multiple Cisco Access ...) + NOT-FOR-US: Cisco +CVE-2022-20727 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20726 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20725 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20724 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20723 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20722 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20721 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20720 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20719 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20718 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20717 (A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers c ...) + NOT-FOR-US: Cisco +CVE-2022-20716 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2022-20715 (A vulnerability in the remote access SSL VPN features of Cisco Adaptiv ...) + NOT-FOR-US: Cisco +CVE-2022-20714 (A vulnerability in the data plane microcode of Lightspeed-Plus line ca ...) + NOT-FOR-US: Cisco +CVE-2022-20713 (A vulnerability in the VPN web client services component of Cisco Adap ...) + NOT-FOR-US: Cisco +CVE-2022-20712 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20711 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20710 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20709 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20708 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20707 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20706 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20705 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20704 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20703 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20702 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20701 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20700 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20699 (Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, ...) + NOT-FOR-US: Cisco Small Business RV Series Routers +CVE-2022-20698 (A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) ...) + - clamav 0.103.5+dfsg-1 + [bullseye] - clamav 0.103.5+dfsg-0+deb11u1 + [buster] - clamav 0.103.5+dfsg-0+deb10u1 + [stretch] - clamav (Minor issue; clean crash; follow stable updates) + NOTE: https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html + NOTE: https://github.com/Cisco-Talos/clamav/commit/9a6bb57f89721db637f4ddb5b233c1c4e23d223a (0.103.5) +CVE-2022-20697 (A vulnerability in the web services interface of Cisco IOS Software an ...) + NOT-FOR-US: Cisco +CVE-2022-20696 (A vulnerability in the binding configuration of Cisco SD-WAN vManage S ...) + NOT-FOR-US: Cisco +CVE-2022-20695 (A vulnerability in the authentication functionality of Cisco Wireless ...) + NOT-FOR-US: Cisco +CVE-2022-20694 (A vulnerability in the implementation of the Resource Public Key Infra ...) + NOT-FOR-US: Cisco +CVE-2022-20693 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) + NOT-FOR-US: Cisco +CVE-2022-20692 (A vulnerability in the NETCONF over SSH feature of Cisco IOS XE Softwa ...) + NOT-FOR-US: Cisco +CVE-2022-20691 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...) + NOT-FOR-US: Cisco +CVE-2022-20690 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...) + NOT-FOR-US: Cisco +CVE-2022-20689 (Multiple vulnerabilities in the Cisco Discovery Protocol functionality ...) + NOT-FOR-US: Cisco +CVE-2022-20688 (A vulnerability in the Cisco Discovery Protocol functionality of Cisco ...) + NOT-FOR-US: Cisco +CVE-2022-20687 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...) + NOT-FOR-US: Cisco +CVE-2022-20686 (Multiple vulnerabilities in the Link Layer Discovery Protocol (LLDP) f ...) + NOT-FOR-US: Cisco +CVE-2022-20685 + RESERVED +CVE-2022-20684 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...) + NOT-FOR-US: Cisco +CVE-2022-20683 (A vulnerability in the Application Visibility and Control (AVC-FNF) fe ...) + NOT-FOR-US: Cisco +CVE-2022-20682 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2022-20681 (A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst ...) + NOT-FOR-US: Cisco +CVE-2022-20680 (A vulnerability in the web-based management interface of Cisco Prime S ...) + NOT-FOR-US: Cisco +CVE-2022-20679 (A vulnerability in the IPSec decryption routine of Cisco IOS XE Softwa ...) + NOT-FOR-US: Cisco +CVE-2022-20678 (A vulnerability in the AppNav-XE feature of Cisco IOS XE Software coul ...) + NOT-FOR-US: Cisco +CVE-2022-20677 (Multiple vulnerabilities in the Cisco IOx application hosting environm ...) + NOT-FOR-US: Cisco IOx +CVE-2022-20676 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20675 (A vulnerability in the TCP/IP stack of Cisco Email Security Appliance ...) + NOT-FOR-US: Cisco +CVE-2022-20674 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20673 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20672 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20671 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20670 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20669 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20668 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20667 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20666 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20665 (A vulnerability in the CLI of Cisco StarOS could allow an authenticate ...) + NOT-FOR-US: Cisco +CVE-2022-20664 (A vulnerability in the web management interface of Cisco Secure Email ...) + NOT-FOR-US: Cisco +CVE-2022-20663 + RESERVED +CVE-2022-20662 (A vulnerability in the smart card login authentication of Cisco Duo fo ...) + NOT-FOR-US: Cisco +CVE-2022-20661 (Multiple vulnerabilities that affect Cisco Catalyst Digital Building S ...) + NOT-FOR-US: Cisco +CVE-2022-20660 (A vulnerability in the information storage architecture of several Cis ...) + NOT-FOR-US: Cisco +CVE-2022-20659 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2022-20658 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2022-20657 + RESERVED +CVE-2022-20656 + RESERVED +CVE-2022-20655 + RESERVED +CVE-2022-20654 + RESERVED +CVE-2022-20653 (A vulnerability in the DNS-based Authentication of Named Entities (DAN ...) + NOT-FOR-US: Cisco +CVE-2022-20652 + RESERVED +CVE-2022-20651 (A vulnerability in the logging component of Cisco Adaptive Security De ...) + NOT-FOR-US: Cisco +CVE-2022-20650 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) + NOT-FOR-US: Cisco +CVE-2022-20649 + RESERVED +CVE-2022-20648 + RESERVED +CVE-2022-20647 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20646 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20645 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20644 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20643 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20642 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20641 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20640 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20639 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20638 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20637 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20636 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20635 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2022-20634 + RESERVED +CVE-2022-20633 + RESERVED +CVE-2022-20632 + RESERVED +CVE-2022-20631 + RESERVED +CVE-2022-20630 (A vulnerability in the audit log of Cisco DNA Center could allow an au ...) + NOT-FOR-US: Cisco +CVE-2022-20629 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20628 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20627 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco Firepower +CVE-2022-20626 + RESERVED +CVE-2022-20625 (A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS ...) + NOT-FOR-US: Cisco +CVE-2022-20624 (A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature ...) + NOT-FOR-US: Cisco +CVE-2022-20623 (A vulnerability in the rate limiter for Bidirectional Forwarding Detec ...) + NOT-FOR-US: Cisco +CVE-2022-20622 (A vulnerability in IP ingress packet processing of the Cisco Embedded ...) + NOT-FOR-US: Cisco +CVE-2021-43256 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43255 (Microsoft Office Trust Center Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43254 + RESERVED +CVE-2021-43253 + RESERVED +CVE-2021-43252 + RESERVED +CVE-2021-43251 + RESERVED +CVE-2021-43250 + RESERVED +CVE-2021-43249 + RESERVED +CVE-2021-43248 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43247 (Windows TCP/IP Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43246 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43245 (Windows Digital TV Tuner Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43244 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43243 (VP9 Video Extensions Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43242 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-43241 + RESERVED +CVE-2021-43240 (NTFS Set Short Name Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43239 (Windows Recovery Environment Agent Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-43238 (Windows Remote Access Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43237 (Windows Setup Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43236 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43235 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43234 (Windows Fax Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43233 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43232 (Windows Event Tracing Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43231 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43230 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43229 (Windows NTFS Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-43228 (SymCrypt Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43227 (Storage Spaces Controller Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43226 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43225 (Bot Framework SDK Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43224 (Windows Common Log File System Driver Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43223 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-43222 (Microsoft Message Queuing Information Disclosure Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-43221 (Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43220 (Microsoft Edge for iOS Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43219 (DirectX Graphics Kernel File Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43218 + RESERVED +CVE-2021-43217 (Windows Encrypting File System (EFS) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-43216 (Microsoft Local Security Authority Server (lsasrv) Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2021-43215 (iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Ex ...) + NOT-FOR-US: Microsoft +CVE-2021-43214 (Web Media Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-43213 + RESERVED +CVE-2021-43212 + RESERVED +CVE-2021-43211 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-43210 + RESERVED +CVE-2021-43209 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-43208 (3D Viewer Remote Code Execution Vulnerability This CVE ID is unique fr ...) + NOT-FOR-US: Microsoft +CVE-2021-43207 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-43206 (A server-generated error message containing sensitive information in F ...) + NOT-FOR-US: FortiGuard +CVE-2021-43205 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortiguard FortiClient +CVE-2021-43204 (A improper control of a resource through its lifetime in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-3921 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-3920 (grav-plugin-admin is vulnerable to Improper Neutralization of Input Du ...) + NOT-FOR-US: Grav CMS +CVE-2021-3919 (A potential security vulnerability has been identified in OMEN Gaming ...) + NOT-FOR-US: HP +CVE-2021-43203 (In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 a ...) + NOT-FOR-US: JetBrains Ktor +CVE-2021-43202 (In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is m ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43201 (In JetBrains TeamCity before 2021.1.3, a newly created project could t ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43200 (In JetBrains TeamCity before 2021.1.2, permission checks in the Agent ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43199 (In JetBrains TeamCity before 2021.1.2, permission checks in the Create ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43198 (In JetBrains TeamCity before 2021.1.2, stored XSS is possible.) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43197 (In JetBrains TeamCity before 2021.1.2, email notifications could inclu ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43196 (In JetBrains TeamCity before 2021.1, information disclosure via the Do ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43195 (In JetBrains TeamCity before 2021.1.2, some HTTP security headers were ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43194 (In JetBrains TeamCity before 2021.1.2, user enumeration was possible.) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43193 (In JetBrains TeamCity before 2021.1.2, remote code execution via the a ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2021-43192 (In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking i ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43191 (JetBrains YouTrack Mobile before 2021.2, is missing the security scree ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43190 (In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43189 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43188 (In JetBrains YouTrack Mobile before 2021.2, access token protection on ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43187 (In JetBrains YouTrack Mobile before 2021.2, the client-side cache on i ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43186 (JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43185 (JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header in ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43184 (In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.) + NOT-FOR-US: JetBrains YouTrack +CVE-2021-43183 (In JetBrains Hub before 2021.1.13690, the authentication throttling me ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43182 (In JetBrains Hub before 2021.1.13415, a DoS via user information is po ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43181 (In JetBrains Hub before 2021.1.13690, stored XSS is possible.) + NOT-FOR-US: JetBrains Hub +CVE-2021-43180 (In JetBrains Hub before 2021.1.13690, information disclosure via avata ...) + NOT-FOR-US: JetBrains Hub +CVE-2021-43179 + REJECTED +CVE-2021-43178 + REJECTED +CVE-2021-43177 (As a result of an incomplete fix for CVE-2015-7225, in versions of dev ...) + - ruby-devise-two-factor 4.0.2-1 (bug #1009636) + [bullseye] - ruby-devise-two-factor (Minor issue) + NOTE: https://github.com/tinfoil/devise-two-factor/security/advisories/GHSA-jm35-h8q2-73mp + NOTE: https://github.com/tinfoil/devise-two-factor/pull/108 + NOTE: https://github.com/tinfoil/devise-two-factor/commit/64576bb9e7d29800c5f92bb86fb6ecff91ad6105 (v4.0.2) +CVE-2021-43176 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) + NOT-FOR-US: GOautodial API +CVE-2021-43175 (The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 ...) + NOT-FOR-US: GOautodial API +CVE-2021-3918 (json-schema is vulnerable to Improperly Controlled Modification of Obj ...) + {DLA-3228-1} + - node-json-schema 0.4.0+~7.0.9-1 (bug #999765) + [bullseye] - node-json-schema 0.3.0+~7.0.6-1+deb11u1 + NOTE: https://github.com/kriszyp/json-schema/commit/22f146111f541d9737e832823699ad3528ca7741 (v0.4.0) +CVE-2021-43174 (NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, suppo ...) + {DSA-5041-1} + - routinator (bug #929024) + - cfrpki 1.4.0-1 + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/667 +CVE-2021-43173 (In NLnet Labs Routinator prior to 0.10.2, a validation run can be dela ...) + {DSA-5041-1 DSA-5033-1} + - routinator (bug #929024) + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + - rpki-client 7.5-1 + [bullseye] - rpki-client (Fixed versions need more recent libretls) + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/666 + NOTE: https://github.com/NLnetLabs/routinator/pull/612 +CVE-2021-43172 (NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRD ...) + - routinator (bug #929024) + - rpki-client 7.5-1 + [bullseye] - rpki-client (Fixed versions need more recent libretls) + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-43172_CVE-2021-43173_CVE-2021-43174.txt + NOTE: https://github.com/NLnetLabs/routinator/pull/665 +CVE-2021-3917 (A flaw was found in the coreos-installer, where it writes the Ignition ...) + NOT-FOR-US: coreos-installer +CVE-2021-43171 (Improper verification of applications' cryptographic signatures in the ...) + NOT-FOR-US: App Lounge +CVE-2021-43170 + RESERVED +CVE-2021-43169 + RESERVED +CVE-2021-43168 + RESERVED +CVE-2021-43167 + RESERVED +CVE-2021-43166 + RESERVED +CVE-2021-43165 + RESERVED +CVE-2021-43164 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43163 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43162 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43161 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43160 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43159 (A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks ...) + NOT-FOR-US: Ruijie +CVE-2021-43158 (In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability ...) + NOT-FOR-US: ProjectWorlds Online Shopping System PHP +CVE-2021-43157 (Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL inj ...) + NOT-FOR-US: ProjectWorlds Online Shopping System PHP +CVE-2021-43156 (In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in adm ...) + NOT-FOR-US: ProjectWorlds Online Book Store PHP +CVE-2021-43155 (Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injecti ...) + NOT-FOR-US: ProjectWorlds Online Book Store PHP +CVE-2021-43154 (Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2 ...) + NOT-FOR-US: CMS Made Simple +CVE-2021-43153 + RESERVED +CVE-2021-43152 + RESERVED +CVE-2021-43151 + RESERVED +CVE-2021-43150 + RESERVED +CVE-2021-43149 + REJECTED +CVE-2021-43148 + RESERVED +CVE-2021-43147 + RESERVED +CVE-2021-43146 + RESERVED +CVE-2021-43145 (With certain LDAP configurations, Zammad 5.0.1 was found to be vulnera ...) + - zammad (bug #841355) +CVE-2021-43144 + RESERVED +CVE-2021-43143 + RESERVED +CVE-2021-43142 (An XML External Entity (XXE) vulnerability exists in wuta jox 1.16 in ...) + NOT-FOR-US: wutka jox +CVE-2021-43141 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simp ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43140 (SQL Injection vulnerability exists in Sourcecodester. Simple Subscript ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43139 + RESERVED +CVE-2021-43138 (In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtai ...) + - node-async (Vulnerable code introduced later) + NOTE: https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d (3.2.2) + NOTE: https://github.com/caolan/async/pull/1828 + NOTE: https://jsfiddle.net/oz5twjd9/ +CVE-2021-43137 (Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: hostel management system +CVE-2021-43136 (An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker ...) + NOT-FOR-US: FormaLMS +CVE-2021-43135 + RESERVED +CVE-2021-43134 + RESERVED +CVE-2021-43133 + RESERVED +CVE-2021-43132 + RESERVED +CVE-2021-43131 + RESERVED +CVE-2021-43130 (An SQL Injection vulnerability exists in Sourcecodester Customer Relat ...) + NOT-FOR-US: Sourcecodester +CVE-2021-43129 (A bypass exists for Desire2Learn/D2L Brightspace\u2019s \u201cDisable ...) + NOT-FOR-US: D2L Brightspace LMS +CVE-2021-43128 + RESERVED +CVE-2021-43127 + RESERVED +CVE-2021-43126 + RESERVED +CVE-2021-43125 + RESERVED +CVE-2021-43124 + RESERVED +CVE-2021-43123 + RESERVED +CVE-2021-43122 + RESERVED +CVE-2021-43121 + RESERVED +CVE-2021-43120 + RESERVED +CVE-2021-43119 + RESERVED +CVE-2021-43118 (A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 ...) + NOT-FOR-US: DrayTek Vigor2960 devices +CVE-2021-43117 (fastadmin v1.2.1 is affected by a file upload vulnerability which allo ...) + NOT-FOR-US: fastadmin +CVE-2021-43116 (An Access Control vulnerability exists in Nacos 2.0.3 in the access pr ...) + NOT-FOR-US: Nacos +CVE-2021-43115 + RESERVED +CVE-2021-43114 (FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publis ...) + {DSA-5033-1} + - fort-validator 1.5.2-1 +CVE-2021-43113 (iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows comma ...) + {DSA-5323-1 DLA-3273-1} + - libitext5-java 5.5.13.3-1 (bug #1014597) + NOTE: https://github.com/itext/itextpdf/commit/ce8bbacd631e13717a91f02e9cbd9814b9dc2cca (5.5.13.3) +CVE-2021-43112 + RESERVED +CVE-2021-43111 + RESERVED +CVE-2021-43110 (An Access Conrol vulnerability exists in PuneethReddyHC online-shoppin ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-43109 (An SQL Injection vulnerability exits in PuneethReddyHC online-shopping ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-43108 + RESERVED +CVE-2021-43107 + RESERVED +CVE-2021-43106 (A Header Injection vulnerability exists in Compass Plus TranzWare Onli ...) + NOT-FOR-US: Compass Plus TranzWare +CVE-2021-43105 (A vulnerability in the bailiwick checking function in Technitium DNS S ...) + NOT-FOR-US: Technitium DNS Server +CVE-2021-43104 + RESERVED +CVE-2021-43103 (A File Upload vulnerability exists in bbs 5.3 is via ForumManageAction ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43102 (A File Upload vulnerability exists in bbs 5.3 is via HelpManageAction. ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43101 (A File Upload vulnerability exists in bbs 5.3 is via MembershipCardMan ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43100 (A File Upload vulnerability exists in bbs 5.3 is via TopicManageAction ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43099 (An Archive Extraction (AKA "Zip Slip) vulnerability exists in bbs 5.3 ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43098 (A File Upload vulnerability exists in bbs v5.3 via QuestionManageActio ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43097 (A Server-side Template Injection (SSTI) vulnerability exists in bbs 5. ...) + NOT-FOR-US: bbs Patrol Cloud Light Forum +CVE-2021-43096 + RESERVED +CVE-2021-43095 + RESERVED +CVE-2021-43094 (An SQL Injection vulnerability exists in OpenMRS Reference Application ...) + NOT-FOR-US: OpenMRS +CVE-2021-43093 + RESERVED +CVE-2021-43092 + RESERVED +CVE-2021-43091 (An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via ...) + NOT-FOR-US: Yeswiki doryphore +CVE-2021-43090 (An XML External Entity (XXE) vulnerability exists in soa-model before ...) + NOT-FOR-US: soa-model +CVE-2021-43089 + RESERVED +CVE-2021-43088 + RESERVED +CVE-2021-43087 + RESERVED +CVE-2021-43086 (ARM astcenc 3.2.0 is vulnerable to Buffer Overflow. When the compressi ...) + NOT-FOR-US: ARM astcenc +CVE-2021-43085 + REJECTED +CVE-2021-43084 (An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tab ...) + NOT-FOR-US: Dreamer CMS +CVE-2021-3916 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) + NOT-FOR-US: bookstack +CVE-2015-10001 (The WP-Stats WordPress plugin before 2.52 does not have CSRF check whe ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43083 (Apache PLC4X - PLC4C (Only the C language implementation was effected) ...) + NOT-FOR-US: Apache PLC4X +CVE-2021-43082 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') ...) + - trafficserver 9.1.1+ds-1 + [bullseye] - trafficserver (Vulnerable code not present, introduced in 9.x) + [buster] - trafficserver (Vulnerable code not present, introduced in 9.x) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8475 + NOTE: https://github.com/apache/trafficserver/commit/02b17dbe3cff71ffd31577d872e077531124d207 (master) + NOTE: CVE description is wrong, this doesn't affect 8.1, only 9.x/master: + NOTE: Introduced with https://github.com/apache/trafficserver/commit/5e2385b666b4176be0f64fbadfbfae42094db396 (9.1.0-rc0) +CVE-2021-3915 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) + NOT-FOR-US: bookstack +CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) + NOT-FOR-US: WordPress plugin +CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43081 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2021-43080 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2021-43079 + RESERVED +CVE-2021-43078 + RESERVED +CVE-2021-43077 (A improper neutralization of special elements used in an sql command ( ...) + NOT-FOR-US: FortiGuard +CVE-2021-43076 (An improper privilege management vulnerability [CWE-269] in FortiADC v ...) + NOT-FOR-US: FortiGuard +CVE-2021-43075 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-43074 (An improper verification of cryptographic signature vulnerability [CWE ...) + NOT-FOR-US: Fortinet +CVE-2021-43073 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-43072 (A buffer copy without checking size of input ('classic buffer overflow ...) + NOT-FOR-US: Fortinet +CVE-2021-43071 (A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6. ...) + NOT-FOR-US: FortiGuard +CVE-2021-43070 (Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM ...) + NOT-FOR-US: FortiGuard +CVE-2021-43069 + RESERVED +CVE-2021-43068 (A improper authentication in Fortinet FortiAuthenticator version 6.4.0 ...) + NOT-FOR-US: FortiGuard +CVE-2021-43067 (A exposure of sensitive information to an unauthorized actor in Fortin ...) + NOT-FOR-US: FortiGuard +CVE-2021-43066 (A external control of file name or path in Fortinet FortiClientWindows ...) + NOT-FOR-US: FortiGuard FortiClient +CVE-2021-43065 (A incorrect permission assignment for critical resource in Fortinet Fo ...) + NOT-FOR-US: FortiGuard +CVE-2021-43064 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-43063 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-43062 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2022-20621 (Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencr ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20620 (Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20619 (A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20618 (A missing permission check in Jenkins Bitbucket Branch Source Plugin 7 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20617 (Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the n ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20616 (Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20615 (Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML me ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20614 (A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4 ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20613 (A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Pl ...) + NOT-FOR-US: Jenkins plugin +CVE-2022-20612 (A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and ...) + - jenkins +CVE-2021-43061 + RESERVED +CVE-2021-43060 + RESERVED +CVE-2021-43059 + RESERVED +CVE-2021-43058 (An open redirect vulnerability exists in Replicated Classic versions p ...) + NOT-FOR-US: Replicated +CVE-2021-3914 (It was found that the smallrye health metrics UI component did not pro ...) + NOT-FOR-US: SmallRye Health +CVE-2021-43057 (An issue was discovered in the Linux kernel before 5.14.8. A use-after ...) + - linux 5.14.9-1 + [bullseye] - linux (Vulnerable code introduced later) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/a3727a8bac0a9e77c70820655fd8715523ba3db7 (5.15-rc3) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2229 +CVE-2021-43055 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43054 (The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43053 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43052 (The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Commun ...) + NOT-FOR-US: TIBCO +CVE-2021-43051 (The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire ...) + NOT-FOR-US: Spotfire Server component of TIBCO +CVE-2021-43050 (The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConne ...) + NOT-FOR-US: TIBCO +CVE-2021-43049 (The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect ...) + NOT-FOR-US: TIBCO +CVE-2021-43048 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43047 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43046 (The Interior Server and Gateway Server components of TIBCO Software In ...) + NOT-FOR-US: TIBCO +CVE-2021-43056 (An issue was discovered in the Linux kernel for powerpc before 5.14.15 ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337 (5.15-rc6) +CVE-2021-43045 (A vulnerability in the .NET SDK of Apache Avro allows an attacker to a ...) + NOT-FOR-US: Apache Avro +CVE-2021-3913 + REJECTED +CVE-2021-43044 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43043 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43042 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43041 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43040 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43039 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43038 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43037 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43036 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43035 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43034 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-43033 (An issue was discovered in Kaseya Unitrends Backup Appliance before 10 ...) + NOT-FOR-US: Kaseya +CVE-2021-3912 (OctoRPKI tries to load the entire contents of a repository in memory, ...) + {DSA-5041-1} + - routinator (bug #929024) + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g9wh-3vrx-r7hg +CVE-2021-3911 (If the ROA that a repository returns contains too many bits for the IP ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-w6ww-fmfx-2x22 +CVE-2021-3910 (OctoRPKI crashes when encountering a repository that returns an invali ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-5mxh-2qfv-4g7j +CVE-2021-3909 (OctoRPKI does not limit the length of a connection, allowing for a slo ...) + {DSA-5041-1 DSA-5033-1} + - routinator (bug #929024) + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + - rpki-client 7.5-1 + [bullseye] - rpki-client (Fixed versions need more recent libretls) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-8cvr-4rrf-f244 +CVE-2021-3908 (OctoRPKI does not limit the depth of a certificate chain, allowing for ...) + {DSA-5041-1} + - cfrpki 1.4.0-1 + - routinator (bug #929024) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq +CVE-2021-3907 (OctoRPKI does not escape a URI with a filename containing "..", this a ...) + {DSA-5041-1 DSA-5033-1} + - cfrpki 1.4.0-1 + - fort-validator 1.5.3-1 + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-cqh2-vc2f-q4fh +CVE-2021-3906 (bookstack is vulnerable to Unrestricted Upload of File with Dangerous ...) + NOT-FOR-US: bookstack +CVE-2018-25020 (The BPF subsystem in the Linux kernel before 4.17 mishandles situation ...) + - linux 4.17.3-1 + NOTE: https://git.kernel.org/linus/050fad7c4534c13c8eb1d9c2ba66012e014773cb (4.17-rc7) +CVE-2018-25019 (The LearnDash LMS WordPress plugin before 2.5.4 does not have any auth ...) + NOT-FOR-US: WordPress plugin +CVE-2015-20067 (The WP Attachment Export WordPress plugin before 0.2.4 does not have p ...) + NOT-FOR-US: WordPress plugin +CVE-2015-20019 (The Content text slider on post WordPress plugin before 6.9 does not s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43032 (In XenForo through 2.2.7, a threat actor with access to the admin pane ...) + NOT-FOR-US: XenForo +CVE-2021-43031 + RESERVED +CVE-2021-43030 (Adobe Premiere Rush versions 1.5.16 (and earlier) allows access to an ...) + NOT-FOR-US: Adobe +CVE-2021-43029 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43028 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43027 (Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlie ...) + NOT-FOR-US: Adobe +CVE-2021-43026 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43025 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43024 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43023 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43022 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43021 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-43020 + RESERVED +CVE-2021-43019 (Adobe Creative Cloud version 5.5 (and earlier) are affected by a privi ...) + NOT-FOR-US: Adobe +CVE-2021-43018 (Adobe Photoshop versions 23.0.2 and 22.5.4 (and earlier) are affected ...) + NOT-FOR-US: Adobe +CVE-2021-43017 (Adobe Creative Cloud version 5.5 (and earlier) are affected by an Appl ...) + NOT-FOR-US: Adobe +CVE-2021-43016 (Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-43015 (Adobe InCopy version 16.4 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-43014 + RESERVED +CVE-2021-43013 (Adobe Media Encoder version 15.4.1 (and earlier) are affected by a mem ...) + NOT-FOR-US: Adobe +CVE-2021-43012 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-43011 (Adobe Prelude version 10.1 (and earlier) are affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-3905 (A memory leak was found in Open vSwitch (OVS) during userspace IP frag ...) + - openvswitch (Vulnerable code introduced later) + NOTE: https://github.com/openvswitch/ovs-issues/issues/226 + NOTE: Introduced by: https://github.com/openvswitch/ovs/commit/640d4db788eda96bb904abcfc7de2327107bafe1 (v2.16.0) + NOTE: Fixed by: https://github.com/openvswitch/ovs/commit/803ed12e31b0377c37d7aa8c94b3b92f2081e349 +CVE-2021-3904 (grav is vulnerable to Improper Neutralization of Input During Web Page ...) + NOT-FOR-US: Grav CMS +CVE-2021-3903 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3053-1} + - vim 2:8.2.3565-1 (unimportant) + NOTE: https://huntr.dev/bounties/35738a4f-55ce-446c-b836-2fb0b39625f8 + NOTE: https://github.com/vim/vim/commit/777e7c21b7627be80961848ac560cb0a9978ff43 + NOTE: PoC crashes starting with https://github.com/vim/vim/commit/8a7d6542b33e5d2b352262305c3bfdb2d14e1cf8 (v8.2.0149) + NOTE: Crash in CLI tool, no security impact +CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...) + NOT-FOR-US: WordPress plugin +CVE-2021-43010 (In Safedog Apache v4.0.30255, attackers can bypass this product for SQ ...) + NOT-FOR-US: Safedog +CVE-2021-43009 (A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon ...) + NOT-FOR-US: OpServices OpMon +CVE-2021-43008 (Improper Access Control in Adminer versions 1.12.0 to 4.6.2 (fixed in ...) + {DLA-3002-1} + - adminer 4.6.3-1 + NOTE: https://github.com/vrana/adminer/releases/tag/v4.6.3 + NOTE: https://podalirius.net/en/cves/2021-43008/ + NOTE: https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability +CVE-2021-43007 + RESERVED +CVE-2021-43006 (AmZetta Amzetta zPortal DVM Tools is affected by Integer Overflow. IOC ...) + NOT-FOR-US: AmZetta Amzetta zPortal DVM Tools +CVE-2021-43005 + RESERVED +CVE-2021-43004 + RESERVED +CVE-2021-43003 (Amzetta zPortal Windows zClient is affected by Integer Overflow. IOCTL ...) + NOT-FOR-US: Amzetta +CVE-2021-43002 (Amzetta zPortal DVM Tools is affected by Buffer Overflow. IOCTL Handle ...) + NOT-FOR-US: Amzetta +CVE-2021-43001 + RESERVED +CVE-2021-43000 (Amzetta zPortal Windows zClient is affected by Buffer Overflow. IOCTL ...) + NOT-FOR-US: Amzetta +CVE-2021-42999 + RESERVED +CVE-2021-42998 + RESERVED +CVE-2021-42997 + RESERVED +CVE-2021-42996 (Donglify is affected by Integer Overflow. IOCTL Handler 0x22001B in th ...) + NOT-FOR-US: Donglify +CVE-2021-42995 + RESERVED +CVE-2021-42994 (Donglify is affected by Buffer Overflow. IOCTL Handler 0x22001B in the ...) + NOT-FOR-US: Donglify +CVE-2021-42993 (FlexiHub For Windows is affected by Integer Overflow. IOCTL Handler 0x ...) + NOT-FOR-US: FlexiHub For Windows +CVE-2021-42992 + RESERVED +CVE-2021-42991 + RESERVED +CVE-2021-42990 (FlexiHub For Windows is affected by Buffer Overflow. IOCTL Handler 0x2 ...) + NOT-FOR-US: FlexiHub For Windows +CVE-2021-42989 + RESERVED +CVE-2021-42988 (Eltima USB Network Gate is affected by Buffer Overflow. IOCTL Handler ...) + NOT-FOR-US: Eltima USB Network Gate +CVE-2021-42987 (Eltima USB Network Gate is affected by Integer Overflow. IOCTL Handler ...) + NOT-FOR-US: Eltima USB Network Gate +CVE-2021-42986 (NoMachine Enterprise Client is affected by Integer Overflow. IOCTL Han ...) + NOT-FOR-US: NoMachine +CVE-2021-42985 + RESERVED +CVE-2021-42984 + RESERVED +CVE-2021-42983 (NoMachine Enterprise Client is affected by Buffer Overflow. IOCTL Hand ...) + NOT-FOR-US: NoMachine +CVE-2021-42982 + RESERVED +CVE-2021-42981 + RESERVED +CVE-2021-42980 (NoMachine Cloud Server is affected by Buffer Overflow. IOCTL Handler 0 ...) + NOT-FOR-US: NoMachine +CVE-2021-42979 (NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler ...) + NOT-FOR-US: NoMachine +CVE-2021-42978 + RESERVED +CVE-2021-42977 (NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Ha ...) + NOT-FOR-US: NoMachine +CVE-2021-42976 (NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Han ...) + NOT-FOR-US: NoMachine +CVE-2021-42975 + RESERVED +CVE-2021-42974 + RESERVED +CVE-2021-42973 (NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x2200 ...) + NOT-FOR-US: NoMachine +CVE-2021-42972 (NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001 ...) + NOT-FOR-US: NoMachine +CVE-2021-42971 + RESERVED +CVE-2021-42970 (Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the ...) + NOT-FOR-US: cxuucms +CVE-2021-42969 (Certain Anaconda3 2021.05 are affected by OS command injection. When a ...) + NOT-FOR-US: Anaconda Python +CVE-2021-42968 + RESERVED +CVE-2021-42967 (Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/com ...) + NOT-FOR-US: Novel-plus +CVE-2021-42966 + REJECTED +CVE-2021-42965 + RESERVED +CVE-2021-42964 + RESERVED +CVE-2021-42963 + RESERVED +CVE-2021-42962 + RESERVED +CVE-2021-42961 + RESERVED +CVE-2021-42960 + RESERVED +CVE-2021-42959 + RESERVED +CVE-2021-42958 + RESERVED +CVE-2021-42957 + RESERVED +CVE-2021-42956 (Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.21 ...) + NOT-FOR-US: Zoho +CVE-2021-42955 (Zoho Remote Access Plus Server Windows Desktop binary fixed in version ...) + NOT-FOR-US: Zoho +CVE-2021-42954 (Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1. ...) + NOT-FOR-US: Zoho +CVE-2021-42953 + RESERVED +CVE-2021-42952 (Zepl Notebooks before 2021-10-25 are affected by a sandbox escape vuln ...) + NOT-FOR-US: Zepl Notebooks +CVE-2021-42951 (A Remote Code Execution (RCE) vulnerability exists in Algorithmia MSOL ...) + NOT-FOR-US: Algorithmia MSOL +CVE-2021-42950 (Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all ...) + NOT-FOR-US: Zepl +CVE-2021-42949 (The component controlla_login function in HotelDruid Hotel Management ...) + - hoteldruid 3.0.4-1 + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) +CVE-2021-42948 (HotelDruid Hotel Management Software v3.0.3 and below was discovered t ...) + - hoteldruid 3.0.4-1 + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) +CVE-2021-42947 + RESERVED +CVE-2021-42946 (A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via t ...) + NOT-FOR-US: htmly +CVE-2021-42945 (A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclass ...) + NOT-FOR-US: ZZCMS +CVE-2021-42944 + RESERVED +CVE-2021-42943 (Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan ...) + - ipplan +CVE-2021-42942 + RESERVED +CVE-2021-42941 + RESERVED +CVE-2021-42940 (A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 v ...) + NOT-FOR-US: Projeqtor +CVE-2021-42939 + RESERVED +CVE-2021-42938 + RESERVED +CVE-2021-42937 + RESERVED +CVE-2021-42936 + RESERVED +CVE-2021-42935 + RESERVED +CVE-2021-42934 + RESERVED +CVE-2021-42933 + RESERVED +CVE-2021-42932 + RESERVED +CVE-2021-42931 + RESERVED +CVE-2021-42930 + RESERVED +CVE-2021-42929 + RESERVED +CVE-2021-42928 + RESERVED +CVE-2021-42927 + RESERVED +CVE-2021-42926 + RESERVED +CVE-2021-42925 + RESERVED +CVE-2021-42924 + RESERVED +CVE-2021-42923 (ShowMyPC 3606 on Windows suffers from a DLL hijack vulnerability. If a ...) + NOT-FOR-US: ShowMyPC 3606 on Windows +CVE-2021-42922 + RESERVED +CVE-2021-42921 + RESERVED +CVE-2021-42920 + RESERVED +CVE-2021-42919 + RESERVED +CVE-2021-42918 + RESERVED +CVE-2021-42917 (Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attacker ...) + - kodi 2:19.3+dfsg1-1 (bug #998419) + [bullseye] - kodi 2:19.1+dfsg2-2+deb11u1 + [buster] - kodi (Minor issue) + [stretch] - kodi (no point in fixing this when the more severe CVE-2017-5982 is ignored) + - xbmc + NOTE: https://github.com/xbmc/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237 + NOTE: https://github.com/xbmc/xbmc/issues/20305 + NOTE: https://github.com/xbmc/xbmc/pull/20306 +CVE-2021-42916 + RESERVED +CVE-2021-42915 + RESERVED +CVE-2021-42914 + RESERVED +CVE-2021-42913 (The SyncThru Web Service on Samsung SCX-6x55X printers allows an attac ...) + NOT-FOR-US: SyncThru Web Service on Samsung SCX-6x55X printers +CVE-2021-42912 (FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command inj ...) + NOT-FOR-US: FiberHome ONU GPON AN5506-04-F RP2617 +CVE-2021-42911 (A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, ...) + NOT-FOR-US: DrayTek Vigor2960 devices +CVE-2021-42910 + RESERVED +CVE-2021-42909 + RESERVED +CVE-2021-42908 + RESERVED +CVE-2021-42907 + RESERVED +CVE-2021-42906 + RESERVED +CVE-2021-42905 + RESERVED +CVE-2021-42904 + RESERVED +CVE-2021-42903 + RESERVED +CVE-2021-42902 + RESERVED +CVE-2021-42901 + RESERVED +CVE-2021-42900 + RESERVED +CVE-2021-42899 + RESERVED +CVE-2021-42898 + RESERVED +CVE-2021-42897 (A remote command execution (RCE) vulnerability was found in FeMiner wm ...) + NOT-FOR-US: FeMiner/wms +CVE-2021-42896 + RESERVED +CVE-2021-42895 + RESERVED +CVE-2021-42894 + RESERVED +CVE-2021-42893 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42892 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet withou ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42891 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42890 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42889 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive in ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42888 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42887 (In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sen ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42886 (TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vuln ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42885 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42884 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42883 + RESERVED +CVE-2021-42882 + RESERVED +CVE-2021-42881 + RESERVED +CVE-2021-42880 + RESERVED +CVE-2021-42879 + RESERVED +CVE-2021-42878 + RESERVED +CVE-2021-42877 (TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerabil ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42876 + RESERVED +CVE-2021-42875 (TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vul ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42874 + RESERVED +CVE-2021-42873 + RESERVED +CVE-2021-42872 (TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vuln ...) + NOT-FOR-US: TOTOLINK +CVE-2021-42871 + RESERVED +CVE-2021-42870 (ACCEL-PPP 1.12.0 has an out-of-bounds read in post_msg when processing ...) + NOT-FOR-US: accel-ppp +CVE-2021-42869 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) + NOT-FOR-US: Chikista Patient Management Software +CVE-2021-42868 (A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient ...) + NOT-FOR-US: Chikista Patient Management Software +CVE-2021-42867 (A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8 ...) + NOT-FOR-US: htmly +CVE-2021-42866 (A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the S ...) + NOT-FOR-US: Pixelimity +CVE-2021-42865 + RESERVED +CVE-2021-42864 + RESERVED +CVE-2021-42863 (A buffer overflow in ecma_builtin_typedarray_prototype_filter() in Jer ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Vulnerable code introduced later) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4793 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4794 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/4e8d6344a8b5cf8f00bd3d5e869147af06d0189e +CVE-2021-42862 + RESERVED +CVE-2021-42861 + RESERVED +CVE-2021-42860 (A stack buffer overflow exists in Mini-XML v3.2. When inputting an unf ...) + NOTE: Disputed mxml issue +CVE-2021-42859 (A memory leak issue was discovered in Mini-XML v3.2 that could cause a ...) + NOTE: Disputed mxml issue +CVE-2021-42858 + RESERVED +CVE-2021-42857 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet +CVE-2021-42856 (It was discovered that the /DsaDataTest endpoint is susceptible to Cro ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-42855 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-42854 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-42853 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-3902 [Improper Restriction of XML External Entity Reference for included svg files] + RESERVED + - php-dompdf 2.0.2+dfsg-1 + [bullseye] - php-dompdf (current code reject svg image. Double checked by testing) + [buster] - php-dompdf (current code reject svg image. Double checked by testing) + NOTE: https://github.com/dompdf/dompdf/issues/2564 + NOTE: https://huntr.dev/bounties/a6071c07-806f-429a-8656-a4742e4191b1 + NOTE: https://github.com/dompdf/dompdf/commit/f56bc8e40be6c0ae0825e6c7396f4db80620b799 (v2.0.0) +CVE-2021-3901 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-3900 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-42852 (A command injection vulnerability was reported in some Lenovo Personal ...) + NOT-FOR-US: Lenovo +CVE-2021-42851 (A vulnerability was reported in some Lenovo Personal Cloud Storage dev ...) + NOT-FOR-US: Lenovo +CVE-2021-42850 (A weak default administrator password for the web interface and serial ...) + NOT-FOR-US: Lenovo +CVE-2021-42849 (A weak default password for the serial port was reported in some Lenov ...) + NOT-FOR-US: Lenovo +CVE-2021-42848 (An information disclosure vulnerability was reported in some Lenovo Pe ...) + NOT-FOR-US: Lenovo +CVE-2021-3899 + RESERVED +CVE-2021-3898 (Versions of Motorola Ready For and Motorola Device Help Android applic ...) + NOT-FOR-US: Lenovo +CVE-2021-3897 (An authentication bypass vulnerability was discovered in an internal s ...) + NOT-FOR-US: Lenovo +CVE-2021-42847 (Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write t ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42846 + RESERVED +CVE-2021-42845 + RESERVED +CVE-2021-42844 + RESERVED +CVE-2021-42843 + RESERVED +CVE-2021-42842 + RESERVED +CVE-2021-42841 (Insta HMS before 12.4.10 is vulnerable to XSS because of improper vali ...) + NOT-FOR-US: Insta HMS +CVE-2021-42840 (SuiteCRM before 7.11.19 allows remote code execution via the system se ...) + NOT-FOR-US: SuiteCRM +CVE-2021-42839 (Grand Vice info Co. webopac7 file upload function fails to filter spec ...) + NOT-FOR-US: Grand Vice info Co. webopac7 file upload function +CVE-2021-42838 (Grand Vice info Co. webopac7 book search field parameter does not prop ...) + NOT-FOR-US: Grand Vice info Co. webopac7 book search field parameter +CVE-2021-42837 (An issue was discovered in Talend Data Catalog before 7.3-20210930. Af ...) + NOT-FOR-US: Talend Data Catalog +CVE-2021-42836 (GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...) + [experimental] - golang-github-tidwall-gjson 1.14.4-1 + - golang-github-tidwall-gjson (bug #1000225) + [bookworm] - golang-github-tidwall-gjson (Minor issue) + [bullseye] - golang-github-tidwall-gjson (Minor issue) + [buster] - golang-github-tidwall-gjson (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944 + NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96 + NOTE: https://github.com/tidwall/gjson/issues/236 + NOTE: https://github.com/tidwall/gjson/issues/237 +CVE-2021-42835 (An issue was discovered in Plex Media Server through 1.24.4.5081-e362d ...) + NOT-FOR-US: Plex Media Server +CVE-2021-42834 + RESERVED +CVE-2021-42833 (A Use of Hardcoded Credentials vulnerability exists in AquaView versio ...) + NOT-FOR-US: AquaView +CVE-2021-42832 + RESERVED +CVE-2021-42831 + RESERVED +CVE-2021-42830 + RESERVED +CVE-2021-42829 + RESERVED +CVE-2021-42828 + RESERVED +CVE-2021-42827 + RESERVED +CVE-2021-42826 + RESERVED +CVE-2021-42825 + RESERVED +CVE-2021-42824 + RESERVED +CVE-2021-42823 + RESERVED +CVE-2021-42822 + RESERVED +CVE-2021-42821 + RESERVED +CVE-2021-42820 + RESERVED +CVE-2021-42819 + RESERVED +CVE-2021-42818 + RESERVED +CVE-2021-42817 + RESERVED +CVE-2021-42816 + RESERVED +CVE-2021-42815 + RESERVED +CVE-2021-42814 + RESERVED +CVE-2021-42813 + RESERVED +CVE-2021-3896 + REJECTED +CVE-2021-42812 + RESERVED +CVE-2021-42811 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: SafeNet KeySecure +CVE-2021-42810 (A flaw in the previous versions of the product may allow an authentica ...) + NOT-FOR-US: Thales SafeNet Agent +CVE-2021-42809 (Improper Access Control of Dynamically-Managed Code Resources (DLL) in ...) + NOT-FOR-US: ThalesThales Sentinel Protection Installer +CVE-2021-42808 (Improper Access Control in Thales Sentinel Protection Installer could ...) + NOT-FOR-US: Thales Sentinel Protection Installer +CVE-2021-42807 + RESERVED +CVE-2021-42806 + RESERVED +CVE-2021-42805 + RESERVED +CVE-2021-42804 + RESERVED +CVE-2021-42803 + RESERVED +CVE-2021-42802 + RESERVED +CVE-2021-42801 + RESERVED +CVE-2021-42800 + RESERVED +CVE-2021-42799 + RESERVED +CVE-2021-42798 + RESERVED +CVE-2021-42797 (Path traversal vulnerability in AVEVA Edge (formerly InduSoft Web Stud ...) + NOT-FOR-US: AVEVA +CVE-2021-42796 (An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly In ...) + NOT-FOR-US: AVEVA +CVE-2021-42795 + RESERVED +CVE-2021-42794 (An issue was discovered in AVEVA Edge (formerly InduSoft Web Studio) v ...) + NOT-FOR-US: AVEVA +CVE-2021-42793 + REJECTED +CVE-2021-42792 + REJECTED +CVE-2021-42791 (An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP req ...) + NOT-FOR-US: VeridiumID +CVE-2021-42790 + RESERVED +CVE-2021-42789 + RESERVED +CVE-2021-42788 + RESERVED +CVE-2021-42787 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-42786 (It was discovered that the SteelCentral AppInternals Dynamic Sampling ...) + NOT-FOR-US: SteelCentral AppInternals Dynamic Sampling Agent (DSA) +CVE-2021-42785 (Buffer Overflow vulnerability in tvnviewer.exe of TightVNC Viewer allo ...) + NOT-FOR-US: TightVNC Viewer +CVE-2021-42784 (OS Command Injection vulnerability in debug_fcgi of D-Link DWR-932C E1 ...) + NOT-FOR-US: D-Link +CVE-2021-42783 (Missing Authentication for Critical Function vulnerability in debug_po ...) + NOT-FOR-US: D-Link +CVE-2021-42782 (Stack buffer overflow issues were found in Opensc before version 0.22. ...) + {DLA-3463-1} + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [stretch] - opensc (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016448 + NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/456ac566938a1da774db06126a2fa6c0cba514b3 (0.22.0) +CVE-2021-42781 (Heap buffer overflow issues were found in Opensc before version 0.22.0 ...) + {DLA-3463-1} + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [stretch] - opensc (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016439 + NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/5d4daf6c92e4668f5458f380f3cacea3e879d91a (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/cae5c71f90cc5b364efe14040923fd5aa3b5dd90 (0.22.0-rc1) +CVE-2021-42780 (A use after return issue was found in Opensc before version 0.22.0 in ...) + {DLA-3463-1} + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [stretch] - opensc (Minor issue) + NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016139 +CVE-2021-42779 (A heap use after free issue was found in Opensc before version 0.22.0 ...) + {DLA-3463-1} + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [stretch] - opensc (Minor issue) + NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016086 +CVE-2021-42778 (A heap double free issue was found in Opensc before version 0.22.0 in ...) + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Vulnerable code introduced later) + [stretch] - opensc (Vulnerable code introduced later) + NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2016083 +CVE-2021-42777 (Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mo ...) + NOT-FOR-US: Stimulsoft +CVE-2021-42776 (CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE ...) + NOT-FOR-US: CloverDX Server +CVE-2021-42775 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42774 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42773 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42772 (Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.4 ...) + NOT-FOR-US: Broadcom Emulex HBA Manager/One Command Manager +CVE-2021-42771 (Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary ...) + {DSA-5018-1 DLA-2790-1} + - python-babel 2.8.0+dfsg.1-7 (bug #987824) + NOTE: https://www.tenable.com/security/research/tra-2021-14 + NOTE: https://github.com/python-babel/babel/pull/782 +CVE-2021-42770 (A Cross-site scripting (XSS) vulnerability was discovered in OPNsense ...) + NOT-FOR-US: OPNsense +CVE-2021-42769 + RESERVED +CVE-2021-42768 + RESERVED +CVE-2021-42767 (A directory traversal vulnerability in the apoc plugins in Neo4J Graph ...) + NOT-FOR-US: neo4j-apoc-procedures +CVE-2021-42766 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42765 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42764 (The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-1 ...) + NOT-FOR-US: Proof-of-Stake (PoS) Ethereum consensus protocol +CVE-2021-42763 (Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive In ...) + NOT-FOR-US: Couchbase Server +CVE-2021-42762 (BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allow ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=231479 + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q +CVE-2021-42761 (A conditionfor sessionfixation vulnerability [CWE-384] in the session ...) + NOT-FOR-US: Fortinet +CVE-2021-42760 (A improper neutralization of special elements used in an sql command ( ...) + NOT-FOR-US: FortiGuard +CVE-2021-42759 (A violation of secure design principles in Fortinet Meru AP version 8. ...) + NOT-FOR-US: FortiGuard +CVE-2021-42758 (An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 a ...) + NOT-FOR-US: FortiGuard +CVE-2021-42757 (A buffer overflow [CWE-121] in the TFTP client library of FortiOS befo ...) + NOT-FOR-US: FortiGuard +CVE-2021-42756 (Multiple stack-based buffer overflow vulnerabilities[CWE-121] in the p ...) + NOT-FOR-US: Fortinet +CVE-2021-42755 (An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitc ...) + NOT-FOR-US: Fortinet +CVE-2021-42754 (An improper control of generation of code vulnerability [CWE-94] in Fo ...) + NOT-FOR-US: Fortiguard +CVE-2021-42753 (An improper limitation of a pathname to a restricted directory ('Path ...) + NOT-FOR-US: FortiGuard +CVE-2021-42752 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-42751 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) + NOT-FOR-US: ThingsBoard +CVE-2021-42750 (A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoa ...) + NOT-FOR-US: ThingsBoard +CVE-2021-42749 (In Beaver Themer, attackers can bypass conditional logic controls (for ...) + NOT-FOR-US: Beaver +CVE-2021-42748 (In Beaver Builder through 2.5.0.3, attackers can bypass the visibility ...) + NOT-FOR-US: Beaver +CVE-2021-42747 + RESERVED +CVE-2021-42745 + RESERVED +CVE-2021-3895 + RESERVED +CVE-2021-23192 (A flaw was found in the way samba implemented DCE/RPC. If a client to ...) + {DSA-5003-1} + - samba 2:4.13.14+dfsg-1 + [buster] - samba (Vulnerable code introduced later) + [stretch] - samba (Vulnerable code introduced later) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14875 + NOTE: https://www.samba.org/samba/security/CVE-2021-23192.html +CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...) + NOT-FOR-US: Swift File Transfer Mobile +CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...) + NOT-FOR-US: SugarCRM +CVE-2020-36500 + RESERVED +CVE-2020-36499 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) + NOT-FOR-US: TAO Open Source Assessment Platform +CVE-2020-36498 (Macrob7 Macs Framework Content Management System - 1.14f contains a cr ...) + NOT-FOR-US: Macrob7 Macs Framework Content Management System +CVE-2020-36497 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36496 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36495 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36494 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36493 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36492 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36491 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) + NOT-FOR-US: DedeCMS +CVE-2021-XXXX [RUSTSEC-2020-0159: Potential segfault in localtime_r invocations] + - rust-chrono 0.4.22-1 (bug #996913) + [bullseye] - rust-chrono (Minor issue) + [buster] - rust-chrono (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0159.html + NOTE: https://github.com/chronotope/chrono/issues/499 +CVE-2021-42742 + RESERVED +CVE-2021-42741 + RESERVED +CVE-2021-42740 (The shell-quote package before 1.7.3 for Node.js allows command inject ...) + - node-shell-quote 1.7.3+~1.7.1-1 (bug #998418) + NOTE: https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe (1.7.3) +CVE-2021-42739 (A heap-based buffer overflow flaw was found in the Linux kernel FireDT ...) + {DSA-5096-1 DLA-2941-1 DLA-2843-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://seclists.org/oss-sec/2021/q2/46 + NOTE: https://lore.kernel.org/linux-media/YHaulytonFcW+lyZ@mwanda/ +CVE-2021-42738 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-42737 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-42736 + RESERVED +CVE-2021-42735 (Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-42734 (Adobe Photoshop version 22.5.1 and earlierversionsare affected by an o ...) + NOT-FOR-US: Adobe +CVE-2021-42733 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...) + NOT-FOR-US: Adobe +CVE-2021-42732 (Access of Memory Location After End of Buffer (CWE-788)) + NOT-FOR-US: Adobe +CVE-2021-42731 (Adobe InDesign versions 16.4 (and earlier) are affected by a Buffer Ov ...) + NOT-FOR-US: Adobe +CVE-2021-42730 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-42729 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-42728 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...) + NOT-FOR-US: Adobe +CVE-2021-42727 (Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vuln ...) + NOT-FOR-US: Adobe +CVE-2021-42726 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-42725 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-42724 (Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-42723 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-42722 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-42721 (Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after ...) + NOT-FOR-US: Adobe +CVE-2021-42720 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-42719 (Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-42718 + RESERVED +CVE-2021-3894 + REJECTED +CVE-2021-42717 (ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objec ...) + {DSA-5023-1 DLA-3031-1} + - modsecurity 3.0.6-1 + [bullseye] - modsecurity (Minor issue; does not have connector packages in Debian) + [buster] - modsecurity (Minor issue; does not have connector packages in Debian) + - modsecurity-apache 2.9.5-1 + NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2647 + NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-dos-vulnerability-in-json-parsing-cve-2021-42717/ + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/41918335fa4c74fba46a986771a5a6cb457070c4 (v2.9.5) + NOTE: Fixed by: https://github.com/SpiderLabs/ModSecurity/commit/ac79c1c29b7e6323e26cc984ad4f76ef62c731cd (v3.0.6) +CVE-2021-42716 (An issue was discovered in stb stb_image.h 2.27. The PNM loader incorr ...) + - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014532) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Vulnerable code introduced later) + [buster] - libstb (Vulnerable code introduced later) + NOTE: https://github.com/nothings/stb/issues/1166 + NOTE: https://github.com/nothings/stb/issues/1225 + NOTE: https://github.com/nothings/stb/pull/1223 + NOTE: 16-bin PNM support was added in + NOTE: https://github.com/nothings/stb/commit/8befa752b005da174b2429c1ffaafffe452b2997 +CVE-2021-42715 (An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR ...) + {DLA-3305-1} + - libstb 0.0~git20230129.5736b15+ds-1 (bug #1014532) + [bookworm] - libstb (Minor issue) + [bullseye] - libstb (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1224 + NOTE: https://github.com/nothings/stb/pull/1223 +CVE-2021-42714 (Splashtop Remote Client (Business Edition) through 3.4.8.3 creates a T ...) + NOT-FOR-US: Splashtop Remote Client +CVE-2021-42713 (Splashtop Remote Client (Personal Edition) through 3.4.6.1 creates a T ...) + NOT-FOR-US: Splashtop Remote Client +CVE-2021-42712 (Splashtop Streamer through 3.4.8.3 creates a Temporary File in a Direc ...) + NOT-FOR-US: Splashtop Streamer +CVE-2021-42711 (Barracuda Network Access Client before 5.2.2 creates a Temporary File ...) + NOT-FOR-US: Barracuda Network Access Client +CVE-2021-42710 + RESERVED +CVE-2021-42709 + RESERVED +CVE-2021-42708 + RESERVED +CVE-2021-42707 (PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds ...) + NOT-FOR-US: PLC Editor +CVE-2021-42706 (This vulnerability could allow an attacker to disclose information and ...) + NOT-FOR-US: Advantech +CVE-2021-42705 (PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buf ...) + NOT-FOR-US: PLC Editor +CVE-2021-42704 (Inkscape version 0.91 is vulnerable to an out-of-bounds write, which m ...) + - inkscape 1.0-1 (unimportant) + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) + NOTE: oob read/crash in GUI tool, no security impact +CVE-2021-42703 (This vulnerability could allow an attacker to send malicious Javascrip ...) + NOT-FOR-US: Advantech +CVE-2021-42702 (Inkscape version 0.91 can access an uninitialized pointer, which may a ...) + - inkscape 1.0-1 (unimportant) + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) + NOTE: oob read/crash in GUI tool, no security impact +CVE-2021-42701 (An attacker could prepare a specially crafted project file that, if op ...) + NOT-FOR-US: AzeoTech +CVE-2021-42700 (Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow ...) + - inkscape 1.0-1 (unimportant) + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1199774#c1 (locating possible patches) + NOTE: oob read/crash in GUI tool, no security impact +CVE-2021-42699 (The affected product is vulnerable to cookie information being transmi ...) + NOT-FOR-US: AzeoTech +CVE-2021-42698 (Project files are stored memory objects in the form of binary serializ ...) + NOT-FOR-US: AzeoTech +CVE-2021-42697 (Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter ...) + NOT-FOR-US: Akka HTTP +CVE-2021-42696 + RESERVED +CVE-2021-42695 + RESERVED +CVE-2021-42694 (An issue was discovered in the character definitions of the Unicode Sp ...) + NOT-FOR-US: Unicode spec +CVE-2021-42693 + RESERVED +CVE-2021-42692 (There is a stack-overflow vulnerability in tinytoml v0.4 that can caus ...) + NOT-FOR-US: mayah/tinytoml +CVE-2021-42691 + RESERVED +CVE-2021-42690 + RESERVED +CVE-2021-42689 + RESERVED +CVE-2021-42688 (An Integer Overflow vulnerability exists in Accops HyWorks Windows Cli ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42687 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42686 (An Integer Overflow exists in Accops HyWorks Windows Client prior to v ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42685 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42684 + RESERVED +CVE-2021-42683 (A Buffer Overflow vulnerability exists in Accops HyWorks Windows Clien ...) + NOT-FOR-US: Accops HyWorks Windows Client +CVE-2021-42682 (An Integer Overflow vulnerability exists in Accops HyWorks DVM Tools p ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42681 (A Buffer Overflow vulnerability exists in Accops HyWorks DVM Tools pri ...) + NOT-FOR-US: Accops HyWorks DVM Tools +CVE-2021-42680 + RESERVED +CVE-2021-42679 + RESERVED +CVE-2021-42678 + RESERVED +CVE-2021-42677 + RESERVED +CVE-2021-42676 + RESERVED +CVE-2021-42675 (Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the ...) + NOT-FOR-US: Kreado Kreasfero +CVE-2021-42674 + RESERVED +CVE-2021-42673 + RESERVED +CVE-2021-42672 + RESERVED +CVE-2021-42671 (An incorrect access control vulnerability exists in Sourcecodester Eng ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42670 (A SQL injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42669 (A file upload vulnerability exists in Sourcecodester Engineers Online ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42668 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42667 (A SQL Injection vulnerability exists in Sourcecodester Online Event Bo ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42666 (A SQL Injection vulnerability exists in Sourcecodester Engineers Onlin ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42665 (An SQL Injection vulnerability exists in Sourcecodester Engineers Onli ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42664 (A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecod ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42663 (An HTML injection vulnerability exists in Sourcecodester Online Event ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42662 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42661 + RESERVED +CVE-2021-42660 + RESERVED +CVE-2021-42659 (There is a buffer overflow vulnerability in the Web server httpd of th ...) + NOT-FOR-US: Tenda +CVE-2021-42658 + RESERVED +CVE-2021-42657 + RESERVED +CVE-2021-42656 (SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vu ...) + NOT-FOR-US: SiteServer CMS +CVE-2021-42655 (SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.) + NOT-FOR-US: SiteServer CMS +CVE-2021-42654 (SiteServer CMS < V5.1 is affected by an unrestricted upload of a file ...) + NOT-FOR-US: SiteServer CMS +CVE-2021-42653 + RESERVED +CVE-2021-42652 + RESERVED +CVE-2021-42651 (A Server Side Template Injection (SSTI) vulnerability in Pentest-Colla ...) + NOT-FOR-US: Pentest-Collaboration-Framework +CVE-2021-42650 (Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9 ...) + NOT-FOR-US: Portainer +CVE-2021-42649 + RESERVED +CVE-2021-42648 (Cross-site scripting (XSS) vulnerability exists in Coder Code-Server b ...) + NOT-FOR-US: code-server +CVE-2021-42647 + RESERVED +CVE-2021-42646 (XML External Entity (XXE) vulnerability in the file based service prov ...) + NOT-FOR-US: carbon-identity-framework +CVE-2021-42645 (CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnera ...) + NOT-FOR-US: CMSimple +CVE-2021-42644 (cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerab ...) + NOT-FOR-US: CmsEasy +CVE-2021-42643 (cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnera ...) + NOT-FOR-US: CmsEasy +CVE-2021-42642 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42641 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42640 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42639 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42638 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitiz ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42637 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use user-contr ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42636 + RESERVED +CVE-2021-42635 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcode ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42634 + RESERVED +CVE-2021-42633 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42632 + RESERVED +CVE-2021-42631 (PrinterLogic Web Stack versions 19.1.1.13 SP9 and below deserializes a ...) + NOT-FOR-US: PrinterLogic Web Stack +CVE-2021-42630 + RESERVED +CVE-2021-42629 + RESERVED +CVE-2021-42628 + RESERVED +CVE-2021-42627 (The WAN configuration page "wan.htm" on D-Link DIR-615 devices with fi ...) + NOT-FOR-US: D-Link +CVE-2021-42626 + RESERVED +CVE-2021-42625 + RESERVED +CVE-2021-42624 (A local buffer overflow vulnerability exists in the latest version of ...) + NOT-FOR-US: Miniftpd +CVE-2021-42623 + RESERVED +CVE-2021-42622 + RESERVED +CVE-2021-42621 + RESERVED +CVE-2021-42620 + RESERVED +CVE-2021-42619 + RESERVED +CVE-2021-42618 + RESERVED +CVE-2021-42617 + RESERVED +CVE-2021-42616 + RESERVED +CVE-2021-42615 + RESERVED +CVE-2021-42614 (A use after free in info_width_internal in bk_info.c in Halibut 1.2 al ...) + - halibut 1.3-1 + [bullseye] - halibut (Minor issue) + [buster] - halibut (Minor issue) + NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-info-uaf + NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) +CVE-2021-42613 (A double free in cleanup_index in index.c in Halibut 1.2 allows an att ...) + - halibut 1.3-1 + [bullseye] - halibut (Minor issue) + [buster] - halibut (Minor issue) + NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-winhelp-df + NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) +CVE-2021-42612 (A use after free in cleanup_index in index.c in Halibut 1.2 allows an ...) + - halibut 1.3-1 + [bullseye] - halibut (Minor issue) + [buster] - halibut (Minor issue) + NOTE: https://carteryagemann.com/halibut-case-study.html#poc-halibut-text-uaf + NOTE: Inventing an errorstate to pass to all err_* functions and use it to track fatal errors: + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=5c3db60a2911efb18bdc823264b74d8045c407b9 (1.3) + NOTE: https://git.tartarus.org/?p=simon/halibut.git;a=commit;h=edaf724febe2f9c890ef1cfdf24a78d5c1da2b32 (1.3) +CVE-2021-42611 + RESERVED +CVE-2021-42610 + RESERVED +CVE-2021-42609 + RESERVED +CVE-2021-42608 + RESERVED +CVE-2021-42607 + RESERVED +CVE-2021-42606 + RESERVED +CVE-2021-42605 + RESERVED +CVE-2021-42604 + RESERVED +CVE-2021-42603 + RESERVED +CVE-2021-42602 + RESERVED +CVE-2021-42601 + RESERVED +CVE-2021-42600 + RESERVED +CVE-2021-42599 + RESERVED +CVE-2021-42598 + RESERVED +CVE-2021-42597 (A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester St ...) + NOT-FOR-US: Sourcecodester Storage Unit Rental Management System +CVE-2021-42596 + RESERVED +CVE-2021-42595 + RESERVED +CVE-2021-42594 + RESERVED +CVE-2021-42593 + RESERVED +CVE-2021-42592 + RESERVED +CVE-2021-42591 + RESERVED +CVE-2021-42590 + RESERVED +CVE-2021-42589 + RESERVED +CVE-2021-42588 + RESERVED +CVE-2021-42587 + RESERVED +CVE-2021-42586 (A heap buffer overflow was discovered in copy_bytes in decode_r2007.c ...) + - libredwg (bug #595191) +CVE-2021-42585 (A heap buffer overflow was discovered in copy_compressed_bytes in deco ...) + - libredwg (bug #595191) +CVE-2021-42584 (A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before ...) + NOT-FOR-US: Convos-Chat +CVE-2021-42583 (A Broken or Risky Cryptographic Algorithm exists in Max Mazurov Maddy ...) + NOT-FOR-US: Max Mazurov Maddy +CVE-2021-42582 + RESERVED +CVE-2021-42581 (Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earl ...) + NOTE: Disputed issue against Node ramda + NOTE: https://github.com/ramda/ramda/pull/3192 + NOTE: https://jsfiddle.net/3pomzw5g/2/ + NOTE: http://link.fourwindssoft.com/52 + NOTE: http://link.fourwindssoft.com/53 +CVE-2021-42580 (Sourcecodester Online Learning System 2.0 is vunlerable to sql injecti ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42579 + RESERVED +CVE-2021-42578 + RESERVED +CVE-2021-42577 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malfo ...) + NOT-FOR-US: Softing OPC UA C++ SDK +CVE-2021-42576 (The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Py ...) + - golang-github-microcosm-cc-bluemonday 1.0.16-1 + [bullseye] - golang-github-microcosm-cc-bluemonday (Minor issue) + NOTE: https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50/ +CVE-2021-42575 (The OWASP Java HTML Sanitizer before 20211018.1 does not properly enfo ...) + NOT-FOR-US: OWASP HTML Sanitizer +CVE-2021-42574 (An issue was discovered in the Bidirectional Algorithm in the Unicode ...) + - rustc 1.57.0+dfsg1-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/01/1 + NOTE: https://github.com/rust-lang/rust/commit/dd61274930ec0cd17711fab52d2bc9ad3e9053de (1.56.1) + NOTE: Negligle security impact +CVE-2021-42573 + RESERVED +CVE-2021-42572 + RESERVED +CVE-2021-42571 + RESERVED +CVE-2021-42570 + RESERVED +CVE-2021-42569 + RESERVED +CVE-2021-42568 (Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers ...) + NOT-FOR-US: Sonatype +CVE-2021-42567 (Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST ...) + NOT-FOR-US: Apereo CAS +CVE-2021-42566 (myfactory.FMS before 7.1-912 allows XSS via the Error parameter.) + NOT-FOR-US: myfactory.FMS +CVE-2021-42565 (myfactory.FMS before 7.1-912 allows XSS via the UID parameter.) + NOT-FOR-US: myfactory.FMS +CVE-2021-42564 (An open redirect through HTML injection in confidential messages in Cr ...) + NOT-FOR-US: Cryptshare Server +CVE-2021-42563 (There is an Unquoted Service Path in NI Service Locator (nisvcloc.exe) ...) + NOT-FOR-US: NI Service Locator +CVE-2021-3893 + REJECTED +CVE-2021-42562 (An issue was discovered in CALDERA 2.8.1. It does not properly segrega ...) + NOT-FOR-US: CALDERA +CVE-2021-42561 (An issue was discovered in CALDERA 2.8.1. When activated, the Human pl ...) + NOT-FOR-US: CALDERA +CVE-2021-42560 (An issue was discovered in CALDERA 2.9.0. The Debrief plugin receives ...) + NOT-FOR-US: CALDERA +CVE-2021-42559 (An issue was discovered in CALDERA 2.8.1. It contains multiple startup ...) + NOT-FOR-US: CALDERA +CVE-2021-42558 (An issue was discovered in CALDERA 2.8.1. It contains multiple reflect ...) + NOT-FOR-US: CALDERA +CVE-2021-42557 (In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API ...) + NOT-FOR-US: Jeedom +CVE-2021-42556 (Rasa X before 0.42.4 allows Directory Traversal during archive extract ...) + NOT-FOR-US: Rasa X +CVE-2021-42555 (Pexip Infinity before 26.2 allows temporary remote Denial of Service ( ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-42554 (An issue was discovered in Insyde InsydeH2O with Kernel 5.0 before 05. ...) + NOT-FOR-US: Insyde +CVE-2021-3892 + REJECTED +CVE-2021-26247 (As an unauthenticated remote user, visit "http:///auth_c ...) + - cacti 0.8.7i-1 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/d94dbd985054ef1ba14278a932c67e3145ebb14b (0.8.7h) + NOTE: Addressed again as a side-note in the same issue and fix for CVE-2021-3816 + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) +CVE-2021-23225 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) + {DLA-2965-1} + - cacti 1.2.1+ds1-1 + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: overlap with CVE-2020-7106 (registered earlier, but issue above is from 2018) which refactors user_admin.php XSS protection + NOTE: input (not output) validation not addressed, malicious username still can be created after fix +CVE-2022-0005 (Sensitive information accessible by physical probing of JTAG interface ...) + NOT-FOR-US: Intel +CVE-2022-0004 (Hardware debug modes and processor INIT setting that allow override of ...) + NOT-FOR-US: Intel +CVE-2022-0003 + RESERVED +CVE-2022-0002 (Non-transparent sharing of branch predictor within a context in some I ...) + {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.12-1 + NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html + NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html +CVE-2022-0001 (Non-transparent sharing of branch predictor selectors between contexts ...) + {DSA-5096-1 DSA-5095-1 DLA-2941-1 DLA-2940-1} + - linux 5.16.12-1 + NOTE: https://www.vusec.net/projects/bhi-spectre-bhb/ + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00598.html + NOTE: https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/technical-documentation/branch-history-injection.html +CVE-2021-42553 (A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectro ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-42552 (Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient al ...) + NOT-FOR-US: ArchivistaBox +CVE-2021-42551 (Cross-site Scripting (XSS) vulnerability in the search functionality o ...) + NOT-FOR-US: AlCoda NetBiblio WebOPAC +CVE-2021-42549 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42548 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42547 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42546 (Insufficient Input Validation in the search functionality of Wordpress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42545 (An insufficient session expiration vulnerability exists in Business-DN ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42544 (Missing Rate Limiting in Web Applications operating on Business-DNA So ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42543 (The affected application uses specific functions that could be abused ...) + NOT-FOR-US: AzeoTech +CVE-2021-42542 (The affected product is vulnerable to directory traversal due to misha ...) + NOT-FOR-US: Emerson +CVE-2021-42541 + RESERVED +CVE-2021-42540 (The affected product is vulnerable to a unsanitized extract folder for ...) + NOT-FOR-US: Emerson +CVE-2021-42539 (The affected product is vulnerable to a missing permission validation ...) + NOT-FOR-US: Emerson +CVE-2021-42538 (The affected product is vulnerable to a parameter injection via passph ...) + NOT-FOR-US: Emerson +CVE-2021-42537 (VISAM VBASE version 11.6.0.6 processes an XML document that can contai ...) + NOT-FOR-US: VISAM +CVE-2021-42536 (The affected product is vulnerable to a disclosure of peer username an ...) + NOT-FOR-US: Emerson +CVE-2021-42535 (VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutra ...) + NOT-FOR-US: VISAM +CVE-2021-42534 (The affected product\u2019s web application does not properly neutrali ...) + NOT-FOR-US: Trane +CVE-2021-42533 (Adobe Bridge version 11.1.1 (and earlier) is affected by a double free ...) + NOT-FOR-US: Adobe +CVE-2021-42532 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-42531 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 +CVE-2021-42530 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 +CVE-2021-42529 (XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-b ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://github.com/adobe/XMP-Toolkit-SDK/compare/v2021.07...v2021.08 +CVE-2021-42528 (XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer derefe ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html + NOTE: https://github.com/adobe/XMP-Toolkit-SDK/commit/16e53564ae6c2689387479c04770f492075d5b7b (v2021.08) + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=adobe-sdk&id=16e53564ae6c2689387479c04770f492075d5b7b (2.6.0) +CVE-2021-42527 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-42526 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-42525 (Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of- ...) + NOT-FOR-US: Adobe +CVE-2021-42524 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-3891 + RESERVED +CVE-2021-3890 + RESERVED +CVE-2021-3889 (libmobi is vulnerable to Use of Out-of-range Pointer Offset) + - libmobi (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) +CVE-2021-3888 (libmobi is vulnerable to Use of Out-of-range Pointer Offset) + - libmobi (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/722b3acb-792b-4429-a98d-bb80efb8938d/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/c78e186739b50d156cb3da5d08d70294f0490853 (v0.8) +CVE-2021-3887 + REJECTED +CVE-2022-20611 (In deletePackageVersionedInternal of DeletePackageHelper.java, there i ...) + NOT-FOR-US: Android +CVE-2022-20610 (In cellular modem firmware, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2022-20609 (In Pixel cellular firmware, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2022-20608 (In Pixel cellular firmware, there is a possible out of bounds read due ...) + NOT-FOR-US: Android +CVE-2022-20607 (In the Pixel cellular firmware, there is a possible out of bounds writ ...) + NOT-FOR-US: Android +CVE-2022-20606 (In SAEMM_MiningCodecTableWithMsgIE of SAEMM_RadioMessageCodec.c, there ...) + NOT-FOR-US: Android +CVE-2022-20605 (In SAECOMM_CopyBufferBytes of SAECOMM_Utility.c, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20604 (In SAECOMM_SetDcnIdForPlmn of SAECOMM_DbManagement.c, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-20603 (In SetDecompContextDb of RohcDeCompContextOfRbId.cpp, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-20602 (Product: AndroidVersions: Android kernelAndroid ID: A-211081867Referen ...) + NOT-FOR-US: Android +CVE-2022-20601 (Product: AndroidVersions: Android kernelAndroid ID: A-204541506Referen ...) + NOT-FOR-US: Android +CVE-2022-20600 (In TBD of TBD, there is a possible out of bounds write due to memory c ...) + NOT-FOR-US: Android +CVE-2022-20599 (In Pixel firmware, there is a possible exposure of sensitive memory du ...) + NOT-FOR-US: Android +CVE-2022-20598 (In sec_media_protect of media.c, there is a possible EoP due to an int ...) + NOT-FOR-US: Android +CVE-2022-20597 (In ppmpu_set of ppmpu.c, there is a possible EoP due to an integer ove ...) + NOT-FOR-US: Android +CVE-2022-20596 (In sendChunk of WirelessCharger.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2022-20595 (In getWpcAuthChallengeResponse of WirelessCharger.cpp, there is a poss ...) + NOT-FOR-US: Android +CVE-2022-20594 (In updateStart of WirelessCharger.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2022-20593 (In pop_descriptor_string of BufferDescriptor.h, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2022-20592 (In ppmp_validate_secbuf of drm_fw.c, there is a possible information d ...) + NOT-FOR-US: Android +CVE-2022-20591 (In ppmpu_set of ppmpu.c, there is a possible information disclosure du ...) + NOT-FOR-US: Android +CVE-2022-20590 (In valid_va_sec_mfc_check of drm_access_control.c, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20589 (In valid_va_secbuf_check of drm_access_control.c, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20588 (In sysmmu_map of sysmmu.c, there is a possible EoP due to a preconditi ...) + NOT-FOR-US: Android +CVE-2022-20587 (In ppmp_validate_wsm of drm_fw.c, there is a possible EoP due to impro ...) + NOT-FOR-US: Android +CVE-2022-20586 (In valid_out_of_special_sec_dram_addr of drm_access_control.c, there i ...) + NOT-FOR-US: Android +CVE-2022-20585 (In valid_out_of_special_sec_dram_addr of drm_access_control.c, there i ...) + NOT-FOR-US: Android +CVE-2022-20584 (In page_number of shared_mem.c, there is a possible code execution in ...) + NOT-FOR-US: Android +CVE-2022-20583 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20582 (In ppmp_unprotect_mfcfw_buf of drm_fw.c, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20581 (In the Pixel camera driver, there is a possible use after free due to ...) + NOT-FOR-US: Android +CVE-2022-20580 (In ufdt_do_one_fixup of ufdt_overlay.c, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-20579 (In RadioImpl::setCdmaBroadcastConfig of ril_service_legacy.cpp, there ...) + NOT-FOR-US: Android +CVE-2022-20578 (In RadioImpl::setGsmBroadcastConfig of ril_service_legacy.cpp, there i ...) + NOT-FOR-US: Android +CVE-2022-20577 (In OemSimAuthRequest::encode of wlandata.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-20576 (In externalOnRequest of rilapplication.cpp, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2022-20575 (In read_ppmpu_info of drm_fw.c, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2022-20574 (In sec_sysmmu_info of drm_fw.c, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2022-20573 + RESERVED +CVE-2022-20572 (In verity_target of dm-verity-target.c, there is a possible way to mod ...) + - linux 5.18.2-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/4caae58406f8ceb741603eee460d79bacca9b1b5 +CVE-2022-20571 (In extract_metadata of dm-android-verity.c, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2022-20570 (Product: AndroidVersions: Android kernelAndroid ID: A-230660904Referen ...) + NOT-FOR-US: Android +CVE-2022-20569 (In thermal_cooling_device_stats_update of thermal_sysfs.c, there is a ...) + NOT-FOR-US: Android +CVE-2022-20568 (In (TBD) of (TBD), there is a possible way to corrupt kernel memory du ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.120-1 + [buster] - linux (Vulnerable code introduced later) +CVE-2022-20567 (In pppol2tp_create of l2tp_ppp.c, there is a possible use after free d ...) + - linux 4.15.11-1 + NOTE: https://git.kernel.org/linus/d02ba2a6110c530a32926af8ad441111774d2893 +CVE-2022-20566 (In l2cap_chan_put of l2cap_core, there is a possible use after free du ...) + - linux 5.18.16-1 + [bullseye] - linux 5.10.136-1 + [buster] - linux 4.19.260-1 + NOTE: https://git.kernel.org/linus/d0be8347c623e0ac4202a1d4e0373882821f56b0 +CVE-2022-20565 + RESERVED +CVE-2022-20564 (In _ufdt_output_strtab_to_fdt of ufdt_convert.c, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20563 (In TBD of ufdt_convert, there is a possible out of bounds read due to ...) + NOT-FOR-US: Android +CVE-2022-20562 (In various functions of ap_input_processor.c, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20561 (In TBD of aud_hal_tunnel.c, there is a possible memory corruption due ...) + NOT-FOR-US: Android +CVE-2022-20560 (Product: AndroidVersions: Android kernelAndroid ID: A-212623833Referen ...) + NOT-FOR-US: Android +CVE-2022-20559 (In revokeOwnPermissionsOnKill of PermissionManager.java, there is a po ...) + NOT-FOR-US: Android +CVE-2022-20558 (In registerReceivers of DeviceCapabilityListener.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2022-20557 (In MessageQueueBase of MessageQueueBase.h, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2022-20556 (In launchConfigNewNetworkFragment of NetworkProviderSettings.java, the ...) + NOT-FOR-US: Android +CVE-2022-20555 (In ufdt_get_node_by_path_len of ufdt_convert.c, there is a possible ou ...) + NOT-FOR-US: Android +CVE-2022-20554 (In removeEventHubDevice of InputDevice.cpp, there is a possible OOB re ...) + NOT-FOR-US: Android +CVE-2022-20553 (In onCreate of LogAccessDialogActivity.java, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2022-20552 (In btif_a2dp_sink_command_ready of btif_a2dp_sink.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-20551 (In createTrack of AudioFlinger.cpp, there is a possible way to record ...) + NOT-FOR-US: Android +CVE-2022-20550 (In Multiple Locations, there is a possibility to launch arbitrary prot ...) + NOT-FOR-US: Android +CVE-2022-20549 (In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20548 (In setParameter of EqualizerEffect.cpp, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-20547 (In multiple functions of AdapterService.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20546 (In getCurrentConfigImpl of Effect.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2022-20545 (In bindArtworkAndColors of MediaControlPanel.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20544 (In onOptionsItemSelected of ManageApplications.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2022-20543 (In multiple locations, there is a possible display crash loop due to i ...) + NOT-FOR-US: Android +CVE-2022-20542 (In parseParamsBlob of types.cpp, there is a possible out of bounds wri ...) + NOT-FOR-US: Android +CVE-2022-20541 (In phNxpNciHal_ioctl of phNxpNciHal.cc, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-20540 (In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arb ...) + NOT-FOR-US: Android +CVE-2022-20539 (In parameterToHal of Effect.cpp, there is a possible out of bounds wri ...) + NOT-FOR-US: Android +CVE-2022-20538 (In getSmsRoleHolder of RoleService.java, there is a possible way to de ...) + NOT-FOR-US: Android +CVE-2022-20537 (In createDialog of WifiScanModeActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20536 (In registerBroadcastReceiver of RcsService.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2022-20535 (In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there i ...) + NOT-FOR-US: Android +CVE-2022-20534 + RESERVED +CVE-2022-20533 (In getSlice of WifiSlice.java, there is a possible way to connect a ne ...) + NOT-FOR-US: Android +CVE-2022-20532 (In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20531 (In Telecom, there is a possible way to determine whether an app is ins ...) + NOT-FOR-US: Android +CVE-2022-20530 (In strings.xml, there is a possible permission bypass due to a mislead ...) + NOT-FOR-US: Android +CVE-2022-20529 (In multiple locations of WifiDialogActivity.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20528 (In findParam of HevcUtils.cpp there is a possible out of bounds read d ...) + NOT-FOR-US: Android +CVE-2022-20527 (In HalCoreCallback of halcore.cc, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2022-20526 (In CanvasContext::draw of CanvasContext.cpp, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2022-20525 (In enforceVisualVoicemailPackage of PhoneInterfaceManager.java, there ...) + NOT-FOR-US: Android +CVE-2022-20524 (In compose of Vibrator.cpp, there is a possible arbitrary code executi ...) + NOT-FOR-US: Android +CVE-2022-20523 (In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20522 (In getSlice of ProviderModelSlice.java, there is a missing permission ...) + NOT-FOR-US: Android +CVE-2022-20521 (In sdpu_find_most_specific_service_uuid of sdp_utils.cc, there is a po ...) + NOT-FOR-US: Android +CVE-2022-20520 (In onCreate of various files, there is a possible tapjacking/overlay a ...) + NOT-FOR-US: Android +CVE-2022-20519 (In onCreate of AddAppNetworksActivity.java, there is a possible way fo ...) + NOT-FOR-US: Android +CVE-2022-20518 (In query of MmsSmsProvider.java, there is a possible access to restric ...) + NOT-FOR-US: Android +CVE-2022-20517 (In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20516 (In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20515 (In onPreferenceClick of AccountTypePreferenceLoader.java, there is a p ...) + NOT-FOR-US: Android +CVE-2022-20514 (In acquireFabricatedOverlayIterator, nextFabricatedOverlayInfos, and r ...) + NOT-FOR-US: Android +CVE-2022-20513 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2022-20512 (In navigateUpTo of Task.java, there is a possible way to launch an int ...) + NOT-FOR-US: Android +CVE-2022-20511 (In getNearbyAppStreamingPolicy of DevicePolicyManagerService.java, the ...) + NOT-FOR-US: Android +CVE-2022-20510 (In getNearbyNotificationStreamingPolicy of DevicePolicyManagerService. ...) + NOT-FOR-US: Android +CVE-2022-20509 (In mapGrantorDescr of MessageQueueBase.h, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20508 (In onAttach of ConfigureWifiSettings.java, there is a possible way for ...) + NOT-FOR-US: Android +CVE-2022-20507 (In onMulticastListUpdateNotificationReceived of UwbEventManager.java, ...) + NOT-FOR-US: Android +CVE-2022-20506 (In onCreate of WifiDialogActivity.java, there is a missing permission ...) + NOT-FOR-US: Android +CVE-2022-20505 (In openFile of CallLogProvider.java, there is a possible permission by ...) + NOT-FOR-US: Android +CVE-2022-20504 (In multiple locations of DreamManagerService.java, there is a missing ...) + NOT-FOR-US: Android +CVE-2022-20503 (In onCreate of WifiDppConfiguratorActivity.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2022-20502 (In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible us ...) + NOT-FOR-US: Android +CVE-2022-20501 (In onCreate of EnableAccountPreferenceActivity.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2022-20500 (In loadFromXml of ShortcutPackage.java, there is a possible crash on b ...) + NOT-FOR-US: Android +CVE-2022-20499 (In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught e ...) + NOT-FOR-US: Android +CVE-2022-20498 (In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-20497 (In updatePublicMode of NotificationLockscreenUserManagerImpl.java, the ...) + NOT-FOR-US: Android +CVE-2022-20496 (In setDataSource of initMediaExtractor.cpp, there is a possibility of ...) + NOT-FOR-US: Android +CVE-2022-20495 (In getEnabledAccessibilityServiceList of AccessibilityManager.java, th ...) + NOT-FOR-US: Android +CVE-2022-20494 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible pers ...) + NOT-FOR-US: Android +CVE-2022-20493 (In Condition of Condition.java, there is a possible way to grant notif ...) + NOT-FOR-US: Android +CVE-2022-20492 (In many functions of AutomaticZenRule.java, there is a possible failur ...) + NOT-FOR-US: Android +CVE-2022-20491 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20490 (In multiple functions of AutomaticZenRule.java, there is a possible fa ...) + NOT-FOR-US: Android +CVE-2022-20489 (In many functions of AutomaticZenRule.java, there is a possible failur ...) + NOT-FOR-US: Android +CVE-2022-20488 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20487 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20486 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20485 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20484 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20483 (In several functions that parse avrc response in avrc_pars_ct.cc and r ...) + NOT-FOR-US: Android +CVE-2022-20482 (In createNotificationChannel of NotificationManager.java, there is a p ...) + NOT-FOR-US: Android +CVE-2022-20481 (In multiple files, there is a possible way to preserve WiFi settings d ...) + NOT-FOR-US: Android +CVE-2022-20480 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20479 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20478 (In NotificationChannel of NotificationChannel.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20477 (In shouldHideNotification of KeyguardNotificationVisibilityProvider.kt ...) + NOT-FOR-US: Android +CVE-2022-20476 (In setEnabledSetting of PackageManager.java, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2022-20475 (In test of ResetTargetTaskHelper.java, there is a possible hijacking o ...) + NOT-FOR-US: Android +CVE-2022-20474 (In readLazyValue of Parcel.java, there is a possible loading of arbitr ...) + NOT-FOR-US: Android +CVE-2022-20473 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20472 (In toLanguageTag of LocaleListCache.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20471 (In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20470 (In bindRemoteViewsService of AppWidgetServiceImpl.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2022-20469 (In avct_lcb_msg_asmbl of avct_lcb_act.cc, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20468 (In BNEP_ConnectResp of bnep_api.cc, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2022-20467 (In isBluetoothShareUri of BluetoothOppUtility.java, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20466 (In applyKeyguardFlags of NotificationShadeWindowControllerImpl.java, t ...) + NOT-FOR-US: Android +CVE-2022-20465 (In dismiss and related functions of KeyguardHostViewController.java an ...) + NOT-FOR-US: Android +CVE-2022-20464 (In various functions of ap_input_processor.c, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20463 + REJECTED +CVE-2022-20462 (In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20461 (In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cp ...) + NOT-FOR-US: Android +CVE-2022-20460 (In (TBD) mprot_unmap? of (TBD), there is a possible way to corrupt the ...) + NOT-FOR-US: Google Pixel +CVE-2022-20459 (In (TBD) of (TBD), there is a possible way to redirect code execution ...) + NOT-FOR-US: Google Pixel +CVE-2022-20458 (The logs of sensitive information (PII) or hardware identifier should ...) + NOT-FOR-US: Android +CVE-2022-20457 (In getMountModeInternal of StorageManagerService.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2022-20456 (In AutomaticZenRule of AutomaticZenRule.java, there is a possible fail ...) + NOT-FOR-US: Android +CVE-2022-20455 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible pers ...) + NOT-FOR-US: Android +CVE-2022-20454 (In fdt_next_tag of fdt.c, there is a possible out of bounds write due ...) + NOT-FOR-US: Android +CVE-2022-20453 (In update of MmsProvider.java, there is a possible constriction of dir ...) + NOT-FOR-US: Android +CVE-2022-20452 (In initializeFromParcelLocked of BaseBundle.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20451 (In onCallRedirectionComplete of CallsManager.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20450 (In restorePermissionState of PermissionManagerServiceImpl.java, there ...) + NOT-FOR-US: Android +CVE-2022-20449 (In writeApplicationRestrictionsLAr of UserManagerService.java, there i ...) + NOT-FOR-US: Android +CVE-2022-20448 (In buzzBeepBlinkLocked of NotificationManagerService.java, there is a ...) + NOT-FOR-US: Android +CVE-2022-20447 (In PAN_WriteBuf of pan_api.cc, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2022-20446 (In AlwaysOnHotwordDetector of AlwaysOnHotwordDetector.java, there is a ...) + NOT-FOR-US: Android +CVE-2022-20445 (In process_service_search_rsp of sdp_discovery.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20444 + REJECTED +CVE-2022-20443 (In hasInputInfo of Layer.cpp, there is a possible bypass of user inter ...) + NOT-FOR-US: Android +CVE-2022-20442 (In onCreate of ReviewPermissionsActivity.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20441 (In navigateUpTo of Task.java, there is a possible way to launch an une ...) + NOT-FOR-US: Android +CVE-2022-20440 (In Messaging, There has unauthorized broadcast, this could cause Local ...) + NOT-FOR-US: Android +CVE-2022-20439 (In Messaging, There has unauthorized provider, this could cause Local ...) + NOT-FOR-US: Android +CVE-2022-20438 (In Messaging, There has unauthorized broadcast, this could cause Local ...) + NOT-FOR-US: Android +CVE-2022-20437 (In Messaging, There has unauthorized broadcast, this could cause Local ...) + NOT-FOR-US: Android +CVE-2022-20436 (There is an unauthorized service in the system service. Since the comp ...) + NOT-FOR-US: Android +CVE-2022-20435 (There is a Unauthorized service in the system service, may cause the s ...) + NOT-FOR-US: Android +CVE-2022-20434 (There is an missing authorization issue in the system service. Since t ...) + NOT-FOR-US: Android +CVE-2022-20433 (There is an missing authorization issue in the system service. Since t ...) + NOT-FOR-US: Android +CVE-2022-20432 (There is an missing authorization issue in the system service. Since t ...) + NOT-FOR-US: Android +CVE-2022-20431 (There is an missing authorization issue in the system service. Since t ...) + NOT-FOR-US: Android +CVE-2022-20430 (There is an missing authorization issue in the system service. Since t ...) + NOT-FOR-US: Android +CVE-2022-20429 (In CarSettings of app packages, there is a possible permission bypass ...) + NOT-FOR-US: Android +CVE-2022-20428 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Google Pixel +CVE-2022-20427 (In (TBD) of (TBD), there is a possible way to corrupt memory due to im ...) + NOT-FOR-US: Google Pixel +CVE-2022-20426 (In multiple functions of many files, there is a possible obstruction o ...) + NOT-FOR-US: Android +CVE-2022-20425 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) + NOT-FOR-US: Android +CVE-2022-20424 + REJECTED +CVE-2022-20423 (In rndis_set_response of rndis.c, there is a possible out of bounds wr ...) + - linux 5.16.18-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://git.kernel.org/linus/65f3324f4b6fed78b8761c3b74615ecf0ffa81fa (5.17) +CVE-2022-20422 (In emulation_proc_handler of armv8_deprecated.c, there is a possible w ...) + {DLA-3173-1} + - linux 5.19.6-1 + [bullseye] - linux 5.10.140-1 + [buster] - linux 4.19.260-1 + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://git.kernel.org/linus/af483947d472eccb79e42059276c4deed76f99a6 (6.0-rc1) +CVE-2022-20421 (In binder_inc_ref_for_node of binder.c, there is a possible way to cor ...) + {DSA-5257-1 DLA-3173-1} + - linux 5.19.11-1 + [buster] - linux 4.19.260-1 + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://git.kernel.org/linus/a0e44c64b6061dda7e00b7c458e4523e2331b739 (6.0-rc4) +CVE-2022-20420 (In getBackgroundRestrictionExemptionReason of AppRestrictionController ...) + NOT-FOR-US: Android +CVE-2022-20419 (In setOptions of ActivityRecord.java, there is a possible load any arb ...) + NOT-FOR-US: Android +CVE-2022-20418 (In pickStartSeq of AAVCAssembler.cpp, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2022-20417 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20416 (In audioTransportsToHal of HidlUtils.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20415 (In handleFullScreenIntent of StatusBarNotificationActivityStarter.java ...) + NOT-FOR-US: Android +CVE-2022-20414 (In setImpl of AlarmManagerService.java, there is a possible way to put ...) + NOT-FOR-US: Android +CVE-2022-20413 (In start of Threads.cpp, there is a possible way to record audio durin ...) + NOT-FOR-US: Android +CVE-2022-20412 (In fdt_next_tag of fdt.c, there is a possible out of bounds read due t ...) + NOT-FOR-US: Android +CVE-2022-20411 (In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2022-20410 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20409 (In io_identity_cow of io_uring.c, there is a possible way to corrupt m ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.136-1 + [buster] - linux (Vulnerable code not present) + NOTE: https://source.android.com/docs/security/bulletin/2022-10-01 + NOTE: https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9 +CVE-2022-20408 (Product: AndroidVersions: Android kernelAndroid ID: A-204782372Referen ...) + NOT-FOR-US: Android +CVE-2022-20407 (Product: AndroidVersions: Android kernelAndroid ID: A-210916981Referen ...) + NOT-FOR-US: Android +CVE-2022-20406 (Product: AndroidVersions: Android kernelAndroid ID: A-184676385Referen ...) + NOT-FOR-US: Android +CVE-2022-20405 (Product: AndroidVersions: Android kernelAndroid ID: A-216363416Referen ...) + NOT-FOR-US: Android +CVE-2022-20404 (Product: AndroidVersions: Android kernelAndroid ID: A-205714161Referen ...) + NOT-FOR-US: Android +CVE-2022-20403 (Product: AndroidVersions: Android kernelAndroid ID: A-207975764Referen ...) + NOT-FOR-US: Android +CVE-2022-20402 (Product: AndroidVersions: Android kernelAndroid ID: A-218701042Referen ...) + NOT-FOR-US: Android +CVE-2022-20401 (In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a pos ...) + NOT-FOR-US: Android +CVE-2022-20400 (In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2022-20399 (In the SEPolicy configuration of system apps, there is a possible acce ...) + NOT-FOR-US: Android +CVE-2022-20398 (In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20397 (In SitRilClient_OnResponse of SitRilSe.cpp, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2022-20396 (In SettingsActivity.java, there is a possible way to make a device dis ...) + NOT-FOR-US: Android +CVE-2022-20395 (In checkAccess of MediaProvider.java, there is a possible file deletio ...) + NOT-FOR-US: Android +CVE-2022-20394 (In getInputMethodWindowVisibleHeight of InputMethodManagerService.java ...) + NOT-FOR-US: Android +CVE-2022-20393 (In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a p ...) + NOT-FOR-US: Android +CVE-2022-20392 (In declareDuplicatePermission of ParsedPermissionUtils.java, there is ...) + NOT-FOR-US: Android +CVE-2022-20391 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000) + NOT-FOR-US: Android +CVE-2022-20390 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002) + NOT-FOR-US: Android +CVE-2022-20389 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004) + NOT-FOR-US: Android +CVE-2022-20388 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323) + NOT-FOR-US: Android +CVE-2022-20387 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324) + NOT-FOR-US: Android +CVE-2022-20386 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328) + NOT-FOR-US: Android +CVE-2022-20385 (a function called 'nla_parse', do not check the len of para, it will c ...) + NOT-FOR-US: Android +CVE-2022-20384 (Product: AndroidVersions: Android kernelAndroid ID: A-211727306Referen ...) + NOT-FOR-US: Android +CVE-2022-20383 (In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a pos ...) + NOT-FOR-US: Android +CVE-2022-20382 (In (TBD) of (TBD), there is a possible out of bounds write due to kern ...) + NOT-FOR-US: Android +CVE-2022-20381 (Product: AndroidVersions: Android kernelAndroid ID: A-188935887Referen ...) + NOT-FOR-US: Android +CVE-2022-20380 (Product: AndroidVersions: Android kernelAndroid ID: A-212625740Referen ...) + NOT-FOR-US: Android +CVE-2022-20379 (In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary c ...) + NOT-FOR-US: Android +CVE-2022-20378 (Product: AndroidVersions: Android kernelAndroid ID: A-234657153Referen ...) + NOT-FOR-US: Android +CVE-2022-20377 (In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, ...) + NOT-FOR-US: Android +CVE-2022-20376 (In trusty_log_seq_start of trusty-log.c, there is a possible use after ...) + NOT-FOR-US: Android +CVE-2022-20375 (In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2022-20374 + REJECTED +CVE-2022-20373 (In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible u ...) + NOT-FOR-US: Android +CVE-2022-20372 (In exynos5_i2c_irq of (TBD), there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2022-20371 (In dm_bow_dtr and related functions of dm-bow.c, there is a possible u ...) + NOT-FOR-US: Android +CVE-2022-20370 (Product: AndroidVersions: Android kernelAndroid ID: A-215730643Referen ...) + NOT-FOR-US: Android +CVE-2022-20369 (In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bou ...) + {DLA-3245-1} + - linux 5.17.3-1 + [bullseye] - linux 5.10.113-1 + NOTE: https://git.kernel.org/linus/8310ca94075e784bbb06593cd6c068ee6b6e4ca6 (5.18-rc1) +CVE-2022-20368 (Product: AndroidVersions: Android kernelAndroid ID: A-224546354Referen ...) + - linux 5.16.18-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux 4.19.249-1 + NOTE: https://git.kernel.org/linus/c700525fcc06b05adfea78039de02628af79e07a (5.17) +CVE-2022-20367 (In construct_transaction of lwis_ioctl.c, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2022-20366 (In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20365 (Product: AndroidVersions: Android kernelAndroid ID: A-229632566Referen ...) + NOT-FOR-US: Android +CVE-2022-20364 (In sysmmu_unmap of TBD, there is a possible out of bounds write due to ...) + NOT-FOR-US: Android +CVE-2022-20363 + RESERVED +CVE-2022-20362 (In Bluetooth, there is a possible out of bounds write due to an intege ...) + NOT-FOR-US: Android +CVE-2022-20361 (In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerabil ...) + NOT-FOR-US: Android +CVE-2022-20360 (In setChecked of SecureNfcPreferenceController.java, there is a missin ...) + NOT-FOR-US: Android +CVE-2022-20359 + REJECTED +CVE-2022-20358 (In startSync of AbstractThreadedSyncAdapter.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20357 (In writeToParcel of SurfaceControl.cpp, there is a possible informatio ...) + NOT-FOR-US: Android +CVE-2022-20356 (In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, th ...) + NOT-FOR-US: Android +CVE-2022-20355 (In get of PacProxyService.java, there is a possible system service cra ...) + NOT-FOR-US: Android +CVE-2022-20354 (In onDefaultNetworkChanged of Vpn.java, there is a possible way to dis ...) + NOT-FOR-US: Android +CVE-2022-20353 (In onSaveRingtone of DefaultRingtonePreference.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2022-20352 (In addProviderRequestListener of LocationManagerService.java, there is ...) + NOT-FOR-US: Android +CVE-2022-20351 (In queryInternal of CallLogProvider.java, there is a possible access t ...) + NOT-FOR-US: Android +CVE-2022-20350 (In onCreate of NotificationAccessConfirmationActivity.java, there is a ...) + NOT-FOR-US: Android +CVE-2022-20349 (In WifiScanningPreferenceController and BluetoothScanningPreferenceCon ...) + NOT-FOR-US: Android +CVE-2022-20348 (In updateState of LocationServicesWifiScanningPreferenceController.jav ...) + NOT-FOR-US: Android +CVE-2022-20347 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2022-20346 (In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, ther ...) + NOT-FOR-US: Android +CVE-2022-20345 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20344 (In stealReceiveChannel of EventThread.cpp, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2022-20343 + RESERVED +CVE-2022-20342 (In WiFi, there is a possible disclosure of WiFi password to the end us ...) + NOT-FOR-US: Android +CVE-2022-20341 (In ConnectivityService, there is a possible bypass of network permissi ...) + NOT-FOR-US: Android +CVE-2022-20340 (In SELinux policy, there is a possible way of inferring which websites ...) + NOT-FOR-US: Android +CVE-2022-20339 (In Android, there is a possible access of network neighbor table infor ...) + NOT-FOR-US: Android +CVE-2022-20338 (In HierarchicalUri.readFrom of Uri.java, there is a possible way to cr ...) + NOT-FOR-US: Android +CVE-2022-20337 + RESERVED +CVE-2022-20336 (In Settings, there is a possible installed application disclosure due ...) + NOT-FOR-US: Android +CVE-2022-20335 (In Wifi Slice, there is a possible way to adjust Wi-Fi settings even w ...) + NOT-FOR-US: Android +CVE-2022-20334 (In Bluetooth, there are possible process crashes due to dereferencing ...) + NOT-FOR-US: Android +CVE-2022-20333 (In Bluetooth, there is a possible crash due to a missing null check. T ...) + NOT-FOR-US: Android +CVE-2022-20332 (In PackageManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20331 (In the Framework, there is a possible way to enable a work profile wit ...) + NOT-FOR-US: Android +CVE-2022-20330 (In Bluetooth, there is a possible way to connect or disconnect bluetoo ...) + NOT-FOR-US: Android +CVE-2022-20329 (In Wifi, there is a possible way to enable Wifi without permissions du ...) + NOT-FOR-US: Android +CVE-2022-20328 (In PackageManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20327 (In Wi-Fi, there is a possible way to retrieve the WiFi SSID without lo ...) + NOT-FOR-US: Android +CVE-2022-20326 (In Telephony, there is a possible disclosure of SIM identifiers due to ...) + NOT-FOR-US: Android +CVE-2022-20325 (In Media, there is a possible code execution due to a use after free. ...) + NOT-FOR-US: Android +CVE-2022-20324 (In Framework, there is a possible way to determine whether an app is i ...) + NOT-FOR-US: Android +CVE-2022-20323 (In PackageManager, there is a possible package installation disclosure ...) + NOT-FOR-US: Android +CVE-2022-20322 (In PackageManager, there is a possible installed package disclosure du ...) + NOT-FOR-US: Android +CVE-2022-20321 (In Settings, there is a possible way for an application without permis ...) + NOT-FOR-US: Android +CVE-2022-20320 (In ActivityManager, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2022-20319 (In DreamServices, there is a possible way to launch arbitrary protecte ...) + NOT-FOR-US: Android +CVE-2022-20318 (In PackageInstaller, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2022-20317 (In SystemUI, there is a possible way to unexpectedly enable the extern ...) + NOT-FOR-US: Android +CVE-2022-20316 (In ContentResolver, there is a possible way to determine whether an ap ...) + NOT-FOR-US: Android +CVE-2022-20315 (In ActivityManager, there is a possible disclosure of installed packag ...) + NOT-FOR-US: Android +CVE-2022-20314 (In KeyChain, there is a possible spoof keychain chooser activity reque ...) + NOT-FOR-US: Android +CVE-2022-20313 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Android +CVE-2022-20312 (In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address w ...) + NOT-FOR-US: Android +CVE-2022-20311 (In Telecomm, there is a possible disclosure of registered self managed ...) + NOT-FOR-US: Android +CVE-2022-20310 (In Telecomm, there is a possible disclosure of registered self managed ...) + NOT-FOR-US: Android +CVE-2022-20309 (In PackageInstaller, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2022-20308 (In hostapd, there is a possible insecure configuration due to an insec ...) + NOT-FOR-US: Android (treating this android specific even hostapd mentioned, insecure configuration on Android) +CVE-2022-20307 (In AlarmManagerService, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20306 (In Camera Provider HAL, there is a possible memory corruption due to a ...) + NOT-FOR-US: Android +CVE-2022-20305 (In ContentService, there is a possible disclosure of available account ...) + NOT-FOR-US: Android +CVE-2022-20304 (In Content, there is a possible way to determinate the user's account ...) + NOT-FOR-US: Android +CVE-2022-20303 (In ContentService, there is a possible way to determine if an account ...) + NOT-FOR-US: Android +CVE-2022-20302 (In Settings, there is a possible way to bypass factory reset protectio ...) + NOT-FOR-US: Android +CVE-2022-20301 (In Content, there is a possible way to check if an account exists on t ...) + NOT-FOR-US: Android +CVE-2022-20300 (In Content, there is a possible way to check if the given account exis ...) + NOT-FOR-US: Android +CVE-2022-20299 (In ContentService, there is a possible way to check if the given accou ...) + NOT-FOR-US: Android +CVE-2022-20298 (In ContentService, there is a possible way to check if an account exis ...) + NOT-FOR-US: Android +CVE-2022-20297 (In Settings, there is a possible way to bypass factory reset protectio ...) + NOT-FOR-US: Android +CVE-2022-20296 (In ContentService, there is a possible way to check if an account exis ...) + NOT-FOR-US: Android +CVE-2022-20295 (In ContentService, there is a possible way to check if an account exis ...) + NOT-FOR-US: Android +CVE-2022-20294 (In Content, there is a possible way to learn about an account present ...) + NOT-FOR-US: Android +CVE-2022-20293 (In LauncherApps, there is a possible way to determine whether an app i ...) + NOT-FOR-US: Android +CVE-2022-20292 (In Settings, there is a possible way to bypass factory reset protectio ...) + NOT-FOR-US: Android +CVE-2022-20291 (In AppOpsService, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20290 (In Midi, there is a possible way to learn about private midi devices d ...) + NOT-FOR-US: Android +CVE-2022-20289 (In PackageInstaller, there is a possible way to determine whether an a ...) + NOT-FOR-US: Android +CVE-2022-20288 (In AppSearchManagerService, there is a possible way to determine wheth ...) + NOT-FOR-US: Android +CVE-2022-20287 (In AppSearchManagerService, there is a possible way to determine wheth ...) + NOT-FOR-US: Android +CVE-2022-20286 (In Connectivity, there is a possible bypass the restriction of startin ...) + NOT-FOR-US: Android +CVE-2022-20285 (In PackageManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20284 (In Telephony, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: Android +CVE-2022-20283 (In Bluetooth, there is a possible out of bounds write due to an intege ...) + NOT-FOR-US: Android +CVE-2022-20282 (In AppWidget, there is a possible way to start an activity from the ba ...) + NOT-FOR-US: Android +CVE-2022-20281 (In Core, there is a possible way to start an activity from the backgro ...) + NOT-FOR-US: Android +CVE-2022-20280 (In MMSProvider, there is a possible read of protected data due to impr ...) + NOT-FOR-US: Android +CVE-2022-20279 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20278 (In Accounts, there is a possible way to write sensitive information to ...) + NOT-FOR-US: Android +CVE-2022-20277 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20276 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20275 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20274 (In Keyguard, there is a missing permission check. This could lead to l ...) + NOT-FOR-US: Android +CVE-2022-20273 (In Bluetooth, there is a possible out of bounds read due to a heap buf ...) + NOT-FOR-US: Android +CVE-2022-20272 (In PermissionController, there is a possible misunderstanding about th ...) + NOT-FOR-US: Android +CVE-2022-20271 (In PermissionController, there is a possible way to grant some permiss ...) + NOT-FOR-US: Android +CVE-2022-20270 (In Content, there is a possible way to learn gmail account name on the ...) + NOT-FOR-US: Android +CVE-2022-20269 (In Bluetooth, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: Android +CVE-2022-20268 (In RestrictionsManager, there is a possible way to send a broadcast th ...) + NOT-FOR-US: Android +CVE-2022-20267 (In bluetooth, there is a possible way to enable or disable bluetooth c ...) + NOT-FOR-US: Android +CVE-2022-20266 (In Companion, there is a possible way to keep a service running with e ...) + NOT-FOR-US: Android +CVE-2022-20265 (In Settings, there is a possible way to bypass factory reset permissio ...) + NOT-FOR-US: Android +CVE-2022-20264 (In Usage Stats Service, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2022-20263 (In ActivityManager, there is a way to read process state for other use ...) + NOT-FOR-US: Android +CVE-2022-20262 (In ActivityManager, there is a possible way to check another process's ...) + NOT-FOR-US: Android +CVE-2022-20261 (In LocationManager, there is a possible way to get location informatio ...) + NOT-FOR-US: Android +CVE-2022-20260 (In the Phone app, there is a possible crash loop due to resource exhau ...) + NOT-FOR-US: Android +CVE-2022-20259 (In Telephony, there is a possible leak of ICCID and EID due to a missi ...) + NOT-FOR-US: Android +CVE-2022-20258 (In Bluetooth, there is a possible way to bypass compiler exploit mitig ...) + NOT-FOR-US: Android +CVE-2022-20257 (In Bluetooth, there is a possible way to pair a display only device wi ...) + NOT-FOR-US: Android +CVE-2022-20256 (In the Audio HAL, there is a possible out of bounds write due to a rac ...) + NOT-FOR-US: Android +CVE-2022-20255 (In SettingsProvider, there is a possible way to read or change the def ...) + NOT-FOR-US: Android +CVE-2022-20254 (In Wi-Fi, there is a permissions bypass. This could lead to local esca ...) + NOT-FOR-US: Android +CVE-2022-20253 (In Bluetooth, there is a possible cleanup failure due to an uncaught e ...) + NOT-FOR-US: Android +CVE-2022-20252 (In PackageManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20251 (In LocaleManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20250 (In Messaging, there is a possible way to attach files to a message wit ...) + NOT-FOR-US: Android +CVE-2022-20249 (In LocaleManager, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2022-20248 (In Settings, there is a possible way to connect to an open network byp ...) + NOT-FOR-US: Android +CVE-2022-20247 (In Media, there is a possible out of bounds read due to a heap buffer ...) + NOT-FOR-US: Android +CVE-2022-20246 (In WindowManager, there is a possible bypass of the restrictions for s ...) + NOT-FOR-US: Android +CVE-2022-20245 (In WindowManager, there is a possible method to create a recording of ...) + NOT-FOR-US: Android +CVE-2022-20244 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Android +CVE-2022-20243 (In Core Utilities, there is a possible log information disclosure. Thi ...) + NOT-FOR-US: Android +CVE-2022-20242 (In Telephony, there is a possible way to determine whether an app is i ...) + NOT-FOR-US: Android +CVE-2022-20241 (In Messaging, there is a possible way to attach a private file to an S ...) + NOT-FOR-US: Android +CVE-2022-20240 (In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a p ...) + NOT-FOR-US: Android +CVE-2022-20239 (remap_pfn_range' here may map out of size kernel memory (for example, ...) + NOT-FOR-US: Unisoc +CVE-2022-20238 ('remap_pfn_range' here may map out of size kernel memory (for example, ...) + NOT-FOR-US: Unisoc +CVE-2022-20237 (In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-20236 (A drm driver have oob problem, could cause the system crash or EOPProd ...) + NOT-FOR-US: Unisoc +CVE-2022-20235 (The PowerVR GPU kernel driver maintains an "Information Page" used by ...) + NOT-FOR-US: Android +CVE-2022-20234 (In Car Settings app, the NotificationAccessConfirmationActivity is exp ...) + NOT-FOR-US: Android +CVE-2022-20233 (In param_find_digests_internal and related functions of the Titan-M so ...) + NOT-FOR-US: Google Pixel +CVE-2022-20232 + RESERVED +CVE-2022-20231 (In smc_intc_request_fiq of arm_gic.c, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2022-20230 (In choosePrivateKeyAlias of KeyChain.java, there is a possible access ...) + NOT-FOR-US: Android +CVE-2022-20229 (In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there i ...) + NOT-FOR-US: Android +CVE-2022-20228 (In various functions of C2DmaBufAllocator.cpp, there is a possible mem ...) + NOT-FOR-US: Android +CVE-2022-20227 (In USB driver, there is a possible out of bounds read due to a heap bu ...) + NOTE: https://source.android.com/security/bulletin/2022-07-01 + NOTE: Possibly a duplicate of CVE-2021-39685 and CVE-2022-25375, contacted Android Security Team +CVE-2022-20226 (In finishDrawingWindow of WindowManagerService.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2022-20225 (In getSubscriptionProperty of SubscriptionController.java, there is a ...) + NOT-FOR-US: Android +CVE-2022-20224 (In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bou ...) + NOT-FOR-US: Android +CVE-2022-20223 (In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, th ...) + NOT-FOR-US: Android +CVE-2022-20222 (In read_attr_value of gatt_db.cc, there is a possible out of bounds wr ...) + NOT-FOR-US: Android +CVE-2022-20221 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2022-20220 (In openFile of CallLogProvider.java, there is a possible permission by ...) + NOT-FOR-US: Android +CVE-2022-20219 (In multiple functions of StorageManagerService.java and UserManagerSer ...) + NOT-FOR-US: Android +CVE-2022-20218 (In PermissionController, there is a possible way to get and retain per ...) + NOT-FOR-US: Android +CVE-2022-20217 (There is a unauthorized broadcast in the SprdContactsProvider. A third ...) + NOT-FOR-US: Unisoc +CVE-2022-20216 (android exported is used to set third-party app access permissions, an ...) + NOT-FOR-US: Unisoc +CVE-2022-20215 (In onCreate of MasterClearConfirmFragment.java, there is a possible fa ...) + NOT-FOR-US: Android +CVE-2022-20214 (In Car Settings app, the toggle button in Modify system settings is vu ...) + NOT-FOR-US: Android +CVE-2022-20213 (In ApplicationsDetailsActivity of AndroidManifest.xml, there is a poss ...) + NOT-FOR-US: Android +CVE-2022-20212 (In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a p ...) + NOT-FOR-US: Android +CVE-2022-20211 + RESERVED +CVE-2022-20210 (The UE and the EMM communicate with each other using NAS messages. Whe ...) + NOT-FOR-US: Unisoc components for Android +CVE-2022-20209 (In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possi ...) + NOT-FOR-US: Google Pixel +CVE-2022-20208 (In parseRecursively of cppbor_parse.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20207 (In static definitions of GattServiceConfig.java, there is a possible p ...) + NOT-FOR-US: Android +CVE-2022-20206 (In setPackageOrComponentEnabled of NotificationManagerService.java, th ...) + NOT-FOR-US: Android +CVE-2022-20205 (In isFileUri of FileUtil.java, there is a possible way to bypass the c ...) + NOT-FOR-US: Android +CVE-2022-20204 (In registerRemoteBugreportReceivers of DevicePolicyManagerService.java ...) + NOT-FOR-US: Google Pixel +CVE-2022-20203 (In multiple locations of the nanopb library, there is a possible way t ...) + NOT-FOR-US: Android +CVE-2022-20202 (In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, ...) + NOT-FOR-US: Google Pixel +CVE-2022-20201 (In getAppSize of InstalldNativeService.cpp, there is a possible out of ...) + NOT-FOR-US: Google Pixel +CVE-2022-20200 (In updateApState of SoftApManager.java, there is a possible leak of ho ...) + NOT-FOR-US: Android +CVE-2022-20199 (In multiple locations of NfcService.java, there is a possible disclosu ...) + NOT-FOR-US: Android +CVE-2022-20198 (In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out o ...) + NOT-FOR-US: Android +CVE-2022-20197 (In recycle of Parcel.java, there is a possible way to start foreground ...) + NOT-FOR-US: Google Pixel +CVE-2022-20196 (In gallery3d and photos, there is a possible permission bypass due to ...) + NOT-FOR-US: Google Pixel +CVE-2022-20195 (In the keystore library, there is a possible prevention of access to s ...) + NOT-FOR-US: Android +CVE-2022-20194 (In onCreate of ChooseLockGeneric.java, there is a possible permission ...) + NOT-FOR-US: Android +CVE-2022-20193 (In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a ...) + NOT-FOR-US: Google Pixel +CVE-2022-20192 (In grantEmbeddedWindowFocus of WindowManagerService.java, there is a p ...) + NOT-FOR-US: Google Pixel +CVE-2022-20191 (Product: AndroidVersions: Android kernelAndroid ID: A-209324757Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20190 (Product: AndroidVersions: Android kernelAndroid ID: A-208744915Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20189 + RESERVED +CVE-2022-20188 (Product: AndroidVersions: Android kernelAndroid ID: A-207254598Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20187 + RESERVED +CVE-2022-20186 (In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbi ...) + NOT-FOR-US: Google Pixel +CVE-2022-20185 (In TBD of TBD, there is a possible use after free bug. This could lead ...) + NOT-FOR-US: Google Pixel +CVE-2022-20184 (Product: AndroidVersions: Android kernelAndroid ID: A-209153114Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20183 (In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out ...) + NOT-FOR-US: Google Pixel +CVE-2022-20182 (In handle_ramdump of pixel_loader.c, there is a possible way to create ...) + NOT-FOR-US: Google Pixel +CVE-2022-20181 (Product: AndroidVersions: Android kernelAndroid ID: A-210936609Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20180 (In several functions of mali_gralloc_reference.cpp, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20179 (Product: AndroidVersions: Android kernelAndroid ID: A-211683760Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20178 (In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is ...) + NOT-FOR-US: Google Pixel +CVE-2022-20177 (Product: AndroidVersions: Android kernelAndroid ID: A-209906686Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20176 (In auth_store of sjtag-driver.c, there is a possible read of uninitial ...) + NOT-FOR-US: Google Pixel +CVE-2022-20175 (Product: AndroidVersions: Android kernelAndroid ID: A-209252491Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20174 (In exynos_secEnv_init of mach-gs101.c, there is a possible out of boun ...) + NOT-FOR-US: Google Pixel +CVE-2022-20173 (Product: AndroidVersions: Android kernelAndroid ID: A-207116951Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20172 (In onbind of ShannonRcsService.java, there is a possible access to pro ...) + NOT-FOR-US: Google Pixel +CVE-2022-20171 (Product: AndroidVersions: Android kernelAndroid ID: A-215565667Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20170 (Product: AndroidVersions: Android kernelAndroid ID: A-209421931Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20169 (Product: AndroidVersions: Android kernelAndroid ID: A-211162353Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20168 (Product: AndroidVersions: Android kernelAndroid ID: A-210594998Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20167 (Product: AndroidVersions: Android kernelAndroid ID: A-204956204Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20166 (In various methods of kernel base drivers, there is a possible out of ...) + - linux 5.10.4-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 + NOTE: https://git.kernel.org/linus/aa838896d87af561a33ecefea1caa4c15a68bc47 (5.10-rc1) +CVE-2022-20165 (In asn1_parse of asn1.c, there is a possible out of bounds read due to ...) + NOT-FOR-US: Google Pixel +CVE-2022-20164 (Product: AndroidVersions: Android kernelAndroid ID: A-204891956Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20163 + RESERVED +CVE-2022-20162 (In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds r ...) + NOT-FOR-US: Google Pixel +CVE-2022-20161 + RESERVED +CVE-2022-20160 (Product: AndroidVersions: Android kernelAndroid ID: A-210083655Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20159 (In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a pos ...) + NOT-FOR-US: Google Pixel +CVE-2022-20158 (In bdi_put and bdi_unregister of backing-dev.c, there is a possible me ...) + - linux (Vulnerable code not present; specific to Android kernels) + NOTE: https://source.android.com/security/bulletin/pixel/2022-08-01 + NOTE: https://lore.kernel.org/all/YvYAmmaJgvydex4p@google.com/ +CVE-2022-20157 + RESERVED +CVE-2022-20156 (In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code ...) + NOT-FOR-US: Google Pixel +CVE-2022-20155 (In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-tr ...) + NOT-FOR-US: Google Pixel +CVE-2022-20154 (In lock_sock_nested of sock.c, there is a possible use after free due ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 + NOTE: https://git.kernel.org/linus/5ec7d18d1813a5bead0b495045606c93873aecbb (5.16-rc8) +CVE-2022-20153 (In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-afte ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.113-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 + NOTE: https://git.kernel.org/linus/f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (5.13-rc1) +CVE-2022-20152 (In the TitanM chip, there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Google Pixel +CVE-2022-20151 (Product: AndroidVersions: Android kernelAndroid ID: A-210712565Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20150 + RESERVED +CVE-2022-20149 (Product: AndroidVersions: Android kernelAndroid ID: A-211685939Referen ...) + NOT-FOR-US: Google Pixel +CVE-2022-20148 (In TBD of TBD, there is a possible use-after-free due to a race condit ...) + - linux 5.15.3-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://source.android.com/security/bulletin/pixel/2022-06-01 +CVE-2022-20147 (In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-20146 (In uploadFile of FileUploadServiceImpl.java, there is a possible incor ...) + NOT-FOR-US: Google Pixel +CVE-2022-20145 (In startLegacyVpnPrivileged of Vpn.java, there is a possible way to re ...) + NOT-FOR-US: Android +CVE-2022-20144 (In multiple functions of AvatarPhotoController.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2022-20143 (In addAutomaticZenRule of ZenModeHelper.java, there is a possible perm ...) + NOT-FOR-US: Android +CVE-2022-20142 (In createFromParcel of GeofenceHardwareRequestParcelable.java, there i ...) + NOT-FOR-US: Android +CVE-2022-20141 (In ip_check_mc_rcu of igmp.c, there is a possible use after free due t ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://source.android.com/security/bulletin/2022-06-01 + NOTE: https://git.kernel.org/linus/23d2b94043ca8835bd1e67749020e839f396a1c2 (5.15-rc1) +CVE-2022-20140 (In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds wri ...) + NOT-FOR-US: Android +CVE-2022-20139 + RESERVED + NOT-FOR-US: Android +CVE-2022-20138 (In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.ja ...) + NOT-FOR-US: Android +CVE-2022-20137 (In onCreateContextMenu of NetworkProviderSettings.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2022-20136 + RESERVED +CVE-2022-20135 (In writeToParcel of GateKeeperResponse.java, there is a possible parce ...) + NOT-FOR-US: Android +CVE-2022-20134 (In readArguments of CallSubjectDialog.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2022-20133 (In setDiscoverableTimeout of AdapterService.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2022-20132 (In lg_probe and related functions of hid-lg.c and other USB HID files, ...) + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + [buster] - linux 4.19.232-1 + [stretch] - linux 4.9.303-1 + NOTE: https://source.android.com/security/bulletin/2022-06-01 +CVE-2022-20131 (In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out ...) + NOT-FOR-US: Android +CVE-2022-20130 (In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible ...) + NOT-FOR-US: Android media framework +CVE-2022-20129 (In registerPhoneAccount of PhoneAccountRegistrar.java, there is a poss ...) + NOT-FOR-US: Android +CVE-2022-20128 + RESERVED + [experimental] - android-platform-tools 33.0.3-1~exp1 + - android-platform-tools 29.0.6-23 + - android-platform-system-core + [bullseye] - android-platform-system-core (Minor issue) + [buster] - android-platform-system-core (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2022/10/25/5 +CVE-2022-20127 (In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds w ...) + NOT-FOR-US: Android +CVE-2022-20126 (In setScanMode of AdapterService.java, there is a possible way to enab ...) + NOT-FOR-US: Android +CVE-2022-20125 (In GBoard, there is a possible way to bypass factory reset protections ...) + NOT-FOR-US: Android +CVE-2022-20124 (In deletePackageX of DeletePackageHelper.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2022-20123 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) + NOT-FOR-US: Android +CVE-2022-20122 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...) + NOT-FOR-US: Imagination Technologies +CVE-2022-20121 (In getNodeValue of USCCDMPlugin.java, there is a possible disclosure o ...) + NOT-FOR-US: Pixel +CVE-2022-20120 (Product: AndroidVersions: Android kernelAndroid ID: A-203213034Referen ...) + NOT-FOR-US: Pixel +CVE-2022-20119 (In private_handle_t of mali_gralloc_buffer.h, there is a possible info ...) + NOT-FOR-US: Pixel +CVE-2022-20118 (In ion_ioctl and related functions of ion.c, there is a possible use a ...) + NOT-FOR-US: Pixel +CVE-2022-20117 (In (TBD) of (TBD), there is a possible way to decrypt local data encry ...) + NOT-FOR-US: Pixel +CVE-2022-20116 (In onEntryUpdated of OngoingCallController.kt, it is possible to launc ...) + NOT-FOR-US: Android +CVE-2022-20115 (In broadcastServiceStateChanged of TelephonyRegistry.java, there is a ...) + NOT-FOR-US: Android +CVE-2022-20114 (In placeCall of TelecomManager.java, there is a possible way for an ap ...) + NOT-FOR-US: Android +CVE-2022-20113 (In mPreference of DefaultUsbConfigurationPreferenceController.java, th ...) + NOT-FOR-US: Android +CVE-2022-20112 (In getAvailabilityStatus of PrivateDnsPreferenceController.java, there ...) + NOT-FOR-US: Android +CVE-2021-42523 (There are two Information Disclosure vulnerabilities in colord, and th ...) + - colord 1.4.6-1 (unimportant) + NOTE: https://github.com/hughsie/colord/issues/110 + NOTE: https://github.com/hughsie/colord/commit/adf41f36cf7214d7d6fa8d528b74eba47c377405 (1.4.6) + NOTE: Memory leak in a system-local daemon, negligible security impact +CVE-2021-42522 (There is a Information Disclosure vulnerability in anjuta/plugins/docu ...) + - anjuta (unimportant) + NOTE: https://gitlab.gnome.org/Archive/anjuta/-/issues/12 + NOTE: Memory leak in GUI application, no security impact +CVE-2021-42521 (There is a NULL pointer dereference vulnerability in VTK before 9.2.5, ...) + - vtk9 (bug #1031877) + [bookworm] - vtk9 (Minor issue) + [bullseye] - vtk9 (Minor issue) + - vtk7 (bug #1034844) + [bullseye] - vtk7 (Minor issue) + [buster] - vtk7 (Minor issue) + - vtk6 (bug #1034843) + [bullseye] - vtk6 (Minor issue) + [buster] - vtk6 (Minor issue) + NOTE: https://gitlab.kitware.com/vtk/vtk/-/issues/17818 +CVE-2021-42520 + RESERVED +CVE-2021-42519 + RESERVED +CVE-2021-42518 + RESERVED +CVE-2021-42517 + RESERVED +CVE-2021-42516 + RESERVED +CVE-2021-42515 + RESERVED +CVE-2021-42514 + RESERVED +CVE-2021-42513 + RESERVED +CVE-2021-42512 + RESERVED +CVE-2021-42511 + RESERVED +CVE-2021-42510 + RESERVED +CVE-2021-42509 + RESERVED +CVE-2021-42508 + RESERVED +CVE-2021-42507 + RESERVED +CVE-2021-42506 + RESERVED +CVE-2021-42505 + RESERVED +CVE-2021-42504 + RESERVED +CVE-2021-42503 + RESERVED +CVE-2021-42502 + RESERVED +CVE-2021-42501 + RESERVED +CVE-2021-42500 + RESERVED +CVE-2021-42499 + RESERVED +CVE-2021-42498 + RESERVED +CVE-2021-42497 + RESERVED +CVE-2021-42496 + RESERVED +CVE-2021-42495 + RESERVED +CVE-2021-42494 + RESERVED +CVE-2021-42493 + RESERVED +CVE-2021-42492 + RESERVED +CVE-2021-42491 + RESERVED +CVE-2021-42490 + RESERVED +CVE-2021-42489 + RESERVED +CVE-2021-42488 + RESERVED +CVE-2021-42487 + RESERVED +CVE-2021-42486 + RESERVED +CVE-2021-42485 + RESERVED +CVE-2021-42484 + RESERVED +CVE-2021-42483 + RESERVED +CVE-2021-42482 + RESERVED +CVE-2021-42481 + RESERVED +CVE-2021-42480 + RESERVED +CVE-2021-42479 + RESERVED +CVE-2021-42478 + RESERVED +CVE-2021-42477 + RESERVED +CVE-2021-42476 + RESERVED +CVE-2021-42475 + RESERVED +CVE-2021-42474 + RESERVED +CVE-2021-42473 + RESERVED +CVE-2021-42472 + RESERVED +CVE-2021-42471 + RESERVED +CVE-2021-42470 + RESERVED +CVE-2021-42469 + RESERVED +CVE-2021-42468 + RESERVED +CVE-2021-42467 + RESERVED +CVE-2021-42466 + RESERVED +CVE-2021-42465 + RESERVED +CVE-2021-42464 + RESERVED +CVE-2021-42463 + RESERVED +CVE-2021-42462 + RESERVED +CVE-2021-42461 + RESERVED +CVE-2021-42460 + RESERVED +CVE-2021-42459 + RESERVED +CVE-2021-42458 + RESERVED +CVE-2021-42457 + RESERVED +CVE-2021-42456 + RESERVED +CVE-2021-42455 + RESERVED +CVE-2021-42454 + RESERVED +CVE-2021-42453 + RESERVED +CVE-2021-42452 + RESERVED +CVE-2021-42451 + RESERVED +CVE-2021-42450 + RESERVED +CVE-2021-42449 + RESERVED +CVE-2021-42448 + RESERVED +CVE-2021-42447 + RESERVED +CVE-2021-42446 + RESERVED +CVE-2021-42445 + RESERVED +CVE-2021-42444 + RESERVED +CVE-2021-42443 + RESERVED +CVE-2021-42442 + RESERVED +CVE-2021-42441 + RESERVED +CVE-2021-42440 + RESERVED +CVE-2021-42439 + RESERVED +CVE-2021-42438 + RESERVED +CVE-2021-42437 + RESERVED +CVE-2021-42436 + RESERVED +CVE-2021-42435 + RESERVED +CVE-2021-42434 + RESERVED +CVE-2021-42433 + RESERVED +CVE-2021-42432 + RESERVED +CVE-2021-42431 + RESERVED +CVE-2021-42430 + RESERVED +CVE-2021-42429 + RESERVED +CVE-2021-42428 + RESERVED +CVE-2021-42427 + RESERVED +CVE-2021-42426 + RESERVED +CVE-2021-42425 + RESERVED +CVE-2021-42424 + RESERVED +CVE-2021-42423 + RESERVED +CVE-2021-42422 + RESERVED +CVE-2021-42421 + RESERVED +CVE-2021-42420 + RESERVED +CVE-2021-42419 + RESERVED +CVE-2021-42418 + RESERVED +CVE-2021-42417 + RESERVED +CVE-2021-42416 + RESERVED +CVE-2021-42415 + RESERVED +CVE-2021-42414 + RESERVED +CVE-2021-42413 + RESERVED +CVE-2021-42412 + RESERVED +CVE-2021-42411 + RESERVED +CVE-2021-42410 + RESERVED +CVE-2021-42409 + RESERVED +CVE-2021-42408 + RESERVED +CVE-2021-42407 + RESERVED +CVE-2021-42406 + RESERVED +CVE-2021-42405 + RESERVED +CVE-2021-42404 + RESERVED +CVE-2021-42403 + RESERVED +CVE-2021-42402 + RESERVED +CVE-2021-42401 + RESERVED +CVE-2021-42400 + RESERVED +CVE-2021-42399 + RESERVED +CVE-2021-42398 + RESERVED +CVE-2021-42397 + RESERVED +CVE-2021-42396 + RESERVED +CVE-2021-42395 + RESERVED +CVE-2021-42394 + RESERVED +CVE-2021-42393 + RESERVED +CVE-2020-36489 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...) + NOT-FOR-US: Dropouts Technologies LLP Air Share +CVE-2020-36488 (An issue in the FTP server of Sky File v2.1.0 allows attackers to perf ...) + NOT-FOR-US: Sky File +CVE-2020-36487 + RESERVED +CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...) + NOT-FOR-US: Swift File Transfer Mobile +CVE-2021-42392 (The org.h2.util.JdbcUtils.getConnection method of the H2 database take ...) + {DSA-5076-1 DLA-2923-1} + - h2database 2.1.210-1 (bug #1003894) + NOTE: https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6 + NOTE: https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ + NOTE: Fixed by https://github.com/h2database/h2database/commit/41dd2a4cf89da9dd18239debbf73f88da6184ec7 + NOTE: https://github.com/h2database/h2database/commit/956c6241868332c5b440f5d55ea8fdc1e51ae4fd +CVE-2021-42391 (Divide-by-zero in Clickhouse's Gorilla compression codec when parsing ...) + - clickhouse (Vulnerable code introduced later) + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-42390 (Divide-by-zero in Clickhouse's DeltaDouble compression codec when pars ...) + - clickhouse (Vulnerable code introduced later) + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-42389 (Divide-by-zero in Clickhouse's Delta compression codec when parsing a ...) + - clickhouse (Vulnerable code introduced later) + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-42388 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) + {DLA-3176-1} + - clickhouse 18.16.1+ds-7.3 (bug #1008216) + [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 + NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-42387 (Heap out-of-bounds read in Clickhouse's LZ4 compression codec when par ...) + {DLA-3176-1} + - clickhouse 18.16.1+ds-7.3 (bug #1008216) + [bullseye] - clickhouse 18.16.1+ds-7.2+deb11u1 + NOTE: https://github.com/ClickHouse/ClickHouse/commit/2aea1c8d4a5be320365472052d8a48bf69fd9fe9 (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/commit/6d83eacec42c7c403c99804a713a9d38caa4a45d (v21.9.1.7685) + NOTE: https://github.com/ClickHouse/ClickHouse/pull/27136 + NOTE: https://jfrog.com/blog/7-rce-and-dos-vulnerabilities-found-in-clickhouse-dbms/ +CVE-2021-42386 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42385 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42384 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42383 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42382 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42381 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42380 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42379 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42378 (A use-after-free in Busybox's awk applet leads to denial of service an ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (Minor issue, requires passing arbitrary awk program, no identified patch) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42377 (An attacker-controlled pointer free in Busybox's hush applet leads to ...) + - busybox 1:1.35.0-1 (bug #999567) + [bullseye] - busybox (Minor issue) + [buster] - busybox (Minor issue) + [stretch] - busybox (CONFIG_HUSH is not set) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ +CVE-2021-42376 (A NULL pointer dereference in Busybox's hush applet leads to denial of ...) + - busybox 1:1.35.0-1 (unimportant; bug #999567) + [stretch] - busybox (CONFIG_HUSH is not set) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42375 (An incorrect handling of a special element in Busybox's ash applet lea ...) + - busybox 1:1.35.0-1 (unimportant; bug #999567) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42374 (An out-of-bounds heap read in Busybox's unlzma applet leads to informa ...) + - busybox 1:1.35.0-1 (unimportant; bug #999567) + [stretch] - busybox (Vulnerable code introduced later) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool with information leak + NOTE: Introduced by https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 (1_27_0) + NOTE: https://git.busybox.net/busybox/commit/?id=04f052c56ded5ab6a904e3a264a73dc0412b2e78 +CVE-2021-42373 (A NULL pointer dereference in Busybox's man applet leads to denial of ...) + - busybox 1:1.35.0-1 (unimportant; bug #999567) + NOTE: https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-42372 (A shell command injection in the HW Events SNMP community in XoruX LPA ...) + NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD +CVE-2021-42371 (lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD ...) + NOT-FOR-US: XoruX LPAR2RRD +CVE-2021-42370 (A password mismanagement situation exists in XoruX LPAR2RRD and STOR2R ...) + NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD +CVE-2021-42369 (Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows ...) + NOT-FOR-US: Imagicle Application Suite +CVE-2021-42368 + RESERVED +CVE-2021-42367 (The Variation Swatches for WooCommerce WordPress plugin is vulnerable ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42366 + RESERVED +CVE-2021-42365 (The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42364 (The Stetic WordPress plugin is vulnerable to Cross-Site Request Forger ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42363 (The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42362 (The WordPress Popular Posts WordPress plugin is vulnerable to arbitrar ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42361 (The Contact Form Email WordPress plugin is vulnerable to Stored Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42360 (On sites that also had the Elementor plugin for WordPress installed, i ...) + NOT-FOR-US: Elementor plugin for WordPress +CVE-2021-42359 (WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, \u2018admin-dismis ...) + NOT-FOR-US: WP DSGVO Tools (GDPR) +CVE-2021-42358 (The Contact Form With Captcha WordPress plugin is vulnerable to Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-42357 (When using Apache Knox SSO prior to 1.6.1, a request could be crafted ...) + NOT-FOR-US: Apache Knox +CVE-2021-42356 + RESERVED +CVE-2021-42355 + RESERVED +CVE-2021-42354 + RESERVED +CVE-2021-42353 + RESERVED +CVE-2021-42352 + RESERVED +CVE-2021-42351 + RESERVED +CVE-2021-42350 + RESERVED +CVE-2021-42349 + RESERVED +CVE-2021-42348 + RESERVED +CVE-2021-42347 + RESERVED +CVE-2020-36485 (Portable Ltd Playable v9.18 was discovered to contain an arbitrary fil ...) + NOT-FOR-US: Portable Ltd Playable +CVE-2021-42346 + RESERVED +CVE-2021-42345 + RESERVED +CVE-2021-42344 + RESERVED +CVE-2021-42343 (An issue was discovered in the Dask distributed package before 2021.10 ...) + - dask.distributed 2021.09.1+ds.1-2 + [bullseye] - dask.distributed 2021.01.0+ds.1-2.1+deb11u1 + [buster] - dask.distributed (Minor issue; can be fixed via point release) + NOTE: https://github.com/dask/distributed/pull/5427 + NOTE: https://github.com/dask/distributed/security/advisories/GHSA-hwqr-f3v9-hwxr +CVE-2021-42342 (An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the fi ...) + NOT-FOR-US: Embedthis GoAhead +CVE-2021-42341 (checkpath in OpenRC before 0.44.7 uses the direct output of strlen() t ...) + - openrc (Introduced in 0.44) + NOTE: https://github.com/OpenRC/openrc/issues/459 + NOTE: https://github.com/OpenRC/openrc/pull/462 + NOTE: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 +CVE-2021-3886 + REJECTED +CVE-2021-3885 + RESERVED +CVE-2021-42340 (The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, ...) + {DSA-5009-1} + - tomcat9 9.0.54-1 + [buster] - tomcat9 (Vulnerable code introduced later) + - tomcat8 + [stretch] - tomcat8 (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/1 + NOTE: https://github.com/apache/tomcat/commit/80f1438ec45e77a07b96419808971838d259eb47 (9.0.54) + NOTE: https://github.com/apache/tomcat/commit/d27535bdee95d252418201eb21e9d29476aa6b6a (8.5.72) + NOTE: Fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=63362 introduced the memory leak. +CVE-2021-3884 + REJECTED +CVE-2021-3883 + REJECTED +CVE-2020-36484 + RESERVED +CVE-2020-36483 + RESERVED +CVE-2020-36482 + RESERVED +CVE-2020-36481 + RESERVED +CVE-2020-36480 + RESERVED +CVE-2020-36479 + RESERVED +CVE-2021-42339 + RESERVED +CVE-2021-42338 (4MOSAn GCB Doctor\u2019s login page has improper validation of Cookie, ...) + NOT-FOR-US: 4MOSAn GCB Doctor +CVE-2021-42337 (The permission control of AIFU cashier management salary query functio ...) + NOT-FOR-US: AIFU cashier management salary +CVE-2021-42336 (The learning history page of the Easytest is vulnerable by permission ...) + NOT-FOR-US: Easytest +CVE-2021-42335 (Easytest bulletin board management function of online learning platfor ...) + NOT-FOR-US: Easytest +CVE-2021-42334 (The Easytest contains SQL injection vulnerabilities. After obtaining a ...) + NOT-FOR-US: Easytest +CVE-2021-42333 (The Easytest contains SQL injection vulnerabilities. After obtaining u ...) + NOT-FOR-US: Easytest +CVE-2021-42332 (The \u201cList View\u201d function of ShinHer StudyOnline System is no ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42331 (The \u201cStudy Edit\u201d function of ShinHer StudyOnline System does ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42330 (The \u201cTeacher Edit\u201d function of ShinHer StudyOnline System do ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2021-42329 (The \u201cList_Add\u201d function of message board of ShinHer StudyOnl ...) + NOT-FOR-US: ShinHer StudyOnline System +CVE-2022-20111 (In ion, there is a possible use after free due to incorrect error hand ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20110 (In ion, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20109 (In ion, there is a possible use after free due to improper update of r ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20108 (In voice service, there is a possible out of bounds write due to a sta ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20107 (In subtitle service, there is a possible application crash due to an i ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20106 (In MM service, there is a possible out of bounds write due to a heap-b ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20105 (In MM service, there is a possible out of bounds write due to a stack- ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20104 (In aee daemon, there is a possible information disclosure due to impro ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20103 (In aee daemon, there is a possible information disclosure due to symbo ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20102 (In aee daemon, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20101 (In aee daemon, there is a possible information disclosure due to a pat ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20100 (In aee daemon, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20099 (In aee daemon, there is a possible out of bounds write due to improper ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20098 (In aee daemon, there is a possible information disclosure due to a mis ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20097 (In aee daemon, there is a possible information disclosure due to a rac ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20096 (In camera, there is a possible information disclosure due to uninitial ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20095 (In imgsensor, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20094 (In imgsensor, there is a possible out of bounds write due to an incorr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20093 (In telephony, there is a possible way to disable receiving SMS message ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20092 (In alac decoder, there is a possible out of bounds read due to a missi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20091 (In aee driver, there is a possible use after free due to a race condit ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20090 (In aee driver, there is a possible use after free due to a race condit ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20089 (In aee driver, there is a possible memory corruption due to active deb ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20088 (In aee driver, there is a possible reference count mistake due to inco ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20087 (In ccu, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20086 + RESERVED +CVE-2022-20085 (In netdiag, there is a possible symbolic link following due to an impr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20084 (In telephony, there is a possible way to disable receiving emergency b ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20083 (In Modem 2G/3G CC, there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20082 (In GPU, there is a possible use after free due to a race condition. Th ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20081 (In A-GPS, there is a possible man in the middle attack due to improper ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20080 (In SUB2AF, there is a possible memory corruption due to a race conditi ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20079 (In vow, there is a possible read of uninitialized data due to a improp ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20078 (In vow, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20077 (In vow, there is a possible memory corruption due to a race condition. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20076 (In ged, there is a possible memory corruption due to an incorrect erro ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20075 (In ged, there is a possible out of bounds write due to an integer over ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20074 (In preloader (partition), there is a possible out of bounds write due ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20073 (In preloader (usb), there is a possible out of bounds write due to a i ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20072 (In search engine service, there is a possible way to change the defaul ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20071 (In ccu, there is a possible escalation of privilege due to a missing c ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20070 (In ssmr, there is a possible out of bounds write due to a missing boun ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20069 (In preloader (usb), there is a possible out of bounds write due to an ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20068 (In mobile_log_d, there is a possible symbolic link following due to an ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20067 (In mdp, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20066 (In atf (hwfde), there is a possible leak of sensitive information due ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20065 (In ccci, there is a possible out of bounds read due to a missing bound ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20064 (In ccci, there is a possible leak of kernel pointer due to an incorrec ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20063 (In atf (spm), there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20062 (In mdp, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20061 + RESERVED +CVE-2022-20060 (In preloader (usb), there is a possible permission bypass due to a mis ...) + NOT-FOR-US: Mediatek +CVE-2022-20059 (In preloader (usb), there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-20058 (In preloader (usb), there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-20057 (In btif, there is a possible memory corruption due to incorrect error ...) + NOT-FOR-US: Mediatek +CVE-2022-20056 (In preloader (usb), there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-20055 (In preloader (usb), there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-20054 (In ims service, there is a possible AT command injection due to a miss ...) + NOT-FOR-US: Mediatek +CVE-2022-20053 (In ims service, there is a possible escalation of privilege due to a m ...) + NOT-FOR-US: Mediatek +CVE-2022-20052 (In mdp, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2022-20051 (In ims service, there is a possible unexpected application behavior du ...) + NOT-FOR-US: Mediatek +CVE-2022-20050 (In connsyslogger, there is a possible symbolic link following due to i ...) + NOT-FOR-US: Mediatek +CVE-2022-20049 (In vpu, there is a possible escalation of privilege due to a missing p ...) + NOT-FOR-US: Mediatek +CVE-2022-20048 (In video decoder, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Mediatek +CVE-2022-20047 (In video decoder, there is a possible out of bounds write due to a mis ...) + NOT-FOR-US: Mediatek +CVE-2022-20046 (In Bluetooth, there is a possible memory corruption due to a logic err ...) + NOT-FOR-US: MediaTek +CVE-2022-20045 (In Bluetooth, there is a possible service crash due to a use after fre ...) + NOT-FOR-US: MediaTek +CVE-2022-20044 (In Bluetooth, there is a possible service crash due to a use after fre ...) + NOT-FOR-US: MediaTek +CVE-2022-20043 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) + NOT-FOR-US: MediaTek +CVE-2022-20042 (In Bluetooth, there is a possible information disclosure due to incorr ...) + NOT-FOR-US: MediaTek +CVE-2022-20041 (In Bluetooth, there is a possible escalation of privilege due to a mis ...) + NOT-FOR-US: MediaTek +CVE-2022-20040 (In power_hal_manager_service, there is a possible permission bypass du ...) + NOT-FOR-US: MediaTek +CVE-2022-20039 (In ccu driver, there is a possible memory corruption due to an integer ...) + NOT-FOR-US: MediaTek +CVE-2022-20038 (In ccu driver, there is a possible memory corruption due to an incorre ...) + NOT-FOR-US: MediaTek +CVE-2022-20037 (In ion driver, there is a possible information disclosure due to an in ...) + NOT-FOR-US: MediaTek +CVE-2022-20036 (In ion driver, there is a possible information disclosure due to an in ...) + NOT-FOR-US: MediaTek +CVE-2022-20035 (In vcu driver, there is a possible information disclosure due to a use ...) + NOT-FOR-US: MediaTek +CVE-2022-20034 (In Preloader XFLASH, there is a possible escalation of privilege due t ...) + NOT-FOR-US: MediaTek +CVE-2022-20033 (In camera driver, there is a possible out of bounds read due to an inc ...) + NOT-FOR-US: MediaTek +CVE-2022-20032 (In vow driver, there is a possible memory corruption due to a race con ...) + NOT-FOR-US: MediaTek +CVE-2022-20031 (In fb driver, there is a possible memory corruption due to a use after ...) + NOT-FOR-US: MediaTek +CVE-2022-20030 (In vow driver, there is a possible out of bounds write due to a stack- ...) + NOT-FOR-US: MediaTek +CVE-2022-20029 (In cmdq driver, there is a possible out of bounds read due to an incor ...) + NOT-FOR-US: MediaTek +CVE-2022-20028 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-20027 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-20026 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-20025 (In Bluetooth, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: MediaTek +CVE-2022-20024 (In system service, there is a possible permission bypass due to a miss ...) + NOT-FOR-US: MediaTek +CVE-2022-20023 (In Bluetooth, there is a possible application crash due to bluetooth f ...) + NOT-FOR-US: MediaTek +CVE-2022-20022 (In Bluetooth, there is a possible link disconnection due to bluetooth ...) + NOT-FOR-US: MediaTek +CVE-2022-20021 (In Bluetooth, there is a possible application crash due to bluetooth d ...) + NOT-FOR-US: MediaTek +CVE-2022-20020 (In libvcodecdrv, there is a possible information disclosure due to a m ...) + NOT-FOR-US: MediaTek +CVE-2022-20019 (In libMtkOmxGsmDec, there is a possible information disclosure due to ...) + NOT-FOR-US: MediaTek +CVE-2022-20018 (In seninf driver, there is a possible information disclosure due to un ...) + NOT-FOR-US: MediaTek +CVE-2022-20017 (In ion driver, there is a possible information disclosure due to an in ...) + NOT-FOR-US: MediaTek +CVE-2022-20016 (In vow driver, there is a possible memory corruption due to improper l ...) + NOT-FOR-US: MediaTek +CVE-2022-20015 (In kd_camera_hw driver, there is a possible information disclosure due ...) + NOT-FOR-US: MediaTek +CVE-2022-20014 (In vow driver, there is a possible memory corruption due to improper i ...) + NOT-FOR-US: MediaTek +CVE-2022-20013 (In vow driver, there is a possible memory corruption due to a race con ...) + NOT-FOR-US: MediaTek +CVE-2022-20012 (In mdp driver, there is a possible memory corruption due to an integer ...) + NOT-FOR-US: MediaTek +CVE-2021-42328 + RESERVED +CVE-2021-42327 (dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu ...) + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux (Vulnerability introduced later) + [stretch] - linux (Vulnerability introduced later) + NOTE: https://lists.freedesktop.org/archives/amd-gfx/2021-October/070170.html +CVE-2021-42326 (Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of ...) + {DLA-2787-1} + - redmine 5.0.0-1 (bug #998417) + NOTE: https://www.redmine.org/news/133 + NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_1#415-2021-10-10 + NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_4_2#423-2021-10-10 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/21209 +CVE-2021-42325 (Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbM ...) + - froxlor (bug #581792) +CVE-2021-42324 (An issue was discovered on DCN (Digital China Networks) S4600-10P-SI d ...) + NOT-FOR-US: DCN S4600 switches +CVE-2021-42323 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42322 (Visual Studio Code Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42321 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42320 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-42319 (Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42318 + RESERVED +CVE-2021-42317 + RESERVED +CVE-2021-42316 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-42315 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42314 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42313 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42312 (Microsoft Defender for IOT Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42311 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42310 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-42309 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-42308 (Microsoft Edge (Chromium-based) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42307 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42306 (Azure Active Directory Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42305 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42304 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42303 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42302 (Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42301 (Azure RTOS Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-42300 (Azure Sphere Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42299 (Microsoft Surface Pro 3 Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42298 (Microsoft Defender Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42297 (Windows 10 Update Assistant Elevation of Privilege Vulnerability This ...) + NOT-FOR-US: Microsoft +CVE-2021-42296 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42295 (Visual Basic for Applications Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42294 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-42293 (Microsoft Jet Red Database Engine and Access Connectivity Engine Eleva ...) + NOT-FOR-US: Microsoft +CVE-2021-42292 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42291 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42290 + RESERVED +CVE-2021-42289 + RESERVED +CVE-2021-42288 (Windows Hello Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42287 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42286 (Windows Core Shell SI Host Extension Framework for Composable Shell El ...) + NOT-FOR-US: Microsoft +CVE-2021-42285 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42284 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42283 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-42282 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42281 + RESERVED +CVE-2021-42280 (Windows Feedback Hub Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42279 (Chakra Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42278 (Active Directory Domain Services Elevation of Privilege Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-42277 (Diagnostics Hub Standard Collector Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-42276 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42275 (Microsoft COM for Windows Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-42274 (Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vul ...) + NOT-FOR-US: Microsoft +CVE-2021-42273 + RESERVED +CVE-2021-42272 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42271 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42270 (Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-b ...) + NOT-FOR-US: Adobe +CVE-2021-42269 (Adobe Animate version 21.0.9 (and earlier) are affected by a use-after ...) + NOT-FOR-US: Adobe +CVE-2021-42268 (Adobe Animate version 21.0.9 (and earlier) is affected by a Null point ...) + NOT-FOR-US: Adobe +CVE-2021-42267 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-42266 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-42265 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-42264 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-42263 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-3882 (LedgerSMB does not set the 'Secure' attribute on the session authoriza ...) + - ledgersmb (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/7061d97a-98a5-495a-8ba0-3a4c66091e9d/ + NOTE: https://ledgersmb.org/content/security-advisory-cve-2021-3882-non-secure-session-cookie +CVE-2021-3881 (libmobi is vulnerable to Out-of-bounds Read) + - libmobi (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21 (v0.8) +CVE-2021-3880 + REJECTED +CVE-2021-3879 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2021-42262 (An issue was discovered in Softing OPC UA C++ SDK before 5.70. An inva ...) + NOT-FOR-US: Softing OPC UA C++ SDK +CVE-2021-42261 (Revisor Video Management System (VMS) before 2.0.0 has a directory tra ...) + NOT-FOR-US: Revisor Video Management System (VMS) +CVE-2021-42260 (TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp ...) + {DLA-3130-1 DLA-2988-1} + - tinyxml 2.6.2-6 + [bullseye] - tinyxml 2.6.2-4+deb11u1 + NOTE: https://sourceforge.net/p/tinyxml/bugs/141/ + NOTE: https://sourceforge.net/p/tinyxml/git/merge-requests/1/ +CVE-2021-42259 + RESERVED +CVE-2021-42258 (BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL i ...) + NOT-FOR-US: BQE BillQuick Web Suite +CVE-2021-42257 (check_smart before 6.9.1 allows unintended drive access by an unprivil ...) + NOT-FOR-US: check_smart Icinga plugin +CVE-2021-42256 + RESERVED +CVE-2021-3878 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: CoreNLP +CVE-2021-42255 (AppGuard Enterprise before 6.7.100.1 creates a Temporary File in a Dir ...) + NOT-FOR-US: BeyondTrust AppGuard +CVE-2021-42254 (BeyondTrust Privilege Management prior to version 21.6 creates a Tempo ...) + NOT-FOR-US: BeyondTrust Privilege Management +CVE-2021-42253 + RESERVED +CVE-2021-42252 (An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/ ...) + {DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/b49a0e69a7b1a68c8d3f64097d06dabb770fec96 (5.15-rc1) +CVE-2021-42251 + RESERVED +CVE-2021-42250 (Improper output neutralization for Logs. A specific Apache Superset HT ...) + NOT-FOR-US: Apache Superset +CVE-2021-42249 + RESERVED +CVE-2021-42248 (GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON inpu ...) + [experimental] - golang-github-tidwall-gjson 1.14.4-1 + - golang-github-tidwall-gjson (bug #1011616) + [bookworm] - golang-github-tidwall-gjson (Minor issue) + [bullseye] - golang-github-tidwall-gjson (Minor issue) + [buster] - golang-github-tidwall-gjson (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://github.com/tidwall/gjson/issues/237 + NOTE: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96 (v1.9.3) +CVE-2021-42247 + RESERVED +CVE-2021-42246 + RESERVED +CVE-2021-42245 (FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in p ...) + NOT-FOR-US: FlatCore-CMS +CVE-2021-42244 (A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo ...) + NOT-FOR-US: PaquitoSoftware Notimoo +CVE-2021-42243 + RESERVED +CVE-2021-42242 (A command execution vulnerability exists in jfinal_cms 5.0.1 via com.j ...) + NOT-FOR-US: jfinal_cms +CVE-2021-42241 + RESERVED +CVE-2021-42240 + RESERVED +CVE-2021-42239 + RESERVED +CVE-2021-42238 + RESERVED +CVE-2021-42237 (Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnera ...) + NOT-FOR-US: Sitecore +CVE-2021-42236 + RESERVED +CVE-2021-42235 (SQL injection in osTicket before 1.14.8 and 1.15.4 login and password ...) + NOT-FOR-US: osTicket +CVE-2021-42234 + RESERVED +CVE-2021-42233 (The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cros ...) + NOT-FOR-US: Simple Blog plugin in Wondercms +CVE-2021-42232 (TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command inj ...) + NOT-FOR-US: TP-Link +CVE-2021-42231 + RESERVED +CVE-2021-42230 (Seowon 130-SLC router all versions as of 2021-09-15 is vulnerable to R ...) + NOT-FOR-US: SEOWON 130-SLC +CVE-2021-42229 + RESERVED +CVE-2021-42228 (A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor ...) + NOT-FOR-US: KindEditor +CVE-2021-42227 (Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x vi ...) + NOT-FOR-US: KindEditor +CVE-2021-42226 + RESERVED +CVE-2021-42225 + RESERVED +CVE-2021-42224 (SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via ...) + NOT-FOR-US: IFSC Code Finder Project +CVE-2021-42223 (Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking M ...) + NOT-FOR-US: Online DJ Booking Management System +CVE-2021-42222 + RESERVED +CVE-2021-42221 + RESERVED +CVE-2021-42220 (A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 1 ...) + - dolibarr +CVE-2021-42219 (Go-Ethereum v1.10.9 was discovered to contain an issue which allows at ...) + - golang-github-go-ethereum (bug #890541) +CVE-2021-42218 (OMPL v1.5.2 contains a memory leak in VFRRT.cpp) + - ompl (unimportant) + [stretch] - ompl (VFRRT introduced in v1.2) + NOTE: https://github.com/ompl/ompl/issues/839 + NOTE: https://github.com/ompl/ompl/commit/abb4fadcb4e4fe4c9cf41e5e7706143a66948eb7 + NOTE: Negligible security impact +CVE-2021-42217 + RESERVED +CVE-2021-42216 (A Broken or Risky Cryptographic Algorithm exists in AnonAddy 0.8.5 via ...) + NOT-FOR-US: AnonAddy +CVE-2021-42215 + RESERVED +CVE-2021-42214 + RESERVED +CVE-2021-42213 + RESERVED +CVE-2021-42212 + RESERVED +CVE-2021-42211 + RESERVED +CVE-2021-42210 + RESERVED +CVE-2021-42209 + RESERVED +CVE-2021-42208 + RESERVED +CVE-2021-42207 + RESERVED +CVE-2021-42206 + RESERVED +CVE-2021-42205 (ELAN Miniport touchpad Windows driver before 24.21.51.2, as used in PC ...) + NOT-FOR-US: ELAN Miniport touchpad Windows driver +CVE-2021-42204 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/169 +CVE-2021-42203 (An issue was discovered in swftools through 20201222. A heap-use-after ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/176 +CVE-2021-42202 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/171 +CVE-2021-42201 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/175 +CVE-2021-42200 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/170 +CVE-2021-42199 (An issue was discovered in swftools through 20201222. A heap buffer ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/173 +CVE-2021-42198 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/168 +CVE-2021-42197 (An issue was discovered in swftools through 20201222 through a memory ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/177 +CVE-2021-42196 (An issue was discovered in swftools through 20201222. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/172 +CVE-2021-42195 (An issue was discovered in swftools through 20201222. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/174 +CVE-2021-42194 (The wechat_return function in /controller/Index.php of EyouCms V1.5.4- ...) + NOT-FOR-US: Eyoucms +CVE-2021-42193 + RESERVED +CVE-2021-42192 (Konga v0.14.9 is affected by an incorrect access control vulnerability ...) + NOT-FOR-US: KONGA +CVE-2021-42191 + RESERVED +CVE-2021-42190 + RESERVED +CVE-2021-42189 + RESERVED +CVE-2021-42188 + RESERVED +CVE-2021-42187 + RESERVED +CVE-2021-42186 + REJECTED +CVE-2021-42185 (wdja v2.1 is affected by a SQL injection vulnerability in the foregrou ...) + NOT-FOR-US: WDJA CMS +CVE-2021-42184 + RESERVED +CVE-2021-42183 (MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index. ...) + NOT-FOR-US: MasaCMS +CVE-2021-42182 + RESERVED +CVE-2021-42181 + RESERVED +CVE-2021-42180 + RESERVED +CVE-2021-42179 + RESERVED +CVE-2021-42178 + RESERVED +CVE-2021-42177 + RESERVED +CVE-2021-42176 + RESERVED +CVE-2021-42175 + RESERVED +CVE-2021-42174 + RESERVED +CVE-2021-42173 + RESERVED +CVE-2021-42172 + RESERVED +CVE-2021-42171 (Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can ...) + NOT-FOR-US: Zenario CMS +CVE-2021-42170 + RESERVED +CVE-2021-42169 (The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite ...) + NOT-FOR-US: Dynamic Tax Bracket in PHP using SQLite Free Source Code +CVE-2021-42168 (Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sha ...) + NOT-FOR-US: Sourcecodester +CVE-2021-42167 + RESERVED +CVE-2021-42166 + RESERVED +CVE-2021-42165 (MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authen ...) + NOT-FOR-US: MitraStar +CVE-2021-42164 + RESERVED +CVE-2021-42163 + RESERVED +CVE-2021-42162 + RESERVED +CVE-2021-42161 + RESERVED +CVE-2021-42160 + RESERVED +CVE-2021-42159 + RESERVED +CVE-2021-42158 + RESERVED +CVE-2021-42157 + RESERVED +CVE-2021-42156 + RESERVED +CVE-2021-42155 + RESERVED +CVE-2021-42154 + RESERVED +CVE-2021-42153 + RESERVED +CVE-2021-42152 + RESERVED +CVE-2021-42151 + RESERVED +CVE-2021-42150 + RESERVED +CVE-2021-42149 + RESERVED +CVE-2021-42148 + RESERVED +CVE-2021-3877 + REJECTED +CVE-2021-42147 + RESERVED +CVE-2021-42146 + RESERVED +CVE-2021-42145 + RESERVED +CVE-2021-42144 + RESERVED +CVE-2021-42143 + RESERVED +CVE-2021-42142 + RESERVED +CVE-2021-42141 + RESERVED +CVE-2021-42140 + RESERVED +CVE-2021-42139 (Deno Standard Modules before 0.107.0 allows Code Injection via an untr ...) + NOT-FOR-US: Deno +CVE-2021-42138 (A user of a machine protected by SafeNet Agent for Windows Logon may l ...) + NOT-FOR-US: SafeNet +CVE-2021-42137 (An issue was discovered in Zammad before 5.0.1. In some cases, there i ...) + - zammad (bug #841355) +CVE-2021-42136 (A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data ...) + NOT-FOR-US: REDCap +CVE-2021-42135 (HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an u ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-42134 (The Unicorn framework before 0.36.1 for Django allows XSS via a compon ...) + NOT-FOR-US: Django Unicorn, different from src:unicorn +CVE-2021-3876 + REJECTED +CVE-2021-3875 (vim is vulnerable to Heap-based Buffer Overflow) + - vim 2:8.2.3565-1 (bug #996593) + [bullseye] - vim (Vulnerable feature and code introduced later) + [buster] - vim (Vulnerable feature and code introduced later) + [stretch] - vim (Vulnerable feature and code introduced later) + NOTE: https://huntr.dev/bounties/5cdbc168-6ba1-4bc2-ba6c-28be12166a53/ + NOTE: Search from cursor position introduced in: https://github.com/vim/vim/commit/04db26b36000a4677b95403ec94bd11f6cc73975 (v8.2.3110) + NOTE: Fixed by: https://github.com/vim/vim/commit/35a319b77f897744eec1155b736e9372c9c5575f (v8.2.3489) +CVE-2021-42133 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) + NOT-FOR-US: Ivanti +CVE-2021-42132 (A command Injection vulnerability exists in Ivanti Avalanche before 6. ...) + NOT-FOR-US: Ivanti +CVE-2021-42131 (A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 a ...) + NOT-FOR-US: Ivanti +CVE-2021-42130 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) + NOT-FOR-US: Ivanti +CVE-2021-42129 (A command injection vulnerability exists in Ivanti Avalanche before 6. ...) + NOT-FOR-US: Ivanti +CVE-2021-42128 (An exposed dangerous function vulnerability exists in Ivanti Avalanche ...) + NOT-FOR-US: Ivanti +CVE-2021-42127 (A deserialization of untrusted data vulnerability exists in Ivanti Ava ...) + NOT-FOR-US: Ivanti +CVE-2021-42126 (An improper authorization control vulnerability exists in Ivanti Avala ...) + NOT-FOR-US: Ivanti +CVE-2021-42125 (An unrestricted file upload vulnerability exists in Ivanti Avalanche b ...) + NOT-FOR-US: Ivanti +CVE-2021-42124 (An improper access control vulnerability exists in Ivanti Avalanche be ...) + NOT-FOR-US: Ivanti +CVE-2021-42123 (Unrestricted File Upload in Web Applications operating on Business-DNA ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42122 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42121 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42120 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42119 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42118 (Persistent Cross Site Scripting in Web Applications operating on Busin ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42117 (Insufficient Input Validation in Web Applications operating on Busines ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42116 (Incorrect Access Control in Web Applications operating on Business-DNA ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42115 (Missing HTTPOnly flag in Web Applications operating on Business-DNA So ...) + NOT-FOR-US: Business-DNA Solutions +CVE-2021-42114 (Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability ...) + NOT-FOR-US: hardware vulnerability in DRAM devices (Blacksmith) + NOTE: https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf + NOTE: https://comsec.ethz.ch/research/dram/blacksmith/ +CVE-2021-42113 (An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH ...) + NOT-FOR-US: Insyde +CVE-2021-42112 (The "File upload question" functionality in LimeSurvey 3.x-LTS through ...) + - limesurvey (bug #472802) +CVE-2021-42111 (An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 fo ...) + NOT-FOR-US: RCDevs OpenOTP app +CVE-2021-42110 (An issue was discovered in Allegro Windows (formerly Popsy Windows) be ...) + NOT-FOR-US: Allegro Windows +CVE-2021-3874 (bookstack is vulnerable to Improper Limitation of a Pathname to a Rest ...) + NOT-FOR-US: bookstack +CVE-2021-3873 + REJECTED +CVE-2021-42109 (VITEC Exterity IPTV products through 2021-04-30 allow privilege escala ...) + NOT-FOR-US: VITEC Exterity IPTV products +CVE-2021-42108 (Unnecessary privilege vulnerabilities in the Web Console of Trend Micr ...) + NOT-FOR-US: Trend Micro +CVE-2021-42107 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42106 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42105 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42104 (Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex On ...) + NOT-FOR-US: Trend Micro +CVE-2021-42103 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-42102 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-42101 (An uncontrolled search path element vulnerabilities in Trend Micro Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-3872 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-3182-1 DLA-2947-1} + - vim 2:8.2.3565-1 + [bullseye] - vim (Minor issue) + NOTE: https://huntr.dev/bounties/c958013b-1c09-4939-92ca-92f50aa169e8 + NOTE: https://github.com/vim/vim/commit/826bfe4bbd7594188e3d74d2539d9707b1c6a14b +CVE-2021-3871 + REJECTED +CVE-2021-3870 + REJECTED +CVE-2021-41133 (Flatpak is a system for building, distributing, and running sandboxed ...) + {DSA-4984-1} + - flatpak 1.12.1-1 (bug #995935) + [buster] - flatpak (Not exploitable with Debian buster kernel, intrusive to backport; requires updated libseccomp) + [stretch] - flatpak (Difficult to exploit) + NOTE: https://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q + NOTE: Sourcewise fixed in 1.12.0-1 already, but 1.12.1-1 adds stricter dependency + NOTE: to libseccomp 2.5.2 so that CVE-2021-41133 is fully prevented. + NOTE: https://github.com/flatpak/flatpak/commit/e26ac7586c392b5eb35ff4609fe232c52523b2cf + NOTE: https://github.com/flatpak/flatpak/commit/89ae9fe74c6d445bb1b3a40e568d77cf5de47e48 + NOTE: https://github.com/flatpak/flatpak/commit/26b12484eb8a6219b9e7aa287b298a894b2f34ca + NOTE: https://github.com/flatpak/flatpak/commit/a10f52a7565c549612c92b8e736a6698a53db330 + NOTE: https://github.com/flatpak/flatpak/commit/9766ee05b1425db397d2cf23afd24c7f6146a69f + NOTE: https://github.com/flatpak/flatpak/commit/4c34815784e9ffda5733225c7d95824f96375e36 + NOTE: https://github.com/flatpak/flatpak/commit/1330662f33a55e88bfe18e76de28b7922d91a999 + NOTE: https://github.com/flatpak/flatpak/commit/462fca2c666e0cd2b60d6d2593a7216a83047aaf + NOTE: Regression followups: + NOTE: https://github.com/flatpak/flatpak/commit/d419fa67038370e4f4c3ce8c3b5f672d4876cfc8 + NOTE: https://github.com/flatpak/flatpak/commit/3fc8c672676ae016f8e7cc90481b2feecbad9861 +CVE-2021-42100 + RESERVED +CVE-2021-42099 (Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to file- ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42098 (An incomplete permission check on entries in Devolutions Remote Deskto ...) + NOT-FOR-US: Devolutions +CVE-2021-42097 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csr ...) + {DSA-4991-1 DLA-2791-1} + - mailman + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 + NOTE: https://bugs.launchpad.net/mailman/+bug/1947640 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ + NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 + NOTE: Regression: https://bugs.launchpad.net/mailman/+bug/1954694 + NOTE: Regression fixed by: https://launchpadlibrarian.net/573872803/patch.txt +CVE-2021-42096 (GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A cer ...) + {DSA-4991-1 DLA-2791-1} + - mailman + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1873 + NOTE: https://bugs.launchpad.net/mailman/+bug/1947639 + NOTE: https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ + NOTE: https://www.openwall.com/lists/oss-security/2021/10/21/4 +CVE-2021-42095 (Xshell before 7.0.0.76 allows attackers to cause a crash by triggering ...) + NOT-FOR-US: NetSarang Xshell +CVE-2021-42094 (An issue was discovered in Zammad before 4.1.1. Command Injection can ...) + - zammad (bug #841355) +CVE-2021-42093 (An issue was discovered in Zammad before 4.1.1. An admin can execute c ...) + - zammad (bug #841355) +CVE-2021-42092 (An issue was discovered in Zammad before 4.1.1. Stored XSS may occur v ...) + - zammad (bug #841355) +CVE-2021-42091 (An issue was discovered in Zammad before 4.1.1. SSRF can occur via Git ...) + - zammad (bug #841355) +CVE-2021-42090 (An issue was discovered in Zammad before 4.1.1. The Form functionality ...) + - zammad (bug #841355) +CVE-2021-42089 (An issue was discovered in Zammad before 4.1.1. The REST API discloses ...) + - zammad (bug #841355) +CVE-2021-42088 (An issue was discovered in Zammad before 4.1.1. The Chat functionality ...) + - zammad (bug #841355) +CVE-2021-42087 (An issue was discovered in Zammad before 4.1.1. An admin can discover ...) + - zammad (bug #841355) +CVE-2021-42086 (An issue was discovered in Zammad before 4.1.1. An Agent account can m ...) + - zammad (bug #841355) +CVE-2021-42085 (An issue was discovered in Zammad before 4.1.1. There is stored XSS vi ...) + - zammad (bug #841355) +CVE-2021-42084 (An issue was discovered in Zammad before 4.1.1. An attacker with valid ...) + - zammad (bug #841355) +CVE-2021-3869 (corenlp is vulnerable to Improper Restriction of XML External Entity R ...) + NOT-FOR-US: CoreNLP +CVE-2021-42083 (An authenticated attacker is able to create alerts that trigger a stor ...) + NOT-FOR-US: QuantaStor +CVE-2021-42082 (Local users are able to execute scripts under root privileges.) + NOT-FOR-US: QuantaStor +CVE-2021-42081 (An authenticated administrator is allowed to remotely execute arbitrar ...) + NOT-FOR-US: QuantaStor +CVE-2021-42080 (An attacker is able to launch a Reflected XSS attack using a crafted U ...) + NOT-FOR-US: QuantaStor +CVE-2021-42079 (An authenticated administrator is able to prepare an alert that is abl ...) + NOT-FOR-US: QuantaStor +CVE-2021-42078 (PHP Event Calendar through 2021-11-04 allows persistent cross-site scr ...) + NOT-FOR-US: PHP Event Calendar +CVE-2021-42077 (PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstr ...) + NOT-FOR-US: PHP Event Calendar +CVE-2021-42076 (An issue was discovered in Barrier before 2.3.4. An attacker can cause ...) + NOT-FOR-US: Barrier +CVE-2021-42075 (An issue was discovered in Barrier before 2.3.4. The barriers componen ...) + NOT-FOR-US: Barrier +CVE-2021-42074 (An issue was discovered in Barrier before 2.3.4. An unauthenticated at ...) + NOT-FOR-US: Barrier +CVE-2021-42073 (An issue was discovered in Barrier before 2.4.0. An attacker can enter ...) + NOT-FOR-US: Barrier +CVE-2021-42072 (An issue was discovered in Barrier before 2.4.0. The barriers componen ...) + NOT-FOR-US: Barrier +CVE-2021-42071 (In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can ach ...) + NOT-FOR-US: Visual Tools DVR VX16 +CVE-2021-42070 (When a user opens manipulated Jupiter Tessellation (.jt) file received ...) + NOT-FOR-US: SAP +CVE-2021-42069 (When a user opens manipulated Tagged Image File Format (.tif) file rec ...) + NOT-FOR-US: SAP +CVE-2021-42068 (When a user opens a manipulated GIF (.gif) file received from untruste ...) + NOT-FOR-US: SAP +CVE-2021-42067 (In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 71 ...) + NOT-FOR-US: SAP +CVE-2021-42066 (SAP Business One - version 10.0, allows an admin user to view DB passw ...) + NOT-FOR-US: SAP +CVE-2021-42065 + RESERVED +CVE-2021-42064 (If configured to use an Oracle database and if a query is created usin ...) + NOT-FOR-US: SAP +CVE-2021-42063 (A security vulnerability has been discovered in the SAP Knowledge Ware ...) + NOT-FOR-US: SAP +CVE-2021-42062 (SAP ERP HCM Portugal does not perform necessary authorization checks f ...) + NOT-FOR-US: SAP +CVE-2021-42061 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence) ...) + NOT-FOR-US: SAP +CVE-2021-3868 + REJECTED +CVE-2021-3867 + REJECTED +CVE-2021-3866 (Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip m ...) + - zulip-server (bug #800052) + NOTE: https://github.com/zulip/zulip/commit/3eb2791c3e9695f7d37ffe84e0c2184fae665cb6 +CVE-2021-42060 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 through 05.08.4 ...) + NOT-FOR-US: Insyde +CVE-2021-42059 (An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41 ...) + NOT-FOR-US: Insyde +CVE-2021-42058 + RESERVED +CVE-2021-42057 (Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The ev ...) + NOT-FOR-US: Obsidian Dataview +CVE-2021-42056 (Thales Safenet Authentication Client (SAC) for Linux and Windows throu ...) + NOT-FOR-US: Thales +CVE-2021-42055 (ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insec ...) + NOT-FOR-US: ASUSTek ZenBook Pro Due 15 UX582 laptop firmware +CVE-2021-42054 (ACCEL-PPP 1.12.0 has an out-of-bounds read in triton_context_schedule ...) + NOT-FOR-US: ACCEL-PPP +CVE-2021-42053 (The Unicorn framework through 0.35.3 for Django allows XSS via compone ...) + NOT-FOR-US: Django Unicorn, different from src:unicorn +CVE-2021-42052 (IPESA e-Flow 3.3.6 allows path traversal for reading any file within t ...) + NOT-FOR-US: IPESA e-Flow +CVE-2021-42051 (An issue was discovered in AbanteCart before 1.3.2. Any low-privileged ...) + NOT-FOR-US: AbanteCart +CVE-2021-42050 (An issue was discovered in AbanteCart before 1.3.2. It allows DOM Base ...) + NOT-FOR-US: AbanteCart +CVE-2021-42049 (An issue was discovered in the Translate extension in MediaWiki throug ...) + NOT-FOR-US: Translate MediaWiki extension +CVE-2021-42048 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) + NOT-FOR-US: Growth MediaWiki extension +CVE-2021-42047 (An issue was discovered in the Growth extension in MediaWiki through 1 ...) + NOT-FOR-US: Growth MediaWiki extension +CVE-2021-42046 (An issue was discovered in the GlobalWatchlist extension in MediaWiki ...) + NOT-FOR-US: GlobalWatchlist MediaWiki extension +CVE-2021-42045 (An issue was discovered in SecurePoll in the Growth extension in Media ...) + NOT-FOR-US: SecurePoll MediaWiki extension +CVE-2021-42044 (An issue was discovered in the Mentor dashboard in the GrowthExperimen ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2021-42043 (An issue was discovered in Special:MediaSearch in the MediaSearch exte ...) + NOT-FOR-US: MediaSearch MediaWiki extension +CVE-2021-42042 (An issue was discovered in SpecialEditGrowthConfig in the GrowthExperi ...) + NOT-FOR-US: GrowthExperiments MediaWiki extension +CVE-2021-42041 (An issue was discovered in CentralAuth in MediaWiki through 1.36.2. Th ...) + NOT-FOR-US: CentralAuth MediaWiki extension +CVE-2021-42040 (An issue was discovered in MediaWiki through 1.36.2. A parser function ...) + NOT-FOR-US: Loops MediaWiki extension +CVE-2021-3865 + RESERVED +CVE-2022-20011 (In getArray of NotificationManagerService.java , there is a possible l ...) + - android-platform-frameworks-base (unimportant) + NOTE: https://source.android.com/security/bulletin/2022-05-01 + NOTE: https://android.googlesource.com/platform/frameworks/base/+/f315ba91df3829d862371fbab9da584ce0a59bc6 + NOTE: Not accessible in Debian builds, No security impact for Android as provided in Debian +CVE-2022-20010 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2022-20009 (In various functions of the USB gadget subsystem, there is a possible ...) + NOTE: CVE-2022-20009 duplicate of CVE-2022-25375 and CVE-2022-25258, Android CNA contacted +CVE-2022-20008 (In mmc_blk_read_single of block.c, there is a possible way to read ker ...) + - linux 5.16.11-1 + [bullseye] - linux 5.10.103-1 + [buster] - linux 4.19.232-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://source.android.com/security/bulletin/2022-05-01 + NOTE: https://git.kernel.org/linus/54309fde1a352ad2674ebba004a79f7d20b9f037 (5.17-rc5) +CVE-2022-20007 (In startActivityForAttachedApplicationIfNeeded of RootWindowContainer. ...) + NOT-FOR-US: Android +CVE-2022-20006 (In several functions of KeyguardServiceWrapper.java and related files, ...) + NOT-FOR-US: Android +CVE-2022-20005 (In validateApkInstallLocked of PackageInstallerSession.java, there is ...) + NOT-FOR-US: Android +CVE-2022-20004 (In checkSlicePermission of SliceManagerService.java, it is possible to ...) + NOT-FOR-US: Android +CVE-2022-20003 + RESERVED +CVE-2022-20002 (In incfs, there is a possible way of mounting on arbitrary paths due t ...) + NOT-FOR-US: Android +CVE-2021-42039 + RESERVED +CVE-2021-42038 + RESERVED +CVE-2021-42037 + RESERVED +CVE-2021-42036 + RESERVED +CVE-2021-42035 + RESERVED +CVE-2021-42034 + RESERVED +CVE-2021-42033 + RESERVED +CVE-2021-42032 + RESERVED +CVE-2021-42031 + RESERVED +CVE-2021-42030 + RESERVED +CVE-2021-42029 (A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) V15 ...) + NOT-FOR-US: Siemens +CVE-2021-42028 + RESERVED +CVE-2021-42027 (A vulnerability has been identified in SINUMERIK Edge (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-42026 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42025 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42024 (A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All ...) + NOT-FOR-US: Siemens +CVE-2021-42023 (A vulnerability has been identified in ModelSim Simulation (All versio ...) + NOT-FOR-US: Siemens +CVE-2021-42022 (A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Packa ...) + NOT-FOR-US: Siemens +CVE-2021-42021 (A vulnerability has been identified in Siveillance Video DLNA Server ( ...) + NOT-FOR-US: Siemens +CVE-2021-42020 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2021-42019 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2021-42018 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2021-42017 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) + NOT-FOR-US: Siemens +CVE-2021-42016 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, ...) + NOT-FOR-US: Siemens +CVE-2021-42015 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Siemens +CVE-2021-42014 + RESERVED +CVE-2021-42013 (It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4 ...) + - apache2 2.4.51-1 + [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) + [buster] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) + [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49/2.4.50) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/07/6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 +CVE-2021-3864 (A flaw was found in the way the dumpable flag setting was handled when ...) + - linux + NOTE: https://www.openwall.com/lists/oss-security/2021/10/20/2 +CVE-2021-42012 (A stack-based buffer overflow vulnerability in Trend Micro Apex One, A ...) + NOT-FOR-US: Trend Micro +CVE-2021-42011 (An incorrect permission assignment vulnerability in Trend Micro Apex O ...) + NOT-FOR-US: Trend Micro +CVE-2021-3863 (snipe-it is vulnerable to Improper Neutralization of Input During Web ...) + - snipe-it (bug #1005172) +CVE-2021-42010 (Heron versions <= 0.20.4-incubating allows CRLF log injection because ...) + NOT-FOR-US: Apache Heron +CVE-2021-42009 (An authenticated Apache Traffic Control Traffic Ops user with Portal-l ...) + NOT-FOR-US: Apache Traffic Control +CVE-2021-3862 (icecoder is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: icecoder +CVE-2021-3861 (The RNDIS USB device class includes a buffer overflow vulnerability. Z ...) + NOT-FOR-US: zephyr-rtos +CVE-2021-3860 (JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vul ...) + NOT-FOR-US: JFrog Artifactory +CVE-2021-3859 (A flaw was found in Undertow that tripped the client-side invocation t ...) + - undertow 2.2.16-1 (bug #1015983) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2010378 + NOTE: https://github.com/undertow-io/undertow/commit/e43f0ada3f4da6e8579e0020cec3cb1a81e487c2 +CVE-2021-42008 (The decode_data function in drivers/net/hamradio/6pack.c in the Linux ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/19d1532a187669ce86d5a2696eb7275310070793 (5.14-rc7) +CVE-2021-42007 + RESERVED +CVE-2021-42006 (An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 ...) + - libgclib 0.12.7+ds-2 (bug #996591) + [bullseye] - libgclib (Minor issue) + NOTE: https://github.com/gpertea/gclib/issues/11 +CVE-2021-42005 + RESERVED +CVE-2021-42004 + RESERVED +CVE-2021-42003 + RESERVED +CVE-2021-42002 (Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-42001 (PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption ...) + NOT-FOR-US: pingidentity +CVE-2021-42000 (When a password reset or password change flow with an authentication p ...) + NOT-FOR-US: pingidentity +CVE-2021-41999 + RESERVED +CVE-2021-41998 + RESERVED +CVE-2021-41997 + RESERVED +CVE-2021-41996 + RESERVED +CVE-2021-41995 (A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerab ...) + NOT-FOR-US: pingidentity +CVE-2021-41994 (A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerabl ...) + NOT-FOR-US: pingidentity +CVE-2021-41993 (A misconfiguration of RSA in PingID Android app prior to 1.19 is vulne ...) + NOT-FOR-US: pingidentity +CVE-2021-41992 (A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vuln ...) + NOT-FOR-US: pingidentity +CVE-2021-41991 (The in-memory certificate cache in strongSwan before 5.9.4 has a remot ...) + {DSA-4989-1 DLA-2788-1} + - strongswan 5.9.4-1 + NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html +CVE-2021-41990 (The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...) + {DSA-4989-1} + - strongswan 5.9.4-1 + [stretch] - strongswan (The vulnerable code was introduced later in version 5.6.1) + NOTE: https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html +CVE-2021-41989 (Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Dire ...) + NOT-FOR-US: Qlik +CVE-2021-41988 (Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in ...) + NOT-FOR-US: Qlik +CVE-2021-41987 (In the SCEP Server of RouterOS in certain Mikrotik products, an attack ...) + NOT-FOR-US: Mikrotik +CVE-2021-41986 + REJECTED +CVE-2021-41985 + REJECTED +CVE-2021-41984 + REJECTED +CVE-2021-41983 + REJECTED +CVE-2021-41982 + REJECTED +CVE-2021-41981 + REJECTED +CVE-2021-41980 + REJECTED +CVE-2021-41979 + REJECTED +CVE-2021-41978 + REJECTED +CVE-2021-41977 + REJECTED +CVE-2021-41976 (Tad Uploader edit book list function is vulnerable to authorization by ...) + NOT-FOR-US: Tad Uploader +CVE-2021-41975 (TadTools special page is vulnerable to authorization bypass, thus remo ...) + NOT-FOR-US: TadTools +CVE-2021-41974 (Tad Book3 editing book page does not perform identity verification. Re ...) + NOT-FOR-US: Tad Book3 +CVE-2021-3858 (snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)) + - snipe-it (bug #1005172) +CVE-2021-3857 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: chaskiq +CVE-2021-41973 (In Apache MINA, a specifically crafted, malformed HTTP request may cau ...) + NOT-FOR-US: Apache MINA +CVE-2021-41972 (Apache Superset up to and including 1.3.1 allowed for database connect ...) + NOT-FOR-US: Apache Superset +CVE-2021-41971 (Apache Superset up to and including 1.3.0 when configured with ENABLE_ ...) + NOT-FOR-US: Apache Superset +CVE-2021-3856 (ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows read ...) + NOT-FOR-US: Keycloak +CVE-2021-3855 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Liman MYS +CVE-2021-3854 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) + NOT-FOR-US: Glox Technology Useroam Hotspot +CVE-2021-XXXX [RUSTSEC-2021-0119: Out-of-bounds write in nix::unistd::getgrouplist] + - rust-nix 0.19.0-2 (bug #995562) + [bullseye] - rust-nix (Minor issue) + [buster] - rust-nix (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0119.html + NOTE: https://github.com/nix-rust/nix/issues/1541 +CVE-2021-41970 + RESERVED +CVE-2021-41969 + RESERVED +CVE-2021-41968 + RESERVED +CVE-2021-41967 + RESERVED +CVE-2021-41966 + RESERVED +CVE-2021-41965 (A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4 ...) + NOT-FOR-US: ChurchCRM +CVE-2021-41964 + RESERVED +CVE-2021-41963 + RESERVED +CVE-2021-41962 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41961 + RESERVED +CVE-2021-41960 + RESERVED +CVE-2021-41959 (JerryScript Git version 14ff5bf does not sufficiently track and releas ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4781 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4166 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4787 +CVE-2021-41958 + RESERVED +CVE-2021-41957 + RESERVED +CVE-2021-41956 + RESERVED +CVE-2021-41955 + RESERVED +CVE-2021-41954 + RESERVED +CVE-2021-41953 + RESERVED +CVE-2021-41952 (Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via ...) + NOT-FOR-US: Zenario CMS +CVE-2021-41951 (ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Si ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41950 (A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41949 + RESERVED +CVE-2021-41948 (A cross-site scripting (XSS) vulnerability exists in the "contact us" ...) + NOT-FOR-US: Subrion CMS plugin +CVE-2021-41947 (A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visu ...) + NOT-FOR-US: Subrion CMS +CVE-2021-41946 (In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting ...) + NOT-FOR-US: FiberHome VDSL2 Modem +CVE-2021-41945 (Encode OSS httpx < 0.23.0 is affected by improper input validation in ...) + - httpx 0.23.0-1 (bug #1010336) + [bullseye] - httpx (Minor issue) + NOTE: https://gist.github.com/lebr0nli/4edb76bbd3b5ff993cf44f2fbce5e571 + NOTE: https://github.com/encode/httpx/discussions/1831 + NOTE: https://github.com/encode/httpx/issues/2184 + NOTE: affected code has moved upstream, from _models.py to a new file, _urls.py + NOTE: https://sources.debian.org/src/httpx/0.22.0-2/httpx/_models.py/?hl=537#L537 +CVE-2021-41944 + RESERVED +CVE-2021-41943 (Logrhythm Web Console 7.4.9 allows for HTML tag injection through Cont ...) + NOT-FOR-US: Logrhythm Web Console +CVE-2021-41942 (The Magic CMS MSVOD v10 video system has a SQL injection vulnerability ...) + NOT-FOR-US: Magic CMS +CVE-2021-41941 + RESERVED +CVE-2021-41940 + RESERVED +CVE-2021-41939 + RESERVED +CVE-2021-41938 (An issue was discovered in ShopXO CMS 2.2.0. After entering the manage ...) + NOT-FOR-US: ShopXO CMS +CVE-2021-41937 + RESERVED +CVE-2021-41936 + RESERVED +CVE-2021-41935 + RESERVED +CVE-2021-41934 + RESERVED +CVE-2021-41933 + RESERVED +CVE-2021-41932 (A blind SQL injection vulnerability in search form in TeamMate+ Audit ...) + NOT-FOR-US: TeamMate+ Audit +CVE-2021-41931 (The Company's Recruitment Management System in id=2 of the parameter f ...) + NOT-FOR-US: Company's Recruitment Management System +CVE-2021-41930 (Cross site scripting (XSS) vulnerability in Sourcecodester Online Covi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41929 (Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Mana ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41928 (SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41927 + REJECTED +CVE-2021-41926 + RESERVED +CVE-2021-41925 + RESERVED +CVE-2021-41924 (Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting ( ...) + NOT-FOR-US: Webkul krayin crm +CVE-2021-41923 + RESERVED +CVE-2021-41922 + RESERVED +CVE-2021-41921 (novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file ...) + NOT-FOR-US: Novel-plus +CVE-2021-41920 (webTareas version 2.4 and earlier allows an unauthenticated user to pe ...) + NOT-FOR-US: webTareas +CVE-2021-41919 (webTareas version 2.4 and earlier allows an authenticated user to arbi ...) + NOT-FOR-US: webTareas +CVE-2021-41918 (webTareas version 2.4 and earlier allows an authenticated user to inje ...) + NOT-FOR-US: webTareas +CVE-2021-41917 (webTareas version 2.4 and earlier allows an authenticated user to stor ...) + NOT-FOR-US: webTareas +CVE-2021-41916 (A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version ...) + NOT-FOR-US: webTareas +CVE-2021-41915 + RESERVED +CVE-2021-41914 + RESERVED +CVE-2021-41913 + RESERVED +CVE-2021-41912 + RESERVED +CVE-2021-41911 + RESERVED +CVE-2021-41910 + RESERVED +CVE-2021-41909 + RESERVED +CVE-2021-41908 + RESERVED +CVE-2021-41907 + RESERVED +CVE-2021-41906 + RESERVED +CVE-2021-41905 + RESERVED +CVE-2021-41904 + RESERVED +CVE-2021-41903 + RESERVED +CVE-2021-41902 + RESERVED +CVE-2021-41901 + RESERVED +CVE-2021-41900 + RESERVED +CVE-2021-41899 + RESERVED +CVE-2021-41898 + RESERVED +CVE-2021-41897 + RESERVED +CVE-2021-41896 + RESERVED +CVE-2021-41895 + RESERVED +CVE-2021-41894 + RESERVED +CVE-2021-41893 + RESERVED +CVE-2021-41892 + RESERVED +CVE-2021-41891 + RESERVED +CVE-2021-41890 + RESERVED +CVE-2021-41889 + RESERVED +CVE-2021-41888 + RESERVED +CVE-2021-41887 + RESERVED +CVE-2021-41886 + RESERVED +CVE-2021-41885 + RESERVED +CVE-2021-41884 + RESERVED +CVE-2021-41883 + RESERVED +CVE-2021-41882 + RESERVED +CVE-2021-41881 + RESERVED +CVE-2021-41880 + RESERVED +CVE-2021-41879 + RESERVED +CVE-2021-41878 (A reflected cross-site scripting (XSS) vulnerability exists in the i-P ...) + NOT-FOR-US: i-Panel Administration System +CVE-2021-41877 + RESERVED +CVE-2021-41876 + RESERVED +CVE-2021-41875 + RESERVED +CVE-2021-41874 (An unauthorized access vulnerabiitly exists in all versions of Portain ...) + NOT-FOR-US: Portainer +CVE-2021-41873 (Penguin Aurora TV Box 41502 is a high-end network HD set-top box produ ...) + NOT-FOR-US: Penguin Aurora TV Box 41502 +CVE-2021-41872 (Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of s ...) + NOT-FOR-US: Skyworth Digital Technology Penguin Aurora Box 41502 +CVE-2021-41871 (An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper ...) + NOT-FOR-US: Socomec +CVE-2021-41870 (An issue was discovered in the firmware update form in Socomec REMOTE ...) + NOT-FOR-US: Socomec +CVE-2021-41869 (SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41868 (OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to u ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Issue is an edge case; additionally invasive to fix) + [buster] - onionshare (Vulnerable code not present) + NOTE: https://github.com/onionshare/onionshare/issues/1396 +CVE-2021-41867 (An information disclosure vulnerability in OnionShare 2.3 before 2.4 a ...) + - onionshare 2.5-1 (bug #1014966) + [bullseye] - onionshare (Vulnerable code not present) + [buster] - onionshare (Vulnerable code not present) +CVE-2021-41866 (MyBB before 1.8.28 allows stored XSS because the displayed Template Na ...) + NOT-FOR-US: MyBB +CVE-2021-3853 (chaskiq is vulnerable to Improper Neutralization of Input During Web P ...) + NOT-FOR-US: chaskiq +CVE-2021-3852 (growi is vulnerable to Authorization Bypass Through User-Controlled Ke ...) + NOT-FOR-US: GROWI +CVE-2021-41865 (HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authe ...) + - nomad (Only affects 1.1.x) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311 + NOTE: https://github.com/hashicorp/nomad/issues/11243 + NOTE: https://github.com/hashicorp/nomad/pull/11257 +CVE-2021-41864 (prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kern ...) + {DSA-5096-1 DLA-2941-1 DLA-2843-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=30e29a9a2bc6a4888335a6ede968b75cd329657a +CVE-2021-41863 + RESERVED +CVE-2021-41862 (AviatorScript through 5.2.7 allows code execution via an expression th ...) + NOT-FOR-US: AviatorScript +CVE-2021-41861 (The Telegram application 7.5.0 through 7.8.0 for Android does not prop ...) + NOT-FOR-US: Telegram for Android +CVE-2021-41860 + RESERVED +CVE-2021-41859 + RESERVED +CVE-2021-41858 + RESERVED +CVE-2021-41857 + RESERVED +CVE-2021-41856 + RESERVED +CVE-2021-41855 + RESERVED +CVE-2021-41854 + RESERVED +CVE-2021-41853 + RESERVED +CVE-2021-41852 + RESERVED +CVE-2021-41851 + RESERVED +CVE-2021-3851 (firefly-iii is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: firefly-iii +CVE-2021-3850 (Authentication Bypass by Primary Weakness in GitHub repository adodb/a ...) + {DSA-5101-1 DLA-2912-1} + - libphp-adodb 5.21.4-1 (bug #1004376) + NOTE: https://github.com/ADOdb/ADOdb/issues/793 + NOTE: https://github.com/adodb/adodb/commit/b4d5ce70034c5aac3a1d51d317d93c037a0938d2 (v5.21.4) + NOTE: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29 (v5.20.21) + NOTE: https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf + NOTE: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c/ +CVE-2021-3849 (An authentication bypass vulnerability was discovered in the web inter ...) + NOT-FOR-US: Lenovo +CVE-2021-41850 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A p ...) + NOT-FOR-US: Luna Simo +CVE-2021-41849 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...) + NOT-FOR-US: Luna Simo +CVE-2021-41848 (An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It ...) + NOT-FOR-US: Luna Simo +CVE-2021-41847 (An issue was discovered in 3xLogic Infinias Access Control through 6.7 ...) + NOT-FOR-US: 3xLogic +CVE-2021-41846 + RESERVED +CVE-2021-41845 (A SQL injection issue was discovered in ThycoticCentrify Secret Server ...) + NOT-FOR-US: ThycoticCentrify Secret Server +CVE-2021-41844 (Crocoblock JetEngine before 2.9.1 does not properly validate and sanit ...) + NOT-FOR-US: Crocoblock JetEngine +CVE-2021-41843 (An authenticated SQL injection issue in the calendar search function o ...) + NOT-FOR-US: OpenEMR +CVE-2021-41842 (An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08 ...) + NOT-FOR-US: Insyde +CVE-2021-41841 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) + NOT-FOR-US: Insyde +CVE-2021-41840 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41839 (An issue was discovered in NvmExpressDxe in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41838 (An issue was discovered in SdHostDriver in the kernel 5.0 through 5.5 ...) + NOT-FOR-US: Insyde +CVE-2021-41837 (An issue was discovered in AhciBusDxe in the kernel 5.0 through 5.5 in ...) + NOT-FOR-US: Insyde +CVE-2021-41833 (Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to una ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3848 (An arbitrary file creation by privilege escalation vulnerability in Tr ...) + NOT-FOR-US: Trend Micro +CVE-2021-3847 (An unauthorized access to the execution of the setuid file with capabi ...) + - linux + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2009704 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/14/3 +CVE-2021-3846 (firefly-iii is vulnerable to Unrestricted Upload of File with Dangerou ...) + NOT-FOR-US: firefly-iii +CVE-2021-23139 (A null pointer vulnerability in Trend Micro Apex One and Worry-Free Bu ...) + NOT-FOR-US: Trend Micro +CVE-2021-3845 (ws-scrcpy is vulnerable to External Control of File Name or Path) + NOT-FOR-US: ws-scrcpy +CVE-2021-41832 (It is possible for an attacker to manipulate documents to appear to be ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-41831 (It is possible for an attacker to manipulate the timestamp of signed d ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-41830 (It is possible for an attacker to manipulate signed documents and macr ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-3844 (Rapid7 InsightVM suffers from insufficient session expiration when an ...) + NOT-FOR-US: Rapid7 InsightVM +CVE-2021-3843 (A potential vulnerability in the SMI function to access EEPROM in some ...) + NOT-FOR-US: Lenovo +CVE-2021-3842 (nltk is vulnerable to Inefficient Regular Expression Complexity) + - nltk 3.6.7-1 (bug #1003142) + [bullseye] - nltk (Minor issue) + [buster] - nltk (Minor issue) + [stretch] - nltk (Minor issue) + NOTE: https://huntr.dev/bounties/761a761e-2be2-430a-8d92-6f74ffe9866a/ + NOTE: https://github.com/nltk/nltk/commit/2a50a3edc9d35f57ae42a921c621edc160877f4d (3.6.6) +CVE-2021-3841 + RESERVED +CVE-2021-41829 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41828 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41827 (Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41826 (PlaceOS Authentication Service before 1.29.10.0 allows app/controllers ...) + NOT-FOR-US: PlaceOS Authentication Service +CVE-2021-41825 (Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection ...) + NOT-FOR-US: Verint Workforce Optimization (WFO) +CVE-2021-41824 (Craft CMS before 3.7.14 allows CSV injection.) + NOT-FOR-US: Craft CMS +CVE-2021-41823 (The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows ...) + NOT-FOR-US: Kemp LoadMaster +CVE-2021-41822 + RESERVED +CVE-2021-41821 (Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer U ...) + NOT-FOR-US: Wazuh +CVE-2021-41820 + RESERVED +CVE-2021-41819 (CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes i ...) + {DSA-5067-1 DSA-5066-1 DLA-2853-1} + - ruby3.0 3.0.3-1 (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 + - ruby2.3 + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/cookie-prefix-spoofing-in-cgi-cookie-parse-cve-2021-41819/ + NOTE: Fixed by: https://github.com/ruby/cgi/commit/052eb3a828b0f99bca39cfd800f6c2b91307dbd5 (v0.3.1) +CVE-2021-41818 + RESERVED +CVE-2021-41817 (Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regula ...) + {DSA-5067-1 DSA-5066-1 DLA-2853-1} + - ruby3.0 3.0.3-1 (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 + - ruby2.3 + NOTE: Fixed in Ruby 3.0.3, 2.7.5, 2.6.9 + NOTE: https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/ + NOTE: Fixed by: https://github.com/ruby/date/commit/3959accef8da5c128f8a8e2fd54e932a4fb253b0 (v3.2.2) + NOTE: Followups to mimic previous behaviour: + NOTE: https://github.com/ruby/date/commit/8f2d7a0c7e52cea8333824bd527822e5449ed83d (v3.2.2) + NOTE: https://github.com/ruby/date/commit/376c65942bd1d81803f14d37351737df60ec4664 (v3.2.2) +CVE-2021-41816 (CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integ ...) + {DSA-5067-1} + - ruby3.0 3.0.3-1 (bug #1002995) + - ruby2.7 2.7.5-1 + - ruby2.5 (Vulnerable code introduced later) + - ruby2.3 (Vulnerable code introduced later) + NOTE: Fixed in Ruby 3.0.3, 2.7.5 + NOTE: https://www.ruby-lang.org/en/news/2021/11/24/buffer-overrun-in-cgi-escape_html-cve-2021-41816/ + NOTE: Introduced by: https://github.com/ruby/cgi/commit/3a62e20f76ea42ff0b4d45f2952479eab266ae1c (v0.1.0) + NOTE: Fixed by: https://github.com/ruby/cgi/commit/c728632c1c09d46cfd4ecbff9caaa3651dd1002a (v0.3.1) +CVE-2021-41815 + RESERVED +CVE-2021-41814 + RESERVED +CVE-2021-41813 + RESERVED +CVE-2021-41812 + RESERVED +CVE-2021-41811 + RESERVED +CVE-2021-41810 (Admin tool allows storing configuration data with script which may the ...) + NOT-FOR-US: M-Files Server +CVE-2021-41809 (SSRF vulnerability in M-Files Server products with versions before 22. ...) + NOT-FOR-US: M-Files Server +CVE-2021-41808 (In M-Files Server product with versions before 21.11.10775.0, enabling ...) + NOT-FOR-US: M-Files Server +CVE-2021-41807 (Lack of rate limiting in M-Files Server and M-Files Web products with ...) + NOT-FOR-US: M-Files Server +CVE-2021-41806 + RESERVED +CVE-2021-41805 (HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1. ...) + - consul (Only affects Consul Enterprise) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-29-consul-enterprise-namespace-default-acls-allow-privilege-escalation/31871 +CVE-2021-41804 + RESERVED +CVE-2021-41803 (HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properl ...) + - consul (bug #1034841) + [bullseye] - consul (Minor issue) + [buster] - consul (Vulnerable Code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2022-19-consul-auto-config-jwt-authorization-missing-input-validation/44627 + NOTE: https://github.com/hashicorp/consul/commit/34872682e44f6e7e6359c88bf9e333fa1002a99b (v1.11.9) +CVE-2021-41802 (HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-41801 (The ReplaceText extension through 1.41 for MediaWiki has Incorrect Acc ...) + {DSA-4979-1} + - mediawiki 1:1.35.4-1 + [stretch] - mediawiki (The vulnerable code was introduced later) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T279090 +CVE-2021-41800 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) + {DSA-4979-1} + - mediawiki 1:1.35.4-1 + [stretch] - mediawiki (The vulnerable code was introduced later) + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T284419 + NOTE: Fixed by https://github.com/wikimedia/mediawiki/commit/781caf83dba90c18349f930bbaaa0e89f003f874 +CVE-2021-41799 (MediaWiki before 1.36.2 allows a denial of service (resource consumpti ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.4-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T290379 +CVE-2021-41798 (MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages a ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.4-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ + NOTE: https://phabricator.wikimedia.org/T285515 +CVE-2021-41797 + REJECTED +CVE-2021-41796 + REJECTED +CVE-2021-41795 (The Safari app extension bundled with 1Password for Mac 7.7.0 through ...) + NOT-FOR-US: 1Password +CVE-2021-41794 (ogs_fqdn_parse in Open5GS 1.0.0 through 2.3.3 inappropriately trusts a ...) + NOT-FOR-US: Open5GS +CVE-2021-41793 + RESERVED +CVE-2021-41792 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) + NOT-FOR-US: Hyland org.alfresco:alfresco-content-services +CVE-2021-41791 (An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 a ...) + NOT-FOR-US: Hyland org.alfresco:share and Hyland org.alfresco:community-share +CVE-2021-41790 (An issue was discovered in Hyland org.alfresco:alfresco-content-servic ...) + NOT-FOR-US: Hyland org.alfresco:alfresco-content-services +CVE-2021-41789 (In wifi driver, there is a possible system crash due to a missing vali ...) + NOT-FOR-US: Mediatek devices +CVE-2021-41788 (MediaTek microchips, as used in NETGEAR devices through 2021-12-13 and ...) + NOT-FOR-US: Netgear +CVE-2021-3840 (A dependency confusion vulnerability was reported in the Antilles open ...) + NOT-FOR-US: Antilles +CVE-2021-41787 + RESERVED +CVE-2021-41786 + RESERVED +CVE-2021-41785 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41784 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41783 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41782 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41781 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41780 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit +CVE-2021-41779 + RESERVED +CVE-2021-41778 + RESERVED +CVE-2021-41777 + RESERVED +CVE-2021-41776 + RESERVED +CVE-2021-41775 + RESERVED +CVE-2021-41774 + RESERVED +CVE-2021-41773 (A flaw was found in a change made to path normalization in Apache HTTP ...) + - apache2 2.4.50-1 + [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) + [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) + [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41773 + NOTE: Fixed by: https://svn.apache.org/r1893775 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/2 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/08/1 +CVE-2021-3839 (A flaw was found in the vhost library in DPDK. Function vhost_user_set ...) + {DSA-5130-1} + - dpdk 20.11.5-1 (bug #1010641) + [buster] - dpdk (Vulnerable code introduced later) + [stretch] - dpdk (Vulnerable code introduced later) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=657 + NOTE: Introduced by: https://github.com/DPDK/dpdk/commit/ad0a4ae491fe3b10338441dfdf11a9b3a1c05798 (v19.11-rc1) + NOTE: Fixed by: https://github.com/DPDK/dpdk/commit/6442c329b9d2ded0f44b27d2016aaba8ba5844c5 (v22.03-rc4) +CVE-2017-20007 (Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allo ...) + NOT-FOR-US: Ingeteam INGEPAC DA AU +CVE-2021-41772 (Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reade ...) + - golang-1.17 1.17.3-1 + - golang-1.16 1.16.10-1 + - golang-1.15 (Vulnerable code introduced later in go1.16beta1) + - golang-1.11 (Vulnerable code introduced later in go1.16beta1) + - golang-1.8 (Vulnerable code introduced later in go1.16beta1) + - golang-1.7 (Vulnerable code introduced later in go1.16beta1) + NOTE: https://github.com/golang/go/issues/48085 + NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc + NOTE: Introduced in: https://github.com/golang/go/commit/1296ee6b4f9058be75c799513ccb488d2f2dd085 (go1.16beta1) + NOTE: https://github.com/golang/go/commit/b212ba68296b503b395e7d1838ca72a19030a6bf (go1.17.3) + NOTE: https://github.com/golang/go/commit/88407a8dd98411f1730907dc8a69b99488af0052 (go1.16.10) +CVE-2021-41771 (ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16 ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.3-1 + - golang-1.16 1.16.10-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/48990 + NOTE: https://groups.google.com/g/golang-announce/c/0fM21h43arc + NOTE: https://github.com/golang/go/commit/4a842985bf3f71d93a2b1340d9d6685bebc12b6b (go1.17.3) + NOTE: https://github.com/golang/go/commit/d19c5bdb24e093a2d5097b7623284eb02726cede (go1.16.10) +CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing valida ...) + NOT-FOR-US: Ping Identity PingFederate +CVE-2021-3838 [Deserialization of Untrusted Data using PHAR deserialization] + RESERVED + {DLA-3495-2 DLA-3495-1} + - php-dompdf 2.0.2+dfsg-1 + [bullseye] - php-dompdf (Minor issue) + NOTE: https://github.com/dompdf/dompdf/issues/2564 + NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e + NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a (v2.0.0) +CVE-2021-41769 (A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU v ...) + NOT-FOR-US: Siemens +CVE-2021-41768 + RESERVED +CVE-2021-41767 (Apache Guacamole 1.3.0 and older may incorrectly include a private tun ...) + - guacamole-client (bug #1015986) + [stretch] - guacamole-client (unmaintained stretch-only package) + NOTE: https://www.openwall.com/lists/oss-security/2022/01/11/6 +CVE-2021-3837 (openwhyd is vulnerable to Improper Authorization) + NOT-FOR-US: openwhyd +CVE-2021-41766 (Apache Karaf allows monitoring of applications and the Java runtime by ...) + - apache-karaf (bug #881297) +CVE-2021-3836 (dbeaver is vulnerable to Improper Restriction of XML External Entity R ...) + - dbeaver (bug #680987) + NOTE: https://github.com/dbeaver/dbeaver/commit/4debf8f25184b7283681ed3fb5e9e887d9d4fe22 +CVE-2021-3835 (Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain ...) + NOT-FOR-US: zephyr-rtos +CVE-2021-3834 (Integria IMS in its 5.0.92 version does not filter correctly some fiel ...) + NOT-FOR-US: Integria IMS +CVE-2021-3833 (Integria IMS login check uses a loose comparator ("==") to compare the ...) + NOT-FOR-US: Integria IMS +CVE-2021-3832 (Integria IMS in its 5.0.92 version is vulnerable to a Remote Code Exec ...) + NOT-FOR-US: Integria IMS +CVE-2021-3831 (gnuboard5 is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: gnuboard5 +CVE-2021-41765 (A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of R ...) + NOT-FOR-US: ResourceSpace +CVE-2021-41764 (A cross-site request forgery (CSRF) vulnerability exists in Streama up ...) + NOT-FOR-US: Streama +CVE-2021-41763 + RESERVED +CVE-2021-41762 + RESERVED +CVE-2021-41761 + RESERVED +CVE-2021-41760 + RESERVED +CVE-2021-41759 + RESERVED +CVE-2021-41758 + RESERVED +CVE-2021-41757 + RESERVED +CVE-2021-41756 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter ...) + NOT-FOR-US: dynamicMarkt +CVE-2021-41755 (dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 paramete ...) + NOT-FOR-US: dynamicMarkt +CVE-2021-41754 (dynamicMarkt <= 3.10 is affected by SQL injection in the parent parame ...) + NOT-FOR-US: dynamicMarkt +CVE-2021-41753 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + NOT-FOR-US: D-Link +CVE-2021-41752 (Stack overflow vulnerability in Jerryscript before commit e1ce7dd72712 ...) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4779 +CVE-2021-41751 (Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:9 ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/pull/4797 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/4912e3b739f4d00e51a46d883b020d2208be28a2 +CVE-2021-41750 (A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4. ...) + NOT-FOR-US: SEOmatic plugin for Craft CMS +CVE-2021-41749 (In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible fo ...) + NOT-FOR-US: SEOmatic plugin for Craft CMS +CVE-2021-41748 + REJECTED +CVE-2021-41747 (Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, wh ...) + NOT-FOR-US: Csdn APP +CVE-2021-41746 (SQL Injection vulnerability exists in all versions of Yonyou TurboCRM. ...) + NOT-FOR-US: Yonyou TurboCRM +CVE-2021-41745 (ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can us ...) + NOT-FOR-US: ShowDoc +CVE-2021-41744 (All versions of yongyou PLM are affected by a command injection issue. ...) + NOT-FOR-US: yongyou PLM +CVE-2021-41743 + RESERVED +CVE-2021-41742 + RESERVED +CVE-2021-41741 + RESERVED +CVE-2021-41740 + RESERVED +CVE-2021-41739 (A OS Command Injection vulnerability was discovered in Artica Proxy 4. ...) + NOT-FOR-US: Artica Web Proxy +CVE-2021-41738 (ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerb ...) + NOT-FOR-US: ZeroShell +CVE-2021-41737 + RESERVED + - faust (bug #1014783) + [bookworm] - faust (Minor issue) + [bullseye] - faust (Minor issue) + [buster] - faust (Minor issue) + [stretch] - faust (Minor issue, no patch/acknowledgment yet) + NOTE: https://github.com/grame-cncm/faust/issues/653 +CVE-2021-41736 (Faust v2.35.0 was discovered to contain a heap-buffer overflow in the ...) + - faust (bug #1014783) + [bookworm] - faust (Minor issue) + [bullseye] - faust (Minor issue) + [buster] - faust (Minor issue) + [stretch] - faust (Minor issue, no patch/acknowledgment yet) + NOTE: https://github.com/grame-cncm/faust/issues/653 +CVE-2021-41735 + RESERVED +CVE-2021-41734 + RESERVED +CVE-2021-41733 (Oppia 3.1.4 does not verify that certain URLs are valid before navigat ...) + NOT-FOR-US: Oppia +CVE-2021-41732 (An issue was discovered in zeek version 4.1.0. There is a HTTP request ...) + - zeek (unimportant) + NOTE: https://github.com/zeek/zeek/issues/1798 + NOTE: Disputed validitity of the security issue +CVE-2021-41731 (Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News ...) + NOT-FOR-US: Sourcecodester News247 News Magazine (CMS) +CVE-2021-41730 + RESERVED +CVE-2021-41729 (BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerab ...) + NOT-FOR-US: BaiCloud-cms +CVE-2021-41728 (Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41727 + RESERVED +CVE-2021-41726 + RESERVED +CVE-2021-41725 + RESERVED +CVE-2021-41724 + RESERVED +CVE-2021-41723 + RESERVED +CVE-2021-41722 + RESERVED +CVE-2021-41721 + RESERVED +CVE-2021-41720 + REJECTED +CVE-2021-41719 + RESERVED +CVE-2021-41718 + RESERVED +CVE-2021-41717 + RESERVED +CVE-2021-41716 (Maharashtra State Electricity Board Mahavitara Android Application 8.2 ...) + NOT-FOR-US: Maharashtra State Electricity Board Mahavitara Android Application +CVE-2021-41715 (libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither ...) + - libsixel 1.10.3-1 + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/libsixel/libsixel/commit/d299d67c532a5133a57aade5c35ff8e612c73dd8 (1.10.1) + NOTE: https://github.com/libsixel/libsixel/pull/28 + NOTE: https://github.com/libsixel/libsixel/issues/27 +CVE-2021-41714 (In Tipask < 3.5.9, path parameters entered by the user are not validat ...) + NOT-FOR-US: sdfsky/tipask +CVE-2021-41713 + RESERVED +CVE-2021-41712 + RESERVED +CVE-2021-41711 + RESERVED +CVE-2021-41710 + RESERVED +CVE-2021-41709 + RESERVED +CVE-2021-41708 + RESERVED +CVE-2021-41707 + RESERVED +CVE-2021-41706 + RESERVED +CVE-2021-41705 + RESERVED +CVE-2021-41704 + RESERVED +CVE-2021-41703 + RESERVED +CVE-2021-41702 + RESERVED +CVE-2021-41701 + RESERVED +CVE-2021-41700 + RESERVED +CVE-2021-41699 + RESERVED +CVE-2021-41698 + RESERVED +CVE-2021-41697 (A reflected Cross Site Scripting (XSS) vulnerability exists in Premium ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41696 (An authentication bypass (account takeover) vulnerability exists in Pr ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41695 (An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 v ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41694 (An Incorrect Access Control vulnerability exists in Premiumdatingscrip ...) + NOT-FOR-US: Premiumdatingscript +CVE-2021-41693 + RESERVED +CVE-2021-41692 + RESERVED +CVE-2021-41691 + RESERVED +CVE-2021-41690 (DCMTK through 3.6.6 does not handle memory free properly. The malloced ...) + - dcmtk 3.6.7-1 + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) +CVE-2021-41689 (DCMTK through 3.6.6 does not handle string copy properly. Sending spec ...) + - dcmtk 3.6.7-1 + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://github.com/DCMTK/dcmtk/commit/5c14bf53fb42ceca12bbcc0016e8704b1580920d (DCMTK-3.6.7) +CVE-2021-41688 (DCMTK through 3.6.6 does not handle memory free properly. The object i ...) + - dcmtk 3.6.7-1 + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) +CVE-2021-41687 (DCMTK through 3.6.6 does not handle memory free properly. The program ...) + - dcmtk 3.6.7-1 + [bullseye] - dcmtk (Minor issue) + [buster] - dcmtk (Minor issue) + NOTE: https://github.com/DCMTK/dcmtk/commit/a9697dfeb672b0b9412c00c7d36d801e27ec85cb (DCMTK-3.6.7) +CVE-2021-41686 + RESERVED +CVE-2021-41685 + RESERVED +CVE-2021-41684 + RESERVED +CVE-2021-41683 (There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_ty ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4745 +CVE-2021-41682 (There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_c ...) + - iotjs (bug #1015219) + [bullseye] - iotjs (Minor issue) + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/4747 + NOTE: https://github.com/jerryscript-project/jerryscript/commit/3ad76f932c8d2e3b9ba2d95e64848698ec7d7290 +CVE-2021-41681 + RESERVED +CVE-2021-41680 + RESERVED +CVE-2021-41679 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41678 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41677 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-41676 (An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point o ...) + NOT-FOR-US: oretnom23 Pharmacy Point of Sale System +CVE-2021-41675 (A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E- ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41674 (An SQL Injection vulnerability exists in Sourcecodester E-Negosyo Syst ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41673 + RESERVED +CVE-2021-41672 (PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection i ...) + NOT-FOR-US: PEEL Shopping CMS +CVE-2021-41671 + RESERVED +CVE-2021-41670 + RESERVED +CVE-2021-41669 + RESERVED +CVE-2021-41668 + RESERVED +CVE-2021-41667 + RESERVED +CVE-2021-41666 + RESERVED +CVE-2021-41665 + RESERVED +CVE-2021-41664 + RESERVED +CVE-2021-41663 (A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. T ...) + NOT-FOR-US: Mini CMS +CVE-2021-41662 (The South Gate Inn Online Reservation System v1.0 contains an SQL inje ...) + NOT-FOR-US: South Gate Inn Online Reservation System +CVE-2021-41661 (Church Management System version 1.0 is affected by a SQL anjection vu ...) + NOT-FOR-US: Church Management System +CVE-2021-41660 (SQL injection vulnerability in Sourcecodester Patient Appointment Sche ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41659 (SQL injection vulnerability in Sourcecodester Banking System v1 by ore ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41658 (Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41657 (SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulne ...) + NOT-FOR-US: SmartBear CodeCollaborator +CVE-2021-41656 + RESERVED +CVE-2021-41655 + RESERVED +CVE-2021-41654 (SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows at ...) + NOT-FOR-US: Wuzhicms +CVE-2021-41653 (The PING function on the TP-Link TL-WR840N EU v5 router with firmware ...) + NOT-FOR-US: TP-Link +CVE-2021-41652 (Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 al ...) + NOT-FOR-US: BatFlat CMS +CVE-2021-41651 (A blind SQL injection vulnerability exists in the Raymart DG / Ahmed H ...) + NOT-FOR-US: Raymart DG / Ahmed Helal Hotel-mgmt-system +CVE-2021-41650 + RESERVED +CVE-2021-41649 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-41648 (An un-authenticated SQL Injection exists in PuneethReddyHC online-shop ...) + NOT-FOR-US: PuneethReddyHC online-shopping-system +CVE-2021-41647 (An un-authenticated error-based and time-based blind SQL injection vul ...) + NOT-FOR-US: Kaushik Jadhav Online Food Ordering Web App +CVE-2021-41646 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Onl ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41645 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Bud ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41644 (Remote Code Exection (RCE) vulnerability exists in Sourcecodester Onli ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41643 (Remote Code Execution (RCE) vulnerability exists in Sourcecodester Chu ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41642 + RESERVED +CVE-2021-41641 (Deno <=1.14.0 file sandbox does not handle symbolic links correctly. W ...) + NOT-FOR-US: Deno +CVE-2021-41640 + RESERVED +CVE-2021-41639 (MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in ...) + NOT-FOR-US: MELAG +CVE-2021-41638 (The authentication checks of the MELAG FTP Server in version 2.2.0.4 a ...) + NOT-FOR-US: MELAG +CVE-2021-41637 (Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the ...) + NOT-FOR-US: MELAG +CVE-2021-41636 (MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to ...) + NOT-FOR-US: MELAG +CVE-2021-41635 (When installed as Windows service MELAG FTP Server 2.2.0.4 is run as S ...) + NOT-FOR-US: MELAG +CVE-2021-41634 (A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an ...) + NOT-FOR-US: MELAG +CVE-2021-41633 + RESERVED +CVE-2021-41632 + RESERVED +CVE-2021-41631 + RESERVED +CVE-2021-41630 + RESERVED +CVE-2021-41629 + RESERVED +CVE-2021-41628 + RESERVED +CVE-2021-41627 + RESERVED +CVE-2021-41626 + RESERVED +CVE-2021-41625 + RESERVED +CVE-2021-41624 + RESERVED +CVE-2021-41623 + RESERVED +CVE-2021-41622 + RESERVED +CVE-2021-41621 + RESERVED +CVE-2021-41620 + RESERVED +CVE-2021-41619 (An issue was discovered in Gradle Enterprise before 2021.1.2. There is ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41618 + RESERVED +CVE-2021-41616 (Apache DB DdlUtils 1.0 included a BinaryObjectsHelper that was intende ...) + NOT-FOR-US: Apache DB DdlUtils +CVE-2021-3830 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: btcpayserver +CVE-2021-41617 (sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default c ...) + - openssh 1:8.7p1-1 (bug #995130) + [bullseye] - openssh (Minor issue) + [buster] - openssh (Minor issue) + [stretch] - openssh (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/26/1 + NOTE: https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 + NOTE: https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde +CVE-2021-41615 (websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy bec ...) + NOT-FOR-US: GoAhead Web Server +CVE-2021-41614 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...) + NOT-FOR-US: OpenRISC mor1kx +CVE-2021-41613 (An issue was discovered in the controller unit of the OpenRISC mor1kx ...) + NOT-FOR-US: OpenRISC mor1kx +CVE-2021-41612 (An issue was discovered in the ALU unit of the OpenRISC mor1kx process ...) + NOT-FOR-US: OpenRISC mor1kx +CVE-2021-41611 (An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When ...) + - squid 5.2-1 + [bullseye] - squid (Vulnerable code introduced later) + [buster] - squid (Vulnerable code introduced later) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-47m4-g3mv-9q5r + NOTE: Fixed by: http://www.squid-cache.org/Versions/v5/changesets/squid-5-533b4359f16cf9ed15a6d709a57a4b06e4222cfe.patch +CVE-2021-3829 (openwhyd is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: openwhyd +CVE-2021-41610 + REJECTED +CVE-2021-41609 (SQL injection in the ID parameter of the UploadedImageDisplay.aspx end ...) + NOT-FOR-US: SelectSurvey.NET +CVE-2021-41608 (A file disclosure vulnerability in the UploadedImageDisplay.aspx endpo ...) + NOT-FOR-US: SelectSurvey.NET +CVE-2021-41607 + RESERVED +CVE-2021-41606 + RESERVED +CVE-2021-41605 + RESERVED +CVE-2021-41604 + RESERVED +CVE-2021-41603 + RESERVED +CVE-2021-41602 + RESERVED +CVE-2021-41601 + RESERVED +CVE-2021-41600 + RESERVED +CVE-2021-41599 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-41598 (A UI misrepresentation vulnerability was identified in GitHub Enterpri ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2021-41597 (SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41596 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41595 (SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via ...) + NOT-FOR-US: SuiteCRM +CVE-2021-41594 (In RSA Archer 6.9.SP1 P3, if some application functions are precluded ...) + NOT-FOR-US: RSA Archer +CVE-2021-41593 (Lightning Labs lnd before 0.13.3-beta allows loss of funds because of ...) + NOT-FOR-US: Lightning Labs lnd +CVE-2021-41592 (Blockstream c-lightning through 0.10.1 allows loss of funds because of ...) + NOT-FOR-US: Blockstream c-lightning +CVE-2021-41591 (ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC ex ...) + NOT-FOR-US: ACINQ Eclair +CVE-2021-41590 (In Gradle Enterprise through 2021.3, probing of the server-side networ ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41589 (In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node be ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41588 (In Gradle Enterprise before 2021.1.3, a crafted request can trigger de ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41587 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41586 (In Gradle Enterprise before 2021.1.3, an attacker with the ability to ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-3828 (nltk is vulnerable to Inefficient Regular Expression Complexity) + - nltk 3.6.5-1 (bug #995226) + [bullseye] - nltk (Minor issue) + [buster] - nltk (Minor issue) + [stretch] - nltk (Minor issue) + NOTE: https://github.com/nltk/nltk/commit/277711ab1dec729e626b27aab6fa35ea5efbd7e6 + NOTE: https://github.com/nltk/nltk/pull/2816 +CVE-2021-41585 (Improper Input Validation vulnerability in accepting socket connection ...) + - trafficserver (Only affects FreeBSD) + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8456/ + NOTE: https://github.com/apache/trafficserver/commit/268b540edae0b3e51d033795a4dd7404a5756a93 (master) + NOTE: https://github.com/apache/trafficserver/commit/2b078741ecf14cbc7f5773b3e14ef0c1d3cf4cfb (8.1.x) +CVE-2021-41584 (Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a ...) + NOT-FOR-US: Gradle Enterprise +CVE-2021-41583 (vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packa ...) + NOT-FOR-US: vpn-user-portal +CVE-2021-41582 + RESERVED +CVE-2021-41581 (x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints. ...) + - libressl (bug #754513) + NOTE: Affected code not present in any OpenSSL version in Bullseye/Buster/Stretch +CVE-2021-41580 (The passport-oauth2 package before 1.6.1 for Node.js mishandles the er ...) + NOT-FOR-US: Node passport-oauth2 +CVE-2021-41579 (LCDS LAquis SCADA through 4.3.1.1085 is vulnerable to a control bypass ...) + NOT-FOR-US: LCDS LAquis SCADA +CVE-2021-41578 (mySCADA myDESIGNER 8.20.0 and below allows Directory Traversal attacks ...) + NOT-FOR-US: mySCADA myDESIGNER +CVE-2021-41577 + RESERVED +CVE-2021-41576 + REJECTED +CVE-2021-41575 + REJECTED +CVE-2021-41574 + REJECTED +CVE-2021-41573 (Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows info ...) + NOT-FOR-US: Hitachi +CVE-2021-3827 (A flaw was found in keycloak, where the default ECP binding flow allow ...) + NOT-FOR-US: Keycloak +CVE-2021-41572 + RESERVED +CVE-2021-41571 (In Apache Pulsar it is possible to access data from BookKeeper that do ...) + NOT-FOR-US: Apache Pulsar +CVE-2021-41570 (Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup ...) + NOT-FOR-US: Veritas NetBackup +CVE-2021-41569 (SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. Th ...) + NOT-FOR-US: SAS/Intrnet +CVE-2021-3826 (Heap/stack buffer overflow in the dlang_lname function in d-demangle.c ...) + - binutils 2.37.50.20220121-1 (unimportant) + - libiberty 20220713-1 + [bullseye] - libiberty (Minor issue) + [buster] - libiberty (Minor issue) + NOTE: https://gcc.gnu.org/pipermail/gcc-patches/2021-September/579985.html + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5481040197402be6dfee265bd2ff5a4c88e30505 + NOTE: binutils not covered by security support +CVE-2021-41568 (Tad Web is vulnerable to authorization bypass, thus remote attackers c ...) + NOT-FOR-US: Tad Web +CVE-2021-41567 (The new add subject parameter of Tad Uploader view book list function ...) + NOT-FOR-US: Tad Uploader +CVE-2021-41566 (The file extension of the TadTools file upload function fails to filte ...) + NOT-FOR-US: TadTools +CVE-2021-41565 (TadTools special page parameter does not properly restrict the input o ...) + NOT-FOR-US: TadTools +CVE-2021-41564 (Tad Honor viewing book list function is vulnerable to authorization by ...) + NOT-FOR-US: Tad Honor +CVE-2021-41563 (Tad Book3 editing book function does not filter special characters. Un ...) + NOT-FOR-US: Tad Book3 +CVE-2021-41562 (A vulnerability in Snow Snow Agent for Windows allows a non-admin user ...) + NOT-FOR-US: Snow Snow Agent for Windows +CVE-2021-41561 (Improper Input Validation vulnerability in Parquet-MR of Apache Parque ...) + NOT-FOR-US: Apache Parquet +CVE-2021-3825 (On 2.1.15 version and below of Lider module in LiderAhenk software is ...) + NOT-FOR-US: LiderAhenk +CVE-2021-3824 (OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to in ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2021-3823 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) + NOT-FOR-US: Bitdefender +CVE-2021-3822 (jsoneditor is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: jsoneditor +CVE-2021-41560 (OpenCATS through 0.9.6 allows remote attackers to execute arbitrary co ...) + NOT-FOR-US: OpenCATS +CVE-2021-41559 (Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Co ...) + NOT-FOR-US: SilverStripe CMS +CVE-2021-41558 (The set_user extension module before 3.0.0 for PostgreSQL allows Proce ...) + NOT-FOR-US: set_user extension for Postgres +CVE-2021-41557 (Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site ...) + NOT-FOR-US: Sofico +CVE-2021-41556 (sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an ou ...) + - squirrel3 (bug #1016212) + [bullseye] - squirrel3 (Minor issue) + [buster] - squirrel3 (Minor issue) + NOTE: https://github.com/albertodemichelis/squirrel/commit/23a0620658714b996d20da3d4dd1a0dcf9b0bd98 (v3.2) + NOTE: https://blog.sonarsource.com/squirrel-vm-sandbox-escape/ +CVE-2021-41555 (In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs i ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41554 (ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properl ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41553 (In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Appl ...) + NOT-FOR-US: ARCHIBUS Web Central +CVE-2021-41552 (CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injec ...) + NOT-FOR-US: CommScope +CVE-2021-41551 (Leostream Connection Broker 9.0.40.17 allows administrators to conduct ...) + NOT-FOR-US: Leostream Connection Broker +CVE-2021-41550 (Leostream Connection Broker 9.0.40.17 allows administrator to upload a ...) + NOT-FOR-US: Leostream Connection Broker +CVE-2021-41549 + RESERVED +CVE-2021-41548 + RESERVED +CVE-2021-41547 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) + NOT-FOR-US: Siemens +CVE-2021-41546 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-41545 (A vulnerability has been identified in Desigo DXR2 (All versions < V01 ...) + NOT-FOR-US: Siemens +CVE-2021-41544 (A vulnerability has been identified in Siemens Software Center (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-41543 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) + NOT-FOR-US: Siemens +CVE-2021-41542 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) + NOT-FOR-US: Siemens +CVE-2021-41541 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) + NOT-FOR-US: Siemens +CVE-2021-41540 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41539 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41538 (A vulnerability has been identified in NX 1953 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-41537 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41536 (A vulnerability has been identified in Solid Edge SE2021 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-41535 (A vulnerability has been identified in NX 1953 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-41534 (A vulnerability has been identified in NX 1980 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-41533 (A vulnerability has been identified in NX 1980 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-41532 (In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to O ...) + NOT-FOR-US: Apache Ozone +CVE-2021-41531 (NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if ...) + - routinator (bug #929024) + NOTE: https://www.nlnetlabs.nl/downloads/routinator/CVE-2021-41531.txt +CVE-2021-41530 (Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, ...) + NOT-FOR-US: Forcepoint NGFW Engine +CVE-2021-41529 + RESERVED +CVE-2021-41528 + RESERVED +CVE-2021-41527 + RESERVED +CVE-2021-41526 (A vulnerability has been reported in the windows installer (MSI) built ...) + NOT-FOR-US: Flexera +CVE-2021-41525 (An issue related to modification of otherwise restricted files through ...) + NOT-FOR-US: FlexNet +CVE-2021-3821 (A potential security vulnerability has been identified for certain HP ...) + NOT-FOR-US: HP +CVE-2021-3820 (inflect is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: Nodejs inflect + NOTE: https://github.com/pksunkara/inflect +CVE-2021-41524 (While fuzzing the 2.4.49 httpd, a new null pointer dereference was det ...) + - apache2 2.4.50-1 + [bullseye] - apache2 (Vulnerable code not present, only affects 2.4.49) + [buster] - apache2 (Vulnerable code not present, only affects 2.4.49) + [stretch] - apache2 (Vulnerable code not present, only affects 2.4.49) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-41524 + NOTE: Fixed by: https://svn.apache.org/r1893655 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/05/1 +CVE-2021-3819 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-3818 (grav is vulnerable to Reliance on Cookies without Validation and Integ ...) + NOT-FOR-US: Grav CMS +CVE-2021-3817 (wbce_cms is vulnerable to Improper Neutralization of Special Elements ...) + NOT-FOR-US: wbce_cms +CVE-2021-41523 + RESERVED +CVE-2021-41522 + RESERVED +CVE-2021-41521 + RESERVED +CVE-2021-41520 + RESERVED +CVE-2021-41519 + RESERVED +CVE-2021-41518 + RESERVED +CVE-2021-41517 + RESERVED +CVE-2021-41516 + RESERVED +CVE-2021-41515 + RESERVED +CVE-2021-41514 + RESERVED +CVE-2021-41513 + RESERVED +CVE-2021-41512 + RESERVED +CVE-2021-41511 (The username and password field of login in Lodging Reservation Manage ...) + NOT-FOR-US: Lodging Reservation Management System +CVE-2021-41510 + RESERVED +CVE-2021-41509 + RESERVED +CVE-2021-41508 + RESERVED +CVE-2021-41507 + RESERVED +CVE-2021-41506 (Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2 ...) + NOT-FOR-US: Xiaongmai +CVE-2021-41505 + RESERVED +CVE-2021-41504 (An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS- ...) + NOT-FOR-US: D-Link +CVE-2021-41503 (DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect ...) + NOT-FOR-US: D-Link +CVE-2021-41502 (An issue was discovered in Subrion CMS v4.2.1 There is a stored cross- ...) + NOT-FOR-US: Subrion CMS +CVE-2021-41501 + RESERVED +CVE-2021-41500 (Incomplete string comparison vulnerability exits in cvxopt.org cvxop < ...) + - cvxopt 1.2.7+dfsg-1 + [bullseye] - cvxopt (Minor issue) + [buster] - cvxopt (Minor issue) + [stretch] - cvxopt (Minor issue) + NOTE: https://github.com/cvxopt/cvxopt/issues/193 +CVE-2021-41499 (Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1. ...) + - python-pyo 1.0.4-1 + [bullseye] - python-pyo (Minor issue) + [buster] - python-pyo (Minor issue) + [stretch] - python-pyo (Minor issue) + NOTE: https://github.com/belangeo/pyo/issues/222 + NOTE: https://github.com/belangeo/pyo/commit/e7e6d2880469b523e4c41f0da2087a6a3eec4a45 (1.0.4) +CVE-2021-41498 (Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_ ...) + - python-pyo 1.0.4-1 + [bullseye] - python-pyo (Minor issue) + [buster] - python-pyo (Minor issue) + [stretch] - python-pyo (Minor issue) + NOTE: https://github.com/belangeo/pyo/issues/221 + NOTE: https://github.com/belangeo/pyo/commit/017702c73332a8560c8554a36250a6da587a2418 (1.0.4) +CVE-2021-41497 (Null pointer reference in CMS_Conservative_increment_obj in RaRe-Techn ...) + NOT-FOR-US: RaRe-Technologies bounter +CVE-2021-41496 (Buffer overflow in the array_from_pyobj function of fortranobject.c in ...) + - numpy (unimportant) + NOTE: https://github.com/numpy/numpy/issues/19000 + NOTE: https://github.com/numpy/numpy/pull/20630 + NOTE: https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2 +CVE-2021-41495 (Null Pointer Dereference vulnerability exists in numpy.sort in NumPy & ...) + - numpy (unimportant) + NOTE: https://github.com/numpy/numpy/issues/19038 +CVE-2021-41494 + RESERVED +CVE-2021-41493 + RESERVED +CVE-2021-41492 (Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41491 + RESERVED +CVE-2021-41490 (Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavi ...) + - ompl (unimportant) + NOTE: https://github.com/ompl/ompl/issues/833 + NOTE: Negligible security impact +CVE-2021-41489 + RESERVED +CVE-2021-41488 + RESERVED +CVE-2021-41487 (NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserNam ...) + NOT-FOR-US: NOKIA +CVE-2021-41486 + RESERVED +CVE-2021-41485 + RESERVED +CVE-2021-41484 + RESERVED +CVE-2021-41483 + RESERVED +CVE-2021-41482 + RESERVED +CVE-2021-41481 + RESERVED +CVE-2021-41480 + RESERVED +CVE-2021-41479 + RESERVED +CVE-2021-41478 + RESERVED +CVE-2021-41477 + RESERVED +CVE-2021-41476 + RESERVED +CVE-2021-41475 + RESERVED +CVE-2021-41474 + RESERVED +CVE-2021-41473 + RESERVED +CVE-2021-41472 (SQL injection vulnerability in Sourcecodester Simple Membership System ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41471 (SQL injection vulnerability in Sourcecodester South Gate Inn Online Re ...) + NOT-FOR-US: Sourcecodester +CVE-2021-41470 + RESERVED +CVE-2021-41469 + RESERVED +CVE-2021-41468 + RESERVED +CVE-2021-41467 (Cross-site scripting (XSS) vulnerability in application/controllers/dr ...) + NOT-FOR-US: JustWriting +CVE-2021-41466 + RESERVED +CVE-2021-41465 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41464 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41463 (Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/a ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41462 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41461 (Cross-site scripting (XSS) vulnerability in concrete/elements/collecti ...) + NOT-FOR-US: concrete5-legacy +CVE-2021-41460 (ECShop 4.1.0 has SQL injection vulnerability, which can be exploited b ...) + NOT-FOR-US: ECShop +CVE-2021-41459 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1912 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/7d4538e104f2b3ff6a65a41394795654e6972339 (v2.0.0) +CVE-2021-41458 (In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/e ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1910 + NOTE: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) +CVE-2021-41457 (There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nh ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1909 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/ae2828284f2fc0381548aaa991958f1eb9b90619 (v2.0.0) +CVE-2021-41456 (There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_n ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1911 + NOTE: Fixed by: https://github.com/gpac/gpac/commit/74695dea7278e78af3db467e586233fe8773c07e (v2.0.0) +CVE-2021-41455 + RESERVED +CVE-2021-41454 + REJECTED +CVE-2021-41453 + REJECTED +CVE-2021-41452 + REJECTED +CVE-2021-41451 (A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP ...) + NOT-FOR-US: TP-Link +CVE-2021-41450 (An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117 al ...) + NOT-FOR-US: TP-Link +CVE-2021-41449 (A path traversal attack in web interfaces of Netgear RAX35, RAX38, and ...) + NOT-FOR-US: Netgear +CVE-2021-41448 + REJECTED +CVE-2021-41447 + REJECTED +CVE-2021-41446 + REJECTED +CVE-2021-41445 (A reflected cross-site-scripting attack in web application of D-Link D ...) + NOT-FOR-US: D-Link +CVE-2021-41444 + RESERVED +CVE-2021-41443 + RESERVED +CVE-2021-41442 (An HTTP smuggling attack in the web application of D-Link DIR-X1860 be ...) + NOT-FOR-US: D-Link +CVE-2021-41441 (A DoS attack in the web application of D-Link DIR-X1860 before v1.10WW ...) + NOT-FOR-US: D-Link +CVE-2021-41440 + RESERVED +CVE-2021-41439 + REJECTED +CVE-2021-41438 + REJECTED +CVE-2021-41437 (An HTTP response splitting attack in web application in ASUS RT-AX88U ...) + NOT-FOR-US: ASUS +CVE-2021-41436 (An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX ...) + NOT-FOR-US: ASUS +CVE-2021-41435 (A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapt ...) + NOT-FOR-US: ASUS +CVE-2021-41434 (A stored Cross-Site Scripting (XSS) vulnerability exists in version 1. ...) + NOT-FOR-US: Expense Management System application +CVE-2021-41433 (SQL Injection vulnerability exists in version 1.0 of the Resumes Manag ...) + NOT-FOR-US: Resumes Management and Job Application Website application +CVE-2021-41432 (A stored cross-site scripting (XSS) vulnerability exists in FlatPress ...) + NOT-FOR-US: FlatPress +CVE-2021-41431 + RESERVED +CVE-2021-41430 + RESERVED +CVE-2021-41429 + RESERVED +CVE-2021-41428 + REJECTED +CVE-2021-41427 (Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) v ...) + NOT-FOR-US: Beeline Smart Box +CVE-2021-41426 (Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery ( ...) + NOT-FOR-US: Beeline Smart Box +CVE-2021-41425 + RESERVED +CVE-2021-41424 + RESERVED +CVE-2021-41423 + RESERVED +CVE-2021-41422 + RESERVED +CVE-2021-41421 (A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an a ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-41420 (A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authentic ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-41419 (QVIS NVR DVR before 2021-12-13 is vulnerable to Remote Code Execution ...) + NOT-FOR-US: QVIS NVR DVR +CVE-2021-41418 (AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulner ...) + NOT-FOR-US: AriaNg +CVE-2021-41417 + RESERVED +CVE-2021-41416 + RESERVED +CVE-2021-41415 (Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vu ...) + NOT-FOR-US: Subscription-Manager +CVE-2021-41414 + RESERVED +CVE-2021-41413 (ok-file-formats master 2021-9-12 is affected by a buffer overflow in o ...) + NOT-FOR-US: ok-file-formats +CVE-2021-41412 + RESERVED +CVE-2021-41411 (drools <=7.59.x is affected by an XML External Entity (XXE) vulnerabil ...) + NOT-FOR-US: drools +CVE-2021-41410 + RESERVED +CVE-2021-41409 + RESERVED +CVE-2021-41408 (VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection t ...) + NOT-FOR-US: VoIPmonitor WEB GUI +CVE-2021-41407 + RESERVED +CVE-2021-41406 + RESERVED +CVE-2021-41405 + RESERVED +CVE-2021-41404 + RESERVED +CVE-2021-41403 (flatCore-CMS version 2.0.8 calls dangerous functions, causing server-s ...) + NOT-FOR-US: flatCore CMS +CVE-2021-41402 (flatCore-CMS v2.0.8 has a code execution vulnerability, which could le ...) + NOT-FOR-US: flatCore CMS +CVE-2021-41401 + RESERVED +CVE-2021-41400 + RESERVED +CVE-2021-41399 + RESERVED +CVE-2021-41398 + RESERVED +CVE-2021-41397 + RESERVED +CVE-2021-41396 (Live555 through 1.08 does not handle socket connections properly. A hu ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) +CVE-2021-41395 (Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to contro ...) + NOT-FOR-US: Teleport +CVE-2021-41394 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) + NOT-FOR-US: Teleport +CVE-2021-41393 (Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x b ...) + NOT-FOR-US: Teleport +CVE-2021-41392 (static/main-preload.js in Boost Note through 0.22.0 allows remote comm ...) + NOT-FOR-US: BoostNote +CVE-2021-41391 (In Ericsson ECM before 18.0, it was observed that Security Management ...) + NOT-FOR-US: Ericsson ECM +CVE-2021-41390 (In Ericsson ECM before 18.0, it was observed that Security Provider En ...) + NOT-FOR-US: Ericsson ECM +CVE-2021-41389 + RESERVED +CVE-2021-41388 (Netskope client prior to 89.x on macOS is impacted by a local privileg ...) + NOT-FOR-US: Netskope +CVE-2021-41387 (seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation b ...) + - seatd (Vulnerable code introduced later) + NOTE: https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CGJ2IZQ.HCKS1J0LSI803%40kl.wtf%3E +CVE-2021-41386 + RESERVED +CVE-2021-41385 (The third party intelligence connector in Securonix SNYPR 6.3.1 Build ...) + NOT-FOR-US: third party intelligence connector in Securonix SNYPR +CVE-2021-41384 + RESERVED +CVE-2021-41383 (setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute ...) + NOT-FOR-US: Netgear +CVE-2021-41382 (Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server managem ...) + NOT-FOR-US: Plastic SCM +CVE-2021-41381 (Payara Micro Community 5.2021.6 and below allows Directory Traversal.) + NOT-FOR-US: Payara Micro Community +CVE-2021-3816 (Cacti 1.1.38 allows authenticated users with User Management permissio ...) + - cacti 1.2.1+ds1-1 + [stretch] - cacti (user_group_admin.php not present, added in 1.0) + NOTE: https://github.com/Cacti/cacti/issues/1882 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/2b8097c06030ab72c5b3bdadb23dceb5332f0e94 (1.2.0-beta1) +CVE-2021-41380 (RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of ...) + NOT-FOR-US: RealVNC +CVE-2021-41379 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41378 (Windows NTFS Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41377 (Windows Fast FAT File System Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-41376 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41375 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41374 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2021-41373 (FSLogix Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41372 (Power BI Report Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41371 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-41370 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-41369 + RESERVED +CVE-2021-41368 (Microsoft Access Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41367 (NTFS Elevation of Privilege Vulnerability This CVE ID is unique from C ...) + NOT-FOR-US: Microsoft +CVE-2021-41366 (Credential Security Support Provider Protocol (CredSSP) Elevation of P ...) + NOT-FOR-US: Microsoft +CVE-2021-41365 (Microsoft Defender for IoT Remote Code Execution Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-41364 + RESERVED +CVE-2021-41363 (Intune Management Extension Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41362 + RESERVED +CVE-2021-41361 (Active Directory Federation Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41360 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-41359 + RESERVED +CVE-2021-41358 + RESERVED +CVE-2021-41357 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41356 (Windows Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41355 (.NET Core and Visual Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft .NET +CVE-2021-41354 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-41353 (Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41352 (SCOM Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41351 (Microsoft Edge (Chrome based) Spoofing on IE Mode) + NOT-FOR-US: Microsoft +CVE-2021-41350 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41349 (Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-41348 (Microsoft Exchange Server Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41347 (Windows AppX Deployment Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41346 (Console Window Host Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41345 (Storage Spaces Controller Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41344 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41343 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-41342 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41341 + RESERVED +CVE-2021-41340 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41339 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41338 (Windows AppContainer Firewall Rules Security Feature Bypass Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-41337 (Active Directory Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41336 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41335 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41334 (Windows Desktop Bridge Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41333 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41332 (Windows Print Spooler Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41331 (Windows Media Audio Decoder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41330 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-41329 (Datalust Seq before 2021.2.6259 allows users (with view filters applie ...) + NOT-FOR-US: Datalust Seq +CVE-2021-41328 + RESERVED +CVE-2021-41327 + RESERVED +CVE-2021-41326 (In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles p ...) + NOT-FOR-US: MISP +CVE-2021-41325 (Broken access control for user creation in Pydio Cells 2.2.9 allows re ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41324 (Directory traversal in the Copy, Move, and Delete features in Pydio Ce ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41323 (Directory traversal in the Compress feature in Pydio Cells 2.2.9 allow ...) + NOT-FOR-US: Pydio Cells +CVE-2021-41322 (Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin ...) + NOT-FOR-US: Poly VVX 400/410 +CVE-2021-41321 + RESERVED +CVE-2021-41320 (A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4 ...) + NOT-FOR-US: Wallstreet Suite TRM +CVE-2021-41319 + RESERVED +CVE-2021-41318 (In Progress WhatsUp Gold prior to version 21.1.0, an application endpo ...) + NOT-FOR-US: Progress WhatsUp Gold +CVE-2021-41317 (XSS Hunter Express before 2021-09-17 does not properly enforce authent ...) + NOT-FOR-US: XSS Hunter Express +CVE-2021-41316 (The Device42 Main Appliance before 17.05.01 does not sanitize user inp ...) + NOT-FOR-US: Device42 Main Appliance +CVE-2021-41315 (The Device42 Remote Collector before 17.05.01 does not sanitize user i ...) + NOT-FOR-US: Device42 Remote Collector +CVE-2021-3815 (utils.js is vulnerable to Improperly Controlled Modification of Object ...) + NOT-FOR-US: fabiocaccamo/utils.js +CVE-2021-3814 (It was found that 3scale's APIdocs does not validate the access token, ...) + NOT-FOR-US: Red Hat 3scale API Management +CVE-2021-3813 (Improper Privilege Management in GitHub repository chatwoot/chatwoot p ...) + NOT-FOR-US: chatwoot +CVE-2021-41314 (Certain NETGEAR smart switches are affected by a \n injection in the w ...) + NOT-FOR-US: NETGEAR +CVE-2021-41313 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-41312 (Affected versions of Atlassian Jira Server and Data Center allow a rem ...) + NOT-FOR-US: Atlassian +CVE-2021-41311 (Affected versions of Atlassian Jira Server and Data Center allow attac ...) + NOT-FOR-US: Atlassian +CVE-2021-41310 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41309 (Affected versions of Atlassian Jira Server and Data Center allow a use ...) + NOT-FOR-US: Atlassian +CVE-2021-41308 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-41307 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-41306 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41305 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-41304 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-3812 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: adminlte +CVE-2021-3811 (adminlte is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: adminlte +CVE-2021-3810 (code-server is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: code-server +CVE-2021-3809 (Potential security vulnerabilities have been identified in the BIOS (U ...) + NOT-FOR-US: HP +CVE-2021-3808 (Potential security vulnerabilities have been identified in the BIOS (U ...) + NOT-FOR-US: HP +CVE-2021-3807 (ansi-regex is vulnerable to Inefficient Regular Expression Complexity) + - node-ansi-regex 5.0.1-1 (bug #994568) + [bullseye] - node-ansi-regex 5.0.1-1~deb11u1 + [buster] - node-ansi-regex 3.0.0-1+deb10u1 + [stretch] - node-ansi-regex (Vulnerable code introduced later) + NOTE: https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 + NOTE: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9 (v6.0.1) +CVE-2021-3806 (A path traversal vulnerability on Pardus Software Center's "extractArc ...) + NOT-FOR-US: Pardus Software Center +CVE-2021-3805 (object-path is vulnerable to Improperly Controlled Modification of Obj ...) + {DLA-3291-1} + - node-object-path 0.11.8-1 + [bullseye] - node-object-path 0.11.5-3+deb11u1 + [stretch] - node-object-path (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/571e3baf-7c46-46e3-9003-ba7e4e623053 + NOTE: https://github.com/mariocasciaro/object-path/commit/4f0903fd7c832d12ccbe0d9c3d7e25d985e9e884 (v0.11.8) +CVE-2021-41303 (Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a ...) + - shiro (bug #1014819) + [bookworm] - shiro (Minor issue) + [bullseye] - shiro (Minor issue) + [buster] - shiro (Minor issue) + [stretch] - shiro (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/17/1 +CVE-2021-41302 (ECOA BAS controller stores sensitive data (backup exports) in clear-te ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41301 (ECOA BAS controller is vulnerable to configuration disclosure when dir ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41300 (ECOA BAS controller\u2019s special page displays user account and pass ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41299 (ECOA BAS controller is vulnerable to hard-coded credentials within its ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41298 (ECOA BAS controller is vulnerable to insecure direct object references ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41297 (ECOA BAS controller is vulnerable to weak access control mechanism all ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41296 (ECOA BAS controller uses weak set of default administrative credential ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41295 (ECOA BAS controller has a Cross-Site Request Forgery vulnerability, th ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41294 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41293 (ECOA BAS controller suffers from a path traversal vulnerability, causi ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41292 (ECOA BAS controller suffers from an authentication bypass vulnerabilit ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41291 (ECOA BAS controller suffers from a path traversal content disclosure v ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41290 (ECOA BAS controller suffers from an arbitrary file write and path trav ...) + NOT-FOR-US: ECOA BAS controller +CVE-2021-41289 (ASUS P453UJ contains the Improper Restriction of Operations within the ...) + NOT-FOR-US: ASUS +CVE-2021-41288 (Zoho ManageEngine OpManager version 125466 and below is vulnerable to ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41287 + RESERVED +CVE-2021-41286 (Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authent ...) + NOT-FOR-US: Omikron MultiCash Desktop +CVE-2021-3804 (taro is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: NervJS Taro +CVE-2016-20012 (OpenSSH through 8.7 allows remote attackers, who have a suspicion that ...) + - openssh (unimportant) + NOTE: https://github.com/openssh/openssh-portable/pull/270 + NOTE: Negligible impact, not treated as a security issue by upstream +CVE-2021-41285 (Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escal ...) + NOT-FOR-US: Ballistix MOD Utility +CVE-2021-41284 + RESERVED +CVE-2021-41283 + RESERVED +CVE-2021-41282 (diag_routes.php in pfSense 2.5.2 allows sed data injection. Authentica ...) + NOT-FOR-US: pfSense +CVE-2021-41281 (Synapse is a package for Matrix homeservers written in Python 3/Twiste ...) + - matrix-synapse 1.47.1-1 (bug #1000451) + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3hfw-x7gx-437c + NOTE: https://github.com/matrix-org/synapse/commit/91f2bd0907f1d05af67166846988e49644eb650c +CVE-2021-41280 (Sharetribe Go is a source available marketplace software. In affected ...) + NOT-FOR-US: Sharetribe Go +CVE-2021-41279 (BaserCMS is an open source content management system with a focus on J ...) + NOT-FOR-US: BaserCMS +CVE-2021-41278 (Functions SDK for EdgeX is meant to provide all the plumbing necessary ...) + NOT-FOR-US: EdgeX +CVE-2021-41277 (Metabase is an open source data analytics platform. In affected versio ...) + NOT-FOR-US: Metabase +CVE-2021-41276 (Tuleap is a Libre and Open Source tool for end to end traceability of ...) + NOT-FOR-US: Tuleap +CVE-2021-41275 (spree_auth_devise is an open source library which provides authenticat ...) + NOT-FOR-US: spree_auth_devise +CVE-2021-41274 (solidus_auth_devise provides authentication services for the Solidus w ...) + NOT-FOR-US: solidus_auth_devise +CVE-2021-41273 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41272 (Besu is an Ethereum client written in Java. Starting in version 21.10. ...) + NOT-FOR-US: Hyperledger Besu +CVE-2021-41271 (Discourse is a platform for community discussion. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...) + - symfony 4.4.19+dfsg-3 + [bullseye] - symfony 4.4.19+dfsg-2+deb11u1 + [buster] - symfony (Vulnerable code and support for csv_escape_formulas introduced in 4.1) + [stretch] - symfony (Vulnerable code and support for csv_escape_formulas introduced in 4.1) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x + NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35) + NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas +CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...) + NOT-FOR-US: cron-utils Java library +CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...) + - symfony (Vulnerable code never in released version in unstable) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr + NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12) +CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...) + - symfony (Vulnerable code never in released version in unstable) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q + NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12) +CVE-2021-41266 (Minio console is a graphical user interface for the for MinIO operator ...) + NOT-FOR-US: Minio console +CVE-2021-41265 (Flask-AppBuilder is a development framework built on top of Flask. Ver ...) + - flask-appbuilder (Fixed before initial upload to archive) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-m3rf-7m4w-r66q + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/eba517aab121afa3f3f2edb011ec6bc4efd61fbc (3.3.4) +CVE-2021-41264 (OpenZeppelin Contracts is a library for smart contract development. In ...) + NOT-FOR-US: OpenZeppelin Contracts +CVE-2021-41263 (rails_multisite provides multi-db support for Rails applications. In a ...) + NOT-FOR-US: rails_multisite +CVE-2021-41262 (Galette is a membership management web application built for non profi ...) + - galette +CVE-2021-41261 (Galette is a membership management web application built for non profi ...) + - galette +CVE-2021-41260 (Galette is a membership management web application built for non profi ...) + - galette +CVE-2021-41259 + REJECTED +CVE-2021-41258 (Kirby is an open source file structured CMS. In affected versions Kirb ...) + NOT-FOR-US: Kirby +CVE-2021-41257 + RESERVED +CVE-2021-41256 (nextcloud news-android is an Android client for the Nextcloud news/fee ...) + NOT-FOR-US: nextcloud news-android App +CVE-2021-41255 + RESERVED +CVE-2021-41254 (kustomize-controller is a Kubernetes operator, specialized in running ...) + NOT-FOR-US: kustomize-controller +CVE-2021-41253 (Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v ...) + - zydis 3.2.1-1 (bug #999431) + NOTE: https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g + NOTE: Fixed by: https://github.com/zyantific/zydis/commit/55dd08c210722aed81b38132f5fd4a04ec1943b5 (master) + NOTE: Fixed by: https://github.com/zyantific/zydis/commit/330b259583ade789886ce11af2ebcd030097dcbf (v3.2.1) +CVE-2021-41252 (Kirby is an open source file structured CMS ### Impact Kirby's writer ...) + NOT-FOR-US: Kirby +CVE-2021-41251 (@sap-cloud-sdk/core contains the core functionality of the SAP Cloud S ...) + NOT-FOR-US: SAP +CVE-2021-41250 (Python discord bot is the community bot for the Python Discord communi ...) + NOT-FOR-US: Python discord bot +CVE-2021-41249 (GraphQL Playground is a GraphQL IDE for development of graphQL focused ...) + NOT-FOR-US: GraphQL Playground +CVE-2021-41248 (GraphiQL is the reference implementation of this monorepo, GraphQL IDE ...) + NOT-FOR-US: GraphiQL +CVE-2021-41247 (JupyterHub is an open source multi-user server for Jupyter notebooks. ...) + - jupyterhub 2.0.0+ds1-1 + NOTE: https://github.com/jupyterhub/jupyterhub/security/advisories/GHSA-cw7p-q79f-m2v7 + NOTE: https://github.com/jupyterhub/jupyterhub/commit/5ac9e7f73a6e1020ffddc40321fc53336829fe27 +CVE-2021-41246 (Express OpenID Connect is express JS middleware implementing sign on f ...) + NOT-FOR-US: Express OpenID Connect +CVE-2021-41245 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-41244 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2021-41243 (There is a Potential Zip Slip Vulnerability and OS Command Injection V ...) + NOT-FOR-US: baserCMS +CVE-2021-41242 (OpenOlat is a web-basedlearning management system. A path traversal vu ...) + NOT-FOR-US: OpenOlat +CVE-2021-41241 (Nextcloud server is a self hosted system designed to provide cloud sty ...) + - nextcloud-server (bug #941708) +CVE-2021-41240 + RESERVED +CVE-2021-41239 (Nextcloud server is a self hosted system designed to provide cloud sty ...) + - nextcloud-server (bug #941708) +CVE-2021-41238 (Hangfire is an open source system to perform background job processing ...) + NOT-FOR-US: Hangfire +CVE-2021-41237 + RESERVED +CVE-2021-41236 (OroPlatform is a PHP Business Application Platform. In affected versio ...) + NOT-FOR-US: OroPlatform +CVE-2021-41235 + RESERVED +CVE-2021-41234 + RESERVED +CVE-2021-41233 (Nextcloud text is a collaborative document editing using Markdown buil ...) + NOT-FOR-US: Nextcloud text app +CVE-2021-41232 (Thunderdome is an open source agile planning poker tool in the theme o ...) + NOT-FOR-US: Thunderdome +CVE-2021-41231 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + NOT-FOR-US: OpenMage +CVE-2021-41230 (Pomerium is an open source identity-aware access proxy. In affected ve ...) + NOT-FOR-US: Pomerium +CVE-2021-41229 (BlueZ is a Bluetooth protocol stack for Linux. In affected versions a ...) + {DLA-3157-1 DLA-2827-1} + - bluez 5.62-2 (bug #1000262) + [bullseye] - bluez (Minor issue) + NOTE: https://github.com/bluez/bluez/security/advisories/GHSA-3fqg-r8j5-f5xq + NOTE: Introduced by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d939483328489fb835bb425d36f7c7c73d52c388 (4.0) + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=e79417ed7185b150a056d4eb3a1ab528b91d2fc0 +CVE-2021-41228 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41227 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41226 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41225 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41224 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41223 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41222 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41221 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41220 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41219 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41218 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41217 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41216 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41215 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41214 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41213 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41212 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41211 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41210 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41209 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41208 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41207 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41206 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41205 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41204 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41203 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41202 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41201 (TensorFlow is an open source platform for machine learning. In affeced ...) + - tensorflow (bug #804612) +CVE-2021-41200 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41199 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41198 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41197 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41196 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41195 (TensorFlow is an open source platform for machine learning. In affecte ...) + - tensorflow (bug #804612) +CVE-2021-41194 (FirstUseAuthenticator is a JupyterHub authenticator that helps new use ...) + NOT-FOR-US: FirstUseAuthenticator for JupyterHub +CVE-2021-41193 (wire-avs is the audio visual signaling (AVS) component of Wire, an ope ...) + NOT-FOR-US: wire-avs +CVE-2021-41192 (Redash is a package for data visualization and sharing. If an admin se ...) + NOT-FOR-US: Redash +CVE-2021-41191 (Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. ...) + NOT-FOR-US: Roblox-Purchasing-Hub +CVE-2021-41190 (The OCI Distribution Spec project defines an API protocol to facilitat ...) + NOT-FOR-US: OCI Distribution Specification + NOTE: Issue in the OCI Distribution Specification. Software mitigations are applied to + NOTE: containerd/1.5.8~ds1-1 and golang-github-opencontainers-image-spec/1.0.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/19/10 + NOTE: https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m + NOTE: https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh +CVE-2021-41189 (DSpace is an open source turnkey repository application. In version 7. ...) + NOT-FOR-US: DSpace +CVE-2021-41188 (Shopware is open source e-commerce software. Versions prior to 5.7.6 c ...) + NOT-FOR-US: Shopware +CVE-2021-41187 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS +CVE-2021-41186 (Fluentd collects events from various data sources and writes them to f ...) + - fluentd (bug #926692) +CVE-2021-41185 (Mycodo is an environmental monitoring and regulation system. An exploi ...) + NOT-FOR-US: Mycodo +CVE-2021-41184 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + {DLA-3551-1 DLA-3230-1} + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui (Minor issue) + - otrs2 6.3.1-1 + [bullseye] - otrs2 (Non-free not supported) + [stretch] - otrs2 (Non-free not supported) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-gpqq-952q-5327 + NOTE: https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280 + NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 +CVE-2021-41183 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + {DLA-3551-1 DLA-3230-1 DLA-2889-1} + - drupal7 + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui (Minor issue) + - otrs2 6.3.1-1 + [bullseye] - otrs2 (Non-free not supported) + [stretch] - otrs2 (Non-free not supported) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-j7qv-pgf6-hvh4 + NOTE: https://bugs.jqueryui.com/ticket/15284 + NOTE: https://github.com/jquery/jquery-ui/pull/1953 + NOTE: https://www.drupal.org/sa-core-2022-001 + NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 +CVE-2021-41182 (jQuery-UI is the official jQuery user interface library. Prior to vers ...) + {DLA-3551-1 DLA-3230-1 DLA-2889-1} + - drupal7 + - jqueryui 1.13.0+dfsg-1 + [bullseye] - jqueryui 1.12.1+dfsg-8+deb11u1 + [stretch] - jqueryui (Minor issue) + - otrs2 6.3.1-1 + [bullseye] - otrs2 (Non-free not supported) + [stretch] - otrs2 (Non-free not supported) + NOTE: https://github.com/jquery/jquery-ui/security/advisories/GHSA-9gj3-hwp5-pmwc + NOTE: https://github.com/jquery/jquery-ui/commit/32850869d308d5e7c9bf3e3b4d483ea886d373ce + NOTE: https://www.drupal.org/sa-core-2022-002 + NOTE: https://www.znuny.org/en/advisories/zsa-2022-01 +CVE-2021-41181 (Nextcloud talk is a self hosting messaging service. In versions prior ...) + NOT-FOR-US: Nextcloud talk android app +CVE-2021-41180 (Nextcloud talk is a self hosting messaging service. In versions prior ...) + NOT-FOR-US: Nextcloud talk app +CVE-2021-41179 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server (bug #941708) +CVE-2021-41178 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server (bug #941708) +CVE-2021-41177 (Nextcloud is an open-source, self-hosted productivity platform. Prior ...) + - nextcloud-server (bug #941708) +CVE-2021-41176 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41175 (Pi-hole's Web interface (based on AdminLTE) provides a central locatio ...) + NOT-FOR-US: Pi-hole +CVE-2021-41174 (Grafana is an open-source platform for monitoring and observability. I ...) + - grafana +CVE-2021-41173 (Go Ethereum is the official Golang implementation of the Ethereum prot ...) + - golang-github-go-ethereum (bug #890541) +CVE-2021-41172 (AS_Redis is an AntSword plugin for Redis. The Redis Manage plugin for ...) + NOT-FOR-US: AntSword plugin for Redis +CVE-2021-41171 (eLabFTW is an open source electronic lab notebook manager for research ...) + NOT-FOR-US: eLabFTW +CVE-2021-41170 (neoan3-apps/template is a neoan3 minimal template engine. Versions pri ...) + NOT-FOR-US: neoan3-apps/template +CVE-2021-41169 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-41168 (Snudown is a reddit-specific fork of the Sundown Markdown parser used ...) + NOT-FOR-US: Snudown +CVE-2021-41167 (modern-async is an open source JavaScript tooling library for asynchro ...) + NOT-FOR-US: modern-async +CVE-2021-41166 (The Nextcloud Android app is the Android client for Nextcloud, a self- ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-41165 (CKEditor4 is an open source WYSIWYG HTML editor. In affected version a ...) + - ckeditor 4.19.0+dfsg-1 (bug #999909) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + [stretch] - ckeditor (Minor issue) + - ckeditor3 (bug #1015217) + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + [stretch] - ckeditor3 (EOL'd for stretch) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7h26-63m7-qhf2 (v4.17.0) +CVE-2021-41164 (CKEditor4 is an open source WYSIWYG HTML editor. In affected versions ...) + - ckeditor 4.19.0+dfsg-1 (bug #999909) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + [stretch] - ckeditor (Minor issue) + - ckeditor3 (Advanced Content Filter introduced in v4.1) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-pvmx-g8h5-cprj (v4.17.0) +CVE-2021-41163 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-41162 (Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta ...) + NOT-FOR-US: Combodo iTop +CVE-2021-41161 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-41160 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + {DLA-3654-1} + - freerdp2 2.4.1+dfsg1-1 (bug #1001062) + [bullseye] - freerdp2 (Minor issue) + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg + NOTE: https://github.com/FreeRDP/FreeRDP/pull/7349 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/217e0caa181fc1690cf84dd6a3ba1a4f90c02692 +CVE-2021-41159 (FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), ...) + - freerdp2 2.4.1+dfsg1-1 (bug #1001061) + [bullseye] - freerdp2 (Minor issue) + [buster] - freerdp2 (Patch is too instrusive to backport) + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d39a7ba5c38e3ba3b99b1558dc2ab0970cbfb0c5 (Stable 2.0 backports) + NOTE: The RFC gateway parsing code has been completly refactored, backporting to 2.3.x is not feasible. + NOTE: https://github.com/FreeRDP/FreeRDP/commit/f0b44da67c09488178000725ff9f2729ccfdf9fe +CVE-2021-41158 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 +CVE-2021-41157 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj +CVE-2021-41156 (anuko/timetracker is an, open source time tracking system. In affected ...) + NOT-FOR-US: anuko/timetracker +CVE-2021-41155 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2021-41154 (Tuleap is a Free & Open Source Suite to improve management of software ...) + NOT-FOR-US: Tuleap +CVE-2021-41153 (The evm crate is a pure Rust implementation of Ethereum Virtual Machin ...) + NOT-FOR-US: Rust evm crate +CVE-2021-41152 (OpenOlat is a web-based e-learning platform for teaching, learning, as ...) + NOT-FOR-US: OpenOlat +CVE-2021-41151 (Backstage is an open platform for building developer portals. In affec ...) + NOT-FOR-US: Backstage +CVE-2021-41150 (Tough provides a set of Rust libraries and tools for using and generat ...) + NOT-FOR-US: Tough +CVE-2021-41149 (Tough provides a set of Rust libraries and tools for using and generat ...) + NOT-FOR-US: Tough +CVE-2021-41148 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41147 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41146 (qutebrowser is an open source keyboard-focused browser with a minimal ...) + - qutebrowser (Only affects Windows) + NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm + NOTE: https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430 + NOTE: Additional hardening for potential similar issues on Linux were added, but + NOTE: are not fixing a security vulnerability. +CVE-2021-41145 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m +CVE-2021-41144 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + NOT-FOR-US: OpenMage +CVE-2021-41143 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + NOT-FOR-US: OpenMage +CVE-2021-41142 (Tuleap Open ALM is a libre and open source tool for end to end traceab ...) + NOT-FOR-US: Tuleap +CVE-2021-41141 (PJSIP is a free and open source multimedia communication library writt ...) + {DLA-2962-1} + - pjproject + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc + NOTE: https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196 +CVE-2021-41140 (Discourse-reactions is a plugin for the Discourse platform that allows ...) + NOT-FOR-US: Discourse plugin +CVE-2021-41139 (Anuko Time Tracker is an open source, web-based time tracking applicat ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2021-41138 (Frontier is Substrate's Ethereum compatibility layer. In the newly int ...) + NOT-FOR-US: Frontier +CVE-2021-41137 (Minio is a Kubernetes native application for cloud storage. All users ...) + - minio (bug #859207) +CVE-2021-41136 (Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...) + {DSA-5146-1 DLA-3083-1} + - puma 5.5.2-1 + [stretch] - puma (Minor issue) + NOTE: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx + NOTE: https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f +CVE-2021-41135 (The Cosmos-SDK is a framework for building blockchain applications in ...) + NOT-FOR-US: Cosmos-SDK +CVE-2021-41134 (nbdime provides tools for diffing and merging of Jupyter Notebooks. In ...) + - nbdime (bug #975509) +CVE-2021-41132 (OMERO.web provides a web based client and plugin infrastructure. In ve ...) + NOT-FOR-US: OMERO.web +CVE-2021-41131 (python-tuf is a Python reference implementation of The Update Framewor ...) + - python-tuf (bug #934151) +CVE-2021-41130 (Extensible Service Proxy, a.k.a. ESP is a proxy which enables API mana ...) + NOT-FOR-US: Extensible Service Proxy +CVE-2021-41129 (Pterodactyl is an open-source game server management panel built with ...) + NOT-FOR-US: Pterodactyl +CVE-2021-41128 (Hygeia is an application for collecting and processing personal and ca ...) + NOT-FOR-US: Hygeia +CVE-2021-41127 (Rasa is an open source machine learning framework to automate text-and ...) + NOT-FOR-US: Rasa +CVE-2021-41126 (October is a Content Management System (CMS) and web platform built on ...) + NOT-FOR-US: October CMS +CVE-2021-41125 (Scrapy is a high-level web crawling and scraping framework for Python. ...) + {DLA-2950-1} + - python-scrapy 2.5.1-1 + [bullseye] - python-scrapy 2.4.1-2+deb11u1 + [buster] - python-scrapy 1.5.1-1+deb10u1 + NOTE: https://github.com/scrapy/scrapy/security/advisories/GHSA-jwqp-28gf-p498 + NOTE: Fixed by: https://github.com/scrapy/scrapy/commit/b01d69a1bf48060daec8f751368622352d8b85a6 (1.8) +CVE-2021-41124 (Scrapy-splash is a library which provides Scrapy and JavaScript integr ...) + NOT-FOR-US: Scrapy-splash +CVE-2021-41123 (Survey Solutions is a survey management and data collection system. In ...) + NOT-FOR-US: Survey Solutions +CVE-2021-41122 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) + NOT-FOR-US: Vyper +CVE-2021-41121 (Vyper is a Pythonic Smart Contract Language for the EVM. In affected v ...) + NOT-FOR-US: Vyper +CVE-2021-41120 (sylius/paypal-plugin is a paypal plugin for the Sylius development pla ...) + NOT-FOR-US: sylius/paypal-plugin +CVE-2021-41119 (Wire-server is the system server for the wire back-end services. Relea ...) + NOT-FOR-US: wire-server +CVE-2021-41118 (The DynamicPageList3 extension is a reporting tool for MediaWiki, list ...) + NOT-FOR-US: DynamicPageList3 MediaWiki Extension +CVE-2021-41117 (keypair is a a RSA PEM key generator written in javascript. keypair im ...) + NOT-FOR-US: keypair +CVE-2021-41116 (Composer is an open source dependency manager for the PHP language. In ...) + - composer (Only affects Windows) + NOTE: https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf + NOTE: https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa +CVE-2021-41115 (Zulip is an open source team chat server. In affected versions Zulip a ...) + - zulip-server (bug #800052) +CVE-2021-41114 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2021-41113 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo3 +CVE-2021-41112 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-41111 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-41110 (cwlviewer is a web application to view and share Common Workflow Langu ...) + NOT-FOR-US: cwlviewer +CVE-2021-41109 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-41108 + RESERVED +CVE-2021-41107 + RESERVED +CVE-2021-41106 (JWT is a library to work with JSON Web Token and JSON Web Signature. P ...) + NOT-FOR-US: PHP lcobucci/jwt +CVE-2021-41105 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 +CVE-2021-41104 (ESPHome is a system to control the ESP8266/ESP32. Anyone with web_serv ...) + NOT-FOR-US: ESPHome +CVE-2021-41103 (containerd is an open source container runtime with an emphasis on sim ...) + {DSA-5002-1} + - containerd 1.5.7~ds1-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq + NOTE: https://github.com/containerd/containerd/commit/403846c9540f5bfdaf1fe5349cce5fd3bc60f507 (v1.4.11) + NOTE: https://github.com/containerd/containerd/commit/38532c6ed7bb9dd683ba9eaca62dd7cce0330cbb (v1.4.11) + NOTE: https://github.com/containerd/containerd/commit/0b1bde38546a9283a52cf4970e01fd0f09b0ac4a (v1.4.11) +CVE-2021-41102 + RESERVED +CVE-2021-41101 (wire-server is an open-source back end for Wire, a secure collaboratio ...) + NOT-FOR-US: wire-server +CVE-2021-41100 (Wire-server is the backing server for the open source wire secure mess ...) + NOT-FOR-US: wire-server +CVE-2021-41099 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-j3cr-9h5g-6cph +CVE-2021-41098 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...) + - ruby-nokogiri (jruby implementation not shiped) + NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h + NOTE: https://github.com/sparklemotion/nokogiri/commit/5bf729ff3cc84709ee3c3248c981584088bf9f6d +CVE-2021-41097 (aurelia-path is part of the Aurelia platform and contains utilities fo ...) + NOT-FOR-US: Aurelia +CVE-2021-41096 (Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 a ...) + NOT-FOR-US: Rucky for Android +CVE-2021-41095 (Discourse is an open source discussion platform. There is a cross-site ...) + NOT-FOR-US: Discourse +CVE-2021-41094 (Wire is an open source secure messenger. Users of Wire by Bund may byp ...) + NOT-FOR-US: Wire by Bund +CVE-2021-41093 (Wire is an open source secure messenger. In affected versions if the a ...) + NOT-FOR-US: Wire iOS +CVE-2021-41092 (Docker CLI is the command line interface for the docker container runt ...) + - docker.io 20.10.10+dfsg1-1 (bug #998292) + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io (Minor issue) + NOTE: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v + NOTE: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b +CVE-2021-41091 (Moby is an open-source project created by Docker to enable software co ...) + - docker.io 20.10.10+dfsg1-1 + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 + NOTE: https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64 +CVE-2021-41090 (Grafana Agent is a telemetry collector for sending metrics, logs, and ...) + NOT-FOR-US: Grafana Agent +CVE-2021-41089 (Moby is an open-source project created by Docker to enable software co ...) + - docker.io 20.10.10+dfsg1-1 + [bullseye] - docker.io 20.10.5+dfsg1-1+deb11u1 + [buster] - docker.io (Minor issue) + NOTE: https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4 +CVE-2021-41088 (Elvish is a programming language and interactive shell, combined into ...) + - elvish 0.14.0-1 + [buster] - elvish (Minor issue) + NOTE: https://github.com/elves/elvish/security/advisories/GHSA-fpv6-f8jw-rc3r + NOTE: https://github.com/elves/elvish/commit/ccc2750037bbbfafe9c1b7a78eadd3bd16e81fe5 +CVE-2021-41087 (in-toto-golang is a go implementation of the in-toto framework to prot ...) + NOT-FOR-US: in-toto Go implementation (different from src:in-toto) +CVE-2021-41086 (jsuites is an open source collection of common required javascript web ...) + NOT-FOR-US: jsuites +CVE-2021-41085 + RESERVED +CVE-2021-41084 (http4s is an open source scala interface for HTTP. In affected version ...) + NOT-FOR-US: Http4s +CVE-2021-41083 (Dada Mail is a web-based e-mail list management system. In affected ve ...) + NOT-FOR-US: Dada Mail +CVE-2021-41082 (Discourse is a platform for community discussion. In affected versions ...) + NOT-FOR-US: Discourse +CVE-2021-41081 (Zoho ManageEngine Network Configuration Manager before 125465 is vulne ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41080 (Zoho ManageEngine Network Configuration Manager before 125465 is vulne ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41079 (Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10. ...) + {DSA-4986-1 DLA-2764-1} + - tomcat9 9.0.53-1 + - tomcat8 + NOTE: https://lists.apache.org/thread.html/rccdef0349fdf4fb73a4e4403095446d7fe6264e0a58e2df5c6799434%40%3Cannounce.tomcat.apache.org%3E + NOTE: https://github.com/apache/tomcat/commit/d4b340fa8feaf55831f9a59350578f7b6ca048b8 (9.0.44) + NOTE: https://github.com/apache/tomcat/commit/b90d4fc1ff44f30e4b3aba622ba6677e3f003822 (8.5.64) +CVE-2021-3803 (nth-check is vulnerable to Inefficient Regular Expression Complexity) + {DLA-3428-1} + - node-nth-check 2.0.1-1 + [bullseye] - node-nth-check 2.0.0-1+deb11u1 + [stretch] - node-nth-check (Nodejs in stretch not covered by security support) + NOTE: https://github.com/fb55/nth-check/commit/9894c1d2010870c351f66c6f6efcf656e26bb726 (v2.0.1) + NOTE: https://huntr.dev/bounties/8cf8cc06-d2cf-4b4e-b42c-99fafb0b04d0/ + NOTE: https://github.com/advisories/GHSA-rp65-9cf3-cjxr +CVE-2021-3802 (A vulnerability found in udisks2. This flaw allows an attacker to inpu ...) + {DLA-3387-1 DLA-2809-1} + - udisks2 2.9.4-1 + [bullseye] - udisks2 2.9.2-2+deb11u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2003649 + NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-045.txt + NOTE: https://github.com/storaged-project/udisks/commit/38d90a433bda0fc0f2a409f6baa12c3958893571 (udisks-2.9.4) +CVE-2021-41078 (Nameko through 2.13.0 can be tricked into performing arbitrary code ex ...) + NOT-FOR-US: Nameko +CVE-2021-3801 (prism is vulnerable to Inefficient Regular Expression Complexity) + - node-prismjs 1.25.0+dfsg-1 + [bullseye] - node-prismjs 1.23.0+dfsg-1+deb11u1 + NOTE: https://github.com/prismjs/prism/commit/0ff371bb4775a131634f47d0fe85794c547232f9 +CVE-2021-41077 (The activation process in Travis CI, for certain 2021-09-03 through 20 ...) + NOT-FOR-US: Travis CI +CVE-2021-41076 + REJECTED +CVE-2021-41075 (The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vu ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-41074 + RESERVED +CVE-2021-41073 (loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 ...) + {DSA-4978-1} + - linux 5.14.6-2 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/18/2 + NOTE: https://www.graplsecurity.com/post/iou-ring-exploiting-the-linux-kernel + NOTE: https://starlabs.sg/blog/2022/06/io_uring-new-code-new-bugs-and-a-new-exploit-technique/ +CVE-2021-41072 (squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Director ...) + {DSA-4987-1 DLA-2789-1} + - squashfs-tools 1:4.5-3 (bug #994262) + NOTE: Prerequisites: + NOTE: https://github.com/plougher/squashfs-tools/commit/80b8441a37fcf8bf07dacf24d9d6c6459a0f6e36 + NOTE: https://github.com/plougher/squashfs-tools/commit/1993a4e7aeda04962bf26e84c15fba8b58837e10 + NOTE: https://github.com/plougher/squashfs-tools/commit/9938154174756ee48a94ea0b076397a2944b028d + NOTE: Fixed by: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd + NOTE: Followup fix: https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c + NOTE: https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 +CVE-2021-41071 + REJECTED +CVE-2021-41070 + REJECTED +CVE-2021-41069 + RESERVED +CVE-2021-41068 + RESERVED +CVE-2021-41067 (An issue was discovered in Listary through 6. Improper implementation ...) + NOT-FOR-US: Listary +CVE-2021-41066 (An issue was discovered in Listary through 6. When Listary is configur ...) + NOT-FOR-US: Listary +CVE-2021-41065 (An issue was discovered in Listary through 6. An attacker can create a ...) + NOT-FOR-US: Listary +CVE-2021-41064 + REJECTED +CVE-2021-41063 (SQL injection vulnerability was discovered in Aanderaa GeoView Webserv ...) + NOT-FOR-US: Aanderaa GeoView Webservice +CVE-2021-41062 + RESERVED +CVE-2021-41061 (In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee8201 ...) + NOT-FOR-US: RIOT-OS +CVE-2021-41060 + RESERVED +CVE-2021-41059 + RESERVED +CVE-2021-41058 + RESERVED +CVE-2021-41057 (In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles s ...) + NOT-FOR-US: WIBU +CVE-2021-41056 + RESERVED +CVE-2021-41055 (Gajim 1.2.x and 1.3.x before 1.3.3 allows remote attackers to cause a ...) + {DSA-5064-1} + - python-nbxmpp 2.0.4-1 + [buster] - python-nbxmpp (Vulnerable code not present) + [stretch] - python-nbxmpp (Vulnerable code introduced later (modules added in v1.0.0)) + NOTE: https://dev.gajim.org/gajim/gajim/-/issues/10638 + NOTE: https://dev.gajim.org/gajim/python-nbxmpp/-/commit/8a626829d7c4b14077f764e61b1d1e867d21413f + NOTE: Fix in python-nbxmpp, and gajim 1.3.3 bumps depends on required nbxmpp version. +CVE-2021-41053 + RESERVED +CVE-2021-41052 + RESERVED +CVE-2021-41051 + RESERVED +CVE-2021-41050 + RESERVED +CVE-2021-41049 + RESERVED +CVE-2021-41048 + RESERVED +CVE-2021-41047 + RESERVED +CVE-2021-41046 + RESERVED +CVE-2021-41045 + RESERVED +CVE-2021-41044 + RESERVED +CVE-2021-41043 (Use after free in tcpslice triggers AddressSanitizer, no other confirm ...) + - tcpslice 1.5-1 (bug #1003190) + [bullseye] - tcpslice (Minor issue) + [buster] - tcpslice (Minor issue) + [stretch] - tcpslice (Minor issue) + NOTE: https://github.com/the-tcpdump-group/tcpslice/issues/11 + NOTE: https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a (tcpslice-1.5) +CVE-2021-41042 (In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initia ...) + NOT-FOR-US: Eclipse Lyo +CVE-2021-41041 (In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the ...) + NOT-FOR-US: Eclipse OpenJ9 +CVE-2021-41040 (In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoA ...) + NOT-FOR-US: Eclipse Wakaama +CVE-2021-41039 (In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client conn ...) + - mosquitto 2.0.11-1.2 (bug #1001028) + [bullseye] - mosquitto 2.0.11-1+deb11u1 + [buster] - mosquitto (Vulnerable code introduced later) + [stretch] - mosquitto (Vulnerable code introduced later) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575314 + NOTE: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/637 + NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/9d6a73f9f72005c2f19a262f15d28327eedea91f (v2.0.12) +CVE-2021-41038 (In versions of the @theia/plugin-ext component of Eclipse Theia prior ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-41037 (In Eclipse p2, installable units are able to alter the Eclipse Platfor ...) + NOT-FOR-US: Eclipse p2 +CVE-2021-41036 (In versions prior to 1.1 of the Eclipse Paho MQTT C Client, the client ...) + - paho.mqtt.c (Fixed before initial upload to Debian) + NOTE: https://github.com/eclipse/paho.mqtt.embedded-c/issues/96 +CVE-2021-41035 (In Eclipse Openj9 before version 0.29.0, the JVM does not throw Illega ...) + NOT-FOR-US: Eclipse OpenJ9 +CVE-2021-41034 (The build of some language stacks of Eclipse Che version 6 includes pu ...) + NOT-FOR-US: Eclipse Che +CVE-2021-41033 (In all released versions of Eclipse Equinox, at least until version 4. ...) + NOT-FOR-US: Eclipse Equinox +CVE-2021-41032 (An improper access control vulnerability [CWE-284] in FortiOS versions ...) + NOT-FOR-US: Fortiguard +CVE-2021-41031 (A relative path traversal vulnerability [CWE-23] in FortiClient for Wi ...) + NOT-FOR-US: Fortinet +CVE-2021-41030 (An authentication bypass by capture-replay vulnerability [CWE-294] in ...) + NOT-FOR-US: FortiGuard +CVE-2021-41029 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-41028 (A combination of a use of hard-coded cryptographic key vulnerability [ ...) + NOT-FOR-US: FortiGuard +CVE-2021-41027 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41026 (A relative path traversal in FortiWeb versions 6.4.1, 6.4.0, and 6.3.0 ...) + NOT-FOR-US: FortiGuard FortiWeb +CVE-2021-41025 (Multiple vulnerabilities in the authentication mechanism of confd in F ...) + NOT-FOR-US: FortiGuard +CVE-2021-41024 (A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41023 (A unprotected storage of credentials in Fortinet FortiSIEM Windows Age ...) + NOT-FOR-US: Fortiguard +CVE-2021-41022 (A improper privilege management in Fortinet FortiSIEM Windows Agent ve ...) + NOT-FOR-US: Fortiguard +CVE-2021-41021 (A privilege escalation vulnerability in FortiNAC versions 8.8.8 and be ...) + NOT-FOR-US: FortiGuard +CVE-2021-41020 (An improper access control vulnerability [CWE-284] in FortiIsolator ve ...) + NOT-FOR-US: Fortiguard +CVE-2021-41019 (An improper validation of certificate with host mismatch [CWE-297] vul ...) + NOT-FOR-US: Fortiguard +CVE-2021-41018 (A improper neutralization of special elements used in an os command (' ...) + NOT-FOR-US: FortiGuard +CVE-2021-41017 (Multiple heap-based buffer overflow vulnerabilities in some web API co ...) + NOT-FOR-US: FortiGuard +CVE-2021-41016 (A improper neutralization of special elements used in a command ('comm ...) + NOT-FOR-US: FortiGuard +CVE-2021-41015 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-41014 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 ...) + NOT-FOR-US: FortiGuard +CVE-2021-41013 (An improper access control vulnerability [CWE-284] in FortiWeb version ...) + NOT-FOR-US: FortiGuard +CVE-2021-41012 + RESERVED +CVE-2021-41011 (LINE client for iOS before 11.15.0 might expose authentication informa ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-41010 + REJECTED +CVE-2021-41009 + REJECTED +CVE-2021-41008 + REJECTED +CVE-2021-41007 + REJECTED +CVE-2021-41006 + REJECTED +CVE-2021-41005 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...) + NOT-FOR-US: Aruba Instant On +CVE-2021-41004 (A remote vulnerability was discovered in Aruba Instant On 1930 Switch ...) + NOT-FOR-US: Aruba Instant On +CVE-2021-41003 (Multiple unauthenticated command injection vulnerabilities were discov ...) + NOT-FOR-US: Aruba +CVE-2021-41002 (Multiple authenticated remote path traversal vulnerabilities were disc ...) + NOT-FOR-US: Aruba +CVE-2021-41001 (An authenticated remote code execution vulnerability was discovered in ...) + NOT-FOR-US: Aruba +CVE-2021-41000 (Multiple authenticated remote code execution vulnerabilities were disc ...) + NOT-FOR-US: Aruba +CVE-2021-40999 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40998 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40997 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-40996 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-40995 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40994 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40993 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-40992 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-40991 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-40990 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-40989 (A local escalation of privilege vulnerability was discovered in Aruba ...) + NOT-FOR-US: Aruba +CVE-2021-40988 (A remote directory traversal vulnerability was discovered in Aruba Cle ...) + NOT-FOR-US: Aruba +CVE-2021-40987 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-40986 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-3800 (A flaw was found in glib before version 2.63.6. Due to random charset ...) + {DLA-3110-1} + - glib2.0 2.64.0-1 + NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/3529bb4450a519959a5d9cb787404296322618a1 (2.63.6) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/8 +CVE-2021-40985 (A stack-based buffer under-read in htmldoc before 1.9.12, allows attac ...) + {DLA-2928-1} + - htmldoc 1.9.13-1 (unimportant) + [bullseye] - htmldoc 1.9.11-4+deb11u1 + [buster] - htmldoc 1.9.3-1+deb10u3 + NOTE: https://github.com/michaelrsweet/htmldoc/issues/444 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/f12b9666e582a8e7b70f11b28e5ffc49ad625d43 (v1.9.13) + NOTE: Crash in CLI tool, no security impact +CVE-2021-40984 + RESERVED +CVE-2021-40983 + RESERVED +CVE-2021-40982 + RESERVED +CVE-2021-40981 (ASUS ROG Armoury Crate Lite before 4.2.10 allows local users to gain p ...) + NOT-FOR-US: ASUS ROG Armoury Crate Lite +CVE-2021-40980 + RESERVED +CVE-2021-40979 + RESERVED +CVE-2021-40978 (The mkdocs 1.2.2 built-in dev-server allows directory traversal using ...) + - python-mkdocs (unimportant) + NOTE: https://github.com/mkdocs/mkdocs/issues/2601 +CVE-2021-40977 + RESERVED +CVE-2021-40976 + RESERVED +CVE-2021-40975 (Cross-site scripting (XSS) vulnerability in application/modules/admin/ ...) + NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap +CVE-2021-40974 + RESERVED +CVE-2021-40973 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40972 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40971 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40970 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40969 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40968 (Cross-site scripting (XSS) vulnerability in templates/installer/step-0 ...) + - spotweb (unimportant) + NOTE: https://github.com/spotweb/spotweb/issues/711 + NOTE: Issue only in the installer +CVE-2021-40967 + RESERVED +CVE-2021-40966 (A Stored XSS exists in TinyFileManager All version up to and including ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40965 (A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileMa ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40964 (A Path Traversal vulnerability exists in TinyFileManager all version u ...) + NOT-FOR-US: TinyFileManager +CVE-2021-40963 + RESERVED +CVE-2021-40962 + RESERVED +CVE-2021-40961 (CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/ ...) + NOT-FOR-US: CMS Made Simple +CVE-2021-40960 (Galera WebTemplate 1.0 is affected by a directory traversal vulnerabil ...) + NOT-FOR-US: Galera WebTemplate +CVE-2021-40959 + RESERVED +CVE-2021-40958 + RESERVED +CVE-2021-40957 + RESERVED +CVE-2021-40956 (LaiKetui v3.5.0 has SQL injection in the background through the menu m ...) + NOT-FOR-US: LaiKetui +CVE-2021-40955 (SQL injection exists in LaiKetui v3.5.0 the background administrator l ...) + NOT-FOR-US: LaiKetui +CVE-2021-40954 (Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability t ...) + NOT-FOR-US: LaiKetui +CVE-2021-40953 + RESERVED +CVE-2021-40952 + RESERVED +CVE-2021-40951 + RESERVED +CVE-2021-40950 + RESERVED +CVE-2021-40949 + RESERVED +CVE-2021-40948 + RESERVED +CVE-2021-40947 + RESERVED +CVE-2021-40946 + RESERVED +CVE-2021-40945 + RESERVED +CVE-2021-40944 (In GPAC MP4Box 1.1.0, there is a Null pointer reference in the functio ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1906 + NOTE: https://github.com/gpac/gpac/commit/44fdc3d972c31c56efe73e1a3b63438d46087652 (v2.0.0) +CVE-2021-40943 (In Bento4 1.6.0-638, there is a null pointer reference in the function ...) + NOT-FOR-US: Bento4 +CVE-2021-40942 (In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1908 + NOTE: https://github.com/gpac/gpac/commit/da37ec8582266983d0ec4b7550ec907401ec441e (v2.0.0) +CVE-2021-40941 (In Bento4 1.6.0-638, there is an allocator is out of memory in the fun ...) + NOT-FOR-US: Bento4 +CVE-2021-40940 (Monstra 3.0.4 does not filter the case of php, which leads to an unres ...) + NOT-FOR-US: Monstra CMS +CVE-2021-40939 + RESERVED +CVE-2021-40938 + RESERVED +CVE-2021-40937 + RESERVED +CVE-2021-40936 + RESERVED +CVE-2021-40935 + RESERVED +CVE-2021-40934 + RESERVED +CVE-2021-40933 + RESERVED +CVE-2021-40932 + RESERVED +CVE-2021-40931 + RESERVED +CVE-2021-40930 + RESERVED +CVE-2021-40929 + RESERVED +CVE-2021-40928 (Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta d ...) + NOT-FOR-US: FlexTV +CVE-2021-40927 (Cross-site scripting (XSS) vulnerability in callback.php in Spotify-fo ...) + NOT-FOR-US: Spotify-for-Alfred +CVE-2021-40926 (Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in g ...) + - php-getid3 1.9.21+dfsg-1 (unimportant) + NOTE: https://github.com/JamesHeinrich/getID3/issues/341 + NOTE: https://github.com/JamesHeinrich/getID3/commit/0163ba96f7fc64765e499847c2373b1f994797c5 (v1.9.21) + NOTE: XSS issue in demo file +CVE-2021-40925 (Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php ...) + NOT-FOR-US: infaveo-helpdesk +CVE-2021-40924 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40923 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40922 (Cross-site scripting (XSS) vulnerability in install/index.php in bugs ...) + NOT-FOR-US: Pixeline Bugs +CVE-2021-40921 (Cross-site scripting (XSS) vulnerability in _contactform.inc.php in De ...) + NOT-FOR-US: Detector +CVE-2021-40920 + RESERVED +CVE-2021-40919 + RESERVED +CVE-2021-40918 + RESERVED +CVE-2021-40917 + RESERVED +CVE-2021-40916 + RESERVED +CVE-2021-40915 + RESERVED +CVE-2021-40914 + RESERVED +CVE-2021-40913 + RESERVED +CVE-2021-40912 + RESERVED +CVE-2021-40911 + RESERVED +CVE-2021-40910 (There is a reflective cross-site scripting (XSS) vulnerability in the ...) + NOT-FOR-US: PHPCMS +CVE-2021-40909 (Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD wi ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40908 (SQL injection vulnerability in Login.php in Sourcecodester Purchase Or ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40907 (SQL injection vulnerability in Sourcecodester Storage Unit Rental Mana ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40906 (CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not saniti ...) + - check-mk +CVE-2021-40905 (The web management console of CheckMK Enterprise Edition (versions 1.5 ...) + NOT-FOR-US: CheckMK Enterprise Edition +CVE-2021-40904 (The web management console of CheckMK Raw Edition (versions 1.5.0 to 1 ...) + - check-mk +CVE-2021-40903 (A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor ...) + NOT-FOR-US: Antminer +CVE-2021-40902 (flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) i ...) + NOT-FOR-US: flatCore CMS +CVE-2021-40901 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node scniro-validator +CVE-2021-40900 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Jeyaprakash1206/regexfn +CVE-2021-40899 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node repo-git-downloader +CVE-2021-40898 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node scaffold-helper +CVE-2021-40897 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node split-html-to-chars +CVE-2021-40896 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node that-value +CVE-2021-40895 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node todo-regex +CVE-2021-40894 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: underscore-99xp +CVE-2021-40893 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node validate-data +CVE-2021-40892 (A Regular Expression Denial of Service (ReDOS) vulnerability was disco ...) + NOT-FOR-US: Node validate-color +CVE-2021-40891 + RESERVED +CVE-2021-40890 + RESERVED +CVE-2021-40889 (CMSUno version 1.7.2 is affected by a PHP code execution vulnerability ...) + NOT-FOR-US: CMSUno +CVE-2021-40888 (Projectsend version r1295 is affected by Cross Site Scripting (XSS) du ...) + NOT-FOR-US: Projectsend +CVE-2021-40887 (Projectsend version r1295 is affected by a directory traversal vulnera ...) + NOT-FOR-US: Projectsend +CVE-2021-40886 (Projectsend version r1295 is affected by a directory traversal vulnera ...) + NOT-FOR-US: Projectsend +CVE-2021-40885 + RESERVED +CVE-2021-40884 (Projectsend version r1295 is affected by sensitive information disclos ...) + NOT-FOR-US: Projectsend +CVE-2021-40883 (A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via ...) + NOT-FOR-US: emlog +CVE-2021-40882 (A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via ...) + - piwigo +CVE-2021-40881 (An issue in the BAT file parameters of PublicCMS v4.0 allows attackers ...) + NOT-FOR-US: PublicCMS +CVE-2021-40880 + RESERVED +CVE-2021-40879 + RESERVED +CVE-2021-40878 + RESERVED +CVE-2021-40877 + RESERVED +CVE-2021-40876 + RESERVED +CVE-2021-40875 (Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resul ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-40874 (An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. Wh ...) + [experimental] - lemonldap-ng 2.0.14~exp+ds-1 + - lemonldap-ng 2.0.14+ds-1 (bug #1005302) + [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u1 + [buster] - lemonldap-ng 2.0.2+ds-7+deb10u7 + [stretch] - lemonldap-ng (Vulnerable code introduced in 2.0) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2612 + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/66946e8f754812b375768c2124937137c856fe0c +CVE-2021-40873 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40872 (An issue was discovered in Softing Industrial Automation uaToolkit Emb ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40871 (An issue was discovered in Softing Industrial Automation OPC UA C++ SD ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2021-40870 (An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.192 ...) + NOT-FOR-US: Aviatrix Controller +CVE-2021-40869 + RESERVED +CVE-2021-40868 (In Cloudron 6.2, the returnTo parameter on the login page is vulnerabl ...) + NOT-FOR-US: Cloudron +CVE-2021-40867 (Certain NETGEAR smart switches are affected by an authentication hijac ...) + NOT-FOR-US: Netgear +CVE-2021-40866 (Certain NETGEAR smart switches are affected by a remote admin password ...) + NOT-FOR-US: Netgear +CVE-2021-3799 (grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI ...) + NOT-FOR-US: Grav CMS +CVE-2021-41054 (tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buff ...) + {DLA-2820-1} + - atftp 0.7.git20210915-1 (bug #994895) + [bullseye] - atftp 0.7.git20120829-3.3+deb11u1 + [buster] - atftp 0.7.git20120829-3.2~deb10u2 + NOTE: https://sourceforge.net/p/atftp/code/ci/d255bf90834fb45be52decf9bc0b4fb46c90f205/ +CVE-2021-3798 (A flaw was found in openCryptoki. The openCryptoki Soft token does not ...) + - opencryptoki (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1928780 + NOTE: Introduced with: https://github.com/opencryptoki/opencryptoki/commit/a179fd01a265a98194d9c06ec5958da1dd2ecae3 (v3.15.0) + NOTE: Fixed by: https://github.com/opencryptoki/opencryptoki/commit/4e3b43c3d8844402c04a66b55c6c940f965109f0 +CVE-2021-40865 (An Unsafe Deserialization vulnerability exists in the worker services ...) + NOT-FOR-US: Apache Storm +CVE-2021-3797 (hestiacp is vulnerable to Use of Wrong Operator in String Comparison) + NOT-FOR-US: Hestia Control Panel +CVE-2021-3796 (vim is vulnerable to Use After Free) + {DLA-2876-1} + - vim 2:8.2.3455-1 (bug #994497) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim 2:8.1.0875-5+deb10u1 + NOTE: https://huntr.dev/bounties/ab60b7f3-6fb1-4ac2-a4fa-4d592e08008d/ + NOTE: https://github.com/vim/vim/commit/35a9a00afcb20897d462a766793ff45534810dc3 (v8.2.3428) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3795 (semver-regex is vulnerable to Inefficient Regular Expression Complexit ...) + NOT-FOR-US: Node semver-regex +CVE-2021-3794 (vuelidate is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: vuelidate for Vue.js +CVE-2021-40864 (The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFIC ...) + NOT-FOR-US: Translate plugin for ONLYOFFICE Document Server +CVE-2021-40863 + RESERVED +CVE-2021-40862 (HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoi ...) + NOT-FOR-US: HashiCorp Terraform Enterprise +CVE-2021-40861 (A SQL Injection in the custom filter query component in Genesys intell ...) + NOT-FOR-US: Genesys +CVE-2021-40860 (A SQL Injection in the custom filter query component in Genesys intell ...) + NOT-FOR-US: Genesys +CVE-2021-40859 (Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B dev ...) + NOT-FOR-US: Auerswald +CVE-2021-40858 (Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Discl ...) + NOT-FOR-US: Auerswald COMpact 5500R devices +CVE-2021-40857 (Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation ...) + NOT-FOR-US: Auerswald COMpact 5500R devices +CVE-2021-40856 (Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Auth ...) + NOT-FOR-US: Auerswald +CVE-2021-40855 (The EU Technical Specifications for Digital COVID Certificates before ...) + NOT-FOR-US: EU Technical Specifications for Digital COVID Certificates +CVE-2021-40854 (AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obt ...) + NOT-FOR-US: AnyDesk +CVE-2021-40853 (TCMAN GIM does not perform an authorization check when trying to acces ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40852 (TCMAN GIM is affected by an open redirect vulnerability. This vulnerab ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40851 (TCMAN GIM is vulnerable to a lack of authorization in all available we ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40850 (TCMAN GIM is vulnerable to a SQL injection vulnerability inside severa ...) + NOT-FOR-US: TCMAN GIM +CVE-2021-40849 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, the account a ...) + - mahara +CVE-2021-40848 (In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, exported CSV ...) + - mahara +CVE-2021-40847 (The update process of the Circle Parental Control Service on various N ...) + NOT-FOR-US: Netgear +CVE-2021-40846 (An issue was discovered in Rhinode Trading Paints through 2.0.36. TP U ...) + NOT-FOR-US: Rhinode Trading Paints +CVE-2021-40845 (The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, ca ...) + NOT-FOR-US: Zenitel +CVE-2021-40844 + RESERVED +CVE-2021-40843 (Proofpoint Insider Threat Management Server contains an unsafe deseria ...) + NOT-FOR-US: Proofpoint +CVE-2021-40842 (Proofpoint Insider Threat Management Server contains a SQL injection v ...) + NOT-FOR-US: Proofpoint +CVE-2021-40841 (A Path Traversal vulnerability for a log file in LiveConfig 2.12.2 all ...) + NOT-FOR-US: LiveConfig +CVE-2021-40840 (A Stored XSS issue exists in the admin/users user administration form ...) + NOT-FOR-US: LiveConfig +CVE-2021-40839 (The rencode package through 1.0.6 for Python allows an infinite loop i ...) + - python-rencode 1.0.6-2 + [bullseye] - python-rencode (Minor issue) + [buster] - python-rencode (Minor issue) + [stretch] - python-rencode (Minor issue) + NOTE: https://github.com/aresch/rencode/commit/572ff74586d9b1daab904c6f7f7009ce0143bb75 + NOTE: https://github.com/aresch/rencode/pull/29 +CVE-2021-40838 + RESERVED +CVE-2021-40837 (A vulnerability affecting F-Secure antivirus engine before Capricorn u ...) + NOT-FOR-US: F-Secure +CVE-2021-40836 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure +CVE-2021-40835 (An URL Address bar spoofing vulnerability was discovered in Safe Brows ...) + NOT-FOR-US: Safe Browser for iOS +CVE-2021-40834 (A user interface overlay vulnerability was discovered in F-secure SAFE ...) + NOT-FOR-US: F-secure +CVE-2021-40833 (A vulnerability affecting F-Secure antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure +CVE-2021-40832 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-40831 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40830 (The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40829 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40828 (Connections initialized by the AWS IoT Device SDK v2 for Java (version ...) + NOT-FOR-US: AWS IoT Device SDK +CVE-2021-40827 (Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) ...) + - clementine (unimportant) + NOTE: https://voidsec.com/advisories/cve-2021-40827/ + NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but + NOTE: regardless just a crash in a CLI tool +CVE-2021-40826 (Clementine Music Player through 1.3.1 is vulnerable to a User Mode Wri ...) + - clementine (unimportant) + NOTE: https://voidsec.com/advisories/cve-2021-40826/ + NOTE: Bogus report with hardly useful details whether affects clementine/gstreamer, but + NOTE: regardless just a crash in a CLI tool +CVE-2021-40825 (nLight ECLYPSE (nECY) system Controllers running software prior to 1.1 ...) + NOT-FOR-US: nLight ECLYPSE (nECY) system Controllers +CVE-2021-40824 (A logic error in the room key sharing functionality of Element Android ...) + NOT-FOR-US: matrix-android-sdk2 +CVE-2021-40823 (A logic error in the room key sharing functionality of matrix-js-sdk ( ...) + - element-web (bug #866502) + - node-matrix-js-sdk (bug #994213) + [bullseye] - node-matrix-js-sdk (Minor issue) + [buster] - node-matrix-js-sdk (Minor issue) + NOTE: https://matrix.org/blog/2021/09/13/vulnerability-disclosure-key-sharing/ + NOTE: https://github.com/matrix-org/matrix-js-sdk/commit/894c24880da0e1cc81818f51c0db80e3c9fb2be9 (v12.4.1) +CVE-2021-40822 (GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the ...) + NOT-FOR-US: GeoServer +CVE-2021-40821 + RESERVED +CVE-2021-40820 + RESERVED +CVE-2021-40819 + RESERVED +CVE-2021-3793 (An improper access control vulnerability was reported in some Motorola ...) + NOT-FOR-US: Binatone +CVE-2021-3792 (Some device communications in some Motorola-branded Binatone Hubble Ca ...) + NOT-FOR-US: Binatone +CVE-2021-3791 (An information disclosure vulnerability was reported in some Motorola- ...) + NOT-FOR-US: Binatone +CVE-2021-3790 (A buffer overflow was reported in the local web server of some Motorol ...) + NOT-FOR-US: Binatone +CVE-2021-3789 (An information disclosure vulnerability was reported in some Motorola- ...) + NOT-FOR-US: Binatone +CVE-2021-3788 (An exposed debug interface was reported in some Motorola-branded Binat ...) + NOT-FOR-US: Binatone +CVE-2021-3787 (A vulnerability was reported in some Motorola-branded Binatone Hubble ...) + NOT-FOR-US: Binatone +CVE-2021-3786 (A potential vulnerability in the SMI callback function used in CSME co ...) + NOT-FOR-US: Lenovo +CVE-2021-3785 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: yourls +CVE-2021-3784 (Garuda Linux performs an insecure user creation and authentication tha ...) + NOT-FOR-US: Garuda Linux +CVE-2021-3783 (yourls is vulnerable to Improper Neutralization of Input During Web Pa ...) + NOT-FOR-US: yourls +CVE-2021-3782 (An internal reference count is held on the buffer pool, incremented ev ...) + - wayland 1.21.0-1 + [bullseye] - wayland (Minor issue) + [buster] - wayland (Minor issue) + NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 + NOTE: https://gitlab.freedesktop.org/wayland/wayland/-/commit/b19488c7154b902354cb26a27f11415d7799b0b2 (1.20.91) +CVE-2021-3781 (A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was ...) + {DSA-4972-1} + - ghostscript 9.53.3~dfsg-8 (bug #994011) + [buster] - ghostscript (Vulnerable code introduced later) + [stretch] - ghostscript (Vulnerable code introduced later) + NOTE: https://twitter.com/ducnt_/status/1434534373416574983 + NOTE: https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=704342 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a9bd3dec9fde03327a4a2c69dad1036bf9632e20 +CVE-2021-40817 + RESERVED +CVE-2021-40816 + RESERVED +CVE-2021-40815 + RESERVED +CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulner ...) + NOT-FOR-US: PrestaShop addon +CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...) + NOT-FOR-US: Element-IT HTTP Commander +CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...) + - libgd2 2.3.3-1 + [bullseye] - libgd2 (Minor issue) + [buster] - libgd2 (Minor issue) + [stretch] - libgd2 (Minor issue) + NOTE: https://github.com/libgd/libgd/issues/750#issuecomment-914872385 + NOTE: https://github.com/libgd/libgd/commit/6f5136821be86e7068fcdf651ae9420b5d42e9a9 +CVE-2021-40811 + RESERVED +CVE-2021-40810 + RESERVED +CVE-2021-40809 (An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An ...) + NOT-FOR-US: Jamf Pro +CVE-2021-40808 + RESERVED +CVE-2021-40807 + RESERVED +CVE-2021-40806 + RESERVED +CVE-2021-40805 + RESERVED +CVE-2021-40804 + RESERVED +CVE-2021-40803 + RESERVED +CVE-2021-40802 + RESERVED +CVE-2021-40801 + RESERVED +CVE-2021-40800 + RESERVED +CVE-2021-40799 + RESERVED +CVE-2021-40798 + RESERVED +CVE-2021-40797 (An issue was discovered in the routes middleware in OpenStack Neutron ...) + - neutron 2:19.0.0-1 (unimportant; bug #994202) + [bullseye] - neutron 2:17.2.1-0+deb11u1 + [buster] - neutron 2:13.0.7+git.2021.09.27.bace3d1890-0+deb10u1 + NOTE: https://launchpad.net/bugs/1942179 + NOTE: neutron-api in Debian is served over UWSGI, cf. https://bugs.debian.org/994202 + NOTE: and so serves the requests and stops the process. +CVE-2021-40796 (Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40795 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-40794 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-40793 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-40792 (Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memor ...) + NOT-FOR-US: Adobe +CVE-2021-40791 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-40790 (Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-40789 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-40788 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-40787 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-40786 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-40785 (Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affect ...) + NOT-FOR-US: Adobe +CVE-2021-40784 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40783 (Adobe Premiere Rush version 1.5.16 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40782 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40781 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40780 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40779 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40778 (Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40777 (Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40776 (Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege ...) + NOT-FOR-US: Adobe +CVE-2021-40775 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40774 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40773 (Adobe Prelude version 10.1 (and earlier) is affected by a null pointer ...) + NOT-FOR-US: Adobe +CVE-2021-40772 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40771 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40770 (Adobe Prelude version 10.1 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-40769 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...) + NOT-FOR-US: Adobe +CVE-2021-40768 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-40767 (Adobe Character Animator version 4.4 (and earlier) is affected by an A ...) + NOT-FOR-US: Adobe +CVE-2021-40766 (Adobe Character Animator version 4.4 (and earlier versions) are affect ...) + NOT-FOR-US: Adobe +CVE-2021-40765 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) + NOT-FOR-US: Adobe +CVE-2021-40764 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) + NOT-FOR-US: Adobe +CVE-2021-40763 (Adobe Character Animator version 4.4 (and earlier) is affected by a me ...) + NOT-FOR-US: Adobe +CVE-2021-40762 (Adobe Character Animator version 4.4 (and earlier) is affected by a Nu ...) + NOT-FOR-US: Adobe +CVE-2021-40761 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + NOT-FOR-US: Adobe +CVE-2021-40760 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40759 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40758 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40757 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40756 (Adobe After Effects version 18.4.1 (and earlier) is affected by a Null ...) + NOT-FOR-US: Adobe +CVE-2021-40755 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40754 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40753 (Adobe After Effects version 18.4.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-40752 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40751 (Adobe After Effects version 18.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40750 (Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointe ...) + NOT-FOR-US: Adobe +CVE-2021-40749 + RESERVED +CVE-2021-40748 + RESERVED +CVE-2021-40747 + RESERVED +CVE-2021-40746 + RESERVED +CVE-2021-40745 (Adobe Campaign version 21.2.1 (and earlier) is affected by a Path Trav ...) + NOT-FOR-US: Adobe +CVE-2021-40744 + RESERVED +CVE-2021-40743 + RESERVED +CVE-2021-40742 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...) + NOT-FOR-US: Adobe +CVE-2021-40741 (Adobe Audition version 14.4 (and earlier) is affected by an Access of ...) + NOT-FOR-US: Adobe +CVE-2021-40740 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40739 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40738 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40737 (Adobe Audition version 14.4 (and earlier) is affected by a Null pointe ...) + NOT-FOR-US: Adobe +CVE-2021-40736 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40735 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40734 (Adobe Audition version 14.4 (and earlier) is affected by a memory corr ...) + NOT-FOR-US: Adobe +CVE-2021-40733 (Adobe Animate version 21.0.9 (and earlier) is affected by a memory cor ...) + NOT-FOR-US: Adobe +CVE-2021-40732 (XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-40731 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40730 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40729 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40728 (Adobe Acrobat Reader DC version 21.007.20095 (and earlier), 21.007.200 ...) + NOT-FOR-US: Adobe +CVE-2021-40727 (Access of Memory Location After End of Buffer (CWE-788) + NOT-FOR-US: Adobe +CVE-2021-40726 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-40725 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-40724 (Acrobat Reader for Android versions 21.8.0 (and earlier) are affected ...) + NOT-FOR-US: Adobe +CVE-2021-40723 (Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020 ...) + NOT-FOR-US: Adobe +CVE-2021-40722 (AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and bel ...) + NOT-FOR-US: Adobe +CVE-2021-40721 (Adobe Connect version 11.2.3 (and earlier) is affected by a reflected ...) + NOT-FOR-US: Adobe +CVE-2021-40720 (Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization o ...) + NOT-FOR-US: Adobe +CVE-2021-40719 (Adobe Connect version 11.2.3 (and earlier) is affected by a Deserializ ...) + NOT-FOR-US: Adobe +CVE-2021-40718 + RESERVED +CVE-2021-40717 + RESERVED +CVE-2021-40716 (XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out- ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-40715 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40714 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40713 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40712 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40711 (Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by ...) + NOT-FOR-US: Adobe +CVE-2021-40710 (Adobe Premiere Pro version 15.4 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-40709 (Adobe Photoshop versions 21.2.11 (and earlier) and 22.5 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-40708 (Adobe Genuine Service versions 7.3 (and earlier) are affected by a pri ...) + NOT-FOR-US: Adobe +CVE-2021-40707 + RESERVED +CVE-2021-40706 + RESERVED +CVE-2021-40705 + RESERVED +CVE-2021-40704 + RESERVED +CVE-2021-40703 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40702 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40701 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40700 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-40699 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...) + NOT-FOR-US: Adobe +CVE-2021-40698 (ColdFusion version 2021 update 1 (and earlier) and versions 2018.10 (a ...) + NOT-FOR-US: Adobe +CVE-2021-40697 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-40696 + REJECTED +CVE-2021-40695 (It was possible for a student to view their quiz grade before it had b ...) + - moodle +CVE-2021-40694 (Insufficient escaping of the LaTeX preamble made it possible for site ...) + - moodle +CVE-2021-40693 (An authentication bypass risk was identified in the external database ...) + - moodle +CVE-2021-40692 (Insufficient capability checks made it possible for teachers to downlo ...) + - moodle +CVE-2021-40691 (A session hijack risk was identified in the Shibboleth authentication ...) + - moodle +CVE-2021-40690 (All versions of Apache Santuario - XML Security for Java prior to 2.2. ...) + {DSA-5010-1 DLA-2767-1} + - libxml-security-java 2.1.7-1 (bug #994569) + NOTE: https://santuario.apache.org/secadv.data/CVE-2021-40690.txt.asc +CVE-2021-3780 (peertube is vulnerable to Improper Neutralization of Input During Web ...) + - peertube (bug #950821) +CVE-2021-40689 + RESERVED +CVE-2021-40688 + RESERVED +CVE-2021-40687 + RESERVED +CVE-2021-40686 + RESERVED +CVE-2021-40685 + RESERVED +CVE-2021-40684 (Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R ...) + NOT-FOR-US: Talend ESB Runtime +CVE-2021-XXXX [jwe cbc tag computation error] + - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy 0.9.13-3+deb11u1 + NOTE: https://github.com/babelouest/rhonabwy/commit/996d935540c2c171c7678f14b8178d9ce87db9ac (v1.0.0) +CVE-2021-XXXX [jws alg:none signature verification issue] + - rhonabwy 0.9.13-4 (bug #993866) + [bullseye] - rhonabwy 0.9.13-3+deb11u1 + NOTE: https://github.com/babelouest/rhonabwy/commit/ff9ecad4c9a031c8369acde67ea52d558899e51e (v1.0.0) +CVE-2021-40818 (scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer ov ...) + - glewlwyd 2.5.2-3 (bug #993867) + [bullseye] - glewlwyd 2.5.2-2+deb11u1 + [buster] - glewlwyd (Vulnerable code for FIDO2 signature validation introduced later) + NOTE: https://github.com/babelouest/glewlwyd/commit/0efd112bb62f566877750ad62ee828bff579b4e2 +CVE-2021-40683 (In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4 ...) + NOT-FOR-US: Akamai EAA (Enterprise Application Access) Client +CVE-2021-40682 + RESERVED +CVE-2021-3779 (A malicious MySQL server can request local file content from a client ...) + - ruby-mysql +CVE-2021-3778 (vim is vulnerable to Heap-based Buffer Overflow) + {DLA-2876-1} + - vim 2:8.2.3455-1 (bug #994498) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim 2:8.1.0875-5+deb10u1 + NOTE: https://huntr.dev/bounties/d9c17308-2c99-4f9f-a706-f7f72c24c273 + NOTE: https://github.com/vim/vim/commit/65b605665997fad54ef39a93199e305af2fe4d7f (v8.2.3409) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3777 (nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: nodejs-tmpl +CVE-2021-40681 + RESERVED +CVE-2021-40680 (There is a Directory Traversal vulnerability in Artica Proxy (4.30.000 ...) + NOT-FOR-US: ArticaTech +CVE-2021-40679 + RESERVED +CVE-2021-40678 (In Piwigo 11.5.0, there exists a persistent cross-site scripting in th ...) + - piwigo +CVE-2021-40677 + RESERVED +CVE-2021-40676 + RESERVED +CVE-2021-40675 + RESERVED +CVE-2021-40674 (An SQL injection vulnerability exists in Wuzhi CMS v4.1.0 via the KeyV ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40673 + RESERVED +CVE-2021-40672 + RESERVED +CVE-2021-40671 + RESERVED +CVE-2021-40670 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40669 (SQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords ...) + NOT-FOR-US: Wuzhi CMS +CVE-2021-40668 (The Android application HTTP File Server (Version 1.4.1) by 'slowscrip ...) + NOT-FOR-US: Android application HTTP File Server +CVE-2021-40667 + RESERVED +CVE-2021-40666 + RESERVED +CVE-2021-40665 + RESERVED +CVE-2021-40664 + RESERVED +CVE-2021-40663 (deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Cont ...) + NOT-FOR-US: Node deep.assign +CVE-2021-40662 (A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows atta ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-40661 (A remote, unauthenticated, directory traversal vulnerability was ident ...) + NOT-FOR-US: IND780 Advanced Weighing Terminals +CVE-2021-40660 (An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ...) + NOT-FOR-US: Delight Nashorn Sandbox +CVE-2021-40659 + RESERVED +CVE-2021-40658 (Textpattern 4.8.7 is affected by a HTML injection vulnerability throug ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-40657 + RESERVED +CVE-2021-40656 (libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/ ...) + - libsixel 1.10.3-1 + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/libsixel/libsixel/commit/dc96cdc27fb53e8595af67aaf68001033c808e42 (1.10.0) + NOTE: https://github.com/libsixel/libsixel/pull/26 + NOTE: https://github.com/libsixel/libsixel/issues/25 +CVE-2021-40655 (An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Ve ...) + NOT-FOR-US: D-Link +CVE-2021-40654 (An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An ...) + NOT-FOR-US: D-Link +CVE-2021-40653 + RESERVED +CVE-2021-40652 + RESERVED +CVE-2021-40651 (OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vu ...) + NOT-FOR-US: OS4Ed OpenSIS Community +CVE-2021-40650 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the ...) + NOT-FOR-US: Connx +CVE-2021-40649 (In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the ...) + NOT-FOR-US: Connx +CVE-2021-40648 (In man2html 1.6g, a filename can be created to overwrite the previous ...) + - man2html (bug #1021738) + [bookworm] - man2html (Minor issue) + [bullseye] - man2html (Minor issue) + [buster] - man2html (Minor issue) + NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 +CVE-2021-40647 (In man2html 1.6g, a specific string being read in from a file will ove ...) + - man2html (bug #1021738) + [bookworm] - man2html (Minor issue) + [bullseye] - man2html (Minor issue) + [buster] - man2html (Minor issue) + NOTE: https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 +CVE-2021-40646 + RESERVED +CVE-2021-40645 (An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/ ...) + NOT-FOR-US: glorylion JFinalQA +CVE-2021-40644 (An SQL Injection vulnerability exists in oasys oa_system as of 9/7/202 ...) + NOT-FOR-US: oasys Office Automation system +CVE-2021-40643 (EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerabil ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2021-40642 (Textpattern CMS v4.8.7 and older vulnerability exists through Sensitiv ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-40641 + RESERVED +CVE-2021-40640 + RESERVED +CVE-2021-40639 (Improper access control in Jfinal CMS 5.1.0 allows attackers to access ...) + NOT-FOR-US: Jfinal CMS +CVE-2021-40638 + RESERVED +CVE-2021-40637 (OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCh ...) + NOT-FOR-US: openSIS +CVE-2021-40636 (OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.p ...) + NOT-FOR-US: openSIS +CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ...) + NOT-FOR-US: openSIS +CVE-2021-40634 + RESERVED +CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5 ...) + - giflib (unimportant; bug #1014586) + NOTE: https://sourceforge.net/p/giflib/bugs/157/ + NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact +CVE-2021-40632 + RESERVED +CVE-2021-40631 + RESERVED +CVE-2021-40630 + RESERVED +CVE-2021-40629 + RESERVED +CVE-2021-40628 + RESERVED +CVE-2021-40627 + RESERVED +CVE-2021-40626 + RESERVED +CVE-2021-40625 + RESERVED +CVE-2021-40624 + RESERVED +CVE-2021-40623 + RESERVED +CVE-2021-40622 + RESERVED +CVE-2021-40621 + RESERVED +CVE-2021-40620 + RESERVED +CVE-2021-40619 + RESERVED +CVE-2021-40618 (An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1 ...) + NOT-FOR-US: openSIS +CVE-2021-40617 (An SQL Injection vulnerability exists in openSIS Community Edition ver ...) + NOT-FOR-US: openSIS +CVE-2021-40616 (thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can mo ...) + NOT-FOR-US: thinkcmf +CVE-2021-40615 + RESERVED +CVE-2021-40614 + RESERVED +CVE-2021-40613 + RESERVED +CVE-2021-40612 (An issue was discovered in Opmantek Open-AudIT after 3.5.0. Without au ...) + NOT-FOR-US: Opmantek Open-AudIT +CVE-2021-40611 + RESERVED +CVE-2021-40610 (Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background m ...) + NOT-FOR-US: emlog +CVE-2021-40609 (The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a d ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1894 + NOTE: https://github.com/gpac/gpac/commit/86c1566f040b2b84c72afcb6cbd444c5aff56cfe (v2.0.0) +CVE-2021-40608 (The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers t ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1883 + NOTE: https://github.com/gpac/gpac/commit/b09c75dc2d4bf68ac447daa71e72365aa30231a9 (v2.0.0) +CVE-2021-40607 (The schm_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1879 + NOTE: https://github.com/gpac/gpac/commit/f19668964bf422cf5a63e4dbe1d3c6c75edadcbb (v2.0.0) +CVE-2021-40606 (The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + NOTE: https://github.com/gpac/gpac/issues/1885 + NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) +CVE-2021-40605 + RESERVED +CVE-2021-40604 (A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Su ...) + NOT-FOR-US: IPS Community Suite +CVE-2021-40603 + RESERVED +CVE-2021-40602 + RESERVED +CVE-2021-40601 + RESERVED +CVE-2021-40600 + RESERVED +CVE-2021-40599 + RESERVED +CVE-2021-40598 + RESERVED +CVE-2021-40597 (The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Adminis ...) + NOT-FOR-US: EDIMAX IC-3140W +CVE-2021-40596 (SQL injection vulnerability in Login.php in sourcecodester Online Lear ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40595 (SQL injection vulnerability in Sourcecodester Online Leave Management ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40594 + RESERVED +CVE-2021-40593 + RESERVED +CVE-2021-40592 (GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (v ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/commit/71460d72ec07df766dab0a4d52687529f3efcf0a (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1876 +CVE-2021-40591 + RESERVED +CVE-2021-40590 + RESERVED +CVE-2021-40589 (ZAngband zangband-data 2.7.5 is affected by an integer underflow vulne ...) + - zangband (unimportant) + NOTE: https://sourceforge.net/p/zangband/bugs/671/ + NOTE: Negligible security impact +CVE-2021-40588 + RESERVED +CVE-2021-40587 + RESERVED +CVE-2021-40586 + RESERVED +CVE-2021-40585 + RESERVED +CVE-2021-40584 + RESERVED +CVE-2021-40583 + RESERVED +CVE-2021-40582 + RESERVED +CVE-2021-40581 + RESERVED +CVE-2021-40580 + RESERVED +CVE-2021-40579 (https://www.sourcecodester.com/ Online Enrollment Management System in ...) + NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code +CVE-2021-40578 (Authenticated Blind & Error-based SQL injection vulnerability was disc ...) + NOT-FOR-US: Online Enrollment Management System in PHP and PayPal Free Source Code +CVE-2021-40577 (A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecode ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40576 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1904 + NOTE: https://github.com/gpac/gpac/commit/ad18ece95fa064efc0995c4ab2c985f77fb166ec (v2.0.0) +CVE-2021-40575 (The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnera ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1905 + NOTE: https://github.com/gpac/gpac/commit/5f2c2a16d30229b6241f02fa28e3d6b810d64858 (v2.0.0) +CVE-2021-40574 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1897 + NOTE: https://github.com/gpac/gpac/commit/30ac5e5236b790accd1f25347eebf2dc8c6c1bcb (v2.0.0) +CVE-2021-40573 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1891 + NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) +CVE-2021-40572 (The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_fi ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1893 + NOTE: https://github.com/gpac/gpac/commit/7bb1b4a4dd23c885f9db9f577dfe79ecc5433109 (v2.0.0) +CVE-2021-40571 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1895 + NOTE: https://github.com/gpac/gpac/commit/a69b567b8c95c72f9560c873c5ab348be058f340 (v2.0.0) +CVE-2021-40570 (The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1899 + NOTE: https://github.com/gpac/gpac/commit/04dbf08bff4d61948bab80c3f9096ecc60c7f302 (v2.0.0) +CVE-2021-40569 (The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerabilit ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1890 + NOTE: https://github.com/gpac/gpac/commit/b03c9f252526bb42fbd1b87b9f5e339c3cf2390a (v2.0.0) +CVE-2021-40568 (A buffer overflow vulnerability exists in Gpac through 1.0.1 via a mal ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1900 + NOTE: https://github.com/gpac/gpac/commit/f1ae01d745200a258cdf62622f71754c37cb6c30 (v2.0.0) +CVE-2021-40567 (Segmentation fault vulnerability exists in Gpac through 1.0.1 via the ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1889 + NOTE: https://github.com/gpac/gpac/commit/f5a038e6893019ee471b6a57490cf7a495673816 (v2.0.0) +CVE-2021-40566 (A Segmentation fault casued by heap use after free vulnerability exist ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1887 + NOTE: https://github.com/gpac/gpac/commit/96047e0e6166407c40cc19f4e94fb35cd7624391 (v2.0.0) +CVE-2021-40565 (A Segmentation fault caused by a null pointer dereference vulnerabilit ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1902 + NOTE: https://github.com/gpac/gpac/commit/893fb99b606eebfae46cde151846a980e689039b (v2.0.0) +CVE-2021-40564 (A Segmentation fault caused by null pointer dereference vulnerability ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1898 + NOTE: https://github.com/gpac/gpac/commit/cf6771c857eb9a290e2c19ddacfdd3ed98b27618 (v2.0.0) +CVE-2021-40563 (A Segmentation fault exists casued by null pointer dereference exists ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1892 + NOTE: https://github.com/gpac/gpac/commit/5ce0c906ed8599d218036b18b78e8126a496f137 (v2.0.0) +CVE-2021-40562 (A Segmentation fault caused by a floating point exception exists in Gp ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1901 + NOTE: https://github.com/gpac/gpac/commit/5dd71c7201a3e5cf40732d585bfb21c906c171d3 (v2.0.0) +CVE-2021-40561 + RESERVED +CVE-2021-40560 + RESERVED +CVE-2021-40559 (A null pointer deference vulnerability exists in gpac through 1.0.1 vi ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1886 + NOTE: https://github.com/gpac/gpac/commit/70607fc71a671cf48a05e013a4e411429373dce7 (v2.0.0) +CVE-2021-40558 + RESERVED +CVE-2021-40557 + RESERVED +CVE-2021-40556 (A stack overflow vulnerability exists in the httpd service in ASUS RT- ...) + NOT-FOR-US: ASUS +CVE-2021-40555 (Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows ...) + NOT-FOR-US: flatCore-CMS +CVE-2021-40554 + RESERVED +CVE-2021-40553 (piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerabili ...) + - piwigo +CVE-2021-40552 + RESERVED +CVE-2021-40551 + RESERVED +CVE-2021-40550 + RESERVED +CVE-2021-40549 + RESERVED +CVE-2021-40548 + RESERVED +CVE-2021-40547 + RESERVED +CVE-2021-40546 (Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have ...) + NOT-FOR-US: Tenda +CVE-2021-40545 + RESERVED +CVE-2021-40544 + RESERVED +CVE-2021-40543 (Opensis-Classic Version 8.0 is affected by a SQL injection vulnerabili ...) + NOT-FOR-US: openSIS +CVE-2021-40542 (Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). ...) + NOT-FOR-US: openSIS +CVE-2021-40541 (PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the pr ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40540 (ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info ...) + - ulfius 2.7.1-2 (bug #993851) + [bullseye] - ulfius 2.7.1-1+deb11u1 + [buster] - ulfius 2.5.2-4+deb10u1 + NOTE: https://github.com/babelouest/ulfius/commit/c83f564c184a27145e07c274b305cabe943bbfaa +CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnera ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40538 + RESERVED +CVE-2021-40537 (Server Side Request Forgery (SSRF) vulnerability exists in owncloud/us ...) + - owncloud +CVE-2021-40536 + RESERVED +CVE-2021-40535 + RESERVED +CVE-2021-40534 + RESERVED +CVE-2021-40533 + RESERVED +CVE-2021-40532 (Telegram Web K Alpha before 0.7.2 mishandles the characters in a docum ...) + NOT-FOR-US: tweb + NOTE: https://github.com/morethanwords/tweb +CVE-2021-40531 (Sketch before 75 allows library feeds to be used to bypass file quaran ...) + NOT-FOR-US: Sketch collaborative design (Mac or Web app) + NOTE: sketch.com, not the sketch package in Debian. +CVE-2021-40530 (The ElGamal implementation in Crypto++ through 8.5 allows plaintext re ...) + - libcrypto++ 8.6.0-1 (bug #993841) + [bullseye] - libcrypto++ (Minor issue) + [buster] - libcrypto++ (Minor issue) + [stretch] - libcrypto++ (Minor issue) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://github.com/weidai11/cryptopp/issues/1059 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 + NOTE: https://github.com/weidai11/cryptopp/commit/bee8e8ca6658 (CRYPTOPP_8_6_0) +CVE-2021-40529 (The ElGamal implementation in Botan through 2.18.1, as used in Thunder ...) + - botan 2.18.1+dfsg-3 (bug #993840) + [bullseye] - botan (Minor issue) + [buster] - botan (Minor issue) + - botan1.10 + [stretch] - botan1.10 (Affected function encrypt(...) has changed drastically. Backport is too instrusive to backport) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://github.com/randombit/botan/pull/2790 + NOTE: Fixed by: https://github.com/randombit/botan/commit/9a23e4e3bc3966340531f2ff608fa9d33b5185a2 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 +CVE-2021-33560 (Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encry ...) + - libgcrypt20 1.9.4-2 + [bullseye] - libgcrypt20 (Minor issue) + [buster] - libgcrypt20 (Minor issue) + [stretch] - libgcrypt20 (Minor issue) + NOTE: https://eprint.iacr.org/2021/923 + NOTE: https://ibm.github.io/system-security-research-updates/2021/07/20/insecurity-elgamal-pt1 + NOTE: https://ibm.github.io/system-security-research-updates/2021/09/06/insecurity-elgamal-pt2 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=e8b7f10be275bcedb5fc05ed4837a89bfd605c61 (1.9.x) + NOTE: Related to CVE-2021-33560, but not a duplicate. Unfortunately scope of CVE-2021-33560 and + NOTE: CVE-2021-40528 got switched at some point, and CVE-2021-33560 referring to the blinding + NOTE: hardening. We keep the original association as per 2021-09-19 (until MITRE clarifies on + NOTE: a query). +CVE-2021-40527 (Exposure of senstive information to an unauthorised actor in the "com. ...) + NOT-FOR-US: "com.onepeloton.erlich" mobile application +CVE-2021-40526 (Incorrect calculation of buffer size vulnerability in Peleton TTR01 up ...) + NOT-FOR-US: Peleton +CVE-2021-40525 (Apache James ManagedSieve implementation alongside with the file stora ...) + NOT-FOR-US: Apache James +CVE-2021-3776 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-3775 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-3774 (Meross Smart Wi-Fi 2 Way Wall Switch (MSS550X), on its 3.1.3 version a ...) + NOT-FOR-US: Meross Smart Wi-Fi 2 Way Wall Switch +CVE-2021-3773 (A flaw in netfilter could allow a network-connected attacker to infer ...) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/08/3 + NOTE: https://breakpointingbad.com/2021/09/08/Port-Shadows-via-Network-Alchemy.html + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1189897 + NOTE: No code changes necessary/needed, firewall rules are reponsibility of local admin +CVE-2021-3772 (A flaw was found in the Linux SCTP stack. A blind attacker may be able ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.16-1 + [bullseye] - linux 5.10.84-1 + [buster] - linux 4.19.235-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000694 +CVE-2021-3771 + REJECTED +CVE-2021-40524 (In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism ...) + - pure-ftpd 1.0.50-1 (bug #993810) + [bullseye] - pure-ftpd (Minor issue) + [buster] - pure-ftpd (Minor issue) + [stretch] - pure-ftpd (Minor issue) + NOTE: https://github.com/jedisct1/pure-ftpd/pull/158 +CVE-2021-40523 (In Contiki 3.0, Telnet option negotiation is mishandled. During negoti ...) + NOT-FOR-US: Contiki +CVE-2021-40522 + RESERVED +CVE-2021-40521 (Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Executi ...) + NOT-FOR-US: Airangel +CVE-2021-40520 (Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials ...) + NOT-FOR-US: Airangel +CVE-2021-40519 (Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database ...) + NOT-FOR-US: Airangel +CVE-2021-40518 (Airangel HSMX Gateway devices through 5.2.04 allow CSRF.) + NOT-FOR-US: Airangel +CVE-2021-40517 (Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored C ...) + NOT-FOR-US: Airangel +CVE-2021-40516 (WeeChat before 3.2.1 allows remote attackers to cause a denial of serv ...) + {DLA-2770-1} + - weechat 3.2.1-1 (bug #993803) + [bullseye] - weechat 3.0-1+deb11u1 + [buster] - weechat 2.3-1+deb10u1 + NOTE: https://github.com/weechat/weechat/commit/8b1331f98de1714bae15a9ca2e2b393ba49d735b +CVE-2021-40515 + RESERVED +CVE-2021-3770 (vim is vulnerable to Heap-based Buffer Overflow) + - vim 2:8.2.3455-1 (bug #994076) + [bullseye] - vim 2:8.2.2434-3+deb11u1 + [buster] - vim 2:8.1.0875-5+deb10u1 + NOTE: https://huntr.dev/bounties/016ad2f2-07c1-4d14-a8ce-6eed10729365/ + NOTE: Fixed by: https://github.com/vim/vim/commit/b7081e135a16091c93f6f5f7525a5c58fb7ca9f9 (v8.2.3402) + NOTE: Followup fix for introduced memory leak: https://github.com/vim/vim/commit/2ddb89f8a94425cda1e5491efc80c1ccccb6e08e (v8.2.3403) + NOTE: https://www.openwall.com/lists/oss-security/2021/10/01/1 +CVE-2021-3769 (# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` t ...) + NOT-FOR-US: ohmyzsh +CVE-2021-40514 + RESERVED +CVE-2021-40513 + RESERVED +CVE-2021-40512 + RESERVED +CVE-2021-40511 (OBDA systems\u2019 Mastro 1.0 is vulnerable to XML Entity Expansion (a ...) + NOT-FOR-US: OBDA Mastro +CVE-2021-40510 (XML eXternal Entity (XXE) in OBDA systems\u2019 Mastro 1.0 allows remo ...) + NOT-FOR-US: OBDA Mastro +CVE-2021-40509 (ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.) + NOT-FOR-US: JForum2 +CVE-2021-3768 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: bookstack +CVE-2021-3767 (bookstack is vulnerable to Improper Neutralization of Input During Web ...) + NOT-FOR-US: bookstack +CVE-2021-40508 + RESERVED +CVE-2021-40507 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...) + NOT-FOR-US: OR1200 +CVE-2021-40506 (An issue was discovered in the ALU unit of the OR1200 (aka OpenRISC 12 ...) + NOT-FOR-US: OR1200 +CVE-2021-40505 + RESERVED +CVE-2021-3766 (objection.js is vulnerable to Improperly Controlled Modification of Ob ...) + NOT-FOR-US: Node objection.js +CVE-2021-3765 (validator.js is vulnerable to Inefficient Regular Expression Complexit ...) + - validator.js + [stretch] - validator.js (Minor issue, ReDOS, partial fix, no rdeps) + NOTE: https://github.com/validatorjs/validator.js/commit/496fc8b2a7f5997acaaec33cc44d0b8dba5fb5e1 (13.7.0) + NOTE: partial fix, only applies to chars==null +CVE-2021-40504 (A certain template role in SAP NetWeaver Application Server for ABAP a ...) + NOT-FOR-US: SAP +CVE-2021-40503 (An information disclosure vulnerability exists in SAP GUI for Windows ...) + NOT-FOR-US: SAP +CVE-2021-40502 (SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not pe ...) + NOT-FOR-US: SAP +CVE-2021-40501 (SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not p ...) + NOT-FOR-US: SAP +CVE-2021-40500 (SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - ...) + NOT-FOR-US: SAP +CVE-2021-40499 (Client-side printing services SAP Cloud Print Manager and SAPSprint fo ...) + NOT-FOR-US: SAP +CVE-2021-40498 (A vulnerability has been identified in SAP SuccessFactors Mobile Appli ...) + NOT-FOR-US: SAP +CVE-2021-40497 (SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, a ...) + NOT-FOR-US: SAP +CVE-2021-40496 (SAP Internet Communication framework (ICM) - versions 700, 701, 702, 7 ...) + NOT-FOR-US: SAP +CVE-2021-40495 (There are multiple Denial-of Service vulnerabilities in SAP NetWeaver ...) + NOT-FOR-US: SAP +CVE-2021-40494 (A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI throu ...) + NOT-FOR-US: AdaptiveScale LXDUI +CVE-2021-40493 (Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injecti ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40492 (A reflected XSS vulnerability exists in multiple pages in version 22 o ...) + NOT-FOR-US: Gibbon application +CVE-2021-40489 (Storage Spaces Controller Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40488 (Storage Spaces Controller Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40487 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40486 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40485 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40484 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40483 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40482 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40481 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40480 (Microsoft Office Visio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40479 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40478 (Storage Spaces Controller Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40477 (Windows Event Tracing Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40476 (Windows AppContainer Elevation Of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40475 (Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-40474 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40473 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40472 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40471 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40470 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40469 (Windows DNS Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40468 (Windows Bind Filter Driver Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40467 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40466 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40465 (Windows Text Shaping Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40464 (Windows Nearby Sharing Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40463 (Windows Network Address Translation (NAT) Denial of Service Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-40462 (Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Exec ...) + NOT-FOR-US: Microsoft +CVE-2021-40461 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40460 (Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-40459 + RESERVED +CVE-2021-40458 + RESERVED +CVE-2021-40457 (Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-40456 (Windows AD FS Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40455 (Windows Installer Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40454 (Rich Text Edit Control Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40453 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40452 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40451 + RESERVED +CVE-2021-40450 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40449 (Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40448 (Microsoft Accessibility Insights for Android Information Disclosure Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-40447 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-40446 + RESERVED +CVE-2021-40445 + RESERVED +CVE-2021-40444 (Microsoft MSHTML Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40443 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-40442 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40441 (Windows Media Center Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-40440 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-3764 (A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux (Vulnerability introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997467 + NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) +CVE-2021-3763 (A flaw was found in the Red Hat AMQ Broker management console in versi ...) + NOT-FOR-US: Red Hat AMQ Broker +CVE-2021-3762 (A directory traversal vulnerability was found in the ClairCore engine ...) + NOT-FOR-US: Quay/clair +CVE-2021-40439 (Apache OpenOffice has a dependency on expat software. Versions prior t ...) + NOT-FOR-US: Apache OpenOffice +CVE-2021-40438 (A crafted request uri-path can cause mod_proxy to forward the request ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-40438 + NOTE: Minimal fix: https://github.com/apache/httpd/commit/496c863776c68bd08cdbeb7d8fa5935ba63b76c2 (2.4.x) + NOTE: Future-proof follow-up: https://github.com/apache/httpd/commit/d4901cb32133bc0e59ad193a29d1665597080d67 (2.4.x) + NOTE: Regression fix #1: https://github.com/apache/httpd/commit/6e768a811c59ca6a0769b72681aaef381823339f (2.4.x) + NOTE: Regression fix #2: https://github.com/apache/httpd/commit/81a8b0133b46c4cf7dfc4b5476ad46eb34aa0a5c (2.4.x) +CVE-2021-40491 (The ftp client in GNU Inetutils before 2.2 does not validate addresses ...) + {DLA-3205-1} + - inetutils 2:2.2-1 (bug #993476) + [bullseye] - inetutils 2:2.0-1+deb11u1 + [stretch] - inetutils (Minor issue) + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2021-06/msg00002.html + NOTE: https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=58cb043b190fd04effdaea7c9403416b436e50dd +CVE-2021-40490 (A race condition was discovered in ext4_write_inline_data_end in fs/ex ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://lore.kernel.org/linux-ext4/000000000000e5080305c9e51453@google.com/ +CVE-2021-40437 + RESERVED +CVE-2021-40436 + RESERVED +CVE-2021-40435 + RESERVED +CVE-2021-40434 + RESERVED +CVE-2021-40433 + RESERVED +CVE-2021-40432 + RESERVED +CVE-2021-40431 + RESERVED +CVE-2021-40430 + RESERVED +CVE-2021-40429 + RESERVED +CVE-2021-40428 + RESERVED +CVE-2021-40427 + RESERVED +CVE-2021-40426 (A heap-based buffer overflow vulnerability exists in the sphere.c star ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.1 (bug #1012138) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1434 + NOTE: https://sourceforge.net/p/sox/bugs/362/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-40425 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) + NOT-FOR-US: Webroot +CVE-2021-40424 (An out-of-bounds read vulnerability exists in the IOCTL GetProcessComm ...) + NOT-FOR-US: Webroot +CVE-2021-40423 (A denial of service vulnerability exists in the cgiserver.cgi API comm ...) + NOT-FOR-US: Reolink +CVE-2021-40422 (An authentication bypass vulnerability exists in the device password g ...) + NOT-FOR-US: Swift Sensors +CVE-2021-40421 + RESERVED +CVE-2021-40420 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2021-40419 (A firmware update vulnerability exists in the 'factory' binary of reol ...) + NOT-FOR-US: Reolink +CVE-2021-40418 (When parsing a file that is submitted to the DPDecoder service as a jo ...) + NOT-FOR-US: DaVinci Resolve +CVE-2021-40417 (When parsing a file that is submitted to the DPDecoder service as a jo ...) + NOT-FOR-US: DaVinci Resolve +CVE-2021-40416 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40415 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40414 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40413 (An incorrect default permission vulnerability exists in the cgiserver. ...) + NOT-FOR-US: Reolink +CVE-2021-40412 (An OScommand injection vulnerability exists in the device network sett ...) + NOT-FOR-US: Reolink +CVE-2021-40411 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40410 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40409 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40408 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40407 (An OS command injection vulnerability exists in the device network set ...) + NOT-FOR-US: Reolink +CVE-2021-40406 (A denial of service vulnerability exists in the cgiserver.cgi session ...) + NOT-FOR-US: Reolink +CVE-2021-40405 (A denial of service vulnerability exists in the cgiserver.cgi Upgrade ...) + NOT-FOR-US: Reolink +CVE-2021-40404 (An authentication bypass vulnerability exists in the cgiserver.cgi Log ...) + NOT-FOR-US: Reolink +CVE-2021-40403 (An information disclosure vulnerability exists in the pick-and-place r ...) + {DSA-5306-1 DLA-3210-1} + - gerbv 2.9.2-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1417 + NOTE: https://github.com/gerbv/gerbv/issues/82 + NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/c32c6f9c0b5d3b0ecc33de21d8532de6c2df5878 (v2.9.1-rc.1) +CVE-2021-40402 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...) + - gerbv (unimportant) + NOTE: https://github.com/gerbv/gerbv/issues/80 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1416 + NOTE: Crash in GUI tool, no security impact +CVE-2021-40401 (A use-after-free vulnerability exists in the RS-274X aperture definiti ...) + {DSA-5306-1 DLA-3210-1} + - gerbv 2.9.2-1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415 + NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/68ee18945bcf68ff964c42f12af79c5c0e2f4069 (v2.9.0-rc.1) + NOTE: https://github.com/gerbv/gerbv/issues/81 +CVE-2021-40400 (An out-of-bounds read vulnerability exists in the RS-274X aperture mac ...) + - gerbv 2.9.2-1 (unimportant) + NOTE: https://github.com/gerbv/gerbv/issues/79 + NOTE: https://github.com/gerbv/gerbv/pull/124 + NOTE: Fixed by: https://github.com/gerbv/gerbv/commit/caa6560d5d683f827c672fd5e380f89a8ef632b6 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1413 + NOTE: Crash in GUI tool, no security impact +CVE-2021-40399 (An exploitable use-after-free vulnerability exists in WPS Spreadsheets ...) + NOT-FOR-US: WPS Office +CVE-2021-40398 (An out-of-bounds write vulnerability exists in the parse_raster_data f ...) + NOT-FOR-US: Accusoft ImageGear +CVE-2021-40397 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40396 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40395 + REJECTED +CVE-2021-40394 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) + {DSA-5306-1 DLA-3593-1} + - gerbv 2.8.1-1 + [stretch] - gerbv (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1405 + NOTE: https://github.com/advisories/GHSA-936x-jwpc-5p28 + NOTE: https://github.com/gerbv/gerbv/commit/8d7e005f8783d92de74192af21303619bef7541f (v2.8.1-rc.1) +CVE-2021-40393 (An out-of-bounds write vulnerability exists in the RS-274X aperture ma ...) + {DSA-5306-1 DLA-3593-1} + - gerbv 2.8.2-1 + [stretch] - gerbv (Minor issue) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1404 + NOTE: https://github.com/advisories/GHSA-w67q-2hr6-7cjf + NOTE: https://github.com/gerbv/gerbv/commit/4d12b696aed19fbcc115fe83aa7597b7c42ba8d6 (v2.8.2-rc.1) +CVE-2021-40392 (An information disclosure vulnerability exists in the Web Application ...) + NOT-FOR-US: Moxa +CVE-2021-40391 (An out-of-bounds write vulnerability exists in the drill format T-code ...) + {DLA-2839-1} + - gerbv 2.7.1-1 + [bullseye] - gerbv 2.7.0-2+deb11u1 + [buster] - gerbv 2.7.0-1+deb10u1 + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2021-1402 + NOTE: https://github.com/gerbv/gerbv/commit/9f83950b772b37b49ee188300e444546e6aab17e + NOTE: https://github.com/gerbv/gerbv/issues/30 +CVE-2021-40390 (An authentication bypass vulnerability exists in the Web Application f ...) + NOT-FOR-US: Moxa +CVE-2021-40389 (A privilege escalation vulnerability exists in the installation of Adv ...) + NOT-FOR-US: Advantech +CVE-2021-40388 (A privilege escalation vulnerability exists in Advantech SQ Manager Se ...) + NOT-FOR-US: Advantech +CVE-2021-40387 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) + NOT-FOR-US: Kaseya Unitrends Backup Software +CVE-2021-40386 (Kaseya Unitrends Client/Agent through 10.5,5 allows remote attackers t ...) + NOT-FOR-US: Kaseya Unitrends Agent +CVE-2021-40385 (An issue was discovered in the server software in Kaseya Unitrends Bac ...) + NOT-FOR-US: Kaseya Unitrends Backup Software +CVE-2021-40384 + RESERVED +CVE-2021-40383 + RESERVED +CVE-2021-40382 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40381 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40380 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40379 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40378 (An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_713052 ...) + NOT-FOR-US: Compro devices +CVE-2021-40377 (SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The ap ...) + NOT-FOR-US: SmarterTools +CVE-2021-40376 (otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM acce ...) + NOT-FOR-US: otris Update Manager +CVE-2021-40375 (Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the ...) + NOT-FOR-US: Apperta Foundation OpenEyes +CVE-2021-40374 (A stored cross-site scripting (XSS) vulnerability was identified in Ap ...) + NOT-FOR-US: Apperta Foundation OpenEyes +CVE-2021-40373 (playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP c ...) + NOT-FOR-US: playSMS +CVE-2021-40372 + RESERVED +CVE-2021-40371 (Gridpro Request Management for Windows Azure Pack before 2.0.7912 allo ...) + NOT-FOR-US: Gridpro Request Management for Windows Azure Pack +CVE-2021-40370 + RESERVED +CVE-2021-40369 (A carefully crafted plugin link invocation could trigger an XSS vulner ...) + - jspwiki +CVE-2021-40368 (A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 ...) + NOT-FOR-US: Siemens +CVE-2021-40367 + RESERVED +CVE-2021-40366 (A vulnerability has been identified in Climatix POL909 (AWB module) (A ...) + NOT-FOR-US: Siemens +CVE-2021-40365 (Affected devices don't process correctly certain special crafted packe ...) + NOT-FOR-US: Siemens +CVE-2021-40364 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) + NOT-FOR-US: Siemens +CVE-2021-40363 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) + NOT-FOR-US: Siemens +CVE-2021-40362 + RESERVED +CVE-2021-40361 + RESERVED +CVE-2021-40360 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) + NOT-FOR-US: Siemens +CVE-2021-40359 (A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), ...) + NOT-FOR-US: Siemens +CVE-2021-40358 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All version ...) + NOT-FOR-US: Siemens +CVE-2021-40357 (A vulnerability has been identified in Teamcenter Active Workspace V4. ...) + NOT-FOR-US: Siemens +CVE-2021-40356 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-40355 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-40354 (A vulnerability has been identified in Teamcenter V12.4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-3761 (Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitt ...) + {DSA-5041-1} + - cfrpki 1.3.0-1 (bug #994572) + NOTE: https://github.com/cloudflare/cfrpki/security/advisories/GHSA-c8xp-8mf3-62h9 + NOTE: https://github.com/cloudflare/cfrpki/commit/a8db4e009ef217484598ba1fd1c595b54e0f6422 +CVE-2021-3760 (A flaw was found in the Linux kernel. A use-after-free vulnerability i ...) + {DSA-5096-1 DLA-2941-1 DLA-2843-1} + - linux 5.14.16-1 (unimportant) + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/26/2 + NOTE: https://git.kernel.org/linus/1b1499a817c90fd1ce9453a2c98d2a01cca0e775 (5.15-rc6) + NOTE: CONFIG_NFC_NCI is not set in Debian +CVE-2021-40353 (A SQL injection vulnerability exists in version 8.0 of openSIS when My ...) + NOT-FOR-US: openSIS +CVE-2021-40352 (OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Re ...) + NOT-FOR-US: OpenEMR +CVE-2021-40351 + RESERVED +CVE-2021-40350 (webctrl.cgi.elf on Christie Digital DWU850-GS V06.46 devices allows at ...) + NOT-FOR-US: Christie Digital DWU850-GS V06.46 devices +CVE-2021-40349 (e7d Speed Test (aka speedtest) 0.5.3 allows a path-traversal attack th ...) + NOT-FOR-US: e7d Speed Test +CVE-2021-40348 (Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code inj ...) + NOT-FOR-US: Uyuni / Spacewalk (Red Hat) +CVE-2021-40347 (An issue was discovered in views/list.py in GNU Mailman Postorius befo ...) + {DSA-4970-1} + - postorius 1.3.5-1 (bug #993746) + NOTE: https://gitlab.com/mailman/postorius/-/commit/3d880c56b58bc26b32eac0799407d74b64b7474b + NOTE: https://phabricator.wikimedia.org/T289798 +CVE-2021-40346 (An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_heade ...) + {DSA-4968-1} + - haproxy 2.2.16-3 + [buster] - haproxy (Vulnerable code not present) + [stretch] - haproxy (Vulnerable code not present) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41114.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=3b69886f7dcc3cfb3d166309018e6cfec9ce2c95 +CVE-2021-40345 (An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets sec ...) + NOT-FOR-US: Nagios XI +CVE-2021-40344 (An issue was discovered in Nagios XI 5.8.5. In the Custom Includes sec ...) + NOT-FOR-US: Nagios XI +CVE-2021-40343 (An issue was discovered in Nagios XI 5.8.5. Insecure file permissions ...) + NOT-FOR-US: Nagios XI +CVE-2021-40342 (In the DES implementation, the affected product versions use a default ...) + NOT-FOR-US: Hitachi +CVE-2021-40341 (DES cipher, which has inadequate encryption strength, is used Hitachi ...) + NOT-FOR-US: Hitachi +CVE-2021-40340 (Information Exposure vulnerability in Hitachi Energy LinkOne applicati ...) + NOT-FOR-US: Hitachi +CVE-2021-40339 (Configuration vulnerability in Hitachi Energy LinkOne application due ...) + NOT-FOR-US: Hitachi +CVE-2021-40338 (Hitachi Energy LinkOne product, has a vulnerability due to a web serve ...) + NOT-FOR-US: Hitachi +CVE-2021-40337 (Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne all ...) + NOT-FOR-US: Hitachi +CVE-2021-40336 (A vulnerability exists in the http web interface where the web interfa ...) + NOT-FOR-US: Hitachi +CVE-2021-40335 (A vulnerability exists in the HTTP web interface where the web interfa ...) + NOT-FOR-US: Hitachi +CVE-2021-40334 (Missing Handler vulnerability in the proprietary management protocol ( ...) + NOT-FOR-US: Hitachi +CVE-2021-40333 (Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM ...) + NOT-FOR-US: Hitachi +CVE-2021-40332 + RESERVED +CVE-2021-3759 (A memory overflow vulnerability was found in the Linux kernel\u2019s i ...) + {DLA-3244-1} + - linux 5.15.3-1 + [bullseye] - linux 5.10.158-1 + NOTE: https://lore.kernel.org/linux-mm/1626333284-1404-1-git-send-email-nglaive@gmail.com/ +CVE-2021-3758 (bookstack is vulnerable to Server-Side Request Forgery (SSRF)) + NOT-FOR-US: bookstack +CVE-2021-3757 (immer is vulnerable to Improperly Controlled Modification of Object Pr ...) + NOT-FOR-US: Node immer + NOTE: https://github.com/immerjs/immer +CVE-2021-40331 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Apache Ranger +CVE-2021-3756 (libmysofa is vulnerable to Heap-based Buffer Overflow) + - libmysofa 1.2.1~dfsg0-1 + [bullseye] - libmysofa (Minor issue) + [buster] - libmysofa (Minor issue) + NOTE: https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/ + NOTE: https://github.com/hoene/libmysofa/commit/890400ebd092c574707d0c132124f8ff047e20e1 (v1.2.1) +CVE-2021-3755 + REJECTED +CVE-2021-3754 (A flaw was found in keycloak where an attacker is able to register him ...) + NOT-FOR-US: Keycloak +CVE-2021-3753 (A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/2287a51ba822384834dafc1c798453375d1107c7 +CVE-2021-3752 (A use-after-free flaw was found in the Linux kernel\u2019s Bluetooth s ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/4 +CVE-2021-40330 (git_connect_git in connect.c in Git before 2.30.1 allows a repository ...) + {DLA-3145-1} + - git 1:2.30.1-1 + [bullseye] - git (Minor issue) + [stretch] - git (Minor issue) + NOTE: https://github.com/git/git/commit/a02ea577174ab8ed18f847cf1693f213e0b9c473 +CVE-2021-40329 (The Authentication API in Ping Identity PingFederate before 10.3 misha ...) + NOT-FOR-US: Ping Identity PingFederate +CVE-2021-3751 (libmobi is vulnerable to Out-of-bounds Write) + - libmobi (Fixed before initial upload to Debian) + NOTE: https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769/ + NOTE: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b (v0.7) +CVE-2021-40328 + RESERVED +CVE-2021-40327 (Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incor ...) + NOT-FOR-US: Trusted Firmware-M (TF-M) +CVE-2021-40326 (Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPD ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-40325 (Cobbler before 3.3.0 allows authorization bypass for modification of s ...) + - cobbler +CVE-2021-40324 (Cobbler before 3.3.0 allows arbitrary file write operations via upload ...) + - cobbler +CVE-2021-40323 (Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code E ...) + - cobbler +CVE-2021-40322 + RESERVED +CVE-2021-40321 + RESERVED +CVE-2021-40320 + RESERVED +CVE-2021-3750 (A DMA reentrancy issue was found in the USB EHCI controller emulation ...) + - qemu 1:7.0+dfsg-1 + [bullseye] - qemu (Minor issue) + [buster] - qemu (Minor issue, follow bullseye updates) + [stretch] - qemu (Minor issue, follow bullseye updates) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/541 + NOTE: Fix for whole class of DMA MMIO reentrancy issues: https://gitlab.com/qemu-project/qemu/-/issues/556 + NOTE: Patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-12/msg02356.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9d383ab797f54ae5fa8746117770709921dc529 (v7.0.0-rc0) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/58e74682baf4e1ad26b064d8c02e5bc99c75c5d9 (v7.0.0-rc1) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/3ab6fdc91b72e156da22848f0003ff4225690ced (v7.0.0-rc1) + NOTE: Possibly incomplete patch set: https://gitlab.com/qemu-project/qemu/-/issues/541#note_1179940468 + NOTE: Final fix: https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380 (v8.1.0-rc0) +CVE-2021-3749 (axios is vulnerable to Inefficient Regular Expression Complexity) + - node-axios 0.21.3+dfsg-1 + [bullseye] - node-axios 0.21.1+dfsg-1+deb11u1 + [buster] - node-axios 0.17.1+dfsg-2+deb10u1 + NOTE: https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31/ + NOTE: https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929 + NOTE: https://github.com/axios/axios/pull/3980 +CVE-2021-3748 (A use-after-free vulnerability was found in the virtio-net device of Q ...) + {DSA-4980-1 DLA-3099-1 DLA-2970-1} + - qemu 1:6.1+dfsg-6 (bug #993401) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1998514 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/bedd7e93d01961fcb16a97ae45d93acf357e11f6 (v6.2.0-rc0) + NOTE: When fixing this issue make sure to not open CVE-2022-26353 +CVE-2021-40319 + RESERVED +CVE-2021-40318 + RESERVED +CVE-2021-40317 (Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.p ...) + - piwigo +CVE-2021-40316 + RESERVED +CVE-2021-40315 + RESERVED +CVE-2021-40314 + RESERVED +CVE-2021-40313 (Piwigo v11.5 was discovered to contain a SQL injection vulnerability v ...) + - piwigo +CVE-2021-40312 + RESERVED +CVE-2021-40311 + RESERVED +CVE-2021-40310 (OpenSIS Community Edition version 8.0 is affected by a cross-site scri ...) + NOT-FOR-US: OpenSIS +CVE-2021-40309 (A SQL injection vulnerability exists in the Take Attendance functional ...) + NOT-FOR-US: OpenSIS +CVE-2021-40308 + RESERVED +CVE-2021-40307 + RESERVED +CVE-2021-40306 + RESERVED +CVE-2021-40305 + RESERVED +CVE-2021-40304 + RESERVED +CVE-2021-40303 (perfex crm 1.10 is vulnerable to Cross Site Scripting (XSS) via /clien ...) + NOT-FOR-US: perfex crm +CVE-2021-40302 + RESERVED +CVE-2021-40301 + RESERVED +CVE-2021-40300 + RESERVED +CVE-2021-40299 + RESERVED +CVE-2021-40298 + RESERVED +CVE-2021-40297 + RESERVED +CVE-2021-40296 + RESERVED +CVE-2021-40295 + RESERVED +CVE-2021-40294 + RESERVED +CVE-2021-40293 + RESERVED +CVE-2021-40292 (A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2 ...) + NOT-FOR-US: DzzOffice +CVE-2021-40291 + RESERVED +CVE-2021-40290 + RESERVED +CVE-2021-40289 (mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).) + NOT-FOR-US: mm-wki +CVE-2021-40288 (A denial-of-service attack in WPA2, and WPA3-SAE authentication method ...) + NOT-FOR-US: TP-Link +CVE-2021-40287 + RESERVED +CVE-2021-40286 + RESERVED +CVE-2021-40285 (htmly v2.8.1 was discovered to contain an arbitrary file deletion vuln ...) + NOT-FOR-US: htmly +CVE-2021-40284 (D-Link DSL-3782 EU v1.01:EU v1.03 is affected by a buffer overflow whi ...) + NOT-FOR-US: D-Link +CVE-2021-40283 + RESERVED +CVE-2021-40282 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40281 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40280 (An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 ...) + NOT-FOR-US: zzcms +CVE-2021-40279 (An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 202 ...) + NOT-FOR-US: zzcms +CVE-2021-40278 + RESERVED +CVE-2021-40277 + RESERVED +CVE-2021-40276 + RESERVED +CVE-2021-40275 + RESERVED +CVE-2021-40274 + RESERVED +CVE-2021-40273 + RESERVED +CVE-2021-40272 (OP5 Monitor 8.3.1, 8.3.2, and OP5 8.3.3 are vulnerable to Cross Site S ...) + NOT-FOR-US: OP5 Monitor +CVE-2021-40271 + RESERVED +CVE-2021-40270 + RESERVED +CVE-2021-40269 + RESERVED +CVE-2021-40268 + RESERVED +CVE-2021-40267 + RESERVED +CVE-2021-40266 (FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...) + - freeimage (bug #1055305) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/bugs/334/ +CVE-2021-40265 (A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...) + - freeimage (bug #1055304) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/bugs/337/ +CVE-2021-40264 (NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...) + - freeimage (bug #1055303) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/bugs/335/ +CVE-2021-40263 (A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...) + - freeimage (bug #1055302) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/bugs/336/ +CVE-2021-40262 (A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...) + - freeimage (bug #1055301) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/bugs/338/ +CVE-2021-40261 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) + NOT-FOR-US: SourceCodester +CVE-2021-40260 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCod ...) + NOT-FOR-US: SourceCodester +CVE-2021-40259 + RESERVED +CVE-2021-40258 + RESERVED +CVE-2021-40257 + RESERVED +CVE-2021-40256 + RESERVED +CVE-2021-40255 + RESERVED +CVE-2021-40254 + RESERVED +CVE-2021-40253 + RESERVED +CVE-2021-40252 + RESERVED +CVE-2021-40251 + RESERVED +CVE-2021-40250 + RESERVED +CVE-2021-40249 + RESERVED +CVE-2021-40248 + RESERVED +CVE-2021-40247 (SQL injection vulnerability in Sourcecodester Budget and Expense Track ...) + NOT-FOR-US: Sourcecodester +CVE-2021-40246 + RESERVED +CVE-2021-40245 + RESERVED +CVE-2021-40244 + RESERVED +CVE-2021-40243 + RESERVED +CVE-2021-40242 + RESERVED +CVE-2021-40241 (xfig 3.2.7 is vulnerable to Buffer Overflow.) + {DLA-3353-1} + - xfig 1:3.2.8a-1 (unimportant; bug #992395) + [bullseye] - xfig 1:3.2.8-3+deb11u1 + NOTE: https://sourceforge.net/p/mcj/tickets/136/ + NOTE: No security impact +CVE-2021-40240 + RESERVED +CVE-2021-40239 (A Buffer Overflow vulnerability exists in the latest version of Minift ...) + NOT-FOR-US: Miniftpd +CVE-2021-40238 (A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel ...) + NOT-FOR-US: Webuzo +CVE-2021-40237 + RESERVED +CVE-2021-40236 + RESERVED +CVE-2021-40235 + RESERVED +CVE-2021-40234 + RESERVED +CVE-2021-40233 + RESERVED +CVE-2021-40232 + RESERVED +CVE-2021-40231 + RESERVED +CVE-2021-40230 + RESERVED +CVE-2021-40229 + RESERVED +CVE-2021-40228 + RESERVED +CVE-2021-40227 + RESERVED +CVE-2021-40226 (xpdfreader 4.03 is vulnerable to Buffer Overflow.) + - poppler (pdftopng not part of Poppler) +CVE-2021-40225 + RESERVED +CVE-2021-40224 + RESERVED +CVE-2021-40223 (Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitiz ...) + NOT-FOR-US: Rittal CMC PU III Web management +CVE-2021-40222 (Rittal CMC PU III Web management Version affected: V3.11.00_2. Version ...) + NOT-FOR-US: Rittal CMC PU III Web management +CVE-2021-40221 + RESERVED +CVE-2021-40220 + RESERVED +CVE-2021-40219 (Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme r ...) + NOT-FOR-US: Bolt CMS +CVE-2021-40218 + RESERVED +CVE-2021-40217 + RESERVED +CVE-2021-40216 + RESERVED +CVE-2021-40215 + RESERVED +CVE-2021-40214 (Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wal ...) + NOT-FOR-US: GibbonEdu/core +CVE-2021-40213 + RESERVED +CVE-2021-40212 (An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.2152 ...) + NOT-FOR-US: PotPlayer +CVE-2021-40211 (An issue was discovered with ImageMagick 7.1.0-4 via Division by zero ...) + - imagemagick 8:6.9.11.60+dfsg-1.5 + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick 8:6.9.10.23+dfsg-2.1+deb10u5 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/4097 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0fb77f2a231038efdc38dcceddae6952ebdfb000 (7.1.0-5) + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/450949ed017f009b399c937cf362f0058eacc5fa#diff-9509dd2616f8c0aab419100d616e5e926099cc61bdfde60f2ae408f02f43472a (6.9.12-43) + NOTE: Included in fix for CVE-2022-32545 in 8:6.9.11.60+dfsg-1.5 +CVE-2021-40210 + RESERVED +CVE-2021-40209 + RESERVED +CVE-2021-40208 + RESERVED +CVE-2021-40207 + RESERVED +CVE-2021-40206 + RESERVED +CVE-2021-40205 + RESERVED +CVE-2021-40204 + RESERVED +CVE-2021-40203 + RESERVED +CVE-2021-40202 + RESERVED +CVE-2021-40201 + RESERVED +CVE-2021-40200 + RESERVED +CVE-2021-40199 + RESERVED +CVE-2021-40198 + RESERVED +CVE-2021-40197 + RESERVED +CVE-2021-40196 + RESERVED +CVE-2021-40195 + RESERVED +CVE-2021-40194 + RESERVED +CVE-2021-40193 + RESERVED +CVE-2021-40192 + RESERVED +CVE-2021-40191 (Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due ...) + NOT-FOR-US: Dzzoffice +CVE-2021-40190 + RESERVED +CVE-2021-40189 (PHPFusion 9.03.110 is affected by a remote code execution vulnerabilit ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40188 (PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerabili ...) + NOT-FOR-US: PHP-Fusion +CVE-2021-40187 + RESERVED +CVE-2021-40186 (The AppCheck research team identified a Server-Side Request Forgery (S ...) + NOT-FOR-US: DNN +CVE-2021-40185 + RESERVED +CVE-2021-40184 + RESERVED +CVE-2021-40183 + RESERVED +CVE-2021-40182 + RESERVED +CVE-2021-40181 + RESERVED +CVE-2021-40180 (In the WeChat application 8.0.10 for Android and iOS, a mini program c ...) + NOT-FOR-US: WeChat +CVE-2021-40179 + RESERVED +CVE-2021-40178 (Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the L ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40177 (Zoho ManageEngine Log360 before Build 5225 allows remote code executio ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40176 (Zoho ManageEngine Log360 before Build 5225 allows stored XSS.) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40175 (Zoho ManageEngine Log360 before Build 5219 allows unrestricted file up ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40174 (Zoho ManageEngine Log360 before Build 5224 allows a CSRF attack for di ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40173 (Zoho ManageEngine Cloud Security Plus before Build 4117 allows a CSRF ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40172 (Zoho ManageEngine Log360 before Build 5219 allows a CSRF attack on pro ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-40171 (The absence of notifications regarding an ongoing RF jamming attack in ...) + NOT-FOR-US: SecuritasHome home alarm system +CVE-2021-40170 (An RF replay attack vulnerability in the SecuritasHome home alarm syst ...) + NOT-FOR-US: SecuritasHome home alarm system +CVE-2021-40169 + RESERVED +CVE-2021-40168 + RESERVED +CVE-2021-40167 (A malicious crafted dwf or .pct file when consumed through DesignRevie ...) + NOT-FOR-US: Autodesk +CVE-2021-40166 (A maliciously crafted PNG file in Autodesk Image Processing component ...) + NOT-FOR-US: Autodesk +CVE-2021-40165 (A maliciously crafted TIFF, PICT, TGA, or RLC file in Autodesk Image P ...) + NOT-FOR-US: Autodesk +CVE-2021-40164 (A heap-based buffer overflow could occur while parsing TIFF, PICT, TGA ...) + NOT-FOR-US: Autodesk +CVE-2021-40163 (A Memory Corruption vulnerability may lead to code execution through m ...) + NOT-FOR-US: Autodesk +CVE-2021-40162 (A maliciously crafted TIF, PICT, TGA, or RLC files in Autodesk Image P ...) + NOT-FOR-US: Autodesk +CVE-2021-40161 (A Memory Corruption vulnerability may lead to code execution through m ...) + NOT-FOR-US: Autodesk +CVE-2021-40160 (PDFTron prior to 9.0.7 version may be forced to read beyond allocated ...) + NOT-FOR-US: Autodesk +CVE-2021-40159 (An Information Disclosure vulnerability for JT files in Autodesk Inven ...) + NOT-FOR-US: Autodesk +CVE-2021-40158 (A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2 ...) + NOT-FOR-US: Autodesk +CVE-2021-40157 (A user may be tricked into opening a malicious FBX file which may expl ...) + NOT-FOR-US: Autodesk +CVE-2021-40156 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) + NOT-FOR-US: Autodesk +CVE-2021-40155 (A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021 ...) + NOT-FOR-US: Autodesk +CVE-2021-3747 (The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, acciden ...) + NOT-FOR-US: Multipass +CVE-2021-40154 (NXP LPC55S69 devices before A3 have a buffer over-read via a crafted w ...) + NOT-FOR-US: NXP LPC55S69 devices +CVE-2021-40152 + RESERVED +CVE-2021-40151 + RESERVED +CVE-2021-3746 (A flaw was found in the libtpms code that may cause access beyond the ...) + - libtpms 0.9.1-1 + NOTE: https://github.com/stefanberger/libtpms/commit/1fb6cd9b8df05b5d6e381b31215193d6ada969df (v0.6.6) + NOTE: https://github.com/stefanberger/libtpms/commit/ea62fd9679f8c6fc5e79471b33cfbd8227bfed72 (v0.6.6) + NOTE: https://github.com/stefanberger/libtpms/commit/aaef222e8682cc2e0f9ea7124220c5fe44fab62b (v0.8.5) + NOTE: https://github.com/stefanberger/libtpms/commit/33a03986e0a09dde439985e0312d1c8fb3743aab (v0.8.5) + NOTE: https://github.com/stefanberger/libtpms/commit/034a5c02488cf7f0048e130177fc71c9e626e135 (v0.9.0) + NOTE: https://github.com/stefanberger/libtpms/commit/17255da54cf8354d02369f1323dc50cfb87e2bf4 (v0.9.0) +CVE-2021-3745 (flatcore-cms is vulnerable to Unrestricted Upload of File with Dangero ...) + NOT-FOR-US: flatcore-cms +CVE-2021-3744 (A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gc ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.12-1 + [bullseye] - linux 5.10.84-1 + [stretch] - linux (Vulnerability introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2000627 + NOTE: https://git.kernel.org/linus/505d9dcb0f7ddf9d075e729523a33d38642ae680 (5.15-rc4) +CVE-2021-40153 (squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the file ...) + {DSA-4967-1 DLA-2752-1} + [experimental] - squashfs-tools 1:4.5-1 + - squashfs-tools 1:4.5-2 + NOTE: https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790 + NOTE: https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646 (4.5) + NOTE: https://github.com/plougher/squashfs-tools/issues/72 +CVE-2021-40150 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its c ...) + NOT-FOR-US: E1 Zoom camera +CVE-2021-40149 (The web server of the E1 Zoom camera through 3.0.0.716 discloses its S ...) + NOT-FOR-US: E1 Zoom camera +CVE-2021-40148 (In Modem EMM, there is a possible information disclosure due to a miss ...) + NOT-FOR-US: Mediatek components for Android +CVE-2021-3743 (An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC ...) + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://lists.openwall.net/netdev/2021/08/17/124 + NOTE: https://git.kernel.org/linus/7e78c597c3ebfd0cb329aa09a838734147e4f117 +CVE-2021-3742 + RESERVED +CVE-2021-3741 + RESERVED +CVE-2021-3740 + RESERVED +CVE-2021-40147 (EmTec ZOC before 8.02.2 allows \e[201~ pastes, a different vulnerabili ...) + NOT-FOR-US: EmTec ZOC +CVE-2021-40146 (A Remote Code Execution (RCE) vulnerability was discovered in the Any2 ...) + NOT-FOR-US: Apache Any23 +CVE-2021-3738 (In DCE/RPC it is possible to share the handles (cookies for resource s ...) + {DSA-5003-1} + - samba 2:4.13.14+dfsg-1 + [buster] - samba (Minor issue; affects Samba as AD DC) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14468 + NOTE: https://www.samba.org/samba/security/CVE-2021-3738.html +CVE-2021-3737 (A flaw was found in python. An improperly handled HTTP response in the ...) + {DLA-3477-1 DLA-3432-1 DLA-2808-1} + [experimental] - python3.9 3.9.6-1 + - python3.9 3.9.7-1 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python3.5 + - python3.4 + - python2.7 + [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + NOTE: https://bugs.python.org/issue44022 + NOTE: https://github.com/python/cpython/pull/25916 + NOTE: https://github.com/python/cpython/pull/26503 + NOTE: https://github.com/python/cpython/commit/60ba0b68470a584103e28958d91e93a6db37ec92 (v3.10.0b2) + NOTE: https://github.com/python/cpython/commit/ea9327036680acc92d9f89eaf6f6a54d2f8d78d9 (v3.9.6) + NOTE: https://github.com/python/cpython/commit/f396864ddfe914531b5856d7bf852808ebfc01ae (v3.8.11) + NOTE: https://github.com/python/cpython/commit/078b146f062d212919d0ba25e34e658a8234aa63 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/f68d2d69f1da56c2aea1293ecf93ab69a6010ad7 (v3.6.14) + NOTE: Needs the "Improve the regression test" followup: + NOTE: https://github.com/python/cpython/commit/98e5a7975d99b58d511f171816ecdfb13d5cca18 (v3.10.0b3) + NOTE: https://github.com/python/cpython/commit/5df4abd6b033a5f1e48945c6988b45e35e76f647 (v3.9.6) + NOTE: https://github.com/python/cpython/commit/0389426fa4af4dfc8b1d7f3f291932d928392d8b (3.8 branch) + NOTE: https://github.com/python/cpython/commit/fee96422e6f0056561cf74fef2012cc066c9db86 (v3.7.11) + NOTE: https://github.com/python/cpython/commit/1b6f4e5e13ebd1f957b47f7415b53d0869bdbac6 (v3.6.14 +CVE-2021-3736 (A flaw was found in the Linux kernel. A memory leak problem was found ...) + - linux 5.14.6-1 (unimportant) + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570 +CVE-2021-40145 (gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (aka LibGD) throu ...) + - libgd2 2.3.3-1 (unimportant) + NOTE: https://github.com/libgd/libgd/issues/700 + NOTE: https://github.com/libgd/libgd/pull/713 + NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af + NOTE: Negligible security impact +CVE-2021-40144 + RESERVED +CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...) + NOT-FOR-US: Sonatype +CVE-2021-40142 (In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, re ...) + NOT-FOR-US: OPC Foundation Local Discovery Server (LDS) +CVE-2021-40141 + RESERVED +CVE-2021-40140 + RESERVED +CVE-2021-40139 + RESERVED +CVE-2021-40138 + RESERVED +CVE-2021-40137 + RESERVED +CVE-2021-40136 + RESERVED +CVE-2021-40135 + RESERVED +CVE-2021-40134 + RESERVED +CVE-2021-40133 + RESERVED +CVE-2021-40132 + RESERVED +CVE-2021-40131 (A vulnerability in the web-based management interface of Cisco Common ...) + NOT-FOR-US: Cisco +CVE-2021-40130 (A vulnerability in the web application of Cisco Common Services Platfo ...) + NOT-FOR-US: Cisco +CVE-2021-40129 (A vulnerability in the configuration dashboard of Cisco Common Service ...) + NOT-FOR-US: Cisco +CVE-2021-40128 (A vulnerability in the account activation feature of Cisco Webex Meeti ...) + NOT-FOR-US: Cisco +CVE-2021-40127 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2021-40126 (A vulnerability in the web-based dashboard of Cisco Umbrella could all ...) + NOT-FOR-US: Cisco +CVE-2021-40125 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...) + NOT-FOR-US: Cisco +CVE-2021-40124 (A vulnerability in the Network Access Manager (NAM) module of Cisco An ...) + NOT-FOR-US: Cisco +CVE-2021-40123 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-40122 (A vulnerability in an API of the Call Bridge feature of Cisco Meeting ...) + NOT-FOR-US: Cisco +CVE-2021-40121 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-40120 (A vulnerability in the web-based management interface of certain Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-40119 (A vulnerability in the key-based SSH authentication mechanism of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-40118 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-40117 (A vulnerability in SSL/TLS message handler for Cisco Adaptive Security ...) + NOT-FOR-US: Cisco +CVE-2021-40116 (Multiple Cisco products are affected by a vulnerability in Snort rules ...) + NOT-FOR-US: Cisco +CVE-2021-40115 (A vulnerability in Cisco Webex Video Mesh could allow an unauthenticat ...) + NOT-FOR-US: Cisco +CVE-2021-40114 (Multiple Cisco products are affected by a vulnerability in the way the ...) + {DSA-5354-1 DLA-3317-1} + - snort (bug #1021276) + NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-s2R7W9UU +CVE-2021-40113 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-40112 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-40111 (In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we ...) + NOT-FOR-US: Apache James +CVE-2021-40110 (In Apache James, using Jazzer fuzzer, we identified that an IMAP user ...) + NOT-FOR-US: Apache James +CVE-2021-40109 (A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can a ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40108 (An issue was discovered in Concrete CMS through 8.5.5. The Calendar is ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40107 + RESERVED +CVE-2021-40106 (An issue was discovered in Concrete CMS through 8.5.5. There is unauth ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40105 (An issue was discovered in Concrete CMS through 8.5.5. There is XSS vi ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40104 (An issue was discovered in Concrete CMS through 8.5.5. There is an SVG ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40103 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40102 (An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40101 (An issue was discovered in Concrete CMS before 8.5.7. The Dashboard al ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40100 (An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40099 (An issue was discovered in Concrete CMS through 8.5.5. Fetching the up ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40098 (An issue was discovered in Concrete CMS through 8.5.5. Path Traversal ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40097 (An issue was discovered in Concrete CMS through 8.5.5. Authenticated p ...) + NOT-FOR-US: Concrete CMS +CVE-2021-40096 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40095 (An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40094 (A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. I ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40093 (A cross-site scripting (XSS) vulnerability in integration configuratio ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40092 (A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp ...) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40091 (An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654.) + NOT-FOR-US: SquaredUp for SCOM +CVE-2021-40090 + RESERVED +CVE-2021-40089 (An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Pu ...) + NOT-FOR-US: PrimeKey +CVE-2021-40088 (An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode ca ...) + NOT-FOR-US: PrimeKey +CVE-2021-40087 (An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit log ...) + NOT-FOR-US: PrimeKey +CVE-2021-40086 (An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the ...) + NOT-FOR-US: PrimeKey +CVE-2021-40085 (An issue was discovered in OpenStack Neutron before 16.4.1, 17.x befor ...) + {DSA-4983-1 DLA-3027-1} + - neutron 2:18.1.0-3 (bug #993398) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/31/2 + NOTE: https://launchpad.net/bugs/1939733 +CVE-2021-40082 + RESERVED +CVE-2021-40081 + RESERVED +CVE-2021-3739 (A NULL pointer dereference flaw was found in the btrfs_rm_device funct ...) + {DSA-4978-1} + - linux 5.14.6-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/25/3 +CVE-2021-3735 (A deadlock issue was found in the AHCI controller device of QEMU. It o ...) + - qemu (bug #1014767) + [bookworm] - qemu (Minor issue, revisit when fixed upstream) + [bullseye] - qemu (Minor issue, revisit when fixed upstream) + [buster] - qemu (Minor issue, waiting for patch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1997184 + NOTE: No upstream patch as of 2023-03-09 +CVE-2021-40083 (Knot Resolver before 5.3.2 is prone to an assertion failure, triggerab ...) + [experimental] - knot-resolver 5.4.1-1 + - knot-resolver 5.4.1-2 (bug #991463) + [bullseye] - knot-resolver 5.3.1-1+deb11u1 + [buster] - knot-resolver (Vulnerable code introduced later) + NOTE: https://gitlab.nic.cz/knot/knot-resolver/-/merge_requests/1169 + NOTE: Introduced by https://gitlab.nic.cz/knot/knot-resolver/-/commit/7107faebc72c14c864622128a20a9b39fe94d733 (5.3.1) +CVE-2021-3734 (yourls is vulnerable to Improper Restriction of Rendered UI Layers or ...) + NOT-FOR-US: yourls +CVE-2021-40080 + RESERVED +CVE-2021-40079 + RESERVED +CVE-2021-40078 + RESERVED +CVE-2021-40077 + RESERVED +CVE-2021-40076 + RESERVED +CVE-2021-40075 + RESERVED +CVE-2021-40074 + RESERVED +CVE-2021-40073 + RESERVED +CVE-2021-40072 + RESERVED +CVE-2021-40071 + RESERVED +CVE-2021-40070 + RESERVED +CVE-2021-40069 + RESERVED +CVE-2021-40068 + RESERVED +CVE-2021-40067 (The access controls on the Mobility read-write API improperly validate ...) + NOT-FOR-US: Mobility +CVE-2021-40066 (The access controls on the Mobility read-only API improperly validate ...) + NOT-FOR-US: Mobility +CVE-2021-40065 (The communication module has a service logic error vulnerability.Succe ...) + NOT-FOR-US: Harmony OS +CVE-2021-40064 (There is a heap-based buffer overflow vulnerability in system componen ...) + NOT-FOR-US: Huawei +CVE-2021-40063 (There is an improper access control vulnerability in the video module. ...) + NOT-FOR-US: Huawei +CVE-2021-40062 (There is a vulnerability of copying input buffer without checking its ...) + NOT-FOR-US: Huawei +CVE-2021-40061 (There is a vulnerability of accessing resources using an incompatible ...) + NOT-FOR-US: Huawei +CVE-2021-40060 (There is a heap-based buffer overflow vulnerability in the video frame ...) + NOT-FOR-US: Huawei +CVE-2021-40059 (There is a permission control vulnerability in the Wi-Fi module. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-40058 (There is a heap-based buffer overflow vulnerability in the video frame ...) + NOT-FOR-US: Huawei +CVE-2021-40057 (There is a heap-based and stack-based buffer overflow vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2021-40056 (There is a vulnerability of copying input buffer without checking its ...) + NOT-FOR-US: Huawei +CVE-2021-40055 (There is a man-in-the-middle attack vulnerability during system update ...) + NOT-FOR-US: Huawei +CVE-2021-40054 (There is an integer underflow vulnerability in the atcmdserver module. ...) + NOT-FOR-US: Huawei +CVE-2021-40053 (There is a permission control vulnerability in the Nearby module.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-40052 (There is an incorrect buffer size calculation vulnerability in the vid ...) + NOT-FOR-US: Huawei +CVE-2021-40051 (There is an unauthorized access vulnerability in system components. Su ...) + NOT-FOR-US: Huawei +CVE-2021-40050 (There is an out-of-bounds read vulnerability in the IFAA module. Succe ...) + NOT-FOR-US: Huawei +CVE-2021-40049 (There is a permission control vulnerability in the PMS module. Success ...) + NOT-FOR-US: Huawei +CVE-2021-40048 (There is an incorrect buffer size calculation vulnerability in the vid ...) + NOT-FOR-US: Huawei +CVE-2021-40047 (There is a vulnerability of memory not being released after effective ...) + NOT-FOR-US: Huawei +CVE-2021-40046 (PCManager versions 11.1.1.95 has a privilege escalation vulnerability. ...) + NOT-FOR-US: Huawei +CVE-2021-40045 (There is a vulnerability of signature verification mechanism failure i ...) + NOT-FOR-US: Huawei +CVE-2021-40044 (There is a permission verification vulnerability in the Bluetooth modu ...) + NOT-FOR-US: Huawei +CVE-2021-40043 (The laser command injection vulnerability exists on AIS-BW80H-00 versi ...) + NOT-FOR-US: Huawei +CVE-2021-40042 (There is a release of invalid pointer vulnerability in some Huawei pro ...) + NOT-FOR-US: Huawei +CVE-2021-40041 (There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n pr ...) + NOT-FOR-US: Huawei +CVE-2021-40040 (Vulnerability of writing data to an arbitrary address in the HW_KEYMAS ...) + NOT-FOR-US: Huawei +CVE-2021-40039 (There is a Null pointer dereference vulnerability in the camera module ...) + NOT-FOR-US: Huawei +CVE-2021-40038 (There is a Double free vulnerability in the AOD module in smartphones. ...) + NOT-FOR-US: Huawei +CVE-2021-40037 (There is a Vulnerability of accessing resources using an incompatible ...) + NOT-FOR-US: Huawei +CVE-2021-40036 (The bone voice ID TA has a memory overwrite vulnerability. Successful ...) + NOT-FOR-US: Huawei +CVE-2021-40035 (There is a Buffer overflow vulnerability due to a boundary error with ...) + NOT-FOR-US: Huawei +CVE-2021-40034 (The video framework has the memory overwriting vulnerability caused by ...) + NOT-FOR-US: Huawei +CVE-2021-40033 (There is an information exposure vulnerability on several Huawei Produ ...) + NOT-FOR-US: Huawei +CVE-2021-40032 (The bone voice ID TA has a vulnerability in information management,Suc ...) + NOT-FOR-US: Huawei +CVE-2021-40031 (There is a Null pointer dereference vulnerability in the camera module ...) + NOT-FOR-US: Huawei +CVE-2021-40030 (The My HUAWEI app has a defect in the design. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-40029 (There is a Buffer overflow vulnerability due to a boundary error with ...) + NOT-FOR-US: Huawei +CVE-2021-40028 (The eID module has an out-of-bounds memory write vulnerability,Success ...) + NOT-FOR-US: Huawei +CVE-2021-40027 (The bone voice ID TA has a vulnerability in calculating the buffer len ...) + NOT-FOR-US: Huawei +CVE-2021-40026 (There is a Heap-based buffer overflow vulnerability in the AOD module ...) + NOT-FOR-US: Huawei +CVE-2021-40025 (The eID module has a vulnerability that causes the memory to be used w ...) + NOT-FOR-US: Huawei +CVE-2021-40024 (Implementation of the WLAN module interfaces has the information discl ...) + NOT-FOR-US: Huawei +CVE-2021-40023 (Configuration defects in the secure OS module. Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-40022 (The weaver module has a vulnerability in parameter type verification,S ...) + NOT-FOR-US: Huawei +CVE-2021-40021 (The eID module has an out-of-bounds memory write vulnerability,Success ...) + NOT-FOR-US: Huawei +CVE-2021-40020 (There is an Out-of-bounds array read vulnerability in the security sto ...) + NOT-FOR-US: Huawei +CVE-2021-40019 (Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. Succ ...) + NOT-FOR-US: Huawei +CVE-2021-40018 (The eID module has a null pointer reference vulnerability. Successful ...) + NOT-FOR-US: Huawei +CVE-2021-40017 (The HW_KEYMASTER module lacks the validity check of the key format. Su ...) + NOT-FOR-US: Huawei +CVE-2021-40016 (Improper permission control vulnerability in the Bluetooth module.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-40015 (There is a race condition vulnerability in the binder driver subsystem ...) + NOT-FOR-US: Huawei +CVE-2021-40014 (The bone voice ID trusted application (TA) has a heap overflow vulnera ...) + NOT-FOR-US: Huawei +CVE-2021-40013 (Improper permission control vulnerability in the Bluetooth module.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-40012 (Vulnerability of pointers being incorrectly used during data transmiss ...) + NOT-FOR-US: Huawei +CVE-2021-40011 (There is an uncontrolled resource consumption vulnerability in the dis ...) + NOT-FOR-US: Huawei +CVE-2021-40010 (The bone voice ID TA has a heap overflow vulnerability.Successful expl ...) + NOT-FOR-US: Huawei +CVE-2021-40009 (There is an Out-of-bounds write vulnerability in the AOD module in sma ...) + NOT-FOR-US: Huawei +CVE-2021-40008 (There is a memory leak vulnerability in CloudEngine 12800 V200R019C00S ...) + NOT-FOR-US: Huawei +CVE-2021-40007 (There is an information leak vulnerability in eCNS280_TD V100R005C10SP ...) + NOT-FOR-US: Huawei +CVE-2021-40006 (Vulnerability of design defects in the security algorithm component. S ...) + NOT-FOR-US: Huawei +CVE-2021-40005 (The distributed data service component has a vulnerability in data acc ...) + NOT-FOR-US: Huawei +CVE-2021-40004 (The cellular module has a vulnerability in permission management. Succ ...) + NOT-FOR-US: Huawei +CVE-2021-40003 (HwPCAssistant has a path traversal vulnerability. Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2021-40002 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2021-40001 (The CaasKit module has a path traversal vulnerability. Successful expl ...) + NOT-FOR-US: Huawei +CVE-2021-40000 (The Bluetooth module has an out-of-bounds write vulnerability. Success ...) + NOT-FOR-US: Huawei +CVE-2021-39999 (There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SP ...) + NOT-FOR-US: Huawei +CVE-2021-39998 (There is Vulnerability of APIs being concurrently called for multiple ...) + NOT-FOR-US: Huawei +CVE-2021-39997 (There is a vulnerability of unstrict input parameter verification in t ...) + NOT-FOR-US: Huawei +CVE-2021-39996 (There is a Heap-based buffer overflow vulnerability with the NFC modul ...) + NOT-FOR-US: Huawei +CVE-2021-39995 (Some Huawei products use the OpenHpi software for hardware management. ...) + NOT-FOR-US: Huawei +CVE-2021-39994 (There is an arbitrary address access vulnerability with the product li ...) + NOT-FOR-US: Huawei +CVE-2021-39993 (There is an Integer overflow vulnerability with ACPU in smartphones. S ...) + NOT-FOR-US: Huawei +CVE-2021-39992 (There is an improper security permission configuration vulnerability o ...) + NOT-FOR-US: Huawei +CVE-2021-39991 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-39990 (The screen lock module has a Stack-based Buffer Overflow vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-39989 (The HwNearbyMain module has a Exposure of Sensitive Information to an ...) + NOT-FOR-US: Huawei +CVE-2021-39988 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) + NOT-FOR-US: Huawei +CVE-2021-39987 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-39986 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-39985 (The HwNearbyMain module has a Improper Validation of Array Index vulne ...) + NOT-FOR-US: Huawei +CVE-2021-39984 (Huawei idap module has a Out-of-bounds Read vulnerability.Successful e ...) + NOT-FOR-US: Huawei +CVE-2021-39983 (The HwNearbyMain module has a Data Processing Errors vulnerability.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-39982 (Phone Manager application has a Improper Privilege Management vulnerab ...) + NOT-FOR-US: Huawei +CVE-2021-39981 (Chang Lian application has a vulnerability which can be maliciously ex ...) + NOT-FOR-US: Huawei +CVE-2021-39980 (Telephony application has a Exposure of Sensitive Information to an Un ...) + NOT-FOR-US: Huawei +CVE-2021-39979 (HHEE system has a Code Injection vulnerability.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-39978 (Telephony application has a SQL Injection vulnerability.Successful exp ...) + NOT-FOR-US: Huawei +CVE-2021-39977 (The HwNearbyMain module has a NULL Pointer Dereference vulnerability.S ...) + NOT-FOR-US: Huawei +CVE-2021-39976 (There is a privilege escalation vulnerability in CloudEngine 5800 V200 ...) + NOT-FOR-US: Huawei +CVE-2021-39975 (Hilinksvc has a Data Processing Errors vulnerability.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-39974 (There is an Out-of-bounds read in Smartphones.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-39973 (There is a Null pointer dereference in Smartphones.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-39972 (MyHuawei-App has a Exposure of Sensitive Information to an Unauthorize ...) + NOT-FOR-US: Huawei +CVE-2021-39971 (Password vault has a External Control of System or Configuration Setti ...) + NOT-FOR-US: Huawei +CVE-2021-39970 (HwPCAssistant has a Improper Input Validation vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-39969 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-39968 (Changlian Blocklist has a Business Logic Errors vulnerability .Success ...) + NOT-FOR-US: Huawei +CVE-2021-39967 (There is a Vulnerability of obtaining broadcast information improperly ...) + NOT-FOR-US: Huawei +CVE-2021-39966 (There is an Uninitialized AOD driver structure in Smartphones.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-39965 + RESERVED +CVE-2021-39964 + RESERVED +CVE-2021-39963 + RESERVED +CVE-2021-39962 + RESERVED +CVE-2021-39961 + RESERVED +CVE-2021-39960 + RESERVED +CVE-2021-39959 + RESERVED +CVE-2021-39958 + RESERVED +CVE-2021-39957 + RESERVED +CVE-2021-39956 + RESERVED +CVE-2021-39955 + RESERVED +CVE-2021-39954 + RESERVED +CVE-2021-39953 + RESERVED +CVE-2021-39952 + RESERVED +CVE-2021-39951 + RESERVED +CVE-2021-39950 + RESERVED +CVE-2021-39949 + RESERVED +CVE-2021-39948 + RESERVED +CVE-2021-39947 (In specific circumstances, trace file buffers in GitLab Runner version ...) + - gitlab-ci-multi-runner 14.10.1-1 (bug #1016138) +CVE-2021-39946 (Improper neutralization of user input in GitLab CE/EE versions 14.3 to ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39945 (Improper access control in the GitLab CE/EE API affecting all versions ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39944 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39943 (An authorization logic error in the External Status Check API in GitLa ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39942 (A denial of service vulnerability in GitLab CE/EE affecting all versio ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39941 (An information disclosure vulnerability in GitLab CE/EE versions 12.0 ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39940 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39939 (An uncontrolled resource consumption vulnerability in GitLab Runner af ...) + - gitlab-ci-multi-runner (Vulnerable code introduced later) + NOTE: https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28630 + NOTE: https://about.gitlab.com/releases/2021/12/10/security-release-gitlab-runner-14-5-2-released/ +CVE-2021-39938 (A vulnerable regular expression pattern in GitLab CE/EE since version ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39937 (A collision in access memoization logic in all versions of GitLab CE/E ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39936 (Improper access control in GitLab CE/EE affecting all versions startin ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39935 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39934 (Improper access control allows any project member to retrieve the serv ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39933 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39932 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39931 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39930 (Missing authorization in GitLab EE versions between 12.4 and 14.3.6, b ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39929 (Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17651 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-07.html +CVE-2021-39928 (NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17704 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-13.html +CVE-2021-39927 (Server side request forgery protections in GitLab CE/EE versions betwe ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39926 (Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 ...) + {DSA-5019-1} + - wireshark 3.6.0-1 + [buster] - wireshark (Vulnerable code not present) + [stretch] - wireshark (Vulnerable code not present) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17649 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-08.html +CVE-2021-39925 (Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u2 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17635 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-09.html +CVE-2021-39924 (Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17677 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-10.html +CVE-2021-39923 (Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17684 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-11.html +CVE-2021-39922 (Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 an ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17636 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-12.html +CVE-2021-39921 (NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1 DLA-2849-1} + - wireshark 3.6.0-1 + [buster] - wireshark 2.6.20-0+deb10u3 + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17703 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-14.html +CVE-2021-39920 (NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3 ...) + {DSA-5019-1} + - wireshark 3.6.0-1 + [buster] - wireshark (IPPUSB dissector added in 3.4) + [stretch] - wireshark (IPPUSB dissector added in 3.4) + NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17705 + NOTE: https://www.wireshark.org/security/wnpa-sec-2021-15.html +CVE-2021-39919 (In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, a ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39918 (Incorrect Authorization in GitLab EE affecting all versions starting f ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39917 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39916 (Lack of an access control check in the External Status Check feature a ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39915 (Improper access control in the GraphQL API in GitLab CE/EE affecting a ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39914 (A regular expression denial of service issue in GitLab versions 8.13 t ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39913 (Accidental logging of system root password in the migration log in all ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39912 (A potential DoS vulnerability was discovered in GitLab CE/EE starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39911 (An improper access control flaw in all versions of GitLab CE/EE starti ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39910 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39909 (Lack of email address ownership verification in the CODEOWNERS feature ...) + - gitlab (Specific to EE) +CVE-2021-39908 (In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39907 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39906 (Improper validation of ipynb files in GitLab CE/EE version 13.5 and ab ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39905 (An information disclosure vulnerability in the GitLab CE/EE API since ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39904 (An Improper Access Control vulnerability in the GraphQL API in all ver ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39903 (In all versions of GitLab CE/EE since version 13.0, a privileged user, ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39902 (Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user wi ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39901 (In all versions of GitLab CE/EE since version 11.10, an admin of a gro ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39900 (Information disclosure from SendEntry in GitLab starting with 10.8 all ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39899 (In all versions of GitLab CE/EE, an attacker with physical access to a ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39898 (In all versions of GitLab CE/EE since version 10.6, a project export l ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39897 (Improper access control in GitLab CE/EE version 10.5 and above allowed ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39896 (In all versions of GitLab CE/EE since version 8.0, when an admin uses ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39895 (In all versions of GitLab CE/EE since version 8.0, an attacker can set ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39894 (In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vul ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39893 (A potential DOS vulnerability was discovered in GitLab starting with v ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39892 (In all versions of GitLab CE/EE since version 12.0, a lower privileged ...) + [experimental] - gitlab 14.6.4+ds1-1 + - gitlab 15.10.8+ds1-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/28440 +CVE-2021-39891 (In all versions of GitLab CE/EE since version 8.0, access tokens creat ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39890 (It was possible to bypass 2FA for LDAP users and access some specific ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39889 (In all versions of GitLab EE since version 14.1, due to an insecure di ...) + - gitlab (Specific to Enterprise Edition) +CVE-2021-39888 (In all versions of GitLab EE starting from 13.10 before 14.1.7, all ve ...) + - gitlab (Specific to Enterprise Edition) +CVE-2021-39887 (A stored Cross-Site Scripting vulnerability in the GitLab Flavored Mar ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39886 (Permissions rules were not applied while issues were moved between pro ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39885 (A Stored XSS in merge request creation page in all versions of Gitlab ...) + - gitlab (Specific to Enterprise Edition) +CVE-2021-39884 (In all versions of GitLab EE since version 8.13, an endpoint discloses ...) + - gitlab (Specific to Enterprise Edition) +CVE-2021-39883 (Improper authorization checks in all versions of GitLab EE starting fr ...) + - gitlab (Specific to Enterprise Edition) +CVE-2021-39882 (In all versions of GitLab CE/EE, provided a user ID, anonymous users c ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39881 (In all versions of GitLab CE/EE since version 7.7, the application may ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39880 (A Denial Of Service vulnerability in the apollo_upload_server Ruby gem ...) + - gitlab 15.10.8+ds1-2 + - ruby-apollo-upload-server 2.1.0-1 + [bullseye] - ruby-apollo-upload-server (Minor issue) + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/330561 + NOTE: https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486 +CVE-2021-39879 (Missing authentication in all versions of GitLab CE/EE since version 7 ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39878 (A stored Reflected Cross-Site Scripting vulnerability in the Jira inte ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39877 (A vulnerability was discovered in GitLab starting with version 12.2 th ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39876 (In all versions of GitLab CE/EE since version 11.3, the endpoint for a ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39875 (In all versions of GitLab CE/EE since version 13.6, it is possible to ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39874 (In all versions of GitLab CE/EE since version 11.0, the requirement to ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39873 (In all versions of GitLab CE/EE, there exists a content spoofing vulne ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39872 (In all versions of GitLab CE/EE since version 14.1, an improper access ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39871 (In all versions of GitLab CE/EE since version 13.0, an instance that h ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39870 (In all versions of GitLab CE/EE since version 11.11, an instance that ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39869 (In all versions of GitLab CE/EE since version 8.9, project exports may ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39868 (In all versions of GitLab CE/EE since version 8.12, an authenticated l ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39867 (In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vu ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39866 (A business logic error in the project deletion process in GitLab 13.6 ...) + - gitlab 15.10.8+ds1-2 +CVE-2021-39865 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39864 (Adobe Commerce versions 2.4.2-p2 (and earlier), 2.4.3 (and earlier) an ...) + NOT-FOR-US: Adobe +CVE-2021-39863 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39862 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39861 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39860 (Acrobat Pro DC versions 2021.005.20060 (and earlier), 2020.004.30006 ( ...) + NOT-FOR-US: Adobe +CVE-2021-39859 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39858 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39857 (Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005 ...) + NOT-FOR-US: Adobe +CVE-2021-39856 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-39855 (Acrobat Reader DC ActiveX Control versions 2021.005.20060 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-39854 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39853 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39852 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39851 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39850 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39849 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39848 + RESERVED +CVE-2021-39847 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-ba ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-39846 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39845 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39844 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39843 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39842 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39841 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39840 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39839 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39838 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39837 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39836 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-39835 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39834 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39833 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39832 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39831 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39830 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39829 (Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release ...) + NOT-FOR-US: Adobe +CVE-2021-39828 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by a p ...) + NOT-FOR-US: Adobe +CVE-2021-39827 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) + NOT-FOR-US: Adobe +CVE-2021-39826 (Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an ...) + NOT-FOR-US: Adobe +CVE-2021-39825 (Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and e ...) + NOT-FOR-US: Adobe +CVE-2021-39824 (Adobe Premiere Elements version 2021.2235820 (and earlier) is affected ...) + NOT-FOR-US: Adobe +CVE-2021-39823 (Adobe svg-native-viewer 8182d14dfad5d1e10f53ed830328d7d9a3cfa96d and e ...) + NOT-FOR-US: Adobe +CVE-2021-39822 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-39821 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) a ...) + NOT-FOR-US: Adobe +CVE-2021-39820 (Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) i ...) + NOT-FOR-US: Adobe +CVE-2021-39819 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39818 (Adobe InCopy version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39817 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39816 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-39815 (The PowerVR GPU driver allows unprivileged apps to allocated pinned me ...) + NOT-FOR-US: Imagination Technologies +CVE-2021-39814 (In ppmp_validate_wsm of drm_fw.c, there is a possible out of bounds wr ...) + NOT-FOR-US: Pixel +CVE-2021-39813 + RESERVED +CVE-2021-39812 (In TBD of TBD, there is a possible out of bounds read due to a use aft ...) + NOT-FOR-US: Pixel +CVE-2021-39811 + RESERVED +CVE-2021-39810 (In NFC, there is a possible way to setup a default contactless payment ...) + NOT-FOR-US: Android +CVE-2021-39809 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2021-39808 (In createNotificationChannelGroup of PreferencesHelper.java, there is ...) + NOT-FOR-US: Android +CVE-2021-39807 (In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-39806 (In closef of label_backends_android.c, there is a possible way to corr ...) + NOT-FOR-US: Google Pixel +CVE-2021-39805 (In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2021-39804 (In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a m ...) + NOT-FOR-US: Android +CVE-2021-39803 (In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read ...) + NOT-FOR-US: Android +CVE-2021-39802 (In change_pte_range of mprotect.c , there is a possible way to make a ...) + - linux (Vulnerability never present in upstream; Android specific) + NOTE: https://source.android.com/security/bulletin/2022-04-01 +CVE-2021-39801 (In ion_ioctl of ion-ioctl.c, there is a possible use after free due to ...) + - linux (Android-specific driver) + NOTE: https://source.android.com/security/bulletin/2022-04-01 +CVE-2021-39800 (In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel he ...) + - linux (Android-specific driver) + NOTE: https://source.android.com/security/bulletin/2022-04-01 +CVE-2021-39799 (In AttributionSource of AttributionSource.java, there is a possible pe ...) + NOT-FOR-US: Android +CVE-2021-39798 (In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrar ...) + NOT-FOR-US: Android +CVE-2021-39797 (In several functions of of LauncherApps.java, there is a possible esca ...) + NOT-FOR-US: Android +CVE-2021-39796 (In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there ...) + - android-platform-frameworks-base (unimportant; bug #1009626) + NOTE: https://android.googlesource.com/platform/frameworks/base/+/e74a2a320bf896bc30618ce486203bafe453c469 + NOTE: https://source.android.com/security/bulletin/2022-04-01 + NOTE: No security impact for Android as provided in Debian, Not accessible in Debian builds +CVE-2021-39795 + REJECTED +CVE-2021-39794 (In broadcastPortInfo of AdbService.java, there is a possible way for a ...) + NOT-FOR-US: Android +CVE-2021-39793 (In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possibl ...) + NOT-FOR-US: Pixel +CVE-2021-39792 (In usb_gadget_giveback_request of core.c, there is a possible use afte ...) + NOT-FOR-US: Android kernel patches +CVE-2021-39791 (In WallpaperManagerService, there is a possible way to determine wheth ...) + NOT-FOR-US: Android +CVE-2021-39790 (In Dialer, there is a possible way to manipulate visual voicemail sett ...) + NOT-FOR-US: Android +CVE-2021-39789 (In Telecom, there is a possible leak of TTY mode change due to a missi ...) + NOT-FOR-US: Android +CVE-2021-39788 (In TelecomManager, there is a possible way to check if a particular se ...) + NOT-FOR-US: Android +CVE-2021-39787 (In SystemUI, there is a possible arbitrary Activity launch due to a co ...) + NOT-FOR-US: Android +CVE-2021-39786 (In NFC, there is a possible out of bounds write due to a missing bound ...) + NOT-FOR-US: Android +CVE-2021-39785 + RESERVED +CVE-2021-39784 (In CellBroadcastReceiver, there is a possible path to enable specific ...) + NOT-FOR-US: Android +CVE-2021-39783 (In rcsservice, there is a possible way to modify TTY mode due to a mis ...) + NOT-FOR-US: Android +CVE-2021-39782 (In Telephony, there is a possible unauthorized modification of the PLM ...) + NOT-FOR-US: Android +CVE-2021-39781 (In SmsController, there is a possible information disclosure due to a ...) + NOT-FOR-US: Android +CVE-2021-39780 (In Traceur, there is a possible bypass of developer settings requireme ...) + NOT-FOR-US: Android +CVE-2021-39779 (In getCallStateUsingPackage of Telecom Service, there is a missing per ...) + NOT-FOR-US: Android +CVE-2021-39778 (In Telecomm, there is a possible way to determine whether an app is in ...) + NOT-FOR-US: Android +CVE-2021-39777 (In Telephony, there is a possible way to determine whether an app is i ...) + NOT-FOR-US: Android +CVE-2021-39776 (In NFC, there is a possible memory corruption due to a use after free. ...) + NOT-FOR-US: Android +CVE-2021-39775 (In People, there is a possible way to determine whether an app is inst ...) + NOT-FOR-US: Android +CVE-2021-39774 (In Bluetooth, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Android +CVE-2021-39773 (In VpnManagerService, there is a possible disclosure of installed VPN ...) + NOT-FOR-US: Android +CVE-2021-39772 (In Bluetooth, there is a possible way to access the a2dp audio control ...) + NOT-FOR-US: Android +CVE-2021-39771 (In Settings, there is a possible way to misrepresent which app wants t ...) + NOT-FOR-US: Android +CVE-2021-39770 (In Framework, there is a possible disclosure of the device owner packa ...) + NOT-FOR-US: Android +CVE-2021-39769 (In Device Policy, there is a possible way to determine whether an app ...) + NOT-FOR-US: Android +CVE-2021-39768 (In Settings, there is a possible way to add an auto-connect WiFi netwo ...) + NOT-FOR-US: Android +CVE-2021-39767 (In miniadb, there is a possible way to get read/write access to recove ...) + NOT-FOR-US: Android +CVE-2021-39766 (In Settings, there is a possible way to determine whether an app is in ...) + NOT-FOR-US: Android +CVE-2021-39765 (In Gallery, there is a possible permission bypass due to a confused de ...) + NOT-FOR-US: Android +CVE-2021-39764 (In Settings, there is a possible way to display an incorrect app name ...) + NOT-FOR-US: Android +CVE-2021-39763 (In Settings, there is a possible way to make the user enable WiFi due ...) + NOT-FOR-US: Android +CVE-2021-39762 (In tremolo, there is a possible out of bounds read due to an integer o ...) + NOT-FOR-US: Android +CVE-2021-39761 (In Media, there is a possible way to determine whether an app is insta ...) + NOT-FOR-US: Android +CVE-2021-39760 (In AudioService, there is a possible way to determine whether an app i ...) + NOT-FOR-US: Android +CVE-2021-39759 (In libstagefright, there is a possible out of bounds write due to an i ...) + NOT-FOR-US: Android +CVE-2021-39758 (In WindowManager, there is a possible way to start a foreground activi ...) + NOT-FOR-US: Android +CVE-2021-39757 (In PermissionController, there is a possible permission bypass due to ...) + NOT-FOR-US: Android +CVE-2021-39756 (In Framework, there is a possible way to determine whether an app is i ...) + NOT-FOR-US: Android +CVE-2021-39755 (In DevicePolicyManager, there is a possible way to reveal the existenc ...) + NOT-FOR-US: Android +CVE-2021-39754 (In ContextImpl, there is a possible way to determine whether an app is ...) + NOT-FOR-US: Android +CVE-2021-39753 (In DomainVerificationService, there is a possible way to access app do ...) + NOT-FOR-US: Android +CVE-2021-39752 (In Bubbles, there is a possible way to interfere with Bubbles due to a ...) + NOT-FOR-US: Android +CVE-2021-39751 (In Settings, there is a possible way to read Bluetooth device names wi ...) + NOT-FOR-US: Android +CVE-2021-39750 (In PackageManager, there is a possible way to change the splash screen ...) + NOT-FOR-US: Android +CVE-2021-39749 (In WindowManager, there is a possible way to start non-exported and pr ...) + NOT-FOR-US: Android +CVE-2021-39748 (In InputMethodEditor, there is a possible way to access some files acc ...) + NOT-FOR-US: Android +CVE-2021-39747 (In Settings Provider, there is a possible way to list values of non-re ...) + NOT-FOR-US: Android +CVE-2021-39746 (In PermissionController, there is a possible way to delete some local ...) + NOT-FOR-US: Android +CVE-2021-39745 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2021-39744 (In DevicePolicyManager, there is a possible way to determine whether a ...) + NOT-FOR-US: Android +CVE-2021-39743 (In PackageManager, there is a possible way to update the last usage ti ...) + NOT-FOR-US: Android +CVE-2021-39742 (In Voicemail, there is a possible way to retrieve a trackable identifi ...) + NOT-FOR-US: Android +CVE-2021-39741 (In Keymaster, there is a possible out of bounds write due to a missing ...) + NOT-FOR-US: Android +CVE-2021-39740 (In Messaging, there is a possible way to bypass attachment restriction ...) + NOT-FOR-US: Android +CVE-2021-39739 (In ArrayMap, there is a possible leak of the content of SMS messages d ...) + NOT-FOR-US: Android +CVE-2021-39738 (In CarSetings, there is a possible to pair BT device bypassing user's ...) + NOT-FOR-US: Android Automotive +CVE-2021-39737 (Product: AndroidVersions: Android kernelAndroid ID: A-208229524Referen ...) + NOT-FOR-US: Pixel +CVE-2021-39736 (In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_peri ...) + NOT-FOR-US: Pixel +CVE-2021-39735 (In gasket_alloc_coherent_memory of gasket_page_table.c, there is a pos ...) + NOT-FOR-US: Pixel +CVE-2021-39734 (In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible w ...) + NOT-FOR-US: Pixel +CVE-2021-39733 (In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out ...) + NOT-FOR-US: Pixel +CVE-2021-39732 (In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds ...) + NOT-FOR-US: Pixel +CVE-2021-39731 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) + NOT-FOR-US: Pixel +CVE-2021-39730 (In TBD of TBD, there is a possible out of bounds read due to a missing ...) + NOT-FOR-US: Pixel +CVE-2021-39729 (In the TitanM chip, there is a possible out of bounds write due to a m ...) + NOT-FOR-US: Pixel +CVE-2021-39728 + RESERVED +CVE-2021-39727 (In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/E ...) + NOT-FOR-US: Pixel +CVE-2021-39726 (In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read d ...) + NOT-FOR-US: Pixel +CVE-2021-39725 (In gasket_free_coherent_memory_all of gasket_page_table.c, there is a ...) + NOT-FOR-US: Pixel +CVE-2021-39724 (In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, th ...) + NOT-FOR-US: Pixel +CVE-2021-39723 (Product: AndroidVersions: Android kernelAndroid ID: A-209014813Referen ...) + NOT-FOR-US: Pixel +CVE-2021-39722 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) + NOT-FOR-US: Pixel +CVE-2021-39721 (In TBD of TBD, there is a possible out of bounds write due to memory c ...) + NOT-FOR-US: Pixel +CVE-2021-39720 (Product: AndroidVersions: Android kernelAndroid ID: A-207433926Referen ...) + NOT-FOR-US: Pixel +CVE-2021-39719 (In lwis_top_register_io of lwis_device_top.c, there is a possible out ...) + NOT-FOR-US: Pixel +CVE-2021-39718 (In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, ...) + NOT-FOR-US: Pixel +CVE-2021-39717 (In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bo ...) + NOT-FOR-US: Pixel +CVE-2021-39716 (Product: AndroidVersions: Android kernelAndroid ID: A-206977562Referen ...) + NOT-FOR-US: Pixel +CVE-2021-39715 (In __show_regs of process.c, there is a possible leak of kernel memory ...) + NOT-FOR-US: Android kernel patches +CVE-2021-39714 (In ion_buffer_kmap_get of ion.c, there is a possible use-after-free du ...) + {DLA-2940-1} + - linux 4.12.6-1 + NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 +CVE-2021-39713 (Product: AndroidVersions: Android kernelAndroid ID: A-173788806Referen ...) + {DSA-5096-1 DLA-3065-1 DLA-2941-1} + - linux 5.2.6-1 + NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 +CVE-2021-39712 (In TBD of TBD, there is a possible user after free vulnerability due t ...) + NOT-FOR-US: Pixel +CVE-2021-39711 (In bpf_prog_test_run_skb of test_run.c, there is a possible out of bou ...) + - linux 4.18.6-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6e6fddc78323533be570873abb728b7e0ba7e024 + NOTE: https://source.android.com/security/bulletin/pixel/2022-03-01 +CVE-2021-39710 (Product: AndroidVersions: Android kernelAndroid ID: A-202160245Referen ...) + NOT-FOR-US: Pixel +CVE-2021-39709 (In sendSipAccountsRemovedNotification of SipAccountRegistry.java, ther ...) + NOT-FOR-US: Android +CVE-2021-39708 (In gatt_process_notification of gatt_cl.cc, there is a possible out of ...) + NOT-FOR-US: Android +CVE-2021-39707 (In onReceive of AppRestrictionsFragment.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-39706 (In onResume of CredentialStorage.java, there is a possible way to clea ...) + NOT-FOR-US: Android +CVE-2021-39705 + REJECTED +CVE-2021-39704 (In deleteNotificationChannelGroup of NotificationManagerService.java, ...) + NOT-FOR-US: Android +CVE-2021-39703 (In updateState of UsbDeviceManager.java, there is a possible unauthori ...) + NOT-FOR-US: Android +CVE-2021-39702 (In onCreate of RequestManageCredentials.java, there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-39701 (In serviceConnection of ControlsProviderLifecycleManager.kt, there is ...) + NOT-FOR-US: Android +CVE-2021-39700 (In the policies of adbd.te, there was a logic error which caused the C ...) + NOT-FOR-US: Android +CVE-2021-39699 + RESERVED +CVE-2021-39698 (In aio_poll_complete_work of aio.c, there is a possible memory corrupt ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-1 + [bullseye] - linux 5.10.92-1 + NOTE: https://source.android.com/security/bulletin/2022-03-01 +CVE-2021-39697 (In checkFileUriDestination of DownloadProvider.java, there is a possib ...) + NOT-FOR-US: Android +CVE-2021-39696 (In Task.java, there is a possible escalation of privilege due to a con ...) + NOT-FOR-US: Android +CVE-2021-39695 (In createOrUpdate of BasePermission.java, there is a possible permissi ...) + NOT-FOR-US: Android +CVE-2021-39694 (In parse of RoleParser.java, there is a possible way for default apps ...) + NOT-FOR-US: Android +CVE-2021-39693 (In onUidStateChanged of AppOpsService.java, there is a possible way to ...) + NOT-FOR-US: Android +CVE-2021-39692 (In onCreate of SetupLayoutActivity.java, there is a possible way to se ...) + NOT-FOR-US: Android +CVE-2021-39691 (In WindowManager, there is a possible tapjacking attack due to an inco ...) + NOT-FOR-US: Android +CVE-2021-39690 (In setDisplayPadding of WallpaperManagerService.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39689 (In multiple functions of odsign_main.cpp, there is a possible way to p ...) + NOT-FOR-US: Android +CVE-2021-39688 (In TBD of TBD, there is a possible out of bounds read due to TBD. This ...) + NOT-FOR-US: Pixel +CVE-2021-39687 (In HandleTransactionIoEvent of actuator_driver.cc, there is a possible ...) + NOT-FOR-US: Android +CVE-2021-39686 (In several functions of binder.c, there is a possible way to represent ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.15-1 + NOTE: https://source.android.com/security/bulletin/2022-03-01 +CVE-2021-39685 (In various setup methods of the USB gadget subsystem, there is a possi ...) + {DSA-5096-1 DSA-5050-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.5-2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/15/4 +CVE-2021-39684 (In target_init of gs101/abl/target/slider/target.c, there is a possibl ...) + NOT-FOR-US: Pixel +CVE-2021-39683 (In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds ...) + NOT-FOR-US: Pixel +CVE-2021-39682 (In mgm_alloc_page of memory_group_manager.c, there is a possible out o ...) + NOT-FOR-US: Pixel +CVE-2021-39681 (In delete_protocol of main.c, there is a possible arbitrary code execu ...) + NOT-FOR-US: Pixel +CVE-2021-39680 (In sec_SHA256_Transform of sha256_core.c, there is a possible way to r ...) + NOT-FOR-US: Pixel +CVE-2021-39679 (In init of vendor_graphicbuffer_meta.cpp, there is a possible use afte ...) + NOT-FOR-US: Pixel +CVE-2021-39678 (In of , there is a possible bypass of Factory Reset Protect ...) + NOT-FOR-US: Pixel +CVE-2021-39677 (In startVideoStream() there is a possibility of an OOB Read in the hea ...) + NOT-FOR-US: Android +CVE-2021-39676 (In writeThrowable of AndroidFuture.java, there is a possible parcel se ...) + NOT-FOR-US: Android +CVE-2021-39675 (In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds writ ...) + NOT-FOR-US: Android +CVE-2021-39674 (In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , the ...) + NOT-FOR-US: Android +CVE-2021-39673 + RESERVED +CVE-2021-39672 (In fastboot, there is a possible secure boot bypass due to a configura ...) + NOT-FOR-US: Android +CVE-2021-39671 (In code generated by aidl_const_expressions.cpp, there is a possible o ...) + NOT-FOR-US: Android +CVE-2021-39670 (In setStream of WallpaperManager.java, there is a possible way to caus ...) + NOT-FOR-US: Android +CVE-2021-39669 (In onCreate of InstallCaCertificateWarning.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-39668 (In onActivityViewReady of DetailDialog.kt, there is a possible Intent ...) + NOT-FOR-US: Android +CVE-2021-39667 (In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39666 (In extract of MediaMetricsItem.h, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2021-39665 (In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bo ...) + NOT-FOR-US: Android +CVE-2021-39664 (In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of b ...) + NOT-FOR-US: Android +CVE-2021-39663 (In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, ther ...) + NOT-FOR-US: Android +CVE-2021-39662 (In checkUriPermission of MediaProvider.java , there is a possible way ...) + NOT-FOR-US: Android +CVE-2021-39661 (In _PMRLogicalOffsetToPhysicalOffset of the PowerVR kernel driver, the ...) + NOT-FOR-US: Android +CVE-2021-39660 (In TBD of TBD, there is a possible way to archive arbitrary code execu ...) + NOT-FOR-US: Android +CVE-2021-39659 (In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, ...) + NOT-FOR-US: Android +CVE-2021-39658 (ismsEx service is a vendor service in unisoc equipment\u3002ismsEx ser ...) + NOT-FOR-US: Android +CVE-2021-39657 (In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out ...) + - linux 5.10.12-1 + [buster] - linux 4.19.171-1 + [stretch] - linux 4.9.258-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 + NOTE: https://git.kernel.org/linus/35fc4cd34426c242ab015ef280853b7bff101f48 (5.11-rc4) +CVE-2021-39656 (In __configfs_open_file of file.c, there is a possible use-after-free ...) + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + [stretch] - linux 4.9.272-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 + NOTE: https://git.kernel.org/linus/14fbbc8297728e880070f7b077b3301a8c698ef9 (5.12-rc3) +CVE-2021-39655 (Product: AndroidVersions: Android kernelAndroid ID: A-192641593Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39654 + RESERVED +CVE-2021-39653 (In (TBD) of (TBD), there is a possible way to boot with a hidden debug ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39652 (In sec_ts_parsing_cmds of (TBD), there is a possible out of bounds wri ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39651 (In TBD of TBD, there is a possible way to access PIN protected setting ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39650 (In (TBD) of (TBD), there is a possible out of bounds write due to a mi ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39649 (In regmap_exit of regmap.c, there is a possible use-after-free due to ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39648 (In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclos ...) + - linux 5.10.9-1 + [buster] - linux 4.19.171-1 + [stretch] - linux 4.9.258-1 + NOTE: https://git.kernel.org/linus/64e6bbfff52db4bf6785fab9cffab850b2de6870 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 +CVE-2021-39647 (In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_ ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39646 (Product: AndroidVersions: Android kernelAndroid ID: A-201537251Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39645 (Product: AndroidVersions: Android kernelAndroid ID: A-199805112Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39644 (Product: AndroidVersions: Android kernelAndroid ID: A-199809304Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39643 (In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39642 (In synchronous_process_io_entries of lwis_ioctl.c, there is a possible ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39641 (Product: AndroidVersions: Android kernelAndroid ID: A-126949257Referen ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39640 (In __dwc3_gadget_ep0_queue of ep0.c, there is a possible out of bounds ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39639 (In TBD of fvp.c, there is a possible way to glitch CPU behavior due to ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39638 (In periodic_io_work_func of lwis_periodic_io.c, there is a possible ou ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39637 (In CreateDeviceInfo of trusty_remote_provisioning_context.cpp, there i ...) + NOT-FOR-US: Google Pixel components +CVE-2021-39636 (In do_ipt_get_ctl and do_ipt_set_ctl of ip_tables.c, there is a possib ...) + - linux 4.16.5-1 + NOTE: https://source.android.com/security/bulletin/pixel/2021-12-01 +CVE-2021-39635 (ims_ex is a vendor system service used to manage VoLTE in unisoc devic ...) + NOT-FOR-US: Android +CVE-2021-39634 (In fs/eventpoll.c, there is a possible use after free. This could lead ...) + - linux 5.8.14-1 + [buster] - linux 4.19.152-1 + [stretch] - linux 4.9.240-1 + NOTE: https://source.android.com/security/bulletin/2022-01-01 + NOTE: https://git.kernel.org/linus/f8d4f44df056c5b504b0d49683fb7279218fd207 (5.9-rc8) +CVE-2021-39633 (In gre_handle_offloads of ip_gre.c, there is a possible page fault due ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux 4.9.290-1 + NOTE: https://source.android.com/security/bulletin/2022-01-01 + NOTE: https://git.kernel.org/linus/1d011c4803c72f3907eccfc1ec63caefb852fcbf (5.14) +CVE-2021-39632 (In inotify_cb of events.cpp, there is a possible out of bounds write d ...) + NOT-FOR-US: Android +CVE-2021-39631 (In clear_data_dlg_text of strings.xml, there is a possible situation w ...) + NOT-FOR-US: Android +CVE-2021-39630 (In executeRequest of OverlayManagerService.java, there is a possible w ...) + NOT-FOR-US: Android +CVE-2021-39629 (In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39628 (In StatusBar.java, there is a possible disclosure of notification cont ...) + NOT-FOR-US: Android +CVE-2021-39627 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) + NOT-FOR-US: Android +CVE-2021-39626 (In onAttach of ConnectedDeviceDashboardFragment.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39625 (In showCarrierAppInstallationNotification of EuiccNotificationManager. ...) + NOT-FOR-US: Android +CVE-2021-39624 (In PackageManager, there is a possible permanent denial of service due ...) + NOT-FOR-US: Android +CVE-2021-39623 (In doRead of SimpleDecodingSource.cpp, there is a possible out of boun ...) + NOT-FOR-US: Android +CVE-2021-39622 (In GBoard, there is a possible way to bypass Factory Reset Protection ...) + NOT-FOR-US: Android +CVE-2021-39621 (In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there ...) + NOT-FOR-US: Android +CVE-2021-39620 (In ipcSetDataReference of Parcel.cpp, there is a possible way to corru ...) + NOT-FOR-US: Android +CVE-2021-39619 (In updatePackageMappingsData of UsageStatsService.java, there is a pos ...) + NOT-FOR-US: Android +CVE-2021-39618 (In multiple methods of EuiccNotificationManager.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2021-39617 + REJECTED +CVE-2021-39616 (Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438) + NOT-FOR-US: Android +CVE-2021-3733 (There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker ...) + {DLA-3477-1 DLA-3432-1 DLA-2808-1} + - python3.9 3.9.7-1 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python3.5 + - python2.7 + [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + NOTE: https://bugs.python.org/issue43075 + NOTE: https://github.com/python/cpython/pull/24391 + NOTE: https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb1defe1 (master) + NOTE: https://github.com/python/cpython/commit/a21d4fbd549ec9685068a113660553d7f80d9b09 (3.9.5) + NOTE: https://github.com/python/cpython/commit/e7654b6046090914a8323931ed759a94a5f85d60 (3.8.10) + NOTE: https://github.com/python/cpython/commit/ada14995870abddc277addf57dd690a2af04c2da (3.7.11) + NOTE: https://github.com/python/cpython/commit/3fbe96123aeb66664fa547a8f6022efa2dc8788f (3.6.14) +CVE-2021-3732 (A flaw was found in the Linux kernel's OverlayFS subsystem in the way ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995249 + NOTE: https://git.kernel.org/linus/427215d85e8d1476da1a86b8d67aceb485eb3631 +CVE-2021-39615 (D-Link DSR-500N version 1.02 contains hard-coded credentials for undoc ...) + NOT-FOR-US: D-Link +CVE-2021-39614 (D-Link DVX-2000MS contains hard-coded credentials for undocumented use ...) + NOT-FOR-US: D-Link +CVE-2021-39613 (D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contain ...) + NOT-FOR-US: D-Link +CVE-2021-39612 + RESERVED +CVE-2021-39611 + RESERVED +CVE-2021-39610 + RESERVED +CVE-2021-39609 (Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 v ...) + NOT-FOR-US: FlatCore-CMS +CVE-2021-39608 (Remote Code Execution (RCE) vulnerabilty exists in FlatCore-CMS 2.0.7 ...) + NOT-FOR-US: FlatCore-CMS +CVE-2021-39607 + RESERVED +CVE-2021-39606 + RESERVED +CVE-2021-39605 + RESERVED +CVE-2021-39604 + RESERVED +CVE-2021-39603 + RESERVED +CVE-2021-39602 (A Buffer Overflow vulnerabilty exists in Miniftpd 1.0 in the do_mkd fu ...) + NOT-FOR-US: Miniftpd +CVE-2021-39601 + RESERVED +CVE-2021-39600 + RESERVED +CVE-2021-39599 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS ...) + NOT-FOR-US: CXUUCMS +CVE-2021-39598 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/145 +CVE-2021-39597 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/143 +CVE-2021-39596 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/146 +CVE-2021-39595 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/141 +CVE-2021-39594 (Other An issue was discovered in swftools through 20200710. A NULL poi ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/142 +CVE-2021-39593 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/139 +CVE-2021-39592 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/138 +CVE-2021-39591 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/135 +CVE-2021-39590 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/137 +CVE-2021-39589 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/132 +CVE-2021-39588 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/131 +CVE-2021-39587 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/129 +CVE-2021-39586 + RESERVED +CVE-2021-39585 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/133 +CVE-2021-39584 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/130 +CVE-2021-39583 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/136 +CVE-2021-39582 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/122 +CVE-2021-39581 + RESERVED +CVE-2021-39580 + RESERVED +CVE-2021-39579 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/125 +CVE-2021-39578 + RESERVED +CVE-2021-39577 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/121 +CVE-2021-39576 + RESERVED +CVE-2021-39575 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/128 +CVE-2021-39574 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/124 +CVE-2021-39573 + RESERVED +CVE-2021-39572 + RESERVED +CVE-2021-39571 + RESERVED +CVE-2021-39570 + RESERVED +CVE-2021-39569 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/114 +CVE-2021-39568 + RESERVED +CVE-2021-39567 + RESERVED +CVE-2021-39566 + RESERVED +CVE-2021-39565 + RESERVED +CVE-2021-39564 (An issue was discovered in swftools through 20200710. A heap-buffer-ov ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/116 +CVE-2021-39563 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/115 +CVE-2021-39562 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/98 +CVE-2021-39561 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/102 +CVE-2021-39560 + RESERVED +CVE-2021-39559 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/101 +CVE-2021-39558 (An issue was discovered in swftools through 20200710. A stack-buffer-o ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/106 +CVE-2021-39557 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/97 +CVE-2021-39556 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/105 +CVE-2021-39555 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/99 +CVE-2021-39554 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/100 +CVE-2021-39553 (An issue was discovered in swftools through 20200710. A NULL pointer d ...) + - swftools + [stretch] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/103 +CVE-2021-39552 (An issue was discovered in sela through 20200412. file::WavFile::readF ...) + NOT-FOR-US: sela +CVE-2021-39551 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) + NOT-FOR-US: sela +CVE-2021-39550 (An issue was discovered in sela through 20200412. file::SelaFile::read ...) + NOT-FOR-US: sela +CVE-2021-39549 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39548 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39547 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39546 (An issue was discovered in sela through 20200412. rice::RiceDecoder::p ...) + NOT-FOR-US: sela +CVE-2021-39545 (An issue was discovered in sela through 20200412. A NULL pointer deref ...) + NOT-FOR-US: sela +CVE-2021-39544 (An issue was discovered in sela through 20200412. file::WavFile::write ...) + NOT-FOR-US: sela +CVE-2021-39543 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39542 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39541 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39540 (An issue was discovered in pdftools through 20200714. A stack-buffer-o ...) + NOT-FOR-US: pdftools +CVE-2021-39539 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39538 (An issue was discovered in pdftools through 20200714. A NULL pointer d ...) + NOT-FOR-US: pdftools +CVE-2021-39537 (An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in ca ...) + {DLA-3682-1} + - ncurses 6.2+20200912-1 (unimportant) + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html + NOTE: Fixed by: https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443#diff-7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340 + NOTE: Negligible security impact +CVE-2021-39536 (An issue was discovered in libxsmm through v1.16.1-93. The JIT code ha ...) + - libxsmm 1.17-1 (bug #996098) + NOTE: https://github.com/hfp/libxsmm/issues/402 + NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 + NOTE: https://github.com/hfp/libxsmm/commit/c24027d07eef23411a56958e52afad5ee6db6393 + NOTE: https://github.com/hfp/libxsmm/commit/3f417e5e0670b066d558052fd32fc8093c81ee94 (1.16.3) +CVE-2021-39535 (An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer ...) + - libxsmm 1.17-1 (bug #996098) + NOTE: https://github.com/hfp/libxsmm/issues/398 + NOTE: https://github.com/hfp/libxsmm/commit/d6984918886d4bd6be241ff3e6af799f4aba3375 + NOTE: https://github.com/hfp/libxsmm/commit/3f417e5e0670b066d558052fd32fc8093c81ee94 (1.16.3) +CVE-2021-39534 (An issue was discovered in libslax through v0.22.1. slaxIsCommentStart ...) + - libslax (bug #766210) +CVE-2021-39533 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) + - libslax (bug #766210) +CVE-2021-39532 (An issue was discovered in libslax through v0.22.1. A NULL pointer der ...) + - libslax (bug #766210) +CVE-2021-39531 (An issue was discovered in libslax through v0.22.1. slaxLexer() in sla ...) + - libslax (bug #766210) +CVE-2021-39530 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2nlen ...) + - libredwg (bug #595191) +CVE-2021-39529 + RESERVED +CVE-2021-39528 (An issue was discovered in libredwg through v0.10.1.3751. dwg_free_MAT ...) + - libredwg (bug #595191) +CVE-2021-39527 (An issue was discovered in libredwg through v0.10.1.3751. appinfo_priv ...) + - libredwg (bug #595191) +CVE-2021-39526 + RESERVED +CVE-2021-39525 (An issue was discovered in libredwg through v0.10.1.3751. bit_read_fix ...) + - libredwg (bug #595191) +CVE-2021-39524 + RESERVED +CVE-2021-39523 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) + - libredwg (bug #595191) +CVE-2021-39522 (An issue was discovered in libredwg through v0.10.1.3751. bit_wcs2len( ...) + - libredwg (bug #595191) +CVE-2021-39521 (An issue was discovered in libredwg through v0.10.1.3751. A NULL point ...) + - libredwg (bug #595191) +CVE-2021-39520 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/34 +CVE-2021-39519 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/28 +CVE-2021-39518 (An issue was discovered in libjpeg through 2020021. LineBuffer::FetchR ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/35 +CVE-2021-39517 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/33 +CVE-2021-39516 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/42 +CVE-2021-39515 (An issue was discovered in libjpeg through 2020021. A NULL pointer der ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/37 +CVE-2021-39514 (An issue was discovered in libjpeg through 2020021. An uncaught floati ...) + - libjpeg 0.0~git20200925.f145908-1 + NOTE: https://github.com/thorfdbg/libjpeg/issues/36 +CVE-2021-39513 + RESERVED +CVE-2021-39512 + RESERVED +CVE-2021-39511 + RESERVED +CVE-2021-39510 (An issue was discovered in D-Link DIR816_A1_FW101CNB04 750m11ac wirele ...) + NOT-FOR-US: D-Link +CVE-2021-39509 (An issue was discovered in D-Link DIR-816 DIR-816A2_FWv1.10CNB05_R1B01 ...) + NOT-FOR-US: D-Link +CVE-2021-39508 + RESERVED +CVE-2021-39507 + RESERVED +CVE-2021-39506 + RESERVED +CVE-2021-39505 + RESERVED +CVE-2021-39504 + RESERVED +CVE-2021-39503 (PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is ...) + NOT-FOR-US: PHPMyWind +CVE-2021-39502 + RESERVED +CVE-2021-39501 (EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect ...) + NOT-FOR-US: EyouCMS +CVE-2021-39500 (Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of i ...) + NOT-FOR-US: EyouCMS +CVE-2021-39499 (A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouC ...) + NOT-FOR-US: EyouCMS +CVE-2021-39498 + RESERVED +CVE-2021-39497 (eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) + NOT-FOR-US: EyouCMS +CVE-2021-39496 (Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker t ...) + NOT-FOR-US: EyouCMS +CVE-2021-39495 + RESERVED +CVE-2021-39494 + RESERVED +CVE-2021-39493 + RESERVED +CVE-2021-39492 + RESERVED +CVE-2021-39491 (A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgi ...) + NOT-FOR-US: reNgine +CVE-2021-39490 + RESERVED +CVE-2021-39489 + RESERVED +CVE-2021-39488 + RESERVED +CVE-2021-39487 + RESERVED +CVE-2021-39486 (A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2. ...) + NOT-FOR-US: Gila CMS +CVE-2021-39485 + RESERVED +CVE-2021-39484 + RESERVED +CVE-2021-39483 + RESERVED +CVE-2021-39482 + RESERVED +CVE-2021-39481 + RESERVED +CVE-2021-39480 (Bingrep v0.8.5 was discovered to contain a memory allocation failure w ...) + NOT-FOR-US: bingrep +CVE-2021-39479 + RESERVED +CVE-2021-39478 + RESERVED +CVE-2021-39477 + RESERVED +CVE-2021-39476 + RESERVED +CVE-2021-39475 + RESERVED +CVE-2021-39474 (Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported a ...) + NOT-FOR-US: Docsis UBC1319BA00 Router +CVE-2021-39473 (Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) ...) + NOT-FOR-US: Saibamen HotelManager +CVE-2021-39472 + RESERVED +CVE-2021-39471 + RESERVED +CVE-2021-39470 + RESERVED +CVE-2021-39469 + RESERVED +CVE-2021-39468 + RESERVED +CVE-2021-39467 + RESERVED +CVE-2021-39466 + RESERVED +CVE-2021-39465 + RESERVED +CVE-2021-39464 + RESERVED +CVE-2021-39463 + RESERVED +CVE-2021-39462 + RESERVED +CVE-2021-39461 + RESERVED +CVE-2021-39460 + RESERVED +CVE-2021-39459 (Remote code execution in the modules component in Yakamara Media Redax ...) + NOT-FOR-US: Yakamara Media Redaxo CMS +CVE-2021-39458 (Triggering an error page of the import process in Yakamara Media Redax ...) + NOT-FOR-US: Yakamara Media Redaxo CMS +CVE-2021-39457 + RESERVED +CVE-2021-39456 + RESERVED +CVE-2021-39455 + RESERVED +CVE-2021-39454 + RESERVED +CVE-2021-39453 + RESERVED +CVE-2021-39452 + RESERVED +CVE-2021-39451 + RESERVED +CVE-2021-39450 + RESERVED +CVE-2021-39449 + RESERVED +CVE-2021-39448 + RESERVED +CVE-2021-39447 + RESERVED +CVE-2021-39446 + RESERVED +CVE-2021-39445 + RESERVED +CVE-2021-39444 + RESERVED +CVE-2021-39443 + RESERVED +CVE-2021-39442 + RESERVED +CVE-2021-39441 + RESERVED +CVE-2021-39440 + RESERVED +CVE-2021-39439 + RESERVED +CVE-2021-39438 + RESERVED +CVE-2021-39437 + RESERVED +CVE-2021-39436 + RESERVED +CVE-2021-39435 + RESERVED +CVE-2021-39434 (A default username and password for an administrator account was disco ...) + NOT-FOR-US: ZKTeco ZKTime +CVE-2021-39433 (A local file inclusion (LFI) vulnerability exists in version BIQS IT B ...) + NOT-FOR-US: BIQS IT Biqs-drive +CVE-2021-39432 (diplib v3.0.0 is vulnerable to Double Free.) + NOT-FOR-US: diplib +CVE-2021-39431 + RESERVED +CVE-2021-39430 + RESERVED +CVE-2021-39429 + RESERVED +CVE-2021-39428 (Cross Site Scripting (XSS) vulnerability in Users.php in eyoucms 1.5.4 ...) + NOT-FOR-US: EyouCMS +CVE-2021-39427 (Cross site scripting vulnerability in 188Jianzhan 2.10 allows attacker ...) + NOT-FOR-US: 188Jianzhan +CVE-2021-39426 (An issue was discovered in /Upload/admin/admin_notify.php in Seacms 11 ...) + NOT-FOR-US: Seacms +CVE-2021-39425 (SeedDMS v6.0.15 was discovered to contain an open redirect vulnerabili ...) + NOT-FOR-US: SeedDMS +CVE-2021-39424 + RESERVED +CVE-2021-39423 + RESERVED +CVE-2021-39422 + RESERVED +CVE-2021-39421 (A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows a ...) + NOT-FOR-US: SeedDMS +CVE-2021-39420 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0. ...) + NOT-FOR-US: VFront +CVE-2021-39419 + RESERVED +CVE-2021-39418 + RESERVED +CVE-2021-39417 + RESERVED +CVE-2021-39416 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote C ...) + NOT-FOR-US: Remote Clinic +CVE-2021-39415 + RESERVED +CVE-2021-39414 + RESERVED +CVE-2021-39413 (Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel ...) + NOT-FOR-US: SEO Panel +CVE-2021-39412 (Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGuruk ...) + NOT-FOR-US: PHPGurukul Shopping +CVE-2021-39411 (Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGuruku ...) + NOT-FOR-US: PHPGurukul Hospital Management System +CVE-2021-39410 + RESERVED +CVE-2021-39409 (A vulnerability exists in Online Student Rate System v1.0 that allows ...) + NOT-FOR-US: Online Student Rate System +CVE-2021-39408 (Cross Site Scripting (XSS) vulnerability exists in Online Student Rate ...) + NOT-FOR-US: Online Student Rate System +CVE-2021-39407 + RESERVED +CVE-2021-39406 + RESERVED +CVE-2021-39405 + RESERVED +CVE-2021-39404 (MaianAffiliate v1.0 allows an authenticated administrative user to sav ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-39403 + RESERVED +CVE-2021-39402 (MaianAffiliate v.1.0 is suffers from code injection by adding a new pr ...) + NOT-FOR-US: MaianAffiliate +CVE-2021-39401 + RESERVED +CVE-2021-39400 + RESERVED +CVE-2021-39399 + RESERVED +CVE-2021-39398 + RESERVED +CVE-2021-39397 + RESERVED +CVE-2021-39396 + RESERVED +CVE-2021-39395 + RESERVED +CVE-2021-39394 (mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery ...) + NOT-FOR-US: mm-wiki +CVE-2021-39393 (mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) ...) + NOT-FOR-US: mm-wiki +CVE-2021-39392 (The management tool in MyLittleBackup up to and including 1.7 allows r ...) + NOT-FOR-US: MyLittleBackup +CVE-2021-39391 (Cross Site Scripting (XSS) vulnerability exists in the admin panel in ...) + NOT-FOR-US: Beego +CVE-2021-39390 (Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints v ...) + NOT-FOR-US: PartKeepr +CVE-2021-39389 + RESERVED +CVE-2021-39388 + RESERVED +CVE-2021-39387 + RESERVED +CVE-2021-39386 + RESERVED +CVE-2021-39385 + RESERVED +CVE-2021-39384 (DWSurvey v3.2.0 was discovered to contain an arbitrary file write vuln ...) + NOT-FOR-US: DWSurvey +CVE-2021-39383 (DWSurvey v3.2.0 was discovered to contain a remote command execution ( ...) + NOT-FOR-US: DWSurvey +CVE-2021-39382 + RESERVED +CVE-2021-39381 + RESERVED +CVE-2021-39380 + RESERVED +CVE-2021-39379 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39378 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39377 (A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaD ...) + NOT-FOR-US: openSIS +CVE-2021-39376 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) + NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) +CVE-2021-39375 (Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQ ...) + NOT-FOR-US: Philips Healthcare Tasy Electronic Medical Record (EMR) +CVE-2021-39374 + RESERVED +CVE-2021-39373 (Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers t ...) + NOT-FOR-US: Samsung +CVE-2021-39372 + RESERVED +CVE-2021-39371 (An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an ...) + {DLA-2754-1} + - pywps 4.5.0-1 + [bullseye] - pywps (Minor issue) + [buster] - pywps (Minor issue) + NOTE: https://github.com/geopython/OWSLib/issues/790 + NOTE: https://github.com/geopython/pywps/pull/616 +CVE-2021-39370 + RESERVED +CVE-2021-39369 (In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the ...) + NOT-FOR-US: Philips (formerly Carestream) Vue MyVue PACS +CVE-2021-39368 (Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter ...) + NOT-FOR-US: Canon Oce Print Exec Workgroup +CVE-2021-39367 (Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection.) + NOT-FOR-US: Canon Oce Print Exec Workgroup +CVE-2021-39366 + RESERVED +CVE-2021-39365 (In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certifi ...) + {DSA-4964-1 DLA-2762-1} + - grilo 0.3.13-1.1 (bug #992971) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/grilo/-/issues/146 +CVE-2021-39364 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...) + NOT-FOR-US: Honeywell +CVE-2021-39363 (Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allo ...) + NOT-FOR-US: Honeywell +CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) + {DLA-3249-1 DLA-2826-1} + - mbedtls 2.16.9-0.1 + NOTE: https://github.com/ARMmbed/mbedtls/issues/3629 + NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development) +CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...) + [experimental] - mbedtls 2.28.0-0.1 + - mbedtls 2.28.0-0.3 + [bullseye] - mbedtls (2.16 not affected) + [buster] - mbedtls (2.16 not affected) + [stretch] - mbedtls (2.4 not affected) + NOTE: https://github.com/ARMmbed/mbedtls/issues/3498 + NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development) +CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...) + {DLA-3249-1 DLA-2826-1} + - mbedtls 2.16.9-0.1 + NOTE: https://github.com/ARMmbed/mbedtls/commit/a321413807927d6e295cec8677733bbde6aeec34 (development) + NOTE: https://github.com/ARMmbed/mbedtls/commit/ef73875913c66767e7a954aa0b68f42f0756d9b2 (mbedtls-2.7) +CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) + {DLA-3249-1 DLA-2826-1} + - mbedtls 2.16.9-0.1 + NOTE: https://github.com/ARMmbed/mbedtls/commit/9246d041500b96fb0694cbda1d833e420696827e +CVE-2021-39362 (An XSS issue was discovered in ReCaptcha Solver 5.7. A response from A ...) + NOT-FOR-US: ReCaptcha Solver +CVE-2021-39361 (In GNOME evolution-rss through 0.3.96, network-soup.c does not enable ...) + - evolution-rss (bug #996590) + [bullseye] - evolution-rss (Minor issue) + [buster] - evolution-rss (Minor issue) + [stretch] - evolution-rss (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/evolution-rss/-/issues/11 +CVE-2021-39360 (In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS ...) + - libzapojit (bug #993538) + [bullseye] - libzapojit (Minor issue) + [buster] - libzapojit (Minor issue) + [stretch] - libzapojit (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libzapojit/-/issues/4 +CVE-2021-39359 (In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS ...) + - libgda5 (bug #993592) + [bookworm] - libgda5 (Minor issue) + [bullseye] - libgda5 (Minor issue) + [buster] - libgda5 (Minor issue) + [stretch] - libgda5 (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libgda/-/issues/249 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libgda/-/commit/bebdffb4de586fb43fd07ac549121f4b22f6812d (master) +CVE-2021-39358 (In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable T ...) + - gfbgraph 0.2.5-1 (bug #993537) + [bullseye] - gfbgraph (Minor issue) + [buster] - gfbgraph (Minor issue) + [stretch] - gfbgraph (Minor issue, revisit when/if fixed upstream) + NOTE: https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/ + NOTE: https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17 +CVE-2021-3731 (LedgerSMB does not sufficiently guard against being wrapped by other s ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3731-clickjacking +CVE-2021-39357 (The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39356 (The Content Staging WordPress plugin is vulnerable to Stored Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39355 (The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39354 (The Easy Digital Downloads WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39353 (The Easy Registration Forms WordPress plugin is vulnerable to Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39352 (The Catch Themes Demo Import WordPress plugin is vulnerable to arbitra ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39351 (The WP Bannerize WordPress plugin is vulnerable to authenticated SQL i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39350 (The FV Flowplayer Video Player WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39349 (The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39348 (The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39347 (The Stripe for WooCommerce WordPress plugin is missing a capability ch ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39346 (The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39345 (The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39344 (The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39343 (The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39342 (The Credova_Financial WordPress plugin discloses a site's associated C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39341 (The OptinMonster WordPress plugin is vulnerable to sensitive informati ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39340 (The Notification WordPress plugin is vulnerable to Stored Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39339 (The Telefication WordPress plugin is vulnerable to Open Proxy and Serv ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39338 (The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39337 (The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39336 (The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39335 (The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39334 (The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39333 (The Hashthemes Demo Importer Plugin <= 1.1.1 for WordPress contained s ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39332 (The Business Manager WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39331 + RESERVED +CVE-2021-39330 + REJECTED +CVE-2021-39329 (The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39328 (The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39327 (The BulletProof Security WordPress plugin is vulnerable to sensitive i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39326 + REJECTED +CVE-2021-39325 (The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39324 + REJECTED +CVE-2021-39323 + RESERVED +CVE-2021-39322 (The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39321 (Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39320 (The underConstruction plugin <= 1.18 for WordPress echoes out the raw ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39319 (The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerabl ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39318 (The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39317 (A WordPress plugin and several WordPress themes developed by AccessPre ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39316 (The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, in ...) + NOT-FOR-US: WordPress plugin +CVE-2021-39315 (The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39314 (The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39313 (The Simple Image Gallery WordPress plugin is vulnerable to Reflected C ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39312 (The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39311 (The link-list-manager WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39310 (The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39309 (The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerabl ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39308 (The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable ...) + NOT-FOR-US: WordPess plugin +CVE-2021-39307 (PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlin ...) + NOT-FOR-US: PDFTron WebViewer UI +CVE-2021-39306 (A stack buffer overflow was discovered on Realtek RTL8195AM device bef ...) + NOT-FOR-US: Realtek +CVE-2021-39305 + RESERVED +CVE-2021-39304 (Proofpoint Enterprise Protection before 8.12.0-2108090000 allows secur ...) + NOT-FOR-US: Proofpoint +CVE-2021-3730 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-3729 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2021-3728 (firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: firefly-iii +CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability.) + NOT-FOR-US: SafeCurl +CVE-2021-39303 (The server in Jamf Pro before 10.32.0 has an SSRF vulnerability, aka P ...) + NOT-FOR-US: Jamf Pro +CVE-2021-39302 (MISP 2.4.148, in certain configurations, allows SQL injection via the ...) + NOT-FOR-US: MISP +CVE-2021-39301 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39300 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39299 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39298 (A potential vulnerability in AMD System Management Mode (SMM) interrup ...) + NOT-FOR-US: HP +CVE-2021-39297 (Potential vulnerabilities have been identified in UEFI firmware (BIOS) ...) + NOT-FOR-US: HP +CVE-2021-39296 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass auth ...) + NOT-FOR-US: OpenBMC +CVE-2021-39295 (In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a den ...) + NOT-FOR-US: OpenBMC +CVE-2021-3727 (# Vulnerability in `rand-quote` and `hitokoto` plugins **Description** ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3726 (# Vulnerability in `title` function **Description**: the `title` funct ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3725 (Vulnerability in dirhistory plugin Description: the widgets that go ba ...) + NOT-FOR-US: ohmyzsh +CVE-2021-3724 + REJECTED +CVE-2021-23161 + REJECTED +CVE-2021-23156 + REJECTED +CVE-2021-39294 + RESERVED +CVE-2021-39293 (In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.17 1.17.1-1 + - golang-1.16 1.16.8-1 + - golang-1.15 1.15.15-2 + [bullseye] - golang-1.15 1.15.15-1~deb11u1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/47801 + NOTE: https://github.com/golang/go/commit/1dd24caf08985066b309af6bc461780c73e05c35 (1.17.1) + NOTE: https://github.com/golang/go/commit/6c480017ae600b2c90a264a922e041df04dfa785 (1.16.8) +CVE-2021-39292 + RESERVED +CVE-2021-3723 (A command injection vulnerability was reported in the Integrated Manag ...) + NOT-FOR-US: IBM +CVE-2021-3722 (A denial of service vulnerability was reported in Lenovo PCManager pri ...) + NOT-FOR-US: Lenovo +CVE-2021-3721 (A denial of service vulnerability was reported in Lenovo PCManager pri ...) + NOT-FOR-US: Lenovo +CVE-2021-3720 (An information disclosure vulnerability was reported in the Time Weath ...) + NOT-FOR-US: Lenovo +CVE-2021-3719 (A potential vulnerability in the SMI callback function that saves and ...) + NOT-FOR-US: Lenovo +CVE-2021-3718 (A denial of service vulnerability was reported in some ThinkPad models ...) + NOT-FOR-US: Lenovo +CVE-2021-39291 (Certain NetModule devices allow credentials via GET parameters to CLI- ...) + NOT-FOR-US: NetModule devices +CVE-2021-39290 (Certain NetModule devices allow Limited Session Fixation via PHPSESSID ...) + NOT-FOR-US: NetModule devices +CVE-2021-39289 (Certain NetModule devices have Insecure Password Handling (cleartext o ...) + NOT-FOR-US: NetModule devices +CVE-2021-39288 + RESERVED +CVE-2021-39287 + RESERVED +CVE-2021-39286 (Webrecorder pywb before 2.6.0 allows XSS because it does not ensure th ...) + NOT-FOR-US: Webrecorder pywb +CVE-2021-39285 (A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8 ...) + NOT-FOR-US: Versa +CVE-2021-39284 + RESERVED +CVE-2021-39283 (liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) + [stretch] - liblivemedia (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021969.html +CVE-2021-39282 (Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) + [stretch] - liblivemedia (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021970.html +CVE-2021-39281 + RESERVED +CVE-2021-39280 (Certain Korenix JetWave devices allow authenticated users to execute a ...) + NOT-FOR-US: Korenix JetWave devices +CVE-2021-39279 (Certain MOXA devices allow Authenticated Command Injection via /forms/ ...) + NOT-FOR-US: MOXA +CVE-2021-39278 (Certain MOXA devices allow reflected XSS via the Config Import menu. T ...) + NOT-FOR-US: MOXA +CVE-2021-39277 + RESERVED +CVE-2021-39276 + RESERVED +CVE-2021-39275 (ap_escape_quotes() may write beyond the end of a buffer when given mal ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-39275 + NOTE: https://github.com/apache/httpd/commit/d8bce6f575abb29997bba358b31842bf757776c6 (trunk) + NOTE: https://github.com/apache/httpd/commit/e0fec7d48dab1924c5a6b48819ce1cf420733f62 (trunk) + NOTE: https://github.com/apache/httpd/commit/8f09caf9945f3c80563bc4a776b04fbba239ca71 (trunk) + NOTE: https://github.com/apache/httpd/commit/c69d4cc90c0e27703030b3ff09f91bf4dcbcfd51 (2.4.x) + NOTE: https://github.com/apache/httpd/commit/ac62c7e7436560cf4f7725ee586364ce95c07804 (2.4.x) +CVE-2021-3717 (A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge l ...) + - wildfly (bug #752018) +CVE-2021-39274 (In XeroSecurity Sn1per 9.0 (free version), insecure directory permissi ...) + NOT-FOR-US: XeroSecurity Sn1per +CVE-2021-39273 (In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) ...) + NOT-FOR-US: XeroSecurity Sn1per +CVE-2021-39272 (Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption i ...) + - fetchmail 6.4.22-1 (bug #993163) + [bullseye] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + [buster] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + [stretch] - fetchmail (Minor issue; safe recommendations exists, implicit TLS, "ssl" mode exist) + NOTE: https://www.fetchmail.info/fetchmail-SA-2021-02.txt +CVE-2021-39271 (OrbiTeam BSCW Classic before 7.4.3 allows authenticated remote code ex ...) + NOT-FOR-US: OrbiTeam BSCW Classic +CVE-2021-39270 (In Ping Identity RSA SecurID Integration Kit before 3.2, user imperson ...) + NOT-FOR-US: Ping Identity RSA SecurID Integration Kit +CVE-2021-39269 + RESERVED +CVE-2021-39268 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) + NOT-FOR-US: SuiteCRM +CVE-2021-39267 (Persistent cross-site scripting (XSS) in the web interface of SuiteCRM ...) + NOT-FOR-US: SuiteCRM +CVE-2021-39266 + RESERVED +CVE-2021-39265 + RESERVED +CVE-2021-39264 + RESERVED +CVE-2021-39263 (A crafted NTFS image can trigger a heap-based buffer overflow, caused ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39262 (A crafted NTFS image can cause an out-of-bounds access in ntfs_decompr ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39261 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_co ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39260 (A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_s ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39259 (A crafted NTFS image can trigger an out-of-bounds access, caused by an ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39258 (A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find a ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39257 (A crafted NTFS image with an unallocated bitmap can lead to a endless ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39256 (A crafted NTFS image can cause a heap-based buffer overflow in ntfs_in ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39255 (A crafted NTFS image can trigger an out-of-bounds read, caused by an i ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39254 (A crafted NTFS image can cause an integer overflow in memmove, leading ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39253 (A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_ ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39252 (A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39251 (A crafted NTFS image can cause a NULL pointer dereference in ntfs_exte ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-39250 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) + NOT-FOR-US: Invision Community +CVE-2021-39249 (Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5. ...) + NOT-FOR-US: Invision Community +CVE-2021-39248 (Open edX through Lilac.1 allows XSS in common/static/common/js/discuss ...) + NOT-FOR-US: Open edX +CVE-2021-39247 (Zint Barcode Generator before 2.10.0 has a one-byte buffer over-read, ...) + - zint (Introduced and fixed between 2.9.1 and 2.10.0) + NOTE: https://sourceforge.net/p/zint/code/ci/9b02cd52214e80f945bff41fc94bc1e17e15810c/ + NOTE: https://sourceforge.net/p/zint/tickets/232/ + NOTE: Introduced in https://sourceforge.net/p/zint/code/ci/6274140c73aa39c42271644ef8c9b4551ca06fc2/ +CVE-2021-39246 (Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlatio ...) + NOT-FOR-US: Tor Browser +CVE-2021-3716 (A flaw was found in nbdkit due to to improperly caching plaintext stat ...) + - nbdkit 1.26.5-1 + [bullseye] - nbdkit (Minor issue) + [buster] - nbdkit (Vulnerable code introduced later) + [stretch] - nbdkit (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/libguestfs/nbdkit/commit/eaa4c6e9a2c4bdb71aefdd4b1d865e7a9af606a8 (v1.11.8) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00077.html +CVE-2021-3715 (A flaw was found in the "Routing decision" classifier in the Linux ker ...) + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.228-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/09/07/1 + NOTE: https://git.kernel.org/linus/ef299cc3fa1a9e1288665a9fdc8bff55629fd359 (5.6) +CVE-2021-3714 (A flaw was found in the Linux kernels memory deduplication mechanism. ...) + - linux (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1931327 + NOTE: Inherent design limitation, can be avoided by not using KSM +CVE-2021-39245 (Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, ...) + NOT-FOR-US: Altus +CVE-2021-39244 (Authenticated Semi-Blind Command Injection (via Parameter Injection) e ...) + NOT-FOR-US: Altus +CVE-2021-39243 (Cross-Site Request Forgery (CSRF) exists on Altus Nexto, Nexto Xpress, ...) + NOT-FOR-US: Altus +CVE-2021-39242 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy (Vulnerable code introduced later) + [stretch] - haproxy (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=b5d2b9e154d78e4075db163826c5e0f6d31b2ab1 +CVE-2021-39241 (An issue was discovered in HAProxy 2.0 before 2.0.24, 2.2 before 2.2.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy (Vulnerable code introduced later) + [stretch] - haproxy (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=89265224d314a056d77d974284802c1b8a0dc97f +CVE-2021-39240 (An issue was discovered in HAProxy 2.2 before 2.2.16, 2.3 before 2.3.1 ...) + {DSA-4960-1} + - haproxy 2.2.16-1 + [buster] - haproxy (Vulnerable code introduced later) + [stretch] - haproxy (Vulnerable code introduced later) + NOTE: https://www.mail-archive.com/haproxy@formilux.org/msg41041.html + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=4b8852c70d8c4b7e225e24eb58258a15eb54c26e + NOTE: https://git.haproxy.org/?p=haproxy.git;a=commit;h=a495e0d94876c9d39763db319f609351907a31e8 +CVE-2021-39239 (A vulnerability in XML processing in Apache Jena, in versions up to 4. ...) + - apache-jena 4.5.0-1 (bug #1014982) + NOTE: https://lists.apache.org/thread/qpbfrdty7jt3yfm39hx4p9dp151sd6gm +CVE-2021-39238 (Certain HP Enterprise LaserJet, HP LaserJet Managed, HP Enterprise Pag ...) + NOT-FOR-US: HP +CVE-2021-39237 (Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide ...) + NOT-FOR-US: HP +CVE-2021-39236 (In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39235 (In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39234 (In Apache Ozone versions prior to 1.2.0, Authenticated users knowing t ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39233 (In Apache Ozone versions prior to 1.2.0, Container related Datanode re ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39232 (In Apache Ozone versions prior to 1.2.0, certain admin related SCM com ...) + NOT-FOR-US: Apache Ozone +CVE-2021-39231 (In Apache Ozone versions prior to 1.2.0, Various internal server-to-se ...) + NOT-FOR-US: Apache Ozone +CVE-2021-3713 (An out-of-bounds write flaw was found in the UAS (USB Attached SCSI) d ...) + {DSA-4980-1 DLA-3099-1 DLA-2753-1} + - qemu 1:6.1+dfsg-2 (bug #992727) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1994640 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/13b250b12ad3c59114a6a17d59caf073ce45b33a +CVE-2021-39230 (Butter is a system usability utility. Due to a kernel error the JPNS k ...) + NOT-FOR-US: Butter +CVE-2021-39229 (Apprise is an open source library which allows you to send a notificat ...) + NOT-FOR-US: Apprise +CVE-2021-39228 (Tremor is an event processing system for unstructured data. A vulnerab ...) + NOT-FOR-US: Tremor event processing (different from Vorbis Tremor) +CVE-2021-39227 (ZRender is a lightweight graphic library providing 2d draw for Apache ...) + NOT-FOR-US: ZRender +CVE-2021-39226 (Grafana is an open source data visualization platform. In affected ver ...) + - grafana +CVE-2021-39225 (Nextcloud is an open-source, self-hosted productivity platform. A miss ...) + NOT-FOR-US: Nextcloud Deck +CVE-2021-39224 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud OfficeOnline +CVE-2021-39223 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-39222 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + - nextcloud-server (bug #941708) +CVE-2021-39221 (Nextcloud is an open-source, self-hosted productivity platform. The Ne ...) + NOT-FOR-US: Nextcloud Contacts +CVE-2021-39220 (Nextcloud is an open-source, self-hosted productivity platform The Nex ...) + NOT-FOR-US: Nextcloud Mail +CVE-2021-39219 (Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime be ...) + NOT-FOR-US: wasmtime +CVE-2021-39218 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...) + NOT-FOR-US: wasmtime +CVE-2021-39217 (OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and ...) + NOT-FOR-US: OpenMage +CVE-2021-39216 (Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime ...) + NOT-FOR-US: wasmtime +CVE-2021-39215 (Jitsi Meet is an open source video conferencing application. In versio ...) + - jitsi-meet (bug #760485) +CVE-2021-39214 (mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mi ...) + - mitmproxy 8.1.1-1 (bug #994570) + [bullseye] - mitmproxy (Minor issue) + [buster] - mitmproxy (Minor issue) + [stretch] - mitmproxy (Minor issue, intrusive to backport) + NOTE: https://github.com/mitmproxy/mitmproxy/security/advisories/GHSA-22gh-3r9q-xf38 +CVE-2021-39213 (GLPI is a free Asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-6w9f-2m6g-5777 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39212 (ImageMagick is free software delivered as a ready-to-run binary distri ...) + {DLA-3429-1} + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #996588) + [bullseye] - imagemagick (Minor issue) + [stretch] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr + NOTE: https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e + NOTE: V6 [1/4] https://github.com/ImageMagick/ImageMagick6/commit/8cd2fcd33460826628a7590dc3ce74d7785e1598 + NOTE: V6 [2/4] https://github.com/ImageMagick/ImageMagick6/commit/69ea5587de17ef89476be47a3cb7f855c0355a74 + NOTE: V6 [3/4] https://github.com/ImageMagick/ImageMagick6/commit/b60e17133b982d28816386b83174c2bc06dd39bd + NOTE: V6 [4/4] https://github.com/ImageMagick/ImageMagick6/commit/428e68597fa904d0bdc133d878e12acd7dc60fa3 +CVE-2021-39211 (GLPI is a free Asset and IT management software package. Starting in v ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-xx66-v3g5-w825 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39210 (GLPI is a free Asset and IT management software package. In versions p ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-hwxq-4c5f-m4v2 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39209 (GLPI is a free Asset and IT management software package. In versions p ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-5qpf-32w7-c56p + NOTE: Only supported behind an authenticated HTTP zone +CVE-2021-39208 (SharpCompress is a fully managed C# library to deal with many compress ...) + NOT-FOR-US: SharpCompress +CVE-2021-39207 (parlai is a framework for training and evaluating AI models on a varie ...) + NOT-FOR-US: Facebook ParlAI +CVE-2021-39206 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39205 (Jitsi Meet is an open source video conferencing application. Versions ...) + - jitsi-meet (bug #760485) +CVE-2021-39204 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39203 (WordPress is a free and open-source content management system written ...) + - wordpress (Only affects 5.8 beta 1; vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-qxvw-qxm9-qvg6 +CVE-2021-39202 (WordPress is a free and open-source content management system written ...) + - wordpress (Vulnerable code introduced later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-fr6h-3855-j297 +CVE-2021-39201 (WordPress is a free and open-source content management system written ...) + {DSA-4985-1} + - wordpress 5.8.1+dfsg1-1 (bug #994059) + [stretch] - wordpress (Vulnerable code added later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-wh69-25hr-h94v +CVE-2021-39200 (WordPress is a free and open-source content management system written ...) + - wordpress 5.8.1+dfsg1-1 (bug #994060) + [bullseye] - wordpress 5.7.3+dfsg1-0+deb11u1 + [buster] - wordpress (Vulnerable code introduced later in 5.2) + [stretch] - wordpress (Vulnerable code added later) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m9hc-7v5q-x8q5 +CVE-2021-39199 (remark-html is an open source nodejs library which compiles Markdown t ...) + NOT-FOR-US: Node remark-html +CVE-2021-39198 (OroCRM is an open source Client Relationship Management (CRM) applicat ...) + NOT-FOR-US: OroCRM +CVE-2021-39197 (better_errors is an open source replacement for the standard Rails err ...) + - ruby-better-errors (bug #739168) +CVE-2021-39196 (pcapture is an open source dumpcap web service interface . In affected ...) + NOT-FOR-US: pcapture +CVE-2021-39195 (Misskey is an open source, decentralized microblogging platform. In af ...) + NOT-FOR-US: Misskey +CVE-2021-39194 (kaml is an open source implementation of the YAML format with support ...) + NOT-FOR-US: kaml +CVE-2021-39193 (Frontier is Substrate's Ethereum compatibility layer. Prior to commit ...) + NOT-FOR-US: Frontier +CVE-2021-39192 (Ghost is a Node.js content management system. An error in the implemen ...) + NOT-FOR-US: Ghost CMS +CVE-2021-39191 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + {DLA-3499-1} + - libapache2-mod-auth-openidc 2.4.9.4-1 (bug #993648) + [bullseye] - libapache2-mod-auth-openidc 2.4.9.4-0+deb11u1 + [stretch] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-2pgf-8h6h-gqg2 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/03e6bfb446f4e3f27c003d30d6a433e5dd8e2b3d + NOTE: https://github.com/zmartzone/mod_auth_openidc/issues/672 +CVE-2021-39190 (The SCCM plugin for GLPI is a plugin to synchronize computers from SCC ...) + NOT-FOR-US: SCCM plugin for GLPI +CVE-2021-39189 (Pimcore is an open source data & experience management platform. In ve ...) + NOT-FOR-US: Pimcore +CVE-2021-39188 + RESERVED +CVE-2021-39187 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-39186 (GlobalNewFiles is a MediaWiki extension maintained by Miraheze. Prior ...) + NOT-FOR-US: Miraheze +CVE-2021-39185 (Http4s is a minimal, idiomatic Scala interface for HTTP services. In h ...) + NOT-FOR-US: Https4s +CVE-2021-39184 (Electron is a framework for writing cross-platform desktop application ...) + - electron (bug #842420) +CVE-2021-39183 (Owncast is an open source, self-hosted live video streaming and chat s ...) + NOT-FOR-US: Owncast +CVE-2021-39182 (EnroCrypt is a Python module for encryption and hashing. Prior to vers ...) + NOT-FOR-US: EnroCrypt +CVE-2021-39181 (OpenOlat is a web-based learning management system (LMS). Prior to ver ...) + NOT-FOR-US: OpenOlat +CVE-2021-39180 (OpenOLAT is a web-based learning management system (LMS). A path trave ...) + NOT-FOR-US: OpenOLAT +CVE-2021-39179 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS 2 +CVE-2021-39178 (Next.js is a React framework. Versions of Next.js between 10.0.0 and 1 ...) + NOT-FOR-US: next.js +CVE-2021-39177 (Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: J ...) + NOT-FOR-US: geyser +CVE-2021-39176 (detect-character-encoding is a package for detecting character encodin ...) + NOT-FOR-US: detect-character-encoding + NOTE: NPM addon - https://github.com/sonicdoe/detect-character-encoding +CVE-2021-39175 (HedgeDoc is a platform to write and share markdown. In versions prior ...) + NOT-FOR-US: hedgedoc +CVE-2021-39174 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) + - cachet (bug #851177) +CVE-2021-39173 (Cachet is an open source status page system. Prior to version 2.5.1 au ...) + - cachet (bug #851177) +CVE-2021-39172 (Cachet is an open source status page system. Prior to version 2.5.1, a ...) + - cachet (bug #851177) +CVE-2021-39171 (Passport-SAML is a SAML 2.0 authentication provider for Passport, the ...) + NOT-FOR-US: Node passport-saml +CVE-2021-39170 (Pimcore is an open source data & experience management platform. Prior ...) + NOT-FOR-US: Pimcore +CVE-2021-39169 (Misskey is a decentralized microblogging platform. In versions of Miss ...) + NOT-FOR-US: Misskey +CVE-2021-39168 (OpenZepplin is a library for smart contract development. In affected v ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-39167 (OpenZepplin is a library for smart contract development. In affected v ...) + NOT-FOR-US: OpenZeppelin +CVE-2021-39166 (Pimcore is an open source data & experience management platform. Prior ...) + NOT-FOR-US: Pimcore +CVE-2021-39165 (Cachet is an open source status page. With Cachet prior to and includi ...) + - cachet (bug #851177) +CVE-2021-39164 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) + - matrix-synapse 1.41.1-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-3x4c-pq33-4w3q + NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) +CVE-2021-39163 (Matrix is an ecosystem for open federated Instant Messaging and Voice ...) + - matrix-synapse 1.41.1-1 + NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-jj53-8fmw-f2w2 + NOTE: https://github.com/matrix-org/synapse/commit/cb35df940a828bc40b96daed997b5ad4c7842fd3 (v1.41.1) +CVE-2021-39162 (Pomerium is an open source identity-aware access proxy. Envoy, which P ...) + NOT-FOR-US: Pomerium +CVE-2021-39161 (Discourse is an open source platform for community discussion. In affe ...) + NOT-FOR-US: Discourse +CVE-2021-39160 (nbgitpuller is a Jupyter server extension to sync a git repository one ...) + NOT-FOR-US: nbgitpuller +CVE-2021-39159 (BinderHub is a kubernetes-based cloud service that allows users to sha ...) + NOT-FOR-US: BinderHub +CVE-2021-39158 (NVCaffe's python required dependencies list used to contain `gfortran` ...) + NOT-FOR-US: NVCaffe +CVE-2021-39157 (detect-character-encoding is an open source character encoding inspect ...) + NOT-FOR-US: detect-character-encoding +CVE-2021-39156 (Istio is an open source platform for providing a uniform way to integr ...) + NOT-FOR-US: Istio +CVE-2021-39155 (Istio is an open source platform for providing a uniform way to integr ...) + NOT-FOR-US: Istio +CVE-2021-39154 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68 + NOTE: https://x-stream.github.io/CVE-2021-39154.html +CVE-2021-39153 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574v + NOTE: https://x-stream.github.io/CVE-2021-39153.html +CVE-2021-39152 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 + NOTE: https://x-stream.github.io/CVE-2021-39152.html +CVE-2021-39151 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-hph2-m3g5-xxv4 + NOTE: https://x-stream.github.io/CVE-2021-39151.html +CVE-2021-39150 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-cxfm-5m4g-x7xp + NOTE: https://x-stream.github.io/CVE-2021-39150.html +CVE-2021-39149 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-3ccq-5vw3-2p6x + NOTE: https://x-stream.github.io/CVE-2021-39149.html +CVE-2021-39148 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-qrx8-8545-4wg2 + NOTE: https://x-stream.github.io/CVE-2021-39148.html +CVE-2021-39147 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-h7v4-7xg3-hxcc + NOTE: https://x-stream.github.io/CVE-2021-39147.html +CVE-2021-39146 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-p8pq-r894-fm8f + NOTE: https://x-stream.github.io/CVE-2021-39146.html +CVE-2021-39145 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-8jrj-525p-826v + NOTE: https://x-stream.github.io/CVE-2021-39145.html +CVE-2021-39144 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-j9h8-phrw-h4fh + NOTE: https://x-stream.github.io/CVE-2021-39144.html +CVE-2021-39143 (Spinnaker is an open source, multi-cloud continuous delivery platform. ...) + NOT-FOR-US: Spinnaker +CVE-2021-39142 + RESERVED +CVE-2021-39141 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-g5w6-mrj7-75h2 + NOTE: https://x-stream.github.io/CVE-2021-39141.html +CVE-2021-39140 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-6wf9-jmg9-vxcc + NOTE: https://x-stream.github.io/CVE-2021-39140.html +CVE-2021-39139 (XStream is a simple library to serialize objects to XML and back again ...) + {DSA-5004-1 DLA-2769-1} + - libxstream-java 1.4.18-1 (bug #998054) + NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-64xx-cq4q-mf44 + NOTE: https://x-stream.github.io/CVE-2021-39139.html +CVE-2021-39138 (Parse Server is an open source backend that can be deployed to any inf ...) + NOT-FOR-US: Parse Server +CVE-2021-39137 (go-ethereum is the official Go implementation of the Ethereum protocol ...) + - golang-github-go-ethereum (bug #890541) +CVE-2021-39136 (baserCMS is an open source content management system with a focus on J ...) + NOT-FOR-US: baserCMS +CVE-2021-39135 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) + [experimental] - npm 7.24.0+ds-1 + - npm 7.24.0+ds-2 (bug #993405) + [bullseye] - npm (Minor issue) + [buster] - npm (Minor issue) + NOTE: https://github.com/npm/arborist/security/advisories/GHSA-gmw6-94gg-2rc2 +CVE-2021-39134 (`@npmcli/arborist`, the library that calculates dependency trees and m ...) + [experimental] - npm 7.24.0+ds-1 + - npm 7.24.0+ds-2 (bug #993407) + [bullseye] - npm (Minor issue) + [buster] - npm (Minor issue) + NOTE: https://github.com/npm/arborist/security/advisories/GHSA-2h3h-q99f-3fhc +CVE-2021-39133 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-39132 (Rundeck is an open source automation service with a web console, comma ...) + NOT-FOR-US: Rundeck +CVE-2021-39131 (ced detects character encoding using Google\u2019s compact_enc_det lib ...) + NOT-FOR-US: Node ced +CVE-2021-39130 + RESERVED +CVE-2021-39129 + RESERVED +CVE-2021-39128 (Affected versions of Atlassian Jira Server or Data Center using the Ji ...) + NOT-FOR-US: Atlassian +CVE-2021-39127 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39126 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39125 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39124 (The Cross-Site Request Forgery (CSRF) failure retry feature of Atlassi ...) + NOT-FOR-US: Atlassian +CVE-2021-39123 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) + NOT-FOR-US: Atlassian +CVE-2021-39122 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39121 (Affected versions of Atlassian Jira Server and Data Center allow authe ...) + NOT-FOR-US: Atlassian +CVE-2021-39120 + RESERVED +CVE-2021-39119 (Affected versions of Atlassian Jira Server and Data Center allow users ...) + NOT-FOR-US: Atlassian +CVE-2021-39118 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39117 (The AssociateFieldToScreens page in Atlassian Jira Server and Data Cen ...) + NOT-FOR-US: Atlassian +CVE-2021-39116 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39115 (Affected versions of Atlassian Jira Service Management Server and Data ...) + NOT-FOR-US: Atlassian +CVE-2021-39114 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + NOT-FOR-US: Atlassian Confluence +CVE-2021-39113 (Affected versions of Atlassian Jira Server and Data Center allow anony ...) + NOT-FOR-US: Atlassian +CVE-2021-39112 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2021-39111 (The Editor plugin in Atlassian Jira Server and Data Center before vers ...) + NOT-FOR-US: Atlassian +CVE-2021-39110 + RESERVED +CVE-2021-39109 (The renderWidgetResource resource in Atlasian Atlasboard before versio ...) + NOT-FOR-US: Atlassian +CVE-2021-39108 + RESERVED +CVE-2021-39107 + RESERVED +CVE-2021-39106 + RESERVED +CVE-2021-39105 + RESERVED +CVE-2021-39104 + RESERVED +CVE-2021-39103 + RESERVED +CVE-2021-39102 + RESERVED +CVE-2021-39101 + RESERVED +CVE-2021-39100 + RESERVED +CVE-2021-39099 + RESERVED +CVE-2021-39098 + RESERVED +CVE-2021-39097 + RESERVED +CVE-2021-39096 + RESERVED +CVE-2021-39095 + RESERVED +CVE-2021-39094 + RESERVED +CVE-2021-39093 + RESERVED +CVE-2021-39092 + RESERVED +CVE-2021-39091 + RESERVED +CVE-2021-39090 + RESERVED +CVE-2021-39089 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allo ...) + NOT-FOR-US: IBM +CVE-2021-39088 (IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege esc ...) + NOT-FOR-US: IBM +CVE-2021-39087 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) + NOT-FOR-US: IBM +CVE-2021-39086 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1 ...) + NOT-FOR-US: IBM +CVE-2021-39085 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) + NOT-FOR-US: IBM +CVE-2021-39084 + RESERVED +CVE-2021-39083 + RESERVED +CVE-2021-39082 (IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2021-39081 + RESERVED +CVE-2021-39080 (Due to weak obfuscation, IBM Cognos Analytics Mobile for Android appli ...) + NOT-FOR-US: IBM +CVE-2021-39079 (IBM Cognos Analytics Mobile for Android applications prior to version ...) + NOT-FOR-US: IBM +CVE-2021-39078 (IBM Security Guardium 10.5 stores user credentials in plain clear text ...) + NOT-FOR-US: IBM +CVE-2021-39077 (IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, 11.3, and 11.4 sto ...) + NOT-FOR-US: IBM +CVE-2021-39076 (IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptogr ...) + NOT-FOR-US: IBM +CVE-2021-39075 + RESERVED +CVE-2021-39074 (IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2021-39073 + RESERVED +CVE-2021-39072 (IBM Security Guardium 11.3 could allow a remote attacker to obtain sen ...) + NOT-FOR-US: IBM +CVE-2021-39071 + RESERVED +CVE-2021-39070 (IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the ad ...) + NOT-FOR-US: IBM +CVE-2021-39069 + RESERVED +CVE-2021-39068 (IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-39067 + RESERVED +CVE-2021-39066 (IBM Financial Transaction Manager 3.2.4 does not invalidate session an ...) + NOT-FOR-US: IBM +CVE-2021-39065 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39064 (IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authenti ...) + NOT-FOR-US: IBM +CVE-2021-39063 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin ...) + NOT-FOR-US: IBM +CVE-2021-39062 + RESERVED +CVE-2021-39061 + RESERVED +CVE-2021-39060 + RESERVED +CVE-2021-39059 (IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, ...) + NOT-FOR-US: IBM +CVE-2021-39058 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-39057 (IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to s ...) + NOT-FOR-US: IBM +CVE-2021-39056 (The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (E ...) + NOT-FOR-US: IBM +CVE-2021-39055 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-39054 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39053 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39052 (IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a rem ...) + NOT-FOR-US: IBM +CVE-2021-39051 (IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-39050 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) + NOT-FOR-US: IBM +CVE-2021-39049 (IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a s ...) + NOT-FOR-US: IBM +CVE-2021-39048 (IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based ...) + NOT-FOR-US: IBM +CVE-2021-39047 (IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, an ...) + NOT-FOR-US: IBM +CVE-2021-39046 (IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Bu ...) + NOT-FOR-US: IBM +CVE-2021-39045 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local at ...) + NOT-FOR-US: IBM +CVE-2021-39044 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site re ...) + NOT-FOR-US: IBM +CVE-2021-39043 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-39042 + RESERVED +CVE-2021-39041 (IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial ...) + NOT-FOR-US: IBM +CVE-2021-39040 (IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious ...) + NOT-FOR-US: IBM +CVE-2021-39039 + RESERVED +CVE-2021-39038 (IBM WebSphere Application Server 9.0 and IBM WebSphere Application Ser ...) + NOT-FOR-US: IBM +CVE-2021-39037 + RESERVED +CVE-2021-39036 (IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2021-39035 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, ...) + NOT-FOR-US: IBM +CVE-2021-39034 (IBM MQ 9.1 LTS is vulnerable to a denial of service attack caused by a ...) + NOT-FOR-US: IBM +CVE-2021-39033 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) + NOT-FOR-US: IBM +CVE-2021-39032 (IBM Sterling Gentran:Server for Microsoft Windows 5.3 stores potential ...) + NOT-FOR-US: IBM +CVE-2021-39031 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 c ...) + NOT-FOR-US: IBM +CVE-2021-39030 + RESERVED +CVE-2021-39029 + RESERVED +CVE-2021-39028 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) + NOT-FOR-US: IBM +CVE-2021-39027 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structur ...) + NOT-FOR-US: IBM +CVE-2021-39026 (IBM Guardium Data Encryption (GDE) 5.0.0.2 and 5.0.0.3 could allow a r ...) + NOT-FOR-US: IBM +CVE-2021-39025 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose ...) + NOT-FOR-US: IBM +CVE-2021-39024 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable t ...) + NOT-FOR-US: IBM +CVE-2021-39023 (IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remot ...) + NOT-FOR-US: IBM +CVE-2021-39022 (IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-prov ...) + NOT-FOR-US: IBM +CVE-2021-39021 (IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or send ...) + NOT-FOR-US: IBM +CVE-2021-39020 (IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive ...) + NOT-FOR-US: IBM +CVE-2021-39019 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) + NOT-FOR-US: IBM +CVE-2021-39018 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) + NOT-FOR-US: IBM +CVE-2021-39017 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) + NOT-FOR-US: IBM +CVE-2021-39016 (IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7. ...) + NOT-FOR-US: IBM +CVE-2021-39015 (IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7. ...) + NOT-FOR-US: IBM +CVE-2021-39014 (IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site s ...) + NOT-FOR-US: IBM +CVE-2021-39013 (IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could ...) + NOT-FOR-US: IBM +CVE-2021-39012 + RESERVED +CVE-2021-39011 (IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores pot ...) + NOT-FOR-US: IBM +CVE-2021-39010 + RESERVED +CVE-2021-39009 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credential ...) + NOT-FOR-US: IBM +CVE-2021-39008 (IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileg ...) + NOT-FOR-US: IBM +CVE-2021-39007 + RESERVED +CVE-2021-39006 (IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to ...) + NOT-FOR-US: IBM +CVE-2021-39005 + RESERVED +CVE-2021-39004 + RESERVED +CVE-2021-39003 + RESERVED +CVE-2021-39002 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-39001 + RESERVED +CVE-2021-39000 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local attacker to ob ...) + NOT-FOR-US: IBM +CVE-2021-38999 (IBM MQ Appliance could allow a local attacker to obtain sensitive info ...) + NOT-FOR-US: IBM +CVE-2021-38998 + RESERVED +CVE-2021-38997 (IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1 ...) + NOT-FOR-US: IBM +CVE-2021-38996 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38995 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38994 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38993 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38992 + RESERVED +CVE-2021-38991 (IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38990 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user ...) + NOT-FOR-US: IBM +CVE-2021-38989 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38988 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local ...) + NOT-FOR-US: IBM +CVE-2021-38987 + RESERVED +CVE-2021-38986 (IBM MQ Appliance 9.2 CD and 9.2 LTS does not invalidate session after ...) + NOT-FOR-US: IBM +CVE-2021-38985 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38984 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + NOT-FOR-US: IBM +CVE-2021-38983 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker ...) + NOT-FOR-US: IBM +CVE-2021-38982 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2021-38981 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38980 (IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle ...) + NOT-FOR-US: IBM +CVE-2021-38979 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-w ...) + NOT-FOR-US: IBM +CVE-2021-38978 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38977 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set ...) + NOT-FOR-US: IBM +CVE-2021-38976 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user ...) + NOT-FOR-US: IBM +CVE-2021-38975 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38974 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38973 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38972 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives inp ...) + NOT-FOR-US: IBM +CVE-2021-38971 (IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7 ...) + NOT-FOR-US: IBM +CVE-2021-38970 + RESERVED +CVE-2021-38969 (IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to a ...) + NOT-FOR-US: IBM +CVE-2021-38968 + RESERVED +CVE-2021-38967 (IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged use ...) + NOT-FOR-US: IBM +CVE-2021-38966 (IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2021-38965 (IBM FileNet Content Manager 5.5.4, 5.5.6, and 5.5.7 could allow a remo ...) + NOT-FOR-US: IBM +CVE-2021-38964 + RESERVED +CVE-2021-38963 + RESERVED +CVE-2021-38962 + RESERVED +CVE-2021-38961 (IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-38960 (IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated use ...) + NOT-FOR-US: IBM +CVE-2021-38959 (IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28 ...) + NOT-FOR-US: IBM +CVE-2021-38958 (IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service ...) + NOT-FOR-US: IBM +CVE-2021-38957 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) + NOT-FOR-US: IBM +CVE-2021-38956 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sens ...) + NOT-FOR-US: IBM +CVE-2021-38955 (IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elev ...) + NOT-FOR-US: IBM +CVE-2021-38954 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 a ...) + NOT-FOR-US: IBM +CVE-2021-38953 + RESERVED +CVE-2021-38952 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-38951 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2021-38950 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...) + NOT-FOR-US: IBM +CVE-2021-38949 (IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials ...) + NOT-FOR-US: IBM +CVE-2021-38948 (IBM InfoSphere Information Server 11.7 is vulnerable to an XML Externa ...) + NOT-FOR-US: IBM +CVE-2021-38947 (IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-38946 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2021-38945 (IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2021-38944 (IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0. ...) + NOT-FOR-US: IBM +CVE-2021-38943 + RESERVED +CVE-2021-38942 + RESERVED +CVE-2021-38941 (IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few container ...) + NOT-FOR-US: IBM +CVE-2021-38940 + RESERVED +CVE-2021-38939 (IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive informa ...) + NOT-FOR-US: IBM +CVE-2021-38938 + RESERVED +CVE-2021-38937 (IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an authent ...) + NOT-FOR-US: IBM +CVE-2021-38936 (IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive info ...) + NOT-FOR-US: IBM +CVE-2021-38935 (IBM Maximo Asset Management 7.6.1.2 does not require that users should ...) + NOT-FOR-US: IBM +CVE-2021-38934 (IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2021-38933 (IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cry ...) + NOT-FOR-US: IBM +CVE-2021-38932 + RESERVED +CVE-2021-38931 (IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) + NOT-FOR-US: IBM +CVE-2021-38930 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...) + NOT-FOR-US: IBM +CVE-2021-38929 (IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9. ...) + NOT-FOR-US: IBM +CVE-2021-38928 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 u ...) + NOT-FOR-US: IBM +CVE-2021-38927 + RESERVED +CVE-2021-38926 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2021-38925 (IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 ...) + NOT-FOR-US: IBM +CVE-2021-38924 (IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2021-38923 (IBM PowerVM Hypervisor FW1010 could allow a privileged user to gain ac ...) + NOT-FOR-US: IBM +CVE-2021-38922 + RESERVED +CVE-2021-38921 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than ex ...) + NOT-FOR-US: IBM +CVE-2021-38920 + RESERVED +CVE-2021-38919 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authoriz ...) + NOT-FOR-US: IBM +CVE-2021-38918 (IBM PowerVM Hypervisor FW860, FW940, FW950, and FW1010, through a spec ...) + NOT-FOR-US: IBM +CVE-2021-38917 (IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an attacker ...) + NOT-FOR-US: IBM +CVE-2021-38916 + RESERVED +CVE-2021-38915 (IBM Data Risk Manager 2.0.6 stores user credentials in plain clear tex ...) + NOT-FOR-US: IBM +CVE-2021-38914 + RESERVED +CVE-2021-38913 + RESERVED +CVE-2021-38912 + RESERVED +CVE-2021-38911 (IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in p ...) + NOT-FOR-US: IBM +CVE-2021-38910 (IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote ...) + NOT-FOR-US: IBM +CVE-2021-38909 (IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2021-38908 + RESERVED +CVE-2021-38907 + RESERVED +CVE-2021-38906 + RESERVED +CVE-2021-38905 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authent ...) + NOT-FOR-US: IBM +CVE-2021-38904 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2021-38903 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2021-38902 + RESERVED +CVE-2021-38901 (IBM Spectrum Protect Operations Center 7.1, under special configuratio ...) + NOT-FOR-US: IBM +CVE-2021-38900 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) + NOT-FOR-US: IBM +CVE-2021-38899 (IBM Cloud Pak for Data 2.5 could allow a local user with special privi ...) + NOT-FOR-US: IBM +CVE-2021-38898 + RESERVED +CVE-2021-38897 + RESERVED +CVE-2021-38896 (IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM +CVE-2021-38895 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2021-38894 (IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remot ...) + NOT-FOR-US: IBM +CVE-2021-38893 (IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation W ...) + NOT-FOR-US: IBM +CVE-2021-38892 + REJECTED +CVE-2021-38891 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than ...) + NOT-FOR-US: IBM +CVE-2021-38890 (IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequat ...) + NOT-FOR-US: IBM +CVE-2021-38889 + RESERVED +CVE-2021-38888 + RESERVED +CVE-2021-38887 (IBM InfoSphere Information Server 11.7 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2021-38886 (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2021-38885 + RESERVED +CVE-2021-38884 + RESERVED +CVE-2021-38883 (IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Bus ...) + NOT-FOR-US: IBM +CVE-2021-38882 (IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admi ...) + NOT-FOR-US: IBM +CVE-2021-38881 + RESERVED +CVE-2021-38880 + RESERVED +CVE-2021-38879 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow ...) + NOT-FOR-US: IBM +CVE-2021-38878 (IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to imperson ...) + NOT-FOR-US: IBM +CVE-2021-38877 (IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross ...) + NOT-FOR-US: IBM +CVE-2021-38876 (IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2021-38875 (IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2021-38874 (IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access informati ...) + NOT-FOR-US: IBM +CVE-2021-38873 (IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. ...) + NOT-FOR-US: IBM +CVE-2021-38872 (IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, a ...) + NOT-FOR-US: IBM +CVE-2021-38871 (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2021-38870 (IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vu ...) + NOT-FOR-US: IBM +CVE-2021-38869 (IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatic ...) + NOT-FOR-US: IBM +CVE-2021-38868 (IBM Engineering Requirements Quality Assistant On-Premises (All versio ...) + NOT-FOR-US: IBM +CVE-2021-38867 + RESERVED +CVE-2021-38866 + RESERVED +CVE-2021-38865 + RESERVED +CVE-2021-38864 (IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2021-38863 (IBM Security Verify Bridge 1.0.5.0 stores user credentials in plain cl ...) + NOT-FOR-US: IBM +CVE-2021-38862 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) + NOT-FOR-US: IBM +CVE-2021-38861 + RESERVED +CVE-2021-38860 + RESERVED +CVE-2021-38859 (IBM Security Verify Privilege On-Premises 11.5 could allow a user to o ...) + NOT-FOR-US: IBM +CVE-2021-3712 (ASN.1 strings are represented internally within OpenSSL as an ASN1_STR ...) + {DSA-4963-1 DLA-2774-1 DLA-2766-1} + - openssl 1.1.1l-1 + - openssl1.0 + NOTE: https://www.openssl.org/news/secadv/20210824.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d9d838ddc0ed083fb4c26dd067e71aad7c65ad16 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=174ba8048a7f2f5e1fca31cfb93b1730d9db8300 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f54e57406ca17731b9ade3afd561d3c652e07f2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23446958685a593d4d9434475734b99138902ed2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8393de42498f8be75cf0353f5c9f906a43a748d2 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4de66925203ca99189c842136ec4a623137ea447 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bb4d2ed4091408404e18b3326e3df67848ef63d0 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2d0e5d4a4a5d4332325b5e5cea492fad2be633e1 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94d23fcff9b2a7a8368dfe52214d5c2569882c11 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8c74c9d1ade0fbdab5b815ddb747351b8b839641 (OpenSSL_1_1_1l) +CVE-2021-3711 (In order to decrypt SM2 encrypted data an application is expected to c ...) + {DSA-4963-1} + - openssl 1.1.1l-1 + [stretch] - openssl (support for SM2 decryption added in 1.1.1-pre3) + - openssl1.0 (Vulnerability does not affect 1.0.2 series) + NOTE: https://www.openssl.org/news/secadv/20210824.txt + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=59f5e75f3bced8fc0e130d72a3f582cf7b480b46 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (OpenSSL_1_1_1l) + NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=515ac8b5e544dd713a2b4cabfc54b722d122c218 (OpenSSL_1_1_1l) +CVE-2021-38858 + RESERVED +CVE-2021-38857 + RESERVED +CVE-2021-38856 + RESERVED +CVE-2021-38855 + RESERVED +CVE-2021-38854 + RESERVED +CVE-2021-38853 + RESERVED +CVE-2021-38852 + RESERVED +CVE-2021-38851 + RESERVED +CVE-2021-38850 + RESERVED +CVE-2021-38849 + RESERVED +CVE-2021-38848 + RESERVED +CVE-2021-38847 (S-Cart v6.4.1 and below was discovered to contain an arbitrary file up ...) + NOT-FOR-US: S-Cart +CVE-2021-38846 + RESERVED +CVE-2021-38845 + RESERVED +CVE-2021-38844 + RESERVED +CVE-2021-38843 + RESERVED +CVE-2021-38842 + RESERVED +CVE-2021-38841 (Remote Code Execution can occur in Simple Water Refilling Station Mana ...) + NOT-FOR-US: Simple Water Refilling Station Management System +CVE-2021-38840 (SQL Injection can occur in Simple Water Refilling Station Management S ...) + NOT-FOR-US: Simple Water Refilling Station Management System +CVE-2021-38839 + RESERVED +CVE-2021-38838 + RESERVED +CVE-2021-38837 + RESERVED +CVE-2021-38836 + RESERVED +CVE-2021-38835 + RESERVED +CVE-2021-38834 (easy-mock v1.5.0-v1.6.0 allows remote attackers to bypass the vm2 sand ...) + NOT-FOR-US: easy-mock +CVE-2021-38833 (SQL injection vulnerability in PHPGurukul Apartment Visitors Managemen ...) + NOT-FOR-US: PHPGurukul Apartment Visitors Management System (AVMS) +CVE-2021-38832 + RESERVED +CVE-2021-38831 + RESERVED +CVE-2021-38830 + RESERVED +CVE-2021-38829 + RESERVED +CVE-2021-38828 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) + NOT-FOR-US: Xiongmai +CVE-2021-38827 (Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vu ...) + NOT-FOR-US: Xiongmai +CVE-2021-38826 + RESERVED +CVE-2021-38825 + RESERVED +CVE-2021-38824 + RESERVED +CVE-2021-38823 (The IceHrm 30.0.0 OS website was found vulnerable to Session Managemen ...) + NOT-FOR-US: IceHrm +CVE-2021-38822 (A Stored Cross Site Scripting vulnerability via Malicious File Upload ...) + NOT-FOR-US: IceHrm +CVE-2021-38821 + RESERVED +CVE-2021-38820 + RESERVED +CVE-2021-38819 (A SQL injection vulnerability exits on the Simple Image Gallery System ...) + NOT-FOR-US: Simple Image Gallery System +CVE-2021-38818 + RESERVED +CVE-2021-38817 + RESERVED +CVE-2021-38816 + RESERVED +CVE-2021-38815 + RESERVED +CVE-2021-38814 + RESERVED +CVE-2021-38813 + RESERVED +CVE-2021-38812 + RESERVED +CVE-2021-38811 + RESERVED +CVE-2021-38810 + RESERVED +CVE-2021-38809 + RESERVED +CVE-2021-38808 + RESERVED +CVE-2021-38807 + RESERVED +CVE-2021-38806 + RESERVED +CVE-2021-38805 + RESERVED +CVE-2021-38804 + RESERVED +CVE-2021-38803 + RESERVED +CVE-2021-38802 + RESERVED +CVE-2021-38801 + RESERVED +CVE-2021-38800 + RESERVED +CVE-2021-38799 + RESERVED +CVE-2021-38798 + RESERVED +CVE-2021-38797 + RESERVED +CVE-2021-38796 + RESERVED +CVE-2021-38795 + RESERVED +CVE-2021-38794 + RESERVED +CVE-2021-38793 + RESERVED +CVE-2021-38792 + RESERVED +CVE-2021-38791 + RESERVED +CVE-2021-38790 + RESERVED +CVE-2021-38789 (Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect acce ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38788 (The Background service in Allwinner R818 SoC Android Q SDK V1.0 is use ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38787 (There is an integer overflow in the ION driver "/dev/ion" of Allwinner ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38786 (There is a NULL pointer dereference in media/libcedarc/vdecoder of All ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38785 (There is a NULL pointer deference in the Allwinner R818 SoC Android Q ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38784 (There is a NULL pointer dereference in the syscall open_exec function ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38783 (There is a Out-of-Bound Write in the Allwinner R818 SoC Android Q SDK ...) + NOT-FOR-US: Allwinner Android Q SDK +CVE-2021-38782 + RESERVED +CVE-2021-38781 + RESERVED +CVE-2021-38780 + RESERVED +CVE-2021-38779 + RESERVED +CVE-2021-38778 + RESERVED +CVE-2021-38777 + RESERVED +CVE-2021-38776 + RESERVED +CVE-2021-38775 + RESERVED +CVE-2021-38774 + RESERVED +CVE-2021-38773 + RESERVED +CVE-2021-38772 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) + NOT-FOR-US: Tenda +CVE-2021-38771 + RESERVED +CVE-2021-38770 + RESERVED +CVE-2021-38769 + RESERVED +CVE-2021-38768 + RESERVED +CVE-2021-38767 + RESERVED +CVE-2021-38766 + RESERVED +CVE-2021-38765 + RESERVED +CVE-2021-38764 + RESERVED +CVE-2021-38763 + RESERVED +CVE-2021-38762 + RESERVED +CVE-2021-38761 + RESERVED +CVE-2021-38760 + RESERVED +CVE-2021-38759 (Raspberry Pi OS through 5.10 has the raspberry default password for th ...) + NOT-FOR-US: Raspberry Pi OS +CVE-2021-38758 (Directory traversal vulnerability in Online Catering Reservation Syste ...) + NOT-FOR-US: Directory traversal in Online Catering Reservation System +CVE-2021-38757 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38756 (Persistent cross-site scripting (XSS) in Hospital Management System ta ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38755 (Unauthenticated doctor entry deletion in Hospital Management System in ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38754 (SQL Injection vulnerability in Hospital Management System due to lack ...) + NOT-FOR-US: Hospital Management System +CVE-2021-38753 (An unrestricted file upload on Simple Image Gallery Web App can be exp ...) + NOT-FOR-US: Simple Image Gallery Web App +CVE-2021-38752 (A cross-site scripting (XSS) vulnerability in Online Catering Reservat ...) + NOT-FOR-US: Online Catering Reservation System +CVE-2021-38751 (A HTTP Host header attack exists in ExponentCMS 2.6 and below in /expo ...) + NOT-FOR-US: ExponentCMS +CVE-2021-38750 + RESERVED +CVE-2021-38749 + RESERVED +CVE-2021-38748 + RESERVED +CVE-2021-38747 + RESERVED +CVE-2021-38746 + RESERVED +CVE-2021-38745 (Chamilo LMS v1.11.14 was discovered to contain a zero click code injec ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-38744 + RESERVED +CVE-2021-38743 + RESERVED +CVE-2021-38742 + RESERVED +CVE-2021-38741 + RESERVED +CVE-2021-38740 + RESERVED +CVE-2021-38739 + RESERVED +CVE-2021-38738 + RESERVED +CVE-2021-38737 (SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38736 (SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38735 + RESERVED +CVE-2021-38734 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38733 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38732 (SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38731 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38730 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38729 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38728 (SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_ ...) + NOT-FOR-US: SEMCMS +CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38726 + RESERVED +CVE-2021-38725 (Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/co ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38724 + RESERVED +CVE-2021-38723 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38722 + RESERVED +CVE-2021-38721 (FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38720 + RESERVED +CVE-2021-38719 + RESERVED +CVE-2021-38718 + RESERVED +CVE-2021-38717 + RESERVED +CVE-2021-38716 + RESERVED +CVE-2021-38715 + RESERVED +CVE-2021-38714 (In Plib through 1.85, there is an integer overflow vulnerability that ...) + {DLA-2775-1} + - plib 1.8.5-10 (bug #992973) + [bullseye] - plib 1.8.5-8+deb11u1 + [buster] - plib 1.8.5-8+deb10u1 + NOTE: https://sourceforge.net/p/plib/bugs/55/ +CVE-2021-38713 (imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.) + NOT-FOR-US: imgURL +CVE-2021-38712 (OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents ...) + NOT-FOR-US: OneNav +CVE-2021-38710 (Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas ...) + NOT-FOR-US: Yclas +CVE-2021-38709 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) + NOT-FOR-US: ocProducts Composr CMS +CVE-2021-38708 (In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaS ...) + NOT-FOR-US: ocProducts Composr CMS +CVE-2021-3710 (An information disclosure via path traversal was discovered in apport/ ...) + NOT-FOR-US: Apport +CVE-2021-3709 (Function check_attachment_for_errors() in file data/general-hooks/ubun ...) + NOT-FOR-US: Apport +CVE-2021-38711 (In gitit before 0.15.0.0, the Export feature can be exploited to leak ...) + - gitit 0.15.1.0+dfsg-1 (bug #992297) + [bullseye] - gitit (Minor issue) + [buster] - gitit (Minor issue) + [stretch] - gitit (Minor issue) + NOTE: https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8 +CVE-2021-38707 (Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7 ...) + NOT-FOR-US: ClinicCases +CVE-2021-38706 (messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL inject ...) + NOT-FOR-US: ClinicCases +CVE-2021-38705 (ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A ...) + NOT-FOR-US: ClinicCases +CVE-2021-38704 (Multiple reflected cross-site scripting (XSS) vulnerabilities in Clini ...) + NOT-FOR-US: ClinicCases +CVE-2021-38703 (Wireless devices running certain Arcadyan-derived firmware (such as KP ...) + NOT-FOR-US: Wireless devices running certain Arcadyan-derived firmware +CVE-2021-3708 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) + NOT-FOR-US: D-Link +CVE-2021-3707 (D-Link router DSL-2750U with firmware vME1.16 or prior versions is vul ...) + NOT-FOR-US: D-Link +CVE-2021-38702 (Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 a ...) + NOT-FOR-US: Cyberoam NetGenie C0101B1-20141120-NG11VO devices +CVE-2021-38701 (Certain Motorola Solutions Avigilon devices allow XSS in the administr ...) + NOT-FOR-US: Motorola Solutions Avigilon devices +CVE-2021-38700 + RESERVED +CVE-2021-38699 (TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashb ...) + NOT-FOR-US: TastyIgniter +CVE-2021-38698 (HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allow ...) + - consul 1.8.7+dfsg1-6 (bug #1015218) + [bullseye] - consul (Minor issue) + [buster] - consul (Vulnerable code not present) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 + NOTE: https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) +CVE-2021-38697 (SoftVibe SARABAN for INFOMA 1.1 allows Unauthenticated unrestricted Fi ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38696 (SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerabi ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38695 (SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scr ...) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2021-38694 (SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection.) + NOT-FOR-US: SoftVibe SARABAN for INFOMA +CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...) + NOT-FOR-US: UCWeb UC +CVE-2021-38693 (A path traversal vulnerability has been reported to affect QNAP device ...) + NOT-FOR-US: QNAP +CVE-2021-38692 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38691 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38690 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38689 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38688 (An improper authentication vulnerability has been reported to affect A ...) + NOT-FOR-US: QNAP +CVE-2021-38687 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38686 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-38685 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-38684 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38683 + RESERVED +CVE-2021-38682 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-38681 (A reflected cross-site scripting (XSS) vulnerability has been reported ...) + NOT-FOR-US: QNAP +CVE-2021-38680 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38679 (An improper authentication vulnerability has been reported to affect Q ...) + NOT-FOR-US: QNAP +CVE-2021-38678 (An open redirect vulnerability has been reported to affect QNAP device ...) + NOT-FOR-US: QNAP +CVE-2021-38677 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38676 + RESERVED +CVE-2021-38675 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-38674 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-3706 (adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag) + NOT-FOR-US: adminlte +CVE-2021-38673 + RESERVED +CVE-2021-38672 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38671 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38670 + RESERVED +CVE-2021-38669 (Microsoft Edge (Chromium-based) Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38668 + RESERVED +CVE-2021-38667 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38666 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38665 (Remote Desktop Protocol Client Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38664 + RESERVED +CVE-2021-38663 (Windows exFAT File System Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38662 (Windows Fast FAT File System Driver Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-38661 (HEVC Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38660 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-38659 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38658 (Microsoft Office Graphics Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-38657 (Microsoft Office Graphics Component Information Disclosure Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-38656 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38655 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38654 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38653 (Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38652 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-38651 (Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-38650 (Microsoft Office Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38649 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38648 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38647 (Open Management Infrastructure Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38646 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-38645 (Open Management Infrastructure Elevation of Privilege Vulnerability Th ...) + NOT-FOR-US: Microsoft +CVE-2021-38644 (Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38643 + RESERVED +CVE-2021-38642 (Microsoft Edge for iOS Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38641 (Microsoft Edge for Android Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38640 + RESERVED +CVE-2021-38639 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-38638 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2021-38637 (Windows Storage Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38636 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-38635 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-38634 (Microsoft Windows Update Client Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38633 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-38632 (BitLocker Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38631 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-38630 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-38629 (Windows Ancillary Function Driver for WinSock Information Disclosure V ...) + NOT-FOR-US: Microsoft +CVE-2021-38628 (Windows Ancillary Function Driver for WinSock Elevation of Privilege V ...) + NOT-FOR-US: Microsoft +CVE-2021-38627 + RESERVED +CVE-2021-38626 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-38625 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-38624 (Windows Key Storage Provider Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-38623 (The deferred_image_processing (aka Deferred image processing) extensio ...) + NOT-FOR-US: deferred_image_processing (aka Deferred image processing) extension for TYPO3 +CVE-2021-38622 + RESERVED +CVE-2021-38621 (The remove API in v1/controller/cloudStorage/alibabaCloud/remove/index ...) + NOT-FOR-US: Agora Flat Server +CVE-2021-38620 + RESERVED +CVE-2021-38619 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) + NOT-FOR-US: openBaraza HCM +CVE-2021-38618 (In GFOS Workforce Management 4.8.272.1, the login page of application ...) + NOT-FOR-US: GFOS Workforce Management +CVE-2021-38617 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/ us ...) + NOT-FOR-US: Eigen +CVE-2021-38616 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{us ...) + NOT-FOR-US: Eigen +CVE-2021-38615 (In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/sso/conf ...) + NOT-FOR-US: Eigen +CVE-2021-3705 (Potential security vulnerabilities have been discovered on a certain H ...) + NOT-FOR-US: HP +CVE-2021-3704 (Potential security vulnerabilities have been discovered on a certain H ...) + NOT-FOR-US: HP +CVE-2021-38614 (Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer ...) + - polipo + [buster] - polipo (Minor issue) + [stretch] - polipo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/28/2 +CVE-2021-38613 (The assets/index.php Image Upload feature of the NASCENT RemKon Device ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38612 (In NASCENT RemKon Device Manager 4.0.0.0, a Directory Traversal vulner ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38611 (A command-injection vulnerability in the Image Upload function of the ...) + NOT-FOR-US: NASCENT RemKon Device Manager +CVE-2021-38610 + RESERVED +CVE-2021-38609 + RESERVED +CVE-2021-38608 (Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.73 ...) + NOT-FOR-US: Tranquil WAPT Enterprise +CVE-2021-38607 (Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated u ...) + NOT-FOR-US: Crocoblock JetEngine +CVE-2021-38606 (reNgine through 0.5 relies on a predictable directory name.) + NOT-FOR-US: reNgine +CVE-2021-38605 + RESERVED +CVE-2021-38604 (In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/s ...) + - glibc (Vulnerability introduced as side effect of the CVE-2021-33574 fix) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 +CVE-2021-38603 (PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Informati ...) + - pluxml (bug #1008264) + [buster] - pluxml (Minor issue) + [stretch] - pluxml (Minor issue) +CVE-2021-38602 (PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content ...) + - pluxml (bug #1008264) + [buster] - pluxml (Minor issue) + [stretch] - pluxml (Minor issue) +CVE-2021-38601 + RESERVED +CVE-2021-38600 + RESERVED +CVE-2021-38599 (WAL-G before 1.1, when a non-libsodium build (e.g., one of the officia ...) + NOT-FOR-US: WAL-G +CVE-2021-38598 (OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows ...) + - neutron 2:18.1.0-2 + [bullseye] - neutron 2:17.2.1-0+deb11u1 + [buster] - neutron (Minor issue, not backported to rocky branch) + [stretch] - neutron (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/17/4 + NOTE: https://launchpad.net/bugs/1938670 + NOTE: https://review.opendev.org/c/openstack/neutron/+/785917/ +CVE-2021-38597 (wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain si ...) + - wolfssl 5.0.0-1 (bug #992174) + [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 + NOTE: https://github.com/wolfSSL/wolfssl/commit/f93083be72a3b3d956b52a7ec13f307a27b6e093 +CVE-2021-38596 + RESERVED +CVE-2021-38595 + RESERVED +CVE-2021-38594 + RESERVED +CVE-2021-38593 (Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write ...) + - qtbase-opensource-src (Vulnerable code introduced later) + - qtbase-opensource-src-gles (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35566 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qt/OSV-2021-903.yaml + NOTE: https://github.com/qt/qtbase/commit/1ca02cf2879a5e1511a2f2109f0925cf4c892862 (6.1) + NOTE: https://github.com/qt/qtbase/commit/202143ba41f6ac574f1858214ed8bf4a38b73ccd (6.2) + NOTE: https://github.com/qt/qtbase/commit/6b400e3147dcfd8cc3a393ace1bd118c93762e0c (dev) + NOTE: Introduced by https://github.com/qt/qtbase/commit/6869d2463a2e0d71bd04dbc82f5d6ef4933dc510 (6.0) +CVE-2021-38592 (Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called fro ...) + NOT-FOR-US: Wasm3 +CVE-2021-38591 (An issue was discovered on LG mobile devices with Android OS P and Q s ...) + NOT-FOR-US: LG mobile devices +CVE-2021-38590 (In cPanel before 96.0.8, weak permissions on web stats can lead to inf ...) + NOT-FOR-US: cPanel +CVE-2021-38589 (In cPanel before 96.0.13, scripts/fix-cpanel-perl does not properly re ...) + NOT-FOR-US: cPanel +CVE-2021-38588 (In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the in ...) + NOT-FOR-US: cPanel +CVE-2021-38587 (In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creat ...) + NOT-FOR-US: cPanel +CVE-2021-38586 (In cPanel before 98.0.1, /scripts/cpan_config performs unsafe operatio ...) + NOT-FOR-US: cPanel +CVE-2021-38585 (The WHM Locale Upload feature in cPanel before 98.0.1 allows unseriali ...) + NOT-FOR-US: cPanel +CVE-2021-38584 (The WHM Locale Upload feature in cPanel before 98.0.1 allows XXE attac ...) + NOT-FOR-US: cPanel +CVE-2021-38583 (openBaraza HCM 3.1.6 does not properly neutralize user-controllable in ...) + NOT-FOR-US: openBaraza HCM +CVE-2021-38582 + RESERVED +CVE-2021-38581 + RESERVED +CVE-2021-38580 + RESERVED +CVE-2021-38579 + RESERVED +CVE-2021-38578 (Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ...) + - edk2 2022.11-1 (bug #1014468) + [bullseye] - edk2 (Minor issue) + [buster] - edk2 (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3387 + NOTE: https://edk2.groups.io/g/devel/message/90516 + NOTE: https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6 +CVE-2021-38577 + REJECTED +CVE-2021-38576 (A BIOS bug in firmware for a particular PC model leaves the Platform a ...) + - edk2 (bug #1014468) + [bookworm] - edk2 (Minor issue) + [bullseye] - edk2 (Minor issue) + [buster] - edk2 (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3499 (private) +CVE-2021-38575 (NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.) + - edk2 2021.08-1 + [bullseye] - edk2 (Minor issue) + [buster] - edk2 (Minor issue) + [stretch] - edk2 (Minor issue) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=3356 + NOTE: https://edk2.groups.io/g/devel/message/76198 + NOTE: https://github.com/tianocore/edk2/pull/1698 +CVE-2021-38574 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38573 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38572 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38571 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38570 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38569 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38568 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. ...) + NOT-FOR-US: Foxit Reader +CVE-2021-38567 (An issue was discovered in Foxit PDF Editor before 11.0.1 and PDF Read ...) + NOT-FOR-US: Foxit +CVE-2021-38566 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38565 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38564 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-38563 (An issue was discovered in Foxit PDF Reader before 11.0.1 and PDF Edit ...) + NOT-FOR-US: Foxit +CVE-2021-3703 (It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-3319 ...) + NOT-FOR-US: Red Hat Serverless +CVE-2021-3702 (A race condition flaw was found in ansible-runner, where an attacker c ...) + - ansible-runner (Vulnerable code introduced later) + NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/0e9aa8a97e7832ef9a1553ef2908632a32d2b8c4 + NOTE: Introduced in https://github.com/ansible/ansible-runner/commit/93e95a3df9021a38010386d07df121392d249253 +CVE-2021-3701 (A flaw was found in ansible-runner where the default temporary files c ...) + - ansible-runner 2.1.1-1 + NOTE: https://github.com/ansible/ansible-runner/issues/738 + NOTE: https://github.com/ansible/ansible-runner/pull/742/commits/60b059f00409224acae1e417153a241c8591ad89 +CVE-2021-3700 (A use-after-free vulnerability was found in usbredir in versions prior ...) + {DLA-2958-1} + - usbredir 0.11.0-1 + [bullseye] - usbredir (Minor issue) + [buster] - usbredir (Minor issue) + NOTE: https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab (usbredir-0.11.0) +CVE-2021-38562 (Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4. ...) + {DLA-3057-1} + - request-tracker5 5.0.3+dfsg-1 (bug #995167) + - request-tracker4 4.4.4+dfsg-3 (bug #995175) + [bullseye] - request-tracker4 4.4.4+dfsg-2+deb11u1 + [buster] - request-tracker4 4.4.3-2+deb10u1 + NOTE: https://github.com/bestpractical/rt/commit/70749bb66cb13dd70bd53340c371038a5f3ca57c (rt-5.0.2) + NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.4.5) + NOTE: https://github.com/bestpractical/rt/commit/d16f8cf13c2af517ee55a85e7b91a0267477189f (rt-4.2.17) +CVE-2021-38561 (golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic ...) + - golang-golang-x-text 0.3.7-1 + [bullseye] - golang-golang-x-text (Minor issue) + - golang-x-text + [buster] - golang-x-text (Limited support, minor issue, follow bullseye DSAs/point-releases) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100495 +CVE-2021-38560 (Ivanti Service Manager 2021.1 allows reflected XSS via the appName par ...) + NOT-FOR-US: Ivanti +CVE-2021-38559 (DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php ...) + - hoteldruid 3.0.3-1 + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) +CVE-2021-38558 + RESERVED +CVE-2021-38557 (raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as ...) + NOT-FOR-US: RaspAP +CVE-2021-38556 (includes/configure_client.php in RaspAP 2.6.6 allows attackers to exec ...) + NOT-FOR-US: RaspAP +CVE-2021-38555 (An XML external entity (XXE) injection vulnerability was discovered in ...) + NOT-FOR-US: Apache Any23 +CVE-2021-38554 (HashiCorp Vault and Vault Enterprise\u2019s UI erroneously cached and ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-38553 (HashiCorp Vault and Vault Enterprise 1.4.0 through 1.7.3 initialized a ...) + NOT-FOR-US: HashiCorp Vault +CVE-2021-38552 + RESERVED +CVE-2021-38551 + RESERVED +CVE-2021-38550 + RESERVED +CVE-2021-38549 (MIRACASE MHUB500 USB splitters through 2021-08-09, in certain specific ...) + NOT-FOR-US: MIRACASE MHUB500 USB splitters +CVE-2021-38548 (JBL Go 2 devices through 2021-08-09 allow remote attackers to recover ...) + NOT-FOR-US: JBL Go 2 devices +CVE-2021-38547 (Logitech Z120 and S120 speakers through 2021-08-09 allow remote attack ...) + NOT-FOR-US: Logitech +CVE-2021-38546 (CREATIVE Pebble devices through 2021-08-09 allow remote attackers to r ...) + NOT-FOR-US: CREATIVE Pebble devices +CVE-2021-38545 (Raspberry Pi 3 B+ and 4 B devices through 2021-08-09, in certain speci ...) + NOT-FOR-US: Raspberry Pi hardware +CVE-2021-38544 (Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote att ...) + NOT-FOR-US: Sony SRS-XB33 and SRS-XB43 devices +CVE-2021-38543 (TP-Link UE330 USB splitter devices through 2021-08-09, in certain spec ...) + NOT-FOR-US: TP-Link +CVE-2021-38542 (Apache James prior to release 3.6.1 is vulnerable to a buffering attac ...) + NOT-FOR-US: Apache James +CVE-2021-38541 + RESERVED +CVE-2021-3699 + RESERVED +CVE-2019-25052 (In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data ...) + NOT-FOR-US: Linaro/OP-TEE OP-TEE +CVE-2021-38511 (An issue was discovered in the tar crate before 0.4.36 for Rust. When ...) + - rust-tar 0.4.37-1 (bug #992173) + [bullseye] - rust-tar (Minor issue) + [buster] - rust-tar (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0080.html + NOTE: https://github.com/alexcrichton/tar-rs/issues/238 +CVE-2021-38540 (The variable import endpoint was not protected by authentication in Ai ...) + - airflow (bug #819700) +CVE-2021-38539 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) + NOT-FOR-US: Netgear +CVE-2021-38538 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2021-38537 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38536 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38535 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) + NOT-FOR-US: Netgear +CVE-2021-38534 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2021-38533 (NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2021-38532 (NETGEAR WAC104 devices before 1.0.4.15 are affected by incorrect confi ...) + NOT-FOR-US: Netgear +CVE-2021-38531 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2021-38530 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38529 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38528 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38527 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38526 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-38525 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-38524 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2021-38523 (NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-38522 (NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2021-38521 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38520 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38519 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38518 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2021-38517 (Certain NETGEAR devices are affected by out-of-bounds reads and writes ...) + NOT-FOR-US: Netgear +CVE-2021-38516 (Certain NETGEAR devices are affected by lack of access control at the ...) + NOT-FOR-US: Netgear +CVE-2021-38515 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2021-38514 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-38513 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2021-38512 (An issue was discovered in the actix-http crate before 3.0.0-beta.9 fo ...) + NOT-FOR-US: Rust crate actix-http +CVE-2021-38510 (The executable file warning was not presented when downloading .inetlo ...) + - firefox (Only affects Mac OSX) + - firefox-esr (Only affects Mac OSX) + - thunderbird (Only affects Mac OSX) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38510 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38510 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38510 +CVE-2021-38509 (Due to an unusual sequence of attacker-controlled events, a Javascript ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38509 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38509 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38509 +CVE-2021-38508 (By displaying a form validity message in the correct location at the s ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38508 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38508 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38508 +CVE-2021-38507 (The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a conn ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38507 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38507 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38507 +CVE-2021-38506 (Through a series of navigations, Firefox could have entered fullscreen ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38506 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38506 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38506 +CVE-2021-38505 (Microsoft introduced a new feature in Windows 10 known as Cloud Clipbo ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38505 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38505 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38505 +CVE-2021-38504 (When interacting with an HTML input element's file picker dialog with ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38504 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38504 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38504 +CVE-2021-38503 (The iframe sandbox rules were not correctly applied to XSLT stylesheet ...) + {DSA-5034-1 DSA-5026-1 DLA-2874-1 DLA-2863-1} + - firefox 94.0-1 + - firefox-esr 91.3.0esr-1 + - thunderbird 1:91.3.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/#CVE-2021-38503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-49/#CVE-2021-38503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/#CVE-2021-38503 +CVE-2021-38502 (Thunderbird ignored the configuration to require STARTTLS security for ...) + {DSA-5034-1 DLA-2874-1} + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38502 +CVE-2021-38501 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) + - firefox 93.0-1 + - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38501 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38501 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38501 +CVE-2021-38500 (Mozilla developers reported memory safety bugs present in Firefox 92 a ...) + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} + - firefox 93.0-1 + - firefox-esr 91.2.0esr-1 + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38500 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38500 +CVE-2021-38499 (Mozilla developers reported memory safety bugs present in Firefox 92. ...) + - firefox 93.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38499 +CVE-2021-38498 (During process shutdown, a document could have caused a use-after-free ...) + - firefox 93.0-1 + - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38498 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38498 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38498 +CVE-2021-38497 (Through use of reportValidity() and window.open(), a plain-text valida ...) + - firefox 93.0-1 + - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38497 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38497 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38497 +CVE-2021-38496 (During operations on MessageTasks, a task may have been removed while ...) + {DSA-5034-1 DSA-4981-1 DLA-2874-1 DLA-2782-1} + - firefox 93.0-1 + - firefox-esr 91.2.0esr-1 + [experimental] - thunderbird 1:91.2.0-1 + - thunderbird 1:91.2.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-44/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-46/#CVE-2021-38496 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-38496 +CVE-2021-38495 (Mozilla developers reported memory safety bugs present in Thunderbird ...) + - thunderbird (Vulnerable code introduced later) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-41/#CVE-2021-38495 +CVE-2021-38494 (Mozilla developers reported memory safety bugs present in Firefox 91. ...) + - firefox 92.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38494 +CVE-2021-38493 (Mozilla developers reported memory safety bugs present in Firefox 91 a ...) + {DSA-4973-1 DSA-4969-1 DLA-2757-1 DLA-2756-1} + - firefox 92.0-1 + - firefox-esr 78.14.0esr-1 + - thunderbird 1:78.14.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38493 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38493 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38493 +CVE-2021-38492 (When delegating navigations to the operating system, Firefox would acc ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-42/#CVE-2021-38492 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-39/#CVE-2021-38492 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38492 +CVE-2021-38491 (Mixed-content checks were unable to analyze opaque origins which led t ...) + - firefox 92.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-38491 +CVE-2021-38490 (Altova MobileTogether Server before 7.3 SP1 allows XML exponential ent ...) + NOT-FOR-US: Altova MobileTogether Server +CVE-2021-38489 + RESERVED +CVE-2021-38488 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38487 (RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1. ...) + NOT-FOR-US: RTI Connext DDS +CVE-2021-38486 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cl ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38485 (The affected product is vulnerable to improper input validation in the ...) + NOT-FOR-US: Emerson +CVE-2021-38484 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38483 (The affected product is vulnerable to misconfigured binaries, allowing ...) + NOT-FOR-US: ROBOGUIDE +CVE-2021-38482 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 we ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38481 (The scheduler service running on a specific TCP port enables the user ...) + NOT-FOR-US: AUVESY +CVE-2021-38480 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38479 (Many API function codes receive raw pointers remotely from the user an ...) + NOT-FOR-US: AUVESY +CVE-2021-38478 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38477 (There are multiple API function codes that permit reading and writing ...) + NOT-FOR-US: AUVESY +CVE-2021-38476 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 au ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38475 (The database connection to the server is performed by calling a specif ...) + NOT-FOR-US: AUVESY +CVE-2021-38474 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38473 (The affected product\u2019s code base doesn\u2019t properly control ar ...) + NOT-FOR-US: AUVESY +CVE-2021-38472 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ma ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38471 (There are multiple API function codes that permit data writing to any ...) + NOT-FOR-US: AUVESY +CVE-2021-38470 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38469 (Many of the services used by the affected product do not specify full ...) + NOT-FOR-US: AUVESY +CVE-2021-38468 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ar ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38467 (A specific function code receives a raw pointer supplied by the user a ...) + NOT-FOR-US: AUVESY +CVE-2021-38466 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38465 (The webinstaller is a Golang web server executable that enables the ge ...) + NOT-FOR-US: AUVESY +CVE-2021-38464 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 ha ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38463 (The affected product does not properly control the allocation of resou ...) + NOT-FOR-US: AUVESY +CVE-2021-38462 (InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do ...) + NOT-FOR-US: InHand Networks IR615 Router +CVE-2021-38461 (The affected product uses a hard-coded blowfish key for encryption/dec ...) + NOT-FOR-US: AUVESY +CVE-2021-38460 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38459 (The data of a network capture of the initial handshake phase can be us ...) + NOT-FOR-US: AUVESY +CVE-2021-38458 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38457 (The server permits communication without any authentication procedure, ...) + NOT-FOR-US: AUVESY +CVE-2021-38456 (A use of hard-coded password vulnerability in the Moxa MXview Network ...) + NOT-FOR-US: Moxa +CVE-2021-38455 (The affected product\u2019s OS Service does not verify any given param ...) + NOT-FOR-US: AUVESY +CVE-2021-38454 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38453 (Some API functions allow interaction with the registry, which includes ...) + NOT-FOR-US: AUVESY +CVE-2021-38452 (A path traversal vulnerability in the Moxa MXview Network Management s ...) + NOT-FOR-US: Moxa +CVE-2021-38451 (The affected product\u2019s proprietary protocol CSC allows for callin ...) + NOT-FOR-US: AUVESY +CVE-2021-38450 (The affected controllers do not properly sanitize the input containing ...) + NOT-FOR-US: Trane +CVE-2021-38449 (Some API functions permit by-design writing or copying data into a giv ...) + NOT-FOR-US: AUVESY +CVE-2021-38448 (The affected controllers do not properly sanitize the input containing ...) + NOT-FOR-US: Trane +CVE-2021-38447 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...) + NOT-FOR-US: OpenDDS +CVE-2021-38446 + RESERVED +CVE-2021-38445 (OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter ...) + NOT-FOR-US: OpenDDS +CVE-2021-38444 + RESERVED +CVE-2021-38443 (Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid s ...) + - cyclonedds 0.8.1-2 + [bullseye] - cyclonedds (Minor issue) + NOTE: No mention of CVE upstream + NOTE: https://projects.eclipse.org/projects/iot.cyclonedds + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 +CVE-2021-38442 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38441 (Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-w ...) + - cyclonedds 0.8.1-2 + [bullseye] - cyclonedds (Minor issue) + NOTE: No mention of CVE upstream + NOTE: https://projects.eclipse.org/projects/iot.cyclonedds + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 +CVE-2021-38440 (FATEK Automation WinProladder versions 3.30 and prior is vulnerable to ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38439 (All versions of GurumDDS are vulnerable to heap-based buffer overflow, ...) + NOT-FOR-US: GurumNetworks +CVE-2021-38438 (A use after free vulnerability in FATEK Automation WinProladder versio ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38437 + RESERVED +CVE-2021-38436 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38435 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...) + NOT-FOR-US: RTI Connext DDS +CVE-2021-38434 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38433 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6 ...) + NOT-FOR-US: RTI Connext DDS +CVE-2021-38432 (FATEK Automation Communication Server Versions 1.13 and prior lacks pr ...) + NOT-FOR-US: FATEK Automation Communication Server +CVE-2021-38431 (An authenticated user using Advantech WebAccess SCADA in versions 9.0. ...) + NOT-FOR-US: Advantech +CVE-2021-38430 (FATEK Automation WinProladder versions 3.30 and prior proper validatio ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38429 (OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker s ...) + NOT-FOR-US: OpenDDS +CVE-2021-38428 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38427 (RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to ...) + NOT-FOR-US: RTI Connext DDS +CVE-2021-38426 (FATEK Automation WinProladder versions 3.30 and prior lacks proper val ...) + NOT-FOR-US: FATEK Automation +CVE-2021-38425 (eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to e ...) + - fastdds 2.6.1+ds-1 + [bullseye] - fastdds 2.1.0+ds-9+deb11u1 + NOTE: https://github.com/eProsima/Fast-DDS/issues/2267 + NOTE: https://github.com/eProsima/Fast-DDS/pull/2269 + NOTE: https://github.com/eProsima/Fast-DDS/commit/01550cfa1b8313c4cb39529960b41f95e4820312 (v2.6.1) + NOTE: https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02 +CVE-2021-38424 (The tag interface of Delta Electronics DIALink versions 1.2.4.0 and pr ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38423 (All versions of GurumDDS improperly calculate the size to be used when ...) + NOT-FOR-US: GurumNetworks +CVE-2021-38422 (Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38421 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38420 (Delta Electronics DIALink versions 1.2.4.0 and prior default permissio ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38419 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38418 (Delta Electronics DIALink versions 1.2.4.0 and prior runs by default o ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38417 (VISAM VBASE version 11.6.0.6 is vulnerable to improper access control ...) + NOT-FOR-US: VISAM +CVE-2021-38416 (Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38415 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38414 + RESERVED +CVE-2021-38413 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38412 (Properly formatted POST requests to multiple resources on the HTTP and ...) + NOT-FOR-US: Digi PortServer TS +CVE-2021-38411 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38410 (AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4 ...) + NOT-FOR-US: AVEVA +CVE-2021-38409 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38408 (A stack-based buffer overflow vulnerability in Advantech WebAccess Ver ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-38407 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38406 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38405 (The Datalogics APDFL library used in affected products is vulnerable t ...) + NOT-FOR-US: Siemens +CVE-2021-38404 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38403 (Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics DIALink +CVE-2021-38402 (Delta Electronic DOPSoft 2 (Version 2.00.07 and prior) lacks proper va ...) + NOT-FOR-US: Delta Electronic +CVE-2021-38401 (Fuji Electric V-Server Lite and Tellus Lite V-Simulator prior to v4.0. ...) + NOT-FOR-US: Fuji Electric +CVE-2021-38400 (An attacker with physical access to Boston Scientific Zoom Latitude Mo ...) + NOT-FOR-US: Boston Scientific Zoom Latitude Model 3120 +CVE-2021-38399 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) + NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers +CVE-2021-38398 (The affected device uses off-the-shelf software components that contai ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38397 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) + NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers +CVE-2021-38396 (The programmer installation utility does not perform a cryptographic a ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38395 (Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vuln ...) + NOT-FOR-US: Honeywell Experion PKS C200, C200E, C300, and ACE controllers +CVE-2021-38394 (An attacker with physical access to the device can extract the binary ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38393 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38392 (A skilled attacker with physical access to the affected device can gai ...) + NOT-FOR-US: Boston Scientific +CVE-2021-38391 (A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_H ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38390 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-38389 (Advantech WebAccess versions 9.02 and prior are vulnerable to a stack- ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-38388 (Central Dogma allows privilege escalation with mirroring to the intern ...) + NOT-FOR-US: Central Dogma +CVE-2021-38387 (In Contiki 3.0, a Telnet server that silently quits (before disconnect ...) + NOT-FOR-US: Contiki +CVE-2021-38386 (In Contiki 3.0, a buffer overflow in the Telnet service allows remote ...) + NOT-FOR-US: Contiki +CVE-2021-38385 (Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship ...) + {DSA-4961-1} + - tor 0.4.5.10-1 + [stretch] - tor (See DSA 4644) + NOTE: https://blog.torproject.org/node/2062 + NOTE: https://bugs.torproject.org/tpo/core/tor/40078 +CVE-2021-38384 (Serverless Offline 8.0.0 returns a 403 HTTP status code for a route th ...) + NOT-FOR-US: Serverless Offline +CVE-2021-38383 (OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_ ...) + NOT-FOR-US: OwnTone +CVE-2021-38382 (Live555 through 1.08 does not handle Matroska and Ogg files properly. ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) + [stretch] - liblivemedia (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021959.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06] +CVE-2021-38381 (Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sendi ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) + [stretch] - liblivemedia (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021961.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09] +CVE-2021-38380 (Live555 through 1.08 mishandles huge requests for the same MP3 stream, ...) + - liblivemedia + [buster] - liblivemedia (Minor issue) + [stretch] - liblivemedia (Minor issue) + NOTE: http://lists.live555.com/pipermail/live-devel/2021-August/021954.html + NOTE: http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04] +CVE-2021-38379 (The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permi ...) + NOT-FOR-US: CFEngine Enterprise +CVE-2021-38378 (OX App Suite 7.10.5 allows Information Exposure because a caching mech ...) + NOT-FOR-US: OX App Suite +CVE-2021-38377 (OX App Suite through 7.10.5 allows XSS via JavaScript code in an ancho ...) + NOT-FOR-US: OX App Suite +CVE-2021-38376 (OX App Suite through 7.10.5 has Incorrect Access Control for retrieval ...) + NOT-FOR-US: OX App Suite +CVE-2021-38375 (OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG ...) + NOT-FOR-US: OX App Suite +CVE-2021-38374 (OX App Suite through through 7.10.5 allows XSS via a crafted snippet t ...) + NOT-FOR-US: OX App Suite +CVE-2021-38373 (In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not hon ...) + - ksmtp 21.12.3-2 + [bullseye] - ksmtp (Minor issue; Upstream changes change API) + [buster] - ksmtp (Minor issue; Upstream changes change API) + NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 + NOTE: https://nostarttls.secvuln.info + NOTE: https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 + NOTE: https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a +CVE-2021-38372 (In KDE Trojita 0.7, man-in-the-middle attackers can create new folders ...) + - trojita (bug #795701) +CVE-2021-38371 (The STARTTLS feature in Exim through 4.94.2 allows response injection ...) + - exim4 4.95~RC2-1 (bug #992172) + [bullseye] - exim4 (Minor issue) + [buster] - exim4 (Minor issue) + [stretch] - exim4 (Minor issue, revisit when fixed upstream) + NOTE: https://nostarttls.secvuln.info + NOTE: https://www.exim.org/static/doc/security/CVE-2021-38371.txt +CVE-2021-38370 (In Alpine before 2.25, untagged responses from an IMAP server are acce ...) + - alpine 2.25+dfsg1-1 (bug #992171) + [bullseye] - alpine (Minor issue) + [buster] - alpine (Minor issue) + [stretch] - alpine (Minor issue, revisit when/if fixed upstream) + NOTE: https://nostarttls.secvuln.info + NOTE: https://repo.or.cz/alpine.git/commitdiff/e58edb33f71687cb0b12c10a6cea2db2f8a35011 (v2.25) +CVE-2021-38369 + RESERVED +CVE-2021-38368 + RESERVED +CVE-2021-38367 + RESERVED +CVE-2021-38366 (Sitecore through 10.1, when Update Center is enabled, allows remote au ...) + NOT-FOR-US: Sitecore +CVE-2021-38365 (Winner (aka ToneWinner) desktop speakers through 2021-08-09 allow remo ...) + NOT-FOR-US: Winner (aka ToneWinner) desktop speakers +CVE-2021-3698 (A flaw was found in Cockpit in versions prior to 260 in the way it han ...) + - cockpit 260-1 + [bullseye] - cockpit (Minor issue) + [buster] - cockpit (Vulnerable code not present, introduced in 208) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1992149 + NOTE: Needs sssd 2.6.1 + NOTE: https://cockpit-project.org/blog/cockpit-260.html +CVE-2021-3697 (A crafted JPEG image may lead the JPEG reader to underflow its data po ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2021-3696 (A heap out-of-bounds write may heppen during the handling of Huffman t ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2021-3695 (A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write ...) + - grub2 2.06-3 + [bullseye] - grub2 2.06-3~deb11u1 + [buster] - grub2 2.06-3~deb10u1 + [stretch] - grub2 (No SecureBoot support in stretch) + [jessie] - grub2 (No SecureBoot support in jessie) + NOTE: https://www.openwall.com/lists/oss-security/2022/06/07/5 +CVE-2021-40084 (opensysusers through 0.6 does not safely use eval on files in sysusers ...) + - opensysusers 0.6-3 (bug #992058) + [bullseye] - opensysusers (Minor issue; if fixed upstream address via point release) +CVE-2021-38364 (An issue was discovered in ONOS 2.5.1. There is an incorrect compariso ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2021-38363 (An issue was discovered in ONOS 2.5.1. In IntentManager, the install-r ...) + NOT-FOR-US: Open Network Operating System (ONOS) +CVE-2021-38362 (In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker ...) + NOT-FOR-US: RSA Archer +CVE-2021-38361 (The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38360 (The wp-publications WordPress plugin is vulnerable to restrictive loca ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38359 (The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions Wor ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38358 (The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38357 (The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38356 (The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38355 (The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38354 (The GNU-Mailman Integration WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38353 (The Dropdown and scrollable Text WordPress plugin is vulnerable to Ref ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38352 (The Feedify \u2013 Web Push Notifications WordPress plugin is vulnerab ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38351 (The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38350 (The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38349 (The Integration of Moneybird for WooCommerce WordPress plugin is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38348 (The Advance Search WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38347 (The Custom Website Data WordPress plugin is vulnerable to Reflected Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38346 (The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38345 (The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrec ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38344 (The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable t ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38343 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38342 (The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38341 (The WooCommerce Payment Gateway Per Category WordPress plugin is vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38340 (The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38339 (The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38338 (The Border Loading Bar WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38337 (The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38336 (The Edit Comments XT WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38335 (The Wise Agent Capture Forms WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38334 (The WP Design Maps & Places WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38333 (The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Sit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38332 (The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vuln ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38331 (The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38330 (The Yet Another bol.com Plugin WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38329 (The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38328 (The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38327 (The YouTube Video Inserter WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38326 (The Post Title Counter WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38325 (The User Activation Email WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38324 (The SP Rental Manager WordPress plugin is vulnerable to SQL Injection ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38323 (The RentPress WordPress plugin is vulnerable to Reflected Cross-Site S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38322 (The Twitter Friends Widget WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38321 (The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38320 (The simpleSAMLphp Authentication WordPress plugin is vulnerable to Ref ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38319 (The More From Google WordPress plugin is vulnerable to Reflected Cross ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38318 (The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38317 (The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38316 (The WP Academic People List WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38315 (The SP Project & Document Manager WordPress plugin is vulnerable to at ...) + NOT-FOR-US: WordPress plugin +CVE-2021-38314 (The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for ...) + NOT-FOR-US: Gutenberg Template Library +CVE-2021-38313 + RESERVED +CVE-2021-38312 (The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for ...) + NOT-FOR-US: Gutenberg Template Library +CVE-2021-38311 (In Contiki 3.0, potential nonterminating acknowledgment loops exist in ...) + NOT-FOR-US: Contiki +CVE-2021-38310 + RESERVED +CVE-2021-38309 + RESERVED +CVE-2021-38308 + RESERVED +CVE-2021-38307 + RESERVED +CVE-2021-38306 (Network Attached Storage on LG N1T1*** 10124 devices allows an unauthe ...) + NOT-FOR-US: LG +CVE-2021-38305 (23andMe Yamale before 3.0.8 allows remote attackers to execute arbitra ...) + NOT-FOR-US: 23andMe Yamale +CVE-2021-38304 (Improper input validation in the National Instruments NI-PAL driver in ...) + NOT-FOR-US: National Instruments NI-PAL driver +CVE-2021-38303 (A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0 ...) + NOT-FOR-US: Sureline SUREedge Migrator +CVE-2021-38302 (The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection.) + NOT-FOR-US: Newsletter extension for TYPO3 +CVE-2021-38301 + RESERVED +CVE-2021-38300 (arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate ...) + {DSA-5096-1 DLA-2941-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [stretch] - linux (mips not supported in LTS) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/15/5 + NOTE: https://lore.kernel.org/bpf/20210915160437.4080-1-piotras@gmail.com/ +CVE-2021-38299 (Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An ...) + NOT-FOR-US: FIDO2/Webauthn Support for PHP +CVE-2021-38298 (Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XX ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-38297 (Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via la ...) + {DLA-3395-1} + - golang-1.17 1.17.2-1 + - golang-1.16 1.16.9-1 + - golang-1.15 1.15.15-5 + [bullseye] - golang-1.15 1.15.15-1~deb11u2 + - golang-1.11 + - golang-1.8 (Vulnerable code not present) + - golang-1.7 (Vulnerable code not present) + NOTE: https://github.com/golang/go/commit/77f2750f4398990eed972186706f160631d7dae4 + NOTE: https://groups.google.com/g/golang-announce/c/AEBu9j7yj5A + NOTE: https://github.com/golang/go/issues/48797 +CVE-2021-38296 (Apache Spark supports end-to-end encryption of RPC connections via "sp ...) + - apache-spark (bug #802194) +CVE-2021-38295 (In Apache CouchDB, a malicious user with permission to create document ...) + - couchdb +CVE-2021-3694 (LedgerSMB does not sufficiently HTML-encode error messages sent to the ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3694-cross-site-scripting +CVE-2021-3693 (LedgerSMB does not check the origin of HTML fragments merged into the ...) + {DSA-4962-1} + - ledgersmb 1.6.9+ds-2.1 (bug #992817) + NOTE: https://ledgersmb.org/cve-2021-3693-cross-site-scripting +CVE-2021-3692 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) + - yii (bug #597899) +CVE-2021-38294 (A Command Injection vulnerability exists in the getTopologyHistory ser ...) + NOT-FOR-US: Apache Storm +CVE-2021-38293 + RESERVED +CVE-2021-38292 + RESERVED +CVE-2021-38291 (FFmpeg version (git commit de8e6e67e7523e48bb27ac224a0b446df05e1640) s ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 (unimportant) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e01d306c647b5827102260b885faa223b646d2d1 + NOTE: https://trac.ffmpeg.org/ticket/9312 + NOTE: Negligible security impact +CVE-2021-38290 (A host header attack vulnerability exists in FUEL CMS 1.5.0 through fu ...) + NOT-FOR-US: FUEL CMS +CVE-2021-38289 (An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 ...) + NOT-FOR-US: Novastar-VNNOX-iCare +CVE-2021-38288 + RESERVED +CVE-2021-38287 + RESERVED +CVE-2021-38286 + RESERVED +CVE-2021-38285 + RESERVED +CVE-2021-38284 + RESERVED +CVE-2021-38283 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38282 + RESERVED +CVE-2021-38281 + RESERVED +CVE-2021-38280 + RESERVED +CVE-2021-38279 + RESERVED +CVE-2021-38278 (Tenda AC10-1200 v15.03.06.23_EN was discovered to contain a buffer ove ...) + NOT-FOR-US: Tenda +CVE-2021-38277 + RESERVED +CVE-2021-38276 + RESERVED +CVE-2021-38275 + RESERVED +CVE-2021-38274 + RESERVED +CVE-2021-38273 + RESERVED +CVE-2021-38272 + RESERVED +CVE-2021-38271 + RESERVED +CVE-2021-38270 + RESERVED +CVE-2021-38269 (Cross-site scripting (XSS) vulnerability in the Gogo Shell module in L ...) + NOT-FOR-US: Liferay +CVE-2021-38268 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, ...) + NOT-FOR-US: Liferay +CVE-2021-38267 (Cross-site scripting (XSS) vulnerability in the Blogs module's edit bl ...) + NOT-FOR-US: Liferay +CVE-2021-38266 (The Portal Security module in Liferay Portal 7.2.1 and earlier, and Li ...) + NOT-FOR-US: Liferay +CVE-2021-38265 (Cross-site scripting (XSS) vulnerability in the Asset module in Lifera ...) + NOT-FOR-US: Liferay +CVE-2021-38264 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) + NOT-FOR-US: Liferay +CVE-2021-38263 (Cross-site scripting (XSS) vulnerability in the Server module's script ...) + NOT-FOR-US: Liferay +CVE-2021-38262 + RESERVED +CVE-2021-38261 + RESERVED +CVE-2021-38260 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) + NOT-FOR-US: NXP MCUXpresso SDK +CVE-2021-38259 + RESERVED +CVE-2021-38258 (NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow ...) + NOT-FOR-US: NXP MCUXpresso SDK +CVE-2021-38257 + RESERVED +CVE-2021-38256 + RESERVED +CVE-2021-38255 + RESERVED +CVE-2021-38254 + RESERVED +CVE-2021-38253 + RESERVED +CVE-2021-38252 + RESERVED +CVE-2021-38251 + RESERVED +CVE-2021-38250 + RESERVED +CVE-2021-38249 + RESERVED +CVE-2021-38248 + RESERVED +CVE-2021-38247 + RESERVED +CVE-2021-38246 + RESERVED +CVE-2021-38245 + RESERVED +CVE-2021-38244 (A regular expression denial of service (ReDoS) vulnerability exits in ...) + NOT-FOR-US: cbioportal +CVE-2021-38243 (xunruicms <=4.5.1 is vulnerable to Remote Code Execution.) + NOT-FOR-US: xunruicms +CVE-2021-38242 + RESERVED +CVE-2021-38241 (Deserialization issue discovered in Ruoyi before 4.6.1 allows remote a ...) + NOT-FOR-US: Ruoyi +CVE-2021-38240 + RESERVED +CVE-2021-38239 (SQL Injection vulnerability in dataease before 1.2.0, allows attackers ...) + NOT-FOR-US: DataEase +CVE-2021-38238 + RESERVED +CVE-2021-38237 + RESERVED +CVE-2021-38236 + RESERVED +CVE-2021-38235 + RESERVED +CVE-2021-38234 + RESERVED +CVE-2021-38233 + RESERVED +CVE-2021-38232 + RESERVED +CVE-2021-38231 + RESERVED +CVE-2021-38230 + RESERVED +CVE-2021-38229 + RESERVED +CVE-2021-38228 + RESERVED +CVE-2021-38227 + RESERVED +CVE-2021-38226 + RESERVED +CVE-2021-38225 + RESERVED +CVE-2021-38224 + RESERVED +CVE-2021-38223 + RESERVED +CVE-2021-38222 + RESERVED +CVE-2021-38221 (bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS.) + NOT-FOR-US: bbs-go +CVE-2021-38220 + RESERVED +CVE-2021-38219 + RESERVED +CVE-2021-38218 + RESERVED +CVE-2021-38217 (SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.) + NOT-FOR-US: SEMCMS +CVE-2021-38216 + RESERVED +CVE-2021-38215 + RESERVED +CVE-2021-38214 + RESERVED +CVE-2021-38213 + RESERVED +CVE-2021-38212 + RESERVED +CVE-2021-38211 + RESERVED +CVE-2021-38210 + RESERVED +CVE-2021-3691 + REJECTED +CVE-2021-3690 (A flaw was found in Undertow. A buffer leak on the incoming WebSocket ...) + - undertow 2.2.10-1 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1935 +CVE-2021-38209 (net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.1 ...) + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/2671fa4dc0109d3fb581bc3078fdf17b5d9080f6 +CVE-2021-38208 (net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local un ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/4ac06a1e013cf5fdd963317ffd3b968560f33bba +CVE-2021-38207 (drivers/net/ethernet/xilinx/ll_temac_main.c in the Linux kernel before ...) + - linux 5.10.46-1 + [buster] - linux (Not applicable to any release architecture) + [stretch] - linux (Not applicable to any release architecture) + NOTE: https://git.kernel.org/linus/c364df2489b8ef2f5e3159b1dff1ff1fdb16040d +CVE-2021-38206 (The mac80211 subsystem in the Linux kernel before 5.12.13, when a devi ...) + - linux 5.10.46-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/bddc0c411a45d3718ac535a070f349be8eca8d48 +CVE-2021-38205 (drivers/net/ethernet/xilinx/xilinx_emaclite.c in the Linux kernel befo ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d0d62baa7f505bd4c59cd169692ff07ec49dde37 +CVE-2021-38204 (drivers/usb/host/max3421-hcd.c in the Linux kernel before 5.13.6 allow ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 (unimportant) + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/b5fdf5c6e6bee35837e160c00ac89327bdad031b +CVE-2021-38203 (btrfs in the Linux kernel before 5.13.4 allows attackers to cause a de ...) + - linux 5.14.6-1 + [bullseye] - linux (Vulnerability introduced later) + [buster] - linux (Vulnerability introduced later) + [stretch] - linux (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/1cb3db1cf383a3c7dbda1aa0ce748b0958759947 +CVE-2021-38202 (fs/nfsd/trace.h in the Linux kernel before 5.13.4 might allow remote a ...) + - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/7b08cf62b1239a4322427d677ea9363f0ab677c6 +CVE-2021-38201 (net/sunrpc/xdr.c in the Linux kernel before 5.13.4 allows remote attac ...) + - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/6d1c0f3d28f98ea2736128ed3e46821496dc3a8c +CVE-2021-38200 (arch/powerpc/perf/core-book3s.c in the Linux kernel before 5.12.13, on ...) + - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/60b7ed54a41b550d50caf7f2418db4a7e75b5bdc +CVE-2021-38199 (fs/nfs/nfs4client.c in the Linux kernel before 5.13.4 has incorrect co ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/dd99e9f98fbf423ff6d365b37a98e8879170f17c +CVE-2021-38198 (arch/x86/kvm/mmu/paging_tmpl.h in the Linux kernel before 5.12.11 inco ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/b1bd5cba3306691c771d558e94baa73e8b0b96b7 +CVE-2021-38197 (unarr.go in go-unarr (aka Go bindings for unarr) 0.1.1 allows Director ...) + NOT-FOR-US: Go unarr +CVE-2021-38196 (An issue was discovered in the better-macro crate through 2021-07-22 f ...) + NOT-FOR-US: Rust crate better macto +CVE-2021-38195 (An issue was discovered in the libsecp256k1 crate before 0.5.0 for Rus ...) + NOT-FOR-US: Rust crate libsecp256k1 +CVE-2021-38194 (An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rus ...) + NOT-FOR-US: Rust crate ark-r1cs-std +CVE-2021-38192 (An issue was discovered in the prost-types crate before 0.8.0 for Rust ...) + NOT-FOR-US: Rust crate prost-types +CVE-2021-38190 (An issue was discovered in the nalgebra crate before 0.27.1 for Rust. ...) + NOT-FOR-US: Rust crate nalgebra +CVE-2021-38189 (An issue was discovered in the lettre crate before 0.9.6 for Rust. In ...) + NOT-FOR-US: Rust crate lettre +CVE-2021-38188 (An issue was discovered in the iced-x86 crate through 1.10.3 for Rust. ...) + NOT-FOR-US: Rust crate iced-x86 +CVE-2021-38187 (An issue was discovered in the anymap crate through 0.12.1 for Rust. I ...) + - rust-anymap (bug #992046) + [bullseye] - rust-anymap (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0065.html +CVE-2021-38186 (An issue was discovered in the comrak crate before 0.10.1 for Rust. It ...) + NOT-FOR-US: Rust crate comrak +CVE-2021-38185 (GNU cpio through 2.13 allows attackers to execute arbitrary code via a ...) + {DLA-3445-1} + - cpio 2.13+dfsg-5 (bug #992045) + [bullseye] - cpio 2.13+dfsg-7.1~deb11u1 + [stretch] - cpio (Minor issue) + NOTE: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dd96882877721703e19272fe25034560b794061b + NOTE: https://github.com/fangqyi/cpiopwn + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00000.html + NOTE: https://lists.gnu.org/archive/html/bug-cpio/2021-08/msg00002.html + NOTE: Regression: https://bugs.debian.org/992098 + NOTE: Regression fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=dfc801c44a93bed7b3951905b188823d6a0432c8 + NOTE: Regression #2: https://bugs.debian.org/992192 + NOTE: Regression #2 fixed by: https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=236684f6deb3178043fe72a8e2faca538fa2aae1 +CVE-2021-38184 + RESERVED +CVE-2021-38183 (SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently enc ...) + NOT-FOR-US: SAP +CVE-2021-38182 (Due to insufficient input validation of Kyma, authenticated users can ...) + NOT-FOR-US: Kyma +CVE-2021-38181 (SAP NetWeaver AS ABAP and ABAP Platform - versions 700, 701, 702, 730, ...) + NOT-FOR-US: SAP +CVE-2021-38180 (SAP Business One - version 10.0, allows an attacker to inject formulas ...) + NOT-FOR-US: SAP +CVE-2021-38179 (Debug function of Admin UI of SAP Business One Integration is enabled ...) + NOT-FOR-US: SAP +CVE-2021-38178 (The software logistics system of SAP NetWeaver AS ABAP and ABAP Platfo ...) + NOT-FOR-US: SAP +CVE-2021-38177 (SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null poin ...) + NOT-FOR-US: SAP +CVE-2021-38176 (Due to improper input sanitization, an authenticated user with certain ...) + NOT-FOR-US: SAP +CVE-2021-38175 (SAP Analysis for Microsoft Office - version 2.8, allows an attacker wi ...) + NOT-FOR-US: SAP +CVE-2021-38174 (When a user opens manipulated files received from untrusted sources in ...) + NOT-FOR-US: SAP +CVE-2021-3689 (yii2 is vulnerable to Use of Predictable Algorithm in Random Number Ge ...) + - yii (bug #597899) +CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...) + NOT-FOR-US: Rust crate max7301 +CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust. ...) + - rust-generator 0.7.1-1 (bug #992047) + [bullseye] - rust-generator (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0151.html +CVE-2020-36470 (An issue was discovered in the disrustor crate through 2020-12-17 for ...) + NOT-FOR-US: Rust crate disrustor +CVE-2020-36469 (An issue was discovered in the appendix crate through 2020-11-15 for R ...) + NOT-FOR-US: Rust crate appendix +CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) + NOT-FOR-US: Rust crate cgc +CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) + NOT-FOR-US: Rust crate cgc +CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) + NOT-FOR-US: Rust crate cgc +CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...) + - rust-generic-array 0.14.4-1 + [buster] - rust-generic-array (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0146.html +CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...) + NOT-FOR-US: Rust crate heapless +CVE-2020-36463 (An issue was discovered in the multiqueue crate through 2020-12-25 for ...) + NOT-FOR-US: Rust crate multiqueue +CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for Rust. T ...) + NOT-FOR-US: Rust crate syncpool +CVE-2020-36461 (An issue was discovered in the noise_search crate through 2020-12-10 f ...) + NOT-FOR-US: Rust crate noise_search +CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10 for Rust ...) + NOT-FOR-US: Rust crate model +CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09 for Rust. ...) + NOT-FOR-US: Rust crate dces +CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10 for Rust ...) + NOT-FOR-US: Rust crate lexer +CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for Rust. Atom ...) + NOT-FOR-US: Rust crate lever +CVE-2020-36456 (An issue was discovered in the toolshed crate through 2020-11-15 for R ...) + NOT-FOR-US: Rust crate toolshed +CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17 for Rust ...) + NOT-FOR-US: Rust crate slock +CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14 for Rust. ...) + NOT-FOR-US: Rust crate parc +CVE-2020-36453 (An issue was discovered in the scottqueue crate through 2020-11-15 for ...) + NOT-FOR-US: Rust crate scottqueue +CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2 for Rust ...) + NOT-FOR-US: Rust crate array-tools +CVE-2020-36451 (An issue was discovered in the rcu_cell crate through 2020-11-14 for R ...) + NOT-FOR-US: Rust crate rcu_cell +CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12 for Rust ...) + NOT-FOR-US: Rust crate bunch +CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ...) + NOT-FOR-US: Rust crate kekbit +CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24 for Rust ...) + NOT-FOR-US: Rust crate cache +CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for Rust. T ...) + NOT-FOR-US: Rust crate v9 +CVE-2020-36446 (An issue was discovered in the signal-simple crate through 2020-11-15 ...) + NOT-FOR-US: Rust crate signal-simple +CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24 for Rus ...) + NOT-FOR-US: Rust crate convec +CVE-2020-36444 (An issue was discovered in the async-coap crate through 2020-12-08 for ...) + NOT-FOR-US: Rust crate async-coap +CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before 0.27.1 for ...) + NOT-FOR-US: Rust crate libp2p-deflate +CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for Rust. beef: ...) + NOT-FOR-US: Rust crate beef +CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for Rust. It im ...) + NOT-FOR-US: Rust crate abox +CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for Rust. For ...) + NOT-FOR-US: Rust crate libsbc +CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before 0.3.0 for Ru ...) + NOT-FOR-US: Rust crate ticketed_lock +CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0 for Rust ...) + NOT-FOR-US: Rust crate tiny_future +CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for Rust. T ...) + NOT-FOR-US: Rust crate conqueue +CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for Rust. P ...) + NOT-FOR-US: Rust crate unicycle +CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before 0.4.1 fo ...) + NOT-FOR-US: Rust crate ruspiro-singleton +CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for Rust. s ...) + NOT-FOR-US: Rust crate sys-info +CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25 for Rus ...) + NOT-FOR-US: Rust crate chunky +CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25 for Rus ...) + NOT-FOR-US: Rust crate alg_ds +CVE-2021-38173 (Btrbk before 0.31.2 allows command execution because of the mishandlin ...) + {DLA-2755-1} + - btrbk 0.27.1-2 + [bullseye] - btrbk 0.27.1-1.1+deb11u1 + [buster] - btrbk 0.27.1-1+deb10u1 + NOTE: Fixed by: https://github.com/digint/btrbk/commit/58212de771c381cd4fa05625927080bf264e9584 (v0.31.2) + NOTE: Introduced by: https://github.com/digint/btrbk/commit/ccb5ed5e7191a083da52998df4c880f693451144 (v0.23.0-rc1) +CVE-2021-38172 (perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially ...) + NOT-FOR-US: perM +CVE-2021-38171 (adts_decode_extradata in libavformat/adtsenc.c in FFmpeg 4.4 does not ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9ffa49496d1aae4cbbb387aac28a9e061a6ab0a6 +CVE-2021-38170 + RESERVED +CVE-2021-38169 (Roxy-WI through 5.2.2.0 allows command injection via /app/funct.py and ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38168 (Roxy-WI through 5.2.2.0 allows authenticated SQL injection via select_ ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38167 (Roxy-WI through 5.2.2.0 allows SQL Injection via check_login. An unaut ...) + NOT-FOR-US: Roxy-WI +CVE-2021-38164 (SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - ...) + NOT-FOR-US: SAP +CVE-2021-38163 (SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7. ...) + NOT-FOR-US: SAP +CVE-2021-38162 (SAP Web Dispatcher versions - 7.49, 7.53, 7.77, 7.81, KRNL64NUC - 7.22 ...) + NOT-FOR-US: SAP +CVE-2021-38161 (Improper Authentication vulnerability in TLS origin verification of Ap ...) + {DSA-5153-1} + - trafficserver 9.1.0+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: Mark first 9.x version as the fixed version as workaround, the issue does + NOTE: not affect the 9.x series. + NOTE: https://github.com/apache/trafficserver/commit/feefc5e4abc5011dfad5dcfef3f22998faf6e2d4 (8.1.x) + NOTE: but reverted pot 8.1.3 in https://github.com/apache/trafficserver/commit/bbbf80d75105313b51153c7fde0bf0edc8cf7783 +CVE-2021-38166 (In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is a ...) + {DSA-4978-1} + - linux 5.14.6-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) +CVE-2021-38159 (In certain Progress MOVEit Transfer versions before 2021.0.4 (aka 13.0 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2021-38158 + RESERVED +CVE-2021-38157 (LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated ...) + NOT-FOR-US: LeoStream Connection Broker +CVE-2021-38156 (In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboar ...) + NOT-FOR-US: Nagios XI +CVE-2021-38155 (OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1 ...) + - keystone 2:19.0.0-3 (bug #992070) + [bullseye] - keystone 2:18.0.0-3+deb11u1 + [buster] - keystone (Minor issue) + [stretch] - keystone (Keystone not supported in stretch) + NOTE: https://launchpad.net/bugs/1688137 +CVE-2021-38165 (Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, whic ...) + {DSA-4953-1 DLA-2736-1} + [experimental] - lynx 2.9.0dev.9-1 + - lynx 2.9.0dev.6-3 (bug #991971) + [bullseye] - lynx 2.9.0dev.6-3~deb11u1 + NOTE: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html + NOTE: https://lynx.invisible-island.net/current/CHANGES.html#v2.9.0dev.9 + NOTE: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz +CVE-2021-38160 (In drivers/char/virtio_console.c in the Linux kernel before 5.13.4, da ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/d00d8da5869a2608e97cfede094dfc5e11462a46 +CVE-2021-38154 (Certain Canon devices manufactured in 2012 through 2020 (such as image ...) + NOT-FOR-US: Canon +CVE-2021-38153 (Some components in Apache Kafka use `Arrays.equals` to validate a pass ...) + - kafka (bug #786460) +CVE-2021-38152 (index.php/appointment/insert_patient_add_appointment in Chikitsa Patie ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38151 (index.php/appointment/todos in Chikitsa Patient Management System 2.0. ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38150 (When an attacker manages to get access to the local memory, or the mem ...) + NOT-FOR-US: SAP +CVE-2021-38149 (index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 a ...) + NOT-FOR-US: Chikitsa Patient Management System +CVE-2021-38148 (Obsidian before 0.12.12 does not require user confirmation for non-htt ...) + NOT-FOR-US: Obsidian +CVE-2021-38147 (Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote att ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38146 (The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_1 ...) + NOT-FOR-US: Wipro Holmes Orchestrator +CVE-2021-38145 (An issue was discovered in Form Tools through 3.0.20. SQL Injection ca ...) + NOT-FOR-US: Form Tools +CVE-2021-38144 (An issue was discovered in Form Tools through 3.0.20. A low-privileged ...) + NOT-FOR-US: Form Tools +CVE-2021-38143 (An issue was discovered in Form Tools through 3.0.20. When an administ ...) + NOT-FOR-US: Form Tools +CVE-2021-38142 (Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and ...) + NOT-FOR-US: Barco MirrorOp Windows Sender +CVE-2021-38141 + RESERVED +CVE-2021-38140 (The set_user extension module before 2.0.1 for PostgreSQL allows a pot ...) + NOT-FOR-US: set_user extension for Postgres +CVE-2021-38139 + RESERVED +CVE-2021-38138 (OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vend ...) + NOT-FOR-US: OneNav +CVE-2021-38137 (Corero SecureWatch Managed Services 9.7.2.0020 does not correctly chec ...) + NOT-FOR-US: Corero SecureWatch Managed Services +CVE-2021-38136 (Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path T ...) + NOT-FOR-US: Corero SecureWatch Managed Services +CVE-2021-3688 (A flaw was found in Red Hat JBoss Core Services HTTP Server in all ver ...) + NOT-FOR-US: Red Hat JBoss Core Services HTTP Server +CVE-2021-38135 + RESERVED +CVE-2021-38134 + RESERVED +CVE-2021-38133 + RESERVED +CVE-2021-38132 + RESERVED +CVE-2021-38131 + RESERVED +CVE-2021-38130 (A potential Information leakage vulnerability has been identified in v ...) + NOT-FOR-US: Micro Focus +CVE-2021-38129 (Escalation of privileges vulnerability in Micro Focus in Micro Focus O ...) + NOT-FOR-US: Micro Focus +CVE-2021-38128 + RESERVED +CVE-2021-38127 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2021-38126 (Potential vulnerabilities have been identified in Micro Focus ArcSight ...) + NOT-FOR-US: Micro Focus +CVE-2021-38125 (Unauthenticated remote code execution in Micro Focus Operations Bridge ...) + NOT-FOR-US: Micro Focus +CVE-2021-38124 (Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise ...) + NOT-FOR-US: Micro Focus +CVE-2021-38123 (Open Redirect vulnerability in Micro Focus Network Automation, affecti ...) + NOT-FOR-US: Micro Focus +CVE-2021-38122 + RESERVED +CVE-2021-38121 + RESERVED +CVE-2021-38120 + RESERVED +CVE-2021-38119 + RESERVED +CVE-2021-38118 + RESERVED +CVE-2021-38117 + RESERVED +CVE-2021-38116 + RESERVED +CVE-2021-38115 (read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) thr ...) + - libgd2 2.3.3-1 (bug #991912) + [bullseye] - libgd2 (Minor issue) + [buster] - libgd2 (Minor issue) + [stretch] - libgd2 (Minor issue) + NOTE: https://github.com/libgd/libgd/issues/697 + NOTE: https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032 (gd-2.3.3~1) +CVE-2021-38114 (libavcodec/dnxhddec.c in FFmpeg 4.4 does not check the return value of ...) + {DSA-4998-1 DSA-4990-1 DLA-2742-1} + - ffmpeg 7:4.4.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7150f9575671f898382c370acae35f9087a30ba1 +CVE-2021-3687 + RESERVED +CVE-2021-3686 + RESERVED +CVE-2021-3685 + RESERVED +CVE-2021-3684 (A vulnerability was found in OpenShift Assisted Installer. During gene ...) + NOT-FOR-US: OpenShift +CVE-2021-3683 (showdoc is vulnerable to Cross-Site Request Forgery (CSRF)) + NOT-FOR-US: ShowDoc +CVE-2021-38113 (In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) t ...) + NOT-FOR-US: OpenWebif (aka e2openplugin-OpenWebif) +CVE-2021-38112 (In the Amazon AWS WorkSpaces client 3.0.10 through 3.1.8 on Windows, a ...) + NOT-FOR-US: Amazon AWS client for Windows +CVE-2021-38111 (The DEF CON 27 badge allows remote attackers to exploit a buffer overf ...) + NOT-FOR-US: DEF CON 27 badge +CVE-2021-38110 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) + NOT-FOR-US: Corel WordPerfect +CVE-2021-38109 (Corel DrawStandard 2020 22.0.0.474 is affected by an Out-of-bounds Rea ...) + NOT-FOR-US: Corel DrawStandard +CVE-2021-38108 (Word97Import200.dll in Corel WordPerfect 2020 20.0.0.200 is affected b ...) + NOT-FOR-US: Corel WordPerfect +CVE-2021-38107 (CdrCore.dll in Corel DrawStandard 2020 22.0.0.474 is affected by an Ou ...) + NOT-FOR-US: Corel DrawStandard +CVE-2021-38106 (UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38105 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38104 (IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38103 (IBJPG2.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38102 (IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Ou ...) + NOT-FOR-US: Corel Presentations +CVE-2021-38101 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38100 (Corel PhotoPaint Standard 2020 22.0.0.474 is affected by an Out-of-bou ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38099 (CDRRip.dll in Corel PhotoPaint Standard 2020 22.0.0.474 is affected by ...) + NOT-FOR-US: Corel PhotoPaint Standard +CVE-2021-38098 (Corel PDF Fusion 2.6.2.0 is affected by a Heap Corruption vulnerabilit ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38097 (Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds Write vulnera ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38096 (Coreip.dll in Corel PDF Fusion 2.6.2.0 is affected by an Out-of-bounds ...) + NOT-FOR-US: Corel PDF Fusion +CVE-2021-38095 (The REST API in Planview Spigit 4.5.3 allows remote unauthenticated at ...) + NOT-FOR-US: Planview Spigit +CVE-2021-38094 (Integer Overflow vulnerability in function filter_sobel in libavfilter ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 + NOTE: Negligible security impact +CVE-2021-38093 (Integer Overflow vulnerability in function filter_robert in libavfilte ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 + NOTE: Negligible security impact +CVE-2021-38092 (Integer Overflow vulnerability in function filter_prewitt in libavfilt ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38091 (Integer Overflow vulnerability in function filter16_sobel in libavfilt ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38090 (Integer Overflow vulnerability in function filter16_roberts in libavfi ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2021-38089 + REJECTED +CVE-2021-3682 (A flaw was found in the USB redirector device emulation of QEMU in ver ...) + {DSA-4980-1 DLA-3099-1 DLA-2753-1} + - qemu 1:6.0+dfsg-3 (bug #991911) + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/491 + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/b2d1fe67d09d2b6c7da647fbcea6ca0148c206d3 (v1.4.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/5e796671e6b8d5de4b0b423dce1b3eba144a92c9 (v6.1.0-rc2) +CVE-2021-38088 (Acronis Cyber Protect 15 for Windows prior to build 27009 allowed loca ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38087 (Reflected cross-site scripting (XSS) was possible on the login page in ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38086 (Acronis Cyber Protect 15 for Windows prior to build 27009 and Acronis ...) + NOT-FOR-US: Acronis Cyber Protect +CVE-2021-38085 (The Canon TR150 print driver through 3.71.2.10 is vulnerable to a priv ...) + NOT-FOR-US: Canon +CVE-2021-38084 (An issue was discovered in the POP3 component of Courier Mail Server b ...) + - courier (bug #989375) + [bookworm] - courier (Minor issue) + [bullseye] - courier (Minor issue) + [buster] - courier (Minor issue) + [stretch] - courier (Minor issue, include in next update) + NOTE: https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 + NOTE: https://sourceforge.net/p/courier/mailman/message/37329216/ + NOTE: https://sourceforge.net/p/courier/courier-libs.git/ci/97ed62b17a2616c758d09105b5a14dd1038cff6f/ (1.1.5) +CVE-2021-38083 + RESERVED +CVE-2021-38082 + RESERVED +CVE-2021-38081 + RESERVED +CVE-2021-38080 + RESERVED +CVE-2021-38079 + RESERVED +CVE-2021-38078 + RESERVED +CVE-2021-38077 + RESERVED +CVE-2021-38076 + RESERVED +CVE-2021-38075 + RESERVED +CVE-2021-38074 + RESERVED +CVE-2021-38073 + RESERVED +CVE-2021-38072 + RESERVED +CVE-2021-38071 + RESERVED +CVE-2021-38070 + RESERVED +CVE-2021-38069 + RESERVED +CVE-2021-38068 + RESERVED +CVE-2021-38067 + RESERVED +CVE-2021-38066 + RESERVED +CVE-2021-38065 + RESERVED +CVE-2021-38064 + RESERVED +CVE-2021-38063 + RESERVED +CVE-2021-38062 + RESERVED +CVE-2021-38061 + RESERVED +CVE-2021-38060 + RESERVED +CVE-2021-38059 + RESERVED +CVE-2021-38058 + RESERVED +CVE-2021-38057 + RESERVED +CVE-2021-38056 + RESERVED +CVE-2021-38055 + RESERVED +CVE-2021-38054 + RESERVED +CVE-2021-38053 + RESERVED +CVE-2021-38052 + RESERVED +CVE-2021-38051 + RESERVED +CVE-2021-38050 + RESERVED +CVE-2021-38049 + RESERVED +CVE-2021-38048 + RESERVED +CVE-2021-38047 + RESERVED +CVE-2021-38046 + RESERVED +CVE-2021-38045 + RESERVED +CVE-2021-38044 + RESERVED +CVE-2021-38043 + RESERVED +CVE-2021-38042 + RESERVED +CVE-2021-38041 + RESERVED +CVE-2021-38040 + RESERVED +CVE-2021-38039 + RESERVED +CVE-2021-38038 + RESERVED +CVE-2021-38037 + RESERVED +CVE-2021-38036 + RESERVED +CVE-2021-38035 + RESERVED +CVE-2021-38034 + RESERVED +CVE-2021-38033 + RESERVED +CVE-2021-38032 + RESERVED +CVE-2021-38031 + RESERVED +CVE-2021-38030 + RESERVED +CVE-2021-38029 + RESERVED +CVE-2021-38028 + RESERVED +CVE-2021-38027 + RESERVED +CVE-2021-38026 + RESERVED +CVE-2021-38025 + RESERVED +CVE-2021-38024 + RESERVED +CVE-2021-38023 + RESERVED +CVE-2021-38022 (Inappropriate implementation in WebAuthentication in Google Chrome pri ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38021 (Inappropriate implementation in referrer in Google Chrome prior to 96. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38020 (Insufficient policy enforcement in contacts picker in Google Chrome on ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38019 (Insufficient policy enforcement in CORS in Google Chrome prior to 96.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38018 (Inappropriate implementation in navigation in Google Chrome prior to 9 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38017 (Insufficient policy enforcement in iframe sandbox in Google Chrome pri ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38016 (Insufficient policy enforcement in background fetch in Google Chrome p ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38015 (Inappropriate implementation in input in Google Chrome prior to 96.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38014 (Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38013 (Heap buffer overflow in fingerprint recognition in Google Chrome on Ch ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38012 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38011 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38010 (Inappropriate implementation in service workers in Google Chrome prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38009 (Inappropriate implementation in cache in Google Chrome prior to 96.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38008 (Use after free in media in Google Chrome prior to 96.0.4664.45 allowed ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38007 (Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38006 (Use after free in storage foundation in Google Chrome prior to 96.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38005 (Use after free in loader in Google Chrome prior to 96.0.4664.45 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38004 (Insufficient policy enforcement in Autofill in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38003 (Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38002 (Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38001 (Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-38000 (Insufficient validation of untrusted input in Intents in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37999 (Insufficient data validation in New Tab Page in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37998 (Use after free in Garbage Collection in Google Chrome prior to 95.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37997 (Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37996 (Insufficient validation of untrusted input Downloads in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37995 (Inappropriate implementation in WebApp Installer in Google Chrome prio ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37994 (Inappropriate implementation in iFrame Sandbox in Google Chrome prior ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37993 (Use after free in PDF Accessibility in Google Chrome prior to 95.0.463 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37992 (Out of bounds read in WebAudio in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37991 (Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote att ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37990 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37989 (Inappropriate implementation in Blink in Google Chrome prior to 95.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37988 (Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allo ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37987 (Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37986 (Heap buffer overflow in Settings in Google Chrome prior to 95.0.4638.5 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37985 (Use after free in V8 in Google Chrome prior to 95.0.4638.54 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37984 (Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37983 (Use after free in Dev Tools in Google Chrome prior to 95.0.4638.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37982 (Use after free in Incognito in Google Chrome prior to 95.0.4638.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37981 (Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 al ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37980 (Inappropriate implementation in Sandbox in Google Chrome prior to 94.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37979 (heap buffer overflow in WebRTC in Google Chrome prior to 94.0.4606.81 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37978 (Heap buffer overflow in Blink in Google Chrome prior to 94.0.4606.81 a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37977 (Use after free in Garbage Collection in Google Chrome prior to 94.0.46 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37976 (Inappropriate implementation in Memory in Google Chrome prior to 94.0. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37975 (Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37974 (Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37973 (Use after free in Portals in Google Chrome prior to 94.0.4606.61 allow ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37972 (Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.460 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37971 (Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37970 (Use after free in File System API in Google Chrome prior to 94.0.4606. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37969 (Inappropriate implementation in Google Updater in Google Chrome on Win ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37968 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37967 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37966 (Inappropriate implementation in Compositing in Google Chrome on Androi ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37965 (Inappropriate implementation in Background Fetch API in Google Chrome ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37964 (Inappropriate implementation in ChromeOS Networking in Google Chrome o ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37963 (Side-channel information leakage in DevTools in Google Chrome prior to ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37962 (Use after free in Performance Manager in Google Chrome prior to 94.0.4 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37961 (Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 all ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37960 + REJECTED +CVE-2021-37959 (Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37958 (Inappropriate implementation in Navigation in Google Chrome on Windows ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37957 (Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowe ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37956 (Use after free in Offline use in Google Chrome on Android prior to 94. ...) + {DSA-5046-1} + - chromium 97.0.4692.71-0.1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-37955 + RESERVED +CVE-2021-37954 + RESERVED +CVE-2021-37953 + RESERVED +CVE-2021-37952 + RESERVED +CVE-2021-37951 + RESERVED +CVE-2021-37950 + RESERVED +CVE-2021-37949 + RESERVED +CVE-2021-37948 + RESERVED +CVE-2021-37947 + RESERVED +CVE-2021-37946 + RESERVED +CVE-2021-37945 + RESERVED +CVE-2021-37944 + RESERVED +CVE-2021-37943 + RESERVED +CVE-2021-37942 (A local privilege escalation issue was found with the APM Java agent, ...) + NOT-FOR-US: Elastic APM Java agent +CVE-2021-37941 (A local privilege escalation issue was found with the APM Java agent, ...) + NOT-FOR-US: Elastic APM Java agent +CVE-2021-37940 (An information disclosure via GET request server-side request forgery ...) + NOT-FOR-US: Workplace Search GHES integration +CVE-2021-37939 (It was discovered that Kibana\u2019s JIRA connector & IBM Resilient co ...) + NOT-FOR-US: IBM +CVE-2021-37938 (It was discovered that on Windows operating systems specifically, Kiba ...) + - kibana (bug #700337) +CVE-2021-37937 (An issue was found with how API keys are created with the Fleet-Server ...) + - elasticsearch +CVE-2021-37936 (It was discovered that Kibana was not sanitizing document fields conta ...) + - kibana (bug #700337) +CVE-2021-37935 (An information disclosure vulnerability in the login page of Huntflow ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37934 (Due to insufficient server-side login-attempt limit enforcement, a vul ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37933 (An LDAP injection vulnerability in /account/login in Huntflow Enterpri ...) + NOT-FOR-US: Huntflow Enterprise +CVE-2021-37932 + RESERVED +CVE-2021-3681 (A flaw was found in Ansible Galaxy Collections. When collections are b ...) + NOT-FOR-US: Ansible Galaxy +CVE-2021-3680 (showdoc is vulnerable to Missing Cryptographic Step) + NOT-FOR-US: ShowDoc +CVE-2021-3679 (A lack of CPU resource in the Linux kernel tracing module functionalit ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/67f0d6d9883c13174669f88adac4f0ee656cc16a +CVE-2021-3678 (showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random N ...) + NOT-FOR-US: ShowDoc +CVE-2021-37931 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37930 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37929 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37928 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37927 (Zoho ManageEngine ADManager Plus version 7110 and prior allows account ...) + NOT-FOR-US: Zoho ManageEngine ADManager Plus +CVE-2021-37926 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37925 (Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Aut ...) + NOT-FOR-US: Zoho ManageEngine ADManager Plus +CVE-2021-37924 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37923 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37922 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37921 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37920 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37919 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37918 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37917 + RESERVED +CVE-2021-37916 (Joplin before 2.0.9 allows XSS via button and form in the note body.) + NOT-FOR-US: Joplin +CVE-2021-37915 (An issue was discovered on the Grandstream HT801 Analog Telephone Adap ...) + NOT-FOR-US: Grandstream +CVE-2021-37914 (In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled an ...) + NOT-FOR-US: Argo Workflows +CVE-2021-37913 (The HGiga OAKlouds mobile portal does not filter special characters of ...) + NOT-FOR-US: HGiga OAKlouds mobile portal +CVE-2021-37912 (The HGiga OAKlouds mobile portal does not filter special characters of ...) + NOT-FOR-US: HGiga OAKlouds mobile portal +CVE-2021-37911 (The management interface of BenQ smart wireless conference projector d ...) + NOT-FOR-US: BenQ smart wireless conference projector +CVE-2021-37910 (ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has i ...) + NOT-FOR-US: ASUS routers +CVE-2021-37909 (WriteRegistry function in TSSServiSign component does not filter and v ...) + NOT-FOR-US: TSSServiSignAdapter Windows +CVE-2021-37908 + RESERVED +CVE-2021-37907 + RESERVED +CVE-2021-37906 + RESERVED +CVE-2021-37905 + RESERVED +CVE-2021-37904 + RESERVED +CVE-2021-37903 + RESERVED +CVE-2021-37902 + RESERVED +CVE-2021-37901 + RESERVED +CVE-2021-37900 + RESERVED +CVE-2021-37899 + RESERVED +CVE-2021-37898 + RESERVED +CVE-2021-37897 + RESERVED +CVE-2021-37896 + RESERVED +CVE-2021-37895 + RESERVED +CVE-2021-37894 + RESERVED +CVE-2021-37893 + RESERVED +CVE-2021-37892 + RESERVED +CVE-2021-37891 + RESERVED +CVE-2021-37890 + RESERVED +CVE-2021-37889 + RESERVED +CVE-2021-37888 + RESERVED +CVE-2021-37887 + RESERVED +CVE-2021-37886 + RESERVED +CVE-2021-37885 + RESERVED +CVE-2021-37884 + RESERVED +CVE-2021-37883 + RESERVED +CVE-2021-37882 + RESERVED +CVE-2021-37881 + RESERVED +CVE-2021-37880 + RESERVED +CVE-2021-37879 + RESERVED +CVE-2021-37878 + RESERVED +CVE-2021-37877 + RESERVED +CVE-2021-37876 + RESERVED +CVE-2021-37875 + RESERVED +CVE-2021-37874 + RESERVED +CVE-2021-37873 + RESERVED +CVE-2021-37872 + RESERVED +CVE-2021-37871 + RESERVED +CVE-2021-37870 + RESERVED +CVE-2021-37869 + RESERVED +CVE-2021-37868 + RESERVED +CVE-2021-37867 (Mattermost Boards plugin v0.10.0 and earlier fails to protect email ad ...) + NOT-FOR-US: Mattermost Boards plugin +CVE-2021-37866 (Mattermost Boards plugin v0.10.0 and earlier fails to invalidate a ses ...) + NOT-FOR-US: Mattermost Boards plugin +CVE-2021-37865 (Mattermost 6.2 and earlier fails to sufficiently process a specificall ...) + - mattermost-server (bug #823556) + NOTE: https://cve.report/CVE-2021-37865 (MMSA-2021-0081) +CVE-2021-37864 (Mattermost 6.1 and earlier fails to sufficiently validate permissions ...) + - mattermost-server (bug #823556) + NOTE: https://cve.report/CVE-2021-37864 (MMSA-2021-0076) +CVE-2021-37863 (Mattermost 6.0 and earlier fails to sufficiently validate parameters d ...) + - mattermost-server (bug #823556) + NOTE: https://cve.report/CVE-2021-37863 (MMSA-2021-0075) +CVE-2021-37862 (Mattermost 6.0 and earlier fails to sufficiently validate the email ad ...) + - mattermost-server (bug #823556) + NOTE: https://cve.report/CVE-2021-37862 (MMSA-2021-0074) +CVE-2021-37861 (Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's pas ...) + - mattermost-server (bug #823556) +CVE-2021-37860 (Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard c ...) + - mattermost-server (bug #823556) +CVE-2021-37859 (Fixed a bypass for a reflected cross-site scripting vulnerability affe ...) + - mattermost-server (bug #823556) +CVE-2021-37858 + REJECTED +CVE-2021-37857 + REJECTED +CVE-2021-37856 + REJECTED +CVE-2021-37855 + REJECTED +CVE-2021-37854 + REJECTED +CVE-2021-37853 + REJECTED +CVE-2021-37852 (ESET products for Windows allows untrusted process to impersonate the ...) + NOT-FOR-US: ESET +CVE-2021-37851 (Local privilege escalation in Windows products of ESET allows user who ...) + NOT-FOR-US: ESET +CVE-2021-37850 (ESET was made aware of a vulnerability in its consumer and business pr ...) + NOT-FOR-US: ESET +CVE-2021-37849 + RESERVED +CVE-2021-37848 (common/password.c in Pengutronix barebox through 2021.07.0 leaks timin ...) + NOT-FOR-US: Pengutronix Barebox +CVE-2021-37847 (crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing ...) + NOT-FOR-US: Pengutronix Barebox +CVE-2021-37846 + RESERVED +CVE-2021-37845 (An issue was discovered in Citadel through webcit-932. A meddler-in-th ...) + - citadel + [buster] - citadel (Minor issue) + [stretch] - citadel (Minor issue, revisit when fixed upstream) + NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 + NOTE: https://nostarttls.secvuln.info/ + NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes +CVE-2021-37844 + RESERVED +CVE-2021-3677 (A flaw was found in postgresql. A purpose-crafted query can read arbit ...) + - postgresql-13 13.4-1 + [bullseye] - postgresql-13 13.4-0+deb11u1 + - postgresql-11 + [buster] - postgresql-11 11.13-0+deb10u1 + NOTE: https://www.postgresql.org/about/news/postgresql-134-128-1113-1018-9623-and-14-beta-3-released-2277/ +CVE-2021-3676 + REJECTED +CVE-2021-3675 (Improper Input Validation vulnerability in synaTEE.signed.dll of Synap ...) + NOT-FOR-US: Synaptics Fingerprint Driver +CVE-2021-37843 (The resolution SAML SSO apps for Atlassian products allow a remote att ...) + NOT-FOR-US: resolution SAML SSO apps for Atlassian products +CVE-2021-37842 (metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensiti ...) + NOT-FOR-US: Couchbase Server +CVE-2021-37841 (Docker Desktop before 3.6.0 suffers from incorrect access control. If ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2021-37840 (aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) in ...) + NOT-FOR-US: aaPanel +CVE-2021-37839 (Apache Superset up to 1.5.1 allowed for authenticated users to access ...) + NOT-FOR-US: Apache Superset +CVE-2021-3674 (A flaw was found in rizin. The create_section_from_phdr function alloc ...) + NOT-FOR-US: rizin +CVE-2021-3673 (A vulnerability was found in Radare2 in version 5.3.1. Improper input ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/18923 + NOTE: https://github.com/radareorg/radare2/commit/d7ea20fb2e1433ebece9f004d87ad8f2377af23d +CVE-2021-37838 + RESERVED +CVE-2021-37837 + RESERVED +CVE-2021-37836 + RESERVED +CVE-2021-37835 + RESERVED +CVE-2021-37834 + RESERVED +CVE-2021-37833 (A reflected cross-site scripting (XSS) vulnerability exists in multipl ...) + - hoteldruid 3.0.3-1 (bug #991910) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) + NOTE: https://github.com/dievus/CVE-2021-37833 +CVE-2021-37832 (A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid w ...) + - hoteldruid 3.0.3-1 (bug #991910) + [bullseye] - hoteldruid (Minor issue) + [buster] - hoteldruid (Minor issue) + [stretch] - hoteldruid (Minor issue) + NOTE: https://github.com/dievus/CVE-2021-37832 +CVE-2021-37831 + RESERVED +CVE-2021-37830 + RESERVED +CVE-2021-37829 + RESERVED +CVE-2021-37828 + RESERVED +CVE-2021-37827 + RESERVED +CVE-2021-37826 + RESERVED +CVE-2021-37825 + RESERVED +CVE-2021-37824 + RESERVED +CVE-2021-37823 (OpenCart 3.0.3.7 allows users to obtain database information or read s ...) + NOT-FOR-US: OpenCart +CVE-2021-37822 + RESERVED +CVE-2021-37821 + RESERVED +CVE-2021-37820 + RESERVED +CVE-2021-37819 (PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop ...) + - pdftk-java 3.3.2-1 + [bullseye] - pdftk-java (Minor issue) + [buster] - pdftk-java (Minor issue) + - pdftk 2.02-5 + - libitext-java + [bookworm] - libitext-java (Minor issue) + [bullseye] - libitext-java (Minor issue) + [buster] - libitext-java (Minor issue) + - libitext1-java + [bookworm] - libitext1-java (Minor issue) + [bullseye] - libitext1-java (Minor issue) + [buster] - libitext1-java (Minor issue) + - libitext5-java + [bookworm] - libitext5-java (Minor issue) + [bullseye] - libitext5-java (Minor issue) + [buster] - libitext5-java (Minor issue) + NOTE: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21 + NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/75deacdf5c46fd4eefb310c784eb9dfdc7b9fdc9 (v3.3.0) + NOTE: https://gitlab.com/pdftk-java/pdftk/-/commit/9b0cbb76c8434a8505f02ada02a94263dcae9247 (v3.3.0) + NOTE: Starting with 2.02-5 src:pdftk is just a transition package towards src:pdftk-java +CVE-2021-37818 + RESERVED +CVE-2021-37817 + RESERVED +CVE-2021-37816 + RESERVED +CVE-2021-37815 + RESERVED +CVE-2021-37814 + RESERVED +CVE-2021-37813 + RESERVED +CVE-2021-37812 + RESERVED +CVE-2021-37811 + RESERVED +CVE-2021-37810 + RESERVED +CVE-2021-37809 + RESERVED +CVE-2021-37808 (SQL Injection vulnerabilities exist in https://phpgurukul.com News Por ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37807 (An SQL Injection vulneraility exists in https://phpgurukul.com Online ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37806 (An SQL Injection vulnerability exists in https://phpgurukul.com Vehicl ...) + NOT-FOR-US: PHPGurukul +CVE-2021-37805 (A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodes ...) + NOT-FOR-US: Sourcecodeste Vehicle Parking Management System +CVE-2021-37804 + RESERVED +CVE-2021-37803 (An SQL Injection vulnerability exists in Sourcecodester Online Covid V ...) + NOT-FOR-US: Sourcecodester Online Covid Vaccination Scheduler System +CVE-2021-37802 + RESERVED +CVE-2021-37801 + RESERVED +CVE-2021-37800 + RESERVED +CVE-2021-37799 + RESERVED +CVE-2021-37798 + RESERVED +CVE-2021-37797 + RESERVED +CVE-2021-37796 + RESERVED +CVE-2021-37795 + RESERVED +CVE-2021-37794 (A stored cross-site scripting (XSS) vulnerability exists in FileBrowse ...) + NOT-FOR-US: FileBrowser +CVE-2021-37793 + RESERVED +CVE-2021-37792 + RESERVED +CVE-2021-37791 (MyAdmin v1.0 is affected by an incorrect access control vulnerability ...) + NOT-FOR-US: cdfan/my-admin +CVE-2021-37790 + RESERVED +CVE-2021-37789 (stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, lead ...) + {DLA-3305-1} + - libstb 0.0~git20210910.af1a5bc+ds-1 (bug #1023693) + [bullseye] - libstb (Minor issue) + NOTE: https://github.com/nothings/stb/issues/1178 + NOTE: https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40 +CVE-2021-37788 (A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could all ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-37787 + RESERVED +CVE-2021-37786 (Certain Federal Office of Information Technology Systems and Telecommu ...) + NOT-FOR-US: Covid certificate app in Switzerland. +CVE-2021-37785 + RESERVED +CVE-2021-37784 + RESERVED +CVE-2021-37783 + RESERVED +CVE-2021-37782 (Employee Record Management System v 1.2 is vulnerable to SQL Injection ...) + NOT-FOR-US: Employee Record Management System +CVE-2021-37781 (Employee Record Management System v 1.2 is vulnerable to Cross Site Sc ...) + NOT-FOR-US: Employee Record Management System +CVE-2021-37780 + RESERVED +CVE-2021-37779 + RESERVED +CVE-2021-37778 (There is a buffer overflow in gps-sdr-sim v1.0 when parsing long comma ...) + NOT-FOR-US: osqzss/gps-sdr-sim +CVE-2021-37777 (Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR ...) + NOT-FOR-US: Gila CMS +CVE-2021-37776 + RESERVED +CVE-2021-37775 + RESERVED +CVE-2021-37774 (An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0. ...) + NOT-FOR-US: TL-WDR7660 +CVE-2021-37773 + RESERVED +CVE-2021-37772 + RESERVED +CVE-2021-37771 + RESERVED +CVE-2021-37770 (Nucleus CMS v3.71 is affected by a file upload vulnerability. In this ...) + NOT-FOR-US: Nucleus CMS +CVE-2021-37769 + RESERVED +CVE-2021-37768 + RESERVED +CVE-2021-37767 + RESERVED +CVE-2021-37766 + RESERVED +CVE-2021-37765 + RESERVED +CVE-2021-37764 (Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0. ...) + NOT-FOR-US: XOS-Shop +CVE-2021-37763 + RESERVED +CVE-2021-37762 (Zoho ManageEngine ADManager Plus version 7110 and prior allows unrestr ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37761 (Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37760 (A Session ID leak in the audit log in Graylog before 4.1.2 allows atta ...) + - graylog2 (bug #652273) +CVE-2021-37759 (A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows ...) + - graylog2 (bug #652273) +CVE-2021-37758 + RESERVED +CVE-2021-37757 + RESERVED +CVE-2021-37756 + RESERVED +CVE-2021-37755 + RESERVED +CVE-2021-37754 + RESERVED +CVE-2021-37753 + RESERVED +CVE-2021-37752 + RESERVED +CVE-2021-37751 + RESERVED +CVE-2021-37750 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before ...) + {DLA-2771-1} + - krb5 1.18.3-7 (bug #992607) + [bullseye] - krb5 1.18.3-6+deb11u1 + [buster] - krb5 1.17-3+deb10u3 + NOTE: https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49 +CVE-2021-37749 (MapService.svc in Hexagon GeoMedia WebMap 2020 before Update 2 (aka 16 ...) + NOT-FOR-US: Hexagon GeoMedia WebMap +CVE-2021-37748 (Multiple buffer overflows in the limited configuration shell (/sbin/gs ...) + NOT-FOR-US: Grandstream +CVE-2021-37747 + RESERVED +CVE-2021-37746 (textview_uri_security_check in textview.c in Claws Mail before 3.18.0, ...) + - claws-mail 3.18.0-1 (bug #991722) + [bullseye] - claws-mail (Minor issue) + [buster] - claws-mail (Minor issue) + [stretch] - claws-mail (Minor issue) + - sylpheed (bug #991723) + [bookworm] - sylpheed (Minor issue) + [bullseye] - sylpheed (Minor issue) + [buster] - sylpheed (Minor issue) + [stretch] - sylpheed (Minor issue) + NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=ac286a71ed78429e16c612161251b9ea90ccd431 +CVE-2021-3672 (A flaw was found in c-ares library, where a missing input validation c ...) + {DSA-4954-1 DLA-2738-1} + - c-ares 1.17.1-1.1 (bug #992053) + [bullseye] - c-ares 1.17.1-1+deb11u1 + NOTE: https://c-ares.haxx.se/adv_20210810.html + NOTE: https://github.com/c-ares/c-ares/commit/362f91d807d293791008cdb7616d40f7784ece83 + NOTE: https://github.com/c-ares/c-ares/commit/44c009b8e62ea1929de68e3f438181bea469ec14 +CVE-2021-37745 + RESERVED +CVE-2021-37744 + RESERVED +CVE-2021-37743 (app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored X ...) + NOT-FOR-US: MISP +CVE-2021-37742 (app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.14 ...) + NOT-FOR-US: MISP +CVE-2021-37741 (ManageEngine ADManager Plus before 7111 has Pre-authentication RCE vul ...) + NOT-FOR-US: ManageEngine +CVE-2021-37740 (A denial of service vulnerability exists in MDT's firmware for the KNX ...) + NOT-FOR-US: MDT SCN-IP100.03 +CVE-2021-37739 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37738 (A remote disclosure of sensitive information vulnerability was discove ...) + NOT-FOR-US: Aruba +CVE-2021-37737 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-37736 (A remote authentication bypass vulnerability was discovered in Aruba C ...) + NOT-FOR-US: Aruba +CVE-2021-37735 (A remote denial of service vulnerability was discovered in Aruba Insta ...) + NOT-FOR-US: Aruba +CVE-2021-37734 (A remote unauthorized read access to files vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-37733 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) + NOT-FOR-US: Aruba +CVE-2021-37732 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37731 (A local path traversal vulnerability was discovered in Aruba SD-WAN So ...) + NOT-FOR-US: Aruba +CVE-2021-37730 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37729 (A remote path traversal vulnerability was discovered in Aruba SD-WAN S ...) + NOT-FOR-US: Aruba +CVE-2021-37728 (A remote path traversal vulnerability was discovered in Aruba Operatin ...) + NOT-FOR-US: Aruba +CVE-2021-37727 (A remote arbitrary command execution vulnerability was discovered in H ...) + NOT-FOR-US: Aruba +CVE-2021-37726 (A remote buffer overflow vulnerability was discovered in HPE Aruba Ins ...) + NOT-FOR-US: Aruba +CVE-2021-37725 (A remote cross-site request forgery (csrf) vulnerability was discovere ...) + NOT-FOR-US: Aruba +CVE-2021-37724 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37723 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37722 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37721 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37720 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37719 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37718 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37717 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-37716 (A remote buffer overflow vulnerability was discovered in Aruba SD-WAN ...) + NOT-FOR-US: Aruba +CVE-2021-37715 (A remote cross-site scripting (XSS) vulnerability was discovered in Ar ...) + NOT-FOR-US: Aruba +CVE-2021-3671 (A null pointer de-reference was found in the way samba kerberos server ...) + {DSA-5287-1 DLA-3206-1} + - heimdal 7.7.0+dfsg-3 (bug #996586) + [stretch] - heimdal (Minor issue) + - samba 2:4.13.13+dfsg-1 + [bullseye] - samba 2:4.13.13+dfsg-1~deb11u1 + [buster] - samba (Minor issue) + [stretch] - samba (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2013080 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14770 + NOTE: https://github.com/heimdal/heimdal/security/advisories/GHSA-h9qj-cpmq-3562 + NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/04171147948d0a3636bc6374181926f0fb2ec83a + NOTE: Followup: https://github.com/heimdal/heimdal/commit/773802aecfb4b6a73817fa522faeb55b2a7cdb2a + NOTE: "Equivalent" issue for CVE-2021-37750 for the MIT krb5 vulnerability. + NOTE: Fixed by (Samba): https://gitlab.com/samba-team/samba/-/commit/0cb4b939f192376bf5e33637863a91a20f74c5a5 +CVE-2021-3670 (MaxQueryDuration not honoured in Samba AD DC LDAP) + - ldb 2:2.2.3-1 + [buster] - ldb (Minor issue) + [stretch] - ldb (Minor issue) + - samba 2:4.16.0+dfsg-2 + [bullseye] - samba (Domain controller functionality is EOLed, see DSA DSA-5477-1) + [buster] - samba (Minor issue; affects Samba as AD DC; cf DSA 5015-1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2077533 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14694 + NOTE: https://gitlab.com/samba-team/samba/-/commit/dcfcafdbf756e12d9077ad7920eea25478c29f81 + NOTE: https://gitlab.com/samba-team/samba/-/commit/86fe9d48883f87c928bf31ccbd275db420386803 + NOTE: https://gitlab.com/samba-team/samba/-/commit/e1ab0c43629686d1d2c0b0b2bcdc90057a792049 + NOTE: ldb: https://gitlab.com/samba-team/samba/-/commit/1d5b155619bc532c46932965b215bd73a920e56f + NOTE: https://gitlab.com/samba-team/samba/-/commit/2b3af3b560c9617a233c131376c870fce146c002 + NOTE: https://gitlab.com/samba-team/samba/-/commit/5f0590362c5c0c5ee20503a67467f9be2d50e73b + NOTE: https://gitlab.com/samba-team/samba/-/commit/3507e96b3dcf0c0b8eff7b2c08ffccaf0812a393 + NOTE: Fixed in ldb 2.5.0, 2.4.2 and 2.3.3 +CVE-2021-37714 (jsoup is a Java library for working with HTML. Those using jsoup versi ...) + - jsoup 1.14.2-1 (bug #992590) + [bullseye] - jsoup (Minor issue) + [buster] - jsoup (Minor issue) + [stretch] - jsoup (Minor issue) + NOTE: https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c +CVE-2021-37713 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) + - node-tar (Only affects node-tar on Windows) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh +CVE-2021-37712 (The npm package "tar" (aka node-tar) before versions 4.4.18, 5.0.10, a ...) + {DSA-5008-1 DLA-3237-1} + - node-tar 6.1.11+~cs11.3.10-1 (bug #993981) + [stretch] - node-tar (Nodejs in stretch not covered by security support) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-qq89-hq3f-393p +CVE-2021-37711 (Versions prior to 6.4.3.1 contain an authenticated server-side request ...) + NOT-FOR-US: Shopware +CVE-2021-37710 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37709 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) + NOT-FOR-US: Shopware +CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-5285-1 DLA-3549-1 DLA-3194-1 DLA-2962-1} + - asterisk 1:18.10.1~dfsg+~cs6.10.40431411-1 + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring (bug #1014998; bug #1057379) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29945 + NOTE: https://downloads.asterisk.org/pub/security/AST-2022-004.html + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 + NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 +CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) + NOT-FOR-US: OneFuzz +CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) + NOT-FOR-US: PhpFastCache +CVE-2021-37703 (Discourse is an open-source platform for community discussion. In Disc ...) + NOT-FOR-US: Discourse +CVE-2021-37702 (Pimcore is an open source data & experience management platform. Prior ...) + NOT-FOR-US: Pimcore +CVE-2021-37701 (The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, an ...) + {DSA-5008-1 DLA-3237-1} + - node-tar 6.1.7+~cs11.3.10-1 + [stretch] - node-tar (Nodejs in stretch not covered by security support) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-9r2w-394v-53qc +CVE-2021-37700 (@github/paste-markdown is an npm package for pasting markdown objects. ...) + NOT-FOR-US: Node paste-markdown +CVE-2021-37699 (Next.js is an open source website development framework to be used wit ...) + NOT-FOR-US: next.js +CVE-2021-37698 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + - icinga2 2.13.1-1 + [bullseye] - icinga2 (Minor issue) + [buster] - icinga2 (Minor issue) + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-cxfm-8j5v-5qr2 + NOTE: https://icinga.com/blog/2021/08/19/icinga-2-13-1-security-release/ + NOTE: https://github.com/Icinga/icinga2/commit/8910abc5882774c067dfc22cdf8bf8b830257608 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/bf535969ac23962b65b72ea3893c6b384e1d3218 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/d7133ae4298d133a088b25c9a71ffeb1f8164a8d (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/6db8795ca4b6a853f49615279f068d4cf2b42087 (v2.12.6) + NOTE: https://github.com/Icinga/icinga2/commit/b7dd909a30367a4b8389e9362f05a856bbd7b081 (v2.12.6) +CVE-2021-37697 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) + NOT-FOR-US: tmerc-cogs +CVE-2021-37696 (tmerc-cogs are a collection of open source plugins for the Red Discord ...) + NOT-FOR-US: tmerc-cogs +CVE-2021-37695 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + {DLA-2813-1} + - ckeditor 4.16.2+dfsg-1 (bug #992290) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + - ckeditor3 (bug #1015217) + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + [stretch] - ckeditor3 (EOL'd for stretch) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-m94c-37g6-cjhc + NOTE: https://github.com/ckeditor/ckeditor4/commit/de3c001540715f9c3801aaa38a1917de46cfcf58 +CVE-2021-37694 (@asyncapi/java-spring-cloud-stream-template generates a Spring Cloud S ...) + NOT-FOR-US: @asyncapi/java-spring-cloud-stream-template +CVE-2021-37693 (Discourse is an open-source platform for community discussion. In Disc ...) + NOT-FOR-US: Discourse +CVE-2021-37692 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37691 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37690 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37689 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37688 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37687 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37686 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37685 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37684 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37683 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37682 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37681 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37680 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37679 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37678 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37677 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37676 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37675 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37674 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37673 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37672 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37671 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37670 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37669 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37668 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37667 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37666 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37665 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37664 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37663 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37662 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37661 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37660 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37659 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37658 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37657 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37656 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37655 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37654 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37653 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37652 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37651 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37650 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37649 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37648 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37647 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37646 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37645 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37644 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37643 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37642 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37641 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37640 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37639 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37638 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37637 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37636 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37635 (TensorFlow is an end-to-end open source platform for machine learning. ...) + - tensorflow (bug #804612) +CVE-2021-37634 (Leafkit is a templating language with Swift-inspired syntax. Versions ...) + NOT-FOR-US: Leafkit +CVE-2021-37633 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2021-37632 (SuperMartijn642's Config Lib is a library used by a number of mods for ...) + NOT-FOR-US: SuperMartijn642's Config Lib (lib for Minecraft) +CVE-2021-37631 (Deck is an open source kanban style organization tool aimed at persona ...) + NOT-FOR-US: Nextcloud Deck +CVE-2021-37630 (Nextcloud Circles is an open source social network built for the nextc ...) + NOT-FOR-US: Nextcloud Cirles +CVE-2021-37629 (Nextcloud Richdocuments is an open source collaborative office suite. ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-37628 (Nextcloud Richdocuments is an open source collaborative office suite. ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-37627 (Contao is an open source CMS that allows creation of websites and scal ...) + NOT-FOR-US: Contao CMS +CVE-2021-37626 (Contao is an open source CMS that allows you to create websites and sc ...) + NOT-FOR-US: Contao CMS +CVE-2021-37625 (Skytable is an open source NoSQL database. In versions prior to 0.6.4 ...) + NOT-FOR-US: Skytable +CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digital tr ...) + - freeswitch (bug #389591) + NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 +CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (relevant IPTC parsing added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq + NOTE: https://github.com/Exiv2/exiv2/pull/1790 +CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DLA-3265-1} + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv + NOTE: https://github.com/Exiv2/exiv2/pull/1788 +CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DLA-3265-1} + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg + NOTE: https://github.com/Exiv2/exiv2/pull/1778 +CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DLA-3265-1} + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728 + NOTE: https://github.com/Exiv2/exiv2/pull/1769 +CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (Jp2Image::encodeJp2Header added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v + NOTE: https://github.com/Exiv2/exiv2/pull/1752 +CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (Jp2Image::printStructure added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-583f-w9pm-99r2 + NOTE: https://github.com/Exiv2/exiv2/pull/1759 +CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + - nextcloud-desktop (Doesn't affect Nextcloud client as shipped in Debian) + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v +CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (resolveLens0x8ff added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w + NOTE: https://github.com/Exiv2/exiv2/pull/1758 +CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (resolveLens0x319 added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-h9x9-4f77-336w + NOTE: https://github.com/Exiv2/exiv2/pull/1758 +CVE-2021-37614 (In certain Progress MOVEit Transfer versions before 2021.0.3 (aka 13.0 ...) + NOT-FOR-US: MOVEit Transfer +CVE-2021-37613 (Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-37612 + RESERVED +CVE-2021-37611 + RESERVED +CVE-2021-37610 + RESERVED +CVE-2021-37609 + RESERVED +CVE-2021-37608 (Unrestricted Upload of File with Dangerous Type vulnerability in Apach ...) + NOT-FOR-US: Apache OFBiz +CVE-2021-37607 + RESERVED +CVE-2021-3669 (A flaw was found in the Linux kernel. Measuring usage of the shared me ...) + - linux 5.15.3-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1986473 +CVE-2021-37606 (Meow hash 0.5/calico does not sufficiently thwart key recovery by an a ...) + NOT-FOR-US: Meow hash +CVE-2021-37605 (In version 6.5 Microchip MiWi software and all previous versions inclu ...) + NOT-FOR-US: Microchip MiWi +CVE-2021-37604 (In version 6.5 of Microchip MiWi software and all previous versions in ...) + NOT-FOR-US: Microchip MiWi +CVE-2021-37603 + RESERVED +CVE-2021-37602 + RESERVED +CVE-2021-37599 (The exporter/Login.aspx login form in the Exporter in Nuance Winscribe ...) + NOT-FOR-US: Nuance +CVE-2021-3668 + RESERVED +CVE-2021-37600 (An integer overflow in util-linux through 2.37.1 can potentially cause ...) + - util-linux 2.36.1-8 (low; bug #991619) + [buster] - util-linux (Minor issue) + [stretch] - util-linux (Minor issue) + NOTE: https://github.com/karelzak/util-linux/issues/1395 + NOTE: https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c +CVE-2021-37598 (WP Cerber before 8.9.3 allows bypass of /wp-json access control via a ...) + NOT-FOR-US: WordPress plugin +CVE-2021-37597 (WP Cerber before 8.9.3 allows MFA bypass via wordpress_logged_in_[hash ...) + NOT-FOR-US: WordPress plugin +CVE-2021-37596 (Telegram Web K Alpha 0.6.1 allows XSS via a document name.) + NOT-FOR-US: Telegram Web K Alpha +CVE-2021-37595 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) + - freerdp2 (Windows-specific) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 +CVE-2021-37594 (In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_re ...) + - freerdp2 (Windows-specific) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/0d79670a28c0ab049af08613621aa0c267f977e9 +CVE-2021-37593 (PEEL Shopping version 9.4.0 allows remote SQL injection. A public user ...) + NOT-FOR-US: PEEL Shopping +CVE-2021-37592 (Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a cl ...) + - suricata 1:6.0.4-1 + [bullseye] - suricata (Minor issue) + [buster] - suricata (Minor issue) + [stretch] - suricata (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-4-and-5-0-8-released/1942 + NOTE: https://redmine.openinfosecfoundation.org/issues/4569 (not public) +CVE-2021-37591 + RESERVED +CVE-2021-37590 + RESERVED +CVE-2021-37589 (Virtua Cobranca before 12R allows SQL Injection on the login page.) + NOT-FOR-US: Virtua Cobranca +CVE-2021-37588 (In Charm 0.43, any two users can collude to achieve the ability to dec ...) + NOT-FOR-US: Charm +CVE-2021-37587 (In Charm 0.43, any single user can decrypt DAC-MACS or MA-ABE-YJ14 dat ...) + NOT-FOR-US: Charm +CVE-2021-37586 (The PowerPlay Web component of Mitel Interaction Recording Multitenanc ...) + NOT-FOR-US: Mitel +CVE-2021-37585 + RESERVED +CVE-2021-37584 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37583 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37582 + RESERVED +CVE-2021-37581 + RESERVED +CVE-2021-37580 (A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in S ...) + NOT-FOR-US: Apache ShenYu Admin +CVE-2021-37579 (The Dubbo Provider will check the incoming request and the correspondi ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-3667 (An improper locking issue was found in the virStoragePoolLookupByTarge ...) + - libvirt 7.6.0-1 (bug #991594) + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Introduced in 4.1) + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87 (v7.6.0-rc1) + NOTE: Introduced in https://libvirt.org/git/?p=libvirt.git;a=commit;h=7aa0e8c0cb8a6293d0c6f7e3d29c13b96dec2129 +CVE-2021-37578 (Apache jUDDI uses several classes related to Java's Remote Method Invo ...) + NOT-FOR-US: Apache jUDDI +CVE-2021-37577 + RESERVED +CVE-2021-37575 + RESERVED +CVE-2021-37574 + RESERVED +CVE-2021-37573 (A reflected cross-site scripting (XSS) vulnerability in the web server ...) + NOT-FOR-US: TTiny Java Web Server and Servlet Container (TJWS) +CVE-2021-37572 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37571 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37570 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37569 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37568 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37567 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37566 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37565 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37564 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37563 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37562 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37561 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37560 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-37559 + RESERVED +CVE-2021-37558 (A SQL injection vulnerability in a MediaWiki script in Centreon before ...) + - centreon-web (bug #913903) +CVE-2021-37557 (A SQL injection vulnerability in image generation in Centreon before 2 ...) + - centreon-web (bug #913903) +CVE-2021-37556 (A SQL injection vulnerability in reporting export in Centreon before 2 ...) + - centreon-web (bug #913903) +CVE-2021-37555 (TX9 Automatic Food Dispenser v3.2.57 devices allow access to a shell a ...) + NOT-FOR-US: TX9 Automatic Food Dispenser +CVE-2021-37554 (In JetBrains YouTrack before 2021.3.21051, a user could see boards wit ...) + NOT-FOR-US: JetBrains +CVE-2021-37553 (In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.) + NOT-FOR-US: JetBrains +CVE-2021-37552 (In JetBrains YouTrack before 2021.2.17925, stored XSS was possible.) + NOT-FOR-US: JetBrains +CVE-2021-37551 (In JetBrains YouTrack before 2021.2.16363, system user passwords were ...) + NOT-FOR-US: JetBrains +CVE-2021-37550 (In JetBrains YouTrack before 2021.2.16363, time-unsafe comparisons wer ...) + NOT-FOR-US: JetBrains +CVE-2021-37549 (In JetBrains YouTrack before 2021.1.11111, sandboxing in workflows was ...) + NOT-FOR-US: JetBrains +CVE-2021-37548 (In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes ...) + NOT-FOR-US: JetBrains +CVE-2021-37547 (In JetBrains TeamCity before 2020.2.4, insufficient checks during file ...) + NOT-FOR-US: JetBrains +CVE-2021-37546 (In JetBrains TeamCity before 2021.1, an insecure key generation mechan ...) + NOT-FOR-US: JetBrains +CVE-2021-37545 (In JetBrains TeamCity before 2021.1.1, insufficient authentication che ...) + NOT-FOR-US: JetBrains +CVE-2021-37544 (In JetBrains TeamCity before 2020.2.4, there was an insecure deseriali ...) + NOT-FOR-US: JetBrains +CVE-2021-37543 (In JetBrains RubyMine before 2021.1.1, code execution without user con ...) + NOT-FOR-US: JetBrains +CVE-2021-37542 (In JetBrains TeamCity before 2020.2.3, XSS was possible.) + NOT-FOR-US: JetBrains +CVE-2021-37541 (In JetBrains Hub before 2021.1.13402, HTML injection in the password r ...) + NOT-FOR-US: JetBrains +CVE-2021-37540 (In JetBrains Hub before 2021.1.13262, a potentially insufficient CSP f ...) + NOT-FOR-US: JetBrains +CVE-2021-37539 (Zoho ManageEngine ADManager Plus before 7111 is vulnerable to unrestri ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-3666 (body-parser-xml is vulnerable to Improperly Controlled Modification of ...) + NOT-FOR-US: Node body-parser-xml +CVE-2021-37576 (arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on t ...) + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (powerpc architectures not included in LTS) + NOTE: https://git.kernel.org/linus/f62f3c20647ebd5fb6ecb8f0b477b9281c44c10a (5.14-rc3) +CVE-2021-37538 (Multiple SQL injection vulnerabilities in SmartDataSoft SmartBlog for ...) + NOT-FOR-US: PrestaShop +CVE-2021-37537 + RESERVED +CVE-2021-37536 + RESERVED +CVE-2021-37535 (SAP NetWeaver Application Server Java (JMS Connector Service) - versio ...) + NOT-FOR-US: SAP +CVE-2021-37534 (app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when ...) + NOT-FOR-US: MISP +CVE-2021-37533 (Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host fr ...) + {DSA-5307-1 DLA-3251-1} + - libcommons-net-java 3.9.0-1 (bug #1025910) + NOTE: https://lists.apache.org/thread/o6yn9r9x6s94v97264hmgol1sf48mvx7 + NOTE: https://issues.apache.org/jira/browse/NET-711 + NOTE: https://github.com/apache/commons-net/commit/b0bff89f70cfea70009e22f87639816cc3993974 (commons-net-3.9.0-RC1) +CVE-2021-37532 (SAP Business One version - 10, due to improper input validation, allow ...) + NOT-FOR-US: SAP +CVE-2021-37531 (SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7. ...) + NOT-FOR-US: SAP +CVE-2021-37530 (A denial of service vulnerabiity exists in fig2dev through 3.28a due t ...) + - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev 1:3.2.8-3+deb11u1 + [buster] - fig2dev (Vulnerable code introduced later) + [stretch] - fig2dev (Vulnerable code introduced later) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/126/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/ff103511e49c44c83fc58e2092aa37e9019a3a9f/ + NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/bc3beba96605f9db5a063061ea28077937959ae2/ (3.2.8) +CVE-2021-37529 (A double-free vulnerability exists in fig2dev through 3.28a is affecte ...) + - fig2dev 1:3.2.8b-1 + [bullseye] - fig2dev 1:3.2.8-3+deb11u1 + [buster] - fig2dev (Vulnerable code introduced later) + [stretch] - fig2dev (Vulnerable code introduced later) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/125/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/899ea1277387ca9e9853bf61d29b7419d5692691/ + NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/bc3beba96605f9db5a063061ea28077937959ae2/ (3.2.8) +CVE-2021-37528 + RESERVED +CVE-2021-37527 + RESERVED +CVE-2021-37526 + RESERVED +CVE-2021-37525 + RESERVED +CVE-2021-37524 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows re ...) + NOT-FOR-US: FusionPBX +CVE-2021-37523 + RESERVED +CVE-2021-37522 (SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote ...) + NOT-FOR-US: HKing2802 Locke-Bot +CVE-2021-37521 + RESERVED +CVE-2021-37520 + RESERVED +CVE-2021-37519 (Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows att ...) + - memcached 1.6.10+dfsg-1 + [bullseye] - memcached (Minor issue) + [buster] - memcached (Vulnerable code not present) + NOTE: https://github.com/memcached/memcached/issues/805 + NOTE: https://github.com/memcached/memcached/commit/ddee3e27a031be22f5f28c160be18fd3cb9bc63d (1.6.10) +CVE-2021-37518 (Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extensio ...) + NOT-FOR-US: Vivium +CVE-2021-37517 (An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fix ...) + - dolibarr +CVE-2021-37516 + RESERVED +CVE-2021-37515 + RESERVED +CVE-2021-37514 + RESERVED +CVE-2021-37513 + RESERVED +CVE-2021-37512 + RESERVED +CVE-2021-37511 + RESERVED +CVE-2021-37510 + RESERVED +CVE-2021-37509 + RESERVED +CVE-2021-37508 + RESERVED +CVE-2021-37507 + RESERVED +CVE-2021-37506 + RESERVED +CVE-2021-37505 + RESERVED +CVE-2021-37504 (A cross-site scripting (XSS) vulnerability in the fileNameStr paramete ...) + NOT-FOR-US: hayageek/jquery-upload-file +CVE-2021-37503 + RESERVED +CVE-2021-37502 (Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remot ...) + NOT-FOR-US: automad +CVE-2021-37501 (Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1 ...) + - hdf5 (unimportant) + NOTE: Crash in CLI tool, no security impact + NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006 +CVE-2021-37500 (Directory traversal vulnerability in Reprise License Manager (RLM) web ...) + NOT-FOR-US: Reprise License Manager +CVE-2021-37499 (CRLF vulnerability in Reprise License Manager (RLM) web interface thro ...) + NOT-FOR-US: Reprise License Manager +CVE-2021-37498 (An SSRF issue was discovered in Reprise License Manager (RLM) web inte ...) + NOT-FOR-US: Reprise License Manager +CVE-2021-37497 (SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote a ...) + NOT-FOR-US: PbootCMS +CVE-2021-37496 + RESERVED +CVE-2021-37495 + RESERVED +CVE-2021-37494 + RESERVED +CVE-2021-37493 + RESERVED +CVE-2021-37492 (An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 ...) + NOT-FOR-US: Ravencoin +CVE-2021-37491 (An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogec ...) + - dogecoin (bug #1034806) + NOTE: https://github.com/dogecoin/dogecoin/issues/2279 +CVE-2021-37490 + RESERVED +CVE-2021-37489 + RESERVED +CVE-2021-37488 + RESERVED +CVE-2021-37487 + RESERVED +CVE-2021-37486 + RESERVED +CVE-2021-37485 + RESERVED +CVE-2021-37484 + RESERVED +CVE-2021-37483 + RESERVED +CVE-2021-37482 + RESERVED +CVE-2021-37481 + RESERVED +CVE-2021-37480 + RESERVED +CVE-2021-37479 + RESERVED +CVE-2021-37478 (In NavigateCMS version 2.9.4 and below, function `block` is vulnerable ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37477 (In NavigateCMS version 2.9.4 and below, function in `structure.php` is ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37476 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37475 (In NavigateCMS version 2.9.4 and below, function in `templates.php` is ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37474 + RESERVED +CVE-2021-37473 (In NavigateCMS version 2.9.4 and below, function in `product.php` is v ...) + NOT-FOR-US: NavigateCMS +CVE-2021-37472 + RESERVED +CVE-2021-37471 (Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerab ...) + NOT-FOR-US: Cradlepoint +CVE-2021-37470 (In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists ...) + NOT-FOR-US: NCH +CVE-2021-37469 (In NCH WebDictate v2.13 and earlier, authenticated users can abuse log ...) + NOT-FOR-US: NCH +CVE-2021-37468 (NCH Reflect CRM 3.01 allows local users to discover cleartext user acc ...) + NOT-FOR-US: NCH +CVE-2021-37467 (In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploa ...) + NOT-FOR-US: NCH +CVE-2021-37466 (In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (refle ...) + NOT-FOR-US: NCH +CVE-2021-37465 (In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflec ...) + NOT-FOR-US: NCH +CVE-2021-37464 (In NCH Quorum v2.03 and earlier, XSS exists via Conference Description ...) + NOT-FOR-US: NCH +CVE-2021-37463 (In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (sto ...) + NOT-FOR-US: NCH +CVE-2021-37462 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37461 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37460 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37459 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37458 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37457 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37456 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37455 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37454 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37453 (Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier vi ...) + NOT-FOR-US: NCH +CVE-2021-37452 (NCH Quorum v2.03 and earlier allows local users to discover cleartext ...) + NOT-FOR-US: NCH +CVE-2021-37451 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37450 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37449 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37448 (Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earli ...) + NOT-FOR-US: NCH +CVE-2021-37447 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37446 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37445 (In NCH Quorum v2.03 and earlier, an authenticated user can use directo ...) + NOT-FOR-US: NCH +CVE-2021-37444 (NCH IVM Attendant v5.12 and earlier suffers from a directory traversal ...) + NOT-FOR-US: NCH +CVE-2021-37443 (NCH IVM Attendant v5.12 and earlier allows path traversal via the logd ...) + NOT-FOR-US: NCH +CVE-2021-37442 (NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile ...) + NOT-FOR-US: NCH +CVE-2021-37441 (NCH Axon PBX v2.22 and earlier allows path traversal for file deletion ...) + NOT-FOR-US: NCH +CVE-2021-37440 (NCH Axon PBX v2.22 and earlier allows path traversal for file disclosu ...) + NOT-FOR-US: NCH +CVE-2021-37439 (NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vu ...) + NOT-FOR-US: NCH +CVE-2021-37438 + REJECTED +CVE-2021-37437 + RESERVED +CVE-2021-37436 (Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, ...) + NOT-FOR-US: Amazon Echo +CVE-2021-37435 + RESERVED +CVE-2021-37434 + RESERVED +CVE-2021-37433 + RESERVED +CVE-2021-37432 + RESERVED +CVE-2021-37431 + RESERVED +CVE-2021-37430 + RESERVED +CVE-2021-37429 + RESERVED +CVE-2021-37428 + RESERVED +CVE-2021-37427 + RESERVED +CVE-2021-37426 + RESERVED +CVE-2021-37425 (Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such a ...) + NOT-FOR-US: Altova MobileTogether Server +CVE-2021-37424 (ManageEngine ADSelfService Plus before 6112 is vulnerable to domain us ...) + NOT-FOR-US: ManageEngine +CVE-2021-37423 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to l ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37422 (Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to S ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37421 (Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37420 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail ...) + NOT-FOR-US: ManageEngine +CVE-2021-37419 (Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF ...) + NOT-FOR-US: ManageEngine +CVE-2021-37418 + REJECTED +CVE-2021-37417 (Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAP ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37416 (Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnera ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37415 (Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authe ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37414 (Zoho ManageEngine DesktopCentral before 10.0.709 allows anyone to get ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-37413 (GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in t ...) + NOT-FOR-US: GRANDCOM DynWEB +CVE-2021-37412 (The TechRadar app 1.1 for Confluence Server allows XSS via the Title f ...) + NOT-FOR-US: TechRadar app for Confluence Server +CVE-2021-37411 + RESERVED +CVE-2021-3665 + RESERVED +CVE-2021-3664 (url-parse is vulnerable to URL Redirection to Untrusted Site) + {DLA-3336-1} + - node-url-parse 1.5.3-1 (bug #991577) + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://huntr.dev/bounties/1625557993985-unshiftio/url-parse/ + NOTE: https://github.com/unshiftio/url-parse/commit/81ab967889b08112d3356e451bf03e6aa0cbb7e0 +CVE-2021-26250 + RESERVED +CVE-2021-23208 + RESERVED +CVE-2021-23183 + RESERVED +CVE-2021-37601 (muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers t ...) + - prosody 0.11.9-2 + [buster] - prosody (Minor issue) + [stretch] - prosody (Vulnerable code not present) + NOTE: https://prosody.im/security/advisory_20210722/ +CVE-2021-37404 (There is a potential heap buffer overflow in Apache Hadoop libhdfs nat ...) + - hadoop (bug #793644) +CVE-2021-3663 (firefly-iii is vulnerable to Improper Restriction of Excessive Authent ...) + NOT-FOR-US: firefly-iii +CVE-2021-3662 (Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to ...) + NOT-FOR-US: HP +CVE-2021-3661 (A potential security vulnerability has been identified in certain HP W ...) + NOT-FOR-US: HP +CVE-2021-37403 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + NOT-FOR-US: OX App Suite +CVE-2021-37402 (OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows ...) + NOT-FOR-US: OX App Suite +CVE-2021-3660 (Cockpit (and its plugins) do not seem to protect itself against clickj ...) + - cockpit 254-1 + [bullseye] - cockpit (Minor issue) + [buster] - cockpit (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980688 +CVE-2021-37401 (An attacker may obtain the user credentials from file servers, backup ...) + NOT-FOR-US: IDEC +CVE-2021-37400 (An attacker may obtain the user credentials from the communication bet ...) + NOT-FOR-US: IDEC +CVE-2021-37399 + RESERVED +CVE-2021-37398 + RESERVED +CVE-2021-37397 + RESERVED +CVE-2021-37396 + RESERVED +CVE-2021-37395 + RESERVED +CVE-2021-37394 (In RPCMS v1.8 and below, attackers can interact with API and change va ...) + NOT-FOR-US: RPCMS +CVE-2021-37393 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) + NOT-FOR-US: RPCMS +CVE-2021-37392 (In RPCMS v1.8 and below, the "nickname" variable is not properly sanit ...) + NOT-FOR-US: RPCMS +CVE-2021-37391 (A user without privileges in Chamilo LMS 1.11.14 can send an invitatio ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37390 (A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/socia ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37389 (Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/ ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-37388 (A buffer overflow in D-Link DIR-615 C2 3.03WW. The ping_ipaddr paramet ...) + NOT-FOR-US: D-Link +CVE-2021-37387 + RESERVED +CVE-2021-37386 (Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before ...) + NOT-FOR-US: Furukawa +CVE-2021-37385 + RESERVED +CVE-2021-37384 (A remote command execution (RCE) vulnerability in the web interface co ...) + NOT-FOR-US: Furukawa +CVE-2021-37383 + RESERVED +CVE-2021-37382 + RESERVED +CVE-2021-37381 (Southsoft GMIS 5.0 is vulnerable to CSRF attacks. Attackers can access ...) + NOT-FOR-US: Southsoft GMIS +CVE-2021-37380 + RESERVED +CVE-2021-37379 (Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmwar ...) + NOT-FOR-US: Teradek +CVE-2021-37378 (Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro ...) + NOT-FOR-US: Teradek +CVE-2021-37377 (Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware vers ...) + NOT-FOR-US: Teradek +CVE-2021-37376 (Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and B ...) + NOT-FOR-US: Teradek +CVE-2021-37375 (Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini ...) + NOT-FOR-US: Teradek +CVE-2021-37374 (Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware ...) + NOT-FOR-US: Teradek +CVE-2021-37373 (Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generati ...) + NOT-FOR-US: Teradek +CVE-2021-37372 (Online Student Admission System 1.0 is affected by an insecure file up ...) + NOT-FOR-US: Online Student Admission System +CVE-2021-37371 (Online Student Admission System 1.0 is affected by an unauthenticated ...) + NOT-FOR-US: Online Student Admission System +CVE-2021-37370 + RESERVED +CVE-2021-37369 + RESERVED +CVE-2021-37368 + RESERVED +CVE-2021-37367 (CTparental before 4.45.07 is affected by a code execution vulnerabilit ...) + NOT-FOR-US: CTparental +CVE-2021-37366 (CTparental before 4.45.03 is vulnerable to cross-site request forgery ...) + NOT-FOR-US: CTparental +CVE-2021-37365 (CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) ...) + NOT-FOR-US: CTparental +CVE-2021-37364 (OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default ...) + NOT-FOR-US: OpenClinic +CVE-2021-37363 (An Insecure Permissions issue exists in Gestionale Open 11.00.00. A lo ...) + NOT-FOR-US: Gestionale Open +CVE-2021-37362 + RESERVED +CVE-2021-37361 + RESERVED +CVE-2021-37360 + RESERVED +CVE-2021-37359 + RESERVED +CVE-2021-37358 (SQL Injection in SEACMS v210530 (2021-05-30) allows remote attackers t ...) + NOT-FOR-US: SEACMS +CVE-2021-37357 + RESERVED +CVE-2021-37356 + RESERVED +CVE-2021-37355 + RESERVED +CVE-2021-37354 (Xerox Phaser 4622 v35.013.01.000 was discovered to contain a buffer ov ...) + NOT-FOR-US: Xerox +CVE-2021-37353 (Nagios XI Docker Wizard before version 1.1.3 is vulnerable to SSRF due ...) + NOT-FOR-US: Nagios XI +CVE-2021-37352 (An open redirect vulnerability exists in Nagios XI before version 5.8. ...) + NOT-FOR-US: Nagios XI +CVE-2021-37351 (Nagios XI before version 5.8.5 is vulnerable to insecure permissions a ...) + NOT-FOR-US: Nagios XI +CVE-2021-37350 (Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerab ...) + NOT-FOR-US: Nagios XI +CVE-2021-37349 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37348 (Nagios XI before version 5.8.5 is vulnerable to local file inclusion t ...) + NOT-FOR-US: Nagios XI +CVE-2021-37347 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37346 (Nagios XI WatchGuard Wizard before version 1.4.8 is vulnerable to remo ...) + NOT-FOR-US: Nagios XI +CVE-2021-37345 (Nagios XI before version 5.8.5 is vulnerable to local privilege escala ...) + NOT-FOR-US: Nagios XI +CVE-2021-37344 (Nagios XI Switch Wizard before version 2.5.7 is vulnerable to remote c ...) + NOT-FOR-US: Nagios XI +CVE-2021-37343 (A path traversal vulnerability exists in Nagios XI below version 5.8.5 ...) + NOT-FOR-US: Nagios XI +CVE-2021-37342 + RESERVED +CVE-2021-37341 + RESERVED +CVE-2021-37340 + RESERVED +CVE-2021-37339 + RESERVED +CVE-2021-37338 + RESERVED +CVE-2021-37337 + RESERVED +CVE-2021-37336 + RESERVED +CVE-2021-37335 + RESERVED +CVE-2021-37334 (Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vu ...) + NOT-FOR-US: Umbraco Forms +CVE-2021-37333 (Laravel Booking System Booking Core 2.0 is vulnerable to Session Manag ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37332 + RESERVED +CVE-2021-37331 (Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Acc ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37330 (Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Sc ...) + NOT-FOR-US: Laravel Booking System Booking Core +CVE-2021-37329 + RESERVED +CVE-2021-37328 + RESERVED +CVE-2021-37327 + RESERVED +CVE-2021-37326 (NetSarang Xshell 7 before Build 0077 includes unintended code strings ...) + NOT-FOR-US: NetSarang Xshell +CVE-2021-37325 + RESERVED +CVE-2021-37324 + RESERVED +CVE-2021-37323 + RESERVED +CVE-2021-37322 (GCC c++filt v2.26 was discovered to contain a use-after-free vulnerabi ...) + - binutils 2.27.51.20161102-1 (unimportant) + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99188 + NOTE: binutils not covered by security support +CVE-2021-37321 + RESERVED +CVE-2021-37320 + RESERVED +CVE-2021-37319 + RESERVED +CVE-2021-37318 + RESERVED +CVE-2021-37317 (Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U route ...) + NOT-FOR-US: ASUS +CVE-2021-37316 (SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firm ...) + NOT-FOR-US: ASUS +CVE-2021-37315 (Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68 ...) + NOT-FOR-US: ASUS +CVE-2021-37314 + RESERVED +CVE-2021-37313 + RESERVED +CVE-2021-37312 + RESERVED +CVE-2021-37311 (Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to caus ...) + - fcitx5 5.0.9-1 + [bullseye] - fcitx5 (Minor issue) + [buster] - fcitx5 (Minor issue) + NOTE: https://github.com/fcitx/fcitx5/pull/308 + NOTE: https://github.com/fcitx/fcitx5/commit/6393480542178623c0af7a7e76647a401264f227 (5.0.9) +CVE-2021-37310 + RESERVED +CVE-2021-37309 + RESERVED +CVE-2021-37308 + RESERVED +CVE-2021-37307 + RESERVED +CVE-2021-37306 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) + NOT-FOR-US: jeecg-boot +CVE-2021-37305 (An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows r ...) + NOT-FOR-US: jeecg-boot +CVE-2021-37304 (An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticat ...) + NOT-FOR-US: jeecg-boot +CVE-2021-37303 + RESERVED +CVE-2021-37302 + RESERVED +CVE-2021-37301 + RESERVED +CVE-2021-37300 + RESERVED +CVE-2021-37299 + RESERVED +CVE-2021-37298 + REJECTED +CVE-2021-37297 + RESERVED +CVE-2021-37296 + RESERVED +CVE-2021-37295 + RESERVED +CVE-2021-37294 + RESERVED +CVE-2021-37293 (A Directory Traversal vulnerability exists in KevinLAB Inc Building En ...) + NOT-FOR-US: KevinLAB +CVE-2021-37292 (An Access Control vulnerability exists in KevinLAB Inc Building Energy ...) + NOT-FOR-US: KevinLAB +CVE-2021-37291 (An SQL Injection vulnerability exists in KevinLAB Inc Building Energy ...) + NOT-FOR-US: KevinLAB +CVE-2021-37290 + RESERVED +CVE-2021-37289 (Insecure Permissions in administration interface in Planex MZK-DP150N ...) + NOT-FOR-US: Planex MZK-DP150N +CVE-2021-37288 + RESERVED +CVE-2021-37287 + RESERVED +CVE-2021-37286 + RESERVED +CVE-2021-37285 + RESERVED +CVE-2021-37284 + RESERVED +CVE-2021-37283 + RESERVED +CVE-2021-37282 + RESERVED +CVE-2021-37281 + RESERVED +CVE-2021-37280 + RESERVED +CVE-2021-37279 + RESERVED +CVE-2021-37278 + RESERVED +CVE-2021-37277 + RESERVED +CVE-2021-37276 + RESERVED +CVE-2021-37275 + RESERVED +CVE-2021-37274 (Kingdee KIS Professional Edition has a privilege escalation vulnerabil ...) + NOT-FOR-US: Kingdee KIS Professional Edition +CVE-2021-37273 (A Denial of Service issue exists in China Telecom Corporation EPON Tia ...) + NOT-FOR-US: Tianyi Gateway +CVE-2021-37272 + RESERVED +CVE-2021-37271 (Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, w ...) + NOT-FOR-US: UEditor +CVE-2021-37270 (There is an unauthorized access vulnerability in the CMS Enterprise We ...) + NOT-FOR-US: CMS Enterprise Website Construction System +CVE-2021-37269 + RESERVED +CVE-2021-37268 + RESERVED +CVE-2021-37267 (Cross Site Scripting (XSS) vulnerability exists in all versions of Kin ...) + NOT-FOR-US: KindEditor +CVE-2021-37266 + RESERVED +CVE-2021-37265 + RESERVED +CVE-2021-37264 + RESERVED +CVE-2021-37263 + RESERVED +CVE-2021-37262 (JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Den ...) + NOT-FOR-US: JFinal_cms +CVE-2021-37261 + RESERVED +CVE-2021-37260 + RESERVED +CVE-2021-37259 + RESERVED +CVE-2021-37258 + RESERVED +CVE-2021-37257 + RESERVED +CVE-2021-37256 + RESERVED +CVE-2021-37255 + RESERVED +CVE-2021-37254 (In M-Files Web product with versions before 20.10.9524.1 and 20.10.944 ...) + NOT-FOR-US: M-Files +CVE-2021-37253 (M-Files Web before 20.10.9524.1 allows a denial of service via overlap ...) + NOT-FOR-US: M-Files Web +CVE-2021-37252 + RESERVED +CVE-2021-37251 + RESERVED +CVE-2021-37250 + RESERVED +CVE-2021-37249 + RESERVED +CVE-2021-37248 + RESERVED +CVE-2021-37247 + RESERVED +CVE-2021-37246 + RESERVED +CVE-2021-37245 + RESERVED +CVE-2021-37244 + RESERVED +CVE-2021-37243 + RESERVED +CVE-2021-37242 + RESERVED +CVE-2021-37241 + RESERVED +CVE-2021-37240 + RESERVED +CVE-2021-37239 + RESERVED +CVE-2021-37238 + RESERVED +CVE-2021-37237 + RESERVED +CVE-2021-37236 + RESERVED +CVE-2021-37235 + RESERVED +CVE-2021-37234 (Incorrect Access Control vulnerability in Modern Honey Network commit ...) + NOT-FOR-US: Modern Honey Network +CVE-2021-37233 + RESERVED +CVE-2021-37232 (A stack overflow vulnerability occurs in Atomicparsley 20210124.204813 ...) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993366) + [bullseye] - atomicparsley (Minor issue) + [buster] - atomicparsley (Minor issue) + [stretch] - atomicparsley (Minor issue) + - gtkpod (Vulnerable code not present, cf #993376) + NOTE: https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1 + NOTE: https://github.com/wez/atomicparsley/issues/32 + NOTE: gtkpod does not contain the code supporting tkhd version 1 + NOTE: that overflows with 64-bit creation/modified times +CVE-2021-37231 (A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499 ...) + - atomicparsley 20210715.151551.e7ad03a-1 (bug #993372) + [bullseye] - atomicparsley (Minor issue) + [buster] - atomicparsley (Minor issue) + [stretch] - atomicparsley (Minor issue) + - gtkpod (bug #993375) + [bookworm] - gtkpod (Minor issue) + [bullseye] - gtkpod (Minor issue) + [buster] - gtkpod (Minor issue) + [stretch] - gtkpod (Minor issue) + NOTE: https://github.com/wez/atomicparsley/issues/30 + NOTE: https://github.com/wez/atomicparsley/pull/31#issue-687280335 +CVE-2021-37230 + RESERVED +CVE-2021-37229 + RESERVED +CVE-2021-37228 + RESERVED +CVE-2021-37227 + RESERVED +CVE-2021-37226 + RESERVED +CVE-2021-37225 + RESERVED +CVE-2021-37224 + RESERVED +CVE-2021-37223 (Nagios Enterprises NagiosXI <= 5.8.4 contains a Server-Side Request Fo ...) + NOT-FOR-US: Nagios XI +CVE-2021-37222 (Parsers in the open source project RCDCAP before 1.0.5 allow remote at ...) + NOT-FOR-US: RCDCAP +CVE-2021-37221 (A file upload vulnerability exists in Sourcecodester Customer Relation ...) + NOT-FOR-US: Sourcecodester Customer Relationship Management System +CVE-2021-37220 (MuPDF through 1.18.1 has an out-of-bounds write because the cached col ...) + - mupdf 1.17.0+ds1-2 (bug #991402) + [buster] - mupdf (Minor issue; can be fixed via point release) + [stretch] - mupdf (Vulnerable code not present) + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=f5712c9949d026e4b891b25837edd2edc166151f + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703791 + NOTE: On Stretch, an earlier version of the code exits early instead of crashing. +CVE-2021-37219 (HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows no ...) + - consul 1.8.7+dfsg1-6 (bug #1015218) + [bullseye] - consul (EOL in Bullseye) + [buster] - consul (Minor issue; intrusive to backport) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 + NOTE: https://github.com/hashicorp/consul/commit/ccf8eb1947357434eb6e66303ddab79f4c9d4103 +CVE-2021-37218 (HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server ...) + - nomad (bug #1021273) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 + NOTE: https://github.com/hashicorp/nomad/pull/11089 (main) + NOTE: https://github.com/hashicorp/nomad/commit/768d7c72a77e9c0415d92900753fc83e8822145a (release-1.1.4) + NOTE: https://github.com/hashicorp/nomad/commit/61a922afcf12784281757402c8e0b61686ff855d (release-1.0.11) +CVE-2021-37217 + RESERVED +CVE-2021-3659 (A NULL pointer dereference flaw was found in the Linux kernel\u2019s I ...) + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://git.kernel.org/linus/1165affd484889d4986cf3b724318935a0b120d8 +CVE-2021-3658 (bluetoothd from bluez incorrectly saves adapters' Discoverable status ...) + - bluez 5.61-1 (bug #991596) + [bullseye] - bluez (Minor issue) + [buster] - bluez (Vulnerable code introduced later) + [stretch] - bluez (Vulnerable code introduced later) + NOTE: Introduced by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=d04eb02f9bad8795297210ef80e262be16ea8f07 (5.51) + NOTE: Fixed by https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=b497b5942a8beb8f89ca1c359c54ad67ec843055 +CVE-2021-37216 (QSAN Storage Manager header page parameters does not filter special ch ...) + NOT-FOR-US: QSAN Storage Manager +CVE-2021-37215 (The employee management page of Flygo contains an Insecure Direct Obje ...) + NOT-FOR-US: Flygo +CVE-2021-37214 (The employee management page of Flygo contains Insecure Direct Object ...) + NOT-FOR-US: Flygo +CVE-2021-37213 (The check-in record page of Flygo contains Insecure Direct Object Refe ...) + NOT-FOR-US: Flygo +CVE-2021-37212 (The bulletin function of Flygo contains Insecure Direct Object Referen ...) + NOT-FOR-US: Flygo +CVE-2021-37211 (The bulletin function of Flygo does not filter special characters whil ...) + NOT-FOR-US: Flygo +CVE-2021-37210 + RESERVED +CVE-2021-37209 (A vulnerability has been identified in RUGGEDCOM i800 (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-37208 (A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800N ...) + NOT-FOR-US: Siemens +CVE-2021-37207 (A vulnerability has been identified in SENTRON powermanager V3 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-37206 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-37205 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37204 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37203 (A vulnerability has been identified in NX 1980 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-37202 (A vulnerability has been identified in NX 1980 Series (All versions < ...) + NOT-FOR-US: Siemens +CVE-2021-37201 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-37200 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-37199 (A vulnerability has been identified in SINUMERIK 808D (All versions), ...) + NOT-FOR-US: Siemens +CVE-2021-37198 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37197 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37196 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37195 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37194 (A vulnerability has been identified in COMOS V10.2 (All versions only ...) + NOT-FOR-US: Siemens +CVE-2021-37193 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37192 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37191 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37190 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37189 (An issue was discovered on Digi TransPort Gateway devices through 5.2. ...) + NOT-FOR-US: Digi TransPort Gateway devices +CVE-2021-37188 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-37187 (An issue was discovered on Digi TransPort devices through 2021-07-21. ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-37186 (A vulnerability has been identified in LOGO! CMR2020 (All versions < V ...) + NOT-FOR-US: Siemens +CVE-2021-37185 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2021-37184 (A vulnerability has been identified in Industrial Edge Management (All ...) + NOT-FOR-US: Siemens +CVE-2021-37183 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37182 (A vulnerability has been identified in SCALANCE XM408-4C (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-37181 (A vulnerability has been identified in Cerberus DMS V4.0 (All versions ...) + NOT-FOR-US: Siemens +CVE-2021-37180 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37179 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37178 (A vulnerability has been identified in Solid Edge SE2021 (All Versions ...) + NOT-FOR-US: Siemens +CVE-2021-37177 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) + NOT-FOR-US: Siemens +CVE-2021-37176 (A vulnerability has been identified in Simcenter Femap V2020.2 (All ve ...) + NOT-FOR-US: Siemens +CVE-2021-37175 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37174 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37173 (A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versi ...) + NOT-FOR-US: Siemens +CVE-2021-37172 (A vulnerability has been identified in SIMATIC S7-1200 CPU family (inc ...) + NOT-FOR-US: Siemens +CVE-2021-37171 + RESERVED +CVE-2021-37170 + RESERVED +CVE-2021-37169 + RESERVED +CVE-2021-37168 + RESERVED +CVE-2021-37167 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37166 (A buffer overflow issue leading to denial of service was discovered in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37165 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37164 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37163 (An insecure permissions issue was discovered in HMI3 Control Panel in ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37162 (A buffer overflow issue was discovered in HMI3 Control Panel in Swissl ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37161 (A buffer overflow issue was discovered in the HMI3 Control Panel conta ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37160 (A firmware validation issue was discovered in HMI3 Control Panel in Sw ...) + NOT-FOR-US: Swisslog Healthcare Nexus Panel +CVE-2021-37158 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) + NOT-FOR-US: OpenGamePanel +CVE-2021-37157 (An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021- ...) + NOT-FOR-US: OpenGamePanel +CVE-2021-37156 (Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon ...) + - redmine (Only affected 4.2.0 and 4.2.1 upstream) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://github.com/redmine/redmine/commit/ee0d822517154878a2ad33be66b820c6b68d077b +CVE-2021-37155 (wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure ou ...) + - wolfssl 5.0.0-1 (bug #991443) + [bullseye] - wolfssl 4.6.0+p1-0+deb11u1 + NOTE: https://github.com/wolfSSL/wolfssl/pull/3990 + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.8.0-stable +CVE-2021-37154 (In ForgeRock Access Management (AM) before 7.0.2, the SAML2 implementa ...) + NOT-FOR-US: ForgeRock Access Management (AM) +CVE-2021-37153 (ForgeRock Access Management (AM) before 7.0.2, when configured with Ac ...) + NOT-FOR-US: ForgeRock Access Management (AM) +CVE-2021-37152 (Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 befor ...) + NOT-FOR-US: Sonatype +CVE-2021-37151 (CyberArk Identity 21.5.131, when handling an invalid authentication at ...) + NOT-FOR-US: CyberArk Identity +CVE-2021-3657 (A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate ...) + {DLA-3066-1} + - isync 1.4.4-1 + [bullseye] - isync 1.3.0-2.2+deb11u1 + [buster] - isync 1.3.0-2.2~deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/12/03/1 +CVE-2021-37159 (hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel throu ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.spinics.net/lists/linux-usb/msg202228.html +CVE-2021-37150 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) + {DSA-5206-1 DLA-3279-1} + - trafficserver 9.1.3+ds-1 + NOTE: https://lists.apache.org/thread/rc64lwbdgrkv674koc3zl1sljr9vwg21 +CVE-2021-37149 (Improper Input Validation vulnerability in header parsing of Apache Tr ...) + {DSA-5153-1} + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8458/ + NOTE: https://github.com/apache/trafficserver/commit/2addc8ca71449ceac0d5b80172460ee09c938f5e (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/83c89f3d217d473ecb000b68c910c0f183c3a355 (master) +CVE-2021-37148 (Improper input validation vulnerability in header parsing of Apache Tr ...) + {DSA-5153-1} + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/pull/8457/ + NOTE: https://github.com/apache/trafficserver/commit/6e5070118a20772a30c3fccee2cf1c44f0a21fc0 (master) + NOTE: https://github.com/apache/trafficserver/commit/e2c9ac217f24dc3e91ff2c9f52b52093e8fb32d5 (8.1.x) +CVE-2021-37147 (Improper input validation vulnerability in header parsing of Apache Tr ...) + {DSA-5153-1} + - trafficserver 9.1.1+ds-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/11/02/11 + NOTE: https://github.com/apache/trafficserver/commit/64f25678bfbbd1433cce703e3c43bcc49a53de56 (master) + NOTE: https://github.com/apache/trafficserver/commit/5cad961c87cb07fbb8fa6890685d9878a169378d (8.1.x) + NOTE: https://github.com/apache/trafficserver/pull/8460 +CVE-2021-37146 (An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodi ...) + [experimental] - ros-ros-comm 1.15.13+ds1-1 + - ros-ros-comm 1.15.13+ds1-2 + [bullseye] - ros-ros-comm 1.15.9+ds1-7+deb11u1 + [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u3 + [stretch] - ros-ros-comm (Minor issue) + NOTE: https://discourse.ros.org/t/new-packages-for-melodic-2021-09-27/22446 + NOTE: https://discourse.ros.org/t/new-packages-for-noetic-2021-09-27/22447 + NOTE: https://github.com/ros/ros_comm/pull/2185 + NOTE: https://github.com/ros/ros_comm/commit/41a956c092b2f15405945f40f43dea09516df202 (1.15.12) + NOTE: https://github.com/ros/ros_comm/pull/2186 + NOTE: https://github.com/ros/ros_comm/commit/71ff62670d15eeec39efd16c3ec4d19b6db8380a (1.14.12) +CVE-2021-37145 (A command-injection vulnerability in an authenticated Telnet connectio ...) + NOT-FOR-US: Poly (formerly Polycom) +CVE-2021-37144 (CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in ...) + NOT-FOR-US: CSZ CMS +CVE-2021-37143 + RESERVED +CVE-2021-37142 + RESERVED +CVE-2021-37141 + RESERVED +CVE-2021-37140 + RESERVED +CVE-2021-3656 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) + {DSA-4978-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 +CVE-2021-37139 + RESERVED +CVE-2021-37138 + RESERVED +CVE-2021-37137 (The Snappy frame decoder function doesn't restrict the chunk length wh ...) + {DSA-5316-1 DLA-3268-1} + - netty 1:4.1.48-6 (bug #1014769) + [stretch] - netty (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363 + NOTE: Fixed by: https://github.com/netty/netty/commit/6da4956b31023ae967451e1d94ff51a746a9194f (netty-4.1.68.Final) +CVE-2021-37136 (The Bzip2 decompression decoder function doesn't allow setting size re ...) + {DSA-5316-1 DLA-3268-1} + - netty 1:4.1.48-6 (bug #1014769) + [stretch] - netty (Minor issue) + NOTE: https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv + NOTE: Fixed by: https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020 (netty-4.1.68.Final) +CVE-2021-37135 + RESERVED +CVE-2021-37134 (Location-related APIs exists a Race Condition vulnerability.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37133 (There is an Unauthorized file access vulnerability in Smartphones.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37132 (PackageManagerService has a Permissions, Privileges, and Access Contro ...) + NOT-FOR-US: Huawei +CVE-2021-37131 (There is a CSV injection vulnerability in ManageOne, iManager NetEco a ...) + NOT-FOR-US: Huawei +CVE-2021-37130 (There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The ...) + NOT-FOR-US: Huawei +CVE-2021-37129 (There is an out of bounds write vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-37128 (HwPCAssistant has a Path Traversal vulnerability .Successful exploitat ...) + NOT-FOR-US: Huawei +CVE-2021-37127 (There is a signature management vulnerability in some huawei products. ...) + NOT-FOR-US: Huawei +CVE-2021-37126 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) + NOT-FOR-US: Huawei +CVE-2021-37125 (Arbitrary file has a Exposure of Sensitive Information to an Unauthori ...) + NOT-FOR-US: Huawei +CVE-2021-37124 (There is a path traversal vulnerability in Huawei PC product. Because ...) + NOT-FOR-US: Huawei +CVE-2021-37123 (There is an improper authentication vulnerability in Hero-CT060 before ...) + NOT-FOR-US: Hero-CT060 +CVE-2021-37122 (There is a use-after-free (UAF) vulnerability in Huawei products. An a ...) + NOT-FOR-US: Huawei +CVE-2021-37121 (There is a Configuration defects in Smartphone.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-37120 (There is a Double free vulnerability in Smartphone.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-37119 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37118 (The HwNearbyMain module has a Improper Handling of Exceptional Conditi ...) + NOT-FOR-US: Huawei +CVE-2021-37117 (There is a Service logic vulnerability in Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37116 (PCManager has a Weaknesses Introduced During Design vulnerability .Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37115 (There is an unauthorized rewriting vulnerability with the memory acces ...) + NOT-FOR-US: Huawei +CVE-2021-37114 (There is an Out-of-bounds read vulnerability in Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37113 (There is a Privilege escalation vulnerability with the file system com ...) + NOT-FOR-US: Huawei +CVE-2021-37112 (Hisuite module has a External Control of System or Configuration Setti ...) + NOT-FOR-US: Huawei +CVE-2021-37111 (There is a Memory leakage vulnerability in Smartphone.Successful explo ...) + NOT-FOR-US: Huawei +CVE-2021-37110 (There is a Timing design defects in Smartphone.Successful exploitation ...) + NOT-FOR-US: Huawei +CVE-2021-37109 (There is a security protection bypass vulnerability with the modem.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37108 + RESERVED +CVE-2021-37107 (There is an improper memory access permission configuration on ACPU.Su ...) + NOT-FOR-US: Huawei +CVE-2021-37106 (There is a command injection vulnerability in CMA service module of Fu ...) + NOT-FOR-US: FusionCompute (Huawei) +CVE-2021-37105 (There is an improper file upload control vulnerability in FusionComput ...) + NOT-FOR-US: FusionCompute (Huawei) +CVE-2021-37104 (There is a server-side request forgery vulnerability in HUAWEI P40 ver ...) + NOT-FOR-US: Huawei +CVE-2021-37103 (There is an improper permission management vulnerability in the Wallet ...) + NOT-FOR-US: Huawei +CVE-2021-37102 (There is a command injection vulnerability in CMA service module of Fu ...) + NOT-FOR-US: Huawei +CVE-2021-37101 (There is an improper authorization vulnerability in AIS-BW50-00 9.0.6. ...) + NOT-FOR-US: Huawei +CVE-2021-37100 (There is a Improper Authentication vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37099 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37098 (Hilinksvc service exists a Data Processing Errors vulnerability .Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37097 (There is a Code Injection vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37096 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37095 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) + NOT-FOR-US: Huawei +CVE-2021-37094 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37093 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37092 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37091 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2021-37090 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37089 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37088 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37087 (There is a Path Traversal vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37086 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37085 (There is a Encoding timing vulnerability in Huawei Smartphone.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-37084 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37083 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37082 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37081 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37080 (There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37079 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37078 (There is a Uncaught Exception vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37077 (There is a NULL Pointer Dereference vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37076 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37075 (There is a Credentials Management Errors vulnerability in Huawei Smart ...) + NOT-FOR-US: Huawei +CVE-2021-37074 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37073 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37072 (There is a Incorrect Calculation of Buffer Size vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37071 (There is a Business Logic Errors vulnerability in Huawei Smartphone.Su ...) + NOT-FOR-US: Huawei +CVE-2021-37070 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37069 (There is a Race Condition vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37068 (There is a Resource Management Errors vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37067 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Huawei +CVE-2021-37066 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37065 (There is a Integer Overflow or Wraparound vulnerability in Huawei Smar ...) + NOT-FOR-US: Huawei +CVE-2021-37064 (There is a Improper Limitation of a Pathname to a Restricted Directory ...) + NOT-FOR-US: Huawei +CVE-2021-37063 (There is a Cryptographic Issues vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37062 (There is a Improper Validation of Array Index vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-37061 (There is a Uncontrolled Resource Consumption vulnerability in Huawei S ...) + NOT-FOR-US: Huawei +CVE-2021-37060 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37059 (There is a Weaknesses Introduced During Design) + NOT-FOR-US: HarmonyOS +CVE-2021-37058 (There is a Permissions,Privileges,and Access Controls vulnerability in ...) + NOT-FOR-US: Huawei +CVE-2021-37057 (There is a Improper Validation of Array Index vulnerability in Huawei ...) + NOT-FOR-US: Huawei +CVE-2021-37056 (There is an Improper permission control vulnerability in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-37055 (There is a Logic bypass vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37054 (There is an Identity spoofing and authentication bypass vulnerability ...) + NOT-FOR-US: Huawei +CVE-2021-37053 (There is a Service logic vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37052 (There is an Exception log vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-37051 (There is an Out-of-bounds read vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37050 (There is a Missing sensitive data encryption vulnerability in Huawei S ...) + NOT-FOR-US: Huawei +CVE-2021-37049 (There is a Heap-based buffer overflow vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37048 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37047 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37046 (There is a Memory leak vulnerability with the codec detection module i ...) + NOT-FOR-US: Huawei +CVE-2021-37045 (There is an UAF vulnerability in Huawei Smartphone.Successful exploita ...) + NOT-FOR-US: Huawei +CVE-2021-37044 (There is a Permission control vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37043 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37042 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37041 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37040 (There is a Parameter injection vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37039 (There is an Input verification vulnerability in Huawei Smartphone.Succ ...) + NOT-FOR-US: Huawei +CVE-2021-37038 (There is an Improper access control vulnerability in Huawei Smartphone ...) + NOT-FOR-US: Huawei +CVE-2021-37037 (There is an Invalid address access vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37036 (There is an information leakage vulnerability in FusionCompute 6.5.1, ...) + NOT-FOR-US: Huawei +CVE-2021-37035 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2021-37034 (There is an Unstandardized field names in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37033 (There is an Injection attack vulnerability in Huawei Smartphone.Succes ...) + NOT-FOR-US: Huawei +CVE-2021-37032 (There is a Bypass vulnerability in Huawei Smartphone.Successful exploi ...) + NOT-FOR-US: Huawei +CVE-2021-37031 (There is a Remote DoS vulnerability in Huawei Smartphone.Successful ex ...) + NOT-FOR-US: Huawei +CVE-2021-37030 (There is an Improper permission vulnerability in Huawei Smartphone.Suc ...) + NOT-FOR-US: Huawei +CVE-2021-37029 (There is an Identity verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37028 (There is a command injection vulnerability in the HG8045Q product. Whe ...) + NOT-FOR-US: Huawei +CVE-2021-37027 (There is a DoS vulnerability in smartphones. Successful exploitation o ...) + NOT-FOR-US: Huawei +CVE-2021-37026 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37025 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37024 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37023 (There is a Improper Access Control vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-37022 (There is a Heap-based Buffer Overflow vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2021-37021 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37020 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37019 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37018 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37017 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37016 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37015 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37014 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37013 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37012 (There is a Data Processing Errors vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-37011 (There is a Stack-based Buffer Overflow vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37010 (There is a Exposure of Sensitive Information to an Unauthorized Actor ...) + NOT-FOR-US: Huawei +CVE-2021-37009 (There is a Configuration vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-37008 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37007 (There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37006 (There is a Improper Preservation of Permissions vulnerability in Huawe ...) + NOT-FOR-US: Huawei +CVE-2021-37005 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37004 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37003 (There is a Improper Input Validation vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-37002 (There is a Memory out-of-bounds access vulnerability in Huawei Smartph ...) + NOT-FOR-US: Huawei +CVE-2021-37001 (There is a Register tampering vulnerability in Huawei Smartphone.Succe ...) + NOT-FOR-US: Huawei +CVE-2021-37000 + RESERVED +CVE-2021-36999 (There is a Buffer overflow vulnerability in Huawei Smartphone.Successf ...) + NOT-FOR-US: Huawei +CVE-2021-36998 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-36997 (There is a Low memory error in Huawei Smartphone due to the unlimited ...) + NOT-FOR-US: Huawei +CVE-2021-36996 (There is an Improper verification vulnerability in Huawei Smartphone.S ...) + NOT-FOR-US: Huawei +CVE-2021-36995 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-36994 (There is a issue that trustlist strings being repeatedly inserted into ...) + NOT-FOR-US: Huawei +CVE-2021-36993 (There is a Memory leaks vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-36992 (There is a Public key verification vulnerability in Huawei Smartphone. ...) + NOT-FOR-US: Huawei +CVE-2021-36991 (There is an Unauthorized file access vulnerability in Huawei Smartphon ...) + NOT-FOR-US: Huawei +CVE-2021-36990 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-36989 (There is a Kernel crash vulnerability in Huawei Smartphone.Successful ...) + NOT-FOR-US: Huawei +CVE-2021-36988 (There is a Parameter verification issue in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-36987 (There is a issue that nodes in the linked list being freed for multipl ...) + NOT-FOR-US: Huawei +CVE-2021-36986 (There is a vulnerability of tampering with the kernel in Huawei Smartp ...) + NOT-FOR-US: Huawei +CVE-2021-36985 (There is a Code injection vulnerability in Huawei Smartphone.Successfu ...) + NOT-FOR-US: Huawei +CVE-2021-36984 + RESERVED +CVE-2021-36983 (replay-sorcery-kms in Replay Sorcery 0.6.0 allows a local attacker to ...) + NOT-FOR-US: ReplaySorcery +CVE-2021-36982 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) + NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices +CVE-2021-36981 (In the server in SerNet verinice before 1.22.2, insecure Java deserial ...) + NOT-FOR-US: SerNet verinice +CVE-2021-3655 (A vulnerability was found in the Linux kernel in versions prior to v5. ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-3 + [buster] - linux 4.19.208-1 +CVE-2021-3654 (A vulnerability was found in openstack-nova's console proxy, noVNC. By ...) + - nova 2:23.0.2-3 (bug #991441) + [bullseye] - nova (Minor issue) + [buster] - nova (Minor issue) + [stretch] - nova (Minor issue) + NOTE: https://bugs.launchpad.net/nova/+bug/1927677 + NOTE: Errata: https://www.openwall.com/lists/oss-security/2021/09/27/1 +CVE-2021-26263 (Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107693 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/ff1db4a6aea522cf3dfc80ca88e64ffecfb5e07c +CVE-2021-23203 (Improper access control in reporting engine of Odoo Community 14.0 thr ...) + {DSA-5399-1} + - odoo 16.0.0+dfsg.1-1 (bug #1035953) + NOTE: https://github.com/odoo/odoo/issues/107695 + NOTE: 14.0 patch at https://github.com/odoo/odoo/commit/f2c1ee5a622db33a4411e7f9285f09387d1d7480 +CVE-2021-23184 + RESERVED +CVE-2021-36980 (Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-f ...) + - openvswitch 2.15.0+ds1-10 (bug #991308) + [bullseye] - openvswitch 2.15.0+ds1-2+deb11u1 + [buster] - openvswitch (Vulnerable code not present, introduced in 2.11) + [stretch] - openvswitch (Vulnerable code not present, introduced in 2.11) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/openvswitch/OSV-2020-2197.yaml + NOTE: https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f + NOTE: https://github.com/openvswitch/ovs/commit/65c61b0c23a0d474696d7b1cea522a5016a8aeb3 + NOTE: https://github.com/openvswitch/ovs/commit/6d67310f4d2524b466b98f05ebccc1add1e8cf35 + NOTE: https://github.com/openvswitch/ovs/commit/77cccc74deede443e8b9102299efc869a52b65b2 + NOTE: https://github.com/openvswitch/ovs/commit/8ce8dc34b5f73b30ce0c1869af9947013c3c6575 + NOTE: https://github.com/openvswitch/ovs/commit/9926637a80d0d243dbf9c49761046895e9d1a8e2 + NOTE: Introduced in: https://github.com/openvswitch/ovs/commit/418a7a84245f5fbe589dd1267463fc9ba27a1dd6 +CVE-2021-36979 (Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (cal ...) + NOT-FOR-US: Unicorn Engine +CVE-2021-36978 (QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer ...) + {DLA-3548-1} + - qpdf 10.1.0-1 + [stretch] - qpdf (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml + NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 (release-qpdf-10.1.0) +CVE-2021-36977 (matio (aka MAT File I/O Library) 1.5.20 and 1.5.21 has a heap-based bu ...) + - libmatio (Vulnerable code not yet present) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2021-440.yaml +CVE-2021-36976 (libarchive 3.4.1 through 3.5.1 has a use-after-free in copy_string (ca ...) + - libarchive 3.6.0-1 (bug #991442) + [bullseye] - libarchive (Minor issue) + [buster] - libarchive (Vulnerable code introduced by 47bb818 in version 3.4.1) + [stretch] - libarchive (Vulnerable code introduced by 47bb818 in version 3.4.1) + NOTE: https://github.com/libarchive/libarchive/issues/1554 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32375 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libarchive/OSV-2021-557.yaml + NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/47bb8187d3ef2d49ee8c7841cb2872b3cfa1f6f7 (v3.4.1) + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/17f4e83c0f0fc3bacf4b2bbacb01f987bb5aff5f (v3.6.0) +CVE-2021-36975 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-36974 (Windows SMB Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36973 (Windows Redirected Drive Buffering System Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-36972 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-36971 + RESERVED +CVE-2021-36970 (Windows Print Spooler Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36969 (Windows Redirected Drive Buffering SubSystem Driver Information Disclo ...) + NOT-FOR-US: Microsoft +CVE-2021-36968 (Windows DNS Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36967 (Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36966 (Windows Subsystem for Linux Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36965 (Windows WLAN AutoConfig Service Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36964 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36963 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-36962 (Windows Installer Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36961 (Windows Installer Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36960 (Windows SMB Information Disclosure Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-36959 (Windows Authenticode Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36958 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36957 (Windows Desktop Bridge Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36956 (Azure Sphere Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36955 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-36954 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36953 (Windows TCP/IP Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36952 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36951 + RESERVED +CVE-2021-36950 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-36949 (Microsoft Azure Active Directory Connect Authentication Bypass Vulnera ...) + NOT-FOR-US: Microsoft +CVE-2021-36948 (Windows Update Medic Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36947 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36946 (Microsoft Dynamics Business Central Cross-site Scripting Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36945 (Windows 10 Update Assistant Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36944 + RESERVED +CVE-2021-36943 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-36942 (Windows LSA Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36941 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36940 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36939 + RESERVED +CVE-2021-36938 (Windows Cryptographic Primitives Library Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-36937 (Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36936 (Windows Print Spooler Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-36935 + RESERVED +CVE-2021-36934 (Windows Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36933 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36932 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36931 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36930 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36929 (Microsoft Edge (Chromium-based) Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-36928 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability T ...) + NOT-FOR-US: Microsoft +CVE-2021-36927 (Windows Digital TV Tuner device registration application Elevation of ...) + NOT-FOR-US: Microsoft +CVE-2021-36926 (Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vuln ...) + NOT-FOR-US: Microsoft +CVE-2021-36925 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36924 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36923 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36922 (RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio t ...) + NOT-FOR-US: Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio +CVE-2021-36921 (AIMANAGER before B115 on MONITORAPP Application Insight Web Applicatio ...) + NOT-FOR-US: MONITORAPP Application Insight Web Application Firewall (AIWAF) devices +CVE-2021-36920 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability disco ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36919 (Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36918 + RESERVED +CVE-2021-36917 (WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36916 (The SQL injection vulnerability in the Hide My WP WordPress plugin (ve ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36915 (Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36914 (Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected C ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36913 (Unauthenticated Options Change and Content Injection vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36912 (Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36911 (Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36910 (Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36909 (Authenticated Database Reset vulnerability in WordPress WP Reset PRO P ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36908 (Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36907 + RESERVED +CVE-2021-36906 (Multiple Insecure Direct Object References (IDOR) vulnerabilities in E ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36905 (Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulner ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36904 + RESERVED +CVE-2021-36903 + RESERVED +CVE-2021-36902 + RESERVED +CVE-2021-36901 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36900 + RESERVED +CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerabil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36898 (Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36897 + RESERVED +CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36895 (Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36894 + RESERVED +CVE-2021-36893 (Authenticated (author or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36892 + RESERVED +CVE-2021-36891 (Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Su ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36890 (Cross-Site Request Forgery (CSRF) vulnerability in Social Share Button ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36889 (Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36888 (Unauthenticated Arbitrary Options Update vulnerability leading to full ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36887 (Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36886 (Cross-Site Request Forgery (CSRF) vulnerability discovered in Contact ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36885 (Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discov ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36884 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability disc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36883 + RESERVED +CVE-2021-36882 + RESERVED +CVE-2021-36881 + RESERVED +CVE-2021-36880 (Unauthenticated SQL Injection (SQLi) vulnerability in WordPress uListi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36879 (Unauthenticated Privilege Escalation vulnerability in WordPress uListi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36878 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36877 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress uListing ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36876 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in WordPres ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36875 (Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in Wo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36874 (Authenticated Insecure Direct Object References (IDOR) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36873 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36872 (Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36871 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36870 (Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36869 (Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36868 + RESERVED +CVE-2021-36867 (Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36866 (Authenticated (author or higher role) Stored Cross-Site Scripting (XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in ExpressTech ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36864 (Auth. (editor+) Reflected Cross-Site Scripting (XSS) vulnerability in ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36863 (Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36862 + RESERVED +CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Sta ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36860 + RESERVED +CVE-2021-36859 + RESERVED +CVE-2021-36858 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Them ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36856 + RESERVED +CVE-2021-36855 (Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulne ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36854 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36853 + RESERVED +CVE-2021-36852 (Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36851 (Authenticated (editor or higher user role) Cross-Site Scripting (XSS) ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36850 (Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media Fil ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36849 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36848 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36847 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36846 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36845 (Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabiliti ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36844 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36843 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability discover ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36842 + RESERVED +CVE-2021-36841 (Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36840 + RESERVED +CVE-2021-36839 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36838 + RESERVED +CVE-2021-36837 + RESERVED +CVE-2021-36836 + RESERVED +CVE-2021-36835 + RESERVED +CVE-2021-36834 + RESERVED +CVE-2021-36833 (Authenticated (admin or higher user role) Stored Cross-Site Scripting ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36832 (WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin \u201 ...) + NOT-FOR-US: WordPress plugins +CVE-2021-36831 + RESERVED +CVE-2021-36830 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36829 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36828 (Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Mainten ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36827 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Satu ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36826 (Authenticated (subscriber or higher user role if allowed to access pro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36825 + RESERVED +CVE-2021-36824 + RESERVED +CVE-2021-36823 (Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress Abs ...) + NOT-FOR-US: WordPress plugin +CVE-2021-36822 + RESERVED +CVE-2021-36821 (Unauth. Stored Cross-Site Scripting (XSS) vulnerability in WPMU DEV Fo ...) + NOT-FOR-US: WMPU +CVE-2021-36820 + REJECTED +CVE-2021-36819 + REJECTED +CVE-2021-36818 + REJECTED +CVE-2021-36817 + REJECTED +CVE-2021-36816 + REJECTED +CVE-2021-36815 + REJECTED +CVE-2021-36814 + REJECTED +CVE-2021-36813 + REJECTED +CVE-2021-36812 + REJECTED +CVE-2021-36811 + REJECTED +CVE-2021-36810 + REJECTED +CVE-2021-36809 (A local attacker can overwrite arbitrary files on the system with VPN ...) + NOT-FOR-US: Sophos +CVE-2021-36808 (A local attacker could bypass the app password using a race condition ...) + NOT-FOR-US: Sophos +CVE-2021-36807 (An authenticated user could potentially execute code via an SQLi vulne ...) + NOT-FOR-US: Sophos +CVE-2021-36806 (A reflected XSS vulnerability allows an open redirect when the victim ...) + NOT-FOR-US: Sophos +CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm.) + NOT-FOR-US: Unicorn Engine +CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...) + - libass 1:0.15.0-2 + [buster] - libass (Vulnerable code not present) + [stretch] - libass (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml + NOTE: Introduced by: https://github.com/libass/libass/commit/910211f1c0078e37546f73e95306724358b89be2 (0.15.0) + NOTE: Fixed by: https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 (0.15.1) +CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds ...) + NOT-FOR-US: open62541 +CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...) + - libmatio 1.5.22-1 (bug #991370) + [bullseye] - libmatio (Minor issue) + [buster] - libmatio (Vulnerable code not present, introduced in 1.5.18) + [stretch] - libmatio (Vulnerable code not present, introduced in 1.5.18) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml +CVE-2019-25051 (objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acom ...) + {DSA-4948-1 DLA-2720-1} + - aspell 0.60.8-3 (bug #991307) + NOTE: https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/aspell/OSV-2020-521.yaml + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18462 +CVE-2019-25050 (netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow i ...) + - gdal 3.1.0+dfsg-1 + [buster] - gdal (Vulnerable code not present) + [stretch] - gdal (Vulnerable code not present) + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-420.yaml + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/gdal/OSV-2020-392.yaml + NOTE: https://github.com/OSGeo/gdal/commit/767e3a56144f676ca738ef8f700e0e56035bd05a (v3.1.0RC1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15143 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15156 +CVE-2021-36805 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) + NOT-FOR-US: Akaunting +CVE-2021-36804 (Akaunting version 2.1.12 and earlier suffers from a password reset spo ...) + NOT-FOR-US: Akaunting +CVE-2021-36803 (Akaunting version 2.1.12 and earlier suffers from a persistent (type I ...) + NOT-FOR-US: Akaunting +CVE-2021-36802 (Akaunting version 2.1.12 and earlier suffers from a denial-of-service ...) + NOT-FOR-US: Akaunting +CVE-2021-36801 (Akaunting version 2.1.12 and earlier suffers from an authentication by ...) + NOT-FOR-US: Akaunting +CVE-2021-36800 (Akaunting version 2.1.12 and earlier suffers from a code injection iss ...) + NOT-FOR-US: Akaunting +CVE-2021-36799 (KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with ...) + NOT-FOR-US: KNX ETS5 +CVE-2021-36798 (A Denial-of-Service (DoS) vulnerability was discovered in Team Server ...) + NOT-FOR-US: HelpSystems Cobalt Strike +CVE-2021-36797 (In Victron Energy Venus OS through 2.72, root access is granted by def ...) + NOT-FOR-US: Victron Energy Venus OS +CVE-2021-36796 + RESERVED +CVE-2021-36795 (A permission issue in the Cohesity Linux agent may allow privilege esc ...) + NOT-FOR-US: Cohesity +CVE-2021-36794 (In Siren Investigate before 11.1.4, when enabling the cluster feature ...) + NOT-FOR-US: Siren Investigate +CVE-2021-36793 (The routes (aka Extbase Yaml Routes) extension before 2.1.1 for TYPO3, ...) + NOT-FOR-US: routes (aka Extbase Yaml Routes) extension for TYPO3 +CVE-2021-36792 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36791 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36790 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36789 (The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allo ...) + NOT-FOR-US: dated_news (aka Dated News) extension for TYPO3 +CVE-2021-36788 (The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows ...) + NOT-FOR-US: yoast_seo (aka Yoast SEO) extension for TYPO3 +CVE-2021-36787 (The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 al ...) + NOT-FOR-US: femanager extension for TYPO3 +CVE-2021-36786 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) + NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 +CVE-2021-36785 (The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for T ...) + NOT-FOR-US: miniorange_saml (aka Miniorange Saml) extension for TYPO3 +CVE-2021-36784 (A Improper Privilege Management vulnerability in SUSE Rancher allows u ...) + NOT-FOR-US: Rancher +CVE-2021-36783 (A Insufficiently Protected Credentials vulnerability in SUSE Rancher a ...) + NOT-FOR-US: Rancher +CVE-2021-36782 (A Cleartext Storage of Sensitive Information vulnerability in SUSE Ran ...) + NOT-FOR-US: Rancher +CVE-2021-36781 (A Incorrect Default Permissions vulnerability in the parsec package of ...) + NOT-FOR-US: Parsec +CVE-2021-36780 (A Missing Authentication for Critical Function vulnerability in longho ...) + NOT-FOR-US: Longhorn +CVE-2021-36779 (A Missing Authentication for Critical Function vulnerability in SUSE L ...) + NOT-FOR-US: Longhorn +CVE-2021-36778 (A Incorrect Authorization vulnerability in SUSE Rancher allows adminis ...) + NOT-FOR-US: Rancher +CVE-2021-36777 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) + NOT-FOR-US: OpenSuSE infrastructure +CVE-2021-36776 (A Improper Access Control vulnerability in SUSE Rancher allows remote ...) + NOT-FOR-US: Rancher +CVE-2021-36775 (a Improper Access Control vulnerability in SUSE Rancher allows users t ...) + NOT-FOR-US: Rancher +CVE-2021-3653 (A flaw was found in the KVM's AMD code for supporting SVM nested virtu ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/08/16/1 +CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...) + - gthumb 3:3.11.1-0.1 (unimportant) + NOTE: https://mail.gnome.org/archives/gthumb-list/2020-September/msg00001.html + NOTE: https://github.com/GNOME/gthumb/commit/e79b4519cc6e27388ddd3f095e97d1559cb47616 + NOTE: Crash in CLI tool, no security impact +CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) +CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) + NOTE: https://github.com/ARMmbed/mbedtls/issues/3340 + NOTE: https://github.com/ARMmbed/mbedtls/pull/3433 +CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 +CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) +CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) +CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 + [stretch] - mbedtls (Minor issue) + NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 +CVE-2021-36774 (Apache Kylin allows users to read data from other database systems usi ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-36773 (uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitr ...) + {DLA-3062-1} + - ublock-origin 1.37.0+dfsg-1 (bug #991386) + [bullseye] - ublock-origin 1.37.0+dfsg-1~deb11u1 + [buster] - ublock-origin 1.37.0+dfsg-1~deb10u1 + - umatrix (bug #991344) + [buster] - umatrix (Minor issue) + NOTE: https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc +CVE-2021-36772 (Zoho ManageEngine ADManager Plus before 7110 allows stored XSS.) + NOT-FOR-US: Zoho +CVE-2021-36771 (Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS.) + NOT-FOR-US: Zoho +CVE-2021-36770 (Encode.pm, as distributed in Perl through 5.34.0, allows local users t ...) + - libencode-perl 3.08-2 + [bullseye] - libencode-perl 3.08-1+deb11u1 + [buster] - libencode-perl (Vulnerable code introduced later) + [stretch] - libencode-perl (Vulnerable code introduced later) + - perl 5.32.1-5 + [bullseye] - perl 5.32.1-4+deb11u1 + [buster] - perl (Vulnerable code introduced later) + [stretch] - perl (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/dankogai/p5-encode/commit/9c5f5a307863b66da3701f6c7d13139aa20179b8 (3.05) + NOTE: Fixed by: https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 (3.12) + NOTE: Introduced by: https://github.com/Perl/perl5/commit/8ced1423dbb2a874f2d95e9c5c4c46960c2bf318 (v5.32.0-RC0) + NOTE: Fixed by: https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 +CVE-2021-36769 (A reordering issue exists in Telegram before 7.8.1 for Android, Telegr ...) + [experimental] - telegram-desktop 2.9.0+ds-1 + - telegram-desktop 2.9.2+ds-1 (bug #991493) + [bullseye] - telegram-desktop (Minor issue) + [buster] - telegram-desktop (Minor issue) + NOTE: https://mtpsym.github.io/ +CVE-2021-36768 + RESERVED +CVE-2021-3652 (A flaw was found in 389-ds-base. If an asterisk is imported as passwor ...) + {DLA-3399-1} + - 389-ds-base 1.4.4.17-1 (bug #991405) + [bullseye] - 389-ds-base (Minor issue) + [stretch] - 389-ds-base (Minor issue) + NOTE: https://github.com/389ds/389-ds-base/issues/4817 + NOTE: https://github.com/389ds/389-ds-base/commit/aeb90eb0c41fc48541d983f323c627b2e6c328c7 (master) + NOTE: https://github.com/389ds/389-ds-base/commit/c1926dfc6591b55c4d33f9944de4d7ebe077e964 (1.4.4.x) +CVE-2021-36767 (In Digi RealPort through 4.10.490, authentication relies on a challeng ...) + NOT-FOR-US: Digi RealPort +CVE-2021-36766 (Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable co ...) + NOT-FOR-US: Concrete5 +CVE-2021-36765 (In CODESYS EtherNetIP before 4.1.0.0, specific EtherNet/IP requests ma ...) + NOT-FOR-US: CODESYS EtherNetIP +CVE-2021-36764 (In CODESYS Gateway V3 before 3.5.17.10, there is a NULL Pointer Derefe ...) + NOT-FOR-US: CODESYS Gateway +CVE-2021-36763 (In CODESYS V3 web server before 3.5.17.10, files or directories are ac ...) + NOT-FOR-US: CODESYS V3 web server +CVE-2021-36762 (An issue was discovered in HCC Embedded InterNiche NicheStack through ...) + NOT-FOR-US: HCC Embedded InterNiche NicheStack +CVE-2021-36761 (The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF.) + NOT-FOR-US: Qlik +CVE-2021-36760 (In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server ...) + NOT-FOR-US: WSO2 +CVE-2021-36759 + RESERVED +CVE-2021-3651 + REJECTED +CVE-2021-36758 (1Password Connect server before 1.2 is missing validation checks, perm ...) + NOT-FOR-US: 1Password +CVE-2021-36757 + RESERVED +CVE-2021-36756 (CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate ...) + NOT-FOR-US: CFEngine Enterprise +CVE-2021-36755 (Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via ...) + NOT-FOR-US: Nightscout Web Monitor +CVE-2021-36754 (PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to cra ...) + - pdns (Vulnerable code introduced in 4.5.0) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/26/2 +CVE-2021-36753 (sharkdp BAT before 0.18.2 executes less.exe from the current working d ...) + NOT-FOR-US: sharkdp BAT +CVE-2021-36752 + RESERVED +CVE-2021-36751 (ENC DataVault 7.2.3 and before, and OEM versions, use an encryption al ...) + NOT-FOR-US: ENC DataVault +CVE-2021-36750 (ENC DataVault before 7.2 and VaultAPI v67 mishandle key derivation, ma ...) + NOT-FOR-US: ENC +CVE-2021-36749 (In the Druid ingestion system, the InputSource is used for reading dat ...) + - druid (bug #825797) + NOTE: https://www.openwall.com/lists/oss-security/2021/09/24/1 +CVE-2021-3650 + RESERVED +CVE-2021-3649 (chatwoot is vulnerable to Inefficient Regular Expression Complexity) + NOT-FOR-US: chatwoot +CVE-2021-36748 (A SQL Injection issue in the list controller of the Prestahome Blog (a ...) + NOT-FOR-US: Prestahome Blog +CVE-2021-36747 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) + NOT-FOR-US: Blackboard Learn +CVE-2021-36746 (Blackboard Learn through 9.1 allows XSS by an authenticated user via t ...) + NOT-FOR-US: Blackboard Learn +CVE-2020-36420 (Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service ...) + - polipo + [buster] - polipo (Minor issue) + [stretch] - polipo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1 +CVE-2021-36745 (A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerPr ...) + NOT-FOR-US: Trend Micro +CVE-2021-36744 (Trend Micro Security (Consumer) 2021 and 2020 are vulnerable to a dire ...) + NOT-FOR-US: Trend Micro +CVE-2021-36743 + RESERVED +CVE-2021-36742 (A improper input validation vulnerability in Trend Micro Apex One, Ape ...) + NOT-FOR-US: Trend Micro +CVE-2021-36741 (An improper input validation vulnerability in Trend Micro Apex One, Ap ...) + NOT-FOR-US: Trend Micro +CVE-2021-3648 + REJECTED +CVE-2021-3647 (URI.js is vulnerable to URL Redirection to Untrusted Site) + NOT-FOR-US: URI.js +CVE-2021-3646 (btcpayserver is vulnerable to Improper Neutralization of Input During ...) + NOT-FOR-US: btcpayserver +CVE-2021-3645 (merge is vulnerable to Improperly Controlled Modification of Object Pr ...) + NOT-FOR-US: Node viking04/merge +CVE-2021-3644 (A flaw was found in wildfly-core in all versions. If a vault expressio ...) + - wildfly (bug #752018) +CVE-2020-36419 + RESERVED +CVE-2021-36739 (The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCB ...) + NOT-FOR-US: Apache Pluto MVCBean JSP portlet +CVE-2021-36738 (The input fields in the JSP version of the Apache Pluto Applicant MVCB ...) + NOT-FOR-US: Apache Pluto Applicant MVCBean CDI portlet +CVE-2021-36737 (The input fields of the Apache Pluto UrlTestPortlet are vulnerable to ...) + NOT-FOR-US: Apache Pluto UrlTestPortlet +CVE-2021-36736 + REJECTED +CVE-2021-36735 + REJECTED +CVE-2021-36734 + REJECTED +CVE-2021-36733 + RESERVED +CVE-2021-36732 + RESERVED +CVE-2021-36731 + RESERVED +CVE-2021-36730 + RESERVED +CVE-2021-36729 + RESERVED +CVE-2021-36728 + RESERVED +CVE-2021-36727 + RESERVED +CVE-2021-36740 (Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL a ...) + {DSA-5088-1} + - varnish 6.5.2-1 (bug #991040) + [stretch] - varnish (HTTP/2 support is marked experimental in 5.0 and enabling is not recommended, code is quite different) + NOTE: https://varnish-cache.org/security/VSV00007.html + NOTE: https://github.com/varnishcache/varnish-cache/commit/9be22198e258d0e7a5c41f4291792214a29405cf (6.0.8) + NOTE: https://github.com/varnishcache/varnish-cache/commit/82b0a629f60136e76112c6f2c6372cce77b683be (6.5.2) +CVE-2021-36726 + RESERVED +CVE-2021-36725 + RESERVED +CVE-2021-36724 (ForeScout - SecureConnector Local Service DoS - A low privilaged user ...) + NOT-FOR-US: ForeScout - SecureConnector +CVE-2021-36723 (Emuse - eServices / eNvoice Exposure Of Private Personal Information d ...) + NOT-FOR-US: Emuse - eServices / eNvoice +CVE-2021-36722 (Emuse - eServices / eNvoice SQL injection can be used in various ways ...) + NOT-FOR-US: Emuse - eServices / eNvoice +CVE-2021-36721 (Sysaid API User Enumeration - Attacker sending requests to specific ap ...) + NOT-FOR-US: Sysaid API +CVE-2021-36720 (PineApp - Mail Secure - Attacker sending a request to :/blocking.php?u ...) + NOT-FOR-US: PineApp - Mail Secure +CVE-2021-36719 (PineApp - Mail Secure - The attacker must be logged in as a user to th ...) + NOT-FOR-US: PineApp - Mail Secure +CVE-2021-36718 (SYNEL - eharmonynew / Synel Reports - The attacker can log in to the s ...) + NOT-FOR-US: SYNEL - eharmonynew / Synel Reports +CVE-2021-36717 (Synerion TimeNet version 9.21 contains a directory traversal vulnerabi ...) + NOT-FOR-US: Synerion TimeNet +CVE-2021-36716 (A ReDoS (regular expression denial of service) flaw was found in the S ...) + NOT-FOR-US: Node is-email +CVE-2021-3643 (A flaw was found in sox 14.4.1. The lsx_adpcm_init function within lib ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.2 (bug #1010374) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1980626 + NOTE: Triggered by same reproducer as for CVE-2021-23210 + NOTE: https://sourceforge.net/p/sox/bugs/351/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-38193 (An issue was discovered in the ammonia crate before 3.1.0 for Rust. XS ...) + - rust-ammonia 3.1.2-1 (bug #991497) + NOTE: https://github.com/rust-ammonia/ammonia/commit/4b8426b89b861d9bea20e126576b0febb9d13515 + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0074.html +CVE-2021-38191 (An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon ...) + - rust-tokio (Introduced in 0.3.0) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0072.html + NOTE: https://github.com/tokio-rs/tokio/issues/3929 + NOTE: https://github.com/tokio-rs/tokio/pull/3934 + NOTE: https://github.com/tokio-rs/tokio/pull/3934/commits/84394949228d11d1f68925e26f36c435946b9d11 +CVE-2021-36715 + RESERVED +CVE-2021-36714 + RESERVED +CVE-2021-36713 (Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9 ...) + NOT-FOR-US: DataTables +CVE-2021-36712 (Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attacker ...) + NOT-FOR-US: yzmcms +CVE-2021-36711 (WebInterface in OctoBot before 0.4.4 allows remote code execution beca ...) + NOT-FOR-US: OctoBot +CVE-2021-36710 (ToaruOS 1.99.2 is affected by incorrect access control via the kernel. ...) + NOT-FOR-US: ToaruOS +CVE-2021-36709 + RESERVED +CVE-2021-36708 (In ProLink PRC2402M V1.0.18 and older, the set_sys_init function in th ...) + NOT-FOR-US: ProLink +CVE-2021-36707 (In ProLink PRC2402M V1.0.18 and older, the set_ledonoff function in th ...) + NOT-FOR-US: ProLink +CVE-2021-36706 (In ProLink PRC2402M V1.0.18 and older, the set_sys_cmd function in the ...) + NOT-FOR-US: ProLink +CVE-2021-36705 (In ProLink PRC2402M V1.0.18 and older, the set_TR069 function in the a ...) + NOT-FOR-US: ProLink +CVE-2021-36704 + RESERVED +CVE-2021-36703 (The "blog title" field in the "Settings" menu "config" page of "dashbo ...) + NOT-FOR-US: htmly +CVE-2021-36702 (The "content" field in the "regular post" page of the "add content" me ...) + NOT-FOR-US: htmly +CVE-2021-36701 (In htmly version 2.8.1, is vulnerable to an Arbitrary File Deletion on ...) + NOT-FOR-US: htmly +CVE-2021-36700 + RESERVED +CVE-2021-36699 + RESERVED +CVE-2021-36698 (Pandora FMS through 755 allows XSS via a new Event Filter with a craft ...) + NOT-FOR-US: Pandora FMS +CVE-2021-36697 (With an admin account, the .htaccess file in Artica Pandora FMS <=755 ...) + NOT-FOR-US: Pandora FMS +CVE-2021-36696 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) + NOT-FOR-US: Deskpro +CVE-2021-36695 (Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 202 ...) + NOT-FOR-US: Deskpro +CVE-2021-36694 + RESERVED +CVE-2021-36693 + RESERVED +CVE-2021-36692 (libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/c ...) + - jpeg-xl (Fixed before initial upload to Debian) + NOTE: https://github.com/libjxl/libjxl/issues/308 + NOTE: https://github.com/libjxl/libjxl/pull/313 + NOTE: https://github.com/libjxl/libjxl/commit/7dfa400ded53919d986c5d3d23446a09e0cf481b (v0.5) +CVE-2021-36691 (libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image ...) + - jpeg-xl (unimportant) + NOTE: https://github.com/libjxl/libjxl/issues/422 + NOTE: Special case of https://github.com/libjxl/libjxl/issues/762 + NOTE: Negligible security impact +CVE-2021-36690 (A segmentation fault can occur in the sqlite3.exe command-line compone ...) + - sqlite3 3.36.0-2 (unimportant) + [stretch] - sqlite3 (vulnerable code is not present) + - sqlite (Vulnerable code is not present) + NOTE: https://www.sqlite.org/forum/forumpost/718c0a8d17 +CVE-2021-36689 (An issue discovered in com.samourai.wallet.PinEntryActivity.java in St ...) + NOT-FOR-US: com.samourai.wallet.PinEntryActivity.java +CVE-2021-36688 + RESERVED +CVE-2021-36687 + RESERVED +CVE-2021-36686 (Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attacker ...) + NOT-FOR-US: yapi +CVE-2021-36685 + RESERVED +CVE-2021-36684 + RESERVED +CVE-2021-36683 + RESERVED +CVE-2021-36682 + RESERVED +CVE-2021-36681 + RESERVED +CVE-2021-36680 + RESERVED +CVE-2021-36679 + RESERVED +CVE-2021-36678 + RESERVED +CVE-2021-36677 + RESERVED +CVE-2021-36676 + RESERVED +CVE-2021-36675 + RESERVED +CVE-2021-36674 + RESERVED +CVE-2021-36673 + RESERVED +CVE-2021-36672 + RESERVED +CVE-2021-36671 + RESERVED +CVE-2021-36670 + RESERVED +CVE-2021-36669 + RESERVED +CVE-2021-36668 (URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to for ...) + NOT-FOR-US: Druva inSync +CVE-2021-36667 (Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allow ...) + NOT-FOR-US: Druva inSync +CVE-2021-36666 (An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to ...) + NOT-FOR-US: Druva inSync +CVE-2021-36665 (An issue was discovered in Druva 6.9.0 for macOS, allows attackers to ...) + NOT-FOR-US: Druva inSync +CVE-2021-36664 + RESERVED +CVE-2021-36663 + RESERVED +CVE-2021-36662 + RESERVED +CVE-2021-36661 + RESERVED +CVE-2021-36660 + RESERVED +CVE-2021-36659 + RESERVED +CVE-2021-36658 + RESERVED +CVE-2021-36657 + RESERVED +CVE-2021-36656 + RESERVED +CVE-2021-36655 + RESERVED +CVE-2021-36654 (CMSuno 1.7 is vulnerable to an authenticated stored cross site scripti ...) + NOT-FOR-US: CMSuno +CVE-2021-36653 + RESERVED +CVE-2021-36652 + RESERVED +CVE-2021-36651 + RESERVED +CVE-2021-36650 + RESERVED +CVE-2021-36649 + RESERVED +CVE-2021-36648 + RESERVED +CVE-2021-36647 (Use of a Broken or Risky Cryptographic Algorithm in the function mbedt ...) + - mbedtls 2.16.11-0.1 + [bullseye] - mbedtls (Minor issue) + [buster] - mbedtls (Minor issue) + NOTE: https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/mbedtls-security-advisory-2021-07-1/ +CVE-2021-36646 (A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows ...) + NOT-FOR-US: KodExplorer +CVE-2021-36645 + RESERVED +CVE-2021-36644 + RESERVED +CVE-2021-36643 + RESERVED +CVE-2021-36642 + RESERVED +CVE-2021-36641 + RESERVED +CVE-2021-36640 + RESERVED +CVE-2021-36639 + RESERVED +CVE-2021-36638 + RESERVED +CVE-2021-36637 + RESERVED +CVE-2021-36636 + RESERVED +CVE-2021-36635 + RESERVED +CVE-2021-36634 + RESERVED +CVE-2021-36633 + RESERVED +CVE-2021-36632 + RESERVED +CVE-2021-36631 (Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and ...) + NOT-FOR-US: Baidunetdisk +CVE-2021-36630 (DDOS reflection amplification vulnerability in eAut module of Ruckus W ...) + NOT-FOR-US: Ruckus +CVE-2021-36629 + RESERVED +CVE-2021-36628 + REJECTED +CVE-2021-36627 + RESERVED +CVE-2021-36626 + RESERVED +CVE-2021-36625 (An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixe ...) + - dolibarr +CVE-2021-36624 (Sourcecodester Phone Shop Sales Managements System version 1.0 suffers ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36623 (Arbitrary File Upload in Sourcecodester Phone Shop Sales Management Sy ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36622 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affect ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36621 (Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulner ...) + NOT-FOR-US: Sourcecodester +CVE-2021-36620 + RESERVED +CVE-2021-36619 + RESERVED +CVE-2021-36618 + RESERVED +CVE-2021-36617 + RESERVED +CVE-2021-36616 + RESERVED +CVE-2021-36615 + RESERVED +CVE-2021-36614 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2021-36613 (Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruptio ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2021-36612 + RESERVED +CVE-2021-36611 + RESERVED +CVE-2021-36610 + RESERVED +CVE-2021-36609 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...) + NOT-FOR-US: webTareas +CVE-2021-36608 (Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Na ...) + NOT-FOR-US: webTareas +CVE-2021-36607 + RESERVED +CVE-2021-36606 + RESERVED +CVE-2021-36605 (engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is ...) + NOT-FOR-US: engineercms +CVE-2021-36604 + RESERVED +CVE-2021-36603 (Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote att ...) + NOT-FOR-US: tasmota +CVE-2021-36602 + RESERVED +CVE-2021-36601 (GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerabilit ...) + NOT-FOR-US: GetSimpleCMS +CVE-2021-36600 + RESERVED +CVE-2021-36599 + RESERVED +CVE-2021-36598 + RESERVED +CVE-2021-36597 + RESERVED +CVE-2021-36596 + RESERVED +CVE-2021-36595 + RESERVED +CVE-2021-36594 + RESERVED +CVE-2021-36593 + RESERVED +CVE-2021-36592 + RESERVED +CVE-2021-36591 + RESERVED +CVE-2021-36590 + RESERVED +CVE-2021-36589 + RESERVED +CVE-2021-36588 + RESERVED +CVE-2021-36587 + RESERVED +CVE-2021-36586 + RESERVED +CVE-2021-36585 + RESERVED +CVE-2021-36584 (An issue was discovered in GPAC 1.0.1. There is a heap-based buffer ov ...) + - gpac 2.0.0+dfsg1-2 (bug #991965) + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1842 + NOTE: https://github.com/gpac/gpac/commit/13442ec1c401a4181ba6d7f79c27df6054c817c7 (v2.0.0) +CVE-2021-36583 + RESERVED +CVE-2021-36582 (In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., ...) + NOT-FOR-US: Kooboo CMS +CVE-2021-36581 (Kooboo CMS 2.1.1.0 is vulnerable to Insecure file upload. It is possib ...) + NOT-FOR-US: Kooboo CMS +CVE-2021-36580 (Open Redirect vulnerability exists in IceWarp MailServer IceWarp Serve ...) + NOT-FOR-US: IceWarp MailServer +CVE-2021-36579 + RESERVED +CVE-2021-36578 + RESERVED +CVE-2021-36577 + RESERVED +CVE-2021-36576 + RESERVED +CVE-2021-36575 + RESERVED +CVE-2021-36574 + RESERVED +CVE-2021-36573 (File Upload vulnerability in Feehi CMS thru 2.1.1 allows attackers to ...) + NOT-FOR-US: Feehi CMS +CVE-2021-36572 (Cross Site Scripting (XSS) vulnerability in Feehi CMS thru 2.1.1 allow ...) + NOT-FOR-US: Feehi CMS +CVE-2021-36571 + RESERVED +CVE-2021-36570 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) + NOT-FOR-US: FUEL-CMS +CVE-2021-36569 (Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows rem ...) + NOT-FOR-US: FUEL-CMS +CVE-2021-36568 (In certain Moodle products after creating a course, it is possible to ...) + - moodle +CVE-2021-36567 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) + NOT-FOR-US: ThinkPHP +CVE-2021-36566 + RESERVED +CVE-2021-36565 + RESERVED +CVE-2021-36564 (ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerabil ...) + NOT-FOR-US: ThinkPHP +CVE-2021-36563 (The CheckMK management web console (versions 1.5.0 to 2.0.0) does not ...) + - check-mk +CVE-2021-36562 + RESERVED +CVE-2021-36561 + RESERVED +CVE-2021-36560 (Phone Shop Sales Managements System using PHP with Source Code 1.0 is ...) + NOT-FOR-US: Phone Shop Sales Managements System +CVE-2021-36559 + RESERVED +CVE-2021-36558 + RESERVED +CVE-2021-36557 + RESERVED +CVE-2021-36556 + RESERVED +CVE-2021-36555 + RESERVED +CVE-2021-36554 + RESERVED +CVE-2021-36553 + RESERVED +CVE-2021-36552 + RESERVED +CVE-2021-36551 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + - tikiwiki +CVE-2021-36550 (TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) ...) + - tikiwiki +CVE-2021-36549 + RESERVED +CVE-2021-36548 (A remote code execution (RCE) vulnerability in the component /admin/in ...) + NOT-FOR-US: Monstra CMS +CVE-2021-36547 (A remote code execution (RCE) vulnerability in the component /codebase ...) + NOT-FOR-US: Mara CMS +CVE-2021-36546 (Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote ...) + NOT-FOR-US: KiteCMS +CVE-2021-36545 (Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote at ...) + NOT-FOR-US: tpcms +CVE-2021-36544 (Incorrect Access Control issue discovered in tpcms 3.2 allows remote a ...) + NOT-FOR-US: tpcms +CVE-2021-36543 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDo ...) + NOT-FOR-US: SeedDMS +CVE-2021-36542 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.LockDocu ...) + NOT-FOR-US: SeedDMS +CVE-2021-36541 + RESERVED +CVE-2021-36540 + RESERVED +CVE-2021-36539 (Instructure Canvas LMS didn't properly deny access to locked/unpublish ...) + NOT-FOR-US: Instructure Canvas LMS +CVE-2021-36538 (Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1 ...) + NOT-FOR-US: Gurock TestRail +CVE-2021-36537 + RESERVED +CVE-2021-36536 + RESERVED +CVE-2021-36535 (Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attack ...) + NOT-FOR-US: Cesanta mJS +CVE-2021-36534 + RESERVED +CVE-2021-36533 + RESERVED +CVE-2021-36532 (Race condition vulnerability discovered in portfolioCMS 1.0 allows rem ...) + NOT-FOR-US: portfolioCMS +CVE-2021-36531 (ngiflib 0.4 has a heap overflow in GetByte() at ngiflib.c:70 in NGIFLI ...) + NOT-FOR-US: ngiflib +CVE-2021-36530 (ngiflib 0.4 has a heap overflow in GetByteStr() at ngiflib.c:108 in NG ...) + NOT-FOR-US: ngiflib +CVE-2021-36529 + RESERVED +CVE-2021-36528 + RESERVED +CVE-2021-36527 + RESERVED +CVE-2021-36526 + RESERVED +CVE-2021-36525 + RESERVED +CVE-2021-36524 + RESERVED +CVE-2021-36523 + RESERVED +CVE-2021-36522 + RESERVED +CVE-2021-36521 + RESERVED +CVE-2021-36520 (A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a ...) + NOT-FOR-US: I-Tech Trainsmart +CVE-2021-36519 + RESERVED +CVE-2021-36518 + RESERVED +CVE-2021-36517 + RESERVED +CVE-2021-36516 + RESERVED +CVE-2021-36515 + RESERVED +CVE-2021-36514 + RESERVED +CVE-2021-36513 (An issue was discovered in function sofia_handle_sip_i_notify in sofia ...) + - freeswitch (bug #389591) +CVE-2021-36512 (An issue was discovered in function scanallsubs in src/sbbs3/scansubs. ...) + NOT-FOR-US: Synchronet BBS +CVE-2021-36511 + RESERVED +CVE-2021-36510 + RESERVED +CVE-2021-36509 + RESERVED +CVE-2021-36508 + RESERVED +CVE-2021-36507 + RESERVED +CVE-2021-36506 + RESERVED +CVE-2021-36505 + RESERVED +CVE-2021-36504 + RESERVED +CVE-2021-36503 (SQL injection vulnerability in native-php-cms 1.0 allows remote attack ...) + NOT-FOR-US: native-php-cms +CVE-2021-36502 + RESERVED +CVE-2021-36501 + RESERVED +CVE-2021-36500 + RESERVED +CVE-2021-36499 + RESERVED +CVE-2021-36498 + RESERVED +CVE-2021-36497 + RESERVED +CVE-2021-36496 + RESERVED +CVE-2021-36495 + RESERVED +CVE-2021-36494 + RESERVED +CVE-2021-36493 (Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attacke ...) + - xpdf (Debian uses poppler, which is not affected) +CVE-2021-36492 + RESERVED +CVE-2021-36491 + RESERVED +CVE-2021-36490 + RESERVED +CVE-2021-36489 (Buffer Overflow vulnerability in Allegro through 5.2.6 allows attacker ...) + - allegro4.4 (bug #1032670) + [bookworm] - allegro4.4 (Minor issue) + [bullseye] - allegro4.4 (Minor issue) + [buster] - allegro4.4 (Minor issue) + - allegro5 2:5.2.8.0-1 + [bullseye] - allegro5 (Minor issue) + [buster] - allegro5 (Minor issue) + NOTE: https://github.com/liballeg/allegro5/issues/1251 + NOTE: https://github.com/liballeg/allegro5/pull/1253 + NOTE: https://github.com/liballeg/allegro5/commit/3f2dbd494241774d33aaf83910fd05b2a590604a (5.2.8.0) + NOTE: https://github.com/liballeg/allegro5/commit/cca179bc16827f358153060cd10ac73d394e758c (5.2.8.0) + NOTE: https://github.com/liballeg/allegro5/commit/a2c93939f6997a96ecac1865dbb4fa3f66b5e1b7 (5.2.8.0) + NOTE: https://github.com/liballeg/allegro5/commit/0294e28e6135292eab4b2916a7d2223b1bb6843e (5.2.8.0) + NOTE: In allegro 4.4, code is in src/[pcx|tga].c instead +CVE-2021-36488 + RESERVED +CVE-2021-36487 + RESERVED +CVE-2021-36486 + RESERVED +CVE-2021-36485 + RESERVED +CVE-2021-36484 (SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run ...) + NOT-FOR-US: JIZHICMS +CVE-2021-36483 (DevExpress.XtraReports.UI through v21.1 allows attackers to execute ar ...) + NOT-FOR-US: DevExpress.XtraReports.UI +CVE-2021-36482 + RESERVED +CVE-2021-36481 + RESERVED +CVE-2021-36480 + RESERVED +CVE-2021-36479 + RESERVED +CVE-2021-36478 + RESERVED +CVE-2021-36477 + RESERVED +CVE-2021-36476 + RESERVED +CVE-2021-36475 + RESERVED +CVE-2021-36474 + RESERVED +CVE-2021-36473 + RESERVED +CVE-2021-36472 + RESERVED +CVE-2021-36471 (Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote atta ...) + NOT-FOR-US: AdminLTE +CVE-2021-36470 + RESERVED +CVE-2021-36469 + RESERVED +CVE-2021-36468 + RESERVED +CVE-2021-36467 + RESERVED +CVE-2021-36466 + RESERVED +CVE-2021-36465 + RESERVED +CVE-2021-36464 + RESERVED +CVE-2021-36463 + RESERVED +CVE-2021-36462 + RESERVED +CVE-2021-36461 (An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that ...) + NOT-FOR-US: microweber +CVE-2021-36460 (VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password ...) + NOT-FOR-US: VeryFitPro +CVE-2021-36459 + RESERVED +CVE-2021-36458 + RESERVED +CVE-2021-36457 + RESERVED +CVE-2021-36456 + RESERVED +CVE-2021-36455 (SQL Injection vulnerability in Naviwebs Navigate CMS 2.9 via the quick ...) + NOT-FOR-US: Naviwebs Navigate CMS +CVE-2021-36454 (Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 ...) + NOT-FOR-US: Naviwebs Navigate CMS +CVE-2021-36453 + RESERVED +CVE-2021-36452 + RESERVED +CVE-2021-36451 + RESERVED +CVE-2021-36450 (Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the co ...) + NOT-FOR-US: Verint +CVE-2021-36449 + RESERVED +CVE-2021-36448 + RESERVED +CVE-2021-36447 + RESERVED +CVE-2021-36446 + RESERVED +CVE-2021-36445 + RESERVED +CVE-2021-36444 (Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows re ...) + NOT-FOR-US: imcat +CVE-2021-36443 (Cross Site Request Forgery vulnerability in imcat 5.4 allows remote at ...) + NOT-FOR-US: imcat +CVE-2021-36442 + RESERVED +CVE-2021-36441 + RESERVED +CVE-2021-36440 (Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to ...) + NOT-FOR-US: ShowDoc +CVE-2021-36439 + RESERVED +CVE-2021-36438 + RESERVED +CVE-2021-36437 + RESERVED +CVE-2021-36436 (An issue in Mobicint Backend for Credit Unions v3 allows attackers to ...) + NOT-FOR-US: Mobicint Backend for Credit Unions +CVE-2021-36435 + RESERVED +CVE-2021-36434 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + NOT-FOR-US: jocms +CVE-2021-36433 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + NOT-FOR-US: jocms +CVE-2021-36432 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + NOT-FOR-US: jocms +CVE-2021-36431 (SQL injection vulnerability in jocms 0.8 allows remote attackers to ru ...) + NOT-FOR-US: jocms +CVE-2021-36430 + RESERVED +CVE-2021-36429 + RESERVED +CVE-2021-36428 + RESERVED +CVE-2021-36427 + RESERVED +CVE-2021-36426 (File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to ...) + NOT-FOR-US: phpwcms +CVE-2021-36425 (Directory traversal vulnerability in phpcms 1.9.25 allows remote attac ...) + NOT-FOR-US: phpcms +CVE-2021-36424 (An issue discovered in phpwcms 1.9.25 allows remote attackers to run a ...) + NOT-FOR-US: phpwcms +CVE-2021-36423 + RESERVED +CVE-2021-36422 + RESERVED +CVE-2021-36421 + RESERVED +CVE-2021-36420 + RESERVED +CVE-2021-3642 (A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final ...) + NOT-FOR-US: WildFly Elytron +CVE-2021-36419 + RESERVED +CVE-2021-36418 + RESERVED +CVE-2021-36417 (A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in th ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1846 + NOTE: https://github.com/gpac/gpac/commit/737e1f39da80e02912953269966d89afd196ad30 (v2.0.0) +CVE-2021-36416 + RESERVED +CVE-2021-36415 + RESERVED +CVE-2021-36414 (A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1840 + NOTE: https://github.com/gpac/gpac/commit/6007c7145eb0fcd29fe05b6e5983a065b42c6b21 (v2.0.0) +CVE-2021-36413 + RESERVED +CVE-2021-36412 (A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1. ...) + {DSA-5411-1} + - gpac 2.0.0+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1838 + NOTE: https://github.com/gpac/gpac/commit/828188475084db87cebc34208b6bd2509709845e (v2.0.0) +CVE-2021-36411 (An issue has been found in libde265 v1.0.8 due to incorrect access con ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.8-1.1 (bug #1014977) + [stretch] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/302 + NOTE: https://github.com/strukturag/libde265/commit/45904e5667c5bf59c67fcdc586dfba110832894c +CVE-2021-36410 (A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion. ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.8-1.1 (bug #1014977) + [stretch] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/301 + NOTE: https://github.com/strukturag/libde265/commit/697aa4f7c774abd6374596e6707a6f4f54265355 +CVE-2021-3641 (Improper Link Resolution Before File Access ('Link Following') vulnera ...) + NOT-FOR-US: Bitdefender +CVE-2021-36409 (There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.8-1.1 (bug #1014977) + [stretch] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/300 + NOTE: https://github.com/strukturag/libde265/commit/64d591a6c70737604ca3f5791736fc462cbe8a3c +CVE-2021-36408 (An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-f ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.8-1.1 (bug #1014977) + [stretch] - libde265 (Minor issue) + NOTE: https://github.com/strukturag/libde265/issues/299 + NOTE: https://github.com/strukturag/libde265/commit/f538254e4658ef5ea4e233c2185dcbfd165e8911 +CVE-2021-36407 + RESERVED +CVE-2021-36406 + RESERVED +CVE-2021-36405 + RESERVED +CVE-2021-36404 + RESERVED +CVE-2021-36403 (In Moodle, in some circumstances, email notifications of messages coul ...) + - moodle +CVE-2021-36402 (In Moodle, Users' names required additional sanitizing in the account ...) + - moodle +CVE-2021-36401 (In Moodle, ID numbers exported in HTML data formats required additiona ...) + - moodle +CVE-2021-36400 (In Moodle, insufficient capability checks made it possible to remove o ...) + - moodle +CVE-2021-36399 (In Moodle, ID numbers displayed in the quiz override screens required ...) + - moodle +CVE-2021-36398 (In moodle, ID numbers displayed in the web service token list required ...) + - moodle +CVE-2021-36397 (In Moodle, insufficient capability checks meant message deletions were ...) + - moodle +CVE-2021-36396 (In Moodle, insufficient redirect handling made it possible to blindly ...) + - moodle +CVE-2021-36395 (In Moodle, the file repository's URL parsing required additional recur ...) + - moodle +CVE-2021-36394 (In Moodle, a remote code execution risk was identified in the Shibbole ...) + - moodle +CVE-2021-36393 (In Moodle, an SQL injection risk was identified in the library fetchin ...) + - moodle +CVE-2021-36392 (In Moodle, an SQL injection risk was identified in the library fetchin ...) + - moodle +CVE-2021-36391 + RESERVED +CVE-2021-36390 + RESERVED +CVE-2021-36389 (In Yellowfin before 9.6.1 it is possible to enumerate and download upl ...) + NOT-FOR-US: Yellowfin +CVE-2021-36388 (In Yellowfin before 9.6.1 it is possible to enumerate and download use ...) + NOT-FOR-US: Yellowfin +CVE-2021-36387 (In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulne ...) + NOT-FOR-US: Yellowfin +CVE-2021-36386 (report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits i ...) + - fetchmail 6.4.16-4 (unimportant) + NOTE: https://www.fetchmail.info/fetchmail-SA-2021-01.txt + NOTE: Fixed by: https://gitlab.com/fetchmail/fetchmail/-/commit/c546c8299243a10a7b85c638e0e61396ecd5d8b5 (RELEASE_6-4-20) + NOTE: Regression fix: https://gitlab.com/fetchmail/fetchmail/-/commit/d3db2da1d13bd2419370ad96defb92eecb17064c (RELEASE_6-4-21) + NOTE: Negligible security impact +CVE-2021-36385 (A SQL Injection vulnerability in Cerner Mobile Care 5.0.0 allows remot ...) + NOT-FOR-US: Cerner Mobile Care +CVE-2021-36384 + RESERVED +CVE-2021-36383 (Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0 ...) + NOT-FOR-US: Xen Orchestra +CVE-2021-36382 (Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows ...) + NOT-FOR-US: Devolutions Server +CVE-2021-36381 (In Edifecs Transaction Management through 2021-07-12, an unauthenticat ...) + NOT-FOR-US: Edifecs +CVE-2021-36380 (Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command I ...) + NOT-FOR-US: Sunhillo SureLine +CVE-2021-36379 + REJECTED +CVE-2021-36378 + RESERVED +CVE-2021-36377 (Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname ...) + - fossil 1:2.15.2-1 + [buster] - fossil (Minor issue) + [stretch] - fossil (Minor issue) + NOTE: https://fossil-scm.org/forum/forumpost/8d367e16f53d93c789d70bd3bf2c9587227bbd5c6a7b8e512cccd79007536036 +CVE-2021-36376 (dandavison delta before 0.8.3 on Windows resolves an executable's path ...) + NOT-FOR-US: dandavison delta +CVE-2021-36375 + RESERVED +CVE-2021-36374 (When reading a specially crafted ZIP archive, or a derived formats, an ...) + - ant 1.10.11-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/6 + NOTE: Crash in CLI tool, no security impact +CVE-2021-36373 (When reading a specially crafted TAR archive an Apache Ant build can b ...) + - ant 1.10.11-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/5 + NOTE: Crash in CLI tool, no security impact +CVE-2021-36372 (In Apache Ozone versions prior to 1.2.0, Initially generated block tok ...) + NOT-FOR-US: Apache Ozone +CVE-2021-36371 (Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allo ...) + NOT-FOR-US: Emissary-Ingress (formerly Ambassador API Gateway) +CVE-2021-36370 (An issue was discovered in Midnight Commander through 4.8.26. When est ...) + - mc 3:4.8.27-1 (bug #993404) + [bullseye] - mc (Minor issue) + [buster] - mc (Minor issue) + [stretch] - mc (Minor issue) + NOTE: https://github.com/MidnightCommander/mc/commit/9235d3c232d13ad7f973346077c9cf2eaa77dc5f +CVE-2021-36369 (An issue was discovered in Dropbear through 2020.81. Due to a non-RFC- ...) + {DLA-3187-1} + - dropbear 2022.82-1 + [bullseye] - dropbear (Minor issue) + NOTE: https://github.com/mkj/dropbear/pull/128 + NOTE: https://github.com/mkj/dropbear/commit/210a9833496ed2a93b8da93924874938127ce0b5 (DROPBEAR_2022.82) +CVE-2021-36368 (An issue was discovered in OpenSSH before 8.9. If a client is using pu ...) + - openssh 1:8.9p1-1 (unimportant) + NOTE: https://bugzilla.mindrot.org/show_bug.cgi?id=3316 + NOTE: https://docs.ssh-mitm.at/trivialauth.html +CVE-2021-36367 (PuTTY through 0.75 proceeds with establishing an SSH session even if i ...) + - putty 0.75-3 (bug #990901) + [bullseye] - putty (Minor issue) + [buster] - putty (Minor issue) + [stretch] - putty (Minor issue) + NOTE: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=1dc5659aa62848f0aeb5de7bd3839fecc7debefa +CVE-2021-36366 (Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards ...) + NOT-FOR-US: Nagios XI +CVE-2021-36365 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairm ...) + NOT-FOR-US: Nagios XI +CVE-2021-36364 (Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.) + NOT-FOR-US: Nagios XI +CVE-2021-36363 (Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate ...) + NOT-FOR-US: Nagios XI +CVE-2021-36362 + RESERVED +CVE-2021-36361 + RESERVED +CVE-2021-36360 + RESERVED +CVE-2021-36359 (OrbiTeam BSCW Classic before 7.4.3 allows exportpdf authenticated remo ...) + NOT-FOR-US: OrbiTeam BSCW Classic +CVE-2021-36358 + RESERVED +CVE-2021-36357 (An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() ...) + NOT-FOR-US: OpenPOWER firwmware +CVE-2021-36356 (KRAMER VIAware through August 2021 allows remote attackers to execute ...) + NOT-FOR-US: KRAMER VIAware +CVE-2021-36355 + RESERVED +CVE-2021-36354 + RESERVED +CVE-2021-36353 + RESERVED +CVE-2021-36352 (Stored cross-site scripting (XSS) vulnerability in Care2x Hospital Inf ...) + NOT-FOR-US: Care2x Hospital Information Management +CVE-2021-36351 (SQL Injection Vulnerability in Care2x Open Source Hospital Information ...) + NOT-FOR-US: Care2x Open Source Hospital Information Management +CVE-2021-3640 (A flaw use-after-free in function sco_sock_sendmsg() of the Linux kern ...) + {DSA-5096-1 DLA-2941-1 DLA-2940-1} + - linux 5.15.3-1 + [bullseye] - linux 5.10.84-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/07/22/1 +CVE-2021-3639 (A flaw was found in mod_auth_mellon where it does not sanitize logout ...) + {DLA-3359-1} + - libapache2-mod-auth-mellon 0.18.0-1 (bug #991730) + [bullseye] - libapache2-mod-auth-mellon 0.17.0-1+deb11u1 + [stretch] - libapache2-mod-auth-mellon (Minor issue) + NOTE: https://github.com/latchset/mod_auth_mellon/commit/42a11261b9dad2e48d70bdff7c53dd57a12db6f5 +CVE-2021-36350 (Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authenticati ...) + NOT-FOR-US: Dell +CVE-2021-36349 (Dell EMC Data Protection Central versions 19.5 and prior contain a Ser ...) + NOT-FOR-US: EMC +CVE-2021-36348 (iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnera ...) + NOT-FOR-US: Dell +CVE-2021-36347 (iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82. ...) + NOT-FOR-US: Dell +CVE-2021-36346 (Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service v ...) + NOT-FOR-US: Dell +CVE-2021-36345 + RESERVED +CVE-2021-36344 + RESERVED +CVE-2021-36343 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36342 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36341 (Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive ...) + NOT-FOR-US: Dell +CVE-2021-36340 (Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information d ...) + NOT-FOR-US: EMC +CVE-2021-36339 (The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented us ...) + NOT-FOR-US: EMC +CVE-2021-36338 (Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege ...) + NOT-FOR-US: Unisphere for PowerMax +CVE-2021-36337 (Dell Wyse Management Suite version 3.3.1 and prior support insecure Tr ...) + NOT-FOR-US: Dell +CVE-2021-36336 (Wyse Management Suite 3.3.1 and below versions contain a deserializati ...) + NOT-FOR-US: Dell +CVE-2021-36335 (Dell EMC CloudLink 7.1 and all prior versions contain an Improper Inpu ...) + NOT-FOR-US: EMC +CVE-2021-36334 (Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula In ...) + NOT-FOR-US: EMC +CVE-2021-36333 (Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflo ...) + NOT-FOR-US: EMC +CVE-2021-36332 (Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javas ...) + NOT-FOR-US: EMC +CVE-2021-36331 + RESERVED +CVE-2021-36330 (Dell EMC Streaming Data Platform versions before 1.3 contain an Insuff ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36329 (Dell EMC Streaming Data Platform versions before 1.3 contain an Indire ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36328 (Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Inj ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36327 (Dell EMC Streaming Data Platform versions before 1.3 contain a Server ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36326 (Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL ...) + NOT-FOR-US: Dell EMC Streaming Data Platform +CVE-2021-36325 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36324 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36323 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36322 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a ...) + NOT-FOR-US: Dell +CVE-2021-36321 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) + NOT-FOR-US: Dell +CVE-2021-36320 (Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an ...) + NOT-FOR-US: Dell +CVE-2021-36319 (Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain ...) + NOT-FOR-US: Dell +CVE-2021-36318 (Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text ...) + NOT-FOR-US: EMC +CVE-2021-36317 (Dell EMC Avamar Server version 19.4 contains a plain-text password sto ...) + NOT-FOR-US: EMC +CVE-2021-36316 (Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 conta ...) + NOT-FOR-US: EMC +CVE-2021-36315 (Dell EMC PowerScale Nodes contain a hardware design flaw. This may all ...) + NOT-FOR-US: EMC +CVE-2021-36314 (Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary Fil ...) + NOT-FOR-US: EMC +CVE-2021-36313 (Dell EMC CloudLink 7.1 and all prior versions contain an OS command in ...) + NOT-FOR-US: EMC +CVE-2021-36312 (Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Pas ...) + NOT-FOR-US: EMC +CVE-2021-36311 (Dell EMC Networker versions prior to 19.5 contain an Improper Authoriz ...) + NOT-FOR-US: EMC +CVE-2021-36310 (Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x ...) + NOT-FOR-US: Dell +CVE-2021-36309 (Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensi ...) + NOT-FOR-US: Dell +CVE-2021-36308 (Networking OS10, versions prior to October 2021 with Smart Fabric Serv ...) + NOT-FOR-US: Dell +CVE-2021-36307 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) + NOT-FOR-US: Dell +CVE-2021-36306 (Networking OS10, versions prior to October 2021 with RESTCONF API enab ...) + NOT-FOR-US: Dell +CVE-2021-36305 (Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data ...) + NOT-FOR-US: Dell +CVE-2021-36304 + RESERVED +CVE-2021-36303 + RESERVED +CVE-2021-36302 (All Dell EMC Integrated System for Microsoft Azure Stack Hub versions ...) + NOT-FOR-US: EMC +CVE-2021-36301 (Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version ...) + NOT-FOR-US: Dell +CVE-2021-36300 (iDRAC9 versions prior to 5.00.00.00 contain an improper input validati ...) + NOT-FOR-US: Dell +CVE-2021-36299 (Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and ...) + NOT-FOR-US: Dell +CVE-2021-36298 (Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptograph ...) + NOT-FOR-US: EMC +CVE-2021-36297 (SupportAssist Client version 3.8 and 3.9 contains an Untrusted search ...) + NOT-FOR-US: SupportAssist Client (Dell) +CVE-2021-36296 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36295 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36294 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an auth ...) + NOT-FOR-US: Dell +CVE-2021-36293 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege ...) + NOT-FOR-US: Dell +CVE-2021-36292 + RESERVED +CVE-2021-36291 + RESERVED +CVE-2021-36290 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege ...) + NOT-FOR-US: Dell +CVE-2021-36289 (Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensi ...) + NOT-FOR-US: Dell +CVE-2021-36288 (Dell VNX2 for File version 8.1.21.266 and earlier, contain a path trav ...) + NOT-FOR-US: Dell +CVE-2021-36287 (Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthen ...) + NOT-FOR-US: Dell +CVE-2021-36286 (Dell SupportAssist Client Consumer versions 3.9.13.0 and any versions ...) + NOT-FOR-US: Dell SupportAssist Client Consumer +CVE-2021-36285 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) + NOT-FOR-US: Dell +CVE-2021-36284 (Dell BIOS contains an Improper Restriction of Excessive Authentication ...) + NOT-FOR-US: Dell +CVE-2021-36283 (Dell BIOS contains an improper input validation vulnerability. A local ...) + NOT-FOR-US: Dell +CVE-2021-36282 (Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of un ...) + NOT-FOR-US: EMC +CVE-2021-36281 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36280 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36279 (Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect ...) + NOT-FOR-US: EMC +CVE-2021-36278 (Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain ...) + NOT-FOR-US: EMC +CVE-2021-36277 (Dell Command | Update, Dell Update, and Alienware Update versions befo ...) + NOT-FOR-US: Dell +CVE-2021-36276 (Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insuffic ...) + NOT-FOR-US: Dell +CVE-2021-36275 + RESERVED +CVE-2021-36274 + RESERVED +CVE-2021-36273 + RESERVED +CVE-2021-36272 + RESERVED +CVE-2021-36271 + RESERVED +CVE-2021-36270 + RESERVED +CVE-2021-36269 + RESERVED +CVE-2021-36268 + RESERVED +CVE-2021-36267 + RESERVED +CVE-2021-36266 + RESERVED +CVE-2021-36265 + RESERVED +CVE-2021-36264 + RESERVED +CVE-2021-36263 + RESERVED +CVE-2021-36262 + RESERVED +CVE-2021-36261 + RESERVED +CVE-2021-36260 (A command injection vulnerability in the web server of some Hikvision ...) + NOT-FOR-US: Hikvision +CVE-2021-36259 + RESERVED +CVE-2021-36258 + RESERVED +CVE-2021-36257 + RESERVED +CVE-2021-36256 + RESERVED +CVE-2021-36255 + RESERVED +CVE-2021-36254 + RESERVED +CVE-2021-36253 + RESERVED +CVE-2021-36252 + RESERVED +CVE-2021-36251 + RESERVED +CVE-2021-36250 + RESERVED +CVE-2021-36249 + RESERVED +CVE-2021-36248 + RESERVED +CVE-2021-36247 + RESERVED +CVE-2021-36246 + RESERVED +CVE-2021-36245 + RESERVED +CVE-2021-36244 + RESERVED +CVE-2021-36243 + RESERVED +CVE-2021-36242 + RESERVED +CVE-2021-36241 + RESERVED +CVE-2021-36240 + RESERVED +CVE-2021-36239 + RESERVED +CVE-2021-36238 + RESERVED +CVE-2021-36237 + RESERVED +CVE-2021-36236 + RESERVED +CVE-2020-36418 + RESERVED +CVE-2020-36417 + RESERVED +CVE-2021-3638 (An out-of-bounds memory access flaw was found in the ATI VGA device em ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-6 (bug #992726) + [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) + [stretch] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1979858 + NOTE: https://lore.kernel.org/qemu-devel/CAA8xKjXkDwPYxSAeRb+2mfHRrbiL_kh9unVkemFXLfF68UXePA@mail.gmail.com + NOTE: Introduced by: https://gitlab.com/qemu-project/qemu/-/commit/584acf34cb05f16e13a46d666196a7583d232616 (v4.1.0-rc0) + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/205ccfd7a5ec86bd9a5678b8bd157562fc9a1643 (v7.2.0-rc0) +CVE-2021-36235 (An issue was discovered in Ivanti Workspace Control before 10.6.30.0. ...) + NOT-FOR-US: Ivanti +CVE-2021-36234 (Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 all ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36233 (The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5 ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36232 (Improper Authorization in multiple functions in MIK.starlight 7.9.5.24 ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36231 (Deserialization of untrusted data in multiple functions in MIK.starlig ...) + NOT-FOR-US: MIK.starlight +CVE-2021-36230 (HashiCorp Terraform Enterprise releases up to v202106-1 did not proper ...) + NOT-FOR-US: Terraform Enterprise +CVE-2021-36229 + RESERVED +CVE-2021-36228 + RESERVED +CVE-2021-36227 + RESERVED +CVE-2021-36226 (Western Digital My Cloud devices before OS5 do not use cryptographical ...) + NOT-FOR-US: Western Digital +CVE-2021-36225 (Western Digital My Cloud devices before OS5 allow REST API access by l ...) + NOT-FOR-US: Western Digital +CVE-2021-36224 (Western Digital My Cloud devices before OS5 have a nobody account with ...) + NOT-FOR-US: Western Digital +CVE-2021-36223 + RESERVED +CVE-2021-36222 (ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) ...) + {DSA-4944-1} + - krb5 1.18.3-6 (bug #991365) + [stretch] - krb5 (Vulnerable code (k5memdup0()) introduced later) + NOTE: https://github.com/krb5/krb5/commit/fc98f520caefff2e5ee9a0026fdf5109944b3562 + NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=9007 +CVE-2021-36221 (Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that c ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.16 1.16.7-1 + - golang-1.15 1.15.15-1 (bug #991961) + [bullseye] - golang-1.15 1.15.15-1~deb11u1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/46866 + NOTE: https://github.com/golang/go/commit/b7a85e0003cedb1b48a1fd3ae5b746ec6330102e (master) + NOTE: https://github.com/golang/go/commit/accf363d5da864521c90b152fb734f3f15e00521 (release-branch.go1.16) + NOTE: https://github.com/golang/go/commit/ba93baa74a52d57ae79313313ea990cc791ef50e (release-branch.go1.15) +CVE-2021-36220 + RESERVED +CVE-2021-36219 (An issue was discovered in SKALE sgxwallet 1.58.3. The provided input ...) + NOT-FOR-US: SKALE sgxwallet +CVE-2021-36218 (An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GC ...) + NOT-FOR-US: SKALE sgxwallet +CVE-2021-36217 + REJECTED +CVE-2021-36216 (LINE for Windows 6.2.1.2289 and before allows arbitrary code execution ...) + NOT-FOR-US: LINE for Windows +CVE-2021-36215 (LINE client for iOS 10.21.3 and before allows address bar spoofing due ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-36214 (LINE client for iOS before 10.16.3 allows cross site script with speci ...) + NOT-FOR-US: LINE client for iOS +CVE-2021-36213 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.10.0 default de ...) + - consul (Only applies to 1.9 and later) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-16-consul-s-application-aware-intentions-deny-action-fails-open-when-combined-with-default-deny-policy/26855 + NOTE: https://github.com/hashicorp/consul/pull/10619 +CVE-2021-36212 (app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored X ...) + NOT-FOR-US: MISP +CVE-2021-3637 (A flaw was found in keycloak-model-infinispan in keycloak versions bef ...) + NOT-FOR-US: Keycloak +CVE-2021-36211 + RESERVED +CVE-2021-36210 + RESERVED +CVE-2021-36209 (In JetBrains Hub before 2021.1.13389, account takeover was possible du ...) + NOT-FOR-US: JetBrains +CVE-2021-36208 + RESERVED +CVE-2021-36207 (Under certain circumstances improper privilege management in Metasys A ...) + NOT-FOR-US: Metasys +CVE-2021-36206 (All versions of CEVAS prior to 1.01.46 do not sufficiently validate us ...) + NOT-FOR-US: CEVAS +CVE-2021-36205 (Under certain circumstances the session token is not cleared on logout ...) + NOT-FOR-US: Johnson Controls +CVE-2021-36204 (Under some circumstances an Insufficiently Protected Credentials vulne ...) + NOT-FOR-US: Johnson Controls +CVE-2021-36203 (The affected product may allow an attacker to identify and forge reque ...) + NOT-FOR-US: Johnson Controls +CVE-2021-36202 (Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls M ...) + NOT-FOR-US: Johnson Controls Metasys +CVE-2021-36201 (Under certain circumstances a CCURE Portal user could enumerate user a ...) + NOT-FOR-US: CCURE +CVE-2021-36200 (Under certain circumstances an unauthenticated user could access the t ...) + NOT-FOR-US: Johnson Controls +CVE-2021-36199 (Running a vulnerability scanner against VideoEdge NVRs can cause some ...) + NOT-FOR-US: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls, Inc. +CVE-2021-36198 (Successful exploitation of this vulnerability could allow an unauthori ...) + NOT-FOR-US: Sensormatic Electronics, LLC +CVE-2021-36197 + RESERVED +CVE-2021-36196 + RESERVED +CVE-2021-36195 (Multiple command injection vulnerabilities in the command line interpr ...) + NOT-FOR-US: FortiGuard +CVE-2021-36194 (Multiple stack-based buffer overflows in the API controllers of FortiW ...) + NOT-FOR-US: FortiGuard +CVE-2021-36193 (Multiple stack-based buffer overflows in the command line interpreter ...) + NOT-FOR-US: FortiGuard +CVE-2021-36192 (An exposure of sensitive information to an unauthorized actor [CWE-200 ...) + NOT-FOR-US: Fortiguard +CVE-2021-36191 (A url redirection to untrusted site ('open redirect') in Fortinet Fort ...) + NOT-FOR-US: FortiGuard +CVE-2021-36190 (A unintended proxy or intermediary ('confused deputy') in Fortinet For ...) + NOT-FOR-US: FortiGuard +CVE-2021-36189 (A missing encryption of sensitive data in Fortinet FortiClientEMS vers ...) + NOT-FOR-US: FortiGuard +CVE-2021-36188 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: FortiGuard +CVE-2021-36187 (A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.0 ...) + NOT-FOR-US: Fortiguard +CVE-2021-36186 (A stack-based buffer overflow in Fortinet FortiWeb version 6.4.0, vers ...) + NOT-FOR-US: Fortiguard +CVE-2021-36185 (A improper neutralization of special elements used in an OS command (' ...) + NOT-FOR-US: Fortiguard +CVE-2021-36184 (A improper neutralization of Special Elements used in an SQL Command ( ...) + NOT-FOR-US: Fortiguard +CVE-2021-36183 (An improper authorization vulnerability [CWE-285] in FortiClient for W ...) + NOT-FOR-US: Fortiguard +CVE-2021-36182 (A Improper neutralization of special elements used in a command ('Comm ...) + NOT-FOR-US: FortiGuard +CVE-2021-36181 (A concurrent execution using shared resource with improper Synchroniza ...) + NOT-FOR-US: Fortiguard +CVE-2021-36180 (Multiple improper neutralization of special elements used in a command ...) + NOT-FOR-US: FortiGuard +CVE-2021-36179 (A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and ...) + NOT-FOR-US: FortiGuard +CVE-2021-36178 (A insufficiently protected credentials in Fortinet FortiSDNConnector v ...) + NOT-FOR-US: Fortiguard +CVE-2021-36177 (An improper access control vulnerability [CWE-284] in FortiAuthenticat ...) + NOT-FOR-US: FortiGuard +CVE-2021-36176 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) + NOT-FOR-US: Fortiguard +CVE-2021-36175 (An improper neutralization of input vulnerability [CWE-79] in FortiWeb ...) + NOT-FOR-US: Fortiguard +CVE-2021-36174 (A memory allocation with excessive size value vulnerability in the lic ...) + NOT-FOR-US: Fortiguard +CVE-2021-36173 (A heap-based buffer overflow in the firmware signature verification fu ...) + NOT-FOR-US: FortiGuard +CVE-2021-36172 (An improper restriction of XML external entity reference vulnerability ...) + NOT-FOR-US: Fortiguard +CVE-2021-36171 (The use of a cryptographically weak pseudo-random number generator in ...) + NOT-FOR-US: FortiGuard +CVE-2021-36170 (An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM a ...) + NOT-FOR-US: Fortiguard +CVE-2021-36169 (A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-36168 (A Improper Limitation of a Pathname to a Restricted Directory ('Path T ...) + NOT-FOR-US: Fortinet +CVE-2021-36167 (An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windo ...) + NOT-FOR-US: FortiGuard +CVE-2021-36166 (An improper authentication vulnerability in FortiMail before 7.0.1 may ...) + NOT-FOR-US: FortiGuard +CVE-2021-36165 (RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by c ...) + NOT-FOR-US: RICON Industrial Cellular Router +CVE-2021-36164 + RESERVED +CVE-2021-36163 (In Apache Dubbo, users may choose to use the Hessian protocol. The Hes ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36162 (Apache Dubbo supports various rules to support configuration override ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36161 (Some component in Dubbo will try to print the formated string of the i ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-36160 (A carefully crafted request uri-path can cause mod_proxy_uwsgi to read ...) + {DSA-4982-1 DLA-2768-1} + - apache2 2.4.49-1 + [stretch] - apache2 (Vulnerable module not present) + - uwsgi (unimportant) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-36160 + NOTE: https://github.com/apache/httpd/commit/b364cad72b48dd40fbc2850e525b845406520f0b + NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} + NOTE: packages which are provided by src:apache2 itself. + NOTE: Regression report: https://bz.apache.org/bugzilla/show_bug.cgi?id=65616 + NOTE: Regression patch: https://github.com/apache/httpd/commit/8966e290a6e947fad0289bf4e243b0b552e13726 (2.4.x) +CVE-2021-36159 (libfetch before 2021-07-26, as used in apk-tools, xbps, and other prod ...) + NOT-FOR-US: libfetch +CVE-2021-36158 (In the xrdp package (in branches through 3.14) for Alpine Linux, RDP s ...) + - xrdp (xrdp as packaged in Alpine) +CVE-2021-36157 (An issue was discovered in Grafana Cortex through 1.9.0. The header va ...) + NOT-FOR-US: Grafana Cortex +CVE-2021-36156 (An issue was discovered in Grafana Loki through 2.2.1. The header valu ...) + NOT-FOR-US: Grafana Loki +CVE-2021-36155 (LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36154 (HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remot ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36153 (Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1. ...) + NOT-FOR-US: gRPC Swift +CVE-2021-36152 (Apache Gobblin trusts all certificates used for LDAP connections in Go ...) + NOT-FOR-US: Apache Gobblin +CVE-2021-36151 (In Apache Gobblin, the Hadoop token is written to a temp file that is ...) + NOT-FOR-US: Apache Gobblin +CVE-2021-3636 (It was found in OpenShift, before version 4.8, that the generated cert ...) + NOT-FOR-US: OpenShift +CVE-2021-3635 (A flaw was found in the Linux kernel netfilter implementation in versi ...) + - linux 5.4.19-1 + [buster] - linux 4.19.98-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1976946 +CVE-2021-3634 (A flaw has been found in libssh in versions prior to 0.9.6. The SSH pr ...) + {DSA-4965-1} + - libssh 0.9.6-1 (bug #993046) + [buster] - libssh (Vulnerable code not present) + [stretch] - libssh (Vulnerable code not present) + NOTE: https://www.libssh.org/security/advisories/CVE-2021-3634.txt + NOTE: https://www.libssh.org/2021/08/26/libssh-0-9-6-security-release/ + NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=d3060bc84ed4e160082e819b4d404f76df7c8063 (libssh-0.9.6) +CVE-2021-36150 (SilverStripe Framework through 4.8.1 allows XSS.) + NOT-FOR-US: SilverStripe CMS +CVE-2021-36149 + RESERVED +CVE-2021-36148 (An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervis ...) + NOT-FOR-US: ACRN +CVE-2021-36147 (An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw ...) + NOT-FOR-US: ACRN +CVE-2021-36146 (ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereferen ...) + NOT-FOR-US: ACRN +CVE-2021-36145 (The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use- ...) + NOT-FOR-US: ACRN +CVE-2021-36144 (The polling timer handler in ACRN before 2.5 has a use-after-free for ...) + NOT-FOR-US: ACRN +CVE-2021-36143 (ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer ...) + NOT-FOR-US: ACRN +CVE-2021-36142 + RESERVED +CVE-2021-36141 + RESERVED +CVE-2021-36140 + RESERVED +CVE-2021-36139 + RESERVED +CVE-2021-36138 + RESERVED +CVE-2021-36137 + RESERVED +CVE-2021-36136 + RESERVED +CVE-2021-36135 + RESERVED +CVE-2021-36134 (Out of bounds write vulnerability in the JPEG parsing code of Netop Vi ...) + NOT-FOR-US: McAfee +CVE-2021-36133 (The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access ...) + NOT-FOR-US: OP-TEE +CVE-2021-36132 (An issue was discovered in the FileImporter extension in MediaWiki thr ...) + NOT-FOR-US: FileImport MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36131 (An XSS issue was discovered in the SportsTeams extension in MediaWiki ...) + NOT-FOR-US: SportsTeams MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36130 (An XSS issue was discovered in the SocialProfile extension in MediaWik ...) + NOT-FOR-US: SocialProfile MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36129 (An issue was discovered in the Translate extension in MediaWiki throug ...) + NOT-FOR-US: Translate MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36128 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36127 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36126 (An issue was discovered in the AbuseFilter extension in MediaWiki thro ...) + NOT-FOR-US: AbuseFilter MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36125 (An issue was discovered in the CentralAuth extension in MediaWiki thro ...) + NOT-FOR-US: CentralAuth MediaWiki extension + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/M7MVMBYMLNIVLHCWL2KKZGH36HYN4YON/ +CVE-2021-36124 (An issue was discovered in Echo ShareCare 8.15.5. It does not perform ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36123 (An issue was discovered in Echo ShareCare 8.15.5. The TextReader featu ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36122 (An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile featur ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-36121 (An issue was discovered in Echo ShareCare 8.15.5. The file-upload feat ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-3633 (A DLL preloading vulnerability was reported in Lenovo Driver Managemen ...) + NOT-FOR-US: Lenovo +CVE-2021-36120 + RESERVED +CVE-2021-36119 + RESERVED +CVE-2021-36118 + RESERVED +CVE-2021-36117 + RESERVED +CVE-2021-36116 + RESERVED +CVE-2021-36115 + RESERVED +CVE-2021-36114 + RESERVED +CVE-2021-36113 + RESERVED +CVE-2021-36112 + RESERVED +CVE-2021-36111 + RESERVED +CVE-2021-36110 + RESERVED +CVE-2021-36109 + RESERVED +CVE-2021-36108 + RESERVED +CVE-2021-36107 + RESERVED +CVE-2021-36106 + RESERVED +CVE-2021-36105 + RESERVED +CVE-2021-36104 + RESERVED +CVE-2021-36103 + RESERVED +CVE-2021-36102 + RESERVED +CVE-2021-36101 + RESERVED +CVE-2021-36100 (Specially crafted string in OTRS system configuration can allow the ex ...) + {DLA-3551-1} + - znuny (Fixed before initial upload to archive as src:znuny) + - otrs2 6.3.2-1 + [bullseye] - otrs2 (Non-free not supported) + NOTE: https://www.znuny.org/en/releases/znuny-6-3-2 + NOTE: https://www.znuny.org/en/advisories/zsa-2022-02 + NOTE: https://github.com/znuny/Znuny/commit/309ec536540201a5b2741314e928c54a792bb845 (rel-6_0_41) + NOTE: https://github.com/znuny/Znuny/commit/f6fe8ca2e48a18680ace94df0d84eb1e2c26e685 (rel-6_0_41) + NOTE: https://github.com/znuny/Znuny/commit/42458dad68f330e3f94294348de29e48cc9432c8 (rel-6_0_41) + NOTE: https://github.com/znuny/Znuny/commit/02ac202c624bfccfd97e7f4ea95e0fd4adcf7a07 (rel-6_0_41) +CVE-2021-36099 + RESERVED +CVE-2021-36098 + RESERVED +CVE-2021-36097 (Agents are able to lock the ticket without the "Owner" permission. Onc ...) + - otrs (OTRS 8.x specific) + NOTE: znuny forked from OTRS with 6.x, but this issue is specific to OTRS 8.x +CVE-2021-36096 (Generated Support Bundles contains private S/MIME and PGP keys if cont ...) + NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release + NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 +CVE-2021-36095 (Malicious attacker is able to find out valid user logins by using the ...) + NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release + NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 +CVE-2021-36094 (It's possible to craft a request for appointment edit screen, which co ...) + NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release + NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 +CVE-2021-36093 (It's possible to create an email which can be stuck while being proces ...) + NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release + NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 +CVE-2021-36092 (It's possible to create an email which contains specially crafted link ...) + NOTE: OTRS, it's unclear to which extent Znuny might be affected since OTRS AG doesn't release + NOTE: actionable information, also see https://github.com/znuny/Znuny/issues/128 and #993846 +CVE-2021-36091 (Agents are able to list appointments in the calendars without required ...) + {DLA-3551-1} + - otrs2 6.0.32-6 (bug #991593) + [stretch] - otrs2 (Non-free not supported) + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2021-14/ + NOTE: https://github.com/znuny/Znuny/commit/e268f9a7b75e8c7f63c36517ea5affe3ae0a9632 (rel-6_1_1) + NOTE: Reference is for OTRS, no reference for znuny yet (in bullseye src:otrs2 is the znuny fork) +CVE-2021-3632 (A flaw was found in Keycloak. This vulnerability allows anyone to regi ...) + NOT-FOR-US: Keycloak +CVE-2021-36090 (When reading a specially crafted ZIP archive, Compress can be made to ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java (Minor issue) + [buster] - libcommons-compress-java (Minor issue) + [stretch] - libcommons-compress-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/4 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f +CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) + NOT-FOR-US: CMS Made Simple +CVE-2021-36089 (Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::File ...) + - libgrokj2k 9.5.0-1 (bug #990525) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33544 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/grok/OSV-2021-677.yaml +CVE-2021-36088 (Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in f ...) + NOT-FOR-US: Fluent Bit +CVE-2021-36087 (The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in e ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol (Minor issue) + [buster] - libsepol (Minor issue) + [stretch] - libsepol (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32675 + NOTE: https://github.com/SELinuxProject/selinux/commit/bad0a746e9f4cf260dedba5828d9645d50176aac + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-585.yaml +CVE-2021-36086 (The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_clas ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol (Minor issue) + [buster] - libsepol (Minor issue) + [stretch] - libsepol (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32177 + NOTE: https://github.com/SELinuxProject/selinux/commit/c49a8ea09501ad66e799ea41b8154b6770fec2c8 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-536.yaml +CVE-2021-36085 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol (Minor issue) + [buster] - libsepol (Minor issue) + [stretch] - libsepol (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124 + NOTE: https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml +CVE-2021-36084 (The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_c ...) + - libsepol 3.3-1 (bug #990526) + [bullseye] - libsepol (Minor issue) + [buster] - libsepol (Minor issue) + [stretch] - libsepol (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065 + NOTE: https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml +CVE-2021-36083 (KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overf ...) + [experimental] - kimageformats 5.83.0-1 + - kimageformats 5.78.0-5 (bug #990527) + [buster] - kimageformats (Minor issue) + [stretch] - kimageformats (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33742 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/kimageformats/OSV-2021-695.yaml + NOTE: https://invent.kde.org/frameworks/kimageformats/commit/297ed9a2fe339bfe36916b9fce628c3242e5be0f +CVE-2021-36082 (ntop nDPI 3.4 has a stack-based buffer overflow in processClientServer ...) + - ndpi 4.0-1 (bug #990528) + [buster] - ndpi (Vulnerable code not present) + [stretch] - ndpi (Vulnerable code added later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30393 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/ndpi/OSV-2021-304.yaml + NOTE: https://github.com/ntop/nDPI/commit/1ec621c85b9411cc611652fd57a892cfef478af3 +CVE-2021-36081 (Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-fr ...) + - tesseract 5.1.0-1 (bug #990529) + [bullseye] - tesseract (Minor issue) + [buster] - tesseract (Minor issue) + [stretch] - tesseract (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29698 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/tesseract-ocr/OSV-2021-211.yaml + NOTE: https://github.com/tesseract-ocr/tesseract/commit/e6f15621c2ab2ecbfabf656942d8ef66f03b2d55 (5.0.0-alpha-20210401) +CVE-2021-36080 (GNU LibreDWG 0.12.3.4163 through 0.12.3.4191 has a double-free in bit_ ...) + - libredwg (bug #595191) +CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...) + - libavif 0.8.2-1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811 + NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml +CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...) + NOT-FOR-US: uWebSockets +CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...) + NOT-FOR-US: keystone engine +CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl< ...) + NOT-FOR-US: keystone engine +CVE-2020-36403 (HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_f ...) + - htslib 1.11-1 + [buster] - htslib (Minor issue) + [stretch] - htslib (Vulnerable code added later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml + NOTE: https://github.com/samtools/htslib/commit/dcd4b7304941a8832fba2d0fc4c1e716e7a4e72c +CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...) + NOT-FOR-US: Solidity +CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...) + - mruby 2.1.2-3 (bug #990540) + [buster] - mruby (Vulnerable code not present) + [stretch] - mruby (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml + NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503 + NOTE: Introduced by: https://github.com/mruby/mruby/commit/9cdf439db52b66447b4e37c61179d54fad6c8f33 (2.1.2-rc) +CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, ...) + - zeromq3 (Never affected a released version) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml + NOTE: Introduced by: https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0 (v4.3.3) + NOTE: Fixed by: https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 (v4.3.3) +CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) + - phplist (bug #612288) +CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) + - phplist (bug #612288) +CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the /admin/contac ...) + NOT-FOR-US: LavaLite +CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the /admin/roles/ ...) + NOT-FOR-US: LavaLite +CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the /admin/user/t ...) + NOT-FOR-US: LavaLite +CVE-2019-25049 (LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_pr ...) + - libressl (bug #754513) +CVE-2019-25048 (LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_p ...) + - libressl (bug #754513) +CVE-2018-25018 (UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write durin ...) + - unrar-nonfree 1:5.6.6-1 (bug #990541) + [stretch] - unrar-nonfree (Non-free not supported) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9845 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2018-204.yaml +CVE-2018-25017 (RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in Tab ...) + - darktable 2.6.0-1 + [stretch] - darktable (Vulnerable code added later) + - photoflow (Fixed before initial upload to the archive) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5256 + NOTE: https://github.com/darktable-org/rawspeed/commit/dbe7591e54bad5e6430d38be6bed051582da76b9 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/librawspeed/OSV-2018-227.yaml + NOTE: darktable 2.6.0 is the first release to bundle rawspeed 3.2 with the fixes +CVE-2017-20006 (UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack:: ...) + - unrar-nonfree 1:5.6.6-1 + [stretch] - unrar-nonfree (Non-free not supported) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4373 + NOTE: https://github.com/aawc/unrar/commit/0ff832d31470471803b175cfff4e40c1b08ee779 + NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unrar/OSV-2017-104.yaml +CVE-2021-3631 (A flaw was found in libvirt while it generates SELinux MCS category pa ...) + - libvirt 7.6.0-1 (bug #990709) + [bullseye] - libvirt (Minor issue) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Minor issue) + NOTE: https://gitlab.com/libvirt/libvirt/-/issues/153 + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2 (v7.5.0) +CVE-2021-36079 (Adobe Bridge version 11.1 (and earlier) is affected by an out-of-bound ...) + NOT-FOR-US: Adobe +CVE-2021-36078 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36077 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36076 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36075 (Adobe Bridge version 11.1 (and earlier) is affected by a Buffer Overfl ...) + NOT-FOR-US: Adobe +CVE-2021-36074 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36073 (Adobe Bridge version 11.1 (and earlier) is affected by a heap-based bu ...) + NOT-FOR-US: Adobe +CVE-2021-36072 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36071 (Adobe Bridge versions 11.1 (and earlier) are affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36070 (Adobe Media Encoder version 15.1 (and earlier) is affected by an impro ...) + NOT-FOR-US: Adobe +CVE-2021-36069 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36068 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36067 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36066 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-36065 (Adobe Photoshop versions 21.2.10 (and earlier) and 22.4.3 (and earlier ...) + NOT-FOR-US: Adobe +CVE-2021-36064 (XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Under ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36063 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) + NOT-FOR-US: Adobe +CVE-2021-36062 (Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected ...) + NOT-FOR-US: Adobe +CVE-2021-36061 (Adobe Connect version 11.2.2 (and earlier) is affected by a secure des ...) + NOT-FOR-US: Adobe +CVE-2021-36060 (Adobe Media Encoder version 15.2 (and earlier) is affected by an out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36059 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36058 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36057 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-wh ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36056 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36055 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-af ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36054 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36053 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36052 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36051 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36050 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36049 (Adobe Bridge version 11.1 (and earlier) is affected by a memory corrup ...) + NOT-FOR-US: Adobe +CVE-2021-36048 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36047 (XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Imprope ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36046 (XMP Toolkit version 2020.1 (and earlier) is affected by a memory corru ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36045 (XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-o ...) + {DLA-3585-1} + - exempi 2.6.0-1 + [bullseye] - exempi (Minor issue) + NOTE: https://helpx.adobe.com/security/products/xmpcore/apsb21-65.html + NOTE: https://cgit.freedesktop.org/exempi/commit/?h=2.6.0&id=77a3fe7096f8ebf301e2bfe1e6dc023b4ff6dc48 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/releases +CVE-2021-36044 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36043 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36042 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36041 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36040 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36039 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36038 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36037 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36036 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...) + NOT-FOR-US: Adobe +CVE-2021-36035 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36034 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36033 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36032 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36031 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36030 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36029 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36028 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36027 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36026 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36025 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36024 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36023 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-36022 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36021 (Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 ...) + NOT-FOR-US: Adobe +CVE-2021-36020 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36019 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) + NOT-FOR-US: Adobe +CVE-2021-36018 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Out ...) + NOT-FOR-US: Adobe +CVE-2021-36017 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-36016 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36015 (Adobe Media Encoder version 15.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-36014 (Adobe Media Encoder version 15.2 (and earlier) is affected by an unini ...) + NOT-FOR-US: Adobe +CVE-2021-36013 (Adobe Media Encoder version 15.2 (and earlier) is affected by an Out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36012 (Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) ...) + NOT-FOR-US: Magento +CVE-2021-36011 (Adobe Illustrator version 25.2.3 (and earlier) is affected by a potent ...) + NOT-FOR-US: Adobe +CVE-2021-36010 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an out-o ...) + NOT-FOR-US: Adobe +CVE-2021-36009 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an memor ...) + NOT-FOR-US: Adobe +CVE-2021-36008 (Adobe Illustrator version 25.2.3 (and earlier) is affected by an Use-a ...) + NOT-FOR-US: Adobe +CVE-2021-36007 (Adobe Prelude version 10.0 (and earlier) are affected by an uninitiali ...) + NOT-FOR-US: Adobe +CVE-2021-36006 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-36005 (Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) ...) + NOT-FOR-US: Adobe +CVE-2021-36004 (Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36003 (Adobe Audition version 14.2 (and earlier) is affected by an out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-36002 (Adobe Captivate version 11.5.5 (and earlier) is affected by an Creatio ...) + NOT-FOR-US: Adobe +CVE-2021-36001 (Adobe Character Animator version 4.2 (and earlier) is affected by an o ...) + NOT-FOR-US: Adobe +CVE-2021-36000 (Adobe Character Animator version 4.2 (and earlier) is affected by a me ...) + NOT-FOR-US: Adobe +CVE-2021-35999 (Adobe Prelude version 10.0 (and earlier) is affected by a memory corru ...) + NOT-FOR-US: Adobe +CVE-2021-35998 + RESERVED +CVE-2021-35997 (Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory ...) + NOT-FOR-US: Adobe +CVE-2021-35996 (Adobe After Effects version 18.2.1 (and earlier) is affected by a memo ...) + NOT-FOR-US: Adobe +CVE-2021-35995 (Adobe After Effects version 18.2.1 (and earlier) is affected by an Imp ...) + NOT-FOR-US: Adobe +CVE-2021-35994 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) + NOT-FOR-US: Adobe +CVE-2021-35993 (Adobe After Effects version 18.2.1 (and earlier) is affected by an out ...) + NOT-FOR-US: Adobe +CVE-2021-35992 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35991 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Access of ...) + NOT-FOR-US: Adobe +CVE-2021-35990 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35989 (Adobe Bridge version 11.0.2 (and earlier) is affected by an Out-of-bou ...) + NOT-FOR-US: Adobe +CVE-2021-35988 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35987 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35986 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35985 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35984 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35983 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35982 (Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35981 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35980 (Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.3000 ...) + NOT-FOR-US: Adobe +CVE-2021-35979 (An issue was discovered in Digi RealPort through 4.8.488.0. The 'encry ...) + NOT-FOR-US: Digi RealPort +CVE-2021-35978 (An issue was discovered in Digi TransPort DR64, SR44 VC74, and WR. The ...) + NOT-FOR-US: Digi TransPort devices +CVE-2021-35977 (An issue was discovered in Digi RealPort for Windows through 4.8.488.0 ...) + NOT-FOR-US: Digi RealPort +CVE-2021-35976 (The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0 ...) + NOT-FOR-US: Plesk Obsidian +CVE-2021-35975 (Absolute path traversal vulnerability in the Systematica SMTP Adapter ...) + NOT-FOR-US: Systematica SMTP Adapter component +CVE-2021-35974 + RESERVED +CVE-2021-35973 (NETGEAR WAC104 devices before 1.0.4.15 are affected by an authenticati ...) + NOT-FOR-US: Netgear +CVE-2021-35972 + RESERVED +CVE-2021-35971 (Veeam Backup and Replication 10 before 10.0.1.4854 P20210609 and 11 be ...) + NOT-FOR-US: Veeam +CVE-2021-35970 (Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-ma ...) + NOT-FOR-US: Coral +CVE-2021-35969 (Pexip Infinity before 26 allows temporary remote Denial of Service (ab ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-35968 (The directory list page parameter of the Orca HCM digital learning pla ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35967 (The directory page parameter of the Orca HCM digital learning platform ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35966 (The specific function of the Orca HCM digital learning platform does n ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35965 (The Orca HCM digital learning platform uses a weak factory default adm ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35964 (The management page of the Orca HCM digital learning platform does not ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35963 (The specific parameter of upload function of the Orca HCM digital lear ...) + NOT-FOR-US: Orca HCM digital learning platform +CVE-2021-35962 (Specific page parameters in Dr. ID Door Access Control and Personnel A ...) + NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system +CVE-2021-35961 (Dr. ID Door Access Control and Personnel Attendance Management system ...) + NOT-FOR-US: Dr. ID Door Access Control and Personnel Attendance Management system +CVE-2021-35960 + RESERVED +CVE-2021-35959 (In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folde ...) + NOT-FOR-US: Plone +CVE-2021-35958 (TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files ...) + - tensorflow (bug #804612) +CVE-2021-35957 (Stormshield Endpoint Security Evolution 2.0.0 through 2.0.2 does not a ...) + NOT-FOR-US: Stormshield Endpoint Security Evolution +CVE-2021-35956 (Stored cross-site scripting (XSS) in the embedded webserver of AKCP se ...) + NOT-FOR-US: AKCP sensorProbe +CVE-2021-35955 (Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field ...) + NOT-FOR-US: Contao CMS +CVE-2021-35954 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows physic ...) + NOT-FOR-US: fastrack Reflex +CVE-2021-35953 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...) + NOT-FOR-US: fastrack Reflex +CVE-2021-35952 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows a Remo ...) + NOT-FOR-US: fastrack Reflex +CVE-2021-35951 (fastrack Reflex 2.0 W307S_REFLEX_v90.89 Activity Tracker allows an Una ...) + NOT-FOR-US: fastrack Reflex +CVE-2021-35950 + RESERVED +CVE-2021-35949 (The shareinfo controller in the ownCloud Server before 10.8.0 allows a ...) + - owncloud +CVE-2021-35948 (Session fixation on password protected public links in the ownCloud Se ...) + - owncloud +CVE-2021-35947 (The public share controller in the ownCloud server before version 10.8 ...) + - owncloud +CVE-2021-35946 (A receiver of a federated share with access to the database with ownCl ...) + - owncloud +CVE-2021-35945 (Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer O ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35944 (Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Ov ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35943 (Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Co ...) + NOT-FOR-US: Couchbase Server +CVE-2021-35942 (The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...) + {DLA-3152-1} + - glibc 2.31-13 (bug #990542) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28011 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c +CVE-2021-35941 (Western Digital WD My Book Live (2.x and later) and WD My Book Live Du ...) + NOT-FOR-US: Western Digital +CVE-2021-3630 (An out-of-bounds write vulnerability was found in DjVuLibre in DJVU::D ...) + {DSA-5032-1 DLA-2702-1} + - djvulibre 3.5.27.1-12 + NOTE: https://sourceforge.net/p/djvu/bugs/302/ + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/7b0ef20690e08f1fe124aebbf42f6310e2f40f81/ +CVE-2021-3629 (A flaw was found in Undertow. A potential security issue in flow contr ...) + - undertow 2.2.12-1 (bug #1016448) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1977362 + NOTE: Make sure to also address followup tracked as CVE-2022-1259: + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2072339 +CVE-2021-3628 (OpenKM Community Edition in its 6.3.10 version is vulnerable to authen ...) + NOT-FOR-US: OpenKM +CVE-2021-3627 + REJECTED +CVE-2021-35940 (An out-of-bounds array read in the apr_time_exp*() functions was fixed ...) + - apr 1.7.0-7 (bug #992789) + [bullseye] - apr 1.7.0-6+deb11u1 + [buster] - apr (Vulnerable code re-introduced in 1.7.0) + [stretch] - apr (Vulnerable code re-introduced in 1.7.0) + NOTE: The issue exists because the CVE-2017-12613 fix was not carried forward + NOTE: in the APR 1.7.x branch and hence version 1.7.0 regressed from 1.6.3 + NOTE: and so vulnerable to the same issue. + NOTE: https://www.openwall.com/lists/oss-security/2021/08/23/1 + NOTE: http://svn.apache.org/viewvc?view=revision&revision=1891198 + NOTE: https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch +CVE-2021-35939 (It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was inco ...) + - rpm 4.18.0+dfsg-1 (bug #990543) + [bullseye] - rpm (Minor issue) + [buster] - rpm (Minor issue) + [stretch] - rpm (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964129 + NOTE: https://github.com/rpm-software-management/rpm/pull/1919 + NOTE: https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 +CVE-2021-35938 (A symbolic link issue was found in rpm. It occurs when rpm sets the de ...) + - rpm 4.18.0+dfsg-1 (bug #990543) + [bullseye] - rpm (Minor issue) + [buster] - rpm (Minor issue) + [stretch] - rpm (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964114 + NOTE: https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 +CVE-2021-35937 (A race condition vulnerability was found in rpm. A local unprivileged ...) + - rpm (bug #990543) + [bookworm] - rpm (Minor issue) + [bullseye] - rpm (Minor issue) + [buster] - rpm (Minor issue) + [stretch] - rpm (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964125 +CVE-2021-35936 (If remote logging is not used, the worker (in the case of CeleryExecut ...) + - airflow (bug #819700) +CVE-2021-3626 (The Windows version of Multipass before 1.7.0 allowed any local proces ...) + NOT-FOR-US: Multipass +CVE-2021-3625 (Buffer overflow in Zephyr USB DFU DNLOAD. Zephyr versions >= v2.5.0 co ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-35935 + RESERVED +CVE-2021-35934 + RESERVED +CVE-2021-35933 + RESERVED +CVE-2021-35932 + RESERVED +CVE-2021-35931 + RESERVED +CVE-2021-35930 + RESERVED +CVE-2021-35929 + RESERVED +CVE-2021-35928 + RESERVED +CVE-2021-35927 + RESERVED +CVE-2021-35926 + RESERVED +CVE-2021-35925 + RESERVED +CVE-2021-35924 + RESERVED +CVE-2021-35923 + RESERVED +CVE-2021-35922 + RESERVED +CVE-2021-35921 + RESERVED +CVE-2021-35920 + RESERVED +CVE-2021-35919 + RESERVED +CVE-2021-35918 + RESERVED +CVE-2021-35917 + RESERVED +CVE-2021-35916 + RESERVED +CVE-2021-35915 + RESERVED +CVE-2021-35914 + RESERVED +CVE-2021-35913 + RESERVED +CVE-2021-35912 + RESERVED +CVE-2021-35911 + RESERVED +CVE-2021-35910 + RESERVED +CVE-2021-35909 + RESERVED +CVE-2021-35908 + RESERVED +CVE-2021-35907 + RESERVED +CVE-2021-35906 + RESERVED +CVE-2021-35905 + RESERVED +CVE-2021-35904 + RESERVED +CVE-2021-35903 + RESERVED +CVE-2021-35902 + RESERVED +CVE-2021-35901 + RESERVED +CVE-2021-35900 + RESERVED +CVE-2021-35899 + RESERVED +CVE-2021-35898 + RESERVED +CVE-2021-35897 + RESERVED +CVE-2021-35896 + RESERVED +CVE-2021-35895 + RESERVED +CVE-2021-35894 + RESERVED +CVE-2021-35893 + RESERVED +CVE-2021-35892 + RESERVED +CVE-2021-35891 + RESERVED +CVE-2021-35890 + RESERVED +CVE-2021-35889 + RESERVED +CVE-2021-35888 + RESERVED +CVE-2021-35887 + RESERVED +CVE-2021-35886 + RESERVED +CVE-2021-35885 + RESERVED +CVE-2021-35884 + RESERVED +CVE-2021-35883 + RESERVED +CVE-2021-35882 + RESERVED +CVE-2021-35881 + RESERVED +CVE-2021-35880 + RESERVED +CVE-2021-35879 + RESERVED +CVE-2021-35878 + RESERVED +CVE-2021-35877 + RESERVED +CVE-2021-35876 + RESERVED +CVE-2021-35875 + RESERVED +CVE-2021-35874 + RESERVED +CVE-2021-35873 + RESERVED +CVE-2021-35872 + RESERVED +CVE-2021-35871 + RESERVED +CVE-2021-35870 + RESERVED +CVE-2021-35869 + RESERVED +CVE-2021-35868 + RESERVED +CVE-2021-35867 + RESERVED +CVE-2021-35866 + RESERVED +CVE-2021-35865 + RESERVED +CVE-2021-35864 + RESERVED +CVE-2021-35863 + RESERVED +CVE-2021-35862 + RESERVED +CVE-2021-35861 + RESERVED +CVE-2021-35860 + RESERVED +CVE-2021-35859 + RESERVED +CVE-2021-35858 + RESERVED +CVE-2021-35857 + RESERVED +CVE-2021-35856 + RESERVED +CVE-2021-35855 + RESERVED +CVE-2021-35854 + RESERVED +CVE-2021-35853 + RESERVED +CVE-2021-35852 + RESERVED +CVE-2021-35851 + RESERVED +CVE-2021-35850 + RESERVED +CVE-2021-35849 + RESERVED +CVE-2021-35848 + RESERVED +CVE-2021-35847 + RESERVED +CVE-2021-35846 + RESERVED +CVE-2021-35845 + RESERVED +CVE-2021-35844 + RESERVED +CVE-2021-35843 + RESERVED +CVE-2021-35842 + RESERVED +CVE-2021-35841 + RESERVED +CVE-2021-35840 + RESERVED +CVE-2021-35839 + RESERVED +CVE-2021-35838 + RESERVED +CVE-2021-35837 + RESERVED +CVE-2021-35836 + RESERVED +CVE-2021-35835 + RESERVED +CVE-2021-35834 + RESERVED +CVE-2021-35833 + RESERVED +CVE-2021-35832 + RESERVED +CVE-2021-35831 + RESERVED +CVE-2021-35830 + RESERVED +CVE-2021-35829 + RESERVED +CVE-2021-35828 + RESERVED +CVE-2021-35827 + RESERVED +CVE-2021-35826 + RESERVED +CVE-2021-35825 + RESERVED +CVE-2021-35824 + RESERVED +CVE-2021-35823 + RESERVED +CVE-2021-35822 + RESERVED +CVE-2021-35821 + RESERVED +CVE-2021-35820 + RESERVED +CVE-2021-35819 + RESERVED +CVE-2021-35818 + RESERVED +CVE-2021-35817 + RESERVED +CVE-2021-35816 + RESERVED +CVE-2021-35815 + RESERVED +CVE-2021-35814 + RESERVED +CVE-2021-35813 + RESERVED +CVE-2021-35812 + RESERVED +CVE-2021-35811 + RESERVED +CVE-2021-35810 + RESERVED +CVE-2021-35809 + RESERVED +CVE-2021-35808 + RESERVED +CVE-2021-35807 + RESERVED +CVE-2021-35806 + RESERVED +CVE-2021-35805 + RESERVED +CVE-2021-35804 + RESERVED +CVE-2021-35803 + RESERVED +CVE-2021-35802 + RESERVED +CVE-2021-35801 + RESERVED +CVE-2021-35800 + RESERVED +CVE-2021-35799 + RESERVED +CVE-2021-35798 + RESERVED +CVE-2021-35797 + RESERVED +CVE-2021-35796 + RESERVED +CVE-2021-35795 + RESERVED +CVE-2021-35794 + RESERVED +CVE-2021-35793 + RESERVED +CVE-2021-35792 + RESERVED +CVE-2021-35791 + RESERVED +CVE-2021-35790 + RESERVED +CVE-2021-35789 + RESERVED +CVE-2021-35788 + RESERVED +CVE-2021-35787 + RESERVED +CVE-2021-35786 + RESERVED +CVE-2021-35785 + RESERVED +CVE-2021-35784 + RESERVED +CVE-2021-35783 + RESERVED +CVE-2021-35782 + RESERVED +CVE-2021-35781 + RESERVED +CVE-2021-35780 + RESERVED +CVE-2021-35779 + RESERVED +CVE-2021-35778 + RESERVED +CVE-2021-35777 + RESERVED +CVE-2021-35776 + RESERVED +CVE-2021-35775 + RESERVED +CVE-2021-35774 + RESERVED +CVE-2021-35773 + RESERVED +CVE-2021-35772 + RESERVED +CVE-2021-35771 + RESERVED +CVE-2021-35770 + RESERVED +CVE-2021-35769 + RESERVED +CVE-2021-35768 + RESERVED +CVE-2021-35767 + RESERVED +CVE-2021-35766 + RESERVED +CVE-2021-35765 + RESERVED +CVE-2021-35764 + RESERVED +CVE-2021-35763 + RESERVED +CVE-2021-35762 + RESERVED +CVE-2021-35761 + RESERVED +CVE-2021-35760 + RESERVED +CVE-2021-35759 + RESERVED +CVE-2021-35758 + RESERVED +CVE-2021-35757 + RESERVED +CVE-2021-35756 + RESERVED +CVE-2021-35755 + RESERVED +CVE-2021-35754 + RESERVED +CVE-2021-35753 + RESERVED +CVE-2021-35752 + RESERVED +CVE-2021-35751 + RESERVED +CVE-2021-35750 + RESERVED +CVE-2021-35749 + RESERVED +CVE-2021-35748 + RESERVED +CVE-2021-35747 + RESERVED +CVE-2021-35746 + RESERVED +CVE-2021-35745 + RESERVED +CVE-2021-35744 + RESERVED +CVE-2021-35743 + RESERVED +CVE-2021-35742 + RESERVED +CVE-2021-35741 + RESERVED +CVE-2021-35740 + RESERVED +CVE-2021-35739 + RESERVED +CVE-2021-35738 + RESERVED +CVE-2021-35737 + RESERVED +CVE-2021-35736 + RESERVED +CVE-2021-35735 + RESERVED +CVE-2021-35734 + RESERVED +CVE-2021-35733 + RESERVED +CVE-2021-35732 + RESERVED +CVE-2021-35731 + RESERVED +CVE-2021-35730 + RESERVED +CVE-2021-35729 + RESERVED +CVE-2021-35728 + RESERVED +CVE-2021-35727 + RESERVED +CVE-2021-35726 + RESERVED +CVE-2021-35725 + RESERVED +CVE-2021-35724 + RESERVED +CVE-2021-35723 + RESERVED +CVE-2021-35722 + RESERVED +CVE-2021-35721 + RESERVED +CVE-2021-35720 + RESERVED +CVE-2021-35719 + RESERVED +CVE-2021-35718 + RESERVED +CVE-2021-35717 + RESERVED +CVE-2021-35716 + RESERVED +CVE-2021-35715 + RESERVED +CVE-2021-35714 + RESERVED +CVE-2021-35713 + RESERVED +CVE-2021-35712 + RESERVED +CVE-2021-35711 + RESERVED +CVE-2021-35710 + RESERVED +CVE-2021-35709 + RESERVED +CVE-2021-35708 + RESERVED +CVE-2021-35707 + RESERVED +CVE-2021-35706 + RESERVED +CVE-2021-35705 + RESERVED +CVE-2021-35704 + RESERVED +CVE-2021-35703 + RESERVED +CVE-2021-35702 + RESERVED +CVE-2021-35701 + RESERVED +CVE-2021-35700 + RESERVED +CVE-2021-35699 + RESERVED +CVE-2021-35698 + RESERVED +CVE-2021-35697 + RESERVED +CVE-2021-35696 + RESERVED +CVE-2021-35695 + RESERVED +CVE-2021-35694 + RESERVED +CVE-2021-35693 + RESERVED +CVE-2021-35692 + RESERVED +CVE-2021-35691 + RESERVED +CVE-2021-35690 + RESERVED +CVE-2021-35689 (A potential vulnerability in the Oracle Talent Acquisition Cloud - Tal ...) + NOT-FOR-US: Oracle +CVE-2021-35688 + RESERVED +CVE-2021-35687 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2021-35686 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2021-35685 + RESERVED +CVE-2021-35684 + RESERVED +CVE-2021-35683 (Vulnerability in the Oracle Essbase Administration Services product of ...) + NOT-FOR-US: Oracle +CVE-2021-35682 + RESERVED +CVE-2021-35681 + RESERVED +CVE-2021-35680 + RESERVED +CVE-2021-35679 + RESERVED +CVE-2021-35678 + RESERVED +CVE-2021-35677 + RESERVED +CVE-2021-35676 + RESERVED +CVE-2021-35675 + RESERVED +CVE-2021-35674 + RESERVED +CVE-2021-35673 + RESERVED +CVE-2021-35672 + RESERVED +CVE-2021-35671 + RESERVED +CVE-2021-35670 + RESERVED +CVE-2021-35669 + RESERVED +CVE-2021-35668 + RESERVED +CVE-2021-35667 + RESERVED +CVE-2021-35666 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2021-35665 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) + NOT-FOR-US: Oracle +CVE-2021-35664 + RESERVED +CVE-2021-35663 + RESERVED +CVE-2021-35662 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35661 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35660 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35659 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35658 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35657 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35656 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35655 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35654 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35653 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35652 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35651 (Vulnerability in the Essbase Administration Services product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2021-35650 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle Secure Global Desktop +CVE-2021-35649 (Vulnerability in the Oracle Secure Global Desktop product of Oracle Vi ...) + NOT-FOR-US: Oracle Secure Global Desktop +CVE-2021-35648 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35647 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35646 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35645 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35644 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35642 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35640 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35639 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35638 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35637 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35636 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35635 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35630 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35629 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35628 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35626 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35625 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 + - mysql-5.7 +CVE-2021-35623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35622 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35621 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35620 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35619 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2021-35618 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35617 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35616 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2021-35615 + RESERVED +CVE-2021-35614 + RESERVED +CVE-2021-35613 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35612 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35611 (Vulnerability in the Oracle Sales Offline product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2021-35610 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35609 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35608 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35607 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35606 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) + NOT-FOR-US: Oracle +CVE-2021-35605 + RESERVED +CVE-2021-35604 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 + [bullseye] - mariadb-10.5 1:10.5.15-0+deb11u1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.34-0+deb10u1 + - mysql-8.0 8.0.28-1 + - mysql-5.7 + NOTE: Fixed in MariaDB: 10.5.13, 10.3.32 +CVE-2021-35603 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35602 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35601 (Vulnerability in the PeopleSoft Enterprise CS SA Integration Pack prod ...) + NOT-FOR-US: Oracle +CVE-2021-35600 + RESERVED +CVE-2021-35599 (Vulnerability in the Zero Downtime DB Migration to Cloud component of ...) + NOT-FOR-US: Oracle +CVE-2021-35598 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35597 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35596 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35595 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35594 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35593 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35592 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35590 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35589 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35588 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DLA-2814-1} + - openjdk-8 8u312-b07-1 +CVE-2021-35587 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2021-35586 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35585 (Vulnerability in the Oracle Incentive Compensation product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2021-35584 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35583 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 (Windows-specific) +CVE-2021-35582 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35581 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35580 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35579 + RESERVED +CVE-2021-35578 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35576 (Vulnerability in the Oracle Database Enterprise Edition Unified Audit ...) + NOT-FOR-US: Oracle +CVE-2021-35575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35574 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35573 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35572 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + NOT-FOR-US: Oracle +CVE-2021-35571 (Vulnerability in the PeopleSoft Enterprise CS Academic Advisement prod ...) + NOT-FOR-US: Oracle +CVE-2021-35570 (Vulnerability in the Oracle Mobile Field Service product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35569 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35568 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2021-35567 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35566 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35565 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5000-1 DLA-2814-1} + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35564 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35563 (Vulnerability in the Oracle Shipping Execution product of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2021-35562 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2021-35561 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35560 (Vulnerability in the Java SE product of Oracle Java SE (component: Dep ...) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2021-35559 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35558 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2021-35557 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2021-35556 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5012-1 DSA-5000-1 DLA-2814-1} + - openjdk-17 17.0.1+12-1 + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35555 + RESERVED +CVE-2021-35554 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2021-35553 (Vulnerability in the PeopleSoft Enterprise CS Student Records product ...) + NOT-FOR-US: Oracle +CVE-2021-35552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2021-35551 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2021-35550 (Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition produc ...) + {DSA-5000-2 DSA-5000-1 DLA-2814-1} + - openjdk-11 11.0.13+8-1 + - openjdk-8 8u312-b07-1 +CVE-2021-35549 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35548 + RESERVED +CVE-2021-35547 + RESERVED +CVE-2021-35546 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35545 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35544 + RESERVED +CVE-2021-35543 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) + NOT-FOR-US: Oracle +CVE-2021-35542 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35541 (Vulnerability in the PeopleSoft Enterprise SCM product of Oracle Peopl ...) + NOT-FOR-US: Oracle +CVE-2021-35540 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.28-dfsg-1 +CVE-2021-35539 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2021-35538 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox (Windows-specific) +CVE-2021-35537 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.28-1 +CVE-2021-35536 (Vulnerability in the Oracle Deal Management product of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2021-35535 (Insecure Boot Image vulnerability in Hitachi Energy Relion Relion 670/ ...) + NOT-FOR-US: Hitachi +CVE-2021-35534 (Insufficient security control vulnerability in internal database acces ...) + NOT-FOR-US: Hitachi +CVE-2021-35533 (Improper Input Validation vulnerability in the APDU parser in the Bidi ...) + NOT-FOR-US: Hitachi +CVE-2021-35532 (A vulnerability exists in the file upload validation part of Hitachi E ...) + NOT-FOR-US: Hitachi +CVE-2021-35531 (Improper Input Validation vulnerability in a particular configuration ...) + NOT-FOR-US: Hitachi +CVE-2021-35530 (A vulnerability in the application authentication and authorization me ...) + NOT-FOR-US: Hitachi +CVE-2021-35529 (Insufficiently Protected Credentials vulnerability in client environme ...) + NOT-FOR-US: Hitachi +CVE-2021-35528 (Improper Access Control vulnerability in the application authenticatio ...) + NOT-FOR-US: Hitachi +CVE-2021-35527 (Password autocomplete vulnerability in the web application password fi ...) + NOT-FOR-US: Hitachi ABB Power Grids eSOMS +CVE-2021-35526 (Backup file without encryption vulnerability is found in Hitachi ABB P ...) + NOT-FOR-US: Hitachi ABB Power Grids System Data Manager +CVE-2021-3624 (There is an integer overflow vulnerability in dcraw. When the victim r ...) + - dcraw 9.28-3 (bug #984761) + [bullseye] - dcraw (Minor issue) + [buster] - dcraw (Minor issue) + [stretch] - dcraw (Minor issue) +CVE-2021-3623 (A flaw was found in libtpms. The flaw can be triggered by specially-cr ...) + - libtpms 0.9.1-1 (bug #990522) + NOTE: https://github.com/stefanberger/libtpms/pull/223 + NOTE: https://github.com/stefanberger/libtpms/commit/2f30d620d3c053f20d38b54bf76ac0907821d263 + NOTE: https://github.com/stefanberger/libtpms/commit/7981d9ad90a5043a05004e4ca7b46beab8ca7809 + NOTE: https://github.com/stefanberger/libtpms/commit/2e6173c273ca14adb11386db4e47622552b1c00e +CVE-2021-35525 (PostSRSd before 1.11 allows a denial of service (subprocess hang) if P ...) + - postsrsd 1.10-2 (bug #990439) + [buster] - postsrsd 1.5-2+deb10u2 + [stretch] - postsrsd (Minor issue) + NOTE: https://bugs.gentoo.org/793674 + NOTE: https://github.com/roehling/postsrsd/commit/077be98d8c8a9847e4ae0c7dc09e7474cbe27db2 +CVE-2021-35524 + RESERVED +CVE-2021-35523 (Securepoint SSL VPN Client v2 before 2.0.32 on Windows has unsafe conf ...) + NOT-FOR-US: Securepoint +CVE-2021-35522 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + NOT-FOR-US: IDEMIA +CVE-2021-35521 (A path traversal in Thrift command handlers in IDEMIA Morpho Wave Comp ...) + NOT-FOR-US: IDEMIA +CVE-2021-35520 (A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Com ...) + NOT-FOR-US: IDEMIA +CVE-2021-35519 + RESERVED +CVE-2021-35518 + RESERVED +CVE-2021-35517 (When reading a specially crafted TAR archive, Compress can be made to ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java (Minor issue) + [buster] - libcommons-compress-java (Minor issue) + [stretch] - libcommons-compress-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/3 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f +CVE-2021-35516 (When reading a specially crafted 7Z archive, Compress can be made to a ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java (Minor issue) + [buster] - libcommons-compress-java (Minor issue) + [stretch] - libcommons-compress-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/2 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789 + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f + NOTE: https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a +CVE-2021-35515 (When reading a specially crafted 7Z archive, the construction of the l ...) + - libcommons-compress-java 1.21-1 (bug #991041) + [bullseye] - libcommons-compress-java (Minor issue) + [buster] - libcommons-compress-java (Minor issue) + [stretch] - libcommons-compress-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/13/1 + NOTE: Fixed by https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321 +CVE-2021-35514 (Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the t ...) + NOT-FOR-US: Narou +CVE-2021-35513 (Mermaid before 8.11.0 allows XSS when the antiscript feature is used.) + - node-mermaid 8.7.0+ds+~cs27.17.17-3 (bug #990449) + NOTE: https://github.com/mermaid-js/mermaid/issues/2122 + NOTE: https://github.com/mermaid-js/mermaid/pull/2123 +CVE-2021-35512 (An SSRF issue was discovered in Zoho ManageEngine Applications Manager ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-35511 + RESERVED +CVE-2021-35510 + RESERVED +CVE-2021-35509 + RESERVED +CVE-2021-35508 (NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to ex ...) + NOT-FOR-US: TeraRecon AQNetClient +CVE-2021-35507 + RESERVED +CVE-2021-35506 (Afian FileRun 2021.03.26 allows XSS when an administrator encounters a ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35505 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35504 (Afian FileRun 2021.03.26 allows Remote Code Execution (by administrato ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35503 (Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For ...) + NOT-FOR-US: Afian FileRun +CVE-2021-35502 (app/View/Elements/genericElements/IndexTable/Fields/generic_field.ctp ...) + NOT-FOR-US: MISP +CVE-2021-3622 (A flaw was found in the hivex library. This flaw allows an attacker to ...) + - hivex 1.3.21-1 (bug #991860) + [bullseye] - hivex (Minor issue) + [buster] - hivex (Minor issue) + [stretch] - hivex (Minor issue) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html + NOTE: https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255 +CVE-2021-35501 (PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name f ...) + NOT-FOR-US: PandoraFMS +CVE-2021-3621 (A flaw was found in SSSD, where the sssctl command was vulnerable to s ...) + {DLA-3436-1 DLA-2758-1} + - sssd 2.5.2-1 (bug #992710) + [bullseye] - sssd (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975142 + NOTE: https://github.com/SSSD/sssd/commit/7ab83f97e1cbefb78ece17232185bdd2985f0bbe (sssd-2-7) + NOTE: https://github.com/SSSD/sssd/commit/b4b32677a886bc26d60ce0171505aa3ab0c82c8a (sssd-1-16) + NOTE: Introduced by https://github.com/SSSD/sssd/commit/e157b9f6cb370e1b94bcac2044d26ad66d640fba (v1.13.91) +CVE-2021-3620 (A flaw was found in Ansible Engine's ansible-connection module, where ...) + - ansible-core 2.12.0-1 + - ansible 5.4.0-1 + [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) + [buster] - ansible (Minor issue, revisit when/if fixed upstream) + [stretch] - ansible (EOL'd for stretch) + - ansible-base + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975767 + NOTE: https://github.com/ansible/ansible/commit/79e9dae29212a88aa60122ca6bd608947399017f + NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid +CVE-2021-35500 (The Data Virtualization Server component of TIBCO Software Inc.'s TIBC ...) + NOT-FOR-US: TIBCO +CVE-2021-35499 (The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus cont ...) + NOT-FOR-US: TIBCO +CVE-2021-35498 (The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, ...) + NOT-FOR-US: TIBCO +CVE-2021-35497 (The FTL Server (tibftlserver) and Docker images containing tibftlserve ...) + NOT-FOR-US: TIBCO +CVE-2021-35496 (The XMLA Connections component of TIBCO Software Inc.'s TIBCO JasperRe ...) + NOT-FOR-US: TIBCO +CVE-2021-35495 (The Scheduler Connection component of TIBCO Software Inc.'s TIBCO Jasp ...) + NOT-FOR-US: TIBCO +CVE-2021-35494 (The Rest API component of TIBCO Software Inc.'s TIBCO JasperReports Se ...) + NOT-FOR-US: TIBCO +CVE-2021-35493 (The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO ...) + NOT-FOR-US: WebFOCUS +CVE-2021-3619 (Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentica ...) + NOT-FOR-US: Rapid7 Velociraptor +CVE-2021-35492 (Wowza Streaming Engine through 4.8.11+5 could allow an authenticated, ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-35491 (A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming E ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-35490 (Thruk before 2.44 allows XSS for a quick command.) + NOT-FOR-US: Thruk +CVE-2021-35489 (Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME] ...) + NOT-FOR-US: Thruk +CVE-2021-35488 (Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={T ...) + NOT-FOR-US: Thruk +CVE-2021-35487 (Nokia Broadcast Message Center through 11.1.0 allows an authenticated ...) + NOT-FOR-US: Nokia Broadcast Message Center +CVE-2021-35486 + RESERVED +CVE-2021-35485 + RESERVED +CVE-2021-35484 + RESERVED +CVE-2021-35483 + RESERVED +CVE-2021-35482 (An issue was discovered in Barco MirrorOp Windows Sender before 2.5.4. ...) + NOT-FOR-US: Barco MirrorOp Windows Sender +CVE-2021-35481 + RESERVED +CVE-2021-35480 + RESERVED +CVE-2021-35479 (Nagios Log Server before 2.1.9 contains Stored XSS in the custom colum ...) + NOT-FOR-US: Nagios Log Server +CVE-2021-35478 (Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown ...) + NOT-FOR-US: Nagios Log Server +CVE-2021-35477 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} + - linux 5.10.46-4 + [buster] - linux 4.19.208-1 + [stretch] - linux (Too risky to backport, and mitigated by default) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 +CVE-2021-35476 + RESERVED +CVE-2021-35475 (SAS Environment Manager 2.5 allows XSS through the Name field when cre ...) + NOT-FOR-US: SAS Environment Manager +CVE-2021-3618 (ALPACA is an application layer protocol content confusion attack, expl ...) + {DLA-3203-1} + - nginx 1.20.2-2 (bug #991328) + [bullseye] - nginx 1.18.0-6.1+deb11u2 + [stretch] - nginx (Minor issue) + - vsftpd (bug #991329) + [bookworm] - vsftpd (Minor issue) + [bullseye] - vsftpd (Minor issue) + [buster] - vsftpd (Minor issue) + [stretch] - vsftpd (Minor issue) + [experimental] - sendmail 8.16.1-1 + - sendmail 8.16.1-2 (bug #991331) + [bullseye] - sendmail (Minor issue) + [buster] - sendmail (Minor issue) + [stretch] - sendmail (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975623 + NOTE: https://alpaca-attack.com/ + NOTE: Generic TLS protocol issue, some applications have released mitigations: + NOTE: nginx: http://hg.nginx.org/nginx/rev/ec1071830799 + NOTE: vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4) + NOTE: * Close the control connection after 10 unknown commands pre-login. + NOTE: * Reject any TLS ALPN advertisement that's not 'ftp'. + NOTE: * Add ssl_sni_hostname option to require a match on incoming SNI hostname. + NOTE: sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2 + NOTE: exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html +CVE-2021-3617 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3616 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3615 (A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E th ...) + NOT-FOR-US: Lenovo +CVE-2021-3614 (A vulnerability was reported on some Lenovo Notebook systems that coul ...) + NOT-FOR-US: Lenovo +CVE-2021-35474 (Stack-based Buffer Overflow vulnerability in cachekey plugin of Apache ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-35473 [Access token lifetime is not verified with OAuth2 Handler] + RESERVED + - lemonldap-ng 2.0.11+ds-4 + [buster] - lemonldap-ng (OAuth2 Handler introduced later) + [stretch] - lemonldap-ng (OAuth2 Handler introduced later) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2549 +CVE-2021-35472 (An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...) + {DSA-4943-1} + - lemonldap-ng 2.0.11+ds-4 + [stretch] - lemonldap-ng (Vulnerable code not present; updateSession doesn't use in-memory cache) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2539 +CVE-2021-35471 + RESERVED +CVE-2021-35470 + RESERVED +CVE-2021-35469 (The Lexmark Printer Software G2, G3 and G4 Installation Packages have ...) + NOT-FOR-US: Lexmark +CVE-2021-35468 + RESERVED +CVE-2021-35467 + RESERVED +CVE-2021-35466 + RESERVED +CVE-2021-35465 (Certain Arm products before 2021-08-23 do not properly consider the ef ...) + NOT-FOR-US: ARM +CVE-2021-35464 (ForgeRock AM server before 7.0 has a Java deserialization vulnerabilit ...) + NOT-FOR-US: ForgeRock +CVE-2021-35463 (Cross-site scripting (XSS) vulnerability in the Frontend Taglib module ...) + NOT-FOR-US: Liferay +CVE-2021-35462 + RESERVED +CVE-2021-35461 + RESERVED +CVE-2021-35460 + RESERVED +CVE-2021-35459 + RESERVED +CVE-2021-35458 (Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in pro ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2021-35457 + RESERVED +CVE-2021-35456 (Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and s ...) + NOT-FOR-US: Online Pet Shop We App +CVE-2021-35455 + RESERVED +CVE-2021-35454 + RESERVED +CVE-2021-35453 + RESERVED +CVE-2021-35452 (An Incorrect Access Control vulnerability exists in libde265 v1.0.8 du ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.8-1.1 (bug #1014977) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/298 + NOTE: https://github.com/strukturag/libde265/commit/e83f3798dd904aa579425c53020c67e03735138d +CVE-2021-35451 (In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenti ...) + NOT-FOR-US: Teradici PCoIP Management Console-Enterprise +CVE-2021-35450 (A Server Side Template Injection in the Entando Admin Console 6.3.9 an ...) + NOT-FOR-US: Entando Admin Console +CVE-2021-35449 (The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driv ...) + NOT-FOR-US: Lexmark +CVE-2021-35448 (Emote Interactive Remote Mouse 3.008 on Windows allows attackers to ex ...) + NOT-FOR-US: Emote Interactive Remote Mouse on Windows +CVE-2021-35447 + RESERVED +CVE-2021-35446 + RESERVED +CVE-2021-35445 + RESERVED +CVE-2021-35444 + RESERVED +CVE-2021-35443 + RESERVED +CVE-2021-35442 + RESERVED +CVE-2021-35441 + RESERVED +CVE-2021-35440 (Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for ...) + NOT-FOR-US: Smashing +CVE-2021-35439 + RESERVED +CVE-2021-35438 (phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-re ...) + - phpipam (bug #731713) + NOTE: https://github.com/phpipam/phpipam/issues/3351 +CVE-2021-35437 (SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute ...) + NOT-FOR-US: LMXCMS +CVE-2021-35436 + RESERVED +CVE-2021-35435 + RESERVED +CVE-2021-35434 + RESERVED +CVE-2021-35433 + RESERVED +CVE-2021-35432 + RESERVED +CVE-2021-35431 + RESERVED +CVE-2021-35430 + RESERVED +CVE-2021-35429 + RESERVED +CVE-2021-35428 + RESERVED +CVE-2021-35427 + RESERVED +CVE-2021-35426 + RESERVED +CVE-2021-35425 + RESERVED +CVE-2021-35424 + RESERVED +CVE-2021-35423 + RESERVED +CVE-2021-35422 + RESERVED +CVE-2021-35421 + RESERVED +CVE-2021-35420 + RESERVED +CVE-2021-35419 + RESERVED +CVE-2021-35418 + RESERVED +CVE-2021-35417 + RESERVED +CVE-2021-35416 + RESERVED +CVE-2021-35415 (A stored cross-site scripting (XSS) vulnerability allows attackers to ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35414 (Chamilo LMS v1.11.x was discovered to contain a SQL injection via the ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35413 (A remote code execution (RCE) vulnerability in course_intro_pdf_import ...) + NOT-FOR-US: Chamilo LMS +CVE-2021-35412 + RESERVED +CVE-2021-35411 + RESERVED +CVE-2021-35410 + RESERVED +CVE-2021-35409 + RESERVED +CVE-2021-35408 + RESERVED +CVE-2021-35407 + RESERVED +CVE-2021-35406 + RESERVED +CVE-2021-35405 + RESERVED +CVE-2021-35404 + RESERVED +CVE-2021-35403 + RESERVED +CVE-2021-35402 + RESERVED +CVE-2021-35401 + RESERVED +CVE-2021-35400 + RESERVED +CVE-2021-35399 + RESERVED +CVE-2021-35398 + RESERVED +CVE-2021-35397 (A path traversal vulnerability in the static router for Drogon from 1. ...) + NOT-FOR-US: Drogon +CVE-2021-35396 + RESERVED +CVE-2021-35395 (Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web se ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35394 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic t ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35393 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35392 (Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple ...) + NOT-FOR-US: Realtek Jungle SDK +CVE-2021-35391 (Server Side Request Forgery vulnerability found in Deskpro Support Des ...) + NOT-FOR-US: Deskpro Support Desk +CVE-2021-35390 + RESERVED +CVE-2021-35389 + RESERVED +CVE-2021-35388 (Hospital Management System v 4.0 is vulnerable to Cross Site Scripting ...) + NOT-FOR-US: Hospital Management System +CVE-2021-35387 (Hospital Management System v 4.0 is vulnerable to SQL Injection via fi ...) + NOT-FOR-US: Hospital Management System +CVE-2021-35386 + RESERVED +CVE-2021-35385 + RESERVED +CVE-2021-35384 + RESERVED +CVE-2021-35383 + RESERVED +CVE-2021-35382 + RESERVED +CVE-2021-35381 + RESERVED +CVE-2021-35380 (A Directory Traversal vulnerability exists in Solari di Udine TermTalk ...) + NOT-FOR-US: Solari di Udine TermTalk Server (TTServer) +CVE-2021-35379 + RESERVED +CVE-2021-35378 + RESERVED +CVE-2021-35377 (Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v. ...) + NOT-FOR-US: VICIdial +CVE-2021-35376 + RESERVED +CVE-2021-35375 + RESERVED +CVE-2021-35374 + RESERVED +CVE-2021-35373 + RESERVED +CVE-2021-35372 + RESERVED +CVE-2021-35371 + RESERVED +CVE-2021-35370 (An issue found in Peacexie Imcat v5.4 allows attackers to execute arbi ...) + NOT-FOR-US: Peacexie Imcat +CVE-2021-35369 (Arbitrary File Read vulnerability found in Peacexie ImCat v.5.2 fixed ...) + NOT-FOR-US: Peacexie Imcat +CVE-2021-35368 (OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1 ...) + - modsecurity-crs 3.3.2-1 (bug #992000) + [bullseye] - modsecurity-crs 3.3.0-1+deb11u1 + [buster] - modsecurity-crs 3.1.0-1+deb10u2 + [stretch] - modsecurity-crs (Minor issue) + NOTE: https://coreruleset.org/20210630/cve-2021-35368-crs-request-body-bypass/ + NOTE: https://github.com/coreruleset/coreruleset/pull/2143 + NOTE: https://github.com/coreruleset/coreruleset/commit/132c19c8f21c8cd4d3cd484d4f34ef786ee39b05 (v3.4-dev) + NOTE: Introduced by https://github.com/coreruleset/coreruleset/commit/b3995e5d332be9f2445ee91b6e1366440bdbe109 (v3.0.0-rc2) +CVE-2021-35367 + RESERVED +CVE-2021-35366 + RESERVED +CVE-2021-35365 + RESERVED +CVE-2021-35364 + RESERVED +CVE-2021-35363 + RESERVED +CVE-2021-35362 + RESERVED +CVE-2021-35361 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/l ...) + NOT-FOR-US: dotCMS +CVE-2021-35360 (A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/c ...) + NOT-FOR-US: dotCMS +CVE-2021-35359 + RESERVED +CVE-2021-35358 (A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Im ...) + NOT-FOR-US: dotCMS +CVE-2021-35357 + RESERVED +CVE-2021-35356 + RESERVED +CVE-2021-35355 + RESERVED +CVE-2021-35354 + RESERVED +CVE-2021-35353 + RESERVED +CVE-2021-35352 + RESERVED +CVE-2021-35351 + RESERVED +CVE-2021-35350 + RESERVED +CVE-2021-35349 + RESERVED +CVE-2021-35348 + RESERVED +CVE-2021-35347 + RESERVED +CVE-2021-35346 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) + NOT-FOR-US: tsMuxer +CVE-2021-35345 + RESERVED +CVE-2021-35344 (tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow ...) + NOT-FOR-US: tsMuxer +CVE-2021-35343 (Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.Ajax.php ...) + NOT-FOR-US: SeedDMS +CVE-2021-35342 (The useradm service 1.14.0 (in Northern.tech Mender Enterprise 2.7.x b ...) + NOT-FOR-US: Northern.tech +CVE-2021-35341 + RESERVED +CVE-2021-35340 + RESERVED +CVE-2021-35339 + RESERVED +CVE-2021-35338 + RESERVED +CVE-2021-35337 (Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable t ...) + NOT-FOR-US: Sourcecodester Phone Shop Sales Managements System +CVE-2021-35336 (Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Ac ...) + NOT-FOR-US: Tieline IP Audio Gateway +CVE-2021-35335 + RESERVED +CVE-2021-35334 + RESERVED +CVE-2021-35333 + RESERVED +CVE-2021-35332 + RESERVED +CVE-2021-35331 (In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow ...) + - tcl8.6 (unimportant) + NOTE: https://core.tcl-lang.org/tcl/info/28ef6c0c741408a2 + NOTE: https://core.tcl-lang.org/tcl/info/bad6cc213dfe8280 + NOTE: https://github.com/tcltk/tcl/commit/4705dbdde2f32ff90420765cd93e7ac71d81a222 + NOTE: https://sqlite.org/forum/info/7dcd751996c93ec9 + NOTE: Various other sources would embedd a copy as well, but the security impact of + NOTE: the issue tself for tcl is disputed in its significance. +CVE-2021-35330 + RESERVED +CVE-2021-35329 + RESERVED +CVE-2021-35328 + RESERVED +CVE-2021-35327 (A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B2020091 ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35326 (A vulnerability in TOTOLINK A720R router with firmware v4.1.5cu.470_B2 ...) + NOT-FOR-US: TOTOLINK A720R router firmware +CVE-2021-35325 (A stack overflow in the checkLoginUser function of TOTOLINK A720R A720 ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35324 (A vulnerability in the Form_Login function of TOTOLINK A720R A720R_Fir ...) + NOT-FOR-US: TOTOLINK A720R A720R_Firmware +CVE-2021-35323 (Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via t ...) + NOT-FOR-US: bludit +CVE-2021-35322 + RESERVED +CVE-2021-35321 + RESERVED +CVE-2021-35320 + RESERVED +CVE-2021-35319 + RESERVED +CVE-2021-35318 + RESERVED +CVE-2021-35317 + RESERVED +CVE-2021-35316 + RESERVED +CVE-2021-35315 + RESERVED +CVE-2021-35314 + RESERVED +CVE-2021-35313 + REJECTED +CVE-2021-35312 (A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. ...) + NOT-FOR-US: Amica Prodigy +CVE-2021-35311 + RESERVED +CVE-2021-35310 + RESERVED +CVE-2021-35309 (An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-201 ...) + NOT-FOR-US: Samsung +CVE-2021-35308 + RESERVED +CVE-2021-35307 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) + NOT-FOR-US: Bento4 +CVE-2021-35306 (An issue was discovered in Bento4 through v1.6.0-636. A NULL pointer d ...) + NOT-FOR-US: Bento4 +CVE-2021-35305 + RESERVED +CVE-2021-35304 + RESERVED +CVE-2021-35303 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) + - zammad (bug #841355) +CVE-2021-35302 (Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0. ...) + - zammad (bug #841355) +CVE-2021-35301 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote att ...) + - zammad (bug #841355) +CVE-2021-35300 (Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0. ...) + - zammad (bug #841355) +CVE-2021-35299 (Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers ...) + - zammad (bug #841355) +CVE-2021-35298 (Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote a ...) + - zammad (bug #841355) +CVE-2021-35297 (Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remo ...) + NOT-FOR-US: Scalabium dBase Viewer +CVE-2021-35296 (An issue in the administrator authentication panel of PTCL HG150-Ub v3 ...) + NOT-FOR-US: PTCL HG150-Ub +CVE-2021-35295 + RESERVED +CVE-2021-35294 + RESERVED +CVE-2021-35293 + RESERVED +CVE-2021-35292 + RESERVED +CVE-2021-35291 + RESERVED +CVE-2021-35290 (File Upload vulnerability in balerocms-src 0.8.3 allows remote attacke ...) + NOT-FOR-US: balerocms-src +CVE-2021-35289 + RESERVED +CVE-2021-35288 + RESERVED +CVE-2021-35287 + RESERVED +CVE-2021-35286 + RESERVED +CVE-2021-35285 + RESERVED +CVE-2021-35284 (SQL Injection vulnerability in function get_user in login_manager.php ...) + NOT-FOR-US: rizalafani cms-php +CVE-2021-35283 (SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, ...) + NOT-FOR-US: atoms183 CMS +CVE-2021-35282 + RESERVED +CVE-2021-35281 + RESERVED +CVE-2021-35280 + RESERVED +CVE-2021-35279 + RESERVED +CVE-2021-35278 + RESERVED +CVE-2021-35277 + RESERVED +CVE-2021-35276 + RESERVED +CVE-2021-35275 + RESERVED +CVE-2021-35274 + RESERVED +CVE-2021-35273 + RESERVED +CVE-2021-35272 + RESERVED +CVE-2021-35271 + RESERVED +CVE-2021-35270 + RESERVED +CVE-2021-35269 (NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribute ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35268 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode i ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35267 (NTFS-3G versions < 2021.8.22, a stack buffer overflow can occur when c ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35266 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode p ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-35265 (A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS be ...) + NOT-FOR-US: MaxSite CMS +CVE-2021-35264 + RESERVED +CVE-2021-35263 + RESERVED +CVE-2021-35262 + RESERVED +CVE-2021-35261 (File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153 ...) + NOT-FOR-US: Yupoxion BearAdmin +CVE-2021-35260 + RESERVED +CVE-2021-35259 + RESERVED +CVE-2021-35258 + RESERVED +CVE-2021-35257 + RESERVED +CVE-2021-35256 + RESERVED +CVE-2021-35255 + RESERVED +CVE-2021-35254 (SolarWinds received a report of a vulnerability related to an input th ...) + NOT-FOR-US: SolarWinds +CVE-2021-35253 + RESERVED +CVE-2021-35252 (Common encryption key appears to be used across all deployed instances ...) + NOT-FOR-US: Serv-U +CVE-2021-35251 (Sensitive information could be displayed when a detailed technical err ...) + NOT-FOR-US: Solarwinds +CVE-2021-35250 (A researcher reported a Directory Transversal Vulnerability in Serv-U ...) + NOT-FOR-US: Serv-U +CVE-2021-35249 (This broken access control vulnerability pertains specifically to a do ...) + NOT-FOR-US: Serv-U +CVE-2021-35248 (It has been reported that any Orion user, e.g. guest accounts can quer ...) + NOT-FOR-US: SolarWinds +CVE-2021-35247 (Serv-U web login screen to LDAP authentication was allowing characters ...) + NOT-FOR-US: SolarWinds +CVE-2021-35246 (The application fails to prevent users from connecting to it over unen ...) + NOT-FOR-US: SolarWinds +CVE-2021-35245 (When a user has admin rights in Serv-U Console, the user can move, cre ...) + NOT-FOR-US: SolarWinds +CVE-2021-35244 (The "Log alert to a file" action within action management enables any ...) + NOT-FOR-US: SolarWinds +CVE-2021-35243 (The HTTP PUT and DELETE methods were enabled in the Web Help Desk web ...) + NOT-FOR-US: SolarWinds +CVE-2021-35242 (Serv-U server responds with valid CSRFToken when the request contains ...) + NOT-FOR-US: SolarWinds +CVE-2021-35241 + RESERVED +CVE-2021-35240 (A security researcher stored XSS via a Help Server setting. This affec ...) + NOT-FOR-US: SolarWinds +CVE-2021-35239 (A security researcher found a user with Orion map manage rights could ...) + NOT-FOR-US: SolarWinds +CVE-2021-35238 (User with Orion Platform Admin Rights could store XSS through URL POST ...) + NOT-FOR-US: Solarwinds +CVE-2021-35237 (A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35236 (The Secure flag is not set in the SSL Cookie of Kiwi Syslog Server 9.7 ...) + NOT-FOR-US: SolarWinds +CVE-2021-35235 (The ASP.NET debug feature is enabled by default in Kiwi Syslog Server ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35234 (Numerous exposed dangerous functions within Orion Core has allows for ...) + NOT-FOR-US: SolarWinds +CVE-2021-35233 (The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7. ...) + NOT-FOR-US: Kiwi Syslog Server +CVE-2021-35232 (Hard coded credentials discovered in SolarWinds Web Help Desk product. ...) + NOT-FOR-US: SolarWinds +CVE-2021-35231 (As a result of an unquoted service path vulnerability present in the K ...) + NOT-FOR-US: Kiwi Syslog Server Installation Wizard +CVE-2021-35230 (As a result of an unquoted service path vulnerability present in the K ...) + NOT-FOR-US: Kiwi CatTools Installation Wizard +CVE-2021-35229 (Cross-site scripting vulnerability is present in Database Performance ...) + NOT-FOR-US: SolarWinds +CVE-2021-35228 (This vulnerability occurred due to missing input sanitization for one ...) + NOT-FOR-US: Solarwinds +CVE-2021-35227 (The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and ...) + NOT-FOR-US: Solarwinds +CVE-2021-35226 (An entity in Network Configuration Manager product is misconfigured an ...) + NOT-FOR-US: Solarwinds +CVE-2021-35225 (Each authenticated Orion Platform user in a MSP (Managed Service Provi ...) + NOT-FOR-US: Solarwinds +CVE-2021-35224 + RESERVED +CVE-2021-35223 (The Serv-U File Server allows for events such as user login failures t ...) + NOT-FOR-US: SolarWinds +CVE-2021-35222 (This vulnerability allows attackers to impersonate users and perform a ...) + NOT-FOR-US: SolarWinds +CVE-2021-35221 (Improper Access Control Tampering Vulnerability using ImportAlert func ...) + NOT-FOR-US: SolarWinds +CVE-2021-35220 (Command Injection vulnerability in EmailWebPage API which can lead to ...) + NOT-FOR-US: SolarWinds +CVE-2021-35219 (ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerabilit ...) + NOT-FOR-US: SolarWinds +CVE-2021-35218 (Deserialization of Untrusted Data in the Web Console Chart Endpoint ca ...) + NOT-FOR-US: Solarwinds +CVE-2021-35217 (Insecure Deseralization of untrusted data remote code execution vulner ...) + NOT-FOR-US: Solarwinds +CVE-2021-35216 (Insecure Deserialization of untrusted data remote code execution vulne ...) + NOT-FOR-US: Solarwinds +CVE-2021-35215 (Insecure deserialization leading to Remote Code Execution was detected ...) + NOT-FOR-US: Solarwinds +CVE-2021-35214 (The vulnerability in SolarWinds Pingdom can be described as a failure ...) + NOT-FOR-US: Solarwinds +CVE-2021-35213 (An Improper Access Control Privilege Escalation Vulnerability was disc ...) + NOT-FOR-US: SolarWinds +CVE-2021-35212 (An SQL injection Privilege Escalation Vulnerability was discovered in ...) + NOT-FOR-US: SolarWinds +CVE-2021-35211 (Microsoft discovered a remote code execution (RCE) vulnerability in th ...) + NOT-FOR-US: SolarWinds +CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...) + - pam (Vulnerable code introduced and fixed in v1.4.0) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171721 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5 + NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61 +CVE-2021-3613 (OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitra ...) + NOT-FOR-US: OpenVPN Connect +CVE-2021-35210 (Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x be ...) + NOT-FOR-US: Contao CMS +CVE-2021-35209 (An issue was discovered in ProxyServlet.java in the /proxy servlet in ...) + NOT-FOR-US: Zimbra +CVE-2021-35208 (An issue was discovered in ZmMailMsgView.js in the Calendar Invite com ...) + NOT-FOR-US: Zimbra +CVE-2021-35207 (An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.1 ...) + NOT-FOR-US: Zimbra +CVE-2021-35206 (Gitpod before 0.6.0 allows unvalidated redirects.) + NOT-FOR-US: Gitpod +CVE-2021-35205 (NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redire ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35204 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Si ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35203 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Rea ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35202 (NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypa ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35201 (NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35200 (NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to a ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35199 (NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-S ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35198 (NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-S ...) + NOT-FOR-US: NETSCOUT +CVE-2021-35197 (In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and ...) + {DSA-4979-1 DLA-2779-1} + - mediawiki 1:1.35.3-1 + NOTE: https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/ + NOTE: https://phabricator.wikimedia.org/T280226 +CVE-2021-35196 (Manuskript through 0.12.0 allows remote attackers to execute arbitrary ...) + - manuskript 0.14.0-1 (bug #990366) + [bullseye] - manuskript (Minor issue) + [buster] - manuskript (Minor issue) + NOTE: https://github.com/olivierkes/manuskript/issues/891 + NOTE: https://github.com/olivierkes/manuskript/pull/895 + NOTE: https://github.com/olivierkes/manuskript/commit/6f841f96553fb2549accf2b16a4713871378ddc4 (0.13.1) +CVE-2021-35195 + RESERVED +CVE-2021-35194 + RESERVED +CVE-2021-35193 (Patterson Application Service in Patterson Eaglesoft 18 through 21 acc ...) + NOT-FOR-US: Patterson Eaglesoft +CVE-2021-35192 + RESERVED +CVE-2021-35191 + RESERVED +CVE-2021-35190 + RESERVED +CVE-2021-35189 + RESERVED +CVE-2021-35188 + RESERVED +CVE-2021-35187 + RESERVED +CVE-2021-35186 + RESERVED +CVE-2021-35185 + RESERVED +CVE-2021-35184 + RESERVED +CVE-2021-35183 + RESERVED +CVE-2021-35182 + RESERVED +CVE-2021-35181 + RESERVED +CVE-2021-35180 + RESERVED +CVE-2021-35179 + RESERVED +CVE-2021-35178 + RESERVED +CVE-2021-35177 + RESERVED +CVE-2021-35176 + RESERVED +CVE-2021-35175 + RESERVED +CVE-2021-35174 + RESERVED +CVE-2021-35173 + RESERVED +CVE-2021-35172 + RESERVED +CVE-2021-35171 + RESERVED +CVE-2021-35170 + RESERVED +CVE-2021-35169 + RESERVED +CVE-2021-35168 + RESERVED +CVE-2021-35167 + RESERVED +CVE-2021-35166 + RESERVED +CVE-2021-35165 + RESERVED +CVE-2021-35164 + RESERVED +CVE-2021-35163 + RESERVED +CVE-2021-35162 + RESERVED +CVE-2021-35161 + RESERVED +CVE-2021-35160 + RESERVED +CVE-2021-35159 + RESERVED +CVE-2021-35158 + RESERVED +CVE-2021-35157 + RESERVED +CVE-2021-35156 + RESERVED +CVE-2021-35155 + RESERVED +CVE-2021-35154 + RESERVED +CVE-2021-35153 + RESERVED +CVE-2021-35152 + RESERVED +CVE-2021-35151 + RESERVED +CVE-2021-35150 + RESERVED +CVE-2021-35149 + RESERVED +CVE-2021-35148 + RESERVED +CVE-2021-35147 + RESERVED +CVE-2021-35146 + RESERVED +CVE-2021-35145 + RESERVED +CVE-2021-35144 + RESERVED +CVE-2021-35143 + RESERVED +CVE-2021-35142 + RESERVED +CVE-2021-35141 + RESERVED +CVE-2021-35140 + RESERVED +CVE-2021-35139 + RESERVED +CVE-2021-35138 + RESERVED +CVE-2021-35137 + RESERVED +CVE-2021-35136 + RESERVED +CVE-2021-35135 (A null pointer dereference may potentially occur during RSA key import ...) + NOT-FOR-US: Snapdragon +CVE-2021-35134 (Due to insufficient validation of ELF headers, an Incorrect Calculatio ...) + NOT-FOR-US: Snapdragon +CVE-2021-35133 (Use after free in the synx driver issue while performing other functio ...) + NOT-FOR-US: Snapdragon +CVE-2021-35132 (Out of bound write in DSP service due to improper bound check for resp ...) + NOT-FOR-US: Snapdragon +CVE-2021-35131 + RESERVED +CVE-2021-35130 (Memory corruption in graphics support layer due to use after free cond ...) + NOT-FOR-US: Snapdragon +CVE-2021-35129 (Memory corruption in BT controller due to improper length check while ...) + NOT-FOR-US: Snapdragon +CVE-2021-35128 + RESERVED +CVE-2021-35127 + RESERVED +CVE-2021-35126 (Memory corruption in DSP service due to improper validation of input p ...) + NOT-FOR-US: Snapdragon +CVE-2021-35125 + RESERVED +CVE-2021-35124 + RESERVED +CVE-2021-35123 (Buffer copy in GATT multi notification due to improper length check fo ...) + NOT-FOR-US: Snapdragon +CVE-2021-35122 (Non-secure region can try modifying RG permissions of IO space xPUs du ...) + NOT-FOR-US: Snapdragon +CVE-2021-35121 (An array index is improperly used to lock and unlock a mutex which can ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35120 (Improper handling between export and release functions on the same han ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35119 (Potential out of Bounds read in FIPS event processing due to improper ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35118 (An out-of-bounds write can occur due to an incorrect input check in th ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35117 (An Out of Bounds read may potentially occur while processing an IBSS b ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35116 (APK can load a crafted model into the CDSP which can lead to a comprom ...) + NOT-FOR-US: Snapdragon +CVE-2021-35115 (Improper handling of multiple session supported by PVM backend can lea ...) + NOT-FOR-US: Qualcomm +CVE-2021-35114 (Improper buffer initialization on the backend driver can lead to buffe ...) + NOT-FOR-US: Snapdragon +CVE-2021-35113 (Possible authentication bypass due to improper order of signature veri ...) + NOT-FOR-US: Snapdragon +CVE-2021-35112 (A user with user level permission can access graphics protected region ...) + NOT-FOR-US: Snapdragon +CVE-2021-35111 (Improper validation of tag id while RRC sending tag id to MAC can lead ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35110 (Possible buffer overflow to improper validation of hash segment of fil ...) + NOT-FOR-US: Qualcomm +CVE-2021-35109 (Possible address manipulation from APP-NS while APP-S is configuring a ...) + NOT-FOR-US: Snapdragon +CVE-2021-35108 (Improper checking of AP-S lock bit while verifying the secure resource ...) + NOT-FOR-US: Snapdragon +CVE-2021-35107 + RESERVED +CVE-2021-35106 (Possible out of bound read due to improper length calculation of WMI m ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35105 (Possible out of bounds access due to improper input validation during ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35104 (Possible buffer overflow due to improper parsing of headers while play ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35103 (Possible out of bound write due to improper validation of number of ti ...) + NOT-FOR-US: Qualcomm QCA-WiFi for Android +CVE-2021-35102 (Possible buffer overflow due to lack of validation for the length of N ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35101 (Improper handling of writes to virtual GICR control can lead to assert ...) + NOT-FOR-US: Snapdragon +CVE-2021-35100 (Possible buffer over read due to improper calculation of string length ...) + NOT-FOR-US: Snapdragon +CVE-2021-35099 + RESERVED +CVE-2021-35098 (Improper validation of session id in PCM routing process can lead to m ...) + NOT-FOR-US: Snapdragon +CVE-2021-35097 (Possible authentication bypass due to improper order of signature veri ...) + NOT-FOR-US: Snapdragon +CVE-2021-35096 (Improper memory allocation during counter check DLM handling can lead ...) + NOT-FOR-US: Snapdragon +CVE-2021-35095 (Improper serialization of message queue client registration can lead t ...) + NOT-FOR-US: Snapdragon +CVE-2021-35094 (Improper verification of timeout-based authentication in identity cred ...) + NOT-FOR-US: Snapdragon +CVE-2021-35093 (Possible memory corruption in BT controller when it receives an oversi ...) + NOT-FOR-US: Qualcomm +CVE-2021-35092 (Processing DCB/AVB algorithm with an invalid queue index from IOCTL re ...) + NOT-FOR-US: Snapdragon +CVE-2021-35091 (Possible out of bounds read due to improper typecasting while handling ...) + NOT-FOR-US: Snapdragon +CVE-2021-35090 (Possible hypervisor memory corruption due to TOC TOU race condition wh ...) + NOT-FOR-US: Snapdragon +CVE-2021-35089 (Possible buffer overflow due to lack of input IB amount validation whi ...) + NOT-FOR-US: Qualcomm +CVE-2021-35088 (Possible out of bound read due to improper validation of IE length dur ...) + NOT-FOR-US: Qualcomm QCA-WiFi for Android +CVE-2021-35087 (Possible null pointer access due to improper validation of system info ...) + NOT-FOR-US: Snapdragon +CVE-2021-35086 (Possible buffer over read due to improper validation of SIB type when ...) + NOT-FOR-US: Snapdragon +CVE-2021-35085 (Possible buffer overflow due to lack of buffer length check during man ...) + NOT-FOR-US: Snapdragon +CVE-2021-35084 (Possible out of bound read due to lack of length check of data length ...) + NOT-FOR-US: Snapdragon +CVE-2021-35083 (Possible out of bound read due to improper validation of certificate c ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-35082 (Improper integrity check can lead to race condition between tasks PDCP ...) + NOT-FOR-US: Snapdragon +CVE-2021-35081 (Possible buffer overflow due to improper validation of SSID length rec ...) + NOT-FOR-US: Snapdragon +CVE-2021-35080 (Disabled SMMU from secure side while RPM is assigned a secure stream c ...) + NOT-FOR-US: Snapdragon +CVE-2021-35079 (Improper validation of permissions for third party application accessi ...) + NOT-FOR-US: Snapdragon +CVE-2021-35078 (Possible memory leak due to improper validation of certificate chain l ...) + NOT-FOR-US: Snapdragon +CVE-2021-35077 (Possible use after free scenario in compute offloads to DSP while mult ...) + NOT-FOR-US: Qualcomm +CVE-2021-35076 (Possible null pointer dereference due to improper validation of RRC co ...) + NOT-FOR-US: Snapdragon +CVE-2021-35075 (Possible null pointer dereference due to lack of WDOG structure valida ...) + NOT-FOR-US: Qualcomm +CVE-2021-35074 (Possible integer overflow due to improper fragment datatype while calc ...) + NOT-FOR-US: Qualcomm +CVE-2021-35073 (Possible assertion due to improper validation of rank restriction fiel ...) + NOT-FOR-US: Snapdragon +CVE-2021-35072 (Possible buffer overflow due to improper validation of array index whi ...) + NOT-FOR-US: Snapdragon +CVE-2021-35071 (Possible buffer over read due to lack of size validation while copying ...) + NOT-FOR-US: Snapdragon +CVE-2021-35070 (RPM secure Stream can access any secure resource due to improper SMMU ...) + NOT-FOR-US: Snapdragon +CVE-2021-35069 (Improper validation of data length received from DMA buffer can lead t ...) + NOT-FOR-US: Qualcomm +CVE-2021-35068 (Lack of null check while freeing the device information buffer in the ...) + NOT-FOR-US: Qualcomm +CVE-2021-35067 (Meross MSG100 devices before 3.2.3 allow an attacker to replay the sam ...) + NOT-FOR-US: Meross MSG100 devices +CVE-2021-3612 (An out-of-bounds memory write flaw was found in the Linux kernel's joy ...) + {DLA-2843-1 DLA-2785-1} + - linux 5.10.46-3 + [buster] - linux 4.19.208-1 + NOTE: Introduced by: https://lore.kernel.org/linux-input/20210219083215.GS2087@kadam/ +CVE-2021-35066 (An XXE vulnerability exists in ConnectWise Automate before 2021.0.6.13 ...) + NOT-FOR-US: ConnectWise Automate +CVE-2021-35065 (The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular ...) + - node-glob-parent 6.0.2+~5.1.1-1 + [bullseye] - node-glob-parent (Minor issue) + [buster] - node-glob-parent (Minor issue) + NOTE: https://github.com/gulpjs/glob-parent/commit/3e9f04a3b4349db7e1962d87c9a7398cda51f339 (v6.0.1) + NOTE: https://github.com/gulpjs/glob-parent/pull/49 +CVE-2021-35064 (KramerAV VIAWare, all tested versions, allow privilege escalation thro ...) + NOT-FOR-US: KramerAV VIAWare +CVE-2021-35063 (Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion.") + [experimental] - suricata 1:6.0.3-1~exp1 + - suricata 1:6.0.1-3 (bug #990835) + [buster] - suricata (Minor issue) + [stretch] - suricata (Minor issue) + NOTE: https://forum.suricata.io/t/suricata-6-0-3-and-5-0-7-released/1489 +CVE-2021-35062 (A Shell Metacharacter Injection vulnerability in result.php in DRK Ode ...) + NOT-FOR-US: DRK Odenwaldkreis Testerfassung +CVE-2021-35061 (Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkre ...) + NOT-FOR-US: DRK Odenwaldkreis Testerfassung +CVE-2021-35060 (/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthe ...) + NOT-FOR-US: OpenWay WAY4 ACS +CVE-2021-35059 (OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enrol ...) + NOT-FOR-US: OpenWay WAY4 ACS +CVE-2021-35058 + RESERVED +CVE-2021-35057 + RESERVED +CVE-2021-35056 (Unisys Stealth 5.1 before 5.1.025.0 and 6.0 before 6.0.055.0 has an un ...) + NOT-FOR-US: Unisys +CVE-2021-35055 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2020-36393 + RESERVED +CVE-2020-36392 + RESERVED +CVE-2020-36391 + RESERVED +CVE-2020-36390 + RESERVED +CVE-2019-25047 (Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) ...) + NOT-FOR-US: Greenbone Security Assistant +CVE-2018-25016 (Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) ...) + NOT-FOR-US: Greenbone Security Assistant +CVE-2021-35054 (Minecraft before 1.17.1, when online-mode=false is configured, allows ...) + NOT-FOR-US: Minecraft +CVE-2021-3611 (A stack overflow vulnerability was found in the Intel HD Audio device ...) + - qemu 1:7.0+dfsg-1 (bug #990562) + [bullseye] - qemu (Minor issue, too intrusive to backport) + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/qemu/+bug/1907497 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/542 + NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=a9d8ba2be58e067bdfbff830eb9ff438d8db7f10 (v5.0.0-rc0) + NOTE: Proposed fix: https://lore.kernel.org/qemu-devel/20211218160912.1591633-1-philmd@redhat.com/ + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/79fa99831debc9782087e834382c577215f2f511 (v7.0.0-rc1) +CVE-2021-3610 (A heap-based buffer overflow vulnerability was found in ImageMagick in ...) + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick 8:6.9.12.98+dfsg1-2 (bug #1037090) + [bookworm] - imagemagick (Minor issue) + [bullseye] - imagemagick (Minor issue) + [buster] - imagemagick (Vulnerable code introduced later) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/930ff0d1a9bc42925a7856e9ea53f5fc9f318bf3 + NOTE: ImageMagick6 prerequisite for <= 6.9.10-92: https://github.com/ImageMagick/ImageMagick6/commit/2d96228eec9fbea62ddb6c1450fa8d43e2c6b68a + NOTE: ImageMagick6 prerequisite for <= 6.9.11-10: https://github.com/ImageMagick/ImageMagick6/commit/7374894385161859ffbb84e280fcc89e7ae257e4 + NOTE: ImageMagick6 prerequisite for <= 6.9.11-54: https://github.com/ImageMagick/ImageMagick6/commit/cdb67005376bcc8cbb0b743fb22787794cd30ebc + NOTE: ImageMagick6 [1/2]: https://github.com/ImageMagick/ImageMagick6/commit/b307bcadcdf6ea6819951ac1786b7904f27b25c6 (6.9.12-14) + NOTE: ImageMagick6 [2/2]: https://github.com/ImageMagick/ImageMagick6/commit/c75ae771a00c38b757c5ef4b424b51e761b02552 (6.9.12-14) + NOTE: Introduced by (Support 32-bit tiles TIFF images): https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2 (6.9.10-88) +CVE-2021-35053 (Possible system denial of service in case of arbitrary changing Firefo ...) + NOT-FOR-US: Kaspersky +CVE-2021-35052 (A component in Kaspersky Password Manager could allow an attacker to e ...) + NOT-FOR-US: Kaspersky +CVE-2021-35051 + RESERVED +CVE-2021-35050 (User credentials stored in a recoverable format within Fidelis Network ...) + NOT-FOR-US: Fidelis +CVE-2021-35049 (Vulnerability in Fidelis Network and Deception CommandPost enables aut ...) + NOT-FOR-US: Fidelis +CVE-2021-35048 (Vulnerability in Fidelis Network and Deception CommandPost enables una ...) + NOT-FOR-US: Fidelis +CVE-2021-35047 (Vulnerability in the CommandPost, Collector, and Sensor components of ...) + NOT-FOR-US: Fidelis +CVE-2021-35046 (A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS w ...) + NOT-FOR-US: Ice Hrm +CVE-2021-35045 (Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows ...) + NOT-FOR-US: Ice Hrm +CVE-2021-35044 + RESERVED +CVE-2021-35043 (OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1014981) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + [stretch] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/pull/87 +CVE-2021-35042 (Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.orde ...) + - python-django (Vulnerable code introduced in 3.1) + NOTE: https://www.djangoproject.com/weblog/2021/jul/01/security-releases/ + NOTE: Issue did affect only the experimental version and fixed in 2:3.2.5-1 +CVE-2021-35041 (The blockchain node in FISCO-BCOS V2.7.2 may have a bug when dealing w ...) + NOT-FOR-US: FISCO-BCOS +CVE-2021-3609 (.A flaw was found in the CAN BCM networking protocol in the Linux kern ...) + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/19/1 +CVE-2021-35040 + RESERVED +CVE-2021-35039 (kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...) + {DLA-2785-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/3 + NOTE: https://git.kernel.org/linus/0c18f29aae7ce3dadd26d8ee3505d07cc982df75 +CVE-2021-35038 + RESERVED +CVE-2021-35037 (Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnera ...) + NOT-FOR-US: Jamf Pro +CVE-2021-35036 (A cleartext storage of information vulnerability in the Zyxel VMG3625- ...) + NOT-FOR-US: Zyxel +CVE-2021-35035 (A cleartext storage of sensitive information vulnerability in the Zyxe ...) + NOT-FOR-US: Zyxel +CVE-2021-35034 (An insufficient session expiration vulnerability in the CGI program of ...) + NOT-FOR-US: Zyxel +CVE-2021-35033 (A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, ...) + NOT-FOR-US: Zyxel +CVE-2021-35032 (A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware ...) + NOT-FOR-US: Zyxel +CVE-2021-35031 (A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XG ...) + NOT-FOR-US: Zyxel +CVE-2021-35030 (A vulnerability was found in the CGI program in Zyxel GS1900-8 firmwar ...) + NOT-FOR-US: Zyxel +CVE-2021-35029 (An authentication bypasss vulnerability in the web-based management in ...) + NOT-FOR-US: Zyxel +CVE-2021-35028 (A command injection vulnerability in the CGI program of the Zyxel VPN2 ...) + NOT-FOR-US: Zyxel +CVE-2021-35027 (A directory traversal vulnerability in the web server of the Zyxel VPN ...) + NOT-FOR-US: Zyxel +CVE-2021-35026 + RESERVED +CVE-2021-35025 + RESERVED +CVE-2021-35024 + RESERVED +CVE-2021-35023 + RESERVED +CVE-2021-35022 + RESERVED +CVE-2021-35021 + RESERVED +CVE-2021-35020 + RESERVED +CVE-2021-35019 + RESERVED +CVE-2021-35018 + RESERVED +CVE-2021-35017 + RESERVED +CVE-2021-35016 + RESERVED +CVE-2021-35015 + RESERVED +CVE-2021-35014 + RESERVED +CVE-2021-35013 + RESERVED +CVE-2021-35012 + RESERVED +CVE-2021-35011 + RESERVED +CVE-2021-35010 + RESERVED +CVE-2021-35009 + RESERVED +CVE-2021-35008 + RESERVED +CVE-2021-35007 + RESERVED +CVE-2021-35006 + RESERVED +CVE-2021-35005 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: TeamViewer +CVE-2021-35004 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2021-35003 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2021-35002 + RESERVED +CVE-2021-35001 + RESERVED +CVE-2021-35000 + RESERVED +CVE-2021-34999 + RESERVED +CVE-2021-34998 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Panda Security Free Antivirus +CVE-2021-34997 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34996 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34995 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34994 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34993 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Commvault CommCell +CVE-2021-34992 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Orckestra C1 CMS +CVE-2021-34991 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34990 + RESERVED +CVE-2021-34989 + RESERVED +CVE-2021-34988 + RESERVED +CVE-2021-34987 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2021-34986 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2021-34985 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley ContextCapture +CVE-2021-34984 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley ContextCapture +CVE-2021-34983 + RESERVED +CVE-2021-34982 + RESERVED +CVE-2021-34981 [Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability] + RESERVED + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + [stretch] - linux 4.9.272-1 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-1223/ + NOTE: https://git.kernel.org/linus/3cfdf8fcaafa62a4123f92eb0f4a72650da3a479 (5.14-rc1) +CVE-2021-34980 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34979 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34978 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2021-34977 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2021-34976 + RESERVED +CVE-2021-34975 + RESERVED +CVE-2021-34974 + RESERVED +CVE-2021-34973 + RESERVED +CVE-2021-34972 + RESERVED +CVE-2021-34971 + RESERVED +CVE-2021-34970 + RESERVED +CVE-2021-34969 + RESERVED +CVE-2021-34968 + RESERVED +CVE-2021-34967 + RESERVED +CVE-2021-34966 + RESERVED +CVE-2021-34965 + RESERVED +CVE-2021-34964 + RESERVED +CVE-2021-34963 + RESERVED +CVE-2021-34962 + RESERVED +CVE-2021-34961 + RESERVED +CVE-2021-34960 + RESERVED +CVE-2021-34959 + RESERVED +CVE-2021-34958 + RESERVED +CVE-2021-34957 + RESERVED +CVE-2021-34956 + RESERVED +CVE-2021-34955 + RESERVED +CVE-2021-34954 + RESERVED +CVE-2021-34953 + RESERVED +CVE-2021-34952 + RESERVED +CVE-2021-34951 + RESERVED +CVE-2021-34950 + RESERVED +CVE-2021-34949 + RESERVED +CVE-2021-34948 + RESERVED +CVE-2021-34947 + RESERVED +CVE-2021-34946 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34945 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34944 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34943 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34942 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34941 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34940 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34939 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34938 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34937 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34936 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34935 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34934 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34933 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34932 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34931 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34930 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34929 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34928 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34927 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34926 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34925 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34924 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34923 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34922 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34921 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34920 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34919 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34918 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34917 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34916 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34915 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34914 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34913 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34912 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34911 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34910 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34909 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34908 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34907 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34906 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34905 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34904 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34903 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34902 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34901 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34900 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34899 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34898 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34897 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34896 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34895 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34894 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34893 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34892 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34891 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34890 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34889 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34888 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34887 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34886 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34885 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34884 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34883 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34882 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34881 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Bentley View +CVE-2021-34880 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34879 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34878 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34877 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34876 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34875 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34874 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34873 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34872 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34871 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bentley View +CVE-2021-34870 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Netgear +CVE-2021-34869 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34868 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34867 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34866 (This vulnerability allows local attackers to escalate privileges on af ...) + - linux 5.14.6-1 + [bullseye] - linux 5.10.70-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/5b029a32cfe4600f5e10e36b41778506b90fd4de (5.14) +CVE-2021-34865 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2021-34864 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34863 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34860 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: D-Link +CVE-2021-34859 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TeamViewer +CVE-2021-34858 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TeamViewer +CVE-2021-34857 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34856 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34855 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34854 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-34853 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34852 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34851 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34850 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34849 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34848 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34847 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34846 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34845 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34844 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34843 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34842 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34841 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34840 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34839 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34838 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34837 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34836 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34835 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34834 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34833 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34832 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2021-34831 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-34830 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34829 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34828 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-34827 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2021-3608 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) + {DLA-3099-1} + - qemu 1:5.2+dfsg-11 (bug #990563) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973383 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=66ae37d8cc313f89272e711174a846a229bcdbd3 +CVE-2021-3607 (An integer overflow was found in the QEMU implementation of VMWare's p ...) + {DLA-3099-1} + - qemu 1:5.2+dfsg-11 (bug #990564) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1973349 + NOTE: upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=32e5703cfea07c91e6e84bcb0313f633bb146534 +CVE-2021-3606 (OpenVPN before version 2.5.3 on Windows allows local users to load arb ...) + - openvpn (Windows-specific) +CVE-2021-34826 + RESERVED +CVE-2021-34825 (Quassel through 0.13.1, when --require-ssl is enabled, launches withou ...) + - quassel 1:0.14.0-1 (bug #990567) + [bullseye] - quassel (Minor issue) + [buster] - quassel (Minor issue) + [stretch] - quassel (Minor issue) + NOTE: https://github.com/quassel/quassel/pull/581 + NOTE: https://bugs.quassel-irc.org/issues/1728 + NOTE: '--require-ssl' flag added in https://github.com/quassel/quassel/pull/43 +CVE-2021-34824 (Istio (1.8.x, 1.9.0-1.9.5 and 1.10.0-1.10.1) contains a remotely explo ...) + NOT-FOR-US: Istio +CVE-2021-34823 (The ON24 ScreenShare (aka DesktopScreenShare.app) plugin before 2.0 fo ...) + NOT-FOR-US: ON24 ScreenShare +CVE-2021-34822 + RESERVED +CVE-2021-34821 (Cross Site Scripting (XSS) vulnerability exists in AAT Novus Managemen ...) + NOT-FOR-US: AAT Novus Management System +CVE-2021-34820 (Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP ...) + NOT-FOR-US: Novus HTTP Server +CVE-2021-34819 + RESERVED +CVE-2021-34818 + RESERVED +CVE-2021-34817 (A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1 ...) + - etherpad-lite (bug #576998) +CVE-2021-34816 (An Argument Injection issue in the plugin management of Etherpad 1.8.1 ...) + - etherpad-lite (bug #576998) +CVE-2021-34815 (CheckSec Canopy before 3.5.2 allows XSS attacks against the login page ...) + NOT-FOR-US: CheckSec Canopy +CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...) + - civicrm 5.28.4+dfsg1-1 + NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form +CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...) + - civicrm 5.24.5+dfsg1-1 + NOTE: https://civicrm.org/advisory/civi-sa-2020-03 +CVE-2013-20002 (Elemin allows remote attackers to upload and execute arbitrary PHP cod ...) + NOT-FOR-US: Elemin +CVE-2021-34814 (Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control ...) + NOT-FOR-US: Proofpoint +CVE-2021-34813 (Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to cra ...) + [experimental] - olm 3.2.3~dfsg-1 + - olm 3.2.3~dfsg-3 (bug #989997) + [bullseye] - olm (Minor issue) + [buster] - olm (Minor issue) + NOTE: https://gitlab.matrix.org/matrix-org/olm/-/commit/ccc0d122ee1b4d5e5ca4ec1432086be17d5f901b + NOTE: https://gitlab.matrix.org/matrix-org/olm/-/releases/3.2.3 + NOTE: https://matrix.org/blog/2021/06/14/adventures-in-fuzzing-libolm +CVE-2021-34812 (Use of hard-coded credentials vulnerability in php component in Synolo ...) + NOT-FOR-US: Synology +CVE-2021-34811 (Server-Side Request Forgery (SSRF) vulnerability in task management co ...) + NOT-FOR-US: Synology +CVE-2021-34810 (Improper privilege management vulnerability in cgi component in Synolo ...) + NOT-FOR-US: Synology +CVE-2021-34809 (Improper neutralization of special elements used in a command ('Comman ...) + NOT-FOR-US: Synology +CVE-2021-34808 (Server-Side Request Forgery (SSRF) vulnerability in cgi component in S ...) + NOT-FOR-US: Synology +CVE-2021-34807 (An open redirect vulnerability exists in the /preauth Servlet in Zimbr ...) + NOT-FOR-US: Zimbra +CVE-2021-34806 + RESERVED +CVE-2021-34805 (An issue was discovered in FAUST iServer before 9.0.019.019.7. For eac ...) + NOT-FOR-US: FAUST iServer +CVE-2021-34804 + RESERVED +CVE-2021-34803 (TeamViewer before 14.7.48644 on Windows loads untrusted DLLs in certai ...) + NOT-FOR-US: TeamViewer +CVE-2021-34802 (A failure in resetting the security context in some transaction action ...) + NOT-FOR-US: Neo4j +CVE-2021-34801 (Valine 1.4.14 allows remote attackers to cause a denial of service (ap ...) + NOT-FOR-US: Valine +CVE-2021-34800 (Sensitive information could be logged. The following products are affe ...) + NOT-FOR-US: Acronis +CVE-2021-34799 + RESERVED +CVE-2021-34798 (Malformed requests may cause the server to dereference a NULL pointer. ...) + {DSA-4982-1 DLA-2776-1} + - apache2 2.4.49-1 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-34798 + NOTE: https://github.com/apache/httpd/commit/fa7b2a5250e54363b3a6c8ac3aaa7de4e8da9b2e (candidate-2.4.49-rc1) +CVE-2021-3604 (Secure 8 (Evalos) does not validate user input data correctly, allowin ...) + NOT-FOR-US: Secure 8 (Evalos) +CVE-2021-34797 (Apache Geode versions up to 1.12.4 and 1.13.4 are vulnerable to a log ...) + NOT-FOR-US: Apache Geode +CVE-2021-34796 + RESERVED +CVE-2021-34795 (Multiple vulnerabilities in the web-based management interface of the ...) + NOT-FOR-US: Cisco +CVE-2021-34794 (A vulnerability in the Simple Network Management Protocol version 3 (S ...) + NOT-FOR-US: Cisco +CVE-2021-34793 (A vulnerability in the TCP Normalizer of Cisco Adaptive Security Appli ...) + NOT-FOR-US: Cisco +CVE-2021-34792 (A vulnerability in the memory management of Cisco Adaptive Security Ap ...) + NOT-FOR-US: Cisco +CVE-2021-34791 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) + NOT-FOR-US: Cisco +CVE-2021-34790 (Multiple vulnerabilities in the Application Level Gateway (ALG) for th ...) + NOT-FOR-US: Cisco +CVE-2021-34789 (A vulnerability in the web-based management interface of Cisco Tetrati ...) + NOT-FOR-US: Cisco +CVE-2021-34788 (A vulnerability in the shared library loading mechanism of Cisco AnyCo ...) + NOT-FOR-US: Cisco +CVE-2021-34787 (A vulnerability in the identity-based firewall (IDFW) rule processing ...) + NOT-FOR-US: Cisco +CVE-2021-34786 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) + NOT-FOR-US: Cisco +CVE-2021-34785 (Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Sof ...) + NOT-FOR-US: Cisco +CVE-2021-34784 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2021-34783 (A vulnerability in the software-based SSL/TLS message handler of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34782 (A vulnerability in the API endpoints for Cisco DNA Center could allow ...) + NOT-FOR-US: Cisco +CVE-2021-34781 (A vulnerability in the processing of SSH connections for multi-instanc ...) + NOT-FOR-US: Cisco +CVE-2021-34780 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34779 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34778 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34777 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34776 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34775 (Multiple vulnerabilities exist in the Link Layer Discovery Protocol (L ...) + NOT-FOR-US: Cisco +CVE-2021-34774 (A vulnerability in the web-based management interface of Cisco Common ...) + NOT-FOR-US: Cisco +CVE-2021-34773 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-34772 (A vulnerability in the web-based management interface of Cisco Orbital ...) + NOT-FOR-US: Cisco +CVE-2021-34771 (A vulnerability in the Cisco IOS XR Software CLI could allow an authen ...) + NOT-FOR-US: Cisco +CVE-2021-34770 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2021-34769 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + NOT-FOR-US: Cisco +CVE-2021-34768 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) + NOT-FOR-US: Cisco +CVE-2021-34767 (A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Co ...) + NOT-FOR-US: Cisco +CVE-2021-34766 (A vulnerability in the web UI of Cisco Smart Software Manager On-Prem ...) + NOT-FOR-US: Cisco +CVE-2021-34765 (A vulnerability in the web UI for Cisco Nexus Insights could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-34764 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34763 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34762 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2021-34761 (A vulnerability in Cisco Firepower Threat Defense (FTD) Software could ...) + NOT-FOR-US: Cisco +CVE-2021-34760 (A vulnerability in the web-based management interface of Cisco TelePre ...) + NOT-FOR-US: Cisco +CVE-2021-34759 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34758 (A vulnerability in the memory management of Cisco TelePresence Collabo ...) + NOT-FOR-US: Cisco +CVE-2021-34757 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) + NOT-FOR-US: Cisco +CVE-2021-34756 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) + NOT-FOR-US: Cisco +CVE-2021-34755 (Multiple vulnerabilities in the CLI of Cisco Firepower Threat Defense ...) + NOT-FOR-US: Cisco +CVE-2021-34754 (Multiple vulnerabilities in the payload inspection for Ethernet Indust ...) + NOT-FOR-US: Cisco +CVE-2021-34753 + RESERVED +CVE-2021-34752 + RESERVED +CVE-2021-34751 + RESERVED +CVE-2021-34750 + RESERVED +CVE-2021-34749 (A vulnerability in Server Name Identification (SNI) request filtering ...) + {DSA-5354-1 DLA-3317-1} + - snort (bug #1021276) + NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sni-data-exfil-mFgzXqLN +CVE-2021-34748 (A vulnerability in the web-based management interface of Cisco Intersi ...) + NOT-FOR-US: Cisco +CVE-2021-34747 + RESERVED +CVE-2021-34746 (A vulnerability in the TACACS+ authentication, authorization and accou ...) + NOT-FOR-US: Cisco +CVE-2021-34745 (A vulnerability in the AppDynamics .NET Agent for Windows could allow ...) + NOT-FOR-US: .NET Agent for Windows +CVE-2021-34744 (Multiple vulnerabilities in Cisco Business 220 Series Smart Switches f ...) + NOT-FOR-US: Cisco +CVE-2021-34743 (A vulnerability in the application integration feature of Cisco Webex ...) + NOT-FOR-US: Cisco +CVE-2021-34742 (A vulnerability in the web-based management interface of Cisco Vision ...) + NOT-FOR-US: Cisco +CVE-2021-34741 (A vulnerability in the email scanning algorithm of Cisco AsyncOS softw ...) + NOT-FOR-US: Cisco +CVE-2021-34740 (A vulnerability in the WLAN Control Protocol (WCP) implementation for ...) + NOT-FOR-US: Cisco +CVE-2021-34739 (A vulnerability in the web-based management interface of multiple Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34738 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2021-34737 (A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34736 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2021-34735 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) + NOT-FOR-US: Cisco +CVE-2021-34734 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) + NOT-FOR-US: Cisco +CVE-2021-34733 (A vulnerability in the CLI of Cisco Prime Infrastructure and Cisco Evo ...) + NOT-FOR-US: Cisco +CVE-2021-34732 (A vulnerability in the web-based management interface of Cisco Prime C ...) + NOT-FOR-US: Cisco +CVE-2021-34731 (A vulnerability in the web-based management interface of Cisco Prime A ...) + NOT-FOR-US: Cisco +CVE-2021-34730 (A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-34729 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software and Cisco I ...) + NOT-FOR-US: Cisco +CVE-2021-34728 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34727 (A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software ...) + NOT-FOR-US: Cisco +CVE-2021-34726 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2021-34725 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow ...) + NOT-FOR-US: Cisco +CVE-2021-34724 (A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an ...) + NOT-FOR-US: Cisco +CVE-2021-34723 (A vulnerability in a specific CLI command that is run on Cisco IOS XE ...) + NOT-FOR-US: Cisco +CVE-2021-34722 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34721 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34720 (A vulnerability in the IP Service Level Agreements (IP SLA) responder ...) + NOT-FOR-US: Cisco +CVE-2021-34719 (Multiple vulnerabilities in the CLI of Cisco IOS XR Software could all ...) + NOT-FOR-US: Cisco +CVE-2021-34718 (A vulnerability in the SSH Server process of Cisco IOS XR Software cou ...) + NOT-FOR-US: Cisco +CVE-2021-34717 + RESERVED +CVE-2021-34716 (A vulnerability in the web-based management interface of Cisco Express ...) + NOT-FOR-US: Cisco +CVE-2021-34715 (A vulnerability in the image verification function of Cisco Expressway ...) + NOT-FOR-US: Cisco +CVE-2021-34714 (A vulnerability in the Unidirectional Link Detection (UDLD) feature of ...) + NOT-FOR-US: Cisco +CVE-2021-34713 (A vulnerability in the Layer 2 punt code of Cisco IOS XR Software runn ...) + NOT-FOR-US: Cisco +CVE-2021-34712 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2021-34711 (A vulnerability in the debug shell of Cisco IP Phone software could al ...) + NOT-FOR-US: Cisco +CVE-2021-34710 (Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone ...) + NOT-FOR-US: Cisco +CVE-2021-34709 (Multiple vulnerabilities in image verification checks of Cisco Network ...) + NOT-FOR-US: Cisco +CVE-2021-34708 (Multiple vulnerabilities in image verification checks of Cisco Network ...) + NOT-FOR-US: Cisco +CVE-2021-34707 (A vulnerability in the REST API of Cisco Evolved Programmable Network ...) + NOT-FOR-US: Cisco +CVE-2021-34706 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34705 (A vulnerability in the Voice Telephony Service Provider (VTSP) service ...) + NOT-FOR-US: Cisco +CVE-2021-34704 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) + NOT-FOR-US: Cisco +CVE-2021-34703 (A vulnerability in the Link Layer Discovery Protocol (LLDP) message pa ...) + NOT-FOR-US: Cisco +CVE-2021-34702 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2021-34701 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2021-34700 (A vulnerability in the CLI interface of Cisco SD-WAN vManage Software ...) + NOT-FOR-US: Cisco +CVE-2021-34699 (A vulnerability in the TrustSec CLI parser of Cisco IOS and Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2021-34698 (A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Se ...) + NOT-FOR-US: Cisco +CVE-2021-34697 (A vulnerability in the Protection Against Distributed Denial of Servic ...) + NOT-FOR-US: Cisco +CVE-2021-34696 (A vulnerability in the access control list (ACL) programming of Cisco ...) + NOT-FOR-US: Cisco +CVE-2021-3605 (There's a flaw in OpenEXR's rleUncompress functionality in versions pr ...) + {DSA-5299-1 DLA-3236-1 DLA-2732-1} + - openexr 2.5.7-1 (bug #990899) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1036 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/25259a84827234a283f6f9db72978198c7a3f268 (master) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3204008c0bd4c8d7599a052b304d1b44c4511283 (v2.5) + NOTE: not to be confused with CVE-2020-11760 whose fix is similar but applied around 10 lines above, in the other branch of the 'if' +CVE-2021-3603 (PHPMailer 6.4.1 and earlier contain a vulnerability that can result in ...) + - libphp-phpmailer 6.6.3-1 (bug #991666) + [bullseye] - libphp-phpmailer (Minor issue) + [buster] - libphp-phpmailer (Minor issue) + [stretch] - libphp-phpmailer (Minor issue, fix along with next DLA) + NOTE: https://www.huntr.dev/bounties/1-PHPMailer/PHPMailer/ + NOTE: https://github.com/PHPMailer/PHPMailer/commit/45f3c18dc6a2de1cb1bf49b9b249a9ee36a5f7f3 (v6.5.0) +CVE-2021-3602 (An information disclosure flaw was found in Buildah, when building con ...) + - golang-github-containers-buildah 1.22.3+ds1-1 + [bullseye] - golang-github-containers-buildah (Minor issue) + NOTE: https://github.com/containers/buildah/security/advisories/GHSA-7638-r9r3-rmjj + NOTE: https://github.com/containers/buildah/commit/a468ce0ffd347035d53ee0e26c205ef604097fb0 (main) + NOTE: https://github.com/containers/buildah/commit/23c478b815fb93c094070baa336bcb6a27c01683 (release-1.21) + NOTE: https://github.com/containers/buildah/commit/f4f2a7fc78fa4f12e2f6e6c4ab450aae0d182f3e (release-1.19) +CVE-2021-34695 + RESERVED +CVE-2021-34694 + RESERVED +CVE-2021-34693 (net/can/bcm.c in the Linux kernel through 5.12.10 allows local users t ...) + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/15/1 + NOTE: https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693 + NOTE: https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/ +CVE-2021-34692 (iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34691 (iDrive RemotePC before 4.0.1 on Linux allows denial of service. A remo ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34690 (iDrive RemotePC before 7.6.48 on Windows allows authentication bypass. ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34689 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34688 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-34687 (iDrive RemotePC before 7.6.48 on Windows allows information disclosure ...) + NOT-FOR-US: iDrive RemotePC +CVE-2021-3601 + REJECTED +CVE-2021-34686 + REJECTED +CVE-2021-34685 (UploadService in Hitachi Vantara Pentaho Business Analytics through 9. ...) + NOT-FOR-US: Hitachi +CVE-2021-34684 (Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unaut ...) + NOT-FOR-US: Hitachi +CVE-2021-34683 (An issue was discovered in EXCELLENT INFOTEK CORPORATION (EIC) E-docum ...) + NOT-FOR-US: EXCELLENT INFOTEK CORPORATION +CVE-2021-34682 (Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack agains ...) + NOT-FOR-US: Receita Federal IRPF 2021 1.7 +CVE-2021-3600 + RESERVED + {DLA-2785-1} + - linux 5.10.19-1 + [buster] - linux 4.19.208-1 + NOTE: https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/23/1 +CVE-2021-3599 (A potential vulnerability in the SMI callback function used to access ...) + NOT-FOR-US: Lenovo +CVE-2021-34681 + RESERVED +CVE-2021-34680 + RESERVED +CVE-2021-34679 (Thycotic Password Reset Server before 5.3.0 allows credential disclosu ...) + NOT-FOR-US: Thycotic Password Reset Server +CVE-2021-34678 + RESERVED +CVE-2021-34677 + RESERVED +CVE-2021-34676 (Basix NEX-Forms through 7.8.7 allows authentication bypass for Excel r ...) + NOT-FOR-US: Basix NEX-Forms +CVE-2021-34675 (Basix NEX-Forms through 7.8.7 allows authentication bypass for stored ...) + NOT-FOR-US: Basix NEX-Forms +CVE-2021-3598 (There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in ...) + {DSA-5299-1 DLA-3236-1 DLA-2701-1} + - openexr 2.5.7-1 (bug #990450) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/1033 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/1037 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/566f5241edd87445373885d5f7a904dc81e866c1 (master) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e2667ae1a3ff8a9fce730e61129868b326abb3f5 (2.5) + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) +CVE-2021-3597 (A flaw was found in undertow. The HTTP2SourceChannel fails to write th ...) + - undertow 2.2.10-1 (bug #989861) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1970930 +CVE-2021-34674 + RESERVED +CVE-2021-34673 + RESERVED +CVE-2021-34672 + RESERVED +CVE-2021-34671 + RESERVED +CVE-2021-34670 + RESERVED +CVE-2021-34669 + RESERVED +CVE-2021-34668 (The WordPress Real Media Library WordPress plugin is vulnerable to Sto ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34667 (The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34666 (The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34665 (The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34664 (The Moova for WooCommerce WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34663 (The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34662 + RESERVED +CVE-2021-34661 (The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34660 (The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-S ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34659 (The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Re ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34658 (The Simple Popup Newsletter WordPress plugin is vulnerable to Reflecte ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34657 (The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34656 (The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34655 (The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34654 (The Custom Post Type Relations WordPress plugin is vulnerable to Refle ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34653 (The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34652 (The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34651 (The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Si ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34650 (The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Sc ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34649 (The Simple Behance Portfolio WordPress plugin is vulnerable to Reflect ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34648 (The Ninja Forms WordPress plugin is vulnerable to arbitrary email send ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34647 (The Ninja Forms WordPress plugin is vulnerable to sensitive informatio ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34646 (Versions up to, and including, 5.4.3, of the Booster for WooCommerce W ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34645 (The Shopping Cart & eCommerce Store WordPress plugin is vulnerable to ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34644 (The Multiplayer Games WordPress plugin is vulnerable to Reflected Cros ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34643 (The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34642 (The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34641 (The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scrip ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34640 (The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34639 (Authenticated File Upload in WordPress Download Manager <= 3.1.24 allo ...) + NOT-FOR-US: WordPress Download Manager +CVE-2021-34638 (Authenticated Directory Traversal in WordPress Download Manager <= 3.1 ...) + NOT-FOR-US: WordPress Download Manager +CVE-2021-34637 (The Post Index WordPress plugin is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34636 (The Countdown and CountUp, WooCommerce Sales Timers WordPress plugin i ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34635 (The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34634 (The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Req ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34633 (The Youtube Feeder WordPress plugin is vulnerable to Cross-Site Reques ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34632 (The SEO Backlinks WordPress plugin is vulnerable to Cross-Site Request ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34631 (The NewsPlugin WordPress plugin is vulnerable to Cross-Site Request Fo ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34630 (In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtransl ...) + NOT-FOR-US: GTranslate (Pro and Enterprise versions) +CVE-2021-34629 (The SendGrid WordPress plugin is vulnerable to authorization bypass vi ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34628 (The Admin Custom Login WordPress plugin is vulnerable to Cross-Site Re ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34627 (A vulnerability in the getSelectedMimeTypesByRole function of the WP U ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34626 (A vulnerability in the deleteCustomType function of the WP Upload Rest ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34625 (A vulnerability in the saveCustomType function of the WP Upload Restri ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34624 (A vulnerability in the file uploader component found in the ~/src/Clas ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34623 (A vulnerability in the image uploader component found in the ~/src/Cla ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34622 (A vulnerability in the user profile update component found in the ~/sr ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34621 (A vulnerability in the user registration component found in the ~/src/ ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34620 (The WP Fluent Forms plugin < 3.6.67 for WordPress is vulnerable to Cro ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34619 (The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross- ...) + NOT-FOR-US: WordPress plugin +CVE-2021-34618 (A remote denial of service (DoS) vulnerability was discovered in some ...) + NOT-FOR-US: Aruba +CVE-2021-34617 (A remote cross-site scripting (XSS) vulnerability was discovered in so ...) + NOT-FOR-US: Aruba +CVE-2021-34616 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34615 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34614 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34613 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34612 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34611 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34610 (A remote arbitrary command execution vulnerability was discovered in A ...) + NOT-FOR-US: Aruba +CVE-2021-34609 (A remote SQL injection vulnerability was discovered in Aruba ClearPass ...) + NOT-FOR-US: Aruba +CVE-2021-34608 + REJECTED +CVE-2021-34607 + REJECTED +CVE-2021-34606 (A vulnerability exists in XINJE XD/E Series PLC Program Tool in versio ...) + NOT-FOR-US: XINJE PLC Program Tool +CVE-2021-34605 (A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to v ...) + NOT-FOR-US: XINJE PLC Program Tool +CVE-2021-34604 + REJECTED +CVE-2021-34603 + REJECTED +CVE-2021-34602 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34601 (In Bender/ebee Charge Controllers in multiple versions are prone to Ha ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34600 (Telenot CompasX versions prior to 32.0 use a weak seed for random numb ...) + NOT-FOR-US: Telenot CompasX +CVE-2021-34599 (Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack ce ...) + NOT-FOR-US: CODESYS +CVE-2021-34598 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) + NOT-FOR-US: Phoenix +CVE-2021-34597 (Improper Input Validation vulnerability in PC Worx Automation Suite of ...) + NOT-FOR-US: Phoenix Contact +CVE-2021-34596 (A crafted request may cause a read access to an uninitialized pointer ...) + NOT-FOR-US: CODESYS +CVE-2021-34595 (A crafted request with invalid offsets may cause an out-of-bounds read ...) + NOT-FOR-US: CODESYS +CVE-2021-34594 (TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before ...) + NOT-FOR-US: TwinCAT OPC UA Server in TF6100 and TS6100 +CVE-2021-34593 (In CODESYS V2 Runtime Toolkit 32 Bit full and PLCWinNT prior to versio ...) + NOT-FOR-US: CODESYS +CVE-2021-34592 (In Bender/ebee Charge Controllers in multiple versions are prone to Co ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34591 (In Bender/ebee Charge Controllers in multiple versions are prone to Lo ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34590 (In Bender/ebee Charge Controllers in multiple versions are prone to Cr ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34589 (In Bender/ebee Charge Controllers in multiple versions are prone to an ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34588 (In Bender/ebee Charge Controllers in multiple versions are prone to un ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34587 (In Bender/ebee Charge Controllers in multiple versions a long URL coul ...) + NOT-FOR-US: Bender/ebee Charge Controllers +CVE-2021-34586 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + NOT-FOR-US: CODESYS +CVE-2021-34585 (In the CODESYS V2 web server prior to V1.1.9.22 crafted web server req ...) + NOT-FOR-US: CODESYS +CVE-2021-34584 (Crafted web server requests can be utilised to read partial stack or h ...) + NOT-FOR-US: CODESYS +CVE-2021-34583 (Crafted web server requests may cause a heap-based buffer overflow and ...) + NOT-FOR-US: CODESYS +CVE-2021-34582 (In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 an ...) + NOT-FOR-US: Phoenix +CVE-2021-34581 (Missing Release of Resource after Effective Lifetime vulnerability in ...) + NOT-FOR-US: WAGO +CVE-2021-34580 (In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enu ...) + NOT-FOR-US: MB connect line +CVE-2021-34579 (In Phoenix Contact: FL MGUARD DM version 1.12.0 and 1.13.0 access to t ...) + NOT-FOR-US: Phoenix Contact +CVE-2021-34578 (This vulnerability allows an attacker who has access to the WBM to rea ...) + NOT-FOR-US: WAGO +CVE-2021-34577 (In the Kaden PICOFLUX AiR water meter an adversary can read the values ...) + NOT-FOR-US: Kaden PICOFLUX AiR water meter +CVE-2021-34576 (In Kaden PICOFLUX Air in all known versions an information exposure th ...) + NOT-FOR-US: Kaden PICOFLUX Air +CVE-2021-34575 (In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an ...) + NOT-FOR-US: MB connect line +CVE-2021-34574 (In MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and ...) + NOT-FOR-US: MB connect line +CVE-2021-34573 (In Enbra EWM in Version 1.7.29 together with several tested wireless M ...) + NOT-FOR-US: Enbra EWM +CVE-2021-34572 (Enbra EWM 1.7.29 does not check for or detect replay attacks sent by w ...) + NOT-FOR-US: Enbra EWM +CVE-2021-34571 (Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in ...) + NOT-FOR-US: Enbra +CVE-2021-34570 (Multiple Phoenix Contact PLCnext control devices in versions prior to ...) + NOT-FOR-US: Phoenix Contact PLCnext control devices +CVE-2021-34569 (In WAGOI/O-Check Service in multiple products an attacker can send a s ...) + NOT-FOR-US: WAGO +CVE-2021-34568 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) + NOT-FOR-US: WAGO +CVE-2021-34567 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) + NOT-FOR-US: WAGO +CVE-2021-34566 (In WAGOI/O-Check Service in multiple products an unauthenticated remot ...) + NOT-FOR-US: WAGO +CVE-2021-34565 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telne ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34564 (Any cookie-stealing vulnerabilities within the application or browser ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34563 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 and 3.0.9 the HttpOnly att ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34562 (In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject a ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34561 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 serious issue exists, i ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34560 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.9 a form contains a passw ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-34559 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.8 a vulnerability may all ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-3596 (A NULL pointer dereference flaw was found in ImageMagick in versions p ...) + {DLA-3357-1 DLA-3007-1} + - imagemagick 8:6.9.11.57+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/2624 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/43dfb1894761c4929d5d5c98dc80ba4e59a0d114 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27f314e2e6eb44b661e65008ce1ce46b85a5628b +CVE-2021-3595 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-3362-1 DLA-2753-1} + - libslirp 4.6.1-1 (bug #989996) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/3f17948137155f025f7809fdc38576d5d2451c3d (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/990163cf3ac86b7875559f49602c4d76f46f6f30 (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3594 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-3362-1 DLA-2753-1} + - libslirp 4.6.1-1 (bug #989995) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/74572be49247c8c5feae7c6e0b50c4f569ca9824 (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3593 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-3362-1 DLA-2970-1} + - libslirp 4.6.1-1 (bug #989994) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/de71c15de66ba9350bf62c45b05f8fbff166517b (v4.6.0) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. +CVE-2021-3592 (An invalid pointer initialization issue was found in the SLiRP network ...) + {DLA-3362-1} + - libslirp 4.6.1-1 (bug #989993) + [bullseye] - libslirp 4.4.0-1+deb11u2 + - qemu 1:4.1-2 + [stretch] - qemu (Introduces a regression. See Debian bug #994080. Reverted in DLA-2753-2) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/93e645e72a056ec0b2c16e0299fc5c6b94e4ca17 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/f13cad45b25d92760bb0ad67bec0300a4d7d5275 (v4.6.0) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2eca0838eee1da96204545e22cdaed860d9d7c6c (v4.6.0) + NOTE: Regression fix: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c9f314f6e315a5518432761fea864196a290f799 (v4.6.1) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. + NOTE: The patch introduced a regression, see Debian bug #994080 for more information. +CVE-2021-34558 (The crypto/tls package of Go through 1.16.5 does not properly assert t ...) + - golang-1.16 1.16.6-1 + - golang-1.15 1.15.9-6 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, DoS) + - golang-1.8 + [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-1.7 + [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/47143 + NOTE: https://github.com/golang/go/commit/58bc454a11d4b3dbc03f44dfcabb9068a9c076f4 (1.16.x) + NOTE: key_agreement.go also bundled in various other packages +CVE-2021-34556 (In the Linux kernel through 5.13.7, an unprivileged BPF program can ob ...) + {DLA-2785-1} + - linux 5.10.46-4 + [buster] - linux 4.19.208-1 + [stretch] - linux (Too risky to backport, and mitigated by default) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/01/3 +CVE-2021-34555 (OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial ...) + - opendmarc 1.4.0~beta1+dfsg-6 (bug #990001) + [buster] - opendmarc (Vulnerable code not present) + [stretch] - opendmarc (Vulnerable code (multi-value-From:) introduced later) + NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/179 + NOTE: https://github.com/trusteddomainproject/OpenDMARC/pull/178 +CVE-2021-34554 + RESERVED +CVE-2021-34553 (Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote au ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2021-34552 (Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1. ...) + {DLA-2716-1} + - pillow 8.1.2+dfsg-0.3 (bug #991293) + [buster] - pillow 5.4.1-2+deb10u3 + NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html#buffer-overflow + NOTE: https://github.com/python-pillow/Pillow/pull/5567 + NOTE: https://github.com/python-pillow/Pillow/commit/31c473898c29d1b7cb6555ce67d9503a4906b83f (8.3.0) +CVE-2021-34551 (PHPMailer before 6.5.0 on Windows allows remote code execution if lang ...) + - libphp-phpmailer (Windows-specific) +CVE-2021-34550 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 +CVE-2021-34549 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Has ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 +CVE-2021-34548 (An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An ...) + {DSA-4932-1} + - tor 0.4.5.9-1 (bug #990000) + [stretch] - tor (See DSA 4644) + NOTE: https://blog.torproject.org/node/2041 + NOTE: https://bugs.torproject.org/tpo/core/tor/40389 +CVE-2021-34547 (PRTG Network Monitor 20.1.55.1775 allows /editsettings CSRF for user a ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2021-34546 (An unauthenticated attacker with physical access to a computer with Ne ...) + NOT-FOR-US: NetSetMan Pro +CVE-2021-34545 + RESERVED +CVE-2021-34544 (An issue was discovered in Solar-Log 500 before 2.8.2 Build 52 23.04.2 ...) + NOT-FOR-US: Solar-Log +CVE-2021-34543 (The web administration server in Solar-Log 500 before 2.8.2 Build 52 d ...) + NOT-FOR-US: Solar-Log +CVE-2021-34542 + RESERVED +CVE-2021-34541 + RESERVED +CVE-2021-34540 (Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-34539 (An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of va ...) + NOT-FOR-US: CubeCoders AMP +CVE-2021-34538 (Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does ...) + NOT-FOR-US: Apache Hive +CVE-2019-25046 (The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11 ...) + NOT-FOR-US: Cerberus FTP Server Enterprise +CVE-2021-34537 (Windows Bluetooth Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34536 (Storage Spaces Controller Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34535 (Remote Desktop Client Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34534 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34533 (Windows Graphics Component Font Parsing Remote Code Execution Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-34532 (ASP.NET Core and Visual Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34531 + RESERVED +CVE-2021-34530 (Windows Graphics Component Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34529 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34528 (Visual Studio Code Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34527 (Windows Print Spooler Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34526 + RESERVED +CVE-2021-34525 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34524 (Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-34523 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34522 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34521 (Raw Image Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34520 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34519 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34518 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34517 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34516 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-34515 + RESERVED +CVE-2021-34514 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34513 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34512 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34511 (Windows Installer Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34510 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34509 (Storage Spaces Controller Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34508 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34507 (Windows Remote Assistance Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34506 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34505 + RESERVED +CVE-2021-34504 (Windows Address Book Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34503 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34502 + RESERVED +CVE-2021-34501 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-34500 (Windows Kernel Memory Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34499 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34498 (Windows GDI Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34497 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-34496 (Windows GDI Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34495 + RESERVED +CVE-2021-34494 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34493 (Windows Partition Management Driver Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2021-34492 (Windows Certificate Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34491 (Win32k Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34490 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-34489 (DirectWrite Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34488 (Windows Console Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34487 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-34486 (Windows Event Tracing Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-34485 (.NET Core and Visual Studio Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34484 (Windows User Profile Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34483 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34482 + RESERVED +CVE-2021-34481 (Windows Print Spooler Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34480 (Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34479 (Microsoft Visual Studio Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34478 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34477 (Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34476 (Bowser.sys Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34475 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34474 (Dynamics Business Central Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34473 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-34472 + RESERVED +CVE-2021-34471 (Microsoft Windows Defender Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34470 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34469 (Microsoft Office Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34468 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34467 (Microsoft SharePoint Server Remote Code Execution Vulnerability This C ...) + NOT-FOR-US: Microsoft +CVE-2021-34466 (Windows Hello Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34465 + RESERVED +CVE-2021-34464 (Microsoft Defender Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-34463 + RESERVED +CVE-2021-34462 (Windows AppX Deployment Extensions Elevation of Privilege Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2021-34461 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-34460 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-34459 (Windows AppContainer Elevation Of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34458 (Windows Kernel Remote Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34457 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34456 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34455 (Windows File History Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34454 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34453 (Microsoft Exchange Server Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34452 (Microsoft Word Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34451 (Microsoft Office Online Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34450 (Windows Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34449 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2021-34448 (Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34447 (Windows MSHTML Platform Remote Code Execution Vulnerability This CVE I ...) + NOT-FOR-US: Microsoft +CVE-2021-34446 (Windows HTML Platforms Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34445 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-34444 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34443 + RESERVED +CVE-2021-34442 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-34441 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34440 (GDI+ Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-34439 (Microsoft Windows Media Foundation Remote Code Execution Vulnerability ...) + NOT-FOR-US: Microsoft +CVE-2021-34438 (Windows Font Driver Host Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-3591 + REJECTED +CVE-2021-3590 (A flaw was found in Foreman project. A credential leak was identified ...) + - foreman (bug #663101) +CVE-2021-3589 (An authorization flaw was found in Foreman Ansible. An authenticated a ...) + NOT-FOR-US: Foreman Ansible +CVE-2021-34437 + RESERVED +CVE-2021-34436 (In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-34435 (In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a ...) + NOT-FOR-US: Eclipse Theia +CVE-2021-34434 (In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic se ...) + {DSA-5511-1} + - mosquitto 2.0.15-1 (bug #993400) + [buster] - mosquitto (Vulnerable code introduced later) + [stretch] - mosquitto (Vulnerable code introduced later) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=575324 + NOTE: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/638 + NOTE: Fixed by: https://github.com/eclipse/mosquitto/commit/32af599c81e63fa38e834b8f1c1f108c49328e95 (v2.0.12) +CVE-2021-34433 (In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3 ...) + NOT-FOR-US: Eclipse Californium +CVE-2021-34432 (In Eclipse Mosquitto versions 2.07 and earlier, the server will crash ...) + - mosquitto 2.0.8-1 + [buster] - mosquitto (Vulnerable code is not accessible in version 1.x) + [stretch] - mosquitto (Vulnerable code is not accessible in version 1.x) + NOTE: https://github.com/eclipse/mosquitto/commit/9b08faf0bdaf5a4f2e6e3dd1ea7e8c57f70418d6 + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=574141 +CVE-2021-34431 (In Eclipse Mosquitto version 1.6 to 2.0.10, if an authenticated client ...) + - mosquitto 2.0.11-1 + [bullseye] - mosquitto (Minor issue) + [buster] - mosquitto (Vulnerable code introduced later) + [stretch] - mosquitto (Vulnerable code introduced later) + NOTE: https://mosquitto.org/blog/2021/06/version-2-0-11-released/ + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=573191 +CVE-2021-34430 (Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C ...) + NOT-FOR-US: Eclipse TinyDTLS +CVE-2021-34429 (For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0. ...) + - jetty9 9.4.39-3 (bug #991188) + [buster] - jetty9 (Vulnerable code was introduced in version 9.4.37) + [stretch] - jetty9 (Vulnerable code was introduced in version 9.4.37) + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm + NOTE: Fixed by https://github.com/eclipse/jetty.project/pull/6477 +CVE-2021-34428 (For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exce ...) + {DSA-4949-1} + - jetty9 9.4.39-2 (bug #990578) + [stretch] - jetty9 (vulnerable code is not present) + - jetty8 + - jetty + NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vxjx-65j6 + NOTE: https://github.com/eclipse/jetty.project/issues/6277 + NOTE: https://github.com/eclipse/jetty.project/commit/087f486b4461746b4ded45833887b3ccb136ee85 (jetty-9.4.x) +CVE-2021-34427 (In Eclipse BIRT versions 4.8.0 and earlier, an attacker can use query ...) + NOT-FOR-US: Eclipse BIRT +CVE-2021-34426 (A vulnerability was discovered in the Keybase Client for Windows befor ...) + NOT-FOR-US: Keybase Client for Windows +CVE-2021-34425 (The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, L ...) + NOT-FOR-US: Zoom +CVE-2021-34424 (A vulnerability was discovered in the Zoom Client for Meetings (for An ...) + NOT-FOR-US: Zoom +CVE-2021-34423 (A buffer overflow vulnerability was discovered in Zoom Client for Meet ...) + NOT-FOR-US: Zoom +CVE-2021-34422 (The Keybase Client for Windows before version 5.7.0 contains a path tr ...) + NOT-FOR-US: Keybase Client for Windows +CVE-2021-34421 (The Keybase Client for Android before version 5.8.0 and the Keybase Cl ...) + NOT-FOR-US: Keybase Client for Android and iOS +CVE-2021-34420 (The Zoom Client for Meetings for Windows installer before version 5.5. ...) + NOT-FOR-US: Zoom Client for Meetings for Windows installer +CVE-2021-34419 (In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, ...) + NOT-FOR-US: Zoom Client for Meetings for Ubuntu Linux +CVE-2021-34418 (The login routine of the web console in the Zoom On-Premise Meeting Co ...) + NOT-FOR-US: Zoom +CVE-2021-34417 (The network proxy page on the web portal for the Zoom On-Premise Meeti ...) + NOT-FOR-US: Zoom +CVE-2021-34416 (The network address administrative settings web portal for the Zoom on ...) + NOT-FOR-US: Zoom on-premise Meeting Connector +CVE-2021-34415 (The Zone Controller service in the Zoom On-Premise Meeting Connector C ...) + NOT-FOR-US: Zoom On-Premise Meeting Connector Controller +CVE-2021-34414 (The network proxy page on the web portal for the Zoom on-premise Meeti ...) + NOT-FOR-US: Zoom On-Premise Meeting Connector Controller +CVE-2021-34413 (All versions of the Zoom Plugin for Microsoft Outlook for MacOS before ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for MacOS +CVE-2021-34412 (During the installation process for all versions of the Zoom Client fo ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-34411 (During the installation process forZoom Rooms for Conference Room for ...) + NOT-FOR-US: Zoom +CVE-2021-34410 (A user-writable application bundle unpacked during the install for all ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac +CVE-2021-34409 (It was discovered that the installation packages of the Zoom Client fo ...) + NOT-FOR-US: Zoom Plugin for Microsoft Outlook for Mac +CVE-2021-34408 (The Zoom Client for Meetings for Windows in all versions before versio ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-34407 + REJECTED +CVE-2021-34406 (NVIDIA Tegra kernel driver contains a vulnerability in NVHost, where a ...) + NOT-FOR-US: NVIDIA +CVE-2021-34405 (NVIDIA Linux distributions contain a vulnerability in TrustZone\u2019s ...) + NOT-FOR-US: NVIDIA +CVE-2021-34404 (Android images for T210 provided by NVIDIA contain a vulnerability in ...) + NOT-FOR-US: NVIDIA +CVE-2021-34403 (NVIDIA Linux distributions contain a vulnerability in nvmap ioctl, whi ...) + NOT-FOR-US: NVIDIA +CVE-2021-34402 (NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, w ...) + NOT-FOR-US: NVIDIA +CVE-2021-34401 (NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVG ...) + NOT-FOR-US: NVIDIA +CVE-2021-34400 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-34399 (NVIDIA GPU and Tegra hardware contain a vulnerability in the internal ...) + NOT-FOR-US: NVIDIA +CVE-2021-34398 (NVIDIA DCGM, all versions prior to 2.2.9, contains a vulnerability in ...) + NOT-FOR-US: NVIDIA +CVE-2021-34397 (Bootloader contains a vulnerability in NVIDIA MB2, which may cause fre ...) + NOT-FOR-US: NVIDIA +CVE-2021-34396 (Bootloader contains a vulnerability in access permission settings wher ...) + NOT-FOR-US: NVIDIA +CVE-2021-34395 (Trusty TLK contains a vulnerability in its access permission settings ...) + NOT-FOR-US: Trusty +CVE-2021-34394 (Trusty contains a vulnerability in the NVIDIA OTE protocol that is pre ...) + NOT-FOR-US: Trusty +CVE-2021-34393 (Trusty contains a vulnerability in TSEC TA which deserializes the inco ...) + NOT-FOR-US: Trusty +CVE-2021-34392 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: Trusty +CVE-2021-34391 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) + NOT-FOR-US: Trusty +CVE-2021-34390 (Trusty contains a vulnerability in the NVIDIA TLK kernel function wher ...) + NOT-FOR-US: Trusty +CVE-2021-34389 (Trusty contains a vulnerability in NVIDIA OTE protocol message parsing ...) + NOT-FOR-US: NVIDIA +CVE-2021-34388 (Bootloader contains a vulnerability in NVIDIA TegraBoot where a potent ...) + NOT-FOR-US: NVIDIA +CVE-2021-34387 (The ARM TrustZone Technology on which Trusty is based on contains a vu ...) + NOT-FOR-US: NVIDIA +CVE-2021-34386 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: NVIDIA +CVE-2021-34385 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an ...) + NOT-FOR-US: Trusty TLK (NVIDIA) +CVE-2021-34384 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) + NOT-FOR-US: NVIDIA +CVE-2021-34383 (Bootloader contains a vulnerability in NVIDIA MB2 where a potential he ...) + NOT-FOR-US: NVIDIA +CVE-2021-34382 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel\u2019s tz ...) + NOT-FOR-US: NVIDIA +CVE-2021-34381 (Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function ...) + NOT-FOR-US: NVIDIA +CVE-2021-34380 (Bootloader contains a vulnerability in NVIDIA MB2 where potential heap ...) + NOT-FOR-US: NVIDIA +CVE-2021-34379 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34378 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34377 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34376 (Trusty contains a vulnerability in the HDCP service TA where bounds ch ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34375 (Trusty contains a vulnerability in all trusted applications (TAs) wher ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34374 (Trusty contains a vulnerability in command handlers where the length o ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34373 (Trusty trusted Linux kernel (TLK) contains a vulnerability in the NVID ...) + NOT-FOR-US: rusty TLK (NVIDIA) +CVE-2021-34372 (Trusty (the trusted OS produced by NVIDIA for Jetson devices) driver c ...) + NOT-FOR-US: Trusty +CVE-2021-34371 (Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI se ...) + NOT-FOR-US: Neo4j +CVE-2021-34370 (Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do s ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-34369 (portlets/contact/ref/refContactDetail.do in Accela Civic Platform thro ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-34368 + REJECTED +CVE-2021-34367 + REJECTED +CVE-2021-34366 + REJECTED +CVE-2021-34365 + REJECTED +CVE-2021-34364 (The Refined GitHub browser extension before 21.6.8 might allow XSS via ...) + NOT-FOR-US: Refined GitHub browser extension +CVE-2021-34363 (The thefuck (aka The Fuck) package before 3.31 for Python allows Path ...) + - thefuck 3.29-0.3 (bug #989989) + [buster] - thefuck (Minor issue) + [stretch] - thefuck (Minor issue) + NOTE: https://github.com/nvbn/thefuck/commit/e343c577cd7da4d304b837d4a07ab4df1e023092 (3.31) + NOTE: https://github.com/nvbn/thefuck/pull/1206 +CVE-2021-34362 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34361 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34360 (A cross-site request forgery (CSRF) vulnerability has been reported to ...) + NOT-FOR-US: QNAP +CVE-2021-34359 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34358 (We have already fixed this vulnerability in the following versions of ...) + NOT-FOR-US: QNAP +CVE-2021-34357 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34356 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34355 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34354 (A cross-site scripting (XSS) vulnerability has been reported to affect ...) + NOT-FOR-US: QNAP +CVE-2021-34353 + RESERVED +CVE-2021-34352 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34351 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34350 + RESERVED +CVE-2021-34349 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34348 (A command injection vulnerability has been reported to affect QNAP dev ...) + NOT-FOR-US: QNAP +CVE-2021-34347 + RESERVED +CVE-2021-34346 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34345 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34344 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2021-34343 (A stack buffer overflow vulnerability has been reported to affect QNAP ...) + NOT-FOR-US: QNAP +CVE-2022-20001 (fish is a command line shell. fish version 3.1.0 through version 3.3.1 ...) + {DSA-5234-1} + - fish 3.4.0+ds-1 + [buster] - fish (Vulnerable code introduced later) + [stretch] - fish (Vulnerable code introduced later) + NOTE: https://github.com/fish-shell/fish-shell/security/advisories/GHSA-pj5f-6vxj-f5mq + NOTE: https://github.com/fish-shell/fish-shell/pull/8589 + NOTE: https://github.com/fish-shell/fish-shell/commit/37625053d424c1ab88de2b0c50c7fe71e1468e2c (3.4.0) +CVE-2021-3588 (The cli_feat_read_cb() function in src/gatt-database.c does not perfor ...) + - bluez 5.55-3.1 (bug #989700) + [buster] - bluez (Vulnerable code introduced later) + [stretch] - bluez (Vulnerable code introduced later) + NOTE: https://github.com/bluez/bluez/issues/70 + NOTE: https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548 + NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3a40bef49305f8327635b81ac8be52a3ca063d5a (5.56) +CVE-2021-34342 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function new ...) + - ming + NOTE: https://github.com/libming/libming/issues/205 +CVE-2021-34341 (Ming 0.4.8 has an out-of-bounds read vulnerability in the function dec ...) + - ming + NOTE: https://github.com/libming/libming/issues/204 +CVE-2021-34340 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function de ...) + - ming + NOTE: https://github.com/libming/libming/issues/203 +CVE-2021-34339 (Ming 0.4.8 has an out-of-bounds buffer access issue in the function ge ...) + - ming + NOTE: https://github.com/libming/libming/issues/202 +CVE-2021-34338 (Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function ...) + - ming + NOTE: https://github.com/libming/libming/issues/201 +CVE-2021-34337 (An issue was discovered in Mailman Core before 3.3.5. An attacker with ...) + - mailman3 3.3.7-1 (bug #1004934) + [bullseye] - mailman3 (Minor issue) + [buster] - mailman3 (Minor issue; will be fixed via point release) + NOTE: Fixed by: https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51 (3.3.5b1) +CVE-2021-34336 + RESERVED +CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #992707) + [bullseye] - exiv2 0.27.3-3+deb11u2 + [buster] - exiv2 (resolveLens0xffff added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984 + NOTE: https://github.com/Exiv2/exiv2/pull/1750 +CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DLA-3265-1} + - exiv2 0.27.5-1 (bug #992706) + [bullseye] - exiv2 0.27.3-3+deb11u2 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p + NOTE: https://github.com/Exiv2/exiv2/pull/1766 +CVE-2021-34333 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34332 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34331 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34330 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34329 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) + NOT-FOR-US: JT2Go +CVE-2021-34328 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) + NOT-FOR-US: JT2Go +CVE-2021-34327 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) + NOT-FOR-US: JT2Go +CVE-2021-34326 (A vulnerability has been identified in JT2Go (All versions < V13.2), S ...) + NOT-FOR-US: JT2Go +CVE-2021-34325 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34324 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34323 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34322 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34321 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34320 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34319 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34318 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34317 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34316 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34315 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34314 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34313 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34312 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34311 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34310 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34309 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34308 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34307 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34306 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34305 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34304 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34303 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34302 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34301 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34300 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34299 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34298 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34297 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34296 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34295 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34294 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34293 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34292 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-34291 (A vulnerability has been identified in JT2Go (All versions < V13.2), T ...) + NOT-FOR-US: JT2Go +CVE-2021-3586 (A flaw was found in servicemesh-operator. The NetworkPolicy resources ...) + NOT-FOR-US: Maistra +CVE-2021-3585 (A flaw was found in openstack-tripleo-heat-templates. Plain passwords ...) + - tripleo-heat-templates + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968247 +CVE-2021-3584 (A server side remote code execution vulnerability was found in Foreman ...) + - foreman (bug #663101) +CVE-2021-3583 (A flaw was found in Ansible, where a user's controller is vulnerable t ...) + - ansible 5.4.0-1 + [bullseye] - ansible (Minor issue) + [buster] - ansible (Minor issue) + [stretch] - ansible (EOL'd for stretch) + - ansible-core 2.12.0-1 + - ansible-base + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1968412 + NOTE: https://github.com/ansible/ansible/commit/4c8c40fd3d4a58defdc80e7d22aa8d26b731353e.patch + NOTE: ansible-core was split off from src:ansible with 4.6.0-1 in experimental/5.4.0-1 in sid +CVE-2021-34290 + RESERVED +CVE-2021-34289 + RESERVED +CVE-2021-34288 + RESERVED +CVE-2021-34287 + RESERVED +CVE-2021-34286 + RESERVED +CVE-2021-34285 + RESERVED +CVE-2021-34284 + RESERVED +CVE-2021-34283 + RESERVED +CVE-2021-34282 + RESERVED +CVE-2021-34281 + RESERVED +CVE-2021-34280 (Polaris Office v9.103.83.44230 is affected by a Uninitialized Pointer ...) + NOT-FOR-US: Polaris Office +CVE-2021-34279 + RESERVED +CVE-2021-34278 + RESERVED +CVE-2021-34277 + RESERVED +CVE-2021-34276 + RESERVED +CVE-2021-34275 + RESERVED +CVE-2021-34274 + RESERVED +CVE-2021-34273 (A security flaw in the 'owned' function of a smart contract implementa ...) + NOT-FOR-US: BTC2X +CVE-2021-34272 (A security flaw in the 'owned' function of a smart contract implementa ...) + NOT-FOR-US: RobotCoin +CVE-2021-34271 + RESERVED +CVE-2021-34270 (An integer overflow in the mintToken function of a smart contract impl ...) + NOT-FOR-US: Doftcoin +CVE-2021-34269 + RESERVED +CVE-2021-34268 (An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34267 (An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM3 ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34266 + RESERVED +CVE-2021-34265 + RESERVED +CVE-2021-34264 + RESERVED +CVE-2021-34263 + RESERVED +CVE-2021-34262 (A buffer overflow vulnerability in the USBH_ParseEPDesc() function of ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34261 (An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middle ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34260 (A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() funct ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34259 (A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of ...) + NOT-FOR-US: STMicroelectronics +CVE-2021-34258 + RESERVED +CVE-2021-34257 (Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 ...) + NOT-FOR-US: WPanel +CVE-2021-34256 + RESERVED +CVE-2021-34255 + RESERVED +CVE-2021-34254 (Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to ins ...) + NOT-FOR-US: Umbraco CMS +CVE-2021-34253 + RESERVED +CVE-2021-34252 + RESERVED +CVE-2021-34251 + RESERVED +CVE-2021-34250 + REJECTED +CVE-2021-34249 (SQL injection vulnerability in sourcecodester online-book-store 1.0 al ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34248 + REJECTED +CVE-2021-34247 + RESERVED +CVE-2021-34246 + RESERVED +CVE-2021-34245 + RESERVED +CVE-2021-34244 (A cross site request forgery (CSRF) vulnerability was discovered in Ic ...) + NOT-FOR-US: Ice Hrm +CVE-2021-34243 (A stored cross site scripting (XSS) vulnerability was discovered in Ic ...) + NOT-FOR-US: Ice Hrm +CVE-2021-34242 + RESERVED +CVE-2021-34241 + RESERVED +CVE-2021-34240 + RESERVED +CVE-2021-34239 + RESERVED +CVE-2021-34238 + RESERVED +CVE-2021-34237 + RESERVED +CVE-2021-34236 (Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows ...) + NOT-FOR-US: Netgear +CVE-2021-34235 (Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The co ...) + NOT-FOR-US: Tokheim Profleet DiaLOG +CVE-2021-34234 + RESERVED +CVE-2021-34233 + RESERVED +CVE-2021-34232 + RESERVED +CVE-2021-34231 + RESERVED +CVE-2021-34230 + RESERVED +CVE-2021-34229 + RESERVED +CVE-2021-34228 (Cross-site scripting in parent_control.htm in TOTOLINK A3002R version ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34227 + RESERVED +CVE-2021-34226 + RESERVED +CVE-2021-34225 + RESERVED +CVE-2021-34224 + RESERVED +CVE-2021-34223 (Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1. ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34222 + RESERVED +CVE-2021-34221 + RESERVED +CVE-2021-34220 (Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1. ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34219 + RESERVED +CVE-2021-34218 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34217 + RESERVED +CVE-2021-34216 + RESERVED +CVE-2021-34215 (Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34214 + RESERVED +CVE-2021-34213 + RESERVED +CVE-2021-34212 + RESERVED +CVE-2021-34211 + RESERVED +CVE-2021-34210 + RESERVED +CVE-2021-34209 + RESERVED +CVE-2021-34208 + RESERVED +CVE-2021-34207 (Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20 ...) + NOT-FOR-US: TOTOLINK +CVE-2021-34206 + RESERVED +CVE-2021-34205 + RESERVED +CVE-2021-34204 (D-Link DIR-2640-US 1.01B04 is affected by Insufficiently Protected Cre ...) + NOT-FOR-US: D-Link +CVE-2021-34203 (D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. ...) + NOT-FOR-US: D-Link +CVE-2021-34202 (There are multiple out-of-bounds vulnerabilities in some processes of ...) + NOT-FOR-US: D-Link +CVE-2021-34201 (D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are ...) + NOT-FOR-US: D-Link +CVE-2021-34200 + RESERVED +CVE-2021-34199 + RESERVED +CVE-2021-34198 + RESERVED +CVE-2021-34197 + RESERVED +CVE-2021-34196 + RESERVED +CVE-2021-34195 + RESERVED +CVE-2021-34194 + RESERVED +CVE-2021-34193 (Stack overflow vulnerability in OpenSC smart card middleware before 0. ...) + - opensc 0.22.0-1 + [bullseye] - opensc (Minor issue) + [buster] - opensc (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28185 + NOTE: https://github.com/OpenSC/OpenSC/commit/f015746d22d249642c19674298a18ad824db0ed7 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28843 + NOTE: https://github.com/OpenSC/OpenSC/commit/1db88374bb7706a115d5c3617c6f16115c33bf27 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28383 + NOTE: https://github.com/OpenSC/OpenSC/commit/5df913b7f57ad89b9832555d24c08d23a534311e (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27719 + NOTE: https://github.com/OpenSC/OpenSC/commit/78cdab949f098ad7e593d853229fccf57d749d0c (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28768 + NOTE: https://github.com/OpenSC/OpenSC/commit/d353a46d0444bb34ca28a3dcc884afe196f851b6 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28855 + NOTE: https://github.com/OpenSC/OpenSC/commit/7114fb71b54ddfe06ce5dfdab013f4c38f129d14 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29912 + NOTE: https://github.com/OpenSC/OpenSC/commit/1252aca9f10771ef5ba8405e73cf2da50827958f (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30112 + NOTE: https://github.com/OpenSC/OpenSC/commit/17d8980cde7be597afc366b7e311d0d7cadcb1f4 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30800 + NOTE: https://github.com/OpenSC/OpenSC/commit/ae1cf0be90396fb6c0be95829bf0d3eecbd2fd1c (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31448 + NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31540 + NOTE: https://github.com/OpenSC/OpenSC/commit/40c50a3a4219308aae90f6efd7b10213794a8d86 (0.22.0-rc1) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32149 + NOTE: https://github.com/OpenSC/OpenSC/commit/05648b0604bf3e498e8d42dff3c6e7c56a5bf749 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/commit/715c17c469f6c463dd511a5deb229da4de9ee100 (0.22.0-rc1) + NOTE: https://github.com/OpenSC/OpenSC/issues/2841 + NOTE: CVE-2021-34193 is containing fixes as well for CVE-2021-42778, CVE-2021-42779, CVE-2021-42780, + NOTE: CVE-2021-42781 and CVE-2021-42782 and might get rejected. +CVE-2021-34192 + RESERVED +CVE-2021-34191 + RESERVED +CVE-2021-34190 (A stored cross site scripting (XSS) vulnerability in index.php?menu=bi ...) + NOT-FOR-US: Issabel PBX +CVE-2021-34189 + RESERVED +CVE-2021-34188 + RESERVED +CVE-2021-34187 (main/inc/ajax/model.ajax.php in Chamilo through 1.11.14 allows SQL Inj ...) + NOT-FOR-US: Chamilo +CVE-2021-34186 + RESERVED +CVE-2021-34185 (Miniaudio 0.10.35 has an integer-based buffer overflow caused by an ou ...) + NOT-FOR-US: Miniaudio +CVE-2021-34184 (Miniaudio 0.10.35 has a Double free vulnerability that could cause a b ...) + NOT-FOR-US: Miniaudio +CVE-2021-34183 + REJECTED +CVE-2021-34182 (An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via ...) + - ttyd 1.6.3-2 + NOTE: This is intended behaviour and since 1.6.3-2 the Debian package ships a README.Debian + NOTE: describing the default behaviour +CVE-2021-34181 (Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name par ...) + NOT-FOR-US: TomExam +CVE-2021-34180 + RESERVED +CVE-2021-34179 + RESERVED +CVE-2021-34178 + RESERVED +CVE-2021-34177 + RESERVED +CVE-2021-34176 + RESERVED +CVE-2021-34175 + RESERVED +CVE-2021-34174 (A vulnerability exists in Broadcom BCM4352 and BCM43684 chips. Any wir ...) + NOT-FOR-US: Broadcom +CVE-2021-34173 (An attacker can cause a Denial of Service and kernel panic in v4.2 and ...) + NOT-FOR-US: Espressif +CVE-2021-34172 + RESERVED +CVE-2021-34171 + RESERVED +CVE-2021-34170 (Bandai Namco FromSoftware Dark Souls III allows remote attackers to ex ...) + NOT-FOR-US: Bandai +CVE-2021-34169 + RESERVED +CVE-2021-34168 + RESERVED +CVE-2021-34167 (Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows ...) + NOT-FOR-US: taoCMS +CVE-2021-34166 (A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1. ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34165 (A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1. ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34164 (Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated at ...) + NOT-FOR-US: LIZHIFAKA +CVE-2021-34163 + RESERVED +CVE-2021-34162 + RESERVED +CVE-2021-34161 + RESERVED +CVE-2021-34160 + RESERVED +CVE-2021-34159 + RESERVED +CVE-2021-34158 + RESERVED +CVE-2021-34157 + RESERVED +CVE-2021-34156 + RESERVED +CVE-2021-34155 + RESERVED +CVE-2021-34154 + RESERVED +CVE-2021-34153 + RESERVED +CVE-2021-34152 + RESERVED +CVE-2021-34151 + RESERVED +CVE-2021-34150 (The Bluetooth Classic implementation on Bluetrum AB5301A devices with ...) + NOT-FOR-US: Bluetrum +CVE-2021-34149 (The Bluetooth Classic implementation on the Texas Instruments CC256XCQ ...) + NOT-FOR-US: Texas Instruments CC256XCQFN-EM +CVE-2021-34148 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + - bluez-firmware 1.2-8 (bug #1024356) + [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f +CVE-2021-34147 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + - bluez-firmware 1.2-8 (bug #1024356) + [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f +CVE-2021-34146 (The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB do ...) + - bluez-firmware 1.2-8 (bug #1024356) + [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f +CVE-2021-34145 (The Bluetooth Classic implementation in the Cypress WICED BT stack thr ...) + - bluez-firmware 1.2-8 (bug #1024356) + [bullseye] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + [buster] - bluez-firmware (Affected firmware not present, introduced in bluez-firmware/1.2-6) + NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/31ad68831357d2019624004f1f0846475671088f +CVE-2021-34144 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C BT SD ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-34143 (The Bluetooth Classic implementation in the Zhuhai Jieli AC6366C_DEMO_ ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-34142 + RESERVED +CVE-2021-34141 (An incomplete string comparison in the numpy.core component in NumPy b ...) + - numpy (unimportant) + NOTE: https://github.com/numpy/numpy/issues/18993 + NOTE: https://github.com/numpy/numpy/commit/eeef9d4646103c3b1afd3085f1393f2b3f9575b2 (v1.23.0.dev0) + NOTE: Negligible security impact +CVE-2021-34140 + RESERVED +CVE-2021-34139 + RESERVED +CVE-2021-34138 + RESERVED +CVE-2021-34137 + RESERVED +CVE-2021-34136 + RESERVED +CVE-2021-34135 + RESERVED +CVE-2021-34134 + RESERVED +CVE-2021-34133 + RESERVED +CVE-2021-34132 + RESERVED +CVE-2021-34131 + RESERVED +CVE-2021-34130 + RESERVED +CVE-2021-34129 (LaikeTui 3.5.0 allows remote authenticated users to delete arbitrary f ...) + NOT-FOR-US: LaikeTui +CVE-2021-34128 (LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary ...) + NOT-FOR-US: LaikeTui +CVE-2021-34127 + RESERVED +CVE-2021-34126 + RESERVED +CVE-2021-34125 (An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and ...) + NOT-FOR-US: Yuneec Mantis +CVE-2021-34124 + RESERVED +CVE-2021-34123 (An issue was discovered on atasm, version 1.09. A stack-buffer-overflo ...) + NOT-FOR-US: atasm +CVE-2021-34122 (The function bitstr_tell at bitstr.c in ffjpeg commit 4ab404e has a NU ...) + NOT-FOR-US: ffjpeg +CVE-2021-34121 (An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function par ...) + - htmldoc 1.9.13-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/433 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/c67bbd8756f015e33e4ba639a40c7f9d8bd9e8ab (v1.9.13) +CVE-2021-34120 + RESERVED +CVE-2021-34119 (A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ...) + - htmldoc 1.9.12-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/431 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/85fa76d77ed69927d24decf476e69bedc7691f48 (v1.9.12) +CVE-2021-34118 + RESERVED +CVE-2021-34117 (SQL Injection vulnerability in SEO Panel 4.9.0 in api/user.api.php in ...) + NOT-FOR-US: SEO Panel +CVE-2021-34116 + RESERVED +CVE-2021-34115 + RESERVED +CVE-2021-34114 + RESERVED +CVE-2021-34113 + RESERVED +CVE-2021-34112 + RESERVED +CVE-2021-34111 (Thecus 4800Eco was discovered to contain a command injection vulnerabi ...) + NOT-FOR-US: Thecus NAS server N4800Eco +CVE-2021-34110 (WinWaste.NET version 1.0.6183.16475 has incorrect permissions, allowin ...) + NOT-FOR-US: WinWaste.NET +CVE-2021-34109 + RESERVED +CVE-2021-34108 + RESERVED +CVE-2021-34107 + RESERVED +CVE-2021-34106 + RESERVED +CVE-2021-34105 + RESERVED +CVE-2021-34104 + RESERVED +CVE-2021-34103 + RESERVED +CVE-2021-34102 + RESERVED +CVE-2021-34101 + RESERVED +CVE-2021-34100 + RESERVED +CVE-2021-34099 + RESERVED +CVE-2021-34098 + RESERVED +CVE-2021-34097 + RESERVED +CVE-2021-34096 + RESERVED +CVE-2021-34095 + RESERVED +CVE-2021-34094 + RESERVED +CVE-2021-34093 + RESERVED +CVE-2021-34092 + RESERVED +CVE-2021-34091 + RESERVED +CVE-2021-34090 + RESERVED +CVE-2021-34089 + RESERVED +CVE-2021-34088 + RESERVED +CVE-2021-34087 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) + NOT-FOR-US: Ultimaker +CVE-2021-34086 (In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D pr ...) + NOT-FOR-US: Ultimaker +CVE-2021-34085 (Read access violation in the III_dequantize_sample function in mpglibD ...) + - mp3gain 1.6.2-1 + NOTE: Vulnerable code removed in https://sourceforge.net/p/mp3gain/code/ci/aea83203960fc6d3237b1ae38e8434ec8681b21a/ (v1.6.0) + NOTE: https://drive.google.com/drive/folders/1epm65c4_iC0zE5V_leoet4Jyk1Prz2p5?usp=sharing +CVE-2021-34084 (OS command injection vulnerability in Turistforeningen node-s3-uploade ...) + NOT-FOR-US: Node s3-uploader +CVE-2021-34083 (Google-it is a Node.js package which allows its users to send search q ...) + NOT-FOR-US: Node google-it +CVE-2021-34082 (OS Command Injection vulnerability in allenhwkim proctree through 0.1. ...) + NOT-FOR-US: Node proctree +CVE-2021-34081 (OS Command Injection vulnerability in bbultman gitsome through 0.2.3 a ...) + NOT-FOR-US: Node bbultman gitsome +CVE-2021-34080 (OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.j ...) + NOT-FOR-US: Node ssl-utils +CVE-2021-34079 (OS Command injection vulnerability in Mintzo Docker-Tester through 1.2 ...) + NOT-FOR-US: Mintzo Docker-Tester +CVE-2021-34078 (lifion-verify-dependencies through 1.1.0 is vulnerable to OS command i ...) + NOT-FOR-US: Node lifion-verify-deps +CVE-2021-34077 + RESERVED +CVE-2021-34076 (File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to ...) + NOT-FOR-US: PHPOK +CVE-2021-34075 (In Artica Pandora FMS <=754 in the File Manager component, there is se ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-34074 (PandoraFMS <=7.54 allows arbitrary file upload, it leading to remote c ...) + NOT-FOR-US: PandoraFMS +CVE-2021-34073 (A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gad ...) + NOT-FOR-US: Sourcecodester +CVE-2021-34072 + RESERVED +CVE-2021-34071 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34070 (Out-of-bounds Read in tsMuxer 2.6.16 allows attackers to cause a Denia ...) + NOT-FOR-US: tsMuxer +CVE-2021-34069 (Divide-by-zero bug in tsMuxer 2.6.16 allows attackers to cause a Denia ...) + NOT-FOR-US: tsMuxer +CVE-2021-34068 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34067 (Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause ...) + NOT-FOR-US: tsMuxer +CVE-2021-34066 (An issue was discovered in EdgeGallery/developer before v1.0. There is ...) + NOT-FOR-US: EdgeGallery/developer +CVE-2021-34065 + RESERVED +CVE-2021-34064 + REJECTED +CVE-2021-34063 + RESERVED +CVE-2021-34062 + RESERVED +CVE-2021-34061 + RESERVED +CVE-2021-34060 + RESERVED +CVE-2021-34059 + RESERVED +CVE-2021-34058 + RESERVED +CVE-2021-34057 + RESERVED +CVE-2021-34056 + RESERVED +CVE-2021-34055 (jhead 3.06 is vulnerable to Buffer Overflow via exif.c in function Put ...) + {DSA-5294-1 DLA-3219-1} + - jhead 1:3.06.0.1-5 (bug #1024272) + NOTE: https://github.com/Matthias-Wandel/jhead/issues/36 + NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/f0a884210cc46830b176f71fd61569adc8f230a7 +CVE-2021-34054 + RESERVED +CVE-2021-34053 + RESERVED +CVE-2021-34052 + RESERVED +CVE-2021-34051 + RESERVED +CVE-2021-34050 + RESERVED +CVE-2021-34049 + RESERVED +CVE-2021-34048 + RESERVED +CVE-2021-34047 + RESERVED +CVE-2021-34046 + RESERVED +CVE-2021-34045 + RESERVED +CVE-2021-34044 + RESERVED +CVE-2021-34043 + RESERVED +CVE-2021-34042 + RESERVED +CVE-2021-34041 + RESERVED +CVE-2021-34040 + RESERVED +CVE-2021-34039 + RESERVED +CVE-2021-34038 + RESERVED +CVE-2021-34037 + RESERVED +CVE-2021-34036 + RESERVED +CVE-2021-34035 + RESERVED +CVE-2021-34034 + RESERVED +CVE-2021-34033 + RESERVED +CVE-2021-34032 + RESERVED +CVE-2021-34031 + RESERVED +CVE-2021-34030 + RESERVED +CVE-2021-34029 + RESERVED +CVE-2021-34028 + RESERVED +CVE-2021-34027 + RESERVED +CVE-2021-34026 + RESERVED +CVE-2021-34025 + RESERVED +CVE-2021-34024 + RESERVED +CVE-2021-34023 + RESERVED +CVE-2021-34022 + RESERVED +CVE-2021-34021 + RESERVED +CVE-2021-34020 + RESERVED +CVE-2021-34019 + RESERVED +CVE-2021-34018 + RESERVED +CVE-2021-34017 + RESERVED +CVE-2021-34016 + RESERVED +CVE-2021-34015 + RESERVED +CVE-2021-34014 + RESERVED +CVE-2021-34013 + RESERVED +CVE-2021-34012 + RESERVED +CVE-2021-34011 + RESERVED +CVE-2021-34010 + RESERVED +CVE-2021-34009 + RESERVED +CVE-2021-34008 + RESERVED +CVE-2021-34007 + RESERVED +CVE-2021-34006 + RESERVED +CVE-2021-34005 + RESERVED +CVE-2021-34004 + RESERVED +CVE-2021-34003 + RESERVED +CVE-2021-34002 + RESERVED +CVE-2021-34001 + RESERVED +CVE-2021-34000 + RESERVED +CVE-2021-33999 + RESERVED +CVE-2021-33998 + RESERVED +CVE-2021-33997 + RESERVED +CVE-2021-33996 + RESERVED +CVE-2021-33995 + RESERVED +CVE-2021-33994 + RESERVED +CVE-2021-33993 + RESERVED +CVE-2021-33992 + RESERVED +CVE-2021-33991 + RESERVED +CVE-2021-33990 (Liferay Portal 6.2.5 allows Command=FileUpload&Type=File&CurrentFolder ...) + NOT-FOR-US: Liferay Portal +CVE-2021-33989 + RESERVED +CVE-2021-33988 (Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2 ...) + NOT-FOR-US: Microweber CMS +CVE-2021-33987 + RESERVED +CVE-2021-33986 + RESERVED +CVE-2021-33985 + RESERVED +CVE-2021-33984 + RESERVED +CVE-2021-33983 (Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local ...) + NOT-FOR-US: Dvidelabs +CVE-2021-33982 (An insufficient session expiration vulnerability exists in the "Fish | ...) + NOT-FOR-US: "Fish | Hunt FL" iOS app +CVE-2021-33981 (An insecure, direct object vulnerability in hunting/fishing license re ...) + NOT-FOR-US: "Fish | Hunt FL" iOS app +CVE-2021-33980 + RESERVED +CVE-2021-33979 + RESERVED +CVE-2021-33978 + RESERVED +CVE-2021-33977 + RESERVED +CVE-2021-33976 + RESERVED +CVE-2021-33975 (Buffer Overflow vulnerability in Qihoo 360 Total Security v10.8.0.1060 ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33974 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33973 (Buffer Overflow vulnerability in Qihoo 360 Safe guard v12.1.0.1004, v1 ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33972 (Buffer Overflow vulnerability in Qihoo 360 Safe Browser v13.0.2170.0 a ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33971 (Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.c ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33970 (Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows ...) + NOT-FOR-US: Qihoo 360 +CVE-2021-33969 + RESERVED +CVE-2021-33968 + RESERVED +CVE-2021-33967 + RESERVED +CVE-2021-33966 (Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows auth ...) + - spotweb + [buster] - spotweb (Minor issue) + [stretch] - spotweb (Minor issue; possible reflected XSS with unconclusive PoC "proof") + NOTE: https://packetstormsecurity.com/files/162731/Spotweb-Develop-1.4.9-Cross-Site-Scripting.html +CVE-2021-33965 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33964 (China Mobile An Lianbao WF-1 V1.0.1 router provides a web interface /a ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33963 (China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router web interface +CVE-2021-33962 (China Mobile An Lianbao WF-1 router v1.0.1 is affected by an OS comman ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-33961 (A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github ...) + NOT-FOR-US: enhanced-github browser extension +CVE-2021-33960 + RESERVED +CVE-2021-33959 (Plex media server 1.21 and before is vulnerable to ddos reflection att ...) + NOT-FOR-US: Plex +CVE-2021-33958 + RESERVED +CVE-2021-33957 + RESERVED +CVE-2021-33956 + RESERVED +CVE-2021-33955 + RESERVED +CVE-2021-33954 + RESERVED +CVE-2021-33953 + RESERVED +CVE-2021-33952 + RESERVED +CVE-2021-33951 + RESERVED +CVE-2021-33950 (An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensi ...) + NOT-FOR-US: OpenKM +CVE-2021-33949 (An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary cod ...) + NOT-FOR-US: FeMiner WMS +CVE-2021-33948 (SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows ...) + NOT-FOR-US: FantasticLBP Hotels Server +CVE-2021-33947 + RESERVED +CVE-2021-33946 + RESERVED +CVE-2021-33945 (RICOH Printer series SP products 320DN, SP 325DNw, SP 320SN, SP 320SFN ...) + NOT-FOR-US: RICOH +CVE-2021-33944 + RESERVED +CVE-2021-33943 + RESERVED +CVE-2021-33942 + RESERVED +CVE-2021-33941 + RESERVED +CVE-2021-33940 + RESERVED +CVE-2021-33939 + RESERVED +CVE-2021-33938 (Buffer overflow vulnerability in function prune_to_recommended in src/ ...) + - libsolv 0.7.17-1 + [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/420 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33937 + RESERVED +CVE-2021-33936 + RESERVED +CVE-2021-33935 + RESERVED +CVE-2021-33934 + RESERVED +CVE-2021-33933 + RESERVED +CVE-2021-33932 + RESERVED +CVE-2021-33931 + RESERVED +CVE-2021-33930 (Buffer overflow vulnerability in function pool_installable_whatprovide ...) + - libsolv 0.7.17-1 + [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33929 (Buffer overflow vulnerability in function pool_disabled_solvable in sr ...) + - libsolv 0.7.17-1 + [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33928 (Buffer overflow vulnerability in function pool_installable in src/repo ...) + - libsolv 0.7.17-1 + [buster] - libsolv (Minor issue) + [stretch] - libsolv (Minor issue) + NOTE: https://github.com/openSUSE/libsolv/issues/417 + NOTE: https://github.com/openSUSE/libsolv/commit/0077ef29eb46d2e1df2f230fc95a1d9748d49dec (0.7.17) +CVE-2021-33927 + RESERVED +CVE-2021-33926 (An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5. ...) + NOT-FOR-US: Plone +CVE-2021-33925 (SQL Injection vulnerability in nitinparashar30 cms-corephp through com ...) + NOT-FOR-US: nitinparashar30 +CVE-2021-33924 (Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 i ...) + NOT-FOR-US: Confluent Ansible +CVE-2021-33923 (Insecure permissions in Confluent Ansible (cp-ansible) 5.5.0, 5.5.1, 5 ...) + NOT-FOR-US: Confluent Ansible +CVE-2021-33922 + RESERVED +CVE-2021-33921 + RESERVED +CVE-2021-33920 + RESERVED +CVE-2021-33919 + RESERVED +CVE-2021-33918 + RESERVED +CVE-2021-33917 + RESERVED +CVE-2021-33916 + RESERVED +CVE-2021-33915 + RESERVED +CVE-2021-33914 + RESERVED +CVE-2021-33913 (libspf2 before 1.2.11 has a heap-based buffer overflow that might allo ...) + {DLA-2890-1} + - libspf2 1.2.10-7.1 + [bullseye] - libspf2 1.2.10-7.1~deb11u1 + [buster] - libspf2 1.2.10-7.1~deb10u1 + NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure + NOTE: https://github.com/shevek/libspf2/pull/35 + NOTE: https://github.com/shevek/libspf2/commit/f06fef6cede4c4cb42f2c617496e6041782d7070 +CVE-2021-33912 (libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...) + {DLA-2890-1} + - libspf2 1.2.10-7.1 + [bullseye] - libspf2 1.2.10-7.1~deb11u1 + [buster] - libspf2 1.2.10-7.1~deb10u1 + NOTE: https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure + NOTE: https://github.com/shevek/libspf2/pull/35 + NOTE: https://github.com/shevek/libspf2/commit/28faf4624a6a371b11afdb9820078d3b0ee3803d +CVE-2021-33911 (Zoho ManageEngine ADManager Plus before 7110 allows remote code execut ...) + NOT-FOR-US: Zoho +CVE-2021-33910 (basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 ...) + {DSA-4942-1 DLA-2715-1} + - systemd 247.3-6 + NOTE: https://www.qualys.com/2021/07/20/cve-2021-33910/denial-of-service-systemd.txt + NOTE: Introduced by: https://github.com/systemd/systemd/commit/7410616cd9dbbec97cf98d75324da5cda2b2f7a2 (v220) + NOTE: Fixed by: https://github.com/systemd/systemd/commit/441e0115646d54f080e5c3bb0ba477c892861ab9 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/4e2544c30bfb95e7cb4d1551ba066b1a56520ad6 (comment fix) + NOTE: https://github.com/systemd/systemd/pull/20256 +CVE-2021-33909 (fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 do ...) + {DSA-4941-1 DLA-2714-1 DLA-2713-1} + - linux 5.10.46-2 + NOTE: https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt + NOTE: https://git.kernel.org/linus/8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b +CVE-2021-33908 + RESERVED +CVE-2020-36387 (An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring. ...) + - linux 5.7.17-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/6d816e088c359866f9867057e04f244c608c42fe +CVE-2020-36386 (An issue was discovered in the Linux kernel before 5.8.1. net/bluetoot ...) + - linux 5.7.17-1 + [buster] - linux 4.19.146-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/51c19bf3d5cfaa66571e4b88ba2a6f6295311101 +CVE-2019-25045 (An issue was discovered in the Linux kernel before 5.0.19. The XFRM su ...) + - linux 5.2.6-1 + [buster] - linux 4.19.67-1 + [stretch] - linux 4.9.210-1 + NOTE: https://git.kernel.org/linus/dbb2483b2a46fbaf833cfb5deb5ed9cace9c7399 +CVE-2018-25015 (An issue was discovered in the Linux kernel before 4.14.16. There is a ...) + - linux 4.14.17-1 + [stretch] - linux 4.9.80-1 + NOTE: https://git.kernel.org/linus/a0ff660058b88d12625a783ce9e5c1371c87951f +CVE-2021-3587 + REJECTED +CVE-2021-3582 (A flaw was found in the QEMU implementation of VMWare's paravirtual RD ...) + {DLA-3099-1} + - qemu 1:5.2+dfsg-11 (bug #990565) + [stretch] - qemu (Vulnerable code introduced later) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-06/msg04148.html + NOTE: Upstream commit: https://git.qemu.org/?p=qemu.git;a=commit;h=284f191b4abad213aed04cb0458e1600fd18d7c4 +CVE-2021-33907 (The Zoom Client for Meetings for Windows in all versions before 5.3.0 ...) + NOT-FOR-US: Zoom Client for Meetings for Windows +CVE-2021-33906 + RESERVED +CVE-2021-33905 + RESERVED +CVE-2021-33904 (In Accela Civic Platform through 21.1, the security/hostSignon.do para ...) + NOT-FOR-US: Accela Civic Platform +CVE-2021-33903 (In LCOS 10.40 to 10.42.0473-RU3 with SNMPv3 enabled on LANCOM devices, ...) + NOT-FOR-US: LANCOM +CVE-2021-33902 + RESERVED +CVE-2021-33901 + RESERVED +CVE-2021-33900 (While investigating DIRSTUDIO-1219 it was noticed that configured Star ...) + - apache-directory-studio (bug #733044) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/24/1 +CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color settings.) + NOT-FOR-US: PageLayer +CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size paramete ...) + NOT-FOR-US: PageLayer +CVE-2021-33899 + RESERVED +CVE-2021-33898 (In Invoice Ninja before 4.4.0, there is an unsafe call to unserialize( ...) + NOT-FOR-US: Invoice Ninja +CVE-2021-33897 (A buffer overflow in Synthesia before 10.7.5567, when a non-Latin loca ...) + NOT-FOR-US: Synthesia +CVE-2021-33896 (Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (o ...) + - dino-im 0.2.0-3 + [buster] - dino-im (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/2 + NOTE: https://github.com/dino/dino/commit/0c8d25b7a3e7a10a506f1e19b868fe9b0c761495 (master) + NOTE: https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 (v0.2.1) +CVE-2021-33895 (ETINET BACKBOX E4.09 and H4.09 mismanages password access control. Whe ...) + NOT-FOR-US: ETINET +CVE-2021-33894 (In Progress MOVEit Transfer before 2019.0.6 (11.0.6), 2019.1.x before ...) + NOT-FOR-US: Progress MOVEit +CVE-2021-33893 + RESERVED +CVE-2021-33892 + RESERVED +CVE-2021-33891 + RESERVED +CVE-2021-33890 + RESERVED +CVE-2021-33889 (OpenThread wpantund through 2021-07-02 has a stack-based Buffer Overfl ...) + NOT-FOR-US: OpenThread wpantund +CVE-2021-33888 + RESERVED +CVE-2017-20005 (NGINX before 1.13.6 has a buffer overflow for years that exceed four d ...) + {DLA-2680-1} + - nginx 1.13.6-1 + NOTE: https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf + NOTE: https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b + NOTE: https://trac.nginx.org/nginx/ticket/1368 +CVE-2021-33887 (Insufficient verification of data authenticity in Peloton TTR01 up to ...) + NOT-FOR-US: Peloton TTR01 +CVE-2021-33886 (An improper sanitization of input vulnerability in B. Braun SpaceCom2 ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33885 (An Insufficient Verification of Data Authenticity vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33884 (An Unrestricted Upload of File with Dangerous Type vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33883 (A Cleartext Transmission of Sensitive Information vulnerability in B. ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33882 (A Missing Authentication for Critical Function vulnerability in B. Bra ...) + NOT-FOR-US: B. Braun SpaceCom2 +CVE-2021-33881 (On NXP MIFARE Ultralight and NTAG cards, an attacker can interrupt a w ...) + NOT-FOR-US: NXP +CVE-2021-33880 (The aaugustin websockets library before 9.1 for Python has an Observab ...) + - python-websockets 9.1-1 (bug #989561) + [bullseye] - python-websockets (Minor issue) + [buster] - python-websockets (Vulnerable code introduced in 8.0) + [stretch] - python-websockets (Vulnerable code introduced in 8.0) + NOTE: https://github.com/aaugustin/websockets/commit/547a26b685d08cac0aa64e5e65f7867ac0ea9bc0 +CVE-2021-33879 (Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure ...) + NOT-FOR-US: Tencent +CVE-2021-33878 + RESERVED +CVE-2021-33877 + RESERVED +CVE-2021-33876 + RESERVED +CVE-2021-33875 + RESERVED +CVE-2021-33874 + RESERVED +CVE-2021-33873 + RESERVED +CVE-2021-33872 + RESERVED +CVE-2021-33871 + RESERVED +CVE-2021-33870 + RESERVED +CVE-2021-33869 + RESERVED +CVE-2021-33868 + RESERVED +CVE-2021-33867 + RESERVED +CVE-2021-33866 + RESERVED +CVE-2021-33865 + RESERVED +CVE-2021-33864 + RESERVED +CVE-2021-33863 + RESERVED +CVE-2021-33862 + RESERVED +CVE-2021-33861 + RESERVED +CVE-2021-33860 + RESERVED +CVE-2021-33859 + RESERVED +CVE-2021-33858 + RESERVED +CVE-2021-33857 + RESERVED +CVE-2021-33856 + RESERVED +CVE-2021-33855 + RESERVED +CVE-2021-33854 + RESERVED +CVE-2021-33853 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascri ...) + NOT-FOR-US: X2Engine X2CRM +CVE-2021-33852 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...) + NOT-FOR-US: post-duplicator-image plugin for WordPress +CVE-2021-33851 (A cross-site scripting (XSS) attack can cause arbitrary code (JavaScri ...) + NOT-FOR-US: customize-login-image plugin for WordPress +CVE-2021-33850 (There is a Cross-Site Scripting vulnerability in Microsoft Clarity ver ...) + NOT-FOR-US: Microsoft +CVE-2021-33849 (A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScri ...) + NOT-FOR-US: Zoho +CVE-2021-3581 (Buffer Access with Incorrect Length Value in zephyr. Zephyr versions > ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3580 (A flaw was found in the way nettle's RSA decryption functions handled ...) + {DSA-4933-1 DLA-2760-1} + - nettle 3.7.3-1 (bug #989631) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1967983 + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/0ad0b5df315665250dfdaa4a1e087f4799edaefe + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c + NOTE: https://git.lysator.liu.se/nettle/nettle/-/commit/485b5e2820a057e873b1ba812fdb39cae4adf98c +CVE-2021-33844 (A floating point exception (divide-by-zero) issue was discovered in So ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.1 (bug #1021135) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975664 + NOTE: https://sourceforge.net/p/sox/bugs/349/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-33842 (Improper Authentication vulnerability in the cookie parameter of Circu ...) + NOT-FOR-US: Circutor SGE-PLC1000 firmware +CVE-2021-33841 (SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle so ...) + NOT-FOR-US: SGE-PLC1000 device +CVE-2021-23210 (A floating point exception (divide-by-zero) issue was discovered in So ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.2 (bug #1010374) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975670 + NOTE: https://sourceforge.net/p/sox/bugs/351/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-23172 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.2 (bug #1021134) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975666 + NOTE: https://sourceforge.net/p/sox/bugs/350/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-23159 (A vulnerability was found in SoX, where a heap-buffer-overflow occurs ...) + {DSA-5356-1 DLA-3315-1} + - sox 14.4.2+git20190427-3.2 (bug #1021133) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1975671 + NOTE: https://sourceforge.net/p/sox/bugs/352/ + NOTE: https://www.openwall.com/lists/oss-security/2023/02/03/3 +CVE-2021-33840 (The server in Luca through 1.1.14 allows remote attackers to cause a d ...) + NOT-FOR-US: Luca +CVE-2021-33839 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) + NOT-FOR-US: Luca +CVE-2021-33838 (Luca through 1.7.4 on Android allows remote attackers to obtain sensit ...) + NOT-FOR-US: Luca +CVE-2021-33837 + RESERVED +CVE-2021-33836 + RESERVED +CVE-2021-33835 + RESERVED +CVE-2021-33834 (An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6. ...) + NOT-FOR-US: Insyde +CVE-2021-33833 (ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based b ...) + {DLA-2915-1} + - connman 1.36-2.2 (bug #989662) + [buster] - connman 1.36-2.1~deb10u2 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/09/1 + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=eceb2e8d2341c041df55a5e2f047d9a8c491463c +CVE-2021-33832 + RESERVED +CVE-2021-33831 (api/account/register in the TH Wildau COVID-19 Contact Tracing applica ...) + NOT-FOR-US: TH Wildau COVID-19 Contact Tracing App (Germany) +CVE-2021-33830 + RESERVED +CVE-2021-33829 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) + {DLA-2813-1} + - ckeditor 4.16.0+dfsg-2 + [buster] - ckeditor (Minor issue) + - ckeditor3 (bug #1015217) + [bookworm] - ckeditor3 (Minor issue) + [bullseye] - ckeditor3 (Minor issue) + [buster] - ckeditor3 (No longer supported in LTS) + [stretch] - ckeditor3 (EOL'd for stretch) + NOTE: https://ckeditor.com/blog/ckeditor-4.16.1-with-accessibility-enhancements/#improvements-for-comments-in-html-parser + NOTE: https://github.com/ckeditor/ckeditor4/commit/3e426ce34f7fc7bf784624358831ef9e189bb6ed +CVE-2021-33828 (The files_antivirus component before 1.0.0 for ownCloud mishandles the ...) + - owncloud +CVE-2021-33827 (The files_antivirus component before 1.0.0 for ownCloud allows OS Comm ...) + - owncloud +CVE-2021-33826 + RESERVED +CVE-2021-33825 + RESERVED +CVE-2021-33824 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + NOT-FOR-US: MOXA +CVE-2021-33823 (An issue was discovered on MOXA Mgate MB3180 Version 2.1 Build 1811301 ...) + NOT-FOR-US: MOXA +CVE-2021-33822 (An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22 ...) + NOT-FOR-US: 4GEE ROUTER HH70VB +CVE-2021-33821 + RESERVED +CVE-2021-33820 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + NOT-FOR-US: UniFi Protect G3 FLEX Camera +CVE-2021-33819 + RESERVED +CVE-2021-33818 (An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4 ...) + NOT-FOR-US: UniFi Protect G3 FLEX Camera +CVE-2021-33817 + RESERVED +CVE-2021-33816 (The website builder module in Dolibarr 13.0.2 allows remote PHP code e ...) + - dolibarr +CVE-2021-33815 (dwa_uncompress in libavcodec/exr.c in FFmpeg 4.4 allows an out-of-boun ...) + [experimental] - ffmpeg + - ffmpeg (Vulnerable code not present, introduced in cc85ca1cb34) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/26d3c81bc5ef2f8c3f09d45eaeacfb4b1139a777 +CVE-2021-33814 + RESERVED +CVE-2021-33813 (An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to c ...) + {DLA-2712-1 DLA-2696-1} + - libjdom2-intellij-java (bug #990673) + [bookworm] - libjdom2-intellij-java (Minor issue) + [bullseye] - libjdom2-intellij-java (Minor issue) + [buster] - libjdom2-intellij-java (Minor issue) + - libjdom2-java 2.0.6-2.1 (bug #990671) + [buster] - libjdom2-java (Minor issue) + - libjdom1-java 1.1.3-2.1 (bug #990672) + [buster] - libjdom1-java (Minor issue) + NOTE: https://github.com/hunterhacker/jdom/pull/188 + NOTE: https://alephsecurity.com/vulns/aleph-2021003 + NOTE: Fixed by: https://github.com/hunterhacker/jdom/commit/bd3ab78370098491911d7fe9d7a43b97144a234e + NOTE: Possible regression impact: https://github.com/hunterhacker/jdom/pull/188#issuecomment-872685011 + NOTE: Improved regression with: https://github.com/hunterhacker/jdom/commit/dd4f3c2fc7893edd914954c73eb577f925a7d361 + NOTE: https://github.com/hunterhacker/jdom/commit/07f316957b59d305f04c7bdb26292852bcbc2eb5 +CVE-2021-33812 + RESERVED +CVE-2021-33811 + RESERVED +CVE-2021-33810 + RESERVED +CVE-2021-33809 + RESERVED +CVE-2021-33808 + RESERVED +CVE-2021-33807 (Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/d ...) + NOT-FOR-US: Cartadis Gespage +CVE-2021-3579 (Incorrect Default Permissions vulnerability in the bdservicehost.exe a ...) + NOT-FOR-US: Bitdefender +CVE-2021-3578 (A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecke ...) + {DLA-3066-1} + - isync 1.3.0-2.2 (bug #989564) + [buster] - isync 1.3.0-2.2~deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/07/1 +CVE-2021-33806 (The BDew BdLib library before 1.16.1.7 for Minecraft allows remote cod ...) + NOT-FOR-US: BDew BdLib library +CVE-2021-33805 + REJECTED +CVE-2021-3577 (An unauthenticated remote code execution vulnerability was reported in ...) + NOT-FOR-US: Binatone +CVE-2021-3576 (Execution with Unnecessary Privileges vulnerability in Bitdefender End ...) + NOT-FOR-US: Bitdefender +CVE-2021-3575 (A heap-based buffer overflow was found in openjpeg in color.c:379:42 i ...) + - openjpeg2 (bug #989775) + [bookworm] - openjpeg2 (Minor issue) + [bullseye] - openjpeg2 (Minor issue) + [buster] - openjpeg2 (Minor issue) + [stretch] - openjpeg2 (Minor issue) + NOTE: https://github.com/uclouvain/openjpeg/issues/1347 +CVE-2021-3574 (A vulnerability was found in ImageMagick-7.0.11-5, where executing a c ...) + {DLA-3357-1} + [experimental] - imagemagick 8:6.9.12.20+dfsg1-1 + - imagemagick 8:6.9.11.60+dfsg-1.5 (bug #1027164) + [bullseye] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/3540 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6ad94fbb7b280f39c2fbbdc1c140e51b1b466e9 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/cd7f9fb7751b0d59d5a74b12d971155caad5a792 +CVE-2021-33804 + RESERVED +CVE-2021-33803 + RESERVED +CVE-2021-33802 + RESERVED +CVE-2021-33801 + RESERVED +CVE-2021-33800 (In Druid 1.2.3, visiting the path with parameter in a certain function ...) + NOT-FOR-US: Alibaba Druid +CVE-2021-33799 + RESERVED +CVE-2021-33798 (A null pointer dereference was found in libpano13, version libpano13-2 ...) + NOTE: duplicate of CVE-2021-33293, pinged Fedora for reject +CVE-2021-33797 (Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1 ...) + - mujs 1.1.3-2 + [bullseye] - mujs 1.1.0-1+deb11u3 + NOTE: https://github.com/ccxvii/mujs/issues/148 + NOTE: https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 (1.1.2) +CVE-2021-33796 (In MuJS before version 1.1.2, a use-after-free flaw in the regexp sour ...) + - mujs 1.1.3-2 + [bullseye] - mujs (Minor issue) + NOTE: https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515 (1.1.2) +CVE-2021-3573 (A use-after-free in function hci_sock_bound_ioctl() of the Linux kerne ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/08/2 +CVE-2021-33795 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 produce incorr ...) + NOT-FOR-US: Foxit +CVE-2021-33794 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 allow informat ...) + NOT-FOR-US: Foxit Reader +CVE-2021-33793 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) + NOT-FOR-US: Foxit Reader +CVE-2021-33792 (Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of ...) + NOT-FOR-US: Foxit +CVE-2021-3572 (A flaw was found in python-pip in the way it handled Unicode separator ...) + - python-pip 20.3.4-2 + [buster] - python-pip (Minor issue) + [stretch] - python-pip (Minor issue. Fix along with next DLA) + NOTE: https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1926957 + NOTE: https://github.com/pypa/pip/pull/9827 + NOTE: https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e (21.1) +CVE-2021-33791 + REJECTED +CVE-2021-3571 (A flaw was found in the ptp4l program of the linuxptp package. When pt ...) + - linuxptp 3.1-2.1 (bug #990749) + [buster] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) + [stretch] - linuxptp (Vulnerable code introduced later, transparent clock implementation in v2.0) + NOTE: https://github.com/richardcochran/linuxptp/commit/d61d77e163dbee247819f3d88593ba111577af15 (master) + NOTE: https://github.com/richardcochran/linuxptp/commit/0b3ab45de6a96ca181a5cf62c3c2b97167e2ed20 (v3.1.1) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 +CVE-2021-3570 (A flaw was found in the ptp4l program of the linuxptp package. A missi ...) + {DSA-4938-1 DLA-2723-1} + - linuxptp 3.1-2.1 (bug #990748) + NOTE: https://github.com/richardcochran/linuxptp/commit/a1e63aa3a7304647913707c4df01f3df430806ab (master) + NOTE: https://github.com/richardcochran/linuxptp/commit/ce15e4de5926724557e8642ec762a210632f15ca (v3.1.1) + NOTE: https://github.com/richardcochran/linuxptp/commit/c15da0756d9b0ad9c0b9307c4a8685b490b76485 (v1.9.3) + NOTE: https://github.com/richardcochran/linuxptp/commit/7795df89dd4f94e0f55959dc61a85535d0f01cae (v1.8.1) + NOTE: https://www.openwall.com/lists/oss-security/2021/07/06/1 +CVE-2020-36385 (An issue was discovered in the Linux kernel before 5.10. drivers/infin ...) + - linux 5.10.4-1 + NOTE: https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1 +CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigge ...) + NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) +CVE-2021-33790 (The RebornCore library before 4.7.3 allows remote code execution becau ...) + NOT-FOR-US: RebornCore +CVE-2021-33789 + RESERVED +CVE-2021-33788 (Windows LSA Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33787 + RESERVED +CVE-2021-33786 (Windows LSA Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33785 (Windows AF_UNIX Socket Provider Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33784 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-33783 (Windows SMB Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33782 (Windows Authenticode Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33781 (Azure AD Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33780 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33779 (Windows ADFS Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33778 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33777 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33776 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33775 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-33774 (Windows Event Tracing Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33773 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33772 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-33771 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-33770 + RESERVED +CVE-2021-33769 + RESERVED +CVE-2021-33768 (Microsoft Exchange Server Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-33767 (Open Enclave SDK Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33766 (Microsoft Exchange Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33765 (Windows Installer Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33764 (Windows Key Distribution Center Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33763 (Windows Remote Access Connection Manager Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33762 (Azure CycleCloud Elevation of Privilege Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-33761 (Windows Remote Access Connection Manager Elevation of Privilege Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-33760 (Media Foundation Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33759 (Windows Desktop Bridge Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33758 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-33757 (Windows Security Account Manager Remote Protocol Security Feature Bypa ...) + NOT-FOR-US: Microsoft +CVE-2021-33756 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33755 (Windows Hyper-V Denial of Service Vulnerability This CVE ID is unique ...) + NOT-FOR-US: Microsoft +CVE-2021-33754 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33753 (Microsoft Bing Search Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33752 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33751 (Storage Spaces Controller Elevation of Privilege Vulnerability This CV ...) + NOT-FOR-US: Microsoft +CVE-2021-33750 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33749 (Windows DNS Snap-in Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33748 + RESERVED +CVE-2021-33747 + RESERVED +CVE-2021-33746 (Windows DNS Server Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2021-33745 (Windows DNS Server Denial of Service Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2021-33744 (Windows Secure Kernel Mode Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33743 (Windows Projected File System Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33742 (Windows MSHTML Platform Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33741 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33740 (Windows Media Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-33739 (Microsoft DWM Core Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-36381 (An issue was discovered in the singleCrunch function in shenzhim aaptj ...) + NOT-FOR-US: aaptjs +CVE-2020-36380 (An issue was discovered in the crunch function in shenzhim aaptjs 1.3. ...) + NOT-FOR-US: aaptjs +CVE-2020-36379 (An issue was discovered in the remove function in shenzhim aaptjs 1.3. ...) + NOT-FOR-US: aaptjs +CVE-2020-36378 (An issue was discovered in the packageCmd function in shenzhim aaptjs ...) + NOT-FOR-US: aaptjs +CVE-2020-36377 (An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, ...) + NOT-FOR-US: aaptjs +CVE-2020-36376 (An issue was discovered in the list function in shenzhim aaptjs 1.3.1, ...) + NOT-FOR-US: aaptjs +CVE-2020-36375 (Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, all ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36374 (Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, a ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36373 (Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allow ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36372 (Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, a ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36371 (Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36370 (Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36369 (Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20. ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36368 (Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, al ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...) + NOT-FOR-US: Cesanta MJS +CVE-2021-3569 (A stack corruption bug was found in libtpms in versions before 0.7.2 a ...) + - libtpms 0.8.2-1 + NOTE: https://github.com/stefanberger/libtpms/commit/505ef841c00b4c096b1977c667cb957bec3a1d8b (v0.8.0) + NOTE: https://github.com/stefanberger/libtpms/commit/40cfe134c017d3aeaaed05ce71eaf9bfbe556b16 (v0.7.2) +CVE-2021-3568 + RESERVED +CVE-2021-3567 (A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. ...) + - caribou 0.4.21-7.1 (bug #980061) + [buster] - caribou (Security impact only with cinnamon-screensaver >= 4.2) + [stretch] - caribou (Security impact only with cinnamon-screensaver >= 4.2) + NOTE: https://bugs.launchpad.net/ubuntu/+source/caribou/+bug/1912060 + NOTE: https://gitlab.gnome.org/GNOME/caribou/-/merge_requests/3 + NOTE: https://gitlab.gnome.org/GNOME/caribou/-/commit/d41c8e44b12222a290eaca16703406b113a630c6 +CVE-2021-33738 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.2 ...) + NOT-FOR-US: JT2Go +CVE-2021-33737 (A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS ...) + NOT-FOR-US: Siemens +CVE-2021-33736 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33735 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33734 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33733 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33732 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33731 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33730 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33729 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33728 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33727 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33726 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33725 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33724 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33723 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33722 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33721 (A vulnerability has been identified in SINEC NMS (All versions < V1.0 ...) + NOT-FOR-US: Siemens +CVE-2021-33720 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-33719 (A vulnerability has been identified in SIPROTEC 5 relays with CPU vari ...) + NOT-FOR-US: Siemens +CVE-2021-33718 (A vulnerability has been identified in Mendix Applications using Mendi ...) + NOT-FOR-US: Mendix Applications +CVE-2021-33717 (A vulnerability has been identified in JT2Go (All versions < V13.2.0.1 ...) + NOT-FOR-US: JT2Go +CVE-2021-33716 (A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS ...) + NOT-FOR-US: Siemens +CVE-2021-33715 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33714 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33713 (A vulnerability has been identified in JT Utilities (All versions < V1 ...) + NOT-FOR-US: Siemens +CVE-2021-33712 (A vulnerability has been identified in Mendix SAML Module (All version ...) + NOT-FOR-US: Mendix SAML Module +CVE-2021-33711 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33710 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33709 (A vulnerability has been identified in Teamcenter Active Workspace V4 ...) + NOT-FOR-US: Siemens +CVE-2021-33708 (Due to insufficient input validation in Kyma, authenticated users can ...) + NOT-FOR-US: Kyma +CVE-2021-33707 (SAP NetWeaver Knowledge Management allows remote attackers to redirect ...) + NOT-FOR-US: SAP +CVE-2021-33706 (Due to improper input validation in InfraBox, logs can be modified by ...) + NOT-FOR-US: InfraBox +CVE-2021-33705 (The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.4 ...) + NOT-FOR-US: SAP +CVE-2021-33704 (The Service Layer of SAP Business One, version - 10.0, allows an authe ...) + NOT-FOR-US: SAP +CVE-2021-33703 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30 ...) + NOT-FOR-US: NetWeaver +CVE-2021-33702 (Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10 ...) + NOT-FOR-US: NetWeaver +CVE-2021-33701 (DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1 ...) + NOT-FOR-US: SAP +CVE-2021-33700 (SAP Business One, version - 10.0, allows a local attacker with access ...) + NOT-FOR-US: SAP +CVE-2021-33699 (Task Hijacking is a vulnerability that affects the applications runnin ...) + NOT-FOR-US: Android +CVE-2021-33698 (SAP Business One, version - 10.0, allows an attacker with business aut ...) + NOT-FOR-US: SAP +CVE-2021-33697 (Under certain conditions, SAP BusinessObjects Business Intelligence Pl ...) + NOT-FOR-US: SAP +CVE-2021-33696 (SAP BusinessObjects Business Intelligence Platform (Crystal Report), v ...) + NOT-FOR-US: SAP +CVE-2021-33695 (Potentially, SAP Cloud Connector, version - 2.0 communication with the ...) + NOT-FOR-US: SAP +CVE-2021-33694 (SAP Cloud Connector, version - 2.0, does not sufficiently encode user- ...) + NOT-FOR-US: SAP +CVE-2021-33693 (SAP Cloud Connector, version - 2.0, allows an authenticated administra ...) + NOT-FOR-US: SAP +CVE-2021-33692 (SAP Cloud Connector, version - 2.0, allows the upload of zip files as ...) + NOT-FOR-US: SAP +CVE-2021-33691 (NWDI Notification Service versions - 7.31, 7.40, 7.50, does not suffic ...) + NOT-FOR-US: SAP +CVE-2021-33690 (Server-Side Request Forgery (SSRF) vulnerability has been detected in ...) + NOT-FOR-US: SAP +CVE-2021-33689 (When user with insufficient privileges tries to access any application ...) + NOT-FOR-US: SAP +CVE-2021-33688 (SAP Business One allows an attacker with business privileges to execut ...) + NOT-FOR-US: SAP +CVE-2021-33687 (SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30 ...) + NOT-FOR-US: SAP +CVE-2021-33686 (Under certain conditions, SAP Business One version - 10.0, allows an u ...) + NOT-FOR-US: SAP +CVE-2021-33685 (SAP Business One version - 10.0 allows low-level authorized attacker t ...) + NOT-FOR-US: SAP +CVE-2021-33684 (SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7. ...) + NOT-FOR-US: SAP +CVE-2021-33683 (SAP Web Dispatcher and Internet Communication Manager (ICM), versions ...) + NOT-FOR-US: SAP +CVE-2021-33682 (SAP Lumira Server version 2.4 does not sufficiently encode user contro ...) + NOT-FOR-US: SAP +CVE-2021-33681 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33680 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33679 (The SAP BusinessObjects BI Platform version - 420 allows an attacker, ...) + NOT-FOR-US: SAP +CVE-2021-33678 (A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), ...) + NOT-FOR-US: SAP +CVE-2021-33677 (SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, ...) + NOT-FOR-US: SAP +CVE-2021-33676 (A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 7 ...) + NOT-FOR-US: SAP +CVE-2021-33675 (Under certain conditions, SAP Contact Center - version 700, does not s ...) + NOT-FOR-US: SAP +CVE-2021-33674 (Under certain conditions, SAP Contact Center - version 700, does not s ...) + NOT-FOR-US: SAP +CVE-2021-33673 (Under certain conditions, SAP Contact Center - version 700,does not su ...) + NOT-FOR-US: SAP +CVE-2021-33672 (Due to missing encoding in SAP Contact Center's Communication Desktop ...) + NOT-FOR-US: SAP +CVE-2021-33671 (SAP NetWeaver Guided Procedures (Administration Workset), versions - 7 ...) + NOT-FOR-US: SAP +CVE-2021-33670 (SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - ...) + NOT-FOR-US: SAP +CVE-2021-33669 (Under certain conditions, SAP Mobile SDK Certificate Provider allows a ...) + NOT-FOR-US: SAP +CVE-2021-33668 (Due to improper input sanitization, specially crafted LDAP queries can ...) + NOT-FOR-US: SAP +CVE-2021-33667 (Under certain conditions, SAP Business Objects Web Intelligence (BI La ...) + NOT-FOR-US: SAP +CVE-2021-33666 (When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it ...) + NOT-FOR-US: SAP +CVE-2021-33665 (SAP NetWeaver Application Server ABAP (Applications based on SAP GUI f ...) + NOT-FOR-US: SAP +CVE-2021-33664 (SAP NetWeaver Application Server ABAP (Applications based on Web Dynpr ...) + NOT-FOR-US: SAP +CVE-2021-33663 (SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - ...) + NOT-FOR-US: SAP +CVE-2021-33662 (Under certain conditions, the installation of SAP Business One, versio ...) + NOT-FOR-US: SAP +CVE-2021-33661 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33660 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33659 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) + NOT-FOR-US: SAP +CVE-2021-33658 (atune before 0.3-0.8 log in as a local user and run the curl command t ...) + NOT-FOR-US: A-Tune OS tuning engine +CVE-2021-33657 (There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple ...) + {DLA-3314-1} + - libsdl1.2 1.2.15+dfsg2-7 (bug #1014577) + [bullseye] - libsdl1.2 (Minor issue) + [buster] - libsdl1.2 (Minor issue) + [stretch] - libsdl1.2 (Minor issue) + - libsdl2 2.0.20+dfsg-2 + [bullseye] - libsdl2 2.0.14+dfsg2-3+deb11u1 + [stretch] - libsdl2 (Minor issue) + NOTE: https://github.com/libsdl-org/SDL/commit/8c91cf7dba5193f5ce12d06db1336515851c9ee9 (release-2.0.20) +CVE-2021-33656 (When setting font with malicous data by ioctl cmd PIO_FONT,kernel will ...) + {DLA-3131-1} + - linux 5.14.6-1 + [bullseye] - linux 5.10.127-1 + NOTE: https://git.kernel.org/linus/ff2047fb755d4415ec3c70ac799889371151796d (v5.12-rc1) +CVE-2021-33655 (When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO, ...) + {DSA-5191-1 DLA-3131-1} + - linux 5.18.14-1 + NOTE: https://git.kernel.org/linus/65a01e601dbba8b7a51a2677811f70f783766682 (5.19-rc7) + NOTE: https://git.kernel.org/linus/e64242caef18b4a5840b0e7a9bff37abd4f4f933 (5.19-rc7) + NOTE: https://git.kernel.org/linus/6c11df58fd1ac0aefcb3b227f72769272b939e56 (5.19-rc7) +CVE-2021-33654 (When performing the initialization operation of the Split operator, if ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33653 (When performing the derivation shape operation of the SpaceToBatch ope ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33652 (When the Reduce operator run operation is executed, if there is a valu ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33651 (When performing the analytical operation of the DepthwiseConv2D operat ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33650 (When performing the inference shape operation of the SparseToDense ope ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33649 (When performing the inference shape operation of the Transpose operato ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33648 (When performing the inference shape operation of Affine, Concat, MatMu ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33647 (When performing the inference shape operation of the Tile operator, if ...) + NOT-FOR-US: Mindspore deep learning +CVE-2021-33646 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...) + NOT-FOR-US: Huawei OpenEuler OS +CVE-2021-33645 (The th_read() function doesn\u2019t free a variable t->th_buf.gnu_long ...) + NOT-FOR-US: Huawei OpenEuler OS +CVE-2021-33644 (An attacker who submits a crafted tar file with size in header struct ...) + NOT-FOR-US: Huawei OpenEuler OS +CVE-2021-33643 (An attacker who submits a crafted tar file with size in header struct ...) + NOT-FOR-US: Huawei OpenEuler OS +CVE-2021-33642 (When a file is processed, an infinite loop occurs in next_inline() of ...) + NOT-FOR-US: OpenEuler +CVE-2021-33641 (When processing files, malloc stores the data of the current line. Whe ...) + NOT-FOR-US: OpenEuler +CVE-2021-33640 (After tar_close(), libtar.c releases the memory pointed to by pointer ...) + NOT-FOR-US: OpenEuler +CVE-2021-33639 (REMAP cmd of SVM driver can be used to remap read only memory as read- ...) + NOT-FOR-US: OpenEuler +CVE-2021-33638 (When the isula cp command is used to copy files from a container to a ...) + NOT-FOR-US: OpenEuler iSulad +CVE-2021-33637 (When the isula export command is used to export a container to an imag ...) + NOT-FOR-US: OpenEuler iSulad +CVE-2021-33636 (When the isula load command is used to load malicious images, attacker ...) + NOT-FOR-US: OpenEuler iSulad +CVE-2021-33635 (When malicious images are pulled by isula pull, attackers can execute ...) + NOT-FOR-US: OpenEuler iSulad +CVE-2021-33634 (iSulad uses the lcr+lxc runtime (default) to run malicious images, whi ...) + NOT-FOR-US: OpenEuler lcr +CVE-2021-33633 + RESERVED +CVE-2021-33632 + RESERVED +CVE-2021-33631 + RESERVED +CVE-2021-33630 + RESERVED +CVE-2021-33629 (isula-build before 0.9.5-6 can cause a program crash, when building co ...) + NOT-FOR-US: isula-build +CVE-2021-33628 + RESERVED +CVE-2021-33627 (An issue was discovered in Insyde InsydeH2O 5.x, affecting FwBlockServ ...) + NOT-FOR-US: Insyde +CVE-2021-33626 (A vulnerability exists in SMM (System Management Mode) branch that reg ...) + NOT-FOR-US: Insyde +CVE-2021-33625 (An issue was discovered in Kernel 5.x in Insyde InsydeH2O, affecting H ...) + NOT-FOR-US: Insyde +CVE-2021-33624 (In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch ...) + {DLA-2785-1} + - linux 5.10.46-1 + [buster] - linux 4.19.208-1 + [stretch] - linux (Too risky to backport, and mitigated by default) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/21/1 +CVE-2021-33623 (The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.j ...) + {DLA-3247-1} + - node-trim-newlines 3.0.0+~3.0.0-1 + [bullseye] - node-trim-newlines 3.0.0-1+deb11u1 + [stretch] - node-trim-newlines (Nodejs in stretch not covered by security support) + NOTE: https://github.com/advisories/GHSA-7p7h-4mm5-852v + NOTE: https://github.com/sindresorhus/trim-newlines/commit/25246c6ce5eea1c82d448998733a6302a4350d91 (v4.0.1) + NOTE: https://github.com/sindresorhus/trim-newlines/commit/b10d5f4afef832b16bc56d49fc52c68cbd403869 (v3.0.1) +CVE-2021-33622 (Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, h ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container 3.9.5+ds1-2 (bug #990201) + NOTE: https://support.sylabs.io/support/solutions/articles/42000087130-3-5-8-security-release-cve-2021-33622- +CVE-2021-33621 (The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 ...) + {DLA-3450-1} + - ruby3.1 3.1.2-4 (bug #1024799) + - ruby3.0 (bug #1024800) + - ruby2.7 + [bullseye] - ruby2.7 (Minor issue) + - ruby2.5 + NOTE: https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/ + NOTE: Fixed by: https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 (v0.3.4) + NOTE: Possible followup needed: https://github.com/ruby/cgi/commit/b46d41c36380e04f6388970b5ef05c687f4d1819 (v0.3.5) + NOTE: Fixed in Ruby 3.1.3, 3.0.5 and 2.2.7 +CVE-2021-33619 + RESERVED +CVE-2021-33618 (Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstr ...) + - dolibarr +CVE-2021-33617 (Zoho ManageEngine Password Manager Pro before 11.2 11200 allows login/ ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-33616 (RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.) + NOT-FOR-US: RSA Archer +CVE-2021-33615 (RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with ...) + NOT-FOR-US: RSA Archer +CVE-2021-33620 (Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-572g-rvwr-6c7f + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-1e05a85bd28c22c9ca5d3ac9f5e86d6269ec0a8c.patch + NOTE: https://megamansec.github.io/Squid-Security-Audit/range-fatal.html +CVE-2021-33614 + RESERVED +CVE-2021-33613 + RESERVED +CVE-2021-33612 + RESERVED +CVE-2021-33611 (Missing output sanitization in test sources in org.webjars.bowergithub ...) + NOT-FOR-US: vaadin-menu-bar +CVE-2021-33610 + RESERVED +CVE-2021-33609 (Missing check in DataCommunicator class in com.vaadin:vaadin-server ve ...) + NOT-FOR-US: Vaadin +CVE-2021-33608 + RESERVED +CVE-2021-33607 + RESERVED +CVE-2021-33606 + RESERVED +CVE-2021-33605 (Improper check in CheckboxGroup in com.vaadin:vaadin-checkbox-flow ver ...) + NOT-FOR-US: com.vaadin:vaadin-checkbox-flow +CVE-2021-33604 (URL encoding error in development mode handler in com.vaadin:flow-serv ...) + NOT-FOR-US: com.vaadin:flow-server +CVE-2021-33603 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-33602 (A vulnerability affecting the F-Secure Antivirus engine was discovered ...) + NOT-FOR-US: F-Secure +CVE-2021-33601 (A vulnerability was discovered in the web user interface of F-Secure I ...) + NOT-FOR-US: F-Secure +CVE-2021-33600 (A denial-of-service (DoS) vulnerability was discovered in the web user ...) + NOT-FOR-US: F-Secure +CVE-2021-33599 (A vulnerability affecting F-Secure Antivirus engine was discovered whe ...) + NOT-FOR-US: F-Secure Antivirus +CVE-2021-33598 (A Denial-of-Service (DoS) vulnerability was discovered in all versions ...) + NOT-FOR-US: F-Secure +CVE-2021-33597 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atl ...) + NOT-FOR-US: F-Secure +CVE-2021-33596 (Showing the legitimate URL in the address bar while loading the conten ...) + NOT-FOR-US: F-Secure +CVE-2021-33595 (A address bar spoofing vulnerability was discovered in Safe Browser fo ...) + NOT-FOR-US: Safe Browser for iOS +CVE-2021-33594 (An address bar spoofing vulnerability was discovered in Safe Browser f ...) + NOT-FOR-US: Safe Browser for Android +CVE-2021-33593 (Whale browser for iOS before 1.14.0 has an inconsistent user interface ...) + NOT-FOR-US: Whale browser for iOS +CVE-2021-33592 (NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arb ...) + NOT-FOR-US: NAVER Toolbar +CVE-2021-33591 (An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15 ...) + NOT-FOR-US: Naver Comic Viewer +CVE-2021-33590 (GattLib 0.3-rc1 has a stack-based buffer over-read in get_device_path_ ...) + NOT-FOR-US: GattLib +CVE-2021-33589 (Ribose RNP before 0.15.1 does not implement a required step in a crypt ...) + - rnp 0.15.1-1 + NOTE: https://open.ribose.com/advisories/ra-2021-05-30/#CVE-2021-33589 +CVE-2021-33588 + RESERVED +CVE-2021-33587 (The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure t ...) + {DLA-3350-1} + - node-css-what 5.0.1-1 (bug #989264) + [bullseye] - node-css-what 4.0.0-3+deb11u1 + [buster] - node-css-what (Minor issue, intrusive to backport fixes to older series) + [stretch] - node-css-what (Nodejs in stretch not covered by security support) + NOTE: https://github.com/fb55/css-what/commit/4cdaacfd0d4b6fd00614be030da0dea6c2994655 + NOTE: https://github.com/fb55/css-what/releases/tag/v5.0.1 +CVE-2021-33585 + RESERVED +CVE-2021-33584 + RESERVED +CVE-2021-33583 (REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa pas ...) + NOT-FOR-US: REINER +CVE-2021-33582 (Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of s ...) + {DLA-3052-1} + - cyrus-imapd 3.4.2-1 (bug #993433) + [bullseye] - cyrus-imapd 3.2.6-2+deb11u1 + [buster] - cyrus-imapd 3.0.8-6+deb10u6 + - cyrus-imapd-2.4 + NOTE: https://cyrus.topicbox.com/groups/announce/T3dde0a2352462975-M1386fc44adf967e072f8df13/cyrus-imap-3-4-2-3-2-8-and-3-0-16-released + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/0fb658f1727f4446f7f33adcc428ba4c9eeabe3e (master) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/f63695609c88a3f76129499bb49fb82e8155fb32 (master) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/833c22bd7de5bbb591c2cb3705c9983b6d2b1fee (master) +CVE-2021-33581 (MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows ...) + NOT-FOR-US: Software AG MashZone +CVE-2021-33580 (User controlled `request.getHeader("Referer")`, `request.getRequestURL ...) + NOT-FOR-US: Apache Roller +CVE-2021-33586 (InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to co ...) + - inspircd 3.8.1-2 (bug #989144) + [buster] - inspircd (Vulnerable code not present) + [stretch] - inspircd (Vulnerable code not present) + NOTE: https://docs.inspircd.org/security/2021-01/ + NOTE: https://github.com/inspircd/inspircd/commit/4350a11c663b0d75f8119743bffb7736d87abd4d +CVE-2021-3566 (Prior to ffmpeg version 4.3, the tty demuxer did not have a 'read_prob ...) + {DSA-5126-1 DLA-2742-1} + - ffmpeg 7:4.3-2 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/3bce9e9b3ea35c54bacccc793d7da99ea5157532 (4.3) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/97ee4a451b5b1eb0010664b4a8c048d6c8c06a8a (4.1.9) +CVE-2021-33579 + RESERVED +CVE-2021-33578 (Echo ShareCare 8.15.5 is susceptible to SQL injection vulnerabilities ...) + NOT-FOR-US: Echo ShareCare +CVE-2021-33577 (An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for t ...) + NOT-FOR-US: Cleo LexiCom +CVE-2021-33576 (An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 messag ...) + NOT-FOR-US: Cleo LexiCom +CVE-2021-33575 (The Pixar ruby-jss gem before 1.6.0 allows remote attackers to execute ...) + NOT-FOR-US: ruby-jss gem +CVE-2021-33574 (The mq_notify function in the GNU C Library (aka glibc) versions 2.32 ...) + {DLA-3152-1} + [experimental] - glibc 2.32-0experimental0 + - glibc 2.32-1 (bug #989147) + [bullseye] - glibc 2.31-13+deb11u3 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27896 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091 + NOTE: When fixing this issue the fix needs to be applied such that CVE-2021-38604 + NOTE: is not opened, CVE-2021-38604 information: + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=28213 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 + NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 +CVE-2021-33573 + RESERVED +CVE-2021-33572 (A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Lin ...) + NOT-FOR-US: F-Secure +CVE-2021-33571 (In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, ...) + {DLA-2676-1} + - python-django 2:2.2.24-1 (bug #989394) + [buster] - python-django (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 + NOTE: https://github.com/django/django/commit/e1d787f1b36d13b95187f8f425425ae1b98da188 (main) + NOTE: https://github.com/django/django/commit/f27c38ab5d90f68c9dd60cabef248a570c0be8fc (2.2.24) +CVE-2021-33570 (Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG e ...) + NOT-FOR-US: Postbird +CVE-2021-33569 + RESERVED +CVE-2021-33568 + RESERVED +CVE-2021-33567 + RESERVED +CVE-2021-33566 + RESERVED +CVE-2021-33565 + RESERVED +CVE-2016-20011 (libgrss through 0.7.0 fails to perform TLS certificate verification wh ...) + - libgrss (bug #989149) + [bookworm] - libgrss (Minor issue) + [bullseye] - libgrss (Minor issue) + [buster] - libgrss (Minor issue) + [stretch] - libgrss (Minor issue) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=772647 + NOTE: https://gitlab.gnome.org/GNOME/libgrss/-/issues/4 +CVE-2021-3565 (A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3 ...) + - tpm2-tools 5.0-2 (bug #989148) + [buster] - tpm2-tools (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1964427 + NOTE: https://github.com/tpm2-software/tpm2-tools/issues/2738 + NOTE: https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515 +CVE-2021-33564 (An argument injection vulnerability in the Dragonfly gem before 1.4.0 ...) + NOT-FOR-US: Dragonfly gem +CVE-2021-33563 (Koel before 5.1.4 lacks login throttling, lacks a password strength po ...) + NOT-FOR-US: Koel +CVE-2021-33562 (A reflected cross-site scripting (XSS) vulnerability in Shopizer befor ...) + NOT-FOR-US: Shopizer +CVE-2021-33561 (A stored cross-site scripting (XSS) vulnerability in Shopizer before 2 ...) + NOT-FOR-US: Shopizer +CVE-2021-40528 (The ElGamal implementation in Libgcrypt before 1.9.4 allows plaintext ...) + {DLA-2691-1} + - libgcrypt20 1.8.7-6 + [buster] - libgcrypt20 1.8.4-5+deb10u1 + NOTE: https://dev.gnupg.org/T5328 + NOTE: https://eprint.iacr.org/2021/923.pdf + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=3462280f2e23e16adf3ed5176e0f2413d8861320 (1.9.x) + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=707c3c5c511ee70ad0e39ec613471f665305fbea (1.8.x) + NOTE: See notes on CVE-2021-40528 on the confusion about swapping of scope of + NOTE: CVE-2021-40528 and CVE-2021-33560. +CVE-2021-33559 + RESERVED +CVE-2021-33558 (Boa 0.94.13 allows remote attackers to obtain sensitive information vi ...) + - boa +CVE-2021-33557 (An XSS issue was discovered in manage_custom_field_edit_page.php in Ma ...) + - mantis +CVE-2021-33556 + RESERVED +CVE-2021-33555 (In PEPPERL+FUCHS WirelessHART-Gateway <= 3.0.7 the filename parameter ...) + NOT-FOR-US: PEPPERL+FUCHS WirelessHART-Gateway +CVE-2021-33554 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33553 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33552 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33551 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33550 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33549 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33548 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33547 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33546 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33545 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33544 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33543 (Multiple camera devices by UDP Technology, Geutebr\xfcck and other ven ...) + NOT-FOR-US: UDP Technology +CVE-2021-33542 (Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 ...) + NOT-FOR-US: Phoenix +CVE-2021-33541 (Phoenix Contact Classic Line Controllers ILC1x0 and ILC1x1 in all vers ...) + NOT-FOR-US: Phoenix +CVE-2021-33540 (In certain devices of the Phoenix Contact AXL F BK and IL BK product f ...) + NOT-FOR-US: Phoenix +CVE-2021-33539 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33538 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33537 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33536 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33535 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33534 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33533 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33532 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33531 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33530 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33529 (In Weidmueller Industrial WLAN devices in multiple versions the usage ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33528 (In Weidmueller Industrial WLAN devices in multiple versions an exploit ...) + NOT-FOR-US: Weidmueller Industrial WLAN devices +CVE-2021-33527 (In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can ...) + NOT-FOR-US: MB connect line +CVE-2021-33526 (In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local ...) + NOT-FOR-US: MB connect line +CVE-2021-33525 (EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (b ...) + NOT-FOR-US: EyesOfNetwork (EON) eonweb +CVE-2021-3564 (A flaw double-free memory corruption in the Linux kernel HCI device in ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/25/1 +CVE-2021-33524 + RESERVED +CVE-2021-33523 (MashZone NextGen through 10.7 GA allows a remote authenticated user, w ...) + NOT-FOR-US: Software AG MashZone +CVE-2021-33522 + RESERVED +CVE-2021-33521 + RESERVED +CVE-2021-33520 + RESERVED +CVE-2021-33519 + RESERVED +CVE-2021-33518 + RESERVED +CVE-2021-33517 + RESERVED +CVE-2021-33516 (An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x befo ...) + [experimental] - gupnp 1.2.7-1 + - gupnp 1.4.0-2 (bug #989098) + [bullseye] - gupnp (Minor issue) + [buster] - gupnp (Minor issue) + [stretch] - gupnp (Minor issue) + NOTE: https://discourse.gnome.org/t/security-relevant-releases-for-gupnp-issue-cve-2021-33516/6536 + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/issues/24 + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/05e964d48322ff23a65c6026d656e4494ace6ff9 (gupnp-1.0) + NOTE: https://gitlab.gnome.org/GNOME/gupnp/-/commit/ca6ec9dcb26fd7a2a630eb6a68118659b589afac (master) +CVE-2021-33515 (The submission service in Dovecot before 2.3.15 allows STARTTLS comman ...) + {DLA-3122-1} + - dovecot 1:2.3.13+dfsg1-2 (bug #990566) + [stretch] - dovecot (Vulnerable code (smtp_server_command queue) introduced later) + NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html + NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/2 +CVE-2021-33514 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2021-33513 (Plone through 5.2.4 allows XSS via the inline_diff methods in Products ...) + NOT-FOR-US: Plone +CVE-2021-33512 (Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by up ...) + NOT-FOR-US: Plone +CVE-2021-33511 (Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo ...) + NOT-FOR-US: Plone +CVE-2021-33510 (Plone through 5.2.4 allows remote authenticated managers to conduct SS ...) + NOT-FOR-US: Plone +CVE-2021-33509 (Plone through 5.2.4 allows remote authenticated managers to perform di ...) + NOT-FOR-US: Plone +CVE-2021-33508 (Plone through 5.2.4 allows XSS via a full name that is mishandled duri ...) + NOT-FOR-US: Plone +CVE-2021-33507 (Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService b ...) + NOT-FOR-US: Zope Products.CMFCore (as used in Plone) +CVE-2021-33506 (jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure tha ...) + NOT-FOR-US: jitsi-meet-prosody +CVE-2021-33505 (A local malicious user can circumvent the Falco detection engine throu ...) + - falco (bug #842306) +CVE-2021-33504 (Couchbase Server before 7.1.0 has Incorrect Access Control.) + NOT-FOR-US: Couchbase Server +CVE-2021-33503 (An issue was discovered in urllib3 before 1.26.5. When provided with a ...) + - python-urllib3 1.26.5-1~exp1 (bug #989848) + [buster] - python-urllib3 (Vulnerable code introduced later) + [stretch] - python-urllib3 (Vulnerable code introduced later) + NOTE: https://github.com/advisories/GHSA-q2q7-5pp4-w6pg + NOTE: Introduced around: https://github.com/urllib3/urllib3/commit/5b047b645f5f93900d5e2fc31230848c25eb1f5f (1.25.4) + NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec (1.26.5) +CVE-2021-33502 (The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x befo ...) + - node-got 11.8.1+~cs53.13.17-3 (bug #989258) + [buster] - node-got (Vulnerable code introduced later) + NOTE: https://github.com/sindresorhus/normalize-url/releases/tag/v6.0.1 + NOTE: https://github.com/sindresorhus/normalize-url/commit/b1fdb5120b6d27a88400d8800e67ff5a22bd2103 +CVE-2021-33501 (Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Exec ...) + NOT-FOR-US: Overwolf +CVE-2021-33500 (PuTTY before 0.75 on Windows allows remote servers to cause a denial o ...) + - putty (Windows-specific) +CVE-2021-33499 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-33498 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-3563 (A flaw was found in openstack-keystone. Only the first 72 characters o ...) + - keystone (bug #989998) + [bookworm] - keystone (Minor issue) + [bullseye] - keystone (Minor issue) + [buster] - keystone (Minor issue) + [stretch] - keystone (Keystone is not supported in stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1962908 + NOTE: https://bugs.launchpad.net/keystone/+bug/1901891 +CVE-2021-33497 (Dutchcoders transfer.sh before 1.2.4 allows Directory Traversal for de ...) + NOT-FOR-US: Dutchcoders transfer.sh +CVE-2021-33496 (Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view.) + NOT-FOR-US: Dutchcoders transfer.sh +CVE-2021-33495 (OX App Suite 7.10.5 allows XSS via an OX Chat system message.) + NOT-FOR-US: OX App Suite +CVE-2021-33494 (OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing ...) + NOT-FOR-US: OX App Suite +CVE-2021-33493 (The middleware component in OX App Suite through 7.10.5 allows Code In ...) + NOT-FOR-US: OX App Suite +CVE-2021-33492 (OX App Suite 7.10.5 allows XSS via an OX Chat room name.) + NOT-FOR-US: OX App Suite +CVE-2021-33491 (OX App Suite through 7.10.5 allows Directory Traversal via ../ in an O ...) + NOT-FOR-US: OX App Suite +CVE-2021-33490 (OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shar ...) + NOT-FOR-US: OX App Suite +CVE-2021-33489 (OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared ...) + NOT-FOR-US: OX App Suite +CVE-2021-33488 (chat in OX App Suite 7.10.5 has Improper Input Validation. A user can ...) + NOT-FOR-US: OX App Suite +CVE-2021-33487 + RESERVED +CVE-2021-33486 (All versions of the CODESYS V3 Runtime Toolkit for VxWorks from versio ...) + NOT-FOR-US: CODESYS V3 Runtime Toolkit for VxWorks +CVE-2021-33485 (CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffe ...) + NOT-FOR-US: CODESYS Control Runtime +CVE-2021-3562 + RESERVED +CVE-2021-33484 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) + NOT-FOR-US: OnyakTech Comments Pro DNN Module +CVE-2021-33483 (An issue was discovered in CommentsService.ashx in OnyakTech Comments ...) + NOT-FOR-US: OnyakTech Comments Pro DNN Module +CVE-2021-33482 + RESERVED +CVE-2021-33478 (The TrustZone implementation in certain Broadcom MediaxChange firmware ...) + NOT-FOR-US: Broadcom +CVE-2021-3561 (An Out of Bounds flaw was found fig2dev version 3.2.8a. A flawed bound ...) + {DLA-2778-1} + - fig2dev 1:3.2.8-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u4 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/116/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/6827c09d2d6491cb2ae3ac7196439ff3aa791fd9/ + NOTE: Depends on CVE-2019-19797 fix +CVE-2021-3560 (It was found that polkit could be tricked into bypassing the credentia ...) + - policykit-1 0.105-31 (bug #989429) + [buster] - policykit-1 (Vulnerable code introduced later) + [stretch] - policykit-1 (Vulnerable code introduced later) + NOTE: Issue Upstream introduced in 0.113 with https://gitlab.freedesktop.org/polkit/polkit/-/commit/bfa5036bfb93582c5a87c44b847957479d911e38 + NOTE: Debian backported 0.113 commits in 0.105-26 + NOTE: Fixed by: https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81 (0.119) + NOTE: https://gitlab.freedesktop.org/polkit/polkit/-/issues/140 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1961710 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/03/1 + NOTE: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ +CVE-2021-33476 + RESERVED +CVE-2021-33475 + RESERVED +CVE-2021-33474 + RESERVED +CVE-2021-33473 (An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allow ...) + NOT-FOR-US: Dragonfly Ruby Gem +CVE-2021-33472 + RESERVED +CVE-2021-33471 + RESERVED +CVE-2021-33470 (COVID19 Testing Management System 1.0 is vulnerable to SQL Injection v ...) + NOT-FOR-US: COVID19 Testing Management System +CVE-2021-33469 (COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scri ...) + NOT-FOR-US: COVID19 Testing Management System +CVE-2021-33468 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/162 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33467 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/163 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33466 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/172 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33465 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/173 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33464 (An issue was discovered in yasm version 1.3.0. There is a heap-buffer- ...) + - yasm (bug #1016353) + [bookworm] - yasm (Minor issue) + [bullseye] - yasm (Minor issue) + [buster] - yasm (Minor issue) + NOTE: https://github.com/yasm/yasm/issues/164 +CVE-2021-33463 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/174 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33462 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/165 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33461 (An issue was discovered in yasm version 1.3.0. There is a use-after-fr ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/161 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33460 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/168 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33459 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/167 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33458 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/170 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33457 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/171 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33456 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/175 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33455 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/169 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33454 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...) + - yasm (unimportant) + NOTE: https://github.com/yasm/yasm/issues/166 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33453 (An issue was discovered in lrzip version 0.641. There is a use-after-f ...) + - lrzip (unimportant) + NOTE: https://github.com/ckolivas/lrzip/issues/199 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33452 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392757 + NOTE: Memleak in CLI tool, no security impact +CVE-2021-33451 (An issue was discovered in lrzip version 0.641. There are memory leaks ...) + - lrzip (unimportant) + NOTE: https://github.com/ckolivas/lrzip/issues/198 + NOTE: Memleak in CLI tool, no security impact +CVE-2021-33450 (An issue was discovered in NASM version 2.16rc0. There are memory leak ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392758 + NOTE: Memleak in CLI tool, no security impact +CVE-2021-33449 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33448 (An issue was discovered in mjs(mJS: Restricted JavaScript engine), ES6 ...) + NOT-FOR-US: mjs +CVE-2021-33447 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33446 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33445 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33444 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33443 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33442 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33441 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33440 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33439 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33438 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33437 (An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES ...) + NOT-FOR-US: mjs +CVE-2021-33436 (NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from lo ...) + NOT-FOR-US: NoMachine +CVE-2021-33435 + RESERVED +CVE-2021-33434 + RESERVED +CVE-2021-33433 + RESERVED +CVE-2021-33432 + RESERVED +CVE-2021-33431 + RESERVED +CVE-2021-33430 (A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_N ...) + - numpy 1:1.21.4-2 + [bullseye] - numpy (Minor issue) + NOTE: https://github.com/numpy/numpy/issues/18939 + NOTE: https://github.com/numpy/numpy/pull/18989 + NOTE: https://github.com/numpy/numpy/commit/16f7824b4d935b6aee98298ca4123d57174a6f2e (v1.22.0.dev0) +CVE-2021-33429 + RESERVED +CVE-2021-33428 + RESERVED +CVE-2021-33427 + RESERVED +CVE-2021-33426 + RESERVED +CVE-2021-33425 (A stored cross-site scripting (XSS) vulnerability was discovered in th ...) + NOT-FOR-US: OpenWRT LuCI +CVE-2021-33424 + RESERVED +CVE-2021-33423 + RESERVED +CVE-2021-33422 + RESERVED +CVE-2021-33421 + RESERVED +CVE-2021-33420 (A deserialization issue discovered in inikulin replicator before 1.0.4 ...) + NOT-FOR-US: inikulin replicator +CVE-2021-33419 + RESERVED +CVE-2021-33418 + RESERVED +CVE-2021-33417 + RESERVED +CVE-2021-33416 + RESERVED +CVE-2021-33415 + RESERVED +CVE-2021-33414 + RESERVED +CVE-2021-33413 + RESERVED +CVE-2021-33412 + RESERVED +CVE-2021-33411 + RESERVED +CVE-2021-33410 + RESERVED +CVE-2021-33409 + RESERVED +CVE-2021-33408 (Local File Inclusion vulnerability in Ab Initio Control>Center before ...) + NOT-FOR-US: Ab Initio +CVE-2021-33407 + RESERVED +CVE-2021-33406 + RESERVED +CVE-2021-33405 + RESERVED +CVE-2021-33404 + RESERVED +CVE-2021-33403 (An integer overflow in the transfer function of a smart contract imple ...) + NOT-FOR-US: Lancer +CVE-2021-33402 + RESERVED +CVE-2021-33401 + RESERVED +CVE-2021-33400 + RESERVED +CVE-2021-33399 + RESERVED +CVE-2021-33398 + RESERVED +CVE-2021-33397 + RESERVED +CVE-2021-33396 (Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, al ...) + NOT-FOR-US: baijiacms +CVE-2021-33395 + RESERVED +CVE-2021-33394 (Cubecart 6.4.2 allows Session Fixation. The application does not gener ...) + NOT-FOR-US: Cubecart +CVE-2021-33393 (lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/bac ...) + NOT-FOR-US: IPFire +CVE-2021-33392 + RESERVED +CVE-2021-33391 (An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitra ...) + - tidy-html5 (bug #1032665) + [bookworm] - tidy-html5 (Minor issue) + [bullseye] - tidy-html5 (Minor issue) + [buster] - tidy-html5 (Minor issue) + NOTE: https://github.com/htacg/tidy-html5/issues/946 + NOTE: https://github.com/htacg/tidy-html5/commit/efa61528aa500a1efbd2768121820742d3bb709b +CVE-2021-33390 (dpic 2021.04.10 has a use-after-free in thedeletestringbox() function ...) + - dpic 2021.11.01-1 (unimportant) + NOTE: https://gitlab.com/aplevich/dpic/-/issues/10 + NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/32c26bb3996511662029c961f5e83fb696c087d4 + NOTE: Crash in CLI tool, no security impact +CVE-2021-33389 + RESERVED +CVE-2021-33388 (dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in ...) + - dpic 2021.11.01-1 + [bullseye] - dpic (Minor issue) + NOTE: https://gitlab.com/aplevich/dpic/-/issues/8 + NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/32c26bb3996511662029c961f5e83fb696c087d4 +CVE-2021-33387 (Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker t ...) + NOT-FOR-US: MiniCMS +CVE-2021-33386 + RESERVED +CVE-2021-33385 + RESERVED +CVE-2021-33384 + RESERVED +CVE-2021-33383 + RESERVED +CVE-2021-33382 + RESERVED +CVE-2021-33381 + RESERVED +CVE-2021-33380 + RESERVED +CVE-2021-33379 + RESERVED +CVE-2021-33378 + RESERVED +CVE-2021-33377 + RESERVED +CVE-2021-33376 + RESERVED +CVE-2021-33375 + RESERVED +CVE-2021-33374 + RESERVED +CVE-2021-33373 + RESERVED +CVE-2021-33372 + RESERVED +CVE-2021-33371 (A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.p ...) + NOT-FOR-US: Student Management System +CVE-2021-33370 + RESERVED +CVE-2021-33369 + RESERVED +CVE-2021-33368 + RESERVED +CVE-2021-33367 (Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to ...) + - freeimage (bug #1032666) + [bookworm] - freeimage (Minor issue) + [bullseye] - freeimage (Minor issue) + [buster] - freeimage (Minor issue) + NOTE: https://sourceforge.net/p/freeimage/discussion/36109/thread/1a4db03d58/ +CVE-2021-33366 (Memory leak in the gf_isom_oinf_read_entry function in MP4Box in GPAC ...) + {DSA-5411-1} + - gpac (unimportant) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/0a85029d694f992f3631e2f249e4999daee15cbf + NOTE: https://github.com/gpac/gpac/issues/1785 + NOTE: Negligible security impact +CVE-2021-33365 (Memory leak in the gf_isom_get_root_od function in MP4Box in GPAC 1.0. ...) + {DSA-5411-1} + - gpac (unimportant) + NOTE: https://github.com/gpac/gpac/commit/984787de3d414a5f7d43d0b4584d9469dff2a5a5 + NOTE: https://github.com/gpac/gpac/issues/1784 + NOTE: Negligible security impact +CVE-2021-33364 (Memory leak in the def_parent_box_new function in MP4Box in GPAC 1.0.1 ...) + {DSA-5411-1} + - gpac (unimportant) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/fe5155cf047252d1c4cb91602048bfa682af0ea7 + NOTE: https://github.com/gpac/gpac/issues/1783 + NOTE: Negligible security impact +CVE-2021-33363 (Memory leak in the infe_box_read function in MP4Box in GPAC 1.0.1 allo ...) + {DSA-5411-1} + - gpac (unimportant) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/ec64c7b8966d7e4642d12debb888be5acf18efb9 + NOTE: https://github.com/gpac/gpac/issues/1786 + NOTE: Negligible security impact +CVE-2021-33362 (Stack buffer overflow in the hevc_parse_vps_extension function in MP4B ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Vulnerable code introduced later, in version 0.7.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1273cdc706eeedf8346d4b9faa5b33435056061d (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1780 + NOTE: Introduced by https://github.com/gpac/gpac/commit/8ba129e92de77df32d152c24bbd3ca9839a29d57 +CVE-2021-33361 (Memory leak in the afra_box_read function in MP4Box in GPAC 1.0.1 allo ...) + {DSA-5411-1} + - gpac (unimportant) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/a51f951b878c2b73c1d8e2f1518c7cdc5fb82c3f + NOTE: https://github.com/gpac/gpac/issues/1782 + NOTE: Negligible security impact +CVE-2021-33360 (An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers ...) + NOT-FOR-US: Node gnuplot +CVE-2021-33359 (A vulnerability exists in gowitness < 2.3.6 that allows an unauthentic ...) + NOT-FOR-US: gowitness +CVE-2021-33358 (Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interfac ...) + NOT-FOR-US: RaspAP +CVE-2021-33357 (A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET param ...) + NOT-FOR-US: RaspAP +CVE-2021-33356 (Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 c ...) + NOT-FOR-US: RaspAP +CVE-2021-33355 + RESERVED +CVE-2021-33354 (Directory Traversal vulnerability in htmly before 2.8.1 allows remote ...) + NOT-FOR-US: htmly +CVE-2021-33353 (Directory Traversal vulnerability in Wyomind Help Desk Magento 2 exten ...) + NOT-FOR-US: Wyomind Help Desk Magento +CVE-2021-33352 (An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before f ...) + NOT-FOR-US: Wyomind Help Desk Magento +CVE-2021-33351 (Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 exte ...) + NOT-FOR-US: Wyomind Help Desk Magento +CVE-2021-33350 + RESERVED +CVE-2021-33349 + RESERVED +CVE-2021-33348 (An issue was discovered in JFinal framework v4.9.10 and below. The "se ...) + NOT-FOR-US: JFinal +CVE-2021-33347 (An issue was discovered in JPress v3.3.0 and below. There are XSS vuln ...) + NOT-FOR-US: JPress +CVE-2021-33346 (There is an arbitrary password modification vulnerability in a D-LINK ...) + NOT-FOR-US: D-Link +CVE-2021-33345 + RESERVED +CVE-2021-33344 + RESERVED +CVE-2021-33343 + RESERVED +CVE-2021-33342 + RESERVED +CVE-2021-33341 + RESERVED +CVE-2021-33340 + RESERVED +CVE-2021-33339 (Cross-site scripting (XSS) vulnerability in the Fragment module in Lif ...) + NOT-FOR-US: Liferay +CVE-2021-33338 (The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay D ...) + NOT-FOR-US: Liferay +CVE-2021-33337 (Cross-site scripting (XSS) vulnerability in the Document Library modul ...) + NOT-FOR-US: Liferay +CVE-2021-33336 (Cross-site scripting (XSS) vulnerability in the Journal module's add a ...) + NOT-FOR-US: Liferay +CVE-2021-33335 (Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3 ...) + NOT-FOR-US: Liferay +CVE-2021-33334 (The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33333 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) + NOT-FOR-US: Liferay +CVE-2021-33332 (Cross-site scripting (XSS) vulnerability in the Portlet Configuration ...) + NOT-FOR-US: Liferay +CVE-2021-33331 (Open redirect vulnerability in the Notifications module in Liferay Por ...) + NOT-FOR-US: Liferay +CVE-2021-33330 (Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pac ...) + NOT-FOR-US: Liferay +CVE-2021-33329 + RESERVED +CVE-2021-33328 (Cross-site scripting (XSS) vulnerability in the Asset module's edit vo ...) + NOT-FOR-US: Liferay +CVE-2021-33327 (The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 ...) + NOT-FOR-US: Liferay +CVE-2021-33326 (Cross-site scripting (XSS) vulnerability in the Frontend JS module in ...) + NOT-FOR-US: Liferay +CVE-2021-33325 (The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Li ...) + NOT-FOR-US: Liferay +CVE-2021-33324 (The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay D ...) + NOT-FOR-US: Liferay +CVE-2021-33323 (The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33322 (In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pa ...) + NOT-FOR-US: Liferay +CVE-2021-33321 (Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, ...) + NOT-FOR-US: Liferay +CVE-2021-33320 (The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP ...) + NOT-FOR-US: Liferay +CVE-2021-33319 + RESERVED +CVE-2021-33318 (An Input Validation Vulnerability exists in Joel Christner .NET C# pac ...) + NOT-FOR-US: jchristn/IpMatcher +CVE-2021-33317 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) + NOT-FOR-US: TRENDnet +CVE-2021-33316 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) + NOT-FOR-US: TRENDnet +CVE-2021-33315 (The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suf ...) + NOT-FOR-US: TRENDnet +CVE-2021-33314 + RESERVED +CVE-2021-33313 + RESERVED +CVE-2021-33312 + RESERVED +CVE-2021-33311 + RESERVED +CVE-2021-33310 + RESERVED +CVE-2021-33309 + RESERVED +CVE-2021-33308 + RESERVED +CVE-2021-33307 + RESERVED +CVE-2021-33306 + RESERVED +CVE-2021-33305 + RESERVED +CVE-2021-33304 (Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP- ...) + NOT-FOR-US: picoTCP +CVE-2021-33303 + RESERVED +CVE-2021-33302 + RESERVED +CVE-2021-33301 + RESERVED +CVE-2021-33300 + RESERVED +CVE-2021-33299 + RESERVED +CVE-2021-33298 + RESERVED +CVE-2021-33297 + RESERVED +CVE-2021-33296 + RESERVED +CVE-2021-33295 (Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before ...) + NOT-FOR-US: Joplin Desktop App +CVE-2021-33294 (In elfutils 0.183, an infinite loop was found in the function handle_s ...) + - elfutils 0.185-2 (unimportant) + NOTE: Hang in CLI tool, no security impact + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27501 + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=480b6fa3662ba8ffeee274bf0d37423413c01e55 (elfutils-0.184) +CVE-2021-33293 (Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-b ...) + {DLA-2957-1} + [experimental] - libpano13 2.9.21~rc1+dfsg-1 + - libpano13 2.9.21+dfsg-2 (bug #1008024) + [bullseye] - libpano13 (Minor issue) + [buster] - libpano13 (Minor issue) + NOTE: https://groups.google.com/u/1/g/hugin-ptx/c/gLtz2vweD74 + NOTE: Fixed by: https://sourceforge.net/p/panotools/libpano13/ci/62aa7eed8fae5d8f247a2508a757f31000de386f/ +CVE-2021-33292 + RESERVED +CVE-2021-33291 + RESERVED +CVE-2021-33290 + RESERVED +CVE-2021-33289 (In NTFS-3G versions < 2021.8.22, when a specially crafted MFT section ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33288 + RESERVED +CVE-2021-33287 (In NTFS-3G versions < 2021.8.22, when specially crafted NTFS attribute ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33286 (In NTFS-3G versions < 2021.8.22, when a specially crafted unicode stri ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33285 (In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS attribu ...) + {DSA-4971-1 DLA-2819-1} + [experimental] - ntfs-3g 1:2021.8.22-1 + - ntfs-3g 1:2021.8.22-2 (bug #988386) + NOTE: https://www.openwall.com/lists/oss-security/2021/08/30/1 + NOTE: https://github.com/tuxera/ntfs-3g/security/advisories/GHSA-q759-8j5v-q5jp +CVE-2021-33284 + RESERVED +CVE-2021-33283 + RESERVED +CVE-2021-33282 + RESERVED +CVE-2021-33281 + RESERVED +CVE-2021-33280 + RESERVED +CVE-2021-33279 + RESERVED +CVE-2021-33278 + RESERVED +CVE-2021-33277 + RESERVED +CVE-2021-33276 + RESERVED +CVE-2021-33275 + RESERVED +CVE-2021-33274 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33273 + RESERVED +CVE-2021-33272 + RESERVED +CVE-2021-33271 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33270 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33269 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33268 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33267 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33266 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33265 (D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_201 ...) + NOT-FOR-US: D-Link +CVE-2021-33264 + RESERVED +CVE-2021-33263 + RESERVED +CVE-2021-33262 + RESERVED +CVE-2021-33261 + RESERVED +CVE-2021-33260 + RESERVED +CVE-2021-33259 (Several web interfaces in D-Link DIR-868LW 1.12b have no authenticatio ...) + NOT-FOR-US: D-Link +CVE-2021-33258 + RESERVED +CVE-2021-33257 + RESERVED +CVE-2021-33256 (A CSV injection vulnerability on the login panel of ManageEngine ADSel ...) + NOT-FOR-US: ManageEngine +CVE-2021-33255 + RESERVED +CVE-2021-33254 (An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Comm ...) + NOT-FOR-US: AppWeb HTTP server +CVE-2021-33253 + RESERVED +CVE-2021-33252 + RESERVED +CVE-2021-33251 + RESERVED +CVE-2021-33250 + RESERVED +CVE-2021-33249 + RESERVED +CVE-2021-33248 + RESERVED +CVE-2021-33247 + RESERVED +CVE-2021-33246 + RESERVED +CVE-2021-33245 + RESERVED +CVE-2021-33244 + RESERVED +CVE-2021-33243 + RESERVED +CVE-2021-33242 + RESERVED +CVE-2021-33241 + RESERVED +CVE-2021-33240 + RESERVED +CVE-2021-33239 + RESERVED +CVE-2021-33238 + RESERVED +CVE-2021-33237 + REJECTED +CVE-2021-33236 (Buffer Overflow vulnerability in write_header in htmldoc through 1.9.1 ...) + - htmldoc 1.9.12-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/425 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e (v1.9.12) + NOTE: Crash in CLI tool, no security impact + NOTE: Duplicate CVE of CVE-2022-34033 +CVE-2021-33235 (Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 ...) + - htmldoc 1.9.12-1 (unimportant) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/426 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/ee778252faebb721afba5a081dd6ad7eaf20eef3 (v1.9.12) + NOTE: Duplicate assignment of CVE-2022-34035 +CVE-2021-33234 + RESERVED +CVE-2021-33233 + RESERVED +CVE-2021-33232 + RESERVED +CVE-2021-33231 (Cross Site Scripting (XSS) vulnerability in New equipment page in Easy ...) + NOT-FOR-US: EasyVista Service Manager +CVE-2021-33230 + RESERVED +CVE-2021-33229 + RESERVED +CVE-2021-33228 + RESERVED +CVE-2021-33227 + RESERVED +CVE-2021-33226 (Buffer Overflow vulnerability in Saltstack v.3003 and before allows at ...) + NOT-FOR-US: Disputed Salt issue +CVE-2021-33225 + RESERVED +CVE-2021-33224 (File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthentica ...) + NOT-FOR-US: Umbraco Forms +CVE-2021-33223 (An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate p ...) + NOT-FOR-US: SeedDMS +CVE-2021-33222 + RESERVED +CVE-2021-33221 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33220 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33219 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33218 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33217 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33216 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33215 (An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and ...) + NOT-FOR-US: CommScope Ruckus IoT Controller +CVE-2021-33214 (In HMS Ewon eCatcher through 6.6.4, weak filesystem permissions could ...) + NOT-FOR-US: HMS Ewon eCatcher +CVE-2021-33213 (An SSRF vulnerability in the "Upload from URL" feature in Elements-IT ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33212 (A Cross-site scripting (XSS) vulnerability in the "View in Browser" fe ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33211 (A Directory Traversal vulnerability in the Unzip feature in Elements-I ...) + NOT-FOR-US: Elements-IT HTTP Commander +CVE-2021-33210 (An issue was discovered in Fimer Aurora Vision before 2.97.10. An atta ...) + NOT-FOR-US: Fimer Aurora +CVE-2021-33209 (An issue was discovered in Fimer Aurora Vision before 2.97.10. The res ...) + NOT-FOR-US: Fimer Aurora +CVE-2021-33208 (The "Register an Ehcache Configuration File" admin feature in MashZone ...) + NOT-FOR-US: Software AG MashZone +CVE-2021-33207 (The HTTP client in MashZone NextGen through 10.7 GA deserializes untru ...) + NOT-FOR-US: Software AG MashZone +CVE-2021-33206 + RESERVED +CVE-2021-33205 (Western Digital EdgeRover before 0.25 has an escalation of privileges ...) + NOT-FOR-US: Western Digital +CVE-2021-3559 (A flaw was found in libvirt in the virConnectListAllNodeDevices API in ...) + - libvirt (Vulnerable code never in a released version) + NOTE: Fixed by: https://gitlab.com/libvirt/libvirt/-/commit/4c4d0e2da07b5a035b26a0ff13ec27070f7c7b1a (v7.0.0-rc1) + NOTE: Introduced by: https://gitlab.com/libvirt/libvirt/-/commit/f1b08901f7ae7557f79d83bdac33cc0bd79d1437 (v6.10.0-rc1) +CVE-2021-3558 + REJECTED +CVE-2021-3557 (A flaw was found in argocd. Any unprivileged user is able to deploy ar ...) + NOT-FOR-US: Argo CD +CVE-2021-3556 + REJECTED +CVE-2021-33204 (In the pg_partman (aka PG Partition Manager) extension before 4.5.1 fo ...) + - pg-partman 4.5.1-1 (bug #988917) + [buster] - pg-partman (Minor issue) + [stretch] - pg-partman (Minor issue) + NOTE: https://github.com/pgpartman/pg_partman/commit/0b6565ad378c358f8a6cd1d48ddc482eb7f854d3 +CVE-2021-33203 (Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a ...) + {DLA-2676-1} + - python-django 2:2.2.24-1 (bug #989394) + [buster] - python-django (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/02/1 + NOTE: https://github.com/django/django/commit/46572de2e92fdeaf047f80c44d52269e54ad68db (main) + NOTE: https://github.com/django/django/commit/053cc9534d174dc89daba36724ed2dcb36755b90 (2.2.24) +CVE-2021-33202 + RESERVED +CVE-2021-33201 + RESERVED +CVE-2021-33200 (kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces inco ...) + - linux 5.10.40-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/27/1 + NOTE: Issue introduced due to fixes applied for CVE-2021-29155 +CVE-2021-33199 (In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.p ...) + NOT-FOR-US: Expression Engine +CVE-2021-33198 (In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic fo ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue) + - golang-1.8 + [stretch] - golang-1.8 (Vulnerable code introduced later) + - golang-1.7 + [stretch] - golang-1.7 (Vulnerable code introduced later) + NOTE: https://github.com/golang/go/issues/45910 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: Introduced by https://github.com/golang/go/commit/e4ba40030f9ba4b61bb28dbf78bb41a7b14e6788 (go1.13beta1) +CVE-2021-33197 (In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, header corruption in proxy chains) + - golang-1.8 + [stretch] - golang-1.8 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) + - golang-1.7 + [stretch] - golang-1.7 (Minor issue, header corruption in proxy chains, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/46313 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/cbd1ca84453fecf3825a6bb9f985823e8bc32b76 (1.15) +CVE-2021-33196 (In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafte ...) + {DLA-3395-1 DLA-2892-1 DLA-2891-1} + - golang-1.16 1.16.5-1 (bug #989492) + - golang-1.15 1.15.9-4 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://github.com/golang/go/issues/46242 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33912 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/c92adf420a3d9a5510f9aea382d826f0c9216a10 (1.15) + NOTE: Incomplete fix, cf. CVE-2021-39293 +CVE-2021-33195 (Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS looku ...) + - golang-1.16 1.16.5-1 + - golang-1.15 1.15.9-5 + [bullseye] - golang-1.15 (Minor issue; will be fixed via point release) + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, affects poor validation practice, follow bullseye DSAs/point-releases) + - golang-1.8 + [stretch] - golang-1.8 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) + - golang-1.7 + [stretch] - golang-1.7 (Minor issue, affects poor validation practice, requires rebuilding reverse-dependencies) + NOTE: https://github.com/golang/go/issues/46241 + NOTE: https://groups.google.com/g/golang-announce/c/RgCMkAEQjSI + NOTE: https://github.com/golang/go/commit/31d60cda1f58b7558fc5725d2b9e4531655d980e (1.15) +CVE-2021-33194 (golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows atta ...) + - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-4 + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support) + [stretch] - golang-golang-x-net-dev (Limited support in stretch) + NOTE: https://groups.google.com/g/golang-dev/c/28x0nthP-c8/m/KqWVTjsnBAAJ + NOTE: https://github.com/golang/go/issues/46288 +CVE-2021-33193 (A crafted method sent through HTTP/2 will bypass validation and be for ...) + {DLA-3351-1} + - apache2 2.4.48-4 + [bullseye] - apache2 2.4.48-3.1+deb11u1 + [stretch] - apache2 (Revisit when a suitable backport is available for 2.4.25) + NOTE: https://portswigger.net/research/http2 + NOTE: https://github.com/apache/httpd/commit/ecebcc035ccd8d0e2984fe41420d9e944f456b3c (2.4.49) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-33193 + NOTE: https://git.centos.org/rpms/httpd/blob/c496dea5e0b6e82a9f503e973fc5d5ea93a94180/f/SOURCES/httpd-2.4.37-CVE-2021-33193.patch (2.4.37) + NOTE: http://launchpadlibrarian.net/559974735/apache2_2.4.29-1ubuntu4.16_2.4.29-1ubuntu4.17.diff.gz (2.4.29) +CVE-2021-33192 (A vulnerability in the HTML pages of Apache Jena Fuseki allows an atta ...) + - apache-jena 4.5.0-1 (bug #1014982) + NOTE: https://lists.apache.org/thread/sq6q94q0prqwr9vdm2wptglcq1kv98k8 +CVE-2021-33191 (From Apache NiFi MiNiFi C++ version 0.5.0 the c2 protocol implements a ...) + NOT-FOR-US: Apache NiFi +CVE-2021-33190 (In Apache APISIX Dashboard version 2.6, we changed the default value o ...) + NOT-FOR-US: Apache APISIX Dashboard +CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...) + NOT-FOR-US: Smartstore (aka SmartStoreNET) +CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...) + NOT-FOR-US: Smartstore (aka SmartStoreNET) +CVE-2021-33481 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) + - gocr (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/42/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33480 (An use-after-free vulnerability was discovered in gocr through 0.53-20 ...) + - gocr (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/40/ + NOTE: https://sourceforge.net/p/jocr/bugs/41/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33479 (A stack-based buffer overflow vulnerability was discovered in gocr thr ...) + - gocr (unimportant) + NOTE: https://sourceforge.net/p/jocr/bugs/39/ + NOTE: Crash in CLI tool, no security impact +CVE-2021-33477 (rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (po ...) + {DLA-2683-1 DLA-2682-1 DLA-2681-1 DLA-2671-1} + - rxvt + - rxvt-unicode 9.22-11 (bug #988763) + [buster] - rxvt-unicode 9.22-6+deb10u1 + - mrxvt + - eterm 0.9.6-6.1 (bug #989041) + [buster] - eterm 0.9.6-5+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/17/1 + NOTE: Mentioned first in: https://www.openwall.com/lists/oss-security/2017/05/01/20 + NOTE: Fixed by: http://cvs.schmorp.de/rxvt-unicode/src/command.C?r1=1.582&r2=1.583 + NOTE: Disabled problematic code in: http://cvs.schmorp.de/rxvt-unicode/src/command.C?view=log#rev1.585 +CVE-2021-33189 + RESERVED +CVE-2021-33188 + RESERVED +CVE-2021-33187 + RESERVED +CVE-2021-3555 (A Buffer Overflow vulnerability in the RSTP server component of Eufy I ...) + NOT-FOR-US: Eufy 2K Indoor Camera +CVE-2021-33186 (SerenityOS in test-crypto.cpp contains a stack buffer overflow which c ...) + NOT-FOR-US: SerenityOS +CVE-2021-33185 (SerenityOS contains a buffer overflow in the set_range test in TestBit ...) + NOT-FOR-US: SerenityOS +CVE-2021-33184 (Server-Side request forgery (SSRF) vulnerability in task management co ...) + NOT-FOR-US: Synology +CVE-2021-33183 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-33182 (Improper limitation of a pathname to a restricted directory ('Path Tra ...) + NOT-FOR-US: Synology +CVE-2021-33181 (Server-Side Request Forgery (SSRF) vulnerability in webapi component i ...) + NOT-FOR-US: Synology +CVE-2021-33180 (Improper neutralization of special elements used in an SQL command ('S ...) + NOT-FOR-US: Synology +CVE-2021-33179 (The general user interface in Nagios XI versions prior to 5.8.4 is vul ...) + NOT-FOR-US: Nagios XI +CVE-2021-33178 (The Manage Backgrounds functionality within NagVis versions prior to 1 ...) + - nagvis 1:1.9.29-1 + [bullseye] - nagvis (Minor issue) + [buster] - nagvis (Minor issue) + [stretch] - nagvis (Minor issue) +CVE-2021-33177 (The Bulk Modifications functionality in Nagios XI versions prior to 5. ...) + NOT-FOR-US: Nagios XI +CVE-2021-33176 (VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denia ...) + NOT-FOR-US: VerneMQ MQTT Broker +CVE-2021-33175 (EMQ X Broker versions prior to 4.2.8 are vulnerable to a denial of ser ...) + NOT-FOR-US: EMQ X Broker +CVE-2021-33174 + RESERVED +CVE-2021-33173 + RESERVED +CVE-2021-33172 + RESERVED +CVE-2021-33171 + RESERVED +CVE-2021-33170 + RESERVED +CVE-2021-33169 + RESERVED +CVE-2021-33168 + RESERVED +CVE-2021-33167 + RESERVED +CVE-2021-33166 (Incorrect default permissions for the Intel(R) RXT for Chromebook appl ...) + NOT-FOR-US: Intel +CVE-2021-33165 + RESERVED +CVE-2021-33164 (Improper access control in BIOS firmware for some Intel(R) NUCs before ...) + NOT-FOR-US: Intel +CVE-2021-33163 + RESERVED +CVE-2021-33162 + RESERVED +CVE-2021-33161 + RESERVED +CVE-2021-33160 + RESERVED +CVE-2021-33159 (Improper authentication in subsystem for Intel(R) AMT before versions ...) + NOT-FOR-US: Intel +CVE-2021-33158 + RESERVED +CVE-2021-33157 + RESERVED +CVE-2021-33156 + RESERVED +CVE-2021-33155 (Improper input validation in firmware for some Intel(R) Wireless Bluet ...) + NOT-FOR-US: Intel +CVE-2021-33154 + RESERVED +CVE-2021-33153 + RESERVED +CVE-2021-33152 + RESERVED +CVE-2021-33151 + RESERVED +CVE-2021-33150 (Hardware allows activation of test or debug logic at runtime for some ...) + NOT-FOR-US: Intel +CVE-2021-33149 (Observable behavioral discrepancy in some Intel(R) Processors may allo ...) + NOT-FOR-US: Intel +CVE-2021-33148 + RESERVED +CVE-2021-33147 (Improper conditions check in the Intel(R) IPP Crypto library before ve ...) + NOT-FOR-US: Intel +CVE-2021-33146 + RESERVED +CVE-2021-33145 + RESERVED +CVE-2021-33144 + RESERVED +CVE-2021-33143 + RESERVED +CVE-2021-33142 + RESERVED +CVE-2021-33141 + RESERVED +CVE-2021-33140 + RESERVED +CVE-2021-33139 (Improper conditions check in firmware for some Intel(R) Wireless Bluet ...) + NOT-FOR-US: Intel +CVE-2021-33138 + RESERVED +CVE-2021-33137 (Out-of-bounds write in the Intel(R) Kernelflinger project may allow an ...) + NOT-FOR-US: Intel +CVE-2021-33136 + RESERVED +CVE-2021-33135 (Uncontrolled resource consumption in the Linux kernel drivers for Inte ...) + - linux 5.16.18-1 + [bullseye] - linux (Vulnerable code not present) + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/08999b2489b4c9b939d7483dbd03702ee4576d96 (5.17-rc8) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html +CVE-2021-33134 + RESERVED +CVE-2021-33133 + RESERVED +CVE-2021-33132 + RESERVED +CVE-2021-33131 + RESERVED +CVE-2021-33130 (Insecure default variable initialization of Intel(R) RealSense(TM) ID ...) + NOT-FOR-US: Intel +CVE-2021-33129 (Incorrect default permissions in the software installer for the Intel( ...) + NOT-FOR-US: Intel +CVE-2021-33128 (Improper access control in the firmware for some Intel(R) E810 Etherne ...) + NOT-FOR-US: Intel +CVE-2021-33127 + RESERVED +CVE-2021-33126 (Improper access control in the firmware for some Intel(R) 700 and 722 ...) + NOT-FOR-US: Intel +CVE-2021-33125 + RESERVED +CVE-2021-33124 (Out-of-bounds write in the BIOS authenticated code module for some Int ...) + NOT-FOR-US: Intel +CVE-2021-33123 (Improper access control in the BIOS authenticated code module for some ...) + NOT-FOR-US: Intel +CVE-2021-33122 (Insufficient control flow management in the BIOS firmware for some Int ...) + NOT-FOR-US: Intel +CVE-2021-33121 + RESERVED +CVE-2021-33120 (Out of bounds read under complex microarchitectural condition in memor ...) + - intel-microcode 3.20220207.1 + [bullseye] - intel-microcode 3.20220207.1~deb11u1 + [buster] - intel-microcode 3.20220207.1~deb10u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00589.html +CVE-2021-33119 (Improper access control in the Intel(R) RealSense(TM) DCM before versi ...) + NOT-FOR-US: Intel +CVE-2021-33118 (Improper access control in the software installer for the Intel(R) Ser ...) + NOT-FOR-US: Intel +CVE-2021-33117 (Improper access control for some 3rd Generation Intel(R) Xeon(R) Scala ...) + - intel-microcode 3.20220207.1 + [bullseye] - intel-microcode 3.20220207.1~deb11u1 + [buster] - intel-microcode 3.20220207.1~deb10u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html + NOTE: Fixed via m_87_606a6_0d000331.inc: sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840 +CVE-2021-33116 + RESERVED +CVE-2021-33115 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in UE ...) + NOT-FOR-US: Intel +CVE-2021-33114 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + NOT-FOR-US: Intel +CVE-2021-33113 (Improper input validation for some Intel(R) PROSet/Wireless WiFi in mu ...) + NOT-FOR-US: Intel +CVE-2021-33112 + RESERVED +CVE-2021-33111 + RESERVED +CVE-2021-33110 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) + NOT-FOR-US: Intel +CVE-2021-33109 + RESERVED +CVE-2021-33108 (Improper input validation in the Intel(R) In-Band Manageability softwa ...) + NOT-FOR-US: Intel +CVE-2021-33107 (Insufficiently protected credentials in USB provisioning for Intel(R) ...) + NOT-FOR-US: Intel +CVE-2021-33106 (Integer overflow in the Safestring library maintained by Intel(R) may ...) + NOT-FOR-US: Intel +CVE-2021-33105 (Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM ...) + NOT-FOR-US: Intel +CVE-2021-33104 (Improper access control in the Intel(R) OFU software before version 14 ...) + NOT-FOR-US: Intel +CVE-2021-33103 (Unintended intermediary in the BIOS authenticated code module for some ...) + NOT-FOR-US: Intel +CVE-2021-33102 + RESERVED +CVE-2021-33101 (Uncontrolled search path in the Intel(R) GPA software before version 2 ...) + NOT-FOR-US: Intel +CVE-2021-33100 + RESERVED +CVE-2021-33099 + RESERVED +CVE-2021-33098 (Improper input validation in the Intel(R) Ethernet ixgbe driver for Li ...) + - linux 5.10.46-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/63e39d29b3da02e901349f6cd71159818a4737a6 (5.13-rc4) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00555.html +CVE-2021-33097 (Time-of-check time-of-use vulnerability in the Crypto API Toolkit for ...) + NOT-FOR-US: Intel +CVE-2021-33096 (Improper isolation of shared resources in network on chip for the Inte ...) + NOT-FOR-US: Intel +CVE-2021-33095 (Unquoted search path in the installer for the Intel(R) NUC M15 Laptop ...) + NOT-FOR-US: Intel +CVE-2021-33094 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33093 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33092 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) + NOT-FOR-US: Intel +CVE-2021-33091 (Insecure inherited permissions in the installer for the Intel(R) NUC M ...) + NOT-FOR-US: Intel +CVE-2021-33090 (Incorrect default permissionsin the software installer for the Intel(R ...) + NOT-FOR-US: Intel +CVE-2021-33089 (Improper access control in the software installer for the Intel(R) NUC ...) + NOT-FOR-US: Intel +CVE-2021-33088 (Incorrect default permissions in the installer for the Intel(R) NUC M1 ...) + NOT-FOR-US: Intel +CVE-2021-33087 (Improper authentication in the installer for the Intel(R) NUC M15 Lapt ...) + NOT-FOR-US: Intel +CVE-2021-33086 (Out-of-bounds write in firmware for some Intel(R) NUCs may allow an au ...) + NOT-FOR-US: Intel +CVE-2021-33085 + RESERVED +CVE-2021-33084 + RESERVED +CVE-2021-33083 (Improper authentication in firmware for some Intel(R) SSD, Intel(R) Op ...) + NOT-FOR-US: Intel +CVE-2021-33082 (Sensitive information in resource not removed before reuse in firmware ...) + NOT-FOR-US: Intel +CVE-2021-33081 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...) + NOT-FOR-US: firmware for some Intel(R) SSD DC Products +CVE-2021-33080 (Exposure of sensitive system information due to uncleared debug inform ...) + NOT-FOR-US: Intel +CVE-2021-33079 (Protection mechanism failure in firmware for some Intel(R) SSD DC Prod ...) + NOT-FOR-US: firmware for some Intel(R) SSD DC Products +CVE-2021-33078 (Race condition within a thread in firmware for some Intel(R) Optane(TM ...) + NOT-FOR-US: Intel +CVE-2021-33077 (Insufficient control flow management in firmware for some Intel(R) SSD ...) + NOT-FOR-US: Intel +CVE-2021-33076 (Improper authentication in firmware for some Intel(R) SSD DC Products ...) + NOT-FOR-US: firmware for some Intel(R) SSD DC Products +CVE-2021-33075 (Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) ...) + NOT-FOR-US: Intel +CVE-2021-33074 (Protection mechanism failure in firmware for some Intel(R) SSD, Intel( ...) + NOT-FOR-US: Intel +CVE-2021-33073 (Uncontrolled resource consumption in the Intel(R) Distribution of Open ...) + NOT-FOR-US: Intel +CVE-2021-33072 + RESERVED +CVE-2021-33071 (Incorrect default permissions in the installer for the Intel(R) oneAPI ...) + NOT-FOR-US: Intel +CVE-2021-33070 + REJECTED +CVE-2021-33069 (Improper resource shutdown or release in firmware for some Intel(R) SS ...) + NOT-FOR-US: Intel +CVE-2021-33068 (Null pointer dereference in subsystem for Intel(R) AMT before versions ...) + NOT-FOR-US: Intel +CVE-2021-33067 + REJECTED +CVE-2021-33066 + REJECTED +CVE-2021-33065 + REJECTED +CVE-2021-33064 (Uncontrolled search path in the software installer for Intel(R) System ...) + NOT-FOR-US: Intel +CVE-2021-33063 (Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP ...) + NOT-FOR-US: Intel +CVE-2021-33062 (Incorrect default permissions in the software installer for the Intel( ...) + NOT-FOR-US: Intel +CVE-2021-33061 (Insufficient control flow management for the Intel(R) 82599 Ethernet C ...) + - linux 5.18.2-1 + NOTE: https://git.kernel.org/linus/008ca35f6e87be1d60b6af3d1ae247c6d5c2531d (5.18-rc1) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00571.html +CVE-2021-33060 (Out-of-bounds write in the BIOS firmware for some Intel(R) Processors ...) + NOT-FOR-US: Intel +CVE-2021-33059 (Improper input validation in the Intel(R) Administrative Tools for Int ...) + NOT-FOR-US: Intel +CVE-2021-33058 (Improper access control in the installer Intel(R)Administrative Tools ...) + NOT-FOR-US: Intel +CVE-2021-33057 (The QQ application 8.7.1 for Android and iOS does not enforce the perm ...) + NOT-FOR-US: QQ +CVE-2021-33056 (Belledonne Belle-sip before 4.5.20, as used in Linphone and other prod ...) + NOT-FOR-US: Belledonne Belle-sip +CVE-2021-33055 (Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticat ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-33054 (SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not valida ...) + {DSA-5029-1 DLA-2707-1} + - sogo 5.1.1-1 (bug #989479) + NOTE: https://www.sogo.nu/news/2021/saml-vulnerability.html + NOTE: https://blogs.akamai.com/2021/06/saml-implementation-vulnerability-impacting-some-akamai-services.html + NOTE: https://blogs.akamai.com/2021/06/akamai-eaa-impersonation-vulnerability---a-deep-dive.html + NOTE: https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html + NOTE: Introduced by: https://github.com/inverse-inc/sogo/commit/5487f34b9ee9b9639e3f1d4a7abf4fad2d240d66 (SOGo-2.0.5) + NOTE: Fixed by: https://github.com/inverse-inc/sogo/commit/e53636564680ac0df11ec898304bc442908ba746 (SOGo-5.1.1) + NOTE: CVE is assigned for the SOGo vulnerability regarding the lasso usage. +CVE-2021-33053 + RESERVED +CVE-2021-33052 + RESERVED +CVE-2021-33051 + RESERVED +CVE-2021-33050 + RESERVED +CVE-2021-33049 + RESERVED +CVE-2021-33048 + RESERVED +CVE-2021-33047 + RESERVED +CVE-2021-33046 (Some Dahua products have access control vulnerability in the password ...) + NOT-FOR-US: Dahua +CVE-2021-33045 (The identity authentication bypass vulnerability found in some Dahua p ...) + NOT-FOR-US: Dahua +CVE-2021-33044 (The identity authentication bypass vulnerability found in some Dahua p ...) + NOT-FOR-US: Dahua +CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...) + NOT-FOR-US: Amazon AWS CloudFront +CVE-2021-3554 (Improper Access Control vulnerability in the patchesUpdate API as impl ...) + NOT-FOR-US: Bitdefender +CVE-2021-3553 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-3552 (A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateSer ...) + NOT-FOR-US: Bitdefender +CVE-2021-33043 + RESERVED +CVE-2021-33042 + RESERVED +CVE-2021-33041 (vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstr ...) + NOT-FOR-US: vmd +CVE-2021-33040 (managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows X ...) + NOT-FOR-US: FuturePress EPub.js +CVE-2021-33039 + RESERVED +CVE-2021-33038 (An issue was discovered in management/commands/hyperkitty_import.py in ...) + {DSA-4922-1} + - hyperkitty 1.3.4-4 (bug #989183) + NOTE: https://gitlab.com/mailman/hyperkitty/-/commit/9025324597d60b2dff740e49b70b15589d6804fa + NOTE: https://gitlab.com/mailman/hyperkitty/-/issues/380 + NOTE: https://techblog.wikimedia.org/2021/06/11/discovering-and-fixing-cve-2021-33038-in-mailman3/ +CVE-2021-33037 (Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5 ...) + {DSA-4952-1 DLA-2733-1} + - tomcat9 9.0.43-2 (bug #991046) + [bullseye] - tomcat9 9.0.43-2~deb11u1 + - tomcat8 + NOTE: https://github.com/apache/tomcat/commit/45d70a86a901cbd534f8f570bed2aec9f7f7b88e (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/05f9e8b00f5d9251fcd3c95dcfd6cf84177f46c8 (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/a2c3dc4c96168743ac0bab613709a5bbdaec41d0 (9.0.47) + NOTE: https://github.com/apache/tomcat/commit/3202703e6d635e39b74262e81f0cb4bcbe2170dc (8.5.67) + NOTE: https://github.com/apache/tomcat/commit/da0e7cb093cf68b052d9175e469dbd0464441b0b (8.5.67) + NOTE: https://github.com/apache/tomcat/commit/8874fa02e9b36baa9ca6b226c0882c0190ca5a02 (8.5.67) +CVE-2021-33036 (In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2. ...) + - hadoop (bug #793644) +CVE-2021-33035 (Apache OpenOffice opens dBase/DBF documents and shows the contents as ...) + - libreoffice 1:4.3.1-1 + NOTE: OpenOffice fixed this in https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56 + NOTE: Libreoffice fixed in this 2014 with https://github.com/LibreOffice/core/commit/d4e64d030092984077021a9af9d281cd64c476bf ... +CVE-2021-33034 (In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/5c4c8c9544099bb9043a10a5318130a943e32fc3 +CVE-2021-33032 (A Remote Code Execution (RCE) vulnerability in the WebUI component of ...) + NOT-FOR-US: eQ-3 HomeMatic CCU2 +CVE-2021-33031 (In LabCup before (Only affects Enterprise version) +CVE-2021-33033 (The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genop ...) + {DLA-2940-1} + - linux 5.10.24-1 + [buster] - linux 4.19.181-1 + NOTE: https://git.kernel.org/linus/ad5d07f4a9cd671233ae20983848874731102c08 +CVE-2021-33026 (The Flask-Caching extension through 1.10.1 for Flask relies on Pickle ...) + - flask-caching (unimportant; bug #988916) + NOTE: https://github.com/sh4nks/flask-caching/pull/209 + NOTE: Negligible security impact +CVE-2021-33025 (xArrow SCADA versions 7.2 and prior permits unvalidated registry keys ...) + NOT-FOR-US: xArrow +CVE-2021-33024 (Philips Vue PACS versions 12.2.x.x and prior transmits or stores authe ...) + NOT-FOR-US: Philips Vue PACS +CVE-2021-33023 (Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-b ...) + NOT-FOR-US: Advantech WebAccess +CVE-2021-33022 (Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or se ...) + NOT-FOR-US: Philips Vue PACS +CVE-2021-33021 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) + NOT-FOR-US: xArrow +CVE-2021-33020 (Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key ...) + NOT-FOR-US: Philips Vue PACS +CVE-2021-33019 (A stack-based buffer overflow vulnerability in Delta Electronics DOPSo ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33018 (The use of a broken or risky cryptographic algorithm in Philips Vue PA ...) + NOT-FOR-US: Philips Vue PACS +CVE-2021-33017 (The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.0 ...) + NOT-FOR-US: Philips +CVE-2021-33016 (An attacker can gain full access (read/write/delete) to sensitive fold ...) + NOT-FOR-US: Kuka +CVE-2021-33015 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-33014 (An attacker can gain VxWorks Shell after login due to hard-coded crede ...) + NOT-FOR-US: Kuka +CVE-2021-33013 (mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-33012 (Rockwell Automation MicroLogix 1100, all versions, allows a remote, un ...) + NOT-FOR-US: Rockwell +CVE-2021-33011 (All versions of the afffected TOYOPUC-PC10 Series,TOYOPUC-Plus Series, ...) + NOT-FOR-US: JTEKT Corporation +CVE-2021-33010 (An exception is thrown from a function in AVEVA System Platform versio ...) + NOT-FOR-US: AVEVA +CVE-2021-33009 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-33008 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not perfo ...) + NOT-FOR-US: AVEVA +CVE-2021-33007 (A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 a ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33006 + RESERVED +CVE-2021-33005 (mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remot ...) + NOT-FOR-US: mySCADA myPRO +CVE-2021-33004 (The affected product is vulnerable to memory corruption condition due ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-33003 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) + NOT-FOR-US: Delta Electronics +CVE-2021-33002 (Opening a maliciously crafted project file may cause an out-of-bounds ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-33001 (xArrow SCADA versions 7.2 and prior is vulnerable to cross-site script ...) + NOT-FOR-US: xArrow +CVE-2021-33000 (Parsing a maliciously crafted project file may cause a heap-based buff ...) + NOT-FOR-US: WebAccess HMI Designer +CVE-2021-32999 (Improper handling of exceptional conditions in SuiteLink server while ...) + NOT-FOR-US: Suitelink +CVE-2021-32998 (The FANUC R-30iA and R-30iB series controllers are vulnerable to an ou ...) + NOT-FOR-US: FANUC +CVE-2021-32997 (The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, ...) + NOT-FOR-US: Baker Hughes Bentley Nevada +CVE-2021-32996 (The FANUC R-30iA and R-30iB series controllers are vulnerable to integ ...) + NOT-FOR-US: FANUC +CVE-2021-32995 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-32994 (Softing OPC UA C++ SDK (Software Development Kit) versions from 5.59 t ...) + NOT-FOR-US: Softing OPC UA C++ SDK +CVE-2021-32993 (IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded ...) + NOT-FOR-US: Philips +CVE-2021-32992 (FATEK Automation WinProladder Versions 3.30 and prior do not properly ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32991 (Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32990 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32989 (When a non-existent resource is requested, the LCDS LAquis SCADA appli ...) + NOT-FOR-US: LAquis SCADA +CVE-2021-32988 (FATEK Automation WinProladder Versions 3.30 and prior are vulnerable t ...) + NOT-FOR-US: FATEK Automation WinProladder +CVE-2021-32987 (Null pointer dereference in SuiteLink server while processing command ...) + NOT-FOR-US: Suitelink +CVE-2021-32986 (After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmwar ...) + NOT-FOR-US: AutomationDirect +CVE-2021-32985 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not prope ...) + NOT-FOR-US: AVEVA +CVE-2021-32984 (All programming connections receive the same unlocked privileges, whic ...) + NOT-FOR-US: AutomationDirect +CVE-2021-32983 (A Blind SQL injection vulnerability exists in the /DataHandler/Handler ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32982 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...) + NOT-FOR-US: AutomationDirect +CVE-2021-32981 (AVEVA System Platform versions 2017 through 2020 R2 P01 uses external ...) + NOT-FOR-US: AVEVA +CVE-2021-32980 (Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prio ...) + NOT-FOR-US: AutomationDirect +CVE-2021-32979 (Null pointer dereference in SuiteLink server while processing commands ...) + NOT-FOR-US: Suitelink +CVE-2021-32978 (The programming protocol allows for a previously entered password and ...) + NOT-FOR-US: AutomationDirect +CVE-2021-32977 (AVEVA System Platform versions 2017 through 2020 R2 P01 does not verif ...) + NOT-FOR-US: AVEVA +CVE-2021-32976 (Five buffer overflows in the built-in web server in Moxa NPort IAW5000 ...) + NOT-FOR-US: Moxa +CVE-2021-32975 (Cscape (All Versions prior to 9.90 SP5) lacks proper validation of use ...) + NOT-FOR-US: Cscape +CVE-2021-32974 (Improper input validation in the built-in web server in Moxa NPort IAW ...) + NOT-FOR-US: Moxa +CVE-2021-32973 + RESERVED +CVE-2021-32972 (Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacke ...) + NOT-FOR-US: Panasonic +CVE-2021-32971 (Null pointer dereference in SuiteLink server while processing command ...) + NOT-FOR-US: Suitelink +CVE-2021-32970 (Data can be copied without validation in the built-in web server in Mo ...) + NOT-FOR-US: Moxa +CVE-2021-32969 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32968 (Two buffer overflows in the built-in web server in Moxa NPort IAW5000A ...) + NOT-FOR-US: Moxa +CVE-2021-32967 (Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an atta ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32966 (Philips Interoperability Solution XDS versions 2.5 through 3.11 and 20 ...) + NOT-FOR-US: Philips Interoperability +CVE-2021-32965 (Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32964 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...) + NOT-FOR-US: AGG Software +CVE-2021-32963 (Null pointer dereference in SuiteLink server while processing commands ...) + NOT-FOR-US: Suitelink +CVE-2021-32962 (The AGG Software Web Server version 4.0.40.1014 and prior is vulnerabl ...) + NOT-FOR-US: AGG Software +CVE-2021-32961 (A getfile function in MDT AutoSave versions prior to v6.02.06 enables ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32960 (Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, i ...) + NOT-FOR-US: Rockwell Automation FactoryTalk +CVE-2021-32959 (Heap-based buffer overflow in SuiteLink server while processing comman ...) + NOT-FOR-US: Suitelink +CVE-2021-32958 (Successful exploitation of this vulnerability on Claroty Secure Remote ...) + NOT-FOR-US: Claroty Secure Remote Access (SRA) Site +CVE-2021-32957 (A function in MDT AutoSave versions prior to v6.02.06 is used to retri ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32956 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to re ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2021-32955 (Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestrict ...) + NOT-FOR-US: Delta Electronics +CVE-2021-32954 (Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2021-32953 (An attacker could utilize SQL commands to create a new user MDT AutoSa ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32952 (An out-of-bounds write issue exists in the DGN file-reading procedure ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32951 (WebAccess/NMS (Versions prior to v3.0.3_Build6299) has an improper aut ...) + NOT-FOR-US: WebAccess/NMS +CVE-2021-32950 (An out-of-bounds read issue exists within the parsing of DXF files in ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32949 (An attacker could utilize a function in MDT AutoSave versions prior to ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32948 (An out-of-bounds write issue exists in the DWG file-reading procedure ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32947 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32946 (An improper check for unusual or exceptional conditions issue exists w ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32945 (An attacker could decipher the encryption and gain access to MDT AutoS ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32944 (A use-after-free issue exists in the DGN file-reading procedure in the ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32943 (The affected product is vulnerable to a stack-based buffer overflow, w ...) + NOT-FOR-US: WebAccess/SCADA +CVE-2021-32942 (The vulnerability could expose cleartext credentials from AVEVA InTouc ...) + NOT-FOR-US: AVEVA InTouch Runtime +CVE-2021-32941 (Annke N48PBB (Network Video Recorder) products of version 3.4.106 buil ...) + NOT-FOR-US: Annke N48PBB (Network Video Recorder) products +CVE-2021-32940 (An out-of-bounds read issue exists in the DWG file-recovering procedur ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32939 (FATEK Automation FvDesigner, Versions 1.5.88 and prior is vulnerable t ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32938 (Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-o ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32937 (An attacker can gain knowledge of a session temporary working folder w ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32936 (An out-of-bounds write issue exists in the DXF file-recovering procedu ...) + NOT-FOR-US: Open Design Alliance +CVE-2021-32935 (The affected Cognex product, the In-Sight OPC Server versions v5.7.4 ( ...) + NOT-FOR-US: Cognex +CVE-2021-32934 (The affected ThroughTek P2P products (SDKs using versions before 3.1.5 ...) + NOT-FOR-US: ThroughTek P2P SDK +CVE-2021-32933 (An attacker could leverage an API to pass along a malicious file that ...) + NOT-FOR-US: Auvesy-MDT +CVE-2021-32932 (The affected product is vulnerable to a SQL injection, which may allow ...) + NOT-FOR-US: Advantech +CVE-2021-32931 (An uninitialized pointer in FATEK Automation FvDesigner, Versions 1.5. ...) + NOT-FOR-US: FATEK Automation FvDesigner +CVE-2021-32930 (The affected product\u2019s configuration is vulnerable due to missing ...) + NOT-FOR-US: Advantech +CVE-2021-32929 (All versions of Uffizio GPS Tracker may allow an attacker to perform u ...) + NOT-FOR-US: Uffizio GPS Tracker +CVE-2021-32928 (The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prio ...) + NOT-FOR-US: Sentinel LDK Run-Time Environment installer +CVE-2021-32927 (An attacker may be able to inject client-side JavaScript code on multi ...) + NOT-FOR-US: Uffizio GPS Tracker +CVE-2021-32926 (When an authenticated password change request takes place, this vulner ...) + NOT-FOR-US: Rockwell Automation +CVE-2021-3551 (A flaw was found in the PKI-server, where the spkispawn command, when ...) + - dogtag-pki 10.10.6-1 (bug #991665) + [bullseye] - dogtag-pki (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959971 + NOTE: https://github.com/dogtagpki/pki/commit/0c2f3b84499584bb6029f5ba3988ed3cb081e548 + NOTE: https://github.com/dogtagpki/pki/commit/b01cd8cc7d3e391e69ed2c8161f7e15fa84553e6 + NOTE: https://github.com/dogtagpki/pki/commit/5b09fcaff11d33010469e695ef365a91c91674b5 +CVE-2021-3550 (A DLL search path vulnerability was reported in Lenovo PCManager, prio ...) + NOT-FOR-US: Microsoft +CVE-2021-32925 (admin/user_import.php in Chamilo 1.11.x reads XML data without disabli ...) + NOT-FOR-US: Chamilo +CVE-2021-32924 (Invision Community (aka IPS Community Suite) before 4.6.0 allows eval- ...) + NOT-FOR-US: Invision Community (aka IPS Community Suite) +CVE-2021-32923 (HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-exp ...) + NOT-FOR-US: HashiCorp Vault and Vault Enterprise +CVE-2021-32922 + RESERVED +CVE-2021-32921 (An issue was discovered in Prosody before 0.11.9. It does not use a co ...) + {DSA-4916-1 DLA-2687-1} + - prosody 0.11.9-1 (bug #988668) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/c98aebe601f9 + NOTE: https://hg.prosody.im/trunk/rev/13b84682518e + NOTE: https://hg.prosody.im/trunk/rev/6f56170ea986 +CVE-2021-32920 (Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/55ef50d6cf65 + NOTE: https://hg.prosody.im/trunk/rev/5a484bd050a7 + NOTE: https://hg.prosody.im/trunk/rev/aaf9c6b6d18d +CVE-2021-32919 (An issue was discovered in Prosody before 0.11.9. The undocumented dia ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody (Vulnerable code (=dwd) introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/6be890ca492e + NOTE: https://hg.prosody.im/trunk/rev/d0e9ffccdef9 +CVE-2021-32918 (An issue was discovered in Prosody before 0.11.9. Default settings are ...) + {DSA-4916-1} + - prosody 0.11.9-1 (bug #988668) + [stretch] - prosody (Fix is consisting of many patches. Not appliable. Ingored) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/db8e41eb6eff + NOTE: https://hg.prosody.im/trunk/rev/b0d8920ed5e5 + NOTE: https://hg.prosody.im/trunk/rev/929de6ade6b6 + NOTE: https://hg.prosody.im/trunk/rev/63fd4c8465fb + NOTE: https://hg.prosody.im/trunk/rev/1937b3c3efb5 + NOTE: https://hg.prosody.im/trunk/rev/3413fea9e6db +CVE-2021-32917 (An issue was discovered in Prosody before 0.11.9. The proxy65 componen ...) + {DSA-4916-1 DLA-2687-1} + - prosody 0.11.9-1 (bug #988668) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/13/1 + NOTE: https://prosody.im/security/advisory_20210512.txt + NOTE: https://hg.prosody.im/trunk/rev/65dcc175ef5b +CVE-2021-32916 + RESERVED +CVE-2021-32915 + REJECTED +CVE-2021-32914 + REJECTED +CVE-2021-32913 + REJECTED +CVE-2021-32912 + REJECTED +CVE-2021-32911 + REJECTED +CVE-2021-32910 + REJECTED +CVE-2021-32909 + REJECTED +CVE-2021-32908 + REJECTED +CVE-2021-32907 + REJECTED +CVE-2021-32906 + REJECTED +CVE-2021-32905 + REJECTED +CVE-2021-32904 + REJECTED +CVE-2021-32903 + REJECTED +CVE-2021-32902 + REJECTED +CVE-2021-32901 + REJECTED +CVE-2021-32900 + REJECTED +CVE-2021-32899 + REJECTED +CVE-2021-32898 + REJECTED +CVE-2021-32897 + REJECTED +CVE-2021-32896 + REJECTED +CVE-2021-32895 + REJECTED +CVE-2021-32894 + REJECTED +CVE-2021-32893 + REJECTED +CVE-2021-32892 + REJECTED +CVE-2021-32891 + REJECTED +CVE-2021-32890 + REJECTED +CVE-2021-32889 + REJECTED +CVE-2021-32888 + REJECTED +CVE-2021-32887 + REJECTED +CVE-2021-32886 + REJECTED +CVE-2021-32885 + REJECTED +CVE-2021-32884 + REJECTED +CVE-2021-32883 + REJECTED +CVE-2021-32882 + REJECTED +CVE-2021-32881 + REJECTED +CVE-2021-32880 + REJECTED +CVE-2021-32879 + REJECTED +CVE-2021-32878 + REJECTED +CVE-2021-32877 + REJECTED +CVE-2021-32876 + REJECTED +CVE-2021-32875 + REJECTED +CVE-2021-32874 + REJECTED +CVE-2021-32873 + REJECTED +CVE-2021-32872 + REJECTED +CVE-2021-32871 + REJECTED +CVE-2021-32870 + REJECTED +CVE-2021-32869 + REJECTED +CVE-2021-32868 + REJECTED +CVE-2021-32867 + REJECTED +CVE-2021-32866 + REJECTED +CVE-2021-32865 + REJECTED +CVE-2021-32864 + REJECTED +CVE-2021-32863 + REJECTED +CVE-2021-32862 (The GitHub Security Lab discovered sixteen ways to exploit a cross-sit ...) + {DLA-3442-1} + - nbconvert 6.5.1-1 + NOTE: https://github.com/jupyter/nbconvert/security/advisories/GHSA-9jmq-rx5f-8jwq + NOTE: https://github.com/jupyter/nbconvert/commit/d09000bbf076410ce4bd4d9a406f9bbe849cd5c6 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/1afcaae89b1cc00a89539863ab91ee04e2240fc1 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/14185eb83c63a764886ea36f63ddd30963de9a8c (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/4b9c5e76bad57eedf1d3cdba244bb05811f64536 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/d2d44d4c69ba0edb3a68b5579138603505d98c19 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/37b152c0ad04fe53e782887b78662c8ffad1034a (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/df5cb60d58e5a159da1b33a9d7e7ea14e8637853 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/48fe71eb3335caf4e03166e56e0d16efcfbeaf44 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/a03cbb8a8d04d47aefec51e7b1b816045682aed5 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/b206470f9ecd71b006a37dd1298dd3d9e3dd46dd (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/0818628718c4a5d3ddd671fbd4881bf176e7d6e2 (6.5.1) + NOTE: https://github.com/jupyter/nbconvert/commit/bef65d7ab2a469b01e4aa25f44c0f20326f7c7c5 (6.5.1) + NOTE: Follow-up/regression https://github.com/jupyter/nbconvert/commit/c289e0a61660e612920397799169ed2c5ed35516 (6.5.2) + NOTE: Follow-up/regression https://github.com/jupyter/nbconvert/commit/1652aa73b0f4900af97c0f1ac08e9573e00155bd (6.5.3) +CVE-2021-32861 + REJECTED +CVE-2021-32860 (iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vu ...) + NOT-FOR-US: jquery plugin +CVE-2021-32859 (The Baremetrics date range picker is a solution for selecting both dat ...) + NOT-FOR-US: Baremetrics +CVE-2021-32858 (esdoc-publish-html-plugin is a plugin for the document maintenance sof ...) + NOT-FOR-US: esdoc-publish-html-plugin +CVE-2021-32857 (Cockpit is a content management system that allows addition of content ...) + NOT-FOR-US: Cockpit CMS (different from src:cockpit) +CVE-2021-32856 (Microweber is a drag and drop website builder and content management s ...) + NOT-FOR-US: Microweber +CVE-2021-32855 (Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are ...) + NOT-FOR-US: Vditor +CVE-2021-32854 (textAngular is a text editor for Angular.js. Version 1.5.16 and prior ...) + NOT-FOR-US: textAngular +CVE-2021-32853 (Erxes, an experience operating system (XOS) with a set of plugins, is ...) + NOT-FOR-US: Erxes +CVE-2021-32852 (Countly, a product analytics solution, is vulnerable to cross-site scr ...) + NOT-FOR-US: Countly +CVE-2021-32851 (Mind-elixir is a free, open source mind map core. Prior to version 0.1 ...) + NOT-FOR-US: Mind-elixir +CVE-2021-32850 (jQuery MiniColors is a color picker built on jQuery. Prior to version ...) + - jquery-minicolors 2.3.5+dfsg-4 (bug #1031791) + [bookworm] - jquery-minicolors (Minor issue) + [bullseye] - jquery-minicolors (Minor issue) + [buster] - jquery-minicolors (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-1045_jQuery_MiniColors_Plugin/ + NOTE: https://github.com/claviska/jquery-minicolors/commit/ef134824a7f4110ada53ea6c173111a4fa2f48f3 (2.3.6) +CVE-2021-32849 (Gerapy is a distributed crawler management framework. Prior to version ...) + NOT-FOR-US: Gerapy +CVE-2021-32848 (Octobox is software for managing GitHub notifications. Prior to pull r ...) + NOT-FOR-US: Octobox +CVE-2021-32847 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) + NOT-FOR-US: HyperKit +CVE-2021-32846 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) + NOT-FOR-US: HyperKit +CVE-2021-32845 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) + NOT-FOR-US: HyperKit +CVE-2021-32844 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) + NOT-FOR-US: HyperKit +CVE-2021-32843 (HyperKit is a toolkit for embedding hypervisor capabilities in an appl ...) + NOT-FOR-US: HyperKit +CVE-2021-32842 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + - mono (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32841 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Starti ...) + - mono (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32840 (SharpZipLib (or #ziplib) is a Zip, GZip, Tar and BZip2 library. Prior ...) + - mono (Vulnerable code not yet uploaded) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-125-sharpziplib/ + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/5c3b293de5d65b108e7f2cd0ea8f81c1b8273f78 (v1.3.3) + NOTE: CVE refers to the commit for the test case: + NOTE: https://github.com/icsharpcode/SharpZipLib/commit/a0e96de70b5264f4c919b09253b1522bc7a221cc + NOTE: Introduced by https://github.com/icsharpcode/SharpZipLib/commit/0cbdef20f1d5654ab5b93a6ce1ff8a917d3b905b +CVE-2021-32839 (sqlparse is a non-validating SQL parser module for Python. In sqlparse ...) + - sqlparse 0.4.2-1 (bug #994841) + [bullseye] - sqlparse (Minor issue) + [buster] - sqlparse (Vulnerable code introduced later) + [stretch] - sqlparse (Vulnerable code introduced later) + NOTE: https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf + NOTE: Introduced by: https://github.com/andialbrecht/sqlparse/commit/1499cffcd7c4d635b4297b44d48fb4fe94cf988e (0.4.0) + NOTE: Fixed by: https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb (0.4.2) +CVE-2021-32838 (Flask-RESTX (pypi package flask-restx) is a community driven fork of F ...) + NOT-FOR-US: Flask restx +CVE-2021-32837 (mechanize, a library for automatically interacting with HTTP web serve ...) + {DLA-3460-1} + - python-mechanize 1:0.4.7-1 + [bullseye] - python-mechanize (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2021-108-python-mechanize-mechanize/ + NOTE: https://github.com/python-mechanize/mechanize/commit/dd05334448e9f39814bab044d2eaa5ef69b410d6 (v0.4.6) +CVE-2021-32836 (ZStack is open source IaaS(infrastructure as a service) software. In Z ...) + NOT-FOR-US: ZStack +CVE-2021-32835 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) + NOT-FOR-US: Eclipse Keti +CVE-2021-32834 (Eclipse Keti is a service that was designed to protect RESTfuls API us ...) + NOT-FOR-US: Eclipse Keti +CVE-2021-32833 (Emby Server is a personal media server with apps on many devices. In E ...) + NOT-FOR-US: Emby Server +CVE-2021-32832 (Rocket.Chat is an open-source fully customizable communications platfo ...) + NOT-FOR-US: Rocket.Chat +CVE-2021-32831 (Total.js framework (npm package total.js) is a framework for Node.js p ...) + NOT-FOR-US: Total.js +CVE-2021-32830 (The @diez/generation npm package is a client for Diez. The locateFont ...) + NOT-FOR-US: Node @diez/generation +CVE-2021-32829 (ZStack is open source IaaS(infrastructure as a service) software aimin ...) + NOT-FOR-US: ZStack +CVE-2021-32828 (The Nuxeo Platform is an open source content management platform for b ...) + NOT-FOR-US: Nuxeo +CVE-2021-32827 (MockServer is open source software which enables easy mocking of any s ...) + NOT-FOR-US: MockServer +CVE-2021-32826 (Proxyee-Down is open source proxy software. An attacker being able to ...) + NOT-FOR-US: Proxyee-Down +CVE-2021-32825 (bblfshd is an open source self-hosted server for source code parsing. ...) + NOT-FOR-US: bblfshd +CVE-2021-32824 (Apache Dubbo is a java based, open source RPC framework. Versions prio ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-32823 (In the bindata RubyGem before version 2.4.10 there is a potential deni ...) + - ruby-bindata 2.4.14-1 (bug #990577) + [bullseye] - ruby-bindata (Minor issue) + [buster] - ruby-bindata (Minor issue) + [stretch] - ruby-bindata (Minor issue) + NOTE: https://github.com/dmendel/bindata/commit/d99f050b88337559be2cb35906c1f8da49531323 (v2.4.10) + NOTE: https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#update-bindata-dependency + NOTE: https://github.com/dmendel/bindata/blob/v2.4.10/ChangeLog.rdoc#version-2410-2021-05-18- +CVE-2021-32822 (The npm hbs package is an Express view engine wrapper for Handlebars. ...) + NOT-FOR-US: Node hbs +CVE-2021-32821 (MooTools is a collection of JavaScript utilities for JavaScript develo ...) + - mootools (bug #1032664) + [bookworm] - mootools (Minor issue) + [bullseye] - mootools (Minor issue) + [buster] - mootools (Minor issue) + NOTE: https://securitylab.github.com/advisories/GHSL-2020-345-redos-mootools/ + NOTE: No plan to fix this upstream as upstream consider it too low impact. +CVE-2021-32820 (Express-handlebars is a Handlebars view engine for Express. Express-ha ...) + NOT-FOR-US: Express-handlebars +CVE-2021-32819 (Squirrelly is a template engine implemented in JavaScript that works o ...) + NOT-FOR-US: Squirrelly +CVE-2021-32818 (haml-coffee is a JavaScript templating solution. haml-coffee mixes pur ...) + NOT-FOR-US: haml-coffee +CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hbs mixe ...) + NOT-FOR-US: express-hbs +CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...) + NOT-FOR-US: ProtonMail Web Client +CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + {DLA-3265-1} + - exiv2 0.27.5-1 (bug #992705) + [bullseye] - exiv2 0.27.3-3+deb11u2 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m + NOTE: https://github.com/Exiv2/exiv2/pull/1739 +CVE-2021-32814 (Skytable is a NoSQL database with automated snapshots and TLS. Version ...) + NOT-FOR-US: Skytable +CVE-2021-32813 (Traefik is an HTTP reverse proxy and load balancer. Prior to version 2 ...) + - traefik (bug #983289) +CVE-2021-32812 (Monkshu is an enterprise application server for mobile apps (iOS and A ...) + NOT-FOR-US: Monkshu +CVE-2021-32811 (Zope is an open-source web application server. Zope versions prior to ...) + NOT-FOR-US: zope + NOTE: only affects specific versions using Python3 with options enabled. +CVE-2021-32810 (crossbeam-deque is a package of work-stealing deques for building task ...) + - firefox 93.0-1 + - firefox-esr (Only affect Firefox 91 not in any supported suite in vulnerable version) + - thunderbird (Only affects Thunderbird 91 not in any supported suite in vulnerable version) + - rust-crossbeam-deque 0.7.4-1 (bug #993146) + [bullseye] - rust-crossbeam-deque (Minor issue) + [buster] - rust-crossbeam-deque (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0093.html + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-43/#CVE-2021-32810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-45/#CVE-2021-32810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-47/#CVE-2021-32810 +CVE-2021-32809 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + - ckeditor 4.16.2+dfsg-1 (bug #992291) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Minor issue) + [stretch] - ckeditor (Minor issue) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-7889-rm5j-hpgg + NOTE: https://github.com/ckeditor/ckeditor4/commit/f6856decd5992b2b07945292416bb113d5f7ff82 (v4.16.2) + NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/ca0851c7a14f616a0c4cda905816aa87ca399efb (v4.5.2) +CVE-2021-32808 (ckeditor is an open source WYSIWYG HTML editor with rich content suppo ...) + - ckeditor 4.16.2+dfsg-1 (bug #992292) + [bullseye] - ckeditor (Minor issue) + [buster] - ckeditor (Vulnerable code introduced later) + [stretch] - ckeditor (Vulnerable code introduced later) + NOTE: https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-6226-h7ff-ch6c + NOTE: https://github.com/ckeditor/ckeditor4/commit/0cb59313c834c94cec4c4d4c114b6ecb0270e21a (v4.16.2) + NOTE: Introduced by https://github.com/ckeditor/ckeditor4/commit/72428a762271d5e54a609a7913356a6d309c895d (v4.13.0) +CVE-2021-32807 (The module `AccessControl` defines security policies for Python code u ...) + NOT-FOR-US: Zope AccessControl +CVE-2021-32806 (Products.isurlinportal is a replacement for isURLInPortal method in Pl ...) + NOT-FOR-US: Plone +CVE-2021-32805 (Flask-AppBuilder is an application development framework, built on top ...) + - flask-appbuilder (Fixed before initial upload to archive) + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-624f-cqvr-3qw4 + NOTE: https://github.com/dpgaspar/Flask-AppBuilder/commit/6af28521589599b1dbafd6313256229ee9a4fa74 (v3.3.2) +CVE-2021-32804 (The npm package "tar" (aka node-tar) before versions 6.1.1, 5.0.6, 4.4 ...) + - node-tar 6.1.7+~cs11.3.10-1 (bug #992111) + [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 + [buster] - node-tar 4.4.6+ds1-3+deb10u1 + [stretch] - node-tar (Vulnerable code introduced later) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-3jfq-g458-7qm9 + NOTE: https://github.com/npm/node-tar/commit/1f036ca23f64a547bdd6c79c1a44bc62e8115da4 +CVE-2021-32803 (The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4 ...) + - node-tar 6.1.7+~cs11.3.10-1 (bug #992110) + [bullseye] - node-tar 6.0.5+ds1+~cs11.3.9-1+deb11u1 + [buster] - node-tar 4.4.6+ds1-3+deb10u1 + [stretch] - node-tar (Vulnerable code introduced later) + NOTE: https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw + NOTE: https://github.com/npm/node-tar/commit/9dbdeb6df8e9dbd96fa9e84341b9d74734be6c20 +CVE-2021-32802 (Nextcloud server is an open source, self hosted personal cloud. Nextcl ...) + - nextcloud-server (bug #941708) +CVE-2021-32801 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) + - nextcloud-server (bug #941708) +CVE-2021-32800 (Nextcloud server is an open source, self hosted personal cloud. In aff ...) + - nextcloud-server (bug #941708) +CVE-2021-32799 + RESERVED +CVE-2021-32798 (The Jupyter notebook is a web-based notebook environment for interacti ...) + - jupyter-notebook 6.4.3-1 (bug #992704) + [bullseye] - jupyter-notebook (Minor issue) + [buster] - jupyter-notebook (Minor issue) + [stretch] - jupyter-notebook (Minor issue) + NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-hwvq-6gjx-j797 + NOTE: https://github.com/jupyter/notebook/commit/79fc76e890a8ec42f73a3d009e44ef84c14ef0d5 +CVE-2021-32797 (JupyterLab is a user interface for Project Jupyter which will eventual ...) + - jupyterlab (Fixed before initial upload to Debian) + NOTE: https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4952-p58q-6crx +CVE-2021-32796 (xmldom is an open source pure JavaScript W3C standard-based (XML DOM L ...) + - node-xmldom 0.7.3-1 (bug #991612) + [bullseye] - node-xmldom (Minor issue, too intrusive to backport) + [buster] - node-xmldom (Minor issue, too intrusive to backport) + NOTE: https://github.com/xmldom/xmldom/security/advisories/GHSA-5fg8-2547-mr8q + NOTE: https://github.com/xmldom/xmldom/commit/7b4b743917a892d407356e055b296dcd6d107e8b +CVE-2021-32795 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) + NOT-FOR-US: ArchiSteamFarm +CVE-2021-32794 (ArchiSteamFarm is a C# application with primary purpose of idling Stea ...) + NOT-FOR-US: ArchiSteamFarm +CVE-2021-32793 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) + NOT-FOR-US: Pi-hole +CVE-2021-32792 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + {DLA-3409-1} + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991580) + [stretch] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-458c-7pwg-3j7j + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/00c315cb0c8ab77c67be4a2ac08a71a83ac58751 (v2.4.9) + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/55ea0a085290cd2c8cdfdd960a230cbc38ba8b56 (v2.4.9) +CVE-2021-32791 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + {DLA-3409-1} + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991581) + [stretch] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-px3c-6x7j-3r9r + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/375407c16c61a70b56fdbe13b0d2c8f11398e92c (v2.4.9) +CVE-2021-32790 (Woocommerce is an open source eCommerce plugin for WordPress. An SQL i ...) + NOT-FOR-US: Woocommerce +CVE-2021-32789 (woocommerce-gutenberg-products-block is a feature plugin for WooCommer ...) + NOT-FOR-US: woocommerce-gutenberg-products-block +CVE-2021-32788 (Discourse is an open source discussion platform. In versions prior to ...) + NOT-FOR-US: Discourse +CVE-2021-32787 (Sourcegraph is a code search and navigation engine. Sourcegraph before ...) + NOT-FOR-US: Sourcegraph +CVE-2021-32786 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + {DLA-3409-1} + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991582) + [stretch] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-xm4c-5wm5-jqv7 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/3a115484eb927bc6daa5737dd84f88ff4bbc5544 (v2.4.9) +CVE-2021-32785 (mod_auth_openidc is an authentication/authorization module for the Apa ...) + {DLA-3409-1} + - libapache2-mod-auth-openidc 2.4.9-1 (bug #991583) + [stretch] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/zmartzone/mod_auth_openidc/security/advisories/GHSA-55r8-6w97-xxr4 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/dc672688dc1f2db7df8ad4abebc367116017a449 (v2.4.9) +CVE-2021-32784 + RESERVED +CVE-2021-32783 (Contour is a Kubernetes ingress controller using Envoy proxy. In Conto ...) + NOT-FOR-US: Countour +CVE-2021-32782 (Nextcloud Circles is an open source social network built for the nextc ...) + NOT-FOR-US: Nextcloud Circles +CVE-2021-32781 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy (bug #987544) +CVE-2021-32780 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy (bug #987544) +CVE-2021-32779 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy (bug #987544) +CVE-2021-32778 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy (bug #987544) +CVE-2021-32777 (Envoy is an open source L7 proxy and communication bus designed for la ...) + - envoyproxy (bug #987544) +CVE-2021-32776 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32775 (Combodo iTop is a web based IT Service Management tool. In versions pr ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32774 (DataDump is a MediaWiki extension that provides dumps of wikis. Prior ...) + NOT-FOR-US: DataDump MediaWiki extension +CVE-2021-32773 (Racket is a general-purpose programming language and an ecosystem for ...) + [experimental] - racket 8.2+dfsg1-1 + - racket 7.9+dfsg1-2 (bug #991327) + [buster] - racket (Minor issue) + [stretch] - racket (Minor issue) + NOTE: https://github.com/racket/racket/security/advisories/GHSA-cgrw-p7p7-937c +CVE-2021-32772 (Poddycast is a podcast app made with Electron. Prior to version 0.8.1, ...) + NOT-FOR-US: Poddycast +CVE-2021-32771 (Contiki-NG is an open-source, cross-platform operating system for IoT ...) + NOT-FOR-US: Contiki-NG +CVE-2021-32770 (Gatsby is a framework for building websites. The gatsby-source-wordpre ...) + - gatsby (bug #922188) +CVE-2021-32769 (Micronaut is a JVM-based, full stack Java framework designed for build ...) + NOT-FOR-US: Micronaut +CVE-2021-32768 (TYPO3 is an open source PHP based web content management system releas ...) + NOT-FOR-US: Typo 3 +CVE-2021-32767 (TYPO3 is an open source PHP based web content management system. In ve ...) + NOT-FOR-US: Typo 3 +CVE-2021-32766 (Nextcloud Text is an open source plaintext editing application which s ...) + NOT-FOR-US: Nextcloud Text +CVE-2021-32765 (Hiredis is a minimalistic C client library for the Redis database. In ...) + {DLA-2783-1} + - hiredis 0.14.1-2 (unimportant) + NOTE: https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2 + NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e (v1.0.1) + NOTE: Only a hardening for insecure libcs: + NOTE: https://github.com/redis/hiredis/commit/76a7b10005c70babee357a7d0f2becf28ec7ed1e#commitcomment-57544143 +CVE-2021-32764 (Discourse is an open-source discussion platform. In Discourse versions ...) + NOT-FOR-US: Discourse +CVE-2021-32763 (OpenProject is open-source, web-based project management software. In ...) + NOT-FOR-US: OpenProject +CVE-2021-32762 (Redis is an open source, in-memory database that persists on disk. The ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr +CVE-2021-32761 (Redis is an in-memory database that persists on disk. A vulnerability ...) + {DLA-2717-2 DLA-2717-1} + - redis 5:6.0.15-1 (bug #991375) + [buster] - redis 5:5.0.14-1+deb10u1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-8wxq-j7rp-g8wj +CVE-2021-32760 (containerd is a container runtime. A bug was found in containerd versi ...) + - containerd 1.4.5~ds1-2 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-c72p-9xmj-rx3w +CVE-2021-32759 (OpenMage magento-lts is an alternative to the Magento CE official rele ...) + NOT-FOR-US: Magento +CVE-2021-32758 (OpenMage Magento LTS is an alternative to the Magento CE official rele ...) + NOT-FOR-US: Magento +CVE-2021-32757 + RESERVED +CVE-2021-32756 (ManageIQ is an open-source management platform. In versions prior to j ...) + NOT-FOR-US: ManageIQ +CVE-2021-32755 (Wire is a collaboration platform. wire-ios-transport handles authentic ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32754 (FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2. ...) + NOT-FOR-US: FlowDroid +CVE-2021-32753 (EdgeX Foundry is an open source project for building a common open fra ...) + NOT-FOR-US: EdgeX Foundry +CVE-2021-32752 (Ether Logs is a package that allows one to check one's logs in the Cra ...) + NOT-FOR-US: Ether Logs +CVE-2021-32751 (Gradle is a build tool with a focus on build automation. In versions p ...) + - gradle (bug #1014778) + [bookworm] - gradle (Minor issue) + [bullseye] - gradle (Minor issue) + [buster] - gradle (Minor issue) + [stretch] - gradle (Minor issue) + NOTE: https://github.com/gradle/gradle/security/advisories/GHSA-6j2p-252f-7mw8 +CVE-2021-32750 (MuWire is a file publishing and networking tool that protects the iden ...) + NOT-FOR-US: MuWire +CVE-2021-32749 (fail2ban is a daemon to ban hosts that cause multiple authentication e ...) + - fail2ban 0.11.2-2 + [buster] - fail2ban (Minor issue, can be fixed in point release) + [stretch] - fail2ban (Minor issue, can be fixed after fix of regression) + NOTE: https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm + NOTE: https://github.com/fail2ban/fail2ban/commit/2ed414ed09b3bb4c478abc9366a1ff22024a33c9 (0.9) + NOTE: https://github.com/fail2ban/fail2ban/commit/410a6ce5c80dd981c22752da034f2529b5eee844 (0.10, 0.11, 1.0) + NOTE: Fix introduces regression for installations with mail command from the bsd-mailx package: + NOTE: https://github.com/fail2ban/fail2ban/issues/3059 +CVE-2021-32748 (Nextcloud Richdocuments in an open source self hosted online office. N ...) + NOT-FOR-US: Nextcloud Richdocuments +CVE-2021-32747 (Icinga Web 2 is an open source monitoring web interface, framework, an ...) + [experimental] - icingaweb2 2.8.3-1~exp1 + - icingaweb2 2.8.4-1 (bug #991116) + [bullseye] - icingaweb2 (Minor issue) + [buster] - icingaweb2 (Minor issue) + [stretch] - icingaweb2 (Minor issue) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-2xv9-886q-p7xx + NOTE: https://github.com/Icinga/icingaweb2/commit/ffe8741c66af6ea085514a35ec878093b991875c (v2.8.3) +CVE-2021-32746 (Icinga Web 2 is an open source monitoring web interface, framework and ...) + [experimental] - icingaweb2 2.8.3-1~exp1 + - icingaweb2 2.8.4-1 (bug #991116) + [bullseye] - icingaweb2 (Minor issue) + [buster] - icingaweb2 (Minor issue) + [stretch] - icingaweb2 (Minor issue) + NOTE: https://github.com/Icinga/icingaweb2/security/advisories/GHSA-cmgc-h4cx-3v43 + NOTE: https://github.com/Icinga/icingaweb2/commit/80875d91bbfa52553fe7bb2c1a32a9814880d9c1 (v2.8.3) +CVE-2021-32745 (Collabora Online is a collaborative online office suite. A reflected X ...) + NOT-FOR-US: Collabora Online +CVE-2021-32744 (Collabora Online is a collaborative online office suite. In versions p ...) + NOT-FOR-US: Collabora Online +CVE-2021-32743 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + [experimental] - icinga2 2.12.5-1~exp1 + - icinga2 2.12.5-1 (bug #991494) + [bullseye] - icinga2 (Minor issue) + [buster] - icinga2 (Minor issue) + NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-wrpw-pmr8-qgj7 + NOTE: https://github.com/Icinga/icinga2/commit/843353ab69f79b3abfeb38ac249b05e1944369ab (v2.12.5) +CVE-2021-32742 (Vapor is a web framework for Swift. In versions 4.47.1 and prior, bug ...) + NOT-FOR-US: Vapor +CVE-2021-32741 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32740 (Addressable is an alternative implementation to the URI implementation ...) + - ruby-addressable 2.7.0-2 (bug #990791) + [buster] - ruby-addressable (Minor issue) + [stretch] - ruby-addressable (Minor issue) + NOTE: https://github.com/sporkmonger/addressable/security/advisories/GHSA-jxhc-q857-3j6g + NOTE: https://github.com/sporkmonger/addressable/commit/b48ff03347a6d46e8dc674e242ce74c6381962a5#diff-fb36d3dc67e6565ffde17e666a98697f48e76dac38fabf1bb9e97cdf3b583d76 +CVE-2021-32739 (Icinga is a monitoring system which checks the availability of network ...) + {DLA-2816-1} + [experimental] - icinga2 2.12.5-1~exp1 + - icinga2 2.12.5-1 (bug #991494) + [bullseye] - icinga2 (Minor issue) + [buster] - icinga2 (Minor issue) + NOTE: https://icinga.com/blog/2021/07/15/releasing-icinga-2-12-5-and-2-11-10/ + NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-98wp-jc6q-x5q5 + NOTE: https://github.com/Icinga/icinga2/commit/b5b83fa51564662ff2e78d7529ff77e1085d4522 (v2.12.5) +CVE-2021-32738 (js-stellar-sdk is a Javascript library for communicating with a Stella ...) + NOT-FOR-US: js-stellar-sdk +CVE-2021-32737 (Sulu is an open-source PHP content management system based on the Symf ...) + NOT-FOR-US: Sulu +CVE-2021-32736 (think-helper defines a set of helper functions for ThinkJS. In version ...) + NOT-FOR-US: think-helper +CVE-2021-32735 (Kirby is a content management system. In Kirby CMS versions 3.5.5 and ...) + NOT-FOR-US: Kirby +CVE-2021-32734 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32733 (Nextcloud Text is a collaborative document editing application that us ...) + NOT-FOR-US: Nextcloud Text +CVE-2021-32732 (### Impact It's possible to know if a user has or not an account in a ...) + NOT-FOR-US: XWiki +CVE-2021-32731 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32730 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32729 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32728 (The Nextcloud Desktop Client is a tool to synchronize files from Nextc ...) + {DSA-4974-1} + - nextcloud-desktop 3.3.1-1 + NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-f5fr-5gcv-6cc5 + NOTE: https://github.com/nextcloud/desktop/pull/3338 +CVE-2021-32727 (Nextcloud Android Client is the Android client for Nextcloud. Clients ...) + NOT-FOR-US: Nextcloud Android Client +CVE-2021-32726 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32725 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32724 (check-spelling is a github action which provides CI spell checking. In ...) + NOT-FOR-US: Github +CVE-2021-32723 (Prism is a syntax highlighting library. Some languages before 1.24.0 a ...) + NOT-FOR-US: Prism +CVE-2021-32722 (GlobalNewFiles is a mediawiki extension. Versions prior to 48be7adb705 ...) + NOT-FOR-US: GlobalNewFiles MediaWiki extension +CVE-2021-32721 (PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux ...) + NOT-FOR-US: PowerMux +CVE-2021-32720 (Sylius is an Open Source eCommerce platform on top of Symfony. In vers ...) + NOT-FOR-US: Sylius +CVE-2021-32719 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) + - rabbitmq-server 3.9.4-1 (bug #990524) + [bullseye] - rabbitmq-server (Minor issue) + [buster] - rabbitmq-server (Minor issue) + [stretch] - rabbitmq-server (Vulnerable code not present) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3122 + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/f01f0f2d840b98128cdb7ff966d8234b06ef7c75 (master) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/51df93b45fb05f935456f09b88e7554e0b36317f (v3.9.0-beta.1) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/08beb82e9ab8923ded88ece2800cd80971e2bd05 (v3.8.18) +CVE-2021-32718 (RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prio ...) + - rabbitmq-server 3.9.4-1 (bug #990524) + [bullseye] - rabbitmq-server (Minor issue) + [buster] - rabbitmq-server (Minor issue) + [stretch] - rabbitmq-server (Vulnerable code not present) + NOTE: https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772 + NOTE: https://github.com/rabbitmq/rabbitmq-server/pull/3028 + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a8dffdf7de9793a76fc4685c89b968d8eddca4ca (v3.9.0-beta.1) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-server/commit/a7373585faeac0aaede5a9c245094d8022e81299 (v3.8.17-rc.1) +CVE-2021-32717 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) + NOT-FOR-US: Shopware +CVE-2021-32716 (Shopware is an open source eCommerce platform. In versions prior to 6. ...) + NOT-FOR-US: Shopware +CVE-2021-32715 (hyper is an HTTP library for rust. hyper's HTTP/1 server code had a fl ...) + - rust-hyper 0.14.19-1 + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0078.html + NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-f3pg-qwvg-p99c +CVE-2021-32714 (hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper ...) + - rust-hyper 0.14.19-1 + NOTE: https://rustsec.org/advisories/RUSTSEC-2021-0079.html + NOTE: https://github.com/hyperium/hyper/security/advisories/GHSA-5h46-h7hh-c6x9 +CVE-2021-32713 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) + NOT-FOR-US: Shopware +CVE-2021-32712 (Shopware is an open source eCommerce platform. Versions prior to 5.6.1 ...) + NOT-FOR-US: Shopware +CVE-2021-32711 (Shopware is an open source eCommerce platform. Versions prior to 6.3.5 ...) + NOT-FOR-US: Shopware +CVE-2021-32710 (Shopware is an open source eCommerce platform. Potential session hijac ...) + NOT-FOR-US: Shopware +CVE-2021-32709 (Shopware is an open source eCommerce platform. Creation of order credi ...) + NOT-FOR-US: Shopware +CVE-2021-32708 (Flysystem is an open source file storage library for PHP. The whitespa ...) + - php-league-flysystem 1.1.3-4 (bug #990288) + NOTE: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm +CVE-2021-32707 (Nextcloud Mail is a mail app for Nextcloud. In versions prior to 1.9.6 ...) + NOT-FOR-US: Nextcloud Mail +CVE-2021-32706 (Pi-hole's Web interface provides a central location to manage a Pi-hol ...) + NOT-FOR-US: Pi-hole +CVE-2021-32705 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32704 (DHIS 2 is an information system for data capture, management, validati ...) + NOT-FOR-US: DHIS 2 +CVE-2021-32703 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32702 (The Auth0 Next.js SDK is a library for implementing user authenticatio ...) + NOT-FOR-US: Auth0 Next.js SDK +CVE-2021-32701 (ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control ...) + NOT-FOR-US: ORY Oathkeeper +CVE-2021-32700 (Ballerina is an open source programming language and platform for clou ...) + NOT-FOR-US: Ballerina +CVE-2021-32699 (Wings is the control plane software for the open source Pterodactyl ga ...) + NOT-FOR-US: Wings +CVE-2021-32698 (eLabFTW is an open source electronic lab notebook for research labs. T ...) + NOT-FOR-US: eLabFTW +CVE-2021-32697 (neos/forms is an open source framework to build web forms. By crafting ...) + NOT-FOR-US: neos/forms +CVE-2021-32696 (The npm package "striptags" is an implementation of PHP's strip_tags i ...) + NOT-FOR-US: Node striptags +CVE-2021-32695 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-32694 (Nextcloud Android app is the Android client for Nextcloud. In versions ...) + NOT-FOR-US: Nextcloud Android app +CVE-2021-32693 (Symfony is a PHP framework for web and console applications and a set ...) + - symfony (Vulnerable code not present) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-rfcf-m67m-jcrq + NOTE: Fixed by: https://github.com/symfony/symfony/commit/3084764ad82f29dbb025df19978b9cbc3ab34728 (v5.3.2) + NOTE: https://symfony.com/blog/cve-2021-32693-authentication-granted-to-all-firewalls-instead-of-just-one +CVE-2021-32692 (Activity Watch is a free and open-source automated time tracker. Versi ...) + NOT-FOR-US: Activity Watch +CVE-2021-32691 (Apollos Apps is an open source platform for launching church-related a ...) + NOT-FOR-US: Apollo Apps +CVE-2021-32690 (Helm is a tool for managing Charts (packages of pre-configured Kuberne ...) + - helm-kubernetes (bug #910799) +CVE-2021-32689 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) + NOT-FOR-US: Nextcloud Talk +CVE-2021-32688 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) + - nextcloud-server (bug #941708) +CVE-2021-32687 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-m3mf-8x9w-r27q +CVE-2021-32686 (PJSIP is a free and open source multimedia communication library writt ...) + {DSA-4999-1 DLA-2962-1} + - asterisk 1:16.16.1~dfsg-2 (bug #991931) + [stretch] - asterisk (Vulnerable code not present) + - pjproject + - ring 20230206.0~ds1-1 (bug #1014998) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr + NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd + NOTE: https://github.com/pjsip/pjproject/pull/2716 +CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) + NOT-FOR-US: tEnvoy +CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) + NOT-FOR-US: Create Magento app +CVE-2021-32683 (wire-webapp is the web version of Wire, an open-source messenger. A cr ...) + NOT-FOR-US: wire-webapp +CVE-2021-32682 (elFinder is an open-source file manager for web, written in JavaScript ...) + NOT-FOR-US: elFinder +CVE-2021-32681 (Wagtail is an open source content management system built on Django. A ...) + NOT-FOR-US: Wagtail +CVE-2021-32680 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32679 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32678 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32677 (FastAPI is a web framework for building APIs with Python 3.6+ based on ...) + - fastapi 0.70.0-1 (bug #990582) + [bullseye] - fastapi (Minor issue) + NOTE: https://github.com/tiangolo/fastapi/security/advisories/GHSA-8h2j-cgx8-6xv7 + NOTE: https://github.com/tiangolo/fastapi/commit/fa7e3c996edf2d5482fff8f9d890ac2390dede4d (0.65.2) +CVE-2021-32676 (Nextcloud Talk is a fully on-premises audio/video and chat communicati ...) + NOT-FOR-US: Nextcloud Talk +CVE-2021-32675 (Redis is an open source, in-memory database that persists on disk. Whe ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p +CVE-2021-32674 (Zope is an open-source web application server. This advisory extends t ...) + NOT-FOR-US: Zope +CVE-2021-32673 (reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot ...) + NOT-FOR-US: reg-keygen-git-hash-plugin +CVE-2021-32672 (Redis is an open source, in-memory database that persists on disk. Whe ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-9mj9-xx53-qmxm +CVE-2021-32671 (Flarum is a forum software for building communities. Flarum's translat ...) + NOT-FOR-US: Flarum +CVE-2021-32670 (Datasette is an open source multi-tool for exploring and publishing da ...) + NOT-FOR-US: Datasette +CVE-2021-32669 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32668 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32667 (TYPO3 is an open source PHP based web content management system. Versi ...) + NOT-FOR-US: Typo 3 +CVE-2021-32666 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32665 (wire-ios is the iOS version of Wire, an open-source secure messaging a ...) + NOT-FOR-US: wire-ios (iOS version of Wire) +CVE-2021-32664 (Combodo iTop is an open source web based IT Service Management tool. I ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32663 (iTop is an open source web based IT Service Management tool. In affect ...) + NOT-FOR-US: Combodo iTop +CVE-2021-32662 (Backstage is an open platform for building developer portals, and tech ...) + NOT-FOR-US: Backstage +CVE-2021-32661 (Backstage is an open platform for building developer portals. In versi ...) + NOT-FOR-US: Backstage +CVE-2021-32660 (Backstage is an open platform for building developer portals, and tech ...) + NOT-FOR-US: Backstage +CVE-2021-32659 (Matrix-appservice-bridge is the bridging service for the Matrix commun ...) + NOT-FOR-US: Matrix-appservice-bridge +CVE-2021-32658 (Nextcloud Android is the Android client for the Nextcloud open source ...) + NOT-FOR-US: Nextcloud client for Android +CVE-2021-32657 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32656 (Nextcloud Server is a Nextcloud package that handles data storage. A v ...) + - nextcloud-server (bug #941708) +CVE-2021-32655 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32654 (Nextcloud Server is a Nextcloud package that handles data storage. In ...) + - nextcloud-server (bug #941708) +CVE-2021-32653 (Nextcloud Server is a Nextcloud package that handles data storage. Nex ...) + - nextcloud-server (bug #941708) +CVE-2021-32652 (Nextcloud Mail is a mail app for the Nextcloud platform. A missing per ...) + - nextcloud-server (bug #941708) +CVE-2021-32651 (OneDev is a development operations platform. If the LDAP external auth ...) + NOT-FOR-US: OneDev +CVE-2021-32650 (October CMS is a self-hosted content management system (CMS) platform ...) + NOT-FOR-US: October CMS +CVE-2021-32649 (October CMS is a self-hosted content management system (CMS) platform ...) + NOT-FOR-US: October CMS +CVE-2021-32648 (octobercms in a CMS platform based on the Laravel PHP Framework. In af ...) + NOT-FOR-US: October CMS +CVE-2021-32647 (Emissary is a P2P based data-driven workflow engine. Affected versions ...) + NOT-FOR-US: Emissary +CVE-2021-32646 (Roomer is a discord bot cog (extension) which provides automatic voice ...) + NOT-FOR-US: Roomer +CVE-2021-32645 (Tenancy multi-tenant is an open source multi-domain controller for the ...) + NOT-FOR-US: Teancy multi-tenant +CVE-2021-32644 (Ampache is an open source web based audio/video streaming application ...) + - ampache +CVE-2021-32643 (Http4s is a Scala interface for HTTP services. `StaticFile.fromUrl` ca ...) + NOT-FOR-US: Http4s +CVE-2021-32642 (radsecproxy is a generic RADIUS proxy that supports both UDP and TLS ( ...) + - radsecproxy 1.8.2-4 (unimportant) + NOTE: https://github.com/radsecproxy/radsecproxy/commit/ab7a2ea42a75d5ad3421e4365f63cbdcb08fb7af + NOTE: Only affects example script +CVE-2021-32641 (auth0-lock is Auth0's signin solution. Versions of nauth0-lock before ...) + NOT-FOR-US: auth0-lock +CVE-2021-32640 (ws is an open source WebSocket client and server library for Node.js. ...) + - node-ws 7.4.2+~cs18.0.8-2 + [buster] - node-ws 1.1.0+ds1.e6ddaae4-5+deb10u1 + [stretch] - node-ws (Nodejs in stretch not covered by security support) + NOTE: https://github.com/websockets/ws/security/advisories/GHSA-6fc8-4gx4-v693 + NOTE: https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff +CVE-2021-32639 (Emissary is a P2P-based, data-driven workflow engine. Emissary version ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32638 (Github's CodeQL action is provided to run CodeQL-based code scanning o ...) + NOT-FOR-US: Github +CVE-2021-32637 (Authelia is a a single sign-on multi-factor portal for web apps. This ...) + NOT-FOR-US: Authelia +CVE-2021-32636 + RESERVED +CVE-2021-32635 (Singularity is an open source container platform. In verions 3.7.2 and ...) + - singularity-container (Vulnerable code introduced in 3.7.2) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jq42-hfch-42f3 + NOTE: https://github.com/hpcng/singularity/commit/cd298aaeb7698fb692689e2e1b49972c94bfa440 +CVE-2021-32634 (Emissary is a distributed, peer-to-peer, data-driven workflow framewor ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32633 (Zope is an open-source web application server. In Zope versions prior ...) + NOT-FOR-US: Zope +CVE-2021-32632 (Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnera ...) + NOT-FOR-US: Pajbot +CVE-2021-32631 (Common is a package of common modules that can be accessed by NIMBLE s ...) + NOT-FOR-US: NIMBLE +CVE-2021-32630 (Admidio is a free, open source user management system for websites of ...) + NOT-FOR-US: Admidio +CVE-2021-32629 (Cranelift is an open-source code generator maintained by Bytecode Alli ...) + NOT-FOR-US: Cranelift +CVE-2021-32628 (Redis is an open source, in-memory database that persists on disk. An ...) + {DSA-5001-1} + - redis 5:6.0.16-1 + [stretch] - redis (Minor issue; invasive patch) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-vw22-qm3h-49pr +CVE-2021-32627 (Redis is an open source, in-memory database that persists on disk. In ...) + {DSA-5001-1} + - redis 5:6.0.16-1 + [stretch] - redis (Minor issue; invasive patch) + NOTE: https://github.com/redis/redis/security/advisories/GHSA-f434-69fm-g45v +CVE-2021-32626 (Redis is an open source, in-memory database that persists on disk. In ...) + {DSA-5001-1 DLA-2810-1} + - redis 5:6.0.16-1 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-p486-xggp-782c +CVE-2021-32625 (Redis is an open source (BSD licensed), in-memory data structure store ...) + - redis 5:6.0.14-1 (bug #989351) + [buster] - redis (Vulnerable code not present) + [stretch] - redis (Vulnerable code not present) + NOTE: https://github.com/redis/redis/pull/9011 + NOTE: https://github.com/redis/redis/commit/1ddecf1958924b178b76a31d989ef1e05af81964 + NOTE: https://github.com/redis/redis/security/advisories/GHSA-46cp-x4x9-6pfq + NOTE: CVE is result of incomplete fix by CVE-2021-29477. +CVE-2021-32624 (Keystone 5 is an open source CMS platform to build Node.js application ...) + NOT-FOR-US: Keystone CMS +CVE-2021-32623 (Opencast is a free and open source solution for automated video captur ...) + NOT-FOR-US: Opencast +CVE-2021-32622 (Matrix-React-SDK is a react-based SDK for inserting a Matrix chat/voip ...) + NOT-FOR-US: Matrix-React-SDK +CVE-2021-32621 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32620 (XWiki Platform is a generic wiki platform offering runtime services fo ...) + NOT-FOR-US: XWiki +CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and is bu ...) + NOT-FOR-US: Deno +CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...) + NOT-FOR-US: Flask-Security-Too +CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...) + - exiv2 0.27.5-1 (bug #988731) + [bullseye] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-w8mv-g8qq-36mj + NOTE: https://github.com/Exiv2/exiv2/pull/1657 +CVE-2021-32616 (1CDN is open-source file sharing software. In 1CDN before commit f88a2 ...) + NOT-FOR-US: 1CDN +CVE-2021-3549 (An out of bounds flaw was found in GNU binutils objdump utility versio ...) + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=27294 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 + NOTE: binutils not covered by security support +CVE-2021-32615 (Piwigo 11.4.0 allows admin/user_list_backend.php order[0][dir] SQL Inj ...) + - piwigo +CVE-2021-32614 (A flaw was found in dmg2img through 20170502. fill_mishblk() does not ...) + - dmg2img (unimportant; bug #989008) + NOTE: https://github.com/Lekensteyn/dmg2img/issues/11 + NOTE: Crash in CLI tool, no security impact +CVE-2021-32613 (In radare2 through 5.3.0 there is a double free vulnerability in the p ...) + - radare2 5.5.0+dfsg-1 (bug #989067) + NOTE: https://github.com/radareorg/radare2/issues/18679 + NOTE: https://github.com/radareorg/radare2/commit/049de62730f4954ef9a642f2eeebbca30a8eccdc +CVE-2021-32612 (The VeryFitPro (com.veryfit2hr.second) application 3.2.8 for Android d ...) + NOT-FOR-US: VeryFitPro +CVE-2021-32611 (A NULL pointer dereference vulnerability exists in eXcall_api.c in Ant ...) + - libexosip2 + [buster] - libexosip2 (Minor issue) + [stretch] - libexosip2 (Minor issue) + NOTE: http://git.savannah.nongnu.org/cgit/exosip.git/commit/?id=f2ed389fe84613512cc560127883e51e6cf8c054 +CVE-2021-32610 (In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ...) + {DLA-2721-1} + - drupal7 + - php-pear 1:1.10.13+submodules+notgz-1 (bug #991541) + [bullseye] - php-pear (Minor issue) + [buster] - php-pear (Minor issue) + [stretch] - php-pear (Minor issue) + NOTE: https://www.drupal.org/sa-core-2021-004 + NOTE: https://pear.php.net/package/Archive_Tar/download/1.4.14/ + NOTE: https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 (1.4.14) +CVE-2021-32609 (Apache Superset up to and including 1.1 does not sanitize titles corre ...) + NOT-FOR-US: Apache Superset +CVE-2021-32608 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) + NOT-FOR-US: Smartstore +CVE-2021-32607 (An issue was discovered in Smartstore (aka SmartStoreNET) through 4.1. ...) + NOT-FOR-US: Smartstore +CVE-2021-3547 (OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middl ...) + - openvpn3 (bug #904044) +CVE-2021-32605 (zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrar ...) + NOT-FOR-US: zzzcms +CVE-2021-32604 (Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles ...) + NOT-FOR-US: SolarWinds +CVE-2021-32603 (A server-side request forgery (SSRF) (CWE-918) vulnerability in FortiM ...) + NOT-FOR-US: FortiGuard +CVE-2021-32602 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiGuard +CVE-2021-32601 + RESERVED +CVE-2021-32600 (An exposure of sensitive information to an unauthorized actor vulnerab ...) + NOT-FOR-US: Fortiguard +CVE-2021-32599 + RESERVED +CVE-2021-32598 (An improper neutralization of CRLF sequences in HTTP headers ('HTTP Re ...) + NOT-FOR-US: FortiGuard +CVE-2021-32597 (Multiple improper neutralization of input during web page generation ( ...) + NOT-FOR-US: Fortiguard +CVE-2021-32596 (A use of one-way hash with a predictable salt vulnerability in the pas ...) + NOT-FOR-US: FortiPortal +CVE-2021-32595 (Multiple uncontrolled resource consumption vulnerabilities in the web ...) + NOT-FOR-US: Fortiguard +CVE-2021-32594 (An unrestricted file upload vulnerability in the web interface of Fort ...) + NOT-FOR-US: FortiPortal +CVE-2021-32593 (A use of a broken or risky cryptographic algorithm vulnerability [CWE- ...) + NOT-FOR-US: FortiWAN +CVE-2021-32592 (An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 ...) + NOT-FOR-US: FortiGuard +CVE-2021-32591 (A missing cryptographic steps vulnerability in the function that encry ...) + NOT-FOR-US: FortiGuard +CVE-2021-32590 (Multiple improper neutralization of special elements used in an SQL co ...) + NOT-FOR-US: FortiPortal +CVE-2021-32589 + RESERVED +CVE-2021-32588 (A use of hard-coded credentials (CWE-798) vulnerability in FortiPortal ...) + NOT-FOR-US: FortiGuard +CVE-2021-32587 (An improper access control vulnerability in FortiManager and FortiAnal ...) + NOT-FOR-US: Fortiguard +CVE-2021-32586 (An improper input validation vulnerability in the web server CGI facil ...) + NOT-FOR-US: FortiGuard +CVE-2021-32585 (An improper neutralization of input during web page generation vulnera ...) + NOT-FOR-US: FortiWAN +CVE-2021-32584 + RESERVED +CVE-2021-32583 + RESERVED +CVE-2021-32582 (An issue was discovered in ConnectWise Automate before 2021.5. A blind ...) + NOT-FOR-US: ConnectWise Automate +CVE-2021-32581 (Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Im ...) + NOT-FOR-US: Acronis +CVE-2021-32580 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32579 (Acronis True Image prior to 2021 Update 4 for Windows and Acronis True ...) + NOT-FOR-US: Acronis +CVE-2021-32578 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32577 (Acronis True Image prior to 2021 Update 5 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32576 (Acronis True Image prior to 2021 Update 4 for Windows allowed local pr ...) + NOT-FOR-US: Acronis +CVE-2021-32606 (In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/i ...) + - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/16 +CVE-2021-3545 (An information disclosure vulnerability was found in the virtio vhost- ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu (Only minimal support present and not installed in binary packages) + [stretch] - qemu (The vulnerable code was introduced later) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01153.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/121841b2 +CVE-2021-3544 (Several memory leaks were found in the virtio vhost-user GPU device (v ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu (Only minimal support present and not installed in binary packages) + [stretch] - qemu (The vulnerable code was introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958935 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01151.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01157.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01152.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01156.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01158.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b9f79858 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/f6091d86 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/63736af5 +CVE-2021-3548 (A flaw was found in dmg2img through 20170502. dmg2img did not validate ...) + - dmg2img (unimportant) + NOTE: https://github.com/Lekensteyn/dmg2img/issues/9 + NOTE: Crash in CLI tool, no security impact +CVE-2021-3543 (A flaw null pointer dereference in the Nitro Enclaves kernel driver wa ...) + - linux 5.10.38-1 (unimportant) + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f1ce3986baa62cffc3c5be156994de87524bab99 + NOTE: nitro_enclaves not enabled in Debian binary builds +CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networ ...) + - nomad 0.12.10+dfsg1-3 (bug #990581) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 +CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...) + - consul 1.9.17+dfsg2-1 (bug #991719) + [bullseye] - consul (Minor issue) + [buster] - consul (Only affects 1.3.0 and later) + NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 + NOTE: https://github.com/hashicorp/consul/pull/10619 +CVE-2021-32573 (The express-cart package through 1.1.10 for Node.js allows Reflected X ...) + NOT-FOR-US: Node express-cart +CVE-2021-32572 (Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET ...) + NOT-FOR-US: Speco Web Viewer +CVE-2021-32571 (In OSS-RC systems of the release 18B and older during data migration p ...) + NOT-FOR-US: OSS-RC +CVE-2021-32570 (In Ericsson Network Manager (ENM) releases before 21.2, users belongin ...) + NOT-FOR-US: Ericsson +CVE-2021-32569 (In OSS-RC systems of the release 18B and older customer documentation ...) + NOT-FOR-US: OSS-RC +CVE-2021-32568 (mrdoc is vulnerable to Deserialization of Untrusted Data) + NOT-FOR-US: mrdoc +CVE-2021-32567 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32566 (Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Se ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/034965e0fd0def114658f0048d953d1c16a95bed (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32565 (Invalid values in the Content-Length header sent to Apache Traffic Ser ...) + {DSA-4957-1} + - trafficserver 8.1.1+ds-1.1 (bug #990303) + NOTE: https://lists.apache.org/thread.html/ra1a41ff92a70d25bf576d7da2590575e8ff430393a3f4a0c34de4277%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/pull/7945 (8.1.x) + NOTE: https://github.com/apache/trafficserver/commit/668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca (master) + NOTE: https://github.com/apache/trafficserver/commit/b82a3d192f995fb9d78e1c44d51d9acca4783277 (8.1.x) +CVE-2021-32564 + RESERVED +CVE-2021-32562 + RESERVED +CVE-2021-32561 (OctoPrint before 1.6.0 allows XSS because API error messages include t ...) + NOT-FOR-US: OctoPrint +CVE-2021-32560 (The Logging subsystem in OctoPrint before 1.6.0 has incorrect access c ...) + NOT-FOR-US: OctoPrint +CVE-2021-32559 (An integer overflow exists in pywin32 prior to version b301 when addin ...) + NOT-FOR-US: pywin32 +CVE-2021-32558 (An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x ...) + {DSA-4999-1 DLA-2729-1} + - asterisk 1:16.16.1~dfsg-2 (bug #991710) + NOTE: https://downloads.asterisk.org/pub/security/AST-2021-008.html +CVE-2021-32557 (It was discovered that the process_report() function in data/whoopsie- ...) + NOT-FOR-US: Apport +CVE-2021-32556 (It was discovered that the get_modified_conffiles() function in backen ...) + NOT-FOR-US: Apport +CVE-2021-32555 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32554 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32553 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32552 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32551 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32550 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32549 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32548 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32547 (It was discovered that read_file() in apport/hookutils.py would follow ...) + NOT-FOR-US: Apport +CVE-2021-32546 (Missing input validation in internal/db/repo_editor.go in Gogs before ...) + NOT-FOR-US: Go Git Service +CVE-2021-32545 (Pexip Infinity before 26 allows remote denial of service because of mi ...) + NOT-FOR-US: Pexip Infinity +CVE-2021-32544 (Special characters of IGT search function in igt+ are not filtered in ...) + NOT-FOR-US: igt+ +CVE-2021-32543 (The CTS Web transaction system related to authentication management is ...) + NOT-FOR-US: CTS Web transaction system +CVE-2021-32542 (The parameters of the specific functions in the CTS Web trading system ...) + NOT-FOR-US: CTS Web trading system +CVE-2021-32541 (The CTS Web transaction system related to authentication and session m ...) + NOT-FOR-US: CTS Web transaction system +CVE-2021-32540 (Add announcement function in the 101EIP system does not filter special ...) + NOT-FOR-US: 101EIP system +CVE-2021-32539 (Add event in calendar function in the 101EIP system does not filter sp ...) + NOT-FOR-US: 101EIP system +CVE-2021-32538 (ARTWARE CMS parameter of image upload function does not filter the typ ...) + NOT-FOR-US: ARTWARE CMS +CVE-2021-32537 (Realtek HAD contains a driver crashed vulnerability which allows local ...) + NOT-FOR-US: Realtek +CVE-2021-32536 (The login page in the MCUsystem does not filter with special character ...) + NOT-FOR-US: MCUsystem +CVE-2021-32535 (The vulnerability of hard-coded default credentials in QSAN SANOS allo ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32534 (QSAN SANOS factory reset function does not filter special parameters. ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32533 (The QSAN SANOS setting page does not filter special parameters. Remote ...) + NOT-FOR-US: QSAN SANOS +CVE-2021-32532 (Path traversal vulnerability in back-end analysis function in QSAN XEV ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32531 (OS command injection vulnerability in Init function in QSAN XEVO allow ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32530 (OS command injection vulnerability in Array function in QSAN XEVO allo ...) + NOT-FOR-US: QSAN XEVO +CVE-2021-32529 (Command injection vulnerability in QSAN XEVO, SANOS allows remote unau ...) + NOT-FOR-US: QSAN +CVE-2021-32528 (Observable behavioral discrepancy vulnerability in QSAN Storage Manage ...) + NOT-FOR-US: QSAN +CVE-2021-32527 (Path traversal vulnerability in QSAN Storage Manager allows remote una ...) + NOT-FOR-US: QSAN +CVE-2021-32526 (Incorrect permission assignment for critical resource vulnerability in ...) + NOT-FOR-US: QSAN +CVE-2021-32525 (The same hard-coded password in QSAN Storage Manager's in the firmware ...) + NOT-FOR-US: QSAN +CVE-2021-32524 (Command injection vulnerability in QSAN Storage Manager allows remote ...) + NOT-FOR-US: QSAN +CVE-2021-32523 (Improper authorization vulnerability in QSAN Storage Manager allows re ...) + NOT-FOR-US: QSAN +CVE-2021-32522 (Improper restriction of excessive authentication attempts vulnerabilit ...) + NOT-FOR-US: QSAN +CVE-2021-32521 (Use of MAC address as an authenticated password in QSAN Storage Manage ...) + NOT-FOR-US: QSAN +CVE-2021-32520 (Use of hard-coded cryptographic key vulnerability in QSAN Storage Mana ...) + NOT-FOR-US: QSAN +CVE-2021-32519 (Use of password hash with insufficient computational effort vulnerabil ...) + NOT-FOR-US: QSAN +CVE-2021-32518 (A vulnerability in share_link in QSAN Storage Manager allows remote at ...) + NOT-FOR-US: QSAN +CVE-2021-32517 (Improper access control vulnerability in share_link in QSAN Storage Ma ...) + NOT-FOR-US: QSAN +CVE-2021-32516 (Path traversal vulnerability in share_link in QSAN Storage Manager all ...) + NOT-FOR-US: QSAN +CVE-2021-32515 (Directory listing vulnerability in share_link in QSAN Storage Manager ...) + NOT-FOR-US: QSAN +CVE-2021-32514 (Improper access control vulnerability in FirmwareUpgrade in QSAN Stora ...) + NOT-FOR-US: QSAN +CVE-2021-32513 (QsanTorture in QSAN Storage Manager does not filter special parameters ...) + NOT-FOR-US: QSAN +CVE-2021-32512 (QuickInstall in QSAN Storage Manager does not filter special parameter ...) + NOT-FOR-US: QSAN +CVE-2021-32511 (QSAN Storage Manager through directory listing vulnerability in ViewBr ...) + NOT-FOR-US: QSAN +CVE-2021-32510 (QSAN Storage Manager through directory listing vulnerability in antivi ...) + NOT-FOR-US: QSAN +CVE-2021-32509 (Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage M ...) + NOT-FOR-US: QSAN +CVE-2021-32508 (Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage ...) + NOT-FOR-US: QSAN +CVE-2021-32507 (Absolute Path Traversal vulnerability in FileDownload in QSAN Storage ...) + NOT-FOR-US: QSAN +CVE-2021-32506 (Absolute Path Traversal vulnerability in GetImage in QSAN Storage Mana ...) + NOT-FOR-US: QSAN +CVE-2021-32505 + REJECTED +CVE-2021-32504 (Unauthenticated users can access sensitive web URLs through GET reques ...) + NOT-FOR-US: SICK FTMg flow sensors +CVE-2021-32503 (Unauthenticated users can access sensitive web URLs through GET reques ...) + NOT-FOR-US: SICK FTMg flow sensors +CVE-2021-32502 + REJECTED +CVE-2021-32501 + REJECTED +CVE-2021-32500 + REJECTED +CVE-2021-32499 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32498 (SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32497 (SICK SOPAS ET before version 4.8.0 allows attackers to wrap any execut ...) + NOT-FOR-US: SICK SOPAS ET +CVE-2021-32496 (SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inad ...) + NOT-FOR-US: SICK Visionary-S CX +CVE-2021-32495 (Radare2 has a use-after-free vulnerability in pyc parser's get_none_ob ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/18666 + NOTE: https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05 (5.3.0) +CVE-2021-32494 (Radare2 has a division by zero vulnerability in Mach-O parser's rebase ...) + - radare2 5.5.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/18667 + NOTE: https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62 (5.3.0) +CVE-2021-32489 (An issue was discovered in the _send_secure_msg() function of Yubico y ...) + NOT-FOR-US: Yubico yubihsm-shell +CVE-2021-32488 + RESERVED +CVE-2021-32487 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32486 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32485 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32484 (In modem 2G RRM, there is a possible system crash due to a heap buffer ...) + NOT-FOR-US: modem 2G RRM +CVE-2021-32483 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-32482 (Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-32481 (Cloudera Hue 4.6.0 allows XSS via the type parameter.) + NOT-FOR-US: Cloudera Hue +CVE-2021-32480 + RESERVED +CVE-2021-32563 (An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17 ...) + - thunar 4.16.8-1 (bug #988394) + [buster] - thunar (Minor issue) + [stretch] - thunar (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/09/2 + NOTE: Fixed by: https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b + NOTE: Regression fix: https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664 + NOTE: Regression: https://gitlab.xfce.org/xfce/thunar/-/issues/575 +CVE-2021-3546 (An out-of-bounds write vulnerability was found in the virtio vhost-use ...) + {DSA-4980-1} + - qemu 1:6.1+dfsg-1 (bug #989042) + [buster] - qemu (Only minimal support present and not installed in binary packages) + [stretch] - qemu (The vulnerable code was introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1958978 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01155.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01154.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/9f22893a +CVE-2021-3542 + REJECTED +CVE-2021-32493 (A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overfl ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943424 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #3 / Patch12) +CVE-2021-32492 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds rea ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943410 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #1 / Patch10) +CVE-2021-32491 (A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943409 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #5 / Patch9) +CVE-2021-32490 (A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds wri ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943408 + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #4 / Patch8) +CVE-2021-3541 (A flaw was found in libxml2. Exponential entity expansion attack its p ...) + {DLA-2669-1} + - libxml2 2.9.10+dfsg-6.7 (bug #988603) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950515 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8598060bacada41a0eb09d95c97744ff4e428f8e + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/228 (currently private) + NOTE: https://blog.hartwork.org/posts/cve-2021-3541-parameter-laughs-fixed-in-libxml2-2-9-11/ +CVE-2021-32479 + RESERVED +CVE-2021-32478 (The redirect URI in the LTI authorization endpoint required extra sani ...) + - moodle +CVE-2021-32477 (The last time a user accessed the mobile app is displayed on their pro ...) + - moodle +CVE-2021-32476 (A denial-of-service risk was identified in the draft files area, due t ...) + - moodle +CVE-2021-32475 (ID numbers displayed in the quiz grading report required additional sa ...) + - moodle +CVE-2021-32474 (An SQL injection risk existed on sites with MNet enabled and configure ...) + - moodle +CVE-2021-32473 (It was possible for a student to view their quiz grade before it had b ...) + - moodle +CVE-2021-32472 (Teachers exporting a forum in CSV format could receive a CSV of forums ...) + - moodle +CVE-2021-32471 (Insufficient input validation in the Marvin Minsky 1967 implementation ...) + NOT-FOR-US: Marvin Minsky 1967 implementation of the Universal Turing Machine +CVE-2021-32470 (Craft CMS before 3.6.13 has an XSS vulnerability.) + NOT-FOR-US: Craft CMS +CVE-2021-32469 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32468 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32467 (MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and ...) + NOT-FOR-US: Netgear +CVE-2021-32466 (An uncontrolled search path element privilege escalation vulnerability ...) + NOT-FOR-US: Trend Micro +CVE-2021-32465 (An incorrect permission preservation vulnerability in Trend Micro Apex ...) + NOT-FOR-US: Trend Micro +CVE-2021-32464 (An incorrect permission assignment privilege escalation vulnerability ...) + NOT-FOR-US: Trend Micro +CVE-2021-32463 (An incorrect permission assignment denial-of-service vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2021-32462 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) + NOT-FOR-US: Trend Micro +CVE-2021-32461 (Trend Micro Password Manager (Consumer) version 5.0.0.1217 and below i ...) + NOT-FOR-US: Trend Micro +CVE-2021-32460 (The Trend Micro Maximum Security 2021 (v17) consumer product is vulner ...) + NOT-FOR-US: Trend Micro +CVE-2021-32459 (Trend Micro Home Network Security version 6.6.604 and earlier contains ...) + NOT-FOR-US: Trend Micro +CVE-2021-32458 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) + NOT-FOR-US: Trend Micro +CVE-2021-32457 (Trend Micro Home Network Security version 6.6.604 and earlier is vulne ...) + NOT-FOR-US: Trend Micro +CVE-2021-32456 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32455 (SITEL CAP/PRX firmware version 5.2.01, allows an attacker with access ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32454 (SITEL CAP/PRX firmware version 5.2.01 makes use of a hardcoded passwor ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-32453 (SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access t ...) + NOT-FOR-US: SITEL CAP/PRX firmware +CVE-2021-3540 (By abusing the 'install rpm info detail' command, an attacker can esca ...) + NOT-FOR-US: Ivanti MobileIron Core +CVE-2021-32452 + RESERVED +CVE-2021-32451 + RESERVED +CVE-2021-32450 + RESERVED +CVE-2021-32449 + RESERVED +CVE-2021-32448 + RESERVED +CVE-2021-32447 + RESERVED +CVE-2021-32446 + RESERVED +CVE-2021-32445 + RESERVED +CVE-2021-32444 + RESERVED +CVE-2021-32443 + RESERVED +CVE-2021-32442 + RESERVED +CVE-2021-32441 (SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 all ...) + NOT-FOR-US: Exponent-CMS +CVE-2021-32440 (The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to ca ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/f0ba83717b6e4d7a15a1676d1fe06152e199b011 (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1772 +CVE-2021-32439 (Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0. ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) + NOTE: https://github.com/gpac/gpac/commit/77ed81c069e10b3861d88f72e1c6be1277ee7eae (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1774 + NOTE: Introduced by https://github.com/gpac/gpac/commit/51dadae6c790af3f639c4d9d660658b2848b51a0 + NOTE: The vulnerability affects operations on multiple samples, which rely on a change which was only introduced in 51dadae6c7 +CVE-2021-32438 (The gf_media_export_filters function in GPAC 1.0.1 allows attackers to ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/00194f5fe462123f70b0bae7987317b52898b868 (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1769 +CVE-2021-32437 (The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to caus ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1653f31cf874eb6df964bea88d58d8e9b98b485e (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1770 +CVE-2021-32436 (An out-of-bounds read in the function write_title() in subs.c of abcm2 ...) + {DLA-2983-1} + - abcm2ps 8.14.13-1 (unimportant) + NOTE: https://github.com/lewdlime/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 (v8.14.12) + NOTE: https://github.com/lewdlime/abcm2ps/issues/85 + NOTE: Crash in CLI tool, no security impact +CVE-2021-32435 (Stack-based buffer overflow in the function get_key in parse.c of abcm ...) + {DLA-2983-1} + - abcm2ps 8.14.13-1 + [bullseye] - abcm2ps (Minor issue) + [buster] - abcm2ps (Minor issue) + NOTE: https://github.com/lewdlime/abcm2ps/commit/3169ace6d63f6f517a64e8df0298f44a490c4a15 (v8.14.12) + NOTE: https://github.com/lewdlime/abcm2ps/issues/84 +CVE-2021-32434 (abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in th ...) + {DLA-2983-1} + - abcm2ps 8.14.13-1 (unimportant) + NOTE: https://github.com/lewdlime/abcm2ps/commit/2f56e1179cab6affeb8afa9d6c324008fe40d8e3 (v8.14.12) + NOTE: https://github.com/lewdlime/abcm2ps/issues/83 + NOTE: Crash in CLI tool, no security impact +CVE-2021-32433 + RESERVED +CVE-2021-32432 + RESERVED +CVE-2021-32431 + RESERVED +CVE-2021-32430 + RESERVED +CVE-2021-32429 + RESERVED +CVE-2021-32428 (SQL Injection vulnerability in viaviwebtech Android EBook App (Books A ...) + NOT-FOR-US: viaviwebtech Android eBook app +CVE-2021-32427 + RESERVED +CVE-2021-32426 (In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary Ja ...) + NOT-FOR-US: TrendNet TW100-S4W1CA +CVE-2021-32425 + RESERVED +CVE-2021-32424 (In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session contr ...) + NOT-FOR-US: TrendNet TW100-S4W1CA +CVE-2021-32423 + RESERVED +CVE-2021-32422 (dpic 2021.01.01 has a Global buffer overflow in theyylex() function in ...) + - dpic 2021.11.01-1 (unimportant) + NOTE: https://gitlab.com/aplevich/dpic/-/issues/6 + NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf + NOTE: Crash in CLI tool, no security impact +CVE-2021-32421 (dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() func ...) + - dpic 2021.11.01-1 (unimportant) + NOTE: https://gitlab.com/aplevich/dpic/-/issues/7 + NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf + NOTE: Crash in CLI tool, no security impact +CVE-2021-32420 (dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring fun ...) + - dpic 2021.11.01-1 + [bullseye] - dpic (Minor issue) + NOTE: https://gitlab.com/aplevich/dpic/-/issues/5 + NOTE: Fixed by: https://gitlab.com/aplevich/dpic/-/commit/d317e4066c17f9ceb359b3af13264c32f6fb43cf +CVE-2021-32419 (An issue in Schism Tracker v20200412 fixed in v.20200412 allows attack ...) + - schism 2:20210525-2 (unimportant) + NOTE: https://github.com/schismtracker/schismtracker/issues/249 + NOTE: https://github.com/schismtracker/schismtracker/commit/1e2cc389a2a058fd13d99460c11115a6f7f7a6a4 + NOTE: Crash in CLI tool, no security impact +CVE-2021-32418 + RESERVED +CVE-2021-32417 + RESERVED +CVE-2021-32416 + RESERVED +CVE-2021-32415 (EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since versio ...) + NOT-FOR-US: EXEMSI MSI Wrapper +CVE-2021-32414 + RESERVED +CVE-2021-32413 + RESERVED +CVE-2021-32412 + RESERVED +CVE-2021-32411 + RESERVED +CVE-2021-32410 + RESERVED +CVE-2021-32409 + RESERVED +CVE-2021-32408 + RESERVED +CVE-2021-32407 + RESERVED +CVE-2021-32406 + RESERVED +CVE-2021-32405 + RESERVED +CVE-2021-32404 + RESERVED +CVE-2021-32403 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + NOT-FOR-US: Intelbras Router RF 301K Firmware +CVE-2021-32402 (Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Re ...) + NOT-FOR-US: Intelbras Router RF 301K Firmware +CVE-2021-32401 + RESERVED +CVE-2021-32400 + RESERVED +CVE-2021-32399 (net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a r ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/2 +CVE-2021-32398 + RESERVED +CVE-2021-32397 + RESERVED +CVE-2021-32396 + RESERVED +CVE-2021-32395 + RESERVED +CVE-2021-32394 + RESERVED +CVE-2021-32393 + RESERVED +CVE-2021-32392 + RESERVED +CVE-2021-32391 + RESERVED +CVE-2021-32390 + RESERVED +CVE-2021-32389 + RESERVED +CVE-2021-32388 + RESERVED +CVE-2021-32387 + RESERVED +CVE-2021-32386 + RESERVED +CVE-2021-32385 + RESERVED +CVE-2021-32384 + RESERVED +CVE-2021-32383 + RESERVED +CVE-2021-32382 + RESERVED +CVE-2021-32381 + RESERVED +CVE-2021-32380 + RESERVED +CVE-2021-32379 + RESERVED +CVE-2021-32378 + RESERVED +CVE-2021-32377 + RESERVED +CVE-2021-32376 + RESERVED +CVE-2021-32375 + RESERVED +CVE-2021-32374 + RESERVED +CVE-2021-32373 + RESERVED +CVE-2021-32372 + RESERVED +CVE-2021-32371 + RESERVED +CVE-2021-32370 + RESERVED +CVE-2021-32369 + RESERVED +CVE-2021-32368 + RESERVED +CVE-2021-32367 + RESERVED +CVE-2021-32366 + RESERVED +CVE-2021-32365 + RESERVED +CVE-2021-32364 + RESERVED +CVE-2021-32363 + RESERVED +CVE-2021-32362 + RESERVED +CVE-2021-32361 + RESERVED +CVE-2021-32360 + RESERVED +CVE-2021-32359 + RESERVED +CVE-2021-32358 + RESERVED +CVE-2021-32357 + RESERVED +CVE-2021-32356 + RESERVED +CVE-2021-32355 + RESERVED +CVE-2021-32354 + RESERVED +CVE-2021-32353 + RESERVED +CVE-2021-32352 + RESERVED +CVE-2021-32351 + RESERVED +CVE-2021-32350 + RESERVED +CVE-2021-32349 + RESERVED +CVE-2021-32348 + RESERVED +CVE-2021-32347 + RESERVED +CVE-2021-32346 + RESERVED +CVE-2021-32345 + RESERVED +CVE-2021-32344 + RESERVED +CVE-2021-32343 + RESERVED +CVE-2021-32342 + RESERVED +CVE-2021-32341 + RESERVED +CVE-2021-32340 + RESERVED +CVE-2021-32339 + RESERVED +CVE-2021-32338 + RESERVED +CVE-2021-32337 + RESERVED +CVE-2021-32336 + RESERVED +CVE-2021-32335 + RESERVED +CVE-2021-32334 + RESERVED +CVE-2021-32333 + RESERVED +CVE-2021-32332 + RESERVED +CVE-2021-32331 + RESERVED +CVE-2021-32330 + RESERVED +CVE-2021-32329 + RESERVED +CVE-2021-32328 + RESERVED +CVE-2021-32327 + RESERVED +CVE-2021-32326 + RESERVED +CVE-2021-32325 + RESERVED +CVE-2021-32324 + RESERVED +CVE-2021-32323 + RESERVED +CVE-2021-32322 + RESERVED +CVE-2021-32321 + RESERVED +CVE-2021-32320 + RESERVED +CVE-2021-32319 + RESERVED +CVE-2021-32318 + RESERVED +CVE-2021-32317 + RESERVED +CVE-2021-32316 + RESERVED +CVE-2021-32315 + RESERVED +CVE-2021-32314 + RESERVED +CVE-2021-32313 + RESERVED +CVE-2021-32312 + RESERVED +CVE-2021-32311 + RESERVED +CVE-2021-32310 + RESERVED +CVE-2021-32309 + RESERVED +CVE-2021-32308 + RESERVED +CVE-2021-32307 + RESERVED +CVE-2021-32306 + RESERVED +CVE-2021-32305 (WebSVN before 2.6.1 allows remote attackers to execute arbitrary comma ...) + - websvn +CVE-2021-32304 + RESERVED +CVE-2021-32303 + RESERVED +CVE-2021-32302 (Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router ...) + NOT-FOR-US: IRZ Electronics +CVE-2021-32301 + RESERVED +CVE-2021-32300 + RESERVED +CVE-2021-32299 (An issue was discovered in pbrt through 20200627. A stack-buffer-overf ...) + NOT-FOR-US: pbrt +CVE-2021-32298 (An issue was discovered in libiff through 20190123. A global-buffer-ov ...) + NOT-FOR-US: libiff +CVE-2021-32297 (An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow ...) + NOT-FOR-US: LIEF +CVE-2021-32296 + RESERVED +CVE-2021-32295 + RESERVED +CVE-2021-32294 (An issue was discovered in libgig through 20200507. A heap-buffer-over ...) + - libgig (bug #1014777) + [bookworm] - libgig (Minor issue) + [bullseye] - libgig (Minor issue) + [buster] - libgig (Minor issue) + [stretch] - libgig (Minor issue, revisit when/if fixed upstream) + NOTE: https://github.com/drbye78/libgig/issues/1 +CVE-2021-32293 + RESERVED +CVE-2021-32292 (An issue was discovered in json-c from 20200420 (post 0.14 unreleased ...) + {DSA-5486-1} + - json-c 0.16-1 + [buster] - json-c (Vulnerable code was introduced later) + NOTE: https://github.com/json-c/json-c/issues/654 + NOTE: https://github.com/json-c/json-c/pull/655 + NOTE: https://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec (json-c-0.16-20220414) +CVE-2021-32291 + RESERVED +CVE-2021-32290 + RESERVED +CVE-2021-32289 (An issue was discovered in heif through through v3.6.2. A NULL pointer ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32288 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32287 (An issue was discovered in heif through v3.6.2. A global-buffer-overfl ...) + NOT-FOR-US: Nokia HEIF implementation (different from libheif) +CVE-2021-32286 (An issue was discovered in hcxtools through 6.1.6. A global-buffer-ove ...) + - hcxtools 6.2.4-1 (bug #994790) + [bullseye] - hcxtools (Minor issue) + NOTE: https://github.com/ZerBea/hcxtools/issues/155 + NOTE: https://github.com/ZerBea/hcxtools/commit/e6505ddc262bc3254b39844895ebac70861001d2 (6.1.2) +CVE-2021-32285 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32284 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32283 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32282 (An issue was discovered in gravity through 0.8.1. A NULL pointer deref ...) + NOT-FOR-US: Gravity +CVE-2021-32281 (An issue was discovered in gravity through 0.8.1. A heap-buffer-overfl ...) + NOT-FOR-US: Gravity +CVE-2021-32280 (An issue was discovered in fig2dev before 3.2.8.. A NULL pointer deref ...) + {DLA-3304-1 DLA-2778-1} + - fig2dev 1:3.2.7b-5 (bug #960736) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/107/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/f17a3b8a7d54c1bc56ab92512531772a0b3ec991/ +CVE-2021-32279 + RESERVED +CVE-2021-32278 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DSA-5109-1 DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/62 + NOTE: https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e (2_10_0) +CVE-2021-32277 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DSA-5109-1 DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/59 + NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) +CVE-2021-32276 (An issue was discovered in faad2 through 2.10.0. A NULL pointer derefe ...) + {DSA-5109-1 DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/58 + NOTE: https://github.com/knik0/faad2/commit/b58840121d1827b4b6c7617e2431589af1776ddc (2_10_0) +CVE-2021-32275 (An issue was discovered in faust through v2.30.5. A NULL pointer deref ...) + - faust (unimportant) + NOTE: https://github.com/grame-cncm/faust/issues/482 + NOTE: Negligible security impact +CVE-2021-32274 (An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflo ...) + {DSA-5109-1 DLA-2792-1} + - faad2 2.10.0-1 + NOTE: https://github.com/knik0/faad2/issues/60 + NOTE: https://github.com/knik0/faad2/commit/c78251b2b5d41ea840fd61ab9502b3d3036bd747 (2_10_0) +CVE-2021-32273 (An issue was discovered in faad2 through 2.10.0. A stack-buffer-overfl ...) + {DSA-5109-1} + - faad2 2.10.0-1 + [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) + NOTE: https://github.com/knik0/faad2/issues/56 + NOTE: https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f (2_10_0) +CVE-2021-32272 (An issue was discovered in faad2 before 2.10.0. A heap-buffer-overflow ...) + {DSA-5109-1} + - faad2 2.10.0-1 + [stretch] - faad2 (Vulnerable code not present, introduced in 2.8.2) + NOTE: https://github.com/knik0/faad2/issues/57 + NOTE: https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24 (2_10_0) +CVE-2021-32271 (An issue was discovered in gpac through 20200801. A stack-buffer-overf ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/commit/71f1d75eaf71f47944ddbd9356fb498ca252b19a (v1.0.1) + NOTE: https://github.com/gpac/gpac/issues/1575 +CVE-2021-32270 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1586 + NOTE: https://github.com/gpac/gpac/commit/362fc486b5c0eea04f26793d5623f6a9272bd85a (v1.0.1) +CVE-2021-32269 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/issues/1574 + NOTE: https://github.com/gpac/gpac/commit/fc4d8f594acfd97fc750403cca734671bb623afc (v1.0.1) +CVE-2021-32268 (Buffer overflow vulnerability in function gf_fprintf in os_file.c in g ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (EOL in buster LTS) + [stretch] - gpac (No longer supported in LTS) + NOTE: https://github.com/gpac/gpac/issues/1587 + NOTE: https://github.com/gpac/gpac/commit/388ecce75d05e11fc8496aa4857b91245007d26e (v1.0.1) +CVE-2021-32267 + RESERVED +CVE-2021-32266 + RESERVED +CVE-2021-32265 (An issue was discovered in Bento4 through v1.6.0-637. A global-buffer- ...) + NOT-FOR-US: Bento4 +CVE-2021-32264 + RESERVED +CVE-2021-32263 (ok-file-formats through 2021-04-29 has a heap-based buffer overflow in ...) + NOT-FOR-US: ok-file-formats +CVE-2021-32262 + RESERVED +CVE-2021-32261 + RESERVED +CVE-2021-32260 + RESERVED +CVE-2021-32259 + REJECTED +CVE-2021-32258 + RESERVED +CVE-2021-32257 + RESERVED +CVE-2021-32256 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...) + - binutils (unimportant) + NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070 + NOTE: binutils not covered by security support +CVE-2021-32255 + RESERVED +CVE-2021-32254 + RESERVED +CVE-2021-32253 + RESERVED +CVE-2021-32252 + RESERVED +CVE-2021-32251 + RESERVED +CVE-2021-32250 + RESERVED +CVE-2021-32249 + RESERVED +CVE-2021-32248 + RESERVED +CVE-2021-32247 + RESERVED +CVE-2021-32246 + RESERVED +CVE-2021-32245 (In PageKit v1.0.18, a user can upload SVG files in the file upload por ...) + NOT-FOR-US: PageKit CMS +CVE-2021-32244 (Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to ...) + - moodle +CVE-2021-32243 (FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).) + NOT-FOR-US: FOGProject +CVE-2021-32242 + RESERVED +CVE-2021-32241 + RESERVED +CVE-2021-32240 + RESERVED +CVE-2021-32239 + RESERVED +CVE-2021-32238 (Epic Games / Psyonix Rocket League <=1.95 is affected by Buffer Overfl ...) + NOT-FOR-US: Epic Games / Psyonix Rocket League +CVE-2021-32237 + RESERVED +CVE-2021-32236 + RESERVED +CVE-2021-32235 + RESERVED +CVE-2021-32234 (SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows r ...) + NOT-FOR-US: SmarterTools +CVE-2021-32233 (SmarterTools SmarterMail before Build 7776 allows XSS.) + NOT-FOR-US: SmarterTools SmarterMail +CVE-2021-32232 + RESERVED +CVE-2021-32231 + RESERVED +CVE-2021-32230 + RESERVED +CVE-2021-32229 + RESERVED +CVE-2021-32228 + RESERVED +CVE-2021-32227 + RESERVED +CVE-2021-32226 + RESERVED +CVE-2021-32225 + RESERVED +CVE-2021-32224 + RESERVED +CVE-2021-32223 + RESERVED +CVE-2021-32222 + RESERVED +CVE-2021-32221 + RESERVED +CVE-2021-32220 + RESERVED +CVE-2021-32219 + RESERVED +CVE-2021-32218 + RESERVED +CVE-2021-32217 + RESERVED +CVE-2021-32216 + RESERVED +CVE-2021-32215 + RESERVED +CVE-2021-32214 + RESERVED +CVE-2021-32213 + RESERVED +CVE-2021-32212 + RESERVED +CVE-2021-32211 + RESERVED +CVE-2021-32210 + RESERVED +CVE-2021-32209 + RESERVED +CVE-2021-32208 + RESERVED +CVE-2021-32207 + RESERVED +CVE-2021-32206 + RESERVED +CVE-2021-32205 + RESERVED +CVE-2021-32204 + RESERVED +CVE-2021-32203 + RESERVED +CVE-2021-32202 (In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by ...) + NOT-FOR-US: CS-Cart +CVE-2021-32201 + RESERVED +CVE-2021-32200 + RESERVED +CVE-2021-32199 + RESERVED +CVE-2021-32198 (EmTec ZOC through 8.02.4 allows remote servers to cause a denial of se ...) + NOT-FOR-US: EmTec ZOC +CVE-2021-32197 + RESERVED +CVE-2021-32196 + RESERVED +CVE-2021-32195 + RESERVED +CVE-2021-32194 + RESERVED +CVE-2021-32193 + RESERVED +CVE-2021-32192 + RESERVED +CVE-2021-32191 + RESERVED +CVE-2021-32190 + RESERVED +CVE-2021-32189 + RESERVED +CVE-2021-32188 + RESERVED +CVE-2021-32187 + RESERVED +CVE-2021-32186 + RESERVED +CVE-2021-32185 + RESERVED +CVE-2021-32184 + RESERVED +CVE-2021-32183 + RESERVED +CVE-2021-32182 + RESERVED +CVE-2021-32181 + RESERVED +CVE-2021-32180 + RESERVED +CVE-2021-32179 + RESERVED +CVE-2021-32178 + RESERVED +CVE-2021-32177 + RESERVED +CVE-2021-32176 + RESERVED +CVE-2021-32175 + RESERVED +CVE-2021-32174 + RESERVED +CVE-2021-32173 + RESERVED +CVE-2021-32172 (Maian Cart v3.8 contains a preauthorization remote code execution (RCE ...) + NOT-FOR-US: Maian Cart +CVE-2021-32171 + RESERVED +CVE-2021-32170 + RESERVED +CVE-2021-32169 + RESERVED +CVE-2021-32168 + RESERVED +CVE-2021-32167 + RESERVED +CVE-2021-32166 + RESERVED +CVE-2021-32165 + RESERVED +CVE-2021-32164 + RESERVED +CVE-2021-32163 (Authentication vulnerability in MOSN v.0.23.0 allows attacker to escal ...) + NOT-FOR-US: MOSN +CVE-2021-32162 (A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) + - webmin +CVE-2021-32161 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 thro ...) + - webmin +CVE-2021-32160 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 thro ...) + - webmin +CVE-2021-32159 (A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) + - webmin +CVE-2021-32158 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via ...) + - webmin +CVE-2021-32157 (A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via ...) + - webmin +CVE-2021-32156 (A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.9 ...) + - webmin +CVE-2021-32155 + RESERVED +CVE-2021-32154 + RESERVED +CVE-2021-32153 + RESERVED +CVE-2021-32152 + RESERVED +CVE-2021-32151 + RESERVED +CVE-2021-32150 + RESERVED +CVE-2021-32149 + RESERVED +CVE-2021-32148 + RESERVED +CVE-2021-32147 + RESERVED +CVE-2021-32146 + RESERVED +CVE-2021-32145 + RESERVED +CVE-2021-32144 + RESERVED +CVE-2021-32143 + RESERVED +CVE-2021-32142 (Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows atta ...) + {DSA-5412-1 DLA-3433-1} + [experimental] - libraw 0.21.1-1 + - libraw 0.20.2-2.1 (bug #1031790) + NOTE: https://github.com/LibRaw/LibRaw/issues/400 + NOTE: https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49 (0.21-Beta1) +CVE-2021-32141 + RESERVED +CVE-2021-32140 + RESERVED +CVE-2021-32139 (The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to c ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Vulnerable code introduced later) + [buster] - ccextractor (Vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/d527325a9b72218612455a534a508f9e1753f76e (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1768 +CVE-2021-32138 (The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (vulnerable code introduced later) + [stretch] - gpac (vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/289ffce3e0d224d314f5f92a744d5fe35999f20b (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1767 + NOTE: Vulnerable code introduced in https://github.com/gpac/gpac/commit/d850605fc71e45281a530817ad7705aad98c6b17 + NOTE: and https://github.com/gpac/gpac/commit/47e331905ecd6b35de8d362821391ef453e80194 +CVE-2021-32137 (Heap buffer overflow in the URL_GetProtocolType function in MP4Box in ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (vulnerable code introduced later) + [stretch] - gpac (vulnerable code introduced later) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/328def7d3b93847d64ecb6e9e0399684e57c3eca (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1766 + NOTE: Support for vulnerable file type introduced in https://github.com/gpac/gpac/commit/2c65e5604b469d4a4e1a1dc0c6cbe351f2d39a17 + NOTE: Confirmed that stretch/buster versions were not affect by building with ASAN and testing POC from GitHub issue + NOTE: the stretch/buster versions produce '[iso file] Read Box "free" failed (Invalid IsoMedia File)' +CVE-2021-32136 (Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0. ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (vulnerable code introduced later) + [stretch] - gpac (vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1765 + NOTE: Vulnerable code introduced by https://github.com/gpac/gpac/commit/eb71812fcc10e9c5348a5d1c61bd25b6fa06eaed +CVE-2021-32135 (The trak_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b8f8b202d4fc23eb0ab4ce71ae96536ca6f5d3f8 (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1757 +CVE-2021-32134 (The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Vulnerable code introduced later) + [buster] - ccextractor (Vulnerable code introduced later) + NOTE: https://github.com/gpac/gpac/commit/328c6d682698fdb9878dbb4f282963d42c538c01 (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1756 + NOTE: The POC from the GitHub issue produces a SIGSEV in the stretch/buster version of gpac, but in an entirely different call chain; it appears to be a different issue altogether + NOTE: It isn't clear if that means this CVE doesn't apply to stretch/buster, or if it is masking the issue with an earlier failure +CVE-2021-32133 + RESERVED +CVE-2021-32132 (The abst_box_size function in GPAC 1.0.1 allows attackers to cause a d ...) + - gpac 2.0.0+dfsg1-2 + [bullseye] - gpac (Minor issue) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/e74be5976a6fee059c638050a237893f7e9a3b23 (v2.0.0) + NOTE: https://github.com/gpac/gpac/issues/1753 +CVE-2021-32131 + RESERVED +CVE-2021-32130 + RESERVED +CVE-2021-32129 + RESERVED +CVE-2021-32128 + RESERVED +CVE-2021-32127 + RESERVED +CVE-2021-32126 + RESERVED +CVE-2021-32125 + RESERVED +CVE-2021-32124 + RESERVED +CVE-2021-32123 + RESERVED +CVE-2021-32122 (Certain NETGEAR devices are affected by CSRF. This affects EX3700 befo ...) + NOT-FOR-US: Netgear +CVE-2021-32121 + RESERVED +CVE-2021-32120 + RESERVED +CVE-2021-32119 + RESERVED +CVE-2021-32118 + RESERVED +CVE-2021-32117 + RESERVED +CVE-2021-32116 + RESERVED +CVE-2021-32115 + RESERVED +CVE-2021-32114 + RESERVED +CVE-2021-32113 + RESERVED +CVE-2021-32112 + RESERVED +CVE-2021-32111 + RESERVED +CVE-2021-32110 + RESERVED +CVE-2021-32109 + RESERVED +CVE-2021-32108 + RESERVED +CVE-2021-32107 + RESERVED +CVE-2021-32106 (In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified i ...) + NOT-FOR-US: ICEcoder +CVE-2021-32105 + RESERVED +CVE-2021-32104 (A SQL injection vulnerability exists (with user privileges) in interfa ...) + NOT-FOR-US: OpenEMR +CVE-2021-32103 (A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php ...) + NOT-FOR-US: OpenEMR +CVE-2021-32102 (A SQL injection vulnerability exists (with user privileges) in library ...) + NOT-FOR-US: OpenEMR +CVE-2021-32101 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a incorrect acces ...) + NOT-FOR-US: OpenEMR +CVE-2021-32100 (A remote file inclusion vulnerability exists in Artica Pandora FMS 742 ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32099 (A SQL injection vulnerability in the pandora_console component of Arti ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32098 (Artica Pandora FMS 742 allows unauthenticated attackers to perform Pha ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2021-32097 + RESERVED +CVE-2021-32096 (The ConsoleAction component of U.S. National Security Agency (NSA) Emi ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32095 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32094 (U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authentic ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32093 (The ConfigFileAction component of U.S. National Security Agency (NSA) ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32092 (A Cross-site scripting (XSS) vulnerability in the DocumentAction compo ...) + NOT-FOR-US: NSA Emissary +CVE-2021-32091 (A Cross-site scripting (XSS) vulnerability exists in StackLift LocalSt ...) + NOT-FOR-US: StackList LocalStack +CVE-2021-32090 (The dashboard component of StackLift LocalStack 0.12.6 allows attacker ...) + NOT-FOR-US: StackList LocalStack +CVE-2021-32089 (An issue was discovered on Zebra (formerly Motorola Solutions) Fixed R ...) + NOT-FOR-US: Zebra +CVE-2021-32088 + RESERVED +CVE-2021-32087 + RESERVED +CVE-2021-32086 + RESERVED +CVE-2021-32085 + RESERVED +CVE-2021-32084 + RESERVED +CVE-2021-32083 + RESERVED +CVE-2021-32082 + RESERVED +CVE-2021-32081 + RESERVED +CVE-2021-32080 + RESERVED +CVE-2021-32079 + RESERVED +CVE-2021-32078 (An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/perso ...) + - linux 5.14.6-1 (unimportant) + NOTE: https://kirtikumarar.com/CVE-2021-32078.txt + NOTE: https://git.kernel.org/linus/298a58e165e447ccfaae35fe9f651f9d7e15166f (5.13-rc1) +CVE-2021-3539 (EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site ...) + NOT-FOR-US: EspoCRM +CVE-2021-3538 (A flaw was found in github.com/satori/go.uuid in versions from commit ...) + - golang-github-satori-go.uuid (Vulnerable code introduced later and not in any released version) + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 + NOTE: Possibly introduced by: https://github.com/satori/go.uuid/commit/0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c + NOTE: Fixed by: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45 + NOTE: https://github.com/satori/go.uuid/issues/73 +CVE-2021-32077 (Primary Source Verification in VerityStream MSOW Solutions before 3.1. ...) + NOT-FOR-US: VerityStream MSOW Solutions +CVE-2021-32076 (Access Restriction Bypass via referrer spoof was discovered in SolarWi ...) + NOT-FOR-US: SolarWinds +CVE-2021-32075 (Re-Logic Terraria before 1.4.2.3 performs Insecure Deserialization.) + NOT-FOR-US: Re-Logic Terraria +CVE-2021-32074 (HashiCorp vault-action (aka Vault GitHub Action) before 2.2.0 allows a ...) + NOT-FOR-US: HashiCorp vault-action (aka Vault GitHub Action) +CVE-2021-32073 (DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote at ...) + NOT-FOR-US: DedeCMS +CVE-2021-32072 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32071 (The MiCollab Client service in Mitel MiCollab before 9.3 could allow a ...) + NOT-FOR-US: Mitel +CVE-2021-32070 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32069 (The AWV component of Mitel MiCollab before 9.3 could allow an attacker ...) + NOT-FOR-US: Mitel +CVE-2021-32068 (The AWV and MiCollab Client Service components in Mitel MiCollab befor ...) + NOT-FOR-US: Mitel +CVE-2021-32067 (The MiCollab Client Service component in Mitel MiCollab before 9.3 cou ...) + NOT-FOR-US: Mitel +CVE-2021-32066 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) + {DSA-5066-1 DLA-3408-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 + - ruby2.3 + - jruby 9.3.9.0+ds-1 (bug #1014818) + [stretch] - jruby (Minor issue) + NOTE: https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ + NOTE: https://github.com/ruby/ruby/commit/a21a3b7d23704a01d34bd79d09dc37897e00922a (2.7) +CVE-2021-32065 + RESERVED +CVE-2021-32064 + RESERVED +CVE-2021-32063 + RESERVED +CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...) + [experimental] - mapserver 7.6.3-1~exp1 + - mapserver 7.6.2-2 (bug #988208) + [bullseye] - mapserver (Minor issue; #988224) + [buster] - mapserver (Minor issue; will be fixed via point release) + [stretch] - mapserver (Minor issue; can be fixed in next update) + NOTE: https://github.com/mapserver/mapserver/issues/6313 + NOTE: https://github.com/MapServer/MapServer/pull/6314 + NOTE: https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732 (branch-7-6) + NOTE: https://github.com/mapserver/mapserver/commit/7db7cbb26b6bc6e651db268e9536836a56e6825a (branch-7-2) + NOTE: https://github.com/mapserver/mapserver/commit/82a3eb5f6c8f75cedd095b909cc4990f3d8a99e1 (branch-7-0) + NOTE: Fixed in 7.0.8, 7.2.3, 7.4.5, 7.6.3 +CVE-2019-25044 (The block subsystem in the Linux kernel before 5.2 has a use-after-fre ...) + - linux (Vulnerable code only between 5.2-rc3 and 5.2-rc4) +CVE-2019-25043 (ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as dem ...) + - modsecurity 3.0.4-1 + [buster] - modsecurity (Minor issue) + NOTE: https://github.com/SpiderLabs/ModSecurity/issues/2566 + NOTE: https://github.com/SpiderLabs/ModSecurity/commit/9cac167fafd180902c2aa5dc6141aae874127199 +CVE-2021-3537 (A vulnerability found in libxml2 in versions before 2.9.11 shows that ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #988123) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/243 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/244 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/245 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/babe75030c7f64a37826bb3342317134568bef61 +CVE-2021-3536 (A flaw was found in Wildfly in versions before 23.0.2.Final while crea ...) + - wildfly (bug #752018) +CVE-2021-3535 (Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting ...) + NOT-FOR-US: Rapid7 +CVE-2021-32061 (S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket ...) + NOT-FOR-US: S3Scanner +CVE-2021-32060 + RESERVED +CVE-2021-32059 + RESERVED +CVE-2021-32058 + RESERVED +CVE-2021-32057 + RESERVED +CVE-2021-32056 (Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remo ...) + - cyrus-imapd 3.2.6-2 + [buster] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) + [stretch] - cyrus-imapd (Vulnerable code introduced in the 3.2.x series) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/621f9e41465b521399f691c241181300fab55995 + NOTE: https://cyrus.topicbox.com/groups/announce/T126392718bc29d6b/cyrus-imap-3-2-7-released +CVE-2021-32054 (Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers ...) + NOT-FOR-US: Firely/Incendi Spark +CVE-2021-32053 (JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e. ...) + NOT-FOR-US: HAPI FHIR +CVE-2021-32052 (In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 ( ...) + - python-django 2:2.2.22-1 (bug #988136; unimportant) + NOTE: https://www.djangoproject.com/weblog/2021/may/06/security-releases/ + NOTE: Only an issue in combination with python3.9 3.9.5+ +CVE-2021-32051 (Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via ...) + NOT-FOR-US: Hexagon G!nius Auskunftsportal +CVE-2021-32050 (Some MongoDB Drivers may erroneously publish events containing authent ...) + - php-mongodb 1.11.1+1.9.2+1.7.5-4 + [bullseye] - php-mongodb (Minor issue) + [buster] - php-mongodb (Minor issue) + - mongo-c-driver 1.18.0-1 + [bullseye] - mongo-c-driver (Minor issue) + [buster] - mongo-c-driver (Minor issue) + - node-mongodb (bug #1052663) + [bookworm] - node-mongodb (Minor issue) + [bullseye] - node-mongodb (Minor issue) + [buster] - node-mongodb (Minor issue) + NOTE: https://jira.mongodb.org/browse/PHPC-1869 + NOTE: https://github.com/mongodb/mongo-php-driver/pull/1235 + NOTE: https://jira.mongodb.org/browse/NODE-3356 + NOTE: https://github.com/mongodb/node-mongodb-native/commit/8c8b4c3b8c55f10fb96f63d3bbfa5d408b4ed7d0 + NOTE: https://github.com/mongodb/node-mongodb-native/commit/b98f2061de9e8b0a814e3e7d39a0e914245953d0 + NOTE: https://jira.mongodb.org/browse/CDRIVER-3797 + NOTE: https://github.com/mongodb/mongo-c-driver/commit/6d8fc7eaadea8a0dab163e88b91244af12e0c97a (1.18.0) +CVE-2021-32049 + RESERVED +CVE-2021-32048 + RESERVED +CVE-2021-32047 + RESERVED +CVE-2021-32046 + RESERVED +CVE-2021-32045 + RESERVED +CVE-2021-32044 + RESERVED +CVE-2021-32043 + RESERVED +CVE-2021-32042 + RESERVED +CVE-2021-32041 + RESERVED +CVE-2021-32040 (It may be possible to have an extremely long aggregation pipeline in c ...) + - mongodb + [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-58203 + NOTE: https://jira.mongodb.org/browse/SERVER-59299 + NOTE: https://jira.mongodb.org/browse/SERVER-60218 +CVE-2021-32039 (Users with appropriate file access may be able to access unencrypted u ...) + NOT-FOR-US: MongoDB VSCode Extension +CVE-2021-32038 + RESERVED +CVE-2021-32037 (An authorized user may trigger an invariant which may result in denial ...) + - mongodb + [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-59071 +CVE-2021-32036 (An authenticated user without any specific authorizations may be able ...) + - mongodb + [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-59294 +CVE-2021-32035 + RESERVED +CVE-2021-32034 + RESERVED +CVE-2021-32033 (Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in ...) + NOT-FOR-US: Protectimus SLIM NFC +CVE-2021-32032 (In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated ...) + NOT-FOR-US: Trusted Firmware-M +CVE-2021-32031 + RESERVED +CVE-2020-36362 + RESERVED +CVE-2020-36361 + RESERVED +CVE-2020-36360 + RESERVED +CVE-2020-36359 + RESERVED +CVE-2020-36358 + RESERVED +CVE-2020-36357 + RESERVED +CVE-2020-36356 + RESERVED +CVE-2020-36355 + RESERVED +CVE-2020-36354 + RESERVED +CVE-2020-36353 + RESERVED +CVE-2020-36352 + RESERVED +CVE-2020-36351 + RESERVED +CVE-2020-36350 + RESERVED +CVE-2020-36349 + RESERVED +CVE-2020-36348 + RESERVED +CVE-2020-36347 + RESERVED +CVE-2020-36346 + RESERVED +CVE-2020-36345 + RESERVED +CVE-2020-36344 + RESERVED +CVE-2020-36343 + RESERVED +CVE-2020-36342 + RESERVED +CVE-2020-36341 + RESERVED +CVE-2020-36340 + RESERVED +CVE-2020-36339 + RESERVED +CVE-2020-36338 + RESERVED +CVE-2020-36337 + RESERVED +CVE-2020-36336 + RESERVED +CVE-2020-36335 + RESERVED +CVE-2016-20010 (EWWW Image Optimizer before 2.8.5 allows remote command execution beca ...) + NOT-FOR-US: EWWW Image Optimizer +CVE-2021-32055 (Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through ...) + - mutt 2.0.5-4.1 (bug #988106) + [buster] - mutt (Vulnerable code introduced later) + [stretch] - mutt (Vulnerable code introduced later) + - neomutt 20201127+dfsg.1-1.2 (bug #988107) + [buster] - neomutt (Vulnerable code introduced later) + NOTE: https://gitlab.com/muttmua/mutt/-/commit/7c4779ac24d2fb68a2a47b58c7904118f40965d5 + NOTE: https://github.com/neomutt/neomutt/commit/fa1db5785e5cfd9d3cd27b7571b9fe268d2ec2dc + NOTE: imap_qresync not enabled by default and considered an experimental feature +CVE-2021-32030 (The administrator application on ASUS GT-AC2900 devices before 3.0.0.4 ...) + NOT-FOR-US: ASUS +CVE-2021-32029 (A flaw was found in postgresql. Using an UPDATE ... RETURNING command ...) + {DSA-4915-1} + - postgresql-13 13.3-1 + - postgresql-11 + - postgresql-9.6 + [stretch] - postgresql-9.6 (Vulnerable code introduced later) + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=a71cfc56bf6013e3ea1d673acaf73fe7ebbd6bf3 (REL_13_3) +CVE-2021-32028 (A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO ...) + {DSA-4915-1 DLA-2662-1} + - postgresql-13 13.3-1 + - postgresql-11 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=4a8656a7ee0c155b0249376af58eb3fc3a90415f (REL_13_3) +CVE-2021-32027 (A flaw was found in postgresql in versions before 13.3, before 12.7, b ...) + {DSA-4915-1 DLA-2662-1} + - postgresql-13 13.3-1 + - postgresql-11 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/postgresql-133-127-1112-1017-and-9622-released-2210/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=467395bfdf33f1ccf67ca388ffdcc927271544cb (REL_13_3) +CVE-2018-25014 (A use of uninitialized value was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496 +CVE-2021-3534 + REJECTED +CVE-2021-3533 (A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR ...) + - ansible (bug #1014857) + [bookworm] - ansible (Minor issue, revisit when/if fixed upstream) + [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) + [buster] - ansible (Minor issue, revisit when/if fixed upstream) + [stretch] - ansible (EOL'd for stretch) + - ansible-base + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956477 +CVE-2021-32026 + RESERVED +CVE-2021-32025 (An elevation of privilege vulnerability in the QNX Neutrino Kernel of ...) + NOT-FOR-US: QNX +CVE-2021-32024 (A remote code execution vulnerability in the BMP image codec of BlackB ...) + NOT-FOR-US: BlackBerry +CVE-2021-32023 (An elevation of privilege vulnerability in the message broker of Black ...) + NOT-FOR-US: BlackBerry +CVE-2021-32022 (A low privileged delete vulnerability using CEF RPC server of BlackBer ...) + NOT-FOR-US: BlackBerry +CVE-2021-32021 (A denial of service vulnerability in the message broker of BlackBerry ...) + NOT-FOR-US: BlackBerry +CVE-2021-32020 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has insuffici ...) + NOT-FOR-US: kernel in Amazon Web Services FreeRTOS +CVE-2021-32019 (There is missing input validation of host names displayed in OpenWrt b ...) + NOT-FOR-US: OpenWrt +CVE-2021-32018 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. The JUMP SOAP A ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32017 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32016 (An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP end ...) + NOT-FOR-US: JUMP AMS +CVE-2021-32015 (In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated mal ...) + NOT-FOR-US: Nuvoton NPCT75x TPM 1.2 firmware +CVE-2021-32014 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-32013 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-32012 (SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a den ...) + NOT-FOR-US: SheetJS +CVE-2021-3532 (A flaw was found in Ansible where the secret information present in as ...) + - ansible (bug #1014722) + [bookworm] - ansible (Minor issue, revisit when/if fixed upstream) + [bullseye] - ansible (Minor issue, revisit when/if fixed upstream) + [buster] - ansible (Minor issue, revisit when/if fixed upstream) + [stretch] - ansible (EOL'd for stretch) + - ansible-base + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1956464 +CVE-2021-3531 (A flaw was found in the Red Hat Ceph Storage RGW in versions before 14 ...) + {DLA-3629-1} + - ceph 14.2.21-1 (bug #988890) + [stretch] - ceph (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/5 + NOTE: Nautilus: https://github.com/ceph/ceph/commit/f44a8ae8aa27ecef69528db9aec220f12492810e + NOTE: Octopus: https://github.com/ceph/ceph/commit/b87e64e3206210580f4a6df2d77f9ae3f1033039 + NOTE: Pacific: https://github.com/ceph/ceph/commit/bf06990ab41d7ac299e4441ad9cd434e926a18e7 +CVE-2021-3530 (A flaw was discovered in GNU libiberty within demangle_path() in rust- ...) + - binutils 2.37.90.20220207-1 (unimportant) + NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1925348 + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99935#c11 + NOTE: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=f10bec5ffa487ad3033ed5f38cfd0fc7d696deab + NOTE: binutils not covered by security support +CVE-2021-32011 + RESERVED +CVE-2021-32010 (Inadequate Encryption Strength vulnerability in TLS stack of Secomea S ...) + NOT-FOR-US: Secomea +CVE-2021-32009 (Cross-site Scripting (XSS) vulnerability in firmware section of Secome ...) + NOT-FOR-US: Secomea GateManager +CVE-2021-32008 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...) + NOT-FOR-US: Secomea GateManager +CVE-2021-32007 + RESERVED +CVE-2021-32006 (This issue affects: Secomea GateManager Version 9.6.621421014 and all ...) + NOT-FOR-US: Secomea GateManager +CVE-2021-32005 (Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteMa ...) + NOT-FOR-US: Secomea SiteManager +CVE-2021-32004 (This issue affects: Secomea GateManager All versions prior to 9.6. Imp ...) + NOT-FOR-US: Secomea GateManager +CVE-2021-32003 (Unprotected Transport of Credentials vulnerability in SiteManager prov ...) + NOT-FOR-US: Secomea SiteManager +CVE-2021-32002 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) + NOT-FOR-US: Secomea SiteManager +CVE-2021-32001 (K3s in SUSE Rancher allows any user with direct access to the datastor ...) + NOT-FOR-US: Rancher +CVE-2021-32000 (A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-ma ...) + NOT-FOR-US: clone-master-clean-up in SUSE Linux Enterprise Server +CVE-2021-31999 (A Reliance on Untrusted Inputs in a Security Decision vulnerability in ...) + NOT-FOR-US: Rancher +CVE-2021-31998 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) + - inn2 (SuSE-specific packaging issue) +CVE-2021-31997 (A UNIX Symbolic Link (Symlink) Following vulnerability in python-posto ...) + - postorius (SuSE-specific packaging issue) +CVE-2021-31996 (An issue was discovered in the algorithmica crate through 2021-03-07 f ...) + NOT-FOR-US: Rust crate algorithmica +CVE-2021-3529 (A flaw was found in noobaa-core in versions before 5.7.0. This flaw re ...) + NOT-FOR-US: noobaa +CVE-2021-31995 + RESERVED +CVE-2021-31994 + RESERVED +CVE-2021-31993 + RESERVED +CVE-2021-31992 + RESERVED +CVE-2021-31991 + RESERVED +CVE-2021-31990 + RESERVED +CVE-2021-31989 (A user with permission to log on to the machine hosting the AXIS Devic ...) + NOT-FOR-US: AXIS +CVE-2021-31988 (A user controlled parameter related to SMTP test functionality is not ...) + NOT-FOR-US: AXIS +CVE-2021-31987 (A user controlled parameter related to SMTP test functionality is not ...) + NOT-FOR-US: AXIS +CVE-2021-31986 (User controlled parameters related to SMTP notifications are not corre ...) + NOT-FOR-US: AXIS +CVE-2021-31985 (Microsoft Defender Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31984 (Power BI Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31983 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31982 (Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31981 + RESERVED +CVE-2021-31980 (Microsoft Intune Management Extension Remote Code Execution Vulnerabil ...) + NOT-FOR-US: Microsoft +CVE-2021-31979 (Windows Kernel Elevation of Privilege Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2021-31978 (Microsoft Defender Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31977 (Windows Hyper-V Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31976 (Server for NFS Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31975 (Server for NFS Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31974 (Server for NFS Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31973 (Windows GPSVC Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31972 (Event Tracing for Windows Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31971 (Windows HTML Platform Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31970 (Windows TCP/IP Driver Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31969 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2021-31968 (Windows Remote Desktop ServicesDenial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31967 (VP9 Video Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31966 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31965 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31964 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31963 (Microsoft SharePoint Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31962 (Kerberos AppContainer Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31961 (Windows InstallService Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31960 (Windows Bind Filter Driver Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31959 (Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31958 (Windows NTLM Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31957 (ASP.NET Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31956 (Windows NTFS Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31955 (Windows Kernel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31954 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-31953 (Windows Filter Manager Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31952 (Windows Kernel-Mode Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31951 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31950 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31949 (Microsoft Outlook Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31948 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31947 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2021-31946 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31945 (Paint 3D Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31944 (3D Viewer Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31943 (3D Viewer Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31942 (3D Viewer Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31941 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31940 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31939 (Microsoft Excel Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31938 (Microsoft VsCode Kubernetes Tools Extension Elevation of Privilege Vul ...) + NOT-FOR-US: Microsoft +CVE-2021-31937 (Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31936 (Microsoft Accessibility Insights for Web Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2021-31935 (OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution ...) + NOT-FOR-US: OX App Suite +CVE-2021-31934 (OX App Suite 7.10.4 and earlier allows XSS via a crafted contact objec ...) + NOT-FOR-US: OX App Suite +CVE-2021-31933 (A remote code execution vulnerability exists in Chamilo through 1.11.1 ...) + NOT-FOR-US: Chamilo +CVE-2021-31932 (Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentic ...) + NOT-FOR-US: Nokia +CVE-2021-31931 + RESERVED +CVE-2021-31930 (Persistent cross-site scripting (XSS) in the web interface of Concerto ...) + NOT-FOR-US: Concerto +CVE-2021-31929 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authent ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31928 (Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authent ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31927 (An Insecure Direct Object Reference (IDOR) vulnerability in Annex Clou ...) + NOT-FOR-US: Annex Cloud Loyalty Experience Platform +CVE-2021-31926 (AMP Application Deployment Service in CubeCoders AMP 2.1.x before 2.1. ...) + NOT-FOR-US: CubeCoders AMP +CVE-2021-31925 (Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thu ...) + NOT-FOR-US: Pexip +CVE-2021-31924 (Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the p ...) + - pam-u2f 1.1.0-1.1 (bug #987545) + [buster] - pam-u2f (Vulnerable code not present) + [stretch] - pam-u2f (Vulnerable code not present) + NOTE: https://www.yubico.com/support/security-advisories/ysa-2021-03 + NOTE: https://github.com/Yubico/pam-u2f/commit/6059b057dd9b6d0164fc16f9422c0d728f902bb5 (pam_u2f-1.1.1) + NOTE: https://github.com/Yubico/pam-u2f/issues/175 + NOTE: Support for PIN verification introduced in 1.1.0. +CVE-2021-31923 (Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling vi ...) + NOT-FOR-US: Ping Identity PingAccess +CVE-2021-31922 (An HTTP Request Smuggling vulnerability in Pulse Secure Virtual Traffi ...) + NOT-FOR-US: Pulse Secure +CVE-2021-3528 (A flaw was found in noobaa-operator in versions before 5.7.0, where in ...) + NOT-FOR-US: noobaa +CVE-2021-3527 (A flaw was found in the USB redirector device (usb-redir) of QEMU. Sma ...) + {DLA-3099-1 DLA-2753-1} + - qemu 1:5.2+dfsg-11 (bug #988157) + NOTE: Initial patchset: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg00564.html + NOTE: Revisited: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01372.html + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2021-05/msg01373.html + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/7ec54f9eb62b5d177e30eb8b1cad795a5f8d8986 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/05a40b172e4d691371534828078be47e7fff524c +CVE-2021-3526 + REJECTED +CVE-2021-3525 + REJECTED +CVE-2021-3524 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) + {DLA-3629-1 DLA-2735-1} + - ceph 14.2.21-1 (bug #988889) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951674 + NOTE: Fixed by: https://github.com/ceph/ceph/commit/763aebb94678018f89427137ffbc0c5205b1edc1 +CVE-2021-3523 (A flaw was found in 3Scale APICast in versions prior to 2.11.0, where ...) + NOT-FOR-US: Red Hat 3scale API gateway +CVE-2021-31921 (Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploita ...) + NOT-FOR-US: Istio +CVE-2021-31920 (Istio before 1.8.6 and 1.9.x before 1.9.5 has a remotely exploitable v ...) + NOT-FOR-US: Istio +CVE-2021-31919 (An issue was discovered in the rkyv crate before 0.6.0 for Rust. When ...) + NOT-FOR-US: Rust crate rkyv +CVE-2021-31918 (A flaw was found in tripleo-ansible version as shipped in Red Hat Open ...) + NOT-FOR-US: tripleo-ansible +CVE-2021-31917 (A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1. ...) + NOT-FOR-US: Infinispan +CVE-2021-31916 (An out-of-bounds (OOB) memory write flaw was found in list_devices in ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a + NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/1 +CVE-2021-31915 (In JetBrains TeamCity before 2020.2.4, OS command injection leading to ...) + NOT-FOR-US: JetBrains +CVE-2021-31914 (In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execu ...) + NOT-FOR-US: JetBrains +CVE-2021-31913 (In JetBrains TeamCity before 2020.2.3, insufficient checks of the redi ...) + NOT-FOR-US: JetBrains +CVE-2021-31912 (In JetBrains TeamCity before 2020.2.3, account takeover was potentiall ...) + NOT-FOR-US: JetBrains +CVE-2021-31911 (In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on s ...) + NOT-FOR-US: JetBrains +CVE-2021-31910 (In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF ...) + NOT-FOR-US: JetBrains +CVE-2021-31909 (In JetBrains TeamCity before 2020.2.3, argument injection leading to r ...) + NOT-FOR-US: JetBrains +CVE-2021-31908 (In JetBrains TeamCity before 2020.2.3, stored XSS was possible on seve ...) + NOT-FOR-US: JetBrains +CVE-2021-31907 (In JetBrains TeamCity before 2020.2.2, permission checks for changing ...) + NOT-FOR-US: JetBrains +CVE-2021-31906 (In JetBrains TeamCity before 2020.2.2, audit logs were not sufficient ...) + NOT-FOR-US: JetBrains +CVE-2021-31905 (In JetBrains YouTrack before 2020.6.8801, information disclosure in an ...) + NOT-FOR-US: JetBrains +CVE-2021-31904 (In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on ...) + NOT-FOR-US: JetBrains +CVE-2021-31903 (In JetBrains YouTrack before 2021.1.9819, a pull request's title was s ...) + NOT-FOR-US: JetBrains +CVE-2021-31902 (In JetBrains YouTrack before 2020.6.6600, access control during the ex ...) + NOT-FOR-US: JetBrains +CVE-2021-31901 (In JetBrains Hub before 2021.1.13079, two-factor authentication wasn't ...) + NOT-FOR-US: JetBrains +CVE-2021-31900 (In JetBrains Code With Me bundled to the compatible IDE versions befor ...) + NOT-FOR-US: JetBrains +CVE-2021-31899 (In JetBrains Code With Me bundled to the compatible IDEs before versio ...) + NOT-FOR-US: JetBrains +CVE-2021-31898 (In JetBrains WebStorm before 2021.1, HTTP requests were used instead o ...) + NOT-FOR-US: JetBrains +CVE-2021-31897 (In JetBrains WebStorm before 2021.1, code execution without user confi ...) + NOT-FOR-US: JetBrains +CVE-2021-31896 + RESERVED +CVE-2021-31895 (A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versio ...) + NOT-FOR-US: Siemens +CVE-2021-31894 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-31893 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) + NOT-FOR-US: Siemens +CVE-2021-31892 (A vulnerability has been identified in SINUMERIK Analyse MyCondition ( ...) + NOT-FOR-US: Siemens +CVE-2021-31891 (A vulnerability has been identified in Desigo CC (All versions with OI ...) + NOT-FOR-US: Siemens +CVE-2021-31890 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31889 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31888 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31887 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31886 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31885 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31884 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31883 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31882 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31881 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31880 + RESERVED +CVE-2021-31879 (GNU Wget through 1.21.1 does not omit the Authorization header upon a ...) + - wget (bug #988209) + [bookworm] - wget (Minor issue) + [bullseye] - wget (Minor issue) + [buster] - wget (Minor issue) + [stretch] - wget (Minor issue; can be fixed in next update) + NOTE: https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html + NOTE: https://savannah.gnu.org/bugs/?56909 +CVE-2021-31878 (An issue was discovered in PJSIP in Asterisk before 16.19.1 and before ...) + - asterisk (Vulnerability introduced in 16.17.0) + NOTE: http://downloads.asterisk.org/pub/security/AST-2021-007.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29381 +CVE-2021-31877 + REJECTED +CVE-2021-31876 (Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the rep ...) + - bitcoin (bug #1014166) + NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876 + NOTE: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html +CVE-2021-31875 (In mjs_json.c in Cesanta MongooseOS mJS 1.26, a maliciously formed JSO ...) + NOT-FOR-US: Cesanta MongooseOS mJS +CVE-2021-31874 (Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, ...) + NOT-FOR-US: Zoho +CVE-2021-31873 (An issue was discovered in klibc before 2.0.9. Additions in the malloc ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31872 (An issue was discovered in klibc before 2.0.9. Multiple possible integ ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31871 (An issue was discovered in klibc before 2.0.9. An integer overflow in ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2021-31870 (An issue was discovered in klibc before 2.0.9. Multiplication in the c ...) + {DLA-2695-1} + - klibc 2.0.8-6 (bug #989505) + [buster] - klibc 2.0.6-1+deb10u1 + NOTE: https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/30/1 +CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...) + {DSA-4930-1} + - libwebp 0.6.1-2.1 + [stretch] - libwebp (Patch is too destructive to implement it; Minor issue) + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109 +CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe +CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01 +CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c +CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5 +CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...) + - bundler + [buster] - bundler (Minor issue) + [stretch] - bundler (Invasive change, hard to backport; chances of regression) + - rubygems 3.3.5-1 + [bullseye] - rubygems (Minor issue, too intrusive to backport) + NOTE: https://github.com/rubygems/rubygems/issues/3982 + NOTE: https://github.com/rubygems/rubygems/pull/4609 +CVE-2021-3521 (There is a flaw in RPM's signature functionality. OpenPGP subkeys are ...) + - rpm 4.18.0+dfsg-1 (bug #1014723) + [bullseye] - rpm (Minor issue) + [buster] - rpm (Minor issue) + [stretch] - rpm (Minor issue) + NOTE: https://github.com/rpm-software-management/rpm/pull/1788 + NOTE: https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 +CVE-2021-3520 (There's a flaw in lz4. An attacker who submits a crafted file to an ap ...) + {DSA-4919-1 DLA-2657-1} + - lz4 1.9.3-2 (bug #987856) + NOTE: https://github.com/lz4/lz4/pull/972 + NOTE: Fixed by: https://github.com/lz4/lz4/commit/8301a21773ef61656225e264f4f06ae14462bca7 +CVE-2021-31869 (Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injec ...) + NOT-FOR-US: Pimcore +CVE-2021-31868 (Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users o ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2021-31867 (Pimcore Customer Data Framework version 3.0.0 and earlier suffers from ...) + NOT-FOR-US: Pimcore +CVE-2021-3519 (A vulnerability was reported in some Lenovo Desktop models that could ...) + NOT-FOR-US: Lenovo +CVE-2021-31866 (Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to lear ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20854 +CVE-2021-31865 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20946 +CVE-2021-31864 (Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allow ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20970 +CVE-2021-31863 (Insufficient input validation in the Git repository integration of Red ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #990792) + NOTE: https://www.redmine.org/news/131 + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20962 +CVE-2021-31862 (SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter withou ...) + NOT-FOR-US: SysAid +CVE-2021-31861 + RESERVED +CVE-2021-31860 + RESERVED +CVE-2021-31859 (Incorrect privileges in the MU55 FlexiSpooler service in YSoft SafeQ 6 ...) + NOT-FOR-US: Ysoft SafeQ +CVE-2021-31858 (DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Script ...) + NOT-FOR-US: DotNetNuke +CVE-2021-31857 (In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, att ...) + NOT-FOR-US: Zoho ManageEngine Password Manager Pro +CVE-2021-31856 (A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 ...) + NOT-FOR-US: Layer Meshery +CVE-2021-31855 (KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages ...) + - kf5-messagelib 4:20.08.3-5 (bug #989438) + [buster] - kf5-messagelib (Minor issue) + [stretch] - kf5-messagelib (Minor issue) + - kdepim4 + [stretch] - kdepim4 (Minor issue) + NOTE: https://kde.org/info/security/advisory-20210429-1.txt + NOTE: https://commits.kde.org/messagelib/3b5b171e91ce78b966c98b1292a1bcbc8d984799 +CVE-2021-31854 (A command Injection Vulnerability in McAfee Agent (MA) for Windows pri ...) + NOT-FOR-US: McAfee +CVE-2021-31853 (DLL Search Order Hijacking Vulnerability in McAfee Drive Encryption (M ...) + NOT-FOR-US: McAfee +CVE-2021-31852 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + NOT-FOR-US: McAfee +CVE-2021-31851 (A Reflected Cross-Site Scripting vulnerability in McAfee Policy Audito ...) + NOT-FOR-US: McAfee +CVE-2021-31850 (A denial-of-service vulnerability in Database Security (DBS) prior to ...) + NOT-FOR-US: McAfee +CVE-2021-31849 (SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO e ...) + NOT-FOR-US: McAfee +CVE-2021-31848 (Cross site scripting (XSS) vulnerability in McAfee Data Loss Preventio ...) + NOT-FOR-US: McAfee +CVE-2021-31847 (Improper access control vulnerability in the repair process for McAfee ...) + NOT-FOR-US: McAfee +CVE-2021-31846 + RESERVED +CVE-2021-31845 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) D ...) + NOT-FOR-US: McAfee +CVE-2021-31844 (A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) E ...) + NOT-FOR-US: McAfee +CVE-2021-31843 (Improper privileges management vulnerability in McAfee Endpoint Securi ...) + NOT-FOR-US: McAfee +CVE-2021-31842 (XML Entity Expansion injection vulnerability in McAfee Endpoint Securi ...) + NOT-FOR-US: McAfee +CVE-2021-31841 (A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5 ...) + NOT-FOR-US: McAfee +CVE-2021-31840 (A vulnerability in the preloading mechanism of specific dynamic link l ...) + NOT-FOR-US: McAfee +CVE-2021-31839 (Improper privilege management vulnerability in McAfee Agent for Window ...) + NOT-FOR-US: McAfee +CVE-2021-31838 (A command injection vulnerability in MVISION EDR (MVEDR) prior to 3.4. ...) + NOT-FOR-US: MVISION EDR (MVEDR) +CVE-2021-31837 (Memory corruption vulnerability in the driver file component in McAfee ...) + NOT-FOR-US: McAfee +CVE-2021-31836 (Improper privilege management vulnerability in maconfig for McAfee Age ...) + NOT-FOR-US: McAfee +CVE-2021-31835 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) + NOT-FOR-US: McAfee +CVE-2021-31834 (Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrat ...) + NOT-FOR-US: McAfee +CVE-2021-31833 (Potential product security bypass vulnerability in McAfee Application ...) + NOT-FOR-US: McAfee +CVE-2021-31832 (Improper Neutralization of Input in the ePO administrator extension fo ...) + NOT-FOR-US: McAfee +CVE-2021-31831 (Incorrect access to deleted scripts vulnerability in McAfee Database S ...) + NOT-FOR-US: McAfee +CVE-2021-31830 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...) + NOT-FOR-US: McAfee +CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...) + - libphp-phpmailer 6.2.0-2 (bug #988732) + [buster] - libphp-phpmailer (Regression introduced in 6.1.8) + [stretch] - libphp-phpmailer (Regression introduced in 6.1.8) + NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8) + NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1) + NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1) +CVE-2021-3518 (There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987737) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/237 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1098c30a040e72a4654968547f415be4e4c40fe7 +CVE-2021-3517 (There is a flaw in the xml entity encoding functionality of libxml2 in ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987738) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/235 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2 +CVE-2021-3516 (There's a flaw in libxml2's xmllint in versions before 2.9.11. An atta ...) + {DLA-2653-1} + - libxml2 2.9.10+dfsg-6.6 (bug #987739) + [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/230 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539 +CVE-2021-3515 (A shell injection flaw was found in pglogical in versions before 2.3.4 ...) + - pglogical 2.3.3-3 (bug #988735) + [buster] - pglogical (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1954112 + NOTE: https://github.com/2ndQuadrant/pglogical/commit/95c0e8981485e09efab6821cf55a4e27b086efe5 +CVE-2021-3514 (When using a sync_repl client in 389-ds-base, an authenticated attacke ...) + {DLA-3399-1} + - 389-ds-base 1.4.4.11-2 (bug #988727) + [stretch] - 389-ds-base (Minor issue) + NOTE: https://github.com/389ds/389-ds-base/issues/4711 +CVE-2021-31829 (kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs unde ...) + {DLA-2690-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/4 +CVE-2021-31828 (An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 ...) + NOT-FOR-US: OpenDistro for Elasticsearch +CVE-2021-31827 (In Progress MOVEit Transfer before 2021.0 (13.0), a SQL injection vuln ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2021-31825 + RESERVED +CVE-2021-31824 + RESERVED +CVE-2021-31823 + RESERVED +CVE-2021-31822 (When Octopus Tentacle is installed on a Linux operating system, the sy ...) + NOT-FOR-US: Octopus Tentacle +CVE-2021-31821 (When the Windows Tentacle docker image starts up it logs all the comma ...) + NOT-FOR-US: Octopus Tentacle +CVE-2021-31820 (In Octopus Server after version 2018.8.2 if the Octopus Server Web Req ...) + NOT-FOR-US: Octopus Server +CVE-2021-31819 (In Halibut versions prior to 4.4.7 there is a deserialisation vulnerab ...) + NOT-FOR-US: Octopus +CVE-2021-31818 (Affected versions of Octopus Server are prone to an authenticated SQL ...) + NOT-FOR-US: Octopus Server +CVE-2021-31817 (When configuring Octopus Server if it is configured with an external S ...) + NOT-FOR-US: Octopus Server +CVE-2021-31816 (When configuring Octopus Server if it is configured with an external S ...) + NOT-FOR-US: Octopus Server +CVE-2019-25042 (Unbound before 1.9.5 allows an out-of-bounds write via a compressed na ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/6c3a0b54ed8ace93d5b5ca7b8078dc87e75cd640 + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25041 (Unbound before 1.9.5 allows an assertion failure via a compressed name ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25040 (Unbound before 1.9.5 allows an infinite loop via a compressed name in ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/2d444a5037acff6024630b88092d9188f2f5d8fe + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25039 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25038 (Unbound before 1.9.5 allows an integer overflow in a size calculation ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/02080f6b180232f43b77f403d0c038e9360a460f + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25037 (Unbound before 1.9.5 allows an assertion failure and denial of service ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/d2eb78e871153f22332d30c6647f3815148f21e5 + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25036 (Unbound before 1.9.5 allows an assertion failure and denial of service ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/f5e06689d193619c57c33270c83f5e40781a261d + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25035 (Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/fa23ee8f31ba9a018c720ea822faaee639dc7a9c + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25034 (Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dnam ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/a3545867fcdec50307c776ce0af28d07046a52dd + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25033 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25032 (Unbound before 1.9.5 allows an integer overflow in the regional alloca ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/226298bbd36f1f0fd9608e98c2ae85988b7bbdb8 + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2019-25031 (Unbound before 1.9.5 allows configuration injection in create_unbound_ ...) + {DLA-2652-1} + - unbound 1.9.6-1 (unimportant) + [stretch] - unbound (No longer supported, see DSA 4694) + NOTE: https://github.com/NLnetLabs/unbound/commit/f887552763477a606a9608b0f6b498685e0f6587 + NOTE: Not deemed an exploitable vulnerability by upstream +CVE-2021-3513 (A flaw was found in keycloak where a brute force attack is possible ev ...) + NOT-FOR-US: Keycloak +CVE-2021-31815 (GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on A ...) + NOT-FOR-US: GAEN (aka Google/Apple Exposure Notifications) +CVE-2021-31814 (In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a ...) + NOT-FOR-US: Stormshield +CVE-2021-31813 (Zoho ManageEngine Applications Manager before 15130 is vulnerable to S ...) + NOT-FOR-US: Zoho +CVE-2021-31812 (In Apache PDFBox, a carefully crafted PDF file can trigger an infinite ...) + - libpdfbox2-java 2.0.24-1 (bug #991526) + [bullseye] - libpdfbox2-java (Minor issue) + [buster] - libpdfbox2-java (Minor issue) + - libpdfbox-java (bug #991527) + [bookworm] - libpdfbox-java (Minor issue) + [bullseye] - libpdfbox-java (Minor issue) + [buster] - libpdfbox-java (Minor issue) + [stretch] - libpdfbox-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/1 + NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 +CVE-2021-31811 (In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMem ...) + - libpdfbox2-java 2.0.24-1 (bug #991526) + [bullseye] - libpdfbox2-java (Minor issue) + [buster] - libpdfbox2-java (Minor issue) + - libpdfbox-java (bug #991527) + [bookworm] - libpdfbox-java (Minor issue) + [bullseye] - libpdfbox-java (Minor issue) + [buster] - libpdfbox-java (Minor issue) + [stretch] - libpdfbox-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/12/2 + NOTE: https://github.com/apache/pdfbox/commit/cd17a19e9ab1028dc662e972dd8dbb3fa68b4a33 +CVE-2021-31810 (An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, an ...) + {DSA-5066-1 DLA-3408-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 + - ruby2.3 + - jruby 9.3.9.0+ds-1 (bug #1014818) + [stretch] - jruby (Minor issue) + NOTE: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ + NOTE: https://github.com/ruby/ruby/commit/3ca1399150ed4eacfd2fe1ee251b966f8d1ee469 (2.7) +CVE-2021-31809 + RESERVED +CVE-2021-31808 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch + NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert-int.html +CVE-2021-31807 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch + NOTE: https://megamansec.github.io/Squid-Security-Audit/range-uaf.html +CVE-2021-31806 (An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due ...) + {DSA-4924-1 DLA-2685-1} + - squid 4.13-10 (bug #989043) + - squid3 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1185916 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-pxwq-f3qr-w2xf + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-e7cf864f938f24eea8af0692c04d16790983c823.patch + NOTE: https://megamansec.github.io/Squid-Security-Audit/range-assert.html +CVE-2021-31805 (The fix issued for CVE-2020-17530 was incomplete. So from Apache Strut ...) + - libstruts1.2-java (Vulnerable code not present; fix for CVE-2020-17530 not applied; specific to 2.x) + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-062 +CVE-2020-36325 (An issue was discovered in Jansson through 2.13.1. Due to a parsing er ...) + - jansson (unimportant) + NOTE: https://github.com/akheron/jansson/issues/548 + NOTE: Disputed security impact (only if programmer fails to follow API specifications) +CVE-2021-31826 (Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointe ...) + {DSA-4905-1} + - shibboleth-sp 3.2.2+dfsg1-1 (bug #987608) + NOTE: https://shibboleth.net/community/advisories/secadv_20210426.txt + NOTE: https://issues.shibboleth.net/jira/browse/SSPCPP-927 + NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=5a47c3b9378f4c49392dd4d15189b70956f9f2ec +CVE-2021-31804 (LeoCAD before 21.03 sometimes allows a use-after-free during the openi ...) + - leocad (unimportant) + NOTE: https://github.com/leozide/leocad/issues/645 + NOTE: https://github.com/leozide/leocad/commit/233affe3fcdc851fa82cb058871bddd0046e1c87 + NOTE: Crash in CLI tool, no security impact +CVE-2021-31803 (cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SE ...) + NOT-FOR-US: cPanel +CVE-2021-31802 (NETGEAR R7000 1.0.11.116 devices have a heap-based Buffer Overflow tha ...) + NOT-FOR-US: Netgear +CVE-2021-31801 + RESERVED +CVE-2021-31800 (Multiple path traversal vulnerabilities exist in smbserver.py in Impac ...) + - impacket 0.9.22-2 (bug #988141) + [buster] - impacket (Minor issue) + [stretch] - impacket (Minor issue) + NOTE: https://github.com/SecureAuthCorp/impacket/commit/49c643bf66620646884ed141c94e5fdd85bcdd2f +CVE-2021-31799 (In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby throug ...) + {DSA-5066-1 DLA-2780-1} + - ruby2.7 2.7.4-1 (bug #990815) + - ruby2.5 + - ruby2.3 + NOTE: Introduced in (rdoc): https://github.com/ruby/rdoc/commit/4a8b7bed7cd5647db92c620bc6f33e4c309d2212 (v3.11) + NOTE: Fixed in (rdoc): https://github.com/ruby/rdoc/commit/a7f5d6ab88632b3b482fe10611382ff73d14eed7 (v6.3.1) + NOTE: https://www.ruby-lang.org/en/news/2021/05/02/os-command-injection-in-rdoc/ + NOTE: https://github.com/ruby/ruby/commit/b1c73f239fe9af97de837331849f55d67c27561e (master) + NOTE: https://github.com/ruby/ruby/commit/483f303d02e768b69e476e0b9be4ab2f26389522 (2.7) +CVE-2021-31798 (The effective key space used to encrypt the cache in CyberArk Credenti ...) + NOT-FOR-US: CyberArk +CVE-2021-31797 (The user identification mechanism used by CyberArk Credential Provider ...) + NOT-FOR-US: CyberArk +CVE-2021-31796 (An inadequate encryption vulnerability discovered in CyberArk Credenti ...) + NOT-FOR-US: CyberArk +CVE-2021-31795 (The PowerVR GPU kernel driver in pvrsrvkm.ko through 2021-04-24 for th ...) + NOT-FOR-US: PowerVR GPU kernel driver (OOT) +CVE-2021-31794 (Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP Use ...) + NOT-FOR-US: Directum +CVE-2021-31793 (An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that ...) + NOT-FOR-US: NightOwl WDB-20-V2 WDB-20-V2_20190314 devices +CVE-2021-31792 (XSS in the client account page in SuiteCRM before 7.11.19 allows an at ...) + NOT-FOR-US: SuiteCRM +CVE-2021-31791 (In Hardware Sentry KM before 10.0.01 for BMC PATROL, a cleartext passw ...) + NOT-FOR-US: Sentry KM +CVE-2021-31790 + RESERVED +CVE-2021-31789 + RESERVED +CVE-2021-31788 + RESERVED +CVE-2021-31787 (The Bluetooth Classic implementation on Actions ATS2815 chipsets does ...) + NOT-FOR-US: Bluetooth Classic implementation on Actions ATS2815 chipsets +CVE-2021-31786 (The Bluetooth Classic Audio implementation on Actions ATS2815 and ATS2 ...) + NOT-FOR-US: Actions ATS +CVE-2021-31785 (The Bluetooth Classic implementation on Actions ATS2815 and ATS2819 ch ...) + NOT-FOR-US: Actions ATS +CVE-2021-31784 (An out-of-bounds write vulnerability exists in the file-reading proced ...) + NOT-FOR-US: Open Design Alliance Drawings SDK +CVE-2021-31783 (show_default.php in the LocalFilesEditor extension before 11.4.0.1 for ...) + NOT-FOR-US: Piwigo extension +CVE-2021-31782 + RESERVED +CVE-2021-31781 + RESERVED +CVE-2021-31780 (In app/Model/MispObject.php in MISP 2.4.141, an incorrect sharing grou ...) + NOT-FOR-US: MISP +CVE-2021-31779 (The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows ...) + NOT-FOR-US: Typo3 extension +CVE-2021-31778 (The media2click (aka 2 Clicks for External Media) extension 1.x before ...) + NOT-FOR-US: Typo3 extension +CVE-2021-31777 (The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x be ...) + NOT-FOR-US: Typo3 extension +CVE-2019-25030 (In Versa Director, Versa Analytics and VOS, Passwords are not hashed u ...) + NOT-FOR-US: Versa +CVE-2019-25029 (In Versa Director, the command injection is an attack in which the goa ...) + NOT-FOR-US: Versa +CVE-2020-13672 (Cross-site Scripting (XSS) vulnerability in Drupal core's sanitization ...) + {DLA-2637-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2021-002 +CVE-2021-31776 (Aviatrix VPN Client before 2.14.14 on Windows has an unquoted search p ...) + NOT-FOR-US: Aviatrix VPN Client +CVE-2021-31775 + RESERVED +CVE-2021-31774 + RESERVED +CVE-2021-31773 + RESERVED +CVE-2021-31772 + RESERVED +CVE-2021-31771 + REJECTED +CVE-2021-31770 + RESERVED +CVE-2021-31769 (MyQ Server in MyQ X Smart before 8.2 allows remote code execution by u ...) + NOT-FOR-US: MyQ +CVE-2021-31768 + RESERVED +CVE-2021-31767 + RESERVED +CVE-2021-31766 + RESERVED +CVE-2021-31765 + RESERVED +CVE-2021-31764 + RESERVED +CVE-2021-31763 + RESERVED +CVE-2021-31762 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to creat ...) + - webmin +CVE-2021-31761 (Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to ac ...) + - webmin +CVE-2021-31760 (Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achie ...) + - webmin +CVE-2021-31759 + RESERVED +CVE-2021-31758 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31757 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31756 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31755 (An issue was discovered on Tenda AC11 devices with firmware through 02 ...) + NOT-FOR-US: Tenda AC11 devices +CVE-2021-31754 + RESERVED +CVE-2021-31753 + RESERVED +CVE-2021-31752 + RESERVED +CVE-2021-31751 + RESERVED +CVE-2021-31750 + RESERVED +CVE-2021-31749 + RESERVED +CVE-2021-31748 + RESERVED +CVE-2021-31747 (Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in upd ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31746 (Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31745 (Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 ...) + NOT-FOR-US: Pluck CMS +CVE-2021-31744 + RESERVED +CVE-2021-31743 + RESERVED +CVE-2021-31742 + RESERVED +CVE-2021-31741 + RESERVED +CVE-2021-31740 (SEPPMail's web frontend, user input is not embedded correctly in the w ...) + NOT-FOR-US: SEPPMail +CVE-2021-31739 (The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerab ...) + NOT-FOR-US: SEPPmail +CVE-2021-31738 (Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.) + NOT-FOR-US: Adiscon LogAnalyzer +CVE-2021-31737 (emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerabili ...) + NOT-FOR-US: emlog +CVE-2021-31736 + RESERVED +CVE-2021-31735 + RESERVED +CVE-2021-31734 + RESERVED +CVE-2021-31733 + RESERVED +CVE-2021-31732 + RESERVED +CVE-2021-31731 (A directory traversal issue in KiteCMS 1.1.1 allows remote administrat ...) + NOT-FOR-US: KiteCMS +CVE-2021-31730 + RESERVED +CVE-2021-31729 + RESERVED +CVE-2021-31728 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + NOT-FOR-US: MalwareFox AntiMalware +CVE-2021-31727 (Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMal ...) + NOT-FOR-US: MalwareFox AntiMalware +CVE-2021-31726 (Akuvox C315 115.116.2613 allows remote command Injection via the cfgd_ ...) + NOT-FOR-US: Akuvox +CVE-2021-31725 + RESERVED +CVE-2021-31724 + RESERVED +CVE-2021-31723 + RESERVED +CVE-2021-31722 + RESERVED +CVE-2021-31721 (Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image ...) + NOT-FOR-US: Chevereto +CVE-2021-31720 + RESERVED +CVE-2021-31719 + RESERVED +CVE-2021-31718 (The server in npupnp before 4.1.4 is affected by DNS rebinding in the ...) + NOT-FOR-US: npupnp +CVE-2021-31717 + RESERVED +CVE-2021-31716 + RESERVED +CVE-2021-31715 + RESERVED +CVE-2021-31714 + RESERVED +CVE-2021-31713 + RESERVED +CVE-2021-31712 (react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a j ...) + NOT-FOR-US: react-draft-wysiwyg +CVE-2021-31711 (Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanag ...) + NOT-FOR-US: Trippo ResponsiveFilemanager +CVE-2021-31710 + RESERVED +CVE-2021-31709 + RESERVED +CVE-2021-31708 + RESERVED +CVE-2021-31707 (Permissions vulnerability found in KiteCMS allows a remote attacker to ...) + NOT-FOR-US: KiteCMS +CVE-2021-31706 + RESERVED +CVE-2021-31705 + RESERVED +CVE-2021-31704 + RESERVED +CVE-2021-31703 (Frontier ichris through 5.18 allows users to upload malicious executab ...) + NOT-FOR-US: Frontier ichris +CVE-2021-31702 (Frontier ichris through 5.18 mishandles making a DNS request for the h ...) + NOT-FOR-US: Frontier ichris +CVE-2021-31701 (Mintty before 3.4.7 mishandles Bracketed Paste Mode.) + NOT-FOR-US: Mintty +CVE-2021-31700 + RESERVED +CVE-2021-31699 + RESERVED +CVE-2021-31698 (Quectel EG25-G devices through 202006130814 allow executing arbitrary ...) + NOT-FOR-US: Quectel EG25-G devices +CVE-2021-31697 + RESERVED +CVE-2021-31696 + RESERVED +CVE-2021-31695 + RESERVED +CVE-2021-31694 + RESERVED +CVE-2021-31693 (The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS ...) + NOT-FOR-US: VMware Tools for Windows +CVE-2021-31692 + RESERVED +CVE-2021-31691 + RESERVED +CVE-2021-31690 + RESERVED +CVE-2021-31689 + RESERVED +CVE-2021-31688 + RESERVED +CVE-2021-31687 + RESERVED +CVE-2021-31686 + RESERVED +CVE-2021-31685 + RESERVED +CVE-2021-31684 (A vulnerability was discovered in the indexOf function of JSONParserBy ...) + {DLA-3373-1} + - json-smart (unimportant) + NOTE: https://github.com/netplex/json-smart-v2/issues/67 + NOTE: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5 + NOTE: Security impact disputed by upstream +CVE-2021-31683 + RESERVED +CVE-2021-31682 (The login portal for the Automated Logic WebCTRL/WebCTRL OEM web appli ...) + NOT-FOR-US: Automated Logic WebCTRL/WebCTRL OEM web application +CVE-2021-31681 (Deserialization of Untrusted Data vulnerability in yolo 3 allows attac ...) + NOT-FOR-US: yolo +CVE-2021-31680 (Deserialization of Untrusted Data vulnerability in yolo 5 allows attac ...) + NOT-FOR-US: yolo +CVE-2021-31679 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) + NOT-FOR-US: PESCMS Team +CVE-2021-31678 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) + NOT-FOR-US: PESCMS Team +CVE-2021-31677 (An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerabilit ...) + NOT-FOR-US: PESCMS Team +CVE-2021-31676 (A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CS ...) + NOT-FOR-US: PESCMS Team +CVE-2021-31675 + RESERVED +CVE-2021-31674 (Cyclos 4 PRO 4.14.7 and before does not validate user input at error i ...) + NOT-FOR-US: Cyclos 4 PRO +CVE-2021-31673 (A Dom-based Cross-site scripting (XSS) vulnerability at registration a ...) + NOT-FOR-US: Cyclos 4 PRO +CVE-2021-31672 + RESERVED +CVE-2021-31671 (pgsync before 0.6.7 is affected by Information Disclosure of sensitive ...) + NOT-FOR-US: pgsync +CVE-2021-31670 + RESERVED +CVE-2021-31669 + RESERVED +CVE-2021-31668 + RESERVED +CVE-2021-31667 + RESERVED +CVE-2021-31666 + RESERVED +CVE-2021-31665 + RESERVED +CVE-2021-31664 (RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31663 (RIOT-OS 2021.01 before commit bc59d60be60dfc0a05def57d74985371e4f22d79 ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31662 (RIOT-OS 2021.01 before commit 07f1254d8537497552e7dce80364aaead9266bbe ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31661 (RIOT-OS 2021.01 before commit 609c9ada34da5546cffb632a98b7ba157c112658 ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31660 (RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2021-31659 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is v ...) + NOT-FOR-US: TP-Link +CVE-2021-31658 (TP-Link TL-SG2005, TL-SG2008, etc. 1.0.0 Build 20180529 Rel.40524 is a ...) + NOT-FOR-US: TP-Link +CVE-2021-31657 + RESERVED +CVE-2021-31656 + RESERVED +CVE-2021-31655 (Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2 ...) + NOT-FOR-US: TRENDnet +CVE-2021-31654 + RESERVED +CVE-2021-31653 + RESERVED +CVE-2021-31652 + RESERVED +CVE-2021-31651 (Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows r ...) + NOT-FOR-US: neofarg-cms +CVE-2021-31650 (A SQL injection vulnerability in Sourcecodester Online Grading System ...) + NOT-FOR-US: Sourcecodester Online Grading System +CVE-2021-31649 (In applications using jfinal 4.9.08 and below, there is a deserializat ...) + NOT-FOR-US: jfinal +CVE-2021-31648 + RESERVED +CVE-2021-31647 + RESERVED +CVE-2021-31646 (Gestsup before 3.2.10 allows account takeover through the password rec ...) + NOT-FOR-US: Gestsup +CVE-2021-31645 (An issue was discovered in glFTPd 2.11a that allows remote attackers t ...) + NOT-FOR-US: glFTPd +CVE-2021-31644 + RESERVED +CVE-2021-31643 (An XSS vulnerability exists in several IoT devices from CHIYU Technolo ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31642 (A denial of service condition exists after an integer overflow in seve ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31641 (An unauthenticated XSS vulnerability exists in several IoT devices fro ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31640 + RESERVED +CVE-2021-31639 + RESERVED +CVE-2021-31638 + RESERVED +CVE-2021-31637 (An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, ...) + NOT-FOR-US: UwAmp +CVE-2021-31636 + RESERVED +CVE-2021-31635 (Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 ...) + NOT-FOR-US: jFinal +CVE-2021-31634 + RESERVED +CVE-2021-31633 + RESERVED +CVE-2021-31632 (b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulne ...) + NOT-FOR-US: b2evolution CMS +CVE-2021-31631 (b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request ...) + NOT-FOR-US: b2evolution CMS +CVE-2021-31630 (Command Injection in Open PLC Webserver v3 allows remote attackers to ...) + NOT-FOR-US: Open PLC webserver +CVE-2021-31629 + RESERVED +CVE-2021-31628 + RESERVED +CVE-2021-31627 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) + NOT-FOR-US: Tenda +CVE-2021-31626 + RESERVED +CVE-2021-31625 + RESERVED +CVE-2021-31624 (Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6 ...) + NOT-FOR-US: Tenda +CVE-2021-31623 + RESERVED +CVE-2021-31622 + RESERVED +CVE-2021-31621 + RESERVED +CVE-2021-31620 + RESERVED +CVE-2021-31619 + RESERVED +CVE-2021-31618 (Apache HTTP Server protocol handler for the HTTP/2 protocol checks rec ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-5 (bug #989562) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-31618 + NOTE: https://github.com/apache/httpd/commit/a4fba223668c554e06bc78d6e3a88f33d4238ae4 + NOTE: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?r1=1889759&r2=1889758&pathrev=1889759 +CVE-2021-31617 (In ASQ in Stormshield Network Security (SNS) 1.0.0 through 2.7.8, 2.8. ...) + NOT-FOR-US: Stormshield Network Security (SNS) +CVE-2021-31616 (Insufficient length checks in the ShapeShift KeepKey hardware wallet f ...) + NOT-FOR-US: ShapeShift KeepKey hardware wallet firmware +CVE-2021-31615 (Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Spec ...) + NOTE: Bluetooth protocol issue +CVE-2021-31614 + RESERVED +CVE-2021-31613 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31612 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X devices do ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31611 (The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X ...) + NOT-FOR-US: Zhuhai Jieli +CVE-2021-31610 (The Bluetooth Classic implementation on AB32VG1 devices does not prope ...) + NOT-FOR-US: Bluetrum +CVE-2021-31609 (The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and e ...) + NOT-FOR-US: Silicon Labs Bluetooth +CVE-2021-31608 (Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Se ...) + NOT-FOR-US: Proofpoint Enterprise Protection +CVE-2021-31607 (In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerabi ...) + {DLA-2815-1} + - salt 3002.6+dfsg1-2 (bug #987496) + [buster] - salt 2018.3.4+dfsg1-6+deb10u3 + NOTE: https://sec.stealthcopter.com/saltstack-snapper-minion-privledge-escaltion/ + NOTE: Introduced by: https://gitlab.com/saltstack/open/salt/-/commit/1343078d03613e33eec9e5ec5095d2e0b0aa2e59 (v2016.9) + NOTE: Combined fix and regression fix: https://salsa.debian.org/salt-team/salt/-/commit/71f7f30851f9609bfda5a1b0f5b115d2743372cd +CVE-2021-31606 (furlongm openvpn-monitor through 1.1.3 allows Authorization Bypass to ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31605 (furlongm openvpn-monitor through 1.1.3 allows %0a command injection vi ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31604 (furlongm openvpn-monitor through 1.1.3 allows CSRF to disconnect an ar ...) + NOT-FOR-US: openvpn-monitor +CVE-2021-31603 + RESERVED +CVE-2021-31602 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31601 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31600 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31599 (An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pen ...) + NOT-FOR-US: Hitachi +CVE-2021-31598 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache (unimportant; bug #989363) + [stretch] - mapcache (Minor issue) + - scilab (unimportant; bug #989364) + - netcdf 1:4.9.0-1 (bug #989360) + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + [stretch] - netcdf (vulnerable code not present) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/28/ + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2021-31597 (The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL c ...) + - node-xmlhttprequest-ssl + [buster] - node-xmlhttprequest-ssl (Minor issue, should possibly be removed from stable as well) + [stretch] - node-xmlhttprequest-ssl (Nodejs in stretch not covered by security support) + NOTE: https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2 + NOTE: https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt +CVE-2021-31596 + RESERVED +CVE-2021-31595 + RESERVED +CVE-2021-31594 + RESERVED +CVE-2021-31593 + RESERVED +CVE-2021-31592 + RESERVED +CVE-2021-31591 + RESERVED +CVE-2021-31590 (PwnDoc all versions until 0.4.0 (2021-08-23) has incorrect JSON Webtok ...) + NOT-FOR-US: PwnDoc +CVE-2021-31589 (A cross-site scripting (XSS) vulnerability has been reported and confi ...) + NOT-FOR-US: BeyondTrust +CVE-2021-31588 + RESERVED +CVE-2021-31587 + RESERVED +CVE-2021-31586 (Accellion Kiteworks before 7.4.0 allows an authenticated user to perfo ...) + NOT-FOR-US: Accellion Kiteworks +CVE-2021-31585 (Accellion Kiteworks before 7.3.1 allows a user with Admin privileges t ...) + NOT-FOR-US: Accellion Kiteworks +CVE-2021-31584 (Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGC ...) + NOT-FOR-US: Sipwise +CVE-2021-31583 (Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform v ...) + NOT-FOR-US: Sipwise +CVE-2021-31582 + RESERVED +CVE-2021-31581 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31580 (The restricted shell provided by Akkadian Provisioning Manager Engine ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31579 (Akkadian Provisioning Manager Engine (PME) ships with a hard-coded cre ...) + NOT-FOR-US: Akkadian Provisioning Manager Engine (PME) +CVE-2021-31578 (In Boa, there is a possible escalation of privilege due to a stack buf ...) + NOT-FOR-US: Boa as provided by MediaTek +CVE-2021-31577 (In Boa, there is a possible escalation of privilege due to a missing p ...) + NOT-FOR-US: Boa as provided by MediaTek +CVE-2021-31576 (In Boa, there is a possible information disclosure due to a missing pe ...) + NOT-FOR-US: Boa as provided by MediaTek +CVE-2021-31575 (In Config Manager, there is a possible command injection due to improp ...) + NOT-FOR-US: MediaTek +CVE-2021-31574 (In Config Manager, there is a possible command injection due to improp ...) + NOT-FOR-US: MediaTek +CVE-2021-31573 (In Config Manager, there is a possible command injection due to improp ...) + NOT-FOR-US: MediaTek +CVE-2021-3512 (Improper access control vulnerability in Buffalo broadband routers (BH ...) + NOT-FOR-US: Buffalo +CVE-2021-3511 (Disclosure of sensitive information to an unauthorized user vulnerabil ...) + NOT-FOR-US: Buffalo +CVE-2021-31572 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) + NOT-FOR-US: Amazon Web Services FreeRTOS kernel +CVE-2021-31571 (The kernel in Amazon Web Services FreeRTOS before 10.4.3 has an intege ...) + NOT-FOR-US: Amazon Web Services FreeRTOS kernel +CVE-2021-31570 + RESERVED +CVE-2021-31569 + RESERVED +CVE-2021-31568 + RESERVED +CVE-2021-31557 + RESERVED +CVE-2021-31556 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension OAuth +CVE-2021-31555 (An issue was discovered in the Oauth extension for MediaWiki through 1 ...) + NOT-FOR-US: MediaWiki extension OAuth +CVE-2021-31554 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31553 (An issue was discovered in the CheckUser extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension CheckUser +CVE-2021-31552 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31551 (An issue was discovered in the PageForms extension for MediaWiki throu ...) + NOT-FOR-US: MediaWiki extension PageForms +CVE-2021-31550 (An issue was discovered in the CommentBox extension for MediaWiki thro ...) + NOT-FOR-US: MediaWiki extension CommentBox +CVE-2021-31549 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31548 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31547 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31546 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31545 (An issue was discovered in the AbuseFilter extension for MediaWiki thr ...) + NOT-FOR-US: MediaWiki extension AbuseFilter +CVE-2021-31544 + RESERVED +CVE-2021-31543 + RESERVED +CVE-2021-31542 (In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, M ...) + {DLA-2651-1} + - python-django 2:2.2.21-1 (bug #988053) + [buster] - python-django (Minor issue) + NOTE: https://www.djangoproject.com/weblog/2021/may/04/security-releases/ + NOTE: https://github.com/django/django/commit/0b79eb36915d178aef5c6a7bbce71b1e76d376d3 (main) + NOTE: https://github.com/django/django/commit/04ac1624bdc2fa737188401757cf95ced122d26d (2.2.21) +CVE-2021-31541 + RESERVED +CVE-2021-31540 (Wowza Streaming Engine through 4.8.5 (in a default installation) has i ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-31539 (Wowza Streaming Engine before 4.8.8.01 (in a default installation) has ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2021-31538 (LANCOM R&S Unified Firewall (UF) devices running LCOS FX 10.5 allow Re ...) + NOT-FOR-US: LANCOM +CVE-2021-31537 (SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (a ...) + NOT-FOR-US: SIS-REWE Go +CVE-2021-31536 + RESERVED +CVE-2021-31535 (LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might a ...) + {DSA-4920-1 DLA-2666-1} + - libx11 2:1.7.1-1 (bug #988737) + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/8d2e02ae650f00c4a53deb625211a0527126c605 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/2 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/3 + NOTE: https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt + NOTE: https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ +CVE-2021-31534 + RESERVED +CVE-2021-31533 + RESERVED +CVE-2021-31532 (NXP LPC55S6x microcontrollers (0A and 1B), i.MX RT500 (silicon rev B1 ...) + NOT-FOR-US: NXP +CVE-2021-31531 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 is vulnerable to S ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31530 (Zoho ManageEngine ServiceDesk Plus MSP before 10522 is vulnerable to I ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31529 + RESERVED +CVE-2021-31528 + RESERVED +CVE-2021-31527 + RESERVED +CVE-2021-31526 + RESERVED +CVE-2021-31525 (net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote a ...) + - golang-1.16 1.16.4-1 + - golang-1.15 1.15.9-2 + - golang-1.11 + [buster] - golang-1.11 (Limited support, minor issue, DoS) + - golang-1.8 + [stretch] - golang-1.8 (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-1.7 + [stretch] - golang-1.7 (Minor issue, DoS, requires rebuilding reverse-dependencies) + - golang-golang-x-net 1:0.0+git20210119.5f4716e+dfsg-3 + - golang-golang-x-net-dev + [buster] - golang-golang-x-net-dev (Limited support, minor issue, DoS) + [stretch] - golang-golang-x-net-dev (Limited support in stretch) + NOTE: https://github.com/golang/go/issues/45710 + NOTE: https://github.com/golang/go/issues/45711 (1.15 backport) + NOTE: https://github.com/golang/go/issues/45712 (1.16 backport) + NOTE: https://go-review.googlesource.com/c/net/+/313069 + NOTE: golang: introduced by https://github.com/golang/go/commit/ae080c1aecb129a3230e7afecdb4a16ad3da9b3c (go1.5beta1) + NOTE: golang-golang-x-net: introduced by https://github.com/golang/net/commit/5916dcb167ed985a5b9e6871fbfd74848a4c170b +CVE-2021-26945 (An integer overflow leading to a heap-buffer overflow was found in Ope ...) + - openexr (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947591 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31221 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31228 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/930 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2f01a253db2bc82724405a16c76783c38c67ba05 + NOTE: Only affects exrcheck, which isn't built into the binary packages +CVE-2021-26260 (An integer overflow leading to a heap-buffer overflow was found in the ...) + {DSA-5299-1 DLA-3236-1 DLA-2701-1} + - openexr 2.5.7-1 (bug #992703) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947582 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29423 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/894 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/088a61434568cedf3ac1521c44584be397909078 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (2.5) +CVE-2021-23215 (An integer overflow leading to a heap-buffer overflow was found in the ...) + {DSA-5299-1 DLA-3236-1 DLA-2701-1} + - openexr 2.5.7-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1947586 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29653 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/901 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/0e08c959c5459e2ffd3b81b654c3ce8b71a4b42c (v3.0.0-beta) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d (v2.5.5) + NOTE: Depends on https://github.com/AcademySoftwareFoundation/openexr/commit/de27156b77896aeef5b1c99edbca2bc4fa784b51 (v2.3.0) +CVE-2021-23169 (A heap-buffer overflow was found in the copyIntoFrameBuffer function o ...) + - openexr 2.5.4-2 (bug #988240) + [buster] - openexr (Vulnerable code not present) + [stretch] - openexr (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28051 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ae6d203892cc9311917a7f4f05354ef792b3e58e +CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...) + NOT-FOR-US: Wikimedia Quarry +CVE-2021-31524 + RESERVED +CVE-2021-31522 (Kylin can receive user input and load any class through Class.forName( ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2021-3510 (Zephyr JSON decoder incorrectly decodes array of array. Zephyr version ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2021-3509 (A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component ...) + - ceph 14.2.21-1 (bug #988888) + [buster] - ceph (Vulnerable code introduced later) + [stretch] - ceph (Vulnerable code introduced later) + NOTE: Nautilus: https://github.com/ceph/ceph/commit/adda853e64bdba1288d46bc7d462d23d8f2f10ca + NOTE: Octopus: https://github.com/ceph/ceph/commit/7a1ca8d372da3b6a4fc3d221a0e5f72d1d61c27b + NOTE: Pacific: https://github.com/ceph/ceph/commit/af3fffab3b0f13057134d96e5d481e400d8bfd27 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/14/4 + NOTE: In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly + NOTE: cookie, introducing the specific CVE-2021-3509 issue. +CVE-2021-31521 (Trend Micro InterScan Web Security Virtual Appliance version 6.5 was f ...) + NOT-FOR-US: Trend Micro +CVE-2021-31520 (A weak session token authentication bypass vulnerability in Trend Micr ...) + NOT-FOR-US: Trend Micro +CVE-2021-31519 (An incorrect permission vulnerability in the product installer folders ...) + NOT-FOR-US: Trend Micro +CVE-2021-31518 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) + NOT-FOR-US: Trend Micro +CVE-2021-31517 (Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to ...) + NOT-FOR-US: Trend Micro +CVE-2021-3508 (A flaw was found in PDFResurrect in version 0.22b. There is an infinit ...) + - pdfresurrect 0.22-3 (unimportant) + NOTE: https://github.com/enferex/pdfresurrect/issues/17 + NOTE: https://github.com/enferex/pdfresurrect/commit/7e35d1806e111fd28610ccc86bb33f54792ac370 + NOTE: Hang in CLI tool, no security impact +CVE-2021-3507 (A heap buffer overflow was found in the floppy disk emulator of QEMU u ...) + {DLA-3099-1} + - qemu 1:7.1+dfsg-1 (bug #987410) + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + [stretch] - qemu (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1951118 + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/defac5e2fbddf8423a354ff0454283a2115e1367 (v7.1.0-rc0) + NOTE: https://gitlab.com/qemu-project/qemu/-/commit/46609b90d9e3a6304def11038a76b58ff43f77bc (v7.1.0-rc0) +CVE-2021-3506 (An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c ...) + {DLA-2690-1} + - linux 5.10.38-1 + [buster] - linux 4.19.194-1 + [stretch] - linux (f2fs is not supportable) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/28/2 + NOTE: https://lore.kernel.org/lkml/20210322114730.71103-1-yuchao0@huawei.com/ +CVE-2021-34557 (XScreenSaver 5.45 can be bypassed if the machine has more than ten dis ...) + - xscreensaver 5.45+dfsg1-2 (bug #989508) + [buster] - xscreensaver (Minor issue) + [stretch] - xscreensaver (Minor issue, fix along with next dla) + NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/1 + NOTE: https://www.openwall.com/lists/oss-security/2021/06/05/2 + NOTE: https://github.com/QubesOS/qubes-xscreensaver/blob/master/0001-Fix-updating-outputs-info.patch +CVE-2021-31523 (The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_ ...) + - xscreensaver 5.45+dfsg1-2 (bug #987149) + [buster] - xscreensaver (Vulnerability introduced later) + [stretch] - xscreensaver (Vulnerability introduced later) + NOTE: Fixed upstream in 6.00 (no public version control): https://twitter.com/jwz/status/1383503845217554444 + NOTE: https://www.openwall.com/lists/oss-security/2021/04/17/1 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2174 + NOTE: Only in 5.44+dfsg1-1 net_raw capability was added to sonar executable via postinst + NOTE: and so exposing the vulnerability. +CVE-2021-3505 (A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implem ...) + - libtpms 0.8.0~dev1-1 + NOTE: https://github.com/stefanberger/libtpms/issues/183 + NOTE: https://github.com/stefanberger/libtpms/commit/625171be0c8225824740b5d0fb7e8562f6a1c6a8 (v0.8.0) + NOTE: https://github.com/stefanberger/libtpms/commit/c1f7bf55099fcd427715aa65e130475c6e836a6b (v0.8.0) +CVE-2021-3504 (A flaw was found in the hivex library in versions before 1.3.20. It is ...) + {DSA-4913-1 DLA-2656-1} + - hivex 1.3.20-1 (bug #988024) + NOTE: https://listman.redhat.com/archives/libguestfs/2021-May/msg00013.html + NOTE: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381 +CVE-2021-3503 (A flaw was found in Wildfly where insufficient RBAC restrictions may l ...) + - wildfly (bug #752018) +CVE-2021-31516 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Vector 35 Binary Ninja +CVE-2021-31515 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Vector 35 Binary Ninja +CVE-2021-31514 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31513 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31512 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31511 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31510 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31509 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31508 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31507 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31506 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31505 (This vulnerability allows attackers with physical access to escalate p ...) + NOT-FOR-US: Arlo Q Plus +CVE-2021-31504 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31503 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31502 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31501 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31500 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31499 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31498 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31497 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31496 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31495 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31494 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31493 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31492 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31491 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31490 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31489 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31488 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31487 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31486 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31485 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31484 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31483 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31482 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31481 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31480 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31479 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31478 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: OpenText Brava! Desktop +CVE-2021-31477 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: GE Reason RPV311 14A03 +CVE-2021-31476 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31475 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: SolarWinds +CVE-2021-31474 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: SolarWinds +CVE-2021-31473 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31472 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31471 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31470 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31469 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31468 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31467 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31466 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31465 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31464 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31463 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31462 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31461 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31460 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31459 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31458 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31457 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31456 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31455 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31454 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31453 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31452 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31451 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31450 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31449 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31448 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31447 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31446 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31445 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31444 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31443 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31442 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31441 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2021-31440 (This vulnerability allows local attackers to escalate privileges on af ...) + - linux 5.10.38-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/10bf4e83167cc68595b85fd73bb91e8f2c086e36 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-21-503/ +CVE-2021-31439 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + {DSA-5503-1 DLA-3426-1} + - netatalk 3.1.13~ds-1 + NOTE: https://netatalk.sourceforge.io/3.1/ReleaseNotes3.1.13.html + NOTE: https://github.com/Netatalk/Netatalk/commit/779717df2ed39b701deaf2472b42d59ff50fab7f +CVE-2021-31438 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31437 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31436 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31435 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31434 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31433 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2021-31432 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31431 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31430 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31429 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31428 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31427 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31426 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31425 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31424 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31423 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31422 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31421 (This vulnerability allows local attackers to delete arbitrary files on ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31420 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31419 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31418 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-31417 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2021-3501 (A flaw was found in the Linux kernel in versions before 5.12. The valu ...) + - linux 5.10.38-1 + [buster] - linux (Vulnerability introduced later) + [stretch] - linux (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/04c4f2ee3f68c9a4bf1653d15f1a9a435ae33f7a +CVE-2021-31416 + RESERVED +CVE-2021-31415 + RESERVED +CVE-2021-31414 (The unofficial vscode-rpm-spec extension before 0.3.2 for Visual Studi ...) + NOT-FOR-US: vscode-rpm-spec extension for Visual Studio Code +CVE-2021-31413 + RESERVED +CVE-2021-31412 (Improper sanitization of path in default RouteNotFoundError view in co ...) + NOT-FOR-US: Vaadin +CVE-2021-31411 (Insecure temporary directory usage in frontend build functionality of ...) + NOT-FOR-US: Vaadin +CVE-2021-31410 (Overly relaxed configuration of frontend resources server in Vaadin De ...) + NOT-FOR-US: Vaadin +CVE-2021-31409 (Unsafe validation RegEx in EmailValidator component in com.vaadin:vaad ...) + NOT-FOR-US: Vaadin +CVE-2021-31408 (Authentication.logout() helper in com.vaadin:flow-client versions 5.0. ...) + NOT-FOR-US: Vaadin +CVE-2021-31407 (Vulnerability in OSGi integration in com.vaadin:flow-server versions 1 ...) + NOT-FOR-US: Vaadin +CVE-2021-31406 (Non-constant-time comparison of CSRF tokens in endpoint request handle ...) + NOT-FOR-US: Vaadin +CVE-2021-31405 (Unsafe validation RegEx in EmailField component in com.vaadin:vaadin-t ...) + NOT-FOR-US: Vaadin +CVE-2021-31404 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) + NOT-FOR-US: Vaadin +CVE-2021-31403 (Non-constant-time comparison of CSRF tokens in UIDL request handler in ...) + NOT-FOR-US: Vaadin +CVE-2021-3502 (A flaw was found in avahi 0.8-5. A reachable assertion is present in a ...) + - avahi 0.8-6 (bug #986018) + [bullseye] - avahi 0.8-5+deb11u1 + [buster] - avahi (Vulnerable code introduced later) + [stretch] - avahi (Vulnerable code introduced later) + NOTE: https://github.com/lathiat/avahi/issues/338 + NOTE: Fixed by: https://github.com/lathiat/avahi/commit/9d31939e55280a733d930b15ac9e4dda4497680c + NOTE: Introduced by: https://github.com/lathiat/avahi/commit/80c98fa16782e921f5b5d5c880f1d80f5c43bd49 (v0.8) +CVE-2021-3500 (A flaw was found in djvulibre-3.5.28 and earlier. A Stack overflow in ...) + {DSA-5032-1 DLA-2667-1} + - djvulibre 3.5.28-2 (bug #988215) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1943685 + NOTE: Patch in Fedora (not upstream'ed): https://src.fedoraproject.org/rpms/djvulibre/c/fc359410f7131e4ea0a892ef78e6da72f29afeee.patch + NOTE: https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/ (chunk #2 / Patch11) (fixed differently) +CVE-2021-31402 (The dio package 4.0.0 for Dart allows CRLF injection if the attacker c ...) + NOT-FOR-US: dio package for Dart +CVE-2021-31401 (An issue was discovered in tcp_rcv() in nptcp.c in HCC embedded InterN ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31400 (An issue was discovered in tcp_pulloutofband() in tcp_in.c in HCC embe ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31399 (On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the ...) + NOT-FOR-US: On 2N Access Unit devices +CVE-2021-31398 + RESERVED +CVE-2021-31397 + RESERVED +CVE-2021-31396 + RESERVED +CVE-2021-31395 + RESERVED +CVE-2021-31394 + RESERVED +CVE-2021-31393 + RESERVED +CVE-2021-31392 + RESERVED +CVE-2021-31391 + RESERVED +CVE-2021-31390 + RESERVED +CVE-2021-31389 + RESERVED +CVE-2021-31388 + RESERVED +CVE-2021-31387 + RESERVED +CVE-2021-31386 (A Protection Mechanism Failure vulnerability in the J-Web HTTP service ...) + NOT-FOR-US: Juniper +CVE-2021-31385 (An Improper Limitation of a Pathname to a Restricted Directory ('Path ...) + NOT-FOR-US: Juniper +CVE-2021-31384 (Due to a Missing Authorization weakness and Insufficient Granularity o ...) + NOT-FOR-US: Juniper +CVE-2021-31383 (In Point to MultiPoint (P2MP) scenarios within established sessions be ...) + NOT-FOR-US: Juniper +CVE-2021-31382 (On PTX1000 System, PTX10002-60C System, after upgrading to an affected ...) + NOT-FOR-US: Juniper +CVE-2021-31381 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) + NOT-FOR-US: Juniper +CVE-2021-31380 (A configuration weakness in the JBoss Application Server (AppSvr) comp ...) + NOT-FOR-US: Juniper +CVE-2021-31379 (An Incorrect Behavior Order vulnerability in the MAP-E automatic tunne ...) + NOT-FOR-US: Juniper +CVE-2021-31378 (In broadband environments, including but not limited to Enhanced Subsc ...) + NOT-FOR-US: Juniper +CVE-2021-31377 (An Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31376 (An Improper Input Validation vulnerability in Packet Forwarding Engine ...) + NOT-FOR-US: Juniper +CVE-2021-31375 (An Improper Input Validation vulnerability in routing process daemon ( ...) + NOT-FOR-US: Juniper +CVE-2021-31374 (On Juniper Networks Junos OS and Junos OS Evolved devices processing a ...) + NOT-FOR-US: Juniper +CVE-2021-31373 (A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Netwo ...) + NOT-FOR-US: Juniper +CVE-2021-31372 (An Improper Input Validation vulnerability in J-Web of Juniper Network ...) + NOT-FOR-US: Juniper +CVE-2021-31371 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) + NOT-FOR-US: Juniper +CVE-2021-31370 (An Incomplete List of Disallowed Inputs vulnerability in Packet Forwar ...) + NOT-FOR-US: Juniper +CVE-2021-31369 (On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources ...) + NOT-FOR-US: Juniper +CVE-2021-31368 (An Uncontrolled Resource Consumption vulnerability in the kernel of Ju ...) + NOT-FOR-US: Juniper +CVE-2021-31367 (A Missing Release of Memory after Effective Lifetime vulnerability in ...) + NOT-FOR-US: Juniper +CVE-2021-31366 (An Unchecked Return Value vulnerability in the authd (authentication d ...) + NOT-FOR-US: Juniper +CVE-2021-31365 (An Uncontrolled Resource Consumption vulnerability in Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-31364 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31363 (In an MPLS P2MP environment a Loop with Unreachable Exit Condition vul ...) + NOT-FOR-US: Juniper +CVE-2021-31362 (A Protection Mechanism Failure vulnerability in RPD (routing protocol ...) + NOT-FOR-US: Juniper +CVE-2021-31361 (An Improper Check for Unusual or Exceptional Conditions vulnerability ...) + NOT-FOR-US: Juniper +CVE-2021-31360 (An improper privilege management vulnerability in the Juniper Networks ...) + NOT-FOR-US: Juniper +CVE-2021-31359 (A local privilege escalation vulnerability in Juniper Networks Junos O ...) + NOT-FOR-US: Juniper +CVE-2021-31358 (A command injection vulnerability in sftp command processing on Junipe ...) + NOT-FOR-US: Juniper +CVE-2021-31357 (A command injection vulnerability in tcpdump command processing on Jun ...) + NOT-FOR-US: Juniper +CVE-2021-31356 (A command injection vulnerability in command processing on Juniper Net ...) + NOT-FOR-US: Juniper +CVE-2021-31355 (A persistent cross-site scripting (XSS) vulnerability in the captive p ...) + NOT-FOR-US: Juniper +CVE-2021-31354 (An Out Of Bounds (OOB) access vulnerability in the handling of respons ...) + NOT-FOR-US: Juniper +CVE-2021-31353 (An Improper Handling of Exceptional Conditions vulnerability in Junipe ...) + NOT-FOR-US: Juniper +CVE-2021-31352 (An Information Exposure vulnerability in Juniper Networks SRC Series d ...) + NOT-FOR-US: Juniper +CVE-2021-31351 (An Improper Check for Unusual or Exceptional Conditions in packet proc ...) + NOT-FOR-US: Juniper +CVE-2021-31350 (An Improper Privilege Management vulnerability in the gRPC framework, ...) + NOT-FOR-US: Juniper +CVE-2021-31349 (The usage of an internal HTTP header created an authentication bypass ...) + NOT-FOR-US: Juniper +CVE-2021-31348 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache (unimportant; bug #989363) + - scilab (unimportant; bug #989364) + - netcdf 1:4.9.0-1 (bug #989360) + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + [stretch] - netcdf (vulnerable code not present) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/27/ + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2021-31347 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache (unimportant; bug #989363) + - scilab (unimportant; bug #989364) + - netcdf 1:4.9.0-1 (bug #989360) + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + [stretch] - netcdf (vulnerable code not present) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/27/ + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2021-31346 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31345 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31344 (A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All ...) + NOT-FOR-US: Siemens +CVE-2021-31343 (The jutil.dll library in all versions of Solid Edge SE2020 before 2020 ...) + NOT-FOR-US: Solid Edge +CVE-2021-31342 (The ugeom2d.dll library in all versions of Solid Edge SE2020 before 20 ...) + NOT-FOR-US: Solid Edge +CVE-2021-31341 (Uploading a table mapping using a manipulated XML file results in an e ...) + NOT-FOR-US: Mendix Database Replication +CVE-2021-31340 (A vulnerability has been identified in SIMATIC RF166C (All versions > ...) + NOT-FOR-US: Siemens +CVE-2021-31339 (A vulnerability has been identified in Mendix Excel Importer Module (A ...) + NOT-FOR-US: Mendix Excel Importer Module +CVE-2021-31338 (A vulnerability has been identified in SINEMA Remote Connect Client (A ...) + NOT-FOR-US: SINEMA Remote Connect Client +CVE-2021-31337 (The Telnet service of the SIMATIC HMI Comfort Panels system component ...) + NOT-FOR-US: Siemens +CVE-2021-31336 + RESERVED +CVE-2021-31335 + RESERVED +CVE-2021-31334 + RESERVED +CVE-2021-31333 + RESERVED +CVE-2021-31332 + RESERVED +CVE-2021-31331 + RESERVED +CVE-2021-31330 (A Cross-Site Scripting (XSS) vulnerability exists within Review Board ...) + - reviewboard (bug #653113) +CVE-2021-31329 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "P ...) + NOT-FOR-US: Remote Clinic +CVE-2021-31328 + RESERVED +CVE-2021-31327 (Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Fi ...) + NOT-FOR-US: Remote Clinic +CVE-2021-31326 (D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitra ...) + NOT-FOR-US: D-Link DIR-816 +CVE-2021-31325 + RESERVED +CVE-2021-31324 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-31323 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lottieparserimpl-parsedashproperty-heap-buffer-overflow/ +CVE-2021-31322 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-heap-buffer-overflow/ +CVE-2021-31321 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie 0.1+dfsg-2 (bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-gray_split_cubic-stack-buffer-overflow/ +CVE-2021-31320 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-vgradientcache-generategradientcolortable-heap-buffer-overflow/ +CVE-2021-31319 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotgradient-populate-integer-overflow/ +CVE-2021-31318 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-lotcomplayeritem-lotcomplayeritem-type-confusion/ +CVE-2021-31317 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie 0.1+dfsg-2 (bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-vdasher-vdasher-type-confusion/ +CVE-2021-31316 (The unprivileged user portal part of CentOS Web Panel is affected by a ...) + NOT-FOR-US: CentOS Web Panel +CVE-2021-31315 (Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS ...) + - rlottie (Doesn't affect rlottie as packaged in Debian, bug #988885) + NOTE: https://www.shielder.it/advisories/telegram-rlottie-blit-stack-buffer-overflow/ +CVE-2021-31314 + RESERVED +CVE-2021-31313 + RESERVED +CVE-2021-31312 + RESERVED +CVE-2021-31311 + RESERVED +CVE-2021-31310 + RESERVED +CVE-2021-31309 + RESERVED +CVE-2021-31308 + RESERVED +CVE-2021-31307 + RESERVED +CVE-2021-31306 + RESERVED +CVE-2021-31305 + RESERVED +CVE-2021-31304 + RESERVED +CVE-2021-31303 + RESERVED +CVE-2021-31302 + RESERVED +CVE-2021-31301 + RESERVED +CVE-2021-31300 + RESERVED +CVE-2021-31299 + RESERVED +CVE-2021-31298 + RESERVED +CVE-2021-31297 + RESERVED +CVE-2021-31296 + RESERVED +CVE-2021-31295 + RESERVED +CVE-2021-31294 (Redis before 6cbea7d allows a replica to cause an assertion failure in ...) + - redis 5:7.0.1-4 + [bullseye] - redis (Minor issue) + [buster] - redis (Minor issue) + NOTE: Introduced with: https://github.com/redis/redis/pull/8170 (6.2-rc2, but feature partially backported to 6.0.y) + NOTE: Fixed by: https://github.com/redis/redis/commit/6cbea7d29b5285692843bc1c351abba1a7ef326f (6.2.3) + NOTE: https://github.com/redis/redis/issues/8712 +CVE-2021-31293 + RESERVED +CVE-2021-31292 (An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows att ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.3-3.1 (bug #991706) + [bullseye] - exiv2 0.27.3-3+deb11u1 + NOTE: https://github.com/Exiv2/exiv2/issues/1530 + NOTE: https://github.com/Exiv2/exiv2/commit/9b7a19f957af53304655ed1efe32253a1b11a8d0 + NOTE: In older releases affected code is in src/crwimage.cpp + NOTE: This is a duplicate of CVE-2021-29458, but mitre finds the evidence unconvincing. +CVE-2021-31291 + REJECTED +CVE-2021-31290 + RESERVED +CVE-2021-31289 + RESERVED +CVE-2021-31288 + RESERVED +CVE-2021-31287 + RESERVED +CVE-2021-31286 + RESERVED +CVE-2021-31285 + RESERVED +CVE-2021-31284 + RESERVED +CVE-2021-31283 + RESERVED +CVE-2021-31282 + RESERVED +CVE-2021-31281 + RESERVED +CVE-2021-31280 (An issue was discovered in tp5cms through 2017-05-25. admin.php/system ...) + NOT-FOR-US: tp5cms +CVE-2021-31279 + RESERVED +CVE-2021-31278 + RESERVED +CVE-2021-31277 + RESERVED +CVE-2021-31276 + RESERVED +CVE-2021-31275 + RESERVED +CVE-2021-31274 (In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the ...) + NOT-FOR-US: LibreNMS +CVE-2021-31273 + RESERVED +CVE-2021-31272 (SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c cont ...) + NOT-FOR-US: SerenityOS +CVE-2021-31271 + RESERVED +CVE-2021-31270 + RESERVED +CVE-2021-31269 + RESERVED +CVE-2021-31268 + RESERVED +CVE-2021-31267 + RESERVED +CVE-2021-31266 + RESERVED +CVE-2021-31265 + RESERVED +CVE-2021-31264 + RESERVED +CVE-2021-31263 + RESERVED +CVE-2021-31262 (The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cau ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b2eab95e07cb5819375a50358d4806a8813b6e50 + NOTE: https://github.com/gpac/gpac/issues/1738 +CVE-2021-31261 (The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to rea ...) + - gpac 1.0.1+dfsg1-4 (unimportant; bug #987280) + NOTE: https://github.com/gpac/gpac/commit/cd3738dea038dbd12e603ad48cd7373ae0440f65 + NOTE: https://github.com/gpac/gpac/issues/1737 + NOTE: Negligible security impact +CVE-2021-31260 (The MergeTrack function in GPAC 1.0.1 allows attackers to cause a deni ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/df8fffd839fe5ae9acd82d26fd48280a397411d9 + NOTE: https://github.com/gpac/gpac/issues/1736 +CVE-2021-31259 (The gf_isom_cenc_get_default_info_internal function in GPAC 1.0.1 allo ...) + - gpac (Vulnerable code was introduced later) + NOTE: https://github.com/gpac/gpac/commit/3b84ffcbacf144ce35650df958432f472b6483f8 + NOTE: https://github.com/gpac/gpac/issues/1735 + NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) +CVE-2021-31258 (The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/ebfa346eff05049718f7b80041093b4c5581c24e + NOTE: https://github.com/gpac/gpac/issues/1706 +CVE-2021-31257 (The HintFile function in GPAC 1.0.1 allows attackers to cause a denial ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/87afe070cd6866df7fe80f11b26ef75161de85e0 + NOTE: https://github.com/gpac/gpac/issues/1734 +CVE-2021-31256 (Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0. ...) + - gpac 1.0.1+dfsg1-4 (bug #987280; unimportant) + NOTE: https://github.com/gpac/gpac/commit/2da2f68bffd51d89b1d272d22aa8cc023c1c066e + NOTE: https://github.com/gpac/gpac/issues/1705 + NOTE: Negligible security impact +CVE-2021-31255 (Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 ...) + - gpac 1.0.1+dfsg1-4 (bug #987280) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/758135e91e623d7dfe7f6aaad7aeb3f791b7a4e5 + NOTE: https://github.com/gpac/gpac/issues/1733 +CVE-2021-31254 (Buffer overflow in the tenc_box_read function in MP4Box in GPAC 1.0.1 ...) + - gpac (Vulnerable code was introduced later) + NOTE: https://github.com/gpac/gpac/commit/8986422c21fbd9a7bf6561cae65aae42077447e8 + NOTE: https://github.com/gpac/gpac/issues/1703 + NOTE: Introduced in https://github.com/gpac/gpac/commit/f966d85ee940b0a19dbbe972bc9ff042a98d7264 (after v1.0.1) +CVE-2021-31253 + RESERVED +CVE-2021-31252 (An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-4 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31251 (An authentication bypass in telnet server in BF-430 and BF431 232/422 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31250 (Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31249 (A CRLF injection vulnerability was found on BF-430, BF-431, and BF-450 ...) + NOT-FOR-US: CHIYU Technology +CVE-2021-31248 + RESERVED +CVE-2021-31247 + RESERVED +CVE-2021-31246 + RESERVED +CVE-2021-31245 (omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares ...) + NOT-FOR-US: openmptcprouter-vps-admin +CVE-2021-31244 + RESERVED +CVE-2021-31243 + RESERVED +CVE-2021-31242 + RESERVED +CVE-2021-31241 + RESERVED +CVE-2021-31240 (An issue found in libming v.0.4.8 allows a local attacker to execute a ...) + - ming + NOTE: https://github.com/libming/libming/issues/218 +CVE-2021-31239 (An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacke ...) + - sqlite3 3.36.0-2 + [bullseye] - sqlite3 (Minor issue) + [buster] - sqlite3 (Minor issue) + - sqlite (Vulnerable code not present) + NOTE: https://www.sqlite.org/forum/forumpost/d9fce1a89b + NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/6536c4f18e3dd37084c902f965631ff28248d8c7 (version-3.36.0) + NOTE: Vulnerable feature introduced with: https://github.com/sqlite/sqlite/commit/3be8b1a4f7848c1d67324893f4ac9cace8c06eb0 (version-3.22.0, https://sqlite.org/releaselog/3_22_0.html) +CVE-2021-31238 + RESERVED +CVE-2021-31237 + RESERVED +CVE-2021-31236 + RESERVED +CVE-2021-31235 + RESERVED +CVE-2021-31234 + RESERVED +CVE-2021-31233 (SQL Injection vulnerability found in Fighting Cock Information System ...) + NOT-FOR-US: Fighting Cock Information System +CVE-2021-31232 (The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosu ...) + NOT-FOR-US: CNCF Cortex +CVE-2021-31231 (The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metric ...) + NOT-FOR-US: Grafana Enterprise Metrics and Metrics Enterprise +CVE-2021-31230 + RESERVED +CVE-2021-31229 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache (unimportant; bug #989363) + - scilab (unimportant; bug #989364) + - netcdf 1:4.9.0-1 (bug #989360) + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + [stretch] - netcdf (vulnerable code not present) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/26/ + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2021-31228 (An issue was discovered in HCC embedded InterNiche 4.0.1. This vulnera ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31227 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31226 (An issue was discovered in HCC embedded InterNiche 4.0.1. A potential ...) + NOT-FOR-US: HCC embedded InterNiche +CVE-2021-31225 (SES Evolution before 2.1.0 allows deleting some resources not currentl ...) + NOT-FOR-US: SES Evolution +CVE-2021-31224 (SES Evolution before 2.1.0 allows duplicating an existing security pol ...) + NOT-FOR-US: SES Evolution +CVE-2021-31223 (SES Evolution before 2.1.0 allows reading some parts of a security pol ...) + NOT-FOR-US: SES Evolution +CVE-2021-31222 (SES Evolution before 2.1.0 allows updating some parts of a security po ...) + NOT-FOR-US: SES Evolution +CVE-2021-31221 (SES Evolution before 2.1.0 allows deleting some parts of a security po ...) + NOT-FOR-US: SES Evolution +CVE-2021-31220 (SES Evolution before 2.1.0 allows modifying security policies by lever ...) + NOT-FOR-US: SES Evolution +CVE-2021-31219 + RESERVED +CVE-2021-31218 + RESERVED +CVE-2021-31217 (In SolarWinds DameWare Mini Remote Control Server 12.0.1.200, insecure ...) + NOT-FOR-US: SolarWinds +CVE-2021-31216 (Siren Investigate before 11.1.1 contains a server side request forgery ...) + NOT-FOR-US: Siren Investigate +CVE-2021-31215 (SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11. ...) + {DLA-2886-1} + - slurm-wlm 20.11.7+really20.11.4-2 (bug #988439) + - slurm-llnl + [buster] - slurm-llnl (Minor issue) + NOTE: https://github.com/SchedMD/slurm/commit/a9e9e2fedbd200ca545ab67dd753bd52c919f236 (2.11.7) + NOTE: Initially already fixed in 20.11.7-1 (the tracker would do the right thing) + NOTE: but the unstable upload invalidated the changelog 20.11.7-1 so use 20.11.7+really20.11.4-2 + NOTE: for consistency with BTS. +CVE-2021-3499 (A vulnerability was found in OVN Kubernetes in versions up to and incl ...) + NOT-FOR-US: Openshift/ovn-kubernetes +CVE-2021-31214 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31213 (Visual Studio Code Remote Containers Extension Remote Code Execution V ...) + NOT-FOR-US: Microsoft +CVE-2021-31212 + RESERVED +CVE-2021-31211 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31210 + RESERVED +CVE-2021-31209 (Microsoft Exchange Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31208 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31207 (Microsoft Exchange Server Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31206 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31205 (Windows SMB Client Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31204 (.NET and Visual Studio Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31203 + RESERVED +CVE-2021-31202 + RESERVED +CVE-2021-31201 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-31200 (Common Utilities Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31199 (Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulne ...) + NOT-FOR-US: Microsoft +CVE-2021-31198 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31197 + RESERVED +CVE-2021-31196 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2021-31195 (Microsoft Exchange Server Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31194 (OLE Automation Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31193 (Windows SSDP Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31192 (Windows Media Foundation Core Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31191 (Windows Projected File System FS Filter Driver Information Disclosure ...) + NOT-FOR-US: Microsoft +CVE-2021-31190 (Windows Container Isolation FS Filter Driver Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2021-31189 + RESERVED +CVE-2021-31188 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31187 (Windows WalletService Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31186 (Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2021-31185 (Windows Desktop Bridge Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31184 (Microsoft Windows Infrared Data Association (IrDA) Information Disclos ...) + NOT-FOR-US: Microsoft +CVE-2021-31183 (Windows TCP/IP Driver Denial of Service Vulnerability This CVE ID is u ...) + NOT-FOR-US: Microsoft +CVE-2021-31182 (Microsoft Bluetooth Driver Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31181 (Microsoft SharePoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31180 (Microsoft Office Graphics Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31179 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31178 (Microsoft Office Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31177 (Microsoft Office Remote Code Execution Vulnerability This CVE ID is un ...) + NOT-FOR-US: Microsoft +CVE-2021-31176 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31175 (Microsoft Office Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31174 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31173 (Microsoft SharePoint Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31172 (Microsoft SharePoint Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31171 (Microsoft SharePoint Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31170 (Windows Graphics Component Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31169 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31168 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31167 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31166 (HTTP Protocol Stack Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31165 (Windows Container Manager Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2021-31164 (Apache Unomi prior to version 1.5.5 allows CRLF log injection because ...) + NOT-FOR-US: Apache Unomi +CVE-2021-31163 + RESERVED +CVE-2021-31162 (In the standard library in Rust before 1.52.0, a double free can occur ...) + - rustc 1.53.0+dfsg1-1 + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/83618 + NOTE: https://github.com/rust-lang/rust/pull/83629 + NOTE: https://github.com/rust-lang/rust/commit/542f441d445026d0996eebee9ddddee98f5dc3e5 +CVE-2021-31161 + RESERVED +CVE-2021-31160 (Zoho ManageEngine ServiceDesk Plus MSP before 10521 allows an attacker ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31159 (Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2021-31158 (In the Query Engine in Couchbase Server 6.5.x and 6.6.x through 6.6.1, ...) + NOT-FOR-US: Couchbase Server +CVE-2021-31157 + RESERVED +CVE-2021-31156 + RESERVED +CVE-2021-31155 (Failure to normalize the umask in please before 0.4 allows a local att ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31154 (pleaseedit in please before 0.4 uses predictable temporary filenames i ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31153 (please before 0.4 allows a local unprivileged attacker to gain knowled ...) + - rust-pleaser 0.4.1-1 + NOTE: https://www.openwall.com/lists/oss-security/2021/05/18/1 +CVE-2021-31152 (Multilaser Router AC1200 V02.03.01.45_pt contains a cross-site request ...) + NOT-FOR-US: Multilaser Router AC1200 +CVE-2021-31151 + REJECTED +CVE-2021-31150 + REJECTED +CVE-2021-31149 + REJECTED +CVE-2021-31148 + REJECTED +CVE-2021-31147 + REJECTED +CVE-2021-31146 + REJECTED +CVE-2021-31145 + REJECTED +CVE-2021-31144 + REJECTED +CVE-2021-31143 + REJECTED +CVE-2021-31142 + REJECTED +CVE-2021-31141 + REJECTED +CVE-2021-31140 + REJECTED +CVE-2021-31139 + REJECTED +CVE-2021-31138 + REJECTED +CVE-2021-31137 + REJECTED +CVE-2021-31136 + REJECTED +CVE-2021-31135 + REJECTED +CVE-2021-31134 + REJECTED +CVE-2021-31133 + REJECTED +CVE-2021-31132 + REJECTED +CVE-2021-31131 + REJECTED +CVE-2021-31130 + REJECTED +CVE-2021-31129 + REJECTED +CVE-2021-31128 + REJECTED +CVE-2021-31127 + REJECTED +CVE-2021-31126 + REJECTED +CVE-2021-31125 + REJECTED +CVE-2021-31124 + REJECTED +CVE-2021-31123 + REJECTED +CVE-2021-31122 + REJECTED +CVE-2021-31121 + REJECTED +CVE-2021-31120 + REJECTED +CVE-2021-31119 + REJECTED +CVE-2021-31118 + REJECTED +CVE-2021-31117 + REJECTED +CVE-2021-31116 + REJECTED +CVE-2021-31115 + REJECTED +CVE-2021-31114 + REJECTED +CVE-2021-31113 + REJECTED +CVE-2021-31112 + REJECTED +CVE-2021-31111 + REJECTED +CVE-2021-31110 + REJECTED +CVE-2021-31109 + REJECTED +CVE-2021-31108 + REJECTED +CVE-2021-31107 + REJECTED +CVE-2021-31106 + REJECTED +CVE-2021-31105 + REJECTED +CVE-2021-31104 + REJECTED +CVE-2021-31103 + REJECTED +CVE-2021-31102 + REJECTED +CVE-2021-31101 + REJECTED +CVE-2021-31100 + REJECTED +CVE-2021-31099 + REJECTED +CVE-2021-31098 + REJECTED +CVE-2021-31097 + REJECTED +CVE-2021-31096 + REJECTED +CVE-2021-31095 + REJECTED +CVE-2021-31094 + REJECTED +CVE-2021-31093 + REJECTED +CVE-2021-31092 + REJECTED +CVE-2021-31091 + REJECTED +CVE-2021-31090 + REJECTED +CVE-2021-31089 + REJECTED +CVE-2021-31088 + REJECTED +CVE-2021-31087 + REJECTED +CVE-2021-31086 + REJECTED +CVE-2021-31085 + REJECTED +CVE-2021-31084 + REJECTED +CVE-2021-31083 + REJECTED +CVE-2021-31082 + REJECTED +CVE-2021-31081 + REJECTED +CVE-2021-31080 + REJECTED +CVE-2021-31079 + REJECTED +CVE-2021-31078 + REJECTED +CVE-2021-31077 + REJECTED +CVE-2021-31076 + REJECTED +CVE-2021-31075 + REJECTED +CVE-2021-31074 + REJECTED +CVE-2021-31073 + REJECTED +CVE-2021-31072 + REJECTED +CVE-2021-31071 + REJECTED +CVE-2021-31070 + REJECTED +CVE-2021-31069 + REJECTED +CVE-2021-31068 + REJECTED +CVE-2021-31067 + REJECTED +CVE-2021-31066 + REJECTED +CVE-2021-31065 + REJECTED +CVE-2021-31064 + REJECTED +CVE-2021-31063 + REJECTED +CVE-2021-31062 + REJECTED +CVE-2021-31061 + REJECTED +CVE-2021-31060 + REJECTED +CVE-2021-31059 + REJECTED +CVE-2021-31058 + REJECTED +CVE-2021-31057 + REJECTED +CVE-2021-31056 + REJECTED +CVE-2021-31055 + REJECTED +CVE-2021-31054 + REJECTED +CVE-2021-31053 + REJECTED +CVE-2021-31052 + REJECTED +CVE-2021-31051 + REJECTED +CVE-2021-31050 + REJECTED +CVE-2021-31049 + REJECTED +CVE-2021-31048 + REJECTED +CVE-2021-31047 + REJECTED +CVE-2021-31046 + REJECTED +CVE-2021-31045 + REJECTED +CVE-2021-31044 + REJECTED +CVE-2021-31043 + REJECTED +CVE-2021-31042 + REJECTED +CVE-2021-31041 + REJECTED +CVE-2021-31040 + REJECTED +CVE-2021-31039 + REJECTED +CVE-2021-31038 + REJECTED +CVE-2021-31037 + REJECTED +CVE-2021-31036 + REJECTED +CVE-2021-31035 + REJECTED +CVE-2021-31034 + REJECTED +CVE-2021-31033 + REJECTED +CVE-2021-31032 + REJECTED +CVE-2021-31031 + REJECTED +CVE-2021-31030 + REJECTED +CVE-2021-31029 + REJECTED +CVE-2021-31028 + REJECTED +CVE-2021-31027 + REJECTED +CVE-2021-31026 + REJECTED +CVE-2021-31025 + REJECTED +CVE-2021-31024 + REJECTED +CVE-2021-31023 + REJECTED +CVE-2021-31022 + REJECTED +CVE-2021-31021 + REJECTED +CVE-2021-31020 + REJECTED +CVE-2021-31019 + REJECTED +CVE-2021-31018 + REJECTED +CVE-2021-31017 + REJECTED +CVE-2021-31016 + REJECTED +CVE-2021-31015 + REJECTED +CVE-2021-31014 + REJECTED +CVE-2021-31013 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-31012 + REJECTED +CVE-2021-31011 + REJECTED +CVE-2021-31010 (A deserialization issue was addressed through improved validation. Thi ...) + NOT-FOR-US: Apple +CVE-2021-31009 (Multiple issues were addressed by removing HDF5. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2021-31008 (A type confusion issue was addressed with improved memory handling. Th ...) + NOT-FOR-US: Apple +CVE-2021-31007 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-31006 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-31005 (Description: A logic issue was addressed with improved state managemen ...) + NOT-FOR-US: Apple +CVE-2021-31004 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-31003 + REJECTED +CVE-2021-31002 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-31001 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-31000 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30999 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30998 (A S/MIME issue existed in the handling of encrypted email. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30997 (A S/MIME issue existed in the handling of encrypted email. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30996 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30995 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30994 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30993 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30992 (This issue was addressed with improved handling of file metadata. This ...) + NOT-FOR-US: Apple +CVE-2021-30991 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30990 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30989 + REJECTED +CVE-2021-30988 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-30987 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30986 (A device configuration issue was addressed with an updated configurati ...) + NOT-FOR-US: Apple +CVE-2021-30985 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30984 (A race condition was addressed with improved state handling. This issu ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30983 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30982 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30981 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30980 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30979 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30978 + REJECTED +CVE-2021-30977 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30976 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30975 (This issue was addressed by disabling execution of JavaScript when vie ...) + NOT-FOR-US: Apple +CVE-2021-30974 + REJECTED +CVE-2021-30973 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30972 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30971 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30970 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30969 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30968 (A validation issue related to hard link behavior was addressed with im ...) + NOT-FOR-US: Apple +CVE-2021-30967 (Description: A permissions issue was addressed with improved validatio ...) + NOT-FOR-US: Apple +CVE-2021-30966 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30965 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30964 (An inherited permissions issue was addressed with additional restricti ...) + NOT-FOR-US: Apple +CVE-2021-30963 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30962 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2021-30961 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30960 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30959 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30958 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30957 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30956 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30955 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30954 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30953 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30952 (An integer overflow was addressed with improved input validation. This ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30951 (A use after free issue was addressed with improved memory management. ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30950 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30949 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30948 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2021-30947 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2021-30946 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30945 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30944 (Description: A logic issue was addressed with improved state managemen ...) + NOT-FOR-US: Apple +CVE-2021-30943 (An issue in the handling of group membership was resolved with improve ...) + NOT-FOR-US: Apple +CVE-2021-30942 (Description: A memory corruption issue in the processing of ICC profil ...) + NOT-FOR-US: Apple +CVE-2021-30941 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30940 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2021-30939 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30938 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30937 (A memory corruption vulnerability was addressed with improved locking. ...) + NOT-FOR-US: Apple +CVE-2021-30936 (A use after free issue was addressed with improved memory management. ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30935 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30934 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-5061-1 DSA-5060-1} + - webkit2gtk 2.34.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.4-1 + NOTE: https://webkitgtk.org/security/WSA-2022-0001.html +CVE-2021-30933 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30932 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30931 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30930 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30929 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30928 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30927 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30926 (Description: A memory corruption issue in the processing of ICC profil ...) + NOT-FOR-US: Apple +CVE-2021-30925 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30924 (A denial of service issue was addressed with improved state handling. ...) + NOT-FOR-US: Apple +CVE-2021-30923 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30922 (Multiple out-of-bounds write issues were addressed with improved bound ...) + NOT-FOR-US: Apple +CVE-2021-30921 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30920 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30919 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30918 (A Lock Screen issue was addressed with improved state management. This ...) + NOT-FOR-US: Apple +CVE-2021-30917 (A memory corruption issue existed in the processing of ICC profiles. T ...) + NOT-FOR-US: Apple +CVE-2021-30916 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30915 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30914 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30913 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30912 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30911 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30910 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30909 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30908 (An authentication issue was addressed with improved state management. ...) + NOT-FOR-US: Apple +CVE-2021-30907 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30906 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30905 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30904 (A sync issue was addressed with improved state validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30903 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30902 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30901 (Multiple out-of-bounds write issues were addressed with improved bound ...) + NOT-FOR-US: Apple +CVE-2021-30900 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30899 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30898 (An access issue was addressed with additional sandbox restrictions on ...) + NOT-FOR-US: Apple +CVE-2021-30897 (An issue existed in the specification for the resource timing API. The ...) + NOT-FOR-US: Apple +CVE-2021-30896 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30895 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30894 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30893 + REJECTED +CVE-2021-30892 (An inherited permissions issue was addressed with additional restricti ...) + NOT-FOR-US: Apple +CVE-2021-30891 + REJECTED +CVE-2021-30890 (A logic issue was addressed with improved state management. This issue ...) + {DSA-5031-1 DSA-5030-1} + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30889 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30888 (An information leakage issue was addressed. This issue is fixed in iOS ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30887 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-5031-1 DSA-5030-1} + - webkit2gtk 2.34.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30886 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30885 + REJECTED +CVE-2021-30884 (The issue was resolved with additional restrictions on CSS compositing ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30883 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30882 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30881 (An input validation issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30880 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30879 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30878 + REJECTED +CVE-2021-30877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30876 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30875 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30874 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2021-30873 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30872 + REJECTED +CVE-2021-30871 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2021-30870 (A logic issue existed in the handling of document loads. This issue wa ...) + NOT-FOR-US: Apple +CVE-2021-30869 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30868 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30867 (The issue was addressed with improved authentication. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30866 (A user privacy issue was addressed by removing the broadcast MAC addre ...) + NOT-FOR-US: Apple +CVE-2021-30865 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30864 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30863 (This issue was addressed by improving Face ID anti-spoofing models. Th ...) + NOT-FOR-US: Apple +CVE-2021-30862 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30861 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30860 (An integer overflow was addressed with improved input validation. This ...) + NOT-FOR-US: Apple +CVE-2021-30859 (A type confusion issue was addressed with improved state handling. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30858 (A use after free issue was addressed with improved memory management. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0005.html +CVE-2021-30857 (A race condition was addressed with improved locking. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30856 (This issue was addressed by adding a new Remote Login option for optin ...) + NOT-FOR-US: Apple +CVE-2021-30855 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2021-30854 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30853 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30852 (A type confusion issue was addressed with improved memory handling. Th ...) + NOT-FOR-US: Apple +CVE-2021-30851 (A memory corruption vulnerability was addressed with improved locking. ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html + NOTE: https://bugs.webkit.org/show_bug.cgi?id=227988 + NOTE: https://www.openwall.com/lists/oss-security/2021/10/27/4 +CVE-2021-30850 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30849 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30848 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30847 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30846 (A memory corruption issue was addressed with improved memory handling. ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.0-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0006.html +CVE-2021-30845 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30844 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30843 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30842 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30841 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30840 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30839 + RESERVED +CVE-2021-30838 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30837 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2021-30836 (An out-of-bounds read was addressed with improved input validation. Th ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30835 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30834 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30833 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30832 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30831 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30830 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30829 (A URI parsing issue was addressed with improved parsing. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30828 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30827 (A permissions issue existed. This issue was addressed with improved pe ...) + NOT-FOR-US: Apple +CVE-2021-30826 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30825 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30824 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30823 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30822 + RESERVED +CVE-2021-30821 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30820 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30819 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30818 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-4996-1 DSA-4995-1} + - webkit2gtk 2.34.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.34.1-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30817 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30816 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30815 (A lock screen issue allowed access to contacts on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30814 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30813 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30812 + RESERVED +CVE-2021-30811 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30810 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2021-30809 (A use after free issue was addressed with improved memory management. ...) + {DSA-4976-1 DSA-4975-1} + - webkit2gtk 2.32.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.4-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0007.html +CVE-2021-30808 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30807 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2021-30806 + RESERVED +CVE-2021-30805 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30804 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30803 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30802 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30801 + RESERVED +CVE-2021-30800 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30799 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30798 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30797 (This issue was addressed with improved checks. This issue is fixed in ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30796 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30795 (A use after free issue was addressed with improved memory management. ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30794 + RESERVED +CVE-2021-30793 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30792 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30791 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30790 (An information disclosure issue was addressed by removing the vulnerab ...) + NOT-FOR-US: Apple +CVE-2021-30789 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30788 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30787 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30786 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30785 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2021-30784 (Multiple issues were addressed with improved logic. This issue is fixe ...) + NOT-FOR-US: Apple +CVE-2021-30783 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30782 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30781 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30780 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30779 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30778 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2021-30777 (An injection issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30776 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30775 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30774 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30773 (An issue in code signature validation was addressed with improved chec ...) + NOT-FOR-US: Apple +CVE-2021-30772 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30771 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30770 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30769 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30768 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30767 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30766 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30765 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30764 (Processing a maliciously crafted file may lead to arbitrary code execu ...) + NOT-FOR-US: Apple +CVE-2021-30763 (An input validation issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2021-30762 (A use after free issue was addressed with improved memory management. ...) + {DSA-4681-1} + - webkit2gtk 2.28.0-2 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.28.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30761 (A memory corruption issue was addressed with improved state management ...) + {DSA-4558-1} + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30760 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30759 (A stack overflow was addressed with improved input validation. This is ...) + NOT-FOR-US: Apple +CVE-2021-30758 (A type confusion issue was addressed with improved state handling. Thi ...) + {DSA-4945-1} + - webkit2gtk 2.32.2-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.2-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30757 (This issue was addressed by enabling hardened runtime. This issue is f ...) + NOT-FOR-US: Apple +CVE-2021-30756 (A local attacker may be able to view Now Playing information from the ...) + NOT-FOR-US: Apple +CVE-2021-30755 (Processing a maliciously crafted font may result in the disclosure of ...) + NOT-FOR-US: Apple +CVE-2021-30754 + RESERVED +CVE-2021-30753 (Processing a maliciously crafted font may result in the disclosure of ...) + NOT-FOR-US: Apple +CVE-2021-30752 (Processing a maliciously crafted image may lead to arbitrary code exec ...) + NOT-FOR-US: Apple +CVE-2021-30751 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30750 (The issue was addressed with improved permissions logic. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30749 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30748 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30747 + RESERVED +CVE-2021-30746 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30745 + RESERVED +CVE-2021-30744 (Description: A cross-origin issue with iframe elements was addressed w ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30743 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2021-30742 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2021-30741 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30740 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30739 (A local attacker may be able to elevate their privileges. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-30738 (A malicious application may be able to overwrite arbitrary files. This ...) + NOT-FOR-US: Apple +CVE-2021-30737 (A memory corruption issue in the ASN.1 decoder was addressed by removi ...) + NOT-FOR-US: Apple +CVE-2021-30736 (A buffer overflow was addressed with improved size validation. This is ...) + NOT-FOR-US: Apple +CVE-2021-30735 (A malicious application may be able to execute arbitrary code with ker ...) + NOT-FOR-US: Apple +CVE-2021-30734 (Multiple memory corruption issues were addressed with improved memory ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30733 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30732 + RESERVED +CVE-2021-30731 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30730 + RESERVED +CVE-2021-30729 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2021-30728 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30727 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30726 (A malicious application may be able to execute arbitrary code with ker ...) + NOT-FOR-US: Apple +CVE-2021-30725 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30724 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30723 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30722 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30721 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30720 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30719 (A local user may be able to cause unexpected system termination or rea ...) + NOT-FOR-US: Apple +CVE-2021-30718 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30717 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30716 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30715 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30714 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2021-30713 (A permissions issue was addressed with improved validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30712 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30711 + RESERVED +CVE-2021-30710 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30709 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30708 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2021-30707 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30706 (Processing a maliciously crafted image may lead to disclosure of user ...) + NOT-FOR-US: Apple +CVE-2021-30705 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30704 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30703 (A double free issue was addressed with improved memory management. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30702 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30701 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30700 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30699 (A window management issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30698 (A null pointer dereference was addressed with improved input validatio ...) + NOT-FOR-US: Apple +CVE-2021-30697 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30696 (An attacker in a privileged network position may be able to misreprese ...) + NOT-FOR-US: Apple +CVE-2021-30695 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30694 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30693 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30692 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30691 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2021-30690 (Multiple issues in apache were addressed by updating apache to version ...) + NOT-FOR-US: Apple +CVE-2021-30689 (A logic issue was addressed with improved state management. This issue ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30688 (A malicious application may be able to break out of its sandbox. This ...) + NOT-FOR-US: Apple +CVE-2021-30687 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30686 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30685 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30684 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30683 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2021-30682 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4923-1} + - webkit2gtk 2.32.0-2 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.0-2 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30681 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2021-30680 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30679 (This issue was addressed by removing the vulnerable code. This issue i ...) + NOT-FOR-US: Apple +CVE-2021-30678 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30677 (This issue was addressed with improved environment sanitization. This ...) + NOT-FOR-US: Apple +CVE-2021-30676 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30675 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30674 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30673 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2021-30672 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2021-30671 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30670 + RESERVED +CVE-2021-30669 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30668 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30667 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30666 (A buffer overflow issue was addressed with improved memory handling. T ...) + {DSA-4558-1} + - webkit2gtk 2.26.1-2 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.26.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30665 (A memory corruption issue was addressed with improved state management ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30664 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2021-30663 (An integer overflow was addressed with improved input validation. This ...) + {DSA-4945-1} + - webkit2gtk 2.32.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.32.3-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30662 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30661 (A use after free issue was addressed with improved memory management. ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0004.html +CVE-2021-30660 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2021-30659 (A validation issue was addressed with improved logic. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2021-30658 (This issue was addressed with improved handling of file metadata. This ...) + NOT-FOR-US: Apple +CVE-2021-30657 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30656 (An access issue was addressed with improved memory management. This is ...) + NOT-FOR-US: Apple +CVE-2021-30655 (An application may be able to execute arbitrary code with system privi ...) + NOT-FOR-US: Apple +CVE-2021-30654 (This issue was addressed by removing additional entitlements. This iss ...) + NOT-FOR-US: Apple +CVE-2021-30653 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2021-30652 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2021-30651 (A malicious authenticated SMG administrator user can obtain passwords ...) + NOT-FOR-US: Symantec +CVE-2021-30650 (A reflected cross-site scripting (XSS) vulnerability in the Symantec L ...) + NOT-FOR-US: Symantec +CVE-2021-30649 + RESERVED +CVE-2021-30648 (The Symantec Advanced Secure Gateway (ASG) and ProxySG web management ...) + NOT-FOR-US: Symantec +CVE-2021-30647 + RESERVED +CVE-2021-30646 + RESERVED +CVE-2021-30645 + RESERVED +CVE-2021-30644 + RESERVED +CVE-2021-30643 + RESERVED +CVE-2021-30642 (An input validation flaw in the Symantec Security Analytics web UI 7.2 ...) + NOT-FOR-US: Symantec +CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...) + - rustc 1.53.0+dfsg1-1 + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/80335 + NOTE: https://github.com/rust-lang/rust/pull/81728 +CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...) + {DSA-5096-1 DLA-2941-1 DLA-2689-1} + - linux 5.10.9-1 + NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 +CVE-2018-25013 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6 +CVE-2018-25012 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ +CVE-2018-25011 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 +CVE-2018-25010 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63%5E%21/#F0 +CVE-2018-25009 (A heap-based buffer overflow was found in libwebp in versions before 1 ...) + {DSA-4930-1 DLA-2677-1} + - libwebp 0.6.1-2.1 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097%5E%21/ +CVE-2018-25008 (In the standard library in Rust before 1.29.0, there is weak synchroni ...) + - rustc 1.29.0+dfsg1-1 + NOTE: https://github.com/rust-lang/rust/issues/51780 + NOTE: https://github.com/rust-lang/rust/pull/52031 +CVE-2017-20004 (In the standard library in Rust before 1.19.0, there is a synchronizat ...) + - rustc 1.19.0+dfsg3-2 + NOTE: https://github.com/rust-lang/rust/issues/41622 + NOTE: https://github.com/rust-lang/rust/pull/41624 +CVE-2015-20002 + REJECTED +CVE-2021-XXXX [out of bounds reads in ASF demuxer] + - gst-plugins-ugly1.0 1.18.4-2 + [buster] - gst-plugins-ugly1.0 1.14.4-1+deb10u1 + [stretch] - gst-plugins-ugly1.0 1.10.4-1+deb9u1 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/issues/37 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/3aba7d1e625554b2407bc77b3d09b4928b937d5f (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-ugly/-/commit/9726aaf78e6643a5955864f444852423de58de29 (1.18.4) +CVE-2021-3522 (GStreamer before 1.18.4 may perform an out-of-bounds read when handlin ...) + {DSA-4903-1 DLA-2641-1} + - gst-plugins-base1.0 1.18.4-2 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/issues/876 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/f4a1428a6997658625d529b9db60fde812fbf1ee (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-base/-/commit/8a88e5c1db05ebadfd4569955f6f47c23cdca3c4 (1.18.4) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0001.html +CVE-2021-XXXX [Catch overflows in AVC/HEVC NAL unit length calculations] + - gst-plugins-bad1.0 1.18.4-2 + [buster] - gst-plugins-bad1.0 1.14.4-1+deb10u2 + [stretch] - gst-plugins-bad1.0 1.10.4-1+deb9u2 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2103 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/commit/0cfbf7ad91c7f121192c8ce135769f8eb276c41d (1.18-branch) +CVE-2021-XXXX [stack corruption when handling files with more than 64 audio channels] + - gst-libav1.0 1.18.4-2 + [buster] - gst-libav1.0 1.15.0.1+git20180723+db823502-2+deb10u1 + [stretch] - gst-libav1.0 1.10.4-1+deb9u1 + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/dcea8baa14a5fc3b796d876baaf2f238546ba2b1 (master) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/commit/a339f8f9641382b92b43e6d146bdc5d87a9704f8 (1.18.4) + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-libav/-/issues/92 +CVE-2021-3498 (GStreamer before 1.18.4 might cause heap corruption when parsing certa ...) + {DSA-4900-1} + [experimental] - gst-plugins-good1.0 1.18.4-1 + - gst-plugins-good1.0 1.18.4-2 (bug #986911) + [stretch] - gst-plugins-good1.0 (Vulnerable code introduced later) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0003.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/02174790726dd20a5c73ce2002189bf240ad4fe0 + NOTE: Introduced by: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/f279bc5336dda19741a5996a108da42dd3201366 +CVE-2021-3497 (GStreamer before 1.18.4 might access already-freed memory in error cod ...) + {DSA-4900-1 DLA-2640-1} + [experimental] - gst-plugins-good1.0 1.18.4-1 + - gst-plugins-good1.0 1.18.4-2 (bug #986910) + NOTE: https://gstreamer.freedesktop.org/security/sa-2021-0002.html + NOTE: https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/commit/9181191511f9c0be6a89c98b311f49d66bd46dc3 +CVE-2021-3496 (A heap-based buffer overflow was found in jhead in version 3.06 in Get ...) + - jhead 1:3.04-6 (bug #986923; unimportant) + NOTE: https://github.com/Matthias-Wandel/jhead/issues/33 + NOTE: Fixed by: https://github.com/Matthias-Wandel/jhead/commit/ca2973f4ce79279c15a09cf400648a757c1721b0 + NOTE: Crash in CLI tool, no security impact +CVE-2021-30641 (Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behav ...) + {DSA-4937-1 DLA-2706-1} + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-6 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1966743 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65238 + NOTE: https://github.com/apache/httpd/commit/eb986059aa5aa0b6c1d52714ea83e3dd758afdd1 +CVE-2021-30640 (A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker ...) + {DSA-4952-1 DLA-2733-1} + - tomcat9 9.0.43-2 (bug #991046) + [bullseye] - tomcat9 9.0.43-2~deb11u1 + [buster] - tomcat9 9.0.31-1~deb10u6 + - tomcat8 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65224 + NOTE: https://github.com/apache/tomcat/commit/c4df8d44a959a937d507d15e5b1ca35c3dbc41eb (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/749f3cc192c68c34f2375509aea087be45fc4434 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/c6b6e1015ae44c936971b6bf8bce70987935b92e (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/91ecdc61ce3420054c04114baaaf1c1e0cbd5d56 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/e50067486cf86564175ca0cfdcbf7d209c6df862 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/b5585a9e5d4fec020cc5ebadb82f899fae22bc43 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/329932012d3a9b95fde0b18618416e659ecffdc0 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/3ce84512ed8783577d9945df28da5a033465b945 (9.0.46) + NOTE: https://github.com/apache/tomcat/commit/24dfb30076997b640e5123e92c4b8d7f206f609c (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/0a272b00aed57526dbfc8b881ab253c23c61f100 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/c9f21a2a7908c7c4ecd4f9bb495d3ee36a2bd822 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/4e86b4ea0d1a9b00fa93971c31b93ad1bd49c7fe (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/79580e7f70a07c083be07307376511bb864d5a7b (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/d3407672774e372fae8b5898d55f85d16f22b972 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/6a9129ac9bd06555ce04bb564a76fc3987311f38 (8.5.66) + NOTE: https://github.com/apache/tomcat/commit/ad22db641dcd61c2e8078f658fa709897b5da375 (8.5.66) + NOTE: Fix for CVE-2021-30640 introduced a regression: + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65308 +CVE-2021-30639 (A vulnerability in Apache Tomcat allows an attacker to remotely trigge ...) + - tomcat9 (Vulnerable code introduced later in 9.0.44) + - tomcat8 + [stretch] - tomcat8 (Vulnerable code was introduced later) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=65203 + NOTE: https://github.com/apache/tomcat/commit/8ece47c4a9fb9349e8862c84358a4dd23c643a24 (9.0.45) + NOTE: https://github.com/apache/tomcat/commit/411caf29ac1c16e6ac291b6e5543b2371dbd25e2 (8.5.65) +CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...) + NOT-FOR-US: WordPress plugin themegrill-demo-importer +CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...) + NOT-FOR-US: WordPress plugin themegrill-demo-importer +CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...) + NOT-FOR-US: Vaadin +CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...) + NOT-FOR-US: Vaadin +CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...) + NOT-FOR-US: Vaadin +CVE-2019-25028 (Missing variable sanitization in Grid component in com.vaadin:vaadin-s ...) + NOT-FOR-US: Vaadin +CVE-2019-25027 (Missing output sanitization in default RouteNotFoundError view in com. ...) + NOT-FOR-US: Vaadin +CVE-2018-25007 (Missing check in UIDL request handler in com.vaadin:flow-server versio ...) + NOT-FOR-US: Vaadin +CVE-2017-20003 + REJECTED +CVE-2021-30638 (Information Exposure vulnerability in context asset handling of Apache ...) + NOT-FOR-US: Apache Tapestry +CVE-2021-30637 (htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Descript ...) + NOT-FOR-US: htmly +CVE-2021-30636 (In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corrup ...) + NOT-FOR-US: MediaTek LinkIt SDK +CVE-2021-30635 (Sonatype Nexus Repository Manager 3.x before 3.30.1 allows a remote at ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2021-30634 + RESERVED +CVE-2021-30633 (Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.8 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30632 (Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allow ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30631 + REJECTED +CVE-2021-30630 (Inappropriate implementation in Blink in Google Chrome prior to 93.0.4 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30629 (Use after free in Permissions in Google Chrome prior to 93.0.4577.82 a ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30628 (Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30627 (Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30626 (Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.45 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30625 (Use after free in Selection API in Google Chrome prior to 93.0.4577.82 ...) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30624 (Chromium: CVE-2021-30624 Use after free in Autofill) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30623 (Chromium: CVE-2021-30623 Use after free in Bookmarks) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30622 (Chromium: CVE-2021-30622 Use after free in WebApp Installs) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30621 (Chromium: CVE-2021-30621 UI Spoofing in Autofill) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30620 (Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30619 (Chromium: CVE-2021-30619 UI Spoofing in Autofill) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30618 (Chromium: CVE-2021-30618 Inappropriate implementation in DevTools) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30617 (Chromium: CVE-2021-30617 Policy bypass in Blink) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30616 (Chromium: CVE-2021-30616 Use after free in Media) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30615 (Chromium: CVE-2021-30615 Cross-origin data leak in Navigation) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30614 (Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30613 (Chromium: CVE-2021-30613 Use after free in Base internals) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30612 (Chromium: CVE-2021-30612 Use after free in WebRTC) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30611 (Chromium: CVE-2021-30611 Use after free in WebRTC) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30610 (Chromium: CVE-2021-30610 Use after free in Extensions API) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30609 (Chromium: CVE-2021-30609 Use after free in Sign-In) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30608 (Chromium: CVE-2021-30608 Use after free in Web Share) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30607 (Chromium: CVE-2021-30607 Use after free in Permissions) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30606 (Chromium: CVE-2021-30606 Use after free in Blink) + - chromium 93.0.4577.82-1 + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30605 (Inappropriate implementation in the ChromeOS Readiness Tool installer ...) + NOT-FOR-US: ChromeOS Readiness Tool installer on Windows +CVE-2021-30604 (Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30603 (Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30602 (Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30601 (Use after free in Extensions API in Google Chrome prior to 92.0.4515.1 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30600 (Use after free in Printing in Google Chrome prior to 92.0.4515.159 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30599 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30598 (Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30597 (Use after free in Browser UI in Google Chrome on Chrome prior to 92.0. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30596 (Incorrect security UI in Navigation in Google Chrome on Android prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30595 + RESERVED +CVE-2021-30594 (Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30593 (Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.13 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30592 (Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30591 (Use after free in File System API in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30590 (Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30589 (Insufficient validation of untrusted input in Sharing in Google Chrome ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30588 (Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30587 (Inappropriate implementation in Compositing in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30586 (Use after free in dialog box handling in Windows in Google Chrome prio ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30585 (Use after free in sensor handling in Google Chrome on Windows prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30584 (Incorrect security UI in Downloads in Google Chrome on Android prior t ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30583 (Insufficient policy enforcement in image handling in iOS in Google Chr ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30582 (Inappropriate implementation in Animation in Google Chrome prior to 92 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30581 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30580 (Insufficient policy enforcement in Android intents in Google Chrome pr ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30579 (Use after free in UI framework in Google Chrome prior to 92.0.4515.107 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30578 (Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30577 (Insufficient policy enforcement in Installer in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30576 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30575 (Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.10 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30574 (Use after free in protocol handling in Google Chrome prior to 92.0.451 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30573 (Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30572 (Use after free in Autofill in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30571 (Insufficient policy enforcement in DevTools in Google Chrome prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30570 + RESERVED +CVE-2021-30569 (Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30568 (Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30567 (Use after free in DevTools in Google Chrome prior to 92.0.4515.107 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30566 (Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30565 (Out of bounds write in Tab Groups in Google Chrome on Linux and Chrome ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30564 (Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30563 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30562 (Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 al ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30561 (Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30560 (Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 a ...) + {DSA-5216-1 DLA-3101-1} + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + - libxslt 1.1.35-1 + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1219209 + NOTE: https://gitlab.gnome.org/GNOME/libxslt/commit/50f9c9cd3b7dfe9b3c8c795247752d1fdcadcac8 (v1.1.35) +CVE-2021-30559 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30558 (Insufficient policy enforcement in content security policy in Google C ...) + {DSA-5046-1} + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) +CVE-2021-30557 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 al ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30556 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30555 (Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30554 (Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30553 (Use after free in Network service in Google Chrome prior to 91.0.4472. ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30552 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30551 (Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30550 (Use after free in Accessibility in Google Chrome prior to 91.0.4472.10 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30549 (Use after free in Spell check in Google Chrome prior to 91.0.4472.101 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30548 (Use after free in Loader in Google Chrome prior to 91.0.4472.101 allow ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30547 (Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.101 a ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-30547 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-30547 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-30547 +CVE-2021-30546 (Use after free in Autofill in Google Chrome prior to 91.0.4472.101 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30545 (Use after free in Extensions in Google Chrome prior to 91.0.4472.101 a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30544 (Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30543 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30542 (Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30541 (Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30540 (Incorrect security UI in payments in Google Chrome on Android prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30539 (Insufficient policy enforcement in content security policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30538 (Insufficient policy enforcement in content security policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30537 (Insufficient policy enforcement in cookies in Google Chrome prior to 9 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30536 (Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30535 (Double free in ICU in Google Chrome prior to 91.0.4472.77 allowed a re ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) + - icu 67.1-7 + [buster] - icu (Vulnerable code introduced later) + [stretch] - icu (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1194899 (restricted) + NOTE: Bugfix: https://github.com/unicode-org/icu/pull/1698/commits/e450fa50fc242282551f56b941dc93b9a8a0bcbb + NOTE: Backports: https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2842864 + NOTE: Introduced by: https://github.com/unicode-org/icu/commit/596647c0c34bf19d90d7c90d4f3827876fef688f (release-66-preview) + NOTE: Fixed by: https://github.com/unicode-org/icu/commit/2dc5bea9061b4fb05cd03e21b775dd944a0eb81d +CVE-2021-30534 (Insufficient policy enforcement in iFrameSandbox in Google Chrome prio ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30533 (Insufficient policy enforcement in PopupBlocker in Google Chrome prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30532 (Insufficient policy enforcement in Content Security Policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30531 (Insufficient policy enforcement in Content Security Policy in Google C ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30530 (Out of bounds memory access in WebAudio in Google Chrome prior to 91.0 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30529 (Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30528 (Use after free in WebAuthentication in Google Chrome on Android prior ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30527 (Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30526 (Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30525 (Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 all ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30524 (Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30523 (Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowe ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30522 (Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allo ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30521 (Heap buffer overflow in Autofill in Google Chrome on Android prior to ...) + - chromium 93.0.4577.82-1 (bug #990079) + [buster] - chromium (see DSA 5046) + [stretch] - chromium (see DSA 4562) +CVE-2021-30520 (Use after free in Tab Strip in Google Chrome prior to 90.0.4430.212 al ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30519 (Use after free in Payments in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30518 (Heap buffer overflow in Reader Mode in Google Chrome prior to 90.0.443 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30517 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30516 (Heap buffer overflow in History in Google Chrome prior to 90.0.4430.21 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30515 (Use after free in File API in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30514 (Use after free in Autofill in Google Chrome prior to 90.0.4430.212 all ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30513 (Type confusion in V8 in Google Chrome prior to 90.0.4430.212 allowed a ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30512 (Use after free in Notifications in Google Chrome prior to 90.0.4430.21 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30511 (Out of bounds read in Tab Groups in Google Chrome prior to 90.0.4430.2 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30510 (Use after free in Aura in Google Chrome prior to 90.0.4430.212 allowed ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30509 (Out of bounds write in Tab Strip in Google Chrome prior to 90.0.4430.2 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30508 (Heap buffer overflow in Media Feeds in Google Chrome prior to 90.0.443 ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30507 (Inappropriate implementation in Offline in Google Chrome on Android pr ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30506 (Incorrect security UI in Web App Installs in Google Chrome on Android ...) + {DSA-4917-1} + - chromium 90.0.4430.212-1 + [stretch] - chromium (see DSA 4562) +CVE-2021-30505 + RESERVED +CVE-2021-30504 (In JetBrains IntelliJ IDEA before 2021.1, DoS was possible because of ...) + - intellij-idea (bug #747616) +CVE-2021-30503 (The unofficial GLSL Linting extension before 1.4.0 for Visual Studio C ...) + NOT-FOR-US: GLSL Linting extension for Visual Studio Code +CVE-2021-30502 (The unofficial vscode-ghc-simple (aka Simple Glasgow Haskell Compiler) ...) + NOT-FOR-US: vscode-ghc-simple extension for Visual Studio Code +CVE-2021-3495 (An incorrect access control flaw was found in the kiali-operator in ve ...) + NOT-FOR-US: kiali-operator +CVE-2021-3494 (A smart proxy that provides a restful API to various sub-systems of th ...) + - foreman (bug #663101) +CVE-2021-3493 (The overlayfs implementation in the linux kernel did not properly vali ...) + - linux 5.10.38-1 + [stretch] - linux (Unprivileged users cannot mount overlayfs) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 +CVE-2021-30501 (An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/486 + NOTE: https://github.com/upx/upx/pull/487 + NOTE: https://github.com/upx/upx/commit/28e761cd42211dfe0124b7a29b2f74730f453e46 +CVE-2021-30500 (Null pointer dereference was found in upx PackLinuxElf::canUnpack() in ...) + - upx-ucl (unimportant) + NOTE: https://github.com/upx/upx/issues/485 + NOTE: https://github.com/upx/upx/commit/90279abdfcd235172eab99651043051188938dcc +CVE-2021-30499 (A flaw was found in libcaca. A buffer overflow of export.c in function ...) + - libcaca 0.99.beta19-3 (bug #987278) + [bullseye] - libcaca (Minor issue) + [buster] - libcaca (Minor issue) + [stretch] - libcaca (Minor issue; can be fixed in next update) + NOTE: https://github.com/cacalabs/libcaca/issues/54 + NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) +CVE-2021-30498 (A flaw was found in libcaca. A heap buffer overflow in export.c in fun ...) + - libcaca 0.99.beta19-3 (bug #987278) + [bullseye] - libcaca (Minor issue) + [buster] - libcaca (Minor issue) + [stretch] - libcaca (Minor issue; can be fixed in next update) + NOTE: https://github.com/cacalabs/libcaca/issues/53 + NOTE: Fixed by: https://github.com/cacalabs/libcaca/commit/ab04483ee1a846d6b74b2e6248e980152baec3f6 (v0.99.beta20) +CVE-2021-30497 (Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users t ...) + NOT-FOR-US: Ivanti +CVE-2021-30496 (The Telegram app 7.6.2 for iOS allows remote authenticated users to ca ...) + NOT-FOR-US: Telegram for iOS +CVE-2021-30495 + RESERVED +CVE-2021-30494 (Multiple system services installed alongside the Razer Synapse 3 softw ...) + NOT-FOR-US: Razer Synapse 3 software suite +CVE-2021-30493 (Multiple system services installed alongside the Razer Synapse 3 softw ...) + NOT-FOR-US: Razer Synapse 3 software suite +CVE-2021-30492 + RESERVED +CVE-2021-30491 + RESERVED +CVE-2021-30490 (upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21 ...) + NOT-FOR-US: ViewPowerHTML +CVE-2021-30489 + RESERVED +CVE-2021-30488 + RESERVED +CVE-2020-36318 (In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/79808 + NOTE: https://github.com/rust-lang/rust/pull/79814 +CVE-2020-36317 (In the standard library in Rust before 1.49.0, String::retain() functi ...) + - rustc 1.53.0+dfsg1-1 (bug #986803) + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + [stretch] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/78498 + NOTE: https://github.com/rust-lang/rust/pull/78499 +CVE-2015-20001 (In the standard library in Rust before 1.2.0, BinaryHeap is not panic- ...) + - rustc 1.2.0+dfsg1-1 + [bullseye] - rustc (Minor issue) + [buster] - rustc (Minor issue) + NOTE: https://github.com/rust-lang/rust/issues/25842 + NOTE: https://github.com/rust-lang/rust/pull/25856 +CVE-2021-30487 (In the topic moving API in Zulip Server 3.x before 3.4, organization a ...) + - zulip-server (bug #800052) +CVE-2021-30486 (SysAid 20.3.64 b14 is affected by Blind and Stacker SQL injection via ...) + NOT-FOR-US: SysAid +CVE-2021-30485 (An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezx ...) + {DLA-2705-1} + - mapcache (unimportant; bug #989363) + - scilab (unimportant; bug #989364) + - netcdf 1:4.9.0-1 (bug #989360) + [bullseye] - netcdf (Minor issue) + [buster] - netcdf (Minor issue) + [stretch] - netcdf (vulnerable code not present) + - netcdf-parallel 1:4.9.0-1 (bug #989361) + [bullseye] - netcdf-parallel (Minor issue) + [buster] - netcdf-parallel (Minor issue) + NOTE: https://sourceforge.net/p/ezxml/bugs/25 + NOTE: mapcache only uses ezxml to parse config files which are trusted +CVE-2021-30484 + RESERVED +CVE-2021-30483 (isomorphic-git before 1.8.2 allows Directory Traversal via a crafted r ...) + NOT-FOR-US: isomorphic-git +CVE-2021-30482 (In JetBrains UpSource before 2020.1.1883, application passwords were n ...) + NOT-FOR-US: JetBrains +CVE-2021-30481 (Valve Steam through 2021-04-10, when a Source engine game is installed ...) + NOT-FOR-US: Valve Steam + NOTE: Debian ships an installer as src:steam, but it auto-updates whenever Steam + NOTE: is started, so nothing really to be updated there +CVE-2021-3492 (Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux ...) + - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/04/16/1 + NOTE: Debian does not include the (not yet upstream accepted) shiftfs +CVE-2021-3491 (The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT li ...) + - linux 5.10.38-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/13 + NOTE: https://git.kernel.org/linus/d1f82808877bb10d3deee7cf3374a4eb3fb582db +CVE-2021-3490 (The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in th ...) + - linux 5.10.38-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/11 +CVE-2021-3489 (The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel di ...) + - linux 5.10.38-1 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/11/10 +CVE-2021-30480 (Zoom Chat through 2021-04-09 on Windows and macOS allows certain remot ...) + NOT-FOR-US: Zoom Chat +CVE-2021-3488 + REJECTED +CVE-2021-30479 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server (bug #800052) +CVE-2021-30478 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server (bug #800052) +CVE-2021-30477 (An issue was discovered in Zulip Server before 3.4. A bug in the imple ...) + - zulip-server (bug #800052) +CVE-2021-30476 (HashiCorp Terraform\u2019s Vault Provider (terraform-provider-vault) d ...) + NOT-FOR-US: HashiCorp Terraform Vault Provider +CVE-2021-3487 + REJECTED +CVE-2021-3486 (GLPi 9.5.4 does not sanitize the metadata. This way its possible to in ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone + NOTE: https://github.com/Kitsun3Sec/exploits/tree/master/cms/GLPI/GLPI-stored-XSS +CVE-2021-30475 (aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buf ...) + {DSA-5490-1 DLA-3556-1} + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 + NOTE: https://aomedia.googlesource.com/aom/+/12adc723acf02633595a4d8da8345742729f46c0 + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2999 +CVE-2021-30474 (aom_dsp/grain_table.c in libaom in AOMedia before 2021-03-30 has a use ...) + {DSA-5490-1 DLA-3556-1} + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 + NOTE: https://aomedia.googlesource.com/aom/+/6e31957b6dc62dbc7d1bb70cd84902dd14c4bf2e + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=3000 +CVE-2021-30473 (aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that i ...) + {DSA-5490-1 DLA-3556-1} + [experimental] - aom 3.2.0-1~exp1 + - aom 3.2.0-1 (bug #988211) + NOTE: https://aomedia.googlesource.com/aom/+/d0cac70b542c38accd916f8afd13592d34c48963%5E%21/ + NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2998 +CVE-2021-30472 (A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in Pdf ...) + - libpodofo (bug #986794) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + [stretch] - libpodofo (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/132/ +CVE-2021-30471 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in Pd ...) + - libpodofo (bug #986793) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + [stretch] - libpodofo (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/131/ +CVE-2021-30470 (A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among ...) + - libpodofo (bug #986792) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + [stretch] - libpodofo (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/130/ +CVE-2021-30469 (A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecO ...) + - libpodofo (bug #986791) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + [stretch] - libpodofo (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/129/ +CVE-2021-30468 (A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows ...) + NOT-FOR-US: Apache CXF +CVE-2021-30467 + RESERVED +CVE-2021-30466 + RESERVED +CVE-2021-30465 (runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Dire ...) + {DLA-3369-1} + - runc 1.0.0~rc93+ds1-5 (bug #988768) + [stretch] - runc (Intrusive to backport fix) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/19/2 + NOTE: https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r + NOTE: Initial patch in -4, but revised patch was applied only in -5 +CVE-2021-30464 (OMICRON StationGuard before 1.10 allows remote attackers to cause a de ...) + NOT-FOR-US: OMICRON StationGuard +CVE-2021-30463 (VestaCP through 0.9.8-24 allows attackers to gain privileges by creati ...) + NOT-FOR-US: VestaCP +CVE-2021-30462 (VestaCP through 0.9.8-24 allows the admin user to escalate privileges ...) + NOT-FOR-US: VestaCP +CVE-2021-30461 (A remote code execution issue was discovered in the web UI of VoIPmoni ...) + NOT-FOR-US: VoIPmonitor +CVE-2021-30460 + RESERVED +CVE-2021-30459 (A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolba ...) + NOT-FOR-US: Jazzband Django Debug Toolbar +CVE-2021-30458 (An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x ...) + - mediawiki 1:1.35.2-1 + [buster] - mediawiki (Only applies to 1.35 and later) + [stretch] - mediawiki (Only applies to 1.35 and later) + NOTE: https://phabricator.wikimedia.org/T279451 +CVE-2021-30457 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30456 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30455 (An issue was discovered in the id-map crate through 2021-02-26 for Rus ...) + NOT-FOR-US: Rust crate id-map +CVE-2021-30454 (An issue was discovered in the outer_cgi crate before 0.2.1 for Rust. ...) + NOT-FOR-US: Rust crate outer_cgi +CVE-2021-30453 + RESERVED +CVE-2021-30452 + RESERVED +CVE-2021-30451 + RESERVED +CVE-2021-30450 + RESERVED +CVE-2021-30449 + RESERVED +CVE-2021-30448 + RESERVED +CVE-2021-30447 + RESERVED +CVE-2021-30446 + RESERVED +CVE-2021-30445 + RESERVED +CVE-2021-30444 + RESERVED +CVE-2021-30443 + RESERVED +CVE-2021-30442 + RESERVED +CVE-2021-30441 + RESERVED +CVE-2021-30440 + RESERVED +CVE-2021-30439 + RESERVED +CVE-2021-30438 + RESERVED +CVE-2021-30437 + RESERVED +CVE-2021-30436 + RESERVED +CVE-2021-30435 + RESERVED +CVE-2021-30434 + RESERVED +CVE-2021-30433 + RESERVED +CVE-2021-30432 + RESERVED +CVE-2021-30431 + RESERVED +CVE-2021-30430 + RESERVED +CVE-2021-30429 + RESERVED +CVE-2021-30428 + RESERVED +CVE-2021-30427 + RESERVED +CVE-2021-30426 + RESERVED +CVE-2021-30425 + RESERVED +CVE-2021-30424 + RESERVED +CVE-2021-30423 + RESERVED +CVE-2021-30422 + RESERVED +CVE-2021-30421 + RESERVED +CVE-2021-30420 + RESERVED +CVE-2021-30419 + RESERVED +CVE-2021-30418 + RESERVED +CVE-2021-30417 + RESERVED +CVE-2021-30416 + RESERVED +CVE-2021-30415 + RESERVED +CVE-2021-30414 + RESERVED +CVE-2021-30413 + RESERVED +CVE-2021-30412 + RESERVED +CVE-2021-30411 + RESERVED +CVE-2021-30410 + RESERVED +CVE-2021-30409 + RESERVED +CVE-2021-30408 + RESERVED +CVE-2021-30407 + RESERVED +CVE-2021-30406 + RESERVED +CVE-2021-30405 + RESERVED +CVE-2021-30404 + RESERVED +CVE-2021-30403 + RESERVED +CVE-2021-30402 + RESERVED +CVE-2021-30401 + RESERVED +CVE-2021-30400 + RESERVED +CVE-2021-30399 + RESERVED +CVE-2021-30398 + RESERVED +CVE-2021-30397 + RESERVED +CVE-2021-30396 + RESERVED +CVE-2021-30395 + RESERVED +CVE-2021-30394 + RESERVED +CVE-2021-30393 + RESERVED +CVE-2021-30392 + RESERVED +CVE-2021-30391 + RESERVED +CVE-2021-30390 + RESERVED +CVE-2021-30389 + RESERVED +CVE-2021-30388 + RESERVED +CVE-2021-30387 + RESERVED +CVE-2021-30386 + RESERVED +CVE-2021-30385 + RESERVED +CVE-2021-30384 + RESERVED +CVE-2021-30383 + RESERVED +CVE-2021-30382 + RESERVED +CVE-2021-30381 + RESERVED +CVE-2021-30380 + RESERVED +CVE-2021-30379 + RESERVED +CVE-2021-30378 + RESERVED +CVE-2021-30377 + RESERVED +CVE-2021-30376 + RESERVED +CVE-2021-30375 + RESERVED +CVE-2021-30374 + RESERVED +CVE-2021-30373 + RESERVED +CVE-2021-30372 + RESERVED +CVE-2021-30371 + RESERVED +CVE-2021-30370 + RESERVED +CVE-2021-30369 + RESERVED +CVE-2021-30368 + RESERVED +CVE-2021-30367 + RESERVED +CVE-2021-30366 + RESERVED +CVE-2021-30365 + RESERVED +CVE-2021-30364 + RESERVED +CVE-2021-30363 + RESERVED +CVE-2021-30362 + RESERVED +CVE-2021-30361 (The Check Point Gaia Portal's GUI Clients allowed authenticated admini ...) + NOT-FOR-US: Check Point +CVE-2021-30360 (Users have access to the directory where the installation repair occur ...) + NOT-FOR-US: Check Point +CVE-2021-30359 (The Harmony Browse and the SandBlast Agent for Browsers installers mus ...) + NOT-FOR-US: Harmony Browse and the SandBlast Agent for Browsers installers +CVE-2021-30358 (Mobile Access Portal Native Applications who's path is defined by the ...) + NOT-FOR-US: Mobile Access Portal Native Applications +CVE-2021-30357 (SSL Network Extender Client for Linux before build 800008302 reveals p ...) + NOT-FOR-US: SSL Network Extender Client +CVE-2021-30356 (A denial of service vulnerability was reported in Check Point Identity ...) + NOT-FOR-US: Check Point Identity Agent +CVE-2021-30355 (Amazon Kindle e-reader prior to and including version 5.13.4 improperl ...) + NOT-FOR-US: Amazon Kindle e-reader +CVE-2021-30354 (Amazon Kindle e-reader prior to and including version 5.13.4 contains ...) + NOT-FOR-US: Amazon Kindle e-reader +CVE-2021-30353 (Improper validation of function pointer type with actual function sign ...) + NOT-FOR-US: Qualcomm +CVE-2021-30352 + RESERVED +CVE-2021-30351 (An out of bound memory access can occur due to improper validation of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30350 (Lack of MBN header size verification against input buffer can lead to ...) + NOT-FOR-US: Snapdragon +CVE-2021-30349 (Improper access control sequence for AC database after memory allocati ...) + NOT-FOR-US: Snapdragon +CVE-2021-30348 (Improper validation of LLM utility timers availability can lead to den ...) + NOT-FOR-US: Qualcomm +CVE-2021-30347 (Improper integrity check can lead to race condition between tasks PDCP ...) + NOT-FOR-US: Snapdragon +CVE-2021-30346 (RPM secure Stream can access any secure resource due to improper SMMU ...) + NOT-FOR-US: Snapdragon +CVE-2021-30345 (RPM secure Stream can access any secure resource due to improper SMMU ...) + NOT-FOR-US: Snapdragon +CVE-2021-30344 (Improper authorization of a replayed LTE security mode command can lea ...) + NOT-FOR-US: Snapdragon +CVE-2021-30343 (Improper integrity check can lead to race condition between tasks PDCP ...) + NOT-FOR-US: Snapdragon +CVE-2021-30342 (Improper integrity check can lead to race condition between tasks PDCP ...) + NOT-FOR-US: Snapdragon +CVE-2021-30341 (Improper buffer size validation of DSM packet received can lead to mem ...) + NOT-FOR-US: Snapdragon +CVE-2021-30340 (Reachable assertion due to improper validation of coreset in PDCCH con ...) + NOT-FOR-US: Snapdragon +CVE-2021-30339 (Reading PRNG output may lead to improper key generation due to lack of ...) + NOT-FOR-US: Snapdragon +CVE-2021-30338 (Improper input validation in TrustZone memory transfer interface can l ...) + NOT-FOR-US: Snapdragon +CVE-2021-30337 (Possible use after free when process shell memory is freed using IOCTL ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30336 (Possible out of bound read due to lack of domain input validation whil ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30335 (Possible assertion in QOS request due to improper validation when mult ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30334 (Possible use after free due to lack of null check of DRM file status a ...) + NOT-FOR-US: Snapdragon +CVE-2021-30333 (Improper validation of buffer size input to the EFS file can lead to m ...) + NOT-FOR-US: Qualcomm +CVE-2021-30332 (Possible assertion due to improper validation of OTA configuration in ...) + NOT-FOR-US: Qualcomm +CVE-2021-30331 (Possible buffer overflow due to improper data validation of external c ...) + NOT-FOR-US: Qualcomm +CVE-2021-30330 (Possible null pointer dereference due to improper validation of APE cl ...) + NOT-FOR-US: Qualcomm +CVE-2021-30329 (Possible assertion due to improper validation of TCI configuration in ...) + NOT-FOR-US: Qualcomm +CVE-2021-30328 (Possible assertion due to improper validation of invalid NR CSI-IM res ...) + NOT-FOR-US: Qualcomm +CVE-2021-30327 (Buffer overflow in sahara protocol while processing commands leads to ...) + NOT-FOR-US: Snapdragon +CVE-2021-30326 (Possible assertion due to improper size validation while processing th ...) + NOT-FOR-US: Qualcomm +CVE-2021-30325 (Possible out of bound access of DCI resources due to lack of validatio ...) + NOT-FOR-US: Qualcomm +CVE-2021-30324 (Possible out of bound write due to lack of boundary check for the maxi ...) + NOT-FOR-US: Qualcomm +CVE-2021-30323 (Improper validation of maximum size of data write to EFS file can lead ...) + NOT-FOR-US: Qualcomm +CVE-2021-30322 (Possible out of bounds write due to improper validation of number of G ...) + NOT-FOR-US: Qualcomm +CVE-2021-30321 (Possible buffer overflow due to lack of parameter length check during ...) + NOT-FOR-US: Snapdragon +CVE-2021-30320 + RESERVED +CVE-2021-30319 (Possible integer overflow due to improper validation of command length ...) + NOT-FOR-US: Qualcomm +CVE-2021-30318 (Improper validation of input when provisioning the HDCP key can lead t ...) + NOT-FOR-US: Qualcomm +CVE-2021-30317 (Improper validation of program headers containing ELF metadata can lea ...) + NOT-FOR-US: Qualcomm +CVE-2021-30316 (Possible out of bound memory access due to improper boundary check whi ...) + NOT-FOR-US: Snapdragon +CVE-2021-30315 (Improper handling of sensor HAL structure in absence of sensor can lea ...) + NOT-FOR-US: Snapdragon +CVE-2021-30314 (Lack of validation for third party application accessing the service c ...) + NOT-FOR-US: Qualcomm +CVE-2021-30313 (Use after free condition can occur in wired connectivity due to a race ...) + NOT-FOR-US: Qualcomm +CVE-2021-30312 (Improper authentication of sub-frames of a multicast AMSDU frame can l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30311 (Possible heap overflow due to lack of index validation before allocati ...) + NOT-FOR-US: Qualcomm +CVE-2021-30310 (Possible buffer overflow due to Improper validation of received CF-ACK ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30309 (Improper size validation of QXDM commands can lead to memory corruptio ...) + NOT-FOR-US: Qualcomm +CVE-2021-30308 (Possible buffer overflow while printing the HARQ memory partition deta ...) + NOT-FOR-US: Qualcomm +CVE-2021-30307 (Possible denial of service due to improper validation of DNS response ...) + NOT-FOR-US: Qualcomm +CVE-2021-30306 (Possible buffer over read due to improper buffer allocation for file l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30305 (Possible out of bound access due to lack of validation of page offset ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30304 (Possible buffer out of bound read can occur due to improper validation ...) + NOT-FOR-US: Snapdragon +CVE-2021-30303 (Possible buffer overflow due to lack of buffer length check when segme ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30302 (Improper authentication of EAP WAPI EAPOL frames from unauthenticated ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30301 (Possible denial of service due to out of memory while processing RRC a ...) + NOT-FOR-US: Qualcomm +CVE-2021-30300 (Possible denial of service due to incorrectly decoding hex data for th ...) + NOT-FOR-US: Qualcomm +CVE-2021-30299 + RESERVED +CVE-2021-30298 (Possible out of bound access due to improper validation of item size a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30297 (Possible out of bound read due to improper validation of packet length ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30296 + RESERVED +CVE-2021-30295 (Possible heap overflow due to improper validation of local variable wh ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30294 (Potential null pointer dereference in KGSL GPU auxiliary command due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30293 (Possible assertion due to lack of input validation in PUSCH configurat ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30292 (Possible memory corruption due to lack of validation of client data us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30291 (Possible memory corruption due to lack of validation of client data us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30290 (Possible null pointer dereference due to race condition between timeli ...) + NOT-FOR-US: Snapdragon +CVE-2021-30289 (Possible buffer overflow due to lack of range check while processing a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30288 (Possible stack overflow due to improper length check of TLV while copy ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30287 (Possible assertion due to improper validation of symbols configured fo ...) + NOT-FOR-US: Qualcomm +CVE-2021-30286 + RESERVED +CVE-2021-30285 (Improper validation of memory region in Hypervisor can lead to incorre ...) + NOT-FOR-US: Qualcomm +CVE-2021-30284 (Possible information exposure and denial of service due to NAS not dro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30283 (Possible denial of service due to improper handling of debug register ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30282 (Possible out of bound write in RAM partition table due to improper val ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30281 (Possible unauthorized access to secure space due to improper check of ...) + NOT-FOR-US: Snapdragon +CVE-2021-30280 + RESERVED +CVE-2021-30279 (Possible access control violation while setting current permission for ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30278 (Improper input validation in TrustZone memory transfer interface can l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30277 + RESERVED +CVE-2021-30276 (Improper access control while doing XPU re-configuration dynamically c ...) + NOT-FOR-US: Android +CVE-2021-30275 (Possible integer overflow in page alignment interface due to lack of a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30274 (Possible integer overflow in access control initialization interface d ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30273 (Possible assertion due to improper handling of IPV6 packet with invali ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30272 (Possible null pointer dereference in thread cache operation handler du ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30271 (Possible null pointer dereference in trap handler due to lack of threa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30270 (Possible null pointer dereference in thread profile trap handler due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30269 (Possible null pointer dereference due to lack of TLB validation for us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30268 (Possible heap Memory Corruption Issue due to lack of input validation ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30267 (Possible integer overflow to buffer overflow due to improper input val ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30266 (Possible use after free due to improper memory validation when initial ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30265 (Possible memory corruption due to improper validation of memory addres ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30264 (Possible use after free due improper validation of reference from call ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30263 (Possible race condition can occur due to lack of synchronization mecha ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30262 (Improper validation of a socket state when socket events are being sen ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30261 (Possible integer and heap overflow due to lack of input command size v ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30260 (Possible Integer overflow to buffer overflow issue can occur due to im ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30259 (Possible out of bound access due to improper validation of function ta ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30258 (Possible buffer overflow due to improper size calculation of payload r ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30257 (Possible out of bound read or write in VR service due to lack of valid ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30256 (Possible stack overflow due to improper validation of camera name leng ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30255 (Possible buffer overflow due to improper input validation in PDM DIAG ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30254 (Possible buffer overflow due to improper input validation in factory c ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2021-30253 + RESERVED +CVE-2021-30252 + RESERVED +CVE-2021-30251 + RESERVED +CVE-2021-30250 + RESERVED +CVE-2021-30249 + RESERVED +CVE-2021-30248 + RESERVED +CVE-2021-30247 + RESERVED +CVE-2021-30246 (In the jsrsasign package through 10.1.13 for Node.js, some invalid RSA ...) + NOT-FOR-US: Node jsrasign +CVE-2021-30245 (The project received a report that all versions of Apache OpenOffice t ...) + NOT-FOR-US: Apache OpenOffice, equivalent to CVE-2021-25631 +CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 ...) + NOT-FOR-US: RELIC +CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...) + NOT-FOR-US: RELIC +CVE-2021-3485 (An Improper Input Validation vulnerability in the Product Update featu ...) + NOT-FOR-US: Bitdefender +CVE-2021-30244 + RESERVED +CVE-2021-30243 + RESERVED +CVE-2021-30242 + RESERVED +CVE-2021-30241 + RESERVED +CVE-2021-30240 + RESERVED +CVE-2021-30239 + RESERVED +CVE-2021-30238 + RESERVED +CVE-2021-30237 + RESERVED +CVE-2021-30236 + RESERVED +CVE-2021-30235 + RESERVED +CVE-2021-30234 (The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30233 (The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 r ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30232 (The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF- ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30231 (The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 rou ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30230 (The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30229 (The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30228 (The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao W ...) + NOT-FOR-US: China Mobile An Lianbao WF-1 router +CVE-2021-30227 (Cross Site Scripting (XSS) vulnerability in the article comments featu ...) + NOT-FOR-US: emlog +CVE-2021-30226 + RESERVED +CVE-2021-30225 + RESERVED +CVE-2021-30224 (Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attacke ...) + NOT-FOR-US: Rukovoditel +CVE-2021-30223 + RESERVED +CVE-2021-30222 + RESERVED +CVE-2021-30221 + RESERVED +CVE-2021-30220 + RESERVED +CVE-2021-30219 (samurai 1.2 has a NULL pointer dereference in printstatus() function i ...) + NOT-FOR-US: samurai +CVE-2021-30218 (samurai 1.2 has a NULL pointer dereference in writefile() in util.c vi ...) + NOT-FOR-US: samurai +CVE-2021-30217 + RESERVED +CVE-2021-30216 + REJECTED +CVE-2021-30215 + RESERVED +CVE-2021-30214 (Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injecti ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30213 (Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-sit ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30212 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30211 (Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30210 + RESERVED +CVE-2021-30209 (Textpattern V4.8.4 contains an arbitrary file upload vulnerability whe ...) + NOT-FOR-US: Textpattern CMS +CVE-2021-30208 + RESERVED +CVE-2021-30207 + RESERVED +CVE-2021-30206 + RESERVED +CVE-2021-30205 (Incorrect access control in the component /index.php?mod=system&op=org ...) + NOT-FOR-US: dzzoffice +CVE-2021-30204 + RESERVED +CVE-2021-30203 (A reflected cross-site scripting (XSS) vulnerability in the zero param ...) + NOT-FOR-US: dzzoffice +CVE-2021-30202 + RESERVED +CVE-2021-30201 (The API /vsaWS/KaseyaWS.asmx can be used to submit XML to the system. ...) + NOT-FOR-US: Kaseya +CVE-2021-30200 + RESERVED +CVE-2021-30199 (In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Derefe ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/b2db2f99b4c30f96e17b9a14537c776da6cb5dca + NOTE: https://github.com/gpac/gpac/issues/1728 +CVE-2021-30198 + RESERVED +CVE-2021-30197 + RESERVED +CVE-2021-30196 + RESERVED +CVE-2021-30195 (CODESYS V2 runtime system before 2.4.7.55 has Improper Input Validatio ...) + NOT-FOR-US: CODESYS +CVE-2021-30194 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Read.) + NOT-FOR-US: CODESYS +CVE-2021-30193 (CODESYS V2 Web-Server before 1.1.9.20 has an Out-of-bounds Write.) + NOT-FOR-US: CODESYS +CVE-2021-30192 (CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Se ...) + NOT-FOR-US: CODESYS +CVE-2021-30191 (CODESYS V2 Web-Server before 1.1.9.20 has a a Buffer Copy without Chec ...) + NOT-FOR-US: CODESYS +CVE-2021-30190 (CODESYS V2 Web-Server before 1.1.9.20 has Improper Access Control.) + NOT-FOR-US: CODESYS +CVE-2021-30189 (CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflo ...) + NOT-FOR-US: CODESYS +CVE-2021-30188 (CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer ...) + NOT-FOR-US: CODESYS +CVE-2021-30187 (CODESYS V2 runtime system SP before 2.4.7.55 has Improper Neutralizati ...) + NOT-FOR-US: CODESYS +CVE-2021-30186 (CODESYS V2 runtime system SP before 2.4.7.55 has a Heap-based Buffer O ...) + NOT-FOR-US: CODESYS +CVE-2021-30185 (CERN Indico before 2.3.4 can use an attacker-supplied Host header in a ...) + NOT-FOR-US: CERN Indico +CVE-2021-30184 (GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted ...) + - gnuchess (bug #986801) + [bookworm] - gnuchess (Minor issue) + [bullseye] - gnuchess (Minor issue) + [buster] - gnuchess (Minor issue) + [stretch] - gnuchess (Minor issue in a game; can be fixed in next update) + NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html + NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html +CVE-2021-30183 (Cleartext storage of sensitive information in multiple versions of Oct ...) + NOT-FOR-US: Octopus Server +CVE-2021-30182 + RESERVED +CVE-2021-30181 (Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which wi ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-30180 (Apache Dubbo prior to 2.7.9 support Tag routing which will enable a cu ...) + NOT-FOR-US: Apache Dubbo +CVE-2021-30179 (Apache Dubbo prior to 2.6.9 and 2.7.9 by default supports generic call ...) + NOT-FOR-US: Apache Dubbo +CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...) + - file-roller 3.38.1-1 + [buster] - file-roller (Minor issue) + [stretch] - file-roller (Minor issue; can be fixed in next update) + NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae + NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 +CVE-2021-3484 + REJECTED +CVE-2021-3483 (A flaw was found in the Nosy driver in the Linux kernel. This issue al ...) + {DLA-2690-1 DLA-2689-1} + - linux 5.10.28-1 + [buster] - linux 4.19.194-1 + NOTE: https://git.kernel.org/linus/829933ef05a951c8ff140e814656d73e74915faf +CVE-2021-30178 (An issue was discovered in the Linux kernel through 5.11.11. synic_get ...) + - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/919f4ebc598701670e80e31573a58f1f2d2bf918 +CVE-2021-30177 (There is a SQL Injection vulnerability in PHP-Nuke 8.3.3 in the User R ...) + NOT-FOR-US: PHP-Nuke +CVE-2021-30176 (The ZEROF Expert pro/2.0 application for mobile devices allows SQL Inj ...) + NOT-FOR-US: ZEROF Expert +CVE-2021-30175 (ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /Handle ...) + NOT-FOR-US: ZEROF Web Server +CVE-2021-30174 (RiyaLab CloudISO event item is added, special characters in specific f ...) + NOT-FOR-US: RiyaLab CloudISO +CVE-2021-30173 (Local File Inclusion vulnerability of the omni-directional communicati ...) + NOT-FOR-US: omni-directional communication system +CVE-2021-30172 (Special characters of picture preview page in the Quan-Fang-Wei-Tong-X ...) + NOT-FOR-US: Quan-Fang-Wei-Tong-Xun system +CVE-2021-30171 (Special characters of ERP POS news page are not filtered in users\u201 ...) + NOT-FOR-US: ERP POS +CVE-2021-30170 (Special characters of ERP POS customer profile page are not filtered i ...) + NOT-FOR-US: ERP POS +CVE-2021-30169 (The sensitive information of webcam device is not properly protected. ...) + NOT-FOR-US: LILIN +CVE-2021-30168 (The sensitive information of webcam device is not properly protected. ...) + NOT-FOR-US: LILIN +CVE-2021-30167 (The manage users profile services of the network camera device allows ...) + NOT-FOR-US: LILIN +CVE-2021-30166 (The NTP Server configuration function of the IP camera device is not v ...) + NOT-FOR-US: LILIN +CVE-2021-30165 (The default administrator account & password of the EDIMAX wireless ne ...) + NOT-FOR-US: EDIMAX +CVE-2021-30164 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to bypass ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #986800) + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/19975 +CVE-2021-30163 (Redmine before 4.0.8 and 4.1.x before 4.1.2 allows attackers to discov ...) + {DLA-2658-1} + - redmine 5.0.0-1 (bug #986800) + NOTE: https://www.redmine.org/projects/redmine/repository/revisions/20819 +CVE-2021-30162 (An issue was discovered on LG mobile devices with Android OS 4.4 throu ...) + NOT-FOR-US: LG mobile devices +CVE-2021-30161 (An issue was discovered on LG mobile devices with Android OS 11 softwa ...) + NOT-FOR-US: LG mobile devices +CVE-2021-26948 (Null pointer dereference in the htmldoc v1.9.11 and before may allow a ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/410 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/008861d8339c6ec777e487770b70b95b1ed0c1d2 + NOTE: Crash in CLI tool, no security impact +CVE-2021-26259 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/417 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/0ddab26a542c74770317b622e985c52430092ba5 + NOTE: Crash in CLI tool, no security impact +CVE-2021-26252 (A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in pspdf_ ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/412 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2021-23206 (A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overf ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/416 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/ba61a3ece382389ae4482c7027af8b32e8ab4cc8 + NOTE: Crash in CLI tool, no security impact +CVE-2021-23191 (A security issue was found in htmldoc v1.9.12 and before. A NULL point ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/415 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2021-23180 (A flaw was found in htmldoc in v1.9.12 and before. Null pointer derefe ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/418 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751a + NOTE: Crash in CLI tool, no security impact +CVE-2021-23165 (A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in ps ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/413 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f +CVE-2021-23158 (A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_ ...) + {DSA-4928-1 DLA-2700-1} + - htmldoc 1.9.11-4 (unimportant; bug #989437) + NOTE: https://github.com/michaelrsweet/htmldoc/issues/414 + NOTE: https://github.com/michaelrsweet/htmldoc/commit/369b2ea1fd0d0537ba707f20a2f047b6afd2fbdc + NOTE: Crash in CLI tool, no security impact +CVE-2020-36313 (An issue was discovered in the Linux kernel before 5.7. The KVM subsys ...) + - linux (No released version affected by the vulnerability) + NOTE: Fixed by: https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219 +CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kv ...) + - linux 5.8.10-1 + [buster] - linux 4.19.152-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e +CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...) + {DSA-4941-1 DLA-2714-1} + - linux 5.9.1-1 + [stretch] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03 +CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...) + {DSA-5095-1} + - linux 5.16.7-1 + [stretch] - linux (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e +CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) + - libnginx-mod-http-lua (Fixed before initial upload to Debian) + - nginx 1.22.0-3 (bug #986787) + [bullseye] - nginx (Minor issue, too intrusive to backport, see #986787) + [buster] - nginx (Minor issue, too intrusive to backport, see #986787) + [stretch] - nginx (Minor issue; can be fixed in next update) + NOTE: https://github.com/openresty/lua-nginx-module/pull/1654 + NOTE: src:nginx/1.22.0-3 removed the http-lua module and moved it to a separate package +CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) + {DLA-2658-1} + - redmine 4.0.7-1 +CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) + {DLA-2658-1} + - redmine 4.0.7-1 +CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) + {DLA-2658-1} + - redmine 4.0.7-1 +CVE-2019-25026 (Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data duri ...) + {DLA-2658-1} + - redmine 4.0.6-1 +CVE-2021-30160 + RESERVED +CVE-2021-30159 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T272386 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30158 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T277009 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/670546 +CVE-2021-30157 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1} + - mediawiki 1:1.35.2-1 + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T278058 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674085 +CVE-2021-30156 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + - mediawiki (Not a security issue on release branches, only affected master) + NOTE: https://phabricator.wikimedia.org/T276306 + NOTE: CVE description is wrong +CVE-2021-30155 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T270988 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30154 (An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...) + {DSA-4889-1} + - mediawiki 1:1.35.2-1 + [stretch] - mediawiki (Vulnerable code introduced later) + NOTE: https://phabricator.wikimedia.org/T278014 + NOTE: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/674083/ +CVE-2021-30153 (An issue was discovered in the VisualEditor extension in MediaWiki bef ...) + - mediawiki 1:1.35.2-1 + [buster] - mediawiki (Vulnerable code not present) + [stretch] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T270453 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30152 (An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through ...) + {DSA-4889-1 DLA-2648-1} + - mediawiki 1:1.35.2-1 + NOTE: https://phabricator.wikimedia.org/T270713 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2021-April/094418.html +CVE-2021-30151 (Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue n ...) + {DLA-3360-1 DLA-2943-1} + - ruby-sidekiq 6.3.1+dfsg-1 (bug #987354) + [bullseye] - ruby-sidekiq (Minor issue) + NOTE: https://github.com/mperham/sidekiq/issues/4852 + NOTE: https://github.com/mperham/sidekiq/commit/64f70339d1dcf50a55c00d36bfdb61d97ec63ed8 (v6.2.1) +CVE-2021-30150 (Composr 10.0.36 allows XSS in an XML script.) + NOT-FOR-US: Composr +CVE-2021-30149 (Composr 10.0.36 allows upload and execution of PHP files.) + NOT-FOR-US: Composr +CVE-2021-30148 + RESERVED +CVE-2021-30147 (DMA Softlab Radius Manager 4.4.0 allows CSRF with impacts such as addi ...) + NOT-FOR-US: DMA Softlab Radius Manager +CVE-2021-30146 (Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library f ...) + NOT-FOR-US: seahub + NOTE: https://github.com/Security-AVS/CVE-2021-30146 +CVE-2021-30145 (A format string vulnerability in mpv through 0.33.0 allows user-assist ...) + - mpv 0.32.0-3 (bug #986839) + [buster] - mpv (Minor issue) + [stretch] - mpv (Minor issue; can be fixed in next update) + NOTE: https://github.com/mpv-player/mpv/commit/cb3fa04bcb2ba9e0d25788480359157208c13e0b +CVE-2021-30144 (The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileg ...) + NOT-FOR-US: GLPI plugin +CVE-2021-30143 + RESERVED +CVE-2021-30142 + RESERVED +CVE-2021-30141 (Module/Settings/UserExport.php in Friendica through 2021.01 allows set ...) + NOT-FOR-US: Friendica +CVE-2021-30140 (LiquidFiles 3.4.15 has stored XSS through the "send email" functionali ...) + NOT-FOR-US: LiquidFiles +CVE-2021-30139 (In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a b ...) + NOT-FOR-US: Alpine Linux apk-tools +CVE-2021-30138 + REJECTED +CVE-2021-30137 (Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarsha ...) + NOT-FOR-US: Axios Assyst +CVE-2021-30136 + RESERVED +CVE-2021-30135 + RESERVED +CVE-2021-30134 (php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows ...) + NOT-FOR-US: PHP mod-curl +CVE-2021-30133 (A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, C ...) + NOT-FOR-US: CloverDX +CVE-2021-30132 (Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalati ...) + NOT-FOR-US: Cloudera Manager +CVE-2021-30131 + RESERVED +CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...) + {DLA-3198-1 DLA-3197-1} + - phpseclib 1.0.19-3 + - php-phpseclib 2.0.30-2 + - php-phpseclib3 3.0.7-1 + NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890 + NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1) + NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/05550b9c490bf342bce66de75d127d2f75c48bdd (1.0.20, 2.0.31, 3.0.7) + NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/42fc46e9a92c2ce5b10d2fbfb00b630417d6dfbe (3.0.7) + NOTE: According to upstream in #1635, "v2.0 does not have a vulnerability" (only non-security bugs). + NOTE: However, a lot of identical fixes were applied to all 1.x/2.x/3.x branches upstream. + NOTE: They were also backported in bullseye/testing in 1.x/2.x (claimed as a CVE-2021-30130 fix). + NOTE: Given the broad scope of this CVE description, let's assume that those fixes are needed in 1.x/2.x. +CVE-2021-30129 (A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to ...) + NOT-FOR-US: Apache Mina SSHD +CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version) + NOT-FOR-US: Apache OFBiz +CVE-2021-30127 (TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the adm ...) + NOT-FOR-US: Terramaster +CVE-2021-30126 (Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyon ...) + NOT-FOR-US: Lightmeter ControlCenter +CVE-2021-30125 (Jamf Pro before 10.28.0 allows XSS related to inventory history, aka P ...) + NOT-FOR-US: Jamf Pro +CVE-2021-30124 (The unofficial vscode-phpmd (aka PHP Mess Detector) extension before 1 ...) + NOT-FOR-US: vscode-phpmd (aka PHP Mess Detector) extension for Visual Studio Code +CVE-2021-30123 (FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec th ...) + - ffmpeg (Only affects 4.4 development branches) + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f + NOTE: https://trac.ffmpeg.org/ticket/8845 + NOTE: https://trac.ffmpeg.org/ticket/8863 + NOTE: CVE description is wrong, this landed in 4.4 only + NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 +CVE-2021-30122 + RESERVED +CVE-2021-30121 (Semi-authenticated local file inclusion The contents of arbitrary file ...) + NOT-FOR-US: Kaseya +CVE-2021-30120 (Kaseya VSA before 9.5.7 allows attackers to bypass the 2FA requirement ...) + NOT-FOR-US: Kaseya +CVE-2021-30119 (Authenticated reflective XSS in HelpDeskTab/rcResults.asp The paramete ...) + NOT-FOR-US: Kaseya +CVE-2021-30118 (An attacker can upload files with the privilege of the Web Server proc ...) + NOT-FOR-US: Kaseya +CVE-2021-30117 (The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authen ...) + NOT-FOR-US: Kaseya +CVE-2021-30116 (Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in ...) + NOT-FOR-US: Kaseya +CVE-2021-30115 + RESERVED +CVE-2021-30114 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30113 (A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Even ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30112 (Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vuln ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30111 (A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Eve ...) + NOT-FOR-US: Web-School ERP +CVE-2021-30110 (dttray.exe in Greyware Automation Products Inc Domain Time II before 5 ...) + NOT-FOR-US: Greyware +CVE-2021-30109 (Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under c ...) + NOT-FOR-US: Froala Editor +CVE-2021-30108 (Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vu ...) + NOT-FOR-US: Feehi CMS +CVE-2021-30107 + RESERVED +CVE-2021-30106 + RESERVED +CVE-2021-30105 + RESERVED +CVE-2021-30104 + RESERVED +CVE-2021-30103 + RESERVED +CVE-2021-30102 + RESERVED +CVE-2021-30101 + RESERVED +CVE-2021-30100 + RESERVED +CVE-2021-30099 + RESERVED +CVE-2021-30098 + RESERVED +CVE-2021-30097 + RESERVED +CVE-2021-30096 + RESERVED +CVE-2021-30095 + RESERVED +CVE-2021-30094 + RESERVED +CVE-2021-30093 + RESERVED +CVE-2021-30092 + RESERVED +CVE-2021-30091 + RESERVED +CVE-2021-30090 + RESERVED +CVE-2021-30089 + RESERVED +CVE-2021-30088 + RESERVED +CVE-2021-30087 + RESERVED +CVE-2021-30086 (Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese ...) + NOT-FOR-US: KindEditor +CVE-2021-30085 + RESERVED +CVE-2021-30084 + RESERVED +CVE-2021-30083 (An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vuln ...) + NOT-FOR-US: Mediat +CVE-2021-30082 (An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vu ...) + NOT-FOR-US: Gris CMS +CVE-2021-30081 (An issue was discovered in emlog 6.0.0stable. There is a SQL Injection ...) + NOT-FOR-US: emlog +CVE-2021-30080 (An issue was discovered in the route lookup process in beego through 2 ...) + NOT-FOR-US: Beego +CVE-2021-30079 + RESERVED +CVE-2021-30078 + RESERVED +CVE-2021-30077 + RESERVED +CVE-2021-30076 + RESERVED +CVE-2021-30075 + RESERVED +CVE-2021-30074 (docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the s ...) + NOT-FOR-US: docsify +CVE-2021-30073 + RESERVED +CVE-2021-30072 (An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. ...) + NOT-FOR-US: D-Link +CVE-2021-30071 (A cross-site scripting (XSS) vulnerability in /admin/list_key.html of ...) + NOT-FOR-US: Hestia Control Panel +CVE-2021-30070 (An issue was discovered in HestiaCP before v1.3.5. Attackers are able ...) + NOT-FOR-US: Hestia Control Panel +CVE-2021-30069 + RESERVED +CVE-2021-30068 + RESERVED +CVE-2021-30067 + RESERVED +CVE-2021-30066 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30065 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30064 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30063 (On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30062 (On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30061 (On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before ...) + NOT-FOR-US: Schneider Electric +CVE-2021-30060 + RESERVED +CVE-2021-30059 + RESERVED +CVE-2021-30058 (Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30057 (A stored HTML injection vulnerability exists in Knowage Suite version ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30056 (Knowage Suite before 7.4 is vulnerable to reflected cross-site scripti ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30055 (A SQL injection vulnerability in Knowage Suite version 7.1 exists in t ...) + NOT-FOR-US: Knowage Suite +CVE-2021-30054 + RESERVED +CVE-2021-30053 + RESERVED +CVE-2021-30052 + RESERVED +CVE-2021-30051 + RESERVED +CVE-2021-30050 + RESERVED +CVE-2021-30049 (SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /Ke ...) + NOT-FOR-US: SysAid +CVE-2021-30048 (Directory Traversal in the fileDownload function in com/java2nb/common ...) + NOT-FOR-US: Novel-plus +CVE-2021-30047 (VSFTPD 3.0.3 allows attackers to cause a denial of service due to limi ...) + NOTE: Nonsense CVE assignment for src:vsftpd +CVE-2021-30046 (VIGRA Computer Vision Library Version-1-11-1 contains a segmentation f ...) + NOT-FOR-US: VIGRA Computer Vision Library +CVE-2021-30045 (SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the ...) + NOT-FOR-US: SerenityOS +CVE-2021-30044 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30043 + RESERVED +CVE-2021-30042 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name" ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30041 + RESERVED +CVE-2021-30040 + RESERVED +CVE-2021-30039 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "B ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30038 + RESERVED +CVE-2021-30037 + RESERVED +CVE-2021-30036 + RESERVED +CVE-2021-30035 + RESERVED +CVE-2021-30034 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons fiel ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30033 + RESERVED +CVE-2021-30032 + RESERVED +CVE-2021-30031 + REJECTED +CVE-2021-30030 (Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name fie ...) + NOT-FOR-US: Remote Clinic +CVE-2021-30029 + RESERVED +CVE-2021-30028 (SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default crede ...) + NOT-FOR-US: SOOTEWAY Wi-Fi Range Extender +CVE-2021-30027 (md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger us ...) + - md4c 0.4.7-2 (bug #987799) + NOTE: https://github.com/mity/md4c/issues/155 + NOTE: https://github.com/mity/md4c/commit/4fc808d8fe8d8904f8525bb4231d854f45e23a19 +CVE-2021-30026 + RESERVED +CVE-2021-30025 + RESERVED +CVE-2021-30024 + RESERVED +CVE-2021-30023 + RESERVED +CVE-2021-30022 (There is a integer overflow in media_tools/av_parsers.c in the gf_avc_ ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1720 +CVE-2021-30021 + RESERVED +CVE-2021-30020 (In the function gf_hevc_read_pps_bs_internal function in media_tools/a ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1722 +CVE-2021-30019 (In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0 ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/22774aa9e62f586319c8f107f5bae950fed900bc + NOTE: https://github.com/gpac/gpac/issues/1723 +CVE-2021-30018 + RESERVED +CVE-2021-30017 + RESERVED +CVE-2021-30016 + RESERVED +CVE-2021-30015 (There is a Null Pointer Dereference in function filter_core/filter_pck ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Vulnerable code not present) + [stretch] - gpac (Vulnerable code not present) + NOTE: https://github.com/gpac/gpac/commit/13dad7d5ef74ca2e6fe4010f5b03eb12e9bbe0ec + NOTE: https://github.com/gpac/gpac/issues/1719 +CVE-2021-30014 (There is a integer overflow in media_tools/av_parsers.c in the hevc_pa ...) + - gpac 1.0.1+dfsg1-4 (bug #987323) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/51cdb67ff7c5f1242ac58c5aa603ceaf1793b788 + NOTE: https://github.com/gpac/gpac/issues/1721 +CVE-2021-30013 + RESERVED +CVE-2021-30012 + RESERVED +CVE-2021-30011 + RESERVED +CVE-2021-30010 + RESERVED +CVE-2021-30009 + RESERVED +CVE-2021-30008 + RESERVED +CVE-2021-30007 + RESERVED +CVE-2021-30006 (In IntelliJ IDEA before 2020.3.3, XXE was possible, leading to informa ...) + - intellij-idea (bug #747616) +CVE-2021-30005 (In JetBrains PyCharm before 2020.3.4, local code execution was possibl ...) + - pycharm (bug #742394) +CVE-2021-30004 (In wpa_supplicant and hostapd 2.9, forging attacks may occur because A ...) + - wpa (unimportant) + NOTE: https://w1.fi/cgit/hostap/commit/?id=a0541334a6394f8237a4393b7372693cd7e96f15 + NOTE: Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal) + NOTE: but Debian builds with CONFIG_TLS=openssl +CVE-2021-30003 (An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. Ther ...) + NOT-FOR-US: Nokia G-120W-F 3FE46606AGAB91 devices +CVE-2021-30001 + RESERVED +CVE-2021-30000 (An issue was discovered in LATRIX 0.6.0. SQL injection in the txtacces ...) + NOT-FOR-US: LATRIX +CVE-2021-29999 (An issue was discovered in Wind River VxWorks through 6.8. There is a ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-29998 (An issue was discovered in Wind River VxWorks before 6.5. There is a p ...) + NOT-FOR-US: Wind River VxWorks +CVE-2021-29997 (An issue was discovered in Wind River VxWorks 7 before 21.03. A specia ...) + NOT-FOR-US: Helix ALM +CVE-2021-29996 (Mark Text through 0.16.3 allows attackers arbitrary command execution. ...) + NOT-FOR-US: marktext +CVE-2021-29995 (A Cross Site Request Forgery (CSRF) issue in Server Console in CloverD ...) + NOT-FOR-US: CloverDX +CVE-2021-29994 (Cloudera Hue 4.6.0 allows XSS.) + NOT-FOR-US: Cloudera Hue +CVE-2021-29993 (Firefox for Android allowed navigations through the `intent://` protoc ...) + - firefox (Specific to Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-38/#CVE-2021-29993 +CVE-2021-29992 + RESERVED +CVE-2021-29991 (Firefox incorrectly accepted a newline in a HTTP/3 header, interpretti ...) + - firefox 91.0.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-37/#CVE-2021-29991 +CVE-2021-29990 (Mozilla developers and community members reported memory safety bugs p ...) + - firefox 91.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29990 +CVE-2021-29989 (Mozilla developers reported memory safety bugs present in Firefox 90 a ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29989 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29989 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29989 +CVE-2021-29988 (Firefox incorrectly treated an inline list-item element as a block ele ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29988 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29988 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29988 +CVE-2021-29987 (After requesting multiple permissions, and closing the first permissio ...) + - firefox 91.0-1 + - thunderbird (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29987 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29987 +CVE-2021-29986 (A suspected race condition when calling getaddrinfo led to memory corr ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29986 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29986 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29986 +CVE-2021-29985 (A use-after-free vulnerability in media channels could have led to mem ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29985 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29985 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29985 +CVE-2021-29984 (Instruction reordering resulted in a sequence of instructions that wou ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29984 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29984 +CVE-2021-29983 (Firefox for Android could get stuck in fullscreen mode and not exit it ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29983 +CVE-2021-29982 (Due to incorrect JIT optimization, we incorrectly interpreted data fro ...) + - firefox 91.0-1 + - thunderbird (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29982 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29982 +CVE-2021-29981 (An issue present in lowering/register allocation could have led to obs ...) + - firefox 91.0-1 + - thunderbird (Thunderbird 78.x not affected, only TB91) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29981 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29981 +CVE-2021-29980 (Uninitialized memory in a canvas object could have caused an incorrect ...) + {DSA-4959-1 DSA-4956-1 DLA-2745-1 DLA-2740-1} + - firefox 91.0-1 + - firefox-esr 78.13.0esr-1 + - thunderbird 1:78.13.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-33/#CVE-2021-29980 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-34/#CVE-2021-29980 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-36/#CVE-2021-29980 +CVE-2021-29979 (Hubs Cloud allows users to download shared content, specifically HTML ...) + NOT-FOR-US: Hubs Cloud +CVE-2021-29978 (Multiple low security issues were discovered and fixed in a security a ...) + NOT-FOR-US: Mozilla VPN +CVE-2021-29977 (Mozilla developers reported memory safety bugs present in Firefox 89. ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29977 +CVE-2021-29976 (Mozilla developers reported memory safety bugs present in code shared ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29976 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29976 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29976 +CVE-2021-29975 (Through a series of DOM manipulations, a message, over which the attac ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29975 +CVE-2021-29974 (When network partitioning was enabled, e.g. as a result of Enhanced Tr ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29974 +CVE-2021-29973 (Password autofill was enabled without user interaction on insecure web ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29973 +CVE-2021-29972 (A use-after-free vulnerability was found via testing, and traced to an ...) + - firefox 90.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29972 +CVE-2021-29971 (If a user had granted a permission to a webpage and saved that grant, ...) + - firefox (Only affects Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29971 +CVE-2021-29970 (A malicious webpage could have triggered a use-after-free, memory corr ...) + {DSA-4940-1 DSA-4939-1 DLA-2711-1 DLA-2709-1} + - firefox 90.0-1 + - firefox-esr 78.12.0esr-1 + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/#CVE-2021-29970 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-29/#CVE-2021-29970 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29970 +CVE-2021-29969 (If Thunderbird was configured to use STARTTLS for an IMAP connection, ...) + {DSA-4940-1 DLA-2711-1} + - thunderbird 1:78.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-30/#CVE-2021-29969 +CVE-2021-29968 (When drawing text onto a canvas with WebRender disabled, an out of bou ...) + - firefox (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-27/#CVE-2021-29968 +CVE-2021-29967 (Mozilla developers reported memory safety bugs present in Firefox 88 a ...) + {DSA-4927-1 DSA-4925-1 DLA-2679-1 DLA-2673-1} + - firefox-esr 78.11.0esr-1 + - firefox 89.0-1 + - thunderbird 1:78.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29967 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29967 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29967 +CVE-2021-29966 (Mozilla developers reported memory safety bugs present in Firefox 88. ...) + - firefox 89.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29966 +CVE-2021-29965 (A malicious website that causes an HTTP Authentication dialog to be sp ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29965 +CVE-2021-29964 (A locally-installed hostile program could send `WM_COPYDATA` messages ...) + - firefox-esr (Only affects Windows) + - firefox (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-26/#CVE-2021-29964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-24/#CVE-2021-29964 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29964 +CVE-2021-29963 (Address bar search suggestions in private browsing mode were re-using ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29963 +CVE-2021-29962 (Firefox for Android would become unstable and hard-to-recover when a w ...) + - firefox (Android-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/#CVE-2021-29962 +CVE-2021-29961 (When styling and rendering an oversized ` ...) + NOT-FOR-US: NewsOne CMS +CVE-2020-21975 + RESERVED +CVE-2020-21974 + RESERVED +CVE-2020-21973 + RESERVED +CVE-2020-21972 + RESERVED +CVE-2020-21971 + RESERVED +CVE-2020-21970 + RESERVED +CVE-2020-21969 + RESERVED +CVE-2020-21968 + RESERVED +CVE-2020-21967 (File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 ...) + NOT-FOR-US: Prestashop +CVE-2020-21966 + RESERVED +CVE-2020-21965 + RESERVED +CVE-2020-21964 + RESERVED +CVE-2020-21963 + RESERVED +CVE-2020-21962 + RESERVED +CVE-2020-21961 + RESERVED +CVE-2020-21960 + RESERVED +CVE-2020-21959 + RESERVED +CVE-2020-21958 + RESERVED +CVE-2020-21957 + RESERVED +CVE-2020-21956 + RESERVED +CVE-2020-21955 + RESERVED +CVE-2020-21954 + RESERVED +CVE-2020-21953 + RESERVED +CVE-2020-21952 + RESERVED +CVE-2020-21951 + RESERVED +CVE-2020-21950 + RESERVED +CVE-2020-21949 + RESERVED +CVE-2020-21948 + RESERVED +CVE-2020-21947 + RESERVED +CVE-2020-21946 + RESERVED +CVE-2020-21945 + RESERVED +CVE-2020-21944 + RESERVED +CVE-2020-21943 + RESERVED +CVE-2020-21942 + RESERVED +CVE-2020-21941 + RESERVED +CVE-2020-21940 + RESERVED +CVE-2020-21939 + RESERVED +CVE-2020-21938 + RESERVED +CVE-2020-21937 (An command injection vulnerability in HNAP1/SetWLanApcliSettings of Mo ...) + NOT-FOR-US: Motorola +CVE-2020-21936 (An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Bui ...) + NOT-FOR-US: Motorola +CVE-2020-21935 (A command injection vulnerability in HNAP1/GetNetworkTomographySetting ...) + NOT-FOR-US: Motorola +CVE-2020-21934 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) + NOT-FOR-US: Motorola +CVE-2020-21933 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) + NOT-FOR-US: Motorola +CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 2 ...) + NOT-FOR-US: Motorola +CVE-2020-21931 + RESERVED +CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...) + NOT-FOR-US: Eyoucms +CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...) + NOT-FOR-US: Eyoucms +CVE-2020-21928 + RESERVED +CVE-2020-21927 + RESERVED +CVE-2020-21926 + RESERVED +CVE-2020-21925 + RESERVED +CVE-2020-21924 + RESERVED +CVE-2020-21923 + RESERVED +CVE-2020-21922 + RESERVED +CVE-2020-21921 + RESERVED +CVE-2020-21920 + RESERVED +CVE-2020-21919 + RESERVED +CVE-2020-21918 + RESERVED +CVE-2020-21917 + RESERVED +CVE-2020-21916 + RESERVED +CVE-2020-21915 + RESERVED +CVE-2020-21914 + RESERVED +CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...) + {DSA-5014-1 DLA-2784-1} + - icu 67.1-2 + NOTE: https://github.com/unicode-org/icu/pull/886 + NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 + NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9 +CVE-2020-21912 + RESERVED +CVE-2020-21911 + RESERVED +CVE-2020-21910 + RESERVED +CVE-2020-21909 + RESERVED +CVE-2020-21908 + RESERVED +CVE-2020-21907 + RESERVED +CVE-2020-21906 + RESERVED +CVE-2020-21905 + RESERVED +CVE-2020-21904 + RESERVED +CVE-2020-21903 + RESERVED +CVE-2020-21902 + RESERVED +CVE-2020-21901 + RESERVED +CVE-2020-21900 + RESERVED +CVE-2020-21899 + RESERVED +CVE-2020-21898 + RESERVED +CVE-2020-21897 + RESERVED +CVE-2020-21896 (A Use After Free vulnerability in svg_dev_text_span_as_paths_defs func ...) + - mupdf 1.19.0+ds1-1 + [bullseye] - mupdf (Minor issue) + [buster] - mupdf (Minor issue) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701294 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=8719e07834d6a72b6b4131539e49ed1e8e2ff79e +CVE-2020-21895 + RESERVED +CVE-2020-21894 + RESERVED +CVE-2020-21893 + RESERVED +CVE-2020-21892 + RESERVED +CVE-2020-21891 + RESERVED +CVE-2020-21890 (Buffer Overflow vulnerability in clj_media_size function in devices/gd ...) + {DLA-3582-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701846 + NOTE: Prerequisite for fixing commit: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=dbdb5f8527007b482d4e6037b558dbf3e6a06d3a (ghostpdl-9.51rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=494eeedf73d13fac5710e56f3a8fb2e7e2379d73 (ghostpdl-9.51rc1) +CVE-2020-21889 + RESERVED +CVE-2020-21888 + RESERVED +CVE-2020-21887 + RESERVED +CVE-2020-21886 + RESERVED +CVE-2020-21885 + RESERVED +CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Seri ...) + NOT-FOR-US: UniBox +CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Ser ...) + NOT-FOR-US: UniBox +CVE-2020-21882 + RESERVED +CVE-2020-21881 (Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS ...) + NOT-FOR-US: DuxCMS +CVE-2020-21880 + RESERVED +CVE-2020-21879 + RESERVED +CVE-2020-21878 + RESERVED +CVE-2020-21877 + RESERVED +CVE-2020-21876 + RESERVED +CVE-2020-21875 + RESERVED +CVE-2020-21874 + RESERVED +CVE-2020-21873 + RESERVED +CVE-2020-21872 + RESERVED +CVE-2020-21871 + RESERVED +CVE-2020-21870 + RESERVED +CVE-2020-21869 + RESERVED +CVE-2020-21868 + RESERVED +CVE-2020-21867 + RESERVED +CVE-2020-21866 + RESERVED +CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...) + NOT-FOR-US: ThinkPHP50-CMS +CVE-2020-21864 + RESERVED +CVE-2020-21863 + RESERVED +CVE-2020-21862 (Directory traversal vulnerability in DuxCMS 2.1 allows attackers to de ...) + NOT-FOR-US: DuxCMS +CVE-2020-21861 (File upload vulnerability in DuxCMS 2.1 allows attackers to execute ar ...) + NOT-FOR-US: DuxCMS +CVE-2020-21860 + RESERVED +CVE-2020-21859 + RESERVED +CVE-2020-21858 + RESERVED +CVE-2020-21857 + RESERVED +CVE-2020-21856 + RESERVED +CVE-2020-21855 + RESERVED +CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...) + NOT-FOR-US: WDScanner +CVE-2020-21853 + RESERVED +CVE-2020-21852 + RESERVED +CVE-2020-21851 + RESERVED +CVE-2020-21850 + RESERVED +CVE-2020-21849 + RESERVED +CVE-2020-21848 + RESERVED +CVE-2020-21847 + RESERVED +CVE-2020-21846 + RESERVED +CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...) + NOT-FOR-US: Codoforum +CVE-2020-21844 (GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: ...) + - libredwg (bug #595191) +CVE-2020-21843 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21842 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21841 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21840 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21839 (An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead ...) + - libredwg (bug #595191) +CVE-2020-21838 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21837 + RESERVED +CVE-2020-21836 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21835 (A null pointer deference issue exists in GNU LibreDWG 0.10 via read_20 ...) + - libredwg (bug #595191) +CVE-2020-21834 (A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ...) + - libredwg (bug #595191) +CVE-2020-21833 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21832 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21831 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21830 (A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.1 ...) + - libredwg (bug #595191) +CVE-2020-21829 + RESERVED +CVE-2020-21828 + RESERVED +CVE-2020-21827 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21826 + RESERVED +CVE-2020-21825 + RESERVED +CVE-2020-21824 + RESERVED +CVE-2020-21823 + RESERVED +CVE-2020-21822 + RESERVED +CVE-2020-21821 + RESERVED +CVE-2020-21820 + RESERVED +CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) + - libredwg (bug #595191) +CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...) + - libredwg (bug #595191) +CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + - libredwg (bug #595191) +CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...) + - libredwg (bug #595191) +CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + - libredwg (bug #595191) +CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) + - libredwg (bug #595191) +CVE-2020-21812 + RESERVED +CVE-2020-21811 + RESERVED +CVE-2020-21810 + RESERVED +CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...) + NOT-FOR-US: NukeViet CMS module Shops +CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...) + NOT-FOR-US: NukeViet CMS +CVE-2020-21807 + RESERVED +CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...) + NOT-FOR-US: ECTouch +CVE-2020-21805 + RESERVED +CVE-2020-21804 + RESERVED +CVE-2020-21803 + RESERVED +CVE-2020-21802 + RESERVED +CVE-2020-21801 + RESERVED +CVE-2020-21800 + RESERVED +CVE-2020-21799 + RESERVED +CVE-2020-21798 + RESERVED +CVE-2020-21797 + RESERVED +CVE-2020-21796 + RESERVED +CVE-2020-21795 + RESERVED +CVE-2020-21794 + RESERVED +CVE-2020-21793 + RESERVED +CVE-2020-21792 + RESERVED +CVE-2020-21791 + RESERVED +CVE-2020-21790 + RESERVED +CVE-2020-21789 + RESERVED +CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...) + NOT-FOR-US: CRMEB +CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...) + NOT-FOR-US: CRMEB +CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...) + NOT-FOR-US: IBOS +CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...) + NOT-FOR-US: IBOS +CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...) + NOT-FOR-US: phpwcms +CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...) + NOT-FOR-US: IBOS +CVE-2020-21782 + RESERVED +CVE-2020-21781 + RESERVED +CVE-2020-21780 + RESERVED +CVE-2020-21779 + RESERVED +CVE-2020-21778 + RESERVED +CVE-2020-21777 + RESERVED +CVE-2020-21776 + RESERVED +CVE-2020-21775 + RESERVED +CVE-2020-21774 + RESERVED +CVE-2020-21773 + RESERVED +CVE-2020-21772 + RESERVED +CVE-2020-21771 + RESERVED +CVE-2020-21770 + RESERVED +CVE-2020-21769 + RESERVED +CVE-2020-21768 + RESERVED +CVE-2020-21767 + RESERVED +CVE-2020-21766 + RESERVED +CVE-2020-21765 + RESERVED +CVE-2020-21764 + RESERVED +CVE-2020-21763 + RESERVED +CVE-2020-21762 + RESERVED +CVE-2020-21761 + RESERVED +CVE-2020-21760 + RESERVED +CVE-2020-21759 + RESERVED +CVE-2020-21758 + RESERVED +CVE-2020-21757 + RESERVED +CVE-2020-21756 + RESERVED +CVE-2020-21755 + RESERVED +CVE-2020-21754 + RESERVED +CVE-2020-21753 + RESERVED +CVE-2020-21752 + RESERVED +CVE-2020-21751 + RESERVED +CVE-2020-21750 + RESERVED +CVE-2020-21749 + RESERVED +CVE-2020-21748 + RESERVED +CVE-2020-21747 + RESERVED +CVE-2020-21746 + RESERVED +CVE-2020-21745 + RESERVED +CVE-2020-21744 + RESERVED +CVE-2020-21743 + RESERVED +CVE-2020-21742 + RESERVED +CVE-2020-21741 + RESERVED +CVE-2020-21740 + RESERVED +CVE-2020-21739 + RESERVED +CVE-2020-21738 + RESERVED +CVE-2020-21737 + RESERVED +CVE-2020-21736 + RESERVED +CVE-2020-21735 + RESERVED +CVE-2020-21734 + RESERVED +CVE-2020-21733 (Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...) + NOT-FOR-US: Sagemcom F@ST3686 +CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...) + NOT-FOR-US: Rukovoditel Project Management app +CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...) + NOT-FOR-US: Gazie +CVE-2020-21730 + RESERVED +CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...) + NOT-FOR-US: JEECMS +CVE-2020-21728 + RESERVED +CVE-2020-21727 + RESERVED +CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) + NOT-FOR-US: OpenSNS +CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) + NOT-FOR-US: OpenSNS +CVE-2020-21724 (Buffer Overflow vulnerability in ExtractorInformation function in stre ...) + - oggvideotools (bug #1050836) + [bookworm] - oggvideotools (Minor issue) + [bullseye] - oggvideotools (Minor issue) + [buster] - oggvideotools (Minor issue) + NOTE: https://sourceforge.net/p/oggvideotools/bugs/9/ +CVE-2020-21723 (A Segmentation Fault issue discovered StreamSerializer::extractStreams ...) + - oggvideotools (bug #1050836) + [bookworm] - oggvideotools (Minor issue) + [bullseye] - oggvideotools (Minor issue) + [buster] - oggvideotools (Minor issue) + NOTE: https://sourceforge.net/p/oggvideotools/bugs/10/ +CVE-2020-21722 (Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote att ...) + - oggvideotools (bug #1050836) + [bookworm] - oggvideotools (Minor issue) + [bullseye] - oggvideotools (Minor issue) + [buster] - oggvideotools (Minor issue) + NOTE: https://sourceforge.net/p/oggvideotools/bugs/11/ +CVE-2020-21721 + RESERVED +CVE-2020-21720 + RESERVED +CVE-2020-21719 + RESERVED +CVE-2020-21718 + RESERVED +CVE-2020-21717 + RESERVED +CVE-2020-21716 + RESERVED +CVE-2020-21715 + RESERVED +CVE-2020-21714 + RESERVED +CVE-2020-21713 + RESERVED +CVE-2020-21712 + RESERVED +CVE-2020-21711 + RESERVED +CVE-2020-21710 (A divide by zero issue discovered in eps_print_page in gdevepsn.c in A ...) + {DLA-3582-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701843 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f70ab2044429fe4b991801476ea3f4b4a5c0cdf4 (ghostpdl-9.51rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4e713293de84b689c4ab358f3e110ea54aa81925 (ghostpdl-9.51rc1) +CVE-2020-21709 + RESERVED +CVE-2020-21708 + RESERVED +CVE-2020-21707 + RESERVED +CVE-2020-21706 + RESERVED +CVE-2020-21705 + RESERVED +CVE-2020-21704 + RESERVED +CVE-2020-21703 + RESERVED +CVE-2020-21702 + RESERVED +CVE-2020-21701 + RESERVED +CVE-2020-21700 + RESERVED +CVE-2020-21699 (The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 ...) + NOT-FOR-US: Tengine +CVE-2020-21698 + RESERVED +CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) + {DSA-5126-1 DSA-4998-1} + - ffmpeg 7:4.4-5 + [stretch] - ffmpeg (Minor issue; can be fixed in next update) + NOTE: https://trac.ffmpeg.org/ticket/8188 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 (4.4) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=010281ed230454042abf8b88696678c669a0f279 (4.1.9) +CVE-2020-21696 + RESERVED +CVE-2020-21695 + RESERVED +CVE-2020-21694 + RESERVED +CVE-2020-21693 + RESERVED +CVE-2020-21692 + RESERVED +CVE-2020-21691 + RESERVED +CVE-2020-21690 + REJECTED +CVE-2020-21689 + RESERVED +CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) + {DSA-5126-1 DSA-4998-1 DLA-3010-1} + - ffmpeg 7:4.4-5 + NOTE: https://trac.ffmpeg.org/ticket/8186 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 (4.4) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f7c9b1ed56b98eede5756d6865a10305982b4570 (4.1.9) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f1a77222da98dbe4b8eeda54d68deefe6adcd299 (3.2.17) +CVE-2020-21687 (Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2. ...) + - nasm 2.15.04-1 (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392645 + NOTE: Crash in CLI tool, no security impact +CVE-2020-21686 (A stack-use-after-scope issue discovered in expand_mmac_params functio ...) + - nasm 2.15.04-1 + [buster] - nasm (Minor issue) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392643 +CVE-2020-21685 (Buffer Overflow vulnerability in hash_findi function in hashtbl.c in n ...) + - nasm 2.15.04-1 (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392644 + NOTE: Crash in CLI tool, no security impact +CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/75/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/77/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/72/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/73/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/74/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21679 (Buffer Overflow vulnerability in WritePCXImage function in pcx.c in Gr ...) + - graphicsmagick 1.4+really1.3.34+hg16181-1 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/619/ + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bd13b1d335f3 +CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...) + - fig2dev 1:3.2.8-1 (unimportant) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/71/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/123 + NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d +CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...) + {DLA-3304-1 DLA-2778-1} + - fig2dev 1:3.2.8-1 + [stretch] - fig2dev (Vulnerable code introduced later) + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/76/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8) + NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7) +CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u3 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/78/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) +CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...) + - libarchive (Vulnerable code not present in a released version) + NOTE: https://github.com/libarchive/libarchive/issues/1298 + NOTE: Introduced (around): https://github.com/libarchive/libarchive/commit/3566a5d6ba2458e68c7e42b23f00a57901c6eafb + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 (v3.4.1) +CVE-2020-21673 + RESERVED +CVE-2020-21672 + RESERVED +CVE-2020-21671 + RESERVED +CVE-2020-21670 + RESERVED +CVE-2020-21669 + RESERVED +CVE-2020-21668 + RESERVED +CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...) + NOT-FOR-US: fastadmin-tp6 +CVE-2020-21666 + RESERVED +CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...) + NOT-FOR-US: fastadmin +CVE-2020-21664 + RESERVED +CVE-2020-21663 + RESERVED +CVE-2020-21662 (SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers ...) + NOT-FOR-US: yunyecms +CVE-2020-21661 + RESERVED +CVE-2020-21660 + RESERVED +CVE-2020-21659 + RESERVED +CVE-2020-21658 (A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attacker ...) + NOT-FOR-US: WDJA CMS +CVE-2020-21657 + RESERVED +CVE-2020-21656 (XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability ...) + NOT-FOR-US: XYHCMS +CVE-2020-21655 + RESERVED +CVE-2020-21654 (emlog v6.0 contains a vulnerability in the component admin\template.ph ...) + NOT-FOR-US: emlog +CVE-2020-21653 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) + NOT-FOR-US: Myucms +CVE-2020-21652 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) + NOT-FOR-US: Myucms +CVE-2020-21651 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) + NOT-FOR-US: Myucms +CVE-2020-21650 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) + NOT-FOR-US: Myucms +CVE-2020-21649 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) + NOT-FOR-US: Myucms +CVE-2020-21648 (WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in t ...) + NOT-FOR-US: WDJA CMS +CVE-2020-21647 + RESERVED +CVE-2020-21646 + RESERVED +CVE-2020-21645 + RESERVED +CVE-2020-21644 + RESERVED +CVE-2020-21643 (Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attacke ...) + NOT-FOR-US: HongCMS +CVE-2020-21642 (Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropuse ...) + NOT-FOR-US: ManageEngine Analytics Plus +CVE-2020-21641 (Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho Manage ...) + NOT-FOR-US: ManageEngine Analytics Plus +CVE-2020-21640 + RESERVED +CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) + NOT-FOR-US: Ruijie +CVE-2020-21638 + RESERVED +CVE-2020-21637 + RESERVED +CVE-2020-21636 + RESERVED +CVE-2020-21635 + RESERVED +CVE-2020-21634 + RESERVED +CVE-2020-21633 + RESERVED +CVE-2020-21632 + RESERVED +CVE-2020-21631 + RESERVED +CVE-2020-21630 + RESERVED +CVE-2020-21629 + RESERVED +CVE-2020-21628 + RESERVED +CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...) + NOT-FOR-US: Ruijie +CVE-2020-21626 + RESERVED +CVE-2020-21625 + RESERVED +CVE-2020-21624 + RESERVED +CVE-2020-21623 + RESERVED +CVE-2020-21622 + RESERVED +CVE-2020-21621 + RESERVED +CVE-2020-21620 + RESERVED +CVE-2020-21619 + RESERVED +CVE-2020-21618 + RESERVED +CVE-2020-21617 + RESERVED +CVE-2020-21616 + RESERVED +CVE-2020-21615 + RESERVED +CVE-2020-21614 + RESERVED +CVE-2020-21613 + RESERVED +CVE-2020-21612 + RESERVED +CVE-2020-21611 + RESERVED +CVE-2020-21610 + RESERVED +CVE-2020-21609 + RESERVED +CVE-2020-21608 + RESERVED +CVE-2020-21607 + RESERVED +CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/232 +CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/234 +CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/231 +CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/240 +CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1004963) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/242 +CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/241 +CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1004963) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/243 +CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/235 + NOTE: https://github.com/strukturag/libde265/commit/a3f1c6a0dea2b0d4a531255ad06ed40cdb184d25 (v1.0.9) +CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...) + {DSA-5346-1 DLA-3280-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1004963) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/237 +CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...) + {DSA-5346-1 DLA-3280-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/238 +CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) + {DSA-5346-1 DLA-3280-1} + - libde265 1.0.11-1 (bug #1029397) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/236 + NOTE: https://github.com/strukturag/libde265/commit/6751f4e3c8c7af63d0036fedd506b7932630773c (v1.0.10) +CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) + {DSA-5346-1 DLA-3240-1} + - libde265 1.0.9-1 (bug #1014999) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/239 +CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...) + {DSA-5346-1} + - libde265 1.0.3-1 (bug #1029396) + [stretch] - libde265 (Minor issue, revisit when fixed upstream) + NOTE: https://github.com/strukturag/libde265/issues/233 +CVE-2020-21593 + RESERVED +CVE-2020-21592 + RESERVED +CVE-2020-21591 + RESERVED +CVE-2020-21590 (Directory traversal in coreframe/app/template/admin/index.php in WUZHI ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-21589 + RESERVED +CVE-2020-21588 (Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a ...) + NOT-FOR-US: Core FTP +CVE-2020-21587 + RESERVED +CVE-2020-21586 + RESERVED +CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells via zip ...) + NOT-FOR-US: emlog +CVE-2020-21584 + RESERVED +CVE-2020-21583 (An issue was discovered in hwclock.13-v2.27 allows attackers to gain e ...) + - util-linux 2.27-1 (bug #786804) +CVE-2020-21582 + RESERVED +CVE-2020-21581 + RESERVED +CVE-2020-21580 + RESERVED +CVE-2020-21579 + RESERVED +CVE-2020-21578 + RESERVED +CVE-2020-21577 + RESERVED +CVE-2020-21576 + RESERVED +CVE-2020-21575 + RESERVED +CVE-2020-21574 (Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows at ...) + NOT-FOR-US: YotsuyaNight c-http +CVE-2020-21573 (An issue was discoverered in in abhijitnathwani image-processing v0.1. ...) + NOT-FOR-US: abhijitnathwani image-processing +CVE-2020-21572 (Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 ...) + NOT-FOR-US: trgil gilcc +CVE-2020-21571 + RESERVED +CVE-2020-21570 + RESERVED +CVE-2020-21569 + RESERVED +CVE-2020-21568 + RESERVED +CVE-2020-21567 + RESERVED +CVE-2020-21566 + RESERVED +CVE-2020-21565 + RESERVED +CVE-2020-21564 (An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is ...) + NOT-FOR-US: Pluck CMS +CVE-2020-21563 + RESERVED +CVE-2020-21562 + RESERVED +CVE-2020-21561 + RESERVED +CVE-2020-21560 + RESERVED +CVE-2020-21559 + RESERVED +CVE-2020-21558 + RESERVED +CVE-2020-21557 + RESERVED +CVE-2020-21556 + RESERVED +CVE-2020-21555 + RESERVED +CVE-2020-21554 (A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_lis ...) + NOT-FOR-US: TinyShop +CVE-2020-21553 + RESERVED +CVE-2020-21552 + RESERVED +CVE-2020-21551 + RESERVED +CVE-2020-21550 + RESERVED +CVE-2020-21549 + RESERVED +CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/116 + NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) +CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/114 + NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) +CVE-2020-21546 + RESERVED +CVE-2020-21545 + RESERVED +CVE-2020-21544 + RESERVED +CVE-2020-21543 + RESERVED +CVE-2020-21542 + RESERVED +CVE-2020-21541 + RESERVED +CVE-2020-21540 + RESERVED +CVE-2020-21539 + RESERVED +CVE-2020-21538 + RESERVED +CVE-2020-21537 + RESERVED +CVE-2020-21536 + RESERVED +CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/62/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) +CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/58/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) +CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/59/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) +CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) + {DLA-3304-1 DLA-2778-1} + - fig2dev 1:3.2.8-1 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/64/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) +CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) + {DLA-3304-1 DLA-2778-1} + - fig2dev 1:3.2.8-1 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/63/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) +CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) + {DLA-2778-1} + - fig2dev 1:3.2.7b-3 + [buster] - fig2dev 1:3.2.7a-5+deb10u2 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/61/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) +CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) + {DLA-3304-1 DLA-2778-1} + - fig2dev 1:3.2.8-1 + - transfig + NOTE: https://sourceforge.net/p/mcj/tickets/65/ + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) + NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8) +CVE-2020-21528 (A Segmentation Fault issue discovered in in ieee_segment function in o ...) + - nasm 2.16.01-1 (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392637 + NOTE: Introduced by: https://github.com/netwide-assembler/nasm/commit/98578071b9d71ecaa2344dd9c185237c1765041e (nasm-2.14rc1) + NOTE: Fixed by: https://github.com/netwide-assembler/nasm/commit/93c774d482694643cafbc82578ac8b729fb5bc8b (nasm-2.16rc1) + NOTE: Crash in CLI tool, no security impact +CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...) + NOT-FOR-US: Halo +CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...) + NOT-FOR-US: Halo +CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...) + NOT-FOR-US: Halo +CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...) + NOT-FOR-US: Halo +CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...) + NOT-FOR-US: Halo +CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...) + NOT-FOR-US: Halo +CVE-2020-21521 + RESERVED +CVE-2020-21520 + RESERVED +CVE-2020-21519 + RESERVED +CVE-2020-21518 + RESERVED +CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...) + NOT-FOR-US: MetInfo +CVE-2020-21516 (There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at t ...) + NOT-FOR-US: FeehiCMS +CVE-2020-21515 + RESERVED +CVE-2020-21514 (An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2. ...) + NOT-FOR-US: Fluentd +CVE-2020-21513 + RESERVED +CVE-2020-21512 + RESERVED +CVE-2020-21511 + RESERVED +CVE-2020-21510 + RESERVED +CVE-2020-21509 + RESERVED +CVE-2020-21508 + RESERVED +CVE-2020-21507 + RESERVED +CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) + NOT-FOR-US: waimai Super Cms +CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) + NOT-FOR-US: waimai Super Cms +CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) + NOT-FOR-US: waimai Super Cms +CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...) + NOT-FOR-US: waimai Super Cms +CVE-2020-21502 + RESERVED +CVE-2020-21501 + RESERVED +CVE-2020-21500 + RESERVED +CVE-2020-21499 + RESERVED +CVE-2020-21498 + RESERVED +CVE-2020-21497 + RESERVED +CVE-2020-21496 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) + NOT-FOR-US: Xiuno BBS +CVE-2020-21495 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) + NOT-FOR-US: Xiuno BBS +CVE-2020-21494 (A cross-site scripting (XSS) vulnerability in the component install\in ...) + NOT-FOR-US: Xiuno BBS +CVE-2020-21493 (An issue in the component route\user.php of Xiuno BBS v4.0.4 allows at ...) + NOT-FOR-US: Xiuno BBS +CVE-2020-21492 + RESERVED +CVE-2020-21491 + RESERVED +CVE-2020-21490 (An issue was discovered in GNU Binutils 2.34. It is a memory leak when ...) + - binutils 2.33.50.20200107-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25249 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=378fd436405b3051df34ac995b2e03fe1f3d1907 (binutils-2_34) + NOTE: binutils not covered by security support +CVE-2020-21489 (File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker ...) + NOT-FOR-US: Feehicms +CVE-2020-21488 + RESERVED +CVE-2020-21487 (Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ...) + NOT-FOR-US: pfSense +CVE-2020-21486 (SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker t ...) + NOT-FOR-US: PHPOK +CVE-2020-21485 (Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote ...) + NOT-FOR-US: Alluxio +CVE-2020-21484 + RESERVED +CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...) + NOT-FOR-US: Jizhicms +CVE-2020-21482 (A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attac ...) + NOT-FOR-US: RGCMS +CVE-2020-21481 (An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers ...) + NOT-FOR-US: RGCMS +CVE-2020-21480 (An arbitrary file write vulnerability in RGCMS v1.06 allows attackers ...) + NOT-FOR-US: RGCMS +CVE-2020-21479 + RESERVED +CVE-2020-21478 + RESERVED +CVE-2020-21477 + RESERVED +CVE-2020-21476 + RESERVED +CVE-2020-21475 + RESERVED +CVE-2020-21474 (File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacke ...) + NOT-FOR-US: NucleusCMS +CVE-2020-21473 + RESERVED +CVE-2020-21472 + RESERVED +CVE-2020-21471 + RESERVED +CVE-2020-21470 + RESERVED +CVE-2020-21469 (An issue was discovered in PostgreSQL 12.2 allows attackers to cause a ...) + - postgresql-13 (Fixed before initial upload to Debian) + - postgresql-11 + [buster] - postgresql-11 11.10-0+deb10u1 + NOTE: https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com + NOTE: Fixed by: https://github.com/postgres/postgres/commit/9abb2bfc046070b22e3be28173a0736da31cab5a (REL_13_BETA1) + NOTE: Fixed by: https://github.com/postgres/postgres/commit/8b53dbada4a6a9e5f16548ca2c4d17cff55933d8 (REL_12_5) + NOTE: Fixed by: https://github.com/postgres/postgres/commit/85834023a95e16d1d3fe73b0608e1608573753c3 (REL_11_10) +CVE-2020-21468 (A segmentation fault in the redis-server component of Redis 5.0.7 lead ...) + - redis (unimportant) + NOTE: https://github.com/redis/redis/issues/6633 + NOTE: Negligible security impact; disputed issue upstream and unreproducible. +CVE-2020-21467 + RESERVED +CVE-2020-21466 + RESERVED +CVE-2020-21465 + RESERVED +CVE-2020-21464 + RESERVED +CVE-2020-21463 + RESERVED +CVE-2020-21462 + RESERVED +CVE-2020-21461 + RESERVED +CVE-2020-21460 + RESERVED +CVE-2020-21459 + RESERVED +CVE-2020-21458 + RESERVED +CVE-2020-21457 + RESERVED +CVE-2020-21456 + RESERVED +CVE-2020-21455 + RESERVED +CVE-2020-21454 + RESERVED +CVE-2020-21453 + RESERVED +CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...) + NOT-FOR-US: uniview ISC2500-S +CVE-2020-21451 + RESERVED +CVE-2020-21450 + RESERVED +CVE-2020-21449 + RESERVED +CVE-2020-21448 + RESERVED +CVE-2020-21447 + RESERVED +CVE-2020-21446 + RESERVED +CVE-2020-21445 + RESERVED +CVE-2020-21444 + RESERVED +CVE-2020-21443 + RESERVED +CVE-2020-21442 + RESERVED +CVE-2020-21441 + RESERVED +CVE-2020-21440 + RESERVED +CVE-2020-21439 + RESERVED +CVE-2020-21438 + RESERVED +CVE-2020-21437 + RESERVED +CVE-2020-21436 + RESERVED +CVE-2020-21435 + RESERVED +CVE-2020-21434 (Maccms 10 contains a cross-site scripting (XSS) vulnerability in the E ...) + NOT-FOR-US: Maccms +CVE-2020-21433 + RESERVED +CVE-2020-21432 + RESERVED +CVE-2020-21431 (HongCMS v3.0 contains an arbitrary file read and write vulnerability i ...) + NOT-FOR-US: HongCMS +CVE-2020-21430 + RESERVED +CVE-2020-21429 + RESERVED +CVE-2020-21428 (Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in ...) + {DSA-5579-1 DLA-3662-1} + - freeimage 3.18.0+ds2-10 (bug #1051738) + NOTE: https://sourceforge.net/p/freeimage/bugs/299/ + NOTE: Fixed with r1877 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/ +CVE-2020-21427 (Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginB ...) + {DSA-5579-1 DLA-3662-1} + - freeimage 3.18.0+ds2-10 (bug #1051737) + NOTE: https://sourceforge.net/p/freeimage/bugs/298/ + NOTE: Probably fixed with r1832 and r1836 from http://svn.code.sf.net/p/freeimage/svn/FreeImage/ +CVE-2020-21426 (Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...) + - freeimage (bug #1051736) + [buster] - freeimage (Revisit from patches are available) + NOTE: https://sourceforge.net/p/freeimage/bugs/300/ + NOTE: it looks like the issue is in openexr. No relevant patches in freeimage are detected +CVE-2020-21425 + RESERVED +CVE-2020-21424 + RESERVED +CVE-2020-21423 + RESERVED +CVE-2020-21422 + RESERVED +CVE-2020-21421 + RESERVED +CVE-2020-21420 + RESERVED +CVE-2020-21419 + RESERVED +CVE-2020-21418 + RESERVED +CVE-2020-21417 + RESERVED +CVE-2020-21416 + RESERVED +CVE-2020-21415 + RESERVED +CVE-2020-21414 + RESERVED +CVE-2020-21413 + RESERVED +CVE-2020-21412 + RESERVED +CVE-2020-21411 + RESERVED +CVE-2020-21410 + RESERVED +CVE-2020-21409 + RESERVED +CVE-2020-21408 + RESERVED +CVE-2020-21407 + RESERVED +CVE-2020-21406 (An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box tha ...) + NOT-FOR-US: RK Smart TV Box MAX +CVE-2020-21405 (An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attack ...) + NOT-FOR-US: H96 Smart TV Box H96 +CVE-2020-21404 + RESERVED +CVE-2020-21403 + RESERVED +CVE-2020-21402 + RESERVED +CVE-2020-21401 + RESERVED +CVE-2020-21400 (SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a rem ...) + NOT-FOR-US: PHPMyWind +CVE-2020-21399 + RESERVED +CVE-2020-21398 + RESERVED +CVE-2020-21397 + RESERVED +CVE-2020-21396 + RESERVED +CVE-2020-21395 + RESERVED +CVE-2020-21394 (SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB ma ...) + NOT-FOR-US: CRMEB mall system +CVE-2020-21393 + RESERVED +CVE-2020-21392 + RESERVED +CVE-2020-21391 + RESERVED +CVE-2020-21390 + RESERVED +CVE-2020-21389 + RESERVED +CVE-2020-21388 + RESERVED +CVE-2020-21387 (A cross-site scripting (XSS) vulnerability in the parameter type_en of ...) + NOT-FOR-US: Maccms +CVE-2020-21386 (A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/t ...) + NOT-FOR-US: Maccms +CVE-2020-21385 + RESERVED +CVE-2020-21384 + RESERVED +CVE-2020-21383 + RESERVED +CVE-2020-21382 + RESERVED +CVE-2020-21381 + RESERVED +CVE-2020-21380 + RESERVED +CVE-2020-21379 + RESERVED +CVE-2020-21378 (SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id par ...) + NOT-FOR-US: SeaCMS +CVE-2020-21377 (SQL injection vulnerability in yunyecms V2.0.1 via the selcart paramet ...) + NOT-FOR-US: yunyecms +CVE-2020-21376 + RESERVED +CVE-2020-21375 + RESERVED +CVE-2020-21374 + RESERVED +CVE-2020-21373 + RESERVED +CVE-2020-21372 + RESERVED +CVE-2020-21371 + RESERVED +CVE-2020-21370 + RESERVED +CVE-2020-21369 + RESERVED +CVE-2020-21368 + RESERVED +CVE-2020-21367 + RESERVED +CVE-2020-21366 (Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an a ...) + NOT-FOR-US: GreenCMS +CVE-2020-21365 (Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows ...) + {DLA-3158-1} + - wkhtmltopdf 0.12.6-1 + NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/commit/2a5f25077895fb075812c0f599326f079a59d6cf (0.12.6) + NOTE: https://github.com/wkhtmltopdf/wkhtmltopdf/issues/4536 +CVE-2020-21364 + RESERVED +CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10.) + NOT-FOR-US: Maccms10 +CVE-2020-21362 (A cross site scripting (XSS) vulnerability in the background search fu ...) + NOT-FOR-US: Maccms10 +CVE-2020-21361 + RESERVED +CVE-2020-21360 + RESERVED +CVE-2020-21359 (An arbitrary file upload vulnerability in the Template Upload function ...) + NOT-FOR-US: Maccms10 +CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...) + NOT-FOR-US: Wage-CMS +CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...) + NOT-FOR-US: PopojiCMS +CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...) + NOT-FOR-US: PopojiCMS +CVE-2020-21355 + RESERVED +CVE-2020-21354 + RESERVED +CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...) + NOT-FOR-US: GetSimple CMS +CVE-2020-21352 + RESERVED +CVE-2020-21351 + RESERVED +CVE-2020-21350 + RESERVED +CVE-2020-21349 + RESERVED +CVE-2020-21348 + RESERVED +CVE-2020-21347 + RESERVED +CVE-2020-21346 + RESERVED +CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...) + NOT-FOR-US: halo +CVE-2020-21344 + RESERVED +CVE-2020-21343 + RESERVED +CVE-2020-21342 (Insecure permissions issue in zzcms 201910 via the reset any user pass ...) + NOT-FOR-US: zzcms +CVE-2020-21341 + RESERVED +CVE-2020-21340 + RESERVED +CVE-2020-21339 + RESERVED +CVE-2020-21338 + RESERVED +CVE-2020-21337 + RESERVED +CVE-2020-21336 + RESERVED +CVE-2020-21335 + RESERVED +CVE-2020-21334 + RESERVED +CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...) + NOT-FOR-US: PublicCMS +CVE-2020-21332 + RESERVED +CVE-2020-21331 + RESERVED +CVE-2020-21330 + RESERVED +CVE-2020-21329 + RESERVED +CVE-2020-21328 + RESERVED +CVE-2020-21327 + RESERVED +CVE-2020-21326 + RESERVED +CVE-2020-21325 (An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbi ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-21324 + RESERVED +CVE-2020-21323 + RESERVED +CVE-2020-21322 (An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below a ...) + NOT-FOR-US: Feehi CMS +CVE-2020-21321 (emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/lin ...) + NOT-FOR-US: emlog CMS +CVE-2020-21320 + RESERVED +CVE-2020-21319 + RESERVED +CVE-2020-21318 + RESERVED +CVE-2020-21317 + RESERVED +CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the comment secti ...) + NOT-FOR-US: zrlog +CVE-2020-21315 + RESERVED +CVE-2020-21314 + RESERVED +CVE-2020-21313 + RESERVED +CVE-2020-21312 + RESERVED +CVE-2020-21311 + RESERVED +CVE-2020-21310 + RESERVED +CVE-2020-21309 + RESERVED +CVE-2020-21308 + RESERVED +CVE-2020-21307 + RESERVED +CVE-2020-21306 + RESERVED +CVE-2020-21305 + RESERVED +CVE-2020-21304 + RESERVED +CVE-2020-21303 + RESERVED +CVE-2020-21302 + RESERVED +CVE-2020-21301 + RESERVED +CVE-2020-21300 + RESERVED +CVE-2020-21299 + RESERVED +CVE-2020-21298 + RESERVED +CVE-2020-21297 + RESERVED +CVE-2020-21296 + RESERVED +CVE-2020-21295 + RESERVED +CVE-2020-21294 + RESERVED +CVE-2020-21293 + RESERVED +CVE-2020-21292 + RESERVED +CVE-2020-21291 + RESERVED +CVE-2020-21290 + RESERVED +CVE-2020-21289 + RESERVED +CVE-2020-21288 + RESERVED +CVE-2020-21287 + RESERVED +CVE-2020-21286 + RESERVED +CVE-2020-21285 + RESERVED +CVE-2020-21284 + RESERVED +CVE-2020-21283 + RESERVED +CVE-2020-21282 + RESERVED +CVE-2020-21281 + RESERVED +CVE-2020-21280 + RESERVED +CVE-2020-21279 + RESERVED +CVE-2020-21278 + RESERVED +CVE-2020-21277 + RESERVED +CVE-2020-21276 + RESERVED +CVE-2020-21275 + RESERVED +CVE-2020-21274 + RESERVED +CVE-2020-21273 + RESERVED +CVE-2020-21272 + RESERVED +CVE-2020-21271 + RESERVED +CVE-2020-21270 + RESERVED +CVE-2020-21269 + RESERVED +CVE-2020-21268 (Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows ...) + NOT-FOR-US: EasySoft ZenTao +CVE-2020-21267 + RESERVED +CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...) + NOT-FOR-US: Broadleaf Commerce +CVE-2020-21265 + RESERVED +CVE-2020-21264 + RESERVED +CVE-2020-21263 + RESERVED +CVE-2020-21262 + RESERVED +CVE-2020-21261 + RESERVED +CVE-2020-21260 + RESERVED +CVE-2020-21259 + RESERVED +CVE-2020-21258 + RESERVED +CVE-2020-21257 + RESERVED +CVE-2020-21256 + RESERVED +CVE-2020-21255 + RESERVED +CVE-2020-21254 + RESERVED +CVE-2020-21253 + RESERVED +CVE-2020-21252 (Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows ...) + NOT-FOR-US: Neeke HongCMS +CVE-2020-21251 + RESERVED +CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...) + NOT-FOR-US: CSZ CMS +CVE-2020-21249 + RESERVED +CVE-2020-21248 + RESERVED +CVE-2020-21247 + RESERVED +CVE-2020-21246 (Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote att ...) + NOT-FOR-US: YiiCMS +CVE-2020-21245 + RESERVED +CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...) + - frontaccounting +CVE-2020-21243 + RESERVED +CVE-2020-21242 + RESERVED +CVE-2020-21241 + RESERVED +CVE-2020-21240 + RESERVED +CVE-2020-21239 + RESERVED +CVE-2020-21238 (An issue in the user login box of CSCMS v4.0 allows attackers to hijac ...) + NOT-FOR-US: CSCMS +CVE-2020-21237 (An issue in the user login box of LJCMS v1.11 allows attackers to hija ...) + NOT-FOR-US: LJCMS +CVE-2020-21236 (A vulnerability in /damicms-master/admin.php?s=/Article/doedit of Dami ...) + NOT-FOR-US: DamiCMS +CVE-2020-21235 + RESERVED +CVE-2020-21234 + RESERVED +CVE-2020-21233 + RESERVED +CVE-2020-21232 + RESERVED +CVE-2020-21231 + RESERVED +CVE-2020-21230 + RESERVED +CVE-2020-21229 + RESERVED +CVE-2020-21228 (JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in ...) + NOT-FOR-US: JIZHICMS +CVE-2020-21227 + RESERVED +CVE-2020-21226 + RESERVED +CVE-2020-21225 + RESERVED +CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...) + NOT-FOR-US: Inspur ClusterEngine +CVE-2020-21223 + RESERVED +CVE-2020-21222 + RESERVED +CVE-2020-21221 + RESERVED +CVE-2020-21220 + RESERVED +CVE-2020-21219 (Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Rel ...) + NOT-FOR-US: pfSense +CVE-2020-21218 + RESERVED +CVE-2020-21217 + RESERVED +CVE-2020-21216 + RESERVED +CVE-2020-21215 + RESERVED +CVE-2020-21214 + RESERVED +CVE-2020-21213 + RESERVED +CVE-2020-21212 + RESERVED +CVE-2020-21211 + RESERVED +CVE-2020-21210 + RESERVED +CVE-2020-21209 + RESERVED +CVE-2020-21208 + RESERVED +CVE-2020-21207 + RESERVED +CVE-2020-21206 + RESERVED +CVE-2020-21205 + RESERVED +CVE-2020-21204 + RESERVED +CVE-2020-21203 + RESERVED +CVE-2020-21202 + RESERVED +CVE-2020-21201 + RESERVED +CVE-2020-21200 + RESERVED +CVE-2020-21199 + RESERVED +CVE-2020-21198 + RESERVED +CVE-2020-21197 + RESERVED +CVE-2020-21196 + RESERVED +CVE-2020-21195 + RESERVED +CVE-2020-21194 + RESERVED +CVE-2020-21193 + RESERVED +CVE-2020-21192 + RESERVED +CVE-2020-21191 + RESERVED +CVE-2020-21190 + RESERVED +CVE-2020-21189 + RESERVED +CVE-2020-21188 + RESERVED +CVE-2020-21187 + RESERVED +CVE-2020-21186 + RESERVED +CVE-2020-21185 + RESERVED +CVE-2020-21184 + RESERVED +CVE-2020-21183 + RESERVED +CVE-2020-21182 + RESERVED +CVE-2020-21181 + RESERVED +CVE-2020-21180 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) + NOT-FOR-US: koa2-blog +CVE-2020-21179 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) + NOT-FOR-US: koa2-blog +CVE-2020-21178 + RESERVED +CVE-2020-21177 + RESERVED +CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...) + NOT-FOR-US: ThinkJS +CVE-2020-21175 + RESERVED +CVE-2020-21174 (File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote atta ...) + NOT-FOR-US: liufee CMS +CVE-2020-21173 + RESERVED +CVE-2020-21172 + RESERVED +CVE-2020-21171 + RESERVED +CVE-2020-21170 + RESERVED +CVE-2020-21169 + RESERVED +CVE-2020-21168 + RESERVED +CVE-2020-21167 + RESERVED +CVE-2020-21166 + RESERVED +CVE-2020-21165 + RESERVED +CVE-2020-21164 + RESERVED +CVE-2020-21163 + RESERVED +CVE-2020-21162 + RESERVED +CVE-2020-21161 (Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirect ...) + NOT-FOR-US: Ruckus +CVE-2020-21160 + RESERVED +CVE-2020-21159 + RESERVED +CVE-2020-21158 + RESERVED +CVE-2020-21157 + RESERVED +CVE-2020-21156 + RESERVED +CVE-2020-21155 + RESERVED +CVE-2020-21154 + RESERVED +CVE-2020-21153 + RESERVED +CVE-2020-21152 (SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execut ...) + NOT-FOR-US: inxedu +CVE-2020-21151 + RESERVED +CVE-2020-21150 + RESERVED +CVE-2020-21149 + RESERVED +CVE-2020-21148 + RESERVED +CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: RockOA +CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...) + NOT-FOR-US: Feehi CMS +CVE-2020-21145 + RESERVED +CVE-2020-21144 + RESERVED +CVE-2020-21143 + RESERVED +CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire ...) + NOT-FOR-US: IPFire +CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (C ...) + NOT-FOR-US: iCMS +CVE-2020-21140 + RESERVED +CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...) + NOT-FOR-US: EC Cloud E-Commerce System +CVE-2020-21138 + RESERVED +CVE-2020-21137 + RESERVED +CVE-2020-21136 + RESERVED +CVE-2020-21135 + RESERVED +CVE-2020-21134 + RESERVED +CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...) + NOT-FOR-US: Metinfo +CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.) + NOT-FOR-US: Metinfo +CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...) + NOT-FOR-US: Metinfo +CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...) + NOT-FOR-US: HisiPHP +CVE-2020-21129 + RESERVED +CVE-2020-21128 + RESERVED +CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...) + NOT-FOR-US: MetInfo +CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...) + NOT-FOR-US: MetInfo +CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...) + NOT-FOR-US: UReport +CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...) + NOT-FOR-US: UReport +CVE-2020-21123 + RESERVED +CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...) + NOT-FOR-US: UReport +CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...) + NOT-FOR-US: Pligg CMS +CVE-2020-21120 (SQL Injection vulnerability in file home\controls\cart.class.php in UQ ...) + NOT-FOR-US: UQCMS +CVE-2020-21119 (SQL Injection vulnerability in Kliqqi-CMS 2.0.2 in admin/admin_update_ ...) + NOT-FOR-US: Kliqqi-CMS +CVE-2020-21118 + RESERVED +CVE-2020-21117 + RESERVED +CVE-2020-21116 + RESERVED +CVE-2020-21115 + RESERVED +CVE-2020-21114 + RESERVED +CVE-2020-21113 + RESERVED +CVE-2020-21112 + RESERVED +CVE-2020-21111 + RESERVED +CVE-2020-21110 + RESERVED +CVE-2020-21109 + RESERVED +CVE-2020-21108 + RESERVED +CVE-2020-21107 + RESERVED +CVE-2020-21106 + RESERVED +CVE-2020-21105 + RESERVED +CVE-2020-21104 + RESERVED +CVE-2020-21103 + RESERVED +CVE-2020-21102 + RESERVED +CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...) + NOT-FOR-US: Screenly +CVE-2020-21100 + RESERVED +CVE-2020-21099 + RESERVED +CVE-2020-21098 + RESERVED +CVE-2020-21097 + RESERVED +CVE-2020-21096 + RESERVED +CVE-2020-21095 + RESERVED +CVE-2020-21094 + RESERVED +CVE-2020-21093 + RESERVED +CVE-2020-21092 + RESERVED +CVE-2020-21091 + RESERVED +CVE-2020-21090 + RESERVED +CVE-2020-21089 + RESERVED +CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...) + NOT-FOR-US: X2engine X2CRM +CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...) + NOT-FOR-US: X2engine X2CRM +CVE-2020-21086 + RESERVED +CVE-2020-21085 + RESERVED +CVE-2020-21084 + RESERVED +CVE-2020-21083 + RESERVED +CVE-2020-21082 (A cross-site scripting (XSS) vulnerability in the background administr ...) + NOT-FOR-US: Maccms +CVE-2020-21081 (A cross-site request forgery (CSRF) in Maccms 8.0 causes administrator ...) + NOT-FOR-US: Maccms +CVE-2020-21080 + RESERVED +CVE-2020-21079 + RESERVED +CVE-2020-21078 + RESERVED +CVE-2020-21077 + RESERVED +CVE-2020-21076 + RESERVED +CVE-2020-21075 + RESERVED +CVE-2020-21074 + RESERVED +CVE-2020-21073 + RESERVED +CVE-2020-21072 + RESERVED +CVE-2020-21071 + RESERVED +CVE-2020-21070 + RESERVED +CVE-2020-21069 + RESERVED +CVE-2020-21068 + RESERVED +CVE-2020-21067 + RESERVED +CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) + NOT-FOR-US: Bento4 +CVE-2020-21065 + RESERVED +CVE-2020-21064 + REJECTED +CVE-2020-21063 + RESERVED +CVE-2020-21062 + RESERVED +CVE-2020-21061 + RESERVED +CVE-2020-21060 (SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote a ...) + NOT-FOR-US: PHPMyWind +CVE-2020-21059 + RESERVED +CVE-2020-21058 (Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote ...) + NOT-FOR-US: Typora +CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...) + NOT-FOR-US: FusionPBX +CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...) + NOT-FOR-US: FusionPBX +CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...) + NOT-FOR-US: FusionPBX +CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...) + NOT-FOR-US: FusionPBX +CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...) + NOT-FOR-US: FusionPBX +CVE-2020-21052 (Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a rem ...) + NOT-FOR-US: zrlog +CVE-2020-21051 + RESERVED +CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3) + NOTE: https://github.com/saitoha/libsixel/issues/75 +CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/74 + NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5) +CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...) + - libsixel 1.8.6-1 + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/73 + NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4) + NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4) +CVE-2020-21047 (The libcpu component which is used by libasm of elfutils version 0.177 ...) + {DLA-3579-1} + - elfutils 0.180-1 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25068 + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8 (elfutils-0.178) +CVE-2020-21046 (A local privilege escalation vulnerability was identified within the " ...) + NOT-FOR-US: EagleGet for Windows +CVE-2020-21045 + RESERVED +CVE-2020-21044 + RESERVED +CVE-2020-21043 + RESERVED +CVE-2020-21042 + RESERVED +CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...) + {DSA-4990-1 DLA-2742-1} + [experimental] - ffmpeg 7:4.4-1 + - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) + [stretch] - ffmpeg (Wait for 4.1.9) + NOTE: https://trac.ffmpeg.org/ticket/7989 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba +CVE-2020-21040 + RESERVED +CVE-2020-21039 + RESERVED +CVE-2020-21038 (Open redirect vulnerability in typecho 1.1-17.10.30-release via the re ...) + NOT-FOR-US: typecho +CVE-2020-21037 + RESERVED +CVE-2020-21036 + RESERVED +CVE-2020-21035 + RESERVED +CVE-2020-21034 + RESERVED +CVE-2020-21033 + RESERVED +CVE-2020-21032 + RESERVED +CVE-2020-21031 + RESERVED +CVE-2020-21030 + RESERVED +CVE-2020-21029 + RESERVED +CVE-2020-21028 + RESERVED +CVE-2020-21027 + RESERVED +CVE-2020-21026 + RESERVED +CVE-2020-21025 + RESERVED +CVE-2020-21024 + RESERVED +CVE-2020-21023 + RESERVED +CVE-2020-21022 + RESERVED +CVE-2020-21021 + RESERVED +CVE-2020-21020 + RESERVED +CVE-2020-21019 + RESERVED +CVE-2020-21018 + RESERVED +CVE-2020-21017 + RESERVED +CVE-2020-21016 (D-Link DIR-846 devices with firmware 100A35 allow remote attackers to ...) + NOT-FOR-US: D-Link +CVE-2020-21015 + RESERVED +CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...) + NOT-FOR-US: emlog +CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php.) + NOT-FOR-US: emlog +CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to ...) + NOT-FOR-US: Sourcecodester Hotel and Lodge Management System +CVE-2020-21011 + RESERVED +CVE-2020-21010 + RESERVED +CVE-2020-21009 + REJECTED +CVE-2020-21008 + RESERVED +CVE-2020-21007 + RESERVED +CVE-2020-21006 + RESERVED +CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...) + NOT-FOR-US: WellCMS +CVE-2020-21004 + RESERVED +CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...) + NOT-FOR-US: Pbootcms +CVE-2020-21002 + RESERVED +CVE-2020-21001 + RESERVED +CVE-2020-21000 + RESERVED +CVE-2020-20999 + RESERVED +CVE-2020-20998 + RESERVED +CVE-2020-20997 + RESERVED +CVE-2020-20996 + RESERVED +CVE-2020-20995 + RESERVED +CVE-2020-20994 + RESERVED +CVE-2020-20993 + RESERVED +CVE-2020-20992 + RESERVED +CVE-2020-20991 + RESERVED +CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...) + NOT-FOR-US: DomainMOD +CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...) + NOT-FOR-US: DomainMOD +CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...) + NOT-FOR-US: DomainMOD +CVE-2020-20987 + RESERVED +CVE-2020-20986 + RESERVED +CVE-2020-20985 + RESERVED +CVE-2020-20984 + RESERVED +CVE-2020-20983 + RESERVED +CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...) + NOT-FOR-US: shadoweb wdja +CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Me ...) + NOT-FOR-US: Metinfo +CVE-2020-20980 + RESERVED +CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...) + NOT-FOR-US: LJCMS +CVE-2020-20978 + RESERVED +CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...) + NOT-FOR-US: UK CMS +CVE-2020-20976 + RESERVED +CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...) + NOT-FOR-US: Gxlcms +CVE-2020-20974 + RESERVED +CVE-2020-20973 + RESERVED +CVE-2020-20972 + RESERVED +CVE-2020-20971 (Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via ...) + NOT-FOR-US: PbootCMS +CVE-2020-20970 + RESERVED +CVE-2020-20969 (File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacke ...) + NOT-FOR-US: PluckCMS +CVE-2020-20968 + RESERVED +CVE-2020-20967 + RESERVED +CVE-2020-20966 + RESERVED +CVE-2020-20965 + RESERVED +CVE-2020-20964 + RESERVED +CVE-2020-20963 + RESERVED +CVE-2020-20962 + RESERVED +CVE-2020-20961 + RESERVED +CVE-2020-20960 + RESERVED +CVE-2020-20959 + RESERVED +CVE-2020-20958 + RESERVED +CVE-2020-20957 + RESERVED +CVE-2020-20956 + RESERVED +CVE-2020-20955 + RESERVED +CVE-2020-20954 + RESERVED +CVE-2020-20953 + RESERVED +CVE-2020-20952 + RESERVED +CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...) + NOT-FOR-US: Pluck CMS +CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) + NOT-FOR-US: Microchip Libraries for Applications +CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...) + NOT-FOR-US: STM32 cryptographic firmware library +CVE-2020-20948 (An arbitrary file download vulnerability in jeecg v3.8 allows attacker ...) + NOT-FOR-US: jeecg +CVE-2020-20947 + RESERVED +CVE-2020-20946 (Qibosoft v7 contains a stored cross-site scripting (XSS) vulnerability ...) + NOT-FOR-US: Qibosoft +CVE-2020-20945 (A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&act ...) + NOT-FOR-US: Qibosoft +CVE-2020-20944 (An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allow ...) + NOT-FOR-US: Qibosoft +CVE-2020-20943 (A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&st ...) + NOT-FOR-US: Qibosoft +CVE-2020-20942 + RESERVED +CVE-2020-20941 + RESERVED +CVE-2020-20940 + RESERVED +CVE-2020-20939 + RESERVED +CVE-2020-20938 + RESERVED +CVE-2020-20937 + RESERVED +CVE-2020-20936 + RESERVED +CVE-2020-20935 + RESERVED +CVE-2020-20934 + RESERVED +CVE-2020-20933 + RESERVED +CVE-2020-20932 + RESERVED +CVE-2020-20931 + RESERVED +CVE-2020-20930 + RESERVED +CVE-2020-20929 + RESERVED +CVE-2020-20928 + RESERVED +CVE-2020-20927 + RESERVED +CVE-2020-20926 + RESERVED +CVE-2020-20925 + RESERVED +CVE-2020-20924 + RESERVED +CVE-2020-20923 + RESERVED +CVE-2020-20922 + RESERVED +CVE-2020-20921 + RESERVED +CVE-2020-20920 + RESERVED +CVE-2020-20919 (File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote a ...) + NOT-FOR-US: PluckCMS +CVE-2020-20918 (An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacke ...) + NOT-FOR-US: PluckCMS +CVE-2020-20917 + RESERVED +CVE-2020-20916 + RESERVED +CVE-2020-20915 (SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote a ...) + NOT-FOR-US: PublicCMS +CVE-2020-20914 (SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a ...) + NOT-FOR-US: PublicCMS +CVE-2020-20913 (SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a r ...) + NOT-FOR-US: MCMS +CVE-2020-20912 + RESERVED +CVE-2020-20911 + RESERVED +CVE-2020-20910 + RESERVED +CVE-2020-20909 + RESERVED +CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...) + NOT-FOR-US: Akaunting +CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...) + NOT-FOR-US: MetInfo +CVE-2020-20906 + RESERVED +CVE-2020-20905 + RESERVED +CVE-2020-20904 + RESERVED +CVE-2020-20903 + RESERVED +CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...) + {DSA-4722-1 DLA-3010-1} + - ffmpeg 7:4.2.2-1 + NOTE: https://trac.ffmpeg.org/ticket/8176 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 (4.2.2) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=81672bf00f3b5a3c025034f4b2e33d67b72f3839 (4.2.2) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abf9627f70ed8467b1646d56205e61f965f11468 (4.1.9) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1cff89a11fa051696109565b3bf88c94479374eb (3.2.15) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=abf9627f70ed8467b1646d56205e61f965f11468 (3.2.17) +CVE-2020-20901 + REJECTED +CVE-2020-20900 + REJECTED +CVE-2020-20899 + REJECTED +CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3) + NOTE: https://trac.ffmpeg.org/ticket/8263 +CVE-2020-20897 + REJECTED +CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) + {DSA-5126-1} + - ffmpeg 7:4.3-2 + [stretch] - ffmpeg (Vulnerable code introduced later) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/6fe33489be72eee8010c28165f4b12870df4c600 (4.1.9) + NOTE: https://trac.ffmpeg.org/ticket/8273 + NOTE: Introduced in: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8b3ec51de8a04f4442297f2f835e925cab7b0597 (3.4) +CVE-2020-20895 + REJECTED +CVE-2020-20894 + REJECTED +CVE-2020-20893 + REJECTED +CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...) + {DSA-5126-1 DLA-3010-1} + - ffmpeg 7:4.3-2 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=439645004bb672a29145621549cb87acdb2f84db (4.1.9) + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=94e502e96b0870177e0af4c1e8718ac71475e374 (3.2.17) + NOTE: https://trac.ffmpeg.org/ticket/8265 +CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...) + {DSA-5126-1 DLA-3010-1} + - ffmpeg 7:4.3-2 + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5cb859665d62658d7859f345650fcb38528c4ab (4.1.9) + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/f8b4426c10aa65f4c04847a50ebfdcb8782a49b7 (3.2.17) + NOTE: https://trac.ffmpeg.org/ticket/8282 +CVE-2020-20890 + RESERVED +CVE-2020-20889 + RESERVED +CVE-2020-20888 + RESERVED +CVE-2020-20887 + RESERVED +CVE-2020-20886 + RESERVED +CVE-2020-20885 + RESERVED +CVE-2020-20884 + RESERVED +CVE-2020-20883 + RESERVED +CVE-2020-20882 + RESERVED +CVE-2020-20881 + RESERVED +CVE-2020-20880 + RESERVED +CVE-2020-20879 + RESERVED +CVE-2020-20878 + RESERVED +CVE-2020-20877 + RESERVED +CVE-2020-20876 + RESERVED +CVE-2020-20875 + RESERVED +CVE-2020-20874 + RESERVED +CVE-2020-20873 + RESERVED +CVE-2020-20872 + RESERVED +CVE-2020-20871 + RESERVED +CVE-2020-20870 + RESERVED +CVE-2020-20869 + RESERVED +CVE-2020-20868 + RESERVED +CVE-2020-20867 + RESERVED +CVE-2020-20866 + RESERVED +CVE-2020-20865 + RESERVED +CVE-2020-20864 + RESERVED +CVE-2020-20863 + RESERVED +CVE-2020-20862 + RESERVED +CVE-2020-20861 + RESERVED +CVE-2020-20860 + RESERVED +CVE-2020-20859 + RESERVED +CVE-2020-20858 + RESERVED +CVE-2020-20857 + RESERVED +CVE-2020-20856 + RESERVED +CVE-2020-20855 + RESERVED +CVE-2020-20854 + RESERVED +CVE-2020-20853 + RESERVED +CVE-2020-20852 + RESERVED +CVE-2020-20851 + RESERVED +CVE-2020-20850 + RESERVED +CVE-2020-20849 + RESERVED +CVE-2020-20848 + RESERVED +CVE-2020-20847 + RESERVED +CVE-2020-20846 + RESERVED +CVE-2020-20845 + RESERVED +CVE-2020-20844 + RESERVED +CVE-2020-20843 + RESERVED +CVE-2020-20842 + RESERVED +CVE-2020-20841 + RESERVED +CVE-2020-20840 + RESERVED +CVE-2020-20839 + RESERVED +CVE-2020-20838 + RESERVED +CVE-2020-20837 + RESERVED +CVE-2020-20836 + RESERVED +CVE-2020-20835 + RESERVED +CVE-2020-20834 + RESERVED +CVE-2020-20833 + RESERVED +CVE-2020-20832 + RESERVED +CVE-2020-20831 + RESERVED +CVE-2020-20830 + RESERVED +CVE-2020-20829 + RESERVED +CVE-2020-20828 + RESERVED +CVE-2020-20827 + RESERVED +CVE-2020-20826 + RESERVED +CVE-2020-20825 + RESERVED +CVE-2020-20824 + RESERVED +CVE-2020-20823 + RESERVED +CVE-2020-20822 + RESERVED +CVE-2020-20821 + RESERVED +CVE-2020-20820 + RESERVED +CVE-2020-20819 + RESERVED +CVE-2020-20818 + RESERVED +CVE-2020-20817 + RESERVED +CVE-2020-20816 + RESERVED +CVE-2020-20815 + RESERVED +CVE-2020-20814 + RESERVED +CVE-2020-20813 (Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers t ...) + NOTE: Unactionable report on OpenVPN +CVE-2020-20812 + RESERVED +CVE-2020-20811 + RESERVED +CVE-2020-20810 + RESERVED +CVE-2020-20809 + RESERVED +CVE-2020-20808 (Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before ...) + NOT-FOR-US: Qibosoft +CVE-2020-20807 + RESERVED +CVE-2020-20806 + RESERVED +CVE-2020-20805 + RESERVED +CVE-2020-20804 + RESERVED +CVE-2020-20803 + RESERVED +CVE-2020-20802 + RESERVED +CVE-2020-20801 + RESERVED +CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...) + NOT-FOR-US: MetInfo +CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerabilit ...) + NOT-FOR-US: JeeCMS +CVE-2020-20798 + RESERVED +CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability ...) + NOT-FOR-US: FlameCMS +CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/artic ...) + NOT-FOR-US: FlameCMS +CVE-2020-20795 + RESERVED +CVE-2020-20794 + RESERVED +CVE-2020-20793 + RESERVED +CVE-2020-20792 + RESERVED +CVE-2020-20791 + RESERVED +CVE-2020-20790 + RESERVED +CVE-2020-20789 + RESERVED +CVE-2020-20788 + RESERVED +CVE-2020-20787 + RESERVED +CVE-2020-20786 + RESERVED +CVE-2020-20785 + RESERVED +CVE-2020-20784 + RESERVED +CVE-2020-20783 + RESERVED +CVE-2020-20782 + RESERVED +CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...) + NOT-FOR-US: UCMS +CVE-2020-20780 + RESERVED +CVE-2020-20779 + RESERVED +CVE-2020-20778 + RESERVED +CVE-2020-20777 + RESERVED +CVE-2020-20776 + RESERVED +CVE-2020-20775 + RESERVED +CVE-2020-20774 + RESERVED +CVE-2020-20773 + RESERVED +CVE-2020-20772 + RESERVED +CVE-2020-20771 + RESERVED +CVE-2020-20770 + RESERVED +CVE-2020-20769 + RESERVED +CVE-2020-20768 + RESERVED +CVE-2020-20767 + RESERVED +CVE-2020-20766 + RESERVED +CVE-2020-20765 + RESERVED +CVE-2020-20764 + RESERVED +CVE-2020-20763 + RESERVED +CVE-2020-20762 + RESERVED +CVE-2020-20761 + RESERVED +CVE-2020-20760 + RESERVED +CVE-2020-20759 + RESERVED +CVE-2020-20758 + RESERVED +CVE-2020-20757 + RESERVED +CVE-2020-20756 + RESERVED +CVE-2020-20755 + RESERVED +CVE-2020-20754 + RESERVED +CVE-2020-20753 + RESERVED +CVE-2020-20752 + RESERVED +CVE-2020-20751 + RESERVED +CVE-2020-20750 + RESERVED +CVE-2020-20749 + RESERVED +CVE-2020-20748 + RESERVED +CVE-2020-20747 + RESERVED +CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03. ...) + NOT-FOR-US: Tenda +CVE-2020-20745 + RESERVED +CVE-2020-20744 + RESERVED +CVE-2020-20743 + RESERVED +CVE-2020-20742 + RESERVED +CVE-2020-20741 (Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 w ...) + NOT-FOR-US: Beckhoff +CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...) + {DLA-2475-1} + - pdfresurrect 0.21-1 + [buster] - pdfresurrect (Minor issue) + NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21) + NOTE: https://github.com/enferex/pdfresurrect/issues/14 +CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...) + {DLA-2473-1} + - vips 8.9.0-1 + [buster] - vips 8.7.4-1+deb10u1 + NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1) + NOTE: https://github.com/libvips/libvips/issues/1419 +CVE-2020-20738 + RESERVED +CVE-2020-20737 + RESERVED +CVE-2020-20736 + RESERVED +CVE-2020-20735 (File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attack ...) + NOT-FOR-US: LJCMS +CVE-2020-20734 + RESERVED +CVE-2020-20733 + RESERVED +CVE-2020-20732 + RESERVED +CVE-2020-20731 + RESERVED +CVE-2020-20730 + RESERVED +CVE-2020-20729 + RESERVED +CVE-2020-20728 + RESERVED +CVE-2020-20727 + RESERVED +CVE-2020-20726 (Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allo ...) + NOT-FOR-US: GilaCMS +CVE-2020-20725 (Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 all ...) + NOT-FOR-US: taoCMS +CVE-2020-20724 + RESERVED +CVE-2020-20723 + RESERVED +CVE-2020-20722 + RESERVED +CVE-2020-20721 + RESERVED +CVE-2020-20720 + RESERVED +CVE-2020-20719 + RESERVED +CVE-2020-20718 (File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a r ...) + NOT-FOR-US: PluckCMS +CVE-2020-20717 + RESERVED +CVE-2020-20716 + RESERVED +CVE-2020-20715 + RESERVED +CVE-2020-20714 + RESERVED +CVE-2020-20713 + RESERVED +CVE-2020-20712 + RESERVED +CVE-2020-20711 + RESERVED +CVE-2020-20710 + RESERVED +CVE-2020-20709 + RESERVED +CVE-2020-20708 + RESERVED +CVE-2020-20707 + RESERVED +CVE-2020-20706 + RESERVED +CVE-2020-20705 + RESERVED +CVE-2020-20704 + RESERVED +CVE-2020-20703 (Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attack ...) + - vim 2:8.1.2136-1 + [buster] - vim (Vulnerable code not present) + NOTE: https://github.com/vim/vim/issues/5041 + NOTE: https://github.com/vim/vim/commit/ec66c41d84e574baf8009dbc0bd088d2bc5b2421 +CVE-2020-20702 + RESERVED +CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...) + NOT-FOR-US: S-CMS PHP +CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of ...) + NOT-FOR-US: S-CMS PHP +CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...) + NOT-FOR-US: S-CMS PHP +CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...) + NOT-FOR-US: S-CMS PHP +CVE-2020-20697 (Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a ...) + NOT-FOR-US: NodCMS +CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...) + NOT-FOR-US: GilaCMS +CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...) + NOT-FOR-US: GilaCMS +CVE-2020-20694 + RESERVED +CVE-2020-20693 (A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenti ...) + NOT-FOR-US: GilaCMS +CVE-2020-20692 (GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerabilit ...) + NOT-FOR-US: GilaCMS +CVE-2020-20691 (An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary w ...) + NOT-FOR-US: Monstra CMS +CVE-2020-20690 + RESERVED +CVE-2020-20689 + RESERVED +CVE-2020-20688 + RESERVED +CVE-2020-20687 + RESERVED +CVE-2020-20686 + RESERVED +CVE-2020-20685 + RESERVED +CVE-2020-20684 + RESERVED +CVE-2020-20683 + RESERVED +CVE-2020-20682 + RESERVED +CVE-2020-20681 + RESERVED +CVE-2020-20680 + RESERVED +CVE-2020-20679 + RESERVED +CVE-2020-20678 + RESERVED +CVE-2020-20677 + RESERVED +CVE-2020-20676 + RESERVED +CVE-2020-20675 (Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoods ...) + NOT-FOR-US: Nuishop +CVE-2020-20674 + RESERVED +CVE-2020-20673 + RESERVED +CVE-2020-20672 (An arbitrary file upload vulnerability in /admin/upload/uploadfile of ...) + NOT-FOR-US: KiteCMS +CVE-2020-20671 (A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers t ...) + NOT-FOR-US: KiteCMS +CVE-2020-20670 (An arbitrary file upload vulnerability in /admin/media/upload of ZKEAC ...) + NOT-FOR-US: ZKEACMS +CVE-2020-20669 + RESERVED +CVE-2020-20668 + RESERVED +CVE-2020-20667 + RESERVED +CVE-2020-20666 + RESERVED +CVE-2020-20665 (rudp v0.6 was discovered to contain a memory leak in the component mai ...) + NOT-FOR-US: rudp +CVE-2020-20664 (libiec_iccp_mod v1.5 contains a segmentation violation in the componen ...) + NOT-FOR-US: libiec_iccp_mod +CVE-2020-20663 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) + NOT-FOR-US: libiec_iccp_mod +CVE-2020-20662 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) + NOT-FOR-US: libiec_iccp_mod +CVE-2020-20661 + RESERVED +CVE-2020-20660 + RESERVED +CVE-2020-20659 + RESERVED +CVE-2020-20658 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) + NOT-FOR-US: fcovatti libiec_iccp_mod +CVE-2020-20657 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) + NOT-FOR-US: fcovatti libiec_iccp_mod +CVE-2020-20656 + RESERVED +CVE-2020-20655 + RESERVED +CVE-2020-20654 + RESERVED +CVE-2020-20653 + RESERVED +CVE-2020-20652 + RESERVED +CVE-2020-20651 + RESERVED +CVE-2020-20650 + RESERVED +CVE-2020-20649 + RESERVED +CVE-2020-20648 + RESERVED +CVE-2020-20647 + RESERVED +CVE-2020-20646 + RESERVED +CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the ...) + NOT-FOR-US: EyouCMS +CVE-2020-20644 + RESERVED +CVE-2020-20643 + RESERVED +CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3. ...) + NOT-FOR-US: EyouCMS +CVE-2020-20641 + RESERVED +CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...) + NOT-FOR-US: ECShop +CVE-2020-20639 + RESERVED +CVE-2020-20638 + RESERVED +CVE-2020-20637 + RESERVED +CVE-2020-20636 (SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remo ...) + NOT-FOR-US: Joyplus-cms +CVE-2020-20635 + RESERVED +CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...) + NOT-FOR-US: WordPress plugin +CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...) + NOT-FOR-US: WordPress plugin +CVE-2020-20632 + RESERVED +CVE-2020-20631 + RESERVED +CVE-2020-20630 + RESERVED +CVE-2020-20629 + RESERVED +CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...) + NOT-FOR-US: WP GDPR plugin +CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...) + NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress +CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...) + NOT-FOR-US: Lara Google Analytics plugin for WordPress +CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...) + NOT-FOR-US: Sliced Invoices plugin for WordPress +CVE-2020-20624 + RESERVED +CVE-2020-20623 + RESERVED +CVE-2020-20622 + RESERVED +CVE-2020-20621 + RESERVED +CVE-2020-20620 + RESERVED +CVE-2020-20619 + RESERVED +CVE-2020-20618 + RESERVED +CVE-2020-20617 + RESERVED +CVE-2020-20616 + RESERVED +CVE-2020-20615 + RESERVED +CVE-2020-20614 + RESERVED +CVE-2020-20613 + RESERVED +CVE-2020-20612 + RESERVED +CVE-2020-20611 + RESERVED +CVE-2020-20610 + RESERVED +CVE-2020-20609 + RESERVED +CVE-2020-20608 + RESERVED +CVE-2020-20607 + RESERVED +CVE-2020-20606 + RESERVED +CVE-2020-20605 (Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in t ...) + NOT-FOR-US: Blog CMS +CVE-2020-20604 + RESERVED +CVE-2020-20603 + RESERVED +CVE-2020-20602 + RESERVED +CVE-2020-20601 (An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbi ...) + NOT-FOR-US: ThinkCMF +CVE-2020-20600 (MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerab ...) + NOT-FOR-US: MetInfo +CVE-2020-20599 + RESERVED +CVE-2020-20598 (A cross-site scripting (XSS) vulnerability in the Editing component of ...) + NOT-FOR-US: com.mossle.lemon +CVE-2020-20597 (A cross-site scripting (XSS) vulnerability in the potrtalItemName para ...) + NOT-FOR-US: com.mossle.lemon + NOTE: https://github.com/xuhuisheng/lemon +CVE-2020-20596 + RESERVED +CVE-2020-20595 (A cross-site request forgery (CSRF) in OPMS v1.3 and below allows atta ...) + NOT-FOR-US: OPMS +CVE-2020-20594 + RESERVED +CVE-2020-20593 (A cross-site request forgery (CSRF) in Rockoa v1.9.8 allows an authent ...) + NOT-FOR-US: Rockoa +CVE-2020-20592 + RESERVED +CVE-2020-20591 + RESERVED +CVE-2020-20590 + RESERVED +CVE-2020-20589 (Cross Site Scripting (XSS) vulnerability in FeehiCMS 2.0.8 allows remo ...) + NOT-FOR-US: FeehiCMS +CVE-2020-20588 (File upload vulnerability in function upload in action/Core.class.php ...) + NOT-FOR-US: zhimengzhe iBarn +CVE-2020-20587 + RESERVED +CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...) + NOT-FOR-US: XYHCMS +CVE-2020-20585 (A blind SQL injection in /admin/?n=logs&c=index&a=dode of Metinfo 7.0 ...) + NOT-FOR-US: Metinfo +CVE-2020-20584 (A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows a ...) + NOT-FOR-US: baigo CMS +CVE-2020-20583 (A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R ...) + NOT-FOR-US: LJCMS +CVE-2020-20582 (A server side request forgery (SSRF) vulnerability in /ApiAdminDomainS ...) + NOT-FOR-US: MipCMS +CVE-2020-20581 + RESERVED +CVE-2020-20580 + RESERVED +CVE-2020-20579 + RESERVED +CVE-2020-20578 + RESERVED +CVE-2020-20577 + RESERVED +CVE-2020-20576 + RESERVED +CVE-2020-20575 + RESERVED +CVE-2020-20574 + RESERVED +CVE-2020-20573 + RESERVED +CVE-2020-20572 + RESERVED +CVE-2020-20571 + RESERVED +CVE-2020-20570 + RESERVED +CVE-2020-20569 + RESERVED +CVE-2020-20568 + RESERVED +CVE-2020-20567 + RESERVED +CVE-2020-20566 + RESERVED +CVE-2020-20565 + RESERVED +CVE-2020-20564 + RESERVED +CVE-2020-20563 + RESERVED +CVE-2020-20562 + RESERVED +CVE-2020-20561 + RESERVED +CVE-2020-20560 + RESERVED +CVE-2020-20559 + RESERVED +CVE-2020-20558 + RESERVED +CVE-2020-20557 + RESERVED +CVE-2020-20556 + RESERVED +CVE-2020-20555 + RESERVED +CVE-2020-20554 + RESERVED +CVE-2020-20553 + RESERVED +CVE-2020-20552 + RESERVED +CVE-2020-20551 + RESERVED +CVE-2020-20550 + RESERVED +CVE-2020-20549 + RESERVED +CVE-2020-20548 + RESERVED +CVE-2020-20547 + RESERVED +CVE-2020-20546 + RESERVED +CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...) + NOT-FOR-US: Zhiyuan G6 Government Collaboration System +CVE-2020-20544 + RESERVED +CVE-2020-20543 + RESERVED +CVE-2020-20542 + RESERVED +CVE-2020-20541 + RESERVED +CVE-2020-20540 + RESERVED +CVE-2020-20539 + RESERVED +CVE-2020-20538 + RESERVED +CVE-2020-20537 + RESERVED +CVE-2020-20536 + RESERVED +CVE-2020-20535 + RESERVED +CVE-2020-20534 + RESERVED +CVE-2020-20533 + RESERVED +CVE-2020-20532 + RESERVED +CVE-2020-20531 + RESERVED +CVE-2020-20530 + RESERVED +CVE-2020-20529 + RESERVED +CVE-2020-20528 + RESERVED +CVE-2020-20527 + RESERVED +CVE-2020-20526 + RESERVED +CVE-2020-20525 + RESERVED +CVE-2020-20524 + RESERVED +CVE-2020-20523 (Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila ...) + NOT-FOR-US: Gila CMS +CVE-2020-20522 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...) + NOT-FOR-US: KiteCMS +CVE-2020-20521 (Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a rem ...) + NOT-FOR-US: KiteCMS +CVE-2020-20520 + RESERVED +CVE-2020-20519 + RESERVED +CVE-2020-20518 + RESERVED +CVE-2020-20517 + RESERVED +CVE-2020-20516 + RESERVED +CVE-2020-20515 + RESERVED +CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...) + NOT-FOR-US: Maccms +CVE-2020-20513 + RESERVED +CVE-2020-20512 + RESERVED +CVE-2020-20511 + RESERVED +CVE-2020-20510 + RESERVED +CVE-2020-20509 + RESERVED +CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...) + NOT-FOR-US: Shopkit +CVE-2020-20507 + RESERVED +CVE-2020-20506 + RESERVED +CVE-2020-20505 + RESERVED +CVE-2020-20504 + RESERVED +CVE-2020-20503 + RESERVED +CVE-2020-20502 (Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attack ...) + NOT-FOR-US: yzCMS +CVE-2020-20501 + RESERVED +CVE-2020-20500 + RESERVED +CVE-2020-20499 + RESERVED +CVE-2020-20498 + RESERVED +CVE-2020-20497 + RESERVED +CVE-2020-20496 + RESERVED +CVE-2020-20495 (bludit v3.13.0 contains an arbitrary file deletion vulnerability in th ...) + NOT-FOR-US: bludit + NOTE: https://github.com/bludit/bludit +CVE-2020-20494 + RESERVED +CVE-2020-20493 + RESERVED +CVE-2020-20492 + RESERVED +CVE-2020-20491 (SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a ...) + NOT-FOR-US: OpenCart +CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...) + NOT-FOR-US: libiec_iccp_mod + NOTE: https://github.com/fcovatti/libiec_iccp_mod + NOTE: IEC 61850 +CVE-2020-20489 + RESERVED +CVE-2020-20488 + RESERVED +CVE-2020-20487 + RESERVED +CVE-2020-20486 (IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_S ...) + NOT-FOR-US: IEC104 + NOTE: https://github.com/airpig2011/IEC104 +CVE-2020-20485 + RESERVED +CVE-2020-20484 + RESERVED +CVE-2020-20483 + RESERVED +CVE-2020-20482 + RESERVED +CVE-2020-20481 + RESERVED +CVE-2020-20480 + RESERVED +CVE-2020-20479 + RESERVED +CVE-2020-20478 + RESERVED +CVE-2020-20477 + RESERVED +CVE-2020-20476 + RESERVED +CVE-2020-20475 + RESERVED +CVE-2020-20474 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20473 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20472 (White Shark System (WSS) 1.3.2 has a sensitive information disclosure ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20471 (White Shark System (WSS) 1.3.2 has an unauthorized access vulnerabilit ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20470 (White Shark System (WSS) 1.3.2 has web site physical path leakage vuln ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20469 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20468 (White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can us ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20467 (White Shark System (WSS) 1.3.2 is vulnerable to sensitive information ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20466 (White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access vi ...) + NOT-FOR-US: White Shark System (WSS) +CVE-2020-20465 + RESERVED +CVE-2020-20464 + RESERVED +CVE-2020-20463 + RESERVED +CVE-2020-20462 + RESERVED +CVE-2020-20461 + RESERVED +CVE-2020-20460 + RESERVED +CVE-2020-20459 + RESERVED +CVE-2020-20458 + RESERVED +CVE-2020-20457 + RESERVED +CVE-2020-20456 + RESERVED +CVE-2020-20455 + RESERVED +CVE-2020-20454 + RESERVED +CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 (unimportant) + NOTE: https://trac.ffmpeg.org/ticket/8003 + NOTE: Negligible security impact + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8 +CVE-2020-20452 + RESERVED +CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...) + {DLA-2818-1} + - ffmpeg 7:4.3-2 (unimportant) + NOTE: https://trac.ffmpeg.org/ticket/8094 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb + NOTE: Negligible security impact +CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...) + {DSA-4998-1} + [experimental] - ffmpeg 7:4.4-1 + - ffmpeg 7:4.4-5 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://trac.ffmpeg.org/ticket/7993 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3) + NOTE: Negligible security impact +CVE-2020-20449 + RESERVED +CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) + {DSA-4722-1} + - ffmpeg 7:4.3-2 (unimportant) + [stretch] - ffmpeg (vulnerable code is not present) + NOTE: https://trac.ffmpeg.org/ticket/7990 + NOTE: Negligible security impact + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2 + NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2 +CVE-2020-20447 + RESERVED +CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:4.4.1-1 (unimportant) + NOTE: https://trac.ffmpeg.org/ticket/7995 + NOTE: Negligible security impact + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002 +CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) + {DSA-4998-1 DSA-4990-1 DLA-2818-1} + - ffmpeg 7:5.0.1-2 (unimportant) + NOTE: https://trac.ffmpeg.org/ticket/7996 + NOTE: Negligible security impact + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184 (n5.0) +CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...) + NOT-FOR-US: Jact OpenClinic +CVE-2020-20443 + RESERVED +CVE-2020-20442 + RESERVED +CVE-2020-20441 + RESERVED +CVE-2020-20440 + RESERVED +CVE-2020-20439 + RESERVED +CVE-2020-20438 + RESERVED +CVE-2020-20437 + RESERVED +CVE-2020-20436 + RESERVED +CVE-2020-20435 + RESERVED +CVE-2020-20434 + RESERVED +CVE-2020-20433 + RESERVED +CVE-2020-20432 + RESERVED +CVE-2020-20431 + RESERVED +CVE-2020-20430 + RESERVED +CVE-2020-20429 + RESERVED +CVE-2020-20428 + RESERVED +CVE-2020-20427 + RESERVED +CVE-2020-20426 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...) + NOT-FOR-US: S-CMS Government Station Building System +CVE-2020-20425 (S-CMS Government Station Building System v5.0 contains a cross-site sc ...) + NOT-FOR-US: S-CMS Government Station Building System +CVE-2020-20424 + RESERVED +CVE-2020-20423 + RESERVED +CVE-2020-20422 + RESERVED +CVE-2020-20421 + RESERVED +CVE-2020-20420 + RESERVED +CVE-2020-20419 + RESERVED +CVE-2020-20418 + RESERVED +CVE-2020-20417 + RESERVED +CVE-2020-20416 + RESERVED +CVE-2020-20415 + RESERVED +CVE-2020-20414 + RESERVED +CVE-2020-20413 (SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote ...) + NOT-FOR-US: WUZHICMS +CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...) + NOT-FOR-US: StepMania integration of libvorbis +CVE-2020-20411 + RESERVED +CVE-2020-20410 + RESERVED +CVE-2020-20409 + RESERVED +CVE-2020-20408 + RESERVED +CVE-2020-20407 + RESERVED +CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) + NOT-FOR-US: Elementor Page Builder +CVE-2020-20405 + RESERVED +CVE-2020-20404 + RESERVED +CVE-2020-20403 + RESERVED +CVE-2020-20402 (Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password ...) + NOT-FOR-US: portfolioCMS +CVE-2020-20401 + RESERVED +CVE-2020-20400 + RESERVED +CVE-2020-20399 + RESERVED +CVE-2020-20398 + RESERVED +CVE-2020-20397 + RESERVED +CVE-2020-20396 + RESERVED +CVE-2020-20395 + RESERVED +CVE-2020-20394 + RESERVED +CVE-2020-20393 + RESERVED +CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters ...) + NOT-FOR-US: imcat +CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/sni ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-20390 + RESERVED +CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in adm ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-20388 + RESERVED +CVE-2020-20387 + RESERVED +CVE-2020-20386 + RESERVED +CVE-2020-20385 + RESERVED +CVE-2020-20384 + RESERVED +CVE-2020-20383 + RESERVED +CVE-2020-20382 + RESERVED +CVE-2020-20381 + RESERVED +CVE-2020-20380 + RESERVED +CVE-2020-20379 + RESERVED +CVE-2020-20378 + RESERVED +CVE-2020-20377 + RESERVED +CVE-2020-20376 + RESERVED +CVE-2020-20375 + RESERVED +CVE-2020-20374 + RESERVED +CVE-2020-20373 + RESERVED +CVE-2020-20372 + RESERVED +CVE-2020-20371 + RESERVED +CVE-2020-20370 + RESERVED +CVE-2020-20369 + RESERVED +CVE-2020-20368 + RESERVED +CVE-2020-20367 + RESERVED +CVE-2020-20366 + RESERVED +CVE-2020-20365 + RESERVED +CVE-2020-20364 + RESERVED +CVE-2020-20363 (Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.p ...) + NOT-FOR-US: PbootCMS +CVE-2020-20362 + RESERVED +CVE-2020-20361 + RESERVED +CVE-2020-20360 + RESERVED +CVE-2020-20359 + RESERVED +CVE-2020-20358 + RESERVED +CVE-2020-20357 + RESERVED +CVE-2020-20356 + RESERVED +CVE-2020-20355 + RESERVED +CVE-2020-20354 + RESERVED +CVE-2020-20353 + RESERVED +CVE-2020-20352 + RESERVED +CVE-2020-20351 + RESERVED +CVE-2020-20350 + RESERVED +CVE-2020-20349 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) + NOT-FOR-US: WTCMS +CVE-2020-20348 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) + NOT-FOR-US: WTCMS +CVE-2020-20347 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) + NOT-FOR-US: WTCMS +CVE-2020-20346 + RESERVED +CVE-2020-20345 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) + NOT-FOR-US: WTCMS +CVE-2020-20344 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) + NOT-FOR-US: WTCMS +CVE-2020-20343 (WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability i ...) + NOT-FOR-US: WTCMS +CVE-2020-20342 + RESERVED +CVE-2020-20341 (YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_ ...) + NOT-FOR-US: YzmCMS +CVE-2020-20340 (A SQL injection vulnerability in the 4.edu.php\conn\function.php compo ...) + NOT-FOR-US: S-CMS +CVE-2020-20339 + RESERVED +CVE-2020-20338 + RESERVED +CVE-2020-20337 + RESERVED +CVE-2020-20336 + RESERVED +CVE-2020-20335 (Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8 ...) + NOT-FOR-US: kilo editor +CVE-2020-20334 + RESERVED +CVE-2020-20333 + RESERVED +CVE-2020-20332 + RESERVED +CVE-2020-20331 + RESERVED +CVE-2020-20330 + RESERVED +CVE-2020-20329 + RESERVED +CVE-2020-20328 + RESERVED +CVE-2020-20327 + RESERVED +CVE-2020-20326 + RESERVED +CVE-2020-20325 + RESERVED +CVE-2020-20324 + RESERVED +CVE-2020-20323 + RESERVED +CVE-2020-20322 + RESERVED +CVE-2020-20321 + RESERVED +CVE-2020-20320 + RESERVED +CVE-2020-20319 + RESERVED +CVE-2020-20318 + RESERVED +CVE-2020-20317 + RESERVED +CVE-2020-20316 + RESERVED +CVE-2020-20315 + RESERVED +CVE-2020-20314 + RESERVED +CVE-2020-20313 + RESERVED +CVE-2020-20312 + RESERVED +CVE-2020-20311 + RESERVED +CVE-2020-20310 + RESERVED +CVE-2020-20309 + RESERVED +CVE-2020-20308 + RESERVED +CVE-2020-20307 + RESERVED +CVE-2020-20306 + RESERVED +CVE-2020-20305 + RESERVED +CVE-2020-20304 + RESERVED +CVE-2020-20303 + RESERVED +CVE-2020-20302 + RESERVED +CVE-2020-20301 + RESERVED +CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0.) + NOT-FOR-US: WeiPHP +CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...) + NOT-FOR-US: WeiPHP +CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...) + NOT-FOR-US: zzzphp +CVE-2020-20297 + RESERVED +CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because the recha ...) + NOT-FOR-US: CMSWing +CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because the updat ...) + NOT-FOR-US: CMSWing +CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because the log f ...) + NOT-FOR-US: CMSWing +CVE-2020-20293 + RESERVED +CVE-2020-20292 + RESERVED +CVE-2020-20291 + RESERVED +CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project. The delete ...) + NOT-FOR-US: yccms +CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The no_top funct ...) + NOT-FOR-US: yccms +CVE-2020-20288 + RESERVED +CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3 project. The x ...) + NOT-FOR-US: yccms +CVE-2020-20286 + RESERVED +CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...) + NOT-FOR-US: zzcms +CVE-2020-20284 + RESERVED +CVE-2020-20283 + RESERVED +CVE-2020-20282 + RESERVED +CVE-2020-20281 + RESERVED +CVE-2020-20280 + RESERVED +CVE-2020-20279 + RESERVED +CVE-2020-20278 + RESERVED +CVE-2020-20277 (There are multiple unauthenticated directory traversal vulnerabilities ...) + NOT-FOR-US: uftpd +CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability in common ...) + NOT-FOR-US: uftpd +CVE-2020-20275 + RESERVED +CVE-2020-20274 + RESERVED +CVE-2020-20273 + RESERVED +CVE-2020-20272 + RESERVED +CVE-2020-20271 + RESERVED +CVE-2020-20270 + RESERVED +CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...) + NOT-FOR-US: Caret Editor +CVE-2020-20268 + RESERVED +CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20263 + RESERVED +CVE-2020-20262 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20261 + RESERVED +CVE-2020-20260 + RESERVED +CVE-2020-20259 + RESERVED +CVE-2020-20258 + RESERVED +CVE-2020-20257 + RESERVED +CVE-2020-20256 + RESERVED +CVE-2020-20255 + RESERVED +CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) + NOT-FOR-US: Mikrotik +CVE-2020-20251 + RESERVED +CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) + NOT-FOR-US: Mikrotik +CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20245 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20244 + RESERVED +CVE-2020-20243 + RESERVED +CVE-2020-20242 + RESERVED +CVE-2020-20241 + RESERVED +CVE-2020-20240 + RESERVED +CVE-2020-20239 + RESERVED +CVE-2020-20238 + RESERVED +CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20235 + RESERVED +CVE-2020-20234 + RESERVED +CVE-2020-20233 + RESERVED +CVE-2020-20232 + RESERVED +CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...) + NOT-FOR-US: Mikrotik +CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20229 + RESERVED +CVE-2020-20228 + RESERVED +CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnera ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20226 + RESERVED +CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) + NOT-FOR-US: Mikrotik +CVE-2020-20224 + RESERVED +CVE-2020-20223 + RESERVED +CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20221 (Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncon ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20220 (Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruptio ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20219 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20217 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontroll ...) + NOT-FOR-US: Mikrotik +CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik +CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik +CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) + NOT-FOR-US: Mikrotik RouterOs +CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...) + NOT-FOR-US: Mikrotik +CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...) + NOT-FOR-US: Mikrotik +CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...) + NOT-FOR-US: Mikrotik +CVE-2020-20210 (Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/a ...) + NOT-FOR-US: Bludit +CVE-2020-20209 + RESERVED +CVE-2020-20208 + RESERVED +CVE-2020-20207 + RESERVED +CVE-2020-20206 + RESERVED +CVE-2020-20205 + RESERVED +CVE-2020-20204 + RESERVED +CVE-2020-20203 + RESERVED +CVE-2020-20202 + RESERVED +CVE-2020-20201 + RESERVED +CVE-2020-20200 + RESERVED +CVE-2020-20199 + RESERVED +CVE-2020-20198 + RESERVED +CVE-2020-20197 + RESERVED +CVE-2020-20196 + RESERVED +CVE-2020-20195 + RESERVED +CVE-2020-20194 + RESERVED +CVE-2020-20193 + RESERVED +CVE-2020-20192 + RESERVED +CVE-2020-20191 + RESERVED +CVE-2020-20190 + RESERVED +CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...) + NOT-FOR-US: NewPK +CVE-2020-20188 + RESERVED +CVE-2020-20187 + RESERVED +CVE-2020-20186 + RESERVED +CVE-2020-20185 + RESERVED +CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...) + NOT-FOR-US: GateOne +CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel\u2019s P1302-T ...) + NOT-FOR-US: Zyxel +CVE-2020-20182 + RESERVED +CVE-2020-20181 + RESERVED +CVE-2020-20180 + RESERVED +CVE-2020-20179 + RESERVED +CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest ve ...) + NOT-FOR-US: Ethereum +CVE-2020-20177 + RESERVED +CVE-2020-20176 + RESERVED +CVE-2020-20175 + RESERVED +CVE-2020-20174 + RESERVED +CVE-2020-20173 + RESERVED +CVE-2020-20172 + RESERVED +CVE-2020-20171 + RESERVED +CVE-2020-20170 + RESERVED +CVE-2020-20169 + RESERVED +CVE-2020-20168 + RESERVED +CVE-2020-20167 + RESERVED +CVE-2020-20166 + RESERVED +CVE-2020-20165 + RESERVED +CVE-2020-20164 + RESERVED +CVE-2020-20163 + RESERVED +CVE-2020-20162 + RESERVED +CVE-2020-20161 + RESERVED +CVE-2020-20160 + RESERVED +CVE-2020-20159 + RESERVED +CVE-2020-20158 + RESERVED +CVE-2020-20157 + RESERVED +CVE-2020-20156 + RESERVED +CVE-2020-20155 + RESERVED +CVE-2020-20154 + RESERVED +CVE-2020-20153 + RESERVED +CVE-2020-20152 + RESERVED +CVE-2020-20151 + RESERVED +CVE-2020-20150 + RESERVED +CVE-2020-20149 + RESERVED +CVE-2020-20148 + RESERVED +CVE-2020-20147 + RESERVED +CVE-2020-20146 + RESERVED +CVE-2020-20145 + REJECTED +CVE-2020-20144 + RESERVED +CVE-2020-20143 + RESERVED +CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" compon ...) + NOT-FOR-US: Flexmonster Pivot Table & Charts +CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) compone ...) + NOT-FOR-US: Flexmonster Pivot Table & Charts +CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report component un ...) + NOT-FOR-US: Flexmonster Pivot Table & Charts +CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component ...) + NOT-FOR-US: Flexmonster Pivot Table & Charts +CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...) + NOT-FOR-US: CMS Made Simple (CMSMS) +CVE-2020-20137 + RESERVED +CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an ...) + NOT-FOR-US: QuantConnect Lean +CVE-2020-20135 + RESERVED +CVE-2020-20134 + RESERVED +CVE-2020-20133 + RESERVED +CVE-2020-20132 + RESERVED +CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) + NOT-FOR-US: LaraCMS +CVE-2020-20130 + RESERVED +CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) + NOT-FOR-US: LaraCMS +CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...) + NOT-FOR-US: LaraCMS +CVE-2020-20127 + RESERVED +CVE-2020-20126 + RESERVED +CVE-2020-20125 (EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability ...) + NOT-FOR-US: EARCLINK ESPCMS-P8 +CVE-2020-20124 (Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability ...) + NOT-FOR-US: Wuzhi CMS +CVE-2020-20123 + RESERVED +CVE-2020-20122 (Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitl ...) + NOT-FOR-US: Wuzhi CMS +CVE-2020-20121 + RESERVED +CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which ...) + NOT-FOR-US: ThinkPHP +CVE-2020-20119 + RESERVED +CVE-2020-20118 (Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows ...) + NOT-FOR-US: Avast +CVE-2020-20117 + RESERVED +CVE-2020-20116 + RESERVED +CVE-2020-20115 + RESERVED +CVE-2020-20114 + RESERVED +CVE-2020-20113 + RESERVED +CVE-2020-20112 + RESERVED +CVE-2020-20111 + RESERVED +CVE-2020-20110 + RESERVED +CVE-2020-20109 + RESERVED +CVE-2020-20108 + RESERVED +CVE-2020-20107 + RESERVED +CVE-2020-20106 + RESERVED +CVE-2020-20105 + RESERVED +CVE-2020-20104 + RESERVED +CVE-2020-20103 + RESERVED +CVE-2020-20102 + RESERVED +CVE-2020-20101 + RESERVED +CVE-2020-20100 + RESERVED +CVE-2020-20099 + RESERVED +CVE-2020-20098 + RESERVED +CVE-2020-20097 + RESERVED +CVE-2020-20096 (Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user int ...) + NOT-FOR-US: WhatsApp +CVE-2020-20095 (iMessage (Messages app) iOS 12.4 and prior user interface does not pro ...) + NOT-FOR-US: Apple iMessage +CVE-2020-20094 (Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user in ...) + NOT-FOR-US: Instagram +CVE-2020-20093 (The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0 ...) + NOT-FOR-US: Facebook Messenger +CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the image uploa ...) + NOT-FOR-US: ArticleCMS +CVE-2020-20091 + RESERVED +CVE-2020-20090 + RESERVED +CVE-2020-20089 + RESERVED +CVE-2020-20088 + RESERVED +CVE-2020-20087 + RESERVED +CVE-2020-20086 + RESERVED +CVE-2020-20085 + RESERVED +CVE-2020-20084 + RESERVED +CVE-2020-20083 + RESERVED +CVE-2020-20082 + RESERVED +CVE-2020-20081 + RESERVED +CVE-2020-20080 + RESERVED +CVE-2020-20079 + RESERVED +CVE-2020-20078 + RESERVED +CVE-2020-20077 + RESERVED +CVE-2020-20076 + RESERVED +CVE-2020-20075 + RESERVED +CVE-2020-20074 + RESERVED +CVE-2020-20073 + RESERVED +CVE-2020-20072 + RESERVED +CVE-2020-20071 + RESERVED +CVE-2020-20070 (Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allow ...) + NOT-FOR-US: DWSurvey +CVE-2020-20069 + RESERVED +CVE-2020-20068 + RESERVED +CVE-2020-20067 (File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to ...) + NOT-FOR-US: ebCMS +CVE-2020-20066 + RESERVED +CVE-2020-20065 + RESERVED +CVE-2020-20064 + RESERVED +CVE-2020-20063 + RESERVED +CVE-2020-20062 + RESERVED +CVE-2020-20061 + RESERVED +CVE-2020-20060 + RESERVED +CVE-2020-20059 + RESERVED +CVE-2020-20058 + RESERVED +CVE-2020-20057 + RESERVED +CVE-2020-20056 + RESERVED +CVE-2020-20055 + RESERVED +CVE-2020-20054 + RESERVED +CVE-2020-20053 + RESERVED +CVE-2020-20052 + RESERVED +CVE-2020-20051 + RESERVED +CVE-2020-20050 + RESERVED +CVE-2020-20049 + RESERVED +CVE-2020-20048 + RESERVED +CVE-2020-20047 + RESERVED +CVE-2020-20046 + RESERVED +CVE-2020-20045 + RESERVED +CVE-2020-20044 + RESERVED +CVE-2020-20043 + RESERVED +CVE-2020-20042 + RESERVED +CVE-2020-20041 + RESERVED +CVE-2020-20040 + RESERVED +CVE-2020-20039 + RESERVED +CVE-2020-20038 + RESERVED +CVE-2020-20037 + RESERVED +CVE-2020-20036 + RESERVED +CVE-2020-20035 + RESERVED +CVE-2020-20034 + RESERVED +CVE-2020-20033 + RESERVED +CVE-2020-20032 + RESERVED +CVE-2020-20031 + RESERVED +CVE-2020-20030 + RESERVED +CVE-2020-20029 + RESERVED +CVE-2020-20028 + RESERVED +CVE-2020-20027 + RESERVED +CVE-2020-20026 + RESERVED +CVE-2020-20025 + RESERVED +CVE-2020-20024 + RESERVED +CVE-2020-20023 + RESERVED +CVE-2020-20022 + RESERVED +CVE-2020-20021 (An issue discovered in MikroTik Router v6.46.3 and earlier allows atta ...) + NOT-FOR-US: MikroTik +CVE-2020-20020 + RESERVED +CVE-2020-20019 + RESERVED +CVE-2020-20018 + RESERVED +CVE-2020-20017 + RESERVED +CVE-2020-20016 + RESERVED +CVE-2020-20015 + RESERVED +CVE-2020-20014 + RESERVED +CVE-2020-20013 + RESERVED +CVE-2020-20012 (WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.) + NOT-FOR-US: WebPlus Pro +CVE-2020-20011 + RESERVED +CVE-2020-20010 + RESERVED +CVE-2020-20009 + RESERVED +CVE-2020-20008 + RESERVED +CVE-2020-20007 + RESERVED +CVE-2020-20006 + RESERVED +CVE-2020-20005 + RESERVED +CVE-2020-20004 + RESERVED +CVE-2020-20003 + RESERVED +CVE-2020-20002 + RESERVED +CVE-2020-20001 + RESERVED +CVE-2020-20000 + RESERVED +CVE-2020-19999 + RESERVED +CVE-2020-19998 + RESERVED +CVE-2020-19997 + RESERVED +CVE-2020-19996 + RESERVED +CVE-2020-19995 + RESERVED +CVE-2020-19994 + RESERVED +CVE-2020-19993 + RESERVED +CVE-2020-19992 + RESERVED +CVE-2020-19991 + RESERVED +CVE-2020-19990 + RESERVED +CVE-2020-19989 + RESERVED +CVE-2020-19988 + RESERVED +CVE-2020-19987 + RESERVED +CVE-2020-19986 + RESERVED +CVE-2020-19985 + RESERVED +CVE-2020-19984 + RESERVED +CVE-2020-19983 + RESERVED +CVE-2020-19982 + RESERVED +CVE-2020-19981 + RESERVED +CVE-2020-19980 + RESERVED +CVE-2020-19979 + RESERVED +CVE-2020-19978 + RESERVED +CVE-2020-19977 + RESERVED +CVE-2020-19976 + RESERVED +CVE-2020-19975 + RESERVED +CVE-2020-19974 + RESERVED +CVE-2020-19973 + RESERVED +CVE-2020-19972 + RESERVED +CVE-2020-19971 + RESERVED +CVE-2020-19970 + RESERVED +CVE-2020-19969 + RESERVED +CVE-2020-19968 + RESERVED +CVE-2020-19967 + RESERVED +CVE-2020-19966 + RESERVED +CVE-2020-19965 + RESERVED +CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...) + NOT-FOR-US: PHPMyWind +CVE-2020-19963 + RESERVED +CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...) + NOT-FOR-US: Chaoji CMS +CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + NOT-FOR-US: zz cms +CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + NOT-FOR-US: zz cms +CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + NOT-FOR-US: zz cms +CVE-2020-19958 + RESERVED +CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) + NOT-FOR-US: zz cms +CVE-2020-19956 + RESERVED +CVE-2020-19955 + RESERVED +CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...) + NOT-FOR-US: S-CMS +CVE-2020-19953 + RESERVED +CVE-2020-19952 (Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Ma ...) + NOT-FOR-US: jbt Markdown Editor +CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...) + NOT-FOR-US: YzmCMS +CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...) + NOT-FOR-US: YzmCMS +CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...) + NOT-FOR-US: YzmCMS +CVE-2020-19948 + RESERVED +CVE-2020-19947 (Cross Site Scripting vulnerability found in Markdown Edit allows a rem ...) + NOT-FOR-US: Markdown Edit +CVE-2020-19946 + RESERVED +CVE-2020-19945 + RESERVED +CVE-2020-19944 + RESERVED +CVE-2020-19943 + RESERVED +CVE-2020-19942 + RESERVED +CVE-2020-19941 + RESERVED +CVE-2020-19940 + RESERVED +CVE-2020-19939 + RESERVED +CVE-2020-19938 + RESERVED +CVE-2020-19937 + RESERVED +CVE-2020-19936 + RESERVED +CVE-2020-19935 + RESERVED +CVE-2020-19934 + RESERVED +CVE-2020-19933 + RESERVED +CVE-2020-19932 + RESERVED +CVE-2020-19931 + RESERVED +CVE-2020-19930 + RESERVED +CVE-2020-19929 + RESERVED +CVE-2020-19928 + RESERVED +CVE-2020-19927 + RESERVED +CVE-2020-19926 + RESERVED +CVE-2020-19925 + RESERVED +CVE-2020-19924 (In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS a ...) + NOT-FOR-US: Boostnote +CVE-2020-19923 + RESERVED +CVE-2020-19922 + RESERVED +CVE-2020-19921 + RESERVED +CVE-2020-19920 + RESERVED +CVE-2020-19919 + RESERVED +CVE-2020-19918 + RESERVED +CVE-2020-19917 + RESERVED +CVE-2020-19916 + RESERVED +CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-19914 (Cross Site Scripting (XSS) in xiunobbs 4.0.4 allows remote attackers t ...) + NOT-FOR-US: xiunobbs +CVE-2020-19913 + RESERVED +CVE-2020-19912 + RESERVED +CVE-2020-19911 + RESERVED +CVE-2020-19910 + RESERVED +CVE-2020-19909 (Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a ...) + - curl 7.66.0-1 (unimportant) + NOTE: https://github.com/curl/curl/pull/4166 + NOTE: Fixed by: https://github.com/curl/curl/commit/db0a0dfb0eb41d39273b0590b992df58f38b9a4d (curl-7_66_0) + NOTE: Crash in CLI tool, no security impact +CVE-2020-19908 + RESERVED +CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...) + NOT-FOR-US: Caldera plugin +CVE-2020-19906 + RESERVED +CVE-2020-19905 + RESERVED +CVE-2020-19904 + RESERVED +CVE-2020-19903 + RESERVED +CVE-2020-19902 (Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 all ...) + NOT-FOR-US: Cryptoprof WCMS +CVE-2020-19901 + RESERVED +CVE-2020-19900 + RESERVED +CVE-2020-19899 + RESERVED +CVE-2020-19898 + RESERVED +CVE-2020-19897 (A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remot ...) + NOT-FOR-US: Wuzhicms +CVE-2020-19896 (File inclusion vulnerability in Minicms v1.9 allows remote attackers t ...) + NOT-FOR-US: MiniCMS +CVE-2020-19895 + RESERVED +CVE-2020-19894 + RESERVED +CVE-2020-19893 + RESERVED +CVE-2020-19892 + RESERVED +CVE-2020-19891 (DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\ ...) + NOT-FOR-US: DBHcms +CVE-2020-19890 (DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\m ...) + NOT-FOR-US: DBHcms +CVE-2020-19889 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) + NOT-FOR-US: DBHcms +CVE-2020-19888 (DBHcms v1.2.0 has an unauthorized operation vulnerability because ther ...) + NOT-FOR-US: DBHcms +CVE-2020-19887 (DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecia ...) + NOT-FOR-US: DBHcms +CVE-2020-19886 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) + NOT-FOR-US: DBHcms +CVE-2020-19885 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) + NOT-FOR-US: DBHcms +CVE-2020-19884 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) + NOT-FOR-US: DBHcms +CVE-2020-19883 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) + NOT-FOR-US: DBHcms +CVE-2020-19882 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) + NOT-FOR-US: DBHcms +CVE-2020-19881 (DBHcms v1.2.0 has a reflected xss vulnerability as there is no securit ...) + NOT-FOR-US: DBHcms +CVE-2020-19880 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) + NOT-FOR-US: DBHcms +CVE-2020-19879 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) + NOT-FOR-US: DBHcms +CVE-2020-19878 (DBHcms v1.2.0 has a sensitive information leaks vulnerability as there ...) + NOT-FOR-US: DBHcms +CVE-2020-19877 (DBHcms v1.2.0 has a directory traversal vulnerability as there is no d ...) + NOT-FOR-US: DBHcms +CVE-2020-19876 + RESERVED +CVE-2020-19875 + RESERVED +CVE-2020-19874 + RESERVED +CVE-2020-19873 + RESERVED +CVE-2020-19872 + RESERVED +CVE-2020-19871 + RESERVED +CVE-2020-19870 + RESERVED +CVE-2020-19869 + RESERVED +CVE-2020-19868 + RESERVED +CVE-2020-19867 + RESERVED +CVE-2020-19866 + RESERVED +CVE-2020-19865 + RESERVED +CVE-2020-19864 + RESERVED +CVE-2020-19863 + RESERVED +CVE-2020-19862 + RESERVED +CVE-2020-19861 (When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt ...) + {DLA-2910-1} + - ldns 1.8.1-1 + [bullseye] - ldns (Minor issue) + [buster] - ldns (Minor issue) + NOTE: https://github.com/NLnetLabs/ldns/issues/51 + NOTE: https://github.com/NLnetLabs/ldns/commit/136ec420437041fe13f344a2053e774f9050cc38 (1.8.0-rc.1) +CVE-2020-19860 (When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_ ...) + {DLA-2910-1} + - ldns 1.8.1-1 + [bullseye] - ldns (Minor issue) + [buster] - ldns (Minor issue) + NOTE: https://github.com/NLnetLabs/ldns/issues/50 + NOTE: https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 (1.8.0-rc.1) + NOTE: https://github.com/NLnetLabs/ldns/commit/4e9861576a600a5ecfa16ec2de853c90dd9ce276 (1.8.0-rc.1) +CVE-2020-19859 + RESERVED +CVE-2020-19858 (Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerabilit ...) + NOT-FOR-US: Platinum Upnp SDK +CVE-2020-19857 + RESERVED +CVE-2020-19856 + RESERVED +CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...) + NOT-FOR-US: phpwcms +CVE-2020-19854 + RESERVED +CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.) + NOT-FOR-US: BlueCMS +CVE-2020-19852 + RESERVED +CVE-2020-19851 + RESERVED +CVE-2020-19850 (An issue found in Directus API v.2.2.0 allows a remote attacker to cau ...) + NOT-FOR-US: Directus API +CVE-2020-19849 + RESERVED +CVE-2020-19848 + RESERVED +CVE-2020-19847 + RESERVED +CVE-2020-19846 + RESERVED +CVE-2020-19845 + RESERVED +CVE-2020-19844 + RESERVED +CVE-2020-19843 + RESERVED +CVE-2020-19842 + RESERVED +CVE-2020-19841 + RESERVED +CVE-2020-19840 + RESERVED +CVE-2020-19839 + RESERVED +CVE-2020-19838 + RESERVED +CVE-2020-19837 + RESERVED +CVE-2020-19836 + RESERVED +CVE-2020-19835 + RESERVED +CVE-2020-19834 + RESERVED +CVE-2020-19833 + RESERVED +CVE-2020-19832 + RESERVED +CVE-2020-19831 + RESERVED +CVE-2020-19830 + RESERVED +CVE-2020-19829 + RESERVED +CVE-2020-19828 + RESERVED +CVE-2020-19827 + RESERVED +CVE-2020-19826 + RESERVED +CVE-2020-19825 (Cross Site Scripting (XSS) vulnerability in kevinpapst kimai2 1.30.0 i ...) + NOT-FOR-US: kevinpapst kimai2 +CVE-2020-19824 (An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute ar ...) + {DLA-3358-1} + - mpv 0.30.0-1 + NOTE: https://github.com/mpv-player/mpv/issues/6808 + NOTE: https://github.com/mpv-player/mpv/commit/5858e3cdbd6fbae3ed80366912dd5df0af4fa126 (v0.30.0) +CVE-2020-19823 + RESERVED +CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...) + NOT-FOR-US: ZZCMS +CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...) + NOT-FOR-US: DOYOCMS +CVE-2020-19820 + RESERVED +CVE-2020-19819 + RESERVED +CVE-2020-19818 + RESERVED +CVE-2020-19817 + RESERVED +CVE-2020-19816 + RESERVED +CVE-2020-19815 + RESERVED +CVE-2020-19814 + RESERVED +CVE-2020-19813 + RESERVED +CVE-2020-19812 + RESERVED +CVE-2020-19811 + RESERVED +CVE-2020-19810 + RESERVED +CVE-2020-19809 + RESERVED +CVE-2020-19808 + RESERVED +CVE-2020-19807 + RESERVED +CVE-2020-19806 + RESERVED +CVE-2020-19805 + RESERVED +CVE-2020-19804 + RESERVED +CVE-2020-19803 (Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 ...) + NOT-FOR-US: DoyoCMS +CVE-2020-19802 (File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remot ...) + NOT-FOR-US: DoyoCMS +CVE-2020-19801 + RESERVED +CVE-2020-19800 + RESERVED +CVE-2020-19799 + RESERVED +CVE-2020-19798 + RESERVED +CVE-2020-19797 + RESERVED +CVE-2020-19796 + RESERVED +CVE-2020-19795 + RESERVED +CVE-2020-19794 + RESERVED +CVE-2020-19793 + RESERVED +CVE-2020-19792 + RESERVED +CVE-2020-19791 + RESERVED +CVE-2020-19790 + RESERVED +CVE-2020-19789 + RESERVED +CVE-2020-19788 + RESERVED +CVE-2020-19787 + RESERVED +CVE-2020-19786 (File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 al ...) + NOT-FOR-US: CSKaza CSZ CMS +CVE-2020-19785 + RESERVED +CVE-2020-19784 + RESERVED +CVE-2020-19783 + RESERVED +CVE-2020-19782 + RESERVED +CVE-2020-19781 + RESERVED +CVE-2020-19780 + RESERVED +CVE-2020-19779 + RESERVED +CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...) + NOT-FOR-US: Shopxo +CVE-2020-19777 + RESERVED +CVE-2020-19776 + RESERVED +CVE-2020-19775 + RESERVED +CVE-2020-19774 + RESERVED +CVE-2020-19773 + RESERVED +CVE-2020-19772 + RESERVED +CVE-2020-19771 + RESERVED +CVE-2020-19770 (A cross-site scripting (XSS) vulnerability in the system bulletin comp ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...) + NOT-FOR-US: Rob The Bank +CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...) + NOT-FOR-US: ICOVO +CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...) + NOT-FOR-US: 0xRACER +CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...) + NOT-FOR-US: PepeAuctionSale +CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...) + NOT-FOR-US: Ethereum Accounting +CVE-2020-19764 + RESERVED +CVE-2020-19763 + RESERVED +CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows ...) + NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System +CVE-2020-19761 + RESERVED +CVE-2020-19760 + RESERVED +CVE-2020-19759 + RESERVED +CVE-2020-19758 + RESERVED +CVE-2020-19757 + RESERVED +CVE-2020-19756 + RESERVED +CVE-2020-19755 + RESERVED +CVE-2020-19754 + RESERVED +CVE-2020-19753 + RESERVED +CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...) + - gifsicle 1.93-2 (unimportant) + NOTE: https://github.com/kohler/gifsicle/issues/140 + NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93) + NOTE: Crash in CLI tool, no security impact +CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + - ccextractor 0.93+ds2-1 (bug #994746) + [bullseye] - ccextractor (Minor issue) + [buster] - ccextractor (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1272 + NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20) +CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1262 + NOTE: https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02 (v0.9.0-preview~20) +CVE-2020-19749 + RESERVED +CVE-2020-19748 + RESERVED +CVE-2020-19747 + RESERVED +CVE-2020-19746 + RESERVED +CVE-2020-19745 + RESERVED +CVE-2020-19744 + RESERVED +CVE-2020-19743 + RESERVED +CVE-2020-19742 + RESERVED +CVE-2020-19741 + RESERVED +CVE-2020-19740 + RESERVED +CVE-2020-19739 + RESERVED +CVE-2020-19738 + RESERVED +CVE-2020-19737 + RESERVED +CVE-2020-19736 + RESERVED +CVE-2020-19735 + RESERVED +CVE-2020-19734 + RESERVED +CVE-2020-19733 + RESERVED +CVE-2020-19732 + RESERVED +CVE-2020-19731 + RESERVED +CVE-2020-19730 + RESERVED +CVE-2020-19729 + RESERVED +CVE-2020-19728 + RESERVED +CVE-2020-19727 + RESERVED +CVE-2020-19726 (An issue was discovered in binutils libbfd.c 2.36 relating to the auxi ...) + - binutils 2.37-3 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26240 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26241 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4fd8d5856435ff84de1f181381fc51754285af6f + NOTE: binutils not covered by security support +CVE-2020-19725 (There is a use-after-free vulnerability in file pdd_simplifier.cpp in ...) + NOT-FOR-US: Z3Prover Z3 +CVE-2020-19724 (A memory consumption issue in get_data function in binutils/nm.c in GN ...) + - binutils 2.33.50.20200114-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25362 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=805f38bc551de820bcd7b31d3c5731ae27cf853a (binutils-2_34 + NOTE: binutils not covered by security support +CVE-2020-19723 + RESERVED +CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) + NOT-FOR-US: Bento4 +CVE-2020-19721 (A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1 ...) + NOT-FOR-US: Bento4 +CVE-2020-19720 (An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bent ...) + NOT-FOR-US: Bento4 +CVE-2020-19719 (A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 ...) + NOT-FOR-US: Bento4 +CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) + NOT-FOR-US: Bento4 +CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...) + NOT-FOR-US: Bento4 +CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...) + {DLA-3186-1} + - exiv2 0.27.2-6 + NOTE: https://github.com/Exiv2/exiv2/issues/980 + NOTE: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3 +CVE-2020-19715 + REJECTED +CVE-2020-19714 + RESERVED +CVE-2020-19713 + RESERVED +CVE-2020-19712 + RESERVED +CVE-2020-19711 + RESERVED +CVE-2020-19710 + RESERVED +CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows ...) + NOT-FOR-US: feehicms +CVE-2020-19708 + RESERVED +CVE-2020-19707 + RESERVED +CVE-2020-19706 + RESERVED +CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...) + NOT-FOR-US: thinkphp-zcms +CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...) + NOT-FOR-US: Spring Boot admin + NOTE: https://github.com/sail-y/spring-boot-admin +CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...) + NOT-FOR-US: Dzzoffice +CVE-2020-19702 + RESERVED +CVE-2020-19701 + RESERVED +CVE-2020-19700 + RESERVED +CVE-2020-19699 (Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 all ...) + NOT-FOR-US: KOHGYLW Kiftd +CVE-2020-19698 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...) + NOT-FOR-US: Pandao Editor.md +CVE-2020-19697 (Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 a ...) + NOT-FOR-US: Pandao Editor.md +CVE-2020-19696 + RESERVED +CVE-2020-19695 (Buffer Overflow found in Nginx NJS allows a remote attacker to execute ...) + NOT-FOR-US: Nginx NJS +CVE-2020-19694 + RESERVED +CVE-2020-19693 (An issue found in Espruino Espruino 6ea4c0a allows an attacker to exec ...) + NOT-FOR-US: Espruino +CVE-2020-19692 (Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a rem ...) + NOT-FOR-US: Nginx NJS +CVE-2020-19691 + RESERVED +CVE-2020-19690 + RESERVED +CVE-2020-19689 + RESERVED +CVE-2020-19688 + RESERVED +CVE-2020-19687 + RESERVED +CVE-2020-19686 + RESERVED +CVE-2020-19685 + RESERVED +CVE-2020-19684 + RESERVED +CVE-2020-19683 (A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile a ...) + NOT-FOR-US: zzzcms +CVE-2020-19682 (A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7 ...) + NOT-FOR-US: zzzcms +CVE-2020-19681 + RESERVED +CVE-2020-19680 + RESERVED +CVE-2020-19679 + RESERVED +CVE-2020-19678 (Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense ...) + NOT-FOR-US: pfSense +CVE-2020-19677 + RESERVED +CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...) + NOT-FOR-US: Nacos +CVE-2020-19675 + RESERVED +CVE-2020-19674 + RESERVED +CVE-2020-19673 + RESERVED +CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...) + NOT-FOR-US: Niushop B2B2C Multi-business basic +CVE-2020-19671 + RESERVED +CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...) + NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition +CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...) + NOT-FOR-US: Eyoucms +CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...) + - libsixel 1.10.3-1 (bug #990799) + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/136 + NOTE: https://github.com/libsixel/libsixel/issues/7 + NOTE: https://github.com/libsixel/libsixel/pull/8 + NOTE: https://github.com/libsixel/libsixel/commit/05e5d21d065c663ec7a83d185974f4c252314968 (v1.9.0) + NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork +CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in ...) + {DLA-3357-1 DLA-2523-1} + - imagemagick 8:6.9.11.24+dfsg-1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/1895 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5462fd4725018567764c8f66bed98b7ee3e23006 +CVE-2020-19666 + RESERVED +CVE-2020-19665 + RESERVED +CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...) + NOT-FOR-US: DrayTek Vigor2960 +CVE-2020-19663 + RESERVED +CVE-2020-19662 + RESERVED +CVE-2020-19661 + RESERVED +CVE-2020-19660 (Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to ...) + NOT-FOR-US: pandao editor.md +CVE-2020-19659 + RESERVED +CVE-2020-19658 + RESERVED +CVE-2020-19657 + RESERVED +CVE-2020-19656 + RESERVED +CVE-2020-19655 + RESERVED +CVE-2020-19654 + RESERVED +CVE-2020-19653 + RESERVED +CVE-2020-19652 + RESERVED +CVE-2020-19651 + RESERVED +CVE-2020-19650 + RESERVED +CVE-2020-19649 + RESERVED +CVE-2020-19648 + RESERVED +CVE-2020-19647 + RESERVED +CVE-2020-19646 + RESERVED +CVE-2020-19645 + RESERVED +CVE-2020-19644 + RESERVED +CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...) + NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera +CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera +CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera +CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) + NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera +CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...) + NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera +CVE-2020-19638 + RESERVED +CVE-2020-19637 + RESERVED +CVE-2020-19636 + RESERVED +CVE-2020-19635 + RESERVED +CVE-2020-19634 + RESERVED +CVE-2020-19633 + RESERVED +CVE-2020-19632 + RESERVED +CVE-2020-19631 + RESERVED +CVE-2020-19630 + RESERVED +CVE-2020-19629 + RESERVED +CVE-2020-19628 + RESERVED +CVE-2020-19627 + RESERVED +CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...) + NOT-FOR-US: craftcms +CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...) + NOT-FOR-US: oria gridx +CVE-2020-19624 + RESERVED +CVE-2020-19623 + RESERVED +CVE-2020-19622 + RESERVED +CVE-2020-19621 + RESERVED +CVE-2020-19620 + RESERVED +CVE-2020-19619 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signatur ...) + NOT-FOR-US: mblog +CVE-2020-19618 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post con ...) + NOT-FOR-US: mblog +CVE-2020-19617 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname ...) + NOT-FOR-US: mblog +CVE-2020-19616 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post hea ...) + NOT-FOR-US: mblog +CVE-2020-19615 + RESERVED +CVE-2020-19614 + RESERVED +CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function ...) + NOT-FOR-US: sunkaifei FlyCMS +CVE-2020-19612 + RESERVED +CVE-2020-19611 (Cross Site Scripting (XSS) in redirect module of Racktables version 0. ...) + - racktables (bug #629531) +CVE-2020-19610 + RESERVED +CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) + {DLA-2765-1} + - mupdf 1.17.0+ds1-2 (bug #991401) + [buster] - mupdf (Minor issue; can be fixed via point release) + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076 +CVE-2020-19608 + RESERVED +CVE-2020-19607 + RESERVED +CVE-2020-19606 + RESERVED +CVE-2020-19605 + RESERVED +CVE-2020-19604 + RESERVED +CVE-2020-19603 + RESERVED +CVE-2020-19602 + RESERVED +CVE-2020-19601 + RESERVED +CVE-2020-19600 + RESERVED +CVE-2020-19599 + RESERVED +CVE-2020-19598 + RESERVED +CVE-2020-19597 + RESERVED +CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a ...) + NOT-FOR-US: Core FTP +CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a c ...) + NOT-FOR-US: Core FTP +CVE-2020-19594 + RESERVED +CVE-2020-19593 + RESERVED +CVE-2020-19592 + RESERVED +CVE-2020-19591 + RESERVED +CVE-2020-19590 + RESERVED +CVE-2020-19589 + RESERVED +CVE-2020-19588 + RESERVED +CVE-2020-19587 (Cross Site Scripting (XSS) vulnerability in configMap parameters in Ye ...) + NOT-FOR-US: Yellowfin Business Intelligence +CVE-2020-19586 (Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 ...) + NOT-FOR-US: Yellowfin Business Intelligence +CVE-2020-19585 + RESERVED +CVE-2020-19584 + RESERVED +CVE-2020-19583 + RESERVED +CVE-2020-19582 + RESERVED +CVE-2020-19581 + RESERVED +CVE-2020-19580 + RESERVED +CVE-2020-19579 + RESERVED +CVE-2020-19578 + RESERVED +CVE-2020-19577 + RESERVED +CVE-2020-19576 + RESERVED +CVE-2020-19575 + RESERVED +CVE-2020-19574 + RESERVED +CVE-2020-19573 + RESERVED +CVE-2020-19572 + RESERVED +CVE-2020-19571 + RESERVED +CVE-2020-19570 + RESERVED +CVE-2020-19569 + RESERVED +CVE-2020-19568 + RESERVED +CVE-2020-19567 + RESERVED +CVE-2020-19566 + RESERVED +CVE-2020-19565 + RESERVED +CVE-2020-19564 + RESERVED +CVE-2020-19563 + RESERVED +CVE-2020-19562 + RESERVED +CVE-2020-19561 + RESERVED +CVE-2020-19560 + RESERVED +CVE-2020-19559 (An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote at ...) + NOT-FOR-US: Diebold Aglis XFS for Opteva +CVE-2020-19558 + RESERVED +CVE-2020-19557 + RESERVED +CVE-2020-19556 + RESERVED +CVE-2020-19555 + RESERVED +CVE-2020-19554 (Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPMana ...) + NOT-FOR-US: ManageEngine +CVE-2020-19553 (Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-19552 + RESERVED +CVE-2020-19551 (Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 i ...) + NOT-FOR-US: WUZHI CMS +CVE-2020-19550 + RESERVED +CVE-2020-19549 + RESERVED +CVE-2020-19548 + RESERVED +CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...) + NOT-FOR-US: PopojiCMS +CVE-2020-19546 + RESERVED +CVE-2020-19545 + RESERVED +CVE-2020-19544 + RESERVED +CVE-2020-19543 + RESERVED +CVE-2020-19542 + RESERVED +CVE-2020-19541 + RESERVED +CVE-2020-19540 + RESERVED +CVE-2020-19539 + RESERVED +CVE-2020-19538 + RESERVED +CVE-2020-19537 + RESERVED +CVE-2020-19536 + RESERVED +CVE-2020-19535 + RESERVED +CVE-2020-19534 + RESERVED +CVE-2020-19533 + RESERVED +CVE-2020-19532 + RESERVED +CVE-2020-19531 + RESERVED +CVE-2020-19530 + RESERVED +CVE-2020-19529 + RESERVED +CVE-2020-19528 + RESERVED +CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...) + NOT-FOR-US: idreamsoft iCMS +CVE-2020-19526 + RESERVED +CVE-2020-19525 + RESERVED +CVE-2020-19524 + RESERVED +CVE-2020-19523 + RESERVED +CVE-2020-19522 + RESERVED +CVE-2020-19521 + RESERVED +CVE-2020-19520 + RESERVED +CVE-2020-19519 + RESERVED +CVE-2020-19518 + RESERVED +CVE-2020-19517 + RESERVED +CVE-2020-19516 + RESERVED +CVE-2020-19515 (qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install ...) + NOT-FOR-US: qdPM +CVE-2020-19514 + RESERVED +CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...) + NOT-FOR-US: FinalWire Ltd AIDA64 Engineer +CVE-2020-19512 + RESERVED +CVE-2020-19511 (Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) clas ...) + NOT-FOR-US: Typesetter CMS +CVE-2020-19510 (Textpattern 4.7.3 contains an aribtrary file load via the file_insert ...) + NOT-FOR-US: Textpattern CMS +CVE-2020-19509 + RESERVED +CVE-2020-19508 + RESERVED +CVE-2020-19507 + RESERVED +CVE-2020-19506 + RESERVED +CVE-2020-19505 + RESERVED +CVE-2020-19504 + RESERVED +CVE-2020-19503 + RESERVED +CVE-2020-19502 + RESERVED +CVE-2020-19501 + RESERVED +CVE-2020-19500 + REJECTED +CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in libheif 1 ...) + - libheif 1.5.0-1 + [buster] - libheif (Minor issue) + NOTE: https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd + NOTE: https://github.com/strukturag/libheif/issues/138 +CVE-2020-19498 (Floating point exception in function Fraction in libheif 1.4.0, allows ...) + - libheif 1.5.0-1 + [buster] - libheif (Minor issue) + NOTE: https://github.com/strukturag/libheif/issues/139 + NOTE: https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58 +CVE-2020-19497 (Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tb ...) + - libmatio 1.5.19-2 + [buster] - libmatio (Minor issue) + [stretch] - libmatio (Minor issue) + NOTE: https://github.com/tbeu/matio/commit/5fa49ef9fc4368fe3d19b5fdaa36d8fa5e7f4606 (v1.5.18) + NOTE: https://github.com/tbeu/matio/issues/121 +CVE-2020-19496 + RESERVED +CVE-2020-19495 + RESERVED +CVE-2020-19494 + RESERVED +CVE-2020-19493 + RESERVED +CVE-2020-19492 (There is a floating point exception in ReadImage that leads to a Segme ...) + - sam2p + NOTE: https://github.com/pts/sam2p/commit/b953f63307c4a83fa4615a4863e3fb250205cd98 + NOTE: https://github.com/pts/sam2p/issues/66 +CVE-2020-19491 (There is an invalid memory access bug in cgif.c that leads to a Segmen ...) + - sam2p + NOTE: https://github.com/pts/sam2p/commit/1d62cf8964bfcafa6561c4c3bb66d4aa4c529a73 + NOTE: https://github.com/pts/sam2p/issues/67 +CVE-2020-19490 (tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixe ...) + - tinyexr (Fixed with initial upload to Debian) + NOTE: https://github.com/syoyo/tinyexr/issues/124 + NOTE: https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270 +CVE-2020-19489 + RESERVED +CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) + NOTE: https://github.com/gpac/gpac/issues/1263 + NOTE: Introduced by: https://github.com/gpac/gpac/commit/86d072b6a13baa1a4a90168098a0f8354c24d8cf (v0.8.0) + NOTE: Fixed by: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 (v0.9.0-preview) +CVE-2020-19487 + RESERVED +CVE-2020-19486 + RESERVED +CVE-2020-19485 + RESERVED +CVE-2020-19484 + RESERVED +CVE-2020-19483 + RESERVED +CVE-2020-19482 + RESERVED +CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...) + - gpac 1.0.1+dfsg1-2 + [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) + NOTE: https://github.com/gpac/gpac/issues/1265 + NOTE: https://github.com/gpac/gpac/issues/1266 + NOTE: https://github.com/gpac/gpac/issues/1267 + NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0) + NOTE: Fixed by: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview) +CVE-2020-19480 + RESERVED +CVE-2020-19479 + RESERVED +CVE-2020-19478 + RESERVED +CVE-2020-19477 + RESERVED +CVE-2020-19476 + RESERVED +CVE-2020-19475 (An issue has been found in function CCITTFaxStream::lookChar in PDF2JS ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19474 (An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 t ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19473 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19472 (An issue has been found in function DCTStream::readHuffSym in PDF2JSON ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19471 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19470 (An issue has been found in function DCTStream::getChar in PDF2JSON 0.7 ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19469 (An issue has been found in function DCTStream::reset in PDF2JSON 0.70 ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19468 (An issue has been found in function EmbedStream::getChar in PDF2JSON 0 ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19467 (An issue has been found in function DCTStream::transformDataUnit in PD ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19466 (An issue has been found in function DCTStream::transformDataUnit in PD ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19465 (An issue has been found in function ObjectStream::getObject in PDF2JSO ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19464 (An issue has been found in function XRef::fetch in PDF2JSON 0.70 that ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19463 (An issue has been found in function vfprintf in PDF2JSON 0.70 that all ...) + NOT-FOR-US: pdf2json + NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in + NOTE: tracking whether this affects src:poppler +CVE-2020-19462 + RESERVED +CVE-2020-19461 + RESERVED +CVE-2020-19460 + RESERVED +CVE-2020-19459 + RESERVED +CVE-2020-19458 + RESERVED +CVE-2020-19457 + RESERVED +CVE-2020-19456 + RESERVED +CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) + NOT-FOR-US: jdownloads component for Joomla! +CVE-2020-19454 + RESERVED +CVE-2020-19453 + RESERVED +CVE-2020-19452 + RESERVED +CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) + NOT-FOR-US: jdownloads component for Joomla! +CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) + NOT-FOR-US: jdownloads component for Joomla! +CVE-2020-19449 + RESERVED +CVE-2020-19448 + RESERVED +CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...) + NOT-FOR-US: jdownloads component for Joomla! +CVE-2020-19446 + RESERVED +CVE-2020-19445 + RESERVED +CVE-2020-19444 + RESERVED +CVE-2020-19443 + RESERVED +CVE-2020-19442 + RESERVED +CVE-2020-19441 + RESERVED +CVE-2020-19440 + RESERVED +CVE-2020-19439 + RESERVED +CVE-2020-19438 + RESERVED +CVE-2020-19437 + RESERVED +CVE-2020-19436 + RESERVED +CVE-2020-19435 + RESERVED +CVE-2020-19434 + RESERVED +CVE-2020-19433 + RESERVED +CVE-2020-19432 + RESERVED +CVE-2020-19431 + RESERVED +CVE-2020-19430 + RESERVED +CVE-2020-19429 + RESERVED +CVE-2020-19428 + RESERVED +CVE-2020-19427 + RESERVED +CVE-2020-19426 + RESERVED +CVE-2020-19425 + RESERVED +CVE-2020-19424 + RESERVED +CVE-2020-19423 + RESERVED +CVE-2020-19422 + RESERVED +CVE-2020-19421 + RESERVED +CVE-2020-19420 + RESERVED +CVE-2020-19419 (Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 ...) + NOT-FOR-US: Emerson Smart Wireless Gateway 1420 +CVE-2020-19418 + RESERVED +CVE-2020-19417 (Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users ...) + NOT-FOR-US: Emerson Smart Wireless Gateway 1420 +CVE-2020-19416 + RESERVED +CVE-2020-19415 + RESERVED +CVE-2020-19414 + RESERVED +CVE-2020-19413 + RESERVED +CVE-2020-19412 + RESERVED +CVE-2020-19411 + RESERVED +CVE-2020-19410 + RESERVED +CVE-2020-19409 + RESERVED +CVE-2020-19408 + RESERVED +CVE-2020-19407 + RESERVED +CVE-2020-19406 + RESERVED +CVE-2020-19405 + RESERVED +CVE-2020-19404 + RESERVED +CVE-2020-19403 + RESERVED +CVE-2020-19402 + RESERVED +CVE-2020-19401 + RESERVED +CVE-2020-19400 + RESERVED +CVE-2020-19399 + RESERVED +CVE-2020-19398 + RESERVED +CVE-2020-19397 + RESERVED +CVE-2020-19396 + RESERVED +CVE-2020-19395 + RESERVED +CVE-2020-19394 + RESERVED +CVE-2020-19393 + RESERVED +CVE-2020-19392 + RESERVED +CVE-2020-19391 + RESERVED +CVE-2020-19390 + RESERVED +CVE-2020-19389 + RESERVED +CVE-2020-19388 + RESERVED +CVE-2020-19387 + RESERVED +CVE-2020-19386 + RESERVED +CVE-2020-19385 + RESERVED +CVE-2020-19384 + RESERVED +CVE-2020-19383 + RESERVED +CVE-2020-19382 + RESERVED +CVE-2020-19381 + RESERVED +CVE-2020-19380 + RESERVED +CVE-2020-19379 + RESERVED +CVE-2020-19378 + RESERVED +CVE-2020-19377 + RESERVED +CVE-2020-19376 + RESERVED +CVE-2020-19375 + RESERVED +CVE-2020-19374 + RESERVED +CVE-2020-19373 + RESERVED +CVE-2020-19372 + RESERVED +CVE-2020-19371 + RESERVED +CVE-2020-19370 + RESERVED +CVE-2020-19369 + RESERVED +CVE-2020-19368 + RESERVED +CVE-2020-19367 + RESERVED +CVE-2020-19366 + RESERVED +CVE-2020-19365 + RESERVED +CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and execute m ...) + NOT-FOR-US: OpenEMR +CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files, list dir ...) + NOT-FOR-US: Vtiger CRM +CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the ...) + NOT-FOR-US: Vtiger CRM +CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 ...) + NOT-FOR-US: Medintux +CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper fil ...) + NOT-FOR-US: FHEM +CVE-2020-19359 + RESERVED +CVE-2020-19358 + RESERVED +CVE-2020-19357 + RESERVED +CVE-2020-19356 + RESERVED +CVE-2020-19355 + RESERVED +CVE-2020-19354 + RESERVED +CVE-2020-19353 + RESERVED +CVE-2020-19352 + RESERVED +CVE-2020-19351 + RESERVED +CVE-2020-19350 + RESERVED +CVE-2020-19349 + RESERVED +CVE-2020-19348 + RESERVED +CVE-2020-19347 + RESERVED +CVE-2020-19346 + RESERVED +CVE-2020-19345 + RESERVED +CVE-2020-19344 + RESERVED +CVE-2020-19343 + RESERVED +CVE-2020-19342 + RESERVED +CVE-2020-19341 + RESERVED +CVE-2020-19340 + RESERVED +CVE-2020-19339 + RESERVED +CVE-2020-19338 + RESERVED +CVE-2020-19337 + RESERVED +CVE-2020-19336 + RESERVED +CVE-2020-19335 + RESERVED +CVE-2020-19334 + RESERVED +CVE-2020-19333 + RESERVED +CVE-2020-19332 + RESERVED +CVE-2020-19331 + RESERVED +CVE-2020-19330 + RESERVED +CVE-2020-19329 + RESERVED +CVE-2020-19328 + RESERVED +CVE-2020-19327 + RESERVED +CVE-2020-19326 + RESERVED +CVE-2020-19325 + RESERVED +CVE-2020-19324 + RESERVED +CVE-2020-19323 (An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta ...) + NOT-FOR-US: D-Link +CVE-2020-19322 + RESERVED +CVE-2020-19321 + RESERVED +CVE-2020-19320 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...) + NOT-FOR-US: D-Link +CVE-2020-19319 (Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the ...) + NOT-FOR-US: D-Link +CVE-2020-19318 (Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, ...) + NOT-FOR-US: D-Link +CVE-2020-19317 + RESERVED +CVE-2020-19316 (OS Command injection vulnerability in function link in Filesystem.php ...) + - php-laravel-framework (Fixed before initial upload to Debian) + NOTE: http://www.netbytesec.com/advisories/OSCommandInjectionInLaravelFramework/ + NOTE: https://github.com/laravel/framework/commit/44c3feb604944599ad1c782a9942981c3991fa31 (5.8.17) +CVE-2020-19315 + RESERVED +CVE-2020-19314 + RESERVED +CVE-2020-19313 + RESERVED +CVE-2020-19312 + RESERVED +CVE-2020-19311 + RESERVED +CVE-2020-19310 + RESERVED +CVE-2020-19309 + RESERVED +CVE-2020-19308 + RESERVED +CVE-2020-19307 + RESERVED +CVE-2020-19306 + RESERVED +CVE-2020-19305 (An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 ...) + NOT-FOR-US: Metinfo +CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Meti ...) + NOT-FOR-US: Metinfo +CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...) + NOT-FOR-US: hdcms +CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...) + NOT-FOR-US: vaeThink +CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...) + NOT-FOR-US: vaeThink +CVE-2020-19300 + RESERVED +CVE-2020-19299 + RESERVED +CVE-2020-19298 + RESERVED +CVE-2020-19297 + RESERVED +CVE-2020-19296 + RESERVED +CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...) + NOT-FOR-US: Jeesns +CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...) + NOT-FOR-US: Jeesns +CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add ...) + NOT-FOR-US: Jeesns +CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...) + NOT-FOR-US: Jeesns +CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...) + NOT-FOR-US: Jeesns +CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...) + NOT-FOR-US: Jeesns +CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...) + NOT-FOR-US: Jeesns +CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u ...) + NOT-FOR-US: Jeesns +CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...) + NOT-FOR-US: Jeesns +CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...) + NOT-FOR-US: Jeesns +CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply ...) + NOT-FOR-US: Jeesns +CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...) + NOT-FOR-US: Jeesns +CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...) + NOT-FOR-US: Jeesns +CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...) + NOT-FOR-US: Jeesns +CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...) + NOT-FOR-US: Jeesns +CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...) + NOT-FOR-US: Jeesns +CVE-2020-19279 (Directory Traversal vulnerability found in B3log Wide allows a an atta ...) + NOT-FOR-US: B3log +CVE-2020-19278 (Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0. ...) + NOT-FOR-US: Phachon mm-wiki +CVE-2020-19277 (Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 al ...) + NOT-FOR-US: Phachon mm-wiki +CVE-2020-19276 + RESERVED +CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...) + NOT-FOR-US: dhcms +CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 ...) + NOT-FOR-US: dhcms +CVE-2020-19273 + RESERVED +CVE-2020-19272 + RESERVED +CVE-2020-19271 + RESERVED +CVE-2020-19270 + RESERVED +CVE-2020-19269 + RESERVED +CVE-2020-19268 (A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of ...) + NOT-FOR-US: Dswjcms +CVE-2020-19267 (An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows ...) + NOT-FOR-US: Dswjcms +CVE-2020-19266 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) + NOT-FOR-US: Dswjcms +CVE-2020-19265 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) + NOT-FOR-US: Dswjcms +CVE-2020-19264 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) + NOT-FOR-US: MipCMS +CVE-2020-19263 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) + NOT-FOR-US: MipCMS +CVE-2020-19262 + RESERVED +CVE-2020-19261 + RESERVED +CVE-2020-19260 + RESERVED +CVE-2020-19259 + RESERVED +CVE-2020-19258 + RESERVED +CVE-2020-19257 + RESERVED +CVE-2020-19256 + RESERVED +CVE-2020-19255 + RESERVED +CVE-2020-19254 + RESERVED +CVE-2020-19253 + RESERVED +CVE-2020-19252 + RESERVED +CVE-2020-19251 + RESERVED +CVE-2020-19250 + RESERVED +CVE-2020-19249 + RESERVED +CVE-2020-19248 + RESERVED +CVE-2020-19247 + RESERVED +CVE-2020-19246 + RESERVED +CVE-2020-19245 + RESERVED +CVE-2020-19244 + RESERVED +CVE-2020-19243 + RESERVED +CVE-2020-19242 + RESERVED +CVE-2020-19241 + RESERVED +CVE-2020-19240 + RESERVED +CVE-2020-19239 + RESERVED +CVE-2020-19238 + RESERVED +CVE-2020-19237 + RESERVED +CVE-2020-19236 + RESERVED +CVE-2020-19235 + RESERVED +CVE-2020-19234 + RESERVED +CVE-2020-19233 + RESERVED +CVE-2020-19232 + RESERVED +CVE-2020-19231 + RESERVED +CVE-2020-19230 + RESERVED +CVE-2020-19229 (Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016 ...) + NOT-FOR-US: Jeesite +CVE-2020-19228 (An issue was found in bludit v3.13.0, unsafe implementation of the bac ...) + NOT-FOR-US: bludit +CVE-2020-19227 + RESERVED +CVE-2020-19226 + RESERVED +CVE-2020-19225 + RESERVED +CVE-2020-19224 + RESERVED +CVE-2020-19223 + RESERVED +CVE-2020-19222 + RESERVED +CVE-2020-19221 + RESERVED +CVE-2020-19220 + RESERVED +CVE-2020-19219 + RESERVED +CVE-2020-19218 + RESERVED +CVE-2020-19217 (SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9. ...) + - piwigo +CVE-2020-19216 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...) + - piwigo +CVE-2020-19215 (SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, v ...) + - piwigo +CVE-2020-19214 + RESERVED +CVE-2020-19213 (SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the ...) + - piwigo +CVE-2020-19212 (SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, ...) + - piwigo +CVE-2020-19211 + RESERVED +CVE-2020-19210 + RESERVED +CVE-2020-19209 + RESERVED +CVE-2020-19208 + RESERVED +CVE-2020-19207 + RESERVED +CVE-2020-19206 + RESERVED +CVE-2020-19205 + RESERVED +CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exis ...) + NOT-FOR-US: IPFire +CVE-2020-19203 (An authenticated Cross-Site Scripting (XSS) vulnerability was found in ...) + NOT-FOR-US: Netgate pfSense Community Edition +CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...) + NOT-FOR-US: IPFire +CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...) + NOT-FOR-US: Netgate pfSense +CVE-2020-19200 + RESERVED +CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...) + NOT-FOR-US: PHPOK +CVE-2020-19198 + RESERVED +CVE-2020-19197 + RESERVED +CVE-2020-19196 + RESERVED +CVE-2020-19195 + RESERVED +CVE-2020-19194 + RESERVED +CVE-2020-19193 + RESERVED +CVE-2020-19192 + RESERVED +CVE-2020-19191 + RESERVED +CVE-2020-19190 (Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:7 ...) + - ncurses 6.1+20191019-1 + [buster] - ncurses 6.1+20181013-2+deb10u2 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc6.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html + NOTE: CVE-2020-19190 seems to be a duplicate of CVE-2019-17594 but keep distinct for now +CVE-2020-19189 (Buffer Overflow vulnerability in postprocess_terminfo function in tinf ...) + {DLA-3586-1} + - ncurses 6.1+20191019-1 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html +CVE-2020-19188 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...) + - ncurses 6.1+20191019-1 + [buster] - ncurses 6.1+20181013-2+deb10u2 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc4.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html +CVE-2020-19187 (Buffer Overflow vulnerability in fmt_entry function in progs/dump_entr ...) + - ncurses 6.1+20191019-1 + [buster] - ncurses 6.1+20181013-2+deb10u2 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc3.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html + NOTE: CVE-2020-19187 seems to be a duplicate of CVE-2019-17595 but keep distinct for now +CVE-2020-19186 (Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp ...) + - ncurses 6.1+20191019-1 + [buster] - ncurses 6.1+20181013-2+deb10u2 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc2.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html +CVE-2020-19185 (Buffer Overflow vulnerability in one_one_mapping function in progs/dum ...) + - ncurses 6.1+20191019-1 + [buster] - ncurses 6.1+20181013-2+deb10u2 + NOTE: https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc1.md + NOTE: Fixed in 20191012 with followups in 20191015 and 20191019 patchlevels + NOTE: https://lists.gnu.org/archive/html/bug-ncurses/2019-10/index.html +CVE-2020-19184 + RESERVED +CVE-2020-19183 + RESERVED +CVE-2020-19182 + RESERVED +CVE-2020-19181 + RESERVED +CVE-2020-19180 + RESERVED +CVE-2020-19179 + RESERVED +CVE-2020-19178 + RESERVED +CVE-2020-19177 + RESERVED +CVE-2020-19176 + RESERVED +CVE-2020-19175 + RESERVED +CVE-2020-19174 + RESERVED +CVE-2020-19173 + RESERVED +CVE-2020-19172 + RESERVED +CVE-2020-19171 + RESERVED +CVE-2020-19170 + RESERVED +CVE-2020-19169 + RESERVED +CVE-2020-19168 + RESERVED +CVE-2020-19167 + RESERVED +CVE-2020-19166 + RESERVED +CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_id=1 ...) + NOT-FOR-US: PHPSHE +CVE-2020-19164 + RESERVED +CVE-2020-19163 + RESERVED +CVE-2020-19162 + RESERVED +CVE-2020-19161 + RESERVED +CVE-2020-19160 + RESERVED +CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...) + NOT-FOR-US: LaikeTui +CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows ...) + NOT-FOR-US: S-CMS +CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...) + NOT-FOR-US: Wenku CMS +CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...) + NOT-FOR-US: Wordpress ari-adminer +CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19153 + RESERVED +CVE-2020-19152 + RESERVED +CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19149 + RESERVED +CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) + NOT-FOR-US: Jfinal CMS +CVE-2020-19145 + RESERVED +CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) + {DLA-2777-1} + - tiff 4.0.10+git190814-1 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2852 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159 + NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) (CVE-2020-18768) +CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) + {DSA-4997-1} + - tiff 4.1.0+git201212-1 + [stretch] - tiff (Vulnerable code introduced later) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851 + NOTE: https://gitlab.com/libtiff/libtiff/-/issues/158 + NOTE: Introduced with: https://gitlab.com/libtiff/libtiff/-/commit/9eacd59fecc4ef593ac17689bc530ab451c8ec14 (v4.0.10) + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/54ce8c522078cd0f39861df71db848648ec28ade (v4.2.0) +CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...) + NOT-FOR-US: idreamsoft iCMS +CVE-2020-19141 + RESERVED +CVE-2020-19140 + RESERVED +CVE-2020-19139 + RESERVED +CVE-2020-19138 (Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and e ...) + NOT-FOR-US: DotCMS +CVE-2020-19137 (Incorrect Access Control in Autumn v1.0.4 and earlier allows remote at ...) + NOT-FOR-US: Autumn +CVE-2020-19136 + RESERVED +CVE-2020-19135 + RESERVED +CVE-2020-19134 + RESERVED +CVE-2020-19133 + RESERVED +CVE-2020-19132 + RESERVED +CVE-2020-19131 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) + {DLA-2777-1} + - tiff 4.0.10+git190814-1 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2831 + NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/61 + NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9cfa5c469109c207bf3b916c52e618d4400ba2c0 (v4.1.0) +CVE-2020-19130 + RESERVED +CVE-2020-19129 + RESERVED +CVE-2020-19128 + RESERVED +CVE-2020-19127 + RESERVED +CVE-2020-19126 + RESERVED +CVE-2020-19125 + RESERVED +CVE-2020-19124 + RESERVED +CVE-2020-19123 + RESERVED +CVE-2020-19122 + RESERVED +CVE-2020-19121 + RESERVED +CVE-2020-19120 + RESERVED +CVE-2020-19119 + RESERVED +CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...) + NOT-FOR-US: YzmCMS +CVE-2020-19117 + RESERVED +CVE-2020-19116 + RESERVED +CVE-2020-19115 + RESERVED +CVE-2020-19114 (SQL Injection vulnerability in Online Book Store v1.0 via the publishe ...) + NOT-FOR-US: Online Book Store +CVE-2020-19113 (Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin ...) + NOT-FOR-US: Online Book Store +CVE-2020-19112 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) + NOT-FOR-US: Online Book Store +CVE-2020-19111 (Incorrect Access Control vulnerability in Online Book Store v1.0 via a ...) + NOT-FOR-US: Online Book Store +CVE-2020-19110 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) + NOT-FOR-US: Online Book Store +CVE-2020-19109 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) + NOT-FOR-US: Online Book Store +CVE-2020-19108 (SQL Injection vulnerability in Online Book Store v1.0 via the pubid pa ...) + NOT-FOR-US: Online Book Store +CVE-2020-19107 (SQL Injection vulnerability in Online Book Store v1.0 via the isbn par ...) + NOT-FOR-US: Online Book Store +CVE-2020-19106 + RESERVED +CVE-2020-19105 + RESERVED +CVE-2020-19104 + RESERVED +CVE-2020-19103 + RESERVED +CVE-2020-19102 + RESERVED +CVE-2020-19101 + RESERVED +CVE-2020-19100 + RESERVED +CVE-2020-19099 + RESERVED +CVE-2020-19098 + RESERVED +CVE-2020-19097 + RESERVED +CVE-2020-19096 + RESERVED +CVE-2020-19095 + RESERVED +CVE-2020-19094 + RESERVED +CVE-2020-19093 + RESERVED +CVE-2020-19092 + RESERVED +CVE-2020-19091 + RESERVED +CVE-2020-19090 + RESERVED +CVE-2020-19089 + RESERVED +CVE-2020-19088 + RESERVED +CVE-2020-19087 + RESERVED +CVE-2020-19086 + RESERVED +CVE-2020-19085 + RESERVED +CVE-2020-19084 + RESERVED +CVE-2020-19083 + RESERVED +CVE-2020-19082 + RESERVED +CVE-2020-19081 + RESERVED +CVE-2020-19080 + RESERVED +CVE-2020-19079 + RESERVED +CVE-2020-19078 + RESERVED +CVE-2020-19077 + RESERVED +CVE-2020-19076 + RESERVED +CVE-2020-19075 + RESERVED +CVE-2020-19074 + RESERVED +CVE-2020-19073 + RESERVED +CVE-2020-19072 + RESERVED +CVE-2020-19071 + RESERVED +CVE-2020-19070 + RESERVED +CVE-2020-19069 + RESERVED +CVE-2020-19068 + RESERVED +CVE-2020-19067 + RESERVED +CVE-2020-19066 + RESERVED +CVE-2020-19065 + RESERVED +CVE-2020-19064 + RESERVED +CVE-2020-19063 + RESERVED +CVE-2020-19062 + RESERVED +CVE-2020-19061 + RESERVED +CVE-2020-19060 + RESERVED +CVE-2020-19059 + RESERVED +CVE-2020-19058 + RESERVED +CVE-2020-19057 + RESERVED +CVE-2020-19056 + RESERVED +CVE-2020-19055 + RESERVED +CVE-2020-19054 + RESERVED +CVE-2020-19053 + RESERVED +CVE-2020-19052 + RESERVED +CVE-2020-19051 + RESERVED +CVE-2020-19050 + RESERVED +CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) + NOT-FOR-US: MyBB +CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) + NOT-FOR-US: MyBB +CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatck ...) + NOT-FOR-US: iWebShop +CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to ex ...) + NOT-FOR-US: S-CMS +CVE-2020-19045 + RESERVED +CVE-2020-19044 + RESERVED +CVE-2020-19043 + RESERVED +CVE-2020-19042 (Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via ...) + NOT-FOR-US: zzcms +CVE-2020-19041 + RESERVED +CVE-2020-19040 + RESERVED +CVE-2020-19039 + RESERVED +CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup.) + NOT-FOR-US: Halo +CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...) + NOT-FOR-US: Halo +CVE-2020-19036 + RESERVED +CVE-2020-19035 + RESERVED +CVE-2020-19034 + RESERVED +CVE-2020-19033 + RESERVED +CVE-2020-19032 + RESERVED +CVE-2020-19031 + RESERVED +CVE-2020-19030 + RESERVED +CVE-2020-19029 + RESERVED +CVE-2020-19028 (*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a re ...) + NOT-FOR-US: EmlogCMS +CVE-2020-19027 + RESERVED +CVE-2020-19026 + RESERVED +CVE-2020-19025 + RESERVED +CVE-2020-19024 + RESERVED +CVE-2020-19023 + RESERVED +CVE-2020-19022 + RESERVED +CVE-2020-19021 + RESERVED +CVE-2020-19020 + RESERVED +CVE-2020-19019 + RESERVED +CVE-2020-19018 + RESERVED +CVE-2020-19017 + RESERVED +CVE-2020-19016 + RESERVED +CVE-2020-19015 + RESERVED +CVE-2020-19014 + RESERVED +CVE-2020-19013 + RESERVED +CVE-2020-19012 + RESERVED +CVE-2020-19011 + RESERVED +CVE-2020-19010 + RESERVED +CVE-2020-19009 + RESERVED +CVE-2020-19008 + RESERVED +CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...) + NOT-FOR-US: Halo blog +CVE-2020-19006 + RESERVED +CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...) + NOT-FOR-US: zrlog +CVE-2020-19004 + RESERVED +CVE-2020-19003 (An issue in Gate One 1.2.0 allows attackers to bypass to the verificat ...) + NOT-FOR-US: Gate One +CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...) + NOT-FOR-US: Mezzanine CMS +CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...) + NOT-FOR-US: Simiki +CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote ...) + NOT-FOR-US: Simiki +CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) + NOT-FOR-US: Blog_mini +CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) + NOT-FOR-US: Blog_mini +CVE-2020-18997 + RESERVED +CVE-2020-18996 + RESERVED +CVE-2020-18995 + RESERVED +CVE-2020-18994 + RESERVED +CVE-2020-18993 + RESERVED +CVE-2020-18992 + RESERVED +CVE-2020-18991 + RESERVED +CVE-2020-18990 + RESERVED +CVE-2020-18989 + RESERVED +CVE-2020-18988 + RESERVED +CVE-2020-18987 + RESERVED +CVE-2020-18986 + RESERVED +CVE-2020-18985 (An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboratio ...) + NOT-FOR-US: Zimbra +CVE-2020-18984 (A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmi ...) + NOT-FOR-US: Zimbra +CVE-2020-18983 + RESERVED +CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...) + NOT-FOR-US: Halo +CVE-2020-18981 + RESERVED +CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...) + NOT-FOR-US: Halo +CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwa ...) + NOT-FOR-US: Halo +CVE-2020-18978 + RESERVED +CVE-2020-18977 + RESERVED +CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...) + - tcpreplay 4.3.3-1 (unimportant) + NOTE: https://github.com/appneta/tcpreplay/issues/556 + NOTE: Crash in CLI tool, no security impact +CVE-2020-18975 + RESERVED +CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...) + - nasm (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392568 + NOTE: Crash in CLI tool, no security impact +CVE-2020-18973 + RESERVED +CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...) + - libpodofo (unimportant) + NOTE: https://sourceforge.net/p/podofo/tickets/49/ + NOTE: Negligible security impact +CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...) + - libpodofo (bug #1014858) + [bookworm] - libpodofo (Minor issue) + [bullseye] - libpodofo (Minor issue) + [buster] - libpodofo (Minor issue) + [stretch] - libpodofo (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/podofo/tickets/48/ +CVE-2020-18970 + RESERVED +CVE-2020-18969 + RESERVED +CVE-2020-18968 + RESERVED +CVE-2020-18967 + RESERVED +CVE-2020-18966 + RESERVED +CVE-2020-18965 + RESERVED +CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest v ...) + NOT-FOR-US: ForestBlog +CVE-2020-18963 + RESERVED +CVE-2020-18962 + RESERVED +CVE-2020-18961 + RESERVED +CVE-2020-18960 + RESERVED +CVE-2020-18959 + RESERVED +CVE-2020-18958 + RESERVED +CVE-2020-18957 + RESERVED +CVE-2020-18956 + RESERVED +CVE-2020-18955 + RESERVED +CVE-2020-18954 + RESERVED +CVE-2020-18953 + RESERVED +CVE-2020-18952 + RESERVED +CVE-2020-18951 + RESERVED +CVE-2020-18950 + RESERVED +CVE-2020-18949 + RESERVED +CVE-2020-18948 + RESERVED +CVE-2020-18947 + RESERVED +CVE-2020-18946 + RESERVED +CVE-2020-18945 + RESERVED +CVE-2020-18944 + RESERVED +CVE-2020-18943 + RESERVED +CVE-2020-18942 + RESERVED +CVE-2020-18941 + RESERVED +CVE-2020-18940 + RESERVED +CVE-2020-18939 + RESERVED +CVE-2020-18938 + RESERVED +CVE-2020-18937 + RESERVED +CVE-2020-18936 + RESERVED +CVE-2020-18935 + RESERVED +CVE-2020-18934 + RESERVED +CVE-2020-18933 + RESERVED +CVE-2020-18932 + RESERVED +CVE-2020-18931 + RESERVED +CVE-2020-18930 + RESERVED +CVE-2020-18929 + RESERVED +CVE-2020-18928 + RESERVED +CVE-2020-18927 + RESERVED +CVE-2020-18926 + RESERVED +CVE-2020-18925 + RESERVED +CVE-2020-18924 + RESERVED +CVE-2020-18923 + RESERVED +CVE-2020-18922 + RESERVED +CVE-2020-18921 + RESERVED +CVE-2020-18920 + RESERVED +CVE-2020-18919 + RESERVED +CVE-2020-18918 + RESERVED +CVE-2020-18917 (The plus/search.php component in DedeCMS 5.7 SP2 allows remote attacke ...) + NOT-FOR-US: DedeCMS +CVE-2020-18916 + RESERVED +CVE-2020-18915 + RESERVED +CVE-2020-18914 + RESERVED +CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerabi ...) + NOT-FOR-US: EARCLINK ESPCMS-P8 +CVE-2020-18912 (An issue found in Earcms Ear App v.20181124 allows a remote attacker t ...) + NOT-FOR-US: Earcms Ear App +CVE-2020-18911 + RESERVED +CVE-2020-18910 + RESERVED +CVE-2020-18909 + RESERVED +CVE-2020-18908 + RESERVED +CVE-2020-18907 + RESERVED +CVE-2020-18906 + RESERVED +CVE-2020-18905 + RESERVED +CVE-2020-18904 + RESERVED +CVE-2020-18903 + RESERVED +CVE-2020-18902 + RESERVED +CVE-2020-18901 + RESERVED +CVE-2020-18900 (A heap-based buffer overflow in the libexe_io_handle_read_coff_optiona ...) + NOT-FOR-US: libyal +CVE-2020-18899 (An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...) + - exiv2 0.27.2-6 + [buster] - exiv2 (jp2image::printStructure added in 0.26) + NOTE: https://github.com/Exiv2/exiv2/issues/742 + NOTE: https://github.com/Exiv2/exiv2/commit/051b5d9df1f4669117937b7a40104404cc252993 (0.27.1) +CVE-2020-18898 (A stack exhaustion issue in the printIFDStructure function of Exiv2 0. ...) + - exiv2 (unimportant) + NOTE: https://github.com/Exiv2/exiv2/issues/741 + NOTE: Negligible security impact, issue in debugging only function +CVE-2020-18897 (An use-after-free vulnerability in the libpff_item_tree_create_node fu ...) + - libpff 20180714-1 + [stretch] - libpff (Minor issue) + NOTE: https://github.com/libyal/libpff/issues/61 + NOTE: https://github.com/libyal/libpff/issues/62 + NOTE: https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c +CVE-2020-18896 + RESERVED +CVE-2020-18895 + RESERVED +CVE-2020-18894 + RESERVED +CVE-2020-18893 + RESERVED +CVE-2020-18892 + RESERVED +CVE-2020-18891 + RESERVED +CVE-2020-18890 (Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insec ...) + NOT-FOR-US: puppyCMS +CVE-2020-18889 (Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that ...) + NOT-FOR-US: puppyCMS +CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote m ...) + NOT-FOR-US: puppyCMS +CVE-2020-18887 + RESERVED +CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to ...) + NOT-FOR-US: PHPMyWind +CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...) + NOT-FOR-US: PHPMyWind +CVE-2020-18884 + RESERVED +CVE-2020-18883 + RESERVED +CVE-2020-18882 + RESERVED +CVE-2020-18881 + RESERVED +CVE-2020-18880 + RESERVED +CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...) + NOT-FOR-US: Bludit +CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...) + NOT-FOR-US: Skycaiji +CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...) + NOT-FOR-US: Wuzhi CMS +CVE-2020-18876 + RESERVED +CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...) + NOT-FOR-US: DotCMS +CVE-2020-18874 + RESERVED +CVE-2020-18873 + RESERVED +CVE-2020-18872 + RESERVED +CVE-2020-18871 + RESERVED +CVE-2020-18870 + RESERVED +CVE-2020-18869 + RESERVED +CVE-2020-18868 + RESERVED +CVE-2020-18867 + RESERVED +CVE-2020-18866 + RESERVED +CVE-2020-18865 + RESERVED +CVE-2020-18864 + RESERVED +CVE-2020-18863 + RESERVED +CVE-2020-18862 + RESERVED +CVE-2020-18861 + RESERVED +CVE-2020-18860 + RESERVED +CVE-2020-18859 + RESERVED +CVE-2020-18858 + RESERVED +CVE-2020-18857 + RESERVED +CVE-2020-18856 + RESERVED +CVE-2020-18855 + RESERVED +CVE-2020-18854 + RESERVED +CVE-2020-18853 + RESERVED +CVE-2020-18852 + RESERVED +CVE-2020-18851 + RESERVED +CVE-2020-18850 + RESERVED +CVE-2020-18849 + RESERVED +CVE-2020-18848 + RESERVED +CVE-2020-18847 + RESERVED +CVE-2020-18846 + RESERVED +CVE-2020-18845 + RESERVED +CVE-2020-18844 + RESERVED +CVE-2020-18843 + RESERVED +CVE-2020-18842 + RESERVED +CVE-2020-18841 + RESERVED +CVE-2020-18840 + RESERVED +CVE-2020-18839 (Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 ...) + - poppler 0.85.0-2 + [buster] - poppler 0.71.0-5+deb10u1 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 + NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0) + NOTE: Duplicate issue of CVE-2020-27778 (assigning CNA contacted) +CVE-2020-18838 + RESERVED +CVE-2020-18837 + RESERVED +CVE-2020-18836 + RESERVED +CVE-2020-18835 + RESERVED +CVE-2020-18834 + RESERVED +CVE-2020-18833 + RESERVED +CVE-2020-18832 + RESERVED +CVE-2020-18831 (Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cp ...) + - exiv2 0.27.2-6 + [buster] - exiv2 (Vulnerable code introduced later) + NOTE: https://github.com/Exiv2/exiv2/issues/828 + NOTE: https://github.com/Exiv2/exiv2/pull/862 + NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/4617dc37284bb14c15fb884a7252de7c2b8b8854 + NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6068df4c01ce915befb763bd0fd718d16a5df130 (v0.27.2-RC1) +CVE-2020-18830 + RESERVED +CVE-2020-18829 + RESERVED +CVE-2020-18828 + RESERVED +CVE-2020-18827 + RESERVED +CVE-2020-18826 + RESERVED +CVE-2020-18825 + RESERVED +CVE-2020-18824 + RESERVED +CVE-2020-18823 + RESERVED +CVE-2020-18822 + RESERVED +CVE-2020-18821 + RESERVED +CVE-2020-18820 + RESERVED +CVE-2020-18819 + RESERVED +CVE-2020-18818 + RESERVED +CVE-2020-18817 + RESERVED +CVE-2020-18816 + RESERVED +CVE-2020-18815 + RESERVED +CVE-2020-18814 + RESERVED +CVE-2020-18813 + RESERVED +CVE-2020-18812 + RESERVED +CVE-2020-18811 + RESERVED +CVE-2020-18810 + RESERVED +CVE-2020-18809 + RESERVED +CVE-2020-18808 + RESERVED +CVE-2020-18807 + RESERVED +CVE-2020-18806 + RESERVED +CVE-2020-18805 + RESERVED +CVE-2020-18804 + RESERVED +CVE-2020-18803 + RESERVED +CVE-2020-18802 + RESERVED +CVE-2020-18801 + RESERVED +CVE-2020-18800 + RESERVED +CVE-2020-18799 + RESERVED +CVE-2020-18798 + RESERVED +CVE-2020-18797 + RESERVED +CVE-2020-18796 + RESERVED +CVE-2020-18795 + RESERVED +CVE-2020-18794 + RESERVED +CVE-2020-18793 + RESERVED +CVE-2020-18792 + RESERVED +CVE-2020-18791 + RESERVED +CVE-2020-18790 + RESERVED +CVE-2020-18789 + RESERVED +CVE-2020-18788 + RESERVED +CVE-2020-18787 + RESERVED +CVE-2020-18786 + RESERVED +CVE-2020-18785 + RESERVED +CVE-2020-18784 + RESERVED +CVE-2020-18783 + RESERVED +CVE-2020-18782 + RESERVED +CVE-2020-18781 (Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in a ...) + - audiofile 0.3.6-4 + NOTE: https://github.com/mpruett/audiofile/issues/56 + NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2020-18780 (A Use After Free vulnerability in function new_Token in asm/preproc.c ...) + - nasm 2.15.04-1 (unimportant) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392634 + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392711 + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88 (nasm-2.15.04rc6) +CVE-2020-18779 + RESERVED +CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...) + - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1155 +CVE-2020-18777 + RESERVED +CVE-2020-18776 (In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr ...) + - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1153 +CVE-2020-18775 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_ ...) + - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1152 +CVE-2020-18774 (A float point exception in the printLong function in tags_int.cpp of E ...) + - exiv2 (unimportant) + NOTE: https://github.com/Exiv2/exiv2/issues/759 + NOTE: Negligible security impact +CVE-2020-18773 (An invalid memory access in the decode function in iptc.cpp of Exiv2 0 ...) + - exiv2 (unimportant) + NOTE: https://github.com/Exiv2/exiv2/issues/760 + NOTE: Negligible security impact +CVE-2020-18772 + RESERVED +CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...) + {DLA-3265-1} + - exiv2 0.27.2-6 + [stretch] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/756 +CVE-2020-18770 (An issue was discovered in function zzip_disk_entry_to_file_header in ...) + - zziplib (bug #1054910) + [bookworm] - zziplib (Minor issue) + [bullseye] - zziplib (Minor issue) + [buster] - zziplib (Minor issue) + NOTE: https://github.com/gdraheim/zziplib/issues/69 +CVE-2020-18769 + RESERVED +CVE-2020-18768 (There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in ...) + {DLA-2777-1} + - tiff 4.0.10+git190814-1 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2848 + NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/72 + NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) +CVE-2020-18767 + RESERVED +CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...) + NOT-FOR-US: AntSword +CVE-2020-18765 + RESERVED +CVE-2020-18764 + RESERVED +CVE-2020-18763 + RESERVED +CVE-2020-18762 + RESERVED +CVE-2020-18761 + RESERVED +CVE-2020-18760 + RESERVED +CVE-2020-18759 (An information disclosure vulnerability exists in the EPA protocol of ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18758 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18757 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18756 (An arbitrary memory access vulnerability in the EPA protocol of Dut Co ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18755 + RESERVED +CVE-2020-18754 (An information disclosure vulnerability exists within Dut Computer Con ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18753 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) + NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 +CVE-2020-18752 + RESERVED +CVE-2020-18751 + RESERVED +CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...) + NOT-FOR-US: pdf2json +CVE-2020-18749 + RESERVED +CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...) + NOT-FOR-US: Typora +CVE-2020-18747 + RESERVED +CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...) + NOT-FOR-US: AiteCMS +CVE-2020-18745 + RESERVED +CVE-2020-18744 + RESERVED +CVE-2020-18743 + RESERVED +CVE-2020-18742 + RESERVED +CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...) + NOT-FOR-US: ThinkSAAS +CVE-2020-18740 + RESERVED +CVE-2020-18739 + RESERVED +CVE-2020-18738 + RESERVED +CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...) + NOT-FOR-US: Typora +CVE-2020-18736 + RESERVED +CVE-2020-18735 (A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS ...) + NOT-FOR-US: Eclipse IOT Cyclone +CVE-2020-18734 (A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS ...) + NOT-FOR-US: Eclipse IOT Cyclone +CVE-2020-18733 + RESERVED +CVE-2020-18732 + RESERVED +CVE-2020-18731 (A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC ...) + NOT-FOR-US: IEC104 +CVE-2020-18730 (A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 ...) + NOT-FOR-US: IEC104 +CVE-2020-18729 + RESERVED +CVE-2020-18728 + RESERVED +CVE-2020-18727 + RESERVED +CVE-2020-18726 + RESERVED +CVE-2020-18725 + RESERVED +CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) + NOT-FOR-US: MDaemon webmail +CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) + NOT-FOR-US: MDaemon webmail +CVE-2020-18722 + RESERVED +CVE-2020-18721 + RESERVED +CVE-2020-18720 + RESERVED +CVE-2020-18719 + RESERVED +CVE-2020-18718 + RESERVED +CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...) + NOT-FOR-US: ZZZCMS +CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) + NOT-FOR-US: Rockoa +CVE-2020-18715 + REJECTED +CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) + NOT-FOR-US: Rockoa +CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) + NOT-FOR-US: Rockoa +CVE-2020-18712 + RESERVED +CVE-2020-18711 + RESERVED +CVE-2020-18710 + RESERVED +CVE-2020-18709 + RESERVED +CVE-2020-18708 + RESERVED +CVE-2020-18707 + RESERVED +CVE-2020-18706 + RESERVED +CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) + NOT-FOR-US: Quokka +CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...) + NOT-FOR-US: Django-Widgy +CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) + NOT-FOR-US: Quokka +CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...) + NOT-FOR-US: Quokka +CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...) + NOT-FOR-US: Lin-CMS-Flask +CVE-2020-18700 + RESERVED +CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...) + NOT-FOR-US: Lin-CMS-Flask +CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...) + NOT-FOR-US: Lin-CMS-Flask +CVE-2020-18697 + RESERVED +CVE-2020-18696 + RESERVED +CVE-2020-18695 + RESERVED +CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...) + NOT-FOR-US: IgnitedCMS +CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...) + NOT-FOR-US: MineWebCMS +CVE-2020-18692 + RESERVED +CVE-2020-18691 + RESERVED +CVE-2020-18690 + RESERVED +CVE-2020-18689 + RESERVED +CVE-2020-18688 + RESERVED +CVE-2020-18687 + RESERVED +CVE-2020-18686 + RESERVED +CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) + NOT-FOR-US: Floodlight +CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...) + NOT-FOR-US: Floodlight +CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) + NOT-FOR-US: Floodlight +CVE-2020-18682 + RESERVED +CVE-2020-18681 + RESERVED +CVE-2020-18680 + RESERVED +CVE-2020-18679 + RESERVED +CVE-2020-18678 + RESERVED +CVE-2020-18677 + RESERVED +CVE-2020-18676 + RESERVED +CVE-2020-18675 + RESERVED +CVE-2020-18674 + RESERVED +CVE-2020-18673 + RESERVED +CVE-2020-18672 + RESERVED +CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via ...) + - roundcube 1.4.5+dfsg.1-1 + [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 + [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) + NOTE: https://github.com/roundcube/roundcubemail/issues/7406 + NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 +CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...) + - roundcube 1.4.5+dfsg.1-1 + [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 + [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) + NOTE: https://github.com/roundcube/roundcubemail/issues/7406 + NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 +CVE-2020-18669 + RESERVED +CVE-2020-18668 (Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the ...) + NOT-FOR-US: WebPort +CVE-2020-18667 (SQL Injection vulnerability in WebPort <=1.19.1 via the new connection ...) + NOT-FOR-US: WebPort +CVE-2020-18666 + REJECTED +CVE-2020-18665 (Directory Traversal vulnerability in WebPort <=1.19.1 in tags of syste ...) + NOT-FOR-US: WebPort +CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the co ...) + NOT-FOR-US: WebPort +CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via t ...) + NOT-FOR-US: gnuboard5 +CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_pref ...) + NOT-FOR-US: gnuboard5 +CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 via t ...) + NOT-FOR-US: gnuboard5 +CVE-2020-18660 (GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1 ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in ...) + NOT-FOR-US: GetSimpleCMS +CVE-2020-18656 + RESERVED +CVE-2020-18655 + RESERVED +CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers ...) + NOT-FOR-US: Wuzhi CMS +CVE-2020-18653 + RESERVED +CVE-2020-18652 (Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and ...) + {DLA-3585-1} + - exempi 2.5.1-1 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/12 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/acee2894ceb91616543927c2a6e45050c60f98f7 (2.5.1) +CVE-2020-18651 (Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::get ...) + {DLA-3585-1} + - exempi 2.5.1-1 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/issues/13 + NOTE: https://gitlab.freedesktop.org/libopenraw/exempi/-/commit/fdd4765a699f9700850098b43b9798b933acb32f (2.5.1) +CVE-2020-18650 + RESERVED +CVE-2020-18649 + RESERVED +CVE-2020-18648 (Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote atta ...) + NOT-FOR-US: JuQingCMS +CVE-2020-18647 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) + NOT-FOR-US: NoneCMS +CVE-2020-18646 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) + NOT-FOR-US: NoneCMS +CVE-2020-18645 + RESERVED +CVE-2020-18644 + RESERVED +CVE-2020-18643 + RESERVED +CVE-2020-18642 + RESERVED +CVE-2020-18641 + RESERVED +CVE-2020-18640 + RESERVED +CVE-2020-18639 + RESERVED +CVE-2020-18638 + RESERVED +CVE-2020-18637 + RESERVED +CVE-2020-18636 + RESERVED +CVE-2020-18635 + RESERVED +CVE-2020-18634 + RESERVED +CVE-2020-18633 + RESERVED +CVE-2020-18632 + RESERVED +CVE-2020-18631 + RESERVED +CVE-2020-18630 + RESERVED +CVE-2020-18629 + RESERVED +CVE-2020-18628 + RESERVED +CVE-2020-18627 + RESERVED +CVE-2020-18626 + RESERVED +CVE-2020-18625 + RESERVED +CVE-2020-18624 + RESERVED +CVE-2020-18623 + RESERVED +CVE-2020-18622 + RESERVED +CVE-2020-18621 + RESERVED +CVE-2020-18620 + RESERVED +CVE-2020-18619 + RESERVED +CVE-2020-18618 + RESERVED +CVE-2020-18617 + RESERVED +CVE-2020-18616 + RESERVED +CVE-2020-18615 + RESERVED +CVE-2020-18614 + RESERVED +CVE-2020-18613 + RESERVED +CVE-2020-18612 + RESERVED +CVE-2020-18611 + RESERVED +CVE-2020-18610 + RESERVED +CVE-2020-18609 + RESERVED +CVE-2020-18608 + RESERVED +CVE-2020-18607 + RESERVED +CVE-2020-18606 + RESERVED +CVE-2020-18605 + RESERVED +CVE-2020-18604 + RESERVED +CVE-2020-18603 + RESERVED +CVE-2020-18602 + RESERVED +CVE-2020-18601 + RESERVED +CVE-2020-18600 + RESERVED +CVE-2020-18599 + RESERVED +CVE-2020-18598 + RESERVED +CVE-2020-18597 + RESERVED +CVE-2020-18596 + RESERVED +CVE-2020-18595 + RESERVED +CVE-2020-18594 + RESERVED +CVE-2020-18593 + RESERVED +CVE-2020-18592 + RESERVED +CVE-2020-18591 + RESERVED +CVE-2020-18590 + RESERVED +CVE-2020-18589 + RESERVED +CVE-2020-18588 + RESERVED +CVE-2020-18587 + RESERVED +CVE-2020-18586 + RESERVED +CVE-2020-18585 + RESERVED +CVE-2020-18584 + RESERVED +CVE-2020-18583 + RESERVED +CVE-2020-18582 + RESERVED +CVE-2020-18581 + RESERVED +CVE-2020-18580 + RESERVED +CVE-2020-18579 + RESERVED +CVE-2020-18578 + RESERVED +CVE-2020-18577 + RESERVED +CVE-2020-18576 + RESERVED +CVE-2020-18575 + RESERVED +CVE-2020-18574 + RESERVED +CVE-2020-18573 + RESERVED +CVE-2020-18572 + RESERVED +CVE-2020-18571 + RESERVED +CVE-2020-18570 + RESERVED +CVE-2020-18569 + RESERVED +CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a ...) + NOT-FOR-US: D-Link +CVE-2020-18567 + RESERVED +CVE-2020-18566 + RESERVED +CVE-2020-18565 + RESERVED +CVE-2020-18564 + RESERVED +CVE-2020-18563 + RESERVED +CVE-2020-18562 + RESERVED +CVE-2020-18561 + RESERVED +CVE-2020-18560 + RESERVED +CVE-2020-18559 + RESERVED +CVE-2020-18558 + RESERVED +CVE-2020-18557 + RESERVED +CVE-2020-18556 + RESERVED +CVE-2020-18555 + RESERVED +CVE-2020-18554 + RESERVED +CVE-2020-18553 + RESERVED +CVE-2020-18552 + RESERVED +CVE-2020-18551 + RESERVED +CVE-2020-18550 + RESERVED +CVE-2020-18549 + RESERVED +CVE-2020-18548 + RESERVED +CVE-2020-18547 + RESERVED +CVE-2020-18546 + RESERVED +CVE-2020-18545 + RESERVED +CVE-2020-18544 (SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: WMS +CVE-2020-18543 + RESERVED +CVE-2020-18542 + RESERVED +CVE-2020-18541 + RESERVED +CVE-2020-18540 + RESERVED +CVE-2020-18539 + RESERVED +CVE-2020-18538 + RESERVED +CVE-2020-18537 + RESERVED +CVE-2020-18536 + RESERVED +CVE-2020-18535 + RESERVED +CVE-2020-18534 + RESERVED +CVE-2020-18533 + RESERVED +CVE-2020-18532 + RESERVED +CVE-2020-18531 + RESERVED +CVE-2020-18530 + RESERVED +CVE-2020-18529 + RESERVED +CVE-2020-18528 + RESERVED +CVE-2020-18527 + RESERVED +CVE-2020-18526 + RESERVED +CVE-2020-18525 + RESERVED +CVE-2020-18524 + RESERVED +CVE-2020-18523 + RESERVED +CVE-2020-18522 + RESERVED +CVE-2020-18521 + RESERVED +CVE-2020-18520 + RESERVED +CVE-2020-18519 + RESERVED +CVE-2020-18518 + RESERVED +CVE-2020-18517 + RESERVED +CVE-2020-18516 + RESERVED +CVE-2020-18515 + RESERVED +CVE-2020-18514 + RESERVED +CVE-2020-18513 + RESERVED +CVE-2020-18512 + RESERVED +CVE-2020-18511 + RESERVED +CVE-2020-18510 + RESERVED +CVE-2020-18509 + RESERVED +CVE-2020-18508 + RESERVED +CVE-2020-18507 + RESERVED +CVE-2020-18506 + RESERVED +CVE-2020-18505 + RESERVED +CVE-2020-18504 + RESERVED +CVE-2020-18503 + RESERVED +CVE-2020-18502 + RESERVED +CVE-2020-18501 + RESERVED +CVE-2020-18500 + RESERVED +CVE-2020-18499 + RESERVED +CVE-2020-18498 + RESERVED +CVE-2020-18497 + RESERVED +CVE-2020-18496 + RESERVED +CVE-2020-18495 + RESERVED +CVE-2020-18494 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) + - hdf5 (unimportant) + NOTE: https://github.com/magicSwordsMan/PAAFS/tree/master/vul12 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2020-18493 + RESERVED +CVE-2020-18492 + RESERVED +CVE-2020-18491 + RESERVED +CVE-2020-18490 + RESERVED +CVE-2020-18489 + RESERVED +CVE-2020-18488 + RESERVED +CVE-2020-18487 + RESERVED +CVE-2020-18486 + RESERVED +CVE-2020-18485 + RESERVED +CVE-2020-18484 + RESERVED +CVE-2020-18483 + RESERVED +CVE-2020-18482 + RESERVED +CVE-2020-18481 + RESERVED +CVE-2020-18480 + RESERVED +CVE-2020-18479 + RESERVED +CVE-2020-18478 + RESERVED +CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...) + NOT-FOR-US: Hucart CMS +CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...) + NOT-FOR-US: Hucart CMS +CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is ...) + NOT-FOR-US: Hucart CMS +CVE-2020-18474 + RESERVED +CVE-2020-18473 + RESERVED +CVE-2020-18472 + RESERVED +CVE-2020-18471 + RESERVED +CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...) + NOT-FOR-US: Rukovoditel +CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text ...) + NOT-FOR-US: Rukovoditel +CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...) + NOT-FOR-US: qdPM +CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...) + NOT-FOR-US: BigTree-CMS +CVE-2020-18466 + RESERVED +CVE-2020-18465 + RESERVED +CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...) + NOT-FOR-US: AikCms +CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...) + NOT-FOR-US: AikCms +CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...) + NOT-FOR-US: AikCms +CVE-2020-18461 + RESERVED +CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...) + NOT-FOR-US: 711cms +CVE-2020-18459 + RESERVED +CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...) + NOT-FOR-US: DamiCMS +CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...) + NOT-FOR-US: bycms +CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...) + NOT-FOR-US: PbootCMS +CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...) + NOT-FOR-US: bycms +CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...) + NOT-FOR-US: bycms +CVE-2020-18453 + RESERVED +CVE-2020-18452 + RESERVED +CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...) + NOT-FOR-US: DamiCMS +CVE-2020-18450 + RESERVED +CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...) + NOT-FOR-US: UKCMS +CVE-2020-18448 + RESERVED +CVE-2020-18447 + RESERVED +CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) + NOT-FOR-US: YUNUCMS +CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) + NOT-FOR-US: YUNUCMS +CVE-2020-18444 + RESERVED +CVE-2020-18443 + RESERVED +CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...) + {DLA-2859-1} + - zziplib 0.13.72+dfsg.1-1 + [bullseye] - zziplib 0.13.62-3.3+deb11u1 + [buster] - zziplib 0.13.62-3.2+deb10u1 + NOTE: https://github.com/gdraheim/zziplib/issues/68 + NOTE: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 + NOTE: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e + NOTE: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a + NOTE: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e + NOTE: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d + NOTE: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c + NOTE: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 +CVE-2020-18441 + RESERVED +CVE-2020-18440 (Buffer overflow vulnerability in framework/init.php in qinggan phpok 5 ...) + NOT-FOR-US: qinggan phpok +CVE-2020-18439 (An issue was discoverered in in function edit_save_f in framework/admi ...) + NOT-FOR-US: qinggan phpok +CVE-2020-18438 (Directory traversal vulnerability in qinggan phpok 5.1, allows attacke ...) + NOT-FOR-US: qinggan phpok +CVE-2020-18437 + RESERVED +CVE-2020-18436 + RESERVED +CVE-2020-18435 + RESERVED +CVE-2020-18434 + RESERVED +CVE-2020-18433 + RESERVED +CVE-2020-18432 (File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to ...) + NOT-FOR-US: SEMCMS PHP +CVE-2020-18431 + RESERVED +CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error in the ti ...) + - tinyexr (Fixed with initial upload to Debian) + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18430-out-of-memory-in-function-tinyexrdecodeexrimage-tinyexrh11046 + NOTE: https://github.com/syoyo/tinyexr/issues/108 +CVE-2020-18429 + RESERVED +CVE-2020-18428 (tinyexr commit 0.9.5 was discovered to contain an array index error in ...) + - tinyexr (Fixed with initial upload to Debian) + NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18428-out-of-range-in-function-tinyexrsaveexr-tinyexrh13107 + NOTE: https://github.com/syoyo/tinyexr/issues/109 +CVE-2020-18427 + RESERVED +CVE-2020-18426 + RESERVED +CVE-2020-18425 + RESERVED +CVE-2020-18424 + RESERVED +CVE-2020-18423 + RESERVED +CVE-2020-18422 + RESERVED +CVE-2020-18421 + RESERVED +CVE-2020-18420 + RESERVED +CVE-2020-18419 + RESERVED +CVE-2020-18418 (A Cross site request forgery (CSRF) vulnerability was discovered in Fe ...) + NOT-FOR-US: FeiFeiCMS +CVE-2020-18417 + RESERVED +CVE-2020-18416 (An cross site request forgery (CSRF) vulnerability discovered in Jymus ...) + NOT-FOR-US: Jymusic +CVE-2020-18415 + RESERVED +CVE-2020-18414 (Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 th ...) + NOT-FOR-US: Chaoji CMS +CVE-2020-18413 (Stored cross site scripting (XSS) vulnerability in /index.php?admin-ma ...) + NOT-FOR-US: Chaoji CMS +CVE-2020-18412 + RESERVED +CVE-2020-18411 + RESERVED +CVE-2020-18410 (A stored cross site scripting (XSS) vulnerability in /index.php?admin- ...) + NOT-FOR-US: Chaoji CMS +CVE-2020-18409 (Cross Site Request Forgery (CSRF) vulnerability was discovered in Catf ...) + NOT-FOR-US: CatfishCMS +CVE-2020-18408 + RESERVED +CVE-2020-18407 + RESERVED +CVE-2020-18406 (An issue was discovered in cmseasy v7.0.0 that allows user credentials ...) + NOT-FOR-US: cmseasy +CVE-2020-18405 + RESERVED +CVE-2020-18404 (An issue was discovered in espcms version P8.18101601. There is a cros ...) + NOT-FOR-US: espcms +CVE-2020-18403 + RESERVED +CVE-2020-18402 + RESERVED +CVE-2020-18401 + RESERVED +CVE-2020-18400 + RESERVED +CVE-2020-18399 + RESERVED +CVE-2020-18398 + RESERVED +CVE-2020-18397 + RESERVED +CVE-2020-18396 + RESERVED +CVE-2020-18395 (A NULL-pointer deference issue was discovered in GNU_gama::set() in el ...) + NOT-FOR-US: GNU Gama +CVE-2020-18394 + RESERVED +CVE-2020-18393 + RESERVED +CVE-2020-18392 (Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows ...) + NOT-FOR-US: Cesanta MJS +CVE-2020-18391 + RESERVED +CVE-2020-18390 + RESERVED +CVE-2020-18389 + RESERVED +CVE-2020-18388 + RESERVED +CVE-2020-18387 + RESERVED +CVE-2020-18386 + RESERVED +CVE-2020-18385 + RESERVED +CVE-2020-18384 + RESERVED +CVE-2020-18383 + RESERVED +CVE-2020-18382 (Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryB ...) + - binaryen 68-1 + NOTE: https://github.com/WebAssembly/binaryen/issues/1900 +CVE-2020-18381 + RESERVED +CVE-2020-18380 + RESERVED +CVE-2020-18379 + RESERVED +CVE-2020-18378 (A NULL pointer dereference was discovered in SExpressionWasmBuilder::m ...) + - binaryen 68-1 + NOTE: https://github.com/WebAssembly/binaryen/issues/1900 +CVE-2020-18377 + RESERVED +CVE-2020-18376 + RESERVED +CVE-2020-18375 + RESERVED +CVE-2020-18374 + RESERVED +CVE-2020-18373 + RESERVED +CVE-2020-18372 + RESERVED +CVE-2020-18371 + RESERVED +CVE-2020-18370 + RESERVED +CVE-2020-18369 + RESERVED +CVE-2020-18368 + RESERVED +CVE-2020-18367 + RESERVED +CVE-2020-18366 + RESERVED +CVE-2020-18365 + RESERVED +CVE-2020-18364 + RESERVED +CVE-2020-18363 + RESERVED +CVE-2020-18362 + RESERVED +CVE-2020-18361 + RESERVED +CVE-2020-18360 + RESERVED +CVE-2020-18359 + RESERVED +CVE-2020-18358 + RESERVED +CVE-2020-18357 + RESERVED +CVE-2020-18356 + RESERVED +CVE-2020-18355 + RESERVED +CVE-2020-18354 + RESERVED +CVE-2020-18353 + RESERVED +CVE-2020-18352 + RESERVED +CVE-2020-18351 + RESERVED +CVE-2020-18350 + RESERVED +CVE-2020-18349 + RESERVED +CVE-2020-18348 + RESERVED +CVE-2020-18347 + RESERVED +CVE-2020-18346 + RESERVED +CVE-2020-18345 + RESERVED +CVE-2020-18344 + RESERVED +CVE-2020-18343 + RESERVED +CVE-2020-18342 + RESERVED +CVE-2020-18341 + RESERVED +CVE-2020-18340 + RESERVED +CVE-2020-18339 + RESERVED +CVE-2020-18338 + RESERVED +CVE-2020-18337 + RESERVED +CVE-2020-18336 (Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allo ...) + NOT-FOR-US: Typora +CVE-2020-18335 + RESERVED +CVE-2020-18334 + RESERVED +CVE-2020-18333 + RESERVED +CVE-2020-18332 + RESERVED +CVE-2020-18331 (Directory traversal vulnerability in ChinaMobile PLC Wireless Router m ...) + NOT-FOR-US: ChinaMobile +CVE-2020-18330 (An issue was discovered in the default configuration of ChinaMobile PL ...) + NOT-FOR-US: ChinaMobile +CVE-2020-18329 (An issue was discovered in Rehau devices that use a pCOWeb card BIOS v ...) + NOT-FOR-US: Rehau +CVE-2020-18328 + RESERVED +CVE-2020-18327 (Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco C ...) + NOT-FOR-US: Alfresco +CVE-2020-18326 (Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants ...) + NOT-FOR-US: Subrion CMS +CVE-2020-18325 (Multilple Cross Site Scripting (XSS) vulnerability exists in Intellian ...) + NOT-FOR-US: Subrion CMS +CVE-2020-18324 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 v ...) + NOT-FOR-US: Subrion CMS +CVE-2020-18323 + RESERVED +CVE-2020-18322 + RESERVED +CVE-2020-18321 + RESERVED +CVE-2020-18320 + RESERVED +CVE-2020-18319 + RESERVED +CVE-2020-18318 + RESERVED +CVE-2020-18317 + RESERVED +CVE-2020-18316 + RESERVED +CVE-2020-18315 + RESERVED +CVE-2020-18314 + RESERVED +CVE-2020-18313 + RESERVED +CVE-2020-18312 + RESERVED +CVE-2020-18311 + RESERVED +CVE-2020-18310 + RESERVED +CVE-2020-18309 + RESERVED +CVE-2020-18308 + RESERVED +CVE-2020-18307 + RESERVED +CVE-2020-18306 + RESERVED +CVE-2020-18305 + RESERVED +CVE-2020-18304 + RESERVED +CVE-2020-18303 + RESERVED +CVE-2020-18302 + RESERVED +CVE-2020-18301 + RESERVED +CVE-2020-18300 + RESERVED +CVE-2020-18299 + RESERVED +CVE-2020-18298 + RESERVED +CVE-2020-18297 + RESERVED +CVE-2020-18296 + RESERVED +CVE-2020-18295 + RESERVED +CVE-2020-18294 + RESERVED +CVE-2020-18293 + RESERVED +CVE-2020-18292 + RESERVED +CVE-2020-18291 + RESERVED +CVE-2020-18290 + RESERVED +CVE-2020-18289 + RESERVED +CVE-2020-18288 + RESERVED +CVE-2020-18287 + RESERVED +CVE-2020-18286 + RESERVED +CVE-2020-18285 + RESERVED +CVE-2020-18284 + RESERVED +CVE-2020-18283 + RESERVED +CVE-2020-18282 (Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remot ...) + NOT-FOR-US: NoneCms +CVE-2020-18281 + RESERVED +CVE-2020-18280 (Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a ...) + NOT-FOR-US: Phodal CMD +CVE-2020-18279 + RESERVED +CVE-2020-18278 + RESERVED +CVE-2020-18277 + RESERVED +CVE-2020-18276 + RESERVED +CVE-2020-18275 + RESERVED +CVE-2020-18274 + RESERVED +CVE-2020-18273 + RESERVED +CVE-2020-18272 + RESERVED +CVE-2020-18271 + RESERVED +CVE-2020-18270 + RESERVED +CVE-2020-18269 + RESERVED +CVE-2020-18268 (Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers ...) + NOT-FOR-US: Z-BlogPHP +CVE-2020-18267 + RESERVED +CVE-2020-18266 + RESERVED +CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) + NOT-FOR-US: Simple-Log +CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) + NOT-FOR-US: Simple-Log +CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...) + NOT-FOR-US: PHP-CMS +CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...) + NOT-FOR-US: ED01-CMS +CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...) + NOT-FOR-US: ED01-CMS +CVE-2020-18260 + RESERVED +CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...) + NOT-FOR-US: ED01-CMS +CVE-2020-18258 + RESERVED +CVE-2020-18257 + RESERVED +CVE-2020-18256 + RESERVED +CVE-2020-18255 + RESERVED +CVE-2020-18254 + RESERVED +CVE-2020-18253 + RESERVED +CVE-2020-18252 + RESERVED +CVE-2020-18251 + RESERVED +CVE-2020-18250 + RESERVED +CVE-2020-18249 + RESERVED +CVE-2020-18248 + RESERVED +CVE-2020-18247 + RESERVED +CVE-2020-18246 + RESERVED +CVE-2020-18245 + RESERVED +CVE-2020-18244 + RESERVED +CVE-2020-18243 + RESERVED +CVE-2020-18242 + RESERVED +CVE-2020-18241 + RESERVED +CVE-2020-18240 + RESERVED +CVE-2020-18239 + RESERVED +CVE-2020-18238 + RESERVED +CVE-2020-18237 + RESERVED +CVE-2020-18236 + RESERVED +CVE-2020-18235 + RESERVED +CVE-2020-18234 + RESERVED +CVE-2020-18233 + RESERVED +CVE-2020-18232 (Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1 ...) + - hdf5 (unimportant) + NOTE: https://github.com/winson2004aa/PAAFS/tree/master/vul2 + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2020-18231 + RESERVED +CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) + NOT-FOR-US: PHPMyWind +CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) + NOT-FOR-US: PHPMyWind +CVE-2020-18228 + RESERVED +CVE-2020-18227 + RESERVED +CVE-2020-18226 + RESERVED +CVE-2020-18225 + RESERVED +CVE-2020-18224 + RESERVED +CVE-2020-18223 + RESERVED +CVE-2020-18222 + RESERVED +CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...) + NOT-FOR-US: Typora +CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...) + NOT-FOR-US: DoraCMS +CVE-2020-18219 + RESERVED +CVE-2020-18218 + RESERVED +CVE-2020-18217 + RESERVED +CVE-2020-18216 + RESERVED +CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...) + NOT-FOR-US: PHPSHE +CVE-2020-18214 + RESERVED +CVE-2020-18213 + RESERVED +CVE-2020-18212 + RESERVED +CVE-2020-18211 + RESERVED +CVE-2020-18210 + RESERVED +CVE-2020-18209 + RESERVED +CVE-2020-18208 + RESERVED +CVE-2020-18207 + RESERVED +CVE-2020-18206 + RESERVED +CVE-2020-18205 + RESERVED +CVE-2020-18204 + RESERVED +CVE-2020-18203 + RESERVED +CVE-2020-18202 + RESERVED +CVE-2020-18201 + RESERVED +CVE-2020-18200 + RESERVED +CVE-2020-18199 + RESERVED +CVE-2020-18198 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) + NOT-FOR-US: Pluck CMS +CVE-2020-18197 + RESERVED +CVE-2020-18196 + RESERVED +CVE-2020-18195 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) + NOT-FOR-US: Pluck CMS +CVE-2020-18194 (Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to ...) + NOT-FOR-US: emlog +CVE-2020-18193 + RESERVED +CVE-2020-18192 + RESERVED +CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...) + NOT-FOR-US: GetSimple CMS +CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...) + NOT-FOR-US: Bludit +CVE-2020-18189 + RESERVED +CVE-2020-18188 + RESERVED +CVE-2020-18187 + RESERVED +CVE-2020-18186 + RESERVED +CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...) + - pluxml (unimportant; bug #973382) + NOTE: https://github.com/pluxml/PluXml/issues/321 + NOTE: The attack vector is a little unusual but it would be quite expected that + NOTE: the admin can execute arbitrary php code. +CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...) + - pluxml (unimportant; bug #973382) + NOTE: https://github.com/pluxml/PluXml/issues/320 + NOTE: One could question whether this is a vulnerability at all. The + NOTE: developer documentation describes this as expected behavior. +CVE-2020-18183 + RESERVED +CVE-2020-18182 + RESERVED +CVE-2020-18181 + RESERVED +CVE-2020-18180 + RESERVED +CVE-2020-18179 + RESERVED +CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...) + NOT-FOR-US: HongCMS +CVE-2020-18177 + RESERVED +CVE-2020-18176 + RESERVED +CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...) + NOT-FOR-US: Metinfo +CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...) + NOT-FOR-US: AutoHotkey +CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...) + NOT-FOR-US: 1Password +CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...) + NOT-FOR-US: Trezor Bridge +CVE-2020-18171 (TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) w ...) + NOT-FOR-US: TechSmith Snagit +CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...) + NOT-FOR-US: Abloy Key Manager +CVE-2020-18169 (A vulnerability in the Windows installer XML (WiX) toolset of TechSmit ...) + NOT-FOR-US: TechSmith Snagit +CVE-2020-18168 + RESERVED +CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) + NOT-FOR-US: LAOBANCMS +CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to ...) + NOT-FOR-US: LAOBANCMS +CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) + NOT-FOR-US: LAOBANCMS +CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...) + NOT-FOR-US: tp-shop +CVE-2020-18163 + RESERVED +CVE-2020-18162 + RESERVED +CVE-2020-18161 + RESERVED +CVE-2020-18160 + RESERVED +CVE-2020-18159 + RESERVED +CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname ...) + NOT-FOR-US: HuCart +CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...) + NOT-FOR-US: MetInfo +CVE-2020-18156 + RESERVED +CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...) + NOT-FOR-US: Subrion CMS +CVE-2020-18154 + RESERVED +CVE-2020-18153 + RESERVED +CVE-2020-18152 + RESERVED +CVE-2020-18151 (Cross Site Request Forgery (CSRF) vulnerability in ThinkCMF v5.1.0, wh ...) + NOT-FOR-US: ThinkCMF +CVE-2020-18150 + RESERVED +CVE-2020-18149 + RESERVED +CVE-2020-18148 + RESERVED +CVE-2020-18147 + RESERVED +CVE-2020-18146 + RESERVED +CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /publi ...) + NOT-FOR-US: umeditor +CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min paramet ...) + NOT-FOR-US: ECTouch +CVE-2020-18143 + RESERVED +CVE-2020-18142 + RESERVED +CVE-2020-18141 + RESERVED +CVE-2020-18140 + RESERVED +CVE-2020-18139 + RESERVED +CVE-2020-18138 + RESERVED +CVE-2020-18137 + RESERVED +CVE-2020-18136 + RESERVED +CVE-2020-18135 + RESERVED +CVE-2020-18134 + RESERVED +CVE-2020-18133 + RESERVED +CVE-2020-18132 (Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attack ...) + NOT-FOR-US: MIPCMS +CVE-2020-18131 (Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scr ...) + NOT-FOR-US: Bluethrust Clan Scripts +CVE-2020-18130 + RESERVED +CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...) + NOT-FOR-US: Eyoucms +CVE-2020-18128 + RESERVED +CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...) + NOT-FOR-US: Indexhibit +CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...) + NOT-FOR-US: Indexhibit +CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...) + NOT-FOR-US: Indexhibit +CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) + NOT-FOR-US: Indexhibit +CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) + NOT-FOR-US: Indexhibit +CVE-2020-18122 + RESERVED +CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...) + NOT-FOR-US: Indexhibit +CVE-2020-18120 + RESERVED +CVE-2020-18119 + RESERVED +CVE-2020-18118 + RESERVED +CVE-2020-18117 + RESERVED +CVE-2020-18116 (A lack of filtering for searched keywords in the search bar of YouDian ...) + NOT-FOR-US: YouDianCMS +CVE-2020-18115 + RESERVED +CVE-2020-18114 (An arbitrary file upload vulnerability in the /uploads/dede component ...) + NOT-FOR-US: DedeCMS +CVE-2020-18113 + RESERVED +CVE-2020-18112 + RESERVED +CVE-2020-18111 + RESERVED +CVE-2020-18110 + RESERVED +CVE-2020-18109 + RESERVED +CVE-2020-18108 + RESERVED +CVE-2020-18107 + RESERVED +CVE-2020-18106 (The GET parameter "id" in WMS v1.0 is passed without filtering, which ...) + NOT-FOR-US: WMS + NOTE: https://github.com/FeMiner/wms +CVE-2020-18105 + RESERVED +CVE-2020-18104 + RESERVED +CVE-2020-18103 + RESERVED +CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attacke ...) + NOT-FOR-US: Hotels_Server +CVE-2020-18101 + RESERVED +CVE-2020-18100 + RESERVED +CVE-2020-18099 + RESERVED +CVE-2020-18098 + RESERVED +CVE-2020-18097 + RESERVED +CVE-2020-18096 + RESERVED +CVE-2020-18095 + RESERVED +CVE-2020-18094 + RESERVED +CVE-2020-18093 + RESERVED +CVE-2020-18092 + RESERVED +CVE-2020-18091 + RESERVED +CVE-2020-18090 + RESERVED +CVE-2020-18089 + RESERVED +CVE-2020-18088 + RESERVED +CVE-2020-18087 + RESERVED +CVE-2020-18086 + RESERVED +CVE-2020-18085 + RESERVED +CVE-2020-18084 (Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to e ...) + NOT-FOR-US: yzmCMS +CVE-2020-18083 + RESERVED +CVE-2020-18082 + RESERVED +CVE-2020-18081 (The checkuser function of SEMCMS 3.8 was discovered to contain a vulne ...) + NOT-FOR-US: SEMCMS +CVE-2020-18080 + RESERVED +CVE-2020-18079 + RESERVED +CVE-2020-18078 (A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attack ...) + NOT-FOR-US: SEMCMS +CVE-2020-18077 (A buffer overflow vulnerability in the Virtual Path Mapping component ...) + NOT-FOR-US: FTPShell Server +CVE-2020-18076 + RESERVED +CVE-2020-18075 + RESERVED +CVE-2020-18074 + RESERVED +CVE-2020-18073 + RESERVED +CVE-2020-18072 + RESERVED +CVE-2020-18071 + RESERVED +CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...) + NOT-FOR-US: iCMS +CVE-2020-18069 + RESERVED +CVE-2020-18068 + RESERVED +CVE-2020-18067 + RESERVED +CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...) + NOT-FOR-US: Zrlog +CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in ...) + NOT-FOR-US: PopojiCMS +CVE-2020-18064 + RESERVED +CVE-2020-18063 + RESERVED +CVE-2020-18062 + RESERVED +CVE-2020-18061 + RESERVED +CVE-2020-18060 + RESERVED +CVE-2020-18059 + RESERVED +CVE-2020-18058 + RESERVED +CVE-2020-18057 + RESERVED +CVE-2020-18056 + RESERVED +CVE-2020-18055 + RESERVED +CVE-2020-18054 + RESERVED +CVE-2020-18053 + RESERVED +CVE-2020-18052 + RESERVED +CVE-2020-18051 + RESERVED +CVE-2020-18050 + RESERVED +CVE-2020-18049 + RESERVED +CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...) + NOT-FOR-US: CraigMS + NOTE: https://github.com/bertanddip/CraigMS +CVE-2020-18047 + RESERVED +CVE-2020-18046 + RESERVED +CVE-2020-18045 + RESERVED +CVE-2020-18044 + RESERVED +CVE-2020-18043 + RESERVED +CVE-2020-18042 + RESERVED +CVE-2020-18041 + RESERVED +CVE-2020-18040 + RESERVED +CVE-2020-18039 + RESERVED +CVE-2020-18038 + RESERVED +CVE-2020-18037 + RESERVED +CVE-2020-18036 + RESERVED +CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...) + NOT-FOR-US: Jeesns +CVE-2020-18034 + RESERVED +CVE-2020-18033 + RESERVED +CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...) + {DSA-4914-1 DLA-2659-1} + - graphviz 2.42.2-5 (bug #988000) + NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700 + NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b +CVE-2020-18031 + RESERVED +CVE-2020-18030 + RESERVED +CVE-2020-18029 + RESERVED +CVE-2020-18028 + RESERVED +CVE-2020-18027 + RESERVED +CVE-2020-18026 + RESERVED +CVE-2020-18025 + RESERVED +CVE-2020-18024 + RESERVED +CVE-2020-18023 + RESERVED +CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...) + NOT-FOR-US: Qibosoft QiboCMS +CVE-2020-18021 + RESERVED +CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...) + NOT-FOR-US: PHPSHE Mall System +CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...) + NOT-FOR-US: Xinhu OA System +CVE-2020-18018 + RESERVED +CVE-2020-18017 + RESERVED +CVE-2020-18016 + RESERVED +CVE-2020-18015 + RESERVED +CVE-2020-18014 + RESERVED +CVE-2020-18013 (SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter ...) + NOT-FOR-US: Whatsns +CVE-2020-18012 + RESERVED +CVE-2020-18011 + RESERVED +CVE-2020-18010 + RESERVED +CVE-2020-18009 + RESERVED +CVE-2020-18008 + RESERVED +CVE-2020-18007 + RESERVED +CVE-2020-18006 + RESERVED +CVE-2020-18005 + RESERVED +CVE-2020-18004 + RESERVED +CVE-2020-18003 + RESERVED +CVE-2020-18002 + RESERVED +CVE-2020-18001 + RESERVED +CVE-2020-18000 + RESERVED +CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...) + NOT-FOR-US: MiniCMS +CVE-2020-17998 + RESERVED +CVE-2020-17997 + RESERVED +CVE-2020-17996 + RESERVED +CVE-2020-17995 + RESERVED +CVE-2020-17994 + RESERVED +CVE-2020-17993 + RESERVED +CVE-2020-17992 + RESERVED +CVE-2020-17991 + RESERVED +CVE-2020-17990 + RESERVED +CVE-2020-17989 + RESERVED +CVE-2020-17988 + RESERVED +CVE-2020-17987 + RESERVED +CVE-2020-17986 + RESERVED +CVE-2020-17985 + RESERVED +CVE-2020-17984 + RESERVED +CVE-2020-17983 + RESERVED +CVE-2020-17982 + RESERVED +CVE-2020-17981 + RESERVED +CVE-2020-17980 + RESERVED +CVE-2020-17979 + RESERVED +CVE-2020-17978 + RESERVED +CVE-2020-17977 + RESERVED +CVE-2020-17976 + RESERVED +CVE-2020-17975 + RESERVED +CVE-2020-17974 + RESERVED +CVE-2020-17973 + RESERVED +CVE-2020-17972 + RESERVED +CVE-2020-17971 + RESERVED +CVE-2020-17970 + RESERVED +CVE-2020-17969 + RESERVED +CVE-2020-17968 + RESERVED +CVE-2020-17967 + RESERVED +CVE-2020-17966 + RESERVED +CVE-2020-17965 + RESERVED +CVE-2020-17964 + RESERVED +CVE-2020-17963 + RESERVED +CVE-2020-17962 + RESERVED +CVE-2020-17961 + RESERVED +CVE-2020-17960 + RESERVED +CVE-2020-17959 + RESERVED +CVE-2020-17958 + RESERVED +CVE-2020-17957 + RESERVED +CVE-2020-17956 + RESERVED +CVE-2020-17955 + RESERVED +CVE-2020-17954 + RESERVED +CVE-2020-17953 + RESERVED +CVE-2020-17952 (A remote code execution (RCE) vulnerability in /library/think/App.php ...) + NOT-FOR-US: Twothink +CVE-2020-17951 + RESERVED +CVE-2020-17950 + RESERVED +CVE-2020-17949 + RESERVED +CVE-2020-17948 + RESERVED +CVE-2020-17947 + RESERVED +CVE-2020-17946 + RESERVED +CVE-2020-17945 + RESERVED +CVE-2020-17944 + RESERVED +CVE-2020-17943 + RESERVED +CVE-2020-17942 + RESERVED +CVE-2020-17941 + RESERVED +CVE-2020-17940 + RESERVED +CVE-2020-17939 + RESERVED +CVE-2020-17938 + RESERVED +CVE-2020-17937 + RESERVED +CVE-2020-17936 + RESERVED +CVE-2020-17935 + RESERVED +CVE-2020-17934 + RESERVED +CVE-2020-17933 + RESERVED +CVE-2020-17932 + RESERVED +CVE-2020-17931 + RESERVED +CVE-2020-17930 + RESERVED +CVE-2020-17929 + RESERVED +CVE-2020-17928 + RESERVED +CVE-2020-17927 + RESERVED +CVE-2020-17926 + RESERVED +CVE-2020-17925 + RESERVED +CVE-2020-17924 + RESERVED +CVE-2020-17923 + RESERVED +CVE-2020-17922 + RESERVED +CVE-2020-17921 + RESERVED +CVE-2020-17920 + RESERVED +CVE-2020-17919 + RESERVED +CVE-2020-17918 + RESERVED +CVE-2020-17917 + RESERVED +CVE-2020-17916 + RESERVED +CVE-2020-17915 + RESERVED +CVE-2020-17914 + RESERVED +CVE-2020-17913 + RESERVED +CVE-2020-17912 + RESERVED +CVE-2020-17911 + RESERVED +CVE-2020-17910 + RESERVED +CVE-2020-17909 + RESERVED +CVE-2020-17908 + RESERVED +CVE-2020-17907 + RESERVED +CVE-2020-17906 + RESERVED +CVE-2020-17905 + RESERVED +CVE-2020-17904 + RESERVED +CVE-2020-17903 + RESERVED +CVE-2020-17902 + RESERVED +CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers t ...) + NOT-FOR-US: PbootCMS +CVE-2020-17900 + RESERVED +CVE-2020-17899 + RESERVED +CVE-2020-17898 + RESERVED +CVE-2020-17897 + RESERVED +CVE-2020-17896 + RESERVED +CVE-2020-17895 + RESERVED +CVE-2020-17894 + RESERVED +CVE-2020-17893 + RESERVED +CVE-2020-17892 + RESERVED +CVE-2020-17891 (TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 ...) + NOT-FOR-US: TP-Link +CVE-2020-17890 + RESERVED +CVE-2020-17889 + RESERVED +CVE-2020-17888 + RESERVED +CVE-2020-17887 + RESERVED +CVE-2020-17886 + RESERVED +CVE-2020-17885 + RESERVED +CVE-2020-17884 + RESERVED +CVE-2020-17883 + RESERVED +CVE-2020-17882 + RESERVED +CVE-2020-17881 + RESERVED +CVE-2020-17880 + RESERVED +CVE-2020-17879 + RESERVED +CVE-2020-17878 + RESERVED +CVE-2020-17877 + RESERVED +CVE-2020-17876 + RESERVED +CVE-2020-17875 + RESERVED +CVE-2020-17874 + RESERVED +CVE-2020-17873 + RESERVED +CVE-2020-17872 + RESERVED +CVE-2020-17871 + RESERVED +CVE-2020-17870 + RESERVED +CVE-2020-17869 + RESERVED +CVE-2020-17868 + RESERVED +CVE-2020-17867 + RESERVED +CVE-2020-17866 + RESERVED +CVE-2020-17865 + RESERVED +CVE-2020-17864 + RESERVED +CVE-2020-17863 + RESERVED +CVE-2020-17862 + RESERVED +CVE-2020-17861 + RESERVED +CVE-2020-17860 + RESERVED +CVE-2020-17859 + RESERVED +CVE-2020-17858 + RESERVED +CVE-2020-17857 + RESERVED +CVE-2020-17856 + RESERVED +CVE-2020-17855 + RESERVED +CVE-2020-17854 + RESERVED +CVE-2020-17853 + RESERVED +CVE-2020-17852 + RESERVED +CVE-2020-17851 + RESERVED +CVE-2020-17850 + RESERVED +CVE-2020-17849 + RESERVED +CVE-2020-17848 + RESERVED +CVE-2020-17847 + RESERVED +CVE-2020-17846 + RESERVED +CVE-2020-17845 + RESERVED +CVE-2020-17844 + RESERVED +CVE-2020-17843 + RESERVED +CVE-2020-17842 + RESERVED +CVE-2020-17841 + RESERVED +CVE-2020-17840 + RESERVED +CVE-2020-17839 + RESERVED +CVE-2020-17838 + RESERVED +CVE-2020-17837 + RESERVED +CVE-2020-17836 + RESERVED +CVE-2020-17835 + RESERVED +CVE-2020-17834 + RESERVED +CVE-2020-17833 + RESERVED +CVE-2020-17832 + RESERVED +CVE-2020-17831 + RESERVED +CVE-2020-17830 + RESERVED +CVE-2020-17829 + RESERVED +CVE-2020-17828 + RESERVED +CVE-2020-17827 + RESERVED +CVE-2020-17826 + RESERVED +CVE-2020-17825 + RESERVED +CVE-2020-17824 + RESERVED +CVE-2020-17823 + RESERVED +CVE-2020-17822 + RESERVED +CVE-2020-17821 + RESERVED +CVE-2020-17820 + RESERVED +CVE-2020-17819 + RESERVED +CVE-2020-17818 + RESERVED +CVE-2020-17817 + RESERVED +CVE-2020-17816 + RESERVED +CVE-2020-17815 + RESERVED +CVE-2020-17814 + RESERVED +CVE-2020-17813 + RESERVED +CVE-2020-17812 + RESERVED +CVE-2020-17811 + RESERVED +CVE-2020-17810 + RESERVED +CVE-2020-17809 + RESERVED +CVE-2020-17808 + RESERVED +CVE-2020-17807 + RESERVED +CVE-2020-17806 + RESERVED +CVE-2020-17805 + RESERVED +CVE-2020-17804 + RESERVED +CVE-2020-17803 + RESERVED +CVE-2020-17802 + RESERVED +CVE-2020-17801 + RESERVED +CVE-2020-17800 + RESERVED +CVE-2020-17799 + RESERVED +CVE-2020-17798 + RESERVED +CVE-2020-17797 + RESERVED +CVE-2020-17796 + RESERVED +CVE-2020-17795 + RESERVED +CVE-2020-17794 + RESERVED +CVE-2020-17793 + RESERVED +CVE-2020-17792 + RESERVED +CVE-2020-17791 + RESERVED +CVE-2020-17790 + RESERVED +CVE-2020-17789 + RESERVED +CVE-2020-17788 + RESERVED +CVE-2020-17787 + RESERVED +CVE-2020-17786 + RESERVED +CVE-2020-17785 + RESERVED +CVE-2020-17784 + RESERVED +CVE-2020-17783 + RESERVED +CVE-2020-17782 + RESERVED +CVE-2020-17781 + RESERVED +CVE-2020-17780 + RESERVED +CVE-2020-17779 + RESERVED +CVE-2020-17778 + RESERVED +CVE-2020-17777 + RESERVED +CVE-2020-17776 + RESERVED +CVE-2020-17775 + RESERVED +CVE-2020-17774 + RESERVED +CVE-2020-17773 + RESERVED +CVE-2020-17772 + RESERVED +CVE-2020-17771 + RESERVED +CVE-2020-17770 + RESERVED +CVE-2020-17769 + RESERVED +CVE-2020-17768 + RESERVED +CVE-2020-17767 + RESERVED +CVE-2020-17766 + RESERVED +CVE-2020-17765 + RESERVED +CVE-2020-17764 + RESERVED +CVE-2020-17763 + RESERVED +CVE-2020-17762 + RESERVED +CVE-2020-17761 + RESERVED +CVE-2020-17760 + RESERVED +CVE-2020-17759 (An issue was found in the Evernote client for Windows 10, 7, and 2008 ...) + NOT-FOR-US: Evernote +CVE-2020-17758 + RESERVED +CVE-2020-17757 + RESERVED +CVE-2020-17756 + RESERVED +CVE-2020-17755 + RESERVED +CVE-2020-17754 + RESERVED +CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart contract im ...) + NOT-FOR-US: some Ethereum token +CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart contract ...) + NOT-FOR-US: some Ethereum token +CVE-2020-17751 + RESERVED +CVE-2020-17750 + RESERVED +CVE-2020-17749 + RESERVED +CVE-2020-17748 + RESERVED +CVE-2020-17747 + RESERVED +CVE-2020-17746 + RESERVED +CVE-2020-17745 + RESERVED +CVE-2020-17744 + RESERVED +CVE-2020-17743 + RESERVED +CVE-2020-17742 + RESERVED +CVE-2020-17741 + RESERVED +CVE-2020-17740 + RESERVED +CVE-2020-17739 + RESERVED +CVE-2020-17738 + RESERVED +CVE-2020-17737 + RESERVED +CVE-2020-17736 + RESERVED +CVE-2020-17735 + RESERVED +CVE-2020-17734 + RESERVED +CVE-2020-17733 + RESERVED +CVE-2020-17732 + RESERVED +CVE-2020-17731 + RESERVED +CVE-2020-17730 + RESERVED +CVE-2020-17729 + RESERVED +CVE-2020-17728 + RESERVED +CVE-2020-17727 + RESERVED +CVE-2020-17726 + RESERVED +CVE-2020-17725 + RESERVED +CVE-2020-17724 + RESERVED +CVE-2020-17723 + RESERVED +CVE-2020-17722 + RESERVED +CVE-2020-17721 + RESERVED +CVE-2020-17720 + RESERVED +CVE-2020-17719 + RESERVED +CVE-2020-17718 + RESERVED +CVE-2020-17717 + RESERVED +CVE-2020-17716 + RESERVED +CVE-2020-17715 + RESERVED +CVE-2020-17714 + RESERVED +CVE-2020-17713 + RESERVED +CVE-2020-17712 + RESERVED +CVE-2020-17711 + RESERVED +CVE-2020-17710 + RESERVED +CVE-2020-17709 + RESERVED +CVE-2020-17708 + RESERVED +CVE-2020-17707 + RESERVED +CVE-2020-17706 + RESERVED +CVE-2020-17705 + RESERVED +CVE-2020-17704 + RESERVED +CVE-2020-17703 + RESERVED +CVE-2020-17702 + RESERVED +CVE-2020-17701 + RESERVED +CVE-2020-17700 + RESERVED +CVE-2020-17699 + RESERVED +CVE-2020-17698 + RESERVED +CVE-2020-17697 + RESERVED +CVE-2020-17696 + RESERVED +CVE-2020-17695 + RESERVED +CVE-2020-17694 + RESERVED +CVE-2020-17693 + RESERVED +CVE-2020-17692 + RESERVED +CVE-2020-17691 + RESERVED +CVE-2020-17690 + RESERVED +CVE-2020-17689 + RESERVED +CVE-2020-17688 + RESERVED +CVE-2020-17687 + RESERVED +CVE-2020-17686 + RESERVED +CVE-2020-17685 + RESERVED +CVE-2020-17684 + RESERVED +CVE-2020-17683 + RESERVED +CVE-2020-17682 + RESERVED +CVE-2020-17681 + RESERVED +CVE-2020-17680 + RESERVED +CVE-2020-17679 + RESERVED +CVE-2020-17678 + RESERVED +CVE-2020-17677 + RESERVED +CVE-2020-17676 + RESERVED +CVE-2020-17675 + RESERVED +CVE-2020-17674 + RESERVED +CVE-2020-17673 + RESERVED +CVE-2020-17672 + RESERVED +CVE-2020-17671 + RESERVED +CVE-2020-17670 + RESERVED +CVE-2020-17669 + RESERVED +CVE-2020-17668 + RESERVED +CVE-2020-17667 + RESERVED +CVE-2020-17666 + RESERVED +CVE-2020-17665 + RESERVED +CVE-2020-17664 + RESERVED +CVE-2020-17663 + RESERVED +CVE-2020-17662 + RESERVED +CVE-2020-17661 + RESERVED +CVE-2020-17660 + RESERVED +CVE-2020-17659 + RESERVED +CVE-2020-17658 + RESERVED +CVE-2020-17657 + RESERVED +CVE-2020-17656 + RESERVED +CVE-2020-17655 + RESERVED +CVE-2020-17654 + RESERVED +CVE-2020-17653 + RESERVED +CVE-2020-17652 + RESERVED +CVE-2020-17651 + RESERVED +CVE-2020-17650 + RESERVED +CVE-2020-17649 + RESERVED +CVE-2020-17648 + RESERVED +CVE-2020-17647 + RESERVED +CVE-2020-17646 + RESERVED +CVE-2020-17645 + RESERVED +CVE-2020-17644 + RESERVED +CVE-2020-17643 + RESERVED +CVE-2020-17642 + RESERVED +CVE-2020-17641 + RESERVED +CVE-2020-17640 + RESERVED +CVE-2020-17639 + RESERVED +CVE-2020-17638 + RESERVED +CVE-2020-17637 + RESERVED +CVE-2020-17636 + RESERVED +CVE-2020-17635 + RESERVED +CVE-2020-17634 + RESERVED +CVE-2020-17633 + RESERVED +CVE-2020-17632 + RESERVED +CVE-2020-17631 + RESERVED +CVE-2020-17630 + RESERVED +CVE-2020-17629 + RESERVED +CVE-2020-17628 + RESERVED +CVE-2020-17627 + RESERVED +CVE-2020-17626 + RESERVED +CVE-2020-17625 + RESERVED +CVE-2020-17624 + RESERVED +CVE-2020-17623 + RESERVED +CVE-2020-17622 + RESERVED +CVE-2020-17621 + RESERVED +CVE-2020-17620 + RESERVED +CVE-2020-17619 + RESERVED +CVE-2020-17618 + RESERVED +CVE-2020-17617 + RESERVED +CVE-2020-17616 + RESERVED +CVE-2020-17615 + RESERVED +CVE-2020-17614 + RESERVED +CVE-2020-17613 + RESERVED +CVE-2020-17612 + RESERVED +CVE-2020-17611 + RESERVED +CVE-2020-17610 + RESERVED +CVE-2020-17609 + RESERVED +CVE-2020-17608 + RESERVED +CVE-2020-17607 + RESERVED +CVE-2020-17606 + RESERVED +CVE-2020-17605 + RESERVED +CVE-2020-17604 + RESERVED +CVE-2020-17603 + RESERVED +CVE-2020-17602 + RESERVED +CVE-2020-17601 + RESERVED +CVE-2020-17600 + RESERVED +CVE-2020-17599 + RESERVED +CVE-2020-17598 + RESERVED +CVE-2020-17597 + RESERVED +CVE-2020-17596 + RESERVED +CVE-2020-17595 + RESERVED +CVE-2020-17594 + RESERVED +CVE-2020-17593 + RESERVED +CVE-2020-17592 + RESERVED +CVE-2020-17591 + RESERVED +CVE-2020-17590 + RESERVED +CVE-2020-17589 + RESERVED +CVE-2020-17588 + RESERVED +CVE-2020-17587 + RESERVED +CVE-2020-17586 + RESERVED +CVE-2020-17585 + RESERVED +CVE-2020-17584 + RESERVED +CVE-2020-17583 + RESERVED +CVE-2020-17582 + RESERVED +CVE-2020-17581 + RESERVED +CVE-2020-17580 + RESERVED +CVE-2020-17579 + RESERVED +CVE-2020-17578 + RESERVED +CVE-2020-17577 + RESERVED +CVE-2020-17576 + RESERVED +CVE-2020-17575 + RESERVED +CVE-2020-17574 + RESERVED +CVE-2020-17573 + RESERVED +CVE-2020-17572 + RESERVED +CVE-2020-17571 + RESERVED +CVE-2020-17570 + RESERVED +CVE-2020-17569 + RESERVED +CVE-2020-17568 + RESERVED +CVE-2020-17567 + RESERVED +CVE-2020-17566 + RESERVED +CVE-2020-17565 + RESERVED +CVE-2020-17564 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) + NOT-FOR-US: FeiFeiCMS +CVE-2020-17563 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) + NOT-FOR-US: FeiFeiCMS +CVE-2020-17562 + RESERVED +CVE-2020-17561 + RESERVED +CVE-2020-17560 + RESERVED +CVE-2020-17559 + RESERVED +CVE-2020-17558 + RESERVED +CVE-2020-17557 + RESERVED +CVE-2020-17556 + RESERVED +CVE-2020-17555 + RESERVED +CVE-2020-17554 + RESERVED +CVE-2020-17553 + RESERVED +CVE-2020-17552 + RESERVED +CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which ...) + NOT-FOR-US: ImpressCMS +CVE-2020-17550 + RESERVED +CVE-2020-17549 + RESERVED +CVE-2020-17548 + RESERVED +CVE-2020-17547 + RESERVED +CVE-2020-17546 + RESERVED +CVE-2020-17545 + RESERVED +CVE-2020-17544 + RESERVED +CVE-2020-17543 + RESERVED +CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to ...) + NOT-FOR-US: dotCMS +CVE-2020-17541 (Libjpeg-turbo all version have a stack-based buffer overflow in the "t ...) + - libjpeg-turbo 1:2.0.5-1 (unimportant) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 +CVE-2020-17540 + RESERVED +CVE-2020-17539 + RESERVED +CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) + NOTE: chunk #1, see also CVE-2020-16296 +CVE-2020-17537 + REJECTED +CVE-2020-17536 + REJECTED +CVE-2020-17535 + REJECTED +CVE-2020-17534 (There exists a race condition between the deletion of the temporary fi ...) + NOT-FOR-US: netbeans-html4j +CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...) + NOT-FOR-US: Apache Accumulo +CVE-2020-17532 (When handler-router component is enabled in servicecomb-java-chassis, ...) + NOT-FOR-US: servicecomb-java-chassis +CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...) + NOT-FOR-US: Apache Tapestry +CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...) + - libstruts1.2-java (Specific to 2.x) + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061 +CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...) + NOT-FOR-US: Apache NuttX +CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...) + NOT-FOR-US: Apache NuttX +CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...) + {DSA-4835-1 DLA-2495-1} + - tomcat9 9.0.40-1 + - tomcat8 + NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40) + NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60) +CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...) + - airflow (bug #819700) +CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...) + {DSA-4851-1 DLA-2646-1} + - subversion 1.14.1-1 (bug #982464) + NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt +CVE-2020-17524 + REJECTED +CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...) + - shiro (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3 + NOTE: https://issues.apache.org/jira/browse/SHIRO-797 +CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in Apache ...) + NOT-FOR-US: Apache Traffic Control +CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...) + - groovy 2.4.21-1 (bug #977399) + [buster] - groovy (Minor issue) + [stretch] - groovy (Minor issue) + - groovy2 + NOTE: https://issues.apache.org/jira/browse/GROOVY-9824 + NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1 + NOTE: https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21) +CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be able to b ...) + NOT-FOR-US: Apache Pulsar +CVE-2020-17519 (A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and ...) + NOT-FOR-US: Apache Flink +CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to write ...) + NOT-FOR-US: Apache Flink +CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must be inacc ...) + NOT-FOR-US: Apache Ozone +CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...) + - cassandra (bug #585905) +CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) + - airflow (bug #819700) +CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...) + NOT-FOR-US: Apache Fineract +CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...) + - airflow (bug #819700) +CVE-2020-17512 + RESERVED +CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...) + - airflow (bug #819700) +CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...) + {DLA-2726-1} + - shiro 1.3.2-5 (bug #988728) + [bullseye] - shiro 1.3.2-4+deb11u1 + [buster] - shiro 1.3.2-4+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 + NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E + NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 +CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning attack. I ...) + {DSA-4805-1} + - trafficserver 8.1.1+ds-1 + NOTE: https://github.com/apache/trafficserver/pull/7359 + NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E +CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...) + {DSA-4805-1} + - trafficserver 8.1.1+ds-1 + NOTE: https://github.com/apache/trafficserver/pull/7358 + NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E +CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) + {DLA-2377-1 DLA-2376-1} + - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) + [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4 + - qt4-x11 (bug #970308) + [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1 + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch) + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch) + NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch) +CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...) + NOT-FOR-US: Artica Web Proxy +CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...) + NOT-FOR-US: Artica Web Proxy +CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...) + NOT-FOR-US: Barco +CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...) + NOT-FOR-US: Barco +CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). ...) + NOT-FOR-US: Barco +CVE-2020-17501 + RESERVED +CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...) + NOT-FOR-US: Barco +CVE-2020-17499 + RESERVED +CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) + - wireshark 3.2.6-1 + [buster] - wireshark (Vulnerable compose_tvb code not present) + [stretch] - wireshark (Vulnerable compose_tvb code not present) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html +CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...) + - iwd 1.9-1 (bug #968996) + [buster] - iwd (Minor issue) + NOTE: https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/ + NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea +CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...) + NOT-FOR-US: vBulletin +CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) + - python-django-celery-results (unimportant; bug #968305) + NOTE: https://github.com/celery/django-celery-results/issues/142 + NOTE: Disputed upstream as security vulnerablity, as it is up to the developers who uses + NOTE: sensitive information when calling celery tasks to provide suitable replacement argument + NOTE: through argsrepr and kwargsrepr as described in: + NOTE: https://github.com/celery/django-celery-results/issues/154#issuecomment-734706270 +CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords.) + NOT-FOR-US: Untangle Firewall NG +CVE-2020-17493 + RESERVED +CVE-2020-17492 + RESERVED +CVE-2020-17491 + RESERVED +CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates certificates ...) + {DSA-4837-1 DLA-2480-1} + - salt 3002.1+dfsg1-1 + NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ + NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x) + NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x) +CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...) + {DLA-2374-1} + - gnome-shell 3.36.5-1 (bug #968311) + [buster] - gnome-shell 3.30.2-11~deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 + NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04 +CVE-2020-17488 + RESERVED +CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...) + - radare2 5.0.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/17431 +CVE-2020-17486 + RESERVED +CVE-2020-17485 (A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker a ...) + NOT-FOR-US: Uffizio +CVE-2020-17484 (An Open Redirection vulnerability exists in Uffizio's GPS Tracker all ...) + NOT-FOR-US: Uffizio +CVE-2020-17483 (An improper access control vulnerability exists in Uffizio's GPS Track ...) + NOT-FOR-US: Uffizio +CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...) + - pdns 4.3.1-1 (bug #970737) + [buster] - pdns 4.1.6-3+deb10u1 + [stretch] - pdns (Minor issue) + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html +CVE-2020-17481 + RESERVED +CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) + - tinymce (bug #972642) + [buster] - tinymce (Minor issue) + [stretch] - tinymce (Minor issue) + NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 +CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) + NOT-FOR-US: jpv +CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...) + - libcrypt-perl-perl (bug #907353) +CVE-2020-17477 (Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school befor ...) + NOT-FOR-US: ucs-school-ldap-acls-master in UCS@school +CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name.) + NOT-FOR-US: Mibew Messenger +CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...) + NOT-FOR-US: MEGVII Koala +CVE-2020-17474 (A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiose ...) + NOT-FOR-US: ZKTeco FaceDepot 7B and ZKBiosecurity Server +CVE-2020-17473 (Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBio ...) + NOT-FOR-US: ZKTeco FaceDepot and ZKBiosecurity Server +CVE-2020-17472 + RESERVED +CVE-2020-17471 + RESERVED +CVE-2020-17470 (An issue was discovered in FNET through 4.6.4. The code that initializ ...) + NOT-FOR-US: FNET +CVE-2020-17469 (An issue was discovered in FNET through 4.6.4. The code for IPv6 fragm ...) + NOT-FOR-US: FNET +CVE-2020-17468 (An issue was discovered in FNET through 4.6.4. The code for processing ...) + NOT-FOR-US: FNET +CVE-2020-17467 (An issue was discovered in FNET through 4.6.4. The code for processing ...) + NOT-FOR-US: FNET +CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...) + NOT-FOR-US: Turcom TRCwifiZone +CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...) + NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager +CVE-2020-17464 + REJECTED +CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...) + NOT-FOR-US: FUEL CMS +CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-17461 + RESERVED +CVE-2020-17460 + RESERVED +CVE-2020-17459 + RESERVED +CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...) + NOT-FOR-US: MultiUx +CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...) + NOT-FOR-US: Fujitsu +CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...) + NOT-FOR-US: SEOWON INTECH +CVE-2020-17455 + RESERVED +CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...) + NOT-FOR-US: WSO2 API Manager +CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the carbon/admin/l ...) + NOT-FOR-US: WSO2 Management Console +CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...) + NOT-FOR-US: flatCore CMS +CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...) + NOT-FOR-US: flatCore CMS +CVE-2020-17450 (PHP-Fusion 9.03 allows XSS on the preview page.) + NOT-FOR-US: PHP-Fusion +CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file.) + NOT-FOR-US: PHP-Fusion +CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) + - telegram-desktop 2.2.0+ds-1 + [buster] - telegram-desktop (Minor issue) +CVE-2020-17447 + REJECTED +CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) + {DLA-2363-1} + - asyncpg 0.21.0-1 + NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0 +CVE-2020-17445 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) + NOT-FOR-US: picoTCP +CVE-2020-17444 (An issue was discovered in picoTCP 1.7.0. The routine for processing t ...) + NOT-FOR-US: picoTCP +CVE-2020-17443 (An issue was discovered in picoTCP 1.7.0. The code for creating an ICM ...) + NOT-FOR-US: picoTCP +CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing the hop ...) + NOT-FOR-US: picoTCP +CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) + NOT-FOR-US: picoTCP +CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) + NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) +CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) + NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) +CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) + NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) +CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) + - open-iscsi 2.1.3-1 + [buster] - open-iscsi (Minor issue) + [stretch] - open-iscsi (Minor issue) + NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ + NOTE: Adressed upstream in 2.1.3 release +CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Foxit +CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Foxit Reader +CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Netgear +CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: NEC +CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Microhard Bullet-LTE +CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Microhard Bullet-LTE +CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Senstar Symphony +CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels Desktop +CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) + NOT-FOR-US: Cellopoint Cellos +CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) + NOT-FOR-US: Cellopoint Cellos +CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) + NOT-FOR-US: Cellopoint Cellos +CVE-2020-17383 (A directory traversal vulnerability on Telos Z/IP One devices through ...) + NOT-FOR-US: Telos Z/IP ONE Broadcast +CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...) + NOT-FOR-US: MSI AmbientLink MsIo64 driver +CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...) + NOT-FOR-US: Ghisler Total Commander +CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...) + {DLA-3362-1 DLA-2623-1} + - qemu 1:5.2+dfsg-10 (bug #970937) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167 + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 + NOTE: confusion with CVE-2020-25085, see RH bug; re-submitted as CVE-2021-3409 +CVE-2020-17379 + RESERVED +CVE-2020-17378 + RESERVED +CVE-2020-17377 + RESERVED +CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...) + - nova 2:21.1.0-1 (bug #969052) + [buster] - nova (Minor issue) + [stretch] - nova (Minor issue) + NOTE: https://launchpad.net/bugs/1890501 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/25/4 +CVE-2020-17375 + RESERVED +CVE-2020-17374 + RESERVED +CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection.) + NOT-FOR-US: SugarCRM +CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS.) + NOT-FOR-US: SugarCRM +CVE-2020-17371 + RESERVED +CVE-2020-17370 + RESERVED +CVE-2020-17369 + RESERVED +CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...) + {DSA-4767-1 DSA-4742-1 DLA-2336-1} + - firejail 0.9.62-4 + NOTE: https://phabricator.wikimedia.org/T258763 + NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b + NOTE: https://phabricator.wikimedia.org/T257062 + NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory +CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...) + {DSA-4767-1 DSA-4742-1 DLA-2336-1} + - firejail 0.9.62-4 + NOTE: https://phabricator.wikimedia.org/T258763 + NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 + NOTE: https://phabricator.wikimedia.org/T257062 + NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory +CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...) + - routinator (bug #929024) + NOTE: https://github.com/NLnetLabs/routinator/issues/319 +CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...) + NOT-FOR-US: Hotspot Shield VPN client for Windows +CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs.) + NOT-FOR-US: User-friendly SVN +CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...) + NOT-FOR-US: User-friendly SVN +CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...) + NOT-FOR-US: Nova Lite theme for WordPress +CVE-2020-17361 (An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy me ...) + NOT-FOR-US: ReadyTalk Avian +CVE-2020-17360 (An issue was discovered in ReadyTalk Avian 1.2.0. The vm::arrayCopy me ...) + NOT-FOR-US: ReadyTalk Avian +CVE-2020-17359 + RESERVED +CVE-2020-17358 + RESERVED +CVE-2020-17357 + RESERVED +CVE-2020-17356 + RESERVED +CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) + NOT-FOR-US: Arista +CVE-2020-17354 (LilyPond before 2.24 allows attackers to bypass the -dsafe protection ...) + - lilypond 2.22.1-1 + [bullseye] - lilypond (Unfixable, marked as insecure in later uploads) + [buster] - lilypond (Unfixable, marked as insecure in later uploads) + NOTE: https://phabricator.wikimedia.org/T259210 + NOTE: https://phabricator.wikimedia.org/T257062 + NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory + NOTE: 2.22.1-1 adds a note about Lilypond security status, using that the "fixed" version +CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...) + {DSA-4756-1} + - lilypond 2.20.0-2 (bug #968993) + NOTE: https://phabricator.wikimedia.org/T258547 + NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff + NOTE: https://phabricator.wikimedia.org/T257062 + NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory +CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...) + NOT-FOR-US: Sophos +CVE-2020-17351 + RESERVED +CVE-2020-17350 + RESERVED +CVE-2020-17349 + RESERVED +CVE-2020-17348 + RESERVED +CVE-2020-17347 + RESERVED +CVE-2020-17346 + RESERVED +CVE-2020-17345 + RESERVED +CVE-2020-17344 + RESERVED +CVE-2020-17343 + RESERVED +CVE-2020-17342 + RESERVED +CVE-2020-17341 + RESERVED +CVE-2020-17340 + RESERVED +CVE-2020-17339 + RESERVED +CVE-2020-17338 + RESERVED +CVE-2020-17337 + RESERVED +CVE-2020-17336 + RESERVED +CVE-2020-17335 + RESERVED +CVE-2020-17334 + RESERVED +CVE-2020-17333 + RESERVED +CVE-2020-17332 + RESERVED +CVE-2020-17331 + RESERVED +CVE-2020-17330 + RESERVED +CVE-2020-17329 + RESERVED +CVE-2020-17328 + RESERVED +CVE-2020-17327 + RESERVED +CVE-2020-17326 + RESERVED +CVE-2020-17325 + RESERVED +CVE-2020-17324 + RESERVED +CVE-2020-17323 + RESERVED +CVE-2020-17322 + RESERVED +CVE-2020-17321 + RESERVED +CVE-2020-17320 + RESERVED +CVE-2020-17319 + RESERVED +CVE-2020-17318 + RESERVED +CVE-2020-17317 + RESERVED +CVE-2020-17316 + RESERVED +CVE-2020-17315 + RESERVED +CVE-2020-17314 + RESERVED +CVE-2020-17313 + RESERVED +CVE-2020-17312 + RESERVED +CVE-2020-17311 + RESERVED +CVE-2020-17310 + RESERVED +CVE-2020-17309 + RESERVED +CVE-2020-17308 + RESERVED +CVE-2020-17307 + RESERVED +CVE-2020-17306 + RESERVED +CVE-2020-17305 + RESERVED +CVE-2020-17304 + RESERVED +CVE-2020-17303 + RESERVED +CVE-2020-17302 + RESERVED +CVE-2020-17301 + RESERVED +CVE-2020-17300 + RESERVED +CVE-2020-17299 + RESERVED +CVE-2020-17298 + RESERVED +CVE-2020-17297 + RESERVED +CVE-2020-17296 + RESERVED +CVE-2020-17295 + RESERVED +CVE-2020-17294 + RESERVED +CVE-2020-17293 + RESERVED +CVE-2020-17292 + RESERVED +CVE-2020-17291 + RESERVED +CVE-2020-17290 + RESERVED +CVE-2020-17289 + RESERVED +CVE-2020-17288 + RESERVED +CVE-2020-17287 + RESERVED +CVE-2020-17286 + RESERVED +CVE-2020-17285 + RESERVED +CVE-2020-17284 + RESERVED +CVE-2020-17283 + RESERVED +CVE-2020-17282 + RESERVED +CVE-2020-17281 + RESERVED +CVE-2020-17280 + RESERVED +CVE-2020-17279 + RESERVED +CVE-2020-17278 + RESERVED +CVE-2020-17277 + RESERVED +CVE-2020-17276 + RESERVED +CVE-2020-17275 + RESERVED +CVE-2020-17274 + RESERVED +CVE-2020-17273 + RESERVED +CVE-2020-17272 + RESERVED +CVE-2020-17271 + RESERVED +CVE-2020-17270 + RESERVED +CVE-2020-17269 + RESERVED +CVE-2020-17268 + RESERVED +CVE-2020-17267 + RESERVED +CVE-2020-17266 + RESERVED +CVE-2020-17265 + RESERVED +CVE-2020-17264 + RESERVED +CVE-2020-17263 + RESERVED +CVE-2020-17262 + RESERVED +CVE-2020-17261 + RESERVED +CVE-2020-17260 + RESERVED +CVE-2020-17259 + RESERVED +CVE-2020-17258 + RESERVED +CVE-2020-17257 + RESERVED +CVE-2020-17256 + RESERVED +CVE-2020-17255 + RESERVED +CVE-2020-17254 + RESERVED +CVE-2020-17253 + RESERVED +CVE-2020-17252 + RESERVED +CVE-2020-17251 + RESERVED +CVE-2020-17250 + RESERVED +CVE-2020-17249 + RESERVED +CVE-2020-17248 + RESERVED +CVE-2020-17247 + RESERVED +CVE-2020-17246 + RESERVED +CVE-2020-17245 + RESERVED +CVE-2020-17244 + RESERVED +CVE-2020-17243 + RESERVED +CVE-2020-17242 + RESERVED +CVE-2020-17241 + RESERVED +CVE-2020-17240 + RESERVED +CVE-2020-17239 + RESERVED +CVE-2020-17238 + RESERVED +CVE-2020-17237 + RESERVED +CVE-2020-17236 + RESERVED +CVE-2020-17235 + RESERVED +CVE-2020-17234 + RESERVED +CVE-2020-17233 + RESERVED +CVE-2020-17232 + RESERVED +CVE-2020-17231 + RESERVED +CVE-2020-17230 + RESERVED +CVE-2020-17229 + RESERVED +CVE-2020-17228 + RESERVED +CVE-2020-17227 + RESERVED +CVE-2020-17226 + RESERVED +CVE-2020-17225 + RESERVED +CVE-2020-17224 + RESERVED +CVE-2020-17223 + RESERVED +CVE-2020-17222 + RESERVED +CVE-2020-17221 + RESERVED +CVE-2020-17220 + RESERVED +CVE-2020-17219 + RESERVED +CVE-2020-17218 + RESERVED +CVE-2020-17217 + RESERVED +CVE-2020-17216 + RESERVED +CVE-2020-17215 + RESERVED +CVE-2020-17214 + RESERVED +CVE-2020-17213 + RESERVED +CVE-2020-17212 + RESERVED +CVE-2020-17211 + RESERVED +CVE-2020-17210 + RESERVED +CVE-2020-17209 + RESERVED +CVE-2020-17208 + RESERVED +CVE-2020-17207 + RESERVED +CVE-2020-17206 + RESERVED +CVE-2020-17205 + RESERVED +CVE-2020-17204 + RESERVED +CVE-2020-17203 + RESERVED +CVE-2020-17202 + RESERVED +CVE-2020-17201 + RESERVED +CVE-2020-17200 + RESERVED +CVE-2020-17199 + RESERVED +CVE-2020-17198 + RESERVED +CVE-2020-17197 + RESERVED +CVE-2020-17196 + RESERVED +CVE-2020-17195 + RESERVED +CVE-2020-17194 + RESERVED +CVE-2020-17193 + RESERVED +CVE-2020-17192 + RESERVED +CVE-2020-17191 + RESERVED +CVE-2020-17190 + RESERVED +CVE-2020-17189 + RESERVED +CVE-2020-17188 + RESERVED +CVE-2020-17187 + RESERVED +CVE-2020-17186 + RESERVED +CVE-2020-17185 + RESERVED +CVE-2020-17184 + RESERVED +CVE-2020-17183 + RESERVED +CVE-2020-17182 + RESERVED +CVE-2020-17181 + RESERVED +CVE-2020-17180 + RESERVED +CVE-2020-17179 + RESERVED +CVE-2020-17178 + RESERVED +CVE-2020-17177 + RESERVED +CVE-2020-17176 + RESERVED +CVE-2020-17175 + RESERVED +CVE-2020-17174 + RESERVED +CVE-2020-17173 + RESERVED +CVE-2020-17172 + RESERVED +CVE-2020-17171 + RESERVED +CVE-2020-17170 + RESERVED +CVE-2020-17169 + RESERVED +CVE-2020-17168 + RESERVED +CVE-2020-17167 + RESERVED +CVE-2020-17166 + RESERVED +CVE-2020-17165 + RESERVED +CVE-2020-17164 + RESERVED +CVE-2020-17163 + RESERVED +CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17161 + RESERVED +CVE-2020-17160 + REJECTED +CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2020-17158 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) + NOT-FOR-US: Microsoft +CVE-2020-17157 + RESERVED +CVE-2020-17156 (Visual Studio Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17155 + RESERVED +CVE-2020-17154 + RESERVED +CVE-2020-17153 (Microsoft Edge for Android Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17152 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) + NOT-FOR-US: Microsoft +CVE-2020-17151 + RESERVED +CVE-2020-17150 (Visual Studio Code Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17149 + RESERVED +CVE-2020-17148 (Visual Studio Code Remote Development Extension Remote Code Execution ...) + NOT-FOR-US: Microsoft +CVE-2020-17147 (Dynamics CRM Webclient Cross-site Scripting Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17146 + RESERVED +CVE-2020-17145 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17144 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17143 (Microsoft Exchange Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17142 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17141 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17140 (Windows SMB Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17139 (Windows Overlay Filter Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17138 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2020-17137 (DirectX Graphics Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17136 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure) + NOT-FOR-US: Microsoft +CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17131 (Chakra Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17130 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17129 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17128 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17127 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17126 (Microsoft Excel Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17125 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17124 (Microsoft PowerPoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17123 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17122 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17121 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2020-17120 (Microsoft SharePoint Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17119 (Microsoft Outlook Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17118 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...) + NOT-FOR-US: Microsoft +CVE-2020-17117 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17116 + RESERVED +CVE-2020-17115 (Microsoft SharePoint Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17114 + RESERVED +CVE-2020-17113 (Windows Camera Codec Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17112 + RESERVED +CVE-2020-17111 + RESERVED +CVE-2020-17110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17109 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17108 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17107 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17106 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17103 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) + NOT-FOR-US: Microsoft +CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17100 (Visual Studio Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17099 (Windows Lock Screen Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17098 (Windows GDI+ Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17097 (Windows Digital Media Receiver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17096 (Windows NTFS Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17095 (Hyper-V Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17094 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2020-17093 + RESERVED +CVE-2020-17092 (Windows Network Connections Service Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17089 (Microsoft SharePoint Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17086 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17085 (Microsoft Exchange Server Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17084 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2020-17083 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) + NOT-FOR-US: Microsoft +CVE-2020-17082 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17081 (Microsoft Raw Image Extension Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17080 + RESERVED +CVE-2020-17079 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17078 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17077 (Windows Update Stack Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17076 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2020-17075 (Windows USO Core Worker Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17074 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2020-17073 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) + NOT-FOR-US: Microsoft +CVE-2020-17072 + RESERVED +CVE-2020-17071 (Windows Delivery Optimization Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17070 (Windows Update Medic Service Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17069 (Windows NDIS Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17068 (Windows GDI+ Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17067 (Microsoft Excel Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17066 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17065 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17064 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17063 (Microsoft Office Online Spoofing Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17062 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) + NOT-FOR-US: Microsoft +CVE-2020-17061 (Microsoft SharePoint Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17060 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2020-17059 + RESERVED +CVE-2020-17058 (Microsoft Browser Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17057 (Windows Win32k Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17056 (Windows Network File System Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17055 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17054 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17053 (Internet Explorer Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17052 (Scripting Engine Memory Corruption Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17051 (Windows Network File System Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17050 + RESERVED +CVE-2020-17049 (Kerberos Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17048 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...) + NOT-FOR-US: Microsoft +CVE-2020-17047 (Windows Network File System Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17046 (Windows Error Reporting Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17045 (Windows KernelStream Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17044 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17043 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17042 (Windows Print Spooler Remote Code Execution Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17041 (Windows Print Configuration Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17040 (Windows Hyper-V Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17039 + RESERVED +CVE-2020-17038 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2020-17037 (Windows WalletService Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17036 (Windows Function Discovery SSDP Provider Information Disclosure Vulner ...) + NOT-FOR-US: Microsoft +CVE-2020-17035 (Windows Kernel Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17034 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17033 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17032 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17031 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17030 (Windows MSCTF Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17029 (Windows Canonical Display Driver Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17028 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17027 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17026 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17025 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17024 (Windows Client Side Rendering Print Provider Elevation of Privilege Vu ...) + NOT-FOR-US: Microsoft +CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...) + NOT-FOR-US: Microsoft +CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2020-17021 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17020 (Microsoft Word Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17019 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) + NOT-FOR-US: Microsoft +CVE-2020-17018 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17017 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17016 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2020-17015 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2020-17014 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17013 (Win32k Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17012 (Windows Bind Filter Driver Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17011 (Windows Port Class Library Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17010 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) + NOT-FOR-US: Microsoft +CVE-2020-17009 + RESERVED +CVE-2020-17008 + RESERVED +CVE-2020-17007 (Windows Error Reporting Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17006 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17005 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) + NOT-FOR-US: Microsoft +CVE-2020-17004 (Windows Graphics Component Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...) + NOT-FOR-US: Microsoft +CVE-2020-17002 (Azure SDK for C Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-17001 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-17000 (Remote Desktop Protocol Client Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16999 (Windows WalletService Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16998 (DirectX Elevation of Privilege Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16997 (Remote Desktop Protocol Server Information Disclosure Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16996 (Kerberos Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...) + NOT-FOR-US: Microsoft +CVE-2020-16994 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16993 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16992 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16991 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16990 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16989 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16988 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16987 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16986 (Azure Sphere Denial of Service Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16985 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16984 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16983 (Azure Sphere Tampering Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16982 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16981 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) + NOT-FOR-US: Microsoft +CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...) + NOT-FOR-US: Microsoft +CVE-2020-16979 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...) + NOT-FOR-US: Microsoft +CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16971 (Azure SDK for Java Security Feature Bypass Vulnerability) + NOT-FOR-US: Microsoft +CVE-2020-16970 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) + NOT-FOR-US: Microsoft +CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...) + NOT-FOR-US: Microsoft +CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...) + NOT-FOR-US: Microsoft +CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...) + NOT-FOR-US: Microsoft +CVE-2020-16966 + RESERVED +CVE-2020-16965 + RESERVED +CVE-2020-16964 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16963 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16962 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16961 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16960 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16959 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16958 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) + NOT-FOR-US: Microsoft +CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...) + NOT-FOR-US: Microsoft +CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...) + NOT-FOR-US: Microsoft +CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...) + NOT-FOR-US: Microsoft +CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) + NOT-FOR-US: Microsoft +CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) + NOT-FOR-US: Microsoft +CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...) + NOT-FOR-US: Microsoft +CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...) + NOT-FOR-US: Microsoft +CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) + NOT-FOR-US: Microsoft +CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) + NOT-FOR-US: Microsoft +CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...) + NOT-FOR-US: Microsoft +CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...) + NOT-FOR-US: Microsoft +CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...) + NOT-FOR-US: Microsoft +CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...) + NOT-FOR-US: Microsoft +CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...) + NOT-FOR-US: Microsoft +CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...) + - dotnet-core-3.1 (bug #968921) +CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...) + NOT-FOR-US: Microsoft +CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...) + NOT-FOR-US: Microsoft +CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...) + NOT-FOR-US: Microsoft +CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + NOT-FOR-US: Microsoft +CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + NOT-FOR-US: Microsoft +CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + NOT-FOR-US: Microsoft +CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + NOT-FOR-US: Microsoft +CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...) + NOT-FOR-US: Microsoft +CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) + NOT-FOR-US: Microsoft +CVE-2020-16926 + RESERVED +CVE-2020-16925 + RESERVED +CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...) + NOT-FOR-US: Microsoft +CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...) + NOT-FOR-US: Microsoft +CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...) + NOT-FOR-US: Microsoft +CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...) + NOT-FOR-US: Microsoft +CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...) + NOT-FOR-US: Microsoft +CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...) + NOT-FOR-US: Microsoft +CVE-2020-16917 + RESERVED +CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...) + NOT-FOR-US: Microsoft +CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...) + NOT-FOR-US: Microsoft +CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...) + NOT-FOR-US: Microsoft +CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...) + NOT-FOR-US: Microsoft +CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...) + NOT-FOR-US: Microsoft +CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...) + NOT-FOR-US: Microsoft +CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...) + NOT-FOR-US: Microsoft +CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...) + NOT-FOR-US: Microsoft +CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...) + NOT-FOR-US: Microsoft +CVE-2020-16906 + RESERVED +CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...) + NOT-FOR-US: Microsoft +CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...) + NOT-FOR-US: Microsoft +CVE-2020-16903 + RESERVED +CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...) + NOT-FOR-US: Microsoft +CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...) + NOT-FOR-US: Microsoft +CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...) + NOT-FOR-US: Microsoft +CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...) + NOT-FOR-US: Microsoft +CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...) + NOT-FOR-US: Microsoft +CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...) + NOT-FOR-US: Microsoft +CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...) + NOT-FOR-US: Microsoft +CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...) + NOT-FOR-US: Microsoft +CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...) + NOT-FOR-US: Microsoft +CVE-2020-16893 + RESERVED +CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...) + NOT-FOR-US: Microsoft +CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) + NOT-FOR-US: Microsoft +CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...) + NOT-FOR-US: Microsoft +CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...) + NOT-FOR-US: Microsoft +CVE-2020-16888 + RESERVED +CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...) + NOT-FOR-US: Microsoft +CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...) + NOT-FOR-US: Microsoft +CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...) + NOT-FOR-US: Microsoft +CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...) + NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer +CVE-2020-16883 + RESERVED +CVE-2020-16882 + RESERVED +CVE-2020-16881 (A remote code execution vulnerability exists in Visual Studio Code whe ...) + NOT-FOR-US: Microsoft +CVE-2020-16880 + RESERVED +CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Projecte ...) + NOT-FOR-US: Microsoft +CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...) + NOT-FOR-US: Microsoft +CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...) + NOT-FOR-US: Microsoft +CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...) + NOT-FOR-US: Microsoft +CVE-2020-16873 (A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to t ...) + NOT-FOR-US: Microsoft +CVE-2020-16872 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16871 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16870 + RESERVED +CVE-2020-16869 + RESERVED +CVE-2020-16868 + RESERVED +CVE-2020-16867 + RESERVED +CVE-2020-16866 + RESERVED +CVE-2020-16865 + RESERVED +CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...) + NOT-FOR-US: Microsoft +CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) + NOT-FOR-US: Microsoft +CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16860 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) + NOT-FOR-US: Microsoft +CVE-2020-16859 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16858 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + NOT-FOR-US: Microsoft +CVE-2020-16857 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) + NOT-FOR-US: Microsoft +CVE-2020-16856 (A remote code execution vulnerability exists in Visual Studio when it ...) + NOT-FOR-US: Microsoft +CVE-2020-16855 (An information disclosure vulnerability exists when Microsoft Office s ...) + NOT-FOR-US: Microsoft +CVE-2020-16854 (An information disclosure vulnerability exists when the Windows kernel ...) + NOT-FOR-US: Microsoft +CVE-2020-16853 (An elevation of privilege vulnerability exists when the OneDrive for W ...) + NOT-FOR-US: Microsoft +CVE-2020-16852 (An elevation of privilege vulnerability exists when the OneDrive for W ...) + NOT-FOR-US: Microsoft +CVE-2020-16851 (An elevation of privilege vulnerability exists when the OneDrive for W ...) + NOT-FOR-US: Microsoft +CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthent ...) + NOT-FOR-US: Mitsubishi +CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An "Improper Ha ...) + NOT-FOR-US: Canon +CVE-2020-16848 + RESERVED +CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...) + NOT-FOR-US: Extreme Management Center +CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending crafte ...) + {DSA-4837-1 DLA-2480-1} + - salt 3002.1+dfsg1-1 + NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ + NOTE: https://gitlab.com/saltstack/open/salt-patches/tree/master/patches/2020/09/02/ + NOTE: Regression: https://github.com/saltstack/salt/issues/58970 + NOTE: Regression fix: https://github.com/saltstack/salt/commit/84d91931865626a9b53558f88d6c8919a270df3a (v3000.6) +CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) + {DSA-4848-1 DLA-2460-1 DLA-2459-1} + - golang-1.15 1.15~rc2-1 + - golang-1.14 1.14.7-1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo + NOTE: https://github.com/golang/go/issues/40618 + NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15 +CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...) + NOT-FOR-US: Istio +CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) + NOT-FOR-US: Firecracker +CVE-2020-16842 + RESERVED +CVE-2020-16841 + RESERVED +CVE-2020-16840 + RESERVED +CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...) + NOT-FOR-US: Crestron +CVE-2020-16838 + RESERVED +CVE-2020-16837 + RESERVED +CVE-2020-16836 + REJECTED +CVE-2020-16835 + REJECTED +CVE-2020-16834 + REJECTED +CVE-2020-16833 + REJECTED +CVE-2020-16832 + REJECTED +CVE-2020-16831 + REJECTED +CVE-2020-16830 + REJECTED +CVE-2020-16829 + REJECTED +CVE-2020-16828 + REJECTED +CVE-2020-16827 + REJECTED +CVE-2020-16826 + REJECTED +CVE-2020-16825 + REJECTED +CVE-2020-16824 + REJECTED +CVE-2020-16823 + REJECTED +CVE-2020-16822 + REJECTED +CVE-2020-16821 + REJECTED +CVE-2020-16820 + REJECTED +CVE-2020-16819 + REJECTED +CVE-2020-16818 + REJECTED +CVE-2020-16817 + REJECTED +CVE-2020-16816 + REJECTED +CVE-2020-16815 + REJECTED +CVE-2020-16814 + REJECTED +CVE-2020-16813 + REJECTED +CVE-2020-16812 + REJECTED +CVE-2020-16811 + REJECTED +CVE-2020-16810 + REJECTED +CVE-2020-16809 + REJECTED +CVE-2020-16808 + REJECTED +CVE-2020-16807 + REJECTED +CVE-2020-16806 + REJECTED +CVE-2020-16805 + REJECTED +CVE-2020-16804 + REJECTED +CVE-2020-16803 + REJECTED +CVE-2020-16802 + REJECTED +CVE-2020-16801 + REJECTED +CVE-2020-16800 + REJECTED +CVE-2020-16799 + REJECTED +CVE-2020-16798 + REJECTED +CVE-2020-16797 + REJECTED +CVE-2020-16796 + REJECTED +CVE-2020-16795 + REJECTED +CVE-2020-16794 + REJECTED +CVE-2020-16793 + REJECTED +CVE-2020-16792 + REJECTED +CVE-2020-16791 + REJECTED +CVE-2020-16790 + REJECTED +CVE-2020-16789 + REJECTED +CVE-2020-16788 + REJECTED +CVE-2020-16787 + REJECTED +CVE-2020-16786 + REJECTED +CVE-2020-16785 + REJECTED +CVE-2020-16784 + REJECTED +CVE-2020-16783 + REJECTED +CVE-2020-16782 + REJECTED +CVE-2020-16781 + REJECTED +CVE-2020-16780 + REJECTED +CVE-2020-16779 + REJECTED +CVE-2020-16778 + REJECTED +CVE-2020-16777 + REJECTED +CVE-2020-16776 + REJECTED +CVE-2020-16775 + REJECTED +CVE-2020-16774 + REJECTED +CVE-2020-16773 + REJECTED +CVE-2020-16772 + REJECTED +CVE-2020-16771 + REJECTED +CVE-2020-16770 + REJECTED +CVE-2020-16769 + REJECTED +CVE-2020-16768 + REJECTED +CVE-2020-16767 + REJECTED +CVE-2020-16766 + REJECTED +CVE-2020-16765 + REJECTED +CVE-2020-16764 + REJECTED +CVE-2020-16763 + REJECTED +CVE-2020-16762 + REJECTED +CVE-2020-16761 + REJECTED +CVE-2020-16760 + REJECTED +CVE-2020-16759 + REJECTED +CVE-2020-16758 + REJECTED +CVE-2020-16757 + REJECTED +CVE-2020-16756 + REJECTED +CVE-2020-16755 + REJECTED +CVE-2020-16754 + REJECTED +CVE-2020-16753 + REJECTED +CVE-2020-16752 + REJECTED +CVE-2020-16751 + REJECTED +CVE-2020-16750 + REJECTED +CVE-2020-16749 + REJECTED +CVE-2020-16748 + REJECTED +CVE-2020-16747 + REJECTED +CVE-2020-16746 + REJECTED +CVE-2020-16745 + REJECTED +CVE-2020-16744 + REJECTED +CVE-2020-16743 + REJECTED +CVE-2020-16742 + REJECTED +CVE-2020-16741 + REJECTED +CVE-2020-16740 + REJECTED +CVE-2020-16739 + REJECTED +CVE-2020-16738 + REJECTED +CVE-2020-16737 + REJECTED +CVE-2020-16736 + REJECTED +CVE-2020-16735 + REJECTED +CVE-2020-16734 + REJECTED +CVE-2020-16733 + REJECTED +CVE-2020-16732 + REJECTED +CVE-2020-16731 + REJECTED +CVE-2020-16730 + REJECTED +CVE-2020-16729 + REJECTED +CVE-2020-16728 + REJECTED +CVE-2020-16727 + REJECTED +CVE-2020-16726 + REJECTED +CVE-2020-16725 + REJECTED +CVE-2020-16724 + REJECTED +CVE-2020-16723 + REJECTED +CVE-2020-16722 + REJECTED +CVE-2020-16721 + REJECTED +CVE-2020-16720 + REJECTED +CVE-2020-16719 + REJECTED +CVE-2020-16718 + REJECTED +CVE-2020-16717 + REJECTED +CVE-2020-16716 + REJECTED +CVE-2020-16715 + REJECTED +CVE-2020-16714 + REJECTED +CVE-2020-16713 + REJECTED +CVE-2020-16712 + REJECTED +CVE-2020-16711 + REJECTED +CVE-2020-16710 + REJECTED +CVE-2020-16709 + REJECTED +CVE-2020-16708 + REJECTED +CVE-2020-16707 + REJECTED +CVE-2020-16706 + REJECTED +CVE-2020-16705 + REJECTED +CVE-2020-16704 + REJECTED +CVE-2020-16703 + REJECTED +CVE-2020-16702 + REJECTED +CVE-2020-16701 + REJECTED +CVE-2020-16700 + REJECTED +CVE-2020-16699 + REJECTED +CVE-2020-16698 + REJECTED +CVE-2020-16697 + REJECTED +CVE-2020-16696 + REJECTED +CVE-2020-16695 + REJECTED +CVE-2020-16694 + REJECTED +CVE-2020-16693 + REJECTED +CVE-2020-16692 + REJECTED +CVE-2020-16691 + REJECTED +CVE-2020-16690 + REJECTED +CVE-2020-16689 + REJECTED +CVE-2020-16688 + REJECTED +CVE-2020-16687 + REJECTED +CVE-2020-16686 + REJECTED +CVE-2020-16685 + REJECTED +CVE-2020-16684 + REJECTED +CVE-2020-16683 + REJECTED +CVE-2020-16682 + REJECTED +CVE-2020-16681 + REJECTED +CVE-2020-16680 + REJECTED +CVE-2020-16679 + REJECTED +CVE-2020-16678 + REJECTED +CVE-2020-16677 + REJECTED +CVE-2020-16676 + REJECTED +CVE-2020-16675 + REJECTED +CVE-2020-16674 + REJECTED +CVE-2020-16673 + REJECTED +CVE-2020-16672 + REJECTED +CVE-2020-16671 + REJECTED +CVE-2020-16670 + REJECTED +CVE-2020-16669 + REJECTED +CVE-2020-16668 + REJECTED +CVE-2020-16667 + REJECTED +CVE-2020-16666 + REJECTED +CVE-2020-16665 + REJECTED +CVE-2020-16664 + REJECTED +CVE-2020-16663 + REJECTED +CVE-2020-16662 + REJECTED +CVE-2020-16661 + REJECTED +CVE-2020-16660 + REJECTED +CVE-2020-16659 + REJECTED +CVE-2020-16658 + REJECTED +CVE-2020-16657 + REJECTED +CVE-2020-16656 + REJECTED +CVE-2020-16655 + REJECTED +CVE-2020-16654 + REJECTED +CVE-2020-16653 + REJECTED +CVE-2020-16652 + REJECTED +CVE-2020-16651 + REJECTED +CVE-2020-16650 + REJECTED +CVE-2020-16649 + REJECTED +CVE-2020-16648 + REJECTED +CVE-2020-16647 + REJECTED +CVE-2020-16646 + REJECTED +CVE-2020-16645 + REJECTED +CVE-2020-16644 + REJECTED +CVE-2020-16643 + REJECTED +CVE-2020-16642 + REJECTED +CVE-2020-16641 + REJECTED +CVE-2020-16640 + REJECTED +CVE-2020-16639 + REJECTED +CVE-2020-16638 + REJECTED +CVE-2020-16637 + REJECTED +CVE-2020-16636 + REJECTED +CVE-2020-16635 + RESERVED +CVE-2020-16634 + RESERVED +CVE-2020-16633 + RESERVED +CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 ...) + NOT-FOR-US: DedeCMS +CVE-2020-16631 + RESERVED +CVE-2020-16630 (TI\u2019s BLE stack caches and reuses the LTK\u2019s property for a bo ...) + NOT-FOR-US: Texas Instruments +CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...) + NOT-FOR-US: PhpOK +CVE-2020-16628 + RESERVED +CVE-2020-16627 + RESERVED +CVE-2020-16626 + RESERVED +CVE-2020-16625 + RESERVED +CVE-2020-16624 + RESERVED +CVE-2020-16623 + RESERVED +CVE-2020-16622 + RESERVED +CVE-2020-16621 + RESERVED +CVE-2020-16620 + RESERVED +CVE-2020-16619 + RESERVED +CVE-2020-16618 + RESERVED +CVE-2020-16617 + RESERVED +CVE-2020-16616 + RESERVED +CVE-2020-16615 + RESERVED +CVE-2020-16614 + RESERVED +CVE-2020-16613 + RESERVED +CVE-2020-16612 + RESERVED +CVE-2020-16611 + RESERVED +CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...) + NOT-FOR-US: Hoosk Codeigniter CMS +CVE-2020-16609 + RESERVED +CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...) + NOT-FOR-US: Notable +CVE-2020-16607 + RESERVED +CVE-2020-16606 + RESERVED +CVE-2020-16605 + RESERVED +CVE-2020-16604 + RESERVED +CVE-2020-16603 + RESERVED +CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...) + NOT-FOR-US: Razer Chroma SDK Rest Server +CVE-2020-16601 + RESERVED +CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF ...) + - mupdf 1.17.0+ds1-1 (bug #989526) + [buster] - mupdf 1.14.0+ds1-4+deb10u3 + [stretch] - mupdf (Vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253 + NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b +CVE-2020-16599 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) + - binutils 2.35-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25842 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4 + NOTE: binutils not covered by security support +CVE-2020-16598 + REJECTED +CVE-2020-16597 + RESERVED +CVE-2020-16596 + RESERVED +CVE-2020-16595 + RESERVED +CVE-2020-16594 + RESERVED +CVE-2020-16593 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) + - binutils 2.35-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25827 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729 + NOTE: binutils not covered by security support +CVE-2020-16592 (A use after free issue exists in the Binary File Descriptor (BFD) libr ...) + - binutils 2.35-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25823 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a + NOTE: binutils not covered by security support +CVE-2020-16591 (A Denial of Service vulnerability exists in the Binary File Descriptor ...) + - binutils 2.35-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25822 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2 + NOTE: binutils not covered by security support +CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor (BFD) ...) + - binutils 2.35-1 (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25821 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4 + NOTE: binutils not covered by security support +CVE-2020-16589 (A head-based buffer overflow exists in Academy Software Foundation Ope ...) + {DLA-3236-1 DLA-2491-1} + - openexr 2.5.3-2 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/494 +CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Foundation O ...) + {DLA-3236-1 DLA-2491-1} + - openexr 2.5.3-2 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493 +CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...) + {DLA-3236-1 DLA-2701-1} + - openexr 2.5.3-2 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491 +CVE-2020-16586 + RESERVED +CVE-2020-16585 + RESERVED +CVE-2020-16584 + RESERVED +CVE-2020-16583 + RESERVED +CVE-2020-16582 + RESERVED +CVE-2020-16581 + RESERVED +CVE-2020-16580 + RESERVED +CVE-2020-16579 + RESERVED +CVE-2020-16578 + RESERVED +CVE-2020-16577 + RESERVED +CVE-2020-16576 + RESERVED +CVE-2020-16575 + RESERVED +CVE-2020-16574 + RESERVED +CVE-2020-16573 + RESERVED +CVE-2020-16572 + RESERVED +CVE-2020-16571 + RESERVED +CVE-2020-16570 + RESERVED +CVE-2020-16569 + RESERVED +CVE-2020-16568 + RESERVED +CVE-2020-16567 + RESERVED +CVE-2020-16566 + RESERVED +CVE-2020-16565 + RESERVED +CVE-2020-16564 + RESERVED +CVE-2020-16563 + RESERVED +CVE-2020-16562 + RESERVED +CVE-2020-16561 + RESERVED +CVE-2020-16560 + RESERVED +CVE-2020-16559 + RESERVED +CVE-2020-16558 + RESERVED +CVE-2020-16557 + RESERVED +CVE-2020-16556 + RESERVED +CVE-2020-16555 + RESERVED +CVE-2020-16554 + RESERVED +CVE-2020-16553 + RESERVED +CVE-2020-16552 + RESERVED +CVE-2020-16551 + RESERVED +CVE-2020-16550 + RESERVED +CVE-2020-16549 + RESERVED +CVE-2020-16548 + RESERVED +CVE-2020-16547 + RESERVED +CVE-2020-16546 + RESERVED +CVE-2020-16545 + RESERVED +CVE-2020-16544 + RESERVED +CVE-2020-16543 + RESERVED +CVE-2020-16542 + RESERVED +CVE-2020-16541 + RESERVED +CVE-2020-16540 + RESERVED +CVE-2020-16539 + RESERVED +CVE-2020-16538 + RESERVED +CVE-2020-16537 + RESERVED +CVE-2020-16536 + RESERVED +CVE-2020-16535 + RESERVED +CVE-2020-16534 + RESERVED +CVE-2020-16533 + RESERVED +CVE-2020-16532 + RESERVED +CVE-2020-16531 + RESERVED +CVE-2020-16530 + RESERVED +CVE-2020-16529 + RESERVED +CVE-2020-16528 + RESERVED +CVE-2020-16527 + RESERVED +CVE-2020-16526 + REJECTED +CVE-2020-16525 + RESERVED +CVE-2020-16524 + RESERVED +CVE-2020-16523 + RESERVED +CVE-2020-16522 + RESERVED +CVE-2020-16521 + RESERVED +CVE-2020-16520 + RESERVED +CVE-2020-16519 + RESERVED +CVE-2020-16518 + RESERVED +CVE-2020-16517 + RESERVED +CVE-2020-16516 + RESERVED +CVE-2020-16515 + RESERVED +CVE-2020-16514 + RESERVED +CVE-2020-16513 + RESERVED +CVE-2020-16512 + RESERVED +CVE-2020-16511 + RESERVED +CVE-2020-16510 + RESERVED +CVE-2020-16509 + RESERVED +CVE-2020-16508 + RESERVED +CVE-2020-16507 + RESERVED +CVE-2020-16506 + RESERVED +CVE-2020-16505 + RESERVED +CVE-2020-16504 + RESERVED +CVE-2020-16503 + RESERVED +CVE-2020-16502 + RESERVED +CVE-2020-16501 + RESERVED +CVE-2020-16500 + RESERVED +CVE-2020-16499 + RESERVED +CVE-2020-16498 + RESERVED +CVE-2020-16497 + RESERVED +CVE-2020-16496 + RESERVED +CVE-2020-16495 + RESERVED +CVE-2020-16494 + RESERVED +CVE-2020-16493 + RESERVED +CVE-2020-16492 + RESERVED +CVE-2020-16491 + RESERVED +CVE-2020-16490 + RESERVED +CVE-2020-16489 + RESERVED +CVE-2020-16488 + RESERVED +CVE-2020-16487 + RESERVED +CVE-2020-16486 + RESERVED +CVE-2020-16485 + RESERVED +CVE-2020-16484 + RESERVED +CVE-2020-16483 + RESERVED +CVE-2020-16482 + RESERVED +CVE-2020-16481 + RESERVED +CVE-2020-16480 + RESERVED +CVE-2020-16479 + RESERVED +CVE-2020-16478 + RESERVED +CVE-2020-16477 + RESERVED +CVE-2020-16476 + RESERVED +CVE-2020-16475 + RESERVED +CVE-2020-16474 + RESERVED +CVE-2020-16473 + RESERVED +CVE-2020-16472 + RESERVED +CVE-2020-16471 + RESERVED +CVE-2020-16470 + RESERVED +CVE-2020-16469 + RESERVED +CVE-2020-16468 + RESERVED +CVE-2020-16467 + RESERVED +CVE-2020-16466 + RESERVED +CVE-2020-16465 + RESERVED +CVE-2020-16464 + RESERVED +CVE-2020-16463 + RESERVED +CVE-2020-16462 + RESERVED +CVE-2020-16461 + RESERVED +CVE-2020-16460 + RESERVED +CVE-2020-16459 + RESERVED +CVE-2020-16458 + RESERVED +CVE-2020-16457 + RESERVED +CVE-2020-16456 + RESERVED +CVE-2020-16455 + RESERVED +CVE-2020-16454 + RESERVED +CVE-2020-16453 + RESERVED +CVE-2020-16452 + RESERVED +CVE-2020-16451 + RESERVED +CVE-2020-16450 + RESERVED +CVE-2020-16449 + RESERVED +CVE-2020-16448 + RESERVED +CVE-2020-16447 + RESERVED +CVE-2020-16446 + RESERVED +CVE-2020-16445 + RESERVED +CVE-2020-16444 + RESERVED +CVE-2020-16443 + RESERVED +CVE-2020-16442 + RESERVED +CVE-2020-16441 + RESERVED +CVE-2020-16440 + RESERVED +CVE-2020-16439 + RESERVED +CVE-2020-16438 + RESERVED +CVE-2020-16437 + RESERVED +CVE-2020-16436 + RESERVED +CVE-2020-16435 + RESERVED +CVE-2020-16434 + RESERVED +CVE-2020-16433 + RESERVED +CVE-2020-16432 + RESERVED +CVE-2020-16431 + RESERVED +CVE-2020-16430 + RESERVED +CVE-2020-16429 + RESERVED +CVE-2020-16428 + RESERVED +CVE-2020-16427 + RESERVED +CVE-2020-16426 + RESERVED +CVE-2020-16425 + RESERVED +CVE-2020-16424 + RESERVED +CVE-2020-16423 + RESERVED +CVE-2020-16422 + RESERVED +CVE-2020-16421 + RESERVED +CVE-2020-16420 + RESERVED +CVE-2020-16419 + RESERVED +CVE-2020-16418 + RESERVED +CVE-2020-16417 + RESERVED +CVE-2020-16416 + RESERVED +CVE-2020-16415 + RESERVED +CVE-2020-16414 + RESERVED +CVE-2020-16413 + RESERVED +CVE-2020-16412 + RESERVED +CVE-2020-16411 + RESERVED +CVE-2020-16410 + RESERVED +CVE-2020-16409 + RESERVED +CVE-2020-16408 + RESERVED +CVE-2020-16407 + RESERVED +CVE-2020-16406 + RESERVED +CVE-2020-16405 + RESERVED +CVE-2020-16404 + RESERVED +CVE-2020-16403 + RESERVED +CVE-2020-16402 + RESERVED +CVE-2020-16401 + RESERVED +CVE-2020-16400 + RESERVED +CVE-2020-16399 + RESERVED +CVE-2020-16398 + RESERVED +CVE-2020-16397 + RESERVED +CVE-2020-16396 + RESERVED +CVE-2020-16395 + RESERVED +CVE-2020-16394 + RESERVED +CVE-2020-16393 + RESERVED +CVE-2020-16392 + RESERVED +CVE-2020-16391 + RESERVED +CVE-2020-16390 + RESERVED +CVE-2020-16389 + RESERVED +CVE-2020-16388 + RESERVED +CVE-2020-16387 + RESERVED +CVE-2020-16386 + RESERVED +CVE-2020-16385 + RESERVED +CVE-2020-16384 + RESERVED +CVE-2020-16383 + RESERVED +CVE-2020-16382 + RESERVED +CVE-2020-16381 + RESERVED +CVE-2020-16380 + RESERVED +CVE-2020-16379 + RESERVED +CVE-2020-16378 + RESERVED +CVE-2020-16377 + RESERVED +CVE-2020-16376 + RESERVED +CVE-2020-16375 + RESERVED +CVE-2020-16374 + RESERVED +CVE-2020-16373 + RESERVED +CVE-2020-16372 + RESERVED +CVE-2020-16371 + RESERVED +CVE-2020-16370 + RESERVED +CVE-2020-16369 + RESERVED +CVE-2020-16368 + RESERVED +CVE-2020-16367 + RESERVED +CVE-2020-16366 + RESERVED +CVE-2020-16365 + RESERVED +CVE-2020-16364 + RESERVED +CVE-2020-16363 + RESERVED +CVE-2020-16362 + RESERVED +CVE-2020-16361 + RESERVED +CVE-2020-16360 + RESERVED +CVE-2020-16359 + RESERVED +CVE-2020-16358 + RESERVED +CVE-2020-16357 + RESERVED +CVE-2020-16356 + RESERVED +CVE-2020-16355 + RESERVED +CVE-2020-16354 + RESERVED +CVE-2020-16353 + RESERVED +CVE-2020-16352 + RESERVED +CVE-2020-16351 + RESERVED +CVE-2020-16350 + RESERVED +CVE-2020-16349 + RESERVED +CVE-2020-16348 + RESERVED +CVE-2020-16347 + RESERVED +CVE-2020-16346 + RESERVED +CVE-2020-16345 + RESERVED +CVE-2020-16344 + RESERVED +CVE-2020-16343 + RESERVED +CVE-2020-16342 + RESERVED +CVE-2020-16341 + RESERVED +CVE-2020-16340 + RESERVED +CVE-2020-16339 + RESERVED +CVE-2020-16338 + RESERVED +CVE-2020-16337 + RESERVED +CVE-2020-16336 + RESERVED +CVE-2020-16335 + RESERVED +CVE-2020-16334 + RESERVED +CVE-2020-16333 + RESERVED +CVE-2020-16332 + RESERVED +CVE-2020-16331 + RESERVED +CVE-2020-16330 + RESERVED +CVE-2020-16329 + RESERVED +CVE-2020-16328 + RESERVED +CVE-2020-16327 + RESERVED +CVE-2020-16326 + RESERVED +CVE-2020-16325 + RESERVED +CVE-2020-16324 + RESERVED +CVE-2020-16323 + RESERVED +CVE-2020-16322 + RESERVED +CVE-2020-16321 + RESERVED +CVE-2020-16320 + RESERVED +CVE-2020-16319 + RESERVED +CVE-2020-16318 + RESERVED +CVE-2020-16317 + RESERVED +CVE-2020-16316 + RESERVED +CVE-2020-16315 + RESERVED +CVE-2020-16314 + RESERVED +CVE-2020-16313 + RESERVED +CVE-2020-16312 + RESERVED +CVE-2020-16311 + RESERVED +CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51) +CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51) + NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger +CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51) +CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) +CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 +CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51) +CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 + NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger +CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51) +CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51) +CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51) +CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51) +CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51) +CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51) +CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51) +CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) + NOTE: chunk #2, see also CVE-2020-17538 +CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796 +CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51) +CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51) +CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51) +CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787 +CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786 +CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51) +CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791 +CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...) + {DSA-4748-1 DLA-2335-1} + - ghostscript 9.51~dfsg-1 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51) +CVE-2020-16286 + RESERVED +CVE-2020-16285 + RESERVED +CVE-2020-16284 + RESERVED +CVE-2020-16283 + RESERVED +CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...) + NOT-FOR-US: Rangee +CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...) + NOT-FOR-US: Rangee +CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...) + NOT-FOR-US: Rangee +CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...) + NOT-FOR-US: Rangee +CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...) + NOT-FOR-US: SAINT Security Suite +CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...) + NOT-FOR-US: SAINT Security Suite +CVE-2020-16276 (An SQL injection vulnerability in the Assets component of SAINT Securi ...) + NOT-FOR-US: SAINT Security Suite +CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Manager c ...) + NOT-FOR-US: SAINT Security Suite +CVE-2020-16274 + RESERVED +CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...) + NOT-FOR-US: Arm hardware issue +CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) + NOT-FOR-US: Kee Vault KeePassRPC +CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) + NOT-FOR-US: Kee Vault KeePassRPC +CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...) + NOT-FOR-US: OLIMPOKS +CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) + - radare2 5.0.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/issues/17383 +CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...) + NOT-FOR-US: 1E Client +CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) + - mantis +CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...) + NOT-FOR-US: OcPortal +CVE-2020-16265 + RESERVED +CVE-2020-16264 + RESERVED +CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts arbitrary ...) + NOT-FOR-US: Winston devices +CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is overly permis ...) + NOT-FOR-US: Winston devices +CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local roo ...) + NOT-FOR-US: Winston devices +CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is exploitabl ...) + NOT-FOR-US: Winston devices +CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access from bastio ...) + NOT-FOR-US: Winston devices +CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed during ...) + NOT-FOR-US: Winston devices +CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via the API.) + NOT-FOR-US: Winston devices +CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF.) + NOT-FOR-US: Winston devices +CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...) + - owncloud +CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) + NOT-FOR-US: Chartkick gem +CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF.) + - ruby-pghero (bug #882288) +CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF.) + NOT-FOR-US: Field Test gem +CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...) + NOT-FOR-US: HashiCorp Vault +CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...) + NOT-FOR-US: HashiCorp Vault +CVE-2020-16249 + RESERVED +CVE-2020-16248 (Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF ...) + - prometheus-blackbox-exporter (unimportant) + NOTE: https://github.com/prometheus/blackbox_exporter/issues/669 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/12 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3 + NOTE: Upstream of the project did disputed the CVE. Upstream position is + NOTE: that the refererred behaviour is intended functionality. +CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + NOT-FOR-US: Philips +CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) + NOT-FOR-US: Reason S20 Ethernet Switch +CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) + NOT-FOR-US: Advantech +CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) + NOT-FOR-US: GE Digital APM Classic +CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...) + NOT-FOR-US: LeviStudioU +CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) + NOT-FOR-US: General Electric +CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) + NOT-FOR-US: Philips SureSigns +CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...) + NOT-FOR-US: GE Digital APM Classic +CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...) + NOT-FOR-US: Philips SureSigns +CVE-2020-16238 (A vulnerability in the configuration import mechanism of the B. Braun ...) + NOT-FOR-US: B. Braun Melsungen AG +CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...) + NOT-FOR-US: Philips SureSigns +CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...) + NOT-FOR-US: FPWIN Pro +CVE-2020-16235 (Inadequate encryption may allow the credentials used by Emerson OpenEn ...) + NOT-FOR-US: Emerson +CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...) + NOT-FOR-US: PLC WinProladder +CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) + NOT-FOR-US: CodeMeter +CVE-2020-16232 (In Yokogawa WideField3 R1.01 - R4.03, a buffer overflow could be cause ...) + NOT-FOR-US: Yokogawa WideField3 +CVE-2020-16231 (The affected Bachmann Electronic M-Base Controllers of version MSYS v1 ...) + NOT-FOR-US: Bachmann Electronic +CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) + NOT-FOR-US: HMS Networks +CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16228 (In Patient Information Center iX (PICiX) Versions C.02 and C.03, Perf ...) + NOT-FOR-US: Philips +CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) + NOT-FOR-US: Delta Electronics +CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...) + NOT-FOR-US: Mitsubishi +CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) + NOT-FOR-US: Delta Electronics +CVE-2020-16224 (In Patient Information Center iX (PICiX) Versions C.02, C.03, the sof ...) + NOT-FOR-US: Philips +CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...) + NOT-FOR-US: Delta Electronics +CVE-2020-16222 (In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and ...) + NOT-FOR-US: Philips +CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...) + NOT-FOR-US: Delta Electronics +CVE-2020-16220 (In Patient Information Center iX (PICiX) Versions C.02, C.03, Perform ...) + NOT-FOR-US: Philips +CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...) + NOT-FOR-US: Delta Electronics +CVE-2020-16218 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) + NOT-FOR-US: Philips +CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16216 (In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, ...) + NOT-FOR-US: Philips +CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16214 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) + NOT-FOR-US: Philips +CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16212 (In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, th ...) + NOT-FOR-US: Philips +CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...) + NOT-FOR-US: N-Tron +CVE-2020-16209 (A malicious attacker could exploit the interface of the Fieldcomm Grou ...) + NOT-FOR-US: Fieldcomm Group +CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...) + NOT-FOR-US: N-Tron +CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...) + NOT-FOR-US: N-Tron +CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...) + NOT-FOR-US: G-Cam and G-Code +CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...) + NOT-FOR-US: N-Tron +CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) + NOT-FOR-US: Delta Industrial Automation +CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permissions ...) + NOT-FOR-US: WebAccess Node +CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) + NOT-FOR-US: Delta Industrial Automation +CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + NOT-FOR-US: Philips +CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) + NOT-FOR-US: Delta Industrial Automation +CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) + NOT-FOR-US: Philips +CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) + NOT-FOR-US: Octopus Deploy +CVE-2020-16196 + REJECTED +CVE-2020-16195 + RESERVED +CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...) + NOT-FOR-US: Prestashop Opart devis +CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...) + NOT-FOR-US: osTicket +CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...) + - limesurvey (bug #472802) +CVE-2020-16191 + RESERVED +CVE-2020-16190 + RESERVED +CVE-2020-16189 + RESERVED +CVE-2020-16188 + RESERVED +CVE-2020-16187 + RESERVED +CVE-2020-16186 + REJECTED +CVE-2020-16185 + RESERVED +CVE-2020-16184 + RESERVED +CVE-2020-16183 + RESERVED +CVE-2020-16182 + RESERVED +CVE-2020-16181 + RESERVED +CVE-2020-16180 + RESERVED +CVE-2020-16179 + RESERVED +CVE-2020-16178 + RESERVED +CVE-2020-16177 + RESERVED +CVE-2020-16176 + RESERVED +CVE-2020-16175 + RESERVED +CVE-2020-16174 + RESERVED +CVE-2020-16173 + RESERVED +CVE-2020-16172 + RESERVED +CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...) + NOT-FOR-US: Acronis +CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...) + NOT-FOR-US: Temi application fo Android +CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...) + NOT-FOR-US: Temi Robox OS +CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...) + NOT-FOR-US: Temi firmware +CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...) + NOT-FOR-US: Temi Launcher OS +CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.7.17-1 + [buster] - linux 4.19.146-1 + NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 +CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) + NOT-FOR-US: SpringBlade +CVE-2020-16164 (An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-202 ...) + NOT-FOR-US: RIPE NCC RPKI Validator +CVE-2020-16163 (An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020 ...) + NOT-FOR-US: RIPE NCC RPKI Validator +CVE-2020-16162 (An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-202 ...) + NOT-FOR-US: RIPE NCC RPKI Validator +CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...) + NOT-FOR-US: GoPro +CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...) + NOT-FOR-US: GoPro +CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...) + NOT-FOR-US: GoPro +CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...) + NOT-FOR-US: GoPro +CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...) + NOT-FOR-US: Nagios Log Server +CVE-2020-16156 (CPAN 2.28 allows Signature Verification Bypass.) + - perl 5.36.0-4 (bug #1015985) + [bullseye] - perl (Minor issue) + [buster] - perl (Minor issue) + [stretch] - perl (Minor issue) + NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ + NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2035273 + NOTE: https://github.com/andk/cpanpm/commit/b27c51adf0fda25dee84cb72cb2b1bf7d832148c (2.29) + NOTE: https://github.com/andk/cpanpm/commit/bcbf6d608e48d25306ecfd273118b4d6ba1c5df6 (2.29) + NOTE: https://github.com/andk/cpanpm/commit/46fe910becd5746adca92e18660567c9e8d37eb5 (2.29) + NOTE: https://github.com/andk/cpanpm/commit/7f9e5e8c52f535c1c13e177595a5ef4710c72058 (2.29) + NOTE: https://github.com/andk/cpanpm/commit/c03257dbebccd4deeff1987d5efd98113643f717 (2.29) + NOTE: https://github.com/andk/cpanpm/commit/7d4d5e32bcd9b75f7bf70a395938a48ca4a06d25 (2.33-TRIAL) + NOTE: https://github.com/andk/cpanpm/commit/89b13baf1d46e4fb10023af30ef305efec4fd603 (2.33-TRIAL) +CVE-2020-16155 (The CPAN::Checksums package 2.12 for Perl does not uniquely define sig ...) + - libcpan-checksums-perl 2.13-1 (bug #1033109) + [bullseye] - libcpan-checksums-perl (Minor issue) + [buster] - libcpan-checksums-perl (Minor issue) + [stretch] - libcpan-checksums-perl (Minor issue) + NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ + NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html + NOTE: https://github.com/andk/cpan-checksums/commit/9d2f5f26470ff7ce53ef697d09790fc4db451ab1 (2.13) +CVE-2020-16154 (The App::cpanminus package 1.7044 for Perl allows Signature Verificati ...) + - cpanminus 1.7045-1 + [bullseye] - cpanminus (Minor issue) + [buster] - cpanminus (Minor issue) + [stretch] - cpanminus (Minor issue) + NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ + NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html +CVE-2020-16153 + RESERVED +CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...) + NOT-FOR-US: Extreme Networks +CVE-2020-16151 + RESERVED +CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 (bug #972806) + [stretch] - mbedtls (Minor issue) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 +CVE-2020-16149 + REJECTED +CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog <= 6.0 ( ...) + NOT-FOR-US: Telmat AccessLog +CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an att ...) + NOT-FOR-US: Telmat AccessLog +CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x ...) + NOT-FOR-US: Espressif +CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...) + {DSA-4744-1 DLA-2322-1} + - roundcube 1.4.8+dfsg.1-1 (bug #968216) + NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8) + NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15) + NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12) +CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...) + - owncloud +CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) + - seafile-client (Windows-specific) +CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) + NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles +CVE-2020-16141 + RESERVED +CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for WordPress is ...) + NOT-FOR-US: search functionality of the Greenmart theme for WordPress +CVE-2020-16139 (A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4 ...) + NOT-FOR-US: Cisco +CVE-2020-16138 (A denial-of-service issue in Cisco Unified IP Conference Station 7937G ...) + NOT-FOR-US: Cisco +CVE-2020-16137 (A privilege escalation issue in Cisco Unified IP Conference Station 79 ...) + NOT-FOR-US: Cisco +CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) + NOT-FOR-US: tgstation-server +CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) + {DLA-2303-1} + - libssh 0.9.5-1 (bug #966560) + [buster] - libssh (Minor issue) + NOTE: https://bugs.libssh.org/T232 + NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 + NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 +CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...) + NOT-FOR-US: Swisscom +CVE-2020-16133 + RESERVED +CVE-2020-16132 + REJECTED +CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...) + NOT-FOR-US: beroNet +CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...) + - tikiwiki +CVE-2020-16130 + RESERVED +CVE-2020-16129 + RESERVED +CVE-2020-16128 (The aptdaemon DBus interface disclosed file existence disclosure by se ...) + - aptdaemon + NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 +CVE-2020-16127 (An Ubuntu-specific modification to AccountsService in versions before ...) + - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) +CVE-2020-16126 (An Ubuntu-specific modification to AccountsService in versions before ...) + - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) +CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...) + {DLA-2434-1} + - gdm3 3.38.2-1 + [buster] - gdm3 (Minor issue on Debian) + NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28 + NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642 +CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...) + - ros-ros-comm 1.15.8+ds1-2 + [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2 + [stretch] - ros-ros-comm (Minor issue) + NOTE: https://github.com/ros/ros_comm/pull/2065 +CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where ...) + - pulseaudio (Ubuntu-specific issue) +CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...) + {DLA-2399-1} + - packagekit 1.2.1-1 (bug #972229) + [buster] - packagekit (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 +CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged callers th ...) + {DLA-2399-1} + - packagekit 1.2.1-1 (bug #972229) + [buster] - packagekit (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 +CVE-2020-16120 (Overlayfs did not properly perform permission checking when copying up ...) + - linux 5.8.7-1 + [stretch] - linux (Vulnerable configuration combination not possible) + NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6 +CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...) + {DSA-4978-1 DLA-2843-1 DLA-2785-1} + - linux 5.14.6-1 + [buster] - linux 4.19.208-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7 + NOTE: https://git.kernel.org/linus/d9ea761fdd197351890418acd462c51f241014a7 +CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) + - balsa 2.6.0-1 + [buster] - balsa (Minor issue) + [stretch] - balsa (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 + NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23 +CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...) + {DLA-2309-1} + - evolution-data-server 3.36.0-1 + [buster] - evolution-data-server 3.30.5-1+deb10u2 + NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 + NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 + NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 +CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...) + {DSA-4738-1 DLA-3015-1} + - ark 4:20.04.3-1 + NOTE: https://kde.org/info/security/advisory-20200730-1.txt + NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f +CVE-2020-16115 + REJECTED +CVE-2020-16114 + REJECTED +CVE-2020-16113 + REJECTED +CVE-2020-16112 + REJECTED +CVE-2020-16111 + REJECTED +CVE-2020-16110 + REJECTED +CVE-2020-16109 + REJECTED +CVE-2020-16108 + REJECTED +CVE-2020-16107 + REJECTED +CVE-2020-16106 + REJECTED +CVE-2020-16105 + REJECTED +CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...) + NOT-FOR-US: Gallagher Command Centre Server +CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...) + NOT-FOR-US: dlf for TYPO3 +CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) + - claws-mail 3.17.7-1 (bug #966630) + [buster] - claws-mail (Minor issue) + [stretch] - claws-mail (Minor issue) + NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 +CVE-2020-16093 (In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...) + {DLA-3287-1} + - lemonldap-ng 2.0.9+ds-1 + [stretch] - lemonldap-ng (Minor issue + 2.x is a complete re-write, so very hard to backport!) + NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250 +CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...) + {DSA-4760-1 DLA-2373-1} + - qemu 1:5.1+dfsg-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 +CVE-2020-16091 + REJECTED +CVE-2020-16090 + RESERVED +CVE-2020-16089 + RESERVED +CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) + NOT-FOR-US: OpenIKED +CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...) + NOT-FOR-US: VNG Zalo Desktop +CVE-2020-16086 + RESERVED +CVE-2020-16085 + RESERVED +CVE-2020-16084 + RESERVED +CVE-2020-16083 + RESERVED +CVE-2020-16082 + RESERVED +CVE-2020-16081 + RESERVED +CVE-2020-16080 + RESERVED +CVE-2020-16079 + RESERVED +CVE-2020-16078 + RESERVED +CVE-2020-16077 + RESERVED +CVE-2020-16076 + RESERVED +CVE-2020-16075 + RESERVED +CVE-2020-16074 + RESERVED +CVE-2020-16073 + RESERVED +CVE-2020-16072 + RESERVED +CVE-2020-16071 + RESERVED +CVE-2020-16070 + RESERVED +CVE-2020-16069 + RESERVED +CVE-2020-16068 + RESERVED +CVE-2020-16067 + RESERVED +CVE-2020-16066 + RESERVED +CVE-2020-16065 + RESERVED +CVE-2020-16064 + RESERVED +CVE-2020-16063 + RESERVED +CVE-2020-16062 + RESERVED +CVE-2020-16061 + RESERVED +CVE-2020-16060 + RESERVED +CVE-2020-16059 + RESERVED +CVE-2020-16058 + RESERVED +CVE-2020-16057 + RESERVED +CVE-2020-16056 + RESERVED +CVE-2020-16055 + RESERVED +CVE-2020-16054 + RESERVED +CVE-2020-16053 + RESERVED +CVE-2020-16052 + RESERVED +CVE-2020-16051 + RESERVED +CVE-2020-16050 + RESERVED +CVE-2020-16049 + RESERVED +CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979 +CVE-2020-16047 + RESERVED +CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...) + - chromium (Only affects Chrome on iOS) +CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...) + - chromium (Only affects Chrome on Android) +CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...) + {DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1} + - firefox 84.0.2-1 + - firefox-esr 78.6.1esr-1 + - thunderbird 1:78.6.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044 +CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium (see DSA 4562) +CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...) + {DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) + - firefox 84.0-1 + - firefox-esr 78.6.0esr-1 + - thunderbird 1:78.6.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042 +CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...) + {DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} + - firefox 83.0-1 + - firefox-esr 78.5.0esr-1 + - thunderbird 1:78.5.0-1 + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-16012 +CVE-2020-16011 (Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4 ...) + {DSA-4824-1} + - chromium (Windows-specific) +CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4 ...) + - chromium (Android-specific) +CVE-2020-16009 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.18 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16007 (Insufficient data validation in installer in Google Chrome prior to 86 ...) + - chromium (debian package disables the installer) +CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16005 (Insufficient policy enforcement in ANGLE in Google Chrome prior to 86. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16004 (Use after free in user interface in Google Chrome prior to 86.0.4240.1 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16003 (Use after free in printing in Google Chrome prior to 86.0.4240.111 all ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16002 (Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allow ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16001 (Use after free in media in Google Chrome prior to 86.0.4240.111 allowe ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-16000 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15999 (Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ...) + {DSA-4824-1 DSA-4777-1 DLA-2415-1} + - freetype 2.10.2+dfsg-4 (bug #972586) + NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7 + NOTE: https://savannah.nongnu.org/bugs/?59308 + NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103 +CVE-2020-15998 (Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a ...) + - chromium (Chrome on Android) +CVE-2020-15997 (Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed ...) + - chromium (Chrome on Android) +CVE-2020-15996 (Use after free in passwords in Google Chrome prior to 86.0.4240.99 all ...) + - chromium (Chrome on Android) +CVE-2020-15995 (Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allow ...) + {DSA-4832-1} + - chromium 87.0.4280.141-0.1 (bug #979533) + [stretch] - chromium (see DSA 4562) +CVE-2020-15994 (Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a ...) + - chromium (Chrome on Android) +CVE-2020-15993 (Use after free in printing in Google Chrome prior to 86.0.4240.99 allo ...) + - chromium (Chrome on Android) +CVE-2020-15992 (Insufficient policy enforcement in networking in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15991 (Use after free in password manager in Google Chrome prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15990 (Use after free in autofill in Google Chrome prior to 86.0.4240.75 allo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15989 (Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 al ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15988 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15987 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15986 (Integer overflow in media in Google Chrome prior to 86.0.4240.75 allow ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15985 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15984 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15983 (Insufficient data validation in webUI in Google Chrome on ChromeOS pri ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15982 (Inappropriate implementation in cache in Google Chrome prior to 86.0.4 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15981 (Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 all ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15980 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15979 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15978 (Insufficient data validation in navigation in Google Chrome on Android ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15977 (Insufficient data validation in dialogs in Google Chrome on OS X prior ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15976 (Use after free in WebXR in Google Chrome on Android prior to 86.0.4240 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15975 (Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15974 (Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allow ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15973 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15972 (Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15971 (Use after free in printing in Google Chrome prior to 86.0.4240.75 allo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15970 (Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15969 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) + {DSA-4824-1 DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) + - firefox 82.0-1 + - firefox-esr 78.4.0esr-1 + - thunderbird 1:78.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969 +CVE-2020-15968 (Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15967 (Use after free in payments in Google Chrome prior to 86.0.4240.75 allo ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15965 (Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15964 (Insufficient data validation in media in Google Chrome prior to 85.0.4 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15963 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15962 (Insufficient policy validation in serial in Google Chrome prior to 85. ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15961 (Insufficient policy validation in extensions in Google Chrome prior to ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15960 (Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.12 ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15959 (Insufficient policy enforcement in networking in Google Chrome prior t ...) + {DSA-4824-1} + - chromium 87.0.4280.88-0.1 + [stretch] - chromium (see DSA 4562) +CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) + NOT-FOR-US: 1CRM System +CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) + NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) +CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) + NOT-FOR-US: ACTi NVR3 Standard Server +CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...) + NOT-FOR-US: s/qmail +CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) + {DLA-2300-1} + - kdepim-runtime 4:20.04.1-2 (bug #966666) + [buster] - kdepim-runtime (Minor issue) + - kmail-account-wizard 4:20.04.1-2 (bug #966667) + [buster] - kmail-account-wizard (Minor issue) + - ksmtp 21.12.3-2 + [bullseye] - ksmtp (Minor issue; Upstream changes change API) + [buster] - ksmtp (Minor issue; Upstream changes change API) + NOTE: https://bugs.kde.org/show_bug.cgi?id=423426 + NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2 + NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6 + NOTE: https://kde.org/info/security/advisory-20211118-1.txt + NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 + NOTE: https://invent.kde.org/pim/ksmtp/-/commit/38a4c09427f3fdc04f9893f8eda3f6807d9a3203 + NOTE: https://invent.kde.org/pim/ksmtp/-/commit/60f73c69758fe40a027a8e7402127d085f18545a +CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) + {DLA-2329-1} + - libetpan 1.9.4-3 (bug #966647) + [buster] - libetpan 1.9.3-2+deb10u1 + NOTE: https://github.com/dinhvh/libetpan/issues/386 + NOTE: https://github.com/dinhvh/libetpan/pull/387 + NOTE: https://github.com/dinhvh/libetpan/pull/388 +CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a low-privileged u ...) + NOT-FOR-US: Immuta +CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without properly san ...) + NOT-FOR-US: Immuta +CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user session ...) + NOT-FOR-US: Immuta +CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...) + NOT-FOR-US: Immuta +CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field.) + NOT-FOR-US: eGain Chat +CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...) + - rust-linked-hash-map 0.5.4-1 (bug #966246) + [buster] - rust-linked-hash-map (Minor issue) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html +CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...) + NOT-FOR-US: Loway QueueMetrics +CVE-2020-15946 + RESERVED +CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...) + - lua5.4 5.4.1-1 + - lua5.3 (Specific to 5.4) + - lua5.2 (Specific to 5.4) + - lua5.1 (Specific to 5.4) + - lua50 (Specific to 5.4) + NOTE: https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 (v5.4.1) + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00123.html +CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 for Jir ...) + NOT-FOR-US: Gantt-Chart module for Jira +CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...) + NOT-FOR-US: Gantt-Chart module for Jira +CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...) + NOT-FOR-US: Fortinet +CVE-2020-15941 (A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4 ...) + NOT-FOR-US: Fortiguard +CVE-2020-15940 (An improper neutralization of input vulnerability [CWE-79] in FortiCli ...) + NOT-FOR-US: Fortiguard +CVE-2020-15939 (An improper access control vulnerability (CWE-284) in FortiSandbox ver ...) + NOT-FOR-US: FortiGuard +CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...) + NOT-FOR-US: FortiGate FortiGuard +CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...) + NOT-FOR-US: FortiGate FortiGuard +CVE-2020-15936 (A improper input validation in Fortinet FortiGate version 6.4.3 and be ...) + NOT-FOR-US: FortiGuard +CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...) + NOT-FOR-US: Fortiguard +CVE-2020-15934 + RESERVED +CVE-2020-15933 (A exposure of sensitive information to an unauthorized actor in Fortin ...) + NOT-FOR-US: FortiGuard +CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) + NOT-FOR-US: Overwolf +CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...) + NOT-FOR-US: Netwrix Account Lockout Examiner +CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) + NOT-FOR-US: Joplin desktop +CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) + NOT-FOR-US: Ortus TestBox +CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) + NOT-FOR-US: Ortus TestBox +CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) + NOT-FOR-US: Rocket.Chat +CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) + NOT-FOR-US: Loway QueueMetrics +CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...) + NOT-FOR-US: Mida eFramework +CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...) + - claws-mail 3.17.6-1 + [buster] - claws-mail (Minor issue) + [stretch] - claws-mail (low priority issue) + NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 +CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...) + NOT-FOR-US: Tenda devices +CVE-2020-15915 + RESERVED +CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the Origin Client ...) + NOT-FOR-US: EA Origin Client +CVE-2020-15913 + RESERVED +CVE-2020-15912 (Tesla Model 3 vehicles allow attackers to open a door by leveraging ac ...) + NOT-FOR-US: Tesla +CVE-2020-15911 + RESERVED +CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...) + NOT-FOR-US: SolarWinds +CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...) + NOT-FOR-US: SolarWinds +CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...) + NOT-FOR-US: Cauldron cbang +CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...) + - mahara +CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...) + - tikiwiki +CVE-2020-15905 + RESERVED +CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...) + NOT-FOR-US: bsdiff4 (different from src:bsdiff) +CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...) + NOT-FOR-US: Nagios XI +CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...) + NOT-FOR-US: Nagios XI +CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...) + NOT-FOR-US: Nagios XI +CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) + - ghostscript 9.52.1~dfsg-1 + [buster] - ghostscript (Vulnerable code introduced later) + [stretch] - ghostscript (Vulnerable code introduced later) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582 + NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1) +CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) + NOT-FOR-US: Grin +CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded across VL ...) + NOT-FOR-US: Arista +CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) + NOT-FOR-US: Arista EOS +CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...) + NOT-FOR-US: D-Link +CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...) + NOT-FOR-US: D-Link +CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) + NOT-FOR-US: D-Link +CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) + NOT-FOR-US: D-Link +CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...) + NOT-FOR-US: D-Link +CVE-2020-15891 + RESERVED +CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) + {DLA-2296-1} + - luajit 2.1.0~beta3+git20210112+dfsg-2 (unimportant; bug #966148) + NOTE: https://github.com/LuaJIT/LuaJIT/issues/601 + NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6 + NOTE: No security impact, only "exploitable" with untrusted Lua code +CVE-2020-15889 (Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...) + - lua5.4 5.4.0-2 + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html + NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312 + NOTE: Introduced in 5.4 +CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...) + - lua5.4 5.4.1-1 (bug #972101) + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html + NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html + NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 + NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 +CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...) + NOT-FOR-US: MunkiReport +CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...) + NOT-FOR-US: MunkiReport +CVE-2020-15885 (A Cross-Site Scripting (XSS) vulnerability in the comment module befor ...) + NOT-FOR-US: MunkiReport +CVE-2020-15884 (A SQL injection vulnerability in TableQuery.php in MunkiReport before ...) + NOT-FOR-US: MunkiReport +CVE-2020-15883 (A Cross-Site Scripting (XSS) vulnerability in the managedinstalls modu ...) + NOT-FOR-US: MunkiReport +CVE-2020-15882 (A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6. ...) + NOT-FOR-US: MunkiReport +CVE-2020-15881 (A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Mun ...) + NOT-FOR-US: MunkiReport +CVE-2020-15880 + RESERVED +CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...) + NOT-FOR-US: Bitwarden Server + NOTE: bitwarden client is ITP'ed as #956836 +CVE-2020-15878 + RESERVED +CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...) + NOT-FOR-US: LibreNMS +CVE-2020-15876 + RESERVED +CVE-2020-15875 + RESERVED +CVE-2020-15874 + RESERVED +CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...) + NOT-FOR-US: LibreNMS +CVE-2020-15872 + RESERVED +CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows ...) + NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro +CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) + NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro +CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) + NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro +CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...) + NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro +CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...) + NOT-FOR-US: Go Git Service +CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) + {DLA-2996-1} + - mruby 2.1.2-1 (bug #972051) + [buster] - mruby (Minor issue) + NOTE: https://github.com/mruby/mruby/issues/5042 + NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview) + NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2) +CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...) + NOT-FOR-US: Stimulsoft +CVE-2020-15864 (An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability ...) + NOT-FOR-US: Quali CloudShell +CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) + {DSA-4760-1 DLA-2288-1} + - qemu 1:5.0-12 + NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 +CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...) + {DSA-4746-1 DLA-2313-1} + - net-snmp 5.8+dfsg-5 (bug #966599) + NOTE: https://github.com/net-snmp/net-snmp/issues/145 + NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 +CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) + NOT-FOR-US: Parallels +CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) + {DLA-3099-1 DLA-2560-1} + - qemu 1:5.2+dfsg-1 (bug #965978) + NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html + NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3 +CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...) + NOT-FOR-US: Thales DIS +CVE-2020-15857 + RESERVED +CVE-2020-15856 + RESERVED +CVE-2020-15855 (Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.) + NOT-FOR-US: Bodhi +CVE-2020-15854 + RESERVED +CVE-2020-15853 (supybot-fedora implements the command 'refresh', that refreshes the ca ...) + NOT-FOR-US: supybot-fedora +CVE-2020-XXXX [mpv insecure lua loadpath] + - mpv 0.32.0-2 (bug #950816) + [buster] - mpv (Minor issue) + [stretch] - mpv (Minor issue) + NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6 +CVE-2020-15851 (Lack of access control in Nakivo Backup & Replication Transporter vers ...) + NOT-FOR-US: Nakivo Backup +CVE-2020-15850 (Insecure permissions in Nakivo Backup & Replication Director version 9 ...) + NOT-FOR-US: Nakivo Backup +CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...) + NOT-FOR-US: Re:Desk +CVE-2020-15848 + RESERVED +CVE-2020-15847 + RESERVED +CVE-2020-15846 + RESERVED +CVE-2020-15845 + RESERVED +CVE-2020-15844 + RESERVED +CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...) + NOT-FOR-US: ActFax +CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...) + NOT-FOR-US: Liferay +CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...) + NOT-FOR-US: Liferay +CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...) + NOT-FOR-US: Liferay +CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...) + NOT-FOR-US: Liferay +CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...) + NOT-FOR-US: ConnectWise Automate +CVE-2020-15837 + RESERVED +CVE-2020-15836 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-15835 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-15834 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-15833 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-15832 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...) + NOT-FOR-US: JetBrains ToolBox +CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...) + - kotlin (Only affects the 1.4.x series) +CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-15862 (Net-SNMP through 5.8 has Improper Privilege Management because SNMP WR ...) + {DSA-4746-1 DLA-2299-1} + - net-snmp 5.8+dfsg-4 (bug #965166) + NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07 + NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still + NOTE: possible to enable the MIB via --with-mib-modules configure option. + NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB + NOTE: read-only, cf. https://bugs.debian.org/966544 + NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5 + NOTE: Makes extended mib read-only: + NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 +CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) + NOT-FOR-US: Western Digital WD Discovery +CVE-2020-15815 + RESERVED +CVE-2020-15814 + RESERVED +CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...) + - graylog2 (bug #652273) +CVE-2020-15812 + RESERVED +CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) + {DSA-4751-1 DLA-2394-1} + - squid 4.13-1 (bug #968932) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch +CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...) + {DSA-4751-1 DLA-2394-1} + - squid 4.13-1 (bug #968933) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch +CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) + {DSA-4751-1 DLA-2394-1} + - squid 4.13-1 (bug #968934) + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch +CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...) + NOT-FOR-US: SpinetiX devices +CVE-2020-15808 + RESERVED +CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...) + - libredwg (bug #595191) +CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...) + NOT-FOR-US: CODESYS +CVE-2020-15805 + RESERVED +CVE-2020-15804 + RESERVED +CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...) + {DLA-3390-1 DLA-2631-1 DLA-2311-1} + - zabbix 1:5.0.2+dfsg-1 (bug #966146) + NOTE: https://support.zabbix.com/browse/ZBX-18057 +CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...) + NOTE: Bluetooth protocol issue + NOTE: https://www.kb.cert.org/vuls/id/589825/ +CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...) + - python3.9 (Windows-specific) + - python3.8 (Windows-specific) + - python3.7 (Windows-specific) + - python3.5 (Windows-specific) + - python2.7 (Windows-specific) +CVE-2019-20915 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) + - libredwg (bug #595191) +CVE-2019-20914 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) + - libredwg (bug #595191) +CVE-2019-20913 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) + - libredwg (bug #595191) +CVE-2019-20912 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) + - libredwg (bug #595191) +CVE-2019-20911 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) + - libredwg (bug #595191) +CVE-2019-20910 (An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input w ...) + - libredwg (bug #595191) +CVE-2019-20909 (An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL ...) + - libredwg (bug #595191) +CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...) + - linux 5.7.10-1 + [buster] - linux (Only affects 5.5 and later) + [stretch] - linux (Only affects 5.5 and later) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1 +CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) + NOT-FOR-US: Siemens +CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) + NOT-FOR-US: Siemens +CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) + NOT-FOR-US: Siemens +CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) + NOT-FOR-US: DCA Vantage Analyzer +CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) + NOT-FOR-US: Siemens +CVE-2020-15795 (A vulnerability has been identified in APOGEE PXC Compact (BACnet) (Al ...) + NOT-FOR-US: Nucleus (Siemens) +CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...) + NOT-FOR-US: Desigo Insight +CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...) + NOT-FOR-US: Desigo Insight +CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...) + NOT-FOR-US: Desigo Insight +CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) + NOT-FOR-US: Siemens +CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + NOT-FOR-US: Siemens +CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) + NOT-FOR-US: Siemens +CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) + NOT-FOR-US: Siemens +CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...) + NOT-FOR-US: Siemens +CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) + NOT-FOR-US: Siemens +CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...) + NOT-FOR-US: Siveillance Video Client +CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) + NOT-FOR-US: Spectrum Power 4 +CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) + NOT-FOR-US: Siemens +CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...) + NOT-FOR-US: Siemens +CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) + NOT-FOR-US: Siemens +CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) + NOT-FOR-US: Node socket.io-file +CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) + - linux 5.7.10-1 + [buster] - linux 4.19.146-1 + [stretch] - linux (securelevel included but not supported) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3 + NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354 +CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in the scp.c tor ...) + - openssh (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487 + NOTE: https://github.com/cpandya2909/CVE-2020-15778 + NOTE: Negligible security impact, changing the scp protocol can have a good chance + NOTE: of breaking existing workflows. +CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) + NOT-FOR-US: Maven Extension plugin for Gradle Enterprise +CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CS ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /u ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An att ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When c ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. An attacker can p ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...) + NOT-FOR-US: Gradle Enterprise +CVE-2020-15766 + REJECTED +CVE-2020-15765 + REJECTED +CVE-2020-15764 + REJECTED +CVE-2020-15763 + REJECTED +CVE-2020-15762 + REJECTED +CVE-2020-15761 + REJECTED +CVE-2020-15760 + REJECTED +CVE-2020-15759 + REJECTED +CVE-2020-15758 + REJECTED +CVE-2020-15757 + REJECTED +CVE-2020-15756 + REJECTED +CVE-2020-15755 + REJECTED +CVE-2020-15754 + REJECTED +CVE-2020-15753 + REJECTED +CVE-2020-15752 + REJECTED +CVE-2020-15751 + REJECTED +CVE-2020-15750 + REJECTED +CVE-2020-15749 + REJECTED +CVE-2020-15748 + REJECTED +CVE-2020-15747 + REJECTED +CVE-2020-15746 + REJECTED +CVE-2020-15745 + REJECTED +CVE-2020-15744 (Stack-based Buffer Overflow vulnerability in the ONVIF server componen ...) + NOT-FOR-US: Victure PC420 devices +CVE-2020-15743 + REJECTED +CVE-2020-15742 + RESERVED +CVE-2020-15741 + REJECTED +CVE-2020-15740 + REJECTED +CVE-2020-15739 + RESERVED +CVE-2020-15738 + REJECTED +CVE-2020-15737 + REJECTED +CVE-2020-15736 + REJECTED +CVE-2020-15735 + RESERVED +CVE-2020-15734 (An Origin Validation Error vulnerability in Bitdefender Safepay allows ...) + NOT-FOR-US: Bitdefender +CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...) + NOT-FOR-US: Bitdefender Antivirus Plus +CVE-2020-15732 (Improper Certificate Validation vulnerability in the Online Threat Pre ...) + NOT-FOR-US: Bitdefender +CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...) + NOT-FOR-US: Bitdefender +CVE-2020-15730 + REJECTED +CVE-2020-15729 + RESERVED +CVE-2020-15728 + REJECTED +CVE-2020-15727 + RESERVED +CVE-2020-15726 + RESERVED +CVE-2020-15725 + RESERVED +CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...) + NOT-FOR-US: 360 Total Security +CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...) + NOT-FOR-US: 360 Total Security +CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...) + NOT-FOR-US: 360 Total Security +CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...) + NOT-FOR-US: RosarioSIS +CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...) + - dogtag-pki 10.9.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273 + NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 +CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...) + - openldap (unimportant; bug #965184) + NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070 + NOTE: RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch + NOTE: OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap + NOTE: behaviour does conform with RFC4513. RFC6125 does not superseed the rules for + NOTE: verifying service identity provided in specifications for existing application + NOTE: protocols published prior to RFC6125, like RFC4513 for LDAP. +CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + NOT-FOR-US: RosarioSIS +CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + NOT-FOR-US: RosarioSIS +CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + NOT-FOR-US: RosarioSIS +CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...) + NOT-FOR-US: rConfig +CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) + NOT-FOR-US: rConfig +CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) + NOT-FOR-US: rConfig +CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...) + NOT-FOR-US: rConfig +CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...) + NOT-FOR-US: MISP +CVE-2020-15710 (Potential double free in Bluez 5 module of PulseAudio could allow a lo ...) + - pulseaudio (Issue in Ubuntu-specific patch) + NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pulseaudio/%2Bbug/1884738 +CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...) + {DLA-2339-1} + - software-properties (unimportant; bug #968850) + NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1 + NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 +CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...) + - libvirt (Ubuntu specific issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 + NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on + NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued + NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch + NOTE: which caused the CVE-2020-15708 issue. + NOTE: Upstream improved documentation in with: + NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html +CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 +CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() leadi ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040 +CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...) + - grub2 (Vulnerable code specific in Ubuntu) + NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in + NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature + NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling + NOTE: those two cases in the same way when they were previously handled differently, + NOTE: and so not a problem for src:grub2 in Debian. + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 +CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...) + - ppp (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian) +CVE-2020-15703 (There is no input validation on the Locale property in an apt transact ...) + - aptdaemon + NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235 +CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...) + NOT-FOR-US: Apport +CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...) + NOT-FOR-US: Apport +CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) + NOT-FOR-US: Joomla! +CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...) + NOT-FOR-US: Joomla! +CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...) + NOT-FOR-US: Joomla! +CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...) + NOT-FOR-US: Joomla! +CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...) + NOT-FOR-US: Joomla! +CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) + NOT-FOR-US: Joomla! +CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) + - nim 1.2.6-1 + [buster] - nim (Minor issue) + [stretch] - nim (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 +CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) + - nim 1.2.6-1 + [buster] - nim (Minor issue) + [stretch] - nim (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 +CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) + - nim 1.2.6-1 + [buster] - nim (Minor issue) + [stretch] - nim (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1 +CVE-2020-15691 + RESERVED +CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) + - nim 1.2.6-1 + [buster] - nim (Minor issue) + [stretch] - nim (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3 +CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) + NOT-FOR-US: Appweb +CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) + NOT-FOR-US: Embedthis GoAhead +CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...) + NOT-FOR-US: ACRN Project +CVE-2019-20908 (An issue was discovered in drivers/firmware/efi/efi.c in the Linux ker ...) + - linux 5.2.6-1 + [buster] - linux 4.19.132-1 + [stretch] - linux (securelevel included but not supported) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/14/1 + NOTE: Fixed by: https://git.kernel.org/linus/1957a85b0032a81e6482ca4aab883643b8dae06e +CVE-2019-20907 (In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craf ...) + {DLA-3432-1 DLA-2456-1 DLA-2337-1} + - python3.9 3.9.0~b5-1 (low) + - python3.8 3.8.5-1 (low) + - python3.7 (low) + [buster] - python3.7 3.7.3-2+deb10u2 + - python3.5 (low) + - python2.7 2.7.18-2 (low; bug #970099) + NOTE: https://bugs.python.org/issue39017 + NOTE: https://github.com/python/cpython/commit/5a8d121a1f3ef5ad7c105ee378cc79a3eac0c7d4 (master) + NOTE: https://github.com/python/cpython/commit/f3232294ee695492f43d424cc6969d018d49861d (3.9-branch) + NOTE: https://github.com/python/cpython/commit/c55479556db015f48fc8bbca17f64d3e65598559 (3.8-branch) + NOTE: https://github.com/python/cpython/commit/79c6b602efc9a906c8496f3d5f4d54c54b48fa06 (3.7-branch) + NOTE: https://github.com/python/cpython/commit/47a2955589bdb1a114d271496ff803ad73f954b8 (3.6-branch) + NOTE: https://github.com/python/cpython/pull/21454 +CVE-2020-15686 + RESERVED +CVE-2020-15685 (During the plaintext phase of the STARTTLS connection setup, protocol ...) + {DSA-4842-1 DLA-2541-1} + - thunderbird 1:78.7.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685 +CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...) + - firefox 82.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 +CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} + - firefox 82.0-1 + - firefox-esr 78.4.0esr-1 + - thunderbird 1:78.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683 +CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...) + - firefox 82.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682 +CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...) + - firefox 82.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681 +CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...) + - firefox 82.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680 +CVE-2020-15679 (An OAuth session fixation vulnerability existed in the VPN login flow, ...) + NOT-FOR-US: Mozilla VPN +CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...) + {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} + - firefox 81.0-1 + - firefox-esr 78.3.0esr-1 + - thunderbird 1:78.3.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678 +CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...) + {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} + - firefox 81.0-1 + - firefox-esr 78.3.0esr-1 + - thunderbird 1:78.3.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677 +CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...) + {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} + - firefox 81.0-1 + - firefox-esr 78.3.0esr-1 + - thunderbird 1:78.3.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676 +CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...) + - firefox 81.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675 +CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...) + - firefox 81.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674 +CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...) + {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} + - firefox 81.0-1 + - firefox-esr 78.3.0esr-1 + - thunderbird 1:78.3.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 +CVE-2020-15672 + RESERVED +CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...) + - firefox (Android specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/#CVE-2020-15671 +CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...) + - firefox 80.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 +CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...) + {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} + - firefox-esr 68.12.0esr-1 + - thunderbird 1:68.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 +CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...) + - firefox 80.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 +CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...) + - firefox 80.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 +CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...) + - firefox 80.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 +CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...) + - firefox 80.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 +CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...) + {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} + - firefox 80.0-1 + - firefox-esr 68.12.0esr-1 + - thunderbird 1:68.12.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 +CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15663 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15663 +CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...) + - firefox (Specific to Firefox for iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662 +CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...) + - firefox (Specific to Firefox for iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661 +CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...) + - geckodriver (bug #989456) +CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} + - firefox 79.0-1 + - firefox-esr 68.11.0esr-1 + - thunderbird 1:68.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659 +CVE-2020-15658 (The code for downloading files did not properly take care of special c ...) + - firefox 79.0-1 + - thunderbird (Only affects Thunderbird 78.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658 +CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...) + - firefox (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657 +CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...) + - firefox 79.0-1 + - thunderbird (Only affects Thunderbird 78.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656 +CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...) + - firefox 79.0-1 + - thunderbird (Only affects Thunderbird 78.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655 +CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...) + - firefox 79.0-1 + - thunderbird (Only affects Thunderbird 78.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654 +CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...) + - firefox 79.0-1 + - thunderbird (Only affects Thunderbird 78.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653 +CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...) + {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} + - firefox 79.0-1 + - firefox-esr 68.11.0esr-1 + - thunderbird 1:68.11.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652 +CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...) + - firefox (Specific to Firefox for iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651 +CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...) + - firefox-esr (Android specific) + - firefox (Android specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650 +CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...) + - firefox-esr (Android specific) + - firefox (Android specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649 +CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...) + - firefox 78.0.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648 +CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...) + - firefox (Only affects Firefox for Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647 +CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...) + {DSA-4718-1} + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646 +CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Marvell QConvergeConsole +CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgear +CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: D-Link +CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit +CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) + NOT-FOR-US: Trend Micro +CVE-2020-15604 (An incomplete SSL server certification validation vulnerability in the ...) + NOT-FOR-US: Trend Micro +CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...) + NOT-FOR-US: Trend Micro +CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...) + NOT-FOR-US: Trend Micro +CVE-2020-15601 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) + NOT-FOR-US: Trend Micro +CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...) + NOT-FOR-US: CMSUno +CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...) + NOT-FOR-US: Victor CMS +CVE-2020-15598 (Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a ...) + {DSA-4765-1} + - modsecurity 3.0.4-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588 + NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ + NOTE: https://coreruleset.org/20200914/cve-2020-15598/ + NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2348 +CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...) + NOT-FOR-US: SOPlanning +CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...) + NOT-FOR-US: ALPS ALPINE touchpad driver for Windows +CVE-2019-20906 + RESERVED +CVE-2019-20905 + RESERVED +CVE-2019-20904 + RESERVED +CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...) + NOT-FOR-US: Atlassian +CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...) + NOT-FOR-US: Atlassian +CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...) + NOT-FOR-US: Atlassian +CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20899 (The Gadget API in Atlassian Jira Server and Data Center in affected ve ...) + NOT-FOR-US: Atlassian +CVE-2019-20898 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20897 (The avatar upload feature in affected versions of Atlassian Jira Serve ...) + NOT-FOR-US: Atlassian +CVE-2020-XXXX [veyon-configurator tmp handling] + - veyon 4.4.1+repack1-1 (bug #964568) + [buster] - veyon (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1 +CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...) + NOT-FOR-US: Zoho Application Control Plus +CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...) + NOT-FOR-US: Zoho Application Control Plus +CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...) + NOT-FOR-US: SteelCentral Aternity Agent +CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...) + NOT-FOR-US: SteelCentral Aternity Agent +CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...) + NOT-FOR-US: Private Internet Access client for Linux +CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...) + NOT-FOR-US: Zoho ManageEngine Desktop Central +CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-15587 + RESERVED +CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...) + {DSA-4848-1 DLA-2460-1 DLA-2459-1} + - golang-1.15 1.15~rc1-1 + - golang-1.14 1.14.6-1 + - golang-1.11 + - golang-1.8 + - golang-1.7 + - golang + NOTE: https://github.com/golang/go/issues/34902 + NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ +CVE-2020-15585 + RESERVED +CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...) + NOT-FOR-US: SolarWinds Serv-U File Server +CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...) + NOT-FOR-US: SolarWinds Serv-U File Server +CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...) + NOT-FOR-US: SolarWinds Serv-U File Server +CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) + NOT-FOR-US: SolarWinds Serv-U File Server +CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) + NOT-FOR-US: WebChess +CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...) + - tor 0.4.3.6-1 (unimportant) + NOTE: Tor in Debian doesn't use NSS + NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes +CVE-2020-15571 + RESERVED +CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...) + NOT-FOR-US: Whoopsie +CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) + {DLA-2292-1} + - milkytracker 1.02.00+dfsg-2.1 (bug #964797) + [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 + NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf +CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...) + NOT-FOR-US: TerraMaster TOS +CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) + {DSA-4723-1} + - xen 4.11.4+24-gddaaccbbab-1 + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-328.html +CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) + {DSA-4723-1} + - xen 4.11.4+24-gddaaccbbab-1 + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-317.html +CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...) + {DSA-4723-1} + - xen 4.11.4+24-gddaaccbbab-1 + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-321.html +CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...) + {DSA-4723-1} + - xen 4.11.4+24-gddaaccbbab-1 + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-327.html +CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...) + {DSA-4723-1} + - xen 4.11.4+24-gddaaccbbab-1 + [stretch] - xen (DSA 4602-1) + NOTE: https://xenbits.xen.org/xsa/advisory-319.html +CVE-2020-15561 + RESERVED +CVE-2020-15560 + RESERVED +CVE-2020-15559 + RESERVED +CVE-2020-15558 + RESERVED +CVE-2020-15557 + RESERVED +CVE-2020-15556 + RESERVED +CVE-2020-15555 + RESERVED +CVE-2020-15554 + RESERVED +CVE-2020-15553 + RESERVED +CVE-2020-15552 + RESERVED +CVE-2020-15551 + RESERVED +CVE-2020-15550 + RESERVED +CVE-2020-15549 + RESERVED +CVE-2020-15548 + RESERVED +CVE-2020-15547 + RESERVED +CVE-2020-15546 + RESERVED +CVE-2020-15545 + RESERVED +CVE-2020-15544 + RESERVED +CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...) + NOT-FOR-US: SolarWinds Serv-U FTP server +CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...) + NOT-FOR-US: SolarWinds Serv-U FTP server +CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...) + NOT-FOR-US: SolarWinds Serv-U FTP server +CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...) + {DSA-4720-1} + - roundcube 1.4.7+dfsg.1-1 (bug #964355) + [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6 + NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 + NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b + NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee +CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...) + NOT-FOR-US: We-com OpenData CMS +CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...) + NOT-FOR-US: We-com Municipality portal CMS +CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...) + NOT-FOR-US: We-com Municipality portal CMS +CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS ...) + NOT-FOR-US: Vanguard plugin for WordPress +CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...) + NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress +CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...) + NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress +CVE-2020-15534 + RESERVED +CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...) + NOT-FOR-US: Zoho ManageEngine Application Manager +CVE-2019-20895 + RESERVED +CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) + NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK +CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) + NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK +CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...) + - steam (Steam on Windows) +CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) + NOT-FOR-US: GOG Galaxy client +CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) + NOT-FOR-US: GOG Galaxy client +CVE-2020-15527 + RESERVED +CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...) + NOT-FOR-US: Redgate SQL Monitor +CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...) + - gitlab (Specific to EE) +CVE-2020-15524 + RESERVED +CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) + - python3.8 (Python on Windows) + - python2.7 (Python on Windows) +CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...) + - bouncycastle 1.68-1 + [buster] - bouncycastle (Minor issue) + [stretch] - bouncycastle (Minor issue) + NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 +CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...) + NOT-FOR-US: Zoho +CVE-2020-15520 + RESERVED +CVE-2020-15519 + RESERVED +CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & ...) + NOT-FOR-US: Veeam +CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) + NOT-FOR-US: Typo3 extension +CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) + NOT-FOR-US: Typo3 extension +CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) + NOT-FOR-US: Typo3 extension +CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) + NOT-FOR-US: Typo3 extension +CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) + NOT-FOR-US: Typo3 extension +CVE-2020-15512 + RESERVED +CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...) + NOT-FOR-US: HashiCorp Terraform Enterprise +CVE-2020-15510 + RESERVED +CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...) + NOT-FOR-US: Nordic Semiconductor +CVE-2020-15508 + RESERVED +CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...) + NOT-FOR-US: MobileIron Core and Connector +CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connector ...) + NOT-FOR-US: MobileIron Core and Connector +CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connector v ...) + NOT-FOR-US: MobileIron Core and Connector +CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) + NOT-FOR-US: Sophos +CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) + {DLA-3214-1} + [experimental] - libraw 0.20.0-1 + - libraw 0.20.0-4 (bug #964747) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 + NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d +CVE-2020-15502 (The DuckDuckGo application through 5.58.0 for Android, and through 7.4 ...) + NOT-FOR-US: DuckDuckGo application for Android and iOS +CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...) + - traefik (bug #983289) +CVE-2020-15501 (Smarter Coffee Maker before 2nd generation allows firmware replacement ...) + NOT-FOR-US: Smarter Coffee Maker +CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) + NOT-FOR-US: TileServer GL +CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) + NOT-FOR-US: ASUS RT-AC1900P routers +CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) + NOT-FOR-US: ASUS RT-AC1900P routers +CVE-2020-15497 (jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 ...) + NOT-FOR-US: Jalios JCMS +CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...) + NOT-FOR-US: Acronis +CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...) + NOT-FOR-US: Acronis +CVE-2020-15494 + RESERVED +CVE-2020-15493 + RESERVED +CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 ...) + NOT-FOR-US: INNEO +CVE-2020-15491 + RESERVED +CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) + NOT-FOR-US: Wavlink WL-WN530HG4 +CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) + NOT-FOR-US: Wavlink WL-WN530HG4 +CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload.) + NOT-FOR-US: Re:Desk +CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...) + NOT-FOR-US: Re:Desk +CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...) + NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices +CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) + NOT-FOR-US: Nescomed Multipara Monitor M1000 devices +CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) + NOT-FOR-US: Nescomed Multipara Monitor M1000 devices +CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) + NOT-FOR-US: Nescomed Multipara Monitor M1000 devices +CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) + NOT-FOR-US: Nescomed Multipara Monitor M1000 devices +CVE-2020-15481 (An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSFore ...) + NOT-FOR-US: PassMark +CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) + NOT-FOR-US: PassMark +CVE-2020-15479 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) + NOT-FOR-US: PassMark +CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...) + NOT-FOR-US: Journal theme for OpenCart +CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...) + NOT-FOR-US: RaspberryTortoise +CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) + {DLA-3084-1 DLA-2354-1} + - ndpi 3.4-1 (bug #972050) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 + NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4) +CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Vulnerable code not present, content_disposition_line introduced later) + [stretch] - ndpi (Vulnerable code not present, content_disposition_line introduced later) + NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4) +CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Vulnerable code not present) + [stretch] - ndpi (Vulnerable code not present) + NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4) +CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Patch cannot be cleanly applied. Codebase changed a lot) + [stretch] - ndpi (Vulnerable code introduced later) + NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4) +CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...) + {DLA-3084-1} + - ndpi 3.4-1 (bug #972050) + [stretch] - ndpi (Vulnerable code introduced later) + NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4) +CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Vulnerable code not present) + [stretch] - ndpi (Vulnerable code not present) + NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4) +CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) + NOT-FOR-US: ffjpeg +CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...) + {DLA-3099-1 DLA-2560-1} + - qemu 1:6.0+dfsg-3 (low; bug #970253) + [bullseye] - qemu (Minor issue, too intrusive to backport) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54 +CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) + NOT-FOR-US: Persian VIP Download Script +CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) + NOT-FOR-US: Cohesive Networks vns3:vpn appliances +CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) + {DLA-2547-1} + - wireshark 3.2.5-1 (low) + [buster] - wireshark 2.6.20-0+deb10u1 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html +CVE-2020-15465 + REJECTED +CVE-2020-15464 + REJECTED +CVE-2020-15463 + REJECTED +CVE-2020-15462 + REJECTED +CVE-2020-15461 + REJECTED +CVE-2020-15460 + REJECTED +CVE-2020-15459 + REJECTED +CVE-2020-15458 + REJECTED +CVE-2020-15457 + REJECTED +CVE-2020-15456 + REJECTED +CVE-2020-15455 + REJECTED +CVE-2020-15454 + REJECTED +CVE-2020-15453 + REJECTED +CVE-2020-15452 + REJECTED +CVE-2020-15451 + REJECTED +CVE-2020-15450 + REJECTED +CVE-2020-15449 + REJECTED +CVE-2020-15448 + REJECTED +CVE-2020-15447 + REJECTED +CVE-2020-15446 + REJECTED +CVE-2020-15445 + REJECTED +CVE-2020-15444 + REJECTED +CVE-2020-15443 + REJECTED +CVE-2020-15442 + REJECTED +CVE-2020-15441 + REJECTED +CVE-2020-15440 + REJECTED +CVE-2020-15439 + REJECTED +CVE-2020-15438 + REJECTED +CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...) + - linux 5.7.17-1 + [buster] - linux 4.19.146-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/f4c23a140d80ef5e6d3d1f8f57007649014b60fa +CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...) + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.240-1 + NOTE: https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14 +CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Veeam +CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Veeam +CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) + NOT-FOR-US: DrayTek +CVE-2020-15414 + RESERVED +CVE-2020-15413 + RESERVED +CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...) + NOT-FOR-US: MISP +CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...) + NOT-FOR-US: MISP +CVE-2020-15410 + RESERVED +CVE-2020-15409 + RESERVED +CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-15407 + RESERVED +CVE-2020-15406 + RESERVED +CVE-2020-15405 + RESERVED +CVE-2020-15404 + RESERVED +CVE-2020-15403 + RESERVED +CVE-2020-15402 + RESERVED +CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...) + NOT-FOR-US: IOBit Malware Fighter Pro +CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...) + - cakephp (bug #985673) + [bullseye] - cakephp (Minor issue) + [buster] - cakephp (Minor issue) + [stretch] - cakephp (Minor issue) +CVE-2020-15399 + RESERVED +CVE-2020-15398 + RESERVED +CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...) + - hylafax (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian) + NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ +CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) + - hylafax 3:6.0.7-3.1 (bug #964198) + [buster] - hylafax (Minor issue) + [stretch] - hylafax (Minor issue) + NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ +CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...) + {DLA-2603-1} + - libmediainfo 20.09+dfsg-1 (low; bug #967073) + [buster] - libmediainfo (Minor issue) + [jessie] - libmediainfo (Minor issue) + NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/ + NOTE: https://github.com/MediaArea/MediaInfoLib/commit/5b998282f47f080592d298a25c642f13a895c4dc +CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...) + NOT-FOR-US: Zoho +CVE-2019-20893 (An issue was discovered in Activision Infinity Ward Call of Duty Moder ...) + NOT-FOR-US: Activision +CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...) + - libvncserver 0.9.12+dfsg-3 + [buster] - libvncserver (Required change too invasive, minor issue) + [stretch] - libvncserver (Required change too invasive, minor issue) + NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2 +CVE-2020-15393 (In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/u ...) + {DLA-2420-1 DLA-2323-1} + - linux 5.7.10-1 + [buster] - linux 4.19.131-1 + NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba +CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...) + NOT-FOR-US: Venki +CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...) + NOT-FOR-US: DevSpace +CVE-2020-15390 (pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration ...) + NOT-FOR-US: Pega Platform +CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) + {DSA-4882-1 DLA-2277-1} + - openjpeg2 2.4.0-1 (bug #965220) + NOTE: https://github.com/uclouvain/openjpeg/issues/1261 + NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0) +CVE-2020-15388 (A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0 ...) + NOT-FOR-US: Brocade +CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...) + NOT-FOR-US: Brocade +CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...) + NOT-FOR-US: Brocade +CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...) + NOT-FOR-US: Brocade +CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...) + NOT-FOR-US: Brocade +CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...) + NOT-FOR-US: Brocade +CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...) + NOT-FOR-US: Brocade +CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...) + NOT-FOR-US: Brocade +CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the \u ...) + NOT-FOR-US: Brocade +CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...) + NOT-FOR-US: Brocade +CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...) + NOT-FOR-US: Brocade +CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...) + NOT-FOR-US: Brocade +CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...) + NOT-FOR-US: Brocade Fabric OS +CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) + NOT-FOR-US: ASRock RGB Driver +CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...) + NOT-FOR-US: Venki +CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...) + - node-ajv 6.12.4-1 + [buster] - node-ajv (Minor issue) + NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 +CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) + - libraw (Vulnerable code introduced in 0.20-Beta1) + NOTE: https://github.com/LibRaw/LibRaw/issues/301 + NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2 +CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...) + NOT-FOR-US: Wordpress theme +CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...) + NOT-FOR-US: Wordpress theme +CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...) + NOT-FOR-US: thingsSDK WiFi Scanner +CVE-2020-15361 + RESERVED +CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2020-15359 + RESERVED +CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and ...) + NOT-FOR-US: Askey +CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) + - sqlite3 3.32.3-1 + [buster] - sqlite3 3.27.2-3+deb10u1 + [stretch] - sqlite3 (Vulnerable code introduced in 3.25.0) + [jessie] - sqlite3 (Vulnerable code introduced in 3.25.0) + - sqlite (multiSelectOrderBy not present, PoC doesn't crash) + NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 + NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010 +CVE-2020-15356 + REJECTED +CVE-2020-15355 + REJECTED +CVE-2020-15354 + REJECTED +CVE-2013-7489 (The Beaker library through 1.11.0 for Python is affected by deserializ ...) + - beaker (bug #966197) + [bookworm] - beaker (Minor issue) + [bullseye] - beaker (Minor issue) + [buster] - beaker (Minor issue) + [stretch] - beaker (Minor issue) + NOTE: https://github.com/bbangert/beaker/issues/191 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/14/11 +CVE-2020-15353 + RESERVED +CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) + NOT-FOR-US: IDrive +CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) + NOT-FOR-US: RIOT RIOT-OS +CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation ...) + NOT-FOR-US: BinaryNights ForkLift +CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) + NOT-FOR-US: Zyxel +CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...) + NOT-FOR-US: Zyxel +CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...) + NOT-FOR-US: Zyxel +CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) + NOT-FOR-US: Zyxel +CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) + NOT-FOR-US: Zyxel +CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) + NOT-FOR-US: Zyxel +CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) + NOT-FOR-US: Zyxel +CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...) + NOT-FOR-US: Zyxel +CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...) + NOT-FOR-US: Zyxel +CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...) + NOT-FOR-US: Zyxel +CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) + NOT-FOR-US: Zyxel +CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) + NOT-FOR-US: Zyxel +CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) + NOT-FOR-US: Zyxel +CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) + NOT-FOR-US: Zyxel +CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...) + NOT-FOR-US: Zyxel +CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...) + NOT-FOR-US: Zyxel +CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...) + NOT-FOR-US: Zyxel +CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...) + NOT-FOR-US: Zyxel +CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...) + NOT-FOR-US: Zyxel +CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...) + NOT-FOR-US: Zyxel +CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...) + NOT-FOR-US: Zyxel +CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...) + NOT-FOR-US: Zyxel +CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...) + NOT-FOR-US: Zyxel +CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...) + NOT-FOR-US: Zyxel +CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...) + NOT-FOR-US: Zyxel +CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...) + NOT-FOR-US: Zyxel +CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...) + NOT-FOR-US: Zyxel +CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...) + NOT-FOR-US: Zyxel +CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...) + NOT-FOR-US: Zyxel +CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) + NOT-FOR-US: Zyxel +CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) + NOT-FOR-US: Zyxel +CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) + NOT-FOR-US: Zyxel +CVE-2020-15311 + REJECTED +CVE-2020-15310 + RESERVED +CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...) + - wolfssl 4.5.0+dfsg-1 (bug #969663) + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable +CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) + NOT-FOR-US: Support Incident Tracker +CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...) + NOT-FOR-US: Nozomi Guardian +CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.2-1 + - openexr 2.5.3-2 + [jessie] - openexr (getChunkOffsetTableSize introduced in v2) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54 +CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.2-1 + - openexr 2.5.3-2 + [jessie] - openexr (ImfDeepScanLineInputFile.cpp introduced in v2) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73 +CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...) + [experimental] - openexr 2.5.2-1 + - openexr 2.5.3-2 + [buster] - openexr (Vulnerable code not present) + [stretch] - openexr (Vulnerable code not present) + [jessie] - openexr (Vulnerable code not present) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 (v3.0.4) + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4 (v2.4.1) +CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an XML uploa ...) + NOT-FOR-US: Infoblox NIOS +CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...) + NOT-FOR-US: Argent RecoveryManager +CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration fields ...) + NOT-FOR-US: SuiteCRM +CVE-2020-15300 (SuiteCRM through 7.11.13 has an Open Redirect in the Documents module ...) + NOT-FOR-US: SuiteCRM +CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...) + NOT-FOR-US: KingComposer plugin for WordPress +CVE-2020-15298 + REJECTED +CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...) + NOT-FOR-US: Bitdefender +CVE-2020-15296 + REJECTED +CVE-2020-15295 + REJECTED +CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...) + NOT-FOR-US: Bitdefender +CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...) + NOT-FOR-US: Bitdefender +CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...) + NOT-FOR-US: Bitdefender +CVE-2020-15291 + REJECTED +CVE-2020-15290 + REJECTED +CVE-2020-15289 + REJECTED +CVE-2020-15288 + REJECTED +CVE-2020-15287 + REJECTED +CVE-2020-15286 + REJECTED +CVE-2020-15285 + REJECTED +CVE-2020-15284 + RESERVED +CVE-2020-15283 + RESERVED +CVE-2020-15282 + REJECTED +CVE-2020-15281 + REJECTED +CVE-2020-15280 + RESERVED +CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...) + NOT-FOR-US: Bitdefender +CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) + NOT-FOR-US: Red Discord Bot +CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...) + NOT-FOR-US: baserCMS +CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. A ...) + NOT-FOR-US: baserCMS +CVE-2020-15275 (MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attac ...) + {DSA-4787-1 DLA-2446-1} + - moin + NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 + NOTE: https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c (1.9.11) +CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...) + NOT-FOR-US: Wiki.js +CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. T ...) + NOT-FOR-US: baserCMS +CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...) + NOT-FOR-US: git-tag-annotation-action +CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...) + - lookatme 2.3.0-1 (bug #972988) + NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q + NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0) + NOTE: https://github.com/d0c-s4vage/lookatme/pull/110 +CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...) + NOT-FOR-US: Node parse-server +CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...) + NOT-FOR-US: Spree +CVE-2020-15268 + RESERVED +CVE-2020-15267 + RESERVED +CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...) + - tensorflow (bug #804612) +CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...) + - tensorflow (bug #804612) +CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...) + NOT-FOR-US: Boxstarter +CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) + NOT-FOR-US: Laravel Orchid Platform +CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) + NOT-FOR-US: Node webpack-subresource-integrity +CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) + - veyon (Windows-specific) + NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp +CVE-2020-15260 (PJSIP is a free and open source multimedia communication library writt ...) + - pjproject + [stretch] - pjproject (Vulnerable code introduced later, no connection reuse available) + - ring 20210112.2.b757bac~ds1-1 (bug #986815) + [buster] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) + [stretch] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph + NOTE: https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872 + NOTE: https://github.com/pjsip/pjproject/pull/2663 +CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...) + NOT-FOR-US: ad-ldap-connector +CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...) + NOT-FOR-US: Wire app +CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...) + {DSA-4865-1} + - containerd 1.4.3~ds1-1 + - docker.io 20.10.0~rc1+dfsg2-1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 + NOTE: https://github.com/containerd/containerd/commit/3519233e1b5a408c7e92b0af4293000820a0089b (v1.2) + NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 +CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` <= ...) + - node-object-path 0.11.5-3 + [buster] - node-object-path 0.11.4-2+deb10u1 + [stretch] - node-object-path (Nodejs in stretch not covered by security support) + NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w +CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...) + NOT-FOR-US: Anuko Time Tracker +CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...) + - firefox 82.0-1 + - rust-crossbeam-channel (Only affected 0.4.3 which was not released in Debian) + NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254 +CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via ...) + NOT-FOR-US: Grocy +CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...) + NOT-FOR-US: XWiki +CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...) + NOT-FOR-US: Channelmgnt plug-in for Sopel +CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...) + {DLA-2426-1} + - junit4 4.13.1-1 (bug #972231) + [buster] - junit4 (Minor issue) + NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp + NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae +CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...) + NOT-FOR-US: October CMS +CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) + NOT-FOR-US: Sylius +CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...) + NOT-FOR-US: Magento +CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) + NOT-FOR-US: Smartstore +CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect ...) + NOT-FOR-US: next.js +CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...) + NOT-FOR-US: TYPO3 Fluid Engine +CVE-2020-15240 (omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly val ...) + - ruby-omniauth-auth0 (Introduced in 2.3.0) + NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm +CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...) + NOT-FOR-US: xmpp-http-upload +CVE-2020-15238 (Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the Dhcp ...) + {DSA-4781-1 DLA-2430-1} + - blueman 2.1.4-1 (bug #973718) + NOTE: https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx + NOTE: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287 + NOTE: https://github.com/blueman-project/blueman/commit/02161d60e8e311b08fb18254615259085fcd6688 + NOTE: Additionally Build-Depends on libpolkit-agent-1-dev needed (blueman should + NOTE: use polkit for authorisation but due to a packaging issue this was not + NOTE: enabled). +CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...) + NOT-FOR-US: Shrine +CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...) + NOT-FOR-US: Wiki.js +CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...) + NOT-FOR-US: RACTF +CVE-2020-15234 (ORY Fosite is a security first OAuth2 & OpenID Connect framework for G ...) + NOT-FOR-US: ORY Fosite +CVE-2020-15233 (ORY Fosite is a security first OAuth2 & OpenID Connect framework for G ...) + NOT-FOR-US: ORY Fosite +CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...) + NOT-FOR-US: mapfish-print +CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...) + NOT-FOR-US: mapfish-print +CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...) + NOT-FOR-US: Vapor +CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container 3.9.5+ds1-2 (bug #972212) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 +CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...) + NOT-FOR-US: Node @actions/core +CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) + {DLA-2617-1} + - php-nette + NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 +CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...) + - django-filter 2.4.0-1 + [buster] - django-filter (Minor issue) + [stretch] - django-filter (Minor issue) + NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973 + NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b +CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...) + NOT-FOR-US: Open Enclave +CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framework fo ...) + NOT-FOR-US: ORY Fosite +CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framework fo ...) + NOT-FOR-US: ORY Fosite +CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) + NOT-FOR-US: Combodo iTop +CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) + NOT-FOR-US: Combodo iTop +CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) + NOT-FOR-US: Combodo iTop +CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) + NOT-FOR-US: Combodo iTop +CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...) + - golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615) + [buster] - golang-github-russellhaering-goxmldsig (Limited support, minor issue, no build rdeps) + NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 + NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64 +CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...) + - electron (bug #842420) +CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) + - tensorflow (bug #804612) +CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) + - tensorflow (bug #804612) +CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) + - tensorflow (bug #804612) +CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) + - tensorflow (bug #804612) +CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) + - tensorflow (bug #804612) +CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) + - tensorflow (bug #804612) +CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) + - tensorflow (bug #804612) +CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) + - tensorflow (bug #804612) +CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...) + - tensorflow (bug #804612) +CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) + - tensorflow (bug #804612) +CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...) + - tensorflow (bug #804612) +CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...) + - tensorflow (bug #804612) +CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) + - tensorflow (bug #804612) +CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) + - tensorflow (bug #804612) +CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) + - tensorflow (bug #804612) +CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...) + - tensorflow (bug #804612) +CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) + - tensorflow (bug #804612) +CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) + - tensorflow (bug #804612) +CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...) + - tensorflow (bug #804612) +CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) + - tensorflow (bug #804612) +CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) + - tensorflow (bug #804612) +CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...) + - tensorflow (bug #804612) +CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...) + - tensorflow (bug #804612) +CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...) + - tensorflow (bug #804612) +CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) + - tensorflow (bug #804612) +CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) + NOT-FOR-US: SOY CMS +CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) + NOT-FOR-US: SOY CMS +CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) + - helm-kubernetes (bug #910799) +CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) + - helm-kubernetes (bug #910799) +CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...) + - helm-kubernetes (bug #910799) +CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...) + - helm-kubernetes (bug #910799) +CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...) + NOT-FOR-US: SoyCMS +CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) + NOT-FOR-US: SoyCMS +CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) + NOT-FOR-US: Alfresco Reset Password add-on +CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...) + {DSA-4776-1 DLA-2409-1} + - mariadb-10.5 1:10.5.6-1 + [experimental] - mariadb-10.3 1:10.3.27-1~exp1 + - mariadb-10.3 (bug #972746) + - mariadb-10.1 + - percona-xtradb-cluster-5.5 + NOTE: Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47 + NOTE: https://jira.mariadb.org/browse/MDEV-23884 + NOTE: https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/ +CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) + NOT-FOR-US: ScratchSig MediaWiki extension +CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...) + NOT-FOR-US: PrestaShop +CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php` endpoint insec ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in input that ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15175 (In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allo ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the ...) + - electron (bug #842420) +CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...) + NOT-FOR-US: ACCEL-PPP +CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...) + NOT-FOR-US: Act module for Red Discord Bot +CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...) + NOT-FOR-US: XWiki +CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...) + NOT-FOR-US: apollo-adminservice +CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...) + {DSA-4766-1 DLA-2403-1} + - rails 2:6.0.3.3+dfsg-1 (bug #970040) + NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml + NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1 + NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master) + NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2) +CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...) + [experimental] - node-fetch 2.6.1-1 + - node-fetch 2.6.1-2 (bug #970173) + [buster] - node-fetch (Minor issue; Intrusive to backport) + NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r +CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...) + - miller 5.9.1+dfsg-1 (bug #969467) + [buster] - miller (Introduced in 5.9.0) + [stretch] - miller (Introduced in 5.9.0) + NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw +CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...) + {DSA-4761-1 DLA-2443-1} + - zeromq3 4.3.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 + NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m + NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 +CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) + NOT-FOR-US: Chameleon Mini Live Debugger +CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) + NOT-FOR-US: Scrach Login MediaWiki extension +CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...) + - python-tuf (bug #934151) +CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...) + NOT-FOR-US: PrestaShop +CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...) + NOT-FOR-US: PrestaShop +CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...) + NOT-FOR-US: PrestaShop +CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...) + NOT-FOR-US: baserCMS +CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...) + NOT-FOR-US: libIEC61850 +CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...) + {DSA-4865-1} + - containerd 1.3.2~ds1-2 + - docker.io 19.03.13+dfsg2-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1 + NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c + NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14) + NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 + NOTE: docker.io/19.03.13+dfsg2-1 uses containerd 1.3.7 +CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) + NOT-FOR-US: nodebb-plugin-blog-comments +CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) + NOT-FOR-US: baserCMS +CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) + NOT-FOR-US: baserCMS +CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to perform S ...) + - ampache +CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server ...) + NOT-FOR-US: Node ftp-srv +CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) + NOT-FOR-US: OpenMage +CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...) + NOT-FOR-US: Paginator +CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) + NOT-FOR-US: NodeBB +CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...) + - yii (bug #597899) +CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...) + NOT-FOR-US: Red Discord Bot +CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) + NOT-FOR-US: SyliusResourceBundle +CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) + NOT-FOR-US: Composer-Setup for Windows +CVE-2020-15144 + RESERVED +CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) + NOT-FOR-US: SyliusResourceBundle +CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) + NOT-FOR-US: openapi-python-client +CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) + NOT-FOR-US: openapi-python-client +CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...) + NOT-FOR-US: Red Discord Bot +CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...) + NOT-FOR-US: MyBB +CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...) + - node-prismjs 1.11.0+dfsg-4 (bug #968094) + NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 + NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be +CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) + NOT-FOR-US: HoRNDIS +CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968752) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q +CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) + NOT-FOR-US: Node save-server +CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) + - ruby-faye 1.4.0-1 (bug #967063) + [buster] - ruby-faye (Minor issue) + NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 + NOTE: https://github.com/faye/faye/issues/524 + NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ +CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) + - ruby-faye-websocket 0.11.0-1 (bug #967061) + [buster] - ruby-faye-websocket (Minor issue) + NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv + NOTE: https://github.com/faye/faye-websocket-ruby/pull/129 + NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ +CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...) + NOT-FOR-US: Sulu +CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) + NOT-FOR-US: Node slp-validate +CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) + NOT-FOR-US: Node slpjs +CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) + - traefik (bug #983289) +CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) + NOT-FOR-US: October CMS +CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...) + NOT-FOR-US: Countour +CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) + NOT-FOR-US: Node parser-server +CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) + NOT-FOR-US: Node auth0 +CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) + NOT-FOR-US: Goobi Viewer Core +CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) + NOT-FOR-US: Node codedev +CVE-2020-15122 + RESERVED +CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...) + - radare2 5.0.0+dfsg-1 + NOTE: https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 + NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 + NOTE: https://github.com/radareorg/radare2/issues/16945 + NOTE: https://github.com/radareorg/radare2/pull/16966 +CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...) + NOT-FOR-US: ihatemoney +CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...) + NOT-FOR-US: Node auth0-lock +CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...) + NOT-FOR-US: Wagtail +CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) + - synergy + [stretch] - synergy (minor issue, low priority) + NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 + NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp +CVE-2020-15116 + RESERVED +CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968740) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh +CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968740) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 +CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968740) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 +CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968740) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 +CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) + NOT-FOR-US: Fiber +CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...) + NOT-FOR-US: jupyterhub-kubespawner +CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...) + NOT-FOR-US: solidus +CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v + NOTE: https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba + NOTE: https://github.com/glpi-project/glpi/pull/6684 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) + NOT-FOR-US: openenclave +CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) + [experimental] - etcd 3.3.25+dfsg-1 + - etcd 3.3.25+dfsg-5 (bug #968740) + [buster] - etcd (Minor issue) + NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 +CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) + NOT-FOR-US: Django Two-Factor Authentication +CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...) + - envoyproxy (bug #987544) +CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...) + {DLA-3606-1} + - freerdp2 2.2.0+dfsg1-1 (bug #965979) + - freerdp + [stretch] - freerdp (Vulnerable gfx code not present) + NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) + NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) +CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) + NOT-FOR-US: PrestaShop +CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) + NOT-FOR-US: freewvs +CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...) + NOT-FOR-US: freewvs +CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) + NOT-FOR-US: TYPO3 +CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) + NOT-FOR-US: TYPO3 +CVE-2020-15097 (loklak is an open-source server application which is able to collect m ...) + NOT-FOR-US: loklak +CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) + - electron (bug #842420) +CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) + - npm 6.14.6+ds-1 (low; bug #964746) + [buster] - npm 5.8.0+ds6-4+deb10u2 + NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp + NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc +CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...) + - symfony 4.4.13+dfsg-1 + [buster] - symfony (Vulnerable code introduced later - in v4.4.0) + [stretch] - symfony (Vulnerable code introduced later - in v4.4.0) + NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r + NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 +CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...) + NOT-FOR-US: Rust tough +CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...) + NOT-FOR-US: TimelineJS +CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...) + NOT-FOR-US: TenderMint +CVE-2020-15090 + RESERVED +CVE-2020-15089 + RESERVED +CVE-2020-15088 + RESERVED +CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...) + NOT-FOR-US: Presto query engine, different from src:presto +CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...) + NOT-FOR-US: TYPO3 +CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...) + NOT-FOR-US: Saleor Storefront +CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...) + NOT-FOR-US: Node express-jwt +CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...) + NOT-FOR-US: PrestaShop +CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...) + NOT-FOR-US: PrestaShop +CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...) + NOT-FOR-US: PrestaShop +CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...) + NOT-FOR-US: PrestaShop +CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...) + NOT-FOR-US: PrestaShop +CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...) + {DLA-2992-1} + - openvpn 2.5.1-2 (bug #987380) + [buster] - openvpn 2.4.7-1+deb10u1 + NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2) + NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2) + NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2) + NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11) +CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a remote attac ...) + NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) +CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...) + NOT-FOR-US: Private Tunnel installer for macOS +CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...) + NOT-FOR-US: OpenVPN Connect installer for macOS +CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...) + - phplist (bug #612288) +CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...) + - phplist (bug #612288) +CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...) + NOT-FOR-US: Symphony CMS +CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...) + - zulip-server (bug #800052) +CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...) + NOT-FOR-US: Sophos +CVE-2020-15068 + RESERVED +CVE-2020-15067 + RESERVED +CVE-2020-15066 + RESERVED +CVE-2020-15065 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) + NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices +CVE-2020-15064 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) + NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices +CVE-2020-15063 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) + NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices +CVE-2020-15062 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) + NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices +CVE-2020-15061 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) + NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices +CVE-2020-15060 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) + NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices +CVE-2020-15059 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) + NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices +CVE-2020-15058 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) + NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices +CVE-2020-15057 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) + NOT-FOR-US: TP-Link +CVE-2020-15056 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) + NOT-FOR-US: TP-Link +CVE-2020-15055 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) + NOT-FOR-US: TP-Link +CVE-2020-15054 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) + NOT-FOR-US: TP-Link +CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...) + NOT-FOR-US: Artica Proxy +CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...) + NOT-FOR-US: Artica Proxy +CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...) + NOT-FOR-US: Artica Proxy +CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...) + NOT-FOR-US: Suprema BioStar +CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...) + {DSA-4732-1 DLA-2394-1} + - squid 4.12-1 + - squid3 + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch +CVE-2020-15048 + RESERVED +CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...) + - trojita (bug #795701) +CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...) + NOT-FOR-US: Node traceroute +CVE-2018-21267 + REJECTED +CVE-2018-21266 + REJECTED +CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...) + NOT-FOR-US: Supermicro +CVE-2020-15045 + RESERVED +CVE-2020-15044 + RESERVED +CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...) + NOT-FOR-US: iBall WRB303N devices +CVE-2020-15042 + RESERVED +CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-15040 + RESERVED +CVE-2020-15039 + RESERVED +CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS.) + NOT-FOR-US: WordPress plugin +CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + NOT-FOR-US: NeDi +CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) + NOT-FOR-US: NeDi +CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...) + NOT-FOR-US: ConnectWise +CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) + NOT-FOR-US: Bludit +CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...) + - ntp 1:4.2.8p15-1 (low; bug #963807) + [buster] - ntp (Minor issue) + [stretch] - ntp (Vulnerable code introduced later) + [jessie] - ntp (Vulnerable code introduced later) + - ntpsec (Vulnerable code not present) + NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661 + NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea + NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661 + NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA +CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...) + NOT-FOR-US: Askey +CVE-2020-15022 + RESERVED +CVE-2020-15021 + RESERVED +CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...) + NOT-FOR-US: Elementor plugin for WordPress +CVE-2020-15019 + RESERVED +CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation.) + NOT-FOR-US: playSMS +CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...) + NOT-FOR-US: NeDi +CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...) + NOT-FOR-US: NeDi +CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) + NOT-FOR-US: FileExplorer component in GleamTech FileUltimate +CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF.) + NOT-FOR-US: BlogCMS +CVE-2020-15013 + RESERVED +CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) + {DSA-4991-1 DLA-2276-1 DLA-2265-1} + - mailman + NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848 +CVE-2020-15010 + RESERVED +CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...) + NOT-FOR-US: ASUS +CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...) + NOT-FOR-US: Connectwise +CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) + - rbdoom3bfg (unimportant) + NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec + NOTE: Problematic code not built +CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...) + NOT-FOR-US: Bludit +CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...) + {DSA-4767-1 DLA-2504-1} + - mediawiki 1:1.31.8-1 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html +CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.) + NOT-FOR-US: Open-Xchange App Suite +CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...) + NOT-FOR-US: Open-Xchange App Suite +CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...) + NOT-FOR-US: Open-Xchange App Suite +CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...) + NOT-FOR-US: Yubico YubiKey 5 NFC devices +CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...) + NOT-FOR-US: Yubico YubiKey 5 devices +CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 12.5.21 ...) + NOT-FOR-US: Acronis +CVE-2020-14998 + RESERVED +CVE-2020-14997 + RESERVED +CVE-2020-14996 + RESERVED +CVE-2020-14995 + RESERVED +CVE-2020-14994 + RESERVED +CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...) + NOT-FOR-US: DrayTek devices +CVE-2020-14992 + RESERVED +CVE-2020-14991 + RESERVED +CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...) + NOT-FOR-US: IOBit Advanced SystemCare Free +CVE-2020-14989 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) + NOT-FOR-US: Bloomreach Experience Manager (brXM) +CVE-2020-14988 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) + NOT-FOR-US: Bloomreach Experience Manager (brXM) +CVE-2020-14987 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) + NOT-FOR-US: Bloomreach Experience Manager (brXM) +CVE-2020-14986 + RESERVED +CVE-2020-14985 + RESERVED +CVE-2020-14984 + RESERVED +CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...) + - crispy-doom 5.9.0-1 (bug #964564) + [buster] - crispy-doom (Minor issue) + - chocolate-doom 3.0.1-1 + [buster] - chocolate-doom 3.0.0-4+deb10u1 + [stretch] - chocolate-doom (games are not supported) + [jessie] - chocolate-doom (games are not supported) + NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293 + NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 + NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 +CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...) + NOT-FOR-US: Kronos WebTA +CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...) + NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS +CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...) + NOT-FOR-US: Sophos Secure Email application for Android +CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...) + NOT-FOR-US: EVGA Precision X1 +CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...) + NOT-FOR-US: F-Secure SAFE +CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...) + NOT-FOR-US: F-Secure SAFE +CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...) + - gns3-server (bug #766166) +CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...) + NOT-FOR-US: IOBit Unlocker +CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...) + NOT-FOR-US: IOBit Unlocker +CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...) + NOT-FOR-US: webTareas +CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...) + NOT-FOR-US: Sourcecodester Pisay Online E-Learning System +CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...) + NOT-FOR-US: Pi-hole +CVE-2020-14970 + RESERVED +CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...) + NOT-FOR-US: MISP +CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...) + NOT-FOR-US: jsrsasign +CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...) + NOT-FOR-US: jsrsasign +CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...) + NOT-FOR-US: jsrsasign +CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...) + NOT-FOR-US: TP-Link +CVE-2020-14964 + RESERVED +CVE-2020-14963 + RESERVED +CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...) + NOT-FOR-US: Final Tiles Gallery plugin for WordPress +CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...) + NOT-FOR-US: Concrete5 +CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...) + NOT-FOR-US: Easy Testimonials plugin for WordPress +CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...) + NOT-FOR-US: Go Git Service +CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) + NOT-FOR-US: Windows cleaning assistant +CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) + NOT-FOR-US: Windows cleaning assistant +CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) + NOT-FOR-US: Jiangmin Antivirus +CVE-2020-14953 + RESERVED +CVE-2020-14952 + RESERVED +CVE-2020-14951 + RESERVED +CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) + NOT-FOR-US: aaPanel +CVE-2020-14949 + RESERVED +CVE-2020-14948 + RESERVED +CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...) + - ocsinventory-server (unimportant) + NOTE: Only supported in trusted environments, see debtags +CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...) + NOT-FOR-US: Surveillance module in Global RADAR BSA Radar +CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...) + NOT-FOR-US: Global RADAR BSA Radar +CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...) + NOT-FOR-US: Global RADAR BSA Radar +CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...) + NOT-FOR-US: Global RADAR BSA Radar +CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...) + NOT-FOR-US: Tendenci +CVE-2020-14941 + RESERVED +CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...) + - tuxguitar 1.5.6+dfsg1-7 (bug #963626) + [bookworm] - tuxguitar (Minor issue) + [bullseye] - tuxguitar (Minor issue) + [buster] - tuxguitar (Minor issue) + [stretch] - tuxguitar (Minor issue) + [jessie] - tuxguitar (Minor issue) + NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html + NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/ + NOTE: Fixed by: https://github.com/helge17/tuxguitar/commit/bcaa280e93b0d67dc6f903b6e23a051a7894ba0c +CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...) + - freedroidrpg 1.0-1 (low; bug #964197) + [bullseye] - freedroidrpg (Minor issue) + [buster] - freedroidrpg (Minor issue) + [stretch] - freedroidrpg (Minor issue) + [jessie] - freedroidrpg (games are not supported) + NOTE: https://bugs.freedroid.org/b/issue953 + NOTE: https://bugs.freedroid.org/b/issue967 + NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html +CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...) + - freedroidrpg 1.0-1 (low; bug #964197) + [bullseye] - freedroidrpg (Minor issue) + [buster] - freedroidrpg (Minor issue) + [stretch] - freedroidrpg (Minor issue) + [jessie] - freedroidrpg (games are not supported) + NOTE: https://bugs.freedroid.org/b/issue952 + NOTE: https://bugs.freedroid.org/b/issue967 + NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html +CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...) + NOT-FOR-US: Contiki-NG +CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) + NOT-FOR-US: Contiki-NG +CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) + NOT-FOR-US: Contiki-NG +CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) + NOT-FOR-US: Contiki-NG +CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...) + - squirrelmail + NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 +CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...) + - squirrelmail + NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 +CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...) + NOT-FOR-US: DMitry +CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) + NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464 +CVE-2019-20892 (net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateRefer ...) + - net-snmp 5.8+dfsg-3 (bug #963713) + [buster] - net-snmp (Vulnerable code introduced later) + [stretch] - net-snmp (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/4 + NOTE: https://bugs.launchpad.net/ubuntu/+source/net-snmp/+bug/1877027 + NOTE: https://github.com/net-snmp/net-snmp/commit/92ccd5a82a019fbfa835cc8ab2294cf0ca48c8f2 + NOTE: https://github.com/net-snmp/net-snmp/commit/adc9b71aba9168ec64149345ea37a1acc11875c6 + NOTE: https://github.com/net-snmp/net-snmp/commit/7384a8b550d4ed4a00e41b72229cfcc124926b06 + NOTE: https://github.com/net-snmp/net-snmp/commit/39381c4d20dd8042870c28ae3b0c16291e50b705 + NOTE: https://github.com/net-snmp/net-snmp/commit/5f881d3bf24599b90d67a45cae7a3eb099cd71c9 + NOTE: https://github.com/net-snmp/net-snmp/commit/87bd90d04f20dd3f73e3e7e631a442ccd419b9d3 + NOTE: Extra patches to address memory leaks: + NOTE: https://salsa.debian.org/debian/net-snmp/-/merge_requests/3 + NOTE: Introduced in https://github.com/net-snmp/net-snmp/compare/1a0dbe19bf2787bb5bea913f210a9a5eb4c0c80c...e207b8113260fd7d84df0ebdb66925ab70da29b2 (5.8-dev) +CVE-2019-20891 (WooCommerce before 3.6.5, when it handles CSV imports of products, has ...) + NOT-FOR-US: WooCommerce +CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) + {DLA-2254-1} + - alpine 2.23+dfsg1-1 (bug #963179) + [buster] - alpine (Minor issue) + [stretch] - alpine (Minor issue) + NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html + NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab +CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...) + {DSA-4725-1 DLA-2281-1} + - evolution-data-server 3.36.4-1 + NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 + NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df +CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-14925 + RESERVED +CVE-2020-14924 + RESERVED +CVE-2020-14923 + RESERVED +CVE-2020-14922 + RESERVED +CVE-2020-14921 + RESERVED +CVE-2020-14920 + RESERVED +CVE-2020-14919 + RESERVED +CVE-2020-14918 + RESERVED +CVE-2020-14917 + RESERVED +CVE-2020-14916 + RESERVED +CVE-2020-14915 + RESERVED +CVE-2020-14914 + RESERVED +CVE-2020-14913 + RESERVED +CVE-2020-14912 + RESERVED +CVE-2020-14911 + RESERVED +CVE-2020-14910 + RESERVED +CVE-2020-14909 + RESERVED +CVE-2020-14908 + RESERVED +CVE-2020-14907 + RESERVED +CVE-2020-14906 + RESERVED +CVE-2020-14905 + RESERVED +CVE-2020-14904 + RESERVED +CVE-2020-14903 + RESERVED +CVE-2020-14902 + RESERVED +CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...) + NOT-FOR-US: Oracle +CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...) + NOT-FOR-US: Oracle +CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...) + NOT-FOR-US: Oracle +CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + NOT-FOR-US: Oracle +CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...) + NOT-FOR-US: Oracle +CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) + NOT-FOR-US: Oracle +CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) + NOT-FOR-US: Oracle +CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) + NOT-FOR-US: Oracle +CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14874 (Vulnerability in the Oracle Cloud Infrastructure Identity and Access M ...) + NOT-FOR-US: Oracle +CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.16-dfsg-1 +CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...) + NOT-FOR-US: Oracle +CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) + NOT-FOR-US: Oracle +CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) + - mysql-cluster (bug #833356) +CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14848 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14847 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14846 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14845 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14844 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14843 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14842 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) + NOT-FOR-US: Oracle +CVE-2020-14841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14840 (Vulnerability in the Oracle Application Object Library product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14839 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14838 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14837 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14834 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14833 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14832 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14830 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14829 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14828 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14827 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14826 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2020-14825 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14824 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14823 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14822 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2020-14821 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14820 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14819 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14818 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14817 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14816 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14815 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + {DLA-2538-1} + - mariadb-10.5 1:10.5.8-1 + [experimental] - mariadb-10.3 1:10.3.27-1~exp1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 + - mariadb-10.1 + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) + NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 +CVE-2020-14811 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2020-14810 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) + NOT-FOR-US: Oracle +CVE-2020-14809 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14808 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14807 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) + NOT-FOR-US: Oracle +CVE-2020-14806 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise Search ...) + NOT-FOR-US: Oracle +CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14801 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14794 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.8-1 + [experimental] - mariadb-10.3 1:10.3.27-1~exp1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) + NOTE: Fixed in MariaDB 10.5.7, 10.3.26 +CVE-2020-14788 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) + NOT-FOR-US: Oracle +CVE-2020-14787 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) + NOT-FOR-US: Oracle +CVE-2020-14786 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14785 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...) + NOT-FOR-US: Oracle +CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) + NOT-FOR-US: Oracle +CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4779-1 DLA-2412-1} + - openjdk-15 15.0.1+9-1 + - openjdk-11 11.0.9+11-1 + - openjdk-8 8u272-b10-1 +CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...) + NOT-FOR-US: Oracle +CVE-2020-14777 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mariadb-10.5 1:10.5.8-1 + [experimental] - mariadb-10.3 1:10.3.27-1~exp1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 + - mysql-8.0 8.0.22-1 (bug #972623) + - mysql-5.7 (bug #972824) + NOTE: Fixed in MariaDB 10.5.7, 10.3.26 +CVE-2020-14775 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) + - mysql-5.7 (bug #972824) +CVE-2020-14774 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14773 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14772 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2020-14771 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14770 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) + NOT-FOR-US: Oracle +CVE-2020-14769 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-8.0 8.0.22-1 (bug #972623) + - mysql-5.7 (bug #972824) +CVE-2020-14768 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...) + NOT-FOR-US: Oracle +CVE-2020-14767 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) + NOT-FOR-US: Oracle +CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + {DLA-2538-1} + - mariadb-10.5 1:10.5.8-1 + [experimental] - mariadb-10.3 1:10.3.27-1~exp1 + - mariadb-10.3 + [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 + - mariadb-10.1 + - mysql-8.0 8.0.22-1 (bug #972623) + - mysql-5.7 (bug #972824) + NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 +CVE-2020-14764 (Vulnerability in the Hyperion Planning product of Oracle Hyperion (com ...) + NOT-FOR-US: Oracle +CVE-2020-14763 (Vulnerability in the Oracle Application Express Quick Poll component o ...) + NOT-FOR-US: Oracle +CVE-2020-14762 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + NOT-FOR-US: Oracle +CVE-2020-14761 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2020-14760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) +CVE-2020-14759 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14758 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14757 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14756 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2020-14755 + RESERVED +CVE-2020-14754 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14753 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2020-14751 + RESERVED +CVE-2020-14750 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14749 + RESERVED +CVE-2020-14748 + RESERVED +CVE-2020-14747 + RESERVED +CVE-2020-14746 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14745 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) + NOT-FOR-US: Oracle +CVE-2020-14744 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) + NOT-FOR-US: Oracle +CVE-2020-14743 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2020-14742 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2020-14741 (Vulnerability in the Database Filesystem component of Oracle Database ...) + NOT-FOR-US: Oracle +CVE-2020-14740 (Vulnerability in the SQL Developer Install component of Oracle Databas ...) + NOT-FOR-US: Oracle +CVE-2020-14739 + RESERVED +CVE-2020-14738 + RESERVED +CVE-2020-14737 + RESERVED +CVE-2020-14736 (Vulnerability in the Database Vault component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2020-14735 (Vulnerability in the Scheduler component of Oracle Database Server. Su ...) + NOT-FOR-US: Oracle +CVE-2020-14734 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) + NOT-FOR-US: Oracle +CVE-2020-14733 + RESERVED +CVE-2020-14732 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + NOT-FOR-US: Oracle +CVE-2020-14731 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + NOT-FOR-US: Oracle +CVE-2020-14730 + RESERVED +CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...) + NOT-FOR-US: Oracle NetSuite +CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...) + NOT-FOR-US: Oracle NetSuite +CVE-2020-14727 + RESERVED +CVE-2020-14726 + RESERVED +CVE-2020-14725 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + NOT-FOR-US: Oracle +CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + NOT-FOR-US: Oracle +CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox (MacOS-specific) +CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + NOT-FOR-US: Oracle +CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + NOT-FOR-US: Oracle +CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + NOT-FOR-US: Oracle +CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...) + NOT-FOR-US: Oracle +CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...) + NOT-FOR-US: Oracle +CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) + NOT-FOR-US: Oracle +CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) + NOT-FOR-US: Oracle +CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) + NOT-FOR-US: Oracle +CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14689 + RESERVED +CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + NOT-FOR-US: Oracle +CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14683 + RESERVED +CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14672 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #972824) + - mysql-8.0 8.0.22-1 (bug #972623) +CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) + NOT-FOR-US: Oracle +CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) + - openjfx 11+26-1 + [stretch] - openjfx (Minor issue) + NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed +CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + NOT-FOR-US: Oracle +CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + NOT-FOR-US: Oracle +CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) + - virtualbox 6.1.12-dfsg-1 +CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) + NOT-FOR-US: Oracle +CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) + NOT-FOR-US: Oracle +CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) + NOT-FOR-US: Oracle +CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...) + NOT-FOR-US: Oracle +CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + NOT-FOR-US: Oracle +CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) + NOT-FOR-US: Oracle +CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) + NOT-FOR-US: Oracle +CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) + NOT-FOR-US: Oracle +CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + NOT-FOR-US: Oracle +CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...) + NOT-FOR-US: Oracle +CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) + NOT-FOR-US: Oracle +CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) + {DSA-4734-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 +CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + NOT-FOR-US: Oracle +CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (Only affects MySQL 8) +CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + NOT-FOR-US: Oracle +CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...) + {DSA-4734-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 +CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) + NOT-FOR-US: Oracle +CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + NOT-FOR-US: Oracle +CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4734-1 DLA-2325-1} + - openjdk-14 14.0.2+12-1 + - openjdk-11 11.0.8+10-1 + - openjdk-8 8u265-b01-1 +CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + NOT-FOR-US: Oracle +CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...) + NOT-FOR-US: Oracle +CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) + NOT-FOR-US: Oracle +CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + NOT-FOR-US: Oracle +CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...) + NOT-FOR-US: Oracle +CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + NOT-FOR-US: Oracle +CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + NOT-FOR-US: Oracle +CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...) + NOT-FOR-US: Oracle +CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + - mysql-5.7 (bug #965168) + NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL +CVE-2020-14538 + RESERVED +CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + NOT-FOR-US: Oracle +CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + NOT-FOR-US: Oracle +CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + NOT-FOR-US: Oracle +CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + NOT-FOR-US: Oracle +CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) + NOT-FOR-US: Oracle +CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + NOT-FOR-US: Oracle +CVE-2020-14526 + RESERVED +CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + NOT-FOR-US: Philips +CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2020-14523 (Multiple Mitsubishi Electric Factory Automation products have a vulner ...) + NOT-FOR-US: Mitsubishi +CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...) + NOT-FOR-US: Softing Industrial Automation +CVE-2020-14521 (Multiple Mitsubishi Electric Factory Automation engineering software p ...) + NOT-FOR-US: Mitsubishi +CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...) + NOT-FOR-US: CodeMeter +CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...) + NOT-FOR-US: Philips DreamMapper +CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...) + NOT-FOR-US: CodeMeter +CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...) + NOT-FOR-US: CodeMeter +CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...) + NOT-FOR-US: PLC +CVE-2020-14513 (CodeMeter (All versions prior to 6.81) and the software using it may c ...) + NOT-FOR-US: CodeMeter +CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...) + NOT-FOR-US: GateManager +CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...) + NOT-FOR-US: EDR routers +CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...) + NOT-FOR-US: GateManager +CVE-2020-14509 (Multiple memory corruption vulnerabilities exist in CodeMeter (All ver ...) + NOT-FOR-US: CodeMeter +CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...) + NOT-FOR-US: GateManager +CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) + NOT-FOR-US: Advantech +CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) + NOT-FOR-US: Philips +CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) + NOT-FOR-US: Advantech +CVE-2020-14504 (The web interface of the 1734-AENTR communication module mishandles au ...) + NOT-FOR-US: 1734-AENTR communication module +CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...) + NOT-FOR-US: Advantech +CVE-2020-14502 (The web interface of the 1734-AENTR communication module is vulnerable ...) + NOT-FOR-US: 1734-AENTR communication module +CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...) + NOT-FOR-US: Advantech +CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...) + NOT-FOR-US: Secomea GateManager +CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...) + NOT-FOR-US: Advantech +CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The a ...) + NOT-FOR-US: HMS Industrial Networks AB eCatche +CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...) + NOT-FOR-US: Advantech +CVE-2020-14496 (Successful exploitation of this vulnerability for multiple Mitsubishi ...) + NOT-FOR-US: Mitsubishi Electric +CVE-2020-14495 + REJECTED +CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...) + NOT-FOR-US: OpenClinic GA +CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...) + NOT-FOR-US: OpenClinic +CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...) + NOT-FOR-US: OpenClinic +CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...) + NOT-FOR-US: OpenClinic GA +CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...) + NOT-FOR-US: OpenClinic +CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...) + NOT-FOR-US: OpenClinic +CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...) + NOT-FOR-US: OpenClinic +CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...) + NOT-FOR-US: OpenClinic +CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...) + NOT-FOR-US: OpenClinic +CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) + NOT-FOR-US: OpenClinic GA +CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) + NOT-FOR-US: OpenClinic GA +CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing ...) + NOT-FOR-US: Niagara +CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) + NOT-FOR-US: Delta Industrial Automation DOPSoft +CVE-2020-14481 (The DeskLock tool provided with FactoryTalk View SE uses a weak encryp ...) + NOT-FOR-US: FactoryTalk View SE +CVE-2020-14480 (Due to usernames/passwords being stored in plaintext in Random Access ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-14479 (Sensitive information can be obtained through the handling of serializ ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2020-14478 (A local, authenticated attacker could use an XML External Entity (XXE) ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) + NOT-FOR-US: Philips +CVE-2020-14476 + REJECTED +CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) + - dolibarr + NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 +CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...) + NOT-FOR-US: Cellebrite +CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) + NOT-FOR-US: DrayTek +CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...) + NOT-FOR-US: DrayTek +CVE-2020-14471 + RESERVED +CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...) + NOT-FOR-US: Octopus Deploy +CVE-2020-14469 + RESERVED +CVE-2020-14468 + RESERVED +CVE-2020-14467 + REJECTED +CVE-2020-14466 + RESERVED +CVE-2020-14465 + RESERVED +CVE-2020-14464 + RESERVED +CVE-2020-14463 + RESERVED +CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box.) + NOT-FOR-US: CALDERA +CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...) + NOT-FOR-US: Zyxel +CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...) + - mattermost-server (bug #823556) +CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) + - mattermost-server (bug #823556) +CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) + - mattermost-server (bug #823556) +CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...) + - mattermost-server (bug #823556) +CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...) + - mattermost-desktop (bug #831861) +CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...) + - mattermost-desktop (bug #831861) +CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...) + - mattermost-desktop (bug #831861) +CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...) + - mattermost-server (bug #823556) +CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...) + - mattermost-server (bug #823556) +CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...) + NOT-FOR-US: Mattermost +CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...) + - mattermost-server (bug #823556) +CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...) + NOT-FOR-US: Mattermost +CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic ...) + - mattermost-server (bug #823556) +CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...) + - mattermost-server (bug #823556) +CVE-2019-20890 (An issue was discovered in Mattermost Server before 5.7. It allows a b ...) + - mattermost-server (bug #823556) +CVE-2019-20889 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) + - mattermost-server (bug #823556) +CVE-2019-20888 (An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, ...) + - mattermost-server (bug #823556) +CVE-2019-20887 (An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5. ...) + - mattermost-server (bug #823556) +CVE-2019-20886 (An issue was discovered in Mattermost Server before 5.8.0. The first u ...) + - mattermost-server (bug #823556) +CVE-2019-20885 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) + - mattermost-server (bug #823556) +CVE-2019-20884 (An issue was discovered in Mattermost Server before 5.8.0. It allows a ...) + - mattermost-server (bug #823556) +CVE-2019-20883 (An issue was discovered in Mattermost Server before 5.8.0, when Town S ...) + - mattermost-server (bug #823556) +CVE-2019-20882 (An issue was discovered in Mattermost Server before 5.8.0. It does not ...) + - mattermost-server (bug #823556) +CVE-2019-20881 (An issue was discovered in Mattermost Server before 5.8.0. It mishandl ...) + - mattermost-server (bug #823556) +CVE-2019-20880 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) + - mattermost-server (bug #823556) +CVE-2019-20879 (An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6. ...) + - mattermost-server (bug #823556) +CVE-2019-20878 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20877 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20876 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20875 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20874 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20873 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20872 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20871 (An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7. ...) + - mattermost-server (bug #823556) +CVE-2019-20870 (An issue was discovered in Mattermost Server before 5.10.0. An attacke ...) + - mattermost-server (bug #823556) +CVE-2019-20869 (An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8 ...) + - mattermost-server (bug #823556) +CVE-2019-20868 (An issue was discovered in Mattermost Server before 5.11.0. Invite IDs ...) + - mattermost-server (bug #823556) +CVE-2019-20867 (An issue was discovered in Mattermost Server before 5.11.0. An attacke ...) + - mattermost-server (bug #823556) +CVE-2019-20866 (An issue was discovered in Mattermost Server before 5.12.0. Use of a P ...) + - mattermost-server (bug #823556) +CVE-2019-20865 (An issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20864 (An issue was discovered in Mattermost Plugins before 5.13.0. The GitHu ...) + NOT-FOR-US: Mattermost +CVE-2019-20863 (An issue was discovered in Mattermost Server before 5.13.0. Incoming w ...) + - mattermost-server (bug #823556) +CVE-2019-20862 (An issue was discovered in Mattermost Server before 5.13.0. Non-member ...) + - mattermost-server (bug #823556) +CVE-2019-20861 (An issue was discovered in Mattermost Desktop App before 4.2.2. It all ...) + - mattermost-desktop (bug #831861) +CVE-2019-20860 (An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20859 (An issue was discovered in Mattermost Server before 5.15.0. Login acce ...) + - mattermost-server (bug #823556) +CVE-2019-20858 (An issue was discovered in Mattermost Server before 5.15.0. It allows ...) + - mattermost-server (bug #823556) +CVE-2019-20857 (An issue was discovered in Mattermost Server before 5.16.0. It allows ...) + - mattermost-server (bug #823556) +CVE-2019-20856 (An issue was discovered in Mattermost Desktop App before 4.3.0 on macO ...) + - mattermost-desktop (bug #831861) +CVE-2019-20855 (An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20854 (An issue was discovered in Mattermost Server before 5.17.0. It allows ...) + - mattermost-server (bug #823556) +CVE-2019-20853 (An issue was discovered in Mattermost Packages before 5.16.3. A Drople ...) + NOT-FOR-US: Mattermost +CVE-2019-20852 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local ...) + NOT-FOR-US: Mattermost +CVE-2019-20851 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. An at ...) + NOT-FOR-US: Mattermost +CVE-2019-20850 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. A vie ...) + NOT-FOR-US: Mattermost +CVE-2019-20849 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cooki ...) + NOT-FOR-US: Mattermost +CVE-2019-20848 (An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Q ...) + NOT-FOR-US: Mattermost +CVE-2019-20847 (An issue was discovered in Mattermost Server before 5.18.0. An attacke ...) + - mattermost-server (bug #823556) +CVE-2019-20846 (An issue was discovered in Mattermost Server before 5.18.0. It has wea ...) + - mattermost-server (bug #823556) +CVE-2019-20845 (An issue was discovered in Mattermost Server before 5.18.0. It allows ...) + - mattermost-server (bug #823556) +CVE-2019-20844 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20843 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20842 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) + - mattermost-server (bug #823556) +CVE-2019-20841 (An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5. ...) + - mattermost-server (bug #823556) +CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...) + - mattermost-desktop (bug #831861) +CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) + - mattermost-server (bug #823556) +CVE-2018-21263 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...) + - mattermost-server (bug #823556) +CVE-2018-21262 (An issue was discovered in Mattermost Server before 4.7.3. It allows a ...) + - mattermost-server (bug #823556) +CVE-2018-21261 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) + - mattermost-server (bug #823556) +CVE-2018-21260 (An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and ...) + - mattermost-server (bug #823556) +CVE-2018-21259 (An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and ...) + - mattermost-server (bug #823556) +CVE-2018-21258 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) + - mattermost-server (bug #823556) +CVE-2018-21257 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) + - mattermost-server (bug #823556) +CVE-2018-21256 (An issue was discovered in Mattermost Server before 5.1. It allows att ...) + - mattermost-server (bug #823556) +CVE-2018-21255 (An issue was discovered in Mattermost Server before 5.1. Non-members o ...) + - mattermost-server (bug #823556) +CVE-2018-21254 (An issue was discovered in Mattermost Server before 5.1. An attacker c ...) + - mattermost-server (bug #823556) +CVE-2018-21253 (An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4. ...) + - mattermost-server (bug #823556) +CVE-2018-21252 (An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, ...) + - mattermost-server (bug #823556) +CVE-2018-21251 (An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Aut ...) + - mattermost-server (bug #823556) +CVE-2018-21250 (An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and ...) + - mattermost-server (bug #823556) +CVE-2018-21249 (An issue was discovered in Mattermost Server before 5.3.0. It mishandl ...) + - mattermost-server (bug #823556) +CVE-2018-21248 (An issue was discovered in Mattermost Server before 5.4.0. It mishandl ...) + - mattermost-server (bug #823556) +CVE-2017-18921 (An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. X ...) + - mattermost-server (bug #823556) +CVE-2017-18920 (An issue was discovered in Mattermost Server before 3.6.2. The WebSock ...) + - mattermost-server (bug #823556) +CVE-2017-18919 (An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. A ...) + - mattermost-server (bug #823556) +CVE-2017-18918 (An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A ...) + - mattermost-server (bug #823556) +CVE-2017-18917 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18916 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18915 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18914 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18913 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18912 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18911 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18910 (An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and ...) + - mattermost-server (bug #823556) +CVE-2017-18909 (An issue was discovered in Mattermost Server before 3.9.0 when SAML is ...) + - mattermost-server (bug #823556) +CVE-2017-18908 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18907 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18906 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18905 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18904 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18903 (An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and ...) + - mattermost-server (bug #823556) +CVE-2017-18902 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) + - mattermost-server (bug #823556) +CVE-2017-18901 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) + - mattermost-server (bug #823556) +CVE-2017-18900 (An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and ...) + - mattermost-server (bug #823556) +CVE-2017-18899 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18898 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18897 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18896 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18895 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18894 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18893 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18892 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18891 (An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18890 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18889 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18888 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18887 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18886 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18885 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18884 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18883 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18882 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18881 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18880 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18879 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18878 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18877 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18876 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18875 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18874 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18873 (An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and ...) + - mattermost-server (bug #823556) +CVE-2017-18872 (An issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. A ...) + - mattermost-server (bug #823556) +CVE-2017-18871 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3. ...) + - mattermost-server (bug #823556) +CVE-2017-18870 (An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and ...) + - mattermost-server (bug #823556) +CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11083 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11082 (An issue was discovered in Mattermost Server before 2.2.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11081 (An issue was discovered in Mattermost Server before 2.2.0. It allows u ...) + - mattermost-server (bug #823556) +CVE-2016-11080 (An issue was discovered in Mattermost Server before 3.0.0. It offers s ...) + - mattermost-server (bug #823556) +CVE-2016-11079 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11078 (An issue was discovered in Mattermost Server before 3.0.0. It potentia ...) + - mattermost-server (bug #823556) +CVE-2016-11077 (An issue was discovered in Mattermost Server before 3.0.0. It has a su ...) + - mattermost-server (bug #823556) +CVE-2016-11076 (An issue was discovered in Mattermost Server before 3.0.0. It does not ...) + - mattermost-server (bug #823556) +CVE-2016-11075 (An issue was discovered in Mattermost Server before 3.0.0. It allows a ...) + - mattermost-server (bug #823556) +CVE-2016-11074 (An issue was discovered in Mattermost Server before 3.0.0. A password- ...) + - mattermost-server (bug #823556) +CVE-2016-11073 (An issue was discovered in Mattermost Server before 3.0.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11072 (An issue was discovered in Mattermost Server before 3.0.2. The purpose ...) + - mattermost-server (bug #823556) +CVE-2016-11071 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11070 (An issue was discovered in Mattermost Server before 3.1.0. It allows X ...) + - mattermost-server (bug #823556) +CVE-2016-11069 (An issue was discovered in Mattermost Server before 3.2.0. It mishandl ...) + - mattermost-server (bug #823556) +CVE-2016-11068 (An issue was discovered in Mattermost Server before 3.2.0. Attackers c ...) + - mattermost-server (bug #823556) +CVE-2016-11067 (An issue was discovered in Mattermost Server before 3.2.0. It allowed ...) + - mattermost-server (bug #823556) +CVE-2016-11066 (An issue was discovered in Mattermost Server before 3.2.0. The initial ...) + - mattermost-server (bug #823556) +CVE-2016-11065 (An issue was discovered in Mattermost Server before 3.3.0. An attacker ...) + - mattermost-server (bug #823556) +CVE-2016-11064 (An issue was discovered in Mattermost Desktop App before 3.4.0. String ...) + - mattermost-desktop (bug #831861) +CVE-2016-11063 (An issue was discovered in Mattermost Server before 3.5.1. XSS can occ ...) + - mattermost-server (bug #823556) +CVE-2016-11062 (An issue was discovered in Mattermost Server before 3.5.1. E-mail addr ...) + - mattermost-server (bug #823556) +CVE-2015-9548 (An issue was discovered in Mattermost Server before 1.2.0. It allows a ...) + - mattermost-server (bug #823556) +CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...) + {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} + - mutt 1.14.4-1 + - neomutt 20200619+dfsg.1-1 + NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 + NOTE: https://gitlab.com/muttmua/mutt/-/issues/248 + NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc +CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...) + NOT-FOR-US: WSO2 Identity Server +CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) + NOT-FOR-US: WSO2 Identity Server +CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) + NOT-FOR-US: WSO2 Identity Server +CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...) + - dolibarr +CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: NETGEAR +CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...) + NOT-FOR-US: NETGEAR +CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the app.o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...) + - cacti 1.2.19+ds1-1 + [bullseye] - cacti (Vulnerable code not present) + [buster] - cacti (Vulnerable code not present) + [stretch] - cacti (Vulnerable code not present) + NOTE: https://github.com/Cacti/cacti/pull/4261 + NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18) +CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) + NOT-FOR-US: Convos +CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) + {DLA-3424-1 DLA-2280-1} + - python3.8 3.8.4~rc1-1 + - python3.7 + [buster] - python3.7 3.7.3-2+deb10u2 + - python3.5 + - python3.4 + [jessie] - python3.4 (Minor issue, DoS with constraints) + - python2.7 (ipaddress module introduced in 3.3) + - python-ipaddress + [bullseye] - python-ipaddress (Minor issue) + NOTE: https://bugs.python.org/issue41004 + NOTE: https://github.com/python/cpython/pull/20956 + NOTE: https://github.com/python/cpython/pull/21033 + NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master) + NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch) + NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1) + NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch) + NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch) +CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) + NOT-FOR-US: aaPanel +CVE-2020-14420 + RESERVED +CVE-2020-14419 + RESERVED +CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...) + NOT-FOR-US: madCodeHook +CVE-2020-14417 + RESERVED +CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) + - qemu 1:5.0-1 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0) + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0) +CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_data ...) + - linux 5.4.19-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.210-1+deb9u1 + [jessie] - linux 3.16.84-1 + NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd +CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...) + NOT-FOR-US: NeDi +CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...) + NOT-FOR-US: NeDi +CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...) + NOT-FOR-US: NeDi +CVE-2020-14411 + RESERVED +CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...) + {DLA-3314-1 DLA-2536-1} + - libsdl1.2 (Only affects SDL2) + - libsdl2 2.0.14+dfsg2-2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 + NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 +CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...) + {DLA-3314-1 DLA-2536-1} + - libsdl2 2.0.14+dfsg2-2 + NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 + NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 + NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637 +CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...) + NOT-FOR-US: Agentejo Cockpit +CVE-2020-14407 + RESERVED +CVE-2020-14406 + RESERVED +CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 +CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff +CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff +CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff +CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af +CVE-2020-14400 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d +CVE-2020-14399 (An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned da ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d +CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...) + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver (Proposed patch might break ABI for consumers) + [stretch] - libvncserver (Proposed patch might break ABI for consumers) + [jessie] - libvncserver (Proposed patch might break ABI for consumers) + NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b +CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 +CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...) + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver (Vulnerable code not present) + [stretch] - libvncserver (Vulnerable code not present) + [jessie] - libvncserver (Vulnerable code not present) + NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 +CVE-2020-14395 + REJECTED +CVE-2020-14394 (An infinite loop flaw was found in the USB xHCI controller emulation o ...) + {DLA-3362-1} + - qemu 1:7.1+dfsg-1 (bug #979677) + [bullseye] - qemu 1:5.2+dfsg-11+deb11u3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004 + NOTE: https://gitlab.com/qemu-project/qemu/-/issues/646 + NOTE: Fixed by: https://gitlab.com/qemu-project/qemu/-/commit/effaf5a240e03020f4ae953e10b764622c3e87cc (v7.1.0-rc3) +CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local att ...) + {DLA-2386-1} + - libdbi-perl 1.643-1 + [buster] - libdbi-perl 1.642-1+deb10u1 + NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b +CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A ...) + {DLA-2386-1} + - libdbi-perl 1.643-1 + [buster] - libdbi-perl 1.642-1+deb10u1 + NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 +CVE-2020-14391 (A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...) + - gnome-settings-daemon (Red Hat-specific plugin) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093 +CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.8.10-1 + [buster] - linux 4.19.146-1 + NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 + NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2 +CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit a user w ...) + NOT-FOR-US: Keycloak +CVE-2020-14388 (A flaw was found in the Red Hat 3scale API Management Platform, where ...) + NOT-FOR-US: 3scale +CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...) + - rsync 3.2.3-3 (bug #969530) + [buster] - rsync (Vulnerable code introduced later) + [stretch] - rsync (Vulnerable code introduced later) + NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) + NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 +CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.8.7-1 + [buster] - linux 4.19.146-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3 +CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...) + {DLA-2385-1} + - linux 5.8.7-1 + [buster] - linux 4.19.146-1 + [stretch] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 +CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) + NOT-FOR-US: JBossWeb +CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...) + {DLA-2463-1} + [experimental] - samba 2:4.13.2+dfsg-1 + - samba 2:4.13.2+dfsg-2 (bug #973398) + [buster] - samba (Minor issue) + NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472 +CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...) + - cryptsetup 2:2.3.4-1 (bug #969471) + [buster] - cryptsetup (Vulnerable code not present) + [stretch] - cryptsetup (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712 + NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102 + NOTE: Fixed by: https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7 + NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503 + NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e + NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0) +CVE-2020-14381 (A flaw was found in the Linux kernel\u2019s futex implementation. This ...) + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.228-1 + NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254 +CVE-2020-14380 (An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. ...) + NOT-FOR-US: Red Hat Satellite +CVE-2020-14379 (A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can ...) + NOT-FOR-US: Red Hat AMQ broker +CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...) + - dpdk 19.11.5-1 (bug #971269) + [buster] - dpdk 18.11.10-1~deb10u1 + [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7a5af91f8bf46f121cc1a7873045ef37f63d56c2 (v18.11.10) + NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=fd9dd27602a6494663ace53f0d52122ed9f0de1c (v18.11.1-rc1) +CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) + - dpdk 19.11.5-1 (bug #971269) + [buster] - dpdk 18.11.10-1~deb10u1 + [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090 (v18.11.10) + NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) +CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) + - dpdk 19.11.5-1 (bug #971269) + [buster] - dpdk 18.11.10-1~deb10u1 + [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=7e7c75edc6351ecdc5b108ab2ff4be8852d9e090 (v18.11.10) + NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) +CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) + - dpdk 19.11.5-1 (bug #971269) + [buster] - dpdk 18.11.10-1~deb10u1 + [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=6e8a4da39e68c581c236b1f109fef4b6e22b35ef (v18.11.10) + NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3bb595ecd6829b4019f281d56036acf4d1ccddc2 (v18.05-rc1) +CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) + - dpdk 19.11.5-1 (bug #971269) + [buster] - dpdk 18.11.10-1~deb10u1 + [stretch] - dpdk (vhost_crypto introduced in v18.05-rc1) + NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 + NOTE: https://git.dpdk.org/dpdk-stable/commit/?id=75f8df70a2c8a477ed61bf3145746ef1164466ce (v18.11.10) + NOTE: Introduced by: https://git.dpdk.org/dpdk-stable/commit/?id=3c79609fda7cba51835c5f76e1bf4a454c653ff2 (v18.05-rc5) +CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...) + - ghostscript 9.26~dfsg-1 + [stretch] - ghostscript 9.26~dfsg-0+deb9u1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 +CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...) + {DSA-4867-1} + - grub2 2.04-16 + [stretch] - grub2 (No SecureBoot support in stretch) +CVE-2020-14371 (A credential leak vulnerability was found in Red Hat Satellite. This f ...) + NOT-FOR-US: Red Hat Satellite +CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...) + - libpod 2.0.6+dfsg1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268 + NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 +CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...) + NOT-FOR-US: Eclipse Che +CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...) + - chrony 3.5.1-1 (unimportant) + [buster] - chrony 3.4-4+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1 + NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1) + NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1) + NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1) + NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3 + NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. +CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...) + NOT-FOR-US: Keycloak +CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...) + {DSA-4950-1} + - ansible 2.9.13+dfsg-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 + NOTE: https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275 (v2.9.13) + NOTE: Negligible security impact on Debian systems +CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...) + {DSA-4760-1 DLA-2373-1} + - qemu 1:5.1+dfsg-4 (bug #968947) + NOTE: https://xenbits.xen.org/xsa/advisory-335.html + NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b946434f2659a182afc17e155be6791ebfb302eb +CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...) + {DLA-2361-1} + - libx11 2:1.6.12-1 (bug #969008) + [buster] - libx11 2:1.6.7-1+deb10u1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d +CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) + {DSA-4758-1 DLA-2359-1} + - xorg-server 2:1.20.9-1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc +CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) + {DSA-4758-1 DLA-2359-1} + - xorg-server 2:1.20.9-1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787 +CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An out-of ...) + {DSA-4803-1 DLA-2486-1} + - xorg-server 2:1.20.10-1 (bug #976216) + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b +CVE-2020-14359 (A vulnerability was found in all versions of Keycloak Gatekeeper, wher ...) + NOT-FOR-US: Keycloak +CVE-2020-14358 + REJECTED +CVE-2020-14357 + REJECTED +CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.7.10-1 (bug #966846) + [buster] - linux 4.19.146-1 + NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed +CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...) + {DSA-4771-1 DLA-2428-1 DLA-2427-1} + - spice 0.14.3-2 (bug #971750) + - spice-gtk 0.39-1 (bug #971751) + [buster] - spice-gtk (Minor issue) + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4 + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206 + NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6 +CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version 1.16.0 ...) + - c-ares 1.16.1-1 + [buster] - c-ares (Vulnerable code introduced later) + [stretch] - c-ares (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838 + NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) + NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) +CVE-2020-14353 + REJECTED +CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...) + NOT-FOR-US: librepo +CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...) + {DLA-2494-1 DLA-2483-1} + - linux 5.9.6-1 + [buster] - linux 4.19.160-1 + NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/ +CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...) + {DLA-2331-1} + - postgresql-12 12.4-1 + - postgresql-11 + [buster] - postgresql-11 11.9-0+deb10u1 + - postgresql-9.6 + NOTE: https://www.postgresql.org/about/news/2060/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59 +CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...) + - postgresql-12 12.4-1 + - postgresql-11 + [buster] - postgresql-11 11.9-0+deb10u1 + - postgresql-9.6 (Vulnerable code introduced later) + NOTE: https://www.postgresql.org/about/news/2060/ + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67 + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc +CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...) + NOT-FOR-US: AMQ Online +CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) + {DSA-4758-1 DLA-2359-1} + - xorg-server 2:1.20.9-1 (bug #968986) + NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 +CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...) + {DSA-4758-1 DLA-2359-1} + - xorg-server 2:1.20.9-1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff +CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...) + {DSA-4758-1 DLA-2359-1} + - xorg-server 2:1.20.9-1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html + NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d +CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...) + {DLA-2312-1} + - libx11 2:1.6.10-1 + [buster] - libx11 2:1.6.7-1+deb10u1 + NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 + NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d + NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 + NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b +CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...) + - pyyaml 5.3.1-4 (bug #966233) + [buster] - pyyaml (Vulnerable code not present) + [stretch] - pyyaml (Vulnerable code not present) + NOTE: https://github.com/yaml/pyyaml/issues/420 + NOTE: Fixed via: https://github.com/yaml/pyyaml/pull/472 + NOTE: https://github.com/yaml/pyyaml/commit/7adc0db3f613a82669f2b168edd98379b83adb3c + NOTE: CVE is for an incomplete fix of CVE-2020-1747. +CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...) + - cifs-utils 2:6.11-1 (bug #970172) + [buster] - cifs-utils (Minor issue) + [stretch] - cifs-utils (Minor issue) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14442 + NOTE: https://lists.samba.org/archive/samba-technical/2020-September/135747.html + NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a +CVE-2020-14341 (The "Test Connection" available in v7.x of the Red Hat Single Sign On ...) + NOT-FOR-US: Red Hat Single Sign On application console +CVE-2020-14340 (A vulnerability was discovered in XNIO where file descriptor leak caus ...) + - jboss-xnio 3.8.2-1 + [buster] - jboss-xnio (Minor issue) + [stretch] - jboss-xnio (vulnerable code is not present) + NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233 + NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234 +CVE-2020-14339 (A flaw was found in libvirt, where it leaked a file descriptor for `/d ...) + - libvirt 6.6.0-1 (bug #966563) + [buster] - libvirt (Vulnerable code introduced later) + [stretch] - libvirt (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860069 + NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html + NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0) +CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...) + - wildfly (bug #752018) +CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) + NOT-FOR-US: Ansible Tower +CVE-2020-14336 (A flaw was found in the Restricted Security Context Constraints (SCC), ...) + NOT-FOR-US: OpenShift +CVE-2020-14335 (A flaw was found in Red Hat Satellite, which allows a privileged attac ...) + NOT-FOR-US: Red Hat Satellite +CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) + - foreman (bug #663101) +CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...) + NOT-FOR-US: ovirt-engine +CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...) + {DSA-4950-1} + - ansible 2.9.13+dfsg-1 (bug #966672) + [stretch] - ansible (EOL'd for stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805 + NOTE: https://github.com/ansible/ansible/pull/71033 + NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12) +CVE-2020-14331 (A flaw was found in the Linux kernel\u2019s implementation of the inve ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.7.17-1 (unimportant) + [buster] - linux 4.19.146-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2 + NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set +CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...) + {DSA-4950-1} + - ansible 2.9.13+dfsg-1 + [stretch] - ansible (EOL'd for stretch) + NOTE: https://github.com/ansible/ansible/issues/68400 + NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653 + NOTE: Complete fix (reverting first and adding more elaborated fix): + NOTE: https://github.com/ansible/ansible/pull/70762 + NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e + NOTE: https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12) +CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions before 3.7 ...) + NOT-FOR-US: Ansible Tower +CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Server S ...) + NOT-FOR-US: Ansible Tower +CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...) + NOT-FOR-US: Ansible Tower +CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...) + - resteasy (Vulnerable code introduced later) + - resteasy3.0 (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826 + NOTE: https://issues.redhat.com/browse/RESTEASY-2643 + NOTE: https://issues.redhat.com/browse/RESTEASY-2646 + NOTE: Introduced by: https://github.com/resteasy/Resteasy/commit/f948c45f4ebe00531f858e289d17664bc2edd496 (4.2.0.Final) +CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...) + {DLA-2463-1} + [experimental] - samba 2:4.13.2+dfsg-1 + - samba 2:4.13.2+dfsg-2 (bug #973399) + [buster] - samba (Minor issue) + NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436 +CVE-2020-14322 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to l ...) + - moodle +CVE-2020-14321 (In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course ...) + - moodle +CVE-2020-14320 (In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task ...) + - moodle +CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...) + NOT-FOR-US: AMQ Online +CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...) + {DLA-2463-1} + [experimental] - samba 2:4.13.2+dfsg-1 + - samba 2:4.13.2+dfsg-2 (bug #973400) + [buster] - samba (Minor issue) + NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434 +CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805 appeared a ...) + - wildfly (bug #752018) +CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...) + NOT-FOR-US: KubeVirt +CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...) + - bsdiff 4.3-22 (bug #964796) + [buster] - bsdiff (Minor issue) + [stretch] - bsdiff (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2 + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc +CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.8.7-1 + [buster] - linux 4.19.146-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922 + NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1 +CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...) + NOT-FOR-US: Quay +CVE-2020-14312 (A flaw was found in the default configuration of dnsmasq, as shipped w ...) + - dnsmasq 2.69-1 (bug #732610) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342 +CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 +CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function read_sectio ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 +CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 +CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't check ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 +CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...) + - wildfly (bug #752018) +CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) + NOT-FOR-US: OpenShift +CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel\u ...) + {DLA-2420-1} + - linux 4.12.6-1 + NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ +CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...) + - linux (bug #960702) + [bookworm] - linux (Minor issue) + [bullseye] - linux (Minor issue) + [buster] - linux (Minor issue) +CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...) + {DLA-2463-1} + - samba 2:4.12.5+dfsg-1 + [buster] - samba (Minor issue, fix along in next DSA) + NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html +CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity ...) + NOT-FOR-US: Keycloak +CVE-2020-14301 (An information disclosure vulnerability was found in libvirt in versio ...) + - libvirt (Vulnerable code introduced with 6.2.0) + NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979 + NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5 +CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...) + - docker.io (Red Hat specific regression) +CVE-2020-14299 (A flaw was found in JBoss EAP, where the authentication configuration ...) + NOT-FOR-US: JBoss EAP +CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...) + - docker.io (Red Hat specific regression) +CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...) + - wildfly (bug #752018) +CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...) + - cacti 1.2.13+ds1-1 (bug #963139) + [buster] - cacti (Vulnerability introduced later) + [stretch] - cacti (Vulnerability introduced later) + [jessie] - cacti (Vulnerability introduced later) + NOTE: https://github.com/Cacti/cacti/issues/3622 + NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e + NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839 + NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6) +CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...) + NOT-FOR-US: Secudos Qiata FTA +CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute ...) + NOT-FOR-US: Secudos DOMOS +CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...) + NOT-FOR-US: COVIDSafe application for Android +CVE-2020-14291 + RESERVED +CVE-2020-14290 + RESERVED +CVE-2020-14289 + RESERVED +CVE-2020-14288 + RESERVED +CVE-2020-14287 + RESERVED +CVE-2020-14286 + RESERVED +CVE-2020-14285 + RESERVED +CVE-2020-14284 + RESERVED +CVE-2020-14283 + RESERVED +CVE-2020-14282 + RESERVED +CVE-2020-14281 + RESERVED +CVE-2020-14280 + RESERVED +CVE-2020-14279 + RESERVED +CVE-2020-14278 + RESERVED +CVE-2020-14277 + RESERVED +CVE-2020-14276 + RESERVED +CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1 ...) + NOT-FOR-US: HCL +CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...) + NOT-FOR-US: HCL +CVE-2020-14273 (HCL Domino is susceptible to a Denial of Service (DoS) vulnerability d ...) + NOT-FOR-US: HCL Domino +CVE-2020-14272 + RESERVED +CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...) + NOT-FOR-US: HCL iNotes +CVE-2020-14270 (HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vu ...) + NOT-FOR-US: HCL Domino +CVE-2020-14269 + RESERVED +CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...) + NOT-FOR-US: HCL Notes +CVE-2020-14267 + RESERVED +CVE-2020-14266 + RESERVED +CVE-2020-14265 + RESERVED +CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) + NOT-FOR-US: HCL +CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) + NOT-FOR-US: HCL +CVE-2020-14262 + RESERVED +CVE-2020-14261 + RESERVED +CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...) + NOT-FOR-US: HCL Domino +CVE-2020-14259 + RESERVED +CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...) + NOT-FOR-US: HCL +CVE-2020-14257 + RESERVED +CVE-2020-14256 + RESERVED +CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...) + NOT-FOR-US: HCL +CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...) + NOT-FOR-US: HCL BigFix Inventory +CVE-2020-14253 + RESERVED +CVE-2020-14252 + RESERVED +CVE-2020-14251 + RESERVED +CVE-2020-14250 + RESERVED +CVE-2020-14249 + RESERVED +CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) + NOT-FOR-US: HCL BigFix Inventory +CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...) + NOT-FOR-US: HCL +CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...) + NOT-FOR-US: HCL +CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...) + NOT-FOR-US: HCL +CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) + NOT-FOR-US: HCL Domino server +CVE-2020-14243 + RESERVED +CVE-2020-14242 + RESERVED +CVE-2020-14241 + RESERVED +CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and ...) + NOT-FOR-US: HCL Notes +CVE-2020-14239 + RESERVED +CVE-2020-14238 + RESERVED +CVE-2020-14237 + RESERVED +CVE-2020-14236 + RESERVED +CVE-2020-14235 + RESERVED +CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...) + NOT-FOR-US: HCL +CVE-2020-14233 + RESERVED +CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could ...) + NOT-FOR-US: HCL Notes +CVE-2020-14231 (A vulnerability in the input parameter handling of HCL Client Applicat ...) + NOT-FOR-US: HCL +CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...) + NOT-FOR-US: HCL +CVE-2020-14229 + RESERVED +CVE-2020-14228 + RESERVED +CVE-2020-14227 + RESERVED +CVE-2020-14226 + RESERVED +CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...) + NOT-FOR-US: HCL iNotes +CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...) + NOT-FOR-US: HCL Notes +CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...) + NOT-FOR-US: HCL Digital Experience +CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...) + NOT-FOR-US: HCL Digital Experience +CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...) + NOT-FOR-US: HCL +CVE-2020-14220 + RESERVED +CVE-2020-14219 + RESERVED +CVE-2020-14218 + RESERVED +CVE-2020-14217 + RESERVED +CVE-2020-14216 + RESERVED +CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws ...) + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver (Vulnerable code not present) + [stretch] - libvncserver (Vulnerable code not present) + [jessie] - libvncserver (Vulnerable code not present) + NOTE: https://github.com/LibVNC/libvncserver/commit/0cf1400c61850065de590d403f6d49e32882fd76 + NOTE: Vulnerable code is introduced with the fix for CVE-2017-18922. +CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...) + {DLA-2347-1 DLA-2264-1} + - libvncserver 0.9.13+dfsg-1 + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1 +CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...) + {DSA-4383-1 DLA-1617-1} + - libvncserver 0.9.11+dfsg-1.2 + NOTE: https://github.com/LibVNC/libvncserver/issues/253 + NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858 +CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...) + - zulip-server (bug #800052) +CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...) + - zammad (bug #841355) +CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only ...) + - zammad (bug #841355) +CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...) + - ffmpeg 7:4.3.1-1 + [buster] - ffmpeg (Vulnerable code not present) + [stretch] - ffmpeg (Vulnerable code not present) + NOTE: https://trac.ffmpeg.org/ticket/8716 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 +CVE-2020-14211 + RESERVED +CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...) + NOT-FOR-US: MONITORAPP +CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...) + - dolibarr +CVE-2020-14208 (SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in t ...) + NOT-FOR-US: SuiteCRM +CVE-2020-14207 (The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection w ...) + NOT-FOR-US: DiveBook plugin for WordPress +CVE-2020-14206 (The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XS ...) + NOT-FOR-US: DiveBook plugin for WordPress +CVE-2020-14205 (The DiveBook plugin 1.1.4 for WordPress is prone to improper access co ...) + NOT-FOR-US: DiveBook plugin for WordPress +CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...) + NOT-FOR-US: WebFOCUS Business Intelligence +CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...) + NOT-FOR-US: WebFOCUS Business Intelligence +CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...) + NOT-FOR-US: WebFOCUS Business Intelligence +CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...) + - dolibarr +CVE-2020-14200 + RESERVED +CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...) + NOT-FOR-US: Bitcoin protocol issue +CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service.) + - bitcoin 0.18.0~dfsg-1 (bug #976448) + NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 +CVE-2020-14197 + RESERVED +CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...) + - pdns-recursor 4.3.2-1 (low; bug #964103) + [buster] - pdns-recursor (Minor issue, fix along in next DSA) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1 +CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) + {DLA-2270-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2765 + NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...) + - zulip-server (bug #800052) +CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...) + NOT-FOR-US: Atlassian +CVE-2020-14192 (Affected versions of Atlassian Fisheye and Crucible allow remote attac ...) + NOT-FOR-US: Atlassian +CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) + NOT-FOR-US: Atlassian +CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) + NOT-FOR-US: Atlassian +CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...) + NOT-FOR-US: Atlassian +CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...) + NOT-FOR-US: Atlassian +CVE-2020-14187 + RESERVED +CVE-2020-14186 + RESERVED +CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...) + NOT-FOR-US: Atlassian +CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...) + NOT-FOR-US: Atlassian +CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a remote attacker ...) + NOT-FOR-US: Atlassian +CVE-2020-14182 + RESERVED +CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...) + NOT-FOR-US: Atlassian +CVE-2020-14180 (Affected versions of Atlassian Jira Service Desk Server and Data Cente ...) + NOT-FOR-US: Atlassian +CVE-2020-14179 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2020-14177 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2020-14176 + RESERVED +CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...) + NOT-FOR-US: Atlassian +CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...) + NOT-FOR-US: Atlassian +CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...) + NOT-FOR-US: Atlassian +CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...) + NOT-FOR-US: Atlassian +CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...) + NOT-FOR-US: Atlassian +CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) + NOT-FOR-US: Atlassian +CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) + NOT-FOR-US: Atlassian +CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) + NOT-FOR-US: Atlassian +CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) + NOT-FOR-US: Atlassian +CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) + NOT-FOR-US: Atlassian +CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) + NOT-FOR-US: Atlassian +CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) + - iotjs (Vulnerable code never in released version) + NOTE: https://github.com/jerryscript-project/jerryscript/commit/c2b662170245a16f46ce02eae68815c325d99821 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3804 +CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...) + NOT-FOR-US: Pi-Hole +CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...) + NOT-FOR-US: Gotenberg +CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote ...) + NOT-FOR-US: Gotenberg +CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...) + NOT-FOR-US: ConnectWise +CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...) + NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module +CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...) + NOT-FOR-US: ABUS +CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...) + NOT-FOR-US: OpenBMC +CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...) + - pcre3 2:8.39-13 (bug #963086) + [buster] - pcre3 (Minor issue) + [stretch] - pcre3 (Minor issue) + [jessie] - pcre3 (Minor issue) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2463 + NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44) +CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to ...) + - mutt 1.14.3-1 (unimportant) + [buster] - mutt 1.10.1-2.1+deb10u1 + - neomutt 20200619+dfsg.1-1 (unimportant) + NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html + NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95 + NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b + NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 + NOTE: Negligible security impact +CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...) + - libjpeg9 1:9d-1 + - libjpeg-turbo (Vulnerable code not present; problematic condition cannot be reached) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445 +CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) + {DLA-2302-1} + - libjpeg9 1:9d-1 (low) + - libjpeg-turbo 1:1.5.2-1 (low) + [jessie] - libjpeg-turbo (Minor issue) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933 +CVE-2020-14151 + REJECTED +CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) + - bison 2:3.6.1+dfsg-1 (unimportant) + NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html + NOTE: Crash in CLI tool, no security impact +CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...) + NOT-FOR-US: uftpd +CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...) + {DLA-2252-1} + - ngircd 26-1 (bug #963147) + [buster] - ngircd (Minor issue) + [stretch] - ngircd (Minor issue) + NOTE: https://github.com/ngircd/ngircd/issues/274 + NOTE: https://github.com/ngircd/ngircd/issues/277 + NOTE: https://github.com/ngircd/ngircd/pull/275 + NOTE: https://github.com/ngircd/ngircd/pull/276 + NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 +CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...) + {DSA-4731-1} + - redis 5:6.0.0-1 + [stretch] - redis (Vulnerable code reintroduced later) + [jessie] - redis (Vulnerable code reintroduced later) + NOTE: https://github.com/antirez/redis/pull/6875 + NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4) + NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 + NOTE: Fixed upstream in 6.0~rc2 and 5.0.8 +CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...) + NOT-FOR-US: KumbiaPHP +CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...) + - openssh (unimportant) + NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ + NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf + NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding + NOTE: the issue, details in "3.1 OpenSSH" in the publication. + NOTE: Partial mitigation: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d (V_8_4_P1) +CVE-2020-14144 (The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for aut ...) + - gitea +CVE-2020-14143 + RESERVED +CVE-2020-14142 + RESERVED +CVE-2020-14141 + RESERVED +CVE-2020-14140 (When Xiaomi router firmware is updated in 2020, there is an unauthenti ...) + NOT-FOR-US: Xiaomi +CVE-2020-14139 + RESERVED +CVE-2020-14138 + RESERVED +CVE-2020-14137 + RESERVED +CVE-2020-14136 + RESERVED +CVE-2020-14135 + RESERVED +CVE-2020-14134 + RESERVED +CVE-2020-14133 + RESERVED +CVE-2020-14132 + RESERVED +CVE-2020-14131 (The Xiaomi Security Center expresses heartfelt thanks to ADLab of Venu ...) + NOT-FOR-US: Xiaomi +CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...) + NOT-FOR-US: Xiaomi +CVE-2020-14129 (A logic vulnerability exists in a Xiaomi product. The vulnerability is ...) + NOT-FOR-US: Xiaomi +CVE-2020-14128 + RESERVED +CVE-2020-14127 (A denial of service vulnerability exists in some Xiaomi models of phon ...) + NOT-FOR-US: Xiaomi +CVE-2020-14126 (Information leakage vulnerability exists in the Mi Sound APP. This vul ...) + NOT-FOR-US: Xiaomi +CVE-2020-14125 (A denial of service vulnerability exists in some Xiaomi models of phon ...) + NOT-FOR-US: Xiaomi +CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...) + NOT-FOR-US: Xiaomi +CVE-2020-14123 (There is a pointer double free vulnerability in Some MIUI Services. Wh ...) + NOT-FOR-US: Xiaomi +CVE-2020-14122 (Some Xiaomi phones have information leakage vulnerabilities, and some ...) + NOT-FOR-US: Xiaomi +CVE-2020-14121 (A business logic vulnerability exists in Mi App Store. The vulnerabili ...) + NOT-FOR-US: Xiaomi +CVE-2020-14120 (Some Xiaomi models have a vulnerability in a certain application. The ...) + NOT-FOR-US: Xiaomi +CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...) + NOT-FOR-US: Xiaomi +CVE-2020-14118 (An intent redirection vulnerability in the Mi App Store product. This ...) + NOT-FOR-US: Xiaomi +CVE-2020-14117 (A improper permission configuration vulnerability in Xiaomi Content Ce ...) + NOT-FOR-US: Xiaomi +CVE-2020-14116 (An intent redirection vulnerability in the Mi Browser product. This vu ...) + NOT-FOR-US: Xiaomi +CVE-2020-14115 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...) + NOT-FOR-US: Xiaomi +CVE-2020-14114 (information leakage vulnerability exists in the Xiaomi SmartHome APP. ...) + NOT-FOR-US: Xiaomi +CVE-2020-14113 + RESERVED +CVE-2020-14112 (Information Leak Vulnerability exists in the Xiaomi Router AX6000. The ...) + NOT-FOR-US: Xiaomi +CVE-2020-14111 (A command injection vulnerability exists in the Xiaomi Router AX3600. ...) + NOT-FOR-US: Xiaomi +CVE-2020-14110 (AX3600 router sensitive information leaked.There is an unauthorized in ...) + NOT-FOR-US: AX3600 router +CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) + NOT-FOR-US: Xiaomi +CVE-2020-14108 + RESERVED +CVE-2020-14107 (A stack overflow in the HTTP server of Cast can be exploited to make t ...) + NOT-FOR-US: Xiaomi +CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...) + NOT-FOR-US: Xiaomi +CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...) + NOT-FOR-US: Xiaomi +CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...) + NOT-FOR-US: Xiaomi +CVE-2020-14103 (The application in the mobile phone can read the SNO information of th ...) + NOT-FOR-US: Xiaomi +CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...) + NOT-FOR-US: Xiaomi +CVE-2020-14101 (The data collection SDK of the router web management interface caused ...) + NOT-FOR-US: Xiaomi +CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 int ...) + NOT-FOR-US: Xiaomi +CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root version ...) + NOT-FOR-US: Xiaomi +CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...) + NOT-FOR-US: Xiaomi +CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...) + NOT-FOR-US: Xiaomi +CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen wh ...) + NOT-FOR-US: Xiaomi +CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers ...) + NOT-FOR-US: Xiaomi +CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service can ...) + NOT-FOR-US: Xiaomi +CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...) + - pcre3 (unimportant) + NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1740 (8.43) + NOTE: Only an issue when UTF support disabled +CVE-2018-21246 (Caddy before 0.10.13 mishandles TLS client authentication, as demonstr ...) + - caddy (Fixed before initial upload to Debian) +CVE-2018-21245 (Pound before 2.8 allows HTTP request smuggling, a related issue to CVE ...) + - pound 2.8-2 + [stretch] - pound 2.7-1.3+deb9u1 + [jessie] - pound 2.6-6+deb8u2 + NOTE: https://admin.hostpoint.ch/pipermail/pound_apsis.ch/2018-May/000054.html + NOTE: The exact scope of CVE-2018-21245 (a related issue to CVE-2016-10711) was + NOTE: as well fixed with the same changes as done upstream for 2.8. The backport + NOTE: for 2.7 was a backport of all security relevant changes between 2.7 and 2.8. + NOTE: The same corrections were made in 2.6 version for jessie so fixed in that too. +CVE-2017-18869 (A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 co ...) + - node-chownr 1.1.1-1 (bug #909024) + NOTE: https://github.com/isaacs/chownr/issues/14 + NOTE: https://snyk.io/vuln/npm:chownr:20180731 +CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) + {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} + - mutt 1.14.3-1 (bug #962897) + - neomutt 20200619+dfsg.1-1 + NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 + NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107 + NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748 +CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...) + NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress +CVE-2020-14091 + RESERVED +CVE-2020-14090 + RESERVED +CVE-2020-14089 + RESERVED +CVE-2020-14088 + RESERVED +CVE-2020-14087 + RESERVED +CVE-2020-14086 + RESERVED +CVE-2020-14085 + RESERVED +CVE-2020-14084 + RESERVED +CVE-2020-14083 + RESERVED +CVE-2020-14082 + RESERVED +CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) + NOT-FOR-US: TRENDnet +CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet +CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet +CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet +CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet +CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet TEW-827DRU devices +CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) + NOT-FOR-US: TRENDnet +CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) + NOT-FOR-US: TRENDnet +CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...) + NOT-FOR-US: MK-AUTH +CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...) + NOT-FOR-US: MK-AUTH +CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...) + NOT-FOR-US: MK-AUTH +CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...) + NOT-FOR-US: MK-AUTH +CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...) + NOT-FOR-US: MK-AUTH +CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...) + NOT-FOR-US: IceWarp Email Server +CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...) + NOT-FOR-US: IceWarp Email Server +CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...) + NOT-FOR-US: IceWarp Email Server +CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...) + NOT-FOR-US: TC Custom JavaScript plugin for WordPress +CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) + {DLA-2270-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2704 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) + {DLA-2270-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2698 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) + {DLA-2270-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2688 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...) + - squid (vulnerability introduced in the 5.x series) + - squid3 (vulnerability introduced in the 5.x series) + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr +CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...) + - squid 4.12-1 (unimportant) + - squid3 (unimportant) + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch + NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57 + NOTE: Squid in Debian builds without OpenSSL support +CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...) + NOT-FOR-US: Monsta FTP +CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...) + NOT-FOR-US: Monsta FTP +CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...) + NOT-FOR-US: Monsta FTP +CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...) + NOT-FOR-US: SOKKIA GNR5 Vanguard WEB +CVE-2020-14053 + RESERVED +CVE-2020-14052 + RESERVED +CVE-2020-14051 + RESERVED +CVE-2020-14050 + RESERVED +CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...) + NOT-FOR-US: Viber +CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...) + NOT-FOR-US: Zoho +CVE-2020-14047 + RESERVED +CVE-2020-14046 + RESERVED +CVE-2020-14045 + RESERVED +CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forger ...) + NOT-FOR-US: Codiad +CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...) + NOT-FOR-US: Codiad +CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...) + NOT-FOR-US: Codiad +CVE-2020-14041 + RESERVED +CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...) + - golang-golang-x-text 0.3.3-1 (bug #964272) + - golang-x-text (bug #964271) + [buster] - golang-x-text (Limited support, minor issue) + [stretch] - golang-x-text (Minor issue) + NOTE: https://github.com/golang/go/issues/39491 + NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e + NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 +CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...) + - golang-1.15 (Windows-specific) + - golang-1.14 (Windows-specific) + - golang-1.11 (Windows-specific) + NOTE: https://golang.org/issue/39360 + NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ +CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...) + {DSA-4709-1 DLA-2371-1} + - wordpress 5.4.2+dfsg1-1 (bug #962685) + NOTE: https://core.trac.wordpress.org/changeset/47984 +CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...) + {DSA-4709-1 DLA-2371-1 DLA-2269-1} + - wordpress 5.4.2+dfsg1-1 (bug #962685) + NOTE: https://core.trac.wordpress.org/changeset/47951 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc + NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 + NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix) +CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...) + {DSA-4709-1 DLA-2371-1 DLA-2269-1} + - wordpress 5.4.2+dfsg1-1 (bug #962685) + NOTE: https://core.trac.wordpress.org/changeset/47950 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p + NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 +CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...) + {DSA-4709-1 DLA-2371-1 DLA-2269-1} + - wordpress 5.4.2+dfsg1-1 (bug #962685) + NOTE: https://core.trac.wordpress.org/changeset/47949 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 + NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 +CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...) + - wordpress 5.4.2+dfsg1-1 (bug #962685) + [buster] - wordpress (Vulnerable code introduced later) + [stretch] - wordpress (Vulnerable code introduced later) + [jessie] - wordpress (Vulnerable code introduced later) + NOTE: https://core.trac.wordpress.org/changeset/47947 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf +CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...) + {DSA-4709-1 DLA-2371-1 DLA-2269-1} + - wordpress 5.4.2+dfsg1-1 (bug #962685) + NOTE: https://core.trac.wordpress.org/changeset/47948 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 + NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f +CVE-2020-14038 + RESERVED +CVE-2020-14037 + RESERVED +CVE-2020-14036 + RESERVED +CVE-2020-14035 + RESERVED +CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.2-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/2229 + NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 +CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.2-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/2229 + NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 +CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via ...) + NOT-FOR-US: ASRock +CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The da ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file typ ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) + NOT-FOR-US: Ozeki NG SMS Gateway +CVE-2020-14020 + RESERVED +CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) + - python-rtslib-fb 2.1.71-3 (bug #972227) + [buster] - python-rtslib-fb (Introduced in 2.1.70) + [stretch] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) + [jessie] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) + NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162 + NOTE: https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9 +CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query p ...) + NOT-FOR-US: Navigate CMS +CVE-2020-14013 + RESERVED +CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...) + NOT-FOR-US: osTicket +CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...) + NOT-FOR-US: Lansweeper +CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...) + NOT-FOR-US: Laborator Xenon theme for WordPress +CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vu ...) + NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD) +CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) + NOT-FOR-US: Solarwinds +CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) + NOT-FOR-US: Solarwinds +CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) + NOT-FOR-US: Solarwinds +CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...) + - icinga2 2.11.5-1 (bug #970252) + [buster] - icinga2 2.10.3-2+deb10u1 + [stretch] - icinga2 (prepare-dirs script not shipped) + [jessie] - icinga2 (prepare-dirs script not shipped) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171 + NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 +CVE-2020-14003 + RESERVED +CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) + - putty 0.74-1 + [buster] - putty (Minor issue) + [stretch] - putty (Minor issue) + [jessie] - putty (Minor issue) + NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) +CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) + {DSA-4743-1 DLA-2316-1} + [experimental] - ruby-kramdown 2.3.0-1 + - ruby-kramdown 2.3.0-3 (bug #965305) + NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6 + NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde +CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) + NOT-FOR-US: scratch-vm different from src:scratch +CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) + - libemf 1.0.13-1 (bug #963778) + [buster] - libemf (Minor issue) + NOTE: Fixed upstream in 1.0.13 +CVE-2020-13998 (Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticate ...) + NOT-FOR-US: Citrix +CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...) + NOT-FOR-US: Shopware +CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...) + NOT-FOR-US: J2Store plugin for Joomla! +CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...) + NOT-FOR-US: U.S. Air Force Sensor Data Management System extract75 +CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...) + NOT-FOR-US: Mods for HESK +CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...) + NOT-FOR-US: Mods for HESK +CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...) + NOT-FOR-US: Mods for HESK +CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...) + - iotjs (Vulnerable code not present; cf. #972228) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867 +CVE-2020-13990 + RESERVED +CVE-2020-13989 + RESERVED +CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...) + - open-iscsi 2.1.3-1 + [buster] - open-iscsi (Minor issue) + [stretch] - open-iscsi (Minor issue) + NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ + NOTE: Adressed upstream in 2.1.3 release +CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read ...) + - open-iscsi 2.1.3-1 + [buster] - open-iscsi (Minor issue) + [stretch] - open-iscsi (Minor issue) + NOTE: https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp + NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ + NOTE: Adressed upstream in 2.1.3 release +CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) + NOT-FOR-US: Contiki +CVE-2020-13985 (An issue was discovered in Contiki through 3.0. A memory corruption vu ...) + NOT-FOR-US: Contiki +CVE-2020-13984 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) + NOT-FOR-US: Contiki +CVE-2020-13983 + REJECTED +CVE-2020-13982 + RESERVED +CVE-2020-13981 + RESERVED +CVE-2020-13980 (OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS atta ...) + NOT-FOR-US: OpenCart +CVE-2020-13979 + RESERVED +CVE-2020-13978 (Monstra CMS 3.0.4 allows an attacker, who already has administrative a ...) + NOT-FOR-US: Monstra CMS +CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) + - nagios4 4.3.4-4 (bug #962826) + [buster] - nagios4 (Minor issue) + NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213 +CVE-2020-13976 (An issue was discovered in DD-WRT through 16214. The Diagnostic page a ...) + NOT-FOR-US: DD-WRT +CVE-2020-13975 + RESERVED +CVE-2020-13974 (An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers ...) + {DLA-2323-1} + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae +CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...) + NOT-FOR-US: OWASP json-sanitizer +CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...) + NOT-FOR-US: Enghouse Web Chat +CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...) + NOT-FOR-US: Shopware +CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...) + NOT-FOR-US: Shopware +CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on ...) + NOT-FOR-US: CRK Business Platform +CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL statements again ...) + NOT-FOR-US: CRK Business Platform +CVE-2020-13967 + RESERVED +CVE-2020-13966 + RESERVED +CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...) + NOT-FOR-US: SOPlanning +CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) + - qtbase-opensource-src 5.14.2+dfsg-6 + [buster] - qtbase-opensource-src (Only affects 5.12.2 and later) + [stretch] - qtbase-opensource-src (Only affects 5.12.2 and later) + [jessie] - qtbase-opensource-src (Only affects 5.12.2 and later) + NOTE: https://bugreports.qt.io/browse/QTBUG-83450 + NOTE: https://github.com/mumble-voip/mumble/issues/3679 + NOTE: https://github.com/mumble-voip/mumble/pull/4032 +CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...) + NOT-FOR-US: Strapi +CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...) + NOT-FOR-US: D-Link +CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...) + {DLA-2597-1} + - velocity-tools 2.0-8 (bug #985221) + [buster] - velocity-tools (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2 + NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152 +CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...) + NOT-FOR-US: Apache OpenOffice +CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...) + - lucene-solr (Vulnerable functionality not yet present) +CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...) + {DSA-4772-1 DLA-2405-1} + - httpcomponents-client 4.5.13-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587 + NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1) +CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...) + NOT-FOR-US: Apache Calcite +CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...) + NOT-FOR-US: Apache CXF +CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...) + NOT-FOR-US: Apache Tapestry +CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...) + NOT-FOR-US: Apache Superset +CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...) + [experimental] - apache2 2.4.48-1 + - apache2 2.4.46-6 + [buster] - apache2 (Vulnerable code not present) + [stretch] - apache2 (Vulnerable code not present) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 + NOTE: Fixed by: https://svn.apache.org/r1678771 + NOTE: Introduced by: https://svn.apache.org/r1656259 +CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) + [experimental] - thrift 0.16.0-1 + - thrift 0.16.0-3 (bug #988949) + [bullseye] - thrift (Minor issue) + [buster] - thrift (Minor issue) + NOTE: https://seclists.org/oss-sec/2021/q1/140 +CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) + NOT-FOR-US: Apache Superset +CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...) + - activemq 5.16.1-1 (unimportant) + NOTE: Admin console not enabled in the Debian package, see #702670) + NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13947-announcement.txt + NOTE: Fixed in 5.15.13, 5.16.1 +CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...) + - cassandra (bug #585905) +CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the Admin ...) + NOT-FOR-US: Apache APISIX +CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some of ...) + - airflow (bug #819700) +CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...) + {DSA-4835-1 DLA-2407-1} + - tomcat9 9.0.38-1 + - tomcat8 + NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38) + NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58) +CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...) + NOT-FOR-US: Apache Unomi +CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) + - lucene-solr 3.6.2+dfsg-23 + [buster] - lucene-solr (Minor issue) + [stretch] - lucene-solr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1 + NOTE: https://issues.apache.org/jira/browse/SOLR-14561 + NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2 + NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version +CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...) + NOT-FOR-US: Apache NiFi +CVE-2020-13939 + REJECTED +CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...) + - apache2 (Only affects Apache on Windows) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938 +CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...) + {DLA-2595-1} + - velocity 1.7-6 (bug #985220) + [buster] - velocity 1.7-5+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1 + NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485 +CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) + {DSA-4727-1 DLA-2286-1} + - tomcat9 9.0.37-1 + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3 + NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57) + NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37) +CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...) + {DSA-4727-1 DLA-2286-1} + - tomcat9 9.0.37-1 + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4 + NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57) + NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37) +CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...) + {DLA-2726-1} + - shiro 1.3.2-5 (bug #968753) + [bullseye] - shiro 1.3.2-4+deb11u1 + [buster] - shiro 1.3.2-4+deb10u1 + NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E +CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) + NOT-FOR-US: Apache ActiveMQ Artemis + NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt +CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0 ...) + NOT-FOR-US: Apache TomEE +CVE-2020-13930 + RESERVED +CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows an attac ...) + NOT-FOR-US: Apache Zeppelin +CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...) + NOT-FOR-US: Apache Atlas +CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...) + - airflow (bug #819700) +CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...) + NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) +CVE-2020-13924 (In Apache Ambari versions 2.6.2.2 and earlier, malicious users can con ...) + NOT-FOR-US: Apache Ambari +CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) + NOT-FOR-US: Apache OFBiz +CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...) + NOT-FOR-US: Apache DolphinScheduler +CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...) + NOT-FOR-US: Apache SkyWalking +CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...) + {DLA-3657-1 DLA-2400-1} + - activemq 5.16.0-1 + NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt + NOTE: When fixing this issue make sure to use a complete fix and not open up + NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing + NOTE: JMX re-bind). + NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) + NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13) +CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...) + NOT-FOR-US: Ruckus Wireless Unleashed +CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...) + NOT-FOR-US: SolarWinds Advanced Monitoring Agent +CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...) + NOT-FOR-US: Your Online Shop +CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...) + NOT-FOR-US: Pengutronix Barebox +CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...) + NOT-FOR-US: Laravel Ignition component +CVE-2020-13908 + RESERVED +CVE-2020-13907 + RESERVED +CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) + NOT-FOR-US: IrfanView +CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) + NOT-FOR-US: IrfanView +CVE-2020-13904 (FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duratio ...) + {DSA-4722-1 DLA-2291-1} + - ffmpeg 7:4.3.1-1 + NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc + NOTE: https://trac.ffmpeg.org/ticket/8673 +CVE-2020-13903 + REJECTED +CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...) + - imagemagick 8:6.9.11.24+dfsg-1 + [buster] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) + [stretch] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) + [jessie] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 + NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb +CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.1-1 (bug #962680) + NOTE: https://github.com/meetecho/janus-gateway/pull/2214 + NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86 +CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.1-1 (bug #962680) + NOTE: https://github.com/meetecho/janus-gateway/pull/2214 + NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a +CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.1-1 (bug #962680) + NOTE: https://github.com/meetecho/janus-gateway/pull/2214 + NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636 +CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) + - janus 0.10.1-1 (bug #962680) + NOTE: https://github.com/meetecho/janus-gateway/pull/2214 + NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120 +CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS.) + NOT-FOR-US: HESK +CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...) + NOT-FOR-US: Maipu devices +CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...) + NOT-FOR-US: DEXT5 Editor +CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...) + NOT-FOR-US: Sage EasyPay +CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS.) + NOT-FOR-US: SportsPress plugin for WordPress +CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...) + NOT-FOR-US: Mattermost +CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...) + NOT-FOR-US: Bootstrap theme +CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS.) + NOT-FOR-US: Bludit +CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...) + NOT-FOR-US: Kordil EDMS +CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...) + NOT-FOR-US: Kordil EDMS +CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...) + - libcrypt-perl-perl (bug #907353) + NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14 + NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2 +CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...) + NOT-FOR-US: Intelbras TIP +CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...) + NOT-FOR-US: Citrix +CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...) + NOT-FOR-US: Citrix +CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...) + NOT-FOR-US: WSO2 API Manager +CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...) + - lynis 3.0.0-1 (unimportant) + NOTE: Neutralised by kernel hardening + NOTE: https://github.com/CISOfy/lynis/pull/594 + NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4 +CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) + {DLA-2730-1 DLA-2239-1} + - libpam-tacplus 1.3.8-2.1 (low; bug #962830) + [buster] - libpam-tacplus 1.3.8-2+deb10u1 + [stretch] - libpam-tacplus (Minor issue) + NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 + NOTE: https://github.com/kravietz/pam_tacplus/issues/149 +CVE-2020-13880 + RESERVED +CVE-2020-13879 + RESERVED +CVE-2020-13878 + RESERVED +CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress Meeting M ...) + NOT-FOR-US: ResourceXpress Meeting Monitor +CVE-2020-13876 + RESERVED +CVE-2020-13875 + RESERVED +CVE-2020-13874 + RESERVED +CVE-2020-13873 (A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/T ...) + NOT-FOR-US: Codoforum +CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...) + NOT-FOR-US: Royal TS +CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...) + {DLA-2340-1} + - sqlite3 3.32.2-2 + [buster] - sqlite3 (Vulnerability introduced later) + [jessie] - sqlite3 (Vulnerable code not present) + - sqlite (Vulnerability introduced later) + NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104 + NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4 + NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529 + NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea +CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) + NOT-FOR-US: Comments plugin for Craft CMS +CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...) + NOT-FOR-US: Comments plugin for Craft CMS +CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) + NOT-FOR-US: Comments plugin for Craft CMS +CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...) + - targetcli-fb 1:2.1.53-1 (low; bug #962331) + [buster] - targetcli-fb (Minor issue) + [stretch] - targetcli-fb (Minor issue) + NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172 +CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...) + NOT-FOR-US: WinGate +CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) + NOT-FOR-US: Elementor Page Builder plugin for WordPress +CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) + NOT-FOR-US: Elementor Page Builder plugin for WordPress +CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...) + NOT-FOR-US: Mitel +CVE-2020-13862 + RESERVED +CVE-2020-13861 + RESERVED +CVE-2020-13860 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-13859 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-13858 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-13857 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-13856 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) + NOT-FOR-US: Mofi Network devices +CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation.) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...) + NOT-FOR-US: MQTT protocol flaw +CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...) + {DLA-2585-1 DLA-2238-1} + - pupnp (Fixed before initial upload to Debian after source package rename) + - pupnp-1.8 (bug #962282) + [bookworm] - pupnp-1.8 (Minor issue) + [bullseye] - pupnp-1.8 (Minor issue) + [buster] - pupnp-1.8 (Minor issue) + - libupnp + NOTE: https://github.com/pupnp/pupnp/issues/177 + NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 +CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container 3.9.5+ds1-2 (bug #965040) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v +CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container 3.9.5+ds1-2 (bug #965040) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 +CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...) + [experimental] - singularity-container 3.9.4+ds2-1 + - singularity-container 3.9.5+ds1-2 (bug #965040) + NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c +CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...) + NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html + NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation + NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile + NOTE: the entire distro, which is not warranted for the impact) + NOTE: GCC patches: + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 + NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 +CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...) + NOT-FOR-US: LG mobile devices +CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) + NOT-FOR-US: LG mobile devices +CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...) + - dolibarr +CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...) + - phplist (bug #612288) +CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...) + NOT-FOR-US: i-doit +CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...) + NOT-FOR-US: i-doit +CVE-2020-13824 + RESERVED +CVE-2020-13823 + RESERVED +CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...) + - node-elliptic 6.5.3~dfsg-1 (bug #963149) + [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1 + NOTE: https://github.com/indutny/elliptic/issues/226 +CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...) + NOT-FOR-US: HiveMQ Broker Control Center +CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...) + NOT-FOR-US: Extreme Management Center +CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...) + NOT-FOR-US: Extreme EAC Appliance +CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when is use ...) + NOT-FOR-US: Zoho ManageEngine OpManager +CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...) + - ntp 1:4.2.8p14+dfsg-1 (low) + [buster] - ntp (Minor issue) + [stretch] - ntp (Minor issue) + [jessie] - ntp (Too intrusive to backport, requires new configuration) + - ntpsec (Doesn't affect ntpsec per upstream, #964395) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596 + NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596 + NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14) + NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14) +CVE-2020-13816 + REJECTED +CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...) + - rebar3 (Fixed before initial upload to Debian) + NOTE: https://github.com/erlang/rebar3/pull/2302 + NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2 +CVE-2020-13801 + RESERVED +CVE-2020-13799 (Western Digital has identified a security vulnerability in the Replay ...) + NOT-FOR-US: Western Digital iNAND devices +CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) + NOT-FOR-US: Navigate CMS +CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) + NOT-FOR-US: Navigate CMS +CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) + NOT-FOR-US: Navigate CMS +CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...) + NOT-FOR-US: Navigate CMS +CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...) + NOT-FOR-US: Harbor +CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...) + NOT-FOR-US: Ivanti +CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...) + NOT-FOR-US: PlayTube +CVE-2019-20837 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20836 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20835 (An issue was discovered in Foxit Reader and PhantomPDF before 9.5. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20834 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It allows s ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20833 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has mish ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20832 (An issue was discovered in Foxit PhantomPDF before 8.3.10. It has homo ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20831 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20830 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20829 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20828 (An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20827 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20826 (An issue was discovered in Foxit PhantomPDF Mac 3.3 and Foxit Reader f ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20825 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20824 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a NU ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20823 (An issue was discovered in Foxit PhantomPDF before 8.3.11. It has a bu ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20822 (An issue was discovered in the 3D Plugin Beta for Foxit Reader and Pha ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20821 (An issue was discovered in Foxit PhantomPDF Mac before 3.4. It has a N ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20820 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20819 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20818 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20817 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It ...) + NOT-FOR-US: Foxit Reader +CVE-2019-20816 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20815 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows s ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20814 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows m ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2019-20813 (An issue was discovered in Foxit PhantomPDF before 8.3.12. It has a NU ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21244 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows ar ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21243 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has COM o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21242 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows Re ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21241 (An issue was discovered in Foxit PhantomPDF before 8.3.6. It has an un ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21240 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...) + NOT-FOR-US: Foxit Reader +CVE-2018-21239 (An issue was discovered in Foxit Reader and PhantomPDF before 9.2. It ...) + NOT-FOR-US: Foxit Reader +CVE-2018-21238 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows me ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21237 (An issue was discovered in Foxit PhantomPDF before 8.3.7. It allows NT ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2018-21236 (An issue was discovered in Foxit Reader before 2.4.4. It has a NULL po ...) + NOT-FOR-US: Foxit Reader +CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system before Sept ...) + NOT-FOR-US: Foxit E-mail advertising system +CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) + {DSA-4700-1} + - roundcube 1.4.5+dfsg.1-1 (bug #962124) + NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43 + NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3 +CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) + {DSA-4700-1} + - roundcube 1.4.5+dfsg.1-1 (bug #962123) + NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5 + NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 +CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...) + - qemu 1:5.0-6 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455 +CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...) + - qemu 1:5.0-6 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html +CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...) + {DLA-2302-1} + - libjpeg-turbo 1:2.0.5-1 (bug #962829) + [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 + [jessie] - libjpeg-turbo (No other package in Debian jessie uses the TurboJPEG API or the TurboJPEG CLI tools) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) +CVE-2020-13789 + RESERVED +CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...) + NOT-FOR-US: Harbor +CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...) + NOT-FOR-US: D-Link +CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.) + NOT-FOR-US: D-Link +CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...) + NOT-FOR-US: D-Link +CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...) + NOT-FOR-US: D-Link +CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...) + NOT-FOR-US: D-Link +CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.) + NOT-FOR-US: D-Link +CVE-2020-13781 + RESERVED +CVE-2020-13780 + RESERVED +CVE-2020-13779 + RESERVED +CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...) + NOT-FOR-US: rConfig +CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...) + {DSA-4697-1} + - gnutls28 3.6.14-1 (bug #962289) + [stretch] - gnutls28 (Vulnerable code introduced in 3.6.4) + [jessie] - gnutls28 (Vulnerable code introduced in 3.6.4) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723 + NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011 + NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca + NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da +CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...) + - systemd 246-2 (unimportant) + [buster] - systemd (Vulnerable code introduced later) + NOTE: https://github.com/systemd/systemd/issues/15985 + NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1) + NOTE: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 (v246-rc1) + NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082. +CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...) + - znc 1.8.1-1 (bug #962105) + [buster] - znc (Vulnerable code introduced later) + [stretch] - znc (Vulnerable code introduced later) + [jessie] - znc (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1) + NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0) +CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...) + NOT-FOR-US: Ivanti +CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...) + NOT-FOR-US: Ivanti +CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...) + NOT-FOR-US: Ivanti +CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...) + NOT-FOR-US: Ivanti +CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...) + NOT-FOR-US: Ivanti +CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...) + NOT-FOR-US: Ivanti +CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...) + NOT-FOR-US: MiniShare +CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...) + NOT-FOR-US: Mitel +CVE-2020-13766 + RESERVED +CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...) + {DSA-4728-1 DLA-2288-1 DLA-2262-1} + - qemu 1:4.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 + NOTE: https://bugs.launchpad.net/qemu/+bug/1844635 +CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can ...) + NOT-FOR-US: Gravity Forms plugin for WordPress +CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...) + NOT-FOR-US: Joomla! +CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...) + NOT-FOR-US: Joomla! +CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag ...) + NOT-FOR-US: Joomla! +CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...) + NOT-FOR-US: Joomla! +CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The prb_calc ...) + - linux 5.4.8-1 + [buster] - linux 4.19.98-1 + [stretch] - linux 4.9.210-1 + NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe +CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...) + {DSA-4698-1 DLA-2242-1} + - linux 4.19.37-1 + [jessie] - linux 3.16.72-1 + NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e +CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux ...) + {DLA-2323-1} + - linux 5.6.7-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983 +CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...) + NOT-FOR-US: rust-vmm +CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...) + NOT-FOR-US: Bitrix24 +CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...) + - python-rsa 4.7.2-1 (bug #962142) + [bullseye] - python-rsa (Minor issue) + [buster] - python-rsa (Minor issue) + [stretch] - python-rsa (Minor issue) + [jessie] - python-rsa (Minor issue) + NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146 + NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1) +CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...) + NOT-FOR-US: Sabberworm PHP CSS Parser +CVE-2020-13755 + RESERVED +CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-13752 + REJECTED +CVE-2020-13751 + REJECTED +CVE-2020-13750 + REJECTED +CVE-2020-13749 + REJECTED +CVE-2020-13748 + REJECTED +CVE-2020-13747 + REJECTED +CVE-2020-13746 + REJECTED +CVE-2020-13745 + REJECTED +CVE-2020-13744 + REJECTED +CVE-2020-13743 + REJECTED +CVE-2020-13742 + REJECTED +CVE-2020-13741 + REJECTED +CVE-2020-13740 + REJECTED +CVE-2020-13739 + REJECTED +CVE-2020-13738 + REJECTED +CVE-2020-13737 + REJECTED +CVE-2020-13736 + REJECTED +CVE-2020-13735 + REJECTED +CVE-2020-13734 + REJECTED +CVE-2020-13733 + REJECTED +CVE-2020-13732 + REJECTED +CVE-2020-13731 + REJECTED +CVE-2020-13730 + REJECTED +CVE-2020-13729 + REJECTED +CVE-2020-13728 + REJECTED +CVE-2020-13727 + REJECTED +CVE-2020-13726 + REJECTED +CVE-2020-13725 + REJECTED +CVE-2020-13724 + REJECTED +CVE-2020-13723 + REJECTED +CVE-2020-13722 + REJECTED +CVE-2020-13721 + REJECTED +CVE-2020-13720 + REJECTED +CVE-2020-13719 + REJECTED +CVE-2020-13718 + REJECTED +CVE-2020-13717 + REJECTED +CVE-2020-13716 + REJECTED +CVE-2020-13715 + REJECTED +CVE-2020-13714 + REJECTED +CVE-2020-13713 + REJECTED +CVE-2020-13712 + RESERVED +CVE-2020-13711 + RESERVED +CVE-2020-13710 + RESERVED +CVE-2020-13709 + RESERVED +CVE-2020-13708 + RESERVED +CVE-2020-13707 + RESERVED +CVE-2020-13706 + RESERVED +CVE-2020-13705 + RESERVED +CVE-2020-13704 + RESERVED +CVE-2020-13703 + RESERVED +CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...) + NOT-FOR-US: Compound Finance Compound Price Oracle +CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...) + {DSA-4728-1 DLA-2288-1} + - qemu 1:5.0-6 + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix) + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) +CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...) + NOT-FOR-US: Apple/Google Exposure Notification API +CVE-2020-13701 + RESERVED +CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...) + NOT-FOR-US: acf-to-rest-api plugin for WordPress +CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...) + NOT-FOR-US: TeamViewer Desktop +CVE-2020-13698 + RESERVED +CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...) + NOT-FOR-US: NanoHTTPD Java +CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...) + {DLA-2246-1} + - xawtv 3.107-1 (bug #962221) + [stretch] - xawtv (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6 + NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 + NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 + NOTE: But those sill allow to test for arbitrary files and would need: + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1 +CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) + NOT-FOR-US: QuickBox +CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) + NOT-FOR-US: QuickBox +CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) + NOT-FOR-US: bbPress plugin for WordPress +CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.) + - libpgjava 42.2.12-2 (low; bug #962828) + [buster] - libpgjava 42.2.5-2+deb10u1 + [stretch] - libpgjava (Minor issue) + [jessie] - libpgjava (Minor issue) + NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 +CVE-2020-13691 + RESERVED +CVE-2020-13690 + RESERVED +CVE-2020-13689 + RESERVED +CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...) + - drupal7 (Only affects Drupal 8 and 9) + NOTE: https://www.drupal.org/sa-core-2020-009 +CVE-2020-13687 + RESERVED +CVE-2020-13686 + RESERVED +CVE-2020-13685 + RESERVED +CVE-2020-13684 + RESERVED +CVE-2020-13683 + RESERVED +CVE-2020-13682 + RESERVED +CVE-2020-13681 + RESERVED +CVE-2020-13680 + RESERVED +CVE-2020-13679 + RESERVED +CVE-2020-13678 + RESERVED +CVE-2020-13677 (Under some circumstances, the Drupal core JSON:API module does not pro ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13676 (The QuickEdit module does not properly check access to fields in some ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13675 (Drupal's JSON:API and REST/File modules allow file uploads through the ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13674 (The QuickEdit module does not properly validate access to routes, whic ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13673 (The Entity Embed module provides a filter to allow embedding entities ...) + NOT-FOR-US: Drupal Entity Embed module +CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...) + {DLA-2458-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2020-012 + NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84 +CVE-2020-13670 (Information Disclosure vulnerability in file module of Drupal Core all ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13669 (Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core al ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13668 (Access Bypass vulnerability in Drupal Core allows for an attacker to l ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...) + NOT-FOR-US: Drupal 8.x +CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...) + {DLA-2458-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2020-007 + NOTE: https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a +CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...) + - drupal7 (Drupal 7 not affected) + NOTE: https://www.drupal.org/sa-core-2020-006 +CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...) + - drupal7 (Drupal 7 not affected) + NOTE: https://www.drupal.org/sa-core-2020-005 +CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does ...) + {DSA-4706-1 DLA-2263-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2020-004 + NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 +CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to execute ar ...) + NOT-FOR-US: Telerik +CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) + {DSA-4728-1 DLA-2288-1} + - qemu 1:5.0-6 + NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82 +CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...) + NOT-FOR-US: Lansweeper +CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...) + NOT-FOR-US: Avast +CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...) + NOT-FOR-US: Hobbes +CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...) + - collabtive +CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...) + NOT-FOR-US: XWiki +CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...) + NOT-FOR-US: Zimbra +CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) + NOT-FOR-US: DigDash +CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) + NOT-FOR-US: DigDash +CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 ...) + NOT-FOR-US: DigDash +CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) + - iotjs 1.0+715-1 + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786 + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788 +CVE-2020-13648 + RESERVED +CVE-2020-13647 + RESERVED +CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...) + NOT-FOR-US: cheetah free wifi +CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...) + - glib-networking 2.64.3-2 (bug #961756) + [buster] - glib-networking 2.58.0-2+deb10u1 + [stretch] - glib-networking 2.50.0-1+deb9u1 + NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 + NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility + NOTE: update as well for balsa (cf. https://bugs.debian.org/961792) +CVE-2019-20808 (In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA imp ...) + - qemu 1:4.2-1 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=aab0e2a661b2b6bf7915c0aefe807fb60d6d9d13 (v4.2.0-rc0) +CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted mode ...) + {DLA-2876-1} + - vim 2:8.1.2136-1 + [buster] - vim 2:8.1.0875-5+deb10u1 + [jessie] - vim (Minor issue) + NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 +CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...) + NOT-FOR-US: Accordion plugin for WordPress +CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) + NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress +CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) + NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress +CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...) + NOT-FOR-US: Real-Time Find and Replace plugin for WordPress +CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...) + NOT-FOR-US: gVectors wpDiscuz plugin for WordPress +CVE-2020-13639 (A stored XSS vulnerability was discovered in the ECT Provider in OutSy ...) + NOT-FOR-US: OutSystems Platform +CVE-2020-13638 (lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authenti ...) + NOT-FOR-US: rConfig +CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...) + NOT-FOR-US: stashcat app +CVE-2020-13636 + RESERVED +CVE-2020-13635 + RESERVED +CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...) + NOT-FOR-US: Windows Master (aka Windows Optimization Master) +CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title.) + NOT-FOR-US: Fork CMS +CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...) + {DLA-2340-1} + - sqlite3 3.32.0-1 + [buster] - sqlite3 3.27.2-3+deb10u1 + [jessie] - sqlite3 (Vulnerable code not present) + - sqlite (FTS (full-text search) modules not present in v2) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + NOTE: https://sqlite.org/src/info/a4dd148928ea65bd + NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 +CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) + - sqlite3 3.32.0-1 + [buster] - sqlite3 (Minor issue, too intrusive to backport) + [stretch] - sqlite3 (Minor issue, too intrusive to backport) + [jessie] - sqlite3 (Minor issue, too intrusive to backport) + - sqlite (ALTER TABLE not available in v2) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 +CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...) + {DLA-2340-1} + - sqlite3 3.32.0-1 + [buster] - sqlite3 3.27.2-3+deb10u1 + [jessie] - sqlite3 (Vulnerable code not found) + - sqlite (FTS (full-text search) modules not present in v2) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 + NOTE: https://sqlite.org/src/info/0d69f76f0865f962 + NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 +CVE-2020-13629 + RESERVED +CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) + - centreon-web (bug #913903) +CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) + - centreon-web (bug #913903) +CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...) + NOT-FOR-US: OnePlus App Locker +CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) + {DLA-2306-1 DLA-2244-1} + - libphp-phpmailer 6.1.6-1 (bug #962827) + [buster] - libphp-phpmailer (Minor issue) + NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj + NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3 +CVE-2020-13624 + RESERVED +CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...) + - iotjs (Vulnerable code never in released version) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3785 +CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...) + - iotjs (Vulnerable code never in released version) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/3787 + NOTE: https://github.com/jerryscript-project/jerryscript/pull/3797 +CVE-2020-13621 + RESERVED +CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...) + NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices +CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...) + NOT-FOR-US: Locutus PHP +CVE-2020-13618 + RESERVED +CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...) + NOT-FOR-US: Mitel +CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) + NOT-FOR-US: pichi +CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) + NOT-FOR-US: Qore +CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) + - axel 2.17.8-1 + [buster] - axel (Minor issue) + [stretch] - axel (Minor issue) + [jessie] - axel (SSL/TLS implemented from v2.10. But without ssl support is a major drawback) + NOTE: https://github.com/axel-download-accelerator/axel/issues/262 +CVE-2020-13613 + RESERVED +CVE-2020-13612 + REJECTED +CVE-2020-13611 + REJECTED +CVE-2020-13610 + REJECTED +CVE-2020-13609 + REJECTED +CVE-2020-13608 + REJECTED +CVE-2020-13607 + REJECTED +CVE-2020-13606 + REJECTED +CVE-2020-13605 + REJECTED +CVE-2020-13604 + REJECTED +CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions >= 1. ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions >= 1.14.2 ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) + NOT-FOR-US: Calico +CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) + {DSA-4705-1 DLA-2233-1} + - python-django 2:2.2.13-1 (bug #962323) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 + NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) + NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch) + NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch) + NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch) +CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) + NOT-FOR-US: Espressif +CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) + NOT-FOR-US: Espressif +CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) + NOT-FOR-US: Espressif +CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be tricked ...) + {DSA-4693-1 DLA-2250-1} + - drupal7 + NOTE: https://www.drupal.org/sa-core-2020-003 + NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072 +CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lists/cho ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13590 (Multiple exploitable SQL injection vulnerabilities exist in the 'entit ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the \u2018entitie ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the \u2018entitie ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...) + NOT-FOR-US: Rukovoditel Project Management App +CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...) + NOT-FOR-US: SoftMaker +CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...) + NOT-FOR-US: AccuSoft +CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) + {DSA-4797-1} + - webkit2gtk 2.30.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.30.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0008.html +CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server functional ...) + NOT-FOR-US: Micrium +CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...) + NOT-FOR-US: Micrium +CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...) + NOT-FOR-US: SoftMaker +CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...) + NOT-FOR-US: SoftMaker +CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...) + NOT-FOR-US: SoftMaker +CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) + - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap (Minor issue) + [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 +CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) + - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap (Minor issue) + [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 +CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...) + - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap (Minor issue) + [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 +CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...) + - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap (Minor issue) + [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 +CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) + - gsoap 2.8.104-3 (bug #983596) + [buster] - gsoap (Minor issue) + [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 +CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) + NOT-FOR-US: Rockwell Automation RSLinx Classic +CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser decodes ...) + NOT-FOR-US: Accusoft +CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE decompressi ...) + NOT-FOR-US: Accusoft +CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...) + NOT-FOR-US: OpenEMR +CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...) + NOT-FOR-US: phpGACL +CVE-2020-13567 (Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A speci ...) + NOT-FOR-US: phpGACL +CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...) + NOT-FOR-US: phpGACL +CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...) + NOT-FOR-US: OpenEMR +CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...) + NOT-FOR-US: phpGACL +CVE-2020-13563 (A cross-site scripting vulnerability exists in the template functional ...) + NOT-FOR-US: phpGACL +CVE-2020-13562 (A cross-site scripting vulnerability exists in the template functional ...) + NOT-FOR-US: phpGACL +CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser of Accu ...) + NOT-FOR-US: Accusoft +CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...) + NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator +CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...) + {DSA-4854-1} + - webkit2gtk 2.30.5-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.30.5-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0001.html +CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) + NOT-FOR-US: Advantech WebAccess/SCADA +CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Sytech XL Reporter +CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) + NOT-FOR-US: Foxit Reader +CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) + NOT-FOR-US: Foxit +CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...) + NOT-FOR-US: SoftMaker +CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...) + NOT-FOR-US: SoftMaker +CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...) + NOT-FOR-US: SoftMaker +CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...) + {DSA-4797-1} + - webkit2gtk 2.30.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.30.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0009.html +CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...) + NOT-FOR-US: LogicalDoc +CVE-2020-13541 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Mobile-911 Server +CVE-2020-13540 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Win-911 Enterprise +CVE-2020-13539 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Win-911 Enterprise +CVE-2020-13538 + RESERVED +CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Moxa +CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...) + NOT-FOR-US: Microsoft +CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...) + NOT-FOR-US: Kepware LinkMaster +CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. C ...) + NOT-FOR-US: Dream Report +CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) + NOT-FOR-US: Dream Report +CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) + NOT-FOR-US: Dream Report +CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) + NOT-FOR-US: EIP Stack Group OpENer +CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in Systemd 245. ...) + - systemd 249.4-2 (unimportant) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 + NOTE: https://github.com/systemd/systemd/issues/16774 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5 (v249-rc2) + NOTE: Generic DHCP protocol issue, negligible security impact +CVE-2020-13528 (An information disclosure vulnerability exists in the Web Manager and ...) + NOT-FOR-US: Lantronix +CVE-2020-13527 (An authentication bypass vulnerability exists in the Web Manager funct ...) + NOT-FOR-US: Lantronix +CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...) + NOT-FOR-US: ProcessMaker +CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...) + NOT-FOR-US: ProcessMaker +CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...) + NOT-FOR-US: SoftPerfect +CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...) + NOT-FOR-US: SoftPerfect +CVE-2020-13521 + REJECTED +CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13509 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) + NOT-FOR-US: NZXT CAM +CVE-2020-13508 + REJECTED +CVE-2020-13507 + REJECTED +CVE-2020-13506 + REJECTED +CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...) + NOT-FOR-US: ednareporting.asmx +CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...) + NOT-FOR-US: ednareporting.asmx +CVE-2020-13503 + REJECTED +CVE-2020-13502 + REJECTED +CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) + NOT-FOR-US: CHaD.asmx +CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...) + NOT-FOR-US: CHaD.asmx +CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) + NOT-FOR-US: CHaD.asmx +CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13495 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) + NOT-FOR-US: Pixar OpenUSD +CVE-2020-13492 + RESERVED +CVE-2020-13491 + RESERVED +CVE-2020-13490 + RESERVED +CVE-2020-13489 + RESERVED +CVE-2020-13488 + RESERVED +CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...) + NOT-FOR-US: WordPress plugin +CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...) + NOT-FOR-US: Craft CMS plugin +CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...) + NOT-FOR-US: Craft CMS plugin +CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...) + NOT-FOR-US: Bitrix24 +CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...) + NOT-FOR-US: Bitrix24 +CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...) + NOT-FOR-US: EM-HTTP-Request +CVE-2020-13481 + RESERVED +CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...) + NOT-FOR-US: Verint Workforce Optimization (WFO) +CVE-2020-13479 + RESERVED +CVE-2020-13478 + RESERVED +CVE-2020-13477 + RESERVED +CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the ...) + NOT-FOR-US: NCH Express Invoice +CVE-2020-13475 + RESERVED +CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated low-privile ...) + NOT-FOR-US: NCH Express Accounts +CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to discover t ...) + NOT-FOR-US: NCH Express Accounts +CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...) + NOT-FOR-US: Gigadevice GD32F103 devices +CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...) + NOT-FOR-US: Apex Microelectronics APM32F103 devices +CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...) + NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices +CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...) + NOT-FOR-US: Gigadevice GD32VF103 devices +CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...) + NOT-FOR-US: Gigadevice GD32F130 devices +CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integrated ...) + NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices +CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...) + NOT-FOR-US: STMicroelectronics STM32F103 devices +CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...) + NOT-FOR-US: Gigadevice GD32F103 devices +CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integrated ...) + NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices +CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...) + NOT-FOR-US: Apex Microelectronics APM32F103 devices +CVE-2020-13462 (Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, ...) + NOT-FOR-US: Tufin +CVE-2020-13461 (Username enumeration in present in Tufin SecureTrack. It's affecting a ...) + NOT-FOR-US: Tufin +CVE-2020-13460 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were presen ...) + NOT-FOR-US: Tufin +CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) + NOT-FOR-US: Image Resizer plugin for Craft CMS +CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) + NOT-FOR-US: Image Resizer plugin for Craft CMS +CVE-2020-13457 + RESERVED +CVE-2020-13456 + RESERVED +CVE-2020-13455 + RESERVED +CVE-2020-13454 + RESERVED +CVE-2020-13453 + RESERVED +CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...) + NOT-FOR-US: Gotenberg +CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of ...) + NOT-FOR-US: Gotenberg +CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...) + NOT-FOR-US: Gotenberg +CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...) + NOT-FOR-US: Gotenberg +CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) + NOT-FOR-US: QuickBox +CVE-2020-13447 + RESERVED +CVE-2020-13446 + RESERVED +CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...) + NOT-FOR-US: Liferay +CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...) + NOT-FOR-US: Liferay +CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...) + NOT-FOR-US: ExpressionEngine +CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...) + NOT-FOR-US: DEXT5 +CVE-2020-13441 + RESERVED +CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.) + NOT-FOR-US: ffjpeg +CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...) + NOT-FOR-US: ffjpeg +CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...) + NOT-FOR-US: ffjpeg +CVE-2020-13437 + RESERVED +CVE-2020-13436 + RESERVED +CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...) + - sqlite3 3.32.1-1 + [buster] - sqlite3 3.27.2-3+deb10u1 + [stretch] - sqlite3 (Vulnerable code introduced later) + [jessie] - sqlite3 (Vulnerable code introduced later) + - sqlite (Vulnerable code introduced later, window functions not present in v2) + NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1 + NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1 + NOTE: https://www.sqlite.org/src/info/572105de1d44bca4 +CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...) + {DLA-2340-1 DLA-2221-1} + - sqlite3 3.32.1-1 + [buster] - sqlite3 3.27.2-3+deb10u1 + - sqlite + [buster] - sqlite (Vulnerable code introduced later) + NOTE: https://www.sqlite.org/src/info/23439ea582241138 + NOTE: https://www.sqlite.org/src/info/d08d3405878d394e + NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 + NOTE: floating point precision limit safeguards are present in sqlite (V2), refactoring in V3 made it vulnerable. +CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...) + NOT-FOR-US: Jason2605 AdminPanel +CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) + NOT-FOR-US: Rejetto HTTP File Server +CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...) + - i2p (Windows-specific) +CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.) + - grafana + NOTE: https://github.com/grafana/grafana/pull/24539 +CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) + NOT-FOR-US: piechart-panel plugin for Grafana +CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...) + {DSA-4704-1} + - vlc 3.0.11-1 + [jessie] - vlc (Not supported in jessie LTS) + NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 + NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 +CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...) + NOT-FOR-US: Victor CMS +CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...) + NOT-FOR-US: Multi-Scheduler plugin for WordPress +CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...) + NOT-FOR-US: TrackR +CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...) + NOT-FOR-US: Joomla addon +CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...) + NOT-FOR-US: Form Builder for Magento +CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...) + NOT-FOR-US: OpenIAM +CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...) + NOT-FOR-US: OpenIAM +CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...) + NOT-FOR-US: OpenIAM +CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task.) + NOT-FOR-US: OpenIAM +CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature.) + NOT-FOR-US: OpenIAM +CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...) + NOT-FOR-US: Aviatrix +CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...) + NOT-FOR-US: Aviatrix +CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...) + NOT-FOR-US: Aviatrix +CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...) + NOT-FOR-US: Aviatrix +CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...) + NOT-FOR-US: Aviatrix +CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...) + NOT-FOR-US: Aviatrix +CVE-2020-13411 + RESERVED +CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...) + NOT-FOR-US: MoscaJS Aedes +CVE-2020-13409 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) + NOT-FOR-US: Tufin +CVE-2020-13408 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) + NOT-FOR-US: Tufin +CVE-2020-13407 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, t ...) + NOT-FOR-US: Tufin +CVE-2020-13406 + RESERVED +CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...) + NOT-FOR-US: Microweber +CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...) + NOT-FOR-US: Atos-Magento +CVE-2020-13403 + RESERVED +CVE-2020-13402 + RESERVED +CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker ...) + {DSA-4716-1} + - docker.io 19.03.11+dfsg1-1 (bug #962141) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233 + NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6 +CVE-2020-13400 + RESERVED +CVE-2020-13399 + RESERVED +CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea +CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 +CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc +CVE-2020-13395 + RESERVED +CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) + NOT-FOR-US: Tenda devices +CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) + NOT-FOR-US: jw.util +CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...) + NOT-FOR-US: Pexip Infinity +CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...) + NOT-FOR-US: SmartDraw +CVE-2020-13385 + RESERVED +CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...) + NOT-FOR-US: Monstra CMS +CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal.) + NOT-FOR-US: openSIS +CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control.) + NOT-FOR-US: openSIS +CVE-2020-13381 (openSIS through 7.4 allows SQL Injection.) + NOT-FOR-US: openSIS +CVE-2020-13380 (openSIS before 7.4 allows SQL Injection.) + NOT-FOR-US: openSIS +CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...) + - grafana + NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4 + NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/ +CVE-2020-13378 (Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Inj ...) + NOT-FOR-US: Loadbalancer.org Enterprise VA MAX +CVE-2020-13377 (The web-services interface of Loadbalancer.org Enterprise VA MAX throu ...) + NOT-FOR-US: Loadbalancer.org Enterprise VA MAX +CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...) + NOT-FOR-US: SecurEnvoy SecurMail +CVE-2020-13375 + RESERVED +CVE-2020-13374 + RESERVED +CVE-2020-13373 + RESERVED +CVE-2020-13372 + RESERVED +CVE-2020-13371 + RESERVED +CVE-2020-13370 + RESERVED +CVE-2020-13369 + RESERVED +CVE-2020-13368 + RESERVED +CVE-2020-13367 + RESERVED +CVE-2020-13366 + RESERVED +CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...) + NOT-FOR-US: Zyxel +CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...) + NOT-FOR-US: Zyxel +CVE-2020-13363 + RESERVED +CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) + {DSA-4728-1 DLA-2288-1 DLA-2262-1} + - qemu 1:5.0-6 (bug #961887) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html +CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) + {DSA-4728-1 DLA-2288-1 DLA-2262-1} + - qemu 1:5.0-6 (bug #961888) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html +CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) + {DSA-4698-1 DLA-2242-1} + - linux 5.2.6-1 + [buster] - linux 4.19.118-1 + [jessie] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528 +CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...) + - upx-ucl 3.96-1 (unimportant) + NOTE: https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010 + NOTE: https://github.com/upx/upx/issues/317 +CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...) + NOT-FOR-US: Gila CMS +CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...) + NOT-FOR-US: Gila CMS +CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...) + - jodd (bug #961298) + [buster] - jodd (Minor issue; upstream fix needs changes in rdeps and none present in Buster) + NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 + NOTE: https://github.com/oblac/jodd/issues/628 +CVE-2017-18868 (Digi XBee 2 devices do not have an effective protection mechanism agai ...) + NOT-FOR-US: Digi XBee 2 devices +CVE-2020-13360 + REJECTED +CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object storage si ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, > ...) + - gitlab 13.4.7-1 + NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ +CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13355 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13354 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13353 (When importing repos via URL, one time use git credentials were persis ...) + - gitaly 13.3.9-1 +CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 10.2 and a ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in GitLab CE/ ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab CE/EE all ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all versions start ...) + - gitlab (Specific to EE) +CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...) + - gitlab-ci-multi-runner (Only affects gitlab-runner when configured on Windows) +CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...) + - gitlab 13.2.10-1 +CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 13.2.10-1 +CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...) + - gitlab 13.2.10-1 +CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...) + - gitlab 13.2.10-1 +CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...) + - gitlab 13.2.10-1 +CVE-2020-13341 (An issue has been discovered in GitLab affecting all versions prior to ...) + - gitlab 13.2.10-1 +CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...) + - gitlab 13.3.9-1 + NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ +CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...) + - gitlab 13.2.10-1 +CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...) + - gitlab 13.2.3-2 + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273 +CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 12.10 t ...) + - gitlab (Only affected 12.10 to 12.10.12) + NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049 +CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...) + - gitlab (Only affected 11.x/12.x while unstable on 13.x) +CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...) + - gitlab 13.2.10-1 +CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...) + - gitlab 13.2.10-1 +CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...) + - gitlab 13.2.10-1 +CVE-2020-13332 + REJECTED +CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...) + - gitlab 13.2.3-2 +CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...) + - gitlab 13.2.3-2 +CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...) + - gitlab 13.2.3-2 +CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...) + - gitlab 13.2.3-2 +CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...) + - gitlab-ci-multi-runner 14.10.1-1 (bug #985377) +CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) + - gitlab 13.2.3-2 +CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...) + - gitlab 13.2.3-2 +CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) + - gitlab 13.2.3-2 +CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...) + - gitlab 13.2.3-2 +CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...) + - gitlab 13.2.3-2 +CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...) + - gitlab 13.2.3-2 +CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...) + - gitlab 13.2.3-2 +CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...) + - gitlab 13.2.3-2 +CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13317 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13315 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13314 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13313 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13312 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13311 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before 13.1.3 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13300 (GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth a ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13296 (An issue has been discovered in GitLab affecting versions >=10.7 <13.0 ...) + - gitlab 13.2.6-1 +CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...) + - gitlab-ci-multi-runner (bug #985377) + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...) + - gitlab (Only affects GitLab 13.2 and later) + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...) + - gitlab (Only affects GitLab 13.0 and later) + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...) + - gitlab (Only affects GitLab 12.7 and later) + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) ...) + - gitlab (Only affects GitLab 12.9 and later) + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) + - gitlab 13.2.8-1 + NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ +CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13282 (For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occur ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13281 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists i ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13280 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exi ...) + [experimental] - gitlab 13.1.6-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ +CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...) + NOT-FOR-US: gitlab-vscode-extension +CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...) + NOT-FOR-US: RosarioSIS Student Information System +CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/ +CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) + - gitlab (Only affects GitLab EE/CE 12.2 and later) +CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) + - gitlab (Only affects GitLab 12.0 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) + - gitlab (Only affects GitLab 12.3 and later) +CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...) + - gitlab (Only affects GitLab 12.10 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...) + - gitlab (Only affects GitLab 12.10 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...) + - gitlab (Only affects GitLab 12.8 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) + - gitlab (Only affects GitLab 12.8 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) + - gitlab (Only affects GitLab 12.5 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) + - gitlab (Specific to EE) +CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) + - gitlab (Only affects GitLab 12.9 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) + - gitlab (Only affects GitLab 12.6 and later) + NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ +CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) + NOT-FOR-US: RAD SecFlow-1v os-image +CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) + NOT-FOR-US: RAD SecFlow-1v os-image +CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) + NOT-FOR-US: Contentful +CVE-2020-13257 + RESERVED +CVE-2020-13256 + RESERVED +CVE-2020-13255 + RESERVED +CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) + {DSA-4705-1 DLA-2233-1} + - python-django 2:2.2.13-1 (bug #962323) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 + NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) + NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch) + NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch) + NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch) + NOTE: Regression https://code.djangoproject.com/ticket/31654 +CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...) + {DLA-3099-1 DLA-2373-1} + - qemu 1:5.0-8 (bug #961297) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 + NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer) + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1) +CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) + - centreon-web (bug #913903) +CVE-2020-13251 + RESERVED +CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...) + - consul 1.7.4+dfsg1-1 + [buster] - consul (Vulnerable code not present) + NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + NOTE: https://github.com/hashicorp/consul/pull/8023 +CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) + - mariadb-10.3 1:10.3.23-1 + [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 + - mariadb-10.1 (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) + NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) +CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...) + NOT-FOR-US: BooleBox Secure File Sharing Utility +CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...) + NOT-FOR-US: BooleBox Secure File Sharing Utility +CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) + - gitea +CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...) + NOT-FOR-US: Netgear +CVE-2020-13244 + RESERVED +CVE-2020-13243 + RESERVED +CVE-2020-13242 + RESERVED +CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) + NOT-FOR-US: Microweber +CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) + - dolibarr +CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) + - dolibarr +CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...) + NOT-FOR-US: Mitsubishi +CVE-2020-13237 + RESERVED +CVE-2020-13236 + RESERVED +CVE-2020-13235 + RESERVED +CVE-2020-13234 + RESERVED +CVE-2020-13233 + RESERVED +CVE-2020-13232 + RESERVED +CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...) + - cacti 1.2.11+ds1-1 + [buster] - cacti 1.2.2+ds1-2+deb10u3 + [stretch] - cacti (auth_profile.php / user self-management introduced in v1.0) + NOTE: https://github.com/Cacti/cacti/issues/3342 +CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...) + {DLA-2965-1} + - cacti 1.2.11+ds1-1 + [buster] - cacti 1.2.2+ds1-2+deb10u3 + NOTE: https://github.com/Cacti/cacti/issues/3343 +CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...) + NOT-FOR-US: Sysax Multi Server +CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...) + NOT-FOR-US: Sysax Multi Server +CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...) + NOT-FOR-US: Sysax Multi Server +CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...) + NOT-FOR-US: WSO2 API Manager +CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...) + - phpipam (bug #731713) + NOTE: https://github.com/phpipam/phpipam/issues/3025 +CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...) + NOT-FOR-US: TP-Link +CVE-2020-13223 (HashiCorp Vault and Vault Enterprise logged proxy environment variable ...) + NOT-FOR-US: HashiCorp Vault +CVE-2020-13222 + REJECTED +CVE-2020-13221 + REJECTED +CVE-2020-13220 + REJECTED +CVE-2020-13219 + REJECTED +CVE-2020-13218 + REJECTED +CVE-2020-13217 + REJECTED +CVE-2020-13216 + REJECTED +CVE-2020-13215 + REJECTED +CVE-2020-13214 + REJECTED +CVE-2020-13213 + REJECTED +CVE-2020-13212 + REJECTED +CVE-2020-13211 + REJECTED +CVE-2020-13210 + REJECTED +CVE-2020-13209 + REJECTED +CVE-2020-13208 + REJECTED +CVE-2020-13207 + REJECTED +CVE-2020-13206 + REJECTED +CVE-2020-13205 + REJECTED +CVE-2020-13204 + REJECTED +CVE-2020-13203 + REJECTED +CVE-2020-13202 + REJECTED +CVE-2020-13201 + REJECTED +CVE-2020-13200 + REJECTED +CVE-2020-13199 + REJECTED +CVE-2020-13198 + REJECTED +CVE-2020-13197 + REJECTED +CVE-2020-13196 + REJECTED +CVE-2020-13195 + REJECTED +CVE-2020-13194 + REJECTED +CVE-2020-13193 + REJECTED +CVE-2020-13192 + REJECTED +CVE-2020-13191 + REJECTED +CVE-2020-13190 + REJECTED +CVE-2020-13189 + REJECTED +CVE-2020-13188 + REJECTED +CVE-2020-13187 + REJECTED +CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...) + NOT-FOR-US: Teradici +CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...) + NOT-FOR-US: Teradici +CVE-2020-13184 + RESERVED +CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) + NOT-FOR-US: Teradici +CVE-2020-13182 + RESERVED +CVE-2020-13181 + RESERVED +CVE-2020-13180 + RESERVED +CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...) + NOT-FOR-US: Teradici +CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...) + NOT-FOR-US: Teradici +CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...) + NOT-FOR-US: Teradici +CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) + NOT-FOR-US: Teradici +CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) + NOT-FOR-US: Teradici +CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...) + NOT-FOR-US: Teradici +CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...) + NOT-FOR-US: Teradici +CVE-2020-13172 + RESERVED +CVE-2020-13171 + RESERVED +CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...) + - consul 1.7.4+dfsg1-1 + [buster] - consul (Vulnerable code not present) + NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + NOTE: https://github.com/hashicorp/consul/pull/8068 +CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) + NOT-FOR-US: SolarWinds +CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...) + NOT-FOR-US: SysAid +CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) + NOT-FOR-US: Netsweeper +CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) + NOT-FOR-US: MyLittleAdmin +CVE-2020-13165 + RESERVED +CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) + {DLA-2547-1} + - wireshark 3.2.4-1 (low) + [buster] - wireshark 2.6.20-0+deb10u1 + [jessie] - wireshark (Can be fixed along with other CVEs) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html +CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) + NOT-FOR-US: em-imap +CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...) + NOT-FOR-US: Pulse Secure Client +CVE-2020-13161 + RESERVED +CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) + NOT-FOR-US: AnyDesk +CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...) + NOT-FOR-US: Artica Proxy +CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...) + NOT-FOR-US: Artica Proxy +CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...) + NOT-FOR-US: NukeViet +CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a ...) + NOT-FOR-US: NukeViet +CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...) + NOT-FOR-US: NukeViet +CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...) + NOT-FOR-US: Zoho +CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) + NOT-FOR-US: MISP +CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) + - amarok (unimportant) + NOTE: Elevated resource usage in client application, no security impact +CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...) + NOT-FOR-US: Aerospike +CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...) + NOT-FOR-US: D-Link +CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) + NOT-FOR-US: Dragon Center +CVE-2020-13148 + RESERVED +CVE-2020-13147 + RESERVED +CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...) + NOT-FOR-US: Studio in Open edX Ironwood +CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...) + NOT-FOR-US: Studio in Open edX Ironwood +CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...) + NOT-FOR-US: Studio in Open edX Ironwood +CVE-2020-13142 + RESERVED +CVE-2020-13141 + RESERVED +CVE-2020-13140 + RESERVED +CVE-2020-13139 + RESERVED +CVE-2020-13138 + RESERVED +CVE-2020-13137 + RESERVED +CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...) + NOT-FOR-US: D-Link +CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...) + NOT-FOR-US: D-Link +CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) + NOT-FOR-US: Tufin SecureChange +CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) + NOT-FOR-US: Tufin SecureChange +CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...) + - yubico-piv-tool 2.1.1-1 (bug #972644) + [stretch] - yubico-piv-tool (Vulnerable code not present) + NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/ + NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ +CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...) + - yubico-piv-tool 2.1.1-1 (bug #975612) + [stretch] - yubico-piv-tool (Vulnerable code not present) + NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ +CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.6.14-1 + NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f +CVE-2020-13130 + RESERVED +CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...) + NOT-FOR-US: stashcat app for MacOS +CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) + NOT-FOR-US: Manolo GWTUpload +CVE-2019-20802 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) + NOT-FOR-US: Readdle Documents +CVE-2019-20801 (An issue was discovered in the Readdle Documents app before 6.9.7 for ...) + NOT-FOR-US: Readdle Documents +CVE-2019-20800 (In Cherokee through 1.2.104, remote attackers can trigger an out-of-bo ...) + - cherokee +CVE-2019-20799 (In Cherokee through 1.2.104, multiple memory corruption errors may be ...) + - cherokee +CVE-2019-20798 (An XSS issue was discovered in handler_server_info.c in Cherokee throu ...) + - cherokee +CVE-2019-20797 (An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer ...) + - prboom-plus 2:2.5.1.7um+git82-1 (bug #961031) + [buster] - prboom-plus (Minor issue) + [stretch] - prboom-plus (Minor issue) + [jessie] - prboom-plus (games are not supported) + NOTE: https://logicaltrust.net/blog/2019/10/prboom1.html + NOTE: https://sourceforge.net/p/prboom-plus/bugs/252/ + NOTE: https://sourceforge.net/p/prboom-plus/bugs/253/ +CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) + NOT-FOR-US: Loway QueueMetrics +CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) + NOT-FOR-US: Elementor Pro plugin for WordPress +CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) + NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress +CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...) + - sabnzbdplus 3.1.1+dfsg-1 + [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1 + [stretch] - sabnzbdplus (contrib not supported) + NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 + NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429 + NOTE: https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3 +CVE-2020-13123 + RESERVED +CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) + NOT-FOR-US: Noviflow +CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) + NOT-FOR-US: Submitty +CVE-2020-13120 + RESERVED +CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking.) + NOT-FOR-US: ismartgate PRO +CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) + NOT-FOR-US: Mikrotik-Router-Monitoring-System +CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...) + NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices +CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...) + NOT-FOR-US: OpenText Carbonite Server Backup Portal +CVE-2020-13115 + RESERVED +CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) + {DLA-2222-1} + - libexif 0.6.21-9 (bug #961410) + [buster] - libexif 0.6.21-5.1+deb10u3 + [stretch] - libexif 0.6.21-2+deb9u3 + NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) +CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) + {DLA-2222-1} + - libexif 0.6.21-9 (bug #961409) + [buster] - libexif 0.6.21-5.1+deb10u3 + [stretch] - libexif 0.6.21-2+deb9u3 + NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) +CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) + {DLA-2222-1} + - libexif 0.6.21-9 (bug #961407) + [buster] - libexif 0.6.21-5.1+deb10u3 + [stretch] - libexif 0.6.21-2+deb9u3 + NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) +CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) + NOT-FOR-US: NaviServer +CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) + NOT-FOR-US: Node kerberos +CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...) + NOT-FOR-US: Morita Shogi +CVE-2020-13108 + RESERVED +CVE-2020-13107 + RESERVED +CVE-2020-13106 + RESERVED +CVE-2020-13105 + RESERVED +CVE-2020-13104 + RESERVED +CVE-2020-13103 + RESERVED +CVE-2020-13102 + RESERVED +CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...) + NOT-FOR-US: OASIS Digital Signature Services (DSS) +CVE-2020-13100 (Arista\u2019s CloudVision eXchange (CVX) server before 4.21.12M, 4.22. ...) + NOT-FOR-US: Arista +CVE-2020-13099 + RESERVED +CVE-2020-13098 + RESERVED +CVE-2020-13097 + RESERVED +CVE-2020-13096 + RESERVED +CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...) + NOT-FOR-US: Little Snitch +CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS.) + - dolibarr +CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.) + NOT-FOR-US: iSpyConnect.com Agent DVR +CVE-2020-13092 (scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute ...) + - scikit-learn (unimportant) +CVE-2020-13091 (pandas through 1.0.3 can unserialize and execute commands from an untr ...) + - pandas (unimportant) +CVE-2020-13090 + RESERVED +CVE-2020-13089 + REJECTED +CVE-2020-13088 + REJECTED +CVE-2020-13087 + REJECTED +CVE-2020-13086 + REJECTED +CVE-2020-13085 + REJECTED +CVE-2020-13084 + REJECTED +CVE-2020-13083 + REJECTED +CVE-2020-13082 + REJECTED +CVE-2020-13081 + REJECTED +CVE-2020-13080 + REJECTED +CVE-2020-13079 + REJECTED +CVE-2020-13078 + REJECTED +CVE-2020-13077 + REJECTED +CVE-2020-13076 + REJECTED +CVE-2020-13075 + REJECTED +CVE-2020-13074 + REJECTED +CVE-2020-13073 + REJECTED +CVE-2020-13072 + REJECTED +CVE-2020-13071 + REJECTED +CVE-2020-13070 + REJECTED +CVE-2020-13069 + REJECTED +CVE-2020-13068 + REJECTED +CVE-2020-13067 + REJECTED +CVE-2020-13066 + REJECTED +CVE-2020-13065 + REJECTED +CVE-2020-13064 + REJECTED +CVE-2020-13063 + REJECTED +CVE-2020-13062 + REJECTED +CVE-2020-13061 + REJECTED +CVE-2020-13060 + REJECTED +CVE-2020-13059 + REJECTED +CVE-2020-13058 + REJECTED +CVE-2020-13057 + REJECTED +CVE-2020-13056 + REJECTED +CVE-2020-13055 + REJECTED +CVE-2020-13054 + REJECTED +CVE-2020-13053 + REJECTED +CVE-2020-13052 + REJECTED +CVE-2020-13051 + REJECTED +CVE-2020-13050 + REJECTED +CVE-2020-13049 + REJECTED +CVE-2020-13048 + REJECTED +CVE-2020-13047 + REJECTED +CVE-2020-13046 + REJECTED +CVE-2020-13045 + REJECTED +CVE-2020-13044 + REJECTED +CVE-2020-13043 + REJECTED +CVE-2020-13042 + REJECTED +CVE-2020-13041 + REJECTED +CVE-2020-13040 + REJECTED +CVE-2020-13039 + REJECTED +CVE-2020-13038 + REJECTED +CVE-2020-13037 + REJECTED +CVE-2020-13036 + REJECTED +CVE-2020-13035 + REJECTED +CVE-2020-13034 + REJECTED +CVE-2020-13033 + REJECTED +CVE-2020-13032 + REJECTED +CVE-2020-13031 + REJECTED +CVE-2020-13030 + REJECTED +CVE-2020-13029 + REJECTED +CVE-2020-13028 + REJECTED +CVE-2020-13027 + REJECTED +CVE-2020-13026 + REJECTED +CVE-2020-13025 + REJECTED +CVE-2020-13024 + REJECTED +CVE-2020-13023 + REJECTED +CVE-2020-13022 + REJECTED +CVE-2020-13021 + REJECTED +CVE-2020-13020 + REJECTED +CVE-2020-13019 + REJECTED +CVE-2020-13018 + REJECTED +CVE-2020-13017 + REJECTED +CVE-2020-13016 + REJECTED +CVE-2020-13015 + REJECTED +CVE-2020-13014 + REJECTED +CVE-2020-13013 + REJECTED +CVE-2020-13012 + REJECTED +CVE-2020-13011 + REJECTED +CVE-2020-13010 + REJECTED +CVE-2020-13009 + REJECTED +CVE-2020-13008 + REJECTED +CVE-2020-13007 + REJECTED +CVE-2020-13006 + REJECTED +CVE-2020-13005 + REJECTED +CVE-2020-13004 + REJECTED +CVE-2020-13003 + REJECTED +CVE-2020-13002 + REJECTED +CVE-2020-13001 + REJECTED +CVE-2020-13000 + REJECTED +CVE-2020-12999 + REJECTED +CVE-2020-12998 + REJECTED +CVE-2020-12997 + REJECTED +CVE-2020-12996 + REJECTED +CVE-2020-12995 + REJECTED +CVE-2020-12994 + REJECTED +CVE-2020-12993 + REJECTED +CVE-2020-12992 + REJECTED +CVE-2020-12991 + REJECTED +CVE-2020-12990 + REJECTED +CVE-2020-12989 + REJECTED +CVE-2020-12988 (A potential denial of service (DoS) vulnerability exists in the integr ...) + NOT-FOR-US: AMD +CVE-2020-12987 (A heap information leak/kernel pool address disclosure vulnerability i ...) + NOT-FOR-US: AMD +CVE-2020-12986 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) + NOT-FOR-US: AMD +CVE-2020-12985 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) + NOT-FOR-US: AMD +CVE-2020-12984 + REJECTED +CVE-2020-12983 (An out of bounds write vulnerability in the AMD Graphics Driver for Wi ...) + NOT-FOR-US: AMD +CVE-2020-12982 (An invalid object pointer free vulnerability in the AMD Graphics Drive ...) + NOT-FOR-US: AMD +CVE-2020-12981 (An insufficient input validation in the AMD Graphics Driver for Window ...) + NOT-FOR-US: AMD +CVE-2020-12980 (An out of bounds write and read vulnerability in the AMD Graphics Driv ...) + NOT-FOR-US: AMD +CVE-2020-12979 + REJECTED +CVE-2020-12978 + REJECTED +CVE-2020-12977 + REJECTED +CVE-2020-12976 + REJECTED +CVE-2020-12975 + REJECTED +CVE-2020-12974 + REJECTED +CVE-2020-12973 + REJECTED +CVE-2020-12972 + REJECTED +CVE-2020-12971 + REJECTED +CVE-2020-12970 + REJECTED +CVE-2020-12969 + REJECTED +CVE-2020-12968 + REJECTED +CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...) + NOT-FOR-US: AMD +CVE-2020-12966 (AMD EPYC\u2122 Processors contain an information disclosure vulnerabil ...) + NOT-FOR-US: AMD +CVE-2020-12965 (When combined with specific software sequences, AMD CPUs may transient ...) + NOT-FOR-US: AMD +CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...) + NOT-FOR-US: AMD +CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...) + NOT-FOR-US: AMD +CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...) + NOT-FOR-US: AMD +CVE-2020-12959 + REJECTED +CVE-2020-12958 + REJECTED +CVE-2020-12957 + REJECTED +CVE-2020-12956 + REJECTED +CVE-2020-12955 + REJECTED +CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...) + NOT-FOR-US: AMD +CVE-2020-12953 + REJECTED +CVE-2020-12952 + REJECTED +CVE-2020-12951 (Race condition in ASP firmware could allow less privileged x86 code to ...) + NOT-FOR-US: AMD +CVE-2020-12950 + REJECTED +CVE-2020-12949 + REJECTED +CVE-2020-12948 + REJECTED +CVE-2020-12947 + REJECTED +CVE-2020-12946 (Insufficient input validation in ASP firmware for discrete TPM command ...) + NOT-FOR-US: AMD +CVE-2020-12945 + REJECTED +CVE-2020-12944 (Insufficient validation of BIOS image length by ASP Firmware could lea ...) + NOT-FOR-US: AMD +CVE-2020-12943 + REJECTED +CVE-2020-12942 + REJECTED +CVE-2020-12941 + REJECTED +CVE-2020-12940 + RESERVED +CVE-2020-12939 + REJECTED +CVE-2020-12938 + REJECTED +CVE-2020-12937 + REJECTED +CVE-2020-12936 + REJECTED +CVE-2020-12935 + REJECTED +CVE-2020-12934 + REJECTED +CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...) + NOT-FOR-US: AMD ATIKMDAG.SYS +CVE-2020-12932 + RESERVED +CVE-2020-12931 (Improper parameters handling in the AMD Secure Processor (ASP) kernel ...) + NOT-FOR-US: AMD +CVE-2020-12930 (Improper parameters handling in AMD Secure Processor (ASP) drivers may ...) + NOT-FOR-US: AMD +CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...) + NOT-FOR-US: AMD +CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...) + NOT-FOR-US: AMD Ryzen Master +CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver in AMD VB ...) + NOT-FOR-US: AMD +CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not properly ...) + NOT-FOR-US: AMD +CVE-2020-12925 + REJECTED +CVE-2020-12924 + REJECTED +CVE-2020-12923 + REJECTED +CVE-2020-12922 + REJECTED +CVE-2020-12921 + REJECTED +CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...) + NOT-FOR-US: AMD +CVE-2020-12919 + REJECTED +CVE-2020-12918 + REJECTED +CVE-2020-12917 + REJECTED +CVE-2020-12916 + REJECTED +CVE-2020-12915 + REJECTED +CVE-2020-12914 + REJECTED +CVE-2020-12913 + REJECTED +CVE-2020-12912 (A potential vulnerability in the AMD extension to Linux "hwmon" servic ...) + - linux 5.9.9-1 (unimportant) + [buster] - linux (Vulnerable driver introduced later) + [stretch] - linux (Vulnerable driver introduced later) + NOTE: https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402 + NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481 + NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds +CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...) + NOT-FOR-US: AMD ATIKMDAG.SYS +CVE-2020-12910 + REJECTED +CVE-2020-12909 + REJECTED +CVE-2020-12908 + REJECTED +CVE-2020-12907 + REJECTED +CVE-2020-12906 + REJECTED +CVE-2020-12905 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12903 (Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12901 (Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lea ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12896 + REJECTED +CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12894 (Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x4001 ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...) + NOT-FOR-US: Intel / AMD +CVE-2020-12891 (AMD Radeon Software may be vulnerable to DLL Hijacking through path va ...) + NOT-FOR-US: AMD +CVE-2020-12890 (Improper handling of pointers in the System Management Mode (SMM) hand ...) + NOT-FOR-US: AMD +CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) + NOT-FOR-US: MISP +CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) + {DLA-2420-1 DLA-2385-1} + - linux 5.8.7-1 + [buster] - linux 4.19.146-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 +CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...) + NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) +CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) + NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) +CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...) + NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) +CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) + NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) +CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...) + NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) +CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) + NOT-FOR-US: Submitty +CVE-2020-12881 + RESERVED +CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...) + NOT-FOR-US: Pulse +CVE-2020-12879 + RESERVED +CVE-2020-12878 (Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate pr ...) + NOT-FOR-US: Digi ConnectPort X2e +CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) + NOT-FOR-US: Veritas +CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) + NOT-FOR-US: Veritas +CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) + NOT-FOR-US: Veritas +CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) + NOT-FOR-US: Veritas +CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) + NOT-FOR-US: Alfresco Enterprise Content Management (ECM) +CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) + - erlang 1:21.2.6+dfsg-1 (low) + [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 + [jessie] - erlang (Minor issue) + NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 + NOTE: https://github.com/erlyaws/yaws/issues/402 + NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which + NOTE: landed in Buster as fixed (although it was possibly fixed earlier between + NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422 + NOTE: for discussion. +CVE-2020-12871 + RESERVED +CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...) + NOT-FOR-US: RainbowFish PacsOne Server +CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS.) + NOT-FOR-US: RainbowFish PacsOne Server +CVE-2020-12868 + RESERVED +CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...) + {DLA-2332-1 DLA-2231-1} + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30) +CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...) + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) + NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) +CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...) + {DLA-2332-1} + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30) +CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) + NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) +CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) + {DLA-2332-1} + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30) +CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) + {DLA-2332-1} + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30) +CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...) + [experimental] - sane-backends 1.0.30-1~experimental1 + - sane-backends 1.0.31-2 (bug #961302) + [buster] - sane-backends (Minor issue) + [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) + [jessie] - sane-backends (epsonds backend was added in 1.0.25) + NOTE: https://gitlab.com/sane-project/backends/-/issues/279 + NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read + NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html + NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) + NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) +CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) + NOT-FOR-US: COVIDSafe +CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) + NOT-FOR-US: COVIDSafe +CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) + NOT-FOR-US: COVIDSafe +CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) + NOT-FOR-US: COVIDSafe +CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) + NOT-FOR-US: COVIDSafe +CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...) + NOT-FOR-US: SecZetta NEProfile +CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...) + NOT-FOR-US: SecZetta NEProfile +CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...) + NOT-FOR-US: Pydio Cells +CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...) + NOT-FOR-US: Zimbra +CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...) + - cherokee +CVE-2020-12844 + RESERVED +CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) + NOT-FOR-US: ismartgate PRO +CVE-2020-12836 + RESERVED +CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...) + NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro +CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) + NOT-FOR-US: eQ-3 Homematic Central Control Unit +CVE-2020-12833 + RESERVED +CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) + NOT-FOR-US: simple-file-list plugin for WordPress +CVE-2020-12831 (An issue was discovered in FRRouting FRR (aka Free Range Routing) thro ...) + - frr (unimportant) + NOTE: https://github.com/FRRouting/frr/pull/6383 + NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 +CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that could al ...) + NOT-FOR-US: Western Digital My Cloud devices +CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...) + {DSA-4760-1} + - qemu 1:5.0-12 (low; bug #961451) + [stretch] - qemu (SM501 only compiled for misc/sh4 where it's not enabled as a graphics device yet; intrusive) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 +CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) + NOT-FOR-US: AnchorFree VPN SDK +CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...) + NOT-FOR-US: MJML +CVE-2019-20796 + RESERVED +CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) + {DLA-2241-1} + - linux 5.6.7-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.228-1 + NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da +CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...) + - libcroco (low; bug #960527) + [buster] - libcroco (Minor issue) + [stretch] - libcroco (Minor issue) + [jessie] - libcroco (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 +CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...) + NOT-FOR-US: Pexip Infinity +CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...) + {DLA-2212-1} + - openconnect 8.10-1 (unimportant; bug #960620) + NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108 + NOTE: Only triggerable by local certs, which are under the control of the user +CVE-2020-12822 + RESERVED +CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) + NOT-FOR-US: Gossipsub +CVE-2020-12820 + RESERVED +CVE-2020-12819 + RESERVED +CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...) + NOT-FOR-US: FortiGuard +CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...) + NOT-FOR-US: FortiGuard +CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...) + NOT-FOR-US: FortiGuard +CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...) + NOT-FOR-US: FortiGuard +CVE-2020-12814 (A improper neutralization of input during web page generation ('cross- ...) + NOT-FOR-US: Fortiguard +CVE-2020-12813 + RESERVED +CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...) + NOT-FOR-US: Fortinet +CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...) + NOT-FOR-US: FortiGuard +CVE-2020-12810 + RESERVED +CVE-2020-12809 + RESERVED +CVE-2020-12808 + RESERVED +CVE-2020-12807 + RESERVED +CVE-2020-12806 + RESERVED +CVE-2020-12805 + RESERVED +CVE-2020-12804 + RESERVED +CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...) + - libreoffice 1:6.4.4-1 (low) + [buster] - libreoffice (Minor issue) + [stretch] - libreoffice (Minor issue) + [jessie] - libreoffice (Minor issue) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 +CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...) + - libreoffice 1:6.4.4-1 (low) + [buster] - libreoffice (Minor issue) + [stretch] - libreoffice (Minor issue) + [jessie] - libreoffice (Minor issue) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802 +CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) + - libreoffice 1:6.4.3-1 (low) + [buster] - libreoffice (Minor issue) + [stretch] - libreoffice (Minor issue) + [jessie] - libreoffice (Minor issue) + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 +CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...) + NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress +CVE-2020-12799 + RESERVED +CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) + NOT-FOR-US: Cellebrite UFED +CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...) + - consul 1.7.4+dfsg1-1 + [buster] - consul (Vulnerable code not present) + NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + NOTE: https://github.com/hashicorp/consul/pull/8047 +CVE-2020-12796 + RESERVED +CVE-2020-12795 + RESERVED +CVE-2020-12794 + RESERVED +CVE-2020-12793 + RESERVED +CVE-2020-12792 + RESERVED +CVE-2020-12791 + RESERVED +CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...) + NOT-FOR-US: SEOmatic plugin for Craft CMS +CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...) + NOT-FOR-US: Microchip Atmel ATSAMA5 products +CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...) + NOT-FOR-US: Microchip Atmel ATSAMA5 products +CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...) + NOT-FOR-US: Microchip Atmel ATSAMA5 products +CVE-2020-12786 + RESERVED +CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...) + NOT-FOR-US: cPanel +CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...) + NOT-FOR-US: cPanel +CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...) + NOT-FOR-US: Openfind MailGates +CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...) + NOT-FOR-US: Combodo iTop +CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...) + NOT-FOR-US: Combodo iTop +CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...) + NOT-FOR-US: Combodo iTop +CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...) + NOT-FOR-US: Combodo iTop +CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...) + NOT-FOR-US: Combodo iTop +CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...) + NOT-FOR-US: Openfind Mail2000 +CVE-2020-12775 (Hicos citizen certificate client-side component does not filter specia ...) + NOT-FOR-US: Hicos Natural Person Credential +CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) + NOT-FOR-US: D-Link +CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...) + NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware +CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) + {DSA-4687-1 DLA-2213-1} + - exim4 4.93-16 + NOTE: https://bugs.exim.org/show_bug.cgi?id=2571 + NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 + NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 +CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) + NOT-FOR-US: Ignite Realtime Spark +CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) + {DLA-2214-1} + - libexif 0.6.21-7 (bug #960199) + [buster] - libexif 0.6.21-5.1+deb10u2 + [stretch] - libexif 0.6.21-2+deb9u2 + NOTE: https://github.com/libexif/libexif/issues/31 + NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 +CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...) + - iproute2 5.2.0-1 + [buster] - iproute2 (Minor issue) + [stretch] - iproute2 (Vulnerable code introduced later) + [jessie] - iproute2 (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10 (v5.1.0) + NOTE: Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0) +CVE-2020-15591 (fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 a ...) + - fex 20160919-2 + [buster] - fex 20160919-2~deb10u1 + [stretch] - fex 20160919-2~deb9u1 + NOTE: https://secfault-security.com/advisories/cve2020-15591.html +CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) + {DLA-2420-1 DLA-2323-1} + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + NOTE: https://lkml.org/lkml/2020/4/26/87 + NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2) +CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.6.14-1 + NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) +CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) + {DLA-2241-1} + - linux 5.4.19-1 + [buster] - linux 4.19.118-1 + [stretch] - linux 4.9.228-1 + NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) +CVE-2020-12768 (An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit ...) + {DSA-4699-1} + - linux 5.6.7-1 (unimportant) + [stretch] - linux (Vulnerability introduced later) + [jessie] - linux (Vulnerability introduced later) + NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) +CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) + NOT-FOR-US: Gnuteca +CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&item= Dire ...) + NOT-FOR-US: Solis Miolo +CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal.) + NOT-FOR-US: Gnuteca +CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) + NOT-FOR-US: TRENDnet ProView +CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) + {DSA-4741-1 DLA-3461-1 DLA-2301-1 DLA-2228-2 DLA-2228-1} + - json-c 0.13.1+dfsg-8 (bug #960326) + - libfastjson 1.2304.0-1 (bug #1035302) + [bullseye] - libfastjson (Minor issue) + NOTE: https://github.com/json-c/json-c/pull/592 + NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426 + NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45 + NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67 + NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157 + NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6 + NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as: + NOTE: https://github.com/json-c/json-c/issues/599 + NOTE: https://github.com/json-c/json-c/pull/610 + NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608 + NOTE: https://github.com/rsyslog/libfastjson/issues/161 +CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...) + - imlib2 1.6.1-2 (bug #960192) + [buster] - imlib2 (Vulnerable code introduced later) + [stretch] - imlib2 (Vulnerable code introduced later) + [jessie] - imlib2 (Vulnerable code introduced later) + NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 +CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) + - opennms (bug #450615) +CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...) + - zulip-server (bug #800052) +CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...) + - consul 1.7.4+dfsg1-1 + [buster] - consul (Vulnerable code not present) + NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md + NOTE: https://github.com/hashicorp/consul/pull/7783 +CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured ...) + NOT-FOR-US: HashiCorp Vault +CVE-2020-12756 + RESERVED +CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...) + - kio-extras 4:20.08.3-1 (low; bug #960306) + [buster] - kio-extras (Minor issue) + [stretch] - kio-extras (Minor issue) + NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145 +CVE-2019-20794 (An issue was discovered in the Linux kernel 4.18 through 5.6.11 when u ...) + - linux + [bookworm] - linux (Minor issue, revisit when fixed upstream) + [bullseye] - linux (Minor issue, revisit when fixed upstream) + [buster] - linux (Minor issue, revisit when fixed upstream) + NOTE: https://sourceforge.net/p/fuse/mailman/message/36598753/ +CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-12744 (The MSI installer in Verint Desktop Resources 15.2 allows an unprivile ...) + NOT-FOR-US: Verint Desktop Resources +CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) + NOT-FOR-US: Gazie +CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) + NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress +CVE-2020-12741 + RESERVED +CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) + - tcpreplay 4.3.3-1 (unimportant) + [jessie] - tcpreplay (Vulnerable code added later) + NOTE: https://github.com/appneta/tcpreplay/issues/576 + NOTE: https://github.com/appneta/tcpreplay/pull/590 + NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 + NOTE: --fuzz-seed in PoC not present until version 4.2.0 + NOTE: Crash in CLI tool, no security impact +CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...) + NOT-FOR-US: Fanuc i Series CNC +CVE-2020-12738 + RESERVED +CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) + NOT-FOR-US: Maxum Rumpus +CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...) + NOT-FOR-US: Code42 +CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) + NOT-FOR-US: DomainMOD +CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...) + NOT-FOR-US: DEPSTECH WiFi Digital Microscope +CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...) + NOT-FOR-US: DEPSTECH WiFi Digital Microscope +CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...) + NOT-FOR-US: DEPSTECH WiFi Digital Microscope +CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...) + NOT-FOR-US: MagicMotion Flamingo 2 application for Android +CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...) + NOT-FOR-US: MagicMotion Flamingo 2 +CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...) + NOT-FOR-US: MagicMotion Flamingo 2 +CVE-2020-12728 + RESERVED +CVE-2020-12727 + RESERVED +CVE-2020-12726 + RESERVED +CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...) + NOT-FOR-US: Redash +CVE-2020-12724 + RESERVED +CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...) + - perl 5.30.3-1 (bug #962005) + [buster] - perl 5.28.1-6+deb10u1 + [stretch] - perl 5.24.1-3+deb9u7 + NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) +CVE-2020-12722 + RESERVED +CVE-2020-12721 + RESERVED +CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) + NOT-FOR-US: vBulletin +CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) + NOT-FOR-US: WSO2 +CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) + NOT-FOR-US: COVIDSafe (Australia) app +CVE-2020-12716 + RESERVED +CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.) + NOT-FOR-US: RainbowFish PacsOne Server +CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...) + NOT-FOR-US: CipherMail +CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) + NOT-FOR-US: CipherMail +CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...) + NOT-FOR-US: SOS JobScheduler +CVE-2020-12711 + RESERVED +CVE-2020-12710 + RESERVED +CVE-2020-12709 + RESERVED +CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) + NOT-FOR-US: LeptonCMS +CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) + NOT-FOR-US: LeptonCMS +CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS.) + NOT-FOR-US: UliCMS +CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall.) + NOT-FOR-US: UliCMS +CVE-2020-12702 (Weak encryption in the Quick Pairing mode in the eWeLink mobile applic ...) + NOT-FOR-US: eWeLink mobile application +CVE-2020-12701 + RESERVED +CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) + NOT-FOR-US: Typo3 extension +CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) + NOT-FOR-US: Typo3 extension +CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) + NOT-FOR-US: Typo3 extension +CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) + NOT-FOR-US: Typo3 extension +CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL.) + NOT-FOR-US: iframe plugin for WordPress +CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) + {DSA-4898-1 DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1} + - wpa 2:2.9.0-16 (bug #976106) + - gupnp 1.2.3-1 + [buster] - gupnp 1.0.5-0+deb10u1 + - minidlna 1.2.1+dfsg-3 (bug #976594) + - pupnp (Fixed before initial upload to Debian after source package rename) + - pupnp-1.8 (bug #983206) + [bookworm] - pupnp-1.8 (Minor issue) + [bullseye] - pupnp-1.8 (Minor issue) + [buster] - pupnp-1.8 (Minor issue) + - libupnp + [stretch] - libupnp (Invasive change, hard to backport; chances of regression) + NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt + NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch + NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch + NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch + NOTE: https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 (v1_3_0) + NOTE: https://github.com/pupnp/pupnp/commit/5f76bf2858dd601bd985bf37a1db9f262c0ff7bf (release-1.14.0) + NOTE: https://github.com/pupnp/pupnp/commit/7b3f0f5f497f9f493c82307af495b87fa9ebdacb (release-1.14.0) +CVE-2020-12694 + RESERVED +CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) + {DSA-4841-1 DLA-2886-1} + - slurm-wlm (Fixed with first upload to Debian with renamed source package) + - slurm-llnl (bug #961406) + [jessie] - slurm-llnl (Message Aggregation added in 14.11) + NOTE: https://www.schedmd.com/news.php?id=236 + NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html + NOTE: Issue affects systems with Message Aggregation enabled + NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix +CVE-2020-12688 + RESERVED +CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) + NOT-FOR-US: Serpico +CVE-2020-12686 + RESERVED +CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) + NOT-FOR-US: Interchange +CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...) + NOT-FOR-US: i-net Clear Reports +CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues.) + NOT-FOR-US: Katyshop2 +CVE-2020-12682 + RESERVED +CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices ...) + NOT-FOR-US: 3xLogic Infinias eIDC32 devices +CVE-2020-12680 (Avira Free Antivirus through 15.0.2005.1866 allows local users to disc ...) + NOT-FOR-US: Avira Free Antivirus +CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...) + NOT-FOR-US: Mitel +CVE-2020-12678 + REJECTED +CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) + NOT-FOR-US: Progress MOVEit Automation Web Admin +CVE-2020-12676 (FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge me ...) + NOT-FOR-US: FusionAuth +CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...) + NOT-FOR-US: mappress-google-maps-for-WordPress plugin for WordPress +CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) + {DSA-4679-1} + - keystone 2:17.0.0~rc2-1 (bug #959900) + [stretch] - keystone (Not supported in stretch LTS) + [jessie] - keystone (Not supported in Jessie LTS) + NOTE: https://bugs.launchpad.net/keystone/+bug/1872737 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4 +CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) + {DSA-4679-1} + - keystone 2:17.0.0~rc2-1 (bug #959900) + [stretch] - keystone (Not supported in stretch LTS) + [jessie] - keystone (Not supported in Jessie LTS) + NOTE: https://bugs.launchpad.net/keystone/+bug/1872733 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 +CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) + {DSA-4679-1} + - keystone 2:17.0.0~rc2-1 (bug #959900) + [stretch] - keystone (Not supported in stretch LTS) + [jessie] - keystone (Not supported in Jessie LTS) + NOTE: https://bugs.launchpad.net/keystone/+bug/1873290 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6 +CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...) + {DSA-4745-1 DLA-2328-1} + - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) + NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3 + NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145 +CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...) + {DSA-4745-1 DLA-2328-1} + - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) + NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2 + NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 +CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) + {DSA-4679-1} + - keystone 2:17.0.0~rc2-1 (bug #959900) + [stretch] - keystone (Not supported in stretch LTS) + [jessie] - keystone (Not supported in Jessie) + NOTE: https://bugs.launchpad.net/keystone/+bug/1872735 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 +CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...) + {DLA-2902-1 DLA-2236-1} + - graphicsmagick 1.4+really1.3.35-2 (bug #960000) + [buster] - graphicsmagick 1.4+really1.3.35-1~deb10u2 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 + NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/ +CVE-2020-12671 + RESERVED +CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save function of ...) + - webmin +CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) + - dolibarr +CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) + NOT-FOR-US: Jinjava +CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) + - knot-resolver 5.1.1-0.1 (bug #961076) + [buster] - knot-resolver (Minor issue; can be fixed via point release) + NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ + NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b + NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 +CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) + NOT-FOR-US: macaron +CVE-2020-12665 + RESERVED +CVE-2020-12664 + RESERVED +CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) + {DSA-4694-1 DLA-2556-1} + - unbound 1.10.1-1 + [stretch] - unbound (No longer supported, see DSA 4694) + [jessie] - unbound (No longer supported) + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt + NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff +CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) + {DSA-4694-1 DLA-2556-1} + - unbound 1.10.1-1 + [stretch] - unbound (No longer supported, see DSA 4694) + [jessie] - unbound (No longer supported) + NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt + NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff +CVE-2017-18867 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18866 (Certain NETGEAR devices are affected by stored XSS. This affects R9000 ...) + NOT-FOR-US: Netgear +CVE-2017-18865 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18864 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2020-12661 + RESERVED +CVE-2020-12660 + RESERVED +CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) + - linux 5.6.7-1 + [buster] - linux 4.19.118-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) +CVE-2020-12658 (gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex befor ...) + {DLA-2516-1} + - gssproxy (unimportant; bug #978931) + NOTE: https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 (v0.8.3) + NOTE: code change in question only happens in a shutdown path. +CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) + - linux 5.6.7-1 + [buster] - linux 4.19.118-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) +CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...) + - linux 5.7.6-1 (unimportant) + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 + NOTE: Issue is triggered only at module reloading / rebinding +CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...) + {DLA-2420-1 DLA-2323-1} + - linux 5.6.14-1 + [buster] - linux 4.19.131-1 + NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) +CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) +CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) +CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.4.19-1 + [buster] - linux 4.19.98-1 + NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) +CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) + NOT-FOR-US: SecureCRT +CVE-2020-12650 + REJECTED +CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) + NOT-FOR-US: Gurbalib +CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) + - tinymce (bug #972642) + [buster] - tinymce (Minor issue) + [stretch] - tinymce (Vulnerable code not present and not reproducible) + NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 +CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) + NOT-FOR-US: Unisys ALGOL Compiler +CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...) + NOT-FOR-US: OX App Suite +CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...) + NOT-FOR-US: OX App Suite +CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...) + NOT-FOR-US: OX App Suite +CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...) + NOT-FOR-US: OX App Suite +CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...) + NOT-FOR-US: Report Portal +CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...) + - roundcube 1.4.4+dfsg.1-1 (unimportant) + [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 + NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 + NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 +CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...) + - roundcube 1.4.4+dfsg.1-1 (unimportant) + [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 + NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 + NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 +CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...) + - phplist (bug #612288) +CVE-2020-12638 (An encryption-bypass issue was discovered on Espressif ESP-IDF devices ...) + NOT-FOR-US: Espressif +CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...) + NOT-FOR-US: Zulip Desktop +CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...) + - tensorflow (bug #804612) +CVE-2020-12636 + RESERVED +CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...) + NOT-FOR-US: WebForms Pro M2 extension for Magento +CVE-2020-12634 + RESERVED +CVE-2020-12633 + RESERVED +CVE-2020-12632 + RESERVED +CVE-2020-12631 + RESERVED +CVE-2020-12630 + RESERVED +CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...) + NOT-FOR-US: osTicket +CVE-2020-12628 + RESERVED +CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...) + NOT-FOR-US: Calibre-Web +CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...) + NOT-FOR-US: League +CVE-2020-12623 + RESERVED +CVE-2020-12622 + RESERVED +CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...) + NOT-FOR-US: Teamwire application for Android +CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...) + NOT-FOR-US: Pi-hole +CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...) + NOT-FOR-US: MailMate +CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...) + NOT-FOR-US: eM Client +CVE-2020-12617 + RESERVED +CVE-2020-12616 + RESERVED +CVE-2020-12615 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + NOT-FOR-US: BeyondTrust Privilege Management for Windows +CVE-2020-12614 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + NOT-FOR-US: BeyondTrust Privilege Management for Windows +CVE-2020-12613 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + NOT-FOR-US: BeyondTrust Privilege Management for Windows +CVE-2020-12612 (An issue was discovered in BeyondTrust Privilege Management for Window ...) + NOT-FOR-US: BeyondTrust Privilege Management for Windows +CVE-2020-12611 + RESERVED +CVE-2020-12610 + RESERVED +CVE-2020-12609 + RESERVED +CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...) + NOT-FOR-US: SolarWinds +CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) + NOT-FOR-US: fastecdsa +CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) + NOT-FOR-US: DB Soft +CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) + - envoyproxy (bug #987544) +CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) + - envoyproxy (bug #987544) +CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) + - envoyproxy (bug #987544) +CVE-2020-12602 + RESERVED +CVE-2020-12601 + RESERVED +CVE-2020-12600 + RESERVED +CVE-2020-12599 + RESERVED +CVE-2020-12598 + RESERVED +CVE-2020-12597 + RESERVED +CVE-2020-12596 + RESERVED +CVE-2020-12595 (An information disclosure flaw allows a malicious, authenticated, priv ...) + NOT-FOR-US: Symantec +CVE-2020-12594 (A privilege escalation flaw allows a malicious, authenticated, privile ...) + NOT-FOR-US: Symantec +CVE-2020-12593 (Symantec Endpoint Detection & Response, prior to 4.5, may be susceptib ...) + NOT-FOR-US: Symantec +CVE-2020-12592 + REJECTED +CVE-2020-12591 + REJECTED +CVE-2020-12590 + REJECTED +CVE-2020-12589 + REJECTED +CVE-2020-12588 + REJECTED +CVE-2020-12587 + REJECTED +CVE-2020-12586 + REJECTED +CVE-2020-12585 + REJECTED +CVE-2020-12584 + REJECTED +CVE-2020-12583 + REJECTED +CVE-2020-12582 + REJECTED +CVE-2020-12581 + REJECTED +CVE-2020-12580 + REJECTED +CVE-2020-12579 + REJECTED +CVE-2020-12578 + REJECTED +CVE-2020-12577 + REJECTED +CVE-2020-12576 + REJECTED +CVE-2020-12575 + REJECTED +CVE-2020-12574 + REJECTED +CVE-2020-12573 + REJECTED +CVE-2020-12572 + REJECTED +CVE-2020-12571 + REJECTED +CVE-2020-12570 + REJECTED +CVE-2020-12569 + REJECTED +CVE-2020-12568 + REJECTED +CVE-2020-12567 + REJECTED +CVE-2020-12566 + REJECTED +CVE-2020-12565 + REJECTED +CVE-2020-12564 + REJECTED +CVE-2020-12563 + REJECTED +CVE-2020-12562 + REJECTED +CVE-2020-12561 + REJECTED +CVE-2020-12560 + REJECTED +CVE-2020-12559 + REJECTED +CVE-2020-12558 + REJECTED +CVE-2020-12557 + REJECTED +CVE-2020-12556 + REJECTED +CVE-2020-12555 + REJECTED +CVE-2020-12554 + REJECTED +CVE-2020-12553 + REJECTED +CVE-2020-12552 + REJECTED +CVE-2020-12551 + REJECTED +CVE-2020-12550 + REJECTED +CVE-2020-12549 + REJECTED +CVE-2020-12548 + REJECTED +CVE-2020-12547 + REJECTED +CVE-2020-12546 + REJECTED +CVE-2020-12545 + REJECTED +CVE-2020-12544 + REJECTED +CVE-2020-12543 + REJECTED +CVE-2020-12542 + REJECTED +CVE-2020-12541 + REJECTED +CVE-2020-12540 + REJECTED +CVE-2020-12539 + REJECTED +CVE-2020-12538 + REJECTED +CVE-2020-12537 + REJECTED +CVE-2020-12536 + REJECTED +CVE-2020-12535 + REJECTED +CVE-2020-12534 + REJECTED +CVE-2020-12533 + REJECTED +CVE-2020-12532 + REJECTED +CVE-2020-12531 + REJECTED +CVE-2020-12530 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) + NOT-FOR-US: MB connect software +CVE-2020-12529 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) + NOT-FOR-US: MB connect software +CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) + NOT-FOR-US: MB connect software +CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 ...) + NOT-FOR-US: MB connect software +CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...) + NOT-FOR-US: TwinCAT OPC UA Server +CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and ...) + NOT-FOR-US: M&M Software fdtCONTAINER Component +CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...) + NOT-FOR-US: Phoenix Contact HMIs BTP +CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...) + NOT-FOR-US: Phoenix Contact mGuard Devices +CVE-2020-12522 (The reported vulnerability allows an attacker who has network access t ...) + NOT-FOR-US: WAGO +CVE-2020-12521 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) + NOT-FOR-US: Phoenix Contact PLCnext Control Devices +CVE-2020-12520 + REJECTED +CVE-2020-12519 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) + NOT-FOR-US: Phoenix Contact PLCnext Control Devices +CVE-2020-12518 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) + NOT-FOR-US: Phoenix Contact PLCnext Control Devices +CVE-2020-12517 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) + NOT-FOR-US: Phoenix Contact PLCnext Control Devices +CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...) + NOT-FOR-US: WAGO +CVE-2020-12515 + REJECTED +CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master +CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master +CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master +CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) + NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master +CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...) + NOT-FOR-US: Beckhoff +CVE-2020-12509 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...) + NOT-FOR-US: s::can moni::tools +CVE-2020-12508 (In s::can moni::tools in versions below 4.2 an unauthenticated attacke ...) + NOT-FOR-US: s::can moni::tools +CVE-2020-12507 (In s::can moni::tools before version 4.2 an authenticated attacker cou ...) + NOT-FOR-US: s::can moni::tools +CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) + NOT-FOR-US: WAGO +CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) + NOT-FOR-US: WAGO +CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) + NOT-FOR-US: Pepperl+Fuchs +CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) + NOT-FOR-US: Pepperl+Fuchs +CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) + NOT-FOR-US: Pepperl+Fuchs +CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) + NOT-FOR-US: Pepperl+Fuchs +CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) + NOT-FOR-US: Pepperl+Fuchs +CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...) + NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer +CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...) + NOT-FOR-US: Phoenix +CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...) + NOT-FOR-US: Phoenix +CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and ...) + NOT-FOR-US: Endress+Hauser +CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with ...) + NOT-FOR-US: Endress+Hauser +CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...) + NOT-FOR-US: Beckhoff +CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...) + NOT-FOR-US: SWARCOs CPU LS4000 Series +CVE-2020-12492 + RESERVED +CVE-2020-12491 + RESERVED +CVE-2020-12490 + RESERVED +CVE-2020-12489 + RESERVED +CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...) + NOT-FOR-US: Vivo +CVE-2020-12487 + RESERVED +CVE-2020-12486 + RESERVED +CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...) + NOT-FOR-US: Vivo +CVE-2020-12484 + RESERVED +CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...) + NOT-FOR-US: Vivo +CVE-2020-12482 + RESERVED +CVE-2020-12481 + RESERVED +CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...) + NOT-FOR-US: Play Framework +CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) + - teampass (bug #730180) +CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) + - teampass (bug #730180) +CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...) + - teampass (bug #730180) +CVE-2020-12476 + RESERVED +CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...) + NOT-FOR-US: TP-Link +CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...) + - telegram-desktop 2.1.0+ds-1 + [buster] - telegram-desktop (Minor issue) + NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 +CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...) + NOT-FOR-US: MonoX +CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...) + NOT-FOR-US: MonoX +CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...) + NOT-FOR-US: MonoX +CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...) + NOT-FOR-US: MonoX +CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...) + NOT-FOR-US: Subrion CMS +CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...) + NOT-FOR-US: Subrion CMS +CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...) + NOT-FOR-US: Subrion CMS +CVE-2019-20793 + RESERVED +CVE-2016-11061 (Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 7 ...) + NOT-FOR-US: Xerox +CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...) + {DSA-4674-1} + - roundcube 1.4.4+dfsg.1-1 (bug #959142) + NOTE: https://github.com/roundcube/roundcubemail/pull/7302 + NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 + NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56 + NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713 +CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...) + {DSA-4674-1} + - roundcube 1.4.4+dfsg.1-1 (bug #959140) + NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 + NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4 + NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7 +CVE-2020-12466 + RESERVED +CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) +CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.6.14-1 + NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) +CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) + NOT-FOR-US: Avira +CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...) + NOT-FOR-US: ninja-forms plugin for WordPress +CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...) + {DLA-2639-1} + - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464) + [buster] - opendmarc 1.3.2-6+deb10u2 + NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64 + NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f +CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...) + NOT-FOR-US: Grafana as shipped in Red Hat +CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...) + - grafana + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765 + NOTE: https://github.com/grafana/grafana/issues/8283 +CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...) + - wolfssl 4.5.0+dfsg-1 (bug #969663) + NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable) + NOTE: https://github.com/wolfSSL/wolfssl/pull/2927 +CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...) + NOT-FOR-US: Mitel +CVE-2020-12455 + RESERVED +CVE-2020-12454 + RESERVED +CVE-2020-12453 + RESERVED +CVE-2020-12452 + RESERVED +CVE-2020-12451 + RESERVED +CVE-2020-12450 + RESERVED +CVE-2020-12449 + RESERVED +CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...) + - gitlab (Only affects GitLab EE 12.8 and later) + NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/ +CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...) + NOT-FOR-US: Onkyo +CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...) + NOT-FOR-US: G.SKILL Trident Z Lighting Control +CVE-2020-12445 + RESERVED +CVE-2020-12444 + RESERVED +CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...) + NOT-FOR-US: BigBlueButton +CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) + NOT-FOR-US: Ivanti +CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...) + NOT-FOR-US: Ivanti +CVE-2020-12440 + REJECTED +CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) + NOT-FOR-US: Grin +CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12437 + RESERVED +CVE-2020-12436 + RESERVED +CVE-2020-12435 + RESERVED +CVE-2020-12434 + RESERVED +CVE-2020-12433 + RESERVED +CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...) + NOT-FOR-US: Vereign Collabora CODE +CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) + NOT-FOR-US: Splashtop Software Updater +CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) + [experimental] - libvirt 6.2.0-1 + - libvirt 6.4.0-2 (low; bug #959447) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Vulnerable code introduced later) + [jessie] - libvirt (Vulnerable code introduced later) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) + NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190 +CVE-2019-20792 (OpenSC before 0.20.0 has a double free in coolkey_free_private_data be ...) + - opensc 0.20.0-1 (low) + [buster] - opensc 0.19.0-1+deb10u1 + [stretch] - opensc (Coolkey driver added in 0.17.0) + [jessie] - opensc (Minor issue but can be worth fixing later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19208 + NOTE: https://github.com/OpenSC/OpenSC/commit/c246f6f69a749d4f68626b40795a4f69168008f4 +CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...) + NOT-FOR-US: Online Course Registration +CVE-2020-12428 + RESERVED +CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) + NOT-FOR-US: Western Digital +CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426 +CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425 +CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424 +CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...) + - firefox (Windows-specific) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423 +CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422 +CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...) + {DSA-4718-1 DSA-4713-1} + - firefox 78.0-1 + - firefox-esr 68.10.0esr-1 + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421 +CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...) + {DSA-4718-1 DSA-4713-1} + - firefox 78.0-1 + - firefox-esr 68.10.0esr-1 + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420 +CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...) + {DSA-4718-1 DSA-4713-1} + - firefox 78.0-1 + - firefox-esr 68.10.0esr-1 + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419 +CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...) + {DSA-4718-1 DSA-4713-1} + - firefox 78.0-1 + - firefox-esr 68.10.0esr-1 + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418 +CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...) + {DSA-4718-1 DSA-4713-1} + - firefox 78.0-1 + - firefox-esr 68.10.0esr-1 + - thunderbird 1:68.10.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417 +CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416 +CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...) + - firefox 78.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415 +CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...) + - firefox (Specific to Firefox on iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414 +CVE-2020-12413 (The Raccoon attack is a timing attack on DHE ciphersuites inherit in t ...) + - nss 2:3.17-1 + [buster] - nss (Minor issue) + [stretch] - nss (Minor issue) + NOTE: https://raccoon-attack.com/ + NOTE: Starting with 3.17 NSS allows to disable reuse of ECDHE keys, marking this + NOTE: as the "fixed" version for unstable: + NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes +CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) + - firefox 70.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412 +CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...) + - firefox 77.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 +CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...) + {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} + - firefox 77.0-1 + - firefox-esr 68.9.0esr-1 + - thunderbird 1:68.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410 +CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...) + - firefox 77.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409 +CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...) + - firefox 77.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408 +CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...) + - firefox 77.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 +CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...) + {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} + - firefox 77.0-1 + - firefox-esr 68.9.0esr-1 + - thunderbird 1:68.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406 +CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...) + {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} + - firefox 77.0-1 + - firefox-esr 68.9.0esr-1 + - thunderbird 1:68.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405 +CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...) + - firefox (Specific to iOS) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404 +CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...) + {DLA-3327-1 DLA-2388-1} + - nss 2:3.55-1 + NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 + NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931 +CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...) + {DSA-4726-1 DLA-2388-1 DLA-2266-1} + - nss 2:3.53.1-1 (bug #963152) + NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1 + NOTE: Fixed upstream in 3.53.1 +CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...) + {DLA-3327-1 DLA-2388-1} + - firefox 80.0-1 + - nss 2:3.55-1 + NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) + NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401 +CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...) + {DLA-3327-1 DLA-2388-1} + - firefox 80.0-1 + - nss 2:3.55-1 + NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c + NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 + NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes + NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits. + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400 +CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...) + {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1} + - firefox 77.0-1 + - firefox-esr 68.9.0esr-1 + - nss 2:3.53-1 (bug #961752) + - thunderbird 1:68.9.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public) + NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399 +CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...) + {DSA-4702-1 DLA-2247-1} + - thunderbird 1:68.9.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398 +CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...) + {DSA-4683-1 DLA-2206-1} + - thunderbird 1:68.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 +CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...) + - firefox 76.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 +CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...) + {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} + - firefox 76.0-1 + - firefox-esr 68.8.0esr-1 + - thunderbird 1:68.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 +CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...) + - firefox 76.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 +CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + - thunderbird (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 +CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) + {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} + - firefox 76.0-1 + - firefox-esr 68.8.0esr-1 + - thunderbird 1:68.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392 +CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...) + - firefox 76.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 +CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead ...) + - firefox 76.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 +CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 +CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...) + - firefox (Only affects Windows) + - firefox-esr (Only affects Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 +CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...) + {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} + - firefox 76.0-1 + - firefox-esr 68.8.0esr-1 + - thunderbird 1:68.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 +CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12383 + REJECTED +CVE-2020-12382 + REJECTED +CVE-2020-12381 + REJECTED +CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...) + NOT-FOR-US: Intel +CVE-2020-12379 + REJECTED +CVE-2020-12378 + REJECTED +CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...) + NOT-FOR-US: Intel +CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...) + NOT-FOR-US: Intel +CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) + NOT-FOR-US: Intel +CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) + NOT-FOR-US: Intel +CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) + {DLA-3380-1} + - linux 5.14.6-1 + [bullseye] - linux (Too intrusive to backport) + [buster] - linux (Too intrusive to backport) + - firmware-nonfree 20210208-1 + [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) + NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the + NOTE: firmware is required. The new firmware requires a kernel patch + NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 + NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b + NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load + NOTE: the updated firmware, thus also marking linux as affected +CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) + {DLA-3380-1} + - linux 5.14.6-1 + [bullseye] - linux (Too intrusive to backport) + [buster] - linux (Too intrusive to backport) + - firmware-nonfree 20210208-1 + [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) + NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the + NOTE: firmware is required. The new firmware requires a kernel patch + NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 + NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b + NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load + NOTE: the updated firmware, thus also marking linux as affected +CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) + {DLA-3380-1} + - linux 5.14.6-1 + [bullseye] - linux (Too intrusive to backport) + [buster] - linux (Too intrusive to backport) + - firmware-nonfree 20210208-1 + [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) + NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html + NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the + NOTE: firmware is required. The new firmware requires a kernel patch + NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 + NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b + NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load + NOTE: the updated firmware, thus also marking linux as affected +CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...) + NOT-FOR-US: Intel +CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...) + NOT-FOR-US: Intel +CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...) + NOT-FOR-US: Intel +CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...) + NOT-FOR-US: Intel +CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...) + NOT-FOR-US: Intel +CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...) + NOT-FOR-US: Intel +CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...) + NOT-FOR-US: Intel +CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...) + NOT-FOR-US: Intel +CVE-2020-12352 (Improper access control in BlueZ may allow an unauthenticated user to ...) + {DSA-4774-1 DLA-2420-1 DLA-2417-1} + - linux 5.9.1-1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq + NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8 +CVE-2020-12351 (Improper input validation in BlueZ may allow an unauthenticated user t ...) + {DSA-4774-1 DLA-2420-1 DLA-2417-1} + - linux 5.9.1-1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html + NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq + NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22 +CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...) + NOT-FOR-US: Intel +CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...) + NOT-FOR-US: Intel +CVE-2020-12348 + REJECTED +CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...) + NOT-FOR-US: Intel +CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...) + NOT-FOR-US: Intel +CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...) + NOT-FOR-US: Intel +CVE-2020-12344 + REJECTED +CVE-2020-12343 + REJECTED +CVE-2020-12342 + REJECTED +CVE-2020-12341 + REJECTED +CVE-2020-12340 + REJECTED +CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...) + NOT-FOR-US: Intel +CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...) + NOT-FOR-US: Intel +CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) + NOT-FOR-US: Intel +CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...) + NOT-FOR-US: Intel +CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...) + NOT-FOR-US: Intel +CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...) + NOT-FOR-US: Intel +CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...) + NOT-FOR-US: Intel +CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...) + NOT-FOR-US: Intel +CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...) + NOT-FOR-US: Intel +CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...) + NOT-FOR-US: Intel +CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...) + NOT-FOR-US: Intel +CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) + NOT-FOR-US: Intel +CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...) + NOT-FOR-US: Intel +CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...) + NOT-FOR-US: Intel +CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) + NOT-FOR-US: Intel +CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) + NOT-FOR-US: Intel +CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...) + NOT-FOR-US: Intel +CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...) + NOT-FOR-US: Intel (Wireless Bluetooth products, but only affecting Windows) +CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...) + NOTE: Intel firmware, there is no conclusive information if the blobs shipped in + NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html +CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...) + NOT-FOR-US: Intel +CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) + NOTE: Intel firmware, there is no conclusive information if the blobs shipped in + NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html +CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...) + NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) +CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...) + NOTE: Intel firmware, there is no conclusive information if the blobs shipped in + NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html +CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...) + NOT-FOR-US: Intel +CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...) + NOT-FOR-US: Intel +CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...) + NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) +CVE-2020-12313 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) + NOTE: Intel firmware, there is no conclusive information if the blobs shipped in + NOTE: firmware-nonfree are affected. If they are, they would get fixed via release updates + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html + NOTE: Fixed firmware blobs: + NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3 + NOTE: ibt-hw-37.8.10-fw-22.50.19.14.f.bseq + NOTE: Not shipped in Debian: Wi-Fi 6 AX200, Wireless-AC 9560, Wireless-AC 9462, Wireless-AC 9461, Dual Band Wireless-AC 3165 + NOTE: Intel seems to have missed the update for ibt-12-16.sfi, last update from May 2019 + NOTE: Intel seems to have missed the update for ibt-11-5.sfi, last update from Jan 2019 +CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) + NOT-FOR-US: Intel +CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) + NOT-FOR-US: Intel +CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) + NOT-FOR-US: Intel +CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...) + NOT-FOR-US: Intel +CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...) + NOT-FOR-US: Intel +CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...) + NOT-FOR-US: Intel +CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...) + NOT-FOR-US: Intel +CVE-2020-12305 + REJECTED +CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...) + NOT-FOR-US: Intel +CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...) + NOT-FOR-US: Intel +CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant before ...) + NOT-FOR-US: Intel +CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) + NOT-FOR-US: Intel +CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) + NOT-FOR-US: Intel +CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...) + NOT-FOR-US: Intel +CVE-2020-12298 + REJECTED +CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...) + NOT-FOR-US: Intel +CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) + NOT-FOR-US: Intel +CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...) + NOT-FOR-US: Intel +CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM) ...) + NOT-FOR-US: Intel +CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...) + NOT-FOR-US: Intel +CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...) + NOT-FOR-US: Intel +CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) + NOT-FOR-US: Intel +CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...) + NOT-FOR-US: Intel +CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...) + NOT-FOR-US: Intel +CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...) + NOT-FOR-US: Intel +CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...) + NOT-FOR-US: Intel +CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow in Mesh ...) + NOT-FOR-US: OpenThread +CVE-2018-21232 (re2c before 2.0 has uncontrolled recursion that causes stack consumpti ...) + - re2c (unimportant) + NOTE: https://github.com/skvadrik/re2c/issues/219 + NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/5fffb1870181d6179118586e21ed2889b8b4abc8 + NOTE: https://www.openwall.com/lists/oss-security/2020/04/27/2 + NOTE: Crash im CLI tool, no security impact +CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) + NOT-FOR-US: Octopus Deploy +CVE-2020-12285 + RESERVED +CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2 ...) + {DSA-4722-1} + - ffmpeg 7:4.2.3-1 + [stretch] - ffmpeg (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 +CVE-2017-18863 (Certain NETGEAR devices are affected by command execution via a PHP fo ...) + NOT-FOR-US: Netgear +CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects ReadyNAS Su ...) + NOT-FOR-US: Netgear +CVE-2017-18860 (Certain NETGEAR devices are affected by debugging command execution. T ...) + NOT-FOR-US: Netgear +CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18858 (Certain NETGEAR devices are affected by command execution. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and iOS is aff ...) + NOT-FOR-US: Netgear +CVE-2017-18856 (NETGEAR ReadyNAS devices before 6.6.1 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2017-18855 (NETGEAR WNR854T devices before 1.5.2 are affected by command execution ...) + NOT-FOR-US: Netgear +CVE-2017-18854 (NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.) + NOT-FOR-US: Netgear +CVE-2017-18853 (Certain NETGEAR devices are affected by password recovery and file acc ...) + NOT-FOR-US: Netgear +CVE-2016-11060 (Certain NETGEAR devices are affected by insecure renegotiation. This a ...) + NOT-FOR-US: Netgear +CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure. This affect ...) + NOT-FOR-US: Netgear +CVE-2016-11058 (The NETGEAR genie application before 2.4.34 for Android is affected by ...) + NOT-FOR-US: Netgear +CVE-2016-11057 (Certain NETGEAR devices are affected by mishandling of repeated URL ca ...) + NOT-FOR-US: Netgear +CVE-2016-11056 (Certain NETGEAR devices are affected by anonymous root access. This af ...) + NOT-FOR-US: Netgear +CVE-2016-11055 (Certain NETGEAR devices are affected by CSRF. This affects CM400 befor ...) + NOT-FOR-US: Netgear +CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command ex ...) + NOT-FOR-US: Netgear +CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...) + NOT-FOR-US: Sourcegraph +CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...) + NOT-FOR-US: iSmartgate PRO +CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) + NOT-FOR-US: iSmartgate PRO +CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) + NOT-FOR-US: iSmartgate PRO +CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) + {DLA-3340-1 DLA-2936-1} + - libgit2 0.28.4+dfsg.1-2 + [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) + NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 +CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) + {DLA-3340-1 DLA-2936-1} + - libgit2 0.28.4+dfsg.1-2 + [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) + NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 + NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb +CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) + NOT-FOR-US: TestLink +CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) + NOT-FOR-US: TestLink +CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) + {DLA-3546-1} + - opendmarc 1.4.0~beta1+dfsg-4 (bug #977767) + [stretch] - opendmarc (Minor issue; can be fixed in next update) + NOTE: https://sourceforge.net/p/opendmarc/tickets/237/ + NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf + NOTE: Fix: https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e +CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) + NOT-FOR-US: SFOS +CVE-2020-12270 (React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alpha ...) + NOT-FOR-US: Bluezone +CVE-2020-12269 + RESERVED +CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) + {DLA-2796-1} + - jbig2dec 0.18-1 + [buster] - jbig2dec 0.16-1+deb10u1 + [jessie] - jbig2dec (Minor issue) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 + NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e +CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...) + - qtbase-opensource-src (Vulnerable code not present) + NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 + NOTE: The 5.14 in experimental contains the code, but is already fixed +CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, ...) + - opendmarc 1.4.0~beta1+dfsg-4 (bug #977766) + [buster] - opendmarc (Minor issue) + [stretch] - opendmarc (Minor issue) + NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816 + NOTE: https://sourceforge.net/p/opendmarc/tickets/235/ + NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf + NOTE: Issue is disputed upstream and considered "work as designed" (wontfix) + NOTE: https://github.com/trusteddomainproject/OpenDMARC/blob/develop/SECURITY/CVE-2019-20790 + NOTE: Upstream reconsidering position: + NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/158 +CVE-2020-12266 (An issue was discovered where there are multiple externally accessible ...) + NOT-FOR-US: WAVLINK +CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) + NOT-FOR-US: Node decompress +CVE-2020-12264 + RESERVED +CVE-2020-12263 + RESERVED +CVE-2020-12262 (Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61 ...) + NOT-FOR-US: Intelbras +CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login.) + NOT-FOR-US: Open-AudIT +CVE-2020-12260 + RESERVED +CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...) + NOT-FOR-US: rConfig +CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...) + NOT-FOR-US: rConfig +CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...) + NOT-FOR-US: rConfig +CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...) + NOT-FOR-US: rConfig +CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...) + NOT-FOR-US: rConfig +CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) + NOT-FOR-US: Avira Antivirus +CVE-2019-20789 (Croogo before 3.0.7 allows XSS via the title to admin/menus/menus or a ...) + NOT-FOR-US: Croogo +CVE-2020-12253 + RESERVED +CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) + NOT-FOR-US: Gigamon +CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) + NOT-FOR-US: Gigamon +CVE-2020-12250 + RESERVED +CVE-2020-12249 + RESERVED +CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) + NOT-FOR-US: Foxit +CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) + NOT-FOR-US: Foxit +CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Di ...) + NOT-FOR-US: Beeline Smart Box +CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) + - grafana + NOTE: https://github.com/grafana/grafana/pull/23816 +CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) + {DSA-4691-1} + - pdns-recursor 4.3.1-1 + [jessie] - pdns-recursor (Vulnerable code added later) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 +CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) + {DSA-4666-1 DLA-2199-1} + - openldap 2.4.50+dfsg-1 + NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202 + NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master) + NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50) +CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...) + NOT-FOR-US: Valve +CVE-2020-12241 + RESERVED +CVE-2020-12240 + RESERVED +CVE-2020-12239 + RESERVED +CVE-2020-12238 + RESERVED +CVE-2020-12237 + RESERVED +CVE-2020-12236 + RESERVED +CVE-2020-12235 + RESERVED +CVE-2020-12234 + RESERVED +CVE-2020-12233 + RESERVED +CVE-2020-12232 + RESERVED +CVE-2020-12231 + RESERVED +CVE-2020-12230 + RESERVED +CVE-2020-12229 + RESERVED +CVE-2020-12228 + RESERVED +CVE-2020-12227 + RESERVED +CVE-2020-12226 + RESERVED +CVE-2020-12225 + RESERVED +CVE-2020-12224 + RESERVED +CVE-2020-12223 + RESERVED +CVE-2020-12222 + RESERVED +CVE-2020-12221 + RESERVED +CVE-2020-12220 + RESERVED +CVE-2020-12219 + RESERVED +CVE-2020-12218 + RESERVED +CVE-2020-12217 + RESERVED +CVE-2020-12216 + RESERVED +CVE-2020-12215 + RESERVED +CVE-2020-12214 + RESERVED +CVE-2020-12213 + RESERVED +CVE-2020-12212 + RESERVED +CVE-2020-12211 + RESERVED +CVE-2020-12210 + RESERVED +CVE-2020-12209 + RESERVED +CVE-2020-12208 + RESERVED +CVE-2020-12207 + RESERVED +CVE-2020-12206 + RESERVED +CVE-2020-12205 + RESERVED +CVE-2020-12204 + RESERVED +CVE-2020-12203 + RESERVED +CVE-2020-12202 + RESERVED +CVE-2020-12201 + RESERVED +CVE-2020-12200 + RESERVED +CVE-2020-12199 + RESERVED +CVE-2020-12198 + RESERVED +CVE-2020-12197 + RESERVED +CVE-2020-12196 + RESERVED +CVE-2020-12195 + RESERVED +CVE-2020-12194 + RESERVED +CVE-2020-12193 + RESERVED +CVE-2020-12192 + RESERVED +CVE-2020-12191 + RESERVED +CVE-2020-12190 + RESERVED +CVE-2020-12189 + RESERVED +CVE-2020-12188 + RESERVED +CVE-2020-12187 + RESERVED +CVE-2020-12186 + RESERVED +CVE-2020-12185 + RESERVED +CVE-2020-12184 + RESERVED +CVE-2020-12183 + RESERVED +CVE-2020-12182 + RESERVED +CVE-2020-12181 + RESERVED +CVE-2020-12180 + RESERVED +CVE-2020-12179 + RESERVED +CVE-2020-12178 + RESERVED +CVE-2020-12177 + RESERVED +CVE-2020-12176 + RESERVED +CVE-2020-12175 + RESERVED +CVE-2020-12174 + RESERVED +CVE-2020-12173 + RESERVED +CVE-2020-12172 + RESERVED +CVE-2020-12171 + RESERVED +CVE-2020-12170 + RESERVED +CVE-2020-12169 + RESERVED +CVE-2020-12168 + RESERVED +CVE-2020-12167 + RESERVED +CVE-2020-12166 + RESERVED +CVE-2020-12165 + RESERVED +CVE-2020-12164 + RESERVED +CVE-2020-12163 + RESERVED +CVE-2020-12162 + RESERVED +CVE-2020-12161 + RESERVED +CVE-2020-12160 + RESERVED +CVE-2020-12159 + RESERVED +CVE-2020-12158 + RESERVED +CVE-2020-12157 + RESERVED +CVE-2020-12156 + RESERVED +CVE-2020-12155 + RESERVED +CVE-2020-12154 + RESERVED +CVE-2020-12153 + RESERVED +CVE-2020-12152 + RESERVED +CVE-2020-12151 + RESERVED +CVE-2020-12150 + RESERVED +CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM ...) + NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software +CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...) + NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software +CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) + NOT-FOR-US: Silver Peak Unity Orchestrator +CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) + NOT-FOR-US: Silver Peak Unity Orchestrator +CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or ...) + NOT-FOR-US: Silver Peak Unity Orchestrator +CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) + NOT-FOR-US: Silver Peak Cloud Portal +CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) + NOT-FOR-US: EdgeConnect +CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...) + NOT-FOR-US: EdgeConnect +CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...) + NOT-FOR-US: SNMP stack in Contiki-NG +CVE-2020-12140 (A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Co ...) + NOT-FOR-US: Contiki-NG +CVE-2020-12139 + RESERVED +CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) + NOT-FOR-US: AMD ATI atillk64.sys specific issue +CVE-2020-12136 + RESERVED +CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) + - duo-unix (unimportant; bug #958998) + NOTE: Embedded older version, but affected function not used +CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...) + NOT-FOR-US: Nanometrics Centaur / TitanSMA +CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...) + NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa +CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...) + NOT-FOR-US: Fifthplay +CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...) + NOT-FOR-US: AirDisk Pro app for iOS +CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...) + NOT-FOR-US: AirDisk Pro app for iOS +CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) + NOT-FOR-US: AirDisk Pro app for iOS +CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) + NOT-FOR-US: DONG JOO CHO File Transfer iFamily +CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...) + NOT-FOR-US: WAVLINK +CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...) + NOT-FOR-US: WAVLINK +CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...) + NOT-FOR-US: WAVLINK +CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...) + NOT-FOR-US: WAVLINK +CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...) + NOT-FOR-US: WAVLINK +CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...) + NOT-FOR-US: Max Secure Max Spyware Detector +CVE-2020-12121 + RESERVED +CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) + NOT-FOR-US: PrestaShop +CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...) + NOT-FOR-US: Ledger Live +CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) + NOT-FOR-US: Binance tss-lib +CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) + NOT-FOR-US: Moxa +CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-12115 + RESERVED +CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.3.7-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 +CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) + NOT-FOR-US: BigBlueButton +CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...) + NOT-FOR-US: BigBlueButton +CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...) + NOT-FOR-US: TP-Link +CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects ...) + NOT-FOR-US: TP-Link +CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) + NOT-FOR-US: TP-Link +CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) + {DSA-4991-1 DLA-2276-1 DLA-2204-1} + - mailman + NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 + NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844 +CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) + NOT-FOR-US: VPNCrypt +CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...) + NOT-FOR-US: VPNCrypt +CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...) + - openconnect (unimportant; bug #959428) + [jessie] - openconnect (Vulnerable code introduced later) + NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96 + NOTE: Only an issue if building with OpenSSL, where Debian binary packages use + NOTE: GnuTLS. +CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...) + NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress +CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...) + NOT-FOR-US: Tiny File Manager +CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...) + NOT-FOR-US: Tiny File Manager +CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...) + NOT-FOR-US: xt:Commerce +CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...) + {DSA-4745-1 DLA-2328-1} + - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) + NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1 + NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad + NOTE: https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b + NOTE: https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405 + NOTE: https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801 + NOTE: https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667 + NOTE: https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b + NOTE: https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3 + NOTE: https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490 + NOTE: https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049 + NOTE: https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf + NOTE: https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67 + NOTE: https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133 + NOTE: https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4 + NOTE: https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716 + NOTE: https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161 + NOTE: https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3 +CVE-2020-12099 + RESERVED +CVE-2020-12098 + RESERVED +CVE-2020-12097 + RESERVED +CVE-2020-12096 + RESERVED +CVE-2020-12095 + RESERVED +CVE-2020-12094 + RESERVED +CVE-2020-12093 + RESERVED +CVE-2020-12092 + RESERVED +CVE-2020-12091 + RESERVED +CVE-2020-12090 + RESERVED +CVE-2020-12089 + RESERVED +CVE-2020-12088 + RESERVED +CVE-2020-12087 + RESERVED +CVE-2020-12086 + RESERVED +CVE-2020-12085 + RESERVED +CVE-2020-12084 + RESERVED +CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...) + NOT-FOR-US: Code Insight +CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...) + NOT-FOR-US: Insight +CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) + NOT-FOR-US: FlexNet Publisher lmadmin.exe +CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...) + NOT-FOR-US: FlexNet +CVE-2019-20788 (libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCurso ...) + {DLA-2146-1} + - libvncserver 0.9.12+dfsg-9 (bug #954163) + [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u3 + [stretch] - libvncserver 0.9.11+dfsg-1.3~deb9u4 + NOTE: https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed +CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) + {DSA-4664-1 DLA-2200-1} + - mailman (bug #958930) + NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 + NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 +CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...) + NOT-FOR-US: Beaker browser, different from src:beaker +CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...) + NOT-FOR-US: Open-AudIT +CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) + NOT-FOR-US: mappress-google-maps-for-WordPress plugin for WordPress +CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) + NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress +CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) + NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress +CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) + NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress +CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) + NOT-FOR-US: responsive-add-ons plugin for WordPress +CVE-2020-12072 + RESERVED +CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content.) + NOT-FOR-US: Anchor +CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) + NOT-FOR-US: Advanced Woo Search plugin for WordPress +CVE-2020-12069 (In CODESYS V3 products in all versions prior V3.5.16.0 containing the ...) + NOT-FOR-US: Pilz PMC programming tool +CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) + NOT-FOR-US: CODESYS +CVE-2020-12067 (In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Devel ...) + NOT-FOR-US: Pilz PMC programming tool +CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) + {DSA-4763-1} + - teeworlds 0.7.5-1 + [jessie] - teeworlds (Not supported in jessie LTS) + NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 + NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785 +CVE-2020-12065 + RESERVED +CVE-2020-12064 + RESERVED +CVE-2020-12063 (A certain Postfix 2.10.1-7 package could allow an attacker to send an ...) + NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 + NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 + NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals +CVE-2020-12062 (The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to ...) + - openssh 1:8.3p1-1 (unimportant) + NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 + NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894 + NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1 + NOTE: Negligible security impact, a malicious peer can achieve no more than already + NOTE: able o achieve within the scp protocol. +CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...) + NOT-FOR-US: Nitrokey firmware +CVE-2020-12060 + RESERVED +CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) + {DLA-3629-1} + - ceph 14.2.4-1 + [stretch] - ceph (Vulnerable code introduced later) + [jessie] - ceph (Vulnerable code introduced later) + NOTE: https://tracker.ceph.com/issues/44967 + NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1) + NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) + NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. +CVE-2019-20787 (Teeworlds before 0.7.4 has an integer overflow when computing a tilema ...) + NOTE: Duplicate of CVE-2019-10877 +CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...) + NOT-FOR-US: osCommerce CE Phoenix +CVE-2020-12057 + RESERVED +CVE-2020-12056 + RESERVED +CVE-2020-12055 + RESERVED +CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...) + NOT-FOR-US: Catch Breadcrumb plugin for WordPress +CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...) + NOT-FOR-US: Unisys Stealth +CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS.) + - grafana +CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...) + NOT-FOR-US: MediaWiki extension +CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...) + - sqliteodbc (unimportant) + NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely + NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same + NOTE: issue. +CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServe ...) + {DLA-2235-1} + - dbus 1.12.18-1 + [buster] - dbus 1.12.20-0+deb10u1 + [stretch] - dbus 1.10.32-0+deb9u1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3 + NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 + NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 + NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748 +CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...) + NOT-FOR-US: Phoenix Hemodialysis Delivery System +CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC\u2019s firmware ...) + NOT-FOR-US: Opto 22 SoftPAC Project +CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2020-12044 + RESERVED +CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) + NOT-FOR-US: Opto 22 SoftPAC Project +CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...) + NOT-FOR-US: Baxter Spectrum WBM +CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...) + NOT-FOR-US: Sigma Spectrum Infusion System +CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...) + NOT-FOR-US: Baxter +CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) + NOT-FOR-US: Baxter +CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) + NOT-FOR-US: Baxter +CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) + NOT-FOR-US: Baxter +CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) + NOT-FOR-US: Baxter +CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...) + NOT-FOR-US: FactoryTalk View SE +CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...) + NOT-FOR-US: Emerson WirelessHART Gateway +CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...) + NOT-FOR-US: FactoryTalk View SE +CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...) + NOT-FOR-US: FactoryTalk View +CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...) + NOT-FOR-US: FactoryTalk View SE +CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...) + NOT-FOR-US: Rockwell Automation +CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...) + NOT-FOR-US: Baxter +CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...) + NOT-FOR-US: Philips +CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...) + NOT-FOR-US: OSIsoft PI Web +CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...) + NOT-FOR-US: Baxter +CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...) + NOT-FOR-US: WebAccess Node +CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...) + NOT-FOR-US: GE Grid Solutions Reason RT Clocks +CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions ...) + NOT-FOR-US: Baxter +CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...) + NOT-FOR-US: Mitsubishi +CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...) + NOT-FOR-US: Mitsubishi +CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions ...) + NOT-FOR-US: Baxter +CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...) + NOT-FOR-US: Mitsubishi +CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...) + NOT-FOR-US: Mitsubishi +CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) + NOT-FOR-US: Baxter +CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...) + NOT-FOR-US: Mitsubishi +CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) + NOT-FOR-US: FactoryTalk +CVE-2020-12004 (The affected product lacks proper authentication required to query the ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) + NOT-FOR-US: FactoryTalk +CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) + NOT-FOR-US: FactoryTalk +CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) + NOT-FOR-US: FactoryTalk +CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...) + - activemq (Only affects 5.15.12) + NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt +CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...) + - guacamole-client (bug #1015986) + [stretch] - guacamole-client (Minor issue; fix intrusive to backport) + NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E + NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123 + NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed + NOTE: https://github.com/glyptodon/guacamole-client/pull/453 + NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html + NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14 +CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) + {DSA-4727-1 DLA-2279-1} + - tomcat9 9.0.36-1 + - tomcat8 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 + NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) + NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) +CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its earlier ...) + NOT-FOR-US: Apache Dubbo +CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) + NOT-FOR-US: Apache Camel +CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...) + {DSA-4757-1} + - apache2 2.4.46-1 + [stretch] - apache2 (Too intrusive to backport) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3 + NOTE: https://svn.apache.org/r1879642 + NOTE: https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c +CVE-2020-11992 + REJECTED +CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...) + - cocoon +CVE-2020-11990 (We have resolved a security issue in the camera plugin that could have ...) + NOT-FOR-US: Apache Cordova +CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...) + {DLA-2273-1} + - shiro 1.3.2-5 (bug #988728) + [bullseye] - shiro 1.3.2-4+deb11u1 + [buster] - shiro 1.3.2-4+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 + NOTE: https://github.com/apache/shiro/pull/211 + NOTE: https://issues.apache.org/jira/browse/SHIRO-753 + NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue + NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This + NOTE: CVE is closely related to CVE-2020-1957. +CVE-2020-11988 (Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-sid ...) + - xmlgraphics-commons 2.4-2 (bug #984949) + [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 + [buster] - xmlgraphics-commons 2.3-1+deb10u1 + [stretch] - xmlgraphics-commons (Vulnerable code is not present) + NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183 + NOTE: https://issues.apache.org/jira/browse/XGC-122 +CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...) + {DLA-3619-1} + - batik 1.14-1 (bug #984829) + [bullseye] - batik (Minor issue) + [stretch] - batik (Minor issue) + NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6 +CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) + - netbeans 12.1-1 + [stretch] - netbeans (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 +CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) + - apache2 2.4.25-1 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 + NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299 + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2 + NOTE: Upstream patch: https://svn.apache.org/r1688399 + NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020 +CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...) + {DSA-4757-1 DLA-2362-1} + - apache2 2.4.46-1 + [stretch] - apache2 (Vulnerable code not present) + - uwsgi (unimportant) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/1 + NOTE: https://svn.apache.org/r1880251 + NOTE: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72 + NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} + NOTE: packages which are provided by src:apache2 itself. +CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...) + - airflow (bug #819700) +CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) + - airflow (bug #819700) +CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) + - airflow (bug #819700) +CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...) + - apache-karaf (bug #881297) +CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...) + - ant 1.10.9-1 (bug #971612) + [buster] - ant (Vulnerability not present as CVE-2020-1945 not addressed) + [stretch] - ant (Vulnerability not present as CVE-2020-1945 not addressed) + NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E + NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed. +CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...) + - airflow (bug #819700) +CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...) + NOT-FOR-US: Apache Syncope +CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...) + NOT-FOR-US: Apache Wicket +CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...) + NOT-FOR-US: Apache Unomi +CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote co ...) + NOT-FOR-US: DolphinScheduler +CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...) + NOT-FOR-US: Apache Camel +CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...) + NOT-FOR-US: Apache Camel +CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...) + NOT-FOR-US: Apache Camel +CVE-2020-11970 + REJECTED +CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...) + NOT-FOR-US: Apache TomEE +CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...) + NOT-FOR-US: IQrouter +CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...) + NOT-FOR-US: IQrouter +CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...) + NOT-FOR-US: IQrouter +CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...) + NOT-FOR-US: IQrouter +CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...) + NOT-FOR-US: IQrouter +CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...) + NOT-FOR-US: IQrouter +CVE-2020-11962 + RESERVED +CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...) + NOT-FOR-US: Xiaomi +CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...) + NOT-FOR-US: Xiaomi +CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...) + NOT-FOR-US: Xiaomi +CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) + - re2c 1.3-2 (bug #963158) + [buster] - re2c (Vulnerability introduced later) + [stretch] - re2c (Vulnerability introduced later) + [jessie] - re2c (Vulnerability introduced later) + NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ + NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2) + NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2) + NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070 + NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a +CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...) + NOT-FOR-US: Cypress +CVE-2020-11956 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) + NOT-FOR-US: Rittal PDU-3C002DEC +CVE-2020-11955 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMC ...) + NOT-FOR-US: Rittal PDU-3C002DEC +CVE-2020-11954 + RESERVED +CVE-2020-11953 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMC ...) + NOT-FOR-US: Rittal PDU-3C002DEC +CVE-2020-11952 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) + NOT-FOR-US: Rittal PDU-3C002DEC +CVE-2020-11951 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) + NOT-FOR-US: Rittal PDU-3C002DEC +CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...) + NOT-FOR-US: VIVOTEK Network Cameras +CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...) + NOT-FOR-US: VIVOTEK Network Cameras +CVE-2020-11948 + RESERVED +CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...) + {DSA-4665-1 DLA-2288-1} + - qemu 1:4.2-7 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4) +CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) + NOT-FOR-US: Zoho ManageEngine OpManager +CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) + {DSA-4682-1 DLA-2278-1} + - squid 4.11-1 + - squid3 + NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch +CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...) + NOT-FOR-US: bitcoin-abe +CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...) + NOT-FOR-US: Open-AudIT +CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...) + NOT-FOR-US: Open-AudIT +CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) + NOT-FOR-US: Open-AudIT +CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Introduced in 3.0) + [stretch] - ndpi (Introduced in 3.0) + [jessie] - ndpi (Introduced in 3.0) + NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4) + NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi +CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) + - ndpi 3.4-1 (bug #972050) + [buster] - ndpi (Introduced in 3.0) + [stretch] - ndpi (Introduced in 3.0) + [jessie] - ndpi (Introduced in 3.0) + NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 (3.4) + NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi +CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...) + NOT-FOR-US: Whoopsie +CVE-2020-11936 + RESERVED +CVE-2020-11935 (It was discovered that aufs improperly managed inode reference counts ...) + - aufs (bug #964748) + [buster] - aufs (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release) + [stretch] - aufs (Minor issue; too many other aufs issues open) + NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled. + NOTE: linux/4.9.y had the config enabled, but was disabled in later versions + NOTE: including linux/4.19.y. + NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/ + NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c + NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8 +CVE-2020-11934 (It was discovered that snapctl user-open allowed altering the $XDG_DAT ...) + - snapd 2.45.2-1 + [buster] - snapd (Minor issue) + [stretch] - snapd (Vulnerable code not present) + NOTE: https://github.com/snapcore/snapd/commit/06342a31878f1cf99d56da5483e71b9af61f46ad +CVE-2020-11933 (cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 de ...) + NOT-FOR-US: cloud-init in some Ubuntu images +CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) + NOT-FOR-US: Subiquity installer for Ubuntu +CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) + NOT-FOR-US: Ubuntu snap packaging of Pulseaudio +CVE-2018-21231 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21230 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21229 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21228 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21227 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21226 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2018-21225 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21224 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21223 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21222 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21221 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21220 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21219 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21218 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21217 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21216 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21215 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21214 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21213 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21212 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21211 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21210 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21209 (Certain NETGEAR devices are affected by reflected XSS. This affects JN ...) + NOT-FOR-US: Netgear +CVE-2018-21208 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21207 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21206 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21205 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21204 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21203 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21202 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21201 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21200 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21199 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21198 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21197 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21196 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21195 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21194 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21193 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21192 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21191 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21190 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21189 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21188 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21187 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21186 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21185 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21184 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21183 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21182 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21181 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21178 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21177 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21176 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21175 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21174 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21173 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21172 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21171 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21170 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21169 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21168 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2018-21167 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) + NOT-FOR-US: Netgear +CVE-2018-21166 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2018-21165 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2018-21164 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21163 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21162 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21161 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21160 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.) + NOT-FOR-US: Netgear +CVE-2018-21159 (NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect config ...) + NOT-FOR-US: Netgear +CVE-2018-21158 (NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect config ...) + NOT-FOR-US: Netgear +CVE-2018-21157 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21156 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21155 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2018-21154 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21153 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21152 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21151 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21150 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21149 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21148 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21147 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21146 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21145 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21144 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21143 (NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of ...) + NOT-FOR-US: Netgear +CVE-2018-21142 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2018-21141 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2018-21140 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21139 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2018-21138 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21137 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2018-21136 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2018-21135 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21134 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21133 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21132 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2018-21131 (Certain NETGEAR devices are affected by unauthenticated firmware downg ...) + NOT-FOR-US: Netgear +CVE-2018-21130 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21129 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2018-21128 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2018-21127 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21126 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21125 (NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication ...) + NOT-FOR-US: Netgear +CVE-2018-21124 (NETGEAR WAC510 devices before 5.0.0.17 are affected by privilege escal ...) + NOT-FOR-US: Netgear +CVE-2018-21123 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21122 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2018-21121 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2018-21120 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...) + NOT-FOR-US: Netgear +CVE-2018-21119 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21118 (NETGEAR XR500 devices before 2.3.2.32 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2018-21117 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) + NOT-FOR-US: Netgear +CVE-2018-21116 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) + NOT-FOR-US: Netgear +CVE-2018-21115 (NETGEAR XR500 devices before 2.3.2.32 are affected by remote code exec ...) + NOT-FOR-US: Netgear +CVE-2018-21114 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21113 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2018-21112 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2018-21111 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21110 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21109 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21108 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21107 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21106 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21105 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21104 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21103 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21102 (NETGEAR ReadyNAS devices before 6.9.3 are affected by CSRF.) + NOT-FOR-US: Netgear +CVE-2018-21101 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21100 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21099 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21098 (NETGEAR R7800 devices before 1.0.2.60 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2018-21097 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2018-21096 (Certain NETGEAR devices are affected by CSRF. This affects WAC120 befo ...) + NOT-FOR-US: Netgear +CVE-2018-21095 (Certain NETGEAR devices are affected by stored XSS. This affects SRR60 ...) + NOT-FOR-US: Netgear +CVE-2018-21094 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2018-21093 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18852 (Certain NETGEAR devices are affected by CSRF and authentication bypass ...) + NOT-FOR-US: NETGEAR +CVE-2017-18851 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: NETGEAR +CVE-2017-18850 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: NETGEAR +CVE-2017-18849 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: NETGEAR +CVE-2017-18848 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...) + NOT-FOR-US: NETGEAR +CVE-2017-18847 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: NETGEAR +CVE-2017-18846 (Certain NETGEAR devices are affected by a stack-based buffer overflow. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18845 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2017-18844 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2017-18843 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + NOT-FOR-US: NETGEAR +CVE-2017-18842 (Certain NETGEAR devices are affected by CSRF. This affects R7300 befor ...) + NOT-FOR-US: NETGEAR +CVE-2017-18841 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: NETGEAR +CVE-2017-18840 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: NETGEAR +CVE-2017-18839 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18838 (Certain NETGEAR devices are affected by privilege escalation. This aff ...) + NOT-FOR-US: NETGEAR +CVE-2017-18837 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18836 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: NETGEAR +CVE-2017-18835 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18834 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18833 (Certain NETGEAR devices are affected by reflected XSS. This affects M4 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18832 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18831 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18830 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18829 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18828 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18827 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18826 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18825 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: NETGEAR +CVE-2017-18824 (Certain NETGEAR devices are affected by directory traversal. This affe ...) + NOT-FOR-US: NETGEAR +CVE-2017-18823 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: NETGEAR +CVE-2017-18822 (Certain NETGEAR devices are affected by vertical privilege escalation. ...) + NOT-FOR-US: NETGEAR +CVE-2017-18821 (Certain NETGEAR devices are affected by stored XSS. This affects M4300 ...) + NOT-FOR-US: Netgear +CVE-2017-18820 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18819 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) + NOT-FOR-US: Netgear +CVE-2017-18818 + RESERVED +CVE-2017-18817 + RESERVED +CVE-2017-18816 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) + NOT-FOR-US: Netgear +CVE-2017-18815 (NETGEAR ReadyNAS OS 6 devices, running ReadyNAS OS versions prior to 6 ...) + NOT-FOR-US: Netgear +CVE-2017-18814 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18813 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18812 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18811 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18810 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18809 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18808 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18807 (NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6. ...) + NOT-FOR-US: Netgear +CVE-2017-18806 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18805 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18804 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18803 (NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect config ...) + NOT-FOR-US: Netgear +CVE-2017-18802 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18801 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18800 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...) + NOT-FOR-US: Netgear +CVE-2017-18799 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18798 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18797 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18796 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18795 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18794 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18793 (NETGEAR R7800 devices before 1.0.2.36 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2017-18792 (NETGEAR D6100 devices before 1.0.0.50_0.0.50 are affected by command i ...) + NOT-FOR-US: Netgear +CVE-2017-18791 (Certain NETGEAR devices are affected by CSRF. This affects R6050/JR615 ...) + NOT-FOR-US: Netgear +CVE-2017-18790 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2017-18789 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2017-18788 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18787 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18786 (Certain NETGEAR devices are affected by command injection. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18785 (Certain NETGEAR devices are affected by XSS. This affects D3600 before ...) + NOT-FOR-US: Netgear +CVE-2017-18784 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...) + NOT-FOR-US: Netgear +CVE-2017-18783 (Certain NETGEAR devices are affected by XSS. This affects D6200 before ...) + NOT-FOR-US: Netgear +CVE-2017-18782 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) + NOT-FOR-US: Netgear +CVE-2017-18781 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) + NOT-FOR-US: Netgear +CVE-2017-18780 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18779 (Certain NETGEAR devices are affected by a buffer overflow. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18778 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18777 (Certain NETGEAR devices are affected by administrative password disclo ...) + NOT-FOR-US: Netgear +CVE-2017-18776 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18775 (Certain NETGEAR devices are affected by CSRF. This affects R6100 befor ...) + NOT-FOR-US: Netgear +CVE-2017-18774 + REJECTED +CVE-2017-18773 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18772 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18771 + REJECTED +CVE-2017-18770 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18769 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18768 (Certain NETGEAR devices are affected by CSRF. This affects EX6100 befo ...) + NOT-FOR-US: Netgear +CVE-2017-18767 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18766 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18765 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2017-18764 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18763 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18762 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18761 (NETGEAR R8000 devices before 1.0.4.2 are affected by a stack-based buf ...) + NOT-FOR-US: Netgear +CVE-2017-18760 + REJECTED +CVE-2017-18759 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18758 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18757 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18756 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18755 (Certain NETGEAR devices are affected by CSRF. This affects R6300v2 bef ...) + NOT-FOR-US: Netgear +CVE-2017-18754 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18753 + REJECTED +CVE-2017-18752 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18750 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18749 (Certain NETGEAR devices are affected by CSRF. This affects JNR1010v2 b ...) + NOT-FOR-US: Netgear +CVE-2017-18748 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18747 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18746 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18745 (Certain NETGEAR devices are affected by stored XSS. This affects R6400 ...) + NOT-FOR-US: Netgear +CVE-2017-18744 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18743 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18742 (Certain NETGEAR devices are affected by CSRF. This affects JR6150 befo ...) + NOT-FOR-US: Netgear +CVE-2017-18741 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18740 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18739 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18738 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18737 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18736 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18735 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18734 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2017-18733 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18732 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18731 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18730 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18729 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18728 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18727 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18726 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18725 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18724 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18723 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18722 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18721 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18720 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2017-18719 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18718 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18717 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18716 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18715 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...) + NOT-FOR-US: Netgear +CVE-2017-18714 (NETGEAR WNDR4500v3 devices before 1.0.0.48 are affected by denial of s ...) + NOT-FOR-US: Netgear +CVE-2017-18713 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18712 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18711 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18710 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2017-18709 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18708 (Certain NETGEAR devices are affected by CSRF. This affects R8300 befor ...) + NOT-FOR-US: Netgear +CVE-2017-18707 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2017-18706 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18705 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2017-18704 (Certain NETGEAR devices are affected by an attacker's ability to read ...) + NOT-FOR-US: Netgear +CVE-2017-18703 (Certain NETGEAR devices are affected by CSRF. This affects D1500 befor ...) + NOT-FOR-US: Netgear +CVE-2017-18702 (NETGEAR R6220 devices before 1.1.0.60 are affected by incorrect config ...) + NOT-FOR-US: Netgear +CVE-2017-18701 (Certain NETGEAR devices are affected by reflected XSS. This affects R6 ...) + NOT-FOR-US: Netgear +CVE-2017-18700 (Certain NETGEAR devices are affected by stored XSS. This affects D6400 ...) + NOT-FOR-US: Netgear +CVE-2017-18699 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18698 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2017-18697 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...) + NOT-FOR-US: GTranslate plugin for WordPress +CVE-2020-11929 + RESERVED +CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...) + NOT-FOR-US: media-library-assistant plugin for WordPress +CVE-2020-11927 + RESERVED +CVE-2020-11926 + RESERVED +CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...) + NOT-FOR-US: Luvion Grand Elite 3 Connect +CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...) + NOT-FOR-US: WiZ Colors A60 +CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credentials are ...) + NOT-FOR-US: WiZ Colors A60 +CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...) + NOT-FOR-US: WiZ Colors A60 +CVE-2020-11921 + RESERVED +CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) + NOT-FOR-US: Svakom Siime Eye +CVE-2020-11919 + RESERVED +CVE-2020-11918 + RESERVED +CVE-2020-11917 + RESERVED +CVE-2020-11916 + RESERVED +CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) + NOT-FOR-US: Svakom Siime Eye +CVE-2019-20786 (handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a chec ...) + NOT-FOR-US: Pion DTLS +CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...) + NOT-FOR-US: Treck TCP/IP stack / Cisco +CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) + - ming + NOTE: https://github.com/libming/libming/issues/197 +CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) + - ming + NOTE: https://github.com/libming/libming/issues/196 +CVE-2020-11893 + RESERVED +CVE-2020-11892 + RESERVED +CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) + NOT-FOR-US: Joomla! +CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...) + NOT-FOR-US: Joomla! +CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) + NOT-FOR-US: Joomla! +CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) + - python-markdown2 2.3.9-1 (bug #959445) + [buster] - python-markdown2 2.3.7-2+deb10u1 + NOTE: https://github.com/trentm/python-markdown2/issues/348 +CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) + NOT-FOR-US: svg2png +CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) + - opennms (bug #450615) +CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) + NOT-FOR-US: WSO2 Enterprise Integrator +CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...) + {DSA-4667-1} + - linux 5.6.7-1 + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 +CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) + NOT-FOR-US: Divante vue-storefront-api +CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) + NOT-FOR-US: O2 Business +CVE-2020-11881 (An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7 ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) + - kmail 4:20.04.1-1 (bug #958054) + [buster] - kmail (Minor issue) + - kdepim + [stretch] - kdepim (Minor issue) + [jessie] - kdepim (Minor issue) + NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1 +CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) + - evolution 3.36.0-1 + [buster] - evolution (Minor issue) + [stretch] - evolution (Minor issue) + [jessie] - evolution (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 + NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 +CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) + - jitsi-meet (bug #760485) +CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 a ...) + NOT-FOR-US: Zoom Client for Meetings +CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash o ...) + NOT-FOR-US: Zoom Client for Meetings +CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) + NOT-FOR-US: LG mobile devices +CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) + NOT-FOR-US: OpenTrace +CVE-2020-11871 + RESERVED +CVE-2020-11870 + RESERVED +CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...) + - qemu 1:5.0-1 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 + NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2 +CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...) + {DLA-2201-1} + - ntp 1:4.2.8p14+dfsg-1 + [buster] - ntp (Minor issue) + [stretch] - ntp (Minor issue) + - ntpsec (Doesn't affect ntpsec per upstream, #958027) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592 + NOTE: http://bugs.ntp.org/3592 + NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg + NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665 + NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651 +CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...) + - audacity 2.4.2~dfsg0-4 (bug #976874) + [buster] - audacity (Minor issue) + [stretch] - audacity (Minor issue) + NOTE: https://github.com/audacity/audacity/pull/700 +CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) + - libemf 1.0.12-1 + [buster] - libemf (Minor issue) +CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) + - libemf 1.0.12-1 + [buster] - libemf (Minor issue) +CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) + - libemf 1.0.12-1 + [buster] - libemf (Minor issue) +CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) + - libemf 1.0.12-1 + [buster] - libemf (Minor issue) +CVE-2019-20785 (An issue was discovered on LG mobile devices with Android OS 8.0 and 8 ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20784 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20783 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20782 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20781 (An issue was discovered in LG Bridge before April 2019 on Windows. DLL ...) + NOT-FOR-US: LG Bridge +CVE-2019-20780 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20779 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20778 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20777 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20776 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20775 (An issue was discovered on LG mobile devices with Android OS 9.0 (Qual ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20774 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20773 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20772 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20771 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20770 (An issue was discovered on LG mobile devices with Android OS 9.0 softw ...) + NOT-FOR-US: LG mobile devices +CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (aka LG P ...) + NOT-FOR-US: LG PC Suite +CVE-2020-11862 + RESERVED +CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) + NOT-FOR-US: Micro Focus +CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...) + NOT-FOR-US: Micro Focus +CVE-2020-11859 + RESERVED +CVE-2020-11858 (Code execution with escalated privileges vulnerability in Micro Focus ...) + NOT-FOR-US: Micro Focus +CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) + NOT-FOR-US: Micro Focus +CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus Operation Bridge ...) + NOT-FOR-US: Micro Focus +CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) + NOT-FOR-US: Micro Focus +CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge Manager, App ...) + NOT-FOR-US: Micro Focus +CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple Micro Focus ...) + NOT-FOR-US: Micro Focus +CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...) + NOT-FOR-US: Micro Focus +CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...) + NOT-FOR-US: Micro Focus +CVE-2020-11850 + RESERVED +CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) + NOT-FOR-US: Micro Focus +CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...) + NOT-FOR-US: Micro Focus +CVE-2020-11847 + RESERVED +CVE-2020-11846 + RESERVED +CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) + NOT-FOR-US: Micro Focus +CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...) + NOT-FOR-US: Micro Focus +CVE-2020-11843 + RESERVED +CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) + NOT-FOR-US: Micro Focus +CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) + NOT-FOR-US: Micro Focus +CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) + NOT-FOR-US: Micro Focus +CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...) + NOT-FOR-US: Micro Focus +CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...) + NOT-FOR-US: Micro Focus +CVE-2020-11837 + RESERVED +CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...) + NOT-FOR-US: OPPO Android Phone +CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...) + NOT-FOR-US: oppo +CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...) + NOT-FOR-US: oppo +CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...) + NOT-FOR-US: oppo +CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...) + NOT-FOR-US: oppo +CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...) + NOT-FOR-US: OvoiceManager +CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...) + NOT-FOR-US: QualityProtect +CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...) + NOT-FOR-US: com.coloros.codebook (oppo.com) +CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) + NOT-FOR-US: ColorOS +CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...) + NOT-FOR-US: GOG Galaxy client +CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) + NOT-FOR-US: Memono +CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) + - dolibarr +CVE-2020-11824 + RESERVED +CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) + - dolibarr +CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...) + NOT-FOR-US: qdPM +CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) + NOT-FOR-US: Rukovoditel +CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...) + NOT-FOR-US: qdPM +CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...) + {DLA-2992-1} + - openvpn 2.4.9-1 (low) + [buster] - openvpn 2.4.7-1+deb10u1 + [jessie] - openvpn (Vulnerable code introduced in 2.4) + NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab +CVE-2020-11809 + RESERVED +CVE-2020-11808 + RESERVED +CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) + NOT-FOR-US: Sourcefabric Newscoop +CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) + NOT-FOR-US: MailStore Outlook Add-in +CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...) + NOT-FOR-US: Pexip Reverse Proxy and TURN Server +CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) + NOT-FOR-US: Titan SpamTitan +CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) + NOT-FOR-US: Titan SpamTitan +CVE-2020-11802 + RESERVED +CVE-2020-11801 + RESERVED +CVE-2019-20768 (ServiceNow IT Service Management Kingston through Patch 14-1, London t ...) + NOT-FOR-US: ServiceNow IT Service Management Kingston +CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...) + {DLA-2461-1} + - zabbix 1:4.0.0+dfsg-1 + NOTE: https://support.zabbix.com/browse/DEV-1538 + NOTE: https://support.zabbix.com/browse/ZBX-17600 + NOTE: https://support.zabbix.com/browse/ZBXSEC-30 (not public) + NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/85453e04656fc7bd8a6790f5295d79410101745c +CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) + NOT-FOR-US: Z-Cron +CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...) + NOT-FOR-US: Mitel +CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...) + NOT-FOR-US: Mitel +CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) + NOT-FOR-US: JetBrains Space +CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) + NOT-FOR-US: JetBrains Space +CVE-2020-11794 + RESERVED +CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) + {DSA-4658-1} + - webkit2gtk 2.28.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.1-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0004.html +CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) + NOT-FOR-US: Netgear +CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) + NOT-FOR-US: Netgear +CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) + NOT-FOR-US: Netgear +CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) + NOT-FOR-US: Netgear +CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2019-20767 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20766 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2019-20765 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2019-20764 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2019-20763 (NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based bu ...) + NOT-FOR-US: Netgear +CVE-2019-20762 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20761 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2019-20760 (NETGEAR R9000 devices before 1.0.4.26 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2019-20759 (NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2019-20758 (NETGEAR R7000 devices before 1.0.9.42 are affected by a buffer overflo ...) + NOT-FOR-US: Netgear +CVE-2019-20757 (NETGEAR R7800 devices before 1.0.2.62 are affected by command injectio ...) + NOT-FOR-US: Netgear +CVE-2019-20756 (Certain NETGEAR devices are affected by reflected XSS. This affects EX ...) + NOT-FOR-US: Netgear +CVE-2019-20755 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20754 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20753 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20752 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2019-20751 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20750 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2019-20749 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2019-20748 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20747 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20746 (Certain NETGEAR devices are affected by reflected XSS. This affects D3 ...) + NOT-FOR-US: Netgear +CVE-2019-20745 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20744 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) + NOT-FOR-US: Netgear +CVE-2019-20743 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2019-20742 (NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2019-20741 (NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of s ...) + NOT-FOR-US: Netgear +CVE-2019-20740 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20739 (NETGEAR R8500 devices before v1.0.2.128 are affected by a buffer overf ...) + NOT-FOR-US: Netgear +CVE-2019-20738 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) + NOT-FOR-US: Netgear +CVE-2019-20737 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20736 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20735 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20734 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2019-20733 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20732 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20731 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20730 (Certain NETGEAR devices are affected by SQL injection. This affects D3 ...) + NOT-FOR-US: Netgear +CVE-2019-20729 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2019-20728 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20727 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20726 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20725 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20724 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20723 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20722 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20721 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) + NOT-FOR-US: Netgear +CVE-2019-20720 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2019-20719 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20718 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20717 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2019-20716 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20715 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2019-20714 (Certain NETGEAR devices are affected by stored XSS. This affects D3600 ...) + NOT-FOR-US: Netgear +CVE-2019-20713 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20712 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20711 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20710 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20709 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20708 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20707 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20706 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20705 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20704 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20703 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20702 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20701 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20700 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20699 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2019-20698 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2019-20697 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20696 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2019-20695 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2019-20694 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2019-20693 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2019-20692 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20691 (Certain NETGEAR devices are affected by CSRF. This affects D3600 befor ...) + NOT-FOR-US: Netgear +CVE-2019-20690 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2019-20689 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20688 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20687 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2019-20686 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) + NOT-FOR-US: Netgear +CVE-2019-20685 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20684 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20683 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20682 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...) + NOT-FOR-US: Netgear +CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...) + NOT-FOR-US: Netgear +CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the ...) + NOT-FOR-US: Netgear +CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20668 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20667 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20666 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20665 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20664 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20663 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20662 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20661 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20660 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...) + NOT-FOR-US: Netgear +CVE-2019-20659 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20658 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) + NOT-FOR-US: Netgear +CVE-2019-20657 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20656 (Certain NETGEAR devices are affected by a hardcoded password. This aff ...) + NOT-FOR-US: Netgear +CVE-2019-20655 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20654 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) + NOT-FOR-US: Netgear +CVE-2019-20653 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2019-20652 (NETGEAR WAC505 devices before 8.2.1.16 are affected by disclosure of s ...) + NOT-FOR-US: Netgear +CVE-2019-20651 (Certain NETGEAR devices are affected by command injection by an authen ...) + NOT-FOR-US: Netgear +CVE-2019-20650 (Certain NETGEAR devices are affected by denial of service. This affect ...) + NOT-FOR-US: Netgear +CVE-2019-20649 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) + NOT-FOR-US: Netgear +CVE-2019-20648 (NETGEAR RN42400 devices before 6.10.2 are affected by incorrect config ...) + NOT-FOR-US: Netgear +CVE-2019-20647 (NETGEAR RAX40 devices before 1.0.3.64 are affected by denial of servic ...) + NOT-FOR-US: Netgear +CVE-2019-20646 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of ad ...) + NOT-FOR-US: Netgear +CVE-2019-20645 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2019-20644 (NETGEAR RAX40 devices before 1.0.3.62 are affected by stored XSS.) + NOT-FOR-US: Netgear +CVE-2019-20643 (NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of se ...) + NOT-FOR-US: Netgear +CVE-2019-20642 (NETGEAR RAX40 devices before 1.0.3.64 are affected by authentication b ...) + NOT-FOR-US: Netgear +CVE-2019-20641 (NETGEAR RAX40 devices before 1.0.3.64 are affected by lack of access c ...) + NOT-FOR-US: Netgear +CVE-2019-20640 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) + NOT-FOR-US: Netgear +CVE-2019-20639 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...) + NOT-FOR-US: Netgear +CVE-2019-20638 (NETGEAR MR1100 devices before 12.06.08.00 are affected by disclosure o ...) + NOT-FOR-US: Netgear +CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) + NOT-FOR-US: Istio +CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) + NOT-FOR-US: iFAX AvantFAX +CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) +CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Minor issue) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bad53af7eebed507564dd5fc90320e4c6a6c0bc +CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Minor issue) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 +CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) +CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Minor issue) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/801272c9bf8b84a66c62f1e8a4490ece81da6a56 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/43cd3ad47d53356da6ae2e983e47c8313aebf72e + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ea3349896d4a8a3b523e8f3b830334a85240b1e6 +CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Minor issue) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 +CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f + NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) +CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) + {DSA-4755-1 DLA-2358-1} + [experimental] - openexr 2.5.0-1 + - openexr 2.5.3-2 (bug #959444) + [jessie] - openexr (SSE support introduced in v2.0) + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c +CVE-2020-11757 + RESERVED +CVE-2020-11756 + RESERVED +CVE-2020-11755 + RESERVED +CVE-2020-11754 + RESERVED +CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...) + NOT-FOR-US: Sonatype +CVE-2020-11752 + RESERVED +CVE-2020-11751 + RESERVED +CVE-2020-11750 + RESERVED +CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in ...) + NOT-FOR-US: Pandora FMS +CVE-2020-11748 + RESERVED +CVE-2020-11747 + REJECTED +CVE-2020-11746 + RESERVED +CVE-2020-11745 + RESERVED +CVE-2020-11744 + RESERVED +CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) + {DSA-4723-1} + - xen 4.11.4-1 + [stretch] - xen (DSA 4602-1) + [jessie] - xen (Not supported in jessie LTS) + NOTE: https://xenbits.xen.org/xsa/advisory-316.html +CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) + {DSA-4723-1} + - xen 4.11.4-1 + [stretch] - xen (DSA 4602-1) + [jessie] - xen (Not supported in jessie LTS) + NOTE: https://xenbits.xen.org/xsa/advisory-318.html +CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) + {DSA-4723-1} + - xen 4.11.4-1 + [stretch] - xen (DSA 4602-1) + [jessie] - xen (Not supported in jessie LTS) + NOTE: https://xenbits.xen.org/xsa/advisory-313.html +CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) + {DSA-4723-1} + - xen 4.11.4-1 + [stretch] - xen (DSA 4602-1) + [jessie] - xen (Not supported in jessie LTS) + NOTE: https://xenbits.xen.org/xsa/advisory-313.html +CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) + {DSA-4723-1} + - xen 4.11.4-1 + [stretch] - xen (DSA 4602-1) + [jessie] - xen (Not supported in jessie LTS) + NOTE: https://xenbits.xen.org/xsa/advisory-314.html +CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...) + NOT-FOR-US: Snap Creek Duplicator plugin for WordPress +CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...) + NOT-FOR-US: Zimbra +CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...) + - wolfssl 4.4.0+dfsg-1 + NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f +CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) + {DLA-2180-1} + - file-roller 3.36.2-1 (bug #956638) + [buster] - file-roller 3.30.1-2+deb10u1 + [stretch] - file-roller 3.22.3-1+deb9u2 + NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 +CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) + NOT-FOR-US: CyberSolutions CyberMail +CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...) + NOT-FOR-US: Spirent +CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) + NOT-FOR-US: Media Library Assistant plugin for WordPress +CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) + NOT-FOR-US: Media Library Assistant plugin for WordPress +CVE-2020-11730 + RESERVED +CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) + {DSA-4660-1 DLA-2178-1} + - awl 0.61-1 (bug #956650) + NOTE: https://gitlab.com/davical-project/awl/-/issues/18 + NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd +CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) + {DSA-4660-1 DLA-2178-1} + - awl 0.61-1 (bug #956650) + NOTE: https://gitlab.com/davical-project/awl/-/issues/19 + NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 +CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...) + NOT-FOR-US: AlgolPlus +CVE-2020-11726 + RESERVED +CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) + {DSA-4750-1 DLA-2283-1} + - nginx 1.18.0-5 (bug #964950) + NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests) + NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15) + NOTE: nginx packages include ngx_lua in debian/modules/ +CVE-2020-11725 (snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5 ...) + - linux (unimportant) + NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 + NOTE: Disputed security-impact across the kernel community +CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) + NOT-FOR-US: Cellebrite UFED +CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) + - crawl 2:0.25.0-1 (bug #958232) + [buster] - crawl (Minor issue) + [stretch] - crawl (Minor issue) + [jessie] - crawl (Minor issue) + NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html + NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 + NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 +CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) + - libsixel 1.10.3-1 (low; bug #972641) + [bullseye] - libsixel (Minor issue) + [buster] - libsixel (Minor issue) + [stretch] - libsixel (Minor issue) + [jessie] - libsixel (Minor issue) + NOTE: https://github.com/saitoha/libsixel/issues/134 + NOTE: https://github.com/libsixel/libsixel/issues/9 + NOTE: https://github.com/libsixel/libsixel/pull/10 + NOTE: https://github.com/libsixel/libsixel/commit/e71aacc97b5f756948b13c1228877d29395c7b55 (v1.9.0) + NOTE: Since 1.10.3-1 the Debian package moved from https://github.com/saitoha/libsixel to https://github.com/libsixel/libsixel fork +CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) + NOT-FOR-US: Programi Bilanc +CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) + NOT-FOR-US: Programi Bilanc +CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) + NOT-FOR-US: Programi Bilanc +CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...) + NOT-FOR-US: Programi +CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...) + NOT-FOR-US: Panasonic +CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) + NOT-FOR-US: Panasonic +CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) + NOT-FOR-US: eten PSG-6528VM 1.1 devices +CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) + - wolfssl 4.4.0+dfsg-1 (bug #960190) + NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ +CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) + NOT-FOR-US: Open Upload +CVE-2020-11711 (An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored ...) + NOT-FOR-US: Stormshield SNS +CVE-2020-11710 (An issue was discovered in docker-kong (for Kong) through 2.0.3. The a ...) + NOT-FOR-US: docker-kong +CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) + - cpp-httplib (Fixed before initial upload to Debian) + NOTE: https://github.com/yhirose/cpp-httplib/issues/425 + NOTE: https://github.com/yhirose/cpp-httplib/commit/85327e19ae7e72028c30917247238d638ce56d0b (v0.5.9) +CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) + NOT-FOR-US: ProVide (formerly zFTPServer) +CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) + NOT-FOR-US: Titan SpamTitan +CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) + NOT-FOR-US: Titan SpamTitan +CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) + NOT-FOR-US: Titan SpamTitan +CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) + NOT-FOR-US: Combodo iTop +CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) + NOT-FOR-US: Combodo iTop +CVE-2020-11695 + RESERVED +CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) + - pycharm (bug #742394) +CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) + NOT-FOR-US: JetBrains YouTrack +CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) + NOT-FOR-US: JetBrains Hub +CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) + - intellij-idea (bug #747616) +CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) + NOT-FOR-US: JetBrains TeamCity +CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) + NOT-FOR-US: JetBrains GoLand +CVE-2015-9547 (An issue was discovered on Samsung mobile devices with JBP(4.3) and KK ...) + NOT-FOR-US: Samsung mobile devices +CVE-2015-9546 (An issue was discovered on Samsung mobile devices with KK(4.4) and lat ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...) + NOT-FOR-US: Microchip AT91bootstrap +CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...) + NOT-FOR-US: Microchip AT91bootstrap +CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...) + NOT-FOR-US: Castel NextGen DVR +CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...) + NOT-FOR-US: Castel NextGen DVR +CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...) + NOT-FOR-US: Castel NextGen DVR +CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...) + NOT-FOR-US: Castel NextGen DVR +CVE-2020-11678 + RESERVED +CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).) + NOT-FOR-US: Cerner medico +CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).) + NOT-FOR-US: Cerner medico +CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).) + NOT-FOR-US: Cerner medico +CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...) + NOT-FOR-US: Cerner medico +CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) + NOT-FOR-US: Responsive Poll for WordPress +CVE-2020-11672 + RESERVED +CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...) + - teampass (bug #730180) +CVE-2020-11670 + RESERVED +CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) + - linux 5.2.6-1 + [buster] - linux 4.19.118-1 + [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) + [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) + NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 + NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 +CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 +CVE-2020-11667 + RESERVED +CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...) + NOT-FOR-US: CA API Developer Portal +CVE-2020-11657 + RESERVED +CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) + - sqlite3 3.32.0-1 (unimportant) + - sqlite (ALTER TABLE not available in v2) + NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 + NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 + NOTE: https://www.sqlite.org/src/info/b64674919f673602 + NOTE: Negliglible security impact (and uncovered in DEBUG build) +CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) + {DLA-2340-1 DLA-2203-1} + - sqlite3 3.31.1-5 + [buster] - sqlite3 (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354) + - sqlite (window functions not present in v2) + NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c + NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed + NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 + NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354 + NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718 + NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae +CVE-2020-11654 + RESERVED +CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) + {DLA-3208-1} + - varnish 6.4.0-1 (bug #956307) + [stretch] - varnish (Only affects 6.x) + [jessie] - varnish (Only affects 6.x) + NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 + NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 +CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) + {DSA-4676-2 DSA-4676-1 DLA-2223-1} + - salt 3000.2+dfsg1-1 (bug #959684) + NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst + NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd +CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) + {DSA-4676-2 DSA-4676-1 DLA-2223-1} + - salt 3000.2+dfsg1-1 (bug #959684) + NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst + NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 (v3000.2) + NOTE: Regression: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue + NOTE: Regression fix: https://github.com/saltstack/salt/commit/cea28c850f7562fd3b869a1bbcc95050ab19e0f1 (v3000.3) + NOTE: See also https://gitlab.com/saltstack/open/salt-patches/-/tree/master/patches/2020/04/14/ +CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) + NOT-FOR-US: FreeNAS +CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) + [experimental] - gitlab 12.9.3+dfsg-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ +CVE-2020-11648 + RESERVED +CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) + {DLA-2547-1} + - wireshark 3.2.3-1 (low; bug #958213) + [buster] - wireshark 2.6.20-0+deb10u1 + [jessie] - wireshark (Minor, can be fixed along in a future update) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html +CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...) + - varnish 6.4.0-1 (bug #956305) + [buster] - varnish (Minor issue) + [stretch] - varnish (Minor issue) + [jessie] - varnish (Vulnerability introduced later, PoC not leaking) + NOTE: http://varnish-cache.org/security/VSV00004.html#vsv00004 + NOTE: https://github.com/varnishcache/varnish-cache/commit/bd7b3d6d47ccbb5e1747126f8e2a297f38e56b8c (6.x fix) + NOTE: https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734 (test case / reproducer) + NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0) + NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0) +CVE-2020-11646 (A log information disclosure vulnerability in B&R GateManager 4260 and ...) + NOT-FOR-US: B&R GateManager +CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260 and 9250 ver ...) + NOT-FOR-US: B&R GateManager +CVE-2020-11644 (The information disclosure vulnerability present in B&R GateManager 42 ...) + NOT-FOR-US: B&R GateManager +CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager 4260 and 92 ...) + NOT-FOR-US: B&R GateManager +CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManager vers ...) + NOT-FOR-US: B&R SiteManager +CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions <9.2. ...) + NOT-FOR-US: B&R GateManager +CVE-2020-11640 + RESERVED +CVE-2020-11639 + RESERVED +CVE-2020-11638 + RESERVED +CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versions < ...) + NOT-FOR-US: B&R Automation Runtime +CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) + {DLA-2241-1} + - linux 5.4.13-1 + [buster] - linux 4.19.98-1 + [stretch] - linux 4.9.210-1 + NOTE: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 +CVE-2020-11636 + RESERVED +CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...) + NOT-FOR-US: Zscaler Client Connector for Windows +CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote the sear ...) + NOT-FOR-US: Zscaler Client Connector +CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) + NOT-FOR-US: EJBCA / PrimeKey +CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) + NOT-FOR-US: AvertX +CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) + NOT-FOR-US: AvertX +CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) + NOT-FOR-US: AvertX +CVE-2020-11622 (A vulnerability exists in Arista\u2019s Cloud EOS VM / vEOS 4.23.2M an ...) + NOT-FOR-US: Cloud EOS +CVE-2020-11621 + RESERVED +CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...) + NOT-FOR-US: THOMSON +CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) + NOT-FOR-US: THOMSON +CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) + NOT-FOR-US: Mids' Reborn Hero Designer +CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) + NOT-FOR-US: Mids' Reborn Hero Designer +CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) + {DSA-4885-1 DLA-2364-1} + - netty 1:4.1.48-1 + [jessie] - netty (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) + NOTE: https://github.com/netty/netty/issues/6168 + NOTE: https://github.com/netty/netty/pull/9924 + NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 +CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) + NOT-FOR-US: xdLocalStorage +CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) + NOT-FOR-US: xdLocalStorage +CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 +CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 +CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21092 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21091 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21090 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21089 (An issue was discovered on Samsung mobile devices with N(7.x) (MT6755/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21088 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21087 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21086 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21085 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21084 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21083 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21082 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21081 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21080 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21079 (An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21078 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21077 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21076 (An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21075 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21074 (An issue was discovered on Samsung mobile devices with M(6.x) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21073 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21072 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21071 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21070 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21069 (An issue was discovered on Samsung mobile devices with N(7.x) (MediaTe ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21068 (An issue was discovered on Samsung mobile devices with O(8.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21067 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21066 (An issue was discovered on Samsung mobile devices with M(6.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21065 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21064 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21063 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21062 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21061 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21060 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21059 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21058 (An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21057 (An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, a ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21056 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21055 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21054 (An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21053 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21052 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21051 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21050 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21049 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21048 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21047 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21046 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21045 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21044 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21043 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21042 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21041 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21040 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21039 (An issue was discovered on Samsung mobile devices with N(7.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18696 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18695 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18694 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18693 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18692 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18691 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18690 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18689 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18688 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18687 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18686 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18685 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18684 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18683 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18682 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18681 (An issue was discovered on Samsung Galaxy S5 mobile devices with softw ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18680 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18679 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18678 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18677 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18676 (An issue was discovered on Samsung mobile devices with N(7.0) (Qualcom ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18675 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18674 (An issue was discovered on Samsung mobile devices with N(7.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18673 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18672 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18671 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18670 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18669 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18668 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18667 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18666 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18665 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18664 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18663 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18662 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18661 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18660 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18659 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18658 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18657 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18656 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18655 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18654 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18653 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18652 (An issue was discovered on Samsung mobile devices with M(6.0) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18651 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18650 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18649 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18648 (An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18647 (An issue was discovered on Samsung mobile devices with M(6,x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18646 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18645 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18644 (An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2017-18643 (An issue was discovered on Samsung mobile devices with M(6.x) and N(7. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11053 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11052 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11051 + REJECTED +CVE-2016-11050 (An issue was discovered on Samsung mobile devices with S3(KK), Note2(K ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11049 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11048 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spr ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11047 (An issue was discovered on Samsung mobile devices with JBP(4.2) and KK ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11046 (An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11045 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) soft ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11044 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11043 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11042 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11041 (An issue was discovered on Samsung mobile devices with KK(4.4) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11040 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) (wit ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11039 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11038 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11037 + REJECTED +CVE-2016-11036 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11035 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11034 (An issue was discovered on Samsung mobile devices with L(5.0/5.1) and ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11033 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11032 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11031 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11030 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11029 (An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11028 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11027 (An issue was discovered on Samsung mobile devices with M(6.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11026 (An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/ ...) + NOT-FOR-US: Samsung mobile devices +CVE-2016-11025 (An issue was discovered on Samsung mobile devices with software throug ...) + NOT-FOR-US: Samsung mobile devices +CVE-2015-9545 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...) + NOT-FOR-US: xdLocalStorage +CVE-2015-9544 (An issue was discovered in xdLocalStorage through 2.0.5. The receiveMe ...) + NOT-FOR-US: xdLocalStorage +CVE-2013-7488 (perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 ...) + - libconvert-asn1-perl 0.27-3 (bug #956186) + [buster] - libconvert-asn1-perl (Minor issue) + [stretch] - libconvert-asn1-perl (Minor issue) + [jessie] - libconvert-asn1-perl (Minor issue) + NOTE: https://github.com/gbarr/perl-Convert-ASN1/issues/14 +CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) + NOT-FOR-US: CIPPlanner +CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) + NOT-FOR-US: DNN (formerly DotNetNuke) +CVE-2020-11584 (A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows r ...) + NOT-FOR-US: Plesk Onyx +CVE-2020-11583 (A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allo ...) + NOT-FOR-US: Plesk Obsidian +CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-11578 + RESERVED +CVE-2020-11577 + RESERVED +CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) + NOT-FOR-US: Argo +CVE-2020-11575 + RESERVED +CVE-2020-11574 + RESERVED +CVE-2020-11573 + RESERVED +CVE-2020-11572 + RESERVED +CVE-2020-11571 + RESERVED +CVE-2020-11570 + RESERVED +CVE-2020-11569 + RESERVED +CVE-2020-11568 + RESERVED +CVE-2020-11567 + RESERVED +CVE-2020-11566 + RESERVED +CVE-2020-11565 (An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_ ...) + {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.17-1 + NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd +CVE-2020-11564 + RESERVED +CVE-2020-11563 + RESERVED +CVE-2020-11562 + RESERVED +CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) + NOT-FOR-US: NCH Express Invoice +CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) + NOT-FOR-US: NCH Express Invoice +CVE-2020-11559 + RESERVED +CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) + [jessie] - gpac (Vulnerable code not present and not reproducible) + NOTE: https://github.com/gpac/gpac/issues/1440 + NOTE: Introduced by: https://github.com/gpac/gpac/commit/3f1564c43825e052a5d53cbb4c8a242abdf603b4 (v0.9.0-preview) + NOTE: and https://github.com/gpac/gpac/commit/526bc968451e1ec83386c93f2c1f5a74ac65e649 (v0.9.0-preview) + NOTE: Fixed by: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c (v0.9.0-preview~20) +CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + NOT-FOR-US: Castle Rock SNMPc +CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + NOT-FOR-US: Castle Rock SNMPc +CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + NOT-FOR-US: Castle Rock SNMPc +CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + NOT-FOR-US: Castle Rock SNMPc +CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + NOT-FOR-US: Castle Rock SNMPc +CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...) + NOT-FOR-US: ManageEngine +CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) + NOT-FOR-US: Netgear +CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) + NOT-FOR-US: Netgear +CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) + NOT-FOR-US: Netgear +CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) + NOT-FOR-US: Search Meter plugin for WordPress +CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...) + NOT-FOR-US: SuperWebMailer +CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) + NOT-FOR-US: Project Worlds Official Car Rental System 1 +CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) + NOT-FOR-US: Project Worlds Official Car Rental System 1 +CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...) + NOT-FOR-US: OpsRamp Gateway +CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) + NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices +CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) + NOT-FOR-US: TechSmith SnagIt +CVE-2020-11540 + RESERVED +CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...) + NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices +CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...) + - pillow 7.2.0-1 (low) + [buster] - pillow 5.4.1-2+deb10u2 + [stretch] - pillow (Vulnerable code not present) + NOTE: https://github.com/python-pillow/Pillow/pull/4504 + NOTE: https://github.com/python-pillow/Pillow/pull/4538 +CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) + NOT-FOR-US: ONLYOFFICE Document Server +CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) + NOT-FOR-US: Ivanti Workspace Control +CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...) + NOT-FOR-US: Zoho ManageEngine DataSecurity Plus +CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...) + NOT-FOR-US: Zoho ManageEngine DataSecurity Plus +CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) + NOT-FOR-US: Chop Slider 3 WordPress plugin +CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...) + NOT-FOR-US: Grav CMS +CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) + NOT-FOR-US: bit2spr +CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) + NOT-FOR-US: Zoho +CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 h ...) + {DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 +CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) + {DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg + NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e +CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0 ...) + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw + NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 +CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ha ...) + {DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 + NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e +CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of- ...) + {DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh + NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b +CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 h ...) + {DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w + NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 +CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) + NOT-FOR-US: WinMagic SecureDoc +CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) + NOT-FOR-US: WinMagic SecureDoc +CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) + NOT-FOR-US: Zoho +CVE-2020-11517 + RESERVED +CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) + NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress +CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) + NOT-FOR-US: Rank Math plugin for WordPress +CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) + NOT-FOR-US: Rank Math plugin for WordPress +CVE-2020-11513 + RESERVED +CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) + NOT-FOR-US: IMPress for IDX Broker WordPress plugin +CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows remote attac ...) + NOT-FOR-US: LearnPress plugin for WordPress +CVE-2020-11510 + RESERVED + NOT-FOR-US: LearnPress plugin for WordPress +CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) + NOT-FOR-US: WP Lead Plus X plugin for WordPress +CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) + NOT-FOR-US: WP Lead Plus X plugin for WordPress +CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) + NOT-FOR-US: Malwarebytes AdwCleaner +CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...) + [experimental] - gitlab 12.9.3+dfsg-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ +CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) + - gitlab (Only affects GitLab EE 12.8.0 and later) + NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ +CVE-2020-11504 + RESERVED +CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...) + NOT-FOR-US: Sophos +CVE-2020-11502 + RESERVED +CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) + NOT-FOR-US: Zoom +CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) + NOT-FOR-US: Firmware Analysis and Comparison Tool +CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) + NOT-FOR-US: Slack Nebula +CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...) + NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress +CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...) + NOT-FOR-US: Sprecher SPRECON-E firmware +CVE-2020-11495 + REJECTED +CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.17-1 + [buster] - linux 4.19.118-1 + NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ +CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) + NOT-FOR-US: Foxit +CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) + NOT-FOR-US: Zen Load Balancer +CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) + NOT-FOR-US: Zen Load Balancer +CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + NOT-FOR-US: NVIDIA DGX servers +CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...) + NOT-FOR-US: codeBeamer +CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) + {DSA-4652-1} + - gnutls28 3.6.13-2 (bug #955556) + [stretch] - gnutls28 (Vulnerable code introduced later) + [jessie] - gnutls28 (Vulnerable code introduced later) + NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 + NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 + NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) + NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) +CVE-2020-11482 + RESERVED +CVE-2020-11481 + RESERVED +CVE-2020-11480 + RESERVED +CVE-2020-11479 + RESERVED +CVE-2020-11478 + RESERVED +CVE-2020-11477 + RESERVED +CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...) + NOT-FOR-US: Concrete5 +CVE-2020-11475 + RESERVED +CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...) + NOT-FOR-US: NCP Secure Enterprise Client +CVE-2020-11473 + RESERVED +CVE-2020-11472 + RESERVED +CVE-2020-11471 + RESERVED +CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) + NOT-FOR-US: Zoom +CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) + NOT-FOR-US: Zoom +CVE-2020-11468 + RESERVED +CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) + NOT-FOR-US: Deskpro +CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) + NOT-FOR-US: Deskpro +CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) + NOT-FOR-US: Deskpro +CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) + NOT-FOR-US: Deskpro +CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) + NOT-FOR-US: Deskpro +CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2020-11461 + RESERVED +CVE-2020-11460 + RESERVED +CVE-2020-11459 + RESERVED +CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) + NOT-FOR-US: MISP +CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) + NOT-FOR-US: pfSense +CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) + - limesurvey (bug #472802) +CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) + - limesurvey (bug #472802) +CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) + NOT-FOR-US: Microstrategy Web +CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...) + NOT-FOR-US: Microstrategy Web +CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) + NOT-FOR-US: Microstrategy Web +CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) + NOT-FOR-US: Microstrategy Web +CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) + NOT-FOR-US: Microstrategy Web +CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) + NOT-FOR-US: Technicolor devices +CVE-2020-11448 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There ...) + NOT-FOR-US: Bell HomeHub 3000 SG48222070 devices +CVE-2020-11447 (An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remot ...) + NOT-FOR-US: Bell HomeHub 3000 SG48222070 devices +CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...) + NOT-FOR-US: ESET +CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) + NOT-FOR-US: TP-Link +CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...) + NOT-FOR-US: Zoom +CVE-2020-11442 + RESERVED +CVE-2020-11441 (phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astrin ...) + - phpmyadmin (unimportant) + [jessie] - phpmyadmin (The pma_error display code does not exist in this version) + NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 + NOTE: Not considered a security issue +CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no ...) + NOT-FOR-US: Wind River +CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...) + NOT-FOR-US: LibreHealth EMR +CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF.) + NOT-FOR-US: LibreHealth EMR +CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...) + NOT-FOR-US: LibreHealth EMR +CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...) + NOT-FOR-US: LibreHealth EMR +CVE-2020-11435 + RESERVED +CVE-2020-11434 + RESERVED +CVE-2020-11433 + RESERVED +CVE-2020-11432 + RESERVED +CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...) + NOT-FOR-US: i-net +CVE-2020-11430 + RESERVED +CVE-2020-11429 + RESERVED +CVE-2020-11428 + RESERVED +CVE-2020-11427 + RESERVED +CVE-2020-11426 + RESERVED +CVE-2020-11425 + RESERVED +CVE-2020-11424 + RESERVED +CVE-2020-11423 + RESERVED +CVE-2020-11422 + RESERVED +CVE-2020-11421 + RESERVED +CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) + NOT-FOR-US: UPS Adapter CS141 +CVE-2020-11419 + RESERVED +CVE-2020-11418 + RESERVED +CVE-2020-11417 + RESERVED +CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats.) + NOT-FOR-US: JetBrains Space +CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) + NOT-FOR-US: Sonatype Nexus Repository Manager +CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) + NOT-FOR-US: Progress Telerik UI +CVE-2020-11413 + REJECTED +CVE-2020-11412 + REJECTED +CVE-2020-11411 + REJECTED +CVE-2020-11410 + REJECTED +CVE-2020-11409 + REJECTED +CVE-2020-11408 + REJECTED +CVE-2020-11407 + REJECTED +CVE-2020-11406 + REJECTED +CVE-2020-11405 + REJECTED +CVE-2020-11404 + REJECTED +CVE-2020-11403 + REJECTED +CVE-2020-11402 + REJECTED +CVE-2020-11401 + REJECTED +CVE-2020-11400 + REJECTED +CVE-2020-11399 + REJECTED +CVE-2020-11398 + REJECTED +CVE-2020-11397 + REJECTED +CVE-2020-11396 + REJECTED +CVE-2020-11395 + REJECTED +CVE-2020-11394 + REJECTED +CVE-2020-11393 + REJECTED +CVE-2020-11392 + REJECTED +CVE-2020-11391 + REJECTED +CVE-2020-11390 + REJECTED +CVE-2020-11389 + REJECTED +CVE-2020-11388 + REJECTED +CVE-2020-11387 + REJECTED +CVE-2020-11386 + REJECTED +CVE-2020-11385 + REJECTED +CVE-2020-11384 + REJECTED +CVE-2020-11383 + REJECTED +CVE-2020-11382 + REJECTED +CVE-2020-11381 + REJECTED +CVE-2020-11380 + REJECTED +CVE-2020-11379 + REJECTED +CVE-2020-11378 + REJECTED +CVE-2020-11377 + REJECTED +CVE-2020-11376 + REJECTED +CVE-2020-11375 + REJECTED +CVE-2020-11374 + REJECTED +CVE-2020-11373 + REJECTED +CVE-2020-11372 + REJECTED +CVE-2020-11371 + REJECTED +CVE-2020-11370 + REJECTED +CVE-2020-11369 + REJECTED +CVE-2020-11368 + REJECTED +CVE-2020-11367 + REJECTED +CVE-2020-11366 + REJECTED +CVE-2020-11365 + REJECTED +CVE-2020-11364 + REJECTED +CVE-2020-11363 + REJECTED +CVE-2020-11362 + REJECTED +CVE-2020-11361 + REJECTED +CVE-2020-11360 + REJECTED +CVE-2020-11359 + REJECTED +CVE-2020-11358 + REJECTED +CVE-2020-11357 + REJECTED +CVE-2020-11356 + REJECTED +CVE-2020-11355 + REJECTED +CVE-2020-11354 + REJECTED +CVE-2020-11353 + REJECTED +CVE-2020-11352 + REJECTED +CVE-2020-11351 + REJECTED +CVE-2020-11350 + REJECTED +CVE-2020-11349 + REJECTED +CVE-2020-11348 + REJECTED +CVE-2020-11347 + REJECTED +CVE-2020-11346 + REJECTED +CVE-2020-11345 + REJECTED +CVE-2020-11344 + REJECTED +CVE-2020-11343 + REJECTED +CVE-2020-11342 + REJECTED +CVE-2020-11341 + REJECTED +CVE-2020-11340 + REJECTED +CVE-2020-11339 + REJECTED +CVE-2020-11338 + REJECTED +CVE-2020-11337 + REJECTED +CVE-2020-11336 + REJECTED +CVE-2020-11335 + REJECTED +CVE-2020-11334 + REJECTED +CVE-2020-11333 + REJECTED +CVE-2020-11332 + REJECTED +CVE-2020-11331 + REJECTED +CVE-2020-11330 + REJECTED +CVE-2020-11329 + REJECTED +CVE-2020-11328 + REJECTED +CVE-2020-11327 + REJECTED +CVE-2020-11326 + REJECTED +CVE-2020-11325 + REJECTED +CVE-2020-11324 + REJECTED +CVE-2020-11323 + REJECTED +CVE-2020-11322 + REJECTED +CVE-2020-11321 + REJECTED +CVE-2020-11320 + REJECTED +CVE-2020-11319 + REJECTED +CVE-2020-11318 + REJECTED +CVE-2020-11317 + REJECTED +CVE-2020-11316 + REJECTED +CVE-2020-11315 + REJECTED +CVE-2020-11314 + REJECTED +CVE-2020-11313 + REJECTED +CVE-2020-11312 + REJECTED +CVE-2020-11311 + RESERVED +CVE-2020-11310 + REJECTED +CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11307 (Buffer overflow in modem due to improper array index check before copy ...) + NOT-FOR-US: Snapdragon +CVE-2020-11306 (Possible integer overflow in RPMB counter due to lack of length check ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...) + NOT-FOR-US: Snapdragon +CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11302 + REJECTED +CVE-2020-11301 (Improper authentication of un-encrypted plaintext Wi-Fi frames in an e ...) + NOT-FOR-US: Qualcomm WIGIG chipsets +CVE-2020-11300 + REJECTED +CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtypes in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to improper ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11295 (Use after free in camera If the threadmanager is being cleaned up whil ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated while ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11292 (Possible buffer overflow in voice service due to lack of input validat ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11291 (Possible buffer overflow while updating ikev2 parameters for delete pa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11289 (Out of bound write can occur in TZ command handler due to lack of vali ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11288 (Out of bound write can occur in playready while processing command due ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC address by co ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB control tra ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11285 (Buffer over-read while unpacking the RTCP packet we may read extra byt ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11284 (Locked memory can be unlocked and modified by non secure boot loader t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to lack of in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11282 (Improper access control when using mmap with the kgsl driver with a sp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC address by co ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11280 (Denial of service while processing fine timing measurement request (FT ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11279 (Memory corruption while processing crafted SDES packets due to imprope ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11278 (Possible denial of service while handling host WMI command due to impr ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11277 (Possible race condition during async fastrpc session after sending RPC ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA attribute of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon frame du ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11274 (Denial of service in MODEM due to assert to the invalid configuration ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11273 (Histogram type KPI was teardown with the assumption of the existence o ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11272 (Before enqueuing a frame to the PE queue for further processing, an en ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11271 (Possible out of bounds while accessing global control elements due to ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11270 (Possible denial of service due to RTT responder consistently rejects a ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...) + NOT-FOR-US: Snapdragon +CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11264 (Improper authentication of Non-EAPOL/WAPI plaintext frames during four ...) + NOT-FOR-US: Qualcomm WLAN Windows Host +CVE-2020-11263 (An integer overflow due to improper check performed after the address ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11262 (A race between command submission and destroying the context can cause ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dumps are ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11250 (Use after free due to race condition when reopening the device driver ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11249 + RESERVED +CVE-2020-11248 + RESERVED +CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of offset le ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11246 (A double free condition can occur when the device moves to suspend mod ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver due to ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11244 + RESERVED +CVE-2020-11243 (RRC sends a connection establishment success to NAS even though connec ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11241 (Out of bound read will happen if EAPOL Key length is less than expecte ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11240 (Memory corruption due to ioctl command size was incorrectly set to the ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11239 (Use after free issue when importing a DMA buffer by using the CPU addr ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11238 (Possible Buffer over-read in ARP/NS parsing due to lack of check of pa ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11235 (Buffer overflow might occur while parsing unified command due to lack ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11233 (Time-of-check time-of-use race condition While processing partition en ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11232 + RESERVED +CVE-2020-11231 (Two threads call one or both functions concurrently leading to corrupt ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...) + NOT-FOR-US: Snapdragon +CVE-2020-11229 + RESERVED +CVE-2020-11228 (Part of RPM region was not protected from xblSec itself due to imprope ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11227 (Out of bound write while parsing RTT/TTY packet parsing due to lack of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11226 (Out of bound memory read in Data modem while unpacking data due to lac ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11224 + RESERVED +CVE-2020-11223 (Out of bound in camera driver due to lack of check of validation of ar ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11222 (Buffer over read while processing MT SMS with maximum length due to im ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11221 (Usage of syscall by non-secure entity can allow extraction of secure Q ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11220 (While processing storage SCM commands there is a time of check or time ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11219 + RESERVED +CVE-2020-11218 (Denial of service in baseband when NW configures LTE betaOffset-RI-Ind ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11216 (Buffer over read can happen in video driver when playing clip with ato ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11215 (An out of bounds read can happen when processing VSA attribute due to ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11214 (Buffer over-read while processing NDL attribute if attribute length is ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11213 (Out of bound reads might occur in while processing Service descriptor ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUIs due ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11211 + RESERVED +CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU configura ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11209 (Improper authorization in DSP process could allow unauthorized users t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11208 (Out of Bound issue in DSP services while processing received arguments ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11207 (Buffer overflow in LibFastCV library due to improper size checks with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11206 (Possible buffer overflow in Fastrpc while handling received parameters ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11204 (Possible memory corruption and information leakage in sub-system due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size received f ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11202 (Buffer overflow/underflow occurs when typecasting the buffer passed by ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11201 (Arbitrary access to DSP memory due to improper check in loaded library ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11199 (HLOS to access EL3 stack canary by just mapping imem region due to Imp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data related ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11197 (Possible integer overflow can occur when stream info update is called ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11195 (Out of bound write and read in TA while processing command from NS sid ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11194 (Possible out of bound access in TA while processing a command from NS ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to lack of c ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11188 (Buffer over-read can happen while parsing received SDP values due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11187 (Possible memory corruption in BSI module due to improper validation of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11186 (Modem will enter into busy mode in an infinite loop while parsing hist ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11182 (Possible heap overflow while parsing NAL header due to lack of check o ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...) + NOT-FOR-US: Snapdragon +CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11178 (Trusted APPS to overwrite the CPZ memory of another use-case as TZ onl ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11177 (User can overwrite Security Code NV item without knowing current SPC d ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11176 (While processing server certificate from IPSec server, certificate val ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to race ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11171 (Buffer over-read can happen while parsing received SDP values due to l ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11170 (Out of bound memory access while playing music playbacks with crafted ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11165 (Memory corruption due to buffer overflow while copying the message pro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and cause p ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due to lack o ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input paramete ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11161 (Out-of-bounds memory access can occur while calculating alignment requ ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11160 (Resource leakage issue during dci client registration due to reference ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11159 (Buffer over-read can happen while processing WPA,RSN IE of beacon and ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) + NOT-FOR-US: Qualcomm +CVE-2020-11157 (u'Lack of handling unexpected control messages while encryption was in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11156 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11155 (u'Buffer overflow while processing PDU packet in bluetooth due to lack ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in blueto ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11152 (Race condition in HAL layer while processing callback objects received ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11151 (Race condition occurs while calling user space ioctl from two differen ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11150 (Out of bound memory access in camera driver due to improper validation ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11149 (Out of bound access due to usage of an out-of-range pointer offset in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11148 (Use after free issue in HIDL while using callback to post event in Rx ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11147 (Use after free issue in audio modules while removing and freeing objec ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack of check ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11145 (Divide by zero issue can happen while updating delta extension header ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11144 (Buffer over-read while UE process invalid DL ROHC packet for decompres ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11143 (Out of bound memory access during music playback with modified content ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11142 + RESERVED +CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...) + NOT-FOR-US: Snapdragon +CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management functio ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...) + NOT-FOR-US: Snapdragon +CVE-2020-11134 (Possible stack out of bound write might happen due to time bitmap leng ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) + NOT-FOR-US: Snapdragon +CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...) + NOT-FOR-US: Snapdragon +CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11126 (Possible out of bound read while WLAN frame parsing due to lack of che ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) + NOT-FOR-US: Snapdragon +CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11119 (Buffer over-read can happen when the buffer length received from respo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...) + NOT-FOR-US: Snapdragon +CVE-2020-11116 (u'Possible out of bound write while processing association response re ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-11114 (u'Bluetooth devices does not properly restrict the L2CAP payload lengt ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) + - bubblewrap 0.4.1-1 (low; bug #955441) + [buster] - bubblewrap (Introduced in 0.4.0) + [stretch] - bubblewrap (Introduced in 0.4.0) + NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj + NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 +CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...) + - grafana +CVE-2020-11109 + RESERVED +CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...) + NOT-FOR-US: Pi-hole +CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) + NOT-FOR-US: XAMPP +CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) + NOT-FOR-US: Responsive Filemanager +CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) + NOT-FOR-US: USC iLab cereal +CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) + NOT-FOR-US: USC iLab cereal +CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, ...) + NOT-FOR-US: Webswing +CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) + - qemu 1:4.2-4 (bug #956145) + [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) + [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) + [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) + - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) + NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) +CVE-2020-11101 (Sierra Wireless AirLink Mobility Manager (AMM) before 2.17 mishandles ...) + NOT-FOR-US: Sierra Wireless AirLink Mobility Manager +CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) + {DSA-4649-1} + - haproxy 2.0.13-2 + [stretch] - haproxy (Vulnerable code introduced in 1.8) + [jessie] - haproxy (Vulnerable code introduced in 1.8) + NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 +CVE-2019-20634 (An issue was discovered in Proofpoint Email Protection through 2019-09 ...) + NOT-FOR-US: Proofpoint Email Protection +CVE-2016-11024 (odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: ...) + NOT-FOR-US: odata4j +CVE-2016-11023 (odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE ...) + NOT-FOR-US: odata4j +CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...) + {DLA-3606-1} + - freerdp2 2.1.2+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h +CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...) + {DLA-3606-1} + - freerdp2 2.1.2+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv +CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...) + {DLA-3606-1} + - freerdp2 2.1.2+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f +CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...) + {DLA-3606-1} + - freerdp2 2.1.2+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x + NOTE: https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0 (3.0.0-beta1) +CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...) + {DLA-3606-1} + - freerdp2 2.1.2+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 +CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...) + NOT-FOR-US: October CMS +CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...) + NOT-FOR-US: Hyperledger Indy Node +CVE-2020-11092 + RESERVED +CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...) + NOT-FOR-US: Weave Net +CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...) + NOT-FOR-US: Indy Node +CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h +CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp +CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 +CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + [stretch] - freerdp (Minor issue) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 +CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf +CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...) + NOT-FOR-US: iPear +CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...) + NOT-FOR-US: October CMS +CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...) + {DSA-5005-1 DLA-2763-1} + - ruby-kaminari 1.0.1-6 (bug #961847) + [jessie] - ruby-kaminari (No reverse dependency) + NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 + NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 +CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...) + - osquery (bug #803502) +CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) + {DSA-4696-1 DLA-3621-1 DLA-2786-1} + - nghttp2 1.41.0-1 + - nodejs 10.21.0~dfsg-1 (bug #962145) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + [jessie] - nodejs (Nodejs in jessie not covered by security support) + NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr + NOTE: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 (v1.41.0) + NOTE: https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 (v1.41.0) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080 +CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...) + NOT-FOR-US: dns-sync nodejs module +CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) + {DLA-2232-1} + - python-httplib2 0.18.1-1 + [buster] - python-httplib2 (Minor issue) + [stretch] - python-httplib2 (Minor issue) + NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq + NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e +CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) + {DLA-2398-1} + - puma 4.3.6-1 (bug #972102) + [buster] - puma 3.12.0-2+deb10u2 + NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm +CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...) + {DLA-2398-1} + - puma 4.3.6-1 (bug #972102) + [buster] - puma 3.12.0-2+deb10u2 + NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h + NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd +CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) + NOT-FOR-US: Anchore Engine +CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...) + NOT-FOR-US: PrestaShop +CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) + NOT-FOR-US: zsh-autoswitch-virtualenv +CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) + NOT-FOR-US: Node slp-validate +CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) + NOT-FOR-US: Node slpjs +CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) + NOT-FOR-US: TYPO3 +CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) + NOT-FOR-US: TYPO3 +CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...) + NOT-FOR-US: LoRaMac-node +CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) + NOT-FOR-US: TYPO3 +CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) + NOT-FOR-US: TYPO3 +CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...) + NOT-FOR-US: TYPO3 +CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) + NOT-FOR-US: TYPO3 +CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...) + NOT-FOR-US: TYPO3 +CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h + NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) + {DLA-2353-1} + - bacula 9.6.5-1 + [buster] - bacula 9.4.2-2+deb10u1 + - bareos (bug #968957) + [buster] - bareos (Minor issue; can be fixed via point release) + [stretch] - bareos (minor issue, low priority) + NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 + NOTE: https://bugs.bareos.org/view.php?id=1210 + NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master) + NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4) +CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f + NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) + NOT-FOR-US: AEgir +CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g + NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 +CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) + NOT-FOR-US: XWiki +CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) + NOT-FOR-US: Sprout Forms +CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) + NOT-FOR-US: BookStack +CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) + - qutebrowser 1.11.1.post1-1 (unimportant) + NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403 + NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j + NOTE: Depends on qtwebkit, which is not covered by security support +CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) + - oauth2-proxy (bug #982891) +CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) + NOT-FOR-US: Sorcery +CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) + NOT-FOR-US: Wiki.js +CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) + NOT-FOR-US: Java-WebSocket, different from src:websocket-api +CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr + NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 +CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 +CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 +CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 +CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 +CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp (Vulnerable code introduced later) + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 +CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 +CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) + {DLA-3606-1 DLA-2356-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q + NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f + NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 +CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w +CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr +CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq +CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g +CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...) + NOT-FOR-US: Wagtail +CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...) + - glpi (unimportant) + NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh + NOTE: https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780 + NOTE: Only supported behind an authenticated HTTP zone +CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) + - wordpress 5.4.1+dfsg1-1 (bug #959391) + [buster] - wordpress (Vulnerable code not present) + [stretch] - wordpress (Vulnerable code not present) + [jessie] - wordpress (Vulnerable code not present) + NOTE: https://core.trac.wordpress.org/changeset/47636 + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f +CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...) + {DSA-4677-1 DLA-2208-1} + - wordpress 5.4.1+dfsg1-1 (bug #959391) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: https://core.trac.wordpress.org/changeset/47637 + NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master) +CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...) + {DSA-4677-1 DLA-2208-1} + - wordpress 5.4.1+dfsg1-1 (bug #959391) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: https://core.trac.wordpress.org/changeset/47635 + NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3 +CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...) + {DSA-4677-1 DLA-2208-1} + - wordpress 5.4.1+dfsg1-1 (bug #959391) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: https://core.trac.wordpress.org/changeset/47634 + NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master) +CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...) + {DSA-4677-1 DLA-2208-1} + - wordpress 5.4.1+dfsg1-1 (bug #959391) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: https://core.trac.wordpress.org/changeset/47638 + NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master) +CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...) + {DSA-4677-1} + - wordpress 5.4.1+dfsg1-1 (bug #959391) + [jessie] - wordpress (Vulnerable code not present) + NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c + NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates + NOTE: https://core.trac.wordpress.org/changeset/47633 + NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3 +CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...) + NOT-FOR-US: Moonlight iOS/tvOS +CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...) + {DSA-4693-1 DLA-3551-1 DLA-2608-1} + - jquery + [buster] - jquery 3.3.1~dfsg-3+deb10u1 + [jessie] - jquery (Vulnerable code not present) + - drupal7 + [jessie] - drupal7 (Vulnerable code not embedded) + - node-jquery 3.5.0+dfsg-2 + [buster] - node-jquery (Minor issue) + - otrs2 6.0.30-1 + [stretch] - otrs2 (Non-free not supported) + NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 + NOTE: https://www.drupal.org/sa-core-2020-002 + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ +CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...) + {DSA-4693-1 DLA-3551-1 DLA-2608-1} + - jquery + [buster] - jquery 3.3.1~dfsg-3+deb10u1 + [jessie] - jquery (Vulnerable code not present) + - node-jquery 3.5.0+dfsg-2 + [buster] - node-jquery (Minor issue) + - drupal7 + [jessie] - drupal7 (Vulnerable code not embedded) + - otrs2 6.0.30-1 + [stretch] - otrs2 (Non-free not supported) + NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 + NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 + NOTE: https://www.drupal.org/sa-core-2020-002 + NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ +CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...) + NOT-FOR-US: Actions Http-Client +CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...) + - ruby-faye 1.4.0-1 (bug #959392) + [buster] - ruby-faye (Minor issue) + NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 + NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e +CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh +CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw +CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...) + {DLA-3606-1} + - freerdp2 2.1.1+dfsg1-1 + - freerdp + NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c +CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) + NOT-FOR-US: IntelMQ Manager +CVE-2020-11015 (A vulnerability has been disclosed in thinx-device-api IoT Device Mana ...) + NOT-FOR-US: thinx-device-api IoT Device Management Server +CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...) + NOT-FOR-US: Electron-Cash-SLP +CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...) + - helm-kubernetes (bug #910799) +CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...) + NOT-FOR-US: MinIO +CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...) + NOT-FOR-US: Phproject +CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...) + NOT-FOR-US: Tortoise ORM +CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...) + NOT-FOR-US: Rundeck +CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...) + {DSA-4659-1 DLA-2182-1} + - git 1:2.26.2-1 + NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/ + NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030 + NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c +CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...) + NOT-FOR-US: Shopizer +CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...) + NOT-FOR-US: Shopizer +CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) + NOT-FOR-US: WindowsHello +CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) + NOT-FOR-US: Admidio +CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) + NOT-FOR-US: Oasis (not the same as src:oasis) +CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) + NOT-FOR-US: dropwizard-validation +CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) + NOT-FOR-US: Wagtail +CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) + NOT-FOR-US: GreenBrowser +CVE-2020-10999 + RESERVED +CVE-2020-10998 + RESERVED +CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...) + - percona-xtrabackup (Vulnerable code introduced later) + NOTE: https://jira.percona.com/browse/PXB-2142 + NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11) + NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ +CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) + - percona-xtradb-cluster-5.5 +CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) + {DSA-4691-1} + - pdns-recursor 4.3.1-1 + [jessie] - pdns-recursor (Vulnerable code added later) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 +CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...) + - pillow 7.2.0-1 (unimportant) + NOTE: https://github.com/python-pillow/Pillow/pull/4505 + NOTE: https://github.com/python-pillow/Pillow/pull/4538 + NOTE: Fixed in 7.1.0 + NOTE: Debian packages are built without JPEG2000 support +CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) + NOT-FOR-US: Osmand +CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) + NOT-FOR-US: Azkaban +CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) + NOT-FOR-US: Mulesoft APIkit +CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) + NOT-FOR-US: Accenture Mercury +CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...) + NOT-FOR-US: Tenda +CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...) + NOT-FOR-US: Tenda +CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...) + NOT-FOR-US: Tenda +CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...) + NOT-FOR-US: Tenda +CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.) + NOT-FOR-US: Gambio GX +CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.) + NOT-FOR-US: Gambio GX +CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.) + NOT-FOR-US: Gambio GX +CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.) + NOT-FOR-US: Gambio GX +CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10974 (An issue was discovered affecting a backup feature where a crafted POS ...) + NOT-FOR-US: Wavlink +CVE-2020-10973 (An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink ...) + NOT-FOR-US: Wavlink +CVE-2020-10972 (An issue was discovered where a page is exposed that has the current a ...) + NOT-FOR-US: Wavlink +CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a crafted P ...) + NOT-FOR-US: Wavlink +CVE-2020-10970 + RESERVED +CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2179-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...) + {DSA-4690-1} + - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) + [stretch] - dovecot (Vulnerable code introduced in 2.3.0) + [jessie] - dovecot (Vulnerable code introduced in 2.3.0) + NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 +CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Th ...) + - rust-bumpalo 3.2.1-1 (bug #955151) + NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html + NOTE: https://github.com/fitzgen/bumpalo/issues/69 +CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) + NOT-FOR-US: VESTA Control Panel +CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) + NOT-FOR-US: Teradici PCoIP Management Console +CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) + - serendipity +CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) + NOT-FOR-US: FrozenNode Laravel-Administrator +CVE-2020-10962 (In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through ...) + NOT-FOR-US: PSAppDeployToolkit +CVE-2020-10961 + RESERVED +CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) + {DSA-4651-1} + - mediawiki 1:1.31.7-1 + [stretch] - mediawiki (Vulnerable code introduced later) + NOTE: https://phabricator.wikimedia.org/T246602 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html +CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...) + - mediawiki (Vulnerable code introduced later) + NOTE: https://phabricator.wikimedia.org/T232932 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html +CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...) + {DSA-4690-1} + - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) + [stretch] - dovecot (Vulnerable code introduced in 2.3.0) + [jessie] - dovecot (Vulnerable code introduced in 2.3.0) + NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 +CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...) + {DSA-4690-1} + - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) + [stretch] - dovecot (Vulnerable code introduced in 2.3.0) + [jessie] - dovecot (Vulnerable code introduced in 2.3.0) + NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 +CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) + - gitlab (Only affects GitLab EE 11.7 and later) + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) + [experimental] - gitlab 12.8.8-1 + - gitlab 13.2.3-2 + NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ +CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...) + NOT-FOR-US: Western Digital My Cloud Home and ibi devices +CVE-2020-10950 + RESERVED +CVE-2020-10949 + RESERVED +CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) + NOT-FOR-US: Jon Hedley AlienForm2 +CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) + NOT-FOR-US: Sophos +CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) + - centreon-web (bug #913903) +CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses.) + - centreon-web (bug #913903) +CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...) + - nomad 0.10.5+dfsg1-1 + NOTE: https://github.com/hashicorp/nomad/issues/7468 +CVE-2020-10943 + RESERVED +CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ...) + - patch (Incomplete fix for CVE-2018-6952 not applied) + NOTE: https://savannah.gnu.org/bugs/index.php?56683 +CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) + {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) +CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ...) + {DLA-3249-1} + - mbedtls 2.16.5-1 + [stretch] - mbedtls (Minor issue) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 +CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) + NOT-FOR-US: PHOENIX CONTACT +CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) + NOT-FOR-US: PHOENIX CONTACT +CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) + {DSA-4675-1 DLA-2173-1} + - graphicsmagick 1.4+really1.3.34-1 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce +CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can ...) + - ipfs (bug #779893) +CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation.) + {DSA-4818-1 DLA-2401-1} + - sympa 6.2.40~dfsg-5 (bug #961491) + NOTE: https://sympa-community.github.io/security/2020-002.html + NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch + NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch + NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/ + NOTE: https://github.com/sympa-community/sympa/issues/943 +CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...) + {DSA-4818-1 DLA-2401-1} + - sympa 6.2.40~dfsg-7 (bug #971904) + NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions + NOTE: (already suid root and word-executable) allowing to gain root privileges + NOTE: without first to escalate to sympa user. + NOTE: https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 +CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...) + - zulip-server (bug #800052) +CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.) + NOT-FOR-US: Acyba AcyMailing +CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) + {DSA-4721-1} + - ruby2.7 2.7.1-1 + - ruby2.5 + - ruby2.3 (Vulnerable code introduced in 2.5.0) + - ruby2.1 (Vulnerable code introduced in 2.5.0) + NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ + NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 + NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc + NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc +CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) + {DLA-3249-1} + - mbedtls 2.16.9-0.1 (bug #963159) + [stretch] - mbedtls (Minor issue) + NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 +CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...) + NOT-FOR-US: Netgear +CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: Netgear +CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...) + NOT-FOR-US: Netgear +CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: Netgear +CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...) + NOT-FOR-US: C-MORE HMI +CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...) + NOT-FOR-US: C-MORE HMI +CVE-2020-10920 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: C-MORE HMI +CVE-2020-10919 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: C-MORE HMI +CVE-2020-10918 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: C-MORE HMI +CVE-2020-10917 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: NEC +CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) + NOT-FOR-US: TP-Link +CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: VEEAM One Agent +CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: VEEAM One Agent +CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: TP-Link +CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) + NOT-FOR-US: TP-Link +CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) + NOT-FOR-US: TP-Link +CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: TP-Link +CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + NOT-FOR-US: TP-Link +CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: TP-Link +CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + [jessie] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1271 +CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + [jessie] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1270 +CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + [jessie] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/issues/1268 +CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Vulnerable code introduced later, in version 0.8.0) + [stretch] - gpac (Vulnerable code introduced later, in version 0.8.0) + [jessie] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/issues/1264 + NOTE: Introduced by: https://github.com/gpac/gpac/commit/bb002ad4f92d216f8ab7c8466102279ef8af6f88 (v0.8.0) + NOTE: Fixed by: qhttps://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 (v0.9.0-preview) +CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...) + - gpac 1.0.1+dfsg1-2 (bug #972053) + [buster] - gpac (Minor issue) + [stretch] - gpac (Minor issue) + [jessie] - gpac (Minor issue) + NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090 + NOTE: https://github.com/gpac/gpac/commit/98b727637e32d1d4824101d8947e2dbd573d4fc8 + NOTE: https://github.com/gpac/gpac/issues/1269 +CVE-2020-10880 + RESERVED +CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) + NOT-FOR-US: rConfig +CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...) + - perl 5.30.3-1 (bug #962005) + [buster] - perl 5.28.1-6+deb10u1 + [stretch] - perl 5.24.1-3+deb9u7 + NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) + NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3) +CVE-2020-10877 + RESERVED +CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) + NOT-FOR-US: OKLOK +CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) + NOT-FOR-US: Motorola devices +CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files.) + NOT-FOR-US: Motorola devices +CVE-2020-10873 + RESERVED +CVE-2020-10872 + RESERVED +CVE-2020-10871 (In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retriev ...) + NOT-FOR-US: OpenWrt LuCI +CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) + - zim 0.72.1-1 (unimportant; bug #954810) + NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 + NOTE: Negligible security impact +CVE-2020-10869 + RESERVED +CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) + NOT-FOR-US: Avast Antivirus +CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) + NOT-FOR-US: Zoho +CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...) + NOT-FOR-US: Zulip Desktop +CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...) + NOT-FOR-US: Zulip Desktop +CVE-2020-10856 + RESERVED +CVE-2019-20627 (AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE.) + NOT-FOR-US: AutoUpdater.NET +CVE-2019-20626 (The remote keyless system on Honda HR-V 2017 vehicles sends the same R ...) + NOT-FOR-US: Honda HR-V 2017 vehicles +CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) + - memcached 1.6.2-1 (bug #954808) + [buster] - memcached (Introduced in 1.6) + [stretch] - memcached (Introduced in 1.6) + [jessie] - memcached (Introduced in 1.6) + NOTE: https://github.com/memcached/memcached/issues/629 + NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 +CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) + NOT-FOR-US: Draytek +CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) + NOT-FOR-US: Draytek +CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) + NOT-FOR-US: Draytek +CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) + NOT-FOR-US: Draytek +CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) + NOT-FOR-US: Draytek +CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) + NOT-FOR-US: Draytek +CVE-2020-10822 + RESERVED +CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.) + NOT-FOR-US: Nagios XI +CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) + NOT-FOR-US: Nagios XI +CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) + NOT-FOR-US: Nagios XI +CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) + NOT-FOR-US: Artica Proxy +CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) + NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress +CVE-2019-20625 (An issue was discovered on Samsung mobile devices with N(7.1) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20624 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20623 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20622 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20621 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20620 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20619 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20618 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20617 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20616 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20615 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20614 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20613 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20612 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20611 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20610 (An issue was discovered on Samsung mobile devices with N(7.X) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20609 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20608 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20607 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20606 (An issue was discovered on Samsung mobile devices with any (before May ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20605 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20604 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20603 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20602 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20601 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20600 (An issue was discovered on Samsung mobile devices with O(8.0) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20599 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20598 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20597 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20596 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20595 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20594 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20593 (An issue was discovered on Samsung mobile devices with N(7.x) and O(8. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20592 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20591 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20590 (An issue was discovered on Samsung mobile devices with O(8.x) (Qualcom ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20589 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20588 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20587 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20586 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20585 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20584 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20583 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20582 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20581 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20580 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20579 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20578 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20577 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20576 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20575 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20574 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20573 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20572 (An issue was discovered on Samsung mobile devices with O(8.1) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20571 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20570 (An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20569 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20568 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20567 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20566 (An issue was discovered on Samsung mobile devices with any (before Sep ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20565 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20564 (An issue was discovered on Samsung mobile devices with any (before Oct ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20563 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20562 (An issue was discovered on Samsung mobile devices with P(9.0) (with TE ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20561 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20560 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20559 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20558 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20557 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20556 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20555 (An issue was discovered on Samsung mobile devices with N(7.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20554 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20553 (An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20552 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20551 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20550 (An issue was discovered on Samsung mobile devices with O(8.x) (release ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20549 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20548 (An issue was discovered on Samsung mobile devices with P(9.0) devices ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20547 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20546 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20545 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20544 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20543 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20542 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20541 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20540 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20539 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20538 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20537 (An issue was discovered on Samsung mobile devices with P(9.0) (TEEGRIS ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20536 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20535 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20534 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20533 (An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20532 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20531 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) + NOT-FOR-US: Samsung mobile devices +CVE-2019-20530 (An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), ...) + NOT-FOR-US: Samsung mobile devices +CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-10815 + RESERVED +CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) + NOT-FOR-US: Code::Blocks +CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) + NOT-FOR-US: FTPDMIN +CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) + - hdf5 (unimportant) + NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 + NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... +CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) + - hdf5 1.10.8+repack-1 (unimportant) + NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 + NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... + NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108 + NOTE: Duplicate of CVE-2018-14033 +CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) + - hdf5 1.10.8+repack-1 (unimportant) + NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 + NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... + NOTE: Fixed in 1.10.x-series in 1.10.8 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-8-newsletter-180/9108 +CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) + - hdf5 (unimportant) + NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 + NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ + NOTE: Negligible security impact, malicous scientific data has more issues than a crash... + NOTE: Fixed in 1.10.x-series in 1.10.10 https://forum.hdfgroup.org/t/release-of-hdf5-1-10-10-newsletter-192/11006 +CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) + NOT-FOR-US: Vesta Control Panel +CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) + NOT-FOR-US: Caldera +CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) + NOT-FOR-US: eZ Publish Kernel +CVE-2020-10805 + RESERVED +CVE-2016-11022 (NETGEAR Prosafe WC9500 5.1.0.17, WC7600 5.1.0.17, and WC7520 2.5.0.35 ...) + NOT-FOR-US: Netgear +CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) + - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 + [jessie] - phpmyadmin (Vulnerable code not present) + NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 + NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 + NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 +CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) + {DLA-2154-1} + - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a +CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) + {DLA-2154-1} + - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) + [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe +CVE-2020-10801 + RESERVED +CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) + NOT-FOR-US: lix node (different from src:lix) +CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) + NOT-FOR-US: svglib +CVE-2020-10798 + RESERVED +CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...) + NOT-FOR-US: pfSense +CVE-2020-10796 + RESERVED +CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) + NOT-FOR-US: Gira TKS-IP-Gateway +CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) + NOT-FOR-US: Gira TKS-IP-Gateway +CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...) + - codeigniter (bug #471583) +CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) + NOT-FOR-US: openITCOCKPIT +CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) + NOT-FOR-US: openITCOCKPIT +CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) + NOT-FOR-US: openITCOCKPIT +CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) + NOT-FOR-US: openITCOCKPIT +CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) + NOT-FOR-US: openITCOCKPIT +CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...) + NOT-FOR-US: Vesta Control Panel +CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...) + NOT-FOR-US: Vesta Control Panel +CVE-2020-10785 + RESERVED +CVE-2020-10784 + RESERVED +CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...) + NOT-FOR-US: Ansible Tower +CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...) + {DLA-2385-1} + - linux 5.7.10-1 + [buster] - linux 4.19.146-1 + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1 + NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680 +CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...) + NOT-FOR-US: Red Hat CloudForm +CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is possib ...) + NOT-FOR-US: Keycloak +CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...) + NOT-FOR-US: ovirt-engine +CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...) + - linux (Red Hat-specific patch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964 +CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...) + - linux 5.3.9-1 + [buster] - linux 4.19.87-1 + [stretch] - linux 4.9.210-1 + [jessie] - linux 3.16.81-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380 +CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...) + - unbound (Red Hat specific regression in backport) +CVE-2020-10771 (A flaw was found in Infinispan version 10, where it is possible to per ...) + NOT-FOR-US: Infinispan +CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is possible to fo ...) + NOT-FOR-US: Keycloak +CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...) + - linux 4.19.20-1 + [stretch] - linux 4.9.161-1 + [jessie] - linux 3.16.68-1 + NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f +CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...) + {DLA-2323-1} + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 + NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf +CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...) + {DLA-2323-1} + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 + NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada +CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...) + {DLA-2323-1} + - linux 5.7.6-1 + [buster] - linux 4.19.131-1 + [stretch] - linux 4.9.228-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 + NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e +CVE-2020-10765 + REJECTED +CVE-2020-10764 + REJECTED +CVE-2020-10763 (An information-disclosure flaw was found in the way Heketi before 10.1 ...) + - heketi (bug #903384) +CVE-2020-10762 (An information-disclosure flaw was found in the way that gluster-block ...) + NOT-FOR-US: gluster-block +CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...) + - qemu 1:5.0-6 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1 + NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html + NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd + NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af +CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...) + {DLA-2463-1} + - samba 2:4.12.5+dfsg-1 + [buster] - samba (Minor issue, fix along in next DSA) + NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html +CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...) + {DLA-2274-1} + - fwupd 1.3.10-1 (bug #962517) + [buster] - fwupd 1.2.13-1 + - libjcat 0.1.3-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316 + NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md + NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10) + NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2) + NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e +CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...) + NOT-FOR-US: Keycloak +CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} + - linux 5.6.14-2 + [jessie] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 +CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) + {DSA-4728-1 DLA-2288-1} + - libslirp 4.3.1-1 + - qemu 1:4.1-2 + - slirp4netns 1.0.1-1 + [buster] - slirp4netns (Minor issue) + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. + NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 + NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf +CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...) + - cinder 2:16.1.0-1 (low) + [buster] - cinder (Minor issue) + [stretch] - cinder (Minor issue) + [jessie] - cinder (OpenStack component, not supported in jessie LTS) + - python-os-brick 3.1.0-1 (low) + [buster] - python-os-brick (Minor issue) + [stretch] - python-os-brick (Minor issue) + NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 + NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 +CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) + - network-manager 1.24.2-1 (unimportant) + NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 + NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 + NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only + NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific + NOTE: plugin). +CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) + {DLA-3629-1 DLA-2735-1} + - ceph 14.2.15-1 (bug #975300) + [jessie] - ceph (Minor issue) + NOTE: https://github.com/ceph/ceph/pull/35773 + NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2 +CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...) + NOT-FOR-US: OpenShift +CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.6.14-1 + NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 +CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) + NOT-FOR-US: Jaeger +CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) + - golang-github-containernetworking-plugins 0.8.6-1 + NOTE: https://github.com/containernetworking/plugins/pull/484 + NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 +CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...) + NOT-FOR-US: Keycloak +CVE-2020-10747 + REJECTED +CVE-2020-10746 (A flaw was found in Infinispan (org.infinispan:infinispan-server-runti ...) + NOT-FOR-US: Infinispan +CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) + {DLA-2463-1} + - samba 2:4.12.5+dfsg-1 + [buster] - samba (Minor issue, fix along in next DSA) + NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html +CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) + - ansible 2.9.13+dfsg-1 (bug #966660) + [buster] - ansible (Incomplete fix not applied) + [stretch] - ansible (Incomplete fix not applied) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 + NOTE: https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d + NOTE: https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f (v2.9.12) + NOTE: CVE is for an incomplete fix of CVE-2020-1733 +CVE-2020-10743 (It was discovered that OpenShift Container Platform's (OCP) distributi ...) + - kibana (bug #700337) +CVE-2020-10742 (A flaw was found in the Linux kernel. An index buffer overflow during ...) + - linux 3.16.2-2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127 +CVE-2020-10741 + REJECTED +CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...) + - wildfly (bug #752018) +CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...) + - envoyproxy (bug #987544) +CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) + - moodle +CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...) + - oddjob 0.34.6-1 (bug #960089) + [buster] - oddjob (Minor issue) + [stretch] - oddjob (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 + NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac +CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...) + - ceph (Vulnerable code introduced later) + NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ + NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) + NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) +CVE-2020-10735 (A flaw was found in python. In algorithms with quadratic time complexi ...) + {DLA-3477-1} + - python3.11 3.11.0~rc2-1 + - python3.10 3.10.7-1 + - python3.9 + [bullseye] - python3.9 (Minor issue) + - python3.7 + - python2.7 + [bullseye] - python2.7 (Unsupported in Bullseye, only included to build a few applications) + [buster] - python2.7 (Minor issue, CPU DoS, intrusive backport) + NOTE: https://github.com/python/cpython/issues/95778 + NOTE: https://github.com/python/cpython/pull/96499 + NOTE: https://github.com/python/cpython/commit/f8b71da9aac6ea74808dcdd0cc266e705431356b (v3.11.0rc2) + NOTE: https://github.com/python/cpython/commit/8f0fa4bd10aba723aff988720cd26b93be99bc12 (v3.10.7) + NOTE: https://github.com/python/cpython/commit/cec1e9dfd769bd3a16142d0fdd1a36f19c77ed15 (v3.9.14) + NOTE: https://github.com/python/cpython/commit/15ec1afd4fcd2da1e2d2b256c562fb42d8d886a2 (v3.7.14) +CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...) + NOT-FOR-US: Keycloak +CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) + - postgresql-12 (Windows-specific) + - postgresql-11 (Windows-specific) + - postgresql-9.6 (Windows-specific) + NOTE: https://www.postgresql.org/about/news/2038/ +CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} + - linux 5.6.14-2 + [jessie] - linux (Does not affect supported architectures) + NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 + NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 +CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...) + NOT-FOR-US: Red Hat OpenStack platform +CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) + {DSA-4884-1 DLA-2463-1} + - ldb 2:2.1.4-1 + [stretch] - ldb (Vulnerable code introduced later) + - samba 2:4.12.5+dfsg-1 + [buster] - samba (Minor issue, fix along in next DSA) + NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364 + NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) +CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...) + {DSA-4950-1} + - ansible 2.9.6+dfsg-1 + [stretch] - ansible (EOL'd for stretch) + [jessie] - ansible (Vulnerable code introduced later, no variables template caching) + NOTE: https://github.com/ansible/ansible/issues/34144 + NOTE: https://github.com/ansible/ansible/pull/67429/ + NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 + NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0) +CVE-2020-10728 (A flaw was found in automationbroker/apb container in versions up to a ...) + NOT-FOR-US: automationbroker/apb +CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...) + NOT-FOR-US: ApacheMQ Artemis +CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) + - dpdk 19.11.2-1 (bug #960936) + [buster] - dpdk (Vulnerable code not present) + [stretch] - dpdk (Vulnerable code not present) +CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...) + - dpdk 19.11.2-1 (bug #960936) + [buster] - dpdk (Vulnerable code not present) + [stretch] - dpdk (Vulnerable code not present) +CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) + - dpdk 19.11.2-1 (bug #960936) + [buster] - dpdk 18.11.6-1~deb10u2 + [stretch] - dpdk (Vulnerable code not present) +CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) + - dpdk 19.11.2-1 (bug #960936) + [buster] - dpdk 18.11.6-1~deb10u2 + [stretch] - dpdk (Vulnerable code not present) +CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) + {DSA-4688-1} + - dpdk 19.11.2-1 (bug #960936) +CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...) + NOT-FOR-US: fabric8-maven-plugin +CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...) + - linux 5.2.6-1 + [buster] - linux 4.19.67-1 + [stretch] - linux 4.9.184-1 + [jessie] - linux 3.16.76-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 + NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef +CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...) + - undertow 2.1.1-1 (bug #969913) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 + NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) + NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf +CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...) + - wildfly (bug #752018) +CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) + - qemu 1:5.0-5 (bug #959746) + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html +CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...) + NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation +CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) + NOT-FOR-US: Openshift Web Console +CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...) + NOT-FOR-US: WildFly Elytron +CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...) + {DSA-4735-1} + - grub2 2.04-9 + [stretch] - grub2 (No SecureBoot support in stretch) + NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ + NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 + NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e +CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) + NOT-FOR-US: image registry operator in OpenShift Container Platform +CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} + - linux 5.6.14-1 + [jessie] - linux (Vulnerability introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 +CVE-2020-10710 (A flaw was found where the Plaintext Candlepin password is disclosed w ...) + NOT-FOR-US: foreman-installer +CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...) + - ansible-awx (bug #908763) + NOTE: https://github.com/ansible/awx/issues/6630 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 +CVE-2020-10708 + REJECTED +CVE-2020-10707 + REJECTED +CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) + NOT-FOR-US: OpenShift +CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...) + - undertow 2.1.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 + NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 +CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) + {DLA-2463-1} + - samba 2:4.12.3+dfsg-2 (bug #960188) + [buster] - samba (Can be fixed along in future DSA) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334 + NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html +CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...) + - libvirt 6.0.0-2 + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Vulnerable code introduced later) + [jessie] - libvirt (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 + NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) +CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...) + - qemu 1:4.2-5 + [buster] - qemu (Vulnerable code introduced later) + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + - qemu-kvm (Vulnerable code introduced later) + NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) +CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible ...) + - libvirt 6.0.0-7 (bug #955841) + [buster] - libvirt (Vulnerable code introduced later) + [stretch] - libvirt (Vulnerable code introduced later) + [jessie] - libvirt (Vulnerable code introduced later) + NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) +CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...) + - samba 2:4.12.3+dfsg-2 (bug #960189) + [buster] - samba (Vulnerable code introduced later) + [stretch] - samba (Vulnerable code introduced later) + [jessie] - samba (Vulnerable code introduced later) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331 + NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html +CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 ...) + - targetcli-fb (Vulnerable code introduced later) + NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 + NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) + NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d +CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows ...) + NOT-FOR-US: Ansible Tower +CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...) + NOT-FOR-US: Ansible Tower +CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) + - golang-github-containers-buildah 1.11.6-2 + NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed +CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...) + NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container +CVE-2020-10694 + REJECTED +CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...) + - libhibernate-validator-java (bug #988946) + [bookworm] - libhibernate-validator-java (Minor issue) + [bullseye] - libhibernate-validator-java (Minor issue) + [buster] - libhibernate-validator-java (EL support added in 5.x) + [stretch] - libhibernate-validator-java (EL support added in 5.x) + [jessie] - libhibernate-validator-java (EL support added in 5.x) + - libhibernate-validator4-java (EL support added in 5.x) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501 +CVE-2020-10692 + REJECTED +CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...) + - ansible 2.9.7+dfsg-1 + [buster] - ansible (Vulnerable code introduced later) + [stretch] - ansible (Vulnerable code introduced later) + [jessie] - ansible (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 + NOTE: https://github.com/ansible/ansible/pull/68596 + NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) +CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) + {DLA-2241-1} + - linux 5.4.8-1 + [buster] - linux 4.19.98-1 + [stretch] - linux 4.9.228-1 + NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e +CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) + NOT-FOR-US: Eclipse Che +CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...) + - resteasy (bug #970328) + - resteasy3.0 3.0.26-4 (bug #1015001) + [bullseye] - resteasy3.0 (Minor issue) + [buster] - resteasy3.0 (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 + NOTE: https://github.com/quarkusio/quarkus/issues/7248 + NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) + NOTE: https://github.com/resteasy/Resteasy/pull/2320 + NOTE: https://github.com/resteasy/Resteasy/commit/3fe881cf945c06bdb16895fbc73bc620694d2ba7 (4.6.0.Final) +CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...) + - undertow 2.2.0-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 + NOTE: https://issues.jboss.org/browse/UNDERTOW-1780 + NOTE: https://github.com/undertow-io/undertow/pull/951 + NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e (2.2.0.Final) +CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...) + NOT-FOR-US: Keycloak +CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...) + {DSA-4950-1} + - ansible 2.9.7+dfsg-1 + [stretch] - ansible (EOL'd for stretch) + [jessie] - ansible (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 + NOTE: https://github.com/ansible/ansible/pull/68433 + NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9 + NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1) +CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) + {DSA-4950-1} + - ansible 2.9.7+dfsg-1 + [stretch] - ansible (EOL'd for stretch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 + NOTE: https://github.com/ansible/ansible/pull/68431 + NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce +CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...) + {DLA-2191-1} + - dom4j 2.1.3-1 (bug #958055) + [buster] - dom4j (Minor issue) + [stretch] - dom4j (Minor issue) + NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?) + NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?) +CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) + NOT-FOR-US: CMS Made Simple +CVE-2020-10680 + RESERVED +CVE-2020-10679 + RESERVED +CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) + NOT-FOR-US: Octopus Deploy +CVE-2020-10677 + RESERVED +CVE-2020-10676 (In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly ap ...) + NOT-FOR-US: Rancher +CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) + - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) + [buster] - golang-github-buger-jsonparser (Limited support, minor issue) + NOTE: https://github.com/buger/jsonparser/issues/188 + NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 +CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2153-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2153-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) + NOT-FOR-US: Canon +CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) + NOT-FOR-US: Canon +CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) + NOT-FOR-US: Canon +CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) + NOT-FOR-US: Canon +CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) + NOT-FOR-US: Canon +CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXa ...) + NOT-FOR-US: FreePBX +CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) + - libperlspeak-perl (bug #954238) + [jessie] - libperlspeak-perl (Not supported in jessie LTS) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 +CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) + NOT-FOR-US: Docker Desktop on Windows +CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) + NOT-FOR-US: VxWorks +CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) + {DSA-4721-1 DLA-2192-1 DLA-2190-1} + - ruby-json 2.3.0+dfsg-1 + [buster] - ruby-json 2.1.0+dfsg-2+deb10u1 + [stretch] - ruby-json 2.0.1+dfsg-3+deb9u1 + - ruby2.7 (Fixed before initial upload to Debian) + - ruby2.5 + - ruby2.3 + [stretch] - ruby2.3 2.3.3-1+deb9u8 + - ruby2.1 + NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ + NOTE: https://hackerone.com/reports/706934 + NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6) + NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8) +CVE-2020-10662 + RESERVED +CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) + NOT-FOR-US: HashiCorp Vault +CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) + NOT-FOR-US: HashiCorp Vault +CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11 and 12 ...) + NOT-FOR-US: Frappe Framework +CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) + NOT-FOR-US: Ignite Realtime Openfire +CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) + NOT-FOR-US: Ignite Realtime Openfire +CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) + NOT-FOR-US: Ignite Realtime Openfire +CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...) + NOT-FOR-US: Ignite Realtime Openfire +CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...) + NOT-FOR-US: ilchCMS +CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...) + NOT-FOR-US: ilchCMS +CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...) + NOT-FOR-US: ilchCMS +CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...) + NOT-FOR-US: ERPNext +CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...) + NOT-FOR-US: ERPNext +CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...) + NOT-FOR-US: ERPNext +CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...) + NOT-FOR-US: ERPNext +CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...) + NOT-FOR-US: ERPNext +CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...) + NOT-FOR-US: ERPNext +CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...) + NOT-FOR-US: ERPNext +CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...) + NOT-FOR-US: ERPNext +CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS.) + NOT-FOR-US: Open edX Ironwood.1 +CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...) + NOT-FOR-US: Open edX Ironwood.1 +CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection.) + NOT-FOR-US: ERPNext +CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) + NOT-FOR-US: Entrust Entelligence Security Provider (ESP) +CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) + NOT-FOR-US: Proofpoint Insider Threat Management Server +CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) + NOT-FOR-US: Ping Identity PingID +CVE-2020-10653 + RESERVED +CVE-2020-10652 + RESERVED +CVE-2020-10651 + RESERVED +CVE-2020-10650 (A deserialization flaw was discovered in jackson-databind through 2.9. ...) + {DLA-3407-1} + - jackson-databind 2.11.1-1 + NOTE: https://github.com/advisories/GHSA-rpr3-cw39-3pxh + NOTE: https://github.com/FasterXML/jackson-databind/issues/2658 + NOTE: https://github.com/FasterXML/jackson-databind/commit/a424c038ba0c0d65e579e22001dec925902ac0ef (jackson-databind-2.9.10.4) +CVE-2019-20510 + REJECTED +CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) + NOT-FOR-US: ASUS Device Activation +CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) + - u-boot 2020.04+dfsg-1 + [buster] - u-boot (Minor issue) + [stretch] - u-boot (Minor issue) + [jessie] - u-boot (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5 + NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ + NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html +CVE-2020-10647 + REJECTED +CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) + NOT-FOR-US: Fuji Electric V-Server Lite +CVE-2020-10645 + RESERVED +CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...) + NOT-FOR-US: Inductive Automation Ignition +CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...) + NOT-FOR-US: PI Vision +CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an a ...) + NOT-FOR-US: Rockwell +CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) + NOT-FOR-US: Inductive Automation +CVE-2020-10640 (Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to ...) + NOT-FOR-US: Emerson +CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) + NOT-FOR-US: Eaton HMiSoft VU3 +CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) + NOT-FOR-US: Advantech WebAccess Node +CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) + NOT-FOR-US: Eaton HMiSoft VU3 +CVE-2020-10636 (Inadequate encryption may allow the passwords for Emerson OpenEnterpri ...) + NOT-FOR-US: Emerson +CVE-2020-10635 (Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server ...) + NOT-FOR-US: KUKA.Sim Pro +CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) + NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit +CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) + NOT-FOR-US: eWON Flexy and Cosy +CVE-2020-10632 (Inadequate folder security permissions in Emerson OpenEnterprise versi ...) + NOT-FOR-US: Emerson +CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) + NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit +CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) + NOT-FOR-US: ControlEdge PLC +CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...) + NOT-FOR-US: Insulet Omnipod Insulin Management System +CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) + NOT-FOR-US: Fazecast jSerialComm +CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) + NOT-FOR-US: ControlEdge PLC +CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) + NOT-FOR-US: LCDS LAquis SCADA +CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) + NOT-FOR-US: Opto 22 SoftPAC Project +CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) + NOT-FOR-US: LCDS LAquis SCADA +CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) + NOT-FOR-US: Opto 22 SoftPAC Project +CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway +CVE-2020-10614 (In OSIsoft PI System multiple products and versions, an authenticated ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway +CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) + NOT-FOR-US: Opto 22 SoftPAC Project +CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) + NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway +CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...) + NOT-FOR-US: Grundfos +CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) + NOT-FOR-US: Advantech WebAccess +CVE-2020-10606 (In OSIsoft PI System multiple products and versions, a local attacker ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...) + NOT-FOR-US: Grundfos CIM +CVE-2020-10604 (In OSIsoft PI System multiple products and versions, a remote, unauthe ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) + NOT-FOR-US: WebAccess/NMS +CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenticated ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) + NOT-FOR-US: VISAM VBASE Editor +CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...) + NOT-FOR-US: OSIsoft PI System +CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) + NOT-FOR-US: VISAM VBASE Editor +CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) + NOT-FOR-US: Pyxis +CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...) + NOT-FOR-US: Insulet +CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) + NOT-FOR-US: OpenCart +CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...) + NOT-FOR-US: Subrion CMS +CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) + {DSA-4648-1 DLA-2166-1} + - libpam-krb5 4.9-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 +CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) + NOT-FOR-US: drf-jwt +CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) + - tor 0.4.2.7-1 + [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) + [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) + [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) + NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 + NOTE: https://bugs.torproject.org/33619 +CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) + {DSA-4644-1} + - tor 0.4.2.7-1 + [stretch] - tor (See DSA 4644) + [jessie] - tor (Not supported in jessie LTS) + NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 + NOTE: https://bugs.torproject.org/33120 +CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) + NOT-FOR-US: Walmart Labs Concord +CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API that ex ...) + NOT-FOR-US: Replicated Classic +CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) + NOT-FOR-US: v2rayL +CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) + NOT-FOR-US: v2rayL +CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) + NOT-FOR-US: antiX and MX Linux +CVE-2020-10586 + RESERVED +CVE-2020-10585 + RESERVED +CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10581 (Multiple session validity check issues in several administration funct ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...) + NOT-FOR-US: Invigo Automatic Device Management (ADM) +CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) + NOT-FOR-US: QCMS +CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) + - janus 0.9.2-1 (bug #954668) + NOTE: https://github.com/meetecho/janus-gateway/pull/1990 +CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) + - janus 0.9.1+20200313-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/1993 +CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) + - janus 0.9.1+20200313-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/1994 +CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) + - janus 0.9.1+20200313-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/1989 +CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) + - janus 0.9.1+20200313-1 + NOTE: https://github.com/meetecho/janus-gateway/pull/1988 +CVE-2020-10572 + RESERVED +CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) + NOT-FOR-US: psd-tools +CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) + NOT-FOR-US: Telegram for Android +CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...) + NOT-FOR-US: SysAid On-Premise +CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) + NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress +CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) + NOT-FOR-US: Responsive Filemanager +CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...) + NOT-FOR-US: Sails.js +CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) + NOT-FOR-US: FreeBSD +CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) + NOT-FOR-US: FreeBSD +CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) + NOT-FOR-US: File Upload plugin for WordPress +CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) + NOT-FOR-US: DEVOME GRR +CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) + NOT-FOR-US: DEVOME GRR +CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. ...) + NOT-FOR-US: Xiaomi +CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) + NOT-FOR-US: Open Source Social Network (OSSN) +CVE-2020-10559 + RESERVED +CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) + NOT-FOR-US: driving interface of Tesla Model 3 vehicles +CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) + NOT-FOR-US: AContent +CVE-2020-10556 + RESERVED +CVE-2020-10555 + RESERVED +CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...) + NOT-FOR-US: Psyprax +CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...) + NOT-FOR-US: Psyprax +CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...) + NOT-FOR-US: Psyprax +CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) + NOT-FOR-US: QQBrowser +CVE-2020-10550 + RESERVED +CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...) + NOT-FOR-US: rConfig +CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...) + NOT-FOR-US: rConfig +CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) + NOT-FOR-US: rConfig +CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) + NOT-FOR-US: rConfig +CVE-2020-10545 + RESERVED +CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) + NOT-FOR-US: PrimeTek PrimeFaces +CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...) + NOT-FOR-US: Invision Power Board +CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...) + - perl 5.30.3-1 (bug #962005) + [buster] - perl 5.28.1-6+deb10u1 + [stretch] - perl 5.24.1-3+deb9u7 + NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) +CVE-2020-10542 + RESERVED +CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) + NOT-FOR-US: Zoho ManageEngine OpManager +CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) + NOT-FOR-US: Untis WebUntis +CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...) + NOT-FOR-US: Epikur +CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...) + NOT-FOR-US: Epikur +CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...) + NOT-FOR-US: Epikur +CVE-2020-10536 + RESERVED +CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) + NOT-FOR-US: MediaWiki extension +CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) + - gitlab (Only affects Gitlab 12.8.x) + NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ +CVE-2020-10533 + RESERVED +CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) + NOT-FOR-US: AD Helper component in WatchGuard Fireware +CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) + {DSA-4646-1 DLA-2151-1} + [experimental] - icu 66.1-2 + - icu 63.2-3 (bug #953747) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) + NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) + NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca + NOTE: https://github.com/unicode-org/icu/pull/971 +CVE-2020-10530 + RESERVED +CVE-2020-10529 + RESERVED +CVE-2020-10528 + RESERVED +CVE-2020-10527 + RESERVED +CVE-2020-10526 + RESERVED +CVE-2020-10525 + RESERVED +CVE-2020-10524 + RESERVED +CVE-2020-10523 + RESERVED +CVE-2020-10522 + RESERVED +CVE-2020-10521 + RESERVED +CVE-2020-10520 + RESERVED +CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...) + NOT-FOR-US: GitHub Enterprise Server +CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...) + NOT-FOR-US: GitHub Enterprise Server API +CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) + NOT-FOR-US: STARFACE UCC Client +CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...) + NOT-FOR-US: iCatch DVR +CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...) + NOT-FOR-US: iCatch DVR +CVE-2020-10512 (HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAIL ...) + NOT-FOR-US: HGiga C&Cmail +CVE-2020-10511 (HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN be ...) + NOT-FOR-US: HGiga C&Cmail +CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) + NOT-FOR-US: Sunnet eHRD +CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) + NOT-FOR-US: Sunnet eHRD +CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) + NOT-FOR-US: Sunnet eHRD +CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) + NOT-FOR-US: The School Manage System +CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) + NOT-FOR-US: The School Manage System +CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) + NOT-FOR-US: The School Manage System +CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) + NOT-FOR-US: Chadha PHPKB +CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) + NOT-FOR-US: WPForms Contact Form plugin for WordPress +CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) + NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software +CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) + NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software +CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) + NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software +CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) + NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software +CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection.) + - rmysql 0.10.20-1 + [buster] - rmysql (Minor issue) + [jessie] - rmysql (Minor issue) + NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 + NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 +CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) + - pillow 7.2.0-1 + [buster] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [stretch] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + [jessie] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) + NOTE: https://github.com/python-pillow/Pillow/pull/4538 + NOTE: https://github.com/python-pillow/Pillow/pull/4507 + NOTE: Fixed in 6.2.3 and 7.1.0 +CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...) + - pillow 7.2.0-1 + [buster] - pillow 5.4.1-2+deb10u2 + [stretch] - pillow (Vulnerable code not present) + [jessie] - pillow (Vulnerable code not present) + NOTE: https://github.com/python-pillow/Pillow/pull/4538 + NOTE: https://github.com/python-pillow/Pillow/pull/4506 + NOTE: https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test) + NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7 + NOTE: https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test) + NOTE: Fixed in 6.2.3 and 7.1.0 +CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) + NOT-FOR-US: Mitel +CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) + NOT-FOR-US: Technicolor +CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...) + NOT-FOR-US: New Media Smarty +CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2020-10373 + RESERVED +CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) + NOT-FOR-US: Ramp AltitudeCDN Altimeter +CVE-2020-10371 + RESERVED +CVE-2020-10370 + RESERVED + - bluez-firmware (BCM4345C0.hcd introduced already in fixed version in Debian with bluez-firmware/1.2-6) + NOTE: https://github.com/RPi-Distro/bluez-firmware/commit/8445a53ce2c51a77472b908a0c8f6f8e1fa5c37a +CVE-2020-10369 + RESERVED +CVE-2020-10368 + RESERVED +CVE-2020-10367 + RESERVED +CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) + NOT-FOR-US: LogicalDoc +CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) + NOT-FOR-US: LogicalDoc +CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) + NOT-FOR-US: SSH daemon on MikroTik routers +CVE-2020-10363 + RESERVED +CVE-2020-10362 + RESERVED +CVE-2020-10361 + RESERVED +CVE-2020-10360 + RESERVED +CVE-2020-10359 + RESERVED +CVE-2020-10358 + RESERVED +CVE-2020-10357 + RESERVED +CVE-2020-10356 + RESERVED +CVE-2020-10355 + RESERVED +CVE-2020-10354 + RESERVED +CVE-2020-10353 + RESERVED +CVE-2020-10352 + RESERVED +CVE-2020-10351 + RESERVED +CVE-2020-10350 + RESERVED +CVE-2020-10349 + RESERVED +CVE-2020-10348 + RESERVED +CVE-2020-10347 + RESERVED +CVE-2020-10346 + RESERVED +CVE-2020-10345 + RESERVED +CVE-2020-10344 + RESERVED +CVE-2020-10343 + RESERVED +CVE-2020-10342 + RESERVED +CVE-2020-10341 + RESERVED +CVE-2020-10340 + RESERVED +CVE-2020-10339 + RESERVED +CVE-2020-10338 + RESERVED +CVE-2020-10337 + RESERVED +CVE-2020-10336 + RESERVED +CVE-2020-10335 + RESERVED +CVE-2020-10334 + RESERVED +CVE-2020-10333 + RESERVED +CVE-2020-10332 + RESERVED +CVE-2020-10331 + RESERVED +CVE-2020-10330 + RESERVED +CVE-2020-10329 + RESERVED +CVE-2020-10328 + RESERVED +CVE-2020-10327 + RESERVED +CVE-2020-10326 + RESERVED +CVE-2020-10325 + RESERVED +CVE-2020-10324 + RESERVED +CVE-2020-10323 + RESERVED +CVE-2020-10322 + RESERVED +CVE-2020-10321 + RESERVED +CVE-2020-10320 + RESERVED +CVE-2020-10319 + RESERVED +CVE-2020-10318 + RESERVED +CVE-2020-10317 + RESERVED +CVE-2020-10316 + RESERVED +CVE-2020-10315 + RESERVED +CVE-2020-10314 + RESERVED +CVE-2020-10313 + RESERVED +CVE-2020-10312 + RESERVED +CVE-2020-10311 + RESERVED +CVE-2020-10310 + RESERVED +CVE-2020-10309 + RESERVED +CVE-2020-10308 + RESERVED +CVE-2020-10307 + RESERVED +CVE-2020-10306 + RESERVED +CVE-2020-10305 + RESERVED +CVE-2020-10304 + RESERVED +CVE-2020-10303 + RESERVED +CVE-2020-10302 + RESERVED +CVE-2020-10301 + RESERVED +CVE-2020-10300 + RESERVED +CVE-2020-10299 + RESERVED +CVE-2020-10298 + RESERVED +CVE-2020-10297 + RESERVED +CVE-2020-10296 + RESERVED +CVE-2020-10295 + RESERVED +CVE-2020-10294 + RESERVED +CVE-2020-10293 + RESERVED +CVE-2020-10292 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) + NOT-FOR-US: Visual Components +CVE-2020-10291 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) + NOT-FOR-US: Visual Components +CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...) + NOT-FOR-US: Universal Robots controller +CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...) + {DLA-2357-1} + - ros-actionlib 1.13.1-4 (bug #968830) + [buster] - ros-actionlib 1.11.15-1+deb10u1 + NOTE: https://github.com/ros/actionlib/pull/171 +CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...) + NOT-FOR-US: ABB IRC5 +CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...) + NOT-FOR-US: ABB IRC5 +CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers ...) + NOT-FOR-US: xArm +CVE-2020-10285 (The authentication implementation on the xArm controller has very low ...) + NOT-FOR-US: xArm +CVE-2020-10284 (No authentication is required to control the robot inside the network, ...) + NOT-FOR-US: xArm +CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...) + NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol +CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...) + NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol +CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...) + NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol +CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...) + NOT-FOR-US: MiR +CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...) + NOT-FOR-US: MiR +CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...) + NOT-FOR-US: MiR +CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from ...) + NOT-FOR-US: MiR +CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...) + NOT-FOR-US: Safety PLC +CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...) + NOT-FOR-US: MiR +CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...) + NOT-FOR-US: MiR +CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...) + NOT-FOR-US: MiR +CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) + NOT-FOR-US: MiR +CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) + NOT-FOR-US: MiR +CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...) + NOT-FOR-US: MiR +CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...) + NOT-FOR-US: MiR +CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...) + NOT-FOR-US: Kuka +CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) + NOT-FOR-US: Universal Robots control box CB +CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) + NOT-FOR-US: Universal Robots+ +CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) + NOT-FOR-US: Universal Robots+ +CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) + NOT-FOR-US: CB3 SW +CVE-2019-20509 + REJECTED +CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) + NOT-FOR-US: XIAOMI +CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) + NOT-FOR-US: XIAOMI +CVE-2020-10261 + RESERVED +CVE-2020-10260 + RESERVED +CVE-2020-10259 + RESERVED +CVE-2020-10258 + RESERVED +CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) + NOT-FOR-US: ThemeREX Addons plugin for WordPress +CVE-2020-10256 (An issue was discovered in beta versions of the 1Password command-line ...) + NOT-FOR-US: 1Password +CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) + NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips +CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...) + - owncloud +CVE-2020-10253 + RESERVED +CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...) + - owncloud +CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) + - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741) + [buster] - imagemagick (Vulnerable code introduced later with HEIC color profiles support) + [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) + [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) + NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/0a28a9416018661ecc52e908205c738ce5e17e40 + NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/8b5a3f92ef102d6f76a51fa20b408795952fc1b0 + NOTE: introduced by https://github.com/ImageMagick/ImageMagick6/commit/c6c591c3ec9b043593262a3f3b848355a4804758 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 + NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 + NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 +CVE-2019-20508 + RESERVED +CVE-2019-20507 + RESERVED +CVE-2019-20506 + RESERVED +CVE-2019-20505 + RESERVED +CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) + NOT-FOR-US: BWA DiREX-Pro devices +CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) + NOT-FOR-US: BWA DiREX-Pro devices +CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) + NOT-FOR-US: BWA DiREX-Pro devices +CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) + NOT-FOR-US: MISP +CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) + NOT-FOR-US: MISP +CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) + NOT-FOR-US: CODESYS +CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens.) + NOT-FOR-US: JPaseto +CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) + NOT-FOR-US: Joomla! +CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) + NOT-FOR-US: Joomla! +CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) + NOT-FOR-US: Joomla! +CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) + NOT-FOR-US: Joomla! +CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) + NOT-FOR-US: Joomla! +CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) + NOT-FOR-US: Joomla! +CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) + - froxlor (bug #581792) +CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) + - froxlor (bug #581792) +CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) + - froxlor (bug #581792) +CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...) + NOT-FOR-US: IObit Advanced SystemCare +CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) + - sleuthkit (unimportant) + NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 + NOTE: Crash in CLI tool, no security impact +CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) + {DLA-3054-1 DLA-2137-1} + - sleuthkit 4.9.0+dfsg-2 (low; bug #953976) + [buster] - sleuthkit 4.6.5-1+deb10u1 + NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 + NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 +CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) + NOT-FOR-US: TP-Link +CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) + NOT-FOR-US: CentOS-WebPanel.com +CVE-2020-10229 (A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unw ...) + NOT-FOR-US: vtecrm vtenext +CVE-2020-10228 (A file upload vulnerability in vtecrm vtenext 19 CE allows authenticat ...) + NOT-FOR-US: vtecrm vtenext +CVE-2020-10227 (A cross-site scripting (XSS) vulnerability in the messages module of v ...) + NOT-FOR-US: vtecrm vtenext +CVE-2020-10226 + RESERVED +CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) + NOT-FOR-US: PHPGurukul Job Portal +CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) + NOT-FOR-US: PHPGurukul Online Book Store +CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) + NOT-FOR-US: npdf.dll in Nitro Pro +CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) + NOT-FOR-US: npdf.dll in Nitro Pro +CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) + NOT-FOR-US: rConfig +CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance ...) + NOT-FOR-US: Quest KACE +CVE-2016-11021 (setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remot ...) + NOT-FOR-US: D-Link +CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) + NOT-FOR-US: rConfig +CVE-2020-10219 + RESERVED +CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) + NOT-FOR-US: Sapplica Sentrifugo +CVE-2020-10217 + RESERVED +CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + NOT-FOR-US: D-Link +CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + NOT-FOR-US: D-Link +CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) + NOT-FOR-US: D-Link +CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) + NOT-FOR-US: D-Link +CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) + NOT-FOR-US: Responsive FileManager +CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) + NOT-FOR-US: Mitel +CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...) + NOT-FOR-US: Amino Communications +CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...) + NOT-FOR-US: Amino Communications +CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...) + NOT-FOR-US: Amino Communications +CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...) + NOT-FOR-US: Amino Communications +CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...) + NOT-FOR-US: Amino Communications +CVE-2020-10205 + RESERVED +CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.) + NOT-FOR-US: Sonatype Nexus Repository +CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS.) + NOT-FOR-US: Sonatype Nexus Repository +CVE-2020-10202 + RESERVED +CVE-2020-10201 + RESERVED +CVE-2020-10200 + RESERVED +CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) + NOT-FOR-US: Sonatype Nexus Repository +CVE-2020-10198 + RESERVED +CVE-2020-10197 + RESERVED +CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) + NOT-FOR-US: popup-builder plugin for WordPress +CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) + NOT-FOR-US: popup-builder plugin for WordPress +CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) + NOT-FOR-US: Zimbra +CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) + NOT-FOR-US: ESET Archive Support Module +CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) + NOT-FOR-US: Munkireport +CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) + NOT-FOR-US: Munkireport +CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) + NOT-FOR-US: Munkireport +CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) + {DLA-2341-1 DLA-2176-1} + - inetutils 2:1.9.4-12 (bug #956084) + [buster] - inetutils 2:1.9.4-7+deb10u1 + - netkit-telnet 0.17-18woody2 (bug #953477) + - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) + NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html + NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 + NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html + NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch +CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) + {DSA-4645-1 DSA-4642-1 DSA-4639-1 DLA-3481-1 DLA-2150-1 DLA-2140-1} + - libusrsctp 0.9.3.0+20200312-1 (bug #953270) + - firefox 74.0-1 + - firefox-esr 68.6.0esr-1 + - thunderbird 1:68.6.0-1 + - chromium 80.0.3987.149-1 + [stretch] - chromium (see DSA 4562) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2019-20503 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1992 + NOTE: https://github.com/sctplab/usrsctp/commit/790a7a2555aefb392a5a69923f1e9d17b4968467 +CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...) + - ruby-doorkeeper 5.0.3-1 (bug #959903) + [buster] - ruby-doorkeeper (Vulnerable code not present) + [stretch] - ruby-doorkeeper (Vulnerable code not present) + NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 + NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 + NOTE: Introduced in https://github.com/doorkeeper-gem/doorkeeper/commit/4acc923dc77fa00928268136f54136d5a6a865dc (v5.0.0.rc1) +CVE-2020-10186 + RESERVED +CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) + {DLA-2141-1} + - yubikey-val + [buster] - yubikey-val (Minor issue) + [stretch] - yubikey-val (Minor issue) + NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ + NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 +CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) + {DLA-2141-1} + - yubikey-val + [buster] - yubikey-val (Minor issue) + [stretch] - yubikey-val (Minor issue) + NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ + NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 +CVE-2020-10183 + RESERVED +CVE-2020-10182 + RESERVED +CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) + NOT-FOR-US: Sumavision Enhanced Multimedia Router +CVE-2019-20502 (An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer ...) + NOT-FOR-US: EFS Easy Chat Server +CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) + NOT-FOR-US: ESET AV parsing engine +CVE-2020-10179 + RESERVED +CVE-2020-10178 + REJECTED +CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...) + {DLA-2317-1} + - pillow 7.2.0-1 + [buster] - pillow 5.4.1-2+deb10u2 + NOTE: https://github.com/python-pillow/Pillow/pull/4503 + NOTE: https://github.com/python-pillow/Pillow/pull/4538 + NOTE: Fixed in 6.2.3 and 7.1.0 +CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) + NOT-FOR-US: ASSA ABLOY Yale WIPC-301W +CVE-2020-10175 + REJECTED +CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) + - timeshift 20.03+ds-1 (bug #953385) + [buster] - timeshift 19.01+ds-2+deb10u1 + NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 + NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 +CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) + NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices +CVE-2020-10172 + RESERVED +CVE-2020-10171 + RESERVED +CVE-2020-10170 + RESERVED +CVE-2020-10169 + RESERVED +CVE-2020-10168 + RESERVED +CVE-2020-10167 + RESERVED +CVE-2020-10166 + RESERVED +CVE-2020-10165 + RESERVED +CVE-2020-10164 + RESERVED +CVE-2020-10163 + RESERVED +CVE-2020-10162 + RESERVED +CVE-2020-10161 + RESERVED +CVE-2020-10160 + RESERVED +CVE-2020-10159 + RESERVED +CVE-2020-10158 + RESERVED +CVE-2020-10157 + RESERVED +CVE-2020-10156 + RESERVED +CVE-2020-10155 + RESERVED +CVE-2020-10154 + RESERVED +CVE-2020-10153 + RESERVED +CVE-2020-10152 + RESERVED +CVE-2020-10151 + RESERVED +CVE-2020-10150 + RESERVED +CVE-2020-10149 + RESERVED +CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...) + NOT-FOR-US: SolarWinds +CVE-2020-10147 + RESERVED +CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...) + NOT-FOR-US: Microsoft Teams +CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure access-control li ...) + NOT-FOR-US: Adobe +CVE-2020-10144 + RESERVED +CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies an OPENSS ...) + NOT-FOR-US: Macrium Reflect +CVE-2020-10142 + RESERVED +CVE-2020-10141 + RESERVED +CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...) + NOT-FOR-US: Acronis +CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...) + NOT-FOR-US: Acronis +CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...) + NOT-FOR-US: Acronis +CVE-2020-10137 (Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do n ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) + NOT-FOR-US: Cisco +CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) + NOTE: Bluetooth protocol issue +CVE-2020-10134 (Pairing in Bluetooth\xae Core v5.2 and earlier may permit an unauthent ...) + NOTE: Bluetooth protocol issue +CVE-2020-10133 + RESERVED +CVE-2020-10132 (SearchBlox before Version 9.1 is vulnerable to cross-origin resource s ...) + NOT-FOR-US: SearchBlox +CVE-2020-10131 (SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection i ...) + NOT-FOR-US: SearchBlox +CVE-2020-10130 (SearchBlox before Version 9.1 is vulnerable to business logic bypass w ...) + NOT-FOR-US: SearchBlox +CVE-2020-10129 (SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation ...) + NOT-FOR-US: SearchBlox +CVE-2020-10128 (SearchBlox product with version before 9.2.1 is vulnerable to stored c ...) + NOT-FOR-US: SearchBlox +CVE-2020-10127 + RESERVED +CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...) + NOT-FOR-US: NCR SelfServ ATMs +CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...) + NOT-FOR-US: NCR SelfServ ATMs +CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...) + NOT-FOR-US: NCR SelfServ ATMs +CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...) + NOT-FOR-US: NCR SelfServ ATMs +CVE-2019-20501 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) + NOT-FOR-US: D-Link +CVE-2019-20500 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) + NOT-FOR-US: D-Link +CVE-2019-20499 (D-Link DWL-2600AP 4.2.0.15 Rev A devices have an authenticated OS comm ...) + NOT-FOR-US: D-Link +CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) + NOT-FOR-US: cPanel +CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) + NOT-FOR-US: cPanel +CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) + NOT-FOR-US: cPanel +CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) + NOT-FOR-US: cPanel +CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) + NOT-FOR-US: cPanel +CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) + NOT-FOR-US: cPanel +CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) + NOT-FOR-US: cPanel +CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) + NOT-FOR-US: cPanel +CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) + NOT-FOR-US: cPanel +CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) + NOT-FOR-US: cPanel +CVE-2020-10112 (Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citr ...) + NOT-FOR-US: Citrix +CVE-2020-10111 (Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation ...) + NOT-FOR-US: Citrix +CVE-2020-10110 (Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Throug ...) + NOT-FOR-US: Citrix +CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) + {DLA-2927-1 DLA-2145-1} + - twisted 18.9.0-7 (bug #953950) + [buster] - twisted 18.9.0-3+deb10u1 + NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR + NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 +CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) + {DLA-2927-1 DLA-2145-1} + - twisted 18.9.0-7 (bug #953950) + [buster] - twisted 18.9.0-3+deb10u1 + NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR + NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 +CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) + NOT-FOR-US: PHPGurukul Daily Expense Tracker System +CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) + NOT-FOR-US: PHPGurukul Daily Expense Tracker System +CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) + - zammad (bug #841355) +CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) + - zammad (bug #841355) +CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) + - zammad (bug #841355) +CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) + - zammad (bug #841355) +CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) + - zammad (bug #841355) +CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) + - zammad (bug #841355) +CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) + - zammad (bug #841355) +CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) + - zammad (bug #841355) +CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) + - zammad (bug #841355) +CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) + - zammad (bug #841355) +CVE-2020-10095 + RESERVED +CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...) + NOT-FOR-US: Lexmark +CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...) + NOT-FOR-US: Lexmark +CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) + - gitlab (Only affects Gitlab 12.1 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) + - gitlab (Only affects Gitlab 12.5 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) + - gitlab (Only affects Gitlab 12.3.5 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) + - gitlab (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) + - gitlab (Only affects Gitlab 12.7 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) + - gitlab (Only affects Gitlab 12.2 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) + - gitlab (Only affects Gitlab 12.1 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) + - gitlab (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) + - gitlab (Only affects Gitlab 12.1 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) + - gitlab (Only affects Gitlab 12.5 and later) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) + - gitlab (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= v1. ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.1 ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2019-20498 (cPanel before 82.0.18 allows WebDAV authentication bypass because the ...) + NOT-FOR-US: cPanel +CVE-2019-20497 (cPanel before 82.0.18 allows stored XSS via WHM Backup Restoration (SE ...) + NOT-FOR-US: cPanel +CVE-2019-20496 (cPanel before 82.0.18 allows attackers to conduct arbitrary chown oper ...) + NOT-FOR-US: cPanel +CVE-2019-20495 (cPanel before 82.0.18 allows attackers to read an arbitrary database v ...) + NOT-FOR-US: cPanel +CVE-2019-20494 (In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable ...) + NOT-FOR-US: cPanel +CVE-2019-20493 (cPanel before 82.0.18 allows self-XSS because JSON string escaping is ...) + NOT-FOR-US: cPanel +CVE-2019-20492 (cPanel before 82.0.18 allows authentication bypass because of misparsi ...) + NOT-FOR-US: cPanel +CVE-2019-20491 (cPanel before 82.0.18 allows attackers to leverage virtual mail accoun ...) + NOT-FOR-US: cPanel +CVE-2019-20490 (cPanel before 82.0.18 allows authentication bypass because webmail use ...) + NOT-FOR-US: cPanel +CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) + NOT-FOR-US: GeniXCMS +CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...) + NOT-FOR-US: Siemens +CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) + NOT-FOR-US: Desigo +CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) + NOT-FOR-US: Siemens +CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) + NOT-FOR-US: Siemens +CVE-2020-10047 + RESERVED +CVE-2020-10046 + RESERVED +CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions < V2.05 ...) + NOT-FOR-US: Siemens +CVE-2020-10036 + RESERVED +CVE-2020-10035 + RESERVED +CVE-2020-10034 + RESERVED +CVE-2020-10033 + RESERVED +CVE-2020-10032 + RESERVED +CVE-2020-10031 + RESERVED +CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) + - pdns-recursor 4.3.1-1 (unimportant) + NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html + NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 + NOTE: Non exploitable on Linux +CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) + {DLA-3152-1} + - glibc 2.30-1 (bug #953108) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a +CVE-2020-9999 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-9998 + RESERVED +CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2020-9996 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9995 (An issue existed in the parsing of URLs. This issue was addressed with ...) + NOT-FOR-US: Apple +CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...) + NOT-FOR-US: Apple +CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...) + NOT-FOR-US: Apple +CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: sqlite3 as used by Apple + NOTE: No details available due to typical Apple intransparency +CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9989 (The issue was addressed with improved deletion. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9988 (The issue was addressed with improved deletion. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9987 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...) + NOT-FOR-US: Apple +CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...) + {DSA-4797-1} + - webkit2gtk 2.30.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.30.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0008.html +CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized ...) + NOT-FOR-US: Apple +CVE-2020-9981 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2020-9978 (This issue was addressed with improved setting propagation. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9975 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9971 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2020-9970 + RESERVED +CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9967 (Multiple memory corruption issues were addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...) + NOT-FOR-US: Apple +CVE-2020-9962 (A buffer overflow was addressed with improved size validation. This is ...) + NOT-FOR-US: Apple +CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9960 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9957 + RESERVED +CVE-2020-9956 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9955 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9953 + RESERVED +CVE-2020-9952 (An input validation issue was addressed with improved input validation ...) + {DSA-4739-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0008.html +CVE-2020-9951 (A use after free issue was addressed with improved memory management. ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0008.html +CVE-2020-9950 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9949 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0008.html +CVE-2020-9947 (A use after free issue was addressed with improved memory management. ...) + {DSA-4797-1} + - webkit2gtk 2.30.1-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + - wpewebkit 2.30.0-1 + NOTE: https://webkitgtk.org/security/WSA-2021-0002.html +CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...) + NOT-FOR-US: Apple +CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9942 (An inconsistent user interface issue was addressed with improved state ...) + NOT-FOR-US: Apple +CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9930 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...) + NOT-FOR-US: Apple +CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9926 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2020-9922 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...) + NOT-FOR-US: Apple +CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...) + NOT-FOR-US: Apple +CVE-2020-9913 (This issue was addressed with improved data protection. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Safari +CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Safari +CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...) + NOT-FOR-US: Safari +CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...) + NOT-FOR-US: Apple +CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Safari +CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...) + NOT-FOR-US: Apple +CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...) + NOT-FOR-US: Apple +CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2020-9896 + RESERVED +CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9894 (An out-of-bounds read was addressed with improved input validation. Th ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9893 (A use after free issue was addressed with improved memory management. ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...) + NOT-FOR-US: Apple +CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9886 + RESERVED +CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...) + NOT-FOR-US: Apple +CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...) + NOT-FOR-US: Apple +CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...) + NOT-FOR-US: Apple +CVE-2020-9867 + RESERVED +CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...) + NOT-FOR-US: Apple +CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...) + NOT-FOR-US: Apple +CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...) + {DSA-4739-1} + - webkit2gtk 2.28.4-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.4-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0007.html +CVE-2020-9861 (A stack overflow issue existed in Swift for Linux. The issue was addre ...) + NOT-FOR-US: Swift (different from src:swift) +CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...) + NOT-FOR-US: Apple +CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) + NOT-FOR-US: Apple +CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...) + NOT-FOR-US: Safari +CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) + NOT-FOR-US: Apple +CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...) + NOT-FOR-US: Apple +CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...) + NOT-FOR-US: Apple +CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9849 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: sqlite3 as used by Apple + NOTE: No details available due to typical Apple intransparency +CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) + NOT-FOR-US: Apple +CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9846 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9845 + RESERVED +CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9842 (An entitlement parsing issue was addressed with improved parsing. This ...) + NOT-FOR-US: Apple +CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) + NOT-FOR-US: SwiftNIO Extras +CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9836 + RESERVED +CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) + NOT-FOR-US: Apple +CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) + NOT-FOR-US: Apple +CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) + NOT-FOR-US: Apple +CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) + NOT-FOR-US: Apple +CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) + NOT-FOR-US: Apple +CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) + NOT-FOR-US: Apple +CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) + NOT-FOR-US: Apple +CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) + NOT-FOR-US: Apple +CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) + NOT-FOR-US: Apple +CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) + {DSA-4724-1} + - webkit2gtk 2.28.3-1 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.3-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0006.html +CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) + NOT-FOR-US: Apple +CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9798 + RESERVED +CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) + NOT-FOR-US: Apple +CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...) + NOT-FOR-US: Apple +CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: sqlite3 as used by Apple + NOTE: No details available due to typical Apple intransparency +CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) + NOT-FOR-US: Apple +CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) + NOT-FOR-US: Apple +CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...) + NOT-FOR-US: Apple +CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) + NOT-FOR-US: Apple +CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple Safari +CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) + NOT-FOR-US: Apple +CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) + NOT-FOR-US: Apple +CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...) + NOT-FOR-US: Apple +CVE-2020-9778 + RESERVED +CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) + NOT-FOR-US: Apple +CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) + NOT-FOR-US: Apple +CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...) + NOT-FOR-US: Apple +CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) + NOT-FOR-US: Apple +CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...) + NOT-FOR-US: Apple +CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) + NOT-FOR-US: Apple +CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) + NOT-FOR-US: Apple +CVE-2020-9767 (A vulnerability related to Dynamic-link Library (\u201cDLL\u201d) load ...) + NOT-FOR-US: Zoom +CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10026 + REJECTED +CVE-2020-10025 + REJECTED +CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10020 + REJECTED +CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...) + NOT-FOR-US: Zephyr, different from src:zephyr +CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) + {DSA-4641-1} + - webkit2gtk 2.28.0-2 + [stretch] - webkit2gtk (Not covered by security support in stretch) + [jessie] - webkit2gtk (Not covered by security support in jessie) + - wpewebkit 2.28.0-1 + NOTE: https://webkitgtk.org/security/WSA-2020-0003.html +CVE-2020-10017 (An out-of-bounds write was addressed with improved input validation. T ...) + NOT-FOR-US: Apple +CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...) + NOT-FOR-US: Apple +CVE-2020-10015 (An out-of-bounds write issue was addressed with improved bounds checki ...) + NOT-FOR-US: Apple +CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with ...) + NOT-FOR-US: Apple +CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-10012 (An access issue was addressed with improved access restrictions. This ...) + NOT-FOR-US: Apple +CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + NOT-FOR-US: Apple +CVE-2020-10010 (A path handling issue was addressed with improved validation. This iss ...) + NOT-FOR-US: Apple +CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-10008 (A logic issue was addressed with improved restrictions. This issue is ...) + NOT-FOR-US: Apple +CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...) + NOT-FOR-US: Apple +CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...) + NOT-FOR-US: Apple +CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...) + NOT-FOR-US: Apple +CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...) + NOT-FOR-US: Apple +CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...) + {DLA-2800-1} + - cups 2.3.3op2-1 + [buster] - cups 2.2.10-6+deb10u5 + NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2) +CVE-2020-10000 + RESERVED +CVE-2020-9766 + RESERVED +CVE-2020-9765 + RESERVED +CVE-2020-9764 + RESERVED +CVE-2020-9763 + RESERVED +CVE-2020-9762 + RESERVED +CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) + NOT-FOR-US: UNCTAD ASYCUDA World +CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) + {DLA-2770-1 DLA-2157-1} + - weechat 2.7.1-1 + [buster] - weechat 2.3-1+deb10u1 + NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d +CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...) + {DLA-2770-1 DLA-2157-1} + - weechat 2.7.1-1 + [buster] - weechat 2.3-1+deb10u1 + NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e +CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) + NOT-FOR-US: LiveZilla Live Chat +CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...) + NOT-FOR-US: Seomatic component for Craft CMS +CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) + NOT-FOR-US: Patriot Viper RGB Driver +CVE-2020-9755 + RESERVED +CVE-2020-9754 (NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to ...) + NOT-FOR-US: Whale Browser +CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) + NOT-FOR-US: Whale Browser +CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) + NOT-FOR-US: Naver Cloud Explorer +CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) + NOT-FOR-US: Naver Cloud Explorer +CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) + NOT-FOR-US: Adobe +CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) + NOT-FOR-US: Adobe +CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...) + NOT-FOR-US: Adobe +CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...) + NOT-FOR-US: Adobe +CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...) + NOT-FOR-US: Adobe Flash Plugin +CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + NOT-FOR-US: Adobe +CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + NOT-FOR-US: Adobe +CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) + NOT-FOR-US: Adobe +CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) + NOT-FOR-US: Adobe AEM +CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) + NOT-FOR-US: Adobe +CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...) + NOT-FOR-US: Adobe +CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...) + NOT-FOR-US: Adobe +CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...) + NOT-FOR-US: Adobe +CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9713 + RESERVED +CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9711 + RESERVED +CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9709 + RESERVED +CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) + NOT-FOR-US: Adobe +CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9695 + RESERVED +CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) + NOT-FOR-US: Adobe +CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...) + NOT-FOR-US: Adobe +CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) + NOT-FOR-US: Adobe +CVE-2020-9686 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) + NOT-FOR-US: Adobe +CVE-2020-9685 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) + NOT-FOR-US: Adobe +CVE-2020-9684 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) + NOT-FOR-US: Adobe +CVE-2020-9683 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) + NOT-FOR-US: Adobe +CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) + NOT-FOR-US: Adobe +CVE-2020-9681 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) + NOT-FOR-US: Adobe +CVE-2020-9680 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) + NOT-FOR-US: Adobe +CVE-2020-9679 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) + NOT-FOR-US: Adobe +CVE-2020-9678 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) + NOT-FOR-US: Adobe +CVE-2020-9677 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) + NOT-FOR-US: Adobe +CVE-2020-9676 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) + NOT-FOR-US: Adobe +CVE-2020-9675 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vu ...) + NOT-FOR-US: Adobe +CVE-2020-9674 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) + NOT-FOR-US: Adobe +CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) + NOT-FOR-US: Adobe +CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) + NOT-FOR-US: Adobe +CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) + NOT-FOR-US: Adobe +CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) + NOT-FOR-US: Adobe +CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) + NOT-FOR-US: Adobe +CVE-2020-9668 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Impr ...) + NOT-FOR-US: Adobe +CVE-2020-9667 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) + NOT-FOR-US: Adobe +CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...) + NOT-FOR-US: Adobe +CVE-2020-9665 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9664 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) + NOT-FOR-US: Magento +CVE-2020-9663 (Adobe Reader Mobile versions 20.0.1 and earlier have a directory trave ...) + NOT-FOR-US: Adobe +CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) + NOT-FOR-US: Adobe +CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...) + NOT-FOR-US: Adobe +CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) + NOT-FOR-US: Adobe +CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) + NOT-FOR-US: Adobe +CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) + NOT-FOR-US: Adobe +CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) + NOT-FOR-US: Adobe +CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) + NOT-FOR-US: Adobe +CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...) + NOT-FOR-US: Adobe +CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) + NOT-FOR-US: Adobe +CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) + NOT-FOR-US: Adobe +CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...) + NOT-FOR-US: Adobe +CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) + NOT-FOR-US: Adobe +CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) + NOT-FOR-US: Adobe +CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) + NOT-FOR-US: Adobe +CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...) + NOT-FOR-US: Adobe +CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) + NOT-FOR-US: Adobe +CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) + NOT-FOR-US: Adobe +CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...) + NOT-FOR-US: Adobe +CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) + NOT-FOR-US: Adobe +CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) + NOT-FOR-US: Adobe +CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) + NOT-FOR-US: Adobe +CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) + NOT-FOR-US: Adobe +CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...) + NOT-FOR-US: Adobe +CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9619 + RESERVED +CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read ...) + NOT-FOR-US: Adobe +CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...) + NOT-FOR-US: Adobe +CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...) + NOT-FOR-US: Adobe +CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) + NOT-FOR-US: Adobe +CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...) + NOT-FOR-US: Adobe +CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) + NOT-FOR-US: Magento +CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) + NOT-FOR-US: Adobe +CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...) + NOT-FOR-US: Adobe +CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) + NOT-FOR-US: Adobe +CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) + NOT-FOR-US: Adobe +CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) + NOT-FOR-US: Adobe +CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) + NOT-FOR-US: Adobe +CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...) + NOT-FOR-US: Adobe +CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) + NOT-FOR-US: Adobe +CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) + NOT-FOR-US: Adobe +CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) + NOT-FOR-US: Adobe +CVE-2019-20489 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. The web ...) + NOT-FOR-US: Netgear +CVE-2019-20488 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) + NOT-FOR-US: Netgear +CVE-2019-20487 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) + NOT-FOR-US: Netgear +CVE-2019-20486 (An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multipl ...) + NOT-FOR-US: Netgear +CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) + NOT-FOR-US: Rubetek SmartHome 2020 devices +CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) + {DLA-2134-1} + - pdfresurrect 0.20-1 (unimportant; bug #952948) + NOTE: https://github.com/enferex/pdfresurrect/issues/8 + NOTE: Crash in CLI tool, no security impact +CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2135-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2135-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) + {DLA-2135-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) + NOT-FOR-US: Pale Moon +CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) + NOT-FOR-US: D-Link +CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9.1.1 allows att ...) + - manila 1:9.0.0-5 (bug #953581) + [buster] - manila 1:7.0.0-1+deb10u1 + [stretch] - manila (Minor issue) + NOTE: https://bugs.launchpad.net/manila/+bug/1861485 + NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html +CVE-2020-9542 + RESERVED +CVE-2020-9541 + RESERVED +CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) + NOT-FOR-US: Sophos +CVE-2020-9539 + RESERVED +CVE-2020-9538 + RESERVED +CVE-2020-9537 + RESERVED +CVE-2020-9536 + RESERVED +CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) + NOT-FOR-US: D-Link +CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) + NOT-FOR-US: D-Link +CVE-2020-9533 + RESERVED +CVE-2020-9532 + RESERVED +CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) + NOT-FOR-US: Xiaomi +CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) + NOT-FOR-US: Xiaomi +CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) + NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology +CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) + NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology +CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) + NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology +CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) + NOT-FOR-US: CS2 Network P2P +CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) + NOT-FOR-US: CS2 Network P2P +CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...) + NOT-FOR-US: Micro Focus +CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) + NOT-FOR-US: Micro Focus +CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...) + NOT-FOR-US: Micro Focus +CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) + NOT-FOR-US: Micro Focus +CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) + NOT-FOR-US: Micro Focus Vibe +CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) + NOT-FOR-US: Micro Focus +CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) + NOT-FOR-US: Micro Focus +CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) + NOT-FOR-US: Micro Focus +CVE-2020-9516 + RESERVED +CVE-2020-9515 + RESERVED +CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) + NOT-FOR-US: IMPress for IDX Broker plugin for WordPress +CVE-2020-9513 + RESERVED +CVE-2020-9512 + RESERVED +CVE-2020-9511 + RESERVED +CVE-2020-9510 + RESERVED +CVE-2020-9509 + RESERVED +CVE-2020-9508 + RESERVED +CVE-2020-9507 + RESERVED +CVE-2020-9506 + RESERVED +CVE-2020-9505 + RESERVED +CVE-2020-9504 + RESERVED +CVE-2020-9503 + RESERVED +CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) + NOT-FOR-US: Dahua +CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) + NOT-FOR-US: Dahua +CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) + NOT-FOR-US: Dahua +CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) + NOT-FOR-US: Dahua +CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...) + {DLA-2435-1} + - guacamole-server 1.3.0-1 (bug #964195) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3 + NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ + NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb +CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) + {DLA-2435-1} + - guacamole-server 1.3.0-1 (bug #964195) + NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 + NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ + NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb +CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...) + NOT-FOR-US: Apache OFBiz +CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...) + NOT-FOR-US: Apache Archiva +CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...) + {DSA-4710-1} + - trafficserver 8.0.8+ds-1 (bug #963629) + NOTE: https://github.com/apache/trafficserver/pull/6922 +CVE-2020-9493 (A deserialization flaw was found in Apache Chainsaw versions prior to ...) + NOT-FOR-US: Apache Chainsaw +CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) + - hadoop (bug #793644) +CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) + NOT-FOR-US: Apache NiFi +CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...) + {DSA-4757-1} + - apache2 2.4.46-1 + [stretch] - apache2 (Too intrusive to backport) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 + NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4 + NOTE: https://svn.apache.org/r1880396 + NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 +CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) + - tika (bug #984666) + [bullseye] - tika (Minor issue) + [buster] - tika (Minor issue) + [jessie] - tika (the fix is too invasive to backport) + NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 +CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) + {DLA-2852-1} + - apache-log4j2 2.13.3-1 (bug #959450) + [buster] - apache-log4j2 2.15.0-1~deb10u1 + [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) + NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 + NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 + NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) + NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) +CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...) + NOT-FOR-US: Apache NiFi +CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...) + NOT-FOR-US: Apache NiFi +CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...) + - airflow (bug #819700) +CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) + {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1} + - tomcat9 9.0.35-1 (bug #961209) + - tomcat8 + - tomcat7 + [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) + NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) + NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) + NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) + NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) +CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...) + NOT-FOR-US: Apache SkyWalking +CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) + NOT-FOR-US: Apache NiFi +CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...) + {DSA-4672-1} + - trafficserver 8.0.7+ds-1 + NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E + NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c +CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) + - apache-spark (bug #802194) +CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...) + NOT-FOR-US: Apache AsterixDB +CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a ...) + - libvirt 6.0.0-2 (low; bug #953078) + [buster] - libvirt (Minor issue) + [stretch] - libvirt (Minor issue) + [jessie] - libvirt (Vulnerable code not present) + NOTE: https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=a663a860819287e041c3de672aad1d8543098ecc (v6.0.0-rc1) +CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) + NOT-FOR-US: Swann +CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) + NOT-FOR-US: Rubrik +CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) + NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices +CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) + NOT-FOR-US: ARRIS TG1692A devices +CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows loca ...) + NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway +CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remo ...) + NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway +CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a passw ...) + NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway +CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) + NOT-FOR-US: Umbraco CMS +CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) + NOT-FOR-US: Umbraco +CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) + NOT-FOR-US: Wing FTP Server +CVE-2020-9469 + RESERVED +CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) + - piwigo +CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) + - piwigo +CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) + NOT-FOR-US: Export Users to CSV plugin for WordPress +CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) + NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 +CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) + - centreon-web (bug #913903) +CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) + NOT-FOR-US: Athom +CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) + NOT-FOR-US: Octech Oempro +CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) + NOT-FOR-US: Octech Oempro +CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) + NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress +CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...) + NOT-FOR-US: Epson +CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + NOT-FOR-US: Acronis +CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + NOT-FOR-US: Acronis +CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) + NOT-FOR-US: Acronis +CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) + NOT-FOR-US: BlaB! +CVE-2020-9448 + RESERVED +CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) + NOT-FOR-US: GwtUpload +CVE-2020-9446 + RESERVED +CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) + - qtwebsockets-opensource-src 5.15.1-2 (low; bug #953049) + [buster] - qtwebsockets-opensource-src (Minor issue, fix adds new API only) + [stretch] - qtwebsockets-opensource-src (Minor issue) + [jessie] - qtwebsockets-opensource-src (Minor issue) + NOTE: https://bugreports.qt.io/browse/QTBUG-70693 + NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 + NOTE: https://github.com/qt/qtwebsockets/commit/ed93680f34e92ad0383aa4e610bb65689118ca93 +CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...) + - zulip-server (bug #800052) +CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...) + - zulip-server (bug #800052) +CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) + NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) +CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) + NOT-FOR-US: OpenVPN Connect on Windows +CVE-2020-9441 + RESERVED +CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) + NOT-FOR-US: CKEditor plugin +CVE-2020-9439 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin ...) + NOT-FOR-US: Uncanny Owl Tin Canny LearnDash Reporting +CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...) + NOT-FOR-US: Tinxy Door Lock +CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...) + NOT-FOR-US: SecureAuth IdP +CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) + NOT-FOR-US: PHOENIX +CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) + NOT-FOR-US: PHOENIX +CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) + NOT-FOR-US: lua-openssl (different from lua-luaossl) +CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) + NOT-FOR-US: lua-openssl (different from lua-luaossl) +CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) + NOT-FOR-US: lua-openssl (different from lua-luaossl) +CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF.) + NOT-FOR-US: OX Guard +CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS.) + NOT-FOR-US: OX Guard +CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) + NOT-FOR-US: rConfig +CVE-2020-9424 + RESERVED +CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) + NOT-FOR-US: LogicalDoc +CVE-2020-9422 + RESERVED +CVE-2020-9421 + RESERVED +CVE-2019-20484 (An issue was discovered in Viki Vera 4.9.1.26180. A user without acces ...) + NOT-FOR-US: Viki Vera +CVE-2019-20483 (An issue was discovered in Viki Vera 4.9.1.26180. An attacker could se ...) + NOT-FOR-US: Viki Vera +CVE-2020-9420 (The login password of the web administrative dashboard in Arcadyan Wif ...) + NOT-FOR-US: Arcadyan Wifi routers +CVE-2020-9419 (Multiple stored cross-site scripting (XSS) vulnerabilities in Arcadyan ...) + NOT-FOR-US: Arcadyan Wifi routers +CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} + - wireshark 3.2.2-1 + [buster] - wireshark 2.6.20-0+deb10u1 + [jessie] - wireshark (composite TVB handling added later) + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 +CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} + - wireshark 3.2.2-1 + [buster] - wireshark 2.6.20-0+deb10u1 + [jessie] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 +CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) + {DLA-2547-1} + - wireshark 3.2.2-1 (low) + [buster] - wireshark 2.6.20-0+deb10u1 + [jessie] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 +CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) + - wireshark 3.2.2-1 + [buster] - wireshark (Vulnerable code not present) + [stretch] - wireshark (Vulnerable code not present) + [jessie] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e +CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) + NOT-FOR-US: PDFescape +CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...) + NOT-FOR-US: TIBCO +CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) + NOT-FOR-US: TIBCO +CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) + NOT-FOR-US: TIBCO +CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) + NOT-FOR-US: TIBCO +CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) + NOT-FOR-US: TIBCO +CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) + NOT-FOR-US: TIBCO +CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) + NOT-FOR-US: TIBCO +CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) + NOT-FOR-US: TIBCO +CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) + NOT-FOR-US: TIBCO +CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) + NOT-FOR-US: TIBCO +CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) + NOT-FOR-US: IBL Online Weather +CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) + NOT-FOR-US: IBL Online Weather +CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) + NOT-FOR-US: IBL Online Weather +CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) + NOT-FOR-US: PACTware +CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) + NOT-FOR-US: PACTware +CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) + {DLA-3024-1} + - python-django 2:2.2.11-1 (low; bug #953102) + [buster] - python-django 1:1.11.29-1~deb10u1 + [jessie] - python-django (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 + NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 + NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) + NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) +CVE-2020-9401 + RESERVED +CVE-2020-9400 + RESERVED +CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) + NOT-FOR-US: Avast AV parsing engine +CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) + NOT-FOR-US: ISPConfig +CVE-2020-9397 + RESERVED +CVE-2020-9396 + RESERVED +CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...) + NOT-FOR-US: Realtek +CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) + NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress +CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) + NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress +CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) + NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress +CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...) + NOT-FOR-US: SquaredUp +CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...) + NOT-FOR-US: SquaredUp +CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...) + NOT-FOR-US: SquaredUp +CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) + - mahara +CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) + - mahara +CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) + - linux 5.5.13-1 + [buster] - linux (Vulnerable code not present) + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a +CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) + - zint (Fixed with initial upload to archive) +CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the Change ...) + NOT-FOR-US: Subex +CVE-2020-9383 (An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fd ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 +CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) + NOT-FOR-US: Widgets extension for MediaWiki +CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) + NOT-FOR-US: Total.js CMS +CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) + NOT-FOR-US: IPTV Smarters WEB TV PLAYER +CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) + NOT-FOR-US: Mitel +CVE-2020-9378 + RESERVED +CVE-2020-9377 (D-Link DIR-610 devices allow Remote Command Execution via the cmd para ...) + NOT-FOR-US: D-Link +CVE-2020-9376 (D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVIC ...) + NOT-FOR-US: D-Link +CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) + NOT-FOR-US: TP-Link +CVE-2019-20482 + RESERVED +CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) + NOT-FOR-US: TP-Link +CVE-2020-9373 + RESERVED +CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) + NOT-FOR-US: Appointment Booking Calendar plugin for WordPress +CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) + NOT-FOR-US: Appointment Booking Calendar plugin for WordPress +CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking.) + NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices +CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) + {DSA-4818-1} + - sympa 6.2.40~dfsg-4 (low; bug #952428) + [stretch] - sympa (Vulnerability introduced later in 6.2.38) + [jessie] - sympa (Vulnerability introduced later in 6.2.38) + NOTE: https://github.com/sympa-community/sympa/issues/886 + NOTE: https://sympa-community.github.io/security/2020-001.html + NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch +CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for PrestaShop enab ...) + NOT-FOR-US: Module Olea Gift On Order module for PrestaShop +CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) + - pure-ftpd 1.0.49-3 (bug #952471) + [buster] - pure-ftpd (Minor issue) + [stretch] - pure-ftpd (Minor issue) + [jessie] - pure-ftpd (Vulnerable code does not exist) + NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b +CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) + NOT-FOR-US: Creative Contact Form extension for Joomla! +CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) + NOT-FOR-US: Sophos AV +CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) + NOT-FOR-US: Quick Heal AV parsing engine +CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...) + NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway +CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...) + NOT-FOR-US: MIELE XGW 3000 ZigBee Gateway +CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...) + NOT-FOR-US: Kunena +CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) + - screen 4.8.0-1 (bug #950896) + [buster] - screen (Vulnerable code introduced in v4.7.0) + [stretch] - screen (Vulnerable code introduced in v4.7.0) + [jessie] - screen (Vulnerable code introduced in v4.7.0) + NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html + NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) + NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) + NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) +CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...) + NOT-FOR-US: CryptoPro CSP +CVE-2020-9360 + RESERVED +CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) + {DLA-2856-1 DLA-2159-1} + - okular 4:19.12.3-2 (bug #954891) + [buster] - okular 4:17.12.2-2.2+deb10u1 + NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 + NOTE: https://kde.org/info/security/advisory-20200312-1.txt + NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) +CVE-2020-9358 + RESERVED +CVE-2020-9357 + RESERVED +CVE-2020-9356 + RESERVED +CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) + NOT-FOR-US: SmartClient +CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) + NOT-FOR-US: SmartClient +CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) + NOT-FOR-US: SmartClient +CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) + NOT-FOR-US: SmartClient +CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) + NOT-FOR-US: Graph Builder in SAS Visual Analytics +CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) + NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP +CVE-2020-9348 + RESERVED +CVE-2020-9347 (Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Ma ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) + NOT-FOR-US: signoPAD-API/Web +CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) + NOT-FOR-US: Subversion ALM +CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) + NOT-FOR-US: signoPAD-API/Web +CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) + NOT-FOR-US: F-Secure AV parsing engine +CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) + NOT-FOR-US: CandidATS +CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) + NOT-FOR-US: fauzantrif eLection +CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php.) + NOT-FOR-US: SOPlanning +CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field.) + NOT-FOR-US: SOPlanning +CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) + NOT-FOR-US: GolfBuddy Course Manager +CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings -> ...) + NOT-FOR-US: fauzantrif eLection +CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) + {DSA-4643-1} + - python-bleach 3.1.3-1 (bug #954236) + [stretch] - python-bleach (Requires invasive changes to address issue) + [jessie] - python-bleach (Requires invasive change to address issue) + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) + NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 + NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 +CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) + {DSA-4636-1} + - python-bleach 3.1.1-1 (bug #951907) + [stretch] - python-bleach (Requires invasive changes to address issue) + [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) + NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r + NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd +CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) + NOT-FOR-US: 10Web Photo Gallery plugin for WordPress +CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) + NOT-FOR-US: Envira Photo Gallery plugin for WordPress +CVE-2020-9333 + RESERVED +CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...) + NOT-FOR-US: FabulaTech +CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...) + NOT-FOR-US: CryptoPro CSP +CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) + NOT-FOR-US: Xerox +CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) + NOT-FOR-US: Go Git Service +CVE-2020-9328 + RESERVED +CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) + - sqlite3 3.31.1-3 (bug #951835) + [buster] - sqlite3 (Vulnerable code not present) + [stretch] - sqlite3 (vulnerable code not present) + [jessie] - sqlite3 (vulnerable code not present) + - sqlite (Vulnerable code not present) + NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 + NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e + NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 + NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d + NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21 +CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) + NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac +CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) + NOT-FOR-US: Aquaforest TIFF Server +CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) + NOT-FOR-US: Aquaforest TIFF Server +CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) + NOT-FOR-US: Aquaforest TIFF Server +CVE-2020-9322 + RESERVED +CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) + - traefik (bug #983289) +CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) + NOT-FOR-US: Avira +CVE-2020-9319 + RESERVED +CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) + NOT-FOR-US: Red Gate SQL Monitor +CVE-2020-9317 + RESERVED +CVE-2020-9316 + RESERVED +CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) + NOT-FOR-US: Oracle +CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) + NOT-FOR-US: Oracle +CVE-2020-9313 + RESERVED +CVE-2020-9312 + RESERVED +CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...) + NOT-FOR-US: SilverStripe +CVE-2020-9310 + REJECTED +CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...) + NOT-FOR-US: SilverStripe +CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) + - libarchive 3.4.0-2 (bug #951759) + [buster] - libarchive (rar5 support added in 3.4.0) + [stretch] - libarchive (rar5 support added in 3.4.0) + [jessie] - libarchive (rar5 support added in 3.4.0) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 + NOTE: https://github.com/libarchive/libarchive/pull/1326 + NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a +CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...) + NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices +CVE-2020-9306 (Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of ...) + NOT-FOR-US: Tesla SolarCity Solar Monitoring Gateway +CVE-2020-9305 + RESERVED +CVE-2020-9304 + RESERVED +CVE-2020-9303 + RESERVED +CVE-2020-9302 + RESERVED +CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...) + NOT-FOR-US: Spinnaker +CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) + NOT-FOR-US: Netflix dispatch +CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) + NOT-FOR-US: Netflix dispatch +CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...) + NOT-FOR-US: Spinnaker +CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...) + NOT-FOR-US: Netflix Titus +CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...) + NOT-FOR-US: Netflix Conductor +CVE-2020-9295 + RESERVED +CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) + NOT-FOR-US: FortiMail Fortiguard +CVE-2020-9293 + RESERVED +CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...) + NOT-FOR-US: Fortiguard +CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...) + NOT-FOR-US: Fortiguard / FortiClient for Windows +CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) + NOT-FOR-US: Fortiguard +CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...) + NOT-FOR-US: Fortiguard +CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...) + NOT-FOR-US: Fortinet +CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) + NOT-FOR-US: Fortiguard +CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) + NOT-FOR-US: Fortiguard +CVE-2020-9285 (Some versions of Sonos One (1st and 2nd generation) allow partial or f ...) + NOT-FOR-US: Sonos One +CVE-2020-9284 + RESERVED +CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) + {DLA-3455-1 DLA-2455-1 DLA-2453-1 DLA-2402-1} + - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) + [jessie] - golang-go.crypto (Minor issue) + NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 +CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) + - mahara +CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) + NOT-FOR-US: CKEditor plugin +CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...) + NOT-FOR-US: SilverStripe +CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...) + NOT-FOR-US: D-Link +CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...) + NOT-FOR-US: D-Link +CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...) + NOT-FOR-US: D-Link +CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...) + NOT-FOR-US: D-Link +CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...) + NOT-FOR-US: D-Link +CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) + {DLA-2123-1} + - pure-ftpd 1.0.49-4 (bug #952666) + [buster] - pure-ftpd (Minor issue) + [stretch] - pure-ftpd (Minor issue) + NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa + NOTE: though the CVE description does not specifically say, the issue seems to be an + NOTE: out-of-bounds memory read which may result in information disclosure; + NOTE: probably not the end of the world, but it is made worse by use of the rather + NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions +CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) + {DSA-4635-1 DLA-2115-2 DLA-2115-1} + - proftpd-dfsg 1.3.6c-2 (bug #951800) + NOTE: https://github.com/proftpd/proftpd/issues/903 + NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) + NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) + NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) + NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) +CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) + - proftpd-dfsg 1.3.6c-1 (unimportant) + NOTE: https://github.com/proftpd/proftpd/issues/902 + NOTE: Debian does not build mod_cap and does not use the embedded libcap. + NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. +CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) + {DLA-3409-1 DLA-2298-1 DLA-2130-1} + - libapache2-mod-auth-openidc 2.4.1-1 + NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 + NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453 +CVE-2019-20478 (In ruamel.yaml through 0.16.7, the load method allows remote code exec ...) + - ruamel.yaml (unimportant) + NOTE: This is a well-known design deficiency in pyyaml (of which ruamel.yaml is derived), + NOTE: various CVE IDs have been assigned to applications misusing the API over the years. + NOTE: pyyaml 5.1 changed the default hebaviour +CVE-2019-20477 (PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and ...) + - pyyaml 5.2-1 (unimportant) + [buster] - pyyaml (Vulnerability introduced in 5.1) + [stretch] - pyyaml (Vulnerability introduced in 5.1) + [jessie] - pyyaml (Vulnerability introduced in 5.1) + NOTE: CVE exists due to an incomplete fix for CVE-2017-18342. +CVE-2019-20476 + RESERVED +CVE-2019-20475 + RESERVED +CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 1 ...) + - nova 2:20.1.1-1 (bug #951635) + [buster] - nova (Minor issue) + [stretch] - nova (Minor issue) + [jessie] - nova (Minor issue) + NOTE: https://launchpad.net/bugs/1492140 + NOTE: https://review.opendev.org/220622 + NOTE: https://www.openwall.com/lists/oss-security/2020/02/19/2 +CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) + NOT-FOR-US: ICE Hrm +CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) + NOT-FOR-US: ICE Hrm +CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) + NOT-FOR-US: SOPlanning +CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) + NOT-FOR-US: SOPlanning +CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) + NOT-FOR-US: SOPlanning +CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) + NOT-FOR-US: SOPlanning +CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) + NOT-FOR-US: phpMyChat-Plus +CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) + NOT-FOR-US: ESET +CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...) + NOT-FOR-US: Huawei +CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) + NOT-FOR-US: HUAWEI +CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) + NOT-FOR-US: HUAWEI +CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...) + NOT-FOR-US: HUAWEI +CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...) + NOT-FOR-US: Huawei +CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...) + NOT-FOR-US: HUAWEI +CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) + NOT-FOR-US: Huawei +CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...) + NOT-FOR-US: Huawei +CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...) + NOT-FOR-US: Huawei +CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) + NOT-FOR-US: Huawei +CVE-2020-9253 + RESERVED +CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...) + NOT-FOR-US: Huawei +CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...) + NOT-FOR-US: Huawei +CVE-2020-9250 + RESERVED +CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...) + NOT-FOR-US: Huawei +CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...) + NOT-FOR-US: Huawei +CVE-2020-9247 (There is a buffer overflow vulnerability in several Huawei products. T ...) + NOT-FOR-US: Huawei +CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...) + NOT-FOR-US: Huawei +CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...) + NOT-FOR-US: Huawei +CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...) + NOT-FOR-US: Huawei +CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) + NOT-FOR-US: Huawei +CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) + NOT-FOR-US: Huawei +CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) + NOT-FOR-US: Huawei +CVE-2020-9240 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) + NOT-FOR-US: Huawei +CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...) + NOT-FOR-US: Huawei +CVE-2020-9238 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) + NOT-FOR-US: Huawei +CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) + NOT-FOR-US: Huawei +CVE-2020-9236 + RESERVED +CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...) + NOT-FOR-US: Huawei +CVE-2020-9234 + RESERVED +CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) + NOT-FOR-US: Huawei +CVE-2020-9232 + RESERVED +CVE-2020-9231 + RESERVED +CVE-2020-9230 (WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due ...) + NOT-FOR-US: Huawei +CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) + NOT-FOR-US: Huawei +CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) + NOT-FOR-US: Huawei +CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) + NOT-FOR-US: Huawei +CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) + NOT-FOR-US: HUAWEI +CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) + NOT-FOR-US: Huawei +CVE-2020-9224 + RESERVED +CVE-2020-9223 (There is a denial of service vulnerability in some Huawei smartphones. ...) + NOT-FOR-US: Huawei +CVE-2020-9222 + RESERVED +CVE-2020-9221 + RESERVED +CVE-2020-9220 + RESERVED +CVE-2020-9219 + RESERVED +CVE-2020-9218 + RESERVED +CVE-2020-9217 + RESERVED +CVE-2020-9216 + RESERVED +CVE-2020-9215 + RESERVED +CVE-2020-9214 + RESERVED +CVE-2020-9213 (There is a denial of service vulnerability in some huawei products. In ...) + NOT-FOR-US: Huawei +CVE-2020-9212 (There is a vulnerability in some version of USG9500 that the device im ...) + NOT-FOR-US: Huawei +CVE-2020-9211 + RESERVED +CVE-2020-9210 + RESERVED +CVE-2020-9209 (There is a privilege escalation vulnerability in SMC2.0 product. Some ...) + NOT-FOR-US: Huawei +CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 6000 ver ...) + NOT-FOR-US: Huawei +CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...) + NOT-FOR-US: Huawei +CVE-2020-9206 (The eUDC660 product has a resource management vulnerability. An attack ...) + NOT-FOR-US: Huawei +CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...) + NOT-FOR-US: Huawei +CVE-2020-9204 + RESERVED +CVE-2020-9203 (There is a resource management errors vulnerability in Huawei P30. Loc ...) + NOT-FOR-US: Huawei +CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile software ...) + NOT-FOR-US: TE Mobile +CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions of NIP68 ...) + NOT-FOR-US: Huawei +CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 versio ...) + NOT-FOR-US: Huawei +CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...) + NOT-FOR-US: Huawei +CVE-2020-9198 + RESERVED +CVE-2020-9197 + RESERVED +CVE-2020-9196 + RESERVED +CVE-2020-9195 + RESERVED +CVE-2020-9194 + RESERVED +CVE-2020-9193 + RESERVED +CVE-2020-9192 + RESERVED +CVE-2020-9191 + RESERVED +CVE-2020-9190 + RESERVED +CVE-2020-9189 + RESERVED +CVE-2020-9188 + RESERVED +CVE-2020-9187 + RESERVED +CVE-2020-9186 + RESERVED +CVE-2020-9185 + RESERVED +CVE-2020-9184 + RESERVED +CVE-2020-9183 + RESERVED +CVE-2020-9182 + RESERVED +CVE-2020-9181 + RESERVED +CVE-2020-9180 + RESERVED +CVE-2020-9179 + RESERVED +CVE-2020-9178 + RESERVED +CVE-2020-9177 + RESERVED +CVE-2020-9176 + RESERVED +CVE-2020-9175 + RESERVED +CVE-2020-9174 + RESERVED +CVE-2020-9173 + RESERVED +CVE-2020-9172 + RESERVED +CVE-2020-9171 + RESERVED +CVE-2020-9170 + RESERVED +CVE-2020-9169 + RESERVED +CVE-2020-9168 + RESERVED +CVE-2020-9167 + RESERVED +CVE-2020-9166 + RESERVED +CVE-2020-9165 + RESERVED +CVE-2020-9164 + RESERVED +CVE-2020-9163 + RESERVED +CVE-2020-9162 + RESERVED +CVE-2020-9161 + RESERVED +CVE-2020-9160 + RESERVED +CVE-2020-9159 + RESERVED +CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...) + NOT-FOR-US: Huawei +CVE-2020-9157 + RESERVED +CVE-2020-9156 + RESERVED +CVE-2020-9155 + RESERVED +CVE-2020-9154 + RESERVED +CVE-2020-9153 + RESERVED +CVE-2020-9152 + RESERVED +CVE-2020-9151 + RESERVED +CVE-2020-9150 + RESERVED +CVE-2020-9149 (An application error verification vulnerability exists in a component ...) + NOT-FOR-US: Huawei +CVE-2020-9148 (An application bypass mechanism vulnerability exists in a component in ...) + NOT-FOR-US: Huawei +CVE-2020-9147 (A memory buffer error vulnerability exists in a component interface of ...) + NOT-FOR-US: Huawei +CVE-2020-9146 (A memory buffer error vulnerability exists in a component interface of ...) + NOT-FOR-US: Huawei +CVE-2020-9145 (There is an Out-of-bounds Write vulnerability in some Huawei smartphon ...) + NOT-FOR-US: Huawei +CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei smartphone, atta ...) + NOT-FOR-US: Huawei +CVE-2020-9143 (There is a missing authentication vulnerability in some Huawei smartph ...) + NOT-FOR-US: Huawei +CVE-2020-9142 (There is a heap base buffer overflow vulnerability in some Huawei smar ...) + NOT-FOR-US: Huawei +CVE-2020-9141 (There is a improper privilege management vulnerability in some Huawei ...) + NOT-FOR-US: Huawei +CVE-2020-9140 (There is a vulnerability with buffer access with incorrect length valu ...) + NOT-FOR-US: Huawei +CVE-2020-9139 (There is a improper input validation vulnerability in some Huawei Smar ...) + NOT-FOR-US: Huawei +CVE-2020-9138 (There is a heap-based buffer overflow vulnerability in some Huawei Sma ...) + NOT-FOR-US: Huawei +CVE-2020-9137 (There is a privilege escalation vulnerability in some versions of Clou ...) + NOT-FOR-US: Huawei +CVE-2020-9136 + RESERVED +CVE-2020-9135 + RESERVED +CVE-2020-9134 + RESERVED +CVE-2020-9133 + RESERVED +CVE-2020-9132 + RESERVED +CVE-2020-9131 + RESERVED +CVE-2020-9130 + RESERVED +CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...) + NOT-FOR-US: Huawei +CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...) + NOT-FOR-US: Uawei FusionCompute +CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...) + NOT-FOR-US: Huawei +CVE-2020-9126 + RESERVED +CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei smartphone Mate ...) + NOT-FOR-US: Huawei +CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei CloudE ...) + NOT-FOR-US: Huawei +CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...) + NOT-FOR-US: Huawei +CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...) + NOT-FOR-US: Huawei +CVE-2020-9121 + RESERVED +CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource management ...) + NOT-FOR-US: Huawei +CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...) + NOT-FOR-US: Huawei +CVE-2020-9118 (There is an insufficient integrity check vulnerability in Huawei Sound ...) + NOT-FOR-US: Huawei +CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...) + NOT-FOR-US: Huawei +CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...) + NOT-FOR-US: Huawei +CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...) + NOT-FOR-US: Huawei +CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...) + NOT-FOR-US: Huawei +CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...) + NOT-FOR-US: Huawei +CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...) + NOT-FOR-US: Huawei +CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...) + NOT-FOR-US: Huawei +CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...) + NOT-FOR-US: Huawei +CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...) + NOT-FOR-US: Huawei +CVE-2020-9108 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) + NOT-FOR-US: Huawei +CVE-2020-9107 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) + NOT-FOR-US: Huawei +CVE-2020-9106 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a pa ...) + NOT-FOR-US: Huawei +CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...) + NOT-FOR-US: Huawei +CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...) + NOT-FOR-US: Huawei +CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) + NOT-FOR-US: Huawei +CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) + NOT-FOR-US: Huawei +CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) + NOT-FOR-US: Huawei +CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...) + NOT-FOR-US: Huawei +CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) + NOT-FOR-US: Huawei +CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) + NOT-FOR-US: Huawei +CVE-2020-9097 + RESERVED +CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...) + NOT-FOR-US: Huawei +CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...) + NOT-FOR-US: Huawei +CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of Huawei ...) + NOT-FOR-US: Huawei +CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A versions 10.0. ...) + NOT-FOR-US: Huawei +CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...) + NOT-FOR-US: Huawei +CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...) + NOT-FOR-US: Huawei +CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...) + NOT-FOR-US: Huawei +CVE-2020-9089 + RESERVED +CVE-2020-9088 + RESERVED +CVE-2020-9087 (Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vul ...) + NOT-FOR-US: Huawei +CVE-2020-9086 + RESERVED +CVE-2020-9085 + RESERVED +CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) + NOT-FOR-US: Taurus-AN00B +CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) + NOT-FOR-US: Huawei +CVE-2020-9082 + RESERVED +CVE-2020-9081 + RESERVED +CVE-2020-9080 + RESERVED +CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...) + NOT-FOR-US: Huawei +CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...) + NOT-FOR-US: Huawei +CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...) + NOT-FOR-US: Huawei +CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...) + NOT-FOR-US: Huawei +CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...) + NOT-FOR-US: Huawei +CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...) + NOT-FOR-US: Huawei +CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) + NOT-FOR-US: Huawei +CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) + NOT-FOR-US: Huawei +CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...) + NOT-FOR-US: Huawei +CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) + NOT-FOR-US: Huawei +CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) + NOT-FOR-US: Huawei +CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) + NOT-FOR-US: Huawei +CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) + NOT-FOR-US: Huawei +CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) + NOT-FOR-US: Huawei +CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) + NOT-FOR-US: Huawei +CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) + NOT-FOR-US: Huawei +CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...) + NOT-FOR-US: NCR SelfServ ATMs +CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...) + NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs +CVE-2020-9061 (Z-Wave devices using Silicon Labs 500 and 700 series chipsets, includi ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-9060 (Z-Wave devices based on Silicon Labs 500 series chipsets using S2, inc ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-9059 (Z-Wave devices based on Silicon Labs 500 series chipsets using S0 auth ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-9058 (Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-9057 (Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets ...) + NOT-FOR-US: Z-Wave devices +CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...) + NOT-FOR-US: Periscope BuySpeed +CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) + NOT-FOR-US: Versiant LYNX Customer Service Portal +CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) + NOT-FOR-US: ZyXEL +CVE-2020-9053 + REJECTED +CVE-2020-9052 + REJECTED +CVE-2020-9051 + REJECTED +CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) + NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services +CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) + NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls +CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) + NOT-FOR-US: Johnson Controls +CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) + NOT-FOR-US: exacqVision Web Service +CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) + NOT-FOR-US: Kantech +CVE-2020-9045 (During installation or upgrade to Software House C\u2022CURE 9000 v2.7 ...) + NOT-FOR-US: Software House +CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) + NOT-FOR-US: Johnson Controls +CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) + NOT-FOR-US: wpCentral plugin for WordPress +CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...) + NOT-FOR-US: Couchbase +CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...) + NOT-FOR-US: Couchbase +CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...) + NOT-FOR-US: Couchbase +CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...) + NOT-FOR-US: Couchbase +CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS.) + NOT-FOR-US: Joplin +CVE-2020-9037 + RESERVED +CVE-2020-9036 (Jeedom through 4.0.38 allows XSS.) + NOT-FOR-US: Jeedom +CVE-2020-9035 + RESERVED +CVE-2019-20474 (An issue was discovered in Zoho ManageEngine Remote Access Plus 10.0.4 ...) + NOT-FOR-US: Zoho ManageEngine Remote Access Plus +CVE-2016-11019 + RESERVED +CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) + {DSA-4637-1} + - network-manager-ssh 1.2.11-1 + NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 + NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 +CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) + NOT-FOR-US: Symmetricom SyncServer +CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) + NOT-FOR-US: ELTEX devices +CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) + NOT-FOR-US: ELTEX devices +CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) + NOT-FOR-US: Iteris Vantage Velocity Field Unit devices +CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) + NOT-FOR-US: Iteris Vantage Velocity Field Unit devices +CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) + NOT-FOR-US: Iteris Vantage Velocity Field Unit devices +CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) + NOT-FOR-US: Xirrus devices +CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) + NOT-FOR-US: Post Oak AWAM Bluetooth Field Device +CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) + NOT-FOR-US: Iteris Vantage Velocity Field Unit devices +CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) + NOT-FOR-US: WPJobBoard plugin for WordPress +CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to a ...) + NOT-FOR-US: LiteCart +CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile.) + NOT-FOR-US: LiteCart +CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) + - dolibarr +CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...) + NOT-FOR-US: Arista devices +CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...) + NOT-FOR-US: Epson +CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) + NOT-FOR-US: Arvato Skillpipe +CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) + NOT-FOR-US: Gluu Identity Configuration +CVE-2020-9011 + RESERVED +CVE-2020-9010 + RESERVED +CVE-2020-9009 (The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote a ...) + NOT-FOR-US: CS-Cart plugin +CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) + NOT-FOR-US: Blackboard Learn/PeopleTool +CVE-2019-20473 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) + NOT-FOR-US: TK-Star Q90 Junior GPS horloge +CVE-2019-20472 + RESERVED +CVE-2019-20471 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) + NOT-FOR-US: TK-Star Q90 Junior GPS horloge +CVE-2019-20470 (An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.865 ...) + NOT-FOR-US: TK-Star Q90 Junior GPS horloge +CVE-2019-20469 + RESERVED +CVE-2019-20468 (An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horlo ...) + NOT-FOR-US: TK-Star Q90 Junior GPS horloge +CVE-2019-20467 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) + NOT-FOR-US: Sannce +CVE-2019-20466 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) + NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices +CVE-2019-20465 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) + NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices +CVE-2019-20464 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) + NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices +CVE-2019-20463 (An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 ...) + NOT-FOR-US: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices +CVE-2019-20462 + RESERVED +CVE-2019-20461 + RESERVED +CVE-2019-20460 + RESERVED +CVE-2019-20459 + RESERVED +CVE-2019-20458 + RESERVED +CVE-2019-20457 + RESERVED +CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic.) + NOT-FOR-US: Codoforum +CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) + NOT-FOR-US: Popup Builder plugin for WordPress +CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) + NOT-FOR-US: Dota 2 +CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...) + NOT-FOR-US: Wowza Streaming Engine +CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) + NOT-FOR-US: Modula Image Gallery plugin for WordPress +CVE-2020-9002 (An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gai ...) + NOT-FOR-US: iPortalis iCS +CVE-2020-9001 + REJECTED +CVE-2020-9000 (An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send ...) + NOT-FOR-US: iPortalis iCS +CVE-2020-8999 + REJECTED +CVE-2020-8998 + REJECTED +CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) + NOT-FOR-US: Abbott FreeStyle Libre +CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) + NOT-FOR-US: AnyShare Cloud +CVE-2019-20456 (Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, ...) + NOT-FOR-US: Goverlan +CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file ...) + NOT-FOR-US: Programi Bilanc +CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0 ...) + NOT-FOR-US: Heartland & Global Payments PHP SDK +CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...) + {DLA-3363-1} + - pcre2 10.34-1 + [stretch] - pcre2 (Minor issue) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2421 + NOTE: https://bugs.php.net/bug.php?id=78338 + NOTE: Fixed by: https://vcs.pcre.org/pcre2?view=revision&revision=1092 + NOTE: Tests: https://vcs.pcre.org/pcre2?view=revision&revision=1091 +CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) + NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT +CVE-2020-8993 + RESERVED +CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://patchwork.ozlabs.org/patch/1236118/ +CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages me ...) + - lvm2 2.03.01-2 + [stretch] - lvm2 (Minor issue) + [jessie] - lvm2 (Minor issue) + NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 + NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) +CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) + NOT-FOR-US: Western Digital My Cloud Home +CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) + NOT-FOR-US: Voatz application for Android +CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) + NOT-FOR-US: Voatz application for Android +CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) + NOT-FOR-US: Avast AntiTrack +CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) + NOT-FOR-US: ZendTo +CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) + NOT-FOR-US: ZendTo +CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) + NOT-FOR-US: ZendTo +CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...) + NOT-FOR-US: Citrix +CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...) + NOT-FOR-US: Citrix +CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) + NOT-FOR-US: Source Integration plugin for MantisBT +CVE-2020-8980 + RESERVED +CVE-2020-8979 + RESERVED +CVE-2020-8978 + RESERVED +CVE-2020-8977 + RESERVED +CVE-2020-8976 (The integrated server of the ZGR TPS200 NG on its 2.00 firmware versio ...) + NOT-FOR-US: ZGR TPS200 NG +CVE-2020-8975 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...) + NOT-FOR-US: ZGR TPS200 NG +CVE-2020-8974 (In ZGR TPS200 NG 2.00 firmware version and 1.01 hardware version, the ...) + NOT-FOR-US: ZGR TPS200 NG +CVE-2020-8973 (ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, ...) + NOT-FOR-US: ZGR TPS200 NG +CVE-2020-8972 + RESERVED +CVE-2020-8971 + RESERVED +CVE-2020-8970 + RESERVED +CVE-2020-8969 + RESERVED +CVE-2020-8968 (Parallels Remote Application Server (RAS) allows a local attacker to r ...) + NOT-FOR-US: Parallels Remote Application Server (RAS) +CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...) + NOT-FOR-US: GESIO +CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) + - tikiwiki +CVE-2020-8965 + RESERVED +CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) + NOT-FOR-US: TimeTools devices +CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) + NOT-FOR-US: TimeTools devices +CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) + NOT-FOR-US: D-Link +CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) + NOT-FOR-US: Avira +CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.) + NOT-FOR-US: Western Digital mycloud.com +CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) + NOT-FOR-US: Western Digital +CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...) + NOT-FOR-US: Guangzhou +CVE-2020-8957 + RESERVED +CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...) + NOT-FOR-US: Pulse Secure Pulse Secure Desktop Client +CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) + {DLA-2770-1 DLA-2157-1} + - weechat 2.7.1-1 (bug #951289) + [buster] - weechat 2.3-1+deb10u1 + NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da +CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...) + NOT-FOR-US: OpenSearch Web browser +CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) + NOT-FOR-US: Fiserv Accurate Reconciliation +CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) + NOT-FOR-US: Fiserv Accurate Reconciliation +CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) + NOT-FOR-US: Radeon AMD User Experience Program Launcher +CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) + NOT-FOR-US: Gocloud devices +CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...) + NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) +CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) + NOT-FOR-US: Pandora FMS +CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) + NOT-FOR-US: Netis devices +CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) + - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) + [buster] - golang-github-proglottis-gpgme (Limited support, minor issue, requires rebuilding golang-github-keltia-archive and dmarc-cat) + NOTE: https://github.com/proglottis/gpgme/pull/23 +CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 ...) + NOT-FOR-US: Asylo +CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) + NOT-FOR-US: Asylo +CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) + NOT-FOR-US: Asylo +CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) + NOT-FOR-US: Asylo +CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) + NOT-FOR-US: Asylo +CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function allows a ...) + NOT-FOR-US: Asylo +CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) + NOT-FOR-US: Asylo +CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) + NOT-FOR-US: Asylo +CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) + NOT-FOR-US: Asylo +CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) + NOT-FOR-US: Asylo +CVE-2020-8934 (The Site Kit by Google plugin for WordPress is vulnerable to Sensitive ...) + NOT-FOR-US: Site Kit by Google plugin for WordPress +CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) + - google-compute-image-packages (bug #987353) + [buster] - google-compute-image-packages (Minor issue) + NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 + NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 +CVE-2020-8932 + RESERVED +CVE-2020-8931 + RESERVED +CVE-2020-8930 + RESERVED +CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...) + NOT-FOR-US: Tink +CVE-2020-8928 + RESERVED +CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...) + {DSA-4801-1 DLA-2476-1} + - brotli 1.0.9-1 + NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 +CVE-2020-8926 + RESERVED +CVE-2020-8925 + RESERVED +CVE-2020-8924 + RESERVED +CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) + NOT-FOR-US: Dart (different from src:dart) +CVE-2020-8922 + RESERVED +CVE-2020-8921 + RESERVED +CVE-2020-8920 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) + - gerrit (bug #589436) +CVE-2020-8919 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) + - gerrit (bug #589436) +CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...) + NOT-FOR-US: go-tpm TPM1.2 library +CVE-2020-8917 + RESERVED +CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...) + NOT-FOR-US: wpantund +CVE-2020-8915 + RESERVED +CVE-2020-8914 + RESERVED +CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...) + NOT-FOR-US: Android's Play Core Library +CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...) + NOT-FOR-US: AWS S3 Crypto SDK for Go +CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...) + NOT-FOR-US: AWS S3 Crypto SDK for Go +CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) + NOT-FOR-US: Google Closure Library +CVE-2020-8909 + RESERVED +CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...) + - guava-libraries 32.0.1-1 (bug #1038979) + [bookworm] - guava-libraries (Minor issue) + [bullseye] - guava-libraries (Minor issue) + [buster] - guava-libraries (Minor issue) + NOTE: https://github.com/google/guava/issues/4011 + NOTE: https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40 + NOTE: Issue incompletely fixed: + NOTE: https://github.com/google/guava/issues/4011#issuecomment-1573923586 + NOTE: https://github.com/google/guava/releases/tag/v32.0.0 + NOTE: https://github.com/google/guava/issues/2575 +CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) + - google-compute-image-packages (bug #987353) + [buster] - google-compute-image-packages (Minor issue) + NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 + NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 +CVE-2020-8906 + RESERVED +CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...) + NOT-FOR-US: Asylo +CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...) + NOT-FOR-US: Asylo +CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) + - google-compute-image-packages (bug #987353) + [buster] - google-compute-image-packages (Minor issue) + NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 + NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 +CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...) + NOT-FOR-US: Rendertron +CVE-2020-8901 + RESERVED +CVE-2020-8900 + RESERVED +CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...) + NOT-FOR-US: Samsung +CVE-2020-8898 + RESERVED +CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption SDKs for ...) + NOT-FOR-US: AWS Encryption SDKs +CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...) + NOT-FOR-US: Google Earth Pro +CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...) + NOT-FOR-US: windows installer of Google Earth Pro +CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) + NOT-FOR-US: MISP +CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) + NOT-FOR-US: MISP +CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) + NOT-FOR-US: MISP +CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) + NOT-FOR-US: MISP +CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) + NOT-FOR-US: MISP +CVE-2020-8889 (The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to ...) + NOT-FOR-US: CS-Cart plugin +CVE-2020-8888 + RESERVED +CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 hav ...) + NOT-FOR-US: Telestream Tektronix Medius +CVE-2020-8886 + RESERVED +CVE-2020-8885 + RESERVED +CVE-2019-20453 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) + - ajaxplorer (bug #668381) +CVE-2019-20452 (A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise be ...) + - ajaxplorer (bug #668381) +CVE-2012-6721 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...) + NOT-FOR-US: SocialEngine +CVE-2012-6720 (Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine be ...) + NOT-FOR-US: SocialEngine +CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...) + NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent +CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Studio Photo +CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) + NOT-FOR-US: Parallels +CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) + NOT-FOR-US: Parallels +CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) + NOT-FOR-US: Parallels +CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit +CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Quest Foglight Evolve +CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) + NOT-FOR-US: OPC Foundation UA .NET Standard +CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) + {DLA-2162-1} + - php-horde-form 2.0.20-1 (bug #955020) + [buster] - php-horde-form 2.0.18-3.1+deb10u1 + [stretch] - php-horde-form 2.0.15-1+deb9u2 + NOTE: https://lists.horde.org/archives/announce/2020/001288.html + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ + NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f +CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) + {DLA-2175-1} + - php-horde-trean 1.1.10-1 (bug #955019) + [buster] - php-horde-trean 1.1.9-3+deb10u1 + [stretch] - php-horde-trean 1.1.7-1+deb9u1 + NOTE: https://lists.horde.org/archives/announce/2020/001286.html + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ + NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 + NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 +CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) + NOT-FOR-US: D-Link +CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Samsung Galaxy S10 Firmware +CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) + {DLA-3014-1} + - elog + NOTE: https://elog.psi.ch/elogs/Forum/69114 + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-252/ + NOTE: https://bitbucket.org/ritt/elog/commits/033e292301fa569738b20768b8d1f1d7d0bc1ca7 +CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Moxa +CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) + NOT-FOR-US: Foxit PhantomPDF +CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) + NOT-FOR-US: Istio +CVE-2020-8842 + REJECTED +CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) + NOT-FOR-US: TestLink +CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) + {DLA-2111-1} + - jackson-databind 2.11.1-1 + [buster] - jackson-databind 2.9.8-3+deb10u2 + [stretch] - jackson-databind 2.8.6-1+deb9u7 + NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 + NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 + NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default + NOTE: but still an issue when Default Typing is enabled. +CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) + NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices +CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) + {DLA-2304-1 DLA-2116-1} + - libpam-radius-auth 1.4.0-3 (bug #951396) + [buster] - libpam-radius-auth 1.4.0-3~deb10u1 + NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec + NOTE: https://github.com/FreeRADIUS/pam_radius/commit/6bae92d + NOTE: https://github.com/FreeRADIUS/pam_radius/commit/ac2c1677 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686980 +CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-8837 + RESERVED +CVE-2020-8836 + RESERVED +CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) + - linux 5.5.13-2 + [buster] - linux (Vulnerable code introduced later) + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef + NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/ +CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) + - linux 4.18.6-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 +CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...) + NOT-FOR-US: Apport +CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) + - linux 4.16.5-1 + [stretch] - linux (Vulnerable code not present, incomplete fix not applied) + [jessie] - linux (No support for this hardware) + NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 + NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only + NOTE: affects upstream versions (and downstreams) which applied the fix fo + NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context + NOTE: state on context switch"). But there is need to apply as well the prerequistite + NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). +CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) + NOT-FOR-US: Apport +CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...) + NOT-FOR-US: Prismview +CVE-2017-18642 (Syska Smart Bulb devices through 2017-08-06 receive RGB parameters ove ...) + NOT-FOR-US: Syska Smart Bulb devices +CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...) + NOT-FOR-US: Ruckus +CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...) + NOT-FOR-US: Intelbras +CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) + NOT-FOR-US: Argo +CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) + NOT-FOR-US: Argo +CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) + NOT-FOR-US: Argo +CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) + NOT-FOR-US: Vanilla Forums +CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) + NOT-FOR-US: Hitron devices +CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulner ...) + NOT-FOR-US: SockJS +CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) + NOT-FOR-US: Digi TransPort +CVE-2020-8821 (An Improper Data Validation Vulnerability exists in Webmin 1.941 and e ...) + - webmin +CVE-2020-8820 (An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the ...) + - webmin +CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) + NOT-FOR-US: CardGate Payments plugin for WooCommerce +CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) + NOT-FOR-US: CardGate Payments plugin for Magento +CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...) + NOT-FOR-US: Dataiku +CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...) + NOT-FOR-US: Pi-hole +CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) + NOT-FOR-US: BearFTP +CVE-2020-8814 + RESERVED +CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) + NOT-FOR-US: Argo +CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...) + - lxc-templates (bug #988730) + [bookworm] - lxc-templates (Minor issue) + [bullseye] - lxc-templates (Minor issue) + [buster] - lxc-templates (Minor issue) + - lxc 1:3.0.3-1 (low) + [stretch] - lxc (Minor issue) + [jessie] - lxc (https://lists.debian.org/debian-lts/2020/02/msg00102.html) + NOTE: LXC 3.0.2 split the templates out to separate lxc-templates. + NOTE: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1661447 + NOTE: Some of the templates were switched to fetch the pacakges over HTTPS, cf. + NOTE: https://github.com/lxc/lxc/pull/1371 for the lxc-fedora template. +CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) + {DLA-3252-1} + - cacti 1.2.10+ds1-1 (bug #951832) + [stretch] - cacti (Vulnerable code not present) + [jessie] - cacti (Vulnerable code not present) + NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 + NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ + NOTE: https://github.com/Cacti/cacti/issues/3285 + NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 +CVE-2020-8812 (Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaSc ...) + NOT-FOR-US: Bludit +CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) + NOT-FOR-US: Bludit +CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) + NOT-FOR-US: Gurux +CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) + NOT-FOR-US: Gurux +CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) + NOT-FOR-US: CORSAIR iCUE +CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...) + NOT-FOR-US: Electric Coin Company Zcashd +CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...) + NOT-FOR-US: Electric Coin Company Zcashd +CVE-2020-8805 + RESERVED +CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization.) + NOT-FOR-US: SuiteCRM +CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...) + NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress +CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) + NOT-FOR-US: Juplink +CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) + NOT-FOR-US: Juplink +CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) + NOT-FOR-US: Biscom Secure File Transfer (SFT) +CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) + - gitlab (Only affects EE version) + NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ +CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) + {DSA-4634-1} + - opensmtpd 6.6.4p1-1 (bug #952453) + NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 + NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ + NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 +CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) + - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) + [buster] - opensmtpd 6.0.3p1-5+deb10u4 + [stretch] - opensmtpd 6.0.2p1-2+deb9u3 + NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 + NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig + NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ + NOTE: Neutralised by kernel hardening +CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) + NOT-FOR-US: OKLOK +CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) + NOT-FOR-US: OKLOK +CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) + NOT-FOR-US: OKLOK +CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...) + NOT-FOR-US: Composr +CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) + NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer +CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) + NOT-FOR-US: SuiteCRM +CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) + NOT-FOR-US: SuiteCRM +CVE-2019-20450 + RESERVED +CVE-2019-20449 + RESERVED +CVE-2019-20448 + RESERVED +CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...) + NOT-FOR-US: ALEOS +CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...) + NOT-FOR-US: ALEOS +CVE-2020-8780 + RESERVED +CVE-2020-8779 + RESERVED +CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) + NOT-FOR-US: Alfresco +CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) + NOT-FOR-US: Alfresco +CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) + NOT-FOR-US: Alfresco +CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...) + NOT-FOR-US: Pega Platform +CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...) + NOT-FOR-US: Pega Platform +CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...) + NOT-FOR-US: Pega Platform +CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) + NOT-FOR-US: InfiniteWP Client plugin for WordPress +CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) + NOT-FOR-US: Time Capsule plugin for WordPress +CVE-2020-8770 + RESERVED +CVE-2020-8769 + RESERVED +CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) + NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) +CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...) + NOT-FOR-US: Intel +CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...) + NOT-FOR-US: Intel +CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...) + NOT-FOR-US: Intel +CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...) + NOT-FOR-US: Intel +CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) + NOT-FOR-US: Intel +CVE-2020-8762 + REJECTED +CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...) + NOT-FOR-US: Intel +CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) + NOT-FOR-US: Intel +CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) + NOT-FOR-US: Intel +CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...) + NOT-FOR-US: Intel +CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + NOT-FOR-US: Intel +CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...) + NOT-FOR-US: Intel +CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...) + NOT-FOR-US: Intel +CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...) + NOT-FOR-US: Intel +CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...) + NOT-FOR-US: Intel +CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...) + NOT-FOR-US: Intel +CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) + NOT-FOR-US: Intel +CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...) + NOT-FOR-US: Intel +CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + NOT-FOR-US: Intel +CVE-2020-8748 + REJECTED +CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) + NOT-FOR-US: Intel +CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) + NOT-FOR-US: Intel +CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) + NOT-FOR-US: Intel +CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...) + NOT-FOR-US: Intel +CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) + NOT-FOR-US: Intel +CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) + NOT-FOR-US: Intel +CVE-2020-8741 (Improper permissions in the installer for the Intel(R) Thunderbolt(TM) ...) + NOT-FOR-US: Intel +CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...) + NOT-FOR-US: Intel +CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...) + NOT-FOR-US: Intel +CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...) + NOT-FOR-US: Intel +CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) + NOT-FOR-US: Intel +CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) + NOT-FOR-US: Intel +CVE-2020-8735 + REJECTED +CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...) + NOT-FOR-US: Intel +CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...) + NOT-FOR-US: Intel +CVE-2020-8732 (Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...) + NOT-FOR-US: Intel +CVE-2020-8731 (Incorrect execution-assigned permissions in the file system for some I ...) + NOT-FOR-US: Intel +CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...) + NOT-FOR-US: Intel +CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...) + NOT-FOR-US: Intel +CVE-2020-8728 + REJECTED +CVE-2020-8727 + REJECTED +CVE-2020-8726 + REJECTED +CVE-2020-8725 + REJECTED +CVE-2020-8724 + REJECTED +CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...) + NOT-FOR-US: Intel +CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) + NOT-FOR-US: Intel +CVE-2020-8721 (Improper input validation for some Intel(R) Server Boards, Server Syst ...) + NOT-FOR-US: Intel +CVE-2020-8720 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) + NOT-FOR-US: Intel +CVE-2020-8719 (Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...) + NOT-FOR-US: Intel +CVE-2020-8718 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) + NOT-FOR-US: Intel +CVE-2020-8717 (Improper input validation in a subsystem for some Intel Server Boards, ...) + NOT-FOR-US: Intel +CVE-2020-8716 (Improper access control for some Intel(R) Server Boards, Server System ...) + NOT-FOR-US: Intel +CVE-2020-8715 (Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...) + NOT-FOR-US: Intel +CVE-2020-8714 (Improper authentication for some Intel(R) Server Boards, Server System ...) + NOT-FOR-US: Intel +CVE-2020-8713 (Improper authentication for some Intel(R) Server Boards, Server System ...) + NOT-FOR-US: Intel +CVE-2020-8712 (Buffer overflow in a verification process for some Intel(R) Server Boa ...) + NOT-FOR-US: Intel +CVE-2020-8711 (Improper access control in the bootloader for some Intel(R) Server Boa ...) + NOT-FOR-US: Intel +CVE-2020-8710 (Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...) + NOT-FOR-US: Intel +CVE-2020-8709 (Improper authentication in socket services for some Intel(R) Server Bo ...) + NOT-FOR-US: Intel +CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server System ...) + NOT-FOR-US: Intel +CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...) + NOT-FOR-US: Intel +CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) + NOT-FOR-US: Intel +CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...) + NOT-FOR-US: Intel +CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...) + NOT-FOR-US: Intel +CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...) + NOT-FOR-US: Intel +CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic ...) + NOT-FOR-US: Intel +CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...) + NOT-FOR-US: Intel +CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...) + NOT-FOR-US: Intel +CVE-2020-8699 + REJECTED +CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...) + {DLA-2546-1} + - intel-microcode 3.20201110.1 + [buster] - intel-microcode 3.20201118.1~deb10u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html +CVE-2020-8697 + REJECTED +CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...) + {DLA-2546-1} + - intel-microcode 3.20201110.1 + [buster] - intel-microcode 3.20201118.1~deb10u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html +CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...) + {DLA-2546-1} + - intel-microcode 3.20201110.1 + [buster] - intel-microcode 3.20201118.1~deb10u1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html +CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...) + {DLA-2494-1 DLA-2483-1} + - linux 5.9.9-1 + [buster] - linux 4.19.160-1 + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html + NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71 +CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...) + NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) +CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...) + NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) +CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...) + NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) +CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...) + NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) +CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...) + - iwd 1.5-1 + [buster] - iwd (Minor issue) + NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html +CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...) + NOT-FOR-US: Intel +CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...) + NOT-FOR-US: Intel +CVE-2020-8686 + REJECTED +CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...) + NOT-FOR-US: Intel +CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...) + NOT-FOR-US: Intel +CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...) + NOT-FOR-US: Intel +CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...) + NOT-FOR-US: Intel +CVE-2020-8681 (Out of bounds write in system driver for some Intel(R) Graphics Driver ...) + NOT-FOR-US: Intel +CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 15.40. ...) + NOT-FOR-US: Intel +CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...) + NOT-FOR-US: Intel +CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...) + NOT-FOR-US: Intel graphics drivers for Windows +CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) + NOT-FOR-US: Intel +CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) + NOT-FOR-US: Intel +CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...) + NOT-FOR-US: Intel +CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...) + NOT-FOR-US: Intel +CVE-2020-8673 + REJECTED +CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...) + NOT-FOR-US: Intel +CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...) + NOT-FOR-US: Intel +CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow ...) + NOT-FOR-US: Intel +CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...) + NOT-FOR-US: Intel +CVE-2020-8668 + REJECTED +CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...) + - lua-cgi (session generation changed in 5.1.x, cf. CVE-2014-10399) + NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 +CVE-2014-10399 (The session.lua library in CGILua 5.1.x uses the same ID for each sess ...) + - lua-cgi (session generation changed in 5.2.x, cf. CVE-2014-2875) + NOTE: https://seclists.org/fulldisclosure/2014/Apr/318 +CVE-2020-8667 + RESERVED +CVE-2020-8666 + RESERVED +CVE-2020-8665 + RESERVED +CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) + - envoyproxy (bug #987544) +CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...) + - envoyproxy (bug #987544) +CVE-2020-8662 + RESERVED +CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) + - envoyproxy (bug #987544) +CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) + - envoyproxy (bug #987544) +CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) + - envoyproxy (bug #987544) +CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) + NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress +CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2020-8653 + RESERVED +CVE-2020-8652 + RESERVED +CVE-2020-8651 + RESERVED +CVE-2020-8650 + RESERVED +CVE-2020-8646 + RESERVED +CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) + NOT-FOR-US: Simplejobscript.com SJS +CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.) + NOT-FOR-US: PlaySMS +CVE-2020-8643 + RESERVED +CVE-2020-8642 + RESERVED +CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) + NOT-FOR-US: Lotus Core CMS +CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) + NOT-FOR-US: Jobberbase CMS +CVE-2020-27418 (A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows ...) + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://patchwork.freedesktop.org/patch/356372/ + NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 + NOTE: Duplicate CVE assignment for CVE-2020-8649 +CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 +CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 +CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} + - linux 5.5.13-1 + [buster] - linux 4.19.118-1 + NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 +CVE-2020-8640 + RESERVED +CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) + NOT-FOR-US: TestLink +CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) + NOT-FOR-US: TestLink +CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) + NOT-FOR-US: TestLink +CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) + NOT-FOR-US: OpServices OpMon +CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) + NOT-FOR-US: Wing FTP Server +CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) + NOT-FOR-US: Wing FTP Server +CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) + NOT-FOR-US: Zimbra Collaboration Suite (ZCS) +CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) + {DLA-2113-1} + - cloud-init 19.4-2 (bug #951363) + [buster] - cloud-init (Minor issue) + [stretch] - cloud-init (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 + NOTE: https://github.com/canonical/cloud-init/pull/189 + NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 +CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) + {DLA-2113-1} + - cloud-init 19.4-2 (bug #951362) + [buster] - cloud-init (Minor issue) + [stretch] - cloud-init (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 + NOTE: https://github.com/canonical/cloud-init/pull/204 +CVE-2020-8630 + REJECTED +CVE-2020-8629 + REJECTED +CVE-2020-8628 + REJECTED +CVE-2020-8627 + REJECTED +CVE-2020-8626 + REJECTED +CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) + {DSA-4857-1 DLA-2568-1} + - bind9 1:9.16.12-1 (bug #983004) + NOTE: https://kb.isc.org/v1/docs/cve-2020-8625 + NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches + NOTE: 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.12/patches + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/b04cb88462863d762093760ffcfe1946200e30f5 +CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 ...) + {DSA-4752-1} + - bind9 1:9.16.6-1 (bug #966497) + [stretch] - bind9 (Vulnerable code (dns_ssu_mtypefromstring()) introduced later) + NOTE: https://kb.isc.org/docs/cve-2020-8624 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/14aa0c5df65d28cf6aaf437151c6a008afb66fb1 (v9_16_6) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4cccf9668c7adee4724a7649ec64685f82c8677 (v9_11_22) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) +CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also af ...) + {DSA-4752-1 DLA-2355-1} + - bind9 1:9.16.6-1 + NOTE: https://kb.isc.org/docs/cve-2020-8623 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) +CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also aff ...) + {DSA-4752-1 DLA-2355-1} + - bind9 1:9.16.6-1 + NOTE: https://kb.isc.org/docs/cve-2020-8622 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6ed167ad0a647dff20c8cb08c944a7967df2d415 (v9_11_22) +CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured ...) + - bind9 1:9.16.6-1 + [buster] - bind9 (Vulnerable code introduced in 9.14.x) + [stretch] - bind9 (Vulnerable code introduced in 9.14.x) + NOTE: https://kb.isc.org/docs/cve-2020-8621 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/81514ff925dfc6e0c293745e0fc8320a8af95586 (v9_16_6) +CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establ ...) + - bind9 1:9.16.6-1 + [buster] - bind9 (Vulnerable code introduced later) + [stretch] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2020-8620 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6) +CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9.14.12, ...) + {DSA-4752-1} + - bind9 1:9.16.4-1 + [stretch] - bind9 (Vulnerable code introduced later) + [jessie] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2020-8619 + NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0854f631149848b64cc193979d0b0edf39159330 (v9_17_3) + NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/90a7416d1599df7aa1cdfac33b2da9352eeec4b0 (v9_11_21) +CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...) + - bind9 1:9.16.4-1 + [buster] - bind9 (Vulnerable code introduced later) + [stretch] - bind9 (Vulnerable code introduced later) + [jessie] - bind9 (Vulnerable code introduced later) + NOTE: https://kb.isc.org/docs/cve-2020-8618 + NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850 +CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) + {DSA-4689-1 DLA-2227-1} + - bind9 1:9.16.3-1 (bug #961939) + NOTE: https://kb.isc.org/docs/cve-2020-8617 + NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information +CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) + {DSA-4689-1 DLA-2227-1} + - bind9 1:9.16.3-1 (bug #961939) + NOTE: https://kb.isc.org/docs/cve-2020-8616 +CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) + NOT-FOR-US: Tutor LMS plugin for WordPress +CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) + NOT-FOR-US: Askey devices +CVE-2020-8613 + RESERVED +CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) + NOT-FOR-US: Progress MOVEit Transfer +CVE-2020-8610 + RESERVED +CVE-2020-8609 + RESERVED +CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) + {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} + - libslirp 4.2.0-1 + - qemu 1:4.1-2 + - qemu-kvm + - slirp 1:1.0.17-11 + [buster] - slirp 1:1.0.17-8+deb10u1 + - slirp4netns 1.0.1-1 + [buster] - slirp4netns (Minor issue) + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 + NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 + NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. + NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. + NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99 +CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...) + NOT-FOR-US: Trend Micro +CVE-2020-8602 (A vulnerability in the management consoles of Trend Micro Deep Securit ...) + NOT-FOR-US: Trend Micro +CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) + NOT-FOR-US: Trend Micro +CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) + NOT-FOR-US: Trend Micro +CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) + NOT-FOR-US: Trend Micro +CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) + NOT-FOR-US: Trend Micro +CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) + {DSA-4632-1 DLA-2097-1} + - lwip 2.1.2+dfsg1-5 (bug #951291) + [buster] - lwip 2.0.3-3+deb10u1 + - ppp 2.4.8-1+1 (bug #950618) + NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 + NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 +CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) + NOT-FOR-US: Participants Database plugin for WordPress +CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) + NOT-FOR-US: Istio +CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) + NOT-FOR-US: Ninja Forms plugin for WordPress +CVE-2020-8593 + RESERVED +CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) + NOT-FOR-US: eG Manager +CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) + NOT-FOR-US: eG Manager +CVE-2020-8590 (Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptib ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to ...) + NOT-FOR-US: NetApp +CVE-2020-8586 + REJECTED +CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...) + NOT-FOR-US: OnCommand Unified Manager Core Package +CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...) + NOT-FOR-US: Element OS +CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) + NOT-FOR-US: HCI +CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) + NOT-FOR-US: HCI +CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...) + NOT-FOR-US: SANtricity OS Controller Software +CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8578 (Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vul ...) + NOT-FOR-US: Clustered Data ONTAP +CVE-2020-8577 (SANtricity OS Controller Software versions 11.50.1 and higher are susc ...) + NOT-FOR-US: SANtricity OS Controller Software +CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...) + NOT-FOR-US: ONTAP +CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) + NOT-FOR-US: Active IQ Unified Manager +CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) + NOT-FOR-US: Active IQ Unified Manager +CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...) + NOT-FOR-US: NetApp +CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) + NOT-FOR-US: Element OS +CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) + NOT-FOR-US: StorageGRID +CVE-2020-8570 (Kubernetes Java client libraries in version 10.0.0 and versions prior ...) + NOT-FOR-US: Kubernetes Java client +CVE-2020-8569 (Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could pa ...) + NOT-FOR-US: Kubernetes CSI Snapshotter + NOTE: https://github.com/kubernetes-csi/external-snapshotter/issues/421 +CVE-2020-8568 (Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow ...) + NOT-FOR-US: Kubernetes Secrets Store CSI Driver +CVE-2020-8567 (Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azur ...) + NOT-FOR-US: Kubernetes Secrets Store CSI Driver +CVE-2020-8566 (In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...) + - kubernetes 1.19.3-1 (bug #972341) + NOTE: https://github.com/kubernetes/kubernetes/pull/95245 + NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + NOTE: https://github.com/kubernetes/kubernetes/issues/95624 +CVE-2020-8565 (In Kubernetes, if the logging level is set to at least 9, authorizatio ...) + - kubernetes 1.20.0-1 (bug #972649) + NOTE: https://github.com/kubernetes/kubernetes/pull/95316 + NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + NOTE: https://github.com/kubernetes/kubernetes/issues/95623 +CVE-2020-8564 (In Kubernetes clusters using a logging level of at least 4, processing ...) + - kubernetes 1.19.3-1 (bug #972341) + NOTE: https://github.com/kubernetes/kubernetes/pull/94712 + NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + NOTE: https://github.com/kubernetes/kubernetes/issues/95622 +CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a loggi ...) + - kubernetes (Only affects 19.x) + NOTE: https://github.com/kubernetes/kubernetes/pull/95236 + NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk + NOTE: https://github.com/kubernetes/kubernetes/issues/95621 +CVE-2020-8562 (As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes att ...) + - kubernetes 1.20.5+really1.20.2-1 (bug #990793) + NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed +CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that contro ...) + - kubernetes 1.20.5+really1.20.2-1 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version + NOTE: The source package itself it still vulnerable, but custom rebuilds are not really a usecase here + NOTE: https://github.com/kubernetes/kubernetes/issues/104720 +CVE-2020-8560 + RESERVED +CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...) + - kubernetes 1.18.5-1 + NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6 +CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...) + - kubernetes 1.18.5-1 + NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259 + NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 +CVE-2020-8557 (The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17. ...) + - kubernetes 1.18.5-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/93032 + NOTE: https://github.com/kubernetes/kubernetes/pull/92916 +CVE-2020-8556 + RESERVED +CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) + - kubernetes 1.18.2-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/91542 +CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...) + - kubernetes (bug #990793) + [bookworm] - kubernetes (Kubernetes in Bullseye only ships the client) + [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) + NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5 + NOTE: https://github.com/kubernetes/kubernetes/issues/97076 + NOTE: Server components no longer built since 1.20.5+really1.20.2-1 +CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...) + NOT-FOR-US: Kubernetes ingress-nginx component +CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) + - kubernetes 1.17.4-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/89378 +CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) + - kubernetes 1.17.4-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/89377 +CVE-2020-8550 + RESERVED +CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) + NOT-FOR-US: Strong Testimonials plugin for WordPress +CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) + NOT-FOR-US: massCode +CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) + - phplist (bug #612288) +CVE-2020-8546 + RESERVED +CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal.) + NOT-FOR-US: AIL framework +CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF.) + NOT-FOR-US: OX App Suite +CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation.) + NOT-FOR-US: OX App Suite +CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS.) + NOT-FOR-US: OX App Suite +CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks.) + NOT-FOR-US: OX App Suite +CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) + NOT-FOR-US: Zoho ManageEngine Desktop Central +CVE-2020-8539 (Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.00 ...) + NOT-FOR-US: Kia Motors Head Unit with Software +CVE-2020-8538 + RESERVED +CVE-2020-8537 + RESERVED +CVE-2020-8536 + RESERVED +CVE-2020-8535 + RESERVED +CVE-2020-8534 + RESERVED +CVE-2020-8533 + RESERVED +CVE-2020-8532 + RESERVED +CVE-2020-8531 + RESERVED +CVE-2020-8530 + RESERVED +CVE-2020-8529 + RESERVED +CVE-2020-8528 + RESERVED +CVE-2020-8527 + RESERVED +CVE-2020-8526 + RESERVED +CVE-2020-8525 + RESERVED +CVE-2020-8524 + RESERVED +CVE-2020-8523 + RESERVED +CVE-2020-8522 + RESERVED +CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...) + NOT-FOR-US: phpzag +CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...) + NOT-FOR-US: phpzag +CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...) + NOT-FOR-US: phpzag +CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) + {DLA-2174-1} + - php-horde-data 2.1.5-1 (bug #951537) + [buster] - php-horde-data 2.1.4-5+deb10u1 + [stretch] - php-horde-data 2.1.4-3+deb9u1 + NOTE: https://lists.horde.org/archives/announce/2020/001285.html + NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e +CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) + - squid 4.10-1 (unimportant) + - squid3 (unimportant) + NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt + NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch + NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch + NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". +CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...) + - tor (unimportant) + NOTE: Not considered a bug / explicit design choice by upstream + NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html + NOTE: https://trac.torproject.org/projects/tor/ticket/33129 + NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html +CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) + {DLA-2285-1} + - librsvg 2.46.4-1 + [buster] - librsvg 2.44.10-2.1+deb10u1 + [jessie] - librsvg (Minor issue) + NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515 + NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135 +CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) + NOT-FOR-US: DrayTek devices +CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) + NOT-FOR-US: Rumpus on macOS +CVE-2020-8513 + RESERVED +CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) + NOT-FOR-US: IceWarp Webmail Server +CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) + NOT-FOR-US: phpABook +CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...) + NOT-FOR-US: Zoho ManageEngine Desktop Central +CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) + NOT-FOR-US: Norman Malware Cleaner +CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) + NOT-FOR-US: Citytv Video application for Android and iOS +CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) + NOT-FOR-US: Global TV application for Android and iOS +CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) + NOT-FOR-US: School Management Software PHP/mySQL +CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) + NOT-FOR-US: School Management Software PHP/mySQL +CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) + NOT-FOR-US: Biscom Secure File Transfer (SFT) +CVE-2020-8502 + RESERVED +CVE-2020-8501 + RESERVED +CVE-2020-8500 (In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-8499 + RESERVED +CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) + NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress +CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) + NOT-FOR-US: Kronos Web Time and Attendance (webTA) +CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) + NOT-FOR-US: Kronos Web Time and Attendance (webTA) +CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) + NOT-FOR-US: Kronos Web Time and Attendance (webTA) +CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) + NOT-FOR-US: Kronos Web Time and Attendance (webTA) +CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) + {DLA-3432-1 DLA-2280-1} + - python3.8 3.8.3~rc1-1 + - python3.7 + [buster] - python3.7 3.7.3-2+deb10u2 + - python3.5 + - python3.4 + [jessie] - python3.4 (Minor issue) + - python2.7 2.7.18-2 (low; bug #970099) + [jessie] - python2.7 (Minor issue) + NOTE: https://bugs.python.org/issue39503 + NOTE: https://github.com/python/cpython/pull/18284 + NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html + NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) + NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch) + NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch) + NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch) +CVE-2020-8491 + RESERVED +CVE-2020-8490 + RESERVED +CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8483 + RESERVED +CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...) + NOT-FOR-US: ABB +CVE-2020-8481 (For ABB products ABB Ability\u2122 System 800xA and related system ext ...) + NOT-FOR-US: ABB +CVE-2020-8480 + RESERVED +CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...) + NOT-FOR-US: ABB +CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...) + NOT-FOR-US: ABB +CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...) + NOT-FOR-US: ABB +CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...) + NOT-FOR-US: ABB +CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...) + NOT-FOR-US: ABB +CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...) + NOT-FOR-US: ABB +CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...) + NOT-FOR-US: ABB +CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...) + NOT-FOR-US: ABB +CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...) + NOT-FOR-US: ABB +CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) + NOT-FOR-US: Trend Micro +CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) + NOT-FOR-US: Trend Micro +CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) + NOT-FOR-US: Trend Micro +CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8466 (A command injection vulnerability in Trend Micro InterScan Web Securit ...) + NOT-FOR-US: Trend Micro +CVE-2020-8465 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8464 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8463 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) + NOT-FOR-US: Trend Micro +CVE-2020-8462 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) + NOT-FOR-US: Trend Micro +CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan Web Se ...) + NOT-FOR-US: Trend Micro +CVE-2020-8460 + RESERVED +CVE-2020-8459 + RESERVED +CVE-2020-8458 + RESERVED +CVE-2020-8457 + RESERVED +CVE-2020-8456 + RESERVED +CVE-2020-8455 + RESERVED +CVE-2020-8454 + RESERVED +CVE-2020-8453 + RESERVED +CVE-2020-8452 + RESERVED +CVE-2020-8451 + RESERVED +CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) + {DSA-4682-1 DLA-2278-1} + - squid 4.10-1 (bug #950802) + - squid3 + NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) + NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) +CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) + {DSA-4682-1 DLA-2278-1} + - squid 4.10-1 (bug #950802) + - squid3 + NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) + NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) +CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) + - ossec-hids (bug #361954) +CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + - ossec-hids (bug #361954) +CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) + NOT-FOR-US: JYaml +CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) + NOT-FOR-US: Simplejobscript.com SJS +CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) + NOT-FOR-US: Monstra CMS +CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) + NOT-FOR-US: Ruckus devices +CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) + NOT-FOR-US: uTorrent +CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) + NOT-FOR-US: RegistrationMagic plugin for WordPress +CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) + NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution) +CVE-2020-8433 + RESERVED +CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) + {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} + - netty 1:4.1.45-1 (bug #950967) + - netty-3.9 + NOTE: https://github.com/netty/netty/issues/9861 + NOTE: https://github.com/netty/netty/commit/8494b046ec7e4f28dbd44bc699cc4c4c92251729 (4.1) + NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1) + NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) +CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) + {DSA-4885-1 DLA-2365-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} + - netty 1:4.1.45-1 (bug #950966) + - netty-3.9 + NOTE: https://github.com/netty/netty/issues/9866 + NOTE: https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e (4.1) +CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) + - u-boot 2020.01+dfsg-2 (low) + [buster] - u-boot (Minor issue) + [stretch] - u-boot (Minor issue) + [jessie] - u-boot (Minor issue) + NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html + NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html +CVE-2020-8431 + RESERVED +CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) + NOT-FOR-US: Stormshield Network Security 310 +CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) + NOT-FOR-US: Kinetica +CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...) + NOT-FOR-US: Kaseya Traverse +CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) + NOT-FOR-US: Elementor plugin for WordPress +CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads ...) + NOT-FOR-US: Cups Easy (Purchase & Inventory) +CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads ...) + NOT-FOR-US: Cups Easy (Purchase & Inventory) +CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) + NOT-FOR-US: TP-Link +CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) + NOT-FOR-US: Joomla! +CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) + NOT-FOR-US: Joomla! +CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) + NOT-FOR-US: Joomla! +CVE-2020-8418 + RESERVED +CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) + NOT-FOR-US: Code Snippets plugin for WordPress +CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) + NOT-FOR-US: BearFTP +CVE-2020-8415 + REJECTED +CVE-2020-8414 + REJECTED +CVE-2020-8413 + REJECTED +CVE-2020-8412 + REJECTED +CVE-2020-8411 + REJECTED +CVE-2020-8410 + REJECTED +CVE-2020-8409 + REJECTED +CVE-2020-8408 + REJECTED +CVE-2020-8407 + REJECTED +CVE-2020-8406 + REJECTED +CVE-2020-8405 + REJECTED +CVE-2020-8404 + REJECTED +CVE-2020-8403 + REJECTED +CVE-2020-8402 + REJECTED +CVE-2020-8401 + REJECTED +CVE-2020-8400 + REJECTED +CVE-2020-8399 + REJECTED +CVE-2020-8398 + REJECTED +CVE-2020-8397 + REJECTED +CVE-2020-8396 + REJECTED +CVE-2020-8395 + REJECTED +CVE-2020-8394 + REJECTED +CVE-2020-8393 + REJECTED +CVE-2020-8392 + REJECTED +CVE-2020-8391 + REJECTED +CVE-2020-8390 + REJECTED +CVE-2020-8389 + REJECTED +CVE-2020-8388 + REJECTED +CVE-2020-8387 + REJECTED +CVE-2020-8386 + REJECTED +CVE-2020-8385 + REJECTED +CVE-2020-8384 + REJECTED +CVE-2020-8383 + REJECTED +CVE-2020-8382 + REJECTED +CVE-2020-8381 + REJECTED +CVE-2020-8380 + REJECTED +CVE-2020-8379 + REJECTED +CVE-2020-8378 + REJECTED +CVE-2020-8377 + REJECTED +CVE-2020-8376 + REJECTED +CVE-2020-8375 + REJECTED +CVE-2020-8374 + REJECTED +CVE-2020-8373 + REJECTED +CVE-2020-8372 + REJECTED +CVE-2020-8371 + REJECTED +CVE-2020-8370 + REJECTED +CVE-2020-8369 + REJECTED +CVE-2020-8368 + REJECTED +CVE-2020-8367 + REJECTED +CVE-2020-8366 + REJECTED +CVE-2020-8365 + REJECTED +CVE-2020-8364 + REJECTED +CVE-2020-8363 + REJECTED +CVE-2020-8362 + REJECTED +CVE-2020-8361 + REJECTED +CVE-2020-8360 + REJECTED +CVE-2020-8359 + REJECTED +CVE-2020-8358 + REJECTED +CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) + NOT-FOR-US: Lenovo +CVE-2020-8356 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) + NOT-FOR-US: Lenovo +CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...) + NOT-FOR-US: Lenovo +CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...) + NOT-FOR-US: Lenovo +CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...) + NOT-FOR-US: Lenovo +CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change Detection BIOS ...) + NOT-FOR-US: Lenovo +CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo PCManager ...) + NOT-FOR-US: Lenovo PCManager +CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...) + NOT-FOR-US: Lenovo +CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...) + NOT-FOR-US: Lenovo +CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...) + NOT-FOR-US: Lenovo +CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...) + NOT-FOR-US: Lenovo +CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...) + NOT-FOR-US: Lenovo +CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...) + NOT-FOR-US: Lenovo +CVE-2020-8344 + REJECTED +CVE-2020-8343 + REJECTED +CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...) + NOT-FOR-US: Lenovo +CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...) + NOT-FOR-US: Lenovo +CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...) + NOT-FOR-US: IBM +CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...) + NOT-FOR-US: IBM +CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...) + NOT-FOR-US: Lenovo +CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...) + NOT-FOR-US: Synaptics Smart Audio UWP app +CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...) + NOT-FOR-US: Lenovo +CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) + NOT-FOR-US: Lenovo +CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) + NOT-FOR-US: Lenovo +CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...) + NOT-FOR-US: Lenovo +CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...) + NOT-FOR-US: Lenovo +CVE-2020-8331 + REJECTED +CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...) + NOT-FOR-US: Lenovo +CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...) + NOT-FOR-US: Lenovo +CVE-2020-8328 + REJECTED +CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...) + NOT-FOR-US: Lenovo +CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...) + NOT-FOR-US: Lenovo +CVE-2020-8325 + REJECTED +CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) + NOT-FOR-US: Lenovo +CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...) + NOT-FOR-US: Lenovo +CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...) + NOT-FOR-US: Lenovo +CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...) + NOT-FOR-US: Lenovo +CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...) + NOT-FOR-US: Lenovo +CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) + NOT-FOR-US: Lenovo +CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) + NOT-FOR-US: Lenovo +CVE-2020-8317 (A DLL search path vulnerability was reported in Lenovo Drivers Managem ...) + NOT-FOR-US: Lenovo +CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) + NOT-FOR-US: Lenovo +CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) + {DSA-4698-1 DSA-4667-1 DLA-2242-1} + - linux 5.4.19-1 + [jessie] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 +CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) + - python3.8 (Windows-specific) + - python3.7 (Windows-specific) + - python2.7 (Vulnerable code not present) + NOTE: https://bugs.python.org/issue39401 +CVE-2020-8314 + RESERVED +CVE-2020-8313 + RESERVED +CVE-2020-8312 + RESERVED +CVE-2020-8311 + RESERVED +CVE-2020-8310 + RESERVED +CVE-2020-8309 + RESERVED +CVE-2020-8308 + RESERVED +CVE-2020-8307 + RESERVED +CVE-2020-8306 + RESERVED +CVE-2020-8305 + RESERVED +CVE-2020-8304 + RESERVED +CVE-2020-8303 + RESERVED +CVE-2020-8302 + RESERVED +CVE-2020-8301 + RESERVED +CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...) + NOT-FOR-US: Citrix +CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...) + NOT-FOR-US: Citrix +CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) + NOT-FOR-US: Node fs-path +CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) + NOT-FOR-US: Nextcloud Deck +CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) + - nextcloud-server (bug #941708) +CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) + - nextcloud-server (bug #941708) +CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) + - nextcloud-server (bug #941708) +CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...) + - nextcloud-server (bug #941708) +CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...) + NOT-FOR-US: Rocket.Chat +CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...) + NOT-FOR-US: Rocket.Chat +CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...) + NOT-FOR-US: Backblaze +CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...) + NOT-FOR-US: Backblaze +CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...) + NOT-FOR-US: Rocket.Chat +CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...) + {DSA-4826-1 DLA-3224-1} + - http-parser 2.9.4-5 (bug #1016690) + [bullseye] - http-parser 2.9.4-4+deb11u1 + - nodejs 12.20.1~dfsg-1 (bug #979364) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/release/v10.23.1/ + NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) + NOTE: https://github.com/nodejs/http-parser/pull/530/ +CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...) + {DSA-4881-1 DLA-2500-1} + - curl 7.74.0-1 (bug #977161) + NOTE: https://curl.se/docs/CVE-2020-8286.html + NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0) +CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...) + {DSA-4881-1 DLA-2500-1} + - curl 7.74.0-1 (bug #977162) + NOTE: https://curl.se/docs/CVE-2020-8285.html + NOTE: https://github.com/curl/curl/issues/6255 + NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0) +CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...) + {DSA-4881-1 DLA-2500-1} + - curl 7.74.0-1 (bug #977163) + NOTE: https://curl.se/docs/CVE-2020-8284.html + NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0) +CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...) + NOT-FOR-US: Citrix +CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...) + NOT-FOR-US: EdgePower 24V/54V firmware +CVE-2020-8281 (A missing file type check in Nextcloud Contacts 3.3.0 allows a malicio ...) + NOT-FOR-US: Nextcloud Contacts +CVE-2020-8280 (A missing file type check in Nextcloud Contacts 3.4.0 allows a malicio ...) + NOT-FOR-US: Nextcloud Contacts +CVE-2020-8279 (Missing validation of server certificates for out-going connections in ...) + NOT-FOR-US: Nextcloud Social app +CVE-2020-8278 (Improper access control in Nextcloud Social app version 0.3.1 allowed ...) + NOT-FOR-US: Nextcloud Social app +CVE-2020-8277 (A Node.js application that allows an attacker to trigger a DNS request ...) + - c-ares 1.17.1-1 + [buster] - c-ares (Introduced in 1.16) + [stretch] - c-ares (Introduced in 1.16) + NOTE: Originally reported for nodes, which bundles c-ares: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277 + NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3 + NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885 +CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...) + - brave-browser (bug #864795) +CVE-2020-8275 (Citrix Secure Mail for Android before 20.11.0 suffers from improper ac ...) + NOT-FOR-US: Citrix +CVE-2020-8274 (Citrix Secure Mail for Android before 20.11.0 suffers from Improper Co ...) + NOT-FOR-US: Citrix +CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix SD-WAN ...) + NOT-FOR-US: Citrix SD-WAN center +CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN functionality in ...) + NOT-FOR-US: Citrix SD-WAN Center +CVE-2020-8271 (Unauthenticated remote code execution with root privileges in Citrix S ...) + NOT-FOR-US: Citrix SD-WAN Center +CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can perform arb ...) + NOT-FOR-US: Citrix +CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary command ...) + NOT-FOR-US: Citrix +CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < 1 ...) + NOT-FOR-US: Node json8-merge-patch +CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...) + NOT-FOR-US: UniFi Protect controller +CVE-2020-8266 + RESERVED +CVE-2020-8265 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerab ...) + {DSA-4826-1} + - nodejs 12.20.1~dfsg-1 (bug #979364) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + NOTE: https://nodejs.org/en/blog/release/v10.23.1/ + NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) +CVE-2020-8264 (In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when a ...) + - rails 2:6.0.3.4+dfsg-1 (bug #971988) + [buster] - rails (Vulnerable code not present) + [stretch] - rails (Vulnerable code not present) + NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ +CVE-2020-8263 (A vulnerability in the authenticated user web interface of Pulse Conne ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure belo ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure +CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9. ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure +CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interfac ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...) + - nextcloud-server (bug #941708) +CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...) + NOT-FOR-US: Citrix +CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...) + NOT-FOR-US: Citrix +CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interf ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interfac ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure +CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) + NOT-FOR-US: Citrix +CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14 ...) + - libuv1 1.39.0-1 (unimportant) + [stretch] - libuv1 (Vulnerable code introduced later) + NOTE: https://hackerone.com/reports/965914 + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 + NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead + NOTE: of the bundled one. + NOTE: https://github.com/libuv/libuv/issues/2965 + NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0) + NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0) + NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in + NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L). +CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attack ...) + - nodejs (Only affects 14.x series) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 +CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 cou ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + NOT-FOR-US: Citrix +CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + NOT-FOR-US: Citrix +CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) + NOT-FOR-US: Citrix +CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, ...) + {DLA-2698-1} + - node-bl 4.0.3-1 (bug #969309) + [buster] - node-bl 1.1.2-1+deb10u1 + NOTE: https://hackerone.com/reports/966347 + NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 +CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interf ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2020-8242 (Unsanitized user input in ExpressionEngine <= 5.4.0 control panel memb ...) + NOT-FOR-US: ExpressionEngine +CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a re ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerab ...) + NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client +CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to a d ...) + NOT-FOR-US: Node json-bigint +CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...) + - nextcloud-server (bug #941708) +CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...) + NOT-FOR-US: Nextcloud Deck +CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware (Windows-specific) +CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...) + - nextcloud-desktop (Windows-specific) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034 + NOTE: Windows-specific code in shell_integration/windows/OCUtil + NOTE: https://hackerone.com/reports/588562 +CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...) + NOT-FOR-US: Preferred Providers app +CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...) + - nextcloud-desktop 3.0.1-1 + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 + NOTE: https://hackerone.com/reports/685552 +CVE-2020-8226 (A vulnerability exists in phpBB (Minor issue) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 +CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) + - nextcloud-desktop (Windows-specific) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 + NOTE: https://hackerone.com/reports/622170 +CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...) + - nextcloud-server (bug #941708) +CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 t ...) + NOT-FOR-US: Pulse +CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 w ...) + NOT-FOR-US: Pulse +CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure <9.1R ...) + NOT-FOR-US: Pulse +CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...) + NOT-FOR-US: Pulse +CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure <9.1R8 t ...) + NOT-FOR-US: Pulse +CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9. ...) + NOT-FOR-US: Pulse +CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) + NOT-FOR-US: Pulse +CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which could l ...) + NOT-FOR-US: Node canvas +CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an attacke ...) + NOT-FOR-US: servey +CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) + NOT-FOR-US: UniFi Protect +CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) + NOT-FOR-US: Citrix +CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) + NOT-FOR-US: Citrix +CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) + NOT-FOR-US: Citrix +CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) + NOT-FOR-US: Citrix +CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) + NOT-FOR-US: Citrix +CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) + NOT-FOR-US: Citrix +CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) + NOT-FOR-US: Pulse +CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a S ...) + NOT-FOR-US: Node uppy +CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...) + NOT-FOR-US: Pulse +CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...) + - node-lodash 4.17.19+dfsg-1 (bug #965283) + [buster] - node-lodash (Minor issue; can be fixed via point release) + [stretch] - node-lodash (Nodejs in stretch not covered by security support) + NOTE: https://hackerone.com/reports/712065 +CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) + NOT-FOR-US: Nextcloud Preferred Providers app +CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync ...) + - nodejs 12.18.4~dfsg-1 + [buster] - nodejs (Only affects 12.x and later) + [stretch] - nodejs (Only affects 12.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 +CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 allo ...) + NOT-FOR-US: Citrix +CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) + NOT-FOR-US: Citrix +CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + NOT-FOR-US: Citrix +CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...) + NOT-FOR-US: Citrix +CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) + NOT-FOR-US: Citrix +CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + NOT-FOR-US: Citrix +CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...) + NOT-FOR-US: Citrix +CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) + NOT-FOR-US: Citrix +CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) + NOT-FOR-US: Node fastify +CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + NOT-FOR-US: Citrix +CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) + NOT-FOR-US: Citrix +CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...) + - nextcloud-desktop 3.0.1-1 + [buster] - nextcloud-desktop (Minor issue) + NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 +CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...) + NOT-FOR-US: UniFi Protect +CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) + NOT-FOR-US: Citrix +CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...) + NOT-FOR-US: Node devcert +CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that allowe ...) + [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081) + - rails (Introduced in rails 6.x) + NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 +CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...) + {DLA-3298-1 DLA-2275-1} + - ruby-rack 2.1.1-6 (bug #963477) + NOTE: https://hackerone.com/reports/895727 + NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c +CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...) + - nextcloud-server (bug #941708) +CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...) + NOT-FOR-US: Nextcloud Deck +CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) + NOT-FOR-US: Nextcloud Contacts +CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) + NOT-FOR-US: Nextcloud Talk +CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) + NOT-FOR-US: Nextcloud Deck +CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may lea ...) + - node-jison (Vulnerable code not included in Debian source) + NOTE: https://hackerone.com/reports/690010 + NOTE: ports/ is stripped/excluded in the src:node-jison source package. +CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...) + {DSA-4881-1 DLA-2295-1} + - curl 7.72.0-1 (bug #965281) + NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html + NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0) +CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) + NOT-FOR-US: koa-shopify-auth +CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) + NOT-FOR-US: Node jimp +CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) + {DSA-4696-1} + - nodejs 10.21.0~dfsg-1 (bug #962145) + [stretch] - nodejs (Nodejs in stretch not covered by security support) + [jessie] - nodejs (Nodejs in jessie not covered by security support) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174 +CVE-2020-8173 (A too small set of random characters being used for encryption in Next ...) + - nextcloud-server (bug #941708) +CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...) + - nodejs (Only affects 12.x and later) + NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 +CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) + NOT-FOR-US: AirMax AirOS +CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) + NOT-FOR-US: AirMax AirOS +CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...) + {DSA-4881-1} + - curl 7.72.0-1 (bug #965280) + [stretch] - curl (Vulnerable code introduced later) + [jessie] - curl (Vulnerable code introduced later) + NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html + NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0) +CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) + NOT-FOR-US: AirMax AirOS +CVE-2020-8167 (A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that co ...) + {DSA-4766-1} + - rails 2:5.2.4.3+dfsg-1 + [stretch] - rails (Vulnerable code introduced later) + [jessie] - rails (Vulnerable code introduced later) + NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2) +CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 th ...) + {DSA-4766-1} + - rails 2:5.2.4.3+dfsg-1 + [stretch] - rails (Vulnerable code introduced later) + [jessie] - rails (Vulnerable code introduced later) + NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2) + NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a +CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails < ...) + {DSA-4766-1 DLA-2282-1 DLA-2251-1} + - rails 2:5.2.4.3+dfsg-1 + NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2) + NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2) + NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b +CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < 5. ...) + {DSA-4766-1 DLA-2282-1 DLA-2251-1} + [experimental] - rails 2:6.0.3.1+dfsg-1 + - rails 2:5.2.4.3+dfsg-1 + NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2) +CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...) + {DLA-2282-1} + - rails 2:5.2.0+dfsg-2 + NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/ + NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/ + NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0 + NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2) + NOTE: Follow-up needed due to breaking change: https://github.com/rails/rails/issues/39301 + NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3) + NOTE: Follow-up #2: + NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable) + NOTE: For rails 5.0 the issue is fixed in >= 5.0.1 +CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...) + {DSA-4766-1} + - rails 2:5.2.4.3+dfsg-1 + [stretch] - rails (Vulnerable code introduced later) + [jessie] - rails (Vulnerable code introduced later) + NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released + NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2) +CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that allows ...) + {DLA-3298-1 DLA-2275-1 DLA-2216-1} + - ruby-rack 2.1.1-5 + NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ + NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e + NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa + NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 +CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid hand ...) + NOT-FOR-US: MendixSSO +CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 that ...) + {DLA-2719-1} + - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) + [buster] - ruby-actionpack-page-caching (Minor issue) + NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 + NOTE: https://github.com/rails/actionpack-page_caching/commit/127da70a559bed4fc573fdb4a6d498a7d5815ce2 (v1.2.1) + NOTE: https://github.com/rails/actionpack-page_caching/commit/bf4aab113f90a0c5182009709d5115a1d5772608 (v1.2.2) +CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 may ...) + NOT-FOR-US: TypeORM +CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key g ...) + NOT-FOR-US: UniFi Cloud Key +CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) + NOT-FOR-US: Nextcloud Mail +CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...) + - nextcloud-server (bug #941708) +CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...) + - nextcloud-server (bug #941708) +CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...) + NOT-FOR-US: Nextcloud Groupfolders app +CVE-2020-8152 (Insufficient protection of the server-side encryption keys in Nextclou ...) + - nextcloud-server (bug #941708) +CVE-2020-8151 (There is a possible information disclosure issue in Active Resource (Vulnerable code splitted out upstream before initial upload to Debian) + NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails + NOTE: release as it was not widely used. +CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...) + - nextcloud-server (bug #941708) +CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) + NOT-FOR-US: Node logkitty +CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables ...) + NOT-FOR-US: UniFi Cloud Key firmware +CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) + NOT-FOR-US: Node utils-extend +CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) + NOT-FOR-US: UniFi +CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) + NOT-FOR-US: UniFi +CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) + NOT-FOR-US: UniFi +CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) + NOT-FOR-US: Revive Adserver +CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) + NOT-FOR-US: Revive Adserver +CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) + - node-dot 1.1.3+ds-1 + [buster] - node-dot 1.1.1-1+deb10u1 + NOTE: https://hackerone.com/reports/390929 +CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) + - nextcloud-desktop (MacOS-specific) +CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, ...) + - nextcloud-server (bug #941708) +CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0 ...) + - nextcloud-server (bug #941708) +CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) + NOT-FOR-US: Node blamer +CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows ...) + NOT-FOR-US: Node fastify-multipart +CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Fo ...) + NOT-FOR-US: Node uppy +CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 ...) + NOT-FOR-US: Ghost CMS +CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...) + - nextcloud-server (bug #941708) +CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 may ...) + NOT-FOR-US: Node pdf-image package +CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) + - node-yarnpkg 1.22.4-2 (bug #952912) + [buster] - node-yarnpkg (Minor issue) + NOTE: https://hackerone.com/reports/730239 + NOTE: https://github.com/yarnpkg/yarn/pull/7831 +CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3.3 i ...) + {DLA-2120-1} + - rake 12.3.3-1 + [buster] - rake 12.3.1-3+deb10u1 + [stretch] - rake 10.5.0-2+deb9u1 + NOTE: https://hackerone.com/reports/651518 + NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) +CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) + NOT-FOR-US: script-manager nodejs module +CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) + NOT-FOR-US: jsreport +CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) + NOT-FOR-US: reveal.js +CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) + NOT-FOR-US: Ubiquiti Networks EdgeSwitch +CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) + NOT-FOR-US: klona node module +CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) + - node-url-parse 1.4.7-1 + [buster] - node-url-parse 1.2.0-2+deb10u1 + [stretch] - node-url-parse (Nodejs in stretch not covered by security support) + NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b + NOTE: https://hackerone.com/reports/496293 +CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) + NOT-FOR-US: strapi +CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) + - nextcloud-server (bug #941708) +CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) + - nextcloud-server (bug #941708) +CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) + - nextcloud-server (bug #941708) +CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) + - nextcloud-server (bug #941708) +CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) + - nextcloud-server (bug #941708) +CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) + - nextcloud-server (bug #941708) +CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...) + - node-dot-prop 5.2.0-1 + [buster] - node-dot-prop 4.1.1-1+deb10u1 + NOTE: https://hackerone.com/reports/719856 + NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 +CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) + NOT-FOR-US: Revive Adserver +CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission) + - gitlab (Only affects Gitlab EE) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.) + [experimental] - gitlab 12.6.8-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ +CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) + {DSA-4882-1 DLA-2277-1 DLA-2089-1} + - openjpeg2 2.4.0-1 (bug #950184) + NOTE: https://github.com/uclouvain/openjpeg/issues/1231 + NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0) +CVE-2020-8111 + REJECTED +CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...) + NOT-FOR-US: Bitdefender +CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...) + NOT-FOR-US: Bitdefender +CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) + NOT-FOR-US: Bitdefender +CVE-2020-8107 (A Process Control vulnerability in ProductAgentUI.exe as used in Bitde ...) + NOT-FOR-US: Bitdefender +CVE-2020-8106 + REJECTED +CVE-2020-8105 (OS Command Injection vulnerability in the wirelessConnect handler of A ...) + NOT-FOR-US: Abode iota All-In-One Security Kit +CVE-2020-8104 + RESERVED +CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...) + NOT-FOR-US: Bitdefender Antivirus Free +CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...) + NOT-FOR-US: Safepay +CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command ('Comman ...) + NOT-FOR-US: Bitdefender +CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) + NOT-FOR-US: Bitdefender +CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) + NOT-FOR-US: Bitdefender Antivirus Free +CVE-2020-8098 + RESERVED +CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...) + NOT-FOR-US: Bitdefender +CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) + NOT-FOR-US: Bitdefender +CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) + NOT-FOR-US: Bitdefender Total Security +CVE-2020-8094 + RESERVED +CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) + NOT-FOR-US: Bitdefender Antivirus for Mac +CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) + NOT-FOR-US: Bitdefender Antivirus for Mac +CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) + NOT-FOR-US: TYPO3 +CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) + NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices +CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) + - piwigo +CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) + NOT-FOR-US: UseBB +CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) + NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices +CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + NOT-FOR-US: WSO2 +CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + NOT-FOR-US: WSO2 +CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) + NOT-FOR-US: WSO2 +CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + NOT-FOR-US: WSO2 +CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + NOT-FOR-US: WSO2 +CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) + NOT-FOR-US: WSO2 +CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + NOT-FOR-US: WSO2 +CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + NOT-FOR-US: WSO2 +CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) + NOT-FOR-US: WSO2 +CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + NOT-FOR-US: WSO2 +CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) + {DSA-4612-1} + - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 + NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 + NOTE: https://prosody.im/security/advisory_20200128/ +CVE-2020-8085 + RESERVED +CVE-2020-8084 + RESERVED +CVE-2020-8083 + RESERVED +CVE-2020-8082 + RESERVED +CVE-2020-8081 + RESERVED +CVE-2020-8080 + RESERVED +CVE-2020-8079 + RESERVED +CVE-2020-8078 + RESERVED +CVE-2020-8077 + RESERVED +CVE-2020-8076 + RESERVED +CVE-2020-8075 + RESERVED +CVE-2020-8074 + RESERVED +CVE-2020-8073 + RESERVED +CVE-2020-8072 + RESERVED +CVE-2020-8071 + RESERVED +CVE-2020-8070 + RESERVED +CVE-2020-8069 + RESERVED +CVE-2020-8068 + RESERVED +CVE-2020-8067 + RESERVED +CVE-2020-8066 + RESERVED +CVE-2020-8065 + RESERVED +CVE-2020-8064 + RESERVED +CVE-2020-8063 + RESERVED +CVE-2020-8062 + RESERVED +CVE-2020-8061 + RESERVED +CVE-2020-8060 + RESERVED +CVE-2020-8059 + RESERVED +CVE-2020-8058 + RESERVED +CVE-2020-8057 + RESERVED +CVE-2020-8056 + RESERVED +CVE-2020-8055 + RESERVED +CVE-2020-8054 + RESERVED +CVE-2020-8053 + RESERVED +CVE-2020-8052 + RESERVED +CVE-2020-8051 + RESERVED +CVE-2020-8050 + RESERVED +CVE-2020-8049 + RESERVED +CVE-2020-8048 + RESERVED +CVE-2020-8047 + RESERVED +CVE-2020-8046 + RESERVED +CVE-2020-8045 + RESERVED +CVE-2020-8044 + RESERVED +CVE-2020-8043 + RESERVED +CVE-2020-8042 + RESERVED +CVE-2020-8041 + RESERVED +CVE-2020-8040 + RESERVED +CVE-2020-8039 + RESERVED +CVE-2020-8038 + RESERVED +CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...) + {DLA-2444-1} + - tcpdump 4.9.3-7 (unimportant; bug #973877) + [buster] - tcpdump 4.9.3-1~deb10u2 + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 +CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...) + - tcpdump (Vulnerable code and support for SOME/IP protocol added later) + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43 +CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) + {DLA-2230-1} + - php-horde 5.2.23+debian0-1 (bug #963809) + [buster] - php-horde 5.2.20+debian0-1+deb10u2 + [stretch] - php-horde 5.2.13+debian0-1+deb9u2 + NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf + NOTE: https://lists.horde.org/archives/announce/2020/001290.html +CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...) + {DLA-2229-1} + - php-horde-gollem 3.0.12-6 (bug #961649) + [buster] - php-horde-gollem 3.0.12-3+deb10u1 + [stretch] - php-horde-gollem 3.0.10-1+deb9u1 + NOTE: https://lists.horde.org/archives/announce/2020/001289.html + NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 +CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) + NOT-FOR-US: Ruckus +CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...) + - cyrus-sasl2 (openSUSE specific packaging issue) +CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) + - open-build-service 2.9.4-4 (bug #983576) + [stretch] - open-build-service (Minor issue, XSS in web app) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880 + NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version +CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...) + NOT-FOR-US: SuSE CaaS +CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) + NOT-FOR-US: SuSE CaaS +CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) + NOT-FOR-US: Salt configuration in SUSE Server Manager +CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...) + NOT-FOR-US: SAP +CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) + - inn2 (inews has correct ownership in Debian) +CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) + NOT-FOR-US: SAP +CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) + - hylafax (SuSE-specific packaging issue) +CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...) + NOT-FOR-US: SAP +CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) + NOT-FOR-US: SAP +CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) + {DLA-2545-1} + - open-build-service 2.9.4-4 (bug #983576) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 + NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb + NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version +CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) + {DLA-2545-1} + - open-build-service 2.9.4-4 (bug #983576) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 + NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb + NOTE: With 2.9.4-4, the rails web frontend is no longer shipped, marking as fixed version +CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) + NOT-FOR-US: SAP +CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) + NOT-FOR-US: Some SLES images +CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) + NOT-FOR-US: SuSE packaging of TexLive +CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) + NOT-FOR-US: SuSE packaging of TexLive +CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) + NOT-FOR-US: SuSE packaging of TexLive +CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) + - kopanocore (SuSE-specific packaging issue) +CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) + NOT-FOR-US: chkstat +CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) + NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) +CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) + NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) +CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) + NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) +CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) + NOT-FOR-US: AVB MOTU devices +CVE-2020-8008 + RESERVED +CVE-2020-8007 + RESERVED +CVE-2020-8006 + RESERVED +CVE-2020-8005 + RESERVED +CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control.) + NOT-FOR-US: STMicroelectronics STM32F1 devices +CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) + - aspell 0.60.7-3 (bug #935128) + [buster] - aspell (Minor issue) + [stretch] - aspell (Minor issue) + [jessie] - aspell (Minor issue) + NOTE: http://aspell.net/buffer-overread-ucs.txt + NOTE: Fixed by: https://github.com/GNUAspell/aspell/commit/de29341638833ba7717bd6b5e6850998454b044b + NOTE: Recommended additionally: https://github.com/GNUAspell/aspell/commit/cefd447e5528b08bb0cd6656bc52b4255692cefc +CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) + {DLA-3232-1} + - virglrenderer 0.8.2-1 (bug #949954) + NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 +CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) + {DLA-3232-1} + - virglrenderer 0.8.2-1 (bug #949954) + NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 +CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) + NOT-FOR-US: Intellian Aptus application for Android +CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) + NOT-FOR-US: Intellian Aptus Web +CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) + NOT-FOR-US: Intellian Aptus application for Android +CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) + NOT-FOR-US: Super File Explorer app for iOS +CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) + NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices +CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) + - dolibarr +CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) + - dolibarr +CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) + - dolibarr +CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) + NOT-FOR-US: Prototype node module +CVE-2020-7992 + RESERVED +CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) + NOT-FOR-US: Adive Framework +CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS.) + NOT-FOR-US: Adive Framework +CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS.) + NOT-FOR-US: Adive Framework +CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) + - phpipam (bug #731713) +CVE-2020-7987 + RESERVED +CVE-2020-7986 + RESERVED +CVE-2020-7985 + RESERVED +CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) + NOT-FOR-US: SolarWinds +CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...) + NOT-FOR-US: Ruckus +CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...) + - lustre +CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...) + - lustre +CVE-2019-20430 (In the Lustre file system before 2.12.3, the mdt module has an LBUG pa ...) + - lustre +CVE-2019-20429 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) + - lustre +CVE-2019-20428 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) + - lustre +CVE-2019-20427 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) + - lustre +CVE-2019-20426 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) + - lustre +CVE-2019-20425 (In the Lustre file system before 2.12.3, the ptlrpc module has an out- ...) + - lustre +CVE-2019-20424 (In the Lustre file system before 2.12.3, mdt_object_remote in the mdt ...) + - lustre +CVE-2019-20423 (In the Lustre file system before 2.12.3, the ptlrpc module has a buffe ...) + - lustre +CVE-2019-20422 (In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib ...) + - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/7b09c2d052db4b4ad0b27b97918b46a7746966fa +CVE-2019-20421 (In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input ...) + {DSA-4958-1 DLA-2750-1} + - exiv2 0.27.2-8 (low; bug #950183) + [jessie] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8 + NOTE: https://github.com/Exiv2/exiv2/issues/1011 +CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) + NOT-FOR-US: OpenWrt +CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) + - ruby-geocoder 1.5.1-3 (bug #949870) + NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 +CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Intellian Aptus Web +CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission) + - gitlab (Only affects Gitlab EE 12.0 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.) + - gitlab (Only affects Gitlab EE 12.6 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.) + - gitlab (Only affects Gitlab EE 8.8 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.) + - gitlab (Only affects Gitlab EE 12.4 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7975 + REJECTED +CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure.) + - gitlab (Only affects Gitlab EE 10.1 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7973 (GitLab through 12.7.2 allows XSS.) + [experimental] - gitlab 12.6.7-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).) + - gitlab (Only affects Gitlab EE 12.0 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS.) + - gitlab (Only affects Gitlab EE 11.0 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7970 + RESERVED +CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.) + - gitlab (Only affects Gitlab EE 8.0 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.) + [experimental] - gitlab 12.6.7-1 + - gitlab 12.6.8-3 + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).) + - gitlab (ONly affects Gitlab EE 12.0 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.) + - gitlab (Only affects Gitlab EE 11.11 and later) + NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ +CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) + NOT-FOR-US: webargs +CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) + NOT-FOR-US: Mirumee Saleor +CVE-2020-7963 + RESERVED +CVE-2019-20420 + RESERVED +CVE-2015-9541 (Qt through 5.14 allows an exponential XML entity expansion attack via ...) + - qtbase-opensource-src 5.12.5+dfsg-9 (low; bug #951066) + [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u5 + [stretch] - qtbase-opensource-src (Minor issue) + [jessie] - qtbase-opensource-src (Minor issue; upstream patches use not-yet-available QStringView API) + NOTE: https://bugreports.qt.io/browse/QTBUG-47417 + NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=fd4be84d23a0db4186cb42e736a9de3af722c7f7 + NOTE: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=f432c08882ffebe5074ea28de871559a98a4d094 (5.12 backport) +CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...) + NOT-FOR-US: One Identity Password Manager +CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) + NOT-FOR-US: Liferay Portal +CVE-2020-7960 + RESERVED +CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) + NOT-FOR-US: LabVantage LIMS +CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...) + NOT-FOR-US: OnePlus 7 Pro devices +CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) + - dovecot (Only affects 2.3.9) + NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 +CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) + - nomad 0.10.3+dfsg1-1 + NOTE: https://github.com/hashicorp/nomad/issues/7003 +CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) + - consul 1.7.0+dfsg1-1 (bug #950736) + [buster] - consul (Vulnerable code not present) + NOTE: https://github.com/hashicorp/consul/issues/7160 + NOTE: Fixed in 1.6.3. +CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) + NOT-FOR-US: OpServices OpMon +CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) + NOT-FOR-US: OpServices OpMon +CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) + NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 +CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) + NOT-FOR-US: Dota 2 +CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) + NOT-FOR-US: Dota 2 +CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) + NOT-FOR-US: Dota 2 +CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) + NOT-FOR-US: Login by Auth0 plugin for WordPress +CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) + NOT-FOR-US: Login by Auth0 plugin for WordPress +CVE-2020-7946 + RESERVED +CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) + NOT-FOR-US: Puppet Enterprise +CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) + NOT-FOR-US: Puppet Enterprise +CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) + - puppet (Doesn't affect Puppet masters (passenger-based) in Debian) + [experimental] - puppetdb 7.10.1-1 + - puppetdb 7.11.2-2 (low) + [buster] - puppetdb (Minor issue) + - puppetserver (Fixed before initial release, in 6.11.1) + NOTE: https://puppet.com/security/cve/CVE-2020-7943/ + NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 +CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) + - puppet (unimportant) + NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, + NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) + NOTE: https://puppet.com/security/cve/CVE-2020-7942/ +CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) + NOT-FOR-US: Plone +CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) + NOT-FOR-US: Plone +CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) + NOT-FOR-US: Plone +CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) + NOT-FOR-US: Plone +CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) + NOT-FOR-US: Plone +CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) + NOT-FOR-US: Plone +CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle N ...) + NOT-FOR-US: LifeRay Portal +CVE-2020-7933 + RESERVED +CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...) + NOT-FOR-US: OMERO +CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) + NOT-FOR-US: JFrog Artifactory +CVE-2020-7930 + RESERVED +CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...) + - mongodb + [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) + NOTE: https://jira.mongodb.org/browse/SERVER-51083 +CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...) + - mongodb + [stretch] - mongodb (Vulnerable code introduced later) + NOTE: https://jira.mongodb.org/browse/SERVER-49404 + NOTE: https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694 (v3.6.20, SSPL) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555 (v3.5.5) +CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds ...) + NOT-FOR-US: MongoDB Ops Manager +CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...) + - mongodb + [stretch] - mongodb (Minor issue, authenticated DoS) + NOTE: https://jira.mongodb.org/browse/SERVER-50170 + NOTE: https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174 (v4.4.1, SSPL) +CVE-2020-7925 (Incorrect validation of user input in the role name parser may lead to ...) + - mongodb + [stretch] - mongodb (Vulnerable code introduced later) + NOTE: https://jira.mongodb.org/browse/SERVER-49142 + NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19) + NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18) +CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...) + - mongo-tools (bug #988021) + [buster] - mongo-tools (Minor issue) + [stretch] - mongo-tools (Minor issue) + NOTE: https://jira.mongodb.org/browse/TOOLS-2587 +CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...) + {DLA-2344-1} + - mongodb + NOTE: https://jira.mongodb.org/browse/SERVER-47773 +CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) + NOT-FOR-US: MongoDB Enterprise +CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...) + - mongodb + [stretch] - mongodb (Minor issue) + [jessie] - mongodb (Minor issue) + NOTE: https://jira.mongodb.org/browse/SERVER-45472 +CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20417 + REJECTED +CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...) + NOT-FOR-US: Atlassian +CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...) + NOT-FOR-US: Atlassian +CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) + NOT-FOR-US: Atlassian +CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...) + NOT-FOR-US: Atlassian +CVE-2019-20408 (The /plugins/servlet/gadgets/makeRequest resource in Jira before versi ...) + NOT-FOR-US: Atlassian +CVE-2019-20407 (The ConfigureBambooRelease resource in Jira Software and Jira Software ...) + NOT-FOR-US: Atlassian Jira +CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...) + NOT-FOR-US: Atlassian +CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...) + NOT-FOR-US: Atlassian +CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) + NOT-FOR-US: Atlassian +CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) + NOT-FOR-US: Atlassian +CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...) + NOT-FOR-US: Atlassian +CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...) + NOT-FOR-US: Atlassian +CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...) + NOT-FOR-US: Atlassian +CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) + NOT-FOR-US: Percona Monitoring and Management (PMM) +CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) + {DSA-4848-1} + - golang-1.14 1.14~rc1-1 + - golang-1.13 1.13.7-1 + - golang-1.11 + - golang-1.8 + [stretch] - golang-1.8 (cryptobyte stuff introduced in golang-1.10) + - golang-1.7 + [stretch] - golang-1.7 (cryptobyte stuff introduced in golang-1.10) + - golang + NOTE: https://github.com/golang/go/issues/36837 + NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) + NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) + NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) +CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) + NOT-FOR-US: totemo totemomail +CVE-2020-7917 + RESERVED +CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) + NOT-FOR-US: LearnPress plugin for WordPress +CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) + NOT-FOR-US: Eaton devices +CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) + - intellij-idea (bug #747616) +CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) + NOT-FOR-US: JetBrains +CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) + NOT-FOR-US: JetBrains +CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) + NOT-FOR-US: JetBrains +CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) + NOT-FOR-US: JetBrains +CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) + NOT-FOR-US: JetBrains +CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) + NOT-FOR-US: JetBrains +CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) + NOT-FOR-US: JetBrains Scala plugin +CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) + NOT-FOR-US: JetBrains +CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) + - intellij-idea (bug #747616) +CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) + - intellij-idea (bug #747616) +CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) + NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1) +CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793935 + NOTE: https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08 + NOTE: https://github.com/CESNET/libyang/issues/773 +CVE-2019-20397 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793928 + NOTE: https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4 + NOTE: https://github.com/CESNET/libyang/issues/739 +CVE-2019-20396 (A segmentation fault is present in yyparse in libyang before v1.0-r1 d ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8 + NOTE: https://github.com/CESNET/libyang/issues/740 +CVE-2019-20395 (A stack consumption issue is present in libyang before v1.0-r1 due to ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793924 + NOTE: https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237 + NOTE: https://github.com/CESNET/libyang/issues/724 +CVE-2019-20394 (A double-free is present in libyang before v1.0-r3 in the function yyp ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793932 + NOTE: https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6 + NOTE: https://github.com/CESNET/libyang/issues/769 +CVE-2019-20393 (A double-free is present in libyang before v1.0-r1 in the function yyp ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793930 + NOTE: https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed + NOTE: https://github.com/CESNET/libyang/issues/742 +CVE-2019-20392 (An invalid memory access flaw is present in libyang before v1.0-r1 in ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793922 + NOTE: https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5 + NOTE: https://github.com/CESNET/libyang/issues/723 +CVE-2019-20391 (An invalid memory access flaw is present in libyang before v1.0-r3 in ...) + {DLA-3572-1} + [experimental] - libyang 1.0.167-1 + - libyang 1.0.176-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793934 + NOTE: https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8 + NOTE: https://github.com/CESNET/libyang/issues/772 +CVE-2020-7903 + RESERVED +CVE-2020-7902 + RESERVED +CVE-2020-7901 + RESERVED +CVE-2020-7900 + RESERVED +CVE-2020-7899 + RESERVED +CVE-2020-7898 + RESERVED +CVE-2020-7897 + RESERVED +CVE-2020-7896 + RESERVED +CVE-2020-7895 + RESERVED +CVE-2020-7894 + RESERVED +CVE-2020-7893 + RESERVED +CVE-2020-7892 + RESERVED +CVE-2020-7891 + RESERVED +CVE-2020-7890 + RESERVED +CVE-2020-7889 + RESERVED +CVE-2020-7888 + RESERVED +CVE-2020-7887 + RESERVED +CVE-2020-7886 + RESERVED +CVE-2020-7885 + RESERVED +CVE-2020-7884 + RESERVED +CVE-2020-7883 (Printchaser v2.2021.804.1 and earlier versions contain a vulnerability ...) + NOT-FOR-US: Printchaser +CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) + NOT-FOR-US: anySign +CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) + NOT-FOR-US: AfreecaTV +CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...) + NOT-FOR-US: duozone NeoRS remote support +CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...) + NOT-FOR-US: ipTIME C200 IP Camera +CVE-2020-7878 (An arbitrary file download and execution vulnerability was found in th ...) + NOT-FOR-US: VideoOffice +CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...) + NOT-FOR-US: ZOOK +CVE-2020-7876 + RESERVED +CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...) + NOT-FOR-US: DEXT5 Upload +CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...) + NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft +CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...) + NOT-FOR-US: Younglimwon +CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) + NOT-FOR-US: Cnesty Helpcom +CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...) + NOT-FOR-US: ezPDF +CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remote ad ...) + NOT-FOR-US: ZOOK software +CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...) + NOT-FOR-US: helpUS(remote administration tool) +CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...) + NOT-FOR-US: Helpu +CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...) + NOT-FOR-US: XPLATFORM +CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...) + NOT-FOR-US: ExECM CoreB2B +CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...) + NOT-FOR-US: Raonwiz DEXT5Editor +CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...) + NOT-FOR-US: Raonwiz +CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...) + NOT-FOR-US: HelpU remote control solution +CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...) + NOT-FOR-US: AnySupport +CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...) + NOT-FOR-US: UnEgg +CVE-2020-7859 + REJECTED +CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...) + NOT-FOR-US: AquaNPlayer +CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...) + NOT-FOR-US: XPlatform +CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) + NOT-FOR-US: Helpcom +CVE-2020-7855 + RESERVED +CVE-2020-7854 + RESERVED +CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that does not ...) + NOT-FOR-US: XPLATFORM +CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7851 (Innorix Web-Based File Transfer Solution versuibs prior to and includi ...) + NOT-FOR-US: Innorix +CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) + NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware +CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) + NOT-FOR-US: uPrism.io CURIX +CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) + NOT-FOR-US: EFM ipTIME C200 IP Camera +CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...) + NOT-FOR-US: ipTIME NAS product +CVE-2020-7846 (Helpcom before v10.0 contains a file download and execution vulnerabil ...) + NOT-FOR-US: Helpcom +CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...) + NOT-FOR-US: Spamsniper +CVE-2020-7844 + RESERVED +CVE-2020-7843 + RESERVED +CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...) + NOT-FOR-US: Netis Korea D'live AP +CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...) + NOT-FOR-US: TOBESOFT XPLATFORM +CVE-2020-7840 + RESERVED +CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...) + NOT-FOR-US: MaEPSBroker +CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...) + NOT-FOR-US: Smilegate STOVE Client +CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...) + NOT-FOR-US: ML Report Program +CVE-2020-7836 (VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-ba ...) + NOT-FOR-US: VOICEYE WSActiveBridgeES +CVE-2020-7835 + RESERVED +CVE-2020-7834 + RESERVED +CVE-2020-7833 + RESERVED +CVE-2020-7832 (A vulnerability (improper input validation) in the DEXT5 Upload soluti ...) + NOT-FOR-US: DEXT5 Upload +CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...) + NOT-FOR-US: Inogard Ebiz4u +CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...) + NOT-FOR-US: RAONWIZ +CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) + NOT-FOR-US: EyeSurfer BflyInstallerX.ocx +CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) + NOT-FOR-US: MiPlatform +CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...) + NOT-FOR-US: iPECS +CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) + NOT-FOR-US: DaviewIndy +CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) + NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library +CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) + NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library +CVE-2020-7819 (A SQL-Injection vulnerability in the nTracker USB Enterprise(secure US ...) + NOT-FOR-US: nTracker USB Enterprise +CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) + NOT-FOR-US: Daview +CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...) + NOT-FOR-US: MyBrowserPlus +CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) + NOT-FOR-US: DaView +CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) + NOT-FOR-US: XPLATFORM +CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...) + NOT-FOR-US: RAONWIZ +CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) + NOT-FOR-US: Kaoni +CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) + NOT-FOR-US: Kaoni ezHTTPTrans +CVE-2020-7811 (Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows priv ...) + NOT-FOR-US: Samsung +CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...) + NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware +CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) + NOT-FOR-US: ALSong +CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) + NOT-FOR-US: RAONWIZ K Upload +CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...) + NOT-FOR-US: LG +CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) + NOT-FOR-US: Tobesoft Xplatform +CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...) + NOT-FOR-US: KT Slim egg IML500 wifi devices +CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...) + NOT-FOR-US: Handy Groupware +CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...) + NOT-FOR-US: Zoneplayer +CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) + NOT-FOR-US: Synergy Systems & Solutions (SSS) +CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) + NOT-FOR-US: Synergy Systems & Solutions (SSS) +CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmwar ...) + NOT-FOR-US: Synergy Systems & Solutions (SSS) +CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) + NOT-FOR-US: FusionAuth +CVE-2020-7798 + RESERVED +CVE-2020-7797 + RESERVED +CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) + NOT-FOR-US: Zimbra Collaboration Suite (ZCS) +CVE-2020-7795 (The package get-npm-package-version before 1.0.7 are vulnerable to Com ...) + NOT-FOR-US: Node get-npm-package-version +CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...) + NOT-FOR-US: Node buns +CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...) + - node-ua-parser-js 0.7.23+ds-1 + [buster] - node-ua-parser-js (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 + NOTE: https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 (0.7.23) +CVE-2020-7792 (This affects all versions of package mout. The deepFillIn function can ...) + NOT-FOR-US: Node mout +CVE-2020-7791 (This affects the package i18n before 2.1.15. Vulnerability arises out ...) + NOT-FOR-US: i18n module for asp.net +CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specifying ...) + NOT-FOR-US: spatie/browsershot +CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...) + NOT-FOR-US: Node node-notifier +CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...) + {DLA-2503-1} + - node-ini 2.0.0-1 (bug #977718) + [buster] - node-ini 1.3.5-1+deb10u1 + NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974 + NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) +CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...) + NOT-FOR-US: Node react-adal +CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) + NOT-FOR-US: Node macfromip +CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) + NOT-FOR-US: Noed node-ps +CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) + NOT-FOR-US: Node ts-process-promises +CVE-2020-7783 + RESERVED +CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) + NOT-FOR-US: Node spritesheet-js +CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) + NOT-FOR-US: Node connection-tester +CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) + NOT-FOR-US: om.softwaremill.akka-http-session:core_2.13 +CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) + NOT-FOR-US: Node djvalidator +CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) + NOT-FOR-US: Node systeminformation +CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) + NOT-FOR-US: Node jsen +CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...) + NOT-FOR-US: phpoffice/phpspreadsheet +CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...) + NOT-FOR-US: Node freediskspace +CVE-2020-7774 (The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Proto ...) + - node-y18n 4.0.0-3 (bug #976390) + [buster] - node-y18n 3.2.1-2+deb10u1 + [stretch] - node-y18n (Nodejs in stretch not covered by security support) + NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887 + NOTE: https://github.com/yargs/y18n/issues/96 + NOTE: https://github.com/yargs/y18n/pull/108 +CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...) + NOT-FOR-US: Node markdown-it-highlightjs +CVE-2020-7772 (This affects the package doc-path before 2.1.2.) + NOT-FOR-US: Node doc-path +CVE-2020-7771 (The package asciitable.js before 1.0.3 are vulnerable to Prototype Pol ...) + NOT-FOR-US: Node asciitable.js +CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...) + NOT-FOR-US: Node json8 +CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...) + - node-nodemailer 6.4.16-1 + NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 + NOTE: https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 +CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...) + NOT-FOR-US: Node grpc +CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...) + NOT-FOR-US: Node express-validators +CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...) + NOT-FOR-US: Node json-ptr +CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...) + NOT-FOR-US: Node firebase/util +CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...) + NOT-FOR-US: Node find-my-way +CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1.) + NOT-FOR-US: Node phantom-html-to-pdf +CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0.) + NOT-FOR-US: Node jsreport-chrome-pdf +CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It allows caus ...) + NOT-FOR-US: @absolunet/kafe +CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...) + {DSA-4789-1} + - codemirror-js 5.58.2+~cs0.23.101-1 + [stretch] - codemirror-js (Vulnerable code added later) + NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 + NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb +CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...) + NOT-FOR-US: pimcore +CVE-2020-7758 (This affects versions of package browserless-chrome before 1.40.2-chro ...) + NOT-FOR-US: Node browserless-chrome +CVE-2020-7757 (This affects all versions of package droppy. It is possible to travers ...) + NOT-FOR-US: droppy +CVE-2020-7756 + RESERVED +CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...) + NOT-FOR-US: dat.GUI +CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...) + NOT-FOR-US: npm-user-validate +CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...) + NOT-FOR-US: Node trim +CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...) + NOT-FOR-US: Node systeminformation +CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution.) + - node-pathval 1.1.0-4 (bug #972895) + [buster] - node-pathval 1.1.0-3+deb10u1 + NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 + NOTE: https://github.com/chaijs/pathval/pull/58 +CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...) + NOT-FOR-US: scratch-svg-renderer nodejs module +CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...) + NOT-FOR-US: osm-static-maps nodejs module +CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...) + NOT-FOR-US: Ts.ED +CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...) + NOT-FOR-US: lightning-server nodejs module +CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...) + - node-chart.js 2.9.4+dfsg+~cs2.10.1-1 + [buster] - node-chart.js (Minor issue; intrusive to backport) + NOTE: https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 + NOTE: https://github.com/chartjs/Chart.js/pull/7920 +CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...) + NOT-FOR-US: MintegralAdSDK +CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...) + NOT-FOR-US: com.mintegral.msdk:alphab +CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node mathjs +CVE-2020-7742 (This affects the package simpl-schema before 1.10.2.) + NOT-FOR-US: Node simpl-schema +CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...) + NOT-FOR-US: hello.js +CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...) + NOT-FOR-US: Node pdf-generator +CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...) + NOT-FOR-US: Node phantomjs-seo +CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...) + NOT-FOR-US: Node shiba +CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...) + NOT-FOR-US: Node safetydance +CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node bmoor +CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...) + NOT-FOR-US: ng-packagr +CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...) + NOT-FOR-US: cabot +CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...) + - node-ua-parser-js (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22) + NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d + NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 +CVE-2020-7732 + RESERVED +CVE-2020-7731 (This affects all versions <0.7.0 of package github.com/russellhaering/ ...) + - golang-github-russellhaering-gosaml2 (bug #948190) + NOTE: https://github.com/russellhaering/gosaml2/issues/59 + NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302 +CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) + NOT-FOR-US: bestzip nodejs module +CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) + {DLA-2368-1} + - grunt 1.3.0-1 (bug #969668) + [buster] - grunt 1.0.1-8+deb10u1 + NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 + NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 +CVE-2020-7728 + RESERVED +CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) + NOT-FOR-US: Node gedi +CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node safe-object2 +CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node worksmith +CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node tiny-conf +CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) + NOT-FOR-US: Node promisehelpers +CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) + NOT-FOR-US: Node nodee-utils +CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node node-oojs +CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...) + - node-node-forge 0.10.0~dfsg-1 (bug #969669) + [buster] - node-node-forge (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 + NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 +CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...) + NOT-FOR-US: Node locutus +CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) + NOT-FOR-US: Node gammautils +CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node dot-notes +CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) + NOT-FOR-US: Node deeps +CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node deep-get-set +CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) + NOT-FOR-US: Node confucious +CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) + NOT-FOR-US: Node arr-flatten-unflatten +CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) + NOT-FOR-US: Node json +CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) + - golang-github-russellhaering-goxmldsig 1.1.1-1 (bug #968928) + [bullseye] - golang-github-russellhaering-goxmldsig 1.1.0-1+deb11u1 + [buster] - golang-github-russellhaering-goxmldsig 0.0~git20170911.b7efc62-1+deb10u1 + NOTE: https://github.com/russellhaering/goxmldsig/issues/48 + NOTE: https://github.com/russellhaering/goxmldsig/commit/fb23e0af61c023e3a6dae8ad30dbd0f04d8a4d8f +CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...) + NOT-FOR-US: Node safe-eval +CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...) + NOT-FOR-US: Node json-pointer +CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...) + NOT-FOR-US: Node irrelon-path +CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...) + NOT-FOR-US: Node property-expr +CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...) + NOT-FOR-US: Node connie-lang +CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK distribute ...) + NOT-FOR-US: MintegralAdSDK +CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...) + NOT-FOR-US: Node linux-cmdline +CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...) + NOT-FOR-US: Node nis-utils +CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...) + NOT-FOR-US: templ8 +CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) + NOT-FOR-US: Node madlib-object-utils +CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) + NOT-FOR-US: phpjs +CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) + NOT-FOR-US: express-fileupload +CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) + NOT-FOR-US: Gerapy +CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) + NOT-FOR-US: mock2easy nodejs module +CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...) + NOT-FOR-US: react-native-fast-image nodejs module +CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...) + - python-uvicorn 0.13.3-1 (bug #969275) + [buster] - python-uvicorn (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 + NOTE: https://github.com/encode/uvicorn/issues/719 +CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...) + - python-uvicorn 0.13.3-1 (bug #969276) + [buster] - python-uvicorn (Minor issue) + NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560 + NOTE: https://github.com/encode/uvicorn/issues/723 +CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) + - node-socks (Fixed before initial upload to archive) +CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) + - google-oauth-client-java 1.28.0-2 (bug #988944) + NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 + NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469 + NOTE: https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824 +CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <" substring in an ini ...) + NOT-FOR-US: Indeo Otter +CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissec ...) + {DSA-4060-1 DLA-1226-1} + - wireshark 2.4.3-1 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html +CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA dissect ...) + {DSA-4060-1 DLA-1226-1} + - wireshark 2.4.3-1 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html +CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...) + {DSA-4060-1 DLA-1226-1} + - wireshark 2.4.3-1 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html +CVE-2017-17082 + REJECTED +CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 an ...) + {DSA-4099-1} + - ffmpeg 7:3.4.1-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8 +CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as dis ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421 +CVE-2018-0740 + REJECTED +CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be fo ...) + {DSA-4158-1 DSA-4157-1 DLA-1330-1} + - openssl 1.1.0h-1 + - openssl1.0 1.0.2o-1 + - libtomcrypt 1.18.2-1 (low) + [stretch] - libtomcrypt (Minor issue) + [jessie] - libtomcrypt (Minor issue) + NOTE: https://www.openssl.org/news/secadv/20180327.txt + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33 + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d + NOTE: https://github.com/libtom/libtomcrypt/pull/373 +CVE-2018-0738 + REJECTED +CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be vulnerab ...) + {DSA-4355-1 DSA-4348-1 DLA-1449-1} + - openssl 1.1.0h-3 (low; bug #895844) + [wheezy] - openssl (Can wait for next update) + - openssl1.0 1.0.2q-1 (low; bug #895845) + NOTE: https://www.openssl.org/news/secadv/20180416.txt + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f + NOTE: https://eprint.iacr.org/2018/367 +CVE-2018-0736 + REJECTED +CVE-2018-0735 (The OpenSSL ECDSA signature algorithm has been shown to be vulnerable ...) + {DSA-4348-1 DLA-1586-1} + - openssl 1.1.1a-1 + - openssl1.0 (Vulnerable code never present in 1.0.2 series) + NOTE: https://www.openssl.org/news/secadv/20181029.txt + NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=56fb454d281a023b3f950d969693553d3f3ceea1 +CVE-2018-0734 (The OpenSSL DSA signature algorithm has been shown to be vulnerable to ...) + {DSA-4355-1 DSA-4348-1} + - openssl 1.1.1a-1 + [jessie] - openssl (vulnerable code not present, but see note below) + - openssl1.0 1.0.2q-1 + NOTE: https://www.openssl.org/news/secadv/20181030.txt + NOTE: OpenSSL_1_1_1-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=8abfe72e8c1de1b95f50aa0d9134803b4d00070f + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ef11e19d1365eea2b1851e6f540a0bf365d303e7 + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=43e6a58d4991a451daf4891ff05a48735df871ac + NOTE: Actually the version in Jessie is not vulnerable. Nevertheless there is a bug fix which + NOTE: futher reduces the amount of leaked timing information. It got no CVE on its own and + NOTE: introduced this vulnerability. In order to not forget this issue and probably get more + NOTE: information about it later, it is marked as instead of + NOTE: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=b96bebacfe814deb99fb64a3ed2296d95c573600 +CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...) + - openssl 1.1.0h-1 (unimportant) + [stretch] - openssl 1.1.0f-3+deb9u2 + [jessie] - openssl (vulnerable code not present) + [wheezy] - openssl (vulnerable code not present) + - openssl1.0 (Only affects OpenSSL 1.1.0) + NOTE: Issue specific to HP-UX + NOTE: https://www.openssl.org/news/secadv/20180327.txt +CVE-2018-0732 (During key agreement in a TLS handshake using a DH(E) based ciphersuit ...) + {DSA-4355-1 DSA-4348-1 DLA-1449-1} + - openssl 1.1.1-1 (low) + - openssl1.0 1.0.2q-1 (low) + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ea7abeeabf92b7aca160bdd0208636d4da69f4f4 + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=3984ef0b72831da8b3ece4745cac4f8575b19098 + NOTE: https://www.openssl.org/news/secadv/20180612.txt +CVE-2018-0731 + REJECTED +CVE-2017-17079 + REJECTED +CVE-2017-17078 + REJECTED +CVE-2017-17077 + REJECTED +CVE-2017-17076 + REJECTED +CVE-2017-17075 + REJECTED +CVE-2017-17074 + REJECTED +CVE-2017-17073 + REJECTED +CVE-2017-17072 + REJECTED +CVE-2017-17071 + REJECTED +CVE-2017-17070 + REJECTED +CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 al ...) + NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows +CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...) + NOT-FOR-US: Auth0 auth0.js library +CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6 ...) + NOT-FOR-US: Splunk Web +CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of th ...) + - i2pd (Fixed before/with the initial upload to Debian) + NOTE: Issue fixed with 2.17.0 upstream +CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before FW2.11betaB0 ...) + NOT-FOR-US: D-Link +CVE-2017-17064 + RESERVED +CVE-2017-17063 + RESERVED +CVE-2017-17062 (The backend component in Open-Xchange OX App Suite before 7.6.3-rev35, ...) + NOT-FOR-US: Open-Xchange +CVE-2017-17061 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2017-17060 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecu ...) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb post ...) + NOT-FOR-US: WordPress plugin wp-thumb-post +CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to differe ...) + {DSA-4057-1 DLA-1207-1} + - erlang 1:20.1.7+dfsg-1 + NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM + NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7) + NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4) + NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7) + NOTE: https://robotattack.org/ +CVE-2017-17058 (The WooCommerce plugin through 3.x for WordPress has a Directory Trave ...) + NOT-FOR-US: WooCommerce plugin for WordPress +CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...) + NOT-FOR-US: ZKTeco ZKTime Web Software +CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevat ...) + NOT-FOR-US: ZKTeco ZKTime Web Software +CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to execute ...) + NOT-FOR-US: Artica Web Proxy +CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function new_aubi ...) + - aubio 0.4.6-1 (bug #883355) + [stretch] - aubio (Minor issue) + [jessie] - aubio (Vulnerability introduced in 0.4.3) + [wheezy] - aubio (Vulnerability introduced in 0.4.3) + NOTE: https://github.com/aubio/aubio/issues/148 +CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) + NOT-FOR-US: TG Soft Vir.IT eXplorer Lite +CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) + NOT-FOR-US: TG Soft Vir.IT eXplorer Lite +CVE-2017-17048 + RESERVED +CVE-2017-17047 + RESERVED +CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflecte ...) + NOT-FOR-US: Emag Marketplace Connector for WordPress +CVE-2017-17053 (The init_new_context function in arch/x86/include/asm/mmu_context.h in ...) + - linux 4.12.12-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc +CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before 4.12. ...) + - linux 4.12.12-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a +CVE-2018-0730 (This command injection vulnerability in File Station allows attackers ...) + NOT-FOR-US: QNAP +CVE-2018-0729 (This command injection vulnerability in Music Station allows attackers ...) + NOT-FOR-US: QNAP +CVE-2018-0728 (This improper access control vulnerability in Helpdesk allows attacker ...) + NOT-FOR-US: QNAP +CVE-2018-0727 + RESERVED +CVE-2018-0726 + RESERVED +CVE-2018-0725 + RESERVED +CVE-2018-0724 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...) + NOT-FOR-US: Q'center Virtual Appliance +CVE-2018-0723 (Cross-site scripting (XSS) vulnerability in Q'center Virtual Appliance ...) + NOT-FOR-US: Q'center Virtual Appliance +CVE-2018-0722 (Path Traversal vulnerability in Photo Station versions: 5.7.2 and earl ...) + NOT-FOR-US: QNAP +CVE-2018-0721 (Buffer Overflow vulnerability in NAS devices. QTS allows attackers to ...) + NOT-FOR-US: QNAP QTS +CVE-2018-0720 + RESERVED +CVE-2018-0719 (Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP System ...) + NOT-FOR-US: QNAP QTS +CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ver ...) + NOT-FOR-US: Music Station +CVE-2018-0717 + RESERVED +CVE-2018-0716 (Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4. ...) + NOT-FOR-US: QNAP +CVE-2018-0715 (Cross-site scripting vulnerability in QNAP Photo Station versions 5.7. ...) + NOT-FOR-US: QNAP Photo Station +CVE-2018-0714 (Command injection vulnerability in Helpdesk versions 1.1.21 and earlie ...) + NOT-FOR-US: Helpdesk +CVE-2018-0713 + RESERVED +CVE-2018-0712 (Command injection vulnerability in LDAP Server in QNAP QTS 4.2.6 build ...) + NOT-FOR-US: QNAP +CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180 ...) + NOT-FOR-US: QNAP +CVE-2018-0710 (Command injection vulnerability in SSH of QNAP Q'center Virtual Applia ...) + NOT-FOR-US: QNAP +CVE-2018-0709 (Command injection vulnerability in date of QNAP Q'center Virtual Appli ...) + NOT-FOR-US: QNAP +CVE-2018-0708 (Command injection vulnerability in networking of QNAP Q'center Virtual ...) + NOT-FOR-US: QNAP +CVE-2018-0707 (Command injection vulnerability in change password of QNAP Q'center Vi ...) + NOT-FOR-US: QNAP +CVE-2018-0706 (Exposure of Private Information in QNAP Q'center Virtual Appliance ver ...) + NOT-FOR-US: QNAP +CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...) + - yard 0.9.12-1 + [stretch] - yard (Minor issue) + [jessie] - yard (Minor issue) + [wheezy] - yard (Minor issue) + NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 (0.9.11) +CVE-2017-17041 + RESERVED +CVE-2017-17040 + RESERVED +CVE-2017-17039 + RESERVED +CVE-2017-17038 + RESERVED +CVE-2017-17037 + RESERVED +CVE-2017-17036 + RESERVED +CVE-2017-17035 + RESERVED +CVE-2017-17034 + RESERVED +CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP QTS versi ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS version ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS version ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17028 (A buffer overflow vulnerability in external device function in QNAP QT ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2 ...) + NOT-FOR-US: QNAP QTS +CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...) + {DSA-4050-1 DLA-1559-1 DLA-1230-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-247.html +CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS use ...) + {DSA-4050-1 DLA-1559-1 DLA-1230-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-246.html +CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform allow ...) + {DSA-4050-1 DLA-1549-1} + - xen 4.8.2+xsa245-0+deb9u1 + [wheezy] - xen (arm not supported) + NOTE: https://xenbits.xen.org/xsa/advisory-245.html +CVE-2018-0705 (Directory traversal vulnerability in Cybozu Dezie 8.0.2 to 8.1.2 allow ...) + NOT-FOR-US: Cybozu +CVE-2018-0704 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...) + NOT-FOR-US: Cybozu +CVE-2018-0703 (Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 al ...) + NOT-FOR-US: Cybozu +CVE-2018-0702 (Directory traversal vulnerability in Cybozu Mailwise 5.0.0 to 5.4.5 al ...) + NOT-FOR-US: Cybozu +CVE-2018-0701 (BlueStacks App Player (BlueStacks App Player for Windows 3.0.0 to 4.31 ...) + NOT-FOR-US: BlueStacks App Player +CVE-2018-0700 (YukiWiki 2.1.3 and earlier does not process a particular request prope ...) + NOT-FOR-US: YukiWiki +CVE-2018-0699 (Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allow ...) + NOT-FOR-US: YukiWiki +CVE-2018-0698 (Cross-site scripting vulnerability in GROWI v3.2.3 and earlier allows ...) + NOT-FOR-US: GROWI +CVE-2018-0697 (Cross-site scripting vulnerability in Metabase version 0.29.3 and earl ...) + NOT-FOR-US: Metabase +CVE-2018-0696 (OpenAM (Open Source Edition) 13.0 and later does not properly manage s ...) + NOT-FOR-US: OpenAM (different from src:openam) +CVE-2018-0695 (Cross-site scripting vulnerability in User-friendly SVN (USVN) Version ...) + NOT-FOR-US: User-friendly SVN +CVE-2018-0694 (FileZen V3.0.0 to V4.2.1 allows remote attackers to execute arbitrary ...) + NOT-FOR-US: FileZen +CVE-2018-0693 (Directory traversal vulnerability in FileZen V3.0.0 to V4.2.1 allows r ...) + NOT-FOR-US: FileZen +CVE-2018-0692 (Untrusted search path vulnerability in Baidu Browser Version 43.23.100 ...) + NOT-FOR-US: Baidu +CVE-2018-0691 (Multiple +Message Apps (Softbank +Message App for Android prior to ver ...) + NOT-FOR-US: Softbank +Message App for Android +CVE-2018-0690 (An unvalidated software update vulnerability in Music Center for PC ve ...) + NOT-FOR-US: Music Center for PC +CVE-2018-0689 (HTTP header injection vulnerability in SEIKO EPSON printers and scanne ...) + NOT-FOR-US: SEIKO +CVE-2018-0688 (Open redirect vulnerability in SEIKO EPSON printers and scanners (DS-5 ...) + NOT-FOR-US: SEIKO +CVE-2018-0687 (Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. (Denbun ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0686 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0685 (SQL injection vulnerability in the Denbun POP version V3.3P R4.0 and e ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0684 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0683 (Buffer overflow in Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0682 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0681 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0680 (Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, De ...) + NOT-FOR-US: NEOJAPAN +CVE-2018-0679 (Cross-site scripting vulnerability in multiple FXC Inc. network device ...) + NOT-FOR-US: FXC +CVE-2018-0678 (Buffer overflow in BN-SDWBP3 firmware version 1.0.9 and earlier allows ...) + NOT-FOR-US: BN-SDWBP3 +CVE-2018-0677 (BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with admi ...) + NOT-FOR-US: BN-SDWBP3 +CVE-2018-0676 (BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the ...) + NOT-FOR-US: BN-SDWBP3 +CVE-2018-0675 (AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script executi ...) + NOT-FOR-US: AttacheCase +CVE-2018-0674 (AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script executi ...) + NOT-FOR-US: AttacheCase +CVE-2018-0673 (Directory traversal vulnerability in Cybozu Garoon 3.5.0 to 4.6.3 allo ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0672 (Cross-site scripting vulnerability in Movable Type versions prior to V ...) + - movabletype-opensource +CVE-2018-0671 (Privilege escalation vulnerability in INplc-RT 3.08 and earlier allows ...) + NOT-FOR-US: INplc-RT +CVE-2018-0670 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...) + NOT-FOR-US: INplc-RT +CVE-2018-0669 (INplc-RT 3.08 and earlier allows remote attackers to bypass authentica ...) + NOT-FOR-US: INplc-RT +CVE-2018-0668 (Buffer overflow in INplc-RT 3.08 and earlier allows remote attackers t ...) + NOT-FOR-US: INplc-RT +CVE-2018-0667 (Untrusted search path vulnerability in Installer of INplc SDK Express ...) + NOT-FOR-US: INplc +CVE-2018-0666 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...) + NOT-FOR-US: Yamaha +CVE-2018-0665 (Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and ea ...) + NOT-FOR-US: Yamaha +CVE-2018-0664 (A vulnerability in NoMachine App for Android 5.0.63 and earlier allows ...) + NOT-FOR-US: NoMachine App for Android +CVE-2018-0663 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) + NOT-FOR-US: I-O DATA network camera products +CVE-2018-0662 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) + NOT-FOR-US: I-O DATA network camera products +CVE-2018-0661 (Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.0 ...) + NOT-FOR-US: I-O DATA network camera products +CVE-2018-0660 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...) + NOT-FOR-US: AttacheCase +CVE-2018-0659 (Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3 ...) + NOT-FOR-US: AttacheCase +CVE-2018-0658 (Input validation issue in EC-CUBE Payment Module (2.12) version 3.5.23 ...) + NOT-FOR-US: EC-CUBE +CVE-2018-0657 (Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-P ...) + NOT-FOR-US: EC-CUBE +CVE-2018-0656 (Untrusted search path vulnerability in The installer of Digital Paper ...) + NOT-FOR-US: Digital Paper App +CVE-2018-0655 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) + NOT-FOR-US: GROWI +CVE-2018-0654 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) + NOT-FOR-US: GROWI +CVE-2018-0653 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) + NOT-FOR-US: GROWI +CVE-2018-0652 (Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allow ...) + NOT-FOR-US: GROWI +CVE-2018-0651 (Buffer overflow in the license management function of YOKOGAWA product ...) + NOT-FOR-US: YOKOGAWA +CVE-2018-0650 (The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 do ...) + NOT-FOR-US: LINE MUSIC for Android +CVE-2018-0649 (Untrusted search path vulnerability in the installers of multiple Cano ...) + NOT-FOR-US: CANON +CVE-2018-0648 (Untrusted search path vulnerability in installer of ChatWork Desktop A ...) + NOT-FOR-US: installer of ChatWork Desktop App for Windows +CVE-2018-0647 (Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware ...) + NOT-FOR-US: WL-330NUL Firmware +CVE-2018-0646 (Directory traversal vulnerability in Explzh v.7.58 and earlier allows ...) + NOT-FOR-US: Explzh +CVE-2018-0645 (MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via uns ...) + NOT-FOR-US: MTAppjQuery +CVE-2018-0644 (Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage ...) + NOT-FOR-US: ORCA (Online Receipt Computer Advantage) +CVE-2018-0643 (Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-serv ...) + NOT-FOR-US: ORCA (Online Receipt Computer Advantage) +CVE-2018-0642 (Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 ...) + NOT-FOR-US: FV Flowplayer Video Player +CVE-2018-0641 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...) + NOT-FOR-US: Aterm +CVE-2018-0640 (Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker ...) + NOT-FOR-US: Aterm +CVE-2018-0639 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0638 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0637 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0636 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0635 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0634 (Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator ...) + NOT-FOR-US: Aterm +CVE-2018-0633 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...) + NOT-FOR-US: Aterm +CVE-2018-0632 (Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker w ...) + NOT-FOR-US: Aterm +CVE-2018-0631 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) + NOT-FOR-US: Aterm +CVE-2018-0630 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) + NOT-FOR-US: Aterm +CVE-2018-0629 (Aterm W300P Ver1.0.13 and earlier allows attacker with administrator r ...) + NOT-FOR-US: Aterm +CVE-2018-0628 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) + NOT-FOR-US: Aterm +CVE-2018-0627 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) + NOT-FOR-US: Aterm +CVE-2018-0626 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) + NOT-FOR-US: Aterm +CVE-2018-0625 (Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with adm ...) + NOT-FOR-US: Aterm +CVE-2018-0624 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...) + NOT-FOR-US: Yayoi +CVE-2018-0623 (Untrusted search path vulnerability in Multiple Yayoi 17 Series produc ...) + NOT-FOR-US: Yayoi +CVE-2018-0622 (The DHC Online Shop App for Android version 3.2.0 and earlier does not ...) + NOT-FOR-US: DHC Online Shop App for Android +CVE-2018-0621 (Untrusted search path vulnerability in LOGICOOL CONNECTION UTILITY SOF ...) + NOT-FOR-US: LOGICOOL +CVE-2018-0620 (Untrusted search path vulnerability in LOGICOOL Game Software versions ...) + NOT-FOR-US: LOGICOOL +CVE-2018-0619 (Untrusted search path vulnerability in the installer of Glarysoft Glar ...) + NOT-FOR-US: Glarysoft +CVE-2018-0618 (Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allow ...) + {DSA-4246-1 DLA-1442-1} + - mailman 1:2.1.27-1 + NOTE: https://mail.python.org/pipermail/mailman-announce/2018-June/000236.html + NOTE: https://launchpad.net/mailman/+milestone/2.1.27 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1747 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1754 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1783 + NOTE: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1785 +CVE-2018-0617 (Directory traversal vulnerability in ChamaNet MemoCGI v2.1800 to v2.22 ...) + NOT-FOR-US: ChamaNet MemoCGI +CVE-2018-0616 + RESERVED +CVE-2018-0615 + RESERVED +CVE-2018-0614 (Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CS ...) + NOT-FOR-US: NEC +CVE-2018-0613 (NEC Platforms Calsos CSDX and CSDJ series products (CSDX 1.37210411 an ...) + NOT-FOR-US: NEC +CVE-2018-0612 (Cross-site scripting vulnerability in 5000 trillion yen converter v1.0 ...) + NOT-FOR-US: 5000 trillion yen converter +CVE-2018-0611 (The ANA App for iOS version 4.0.22 and earlier does not verify X.509 c ...) + NOT-FOR-US: ANA App +CVE-2018-0610 (Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allo ...) + NOT-FOR-US: Zenphoto +CVE-2018-0609 (Untrusted search path vulnerability in LINE for Windows versions befor ...) + NOT-FOR-US: LINE +CVE-2018-0608 (Buffer overflow in H2O version 2.2.4 and earlier allows remote attacke ...) + - h2o 2.2.5+dfsg1-1 + NOTE: https://github.com/h2o/h2o/issues/1775 +CVE-2018-0607 (SQL injection vulnerability in the Notifications application in the Cy ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0606 (SQL injection vulnerability in the Pixelpost v1.7.3 and earlier allows ...) + NOT-FOR-US: Pixelpost +CVE-2018-0605 (Cross-site scripting vulnerability in Pixelpost v1.7.3 and earlier all ...) + NOT-FOR-US: Pixelpost +CVE-2018-0604 (Pixelpost v1.7.3 and earlier allows remote code execution via unspecif ...) + NOT-FOR-US: Pixelpost +CVE-2018-0603 (Cross-site scripting vulnerability in Site Reviews versions prior to 2 ...) + NOT-FOR-US: Site Reviews +CVE-2018-0602 (Cross-site scripting vulnerability in Email Subscribers & Newsletters ...) + NOT-FOR-US: Email Subscribers & Newsletters +CVE-2018-0601 (Untrusted search path vulnerability in axpdfium v0.01 allows an attack ...) + NOT-FOR-US: axpdfium +CVE-2018-0600 (Untrusted search path vulnerability in the installer of PlayMemories H ...) + NOT-FOR-US: PlayMemories +CVE-2018-0599 (Untrusted search path vulnerability in the installer of Visual C++ Red ...) + NOT-FOR-US: Visual C++ +CVE-2018-0598 (Untrusted search path vulnerability in Self-extracting archive files c ...) + NOT-FOR-US: IExpress +CVE-2018-0597 (Untrusted search path vulnerability in the installer of Visual Studio ...) + NOT-FOR-US: Visual Studio +CVE-2018-0596 (Untrusted search path vulnerability in the installer of Visual Studio ...) + NOT-FOR-US: Visual Studio +CVE-2018-0595 (Untrusted search path vulnerability in the installer of Skype for Wind ...) + NOT-FOR-US: Skype +CVE-2018-0594 (Untrusted search path vulnerability in Skype for Windows allows an att ...) + NOT-FOR-US: Skype +CVE-2018-0593 (Untrusted search path vulnerability in the installer of Microsoft OneD ...) + NOT-FOR-US: OneDrive +CVE-2018-0592 (Untrusted search path vulnerability in Microsoft OneDrive allows an at ...) + NOT-FOR-US: OneDrive +CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3. ...) + NOT-FOR-US: KINEPASS +CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows rem ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate Mem ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of Ultima ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to ...) + NOT-FOR-US: WordPress plugin ultimate-member +CVE-2018-0584 (IIJ SmartKey App for Android version 2.1.0 and earlier allows remote a ...) + NOT-FOR-US: IIJ SmartKey +CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware versio ...) + NOT-FOR-US: ASUS +CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version p ...) + NOT-FOR-US: ASUS +CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version p ...) + NOT-FOR-US: ASUS +CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series ...) + NOT-FOR-US: CELSYS +CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...) + NOT-FOR-US: WordPress plugin wonderm00ns-simple-facebook-open-graph-tags +CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ve ...) + NOT-FOR-US: WordPress plugin pixelyoursite +CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ve ...) + NOT-FOR-US: WordPress plugin wp-google-map-plugin +CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to v ...) + NOT-FOR-US: WordPress plugin events-manager +CVE-2018-0575 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0574 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0573 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0572 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0571 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0570 (Cross-site scripting vulnerability in baserCMS (baserCMS 4.1.0.1 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0569 (baserCMS (baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and e ...) + NOT-FOR-US: baserCMS +CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ve ...) + NOT-FOR-US: Joruri Gw +CVE-2018-0567 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0566 (Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypas ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0565 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.0 a ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0. ...) + NOT-FOR-US: EC-CUBE +CVE-2018-0563 (Untrusted search path vulnerability in the installer of FLET'S VIRUS C ...) + NOT-FOR-US: FLET +CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free v ...) + NOT-FOR-US: Installer of SoundEngine Free +CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall Clie ...) + NOT-FOR-US: Installer of PhishWall Client Internet Explorer +CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attacker ...) + NOT-FOR-US: Hatena Bookmark App for iOS +CVE-2018-0559 (Cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 a ...) + NOT-FOR-US: Cybozu Mailwise +CVE-2018-0558 (Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 ...) + NOT-FOR-US: Cybozu Mailwise +CVE-2018-0557 (Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to ...) + NOT-FOR-US: Cybozu Mailwise +CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execut ...) + NOT-FOR-US: Buffalo WZR-1750DHP2 +CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...) + NOT-FOR-US: Buffalo WZR-1750DHP2 +CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...) + NOT-FOR-US: Buffalo WZR-1750DHP2 +CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ve ...) + NOT-FOR-US: iRemoconWiFi App for Android +CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall Clie ...) + NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows) +CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 all ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 all ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...) + NOT-FOR-US: WP All Import plugin for WordPress +CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ve ...) + NOT-FOR-US: WP All Import plugin for WordPress +CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute arbitrar ...) + NOT-FOR-US: LXR +CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier (Inst ...) + NOT-FOR-US: WinShot +CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier (Instal ...) + NOT-FOR-US: Jtrim installer +CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...) + NOT-FOR-US: WebProxy (some software released by LunarLight) +CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to caus ...) + NOT-FOR-US: Tiny FTP Daemon +CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows a ...) + NOT-FOR-US: ViX +CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary comma ...) + NOT-FOR-US: QQQ SYSTEMS +CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) + NOT-FOR-US: QQQ SYSTEMS +CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) + NOT-FOR-US: QQQ SYSTEMS +CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an at ...) + NOT-FOR-US: QQQ SYSTEMS +CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...) + NOT-FOR-US: PHP 2chBBS +CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an at ...) + NOT-FOR-US: ArsenoL +CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...) + NOT-FOR-US: Cybozu Garoon +CVE-2018-0529 (Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to cause a deni ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0528 (Cybozu Office 10.0.0 to 10.7.0 allows authenticated attackers to bypas ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0527 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 a ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0526 (Cybozu Office 10.0.0 to 10.7.0 allow remote attackers to display an im ...) + NOT-FOR-US: Cybozu Office +CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows ...) + - jubatus (bug #704100) +CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...) + - jubatus (bug #704100) +CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) + NOT-FOR-US: Buffalo +CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier ...) + NOT-FOR-US: Buffalo +CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...) + NOT-FOR-US: Buffalo +CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS0 ...) + NOT-FOR-US: FS010W firmware +CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...) + NOT-FOR-US: FS010W firmware +CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...) + NOT-FOR-US: LINE for iOS +CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...) + NOT-FOR-US: Anshin net security for Windows +CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address selectio ...) + NOT-FOR-US: FLET'S v4 / v6 address selection tool +CVE-2018-0515 (Untrusted search path vulnerability in "FLET'S Azukeru Backup Tool" ve ...) + NOT-FOR-US: FLET'S Azukeru Backup Tool +CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remot ...) + NOT-FOR-US: MP Form Mail CGI eCommerce Edition +CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...) + NOT-FOR-US: MTS Simple Booking +CVE-2018-0512 (Devices with IP address setting tool "MagicalFinder" provided by I-O D ...) + NOT-FOR-US: IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. +CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version 5. ...) + NOT-FOR-US: WP Retina +CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and earlie ...) + NOT-FOR-US: kkcal +CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result v ...) + NOT-FOR-US: kkcal +CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer (kkcald ...) + NOT-FOR-US: kkcal +CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & ...) + NOT-FOR-US: FLET'S VIRUS CLEAR +CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...) + NOT-FOR-US: Nootka +CVE-2018-0505 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...) + {DSA-4301-1} + - mediawiki 1:1.31.1-1 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + NOTE: https://phabricator.wikimedia.org/T194605 +CVE-2018-0504 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an in ...) + {DSA-4301-1} + - mediawiki 1:1.31.1-1 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + NOTE: https://phabricator.wikimedia.org/T187638 +CVE-2018-0503 (Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a fla ...) + {DSA-4301-1} + - mediawiki 1:1.31.1-1 + NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html + NOTE: https://phabricator.wikimedia.org/T169545 +CVE-2018-0502 (An issue was discovered in zsh before 5.6. The beginning of a #! scrip ...) + {DLA-2470-1} + - zsh 5.6-1 (bug #908000) + [jessie] - zsh (Minor issue) + NOTE: https://www.zsh.org/mla/zsh-announce/136 + NOTE: https://sourceforge.net/p/zsh/code/ci/1c4c7b6a4d17294df028322b70c53803a402233d +CVE-2018-0501 (The mirror:// method implementation in Advanced Package Tool (APT) 1.6 ...) + - apt 1.6.4 + [stretch] - apt (Vulnerable code introduced in 1.6~alpha6) + [jessie] - apt (Vulnerable code introduced in 1.6~alpha6) + NOTE: https://mirror.fail/ +CVE-2018-0500 (Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including cur ...) + - curl 7.61.0-1 (bug #903546) + [stretch] - curl (Only affects 7.54.1 to 7.60.0) + [jessie] - curl (Only affects 7.54.1 to 7.60.0) + NOTE: https://curl.haxx.se/docs/adv_2018-70a2.html +CVE-2018-0499 (A cross-site scripting vulnerability in queryparser/termgenerator_inte ...) + - xapian-core 1.4.6-1 (bug #902886) + [stretch] - xapian-core 1.4.3-2+deb9u1 + [jessie] - xapian-core (vulnerable code not present) + NOTE: https://lists.xapian.org/pipermail/xapian-discuss/2018-July/009652.html +CVE-2018-0498 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows loc ...) + {DSA-4296-1 DLA-1518-1} + - mbedtls 2.12.0-1 (bug #904821) + - polarssl + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 +CVE-2018-0497 (ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows rem ...) + {DSA-4296-1 DLA-1518-1} + - mbedtls 2.12.0-1 (bug #904821) + - polarssl + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02 +CVE-2018-0496 (Directory traversal issues in the D-Mod extractor in DFArc and DFArc2 ...) + {DLA-1686-1} + - freedink-dfarc 3.14-1 + [stretch] - freedink-dfarc 3.12-1+deb9u1 + NOTE: https://savannah.gnu.org/forum/forum.php?forum_id=9169 + NOTE: https://git.savannah.gnu.org/cgit/freedink/dfarc.git/commit/?id=40cc957f52e772f45125126439ba9333cf2d2998 +CVE-2018-0495 (Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache s ...) + {DSA-4231-1 DLA-1405-1} + - libgcrypt20 1.8.3-1 + NOTE: https://dev.gnupg.org/T4011 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965 +CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...) + {DSA-4195-1 DLA-1375-1} + - wget 1.19.5-1 (bug #898076) + NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html + NOTE: https://savannah.gnu.org/bugs/?53763 + NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd + NOTE: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt +CVE-2018-0493 (remctld in remctl before 3.14, when an attacker is authorized to execu ...) + {DSA-4159-1} + - remctl 3.14-1 + [jessie] - remctl (Affected code introduced in 3.12) + [wheezy] - remctl (Affected code introduced in 3.12) + NOTE: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html + NOTE: https://git.eyrie.org/?p=kerberos/remctl.git;a=commitdiff;h=e2b34e086f199b39f8ea36dd621684003835d172 +CVE-2018-0492 (Johnathan Nightingale beep through 1.3.4, if setuid, has a race condit ...) + {DSA-4163-1 DLA-1338-1} + - beep 1.3-5 (bug #894667) + NOTE: https://github.com/johnath/beep/issues/11 +CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...) + - tor 0.3.2.10-1 + [stretch] - tor (Only affects tor 0.3.2.x series and later) + [jessie] - tor (Only affects tor 0.3.2.x series and later) + [wheezy] - tor (Only affects tor 0.3.2.x series and later) + NOTE: https://trac.torproject.org/projects/tor/ticket/25117 + NOTE: https://trac.torproject.org/projects/tor/ticket/24700 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 + NOTE: https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9 +CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.1 ...) + {DSA-4183-1} + - tor 0.3.2.10-1 + [jessie] - tor (Vulnerable code introduced after tor-0.2.9.4-alpha) + [wheezy] - tor (Vulnerable code introduced after tor-0.2.9.4-alpha) + NOTE: https://trac.torproject.org/projects/tor/ticket/25074 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915 + NOTE: https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4 +CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Pr ...) + {DSA-4126-1 DLA-1296-1} + - xmltooling 1.6.4-1 + NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt + NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128 + NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + NOTE: https://www.kb.cert.org/vuls/id/475445 +CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...) + {DSA-4147-1 DSA-4138-1} + - mbedtls 2.7.0-2 (bug #890287) + - polarssl + [wheezy] - polarssl (according to the upstream advisory < 1.2.19 not affected) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 + NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87 + NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f +CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows rem ...) + {DSA-4147-1 DSA-4138-1} + - mbedtls 2.7.0-2 (bug #890288) + - polarssl + [wheezy] - polarssl (according to the upstream advisory < 1.3.7 not affected) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01 + NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d +CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Pr ...) + {DSA-4085-1 DLA-1242-1} + - xmltooling 1.6.3-1 + [stretch] - xmltooling 1.6.0-4+deb9u1 + NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt + NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already + NOTE: disallow DTD use. + NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-127 + NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=a02314e96d6746d29c5697b504d37f2e04a6e6cd +CVE-2017-17026 + RESERVED +CVE-2017-17025 + RESERVED +CVE-2017-17024 + RESERVED +CVE-2017-17023 (The Sophos UTM VPN endpoint interacts with client software provided by ...) + NOT-FOR-US: Sophos IPSec Client and NCP "Secure Entry Client" +CVE-2017-17022 + RESERVED +CVE-2017-17021 + RESERVED +CVE-2017-17020 (On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 ...) + NOT-FOR-US: D-Link +CVE-2017-17019 + RESERVED +CVE-2017-17018 + RESERVED +CVE-2017-17017 + RESERVED +CVE-2017-17016 + RESERVED +CVE-2017-17015 + RESERVED +CVE-2017-17014 + RESERVED +CVE-2017-17013 + RESERVED +CVE-2017-17012 + RESERVED +CVE-2017-17011 + RESERVED +CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for P ...) + NOT-FOR-US: Content Manager Assistant for PlayStation +CVE-2017-17009 + REJECTED +CVE-2017-17008 + REJECTED +CVE-2017-17007 + REJECTED +CVE-2017-17006 + REJECTED +CVE-2017-17005 + REJECTED +CVE-2017-17004 + REJECTED +CVE-2017-17003 + REJECTED +CVE-2017-17002 + REJECTED +CVE-2017-17001 + REJECTED +CVE-2017-17000 + REJECTED +CVE-2017-16999 + REJECTED +CVE-2017-16998 + REJECTED +CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2 ...) + - glibc 2.25-6 (bug #884615) + [stretch] - glibc 2.24-11+deb9u4 + - eglibc + [wheezy] - eglibc (Minor issue) + NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625 + NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html +CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...) + - linux 4.14.7-1 + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958 +CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...) + {DSA-4073-1} + - linux 4.14.7-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f +CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which al ...) + NOT-FOR-US: Pebble +CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exist ...) + NOT-FOR-US: Hitachi Vantara Pentaho BA Platform +CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the Ja ...) + NOT-FOR-US: typed-function +CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a ...) + NOT-FOR-US: math.js +CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the JavaScrip ...) + NOT-FOR-US: math.js +CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections) + NOT-FOR-US: GitPHP +CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger code ...) + NOT-FOR-US: Swagger-Parser +CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...) + {DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1} + - atril 1.20.0-1 (low) + [stretch] - atril 1.16.1-2+deb9u2 + - evince 3.25.92-1 (low) + [stretch] - evince (Minor issue) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947 + NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1) + NOTE: Fixed by: https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e (3.25.91) +CVE-2018-0485 (A vulnerability in the SM-1T3/E3 firmware on Cisco Second Generation I ...) + NOT-FOR-US: Cisco +CVE-2018-0484 (A vulnerability in the access control logic of the Secure Shell (SSH) ...) + NOT-FOR-US: Cisco +CVE-2018-0483 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0482 (A vulnerability in the web-based management interface of Cisco Prime N ...) + NOT-FOR-US: Cisco +CVE-2018-0481 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0480 (A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Sof ...) + NOT-FOR-US: Cisco +CVE-2018-0479 + RESERVED +CVE-2018-0478 + RESERVED +CVE-2018-0477 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0476 (A vulnerability in the Network Address Translation (NAT) Session Initi ...) + NOT-FOR-US: Cisco +CVE-2018-0475 (A vulnerability in the implementation of the cluster feature of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0474 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0473 (A vulnerability in the Precision Time Protocol (PTP) subsystem of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0472 (A vulnerability in the IPsec driver code of multiple Cisco IOS XE Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0471 (A vulnerability in the Cisco Discovery Protocol (CDP) module of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software could al ...) + NOT-FOR-US: Cisco +CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software cou ...) + NOT-FOR-US: Cisco +CVE-2018-0468 (A vulnerability in the configuration of a local database installed as ...) + NOT-FOR-US: Cisco +CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE So ...) + NOT-FOR-US: Cisco +CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) imp ...) + NOT-FOR-US: Cisco +CVE-2018-0465 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2018-0464 (A vulnerability in Cisco Data Center Network Manager software could al ...) + NOT-FOR-US: Cisco +CVE-2018-0463 (A vulnerability in the Cisco Network Plug and Play server component of ...) + NOT-FOR-US: Cisco +CVE-2018-0462 (A vulnerability in the user management functionality of Cisco Enterpri ...) + NOT-FOR-US: Cisco +CVE-2018-0461 (A vulnerability in the Cisco IP Phone 8800 Series Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0460 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...) + NOT-FOR-US: Cisco +CVE-2018-0459 (A vulnerability in the web-based management interface of Cisco Enterpr ...) + NOT-FOR-US: Cisco +CVE-2018-0458 (A vulnerability in the web-based management interface of Cisco Prime C ...) + NOT-FOR-US: Cisco +CVE-2018-0457 (A vulnerability in the Cisco Webex Player for Webex Recording Format ( ...) + NOT-FOR-US: Cisco +CVE-2018-0456 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) + NOT-FOR-US: Cisco +CVE-2018-0455 (A vulnerability in the Server Message Block Version 2 (SMBv2) and Vers ...) + NOT-FOR-US: Cisco +CVE-2018-0454 (A vulnerability in the web-based management interface of Cisco Cloud S ...) + NOT-FOR-US: Cisco +CVE-2018-0453 (A vulnerability in the Sourcefire tunnel control channel protocol in C ...) + NOT-FOR-US: Cisco +CVE-2018-0452 (A vulnerability in the web-based management interface of Cisco Tetrati ...) + NOT-FOR-US: Cisco +CVE-2018-0451 (A vulnerability in the web-based management interface of Cisco Tetrati ...) + NOT-FOR-US: Cisco +CVE-2018-0450 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + NOT-FOR-US: Cisco +CVE-2018-0449 (A vulnerability in the Cisco Jabber Client Framework (JCF) software, i ...) + NOT-FOR-US: Cisco +CVE-2018-0448 (A vulnerability in the identity management service of Cisco Digital Ne ...) + NOT-FOR-US: Cisco +CVE-2018-0447 (A vulnerability in the anti-spam protection mechanisms of Cisco AsyncO ...) + NOT-FOR-US: Cisco +CVE-2018-0446 (A vulnerability in the web-based management interface of Cisco Industr ...) + NOT-FOR-US: Cisco +CVE-2018-0445 (A vulnerability in the web-based management interface of Cisco Package ...) + NOT-FOR-US: Cisco +CVE-2018-0444 (A vulnerability in the web-based management interface of Cisco Package ...) + NOT-FOR-US: Cisco +CVE-2018-0443 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2018-0442 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2018-0441 (A vulnerability in the 802.11r Fast Transition feature set of Cisco IO ...) + NOT-FOR-US: Cisco +CVE-2018-0440 (A vulnerability in the web interface of Cisco Data Center Network Mana ...) + NOT-FOR-US: Cisco +CVE-2018-0439 (A vulnerability in the web-based management interface of Cisco Meeting ...) + NOT-FOR-US: Cisco +CVE-2018-0438 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) ...) + NOT-FOR-US: Cisco +CVE-2018-0437 (A vulnerability in the Cisco Umbrella Enterprise Roaming Client (ERC) ...) + NOT-FOR-US: Cisco +CVE-2018-0436 (A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allo ...) + NOT-FOR-US: Cisco +CVE-2018-0435 (A vulnerability in the Cisco Umbrella API could allow an authenticated ...) + NOT-FOR-US: Cisco +CVE-2018-0434 (A vulnerability in the Zero Touch Provisioning feature of the Cisco SD ...) + NOT-FOR-US: Cisco +CVE-2018-0433 (A vulnerability in the command-line interface (CLI) in the Cisco SD-WA ...) + NOT-FOR-US: Cisco +CVE-2018-0432 (A vulnerability in the error reporting feature of the Cisco SD-WAN Sol ...) + NOT-FOR-US: Cisco +CVE-2018-0431 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2018-0430 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2018-0429 (Stack-based buffer overflow in the Cisco Thor decoder before commit 18 ...) + NOT-FOR-US: Cisco +CVE-2018-0428 (A vulnerability in the account management subsystem of Cisco Web Secur ...) + NOT-FOR-US: Cisco +CVE-2018-0427 (A vulnerability in the CronJob scheduler API of Cisco Digital Network ...) + NOT-FOR-US: Cisco +CVE-2018-0426 (A vulnerability in the web-based management interface of the Cisco RV1 ...) + NOT-FOR-US: Cisco +CVE-2018-0425 (A vulnerability in the web-based management interface of the Cisco RV1 ...) + NOT-FOR-US: Cisco +CVE-2018-0424 (A vulnerability in the web-based management interface of the Cisco RV1 ...) + NOT-FOR-US: Cisco +CVE-2018-0423 (A vulnerability in the web-based management interface of the Cisco RV1 ...) + NOT-FOR-US: Cisco +CVE-2018-0422 (A vulnerability in the folder permissions of Cisco Webex Meetings clie ...) + NOT-FOR-US: Cisco +CVE-2018-0421 (A vulnerability in TCP connection management in Cisco Prime Access Reg ...) + NOT-FOR-US: Cisco +CVE-2018-0420 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) + NOT-FOR-US: Cisco +CVE-2018-0419 (A vulnerability in certain attachment detection mechanisms of Cisco Em ...) + NOT-FOR-US: Cisco +CVE-2018-0418 (A vulnerability in the Local Packet Transport Services (LPTS) feature ...) + NOT-FOR-US: Cisco +CVE-2018-0417 (A vulnerability in TACACS authentication with Cisco Wireless LAN Contr ...) + NOT-FOR-US: Cisco +CVE-2018-0416 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) + NOT-FOR-US: Cisco +CVE-2018-0415 (A vulnerability in the implementation of Extensible Authentication Pro ...) + NOT-FOR-US: Cisco +CVE-2018-0414 (A vulnerability in the web-based UI of Cisco Secure Access Control Ser ...) + NOT-FOR-US: Cisco +CVE-2018-0413 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0412 (A vulnerability in the implementation of Extensible Authentication Pro ...) + NOT-FOR-US: Cisco +CVE-2018-0411 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0410 (A vulnerability in the web proxy functionality of Cisco AsyncOS Softwa ...) + NOT-FOR-US: Cisco +CVE-2018-0409 (A vulnerability in the XCP Router service of the Cisco Unified Communi ...) + NOT-FOR-US: Cisco +CVE-2018-0408 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2018-0407 (A vulnerability in the web-based management interface of Cisco Small B ...) + NOT-FOR-US: Cisco +CVE-2018-0406 (A vulnerability in the web-based management interface of Cisco Web Sec ...) + NOT-FOR-US: Cisco +CVE-2018-0405 (A vulnerability in the web framework code for Cisco RV180W Wireless-N ...) + NOT-FOR-US: Cisco +CVE-2018-0404 (A vulnerability in the web framework code for Cisco RV180W Wireless-N ...) + NOT-FOR-US: Cisco +CVE-2018-0403 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0402 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0401 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0400 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0399 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0398 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2018-0397 (A vulnerability in Cisco AMP for Endpoints Mac Connector Software inst ...) + NOT-FOR-US: Cisco +CVE-2018-0396 (A vulnerability in the web framework of the Cisco Unified Communicatio ...) + NOT-FOR-US: Cisco +CVE-2018-0395 (A vulnerability in the Link Layer Discovery Protocol (LLDP) implementa ...) + NOT-FOR-US: Cisco +CVE-2018-0394 (A vulnerability in the web upload function of Cisco Cloud Services Pla ...) + NOT-FOR-US: Cisco +CVE-2018-0393 (A Read-Only User Effect Change vulnerability in the Policy Builder int ...) + NOT-FOR-US: Cisco +CVE-2018-0392 (A vulnerability in the CLI of Cisco Policy Suite could allow an authen ...) + NOT-FOR-US: Cisco +CVE-2018-0391 (A vulnerability in the password change function of Cisco Prime Collabo ...) + NOT-FOR-US: Cisco +CVE-2018-0390 (A vulnerability in the web framework of Cisco Webex could allow an una ...) + NOT-FOR-US: Cisco +CVE-2018-0389 (A vulnerability in the implementation of Session Initiation Protocol ( ...) + NOT-FOR-US: Cisco +CVE-2018-0388 (A vulnerability in the web-based interface of Cisco Wireless LAN Contr ...) + NOT-FOR-US: Cisco +CVE-2018-0387 (A vulnerability in Cisco Webex Teams (for Windows and macOS) could all ...) + NOT-FOR-US: Cisco +CVE-2018-0386 (A vulnerability in Cisco Unified Communications Domain Manager Softwar ...) + NOT-FOR-US: Cisco +CVE-2018-0385 (A vulnerability in the detection engine parsing of Security Socket Lay ...) + NOT-FOR-US: Cisco +CVE-2018-0384 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0383 (A vulnerability in the detection engine of Cisco FireSIGHT System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0382 (A vulnerability in the session identification management functionality ...) + NOT-FOR-US: Cisco +CVE-2018-0381 (A vulnerability in the Cisco Aironet Series Access Points (APs) softwa ...) + NOT-FOR-US: Cisco +CVE-2018-0380 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...) + NOT-FOR-US: Cisco +CVE-2018-0379 (Multiple vulnerabilities exist in the Cisco Webex Network Recording Pl ...) + NOT-FOR-US: Cisco +CVE-2018-0378 (A vulnerability in the Precision Time Protocol (PTP) feature of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0377 (A vulnerability in the Open Systems Gateway initiative (OSGi) interfac ...) + NOT-FOR-US: Cisco +CVE-2018-0376 (A vulnerability in the Policy Builder interface of Cisco Policy Suite ...) + NOT-FOR-US: Cisco +CVE-2018-0375 (A vulnerability in the Cluster Manager of Cisco Policy Suite before 18 ...) + NOT-FOR-US: Cisco +CVE-2018-0374 (A vulnerability in the Policy Builder database of Cisco Policy Suite b ...) + NOT-FOR-US: Cisco +CVE-2018-0373 (A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys fo ...) + NOT-FOR-US: Cisco +CVE-2018-0372 (A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series F ...) + NOT-FOR-US: Cisco +CVE-2018-0371 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...) + NOT-FOR-US: Cisco +CVE-2018-0370 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0369 (A vulnerability in the reassembly logic for fragmented IPv4 packets of ...) + NOT-FOR-US: Cisco +CVE-2018-0368 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) + NOT-FOR-US: Cisco +CVE-2018-0367 (A vulnerability in the web-based management interface of the Cisco Reg ...) + NOT-FOR-US: Cisco +CVE-2018-0366 (A vulnerability in the web-based management interface of Cisco Web Sec ...) + NOT-FOR-US: Cisco +CVE-2018-0365 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2018-0364 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0363 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0362 (A vulnerability in BIOS authentication management of Cisco 5000 Series ...) + NOT-FOR-US: Cisco +CVE-2018-0361 (ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...) + {DLA-1461-1} + - clamav 0.100.1+dfsg-1 + [stretch] - clamav 0.100.1+dfsg-0+deb9u1 + NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html +CVE-2018-0360 (ClamAV before 0.100.1 has an HWP integer overflow with a resultant inf ...) + {DLA-1461-1} + - clamav 0.100.1+dfsg-1 + [stretch] - clamav 0.100.1+dfsg-0+deb9u1 + NOTE: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html +CVE-2018-0359 (A vulnerability in the session identification management functionality ...) + NOT-FOR-US: Cisco +CVE-2018-0358 (A vulnerability in the file descriptor handling of Cisco TelePresence ...) + NOT-FOR-US: Cisco +CVE-2018-0357 (A vulnerability in the web framework of Cisco WebEx could allow an una ...) + NOT-FOR-US: Cisco +CVE-2018-0356 (A vulnerability in the web framework of Cisco WebEx could allow an una ...) + NOT-FOR-US: Cisco +CVE-2018-0355 (A vulnerability in the web UI of Cisco Unified Communications Manager ...) + NOT-FOR-US: Cisco +CVE-2018-0354 (A vulnerability in the web framework of Cisco Unity Connection could a ...) + NOT-FOR-US: Cisco +CVE-2018-0353 (A vulnerability in traffic-monitoring functions in Cisco Web Security ...) + NOT-FOR-US: Cisco +CVE-2018-0352 (A vulnerability in the Disk Check Tool (disk-check.sh) for Cisco Wide ...) + NOT-FOR-US: Cisco +CVE-2018-0351 (A vulnerability in the command-line tcpdump utility in the Cisco SD-WA ...) + NOT-FOR-US: Cisco (tcpdump utility in Cisco SD-WAN Solution, but CVE is Cisco specific assigned) +CVE-2018-0350 (A vulnerability in the VPN subsystem configuration in the Cisco SD-WAN ...) + NOT-FOR-US: Cisco +CVE-2018-0349 (A vulnerability in the Cisco SD-WAN Solution could allow an authentica ...) + NOT-FOR-US: Cisco +CVE-2018-0348 (A vulnerability in the CLI of the Cisco SD-WAN Solution could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0347 (A vulnerability in the Zero Touch Provisioning (ZTP) subsystem of the ...) + NOT-FOR-US: Cisco +CVE-2018-0346 (A vulnerability in the Zero Touch Provisioning service of the Cisco SD ...) + NOT-FOR-US: Cisco +CVE-2018-0345 (A vulnerability in the configuration and management database of the Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0344 (A vulnerability in the vManage dashboard for the configuration and man ...) + NOT-FOR-US: Cisco +CVE-2018-0343 (A vulnerability in the configuration and management service of the Cis ...) + NOT-FOR-US: Cisco +CVE-2018-0342 (A vulnerability in the configuration and monitoring service of the Cis ...) + NOT-FOR-US: Cisco +CVE-2018-0341 (A vulnerability in the web-based UI of Cisco IP Phone 6800, 7800, and ...) + NOT-FOR-US: Cisco +CVE-2018-0340 (A vulnerability in the web framework of the Cisco Unified Communicatio ...) + NOT-FOR-US: Cisco +CVE-2018-0339 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0338 (A vulnerability in the role-based access-checking mechanisms of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0337 (A vulnerability in the role-based access-checking mechanisms of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0336 (A vulnerability in the batch provisioning feature of Cisco Prime Colla ...) + NOT-FOR-US: Cisco +CVE-2018-0335 (A vulnerability in the web portal authentication process of Cisco Prim ...) + NOT-FOR-US: Cisco +CVE-2018-0334 (A vulnerability in the certificate management subsystem of Cisco AnyCo ...) + NOT-FOR-US: Cisco +CVE-2018-0333 (A vulnerability in the VPN configuration management of Cisco FireSIGHT ...) + NOT-FOR-US: Cisco +CVE-2018-0332 (A vulnerability in the Session Initiation Protocol (SIP) ingress packe ...) + NOT-FOR-US: Cisco +CVE-2018-0331 (A vulnerability in the Cisco Discovery Protocol (formerly known as CDP ...) + NOT-FOR-US: Cisco +CVE-2018-0330 (A vulnerability in the NX-API management application programming inter ...) + NOT-FOR-US: Cisco +CVE-2018-0329 (A vulnerability in the default configuration of the Simple Network Man ...) + NOT-FOR-US: Cisco +CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...) + NOT-FOR-US: Cisco +CVE-2018-0326 (A vulnerability in the web UI of Cisco TelePresence Server Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0325 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...) + NOT-FOR-US: Cisco +CVE-2018-0324 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0323 (A vulnerability in the web management interface of Cisco Enterprise NF ...) + NOT-FOR-US: Cisco +CVE-2018-0322 (A vulnerability in the web management interface of Cisco Prime Collabo ...) + NOT-FOR-US: Cisco +CVE-2018-0321 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could ...) + NOT-FOR-US: Cisco +CVE-2018-0320 (A vulnerability in the web framework code of Cisco Prime Collaboration ...) + NOT-FOR-US: Cisco +CVE-2018-0319 (A vulnerability in the password recovery function of Cisco Prime Colla ...) + NOT-FOR-US: Cisco +CVE-2018-0318 (A vulnerability in the password reset function of Cisco Prime Collabor ...) + NOT-FOR-US: Cisco +CVE-2018-0317 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) + NOT-FOR-US: Cisco +CVE-2018-0316 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...) + NOT-FOR-US: Cisco +CVE-2018-0315 (A vulnerability in the authentication, authorization, and accounting ( ...) + NOT-FOR-US: Cisco +CVE-2018-0314 (A vulnerability in the Cisco Fabric Services (CFS) component of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0313 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) + NOT-FOR-US: Cisco +CVE-2018-0312 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0311 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0310 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0309 (A vulnerability in the implementation of a specific CLI command and th ...) + NOT-FOR-US: Cisco +CVE-2018-0308 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0307 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...) + NOT-FOR-US: Cisco +CVE-2018-0306 (A vulnerability in the CLI parser of Cisco NX-OS Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0305 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0304 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + NOT-FOR-US: Cisco +CVE-2018-0303 (A vulnerability in the Cisco Discovery Protocol component of Cisco FXO ...) + NOT-FOR-US: Cisco +CVE-2018-0302 (A vulnerability in the CLI parser of Cisco FXOS Software and Cisco UCS ...) + NOT-FOR-US: Cisco +CVE-2018-0301 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) + NOT-FOR-US: Cisco +CVE-2018-0300 (A vulnerability in the process of uploading new application images to ...) + NOT-FOR-US: Cisco +CVE-2018-0299 (A vulnerability in the Simple Network Management Protocol (SNMP) featu ...) + NOT-FOR-US: Cisco +CVE-2018-0298 (A vulnerability in the web UI of Cisco FXOS and Cisco UCS Fabric Inter ...) + NOT-FOR-US: Cisco +CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat Defe ...) + NOT-FOR-US: Cisco +CVE-2018-0296 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...) + NOT-FOR-US: Cisco +CVE-2018-0295 (A vulnerability in the Border Gateway Protocol (BGP) implementation of ...) + NOT-FOR-US: Cisco +CVE-2018-0294 (A vulnerability in the write-erase feature of Cisco FXOS Software and ...) + NOT-FOR-US: Cisco +CVE-2018-0293 (A vulnerability in role-based access control (RBAC) for Cisco NX-OS So ...) + NOT-FOR-US: Cisco +CVE-2018-0292 (A vulnerability in the Internet Group Management Protocol (IGMP) Snoop ...) + NOT-FOR-US: Cisco +CVE-2018-0291 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) + NOT-FOR-US: Cisco +CVE-2018-0290 (A vulnerability in the TCP stack of Cisco SocialMiner could allow an u ...) + NOT-FOR-US: Cisco +CVE-2018-0289 (A vulnerability in the logs component of Cisco Identity Services Engin ...) + NOT-FOR-US: Cisco +CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could all ...) + NOT-FOR-US: Cisco +CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...) + NOT-FOR-US: Cisco +CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software coul ...) + NOT-FOR-US: Cisco +CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog cou ...) + NOT-FOR-US: Cisco +CVE-2018-0284 (A vulnerability in the local status page functionality of the Cisco Me ...) + NOT-FOR-US: Cisco +CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0282 (A vulnerability in the TCP socket code of Cisco IOS and IOS XE Softwar ...) + NOT-FOR-US: Cisco +CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream pr ...) + NOT-FOR-US: Cisco +CVE-2018-0279 (A vulnerability in the Secure Copy Protocol (SCP) server of Cisco Ente ...) + NOT-FOR-US: Cisco +CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System So ...) + NOT-FOR-US: Cisco +CVE-2018-0277 (A vulnerability in the Extensible Authentication Protocol-Transport La ...) + NOT-FOR-US: Cisco +CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an unauthenticat ...) + NOT-FOR-US: Cisco +CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity Servic ...) + NOT-FOR-US: Cisco +CVE-2018-0274 (A vulnerability in the CLI parser of Cisco Network Services Orchestrat ...) + NOT-FOR-US: Cisco +CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco Aggrega ...) + NOT-FOR-US: Cisco +CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco Fire ...) + NOT-FOR-US: Cisco +CVE-2018-0271 (A vulnerability in the API gateway of the Cisco Digital Network Archit ...) + NOT-FOR-US: Cisco +CVE-2018-0270 (A vulnerability in the web-based management interface of Cisco IoT Fie ...) + NOT-FOR-US: Cisco +CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital Network Arch ...) + NOT-FOR-US: Cisco +CVE-2018-0268 (A vulnerability in the container management subsystem of Cisco Digital ...) + NOT-FOR-US: Cisco +CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0265 + REJECTED +CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for Advanc ...) + NOT-FOR-US: Cisco +CVE-2018-0263 (A vulnerability in Cisco Meeting Server (CMS) could allow an unauthent ...) + NOT-FOR-US: Cisco +CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated ...) + NOT-FOR-US: Cisco +CVE-2018-0261 + RESERVED +CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE Co ...) + NOT-FOR-US: Cisco +CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting multi ...) + NOT-FOR-US: Cisco +CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series C ...) + NOT-FOR-US: Cisco +CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality o ...) + NOT-FOR-US: Cisco +CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Industria ...) + NOT-FOR-US: Cisco +CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access Con ...) + NOT-FOR-US: Cisco +CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly functio ...) + NOT-FOR-US: Cisco +CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of th ...) + NOT-FOR-US: Cisco +CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect A ...) + NOT-FOR-US: Cisco +CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...) + NOT-FOR-US: Cisco +CVE-2018-0248 (A vulnerability in the administrative GUI configuration feature of Cis ...) + NOT-FOR-US: Cisco +CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0246 + REJECTED +CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...) + NOT-FOR-US: Cisco +CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol Inspection ...) + NOT-FOR-US: Cisco +CVE-2018-0239 (A vulnerability in the egress packet processing functionality of the C ...) + NOT-FOR-US: Cisco +CVE-2018-0238 (A vulnerability in the role-based resource checking functionality of t ...) + NOT-FOR-US: Cisco +CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco Adva ...) + NOT-FOR-US: Cisco +CVE-2018-0236 + REJECTED +CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling Prot ...) + NOT-FOR-US: Cisco +CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly fu ...) + NOT-FOR-US: Cisco +CVE-2018-0232 + RESERVED +CVE-2018-0231 (A vulnerability in the Transport Layer Security (TLS) library of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0230 (A vulnerability in the internal packet-processing functionality of Cis ...) + NOT-FOR-US: Cisco +CVE-2018-0229 (A vulnerability in the implementation of Security Assertion Markup Lan ...) + NOT-FOR-US: Cisco +CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cisco Ad ...) + NOT-FOR-US: Cisco +CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Netw ...) + NOT-FOR-US: Cisco +CVE-2018-0226 (A vulnerability in the assignment and management of default user accou ...) + NOT-FOR-US: Cisco +CVE-2018-0225 (The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4 ...) + NOT-FOR-US: Cisco +CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interfac ...) + NOT-FOR-US: Cisco +CVE-2018-0222 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) + NOT-FOR-US: Cisco +CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...) + NOT-FOR-US: Cisco +CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco Videosc ...) + NOT-FOR-US: Cisco +CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...) + NOT-FOR-US: Cisco +CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services Eng ...) + NOT-FOR-US: Cisco +CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco Identi ...) + NOT-FOR-US: Cisco +CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity Servic ...) + NOT-FOR-US: Cisco +CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + NOT-FOR-US: Cisco +CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) + NOT-FOR-US: Cisco +CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ba ...) + NOT-FOR-US: Cisco +CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure Ac ...) + NOT-FOR-US: Cisco +CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime Collab ...) + NOT-FOR-US: Cisco +CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...) + NOT-FOR-US: Cisco +CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allo ...) + NOT-FOR-US: Cisco +CVE-2018-0202 (clamscan in ClamAV before 0.99.4 contains a vulnerability that could a ...) + {DLA-1307-1} + - clamav 0.100.0~beta+dfsg-2 + [stretch] - clamav 0.99.4+dfsg-1+deb9u1 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980 + NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc + NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d + NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560 + NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3 + NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857 +CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service Cata ...) + NOT-FOR-US: Cisco +CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0197 (A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an a ...) + NOT-FOR-US: Cisco +CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0192 + RESERVED +CVE-2018-0191 + REJECTED +CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) + NOT-FOR-US: Cisco +CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0188 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) + NOT-FOR-US: Cisco +CVE-2018-0187 (A vulnerability in the Admin portal of Cisco Identity Services Engine ...) + NOT-FOR-US: Cisco +CVE-2018-0186 (Multiple vulnerabilities in the web-based user interface (web UI) of C ...) + NOT-FOR-US: Cisco +CVE-2018-0185 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0184 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...) + NOT-FOR-US: Cisco +CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0181 (A vulnerability in the Redis implementation used by the Cisco Policy S ...) + NOT-FOR-US: Cisco +CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...) + NOT-FOR-US: Cisco +CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) featu ...) + NOT-FOR-US: Cisco +CVE-2018-0178 + REJECTED +CVE-2018-0177 (A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IO ...) + NOT-FOR-US: Cisco +CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery Protocol (LLDP ...) + NOT-FOR-US: Cisco +CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...) + NOT-FOR-US: Cisco +CVE-2018-0173 (A vulnerability in the Cisco IOS Software and Cisco IOS XE Software fu ...) + NOT-FOR-US: Cisco +CVE-2018-0172 (A vulnerability in the DHCP option 82 encapsulation functionality of C ...) + NOT-FOR-US: Cisco +CVE-2018-0171 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...) + NOT-FOR-US: Cisco +CVE-2018-0170 (A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2018-0169 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software co ...) + NOT-FOR-US: Cisco +CVE-2018-0168 + RESERVED +CVE-2018-0167 (Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery P ...) + NOT-FOR-US: Cisco +CVE-2018-0166 + RESERVED +CVE-2018-0165 (A vulnerability in the Internet Group Management Protocol (IGMP) packe ...) + NOT-FOR-US: Cisco +CVE-2018-0164 (A vulnerability in the Switch Integrated Security Features of Cisco IO ...) + NOT-FOR-US: Cisco +CVE-2018-0163 (A vulnerability in the 802.1x multiple-authentication (multi-auth) fea ...) + NOT-FOR-US: Cisco +CVE-2018-0162 + RESERVED +CVE-2018-0161 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) + NOT-FOR-US: Cisco +CVE-2018-0160 (A vulnerability in Simple Network Management Protocol (SNMP) subsystem ...) + NOT-FOR-US: Cisco +CVE-2018-0159 (A vulnerability in the implementation of Internet Key Exchange Version ...) + NOT-FOR-US: Cisco +CVE-2018-0158 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...) + NOT-FOR-US: Cisco +CVE-2018-0157 (A vulnerability in the Zone-Based Firewall code of Cisco IOS XE Softwa ...) + NOT-FOR-US: Cisco +CVE-2018-0156 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...) + NOT-FOR-US: Cisco +CVE-2018-0155 (A vulnerability in the Bidirectional Forwarding Detection (BFD) offloa ...) + NOT-FOR-US: Cisco +CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated Services ...) + NOT-FOR-US: Cisco +CVE-2018-0153 + REJECTED +CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...) + NOT-FOR-US: Cisco +CVE-2018-0149 (A vulnerability in the web-based management interface of Cisco Integra ...) + NOT-FOR-US: Cisco +CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) + NOT-FOR-US: Cisco +CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access Co ...) + NOT-FOR-US: Cisco +CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework applicati ...) + NOT-FOR-US: Cisco +CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Dat ...) + NOT-FOR-US: Cisco +CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco Prime D ...) + NOT-FOR-US: Cisco +CVE-2018-0143 + REJECTED +CVE-2018-0142 + RESERVED +CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Softwa ...) + NOT-FOR-US: Cisco +CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security Applian ...) + NOT-FOR-US: Cisco +CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management con ...) + NOT-FOR-US: Cisco +CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System Soft ...) + NOT-FOR-US: Cisco +CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network c ...) + NOT-FOR-US: Cisco +CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...) + NOT-FOR-US: Cisco +CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...) + NOT-FOR-US: Cisco +CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...) + NOT-FOR-US: Cisco +CVE-2018-0133 + RESERVED +CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0131 (A vulnerability in the implementation of RSA-encrypted nonces in Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...) + NOT-FOR-US: Cisco +CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + NOT-FOR-US: Cisco +CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data Ce ...) + NOT-FOR-US: Cisco +CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...) + NOT-FOR-US: Cisco +CVE-2018-0126 + RESERVED +CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ Wirele ...) + NOT-FOR-US: Cisco +CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could a ...) + NOT-FOR-US: Cisco +CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS a ...) + NOT-FOR-US: Cisco +CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based s ...) + NOT-FOR-US: Cisco +CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0119 (A vulnerability in certain authentication controls in the account serv ...) + NOT-FOR-US: Cisco +CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the ...) + NOT-FOR-US: Cisco +CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy Su ...) + NOT-FOR-US: Cisco +CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for Ci ...) + NOT-FOR-US: Cisco +CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before 0.11 ...) + NOT-FOR-US: Cisco node-jose +CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could all ...) + NOT-FOR-US: Cisco +CVE-2018-0112 (A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Mee ...) + NOT-FOR-US: Cisco +CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2018-0110 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2018-0109 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2018-0108 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2018-0107 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...) + NOT-FOR-US: Cisco +CVE-2018-0106 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...) + NOT-FOR-US: Cisco +CVE-2018-0105 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced R ...) + NOT-FOR-US: Cisco +CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...) + NOT-FOR-US: Cisco +CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow a ...) + NOT-FOR-US: Cisco +CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...) + NOT-FOR-US: Cisco +CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure M ...) + NOT-FOR-US: Cisco +CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network T ...) + NOT-FOR-US: Cisco +CVE-2018-0098 (A vulnerability in the web-based management interface of Cisco WAP150 ...) + NOT-FOR-US: Cisco +CVE-2018-0097 (A vulnerability in the web interface of Cisco Prime Infrastructure cou ...) + NOT-FOR-US: Cisco +CVE-2018-0096 (A vulnerability in the role-based access control (RBAC) functionality ...) + NOT-FOR-US: Cisco +CVE-2018-0095 (A vulnerability in the administrative shell of Cisco AsyncOS on Cisco ...) + NOT-FOR-US: Cisco +CVE-2018-0094 (A vulnerability in IPv6 ingress packet processing for Cisco UCS Centra ...) + NOT-FOR-US: Cisco +CVE-2018-0093 (A vulnerability in the web-based management interface of Cisco Web Sec ...) + NOT-FOR-US: Cisco +CVE-2018-0092 (A vulnerability in the network-operator user role implementation for C ...) + NOT-FOR-US: Cisco +CVE-2018-0091 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2018-0090 (A vulnerability in management interface access control list (ACL) conf ...) + NOT-FOR-US: Cisco +CVE-2018-0089 (A vulnerability in the Policy and Charging Rules Function (PCRF) of th ...) + NOT-FOR-US: Cisco +CVE-2018-0088 (A vulnerability in one of the diagnostic test CLI commands on Cisco In ...) + NOT-FOR-US: Cisco +CVE-2018-0087 (A vulnerability in the FTP server of the Cisco Web Security Appliance ...) + NOT-FOR-US: Cisco +CVE-2018-0086 (A vulnerability in the application server of the Cisco Unified Custome ...) + NOT-FOR-US: Cisco +CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel b ...) + - linux 4.14.2-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code introduced in 4.0) + [wheezy] - linux (Vulnerable code introduced in 4.0) + NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1) +CVE-2017-16993 + REJECTED +CVE-2017-16992 + REJECTED +CVE-2017-16991 + REJECTED +CVE-2017-16990 + REJECTED +CVE-2017-16989 + REJECTED +CVE-2017-16988 + REJECTED +CVE-2017-16987 + REJECTED +CVE-2017-16986 + REJECTED +CVE-2017-16985 + REJECTED +CVE-2017-16984 + REJECTED +CVE-2017-16983 + REJECTED +CVE-2017-16982 + REJECTED +CVE-2017-16981 + REJECTED +CVE-2017-16980 + REJECTED +CVE-2017-16979 + REJECTED +CVE-2017-16978 + REJECTED +CVE-2017-16977 + REJECTED +CVE-2017-16976 + REJECTED +CVE-2017-16975 + REJECTED +CVE-2017-16974 + REJECTED +CVE-2017-16973 + REJECTED +CVE-2017-16972 + REJECTED +CVE-2017-16971 + REJECTED +CVE-2017-16970 + REJECTED +CVE-2017-16969 + REJECTED +CVE-2017-16968 + REJECTED +CVE-2017-16967 + REJECTED +CVE-2017-16966 + REJECTED +CVE-2017-16965 + REJECTED +CVE-2017-16964 + REJECTED +CVE-2017-16963 + RESERVED +CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate P ...) + NOT-FOR-US: CommuniGate Pro +CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree ...) + NOT-FOR-US: BigTree CMS +CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) + NOT-FOR-US: TP-Link +CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, a ...) + NOT-FOR-US: TP-Link +CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) + NOT-FOR-US: TP-Link +CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authentic ...) + NOT-FOR-US: TP-Link +CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a priva ...) + NOT-FOR-US: b3log Symphony +CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for Word ...) + NOT-FOR-US: InLinks plugin for WordPress +CVE-2017-16954 + RESERVED +CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic A ...) + NOT-FOR-US: ZTE +CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: K-Multimedia Player +CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial o ...) + NOT-FOR-US: Winamp +CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before 2 ...) + - urbackup-server (bug #697325) +CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post P ...) + NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress +CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...) + NOT-FOR-US: TG Soft Vir.IT eXplorer Lite +CVE-2017-16947 + RESERVED +CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...) + NOT-FOR-US: MISP +CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows loc ...) + NOT-FOR-US: standardrestorer binary in Arq +CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...) + - libsndfile 1.0.27-1 + [jessie] - libsndfile (Minor issue) + [wheezy] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/issues/341 +CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) + {DSA-4053-1} + - exim4 4.89-13 (bug #882671) + [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) + [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2201 + NOTE: https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542 + NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html + NOTE: 4.89-10 adds a workaround which disables the affected code by default +CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...) + {DSA-4053-1} + - exim4 4.89-12 (bug #882648) + [jessie] - exim4 (ESMTP CHUNKING extension introduced in 4.88) + [wheezy] - exim4 (ESMTP CHUNKING extension introduced in 4.88) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2199 + NOTE: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4 + NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html + NOTE: https://twitter.com/philpennock/status/934270613811875840 + NOTE: 4.89-10 adds a workaround which disables the affected code by default +CVE-2017-16941 (October CMS through 1.0.428 does not prevent use of .htaccess in theme ...) + NOT-FOR-US: October CMS +CVE-2017-16940 + RESERVED +CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Lin ...) + {DSA-4082-1 DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2 +CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to c ...) + {DSA-4058-1 DLA-1196-1} + - optipng 0.7.6-1.1 (bug #878839) + NOTE: https://sourceforge.net/p/optipng/bugs/69/ +CVE-2017-16937 + RESERVED +CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...) + NOT-FOR-US: Shenzhen Tenda +CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...) + NOT-FOR-US: Ametys CMS +CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execut ...) + NOT-FOR-US: DBL DBLTek devices +CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown ca ...) + - icinga2 2.8.4-1 (low; bug #883247) + [stretch] - icinga2 (Minor issue) + [jessie] - icinga2 (Minor issue) + NOTE: https://github.com/Icinga/icinga2/issues/5793 + NOTE: CVE is for the unsafe use of chown(1) +CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...) + - cacti 0.8.8h+ds1-5 (bug #833420) + [jessie] - cacti 0.8.8b+dfsg-8+deb8u6 + [wheezy] - cacti 0.8.8a+dfsg-5+deb7u9 + NOTE: https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697 + NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846 + NOTE: Fix for the incomplete fix for CVE-2016-2313 +CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion i ...) + {DLA-2972-1 DLA-1194-1} + [experimental] - libxml2 2.9.7+dfsg-1 + - libxml2 2.9.10+dfsg-2 (bug #882613) + [buster] - libxml2 (Minor issue; too intrusive to backport) + [jessie] - libxml2 (Minor issue; too intrusive to backport) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579 + NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961 + NOTE: Applying only 899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely + NOTE: fix the issue, see https://bugs.debian.org/882613#12 for discussion. +CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity reference ...) + {DLA-1194-1} + - libxml2 2.9.4+dfsg1-3.1 + [stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1 + [jessie] - libxml2 2.9.1+dfsg1-5+deb8u5 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956 + NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3 + NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050 +CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 al ...) + NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner +CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...) + NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner +CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local us ...) + NOT-FOR-US: arq_updater binary in Arq +CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the sessio ...) + {DLA-1203-1} + - xrdp 0.9.4-3 (bug #882463) + [stretch] - xrdp 0.9.1-9+deb9u2 + [jessie] - xrdp (Minor issue) + NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958 + NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA + NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression + NOTE: thus marking it only as fixed in the followup version, cf. #884702 +CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted fi ...) + - ohcount 3.1.0-1 (bug #882372) + [stretch] - ohcount (Minor issue) + [jessie] - ohcount (Minor issue) + [wheezy] - ohcount (Minor issue) + NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0) +CVE-2017-16925 + RESERVED +CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in ManageEn ...) + NOT-FOR-US: ManageEngine Desktop Central +CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda A ...) + NOT-FOR-US: Shenzhen Tenda +CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza Strea ...) + NOT-FOR-US: Wowza +CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and includin ...) + {DSA-4066-1 DLA-1212-1} + - otrs2 6.0.2-1 (bug #883774) + NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ + NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357 + NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/d12797bf1efa6722c2ba9af6d8238446c2903cd1 + NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646 + NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/368bc37f137e6344f4db014ee2e03c38e2fc62d2 + NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/4043ebb2580cd8f87e7758e95bf0d77eea5c82ae +CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY val ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) vulne ...) + NOT-FOR-US: MapOS +CVE-2017-16918 + RESERVED +CVE-2017-16917 + RESERVED +CVE-2017-16916 + RESERVED +CVE-2017-16915 + RESERVED +CVE-2017-16914 (The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 + NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a +CVE-2017-16913 (The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 + NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366 +CVE-2017-16912 (The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux K ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 + NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 +CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4. ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 + NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 +CVE-2017-16910 (An error within the "LibRaw::xtrans_interpolate()" function (internal/ ...) + {DLA-2903-1} + - libraw 0.18.6-1 + [wheezy] - libraw (Minor issue) + NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 + NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e +CVE-2017-16909 (An error related to the "LibRaw::panasonic_load_raw()" function (dcraw ...) + - libraw 0.18.6-1 + [wheezy] - libraw (Minor issue) + NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19 + NOTE: https://github.com/LibRaw/LibRaw/commit/f1394822a0152ceed77815eafa5cac4e8baab10a +CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during crea ...) + {DLA-2350-1} + - php-horde-kronolith 4.2.24-1 (bug #909738) + [jessie] - php-horde-kronolith (vulnerable code not present) + NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 + NOTE: https://github.com/horde/kronolith/commit/39f740068ad21618f6f70b6e37855c61cadbd716 +CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...) + {DLA-2349-1 DLA-2348-1 DLA-1536-1 DLA-1535-1} + - php-horde 5.2.18+debian0-1 (bug #909739) + - php-horde-core 2.31.3+debian0-1 (bug #909800) + NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 + NOTE: php-horde: https://github.com/horde/base/commit/fb2113bbcd04bd4a28c46aad0889fb0a3979a230 + NOTE: php-horde-core: https://github.com/horde/Core/commit/ecea6ea740419e19122a50579ba2903c1cb71d7a +CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...) + {DLA-2351-1 DLA-1537-1} + - php-horde-kronolith 4.2.24-1 (bug #909737) + NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html + NOTE: https://bugs.horde.org/ticket/14857 + NOTE: https://github.com/horde/kronolith/commit/09d90141292f9ec516a7a2007bf828ce2bbdf60d +CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...) + NOT-FOR-US: DuoLingo TinyCards application +CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...) + NOT-FOR-US: LvyeCMS +CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute arbi ...) + NOT-FOR-US: LvyeCMS +CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long str ...) + NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router +CVE-2017-16901 + RESERVED +CVE-2017-16900 (Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the ...) + NOT-FOR-US: Hunesion i-oneNet +CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows remo ...) + - fig2dev 1:3.2.6a-5 (bug #881143) + [stretch] - fig2dev 1:3.2.6a-2+deb9u1 + - transfig + [jessie] - transfig 1:3.2.5.e-4+deb8u1 + [wheezy] - transfig (Minor issue) +CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ea ...) + {DLA-1240-1} + - ming + NOTE: https://github.com/libming/libming/issues/75 +CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...) + NOT-FOR-US: Auth0 passport-wsfed-saml2 library +CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass compon ...) + - tt-rss 17.4+git20180312+dfsg-1 (bug #882543) + NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669 + NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815 +CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqgl ...) + NOT-FOR-US: Arq +CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain sensi ...) + - php-laravel-framework (Fixed before initial upload to archive) + NOTE: https://security.snyk.io/vuln/SNYK-PHP-LARAVELFRAMEWORK-72070 +CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability i ...) + - piwigo +CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename functio ...) + - bftpd (bug #640469) + NOTE: http://bftpd.sourceforge.net/news.html#032390 +CVE-2017-16891 + RESERVED +CVE-2017-16890 (SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono func ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/57 + NOTE: Crash in CLI tool, no security impact +CVE-2017-16889 + RESERVED +CVE-2017-16888 + RESERVED +CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) + NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 +CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...) + NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 +CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R ...) + NOT-FOR-US: FiberHome LM53Q1 VH519R05C01S38 devices +CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...) + {DSA-4082-1 DSA-4073-1 DLA-1200-1} + - linux 4.14.7-1 + NOTE: https://www.spinics.net/lists/kvm/msg159809.html +CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a passw ...) + NOT-FOR-US: OpenDayLight +CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use o ...) + - linux 4.14.2-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (vulnerable code not present, cf. kernel-sec information) + NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0 + NOTE: https://www.openwall.com/lists/oss-security/2017/11/30/1 + NOTE: https://github.com/bindecy/HugeDirtyCowPOC +CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used th ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with Job/Co ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the c ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...) + - jenkins +CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(j ...) + - jenkins +CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/ ...) + - jenkins +CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /com ...) + - jenkins +CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) + - jenkins +CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information abou ...) + - jenkins +CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...) + - jenkins +CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...) + - jenkins +CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestion ...) + - jenkins +CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metada ...) + - jenkins +CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check permiss ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 an ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perfor ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores credent ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 all ...) + NOT-FOR-US: MistServer +CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming < ...) + {DLA-1240-1} + - ming + NOTE: https://github.com/libming/libming/issues/77 +CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but s ...) + - icinga (Doesn't affect Icinga 1.x as packaged in Debian) + NOTE: https://github.com/Icinga/icinga-core/issues/1601 + NOTE: State is not fully correct, since "affected" source would be there, + NOTE: But Debian does not install the binaries nor configuration files as + NOTE: respective icinga user. +CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON o ...) + NOT-FOR-US: b3log Symphony +CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before 2.1 ...) + NOT-FOR-US: filp whoops +CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...) + NOT-FOR-US: Snap7 Server +CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme versi ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...) + NOT-FOR-US: Opencast +CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...) + NOT-FOR-US: Opencast +CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...) + - simple-xml 2.7.1-3 (low; bug #888547) + [stretch] - simple-xml (Minor issue) + [jessie] - simple-xml (Minor issue) + [wheezy] - simple-xml (Minor issue) + NOTE: https://github.com/ngallagher/simplexml/issues/18 + NOTE: Fixing commit in a new fork of the library (which is renamed simple-xml-safe): + NOTE: https://github.com/dweiss/simplexml/commit/c8d4b4310549bfaf6dc0a20abea7fbcca6e51edd +CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1. ...) + NOT-FOR-US: Phoenix Framework +CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser) + - exiv2 (Vulnerable code introduced in 0.26; only affected experimental) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 + NOTE: https://github.com/Exiv2/exiv2/issues/177 +CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888863) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 + NOTE: https://github.com/Exiv2/exiv2/issues/176 +CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser) + - exiv2 (WebP support introduced in 0.26; only affected experimental; bug #888864) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/30/1 + NOTE: https://github.com/Exiv2/exiv2/issues/175 +CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in tinfo/w ...) + - ncurses 6.0+20171125-1 (bug #882620) + [stretch] - ncurses 6.0+20161126-1+deb9u2 + [jessie] - ncurses 5.9+20140913-1+deb8u3 + [wheezy] - ncurses (Minor issue) + NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz + NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125 +CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal functio ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...) + NOT-FOR-US: ZEIT Next.js +CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in mi ...) + - mistune 0.8.1-1 + [stretch] - mistune (Minor issue) + NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98 +CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...) + {DSA-4170-1} + - pjproject 2.7.1~dfsg-1 + [jessie] - pjproject (Minor issue) + NOTE: https://trac.pjsip.org/repos/ticket/2055 + NOTE: https://trac.pjsip.org/repos/changeset/5680 + NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN) +CVE-2017-16874 + RESERVED +CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that ...) + NOT-FOR-US: vagrant-vmware-fusion +CVE-2017-1000233 + REJECTED +CVE-2017-1000222 + REJECTED +CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticate ...) + - xrootd (Fixed with first upload to Debian) +CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code execut ...) + NOT-FOR-US: Elixir's vim plugin +CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...) + {DLA-1175-1} + - lynx 2.8.9dev16-1 + [stretch] - lynx (Minor issue) + - lynx-cur + [jessie] - lynx-cur (Minor issue) + NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9 +CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to buf ...) + - htslib 1.4.1-1 + [stretch] - htslib (Minor issue) + [jessie] - htslib (Minor issue) +CVE-2017-1000204 + REJECTED +CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...) + - root-system + [jessie] - root-system (Minor issue) + [wheezy] - root-system (Minor issue as it's restricted to authenticated users) + NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e +CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File I ...) + NOT-FOR-US: Cygnux sysPass +CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting i ...) + NOT-FOR-US: Jool +CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal) + NOT-FOR-US: jqueryFileTree +CVE-2017-1000169 (QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes whic ...) + NOT-FOR-US: QuickerBB +CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate pub ...) + NOT-FOR-US: sodiumoxide +CVE-2017-1000161 + REJECTED +CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in P ...) + {DSA-4170-1} + - pjproject 2.7.1~dfsg-1 + [jessie] - pjproject (Minor issue) + NOTE: https://trac.pjsip.org/repos/ticket/2056 + NOTE: https://trac.pjsip.org/repos/changeset/5682 + NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN) +CVE-2017-16871 (The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP ...) + NOT-FOR-US: UpdraftPlus plugin for WordPress +CVE-2017-16870 (The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the u ...) + NOT-FOR-US: UpdraftPlus plugin for WordPress +CVE-2017-16869 (p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of se ...) + - upx-ucl 3.94-4 (bug #882041; unimportant) + NOTE: https://github.com/upx/upx/issues/146 + NOTE: crash in CLI tool, no security impact +CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/52 + NOTE: Crash in CLI tool, no security impact +CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 deauthentica ...) + NOT-FOR-US: Amazon Key +CVE-2017-1000248 (Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis) + - ruby-redis-store 1.1.6-2 (bug #882034) + [stretch] - ruby-redis-store 1.1.6-1+deb9u1 + NOTE: https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e +CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerab ...) + - codeigniter (bug #471583) +CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the initializa ...) + - python-pysaml2 4.5.0-4 (bug #882012) + [stretch] - python-pysaml2 (Minor issue) + [jessie] - python-pysaml2 (Minor issue) + NOTE: https://github.com/rohe/pysaml2/issues/417 + NOTE: https://github.com/c00kiemon5ter/pysaml2/commit/7323f5c20efb59424d853c822e7a26d1aa3e84aa +CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...) + NOT-FOR-US: OpenEMR +CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected & stored Cro ...) + NOT-FOR-US: OpenEMR +CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scrip ...) + NOT-FOR-US: InvoicePlane +CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload r ...) + NOT-FOR-US: InvoicePlane +CVE-2017-1000237 (I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request ...) + - i-librarian (bug #649291) +CVE-2017-1000236 (I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site ...) + - i-librarian (bug #649291) +CVE-2017-1000235 (I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection ...) + - i-librarian (bug #649291) +CVE-2017-1000234 (I, Librarian version <=4.6 & 4.7 is vulnerable to Directory Enumeratio ...) + - i-librarian (bug #649291) +CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecifi ...) + {DLA-2910-1} + - ldns 1.7.0-4 (bug #882014) + [jessie] - ldns (Minor issue) + [wheezy] - ldns (Vulnerable code not present) + NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257 + NOTE: https://github.com/NLnetLabs/ldns/commit/3bdeed02505c9bbacb3b64a97ddcb1de967153b7 +CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...) + {DLA-2910-1 DLA-1182-1} + - ldns 1.7.0-4 (bug #882015) + [jessie] - ldns (Minor issue) + NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256 + NOTE: https://github.com/NLnetLabs/ldns/commit/c8391790c96d4c8a2c10f9ab1460fda83b509fc2 +CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...) + {DSA-4058-1 DLA-1184-1} + - optipng 0.7.6-1.1 (bug #882032) + NOTE: https://sourceforge.net/p/optipng/bugs/65/ + NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch +CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code exec ...) + - node-ejs 2.5.7-1 + [stretch] - node-ejs (Node not covered by security support) + NOTE: https://security.snyk.io/vuln/npm:ejs:20161128 + NOTE: https://github.com/mde/ejs/commit/3d447c5a335844b25faec04b1132dbc721f9c8f6 (v2.5.3) +CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API) + NOT-FOR-US: WordPress plugin +CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using relevans ...) + NOT-FOR-US: Relevanssi +CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated attacke ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is prese ...) + NOT-FOR-US: MODX Revolution +CVE-2017-1000220 (soyuka/pidusage <=1.1.4 is vulnerable to command injection in the modu ...) + NOT-FOR-US: soyuka/pidusage +CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...) + NOT-FOR-US: npm/KyleRoss windows-cpu +CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the "writel ...) + NOT-FOR-US: LightFTP +CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST par ...) + NOT-FOR-US: WBCE +CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflo ...) + NOT-FOR-US: picoTCP +CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...) + NOT-FOR-US: Java WebSocket client nv-websocket-client +CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version <= 1.0.30) yaml parsing f ...) + NOT-FOR-US: Swagger-Parser +CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...) + NOT-FOR-US: October CMS +CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...) + NOT-FOR-US: October CMS +CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset m ...) + NOT-FOR-US: October CMS +CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration modificati ...) + NOT-FOR-US: October CMS +CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...) + NOT-FOR-US: October CMS +CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-servi ...) + - node-ejs 2.5.7-1 + [stretch] - node-ejs (Node not covered by security support) + NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4) +CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scri ...) + - node-ejs 2.5.7-1 + [stretch] - node-ejs (Node not covered by security support) + NOTE: https://github.com/mde/ejs/commit/49264e0037e313a0a3e033450b5c184112516d8f (v2.5.4) +CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. FoFiTru ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/36 + NOTE: Crash in CLI tool, no security implications +CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf.) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/34 + NOTE: Crash in CLI tool, no security implications +CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf.) + - swftools + [stretch] - swftools (Minor issue) + [jessie] - swftools (Minor issue) + [wheezy] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/33 +CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf.) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/30 + NOTE: Crash in CLI tool, no security implications +CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc.) + - swftools + [stretch] - swftools (Minor issue) + [jessie] - swftools (Minor issue) + [wheezy] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/23 +CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump swf_GetB ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/21 + NOTE: Crash in CLI tool, no security implications +CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook res ...) + NOT-FOR-US: Tine groupware +CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...) + NOT-FOR-US: EllisLab ExpressionEngine +CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...) + {DSA-4307-1 DLA-1520-1 DLA-1519-1 DLA-1190-1 DLA-1189-1} + - python3.5 3.5.5-1 + - python3.4 + - python2.7 2.7.13-4 + [stretch] - python2.7 2.7.13-2+deb9u2 + - python2.6 + NOTE: https://bugs.python.org/issue30657 + NOTE: 2.7 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae (v2.7.14rc1) + NOTE: 3.4 https://github.com/python/cpython/commit/6c004b40f9d51872d848981ef1a18bb08c2dfc42 (v3.4.8rc1) + NOTE: 3.5 https://github.com/python/cpython/commit/fd8614c5c5466a14a945db5b059c10c0fb8f76d9 (v3.5.5rc1) + NOTE: The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff +CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog compone ...) + - serendipity +CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...) + NOT-FOR-US: Codiad +CVE-2018-0085 + RESERVED +CVE-2018-0084 + RESERVED +CVE-2018-0083 + RESERVED +CVE-2018-0082 + RESERVED +CVE-2018-0081 + RESERVED +CVE-2018-0080 + RESERVED +CVE-2018-0079 + RESERVED +CVE-2018-0078 + RESERVED +CVE-2018-0077 + RESERVED +CVE-2018-0076 + RESERVED +CVE-2018-0075 + RESERVED +CVE-2018-0074 + RESERVED +CVE-2018-0073 + RESERVED +CVE-2018-0072 + RESERVED +CVE-2018-0071 + RESERVED +CVE-2018-0070 + RESERVED +CVE-2018-0069 + RESERVED +CVE-2018-0068 + RESERVED +CVE-2018-0067 + RESERVED +CVE-2018-0066 + RESERVED +CVE-2018-0065 + RESERVED +CVE-2018-0064 + RESERVED +CVE-2018-0063 (A vulnerability in the IP next-hop index database in Junos OS 17.3R3 m ...) + NOT-FOR-US: Juniper +CVE-2018-0062 (A Denial of Service vulnerability in J-Web service may allow a remote ...) + NOT-FOR-US: Juniper +CVE-2018-0061 (A denial of service vulnerability in the telnetd service on Junos OS a ...) + NOT-FOR-US: Juniper +CVE-2018-0060 (An improper input validation weakness in the device control daemon pro ...) + NOT-FOR-US: Juniper +CVE-2018-0059 (A persistent cross-site scripting vulnerability in the graphical user ...) + NOT-FOR-US: Juniper +CVE-2018-0058 (Receipt of a specially crafted IPv6 exception packet may be able to tr ...) + NOT-FOR-US: Juniper +CVE-2018-0057 (On MX Series and M120/M320 platforms configured in a Broadband Edge (B ...) + NOT-FOR-US: Juniper +CVE-2018-0056 (If a duplicate MAC address is learned by two different interfaces on a ...) + NOT-FOR-US: Juniper +CVE-2018-0055 (Receipt of a specially crafted DHCPv6 message destined to a Junos OS d ...) + NOT-FOR-US: Juniper +CVE-2018-0054 (On QFX5000 Series and EX4600 switches, a high rate of Ethernet pause f ...) + NOT-FOR-US: Juniper +CVE-2018-0053 (An authentication bypass vulnerability in the initial boot sequence of ...) + NOT-FOR-US: Juniper +CVE-2018-0052 (If RSH service is enabled on Junos OS and if the PAM authentication is ...) + NOT-FOR-US: Juniper +CVE-2018-0051 (A Denial of Service vulnerability in the SIP application layer gateway ...) + NOT-FOR-US: Juniper +CVE-2018-0050 (An error handling vulnerability in Routing Protocols Daemon (RPD) of J ...) + NOT-FOR-US: Juniper +CVE-2018-0049 (A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS ...) + NOT-FOR-US: Juniper +CVE-2018-0048 (A vulnerability in the Routing Protocols Daemon (RPD) with Juniper Ext ...) + NOT-FOR-US: Juniper +CVE-2018-0047 (A persistent cross-site scripting vulnerability in the UI framework us ...) + NOT-FOR-US: Juniper +CVE-2018-0046 (A reflected cross-site scripting vulnerability in OpenNMS included wit ...) + NOT-FOR-US: Juniper +CVE-2018-0045 (Receipt of a specific Draft-Rosen MVPN control packet may cause the ro ...) + NOT-FOR-US: Juniper +CVE-2018-0044 (An insecure SSHD configuration in Juniper Device Manager (JDM) and hos ...) + NOT-FOR-US: Juniper +CVE-2018-0043 (Receipt of a specific MPLS packet may cause the routing protocol daemo ...) + NOT-FOR-US: Juniper +CVE-2018-0042 (Juniper Networks CSO versions prior to 4.0.0 may log passwords in log ...) + NOT-FOR-US: Juniper Networks CSO +CVE-2018-0041 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...) + NOT-FOR-US: Juniper +CVE-2018-0040 (Juniper Networks Contrail Service Orchestrator versions prior to 4.0.0 ...) + NOT-FOR-US: Juniper +CVE-2018-0039 (Juniper Networks Contrail Service Orchestration releases prior to 4.0. ...) + NOT-FOR-US: Juniper +CVE-2018-0038 (Juniper Networks Contrail Service Orchestration releases prior to 3.3. ...) + NOT-FOR-US: Juniper +CVE-2018-0037 (Junos OS routing protocol daemon (RPD) process may crash and restart o ...) + NOT-FOR-US: Junos OS +CVE-2018-0036 + RESERVED +CVE-2018-0035 (QFX5200 and QFX10002 devices that have been shipped with Junos OS 15.1 ...) + NOT-FOR-US: Junos OS +CVE-2018-0034 (A Denial of Service vulnerability exists in the Juniper Networks Junos ...) + NOT-FOR-US: Juniper +CVE-2018-0033 + RESERVED +CVE-2018-0032 (The receipt of a crafted BGP UPDATE can lead to a routing process daem ...) + NOT-FOR-US: Juniper +CVE-2018-0031 (Receipt of specially crafted UDP/IP packets over MPLS may be able to b ...) + NOT-FOR-US: Juniper +CVE-2018-0030 (Receipt of a specific MPLS packet may cause MPC7/8/9, PTX-FPC3 (FPC-P1 ...) + NOT-FOR-US: Juniper +CVE-2018-0029 (While experiencing a broadcast storm, placing the fxp0 interface into ...) + NOT-FOR-US: Juniper +CVE-2018-0028 + RESERVED +CVE-2018-0027 (Receipt of a crafted or malformed RSVP PATH message may cause the rout ...) + NOT-FOR-US: Juniper +CVE-2018-0026 (After Junos OS device reboot or upgrade, the stateless firewall filter ...) + NOT-FOR-US: Juniper +CVE-2018-0025 (When an SRX Series device is configured to use HTTP/HTTPS pass-through ...) + NOT-FOR-US: Juniper +CVE-2018-0024 (An Improper Privilege Management vulnerability in a shell session of J ...) + NOT-FOR-US: Juniper +CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot Administrato ...) + NOT-FOR-US: JSNAPy +CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more i ...) + NOT-FOR-US: Juniper +CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...) + NOT-FOR-US: Juniper +CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE whic ...) + NOT-FOR-US: Juniper +CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may al ...) + NOT-FOR-US: Juniper +CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker ...) + NOT-FOR-US: Juniper +CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol Translat ...) + NOT-FOR-US: Juniper +CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP) ...) + NOT-FOR-US: Juniper +CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...) + NOT-FOR-US: AppFormix +CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with zer ...) + NOT-FOR-US: Juniper +CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space N ...) + NOT-FOR-US: Juniper +CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that m ...) + NOT-FOR-US: Juniper +CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ma ...) + NOT-FOR-US: Juniper +CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director ...) + NOT-FOR-US: Juniper +CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to m ...) + NOT-FOR-US: Juniper +CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit scri ...) + NOT-FOR-US: Juniper +CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously c ...) + NOT-FOR-US: Juniper +CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...) + NOT-FOR-US: Juniper +CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC mov ...) + NOT-FOR-US: Juniper +CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can ...) + NOT-FOR-US: Juniper +CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, o ...) + NOT-FOR-US: Juniper +CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG en ...) + NOT-FOR-US: Juniper +CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by expl ...) + NOT-FOR-US: Juniper +CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allows remo ...) + NOT-FOR-US: Atlassian Jira +CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 allow ...) + NOT-FOR-US: Atlassian Jira +CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows remo ...) + NOT-FOR-US: PieChart gadget in Atlassian Jira +CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version 7.6. ...) + NOT-FOR-US: Atlassian Jira +CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect action ...) + NOT-FOR-US: Atlassian Fisheye and Crucible +CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before ...) + NOT-FOR-US: Atlassian +CVE-2017-16859 (The review attachment resource in Atlassian Fisheye and Crucible befor ...) + NOT-FOR-US: Atlassian +CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...) + NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd +CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via minim ...) + NOT-FOR-US: Atlassian +CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...) + NOT-FOR-US: Atlassian Confluence +CVE-2017-16855 + REJECTED +CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...) + {DSA-4066-1 DLA-1212-1} + - otrs2 6.0.2-1 + NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ + NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347 + NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016 + NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d + NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0 +CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 before build 13530 allows SQ ...) + NOT-FOR-US: Zoho ManageEngine Applications Manager +CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values dur ...) + {DSA-4213-1 DLA-1497-1} + - qemu 1:2.12~rc3+dfsg-1 (bug #882136) + [wheezy] - qemu (Can be fixed along in a future update) + - qemu-kvm + [wheezy] - qemu-kvm (Can be fixed along in a future update) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html + NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=802cbcb73002b92e6ddc8464d39b668a71b78d74 +CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in for ...) + {DSA-4041-1 DLA-1173-1} + - procmail 3.22-26 (bug #876511) +CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKey ...) + NOT-FOR-US: Vonage VDV-23 +CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in admin/google_search_consol ...) + NOT-FOR-US: Yoast SEO plugin for WordPress +CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to /Calend ...) + NOT-FOR-US: LanSweeper +CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote ...) + {DSA-4049-1} + - ffmpeg 7:3.4.1-1 + NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 +CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...) + NOT-FOR-US: vagrant-vmware-fusion +CVE-2017-16838 + RESERVED +CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...) + - tboot (Fixed with first upload to Debian) + NOTE: https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/ +CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...) + NOT-FOR-US: Arris TG1682G devices +CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...) + NOT-FOR-US: Photo Video Locker-Calculator application for Android +CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an u ...) + - pnp4nagios (/etc/pnp4nagios and its content is installed as root by the Debian package) + NOTE: https://github.com/lingej/pnp4nagios/issues/140 +CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16 ...) + NOT-FOR-US: Gemirro +CVE-2017-16853 (The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicM ...) + {DSA-4039-1 DLA-1178-1} + - opensaml2 2.6.1-1 (bug #881856) + NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d + NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt +CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataPro ...) + {DSA-4038-1 DLA-1179-1} + - shibboleth-sp2 2.6.1+dfsg1-1 (bug #881857) + NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16 + NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt +CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File Descr ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b +CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca +CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils 2.29 ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4 +CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163 +CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 al ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d +CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File D ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419 +CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File De ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22376 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d +CVE-2017-16825 + RESERVED +CVE-2017-16824 + RESERVED +CVE-2017-16823 + RESERVED +CVE-2017-16822 + RESERVED +CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.jav ...) + NOT-FOR-US: b3log Symphony +CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems R ...) + NOT-FOR-US: Icon Time Systems RTC-1000 +CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote authenticate ...) + - ceph (Vulnerable code introduced after 12.1.0) + NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a +CVE-2017-16817 + RESERVED +CVE-2017-16816 (The condor_schedd component in HTCondor before 8.6.8 and 8.7.x before ...) + - condor 8.6.8~dfsg.1-1 + [stretch] - condor (VOMS support disabled) + [jessie] - condor (Minor issue) + [wheezy] - condor (Minor issue) + NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html +CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration & ...) + NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress +CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...) + - collectd 5.8.0-1 (bug #881757) + [stretch] - collectd (Minor issue) + [jessie] - collectd (Minor issue) + [wheezy] - collectd (Vulnerable code not present) + NOTE: https://github.com/collectd/collectd/issues/2291 +CVE-2017-16814 (A Directory Traversal issue was discovered in the Foxit MobilePDF app ...) + NOT-FOR-US: Foxit +CVE-2017-16813 (A denial-of-service issue was discovered in the Foxit MobilePDF app be ...) + NOT-FOR-US: Foxit +CVE-2017-16812 + RESERVED +CVE-2017-16811 + RESERVED +CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables tab in O ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-16809 + RESERVED +CVE-2017-16808 (tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_ ...) + - tcpdump 4.9.3~git20190901-1 (unimportant; bug #881862) + NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645 + NOTE: Crash in CLI tool, no security impact +CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3 ...) + NOT-FOR-US: Kirby Panel +CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in Ul ...) + NOT-FOR-US: Ulterius +CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...) + - radare2 2.1.0+dfsg-1 (bug #882134) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Vulnerable code does not exist; no dwarf support) + NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d + NOTE: https://github.com/radare/radare2/issues/8813 +CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...) + {DSA-4119-1} + - libav (low) + - ffmpeg 7:2.2.1-1 + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098 + NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f + NOTE: ffmpeg: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f + NOTE: ffmpeg originally fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/b829da363985cb2f80130bba304cc29a632f6446 +CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in app/webroot/js/mi ...) + NOT-FOR-US: MISP +CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/issues/25713 (private) + NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0 + NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc +CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17. ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-16800 + RESERVED +CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, sto ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properl ...) + - swftools + [stretch] - swftools (Minor issue) + [jessie] - swftools (Minor issue) + [wheezy] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/51 +CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check t ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/51 + NOTE: Crash in CLI tool, no security implications +CVE-2017-16795 + RESERVED +CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...) + - swftools (unimportant) + NOTE: https://github.com/matthiaskramm/swftools/issues/50 + NOTE: Crash in CLI tool, no security implications +CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...) + - swftools + [stretch] - swftools (Minor issue) + [jessie] - swftools (Minor issue) + [wheezy] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/47 +CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in ...) + NOT-FOR-US: geminabox +CVE-2017-16791 + RESERVED +CVE-2017-16790 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) + {DSA-4262-1} + - symfony 3.4.0+dfsg-1 + [jessie] - symfony (vulnerable code introduced in 2.4.*) + NOTE: https://symfony.com/blog/cve-2017-16790-ensure-that-submitted-data-are-uploaded-files + NOTE: https://github.com/symfony/symfony/pull/24993 +CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS ...) + NOT-FOR-US: TIBCO +CVE-2017-16788 (Directory traversal vulnerability in the "Upload Groupkey" functionali ...) + NOT-FOR-US: Meinberg LANTIME +CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...) + NOT-FOR-US: Meinberg LANTIME +CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with firmwar ...) + NOT-FOR-US: Meinberg LANTIME +CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detail ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript cod ...) + NOT-FOR-US: Home Assistant +CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS.) + NOT-FOR-US: MyBB +CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...) + NOT-FOR-US: MyBB +CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.) + - cacti 1.1.27+ds1-3 + [stretch] - cacti (Vulnerable code does not exist) + [jessie] - cacti (Vulnerable code does not exist) + [wheezy] - cacti (Vulnerable code does not exist) + NOTE: https://github.com/Cacti/cacti/issues/1071 + NOTE: this is more or less a dublicate of CVE-2017-16641 + NOTE: one of the applied patches reopened the vulnerability +CVE-2017-16779 + RESERVED +CVE-2017-16778 (An access control weakness in the DTMF tone receiver of Fermax Outdoor ...) + NOT-FOR-US: Fermax Outdoor Panel +CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin +CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...) + NOT-FOR-US: Conserus Workflow Intelligence +CVE-2017-16775 (Improper restriction of rendered UI layers or frames vulnerability in ...) + NOT-FOR-US: Synology +CVE-2017-16774 (Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotifica ...) + NOT-FOR-US: Synology +CVE-2017-16773 (Improper authorization vulnerability in Highlight Preview in Synology ...) + NOT-FOR-US: Synology +CVE-2017-16772 (Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUploa ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Pho ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-16770 (File and directory information exposure vulnerability in SYNO.Surveill ...) + NOT-FOR-US: Synology Surveillance Station +CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in Synol ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in Syno ...) + NOT-FOR-US: Synology MailPlus Server +CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology S ...) + NOT-FOR-US: Synology Surveillance Station +CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.) + NOT-FOR-US: D-Link +CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...) + NOT-FOR-US: django_make_app +CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...) + NOT-FOR-US: Confire +CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory trave ...) + NOT-FOR-US: Sanic +CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allow ...) + NOT-FOR-US: Inedo BuildMaster +CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS.) + NOT-FOR-US: Inedo BuildMaster +CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote a ...) + NOT-FOR-US: LibreNMS +CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in admin/partials/uif-access- ...) + NOT-FOR-US: WordPress plugin +CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...) + NOT-FOR-US: Hola VPN +CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A cross-si ...) + NOT-FOR-US: Userscape HelpSpot +CVE-2017-16755 (An issue was discovered in Userscape HelpSpot before 4.7.2. A reflecte ...) + NOT-FOR-US: Userscape HelpSpot +CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler route ...) + NOT-FOR-US: Bolt CMS +CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech WebAcce ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16752 + RESERVED +CVE-2017-16751 (A Stack-based Buffer Overflow issue was discovered in Delta Electronic ...) + NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor +CVE-2017-16750 + RESERVED +CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics Delta Indus ...) + NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor +CVE-2017-16748 (An attacker can log into the local Niagara platform (Niagara AX Framew ...) + NOT-FOR-US: Niagara AX +CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta Electronics Delta ...) + NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor +CVE-2017-16746 + RESERVED +CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics Delta Indus ...) + NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor +CVE-2017-16744 (A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and ...) + NOT-FOR-US: Niagara AX +CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL S ...) + NOT-FOR-US: PHOENIX CONTACT FL SWITCH +CVE-2017-16742 + RESERVED +CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL SWI ...) + NOT-FOR-US: PHOENIX CONTACT FL SWITCH +CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation Allen-Br ...) + NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers +CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...) + NOT-FOR-US: WECON Technology LEVI Studio HMI Editor +CVE-2017-16738 + RESERVED +CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor v1. ...) + NOT-FOR-US: WECON Technology LEVI Studio HMI Editor +CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovere ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) + NOT-FOR-US: Ecava IntegraXor +CVE-2017-16734 + RESERVED +CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...) + NOT-FOR-US: Ecava IntegraXor +CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB El ...) + NOT-FOR-US: Ellipse +CVE-2017-16730 + RESERVED +CVE-2017-16729 + RESERVED +CVE-2017-16728 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ver ...) + NOT-FOR-US: Moxa +CVE-2017-16726 (Beckhoff TwinCAT supports communication over ADS. ADS is a protocol fo ...) + NOT-FOR-US: Beckhoff TwinCAT +CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai Technol ...) + NOT-FOR-US: Xiongmai Technology IP Cameras and DVRs +CVE-2017-16724 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMS ...) + NOT-FOR-US: PHOENIX +CVE-2017-16722 + RESERVED +CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA V ...) + NOT-FOR-US: Geovap Reliance SCADA +CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions 8.3.2 and ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPor ...) + NOT-FOR-US: Moxa +CVE-2017-16718 (Beckhoff TwinCAT 3 supports communication over ADS. ADS is a protocol ...) + NOT-FOR-US: Beckhoff TwinCAT +CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio ...) + NOT-FOR-US: WECON LeviStudio HMI +CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior to 8. ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Versio ...) + NOT-FOR-US: Moxa +CVE-2017-16714 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) + NOT-FOR-US: Ice Qube Thermal Management Center +CVE-2017-16713 + RESERVED +CVE-2017-16712 + RESERVED +CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...) + - swftools (unimportant; bug #881390) + NOTE: https://github.com/matthiaskramm/swftools/issues/46 + NOTE: Crash in CLI tool, no security implications +CVE-2017-16710 (Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 d ...) + NOT-FOR-US: Creston +CVE-2017-16709 (Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 ...) + NOT-FOR-US: Creston +CVE-2017-16708 + RESERVED +CVE-2017-16707 + RESERVED +CVE-2017-16706 + RESERVED +CVE-2017-16705 + RESERVED +CVE-2017-16704 + RESERVED +CVE-2017-16703 + RESERVED +CVE-2017-16702 + RESERVED +CVE-2017-16701 + RESERVED +CVE-2017-16700 + RESERVED +CVE-2017-16699 + RESERVED +CVE-2017-16698 + RESERVED +CVE-2017-16697 + RESERVED +CVE-2017-16696 + RESERVED +CVE-2017-16695 + RESERVED +CVE-2017-16694 + RESERVED +CVE-2017-16693 + RESERVED +CVE-2017-16692 + RESERVED +CVE-2017-16691 (SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to 7.1 ...) + NOT-FOR-US: SAP Note Assistant +CVE-2017-16690 (A malicious DLL preload attack possible on NwSapSetup and Installation ...) + NOT-FOR-US: SAP Plant Connectivity +CVE-2017-16689 (A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SA ...) + NOT-FOR-US: SAP KERNEL +CVE-2017-16688 + RESERVED +CVE-2017-16687 (The user self-service tools of SAP HANA extended application services, ...) + NOT-FOR-US: SAP HANA +CVE-2017-16686 + RESERVED +CVE-2017-16685 (Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data In ...) + NOT-FOR-US: SAP Business Warehouse Universal Data Integration +CVE-2017-16684 (SAP Business Intelligence Promotion Management Application, Enterprise ...) + NOT-FOR-US: SAP Business Intelligence Promotion Management Application +CVE-2017-16683 (Denial of Service (DOS) in SAP Business Objects Platform, Enterprise 4 ...) + NOT-FOR-US: SAP Business Objects Platform +CVE-2017-16682 (SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 t ...) + NOT-FOR-US: SAP NetWeaver Internet Transaction Server +CVE-2017-16681 (Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence ...) + NOT-FOR-US: SAP Business Intelligence Promotion Management Application +CVE-2017-16680 (Two potential audit log injections in SAP HANA extended application se ...) + NOT-FOR-US: SAP HANA extended application services +CVE-2017-16679 (URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 ...) + NOT-FOR-US: SAP's Startup Service +CVE-2017-16678 (Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver Know ...) + NOT-FOR-US: SAP NetWeaver Knowledge Management Configuration Service +CVE-2017-16677 + RESERVED +CVE-2017-16676 + RESERVED +CVE-2017-16675 + RESERVED +CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command execution vi ...) + NOT-FOR-US: Datto Windows Agent +CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming ...) + NOT-FOR-US: Datto Backup Agent +CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...) + - asterisk 1:13.18.1~dfsg-1 (bug #881256) + [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3 + [jessie] - asterisk (Vulnerable code not present) + [wheezy] - asterisk (Vulnerable code not present) + NOTE: http://downloads.digium.com/pub/security/AST-2017-011.html + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27345 +CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 befo ...) + - asterisk 1:13.18.1~dfsg-1 (bug #881257) + [stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3 + [jessie] - asterisk (Vulnerable code do not exist) + [wheezy] - asterisk (Vulnerable code do not exist) + NOTE: http://downloads.digium.com/pub/security/AST-2017-010.html + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27337 +CVE-2017-16670 (The project import functionality in SoapUI 5.3.0 allows remote attacke ...) + NOT-FOR-US: SoapUI +CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...) + {DSA-4321-1 DLA-1401-1 DLA-1168-1} + - graphicsmagick 1.3.26-19 (bug #881391) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/ + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6 +CVE-2017-16668 + RESERVED +CVE-2017-16666 (Xplico before 1.2.1 allows remote authenticated users to execute arbit ...) + NOT-FOR-US: Xplico +CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a reflec ...) + NOT-FOR-US: RemObjects Remoting SDK +CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket Requ ...) + {DSA-4047-1 DLA-1212-1} + - otrs2 5.0.24-1 (bug #882370) + NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ + NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d + NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce +CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper escaping/quot ...) + - backintime 1.1.24-0.1 (bug #881205) + [stretch] - backintime (Minor issue) + [jessie] - backintime (Minor issue) + [wheezy] - backintime (Vulnerable code does not exist) + NOTE: https://github.com/bit-team/backintime/issues/834 + NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3 +CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-base ...) + {DLA-1185-1} + - sam2p + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/16 +CVE-2017-16662 + RESERVED +CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows loc ...) + NOT-FOR-US: assp as packaged by Gentoo +CVE-2017-16658 + RESERVED +CVE-2017-16657 + RESERVED +CVE-2017-16656 + RESERVED +CVE-2017-16655 + RESERVED +CVE-2017-16654 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) + {DSA-4262-1 DLA-1707-1} + - symfony 3.4.0+dfsg-1 + NOTE: https://symfony.com/blog/cve-2017-16654-intl-bundle-readers-breaking-out-of-paths + NOTE: https://github.com/symfony/symfony/pull/24994 +CVE-2017-16653 (An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...) + {DSA-4262-1} + - symfony 3.4.0+dfsg-1 + [jessie] - symfony (vulnerable code not present in branch 2.3) + NOTE: https://symfony.com/blog/cve-2017-16653-csrf-protection-does-not-use-different-tokens-for-http-and-https + NOTE: https://github.com/symfony/symfony/pull/24992 +CVE-2017-16652 (An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2 ...) + {DSA-4262-1 DLA-1707-1} + - symfony 3.4.0+dfsg-1 + NOTE: https://symfony.com/blog/cve-2017-16652-open-redirect-vulnerability-on-security-handlers + NOTE: https://github.com/symfony/symfony/pull/24995 + NOTE: See CVE-2018-11408 to address original incomplete fix for CVE-2017-16652 +CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...) + {DSA-4030-1 DLA-1193-1} + - roundcube 1.3.3+dfsg.1-1 + NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d + NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806 + NOTE: release-1.2: https://github.com/roundcube/roundcubemail/commit/9be2224c779d7abc7b29eea2b83a8a3671c543e0 + NOTE: release-1.1: https://github.com/roundcube/roundcubemail/commit/e757cc410145d043c30889d28fa0b5f67a5cf2fd + NOTE: release-1.0: https://github.com/roundcube/roundcubemail/commit/8d87bb34f3c6103ab81e5342d8b3d297832d178a + NOTE: https://github.com/roundcube/roundcubemail/issues/6026 +CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...) + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (Vulnerable code not present) +CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 +CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend. ...) + - linux (Vulnerable code not present) +CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 all ...) + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel throug ...) + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu. ...) + - linux 4.14.2-1 (unimportant) + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.56-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: CONFIG_INPUT_IMS_PCU is not set in Debian config +CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in th ...) + {DSA-4073-1} + - linux 4.14.7-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco. ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 +CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an e ...) + {DSA-4081-1 DSA-4080-1} + - php7.1 7.1.11-1 + - php7.0 7.0.25-1 + - php5 + [wheezy] - php5 (Vulnerable code not present; proof of concept produces expected non-buggy output; upstream patch also appears overly intrusive) + NOTE: Fixed in: 5.6.32, 7.0.25, 7.1.11 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75055 + NOTE: https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536 + NOTE: https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1 +CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read arbitr ...) + - cacti 1.1.27+ds1-3 + [stretch] - cacti (Vulnerable code does not exist) + [jessie] - cacti (Vulnerable code does not exist) + [wheezy] - cacti (Vulnerable code does not exist) + NOTE: https://github.com/Cacti/cacti/issues/1066 + NOTE: affected code was introduced in the 1.x release +CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct Rem ...) + - cacti 1.1.27+ds1-3 + [stretch] - cacti (Vulnerable code does not exist) + [jessie] - cacti (Vulnerable code does not exist) + [wheezy] - cacti (Vulnerable code does not exist) + NOTE: https://github.com/Cacti/cacti/issues/1066 + NOTE: affected code was introduced in the 1.x release +CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...) + - cacti 1.1.27+ds1-3 (bug #881110) + [stretch] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) + [jessie] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) + [wheezy] - cacti (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream) + NOTE: https://github.com/Cacti/cacti/issues/1057 + NOTE: https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e +CVE-2017-16640 + RESERVED +CVE-2017-16639 (Tor Browser on Windows before 8.0 allows remote attackers to bypass th ...) + NOT-FOR-US: Tor Browser on Windows +CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not prope ...) + - libnet-ping-external-perl (bug #881097) + [wheezy] - libnet-ping-external-perl (Package may be removed from Wheezy, see #881102) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230 + NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch +CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may allow memb ...) + NOT-FOR-US: Gentoo net-misc/vde packaging issue +CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when res ...) + NOT-FOR-US: Vectura Perfect Privacy VPN Manager +CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the ne ...) + NOT-FOR-US: Bludit +CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname ...) + NOT-FOR-US: TinyWebGallery +CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a user' ...) + NOT-FOR-US: Joomla! +CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only i ...) + NOT-FOR-US: Joomla! +CVE-2017-16632 (In SapphireIMS 4097_1, the password in the database is stored in Base6 ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16631 (In SapphireIMS 4097_1, a guest user is able to change the password of ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16630 (In SapphireIMS 4097_1, a guest user can create a local administrator a ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16629 (In SapphireIMS 4097_1, it is possible to guess the registered/active u ...) + NOT-FOR-US: SapphireIMS +CVE-2017-16628 + RESERVED +CVE-2017-16627 + RESERVED +CVE-2017-16626 + RESERVED +CVE-2017-16625 + RESERVED +CVE-2017-16624 + RESERVED +CVE-2017-16623 + RESERVED +CVE-2017-16622 + RESERVED +CVE-2017-16621 + RESERVED +CVE-2017-16620 + RESERVED +CVE-2017-16619 + RESERVED +CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...) + NOT-FOR-US: OwlMixin +CVE-2017-16617 + RESERVED +CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...) + NOT-FOR-US: pyanyapi +CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...) + NOT-FOR-US: MLAlchemy +CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows re ...) + NOT-FOR-US: tpshop +CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through 1 ...) + {DSA-4044-1} + - swauth 1.2.0-4 (bug #882314) + NOTE: https://bugs.launchpad.net/swift/+bug/1655781 +CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...) + {DSA-4059-1 DLA-1201-1} + - libxcursor 1:1.1.14-3.1 (bug #883792) + - wayland 1.14.0-2 (bug #889681) + [stretch] - wayland 1.12.0-1+deb9u1 + [jessie] - wayland (Minor issue) + [wheezy] - wayland (vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/6 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2 + NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961 + NOTE: Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38 + NOTE: For src:wayland originally fixed in 1.14.0-2 but the 1.15.0-1 upload + NOTE: did not merge in the 1.14.0-2 upload. +CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...) + {DLA-2901-1} + - libxfont 1:2.0.3-1 (low; bug #883929) + [jessie] - libxfont (Minor issue) + [wheezy] - libxfont (Minor issue) + - libxfont1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2017/11/28/7 + NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8 + NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2 + NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2 +CVE-2017-16610 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgain +CVE-2017-16609 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16608 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgain +CVE-2017-16607 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16606 (This vulnerability allows remote attackers to execute code by creating ...) + NOT-FOR-US: Netgain +CVE-2017-16605 (This vulnerability allows remote attackers to overwrite arbitrary file ...) + NOT-FOR-US: Netgain +CVE-2017-16604 (This vulnerability allows remote attackers to overwrite arbitrary file ...) + NOT-FOR-US: Netgain +CVE-2017-16603 (This vulnerability allows remote attackers to execute code by creating ...) + NOT-FOR-US: Netgain +CVE-2017-16602 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgain +CVE-2017-16601 (This vulnerability allows remote attackers to overwrite arbitrary file ...) + NOT-FOR-US: Netgain +CVE-2017-16600 (This vulnerability allows remote attackers to overwrite files on vulne ...) + NOT-FOR-US: Netgain +CVE-2017-16599 (This vulnerability allows remote attackers to delete arbitrary files o ...) + NOT-FOR-US: Netgain +CVE-2017-16598 (This vulnerability allows remote attackers to execute code by overwrit ...) + NOT-FOR-US: Netgain +CVE-2017-16597 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Netgain +CVE-2017-16596 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16595 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16594 (This vulnerability allows remote attackers to create arbitrary files o ...) + NOT-FOR-US: Netgain +CVE-2017-16593 (This vulnerability allows remote attackers to delete arbitrary files o ...) + NOT-FOR-US: Netgain +CVE-2017-16592 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16591 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Netgain +CVE-2017-16590 (This vulnerability allows remote attackers to bypass authentication on ...) + NOT-FOR-US: Netgain +CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16587 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16586 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16585 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16584 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16583 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16582 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16581 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16580 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16579 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16578 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16577 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16576 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16575 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16574 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16573 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16572 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16571 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...) + NOT-FOR-US: KeystoneJS +CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an h ...) + NOT-FOR-US: Zurmo +CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...) + NOT-FOR-US: Logitech Media Server +CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server 7.9. ...) + NOT-FOR-US: Logitech Media Server +CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...) + NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices +CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandst ...) + NOT-FOR-US: Vonage +CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...) + NOT-FOR-US: Vonage +CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on Vona ...) + NOT-FOR-US: Vonage +CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on a site ...) + NOT-FOR-US: WordPress plugin userpro +CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 i ...) + NOT-FOR-US: Ingenious School Management System +CVE-2017-16560 (SanDisk Secure Access 3.01 vault decrypts and copies encrypted files t ...) + NOT-FOR-US: SanDisk Secure Access +CVE-2017-16559 + RESERVED +CVE-2017-16558 (Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vu ...) + NOT-FOR-US: Contao +CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain privi ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to a ...) + NOT-FOR-US: K7 Antivirus +CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-develo ...) + {DSA-4068-1 DLA-1218-1} + - rsync 3.1.2-2.1 (bug #880954) + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112 + NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1 +CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 doe ...) + {DSA-4321-1 DLA-1456-1 DLA-1170-1} + - graphicsmagick 1.3.26-18 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/ +CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...) + {DSA-4074-1 DSA-4040-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #881392) + [wheezy] - imagemagick (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/851 +CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 doe ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-18 + [jessie] - graphicsmagick 1.3.20-3+deb8u3 + [wheezy] - graphicsmagick (Not possible to trigger with presented test case) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/ + NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this + NOTE: the severity of the wheezy version is low even though the vulnerable code is still present. + NOTE: The patch is trivial so it may be worth fixing in combination with some other fix. +CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through 1.27. ...) + {DLA-2559-1 DLA-1445-1} + - busybox 1:1.27.2-2 (bug #882258) + [wheezy] - busybox (Minor issue) + NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/ + NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8 +CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 before build 13500 allows SQ ...) + NOT-FOR-US: Zoho +CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 before build 13500 allows Po ...) + NOT-FOR-US: Zoho +CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...) + {DSA-4327-1 DLA-1575-1} + - firefox 62.0-1 (unimportant) + - firefox-esr 60.2.0esr-1 (unimportant) + [stretch] - firefox-esr 60.2.0esr-1~deb9u2 + - thunderbird 1:60.2.1-1 + NOTE: https://trac.torproject.org/projects/tor/ticket/24052 + NOTE: https://blog.torproject.org/tor-browser-709-released + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2017-16541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/#CVE-2017-16541 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2017-16541 +CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database co ...) + NOT-FOR-US: OpenEMR +CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby throug ...) + - docker.io 1.13.1~ds3-1 (bug #900140) + NOTE: https://github.com/moby/moby/pull/35399 + NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1 +CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.1 ...) + {DSA-4082-1 DSA-4073-1} + - linux 4.14.7-1 + [wheezy] - linux (Vulnerable code not present) +CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 +CVE-2017-16536 (The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-ca ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 +CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in th ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/1c0edc3633b56000e18d82fc241e3995ca18a69e +CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...) + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/2e1c42391ff2556387b3cb6308b24f6f65619feb +CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linu ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b +CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 +CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows loc ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb +CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...) + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4 +CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux k ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 +CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...) + - linux 4.13.4-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57 +CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/124751d5e63c823092060074bd0abaae61aaa9c4 +CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local user ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043 +CVE-2017-16525 (The usb_serial_console_disconnect function in drivers/usb/serial/conso ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 +CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unre ...) + NOT-FOR-US: Samsung SRN-1670D devices +CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...) + NOT-FOR-US: MitraStar +CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b ...) + NOT-FOR-US: MitraStar +CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where XslComp ...) + NOT-FOR-US: Inedo BuildMaster +CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of ...) + NOT-FOR-US: Inedo BuildMaster +CVE-2017-16519 + RESERVED +CVE-2017-16518 + RESERVED +CVE-2017-16517 + RESERVED +CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...) + {DLA-3516-1 DLA-3492-1 DLA-1167-1} + - ruby-yajl 1.2.0-3.1 (low; bug #880691) + [stretch] - ruby-yajl (Minor issue) + [jessie] - ruby-yajl (Minor issue) + - yajl 2.1.0-4 (bug #1040036) + [bookworm] - yajl 2.1.0-3+deb12u2 + [bullseye] - yajl 2.1.0-3+deb11u2 + - burp (bug #1040146) + [bookworm] - burp (Minor issue) + [bullseye] - burp (Minor issue) + - epics-base (bug #1040159) + [bookworm] - epics-base (Minor issue) + - r-cran-jsonlite 1.8.8+dfsg-1 (bug #1040161) + [bookworm] - r-cran-jsonlite (Minor issue) + [bullseye] - r-cran-jsonlite (Minor issue) + [buster] - r-cran-jsonlite (Minor issue) + - xqilla (Vulnerable code not present; embeds not-affected ancient yajl version) + NOTE: xqilla's embedded yajl is ancient (around 0.2.2), not having the vulnerable code + NOTE: https://github.com/brianmario/yajl-ruby/issues/176 + NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce +CVE-2017-16515 + RESERVED +CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...) + NOT-FOR-US: WebsiteBaker +CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in t ...) + NOT-FOR-US: Ipswitch WS_FTP Professional +CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 th ...) + NOT-FOR-US: vagrant-vmware-fusion +CVE-2017-16511 + RESERVED +CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to th ...) + - mahara +CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before ...) + - mahara +CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) + - mahara +CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + - mahara +CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + - mahara +CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before ...) + - mahara +CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 a ...) + - mahara +CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...) + - mahara +CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to ...) + - mahara +CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15 ...) + - mahara +CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + - mahara +CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04. ...) + - mahara +CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...) + - mahara +CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04. ...) + - mahara +CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04. ...) + - mahara +CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000141 (An issue was discovered in Mahara before 18.10.0. It mishandled user r ...) + - mahara + NOTE: https://bugs.launchpad.net/mahara/+bug/1422492 +CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...) + - mahara +CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to p ...) + - mahara +CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...) + - mahara +CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 an ...) + - mahara +CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + - mahara +CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 an ...) + - mahara +CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...) + - mahara +CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() ...) + {DSA-4090-1 DLA-1160-1} + - wordpress 4.8.3+dfsg-1 (bug #880528) + NOTE: https://wpvulndb.com/vulnerabilities/8941 + NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d + NOTE: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html +CVE-2017-16509 + REJECTED +CVE-2017-16508 + REJECTED +CVE-2017-16507 + REJECTED +CVE-2017-16506 + REJECTED +CVE-2017-16505 + REJECTED +CVE-2017-16504 + REJECTED +CVE-2017-16503 + REJECTED +CVE-2017-16502 + REJECTED +CVE-2017-16501 + REJECTED +CVE-2017-16500 + REJECTED +CVE-2017-16499 + REJECTED +CVE-2017-16498 + REJECTED +CVE-2017-16497 + REJECTED +CVE-2017-16496 + REJECTED +CVE-2017-16495 + REJECTED +CVE-2017-16494 + REJECTED +CVE-2017-16493 + REJECTED +CVE-2017-16492 + REJECTED +CVE-2017-16491 + REJECTED +CVE-2017-16490 + REJECTED +CVE-2017-16489 + REJECTED +CVE-2017-16488 + REJECTED +CVE-2017-16487 + REJECTED +CVE-2017-16486 + REJECTED +CVE-2017-16485 + REJECTED +CVE-2017-16484 + REJECTED +CVE-2017-16483 + REJECTED +CVE-2017-16482 + REJECTED +CVE-2017-16481 + REJECTED +CVE-2017-16480 + REJECTED +CVE-2017-16479 + REJECTED +CVE-2017-16478 + REJECTED +CVE-2017-16477 + REJECTED +CVE-2017-16476 + REJECTED +CVE-2017-16475 + REJECTED +CVE-2017-16474 + REJECTED +CVE-2017-16473 + REJECTED +CVE-2017-16472 + REJECTED +CVE-2017-16471 + REJECTED +CVE-2017-16470 + REJECTED +CVE-2017-16469 + REJECTED +CVE-2017-16468 + REJECTED +CVE-2017-16467 + REJECTED +CVE-2017-16466 + REJECTED +CVE-2017-16465 + REJECTED +CVE-2017-16464 + REJECTED +CVE-2017-16463 + REJECTED +CVE-2017-16462 + REJECTED +CVE-2017-16461 + REJECTED +CVE-2017-16460 + REJECTED +CVE-2017-16459 + REJECTED +CVE-2017-16458 + REJECTED +CVE-2017-16457 + REJECTED +CVE-2017-16456 + REJECTED +CVE-2017-16455 + REJECTED +CVE-2017-16454 + REJECTED +CVE-2017-16453 + REJECTED +CVE-2017-16452 + REJECTED +CVE-2017-16451 + REJECTED +CVE-2017-16450 + REJECTED +CVE-2017-16449 + REJECTED +CVE-2017-16448 + REJECTED +CVE-2017-16447 + REJECTED +CVE-2017-16446 + REJECTED +CVE-2017-16445 + REJECTED +CVE-2017-16444 + REJECTED +CVE-2017-16443 + REJECTED +CVE-2017-16442 + REJECTED +CVE-2017-16441 + REJECTED +CVE-2017-16440 + REJECTED +CVE-2017-16439 + REJECTED +CVE-2017-16438 + REJECTED +CVE-2017-16437 + REJECTED +CVE-2017-16436 + REJECTED +CVE-2017-16435 + REJECTED +CVE-2017-16434 + REJECTED +CVE-2017-16433 + REJECTED +CVE-2017-16432 + REJECTED +CVE-2017-16431 + REJECTED +CVE-2017-16430 + REJECTED +CVE-2017-16429 + REJECTED +CVE-2017-16428 + REJECTED +CVE-2017-16427 + REJECTED +CVE-2017-16426 + REJECTED +CVE-2017-16425 + REJECTED +CVE-2017-16424 + REJECTED +CVE-2017-16423 + REJECTED +CVE-2017-16422 + REJECTED +CVE-2017-16421 + REJECTED +CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16400 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16399 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16398 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16397 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16396 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16395 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16394 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16393 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16392 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16391 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16390 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16389 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16388 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16387 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16386 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16385 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16384 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16383 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16382 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16381 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16380 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16379 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16378 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16377 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16376 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16375 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16374 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16373 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16372 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16371 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16370 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16369 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16368 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16367 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16366 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16365 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16364 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16363 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16362 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16361 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16360 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in store_ve ...) + - radare2 2.1.0+dfsg-1 (bug #880616) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) + NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e + NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882 + NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d + NOTE: https://github.com/radare/radare2/issues/8764 +CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in string_ ...) + - radare2 2.1.0+dfsg-1 (bug #880619) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) + NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9 + NOTE: https://github.com/radare/radare2/issues/8748 +CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in store_ver ...) + - radare2 2.1.0+dfsg-1 (bug #880620) + [jessie] - radare2 (Vulnerable code introduced later) + [wheezy] - radare2 (Vulnerable code introduced later) + NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a + NOTE: https://github.com/radare/radare2/issues/8742 +CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) ...) + NOT-FOR-US: Kubik-Rubik SIGE +CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...) + {DSA-4415-1} + - passenger 5.0.30-1.1 (bug #884463) + - ruby-passenger + [jessie] - ruby-passenger (Minor issue) + [wheezy] - ruby-passenger (Vulnerable code introduced later) + NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/ + NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf + NOTE: https://www.openwall.com/lists/oss-security/2017/11/21/2 and following. + NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to + NOTE: get the status information. +CVE-2017-16354 + RESERVED +CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...) + {DSA-4321-1 DLA-1401-1 DLA-1159-1} + - graphicsmagick 1.3.26-17 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8 + NOTE: https://blogs.securiteam.com/index.php/archives/3494 +CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vu ...) + {DSA-4321-1 DLA-1456-1 DLA-1159-1} + - graphicsmagick 1.3.26-17 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185 + NOTE: https://blogs.securiteam.com/index.php/archives/3494 +CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting vulner ...) + - pluxml 5.6-1 (bug #881796) + [stretch] - pluxml (Minor issue) + [jessie] - pluxml (Minor issue) + NOTE: https://github.com/pluxml/PluXml/issues/253 +CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permission ch ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file wit ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-16351 + REJECTED +CVE-2017-16350 + REJECTED +CVE-2017-16349 (An exploitable XML external entity vulnerability exists in the reporti ...) + NOT-FOR-US: SAP +CVE-2017-16348 (An exploitable denial of service vulnerability exists in Insteon Hub r ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16347 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16346 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16345 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16344 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16343 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16342 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16341 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16340 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16339 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16338 (An attacker could send an authenticated HTTP request to trigger this v ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16337 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16336 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16335 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16334 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16333 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16332 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16331 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16330 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16329 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16328 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16327 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16326 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16325 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16324 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16323 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16322 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16321 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16320 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16319 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16318 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16317 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16316 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16315 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16314 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16313 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16312 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16311 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16310 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16309 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16308 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16307 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16306 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16305 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16304 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16303 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16302 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16301 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16300 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16299 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16298 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16297 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16296 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16295 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16294 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16293 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16292 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16291 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16290 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16289 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16288 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16287 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16286 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16285 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16284 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16283 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16282 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16281 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16280 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16279 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16278 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16277 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16276 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16275 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16274 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16273 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16272 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16271 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16270 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16269 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16268 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16267 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16266 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16265 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16264 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16263 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16262 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16261 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16260 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16259 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16258 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16257 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16256 (Multiple exploitable buffer overflow vulnerabilities exist in the PubN ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16255 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16254 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16253 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16252 (Specially crafted commands sent through the PubNub service in Insteon ...) + NOT-FOR-US: Insteon Hub +CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, releas ...) + NOT-FOR-US: Mitel +CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could allo ...) + NOT-FOR-US: Mitel +CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...) + NOT-FOR-US: Debut embedded http server +CVE-2017-16247 + RESERVED +CVE-2017-16246 + RESERVED +CVE-2017-16245 + RESERVED +CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426 ...) + NOT-FOR-US: OctoberCMS +CVE-2017-16243 + RESERVED +CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint MECO ...) + NOT-FOR-US: MECO +CVE-2017-1000384 + REJECTED +CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores umas ...) + NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original + NOTE: file when creating a backup file. That's hardly incorrect behaviour + NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182 +CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask wh ...) + - vim (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2017/10/31/15 + NOTE: Cf. https://www.openwall.com/lists/oss-security/2017/11/01/4 + NOTE: vim creates the .swp file according to the permissions of the file being + NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp + NOTE: file is readable by others. But that seem to be the intended behaviour. +CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows r ...) + - libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458) + [stretch] - libcatalyst-plugin-static-simple-perl (Minor issue) + [jessie] - libcatalyst-plugin-static-simple-perl (Minor issue) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558 +CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controller ...) + NOT-FOR-US: AMAG Symmetry Door Edge Network Controllers +CVE-2017-16240 + RESERVED +CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack No ...) + - nova 2:16.0.3-6 (bug #883621) + [stretch] - nova (Fix for CVE-2017-16239 not applied and not affecting 14.x.y) + [jessie] - nova (Vulnerable code not present) + [wheezy] - nova (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/12/05/5 + NOTE: https://launchpad.net/bugs/1732976 +CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x throug ...) + {DSA-4056-1} + - nova 2:16.0.3-1 (bug #882009) + [jessie] - nova (Vulnerble code introduced later) + [wheezy] - nova (Vulnerble code introduced later) + NOTE: https://launchpad.net/bugs/1664931 + NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html + NOTE: Regression fix: https://www.openwall.com/lists/oss-security/2017/12/05/4 +CVE-2017-16238 + RESERVED +CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file (VIAGLT64 ...) + NOT-FOR-US: Vir.IT eXplorer Anti-Virus +CVE-2017-16236 + RESERVED +CVE-2017-16235 + RESERVED +CVE-2017-16234 + RESERVED +CVE-2017-16233 + RESERVED +CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS ...) + NOT-FOR-US: D-Link devices +CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...) + NOT-FOR-US: Progress Software OpenEdge +CVE-2017-16232 (LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow at ...) + - tiff (unimportant) + NOTE: http://seclists.org/oss-sec/2017/q4/168 + NOTE: Related commit: https://gitlab.com/libtiff/libtiff/commit/25f9ffa56548c1846c4a1f19308b7f561f7b1ab0 + NOTE: This is actually only a partial fix, but upstream will not fix it completely. + NOTE: The related commit is included in 4.0.9. The underlying memory-based DOS + NOTE: would still be present. +CVE-2017-16231 (In PCRE 8.41, after compiling, a pcretest load test PoC produces a cra ...) + - pcre3 (unimportant) +CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...) + NOT-FOR-US: Typecho +CVE-2017-16229 (In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based b ...) + - ruby-ox 2.8.2-1 + [stretch] - ruby-ox (Minor issue) + [jessie] - ruby-ox (Minor issue) + NOTE: https://github.com/ohler55/ox/issues/195 + NOTE: https://github.com/ohler55/ox/pull/196 + NOTE: https://github.com/ohler55/ox/commit/0708ae44faf2ffc3d9330daf6ae023859a8b168b +CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote a ...) + - dulwich 0.18.5-1 + [stretch] - dulwich (Minor issue) + [jessie] - dulwich (Minor issue) + [wheezy] - dulwich (Minor issue) + NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/ + NOTE: This is similar class of issue as for CVE-2017-1000117/git + NOTE: But needs a separate CVE since different codebasis. +CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 al ...) + {DSA-4011-1 DLA-1152-1} + - quagga 1.2.2-1 (bug #879474) + NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html + NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008 +CVE-2017-16226 (The static-eval module is intended to evaluate statically-analyzable e ...) + NOT-FOR-US: static-eval module +CVE-2017-16225 (aegir is a module to help automate JavaScript project management. Vers ...) + NOT-FOR-US: aegir +CVE-2017-16224 (st is a module for serving static files. An attacker is able to craft ...) + NOT-FOR-US: st +CVE-2017-16223 (nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a direct ...) + NOT-FOR-US: nodeaaaaa +CVE-2017-16222 (elding is a simple web server. elding is vulnerable to a directory tra ...) + NOT-FOR-US: elding +CVE-2017-16221 (yzt is a simple file server. yzt is vulnerable to a directory traversa ...) + NOT-FOR-US: yzt +CVE-2017-16220 (wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory tr ...) + NOT-FOR-US: wind-mvc +CVE-2017-16219 (yttivy is a static file server. yttivy is vulnerable to a directory tr ...) + NOT-FOR-US: yttivy +CVE-2017-16218 (dgard8.lab6 is a static file server. dgard8.lab6 is vulnerable to a di ...) + NOT-FOR-US: dgard8.lab6 +CVE-2017-16217 (fbr-client sends files through sockets via socket.io and webRTC. fbr-c ...) + NOT-FOR-US: fbr-client +CVE-2017-16216 (tencent-server is a simple web server. tencent-server is vulnerable to ...) + NOT-FOR-US: tencent-server +CVE-2017-16215 (sgqserve is a simple file server. sgqserve is vulnerable to a director ...) + NOT-FOR-US: sgqserve +CVE-2017-16214 (peiserver is a static file server. peiserver is vulnerable to a direct ...) + NOT-FOR-US: peiserver +CVE-2017-16213 (mfrserver is a simple file server. mfrserver is vulnerable to a direct ...) + NOT-FOR-US: mfrserver +CVE-2017-16212 (ltt is a static file server. ltt is vulnerable to a directory traversa ...) + NOT-FOR-US: ltt +CVE-2017-16211 (lessindex is a static file server. lessindex is vulnerable to a direct ...) + NOT-FOR-US: lessindex +CVE-2017-16210 (jn_jj_server is a static file server. jn_jj_server is vulnerable to a ...) + NOT-FOR-US: jn_jj_server +CVE-2017-16209 (enserver is a simple web server. enserver is vulnerable to a directory ...) + NOT-FOR-US: enserver +CVE-2017-16208 (dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a direc ...) + NOT-FOR-US: dmmcquay.lab6 +CVE-2017-16207 (discordi.js is a malicious module based on the discord.js library that ...) + NOT-FOR-US: discordi.js +CVE-2017-16206 (The cofee-script module exfiltrates sensitive data such as a user's pr ...) + NOT-FOR-US: cofee-script +CVE-2017-16205 (The coffescript module exfiltrates sensitive data such as a user's pri ...) + NOT-FOR-US: coffescript +CVE-2017-16204 (The jquey module exfiltrates sensitive data such as a user's private S ...) + NOT-FOR-US: jquey +CVE-2017-16203 (The coffe-script module exfiltrates sensitive data such as a user's pr ...) + NOT-FOR-US: coffe-script +CVE-2017-16202 (The cofeescript module exfiltrates sensitive data such as a user's pri ...) + NOT-FOR-US: cofeescript +CVE-2017-16201 (zjjserver is a static file server. zjjserver is vulnerable to a direct ...) + NOT-FOR-US: zjjserver +CVE-2017-16200 (uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a dire ...) + NOT-FOR-US: uv-tj-demo +CVE-2017-16199 (susu-sum is a static file server. susu-sum is vulnerable to a director ...) + NOT-FOR-US: sus-sum +CVE-2017-16198 (ritp is a static web server. ritp is vulnerable to a directory travers ...) + NOT-FOR-US: ritp +CVE-2017-16197 (qinserve is a static file server. qinserve is vulnerable to a director ...) + NOT-FOR-US: sinserve +CVE-2017-16196 (quickserver is a simple static file server. quickserver is vulnerable ...) + NOT-FOR-US: quickserver +CVE-2017-16195 (pytservce is a static file server. pytservce is vulnerable to a direct ...) + NOT-FOR-US: pytservce +CVE-2017-16194 (picard is a micro framework. picard is vulnerable to a directory trave ...) + NOT-FOR-US: picard +CVE-2017-16193 (mfrs is a static file server. mfrs is vulnerable to a directory traver ...) + NOT-FOR-US: mfrs +CVE-2017-16192 (getcityapi.yoehoehne is a web server. getcityapi.yoehoehne is vulnerab ...) + NOT-FOR-US: getcityapi.yoehoehne +CVE-2017-16191 (cypserver is a static file server. cypserver is vulnerable to a direct ...) + NOT-FOR-US: cypserver +CVE-2017-16190 (dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a dire ...) + NOT-FOR-US: dcdcdcdcdc +CVE-2017-16189 (sly07 is an API for censoring text. sly07 is vulnerable to a directory ...) + NOT-FOR-US: sly07 +CVE-2017-16188 (reecerver is a web server. reecerver is vulnerable to a directory trav ...) + NOT-FOR-US: reecerver +CVE-2017-16187 (open-device creates a web interface for any device. open-device is vul ...) + NOT-FOR-US: open-device +CVE-2017-16186 (360class.jansenhm is a static file server. 360class.jansenhm is vulner ...) + NOT-FOR-US: 360class.jansenhm +CVE-2017-16185 (uekw1511server is a static file server. uekw1511server is vulnerable t ...) + NOT-FOR-US: uekw1511server +CVE-2017-16184 (scott-blanch-weather-app is a sample Node.js app using Express 4. scot ...) + NOT-FOR-US: scott-blanch-weather-app +CVE-2017-16183 (iter-server is a static file server. iter-server is vulnerable to a di ...) + NOT-FOR-US: iter-server +CVE-2017-16182 (serverxxx is a static file server. serverxxx is vulnerable to a direct ...) + NOT-FOR-US: serverxxx +CVE-2017-16181 (wintiwebdev is a static file server. wintiwebdev is vulnerable to a di ...) + NOT-FOR-US: wintiwebdev +CVE-2017-16180 (serverabc is a static file server. serverabc is vulnerable to a direct ...) + NOT-FOR-US: serverabc +CVE-2017-16179 (dasafio is a web server. dasafio is vulnerable to a directory traversa ...) + NOT-FOR-US: dasafio +CVE-2017-16178 (intsol-package is a file server. intsol-package is vulnerable to a dir ...) + NOT-FOR-US: intsol-package +CVE-2017-16177 (chatbyvista is a file server. chatbyvista is vulnerable to a directory ...) + NOT-FOR-US: chatbyvista +CVE-2017-16176 (jansenstuffpleasework is a file server. jansenstuffpleasework is vulne ...) + NOT-FOR-US: jansenstuffpleasework +CVE-2017-16175 (ewgaddis.lab6 is a file server. ewgaddis.lab6 is vulnerable to a direc ...) + NOT-FOR-US: ewgaddis.lab6 +CVE-2017-16174 (whispercast is a file server. whispercast is vulnerable to a directory ...) + NOT-FOR-US: whispercast +CVE-2017-16173 (utahcityfinder constructs lists of Utah cities with a certain prefix. ...) + NOT-FOR-US: utahcityfinder +CVE-2017-16172 (section2.madisonjbrooks12 is a simple web server. section2.madisonjbro ...) + NOT-FOR-US: section2.madisonjbrooks12 +CVE-2017-16171 (hcbserver is a static file server. hcbserver is vulnerable to a direct ...) + NOT-FOR-US: hcbserver +CVE-2017-16170 (liuyaserver is a static file server. liuyaserver is vulnerable to a di ...) + NOT-FOR-US: liuyaserver +CVE-2017-16169 (looppake is a simple http server. looppake is vulnerable to a director ...) + NOT-FOR-US: looppake +CVE-2017-16168 (wffserve is vulnerable to a directory traversal issue, giving an attac ...) + NOT-FOR-US: wffserve +CVE-2017-16167 (yyooopack is a simple file server. yyooopack is vulnerable to a direct ...) + NOT-FOR-US: yyooopack +CVE-2017-16166 (byucslabsix is an http server. byucslabsix is vulnerable to a director ...) + NOT-FOR-US: byucslabsix +CVE-2017-16165 (calmquist.static-server is a static file server. calmquist.static-serv ...) + NOT-FOR-US: calmquist.static-server +CVE-2017-16164 (desafio is a simple web server. desafio is vulnerable to a directory t ...) + NOT-FOR-US: desafio +CVE-2017-16163 (dylmomo is a simple file server. dylmomo is vulnerable to a directory ...) + NOT-FOR-US: dylmomo +CVE-2017-16162 (22lixian is a simple file server. 22lixian is vulnerable to a director ...) + NOT-FOR-US: 22lixian +CVE-2017-16161 (shenliru is a simple file server. shenliru is vulnerable to a director ...) + NOT-FOR-US: shenliru +CVE-2017-16160 (11xiaoli is a simple file server. 11xiaoli is vulnerable to a director ...) + NOT-FOR-US: 11xiaoli +CVE-2017-16159 (caolilinode is a simple file server. caolilinode is vulnerable to a di ...) + NOT-FOR-US: caolilinode +CVE-2017-16158 (dcserver is a static file server. dcserver is vulnerable to a director ...) + NOT-FOR-US: dcserver +CVE-2017-16157 (censorify.tanisjr is a simple web server and API RESTful service. cens ...) + NOT-FOR-US: censorify.tanisjr +CVE-2017-16156 (myprolyz is a static file server. myprolyz is vulnerable to a director ...) + NOT-FOR-US: myprolyz +CVE-2017-16155 (fast-http-cli is the command line interface for fast-http, a simple we ...) + NOT-FOR-US: fast-http-cli +CVE-2017-16154 (earlybird is a web server module for early development. earlybird is v ...) + NOT-FOR-US: earlybird +CVE-2017-16153 (gaoxuyan is vulnerable to a directory traversal issue, giving an attac ...) + NOT-FOR-US: gaoxuyan +CVE-2017-16152 (static-html-server is a static file server. static-html-server is vuln ...) + NOT-FOR-US: static-html-server +CVE-2017-16151 (Based on details posted by the ElectronJS team; A remote code executio ...) + NOT-FOR-US: Electron +CVE-2017-16150 (wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to ...) + NOT-FOR-US: wanggoujing123 +CVE-2017-16149 (zwserver is a weather web server. zwserver is vulnerable to a director ...) + NOT-FOR-US: zwserver +CVE-2017-16148 (serve46 is a static file server. serve46 is vulnerable to a directory ...) + NOT-FOR-US: serve46 +CVE-2017-16147 (shit-server is a file server. shit-server is vulnerable to a directory ...) + NOT-FOR-US: shit-server +CVE-2017-16146 (mockserve is a file server. mockserve is vulnerable to a directory tra ...) + NOT-FOR-US: mockserve +CVE-2017-16145 (sspa is a server dedicated to single-page apps. sspa is vulnerable to ...) + NOT-FOR-US: sspa +CVE-2017-16144 (myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vul ...) + NOT-FOR-US: myserver.alexcthomas18 +CVE-2017-16143 (commentapp.stetsonwood is an http server. commentapp.stetsonwood is vu ...) + NOT-FOR-US: commentapp.stetsonwood +CVE-2017-16142 (infraserver is a RESTful server. infraserver is vulnerable to a direct ...) + NOT-FOR-US: infraserver +CVE-2017-16141 (lab6drewfusbyu is an http server. lab6drewfusbyu is vulnerable to a di ...) + NOT-FOR-US: lab6drewfusbyu +CVE-2017-16140 (lab6.brit95 is a file server. lab6.brit95 is vulnerable to a directory ...) + NOT-FOR-US: lab6.brit95 +CVE-2017-16139 (jikes is a file server. jikes is vulnerable to a directory traversal i ...) + NOT-FOR-US: jikes +CVE-2017-16138 (The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular express ...) + - node-mime 2.3.1-1 (unimportant; bug #901277) + NOTE: https://github.com/broofa/node-mime/issues/167 + NOTE: https://nodesecurity.io/advisories/535 + NOTE: https://github.com/broofa/node-mime/commit/855d0c4b8b22e4a80b9401a81f2872058eae274d (1.x) + NOTE: https://github.com/broofa/node-mime/commit/1df903fdeb9ae7eaa048795b8d580ce2c98f40b0 (2.x) + NOTE: nodejs not covered by security support +CVE-2017-16137 (The debug module is vulnerable to regular expression denial of service ...) + - node-debug 3.1.0-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/534 + NOTE: nodejs not covered by security support +CVE-2017-16136 (method-override is a module used by the Express.js framework to let yo ...) + NOT-FOR-US: method-override nodejs module +CVE-2017-16135 (serverzyy is a static file server. serverzyy is vulnerable to a direct ...) + NOT-FOR-US: serverzyy +CVE-2017-16134 (http_static_simple is an http server. http_static_simple is vulnerable ...) + NOT-FOR-US: http_static_simple +CVE-2017-16133 (goserv is an http server. goserv is vulnerable to a directory traversa ...) + NOT-FOR-US: goserv +CVE-2017-16132 (simple-npm-registry is a local npm package cache. simple-npm-registry ...) + NOT-FOR-US: simple-npm-registry +CVE-2017-16131 (unicorn-list is a web framework. unicorn-list is vulnerable to a direc ...) + NOT-FOR-US: unicorn-list +CVE-2017-16130 (exxxxxxxxxxx is an Http eX Frame Google Style JavaScript Guide. exxxxx ...) + NOT-FOR-US: exxxxxxxxxxx +CVE-2017-16129 (The HTTP client module superagent is vulnerable to ZIP bomb attacks. I ...) + - node-superagent 0.20.0+dfsg-2 + [stretch] - node-superagent 0.20.0+dfsg-1+deb9u2 + [jessie] - node-superagent (Nodejs in jessie not covered by security support) + NOTE: https://github.com/visionmedia/superagent/issues/1259 + NOTE: https://nodesecurity.io/advisories/479 +CVE-2017-16128 (The module npm-script-demo opened a connection to a command and contro ...) + NOT-FOR-US: npm-script-demo +CVE-2017-16127 (The module pandora-doomsday infects other modules. It's since been unp ...) + NOT-FOR-US: pandora-doomsday +CVE-2017-16126 (The module botbait is a tool to be used to track bot and automated too ...) + NOT-FOR-US: botbait +CVE-2017-16125 (rtcmulticonnection-client is a signaling implementation for RTCMultiCo ...) + NOT-FOR-US: rtcmulticonnection-client +CVE-2017-16124 (node-server-forfront is a simple static file server. node-server-forfr ...) + NOT-FOR-US: node-server-forfront +CVE-2017-16123 (welcomyzt is a simple file server. welcomyzt is vulnerable to a direct ...) + NOT-FOR-US: welcomyzt +CVE-2017-16122 (cuciuci is a simple fileserver. cuciuci is vulnerable to a directory t ...) + NOT-FOR-US: cuciuci +CVE-2017-16121 (datachannel-client is a signaling implementation for DataChannel.js. d ...) + NOT-FOR-US: datachannel-client +CVE-2017-16120 (liyujing is a static file server. liyujing is vulnerable to a director ...) + NOT-FOR-US: liyujing +CVE-2017-16119 (Fresh is a module used by the Express.js framework for HTTP response f ...) + - node-fresh 0.2.0-2 (bug #927715) + [stretch] - node-fresh (Nodejs in stretch not covered by security support) + [jessie] - node-fresh (Nodejs in jessie not covered by security support) + NOTE: https://nodesecurity.io/advisories/526 +CVE-2017-16118 (The forwarded module is used by the Express.js framework to handle the ...) + NOT-FOR-US: forwarded nodejs module +CVE-2017-16117 (slug is a module to slugify strings, even if they contain unicode. slu ...) + NOT-FOR-US: slug node module +CVE-2017-16116 (The string module is a module that provides extra string operations. T ...) + NOT-FOR-US: string node module +CVE-2017-16115 (The timespan module is vulnerable to regular expression denial of serv ...) + NOT-FOR-US: timespane node module +CVE-2017-16114 (The marked module is vulnerable to a regular expression denial of serv ...) + - node-marked 0.3.9+dfsg-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/531 +CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial of ser ...) + NOT-FOR-US: parsejson node module +CVE-2017-16112 + REJECTED +CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is ...) + NOT-FOR-US: node content +CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. weather.sw ...) + NOT-FOR-US: weather.swlyons +CVE-2017-16109 (easyquick is a simple web server. easyquick is vulnerable to a directo ...) + NOT-FOR-US: easyquick +CVE-2017-16108 (gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerab ...) + NOT-FOR-US: gaoxiaotingtingting +CVE-2017-16107 (pooledwebsocket is vulnerable to a directory traversal issue, giving a ...) + NOT-FOR-US: pooledwebsocket +CVE-2017-16106 (tmock is a static file server. tmock is vulnerable to a directory trav ...) + NOT-FOR-US: tmock +CVE-2017-16105 (serverwzl is a simple http server. serverwzl is vulnerable to a direct ...) + NOT-FOR-US: serverwzl +CVE-2017-16104 (citypredict.whauwiller is vulnerable to a directory traversal issue, g ...) + NOT-FOR-US: citypredict.whauwiller +CVE-2017-16103 (serveryztyzt is a simple http server. serveryztyzt is vulnerable to a ...) + NOT-FOR-US: serveryztyzt +CVE-2017-16102 (serverhuwenhui is a simple http server. serverhuwenhui is vulnerable t ...) + NOT-FOR-US: serverhuwenhui +CVE-2017-16101 (serverwg is a simple http server. serverwg is vulnerable to a director ...) + NOT-FOR-US: serverwg +CVE-2017-16100 (dns-sync is a sync/blocking dns resolver. If untrusted user input is a ...) + NOT-FOR-US: dns-sync +CVE-2017-16099 (The no-case module is vulnerable to regular expression denial of servi ...) + NOT-FOR-US: no-case +CVE-2017-16098 (charset 1.0.0 and below are vulnerable to regular expression denial of ...) + NOT-FOR-US: charset +CVE-2017-16097 (tiny-http is a simple http server. tiny-http is vulnerable to a direct ...) + NOT-FOR-US: tiny-http +CVE-2017-16096 (serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable t ...) + NOT-FOR-US: serveryaozeyan +CVE-2017-16095 (serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable ...) + NOT-FOR-US: serverliujiayi1 +CVE-2017-16094 (iter-http is a server for static files. iter-http is vulnerable to a d ...) + NOT-FOR-US: iter-http +CVE-2017-16093 (cyber-js is a simple http server. A cyberjs server is vulnerable to a ...) + NOT-FOR-US: cyber-js +CVE-2017-16092 (Sencisho is a simple http server for local development. Sencisho is vu ...) + NOT-FOR-US: Sencisho +CVE-2017-16091 (xtalk helps your browser talk to nodex, a simple web framework. xtalk ...) + NOT-FOR-US: xtalk (not the chat client) +CVE-2017-16090 (fsk-server is a simple http server. fsk-server is vulnerable to a dire ...) + NOT-FOR-US: fsk-server +CVE-2017-16089 (serverlyr is a simple http server. serverlyr is vulnerable to a direct ...) + NOT-FOR-US: serverlyr +CVE-2017-16088 (The safe-eval module describes itself as a safer version of eval. By a ...) + NOT-FOR-US: safe-eval +CVE-2017-16087 + RESERVED +CVE-2017-16086 (ua-parser is a port of Browserscope's user agent parser. ua-parser is ...) + NOT-FOR-US: ua-parser +CVE-2017-16085 (tinyserver2 is a webserver for static files. tinyserver2 is vulnerable ...) + NOT-FOR-US: tinyserver2 +CVE-2017-16084 (list-n-stream is a server for static files to list and stream local vi ...) + NOT-FOR-US: list-n-stream +CVE-2017-16083 (node-simple-router is a minimalistic router for Node. node-simple-rout ...) + NOT-FOR-US: node-simple-router +CVE-2017-16082 (A remote code execution vulnerability was found within the pg module w ...) + - node-postgres 7.7.1-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/521 + NOTE: nodejs not covered by security support +CVE-2017-16081 (cross-env.js was a malicious module published with the intent to hijac ...) + NOT-FOR-US: malicious node module +CVE-2017-16080 (nodesass was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16079 (smb was a malicious module published with the intent to hijack environ ...) + NOT-FOR-US: malicious node module +CVE-2017-16078 (shadowsock was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16077 (mongose was a malicious module published with the intent to hijack env ...) + NOT-FOR-US: malicious node module +CVE-2017-16076 (proxy.js was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16075 (http-proxy.js was a malicious module published with the intent to hija ...) + NOT-FOR-US: malicious node module +CVE-2017-16074 (crossenv was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16073 (noderequest was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16072 (nodemailer.js was a malicious module published with the intent to hija ...) + NOT-FOR-US: malicious node module +CVE-2017-16071 (nodemailer-js was a malicious module published with the intent to hija ...) + NOT-FOR-US: malicious node module +CVE-2017-16070 (nodecaffe was a malicious module published with the intent to hijack e ...) + NOT-FOR-US: malicious node module +CVE-2017-16069 (nodeffmpeg was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16068 (ffmepg was a malicious module published with the intent to hijack envi ...) + NOT-FOR-US: malicious node module +CVE-2017-16067 (node-opencv was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16066 (opencv.js was a malicious module published with the intent to hijack e ...) + NOT-FOR-US: malicious node module +CVE-2017-16065 (openssl.js was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16064 (node-openssl was a malicious module published with the intent to hijac ...) + NOT-FOR-US: malicious node module +CVE-2017-16063 (node-opensl was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16062 (node-tkinter was a malicious module published with the intent to hijac ...) + NOT-FOR-US: malicious node module +CVE-2017-16061 (tkinter was a malicious module published with the intent to hijack env ...) + NOT-FOR-US: malicious node module +CVE-2017-16060 (babelcli was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16059 (mssql-node was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16058 (gruntcli was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16057 (nodemssql was a malicious module published with the intent to hijack e ...) + NOT-FOR-US: malicious node module +CVE-2017-16056 (mssql.js was a malicious module published with the intent to hijack en ...) + NOT-FOR-US: malicious node module +CVE-2017-16055 (`sqlserver` was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16054 (`nodefabric` was a malicious module published with the intent to hijac ...) + NOT-FOR-US: malicious node module +CVE-2017-16053 (`fabric-js` was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16052 (`node-fabric` was a malicious module published with the intent to hija ...) + NOT-FOR-US: malicious node module +CVE-2017-16051 (`sqliter` was a malicious module published with the intent to hijack e ...) + NOT-FOR-US: malicious node module +CVE-2017-16050 (`sqlite.js` was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16049 (`nodesqlite` was a malicious module published with the intent to hijac ...) + NOT-FOR-US: malicious node module +CVE-2017-16048 (`node-sqlite` was a malicious module published with the intent to hija ...) + NOT-FOR-US: malicious node module +CVE-2017-16047 (mysqljs was a malicious module published with the intent to hijack env ...) + NOT-FOR-US: malicious node module +CVE-2017-16046 (`mariadb` was a malicious module published with the intent to hijack e ...) + NOT-FOR-US: malicious node module +CVE-2017-16045 (`jquery.js` was a malicious module published with the intent to hijack ...) + NOT-FOR-US: malicious node module +CVE-2017-16044 (`d3.js` was a malicious module published with the intent to hijack env ...) + NOT-FOR-US: malicious node module +CVE-2017-16043 (Shout is an IRC client. Because the `/topic` command in messages is un ...) + NOT-FOR-US: Shout +CVE-2017-16042 (Growl adds growl notification support to nodejs. Growl before 1.10.2 d ...) + - node-growl 1.10.5-1 (unimportant; bug #900868) + [stretch] - node-growl 1.7.0-1+deb9u1 + NOTE: Issue: https://github.com/tj/node-growl/issues/60 + NOTE: https://github.com/tj/node-growl/pull/61 + NOTE: https://nodesecurity.io/advisories/146 + NOTE: nodejs not covered by security support +CVE-2017-16041 (ikst versions before 1.1.2 download resources over HTTP, which leaves ...) + NOT-FOR-US: ikst +CVE-2017-16040 (gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass ...) + NOT-FOR-US: gfe-sass +CVE-2017-16039 (`hftp` is a static http or ftp server `hftp` is vulnerable to a direct ...) + NOT-FOR-US: hftp +CVE-2017-16038 (`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversa ...) + NOT-FOR-US: f2e-server +CVE-2017-16037 (`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allo ...) + NOT-FOR-US: gomeplus-h5-proxy +CVE-2017-16036 (`badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `ba ...) + NOT-FOR-US: badjs-sourcemap-server +CVE-2017-16035 (The hubl-server module is a wrapper for the HubL Development Server. D ...) + NOT-FOR-US: hubl-server +CVE-2017-16034 + RESERVED +CVE-2017-16033 + RESERVED +CVE-2017-16032 + RESERVED +CVE-2017-16031 (Socket.io is a realtime application framework that provides communicat ...) + NOT-FOR-US: Socket.io +CVE-2017-16030 (Useragent is used to parse useragent headers. It uses several regular ...) + NOT-FOR-US: useragent nodejs module +CVE-2017-16029 (hostr is a simple web server that serves up the contents of the curren ...) + NOT-FOR-US: hostr +CVE-2017-16028 (react-native-meteor-oauth is a library for Oauth2 login to a Meteor se ...) + NOT-FOR-US: react-native-meteor-oauth +CVE-2017-16027 + RESERVED +CVE-2017-16026 (Request is an http client. If a request is made using ```multipart```, ...) + - node-request 2.88.1-1 (bug #901708) + [stretch] - node-request (Nodejs in stretch not covered by security support) + [jessie] - node-request (Nodejs in jessie not covered by security support) + NOTE: https://github.com/request/request/issues/1904 + NOTE: https://nodesecurity.io/advisories/309 + NOTE: https://github.com/request/request/pull/2018 +CVE-2017-16025 (Nes is a websocket extension library for hapi. Hapi is a webserver fra ...) + NOT-FOR-US: Nes +CVE-2017-16024 (The sync-exec module is used to simulate child_process.execSync in nod ...) + NOT-FOR-US: sync-exec +CVE-2017-16023 (Decamelize is used to convert a dash/dot/underscore/space separated st ...) + - node-decamelize (Fixed before initial upload to Debian) + NOTE: https://github.com/sindresorhus/decamelize/issues/5 + NOTE: https://github.com/sindresorhus/decamelize/commit/76d47d8de360afb574da2e34db87430ce11094e0 + NOTE: nodejs not covered by security support +CVE-2017-16022 (Morris.js creates an svg graph, with labels that appear when hovering ...) + NOT-FOR-US: Morris.js +CVE-2017-16021 (uri-js is a module that tries to fully implement RFC 3986. One of thes ...) + NOT-FOR-US: uri-js nodejs module +CVE-2017-16020 (Summit is a node web framework. When using the PouchDB driver in the m ...) + NOT-FOR-US: Summit +CVE-2017-16019 (GitBook is a command line tool (and Node.js library) for building beau ...) + NOT-FOR-US: GitBook +CVE-2017-16018 (Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 ...) + NOT-FOR-US: Restify +CVE-2017-16017 (sanitize-html is a library for scrubbing html input for malicious valu ...) + - node-sanitize-html (Fixed before initial upload) +CVE-2017-16016 (Sanitize-html is a library for scrubbing html input of malicious value ...) + - node-sanitize-html (Fixed before initial upload) +CVE-2017-16015 (Forms is a library for easily creating HTML forms. Versions before 1.3 ...) + NOT-FOR-US: Forms +CVE-2017-16014 (Http-proxy is a proxying library. Because of the way errors are handle ...) + - node-http-proxy (Fixed before initial upload to Debian) + NOTE: https://nodesecurity.io/advisories/323 + NOTE: https://github.com/nodejitsu/node-http-proxy/pull/101 + NOTE: https://github.com/http-party/node-http-proxy/commit/07c8d2ee6017264c3d4deac9f42ca264a3740b48 (v0.7.0) +CVE-2017-16013 (hapi is a web and services application framework. When hapi >= 15.0.0 ...) + NOT-FOR-US: hapi +CVE-2017-16012 + REJECTED +CVE-2017-16011 + REJECTED +CVE-2017-16010 (i18next is a language translation framework. When using the .init meth ...) + - libjs-i18next (unimportant) + NOTE: https://github.com/i18next/i18next/pull/826 + NOTE: https://nodesecurity.io/advisories/326 + NOTE: nodejs not covered by security support +CVE-2017-16009 (ag-grid is an advanced data grid that is library agnostic. ag-grid is ...) + NOT-FOR-US: ag-grid +CVE-2017-16008 (i18next is a language translation framework. Because of how the interp ...) + NOT-FOR-US: i18next +CVE-2017-16007 (node-jose is a JavaScript implementation of the JSON Object Signing an ...) + NOT-FOR-US: node-jose +CVE-2017-16006 (Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkab ...) + NOT-FOR-US: Remarkable +CVE-2017-16005 (Http-signature is a "Reference implementation of Joyent's HTTP Signatu ...) + - node-http-signature (Fixed before initial upload to Debian) + NOTE: https://github.com/joyent/node-http-signature/issues/10 + NOTE: https://nodesecurity.io/advisories/318 + NOTE: nodejs not covered by security support +CVE-2017-16004 + RESERVED +CVE-2017-16003 (windows-build-tools is a module for installing C++ Build Tools for Win ...) + NOT-FOR-US: windows-build-tools +CVE-2017-16002 + RESERVED +CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) + NOT-FOR-US: VMware +CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface (aka eo ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-15999 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, no ...) + NOT-FOR-US: Contacts Backup & Restore +CVE-2017-15998 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, DES ...) + NOT-FOR-US: Contacts Backup & Restore +CVE-2017-15997 (In the "NQ Contacts Backup & Restore" application 1.1 for Android, RC4 ...) + NOT-FOR-US: Contacts Backup & Restore +CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to c ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22361 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b +CVE-2017-15995 + RESERVED +CVE-2016-10698 (mystem-fix is a node.js wrapper for MyStem morphology text analyzer by ...) + NOT-FOR-US: mystem-fix +CVE-2016-10697 (react-native-baidu-voice-synthesizer is a baidu voice speech synthesiz ...) + NOT-FOR-US: react-native-baidu-voice-synthesizer +CVE-2016-10696 (windows-latestchromedriver downloads the latest version of chromedrive ...) + NOT-FOR-US: windows-latestchromedriver +CVE-2016-10695 (The npm-test-sqlite3-trunk module provides asynchronous, non-blocking ...) + NOT-FOR-US: npm-test-sqlite3-trunk +CVE-2016-10694 (alto-saxophone is a module to install and launch Chromedriver for Mac, ...) + NOT-FOR-US: alto-saxophone +CVE-2016-10693 (pm2-kafka is a PM2 module that installs and runs a kafka server pm2-ka ...) + NOT-FOR-US: pm2-kafka +CVE-2016-10692 (haxeshim haxe shim to deal with coexisting versions. haxeshim download ...) + NOT-FOR-US: haxeshim +CVE-2016-10691 (windows-seleniumjar is a module that downloads the Selenium Jar file w ...) + NOT-FOR-US: windows-seleniumjar +CVE-2016-10690 (openframe-ascii-image module is an openframe plugin which adds support ...) + NOT-FOR-US: openframe-ascii-image +CVE-2016-10689 (The windows-iedriver module downloads fixed version of iedriverserver. ...) + NOT-FOR-US: The windows-iedriver +CVE-2016-10688 (Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoeb ...) + NOT-FOR-US: Haxe node module, different from src:haxe +CVE-2016-10687 (windows-selenium-chromedriver is a module that downloads the Selenium ...) + NOT-FOR-US: windows-selenium-chromedriver +CVE-2016-10686 (fis-sass-all is another libsass wrapper for node. fis-sass-all downloa ...) + NOT-FOR-US: fis-sass-all +CVE-2016-10685 (pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox dow ...) + NOT-FOR-US: pk-app-wonderbox +CVE-2016-10684 (healthcenter - IBM Monitoring and Diagnostic Tools health Center agent ...) + NOT-FOR-US: IBM +CVE-2016-10683 (arcanist downloads resources over HTTP, which leaves it vulnerable to ...) + NOT-FOR-US: arcanist node module, different from src:arcanist +CVE-2016-10682 (massif is a Phantomjs fork massif downloads resources over HTTP, which ...) + NOT-FOR-US: massif +CVE-2016-10681 (roslib-socketio - The standard ROS Javascript Library fork for add sup ...) + NOT-FOR-US: roslib-socketio +CVE-2016-10680 (adamvr-geoip-lite is a light weight native JavaScript implementation o ...) + NOT-FOR-US: adamvr-geoip-lite +CVE-2016-10679 (selenium-standalone-painful installs a start-selenium command line to ...) + NOT-FOR-US: selenium-standalone-painful +CVE-2016-10678 (serc.js is a Selenium RC process wrapper serc.js downloads binary reso ...) + NOT-FOR-US: serc.js +CVE-2016-10677 (google-closure-tools-latest is a Node.js module wrapper for downloadin ...) + NOT-FOR-US: google-closure-tools-latest +CVE-2016-10676 (rs-brightcove is a wrapper around brightcove's web api rs-brightcove d ...) + NOT-FOR-US: rs-brightcove +CVE-2016-10675 (libsbmlsim is a module that installs linux binaries for libsbmlsim lib ...) + NOT-FOR-US: libsbmlsim +CVE-2016-10674 (limbus-buildgen is a "build anywhere" build system. limbus-buildgen ve ...) + NOT-FOR-US: limbus-buildgen +CVE-2016-10673 (ipip-coffee queries geolocation information from IP ipip-coffee downlo ...) + NOT-FOR-US: ipip-coffee +CVE-2016-10672 (cloudpub-redis is a module for CloudPub: Redis Backend cloudpub-redis ...) + NOT-FOR-US: cloudpub-redis +CVE-2016-10671 (mystem-wrapper is a Yandex mystem app wrapper module. mystem-wrapper d ...) + NOT-FOR-US: mystem-wrapper +CVE-2016-10670 (windows-seleniumjar-mirror downloads the Selenium Jar file windows-sel ...) + NOT-FOR-US: windows-seleniumjar-mirror +CVE-2016-10669 (soci downloads binary resources over HTTP, which leaves it vulnerable ...) + NOT-FOR-US: soci +CVE-2016-10668 (libsbml is a module that installs Linux binaries for libSBML libsbml d ...) + NOT-FOR-US: libsbml node integration, different from src:libsml +CVE-2016-10667 (selenium-portal is a Selenium Testing Framework selenium-portal downlo ...) + NOT-FOR-US: selenium-portal +CVE-2016-10666 (tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser ...) + NOT-FOR-US: tomita-parser +CVE-2016-10665 (herbivore is a packet sniffing and crafting library. Built on libtins ...) + NOT-FOR-US: herbivore +CVE-2016-10664 (mystem is a Node.js wrapper for MyStem morphology text analyzer by Yan ...) + NOT-FOR-US: mystem +CVE-2016-10663 (wixtoolset is a Node module wrapper around the wixtoolset binaries wix ...) + NOT-FOR-US: wixtoolset +CVE-2016-10662 (tomita is a node wrapper for Yandex Tomita Parser tomita downloads bin ...) + NOT-FOR-US: tomita +CVE-2016-10661 (phantomjs-cheniu is a Headless WebKit with JS API phantomjs-cheniu dow ...) + NOT-FOR-US: phantomjs-cheniu +CVE-2016-10660 (fis-parser-sass-bin a plugin for fis to compile sass using node-sass-b ...) + NOT-FOR-US: fis-parser-sass-bin +CVE-2016-10659 (poco - The POCO libraries, downloads source file resources used for co ...) + NOT-FOR-US: nodejs poco module +CVE-2016-10658 (native-opencv is the OpenCV library installed via npm native-opencv do ...) + NOT-FOR-US: native-opencv binding for node, different from src:opencv +CVE-2016-10657 (co-cli-installer downloads the co-cli module as part of the install pr ...) + NOT-FOR-US: co-cli-installer +CVE-2016-10656 (qbs is a build tool that helps simplify the build process for developi ...) + NOT-FOR-US: npm qbs (different from src:qbs) +CVE-2016-10655 (The clang-extra module installs LLVM's clang-extra tools. clang-extra ...) + NOT-FOR-US: npm clang-extra +CVE-2016-10654 (sfml downloads resources over HTTP, which leaves it vulnerable to MITM ...) + NOT-FOR-US: node-sfml +CVE-2016-10653 (xd-testing is a testing library for cross-device (XD) web applications ...) + NOT-FOR-US: node xp-testing +CVE-2016-10652 (prebuild-lwip is a module for comprehensive, fast, and simple image pr ...) + NOT-FOR-US: node prebuild-lwip +CVE-2016-10651 (webdriver-launcher is a Node.js Selenium Webdriver Launcher. webdriver ...) + NOT-FOR-US: webdriver-launcher +CVE-2016-10650 (ntfserver is a Network Testing Framework Server. ntfserver downloads b ...) + NOT-FOR-US: ntfserver +CVE-2016-10649 (frames-compiler downloads binary resources over HTTP, which leaves it ...) + NOT-FOR-US: frames-compiler +CVE-2016-10648 (marionette-socket-host is a marionette-js-runner host for sending acti ...) + NOT-FOR-US: marionette-socket-host +CVE-2016-10647 (node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary r ...) + NOT-FOR-US: node-air-sdk +CVE-2016-10646 (resourcehacker is a Node wrapper of Resource Hacker (windows executabl ...) + NOT-FOR-US: resourcehacker +CVE-2016-10645 (grunt-images is a grunt plugin for processing images. grunt-images dow ...) + NOT-FOR-US: grunt-images +CVE-2016-10644 (slimerjs-edge is a npm wrapper for installing the bleeding edge versio ...) + NOT-FOR-US: slimerjs-edge +CVE-2016-10643 (jstestdriver is a wrapper for Google's jstestdriver. jstestdriver down ...) + NOT-FOR-US: jstestdriver +CVE-2016-10642 (cmake installs the cmake x86 linux binaries. cmake downloads binary re ...) + NOT-FOR-US: cmake node intregration +CVE-2016-10641 (node-bsdiff-android downloads resources over HTTP, which leaves it vul ...) + NOT-FOR-US: node-bsdiff-android +CVE-2016-10640 (node-thulac is a node binding for thulac. node-thulac downloads binary ...) + NOT-FOR-US: node-thulac +CVE-2016-10639 (redis-srvr is a npm wrapper for redis-server. redis-srvr downloads bin ...) + NOT-FOR-US: redis-srvr +CVE-2016-10638 (js-given is a JavaScript frontend to jgiven. js-given downloads binary ...) + NOT-FOR-US: js-given +CVE-2016-10637 (haxe-dev is a cross-platform toolkit. haxe-dev downloads binary resour ...) + NOT-FOR-US: haxe-dev, different from src:haxe +CVE-2016-10636 (grunt-ccompiler is a Closure Compiler Grunt Plugin. grunt-ccompiler do ...) + NOT-FOR-US: grunt-ccompiler +CVE-2016-10635 (broccoli-closure is a Closure compiler plugin for Broccoli. broccoli-c ...) + NOT-FOR-US: broccoli-closure +CVE-2016-10634 (scala-standalone-bin is a Binary wrapper for ScalaJS. scala-standalone ...) + NOT-FOR-US: scala-standalone-bin +CVE-2016-10633 (dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp ...) + NOT-FOR-US: dwebp-bin +CVE-2016-10632 (apk-parser2 is a module which extracts Android Manifest info from an A ...) + NOT-FOR-US: apk-parser2 +CVE-2016-10631 (jvminstall is a module for downloading and unpacking jvm to local syst ...) + NOT-FOR-US: jvminstall +CVE-2016-10630 (install-g-test downloads resources over HTTP, which leaves it vulnerab ...) + NOT-FOR-US: install-g-test +CVE-2016-10629 (nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloa ...) + NOT-FOR-US: nw-with-arm +CVE-2016-10628 (selenium-wrapper is a selenium server wrapper, including installation ...) + NOT-FOR-US: selenium-wrapper +CVE-2016-10627 (scala-bin is a binary wrapper for Scala. scala-bin downloads binary re ...) + NOT-FOR-US: scala-bin +CVE-2016-10626 (mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads ...) + NOT-FOR-US: mystem3 +CVE-2016-10625 (headless-browser-lite is a minimal npm installer for phantomjs and sli ...) + NOT-FOR-US: headless-browser-lite +CVE-2016-10624 (selenium-chromedriver is a simple utility for downloading the Selenium ...) + NOT-FOR-US: selenium-chromedriver +CVE-2016-10623 (macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedr ...) + NOT-FOR-US: macaca-chromedriver-zxa +CVE-2016-10622 (nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschn ...) + NOT-FOR-US: nodeschnaps +CVE-2016-10621 (fibjs is a runtime for javascript applictions built on google v8 JS. f ...) + NOT-FOR-US: fibjs +CVE-2016-10620 (atom-node-module-installer installs node modules for atom-shell applic ...) + NOT-FOR-US: atom-node-module-installer +CVE-2016-10619 (pennyworth is a natural language templating engine. pennyworth downloa ...) + NOT-FOR-US: pennyworth +CVE-2016-10618 (node-browser is a wrapper webdriver by nodejs. node-browser downloads ...) + NOT-FOR-US: node-browser +CVE-2016-10617 (box2d-native downloads binary resources over HTTP, which leaves it vul ...) + NOT-FOR-US: box2d-native (different from src:box2d) +CVE-2016-10616 (openframe-image is an Openframe extension which adds support for image ...) + NOT-FOR-US: openframe-image +CVE-2016-10615 (curses is bindings for the native curses library, a full featured cons ...) + NOT-FOR-US: curses node module +CVE-2016-10614 (httpsync is a port of libcurl to node.js. httpsync downloads binary re ...) + NOT-FOR-US: httpsync node module +CVE-2016-10613 (bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra download ...) + NOT-FOR-US: bionode-sra +CVE-2016-10612 (dalek-browser-ie-canary is Internet Explorer bindings for DalekJS. dal ...) + NOT-FOR-US: dalek-browser-ie-canary +CVE-2016-10611 (strider-sauce is Sauce Labs / Selenium support for Strider. strider-sa ...) + NOT-FOR-US: strider-sauce +CVE-2016-10610 (unicode-json is a unicode lookup table. unicode-json before 2.0.0 down ...) + NOT-FOR-US: unicode-json +CVE-2016-10609 (chromedriver126 is chromedriver version 1.26 for linux OS. chromedrive ...) + NOT-FOR-US: chromedriver126 +CVE-2016-10608 (robot-js is a module for native system automation for node.js. robot-j ...) + NOT-FOR-US: robot-js +CVE-2016-10607 (openframe-glsviewer is a Openframe extension which adds support for sh ...) + NOT-FOR-US: openframe-glsviewer +CVE-2016-10606 (grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in ...) + NOT-FOR-US: grunt-webdriver-qunit +CVE-2016-10605 (dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-brow ...) + NOT-FOR-US: dalek-browser-ie +CVE-2016-10604 (dalek-browser-chrome is Google Chrome bindings for DalekJS. dalek-brow ...) + NOT-FOR-US: dalek-browser-chrome +CVE-2016-10603 (air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads bina ...) + NOT-FOR-US: air-sdk +CVE-2016-10602 (haxe is a cross-platform toolkit haxe downloads zipped resources over ...) + NOT-FOR-US: Haxe node module, different from src:haxe +CVE-2016-10601 (webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver ...) + NOT-FOR-US: webdrvr +CVE-2016-10600 (webrtc-native uses WebRTC from chromium project. webrtc-native downloa ...) + NOT-FOR-US: webrtc-native +CVE-2016-10599 (sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar ...) + NOT-FOR-US: sauce-connect +CVE-2016-10598 (arrayfire-js is a module for ArrayFire for the Node.js platform. array ...) + NOT-FOR-US: arrayfire-js +CVE-2016-10597 (cobalt-cli downloads resources over HTTP, which leaves it vulnerable t ...) + NOT-FOR-US: cobalt-cli +CVE-2016-10596 (imageoptim is a Node.js wrapper for some images compression algorithms ...) + NOT-FOR-US: imageoptim +CVE-2016-10595 (jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads ex ...) + NOT-FOR-US: jdf-sass +CVE-2016-10594 (ipip is a Node.js module to query geolocation information for an IP or ...) + NOT-FOR-US: ibip +CVE-2016-10593 (ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads ...) + NOT-FOR-US: ibapi +CVE-2016-10592 (jser-stat is a JSer.info stat library. jser-stat downloads data resour ...) + NOT-FOR-US: jser-stat +CVE-2016-10591 (Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML ...) + NOT-FOR-US: Prince Node API +CVE-2016-10590 (cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node do ...) + NOT-FOR-US: cue-sdk-node +CVE-2016-10589 (selenium-binaries downloads Selenium related binaries for your OS. sel ...) + NOT-FOR-US: selenium-binaries +CVE-2016-10588 (nw is an installer for nw.js. nw downloads zipped resources over HTTP, ...) + NOT-FOR-US: nw +CVE-2016-10587 (wasdk is a toolkit for creating WebAssembly modules. wasdk downloads b ...) + NOT-FOR-US: wasdk +CVE-2016-10586 (macaca-chromedriver is a Node.js wrapper for the selenium chromedriver ...) + NOT-FOR-US: macaca-chromedriver +CVE-2016-10585 (libxl provides Node bindings for the libxl library for reading and wri ...) + NOT-FOR-US: libxl node bindings +CVE-2016-10584 (dalek-browser-chrome-canary provides Google Chrome bindings for DalekJ ...) + NOT-FOR-US: dalek-browser-chrome-canary +CVE-2016-10583 (closure-utils is Utilities for Closure Library based projects. closure ...) + NOT-FOR-US: closure-utils +CVE-2016-10582 (closurecompiler is a Closure Compiler for node.js. closurecompiler dow ...) + NOT-FOR-US: closurecompiler +CVE-2016-10581 (Steroids is PhoneGap on Steroids, providing native UI elements, multip ...) + NOT-FOR-US: PhoneGap on Steroids +CVE-2016-10580 (nodewebkit is an installer for node-webkit. nodewebkit downloads zippe ...) + NOT-FOR-US: nodewebkit +CVE-2016-10579 (Chromedriver is an NPM wrapper for selenium ChromeDriver. Chromedriver ...) + NOT-FOR-US: Chromedriver +CVE-2016-10578 (unicode loads unicode data downloaded from unicode.org into nodejs. Un ...) + NOT-FOR-US: nodejs unicode module +CVE-2016-10577 (ibm_db is an asynchronous/synchronous interface for node.js to IBM DB2 ...) + NOT-FOR-US: ibm_db node.js module +CVE-2016-10576 (Fuseki server wrapper and management API in fuseki before 1.0.1 downlo ...) + NOT-FOR-US: Fuseki +CVE-2016-10575 (Kindlegen is a simple Node.js wrapper of the official kindlegen progra ...) + NOT-FOR-US: Kindlegen +CVE-2016-10574 (apk-parser3 is a module to extract Android Manifest info from an APK f ...) + NOT-FOR-US: apk-parser3 +CVE-2016-10573 (baryton-saxophone is a module to install and launch Selenium Server fo ...) + NOT-FOR-US: baryton-saxophone +CVE-2016-10572 (mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instan ...) + NOT-FOR-US: mongodb-instance +CVE-2016-10571 (bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-w ...) + NOT-FOR-US: bkjs-wand +CVE-2016-10570 (pngcrush-installer is an installer for Pngcrush. pngcrush-installer ve ...) + NOT-FOR-US: pngcrush-installer +CVE-2016-10569 (embedza is a module to create HTML snippets/embeds from URLs using inf ...) + NOT-FOR-US: embedza +CVE-2016-10568 (geoip-lite-country is a stripped down version of geoip-lite, supportin ...) + NOT-FOR-US: geoip-lite-country +CVE-2016-10567 (product-monitor is a HTML/JavaScript template for monitoring a product ...) + NOT-FOR-US: product-monitor +CVE-2016-10566 (install-nw is a module which quickly and robustly installs and caches ...) + NOT-FOR-US: install-nw +CVE-2016-10565 (operadriver is a Opera Driver for Selenium. operadriver versions below ...) + NOT-FOR-US: operadriver +CVE-2016-10564 (apk-parser is a tool to extract Android Manifest info from an APK file ...) + NOT-FOR-US: apk-parser +CVE-2016-10563 (During the installation process, the go-ipfs-deps module before 0.4.4 ...) + NOT-FOR-US: go-ipfs-deps +CVE-2016-10562 (iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions be ...) + NOT-FOR-US: iedriver +CVE-2016-10561 (Bitty is a development web server tool that functions similar to `pyth ...) + NOT-FOR-US: Bitty +CVE-2016-10560 (galenframework-cli is the node wrapper for the Galen Framework. galenf ...) + NOT-FOR-US: galenframework-cli +CVE-2016-10559 (selenium-download downloads the latest versions of the selenium standa ...) + NOT-FOR-US: selenium-download +CVE-2016-10558 (aerospike is an Aerospike add-on module for Node.js. aerospike version ...) + NOT-FOR-US: aerospike +CVE-2016-10557 (appium-chromedriver is a Node.js wrapper around Chromedriver. Versions ...) + NOT-FOR-US: appium-chromedriver +CVE-2016-10556 (sequelize is an Object-relational mapping, or a middleman to convert t ...) + NOT-FOR-US: sequelize +CVE-2016-10555 (Since "algorithm" isn't enforced in jwt.decode()in jwt-simple 0.3.0 an ...) + NOT-FOR-US: nodejs-jwt-simple +CVE-2016-10554 (sequelize is an Object-relational mapping, or a middleman to convert t ...) + NOT-FOR-US: sequelize +CVE-2016-10553 (sequelize is an Object-relational mapping, or a middleman to convert t ...) + NOT-FOR-US: sequelize +CVE-2016-10552 (igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over ...) + NOT-FOR-US: igniteui +CVE-2016-10551 (waterline-sequel is a module that helps generate SQL statements for Wa ...) + NOT-FOR-US: waterline-sequel +CVE-2016-10550 (sequelize is an Object-relational mapping, or a middleman to convert t ...) + NOT-FOR-US: sequelize +CVE-2016-10549 (Sails is an MVC style framework for building realtime web applications ...) + NOT-FOR-US: Sails +CVE-2016-10548 (Arbitrary code execution is possible in reduce-css-calc node module <= ...) + NOT-FOR-US: reduce-css-calc +CVE-2016-10547 (Nunjucks is a full featured templating engine for JavaScript. Versions ...) + NOT-FOR-US: Nunjucks +CVE-2016-10546 (An arbitrary code injection vector was found in PouchDB 6.0.4 and less ...) + NOT-FOR-US: PouchDB +CVE-2016-10545 + REJECTED +CVE-2016-10544 (uws is a WebSocket server library. By sending a 256mb websocket messag ...) + NOT-FOR-US: uws +CVE-2016-10543 (call is an HTTP router that is primarily used by the hapi framework. T ...) + NOT-FOR-US: call HTTP router +CVE-2016-10542 (ws is a "simple to use, blazing fast and thoroughly tested websocket c ...) + - node-ws 1.1.0+ds1.e6ddaae4-5 (bug #927671) + [stretch] - node-ws 1.1.0+ds1.e6ddaae4-3+deb9u1 + [jessie] - node-ws (Nodejs in jessie not covered by security support) + NOTE: https://nodesecurity.io/advisories/120 + NOTE: https://github.com/nodejs/node/issues/7388 +CVE-2016-10541 (The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ...) + - node-shell-quote (Fixed before initial upload to Debian) + NOTE: https://nodesecurity.io/advisories/117 + NOTE: nodejs not covered by security support +CVE-2016-10540 (Minimatch is a minimal matching utility that works by converting glob ...) + - node-minimatch 3.0.3-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/118 + NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955 + NOTE: libv8 is not covered by security support +CVE-2016-10539 (negotiator is an HTTP content negotiator for Node.js and is used by ma ...) + - node-negotiator 0.6.1-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/106 + NOTE: nodejs not covered by security support +CVE-2016-10538 (The package `node-cli` before 1.0.0 insecurely uses the lock_file and ...) + - node-cli (unimportant; bug #809252) + NOTE: https://github.com/node-js-libs/cli/issues/81 + NOTE: https://nodesecurity.io/advisories/95 +CVE-2016-10537 (backbone is a module that adds in structure to a JavaScript heavy appl ...) + - backbone 0.5.3-1 + NOTE: https://nodesecurity.io/advisories/108 +CVE-2016-10536 (engine.io-client is the client for engine.io, the implementation of a ...) + NOT-FOR-US: engine.io-client +CVE-2016-10535 (csrf-lite is a cross-site request forgery protection library for frame ...) + NOT-FOR-US: csrf-lite +CVE-2016-10534 (electron-packager is a command line tool that packages Electron source ...) + NOT-FOR-US: electron-packager +CVE-2016-10533 (express-restify-mongoose is a module to easily create a flexible REST ...) + NOT-FOR-US: express-restify-mongoose +CVE-2016-10532 (console-io is a module that allows users to implement a web console in ...) + NOT-FOR-US: console-io +CVE-2016-10531 (marked is an application that is meant to parse and compile markdown. ...) + - node-marked 0.3.6+dfsg-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/101 + NOTE: nodejs not covered by security support +CVE-2016-10530 (The airbrake module 0.3.8 and earlier defaults to sending environment ...) + NOT-FOR-US: airbrake +CVE-2016-10529 (Droppy versions <3.5.0 does not perform any verification for cross-dom ...) + NOT-FOR-US: Droppy +CVE-2016-10528 (restafary is a REpresentful State Transfer API for Creating, Reading, ...) + NOT-FOR-US: restafary +CVE-2016-10527 (The riot-compiler version version 2.3.21 has an issue in a regex (Cata ...) + NOT-FOR-US: riot-compiler +CVE-2016-10526 (A common setup to deploy to gh-pages on every commit via a CI system i ...) + NOT-FOR-US: gh-pages +CVE-2016-10525 (When attempting to allow authentication mode `try` in hapi, hapi-auth- ...) + NOT-FOR-US: hapi +CVE-2016-10524 (i18n-node-angular is a module used to interact between i18n and angula ...) + NOT-FOR-US: i18n-node-angular +CVE-2016-10523 (MQTT before 3.4.6 and 4.0.x before 4.0.5 allows specifically crafted M ...) + - node-mqtt-packet (Fixed before initial upload to the archive) + NOTE: https://nodesecurity.io/advisories/75 +CVE-2016-10522 (rails_admin ruby gem (bug #903855) + [stretch] - ruby-rails-admin (Minor issue; has regression potential) + NOTE: https://github.com/sferik/rails_admin/commit/b13e879eb93b661204e9fb5e55f7afa4f397537a + NOTE: Regression: https://github.com/sferik/rails_admin/issues/2830 +CVE-2016-10521 (jshamcrest is vulnerable to regular expression denial of service (ReDo ...) + NOT-FOR-US: jshamcrest +CVE-2016-10520 (jadedown is vulnerable to regular expression denial of service (ReDoS) ...) + NOT-FOR-US: jadedown +CVE-2016-10519 (A security issue was found in bittorrent-dht before 5.1.3 that allows ...) + NOT-FOR-US: bittorrent-dht +CVE-2016-10518 (A vulnerability was found in the ping functionality of the ws module b ...) + - node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/67 + NOTE: Nodefs not covered by security support +CVE-2015-9243 (When server level, connection level or route level CORS configurations ...) + NOT-FOR-US: hapi +CVE-2015-9242 (Certain input strings when passed to new Date() or Date.parse() in ecs ...) + NOT-FOR-US: ecstatic +CVE-2015-9241 (Certain input passed into the If-Modified-Since or Last-Modified heade ...) + NOT-FOR-US: hapi +CVE-2015-9240 (Due to a bug in the the default sign in functionality in the keystone ...) + NOT-FOR-US: keystone node module +CVE-2015-9239 (ansi2html is vulnerable to regular expression denial of service (ReDoS ...) + NOT-FOR-US: ansi2html +CVE-2015-9238 (secure-compare 3.0.0 and below do not actually compare two strings pro ...) + NOT-FOR-US: secure-compare node module +CVE-2015-9237 + RESERVED +CVE-2015-9236 (Hapi versions less than 11.0.0 implement CORS incorrectly and allowed ...) + NOT-FOR-US: hapi +CVE-2015-9235 (In jsonwebtoken node module before 4.2.2 it is possible for an attacke ...) + NOT-FOR-US: jsonwebtoken node module +CVE-2014-10068 (The inert directory handler in inert node module before 1.1.1 always a ...) + NOT-FOR-US: inert +CVE-2014-10067 (paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by ...) + NOT-FOR-US: paypal-ipn +CVE-2014-10066 (Versions less than 0.1.4 of the static file server module fancy-server ...) + NOT-FOR-US: fancy-server +CVE-2014-10065 (Certain input when passed into remarkable before 1.4.1 will bypass the ...) + NOT-FOR-US: remarkable +CVE-2014-10064 (The qs module before 1.0.0 does not have an option or default for spec ...) + - node-qs 2.2.4-1 (unimportant) + NOTE: https://nodesecurity.io/advisories/28 + NOTE: nodejs not security by security support +CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums ...) + - rsync (Problematic code to allow checksum choice only introduced after 3.1.2 release) + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b + NOTE: And possibly the following two commits on top: + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 + NOTE: The following commit introduced special handling of archaic versions / handling of + NOTE: --checksum-choice option to choose the checksum algorithms: + NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598 +CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php r ...) + NOT-FOR-US: Zomato Clone Script +CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' Paramet ...) + NOT-FOR-US: Website Broker Script +CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injec ...) + NOT-FOR-US: Vastal I-Tech Agent Zone +CVE-2017-15990 (Php Inventory & Invoice Management System allows Arbitrary File Upload ...) + NOT-FOR-US: Php Inventory & Invoice Management System +CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.ph ...) + NOT-FOR-US: Online Exam Test Application +CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme ...) + NOT-FOR-US: PHP FAQ Script +CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...) + NOT-FOR-US: Fake Magazine Cover Script +CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter ...) + NOT-FOR-US: CPA Lead Reward Script +CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...) + NOT-FOR-US: Basic B2B Script +CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...) + NOT-FOR-US: Creative Management System (CMS) Lite +CVE-2017-15983 (MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id par ...) + NOT-FOR-US: MyMagazine Magazine & Blog CMS +CVE-2017-15982 (Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id p ...) + NOT-FOR-US: Dynamic News Magazine & Blog CMS +CVE-2017-15981 (Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via ...) + NOT-FOR-US: Responsive Newspaper Magazine & Blog CMS +CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state pa ...) + NOT-FOR-US: US Zip Codes Database Script +CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via th ...) + NOT-FOR-US: Shareet - Photo Sharing Social Network +CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the office_adm ...) + NOT-FOR-US: AROX School ERP PHP Script +CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...) + NOT-FOR-US: Protected Links - Expiring Download Links +CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...) + NOT-FOR-US: ZeeBuddy +CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_ ...) + NOT-FOR-US: Vastal I-Tech Dating Zone +CVE-2017-15974 (tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 ...) + NOT-FOR-US: tPanel +CVE-2017-15973 (Sokial Social Network Script 1.0 allows SQL Injection via the id param ...) + NOT-FOR-US: Sokial Social Network Script +CVE-2017-15972 (SoftDatepro Dating Social Network 1.3 allows SQL Injection via the vie ...) + NOT-FOR-US: SoftDatepro Dating Social Network +CVE-2017-15971 (Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprof ...) + NOT-FOR-US: Same Sex Dating Software Pro +CVE-2017-15970 (PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index ...) + NOT-FOR-US: PHP CityPortal +CVE-2017-15969 (PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to searc ...) + NOT-FOR-US: PG All Share Video +CVE-2017-15968 (MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.p ...) + NOT-FOR-US: MyBuilder Clone +CVE-2017-15967 (Mailing List Manager Pro 3.0 allows SQL Injection via the edit paramet ...) + NOT-FOR-US: Mailing List Manager Pro +CVE-2017-15966 (The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! a ...) + NOT-FOR-US: Zh YandexMap +CVE-2017-15965 (The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joo ...) + NOT-FOR-US: NS Download Shop +CVE-2017-15964 (Job Board Script Software allows SQL Injection via the PATH_INFO to a ...) + NOT-FOR-US: Job Board Script Software +CVE-2017-15963 (iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.p ...) + NOT-FOR-US: iTech Gigs Script +CVE-2017-15962 (iStock Management System 1.0 allows Arbitrary File Upload via user/pro ...) + NOT-FOR-US: iStock Management System +CVE-2017-15961 (iProject Management System 1.0 allows SQL Injection via the ID paramet ...) + NOT-FOR-US: iProject Management System +CVE-2017-15960 (Article Directory Script 3.0 allows SQL Injection via the id parameter ...) + NOT-FOR-US: Article Directory Scrip +CVE-2017-15959 (Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /do ...) + NOT-FOR-US: Adult Script Pro +CVE-2017-15958 (D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the user ...) + NOT-FOR-US: D-Park Pro Domain Parking Script +CVE-2017-15957 (my_profile.php in Ingenious School Management System 2.3.0 allows a st ...) + NOT-FOR-US: Ingenious School Management System +CVE-2017-15956 (ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Down ...) + NOT-FOR-US: ConverTo Video Downloader +CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Ac ...) + {DSA-4026-1 DLA-1158-1} + - bchunk 1.2.0-12.1 (bug #880116) + NOTE: https://github.com/extramaster/bchunk/issues/4 +CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...) + {DSA-4026-1 DLA-1158-1} + - bchunk 1.2.0-12.1 (bug #880116) + NOTE: https://github.com/extramaster/bchunk/issues/3 +CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap ...) + {DSA-4026-1 DLA-1158-1} + - bchunk 1.2.0-12.1 (bug #880116) + NOTE: https://github.com/extramaster/bchunk/issues/2 +CVE-2017-15952 + RESERVED +CVE-2017-15951 (The KEYS subsystem in the Linux kernel before 4.13.10 does not correct ...) + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 (v4.14-rc6) +CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a buff ...) + NOT-FOR-US: Flexense SyncBreeze +CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedi ...) + NOT-FOR-US: Xavier PHP Management Panel +CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file upload ...) + NOT-FOR-US: Perch Content Management System +CVE-2017-15947 (Simple ASC Content Management System v1.2 has XSS in the location fiel ...) + NOT-FOR-US: Simple ASC Content Management +CVE-2017-15946 (In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerabil ...) + NOT-FOR-US: Joomla addon +CVE-2017-15945 (The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, d ...) + NOT-FOR-US: Gentoo installation scripts +CVE-2017-15944 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-15943 (The configuration file import for applications, spyware and vulnerabil ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x be ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-15940 (The web interface packet capture management component in Palo Alto Net ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + - binutils (Incomplete fix not applied) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9 + NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/ +CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22209 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a + NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/ +CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission c ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execut ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scri ...) + NOT-FOR-US: Artica Pandora FMS +CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...) + - radare2 2.1.0+dfsg-1 (bug #880024) + [jessie] - radare2 (Vulnerable code introduced in 0.10.2) + [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) + NOTE: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9 + NOTE: https://github.com/radare/radare2/issues/8743 +CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...) + - radare2 2.1.0+dfsg-1 (bug #880025) + [jessie] - radare2 (Vulnerable code introduced in 0.10.2) + [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) + NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd + NOTE: https://github.com/radare/radare2/issues/8731 +CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null Po ...) + {DSA-4321-1 DLA-1456-1 DLA-1154-1} + - graphicsmagick 1.3.26-16 (bug #879999) + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/518/ +CVE-2017-15929 + RESERVED +CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...) + - ruby-ox 2.8.2-1 (bug #881445) + [stretch] - ruby-ox 2.1.1-2+deb9u1 + [jessie] - ruby-ox 2.1.1-2+deb8u1 + NOTE: https://github.com/ohler55/ox/issues/194 + NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8 +CVE-2017-15927 + RESERVED +CVE-2017-15926 + RESERVED +CVE-2017-15925 + RESERVED +CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...) + {DSA-4033-1 DLA-1174-1} + - konversation 1.7.3-1 (bug #881586) + NOTE: https://github.com/KDE/konversation/commit/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 +CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACT ...) + {DLA-1198-1} + - libextractor 1:1.6-2 (low; bug #880016) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html + NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117 +CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...) + NOT-FOR-US: Watchdog Anti-Malware +CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro 2.74.186 ...) + NOT-FOR-US: Watchdog Anti-Malware +CVE-2017-15918 (Sera 1.2 stores the user's login password in plain text in their home ...) + NOT-FOR-US: Sera +CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...) + NOT-FOR-US: Paessler PRTG Network Monitor +CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a cus ...) + - systemd 235-3 (bug #880026) + [stretch] - systemd 232-25+deb9u2 + [jessie] - systemd (Vulnerable code introduced later) + [wheezy] - systemd (Vulnerable code introduced later) + NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351 + NOTE: https://github.com/systemd/systemd/pull/7184 + NOTE: Fix: https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62 +CVE-2017-15919 (The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has S ...) + NOT-FOR-US: WordPress plugin ultimate-form-builder-lite +CVE-2017-15916 + RESERVED +CVE-2017-15915 + RESERVED +CVE-2017-15914 (Incorrect implementation of access controls allows remote users to ove ...) + - borgbackup 1.1.3-1 + [stretch] - borgbackup (Only affects 1.1.0, 1.1.1 and 1.1.2 releases) + NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#version-1-1-3-2017-11-27 +CVE-2017-15913 (The Installer in Whale allows DLL hijacking.) + NOT-FOR-US: Installer in Whale +CVE-2017-15912 + RESERVED +CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allo ...) + NOT-FOR-US: Ignite Realtime Openfire Server +CVE-2017-15910 + RESERVED +CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, ...) + NOT-FOR-US: D-Link +CVE-2017-15907 (SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remo ...) + NOT-FOR-US: phpCollab +CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 7.6 does ...) + {DLA-1500-1} + - openssh 1:7.6p1-1 (low) + [stretch] - openssh 1:7.4p1-10+deb9u3 + [wheezy] - openssh (Minor issue) + NOTE: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19 +CVE-2017-15905 + RESERVED +CVE-2017-15904 + RESERVED +CVE-2017-15903 + RESERVED +CVE-2017-15902 + RESERVED +CVE-2017-15901 + RESERVED +CVE-2017-15900 + RESERVED +CVE-2017-15899 + RESERVED +CVE-2017-15898 + RESERVED +CVE-2017-15897 (Node.js had a bug in versions 8.X and 9.X which caused buffers to not ...) + - nodejs (Only affects 8.x and 9.x) +CVE-2017-15896 (Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...) + - nodejs (HTTP2 module only in 8.x and 9.x and Debian package uses the system copy of OpenSSL) +CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) + NOT-FOR-US: Synology Router Manager +CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in S ...) + NOT-FOR-US: Synology File Station +CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash Command C ...) + NOT-FOR-US: Synology Chat +CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in Synolog ...) + NOT-FOR-US: Synology Calendar +CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology Mai ...) + NOT-FOR-US: Synology +CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation M ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...) + NOT-FOR-US: Synology +CVE-2017-15887 (An improper restriction of excessive authentication attempts vulnerabi ...) + NOT-FOR-US: Synology +CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in Sy ...) + NOT-FOR-US: Synology Chat +CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Networ ...) + NOT-FOR-US: Axis +CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...) + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin +CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remo ...) + NOT-FOR-US: Sitefinity +CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application befor ...) + NOT-FOR-US: London Trust Media Private Internet Access (PIA) application +CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 a ...) + NOT-FOR-US: KeystoneJS +CVE-2017-15880 (SQL injection vulnerability vulnerability in the EyesOfNetwork web int ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-15879 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) + NOT-FOR-US: KeystoneJS +CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in fields/types/mark ...) + NOT-FOR-US: KeystoneJS +CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 allo ...) + NOT-FOR-US: GPWeb +CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote a ...) + NOT-FOR-US: GPWeb +CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allow ...) + NOT-FOR-US: GPWeb +CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integ ...) + - busybox 1:1.27.2-2 (bug #879732) + [stretch] - busybox (Vulnerable code not present) + [jessie] - busybox (Vulnerable code not present) + [wheezy] - busybox (Vulnerable code not present) + NOTE: https://bugs.busybox.net/show_bug.cgi?id=10436 + NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0 + NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b +CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2. ...) + {DLA-2559-1 DLA-1445-1} + - busybox 1:1.27.2-2 (bug #879732) + [wheezy] - busybox (Minor issue) + NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0 + NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431 +CVE-2017-15872 (phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and ...) + NOT-FOR-US: phpwcms +CVE-2017-15871 (The deserialize function in serialize-to-js through 1.1.1 allows attac ...) + NOT-FOR-US: Disputed serialize-to-js issue +CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers w ...) + NOT-FOR-US: Palo Alto Networks GlobalProtect Agent +CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZ ...) + NOT-FOR-US: LiveZilla +CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the L ...) + {DSA-4082-1 DLA-1200-1} + - linux 4.0.2-1 + NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3) +CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the user-login- ...) + NOT-FOR-US: user-login-history plugin for WordPress +CVE-2017-15866 + RESERVED +CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...) + - frr (Fixed before initial upload) +CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x throu ...) + {DLA-1212-1} + - otrs2 4.0.7-2 + [jessie] - otrs2 3.3.18-1+deb8u2 + NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/ + NOTE: https://github.com/OTRS/otrs/compare/3bc58ebeb9bdbe8107251a03cf7b9b8cfc515f53...80a0a9a138278d63a2621d146eb3c29e982aa2d5 + NOTE: Root cause for the issue is the recursive parsing handling in the old + NOTE: DTL template engine that OTRS used up to OTRS 3.3. Starting with OTRS 4 + NOTE: OTRS switched to a new Template::Toolkit based engine which does not perform + NOTE: recursive parsing and not affected by this issue. +CVE-2016-10517 (networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" b ...) + {DLA-1161-1} + - redis 3:3.2.7-1 + [stretch] - redis (Minor issue) + [jessie] - redis (Minor issue) + NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50 +CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin bef ...) + NOT-FOR-US: WordPress plugin wp-noexternallinks +CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15859 (While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_ ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15858 + RESERVED +CVE-2017-15857 (In the camera driver, an out-of-bounds access can occur due to an erro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15856 (Due to a race condition while processing the power stats debug file to ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15854 (The value of fix_param->num_chans is received from firmware and if it ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15851 (Lack of copy_from_user and information leak in function "msm_ois_subde ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for MSM ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15844 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15843 (Due to a race condition in a bus driver, a double free in msm_bus_floo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15842 (Buffer might get used after it gets freed due to unlocking the mutex b ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15841 (When HOST sends a Special command ID packet, Controller triggers a RAM ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15840 + REJECTED +CVE-2017-15839 + REJECTED +CVE-2017-15838 + REJECTED +CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15835 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15832 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15831 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15830 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15828 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15827 + RESERVED +CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15825 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15824 (In Android releases from CAF using the linux kernel (Android for MSM, ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15821 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15819 + RESERVED +CVE-2017-15818 (In all android releases (Android for MSM, Firefox OS for MSM, QRD Andr ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-15816 + REJECTED +CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm closed-source components on Android +CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...) + NOT-FOR-US: WordPress plugin +CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the as ...) + NOT-FOR-US: WordPress plugin +CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a cr ...) + NOT-FOR-US: phpMyFaq +CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.) + NOT-FOR-US: phpMyFaq +CVE-2017-15807 + RESERVED +CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...) + NOT-FOR-US: Zeta Components Mail +CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function i ...) + {DLA-1191-1} + - python-werkzeug 0.11.11+dfsg1-1 + [jessie] - python-werkzeug 0.9.6+dfsg-1+deb8u1 + NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/ + NOTE: https://github.com/pallets/werkzeug/pull/1001 + NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65 +CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and ...) + NOT-FOR-US: Cisco +CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) + - glibc 2.25-3 (low; bug #879955) + [stretch] - glibc 2.24-11+deb9u4 + - eglibc (low) + [wheezy] - eglibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8 +CVE-2017-15803 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15802 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15800 + REJECTED +CVE-2017-15799 + REJECTED +CVE-2017-15798 + REJECTED +CVE-2017-15797 + REJECTED +CVE-2017-15796 + REJECTED +CVE-2017-15795 + REJECTED +CVE-2017-15794 + REJECTED +CVE-2017-15793 + REJECTED +CVE-2017-15792 + REJECTED +CVE-2017-15791 + REJECTED +CVE-2017-15790 + REJECTED +CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15788 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15787 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15786 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15785 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15784 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15783 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15782 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15781 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15780 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15779 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15778 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15777 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15776 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15775 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15774 (XnView Classic for Windows Version 2.43 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-15773 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-15771 + REJECTED +CVE-2017-15770 + REJECTED +CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service o ...) + NOT-FOR-US: IrfanView +CVE-2017-15768 (IrfanView version 4.50 - 64bit allows attackers to cause a denial of s ...) + NOT-FOR-US: IrfanView +CVE-2017-15767 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15766 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15765 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15764 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15763 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15762 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15761 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15760 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15759 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15758 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15757 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15756 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15755 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15754 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15753 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15752 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15751 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15750 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15749 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15748 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15747 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15746 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15745 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15744 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15743 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15742 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15741 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15740 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15739 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows at ...) + NOT-FOR-US: IrfanView +CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...) + {DSA-4228-1} + - spip 3.1.4-4 (bug #879954) + [wheezy] - spip (vulnerable code not present) + NOTE: https://core.spip.net/projects/spip/repository/revisions/23701 +CVE-2017-15735 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15734 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15733 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15732 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15731 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15730 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) i ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15729 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) f ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15728 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) v ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-15726 + RESERVED +CVE-2017-15725 (An XML External Entity Injection vulnerability exists in Dzone AnswerH ...) + NOT-FOR-US: Dzone AnswerHub +CVE-2017-15724 + RESERVED +CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL ...) + {DSA-4016-1} + - irssi 1.0.5-1 (bug #879521) + [wheezy] - irssi (Vulnerable code introduced in 0.8.17) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt + NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 +CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a Safe ch ...) + {DSA-4016-1 DLA-1217-1} + - irssi 1.0.5-1 (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt + NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 +CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages ...) + {DSA-4016-1 DLA-1217-1} + - irssi 1.0.5-1 (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt + NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 +CVE-2017-15720 (In Apache Airflow 1.8.2 and earlier, an authenticated user can execute ...) + - airflow (bug #819700) +CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M ...) + NOT-FOR-US: Wicket jQuery UI +CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the pas ...) + - hadoop (bug #793644) +CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the org.apache.sling ...) + NOT-FOR-US: Apache Sling +CVE-2017-15716 + REJECTED +CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/6 +CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape u ...) + NOT-FOR-US: BIRT plugin in Apache OFBiz +CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before ...) + - hadoop (bug #793644) +CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 ...) + NOT-FOR-US: Apache Oozie +CVE-2017-15711 + REJECTED +CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29 ...) + {DSA-4164-1 DLA-1389-1} + - apache2 2.4.33-1 + NOTE: https://www.openwall.com/lists/oss-security/2018/03/24/8 +CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...) + {DLA-2583-1} + - activemq 5.15.3-1 (bug #890352) + [jessie] - activemq (Issue introduced with OpenWire protocol support) + [wheezy] - activemq (Issue introduced with OpenWire protocol support) +CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java R ...) + NOT-FOR-US: Apache Synapse +CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated J ...) + - libstruts1.2-java (Specific to 2.x) +CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat ...) + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.24-1 + [stretch] - tomcat8 (Issue introduced later) + [jessie] - tomcat8 (Issue introduced later) + - tomcat8.0 (unimportant) + NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java + - tomcat7 (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed) + NOTE: https://svn.apache.org/r1814828 (7.0.x) + NOTE: https://svn.apache.org/r1814827 (8.0.x) + NOTE: https://svn.apache.org/r1814826 (8.5.x) + NOTE: Introduced by fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=61201 + NOTE: https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E +CVE-2017-15705 (A denial of service vulnerability was identified that exists in Apache ...) + {DLA-1578-1} + - spamassassin 3.4.2-1 (bug #908969) + [stretch] - spamassassin 3.4.2-1~deb9u1 + NOTE: https://www.openwall.com/lists/oss-security/2018/09/16/1 +CVE-2017-15704 + REJECTED +CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL permi ...) + NOT-FOR-US: Apache NiFi +CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...) + - qpid-java (bug #840131) +CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the b ...) + - qpid-java (bug #840131) +CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid meth ...) + NOT-FOR-US: Apache Sling Authentication Service +CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch Ro ...) + - qpid-dispatch (bug #737776) + NOTE: https://www.openwall.com/lists/oss-security/2018/02/13/5 +CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache T ...) + {DSA-4118-1 DLA-1276-1} + - tomcat-native 1.2.16-1 + NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E + NOTE: http://svn.apache.org/r1815200 + NOTE: http://svn.apache.org/r1815218 + NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 +CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header containin ...) + NOT-FOR-US: Apache NiFi +CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure mode ...) + NOT-FOR-US: Apache Geode +CVE-2017-15695 (When an Apache Geode server versions 1.0.0 to 1.4.0 is configured with ...) + NOT-FOR-US: Apache Geode +CVE-2017-15694 (When an Apache Geode server versions 1.0.0 to 1.8.0 is operating in se ...) + NOT-FOR-US: Apache Geode +CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores application obj ...) + NOT-FOR-US: Apache Geode +CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator ...) + NOT-FOR-US: Apache Geode +CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0 ...) + - uimaj 2.10.2-1 (bug #897009) + [stretch] - uimaj (Minor issue) + [jessie] - uimaj (Minor issue) + [wheezy] - uimaj (Minor issue) + NOTE: https://uima.apache.org/security_report#CVE-2017-15691 +CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsin ...) + {DSA-4009-1} + - shadowsocks-libev 3.1.0+ds-2 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/ + NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734 + NOTE: https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275 +CVE-2017-15690 + RESERVED +CVE-2017-15689 + RESERVED +CVE-2017-15688 + RESERVED +CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7 ...) + NOT-FOR-US: Logitech +CVE-2017-15686 (Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15685 (Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity ( ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15684 (Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerabili ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15683 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15682 (In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is abl ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15681 (In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerabilit ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15680 (In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which ...) + NOT-FOR-US: Crafter CMS Crafter Studio +CVE-2017-15679 + RESERVED +CVE-2017-15678 + RESERVED +CVE-2017-15677 + RESERVED +CVE-2017-15676 + RESERVED +CVE-2017-15675 + RESERVED +CVE-2017-15674 + RESERVED +CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...) + NOT-FOR-US: CS-Cart +CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3 ...) + {DSA-4049-1 DLA-1630-1} + - ffmpeg 7:3.4-1 + - libav + NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904 +CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...) + [experimental] - glibc 2.26-0experimental0 + - glibc 2.25-3 (low; bug #879500) + [stretch] - glibc 2.24-11+deb9u4 + - eglibc (low) + [wheezy] - eglibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f +CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by- ...) + [experimental] - glibc 2.26-0experimental0 + - glibc 2.25-3 (low; bug #879501) + [stretch] - glibc 2.24-11+deb9u4 + - eglibc (low) + [wheezy] - eglibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c369d66e5426a30e4725b100d5cd28e372754f90 (master) + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a76376df7c07e577a9515c3faa5dbd50bda5da07 (release/2.26/master) +CVE-2017-15669 + RESERVED +CVE-2017-15668 + RESERVED +CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from ...) + NOT-FOR-US: Flexense SysGauge Server +CVE-2017-15666 + RESERVED +CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers f ...) + NOT-FOR-US: Flexense DiskBoss Enterprise +CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suff ...) + NOT-FOR-US: Flexense Sync Breeze Enterprise +CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffe ...) + NOT-FOR-US: Flexense Disk Pulse Enterprise +CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffer ...) + NOT-FOR-US: Flexense VX Search Enterprise +CVE-2017-15661 + RESERVED +CVE-2017-15660 + RESERVED +CVE-2017-15659 + RESERVED +CVE-2017-15658 + RESERVED +CVE-2017-15657 + RESERVED +CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all c ...) + NOT-FOR-US: HTTPd server in Asus asuswrt +CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...) + NOT-FOR-US: HTTPd server in Asus asuswrt +CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current v ...) + NOT-FOR-US: HTTPd server in Asus asuswrt +CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd serv ...) + NOT-FOR-US: HTTPd server in Asus asuswrt +CVE-2017-15652 (Artifex Ghostscript 9.22 is affected by: Obtain Information. The impac ...) + - ghostscript 9.25~dfsg-1 + [stretch] - ghostscript 9.25~dfsg-0+deb9u1 + [jessie] - ghostscript 9.26a~dfsg-0+deb8u1 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2fc463d0e (ghostpdl-9.23rc1) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698676 +CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated administ ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/008ba2a13f2d04c947adc536d19debb8fe66f110 + NOTE: Fixed by: https://git.kernel.org/linus/4971613c1639d8e5f102c4e797c3bf8f83a5a69e +CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the ...) + NOT-FOR-US: PHPSUGAR PHP Melody +CVE-2017-15647 (On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc v ...) + NOT-FOR-US: On FiberHome +CVE-2017-15646 (Webmin before 1.860 has XSS with resultant remote code execution. Unde ...) + - webmin +CVE-2017-15645 (CSRF exists in Webmin 1.850. By sending a GET request to at/create_job ...) + - webmin +CVE-2017-15644 (SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as d ...) + - webmin +CVE-2017-15643 (An active network attacker (MiTM) can achieve remote code execution on ...) + NOT-FOR-US: IKARUS Anti Virus +CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies ...) + - musl 1.1.17-1 + [stretch] - musl (Minor issue) + [jessie] - musl (Minor issue) + NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395 +CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there i ...) + {DLA-1695-1 DLA-1197-1} + - sox 14.4.2-2 (bug #882144) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: https://sourceforge.net/p/sox/bugs/298/ + NOTE: https://github.com/mansr/sox/commit/0be259eaa9ce3f3fa587a3ef0cf2c0b9c73167a2 +CVE-2017-15641 + RESERVED +CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip ...) + - phpipam (bug #731713) +CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypa ...) + NOT-FOR-US: Mura CMS +CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterpri ...) + NOT-FOR-US: SuSEfirewall2 in SUSE +CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing algorit ...) + - wordpress (bug #880868) + [bookworm] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + [bullseye] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + [buster] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + [stretch] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + [jessie] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + [wheezy] - wordpress (Minor issue, can be revisited with upstream has picked a new hashing solution) + NOTE: https://core.trac.wordpress.org/ticket/21022 + NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff + NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following. +CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated administrat ...) + NOT-FOR-US: TP-Link +CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...) + - mistune 0.8-1 (bug #879098) + [stretch] - mistune (Minor issue) + NOTE: https://github.com/lepture/mistune/pull/140 + NOTE: https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe +CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly gra ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special Gue ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext i ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-15608 (Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change ...) + NOT-FOR-US: Inedo ProGet +CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based r ...) + NOT-FOR-US: Inedo Otter +CVE-2017-15606 + RESERVED +CVE-2017-15605 + RESERVED +CVE-2017-15604 + RESERVED +CVE-2017-15603 + RESERVED +CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...) + {DLA-1198-1} + - libextractor 1:1.6-1 (low) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html + NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc +CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...) + {DLA-1198-1} + - libextractor 1:1.6-1 (low) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html + NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091 +CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the EX ...) + {DLA-1198-1} + - libextractor 1:1.6-1 (low) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695 + NOTE: Fixed by https://git.gnunet.org/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7 +CVE-2017-15599 + RESERVED +CVE-2017-15598 + RESERVED +CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...) + {DSA-4050-1 DLA-1549-1} + - xen 4.8.2+xsa245-0+deb9u1 + [wheezy] - xen (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-236.html +CVE-2017-15586 + RESERVED +CVE-2017-15585 + RESERVED +CVE-2017-15584 + RESERVED +CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to Lo ...) + NOT-FOR-US: ABB Fox515T 1.0 devices +CVE-2017-15582 (In net.MCrypt in the "Diary with lock" (aka WriteDiary) application 4. ...) + NOT-FOR-US: Diary with lock +CVE-2017-15581 (In the "Diary with lock" (aka WriteDiary) application 4.72 for Android ...) + NOT-FOR-US: Diary with lock +CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with a ...) + NOT-FOR-US: osTicket +CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pa ...) + NOT-FOR-US: PHPSUGAR PHP Melody +CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the imag ...) + NOT-FOR-US: PHPSUGAR PHP Melody +CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) MorphoSma ...) + NOT-FOR-US: IDEMIA +CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm b ...) + {DSA-4023-1} + - slurm-llnl 17.02.9-1 (bug #880530) + [jessie] - slurm-llnl (Vulnerable code introduced later) + [wheezy] - slurm-llnl (Vulnerable code introduced later) + NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public) + NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971 +CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageCo ...) + {DSA-4079-1 DLA-1177-1} + - poppler 0.61.1-2 (bug #879066) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016 + NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d +CVE-2017-15564 + REJECTED +CVE-2017-15563 + REJECTED +CVE-2017-15562 + REJECTED +CVE-2017-15561 + REJECTED +CVE-2017-15560 + REJECTED +CVE-2017-15559 + REJECTED +CVE-2017-15558 + REJECTED +CVE-2017-15557 + REJECTED +CVE-2017-15556 + REJECTED +CVE-2017-15555 + REJECTED +CVE-2017-15554 + REJECTED +CVE-2017-15553 + REJECTED +CVE-2017-15552 + REJECTED +CVE-2017-15551 + REJECTED +CVE-2017-15550 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) + NOT-FOR-US: EMC Avamar Server +CVE-2017-15549 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) + NOT-FOR-US: EMC Avamar Server +CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4. ...) + NOT-FOR-US: EMC Avamar Server +CVE-2017-15547 + REJECTED +CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and ...) + NOT-FOR-US: EMC RSA Authentication Manager +CVE-2017-15545 + REJECTED +CVE-2017-15544 + REJECTED +CVE-2017-15543 + REJECTED +CVE-2017-15542 + REJECTED +CVE-2017-15541 + REJECTED +CVE-2017-15540 + REJECTED +CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id pa ...) + NOT-FOR-US: zorovavi/blog +CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in pdf ...) + {DSA-4006-2 DSA-4006-1 DLA-1164-1} + - mupdf 1.11+ds1-2 (bug #879055) + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public) + NOTE: https://nandynarwhals.org/CVE-2017-15587/ +CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS befor ...) + - ilias (bug #195688) +CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...) + NOT-FOR-US: Cloudera Data Science Workbench +CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a disabled-by- ...) + - mongodb (wire protocol compression introduced in 3.4.x and disabled by default) + NOTE: https://jira.mongodb.org/browse/SERVER-31273 +CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...) + NOT-FOR-US: Noron App Lock +CVE-2017-15533 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, ...) + NOT-FOR-US: Symantec +CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a pa ...) + NOT-FOR-US: Symantec +CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does ...) + NOT-FOR-US: Symantec +CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) + NOT-FOR-US: Norton +CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...) + NOT-FOR-US: Norton +CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be susce ...) + NOT-FOR-US: Install Norton Security +CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be suscepti ...) + NOT-FOR-US: Symantec +CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...) + NOT-FOR-US: Symantec +CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptib ...) + NOT-FOR-US: Symantec +CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) comp ...) + NOT-FOR-US: Kemp Load Balancer +CVE-2017-15523 + REJECTED +CVE-2017-15522 + REJECTED +CVE-2017-15521 + REJECTED +CVE-2017-15520 + REJECTED +CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote ...) + NOT-FOR-US: SnapCenter +CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...) + NOT-FOR-US: NetApp +CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to o ...) + NOT-FOR-US: AltaVault OST Plug-in +CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...) + NOT-FOR-US: NetApp +CVE-2017-15515 (NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scr ...) + NOT-FOR-US: NetApp SnapCenter Server +CVE-2017-15514 + REJECTED +CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) + {DSA-4191-1} + - redmine 3.4.4-1 (bug #882544) + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/27186 (private) + NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3 + NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448 +CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) + {DSA-4191-1} + - redmine 3.4.4-1 (bug #882545) + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/27186 (private) + NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508 +CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) + {DSA-4191-1} + - redmine 3.4.4-1 (bug #882547) + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/27186 (private) + NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b +CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, X ...) + {DSA-4191-1} + - redmine 3.4.4-1 (bug #882548) + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/27186 (private) + NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa +CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because mar ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/25503 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can o ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/24416 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a che ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/24307 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/24199 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry rend ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/23803 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering o ...) + {DSA-4191-1} + - redmine 3.4.2-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: https://www.redmine.org/issues/23793 (private) + NOTE: upstream fixed in 3.2.6 and 3.3.3 +CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affectin ...) + - redmine 3.2.3-1 + [jessie] - redmine (Not supported in Jessie-LTS) + [wheezy] - redmine (Not supported in wheezy LTS) + NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories + NOTE: upstream fixed in 3.2.3 +CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...) + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/814fb7bb7db5433757d76f4c4502c96fc53b0b5e (v4.14-rc3) +CVE-2017-15513 + REJECTED +CVE-2017-15512 + REJECTED +CVE-2017-15511 + REJECTED +CVE-2017-15510 + REJECTED +CVE-2017-15509 + REJECTED +CVE-2017-15508 + REJECTED +CVE-2017-15507 + REJECTED +CVE-2017-15506 + REJECTED +CVE-2017-15505 + REJECTED +CVE-2017-15504 + REJECTED +CVE-2017-15503 + REJECTED +CVE-2017-15502 + REJECTED +CVE-2017-15501 + REJECTED +CVE-2017-15500 + REJECTED +CVE-2017-15499 + REJECTED +CVE-2017-15498 + REJECTED +CVE-2017-15497 + REJECTED +CVE-2017-15496 + REJECTED +CVE-2017-15495 + REJECTED +CVE-2017-15494 + REJECTED +CVE-2017-15493 + REJECTED +CVE-2017-15492 + REJECTED +CVE-2017-15491 + REJECTED +CVE-2017-15490 + REJECTED +CVE-2017-15489 + REJECTED +CVE-2017-15488 + REJECTED +CVE-2017-15487 + REJECTED +CVE-2017-15486 + REJECTED +CVE-2017-15485 + REJECTED +CVE-2017-15484 + REJECTED +CVE-2017-15483 + REJECTED +CVE-2017-15482 + REJECTED +CVE-2017-15481 + REJECTED +CVE-2017-15480 + REJECTED +CVE-2017-15479 + REJECTED +CVE-2017-15478 + REJECTED +CVE-2017-15477 + REJECTED +CVE-2017-15476 + REJECTED +CVE-2017-15475 + REJECTED +CVE-2017-15474 + REJECTED +CVE-2017-15473 + REJECTED +CVE-2017-15472 + REJECTED +CVE-2017-15471 + REJECTED +CVE-2017-15470 + REJECTED +CVE-2017-15469 + REJECTED +CVE-2017-15468 + REJECTED +CVE-2017-15467 + REJECTED +CVE-2017-15466 + REJECTED +CVE-2017-15465 + REJECTED +CVE-2017-15464 + REJECTED +CVE-2017-15463 + REJECTED +CVE-2017-15462 + REJECTED +CVE-2017-15461 + REJECTED +CVE-2017-15460 + REJECTED +CVE-2017-15459 + REJECTED +CVE-2017-15458 + REJECTED +CVE-2017-15457 + REJECTED +CVE-2017-15456 + REJECTED +CVE-2017-15455 + REJECTED +CVE-2017-15454 + REJECTED +CVE-2017-15453 + REJECTED +CVE-2017-15452 + REJECTED +CVE-2017-15451 + REJECTED +CVE-2017-15450 + REJECTED +CVE-2017-15449 + REJECTED +CVE-2017-15448 + REJECTED +CVE-2017-15447 + REJECTED +CVE-2017-15446 + REJECTED +CVE-2017-15445 + REJECTED +CVE-2017-15444 + REJECTED +CVE-2017-15443 + REJECTED +CVE-2017-15442 + REJECTED +CVE-2017-15441 + REJECTED +CVE-2017-15440 + REJECTED +CVE-2017-15439 + REJECTED +CVE-2017-15438 + REJECTED +CVE-2017-15437 + REJECTED +CVE-2017-15436 + REJECTED +CVE-2017-15435 + REJECTED +CVE-2017-15434 + REJECTED +CVE-2017-15433 + REJECTED +CVE-2017-15432 + REJECTED +CVE-2017-15431 + RESERVED +CVE-2017-15430 (Insufficient data validation in Chromecast plugin in Google Chrome pri ...) + - chromium-browser (Plugin specific to Chrome) +CVE-2017-15429 (Inappropriate implementation in V8 WebAssembly JS bindings in Google C ...) + {DSA-4103-1} + - chromium-browser 64.0.3282.119-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-15428 (Insufficient data validation in V8 builtins string generator could lea ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15427 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15426 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15425 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15424 (Insufficient policy enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15423 (Inappropriate implementation in BoringSSL SPAKE2 in Google Chrome prio ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15422 (Integer overflow in international date handling in International Compo ...) + {DSA-4150-1} + - icu 57.1-9 (bug #892766) + [wheezy] - icu (Vulnerable code not present) + NOTE: https://code.google.com/p/chromium/issues/detail?id=774382 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1523136 + NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654 +CVE-2017-15421 + RESERVED +CVE-2017-15420 (Incorrect handling of back navigations in error pages in Navigation in ...) + {DSA-4103-1 DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15419 (Insufficient policy enforcement in Resource Timing API in Google Chrom ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15418 (Use of uninitialized memory in Skia in Google Chrome prior to 63.0.323 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15417 (Inappropriate implementation in Skia canvas composite operations in Go ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15416 (Heap buffer overflow in Blob API in Google Chrome prior to 63.0.3239.8 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15415 (Incorrect serialization in IPC in Google Chrome prior to 63.0.3239.84 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15414 + RESERVED +CVE-2017-15413 (Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.323 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15412 (Use after free in libxml2 before 2.9.5, as used in Google Chrome prior ...) + {DSA-4086-1 DLA-1211-1} + - libxml2 2.9.4+dfsg1-5.2 (bug #883790) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public) + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/0f3b843b3534784ef57a4f9b874238aa1fda5a73 +CVE-2017-15411 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15410 (Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowe ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15409 (Heap buffer overflow in Skia in Google Chrome prior to 63.0.3239.84 al ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15408 (Heap buffer overflow in Omnibox in Google Chrome prior to 63.0.3239.84 ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15407 (Out-of-bounds Write in the QUIC networking stack in Google Chrome prio ...) + {DSA-4064-1} + - chromium-browser 63.0.3239.84-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15406 (A stack buffer overflow in V8 in Google Chrome prior to 62.0.3202.75 a ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-15405 (Inappropriate symlink handling and a race condition in the stateful re ...) + NOT-FOR-US: Chrome OS +CVE-2017-15404 (An ability to process crash dumps under root privileges and inappropri ...) + NOT-FOR-US: Chrome OS +CVE-2017-15403 (Insufficient data validation in crosh could lead to a command injectio ...) + NOT-FOR-US: Chrome OS +CVE-2017-15402 (Using an ID that can be controlled by a compromised renderer which all ...) + NOT-FOR-US: Chrome OS +CVE-2017-15401 (A memory corruption bug in WebAssembly could lead to out of bounds rea ...) + NOT-FOR-US: Chrome OS +CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS pr ...) + {DSA-4243-1} + - cups 2.2.3-2 + [jessie] - cups (Vulnerable code not present, ppdCreateFromIPP() introduced in v2.2.0) + [wheezy] - cups (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215 + NOTE: Patches from upstream to restrict what filters will be accpeted + NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2) + NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2) +CVE-2017-15399 (A use after free in V8 in Google Chrome prior to 62.0.3202.89 allowed ...) + {DSA-4024-1} + - chromium-browser 62.0.3202.89-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-15398 (A stack buffer overflow in the QUIC networking stack in Google Chrome ...) + {DSA-4024-1} + - chromium-browser 62.0.3202.89-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...) + NOT-FOR-US: ChromeVox in Google Chrome OS +CVE-2017-15396 (A stack buffer overflow in NumberingSystem in International Components ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 allow ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to 62.0.3202 ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior t ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to 62.0.3202. ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...) + - radare2 2.1.0+dfsg-1 (bug #879119) + [jessie] - radare2 (Vulnerable code introduced in 0.10.2) + [wheezy] - radare2 (Vulnerable code introduced in 0.10.2) + NOTE: https://github.com/radare/radare2/issues/8685 + NOTE: https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4 +CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action.) + NOT-FOR-US: Rate Me +CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploita ...) + NOT-FOR-US: Nero +CVE-2017-15382 + RESERVED +CVE-2017-15381 (SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/res ...) + NOT-FOR-US: E-Sic +CVE-2017-15380 (XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester ...) + NOT-FOR-US: E-Sic +CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka login) UR ...) + NOT-FOR-US: E-Sic +CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka th ...) + NOT-FOR-US: E-Sic +CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant c ...) + {DLA-1603-1} + - suricata 1:4.0.0-1 (low) + [stretch] - suricata (Minor issue) + [wheezy] - suricata (Vulnerable code introduced later) + NOTE: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57 + NOTE: https://redmine.openinfosecfoundation.org/issues/2231 + NOTE: introduced in https://github.com/OISF/suricata/commit/35f1f7e8d944a3 +CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require authenti ...) + NOT-FOR-US: Mobatek MobaXterm +CVE-2017-15375 (Multiple client-side cross site scripting vulnerabilities have been di ...) + NOT-FOR-US: WpJobBoard +CVE-2017-15374 (Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the cu ...) + NOT-FOR-US: Shopware +CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restri ...) + NOT-FOR-US: E-Sic +CVE-2017-15372 (There is a stack-based buffer overflow in the lsx_ms_adpcm_block_expan ...) + {DLA-1695-1 DLA-1197-1} + - sox 14.4.2-2 (bug #878808) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553 + NOTE: https://github.com/mansr/sox/commit/001c337552912d286ba68086ac378f6fdc1e8b50 +CVE-2017-15371 (There is a reachable assertion abort in the function sox_append_commen ...) + {DLA-1705-1 DLA-1197-1} + - sox 14.4.2-2 (bug #878809) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570 + NOTE: https://github.com/mansr/sox/commit/818bdd0ccc1e5b6cae742c740c17fd414935cf39 +CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of im ...) + {DLA-1695-1 DLA-1197-1} + - sox 14.4.2-2 (bug #878810) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554 + NOTE: https://github.com/mansr/sox/commit/ef3d8be0f80cbb650e4766b545d61e10d7a24c9e +CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF b ...) + - mupdf (Vulnerable code introduced later) + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a + NOTE: Introduced by: https://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592 +CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 al ...) + - radare2 2.1.0+dfsg-1 (bug #878767) + [jessie] - radare2 (Vulnerable code introduced in 2.0.0) + [wheezy] - radare2 (Vulnerable code introduced in 2.0.0) + NOTE: https://github.com/radare/radare2/issues/8673 + NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515 +CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vuln ...) + NOT-FOR-US: Bacula-Web +CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...) + NOT-FOR-US: Thornberry NDoc +CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...) + {DSA-4341-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 1:10.1.34-1 (bug #885345) + - mariadb-10.0 + [jessie] - mariadb-10.0 (vulnerable code not present) + - percona-xtrabackup + [jessie] - percona-xtrabackup (vulnerable code not present) + - mysql-5.7 + - mysql-5.5 (Vulnerable code not present) + NOTE: MariaDB: Fixed in 10.2.10, 10.1.30 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234 + NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html + NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified + NOTE: Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1) + NOTE: starting to be present in mariadb-10.1.1. +CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attacke ...) + NOT-FOR-US: ccsv +CVE-2017-15363 (Directory traversal vulnerability in public/examples/resources/getsour ...) + NOT-FOR-US: Luracast Restler +CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...) + NOT-FOR-US: osTicket +CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...) + NOT-FOR-US: Infineon RSA library +CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically ...) + NOT-FOR-US: 3CX Phone System +CVE-2017-15358 (Race condition in the Charles Proxy Settings suid binary in Charles Pr ...) + NOT-FOR-US: Charles Proxy +CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 fo ...) + NOT-FOR-US: Arq +CVE-2017-15356 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) + NOT-FOR-US: Huawei +CVE-2017-15355 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) + NOT-FOR-US: Huawei +CVE-2017-15354 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500 ...) + NOT-FOR-US: Huawei +CVE-2017-15353 (Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V ...) + NOT-FOR-US: Huawei +CVE-2017-15352 (Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, ...) + NOT-FOR-US: Huawei +CVE-2017-15351 (The 'Find Phone' function in Huawei Honor V9 play smart phones with ve ...) + NOT-FOR-US: Huawei +CVE-2017-15350 (The Common Open Policy Service Protocol (COPS) module in Huawei DP300 ...) + NOT-FOR-US: Huawei +CVE-2017-15349 (Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R0 ...) + NOT-FOR-US: Huawei +CVE-2017-15348 (Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R0 ...) + NOT-FOR-US: Huawei +CVE-2017-15347 (Huawei Mate 9 Pro mobile phones with software of versions earlier than ...) + NOT-FOR-US: Huawei +CVE-2017-15346 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...) + NOT-FOR-US: Huawei +CVE-2017-15345 (Huawei Smartphones with software LON-L29DC721B186 have a denial of ser ...) + NOT-FOR-US: Huawei +CVE-2017-15344 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...) + NOT-FOR-US: Huawei +CVE-2017-15343 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V20 ...) + NOT-FOR-US: Huawei +CVE-2017-15342 (Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace ...) + NOT-FOR-US: Huawei +CVE-2017-15341 (Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15340 (Huawei smartphones with software of TAG-AL00C92B168 have an informatio ...) + NOT-FOR-US: Huawei +CVE-2017-15339 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) + NOT-FOR-US: Huawei +CVE-2017-15338 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) + NOT-FOR-US: Huawei +CVE-2017-15337 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V1 ...) + NOT-FOR-US: Huawei +CVE-2017-15336 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15335 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15334 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15333 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00 ...) + NOT-FOR-US: Huawei +CVE-2017-15332 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...) + NOT-FOR-US: Huawei +CVE-2017-15331 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1 ...) + NOT-FOR-US: Huawei +CVE-2017-15330 (The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC ...) + NOT-FOR-US: Huawei +CVE-2017-15329 (Huawei UMA V200R001C00 has a SQL injection vulnerability in the operat ...) + NOT-FOR-US: Huawei +CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an authentic ...) + NOT-FOR-US: Huawei +CVE-2017-15327 (S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01 ...) + NOT-FOR-US: Huawei +CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algori ...) + NOT-FOR-US: Huawei +CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...) + NOT-FOR-US: Bdat driver of Prague smart phones +CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS vulnera ...) + NOT-FOR-US: Huawei +CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C3 ...) + NOT-FOR-US: Huawei +CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 a ...) + NOT-FOR-US: Huawei +CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an informat ...) + NOT-FOR-US: Huawei +CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R00 ...) + NOT-FOR-US: Huawei +CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V20 ...) + NOT-FOR-US: Huawei +CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before MHA- ...) + NOT-FOR-US: Huawei +CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, N ...) + NOT-FOR-US: Huawei +CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V ...) + NOT-FOR-US: Huawei +CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An rem ...) + NOT-FOR-US: Huawei +CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) v ...) + NOT-FOR-US: Huawei +CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro Huawe ...) + NOT-FOR-US: Huawei +CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion vul ...) + NOT-FOR-US: Huawei +CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...) + NOT-FOR-US: Huawei +CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation vulnerabil ...) + NOT-FOR-US: Huawei +CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than FRD-L04C ...) + NOT-FOR-US: Huawei +CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc. ...) + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 (4.14-rc7) +CVE-2017-15305 (XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php.) + NOT-FOR-US: NexusPHP +CVE-2017-15304 (/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmwa ...) + NOT-FOR-US: Airtame HDMI dongle +CVE-2017-15303 (In CPUID CPU-Z before 1.43, there is an arbitrary memory write that re ...) + NOT-FOR-US: CPUID CPU-Z +CVE-2017-15302 (In CPUID CPU-Z through 1.81, there are improper access rights to a ker ...) + NOT-FOR-US: CPUID CPU-Z +CVE-2017-15301 + RESERVED +CVE-2017-15300 (The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b ...) + NOT-FOR-US: EWBF Cuda Zcash Miner +CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use o ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6) +CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows rem ...) + - git 1:2.16.1-1 (unimportant) + NOTE: https://kate.io/blog/git-bomb/ + NOTE: https://github.com/Katee/git-bomb + NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a937b37e766479c8e780b17cce9c4b252fd97e40 + NOTE: No practical security implications +CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP SAPContro ...) + NOT-FOR-US: SAP +CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note 2478 ...) + NOT-FOR-US: SAP +CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for read/writ ...) + NOT-FOR-US: SAP +CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP Securi ...) + NOT-FOR-US: SAP +CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...) + NOT-FOR-US: SAP +CVE-2017-15292 + RESERVED +CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering ...) + NOT-FOR-US: TP-Link TL-MR3220 wireless routers +CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before 7.5 ...) + NOT-FOR-US: Mirasys Video Management System +CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...) + {DSA-4050-1 DLA-1559-1} + - xen 4.8.2+xsa245-0+deb9u1 + [wheezy] - xen (minor issue) + NOTE: https://xenbits.xen.org/xsa/advisory-244.html +CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DSA-4050-1 DLA-1559-1 DLA-1181-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-243.html +CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DSA-4050-1 DLA-1559-1 DLA-1181-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-242.html +CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DSA-4050-1 DLA-1549-1 DLA-1181-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-241.html +CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...) + {DSA-4050-1 DLA-1559-1 DLA-1181-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-240.html +CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...) + {DSA-4050-1 DLA-1549-1 DLA-1181-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-239.html +CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...) + {DSA-4050-1} + - xen 4.8.2+xsa245-0+deb9u1 + [jessie] - xen (Only affects 4.5 and later) + [wheezy] - xen (Only affects 4.5 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-238.html +CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS use ...) + {DSA-4050-1 DLA-1549-1} + - xen 4.8.2+xsa245-0+deb9u1 + [wheezy] - xen (Patches too intrusive to backport) + NOTE: https://xenbits.xen.org/xsa/advisory-237.html +CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...) + {DSA-4213-1 DLA-1497-1} + - qemu 1:2.11+dfsg-1 (bug #880832) + [wheezy] - qemu (Can be fixed along in a future update) + - qemu-kvm + [wheezy] - qemu-kvm (Can be fixed along in a future update) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html + NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51 +CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...) + - scala 2.11.12-1 (unimportant) + NOTE: http://scala-lang.org/news/security-update-nov17.html + NOTE: For 2.11.x: https://github.com/scala/scala/pull/6108 + NOTE: For 2.12.x: https://github.com/scala/scala/pull/6120 + NOTE: For 2.10.x: https://github.com/scala/scala/pull/6128 + NOTE: Neutralised by kernel hardening +CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dream ...) + NOT-FOR-US: BouquetEditor WebPlugin +CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in she ...) + - sqlite3 3.20.1-2 (low; bug #878680) + [stretch] - sqlite3 (Vulnerable code introduced later) + [jessie] - sqlite3 (Vulnerable code introduced later) + [wheezy] - sqlite3 (Vulnerable code not present) + - sqlite (Vulnerable code not present) + NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md + NOTE: https://www.sqlite.org/src/info/5d0ceb8dcdef92cd +CVE-2017-15285 (X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Co ...) + NOT-FOR-US: X-Cart +CVE-2017-15284 (Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), all ...) + NOT-FOR-US: OctoberCMS +CVE-2017-15283 + RESERVED +CVE-2017-15282 + RESERVED +CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote atta ...) + {DLA-2366-1 DLA-1785-1 DLA-1139-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/832 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e + NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb +CVE-2017-15280 (XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 al ...) + NOT-FOR-US: Umbraco CMS +CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 a ...) + NOT-FOR-US: Umbraco CMS +CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...) + - teampass (bug #730180) +CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...) + {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1456-1 DLA-1140-1 DLA-1139-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #878578) + - graphicsmagick 1.3.26-14 + NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/592 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/923c4a525c99 + NOTE: https://github.com/neex/gifoeb +CVE-2017-15276 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-15275 (Samba before 4.7.3 might allow remote attackers to obtain sensitive in ...) + {DSA-4043-1 DLA-1183-1} + - samba 2:4.7.1+dfsg-2 + NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html +CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not cons ...) + - linux 4.11.6-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux 3.16.48-1 + [wheezy] - linux 3.2.93-1 + NOTE: Fixed by: https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5) +CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...) + - mahara + NOTE: https://mahara.org/interaction/forum/topic.php?id=8081 +CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSF ...) + NOT-FOR-US: PSFTPd +CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP compone ...) + NOT-FOR-US: PSFTPd +CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data befor ...) + NOT-FOR-US: PSFTPd +CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans b ...) + NOT-FOR-US: PSFTPd +CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...) + {DSA-4213-1} + - qemu 1:2.11+dfsg-1 (bug #880836) + [jessie] - qemu (I/O channels driver websockets introduced later) + [wheezy] - qemu (I/O channels driver websockets introduced later) + - qemu-kvm (I/O channels driver websockets introduced later) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1496879 + NOTE: https://bugs.launchpad.net/bugs/1718964 + NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493 +CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in flac_m ...) + {DLA-1198-1} + - libextractor 1:1.6-1 (bug #878314) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html + NOTE: http://openwall.com/lists/oss-security/2017/10/11/1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600 + NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2 +CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_ex ...) + {DLA-1198-1} + - libextractor 1:1.6-1 (bug #878314) + [stretch] - libextractor 1:1.3-4+deb9u1 + [jessie] - libextractor 1:1.3-2+deb8u1 + NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html + NOTE: http://openwall.com/lists/oss-security/2017/10/11/1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599 + NOTE: Fixed by: https://git.gnunet.org/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2 +CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...) + {DLA-1200-1} + - linux 4.13.4-2 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520 + NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html +CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of s ...) + NOT-FOR-US: IrfanView +CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows att ...) + NOT-FOR-US: IrfanView +CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a use-aft ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-14 + [jessie] - graphicsmagick (Vulnerable code not present) + [wheezy] - graphicsmagick (Vulnerable code do not exist) + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=df946910910d + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/469/ +CVE-2017-15237 + RESERVED +CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain propr ...) + NOT-FOR-US: Tiandy IP cameras +CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allo ...) + {DLA-2352-1} + - php-horde-gollem 3.0.12-1 + [jessie] - php-horde-gollem (Minor issue) + NOTE: https://blogs.securiteam.com/index.php/archives/3454 + NOTE: https://lists.horde.org/archives/announce/2017/001260.html + NOTE: https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51 +CVE-2017-15234 + RESERVED +CVE-2017-15233 + RESERVED +CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and j ...) + - libjpeg-turbo 1:2.0.5-1 (unimportant; bug #878567) + - libjpeg6b (Vulnerable code not present) + - libjpeg8 (Vulnerable code not present) + - libjpeg9 (Vulnerable code not present) + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182 + NOTE: https://github.com/mozilla/mozjpeg/issues/268 + NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/073b0e88a192adebbb479ee2456beb089d8b5de7 + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/5bc43c7821df982f65aa1c738f67fbf7cba8bd69 + NOTE: Crash in CLI tools, no security impact +CVE-2017-15231 + RESERVED +CVE-2017-15230 + RESERVED +CVE-2017-15229 + RESERVED +CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated colour fo ...) + {DSA-4016-1 DLA-1217-1} + - irssi 1.0.5-1 (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt + NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 +CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel synchronisation, may ...) + {DSA-4016-1 DLA-1217-1} + - irssi 1.0.5-1 (bug #879521) + NOTE: https://irssi.org/security/irssi_sa_2017_10.txt + NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1 +CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the o ...) + NOT-FOR-US: Zyxel +CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descript ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22212 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0 +CVE-2017-15224 + RESERVED +CVE-2017-15223 (Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 a ...) + NOT-FOR-US: ArGoSoft Mini Mail Server +CVE-2017-15222 (Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows r ...) + NOT-FOR-US: Ayukov NFTPD +CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a cr ...) + NOT-FOR-US: ASX to MP3 converter +CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overfl ...) + NOT-FOR-US: Flexense VX Search Enterprise +CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Script ...) + NOT-FOR-US: dotCMS +CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in coders/png ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/760 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844 +CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c.) + [experimental] - imagemagick 8:6.9.9.34+dfsg-1 + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/759 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076 +CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 a ...) + - piwigo +CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...) + - piwigo +CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete acti ...) + NOT-FOR-US: MISP +CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticate ...) + - shaarli (Fixed before initial re-upload to the archive) +CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...) + NOT-FOR-US: Flyspray +CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenti ...) + NOT-FOR-US: Flyspray +CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated use ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector cou ...) + - wireshark 2.4.2-1 (low) + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056 + NOTE: https://code.wireshark.org/review/23537 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-43.html +CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector c ...) + - wireshark 2.4.2-1 (low) + [jessie] - wireshark (Vulnerable code introduced in version 1.99) + [wheezy] - wireshark (Vulnerable code introduced in version 1.99) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049 + NOTE: https://code.wireshark.org/review/23470 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html +CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the ...) + {DLA-1634-1} + - wireshark 2.4.2-1 (low) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068 + NOTE: https://code.wireshark.org/review/23591 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-44.html +CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was ...) + - wireshark 2.4.2-1 (low) + [stretch] - wireshark (Only affects 2.4) + [jessie] - wireshark (Only affects 2.4) + [wheezy] - wireshark (Only affects 2.4) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077 + NOTE: https://code.wireshark.org/review/23635 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html +CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an inf ...) + - wireshark 2.4.2-1 (low) + [jessie] - wireshark (vulnerable code not present) + [wheezy] - wireshark (vulnerable code not present) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080 + NOTE: https://code.wireshark.org/review/23663 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-46.html + NOTE: vulnerable introduced in https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3e1828e35188e1 +CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web inter ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-15187 + RESERVED +CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...) + - cacti 1.1.25+ds1-1 (bug #878304) + [stretch] - cacti (Vulnerable code introduced in 1.0.0) + [jessie] - cacti (Vulnerable code introduced in 1.0.0) + [wheezy] - cacti (Vulnerable code introduced in 1.0.0) + NOTE: https://github.com/Cacti/cacti/issues/1010 + NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd + NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d +CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote at ...) + {DSA-4049-1} + - ffmpeg 7:3.4-1 + - libav + [jessie] - libav (vulnerable code was introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2017/10/20/4 + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa +CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_cle ...) + - mp3splt 2.6.2+20170630-2 + [jessie] - mp3splt (Vulnerable code not present) + [wheezy] - mp3splt (Vulnerable code does not exist) + - libmp3splt + [stretch] - libmp3splt (Minor issue) + [jessie] - libmp3splt (Minor issue) + [wheezy] - libmp3splt (Minor issue) + NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932 +CVE-2017-15184 + REJECTED +CVE-2017-15183 + REJECTED +CVE-2017-15182 + REJECTED +CVE-2017-15181 + REJECTED +CVE-2017-15180 + REJECTED +CVE-2017-15179 + REJECTED +CVE-2017-15178 + REJECTED +CVE-2017-15177 + REJECTED +CVE-2017-15176 + REJECTED +CVE-2017-15175 + REJECTED +CVE-2017-15174 + REJECTED +CVE-2017-15173 + REJECTED +CVE-2017-15172 + REJECTED +CVE-2017-15171 + REJECTED +CVE-2017-15170 + REJECTED +CVE-2017-15169 + REJECTED +CVE-2017-15168 + REJECTED +CVE-2017-15167 + REJECTED +CVE-2017-15166 + REJECTED +CVE-2017-15165 + REJECTED +CVE-2017-15164 + REJECTED +CVE-2017-15163 + REJECTED +CVE-2017-15162 + REJECTED +CVE-2017-15161 + REJECTED +CVE-2017-15160 + REJECTED +CVE-2017-15159 + REJECTED +CVE-2017-15158 + REJECTED +CVE-2017-15157 + REJECTED +CVE-2017-15156 + REJECTED +CVE-2017-15155 + REJECTED +CVE-2017-15154 + REJECTED +CVE-2017-15153 + REJECTED +CVE-2017-15152 + REJECTED +CVE-2017-15151 + REJECTED +CVE-2017-15150 + REJECTED +CVE-2017-15149 + REJECTED +CVE-2017-15148 + REJECTED +CVE-2017-15147 + REJECTED +CVE-2017-15146 + REJECTED +CVE-2017-15145 + REJECTED +CVE-2017-15144 + REJECTED +CVE-2017-15143 + REJECTED +CVE-2017-15142 + REJECTED +CVE-2017-15141 + REJECTED +CVE-2017-15140 + REJECTED +CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...) + [experimental] - cinder 2:13.0.0-1 + - cinder 2:13.0.0-2 + [stretch] - cinder (Minor issue) + [jessie] - cinder (ScaleIO Driver support does not exist) + NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0084 + NOTE: https://bugs.launchpad.net/ossn/+bug/1699573 +CVE-2017-15138 (The OpenShift Enterprise cluster-read can access webhook tokens which ...) + NOT-FOR-US: atomic-openshift +CVE-2017-15137 (The OpenShift image import whitelist failed to enforce restrictions co ...) + NOT-FOR-US: atomic-openshift +CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...) + NOT-FOR-US: Red Hat Satellite 6 +CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0. ...) + - 389-ds-base 1.3.7.9-1 (bug #888451) + [stretch] - 389-ds-base (Affected code was never backported) + [jessie] - 389-ds-base (vulnerable code (patch for CVE-2016-5405) not applied) +CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...) + {DLA-1428-1} + - 389-ds-base 1.3.7.9-1 (bug #888452) + [stretch] - 389-ds-base (Minor issue) + NOTE: Fixed by: https://pagure.io/389-ds-base/c/6aa2acdc3cad9 +CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...) + - golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777) + [stretch] - golang-github-miekg-dns (Minor issue) + NOTE: https://github.com/miekg/dns/issues/627 + NOTE: https://github.com/miekg/dns/pull/631 +CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SA ...) + {DSA-4130-1 DLA-1333-1} + - dovecot 1:2.2.34-1 (bug #888432) + NOTE: Fixed by: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch + NOTE: Regression fix needed on top: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22 +CVE-2017-15131 (It was found that system umask policy is not being honored when creati ...) + - xdg-user-dirs (unimportant) + NOTE: The CVE relates that created directories by xdg-user-dirs might not + NOTE: respect a system policy for user created files by setting a umask + NOTE: system-wide in e.g. /etc/profile due to xdg-user-dirs beeing invoked + NOTE: from Xsession scripts. This can be mitigated by e.g. using pam_umask + NOTE: on session start and having it when xdg-user-dirs is executed. + NOTE: In Debian xdg-user-dirs starting from 0.15-3 replaces the use of + NOTE: /etc/X11/Xsession.d/*xdg-user-dirs-update with an autostart .desktop + NOTE: file for user-dirs-update primarly to work as well with Wayland + NOTE: sessions. + NOTE: Enforcements can be achieved e.g. by using pam_umask. + NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303 +CVE-2017-15130 (A denial of service flaw was found in dovecot before 2.2.34. An attack ...) + {DSA-4130-1 DLA-1333-1} + - dovecot 1:2.2.34-1 (bug #891820) + NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html + NOTE: https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391 + NOTE: https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21 + NOTE: https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1 + NOTE: https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f + NOTE: https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb + NOTE: https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1 +CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code af ...) + - linux 4.14.12-1 + [stretch] - linux 4.9.80-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0 +CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...) + - linux 4.13.13-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html +CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetl ...) + - linux 3.13.4-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995 +CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kerne ...) + - linux 4.13.10-1 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/384632e67e0829deb8015ee6ad916b180049d252 +CVE-2017-15125 (A flaw was found in CloudForms before 5.9.0.22 in the self-service UI ...) + NOT-FOR-US: Red Hat CloudForms +CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older wa ...) + {DSA-4213-1} + - qemu 1:2.12~rc3+dfsg-1 (bug #884806) + [jessie] - qemu (invasive patch, also builds on 2.5 socket refactoring, tentative backport crashes, no other distro fix for 2.1) + [wheezy] - qemu (Can be fixed along in later update) + - qemu-kvm + [wheezy] - qemu-kvm (Can be fixed along in later update) + NOTE: https://www.openwall.com/lists/oss-security/2017/12/19/4 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg03705.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-02/msg00796.html +CVE-2017-15123 (A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, ...) + NOT-FOR-US: CloudForms +CVE-2017-15122 + REJECTED +CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on RHEL 6 or ...) + - linux 3.11.5-1 + [wheezy] - linux (Too much work to backport) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1520893 + NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1) +CVE-2017-15120 (An issue has been found in the parsing of authoritative answers in Pow ...) + {DSA-4063-1} + - pdns-recursor 4.1.0-1 + [jessie] - pdns-recursor (Vulnerable code introduced in 4.0.0) + [wheezy] - pdns-recursor (Vulnerable code introduced in 4.0.0) + NOTE: Patch: https://downloads.powerdns.com/patches/2017-08 + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html +CVE-2017-15119 (The Network Block Device (NBD) server in Quick Emulator (QEMU) before ...) + {DSA-4213-1} + - qemu 1:2.11+dfsg-1 (bug #883399) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code introduced later) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html +CVE-2017-15118 (A stack-based buffer overflow vulnerability was found in NBD server im ...) + - qemu 1:2.11+dfsg-1 (bug #883406) + [stretch] - qemu (Vulnerable code introduced in 2.10) + [jessie] - qemu (Vulnerable code introduced in 2.10) + [wheezy] - qemu (Vulnerable code introduced in 2.10) + - qemu-kvm (Vulnerable code introduced in 2.10) + NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=f37708f6b8 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html +CVE-2017-15117 + REJECTED +CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before 4 ...) + - linux 4.2.1-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...) + {DLA-1200-1} + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6) +CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) t ...) + - tripleo-heat-templates (Vulnerability introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015 + NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370 + NOTE: TLS libvirt live migration disabled in: https://review.openstack.org/#/c/519015/ + NOTE: TLS libvirt live migration introduced in: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa740c5e49994ffdd3a5aa1f43a0305c8e5a0b3a + NOTE: Re-enabled libvirt TLS with SASL auth: + NOTE: https://bugs.launchpad.net/tripleo/+bug/1732479 +CVE-2017-15113 (ovirt-engine before version 4.1.7.6 with log level set to DEBUG includ ...) + NOT-FOR-US: ovirt-engine +CVE-2017-15112 (keycloak-httpd-client-install versions before 0.8 allow users to insec ...) + NOT-FOR-US: Keycloak +CVE-2017-15111 (keycloak-httpd-client-install versions before 0.8 insecurely creates t ...) + NOT-FOR-US: Keycloak +CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...) + - moodle +CVE-2017-15109 + REJECTED +CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...) + {DLA-2524-1} + - spice-vdagent 0.18.0-1 (bug #883238) + [jessie] - spice-vdagent (Minor issue) + [wheezy] - spice-vdagent (Vulnerable code not present) + NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864 +CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq u ...) + - dnsmasq 2.79-1 (bug #888200) + [stretch] - dnsmasq (Minor issue) + [jessie] - dnsmasq (Minor issue) + [wheezy] - dnsmasq (Minor issue) + NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=cd7df612b14ec1bf831a966ccaf076be0dae7404 + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be +CVE-2017-15106 + REJECTED +CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated wildcard-sy ...) + {DLA-1676-1 DLA-1264-1} + - unbound 1.7.1-1 (bug #887733) + [stretch] - unbound 1.6.0-3+deb9u2 + NOTE: https://unbound.net/downloads/CVE-2017-15105.txt + NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff + NOTE: https://medium.com/nlnetlabs/the-peculiar-case-of-nsec-processing-using-expanded-wildcard-records-ae8285f236be +CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json configurat ...) + - heketi (bug #903384) +CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API han ...) + - heketi (bug #903384) +CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the Lin ...) + - linux 4.7.8-1 + [jessie] - linux 3.16.43-1 + [wheezy] - linux 3.2.86-1 + NOTE: Fixed by: https://git.kernel.org/linus/2fae9e5a7babada041e2e161699ade2447a01989 (4.9-rc1) +CVE-2017-15101 (A missing patch for a stack-based buffer overflow in findTable() was f ...) + - liblouis (Incomplete fix not applied in Debian) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023 +CVE-2017-15100 (An attacker submitting facts to the Foreman server containing HTML can ...) + - foreman (bug #663101) +CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10 ...) + {DSA-4028-1} + - postgresql-10 10.1-1 + - postgresql-9.6 + - postgresql-9.4 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) + - postgresql-9.1 (ON CONFLICT DO UPDATE and RLS introduced in 9.5) +CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function c ...) + {DSA-4028-1 DSA-4027-1} + - postgresql-10 10.1-1 + - postgresql-9.6 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + [wheezy] - postgresql-9.1 (Vulnerable code does not exist) +CVE-2017-15097 (Privilege escalation flaws were found in the Red Hat initialization sc ...) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1508985 + NOTE: Similar issues as CVE-2016-1255 in Debian + NOT-FOR-US: Red Hat specific provides scripts for starting the database server during system boot and for initializing the database +CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null pointe ...) + - glusterfs 3.12.2-2 (bug #880017) + [stretch] - glusterfs (Vulnerable code introduced later) + [jessie] - glusterfs (Vulnerable code introduced later) + [wheezy] - glusterfs (Vulnerable code introduced later) + NOTE: https://review.gluster.org/18538 (master) + NOTE: https://review.gluster.org/18539 (release-3.10) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928 + NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac +CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...) + {DSA-4037-1 DLA-2342-1 DLA-2091-1} + - jackson-databind 2.9.1-1 + - libjackson-json-java 1.9.13-2 + [buster] - libjackson-json-java 1.9.13-2~deb10u1 + NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1) + NOTE: misses the further sets of blacklists, in particular as well + NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835 + NOTE: which was already for CVE-2017-7525 but then the further tickets and patches + NOTE: to block more dangerous types (at leas they are): + NOTE: https://github.com/FasterXML/jackson-databind/issues/1680 + NOTE: https://github.com/FasterXML/jackson-databind/issues/1723 + NOTE: https://github.com/FasterXML/jackson-databind/issues/1737 + NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1 + NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba + NOTE: This CVE-2017-15095 should be considered to include everything in + NOTE: NO_DESER_CLASS_NAMES as of: + NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43 + NOTE: Details: https://www.openwall.com/lists/oss-security/2017/11/02/3 + NOTE: For libjackson-json-java: + NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31 +CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS Recurso ...) + - pdns-recursor 4.0.7-1 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html + NOTE: https://downloads.powerdns.com/patches/2017-07/ +CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...) + - pdns-recursor 4.0.7-1 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 + [jessie] - pdns-recursor 3.6.2-2+deb8u4 + [wheezy] - pdns-recursor (Vulnerable code introduced later) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html + NOTE: https://downloads.powerdns.com/patches/2017-06/ +CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of Po ...) + - pdns-recursor 4.0.7-1 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html + NOTE: https://downloads.powerdns.com/patches/2017-05/ +CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...) + - pdns 4.0.5-1 + [stretch] - pdns 4.0.3-1+deb9u2 + [jessie] - pdns 3.4.1-4+deb8u8 + [wheezy] - pdns (Vulnerable code not present) + NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html + NOTE: https://downloads.powerdns.com/patches/2017-04/ +CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...) + - pdns-recursor 4.0.7-1 + [stretch] - pdns-recursor 4.0.4-1+deb9u2 + [jessie] - pdns-recursor (Issue introduced in 4.0.0) + [wheezy] - pdns-recursor (Issue introduced in 4.0.0) + NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html + NOTE: https://downloads.powerdns.com/patches/2017-03/ +CVE-2017-15089 (It was found that the Hotrod client in Infinispan before 9.2.0.CR1 wou ...) + NOT-FOR-US: infinispan +CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...) + - krb5 1.15.2-2 (unimportant; bug #871698) + NOTE: https://github.com/krb5/krb5/pull/707 + NOTE: Fixed by: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4 + NOTE: Red Hat eanbled the code in question in the KDC and thus having it + NOTE: exposed as network-facing issue. For Debian and upstream the code only + NOTE: runs on client systems, and only with a certificate that is explicitly + NOTE: configured locally, leading to a local kinit crash if passed a crafted + NOTE: local certificate. This is hardly has any harmful security implication. +CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly shi ...) + - samba (Incomplete Red Hat backport for CVE-2017-12163) +CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly shi ...) + - samba (Incomplete Red Hat backport for CVE-2017-12151) +CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly shi ...) + - samba (Incomplete Red Hat backport for CVE-2017-12150) +CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout C ...) + NOT-FOR-US: Metasploit Framework +CVE-2017-15083 + REJECTED +CVE-2017-15082 + RESERVED +CVE-2017-15081 (In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlis ...) + NOT-FOR-US: PHPSUGAR PHP Melody CMS +CVE-2017-15080 + RESERVED +CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for W ...) + NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress +CVE-2017-15078 + REJECTED +CVE-2017-15077 + REJECTED +CVE-2017-15076 + REJECTED +CVE-2017-15075 + REJECTED +CVE-2017-15074 + REJECTED +CVE-2017-15073 + REJECTED +CVE-2017-15072 + REJECTED +CVE-2017-15071 + REJECTED +CVE-2017-15070 + REJECTED +CVE-2017-15069 + REJECTED +CVE-2017-15068 + REJECTED +CVE-2017-15067 + REJECTED +CVE-2017-15066 + REJECTED +CVE-2017-15065 + REJECTED +CVE-2017-15064 + REJECTED +CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...) + - koji 1.16.0-1 (bug #877921) + [stretch] - koji 1.10.0-1+deb9u1 + NOTE: https://pagure.io/koji/issue/563 + NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3 +CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, i ...) + {DSA-4007-1 DLA-1143-1} + - curl 7.56.1-1 + NOTE: https://curl.haxx.se/docs/adv_20171023.html +CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad default configu ...) + {DSA-4003-1} + - libvirt 3.8.0-3 (bug #878799) + [jessie] - libvirt (Vulnerable code introduced later) + [wheezy] - libvirt (Vulnerable code introduced later) + NOTE: https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html + NOTE: https://security.libvirt.org/2017/0002.html + NOTE: Broken by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ce61c16450d4992612d1fc6f39a39e79bfccead5 (master) + NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157 (master) +CVE-2017-1000255 (On Linux running on PowerPC hardware (Power8 or later) a user process ...) + - linux 4.13.4-2 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/265e60a170d0a0ecfc2d20490134ed2c48dd45ab +CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and ...) + NOT-FOR-US: Subrion CMS +CVE-2017-15062 + RESERVED +CVE-2017-15061 + RESERVED +CVE-2017-15060 + RESERVED +CVE-2017-15059 + RESERVED +CVE-2017-15058 + RESERVED +CVE-2017-15057 + RESERVED +CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote a ...) + - upx-ucl 3.94-4 (unimportant) + NOTE: https://github.com/upx/upx/issues/128 + NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317 + NOTE: crash in CLI tool, no security impact +CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...) + - teampass (bug #730180) +CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before 2.1 ...) + - teampass (bug #730180) +CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...) + - teampass (bug #730180) +CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access cont ...) + - teampass (bug #730180) +CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...) + - teampass (bug #730180) +CVE-2017-15050 + RESERVED +CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900 ...) + NOT-FOR-US: Zoom +CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom cli ...) + NOT-FOR-US: Zoom +CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows atta ...) + - redis 4:4.0.2-5 (bug #878076; unimportant) + [jessie] - redis (Vulnerable code introduced later) + [wheezy] - redis (Vulnerable code introduced later) + NOTE: https://github.com/antirez/redis/issues/4278 + NOTE: Pull request: https://github.com/antirez/redis/pull/4365 +CVE-2017-15046 (LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based ...) + - lame 3.99.5+repack1-8 + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://sourceforge.net/p/lame/bugs/479/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-15045 (LAME 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4, 3.99.5, 3.98.4, 3.98.2 and ...) + - lame 3.99.5+repack1-8 + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://sourceforge.net/p/lame/bugs/478/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through 6. ...) + NOT-FOR-US: DocuWare Fulltext Search server +CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS ...) + NOT-FOR-US: Sierra Wireless AirLink routers +CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x befo ...) + - golang-1.9 1.9.1-1 + - golang-1.8 1.8.4-1 + [stretch] - golang-1.8 (Minor issue, would require rebuilds of affected go-based packages) + - golang-1.7 + [stretch] - golang-1.7 (Minor issue, would require rebuilds of affected go-based packages) + - golang + [jessie] - golang (Minor issue, would require rebuilds of affected go packages in oldstable) + [wheezy] - golang (Vulnerable code introduced later in version 1.1) + NOTE: https://github.com/golang/go/issues/22134 + NOTE: https://golang.org/cl/68023 + NOTE: https://golang.org/cl/68210 + NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ +CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command ...) + {DLA-2592-1 DLA-2591-1 DLA-1148-1} + - golang-1.9 1.9.1-1 + - golang-1.8 1.8.4-1 + - golang-1.7 + - golang + [jessie] - golang (Minor issue) + NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/ + NOTE: https://github.com/golang/go/issues/22125 + NOTE: https://golang.org/cl/68022 (1.9.x) + NOTE: https://golang.org/cl/68190 (1.8.x) + NOTE: https://github.com/golang/go/commit/533ee44cd45c064608ee2b833af9e86ef1cb294e (regression) + NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ +CVE-2017-15040 + RESERVED +CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a da ...) + NOT-FOR-US: Zurmo +CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...) + {DSA-4213-1 DLA-1497-1 DLA-1129-1 DLA-1128-1} + - qemu 1:2.10.0+dfsg-2 (bug #877890) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html +CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_s ...) + - kfreebsd-10 (unimportant; bug #877903) + NOTE: kfreebsd not covered by security support +CVE-2017-15036 + RESERVED +CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial ...) + NOT-FOR-US: EmTec PyroBatchFTP +CVE-2017-15034 + RESERVED +CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/pull/756 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683 +CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage i ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/pull/752 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0 +CVE-2017-15031 (In all versions of ARM Trusted Firmware up to and including v1.4, not ...) + NOT-FOR-US: ARM Trusted Firmware +CVE-2017-15030 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-15029 (Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-15028 + RESERVED +CVE-2017-15027 + RESERVED +CVE-2017-15026 + RESERVED +CVE-2017-15025 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48 +CVE-2017-15024 (find_abstract_instance_name in dwarf2.c in the Binary File Descriptor ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22187 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2 +CVE-2017-15023 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22200 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf + NOTE: When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e. + NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939 +CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22201 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8 +CVE-2017-15021 (bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (B ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22197 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d +CVE-2017-15020 (dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5 +CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init func ...) + - lame 3.100-1 + [stretch] - lame (Minor issue) + [jessie] - lame (Minor issue) + NOTE: https://sourceforge.net/p/lame/bugs/477/ +CVE-2017-15018 (LAME 3.99.5, 3.99.4, 3.99.3, 3.99.2, 3.99.1, 3.99, 3.98.4, 3.98.2 and ...) + - lame 3.99.5+repack1-8 + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://sourceforge.net/p/lame/bugs/480/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/723 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375 +CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) + {DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/725 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905 + NOTE: emf.c not compiled under Debian +CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability i ...) + {DLA-2366-1 DLA-1785-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/724 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/a0cef9db632ef8e1b9de4c463700c6a24d4f96ca +CVE-2017-15014 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-15013 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-15012 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-1000120 ([ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in fra ...) + NOT-FOR-US: ERPNext Frappe framework +CVE-2017-1000119 (October CMS build 412 is vulnerable to PHP code execution in the file ...) + NOT-FOR-US: October CMS +CVE-2017-1000118 (Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Caus ...) + NOT-FOR-US: Akka HTTP +CVE-2017-1000114 (The Datadog Plugin stores an API key to access the Datadog service in ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000113 (The Deploy to container Plugin stored passwords unencrypted as part of ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000110 (Blue Ocean allows the creation of GitHub organization folders that are ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000109 (The custom Details view of the Static Analysis Utilities based OWASP D ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000106 (Blue Ocean allows the creation of GitHub organization folders that are ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000105 (The optional Run/Artifacts permission can be enabled by setting a Java ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000104 (The Config File Provider Plugin is used to centrally manage configurat ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000103 (The custom Details view of the Static Analysis Utilities based DRY Plu ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000102 (The Details view of some Static Analysis Utilities based plugins, was ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000098 (The net/http package's Request.ParseMultipartForm method starts writin ...) + {DLA-1123-1} + - golang-1.9 (Fixed before initial release to Debian) + - golang-1.8 (Fixed before initial release to Debian) + - golang-1.7 1.7.4-1 + - golang + [jessie] - golang (Minor issue) + NOTE: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ + NOTE: https://golang.org/cl/30410 + NOTE: https://golang.org/issue/17965 +CVE-2017-1000097 (On Darwin, user's trust preferences for root certificates were not hon ...) + - golang (OS X specific issue) + - golang-1.7 (OS X specific issue) + - golang-1.8 (OS X specific issue) + - golang-1.9 (OS X specific issue) + NOTE: https://github.com/golang/go/issues/18141 +CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and S ...) + - qbittorrent (Only affects Windows) +CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the t ...) + - node-tough-cookie 2.3.4+dfsg-1 (bug #877660) + NOTE: https://github.com/salesforce/tough-cookie/issues/92 + NOTE: https://nodesecurity.io/advisories/525 +CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected C ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cros ...) + NOT-FOR-US: PRTG Network Monitor +CVE-2017-15007 + RESERVED +CVE-2017-15006 + RESERVED +CVE-2017-15005 + RESERVED +CVE-2017-15004 + RESERVED +CVE-2017-15003 + RESERVED +CVE-2017-15002 + RESERVED +CVE-2017-15001 + RESERVED +CVE-2017-15000 + RESERVED +CVE-2017-14999 + RESERVED +CVE-2017-14998 + RESERVED +CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ser ...) + {DSA-4321-1 DLA-1456-1 DLA-1130-1} + - graphicsmagick 1.3.26-13 + NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/ + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/ +CVE-2017-14996 + RESERVED +CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...) + NOT-FOR-US: WSO2 Application Server +CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote at ...) + {DSA-4321-1 DLA-1456-1 DLA-1130-1} + - graphicsmagick 1.3.26-13 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/ +CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x be ...) + NOT-FOR-US: OXID eShop Community Edition +CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) version ...) + - docker.io 18.03.1+dfsg1-2 (bug #908055) + - golang-github-vbatts-tar-split 0.10.2-1 (bug #908056) + [stretch] - golang-github-vbatts-tar-split (Minor issue) + NOTE: Issue needs to be fixed in src:golang-github-vbatts-tar-split first + NOTE: https://github.com/vbatts/tar-split/issues/41 + NOTE: docker.io needs then a rebuild with a fixed golang-github-vbatts-tar-split + NOTE: version. + NOTE: 17.12.1+dfsg-1 was the first upload (to experimental) using the fixed version + NOTE: golang-github-vbatts-tar-split. +CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...) + - linux 4.13.4-1 + [stretch] - linux (Vulnerable code introduced later) + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/3e0097499839e0fe3af380410eababe5a47c4cf9 +CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: EMC +CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...) + {DSA-3997-1} + - wordpress 4.8.2+dfsg-2 (bug #877629) + [wheezy] - wordpress (Fix requires database upgrade which is too intrusive compared to the actual benefit.) + NOTE: https://core.trac.wordpress.org/ticket/38474 +CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ImageMa ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #878562) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/781 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093 +CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remot ...) + - openexr (bug #878551; unimportant) + NOTE: https://github.com/openexr/openexr/issues/248 + NOTE: Issue in the use of openexr via ImageMagick, no real security impact +CVE-2017-14987 + RESERVED +CVE-2017-14986 + RESERVED +CVE-2017-14985 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14984 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14983 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14982 + RESERVED +CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The ...) + NOT-FOR-US: ATutor +CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote attack ...) + NOT-FOR-US: Sync Breeze Enterprise +CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to ...) + NOT-FOR-US: Gxlcms +CVE-2017-14978 + RESERVED +CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0 ...) + {DSA-4079-1 DLA-1177-1} + - poppler 0.61.1-2 (low; bug #877952) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c +CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...) + {DSA-4079-1 DLA-1177-1} + - poppler 0.61.1-2 (low; bug #877954) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf +CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0. ...) + {DSA-4079-1 DLA-1177-1} + - poppler 0.61.1-2 (low; bug #877957) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff +CVE-2017-14974 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) + - binutils 2.29.1-2 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by + NOTE: a fixed 2.29.1-3 for unrelated issues. + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22163 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf +CVE-2017-14973 (IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is ...) + NOT-FOR-US: IDenticard Two-Reader Controller Configuration Manager +CVE-2017-14972 (InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when ac ...) + NOT-FOR-US: InFocus Mondopad +CVE-2017-14971 (Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosur ...) + NOT-FOR-US: InFocus Mondopad +CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multip ...) + [experimental] - openvswitch 2.8.1+dfsg1-1 + - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html + NOTE: Not considered a security issue by upstream, see #877543 +CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains a ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitr ...) + NOT-FOR-US: IKARUS anti.virus +CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC Docum ...) + NOT-FOR-US: EMC Document Sciences xPression +CVE-2017-14959 + RESERVED +CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...) + NOT-FOR-US: PivotX +CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText be ...) + NOT-FOR-US: BlogoText +CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users the funct ...) + NOT-FOR-US: AlienVault +CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the failed-l ...) + - check-mk 1.2.8p26-1 + [wheezy] - check-mk (Vulnerable code not present) + NOTE: http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8 + NOTE: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes + NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54 +CVE-2017-14954 (The waitid implementation in kernel/exit.c in the Linux kernel through ...) + - linux (Vulnerable code introduced in v4.13-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9 +CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired configuration, allow ...) + NOT-FOR-US: HikVision +CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for Unico ...) + - icu 57.1-7 (bug #878840) + [stretch] - icu 57.1-6+deb9u1 + [jessie] - icu 52.1-8+deb8u6 + [wheezy] - icu (Can be fixed in next update) + NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/ + NOTE: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp +CVE-2017-14951 + RESERVED +CVE-2017-14950 + RESERVED +CVE-2015-9234 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...) + NOT-FOR-US: WordPress plugin +CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plug ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access arbi ...) + - restlet (bug #596472) +CVE-2017-14948 (Certain D-Link products are affected by: Buffer Overflow. This affects ...) + NOT-FOR-US: D-Link +CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitra ...) + NOT-FOR-US: GSView (different from gv) +CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...) + NOT-FOR-US: GSView (different from gv) +CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...) + NOT-FOR-US: GSView (different from gv) +CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...) + NOT-FOR-US: Inedo ProGet +CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure (emails ...) + NOT-FOR-US: Trapeze TransitMaster +CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the configura ...) + NOT-FOR-US: Intelbras WRN 150 devices +CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosur ...) + - jasperreports (bug #880467; bug #884131) + [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) + [wheezy] - jasperreports (cannot be supported due to lack of information) + NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941 +CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe + NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c +CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22169 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724 + NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c +CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor ( ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6 + NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/ +CVE-2017-14937 (The airbag detonation algorithm allows injury to passenger-car occupan ...) + NOT-FOR-US: passenger-car +CVE-2017-14936 + RESERVED +CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for main ...) + NOT-FOR-US: MultiTech FaxFinder +CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...) + NOT-FOR-US: Pulse Secure +CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) libr ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22219 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b +CVE-2017-14933 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22210 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32 +CVE-2017-14932 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) libra ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22204 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005 +CVE-2017-14931 (ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allo ...) + NOT-FOR-US: OpenExif +CVE-2017-14930 (Memory leak in decode_line_info in dwarf2.c in the Binary File Descrip ...) + [experimental] - binutils 2.29.51.20171128-1 + - binutils 2.29.90.20180122-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22191 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e +CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to Object::dictL ...) + - poppler 0.61.1-2 (bug #877222) + [stretch] - poppler 0.48.0-2+deb9u2 + [jessie] - poppler (Minor impact, too intrusive to backport) + [wheezy] - poppler (unreproducible, requires API change which appears to be too intrusive in this case.) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d +CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) + {DLA-2440-1} + - poppler 0.61.1-2 (low; bug #877231) + [jessie] - poppler (Problematic code introduced in 0.36) + [wheezy] - poppler (Problematic code introduced in 0.36) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=1316c7a41f4dd7276f404f775ebb5fef2d24ab1c +CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutp ...) + - poppler 0.61.1-2 (low; bug #877237) + [stretch] - poppler (Vulnerable code introduced in 0.49) + [jessie] - poppler (Vulnerable code introduced in 0.49) + [wheezy] - poppler (Vulnerable code introduced in 0.49) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d +CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia ...) + {DLA-2440-1} + - poppler 0.61.1-2 (low; bug #877239) + [jessie] - poppler (Problematic code introduced in 0.36) + [wheezy] - poppler (Problematic code introduced in 0.36) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb +CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) + - tikiwiki +CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...) + - tikiwiki +CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...) + NOT-FOR-US: Tine groupware +CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...) + NOT-FOR-US: Tine groupware +CVE-2017-14921 (Stored XSS vulnerability via IMG element at "Filename" of Filemanager ...) + NOT-FOR-US: Tine groupware +CVE-2017-14920 (Stored XSS vulnerability in eGroupware Community Edition before 16.1.2 ...) + NOT-FOR-US: eGroupware +CVE-2017-14919 (Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows r ...) + - nodejs (Debian didn't use an affected zlib version) + NOTE: Debian doesn't use zlib 1.2.9 yet + NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ +CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14915 (In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14913 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14912 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14911 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14910 (In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm closed-source components on Android +CVE-2017-14906 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android MediaServer +CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android +CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android +CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android +CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14893 (While flashing meta image, a buffer over-read may potentially occur wh ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14888 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14886 + RESERVED +CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in Andro ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in An ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14880 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD A ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, a ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE i ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-14874 + REJECTED +CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14872 (While flashing a meta image, a buffer over-read can potentially occur ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14871 + RESERVED +CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...) + - restlet (bug #596472) +CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...) + - exiv2 (Versions prior to 0.26 don't parse ICC profiles yet; only affected experimental; bug #880015) + NOTE: https://github.com/Exiv2/exiv2/issues/140 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781 +CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function o ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888865) + NOTE: https://github.com/Exiv2/exiv2/issues/134 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778 + NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57 +CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULon ...) + {DLA-3265-1 DLA-1147-1} + - exiv2 0.27.2-6 (low) + [stretch] - exiv2 (Minor issue) + [jessie] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/73 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467 + NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 + NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca +CVE-2017-14863 (A NULL pointer dereference was discovered in Exiv2::Image::printIFDStr ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888866) + NOTE: https://github.com/Exiv2/exiv2/issues/132 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443 +CVE-2017-14862 (An Invalid memory address dereference was discovered in Exiv2::DataVal ...) + {DLA-3265-1 DLA-1147-1} + - exiv2 0.27.2-6 (low) + [stretch] - exiv2 (Minor issue) + [jessie] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/75 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786 + NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 + NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca +CVE-2017-14861 (There is a stack consumption vulnerability in the Exiv2::Internal::str ...) + - exiv2 (printIFDStructure introduced in 0.26; only affected experimental; bug #880027) + NOTE: https://github.com/Exiv2/exiv2/issues/139 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787 +CVE-2017-14860 (There is a heap-based buffer over-read in the Exiv2::Jp2Image::readMet ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888867) + NOTE: https://github.com/Exiv2/exiv2/issues/71 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776 + NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108 +CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::StringV ...) + {DLA-3265-1 DLA-1147-1} + - exiv2 0.27.2-6 (low) + [stretch] - exiv2 (Minor issue) + [jessie] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/74 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780 + NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110 + NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca +CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...) + - exiv2 (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134) + NOTE: https://github.com/Exiv2/exiv2/issues/138 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782 +CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...) + - exiv2 (Vulnerable code not present; only affected experimental; bug #888869) + NOTE: https://github.com/Exiv2/exiv2/issues/76 + NOTE: https://github.com/Exiv2/exiv2/issues/124 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043 +CVE-2017-14856 + RESERVED +CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of servic ...) + NOT-FOR-US: Red Lion HMI +CVE-2017-14854 (A stack buffer overflow exists in one of the Orpak SiteOmat CGI compon ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14853 (The Orpak SiteOmat OrCU component is vulnerable to code injection, for ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14852 (An insecure communication was found between a user and the Orpak SiteO ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14851 (A SQL injection vulnerability exists in all Orpak SiteOmat versions pr ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14850 (All known versions of the Orpak SiteOmat web management console is vul ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintende ...) + - nodejs (Vulnerable code introduced in 8.5.0) + NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ + NOTE: https://twitter.com/nodejs/status/913131152868876288 +CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL In ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL In ...) + NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress +CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...) + NOT-FOR-US: Mojoomla Hospital Management System for WordPress +CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL In ...) + NOT-FOR-US: Mojoomla WPCHURCH Church Management System for WordPress +CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection vi ...) + NOT-FOR-US: Mojoomla WPGYM WordPress Gym Management System +CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection v ...) + NOT-FOR-US: Mojoomla School Management System for WordPress +CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL I ...) + NOT-FOR-US: Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress +CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows Ar ...) + NOT-FOR-US: Mojoomla Annual Maintenance Contract (AMC) Management System +CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.) + NOT-FOR-US: TeamWork TicketPlus +CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...) + NOT-FOR-US: TeamWork Photo Fusion +CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and c ...) + NOT-FOR-US: TeamWork Job Links +CVE-2017-14837 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14836 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14835 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14834 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14833 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14832 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14831 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14830 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14829 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14828 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14827 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14826 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14825 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14824 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14823 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14822 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14821 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14820 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on vu ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14817 + REJECTED +CVE-2017-14816 + REJECTED +CVE-2017-14815 + REJECTED +CVE-2017-14814 + REJECTED +CVE-2017-14813 + REJECTED +CVE-2017-14812 + REJECTED +CVE-2017-14811 + REJECTED +CVE-2017-14810 + REJECTED +CVE-2017-14809 + REJECTED +CVE-2017-14808 + REJECTED +CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command ...) + NOT-FOR-US: SUSE Studio +CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...) + NOT-FOR-US: SUSE Studio +CVE-2017-14805 + RESERVED +CVE-2017-14804 (The build package before 20171128 did not check directory names during ...) + - obs-build 20180302-1 (bug #887306) + [stretch] - obs-build 20160921-1+deb9u1 + [jessie] - obs-build (Minor issue) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1069904 +CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server w ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 4.3.3 have ...) + NOT-FOR-US: Novell Access Manager Admin Console +CVE-2017-14801 (Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attacke ...) + NOT-FOR-US: NetIQ +CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access Manager be ...) + NOT-FOR-US: NetIQ +CVE-2017-14799 (A cross site scripting attack in handling the ESP login parameter hand ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-14798 (A race condition in the postgresql init script could be used by attack ...) + NOT-FOR-US: SuSE-specific flaw in Postgres init script +CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue Bridge B ...) + NOT-FOR-US: Philips Hue +CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...) + NOT-FOR-US: libbpg +CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remot ...) + NOT-FOR-US: libbpg +CVE-2017-14794 + REJECTED +CVE-2017-14793 + REJECTED +CVE-2017-14792 + REJECTED +CVE-2017-14791 + REJECTED +CVE-2017-14790 + REJECTED +CVE-2017-14789 + REJECTED +CVE-2017-14788 + REJECTED +CVE-2017-14787 + REJECTED +CVE-2017-14786 + REJECTED +CVE-2017-14785 + REJECTED +CVE-2017-14784 + REJECTED +CVE-2017-14783 + REJECTED +CVE-2017-14782 + REJECTED +CVE-2017-14781 + REJECTED +CVE-2017-14780 + REJECTED +CVE-2017-14779 + REJECTED +CVE-2017-14778 + REJECTED +CVE-2017-14777 + REJECTED +CVE-2017-14776 + REJECTED +CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification pr ...) + - php-laravel-framework (Fixed before initial upload to Debian) + NOTE: https://github.com/laravel/framework/pull/21320 +CVE-2017-14774 + RESERVED +CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an elev ...) + NOT-FOR-US: Skybox Manager Client Application +CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure v ...) + NOT-FOR-US: Skybox Manager Client Application +CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an arbi ...) + NOT-FOR-US: Skybox Manager Client Application +CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an info ...) + NOT-FOR-US: Skybox Manager Client Application +CVE-2017-14769 + RESERVED +CVE-2017-14768 + RESERVED +CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c i ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d + NOTE: Fixed in 3.2.8 + NOTE: The check is completely missing in Jessie. It should be added. +CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an Aut ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated use ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14763 (In the Install Themes page in GeniXCMS 1.1.4, remote authenticated use ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14762 (In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14761 (In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ev ...) + NOT-FOR-US: Event Espresso Lite +CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: OpenText Document Sciences xPression +CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: OpenText Document Sciences xPression +CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: OpenText Document Sciences xPression +CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: OpenText Document Sciences xPression +CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document Sciences x ...) + NOT-FOR-US: OpenText Document Sciences xPression +CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web inte ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10 ...) + - mahara + NOTE: https://mahara.org/interaction/forum/topic.php?id=8083 +CVE-2017-14751 (The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14750 + RESERVED +CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ( ...) + - iotjs 1.0+715-1 + [buster] - iotjs (Minor issue) + NOTE: https://github.com/jerryscript-project/jerryscript/issues/2008 +CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote authentica ...) + NOT-FOR-US: Blizzard Overwatch +CVE-2017-14747 + RESERVED +CVE-2017-14746 (Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote a ...) + {DSA-4043-1} + - samba 2:4.7.1+dfsg-2 + [wheezy] - samba (Issue introduced in 4.0.0) + NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html +CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) + - binutils 2.29-11 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96 (master) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef (binutils-2_29-branch) +CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...) + {DSA-3984-1 DLA-1120-1} + - git 1:2.14.2-1 (bug #876854) + NOTE: https://www.openwall.com/lists/oss-security/2017/09/26/9 + NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u +CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.) + NOT-FOR-US: UEditor +CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL inje ...) + NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices +CVE-2017-14742 (Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to ex ...) + NOT-FOR-US: LabF nfsAxe +CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick 7.0.7 ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/771 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d +CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remo ...) + NOT-FOR-US: GeniXCMS +CVE-2017-14739 (The AcquireResampleFilterThreadSet function in magick/resample-private ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/780 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089 + NOTE: Requires additional fixes: + NOTE: https://github.com/ImageMagick/ImageMagick/commit/bbc582d5439a7f9338c6bdc8c34b1ae221ae5214 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/67a633df9386704f45d1ad24f7f5af8a5d11f4a3 +CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL injec ...) + NOT-FOR-US: FileRun +CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...) + {DLA-2812-1 DLA-1125-1} + - botan1.10 1.10.17-0.1 (bug #877436) + [jessie] - botan1.10 (Minor issue) + NOTE: https://github.com/randombit/botan/issues/1222 + NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai + NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4 + NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da +CVE-2017-14736 + RESERVED +CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstr ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1014981) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + [stretch] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/issues/10 +CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote atta ...) + NOT-FOR-US: libbpg +CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE h ...) + {DSA-4321-1 DLA-1401-1 DLA-1130-1} + - graphicsmagick 1.3.26-13 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/ +CVE-2017-14732 + RESERVED +CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attack ...) + {DLA-1192-1} + - libofx 1:0.9.11-5 (bug #877442) + [stretch] - libofx 1:0.9.10-2+deb9u1 + [jessie] - libofx 1:0.9.10-1+deb8u1 + NOTE: https://github.com/libofx/libofx/issues/10 + NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd +CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before 5. ...) + NOT-FOR-US: Gentoo packagin flaw for Logstash +CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor (BF ...) + - binutils 2.29.1-2 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by + NOTE: a fixed 2.29.1-3 for unrelated issues. + NOTE: https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/ + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22170 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360 +CVE-2017-14728 (An authentication bypass was found in an unknown area of the SiteOmat ...) + NOT-FOR-US: Orpak SiteOmat +CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site scripti ...) + {DSA-3997-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + [wheezy] - wordpress (Vulnerable code not present) + NOTE: https://core.trac.wordpress.org/changeset/41395 +CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect at ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41398 +CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...) + - wordpress 4.8.2+dfsg-1 (bug #876274) + [stretch] - wordpress 4.7.5+dfsg-2+deb9u1 + [jessie] - wordpress (Vulnerable code not present) + [wheezy] - wordpress (Vulnerable code not present) + NOTE: https://core.trac.wordpress.org/changeset/41448 +CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41470 + NOTE: https://core.trac.wordpress.org/changeset/41496 + NOTE: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48 + NOTE: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec + NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94 + NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e +CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack i ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41397 +CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the pl ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41412 +CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41412 +CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversa ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41457 +CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site Script ...) + {DSA-3997-1 DLA-1151-1} + - wordpress 4.8.2+dfsg-1 (bug #876274) + NOTE: https://core.trac.wordpress.org/changeset/41393 +CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash v ...) + {DLA-1111-1} + - weechat 1.9.1-1 (bug #876553) + [stretch] - weechat 1.6-1+deb9u2 + [jessie] - weechat 1.0.1-1+deb8u2 + NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556 +CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Descripti ...) + NOT-FOR-US: EPESI +CVE-2017-14716 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title par ...) + NOT-FOR-US: EPESI +CVE-2017-14715 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Ti ...) + NOT-FOR-US: EPESI +CVE-2017-14714 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subj ...) + NOT-FOR-US: EPESI +CVE-2017-14713 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Desc ...) + NOT-FOR-US: EPESI +CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...) + NOT-FOR-US: EPESI +CVE-2017-14711 (The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- ak ...) + NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager" +CVE-2017-14710 (The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashi ...) + NOT-FOR-US: Fashion Shopping app +CVE-2017-14709 (The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- a ...) + NOT-FOR-US: Cycling & Hiking Maps app +CVE-2017-14708 + RESERVED +CVE-2017-14707 + RESERVED +CVE-2017-14706 (DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to ob ...) + NOT-FOR-US: DenyAll WAF +CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command executi ...) + NOT-FOR-US: DenyAll WAF +CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) imageSubm ...) + NOT-FOR-US: Claydip Laravel Airbnb Clone +CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...) + NOT-FOR-US: Cash Back Comparison Script +CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary c ...) + NOT-FOR-US: ERS Data System +CVE-2017-14701 + RESERVED +CVE-2017-14700 + RESERVED +CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud feat ...) + NOT-FOR-US: ASUS routers +CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC5 ...) + NOT-FOR-US: ASUS routers +CVE-2017-14697 + RESERVED +CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and 2017.7 ...) + - salt 2016.11.8+dfsg1-1 (bug #879090) + [stretch] - salt 2016.11.2+ds-1+deb9u1 + [jessie] - salt (Minor issue) + NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b + NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11) +CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...) + - salt 2016.11.8+dfsg1-1 (bug #879089) + [stretch] - salt 2016.11.2+ds-1+deb9u1 + [jessie] - salt (Minor issue) + NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d + NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11) +CVE-2017-14694 (Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 ...) + NOT-FOR-US: Foxit Reader +CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) + NOT-FOR-US: IrfanView +CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14691 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14690 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14689 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) + {DSA-4006-1 DLA-1164-1} + - mupdf 1.11+ds1-1.1 (bug #877379) + [jessie] - mupdf (Minor issue) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 + NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions +CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...) + {DSA-4006-1} + - mupdf 1.11+ds1-1.1 (bug #877379) + [jessie] - mupdf (vulnerable code not present, poc not effective) + [wheezy] - mupdf (vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1 +CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or po ...) + {DSA-4006-1} + - mupdf 1.11+ds1-1.1 (bug #877379) + [jessie] - mupdf (vulnerable code not present, poc not effective) + [wheezy] - mupdf (vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539 + NOTE: Fixed by: https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a +CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in t ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/770 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff +CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated b ...) + NOT-FOR-US: geminabox +CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #876488) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00 +CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file aft ...) + - p3scan (bug #876674) + [stretch] - p3scan (Minor issue) + [jessie] - p3scan (Minor issue) + [wheezy] - p3scan (Minor issue) + NOTE: https://sourceforge.net/p/p3scan/bugs/33/ +CVE-2017-14680 (ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensit ...) + NOT-FOR-US: ZKTeco ZKTime Web +CVE-2017-14679 + REJECTED +CVE-2017-14678 + REJECTED +CVE-2017-14677 + REJECTED +CVE-2017-14676 + REJECTED +CVE-2017-14675 + REJECTED +CVE-2017-14674 + REJECTED +CVE-2017-14673 + REJECTED +CVE-2017-14672 + REJECTED +CVE-2017-14671 + REJECTED +CVE-2017-14670 + REJECTED +CVE-2017-14669 + REJECTED +CVE-2017-14668 + REJECTED +CVE-2017-14667 + REJECTED +CVE-2017-14666 + REJECTED +CVE-2017-14665 + REJECTED +CVE-2017-14664 + REJECTED +CVE-2017-14663 + REJECTED +CVE-2017-14662 + REJECTED +CVE-2017-14661 + REJECTED +CVE-2017-14660 + REJECTED +CVE-2017-14659 + REJECTED +CVE-2017-14658 + REJECTED +CVE-2017-14657 + REJECTED +CVE-2017-14656 + REJECTED +CVE-2017-14655 + REJECTED +CVE-2017-14654 + RESERVED +CVE-2017-14653 (member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticat ...) + NOT-FOR-US: ASP4CMS AspCMS +CVE-2017-14652 (SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the Tap ...) + NOT-FOR-US: Tapatalk plugin for MyBB +CVE-2017-14651 (WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_colle ...) + NOT-FOR-US: WSO2 Data Analytics Server +CVE-2017-14649 (ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does ...) + - graphicsmagick 1.3.26-12 (unimportant; bug #876460) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a + NOTE: https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/ + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/439/ +CVE-2017-14648 (A global buffer overflow was discovered in the iteration_loop function ...) + NOT-FOR-US: BladeEnc +CVE-2017-14647 (A heap-based buffer overflow was discovered in AP4_VisualSampleEntry:: ...) + NOT-FOR-US: Bento4 +CVE-2017-14646 (The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 ...) + NOT-FOR-US: Bento4 +CVE-2017-14645 (A heap-based buffer over-read was discovered in AP4_BitStream::ReadByt ...) + NOT-FOR-US: Bento4 +CVE-2017-14644 (A heap-based buffer overflow was discovered in the AP4_HdlrAtom class ...) + NOT-FOR-US: Bento4 +CVE-2017-14643 (The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version 1.5.0 ...) + NOT-FOR-US: Bento4 +CVE-2017-14642 (A NULL pointer dereference was discovered in the AP4_HdlrAtom class in ...) + NOT-FOR-US: Bento4 +CVE-2017-14641 (A NULL pointer dereference was discovered in the AP4_DataAtom class in ...) + NOT-FOR-US: Bento4 +CVE-2017-14640 (A NULL pointer dereference was discovered in AP4_AtomSampleTable::GetS ...) + NOT-FOR-US: Bento4 +CVE-2017-14639 (AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 ...) + NOT-FOR-US: Bento4 +CVE-2017-14638 (AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in Be ...) + NOT-FOR-US: Bento4 +CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb f ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 5) +CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes 0xffff ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 4) +CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before 4 ...) + {DSA-4021-1 DLA-1119-1} + - otrs2 5.0.23-1 (bug #876462) + NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0) + NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0) + NOTE: https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897 (rel-5_0) + NOTE: https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5 (rel-5_0) + NOTE: https://github.com/OTRS/otrs/commit/3ccc426ec220267d0cac8e3fdc39015a3db7d720 (rel-3_3) + NOTE: https://github.com/OTRS/otrs/commit/f27dc65e4a937ba832d60e212ce6c9e3a28e406b (rel-3_3) + NOTE: https://github.com/OTRS/otrs/commit/454c50116c2bf82dcd9dfee9146a7416be686875 (rel-3_3) + NOTE: https://github.com/OTRS/otrs/commit/5468720cc8225a85699b1977ff230adbf9f8362d (rel-3_3) + NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3) + NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/ +CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Imag ...) + {DSA-4276-1 DLA-1395-1} + - php-horde-image 2.5.2-1 (bug #876400) + NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2 + NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b +CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) + {DLA-2418-1 DLA-1618-1} + - libsndfile 1.0.28-5 (bug #876783) + [wheezy] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/issues/318 + NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788 +CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...) + {DSA-4113-1 DLA-2039-1 DLA-1368-1} + - libvorbis 1.3.5-4.1 (bug #876778) + NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329 + NOTE: https://github.com/xiph/vorbis/pull/34 + NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 +CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uni ...) + {DSA-4113-1 DLA-1368-1} + - libvorbis 1.3.5-4.1 (bug #876779) + [jessie] - libvorbis (Vulnerable code not present) + [wheezy] - libvorbis (Vulnerable code not present) + NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328 + NOTE: https://github.com/xiph/vorbis/issues/29 + NOTE: https://github.com/xiph/vorbis/pull/34 +CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an integ ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 1) +CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 func ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 6) +CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an integ ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 3) +CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadIma ...) + {DLA-1127-1} + - sam2p (bug #876744) + [jessie] - sam2p 0.49.2-3+deb8u1 + NOTE: https://github.com/pts/sam2p/issues/14 (bug 2) +CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...) + NOT-FOR-US: CyberLink LabelPrint +CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) + {DLA-2366-1 DLA-1785-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/720 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 +CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) + {DLA-2366-1 DLA-1785-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/721 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9 +CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability i ...) + {DLA-2366-1 DLA-1785-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/722 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97 +CVE-2017-14623 (In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker ...) + - golang-github-go-ldap-ldap 2.5.1-1 (low; bug #876404) + [stretch] - golang-github-go-ldap-ldap 2.4.1-1+deb9u1 + NOTE: https://github.com/go-ldap/ldap/pull/126 + NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66 +CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...) + NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress +CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead.) + NOT-FOR-US: Portus +CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP L ...) + NOT-FOR-US: SmarterStats +CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 all ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFA ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-14617 (In Poppler 0.59.0, a floating point exception occurs in the ImageStrea ...) + {DLA-1116-1} + - poppler 0.61.1-2 (bug #876385) + [stretch] - poppler (Minor issue) + [jessie] - poppler (Minor issue) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102854 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7 + NOTE: The patch applied in 0.48.0-2+deb9u1 (stretch) and 0.26.5-2+deb8u2 (jessie) + NOTE: does not completely fix the issue thus still marked as unfixed even if the + NOTE: CVE is recorded in debian/changelog. +CVE-2015-9232 (The Good for Enterprise application 3.0.0.415 for Android does not use ...) + NOT-FOR-US: Good for Enterprise application for Android +CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. I ...) + NOT-FOR-US: WatchGuard Fireware +CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. W ...) + NOT-FOR-US: WatchGuard Fireware +CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in GridGain ...) + NOT-FOR-US: GridGain +CVE-2017-14613 + RESERVED +CVE-2017-14612 ("Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot- ...) + NOT-FOR-US: Book sale app +CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote att ...) + NOT-FOR-US: Cockpit CMS (different from src:cockpit) +CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 a ...) + - bareos (low; bug #877334) + [buster] - bareos (Minor issue) + [stretch] - bareos (Minor issue) + [jessie] - bareos (Minor issue) + NOTE: https://bugs.bareos.org/view.php?id=847 +CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file after ...) + - kannel (No real security issue in combination with start-stop-daemon from dpkg, see #877361) + NOTE: https://redmine.kannel.org/issues/771 +CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_ ...) + {DLA-2903-1 DLA-1109-1} + - libraw 0.18.5-1 (low) + NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21 + NOTE: https://github.com/LibRaw/LibRaw/issues/101 +CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to Read ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878527) + NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/765 +CVE-2017-14606 + RESERVED +CVE-2017-14605 + RESERVED +CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords ...) + NOT-FOR-US: iTerm2 +CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...) + {DSA-3994-1} + - nautilus 3.25.90-1 (bug #860268) + [jessie] - nautilus (Minor issue, issue mitigated because does not silently decompress tarballs) + [wheezy] - nautilus (Minor issue, issue mitigated because does not silently decompress tarballs) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991 + NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ + NOTE: https://github.com/freedomofpress/securedrop/issues/2238 + NOTE: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0 +CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...) + {DSA-3990-1} + - asterisk 1:13.17.2~dfsg-1 (bug #876328) + [wheezy] - asterisk (strictrtp option is disabled by default. Too intrusive too backport) + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274 + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252 +CVE-2017-14602 (A vulnerability has been identified in the management interface of Cit ...) + NOT-FOR-US: Citrix +CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms ...) + NOT-FOR-US: Pragyan CMS +CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/ ...) + NOT-FOR-US: Pragyan CMS +CVE-2017-14599 + RESERVED +CVE-2017-14598 + RESERVED +CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the ...) + NOT-FOR-US: AfterLogic WebMail +CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authenticatio ...) + NOT-FOR-US: Joomla! +CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...) + NOT-FOR-US: Joomla! +CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ve ...) + NOT-FOR-US: Atlassian Jira +CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...) + NOT-FOR-US: Atlassian Sourcetree +CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs i ...) + NOT-FOR-US: Atlassian Sourcetree +CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4. ...) + NOT-FOR-US: Atlassian +CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial reposito ...) + NOT-FOR-US: Atlassian Bamboo +CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates thr ...) + NOT-FOR-US: Atlassian Bamboo +CVE-2017-14588 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) + NOT-FOR-US: Atlassian +CVE-2017-14587 (The administration user deletion resource in Atlassian Fisheye and Cru ...) + NOT-FOR-US: Atlassian +CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...) + NOT-FOR-US: Atlassian +CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to remot ...) + NOT-FOR-US: Atlassian +CVE-2017-14584 + RESERVED +CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...) + NOT-FOR-US: NetApp Clustered Data ONTAP +CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for A ...) + NOT-FOR-US: Zoho +CVE-2017-XXXX [pcb code injection by malicious layout file] + - pcb-rnd 1.2.5-2 (bug #876540) + [stretch] - pcb-rnd 1.1.4-2 +CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...) + NOT-FOR-US: SAP +CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14578 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) + NOT-FOR-US: IrfanView +CVE-2017-14577 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14576 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14575 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14574 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14573 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14572 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14571 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14570 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14569 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14568 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14567 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14566 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14565 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14564 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14563 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14562 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14561 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14560 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14559 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14558 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14557 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14556 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14555 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14554 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14553 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14552 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14551 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14550 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14549 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14548 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14547 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14546 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14545 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14544 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14543 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14542 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14541 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14540 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) + NOT-FOR-US: IrfanView +CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service o ...) + NOT-FOR-US: IrfanView +CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter t ...) + NOT-FOR-US: trixbox +CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user ...) + NOT-FOR-US: trixbox +CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in t ...) + NOT-FOR-US: trixbox +CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...) + NOT-FOR-US: NexusPHP +CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c.) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/648 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907 +CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags i ...) + {DLA-2366-1 DLA-1785-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #878541) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/719 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590 +CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in c ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/718 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1385a09732c261f1f403a9af6700979ca56c76d3 +CVE-2017-14530 (WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for WordP ...) + NOT-FOR-US: Crony Cronjob Manager plugin for WordPress +CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Descripto ...) + - binutils 2.29-10 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22113 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582 +CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...) + {DLA-2523-1} + [experimental] - imagemagick 8:6.9.10.2+dfsg-1 + - imagemagick 8:6.9.10.2+dfsg-2 (bug #878544) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Can't reproduce crash with file) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730 + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560 + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/6f7cba13ebae405b2689647a2277827f1c272364 +CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) + NOT-FOR-US: OpenText Documentum Webtop +CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText Doc ...) + NOT-FOR-US: OpenText Documentum Administrator +CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6 ...) + NOT-FOR-US: OpenText Documentum Webtop +CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum Administ ...) + NOT-FOR-US: OpenText Documentum Administrator +CVE-2017-14523 (WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. ...) + NOT-FOR-US: WonderCMS +CVE-2017-14522 (In WonderCMS 2.3.1, the application's input fields accept arbitrary us ...) + NOT-FOR-US: WonderCMS +CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random applicatio ...) + NOT-FOR-US: WonderCMS +CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in Splash::scaleI ...) + {DSA-4079-1} + - poppler 0.61.1-2 (low; bug #876081) + [wheezy] - poppler (vulnerable code not present) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262 +CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to Object::strea ...) + {DSA-4079-1 DLA-1116-1} + - poppler 0.61.1-2 (bug #876086) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee +CVE-2017-14518 (In Poppler 0.59.0, a floating point exception exists in the isImageInt ...) + {DSA-4079-1} + - poppler 0.61.1-2 (low; bug #876082) + [wheezy] - poppler (vulnerable code not present) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2 +CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::pars ...) + {DSA-4079-1 DLA-1116-1} + - poppler 0.61.1-2 (low; bug #876079) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f +CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects Financial Co ...) + NOT-FOR-US: SAP Business Objects Financial Consolidation +CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 all ...) + NOT-FOR-US: Tenda W15E devices +CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 allows rem ...) + NOT-FOR-US: Tenda W15E devices +CVE-2017-14513 (Directory traversal vulnerability in MetInfo 5.3.17 allows remote atta ...) + NOT-FOR-US: MetInfo +CVE-2017-14512 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...) + NOT-FOR-US: NexusPHP +CVE-2017-14511 (An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through ...) + NOT-FOR-US: SAP +CVE-2017-14510 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) + NOT-FOR-US: SugarCRM +CVE-2017-14509 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) + NOT-FOR-US: SugarCRM +CVE-2017-14508 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2 ...) + NOT-FOR-US: SugarCRM +CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitt ...) + NOT-FOR-US: Twitter iOS client +CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline plugin ...) + NOT-FOR-US: Content Timeline plugin for WordPress +CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...) + NOT-FOR-US: geminabox +CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 m ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/716 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948 +CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...) + {DSA-4321-1 DLA-1456-1 DLA-1130-1} + - graphicsmagick 1.3.26-11 + NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/ + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/466/ +CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_da ...) + {DSA-4360-1 DLA-1600-1} + - libarchive 3.2.2-4.1 (bug #875960) + [wheezy] - libarchive (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/948 + NOTE: https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14 +CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 s ...) + {DSA-4360-1 DLA-1600-1} + - libarchive 3.2.2-4.1 (bug #875974) + [wheezy] - libarchive (Minor issue) + NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573 +CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in archive_read_s ...) + {DSA-4360-1 DLA-1600-1} + - libarchive 3.2.2-4.2 (bug #875966) + [wheezy] - libarchive (Minor issue) + NOTE: https://github.com/libarchive/libarchive/issues/949 + NOTE: https://github.com/libarchive/libarchive/commit/f9569c086ff29259c73790db9cbf39fe8fb9d862 +CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in t ...) + {DSA-3977-1 DLA-1104-1} + - newsbeuter 2.9-7 (bug #876004) + NOTE: http://openwall.com/lists/oss-security/2017/09/16/1 + NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333 + NOTE: master: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260 + NOTE: https://github.com/akrennmair/newsbeuter/issues/598 +CVE-2017-14499 + RESERVED +CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mish ...) + NOT-FOR-US: SilverStripe CMS +CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...) + - linux 4.12.13-1 + [stretch] - linux 4.9.30-2+deb9u5 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13) +CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before 2 ...) + - dnsmasq 2.78-1 + [stretch] - dnsmasq 2.76-5+deb9u1 + [jessie] - dnsmasq (Vulnerable code introduced later) + [wheezy] - dnsmasq (Vulnerable code introduced later) + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7 +CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id o ...) + - dnsmasq 2.78-1 + [stretch] - dnsmasq 2.76-5+deb9u1 + [jessie] - dnsmasq (Vulnerable code introduced later) + [wheezy] - dnsmasq (Vulnerable code introduced later) + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45 +CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote attacke ...) + {DSA-3989-1 DLA-1124-1} + - dnsmasq 2.78-1 + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262 +CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote attac ...) + {DSA-3989-1} + - dnsmasq 2.78-1 + [wheezy] - dnsmasq (Vulnerable code introduced later) + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033 +CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...) + {DSA-3989-1 DLA-1124-1} + - dnsmasq 2.78-1 + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10 +CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote attack ...) + {DSA-3989-1 DLA-1124-1} + - dnsmasq 2.78-1 + NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=62cb936cb7ad5f219715515ae7d32dd281a5aa1f +CVE-2017-14490 + RESERVED +CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 + NOTE: https://patchwork.kernel.org/patch/9923803/ + NOTE: Fixed by: https://git.kernel.org/linus/c88f0e6b06f4092995688211a631bb436125d77b +CVE-2017-14488 + RESERVED +CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to ...) + NOT-FOR-US: OhMiBod Remote app +CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease C ...) + NOT-FOR-US: Vibease Wireless Remote Vibrator app +CVE-2017-14485 + RESERVED +CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Int ...) + NOT-FOR-US: Gentoo packaging flaw in gimps +CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 f ...) + - flower (Gentoo-specific issue, Debian doesn't provide an init script at all) +CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...) + - kubernetes (Vulnerable code not yet present) +CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation v1. ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, Th ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002025 (Vulnerability in wordpress plugin add-edit-delete-listing-for-member-m ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code d ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in questio ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in individ ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_ ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form an ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The c ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The cod ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002008 (Vulnerability in wordpress plugin membership-simplified-for-oap-member ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code dtracker/sav ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/de ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/do ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002003 (Vulnerability in wordpress plugin wp2android-turn-wp-site-into-android ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin incl ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05 ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1002000 (Vulnerability in wordpress plugin mobile-friendly-app-builder-by-easyt ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi- ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi- ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Ma ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Re ...) + NOT-FOR-US: MySQL ulti-Master Replication Manager +CVE-2017-14473 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14472 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14471 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14470 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14469 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14468 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14467 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14466 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14465 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14464 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14463 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14462 (An exploitable access control vulnerability exists in the data, progra ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to Dovecot ...) + {DSA-4130-1 DLA-1333-1} + - dovecot 1:2.2.34-1 (bug #891819) + NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html + NOTE: https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4 + NOTE: https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e + NOTE: https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141 + NOTE: https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b + NOTE: https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11 + NOTE: https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732 + NOTE: https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0510 +CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist vulnera ...) + - parity (bug #890550) +CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the Telnet ...) + NOT-FOR-US: Moxa +CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript e ...) + NOT-FOR-US: Foxit PDF Reader +CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...) + - cpp-ethereum (bug #860434) +CVE-2017-14456 + REJECTED +CVE-2017-14455 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14454 (Multiple exploitable buffer overflow vulnerabilities exists in the Pub ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14453 (On Insteon Hub 2245-222 devices with firmware version 1012, specially ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14452 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14451 (An exploitable out-of-bounds read vulnerability exists in libevm (Ethe ...) + NOT-FOR-US: CPP-Ethereum +CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing functi ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499 + NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84 +CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering function ...) + {DSA-4177-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 (Vulnerable code not present) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498 + NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c +CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image re ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497 + NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695 +CVE-2017-14447 (An exploitable buffer overflow vulnerability exists in the PubNub mess ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14446 (An exploitable stack-based buffer overflow vulnerability exists in Ins ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14445 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14444 (An exploitable buffer overflow vulnerability exists in Insteon Hub run ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14443 (An exploitable information leak vulnerability exists in Insteon Hub ru ...) + NOT-FOR-US: Insteon Hub +CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image re ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491 + NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8 +CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image re ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490 + NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10 +CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image r ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489 + NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c +CVE-2017-14439 (Exploitable denial of service vulnerabilities exists in the Service Ag ...) + NOT-FOR-US: Moxa +CVE-2017-14438 (Exploitable denial of service vulnerabilities exists in the Service Ag ...) + NOT-FOR-US: Moxa +CVE-2017-14437 (An exploitable denial of service vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14436 (An exploitable denial of service vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14435 (An exploitable denial of service vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14434 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14433 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14432 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through FW114 ...) + NOT-FOR-US: D-Link +CVE-2017-14428 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14427 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14426 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14425 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14424 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14423 (htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmw ...) + NOT-FOR-US: D-Link +CVE-2017-14422 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) a ...) + NOT-FOR-US: D-Link +CVE-2017-14421 (D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have ...) + NOT-FOR-US: D-Link +CVE-2017-14420 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...) + NOT-FOR-US: D-Link +CVE-2017-14419 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with fi ...) + NOT-FOR-US: D-Link +CVE-2017-14418 (The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850 ...) + NOT-FOR-US: D-Link +CVE-2017-14417 (register_send.php on D-Link DIR-850L REV. B (with firmware through FW2 ...) + NOT-FOR-US: D-Link +CVE-2017-14416 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) + NOT-FOR-US: D-Link +CVE-2017-14415 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) + NOT-FOR-US: D-Link +CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) + NOT-FOR-US: D-Link +CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) d ...) + NOT-FOR-US: D-Link +CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in mp ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/ +CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/ +CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in mpgli ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/ +CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/ +CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/ +CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in gain_an ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/ + NOTE: Not reproducible with 1.6.2. + NOTE: Caught by ASAN according to CVE. mp3gain is compiled with ASAN on: amd64 i386 armel armhf powerpc +CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface. ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/ +CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote comma ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file i ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14403 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection v ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/c ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/746 + NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af + NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591 +CVE-2017-14399 (In BlackCat CMS 1.2.2, unrestricted file upload is possible in backend ...) + NOT-FOR-US: BlackCat CMS +CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and ...) + NOT-FOR-US: Razer Synapse +CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.) + NOT-FOR-US: AnyDesk +CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by constructing a ...) + NOT-FOR-US: osTicket +CVE-2017-14395 (Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...) + NOT-FOR-US: OpenAM +CVE-2017-14394 (OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) ...) + NOT-FOR-US: OpenAM +CVE-2017-14393 + REJECTED +CVE-2017-14392 + REJECTED +CVE-2017-14391 + REJECTED +CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-14389 (An issue was discovered in Cloud Foundry Foundation capi-release (all ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30. ...) + NOT-FOR-US: Cloud Foundry Foundation GrootFS +CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8. ...) + NOT-FOR-US: EMC Isilon OneFS +CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser P ...) + NOT-FOR-US: Dell +CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions ...) + NOT-FOR-US: EMC Data Domain DD OS +CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMig ...) + NOT-FOR-US: EMConfigMigration service +CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File 8.1. ...) + NOT-FOR-US: EMC VNX +CVE-2017-14382 + REJECTED +CVE-2017-14381 + REJECTED +CVE-2017-14380 (In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2 ...) + NOT-FOR-US: EMC Isilon OneFS +CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site scri ...) + NOT-FOR-US: EMC RSA +CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agen ...) + NOT-FOR-US: EMC RSA +CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 an ...) + NOT-FOR-US: EMC RSA +CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ha ...) + NOT-FOR-US: EMC AppSync Server +CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4. ...) + NOT-FOR-US: EMC +CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.2 ...) + NOT-FOR-US: Dell +CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a refle ...) + NOT-FOR-US: RSA Authentication Manager +CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cros ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege es ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-14368 + RESERVED +CVE-2017-14367 + RESERVED +CVE-2017-14366 + RESERVED +CVE-2017-14365 + RESERVED +CVE-2017-14364 + RESERVED +CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...) + NOT-FOR-US: Micro Focus Operations Manager +CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and Po ...) + NOT-FOR-US: Micro Focus Project and Portfolio Management Center +CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio M ...) + NOT-FOR-US: Micro Focus Project and Portfolio Management Center +CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...) + NOT-FOR-US: HPE +CVE-2017-14359 (A potential security vulnerability has been identified in HPE Performa ...) + NOT-FOR-US: HPE Performance Center +CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM a ...) + NOT-FOR-US: HP ArcSight +CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ...) + NOT-FOR-US: HP ArcSight +CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM ...) + NOT-FOR-US: HP ArcSight +CVE-2017-14355 (A potential security vulnerability has been identified in HPE Connecte ...) + NOT-FOR-US: HPE Connected Backup +CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation Sof ...) + NOT-FOR-US: HP UCMDB Foundation +CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...) + NOT-FOR-US: HP UCMDB Foundation +CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB Con ...) + NOT-FOR-US: HP +CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB Con ...) + NOT-FOR-US: HP +CVE-2017-14350 (A potential security vulnerability has been identified in HPE Applicat ...) + NOT-FOR-US: HP +CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions 11.2 ...) + NOT-FOR-US: HP +CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the Bul ...) + NOT-FOR-US: WordPress plugin +CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...) + NOT-FOR-US: Photocrati NextGEN Gallery +CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.p ...) + NOT-FOR-US: NexusPHP +CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted fil ...) + NOT-FOR-US: tianchoy/blog +CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id pa ...) + NOT-FOR-US: tianchoy/blog +CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on Ju ...) + NOT-FOR-US: Jungo WinDriver +CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/649 +CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ReadWPGIm ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/650 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21 +CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/654 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4 +CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCa ...) + {DLA-2903-1} + - libraw 0.18.5-1 + [jessie] - libraw (Vulnerable code not present) + [wheezy] - libraw (Vulnerable code not present) + NOTE: https://github.com/LibRaw/LibRaw/issues/100 + NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2 +CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ker ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc +CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check for the pr ...) + {DSA-4001-1} + - yadifa 2.2.6-1 (bug #876315) + NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ + NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog +CVE-2017-14338 + RESERVED +CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate authentic ...) + NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) +CVE-2017-14336 + RESERVED +CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...) + NOT-FOR-US: Beijing Hanbang Hanbanggaoke devices +CVE-2017-14334 + RESERVED +CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.2 ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21990 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de +CVE-2017-14332 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to hij ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14331 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14330 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14329 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ro ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to tri ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read arbitr ...) + NOT-FOR-US: Extreme EXOS +CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/740 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0 +CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/741 +CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in t ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/739 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2 +CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...) + NOT-FOR-US: Onethink +CVE-2017-14322 (The function in charge to check whether the user is already logged in ...) + NOT-FOR-US: Interspire Email Marketer +CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) + NOT-FOR-US: Mirasvit Helpdesk MX +CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to exec ...) + NOT-FOR-US: Mirasvit Helpdesk MX +CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When remo ...) + {DSA-4050-1 DLA-1549-1 DLA-1132-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-234.html +CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function `__gn ...) + {DSA-4050-1 DLA-1132-1} + - xen 4.8.2+xsa245-0+deb9u1 + [jessie] - xen (Only affects 4.5 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-232.html + NOTE: Wheezy will be affected with the upcoming grant table backport +CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka cx ...) + {DSA-4050-1 DLA-1549-1 DLA-1132-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-233.html +CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. Th ...) + {DSA-4050-1 DLA-1549-1 DLA-1132-1} + - xen 4.8.2+xsa245-0+deb9u1 + NOTE: https://xenbits.xen.org/xsa/advisory-231.html +CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementatio ...) + NOT-FOR-US: Apple +CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in Graph ...) + {DSA-4321-1 DLA-1401-1 DLA-1130-1} + - graphicsmagick 1.3.26-10 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/ +CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...) + - nagios3 (Doesn't affect Nagios as packaged in Debian) + NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/424 + NOTE: State is not fully correct, since "affected" source would be there. +CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for Wo ...) + NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress +CVE-2017-15596 (An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest ...) + {DSA-3969-1} + - xen 4.8.1-1+deb9u3 + [wheezy] - xen (No arm support in Wheezy) + NOTE: https://xenbits.xen.org/xsa/advisory-235.html +CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows lo ...) + NOT-FOR-US: NetMechanica NetDecision +CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14308 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14307 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14306 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14305 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14304 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14303 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14302 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or p ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14301 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14300 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14299 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14298 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14297 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14296 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14295 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14294 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14293 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14292 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14291 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14290 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14289 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14288 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14287 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14286 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or caus ...) + NOT-FOR-US: STDU Viewer +CVE-2017-14285 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14284 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14283 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14282 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14281 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14280 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14279 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14278 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14277 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14276 (XnView Classic for Windows Version 2.40 allows attackers to cause a de ...) + NOT-FOR-US: XnView +CVE-2017-14275 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14274 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14273 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14272 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14271 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-14270 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function in up ...) + NOT-FOR-US: AlegroCart +CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remot ...) + NOT-FOR-US: AlegroCart +CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitrary cod ...) + {DSA-3975-1 DSA-3970-1 DLA-1101-1} + - emacs25 25.2+1-6 (bug #875447) + - emacs24 (bug #875448) + - emacs23 (bug #875449) + NOTE: https://www.openwall.com/lists/oss-security/2017/09/11/1 + NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350 + NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70 +CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...) + {DSA-3973-1 DLA-1096-1} + - wordpress-shibboleth 1.8-1 (bug #874416) + NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a + NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/ +CVE-2017-14269 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote attack ...) + NOT-FOR-US: EE 4GEE WiFi MBB +CVE-2017-14268 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms ...) + NOT-FOR-US: EE 4GEE WiFi MBB +CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...) + NOT-FOR-US: EE 4GEE WiFi MBB +CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnera ...) + - tcpreplay 3.4.4-3 + [jessie] - tcpreplay 3.4.4-2+deb8u1 + [wheezy] - tcpreplay 3.4.3-2+wheezy2 + NOTE: Fixed by http://launchpadlibrarian.net/270778908/tcpreplay_3.4.4-2_3.4.4-3.diff.gz + NOTE: Not a duplicate of CVE-2016-6160 the detailed MITRE description, but both issues + NOTE: are addressed with the same patch: + NOTE: Patch enforce-maxpacket.patch addresses the issue +CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...) + {DLA-2903-1} + - libraw 0.18.5-1 + [wheezy] - libraw (Vulnerable code not present) + NOTE: https://github.com/LibRaw/LibRaw/issues/99 + NOTE: https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60 +CVE-2017-14264 + RESERVED +CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account ...) + NOT-FOR-US: Honeywell +CVE-2017-14262 (On Samsung NVR devices, remote attackers can read the MD5 password has ...) + NOT-FOR-US: Samsung +CVE-2017-14261 (In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in Ap4StszAtom. ...) + NOT-FOR-US: Bento4 +CVE-2017-14260 (In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in Ap4StssAtom. ...) + NOT-FOR-US: Bento4 +CVE-2017-14259 (In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in Ap4StscAtom. ...) + NOT-FOR-US: Bento4 +CVE-2017-14258 (In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h fil ...) + NOT-FOR-US: Bento4 +CVE-2017-14257 (In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in Core ...) + NOT-FOR-US: Bento4 +CVE-2017-14256 + RESERVED +CVE-2017-14255 + RESERVED +CVE-2017-14254 + RESERVED +CVE-2017-14253 + RESERVED +CVE-2017-14252 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in sysex ...) + - typo3-src + [wheezy] - typo3-src (Not supported in Wheezy LTS) +CVE-2017-14250 + REJECTED +CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coder ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/708 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04 +CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/resize.c ...) + - imagemagick (Vulnerable code introduced later) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/717 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5402b6e0fcf8b694ae2af6a6652ebb8ce0ccf46 +CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) + {DLA-2418-1 DLA-1618-1} + - libsndfile 1.0.28-5 (low; bug #876682) + [wheezy] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/issues/317 + NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f +CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) + {DLA-2418-1 DLA-1618-1} + - libsndfile 1.0.28-5 (low; bug #876682) + [wheezy] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/issues/317 + NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f +CVE-2017-14244 (An authentication bypass vulnerability on iBall Baton ADSL2+ Home Rout ...) + NOT-FOR-US: iBall +CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadba ...) + NOT-FOR-US: UTStar +CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...) + - dolibarr (bug #885319) + NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb +CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 all ...) + - dolibarr (bug #885320) + NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 +CVE-2017-14240 (There is a sensitive information disclosure vulnerability in document. ...) + - dolibarr (bug #885320) + NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 +CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CR ...) + - dolibarr (bug #885320) + NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 +CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CR ...) + - dolibarr (bug #885320) + NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 +CVE-2017-14237 + RESERVED +CVE-2017-14236 + RESERVED +CVE-2017-14235 + RESERVED +CVE-2017-14234 + RESERVED +CVE-2017-14233 + RESERVED +CVE-2017-14232 (The read_chunk function in flif-dec.cpp in Free Lossless Image Format ...) + - flif +CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a denial of ser ...) + NOT-FOR-US: GenixCMS +CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP befo ...) + - cyrus-imapd (Vulnerable code introduced later) + - cyrus-imapd-2.4 (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79 + NOTE: Introduced by: https://github.com/cyrusimap/cyrus-imapd/commit/1fe918087237f55e09a37fa414bf988873739021 (cyrus-imapd-3.0.0-beta1) + NOTE: https://github.com/cyrusimap/cyrus-imapd/issues/2132 +CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in jpc/jpc_ ...) + - jasper + [jessie] - jasper (Minor issue) + [wheezy] - jasper (Minor issue) + NOTE: https://github.com/mdadams/jasper/issues/146 + NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648 +CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...) + - nasm 2.13.02-0.1 (unimportant; bug #874731) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423 + NOTE: Crash in CLI tool, no securiy impact +CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in bson-it ...) + - libbson 1.8.0-1 (bug #874754) + [stretch] - libbson (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362 + NOTE: Latest https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0) + NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding. + NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to + NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069 + NOTE: Still the underlying issue in bson-iter.c when parsing BSON with a codewscope + NOTE: type is present in earlier versions. + NOTE: Upstream issue: https://jira.mongodb.org/browse/CDRIVER-2269 + NOTE: Fixed by: https://github.com/mongodb/libbson/commit/42900956dc461dfe7fb91d93361d10737c1602b3 +CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.c ...) + - libwpd 0.10.2-1 (bug #876001) + [stretch] - libwpd 0.10.1-5+deb9u1 + [jessie] - libwpd 0.10.0-2+deb8u1 + [wheezy] - libwpd (Vulnerable code do not exist) + NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269 + NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/ + NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/ +CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...) + {DSA-3996-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + [jessie] - libav (Vulnerable code not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2 +CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in Image ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #876097) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/733 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b +CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_i ...) + {DSA-3996-1 DLA-1654-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97 +CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...) + {DSA-3996-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + [jessie] - libav (vulnerable code not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382 +CVE-2017-14221 + RESERVED +CVE-2017-14220 + RESERVED +CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmw ...) + NOT-FOR-US: Intelbras Wireless N 150Mbps router +CVE-2017-14218 + RESERVED +CVE-2017-14217 + RESERVED +CVE-2017-14216 + RESERVED +CVE-2017-14215 + RESERVED +CVE-2017-14214 + RESERVED +CVE-2017-14213 + RESERVED +CVE-2017-14212 + RESERVED +CVE-2017-14211 + RESERVED +CVE-2017-14210 + RESERVED +CVE-2017-14209 + RESERVED +CVE-2017-14208 + REJECTED +CVE-2017-14207 + REJECTED +CVE-2017-14206 + REJECTED +CVE-2017-14205 + REJECTED +CVE-2017-14204 + REJECTED +CVE-2017-14203 + REJECTED +CVE-2017-14202 (Improper Restriction of Operations within the Bounds of a Memory Buffe ...) + NOT-FOR-US: Zephyr +CVE-2017-14201 (Use After Free vulnerability in the Zephyr shell allows a serial or te ...) + NOT-FOR-US: Zephyr +CVE-2017-14200 + REJECTED +CVE-2017-14199 (A buffer overflow has been found in the Zephyr Project's getaddrinfo() ...) + NOT-FOR-US: Zephyr OS +CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...) + NOT-FOR-US: Squiz Matrix +CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x befor ...) + NOT-FOR-US: Squiz Matrix +CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 an ...) + NOT-FOR-US: Squiz Matrix +CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms 5.0 ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineCms 5.0 ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCm ...) + NOT-FOR-US: dayrui FineCms +CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up ...) + NOT-FOR-US: Fortinet +CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager 5 ...) + NOT-FOR-US: Fortinet +CVE-2017-14188 + RESERVED +CVE-2017-14187 (A local privilege escalation and local code execution vulnerability in ...) + NOT-FOR-US: Fortinet +CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 t ...) + NOT-FOR-US: Fortinet +CVE-2017-14185 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for Wi ...) + NOT-FOR-US: Fortinet +CVE-2017-14183 + RESERVED +CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to 5 ...) + NOT-FOR-US: Fortinet +CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes originatin ...) + NOT-FOR-US: Apport +CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...) + NOT-FOR-US: Apport +CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...) + - snapd 2.30-1 + [stretch] - snapd (Issue introduced in 2.27) + NOTE: https://launchpad.net/bugs/1730255 +CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...) + NOT-FOR-US: Apport +CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...) + NOT-FOR-US: aacplusenc +CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() du ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/712 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56 +CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSDLayersInte ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/714 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64 +CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10 ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/713 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d +CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/715 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c +CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NS ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7 +CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3 -> 2.4, a DoS in mxf_read_inde ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2 +CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...) + {DSA-3996-1 DLA-1654-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: libav in Jessie uses a different guard for item_num. Check whether + NOTE: the guard is necessary at all. + NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad +CVE-2017-14168 + RESERVED +CVE-2017-14167 (Integer overflow in the load_multiboot function in hw/i386/multiboot.c ...) + {DSA-3991-1 DLA-1497-1 DLA-1129-1 DLA-1128-1} + - qemu 1:2.10.0-1 (bug #874606) + - qemu-kvm + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489375 +CVE-2017-14163 (An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8 ...) + - mahara +CVE-2017-14162 + RESERVED +CVE-2017-14161 + RESERVED +CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...) + {DSA-4360-1 DLA-1600-1 DLA-1092-1} + - libarchive 3.2.2-3.1 (bug #874539) + NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/5 + NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71 + NOTE: https://github.com/libarchive/libarchive/issues/935 +CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...) + - graphicsmagick 1.3.26-9 (unimportant; bug #874724) + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa + NOTE: https://www.openwall.com/lists/oss-security/2017/09/06/4 + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/ +CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...) + {DLA-2828-1 DLA-2013-1} + - libvorbis 1.3.6-2 (bug #876780) + [wheezy] - libvorbis (Minor issue, can be revisited once fixed upstream) + NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/2 + NOTE: https://www.openwall.com/lists/oss-security/2017/09/21/3 + NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330 + NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 +CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attac ...) + {DSA-4052-1 DLA-1107-1} + - bzr 2.7.0+bzr6622-7 (bug #874429) + - breezy 3.0.0~bzr6772-1 + NOTE: https://bugs.launchpad.net/bzr/+bug/1710979 +CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...) + - openldap (unimportant) + NOTE: http://www.openldap.org/its/index.cgi?findid=8703 + NOTE: Negligible security impact, but filed #877512 +CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memor ...) + - python-scrapy (unimportant; bug #875947) + NOTE: http://blog.csdn.net/wangtua/article/details/75228728 + NOTE: https://github.com/scrapy/scrapy/issues/482 + NOTE: Negligable security impact +CVE-2017-14157 + RESERVED +CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in th ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 (low) +CVE-2017-14155 + RESERVED +CVE-2017-14154 + RESERVED +CVE-2017-14153 (This vulnerability allows local attackers to escalate privileges on Ju ...) + NOT-FOR-US: Jungo WinDriver +CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in lib/ope ...) + - openjpeg2 (Incomplete fix for CVE-2017-14152 not applied) +CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...) + {DSA-4013-1} + - openjpeg2 2.3.0-1 (bug #874431) + NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/ + NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 + NOTE: https://github.com/uclouvain/openjpeg/issues/985 + NOTE: When fixing this issue make sure to apply the complete fix including the following + NOTE: commit: + NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a + NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164. +CVE-2017-14151 (An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_ ...) + - openjpeg2 2.3.0-1 (bug #874430) + [stretch] - openjpeg2 2.1.2-1.1+deb9u2 + [jessie] - openjpeg2 (Vulnerable code introduced later, see #874430) + NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/ + NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9 + NOTE: https://github.com/uclouvain/openjpeg/issues/982 +CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. Wh ...) + {DSA-3992-1 DLA-1121-1} + - curl 7.56.1-1 (bug #877671) + NOTE: https://curl.haxx.se/docs/adv_20171004.html + NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch + NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7 + NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584 +CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...) + - linux 4.0.2-1 + [jessie] - linux 3.16.7-ckt11-1 + [wheezy] - linux 3.2.71-1 +CVE-2017-1000252 (The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS u ...) + - linux 4.12.13-1 + [stretch] - linux 4.9.30-2+deb9u5 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb (v4.14-rc1) + NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2 + NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2 +CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at th ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 (bug #875881) + NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3 + NOTE: https://www.armis.com/blueborne/ + NOTE: https://access.redhat.com/security/vulnerabilities/blueborne +CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are vulnerabl ...) + {DSA-3972-1 DLA-1103-1} + - bluez 5.46-1 (bug #875633) + NOTE: https://www.armis.com/blueborne/ + NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09 +CVE-2017-1000249 (An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b ...) + {DSA-3965-1} + - file 1:5.32-1 + [jessie] - file (Vulnerable code introduced later) + [wheezy] - file (Vulnerable code introduced later) + NOTE: Upstream fix: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793 + NOTE: Introduced by: https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1 +CVE-2017-14150 + RESERVED +CVE-2017-14149 (GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the webs ...) + NOT-FOR-US: GoAhead +CVE-2017-14148 + RESERVED +CVE-2017-14147 (An issue was discovered on FiberHome User End Routers Bearing Model Nu ...) + NOT-FOR-US: FiberHome +CVE-2017-14146 (HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary ...) + NOT-FOR-US: HelpDEZk +CVE-2017-14145 (HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\logi ...) + NOT-FOR-US: HelpDEZk +CVE-2017-14144 + RESERVED +CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a hardcod ...) + NOT-FOR-US: Kaltura +CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before ...) + NOT-FOR-US: Kaltura +CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...) + NOT-FOR-US: Kaltura +CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.12-1 + NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9 +CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage i ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/578 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dbe0008c6fa225d01085ca86f3e425c306ee6240 + NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6 + NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e +CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage i ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/639 +CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue whe ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/641 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004 + NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes) +CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...) + - opencv (Incomplete patch never shipped) + NOTE: https://github.com/opencv/opencv/issues/9443 + NOTE: https://github.com/opencv/opencv/pull/9448 +CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the we ...) + NOT-FOR-US: webadmin plugin for opendreambox +CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password page of M ...) + NOT-FOR-US: Maplesoft Maple +CVE-2017-14133 + RESERVED +CVE-2017-14132 (JasPer 1.900.8, 1.900.9, 1.900.10, 1.900.11, 1.900.12, 1.900.13, 1.900 ...) + {DLA-1583-1} + - jasper (low) + [wheezy] - jasper (Minor issue) + NOTE: https://github.com/mdadams/jasper/issues/147 + NOTE: The suggested fix by thoger addresses the reported issue. +CVE-2017-14131 + RESERVED +CVE-2017-14130 (The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary Fi ...) + - binutils 2.29-9 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229 +CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor (B ...) + - binutils 2.29-10 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22047 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643 +CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Descripto ...) + - binutils 2.29-9 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22059 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780 +CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on Technicol ...) + NOT-FOR-US: Technicolor +CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS ...) + NOT-FOR-US: WordPress plugin +CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin bef ...) + NOT-FOR-US: Responsive Image Gallery plugin for WordPress +CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when cla ...) + NOT-FOR-US: eLux +CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upl ...) + NOT-FOR-US: Zoho ManageEngine +CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based b ...) + {DLA-2567-1} + - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 + NOTE: Crash in CLI tool, no security impact +CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...) + {DLA-2567-1} + - unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 + NOTE: Crash in CLI tool, no security impact +CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory tra ...) + {DLA-2567-1 DLA-1091-1} + - unrar-free 1:0.0.1+cvs20140707-2 (bug #874059) + [jessie] - unrar-free (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/20/1 + NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29 +CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14118 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, module\tool_all ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14117 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 d ...) + NOT-FOR-US: Arris +CVE-2017-14116 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when ...) + NOT-FOR-US: Arris +CVE-2017-14115 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 d ...) + NOT-FOR-US: Arris +CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...) + - rtpproxy (unimportant; bug #874070) + NOTE: https://rtpbleed.com/ + NOTE: https://github.com/sippy/rtpproxy/issues/70 + NOTE: Design limitation in RTP protocol +CVE-2017-14113 + REJECTED +CVE-2017-14112 + RESERVED +CVE-2017-14111 (The workstation logging function in Philips IntelliSpace Cardiovascula ...) + NOT-FOR-US: Philips IntelliSpace Cardiovascular and Xcelera +CVE-2017-14110 + RESERVED +CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is vulner ...) + NOT-FOR-US: tcmu-runner +CVE-2017-1000200 (tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered N ...) + NOT-FOR-US: tcmu-runner +CVE-2017-1000199 (tcmu-runner version 0.91 up to 1.20 is vulnerable to information discl ...) + NOT-FOR-US: tcmu-runner +CVE-2017-1000198 (tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid mem ...) + NOT-FOR-US: tcmu-runner +CVE-2017-14109 + RESERVED +CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ca ...) + - gedit (unimportant; bug #875311) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=791037 + NOTE: negligible security impact +CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 mis ...) + {DLA-2858-1} + [experimental] - libzip 1.3.0+dfsg.1-1 + - libzip 1.5.1-3 (low; bug #874010) + [jessie] - libzip (Minor issue) + [wheezy] - libzip (Minor issue) + - php5 (unimportant) + [jessie] - php5 5.6.33+dfsg-0+deb8u1 + NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/ + NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5 + NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567 + NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1 +CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...) + NOT-FOR-US: HiveManager +CVE-2017-14104 + RESERVED +CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel befo ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3) +CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in Grap ...) + {DLA-1130-1} + - graphicsmagick 1.3.26-8 + [stretch] - graphicsmagick (Incomplete fix for CVE-2017-11403 not applied) + [jessie] - graphicsmagick (Incomplete fix for CVE-2017-11403 not applied) + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f + NOTE: https://www.openwall.com/lists/oss-security/2017/09/01/6 + NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/ +CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping privileg ...) + - mimedefang 2.83-1 (bug #877363) + [stretch] - mimedefang (Minor issue) + [jessie] - mimedefang (Minor issue) + [wheezy] - mimedefang (Minor issue only exploitable if daemon is compromised in some other way) + NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html + NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html +CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...) + NOT-FOR-US: Conserus Image Repository +CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart Protecti ...) + NOT-FOR-US: Trend Micro +CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...) + NOT-FOR-US: Trend Micro +CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...) + NOT-FOR-US: Trend Micro +CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ve ...) + NOT-FOR-US: Trend Micro +CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for E ...) + NOT-FOR-US: Trend Micro ScanMail for Exchange +CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange 1 ...) + NOT-FOR-US: Trend Micro ScanMail for Exchange +CVE-2017-14091 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...) + NOT-FOR-US: Trend Micro ScanMail for Exchange +CVE-2017-14090 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in wh ...) + NOT-FOR-US: Trend Micro ScanMail for Exchange +CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeS ...) + NOT-FOR-US: Trend Micro +CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in Trend Micro ...) + NOT-FOR-US: Trend Micro +CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12 ...) + NOT-FOR-US: Trend Micro +CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in Trend Micro ...) + NOT-FOR-US: Trend Micro +CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 ...) + NOT-FOR-US: Trend Micro +CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Mic ...) + NOT-FOR-US: Trend Micro +CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote un ...) + NOT-FOR-US: Trend Micro +CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...) + NOT-FOR-US: Trend Micro +CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...) + NOT-FOR-US: Trend Micro Mobile Security +CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security (En ...) + NOT-FOR-US: Trend Micro Mobile Security +CVE-2017-14079 (Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) ...) + NOT-FOR-US: Trend Micro Mobile Security +CVE-2017-14078 (SQL Injection vulnerabilities in Trend Micro Mobile Security (Enterpri ...) + NOT-FOR-US: Trend Micro Mobile Security +CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17. ...) + - asterisk 1:13.17.1~dfsg-1 (bug #873909) + [stretch] - asterisk (Vulnerable code not present; issue introduced in 13.15) + [jessie] - asterisk (Vulnerable code not present; issue introduced in 13.15) + [wheezy] - asterisk (Vulnerable code not present; issue introduced in 13.15) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152 + NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152 +CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...) + {DSA-3964-1 DLA-1122-1} + - asterisk 1:13.17.1~dfsg-1 (bug #873908) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103 + NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103 +CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...) + {DSA-3964-1} + - asterisk 1:13.17.1~dfsg-1 (bug #873907) + [wheezy] - asterisk (strictrtp option is disabled by default. Too intrusive too backport) + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013 + NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013 +CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...) + NOT-FOR-US: Securimage +CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id paramet ...) + NOT-FOR-US: NexusPHP +CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on Ju ...) + NOT-FOR-US: Jungo WinDriver +CVE-2017-14074 + RESERVED +CVE-2017-14073 + RESERVED +CVE-2017-14072 + RESERVED +CVE-2017-14071 + RESERVED +CVE-2017-14070 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via t ...) + NOT-FOR-US: NexusPHP +CVE-2017-14069 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw arr ...) + NOT-FOR-US: NexusPHP +CVE-2017-14068 + RESERVED +CVE-2017-14067 + RESERVED +CVE-2017-14066 + RESERVED +CVE-2017-14065 + RESERVED +CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can e ...) + {DSA-3966-1 DLA-1421-1 DLA-1114-1} + - ruby2.3 2.3.3-1+deb9u1 (bug #873906) + - ruby2.1 + - ruby1.9.1 + NOTE: https://bugs.ruby-lang.org/issues/13853 + NOTE: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85 +CVE-2017-14062 (Integer overflow in the decode_digit function in puny_decode.c in Libi ...) + {DSA-3988-1 DLA-1447-1 DLA-1085-1 DLA-1084-1} + - libidn2-0 2.0.2-4 (bug #873902) + - libidn 1.33-2 (bug #873903) + [stretch] - libidn 1.33-1+deb9u1 + NOTE: https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd +CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 before 2 ...) + - libidn2-0 2.0.2-4 (bug #873904) + [stretch] - libidn2-0 (Vulnerable code not present) + [jessie] - libidn2-0 (Vulnerable code not present) + [wheezy] - libidn2-0 (Vulnerable code not present) + - libidn (Vulnerable code not present) + NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305 +CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present i ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/710 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48 +CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF che ...) + {DSA-3996-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + [jessie] - libav (vulnerable code is not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6 +CVE-2017-14058 (In FFmpeg 2.4 and 3.3.3, the read_data function in libavformat/hls.c d ...) + {DSA-3996-1 DLA-1740-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a +CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329 + NOTE: libav: The vulnerable code is in asfdec.c. +CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due t ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de +CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...) + {DSA-3996-1 DLA-1630-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e +CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...) + {DSA-3996-1} + - ffmpeg 7:3.3.4-1 (low) + - libav + [jessie] - libav (vulnerable code is not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49 +CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...) + NOT-FOR-US: NetApp +CVE-2017-14052 + RESERVED +CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...) + {DLA-1241-1} + - libkohana2-php + [jessie] - libkohana2-php (Minor issue) + NOTE: https://github.com/kohana/kohana/issues/107 + NOTE: Fixed by https://github.com/kohana/core/pull/697 +CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function ...) + NOT-FOR-US: OpenCart +CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() befo ...) + NOT-FOR-US: phpThumb +CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...) + - async-http-client (Vulnerable code introduced later after port to new Request API) + NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455 + NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3 +CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote authenti ...) + NOT-FOR-US: BlackCat CMS +CVE-2017-14049 (In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows re ...) + NOT-FOR-US: BlackCat CMS +CVE-2017-14048 (BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary ...) + NOT-FOR-US: BlackCat CMS +CVE-2017-14047 + RESERVED +CVE-2017-14046 + RESERVED +CVE-2017-14045 + RESERVED +CVE-2017-14044 + RESERVED +CVE-2017-14043 + RESERVED +CVE-2017-14038 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerabilit ...) + NOT-FOR-US: CrushFTP +CVE-2017-14037 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerab ...) + NOT-FOR-US: CrushFTP +CVE-2017-14036 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.) + NOT-FOR-US: CrushFTP +CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability.) + NOT-FOR-US: CrushFTP +CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...) + {DLA-1200-1} + - linux 4.12.13-1 (unimportant) + [stretch] - linux 4.9.30-2+deb9u5 + [jessie] - linux 3.16.43-2+deb8u5 + NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017 + NOTE: https://patchwork.kernel.org/patch/9929625/ + NOTE: Non issue, only "exploitable" with root access +CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as use ...) + NOT-FOR-US: libbpg + NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1 +CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2. ...) + {DSA-4031-1 DLA-1421-1 DLA-1114-1} + - ruby2.3 2.3.5-1 (bug #875928) + - ruby2.1 + - ruby1.9.1 + - ruby1.8 (vunlerable code not present) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1058757 + NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/ + NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b +CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada 1 ...) + NOT-FOR-US: Trihedral VTScada +CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted se ...) + NOT-FOR-US: Moxa MXview +CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...) + NOT-FOR-US: Trihedral VTScada +CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...) + NOT-FOR-US: Moxa +CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...) + NOT-FOR-US: Korenix +CVE-2017-14026 (In Ice Qube Thermal Management Center versions prior to version 4.13, ...) + NOT-FOR-US: Ice Qube Thermal Management Center +CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T relea ...) + NOT-FOR-US: ABB FOX515T +CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider Electr ...) + NOT-FOR-US: Schneider Electric +CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC P ...) + NOT-FOR-US: Siemens +CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell Automati ...) + NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events +CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...) + NOT-FOR-US: Korenix +CVE-2017-14020 (In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) ...) + NOT-FOR-US: AutomationDirect +CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea Movi ...) + NOT-FOR-US: Progea Movicon +CVE-2017-14018 (An improper authentication issue was discovered in Johnson & Johnson E ...) + NOT-FOR-US: Johnson & Johnson Ethicon Endo-Surgery Generator Gen11 +CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea Mov ...) + NOT-FOR-US: Progea Movicon +CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech WebAcc ...) + NOT-FOR-US: Advantech +CVE-2017-14015 + RESERVED +CVE-2017-14014 (Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded crypt ...) + NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120 +CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...) + NOT-FOR-US: ProMinent MultiFLEX M10a Controller +CVE-2017-14012 (Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at ...) + NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120 +CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent MultiFL ...) + NOT-FOR-US: ProMinent MultiFLEX M10a Controller +CVE-2017-14010 (In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions ...) + NOT-FOR-US: SpiderControl +CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX M1 ...) + NOT-FOR-US: ProMinent MultiFLEX M10a Controller +CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current vers ...) + NOT-FOR-US: GE Centricity PACS RA1000 +CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent M ...) + NOT-FOR-US: ProMinent MultiFLEX M10a Controller +CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all ...) + NOT-FOR-US: GE Xeleris +CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent MultiF ...) + NOT-FOR-US: ProMinent MultiFLEX M10a Controller +CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are affecte ...) + NOT-FOR-US: GE GEMNet License server +CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA Ethe ...) + NOT-FOR-US: LAVA Ether-Serial Link +CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current ...) + NOT-FOR-US: GE Infinia/Infinia with Hawkeye 4 medical imaging systems +CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command i ...) + NOT-FOR-US: Asterisk GUI + NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI +CVE-2017-14000 (An Improper Authentication issue was discovered in Ctek SkyRouter Seri ...) + NOT-FOR-US: Ctek SkyRouter +CVE-2017-13999 (A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studi ...) + NOT-FOR-US: WECON LEVI Studio HMI Editor +CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...) + NOT-FOR-US: LOYTEC LVIS-3ME +CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...) + NOT-FOR-US: Schneider +CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME vers ...) + NOT-FOR-US: LOYTEC LVIS-3ME +CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions in ...) + NOT-FOR-US: iniNet Solutions iniNet Webserver +CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME version ...) + NOT-FOR-US: LOYTEC LVIS-3ME +CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS ...) + NOT-FOR-US: i-SENS SmartLog Diabetes Management Software +CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versio ...) + NOT-FOR-US: LOYTEC LVIS-3ME +CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...) + NOT-FOR-US: ArcSight +CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...) + NOT-FOR-US: ArcSight +CVE-2017-13989 (An improper access control vulnerability in ArcSight ESM and ArcSight ...) + NOT-FOR-US: ArcSight +CVE-2017-13988 (An improper access control vulnerability in ArcSight ESM and ArcSight ...) + NOT-FOR-US: ArcSight +CVE-2017-13987 (An insufficient access control vulnerability in ArcSight ESM and ArcSi ...) + NOT-FOR-US: ArcSight +CVE-2017-13986 (A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM an ...) + NOT-FOR-US: ArcSight +CVE-2017-13985 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) + NOT-FOR-US: HP +CVE-2017-13984 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) + NOT-FOR-US: HP +CVE-2017-13983 (An authentication vulnerability in HPE BSM Platform Application Perfor ...) + NOT-FOR-US: HP +CVE-2017-13982 (A directory traversal vulnerability in HPE BSM Platform Application Pe ...) + NOT-FOR-US: HP +CVE-2017-13981 + REJECTED +CVE-2017-13980 + REJECTED +CVE-2017-13979 + REJECTED +CVE-2017-13978 + REJECTED +CVE-2017-13977 + REJECTED +CVE-2017-13976 + REJECTED +CVE-2017-13975 + REJECTED +CVE-2017-13974 + REJECTED +CVE-2017-13973 + REJECTED +CVE-2017-13972 + REJECTED +CVE-2017-13971 + REJECTED +CVE-2017-13970 + REJECTED +CVE-2017-13969 + REJECTED +CVE-2017-13968 + REJECTED +CVE-2017-13967 + REJECTED +CVE-2017-13966 + REJECTED +CVE-2017-13965 + REJECTED +CVE-2017-13964 + REJECTED +CVE-2017-13963 + REJECTED +CVE-2017-13962 + REJECTED +CVE-2017-13961 + REJECTED +CVE-2017-13960 + REJECTED +CVE-2017-13959 + REJECTED +CVE-2017-13958 + REJECTED +CVE-2017-13957 + REJECTED +CVE-2017-13956 + REJECTED +CVE-2017-13955 + REJECTED +CVE-2017-13954 + REJECTED +CVE-2017-13953 + REJECTED +CVE-2017-13952 + REJECTED +CVE-2017-13951 + REJECTED +CVE-2017-13950 + REJECTED +CVE-2017-13949 + REJECTED +CVE-2017-13948 + REJECTED +CVE-2017-13947 + REJECTED +CVE-2017-13946 + REJECTED +CVE-2017-13945 + REJECTED +CVE-2017-13944 + REJECTED +CVE-2017-13943 + REJECTED +CVE-2017-13942 + REJECTED +CVE-2017-13941 + REJECTED +CVE-2017-13940 + REJECTED +CVE-2017-13939 + REJECTED +CVE-2017-13938 + REJECTED +CVE-2017-13937 + REJECTED +CVE-2017-13936 + REJECTED +CVE-2017-13935 + REJECTED +CVE-2017-13934 + REJECTED +CVE-2017-13933 + REJECTED +CVE-2017-13932 + REJECTED +CVE-2017-13931 + REJECTED +CVE-2017-13930 + REJECTED +CVE-2017-13929 + REJECTED +CVE-2017-13928 + REJECTED +CVE-2017-13927 + REJECTED +CVE-2017-13926 + REJECTED +CVE-2017-13925 + REJECTED +CVE-2017-13924 + REJECTED +CVE-2017-13923 + REJECTED +CVE-2017-13922 + REJECTED +CVE-2017-13921 + REJECTED +CVE-2017-13920 + REJECTED +CVE-2017-13919 + REJECTED +CVE-2017-13918 + REJECTED +CVE-2017-13917 + REJECTED +CVE-2017-13916 + REJECTED +CVE-2017-13915 + REJECTED +CVE-2017-13914 + REJECTED +CVE-2017-13913 + REJECTED +CVE-2017-13912 + REJECTED +CVE-2017-13911 (A configuration issue was addressed with additional restrictions. This ...) + NOT-FOR-US: Apple +CVE-2017-13910 (An access issue was addressed with additional sandbox restrictions on ...) + NOT-FOR-US: Apple +CVE-2017-13909 (An issue existed in the storage of sensitive tokens. This issue was ad ...) + NOT-FOR-US: Apple +CVE-2017-13908 (An issue in handling file permissions was addressed with improved vali ...) + NOT-FOR-US: Apple +CVE-2017-13907 (A state management issue was addressed with improved state validation. ...) + NOT-FOR-US: Apple +CVE-2017-13906 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2017-13905 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-13902 + REJECTED +CVE-2017-13901 + REJECTED +CVE-2017-13900 + REJECTED +CVE-2017-13899 + REJECTED +CVE-2017-13898 + REJECTED +CVE-2017-13897 + REJECTED +CVE-2017-13896 + REJECTED +CVE-2017-13895 + REJECTED +CVE-2017-13894 + REJECTED +CVE-2017-13893 + REJECTED +CVE-2017-13892 (An issue existed in the handling of Contact sharing. This issue was ad ...) + NOT-FOR-US: Apple +CVE-2017-13891 (In iOS before 11.2, an inconsistent user interface issue was addressed ...) + NOT-FOR-US: Apple +CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13889 (In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, ...) + NOT-FOR-US: Apple +CVE-2017-13888 (In iOS before 11.2, a type confusion issue was addressed with improved ...) + NOT-FOR-US: Apple +CVE-2017-13887 (In macOS High Sierra before 10.13.2, a logic issue existed in APFS whe ...) + NOT-FOR-US: Apple +CVE-2017-13886 (In macOS High Sierra before 10.13.2, an access issue existed with priv ...) + NOT-FOR-US: Apple +CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-13884 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13882 + RESERVED +CVE-2017-13881 + RESERVED +CVE-2017-13880 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13877 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13873 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra b ...) + NOT-FOR-US: Apple +CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.4-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0010.html + NOTE: Not covered by security support +CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.4-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0010.html + NOTE: Not covered by security support +CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 o ...) + NOT-FOR-US: Apple +CVE-2017-13863 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13859 + RESERVED +CVE-2017-13858 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13857 + RESERVED +CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.4-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0010.html + NOTE: Not covered by security support +CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13854 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-13853 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13851 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-13850 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13847 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Potentially src:pcre3, but Apple doesn't play by the rules +CVE-2017-13845 + RESERVED +CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13843 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13842 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13839 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13835 (A memory corruption issue was addressed with improved memory handling. ...) + NOT-FOR-US: Apple +CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13832 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13831 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13830 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13827 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-13826 + REJECTED +CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13824 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13823 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13822 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13821 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13820 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13819 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple products. ...) + NOT-FOR-US: Apple +CVE-2017-13816 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules +CVE-2017-13815 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-13814 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13813 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules +CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules +CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13809 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13808 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13807 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13806 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-13805 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13804 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13803 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.3-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13802 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13801 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13800 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13799 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-13798 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.3-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13797 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple-specific Webkit change (since not mentioned in webkitgtk releases) +CVE-2017-13796 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13795 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13794 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13793 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13792 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13791 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13790 (An issue was discovered in certain Apple products. Safari before 11.0. ...) + NOT-FOR-US: Apple Safari +CVE-2017-13789 (An issue was discovered in certain Apple products. Safari before 11.0. ...) + NOT-FOR-US: Apple Safari +CVE-2017-13788 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.3-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13787 + RESERVED +CVE-2017-13786 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13785 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13784 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13783 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0009.html + NOTE: Not covered by security support +CVE-2017-13782 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-13781 + RESERVED +CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory tr ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional authentic ...) + {DSA-3967-1} + - mbedtls 2.6.0-1 (bug #873557) + - polarssl + [jessie] - polarssl (Vulnerable code not present) + [wheezy] - polarssl (Vulnerable code not present) + NOTE: Affected versions: all from version 1.3.10 up and including 2.1 and later releases + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02 + NOTE: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32 + NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc +CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offli ...) + NOT-FOR-US: India Goods and Services Tax Network +CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...) + {DSA-4321-1 DLA-1456-1 DLA-1082-1} + - graphicsmagick 1.3.26-8 (low) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e +CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...) + {DSA-4321-1 DLA-1456-1 DLA-1082-1} + - graphicsmagick 1.3.26-8 (low) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e +CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...) + {DSA-4321-1 DLA-1456-1} + - graphicsmagick 1.3.26-8 (low) + [wheezy] - graphicsmagick (Vulnerable code not present) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd +CVE-2017-13774 (Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to gener ...) + NOT-FOR-US: Hikvision +CVE-2017-13773 + RESERVED +CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers w ...) + NOT-FOR-US: TP-Link +CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network configu ...) + NOT-FOR-US: Lexmark Scan To Network +CVE-2017-13770 + RESERVED +CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878507) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/705 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5 + NOTE: Extra checks: + NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260 +CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in MagickCore/i ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/706 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff +CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP diss ...) + - wireshark 2.4.1-1 + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html +CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector coul ...) + - wireshark 2.4.1-1 + [stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1 + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html +CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM di ...) + {DLA-1634-1} + - wireshark 2.4.1-1 + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html +CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL point ...) + - wireshark 2.4.1-1 + [jessie] - wireshark (vulnerable request not implemented) + [wheezy] - wireshark (vulnerable request not implemented) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html +CVE-2017-13763 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of m ...) + NOT-FOR-US: ONOS +CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS.) + NOT-FOR-US: ONOS +CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a thi ...) + NOT-FOR-US: Fastly CDN module for Magento2 +CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in t ...) + {DLA-3054-1} + - sleuthkit 4.4.2-3 (unimportant; bug #873724) + NOTE: https://github.com/sleuthkit/sleuthkit/issues/906 + NOTE: Negligible security impact +CVE-2017-13759 + RESERVED +CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...) + {DSA-4040-1 DSA-4032-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #878508) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/57eced684ad0660fe580800d977ba94623ec67ac +CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.29-10 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a +CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers i ...) + {DLA-3054-1} + - sleuthkit 4.4.2-3 (unimportant; bug #873725) + NOTE: https://github.com/sleuthkit/sleuthkit/issues/914 + NOTE: Negligible security impact +CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image trigge ...) + {DLA-3054-1} + - sleuthkit 4.4.2-3 (unimportant; bug #873726) + NOTE: https://github.com/sleuthkit/sleuthkit/issues/913 + NOTE: Negligible security impact +CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the "advanced settings - t ...) + NOT-FOR-US: Wibu-Systems +CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in convert ...) + - openjpeg2 2.1.2-1 + [jessie] - openjpeg2 (Vulnerable code introduced later) + NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1) + NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2) + NOTE: https://github.com/uclouvain/openjpeg/issues/833 +CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, op ...) + - openjpeg2 (unimportant) + NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b + NOTE: https://github.com/uclouvain/openjpeg/issues/731 + NOTE: https://github.com/uclouvain/openjpeg/issues/732 + NOTE: https://github.com/uclouvain/openjpeg/issues/777 + NOTE: https://github.com/uclouvain/openjpeg/issues/778 + NOTE: https://github.com/uclouvain/openjpeg/issues/779 + NOTE: https://github.com/uclouvain/openjpeg/issues/780 +CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...) + - openjpeg2 (unimportant) + NOTE: https://github.com/uclouvain/openjpeg/issues/776 + NOTE: https://github.com/uclouvain/openjpeg/issues/784 + NOTE: https://github.com/uclouvain/openjpeg/issues/785 + NOTE: https://github.com/uclouvain/openjpeg/issues/792 +CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout functi ...) + - openjpeg2 2.2.0-1 (bug #874113) + [stretch] - openjpeg2 2.1.2-1.1+deb9u2 + [jessie] - openjpeg2 (Vulnerable code introduced later, see #874113) + NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04 + NOTE: https://github.com/uclouvain/openjpeg/issues/835 +CVE-2017-13753 + REJECTED +CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485276 +CVE-2017-13751 (There is a reachable assertion abort in the function calcstepsizes() i ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485283 +CVE-2017-13750 (There is a reachable assertion abort in the function jpc_dec_process_s ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485280 +CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285 +CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the func ...) + {DLA-1583-1} + - jasper (low) + [wheezy] - jasper (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287 + NOTE: https://github.com/mdadams/jasper/issues/168 + NOTE: Fixed by https://github.com/mdadams/jasper/pull/159 but still no upstream comment. +CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() i ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485282 +CVE-2017-13746 (There is a reachable assertion abort in the function jpc_dec_process_s ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485286 +CVE-2017-13745 (There is a reachable assertion abort in the function jpc_dec_process_s ...) + - jasper (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485274 +CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484338 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4 +CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the functio ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484335 +CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c +CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484332 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/af5791ea792acc0a9707738001aa1df3daff7a66 +CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c +CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two thou ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c +CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in co ...) + - liblouis 3.3.0-1 (low; bug #874302) + [stretch] - liblouis 3.0.0-3+deb9u1 + [jessie] - liblouis (Minor issue) + [wheezy] - liblouis (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297 + NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4 +CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...) + {DSA-4321-1 DLA-1456-1 DLA-1140-1} + - graphicsmagick 1.3.26-15 (low; bug #878511) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196 + NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/ +CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in magick/com ...) + - graphicsmagick (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192 +CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw functio ...) + {DLA-2903-1} + - libraw 0.18.5-1 (low; bug #874729) + [wheezy] - libraw (Minor issue) + NOTE: https://github.com/LibRaw/LibRaw/issues/96 + NOTE: Isolated patch: https://github.com/LibRaw/LibRaw/files/1276421/radc_divbyzero.txt + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988 +CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291 +CVE-2017-13733 (There is an illegal address access in the fmt_entry function in progs/ ...) + - ncurses 6.0+20170902-1 (bug #873746) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290 +CVE-2017-13732 (There is an illegal address access in the function dump_uses() in prog ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287 +CVE-2017-13731 (There is an illegal address access in the function postprocess_termcap ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285 +CVE-2017-13730 (There is an illegal address access in the function _nc_read_entry_sour ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284 +CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in all ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276 +CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...) + - ncurses 6.0+20170827-1 (bug #873723) + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274 +CVE-2017-13727 (There is a reachable assertion abort in the function TIFFWriteDirector ...) + {DSA-4100-1 DLA-1093-1} + - tiff 4.0.8-5 (bug #873879) + - tiff3 + [wheezy] - tiff3 (Vulnerable code not present) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc +CVE-2017-13726 (There is a reachable assertion abort in the function TIFFWriteDirector ...) + {DSA-4100-1 DLA-1093-1} + - tiff 4.0.8-5 (bug #873880) + - tiff3 + [wheezy] - tiff3 (Vulnerable code not present) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e +CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scri ...) + NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 +CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local a ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.4-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac + NOTE: This is in libxkbfile in wheezy +CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont throu ...) + {DSA-3995-1 DLA-1126-1} + - libxfont 1:2.0.1-4 + - libxfont1 (unimportant) + NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd + NOTE: libxfont1 is only used by xfonts-utils, no security impact +CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an attack ...) + {DSA-4000-1} + - xorg-server 2:1.19.4-1 + [wheezy] - xorg-server (Vulnerable code introduced later) + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1 +CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...) + {DSA-3995-1 DLA-1126-1} + - libxfont 1:2.0.1-4 + - libxfont1 (unimportant) + NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608 + NOTE: libxfont1 is only used by xfonts-utils, no security impact +CVE-2017-13719 (The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 ...) + NOT-FOR-US: Amcrest +CVE-2017-13718 (The HTTP API supported by Starry Station (aka Starry Router) allows br ...) + NOT-FOR-US: Starry Station +CVE-2017-13717 (Starry Station (aka Starry Router) sets the Access-Control-Allow-Origi ...) + NOT-FOR-US: Starry Station +CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as distr ...) + - binutils (unimportant) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009 + NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE + NOTE: has assigned it specifically to the issue as raised within binutils. + NOTE: binutils not covered by security support +CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...) + NOT-FOR-US: IBM +CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the Li ...) + - linux 4.3.1-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 (4.3-rc1) + NOTE: Introduced by: https://git.kernel.org/linus/b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 (4.2-rc1) +CVE-2017-13714 + RESERVED +CVE-2017-13713 (T&W WIFI Repeater BE126 allows remote authenticated users to execute a ...) + NOT-FOR-US: T&W WIFI Repeater BE126 +CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in libm ...) + - lame 3.100-1 (low) + [stretch] - lame (Minor issue) + [jessie] - lame (Minor issue) + NOTE: https://sourceforge.net/p/lame/bugs/472/ +CVE-2017-13711 (Use-after-free vulnerability in the sofree function in slirp/socket.c ...) + {DSA-3991-1} + - qemu 1:2.10.0-1 (bug #873875) + [jessie] - qemu (Vulnerable code introduced later) + [wheezy] - qemu (Vulnerable code introduced later) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code introduced later) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400 +CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage functio ...) + {DSA-4013-1} + - openjpeg2 2.3.0-1 (bug #874115) + NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 + NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/ + NOTE: https://github.com/uclouvain/openjpeg/issues/997 +CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPE ...) + {DSA-4013-1} + - openjpeg2 2.3.0-1 (bug #874117) + NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281 + NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/ + NOTE: https://github.com/uclouvain/openjpeg/issues/995 +CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packe ...) + {DSA-4013-1} + - openjpeg2 2.3.0-1 (bug #874118) + NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e + NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/ + NOTE: https://github.com/uclouvain/openjpeg/issues/992 + NOTE: The issue is covered by https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154 +CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage functio ...) + - graphicsmagick 1.3.26-9 (unimportant; bug #873538) + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d + NOTE: https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/ + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/441/ +CVE-2017-13710 (The setup_group function in elf.c in the Binary File Descriptor (BFD) ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b +CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterprise 10.0 ...) + NOT-FOR-US: VX Search Enterprise +CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version 2 ...) + NOT-FOR-US: Replibit +CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package function ...) + NOT-FOR-US: Lansweeper +CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...) + - flightgear 1:2017.2.1+dfsg-4 (low; bug #873439) + [stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1 + [jessie] - flightgear 3.0.0-5+deb8u3 + NOTE: https://www.openwall.com/lists/oss-security/2017/08/27/1 +CVE-2017-13705 + RESERVED +CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the expe ...) + - dnsmasq 2.78-1 (bug #877102) + [stretch] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) + [jessie] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) + [wheezy] - dnsmasq (Vulnerable code not present; Upstream: Regression introduced in 2.77) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510 + NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html + NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 +CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: Moxa +CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: Moxa +CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: Moxa +CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: Moxa +CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: MOXA +CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...) + NOT-FOR-US: MOXA +CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...) + NOT-FOR-US: FineCMS +CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of Du ...) + NOT-FOR-US: Dup Scout Enterprise +CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0007.html + NOTE: Not covered by security support +CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, do ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0007.html + NOTE: Not covered by security support +CVE-2017-13695 (The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...) + - acpica-unix 20180209-1 (unimportant) + - linux 4.17.3-1 (unimportant) + NOTE: https://patchwork.kernel.org/patch/9850567/ + NOTE: non-issue/no relevant security impact +CVE-2017-13694 (The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobje ...) + - acpica-unix 20180209-1 (unimportant) + - linux (unimportant) + NOTE: https://patchwork.kernel.org/patch/9806085/ + NOTE: non-issue/no relevant security impact +CVE-2017-13693 (The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils. ...) + - acpica-unix 20180209-1 (unimportant) + - linux (unimportant) + NOTE: https://patchwork.kernel.org/patch/9919053/ + NOTE: non-issue/no relevant security impact +CVE-2017-13692 (In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attacker ...) + - tidy-html5 (Vulnerable code introduced later) + - tidy (Vulnerable code introduced later) + NOTE: https://github.com/htacg/tidy-html5/issues/588 +CVE-2017-13691 + RESERVED +CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read i ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...) + - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205 +CVE-2016-1000245 + RESERVED +CVE-2017-13685 (The dump_callback function in SQLite 3.20.0 allows remote attackers to ...) + - sqlite3 3.20.1-1 (unimportant; bug #873762) + - sqlite (unimportant) + NOTE: https://sqlite.org/src/info/02f0f4c54f2819b3 + NOTE: http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html + NOTE: Crash in the command-line shell program, not the the core SQLite library. +CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE b ...) + NOT-FOR-US: Unisys Libra +CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory ...) + NOT-FOR-US: Symantec +CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel memo ...) + NOT-FOR-US: Symantec +CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be suscep ...) + NOT-FOR-US: Symantec Endpoint Protection +CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Wi ...) + NOT-FOR-US: Symantec Endpoint Protection +CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...) + NOT-FOR-US: Symantec +CVE-2017-13678 (Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) ...) + NOT-FOR-US: Symantec +CVE-2017-13677 (Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure ...) + NOT-FOR-US: Symantec +CVE-2017-13676 (Norton Remove & Reinstall can be susceptible to a DLL preloading vulne ...) + NOT-FOR-US: Symantec +CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption befor ...) + NOT-FOR-US: Symantec +CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege esc ...) + NOT-FOR-US: Symantec ProxyClient +CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty bitm ...) + - qemu 1:2.10.0+dfsg-2 + [stretch] - qemu (Vulnerable code introduced later) + [jessie] - qemu (Vulnerable code introduced later) + [wheezy] - qemu (Vulnerable code introduced later) + - qemu-kvm (Vulnerable code introduced later) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html + NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375 (v2.10.1) + NOTE: Introduced by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72 + NOTE: In the unstable upload the fix is integrated in debian/patches/qemu-2.10.1.diff +CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator su ...) + {DSA-3991-1} + - qemu 1:2.10.0-1 (low; bug #873851) + [jessie] - qemu (Minor issue, root DoS, too complex to backport) + [wheezy] - qemu (Can be fixed along in a future DSA) + - qemu-kvm + [wheezy] - qemu-kvm (Can be fixed along in a future DSA) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html + NOTE: Fixed by https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681 + NOTE: CentOS7 has a backport/upgrade(?) for their frankenstein version + NOTE: http://vault.centos.org/7.6.1810/updates/Source/SPackages/qemu-kvm-1.5.3-160.el7_6.3.src.rpm +CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...) + NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) +CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any file vi ...) + NOT-FOR-US: BlackCat CMS +CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswere ...) + NOT-FOR-US: NexusPHP +CVE-2017-13668 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2017-13667 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...) + - x265 (Affected code is not enabled) +CVE-2017-13665 + RESERVED +CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version 2.2. ...) + NOT-FOR-US: iSmartAlarm CubeOne +CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2 ...) + NOT-FOR-US: iSmartAlarm CubeOne +CVE-2017-13662 + RESERVED +CVE-2017-13661 + RESERVED +CVE-2017-13660 + RESERVED +CVE-2017-13659 + RESERVED +CVE-2017-13657 + REJECTED +CVE-2017-13656 + REJECTED +CVE-2017-13655 + REJECTED +CVE-2017-13654 + REJECTED +CVE-2017-13653 + REJECTED +CVE-2017-13652 (NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are ...) + NOT-FOR-US: NetApp +CVE-2017-13651 + REJECTED +CVE-2017-13650 + RESERVED +CVE-2017-1002150 (python-fedora 0.8.0 and lower is vulnerable to an open redirect result ...) + - python-fedora 0.9.0-1 + [stretch] - python-fedora (Minor issue) + [jessie] - python-fedora (Minor issue) + NOTE: https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch +CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privil ...) + - unrealircd (bug #515130) +CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...) + - graphicsmagick 1.3.27-1 (unimportant) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/433/ +CVE-2017-13647 + RESERVED +CVE-2017-13646 + RESERVED +CVE-2017-13645 + RESERVED +CVE-2017-13644 + RESERVED +CVE-2017-13643 + RESERVED +CVE-2017-13642 + RESERVED +CVE-2017-13641 + RESERVED +CVE-2017-13640 + RESERVED +CVE-2017-13639 + RESERVED +CVE-2017-13638 + RESERVED +CVE-2017-13637 + RESERVED +CVE-2017-13636 + RESERVED +CVE-2017-13635 + RESERVED +CVE-2017-13634 + RESERVED +CVE-2017-13633 + RESERVED +CVE-2017-13632 + RESERVED +CVE-2017-13631 + RESERVED +CVE-2017-13630 + RESERVED +CVE-2017-13629 + RESERVED +CVE-2017-13628 + RESERVED +CVE-2017-13627 + RESERVED +CVE-2017-13626 + RESERVED +CVE-2017-13625 + RESERVED +CVE-2017-13624 + RESERVED +CVE-2017-13623 + RESERVED +CVE-2017-13622 + RESERVED +CVE-2017-13621 + RESERVED +CVE-2017-13620 + RESERVED +CVE-2017-13619 + RESERVED +CVE-2017-13618 + RESERVED +CVE-2017-13617 + RESERVED +CVE-2017-13616 + RESERVED +CVE-2017-13615 + RESERVED +CVE-2017-13614 + RESERVED +CVE-2017-13613 + RESERVED +CVE-2017-13612 + RESERVED +CVE-2017-13611 + RESERVED +CVE-2017-13610 + RESERVED +CVE-2017-13609 + RESERVED +CVE-2017-13608 + RESERVED +CVE-2017-13607 + RESERVED +CVE-2017-13606 + RESERVED +CVE-2017-13605 + RESERVED +CVE-2017-13604 + RESERVED +CVE-2017-13603 + RESERVED +CVE-2017-13602 + RESERVED +CVE-2017-13601 + RESERVED +CVE-2017-13600 + RESERVED +CVE-2017-13599 + RESERVED +CVE-2017-13598 + RESERVED +CVE-2017-13597 + RESERVED +CVE-2017-13596 + RESERVED +CVE-2017-13595 + RESERVED +CVE-2017-13594 + RESERVED +CVE-2017-13593 + RESERVED +CVE-2017-13592 + RESERVED +CVE-2017-13591 + RESERVED +CVE-2017-13590 + RESERVED +CVE-2017-13589 + RESERVED +CVE-2017-13588 + RESERVED +CVE-2017-13587 + RESERVED +CVE-2017-13586 + RESERVED +CVE-2017-13585 + RESERVED +CVE-2017-13584 + RESERVED +CVE-2017-13583 + RESERVED +CVE-2017-13582 + RESERVED +CVE-2017-13581 + RESERVED +CVE-2017-13580 + RESERVED +CVE-2017-13579 + RESERVED +CVE-2017-13578 + RESERVED +CVE-2017-13577 + RESERVED +CVE-2017-13576 + RESERVED +CVE-2017-13575 + RESERVED +CVE-2017-13574 + RESERVED +CVE-2017-13573 + RESERVED +CVE-2017-13572 + RESERVED +CVE-2017-13571 + RESERVED +CVE-2017-13570 + RESERVED +CVE-2017-13569 + RESERVED +CVE-2017-13568 + RESERVED +CVE-2017-13567 + RESERVED +CVE-2017-13566 + RESERVED +CVE-2017-13565 + RESERVED +CVE-2017-13564 + RESERVED +CVE-2017-13563 + RESERVED +CVE-2017-13562 + RESERVED +CVE-2017-13561 + RESERVED +CVE-2017-13560 + RESERVED +CVE-2017-13559 + RESERVED +CVE-2017-13558 + RESERVED +CVE-2017-13557 + RESERVED +CVE-2017-13556 + RESERVED +CVE-2017-13555 + RESERVED +CVE-2017-13554 + RESERVED +CVE-2017-13553 + RESERVED +CVE-2017-13552 + RESERVED +CVE-2017-13551 + RESERVED +CVE-2017-13550 + RESERVED +CVE-2017-13549 + RESERVED +CVE-2017-13548 + RESERVED +CVE-2017-13547 + RESERVED +CVE-2017-13546 + RESERVED +CVE-2017-13545 + RESERVED +CVE-2017-13544 + RESERVED +CVE-2017-13543 + RESERVED +CVE-2017-13542 + RESERVED +CVE-2017-13541 + RESERVED +CVE-2017-13540 + RESERVED +CVE-2017-13539 + RESERVED +CVE-2017-13538 + RESERVED +CVE-2017-13537 + RESERVED +CVE-2017-13536 + RESERVED +CVE-2017-13535 + RESERVED +CVE-2017-13534 + RESERVED +CVE-2017-13533 + RESERVED +CVE-2017-13532 + RESERVED +CVE-2017-13531 + RESERVED +CVE-2017-13530 + RESERVED +CVE-2017-13529 + RESERVED +CVE-2017-13528 + RESERVED +CVE-2017-13527 + RESERVED +CVE-2017-13526 + RESERVED +CVE-2017-13525 + RESERVED +CVE-2017-13524 + RESERVED +CVE-2017-13523 + RESERVED +CVE-2017-13522 + RESERVED +CVE-2017-13521 + RESERVED +CVE-2017-13520 + RESERVED +CVE-2017-13519 + RESERVED +CVE-2017-13518 + RESERVED +CVE-2017-13517 + RESERVED +CVE-2017-13516 + RESERVED +CVE-2017-13515 + RESERVED +CVE-2017-13514 + RESERVED +CVE-2017-13513 + RESERVED +CVE-2017-13512 + RESERVED +CVE-2017-13511 + RESERVED +CVE-2017-13510 + RESERVED +CVE-2017-13509 + RESERVED +CVE-2017-13508 + RESERVED +CVE-2017-13507 + RESERVED +CVE-2017-13506 + RESERVED +CVE-2017-13505 + RESERVED +CVE-2017-13504 + RESERVED +CVE-2017-13503 + RESERVED +CVE-2017-13502 + RESERVED +CVE-2017-13501 + RESERVED +CVE-2017-13500 + RESERVED +CVE-2017-13499 + RESERVED +CVE-2017-13498 + RESERVED +CVE-2017-13497 + RESERVED +CVE-2017-13496 + RESERVED +CVE-2017-13495 + RESERVED +CVE-2017-13494 + RESERVED +CVE-2017-13493 + RESERVED +CVE-2017-13492 + RESERVED +CVE-2017-13491 + RESERVED +CVE-2017-13490 + RESERVED +CVE-2017-13489 + RESERVED +CVE-2017-13488 + RESERVED +CVE-2017-13487 + RESERVED +CVE-2017-13486 + RESERVED +CVE-2017-13485 + RESERVED +CVE-2017-13484 + RESERVED +CVE-2017-13483 + RESERVED +CVE-2017-13482 + RESERVED +CVE-2017-13481 + RESERVED +CVE-2017-13480 + RESERVED +CVE-2017-13479 + RESERVED +CVE-2017-13478 + RESERVED +CVE-2017-13477 + RESERVED +CVE-2017-13476 + RESERVED +CVE-2017-13475 + RESERVED +CVE-2017-13474 + RESERVED +CVE-2017-13473 + RESERVED +CVE-2017-13472 + RESERVED +CVE-2017-13471 + RESERVED +CVE-2017-13470 + RESERVED +CVE-2017-13469 + RESERVED +CVE-2017-13468 + RESERVED +CVE-2017-13467 + RESERVED +CVE-2017-13466 + RESERVED +CVE-2017-13465 + RESERVED +CVE-2017-13464 + RESERVED +CVE-2017-13463 + RESERVED +CVE-2017-13462 + RESERVED +CVE-2017-13461 + RESERVED +CVE-2017-13460 + RESERVED +CVE-2017-13459 + RESERVED +CVE-2017-13458 + RESERVED +CVE-2017-13457 + RESERVED +CVE-2017-13456 + RESERVED +CVE-2017-13455 + RESERVED +CVE-2017-13454 + RESERVED +CVE-2017-13453 + RESERVED +CVE-2017-13452 + RESERVED +CVE-2017-13451 + RESERVED +CVE-2017-13450 + RESERVED +CVE-2017-13449 + RESERVED +CVE-2017-13448 + RESERVED +CVE-2017-13447 + RESERVED +CVE-2017-13446 + RESERVED +CVE-2017-13445 + RESERVED +CVE-2017-13444 + RESERVED +CVE-2017-13443 + RESERVED +CVE-2017-13442 + RESERVED +CVE-2017-13441 + RESERVED +CVE-2017-13440 + RESERVED +CVE-2017-13439 + RESERVED +CVE-2017-13438 + RESERVED +CVE-2017-13437 + RESERVED +CVE-2017-13436 + RESERVED +CVE-2017-13435 + RESERVED +CVE-2017-13434 + RESERVED +CVE-2017-13433 + RESERVED +CVE-2017-13432 + RESERVED +CVE-2017-13431 + RESERVED +CVE-2017-13430 + RESERVED +CVE-2017-13429 + RESERVED +CVE-2017-13428 + RESERVED +CVE-2017-13427 + RESERVED +CVE-2017-13426 + RESERVED +CVE-2017-13425 + RESERVED +CVE-2017-13424 + RESERVED +CVE-2017-13423 + RESERVED +CVE-2017-13422 + RESERVED +CVE-2017-13421 + RESERVED +CVE-2017-13420 + RESERVED +CVE-2017-13419 + RESERVED +CVE-2017-13418 + RESERVED +CVE-2017-13417 + RESERVED +CVE-2017-13416 + RESERVED +CVE-2017-13415 + RESERVED +CVE-2017-13414 + RESERVED +CVE-2017-13413 + RESERVED +CVE-2017-13412 + RESERVED +CVE-2017-13411 + RESERVED +CVE-2017-13410 + RESERVED +CVE-2017-13409 + RESERVED +CVE-2017-13408 + RESERVED +CVE-2017-13407 + RESERVED +CVE-2017-13406 + RESERVED +CVE-2017-13405 + RESERVED +CVE-2017-13404 + RESERVED +CVE-2017-13403 + RESERVED +CVE-2017-13402 + RESERVED +CVE-2017-13401 + RESERVED +CVE-2017-13400 + RESERVED +CVE-2017-13399 + RESERVED +CVE-2017-13398 + RESERVED +CVE-2017-13397 + RESERVED +CVE-2017-13396 + RESERVED +CVE-2017-13395 + RESERVED +CVE-2017-13394 + RESERVED +CVE-2017-13393 + RESERVED +CVE-2017-13392 + RESERVED +CVE-2017-13391 + RESERVED +CVE-2017-13390 + RESERVED +CVE-2017-13389 + RESERVED +CVE-2017-13388 + RESERVED +CVE-2017-13387 + RESERVED +CVE-2017-13386 + RESERVED +CVE-2017-13385 + RESERVED +CVE-2017-13384 + RESERVED +CVE-2017-13383 + RESERVED +CVE-2017-13382 + RESERVED +CVE-2017-13381 + RESERVED +CVE-2017-13380 + RESERVED +CVE-2017-13379 + RESERVED +CVE-2017-13378 + RESERVED +CVE-2017-13377 + RESERVED +CVE-2017-13376 + RESERVED +CVE-2017-13375 + RESERVED +CVE-2017-13374 + RESERVED +CVE-2017-13373 + RESERVED +CVE-2017-13372 + RESERVED +CVE-2017-13371 + RESERVED +CVE-2017-13370 + RESERVED +CVE-2017-13369 + RESERVED +CVE-2017-13368 + RESERVED +CVE-2017-13367 + RESERVED +CVE-2017-13366 + RESERVED +CVE-2017-13365 + RESERVED +CVE-2017-13364 + RESERVED +CVE-2017-13363 + RESERVED +CVE-2017-13362 + RESERVED +CVE-2017-13361 + RESERVED +CVE-2017-13360 + RESERVED +CVE-2017-13359 + RESERVED +CVE-2017-13358 + RESERVED +CVE-2017-13357 + RESERVED +CVE-2017-13356 + RESERVED +CVE-2017-13355 + RESERVED +CVE-2017-13354 + RESERVED +CVE-2017-13353 + RESERVED +CVE-2017-13352 + RESERVED +CVE-2017-13351 + RESERVED +CVE-2017-13350 + RESERVED +CVE-2017-13349 + RESERVED +CVE-2017-13348 + RESERVED +CVE-2017-13347 + RESERVED +CVE-2017-13346 + RESERVED +CVE-2017-13345 + RESERVED +CVE-2017-13344 + RESERVED +CVE-2017-13343 + RESERVED +CVE-2017-13342 + RESERVED +CVE-2017-13341 + RESERVED +CVE-2017-13340 + RESERVED +CVE-2017-13339 + RESERVED +CVE-2017-13338 + RESERVED +CVE-2017-13337 + RESERVED +CVE-2017-13336 + RESERVED +CVE-2017-13335 + RESERVED +CVE-2017-13334 + RESERVED +CVE-2017-13333 + RESERVED +CVE-2017-13332 + RESERVED +CVE-2017-13331 + RESERVED +CVE-2017-13330 + RESERVED +CVE-2017-13329 + RESERVED +CVE-2017-13328 + RESERVED +CVE-2017-13327 + RESERVED +CVE-2017-13326 + RESERVED +CVE-2017-13325 + RESERVED +CVE-2017-13324 + RESERVED +CVE-2017-13323 + RESERVED + NOT-FOR-US: Android +CVE-2017-13322 + RESERVED + NOT-FOR-US: Android +CVE-2017-13321 + RESERVED + NOT-FOR-US: Android +CVE-2017-13320 + RESERVED + NOT-FOR-US: Android Media Framework +CVE-2017-13319 + RESERVED + NOT-FOR-US: Android Media Framework +CVE-2017-13318 + RESERVED + NOT-FOR-US: Android Media Framework +CVE-2017-13317 + RESERVED + NOT-FOR-US: Android Media Framework +CVE-2017-13316 + RESERVED + NOT-FOR-US: Android +CVE-2017-13315 + RESERVED +CVE-2017-13314 + RESERVED +CVE-2017-13313 + RESERVED +CVE-2017-13312 + RESERVED +CVE-2017-13311 + RESERVED +CVE-2017-13310 + RESERVED +CVE-2017-13309 + RESERVED +CVE-2017-13308 + RESERVED +CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci sysf ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh driv ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel encrypte ...) + {DLA-1731-1} + - linux 4.12.6-1 + [stretch] - linux 4.9.82-1+deb9u1 + NOTE: Fixed by: https://git.kernel.org/linus/794b4bc292f5d31739d89c0202c54e7dc9bc3add +CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm d ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver. ...) + NOT-FOR-US: Broadcom components for Android +CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). P ...) + NOT-FOR-US: Android +CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). P ...) + NOT-FOR-US: Android +CVE-2017-13300 (A denial of service vulnerability in the Android media framework (libh ...) + NOT-FOR-US: Android media framework +CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). Product ...) + NOT-FOR-US: Android media framework +CVE-2017-13298 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13297 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13296 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13295 (A denial of service vulnerability in the Android framework (package in ...) + NOT-FOR-US: Android +CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp ...) + NOT-FOR-US: Android framework (aosp email application) +CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bound ...) + NOT-FOR-US: Broadcom components for Android +CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible N ...) + NOT-FOR-US: Android +CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of b ...) + NOT-FOR-US: Android +CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a p ...) + NOT-FOR-US: Android +CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...) + NOT-FOR-US: Android +CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a possi ...) + NOT-FOR-US: Android +CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...) + NOT-FOR-US: Android +CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...) + NOT-FOR-US: Android +CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT ...) + NOT-FOR-US: Android +CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possi ...) + NOT-FOR-US: Android +CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible s ...) + NOT-FOR-US: Android +CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stac ...) + NOT-FOR-US: Android +CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of libframesequen ...) + NOT-FOR-US: Android media framework +CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource exhau ...) + NOT-FOR-US: Android media framework +CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...) + NOT-FOR-US: Android media framework +CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bo ...) + NOT-FOR-US: Android media framework +CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible ...) + NOT-FOR-US: Android media framework +CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of bound ...) + NOT-FOR-US: Android +CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...) + NOT-FOR-US: Android +CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient locking ...) + NOT-FOR-US: Android +CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds ...) + NOT-FOR-US: Android +CVE-2017-13271 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13270 (A elevation of privilege vulnerability in the upstream kernel mnh_sm d ...) + NOT-FOR-US: Android kernel (no source release, so apparently not in mainline) +CVE-2017-13269 (A information disclosure vulnerability in the Android system (bluetoot ...) + NOT-FOR-US: Android +CVE-2017-13268 (A information disclosure vulnerability in the Android system (bluetoot ...) + NOT-FOR-US: Android +CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...) + NOT-FOR-US: Android +CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...) + NOT-FOR-US: Android +CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA upda ...) + NOT-FOR-US: Android +CVE-2017-13264 (A other vulnerability in the Android media framework (Avcdec). Product ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13263 (A elevation of privilege vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-13262 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2017-13261 (In bnep_process_control_packet of bnep_utils.cc, there is a possible o ...) + NOT-FOR-US: Android +CVE-2017-13260 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2017-13259 (In functionality implemented in sdp_discovery.cc, there are possible o ...) + NOT-FOR-US: Android +CVE-2017-13258 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds re ...) + NOT-FOR-US: Android +CVE-2017-13257 (In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after f ...) + NOT-FOR-US: Android +CVE-2017-13256 (In process_service_search_attr_req of sdp_server.cc, there is an out o ...) + NOT-FOR-US: Android +CVE-2017-13255 (In process_service_attr_req of sdp_server.c, there is an out of bounds ...) + NOT-FOR-US: Android +CVE-2017-13254 (A other vulnerability in the Android media framework (AACExtractor). P ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13253 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13252 (In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds writ ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13251 (In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possib ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13250 (In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13249 (In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an ou ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13248 (In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which b ...) + NOT-FOR-US: HTC Android components +CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel network ...) + NOT-FOR-US: Closed source network driver for Pixel phones +CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel audio dr ...) + NOT-FOR-US: Closed source audio driver for Pixel phones +CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel easel. P ...) + NOT-FOR-US: Easel driver for Pixel phones +CVE-2017-13243 (A information disclosure vulnerability in the Android system (ui). Pro ...) + NOT-FOR-US: Android +CVE-2017-13242 (A information disclosure vulnerability in the Android system (bluetoot ...) + NOT-FOR-US: Android +CVE-2017-13241 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13240 (A information disclosure vulnerability in the Android framework (crypt ...) + NOT-FOR-US: Android +CVE-2017-13239 (A information disclosure vulnerability in the Android framework (ui fr ...) + NOT-FOR-US: Android +CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used to dump ...) + NOT-FOR-US: HTC Android components +CVE-2017-13237 + RESERVED +CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that allows acc ...) + NOT-FOR-US: Android +CVE-2017-13235 (A other vulnerability in the Android media framework (n/a). Product: A ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13234 (In DLSParser of the sonivox library, there is possible resource exhaus ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log statement ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to improper input ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an incorrect bou ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13229 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an out-of-bo ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13227 + RESERVED + NOT-FOR-US: Android +CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. Product: ...) + NOT-FOR-US: Mediatek components for Android +CVE-2017-13225 (In libMtkOmxVdec.so there is a possible heap buffer overflow. This cou ...) + NOT-FOR-US: Mediatek components for Android +CVE-2017-13224 + RESERVED +CVE-2017-13223 + RESERVED +CVE-2017-13222 (An information disclosure vulnerability in the Upstream kernel kernel. ...) + NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) +CVE-2017-13221 (An elevation of privilege vulnerability in the Upstream kernel wifi dr ...) + NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) +CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel bluez. ...) + {DSA-4187-1} + - linux 4.0.2-1 + [wheezy] - linux (Vulnerable code introduced later) + NOTE: https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a +CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics tou ...) + NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) +CVE-2017-13218 (Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdra ...) + NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) +CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write d ...) + NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline) +CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to in ...) + - linux 4.14.17-1 (unimportant) + [stretch] - linux 4.9.80-1 + [jessie] - linux 3.16.56-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f +CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel skcipher ...) + - linux 4.4.2-1 + [jessie] - linux 3.16.7-ckt25-1 + [wheezy] - linux 3.2.78-1 +CVE-2017-13214 (In the hardware HEVC decoder, some media files could cause a page faul ...) + NOT-FOR-US: HTC components for Android +CVE-2017-13213 (An elevation of privilege vulnerability in the Broadcom bcmdhd driver. ...) + NOT-FOR-US: Broadcom component for Android +CVE-2017-13212 (An elevation of privilege vulnerability in the Android system (systemu ...) + NOT-FOR-US: Android +CVE-2017-13211 (In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible ...) + NOT-FOR-US: Android +CVE-2017-13210 (In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, th ...) + NOT-FOR-US: Android +CVE-2017-13209 (In the ServiceManager::add function in the hardware service manager, t ...) + NOT-FOR-US: Android +CVE-2017-13208 (In receive_packet of libnetutils/packet.c, there is a possible out-of- ...) + NOT-FOR-US: Android +CVE-2017-13207 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13206 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13205 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13204 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13203 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13202 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13201 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13200 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13199 (In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception ...) + NOT-FOR-US: Android media framework +CVE-2017-13198 (A vulnerability in the Android media framework (ex) related to composi ...) + NOT-FOR-US: Android media framework +CVE-2017-13197 (In the ihevcd_parse_slice.c function, slave threads are not joined if ...) + NOT-FOR-US: Android media framework +CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur due to i ...) + NOT-FOR-US: Android media framework +CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several pa ...) + NOT-FOR-US: Android media framework +CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...) + {DSA-4132-1 DLA-1290-1} + - libvpx 1.7.0-2 + NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9 +CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...) + NOT-FOR-US: Android media framework +CVE-2017-13192 (In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header ...) + NOT-FOR-US: Android media framework +CVE-2017-13191 (In the ihevcd_decode function of ihevcd_decode.c, there is an infinite ...) + NOT-FOR-US: Android media framework +CVE-2017-13190 (A vulnerability in the Android media framework (libhevc) related to ha ...) + NOT-FOR-US: Android media framework +CVE-2017-13189 (A vulnerability in the Android media framework (libavc) related to han ...) + NOT-FOR-US: Android media framework +CVE-2017-13188 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13187 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13186 (A vulnerability in the Android media framework (libavc) related to inc ...) + NOT-FOR-US: Android media framework +CVE-2017-13185 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there is a po ...) + NOT-FOR-US: Android media framework +CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ther ...) + NOT-FOR-US: Android media framework +CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible intege ...) + NOT-FOR-US: Android media framework +CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a ...) + NOT-FOR-US: Android media framework +CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible out-o ...) + NOT-FOR-US: Android media framework +CVE-2017-13179 (In the ihevcd_allocate_static_bufs and ihevcd_create functions of Soft ...) + NOT-FOR-US: Android media framework +CVE-2017-13178 (In the initDecoder function of SoftAVCDec, there is a possible out-of- ...) + NOT-FOR-US: Android media framework +CVE-2017-13177 (In several functions of libhevc, NEON registers are not preserved. Thi ...) + NOT-FOR-US: Android media framework +CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper input ...) + NOT-FOR-US: Android +CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. Prod ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: An ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth driv ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performance se ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display driver ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. P ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. Pro ...) + - linux 4.17.6-1 + [stretch] - linux 4.9.130-1 + NOTE: Fixed by: https://git.kernel.org/linus/26b5b874aff5659a7e26e5b1997e3df2c41fa7fd +CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. Pro ...) + - linux 4.4.2-1 + [jessie] - linux 3.16.7-ckt25-1 + NOTE: Fixed by: https://git.kernel.org/linus/c3b1681375dc6e71d89a3ae00cc3ce9e775a8917 + NOTE: Fixed by: https://git.kernel.org/linus/4dff5c7b7093b19c19d3a100f8a3ad87cb7cd9e7 +CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video drive ...) + {DSA-4187-1 DSA-4120-1 DLA-1369-1} + - linux 4.15.4-1 + NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html + NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a +CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. Pro ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. P ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...) + NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline) +CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless drive ...) + NOT-FOR-US: Broadcom components for Android +CVE-2017-13160 (A remote code execution vulnerability in the Android system (bluetooth ...) + NOT-FOR-US: Android +CVE-2017-13159 (An information disclosure vulnerability in the Android system (activit ...) + NOT-FOR-US: Android +CVE-2017-13158 (An information disclosure vulnerability in the Android system (activit ...) + NOT-FOR-US: Android +CVE-2017-13157 (An information disclosure vulnerability in the Android system (activit ...) + NOT-FOR-US: Android +CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). P ...) + - android-platform-system-core (Not exploitable on Debian, see #890949) +CVE-2017-13155 + RESERVED +CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13148 (A denial of service vulnerability in the Android media framework (libm ...) + NOT-FOR-US: Android Media Framework +CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was foun ...) + - graphicsmagick 1.3.27-1 (unimportant) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/ +CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memor ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870013) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430 +CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file c ...) + {DSA-4019-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/600 +CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...) + NOT-FOR-US: Wordpress theme +CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in th ...) + NOT-FOR-US: WordPress plugin +CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ov ...) + NOT-FOR-US: libbpg +CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...) + - x265 2.6-3 (low) + [stretch] - x265 (Minor issue) + NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1 + NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135 + NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw +CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...) + {DSA-4321-1 DSA-4040-1 DSA-4032-1 DLA-1401-1 DLA-1170-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #873099) + - graphicsmagick 1.3.26-19 (bug #881524) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/670 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904 + NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05 +CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/679 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5 +CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c ope ...) + - imagemagick (Vulnerable code not present, introduced in 7.0.1-0) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/674 +CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/676 +CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafte ...) + NOT-FOR-US: BMC Patrol +CVE-2017-13129 (Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web 2 ...) + NOT-FOR-US: ZKTeco ZKTime Web +CVE-2017-13128 + RESERVED +CVE-2017-13127 (The VIP.com application for IOS and Android allows remote attackers to ...) + NOT-FOR-US: VIP.com app +CVE-2017-13126 + REJECTED +CVE-2017-13125 + REJECTED +CVE-2017-13124 + REJECTED +CVE-2017-13123 + REJECTED +CVE-2017-13122 + REJECTED +CVE-2017-13121 + REJECTED +CVE-2017-13120 + REJECTED +CVE-2017-13119 + REJECTED +CVE-2017-13118 + REJECTED +CVE-2017-13117 + REJECTED +CVE-2017-13116 + REJECTED +CVE-2017-13115 + REJECTED +CVE-2017-13114 + REJECTED +CVE-2017-13113 + REJECTED +CVE-2017-13112 + REJECTED +CVE-2017-13111 + REJECTED +CVE-2017-13110 + REJECTED +CVE-2017-13109 + REJECTED +CVE-2017-13108 (DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, A ...) + NOT-FOR-US: DFNDR Security Antivirus, Anti-hacking & Cleaner +CVE-2017-13107 (Live.me - live stream video chat, 3.7.20, 2017-11-06, Android applicat ...) + NOT-FOR-US: Live.me - live stream video chat Android application +CVE-2017-13106 (Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5. ...) + NOT-FOR-US: Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient Android application +CVE-2017-13105 (Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13 ...) + NOT-FOR-US: Hi Security Virus Cleaner - Antivirus, Booster Android application +CVE-2017-13104 (Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, ...) + NOT-FOR-US: Uber Technologies, Inc. UberEATS: Uber for Food Delivery iOS application +CVE-2017-13103 + REJECTED +CVE-2017-13102 (Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS ...) + NOT-FOR-US: Gameloft Asphalt Xtreme: Offroad Rally Racing iOS application +CVE-2017-13101 (Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-1 ...) + NOT-FOR-US: Musical.ly Inc., musical.ly - your video social network iOS application +CVE-2017-13100 (DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application ...) + NOT-FOR-US: DistinctDev, Inc., The Moron Test iOS application +CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...) + - wolfssl 3.13.0+dfsg-1 (bug #884235) + NOTE: https://github.com/wolfSSL/wolfssl/pull/1229 + NOTE: https://robotattack.org/ +CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the JC ...) + {DSA-4072-1} + - bouncycastle 1.58-1 (bug #884241) + [jessie] - bouncycastle (Vulnerable code introduced in 1.56 with tls API addition) + [wheezy] - bouncycastle (Vulnerable code not present) + NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3 + NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c + NOTE: Fixed in 1.59 beta 9 + NOTE: https://robotattack.org/ +CVE-2017-13097 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13096 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13095 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13094 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13093 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13092 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13091 (The P1735 IEEE standard describes flawed methods for encrypting electr ...) + NOT-FOR-US: P1735 IEEE standard +CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK respon ...) + {DSA-4008-1 DLA-1149-1} + - wget 1.19.2-1 (bug #879957) + NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba +CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...) + {DSA-4008-1 DLA-1149-1} + - wget 1.19.2-1 (bug #879957) + NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f +CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...) + {DSA-3999-1 DLA-1150-1} + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows rein ...) + {DSA-3999-1 DLA-1150-1} + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tun ...) + {DSA-3999-1 DLA-1150-1} + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13085 + RESERVED +CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Sta ...) + - wpa (unimportant) + NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt + NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in + NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey + NOTE: implementation in wpa_supplicant is not fully functional and the actual + NOTE: installation of the key into the driver does not work. As such, this + NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake + NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed. +CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately v ...) + NOT-FOR-US: Akeo Consulting Rufus +CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allow ...) + {DSA-3999-1 DLA-1150-1} + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...) + {DSA-3999-1 DLA-1573-1 DLA-1150-1} + - firmware-nonfree 20180825-1 + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...) + {DSA-3999-1 DLA-1573-1 DLA-1200-1 DLA-1150-1} + - firmware-nonfree 20180825-1 + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + - wpa 2:2.4-1.1 + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: https://w1.fi/security/2017-1/ + NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6) +CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allow ...) + {DSA-3999-1 DLA-1573-1 DLA-1150-1} + - firmware-nonfree 20180825-1 + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Gro ...) + {DSA-3999-1 DLA-1573-1 DLA-1150-1} + - firmware-nonfree 20180825-1 + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pai ...) + {DSA-3999-1 DLA-1573-1 DLA-1150-1} + - firmware-nonfree 20180825-1 + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + - wpa 2:2.4-1.1 + NOTE: https://w1.fi/security/2017-1/ +CVE-2017-13076 + RESERVED +CVE-2017-13075 + RESERVED +CVE-2017-13074 + RESERVED +CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...) + NOT-FOR-US: NAP NAS application Photo Station +CVE-2017-13072 (Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2 ...) + NOT-FOR-US: QNAP +CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern all ...) + NOT-FOR-US: QNAP +CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...) + NOT-FOR-US: QNAP +CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...) + NOT-FOR-US: QNAP +CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern all ...) + NOT-FOR-US: QNAP +CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the Q ...) + NOT-FOR-US: QNAP +CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...) + - graphicsmagick 1.3.27-1 (unimportant) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/ +CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in ...) + {DSA-4321-1 DLA-1401-1 DLA-1082-1} + - graphicsmagick 1.3.26-7 (bug #873119) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/ + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a +CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...) + {DSA-4321-1 DLA-1401-1 DLA-1082-1} + - graphicsmagick 1.3.26-7 (bug #873129) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/ + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a +CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability i ...) + {DSA-4321-1 DLA-1401-1 DLA-1082-1} + - graphicsmagick 1.3.26-7 (bug #873130) + NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/ + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a +CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/669 +CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...) + {DLA-2366-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #873131) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/645 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7 +CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/644 +CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/667 +CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/666 +CVE-2017-13057 + RESERVED +CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might a ...) + NOT-FOR-US: PDF-XChange Viewer +CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buf ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in print- ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a buffer o ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-rea ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-rea ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop d ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite loop du ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an infinite loop d ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ov ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, adm ...) + NOT-FOR-US: PHPMyWind +CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw. ...) + {DSA-4040-1 DSA-4032-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #873134) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/682 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/26078285f49c361ad8ddc8e14bd1d4aab7ed5682 +CVE-2017-12981 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via t ...) + NOT-FOR-US: NexusPHP +CVE-2017-12980 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...) + - dokuwiki 0.0.20180422.a-1 (bug #872941) + [jessie] - dokuwiki (Minor issue) + [wheezy] - dokuwiki (Minor issue) + NOTE: https://github.com/splitbrain/dokuwiki/issues/2081 + NOTE: https://github.com/splitbrain/dokuwiki/commit/f883db117a4fdeae72071db41b3ef5932d6335da +CVE-2017-12979 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...) + - dokuwiki 0.0.20180422.a-1 (bug #872940) + [jessie] - dokuwiki (Minor issue) + [wheezy] - dokuwiki (Minor issue) + NOTE: https://github.com/splitbrain/dokuwiki/issues/2080 + NOTE: https://github.com/splitbrain/dokuwiki/commit/56bd9509ab2037512829392fda6427af7f390724 +CVE-2017-12978 (lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...) + - cacti 1.1.18+ds1-1 + [stretch] - cacti (Vulnerable code, external link support, introduced later) + [jessie] - cacti (Vulnerable code, external link support, introduced later) + [wheezy] - cacti (Vulnerable code, external link support, introduced later) + NOTE: https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 + NOTE: https://github.com/Cacti/cacti/issues/918 +CVE-2017-12977 (The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin ...) + NOT-FOR-US: Web-Dorado plugin for Wordpress +CVE-2017-1000216 + REJECTED +CVE-2017-1000205 + REJECTED +CVE-2017-1000202 + REJECTED +CVE-2017-1000184 + REJECTED +CVE-2017-1000183 + REJECTED +CVE-2017-1000181 + REJECTED +CVE-2017-1000180 + REJECTED +CVE-2017-1000179 + REJECTED +CVE-2017-1000178 + REJECTED +CVE-2017-1000177 + REJECTED +CVE-2017-1000175 + REJECTED +CVE-2017-1000167 + REJECTED +CVE-2017-1000166 + REJECTED +CVE-2017-1000165 + REJECTED +CVE-2017-1000162 + REJECTED +CVE-2017-1000124 + REJECTED +CVE-2017-1000123 + REJECTED +CVE-2017-12982 (The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...) + - openjpeg2 2.3.0-1 (unimportant) + NOTE: https://github.com/uclouvain/openjpeg/issues/983 + NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7 +CVE-2017-12975 + RESERVED +CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without e ...) + NOT-FOR-US: Nimbus JOSE + JWT +CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...) + NOT-FOR-US: Nimbus JOSE + JWT +CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check whe ...) + NOT-FOR-US: Nimbus JOSE + JWT +CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute arbitra ...) + {DSA-4010-1 DLA-1495-1 DLA-1144-1} + - git-annex 6.20170818-1 (bug #873088) + NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471 + NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a + NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn + NOTE: jessie patch: https://gitlab.com/anarcat/git-annex/commit/58daf6cbe4c1ea1cf71f3a538a0e27b5075c7265 + NOTE: stretch patch: https://gitlab.com/anarcat/git-annex/commit/115585df48dce16aa702663dab220de625b9de7d + NOTE: This is similar class of issue as for CVE-2017-1000117/git +CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...) + NOT-FOR-US: Apache2Triad +CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...) + NOT-FOR-US: Apache2Triad +CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in Ava ...) + NOT-FOR-US: Avaya IP Office Contact Center +CVE-2017-12968 + RESERVED +CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) li ...) + - binutils 2.29-5 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962 +CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1 ...) + - asn1c (unimportant) +CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote att ...) + NOT-FOR-US: Apache2Triad +CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...) + NOTE: Bogus report against historic libsass version +CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in eval.c ...) + NOTE: Bogus report against historic libsass version +CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested cod ...) + NOTE: Bogus report against historic libsass version +CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in data ...) + - pspp 1.0.1-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436 + NOTE: Crash in CLI tool, no security impact +CVE-2017-12960 (There is a reachable assertion abort in the function dict_rename_var() ...) + - pspp 1.0.1-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482433 + NOTE: Crash in CLI tool, no security impact +CVE-2017-12959 (There is a reachable assertion abort in the function dict_add_mrset() ...) + - pspp 1.0.1-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482432 + NOTE: Crash in CLI tool, no security impact +CVE-2017-12958 (There is an illegal address access in the function output_hex() in dat ...) + - pspp 1.0.1-1 (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482429 + NOTE: Crash in CLI tool, no security impact +CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...) + - exiv2 (Incorrect memory allocation introduced in 0.26) + NOTE: https://github.com/Exiv2/exiv2/issues/60 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423 + NOTE: Experimental is affected, tracking as #876242 +CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888872) + NOTE: https://github.com/Exiv2/exiv2/issues/59 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296 +CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. Th ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #888873) + NOTE: https://github.com/Exiv2/exiv2/issues/58 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295 +CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4 ...) + - libgig 4.0.0-5 (low; bug #877652) + [stretch] - libgig (Minor issue) + [jessie] - libgig (Minor issue) + [wheezy] - libgig (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) + NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3350 +CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgi ...) + - libgig 4.0.0-4 (low; bug #873718) + [stretch] - libgig (Minor issue) + [jessie] - libgig (Minor issue) + [wheezy] - libgig (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) + NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 +CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote atta ...) + - libgig 4.0.0-4 (low; bug #873718) + [stretch] - libgig (Minor issue) + [jessie] - libgig (Minor issue) + [wheezy] - libgig (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) + NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 +CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in l ...) + - libgig 4.0.0-5 (low; bug #877651) + [stretch] - libgig (Minor issue) + [jessie] - libgig (Minor issue) + [wheezy] - libgig (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) + NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349 +CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows rem ...) + - libgig 4.0.0-4 (low; bug #873718) + [stretch] - libgig (Minor issue) + [jessie] - libgig (Minor issue) + [wheezy] - libgig (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files) + NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348 +CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove Pod ...) + NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress +CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlie ...) + NOT-FOR-US: PressForward plugin for Wordpress +CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...) + NOT-FOR-US: Easy Modal plugin for WordPress +CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before 2. ...) + NOT-FOR-US: Easy Modal plugin for WordPress +CVE-2017-12945 (Insufficient validation of user-supplied input for the Solstice Pod be ...) + NOT-FOR-US: Solstice Pod +CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 mish ...) + {DSA-4100-1 DLA-1093-1} + - tiff 4.0.8-6 (bug #872607) + - tiff3 + [wheezy] - tiff3 (Vulnerable code not present) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2725 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/dc02f9050311a90b3c0655147cee09bfa7081cfc +CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attacker ...) + NOT-FOR-US: D-Link DIR-600 Rev Bx devices +CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ve ...) + NOT-FOR-US: Unity Editor +CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack:: ...) + - unrar-nonfree 1:5.5.8-1 + [stretch] - unrar-nonfree (Non-free not supported) + [jessie] - unrar-nonfree (Non-free not supported) + [wheezy] - unrar-nonfree (Non-free not supported) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 +CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpa ...) + - unrar-nonfree 1:5.5.8-1 + [stretch] - unrar-nonfree (Non-free not supported) + [jessie] - unrar-nonfree (Non-free not supported) + [wheezy] - unrar-nonfree (Non-free not supported) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 +CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Enco ...) + - unrar-nonfree 1:5.5.8-1 + [stretch] - unrar-nonfree (Non-free not supported) + [jessie] - unrar-nonfree (Non-free not supported) + [wheezy] - unrar-nonfree (Non-free not supported) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/6 +CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a directory-trave ...) + - unrar-nonfree 1:5.5.8-1 + [stretch] - unrar-nonfree (Non-free not supported) + [jessie] - unrar-nonfree (Non-free not supported) + [wheezy] - unrar-nonfree (Non-free not supported) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/2 +CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...) + {DSA-4321-1 DLA-1401-1 DLA-1082-1} + - graphicsmagick 1.3.26-6 (bug #872574) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/5 + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978 +CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...) + {DSA-4321-1 DLA-1456-1 DLA-1082-1} + - graphicsmagick 1.3.26-6 (bug #872575) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/3 + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd +CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mis ...) + {DSA-4321-1 DLA-1456-1 DLA-1082-1} + - graphicsmagick 1.3.26-6 (bug #872576) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/18/4 + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188 +CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...) + {DSA-4080-1} + - php7.1 7.1.8-1 + - php7.0 7.0.22-1 + NOTE: Fixed in 7.1.7, 7.0.21 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101 +CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...) + {DSA-4081-1 DSA-4080-1 DLA-1076-1} + - php7.1 7.1.8-1 + - php7.0 7.0.22-1 + - php5 + NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111 +CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...) + {DSA-4080-1} + - php7.1 7.1.8-1 + - php7.0 7.0.22-1 + NOTE: Fixed in 7.1.8, 7.0.22 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74103 + NOTE: https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4 +CVE-2017-12931 + RESERVED +CVE-2017-12930 (SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 v ...) + NOT-FOR-US: TecnoVISION DLX Spot Player4 +CVE-2017-12929 (Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 ...) + NOT-FOR-US: TecnoVISION DLX Spot Player4 +CVE-2017-12928 (A hard-coded password of tecn0visi0n for the dlxuser account in TecnoV ...) + NOT-FOR-US: TecnoVISION DLX Spot Player4 +CVE-2017-12926 + RESERVED +CVE-2017-12918 + RESERVED +CVE-2017-12917 + RESERVED +CVE-2017-12916 + RESERVED +CVE-2017-12915 + RESERVED +CVE-2017-12914 + RESERVED +CVE-2017-12913 + RESERVED +CVE-2017-12912 (The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU +CVE-2017-12911 (The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which resu ...) + - mp3gain 1.6.2-1 + [wheezy] - mp3gain + NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU +CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows rem ...) + NOT-FOR-US: NexusPHP +CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remo ...) + NOT-FOR-US: NexusPHP +CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows ...) + NOT-FOR-US: NexusPHP +CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...) + NOT-FOR-US: NexusPHP +CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow ...) + NOT-FOR-US: NexusPHP +CVE-2017-12905 (Server Side Request Forgery vulnerability in Vebto Pixie Image Editor ...) + NOT-FOR-US: Vebto Pixie Image Editor +CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in b ...) + {DSA-3947-1 DLA-1061-1} + - newsbeuter 2.9-6 + NOTE: https://github.com/akrennmair/newsbeuter/issues/591 + NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 +CVE-2017-12903 + RESERVED +CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in pri ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in pr ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in prin ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in ...) + {DSA-3971-1 DLA-1097-1} + - tcpdump 4.9.2-1 +CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx 1.3.1_p ...) + NOT-FOR-US: libfpx +CVE-2017-12924 (CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote a ...) + NOT-FOR-US: libfpx +CVE-2017-12923 (OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remo ...) + NOT-FOR-US: libfpx +CVE-2017-12922 (wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial o ...) + NOT-FOR-US: libfpx +CVE-2017-12921 (PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx 1.3. ...) + NOT-FOR-US: libfpx +CVE-2017-12920 (CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote at ...) + NOT-FOR-US: libfpx +CVE-2017-12919 (Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp ...) + NOT-FOR-US: libfpx +CVE-2017-12927 (A cross-site scripting vulnerability exists in Cacti 1.1.17 in the met ...) + - cacti 1.1.17+ds1-2 (bug #872478) + [stretch] - cacti (Vulnerable code introduced later) + [jessie] - cacti (Vulnerable code introduced later) + [wheezy] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/issues/907 + NOTE: https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 +CVE-2017-1000108 (The Pipeline: Input Step Plugin by default allowed users with Item/Rea ...) + NOT-FOR-US: Jenkins Input Step Plugin +CVE-2017-1000107 (Script Security Plugin did not apply sandboxing restrictions to constr ...) + NOT-FOR-US: Jenkins Script Security Plugin +CVE-2017-12892 (Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2. ...) + NOT-FOR-US: Foxit PDF Compressor +CVE-2017-12891 + RESERVED +CVE-2017-12890 + RESERVED +CVE-2017-12889 + RESERVED +CVE-2017-12888 + RESERVED +CVE-2017-12887 + RESERVED +CVE-2017-12886 + RESERVED +CVE-2017-12885 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Sit ...) + NOT-FOR-US: OX Software GmbH App Suite +CVE-2017-12884 (OX Software GmbH App Suite 7.8.4 and earlier is affected by: Informati ...) + NOT-FOR-US: OX Software GmbH App Suite +CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...) + {DSA-3982-1} + - perl 5.26.0-8 (bug #875597) + [wheezy] - perl (Vulnerable code introduced later) + NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public) + NOTE: https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f + NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/2692dda97731c37082a0075eff50d741901c665f + NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/40b3cdad3649334585cee8f4630ec9a025e62be6 +CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin ...) + NOT-FOR-US: Spring Batch Admin +CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch Ad ...) + NOT-FOR-US: Spring Batch Admin +CVE-2017-12880 + REJECTED +CVE-2017-12879 (Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR SENS ...) + NOT-FOR-US: Paessler PRTG Network Monitor +CVE-2017-12878 + RESERVED +CVE-2016-10502 (While generating trusted application id, An integer overflow can occur ...) + NOT-FOR-US: Snapdragon +CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10500 + REJECTED +CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10497 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10496 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10495 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10494 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10493 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10492 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10491 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10488 + REJECTED +CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10485 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10484 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10483 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10482 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10481 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10480 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10479 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10478 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10477 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10476 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10475 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10474 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10473 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10470 + REJECTED +CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10468 + REJECTED +CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10465 + REJECTED +CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10463 + REJECTED +CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10460 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10459 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10458 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10457 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10456 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10453 + REJECTED +CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10450 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10449 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10448 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10447 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10446 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10445 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10444 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10443 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10442 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10441 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10440 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10439 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10438 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10437 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10436 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10435 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10434 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10433 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10432 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10431 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10430 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10429 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10428 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10427 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10426 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10425 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10424 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10423 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10422 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10421 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10420 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10419 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10418 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10417 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10416 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10413 + REJECTED +CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10410 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10408 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10406 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9225 + REJECTED +CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9222 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9221 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9220 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9219 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9218 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9217 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9214 + REJECTED +CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9211 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9210 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9209 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9208 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9207 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9206 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9205 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9204 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9203 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9202 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9201 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9200 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9199 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9198 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9197 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9196 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9195 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9194 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9193 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9192 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9191 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9190 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9189 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9188 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9187 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9186 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9185 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9184 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9183 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9182 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9181 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9180 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9179 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9178 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9177 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9176 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9175 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9174 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9173 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9172 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9171 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9168 + REJECTED +CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9165 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9164 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9163 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9162 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9161 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9160 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9159 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9158 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9155 + REJECTED +CVE-2015-9154 + REJECTED +CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9151 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9150 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9149 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9148 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9147 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9146 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9145 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9144 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9143 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9142 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9141 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9140 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9139 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9138 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9137 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9136 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9135 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9134 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9133 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9132 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9131 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9130 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9129 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9128 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9125 + REJECTED +CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9121 + REJECTED +CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9117 + REJECTED +CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9114 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9113 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9112 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9111 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9110 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9109 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9108 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9998 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9997 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9996 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9995 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9992 + REJECTED +CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9989 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9988 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9987 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9986 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9985 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10061 + REJECTED +CVE-2014-10060 + REJECTED +CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10057 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10056 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10055 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10054 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10053 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10052 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10049 + REJECTED +CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10046 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10045 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10044 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10043 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-10039 (In Android before 2018-04-05 or earlier security patch level on Qualco ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c i ...) + {DSA-4074-1 DSA-4040-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (bug #872373) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/662 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5 + NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890 + NOTE: This doesn't affect the base releases, but got introduced via security fixes, which got backported to older suites +CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 ...) + - imagemagick (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/663 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e +CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows remot ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/659 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd +CVE-2017-12866 + RESERVED +CVE-2017-12865 (Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlie ...) + {DSA-3956-1 DLA-1078-1} + - connman 1.35-1 (bug #872844) + NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35) +CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #875345) + NOTE: https://github.com/opencv/opencv/issues/9372 +CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function PxMDecoder::re ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #875344) + NOTE: https://github.com/opencv/opencv/issues/9371 +CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer AutoBuffe ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #875342) + NOTE: https://github.com/opencv/opencv/issues/9370 +CVE-2017-12861 (The Epson "EasyMP" software is designed to remotely stream a users com ...) + NOT-FOR-US: Epson "EasyMP" +CVE-2017-12860 (The Epson "EasyMP" software is designed to remotely stream a users com ...) + NOT-FOR-US: Epson "EasyMP" +CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS enviro ...) + NOT-FOR-US: NetApp +CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in zip_dire ...) + - libzip (Vulnerable code introduced later) + NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0) + NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796 (rel-1-3-0) +CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running s ...) + NOT-FOR-US: Polycom +CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote ...) + NOT-FOR-US: C.P.Sub +CVE-2017-12854 + RESERVED +CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XM ...) + {DSA-4127-1 DLA-1205-1} + - simplesamlphp 1.14.11-1 + NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed + NOTE: in 1.0.1. The module is embedded in src:simplesamlphp + NOTE: https://simplesamlphp.org/security/201612-03 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da +CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ...) + {DSA-4127-1 DLA-1205-1} + - simplesamlphp 1.14.11-1 + NOTE: https://simplesamlphp.org/security/201612-04 + NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa + NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231 + NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f +CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...) + {DLA-1408-1 DLA-1205-1} + - simplesamlphp 1.14.15-1 + [stretch] - simplesamlphp (Minor issue) + NOTE: https://simplesamlphp.org/security/201703-01 + NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439 + NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 +CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ...) + - simplesamlphp 1.14.15-1 + [stretch] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) + [jessie] - simplesamlphp (Vulnerable code not present) + [wheezy] - simplesamlphp (Vulnerable code not present) + NOTE: https://simplesamlphp.org/security/201703-02 +CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...) + - simplesamlphp 1.14.15-1 + [stretch] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) + [jessie] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) + [wheezy] - simplesamlphp (Minor issue mitigated by HTTPS usage, hard to backport) + NOTE: https://simplesamlphp.org/security/201704-01 +CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remot ...) + {DSA-4127-1 DLA-1205-1} + - simplesamlphp 1.14.15-1 + NOTE: https://simplesamlphp.org/security/201704-02 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a +CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ...) + {DLA-1408-1 DLA-1205-1} + - simplesamlphp 1.14.15-1 + [stretch] - simplesamlphp (Only affects setups with old PHP versions not found in stable) + NOTE: https://simplesamlphp.org/security/201705-01 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1 +CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 an ...) + {DSA-4127-1 DLA-1205-1} + - simplesamlphp 1.14.15-1 + NOTE: https://simplesamlphp.org/security/201708-01 + NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68 +CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform t ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-230.html +CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is affecte ...) + NOT-FOR-US: RealTime RWR-3G-100 Router Firmware +CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing i ...) + - python-numpy 1:1.14.3-1 (unimportant; bug #872407) + NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292 + NOTE: Negligible security impact +CVE-2017-12851 (An authenticated standard user could reset the password of the admin b ...) + - kanboard (Fixed before initial upload to Debian) +CVE-2017-12850 (An authenticated standard user could reset the password of other users ...) + - kanboard (Fixed before initial upload to Debian) + NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae +CVE-2017-12849 (Response discrepancy in the login and password reset forms in SilverSt ...) + NOT-FOR-US: SilverStripe CMS +CVE-2017-12848 + RESERVED +CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...) + - nagios3 + [jessie] - nagios3 (Minor issue) + [wheezy] - nagios3 (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/16/7 + NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404 + NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752 + NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb +CVE-2017-12846 + RESERVED +CVE-2017-12845 + RESERVED +CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...) + NOT-FOR-US: IceWarp +CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...) + - cyrus-imapd (Vulnerable code introduced later) + - cyrus-imapd-2.4 (Vulnerable code introduced later) + NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0 +CVE-2017-12842 (Bitcoin Core before 0.14 allows an attacker to create an ostensibly va ...) + - bitcoin 0.14.2~dfsg-1~exp2 +CVE-2017-12841 + RESERVED +CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...) + NOTE: DESLock+ +CVE-2017-12839 (A heap-based buffer over-read in the getbits function in src/libmpg123 ...) + - mpg123 1.25.6-1 + [stretch] - mpg123 (Minor issue) + [jessie] - mpg123 (Minor issue) + NOTE: https://sourceforge.net/p/mpg123/bugs/255/ + NOTE: https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date +CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...) + NOT-FOR-US: NexusPHP +CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in P ...) + {DSA-3982-1} + - perl 5.26.0-8 (bug #875596) + [wheezy] - perl (Vulnerable code introduced after 5.14.4) + NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public) + NOTE: https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 + NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/66288bb3f44c8aa5122e5f40d8cfc0eada8b1695 + NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876 +CVE-2017-12835 + REJECTED +CVE-2017-12834 + REJECTED +CVE-2017-12833 + REJECTED +CVE-2017-12832 + REJECTED +CVE-2017-12831 + REJECTED +CVE-2017-12830 + REJECTED +CVE-2017-12829 + REJECTED +CVE-2017-12828 + REJECTED +CVE-2017-12827 + REJECTED +CVE-2017-12826 + REJECTED +CVE-2017-12825 + RESERVED +CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in I ...) + NOT-FOR-US: InPage +CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...) + NOT-FOR-US: Kaspersky +CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, S ...) + NOT-FOR-US: Gemalto +CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LD ...) + NOT-FOR-US: Gemalto +CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...) + NOT-FOR-US: Gemalto +CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay att ...) + NOT-FOR-US: Gemalto +CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HA ...) + NOT-FOR-US: Gemalto +CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the a ...) + NOT-FOR-US: Kaspersky Internet Security for Android +CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of appli ...) + NOT-FOR-US: Kaspersky Internet Security for Android +CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 5279 ...) + NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet +CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in win32/perl ...) + - perl (Windows specific issue) + NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public) +CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments sect ...) + NOT-FOR-US: PHPJabbers File Sharing Script +CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name para ...) + NOT-FOR-US: PHPJabbers Night Club Booking Software +CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.) + NOT-FOR-US: PHPJabbers Star Rating Script +CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ad ...) + NOT-FOR-US: PHPJabbers PHP Newsletter Script +CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...) + {DSA-3991-1} + - qemu 1:2.10.0-1 (bug #873849) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html +CVE-2017-12808 + RESERVED +CVE-2017-12807 + REJECTED +CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1} + - imagemagick 8:6.9.9.34+dfsg-3 + [jessie] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/660 +CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...) + {DLA-2333-1} + - imagemagick 8:6.9.9.34+dfsg-3 + [jessie] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/664 +CVE-2017-12804 (The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1. ...) + NOT-FOR-US: ImageWorsener +CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0. ...) + NOT-FOR-US: mkclean +CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through 201 ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through 2012-0 ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through 20 ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) wi ...) + NOT-FOR-US: D-Link +CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...) + {DSA-3940-1 DLA-1056-1} + - cvs 2:1.12.13+real-24 (bug #871810) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/11/1 +CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows re ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21933 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=957e1fc1c5d0262e4b2f764cf031ad1458446498 +CVE-2017-12798 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q p ...) + NOT-FOR-US: NexusPHP +CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3 parse ...) + - mpg123 1.25.6-1 + [stretch] - mpg123 (Minor issue) + [jessie] - mpg123 (Minor issue) + [wheezy] - mpg123 (Minor issue) + NOTE: https://sourceforge.net/p/mpg123/bugs/254/ + NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/ +CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as distri ...) + NOT-FOR-US: OpenMRS addon +CVE-2017-12795 (OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper I ...) + NOT-FOR-US: OpenMRS +CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoesca ...) + - python-django 1:1.11.5-1 (low; bug #874415) + [stretch] - python-django 1:1.10.7-2+deb9u2 + [jessie] - python-django (Vulnerable code do not exist) + [wheezy] - python-django (Vulnerable code do not exist) + NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ +CVE-2017-12793 + RESERVED +CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP ...) + NOT-FOR-US: NexusPHP +CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...) + - salt 2016.11.8+dfsg1-1 (bug #872399) + [stretch] - salt 2016.11.2+ds-1+deb9u1 + [jessie] - salt (Minor issue) + NOTE: https://github.com/saltstack/salt/pull/42944 + NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a + NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html +CVE-2017-12790 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...) + NOT-FOR-US: Metinfo +CVE-2017-12789 (Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The ...) + NOT-FOR-US: Metinfo +CVE-2017-12788 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) + NOT-FOR-US: Metinfo +CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, includ ...) + NOT-FOR-US: NoviWare +CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included ...) + NOT-FOR-US: NoviWare +CVE-2017-12785 (The novish command-line interface, included in the NoviWare software d ...) + NOT-FOR-US: NoviWare +CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...) + NOT-FOR-US: Youngzsoft CCFile +CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08 ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 a ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012 ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 a ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator 0. ...) + NOT-FOR-US: libembl2 (different codebase than src:libebml) +CVE-2017-12778 (The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Aut ...) + NOT-FOR-US: qBittorrent non issue +CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...) + {DSA-3981-1} + - linux 4.12.6-1 (low) + [wheezy] - linux (Low severity and difficult to backport) + NOTE: Introduced by: https://git.kernel.org/linus/e89e9cf539a28df7d0eb1d0a545368e9920b34ac (2.6.15-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa +CVE-2017-1000111 (Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.6-1 + NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7 + NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1 +CVE-2017-1000117 (A malicious third-party can give a crafted "ssh://..." URL to an unsus ...) + {DSA-3934-1 DLA-1068-1} + - git 1:2.14.1-1 + NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u +CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...) + {DSA-3963-1 DLA-1072-1} + - mercurial 4.3.1-1 (bug #871710) + NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29 + NOTE: 11 patches need to be applied, the following are for 4.2: + NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f + NOTE: https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba + NOTE: https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb + NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23 + NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 + NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1 +CVE-2017-1000115 (Mercurial prior to version 4.3 is vulnerable to a missing symlink chec ...) + {DSA-3963-1 DLA-1072-1} + - mercurial 4.3.1-1 (bug #871709) + NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test) + NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix) + NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 + NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777 +CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some pa ...) + NOT-FOR-US: NexusPHP +CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remo ...) + NOT-FOR-US: NexusPHP +CVE-2017-12775 (qa-include/qa-install.php in Question2Answer before 1.7.5 allows remot ...) + NOT-FOR-US: question2answer +CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows remot ...) + NOT-FOR-US: FineCMS +CVE-2017-12773 + RESERVED +CVE-2017-12772 + RESERVED +CVE-2017-12771 + RESERVED +CVE-2017-12770 + RESERVED +CVE-2017-12769 + RESERVED +CVE-2017-12768 + RESERVED +CVE-2017-12767 + RESERVED +CVE-2017-12766 + RESERVED +CVE-2017-12765 + RESERVED +CVE-2017-12764 + RESERVED +CVE-2017-12763 (An unspecified server utility in NoMachine before 5.3.10 on Mac OS X a ...) + NOT-FOR-US: NoMachine +CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied in ...) + - linux 4.13.4-1 (unimportant) + NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4) + NOTE: Driver is disabled since squeeze and unmaintained for a long time +CVE-2017-12761 (http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by ...) + NOT-FOR-US: Endober WebFile Explorer +CVE-2017-12760 (Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa ...) + NOT-FOR-US: Ynet Interactive +CVE-2017-12759 (Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Man ...) + NOT-FOR-US: Ynet Interactive +CVE-2017-12758 (https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 ...) + NOT-FOR-US: Joomla! Component Appointment +CVE-2017-12757 (Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Inje ...) + NOT-FOR-US: Ambit +CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and ...) + {DLA-1063-1} + - extplorer + NOTE: http://extplorer.net/news/21 +CVE-2017-12755 + RESERVED +CVE-2017-12754 (Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-A ...) + NOT-FOR-US: Asuswrt-Merlin firmware +CVE-2017-12753 + RESERVED +CVE-2017-12752 + RESERVED +CVE-2017-12751 + RESERVED +CVE-2017-12750 + RESERVED +CVE-2017-12749 + RESERVED +CVE-2017-12748 + RESERVED +CVE-2017-12747 + RESERVED +CVE-2017-12746 + RESERVED +CVE-2017-12745 + RESERVED +CVE-2017-12744 + RESERVED +CVE-2017-12743 + RESERVED +CVE-2017-12742 + RESERVED +CVE-2017-12741 (A vulnerability has been identified in Development/Evaluation Kits for ...) + NOT-FOR-US: Siemens +CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...) + NOT-FOR-US: Siemens +CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + NOT-FOR-US: Siemens +CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + NOT-FOR-US: Siemens +CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...) + NOT-FOR-US: Siemens +CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 device ...) + NOT-FOR-US: Siemens +CVE-2017-12735 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + NOT-FOR-US: Siemens +CVE-2017-12734 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) + NOT-FOR-US: Siemens +CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...) + NOT-FOR-US: SiteSentinel +CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY Ve ...) + NOT-FOR-US: GE CIMPLICITY +CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems Si ...) + NOT-FOR-US: SiteSentinel +CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...) + NOT-FOR-US: mySCADA myPRO +CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer throu ...) + NOT-FOR-US: Moxa SoftCMS Live Viewer +CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...) + NOT-FOR-US: SpiderControl SCADA Web Server +CVE-2017-12727 + RESERVED +CVE-2017-12726 (A Use of Hard-coded Password issue was discovered in Smiths Medical Me ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12725 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12724 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12723 (A Password in Configuration File issue was discovered in Smiths Medica ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12722 (An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12721 (An Improper Certificate Validation issue was discovered in Smiths Medi ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12720 (An Improper Access Control issue was discovered in Smiths Medical Medf ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech Web ...) + NOT-FOR-US: Advantech +CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical Medfu ...) + NOT-FOR-US: Smiths Medical Medfusion +CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...) + NOT-FOR-US: Abbott Laboratories Accent and Anthem pacemakers +CVE-2017-12715 + RESERVED +CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do n ...) + NOT-FOR-US: Abbott Laboratories pacemakers +CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was dis ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers manufac ...) + NOT-FOR-US: Abbott Laboratories pacemakers +CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech We ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions p ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ve ...) + NOT-FOR-US: Westermo devices +CVE-2017-12708 (An Improper Restriction Of Operations Within The Bounds Of A Memory Bu ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl SC ...) + NOT-FOR-US: SpiderControl SCADA MicroBrowser +CVE-2017-12706 (A stack-based buffer overflow issue was discovered in Advantech WebAcc ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12705 (A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. ...) + NOT-FOR-US: Advantech +CVE-2017-12704 (A heap-based buffer overflow issue was discovered in Advantech WebAcce ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo M ...) + NOT-FOR-US: Westermo +CVE-2017-12702 (An Externally Controlled Format String issue was discovered in Advante ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain ...) + NOT-FOR-US: BMC Medical Luna CPAP Machines +CVE-2017-12700 + RESERVED +CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTech DAQF ...) + NOT-FOR-US: AzeoTech DAQFactory +CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and Sh ...) + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client +CVE-2017-12696 + RESERVED +CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...) + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client +CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...) + NOT-FOR-US: SpiderControl SCADA Web Server +CVE-2017-1000101 (curl supports "globbing" of URLs, in which a user can pass a numerical ...) + {DSA-3992-1} + - curl 7.55.0-1 (bug #871554) + [wheezy] - curl (Vulnerable code not present, introduced later in 7.34.0) + NOTE: https://curl.haxx.se/docs/adv_20170809A.html + NOTE: https://curl.haxx.se/CVE-2017-1000101.patch +CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL that contai ...) + {DSA-3992-1 DLA-1062-1} + - curl 7.55.0-1 (bug #871555) + NOTE: https://curl.haxx.se/docs/adv_20170809B.html + NOTE: https://curl.haxx.se/CVE-2017-1000100.patch +CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides a featu ...) + - curl (Only affects 7.54.1, no affected version ever in the archive) + NOTE: https://curl.haxx.se/docs/adv_20170809C.html + NOTE: https://curl.haxx.se/CVE-2017-1000099.patch + NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8 +CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 allow ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/652 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e +CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 all ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/653 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15 +CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 allow ...) + {DLA-2366-1 DLA-1785-1 DLA-1131-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/656 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519 +CVE-2017-12690 + RESERVED +CVE-2017-12689 + RESERVED +CVE-2017-12688 + RESERVED +CVE-2017-12687 + RESERVED +CVE-2017-12686 + RESERVED +CVE-2017-12685 + RESERVED +CVE-2017-12684 + RESERVED +CVE-2017-12683 + RESERVED +CVE-2017-12682 + RESERVED +CVE-2017-12681 + RESERVED +CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type paramet ...) + NOT-FOR-US: NexusPHP +CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...) + NOT-FOR-US: NexusPHP +CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefac ...) + {DLA-2772-1} + - taglib 1.11.1+dfsg.1-0.2 (bug #871511) + [jessie] - taglib (Vulnerable code not present) + [wheezy] - taglib (Vulnerable code not present) + - silverjuke (Vulnerable code not present, based on older taglib version) + NOTE: https://github.com/taglib/taglib/issues/829 + NOTE: https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a +CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Ang ...) + NOT-FOR-US: IdentityServer +CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870118) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/618 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/387adbe4b05a545b9f3972e862602480c850303c + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7287f50888c26b133ee173816332fcaec4e8cb62 +CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870022) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/616 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7 +CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in th ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/604 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c +CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/619 +CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the f ...) + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/617 +CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in coders/ ...) + {DSA-4019-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/621 +CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...) + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/571 +CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage i ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870489) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/575 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/560e6e512961008938aa1d1b9aab06347b1c8f9b +CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...) + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/553 +CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImag ...) + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870482) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/572 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5559407ce29f4371e5df9c1cbde65455fe5854c + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d +CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870501) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/577 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/859084b4fd966ac007965c3d85caabccd8aee9b4 +CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage i ...) + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/573 +CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage i ...) + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/576 +CVE-2017-12661 + RESERVED +CVE-2017-12660 + RESERVED +CVE-2017-12659 + RESERVED +CVE-2017-12658 + RESERVED +CVE-2017-12657 + RESERVED +CVE-2017-12656 + RESERVED +CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the que ...) + NOT-FOR-US: NexusPHP +CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 all ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870502) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/620 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ffcb8f8e2248fde38a2cb30aeb48403d2b3471cc + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f2c26fa4db84e92d754c7f8b269db2883cf7f32c +CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escal ...) + NOT-FOR-US: 360 Total Security +CVE-2017-12652 (libpng before 1.6.32 does not properly check the length of chunks agai ...) + - libpng1.6 1.6.32-1 + [stretch] - libpng1.6 (Minor issue) + NOTE: https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55 + NOTE: https://github.com/glennrp/libpng/commit/a1fe2c98489519d415b72bc0026f0c86d82278b7 + NOTE: https://github.com/glennrp/libpng/commit/095b4ce16bb46acb259ea1a4ca6562a623e58d93 + NOTE: https://github.com/glennrp/libpng/commit/2dbef2f2a9e759a80d2decb6862518acf4919c59 + NOTE: https://github.com/glennrp/libpng/commit/2dca15686fadb1b8951cb29b02bad4cae73448da + NOTE: https://github.com/glennrp/libpng/commit/fcd1bb93124d76059abef98216d8390f520c577b + NOTE: https://github.com/glennrp/libpng/commit/13bc0b6b1f8f2f2491fcc9f0c1c939ff06e13c15 +CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelis ...) + NOT-FOR-US: Loginizer plugin for WordPress +CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPres ...) + NOT-FOR-US: Loginizer plugin for WordPress +CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or ...) + NOT-FOR-US: Liferay Portal +CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.) + NOT-FOR-US: Liferay Portal +CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ar ...) + NOT-FOR-US: Liferay Portal +CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, passw ...) + NOT-FOR-US: Liferay Portal +CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletI ...) + NOT-FOR-US: Liferay Portal +CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/551 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0 +CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869796) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/552 +CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870108) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/550 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda +CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ReadOne ...) + {DSA-4040-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (bug #870106) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/542 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec +CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...) + NOT-FOR-US: Ipswitch IMail +CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and includi ...) + NOT-FOR-US: Ipswitch IMail +CVE-2017-12637 (Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/ ...) + NOT-FOR-US: SAP +CVE-2017-12636 (CouchDB administrative users can configure the database server via HTT ...) + {DLA-1252-1} + - couchdb + NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6 + NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354 + NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7 +CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and JavaScript-base ...) + {DLA-1252-1} + - couchdb + NOTE: https://www.openwall.com/lists/oss-security/2017/11/14/6 + NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b +CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20. ...) + NOT-FOR-US: Apache Camel +CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20 ...) + NOT-FOR-US: Apache Camel +CVE-2017-12632 (A malicious host header in an incoming HTTP request could cause NiFi t ...) + NOT-FOR-US: Apache NiFi +CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...) + NOT-FOR-US: Apache CXF +CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query pag ...) + NOT-FOR-US: Apache Drill +CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache Luc ...) + {DSA-4124-1 DLA-1254-1} + - lucene-solr 3.6.2+dfsg-11 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529 + NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html + NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html + NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25 + NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4 +CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...) + NOT-FOR-US: Apache James +CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of exte ...) + {DLA-1328-1} + - xerces-c 3.2.1+debian-1 (bug #894050) + [stretch] - xerces-c 3.1.4+debian-2+deb9u1 + [jessie] - xerces-c 3.1.1-5.1+deb8u4 + NOTE: https://svn.apache.org/r1819998 + NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt +CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...) + - libapache-poi-java 3.17-1 (bug #888651) + [stretch] - libapache-poi-java (Minor issue) + [jessie] - libapache-poi-java (Minor issue) + [wheezy] - libapache-poi-java (Minor issue) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=52372 + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61295 +CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2 ...) + NOT-FOR-US: Apache Hive +CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either the J ...) + NOT-FOR-US: Apache CXF +CVE-2017-12623 (An authorized user could upload a template which contained malicious c ...) + NOT-FOR-US: Apache NiFi +CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) + NOT-FOR-US: Apache Geode +CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom doctyp ...) + - jenkins-commons-jelly + [jessie] - jenkins-commons-jelly (Minor issue, only used by Jenkins which got removed) + [wheezy] - jenkins-commons-jelly (Minor issue, only used by Jenkins which got removed) + NOTE: https://www.openwall.com/lists/oss-security/2017/09/27/6 +CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...) + NOT-FOR-US: Apache OpenNLP +CVE-2017-12619 (Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation whic ...) + NOT-FOR-US: Apache Zeppelin +CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to val ...) + {DLA-1163-1} + - apr-util 1.6.1-1 (low; bug #879996) + [stretch] - apr-util (Minor issue) + [jessie] - apr-util (Minor issue) + NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E + NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147 +CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22 ...) + {DLA-1166-1} + - tomcat8 (Specific to running Tomcat on Windows) + - tomcat8.0 (Specific to running Tomcat on Windows) + - tomcat7 (Specific to running Tomcat on Windows) + NOTE: https://svn.apache.org/r1809673 (8.5.x) + NOTE: https://svn.apache.org/r1809675 (8.5.x) + NOTE: https://svn.apache.org/r1809896 (8.5.x) + NOTE: https://svn.apache.org/r1809921 (8.0.x) + NOTE: https://svn.apache.org/r1809978 (7.0.x) + NOTE: https://svn.apache.org/r1809992 (7.0.x) + NOTE: https://svn.apache.org/r1810014 (7.0.x) + NOTE: https://svn.apache.org/r1810026 (7.0.x) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61542 +CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it w ...) + {DLA-1400-1 DLA-1108-1} + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + NOTE: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81 + NOTE: https://svn.apache.org/r1804729 +CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs e ...) + - tomcat7 (Windows-specific) +CVE-2017-12614 (It was noticed an XSS in certain 404 pages that could be exploited to ...) + - airflow (bug #819700) +CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...) + {DLA-2897-1 DLA-1162-1} + - apr 1.6.3-1 (low; bug #879708) + [jessie] - apr (Minor issue) + NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E + NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a +CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe de ...) + - apache-spark (bug #802194) +CVE-2017-12611 (In Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1, using ...) + - libstruts1.2-java + [wheezy] - libstruts1.2-java (Minor issue) + NOTE: Only a problem if the application programmer has made a security mistake. + NOTE: https://struts.apache.org/docs/s2-053.html +CVE-2017-12610 (In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authent ...) + - kafka (bug #786460) +CVE-2017-12609 + REJECTED +CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1 ...) + {DSA-4022-1 DLA-1214-1} + - libreoffice 1:5.0.2-1 + NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301 + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608 + NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba +CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and spec ...) + {DSA-4022-1 DLA-1214-1} + - libreoffice 1:5.0.2-1 + NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300 + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607 + NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 +CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...) + NOT-FOR-US: Liferay Portal +CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invali ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872045) + [stretch] - opencv (Minor issue) + [jessie] - opencv (Minor issue) + [wheezy] - opencv (Minor issue) + NOTE: https://github.com/opencv/opencv/issues/9311 +CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...) + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872045) + [stretch] - opencv (Minor issue) + [jessie] - opencv (Minor issue) + [wheezy] - opencv (Minor issue) + NOTE: https://github.com/opencv/opencv/issues/9311 +CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of ...) + {DLA-2799-1 DLA-1438-1 DLA-1117-1} + [experimental] - opencv 3.4.4+dfsg-1~exp1 + - opencv 3.2.0+dfsg-6 (bug #872044) + NOTE: https://github.com/opencv/opencv/issues/9309 +CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...) + {DLA-2358-1} + - openexr 2.2.0-11.1 (bug #877352) + [jessie] - openexr (Minor issue) + [wheezy] - openexr 1.6.1-6+deb7u1 + NOTE: https://github.com/openexr/openexr/issues/238 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c (v2.3.0) +CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dic ...) + - qpdf 7.0.0-1 + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://github.com/qpdf/qpdf/issues/146 + NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b +CVE-2017-12594 + RESERVED +CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF.) + NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices +CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation vulnera ...) + NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices +CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross sit ...) + NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices +CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vu ...) + NOT-FOR-US: ASUS RT-N14UHP devices +CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any protecti ...) + NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices +CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...) + - rsyslog 8.28.0-1 (unimportant) + NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b + NOTE: https://github.com/rsyslog/rsyslog/pull/1565 + NOTE: The zmq3 input and output modules are not enabled and built in Debian +CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (bug #870526) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/535 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d4192df5eb03892089806d52a317cc3101856726 +CVE-2017-12586 (SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue becau ...) + NOT-FOR-US: SLiMS 8 Akasia +CVE-2017-12585 (SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_ha ...) + NOT-FOR-US: SLiMS 8 Akasia +CVE-2017-12584 (There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an ...) + NOT-FOR-US: SLiMS 8 Akasia +CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE ...) + - dokuwiki 0.0.20180422.a-1 (bug #870903) + [jessie] - dokuwiki (Vulnerable code not present) + [wheezy] - dokuwiki (Vulnerable code not present) + NOTE: https://github.com/splitbrain/dokuwiki/issues/2061 +CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...) + NOT-FOR-US: QNAP +CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because o ...) + - electron (bug #842420) +CVE-2017-12580 (An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploi ...) + NOT-FOR-US: IDM UltraEdit +CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...) + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin +CVE-2017-12578 + RESERVED +CVE-2017-12577 (An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded accoun ...) + NOT-FOR-US: PLANEX +CVE-2017-12576 (An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undoc ...) + NOT-FOR-US: PLANEX +CVE-2017-12575 (An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router h ...) + NOT-FOR-US: NEC +CVE-2017-12574 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...) + NOT-FOR-US: PLANEX +CVE-2017-12573 (An issue was discovered on PLANEX CS-W50HD devices with firmware befor ...) + NOT-FOR-US: PLANEX +CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5. ...) + NOT-FOR-US: Splunk +CVE-2017-12571 + RESERVED +CVE-2017-12570 + RESERVED +CVE-2017-12569 + RESERVED +CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brothe ...) + NOT-FOR-US: Brother +CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance 6.4.1208 ...) + NOT-FOR-US: Quest KACE Asset Management Appliance +CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870503) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/603 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16 +CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870115) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/602 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458 +CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the f ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870017) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/601 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b +CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/599 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a +CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12555 (A remote arbitrary file download and disclosure of information vulnera ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management H ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System Ma ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System Ma ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System Manageme ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management H ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System Manage ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System Manage ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management Homepag ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management Home ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...) + NOT-FOR-US: HPE System Management Homepage +CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote Co ...) + NOT-FOR-US: Moonshot Remote Console Administrator Pro +CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE Int ...) + NOT-FOR-US: HPE ILO 4 +CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12519 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12518 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12517 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12516 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12515 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12514 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12513 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12512 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12511 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12510 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12509 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12508 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12507 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12506 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12505 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12504 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12503 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12502 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12501 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12500 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12499 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12498 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12497 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12496 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12495 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12494 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12493 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12492 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12491 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12490 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12489 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12488 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12487 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-12486 + RESERVED +CVE-2017-12485 + RESERVED +CVE-2017-12484 + RESERVED +CVE-2017-12483 + RESERVED +CVE-2017-12482 (The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1 ...) + - ledger 3.1.2+dfsg1-1 (low; bug #870900) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) + [wheezy] - ledger (Minor issue) + NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1224 + NOTE: https://github.com/ledger/ledger/issues/1224 + NOTE: https://github.com/ledger/ledger/commit/7c0ae5b02571e21f97d45f5d091cb78af9885713 +CVE-2017-12481 (The find_option function in option.cc in Ledger 3.1.1 allows remote at ...) + - ledger 3.1.2+dfsg1-1 (low; bug #870900) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) + [wheezy] - ledger (Minor issue) + NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1222 + NOTE: https://github.com/ledger/ledger/issues/1222 + NOTE: https://github.com/ledger/ledger/commit/c5343f18744d0f6fddcc590f9a54c23674d8c489 +CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading ...) + NOT-FOR-US: Sandboxie +CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends Back ...) + NOT-FOR-US: Unitrends Backup +CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends Back ...) + NOT-FOR-US: Unitrends Backup +CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...) + NOT-FOR-US: Unitrends Backup +CVE-2017-12476 (The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Be ...) + NOT-FOR-US: Bento4 +CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 ...) + NOT-FOR-US: Bento4 +CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in Core/Ap4AtomSampleTable ...) + NOT-FOR-US: Bento4 +CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers t ...) + NOT-FOR-US: CCN-lite +CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attac ...) + NOT-FOR-US: CCN-lite +CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows context-depe ...) + NOT-FOR-US: CCN-lite +CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...) + NOT-FOR-US: CCN-lite +CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows c ...) + NOT-FOR-US: CCN-lite +CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows ...) + NOT-FOR-US: CCN-lite +CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...) + NOT-FOR-US: CCN-lite +CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have unspec ...) + NOT-FOR-US: CCN-lite +CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow context-depen ...) + NOT-FOR-US: CCN-lite +CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent atta ...) + NOT-FOR-US: CCN-lite +CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite bef ...) + NOT-FOR-US: CCN-lite +CVE-2017-12462 + RESERVED +CVE-2017-12461 + RESERVED +CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7 ...) + NOT-FOR-US: Barco ClickShare CSM-1 firmware +CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Bina ...) + - binutils 2.29-8 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc +CVE-2017-12458 (The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Bin ...) + - binutils 2.29-8 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc +CVE-2017-12457 (The bfd_make_section_with_flags function in section.c in the Binary Fi ...) + - binutils 2.29-8 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc +CVE-2017-12456 (The read_symbol_stabs_debugging_info function in rddbg.c in GNU Binuti ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 +CVE-2017-12455 (The evax_bfd_print_emh function in vms-alpha.c in the Binary File Desc ...) + - binutils 2.29-8 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc +CVE-2017-12454 (The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 +CVE-2017-12453 (The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File Descri ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 +CVE-2017-12452 (The bfd_mach_o_i386_canonicalize_one_reloc function in bfd/mach-o-i386 ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51 +CVE-2017-12451 (The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and bfd/coff6 ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21786 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=29866fa186ee3ebda5242221607dba360b2e541e +CVE-2017-12450 (The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e +CVE-2017-12449 (The _bfd_vms_save_sized_string function in vms-misc.c in the Binary Fi ...) + - binutils 2.29-8 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc +CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File Descrip ...) + - binutils 2.29-9 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21787 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24 +CVE-2017-12447 (GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus ...) + - gdk-pixbuf 2.34.0-1 + [jessie] - gdk-pixbuf 2.31.1-2+deb8u5 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785979 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/b7bf6fbfb310fceba2d35d4de143b8d5ffdad990 (2.33.2) +CVE-2017-12446 + RESERVED +CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cp ...) + - minidjvu (unimportant; bug #871495) + NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ +CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidj ...) + - minidjvu (unimportant; bug #871495) + NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ +CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 c ...) + - minidjvu (unimportant; bug #871495) + NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ +CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ca ...) + - minidjvu (unimportant; bug #871495) + NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ +CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ca ...) + - minidjvu (unimportant; bug #871495) + NOTE: https://sourceforge.net/p/minidjvu/bugs/8/ +CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID I8fd11 ...) + {DSA-3953-1} + - aodh 5.0.0-2 (bug #872605) + NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0080 + NOTE: Master: https://review.openstack.org/#/c/493823/ + NOTE: Ocata: https://review.openstack.org/#/c/493824/ + NOTE: Newton: https://review.openstack.org/#/c/493826/ + NOTE: https://github.com/openstack/aodh/commit/cb90d3ad472bba8d648803ca94a9196dff97f0e8 +CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ad ...) + NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional +CVE-2017-12438 + RESERVED +CVE-2017-12437 + RESERVED +CVE-2017-12436 + RESERVED +CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/543 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088 +CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...) + {DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872481) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/548 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620 +CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491) + [stretch] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/536 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74 +CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 + [jessie] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/545 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ac6c73d39d59a7b0285b3756810272121759a31 + NOTE: The fix applied for #869727 included the change for upstream issue 545, cf. + NOTE: https://github.com/ImageMagick/ImageMagick/issues/546#issuecomment-313968413 +CVE-2017-12427 (The ProcessMSLScript function in coders/msl.c in ImageMagick before 6. ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870525) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/636 + NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456 +CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17. ...) + - gitlab 9.5.4+dfsg-7 (bug #872190; unimportant) + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212 + NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself. + NOTE: The CVE is for the issue when importing a project via crafted SSH URLs, + NOTE: which becomes ineffective with a fixed git version itself. +CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate in ...) + {DLA-2596-1} + - shadow 1:4.5-1 (bug #756630) + [jessie] - shadow (Minor issue) + [wheezy] - shadow (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675 + NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5) +CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...) + NOT-FOR-US: NetApp +CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3 ...) + NOT-FOR-US: NetApp +CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote authen ...) + NOT-FOR-US: NetApp +CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp Cluster ...) + NOT-FOR-US: NetApp +CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on MySQL/M ...) + - mantis + [wheezy] - mantis (Not supported in Wheezy) + NOTE: https://mantisbt.org/bugs/view.php?id=23173 +CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...) + {DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872498) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/643 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/46382526a3f09cebf9f2af680fc55b2a668fcbef + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d +CVE-2017-12417 + RESERVED +CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x be ...) + NOT-FOR-US: OXID eShop +CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption a ...) + NOT-FOR-US: Zoho ManageEngine OpManager +CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an untr ...) + NOT-FOR-US: Format Factory +CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin ...) + NOT-FOR-US: AXIS 2100 devices +CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent at ...) + NOT-FOR-US: CCN-lite +CVE-2017-12411 + RESERVED +CVE-2017-12410 (It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulne ...) + NOT-FOR-US: Kaseya Virtual System Administrator agent +CVE-2017-12409 + RESERVED +CVE-2017-12408 + RESERVED +CVE-2017-12407 + RESERVED +CVE-2017-12406 + RESERVED +CVE-2017-12405 + RESERVED +CVE-2017-12404 + RESERVED +CVE-2017-12403 + RESERVED +CVE-2017-12402 + RESERVED +CVE-2017-12401 + RESERVED +CVE-2017-12400 + RESERVED +CVE-2017-12399 + RESERVED +CVE-2017-12398 + RESERVED +CVE-2017-12397 + RESERVED +CVE-2017-12396 + RESERVED +CVE-2017-12395 + RESERVED +CVE-2017-12394 + RESERVED +CVE-2017-12393 + RESERVED +CVE-2017-12392 + RESERVED +CVE-2017-12391 + RESERVED +CVE-2017-12390 + RESERVED +CVE-2017-12389 + RESERVED +CVE-2017-12388 + RESERVED +CVE-2017-12387 + RESERVED +CVE-2017-12386 + RESERVED +CVE-2017-12385 + RESERVED +CVE-2017-12384 + RESERVED +CVE-2017-12383 + RESERVED +CVE-2017-12382 + RESERVED +CVE-2017-12381 + RESERVED +CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11945 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897 +CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11944 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b +CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11946 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/0cf813f835e48ab0f94dd54200ceba0dc25fa1c4 +CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11943 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c + NOTE: https://github.com/vrtadmin/clamav-devel/commit/e887f113242ffcb0ea8735c3f567c6be77f382d6 +CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11942 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb +CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11940 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209 +CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...) + {DLA-1261-1} + - clamav 0.99.3~beta2+dfsg-1 (bug #888484) + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11939 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326 +CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...) + NOT-FOR-US: Cisco +CVE-2017-12372 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) + NOT-FOR-US: Cisco +CVE-2017-12371 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) + NOT-FOR-US: Cisco +CVE-2017-12370 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) + NOT-FOR-US: Cisco +CVE-2017-12369 (A "Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability" e ...) + NOT-FOR-US: Cisco +CVE-2017-12368 (A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerab ...) + NOT-FOR-US: Cisco +CVE-2017-12367 (A "Cisco WebEx Network Recording Player Denial of Service Vulnerabilit ...) + NOT-FOR-US: Cisco +CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...) + NOT-FOR-US: Cisco +CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an authenticat ...) + NOT-FOR-US: Cisco +CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco Prime Serv ...) + NOT-FOR-US: Cisco +CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an unauthent ...) + NOT-FOR-US: Cisco +CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could ...) + NOT-FOR-US: Cisco +CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an unauthentic ...) + NOT-FOR-US: Cisco +CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for WebEx Reco ...) + NOT-FOR-US: Cisco +CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Playe ...) + NOT-FOR-US: Cisco +CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco Jabber ...) + NOT-FOR-US: Cisco +CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco Jabber ...) + NOT-FOR-US: Cisco +CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS) ingress ...) + NOT-FOR-US: Cisco +CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure Access Cont ...) + NOT-FOR-US: Cisco +CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) + NOT-FOR-US: Cisco +CVE-2017-12352 (A vulnerability in certain system script files that are installed at b ...) + NOT-FOR-US: Cisco +CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS System Softw ...) + NOT-FOR-US: Cisco +CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 an ...) + NOT-FOR-US: Cisco +CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) + NOT-FOR-US: Cisco +CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) + NOT-FOR-US: Cisco +CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) + NOT-FOR-US: Cisco +CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) + NOT-FOR-US: Cisco +CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) + NOT-FOR-US: Cisco +CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) S ...) + NOT-FOR-US: Cisco +CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of Cisco Nex ...) + NOT-FOR-US: Cisco +CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on Cisco MDS Mu ...) + NOT-FOR-US: Cisco +CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration produc ...) + NOT-FOR-US: Cisco +CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS System S ...) + NOT-FOR-US: Cisco +CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch installation coul ...) + NOT-FOR-US: Cisco +CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...) + NOT-FOR-US: Cisco +CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible Operating Sys ...) + NOT-FOR-US: Cisco +CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call handling in ...) + NOT-FOR-US: Cisco +CVE-2017-12327 + RESERVED +CVE-2017-12326 + RESERVED +CVE-2017-12325 + RESERVED +CVE-2017-12324 + RESERVED +CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet ...) + NOT-FOR-US: Cisco +CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...) + NOT-FOR-US: Cisco +CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...) + NOT-FOR-US: Cisco +CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity Servi ...) + NOT-FOR-US: Cisco +CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...) + NOT-FOR-US: Cisco +CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...) + NOT-FOR-US: Cisco +CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the Cis ...) + NOT-FOR-US: Cisco +CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...) + NOT-FOR-US: Cisco +CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark Hybrid Cale ...) + NOT-FOR-US: Cisco +CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allo ...) + NOT-FOR-US: Cisco +CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed S ...) + NOT-FOR-US: Cisco +CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business Managed S ...) + NOT-FOR-US: Cisco +CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allo ...) + NOT-FOR-US: Cisco +CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series c ...) + NOT-FOR-US: Cisco +CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interfac ...) + NOT-FOR-US: Cisco +CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filterin ...) + NOT-FOR-US: Cisco +CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL databa ...) + NOT-FOR-US: Cisco +CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS Softw ...) + NOT-FOR-US: Cisco +CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower Syste ...) + NOT-FOR-US: Cisco +CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks du ...) + NOT-FOR-US: Cisco +CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an unauthent ...) + NOT-FOR-US: Cisco +CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an authentic ...) + NOT-FOR-US: Cisco +CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered ...) + NOT-FOR-US: Cisco +CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec fe ...) + NOT-FOR-US: Cisco +CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-12287 (A vulnerability in the cluster database (CDB) management component of ...) + NOT-FOR-US: Cisco +CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could allow an au ...) + NOT-FOR-US: Cisco +CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis Module ...) + NOT-FOR-US: Cisco +CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Clien ...) + NOT-FOR-US: Cisco +CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...) + NOT-FOR-US: Cisco +CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress fr ...) + NOT-FOR-US: Cisco +CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible Authenti ...) + NOT-FOR-US: Cisco +CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) + NOT-FOR-US: Cisco +CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software fo ...) + NOT-FOR-US: Cisco +CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) + NOT-FOR-US: Cisco +CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco Fi ...) + NOT-FOR-US: Cisco +CVE-2017-12276 (A vulnerability in the web framework code for the SQL database interfa ...) + NOT-FOR-US: Cisco +CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set (BS ...) + NOT-FOR-US: Cisco +CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress fr ...) + NOT-FOR-US: Cisco +CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...) + NOT-FOR-US: Cisco +CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software cou ...) + NOT-FOR-US: Cisco +CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allo ...) + NOT-FOR-US: Cisco +CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Ne ...) + NOT-FOR-US: Cisco +CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging Software could ...) + NOT-FOR-US: Cisco +CVE-2017-12268 (A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnec ...) + NOT-FOR-US: Cisco +CVE-2017-12267 (A vulnerability in the Independent Computing Architecture (ICA) accele ...) + NOT-FOR-US: Cisco +CVE-2017-12266 (A vulnerability in the routine that loads DLL files in Cisco Meeting A ...) + NOT-FOR-US: Cisco +CVE-2017-12265 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) + NOT-FOR-US: Cisco +CVE-2017-12264 (A vulnerability in the Web Admin Interface of Cisco Meeting Server cou ...) + NOT-FOR-US: Cisco +CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...) + NOT-FOR-US: Cisco +CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco Applica ...) + NOT-FOR-US: Cisco +CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...) + NOT-FOR-US: Cisco +CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ( ...) + NOT-FOR-US: Cisco +CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ( ...) + NOT-FOR-US: Cisco +CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified Communications Ma ...) + NOT-FOR-US: Cisco +CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings Server co ...) + NOT-FOR-US: Cisco +CVE-2017-12256 (A vulnerability in the Akamai Connect feature of Cisco Wide Area Appli ...) + NOT-FOR-US: Cisco +CVE-2017-12255 (A vulnerability in the CLI of Cisco UCS Central Software could allow a ...) + NOT-FOR-US: Cisco +CVE-2017-12254 (A vulnerability in the web interface of Cisco Unified Intelligence Cen ...) + NOT-FOR-US: Cisco +CVE-2017-12253 (A vulnerability in the Cisco Unified Intelligence Center could allow a ...) + NOT-FOR-US: Cisco +CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility could al ...) + NOT-FOR-US: Cisco +CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services Platfor ...) + NOT-FOR-US: Cisco +CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area Applicat ...) + NOT-FOR-US: Cisco +CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server include ...) + NOT-FOR-US: Cisco Meeting Server +CVE-2017-12248 (A vulnerability in the web framework code of Cisco Unified Intelligenc ...) + NOT-FOR-US: Cisco +CVE-2017-12247 + RESERVED +CVE-2017-12246 (A vulnerability in the implementation of the direct authentication fea ...) + NOT-FOR-US: Cisco +CVE-2017-12245 (A vulnerability in SSL traffic decryption for Cisco Firepower Threat D ...) + NOT-FOR-US: Cisco +CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for Ci ...) + NOT-FOR-US: Cisco +CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, C ...) + NOT-FOR-US: Cisco +CVE-2017-12242 + RESERVED +CVE-2017-12241 + RESERVED +CVE-2017-12240 (The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2017-12239 (A vulnerability in motherboard console ports of line cards for Cisco A ...) + NOT-FOR-US: Cisco +CVE-2017-12238 (A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisc ...) + NOT-FOR-US: Cisco +CVE-2017-12237 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...) + NOT-FOR-US: Cisco +CVE-2017-12236 (A vulnerability in the implementation of the Locator/ID Separation Pro ...) + NOT-FOR-US: Cisco +CVE-2017-12235 (A vulnerability in the implementation of the PROFINET Discovery and Co ...) + NOT-FOR-US: Cisco +CVE-2017-12234 (Multiple vulnerabilities in the implementation of the Common Industria ...) + NOT-FOR-US: Cisco +CVE-2017-12233 (Multiple vulnerabilities in the implementation of the Common Industria ...) + NOT-FOR-US: Cisco +CVE-2017-12232 (A vulnerability in the implementation of a protocol in Cisco Integrate ...) + NOT-FOR-US: Cisco +CVE-2017-12231 (A vulnerability in the implementation of Network Address Translation ( ...) + NOT-FOR-US: Cisco +CVE-2017-12230 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2017-12229 (A vulnerability in the REST API of the web-based user interface (web U ...) + NOT-FOR-US: Cisco +CVE-2017-12228 (A vulnerability in the Cisco Network Plug and Play application of Cisc ...) + NOT-FOR-US: Cisco +CVE-2017-12227 (A vulnerability in the SQL database interface for Cisco Emergency Resp ...) + NOT-FOR-US: Cisco +CVE-2017-12226 (A vulnerability in the web-based Wireless Controller GUI of Cisco IOS ...) + NOT-FOR-US: Cisco +CVE-2017-12225 (A vulnerability in the web functionality of the Cisco Prime LAN Manage ...) + NOT-FOR-US: Cisco +CVE-2017-12224 (A vulnerability in the ability for guest users to join meetings via a ...) + NOT-FOR-US: Cisco +CVE-2017-12223 (A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integr ...) + NOT-FOR-US: Cisco +CVE-2017-12222 (A vulnerability in the wireless controller manager of Cisco IOS XE cou ...) + NOT-FOR-US: Cisco +CVE-2017-12221 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) + NOT-FOR-US: Cisco +CVE-2017-12220 (A vulnerability in the web-based management interface of Cisco Firepow ...) + NOT-FOR-US: Cisco +CVE-2017-12219 (A vulnerability in the handling of IP fragments for the Cisco Small Bu ...) + NOT-FOR-US: Cisco +CVE-2017-12218 (A vulnerability in the malware detection functionality within Advanced ...) + NOT-FOR-US: Cisco +CVE-2017-12217 (A vulnerability in the General Packet Radio Service (GPRS) Tunneling P ...) + NOT-FOR-US: Cisco +CVE-2017-12216 (A vulnerability in the web-based user interface of Cisco SocialMiner c ...) + NOT-FOR-US: Cisco +CVE-2017-12215 (A vulnerability in the email message filtering feature of Cisco AsyncO ...) + NOT-FOR-US: Cisco +CVE-2017-12214 (A vulnerability in the Operations, Administration, Maintenance, and Pr ...) + NOT-FOR-US: Cisco +CVE-2017-12213 (A vulnerability in the dynamic access control list (ACL) feature of Ci ...) + NOT-FOR-US: Cisco +CVE-2017-12212 (A vulnerability in the web framework of Cisco Unity Connection could a ...) + NOT-FOR-US: Cisco +CVE-2017-12211 (A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) ...) + NOT-FOR-US: Cisco +CVE-2017-12210 + RESERVED +CVE-2017-12209 + RESERVED +CVE-2017-12208 + RESERVED +CVE-2017-12207 + RESERVED +CVE-2017-12206 + RESERVED +CVE-2017-12205 + RESERVED +CVE-2017-12204 + RESERVED +CVE-2017-12203 + RESERVED +CVE-2017-12202 + RESERVED +CVE-2017-12201 + RESERVED +CVE-2016-10403 (Insufficient data validation on image data in PDFium in Google Chrome ...) + {DSA-3590-1} + - chromium-browser 51.0.2704.63-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1 ...) + {DSA-3924-1} + - varnish 5.0.0-7.1 (bug #870467) + [wheezy] - varnish (code path is not exposed to clients) + NOTE: https://www.varnish-cache.org/security/VSV00001.html#vsv00001 + NOTE: https://github.com/varnishcache/varnish-cache/issues/2379 + NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e +CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XS ...) + NOT-FOR-US: WordPress plugin +CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQ ...) + NOT-FOR-US: WordPress plugin +CVE-2017-12198 + RESERVED +CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly va ...) + {DSA-4025-1 DLA-1165-1} + - libpam4j 1.4-3 (bug #879001) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103 + NOTE: https://github.com/kohsuke/libpam4j/issues/18 + NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d +CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was fou ...) + - undertow 1.4.25-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055 + NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870 + NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f +CVE-2017-12195 (A flaw was found in all Openshift Enterprise versions using the opensh ...) + NOT-FOR-US: OpenShift +CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages se ...) + - spice-gtk 0.35-1 (bug #898503) + [stretch] - spice-gtk (Minor issue) + [jessie] - spice-gtk (Minor issue) + [wheezy] - spice-gtk (Vulnerable code is not in any binary package, only in the source package) + NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165 + NOTE: Although not present in the binary packages the (de)marshal.py are used to + NOTE: generate repsecitve code which should be in libspice-common-client. +CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array. ...) + - linux 4.13.13-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (Vulnerable code introduced in 3.13-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7) + NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1) +CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key Mana ...) + - linux 4.13.4-2 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3) + NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1) +CVE-2017-12191 (A flaw was found in the CloudForms account configuration when using VM ...) + NOT-FOR-US: Red Hat CloudForms +CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in th ...) + {DLA-1200-1} + - linux 4.13.10-1 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089 +CVE-2017-12189 (It was discovered that the jboss init script as used in Red Hat JBoss ...) + NOT-FOR-US: Red Hat JBoss; jbossas init script +CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested vir ...) + - linux 4.13.4-2 + [stretch] - linux 4.9.65-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380 + NOTE: https://www.spinics.net/lists/kvm/msg156651.html +CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in RENDER ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e +CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in X-Resou ...) + {DSA-4000-1} + - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e +CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in MIT-SCR ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e +CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in XINERAM ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e +CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in XFIXES ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5 +CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b +CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) + {DSA-4000-1} + - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b +CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b +CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S ...) + {DSA-4000-1} + - xorg-server 2:1.19.5-1 + [wheezy] - xorg-server (Vulnerable code introduced later) +CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in ProcXICh ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821 +CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in Pr ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831 +CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validation in P ...) + {DSA-4000-1 DLA-1186-1} + - xorg-server 2:1.19.5-1 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81 +CVE-2017-12175 (Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule ...) + NOT-FOR-US: Red Hat Satellite +CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...) + NOT-FOR-US: Artemis and HornetQ +CVE-2017-12173 (It was found that sssd's sysdb_search_user_by_upn_res() function befor ...) + - sssd 1.15.3-2 (bug #877885) + [stretch] - sssd 1.15.0-3+deb9u1 + [jessie] - sssd (Vulnerable code introduced later) + [wheezy] - sssd (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173 + NOTE: Fixed by: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835 + NOTE: Introduced by https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a (sssd-1_12_0) +CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, ...) + - postgresql-10 10.1-1 (unimportant) + - postgresql-9.6 (unimportant) + [stretch] - postgresql-9.6 9.6.6-0+deb9u1 + - postgresql-9.4 (unimportant) + [jessie] - postgresql-9.4 9.4.15-0+deb8u1 + - postgresql-9.1 (unimportant) + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + [wheezy] - postgresql-9.1 (Vulnerable code not installed) + NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed +CVE-2017-12171 (A regression was found in the Red Hat Enterprise Linux 6.9 version of ...) + - apache2 (Introduced by Red Hat RHEL 6.9 specific non-security patch) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056 +CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vuln ...) + - pure-ftpd (Fedora specific packaging error) +CVE-2017-12169 (It was found that FreeIPA 4.2.0 and later could disclose password hash ...) + - freeipa (unimportant; bug #895950) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1487697 + NOTE: Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1331008 + NOTE: Negligible security impact +CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Lin ...) + - linux 4.8.11-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6) +CVE-2017-12167 (It was found in EAP 7 before 7.0.9 that properties based files of the ...) + NOT-FOR-US: Red Hat JBoss EAP +CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...) + {DLA-2992-1} + - openvpn 2.4.4-1 (bug #877089) + [jessie] - openvpn (Minor issue) + [wheezy] - openvpn (Minor issue) + NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166 + NOTE: https://www.openwall.com/lists/oss-security/2017/09/28/2 + NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master) + NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4) + NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3) + NOTE: https://community.openvpn.net/openvpn/changeset/a9f5c744d6b09f2495ca48d2c926efd3a4b981e6/ (release/2.2) +CVE-2017-12165 (It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 proces ...) + - undertow 2.0.23-1 (bug #885338) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301 + NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559 + NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 +CVE-2017-12164 (A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer se ...) + - gdm3 3.26.0-1 + [stretch] - gdm3 (Vulnerable code not present) + [jessie] - gdm3 (Vulnerable code not present) + [wheezy] - gdm3 (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417 + NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28 +CVE-2017-12163 (An information leak flaw was found in the way SMB1 protocol was implem ...) + {DSA-3983-1 DLA-1110-1} + - samba 2:4.6.7+dfsg-2 + NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html +CVE-2017-12162 + RESERVED +CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...) + NOT-FOR-US: Keycloak +CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated resourc ...) + NOT-FOR-US: Keycloak +CVE-2017-12159 (It was found that the cookie used for CSRF prevention in Keycloak was ...) + NOT-FOR-US: Keycloak +CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in the admin ...) + NOT-FOR-US: Keycloak +CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view details a ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=358586 +CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the "non-respondents" page i ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=358585 +CVE-2017-12155 (A resource-permission flaw was found in the openstack-tripleo-heat-tem ...) + - tripleo-heat-templates (bug #900176) + NOTE: https://bugs.launchpad.net/tripleo/+bug/1720787 +CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1) + NOTE: https://www.spinics.net/lists/kvm/msg155414.html +CVE-2017-12153 (A security flaw was discovered in the nl80211_set_rekey_data() functio ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.13-1 + NOTE: https://marc.info/?t=150525503100001&r=1&w=2 + NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2 +CVE-2017-12152 + REJECTED +CVE-2017-12151 (A flaw was found in the way samba client before samba 4.4.16, samba 4. ...) + {DSA-3983-1} + - samba 2:4.6.7+dfsg-2 + [wheezy] - samba (Vulnerable code introduced later) + NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html +CVE-2017-12150 (It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x ...) + {DSA-3983-1 DLA-1110-1} + - samba 2:4.6.7+dfsg-2 + NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html +CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise Applica ...) + - jbossas4 + [wheezy] - jbossas4 (incomplete packaging, 4.x series released more than nine years ago.) +CVE-2017-12148 (A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 w ...) + NOT-FOR-US: Ansible Tower +CVE-2017-12147 + RESERVED +CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c in the L ...) + - linux 4.11.11-1 + [stretch] - linux 4.9.30-2+deb9u5 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/6265539776a0810b7ce6398c27866ddb9c6bd154 (v4.13-rc1) +CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the function ...) + - libquicktime (unimportant) + NOTE: Negligible security impact +CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function TNEFFi ...) + - libytnef 1.9.3-1 (bug #870817) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/51 + NOTE: https://github.com/ohwgiles/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0 +CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...) + - libquicktime (unimportant) + NOTE: Negligible security impact +CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the ...) + - libytnef 1.9.3-1 (low; bug #870816) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/49 + NOTE: https://github.com/Yeraze/ytnef/commit/35dc50190aac54947bafb3d84ab7727e940c6236 +CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found i ...) + - libytnef 1.9.3-1 (low; bug #870815) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/50 +CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has a ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/533 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c +CVE-2017-12139 (XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing ...) + NOT-FOR-US: XOOPS +CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /mo ...) + NOT-FOR-US: XOOPS +CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS pr ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-227.html +CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x allo ...) + - xen 4.8.1-1+deb9u3 + [stretch] - xen 4.8.1-1+deb9u3 + [jessie] - xen (Only affects 4.6 and later) + [wheezy] - xen (Only affects 4.6 and later) + NOTE: https://xenbits.xen.org/xsa/advisory-228.html +CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) o ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-226.html +CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xe ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.12-1 + NOTE: https://xenbits.xen.org/xsa/advisory-229.html + NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6) +CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in sunrpc/cl ...) + - glibc 2.24-15 (bug #870648) + [stretch] - glibc 2.24-11+deb9u2 + - eglibc + [wheezy] - eglibc (Minor issue) + NOTE: issue introduced by fix for CVE-2016-4429 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21115 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491 +CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...) + [experimental] - glibc 2.25-0experimental1 + - glibc 2.25-1 (bug #870650) + - eglibc + [wheezy] - eglibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25 + NOTE: https://arxiv.org/pdf/1205.4011.pdf +CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/se ...) + NOT-FOR-US: WordPress plugin +CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ti ...) + NOT-FOR-US: tinysvcmdns +CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...) + NOT-FOR-US: Moxa +CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the Serv ...) + NOT-FOR-US: Moxa +CVE-2017-12127 (A password storage vulnerability exists in the operating system functi ...) + NOT-FOR-US: Moxa +CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the ...) + NOT-FOR-US: Moxa +CVE-2017-12125 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-12123 (An exploitable clear text transmission of password vulnerability exist ...) + NOT-FOR-US: Moxa +CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image r ...) + {DSA-4184-1 DSA-4177-1 DLA-1341-1} + - libsdl2-image 2.0.3+dfsg1-1 + - sdl-image1.2 1.2.12-8 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488 + NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09 + NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665 +CVE-2017-12121 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-12120 (An exploitable command injection vulnerability exists in the web serve ...) + NOT-FOR-US: Moxa +CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple AP ...) + - cpp-ethereum (bug #860434) +CVE-2017-12118 (An exploitable improper authorization vulnerability exists in miner_st ...) + - cpp-ethereum (bug #860434) +CVE-2017-12117 (An exploitable improper authorization vulnerability exists in miner_st ...) + - cpp-ethereum (bug #860434) +CVE-2017-12116 (An exploitable improper authorization vulnerability exists in miner_se ...) + - cpp-ethereum (bug #860434) +CVE-2017-12115 (An exploitable improper authorization vulnerability exists in miner_se ...) + - cpp-ethereum (bug #860434) +CVE-2017-12114 (An exploitable improper authorization vulnerability exists in admin_pe ...) + - cpp-ethereum (bug #860434) +CVE-2017-12113 (An exploitable improper authorization vulnerability exists in admin_no ...) + - cpp-ethereum (bug #860434) +CVE-2017-12112 (An exploitable improper authorization vulnerability exists in admin_ad ...) + - cpp-ethereum (bug #860434) +CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell f ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 (bug #895564) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463 +CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the xls_append ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 (bug #895564) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462 +CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the xls_prepar ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461 +CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the xls_prepar ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460 +CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing function ...) + NOT-FOR-US: Computerinsel Photoline +CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing functiona ...) + NOT-FOR-US: Computerinsel Photoline +CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ope ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457 +CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ope ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456 +CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ope ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455 +CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ope ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454 +CVE-2017-12101 (An exploitable integer overflow exists in the 'modifier_mdef_compact_i ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453 +CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' f ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452 +CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy Me ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451 +CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...) + - ruby-rails-admin (bug #900178) + [stretch] - ruby-rails-admin (Minor issue) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450 + NOTE: https://github.com/sferik/rails_admin/issues/2985 + NOTE: https://github.com/sferik/rails_admin/commit/44f09ed72b5e0e917a5d61bd89c48d97c494b41c +CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists in the ...) + NOT-FOR-US: delayed_job_web rails gem +CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle w ...) + NOT-FOR-US: Circle of Disney +CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point feature o ...) + NOT-FOR-US: Circle of Disney +CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of Cir ...) + NOT-FOR-US: Circle with Disney +CVE-2017-12093 (An exploitable insufficient resource pool vulnerability exists in the ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-12092 (An exploitable file write vulnerability exists in the memory module fu ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-12091 + REJECTED +CVE-2017-12090 (An exploitable denial of service vulnerability exists in the processin ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-12089 (An exploitable denial of service vulnerability exists in the program d ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-12088 (An exploitable denial of service vulnerability exists in the Ethernet ...) + NOT-FOR-US: Allen Bradley Micrologix +CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvcmdns l ...) + - shairport-sync 3.1.4-1 (unimportant; bug #882508) + NOTE: Debian build uses Avahi instead + NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668 +CVE-2017-12086 (An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_t ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438 +CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...) + NOT-FOR-US: Circle with Disney +CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of Cir ...) + NOT-FOR-US: Circle with Disney +CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...) + NOT-FOR-US: Circle with Disney +CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh loadin ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434 +CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433 +CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration fi ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-12079 (Files or directories accessible to external parties vulnerability in p ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-12078 (Command injection vulnerability in EZ-Internet in Synology Router Mana ...) + NOT-FOR-US: Synology +CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...) + NOT-FOR-US: Synology +CVE-2017-12076 (Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwa ...) + NOT-FOR-US: Synology +CVE-2017-12075 (Command injection vulnerability in EZ-Internet in Synology DiskStation ...) + NOT-FOR-US: Synology +CVE-2017-12074 (Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZon ...) + NOT-FOR-US: Synology +CVE-2017-12073 + REJECTED +CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...) + NOT-FOR-US: Synology +CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...) + NOT-FOR-US: Synology +CVE-2017-12070 (Unsigned versions of the DLLs distributed by the OPC Foundation may be ...) + NOT-FOR-US: OPC Foundation +CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET Sam ...) + NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors +CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array pa ...) + NOT-FOR-US: WordPress plugin +CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubi ...) + - potrace 1.15-1 (unimportant; bug #870356) + NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap + NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/ + NOTE: Crash only in CLI tool mkbitmap, negligible security impact +CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...) + - cacti 1.1.16+ds1-1 (bug #870354) + [stretch] - cacti (Vulnerable code introduced later) + [jessie] - cacti (Vulnerable code introduced later) + [wheezy] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e + NOTE: https://github.com/Cacti/cacti/issues/877 +CVE-2017-12065 (spikekill.php in Cacti before 1.1.16 might allow remote attackers to e ...) + - cacti 1.1.16+ds1-1 (bug #870353) + [stretch] - cacti (Vulnerable code introduced later) + [jessie] - cacti (Vulnerable code introduced later) + [wheezy] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e + NOTE: https://github.com/Cacti/cacti/issues/877 +CVE-2017-12064 (The csv_log_html function in library/edihistory/edih_csv_inc.php in Op ...) + NOT-FOR-US: OpenEMR +CVE-2017-12063 + RESERVED +CVE-2017-12062 (An XSS issue was discovered in manage_user_page.php in MantisBT 2.x be ...) + - mantis + [wheezy] - mantis (Not supported in Wheezy LTS) +CVE-2017-12061 (An XSS issue was discovered in admin/install.php in MantisBT before 1. ...) + - mantis + [wheezy] - mantis (Not supported in Wheezy LTS) +CVE-2017-12060 + RESERVED +CVE-2017-12059 + RESERVED +CVE-2017-12058 + RESERVED +CVE-2017-12057 + RESERVED +CVE-2017-12056 + RESERVED +CVE-2017-12055 + RESERVED +CVE-2017-12054 + RESERVED +CVE-2017-12053 + RESERVED +CVE-2017-12052 + RESERVED +CVE-2017-12051 + RESERVED +CVE-2017-12050 + RESERVED +CVE-2017-12049 + RESERVED +CVE-2017-12048 + RESERVED +CVE-2017-12047 + RESERVED +CVE-2017-12046 + RESERVED +CVE-2017-12045 + RESERVED +CVE-2017-12044 + RESERVED +CVE-2017-12043 + RESERVED +CVE-2017-12042 + RESERVED +CVE-2017-12041 + RESERVED +CVE-2017-12040 + RESERVED +CVE-2017-12039 + RESERVED +CVE-2017-12038 + RESERVED +CVE-2017-12037 + RESERVED +CVE-2017-12036 + RESERVED +CVE-2017-12035 + RESERVED +CVE-2017-12034 + RESERVED +CVE-2017-12033 + RESERVED +CVE-2017-12032 + RESERVED +CVE-2017-12031 + RESERVED +CVE-2017-12030 + RESERVED +CVE-2017-12029 + RESERVED +CVE-2017-12028 + RESERVED +CVE-2017-12027 + RESERVED +CVE-2017-12026 + RESERVED +CVE-2017-12025 + RESERVED +CVE-2017-12024 + RESERVED +CVE-2017-12023 + RESERVED +CVE-2017-12022 + RESERVED +CVE-2017-12021 + RESERVED +CVE-2017-12020 + RESERVED +CVE-2017-12019 + RESERVED +CVE-2017-12018 + RESERVED +CVE-2017-12017 + RESERVED +CVE-2017-12016 + RESERVED +CVE-2017-12015 + RESERVED +CVE-2017-12014 + RESERVED +CVE-2017-12013 + RESERVED +CVE-2017-12012 + RESERVED +CVE-2017-12011 + RESERVED +CVE-2017-12010 + RESERVED +CVE-2017-12009 + RESERVED +CVE-2017-12008 + RESERVED +CVE-2017-12007 + RESERVED +CVE-2017-12006 + RESERVED +CVE-2017-12005 + RESERVED +CVE-2017-12004 + RESERVED +CVE-2017-12003 + RESERVED +CVE-2017-12002 + RESERVED +CVE-2017-12001 + RESERVED +CVE-2017-12000 + RESERVED +CVE-2017-11999 + RESERVED +CVE-2017-11998 + RESERVED +CVE-2017-11997 + RESERVED +CVE-2017-11996 + RESERVED +CVE-2017-11995 + RESERVED +CVE-2017-11994 + RESERVED +CVE-2017-11993 + RESERVED +CVE-2017-11992 + RESERVED +CVE-2017-11991 + RESERVED +CVE-2017-11990 + RESERVED +CVE-2017-11989 + RESERVED +CVE-2017-11988 + RESERVED +CVE-2017-11987 + RESERVED +CVE-2017-11986 + RESERVED +CVE-2017-11985 + RESERVED +CVE-2017-11984 + RESERVED +CVE-2017-11983 + RESERVED +CVE-2017-11982 + RESERVED +CVE-2017-11981 + RESERVED +CVE-2017-11980 + RESERVED +CVE-2017-11979 + RESERVED +CVE-2017-11978 + RESERVED +CVE-2017-11977 + RESERVED +CVE-2017-11976 + RESERVED +CVE-2017-11975 + RESERVED +CVE-2017-11974 + RESERVED +CVE-2017-11973 + RESERVED +CVE-2017-11972 + RESERVED +CVE-2017-11971 + RESERVED +CVE-2017-11970 + RESERVED +CVE-2017-11969 + RESERVED +CVE-2017-11968 + RESERVED +CVE-2017-11967 + RESERVED +CVE-2017-11966 + RESERVED +CVE-2017-11965 + RESERVED +CVE-2017-11964 + RESERVED +CVE-2017-11963 + RESERVED +CVE-2017-11962 + RESERVED +CVE-2017-11961 + RESERVED +CVE-2017-11960 + RESERVED +CVE-2017-11959 + RESERVED +CVE-2017-11958 + RESERVED +CVE-2017-11957 + RESERVED +CVE-2017-11956 + RESERVED +CVE-2017-11955 + RESERVED +CVE-2017-11954 + RESERVED +CVE-2017-11953 + RESERVED +CVE-2017-11952 + RESERVED +CVE-2017-11951 + RESERVED +CVE-2017-11950 + RESERVED +CVE-2017-11949 + RESERVED +CVE-2017-11948 + RESERVED +CVE-2017-11947 + RESERVED +CVE-2017-11946 + RESERVED +CVE-2017-11945 + RESERVED +CVE-2017-11944 + RESERVED +CVE-2017-11943 + RESERVED +CVE-2017-11942 + RESERVED +CVE-2017-11941 + RESERVED +CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-11939 (Microsoft Office 2016 Click-to-Run (C2R) allows an information disclos ...) + NOT-FOR-US: Microsoft +CVE-2017-11938 + RESERVED +CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-11936 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of pri ...) + NOT-FOR-US: Microsoft +CVE-2017-11935 (Microsoft Office 2016 Click-to-Run (C2R) allows a remote code executio ...) + NOT-FOR-US: Microsoft +CVE-2017-11934 (Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2017-11933 + RESERVED +CVE-2017-11932 (Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 ...) + NOT-FOR-US: Microsoft +CVE-2017-11931 + RESERVED +CVE-2017-11930 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11929 + RESERVED +CVE-2017-11928 + RESERVED +CVE-2017-11927 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-11926 + RESERVED +CVE-2017-11925 + RESERVED +CVE-2017-11924 + RESERVED +CVE-2017-11923 + RESERVED +CVE-2017-11922 + RESERVED +CVE-2017-11921 + RESERVED +CVE-2017-11920 + RESERVED +CVE-2017-11919 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11918 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11917 + RESERVED +CVE-2017-11916 (ChakraCore allows an attacker to execute arbitrary code in the context ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11915 + RESERVED +CVE-2017-11914 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11913 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11912 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11911 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11910 (ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Se ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11909 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2 ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11908 (ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11907 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11906 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11905 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11904 + RESERVED +CVE-2017-11903 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11902 + RESERVED +CVE-2017-11901 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11900 + RESERVED +CVE-2017-11899 (Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2 ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-11898 + RESERVED +CVE-2017-11897 + RESERVED +CVE-2017-11896 + RESERVED +CVE-2017-11895 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11894 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11893 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, an ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11892 + RESERVED +CVE-2017-11891 + RESERVED +CVE-2017-11890 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-11889 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) + NOT-FOR-US: Microsoft ChakraCore +CVE-2017-11888 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, a ...) + NOT-FOR-US: Microsoft Edge +CVE-2017-11887 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft Internet Explorer +CVE-2017-11886 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 a ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-11885 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbi ...) + NOT-FOR-US: Microsoft +CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...) + NOT-FOR-US: .NET core +CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pa ...) + NOT-FOR-US: Microsoft +CVE-2017-11881 + RESERVED +CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session informatio ...) + NOT-FOR-US: Microsoft +CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + NOT-FOR-US: Microsoft +CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...) + NOT-FOR-US: Microsoft +CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server 20 ...) + NOT-FOR-US: Microsoft +CVE-2017-11875 + RESERVED +CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ver ...) + NOT-FOR-US: Microsoft +CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Wi ...) + NOT-FOR-US: Microsoft +CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...) + NOT-FOR-US: Microsoft +CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Se ...) + NOT-FOR-US: Microsoft +CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft +CVE-2017-11868 + RESERVED +CVE-2017-11867 + RESERVED +CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) + NOT-FOR-US: Microsoft +CVE-2017-11865 + RESERVED +CVE-2017-11864 + RESERVED +CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, v ...) + NOT-FOR-US: Microsoft +CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...) + NOT-FOR-US: Microsoft +CVE-2017-11860 + RESERVED +CVE-2017-11859 + RESERVED +CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11857 + RESERVED +CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 a ...) + NOT-FOR-US: Microsoft +CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) + NOT-FOR-US: Microsoft +CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) + NOT-FOR-US: Microsoft +CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 17 ...) + NOT-FOR-US: Microsoft +CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Ser ...) + NOT-FOR-US: Microsoft +CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 160 ...) + NOT-FOR-US: Microsoft +CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Serve ...) + NOT-FOR-US: Microsoft +CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability wh ...) + NOT-FOR-US: Microsoft +CVE-2017-11828 + RESERVED +CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint S ...) + NOT-FOR-US: Microsoft +CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...) + NOT-FOR-US: Microsoft +CVE-2017-11824 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11823 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...) + NOT-FOR-US: Microsoft +CVE-2017-11822 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11821 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) + NOT-FOR-US: Microsoft +CVE-2017-11820 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2017-11819 (Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code i ...) + NOT-FOR-US: Microsoft +CVE-2017-11818 (The Microsoft Windows Storage component on Microsoft Windows 8.1, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-11817 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11816 (The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Win ...) + NOT-FOR-US: Microsoft +CVE-2017-11815 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11814 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11813 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-11812 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703 ...) + NOT-FOR-US: Microsoft +CVE-2017-11811 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11810 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11809 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11808 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11807 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) + NOT-FOR-US: Microsoft +CVE-2017-11806 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) + NOT-FOR-US: Microsoft +CVE-2017-11805 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an a ...) + NOT-FOR-US: Microsoft +CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...) + NOT-FOR-US: Microsoft +CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...) + NOT-FOR-US: Microsoft +CVE-2017-11800 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11799 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11798 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-11797 (ChakraCore allows an attacker to execute arbitrary code in the context ...) + NOT-FOR-US: Microsoft +CVE-2017-11796 (ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to ...) + NOT-FOR-US: Microsoft +CVE-2017-11795 + RESERVED +CVE-2017-11794 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) + NOT-FOR-US: Microsoft +CVE-2017-11793 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an at ...) + NOT-FOR-US: Microsoft +CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11789 + RESERVED +CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-11787 + RESERVED +CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2 ...) + NOT-FOR-US: Skype +CVE-2017-11785 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11784 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11783 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-11782 (The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-11781 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11780 (The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 ...) + NOT-FOR-US: Microsoft +CVE-2017-11779 (The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft ...) + NOT-FOR-US: Microsoft +CVE-2017-11778 + RESERVED +CVE-2017-11777 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2017-11776 (Microsoft Outlook 2016 allows an attacker to obtain the email content ...) + NOT-FOR-US: Microsoft +CVE-2017-11775 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2017-11774 (Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11773 + RESERVED +CVE-2017-11772 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remot ...) + NOT-FOR-US: .NET Core +CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 151 ...) + NOT-FOR-US: Microsoft +CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the curr ...) + NOT-FOR-US: Microsoft +CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-11765 (The Microsoft Windows Kernel component on Microsoft Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-11764 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-11763 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11762 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-11761 (Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allo ...) + NOT-FOR-US: Microsoft +CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...) + NOT-FOR-US: ProjeQtOr +CVE-2017-11759 + RESERVED +CVE-2017-11758 + RESERVED +CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...) + NOT-FOR-US: Actian Pervasive PSQL server +CVE-2017-XXXX [executes javascript code downloaded from insecure URL] + - smplayer 17.7.0~ds0-1 (low; bug #870233) + [stretch] - smplayer (Minor issue) + [jessie] - smplayer (Minor issue) + [wheezy] - smplayer (vulnerable code not present) + NOTE: The version tracking here is not 100% since the vulnerable code still would + NOTE: be present in the source. Users though need to explicitly rebuilt the package + NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is + NOTE: disabled by default on upstream since 17.2.0 +CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ReadOnePNGIm ...) + {DSA-4019-1} + - imagemagick 8:6.9.7.4+dfsg-15 (bug #870111) + [stretch] - imagemagick (Minor issue) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/596 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645 +CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ReadOneMNGIm ...) + {DSA-4040-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (bug #870109) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05 +CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ReadOneJN ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/549 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f +CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG fi ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac +CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated u ...) + NOT-FOR-US: Earcms +CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) + - imagemagick (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/634 + NOTE: Possibly fixed by same commit as issue #631 upstream +CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) + - imagemagick (unimportant) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/633 + NOTE: ossibly fixed by same commit as issue #631 upstream +CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7. ...) + - imagemagick (Affects only ImageMagick-7; vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/629 +CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870481) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/628 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd + NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0 +CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 al ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870480) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/631 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323 +CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 an ...) + - imagemagick 8:6.9.7.4+dfsg-16 (bug #870478) + [stretch] - imagemagick (Incomplete patch for upstream issues/618 not applied) + [jessie] - imagemagick (Incomplete patch for upstream issues/618 not applied) + [wheezy] - imagemagick (Incomplete patch for upstream issues/618 not applied) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/632 + NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08 + NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680 + NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7 + NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618 +CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path ...) + NOT-FOR-US: InternetSoft FTP Commander +CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hij ...) + NOT-FOR-US: VIT Spider Player +CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinypro ...) + {DLA-2163-1} + - tinyproxy 1.10.0-1 (bug #870307) + [stretch] - tinyproxy 1.8.4-3~deb9u2 + [wheezy] - tinyproxy (Minor issue) + NOTE: https://github.com/tinyproxy/tinyproxy/issues/106 +CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a n ...) + {DLA-1069-1} + - tenshi 0.13-2.1 (unimportant; bug #871321) + [stretch] - tenshi 0.13-2.1~deb9u1 + NOTE: https://github.com/inversepath/tenshi/issues/6 + NOTE: https://github.com/inversepath/tenshi/commit/d0e7f28c13ffbd5888b31d6532c2faf78f10f176 + NOTE: Negligible security impact +CVE-2017-11745 + RESERVED +CVE-2017-11744 (In MODX Revolution 2.5.7, the "key" and "name" parameters in the Syste ...) + NOT-FOR-US: MODX Revolution +CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential th ...) + NOT-FOR-US: MEDHOST Connex +CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat i ...) + - expat (Windows specfic issue) +CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) bef ...) + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin +CVE-2017-11740 (In Zoho ManageEngine Application Manager 13.1 Build 13100, the adminis ...) + NOT-FOR-US: Zoho ManageEngine Application Manager +CVE-2017-11739 (In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenti ...) + NOT-FOR-US: Zoho ManageEngine Application Manager +CVE-2017-11738 (In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, th ...) + NOT-FOR-US: Zoho ManageEngine Application Manager +CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...) + - rspamd 1.7.6-1 + [jessie] - rspamd (Vulnerable code not present) + NOTE: https://github.com/vstakhov/rspamd/issues/1738 + NOTE: https://github.com/rspamd/rspamd/pull/1739 +CVE-2017-11736 (SQL injection vulnerability in core\admin\auto-modules\forms\process.p ...) + NOT-FOR-US: BigTree CMS +CVE-2017-11735 + REJECTED +CVE-2017-11734 (A heap-based buffer over-read was found in the function decompileCALLF ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/83 +CVE-2017-11733 (A null pointer dereference vulnerability was found in the function sta ...) + {DLA-1176-1} + - ming + NOTE: https://github.com/libming/libming/issues/78 +CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function d ...) + {DLA-1240-1} + - ming + NOTE: https://github.com/libming/libming/issues/80 +CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/84 +CVE-2017-11730 (A heap-based buffer over-read was found in the function OpCode (called ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/81 +CVE-2017-11729 (A heap-based buffer over-read was found in the function OpCode (called ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/79 +CVE-2017-11728 (A heap-based buffer over-read was found in the function OpCode (called ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/82 +CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in ConnectWise Manage ...) + NOT-FOR-US: ConnectWise Manage +CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise Manage ...) + NOT-FOR-US: ConnectWise Manage +CVE-2017-11725 (The share function in Thycotic Secret Server before 10.2.000019 mishan ...) + NOT-FOR-US: Thycotic Secret Server +CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php ...) + NOT-FOR-US: Xinha +CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9 ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870023) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/624 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf +CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...) + {DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020) + [stretch] - imagemagick (Minor issue, PoC triggers earlier assertion, fix reverted upstream) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/610 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9f1a91d93871cc6a5c0b99e8bacad4d730acf36 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/de8cdeceafdc7bbdfcc55cd08e6a8b0cc979c91c + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb + NOTE: https://github.com/ImageMagick/ImageMagick6/commit/75db34b6a4d642cb6f88c792942de27490c900e0 + NOTE: fix reverted with CVE-2017-18029 + NOTE: triggered by CVE-2017-12877 +CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a missi ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/598 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89 +CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found i ...) + {DSA-4019-1} + - imagemagick 8:6.9.7.4+dfsg-14 (bug #870014) + [stretch] - imagemagick (Minor issue) + [jessie] - imagemagick (vulnerable code not present) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/547 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375 +CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...) + {DSA-4204-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (bug #870012) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/362 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f86268752ffc70e40b6e1afdebfc96dcc29452db +CVE-2017-11722 (The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-4 (bug #870158) + [jessie] - graphicsmagick (vulnerable code not present) + [wheezy] - graphicsmagick (vulnerable code not present) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e +CVE-2017-11721 (Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers ...) + {DSA-3948-1 DSA-3941-1} + - ioquake3 1.36+u20170803+dfsg1-1 (bug #870725) + [wheezy] - ioquake3 (games are not supported in Wheezy) + NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1 + - iortcw 1.51+dfsg1-3 (bug #870811) + NOTE: https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934 + NOTE: Also affects openjk (only in experimental; fixed in 0~20170718+dfsg1-2 +CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused by a ...) + - lame 3.99.5+repack1-6 (low; bug #870809; bug #777159) + [wheezy] - lame 3.99.5+repack1-3+deb7u1 + NOTE: https://sourceforge.net/p/lame/bugs/460/ + NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/ +CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg 3. ...) + {DSA-3957-1} + - ffmpeg 7:3.3.3-1 + - libav + [jessie] - libav (Issue only present in ffmpeg since 6f1ccca4) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92 + NOTE: Fixed in 3.2.7 +CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...) + NOT-FOR-US: MetInfo +CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 secon ...) + NOT-FOR-US: MetInfo +CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.) + NOT-FOR-US: MetInfo +CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php exte ...) + NOT-FOR-US: MetInfo +CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869977) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1) +CVE-2017-11713 + RESERVED +CVE-2017-11712 + RESERVED +CVE-2017-11711 + RESERVED +CVE-2017-11710 + RESERVED +CVE-2017-11709 + RESERVED +CVE-2017-11708 + RESERVED +CVE-2017-11707 + RESERVED +CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote a ...) + NOT-FOR-US: Boozt Fashion application +CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in uti ...) + - ming + [wheezy] - ming (Minor issue present everywhere in the source code, hard to fix) + NOTE: https://github.com/libming/libming/issues/71 +CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...) + {DLA-1133-1} + - ming + NOTE: https://github.com/libming/libming/issues/76 +CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTIO ...) + - ming + [wheezy] - ming (Minor issue present everywhere in the source code, hard to fix) + NOTE: https://github.com/libming/libming/issues/72 +CVE-2017-11702 + RESERVED +CVE-2017-11701 + RESERVED +CVE-2017-11700 + RESERVED +CVE-2017-11699 + RESERVED +CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in lib/dbm/src/h ...) + - nss (bug #873259; unimportant) + NOTE: Issues triggered by crafted DBM databases, which would + NOTE: require local user access to a machine running NSS and + NOTE: crafting the local DBM files. + NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779 +CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network Security Ser ...) + - nss (bug #873258; unimportant) + NOTE: Issues triggered by crafted DBM databases, which would + NOTE: require local user access to a machine running NSS and + NOTE: crafting the local DBM files. + NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900 +CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in lib/dbm/src/ ...) + - nss (bug #873257; unimportant) + NOTE: Issues triggered by crafted DBM databases, which would + NOTE: require local user access to a machine running NSS and + NOTE: crafting the local DBM files. + NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778 +CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/h ...) + - nss (bug #873256; unimportant) + NOTE: Issues triggered by crafted DBM databases, which would + NOTE: require local user access to a machine running NSS and + NOTE: crafting the local DBM files. + NOTE: http://seclists.org/fulldisclosure/2017/Aug/17 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782 +CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentials tha ...) + NOT-FOR-US: MEDHOST Document Management System +CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials tha ...) + NOT-FOR-US: MEDHOST Document Management System +CVE-2017-11692 (The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 a ...) + - yaml-cpp 0.6.3-1 (low; bug #870326) + [buster] - yaml-cpp (Minor issue) + [stretch] - yaml-cpp (Minor issue) + [jessie] - yaml-cpp (Minor issue) + [wheezy] - yaml-cpp (Minor issue) + - yaml-cpp0.3 (bug #870327) + [stretch] - yaml-cpp0.3 (Minor issue) + [jessie] - yaml-cpp0.3 (Minor issue) + NOTE: https://github.com/jbeder/yaml-cpp/issues/519 + NOTE: https://github.com/jbeder/yaml-cpp/commit/c9460110e072df84b7dee3eb651f2ec5df75fb18 +CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code exe ...) + NOT-FOR-US: Avira +CVE-2017-11690 + RESERVED +CVE-2017-11689 + RESERVED +CVE-2017-11688 + RESERVED +CVE-2017-11687 (Multiple Persistent cross-site scripting (XSS) vulnerabilities in Even ...) + NOT-FOR-US: Zoho ManageEngine Event Log Analyzer +CVE-2017-11686 (Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attac ...) + NOT-FOR-US: Zoho ManageEngine Event Log Analyzer +CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in sear ...) + NOT-FOR-US: Zoho ManageEngine Event Log Analyzer +CVE-2017-11684 (There is an illegal address access in the build_table function in liba ...) + - libav + [jessie] - libav 6:11.11-1~deb8u1 + - ffmpeg 7:2.3.1-1 + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1073 + NOTE: Fixed by https://github.com/libav/libav/commit/ec683ed527cef9aad208d1daeb10d0e7fb63e75e.patch +CVE-2017-11683 (There is a reachable assertion in the Internal::TiffReader::visitDirec ...) + {DLA-3186-1 DLA-1147-1} + - exiv2 0.27.2-6 (unimportant) + NOTE: http://dev.exiv2.org/issues/1307 + NOTE: https://github.com/Exiv2/exiv2/issues/57 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124 + NOTE: Problematic assert() exists in all versions in Debian. + NOTE: Negligable security impact +CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...) + NOT-FOR-US: Hashtopussy +CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows rem ...) + NOT-FOR-US: Hashtopussy +CVE-2017-11680 (Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowin ...) + NOT-FOR-US: Hashtopussy +CVE-2017-11679 (Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the pas ...) + NOT-FOR-US: Hashtopus +CVE-2017-11678 (SQL injection vulnerability in Hashtopus 1.5g allows remote authentica ...) + NOT-FOR-US: Hashtopus +CVE-2017-11677 (Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remo ...) + NOT-FOR-US: Hashtopus +CVE-2017-11676 + RESERVED +CVE-2017-11675 (The traverseStrictSanitize function in admin_dir/includes/classes/Admi ...) + NOT-FOR-US: ZenCart +CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a denial o ...) + NOT-FOR-US: Acunetix +CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrar ...) + NOT-FOR-US: Acunetix +CVE-2017-11672 (The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is ins ...) + NOT-FOR-US: OPC Foundation Local Discovery Server +CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386. ...) + - gcc-6 6.3.0-12 + - gcc-5 5.4.1-10 + - gcc-4.9 + [jessie] - gcc-4.9 (Minor issue) + - gcc-4.8 + [jessie] - gcc-4.8 (Minor issue) + - gcc-4.7 + [wheezy] - gcc-4.7 (Minor issue) + - gcc-4.6 + [wheezy] - gcc-4.6 (Minor issue) + NOTE: http://openwall.com/lists/oss-security/2017/07/27/2 + NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180 + NOTE: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html +CVE-2017-11670 (A length validation (leading to out-of-bounds read and write) flaw was ...) + NOT-FOR-US: eapmd5pass +CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function in ea ...) + NOT-FOR-US: eapmd5pass +CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ea ...) + NOT-FOR-US: eapmd5pass +CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...) + {DSA-4019-1 DLA-1785-1} + - imagemagick 8:6.9.7.4+dfsg-13 (bug #869830) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/501 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc +CVE-2017-11691 (Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...) + - cacti 1.1.15+ds1-1 (bug #869848) + [stretch] - cacti (Vulnerable code introduced later with addition of user profile management page for users) + [jessie] - cacti (Vulnerable code introduced later with addition of user profile management page for users) + [wheezy] - cacti (Vulnerable code introduced later with addition of user profile management page for users) + NOTE: https://github.com/Cacti/cacti/issues/867 + NOTE: /for/fohttps://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c +CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expir ...) + NOT-FOR-US: OpenProject +CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the f ...) + NOT-FOR-US: Kopano +CVE-2017-11665 (The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg ...) + {DSA-3957-1} + - ffmpeg 7:3.3.3-1 + NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130 + NOTE: Fixed in 3.2.7 +CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0. ...) + - wildmidi 0.4.2-1 (low; bug #871616) + [stretch] - wildmidi (Minor issue) + [jessie] - wildmidi (vulnerable code not present) + [wheezy] - wildmidi (vulnerable code not present) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 + NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd +CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0. ...) + - wildmidi 0.4.2-1 (low; bug #871616) + [stretch] - wildmidi (Minor issue) + [jessie] - wildmidi (vulnerable code not present) + [wheezy] - wildmidi (vulnerable code not present) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 + NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd +CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ...) + - wildmidi 0.4.2-1 (low; bug #871616) + [stretch] - wildmidi (Minor issue) + [jessie] - wildmidi (vulnerable code not present) + [wheezy] - wildmidi (vulnerable code not present) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 + NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd +CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0. ...) + - wildmidi 0.4.2-1 (low; bug #871616) + [stretch] - wildmidi (Minor issue) + [jessie] - wildmidi (vulnerable code not present) + [wheezy] - wildmidi (vulnerable code not present) + NOTE: http://seclists.org/fulldisclosure/2017/Aug/12 + NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd +CVE-2017-11660 + RESERVED +CVE-2017-11659 + RESERVED +CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...) + NOT-FOR-US: WordPress plugin +CVE-2017-11657 (Dashlane might allow local users to gain privileges by placing a Troja ...) + NOT-FOR-US: Dashlane +CVE-2017-11656 + RESERVED +CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of ...) + - sipcrack (unimportant; bug #869803) + NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1 + NOTE: Negligible security impact +CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...) + - sipcrack (unimportant; bug #869803) + NOTE: https://www.openwall.com/lists/oss-security/2017/07/26/1 + NOTE: Negligible security impact +CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the D ...) + NOT-FOR-US: Razer Synapse +CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the C ...) + NOT-FOR-US: Razer Synapse +CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...) + NOT-FOR-US: NexusPHP +CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devic ...) + NOT-FOR-US: DrayTek +CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910 ...) + NOT-FOR-US: DrayTek +CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do ...) + NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices +CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) + NOT-FOR-US: NetComm Wireless 4GT101W routers +CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) + NOT-FOR-US: NetComm Wireless 4GT101W routers +CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1. ...) + NOT-FOR-US: NetComm Wireless 4GT101W routers +CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870016) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/587 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc +CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() func ...) + {DSA-4321-1 DLA-1401-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870157) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71 +CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WriteMAPIm ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870156) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 +CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function i ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870155) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318 +CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DSA-4040-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (bug #870067) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/584 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86 +CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DSA-4204-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (bug #870065) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/588 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a +CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the WriteMAPImag ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870154) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9 +CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the WritePCLIm ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870153) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257 +CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() funct ...) + {DSA-4321-1 DLA-1401-1 DLA-1045-1} + - graphicsmagick 1.3.26-4 (bug #870149) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c +CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers c ...) + NOT-FOR-US: Wireless IP Camera 360 devices +CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...) + NOT-FOR-US: Wireless IP Camera 360 devices +CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices. Remote atta ...) + NOT-FOR-US: Wireless IP Camera 360 devices +CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A root acco ...) + NOT-FOR-US: Wireless IP Camera 360 devices +CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL inj ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in contro ...) + NOT-FOR-US: FineCMS +CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a sta ...) + {DSA-4081-1 DSA-4080-1 DLA-1066-1} + - php7.1 7.1.8-1 (low) + - php7.0 7.0.22-1 (low) + - php5 (low) + NOTE: https://bugs.php.net/bug.php?id=74603 + NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 + NOTE: Fixed by https://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e +CVE-2017-11627 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #871320) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://github.com/qpdf/qpdf/issues/118 +CVE-2017-11626 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #871320) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://github.com/qpdf/qpdf/issues/119 +CVE-2017-11625 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #871320) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://github.com/qpdf/qpdf/issues/120 +CVE-2017-11624 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #871320) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://github.com/qpdf/qpdf/issues/117 +CVE-2017-11623 + RESERVED +CVE-2017-11622 + RESERVED +CVE-2017-11621 + RESERVED +CVE-2017-11620 + RESERVED +CVE-2017-11619 + RESERVED +CVE-2017-XXXX [out-of-bounds read in eexec_line()] + - t1utils 1.40-1 (bug #868134; unimportant) + [jessie] - t1utils (Vulnerable code introduced in 1.39) + [wheezy] - t1utils (Vulnerable code introduced in 1.39) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/kohler/t1utils/issues/6 +CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a "width ...) + {DSA-4040-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (bug #869728) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84 +CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...) + {DLA-2366-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/546 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9 +CVE-2017-XXXX [memory leak in quantize] + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869722) + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u16 + NOTE: Workaround entry for DLA-1081-1 since no CVE assigned + NOTE: https://github.com/ImageMagick/ImageMagick/issues/574 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123 +CVE-2017-12664 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/574 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f +CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in th ...) + {DSA-4040-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (bug #869715) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/555 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2 +CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the f ...) + {DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869713) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/544 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277 +CVE-2017-11618 + RESERVED +CVE-2017-11617 (Cross-site scripting (XSS) vulnerability in atmail prior to version 7. ...) + - atmailopen +CVE-2017-11616 + RESERVED +CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 ...) + NOT-FOR-US: Wube Factorio +CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for custo ...) + NOT-FOR-US: MEDHOST Connex +CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the TI ...) + {DSA-4349-1 DLA-1411-1 DLA-1391-1} + - tiff 4.0.9-5 (low; bug #869823) + - tiff3 + [wheezy] - tiff3 (Minor issue, revisit once fixed upstream) + NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530 + NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8 + NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be +CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...) + NOT-FOR-US: Joomla! +CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...) + NOT-FOR-US: ZyXEL +CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulner ...) + NOT-FOR-US: Wolf CMS +CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2 ...) + {DSA-3942-1 DLA-1047-1} + - supervisor 3.3.1-1.1 (bug #870187) + NOTE: https://github.com/Supervisor/supervisor/issues/964 + NOTE: 3.3.3 https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e + NOTE: 3.2.4 https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e + NOTE: 3.1.4 https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88 + NOTE: 3.0.1 https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0 +CVE-2017-11609 + RESERVED +CVE-2017-11608 (There is a heap-based buffer over-read in the Sass::Prelexer::re_lineb ...) + - libsass 3.4.6-1 (bug #870186) + [stretch] - libsass (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474276 + NOTE: https://github.com/sass/libsass/commit/648f763ede97f9a2c2c843a0a18ac18bbde3507b (3.4.6) +CVE-2017-11607 + RESERVED +CVE-2017-11606 + RESERVED +CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ad ...) + NOTE: Bogus report against historic libsass version +CVE-2017-11604 + RESERVED +CVE-2017-11603 + RESERVED +CVE-2017-11602 + RESERVED +CVE-2017-11601 + RESERVED +CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.12.6-1 + NOTE: http://seclists.org/bugtraq/2017/Jul/30 +CVE-2017-11599 + RESERVED +CVE-2017-11598 + RESERVED +CVE-2017-11597 + RESERVED +CVE-2017-11596 + RESERVED +CVE-2017-11595 + RESERVED +CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in Loo ...) + - loomio (bug #756319) +CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...) + NOT-FOR-US: Chrome extension Markdown Preview Plus +CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...) + - exiv2 (printTiffStructure introduced in 0.26; only affected experimental; bug #895568) + NOTE: https://github.com/Exiv2/exiv2/issues/56 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889 +CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function i ...) + {DLA-3265-1 DLA-1147-1} + - exiv2 0.27.2-6 (low; bug #876893) + [stretch] - exiv2 (Minor issue) + [jessie] - exiv2 (Minor issue) + NOTE: https://github.com/Exiv2/exiv2/issues/55 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888 + NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1). +CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in g ...) + {DLA-1054-1} + - libgxps 0.3.0-1 (low; bug #870183) + [stretch] - libgxps (Minor issue) + [jessie] - libgxps (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479 + NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920 +CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) + NOT-FOR-US: Cisco +CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) + NOT-FOR-US: Cisco +CVE-2017-11587 (On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00 ...) + NOT-FOR-US: Cisco +CVE-2017-11586 (dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in ...) + NOT-FOR-US: FineCms +CVE-2017-11585 (dayrui FineCms 5.0.9 has remote PHP code execution via the param param ...) + NOT-FOR-US: FineCms +CVE-2017-11584 (dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an a ...) + NOT-FOR-US: FineCms +CVE-2017-11583 (dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an a ...) + NOT-FOR-US: FineCms +CVE-2017-11582 (dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an act ...) + NOT-FOR-US: FineCms +CVE-2017-11581 (dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php ...) + NOT-FOR-US: FineCms +CVE-2017-11580 (Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory c ...) + NOT-FOR-US: Blipcare Wifi blood pressure monitor BP700 10.1 devices +CVE-2017-11579 (In the most recent firmware for Blipcare, the device provides an open ...) + NOT-FOR-US: Blipcare +CVE-2017-11578 (It was discovered as a part of the research on IoT devices in the most ...) + NOT-FOR-US: Blipcare +CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid (pars ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3088 + NOTE: https://github.com/fontforge/fontforge/commit/3245d354865def9d712bdffe61fa211ad6aa4081 +CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3091 + NOTE: https://github.com/fontforge/fontforge/commit/df349365630344ef3004a3c7934c7e7496692fb1 +CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch (c ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3096 + NOTE: https://github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac +CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in re ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3090 + NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3 +CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ValidatePost ...) + - fontforge (unimportant; bug #873588) + NOTE: https://github.com/fontforge/fontforge/issues/3098 + NOTE: Crash in GUI tool/related desktop libs, no security impact +CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3092 +CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in a ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3087 + NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b +CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc (par ...) + - fontforge (unimportant; bug #873587) + NOTE: https://github.com/fontforge/fontforge/issues/3097 + NOTE: Crash in GUI tool/related desktop libs, no security impact +CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in r ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3093 + NOTE: https://github.com/fontforge/fontforge/commit/7bfec47910293bf149b8debe44c6f3f788506092 +CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in P ...) + {DSA-3958-1 DLA-1065-1} + - fontforge 1:20170731~dfsg-1 (bug #869614) + NOTE: https://github.com/fontforge/fontforge/issues/3089 +CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server ...) + NOT-FOR-US: Mongoose +CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field.) + NOT-FOR-US: AppUse +CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due t ...) + - pagure (Fixed before initial upload to the archive) + NOTE: https://pagure.io/pagure/pull-request/2426 +CVE-2017-11564 (The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command i ...) + NOT-FOR-US: D-Link +CVE-2017-11563 (D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code executio ...) + NOT-FOR-US: D-Link +CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegur ...) + NOT-FOR-US: MT4 SenhaSegura +CVE-2017-11561 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authen ...) + NOT-FOR-US: ZOHO ManageEngine OpManager +CVE-2017-11560 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding ...) + NOT-FOR-US: ZOHO ManageEngine OpManager +CVE-2017-11559 (An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiK ...) + NOT-FOR-US: ZOHO ManageEngine OpManager +CVE-2017-11558 + RESERVED +CVE-2017-11557 (An issue was discovered in ZOHO ManageEngine Applications Manager 12.3 ...) + NOT-FOR-US: ZOHO ManageEngine Applications Manager +CVE-2017-11556 (There is a stack consumption vulnerability in the Parser::advanceToNex ...) + - libsass 3.5.4-1 (bug #870182) + [stretch] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/2447 + NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623 +CVE-2017-11555 (There is an illegal address access in the Eval::operator function in e ...) + - libsass 3.5.4-1 (bug #870182) + [stretch] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/2446 + NOTE: https://github.com/sass/libsass/commit/946ef4995bee1b19de581b69850e1eb841c06b12 +CVE-2017-11554 (There is a stack consumption vulnerability in the lex function in pars ...) + - libsass 3.5.4-1 (bug #870182) + [stretch] - libsass (Minor issue) + NOTE: https://github.com/sass/libsass/issues/2445 + NOTE: https://github.com/sass/libsass/commit/7664114543757e932f5b1a2ff5295aa9b34f8623 +CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...) + - exiv2 (Vulnerable code introduced after 0.25; only present in experimental; bug #888874) + NOTE: https://github.com/Exiv2/exiv2/issues/54 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772 +CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use wit ...) + - mpg321 0.3.2-2 (bug #870406) + [stretch] - mpg321 (Minor issue) + [jessie] - mpg321 (Minor issue) + [wheezy] - mpg321 (Minor issue) + NOTE: CVE was originally assigned for libmad, but further analysis has shown + NOTE: that the underlying issue is in src:mpg321 + NOTE: Cf. https://bugs.debian.org/870406#25 for more Details. + NOTE: http://seclists.org/fulldisclosure/2017/Jul/94 +CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows re ...) + - libid3tag 0.15.1b-5 (bug #870333) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/85 + NOTE: Same issue as #304913 +CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows rem ...) + - libid3tag 0.15.1b-9 (bug #405801) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/85 + NOTE: Addressed by the 11_unknown_encoding.dpatch patch +CVE-2017-11549 (The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remot ...) + - timidity (unimportant; bug #870338) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 + NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ + NOTE: Crash in CLI tool, no security impact +CVE-2017-11548 (The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 a ...) + - libao (unimportant; bug #870608) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/84 + NOTE: Not a security issue in ao, needs to be validated in applications using it, see #870608 +CVE-2017-11547 (The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...) + - timidity 2.14.0-4 (unimportant; bug #870338) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 + NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ + NOTE: Crash in CLI tool, no security impact +CVE-2017-11546 (The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allo ...) + - timidity 2.14.0-4 (unimportant; bug #870338) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/83 + NOTE: https://sourceforge.net/p/timidity/discussion/217458/thread/9a1c9620/ + NOTE: Crash in CLI tool, no security impact +CVE-2017-11545 + REJECTED +CVE-2017-11544 + REJECTED +CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...) + {DSA-3971-1 DLA-1090-1} + - tcpdump 4.9.1-3 (bug #873806) + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3 + NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl +CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print fun ...) + {DSA-3971-1 DLA-1090-1} + - tcpdump 4.9.1-3 (bug #873805) + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae + NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim +CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print func ...) + {DSA-3971-1 DLA-1090-1} + - tcpdump 4.9.1-3 (bug #873804) + NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280 + NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print +CVE-2017-11540 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + - imagemagick (Only affects ImageMagick-7 series) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/581 +CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870120) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/582 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e + NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/36aad912d1f405a28a9a1204120b569e7da5898e +CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + - imagemagick (Vulnerable code introduced later, cf bug #870110) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/569 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f + NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697 +CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/560 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b +CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869831) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/567 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6 +CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DSA-4204-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (bug #869827) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/561 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4 + NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441 +CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869711) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/564 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90 +CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DSA-4204-1 DSA-4019-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (bug #869834) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/562 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59 +CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869726) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/563 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161 +CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can l ...) + {DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869725) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/566 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8 +CVE-2017-11521 (The SdpContents::Session::Medium::parse function in resip/stack/SdpCon ...) + {DLA-2865-1 DLA-1439-1 DLA-1040-1} + - resiprocate (low; bug #869404) + NOTE: https://github.com/resiprocate/resiprocate/pull/88 + NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8 +CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon paramet ...) + NOT-FOR-US: ATutor +CVE-2017-11520 + RESERVED +CVE-2017-11519 (passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an a ...) + NOT-FOR-US: TP-Link +CVE-2016-10399 (Sendio versions before 8.2.1 were affected by a Local File Inclusion v ...) + NOT-FOR-US: Sendio +CVE-2017-11518 + RESERVED +CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in Geuteb ...) + NOT-FOR-US: Geutebrueck Gcore +CVE-2017-11516 (An XSS vulnerability exists in framework/views/errorHandler/exception. ...) + NOT-FOR-US: Yii Framework +CVE-2017-11515 + RESERVED +CVE-2017-11514 + RESERVED +CVE-2017-11513 + RESERVED +CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) + NOT-FOR-US: ManageEngine ServiceDesk +CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...) + NOT-FOR-US: ManageEngine ServiceDesk +CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that all ...) + NOT-FOR-US: Wanscam's HW0021 network camera +CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in Firebir ...) + {DLA-2824-1 DLA-2129-1 DLA-1374-1} + - firebird3.0 3.0.3.32900.ds4-3 + - firebird2.5 + NOTE: https://www.tenable.com/security/research/tra-2017-36 + NOTE: https://github.com/FirebirdSQL/firebird/issues/5787 + NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed + NOTE: in "any current release". + NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix, + NOTE: and might actually be considered more of just a mitigation. + NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at +CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...) + NOT-FOR-US: SecurityCenter +CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) + - check-mk 1.2.8p26-1 + [wheezy] - check-mk (Minor issue) + NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=7661 + NOTE: https://www.tenable.com/security/research/tra-2017-20 +CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...) + NOT-FOR-US: Nessus +CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor wa ...) + - tor 0.3.1.7-1 (bug #869153) + [stretch] - tor (Minor issue) + [jessie] - tor (aa-exec in jessie is located in /usr/sbin/) + [wheezy] - tor (aa-exec in jessie is located in /usr/sbin/) + NOTE: https://twitter.com/pissquark/status/888142796414226432 +CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through 6.9.9 ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/591 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078 + NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78 +CVE-2017-11522 (The WriteOnePNGImage function in coders/png.c in ImageMagick through 6 ...) + - imagemagick (bug #869209; vulnerable code not present, ImageMagick-7 issue only) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/586 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f +CVE-2017-11504 + RESERVED +CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Add ...) + - libphp-phpmailer 6.0.6-0.1 (unimportant) + NOTE: code_generator.phps installed to examples +CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ar ...) + NOT-FOR-US: Technicolor +CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL Certi ...) + NOT-FOR-US: NixOS +CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...) + NOT-FOR-US: MetInfo +CVE-2017-11499 (Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11. ...) + - nodejs 4.8.4~dfsg-1 (bug #868162; unimportant) + NOTE: https://nodejs.org/en/blog/release/v6.11.1/ + NOTE: https://nodejs.org/en/blog/release/v4.8.4/ +CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all ...) + NOT-FOR-US: Gemalto ACC +CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...) + NOT-FOR-US: Gemalto ACC +CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center) ...) + NOT-FOR-US: Gemalto ACC +CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow unauthenticat ...) + NOT-FOR-US: PHICOMM +CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...) + NOT-FOR-US: SOL.Connect ISET-mpp meter +CVE-2017-11493 + REJECTED +CVE-2017-11492 + REJECTED +CVE-2017-11491 + REJECTED +CVE-2017-11490 + REJECTED +CVE-2017-11489 + REJECTED +CVE-2017-11488 + REJECTED +CVE-2017-11487 + REJECTED +CVE-2017-11486 + REJECTED +CVE-2017-11485 + REJECTED +CVE-2017-11484 + REJECTED +CVE-2017-11483 + REJECTED +CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With X-Pa ...) + - kibana (bug #700337) +CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (X ...) + - kibana (bug #700337) +CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...) + NOT-FOR-US: Packetbeat +CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulner ...) + - kibana (bug #700337) +CVE-2017-11477 + RESERVED +CVE-2017-11476 + RESERVED +CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exp ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/com ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...) + NOT-FOR-US: IDERA Uptime Monitor +CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in /gadgets/definitions/upt ...) + NOT-FOR-US: IDERA Uptime Monitor +CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in th ...) + NOT-FOR-US: IDERA Uptime Monitor +CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly ...) + - docker-registry 2.6.2~ds1-1 (bug #869242) +CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...) + NOT-FOR-US: OrientDB +CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows a ...) + - ruby2.3 (Specific to Ruby 2.4) + - ruby2.1 (Specific to Ruby 2.4) +CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in G ...) + {DLA-2285-1} + - librsvg 2.40.18-1 (bug #869129) + [jessie] - librsvg (Vulnerable code introduced in 2.40.9) + [wheezy] - librsvg (Vulnerable code introduced in 2.40.9) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783835 + NOTE: Introduced in: https://git.gnome.org/browse/librsvg/commit/?id=054807726db76558728e7a7513aabc4698b3dc95 (2.40.9) + NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a +CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in arch/x86/k ...) + - linux 4.13.4-1 (unimportant) + [stretch] - linux 4.9.47-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux 3.2.96-1 + NOTE: Fixed by: https://git.kernel.org/linus/dad5ab0db8deac535d03e3fe3d8f2892173fa6a4 + NOTE: Non-issue since ACPI tables are trusted +CVE-2017-11472 (The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in t ...) + - linux 4.12.6-1 (unimportant) + NOTE: Fixed by: https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1) + NOTE: Non-issue since ACPI tables are trusted +CVE-2017-11466 (Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxF ...) + NOT-FOR-US: dotCMS +CVE-2017-11463 (In Ivanti Service Desk (formerly LANDESK Management Suite) versions be ...) + NOT-FOR-US: LANDESK +CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attacker ...) + - krb5 1.15.2-1 (low; bug #873563) + [stretch] - krb5 (Minor issue, might lead to behaviour changes) + [jessie] - krb5 (Minor issue, might lead to behaviour changes) + [wheezy] - krb5 (Minor issue, might lead to behaviour changes) + NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf + NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598 +CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions pr ...) + NOT-FOR-US: NetApp +CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService s ...) + NOT-FOR-US: SAP +CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...) + NOT-FOR-US: SAP +CVE-2017-11458 (Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol s ...) + NOT-FOR-US: SAP +CVE-2017-11457 (XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP Ne ...) + NOT-FOR-US: SAP +CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...) + NOT-FOR-US: Geneko GWR routers +CVE-2017-11455 (diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8. ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2017-11454 + RESERVED +CVE-2017-11453 + RESERVED +CVE-2017-11452 + RESERVED +CVE-2017-11451 + RESERVED +CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867894) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602 +CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable st ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867896) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce + NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce +CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before 7.0. ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867893) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11 +CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...) + {DSA-3914-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867897) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/556 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d +CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has a ...) + {DSA-4019-1 DLA-1785-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/537 + NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96182884778bfc43d6a9a0abd90cedb5d8cf8977 +CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/a ...) + NOT-FOR-US: Subrion CMS +CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /fron ...) + NOT-FOR-US: Subrion CMS +CVE-2017-11443 + RESERVED +CVE-2017-11442 + RESERVED +CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before ...) + NOT-FOR-US: WHM Upload Locale interface in cPanel +CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the shell/Applic ...) + NOT-FOR-US: Sitecore +CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tool ...) + NOT-FOR-US: Sitecore +CVE-2017-11438 (GitLab Community Edition (CE) and Enterprise Edition (EE) before 9.0.1 ...) + - gitlab (Only affects 8.5 onwards) + NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/ +CVE-2017-11437 (GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, an ...) + - gitlab (Only affects Enterprise Edition) + NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905 + NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/ +CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x ...) + NOT-FOR-US: D-Link +CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an authenticat ...) + NOT-FOR-US: Humax Wi-Fi Router model HG100R-* +CVE-2017-11434 (The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ...) + {DSA-3925-1 DLA-1497-1 DLA-1071-1 DLA-1070-1} + - qemu 1:2.8+dfsg-7 (bug #869171) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html +CVE-2017-11433 + RESERVED +CVE-2017-11432 + RESERVED +CVE-2017-11431 + RESERVED +CVE-2017-11430 (OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the ...) + - ruby-omniauth-saml (The actual vulnerability is in ruby-saml, which is used by the Debian package) + NOTE: The change in 1.10.0 simply bumps the version requirement + NOTE: https://github.com/omniauth/omniauth-saml/issues/156 + NOTE: https://github.com/omniauth/omniauth-saml/pull/157 + NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + NOTE: https://www.kb.cert.org/vuls/id/475445 +CVE-2017-11429 (Clever saml2-js 2.0 and earlier may incorrectly utilize the results of ...) + NOT-FOR-US: Clever saml2-js + NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + NOTE: https://nodesecurity.io/advisories/567 + NOTE: https://www.kb.cert.org/vuls/id/475445 +CVE-2017-11428 (OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the resul ...) + - ruby-saml 1.7.2-1 (bug #892865) + [stretch] - ruby-saml (Minor issue) + NOTE: fixed in 1.7.0 + NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + NOTE: https://www.kb.cert.org/vuls/id/475445 + NOTE: https://github.com/onelogin/ruby-saml/commit/048a544730930f86e46804387a6b6fad50d8176f +CVE-2017-11427 (OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the resu ...) + NOT-FOR-US: OneLogin python-saml + NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations + NOTE: https://www.kb.cert.org/vuls/id/475445 +CVE-2017-11426 + RESERVED +CVE-2017-11425 + RESERVED +CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm ...) + {DSA-3979-1} + - pyjwt 1.4.2-1.1 (bug #873244) + NOTE: https://github.com/jpadilla/pyjwt/pull/277 +CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...) + {DSA-3946-1 DLA-1279-1} + - libmspack 0.6-1 (bug #868956) + - clamav 0.99.3~beta1+dfsg-1 (unimportant) + [stretch] - clamav 0.99.4+dfsg-1+deb9u1 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public) + NOTE: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38 + NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul + NOTE: ClamAV: https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13 + NOTE: ClamaV: https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96 + NOTE: ClamAV uses the libmspack system library when available. This is the + NOTE: case from starting from Debian Jessie. Debian Wheezy does not have + NOTE: libmspack and thus need to have the fix as well in the src:clamav source package. +CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's p ...) + NOT-FOR-US: Statamic +CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asusw ...) + NOT-FOR-US: ASUS +CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_article/controller/edito ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_comment/controller/inser ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/sys_article ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/sys_comment ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/ ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_comment/controller/ ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY di ...) + - wireshark 2.4.0-1 (bug #870179) + [stretch] - wireshark (Incomplete fix for CVE-2017-9350 not applied) + [jessie] - wireshark (Incomplete fix for CVE-2017-9350 not applied) + [wheezy] - wireshark (Incomplete fix for CVE-2017-9350 not applied) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a83a324acdfc07a0ca8b65e6ebaba3374ab19c76 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html +CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissect ...) + - wireshark 2.4.0-1 (bug #870180) + [jessie] - wireshark (Incomplete fix for CVE-2017-7702 not applied) + [wheezy] - wireshark (Incomplete fix for CVE-2017-7702 not applied) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html +CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a l ...) + {DLA-1634-1} + - wireshark 2.2.0~rc1+g438c022-1 (low) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html + NOTE: Technically the 2.2.0~rc1+g438c022-1 is just the first version in unstable + NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid + NOTE: in version 2.1.0. +CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector co ...) + {DSA-4060-1 DLA-1226-1} + - wireshark 2.4.0-1 (bug #870172) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html +CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector coul ...) + {DLA-1634-1} + - wireshark 2.4.0-1 (low; bug #870172) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html +CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...) + {DLA-1634-1} + - wireshark 2.4.0-1 (bug #870172) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html +CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-3 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37 + NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103 + NOTE: issue. See: https://www.openwall.com/lists/oss-security/2017/09/01/6 + NOTE: The addition required commit is: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f +CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) + NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance +CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) + NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance +CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon Sec ...) + NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance +CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection wh ...) + - gnome-exe-thumbnailer 0.9.5-1 (bug #868705) + [stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1 + NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html + NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5 +CVE-2017-11399 (Integer overflow in the ape_decode_frame function in libavcodec/apedec ...) + {DSA-3957-1} + - ffmpeg 7:3.3.3-1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0 + NOTE: Fixed in 3.2.7 +CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro Sm ...) + NOT-FOR-US: Trend Micro +CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for E ...) + NOT-FOR-US: Trend Micro +CVE-2017-11396 (Vulnerability issues with the web service inspection of input paramete ...) + NOT-FOR-US: Trend Micro Web Security Virtual Appliance +CVE-2017-11395 (Command injection vulnerability in Trend Micro Smart Protection Server ...) + NOT-FOR-US: Trend Micro Smart Protection Server +CVE-2017-11394 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) + NOT-FOR-US: Trend Micro +CVE-2017-11393 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...) + NOT-FOR-US: Trend Micro +CVE-2017-11392 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...) + NOT-FOR-US: Trend Micro +CVE-2017-11391 (Proxy command injection vulnerability in Trend Micro InterScan Messagi ...) + NOT-FOR-US: Trend Micro +CVE-2017-11390 (XML external entity (XXE) processing vulnerability in Trend Micro Cont ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11389 (Directory traversal vulnerability in Trend Micro Control Manager 6.0 a ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11388 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11387 (Authentication Bypass in Trend Micro Control Manager 6.0 causes Inform ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11386 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11385 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11384 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11383 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Ex ...) + NOT-FOR-US: Trend Micro Control Manager +CVE-2017-11382 (Denial of Service vulnerability in Trend Micro Deep Discovery Email In ...) + NOT-FOR-US: Trend Micro +CVE-2017-11381 (A command injection vulnerability exists in Trend Micro Deep Discovery ...) + NOT-FOR-US: Trend Micro Deep Discovery Director +CVE-2017-11380 (Backup archives were found to be encrypted with a static password acro ...) + NOT-FOR-US: Trend Micro Deep Discovery Director +CVE-2017-11379 (Configuration and database backup archives are not signed or validated ...) + NOT-FOR-US: Trend Micro Deep Discovery Director +CVE-2017-11378 + RESERVED +CVE-2017-11377 + RESERVED +CVE-2017-11376 + RESERVED +CVE-2017-11375 + RESERVED +CVE-2017-11374 + RESERVED +CVE-2017-11373 + RESERVED +CVE-2017-11372 + RESERVED +CVE-2017-11371 + RESERVED +CVE-2017-11370 + RESERVED +CVE-2017-11369 + RESERVED +CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...) + {DLA-1058-1} + - krb5 1.15.1-2 (bug #869260) + [stretch] - krb5 1.15-1+deb9u1 + [jessie] - krb5 1.12.1+dfsg-19+deb8u3 + NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2 +CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 a ...) + NOT-FOR-US: shoco +CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...) + NOT-FOR-US: Codiad +CVE-2017-11365 (Certain Symfony products are affected by: Incorrect Access Control. Th ...) + - symfony (introduced in versions that were never packaged in Debian) + NOTE: https://symfony.com/blog/cve-2017-11365-empty-passwords-validation-issue +CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's own ...) + NOT-FOR-US: Joomla! +CVE-2017-11363 + RESERVED +CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/ms ...) + - php7.1 7.1.8-1 (unimportant) + - php7.0 7.0.22-1 (unimportant) + - php5 (unimportant) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73473 + NOTE: Fixed in 7.1.7, 7.0.21 + NOTE: Only triggerable by malicious script +CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the "user" ...) + NOT-FOR-US: Inteno routers +CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867808) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/518 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30 +CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allow ...) + {DLA-1705-1 DLA-1197-1} + - sox 14.4.2-2 (bug #870328) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 + NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ + NOTE: https://github.com/mansr/sox/commit/8b590b3a52f4ccc4eea3f41b4a067c38b3565b60 +CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 all ...) + {DLA-1705-1 DLA-1197-1} + - sox 14.4.2-2 (bug #870328) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 + NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ + NOTE: https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00 +CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not prope ...) + NOT-FOR-US: Progress Telerik UI +CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...) + NOT-FOR-US: PEGA Platform +CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7 ...) + NOT-FOR-US: PEGA Platform +CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_a ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-11351 (Axesstel MU553S MU55XS-V1.14 devices have a default password of admin ...) + NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 +CVE-2017-11350 (Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axess ...) + NOT-FOR-US: Axesstel MU553S MU55XS-V1.14 +CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose program ...) + NOT-FOR-US: dataTaker +CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with Packag ...) + NOT-FOR-US: Octopus Deploy +CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a ...) + NOT-FOR-US: MetInfo +CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote at ...) + NOT-FOR-US: Zoho ManageEngine Desktop Central +CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASU ...) + NOT-FOR-US: ASUS +CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for AS ...) + NOT-FOR-US: ASUS +CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition (relate ...) + - yadm 1.11.1-1 (bug #868300) + [stretch] - yadm 1.06-1+deb9u1 + NOTE: https://github.com/TheLocehiliosan/yadm/issues/74 +CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Sc ...) + - chicken 4.12.0-0.2 (bug #870266) + [stretch] - chicken (Minor issue) + [jessie] - chicken (Minor issue) + [wheezy] - chicken (Minor issue) + NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html +CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A craf ...) + NOTE: Bogus report against historic libsass version +CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. ...) + NOTE: Bogus report against historic libsass version +CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function i ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) + NOTE: https://github.com/Exiv2/exiv2/issues/53 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950 + NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". + NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". +CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) + NOTE: https://github.com/Exiv2/exiv2/issues/52 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946 + NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type". + NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". +CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure funct ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) + NOTE: https://github.com/Exiv2/exiv2/issues/51 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913 + NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file". + NOTE: Reproducible with 0.26-1 (experimental). +CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) + NOTE: https://github.com/Exiv2/exiv2/issues/50 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737 + NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file". + NOTE: Reproducible with 0.26-1 (experimental). + NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption. +CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...) + - exiv2 (Vulnerable code introduced after 0.25; only affected experimental; bug #868578) + NOTE: https://github.com/Exiv2/exiv2/issues/49 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729 + NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind). + NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)". +CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF 4 ...) + {DSA-4100-1 DLA-1094-1 DLA-1093-1} + - tiff 4.0.8-4 (bug #868513) + [stretch] - tiff (Minor issue) + [jessie] - tiff (Minor issue) + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556 +CVE-2017-11529 (The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9- ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867823) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/525 +CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867826) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/528 +CVE-2017-11526 (The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9 ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867825) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/527 +CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through 6. ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867824) + [jessie] - imagemagick (Minor issue) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/526 +CVE-2017-11530 (The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9- ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867821) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/524 +CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9. ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867798) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/506 +CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...) + {DSA-3925-1} + - qemu 1:2.8+dfsg-7 (bug #869173) + [jessie] - qemu (Minor issue, root DoS, Xen regression, multiple refactorings after 2.5, no reproducer) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0 + NOTE: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1752761 +CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbi ...) + {DSA-4113-1 DLA-2039-1 DLA-1368-1} + - libvorbis 1.3.5-4.1 (low; bug #870341) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/82 + NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332 + NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 +CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...) + {DLA-1705-1 DLA-1197-1} + - sox 14.4.2-2 (bug #870328) + [stretch] - sox 14.4.1-5+deb9u2 + NOTE: http://seclists.org/fulldisclosure/2017/Jul/81 + NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/ + NOTE: https://github.com/mansr/sox/commit/7405bcaacb1ded8c595cb751d407cf738cb26571 +CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...) + - vorbis-tools (unimportant) + NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch + NOTE: still the return of malloc is not checked. + NOTE: http://seclists.org/fulldisclosure/2017/Jul/80 + NOTE: Crash in CLI tool only, negligible security impact +CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in DivFi ...) + NOT-FOR-US: DivFix++ +CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.ph ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with root and p ...) + NOT-FOR-US: Android +CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in obj ...) + - yara 3.6.3+dfsg-1 + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f +CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...) + NOT-FOR-US: Tilde CMS +CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass t ...) + NOT-FOR-US: Tilde CMS +CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be rea ...) + NOT-FOR-US: Tilde CMS +CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...) + NOT-FOR-US: Tilde CMS +CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows r ...) + NOT-FOR-US: ESTsoft ALZip +CVE-2017-11322 (The chroothole_client executable in UCOPIA Wireless Appliance before 5 ...) + NOT-FOR-US: UCOPIA Wireless Appliance +CVE-2017-11321 (The restricted shell interface in UCOPIA Wireless Appliance before 5.1 ...) + NOT-FOR-US: UCOPIA Wireless Appliance +CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...) + NOT-FOR-US: Technicolor TC7337 routers +CVE-2017-11319 (Perspective ICM Investigation & Case 5.1.1.16 allows remote authentica ...) + NOT-FOR-US: Perspective ICM Investigation +CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...) + NOT-FOR-US: Cobian +CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...) + NOT-FOR-US: Progress Telerik UI +CVE-2017-11316 + RESERVED +CVE-2017-11315 + RESERVED +CVE-2017-11314 + RESERVED +CVE-2017-11313 + RESERVED +CVE-2017-11312 + RESERVED +CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt bef ...) + - libopenmpt 0.2.8461~beta26-1 (bug #867579) + [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2 +CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick 7 ...) + - imagemagick (Vulnerable code not present, Only affects ImageMagick-7) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/517 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08 +CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before 10 ...) + NOT-FOR-US: Avaya IP Office +CVE-2017-11308 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11307 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11306 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11305 (A regression affecting Adobe Flash Player version 27.0.0.187 (and earl ...) + NOT-FOR-US: Adobe +CVE-2017-11304 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...) + NOT-FOR-US: Adobe +CVE-2017-11303 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earli ...) + NOT-FOR-US: Adobe +CVE-2017-11302 (An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. ...) + NOT-FOR-US: Adobe +CVE-2017-11301 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11300 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11299 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11298 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11297 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11296 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) + NOT-FOR-US: Adobe +CVE-2017-11295 (An issue was discovered in Adobe DNG Converter 9.12.1 and earlier vers ...) + NOT-FOR-US: Adobe +CVE-2017-11294 (An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An ...) + NOT-FOR-US: Adobe +CVE-2017-11293 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 an ...) + NOT-FOR-US: Adobe +CVE-2017-11292 (Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecod ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-11291 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) + NOT-FOR-US: Adobe +CVE-2017-11290 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) + NOT-FOR-US: Adobe +CVE-2017-11289 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) + NOT-FOR-US: Adobe +CVE-2017-11288 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) + NOT-FOR-US: Adobe +CVE-2017-11287 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...) + NOT-FOR-US: Adobe +CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection vulnerabil ...) + NOT-FOR-US: Adobe ColdFusion +CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...) + NOT-FOR-US: Adobe ColdFusion +CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) + NOT-FOR-US: Adobe ColdFusion +CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...) + NOT-FOR-US: Adobe ColdFusion +CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) + NOT-FOR-US: Adobe +CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...) + NOT-FOR-US: Adobe +CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) + NOT-FOR-US: Adobe +CVE-2017-11279 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...) + NOT-FOR-US: Adobe +CVE-2017-11278 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) + NOT-FOR-US: Adobe +CVE-2017-11277 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) + NOT-FOR-US: Adobe +CVE-2017-11276 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory cor ...) + NOT-FOR-US: Adobe +CVE-2017-11275 (Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overf ...) + NOT-FOR-US: Adobe +CVE-2017-11274 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...) + NOT-FOR-US: Adobe +CVE-2017-11273 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ve ...) + NOT-FOR-US: Adobe +CVE-2017-11272 (Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnera ...) + NOT-FOR-US: Adobe +CVE-2017-11271 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11270 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11269 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11268 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11267 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11266 + REJECTED +CVE-2017-11265 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11264 + REJECTED +CVE-2017-11263 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11262 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11261 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11260 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11259 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11258 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11257 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11256 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11255 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11254 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11253 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11252 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11251 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11250 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11249 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11248 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11247 + REJECTED +CVE-2017-11246 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11245 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11244 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11243 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11242 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11241 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11240 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011 ...) + NOT-FOR-US: Adobe +CVE-2017-11239 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11238 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11237 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11236 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11235 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11234 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11233 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11232 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11231 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11230 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11229 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11228 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11227 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11226 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11225 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) + NOT-FOR-US: Adobe +CVE-2017-11224 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11223 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11222 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11221 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11220 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11219 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11218 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11217 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11216 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11215 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) + NOT-FOR-US: Adobe +CVE-2017-11214 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11213 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) + NOT-FOR-US: Adobe +CVE-2017-11212 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11211 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11210 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-11209 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-1000083 (backend/comics/comics-document.c (aka the comic book backend) in GNOME ...) + {DSA-3916-1 DSA-3911-1 DLA-1031-1} + - evince 3.22.1-4 + - atril 1.16.1-2.1 (bug #868500) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630 +CVE-2017-11208 + RESERVED +CVE-2017-11207 + RESERVED +CVE-2017-11206 + RESERVED +CVE-2017-11205 + RESERVED +CVE-2017-11204 + RESERVED +CVE-2017-11203 + RESERVED +CVE-2017-11202 (FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScri ...) + NOT-FOR-US: FineCMS +CVE-2017-11201 (application/core/controller/images.php in FineCMS through 2017-07-12 a ...) + NOT-FOR-US: FineCMS +CVE-2017-11200 (SQL Injection exists in FineCMS through 2017-07-12 via the application ...) + NOT-FOR-US: FineCMS +CVE-2017-11199 + RESERVED +CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_ ...) + NOT-FOR-US: FineCMS +CVE-2017-11197 (In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privi ...) + NOT-FOR-US: CyberArk Viewfinity +CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in com ...) + {DLA-3058-1 DLA-1049-1} + - libsndfile 1.0.28-3 (bug #869166) + [jessie] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/issues/292 + NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 +CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The he ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetai ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the dia ...) + NOT-FOR-US: Pulse Connect Secure +CVE-2017-11192 + RESERVED +CVE-2017-11191 (FreeIPA 4.x with API version 2.213 allows a remote authenticated users ...) + NOTE: non-issue claimed for freepia +CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...) + - unrar-free 1:0.0.2-0.1 (unimportant; bug #995065) + NOTE: Affected debug code not enabled + NOTE: https://gitlab.com/bgermann/unrar-free/-/commit/e4b3d2d974780af12d8221a25165809e611676df +CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...) + - unrar-free 1:0.0.1+cvs20140707-4 (unimportant) + NOTE: Crash in CLI tool, no security impact + NOTE: https://github.com/0x09AL/my-exploits/blob/master/pocs/unrar-free/dos/DESCRIPTION + NOTE: Same fix as CVE-2017-14121 and possibly to be considered a duplicate +CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks t ...) + NOT-FOR-US: phpMyFAQ +CVE-2017-11186 + RESERVED +CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to c ...) + {DSA-3962-1 DLA-1059-1} + - strongswan 5.6.0-1 (bug #872155) + NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html + NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7 +CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated admi ...) + - glpi (unimportant) + NOTE: Only supported behind an authenticated HTTP zone +CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...) + NOT-FOR-US: Rise Ultimate Project Manager +CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...) + NOT-FOR-US: Rise Ultimate Project Manager +CVE-2017-11180 (FineCMS through 2017-07-11 has stored XSS in the logging functionality ...) + NOT-FOR-US: FineCMS +CVE-2017-11179 (FineCMS through 2017-07-11 has stored XSS in route=admin when modifyin ...) + NOT-FOR-US: FineCMS +CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style.php a ...) + NOT-FOR-US: FineCMS +CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file acce ...) + NOT-FOR-US: TRITON +CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...) + {DSA-3945-1 DSA-3927-1 DLA-1099-1} + - linux 4.11.11-1 + NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1 +CVE-2017-11175 (In J2 Innovations FIN Stack 4.0, the authentication webform is vulnera ...) + NOT-FOR-US: J2 Innovations FIN Stack +CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS 2.5.8 ...) + NOT-FOR-US: XOOPS +CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a ...) + {DSA-3931-1} + - ruby-rack-cors 0.4.1-1 + [jessie] - ruby-rack-cors (Vulnerable code not present) +CVE-2017-11172 + RESERVED +CVE-2017-1000096 (Arbitrary code execution due to incomplete sandbox protection: Constru ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000095 (The default whitelist included the following unsafe entries: DefaultGr ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000094 (Docker Commons Plugin provides a list of applicable credential IDs to ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000093 (Poll SCM Plugin was not requiring requests to its API be sent via POST ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000092 (Git Plugin connects to a user-specified Git repository as part of form ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000091 (GitHub Branch Source Plugin connects to a user-specified GitHub API UR ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000090 (Role-based Authorization Strategy Plugin was not requiring requests to ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000089 (Builds in Jenkins are associated with an authentication that controls ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000088 (The Sidebar Link plugin allows users able to configure jobs, views, an ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000087 (GitHub Branch Source provides a list of applicable credential IDs to a ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000086 (The Periodic Backup Plugin did not perform any permission checks, allo ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000085 (Subversion Plugin connects to a user-specified Subversion repository a ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-1000084 (Parameterized Trigger Plugin fails to check Item/Build permission: The ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in gs ...) + - gnome-session 2.30.0-1 + NOTE: https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d +CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/472 +CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 device ...) + NOT-FOR-US: iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices +CVE-2017-11168 + RESERVED +CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...) + NOT-FOR-US: FineCMS +CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...) + - imagemagick 8:6.9.7.4+dfsg-7 (unimportant; bug #868263) + [wheezy] - imagemagick 8:6.7.7.10-5+deb7u14 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/471 +CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitiv ...) + NOT-FOR-US: dataTaker +CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exe ...) + - pcre3 (unimportant) + NOTE: http://openwall.com/lists/oss-security/2017/07/11/3 +CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Ca ...) + - cacti 1.1.12+ds1-1 (bug #868080) + [stretch] - cacti (Vulnerable code introduced later) + [jessie] - cacti (Vulnerable code introduced later) + [wheezy] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/issues/847 + NOTE: aggregate_graphs.php not available in 0.8.8. + NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE + NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4 +CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo Stat ...) + NOT-FOR-US: Synology +CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station befor ...) + NOT-FOR-US: Synology +CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in Synolog ...) + NOT-FOR-US: Installer in Synology Assistant +CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in Synolog ...) + NOT-FOR-US: Installer in Synology Photo Station Uploader +CVE-2017-11158 (Multiple untrusted search path vulnerabilities in the installer in Syn ...) + NOT-FOR-US: Synology Cloud Station Drive +CVE-2017-11157 (Multiple untrusted search path vulnerabilities in the installer in Syn ...) + NOT-FOR-US: Synology +CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2 ...) + NOT-FOR-US: Synology Download Station +CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo S ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in Sy ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-11153 (Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-11152 (Directory traversal vulnerability in PixlrEditorHandler.php in Synolog ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station befo ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-11150 (Command injection vulnerability in Document.php in Synology Office 2.2 ...) + NOT-FOR-US: Synology Office +CVE-2017-11149 (Server-side request forgery (SSRF) vulnerability in Downloader in Syno ...) + NOT-FOR-US: Synology Download Station +CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview in Sy ...) + NOT-FOR-US: Synology Chat +CVE-2017-11146 + REJECTED +CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an er ...) + {DSA-4081-1 DSA-4080-1 DLA-1034-1} + - php7.1 7.1.8-1 + - php7.0 7.0.22-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819 + NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 + NOTE: Fixed by: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and re-encryp ...) + - jenkins +CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...) + NOT-FOR-US: ONOS +CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets.) + NOT-FOR-US: ONOS +CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS.) + NOT-FOR-US: ONOS +CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registra ...) + NOT-FOR-US: ONOS +CVE-2017-1000077 + REJECTED +CVE-2017-1000076 + REJECTED +CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an un ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity ...) + NOT-FOR-US: Creolabs Gravity +CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass i ...) + - php-cas 1.3.6-1 (bug #868466) + [stretch] - php-cas (Minor issue) + [jessie] - php-cas (Minor issue) + [wheezy] - php-cas (Minor issue, only works with old CAS server) + NOTE: https://github.com/Jasig/phpCAS/issues/228 + NOTE: Fixed by: https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd + NOTE: The vulnerability only exists when the server is affected by + NOTE: another very old vulnerability fixed in 2010. +CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an o ...) + NOT-FOR-US: Bitly oauth2_proxy +CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow) + NOT-FOR-US: Bitly oauth2_proxy +CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an authent ...) + NOT-FOR-US: TestTrack +CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injecti ...) + NOT-FOR-US: MODX Revolution +CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently ...) + - keepass2 (Only affects 1.x) +CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in Open ...) + NOT-FOR-US: OpenMediaVault +CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...) + NOT-FOR-US: kittoframework kitto +CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...) + NOT-FOR-US: kittoframework kitto +CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...) + NOT-FOR-US: kittoframework kitto +CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansio ...) + - xmlsec1 1.2.24-1 + [stretch] - xmlsec1 (Minor issue) + [jessie] - xmlsec1 (Minor issue) + [wheezy] - xmlsec1 (Minor issue) + NOTE: https://github.com/lsh123/xmlsec/issues/43 +CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leadin ...) + NOT-FOR-US: EyesOfNetwork (EON) +CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site S ...) + NOT-FOR-US: Live Helper Chat +CVE-2017-1000058 (Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, one ...) + NOT-FOR-US: chevereto CMS +CVE-2017-1000057 + REJECTED +CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...) + - kubernetes 1.5.5+dfsg-1 + NOTE: https://github.com/kubernetes/kubernetes/issues/43459 +CVE-2017-1000055 + REJECTED +CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdo ...) + NOT-FOR-US: Rocket.Chat +CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) + NOT-FOR-US: Elixir Plug +CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...) + NOT-FOR-US: Elixir Plug +CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs C ...) + NOT-FOR-US: XWiki labs +CVE-2017-1000049 + REJECTED +CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...) + NOT-FOR-US: ljharb +CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in t ...) + - rbenv (bug #869702) + [bookworm] - rbenv (Minor issue) + [bullseye] - rbenv (Minor issue) + [buster] - rbenv (Minor issue) + [stretch] - rbenv (Minor issue) + [jessie] - rbenv (Minor issue) + [wheezy] - rbenv (Minor issue) + NOTE: https://github.com/rbenv/rbenv/issues/977 + NOTE: .ruby-version is .rbenv-version in wheezy + NOTE: https://github.com/rbenv/rbenv/commit/370c26a6c9ee0511972ea04904fcc89014a22987 (v1.2.0) +CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies) + NOT-FOR-US: Mautic +CVE-2017-1000045 + REJECTED +CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulne ...) + NOT-FOR-US: Mapbox.js +CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulne ...) + NOT-FOR-US: Mapbox.js +CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV Ex ...) + NOT-FOR-US: Framadate +CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XS ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD resul ...) + NOT-FOR-US: RVM +CVE-2017-1000036 + REJECTED +CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attac ...) + - tt-rss 17.1+git20170410+dfsg-1 + NOTE: https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 +CVE-2017-1000034 (Akka versions <=2.4.16 and 2.5-M1 are vulnerable to a java deserializa ...) + NOT-FOR-US: Akka +CVE-2017-1000033 (Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflec ...) + NOT-FOR-US: WordPress plugin +CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remot ...) + - cacti 0.8.8b+dfsg-6 + [wheezy] - cacti 0.8.8a+dfsg-5+deb7u3 + NOTE: MITRE will not reject the entry, but the issue is already covered by the + NOTE: patch as for CVE-2014-4002. See discussion in + NOTE: https://github.com/distributedweaknessfiling/DWF-CVE-Database/issues/27 +CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8 ...) + - cacti 0.8.8e+ds1-1 + [jessie] - cacti (Minor issue, can be mitigated with Web Application Firewalls) + [wheezy] - cacti (Minor issue, can be mitigated with Web Application Firewalls) + NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789 + NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172. + NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than + NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on vulnerability + NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite sharing attack + NOTE: vectors with this vulnerability, and covers different attack vectors than + NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be + NOTE: independently fixable from said vulnerability based on the fix provided here: + NOTE: https://github.com/Cacti/cacti/issues/866 + NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448 + NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46 + NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5 + NOTE: After the request to MITRE to reject this CVE, elbrus discovered that also + NOTE: CVE-2015-4634 seems part of the duplication. Upstream commit 4e4dd67 was in the + NOTE: preperation git tree for 1.x, its equivalent svn commit was used to fix + NOTE: CVE-2015-4634 in Debian. +CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulne ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable t ...) + NOT-FOR-US: Koozali Foundation SME Server +CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...) + {DSA-3915-1} + - ruby-mixlib-archive 0.4.1-1 (bug #868572) + NOTE: https://github.com/chef/mixlib-archive/pull/6 + NOTE: https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d +CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 befo ...) + - epiphany-browser 3.22.6-1 (unimportant) + NOTE: webkit not covered by security support +CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...) + - shotwell 0.25.4+really0.24.5-0.1 (unimportant) +CVE-2017-1000023 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS w ...) + NOT-FOR-US: LogicalDoc Community Edition +CVE-2017-1000022 (LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect acce ...) + NOT-FOR-US: LogicalDoc Community Edition +CVE-2017-1000021 (LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when ...) + NOT-FOR-US: LogicalDoc Community Edition +CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded de ...) + NOT-FOR-US: ECos +CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the re ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-7 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/afe84645f29f5acc9970f3ffa5673585bf2dee7d (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1af76a88545352 (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/96b4f13e54c9ebbebfd19d0690bfa0812b6818c1 (4.6-branch) +CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-6 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f8ad5bd759156c8c00a1c3e0ef374660027a3bb4 (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e675c1ab20387 (4.{4,6}-branch) +CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary value ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-5 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3b6ed1f9ecaab86c488d106b1588d7683a6d53ef +CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-4 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/8a0816266cc1db9e9889829f9f0d88a19650c977 (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e65355bf49f342 (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3a6247674e653507294f23480b4c0e1c532badbe (4.6-branch) +CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the t ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-3 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3d230b6ab76ff018645f2090c2664169835f465b (4.{0,4,6}-branch) +CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakne ...) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2017-1 + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7fe97a1f3c4695f630e39d9433b8fa7539eee30e (4.0-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b92497767c8677653cba (4.4-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/4c84070ad6136c3158caa93286754ebbfbce61ab (4.6-branch) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/e37bf40f44a3272a6709eb5b38feccac41658e3f (4.6-branch) +CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...) + NOT-FOR-US: MySQL Dumper +CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database manag ...) + NOT-FOR-US: MyWebSQL +CVE-2017-1000010 (Audacity 2.1.2 through 2.3.2 is vulnerable to Dll HIjacking in the avf ...) + - audacity (Specific to Windows packaging) +CVE-2017-1000009 (Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell ...) + NOT-FOR-US: Akeneo PIM +CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user setting ...) + NOT-FOR-US: Chyrp Lite +CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate veri ...) + NOT-FOR-US: txAWS +CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an X ...) + NOT-FOR-US: plotly.js (different from the plotly Python package) +CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the nam ...) + NOT-FOR-US: PHPMiniAdmin +CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...) + NOT-FOR-US: ATutor +CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to an incorrect acces ...) + NOT-FOR-US: ATutor +CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory traver ...) + NOT-FOR-US: ATutor +CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw res ...) + - fedmsg (bug #868508) + [jessie] - fedmsg (Minor issue) + NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a +CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/469 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f +CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 c ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-3 (low) + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a +CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ReadOneJN ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-2 (low) + [jessie] - graphicsmagick (vulnerable code for CVE-2017-11102 not applied in Jessie) + [wheezy] - graphicsmagick (vulnerable code for CVE-2017-11102 not applied in Wheezy) + NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b +CVE-2017-11138 + RESERVED +CVE-2017-11137 + RESERVED +CVE-2017-11136 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11135 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11134 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11133 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11132 (An issue was discovered in heinekingmedia StashCat before 1.5.18 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11131 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11130 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11129 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for A ...) + NOT-FOR-US: heinekingmedia StashCat +CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by t ...) + NOT-FOR-US: Bolt CMS +CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ...) + NOT-FOR-US: Bolt CMS +CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through 1.25 ...) + - mpg123 1.25.3-1 (unimportant) + NOTE: no security impact +CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_get_p ...) + - xar +CVE-2017-11124 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the xar_unser ...) + - xar +CVE-2017-11123 + RESERVED +CVE-2017-11122 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can t ...) + NOT-FOR-US: Broadcom +CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, p ...) + NOT-FOR-US: Broadcom +CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, a ...) + NOT-FOR-US: Broadcom +CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...) + - xine-lib-1.2 (it is built with --disable-nosefart) + - xine-lib (it is built with --disable-nosefart) + NOTE: https://sourceforge.net/p/nosefart/bugs/6/ +CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in Open ...) + NOT-FOR-US: OpenExif +CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in OpenEx ...) + NOT-FOR-US: OpenExif +CVE-2017-11116 (The ExifImageFile::readDQT function in ExifImageFileRead.cpp in OpenEx ...) + NOT-FOR-US: OpenExif +CVE-2017-11115 (The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in ...) + NOT-FOR-US: OpenExif +CVE-2017-11114 (The put_chars function in html_r.c in Twibright Links 2.14 allows remo ...) + - links2 2.14-3 (unimportant; bug #870299) + NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76 +CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9- ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867812) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/523 +CVE-2017-11528 (The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9- ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867811) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/522 +CVE-2017-11525 (The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9- ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867810) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/519 +CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867806) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/509 +CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_e ...) + - ncurses 6.0+20170701-1 + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691 +CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...) + - ncurses 6.0+20170701-1 + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686 +CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...) + {DLA-1041-1} + - nasm 2.13.02-0.1 (bug #867988) + [stretch] - nasm (Minor issue) + [jessie] - nasm (Minor issue) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415 +CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers ...) + {DSA-3917-1 DLA-1037-1} + - catdoc 1:0.95-3 (bug #867717) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471 +CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) o ...) + {DLA-1871-1 DLA-1030-1} + - vim 2:8.0.0197-5 (low; bug #867720) + [stretch] - vim 2:8.0.0197-4+deb9u1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492 +CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service (he ...) + {DSA-3971-1 DLA-1090-1} + - tcpdump 4.9.1-1 (bug #867718) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468504 + NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617 + NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1 (4.9.1) +CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the ...) + {DLA-1561-1 DLA-1019-1} + - phpldapadmin 1.2.2-6.2 (bug #867719) + NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50 + NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 +CVE-2017-11106 + RESERVED +CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 part ...) + NOT-FOR-US: OnePlus +CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the functio ...) + - jasper (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/06/1 + NOTE: https://github.com/mdadams/jasper/issues/120 + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293 +CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, kindeditor/php/u ...) + NOT-FOR-US: kindeditor +CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services wit ...) + {DSA-3912-1 DSA-3909-1 DLA-1027-1} + - heimdal 7.4.0.dfsg.1-1 (bug #868208) + - samba 2:4.6.5+dfsg-4 (bug #868209) + [wheezy] - samba (Heimdal is only used in 4.x, wheezy ships 3.6.6) + - samba4 + [wheezy] - samba4 (dynamically linked against system heimdal) + NOTE: https://orpheus-lyre.info/ + NOTE: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea + NOTE: samba's source package embeds heimdal but the binary is statically linked to src:heimdal + NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html + NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894 +CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...) + {DSA-4321-1 DLA-1456-1 DLA-1045-1} + - graphicsmagick 1.3.26-2 (bug #867746) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1 + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230 +CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) + - swftools (unimportant; bug #871022) + NOTE: https://github.com/matthiaskramm/swftools/issues/26 +CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lea ...) + - swftools (unimportant; bug #871024) + NOTE: https://github.com/matthiaskramm/swftools/issues/27 +CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead t ...) + - swftools (unimportant; bug #871018) + NOTE: https://github.com/matthiaskramm/swftools/issues/31 +CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead t ...) + - swftools (unimportant; bug #871020) + NOTE: https://github.com/matthiaskramm/swftools/issues/32 +CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...) + - swftools (unimportant; bug #871025) + NOTE: https://github.com/matthiaskramm/swftools/issues/24 +CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lea ...) + - swftools (unimportant; bug #871026) + NOTE: https://github.com/matthiaskramm/swftools/issues/25 +CVE-2017-11095 + RESERVED +CVE-2017-11094 + RESERVED +CVE-2017-11093 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11092 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11091 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + - linux 4.12.6-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux 3.16.51-1 + NOTE: Fixed by: https://git.kernel.org/linus/8feb69c7bd89513be80eb19198d48f154b254021 +CVE-2017-11088 (Improper Input Validation in Linux io-prefetch in Snapdragon Mobile an ...) + NOT-FOR-US: Snapdragon +CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android cop ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-11086 + RESERVED +CVE-2017-11085 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11084 + RESERVED +CVE-2017-11083 + RESERVED +CVE-2017-11082 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11081 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11077 + RESERVED +CVE-2017-11076 + RESERVED +CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: HTC component for Android +CVE-2017-11071 + REJECTED +CVE-2017-11070 + RESERVED +CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11068 + RESERVED +CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11065 + RESERVED +CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11058 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-11039 + RESERVED +CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11037 + RESERVED +CVE-2017-11036 + RESERVED +CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11034 + RESERVED +CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android +CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11021 + RESERVED +CVE-2017-11020 + REJECTED +CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11011 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mo ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11009 + RESERVED +CVE-2017-11008 + REJECTED +CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm closed-source components for Android +CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm closed-source components for Android +CVE-2017-11004 (A non-secure user may be able to access certain registers in snapdrago ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-11001 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-11000 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-10999 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-10998 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-10997 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-10996 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allow ...) + {DSA-4204-1 DLA-1081-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #867748) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/538 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fdc09dc8f9522f07f5f501fe8453765ad82556c + NOTE: The second commit is not security sensitive relevant, cf. + NOTE: https://github.com/ImageMagick/ImageMagick/issues/538#issuecomment-317047977 +CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrar ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...) + NOT-FOR-US: Contao +CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...) + NOT-FOR-US: HPE +CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...) + NOT-FOR-US: WordPress plugin +CVE-2017-10990 + RESERVED +CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3 ...) + {DLA-1633-1 DLA-1018-1} + - sqlite3 3.19.3-3 (bug #867618) + [stretch] - sqlite3 3.16.2-5+deb9u1 + - sqlite (rtree extension not present in v2) + NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26 + NOTE: https://sqlite.org/src/info/66de6f4a + NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405 + NOTE: http://marc.info/?l=sqlite-users&m=149933696214713&w=2 +CVE-2017-10988 + REJECTED +CVE-2017-10987 (An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buff ...) + - freeradius 3.0.15+dfsg-1 (bug #868765) + [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 + [jessie] - freeradius (Only affects 3.x series) + [wheezy] - freeradius (Only affects 3.x series) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-304 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866 +CVE-2017-10986 (An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infi ...) + - freeradius 3.0.15+dfsg-1 (bug #868765) + [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 + [jessie] - freeradius (Only affects 3.x series) + [wheezy] - freeradius (Only affects 3.x series) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-303 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c +CVE-2017-10985 (An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite lo ...) + - freeradius 3.0.15+dfsg-1 (bug #868765) + [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 + [jessie] - freeradius (Only affects 3.x series) + [wheezy] - freeradius (Only affects 3.x series) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-302 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97 +CVE-2017-10984 (An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overf ...) + - freeradius 3.0.15+dfsg-1 (bug #868765) + [stretch] - freeradius 3.0.12+dfsg-5+deb9u1 + [jessie] - freeradius (Only affects 3.x series) + [wheezy] - freeradius (Only affects 3.x series) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-301 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806 +CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...) + {DSA-3930-1 DLA-1064-1} + - freeradius 3.0.15+dfsg-1 (bug #868765) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206 + NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d + NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d +CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buff ...) + {DLA-1064-1} + - freeradius 3.0.12+dfsg-3 + [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875 + NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable + NOTE: This is not fully technically correct, the issue affects only the 2.x + NOTE: series but not 3.x. +CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...) + {DLA-1064-1} + - freeradius 3.0.12+dfsg-3 + [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c + NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable + NOTE: This is not fully technically correct, the issue affects only the 2.x + NOTE: series but not 3.x. +CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...) + {DLA-1064-1} + - freeradius 3.0.12+dfsg-3 + [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029 + NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable + NOTE: This is not fully technically correct, the issue affects only the 2.x + NOTE: series but not 3.x. +CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overf ...) + {DLA-1064-1} + - freeradius 3.0.12+dfsg-3 + [jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1 + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202 + NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5 + NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable + NOTE: This is not fully technically correct, the issue affects only the 2.x + NOTE: series but not 3.x. +CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0. ...) + {DSA-3930-1 DLA-1064-1} + - freeradius 3.0.15+dfsg-1 (bug #868765) + NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201 + NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68 + NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/fc8662d7e827f630d515eaa0bddfa94754c8047f +CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...) + - systemd 234-1 (unimportant) + [jessie] - systemd (Vulnerable code introduced in systemd-229) + [wheezy] - systemd (Vulnerable code introduced in systemd-229) + NOTE: https://github.com/systemd/systemd/issues/6237 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159 + NOTE: https://www.openwall.com/lists/oss-security/2017/07/02/1 +CVE-2017-10977 + RESERVED +CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead t ...) + - swftools (unimportant) + NOTE: ttftool not shipped in Debian package +CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might all ...) + NOT-FOR-US: Lutim +CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ...) + - yaws 1.91-2 + NOTE: Slightly different, additional CVE assignment which MITRE insists on, but fixed by the + NOTE: original patch for CVE-2011-4350 +CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...) + NOT-FOR-US: FineCMS +CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 a ...) + - cacti 1.1.12+ds1-1 (bug #867532) + [stretch] - cacti (Vulnerable code introduced later) + [jessie] - cacti (Vulnerable code introduced later) + [wheezy] - cacti (Vulnerable code introduced later) + NOTE: https://github.com/Cacti/cacti/issues/838 + NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5 +CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler c ...) + {DLA-1034-1} + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + - php5 + [jessie] - php5 5.6.30+dfsg-0+deb8u1 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773 + NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451 + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of vari ...) + {DLA-1034-1} + - php7.1 (Fixed with initial upload to unstable) + - php7.0 7.0.13-1 + - php5 + [jessie] - php5 5.6.28+dfsg-0+deb8u1 + NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192 + NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...) + {DSA-4081-1 DSA-4080-1 DLA-1034-1} + - php7.1 7.1.8-1 + - php7.0 7.0.22-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651 + NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...) + {DSA-4081-1 DLA-1034-1} + - php7.1 (Only affected 5.6) + - php7.0 (Only affected 5.6) + - php5 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...) + {DSA-4081-1} + - php7.1 7.1.3+-1 + - php7.0 7.0.17-1 + - php5 + [wheezy] - php5 (vulnerable code not present) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807 + NOTE: Fixed in 7.1.3, 7.0.17, 5.6.31 + NOTE: https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3 + NOTE: https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3 + NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 +CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handling of ...) + {DSA-3905-1 DLA-1026-1} + - xorg-server 2:1.19.3-2 (bug #867492) + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced + NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6 +CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X ...) + {DSA-3905-1 DLA-1026-1} + - xorg-server 2:1.19.3-2 (bug #867492) + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455 + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d + NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c + NOTE: https://www.openwall.com/lists/oss-security/2017/07/06/6 +CVE-2017-10969 + RESERVED +CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.ph ...) + NOT-FOR-US: FineCMS +CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php a ...) + NOT-FOR-US: FineCMS +CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the inte ...) + {DLA-1089-1} + - irssi 1.0.4-1 (low; bug #867598) + [stretch] - irssi 1.0.2-1+deb9u2 + [jessie] - irssi 0.8.17-1+deb8u5 + NOTE: https://irssi.org/security/irssi_sa_2017_07.txt + NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 +CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...) + {DLA-1089-1} + - irssi 1.0.4-1 (low; bug #867598) + [stretch] - irssi 1.0.2-1+deb9u2 + [jessie] - irssi 0.8.17-1+deb8u5 + NOTE: https://irssi.org/security/irssi_sa_2017_07.txt + NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 +CVE-2017-10964 + RESERVED +CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobil ...) + NOT-FOR-US: Samsung +CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string.) + NOT-FOR-US: REDCap +CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File Repos ...) + NOT-FOR-US: REDCap +CVE-2017-10960 + RESERVED +CVE-2017-10959 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10958 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10957 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10956 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10955 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: EMC +CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Bitdefender Internet Security Internet Security 2018 +CVE-2017-10953 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10952 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10951 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10950 (This vulnerability allows local attackers to execute arbitrary code on ...) + NOT-FOR-US: Bitdefender Total Security +CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes Informati ...) + NOT-FOR-US: Dell Storage Manager +CVE-2017-10948 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10947 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10946 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10945 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10944 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10943 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10942 (This vulnerability allows remote attackers to disclose sensitive infor ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10941 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Foxit Reader +CVE-2017-10940 (This vulnerability allows remote attackers to execute arbitrary code o ...) + NOT-FOR-US: Joyent +CVE-2017-10939 + REJECTED +CVE-2017-10938 + REJECTED +CVE-2017-10937 (SQL injection vulnerability in all versions prior to V2.01.05.09 of th ...) + NOT-FOR-US: ZTE +CVE-2017-10936 (SQL injection vulnerability in all versions prior to V4.01.01 of the Z ...) + NOT-FOR-US: ZTE ZXCDN-SNS +CVE-2017-10935 (All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products ...) + NOT-FOR-US: ZTE ZXR10 1800-2S products +CVE-2017-10934 (All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use ...) + NOT-FOR-US: ZTE ZXIPTV-EPG product +CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring sy ...) + NOT-FOR-US: ZTE ZXDT22 SF01 +CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series pro ...) + NOT-FOR-US: ZTE Microwave +CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download o ...) + NOT-FOR-US: ZXR10 1800-2S +CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a re ...) + NOT-FOR-US: ZXR10 1800-2S +CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...) + {DLA-1044-1} + - ipsec-tools 1:0.8.2+20140711-9 (bug #867986) + [stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1 + [jessie] - ipsec-tools (Will be fixed via point release) + NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1 + NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682 + NOTE: Patch disputed, cf. https://bugzilla.suse.com/show_bug.cgi?id=1047443#c1 + NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b +CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...) + {DLA-1016-1} + - radare2 1.6.0+dfsg-1 (low; bug #867369) + [jessie] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/issues/7855 + NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85 +CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the GetNextTo ...) + {DSA-3914-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #867367) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/539 +CVE-2017-10927 + RESERVED +CVE-2017-10926 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...) + NOT-FOR-US: IrfanView +CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to c ...) + NOT-FOR-US: IrfanView +CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execut ...) + NOT-FOR-US: IrfanView +CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may le ...) + - node-mqtt (Fixed before initial upload) +CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) + NOT-FOR-US: Music Center for PC +CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) + - h2o 2.2.4+dfsg-1 (medium) + NOTE: https://github.com/h2o/h2o/issues/1544 +CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and e ...) + NOT-FOR-US: OneThird CMS Show Off +CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 th ...) + - fluentd (bug #926692) +CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...) + NOT-FOR-US: Qt for Android +CVE-2017-10904 (Qt for Android prior to 5.9.0 allows remote attackers to execute arbit ...) + NOT-FOR-US: Qt for Android +CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 a ...) + NOT-FOR-US: PTW-WMS1 firmware +CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...) + NOT-FOR-US: PTW-WMS1 firmware +CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote a ...) + NOT-FOR-US: PTW-WMS1 firmware +CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass ...) + NOT-FOR-US: PTW-WMS1 firmware +CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT clou ...) + NOT-FOR-US: A-Reserve +CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...) + NOT-FOR-US: A-Member +CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ro ...) + NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers +CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG ...) + NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers +CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...) + NOT-FOR-US: sDNSProxy +CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...) + NOT-FOR-US: StreamRelay.NET +CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification Servic ...) + NOT-FOR-US: The Public Certification Service for Individuals +CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version 1.0 ...) + NOT-FOR-US: Music Center for PC +CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...) + NOT-FOR-US: Media Go +CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to 09.87.1 ...) + NOT-FOR-US: RX-V200 firmware +CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML Ex ...) + NOT-FOR-US: TablePress +CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac Ver ...) + NOT-FOR-US: BOOK WALKER +CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2 ...) + NOT-FOR-US: BOOK WALKER +CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...) + NOT-FOR-US: CS-Cart +CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...) + NOT-FOR-US: HYPER SBI +CVE-2017-10884 + RESERVED +CVE-2017-10883 + RESERVED +CVE-2017-10882 + RESERVED +CVE-2017-10881 + RESERVED +CVE-2017-10880 + RESERVED +CVE-2017-10879 + RESERVED +CVE-2017-10878 + RESERVED +CVE-2017-10877 + RESERVED +CVE-2017-10876 + RESERVED +CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacke ...) + NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect +CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query pack ...) + NOT-FOR-US: PWR-Q200 +CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass authenticati ...) + NOT-FOR-US: OpenAM +CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause a denia ...) + - h2o 2.2.4+dfsg-1 (medium) + NOTE: https://github.com/h2o/h2o/issues/1543 +CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version L02 ...) + NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software +CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki 20 ...) + NOT-FOR-US: Rakuraku Hagaki +CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote attacke ...) + - h2o 2.2.3+dfsg-1 (medium) + NOTE: https://github.com/h2o/h2o/issues/1460 +CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause a denia ...) + - h2o 2.2.3+dfsg-1 (medium) + NOTE: https://github.com/h2o/h2o/issues/1459 +CVE-2017-10867 + RESERVED +CVE-2017-10866 + RESERVED +CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...) + NOT-FOR-US: HIBUN Confidential File Decryption +CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...) + NOT-FOR-US: HIBUN Confidential File Decryption +CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File Decrypt ...) + NOT-FOR-US: HIBUN Confidential File Decryption +CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...) + NOT-FOR-US: jwt-scala +CVE-2017-10861 (Directory traversal vulnerability in QND Advance/Standard allows an at ...) + NOT-FOR-US: QND Advance/Standard +CVE-2017-10860 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...) + NOT-FOR-US: i-filter 6.0 installer +CVE-2017-10859 (Untrusted search path vulnerability in "i-filter 6.0 installer" timest ...) + NOT-FOR-US: i-filter 6.0 installer +CVE-2017-10858 (Untrusted search path vulnerability in "i-filter 6.0 install program" ...) + NOT-FOR-US: i-filter 6.0 install program +CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypas ...) + NOT-FOR-US: Cybozu +CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, SEIL ...) + NOT-FOR-US: SEIL +CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4 ...) + NOT-FOR-US: FENCE-Explorer for Windows +CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypa ...) + NOT-FOR-US: Corega CG-WGR1200 firmware +CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) + NOT-FOR-US: Corega CG-WGR1200 firmware +CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...) + NOT-FOR-US: Corega CG-WGR1200 firmware +CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge Ut ...) + NOT-FOR-US: Installer for ContentsBridge Utility for Windows +CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...) + NOT-FOR-US: Various installer for Drivers for ApeosPort-VI and DocuCentre-VI products +CVE-2017-10849 (Untrusted search path vulnerability in Self-extracting document genera ...) + NOT-FOR-US: DocuWorks +CVE-2017-10848 (Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 ...) + NOT-FOR-US: Installers for DocuWorks +CVE-2017-10847 + RESERVED +CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote at ...) + NOT-FOR-US: Wi-Fi STATION L-02F Software +CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote at ...) + NOT-FOR-US: Wi-Fi STATION L-02F Software +CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to e ...) + NOT-FOR-US: baserCMS +CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote a ...) + NOT-FOR-US: baserCMS +CVE-2017-10842 (SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 ...) + NOT-FOR-US: baserCMS +CVE-2017-10841 (Directory traversal vulnerability in WebCalendar 1.2.7 and earlier all ...) + - webcalendar +CVE-2017-10840 (Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier al ...) + - webcalendar +CVE-2017-10839 (SQL injection vulnerability in the SEO Panel prior to version 3.11.0 a ...) + NOT-FOR-US: SEO Panel +CVE-2017-10838 (Cross-site scripting vulnerability in SEO Panel prior to version 3.11. ...) + NOT-FOR-US: SEO Panel +CVE-2017-10837 (Cross-site scripting vulnerability in BackupGuard prior to version 1.1 ...) + NOT-FOR-US: BackupGuard +CVE-2017-10836 (Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlie ...) + NOT-FOR-US: Optimal Guard +CVE-2017-10835 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) + NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware +CVE-2017-10834 (Directory traversal vulnerability in "Dokodemo eye Smart HD" SCR02HD F ...) + NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware +CVE-2017-10833 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) + NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware +CVE-2017-10832 ("Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows ...) + NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware +CVE-2017-10831 (Untrusted search path vulnerability in The electronic authentication s ...) + NOT-FOR-US: The CRCA user's Software system +CVE-2017-10830 (Untrusted search path vulnerability in Security Setup Tool all version ...) + NOT-FOR-US: Security Setup Tool +CVE-2017-10829 (Untrusted search path vulnerability in Remote Support Tool (Enkaku Sup ...) + NOT-FOR-US: Remote Support Tool (Enkaku Support Tool) +CVE-2017-10828 (Untrusted search path vulnerability in Flets Install Tool all versions ...) + NOT-FOR-US: Flets Install Tool +CVE-2017-10827 (Untrusted search path vulnerability in Flets Azukeru for Windows Auto ...) + NOT-FOR-US: Flets Azukeru for Windows Auto Backup Tool +CVE-2017-10826 (Untrusted search path vulnerability in Security Kinou Mihariban v1.0.2 ...) + NOT-FOR-US: Security Kinou Mihariban +CVE-2017-10825 (Untrusted search path vulnerability in Installer of Flets Easy Setup T ...) + NOT-FOR-US: Installer of Flets Easy Setup Tool +CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software Versi ...) + NOT-FOR-US: TDB CA TypeA use software +CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji Hou ...) + NOT-FOR-US: Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program +CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...) + NOT-FOR-US: Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program +CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...) + NOT-FOR-US: Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program +CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for W ...) + NOT-FOR-US: Installer of IP Messenger for Win +CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...) + NOT-FOR-US: MaLion +CVE-2017-10818 (MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded cr ...) + NOT-FOR-US: MaLion +CVE-2017-10817 (MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to b ...) + NOT-FOR-US: MaLion +CVE-2017-10816 (SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to ...) + NOT-FOR-US: MaLion +CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when "Remote Control" is in ...) + NOT-FOR-US: MaLion +CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allow ...) + NOT-FOR-US: CG-WLR300NM Firmware +CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ex ...) + NOT-FOR-US: CG-WLR300NM Firmware +CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software Ve ...) + NOT-FOR-US: Photo Collection PC Software +CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an att ...) + NOT-FOR-US: Buffalo WCR-1166DS devices +CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in drivers/gpu/dr ...) + {DSA-3927-1} + - linux 4.11.11-1 (low) + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/385aee965b4e4c36551c362a334378d2985b722a +CVE-2017-10809 + RESERVED +CVE-2017-10808 + RESERVED +CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick Em ...) + {DSA-3925-1 DLA-1497-1} + - qemu 1:2.8+dfsg-7 (bug #867751) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html +CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate ...) + {DSA-3902-1} + - jabberd2 2.6.1-1 (bug #867032) + NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16 + NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1 +CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) + - odoo (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17921 +CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) + - odoo (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17914 +CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...) + - odoo (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17898 +CVE-2017-10802 + RESERVED +CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...) + NOT-FOR-US: phpSocial +CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, i ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-1 (bug #867060) + [jessie] - graphicsmagick (Minor issue) + [wheezy] - graphicsmagick (Minor issue) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012 + NOTE: The above commit unfortunately is not enough. There are more related + NOTE: changes, and Bob Friesenhahn commented that it's not complete. All + NOTE: the rlated changesets to mat.c since the one referenced should be + NOTE: picked up. +CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata indica ...) + {DSA-4321-1 DLA-1755-1 DLA-1045-1} + - graphicsmagick 1.3.26-1 (bug #867077) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62 +CVE-2017-10798 (In ObjectPlanet Opinio before 7.6.4, there is XSS.) + NOT-FOR-US: ObjectPlanet Opinio +CVE-2017-10797 + RESERVED +CVE-2017-10796 (On TP-Link NC250 devices with firmware through 1.2.1 build 170515, any ...) + NOT-FOR-US: TP-Link +CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows r ...) + NOT-FOR-US: Subrion CMS +CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadat ...) + {DSA-4321-1} + - graphicsmagick 1.3.26-1 (bug #867085) + [jessie] - graphicsmagick (vulnerable code not present) + [wheezy] - graphicsmagick (vulnerable code not present) + NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2 +CVE-2017-10793 (The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and ...) + NOT-FOR-US: Arris +CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...) + - pspp 1.0.0-1 (unimportant; bug #866890) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467005 + NOTE: No security impact, crash in CLI tool +CVE-2017-10791 (There is an Integer overflow in the hash_int function of the libpspp l ...) + - pspp 1.0.0-1 (unimportant; bug #866890) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004 + NOTE: No security impact as built in Debian +CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 cause ...) + {DSA-4106-1 DLA-2255-1 DLA-1038-1} + - libtasn1-6 4.12-2.1 (bug #867398) + - libtasn1-3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141 + NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39 +CVE-2017-10789 (The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 sett ...) + {DLA-1079-1} + - libdbd-mysql-perl 4.046-1 (bug #866821) + [stretch] - libdbd-mysql-perl (Minor issue, can be fixed via point release) + [jessie] - libdbd-mysql-perl (Minor issue, can be fixed via point release) + NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/110 + NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/114 + NOTE: Upstream 4.042 fixed this issue, but was reverted upstream in 4.043: + NOTE: https://www.nntp.perl.org/group/perl.dbi.dev/2017/08/msg8037.html + NOTE: No upstream-blessed patch available. +CVE-2017-10788 (The DBD::mysql module through 4.043 for Perl allows remote attackers t ...) + {DLA-1079-1} + - libdbd-mysql-perl 4.046-1 (bug #866818) + [stretch] - libdbd-mysql-perl (Minor issue, can be fixed via point release) + [jessie] - libdbd-mysql-perl (Minor issue, can be fixed via point release) + NOTE: http://seclists.org/oss-sec/2017/q2/443 + NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/120 + NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/142 +CVE-2017-10787 + RESERVED +CVE-2017-10786 + RESERVED +CVE-2017-10785 + RESERVED +CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...) + {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1} + - ruby2.3 2.3.5-1 (bug #875931) + - ruby2.1 + - ruby1.9.1 + - ruby1.8 + NOTE: https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/ + NOTE: https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7 + NOTE: https://hackerone.com/reports/223363 +CVE-2017-10783 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10782 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10781 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10780 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10779 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10778 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10777 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10776 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10775 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10774 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10773 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10772 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10771 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10770 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10769 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10768 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10767 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10766 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10765 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10764 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10763 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10762 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10761 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10760 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10759 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10758 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10757 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10756 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10755 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10754 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10753 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10752 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10751 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...) + NOT-FOR-US: XnView +CVE-2017-10750 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10749 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10748 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10747 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10746 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10745 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10744 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10743 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10742 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10741 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10740 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10739 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10738 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10737 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10736 (XnView Classic for Windows Version 2.40 allows attackers to execute ar ...) + NOT-FOR-US: XnView +CVE-2017-10735 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) + NOT-FOR-US: IrfanView +CVE-2017-10734 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) + NOT-FOR-US: IrfanView +CVE-2017-10733 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) + NOT-FOR-US: IrfanView +CVE-2017-10732 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) + NOT-FOR-US: IrfanView +CVE-2017-10731 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) + NOT-FOR-US: IrfanView +CVE-2017-10730 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) + NOT-FOR-US: IrfanView +CVE-2017-10729 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary c ...) + NOT-FOR-US: IrfanView +CVE-2017-10728 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) + NOT-FOR-US: Winamp +CVE-2017-10727 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) + NOT-FOR-US: Winamp +CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrar ...) + NOT-FOR-US: Winamp +CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary cod ...) + NOT-FOR-US: Winamp +CVE-2017-10724 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10723 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10722 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10721 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10720 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10719 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10718 (Recently it was discovered as a part of the research on IoT devices in ...) + NOT-FOR-US: Shekar Endoscope +CVE-2017-10717 + RESERVED +CVE-2017-10716 + RESERVED +CVE-2017-10715 + RESERVED +CVE-2017-10714 + RESERVED +CVE-2017-10713 + RESERVED +CVE-2017-10712 + RESERVED +CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send P ...) + NOT-FOR-US: SimpleRisk +CVE-2017-10710 + RESERVED +CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...) + NOT-FOR-US: Elephone P9000 devices +CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...) + NOT-FOR-US: Apport +CVE-2017-10707 + RESERVED +CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...) + NOT-FOR-US: When Antiy Antivirus Engine +CVE-2017-10705 + RESERVED +CVE-2017-10704 + RESERVED +CVE-2017-10703 + RESERVED +CVE-2017-10702 + RESERVED +CVE-2017-10701 (Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 ...) + NOT-FOR-US: SAP Enterprise Portal +CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authentica ...) + NOT-FOR-US: QNAP +CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before 201 ...) + {DSA-4045-1} + - vlc 2.2.6-3 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49 + NOTE: https://trac.videolan.org/vlc/ticket/18467 +CVE-2017-10698 + RESERVED +CVE-2017-10697 + RESERVED +CVE-2017-10696 + RESERVED +CVE-2017-10695 + RESERVED +CVE-2017-10694 + RESERVED +CVE-2017-10693 + RESERVED +CVE-2017-10692 + RESERVED +CVE-2017-10691 + RESERVED +CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...) + - puppet (Only affects Puppet 5, only in experimental) + NOTE: https://puppet.com/security/cve/CVE-2017-10690 + NOTE: https://tickets.puppetlabs.com/browse/PUP-8225 + NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b +CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a modu ...) + - puppet 5.4.0-1 (bug #890412) + [stretch] - puppet (Minor issue) + [jessie] - puppet (Minor issue) + [wheezy] - puppet (vulnerable code not present) + NOTE: https://puppet.com/security/cve/CVE-2017-10689 + NOTE: https://tickets.puppetlabs.com/browse/PUP-7866 + NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee + NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399 +CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the TIFFWriteDirectory ...) + {DSA-3903-1 DLA-1022-1} + - tiff 4.0.8-3 (bug #866611) + - tiff3 + [wheezy] - tiff3 (vulnerable code not present) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1 +CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the functi ...) + NOTE: Bogus report against historic libsass version +CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...) + {DLA-1041-1} + - nasm 2.13.02-0.1 (bug #867988) + [stretch] - nasm (Minor issue) + [jessie] - nasm (Minor issue) + NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414 +CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entr ...) + - ncurses 6.0+20170701-1 + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692 +CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entr ...) + - ncurses 6.0+20170708-1 + [stretch] - ncurses 6.0+20161126-1+deb9u1 + [jessie] - ncurses 5.9+20140913-1+deb8u1 + [wheezy] - ncurses (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687 +CVE-2017-10683 (In mpg123 1.25.0, there is a heap-based buffer over-read in the conver ...) + {DLA-1017-1} + - mpg123 1.25.1-1 (bug #866860) + [stretch] - mpg123 (Minor issue) + [jessie] - mpg123 (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465819 + NOTE: Duplicate of https://sourceforge.net/p/mpg123/bugs/252/ + NOTE: Patch: http://scm.orgis.org/view/mpg123/trunk/src/libmpg123/id3.c?sortby=date&r1=4249&r2=4248&pathrev=4249 +CVE-2017-10682 (SQL injection vulnerability in the administrative backend in Piwigo th ...) + - piwigo +CVE-2017-10681 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) + - piwigo +CVE-2017-10680 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) + - piwigo +CVE-2017-10679 (Piwigo through 2.9.1 allows remote attackers to obtain sensitive infor ...) + - piwigo +CVE-2017-10678 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9. ...) + - piwigo +CVE-2017-10677 (Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices wit ...) + NOT-FOR-US: Linksys EA4500 devices +CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was ...) + NOT-FOR-US: D-Link +CVE-2017-10675 + RESERVED +CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a de ...) + NOT-FOR-US: Antiy Antivirus Engine +CVE-2015-9106 + RESERVED + NOT-FOR-US: WordPress plugin the-holiday-calendar +CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video ...) + NOT-FOR-US: Synology +CVE-2015-9104 (Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5 ...) + NOT-FOR-US: Synology +CVE-2015-9103 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Note S ...) + NOT-FOR-US: Synology +CVE-2015-9102 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...) + NOT-FOR-US: Synology +CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field.) + NOT-FOR-US: GetSimple CMS +CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...) + {DSA-4042-1 DLA-1171-1} + - libxml-libxml-perl 2.0128+dfsg-5 (bug #866676) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246 + NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8 +CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...) + - thttpd +CVE-2017-10670 (An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as use ...) + NOT-FOR-US: OSCI-Transport +CVE-2017-10669 (Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transp ...) + NOT-FOR-US: OSCI-Transport +CVE-2017-10668 (A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transpor ...) + NOT-FOR-US: OSCI-Transport +CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can cause XS ...) + NOT-FOR-US: Zen Cart +CVE-2017-10666 + RESERVED +CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson Grou ...) + NOT-FOR-US: Kayson Group Ltd. phpGrid +CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf thr ...) + - dwarfutils 20170416-3 (bug #866968) + [stretch] - dwarfutils 20161124-1+deb9u1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756 +CVE-2017-9997 + RESERVED +CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which a ...) + {DSA-3920-1 DLA-1599-1 DLA-1071-1 DLA-1070-1} + - qemu 1:2.8+dfsg-7 (bug #866674) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html + NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1 +CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...) + - linux 4.12.6-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux (Hard to backport and low priority outside of Android) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1) +CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ke ...) + - linux 4.9.30-1 + [jessie] - linux (Hard to backport and low priority outside of Android) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1) +CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allo ...) + {DLA-1099-1} + - linux 4.9.30-1 + [jessie] - linux 3.16.43-2+deb8u5 + NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1) +CVE-2017-10660 + REJECTED +CVE-2017-10659 + REJECTED +CVE-2017-10658 + REJECTED +CVE-2017-10657 + REJECTED +CVE-2017-10656 + REJECTED +CVE-2017-10655 + REJECTED +CVE-2017-10654 + REJECTED +CVE-2017-10653 + REJECTED +CVE-2017-10652 + REJECTED +CVE-2017-10651 + REJECTED +CVE-2017-10650 + RESERVED +CVE-2017-10649 + RESERVED +CVE-2017-10648 + RESERVED +CVE-2017-10647 + RESERVED +CVE-2017-10646 + RESERVED +CVE-2017-10645 + RESERVED +CVE-2017-10644 + RESERVED +CVE-2017-10643 + RESERVED +CVE-2017-10642 + RESERVED +CVE-2017-10641 + RESERVED +CVE-2017-10640 + RESERVED +CVE-2017-10639 + RESERVED +CVE-2017-10638 + RESERVED +CVE-2017-10637 + RESERVED +CVE-2017-10636 + RESERVED +CVE-2017-10635 + RESERVED +CVE-2017-10634 + RESERVED +CVE-2017-10633 + RESERVED +CVE-2017-10632 + RESERVED +CVE-2017-10631 + RESERVED +CVE-2017-10630 + RESERVED +CVE-2017-10629 + RESERVED +CVE-2017-10628 + RESERVED +CVE-2017-10627 + RESERVED +CVE-2017-10626 + RESERVED +CVE-2017-10625 + RESERVED +CVE-2017-10624 (Insufficient verification of node certificates in Juniper Networks Jun ...) + NOT-FOR-US: Juniper +CVE-2017-10623 (Lack of authentication and authorization of cluster messages in Junipe ...) + NOT-FOR-US: Juniper +CVE-2017-10622 (An authentication bypass vulnerability in Juniper Networks Junos Space ...) + NOT-FOR-US: Juniper +CVE-2017-10621 (A denial of service vulnerability in telnetd service on Juniper Networ ...) + NOT-FOR-US: Juniper +CVE-2017-10620 (Juniper Networks Junos OS on SRX series devices do not verify the HTTP ...) + NOT-FOR-US: Juniper +CVE-2017-10619 (When Express Path (formerly known as service offloading) is configured ...) + NOT-FOR-US: Juniper +CVE-2017-10618 (When the 'bgp-error-tolerance' feature â€" designed to help ...) + NOT-FOR-US: Juniper +CVE-2017-10617 (The ifmap service that comes bundled with Contrail has an XML External ...) + NOT-FOR-US: Juniper +CVE-2017-10616 (The ifmap service that comes bundled with Juniper Networks Contrail re ...) + NOT-FOR-US: Juniper +CVE-2017-10615 (A vulnerability in the pluggable authentication module (PAM) of Junipe ...) + NOT-FOR-US: Juniper +CVE-2017-10614 (A vulnerability in telnetd service on Junos OS allows a remote attacke ...) + NOT-FOR-US: Juniper +CVE-2017-10613 (A vulnerability in a specific loopback filter action command, processe ...) + NOT-FOR-US: Juniper +CVE-2017-10612 (A persistent site scripting vulnerability in Juniper Networks Junos Sp ...) + NOT-FOR-US: Juniper +CVE-2017-10611 (If extended statistics are enabled via 'set chassis extended-statistic ...) + NOT-FOR-US: Juniper +CVE-2017-10610 (On SRX Series devices, a crafted ICMP packet embedded within a NAT64 I ...) + NOT-FOR-US: Juniper +CVE-2017-10609 + RESERVED +CVE-2017-10608 (Any Juniper Networks SRX series device with one or more ALGs enabled m ...) + NOT-FOR-US: Juniper +CVE-2017-10607 (Juniper Networks Junos OS 16.1R1, and services releases based off of 1 ...) + NOT-FOR-US: Juniper +CVE-2017-10606 (Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper ...) + NOT-FOR-US: Juniper +CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP relay is con ...) + NOT-FOR-US: Juniper +CVE-2017-10604 (When the device is configured to perform account lockout with a define ...) + NOT-FOR-US: Juniper +CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a locally aut ...) + NOT-FOR-US: Juniper +CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a local auth ...) + NOT-FOR-US: Juniper +CVE-2017-10601 (A specific device configuration can result in a commit failure conditi ...) + NOT-FOR-US: Juniper +CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...) + NOT-FOR-US: ubuntu-image +CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x be ...) + - ffmpeg 7:3.2.5-1 + - libav (Vulnerable feature not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d + NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature that is + NOTE: not present in Libav. Libav detects CHUNKY files and bails out early. +CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validat ...) + - ffmpeg (Vulnerable code not present) + - libav (Vulnerable code not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706 +CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x b ...) + {DLA-1630-1} + - ffmpeg 7:3.2.5-1 + - libav + [wheezy] - libav (Vulnerable code not present, WebP decoder feature introduced in v10) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef +CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6 ...) + {DSA-3957-1 DLA-1630-1} + - ffmpeg 7:3.2.6-1 + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb + NOTE: Fixed in 3.2.6 + NOTE: Jessie is only partially affected. Only the second commit is + NOTE: relevant. HTTP Live Streaming filename extension code is not present. +CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in libavcodec/d ...) + {DSA-4012-1 DLA-1142-1} + - ffmpeg 7:3.2.5-1 + - libav + NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360 + NOTE: Fixed in 11.11 +CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in libavco ...) + - ffmpeg 7:3.2.5-1 + - libav (Vulnerable feature not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06 + NOTE: The error occurs in the support for 8bpp XWD images where bpp and image + NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp + NOTE: images and bails out early -- Diego Biurrun (libav project) +CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in li ...) + - ffmpeg (Vulnerable code not present) + - libav (Vulnerable code not present) + NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879 +CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A craf ...) + {DLA-1176-1} + - ming + NOTE: https://github.com/libming/libming/issues/86 +CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...) + {DLA-1176-1} + - ming + NOTE: https://github.com/libming/libming/issues/85 +CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in m ...) + {DLA-1907-1} + - libav + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1067 + NOTE: Five different issues but only one POC instead of five attached. + NOTE: Requires more information. +CVE-2017-9986 (The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel thr ...) + - linux 4.15.4-1 (unimportant) + NOTE: No security issue, only "exploitable" with malicious ISA cards +CVE-2017-9985 (The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...) + - linux 4.13.4-1 (unimportant) + [stretch] - linux 4.9.51-1 + NOTE: No security issue, only "exploitable" with malicious ISA cards + NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196133 +CVE-2017-9984 (The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in t ...) + - linux 4.13.4-1 (unimportant) + [stretch] - linux 4.9.51-1 + NOTE: No security issue, only "exploitable" with malicious ISA cards + NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196131 +CVE-2017-9983 + RESERVED +CVE-2017-9982 (TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of s ...) + - teamspeak-client + [wheezy] - teamspeak-client (non-free is not supported) +CVE-2017-9981 + RESERVED +CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "P ...) + NOT-FOR-US: Green Packet +CVE-2017-9979 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the RE ...) + NOT-FOR-US: QuantaStor +CVE-2017-9978 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw wa ...) + NOT-FOR-US: QuantaStor +CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow remot ...) + NOT-FOR-US: AVG +CVE-2017-9976 + RESERVED +CVE-2017-9975 + REJECTED +CVE-2017-9974 + REJECTED +CVE-2017-9973 + REJECTED +CVE-2017-9972 + REJECTED +CVE-2017-9971 + REJECTED +CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's S ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider Electric ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider Electric ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's Pe ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco Vide ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX vers ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9958 (An improper access control vulnerability exists in Schneider Electric' ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder softwa ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor (B ...) + - binutils 2.29-1 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21665 +CVE-2017-9954 (The getvalue function in tekhex.c in the Binary File Descriptor (BFD) ...) + - binutils 2.29-1 + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670 +CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a S ...) + - exiv2 (Vulnerable code not present) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061 + NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea + NOTE: which introduces printIFDStructure function and later restructurated + NOTE: again. Around that commit upstream source though does not build. +CVE-2017-9952 + RESERVED +CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.3 ...) + {DSA-4218-1 DLA-1033-1} + - memcached 1.5.0-1 (bug #868701) + NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/ + NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167 +CVE-2017-9950 + RESERVED +CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 al ...) + - radare2 1.6.0+dfsg-1 (bug #866068) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/issues/7683 + NOTE: https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191 +CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...) + NOT-FOR-US: Microsoft Skype +CVE-2017-9947 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...) + NOT-FOR-US: Siemens +CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...) + NOT-FOR-US: Siemens +CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (Al ...) + NOT-FOR-US: Siemens +CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manage ...) + NOT-FOR-US: Siemens +CVE-2017-9943 + RESERVED +CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) + NOT-FOR-US: Siemens +CVE-2017-9941 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) + NOT-FOR-US: Siemens +CVE-2017-9940 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) + NOT-FOR-US: Siemens +CVE-2017-9939 (A vulnerability was discovered in Siemens SiPass integrated (All versi ...) + NOT-FOR-US: Siemens +CVE-2017-9938 (A vulnerability was discovered in Siemens SIMATIC Logon (All versions ...) + NOT-FOR-US: Siemens +CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A cr ...) + - jbigkit (unimportant; bug #869708) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2707 + NOTE: The CVE was assigned for src:tiff by MITRE, but the issue actually lies + NOTE: in jbigkit itself. +CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...) + {DSA-3903-1 DLA-1023-1 DLA-1022-1} + - tiff 4.0.8-3 (bug #866113) + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a +CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_wri ...) + {DSA-4100-1 DLA-1206-1} + - tiff 4.0.9-2 (bug #866109) + - tiff3 + [wheezy] - tiff3 (does not build vulnerable tiff2pdf) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704 + NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940 +CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...) + NOT-FOR-US: Joomla! +CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads t ...) + NOT-FOR-US: Joomla! +CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a defa ...) + NOT-FOR-US: Green Packet +CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware vers ...) + NOT-FOR-US: Green Packet +CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmwa ...) + NOT-FOR-US: Green Packet +CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (bug #866020) + [jessie] - lrzip (Minor issue) + [wheezy] - lrzip (Minor issue) + NOTE: https://github.com/ckolivas/lrzip/issues/75 + NOTE: https://github.com/ckolivas/lrzip/commit/7123f5545bc68833a7a017bfeaf5720577d00041 (v0.640) +CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function get_ ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (bug #866022) + [jessie] - lrzip (Minor issue) + [wheezy] - lrzip (Minor issue) + NOTE: https://github.com/ckolivas/lrzip/issues/74 + NOTE: https://github.com/ckolivas/lrzip/commit/f12c4a35f971eed00b8979bda6cd5e647986ed63 (v0.640) +CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) + - swftools (unimportant) + NOTE: No actionable information, just a crash report against a four year old release + NOTE: https://github.com/matthiaskramm/swftools/issues/41 +CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) + - swftools (unimportant) + NOTE: No actionable information, just a crash report against a four year old release + NOTE: https://github.com/matthiaskramm/swftools/issues/41 +CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) + - swftools (unimportant) + NOTE: No actionable information, just a crash report against a four year old release + NOTE: https://github.com/matthiaskramm/swftools/issues/41 +CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attacker ...) + - swftools (unimportant) + NOTE: No actionable information, just a crash report against a four year old release + NOTE: https://github.com/matthiaskramm/swftools/issues/41 +CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9922 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9921 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9920 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9919 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9918 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9917 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9916 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9915 (IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers ...) + NOT-FOR-US: IrfanView +CVE-2017-9914 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9913 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9912 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9911 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9910 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9909 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9908 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9907 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9906 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9905 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9904 (XnView Classic for Windows Version 2.40 allows remote attackers to cau ...) + NOT-FOR-US: XnView +CVE-2017-9903 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9902 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9901 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9900 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9899 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9898 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9897 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9896 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9895 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9894 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9893 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9892 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9891 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9890 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9889 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9888 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9887 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9886 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9885 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9884 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9883 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9882 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9881 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9880 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9879 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9878 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9877 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9876 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9875 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9874 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in l ...) + - lame 3.99.5+repack1-8 (bug #867725) + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/ + NOTE: https://sourceforge.net/p/lame/bugs/482/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...) + - lame 3.99.5+repack1-8 (bug #867725) + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/ + NOTE: https://sourceforge.net/p/lame/bugs/483/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in libmpgdeco ...) + - lame 3.99.5+repack1-8 (bug #867725) + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/ + NOTE: https://sourceforge.net/p/lame/bugs/481/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in libmpgdecod ...) + - lame 3.99.5+repack1-8 (bug #867725) + [jessie] - lame 3.99.5+repack1-7+deb8u2 + NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/ + NOTE: https://sourceforge.net/p/lame/bugs/475/ + NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed + NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be + NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations +CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) i ...) + {DLA-1525-1 DLA-1146-1} + - mosquitto 1.4.14-1 (bug #865959) + [stretch] - mosquitto 1.4.10-3+deb9u1 + NOTE: https://github.com/eclipse/mosquitto/issues/468 + NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7 +CVE-2017-9867 + RESERVED +CVE-2017-9866 + RESERVED +CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54. ...) + {DSA-4079-1 DLA-1074-1} + - poppler 0.57.0-2 (bug #867477) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774 + NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html + NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=75fff6556eaf0ef3a6fcdef2c2229d0b6d1c58d9 +CVE-2017-9864 (An issue was discovered in SMA Solar Technology products. An attacker ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9863 (An issue was discovered in SMA Solar Technology products. If a user si ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9862 (An issue was discovered in SMA Solar Technology products. When signed ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9861 (An issue was discovered in SMA Solar Technology products. The SIP impl ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9860 (An issue was discovered in SMA Solar Technology products. An attacker ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9859 (An issue was discovered in SMA Solar Technology products. The inverter ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9858 (An issue was discovered in SMA Solar Technology products. By sending c ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9857 (An issue was discovered in SMA Solar Technology products. The SMAdata2 ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9856 (An issue was discovered in SMA Solar Technology products. Sniffed pass ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9855 (An issue was discovered in SMA Solar Technology products. A secondary ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9854 (An issue was discovered in SMA Solar Technology products. By sniffing ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9853 (An issue was discovered in SMA Solar Technology products. All inverter ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9852 (An Incorrect Password Management issue was discovered in SMA Solar Tec ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9851 (An issue was discovered in SMA Solar Technology products. By sending n ...) + NOT-FOR-US: SMA Solar Technology products +CVE-2017-9850 + RESERVED +CVE-2017-9849 + RESERVED +CVE-2017-9848 (SQL injection vulnerability in C_InfoService.asmx in WebServices in Ea ...) + NOT-FOR-US: Easysite +CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote ...) + - libtorrent-rasterbar 1.1.4-1 (bug #865845) + [stretch] - libtorrent-rasterbar (Minor issue) + [jessie] - libtorrent-rasterbar (Minor issue) + [wheezy] - libtorrent-rasterbar (new bdecode introduced in 1.1.0; vulnerable code not present) + NOTE: https://github.com/arvidn/libtorrent/issues/2099 + NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db + NOTE: Pre-1.1.0 versions possibly similarly affected in lazy_bdecode.cpp +CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...) + NOT-FOR-US: Winmail Server +CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attacke ...) + NOT-FOR-US: SAP +CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a deni ...) + NOT-FOR-US: SAP +CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with cert ...) + NOT-FOR-US: SAP +CVE-2017-9842 + RESERVED +CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...) + - phpunit 5.4.6-2 (bug #866200) + [stretch] - phpunit 5.4.6-2~deb9u1 + [jessie] - phpunit (Issue introduced later; vulnerable code not present) + [wheezy] - phpunit (Issue introduced later; vulnerable code not present) + NOTE: https://github.com/sebastianbergmann/phpunit/pull/1956 + NOTE: https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5 + NOTE: http://phpunit.vulnbusters.com/ +CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...) + - dolibarr (bug #867495) +CVE-2017-9839 (Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 ...) + - dolibarr +CVE-2017-9838 (Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scriptin ...) + - dolibarr +CVE-2017-9837 + REJECTED +CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...) + - piwigo +CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869907) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1) +CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for W ...) + NOT-FOR-US: WatuPRO plugin for WordPress +CVE-2017-9833 (/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." us ...) + NOT-FOR-US: Undetermined product + NOTE: /wapopen is not part of BOA, it's probably an insecure CGI + NOTE: script used in some embedded product relying on BOA as webserver. + NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog +CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL functi ...) + {DLA-2169-1 DLA-1029-1} + - libmtp 1.1.13-1 + NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/ + NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ + NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at +CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx f ...) + {DLA-2169-1 DLA-1029-1} + - libmtp 1.1.13-1 + NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/ + NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/ + NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at +CVE-2017-9830 (Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the or ...) + NOT-FOR-US: Code42 +CVE-2017-9829 ('/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the ...) + NOT-FOR-US: VIVOTEK Network Cameras +CVE-2017-9828 ('/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVO ...) + NOT-FOR-US: VIVOTEK Network Cameras +CVE-2017-9827 + RESERVED +CVE-2017-9826 + RESERVED +CVE-2017-11104 (Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within th ...) + {DSA-3910-1} + - knot 2.5.3-1 (bug #865678) + NOTE: https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html + NOTE: http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf +CVE-2017-9825 + RESERVED +CVE-2017-9824 + RESERVED +CVE-2017-9823 + RESERVED +CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a cook ...) + NOT-FOR-US: DotNetNuke +CVE-2017-9821 (The National Payments Corporation of India BHIM application 1.3 for An ...) + NOT-FOR-US: India BHIM +CVE-2017-9820 (The National Payments Corporation of India BHIM application 1.3 for An ...) + NOT-FOR-US: India BHIM +CVE-2017-9819 (The National Payments Corporation of India BHIM application 1.3 for An ...) + NOT-FOR-US: India BHIM +CVE-2017-9818 (The National Payments Corporation of India BHIM application 1.3 for An ...) + NOT-FOR-US: India BHIM +CVE-2017-9817 + RESERVED +CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Moni ...) + NOT-FOR-US: Paessler PRTG Network Monitor +CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/t ...) + - tiff 4.0.8-1 + [jessie] - tiff 4.0.3-12.3+deb8u4 + [wheezy] - tiff 4.0.2-6+deb7u14 + - tiff3 + [wheezy] - tiff3 3.9.6-11+deb7u6 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b + NOTE: The issue is addressed with the same commit as for CVE-2017-9403 +CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote atta ...) + - cairo 1.16.0-1 (low; bug #868580) + [stretch] - cairo (Minor issue) + [jessie] - cairo (Minor issue) + [wheezy] - cairo (Minor issue) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547 + NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/264 + NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/commit/199823938780c8e50099b627d3e9137acba7a263 (1.15.14) +CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...) + NOT-FOR-US: Kaspersky Anti-Virus +CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be abu ...) + NOT-FOR-US: Kaspersky Anti-Virus +CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in Kaspe ...) + NOT-FOR-US: Kaspersky Anti-Virus +CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in Kas ...) + NOT-FOR-US: Kaspersky Anti-Virus +CVE-2017-9809 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Inform ...) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2017-9808 (OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross ...) + NOT-FOR-US: OX Software GmbH OX App Suite +CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attack ...) + NOT-FOR-US: Redgate SQL Monitor +CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 o ...) + NOT-FOR-US: OpenWebif plugin for E2 +CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...) + - libreoffice 1:3.4.3-1 + NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295 + NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806 + NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10 +CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and ...) + - libstruts1.2-java + [wheezy] - libstruts1.2-java (vulnerable code not present) + NOTE: https://struts.apache.org/docs/s2-052.html +CVE-2017-9804 (In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an ap ...) + - libstruts1.2-java + [wheezy] - libstruts1.2-java (Minor issue) + NOTE: DOS class vulnerability and classified as low by upstream. + NOTE: https://struts.apache.org/docs/s2-050.html +CVE-2017-9803 (Apache Solr's Kerberos plugin can be configured to use delegation toke ...) + - lucene-solr (Introduced in 6.2) +CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...) + NOT-FOR-US: Apache Sling +CVE-2017-9801 (When a call-site passes a subject for an email that contains line-brea ...) + - commons-email (Fixed with first upload to Debian) + NOTE: https://commons.apache.org/proper/commons-email/security-reports.html + NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801385 + NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801388 + NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801389 +CVE-2017-9800 (A maliciously constructed svn+ssh:// URL would cause Subversion client ...) + {DSA-3932-1 DLA-1052-1} + - subversion 1.9.7-1 + NOTE: Fixed by: http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691 + NOTE: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt +CVE-2017-9799 (It was found that under some situations and configurations of Apache S ...) + NOT-FOR-US: Apache Storm +CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from process ...) + {DSA-3980-1 DLA-1102-1} + - apache2 2.4.27-6 (bug #876109) + NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html + NOTE: https://github.com/hannob/optionsbleed + NOTE: Patch: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch + NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch +CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure mode ...) + NOT-FOR-US: Apache Geode +CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) + NOT-FOR-US: Apache Geode +CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...) + NOT-FOR-US: Apache Geode +CVE-2017-9794 (When a cluster is operating in secure mode, a user with read privilege ...) + NOT-FOR-US: Apache Geode +CVE-2017-9793 (The REST Plugin in Apache Struts 2.1.x, 2.3.7 through 2.3.33 and 2.5 t ...) + - libstruts1.2-java + [wheezy] - libstruts1.2-java (vulnerable code not present) + NOTE: https://struts.apache.org/docs/s2-051.html +CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with "AL ...) + NOT-FOR-US: Apache Impala +CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remot ...) + - libstruts1.2-java (Vulnerable code not present) + NOTE: Issue is specific to Struts 2.x. +CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, libproc ...) + - apache-mesos (bug #760315) +CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...) + - apache2 (Only affected 2.4.26) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 +CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value place ...) + {DSA-3913-1 DLA-1028-1} + - apache2 2.4.27-1 (bug #868467) + NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27 + NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955 + NOTE: 2.4.x: https://github.com/apache/httpd/commit/549ba6a39aa0df78a610025f74f3a06503a70f67 + NOTE: trunk: https://github.com/apache/httpd/commit/c5d3719133b9e5dab0d540c5aa03b2fdabc30395 +CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is p ...) + - libstruts1.2-java (Vulnerable code not present) + NOTE: Issue is specific to Struts 2.x. + NOTE: https://struts.apache.org/docs/s2-049.html +CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...) + NOT-FOR-US: ProjectSend +CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse h ...) + NOT-FOR-US: NancyFX Nancy +CVE-2017-9784 + RESERVED +CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP ...) + NOT-FOR-US: ProjectSend +CVE-2017-10599 + RESERVED +CVE-2017-10598 + RESERVED +CVE-2017-10597 + RESERVED +CVE-2017-10596 + RESERVED +CVE-2017-10595 + RESERVED +CVE-2017-10594 + RESERVED +CVE-2017-10593 + RESERVED +CVE-2017-10592 + RESERVED +CVE-2017-10591 + RESERVED +CVE-2017-10590 + RESERVED +CVE-2017-10589 + RESERVED +CVE-2017-10588 + RESERVED +CVE-2017-10587 + RESERVED +CVE-2017-10586 + RESERVED +CVE-2017-10585 + RESERVED +CVE-2017-10584 + RESERVED +CVE-2017-10583 + RESERVED +CVE-2017-10582 + RESERVED +CVE-2017-10581 + RESERVED +CVE-2017-10580 + RESERVED +CVE-2017-10579 + RESERVED +CVE-2017-10578 + RESERVED +CVE-2017-10577 + RESERVED +CVE-2017-10576 + RESERVED +CVE-2017-10575 + RESERVED +CVE-2017-10574 + RESERVED +CVE-2017-10573 + RESERVED +CVE-2017-10572 + RESERVED +CVE-2017-10571 + RESERVED +CVE-2017-10570 + RESERVED +CVE-2017-10569 + RESERVED +CVE-2017-10568 + RESERVED +CVE-2017-10567 + RESERVED +CVE-2017-10566 + RESERVED +CVE-2017-10565 + RESERVED +CVE-2017-10564 + RESERVED +CVE-2017-10563 + RESERVED +CVE-2017-10562 + RESERVED +CVE-2017-10561 + RESERVED +CVE-2017-10560 + RESERVED +CVE-2017-10559 + RESERVED +CVE-2017-10558 + RESERVED +CVE-2017-10557 + RESERVED +CVE-2017-10556 + RESERVED +CVE-2017-10555 + RESERVED +CVE-2017-10554 + RESERVED +CVE-2017-10553 + RESERVED +CVE-2017-10552 + RESERVED +CVE-2017-10551 + RESERVED +CVE-2017-10550 + RESERVED +CVE-2017-10549 + RESERVED +CVE-2017-10548 + RESERVED +CVE-2017-10547 + RESERVED +CVE-2017-10546 + RESERVED +CVE-2017-10545 + RESERVED +CVE-2017-10544 + RESERVED +CVE-2017-10543 + RESERVED +CVE-2017-10542 + RESERVED +CVE-2017-10541 + RESERVED +CVE-2017-10540 + RESERVED +CVE-2017-10539 + RESERVED +CVE-2017-10538 + RESERVED +CVE-2017-10537 + RESERVED +CVE-2017-10536 + RESERVED +CVE-2017-10535 + RESERVED +CVE-2017-10534 + RESERVED +CVE-2017-10533 + RESERVED +CVE-2017-10532 + RESERVED +CVE-2017-10531 + RESERVED +CVE-2017-10530 + RESERVED +CVE-2017-10529 + RESERVED +CVE-2017-10528 + RESERVED +CVE-2017-10527 + RESERVED +CVE-2017-10526 + RESERVED +CVE-2017-10525 + RESERVED +CVE-2017-10524 + RESERVED +CVE-2017-10523 + RESERVED +CVE-2017-10522 + RESERVED +CVE-2017-10521 + RESERVED +CVE-2017-10520 + RESERVED +CVE-2017-10519 + RESERVED +CVE-2017-10518 + RESERVED +CVE-2017-10517 + RESERVED +CVE-2017-10516 + RESERVED +CVE-2017-10515 + RESERVED +CVE-2017-10514 + RESERVED +CVE-2017-10513 + RESERVED +CVE-2017-10512 + RESERVED +CVE-2017-10511 + RESERVED +CVE-2017-10510 + RESERVED +CVE-2017-10509 + RESERVED +CVE-2017-10508 + RESERVED +CVE-2017-10507 + RESERVED +CVE-2017-10506 + RESERVED +CVE-2017-10505 + RESERVED +CVE-2017-10504 + RESERVED +CVE-2017-10503 + RESERVED +CVE-2017-10502 + RESERVED +CVE-2017-10501 + RESERVED +CVE-2017-10500 + RESERVED +CVE-2017-10499 + RESERVED +CVE-2017-10498 + RESERVED +CVE-2017-10497 + RESERVED +CVE-2017-10496 + RESERVED +CVE-2017-10495 + RESERVED +CVE-2017-10494 + RESERVED +CVE-2017-10493 + RESERVED +CVE-2017-10492 + RESERVED +CVE-2017-10491 + RESERVED +CVE-2017-10490 + RESERVED +CVE-2017-10489 + RESERVED +CVE-2017-10488 + RESERVED +CVE-2017-10487 + RESERVED +CVE-2017-10486 + RESERVED +CVE-2017-10485 + RESERVED +CVE-2017-10484 + RESERVED +CVE-2017-10483 + RESERVED +CVE-2017-10482 + RESERVED +CVE-2017-10481 + RESERVED +CVE-2017-10480 + RESERVED +CVE-2017-10479 + RESERVED +CVE-2017-10478 + RESERVED +CVE-2017-10477 + RESERVED +CVE-2017-10476 + RESERVED +CVE-2017-10475 + RESERVED +CVE-2017-10474 + RESERVED +CVE-2017-10473 + RESERVED +CVE-2017-10472 + RESERVED +CVE-2017-10471 + RESERVED +CVE-2017-10470 + RESERVED +CVE-2017-10469 + RESERVED +CVE-2017-10468 + RESERVED +CVE-2017-10467 + RESERVED +CVE-2017-10466 + RESERVED +CVE-2017-10465 + RESERVED +CVE-2017-10464 + RESERVED +CVE-2017-10463 + RESERVED +CVE-2017-10462 + RESERVED +CVE-2017-10461 + RESERVED +CVE-2017-10460 + RESERVED +CVE-2017-10459 + RESERVED +CVE-2017-10458 + RESERVED +CVE-2017-10457 + RESERVED +CVE-2017-10456 + RESERVED +CVE-2017-10455 + RESERVED +CVE-2017-10454 + RESERVED +CVE-2017-10453 + RESERVED +CVE-2017-10452 + RESERVED +CVE-2017-10451 + RESERVED +CVE-2017-10450 + RESERVED +CVE-2017-10449 + RESERVED +CVE-2017-10448 + RESERVED +CVE-2017-10447 + RESERVED +CVE-2017-10446 + RESERVED +CVE-2017-10445 + RESERVED +CVE-2017-10444 + RESERVED +CVE-2017-10443 + RESERVED +CVE-2017-10442 + RESERVED +CVE-2017-10441 + RESERVED +CVE-2017-10440 + RESERVED +CVE-2017-10439 + RESERVED +CVE-2017-10438 + RESERVED +CVE-2017-10437 + RESERVED +CVE-2017-10436 + RESERVED +CVE-2017-10435 + RESERVED +CVE-2017-10434 + RESERVED +CVE-2017-10433 + RESERVED +CVE-2017-10432 + RESERVED +CVE-2017-10431 + RESERVED +CVE-2017-10430 + RESERVED +CVE-2017-10429 + RESERVED +CVE-2017-10428 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.30-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10427 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) + NOT-FOR-US: Oracle +CVE-2017-10426 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-10425 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10424 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) + NOT-FOR-US: MySQL Enterprise Monitor component of Oracle MySQL +CVE-2017-10423 (Vulnerability in the Oracle Retail Back Office component of Oracle Ret ...) + NOT-FOR-US: Oracle +CVE-2017-10422 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10421 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10420 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10419 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10418 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + NOT-FOR-US: Oracle +CVE-2017-10417 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10416 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10415 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-10414 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10413 (Vulnerability in the Oracle Mobile Field Service component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10412 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10411 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10410 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10409 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10408 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.30-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10407 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.30-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10406 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10405 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10404 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10403 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10402 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10401 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) + NOT-FOR-US: Oracle +CVE-2017-10400 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-10399 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) + NOT-FOR-US: Oracle +CVE-2017-10398 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) + NOT-FOR-US: Oracle +CVE-2017-10397 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) + NOT-FOR-US: Oracle +CVE-2017-10396 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...) + NOT-FOR-US: Oracle +CVE-2017-10395 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) + NOT-FOR-US: Oracle +CVE-2017-10394 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10393 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-10392 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.30-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10391 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-10390 + RESERVED +CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10387 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-4002-1 DSA-3944-1 DLA-1141-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (bug #878402) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10383 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10382 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-4002-1 DSA-3944-1 DLA-1141-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (bug #878402) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.29-1 + - mariadb-10.0 + - mysql-5.7 (Fixed before initial release to Debian, upstream 5.7.12) + - mysql-5.5 (bug #878402) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL + NOTE: https://jira.mariadb.org/browse/MDEV-13819 + NOTE: https://github.com/MariaDB/server/commit/b000e169562697aa072600695d4f0c0412f94f4f +CVE-2017-10377 + RESERVED +CVE-2017-10376 + RESERVED +CVE-2017-10375 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10374 + RESERVED +CVE-2017-10373 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + NOT-FOR-US: Oracle +CVE-2017-10372 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10371 + RESERVED +CVE-2017-10370 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10369 (Vulnerability in the Oracle Virtual Directory component of Oracle Fusi ...) + NOT-FOR-US: Oracle +CVE-2017-10368 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...) + NOT-FOR-US: Oracle +CVE-2017-10367 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + NOT-FOR-US: Oracle +CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mariadb-10.2 (bug #884065) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10364 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10363 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10362 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10361 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) + NOT-FOR-US: Oracle +CVE-2017-10360 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) + NOT-FOR-US: Oracle +CVE-2017-10359 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) + NOT-FOR-US: Oracle +CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) + NOT-FOR-US: Oracle +CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10354 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10353 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10352 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + NOT-FOR-US: Oracle +CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 +CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE (sub ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10344 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10343 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10342 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10341 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10340 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10339 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10338 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10337 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10336 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10335 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...) + NOT-FOR-US: Oracle +CVE-2017-10334 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10333 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle +CVE-2017-10332 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10331 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10330 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-10329 (Vulnerability in the Oracle Global Order Promising component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-10328 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10327 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10326 (Vulnerability in the Oracle Common Applications Calendar component of ...) + NOT-FOR-US: Oracle +CVE-2017-10325 (Vulnerability in the Oracle Common Applications Calendar component of ...) + NOT-FOR-US: Oracle +CVE-2017-10324 (Vulnerability in the Oracle Applications Technology Stack component of ...) + NOT-FOR-US: Oracle +CVE-2017-10323 (Vulnerability in the Oracle Web Applications Desktop Integrator compon ...) + NOT-FOR-US: Oracle +CVE-2017-10322 (Vulnerability in the Oracle Common Applications Calendar component of ...) + NOT-FOR-US: Oracle +CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mariadb-10.2 (bug #884065) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10319 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10318 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10317 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10316 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10315 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle +CVE-2017-10314 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10312 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...) + NOT-FOR-US: Oracle +CVE-2017-10311 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10310 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...) + NOT-FOR-US: Oracle +CVE-2017-10309 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-9 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2017-10308 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10307 + RESERVED +CVE-2017-10306 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...) + NOT-FOR-US: Oracle +CVE-2017-10305 + RESERVED +CVE-2017-10304 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle Peo ...) + NOT-FOR-US: Oracle +CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence component ...) + NOT-FOR-US: Oracle +CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle +CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...) + NOT-FOR-US: Oracle +CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10298 + RESERVED +CVE-2017-10297 + RESERVED +CVE-2017-10296 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10294 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (Seems to be specific to Oracle Java) + - openjdk-7 (Seems to be specific to Oracle Java) + - openjdk-6 (Seems to be specific to Oracle Java) +CVE-2017-10292 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2017-10291 + RESERVED +CVE-2017-10290 + RESERVED +CVE-2017-10289 + RESERVED +CVE-2017-10288 + RESERVED +CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10284 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + NOT-FOR-US: Oracle +CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10280 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10279 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) + NOT-FOR-US: Oracle +CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + - mysql-connector-net (bug #883923) + [stretch] - mysql-connector-net (Minor issue) + [jessie] - mysql-connector-net (Minor issue) + [wheezy] - mysql-connector-net (Minor issue) +CVE-2017-10276 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-4048-1 DSA-4015-1 DLA-1187-1} + - openjdk-9 9.0.1+11-1 + - openjdk-8 8u151-b12-1 + [experimental] - openjdk-7 7u151-2.6.11-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) + NOT-FOR-US: Oracle +CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) + NOT-FOR-US: Oracle +CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-4341-1 DSA-4002-1 DLA-1407-1 DLA-1141-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.29-1 + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (bug #878402) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) + NOT-FOR-US: Oracle +CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middlewa ...) + NOT-FOR-US: Oracle +CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) + NOT-FOR-US: Oracle +CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle +CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle +CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...) + NOT-FOR-US: Oracle +CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) + NOT-FOR-US: Oracle +CVE-2017-10259 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10256 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10255 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10254 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10253 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10252 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10251 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10250 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10249 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10248 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10247 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10246 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10245 (Vulnerability in the Oracle General Ledger component of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10242 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10241 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10240 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10239 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10238 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10237 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10236 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10235 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10234 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...) + NOT-FOR-US: Oracle +CVE-2017-10233 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10232 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) + NOT-FOR-US: Oracle +CVE-2017-10231 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component o ...) + NOT-FOR-US: Oracle +CVE-2017-10230 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...) + NOT-FOR-US: Oracle +CVE-2017-10229 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) + NOT-FOR-US: Oracle +CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property Mana ...) + NOT-FOR-US: Oracle +CVE-2017-10227 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10226 (Vulnerability in the Oracle Hospitality Cruise Fleet Management compon ...) + NOT-FOR-US: Oracle +CVE-2017-10225 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10224 (Vulnerability in the Oracle Hospitality Inventory Management component ...) + NOT-FOR-US: Oracle +CVE-2017-10223 (Vulnerability in the Oracle Hospitality Materials Control component of ...) + NOT-FOR-US: Oracle +CVE-2017-10222 (Vulnerability in the Oracle Hospitality Materials Control component of ...) + NOT-FOR-US: Oracle +CVE-2017-10221 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10220 (Vulnerability in the Hospitality Property Interfaces component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10219 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10218 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10217 (Vulnerability in the Oracle Hospitality Guest Access component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10216 (Vulnerability in the Hospitality Property Interfaces component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10215 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: PeopleSoft +CVE-2017-10214 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) + NOT-FOR-US: Oracle +CVE-2017-10213 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) + NOT-FOR-US: Oracle +CVE-2017-10212 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) + NOT-FOR-US: Oracle +CVE-2017-10211 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) + NOT-FOR-US: Oracle +CVE-2017-10210 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10209 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10208 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) + NOT-FOR-US: Oracle +CVE-2017-10207 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10206 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10205 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10204 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10203 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + - mysql-connector-net (bug #883923) + [stretch] - mysql-connector-net (Minor issue) + [jessie] - mysql-connector-net (Minor issue) + [wheezy] - mysql-connector-net (Minor issue) +CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) + NOT-FOR-US: Oracle +CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) + NOT-FOR-US: Oracle +CVE-2017-10200 (Vulnerability in the Oracle Hospitality e7 component of Oracle Hospita ...) + NOT-FOR-US: Oracle +CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning (s ...) + NOT-FOR-US: Oracle +CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10197 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10194 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) compo ...) + NOT-FOR-US: Oracle +CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10192 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2017-10190 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + NOT-FOR-US: Oracle +CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle Hospitalit ...) + NOT-FOR-US: Oracle +CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) + NOT-FOR-US: Oracle +CVE-2017-10187 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10186 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10185 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10184 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2017-10183 (Vulnerability in the Oracle Retail Xstore Point of Service component o ...) + NOT-FOR-US: Oracle +CVE-2017-10182 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-10181 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-10180 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10179 (Vulnerability in the Application Management Pack for Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2017-10178 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 +CVE-2017-10175 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-10174 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-10173 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) + NOT-FOR-US: Oracle +CVE-2017-10172 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) + NOT-FOR-US: Oracle +CVE-2017-10171 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-10170 (Vulnerability in the Oracle Field Service component of Oracle E-Busine ...) + NOT-FOR-US: Oracle +CVE-2017-10169 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...) + NOT-FOR-US: Oracle +CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) + NOT-FOR-US: Oracle +CVE-2017-10167 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10166 (Vulnerability in the Oracle Security Service component of Oracle Fusio ...) + NOT-FOR-US: Oracle +CVE-2017-10165 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10164 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-10163 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) + NOT-FOR-US: Oracle +CVE-2017-10162 (Vulnerability in the Siebel Core - Server Framework component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-10161 (Vulnerability in the Oracle Engineering Data Management component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Primavera +CVE-2017-10159 (Vulnerability in the Oracle Communications Policy Management component ...) + NOT-FOR-US: Oracle +CVE-2017-10158 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10155 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #878398) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) + NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL +CVE-2017-10154 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10153 (Vulnerability in the Oracle Communications WebRTC Session Controller c ...) + NOT-FOR-US: Oracle +CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...) + NOT-FOR-US: Oracle +CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) + NOT-FOR-US: Primavera +CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) + NOT-FOR-US: Primavera +CVE-2017-10148 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10147 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10146 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10145 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Oracle +CVE-2017-10144 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-10143 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10142 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3 ...) + {DLA-1137-1 DLA-1136-1 DLA-1135-1} + - db5.3 5.3.28-13.1 (bug #872436) + [stretch] - db5.3 5.3.28-12+deb9u1 + [jessie] - db5.3 5.3.28-9+deb8u1 + - db5.2 + - db5.1 + - db4.8 + - db4.7 + - db4.6 + - db4.5 + - db4.4 + - db4.3 + - db4.2 + - db4.1 + - db4.0 + - db + [jessie] - db 5.1.29-9+deb8u1 + NOTE: https://www.openwall.com/lists/oss-security/2017/08/12/1 + NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch + NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9 +CVE-2017-10139 + RESERVED +CVE-2017-10138 + RESERVED +CVE-2017-10137 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle H ...) + NOT-FOR-US: Oracle +CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 + NOTE: OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27 +CVE-2017-10134 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-10133 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) + NOT-FOR-US: Oracle +CVE-2017-10132 (Vulnerability in the Hospitality Hotel Mobile component of Oracle Hosp ...) + NOT-FOR-US: Oracle +CVE-2017-10131 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-10130 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10129 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.24-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-10128 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) + NOT-FOR-US: Oracle +CVE-2017-10127 + RESERVED +CVE-2017-10126 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10125 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2017-10124 + RESERVED +CVE-2017-10123 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10122 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10121 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10120 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...) + NOT-FOR-US: Oracle +CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 +CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-4005-1} + - openjfx 8u141-b14-1 (low; bug #870860) +CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-10111 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3919-1} + - openjdk-8 8u141-b15-1 +CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10106 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10105 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2017-10104 (Vulnerability in the Java Advanced Management Console component of Ora ...) + NOT-FOR-US: Java Advanced Management Console +CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10099 (Vulnerability in the SPARC M7, T7, S7 based Servers component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10095 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10094 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10093 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10092 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...) + NOT-FOR-US: Oracle +CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 +CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-4005-1} + - openjfx 8u141-b14-1 (low; bug #870860) +CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10083 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10080 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10079 (Vulnerability in the Oracle Hospitality Suites Management component of ...) + NOT-FOR-US: Oracle +CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-3919-1} + - openjdk-8 8u141-b15-1 +CVE-2017-10077 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue M ...) + NOT-FOR-US: Oracle +CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) + NOT-FOR-US: Oracle +CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10073 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10072 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10071 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle Hosp ...) + NOT-FOR-US: Oracle +CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) + NOT-FOR-US: Oracle +CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10066 (Vulnerability in the Oracle Applications Technology Stack component of ...) + NOT-FOR-US: Oracle +CVE-2017-10065 (Vulnerability in the Oracle Retail Point-of-Service component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...) + NOT-FOR-US: Oracle +CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10062 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10060 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) + NOT-FOR-US: Oracle +CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition c ...) + NOT-FOR-US: Oracle +CVE-2017-10057 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub compon ...) + NOT-FOR-US: Oracle +CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle Hospi ...) + NOT-FOR-US: Oracle +CVE-2017-10055 (Vulnerability in the Oracle iPlanet Web Server component of Oracle Fus ...) + NOT-FOR-US: Oracle +CVE-2017-10054 (Vulnerability in the Oracle Hospitality Cruise Materials Management co ...) + NOT-FOR-US: Oracle +CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3954-1 DSA-3919-1 DLA-1073-1} + - openjdk-8 8u141-b15-1 + [experimental] - openjdk-7 7u151-2.6.11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10051 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-10050 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hos ...) + NOT-FOR-US: Oracle +CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM (s ...) + NOT-FOR-US: Oracle +CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-10047 (Vulnerability in the MICROS BellaVita component of Oracle Hospitality ...) + NOT-FOR-US: Oracle +CVE-2017-10046 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-10045 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10044 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-10043 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10042 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10041 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10040 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) + NOT-FOR-US: Oracle +CVE-2017-10039 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...) + NOT-FOR-US: Oracle +CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-10037 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10034 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion Mi ...) + NOT-FOR-US: Oracle +CVE-2017-10033 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of Ora ...) + NOT-FOR-US: Oracle +CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10030 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10029 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10028 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10026 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middl ...) + NOT-FOR-US: Oracle +CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion Middlewar ...) + NOT-FOR-US: Oracle +CVE-2017-10023 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10022 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10021 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10020 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10019 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10018 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-10017 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10016 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-10014 (Vulnerability in the Oracle Hospitality Hotel Mobile component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Oracle +CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10011 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10010 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10009 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10008 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10007 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10006 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10005 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-10004 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10003 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle +CVE-2017-10002 (Vulnerability in the Oracle Hospitality Inventory Management component ...) + NOT-FOR-US: Oracle +CVE-2017-10001 (Vulnerability in the Oracle Hospitality Simphony First Edition compone ...) + NOT-FOR-US: Oracle +CVE-2017-10000 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) + NOT-FOR-US: Oracle +CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service (he ...) + - jasper + [jessie] - jasper (Minor issue) + [wheezy] - jasper (Minor issue) + NOTE: https://github.com/mdadams/jasper/issues/140 +CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...) + [experimental] - check-mk 1.4.0p9-1 + - check-mk (bug #865497) + [wheezy] - check-mk (Minor issue) + NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=4757 + NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1 +CVE-2017-9779 (OCaml compiler allows attackers to have unspecified impact via unknown ...) + - ocaml 4.05.0-9 (bug #874700) + [stretch] - ocaml (Minor issue) + [jessie] - ocaml (Minor issue) + [wheezy] - ocaml (Minor issue) + NOTE: https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html + NOTE: https://caml.inria.fr/mantis/view.php?id=7557 + NOTE: Make sure any potential advisories are clear that any created suid + NOTE: binaries using ocaml must be re-created once ocaml has been updated. +CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, a ...) + {DLA-1014-1 DLA-1003-1} + - unrar-nonfree 1:5.5.5-1 (bug #865461) + [stretch] - unrar-nonfree 1:5.3.2-1+deb9u1 + [jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1 + - libclamunrar 0.99-4 (bug #867223) + [stretch] - libclamunrar 0.99-3+deb9u1 + [jessie] - libclamunrar 0.99-0+deb8u3 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/9 + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd +CVE-2017-9778 (GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length f ...) + - gdb 8.3.1-1 (unimportant; bug #865607) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21600 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=723adb650a31859d7cc45832cb8adca0206455ed +CVE-2017-9777 + RESERVED +CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...) + {DSA-4079-2 DSA-4079-1 DLA-1074-1} + - poppler 0.57.0-2 (bug #865679) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/55db66c69fd56826b8523710046deab1a8d14ba2 + NOTE: https://gitlab.freedesktop.org/poppler/poppler/commit/22c4701d5f7be0010ee4519daa546fba5ab7ac13 +CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0 ...) + {DSA-4079-1 DLA-1074-1} + - poppler 0.57.0-2 (bug #865680) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540 + NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 +CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...) + {DSA-4276-1 DLA-1395-1} + - php-horde-image 2.5.1-1 (bug #865505) + NOTE: https://lists.horde.org/archives/announce/2017/001234.html + NOTE: https://github.com/horde/horde/commit/01a11ccd37149101d67e0b20261fa48ab07dae13 + NOTE: Regression in upstream patch, fixing in https://github.com/horde/Image/pull/1 +CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a craf ...) + {DSA-4276-1} + - php-horde-image 2.5.1-1 (bug #865504) + [jessie] - php-horde-image (Only Horde_Image above 2.3.0 affected) + NOTE: https://lists.horde.org/archives/announce/2017/001234.html + NOTE: https://github.com/horde/horde/commit/2b8a6fe1a5fc0fc662178145f853c65956985538 +CVE-2017-9772 (Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4. ...) + - ocaml (Only affects 4.04.0 and 4.04.1) + NOTE: https://caml.inria.fr/mantis/view.php?id=7557 +CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ex ...) + NOT-FOR-US: WebsiteBaker +CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...) + NOT-FOR-US: Razer Synapse +CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in Raz ...) + NOT-FOR-US: Razer Synapse +CVE-2017-9768 + RESERVED +CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShel ...) + NOT-FOR-US: Quali CloudShell +CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allow ...) + {DLA-1634-1} + - wireshark 2.4.0-1 (low; bug #870175) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000 +CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and 2 ...) + {DLA-1036-1} + - gsoap 2.8.48-1 + [stretch] - gsoap 2.8.35-4+deb9u1 + [jessie] - gsoap 2.8.17-1+deb8u1 + - r-other-x4r 1.0.1+git20150806.c6bd9bd-2 + NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions + NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017) + NOTE: SuSE patch: https://bugzilla.suse.com/attachment.cgi?id=733005 +CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remo ...) + NOT-FOR-US: MetInfo +CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ma ...) + {DSA-3895-1} + - flatpak 0.8.7-1 (bug #865413) + NOTE: https://github.com/flatpak/flatpak/issues/845 +CVE-2017-10923 (Xen through 4.8.x does not validate a vCPU array index upon the sendin ...) + - xen 4.8.1-1+deb9u3 + [stretch] - xen 4.8.1-1+deb9u3 + [jessie] - xen (Vulnerable code not present) + [wheezy] - xen (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-225.html +CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region gr ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-224.html +CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficien ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-224.html +CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_devic ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-224.html +CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...) + - xen 4.8.1-1+deb9u3 + [stretch] - xen 4.8.1-1+deb9u3 + [jessie] - xen (No backport available, limited to arm) + [wheezy] - xen (arm not supported) + NOTE: https://xenbits.xen.org/xsa/advisory-223.html +CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-222.html +CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event c ...) + {DSA-3969-1} + - xen 4.8.1-1+deb9u3 + [wheezy] - xen (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-221.html +CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...) + - xen 4.8.1-1+deb9u3 + [stretch] - xen 4.8.1-1+deb9u3 + [jessie] - xen (Vulnerable code not present) + [wheezy] - xen (Vulnerable code not present) + NOTE: https://xenbits.xen.org/xsa/advisory-220.html +CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page referen ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-219.html +CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition lead ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-218.html +CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping in ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-218.html +CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS user ...) + {DSA-3969-1 DLA-1132-1} + - xen 4.8.1-1+deb9u3 + NOTE: https://xenbits.xen.org/xsa/advisory-217.html +CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in t ...) + {DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1497-1 DLA-1099-1} + - linux 4.11.11-1 + - qemu 1:2.8+dfsg-7 (bug #869706) + [wheezy] - qemu (Wheezy's xen uses an embedded qemu copy) + - qemu-kvm + [wheezy] - qemu-kvm (Wheezy's xen uses an embedded qemu copy) + NOTE: https://xenbits.xen.org/xsa/advisory-216.html +CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for pars ...) + {DLA-998-1} + - c-ares 1.12.0-4 (bug #865360) + [stretch] - c-ares 1.12.0-1+deb9u1 + [jessie] - c-ares 1.10.0-2+deb8u2 + NOTE: https://c-ares.haxx.se/adv_20170620.html + NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch +CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013 ...) + - grub2 2.02~beta2-8 (unimportant) + - radare2 1.6.0+dfsg-1 (bug #869423) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd + NOTE: https://github.com/radare/radare2/issues/7723 + NOTE: Not a security issue for Grub +CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...) + - radare2 1.6.0+dfsg-1 (low; bug #869426) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/issues/7726 + NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 +CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remot ...) + - radare2 1.6.0+dfsg-1 (low; bug #869428) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c + NOTE: https://github.com/radare/radare2/issues/7727 +CVE-2017-9760 + RESERVED +CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the fi ...) + NOT-FOR-US: Zenbership +CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ce ...) + NOT-FOR-US: Savitech driver packages for Windows +CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi vi ...) + NOT-FOR-US: IPFire +CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack re ...) + NOT-FOR-US: NetBSD +CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that ...) + NOT-FOR-US: NetBSD +CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an atta ...) + NOT-FOR-US: OpenBSD +CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...) + NOT-FOR-US: OpenBSD +CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...) + {DSA-3886-1 DLA-993-1} + - linux 4.11.6-1 + [stretch] - linux 4.9.30-2+deb9u1 + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and envir ...) + {DSA-3945-1 DSA-3927-1 DLA-1099-1} + - linux 4.11.11-1 + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c +CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted LD_LIBRAR ...) + {DSA-3887-1 DLA-992-1} + - glibc 2.24-12 + - eglibc + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000369 (Exim supports the use of multiple "-p" command line arguments which ar ...) + {DSA-3888-1 DLA-1001-1} + - exim4 4.89-3 + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a vulnerabil ...) + {DSA-3981-1} + - linux 4.11.11-1 + [wheezy] - linux (Memory layout is different) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a vulnerabil ...) + {DSA-3981-1} + - linux 4.11.11-1 + [wheezy] - linux (Memory layout is different) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily ...) + {DSA-3889-1 DLA-997-1} + - libffi 3.2.1-4 + NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d + NOTE: and additionally cf. #751907 for the configure flag. + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...) + NOT-FOR-US: GRSecurity/PAX Linux specific assignment +CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21595 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 +CVE-2017-9755 (opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number o ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21594 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d96e4df4812c3bad77c229dfef47a9bc115ac12 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8cac017d35ef374e65acc98818a17cf8a652cbd0 +CVE-2017-9754 (The process_otr function in bfd/versados.c in the Binary File Descript ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac +CVE-2017-9753 (The versados_mkobject function in bfd/versados.c in the Binary File De ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac +CVE-2017-9752 (bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbf ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21589 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c53d2e6d744da000aaafe0237bced090aab62818 +CVE-2017-9751 (opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21588 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63323b5b23bd83fa7b04ea00dff593c933e9b0e3 +CVE-2017-9750 (opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for cer ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21587 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db5fa770268baf8cc82cf9b141d69799fd485fe2 +CVE-2017-9749 (The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow rem ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21586 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c7881b814c546efc3996fd1decdf0877f7a779 +CVE-2017-9748 (The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21582 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63634bb4a107877dd08b6282e28e11cfd1a1649e +CVE-2017-9747 (The ieee_archive_p function in bfd/ieee.c in the Binary File Descripto ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21581 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=62b76e4b6e0b4cb5b3e0053d1de4097b32577049 +CVE-2017-9746 (The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allow ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21580 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ae87f7e73eba29bd38b3a9684a10b948ed715612 +CVE-2017-9745 (The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21579 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=76800cba595efc3fe95a446c2d664e42ae4ee869 +CVE-2017-9744 (The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binar ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21578 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f461bbd847f15657f3dd2f317c30c75a7520da1f +CVE-2017-9743 (The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Bin ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21577 +CVE-2017-9742 (The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.2 ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21576 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e +CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...) + NOT-FOR-US: ProjectSend +CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghos ...) + - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: The Debian binary package is not affected xps/ not used + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626 +CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript GhostX ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869910) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1) +CVE-2017-9738 + RESERVED +CVE-2017-9737 + RESERVED +CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...) + {DSA-3890-1} + - spip 3.1.4-3 (bug #864921) + [jessie] - spip (Vulnerable code not present) + [wheezy] - spip (Vulnerable code not present) + NOTE: https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta + NOTE: https://core.spip.net/projects/spip/repository/revisions/23593 + NOTE: https://core.spip.net/projects/spip/repository/revisions/23594 +CVE-2017-9734 + RESERVED +CVE-2017-9733 + RESERVED +CVE-2017-9732 (The read_packet function in knc (Kerberised NetCat) before 1.11-1 is v ...) + NOT-FOR-US: knc (Kerberised NetCat) +CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for Yo ...) + NOT-FOR-US: Poky for Yocto Project +CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and ...) + NOT-FOR-US: nuevoMailer +CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...) + - uclibc (unimportant) + NOTE: http://openwall.com/lists/oss-security/2017/06/16/4 +CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp f ...) + - uclibc (unimportant) + NOTE: http://openwall.com/lists/oss-security/2017/06/16/4 +CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscrip ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869913) + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1) +CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869915) + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1) +CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in util/security/Pass ...) + {DLA-2661-1 DLA-1021-1 DLA-1020-1} + - jetty9 9.2.22-1 (bug #864898) + - jetty8 + [jessie] - jetty8 (Minor issue) + - jetty + [jessie] - jetty (Minor issue) + NOTE: https://github.com/eclipse/jetty.project/issues/1556 + NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02 + NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58 + NOTE: https://github.com/eclipse/jetty.project/commit/2baa1abe4b1c380a30deacca1ed367466a1a62ea +CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the Linu ...) + - linux 4.3.1-1 + NOTE: Fixed by: https://git.kernel.org/linus/67a2e213e7e937c41c52ab5bc46bf3f4de469f6e (4.3-rc7) +CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS fo ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android boot loader (aboot) +CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: qbt1000 driver in Android +CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9713 + RESERVED +CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9711 + RESERVED +CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9707 + RESERVED +CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9704 (In all android releases(Android for MSM, Firefox OS for MSM, QRD Andro ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9699 + RESERVED +CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9695 + RESERVED +CVE-2017-9694 (While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in __wlan_hdd_cha ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL outpu ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9688 + REJECTED +CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9681 (In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9677 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9676 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows a ...) + NOT-FOR-US: D-Link DIR-605L devices +CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ind ...) + NOT-FOR-US: SimpleCE +CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an adm ...) + NOT-FOR-US: SimpleCE +CVE-2017-9672 + RESERVED +CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...) + NOT-FOR-US: apk (Alpine's package manager) +CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...) + - gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901) + [stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1 + [jessie] - gnuplot (Vulnerable code introduced later) + [wheezy] - gnuplot (Vulnerable code introduced later) + - gnuplot5 (unimportant; bug #864903) + [jessie] - gnuplot5 (Vulnerable code introduced later) + NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/ + NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1044638#c5 + NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e + NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6 + NOTE: Crash in a CLI tool, no security impact +CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a remot ...) + NOT-FOR-US: apk (Alpine's package manager) +CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user gro ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-9667 + RESERVED +CVE-2017-9666 + RESERVED +CVE-2017-9665 + RESERVED +CVE-2017-9664 (In ABB SREA-01 revisions A, B, C: application versions up to 3.31.5, a ...) + NOT-FOR-US: ABB +CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...) + NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client +CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...) + NOT-FOR-US: Fuji Electric Monitouch V-SFT +CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...) + NOT-FOR-US: SIMPlight SCADA Software +CVE-2017-9660 (A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch ...) + NOT-FOR-US: Fuji Electric Monitouch V-SFT +CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji Electric Mo ...) + NOT-FOR-US: Fuji Electric Monitouch V-SFT +CVE-2017-9658 (Certain 802.11 network management messages have been determined to inv ...) + NOT-FOR-US: Philips IntelliVue MX40 +CVE-2017-9657 (Under specific 802.11 network conditions, a partial re-association of ...) + NOT-FOR-US: Philips IntelliVue MX40 +CVE-2017-9656 (The backend database of the Philips DoseWise Portal application versio ...) + NOT-FOR-US: Philips DoseWise Portal +CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator f ...) + NOT-FOR-US: OSIsoft +CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 a ...) + NOT-FOR-US: Philips DoseWise Portal +CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI Integrato ...) + NOT-FOR-US: OSIsoft +CVE-2017-9652 + RESERVED +CVE-2017-9651 + RESERVED +CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovere ...) + NOT-FOR-US: Automated Logic Corporation (ALC) +CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion T ...) + NOT-FOR-US: Mirion +CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...) + NOT-FOR-US: Solar Controls WATTConfig M Software +CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...) + NOT-FOR-US: Continental AG Infineon S-Gold +CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar Cont ...) + NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader) +CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in Mirion Techn ...) + NOT-FOR-US: Mirion +CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated L ...) + NOT-FOR-US: Automated Logic Corporation (ALC) +CVE-2017-9643 + RESERVED +CVE-2017-9642 + RESERVED +CVE-2017-9641 (PI Coresight 2016 R2 contains a cross-site request forgery vulnerabili ...) + NOT-FOR-US: PI Coresight +CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ( ...) + NOT-FOR-US: Automated Logic Corporation (ALC) +CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...) + NOT-FOR-US: Fuji Electric V-Server +CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sectio ...) + NOT-FOR-US: Mitsubishi E-Designer +CVE-2017-9637 (Schneider Electric Ampla MES 6.4 provides capability to interact with ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five code secti ...) + NOT-FOR-US: Mitsubishi E-Designer +CVE-2017-9635 (Schneider Electric Ampla MES 6.4 provides capability to configure user ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sectio ...) + NOT-FOR-US: Mitsubishi E-Designer +CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory Bu ...) + NOT-FOR-US: Continental AG Infineon S-Gold 2 +CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ Man ...) + NOT-FOR-US: PDQ Manufacturing LaserWash +CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing L ...) + NOT-FOR-US: PDQ Manufacturing LaserWash +CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider Electr ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Controls ...) + NOT-FOR-US: Saia Burgess Controls +CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...) + NOT-FOR-US: Schneider Electric +CVE-2017-9626 (Systems using the Marel Food Processing Systems Pluto platform do not ...) + NOT-FOR-US: Marel Food Processing Systems Pluto platform +CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS Ul ...) + NOT-FOR-US: Envitech EnviDAS Ultimate +CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) + NOT-FOR-US: Telaxus/EPESI +CVE-2017-9623 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) + NOT-FOR-US: Telaxus/EPESI +CVE-2017-9622 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1 ...) + NOT-FOR-US: Telaxus/EPESI +CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administ ...) + NOT-FOR-US: Telaxus/EPESI +CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghos ...) + - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: The Debian binary package is not affected xps/ not used + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9 +CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex G ...) + - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: The Debian binary package is not affected xps/ not used + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323 +CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) + - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: The Debian binary package is not affected xps/ not used + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb +CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...) + - wireshark 2.4.0-1 (low; bug #870174) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=82fc557bed30b1aa69ca43a4291b64a9ce54c78a +CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...) + - wireshark 2.4.0-1 (low; bug #870173) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=620f69a74b18908e3424920c7bb01cb5e4cbd8b1 +CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier all ...) + NOT-FOR-US: Cognito Software Moneyworks +CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 al ...) + NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage + NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167 +CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...) + NOT-FOR-US: SAP SuccessFactors +CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869916) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1) +CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript GhostX ...) + {DSA-3986-1 DLA-1048-1} + [experimental] - ghostscript 9.22~~rc1~dfsg-1 + - ghostscript 9.22~dfsg-1 (bug #869917) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1) +CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscrip ...) + - ghostscript 9.22~dfsg-1 (unimportant; bug #869879) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: The Debian binary package is not affected xps/ not used + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06 +CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows re ...) + NOT-FOR-US: Blackcat CMS +CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allow ...) + {DSA-3957-1} + - ffmpeg 7:3.3.3-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/08/14/1 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd + NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89 +CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...) + NOT-FOR-US: ARM Trusted Firmware +CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local ...) + NOT-FOR-US: Infotecs ViPNet Client and Coordinator +CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...) + - kdepim 4:16.04.3-4 (bug #864804) + [stretch] - kdepim 4:16.04.3-4~deb9u1 + [jessie] - kdepim 4:4.14.1-1+deb8u1 + [wheezy] - kdepim (sendlater issue is not present in kdepim-4.4.11.1+l10n) + - kf5-messagelib 4:16.04.3-3 (bug #864803) + [stretch] - kf5-messagelib 4:16.04.3-3~deb9u1 + NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 + NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197 + NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt +CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the conte ...) + - linux 4.11.6-1 + [stretch] - linux 4.9.30-2+deb9u1 + [jessie] - linux 3.16.43-2+deb8u1 + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt +CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an attac ...) + NOT-FOR-US: NetBSD +CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW ...) + {DSA-3945-1 DSA-3927-1} + - linux 4.11.6-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/13/2 + NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5) +CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordP ...) + NOT-FOR-US: WP Jobs plugin for WordPress +CVE-2017-9602 (KBVault Mysql Free Knowledge Base application package 0.16a comes with ...) + NOT-FOR-US: KBVault Mysql Free Knowledge Base application +CVE-2017-9601 (The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 ...) + NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app +CVE-2017-9600 (The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples ...) + NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app +CVE-2017-9599 (The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app befo ...) + NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app +CVE-2017-9598 (The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3. ...) + NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app +CVE-2017-9597 (The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank ...) + NOT-FOR-US: "Blue Ridge Bank and Trust Co. Mobile Banking" app +CVE-2017-9596 (The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- ...) + NOT-FOR-US: "CFB Mobile Banking" by Citizens First Bank Wisconsin app +CVE-2017-9595 (The "First State Bank of Bigfork Mobile Banking" by First State Bank o ...) + NOT-FOR-US: "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app +CVE-2017-9594 (The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka s ...) + NOT-FOR-US: "SVB Mobile" by Sauk Valley Bank Mobile Banking app +CVE-2017-9593 (The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina- ...) + NOT-FOR-US: "Oculina Mobile Banking" by Oculina Bank app +CVE-2017-9592 (The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy F ...) + NOT-FOR-US: "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app +CVE-2017-9591 (The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id4 ...) + NOT-FOR-US: "PCB Mobile" by Phelps County Bank app +CVE-2017-9590 (The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo ...) + NOT-FOR-US: "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app +CVE-2017-9589 (The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank a ...) + NOT-FOR-US: "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app +CVE-2017-9588 (The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani- ...) + NOT-FOR-US: "Oritani Mobile Banking" by Oritani Bank app +CVE-2017-9587 (The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/ ...) + NOT-FOR-US: "PCSB BANK Mobile" by PCSB Bank app +CVE-2017-9586 (The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 - ...) + NOT-FOR-US: "FSBY Mobile Banking" by First State Bank of Yoakum TX app +CVE-2017-9585 (The "Community State Bank - Lamar Mobile Banking" by Community State B ...) + NOT-FOR-US: "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app +CVE-2017-9584 (The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka h ...) + NOT-FOR-US: "HBO Mobile Banking" by Heritage Bank of Ozarks app +CVE-2017-9583 (The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka ...) + NOT-FOR-US: "Charlevoix State Bank" by Charlevoix State Bank app +CVE-2017-9582 (The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-m ...) + NOT-FOR-US: "BNB Mobile Banking" by Brady National Bank app +CVE-2017-9581 (The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app ...) + NOT-FOR-US: "Algonquin State Bank Mobile Banking" by Algonquin State Bank app +CVE-2017-9580 (The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST ap ...) + NOT-FOR-US: "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app +CVE-2017-9579 (The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- ak ...) + NOT-FOR-US: "JMCU Mobile Banking" by Joplin Metro Credit Union app +CVE-2017-9578 (The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/ ...) + NOT-FOR-US: "RVCB Mobile" by RVCB Mobile Banking app +CVE-2017-9577 (The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) a ...) + NOT-FOR-US: "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app +CVE-2017-9576 (The "Middleton Community Bank Mobile Banking" by Middleton Community B ...) + NOT-FOR-US: "Middleton Community Bank Mobile Banking" by Middleton Community Bank app +CVE-2017-9575 (The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1. ...) + NOT-FOR-US: "FVB Mobile Banking" by First Volunteer Bank of Tennessee app +CVE-2017-9574 (The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app ...) + NOT-FOR-US: "KC Area Credit Union Mobile Banking" by K C Area Credit Union app +CVE-2017-9573 (The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app ...) + NOT-FOR-US: North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app +CVE-2017-9572 (The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS doe ...) + NOT-FOR-US: athens-state-bank-mobile-banking/id719748589 app +CVE-2017-9571 (The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3. ...) + NOT-FOR-US: Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app +CVE-2017-9570 (The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for i ...) + NOT-FOR-US: mount-vernon-bank-trust-mobile-banking/id542706679 app +CVE-2017-9569 (The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS do ...) + NOT-FOR-US: Citizens Bank (TX) cbtx-on-the-go/id892396102 app +CVE-2017-9568 (The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does n ...) + NOT-FOR-US: financial-plus-mobile-banking/id731070564 app +CVE-2017-9567 (The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not ver ...) + NOT-FOR-US: avb-bank-mobile-banking/id592565443 app +CVE-2017-9566 (The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not ...) + NOT-FOR-US: fsb-dequeen-mobile-banking/id1091025340 app +CVE-2017-9565 (The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iO ...) + NOT-FOR-US: first-security-bank-sleepy-eye-mobile/id870531890 app +CVE-2017-9564 (The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verif ...) + NOT-FOR-US: community-banks-cb2go/id445828071 app +CVE-2017-9563 (The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS d ...) + NOT-FOR-US: First Citizens Community Bank fccb/id809930960 app +CVE-2017-9562 (The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 ...) + NOT-FOR-US: Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app +CVE-2017-9561 (The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does n ...) + NOT-FOR-US: Lee Bank & Trust lbtc-mobile/id1068984753 app +CVE-2017-9560 (The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not ...) + NOT-FOR-US: cayuga-lake-national-bank/id1151601539 app +CVE-2017-9559 (The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not v ...) + NOT-FOR-US: MEA Financial vision-bank/id420406345 app +CVE-2017-9558 (The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS ...) + NOT-FOR-US: wawa-employees-credit-union-mobile/id1158082793 app +CVE-2017-9557 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...) + NOT-FOR-US: EFS Software Easy Chat Server +CVE-2017-9556 (Cross-site scripting (XSS) vulnerability in Video Metadata Editor in S ...) + NOT-FOR-US: Synology Video Station +CVE-2017-9555 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ( ...) + NOT-FOR-US: Synology DiskStation Manager +CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 thr ...) + NOT-FOR-US: Synology Photo Station +CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...) + {DSA-3966-1 DLA-1421-1} + - ruby2.3 2.3.3-1+deb9u1 (bug #864860) + - ruby2.1 + - ruby1.9.1 + [wheezy] - ruby1.9.1 (Minor issue, Net::SMTP users should validate data they send too) + - ruby1.8 + [wheezy] - ruby1.8 (Minor issue, Net::SMTP users should validate data they send too) + NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee + NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215 +CVE-2017-9551 (Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before ...) + - mahara +CVE-2017-9550 + RESERVED +CVE-2017-9549 + RESERVED +CVE-2017-9548 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9547 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) v ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9546 (admin.php in BigTree through 4.2.18 allows remote authenticated users ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9545 (The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ...) + - mpg123 1.25.4-1 (low; bug #870799) + [stretch] - mpg123 (Minor issue) + [jessie] - mpg123 (Minor issue) + [wheezy] - mpg123 (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Jul/65 +CVE-2017-9544 (There is a remote stack-based buffer overflow (SEH) in register.ghp in ...) + NOT-FOR-US: EFS Software Easy Chat Server +CVE-2017-9543 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allo ...) + NOT-FOR-US: EFS Software Easy Chat Server +CVE-2017-9542 (D-Link DIR-615 Wireless N 300 Router allows authentication bypass via ...) + NOT-FOR-US: D-Link +CVE-2017-9541 + RESERVED +CVE-2017-9540 + RESERVED +CVE-2017-9539 + RESERVED +CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds Network Pe ...) + NOT-FOR-US: SolarWinds Network Performance Monitor +CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function of Sola ...) + NOT-FOR-US: SolarWinds Network Performance Monitor +CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9534 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9533 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9532 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9531 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers t ...) + NOT-FOR-US: IrfanView +CVE-2017-9530 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...) + NOT-FOR-US: IrfanView +CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers to exe ...) + NOT-FOR-US: XnView +CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote atta ...) + NOT-FOR-US: IrfanView +CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...) + {DLA-2996-1} + [experimental] - mruby 1.2.0+20170601+git51e0e690-1 + - mruby 1.3.0-1 (low; bug #865778) + [jessie] - mruby (Minor issue) + NOTE: https://github.com/mruby/mruby/issues/3486 + NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99 +CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session ke ...) + {DSA-3880-1} + - libgcrypt20 1.7.6-2 + - libgcrypt11 (Curve Ed25519 signing and verification introduced in 1.6.0) + NOTE: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b + NOTE: 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56 + NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6 + NOTE: and following refactorings. +CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ...) + {DSA-3925-1} + - qemu 1:2.8+dfsg-7 (bug #865755) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html +CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-1 ...) + {DLA-2801-1 DLA-1723-1} + - cron 3.0pl1-129 (bug #864466) + [wheezy] - cron (Minor issue) + - systemd-cron 1.5.17-2 (bug #993731) + [bullseye] - systemd-cron (Minor issue) + [buster] - systemd-cron (Minor issue) + [stretch] - systemd-cron (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/08/3 +CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page ...) + NOT-FOR-US: Sophos +CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the defau ...) + NOT-FOR-US: Time Warner firmware on Technicolor TC8717T devices +CVE-2017-9521 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 all ...) + - radare2 1.6.0+dfsg-1 (low; bug #864533) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005 + NOTE: https://github.com/radare/radare2/issues/7698 +CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user ...) + NOT-FOR-US: atmail +CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMT ...) + NOT-FOR-US: atmail +CVE-2017-9517 (atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and imp ...) + NOT-FOR-US: atmail +CVE-2017-9516 (Craft CMS before 2.6.2982 allows for a potential XSS attack vector by ...) + NOT-FOR-US: Craft CMS +CVE-2017-9515 + RESERVED +CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...) + NOT-FOR-US: Atlassian Bamboo +CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams bef ...) + NOT-FOR-US: Atlassian Activity Streams +CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian Fisheye and Crucible ...) + NOT-FOR-US: Atlassian +CVE-2017-9511 (The MultiPathResource class in Atlassian Fisheye and Crucible, before ...) + NOT-FOR-US: Atlassian +CVE-2017-9510 (The repository changelog resource in Atlassian Fisheye before version ...) + NOT-FOR-US: Atlassian +CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version 4 ...) + NOT-FOR-US: Atlassian +CVE-2017-9508 (Various resources in Atlassian Fisheye and Crucible before version 4.4 ...) + NOT-FOR-US: Atlassian +CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...) + NOT-FOR-US: Atlassian +CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 be ...) + NOT-FOR-US: Atlassian +CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...) + NOT-FOR-US: Atlassian Confluence +CVE-2017-9504 + REJECTED +CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host B ...) + {DLA-2288-1 DLA-1497-1} + - qemu 1:2.10.0-1 (low; bug #865754) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=87e459a810d7b1ec1638085b5a80ea3d9b43119a + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=b356807fcdfc45583c437f761fc579ab2a8eab11 + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=36c327a69d723571f02a7691631667cdb1865ee1 + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=5104fac8539eaf155fc6de93e164be43e1e62242 + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=24c0c77af515acbf0f9705e8096f33ef24d37430 + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=134550bf81a026e18cf58b81e2c2cceaf516f92e + NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=660174fc1b346803b3f1d7c260e2a36329b66435 +CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol f ...) + - curl (Windows only) +CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...) + {DSA-3914-1 DLA-1081-1 DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/491 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74 +CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the func ...) + {DSA-4019-1 DLA-1785-1 DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/500 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d + NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79 +CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the func ...) + - imagemagick (Vulnerable code introduced later, only affects ImageMagick 7.x) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/492 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44 +CVE-2017-9498 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9497 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9496 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9495 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9494 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9493 (The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2. ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9492 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9491 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9490 (The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SI ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9489 (The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9488 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9487 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9486 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9485 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9484 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9483 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9482 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9481 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9480 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9479 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9478 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9477 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9476 (The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18 ...) + NOT-FOR-US: Comcast firmware on various devices +CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to sp ...) + NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices +CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remot ...) + - libytnef 1.9.3-1 (low; bug #870192) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/40 + NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/ +CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...) + - libytnef 1.9.3-1 (low; bug #870197) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/42 + NOTE: https?//github.com/Yeraze/ytnef/commit/a341b7f1bf8a2c59ece89f2d6cdc09856d501cc0 + NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/ +CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote at ...) + - libytnef 1.9.3-1 (low; bug #870193) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/41 + NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/ +CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote att ...) + - libytnef 1.9.3-1 (low; bug #870194) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/39 + NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/ +CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote at ...) + - libytnef 1.9.3-1 (low; bug #870196) + [stretch] - libytnef (Minor issue) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/37 + NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/ +CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC f ...) + {DSA-3885-1 DLA-1088-1} + - irssi 1.0.3-1 (bug #864400) + NOTE: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65 + NOTE: https://irssi.org/security/irssi_sa_2017_06.txt +CVE-2017-9468 (In Irssi before 1.0.3, when receiving a DCC message without source nic ...) + {DSA-3885-1 DLA-1088-1} + - irssi 1.0.3-1 (bug #864400) + NOTE: https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586 + NOTE: https://irssi.org/security/irssi_sa_2017_06.txt +CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect external ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before TL-WR841N( ...) + NOT-FOR-US: TP-Link +CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...) + - yara 3.6.2+dfsg-1 (low; bug #864517) + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: https://github.com/VirusTotal/yara/issues/678 + NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661 +CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably p ...) + - piwigo +CVE-2017-9463 (The application Piwigo is affected by a SQL injection vulnerability in ...) + - piwigo +CVE-2017-9460 + RESERVED +CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web interfa ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect internal ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform capsule s ...) + NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware +CVE-2017-9456 + RESERVED +CVE-2017-9455 + RESERVED +CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded are ...) + - resiprocate 1:1.11.0~beta4-1 (unimportant) + NOTE: https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df + NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the + NOTE: system library. +CVE-2017-9453 (BMC Server Automation before 8.9.01 patch 1 allows Process Spawner com ...) + NOT-FOR-US: BMC Server Automation +CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...) + - piwigo +CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in fla ...) + NOT-FOR-US: flatCore CMS +CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ( ...) + NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package +CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2. ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9462 (In Mercurial before 4.1.3, "hg serve --stdio" allows remote authentica ...) + {DLA-1414-1 DLA-1005-1} + - mercurial 4.3.1-1 (bug #861243) + [stretch] - mercurial 4.0-1+deb9u1 + NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29 + NOTE: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 +CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of ser ...) + {DLA-1754-1} + - samba 2:4.5.6+dfsg-1 (bug #864291) + [wheezy] - samba (Minor, non reproducible issue) + NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310 + NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572 +CVE-2017-9447 (In the web interface of Parallels Remote Application Server (RAS) 15.5 ...) + NOT-FOR-US: Parallels Remote Application Server +CVE-2017-9446 + RESERVED +CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in syst ...) + - systemd 233-10 (bug #866147) + [stretch] - systemd 232-25+deb9u1 + [jessie] - systemd (Vulnerable code not present) + [wheezy] - systemd (Vulnerable code not present) + NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/27/8 +CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\ ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9443 (BigTree CMS through 4.2.18 allows remote authenticated users to conduc ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9442 (BigTree CMS through 4.2.18 allows remote authenticated users to execut ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9441 (Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS thr ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPS ...) + {DSA-3914-1} + - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/462 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf +CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPD ...) + {DSA-3914-1 DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/460 + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718 +CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...) + - yara 3.6.1+dfsg-1 (low; bug #864518) + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: https://github.com/VirusTotal/yara/issues/674 + NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7 +CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This vulner ...) + NOT-FOR-US: Openbravo Business Suite +CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.que ...) + - teampass (bug #730180) +CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user ...) + - dolibarr 5.0.4+dfsg3-1 (bug #864569) + NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04 +CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read v ...) + - libcrypto++ 5.6.4-7 (bug #864214) + [jessie] - libcrypto++ (Minor issue) + [wheezy] - libcrypto++ (Minor issue) + NOTE: https://github.com/weidai11/cryptopp/issues/414 + NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965 +CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an out-of-bo ...) + {DSA-3875-1} + - libmwaw 0.3.9-2 (bug #864366) + NOTE: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/ +CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has an out ...) + - libstaroffice 0.0.3-3 (bug #864207) +CVE-2017-9431 (Google gRPC before 2017-04-05 has an out-of-bounds write caused by a h ...) + - grpc 1.3.2-0.1 (bug #864210) + NOTE: https://github.com/grpc/grpc/pull/10492 + NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064 +CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...) + - dnstracer (unimportant) + NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace. + NOTE: One scenario would be to have a web application that launches dnstracer + NOTE: with user supplied name strings to evaluate. +CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for WordPre ...) + NOT-FOR-US: Event List plugin for WordPress +CVE-2017-9428 (A directory traversal vulnerability exists in core\admin\ajax\develope ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remot ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection ...) + NOT-FOR-US: Piwigo extension +CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name paramet ...) + NOT-FOR-US: Piwigo extension +CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attacker ...) + NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET +CVE-2017-9423 + RESERVED +CVE-2017-9422 + REJECTED +CVE-2017-9421 (Authentication Bypass vulnerability in Accellion kiteworks before 2017 ...) + NOT-FOR-US: Accellion kiteworks +CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...) + NOT-FOR-US: Spiffy Calendar plugin for WordPress +CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fi ...) + NOT-FOR-US: Webhammer WP Custom Fields Search plugin for WordPress +CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for Wo ...) + NOT-FOR-US: WP-Testimonials plugin for WordPress +CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitra ...) + {DLA-1573-1} + - firmware-nonfree 20180518-1 (bug #869639) + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) + [wheezy] - firmware-nonfree (non-free not supported) + NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603 + NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2 +CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...) + - odoo (Fixed before initial upload to Debian) + NOTE: https://github.com/odoo/odoo/issues/17394 +CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allo ...) + NOT-FOR-US: Subsonic +CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to Po ...) + NOT-FOR-US: Subsonic +CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Podc ...) + NOT-FOR-US: Subsonic +CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Stat ...) + NOT-FOR-US: Jamroom +CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99. ...) + - lame 3.99.5+repack1-7 + [wheezy] - lame 3.99.5+repack1-3+deb7u1 + NOTE: Fixed by the improved 0001-Add-check-for-invalid-input-sample-rate.patch in + NOTE: 3.99.5+repack1-7, https://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/debian/patches?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09 + NOTE: http://seclists.org/fulldisclosure/2017/Jul/63 + NOTE: https://sourceforge.net/p/lame/bugs/463/ + NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago@gentoo +CVE-2017-9411 + REJECTED +CVE-2017-9410 + REJECTED +CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows atta ...) + {DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864090) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/458 +CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...) + {DSA-4079-1} + - poppler 0.57.0-2 (low; bug #864009) + [wheezy] - poppler (Vulnerable code not present) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b21b041f7948680c03109f0c404400a9dbc4544c +CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows at ...) + {DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864089) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/459 +CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the functi ...) + {DSA-4079-1} + - poppler 0.57.0-2 (low; bug #864010) + [wheezy] - poppler (Vulnerable code not present) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4 +CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allow ...) + {DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864087) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/457 +CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...) + {DLA-984-1 DLA-983-1} + - tiff 4.0.8-1 + [jessie] - tiff 4.0.3-12.3+deb8u4 + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b + NOTE: Possibly sensible to add the other memory leaks fixes in OJPEGReadHeaderInfoSecTables + NOTE: method from tif_ojpeg.c, i.e.: + NOTE: https://github.com/vadz/libtiff/commit/e9bd1b06fe25219cf0873fca70e46f01843fd9f4 + NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1 + NOTE: Reproducing the issue itself is "covered" after fixing https://github.com/vadz/libtiff/commit/5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 + NOTE: To verify 2ea32f7372b65c24b2816f11c04bf59b5090d05b fixes the issue build src:tiff + NOTE: with ASAN with 5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 reverted. Before the + NOTE: 2ea32f7372b65c24b2816f11c04bf59b5090d05b commit the Direct leak of 73 byte + NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688 + NOTE: is shown. +CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the functio ...) + {DLA-984-1 DLA-983-1} + - tiff 4.0.8-1 + [jessie] - tiff 4.0.3-12.3+deb8u4 + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b +CVE-2017-9402 + RESERVED +CVE-2017-9401 + RESERVED +CVE-2017-9400 + RESERVED +CVE-2017-9399 + RESERVED +CVE-2017-9398 + RESERVED +CVE-2017-9397 + RESERVED +CVE-2017-9396 + RESERVED +CVE-2017-9395 + RESERVED +CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Governance ...) + NOT-FOR-US: CA Identity Governance +CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote a ...) + NOT-FOR-US: CA Identity Manager +CVE-2017-9392 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9391 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9390 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera devices +CVE-2017-9389 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9388 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera devices +CVE-2017-9387 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9386 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9385 (An issue was discovered on Vera Veralite 1.7.481 devices. The device h ...) + NOT-FOR-US: Vera +CVE-2017-9384 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera devices +CVE-2017-9383 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9382 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera +CVE-2017-9381 (An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 d ...) + NOT-FOR-US: Vera devices +CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...) + NOT-FOR-US: OpenEMR +CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear p ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit devic ...) + NOT-FOR-US: Barco ClickShare Base Unit device +CVE-2017-9376 (ManageEngine ServiceDesk Plus before 9314 contains a local file inclus ...) + NOT-FOR-US: ManageEngine ServiceDesk Plus +CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller emulato ...) + {DSA-3991-1 DLA-1927-1} + - qemu 1:2.10.0-1 (bug #864219) + [wheezy] - qemu (vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (vulnerable code not present) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c +CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI Emu ...) + {DSA-3920-1 DLA-1497-1} + - qemu 1:2.8+dfsg-7 (bug #864568) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0 +CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emu ...) + {DSA-3920-1 DLA-1497-1} + - qemu 1:2.8+dfsg-7 (bug #864216) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04 +CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) +CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in th ...) + NOT-FOR-US: BlackBerry +CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...) + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) +CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces S ...) + NOT-FOR-US: BlackBerry Workspaces Server +CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces Serve ...) + NOT-FOR-US: BlackBerry Workspaces Server +CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS ...) + NOT-FOR-US: Telaxus EPESI +CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an a ...) + NOT-FOR-US: BigTree CMS +CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...) + NOT-FOR-US: Soffid IAM console +CVE-2017-9362 (ManageEngine ServiceDesk Plus before 9312 contains an XML injection at ...) + NOT-FOR-US: ManageEngine ServiceDesk Plus +CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/detail ...) + NOT-FOR-US: WebsiteBaker +CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/det ...) + NOT-FOR-US: WebsiteBaker +CVE-2017-9357 + RESERVED +CVE-2017-9356 (Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability ...) + NOT-FOR-US: Sitecore.NET +CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...) + - asterisk 1:13.14.1~dfsg-2 (bug #863906) + [jessie] - asterisk (11.x series not affected) + [wheezy] - asterisk (Vulnerable code not present) + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt +CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source 1 ...) + {DSA-3933-1} + - pjproject 2.5.5~dfsg-6 (bug #863902) + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt + NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939 +CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x be ...) + {DSA-3933-1} + - pjproject 2.5.5~dfsg-6 (bug #863901) + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt +CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...) + NOT-FOR-US: Subsonic +CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector co ...) + - wireshark 2.2.7-1 (bug #864058) + [jessie] - wireshark (vulnerable code introduced later) + [wheezy] - wireshark (vulnerable code introduced later) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5debcf56eda16064c10f4e22b3db326c8b53406b +CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Only affects 2.2.x) + [wheezy] - wireshark (Only affects 2.2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675 +CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8d7690a59059821e2a2a84ac8d925aa5e70b7ba +CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector co ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-24.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609 +CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissec ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6431695049116176361ce4691dfd3c77ab19858 + NOTE: When fixing this entry make sure to apply the complete fix and adding + NOTE: the related commits from the CVE-2017-11411. Otherwise those releases + NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix. +CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector h ...) + {DLA-1729-1} + - wireshark 2.2.7-1 (low; bug #864058) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685 +CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...) + - wireshark 2.2.7-1 (bug #864058) + [jessie] - wireshark (Only affects 2.2.x) + [wheezy] - wireshark (Only affects 2.2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-23.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608 +CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...) + - wireshark 2.2.7-1 (bug #864058) + [stretch] - wireshark (Minor issue) + [jessie] - wireshark (Only affects 2.2.x) + [wheezy] - wireshark (Only affects 2.2.x) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637 +CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissecto ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7eab596c0824e6fa20aad6932bcd2fdb94b86edf +CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector cou ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6408d6a8e842148f677a9f9413776ebaa150bb0 +CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP d ...) + {DLA-1729-1} + - wireshark 2.2.7-1 (low; bug #864058) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701 +CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector m ...) + - wireshark 2.2.7-1 (low; bug #864058) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7c39a77e8b6ed204d7c1ec9afd712ef30ac2db26 +CVE-2017-9342 + RESERVED +CVE-2017-9341 + RESERVED +CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin t ...) + - owncloud +CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of ...) + - owncloud +CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...) + - owncloud +CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XS ...) + NOT-FOR-US: WordPress plugin +CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerabili ...) + NOT-FOR-US: WordPress plugin +CVE-2017-9335 + RESERVED +CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...) + NOT-FOR-US: OpenWebif +CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...) + NOT-FOR-US: PivotX +CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored C ...) + NOT-FOR-US: Telaxus EPESI +CVE-2017-9329 + RESERVED +CVE-2017-9328 (Shell metacharacter injection vulnerability in /usr/www/include/ajax/G ...) + NOT-FOR-US: TerraMaster TOS +CVE-2017-9327 (Secret data of processes managed by CM is not secured by file permissi ...) + NOT-FOR-US: Cloudera +CVE-2017-9326 (The keystore password for the Spark History Server may be exposed in u ...) + NOT-FOR-US: Cloudera +CVE-2017-9325 (The provided secure solrconfig.xml sample configuration does not enfor ...) + NOT-FOR-US: Cloudera +CVE-2017-9334 (An incorrect "pair?" check in the Scheme "length" procedure results in ...) + - chicken 4.12.0-0.2 (low; bug #863884) + [stretch] - chicken (Minor issue) + [jessie] - chicken (Minor issue) + [wheezy] - chicken (Minor issue) + NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html + NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html +CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI E ...) + {DSA-3920-1 DLA-1497-1} + - qemu 1:2.8+dfsg-7 (bug #863943) + [wheezy] - qemu (Vulnerable code no present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code no present) + NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d +CVE-2017-9324 (In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through ...) + {DSA-3876-1} + - otrs2 5.0.20-1 (bug #864319) + [stretch] - otrs2 5.0.16-1+deb9u1 + [wheezy] - otrs2 (does not affect version 3.1.7) + NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/ + NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3 +CVE-2017-9323 + REJECTED +CVE-2017-9322 + REJECTED +CVE-2017-9321 + REJECTED +CVE-2017-9320 + RESERVED +CVE-2017-9319 + RESERVED +CVE-2017-9318 + RESERVED +CVE-2017-9317 (Privilege escalation vulnerability found in some Dahua IP devices. Att ...) + NOT-FOR-US: Dahua +CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in Dahu ...) + NOT-FOR-US: Dahua +CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device inf ...) + NOT-FOR-US: Dahua +CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52X ...) + NOT-FOR-US: Dahua NVR +CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1 ...) + - webmin +CVE-2017-9312 (Improperly implemented option-field processing in the TCP/IP stack on ...) + NOT-FOR-US: Allen-Bradley +CVE-2017-9311 + RESERVED +CVE-2017-9309 + RESERVED +CVE-2017-9308 + RESERVED +CVE-2017-9307 (SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remo ...) + NOT-FOR-US: Allen Disk +CVE-2017-9306 (inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to ...) + NOT-FOR-US: sysPass +CVE-2017-9305 (lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 all ...) + - tikiwiki +CVE-2017-9304 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attacker ...) + - yara 3.6.1+dfsg-1 (bug #863842) + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: https://github.com/VirusTotal/yara/issues/674 + NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699 +CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running Fle ...) + NOT-FOR-US: FlexNet Publisher +CVE-2016-10394 + RESERVED + NOT-FOR-US: Android Qualcomm closed-source components +CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Android Qualcomm closed-source components +CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9095 + REJECTED +CVE-2015-9094 + REJECTED +CVE-2015-9093 + REJECTED +CVE-2015-9092 + REJECTED +CVE-2015-9091 + REJECTED +CVE-2015-9090 + REJECTED +CVE-2015-9089 + REJECTED +CVE-2015-9088 + REJECTED +CVE-2015-9087 + REJECTED +CVE-2015-9086 + REJECTED +CVE-2015-9085 + REJECTED +CVE-2015-9084 + REJECTED +CVE-2015-9083 + REJECTED +CVE-2015-9082 + REJECTED +CVE-2015-9081 + REJECTED +CVE-2015-9080 + REJECTED +CVE-2015-9079 + REJECTED +CVE-2015-9078 + REJECTED +CVE-2015-9077 + REJECTED +CVE-2015-9076 + REJECTED +CVE-2015-9075 + REJECTED +CVE-2015-9074 + REJECTED +CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.20 doe ...) + - glibc 2.19-14 + - eglibc + [wheezy] - eglibc (Vulnerable code not present) + NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f +CVE-2014-9982 + REJECTED +CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to ...) + {DSA-3981-1 DLA-1099-1} + - linux 4.11.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5) + NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5) +CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an in ...) + {DLA-1011-1} + - sudo 1.8.20p1-1.1 (bug #863897) + [buster] - sudo 1.8.19p1-2.1 + [stretch] - sudo 1.8.19p1-2.1 + [jessie] - sudo 1.8.10p3-1+deb8u5 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/02/7 + NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd +CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an inpu ...) + {DSA-3867-1 DLA-970-1} + - sudo 1.8.20p1-1 (bug #863731) + [buster] - sudo 1.8.19p1-2 + [stretch] - sudo 1.8.19p1-2 + NOTE: https://www.sudo.ws/alerts/linux_tty.html + NOTE: https://www.openwall.com/lists/oss-security/2017/05/30/16 + NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b +CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation su ...) + {DSA-3920-1} + - qemu 1:2.8+dfsg-7 (bug #863840) + [jessie] - qemu (Vulnerable code not present; e1000e introduced in 2.7.0-rc0) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b77 +CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host porti ...) + - php-laravel-framework (Fixed before initial upload to Debian) +CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of serv ...) + NOT-FOR-US: RealPlayer +CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...) + - vlc 2.2.5.1-1 + [wheezy] - vlc (Not supported in wheezy LTS) +CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 al ...) + {DSA-4045-1} + - vlc 2.2.6-3 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3 +CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=Age ...) + NOTE: This report for OTRS is quite vague/unclear and upstream can + NOTE: not track the issue down to a specific fixed release claims though that + NOTE: it should not be reproducible with versions later than 3.3.17. +CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before 8. ...) + NOT-FOR-US: Hitacho Device Manager +CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...) + NOT-FOR-US: Hitacho Device Manager +CVE-2017-9296 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...) + NOT-FOR-US: Hitacho Device Manager +CVE-2017-9295 (XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitach ...) + NOT-FOR-US: Hitacho Device Manager +CVE-2017-9294 (RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows rem ...) + NOT-FOR-US: Hitacho Device Manager +CVE-2017-9293 + RESERVED +CVE-2017-9292 (Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug ...) + NOT-FOR-US: Lansweeper +CVE-2017-9291 + RESERVED +CVE-2017-9290 + RESERVED +CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in no ...) + NOT-FOR-US: Bram Korsten Note +CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...) + NOT-FOR-US: WordPress plugin +CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an unsa ...) + NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud +CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions whe ...) + NOT-FOR-US: NetIQ eDirectory +CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive in ...) + NOT-FOR-US: IDM +CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus Vi ...) + NOT-FOR-US: Micro Focus VisiBroker +CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...) + NOT-FOR-US: Micro Focus VisiBroker +CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an out-of-bounds rea ...) + NOT-FOR-US: Micro Focus VisiBroker +CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity Manager 4.5.6 ...) + NOT-FOR-US: NetIQ Identity Manager +CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files with dou ...) + NOT-FOR-US: NetIQ Identity Manager +CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS l ...) + NOT-FOR-US: NetIQ Identity Manager +CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to ...) + NOT-FOR-US: Novell eDirectory +CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate parameter ...) + NOT-FOR-US: Novell Access Manager iManager +CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...) + NOT-FOR-US: NetIQ Identity Reporting +CVE-2017-9274 (A shell command injection in the obs-service-source_validator before 0 ...) + - osc 0.162.1-1 (bug #887391) + [stretch] - osc (Minor issue) + [jessie] - osc (Minor issue) + [wheezy] - osc (Minor issue) + NOTE: Details in https://bugzilla.suse.com/show_bug.cgi?id=938556 + NOTE: SUSE adressed the issue not only in the obs-service-source_validator + NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.: + NOTE: https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1 +CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...) + NOT-FOR-US: IDM +CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptib ...) + NOT-FOR-US: IDM +CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy credentia ...) + - libzypp 17.25.5-2 (low; bug #988152) + [buster] - libzypp (Minor issue) + [jessie] - libzypp (Minor issue) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625 + NOTE: https://github.com/openSUSE/libzypp/commit/c693f46ca9bf18dda9b4b56f78e069e26b5b03ff (17.25.3) +CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC reque ...) + NOT-FOR-US: SuSE cryptctl +CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories we ...) + - libzypp 17.3.1-1 (bug #899065) + [jessie] - libzypp (Minor issue) +CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...) + - open-build-service 2.9.4-1 (low) + [stretch] - open-build-service (Minor issue) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519 + NOTE: https://github.com/openSUSE/open-build-service/pull/3267 + NOTE: https://github.com/openSUSE/open-build-service/pull/3269 + NOTE: https://github.com/openSUSE/open-build-service/commit/b43efe6be46387b16c0b27cf8ee7b9ca53f905ef +CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not strictl ...) + NOT-FOR-US: Novell eDirectory +CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...) + NOT-FOR-US: Joomla addon +CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...) + NOT-FOR-US: e107 +CVE-2017-9266 + RESERVED +CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsin ...) + [experimental] - openvswitch 2.8.1+dfsg1-1 + - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662) + [jessie] - openvswitch (Vulnerable code not present) + [wheezy] - openvswitch (Vulnerable code not present) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html + NOTE: OpenFlow 1.5 support still incomplete +CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS ...) + [experimental] - openvswitch 2.8.1+dfsg1-1 + - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661) + [jessie] - openvswitch (Vulnerable code not present; connection tracking support introduced in 2.6.0) + [wheezy] - openvswitch (Vulnerable code not present; connection tracking support introduced in 2.6.0) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html + NOTE: Userspace data path not enabled in Debian packaging +CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status mes ...) + [experimental] - openvswitch 2.8.1+dfsg1-1 + - openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655) + [jessie] - openvswitch (No controllers implemented, cf. #863655) + [wheezy] - openvswitch (No controllers implemented, cf. #863655) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html + NOTE: Controllers shipped in Debian not vulnerable, see #863655 +CVE-2017-9262 (In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c ...) + {DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863834) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/475 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8 +CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c ...) + {DLA-1000-1} + - imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863833) + [jessie] - imagemagick 8:6.8.9.9-5+deb8u10 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/476 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199 +CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_opti ...) + - soundtouch 1.9.2-3 (low; bug #870857) + [stretch] - soundtouch 1.9.2-2+deb9u1 + [jessie] - soundtouch 1.8.0-1+deb8u1 + [wheezy] - soundtouch (Minor issue) +CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in source/SoundTouch/TD ...) + - soundtouch 1.9.2-3 (low; bug #870856) + [stretch] - soundtouch 1.9.2-2+deb9u1 + [jessie] - soundtouch 1.8.0-1+deb8u1 + [wheezy] - soundtouch (Minor issue) +CVE-2017-9258 (The TDStretch::processSamples function in source/SoundTouch/TDStretch. ...) + - soundtouch 1.9.2-3 (low; bug #870854) + [stretch] - soundtouch 1.9.2-2+deb9u1 + [jessie] - soundtouch 1.8.0-1+deb8u1 + [wheezy] - soundtouch (Minor issue) +CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switc ...) + - openvswitch 2.6.1+git20161123-1 + [jessie] - openvswitch (Vulnerable code using tot_len introduced later) + [wheezy] - openvswitch (Vulnerable code using tot_len introduced later) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html +CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...) + {DSA-3868-1 DLA-972-1} + - openldap 2.4.44+dfsg-5 (bug #863563) + NOTE: http://www.openldap.org/its/?findid=8655 + NOTE: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e +CVE-2017-9252 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: FineCMS +CVE-2017-9251 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: FineCMS +CVE-2017-9250 (The lexer_process_char_literal function in jerry-core/parser/js/js-lex ...) + NOT-FOR-US: jerryscript +CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remo ...) + NOT-FOR-US: Allen Disk +CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2 ...) + NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX +CVE-2017-9247 (Multiple unquoted service path vulnerabilities in Sierra Wireless Wind ...) + NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages +CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...) + NOT-FOR-US: New Relic .NET Agent +CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allow ...) + NOT-FOR-US: Google News and Weather application for Android +CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before 4.0. ...) + NOT-FOR-US: Trello +CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...) + NOT-FOR-US: Aries QWR-1104 Wireless-N Router +CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...) + {DLA-2259-1 DLA-974-1} + - picocom 1.7-2 (bug #863671) + NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1 +CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux k ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a +CVE-2017-9241 + RESERVED +CVE-2017-9240 + RESERVED +CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote ...) + {DSA-3943-1 DLA-967-1} + - gajim 0.16.6-1.1 (bug #863445) + NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc + NOTE: https://dev.gajim.org/gajim/gajim/issues/8378 +CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...) + {DLA-2194-1 DLA-976-1} + - yodl 3.07.01-1 + NOTE: https://github.com/fbb-git/yodl/issues/1 + NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3 +CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...) + {DLA-963-1} + - exiv2 0.25-3.1 (bug #863410) + [jessie] - exiv2 (Minor issue) + NOTE: http://dev.exiv2.org/issues/1296 + NOTE: fix: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8 +CVE-2017-9238 + RESERVED +CVE-2017-9237 + RESERVED +CVE-2017-9236 + RESERVED +CVE-2017-9235 + RESERVED +CVE-2017-9234 + RESERVED +CVE-2017-9233 (XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...) + {DSA-3898-1 DLA-990-1} + - expat 2.2.1-1 + NOTE: https://libexpat.github.io/doc/cve-2017-9233/ + NOTE: https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f +CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a ...) + - juju +CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...) + NOT-FOR-US: Citrix +CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...) + NOT-FOR-US: Bitcoin Proof-of-Work algorithm +CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + {DLA-958-1} + - libonig 6.1.3-2 (bug #863318) + [jessie] - libonig 5.9.5-3.2+deb8u1 + NOTE: https://github.com/kkos/oniguruma/issues/59 + NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d +CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + {DLA-958-1} + - libonig 6.1.3-2 (bug #863316) + [jessie] - libonig 5.9.5-3.2+deb8u1 + NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b + NOTE: https://github.com/kkos/oniguruma/issues/60 +CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + {DLA-958-1} + - libonig 6.1.3-2 (bug #863315) + [jessie] - libonig 5.9.5-3.2+deb8u1 + NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814 + NOTE: https://github.com/kkos/oniguruma/issues/58 +CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + {DLA-958-1} + - libonig 6.1.3-2 (bug #863314) + [jessie] - libonig 5.9.5-3.2+deb8u1 + NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a + NOTE: https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6 + NOTE: https://github.com/kkos/oniguruma/issues/55 +CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + - libonig 6.1.3-2 (bug #863313) + [jessie] - libonig (Vulnerable code introduced later) + [wheezy] - libonig (Vulnerable code introduced later) + NOTE: https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f + NOTE: https://github.com/kkos/oniguruma/issues/56 +CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod i ...) + {DLA-958-1} + - libonig 6.1.3-2 (bug #863312) + [jessie] - libonig 5.9.5-3.2+deb8u1 + NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b + NOTE: https://github.com/kkos/oniguruma/issues/57 +CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware Adv ...) + {DLA-1077-1} + - faad2 2.8.1-1 (low; bug #867724) + [stretch] - faad2 2.8.0~cvs20161113-1+deb9u1 + [jessie] - faad2 2.7-8+deb8u1 +CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...) + [experimental] - systemd 233-8 + - systemd 232-24 (bug #863277) + [jessie] - systemd (vulnerable code introduced later) + [wheezy] - systemd (vulnerable code introduced later) + NOTE: https://github.com/systemd/systemd/pull/5998 +CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscri ...) + {DLA-2796-1} + - jbig2dec 0.13-5 (bug #863279) + [jessie] - jbig2dec (Minor issue) + [wheezy] - jbig2dec (Minor issue, can be fixed in a future update) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853 +CVE-2017-9215 + RESERVED +CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_RE ...) + {DLA-2571-1} + [experimental] - openvswitch 2.8.1+dfsg1-1 + - openvswitch 2.8.1+dfsg1-2 (bug #863228) + [jessie] - openvswitch (Vulnerable code not present) + [wheezy] - openvswitch (Vulnerable code not present) + NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html +CVE-2017-9213 + RESERVED +CVE-2017-9212 (The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the ...) + NOT-FOR-US: Bluetooth stack on the BMW 330i 2011 +CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linu ...) + - linux 4.9.30-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9 +CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a "negative-size-param" issue i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a "left shift ... cannot be rep ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in typ ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read i ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...) + - autotrace + [wheezy] - autotrace (Not supported in wheezy LTS) +CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel bef ...) + - linux 4.9.30-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07 +CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #863390) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 + NOTE: https://github.com/qpdf/qpdf/issues/101 +CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #863390) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 + NOTE: https://github.com/qpdf/qpdf/issues/100 +CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of s ...) + [experimental] - qpdf 7.0~b1-1 + - qpdf 7.0.0-1 (low; bug #863390) + [stretch] - qpdf (Minor issue) + [jessie] - qpdf (Minor issue) + [wheezy] - qpdf (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/23/10 + NOTE: https://github.com/qpdf/qpdf/issues/99 +CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allo ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allow ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allow ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before ...) + {DLA-977-1} + - freeradius 3.0.12+dfsg-5 (bug #863673) + [jessie] - freeradius (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/29/1 + NOTE: http://freeradius.org/security.html#session-resumption-2017 + NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563 +CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ti ...) + {DLA-984-1 DLA-983-1} + - tiff 4.0.8-2 (bug #863185) + [jessie] - tiff 4.0.3-12.3+deb8u4 + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693 +CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through ...) + - libytnef 1.9.3-1 (bug #862707) + [stretch] - libytnef (Minor issue, can be fixed via a point update) + [jessie] - libytnef (Minor issue, can be fixed via a point update) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/47 + NOTE: https://github.com/Yeraze/ytnef/commit/c576639e7e6bd9c7de0a288b9f94590d34ac9215 +CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not p ...) + - tikiwiki +CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a cras ...) + {DSA-4040-1 DLA-1081-1} + - imagemagick 8:6.9.7.4+dfsg-12 (bug #868469) + [stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/502 + NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373 + NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23 +CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash becaus ...) + {DSA-3863-1 DLA-1081-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-9 (bug #863126) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198 +CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-9 (bug #863125) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/490 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a +CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-9 (bug #863124) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/489 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd +CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allo ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-9 (bug #863123) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/456 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4 +CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebFo ...) + NOT-FOR-US: Telerik +CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers (FH1202/F ...) + NOT-FOR-US: Tenda +CVE-2017-9138 (There is a debug-interface vulnerability on some Tenda routers (FH1202 ...) + NOT-FOR-US: Tenda +CVE-2017-9137 (Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default pas ...) + NOT-FOR-US: Ceragon FibeAir +CVE-2017-9136 (An issue was discovered on Mimosa Client Radios before 2.2.3. In the d ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9135 (An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimos ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9134 (An information-leakage issue was discovered on Mimosa Client Radios be ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9133 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9132 (A hard-coded credentials issue was discovered on Mimosa Client Radios ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9131 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimos ...) + NOT-FOR-US: Mimosa Client Radios +CVE-2017-9130 (The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio ...) + - faac 1.29+git20170704-1 (bug #865909) + [stretch] - faac (Non-free not supported) + [jessie] - faac (Non-free not supported) + NOTE: https://www.exploit-db.com/exploits/42207/ +CVE-2017-9129 (The wav_open_read function in frontend/input.c in Freeware Advanced Au ...) + - faac 1.29+git20170704-1 (bug #865909) + [stretch] - faac (Non-free not supported) + [jessie] - faac (Non-free not supported) + NOTE: https://www.exploit-db.com/exploits/42207/ +CVE-2017-9128 (The quicktime_video_width function in lqt_quicktime.c in libquicktime ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9127 (The quicktime_user_atoms_read_atom function in useratoms.c in libquick ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9126 (The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9125 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9124 (The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9123 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2 ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allow ...) + {DLA-1042-1} + - libquicktime 2:1.2.4-11 (low; bug #864664) + [stretch] - libquicktime 2:1.2.4-10+deb9u1 + [jessie] - libquicktime (Minor issue) +CVE-2017-9121 + RESERVED +CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial of ser ...) + - php7.2 (unimportant) + - php7.1 (unimportant) + - php7.0 (unimportant) + - php5 (Not reproducible, vulnerable code not present.) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544 + NOTE: Not treated as a security issue by upstream +CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 all ...) + - php7.1 (unimportant) + - php7.0 (unimportant) + - php5 (unimportant) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593 + NOTE: Only triggerable by malicious script +CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a c ...) + - php7.2 (unimportant) + - php7.1 (unimportant) + - php7.0 (unimportant) + - php5 (unimportant) + NOTE: Check for Jessie again as soon as more information are available. + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74604 + NOTE: Not treated as a security issue by upstream +CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying t ...) + - tiff (unimportant) + - tiff3 (Does not ship libtiff-tools) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690 + NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2 +CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...) + {DLA-2358-1 DLA-1083-1} + - openexr 2.2.0-11.1 (bug #864078) + [jessie] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) +CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator functio ...) + {DSA-4755-1 DLA-2358-1} + - openexr 2.5.3-2 (bug #873885) + [jessie] - openexr (Minor issue) + [wheezy] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) +CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...) + {DLA-2358-1 DLA-1083-1} + - openexr 2.2.0-11.1 (bug #864078) + [jessie] - openexr (ImfFastHuf.cpp / DWA compressor introduced v2.2) + [wheezy] - openexr (ImfFastHuf.cpp / DWA compressor introduced v2.2) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) +CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...) + {DSA-4755-1 DLA-2358-1} + - openexr 2.5.3-2 (low; bug #873885) + [jessie] - openexr (Minor issue) + [wheezy] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) +CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...) + {DLA-2358-1 DLA-1083-1} + - openexr 2.2.0-11.1 (bug #864078) + [jessie] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) +CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...) + {DSA-4755-1 DLA-2358-1} + - openexr 2.5.3-2 (bug #873885) + [jessie] - openexr (Minor issue) + [wheezy] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/401#issuecomment-513721310 (v2.4.0) +CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...) + {DLA-2358-1 DLA-1083-1} + - openexr 2.2.0-11.1 (bug #864078) + [jessie] - openexr (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/12/5 + NOTE: https://github.com/openexr/openexr/issues/232 + NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/49db4a4192482eec9c27669f75db144cf5434804 (v2.2.1) +CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868 + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90 + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13 + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47 + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...) + - adns 1.6.0-2 (unimportant) + NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2 + NOTE: Stub resolver that should only be used with trusted recursors +CVE-2017-9102 + RESERVED +CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows re ...) + NOT-FOR-US: PlaySMS +CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash c ...) + - jasypt 1.9.2-1 + [jessie] - jasypt (Minor issue) + [wheezy] - jasypt (Minor issue) + NOTE: https://sourceforge.net/p/jasypt/code/668/ +CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote ...) + NOT-FOR-US: D-Link +CVE-2017-9099 + RESERVED +CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninit ...) + {DSA-3863-1 DLA-1456-1 DLA-960-1 DLA-953-1} + - imagemagick 8:6.9.7.4+dfsg-9 (bug #862967) + - graphicsmagick 1.3.24-1 + NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b + NOTE: GraphicsMagick fix: http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c + NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html +CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through ...) + NOT-FOR-US: Anti-Web +CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not dis ...) + NOT-FOR-US: iText +CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files th ...) + NOT-FOR-US: Diving Log +CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsene ...) + NOT-FOR-US: ImageWorsener +CVE-2017-9092 + RESERVED +CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION[' ...) + NOT-FOR-US: Allen Disk +CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha'][ ...) + NOT-FOR-US: Allen Disk +CVE-2017-9089 + RESERVED +CVE-2017-9088 + RESERVED +CVE-2017-9087 + RESERVED +CVE-2017-9086 + RESERVED +CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6. ...) + NOT-FOR-US: Kodak InSite +CVE-2017-9084 + RESERVED +CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL point ...) + - poppler (unimportant; bug #863016) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101084 + NOTE: Does not use JPX decoder but openjpeg; affected only source wise +CVE-2017-9082 + RESERVED +CVE-2017-9081 + RESERVED +CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...) + NOT-FOR-US: PlaySMS +CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...) + {DSA-3859-1 DLA-948-1} + - dropbear 2016.74-5 (bug #862970) + NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/0d889b068123 +CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...) + {DSA-3859-1} + - dropbear 2016.74-5 (bug #862970) + [wheezy] - dropbear (Vulnerable code not present) + NOTE: Patch: https://hg.ucc.asn.au/dropbear/rev/c8114a48837c +CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 +CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52 +CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8 +CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through 4.11 ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1 +CVE-2017-9073 + REJECTED +CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. Calend ...) + NOT-FOR-US: CalendarXP +CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger ...) + NOT-FOR-US: MODX Revolution +CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit permissions ...) + NOT-FOR-US: MODX Revolution +CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload permissions i ...) + NOT-FOR-US: MODX Revolution +CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger Reflec ...) + NOT-FOR-US: MODX Revolution +CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker i ...) + NOT-FOR-US: MODX Revolution +CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in hw/display/virti ...) + - qemu 1:2.10.0-1 (unimportant) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for + NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is + NOTE: still present. + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d +CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows loc ...) + - linux 4.9.30-1 + [jessie] - linux (Introduced in 4.9) + [wheezy] - linux (Introduced in 4.9) +CVE-2017-9057 + RESERVED +CVE-2017-9056 + RESERVED +CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf 2017- ...) + - dwarfutils 20170416-2 (bug #864064) + [stretch] - dwarfutils 20161124-1+deb9u1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001 +CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf 2017- ...) + - dwarfutils 20170416-2 (bug #864064) + [stretch] - dwarfutils 20161124-1+deb9u1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002 +CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf 2017- ...) + - dwarfutils 20170416-2 (bug #864064) + [stretch] - dwarfutils 20161124-1+deb9u1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005 +CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf 2017- ...) + - dwarfutils 20170416-2 (bug #864064) + [stretch] - dwarfutils 20161124-1+deb9u1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006 +CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to NU ...) + - libav (low) + [jessie] - libav (Tested with the original reproducer, 0.11 branch not vulnerable) + [wheezy] - libav (Tested with the original reproducer, 0.8 branch not vulnerable) + - ffmpeg 7:2.6.1-1 (low) + NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch + NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3 + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039 +CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...) + {DSA-3952-1 DLA-1008-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #863018) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e26630548e7d138d2c560844c43820b6767251e3 +CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buff ...) + {DSA-3952-1 DLA-1008-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #863019) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e26630548e7d138d2c560844c43820b6767251e3 +CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buf ...) + {DSA-3952-1 DLA-1008-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #863021) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab41475d4aa429c27d9afd175959d74 +CVE-2017-9047 (A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g074180 ...) + {DSA-3952-1 DLA-1008-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #863022) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/15/1 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/932cc9896ab41475d4aa429c27d9afd175959d74 +CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code e ...) + NOT-FOR-US: Pegasus Mail +CVE-2017-9045 (The Google I/O 2017 application before 5.1.4 for Android downloads mul ...) + NOT-FOR-US: Google I/O 2017 application +CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU Binu ...) + - binutils 2.29-1 (low) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) +CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large f ...) + - binutils 2.29-1 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54 +CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in t ...) + - binutils 2.29-1 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf +CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) + - binutils 2.28-6 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3 +CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of s ...) + - binutils 2.29-1 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf +CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) + - binutils 2.28-6 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5 +CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...) + - binutils 2.28-6 (low; bug #863674) + [stretch] - binutils (Minor issue) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d +CVE-2017-9037 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...) + NOT-FOR-US: Trend Micro +CVE-2017-9036 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local us ...) + NOT-FOR-US: Trend Micro +CVE-2017-9035 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...) + NOT-FOR-US: Trend Micro +CVE-2017-9034 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attacker ...) + NOT-FOR-US: Trend Micro +CVE-2017-9033 (Cross-site request forgery (CSRF) vulnerability in Trend Micro ServerP ...) + NOT-FOR-US: Trend Micro +CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Ser ...) + NOT-FOR-US: Trend Micro +CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer over- ...) + - libytnef 1.9.2-2 (low; bug #862556) + [jessie] - libytnef (Minor issue) + [wheezy] - libytnef (Minor issue) + NOTE: https://github.com/Yeraze/ytnef/issues/45 +CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) + NOT-FOR-US: Joomla extension +CVE-2017-9029 + RESERVED +CVE-2017-9028 + RESERVED +CVE-2017-9027 + RESERVED +CVE-2017-9026 (Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6 ...) + NOT-FOR-US: HooHoo Trip Mate +CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...) + NOT-FOR-US: HooHoo Trip Mate +CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation i ...) + {DLA-1075-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + [jessie] - wordpress 4.1+dfsg-1+deb8u16 + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11 +CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for po ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4 +CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnera ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67 +CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3 +CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta dat ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381 +CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-1 (bug #862816) + NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/ + NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6 +CVE-2017-9024 (Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes S ...) + NOT-FOR-US: Secure Bytes Cisco Configuration Manager +CVE-2017-9023 (The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE ...) + {DSA-3866-1 DLA-973-1} + - strongswan 5.5.1-4 + NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23 +CVE-2017-9022 (The gmp plugin in strongSwan before 5.5.3 does not properly validate R ...) + {DSA-3866-1 DLA-973-1} + - strongswan 5.5.1-4 + NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3 +CVE-2017-9021 + REJECTED +CVE-2017-9020 + RESERVED +CVE-2016-10373 + REJECTED +CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, wh ...) + NOT-FOR-US: Eir D1000 modem +CVE-2017-9019 + RESERVED +CVE-2017-9018 + REJECTED +CVE-2017-9017 + REJECTED +CVE-2017-9016 + REJECTED +CVE-2017-9015 + REJECTED +CVE-2017-9014 + REJECTED +CVE-2017-9013 + REJECTED +CVE-2017-9012 + REJECTED +CVE-2017-9011 + REJECTED +CVE-2017-9010 + REJECTED +CVE-2017-9009 + REJECTED +CVE-2017-9008 + REJECTED +CVE-2017-9007 + REJECTED +CVE-2017-9006 + REJECTED +CVE-2017-9005 + REJECTED +CVE-2017-9004 + REJECTED +CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...) + NOT-FOR-US: Aruba +CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...) + NOT-FOR-US: Aruba +CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lockout ...) + NOT-FOR-US: Aruba +CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...) + NOT-FOR-US: Aruba +CVE-2017-8999 + REJECTED +CVE-2017-8998 + REJECTED +CVE-2017-8997 + REJECTED +CVE-2017-8996 + REJECTED +CVE-2017-8995 + REJECTED +CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...) + NOT-FOR-US: HPE +CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...) + NOT-FOR-US: HPE Project and Portfolio Management +CVE-2017-8992 (HPE has identified a remote privilege escalation vulnerability in HPE ...) + NOT-FOR-US: HPE +CVE-2017-8991 (HPE has identified a cross site scripting (XSS) vulnerability in HPE C ...) + NOT-FOR-US: HPE +CVE-2017-8990 (A remote code execution vulnerability was identified in HPE Intelligen ...) + NOT-FOR-US: HPE +CVE-2017-8989 (A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, ...) + NOT-FOR-US: HPE +CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identified ...) + NOT-FOR-US: HPE +CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...) + NOT-FOR-US: HPE +CVE-2017-8986 + REJECTED +CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...) + NOT-FOR-US: HPE XP Storage +CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE Intell ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent Ma ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) fi ...) + NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware +CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...) + NOT-FOR-US: HPE IceWall Products +CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...) + NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance +CVE-2017-8976 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...) + NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance +CVE-2017-8975 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise Mo ...) + NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance +CVE-2017-8974 (A Local Authentication Restriction Bypass vulnerability in HPE NonStop ...) + NOT-FOR-US: HPE NonStop Server +CVE-2017-8973 (An improper input validation vulnerability in HPE Matrix Operating Env ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-8972 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-8971 (A clickjacking vulnerability in HPE Matrix Operating Environment versi ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability in HP ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control vers ...) + NOT-FOR-US: HPE Insight Control +CVE-2017-8968 (A remote execution of arbitrary code vulnerability has been identified ...) + NOT-FOR-US: HPE +CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8965 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8964 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8963 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8962 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard E ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8961 (A directory traversal vulnerability in HPE Intelligent Management Cent ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8960 (An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 SA ...) + NOT-FOR-US: HPE MSA +CVE-2017-8959 (An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA 204 ...) + NOT-FOR-US: HPE MSA +CVE-2017-8958 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8957 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8956 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8955 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8954 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-8953 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner v1 ...) + NOT-FOR-US: HPE LoadRunner +CVE-2017-8952 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) + NOT-FOR-US: HPE SiteScope +CVE-2017-8951 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) + NOT-FOR-US: HPE SiteScope +CVE-2017-8950 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) + NOT-FOR-US: HPE SiteScope +CVE-2017-8949 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope v ...) + NOT-FOR-US: HPE SiteScope +CVE-2017-8948 (A Remote Bypass Security Restriction vulnerability in HPE Network Node ...) + NOT-FOR-US: HPE Network Node Manager +CVE-2017-8947 (A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10 ...) + NOT-FOR-US: HPE UCMDB +CVE-2017-8946 (A Remote Code Execution vulnerability in HPE Aruba AirWave Glass versi ...) + NOT-FOR-US: HPE Aruba AirWave Glass +CVE-2017-8945 (A Remote Unauthorized Disclosure of Information vulnerability in HPE I ...) + NOT-FOR-US: HPE IceWall Federation Agent +CVE-2017-8944 (A Remote Disclosure of Information vulnerability in HPE Cloud Optimize ...) + NOT-FOR-US: HPE Cloud Optimizer +CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...) + NOT-FOR-US: PUMA PUMATRAC app +CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 ...) + NOT-FOR-US: YottaMark ShopWell app +CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does not veri ...) + NOT-FOR-US: Interval International app +CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS ...) + NOT-FOR-US: Zipongo app +CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not ve ...) + NOT-FOR-US: ellentube app +CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 ...) + NOT-FOR-US: Radio Javan app +CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certific ...) + NOT-FOR-US: Life Before Us Yo app +CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.2 ...) + NOT-FOR-US: MoboTap Dolphin Web Browser +CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does n ...) + NOT-FOR-US: Quest Information Systems Indiana Voters app +CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things ...) + - perltidy 20140328-2 (bug #862667) + [jessie] - perltidy (Minor issue; can be fixed via point release) + [wheezy] - perltidy (Minor issue) +CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...) + - golang-1.8 1.8.3-1 (bug #863307) + [stretch] - golang-1.8 (Minor issue, would require rebuilds of affected go-based packages in stable) + - golang-1.7 1.7.6-1 (bug #863308) + [stretch] - golang-1.7 (Minor issue, would require rebuilds of affected go-based packages in stable) + - golang + [wheezy] - golang (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) + [jessie] - golang (Vulnerable code not present, no ASM implementation of the p256 elliptic curve) + NOTE: Upstream issue: https://github.com/golang/go/issues/20040 + NOTE: Upstream patch: https://golang.org/cl/41070 + NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773 + NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770 +CVE-2017-8931 (Bitdefender GravityZone VMware appliance before 6.2.1-35 might allow a ...) + NOT-FOR-US: Bitdefender +CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple I ...) + NOT-FOR-US: Simple Invoices +CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allo ...) + - yara 3.6.0+dfsg-1 + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: https://github.com/VirusTotal/yara/issues/658 + NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e +CVE-2017-8928 (mailcow 0.14, as used in "mailcow: dockerized" and other products, has ...) + NOT-FOR-US: mailcow +CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory trave ...) + {DSA-3856-1 DLA-943-1} + - deluge 1.3.13+git20161130.48cedf63-3 (bug #862611) + NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15 + NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd +CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...) + - pcmanfm 1.2.5-3 (low; bug #862571) + [jessie] - pcmanfm (Minor issue) + [wheezy] - pcmanfm (Minor issue) + NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 +CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a ...) + - menu-cache 1.0.2-3 (low; bug #862570) + [jessie] - menu-cache (Minor issue) + [wheezy] - menu-cache (Minor issue) + NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce +CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause ...) + NOT-FOR-US: Larson VizEx Reader +CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...) + NOT-FOR-US: Halliburton LogView Pro +CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.16-1 (low) + NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8 +CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in th ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.16-1 (low) + NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e +CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through 7 ...) + - php7.1 (bug #881539) + - php7.0 (bug #881538) + [stretch] - php7.0 (Minor issue) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577 + NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122 +CVE-2017-8922 + RESERVED +CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows overwrit ...) + - flightgear 1:2016.4.4+dfsg-3 (bug #862689) + [jessie] - flightgear 3.0.0-5+deb8u2 + NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next) + NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4) + NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0) +CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...) + - cgiirc +CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...) + NOT-FOR-US: NetApp +CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...) + NOT-FOR-US: Dive Assistant +CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attac ...) + NOT-FOR-US: Joomla! +CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...) + NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard +CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) + NOT-FOR-US: SAP +CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...) + NOT-FOR-US: SAP +CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...) + NOT-FOR-US: SAP +CVE-2017-8912 (CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrato ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() func ...) + {DSA-3869-1 DLA-962-1} + - tnef 1.4.12-1.2 (bug #862442) + NOTE: https://github.com/verdammelt/tnef/issues/23 + NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/a686971a1f124d9ae18946b1844dbc2c1f30df10 +CVE-2017-8910 + RESERVED +CVE-2017-8909 + RESERVED +CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 all ...) + - ghostscript 9.22~dfsg-1 (unimportant) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. +CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not correc ...) + NOT-FOR-US: Atlassian Bamboo +CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 asse ...) + - x265 (Affected code is not enabled) + NOTE: https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common +CVE-2017-8902 + RESERVED +CVE-2017-8901 + RESERVED +CVE-2017-8900 (LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, ...) + - lightdm (No guest account support in Debian, cf. #661230) +CVE-2017-8899 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + NOT-FOR-US: Invision Power Services +CVE-2017-8898 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + NOT-FOR-US: Invision Power Services +CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...) + NOT-FOR-US: Invision Power Services +CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6 ...) + - owncloud +CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before bui ...) + NOT-FOR-US: Veritas +CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software upd ...) + NOT-FOR-US: AeroAdmin +CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...) + NOT-FOR-US: AeroAdmin +CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...) + NOT-FOR-US: OpenText Tempo Box +CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a mal ...) + - lepton 1.2.1+20170405-1 (bug #862446) + NOTE: https://github.com/dropbox/lepton/issues/87 + NOTE: https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346 +CVE-2017-8889 + RESERVED +CVE-2017-8888 + RESERVED +CVE-2017-8887 + RESERVED +CVE-2017-8886 + RESERVED +CVE-2017-8885 + RESERVED +CVE-2017-8884 + RESERVED +CVE-2017-8883 + RESERVED +CVE-2017-8882 + RESERVED +CVE-2017-8881 + RESERVED +CVE-2017-8880 + RESERVED +CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the c ...) + - dolibarr 5.0.4+dfsg3-1 (bug #863544) +CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...) + NOT-FOR-US: ASUS +CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 a ...) + NOT-FOR-US: ASUS +CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a +CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to c ...) + NOT-FOR-US: Symphony CMS +CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...) + NOT-FOR-US: Wordpress addon +CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1 ...) + NOT-FOR-US: Mautic +CVE-2017-8873 + RESERVED +CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 all ...) + {DLA-2369-1} + - libxml2 2.9.4+dfsg1-6.1 (bug #862450) + [jessie] - libxml2 (Minor issue) + [wheezy] - libxml2 (Minor issue) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200 + NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/123234f2cfcd9e9b9f83047eee1dc17b4c3f4407 +CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...) + - libcroco (bug #864666; low) + [buster] - libcroco (Minor issue) + [stretch] - libcroco (Minor issue) + [jessie] - libcroco (Minor issue) + [wheezy] - libcroco (Vulnerable code not present) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782649 +CVE-2017-8870 (Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execut ...) + NOT-FOR-US: AudioCoder +CVE-2017-8869 (Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to e ...) + NOT-FOR-US: MediaCoder +CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...) + NOT-FOR-US: flatCore +CVE-2017-8867 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) + NOT-FOR-US: Elemental Path's CogniToys Dino smart toys +CVE-2017-8866 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) + NOT-FOR-US: Elemental Path's CogniToys Dino smart toys +CVE-2017-8865 (Elemental Path's CogniToys Dino smart toys through firmware version 0. ...) + NOT-FOR-US: Elemental Path's CogniToys Dino smart toys +CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security optio ...) + NOT-FOR-US: Cohu +CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an ...) + NOT-FOR-US: Cohu +CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the firmwar ...) + NOT-FOR-US: Cohu +CVE-2017-8861 (Missing authentication for the remote configuration port 1236/tcp on t ...) + NOT-FOR-US: Cohu +CVE-2017-8860 (Information disclosure through directory listing on the Cohu 3960HD al ...) + NOT-FOR-US: Cohu +CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-8857 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and e ...) + NOT-FOR-US: Veritas NetBackup +CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...) + {DLA-969-1} + - tiff 4.0.7-7 (low; bug #862929) + [jessie] - tiff 4.0.3-12.3+deb8u5 + - tiff3 + [wheezy] - tiff3 (tiff tools are not built, can be fixed later) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d +CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...) + - gtk-vnc 0.4.3-1 + NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3) +CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a mal ...) + - wolfssl 3.12.0+dfsg-1 (bug #870170) + NOTE: Fixed upstream in 3.11.0, https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable +CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...) + - wolfssl 3.10.2+dfsg-1 +CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/ap ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...) + NOT-FOR-US: SAP +CVE-2017-8851 (An issue was discovered on OnePlus One and X devices. Due to a lenient ...) + NOT-FOR-US: OnePlus One +CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due t ...) + NOT-FOR-US: OnePlus One +CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by lever ...) + {DSA-3951-1 DLA-1002-1} + - smb4k 1.2.1-2 (bug #862505) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3 + NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt + NOTE: https://github.com/stealth/plasmapulsar + NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e + NOTE: smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce +CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a pa ...) + NOT-FOR-US: Allen Disk +CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (unimportant; bug #863145) + NOTE: https://github.com/ckolivas/lrzip/issues/67 + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/ + NOTE: Crash in CLI tool, no security implications +CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 all ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (bug #863150) + [jessie] - lrzip (Minor issue) + [wheezy] - lrzip (Minor issue) + NOTE: https://github.com/ckolivas/lrzip/issues/71 + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/ +CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lr ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (unimportant; bug #863151) + NOTE: https://github.com/ckolivas/lrzip/issues/68 + NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/ + NOTE: Crash in CLI tool, no security implications +CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (bug #863153) + [jessie] - lrzip (Minor issue) + [wheezy] - lrzip (Minor issue) + NOTE: https://github.com/ckolivas/lrzip/issues/70 + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/ + NOTE: https://github.com/ckolivas/lrzip/commit/dc57230636fe8da068674e1023b2f07c593ec21b (v0.640) +CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 al ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (unimportant; bug #863155) + NOTE: https://github.com/ckolivas/lrzip/issues/69 + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/ + NOTE: https://github.com/ckolivas/lrzip/commit/cd456aa70e1f9b6769454ab4f8198e1551c33c49 (v0.640) + NOTE: Crash in CLI tool, no security implications +CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrz ...) + {DLA-2725-1} + - lrzip 0.631+git180517-1 (unimportant; bug #863156) + NOTE: https://github.com/ckolivas/lrzip/issues/66 + NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/ + NOTE: https://github.com/ckolivas/lrzip/commit/38386bd482c0a8102a79958cb3eddcb97a167ca3 (v0.640) + NOTE: Crash in CLI tool, no security implications +CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, a ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, 71 ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devi ...) + NOT-FOR-US: Peplink Balance devices +CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...) + NOT-FOR-US: Peplink Balance devices +CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...) + NOT-FOR-US: OnePlus +CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a so ...) + {DLA-935-1} + - lxterminal 0.3.0-2 (low; bug #862098) + [jessie] - lxterminal 0.2.0-1+deb8u1 + NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 +CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 a ...) + - libcroco (bug #864666; low) + [buster] - libcroco (Minor issue) + [stretch] - libcroco (Minor issue) + [jessie] - libcroco (Minor issue) + [wheezy] - libcroco (Vulnerable code not present) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782647 +CVE-2017-8833 (Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: ...) + NOT-FOR-US: Zen Cart +CVE-2017-8832 (Allen Disk 1.6 has XSS in the id parameter to downfile.php.) + NOT-FOR-US: Allen Disk +CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus. ...) + {DLA-1200-1} + - linux 4.12.6-1 + [stretch] - linux 4.9.47-1 + [jessie] - linux 3.16.51-1 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559 +CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862637) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/467 +CVE-2017-8828 + RESERVED +CVE-2017-8827 (forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might a ...) + NOT-FOR-US: GenixCMS +CVE-2017-8826 (FastStone Image Viewer 6.2 has a "User Mode Write AV" issue, possibly ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling c ...) + - libetpan 1.6-3 (bug #862151) + [jessie] - libetpan (Minor issue) + [wheezy] - libetpan (Minor issue) + NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d + NOTE: https://github.com/dinhviethoa/libetpan/issues/274 +CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel t ...) + {DSA-4082-1 DSA-4073-1 DLA-1200-1} + - linux 4.14.7-1 + NOTE: http://lists.openwall.net/netdev/2017/12/04/224 + NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76 +CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) + {DSA-4054-1} + - tor 0.3.1.9-1 + [wheezy] - tor (Not supported in wheezy LTS) + NOTE: https://bugs.torproject.org/24313 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 +CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) + {DSA-4054-1} + - tor 0.3.1.9-1 + [wheezy] - tor (Not supported in wheezy LTS) + NOTE: https://bugs.torproject.org/21534 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 +CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) + {DSA-4054-1} + - tor 0.3.1.9-1 + [wheezy] - tor (Not supported in wheezy LTS) + NOTE: https://bugs.torproject.org/24246 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 +CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) + {DSA-4054-1} + - tor 0.3.1.9-1 + [wheezy] - tor (Not supported in wheezy LTS) + NOTE: https://bugs.torproject.org/24245 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 +CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 bef ...) + {DSA-4054-1} + - tor 0.3.1.9-1 + [wheezy] - tor (Not supported in wheezy LTS) + NOTE: https://bugs.torproject.org/24244 + NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516 +CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...) + - curl 7.57.0-1 + [stretch] - curl (Vulnerable code not present) + [jessie] - curl (Vulnerable code not present) + [wheezy] - curl (Vulnerable code not present) + NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html + NOTE: https://curl.haxx.se/CVE-2017-8818.patch +CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows rem ...) + {DSA-4051-1 DLA-1195-1} + - curl 7.57.0-1 + NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html + NOTE: https://curl.haxx.se/CVE-2017-8817.patch +CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on 3 ...) + {DSA-4051-1} + - curl 7.57.0-1 + [wheezy] - curl (Vulnerable code not present, introduced in 7.36.0) + NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html + NOTE: https://curl.haxx.se/CVE-2017-8816.patch +CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T119158 +CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28. ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T124404 +CVE-2017-8813 + REJECTED +CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T125163 +CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki bef ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T176247 +CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T134100 +CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x b ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T128209 +CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29. ...) + {DSA-4036-1} + - mediawiki 1:1.27.4-1 + [wheezy] - mediawiki (Not supported in wheezy LTS) + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html + NOTE: https://phabricator.wikimedia.org/T178451 +CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cach ...) + {DSA-4034-1} + - varnish 5.2.1-1 (bug #881808) + [jessie] - varnish (Vulnerable code not present, issue introduced in 4.1.0) + [wheezy] - varnish (Vulnerable code not present, issue introduced in 4.1.0) + NOTE: http://varnish-cache.org/security/VSV00002.html + NOTE: https://github.com/varnishcache/varnish-cache/pull/2429 + NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a +CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster scri ...) + {DSA-4029-1 DLA-1169-1} + - postgresql-common 188 +CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links opt ...) + - archvsync 20171017 + NOTE: https://www.openwall.com/lists/oss-security/2017/10/17/2 + NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016 +CVE-2017-1000041 + REJECTED +CVE-2017-1000040 + REJECTED +CVE-2017-1000019 + REJECTED +CVE-2016-1000393 + REJECTED +CVE-2016-1000373 + REJECTED +CVE-2016-1000372 + REJECTED +CVE-2016-1000371 + REJECTED +CVE-2016-1000370 + REJECTED +CVE-2016-1000369 + REJECTED +CVE-2016-1000368 + REJECTED +CVE-2016-1000367 + REJECTED +CVE-2016-1000366 + REJECTED +CVE-2016-1000365 + REJECTED +CVE-2016-1000364 + REJECTED +CVE-2016-1000363 + REJECTED +CVE-2016-1000362 + REJECTED +CVE-2016-1000361 + REJECTED +CVE-2016-1000360 + REJECTED +CVE-2016-1000338 (In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does no ...) + {DLA-1418-1} + - bouncycastle 1.56-1 + NOTE: https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0 +CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows attac ...) + - lintian 2.5.50.4 (bug #861958) + [jessie] - lintian (upstream/metadata check introduced in 2.5.41; vulnerable code not present) + [wheezy] - lintian (upstream/metadata check introduced in 2.5.41; vulnerable code not present) +CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...) + NOTE: This is not a vulnerability in glibc, but a bug in the application, see + NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and + NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html + NOTE: https://www.openwall.com/lists/oss-security/2017/05/05/2 + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461 +CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow use ...) + NOT-FOR-US: Notepad++ +CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) + NOT-FOR-US: Zimbra +CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Buil ...) + NOT-FOR-US: Trend Micro +CVE-2017-8800 + RESERVED +CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before 4. ...) + NOT-FOR-US: iRODS +CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v ...) + {DLA-2197-1 DLA-949-1} + - miniupnpc 1.9.20140610-3 (bug #862273) + NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md + NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229 +CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly v ...) + - linux 4.9.30-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1) +CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...) + - libpodofo 0.9.5-7 (bug #861738) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: Possible unspecified impact. Needs further analysis. + NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1851 +CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial o ...) + - pcre2 10.31-1 (unimportant; bug #861873) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2079 + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/ + NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697 +CVE-2017-8785 (FastStone Image Viewer 6.2 has a "Data from Faulting Address may be us ...) + NOT-FOR-US: FastStone Image Viewer +CVE-2017-8784 + REJECTED +CVE-2017-8783 (Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent ...) + NOT-FOR-US: Zimbra +CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming ...) + {DLA-980-1} + - ming + NOTE: https://github.com/libming/libming/issues/70 +CVE-2017-8781 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) + NOT-FOR-US: XnView +CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled durin ...) + NOT-FOR-US: GenixCMS +CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...) + - gitlab (SVG rendering feature introduced later, cf. bug #861870) + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471 +CVE-2017-8777 (Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: M ...) + NOT-FOR-US: Open-Xchange GmbH OX Cloud Plugins +CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through 1.0 ...) + {DSA-3845-1 DLA-937-1 DLA-936-1} + - rpcbind 0.2.3-0.6 (bug #861835) + - libtirpc 0.2.5-1.2 (bug #861834) + - ntirpc 1.4.4-1 (bug #861836) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/04/1 + NOTE: https://github.com/guidovranken/rpcbomb/ + NOTE: For rpcbind, 0.2.3-0.6 upload was based on Guido Vranken 's patch in + NOTE: https://github.com/guidovranken/rpcbomb/blob/master/rpcbind_patch.txt + NOTE: Upstream patch: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commit;h=7ea36eeece56b59f98e469934e4c20b4da043346 (rpcbind-0_2_5-rc1) + NOTE: Followup for typo: https://git.linux-nfs.org/?p=steved/rpcbind.git;a=commitdiff;h=c49a7ea639eb700823e174fd605bbbe183e229aa (rpcbind-0_2_5-rc2) +CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) + NOT-FOR-US: Quick Heal Internet Security +CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) + NOT-FOR-US: Quick Heal Internet Security +CVE-2017-8774 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) + NOT-FOR-US: Quick Heal Internet Security +CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10. ...) + NOT-FOR-US: Quick Heal Internet Security +CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...) + NOT-FOR-US: BE126 WIFI repeater +CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (w ...) + NOT-FOR-US: BE126 WIFI repeater +CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 device ...) + NOT-FOR-US: BE126 WIFI repeater +CVE-2017-8769 (Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD ca ...) + NOT-FOR-US: WhatsApp Messenger +CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command injecti ...) + NOT-FOR-US: Atlassian SourceTree +CVE-2017-8767 + REJECTED +CVE-2017-8766 (IrfanView version 4.44 (32bit) allows remote attackers to execute code ...) + NOT-FOR-US: IrfanView +CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5 ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862653) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/466 +CVE-2017-8764 + RESERVED +CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for ...) + NOT-FOR-US: EPESI +CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits ...) + NOT-FOR-US: GenixCMS +CVE-2017-8761 (In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, ...) + - swift 2.17.0-2 + [stretch] - swift (Minor issue) + [jessie] - swift (Not supported in Jessie LTS) + NOTE: https://bugs.launchpad.net/swift/+bug/1685798 +CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8758 (Microsoft Exchange Server 2016 allows an elevation of privilege vulner ...) + NOT-FOR-US: Microsoft +CVE-2017-8757 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8756 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8755 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8754 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8753 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8752 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Apache Atlas +CVE-2017-8751 (Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute ...) + NOT-FOR-US: Microsoft +CVE-2017-8750 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8749 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8748 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8747 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8746 (Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 ...) + NOT-FOR-US: Microsoft +CVE-2017-8745 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) + NOT-FOR-US: Microsoft +CVE-2017-8744 (A remote code execution vulnerability exists in Excel Services, Micros ...) + NOT-FOR-US: Microsoft +CVE-2017-8743 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8742 (A remote code execution vulnerability exists in Microsoft PowerPoint 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8741 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8740 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8739 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) + NOT-FOR-US: Microsoft +CVE-2017-8738 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8737 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...) + NOT-FOR-US: Microsoft +CVE-2017-8736 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8735 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8734 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8733 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8732 + RESERVED +CVE-2017-8731 (Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 al ...) + NOT-FOR-US: Microsoft +CVE-2017-8730 + RESERVED +CVE-2017-8729 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8728 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...) + NOT-FOR-US: Microsoft +CVE-2017-8727 (Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8726 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8725 (A remote code execution vulnerability exists in Microsoft Publisher 20 ...) + NOT-FOR-US: Microsoft +CVE-2017-8724 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...) + NOT-FOR-US: Microsoft +CVE-2017-8723 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8722 + RESERVED +CVE-2017-8721 + RESERVED +CVE-2017-8720 (The Microsoft Windows graphics component on Microsoft Windows Server 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8719 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8718 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8717 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8716 (Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows ...) + NOT-FOR-US: Microsoft +CVE-2017-8715 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, a ...) + NOT-FOR-US: Microsoft +CVE-2017-8714 (The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8713 (The Windows Hyper-V component on Microsoft Windows Windows 8.1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8712 (The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8711 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8710 (The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8709 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8708 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8707 (The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8706 (The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607 ...) + NOT-FOR-US: Microsoft +CVE-2017-8705 + RESERVED +CVE-2017-8704 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8703 (The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 ...) + NOT-FOR-US: Microsoft +CVE-2017-8702 (Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8701 + RESERVED +CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origi ...) + NOT-FOR-US: Microsoft +CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8698 + RESERVED +CVE-2017-8697 + RESERVED +CVE-2017-8696 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8695 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8694 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8693 (The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, 1 ...) + NOT-FOR-US: Microsoft +CVE-2017-8692 (The Windows Uniscribe component on Microsoft Windows 8.1, Windows Serv ...) + NOT-FOR-US: Microsoft +CVE-2017-8691 (Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacke ...) + NOT-FOR-US: Microsoft Windows +CVE-2017-8690 + RESERVED +CVE-2017-8689 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8688 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8687 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8686 (The Windows Server DHCP service in Windows Server 2012 Gold and R2, an ...) + NOT-FOR-US: Microsoft +CVE-2017-8685 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8684 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8683 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8682 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8681 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8680 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8679 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8678 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8677 (The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8676 (The Windows Graphics Device Interface (GDI) in Microsoft Windows Serve ...) + NOT-FOR-US: Microsoft +CVE-2017-8675 (The Windows Kernel-Mode Drivers component on Microsoft Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8674 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8673 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8672 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8671 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8670 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8669 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8668 (The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8667 + RESERVED +CVE-2017-8666 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8665 (The Xamarin.iOS update component on systems running macOS allows an at ...) + NOT-FOR-US: Xamarin.iOS +CVE-2017-8664 (Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windo ...) + NOT-FOR-US: Microsoft +CVE-2017-8663 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) + NOT-FOR-US: Microsoft +CVE-2017-8662 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disc ...) + NOT-FOR-US: Microsoft +CVE-2017-8661 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8660 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obta ...) + NOT-FOR-US: Microsoft +CVE-2017-8658 (A remote code execution vulnerability exists in the way that the Chakr ...) + NOT-FOR-US: Microsoft +CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8655 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8654 (Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site sc ...) + NOT-FOR-US: Microsoft +CVE-2017-8653 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8652 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8651 (Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Ser ...) + NOT-FOR-US: Microsoft +CVE-2017-8650 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to expl ...) + NOT-FOR-US: Microsoft +CVE-2017-8649 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...) + NOT-FOR-US: Microsoft +CVE-2017-8648 (Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to ...) + NOT-FOR-US: Microsoft +CVE-2017-8647 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) + NOT-FOR-US: Microsoft +CVE-2017-8646 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...) + NOT-FOR-US: Microsoft +CVE-2017-8645 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...) + NOT-FOR-US: Microsoft +CVE-2017-8644 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8643 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8642 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elev ...) + NOT-FOR-US: Microsoft +CVE-2017-8641 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8640 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Serve ...) + NOT-FOR-US: Microsoft +CVE-2017-8639 (Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allow ...) + NOT-FOR-US: Microsoft +CVE-2017-8638 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8637 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypa ...) + NOT-FOR-US: Microsoft +CVE-2017-8636 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8635 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: MIcrosoft +CVE-2017-8634 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8633 (Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-8632 (A remote code execution vulnerability exists in Microsoft Excel 2010 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8631 (A remote code execution vulnerability exists in Excel Services, Micros ...) + NOT-FOR-US: Microsoft +CVE-2017-8630 (Microsoft Office 2016 allows a remote code execution vulnerability whe ...) + NOT-FOR-US: Microsoft +CVE-2017-8629 (Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of ...) + NOT-FOR-US: Microsoft +CVE-2017-8628 (Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft Windows + NOTE: https://www.armis.com/blueborne/ +CVE-2017-8627 (Windows Subsystem for Linux in Windows 10 1703, allows a denial of ser ...) + NOT-FOR-US: Microsoft +CVE-2017-8626 + RESERVED +CVE-2017-8625 (Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Se ...) + NOT-FOR-US: Microsoft +CVE-2017-8624 (CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 ...) + NOT-FOR-US: Microsoft +CVE-2017-8623 (Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allo ...) + NOT-FOR-US: Microsoft +CVE-2017-8622 (Windows Subsystem for Linux in Windows 10 1703 allows an elevation of ...) + NOT-FOR-US: Microsoft +CVE-2017-8621 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) + NOT-FOR-US: Microsoft +CVE-2017-8620 (Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, W ...) + NOT-FOR-US: Microsoft +CVE-2017-8619 (Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8618 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8617 (Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code ...) + NOT-FOR-US: Microsoft +CVE-2017-8616 + RESERVED +CVE-2017-8615 + RESERVED +CVE-2017-8614 + RESERVED +CVE-2017-8613 (Azure AD Connect Password writeback, if misconfigured during enablemen ...) + NOT-FOR-US: Azure AD Connect Password writeback +CVE-2017-8612 + RESERVED +CVE-2017-8611 (Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8610 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exec ...) + NOT-FOR-US: Microsoft +CVE-2017-8609 (Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, ...) + NOT-FOR-US: Microsoft +CVE-2017-8608 (Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8. ...) + NOT-FOR-US: Microsoft +CVE-2017-8607 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...) + NOT-FOR-US: Microsoft +CVE-2017-8606 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...) + NOT-FOR-US: Microsoft +CVE-2017-8605 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8604 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...) + NOT-FOR-US: Microsoft +CVE-2017-8603 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windo ...) + NOT-FOR-US: Microsoft +CVE-2017-8602 (Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8601 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8600 + RESERVED +CVE-2017-8599 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8598 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8597 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...) + NOT-FOR-US: Microsoft +CVE-2017-8596 (Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Ser ...) + NOT-FOR-US: Microsoft +CVE-2017-8595 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8594 (Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8593 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8592 (Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 200 ...) + NOT-FOR-US: Microsoft +CVE-2017-8591 (Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 ...) + NOT-FOR-US: Microsoft +CVE-2017-8590 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8589 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8588 (Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 ...) + NOT-FOR-US: Microsoft +CVE-2017-8587 (Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8586 + RESERVED +CVE-2017-8585 (Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker ...) + NOT-FOR-US: Microsoft +CVE-2017-8584 (Windows 10 1607 and Windows Server 2016 allow an attacker to execute c ...) + NOT-FOR-US: Microsoft +CVE-2017-8583 + RESERVED +CVE-2017-8582 (HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8581 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8580 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8579 (The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...) + NOT-FOR-US: Microsoft +CVE-2017-8578 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8577 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...) + NOT-FOR-US: Microsoft +CVE-2017-8576 (The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...) + NOT-FOR-US: Microsoft +CVE-2017-8575 (The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows ...) + NOT-FOR-US: Windows +CVE-2017-8574 (Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 a ...) + NOT-FOR-US: Microsoft +CVE-2017-8573 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8572 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) + NOT-FOR-US: Microsoft +CVE-2017-8571 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outloo ...) + NOT-FOR-US: Microsoft +CVE-2017-8570 (Microsoft Office allows a remote code execution vulnerability due to t ...) + NOT-FOR-US: Microsoft +CVE-2017-8569 (Microsoft SharePoint Server allows an elevation of privilege vulnerabi ...) + NOT-FOR-US: Microsoft +CVE-2017-8568 + RESERVED +CVE-2017-8567 (A remote code execution vulnerability exists in Microsoft Excel for Ma ...) + NOT-FOR-US: Microsoft +CVE-2017-8566 (Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevat ...) + NOT-FOR-US: Microsoft +CVE-2017-8565 (Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8564 (Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8563 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8562 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, ...) + NOT-FOR-US: Microsoft +CVE-2017-8561 (Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and ...) + NOT-FOR-US: Microsoft +CVE-2017-8560 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) + NOT-FOR-US: Microsoft +CVE-2017-8559 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...) + NOT-FOR-US: Microsoft +CVE-2017-8558 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8557 (Windows System Information Console in Windows Server 2008 SP2 and R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8556 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8555 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to tric ...) + NOT-FOR-US: Microsoft +CVE-2017-8554 (The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows Se ...) + NOT-FOR-US: Microsoft +CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, ...) + NOT-FOR-US: Microsoft +CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2017-8550 (A remote code execution vulnerability exists in Skype for Business whe ...) + NOT-FOR-US: Microsoft +CVE-2017-8549 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8548 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8547 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8546 + RESERVED +CVE-2017-8545 (A spoofing vulnerability exists in when Microsoft Outlook for Mac does ...) + NOT-FOR-US: Microsoft +CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...) + NOT-FOR-US: Microsoft +CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...) + NOT-FOR-US: Microsoft +CVE-2017-8534 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8533 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8532 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8531 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8530 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8529 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 S ...) + NOT-FOR-US: Microsoft +CVE-2017-8528 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8527 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8526 + RESERVED +CVE-2017-8525 + RESERVED +CVE-2017-8524 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...) + NOT-FOR-US: Microsoft +CVE-2017-8523 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...) + NOT-FOR-US: Microsoft +CVE-2017-8522 (Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8521 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) + NOT-FOR-US: Microsoft +CVE-2017-8520 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) + NOT-FOR-US: Microsoft +CVE-2017-8519 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...) + NOT-FOR-US: Microsoft +CVE-2017-8518 (Microsoft Edge allows a remote code execution vulnerability due to the ...) + NOT-FOR-US: Microsoft +CVE-2017-8517 (Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Wi ...) + NOT-FOR-US: Microsoft +CVE-2017-8516 (Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, M ...) + NOT-FOR-US: Microsoft +CVE-2017-8515 (Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 all ...) + NOT-FOR-US: Microsoft +CVE-2017-8514 (An information disclosure vulnerability exists when Microsoft SharePoi ...) + NOT-FOR-US: Microsoft +CVE-2017-8513 (A remote code execution vulnerability exists in Microsoft PowerPoint w ...) + NOT-FOR-US: Microsoft +CVE-2017-8512 (A remote code execution vulnerability exists in Microsoft Office when ...) + NOT-FOR-US: Microsoft +CVE-2017-8511 (A remote code execution vulnerability exists in Microsoft Office when ...) + NOT-FOR-US: Microsoft +CVE-2017-8510 (A remote code execution vulnerability exists in Microsoft Office when ...) + NOT-FOR-US: Microsoft +CVE-2017-8509 (A remote code execution vulnerability exists in Microsoft Office when ...) + NOT-FOR-US: Microsoft +CVE-2017-8508 (A security feature bypass vulnerability exists in Microsoft Office sof ...) + NOT-FOR-US: Microsoft +CVE-2017-8507 (A remote code execution vulnerability exists in the way Microsoft Offi ...) + NOT-FOR-US: Microsoft +CVE-2017-8506 (A remote code execution vulnerability exists in Microsoft Office when ...) + NOT-FOR-US: Microsoft +CVE-2017-8505 + RESERVED +CVE-2017-8504 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...) + NOT-FOR-US: Microsoft +CVE-2017-8503 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8502 (Microsoft Office allows a remote code execution vulnerability due to t ...) + NOT-FOR-US: Microsoft +CVE-2017-8501 (Microsoft Office allows a remote code execution vulnerability due to t ...) + NOT-FOR-US: Microsoft +CVE-2017-8500 + RESERVED +CVE-2017-8499 (Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitr ...) + NOT-FOR-US: Microsoft +CVE-2017-8498 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 al ...) + NOT-FOR-US: Microsoft +CVE-2017-8497 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...) + NOT-FOR-US: Microsoft +CVE-2017-8496 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an at ...) + NOT-FOR-US: Microsoft +CVE-2017-8495 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8494 (Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 20 ...) + NOT-FOR-US: Microsoft +CVE-2017-8493 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8492 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8491 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8490 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8489 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker t ...) + NOT-FOR-US: Microsoft +CVE-2017-8486 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8484 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8483 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8482 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8481 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8480 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8479 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8478 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8477 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8476 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8475 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8474 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Win ...) + NOT-FOR-US: Microsoft +CVE-2017-8473 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows S ...) + NOT-FOR-US: Microsoft +CVE-2017-8472 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windo ...) + NOT-FOR-US: Microsoft +CVE-2017-8471 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8470 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8 ...) + NOT-FOR-US: Microsoft +CVE-2017-8469 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8468 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8467 (Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP ...) + NOT-FOR-US: Microsoft +CVE-2017-8466 (Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, Window ...) + NOT-FOR-US: Microsoft +CVE-2017-8465 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Wind ...) + NOT-FOR-US: Microsoft +CVE-2017-8464 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...) + NOT-FOR-US: Microsoft +CVE-2017-8463 (Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Wi ...) + NOT-FOR-US: Microsoft +CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...) + NOT-FOR-US: Microsoft +CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and W ...) + NOT-FOR-US: Microsoft +CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows R ...) + NOT-FOR-US: Microsoft +CVE-2017-8459 (Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection ...) + - brave-browser (bug #864795) +CVE-2017-8458 (Brave 0.12.4 has a URI Obfuscation issue in which a string such as htt ...) + - brave-browser (bug #864795) +CVE-2017-8457 + RESERVED +CVE-2017-8456 + RESERVED +CVE-2017-8455 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) + NOT-FOR-US: Foxit Reader +CVE-2017-8454 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) + NOT-FOR-US: Foxit Reader +CVE-2017-8453 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-b ...) + NOT-FOR-US: Foxit Reader +CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162 ...) + NOT-FOR-US: Opsview Monitor Pro +CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475 ...) + NOT-FOR-US: Opsview Monitor Pro +CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4. ...) + NOT-FOR-US: Proxmox Mail Gateway +CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Ga ...) + NOT-FOR-US: Proxmox Mail Gateway +CVE-2017-8452 (Kibana versions prior to 5.2.1 configured for SSL client access, file ...) + - kibana (bug #700337) +CVE-2017-8451 (With X-Pack installed, Kibana versions before 5.3.1 have an open redir ...) + NOT-FOR-US: Kibana addon +CVE-2017-8450 (X-Pack 5.1.1 did not properly apply document and field level security ...) + NOT-FOR-US: Kibana addon +CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than the user ...) + NOT-FOR-US: Kibana addon +CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting 5.0 ...) + - kibana (bug #700337) +CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enf ...) + NOT-FOR-US: X-Pack plugin for Kibana +CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and standal ...) + NOT-FOR-US: X-Pack plugin for Kibana +CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for versio ...) + NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch +CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0 ...) + NOT-FOR-US: Elastic Cloud Enterprise +CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ope ...) + NOT-FOR-US: Kibana X-Pack Security +CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, c ...) + NOT-FOR-US: Elastic X-Pack Security +CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not alwa ...) + NOT-FOR-US: Elastic X-Pack Security +CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vul ...) + - kibana (bug #700337) +CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...) + - kibana (bug #700337) +CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege es ...) + NOT-FOR-US: Elastic X-Pack Security +CVE-2017-8437 + RESERVED +CVE-2017-8436 + RESERVED +CVE-2017-8435 + RESERVED +CVE-2017-8434 + RESERVED +CVE-2017-8433 + RESERVED +CVE-2017-8432 + RESERVED +CVE-2017-8431 + RESERVED +CVE-2017-8430 + RESERVED +CVE-2017-8429 + RESERVED +CVE-2017-8428 + RESERVED +CVE-2017-8427 + RESERVED +CVE-2017-8426 + RESERVED +CVE-2017-8425 + RESERVED +CVE-2017-8424 + RESERVED +CVE-2017-8423 + RESERVED +CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to ...) + {DSA-3849-1 DLA-952-1} + - kauth 5.28.0-2 + - kde4libs 4:4.14.26-2 + NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/3 + NOTE: patch for kauth: https://github.com/KDE/kauth/commit/df875f725293af53399f5146362eb158b4f9216a + NOTE: patch for kde4libs: https://github.com/KDE/kdelibs/commit/264e97625abe2e0334f97de17f6ffb52582888ab + NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt +CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File Desc ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb +CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address ...) + - swftools (unimportant) + NOTE: No actionable information, just a crash report against a four year old release + NOTE: https://github.com/matthiaskramm/swftools/issues/41 +CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...) + - lame 3.99.5+repack1-7 + [wheezy] - lame 3.99.5+repack1-3+deb7u1 + NOTE: https://sourceforge.net/p/lame/bugs/458/ + NOTE: Issue addressed in Debian via: https://sources.debian.org/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/ + NOTE: in the revised version as included in 3.99.5+repack1-7 +CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are vulnerabl ...) + - kibana (bug #700337) +CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerabi ...) + - kibana (bug #700337) +CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not proper ...) + NOT-FOR-US: Kibana addon +CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, ...) + - logstash (bug #664841) +CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin when upda ...) + - logstash (bug #664841) +CVE-2016-10361 + REJECTED +CVE-2016-10360 + REJECTED +CVE-2016-10359 + REJECTED +CVE-2016-10358 + REJECTED +CVE-2016-10357 + REJECTED +CVE-2016-10356 + REJECTED +CVE-2016-10355 + REJECTED +CVE-2016-10354 + REJECTED +CVE-2016-10353 + REJECTED +CVE-2016-10352 + REJECTED +CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attac ...) + - kibana (bug #700337) +CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, ...) + {DSA-3847-1 DLA-964-1} + - xen 4.8.0~rc3-1 (bug #861662) + NOTE: https://xenbits.xen.org/xsa/advisory-215.html +CVE-2017-8904 (Xen through 4.8.x mishandles the "contains segment descriptors" proper ...) + {DSA-3847-1 DLA-964-1} + - xen 4.8.1-1+deb9u1 (bug #861660) + NOTE: https://xenbits.xen.org/xsa/advisory-214.html +CVE-2017-8903 (Xen through 4.8.x on 64-bit platforms mishandles page tables after an ...) + {DSA-3847-1 DLA-964-1} + - xen 4.8.1-1+deb9u1 (bug #861659) + NOTE: https://xenbits.xen.org/xsa/advisory-213.html +CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing loc ...) + - rubocop 0.49.1+dfsg-1 (bug #870852) + NOTE: https://github.com/bbatsov/rubocop/issues/4336 + NOTE: https://github.com/bbatsov/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7 +CVE-2017-8417 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) + NOT-FOR-US: D-Link +CVE-2017-8416 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) + NOT-FOR-US: D-Link +CVE-2017-8415 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) + NOT-FOR-US: D-Link +CVE-2017-8414 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...) + NOT-FOR-US: D-Link +CVE-2017-8413 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) + NOT-FOR-US: D-Link +CVE-2017-8412 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The d ...) + NOT-FOR-US: D-Link +CVE-2017-8411 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) + NOT-FOR-US: D-Link +CVE-2017-8410 (An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The b ...) + NOT-FOR-US: D-Link +CVE-2017-8409 (An issue was discovered on D-Link DCS-1130 devices. The device require ...) + NOT-FOR-US: D-Link +CVE-2017-8408 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) + NOT-FOR-US: D-Link +CVE-2017-8407 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) + NOT-FOR-US: D-Link +CVE-2017-8406 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) + NOT-FOR-US: D-Link +CVE-2017-8405 (An issue was discovered on D-Link DCS-1130 and DCS-1100 devices. The b ...) + NOT-FOR-US: D-Link +CVE-2017-8404 (An issue was discovered on D-Link DCS-1130 devices. The device provide ...) + NOT-FOR-US: D-Link +CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes and com ...) + NOT-FOR-US: 360fly +CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitrary P ...) + NOT-FOR-US: PivotX +CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...) + {DLA-995-1} + - swftools (unimportant; bug #861998) + NOTE: https://github.com/matthiaskramm/swftools/issues/14 + NOTE: https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2 + NOTE: Crash in CLI tool not considered a security issue +CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in th ...) + {DLA-995-1} + - swftools 0.9.2+git20130725-4.1 (bug #861693) + [jessie] - swftools (Minor issue) + NOTE: https://github.com/matthiaskramm/swftools/issues/13 + NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a +CVE-2017-8399 (PCRE2 before 10.30 has an out-of-bounds write caused by a stack-based ...) + - pcre2 (Did only affect revision after r670 upstream; not in a released version) + NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783 + NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674 +CVE-2017-8398 (dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21438 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 +CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21434 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2 +CVE-2017-8396 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21432 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab +CVE-2017-8395 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21431 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3 +CVE-2017-8394 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21414 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2 +CVE-2017-8393 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.28-5 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21412 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 +CVE-2017-8392 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils (Vulnerable code introduced later) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21409 + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250be783304bfe0429761c6e6b6b + NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3239a4231ff79bf8b67b8faaf414b1667486167c +CVE-2017-8391 (The OS Installation Management component in CA Client Automation r12.9 ...) + NOT-FOR-US: OS Installation Management component in CA Client Automation +CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7 ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-8389 + RESERVED +CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_U ...) + NOT-FOR-US: GeniXCMS +CVE-2017-8387 (STDU Viewer version 1.6.375 might allow user-assisted attackers to exe ...) + NOT-FOR-US: STDU Viewer +CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7 ...) + {DSA-3848-1 DLA-938-1} + - git 1:2.11.0-3 + NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html + NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html + NOTE: https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/ + NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5 +CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the URL in ...) + NOT-FOR-US: Craft CMS +CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array returned ...) + NOT-FOR-US: Craft CMS +CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the conte ...) + NOT-FOR-US: Craft CMS +CVE-2017-8382 (admidio 3.2.8 has CSRF in adm_program/modules/members/members_function ...) + NOT-FOR-US: admidio +CVE-2017-8381 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) + NOT-FOR-US: XnView Classic for Windows +CVE-2017-8380 (Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0 all ...) + - qemu 1:2.8+dfsg-5 (bug #862282) + [jessie] - qemu (Vulnerable code introduced later) + [wheezy] - qemu (Vulnerable code introduced later) + - qemu-kvm (Vulnerable code introduced later) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html + NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f +CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-5 (bug #862289) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc +CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in b ...) + - libpodofo 0.9.5-9 (bug #861597) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects + NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/ +CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.cont ...) + NOT-FOR-US: GeniXCMS +CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is m ...) + NOT-FOR-US: GeniXCMS +CVE-2017-8375 + RESERVED +CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b allo ...) + {DSA-4192-1 DLA-1380-1} + - libmad 0.15.1b-9 + NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/ + NOTE: The patch from #508133 fixed things related to this, but did not fix this. + NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch +CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...) + {DSA-4192-1 DLA-1380-1} + - libmad 0.15.1b-9 (bug #287519) + NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/ + NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it + NOTE: "Duplicate with"/basically same as CVE-2017-8372 + NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff +CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...) + {DSA-4192-1 DLA-1380-1} + - libmad 0.15.1b-9 (bug #287519) + NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/ + NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it + NOTE: "Duplicate" with/basically same as CVE-2017-8373 + NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff +CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses c ...) + NOT-FOR-US: Schneider Electric +CVE-2017-8370 (IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote atta ...) + NOT-FOR-US: IrfanView +CVE-2017-8369 (IrfanView version 4.44 (32bit) has a "Data from Faulting Address contr ...) + NOT-FOR-US: IrfanView +CVE-2017-8368 (Sublime Text 3 Build 3126 allows user-assisted attackers to cause a de ...) + - sublime-text (bug #682158) +CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...) + NOT-FOR-US: Ether Software +CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...) + {DSA-3874-1} + - ettercap 1:0.8.2-5 (bug #861604) + NOTE: https://github.com/Ettercap/ettercap/issues/792 + NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90 +CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote a ...) + {DLA-1618-1 DLA-956-1} + - libsndfile 1.0.27-3 (bug #862202) + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/ + NOTE: https://github.com/erikd/libsndfile/issues/230 + NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 +CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...) + {DLA-2189-1 DLA-955-1} + - rzip 2.1-4.1 (bug #861614) + NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/ + NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm +CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) + {DLA-1618-1 DLA-956-1} + - libsndfile 1.0.27-3 (bug #862203) + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/ + NOTE: https://github.com/erikd/libsndfile/issues/233 + NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 + NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8 +CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) + {DLA-1618-1 DLA-956-1} + - libsndfile 1.0.27-3 (bug #862204) + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/ + NOTE: https://github.com/erikd/libsndfile/issues/231 + NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808 +CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows re ...) + {DLA-1618-1 DLA-956-1} + - libsndfile 1.0.27-3 (bug #862205) + NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/ + NOTE: https://github.com/erikd/libsndfile/issues/232 + NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3 +CVE-2017-8360 (Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBo ...) + NOT-FOR-US: Conexant Systems mictray64 task +CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a h ...) + - grpc 1.3.2-0.1 + NOTE: https://github.com/grpc/grpc/pull/10353 + NOTE: Fixed by: https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7 +CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a h ...) + - libreoffice (Vulnerable code introduced on 2017-03-15; never in released version) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c + NOTE: Introduced by: https://github.com/LibreOffice/core/commit/ceb53ad9f34ae05d09f61845d581546eac0c6d60 +CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862636) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/453 +CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862635) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/449 +CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862634) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/450 +CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862633) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/451 +CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows at ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862632) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/454 +CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows atta ...) + {DSA-3863-1 DLA-1081-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862590) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/452 +CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862589) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/448 +CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862587) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/447 +CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862579) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/443 +CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862578) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/445 +CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862577) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/441 +CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862575) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/440 +CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862573) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/442 +CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862574) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/446 +CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows atta ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-7 (bug #862572) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/444 +CVE-2017-8341 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-8340 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a ...) + NOT-FOR-US: Panda Free Antivirus +CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an unauthentica ...) + NOT-FOR-US: MikroTik +CVE-2017-8337 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8336 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8335 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8334 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8333 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8332 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8331 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8330 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8329 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2017-8328 (An issue was discovered on Securifi Almond, Almond+, and Almond 2015 d ...) + NOT-FOR-US: Securifi +CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesk ...) + - telegram-desktop 1.1.19-2 + NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666 +CVE-2016-10350 (The archive_read_format_cab_read_header function in archive_read_suppo ...) + {DSA-4360-1 DLA-1600-1 DLA-1006-1} + - libarchive 3.2.2-3.1 (bug #861609) + NOTE: https://github.com/libarchive/libarchive/issues/835 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0) +CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 a ...) + {DSA-4360-1 DLA-1600-1 DLA-1006-1} + - libarchive 3.2.2-3.1 (bug #861609) + NOTE: https://github.com/libarchive/libarchive/issues/834 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0) +CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracl ...) + {DLA-2187-1 DLA-934-1} + - radicale 1.1.1+20160115-4 (bug #861514) + NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x) + NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master) +CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsene ...) + NOT-FOR-US: ImageWorsener +CVE-2017-8326 (libimageworsener.a in ImageWorsener before 1.3.1 has "left shift canno ...) + NOT-FOR-US: ImageWorsener +CVE-2017-8325 (The iw_process_cols_to_intermediate function in imagew-main.c in libim ...) + NOT-FOR-US: ImageWorsener +CVE-2017-8324 + RESERVED +CVE-2017-8323 + RESERVED +CVE-2017-8322 + RESERVED +CVE-2017-8321 + RESERVED +CVE-2017-8320 + RESERVED +CVE-2017-8319 + RESERVED +CVE-2017-8318 + RESERVED +CVE-2017-8317 + RESERVED +CVE-2017-8316 (IntelliJ IDEA XML parser was found vulnerable to XML External Entity a ...) + NOT-FOR-US: IntelliJ IDEA XML parser +CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier w ...) + - apktool 2.2.4-1 (low) + [stretch] - apktool (Minor issue) + NOTE: Upstream bug with details is restricted + NOTE: According to Red Hat only eclipse-andmore was affected but it was + NOTE: never shipped with Debian. Apktool is affected though. + NOTE: Possible fixes: https://github.com/iBotPeaches/Apktool/commit/f19317d87c316ed254aafa0a27eddd024e25ec6c + NOTE: https://github.com/iBotPeaches/Apktool/commit/657a44f5938b072898a0de913c03760210e0f4ed + NOTE: https://github.com/iBotPeaches/Apktool/commit/dbb144f9af5478c780e59c8b65036ae882595063 +CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 a ...) + {DLA-1243-1} + - kodi 2:17.1+dfsg1-3 (bug #863230) + - xbmc + [jessie] - xbmc (Minor issue) + NOTE: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ + NOTE: https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release + NOTE: Fixed by https://github.com/xbmc/xbmc/commit/35cfe35608b15335ef21d798947fceab3f47c8d7 +CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...) + {DSA-3899-1} + - vlc 2.2.5-1 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c +CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing chec ...) + {DSA-3899-1} + - vlc 2.2.6-1~deb9u1 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa +CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC befor ...) + {DSA-3899-1} + - vlc 2.2.5-1 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6 +CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...) + {DSA-3899-1} + - vlc 2.2.5.1-1~deb9u1 + [wheezy] - vlc (Not supported in wheezy LTS) + NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328 +CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows r ...) + {DLA-1497-1 DLA-1071-1 DLA-1070-1} + - qemu 1:2.8+dfsg-5 (bug #862280) + - qemu-kvm + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=3268a845f41253fb55852a8429c32b50f36f349a +CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...) + NOT-FOR-US: Avast Antivirus +CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...) + NOT-FOR-US: Avast Antivirus +CVE-2017-8306 + RESERVED +CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...) + NOT-FOR-US: Accellion FTA devices +CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ad ...) + NOT-FOR-US: Mura CMS +CVE-2017-8300 + RESERVED +CVE-2017-8299 + RESERVED +CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a "Pos ...) + NOT-FOR-US: cnvs.io Canvas +CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before 20 ...) + NOT-FOR-US: simple-file-manager +CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is w ...) + {DLA-925-1} + - kedpm (bug #860817) + [jessie] - kedpm 1.0+deb8u1 + NOTE: patch in BTS gives workaround to always prompt for password and do not save + NOTE: to database. + NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/9 +CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a password- ...) + {DSA-3870-1 DLA-975-1} + - wordpress 4.7.5+dfsg-2 (bug #862053) + NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html + NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html + NOTE: https://core.trac.wordpress.org/ticket/25239 + NOTE: https://core.trac.wordpress.org/changeset/48601 (5.5) +CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote attack ...) + - yara 3.6.0+dfsg-1 (bug #861590) + [stretch] - yara (Minor issue, too intrusive to backport) + [jessie] - yara (Minor issue, too intrusive to backport) + NOTE: https://github.com/VirusTotal/yara/issues/646 + NOTE: https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e +CVE-2017-8293 + RESERVED +CVE-2017-8292 + RESERVED +CVE-2017-8290 (A potential Buffer Overflow Vulnerability (from a BB Code handling iss ...) + - teamspeak-server + [wheezy] - teamspeak-server (non-free is not supported) +CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in sys/ ...) + NOT-FOR-US: RIOS OS +CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to rel ...) + - gnome-shell 3.22.3-3 + [jessie] - gnome-shell (Minor issue) + [wheezy] - gnome-shell (Minor issue) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781728 + NOTE: https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1 +CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a buffe ...) + - udfclient 0.8.8-1 (bug #861347) +CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_ ...) + - libressl (bug #754513) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/27/11 +CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remot ...) + {DSA-3838-1 DLA-932-1} + - ghostscript 9.20~dfsg-3.1 (bug #861295) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private) + NOTE: Full report viewable at: https://bugzilla.suse.com/show_bug.cgi?id=1036453 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3 +CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a he ...) + {DSA-3839-1 DLA-931-1} + - freetype 2.6.3-3.2 (bug #861308) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0 +CVE-2017-8286 + RESERVED +CVE-2017-8285 + RESERVED +CVE-2017-8284 (The disas_insn function in target/i386/translate.c in QEMU before 2.9. ...) + - qemu 1:2.10.0-1 (unimportant) + - qemu-kvm (unimportant) + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14 + NOTE: qemu issue without security implication per upstream +CVE-2017-8282 (XnView Classic for Windows Version 2.40 allows user-assisted remote at ...) + NOT-FOR-US: XnView Classic for Windows +CVE-2017-8281 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8280 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8279 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8276 (Improper authorization involving a fuse in TrustZone in snapdragon aut ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm Snapdrag ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl i ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android re ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8252 (Kernel can inject faults in computations during the execution of Trust ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8249 + REJECTED +CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS messag ...) + NOT-FOR-US: Qualcomm Telephony +CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF ...) + - linux (Android-specific patch) +CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while process ...) + - linux (Android-specific patch) +CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF ...) + - linux (Android-specific patch) +CVE-2017-8243 (A buffer overflow can occur in all Qualcomm products with Android for ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race condit ...) + - linux (Android-specific patch) +CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Android driver +CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel driv ...) + - linux 4.0.2-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, userspace-con ...) + NOT-FOR-US: Android driver +CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Android driver +CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Android driver +CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Android driver +CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory stru ...) + NOT-FOR-US: Android driver +CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of bou ...) + NOT-FOR-US: Android driver +CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...) + NOT-FOR-US: Android driver +CVE-2017-8232 + REJECTED +CVE-2017-8231 + RESERVED +CVE-2017-8230 (On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on th ...) + NOT-FOR-US: Amcrest +CVE-2017-8229 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenti ...) + NOT-FOR-US: Amcrest +CVE-2017-8228 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots w ...) + NOT-FOR-US: Amcrest +CVE-2017-8227 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout poli ...) + NOT-FOR-US: Amcrest +CVE-2017-8226 (Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default creden ...) + NOT-FOR-US: Amcrest +CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU pat ...) + - dpkg 1.18.24 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/20/2 +CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (con ...) + NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices +CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account ...) + NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices +CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the R ...) + NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices +CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an "Apple Production IOS ...) + NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices +CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunne ...) + NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices +CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) + NOT-FOR-US: TP-Link +CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) + NOT-FOR-US: TP-Link +CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032 ...) + NOT-FOR-US: TP-Link +CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 1 ...) + NOT-FOR-US: TP-Link +CVE-2017-8216 (Warsaw Huawei Smart phones with software of versions earlier than Wars ...) + NOT-FOR-US: Huawei +CVE-2017-8215 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...) + NOT-FOR-US: Huawei +CVE-2017-8214 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 Plus,Toron ...) + NOT-FOR-US: Huawei +CVE-2017-8213 (Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R00 ...) + NOT-FOR-US: Huawei +CVE-2017-8212 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) + NOT-FOR-US: Huawei +CVE-2017-8211 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) + NOT-FOR-US: Huawei +CVE-2017-8210 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) + NOT-FOR-US: Huawei +CVE-2017-8209 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) + NOT-FOR-US: Huawei +CVE-2017-8208 (The driver of honor 5C,honor 6x Huawei smart phones with software of v ...) + NOT-FOR-US: Huawei +CVE-2017-8207 (The driver of honor 5C, honor 6x Huawei smart phones with software of ...) + NOT-FOR-US: Huawei +CVE-2017-8206 (HONOR 7 Lite mobile phones with software of versions earlier than NEM- ...) + NOT-FOR-US: Huawei +CVE-2017-8205 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...) + NOT-FOR-US: Huawei +CVE-2017-8204 (The Bastet driver of Honor 9 Huawei smart phones with software of vers ...) + NOT-FOR-US: Huawei +CVE-2017-8203 (The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with softw ...) + NOT-FOR-US: Huawei +CVE-2017-8202 (The CameraISP driver of some Huawei smart phones with software of vers ...) + NOT-FOR-US: Huawei +CVE-2017-8201 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) + NOT-FOR-US: Huawei +CVE-2017-8200 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) + NOT-FOR-US: Huawei +CVE-2017-8199 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...) + NOT-FOR-US: Huawei +CVE-2017-8198 (FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability ...) + NOT-FOR-US: Huawei +CVE-2017-8197 (FusionSphere V100R006C00SPC102(NFV) has a command injection vulnerabil ...) + NOT-FOR-US: Huawei +CVE-2017-8196 (FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization vul ...) + NOT-FOR-US: Huawei +CVE-2017-8195 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...) + NOT-FOR-US: Huawei +CVE-2017-8194 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper auth ...) + NOT-FOR-US: Huawei +CVE-2017-8193 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command inject ...) + NOT-FOR-US: Huawei +CVE-2017-8192 (FusionSphere OpenStack V100R006C00 has an improper authorization vulne ...) + NOT-FOR-US: Huawei +CVE-2017-8191 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic ...) + NOT-FOR-US: Huawei +CVE-2017-8190 (FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verificat ...) + NOT-FOR-US: Huawei +CVE-2017-8189 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vuln ...) + NOT-FOR-US: Huawei +CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection v ...) + NOT-FOR-US: Huawei +CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege e ...) + NOT-FOR-US: Huawei +CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of earlier than ...) + NOT-FOR-US: Huawei +CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a p ...) + NOT-FOR-US: Huawei +CVE-2017-8184 (MTK platform in Huawei smart phones with software of earlier than Nice ...) + NOT-FOR-US: Huawei +CVE-2017-8183 (MTK platform in Huawei smart phones with software of earlier than Nice ...) + NOT-FOR-US: Huawei +CVE-2017-8182 (MTK platform in Huawei smart phones with software of earlier than Nice ...) + NOT-FOR-US: Huawei +CVE-2017-8181 (The camera driver of MTK platform in Huawei smart phones with software ...) + NOT-FOR-US: Huawei +CVE-2017-8180 (The camera driver of MTK platform in Huawei smart phones with software ...) + NOT-FOR-US: Huawei +CVE-2017-8179 (The camera driver of MTK platform in Huawei smart phones with software ...) + NOT-FOR-US: Huawei +CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones with software of earlier than ...) + NOT-FOR-US: Huawei +CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not support sig ...) + NOT-FOR-US: Huawei +CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 ver ...) + NOT-FOR-US: Huawei +CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier than Vic ...) + NOT-FOR-US: Huawei +CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001 ...) + NOT-FOR-US: Huawei +CVE-2017-8173 (Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart ...) + NOT-FOR-US: Huawei +CVE-2017-8172 (Isub service in P10 Plus and P10 smart phones with earlier than VKY-AL ...) + NOT-FOR-US: Huawei +CVE-2017-8171 (Huawei smart phones with software earlier than Vicky-AL00AC00B172D ver ...) + NOT-FOR-US: Huawei +CVE-2017-8170 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...) + NOT-FOR-US: Huawei +CVE-2017-8169 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...) + NOT-FOR-US: Huawei +CVE-2017-8168 (FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R0 ...) + NOT-FOR-US: Huawei +CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A ...) + NOT-FOR-US: Huawei +CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before Duke-A ...) + NOT-FOR-US: Huawei +CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...) + NOT-FOR-US: Huawei +CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...) + NOT-FOR-US: Huawei +CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...) + NOT-FOR-US: Huawei +CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, V200R008C ...) + NOT-FOR-US: Huawei +CVE-2017-8161 (EVA-L09 smartphones with software Earlier than EVA-L09C25B150CUSTC25D0 ...) + NOT-FOR-US: Huawei +CVE-2017-8160 (The Madapt Driver of some Huawei smart phones with software Earlier th ...) + NOT-FOR-US: Huawei +CVE-2017-8159 (Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019, ...) + NOT-FOR-US: Huawei +CVE-2017-8158 (FusionCompute V100R005C00 and V100R005C10 have an improper authorizati ...) + NOT-FOR-US: Huawei +CVE-2017-8157 (OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor ...) + NOT-FOR-US: Huawei +CVE-2017-8156 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...) + NOT-FOR-US: Huawei +CVE-2017-8155 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...) + NOT-FOR-US: Huawei +CVE-2017-8154 (The Themes App Honor 8 Lite Huawei mobile phones with software of vers ...) + NOT-FOR-US: Huawei +CVE-2017-8153 (Huawei VMall (for Android) with the versions before 1.5.8.5 have a pri ...) + NOT-FOR-US: Huawei +CVE-2017-8152 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...) + NOT-FOR-US: Huawei +CVE-2017-8151 (Huawei Honor 5S smart phones with software the versions before TAG-TL0 ...) + NOT-FOR-US: Huawei +CVE-2017-8150 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...) + NOT-FOR-US: Huawei +CVE-2017-8149 (The boot loaders of P10 and P10 Plus Huawei mobile phones with softwar ...) + NOT-FOR-US: Huawei +CVE-2017-8148 (Audio driver in P9 smartphones with software The versions before EVA-A ...) + NOT-FOR-US: Huawei +CVE-2017-8147 (AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software ...) + NOT-FOR-US: Huawei +CVE-2017-8146 (The call module of P10 and P10 Plus smartphones with software versions ...) + NOT-FOR-US: Huawei +CVE-2017-8145 (The call module of P10 and P10 Plus smartphones with software versions ...) + NOT-FOR-US: Huawei +CVE-2017-8144 (Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones ...) + NOT-FOR-US: Huawei +CVE-2017-8143 (Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software ...) + NOT-FOR-US: Huawei +CVE-2017-8142 (The Trusted Execution Environment (TEE) module driver of Mate 9 and Ma ...) + NOT-FOR-US: Huawei +CVE-2017-8141 (The Touch Panel (TP) driver in P10 Plus smart phones with software ver ...) + NOT-FOR-US: Huawei +CVE-2017-8140 (The soundtrigger driver in P9 Plus smart phones with software versions ...) + NOT-FOR-US: Huawei +CVE-2017-8139 (HedEx Earlier than V200R006C00 versions have the stored cross-site scr ...) + NOT-FOR-US: Huawei +CVE-2017-8138 (HedEx Earlier than V200R006C00 versions has a cross-site request forge ...) + NOT-FOR-US: Huawei +CVE-2017-8137 (HedEx Earlier than V200R006C00 versions has a dynamic link library (DL ...) + NOT-FOR-US: Huawei +CVE-2017-8136 (HedEx Earlier than V200R006C00 versions has an arbitrary file download ...) + NOT-FOR-US: Huawei +CVE-2017-8135 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) + NOT-FOR-US: Huawei +CVE-2017-8134 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) + NOT-FOR-US: Huawei +CVE-2017-8133 (Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a ...) + NOT-FOR-US: Huawei +CVE-2017-8132 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) + NOT-FOR-US: Huawei +CVE-2017-8131 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 h ...) + NOT-FOR-US: Huawei +CVE-2017-8130 (The UMA product with software V200R001 and V300R001 has an information ...) + NOT-FOR-US: Huawei +CVE-2017-8129 (The UMA product with software V200R001 and V300R001 has a privilege el ...) + NOT-FOR-US: Huawei +CVE-2017-8128 (The UMA product with software V200R001 and V300R001 has a privilege el ...) + NOT-FOR-US: Huawei +CVE-2017-8127 (The UMA product with software V200R001 has a cross-site scripting (XSS ...) + NOT-FOR-US: Huawei +CVE-2017-8126 (The UMA product with software V200R001 has a privilege elevation vulne ...) + NOT-FOR-US: Huawei +CVE-2017-8125 (The UMA product with software V200R001 and V300R001 has a cross-site s ...) + NOT-FOR-US: Huawei +CVE-2017-8124 (The UMA product with software V200R001 has a privilege elevation vulne ...) + NOT-FOR-US: Huawei +CVE-2017-8123 (The UMA product with software V200R001 has a privilege elevation vulne ...) + NOT-FOR-US: Huawei +CVE-2017-8122 (The UMA product with software V200R001 has a privilege elevation vulne ...) + NOT-FOR-US: Huawei +CVE-2017-8121 (The UMA product with software V200R001 and V300R001 has an information ...) + NOT-FOR-US: Huawei +CVE-2017-8120 (The UMA product with software V200R001 and V300R001 has a privilege el ...) + NOT-FOR-US: Huawei +CVE-2017-8119 (The UMA product with software V200R001 and V300R001 has a privilege el ...) + NOT-FOR-US: Huawei +CVE-2017-8118 (The UMA product with software V200R001 and V300R001 has an information ...) + NOT-FOR-US: Huawei +CVE-2017-8117 (The UMA product with software V200R001 and V300R001 has a privilege el ...) + NOT-FOR-US: Huawei +CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka LuCI) w ...) + NOT-FOR-US: Teltonika RUT9XX routers +CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...) + NOT-FOR-US: MODX +CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated us ...) + {DLA-933-1} + - roundcube 1.2.3+dfsg.1-4 (bug #861388) + NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.2.5 + NOTE: https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x) + NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.9 + NOTE: https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50 (1.1.x) + NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.0.11 + NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x) +CVE-2017-8113 + RESERVED +CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest O ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-5 (bug #861351) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1445621 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=f68826989cd4d1217797251339579c57b3c0934e +CVE-2017-8111 + RESERVED +CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 1069 ...) + NOT-FOR-US: modified eCommerce Shopsoftware +CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 co ...) + - salt 2016.11.5+ds-1 (bug #861219) + [stretch] - salt 2016.11.2+ds-1+deb9u2 + [jessie] - salt (Vulnerable code not present) + NOTE: https://github.com/saltstack/salt/issues/40075 + NOTE: https://github.com/saltstack/salt/pull/40609 + NOTE: https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151 +CVE-2017-8108 (Unspecified tests in Lynis before 2.5.0 allow local users to write to ...) + - lynis 2.5.0-1 (unimportant) + [wheezy] - lynis (Vulnerable code do not exist) + NOTE: Neutralised by kernel hardening +CVE-2017-8107 + RESERVED +CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3 ...) + - linux 3.16.2-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4) +CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a he ...) + {DSA-3839-1 DLA-918-1} + - freetype 2.6.3-3.2 (bug #861220) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935 +CVE-2017-8104 (In MyBB before 1.8.11, the smilie module allows Directory Traversal vi ...) + NOT-FOR-US: MyBB +CVE-2017-8103 (In MyBB before 1.8.11, the Email MyCode component allows XSS, as demon ...) + NOT-FOR-US: MyBB +CVE-2017-8102 (Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admi ...) + - serendipity +CVE-2017-8101 (There is CSRF in Serendipity 2.0.5, allowing attackers to install any ...) + - serendipity +CVE-2017-8100 (There is CSRF in the CopySafe Web Protection plugin before 2.6 for Wor ...) + NOT-FOR-US: CopySafe Web Protection plugin +CVE-2017-8099 (There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing ...) + NOT-FOR-US: WHIZZ plugin for Wordpress +CVE-2017-8098 (e107 2.1.4 is vulnerable to cross-site request forgery in plugin-insta ...) + NOT-FOR-US: e107 +CVE-2017-8097 + RESERVED +CVE-2017-8096 + RESERVED +CVE-2017-8095 + RESERVED +CVE-2017-8094 + RESERVED +CVE-2017-8093 + RESERVED +CVE-2017-8092 + RESERVED +CVE-2017-8091 + RESERVED +CVE-2017-8090 + RESERVED +CVE-2017-8089 + RESERVED +CVE-2017-8088 + RESERVED +CVE-2017-8087 (Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with ...) + NOT-FOR-US: AVM +CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in Q ...) + {DLA-1497-1 DLA-1035-1 DLA-965-1} + - qemu 1:2.8+dfsg-5 (bug #861348) + - qemu-kvm + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4) + NOTE: Introduced possibly by the fix d10142c11bdcecebe97fd834a834167053b7a05c to + NOTE: partially fix CVE-2016-9602. +CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...) + NOT-FOR-US: Exponent CMS +CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds c ...) + {DSA-3945-1 DLA-1099-1} + - linux 4.9.30-1 (low) + NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2) + NOTE: https://alephsecurity.com/vulns/aleph-2017023 +CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status pac ...) + NOT-FOR-US: OpenDaylight +CVE-2017-1000360 (StreamCorruptedException and NullPointerException in OpenDaylight odl- ...) + NOT-FOR-US: OpenDaylight +CVE-2017-1000359 (Java out of memory error and significant increase in resource consumpt ...) + NOT-FOR-US: OpenDaylight +CVE-2017-1000358 (Controller throws an exception and does not allow user to add subseque ...) + NOT-FOR-US: OpenDaylight +CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets fr ...) + NOT-FOR-US: OpenDaylight +CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) + - jenkins +CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) + - jenkins +CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) + - jenkins +CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ar ...) + - jenkins +CVE-2017-8084 + RESERVED +CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 ...) + NOT-FOR-US: CompuLab Intense PC and MintBox 2 devices +CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, whic ...) + NOT-FOR-US: concrete5 +CVE-2017-8081 (Poor cryptographic salt initialization in admin/inc/template_functions ...) + NOT-FOR-US: GetSimple CMS +CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated user ...) + NOT-FOR-US: HipChat +CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...) + - linux (Fixed before src:linux-2.6 -> src:linux rename) + NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2) +CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6. ...) + - linux (Fixed before src:linux-2.6 -> src:linux rename) + NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6) +CVE-2017-8079 + RESERVED +CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested rem ...) + NOT-FOR-US: TP-Link +CVE-2017-8077 (On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a l ...) + NOT-FOR-US: TP-Link +CVE-2017-8076 (On the TP-Link TL-SG108E 1.0, admin network communications are RC4 enc ...) + NOT-FOR-US: TP-Link +CVE-2017-8075 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...) + NOT-FOR-US: TP-Link +CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve credent ...) + NOT-FOR-US: TP-Link +CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via D ...) + {DSA-3836-1 DLA-919-1} + - weechat 1.7-3 (bug #861121) + [stretch] - weechat 1.6-1+deb9u1 + NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b +CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c i ...) + - linux 4.9.10-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/8e9faa15469ed7c7467423db4c62aeed3ff4cae3 +CVE-2017-8071 (drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a ...) + - linux 4.9.10-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/7a7b5df84b6b4e5d599c7289526eed96541a0654 +CVE-2017-8070 (drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interac ...) + - linux 4.9.13-1 + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478 +CVE-2017-8069 (drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 inte ...) + - linux 4.9.13-1 + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/7926aff5c57b577ab0f43364ff0c59d968f6a414 +CVE-2017-8068 (drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 inte ...) + - linux 4.9.10-1 (bug #852556) + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/5593523f968bc86d42a035c6df47d5e0979b5ace +CVE-2017-8067 (drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x bef ...) + - linux 4.9.25-1 + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/c4baad50297d84bde1a7ad45e50c73adae4a2192 +CVE-2017-8066 (drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x befo ...) + - linux 4.9.16-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/c919a3069c775c1c876bec55e00b2305d5125caa +CVE-2017-8065 (crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 inte ...) + - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032 +CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...) + {DSA-3886-1} + - linux 4.9.25-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a +CVE-2017-8063 (drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x ...) + - linux 4.9.25-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/3f190e3aec212fc8c61e202c51400afa7384d4bc +CVE-2017-8062 (drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10. ...) + - linux 4.9.16-1 + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/606142af57dad981b78707234cfbd15f9f7b7125 +CVE-2017-8061 (drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x ...) + - linux 4.9.25-1 + [jessie] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9-rc1 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef +CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Se ...) + NOT-FOR-US: Panda +CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF ...) + NOT-FOR-US: Foxit +CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipCha ...) + NOT-FOR-US: HipChat +CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...) + NOT-FOR-US: Joomla! +CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...) + NOT-FOR-US: WatchGuard +CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML- ...) + NOT-FOR-US: WatchGuard +CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...) + - libpodofo 0.9.5-9 (bug #860995) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: The motivation for no-dsa in wheezy is that there are no known + NOTE: services that use this library (apart from desktop applications) + NOTE: and the worst case is a DoS. + NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/ + NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1872 + NOTE: partially reverted in: https://sourceforge.net/p/podofo/code/1881 + NOTE: ... and re-fixed in: https://sourceforge.net/p/podofo/code/1882 + NOTE: and https://sourceforge.net/p/podofo/code/1883 +CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack co ...) + - libpodofo 0.9.6+dfsg-3 (bug #860994) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: http://openwall.com/lists/oss-security/2017/04/22/1 + NOTE: https://sourceforge.net/p/podofo/tickets/7/ + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1834 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1924 +CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks.) + NOT-FOR-US: Craft CMS +CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...) + NOT-FOR-US: Tenable Appliance +CVE-2017-8050 (Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the We ...) + NOT-FOR-US: Tenable Appliance +CVE-2017-8049 + REJECTED +CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42 ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8046 (Malicious PATCH requests submitted to servers using Spring Data REST v ...) + NOT-FOR-US: Spring Data REST +CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an ...) + NOT-FOR-US: Spring AMQP +CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1 ...) + NOT-FOR-US: Pivotal SSO +CVE-2017-8043 + REJECTED +CVE-2017-8042 + REJECTED +CVE-2017-8041 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...) + NOT-FOR-US: Pivotal +CVE-2017-8040 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...) + NOT-FOR-US: Pivotal +CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through 2.4.5. Appl ...) + NOT-FOR-US: Spring Web Flow +CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0, access cont ...) + NOT-FOR-US: Cloud Foundry Foundation Credhub-release +CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and pri ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8035 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ve ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8033 (An issue was discovered in the Cloud Controller API in Cloud Foundry F ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ve ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release (all ve ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-8030 + REJECTED +CVE-2017-8029 + REJECTED +CVE-2017-8028 (In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some ...) + {DSA-4046-1 DLA-1180-1} + - libspring-ldap-java + NOTE: https://pivotal.io/security/cve-2017-8028 + NOTE: https://github.com/spring-projects/spring-ldap/issues/430 +CVE-2017-8027 + REJECTED +CVE-2017-8026 + REJECTED +CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary f ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2 ...) + NOT-FOR-US: EMC +CVE-2017-8023 (EMC NetWorker may potentially be vulnerable to an unauthenticated remo ...) + NOT-FOR-US: EMC +CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all suppor ...) + NOT-FOR-US: EMC +CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an undocumen ...) + NOT-FOR-US: EMC Elastic Cloud Storage +CVE-2017-8020 (An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow vuln ...) + NOT-FOR-US: EMC +CVE-2017-8019 (An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in mes ...) + NOT-FOR-US: EMC +CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only ...) + NOT-FOR-US: EMC AppSync +CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9 ...) + NOT-FOR-US: EMC Network Configuration Manager +CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-s ...) + NOT-FOR-US: RSA Archer GRC Platform +CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection vulne ...) + NOT-FOR-US: EMC +CVE-2017-8014 + REJECTED +CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before pat ...) + NOT-FOR-US: EMC Data Protection Adv +CVE-2017-8012 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Sol ...) + NOT-FOR-US: EMC +CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&R, EMC VNX M&R, EMC M&R for SAS Solution P ...) + NOT-FOR-US: EMC +CVE-2017-8010 + REJECTED +CVE-2017-8009 + REJECTED +CVE-2017-8008 + REJECTED +CVE-2017-8007 (In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Sol ...) + NOT-FOR-US: EMC +CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malic ...) + NOT-FOR-US: EMC +CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...) + NOT-FOR-US: EMC +CVE-2017-8004 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and G ...) + NOT-FOR-US: EMC +CVE-2017-8003 (EMC Data Protection Advisor prior to 6.4 contains a path traversal vul ...) + NOT-FOR-US: EMC Data Protection Advisor +CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL i ...) + NOT-FOR-US: EMC Data Protection Advisor +CVE-2017-8001 (An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment ...) + NOT-FOR-US: EMC +CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...) + NOT-FOR-US: EMC +CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote au ...) + NOT-FOR-US: Atlassian Eucalyptus +CVE-2017-7998 (Multiple cross-site scripting (XSS) vulnerabilities in Gespage before ...) + NOT-FOR-US: Gespage +CVE-2017-7997 (Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow r ...) + NOT-FOR-US: Gespage +CVE-2017-7996 + RESERVED +CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges ...) + {DLA-964-1} + - xen 4.3.0-1 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033948 +CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoD ...) + - libpodofo 0.9.5-7 (bug #860930) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://github.com/icepng/PoC/tree/master/PoC1 + NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/ + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849 +CVE-2017-7993 + RESERVED +CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2 ...) + NOT-FOR-US: Heartland Payment Systems Payment Gateway PHP SDK +CVE-2016-10348 + RESERVED +CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serializ ...) + NOT-FOR-US: Exponent CMS +CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resul ...) + NOT-FOR-US: OpenMRS +CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...) + NOT-FOR-US: Joomla! +CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) + NOT-FOR-US: Joomla! +CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping o ...) + NOT-FOR-US: Joomla! +CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) + NOT-FOR-US: Joomla! +CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) + NOT-FOR-US: Joomla! +CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...) + NOT-FOR-US: Joomla! +CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the J ...) + NOT-FOR-US: Joomla! +CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in libimob ...) + {DLA-2168-1} + - libplist 1.12+git+1+e37ca00-0.3 (bug #860945) + [wheezy] - libplist (Minor issue) + NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325 + NOTE: https://github.com/libimobiledevice/libplist/issues/103 + NOTE: The issue seems covered in prior versions of upstream dccd9290745345896e3a4a73154576a599fd8b7b + NOTE: which is CVE-2017-6440. +CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 Synt ...) + NOT-FOR-US: Enalean Tuleap +CVE-2017-7980 (Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick E ...) + {DLA-1497-1 DLA-1035-1 DLA-939-1} + - qemu 1:2.8+dfsg-4 + - qemu-kvm + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ffaf857778286ca54e3804432a2369a279e73aa7 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f019722cbbb45aea153294fc8921fcc96a4d3fa2 +CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software a ...) + NOT-FOR-US: Samsung +CVE-2017-7979 (The cookie feature in the packet action API implementation in net/sche ...) + - linux (Only affects 4.11-rc1 onwards) +CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers t ...) + NOT-FOR-US: Screensavercc component in eLux RP +CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...) + {DSA-3855-1 DLA-942-1} + - jbig2dec 0.13-4.1 (bug #860787) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d +CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds wr ...) + {DSA-3855-1 DLA-942-1} + - jbig2dec 0.13-4.1 (bug #860788) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b +CVE-2017-7974 (A path traversal information disclosure vulnerability exists in Schnei ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1. ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure Gatewa ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider Ele ...) + NOT-FOR-US: Schneider +CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...) + NOT-FOR-US: Schneider +CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...) + NOT-FOR-US: Schneider +CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software executa ...) + NOT-FOR-US: Schneider +CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the r ...) + NOT-FOR-US: Zyxel +CVE-2017-7963 (The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP ...) + NOTE: PHP non-issue, might get rejected +CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7961 (The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0 ...) + {DLA-909-1} + - libcroco 0.6.11-3 (bug #860961) + [jessie] - libcroco (Minor issue; will be fixed via point release) + NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ + NOTE: https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 +CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 an ...) + {DLA-909-1} + - libcroco 0.6.11-3 (bug #860961) + [jessie] - libcroco (Minor issue; will be fixed via point release) + NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/ + NOTE: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394 +CVE-2017-7959 + RESERVED +CVE-2017-7958 + RESERVED +CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used ...) + {DSA-3841-1 DLA-930-1} + - libxstream-java 1.4.9-2 (bug #861521) + NOTE: https://x-stream.github.io/CVE-2017-7957.html + NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be +CVE-2017-7956 + RESERVED +CVE-2017-7955 + RESERVED +CVE-2017-7954 + RESERVED +CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields.) + NOT-FOR-US: INFOR EAM +CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search fields, rela ...) + NOT-FOR-US: INFOR EAM +CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspe ...) + NOT-FOR-US: WonderCMS +CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...) + NOT-FOR-US: Nitro Pro +CVE-2017-7949 + RESERVED +CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.2 ...) + - ghostscript 9.22~dfsg-1 (unimportant) + [jessie] - ghostscript (Vulnerable code not present) + [wheezy] - ghostscript (Vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699 + NOTE: edgebuffer scan converter was made default only in: https://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308 + NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present. +CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 be ...) + NOT-FOR-US: NetApp +CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...) + NOT-FOR-US: aescrypt gem for Ruby +CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...) + - radare2 1.1.0+dfsg-5 (low; bug #860962) + [jessie] - radare2 (Minor issue) + [wheezy] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/issues/7301 + NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92 +CVE-2017-7945 (The GlobalProtect external interface in Palo Alto Networks PAN-OS befo ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...) + NOT-FOR-US: XOOPS +CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remot ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/427 +CVE-2017-7942 (The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remot ...) + - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860735) + [jessie] - imagemagick (Vulnerable code not present, does not use pixel_info yet) + [wheezy] - imagemagick (Vulnerable code not present, does not use pixel_info yet) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/429 +CVE-2017-7941 (The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remot ...) + {DSA-3863-1 DLA-960-1} + - imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860734) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/428 +CVE-2017-7940 (The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...) + NOT-FOR-US: DMitry +CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact Gmb ...) + NOT-FOR-US: Phoenix Contact +CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.M ...) + NOT-FOR-US: NXP i.MX devices +CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGu ...) + NOT-FOR-US: Phoenix Contact +CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...) + NOT-FOR-US: OSIsoft +CVE-2017-7933 (In ABB IP GATEWAY 3.39 and prior, some configuration files contain pas ...) + NOT-FOR-US: ABB +CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...) + NOT-FOR-US: NXP i.MX devices +CVE-2017-7931 (In ABB IP GATEWAY 3.39 and prior, by accessing a specific uniform reso ...) + NOT-FOR-US: ABB +CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server 2 ...) + NOT-FOR-US: OSIsoft +CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer Engineer ...) + NOT-FOR-US: Schweitzer Engineering Laboratories Security Gateway +CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue wa ...) + NOT-FOR-US: Dahua +CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web AP ...) + NOT-FOR-US: OSIsoft +CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua DH-IPC- ...) + NOT-FOR-US: Dahua +CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell Automati ...) + NOT-FOR-US: Rockwell +CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision DS- ...) + NOT-FOR-US: Hikvision +CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium Netwo ...) + NOT-FOR-US: Cambium Networks ePMP +CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision DS-2CD2xx ...) + NOT-FOR-US: Hikvision +CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi Log ...) + NOT-FOR-US: ABB WiFi Logger Card +CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...) + NOT-FOR-US: Newport +CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks eP ...) + NOT-FOR-US: Cambium Networks ePMP +CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell G3110 ...) + NOT-FOR-US: Moxa +CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...) + NOT-FOR-US: ABB WiFi Logger Card +CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...) + NOT-FOR-US: Moxa +CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation Pa ...) + NOT-FOR-US: Rockwell Rockwell PanelView Plus +CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...) + NOT-FOR-US: Moxa +CVE-2017-7912 (Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v ...) + NOT-FOR-US: Hanwha Techwin firmware +CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...) + NOT-FOR-US: CyberVision Kaa IoT Platform +CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal St ...) + NOT-FOR-US: Digital Canal Structural Wind Analysis +CVE-2017-7909 (A Use of Client-Side Authentication issue was discovered in Advantech ...) + NOT-FOR-US: Advantech +CVE-2017-7908 (A heap-based buffer overflow exists in the third-party product Gigasof ...) + NOT-FOR-US: Gigasoft +CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...) + NOT-FOR-US: Schneider +CVE-2017-7906 (In ABB IP GATEWAY 3.39 and prior, the web server does not sufficiently ...) + NOT-FOR-US: ABB +CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in General Elec ...) + NOT-FOR-US: General Electric +CVE-2017-7904 + RESERVED +CVE-2017-7903 (A Weak Password Requirements issue was discovered in Rockwell Automati ...) + NOT-FOR-US: Rockwell Automation +CVE-2017-7902 (A "Reusing a Nonce, Key Pair in Encryption" issue was discovered in Ro ...) + NOT-FOR-US: Rockwell Automation +CVE-2017-7901 (A Predictable Value Range from Previous Values issue was discovered in ...) + NOT-FOR-US: Rockwell Automation +CVE-2017-7900 + RESERVED +CVE-2017-7899 (An Information Exposure issue was discovered in Rockwell Automation Al ...) + NOT-FOR-US: Rockwell Automation +CVE-2017-7898 (An Improper Restriction of Excessive Authentication Attempts issue was ...) + NOT-FOR-US: Rockwell Automation +CVE-2017-7897 (A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x befo ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) +CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) + NOT-FOR-US: Trend Micro +CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.25-1 + NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309 +CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used duri ...) + - passenger 6.0.10-1 (unimportant) + NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441 + NOTE: Source present, but passenger-install-nginx-module not installed +CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party TEE ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer un ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some validati ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt w ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a dynamically ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive s ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack protect ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo St ...) + NOT-FOR-US: Synology Photo Station +CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID progra ...) + NOT-FOR-US: Synology Photo Station +CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...) + NOT-FOR-US: Synology Photo Station +CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory a ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the Hyperviso ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some interfac ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access contro ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a Time-of-che ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ov ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a vulnerabili ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code via ...) + NOT-FOR-US: WinDjView +CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can impers ...) + - salt 2016.11.5+ds-1 + [stretch] - salt (Minor issue) + [jessie] - salt (Vulnerable code introduced later, but older versions did not verify master anyways) + NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html + NOTE: https://github.com/saltstack/salt/issues/48939 + NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40159.patch + NOTE: https://patch-diff.githubusercontent.com/raw/saltstack/salt/pull/40206.patch + NOTE: The behaviour though was back off by default in a later commit again + NOTE: cf. https://github.com/saltstack/salt/pull/40206 + NOTE: The fix is the second part of the #40159 PR, but the behaviour is turned + NOTE: off by default and needs considerations of admins before enabling. We still + NOTE: consider the issue as fixed starting with this change. Details in + NOTE: https://github.com/saltstack/salt/issues/48939#issuecomment-410777638 +CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to ...) + - capnproto 0.6.1-1 (unimportant; bug #860960) + NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md + NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4 + NOTE: So far only Apple's compiler has been shown to apply the problematic optimization, fixed in 0.5.3.1 upstream +CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via th ...) + NOT-FOR-US: SourceBans++ +CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in th ...) + {DSA-3938-1 DLA-1055-1} + - php7.1 7.1.8-1 (unimportant) + - php7.0 7.0.22-1 (unimportant) + - php5 (unimportant) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74435 + NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 + - libgd2 2.2.5-1 (bug #869263) + NOTE: https://github.com/libgd/libgd/issues/399 + NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424 +CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...) + - dolibarr 5.0.4+dfsg3-1 (bug #863544) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 +CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall p ...) + - dolibarr 5.0.4+dfsg3-1 (bug #863544) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 +CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css. ...) + - dolibarr 5.0.4+dfsg3-1 (bug #863544) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/10/6 +CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to den ...) + {DSA-3855-1 DLA-942-1} + - jbig2dec 0.13-4.1 (bug #860460) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15 +CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default i ...) + - apcupsd (Only APC UPS Daemon on Windows) +CVE-2017-7889 (The mm subsystem in the Linux kernel through 3.2 does not properly enf ...) + {DSA-3945-1 DLA-1099-1} + - linux 4.9.25-1 + NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7) +CVE-2017-7883 + RESERVED +CVE-2017-7882 (LibreOffice before 2017-03-14 has an out-of-bounds write related to th ...) + - libreoffice (Vulnerable code not present in any release) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c +CVE-2017-7881 (BigTree CMS through 4.2.17 relies on a substring check for CSRF protec ...) + NOT-FOR-US: BigTree CMS +CVE-2017-7880 + RESERVED +CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...) + NOT-FOR-US: flatCore +CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an attack ...) + NOT-FOR-US: flatCore +CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers t ...) + NOT-FOR-US: flatCore +CVE-2017-7876 (This command injection vulnerability in QTS allows attackers to run ar ...) + NOT-FOR-US: QNAP QTS +CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends t ...) + {DLA-2219-1 DLA-899-1} + - feh 2.18-2 (low; bug #860367) + NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d +CVE-2017-7874 + REJECTED +CVE-2017-7873 + RESERVED +CVE-2017-7872 + RESERVED +CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: trollepierre/tdm +CVE-2016-1000259 + REJECTED +CVE-2016-1000258 + REJECTED +CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a h ...) + {DSA-3837-1 DLA-910-1} + - libreoffice 1:5.2.5-1 + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722 +CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integ ...) + - gnutls28 3.5.8-4 + [jessie] - gnutls28 3.3.8-6+deb8u5 + - gnutls26 + [wheezy] - gnutls26 (Minor issue) + NOTE: OpenPGP-related issue + NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3 +CVE-2017-7868 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...) + {DSA-3830-1 DLA-947-1} + - icu 57.1-6 (bug #860314) + NOTE: http://bugs.icu-project.org/trac/changeset/39671 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437 +CVE-2017-7867 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...) + {DSA-3830-1 DLA-947-1} + - icu 57.1-6 (bug #860314) + NOTE: http://bugs.icu-project.org/trac/changeset/39671 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 +CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack- ...) + - ffmpeg 7:3.2.4-1 + - libav + [jessie] - libav (vulnerable code not present) + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264 +CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-b ...) + {DLA-1654-1} + - ffmpeg 7:3.2.4-1 + - libav + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb +CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a he ...) + - freetype (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313) + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509 +CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-b ...) + {DLA-1654-1} + - ffmpeg 7:3.2.4-1 + - libav + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e + NOTE: libav in jessie only supports transparency with RGB palette, only parts of the upstream fix apply +CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-b ...) + {DSA-4012-1 DLA-1142-1} + - ffmpeg 7:3.2.4-1 + - libav + NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a + NOTE: Fixed in 11.11 +CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write related to th ...) + - grpc 1.2.5-1+nmu0 (bug #860316) +CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused by a h ...) + - grpc 1.2.5-1+nmu0 (bug #860316) +CVE-2017-7859 (FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-b ...) + - ffmpeg (Only affected master, not present in a release) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1034183 + NOTE: https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb +CVE-2017-7858 (FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ...) + - freetype (Vulnerable code introduced in 2.6.4) + NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738 +CVE-2017-7857 (FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a he ...) + - freetype (Vulnerable code introduced in 2.6.4) + NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759 +CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a h ...) + - libreoffice (Didn't affect any released version of LibreOffice) +CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a he ...) + - freetype (Only affected head for about a day, see bug #860303) + NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739 + NOTE: Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8 + NOTE: http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289 +CVE-2016-10327 (LibreOffice before 2016-12-22 has an out-of-bounds write caused by a h ...) + - libreoffice 1:5.2.5-1 + [jessie] - libreoffice (Vulnerable code not present) + [wheezy] - libreoffice (Vulnerable code not present) + NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416 +CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS ...) + NOT-FOR-US: IceWarp +CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remot ...) + - radare2 (Vulnerable code introduced later) +CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can l ...) + {DSA-3879-1 DLA-898-1} + - libosip2 4.1.0-2.1 (bug #860287) + NOTE: https://savannah.gnu.org/support/index.php?109265 + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 +CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that allo ...) + NOT-FOR-US: D-Link +CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an inadequat ...) + NOT-FOR-US: D-Link +CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) + {DSA-3879-1 DLA-898-1} + - libosip2 4.1.0-2.1 (bug #860287) + NOTE: https://savannah.gnu.org/support/index.php?109132 + NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead +CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) + {DSA-3879-1 DLA-898-1} + - libosip2 4.1.0-2.1 (bug #860287) + NOTE: https://savannah.gnu.org/support/index.php?109131 + NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696 +CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a h ...) + {DSA-3879-1 DLA-898-1} + - libosip2 4.1.0-2.1 (bug #860287) + NOTE: https://savannah.gnu.org/support/index.php?109133 + NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f +CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local priv ...) + NOT-FOR-US: Nessus +CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local deni ...) + NOT-FOR-US: Nessus +CVE-2017-7848 (RSS fields can inject new lines into the created email structure, modi ...) + {DSA-4075-1 DLA-1223-1} + - thunderbird 1:52.5.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848 +CVE-2017-7847 (Crafted CSS in an RSS feed can leak and reveal local path strings, whi ...) + {DSA-4075-1 DLA-1223-1} + - thunderbird 1:52.5.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847 +CVE-2017-7846 (It is possible to execute JavaScript in the parsed RSS feed when RSS f ...) + {DSA-4075-1 DLA-1223-1} + - thunderbird 1:52.5.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846 +CVE-2017-7845 (A buffer overflow occurs when drawing and validating elements using Di ...) + - firefox (Only affects Firefox on Windows) + - firefox-esr (Only affects Firefox ESR on Windows) + - thunderbird (Only affects Firefox on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845 +CVE-2017-7844 (A combination of an external SVG image referenced on a page and the co ...) + - firefox 57.0.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844 +CVE-2017-7843 (When Private Browsing mode is used, it is possible for a web worker to ...) + {DSA-4062-1 DLA-1202-1} + - firefox 57.0.1-1 + - firefox-esr 52.5.2esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106 +CVE-2017-7842 (If a document's Referrer Policy attribute is set to "no-referrer" some ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842 +CVE-2017-7841 + RESERVED +CVE-2017-7840 (JavaScript can be injected into an exported bookmarks file by placing ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840 +CVE-2017-7839 (Control characters prepended before "javascript:" URLs pasted in the a ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839 +CVE-2017-7838 (Punycode format text will be displayed for entire qualified internatio ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838 +CVE-2017-7837 (SVG loaded through "" tags can use "" tags within the SVG d ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837 +CVE-2017-7836 (The "pingsender" executable used by the Firefox Health Report dynamica ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836 +CVE-2017-7835 (Mixed content blocking of insecure (HTTP) sub-resources in a secure (H ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835 +CVE-2017-7834 (A "data:" URL loaded in a new tab did not inherit the Content Security ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834 +CVE-2017-7833 (Some Arabic and Indic vowel marker characters can be combined with Lat ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833 +CVE-2017-7832 (The combined, single character, version of the letter 'i' with any of ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832 +CVE-2017-7831 (A vulnerability where the security wrapper does not deny access to som ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831 +CVE-2017-7830 (The Resource Timing API incorrectly revealed navigations in cross-orig ...) + {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} + - firefox 57.0-1 + - firefox-esr 52.5.0esr-1 + - thunderbird 1:52.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830 +CVE-2017-7829 (It is possible to spoof the sender's email address and display an arbi ...) + {DSA-4075-1 DLA-1223-1} + - thunderbird 1:52.5.2-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829 +CVE-2017-7828 (A use-after-free vulnerability can occur when flushing and resizing la ...) + {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} + - firefox 57.0-1 + - firefox-esr 52.5.0esr-1 + - thunderbird 1:52.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828 +CVE-2017-7827 (Memory safety bugs were reported in Firefox 56. Some of these bugs sho ...) + - firefox 57.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827 +CVE-2017-7826 (Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. S ...) + {DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1} + - firefox 57.0-1 + - firefox-esr 52.5.0esr-1 + - thunderbird 1:52.5.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826 +CVE-2017-7825 (Several fonts on OS X display some Tibetan and Arabic characters as wh ...) + - firefox (Only affects Firefox on OS X) + - firefox-esr (Only affects Firefox ESR on OS X) + - icedove (Only affects Thunderbird on OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825 +CVE-2017-7824 (A buffer overflow occurs when drawing and validating elements with the ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824 +CVE-2017-7823 (The content security policy (CSP) "sandbox" directive did not create a ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823 +CVE-2017-7822 (The AES-GCM implementation in WebCrypto API accepts 0-length IV when i ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822 +CVE-2017-7821 (A vulnerability where WebExtensions can download and attempt to open a ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821 +CVE-2017-7820 (The "instanceof" operator can bypass the Xray wrapper mechanism. When ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820 +CVE-2017-7819 (A use-after-free vulnerability can occur in design mode when image obj ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819 +CVE-2017-7818 (A use-after-free vulnerability can occur when manipulating arrays of A ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818 +CVE-2017-7817 (A spoofing vulnerability can occur when a page switches to fullscreen ...) + - firefox (Only affects Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817 +CVE-2017-7816 (WebExtensions could use popups and panels in the extension UI to load ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816 +CVE-2017-7815 (On pages containing an iframe, the "data:" protocol can be used to cre ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815 +CVE-2017-7814 (File downloads encoded with "blob:" and "data:" URL elements bypassed ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814 +CVE-2017-7813 (Inside the JavaScript parser, a cast of an integer to a narrower type ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813 +CVE-2017-7812 (If web content on a page is dragged onto portions of the browser UI, s ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812 +CVE-2017-7811 (Memory safety bugs were reported in Firefox 55. Some of these bugs sho ...) + - firefox 56.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811 +CVE-2017-7810 (Memory safety bugs were reported in Firefox 55 and Firefox ESR 52.3. S ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810 +CVE-2017-7809 (A use-after-free vulnerability can occur when an editor DOM node is de ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7808 (A content security policy (CSP) "frame-ancestors" directive containing ...) + - firefox 55.0-1 +CVE-2017-7807 (A mechanism that uses AppCache to hijack a URL in a domain using fallb ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7806 (A use-after-free vulnerability can occur when the layer manager is fre ...) + - firefox 55.0-1 +CVE-2017-7805 (During TLS 1.2 exchanges, handshake hashes are generated which point t ...) + {DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + - nss 2:3.33-1 + NOTE: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618 (not public) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805 +CVE-2017-7804 (The destructor function for the "WindowsDllDetourPatcher" class can be ...) + - firefox (Windows-specific) + - firefox-esr (Windows-specific) + - icedove (Windows-specific) +CVE-2017-7803 (When a page's content security policy (CSP) header contains a "sandbox ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7802 (A use-after-free vulnerability can occur when manipulating the DOM dur ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7801 (A use-after-free vulnerability can occur while re-computing layout for ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7800 (A use-after-free vulnerability can occur in WebSockets when the object ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7799 (JavaScript in the "about:webrtc" page is not sanitized properly being ...) + - firefox 55.0-1 +CVE-2017-7798 (The Developer Tools feature suffers from a XUL injection vulnerability ...) + {DSA-3928-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 +CVE-2017-7797 (Response header name interning does not have same-origin protections a ...) + - firefox 55.0-1 +CVE-2017-7796 (On Windows systems, the logger run by the Windows updater deletes the ...) + - firefox (Windows-specific) +CVE-2017-7795 + RESERVED +CVE-2017-7794 (On Linux systems, if the content process is compromised, the sandbox b ...) + - firefox 55.0-1 +CVE-2017-7793 (A use-after-free vulnerability can occur in the Fetch API when the wor ...) + {DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1} + - firefox 56.0-1 + - firefox-esr 52.4.0esr-2 + - thunderbird 1:52.4.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793 +CVE-2017-7792 (A buffer overflow will occur when viewing a certificate in the certifi ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7791 (On pages containing an iframe, the "data:" protocol can be used to cre ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7790 (On Windows systems, if non-null-terminated strings are copied into the ...) + - firefox (Windows-specific) +CVE-2017-7789 (If a server sends two Strict-Transport-Security (STS) headers for a si ...) + - firefox 55.0-1 (low) + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642 +CVE-2017-7788 (When an "iframe" has a "sandbox" attribute and its content is specifie ...) + - firefox 55.0-1 +CVE-2017-7787 (Same-origin policy protections can be bypassed on pages with embedded ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7786 (A buffer overflow can occur when the image renderer attempts to paint ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7785 (A buffer overflow can occur when manipulating Accessible Rich Internet ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7784 (A use-after-free vulnerability can occur when reading an image observe ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7783 (If a long user name is used in a username/password combination in a si ...) + - firefox 55.0-1 +CVE-2017-7782 (An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Exe ...) + - firefox (Windows-specific) + - firefox-esr (Windows-specific) + - icedove (Windows-specific) +CVE-2017-7781 (An error occurs in the elliptic curve point addition algorithm that us ...) + - firefox 55.0-1 +CVE-2017-7780 (Memory safety bugs were reported in Firefox 54. Some of these bugs sho ...) + - firefox 55.0-1 +CVE-2017-7779 (Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7778 (A number of security vulnerabilities in the Graphite 2 library includi ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778 +CVE-2017-7777 (Use of uninitialized memory in Graphite2 library in Firefox before 54 ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551 +CVE-2017-7776 (Heap-based Buffer Overflow read in Graphite2 library in Firefox before ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607 +CVE-2017-7775 + REJECTED +CVE-2017-7774 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174 +CVE-2017-7773 (Heap-based Buffer Overflow write in Graphite2 library in Firefox befor ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747 +CVE-2017-7772 (Heap-based Buffer Overflow in Graphite2 library in Firefox before 54 i ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745 +CVE-2017-7771 (Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphi ...) + {DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1} + - graphite2 1.3.10-1 + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047 +CVE-2017-7770 (A mechanism where when a new tab is loaded through JavaScript events, ...) + - firefox (Only Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770 +CVE-2017-7769 + RESERVED +CVE-2017-7768 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768 +CVE-2017-7767 (The Mozilla Maintenance Service can be invoked by an unprivileged user ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767 +CVE-2017-7766 (An attack using manipulation of "updater.ini" contents, used by the Mo ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766 +CVE-2017-7765 (The "Mark of the Web" was not correctly saved on Windows when files wi ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + - icedove (Only Thunderbird on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765 +CVE-2017-7764 (Characters from the "Canadian Syllabics" unicode block can be mixed wi ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764 +CVE-2017-7763 (Default fonts on OS X display some Tibetan characters as whitespace. W ...) + - firefox (Only firefox on Mac OS X) + - firefox-esr (Only Firefox ESR on Mac OS X) + - icedove (Only Thunderbird on Mac OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763 +CVE-2017-7762 (When entered directly, Reader Mode did not strip the username and pass ...) + - firefox 54.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762 +CVE-2017-7761 (The Mozilla Maintenance Service "helper.exe" application creates a tem ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761 +CVE-2017-7760 (The Mozilla Windows updater modifies some files to be updated by readi ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760 +CVE-2017-7759 (Android intent URLs given to Firefox for Android can be used to naviga ...) + - firefox (Only Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759 +CVE-2017-7758 (An out-of-bounds read vulnerability with the Opus encoder when the num ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758 +CVE-2017-7757 (A use-after-free vulnerability in IndexedDB when one of its objects is ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757 +CVE-2017-7756 (A use-after-free and use-after-scope vulnerability when logging errors ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756 +CVE-2017-7755 (The Firefox installer on Windows can be made to load malicious DLL fil ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox ESR on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755 +CVE-2017-7754 (An out-of-bounds read in WebGL with a maliciously crafted "ImageInfo" ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754 +CVE-2017-7753 (An out-of-bounds read occurs when applying style rules to pseudo-eleme ...) + {DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1} + - firefox 55.0-1 + - firefox-esr 52.3.0esr-1 + - icedove 1:52.3.0-1 (bug #872834) +CVE-2017-7752 (A use-after-free vulnerability during specific user interactions with ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752 +CVE-2017-7751 (A use-after-free vulnerability with content viewer listeners that resu ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751 +CVE-2017-7750 (A use-after-free vulnerability during video control operations when a ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750 +CVE-2017-7749 (A use-after-free vulnerability when using an incorrect URL during the ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7749 +CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector cou ...) + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Vulnerable code introduced later) + [wheezy] - wireshark (Vulnerable code introduced later) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581 +CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissecto ...) + {DLA-1634-1} + - wireshark 2.2.6+g32dac6a-1 + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559 +CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector co ...) + {DLA-1634-1} + - wireshark 2.2.6+g32dac6a-1 (low) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576 +CVE-2017-7745 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector ...) + - wireshark 2.2.6+g32dac6a-1 + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-20.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578 +CVE-2017-7744 + RESERVED +CVE-2017-7743 + RESERVED +CVE-2017-7742 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) + {DLA-928-1} + - libsndfile 1.0.27-3 (bug #860255) + [jessie] - libsndfile (Minor issue) + NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 + NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ +CVE-2017-7741 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) + {DLA-928-1} + - libsndfile 1.0.27-2 + [jessie] - libsndfile (Minor issue) + NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 + NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/ + NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue + NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch +CVE-2017-7740 + RESERVED +CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy disc ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-7738 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5 ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...) + NOT-FOR-US: Fortinet +CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...) + NOT-FOR-US: Fortinet +CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 t ...) + NOT-FOR-US: Fortinet +CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet Forti ...) + NOT-FOR-US: Fortinet +CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal version ...) + NOT-FOR-US: Fortinet FortiPortal +CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...) + NOT-FOR-US: iSmartAlarm +CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...) + NOT-FOR-US: iSmartAlarm +CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...) + NOT-FOR-US: iSmartAlarm +CVE-2017-7727 + REJECTED +CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation Vulnerabil ...) + NOT-FOR-US: iSmartAlarm +CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...) + NOT-FOR-US: concrete5 +CVE-2017-7724 + RESERVED +CVE-2017-7723 (XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the ...) + NOT-FOR-US: Easy WP SMTP WordPress plugin +CVE-2017-7722 (In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu ...) + NOT-FOR-US: SolarWinds +CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Acce ...) + NOT-FOR-US: IrfanView +CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...) + NOT-FOR-US: PrivateTunnel +CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...) + NOT-FOR-US: Spider Event Calendar +CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...) + {DLA-1497-1 DLA-1035-1 DLA-939-1} + - qemu 1:2.8+dfsg-4 + - qemu-kvm + NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904 + NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=3328c14e63f08fb07e8c6dec779c9d365e9e9864 (v2.8.1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443441 +CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the E ...) + NOT-FOR-US: SAP +CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 a ...) + - radare2 (Vulnerable code introduced later) + NOTE: https://github.com/radare/radare2/issues/7260 +CVE-2017-7715 + RESERVED +CVE-2017-7714 + RESERVED +CVE-2017-7713 + RESERVED +CVE-2017-7712 + RESERVED +CVE-2017-7711 + RESERVED +CVE-2017-7710 + RESERVED +CVE-2017-7709 + RESERVED +CVE-2017-7708 + RESERVED +CVE-2017-7707 + RESERVED +CVE-2017-7706 + RESERVED +CVE-2017-7705 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dis ...) + - wireshark 2.2.6+g32dac6a-1 + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-15.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13558 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=08d392bbecc8fb666bf979e70a34536007b83ea2 +CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infini ...) + - wireshark 2.2.6+g32dac6a-1 + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-17.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8 +CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector co ...) + {DLA-1634-1} + - wireshark 2.2.6+g32dac6a-1 (low) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9 +CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector c ...) + - wireshark 2.2.6+g32dac6a-1 (low) + [jessie] - wireshark (Minor issue) + [wheezy] - wireshark (Minor issue) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 + NOTE: When for older releases fixing this entry, make sure to fix apply the + NOTE: complete patch including https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7 + NOTE: to not open CVE-2017-11410. +CVE-2017-7701 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector cou ...) + - wireshark 2.2.6+g32dac6a-1 + [jessie] - wireshark (Vulnerable code not present) + [wheezy] - wireshark (Vulnerable code not present) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-16.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a +CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file pa ...) + {DLA-1634-1 DLA-858-1} + - wireshark 2.2.6+g32dac6a-1 (low) + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478 + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53 +CVE-2017-7699 + RESERVED +CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier all ...) + - swftools 0.9.2+ds1-2 + NOTE: https://github.com/matthiaskramm/swftools/pull/19 + NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload +CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the calc_o ...) + {DLA-2845-1} + - libsamplerate 0.1.9-1 (bug #860159) + [jessie] - libsamplerate (Minor issue) + [wheezy] - libsamplerate (Minor issue) + NOTE: https://github.com/erikd/libsamplerate/issues/11 + NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/ + NOTE: Fixed by: https://github.com/erikd/libsamplerate/commit/c3b66186656de44da18b7058aec099dbe782dd0b +CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote at ...) + NOT-FOR-US: SAP +CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an at ...) + NOT-FOR-US: BigTree CMS +CVE-2017-7694 (Remote Code Execution vulnerability in symphony/content/content.bluepr ...) + NOT-FOR-US: Symphony CMS +CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbed OPN ...) + NOT-FOR-US: Riverbed OPNET App Response Xpert (ARX) +CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allo ...) + {DSA-3852-1 DLA-941-1} + - squirrelmail + NOTE: https://www.openwall.com/lists/oss-security/2017/04/19/6 + NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html +CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...) + NOT-FOR-US: SAP TREX +CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...) + NOT-FOR-US: Proxifier for Mac +CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk Contr ...) + NOT-FOR-US: Schneider Electric +CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure manner.) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7687 (When handling a decoding failure for a malformed URL path of an HTTP r ...) + - apache-mesos (bug #760315) +CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to up ...) + NOT-FOR-US: Apache Ignite +CVE-2017-7685 (Apache OpenMeetings 1.0.0 responds to the following insecure HTTP meth ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7684 (Apache OpenMeetings 1.0.0 doesn't check contents of files being upload ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7683 (Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error s ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7682 (Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation atta ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7681 (Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7680 (Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml fil ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...) + {DSA-3896-1 DLA-1009-1} + - apache2 2.4.25-4 +CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take a ...) + - apache-spark (bug #802194) +CVE-2017-7677 (In environments that use external location for hive tables, Hive Autho ...) + NOT-FOR-US: Apache Ranger +CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores characte ...) + NOT-FOR-US: Apache Ranger +CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8 ...) + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.16-1 + [stretch] - tomcat8 8.5.14-1+deb9u2 + [jessie] - tomcat8 (Only affects 8.5.0 to 8.5.15) + - tomcat7 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) + - tomcat6 (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present) + NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120 +CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.1 ...) + {DSA-3974-1 DLA-1400-1} + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.16-1 + - tomcat7 7.0.72-3 + [wheezy] - tomcat7 (Vulnerable code not present) + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x) + NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x) + NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x) + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101 +CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7672 (If an application allows enter an URL in a form field and built-in URL ...) + - libstruts1.2-java (Vulnerable code not present) + NOTE: Issue is specific to Struts 2.x. +CVE-2017-7671 (There is a DOS attack vulnerability in Apache Traffic Server (ATS) 5.2 ...) + {DSA-4128-1} + - trafficserver 7.1.2+ds-1 + [wheezy] - trafficserver (Vulnerable code not present) + NOTE: https://github.com/apache/trafficserver/pull/1941 +CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...) + NOT-FOR-US: Apache Traffic Control +CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxConta ...) + - hadoop (bug #793644) +CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.2 ...) + {DSA-3896-1 DLA-1009-1} + - apache2 2.4.25-4 +CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the re ...) + NOT-FOR-US: Apache NiFi +CVE-2017-7666 (Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7665 (In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain us ...) + NOT-FOR-US: Apache NiFi +CVE-2017-7664 (Uploaded XML documents were not correctly validated in Apache OpenMeet ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7663 (Both global and Room chat are vulnerable to XSS attack in Apache OpenM ...) + NOT-FOR-US: Apache OpenMeetings +CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has ...) + NOT-FOR-US: Apache CXF +CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...) + NOT-FOR-US: Apache CXF +CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node communicat ...) + - lucene-solr (Vulnerable code introduced later) + NOTE: https://issues.apache.org/jira/browse/SOLR-10624 + NOTE: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf +CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 in Apac ...) + - apache2 2.4.25-4 + [stretch] - apache2 2.4.25-3+deb9u1 + [jessie] - apache2 (Vulnerable code not present) + [wheezy] - apache2 (Vulnerable code not present) + NOTE: HTTP/2 support introduced in 2.4.17 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/19/5 +CVE-2017-7658 (In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP ...) + {DSA-4278-1} + - jetty + [jessie] - jetty (very hard to exploit, complex patch) + - jetty8 + [jessie] - jetty8 (very hard to exploit, complex patch) + - jetty9 9.2.25-1 (low; bug #902953) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669 + NOTE: https://github.com/eclipse/jetty.project/commit/a285deea + NOTE: Exploit very unlikely, needs a very particular intermediary behaviour. +CVE-2017-7657 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...) + {DSA-4278-1} + - jetty + [jessie] - jetty (very hard to exploit, complex patch) + - jetty8 + [jessie] - jetty8 (very hard to exploit, complex patch) + - jetty9 9.2.25-1 (low; bug #902953) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535668 + NOTE: https://github.com/eclipse/jetty.project/commit/a285deea +CVE-2017-7656 (In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations) ...) + {DSA-4278-1} + - jetty + [jessie] - jetty (very hard to exploit, complex patch) + - jetty8 + [jessie] - jetty8 (very hard to exploit, complex patch) + - jetty9 9.2.25-1 (low; bug #902953) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667 + NOTE: https://github.com/eclipse/jetty.project/commit/a285deea +CVE-2017-7655 (In Eclipse Mosquitto version from 1.0 to 1.4.15, a Null Dereference vu ...) + {DLA-2793-1 DLA-1972-1} + - mosquitto 1.5.4-1 (low) + [stretch] - mosquitto (Minor issue) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533775 + NOTE: https://github.com/eclipse/mosquitto/commit/79a7b36d207c9142468a7ea33695a14181a9fd24 +CVE-2017-7654 (In Eclipse Mosquitto 1.4.15 and earlier, a Memory Leak vulnerability w ...) + {DSA-4325-1 DLA-1525-1} + - mosquitto 1.5.4-1 (bug #911265) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=533493 + NOTE: https://github.com/eclipse/mosquitto/commit/51ec5601c2ec523bf2973fdc1eca77335eafb8de +CVE-2017-7653 (The Eclipse Mosquitto broker up to version 1.4.15 does not reject stri ...) + {DSA-4325-1 DLA-1525-1} + - mosquitto 1.5.4-1 (bug #911266) + NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113 + NOTE: https://github.com/eclipse/mosquitto/commit/729a09310a7a56fbe5933b70b4588049da1a42b4 +CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running wi ...) + {DSA-4325-1 DLA-1409-1 DLA-1334-1} + - mosquitto 1.4.15-1 + NOTE: Patches: https://mosquitto.org/files/cve/2017-7652 + NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ +CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...) + {DSA-4325-1 DLA-1409-1 DLA-1334-1} + - mosquitto 1.4.15-1 + NOTE: Patches: https://mosquitto.org/files/cve/2017-7651 + NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/ +CVE-2017-7650 (In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clie ...) + {DSA-3865-1 DLA-961-1} + - mosquitto 1.4.10-3 + NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/ + NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/ +CVE-2017-7649 (The network enabled distribution of Kura before 2.1.0 takes control ov ...) + NOT-FOR-US: Kura +CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...) + NOT-FOR-US: Foscam +CVE-2017-7647 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an a ...) + NOT-FOR-US: SolarWinds +CVE-2017-7646 (SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an a ...) + NOT-FOR-US: SolarWinds +CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel throu ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.25-1 + NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e +CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...) + NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS +CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges vi ...) + NOT-FOR-US: Proxifier for Mac +CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vag ...) + NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin +CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) + NOT-FOR-US: QNAP NAS application Media Streaming add-on +CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) + NOT-FOR-US: QNAP NAS application Media Streaming add-on +CVE-2017-7639 (QNAP NAS application Proxy Server through version 1.2.0 does not authe ...) + NOT-FOR-US: QNAP +CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2 ...) + NOT-FOR-US: QNAP NAS application Media Streaming add-on +CVE-2017-7637 (QNAP NAS application Proxy Server through version 1.2.0 allows remote ...) + NOT-FOR-US: QNAP +CVE-2017-7636 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy ...) + NOT-FOR-US: QNAP +CVE-2017-7635 (QNAP NAS application Proxy Server through version 1.2.0 does not utili ...) + NOT-FOR-US: QNAP +CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...) + NOT-FOR-US: QNAP NAS application Media Streaming add-on +CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive informati ...) + NOT-FOR-US: QNAP +CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS 4 ...) + NOT-FOR-US: File Station of QNAP QTS +CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...) + NOT-FOR-US: File Station of QNAP +CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier al ...) + NOT-FOR-US: QNAP +CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...) + NOT-FOR-US: QNAP QTS +CVE-2017-7628 (The "Smart related articles" extension 1.1 for Joomla! has SQL injecti ...) + NOT-FOR-US: Joomla extension +CVE-2017-7627 (The "Smart related articles" extension 1.1 for Joomla! does not preven ...) + NOT-FOR-US: Joomla extension +CVE-2017-7626 (The "Smart related articles" extension 1.1 for Joomla! has XSS in dial ...) + NOT-FOR-US: Joomla extension +CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsene ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15. ...) + NOT-FOR-US: dde-daemon +CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technomet ...) + NOT-FOR-US: core-eMLi +CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits ...) + - mantis + [wheezy] - mantis (Not supported in Wheezy LTS) + NOTE: https://mantisbt.org/bugs/view.php?id=22909 + NOTE: https://mantisbt.org/bugs/view.php?id=22702 +CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...) + {DLA-922-1} + - linux 4.9.25-1 + [jessie] - linux 3.16.43-1 + NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2 +CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscall ...) + {DLA-922-1} + - linux 4.9.25-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6) + NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php +CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain priv ...) + NOT-FOR-US: Synology Photo Station +CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated gue ...) + NOT-FOR-US: Synology Photo Station +CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and unauthentic ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/16/2 +CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...) + - binutils 2.28-4 (low; bug #859989) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/ + NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8 +CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections a ...) + {DLA-1689-1} + - elfutils 0.168-1 (bug #859990) + [wheezy] - elfutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/ + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=4314716cd498bb51639db717bd7ce6182de33322 +CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows rem ...) + {DLA-1689-1} + - elfutils 0.168-1 (bug #859991) + [wheezy] - elfutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/ + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=61fe61898747f63eb35a81c2261f3590a3dab8fd +CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...) + {DLA-1689-1} + - elfutils 0.168-1 (bug #859992) + [wheezy] - elfutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/ + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=9a0d9d314a6342b56e3277bd7ad7ecb6e73a7d38 +CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...) + {DLA-1689-1} + - elfutils 0.168-1 (bug #859993) + [wheezy] - elfutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/ + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=fb6709f1a41b58a9557ea45b7f53ae678c660b21 +CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compressio ...) + - elfutils 0.168-1 (bug #859994) + [jessie] - elfutils (Vulnerable code not present) + [wheezy] - elfutils (Vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/ +CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in elfu ...) + {DLA-1689-1} + - elfutils 0.168-1 (bug #859995) + [wheezy] - elfutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/ + NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=b0b58c5e0b34e54194aa042f2310af58ee7de603 +CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows rem ...) + - elfutils 0.168-1 (bug #859996) + [jessie] - elfutils (vulnerable code not present) + [wheezy] - elfutils (vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299 + NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/ +CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion ...) + NOT-FOR-US: libaacplus +CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift ...) + NOT-FOR-US: libaacplus +CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed inte ...) + NOT-FOR-US: libaacplus +CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...) + {DSA-3844-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + [wheezy] - tiff3 (vulnerable code not present) + NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7601 (LibTIFF 4.0.7 has a "shift exponent too large for 64-bit type long" un ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7600 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7599 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...) + {DSA-3844-1 DLA-911-1} + - tiff 4.0.7-6 (low) + - tiff3 + [wheezy] - tiff3 (vulnerable code not present) + NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an "outside the range of representa ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes +CVE-2017-7596 (LibTIFF 4.0.7 has an "outside the range of representable values of typ ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 + - tiff3 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes + NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490 +CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows re ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 (low; bug #860003) + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653 + NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c + NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122 +CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in Lib ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 (low; bug #860001) + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659 + NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b + NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1 +CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is proper ...) + {DSA-3844-1 DLA-912-1 DLA-911-1} + - tiff 4.0.7-6 (bug #860000) + - tiff3 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651 + NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1 +CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a lef ...) + {DSA-3844-1 DLA-911-1} + - tiff 4.0.7-6 (bug #859998) + - tiff3 + [wheezy] - tiff3 (vulnerable code not present) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658 + NOTE: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b +CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before 13 ...) + - asterisk 1:13.14.1~dfsg-1 (bug #859910) + [jessie] - asterisk (Vulnerable code not present) + [wheezy] - asterisk (Vulnerable code not present) + NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html +CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a floati ...) + {DSA-3863-1 DLA-902-1} + - imagemagick 8:6.9.7.4+dfsg-4 (bug #859769) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506 + NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f +CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of repre ...) + {DSA-3863-1 DLA-902-1} + - imagemagick 8:6.9.7.4+dfsg-4 (bug #859771) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/415 + NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/ +CVE-2017-7591 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site ...) + NOT-FOR-US: ForgeRock OpenIDM +CVE-2017-7590 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site ...) + NOT-FOR-US: ForgeRock OpenIDM +CVE-2017-7589 (In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak sens ...) + NOT-FOR-US: ForgeRock OpenIDM +CVE-2017-7588 (On certain Brother devices, authorization is mishandled by including a ...) + NOT-FOR-US: Brother devices +CVE-2017-7587 + RESERVED +CVE-2017-7586 (In libsndfile before 1.0.28, an error in the "header_read()" function ...) + {DLA-928-1} + - libsndfile 1.0.27-2 + [jessie] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074 + NOTE: https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236 + NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue + NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch +CVE-2017-7585 (In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" func ...) + {DLA-928-1} + - libsndfile 1.0.27-2 + [jessie] - libsndfile (Minor issue) + NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0 + NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/ + NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue + NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch +CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...) + NOT-FOR-US: Foxit PDF Toolkit +CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents.) + - ilias (bug #195688) +CVE-2017-7582 + RESERVED +CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module 5 ...) + NOT-FOR-US: News module for TYPO3 +CVE-2017-7580 + RESERVED +CVE-2017-7579 (inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field ...) + NOT-FOR-US: phpMyFAQ +CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...) + NOT-FOR-US: Dataprobe iBootBar +CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) + NOT-FOR-US: Dataprobe iBootBar +CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of arbi ...) + NOT-FOR-US: XiongMai uc-httpd +CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login creden ...) + NOT-FOR-US: DragonWave Horizon +CVE-2017-7575 (Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote att ...) + NOT-FOR-US: Schneider +CVE-2017-7574 (Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modi ...) + NOT-FOR-US: Schneider +CVE-2017-7573 + RESERVED +CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...) + - backintime 1.1.12-2 (bug #859815) + [jessie] - backintime (Minor issue) + [wheezy] - backintime (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/2 + NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869 +CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtai ...) + NOT-FOR-US: Faveo +CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ar ...) + NOT-FOR-US: PivotX +CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-64 ...) + NOT-FOR-US: vBulletin +CVE-2017-7568 (NetApp OnCommand Unified Manager for 7-Mode (core package) versions pr ...) + NOT-FOR-US: NetApp +CVE-2017-7567 + RESERVED +CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF protectio ...) + NOT-FOR-US: MyBB +CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that allo ...) + NOT-FOR-US: Splunk Hadoop Connect App +CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive d ...) + NOT-FOR-US: ARM +CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...) + NOT-FOR-US: ARM +CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a filena ...) + NOT-FOR-US: textract +CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC c ...) + NOT-FOR-US: ARM +CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8 ...) + NOT-FOR-US: ClipBucket +CVE-2016-1000306 + REJECTED +CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allo ...) + {DLA-890-1} + - ming + NOTE: https://www.openwall.com/lists/oss-security/2017/04/07/1 + NOTE: https://github.com/libming/libming/issues/68 +CVE-2017-7562 (An authentication bypass flaw was found in the way krb5's certauth int ...) + - krb5 (Vulnerable code introduced later, cf. #873281) + NOTE: https://github.com/krb5/krb5/pull/694 + NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2 + NOTE: https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196 + NOTE: https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d +CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerab ...) + - resteasy 3.6.2-1 (bug #873392) + [jessie] - resteasy (CORS Filter added in 3.0.7.Final) + - resteasy3.0 3.0.26-1 (bug #908836) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823 + NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704 + NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028 + NOTE: Fixed in 4.0.0.Beta1, 3.0.25.Final, 3.5.0.CR1 +CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable that a ...) + - rhnsd (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550 + NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e +CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1. ...) + - undertow 1.4.23-1 (bug #885576) + NOTE: CVE is for an incomplete fix of CVE-2017-2666 + NOTE: Invalid characters were still allowed in the query string and path parameters. + NOTE: https://issues.jboss.org/browse/UNDERTOW-1165 + NOTE: https://issues.jboss.org/browse/UNDERTOW-1295 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7 + NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2 +CVE-2017-7558 (A kernel data leak due to an out-of-bound read was found in the Linux ...) + - linux 4.12.13-1 + [stretch] - linux 4.9.30-2+deb9u5 + [jessie] - linux (Vulnerable code introduced later 4.7 and not backported) + [wheezy] - linux (Vulnerable code introduced later 4.7 and not backported) +CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechan ...) + - dnsdist 1.2.0-1 (low; bug #872854) + [stretch] - dnsdist 1.1.0-2+deb9u1 + NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html + NOTE: https://downloads.powerdns.com/patches/2017-02 +CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulne ...) + NOT-FOR-US: hawtio +CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...) + {DSA-3949-1 DLA-1067-1} + - augeas 1.8.1-1 (bug #872400) + NOTE: https://github.com/hercules-team/augeas/pull/480 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373 +CVE-2017-7554 (It was found that the App Studio component of RHMAP 4.4 executes javas ...) + NOT-FOR-US: Red Hat Mobile Application Platform +CVE-2017-7553 (The external_request api call in App Studio (millicore) allows server ...) + NOT-FOR-US: Red Hat Mobile Application Platform +CVE-2017-7552 (A flaw was discovered in the file editor of millicore, affecting versi ...) + NOT-FOR-US: Red Hat Mobile Application Platform +CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to pass ...) + - 389-ds-base 1.3.6.7-1 (bug #870752) + [stretch] - 389-ds-base (Minor issue) + [jessie] - 389-ds-base (vulnerable code not present) + NOTE: https://pagure.io/389-ds-base/issue/49336 +CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x bef ...) + - ansible 2.4.2.0+dfsg-1 (unimportant) + NOTE: https://github.com/ansible/ansible/issues/30874 + NOTE: https://github.com/ansible/ansible/pull/30875 + NOTE: Just an insecure example +CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat Op ...) + NOT-FOR-US: instack-undercloud +CVE-2017-7548 (PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to a ...) + {DSA-3936-1 DSA-3935-1} + - postgresql-9.6 9.6.4-1 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + [wheezy] - postgresql-9.1 (Vulnerable code not present) + - postgresql-8.4 + [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) + NOTE: https://www.postgresql.org/about/news/1772/ +CVE-2017-7547 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...) + {DSA-3936-1 DSA-3935-1 DLA-1051-1} + - postgresql-9.6 9.6.4-1 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + - postgresql-8.4 + [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) + NOTE: https://www.postgresql.org/about/news/1772/ +CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...) + {DSA-3936-1 DSA-3935-1 DLA-1051-1} + - postgresql-9.6 9.6.4-1 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + - postgresql-8.4 + [wheezy] - postgresql-8.4 (postgresql-8.4 in wheezy only provides PL/Perl) + NOTE: https://www.postgresql.org/about/news/1772/ +CVE-2017-7545 (It was discovered that the XmlUtils class in jbpmmigration 6.5 perform ...) + NOT-FOR-US: jbpm-designer / jBPM +CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulner ...) + {DLA-2214-1} + - libexif 0.6.21-2.1 (bug #876466) + [stretch] - libexif 0.6.21-2+deb9u2 + [wheezy] - libexif (Minor issue) + NOTE: https://sourceforge.net/p/libexif/bugs/130/ +CVE-2017-7543 (A race-condition flaw was discovered in openstack-neutron before 7.2.0 ...) + - neutron (Specific to Red Hat packaging) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792 +CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linu ...) + {DSA-3945-1 DSA-3927-1 DLA-1099-1} + - linux 4.12.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6 +CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/b ...) + {DSA-3945-1 DSA-3927-1} + - linux 4.12.6-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c +CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are v ...) + NOT-FOR-US: Safemode ruby gem +CVE-2017-7539 (An assertion-failure flaw was found in Qemu before 2.10.1, in the Netw ...) + - qemu (Vulnerable code introduced in v2.9.0-rc0) + - qemu-kvm (Vulnerable code introduced in v2.9.0-rc0) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b + NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19 +CVE-2017-7538 (A cross-site scripting (XSS) flaw was found in how an organization nam ...) + NOT-FOR-US: Red Hat Satellite +CVE-2017-7537 (It was found that a mock CMC authentication plugin with a hardcoded se ...) + - dogtag-pki 10.3.5+12-5 (bug #869261) + NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817 +CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...) + - libhibernate-validator-java 4.3.3-4 (bug #885577) + [stretch] - libhibernate-validator-java 4.3.3-1+deb9u1 + [jessie] - libhibernate-validator-java (Vulnerable code introduced in 4.3) + [wheezy] - libhibernate-validator-java (Vulnerable code introduced in 4.3) + NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573 +CVE-2017-7535 (foreman before version 1.16.0 is vulnerable to a stored XSS in organiz ...) + - foreman (bug #663101) +CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...) + NOT-FOR-US: OpenShift +CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel thro ...) + {DSA-3945-1 DSA-3927-1} + - linux 4.12.6-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/08/03/2 + NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1) +CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default setti ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=355556 +CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...) + - moodle (Only affects 3.3) + NOTE: https://moodle.org/mod/forum/discuss.php?d=355555 +CVE-2017-7530 (In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5 ...) + NOT-FOR-US: Red Hat CloudForms Management Engine +CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable t ...) + {DSA-3908-1 DLA-1024-1} + - nginx 1.13.3-1 (bug #868109) + NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html + NOTE: Fixed in 1.13.3, 1.12.1. +CVE-2017-7528 (Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 i ...) + NOT-FOR-US: Ansible Tower +CVE-2017-7527 + REJECTED +CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-channel a ...) + {DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1} + - libgcrypt20 1.7.8-1 + - libgcrypt11 + - gnupg2 (Uses system libgcrypt) + - gnupg1 1.4.22-1 + [stretch] - gnupg1 (Only affects the legacy packages) + - gnupg + NOTE: https://eprint.iacr.org/2017/627 + NOTE: Fixes for RSA exponent blinding fixes (A): + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3 + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38 + NOTE: Fixes for mpi_powm itsef (B): + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3 + NOTE: For the particular attack to RSA, either (A) or (B) is enough. In + NOTE: general cases, (A) plus (B) is needed. + NOTE: For GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html + NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce + NOTE: GnuPG1: https://dev.gnupg.org/D438 +CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...) + {DSA-4004-1 DLA-2342-1 DLA-2091-1} + - jackson-databind 2.9.1-1 (bug #870848) + - libjackson-json-java 1.9.13-2 + [buster] - libjackson-json-java 1.9.13-2~deb10u1 + NOTE: https://github.com/FasterXML/jackson-databind/issues/1599 + NOTE: For libjackson-json-java: + NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31 +CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...) + - tpm2-tools 2.1.0-1 (bug #866257) + NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157 +CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buff ...) + NOT-FOR-US: Cygwin +CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...) + - openvpn 2.4.3-1 (unimportant) + [jessie] - openvpn (x509-track implemented in 2.4.0) + [wheezy] - openvpn (x509-track implemented in 2.4.0) + NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c + NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 + NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected + NOTE: code present. +CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...) + {DSA-3900-1} + - openvpn 2.4.3-1 (bug #865480) + [wheezy] - openvpn (Vulnerable code not present) + NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/2d032c7fcdfd692c851ea2fa858b4c2d9ea7d52d + NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/cb4e35ece4a5b70b10ef9013be3bff263d82f32b + NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/2341f716198fa90193e040b3fdb16959a47c6c27 + NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/040084067119dd5a9e15eb3bcfc0079debaa3777 + NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238 + NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad + NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 +CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to deni ...) + {DSA-3900-1 DLA-999-1} + - openvpn 2.4.3-1 (bug #865480) + NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77 + NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2 + NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924 + NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 +CVE-2017-7519 (In Ceph, a format string flaw was found in the way libradosstriper par ...) + {DSA-4339-1} + - ceph 12.2.8+dfsg1-1 (bug #864535) + [jessie] - ceph (Vulnerable code not present) + NOTE: http://tracker.ceph.com/issues/20240 +CVE-2017-7518 (A flaw was found in the Linux kernel before version 4.12 in the way th ...) + {DSA-3981-1} + - linux 4.11.11-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/23/5 + NOTE: https://www.spinics.net/lists/kvm/msg151817.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473 + NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4 +CVE-2017-7517 (An input validation vulnerability exists in Openshift Enterprise due t ...) + NOT-FOR-US: OpenShift +CVE-2017-7516 + REJECTED +CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled recurs ...) + - poppler 0.57.0-2 (unimportant) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208 + NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3 + NOTE: Crash in CLI tool, no security implications +CVE-2017-7514 (A cross-site scripting (XSS) flaw was found in how the failed action e ...) + NOT-FOR-US: Red Hat Satellite +CVE-2017-7513 (It was found that Satellite 5 configured with SSL/TLS for the PostgreS ...) + NOT-FOR-US: Red Hat Satellite +CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2. ...) + NOT-FOR-US: Red Hat 3scale +CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer deref ...) + - poppler 0.57.0-2 (unimportant; bug #863759) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101149 + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153 + NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a + NOTE: Crash in CLI tool, no security implications +CVE-2017-7510 (In ovirt-engine 4.1, if a host was provisioned with cloud-init, the ro ...) + NOT-FOR-US: ovirt-engine +CVE-2017-7509 (An input validation error was found in Red Hat Certificate System's ha ...) + NOT-FOR-US: Red Hat Certificate System +CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remo ...) + {DSA-3900-1} + - openvpn 2.4.3-1 (bug #865480) + [wheezy] - openvpn (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/06/21/6 + NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 + NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022 + NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92 + NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/fc61d1bda112ffc669dbde961fab19f60b3c7439 +CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer dere ...) + {DSA-3884-1} + [experimental] - gnutls28 3.5.13-1 + - gnutls28 3.5.8-6 (bug #864560) + - gnutls26 + [wheezy] - gnutls26 (Vulnerable code not present) + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4 + NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b + NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03 + NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9 +CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory acce ...) + {DSA-3907-1} + - spice 0.12.8-2.2 (bug #868083) + [wheezy] - spice (Vulnerable code not introduced later) +CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...) + - foreman (bug #663101) +CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the Jbos ...) + NOT-FOR-US: Red Hat JBoss +CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax. ...) + NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory +CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was found w ...) + {DSA-3872-1 DLA-971-1} + [experimental] - nss 2:3.29-1 + - nss 2:3.26.2-1.1 (bug #863839) + NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d +CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary files ...) + - rpm (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133 + NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) +CVE-2017-7500 (It was found that rpm did not properly handle RPM installations when a ...) + - rpm (unimportant) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369 + NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway) +CVE-2017-7499 + REJECTED +CVE-2017-7498 + REJECTED +CVE-2017-7497 (The dialog for creating cloud volumes (cinder provider) in CloudForms ...) + NOT-FOR-US: Red Hat CloudForms Management Engine +CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to loca ...) + NOT-FOR-US: fedora-arm-installer +CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=order ...) + - linux 4.6.2-1 + [jessie] - linux 3.16.39-1 + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824 +CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulne ...) + {DSA-3860-1 DLA-951-1} + - samba 2:4.5.8+dfsg-2 + NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html +CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...) + {DLA-1497-1 DLA-1035-1 DLA-965-1} + - qemu 1:2.8+dfsg-6 + - qemu-kvm + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709 + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html +CVE-2017-7492 + REJECTED +CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=352355 +CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible becaus ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=352354 +CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership o ...) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=352353 +CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure whil ...) + NOT-FOR-US: authconfig in Red Hat +CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel thro ...) + {DSA-3886-1 DLA-993-1} + - linux 4.9.30-1 + NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80 +CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg ...) + {DSA-3851-1 DLA-1051-1} + - postgresql-9.6 9.6.3-1 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + - postgresql-8.4 (feature not present in 8.x) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808 +CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9 ...) + {DSA-3851-1} + - postgresql-9.6 9.6.3-1 + - postgresql-9.4 + - postgresql-9.1 (bug introduced in 9.3) + - postgresql-8.4 (bug introduced in 9.3) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c +CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL ...) + {DSA-3851-1} + - postgresql-9.6 9.6.3-1 + - postgresql-9.4 + - postgresql-9.1 + [jessie] - postgresql-9.1 (postgresql-9.1 in jessie only provides PL/Perl) + [wheezy] - postgresql-9.1 (Vulnerable code do not exist) + - postgresql-8.4 + [wheezy] - postgresql-8.4 (Vulnerable code do not exist) + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7 + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2 + NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6 +CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...) + {DLA-2683-1} + - rxvt 1:2.7.10-7.1 (low; bug #861694) + [jessie] - rxvt (Minor issue) + [wheezy] - rxvt (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/05/01/15 +CVE-2017-7482 (In the Linux kernel before version 4.12, Kerberos 5 tickets decoded wh ...) + {DSA-3945-1 DSA-3927-1 DLA-1099-1} + - linux 4.11.11-1 + NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0 +CVE-2017-7481 (Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark loo ...) + {DLA-2535-1} + - ansible 2.3.1.0+dfsg-1 (bug #862666) + [jessie] - ansible (vulnerable code introduced in version 2.x) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018 + NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2 +CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over in ...) + {DLA-1039-1} + - rkhunter 1.4.4-1 (bug #866677) + [stretch] - rkhunter 1.4.2-6+deb9u1 + [jessie] - rkhunter 1.4.2-0.4+deb8u1 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/29/2 + NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch +CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reac ...) + {DLA-944-1} + - openvpn 2.4.0-5 (low) + [jessie] - openvpn 2.3.4-5+deb8u2 + NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master) + NOTE: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 (2.4.x) + NOTE: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x) + NOTE: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x) + NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits +CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Deni ...) + - openvpn 2.4.0-5 + [jessie] - openvpn (Vulnerable code introduced later) + [wheezy] - openvpn (Vulnerable code introduced later) + NOTE: https://github.com/OpenVPN/openvpn/commit/5774cf4c25e1d8bf4e544702db8f157f111c9d93 (master) + NOTE: https://github.com/OpenVPN/openvpn/commit/66b99a0753352c5cc43e11e39835b6423112df98 (2.4.x) + NOTE: https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3 (2.3.x) + NOTE: Introduced in: https://github.com/OpenVPN/openvpn/commit/3c1b19e04745177185decd14da82c71458442b82 (2.4.0) + NOTE: Introduced in (backported to 2.3.12): https://github.com/OpenVPN/openvpn/commit/358f513c008bf01fadb82759ac75ffb8613fc785 + NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits +CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec modul ...) + - linux 4.9.25-1 + [jessie] - linux (Introduced in 4.6) + [wheezy] - linux (Introduced in 4.6) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/25/4 + NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee + NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b +CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ ...) + - gnulib (Vulnerable code introduced later) + NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571 + NOTE: Introduced with 4bc76593 and 4e6e16b3f. +CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference relat ...) + - cairo (low; bug #870264) + [bookworm] - cairo (Minor issue) + [bullseye] - cairo (Minor issue) + [buster] - cairo (Minor issue) + [stretch] - cairo (Minor issue) + [jessie] - cairo (Minor issue) + [wheezy] - cairo (Minor issue) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763 + NOTE: https://gitlab.freedesktop.org/cairo/cairo/issues/80 +CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handl ...) + NOT-FOR-US: Keycloak +CVE-2017-7473 + REJECTED +CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows local use ...) + {DLA-922-1} + - linux 4.9.25-1 + [jessie] - linux 3.16.43-1 + NOTE: https://lkml.org/lkml/2017/4/1/235 + NOTE: https://lkml.org/lkml/2017/4/3/724 +CVE-2017-7471 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing vi ...) + {DLA-1035-1} + - qemu 1:2.8+dfsg-5 (bug #860785) + [jessie] - qemu (Vulnerable code introduced with fix for CVE-2016-9602) + [wheezy] - qemu (Vulnerable code introduced with fix for CVE-2016-9602) + - qemu-kvm (Vulnerable code introduced with fix for CVE-2016-9602) + NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e + NOTE: Fixed by (stable-2.8): http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf (v2.8.1.1) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443401 + NOTE: Introduced by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=acf22d2264a131ad2695b5a18746dabf0cc8b843 + NOTE: which is part of the fix for CVE-2016-9602. +CVE-2017-7470 (It was found that spacewalk-channel can be used by a non-admin user or ...) + NOT-FOR-US: Red Hat / spacewalk-backend +CVE-2017-7469 + REJECTED +CVE-2017-7468 (In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would atte ...) + - curl 7.52.1-5 + [jessie] - curl (Only affects 7.52 and later) + [wheezy] - curl (Only affects 7.52 and later) + NOTE: https://curl.haxx.se/docs/adv_20170419.html +CVE-2017-7467 (A buffer overflow flaw was found in the way minicom before version 2.7 ...) + {DLA-914-1} + - minicom 2.7-1.1 (bug #860940) + [jessie] - minicom 2.7-1+deb8u1 + NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/5 +CVE-2017-7466 (Ansible before version 2.3 has an input validation vulnerability in th ...) + - ansible 2.2.1.0-2 + [jessie] - ansible (Vulnerable code not present) + NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1) +CVE-2017-7465 (It was found that the JAXP implementation used in JBoss EAP 7.0 for XS ...) + NOT-FOR-US: JBoss JAXP +CVE-2017-7464 (It was found that the JAXP implementation used in JBoss EAP 7.0 for SA ...) + NOT-FOR-US: JBoss JAXP +CVE-2017-7463 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflecte ...) + NOT-FOR-US: Red Hat business central +CVE-2017-7462 (Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a r ...) + NOT-FOR-US: Intellinet NFC-30ir IP Camera +CVE-2017-7461 (Directory traversal vulnerability in the web-based management site on ...) + NOT-FOR-US: Intellinet NFC-30ir IP Camera +CVE-2017-7460 + RESERVED +CVE-2017-7459 (ntopng before 3.0 allows HTTP Response Splitting.) + - ntopng 2.4+dfsg1-4 (bug #866719) + [stretch] - ntopng (Minor issue) + [jessie] - ntopng (Minor issue) + NOTE: https://github.com/ntop/ntopng/commit/9469e58f07e043da712e6d6c41244852a11bcaeb +CVE-2017-7458 (The NetworkInterface::getHost function in NetworkInterface.cpp in ntop ...) + - ntopng 2.4+dfsg1-4 (bug #866721) + [stretch] - ntopng (Minor issue) + [jessie] - ntopng (Minor issue) + NOTE: https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f +CVE-2017-7457 (XML External Entity via ".AOP" files used by Moxa MX-AOPC Server 1.5 r ...) + NOT-FOR-US: Moxa +CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service b ...) + NOT-FOR-US: Moxa +CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private k ...) + NOT-FOR-US: Moxa +CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in libimageworsene ...) + NOT-FOR-US: ImageWorsener +CVE-2017-7451 + RESERVED +CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated ...) + NOT-FOR-US: AIRTAME HDMI dongle +CVE-2017-7449 + RESERVED +CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.h ...) + - lepton 1.2.1-3 (bug #859714) + NOTE: https://github.com/dropbox/lepton/issues/86 + NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7 +CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...) + NOT-FOR-US: HelpDEZk +CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtai ...) + NOT-FOR-US: HelpDEZk +CVE-2017-7445 + RESERVED +CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...) + - nextcloud (bug #835086) +CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspe ...) + NOT-FOR-US: Exponent CMS +CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...) + - libxslt (unimportant; bug #859796) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119 + NOTE: There's no indication that math.random() in intended to ensure cryptographic + NOTE: randomness requirements. Proper seeding needs to happen in the application + NOTE: using libxslt. +CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking vul ...) + NOT-FOR-US: Veritas System Recovery +CVE-2017-7442 (Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code ...) + NOT-FOR-US: Nitro Pro +CVE-2017-7441 (In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the ...) + NOT-FOR-US: Sophos +CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ap ...) + NOT-FOR-US: Kerio +CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...) + NOT-FOR-US: NetApp +CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...) + NOT-FOR-US: NetIQ Privileged Account Manager +CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cro ...) + NOT-FOR-US: NetIQ Privileged Account Manager +CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned packag ...) + - libzypp 17.3.1-1 (bug #899065) + [jessie] - libzypp (Minor issue) +CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM reposit ...) + - libzypp 17.3.1-1 (bug #899065) + [jessie] - libzypp (Minor issue) +CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending out in ...) + NOT-FOR-US: NetIQ Identity Manager +CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...) + NOT-FOR-US: Micro Focus Vibe +CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) + NOT-FOR-US: Novell Novell iManager and NetIQ iManager +CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) + NOT-FOR-US: Novell Novell iManager and NetIQ iManager +CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3 ...) + NOT-FOR-US: Novell Novell iManager and NetIQ iManager +CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Pat ...) + NOT-FOR-US: NetIQ eDirectory PKI plugin +CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...) + NOT-FOR-US: NetIQ iManager +CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity Manag ...) + NOT-FOR-US: NetIQ Identity Manager Plug-in +CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...) + NOT-FOR-US: NetIQ Identity Manager Plugins +CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager versio ...) + NOT-FOR-US: NetIQ +CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus ...) + NOT-FOR-US: Micro Focus +CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in ...) + NOT-FOR-US: Micro Focus +CVE-2017-7422 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...) + NOT-FOR-US: Micro Focus +CVE-2017-7421 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilitie ...) + NOT-FOR-US: Micro Focus +CVE-2017-7420 (An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterpr ...) + NOT-FOR-US: Micro Focus +CVE-2017-7419 (A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 b ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the h ...) + - proftpd-dfsg 1.3.5b-4 (low; bug #859592) + [jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2 + [wheezy] - proftpd-dfsg (Minor issue) + NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295 + NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed + NOTE: https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f +CVE-2017-7417 + RESERVED +CVE-2017-7416 (ntopng before 3.0 allows XSS because GET and POST parameters are impro ...) + - ntopng 3.2+dfsg1-1 (bug #866722) + [stretch] - ntopng (Minor issue) + [jessie] - ntopng (Minor issue) +CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypas ...) + NOT-FOR-US: Atlassian Confluence +CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function i ...) + - linux 4.7.4-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-7414 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...) + {DLA-1398-1} + - php-horde-crypt 2.7.5-2 (bug #859635) +CVE-2017-7413 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Editio ...) + {DLA-1398-1} + - php-horde-crypt 2.7.5-2 (bug #859635) +CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...) + NOT-FOR-US: NixOS specific Docker issue +CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The ...) + NOT-FOR-US: Enalean Tuleap +CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and accou ...) + NOT-FOR-US: WebsiteBaker +CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect e ...) + NOT-FOR-US: Palo Alto Networks +CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...) + NOT-FOR-US: Palo Alto Networks Traps ESM Console +CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...) + {DLA-883-1} + - curl 7.52.1-4 (unimportant; bug #859500) + NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13 + NOTE: Negligible security impact +CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any o ...) + NOT-FOR-US: D-Link +CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this dev ...) + NOT-FOR-US: D-Link +CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...) + NOT-FOR-US: D-Link +CVE-2017-7403 + RESERVED +CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ar ...) + NOT-FOR-US: Pixie CMS +CVE-2017-7401 (Incorrect interaction of the parse_packet() and parse_part_sign_sha256 ...) + {DLA-884-1} + - collectd 5.7.2-1 (bug #859494) + [stretch] - collectd (Minor issue) + [jessie] - collectd (Minor issue) + NOTE: https://github.com/collectd/collectd/issues/2174 + NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211 +CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 a ...) + - horizon 3:10.0.1-1 (bug #859559) + [jessie] - horizon (Vulnerable code not present) + [wheezy] - horizon (Vulnerable code not present) + NOTE: https://launchpad.net/bugs/1667086 +CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex S ...) + - ghostscript 9.22~dfsg-2.1 (bug #860869) + [stretch] - ghostscript 9.20~dfsg-3.2+deb9u2 + [jessie] - ghostscript 9.06~dfsg-2+deb8u7 + [wheezy] - ghostscript (Not directly reproducible, to re-evaluate once the upstream fix is known) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459 + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4 + NOTE: I got the reproducer file from the bug submitter and tried to reproduce it. + NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are + NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2 + NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind + NOTE: reports no buffer overrun. -- Raphael Hertzog +CVE-2017-1001000 (The register_routes function in wp-includes/rest-api/endpoints/class-w ...) + - wordpress 4.7.2+dfsg-1 + [jessie] - wordpress (Vulnerable code introduced after 4.4) + [wheezy] - wordpress (Vulnerable code not present) + NOTE: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7 + NOTE: rest-api introduced in 4.4 upstream +CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) + NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G +CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) + NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G +CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) + NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G +CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) + NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G +CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Ai ...) + NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G +CVE-2016-1000351 + REJECTED +CVE-2016-1000350 + REJECTED +CVE-2016-1000349 + REJECTED +CVE-2016-1000348 + REJECTED +CVE-2016-1000268 + REJECTED +CVE-2017-7399 (Cloudera Manager 5.8.x before 5.8.5, 5.9.x before 5.9.2, and 5.10.x be ...) + NOT-FOR-US: Cloudera +CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request For ...) + NOT-FOR-US: D-Link +CVE-2017-7397 (BackBox Linux 4.6 allows remote attackers to cause a denial of service ...) + NOT-FOR-US: BackBox OS specific CVE assignment +CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unaut ...) + - tigervnc 1.7.0+dfsg-7 (bug #859259) + NOTE: https://github.com/TigerVNC/tigervnc/pull/436 + NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0 +CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by c ...) + - tigervnc 1.7.0+dfsg-7 (bug #859259) + NOTE: https://github.com/TigerVNC/tigervnc/pull/436 + NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689 +CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), una ...) + - tigervnc 1.7.0+dfsg-7 (bug #859259) + NOTE: https://github.com/TigerVNC/tigervnc/pull/440 +CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an a ...) + - tigervnc 1.7.0+dfsg-7 (bug #859259) + NOTE: https://github.com/TigerVNC/tigervnc/pull/438 +CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityV ...) + - tigervnc 1.7.0+dfsg-7 (bug #859259) + NOTE: https://github.com/TigerVNC/tigervnc/pull/441 +CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vul ...) + NOT-FOR-US: Magmi +CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...) + NOT-FOR-US: SocialNetwork +CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Rel ...) + NOT-FOR-US: The Open eClass Platform +CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. Th ...) + NOT-FOR-US: WallacePOS +CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a r ...) + NOT-FOR-US: HelpMeWatchWho +CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in symetrie ...) + NOT-FOR-US: symetrie +CVE-2017-7385 + RESERVED +CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allow ...) + NOT-FOR-US: FlipBuilder Flip PDF +CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attac ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #859329) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 + NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 +CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote attac ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #859329) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 + NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 +CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attacker ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #859329) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 + NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 +CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attacker ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #859329) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/3 + NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848 +CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in PdfEncodi ...) + {DLA-929-1} + - libpodofo 0.9.4-5 (bug #859331) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/2 + NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/ +CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoF ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #859330) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/01/1 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847 +CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...) + {DLA-1497-1 DLA-1035-1 DLA-965-1} + - qemu 1:2.8+dfsg-4 (bug #859854) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html + NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e + NOTE: https://www.openwall.com/lists/oss-security/2017/04/03/2 + NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c +CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute arbitrar ...) + {DSA-3952-1 DLA-1060-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #870865) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public) + NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4 + NOTE: Fix upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e + NOTE: The upstream patch has the slight consequence that some port values end up + NOTE: negative when cast to a 32-bit int. A negative port though in the URL would + NOTE: make the URL invalid. It is discussed if instead it would be best to prevent + NOTE: the port from ever being negative. Upstream decided to leave the above patch. +CVE-2017-7375 (A flaw in libxml2 allows remote XML entity inclusion with default pars ...) + {DSA-3952-1 DLA-1008-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #870867) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public) + NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa + NOTE: Fix upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e +CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...) + - linux 4.9.25-1 + [jessie] - linux (Vulnerable code not present; Introduced in 4.2-rc1) + [wheezy] - linux (Vulnerable code not present; Introduced in 4.2-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4) +CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a double free ...) + NOT-FOR-US: Android display driver +CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race condit ...) + NOT-FOR-US: Android +CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data pointe ...) + NOT-FOR-US: Android +CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race condit ...) + NOT-FOR-US: Android +CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an array inde ...) + - linux (Android-specific) +CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race condit ...) + NOT-FOR-US: Android driver +CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an integer un ...) + NOT-FOR-US: Android +CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL ioctl ...) + NOT-FOR-US: Android driver +CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer over ...) + NOT-FOR-US: Android +CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the Linu ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack ...) + NOT-FOR-US: Pixie CMS +CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attac ...) + NOT-FOR-US: Pixie CMS +CVE-2017-7361 (Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack ...) + NOT-FOR-US: Pixie CMS +CVE-2017-7360 (Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.) + NOT-FOR-US: Pixie CMS +CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.) + NOT-FOR-US: Pixie CMS +CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in debian/guest ...) + - lightdm (Vulnerable code not present) + NOTE: https://launchpad.net/bugs/1677924 + NOTE: Specific script debian/guest-account.sh not merged from Ubuntu +CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with Ser ...) + NOT-FOR-US: Hipchat Server +CVE-2017-7356 + RESERVED +CVE-2017-7355 + RESERVED +CVE-2017-7354 + RESERVED +CVE-2017-7353 + RESERVED +CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...) + NOT-FOR-US: Pure Storage Purity +CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap 7.x be ...) + NOT-FOR-US: REDCap +CVE-2017-7350 + RESERVED +CVE-2017-7349 + RESERVED +CVE-2017-7348 + RESERVED +CVE-2017-7347 + RESERVED +CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmw ...) + {DSA-3945-1 DSA-3927-1} + - linux 4.11.6-1 + [wheezy] - linux (Vulnerable code introduced in 3.14) + NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf +CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...) + NOT-FOR-US: NetApp +CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows re ...) + NOT-FOR-US: SAP +CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in SA ...) + NOT-FOR-US: MobiLink Synchronization Server +CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earli ...) + NOT-FOR-US: Fortinet FortiClient Windows +CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...) + NOT-FOR-US: Fortinet FortiPortal +CVE-2017-7342 (A weak password recovery process vulnerability in Fortinet FortiPortal ...) + NOT-FOR-US: Fortinet +CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 throu ...) + NOT-FOR-US: Fortinet +CVE-2017-7340 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...) + NOT-FOR-US: Fortinet +CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...) + NOT-FOR-US: Fortinet FortiPortal +CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions 4 ...) + NOT-FOR-US: Fortinet FortiPortal +CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal versi ...) + NOT-FOR-US: Fortinet FortiPortal +CVE-2017-7336 (A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and lo ...) + NOT-FOR-US: Fortinet +CVE-2017-7335 (A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x ...) + NOT-FOR-US: Fortinet +CVE-2017-7334 + RESERVED +CVE-2017-7333 + RESERVED +CVE-2017-7332 + RESERVED +CVE-2017-7331 + RESERVED +CVE-2017-7330 + RESERVED +CVE-2017-7329 + RESERVED +CVE-2017-7328 + RESERVED +CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...) + NOT-FOR-US: Yandex Browser installer for Desktop +CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 al ...) + NOT-FOR-US: Yandex Browser for Android +CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the addr ...) + NOT-FOR-US: Yandex Browser +CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier a ...) + NOT-FOR-US: MODX Revolution +CVE-2017-7323 (The (1) update and (2) package-installation features in MODX Revolutio ...) + NOT-FOR-US: MODX Revolution +CVE-2017-7322 (The (1) update and (2) package-installation features in MODX Revolutio ...) + NOT-FOR-US: MODX Revolution +CVE-2017-7321 (setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier ...) + NOT-FOR-US: MODX Revolution +CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...) + NOT-FOR-US: MODX Revolution +CVE-2017-7319 + REJECTED +CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote comman ...) + NOT-FOR-US: Siklu EtherHaul +CVE-2017-7317 (An issue was discovered on Humax Digital HG100 2.0.6 devices. The atta ...) + NOT-FOR-US: Humax Digital HG100 +CVE-2017-7316 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. There i ...) + NOT-FOR-US: Humax Digital HG100R +CVE-2017-7315 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. To down ...) + NOT-FOR-US: Humax Digital HG100R +CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) + NOT-FOR-US: Personify360 e-Business +CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) + NOT-FOR-US: Personify360 e-Business +CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1 ...) + NOT-FOR-US: Personify360 e-Business +CVE-2017-7311 + RESERVED +CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...) + NOT-FOR-US: Sync Breeze Enterprise +CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 +CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...) + NOT-FOR-US: Riverbed RiOS +CVE-2017-7306 (Riverbed RiOS through 9.6.0 has a weak default password for the secure ...) + NOT-FOR-US: Riverbed RiOS +CVE-2017-7305 (Riverbed RiOS through 9.6.0 does not require a bootloader password, wh ...) + NOT-FOR-US: Riverbed RiOS +CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20931 +CVE-2017-7303 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (vulnerable code not present) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20922 +CVE-2017-7302 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20921 +CVE-2017-7301 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20924 +CVE-2017-7300 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20909 +CVE-2017-7299 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...) + - binutils 2.27.51.20161220-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20908 +CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote a ...) + NOT-FOR-US: Ceragon FibeAir +CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a built- ...) + NOT-FOR-US: Siklu EtherHaul +CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and S ...) + NOT-FOR-US: Trango +CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with ...) + NOT-FOR-US: Trango +CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2 ...) + NOT-FOR-US: Trango +CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remot ...) + NOT-FOR-US: SAP +CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ke ...) + {DLA-922-1} + - linux 4.9.18-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2 + NOTE: Fixed by: https://git.kernel.org/linus/8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b + NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70 + NOTE: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html +CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Ad ...) + - moodle (unimportant) + NOTE: http://www.daimacn.com/post/12.html + NOTE: https://tracker.moodle.org/browse/MDL-52038 + NOTE: Not considered a security issue/bug upstream, disputed that it got a CVE + NOTE: assigned. Mark as unimportant as non-issue. +CVE-2017-7297 (Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated user ...) + NOT-FOR-US: Rancher Labs rancher server +CVE-2017-7296 (An issue was discovered in Contiki Operating System 3.0. A Persistent ...) + NOT-FOR-US: Contiki Operating System +CVE-2017-7295 (An issue was discovered in Contiki Operating System 3.0. A use-after-f ...) + NOT-FOR-US: Contiki Operating System +CVE-2017-7293 (The Dolby DAX2 and DAX3 API services are vulnerable to a privilege esc ...) + NOT-FOR-US: Dolby +CVE-2017-7294 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...) + {DLA-922-1} + - linux 4.9.18-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/e7e11f99564222d82f0ce84bd521e57d78a6b678 +CVE-2017-7292 + RESERVED +CVE-2017-7291 + RESERVED +CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before ...) + NOT-FOR-US: XOOPS +CVE-2017-7289 + RESERVED +CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...) + NOT-FOR-US: Zimbra +CVE-2017-7287 + RESERVED +CVE-2017-7286 + REJECTED +CVE-2016-10303 + RESERVED +CVE-2016-10302 + RESERVED +CVE-2016-10301 + RESERVED +CVE-2016-10300 + RESERVED +CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver cou ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could e ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver cou ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2016-10279 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10278 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader cou ...) + NOT-FOR-US: Motorola component for Android +CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader cou ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2015-9018 + RESERVED +CVE-2015-9017 + RESERVED +CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a pos ...) + {DSA-4187-1} + - linux 4.2.3-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1) +CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles counte ...) + - linux 3.16.7-ckt7-1 + [wheezy] - linux (Vulnerable code not present) +CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the L ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel, ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the L ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux kernel ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in th ...) + {DSA-3945-1} + - linux 4.0.2-1 (low) + [wheezy] - linux (Vulnerable code not present) +CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 releas ...) + NOT-FOR-US: MikroTik +CVE-2017-7284 (An attacker that has hijacked a Unitrends Enterprise Backup (before 9. ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7283 (An authenticated user of Unitrends Enterprise Backup before 9.1.2 can ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7282 (An issue was discovered in Unitrends Enterprise Backup before 9.1.1. T ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7281 (An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends Enter ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 w ...) + NOT-FOR-US: Unitrends Enterprise Backup +CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort 44 ...) + NOT-FOR-US: ASSA ABLOY APTUS Styra Porttelefonkort 4400 +CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TI ...) + - linux (Vulnerable code introduced in 4.10-rc1) +CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before ...) + NOT-FOR-US: TOPdesk +CVE-2017-7275 (The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allow ...) + - imagemagick (unimportant; bug #859025) + NOTE: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/ + NOTE: https://github.com/ImageMagick/ImageMagick/issues/271 + NOTE: Furthermore: upstream is not able to reproduce the problem as well + NOTE: The problem result in a memory allocation issue when compiled with ASAN + NOTE: but unreproducible from unstream. Since no more details can be provided + NOTE: and the issue not addressed, treat this as "non-issue" (and thus marked + NOTE: unimportant). If in future details can be elaborated by the reporter + NOTE: we might re-evaluate this entry. +CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...) + - radare2 (Vulnerable parsers introduced in 1.3.0-git, cf. #858873) + NOTE: https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf + NOTE: https://github.com/radare/radare2/issues/7152 +CVE-2017-7271 (Reflected Cross-site scripting (XSS) vulnerability in Yii Framework be ...) + - yii (bug #597899) +CVE-2017-7270 + RESERVED +CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...) + {DLA-922-1} + - linux 4.9.6-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110 +CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...) + {DLA-875-1} + - php7.3 + [buster] - php7.3 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) + - php7.1 + - php7.0 + [stretch] - php7.0 (Upstream patch breaks existing applications, revisit if a new approach has been identified) + - php5 + [jessie] - php5 (Never applied to PHP 5 by upstream, breaks existing applications) + NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a + NOTE: https://bugs.php.net/bug.php?id=74216 + NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3 +CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ser ...) + NOT-FOR-US: Windows +CVE-2017-7268 + RESERVED +CVE-2017-7267 + RESERVED +CVE-2017-7266 (Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout ...) + NOT-FOR-US: Netflix Security Monkey +CVE-2017-7265 + RESERVED +CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function in fi ...) + {DSA-3797-1} + - mupdf 1.9a+ds1-3 (bug #854734) + [wheezy] - mupdf (vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ + NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free + NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow + NOTE: in fz_subsample_pixmap. +CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows rem ...) + - potrace 1.15-1 (bug #858763) + [stretch] - potrace (Minor issue) + [jessie] - potrace (Minor issue) + [wheezy] - potrace (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/ + NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH + NOTE: This CVE is for an incomplete fix of CVE-2016-8698 +CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavi ...) + NOT-FOR-US: Jensen of Scandinavia Air:Link Routers +CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...) + NOT-FOR-US: Hardware bug in AMD Ryzen CPUs, cannot be fixed via micro code updates, but only BIOS updates +CVE-2017-7261 (The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx ...) + {DLA-922-1} + - linux 4.9.18-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/36274ab8c596f1240c606bb514da329add2a1bcd +CVE-2017-7260 + RESERVED +CVE-2017-7259 + REJECTED +CVE-2017-7258 (HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi a ...) + NOT-FOR-US: AuroMeera Technometrix +CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add ...) + NOT-FOR-US: CMS Made Simple +CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (libtiff-tools not shipped by this source package) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ + NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 +CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a d ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (libtiff-tools not shipped by this source package) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ + NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 +CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...) + {DSA-3844-1} + - tiff 4.0.7-2 (bug #846837) + [wheezy] - tiff 4.0.2-6+deb7u9 + - tiff3 + [wheezy] - tiff3 (Unreproducible) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ + NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608 +CVE-2016-10269 (LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0. ...) + {DSA-3844-1 DLA-877-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (Unreproducible) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ + NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604 +CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a den ...) + {DLA-877-1} + - tiff 4.0.7-2 (unimportant) + - tiff3 (unimportant) + [wheezy] - tiff3 (issue in tiffcp that is not shipped by the source package) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/ + NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598 + NOTE: Crash in CLI tool not treated as a security issue +CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...) + {DSA-3844-1 DLA-877-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (Unreproducible, BigTIFF not supported by this version) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/ + NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611 +CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (di ...) + {DSA-3844-1 DLA-877-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (Unreproducible) + NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero + NOTE: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596 +CVE-2017-7254 + RESERVED +CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...) + NOT-FOR-US: Dahua IP Camera devices +CVE-2017-7252 (bcrypt password hashing in Botan before 2.1.0 does not correctly handl ...) + - botan1.10 (Introduced in 1.11.0) + NOTE: Bug introduced in 1.11.0, fixed in 2.1.0. +CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...) + NOT-FOR-US: pi-engine +CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...) + NOT-FOR-US: Gazelle torrent tracker +CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) + NOT-FOR-US: Gazelle torrent tracker +CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03- ...) + NOT-FOR-US: Gazelle torrent tracker +CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...) + NOT-FOR-US: Gazelle torrent tracker +CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...) + - pcre3 (bug #858679; unimportant) + [jessie] - pcre3 (Minor issue; 32bit character support not enabled) + [wheezy] - pcre3 (Vulnerable code not present) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2057 + NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ + NOTE: pcre32 support enabled only in pcre3/1:8.35-4 + NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41) +CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in p ...) + - pcre3 (bug #858678; unimportant) + [jessie] - pcre3 (Minor issue; 32bit character support not enabled) + [wheezy] - pcre3 (Vulnerable code not present) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2055 + NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/ + NOTE: pcre32 support enabled only in pcre3/1:8.35-4 + NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41) +CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...) + - pcre3 2:8.39-3 (bug #858683) + [jessie] - pcre3 (Minor issue; 32bit character support not enabled) + [wheezy] - pcre3 (Vulnerable code not present) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2054 + NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/ + NOTE: pcre32 support enabled only in pcre3/1:8.35-4 + NOTE: Bisected and the following change addresses the issue for pcre3: + NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1688 (8.41) +CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to caus ...) + NOT-FOR-US: Eclipse tinydtls for Eclipse IoT +CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules c ...) + NOT-FOR-US: SLiMS +CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move Attach ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 +CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The corre ...) + NOT-FOR-US: Miele Professional PG 8528 PST10 devices +CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive in ...) + - ninka (Fixed with the initial release to Debian) + NOTE: https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf +CVE-2017-7238 + RESERVED +CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7 ...) + NOT-FOR-US: Spiceworks +CVE-2017-7236 (SQL injection vulnerability in NetApp OnCommand Unified Manager Core P ...) + NOT-FOR-US: NetApp +CVE-2016-10265 + RESERVED +CVE-2016-10264 + RESERVED +CVE-2016-10263 + RESERVED +CVE-2016-10262 + RESERVED +CVE-2016-10261 + RESERVED +CVE-2016-10260 + RESERVED +CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...) + NOT-FOR-US: Blue Coat +CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...) + NOT-FOR-US: Symantec +CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7. ...) + NOT-FOR-US: Symantec +CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6 ...) + NOT-FOR-US: Symantec +CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ma ...) + NOT-FOR-US: cloudflare-scrape +CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...) + {DSA-3835-1 DLA-885-1} + - python-django 1:1.10.7-1 (bug #859516) + NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ + NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753 +CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 re ...) + {DSA-3835-1 DLA-885-1} + - python-django 1:1.10.7-1 (bug #859515) + NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/ + NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a +CVE-2017-7232 + RESERVED +CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow v ...) + NOT-FOR-US: pngdefry +CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and e ...) + NOT-FOR-US: Disk Sorter Enterprise +CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5. ...) + NOT-FOR-US: Vaultive O365 +CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes availabl ...) + {DSA-3847-1 DLA-907-1} + - xen 4.8.1-1 (bug #859560) + NOTE: https://xenbits.xen.org/xsa/advisory-212.html +CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buf ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20906 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=406bd128dba2a59d0736839fc87a59bce319076c +CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) libra ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20905 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f +CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...) + - binutils 2.27.51.20161201-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20891 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=50455f1ab2935f7321215dfa681745c9b1cb5b19 +CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is vuln ...) + - binutils 2.27.51.20161201-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20892 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e82ab856bb4689330c29fb9f1c57a8555b26380e +CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ov ...) + - binutils 2.27.51.20161212-1 + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20898 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17 +CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 al ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) +CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection mechan ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via sys_obj ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10. ...) + NOT-FOR-US: Citrix +CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.1 ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...) + NOT-FOR-US: Palo Alto Networks PAN-OS +CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...) + - elfutils 0.168-0.2 (low) + [jessie] - elfutils (Minor issue) + [wheezy] - elfutils (Minor issue) + NOTE: 0.168-0.2 first version uploaded to unstable + NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/ + NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07 +CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows ...) + - elfutils 0.168-0.2 (low) + [jessie] - elfutils (Minor issue) + [wheezy] - elfutils (Minor issue) + NOTE: 0.168-0.2 first version uploaded to unstable + NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/ + NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=191000fdedba3fafe4d5b8cddad3f3318b49c3fb +CVE-2017-7215 (Cross site scripting in some view elements in the index filter tool in ...) + NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing) +CVE-2017-7214 (An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x ...) + - nova 2:14.0.0-4 (bug #858568) + [jessie] - nova (Vulnerable code not present) + [wheezy] - nova (Not supported in Wheezy LTS) + NOTE: https://bugs.launchpad.net/nova/+bug/1673569 +CVE-2017-7213 (Zoho ManageEngine Desktop Central before build 100082 allows remote at ...) + NOT-FOR-US: Zoho ManageEngine Desktop Central +CVE-2017-7212 + RESERVED +CVE-2017-7211 + RESERVED +CVE-2017-7210 (objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based buff ...) + - binutils 2.28-3 (low; bug #858324) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21157 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a2dea0b20bc66a4c287c3c50002b8c3b3e9d953a +CVE-2017-7209 (The dump_section_as_bytes function in readelf in GNU Binutils 2.28 acc ...) + - binutils 2.28-3 (low; bug #858323) + [jessie] - binutils (Vulnerable code introduced later) + [wheezy] - binutils (Vulnerable code introduced later) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21135 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f +CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...) + {DSA-4012-1 DLA-1142-1} + - libav (low) + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a +CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscr ...) + {DSA-3838-1 DLA-1048-1} + - ghostscript 9.20~dfsg-3 (bug #858350) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676 +CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...) + - libav + [jessie] - libav (Vulnerable code not present) + - ffmpeg (bug #872517; Previous patches mitigated the issue) + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1002 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=83b2b34d06e74cc8775ba3d833f9782505e17539 +CVE-2017-7205 (A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. T ...) + NOT-FOR-US: GamePanelX-V3 +CVE-2017-7204 (A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vuln ...) + NOT-FOR-US: imdbphp +CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30. ...) + - zoneminder 1.30.4+dfsg-1 (bug #858329) + [wheezy] - zoneminder (Minor issue) + NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797 + NOTE: Fixed in 1.30.2 upstream. +CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...) + NOT-FOR-US: SLiMS +CVE-2017-7201 + RESERVED +CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...) + NOT-FOR-US: Nessus +CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The 'c ...) + - glance 2:13.0.0-1 + [jessie] - glance (Minor issue, too intrusive to backport) + [wheezy] - glance (Not supported in Wheezy LTS) + NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0078 + NOTE: https://bugs.launchpad.net/ossn/+bug/1606495 + NOTE: https://bugs.launchpad.net/ossn/+bug/1153614 + NOTE: The only implemented solution is to move to the v2 API (deprecated in + NOTE: 2:13.0.0-1, using that as the fixed version) +CVE-2017-7198 + RESERVED +CVE-2017-7197 + RESERVED +CVE-2017-7196 + RESERVED +CVE-2017-7195 + RESERVED +CVE-2017-7194 + RESERVED +CVE-2017-7193 + RESERVED +CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...) + NOT-FOR-US: Starscream +CVE-2017-7190 + RESERVED +CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsocko ...) + - php7.3 + [buster] - php7.3 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) + - php7.0 + [stretch] - php7.0 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) + - php5 + [jessie] - php5 (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192 + NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a + NOTE: The commit was later on reverted again because of breaking some features. + NOTE: See as well the related CVE-2017-7272. +CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a b ...) + NOT-FOR-US: Zurmo +CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...) + - linux 4.9.18-1 + [jessie] - linux (Introduced in 3.17) + [wheezy] - linux (Introduced in 3.17) + NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5) + NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1) +CVE-2017-7185 (Use-after-free vulnerability in the mg_http_multipart_wait_for_boundar ...) + NOT-FOR-US: Mongoose +CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...) + NOT-FOR-US: ExtraPuTTY +CVE-2017-7182 + RESERVED +CVE-2017-7181 + RESERVED +CVE-2017-7180 (Net Monitor for Employees Pro through 5.3.4 has an unquoted service pa ...) + NOT-FOR-US: Net Monitor for Employees Pro +CVE-2017-7179 + RESERVED +CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of com ...) + - erlang 1:19.2.1+dfsg-2 (bug #858313) + [jessie] - erlang 1:17.3-dfsg-4+deb8u1 + [wheezy] - erlang (Vulnerable code not present) + NOTE: https://github.com/erlang/otp/pull/1108 +CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Lin ...) + {DLA-922-1} + - linux 4.9.18-1 (low) + [jessie] - linux 3.16.43-1 + NOTE: Unprivileged user namespaces are disabled in Debian, this only affects + NOTE: non-standard setups +CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attacke ...) + - pcre3 2:8.39-3 (bug #858230) + [jessie] - pcre3 (Minor issue; 32bit character support not enabled) + [wheezy] - pcre3 (Vulnerable code not present) + - pcre2 10.22-3 (bug #858233) + NOTE: https://bugs.exim.org/show_bug.cgi?id=2052 + NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date (for pcre3) + NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3) + NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2) + NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2) +CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The exploit ...) + {DSA-3856-1 DLA-863-1} + - deluge 1.3.13+git20161130.48cedf63-2 (bug #857903) + NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583 +CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to p ...) + - mat 0.6.1-4 (bug #858058) + [jessie] - mat (Vulnerable code not present) + [wheezy] - mat (Vulnerable code not present) + NOTE: https://0xacab.org/mat/mat/issues/11527 + NOTE: Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9 + NOTE: Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a + NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5 +CVE-2017-7176 + REJECTED +CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS com ...) + NOT-FOR-US: NfSen +CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 a ...) + NOT-FOR-US: Chef Manage +CVE-2017-7173 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-7172 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7171 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7170 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-7169 + REJECTED +CVE-2017-7168 + REJECTED +CVE-2017-7167 (An issue was discovered in certain Apple products. Xcode before 9.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7166 + REJECTED +CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-7164 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Intel Graphics Driver on Apple / macOS +CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7161 (An issue was discovered in certain Apple products. Safari before 11.0. ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0010.html + NOTE: Not covered by security support +CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.4-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0010.html + NOTE: Not covered by security support +CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Intel Graphics Driver on Apple / macOS +CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7153 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + - webkit2gtk 2.18.6-1 (unimportant) + [stretch] - webkit2gtk 2.18.6-1~deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2018-0002.html + NOTE: Not covered by security support +CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is ...) + NOT-FOR-US: Apple +CVE-2017-7151 (A race condition was addressed with additional validation. This issue ...) + NOT-FOR-US: Apple +CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7148 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7147 (An issue was discovered in certain Apple products. The Apple Support a ...) + NOT-FOR-US: Apple +CVE-2017-7146 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7145 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7144 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7143 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7142 (An issue was discovered in certain Apple products. Safari before 11 is ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7141 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7140 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7139 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7138 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7137 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) + NOT-FOR-US: Apple +CVE-2017-7136 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) + NOT-FOR-US: Apple +CVE-2017-7135 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) + NOT-FOR-US: Apple +CVE-2017-7134 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) + NOT-FOR-US: Apple +CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before 10.13. ...) + NOT-FOR-US: Apple +CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules +CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7119 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7118 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7117 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7116 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7115 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7113 (An issue was discovered in certain Apple products. iOS before 11.1 is ...) + NOT-FOR-US: Apple +CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7110 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7109 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7108 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7107 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7106 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7105 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7104 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7103 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7102 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7101 + RESERVED +CVE-2017-7100 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7099 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7098 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7097 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7096 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7095 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7094 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7093 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7092 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7091 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7090 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7089 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7088 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7087 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7086 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7085 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7084 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7083 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7082 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7081 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + - webkit2gtk 2.18.1-1 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0008.html + NOTE: Not covered by security support +CVE-2017-7080 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7079 (An issue was discovered in certain Apple products. iTunes before 12.7 ...) + NOT-FOR-US: Apple +CVE-2017-7078 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7077 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7076 (An issue was discovered in certain Apple products. Xcode before 9 is a ...) + NOT-FOR-US: Apple +CVE-2017-7075 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7074 (An issue was discovered in certain Apple products. macOS before 10.13 ...) + NOT-FOR-US: Apple +CVE-2017-7073 + RESERVED +CVE-2017-7072 (An issue was discovered in certain Apple products. iOS before 11 is af ...) + NOT-FOR-US: Apple +CVE-2017-7071 (An issue was discovered in certain Apple products. Safari before 10.1 ...) + NOT-FOR-US: Apple +CVE-2017-7070 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple / libarchive + NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate +CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7066 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7065 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7062 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: Not covered by security support +CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7059 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-7058 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7057 + RESERVED +CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: Not covered by security support +CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7053 (An issue was discovered in certain Apple products. iTunes before 12.6. ...) + NOT-FOR-US: Apple +CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.4-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7050 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7049 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7044 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7043 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7042 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7041 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7040 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS be ...) + - webkit2gtk 2.16.3-2 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7035 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7032 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7031 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7028 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7027 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7026 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7025 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7024 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7023 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7022 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7021 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7020 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7019 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.6-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7016 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7015 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2 +CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7011 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2 +CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7007 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple +CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: https://webkitgtk.org/security/WSA-2017-0006.html + NOTE: Not covered by security support +CVE-2017-7005 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules +CVE-2017-7000 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-6999 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6998 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6997 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6996 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6995 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6994 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6993 + RESERVED +CVE-2017-6992 + RESERVED +CVE-2017-6991 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOTE: Unspecified sqlite issue found by Apple, no further details available +CVE-2017-6990 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6989 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6988 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6987 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6986 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6985 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6984 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-6983 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOTE: Unspecified sqlite issue found by Apple, no further details available +CVE-2017-6982 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6981 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6980 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-6979 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-6978 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6977 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6976 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-6975 (Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack ...) + NOT-FOR-US: Applie +CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT Configurati ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/30/4 +CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an e ...) + NOT-FOR-US: AlienVault +CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow rem ...) + NOT-FOR-US: AlienVault +CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow loc ...) + NOT-FOR-US: AlienVault +CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated u ...) + NOT-FOR-US: GMV Checker ATM Security +CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer over ...) + - binutils 2.28-3 (bug #858256) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14 +CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect ...) + {DLA-872-1} + [experimental] - xrdp 0.9.2~20170325-1~exp1 + - xrdp 0.9.1-9 (bug #858143) + [jessie] - xrdp (Minor issue) + NOTE: https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742 + NOTE: https://github.com/neutrinolabs/xrdp/issues/350 + NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694 + NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696 + NOTE: https://www.openwall.com/lists/oss-security/2017/03/18/1 + NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f +CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically read-a ...) + - binutils 2.28-3 (bug #858263) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9 +CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while process ...) + - binutils 2.28-3 (bug #858264) + [jessie] - binutils (Minor issue) + [wheezy] - binutils (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 + NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493 +CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and Ubun ...) + {DSA-3823-1 DLA-876-1} + - eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872) + NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627 +CVE-2017-6963 + RESERVED +CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) + {DLA-2911-1} + - apng2gif 1.8-0.1 (bug #854447) + [jessie] - apng2gif (Vulnerable code introduced later with refactoring) + [wheezy] - apng2gif (Vulnerable code introduced later with refactoring) +CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitizatio ...) + {DLA-2911-1} + - apng2gif 1.8-0.1 (bug #854441) + [jessie] - apng2gif (Vulnerable code introduced later with refactoring) + [wheezy] - apng2gif (Vulnerable code introduced later with refactoring) +CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...) + {DLA-2911-1 DLA-2165-1 DLA-981-1} + - apng2gif 1.8-0.1 (bug #854367) +CVE-2017-6959 + REJECTED +CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...) + NOT-FOR-US: MantisBT Source Integration Plugin +CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...) + NOT-FOR-US: Firmware on some Broadcom SoCs +CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ov ...) + NOT-FOR-US: Firmware on some Broadcom SoCs +CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...) + NOT-FOR-US: wordpress Anyone plugin +CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress Do ...) + NOT-FOR-US: wordpress buddypress docs plugin +CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflo ...) + NOT-FOR-US: Gemalto SmartDiag Diagnosis Tool +CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...) + - capstone (Vulnerable code not present, in Windows specific distribution) +CVE-2017-9999 + REJECTED +CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linu ...) + {DLA-922-1} + - linux 4.0.2-1 + [jessie] - linux 3.16.43-1 +CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended sec ...) + NOT-FOR-US: SAP +CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...) + {DLA-908-1} + - chicken 4.12.0-0.2 (bug #858057) + [stretch] - chicken (Minor issue) + [jessie] - chicken (Minor issue) + NOTE: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html +CVE-2017-6948 + RESERVED +CVE-2017-6947 + RESERVED +CVE-2017-6946 + RESERVED +CVE-2017-6945 + RESERVED +CVE-2017-6944 + RESERVED +CVE-2017-6943 + RESERVED +CVE-2017-6942 + RESERVED +CVE-2017-6941 + RESERVED +CVE-2017-6940 + RESERVED +CVE-2017-6939 + RESERVED +CVE-2017-6938 + RESERVED +CVE-2017-6937 + RESERVED +CVE-2017-6936 + RESERVED +CVE-2017-6935 + RESERVED +CVE-2017-6934 + RESERVED +CVE-2017-6933 + RESERVED +CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray modul ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node access ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission t ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/sa-core-2018-001 +CVE-2017-6925 (In versions of Drupal 8 core prior to 8.3.7; There is a vulnerability ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-004 +CVE-2017-6924 (In Drupal 8 prior to 8.3.7; When using the REST API, users without the ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-004 +CVE-2017-6923 (In Drupal 8.x prior to 8.3.7 When creating a view, you can optionally ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-004 +CVE-2017-6922 (In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; P ...) + {DSA-3897-1 DLA-1004-1} + - drupal8 (bug #756305) + - drupal7 7.56-1 (bug #865498) + NOTE: https://www.drupal.org/SA-CORE-2017-003 + NOTE: http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936 +CVE-2017-6921 (In Drupal 8 prior to 8.3.4; The file REST resource does not properly v ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-003 +CVE-2017-6920 (Drupal core 8 before versions 8.3.4 allows remote attackers to execute ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-003 +CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access bypa ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-CORE-2017-002 +CVE-2017-6918 (CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to th ...) + NOT-FOR-US: BigTree CMS +CVE-2017-6917 (CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admi ...) + NOT-FOR-US: BigTree CMS +CVE-2017-6916 (CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to ...) + NOT-FOR-US: BigTree CMS +CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the a ...) + NOT-FOR-US: BigTree CMS +CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to ...) + NOT-FOR-US: BigTree CMS +CVE-2017-6913 (Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail b ...) + NOT-FOR-US: Open-Xchange +CVE-2017-6912 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...) + NOT-FOR-US: USB Pratirodh +CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing Gate ...) + NOT-FOR-US: Kaazing Gateway +CVE-2017-6909 (An issue was discovered in Shimmie <= 2.5.1. The vulnerability exists ...) + NOT-FOR-US: Shimmie +CVE-2017-6908 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exi ...) + NOT-FOR-US: concrete5 +CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerabilit ...) + NOT-FOR-US: Open.GL +CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0. The vulnerabili ...) + NOT-FOR-US: SiberianCMS +CVE-2017-6905 (An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exi ...) + NOT-FOR-US: concrete5 +CVE-2017-6904 + RESERVED +CVE-2017-6902 + REJECTED +CVE-2017-6901 + RESERVED +CVE-2017-6900 (An issue was discovered in Riello NetMan 204 14-2 and 15-2. The issue ...) + NOT-FOR-US: Riello NetMan +CVE-2017-6899 (The msm_bus_dbg_update_request_write function in drivers/platform/msm/ ...) + NOT-FOR-US: android_kernel_huawei_msm8916 in LineageOS (and other kernels for MSM devices) +CVE-2017-6898 + RESERVED +CVE-2017-6897 + RESERVED +CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wi ...) + NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router +CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ( ...) + NOT-FOR-US: USB Pratirodh +CVE-2017-6894 (A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 a ...) + NOT-FOR-US: FlexNet Manager Suite +CVE-2017-6893 + RESERVED +CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) + {DLA-2418-1 DLA-985-1} + - libsndfile 1.0.28-1 (bug #864704) + [jessie] - libsndfile (Minor issue) + NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 +CVE-2017-6891 (Two errors in the "asn1_find_node()" function (lib/parser_aux.c) withi ...) + {DSA-3861-1 DLA-950-1} + - libtasn1-6 4.10-1.1 (bug #863186) + - libtasn1-3 + NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/ + NOTE: https://gitlab.com/gnutls/libtasn1/commit/5520704d075802df25ce4ffccc010ba1641bd484 +CVE-2017-6890 (A boundary error within the "foveon_load_camf()" function (dcraw_foveo ...) + NOT-FOR-US: libraw demosaic extension (not packaged in Debian) +CVE-2017-6889 (An integer overflow error within the "foveon_load_camf()" function (dc ...) + NOT-FOR-US: libraw demosaic extension (not packaged in Debian) +CVE-2017-6888 (An error in the "read_metadata_vorbiscomment_()" function (src/libFLAC ...) + {DLA-2514-1} + - flac 1.3.2-2 (low; bug #897015) + [jessie] - flac (Minor issue) + [wheezy] - flac (Minor issue) + NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/ + NOTE: https://github.com/xiph/flac/commit/4f47b63e9c971e6391590caf00a0f2a5ed612e67 (1.3.3) + NOTE: https://android.googlesource.com/platform/external/flac/+/4f47b63e9c971e6391590caf00a0f2a5ed612e67 +CVE-2017-6887 (A boundary error within the "parse_tiff_ifd()" function (internal/dcra ...) + {DSA-3950-1 DLA-1057-1} + - libraw 0.18.2-2 (bug #864183) + NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251 +CVE-2017-6886 (An error within the "parse_tiff_ifd()" function (internal/dcraw_common ...) + {DSA-3950-1 DLA-1057-1} + - libraw 0.18.2-2 (bug #864183) + NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251 +CVE-2017-6885 (An error when handling certain external commands and services related ...) + NOT-FOR-US: FlexNet +CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has insuff ...) + {DSA-3812-1} + - ioquake3 1.36+u20161101+dfsg1-2 (bug #857699) + [wheezy] - ioquake3 (Not supported in Wheezy LTS) + - iortcw 1.50a+dfsg1-3 (bug #857714) + NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/ + NOTE: Also affects openjk (only in experimental; bug #857715) +CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926 ...) + NOT-FOR-US: Zyxel +CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF be ...) + NOT-FOR-US: Foxit +CVE-2017-6882 + RESERVED +CVE-2017-6881 + RESERVED +CVE-2017-6880 (Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attacker ...) + NOT-FOR-US: Cerberus FTP Server +CVE-2017-6879 + RESERVED +CVE-2017-6878 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remo ...) + NOT-FOR-US: MetInfo +CVE-2017-6877 (Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim ...) + NOT-FOR-US: Lutim +CVE-2017-6876 + RESERVED +CVE-2017-6875 + RESERVED +CVE-2017-6874 (Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 a ...) + - linux 4.9.16-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/040757f738e13caaa9c5078bca79aa97e11dde88 +CVE-2017-6873 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...) + NOT-FOR-US: Siemens +CVE-2017-6872 (A vulnerability was discovered in Siemens OZW672 (all versions) and OZ ...) + NOT-FOR-US: Siemens +CVE-2017-6871 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...) + NOT-FOR-US: Siemens +CVE-2017-6870 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient fo ...) + NOT-FOR-US: Siemens +CVE-2017-6869 (A vulnerability was discovered in Siemens ViewPort for Web Office Port ...) + NOT-FOR-US: Siemens +CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP ...) + NOT-FOR-US: Siemens +CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before U ...) + NOT-FOR-US: Siemens +CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...) + NOT-FOR-US: Siemens +CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST) (All v ...) + NOT-FOR-US: Siemens +CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) + NOT-FOR-US: Siemens +CVE-2017-6863 + RESERVED +CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before 1. ...) + NOT-FOR-US: NETGEAR +CVE-2017-6861 + RESERVED +CVE-2017-6860 + RESERVED +CVE-2017-6859 + RESERVED +CVE-2017-6858 + RESERVED +CVE-2017-6857 + RESERVED +CVE-2017-6856 + RESERVED +CVE-2017-6855 + RESERVED +CVE-2017-6854 + RESERVED +CVE-2017-6853 + RESERVED +CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka aud ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ + NOTE: https://github.com/mpruett/audiofile/issues/41 + NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9 +CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ + NOTE: https://github.com/mpruett/audiofile/issues/41 + NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c + NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 +CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote att ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/ + NOTE: https://github.com/mpruett/audiofile/issues/41 + NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in li ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h + NOTE: https://github.com/mpruett/audiofile/issues/40 + NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c + NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 +CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio Fi ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp + NOTE: https://github.com/mpruett/audiofile/issues/39 + NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp + NOTE: https://github.com/mpruett/audiofile/issues/38 + NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c + NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 +CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio F ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp + NOTE: https://github.com/mpruett/audiofile/issues/37 + NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp + NOTE: https://github.com/mpruett/audiofile/issues/36 + NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp + NOTE: https://github.com/mpruett/audiofile/issues/35 + NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 +CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp + NOTE: https://github.com/mpruett/audiofile/issues/34 + NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c + NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7 +CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka audiof ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://github.com/mpruett/audiofile/issues/33 + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp + NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f +CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://github.com/mpruett/audiofile/issues/31 + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp + NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients func ...) + {DSA-3814-1 DLA-867-1} + - audiofile 0.3.6-4 (bug #857651) + NOTE: https://github.com/mpruett/audiofile/issues/32 + NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp + NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 +CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.c in I ...) + {DSA-3808-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #857426) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b +CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in Jas ...) + {DSA-3827-1 DLA-920-1} + - jasper + NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/11 + NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387 + NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl +CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before 1.900. ...) + - jasper (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2016/10/20/5 + NOTE: Not suitable for code injection, hardly denial of service + NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd +CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in Mujstes ...) + {DLA-2765-1} + - mupdf 1.11+ds1-1 (unimportant) + [wheezy] - mupdf (Vulnerable code not present) + NOTE: Although jstest_main.c compiled during build and mujstest is created + NOTE: it is not included in the produced binary packages + NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/19 +CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in A ...) + {DLA-2765-1} + - mupdf 1.11+ds1-1 (unimportant) + [wheezy] - mupdf (Vulnerable code not present) + NOTE: Although jstest_main.c compiled during build and mujstest is created + NOTE: it is not included in the produced binary packages + NOTE: https://www.openwall.com/lists/oss-security/2016/10/16/20 +CVE-2017-XXXX [Server certificates are not verified] + - profanity 0.5.1-1 (bug #857546) + [jessie] - profanity (Minor issue) + NOTE: https://github.com/boothj5/profanity/issues/280 +CVE-2017-7191 (The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to c ...) + - irssi 1.0.2-1 (bug #857502) + [jessie] - irssi (Different code path caused the netjoins to be flushed prior reaching use-after-free condition) + [wheezy] - irssi (Different code path caused the netjoins to be flushed prior reaching use-after-free condition) + NOTE: https://irssi.org/security/irssi_sa_2017_03.txt + NOTE: https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3 +CVE-2017-6826 + RESERVED +CVE-2017-6825 + RESERVED +CVE-2017-6824 + RESERVED +CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges ...) + NOT-FOR-US: Fiyo CMS +CVE-2017-6822 + RESERVED +CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka Z ...) + NOT-FOR-US: Zimbra +CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is su ...) + {DLA-855-1} + - roundcube 1.2.3+dfsg.1-3 (bug #857473) + NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305 + NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4 + NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124 + NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8 +CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fa ...) + NOT-FOR-US: Zimbra +CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2017-6810 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2017-6809 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2017-6808 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Tr ...) + - libapache2-mod-auth-mellon 0.12.0-2 + [jessie] - libapache2-mod-auth-mellon (Minor issue) +CVE-2017-6806 + RESERVED +CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm Pers ...) + NOT-FOR-US: MobaXterm +CVE-2017-6804 + REJECTED +CVE-2017-6803 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) + NOT-FOR-US: SolarWinds (formerly Serv-U) FTP Voyager +CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking vulne ...) + NOT-FOR-US: Trend Micro Endpoint Sensor +CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential he ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.2-1 + NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc +CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ou ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.2-1 + NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7 +CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory acces ...) + {DSA-3846-1} + - libytnef 1.9.2-1 + [wheezy] - libytnef (vulnerable code not present) + NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89 +CVE-2017-6799 (A cross-site scripting (XSS) vulnerability in view_filters_page.php in ...) + - mantis (Vulnerable versions only 2.1.0 through 2.2.0) + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95 + NOTE: http://www.mantisbt.org/bugs/view.php?id=22497 +CVE-2017-6797 (A cross-site scripting (XSS) vulnerability in bug_change_status_page.p ...) + - mantis + [wheezy] - mantis (Unsupported in Wheezy LTS) + NOTE: https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f + NOTE: https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e + NOTE: http://www.mantisbt.org/bugs/view.php?id=22486 +CVE-2017-6796 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...) + NOT-FOR-US: Cisco +CVE-2017-6795 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...) + NOT-FOR-US: Cisco +CVE-2017-6794 (A vulnerability in the CLI command-parsing code of Cisco Meeting Serve ...) + NOT-FOR-US: Cisco +CVE-2017-6793 (A vulnerability in the Inventory Management feature of Cisco Prime Col ...) + NOT-FOR-US: Cisco +CVE-2017-6792 (A vulnerability in the batch provisioning feature in Cisco Prime Colla ...) + NOT-FOR-US: Cisco +CVE-2017-6791 (A vulnerability in the Trust Verification Service (TVS) of Cisco Unifi ...) + NOT-FOR-US: Cisco +CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-6789 (A vulnerability in the Cisco Unified Intelligence Center web interface ...) + NOT-FOR-US: Cisco +CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client ...) + NOT-FOR-US: Cisco +CVE-2017-6787 + RESERVED +CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could allow an au ...) + NOT-FOR-US: Cisco +CVE-2017-6785 (A vulnerability in configuration modification permissions validation f ...) + NOT-FOR-US: Cisco +CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345, and RV ...) + NOT-FOR-US: Cisco +CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security Appliance ( ...) + NOT-FOR-US: Cisco +CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco Prime Inf ...) + NOT-FOR-US: Cisco +CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisco Pol ...) + NOT-FOR-US: Cisco +CVE-2017-6780 (A vulnerability in the TCP throttling process for Cisco IoT Field Netw ...) + NOT-FOR-US: Cisco +CVE-2017-6779 (Multiple Cisco products are affected by a vulnerability in local file ...) + NOT-FOR-US: Cisco +CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...) + NOT-FOR-US: Cisco +CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services Cont ...) + NOT-FOR-US: Cisco +CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services Control ...) + NOT-FOR-US: Cisco +CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...) + NOT-FOR-US: Cisco +CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers r ...) + NOT-FOR-US: Cisco +CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Service ...) + NOT-FOR-US: Cisco +CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC) could allow ...) + NOT-FOR-US: Cisco +CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco Ultra Serv ...) + NOT-FOR-US: Cisco +CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Softwar ...) + NOT-FOR-US: Cisco +CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco Sec ...) + NOT-FOR-US: Cisco +CVE-2017-6768 (A vulnerability in the build procedure for certain executable system f ...) + NOT-FOR-US: Cisco +CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure Controller ...) + NOT-FOR-US: Cisco +CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and Inspe ...) + NOT-FOR-US: Cisco +CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) + NOT-FOR-US: Cisco +CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) + NOT-FOR-US: Cisco +CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco M ...) + NOT-FOR-US: Cisco +CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber ...) + NOT-FOR-US: Cisco +CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...) + NOT-FOR-US: Cisco +CVE-2017-6760 + RESERVED +CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...) + NOT-FOR-US: Cisco +CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5 ...) + NOT-FOR-US: Cisco +CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime Collabora ...) + NOT-FOR-US: Cisco +CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration Pro ...) + NOT-FOR-US: Cisco +CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco Sma ...) + NOT-FOR-US: Cisco +CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome an ...) + NOT-FOR-US: Cisco +CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security Ap ...) + NOT-FOR-US: Cisco +CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web Securi ...) + NOT-FOR-US: Cisco +CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...) + NOT-FOR-US: Cisco +CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco Web Sec ...) + NOT-FOR-US: Cisco +CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...) + NOT-FOR-US: Cisco +CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Service ...) + NOT-FOR-US: Cisco +CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security Applian ...) + NOT-FOR-US: Cisco +CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape Distributi ...) + NOT-FOR-US: Cisco +CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS a ...) + NOT-FOR-US: Cisco +CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 ...) + NOT-FOR-US: Cisco +CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco FireS ...) + NOT-FOR-US: Cisco +CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2017-6733 (A vulnerability in the web-based application interface of the Cisco Id ...) + NOT-FOR-US: Cisco +CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime Network ...) + NOT-FOR-US: Cisco +CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress ...) + NOT-FOR-US: Cisco +CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area Application Se ...) + NOT-FOR-US: Cisco +CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing functi ...) + NOT-FOR-US: Cisco +CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of Cisco Wi ...) + NOT-FOR-US: Cisco +CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway could al ...) + NOT-FOR-US: Cisco +CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) + NOT-FOR-US: Cisco +CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) + NOT-FOR-US: Cisco +CVE-2017-6723 + RESERVED +CVE-2017-6722 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) + NOT-FOR-US: Cisco +CVE-2017-6721 (A vulnerability in the ingress processing of fragmented TCP packets by ...) + NOT-FOR-US: Cisco +CVE-2017-6720 (A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small Bus ...) + NOT-FOR-US: Cisco +CVE-2017-6719 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2017-6718 (A vulnerability in the CLI of Cisco IOS XR Software could allow an aut ...) + NOT-FOR-US: Cisco +CVE-2017-6717 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) + NOT-FOR-US: Cisco +CVE-2017-6716 (A vulnerability in the web framework code of Cisco Firepower Managemen ...) + NOT-FOR-US: Cisco +CVE-2017-6715 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) + NOT-FOR-US: Cisco +CVE-2017-6714 (A vulnerability in the AutoIT service of Cisco Ultra Services Framewor ...) + NOT-FOR-US: Cisco +CVE-2017-6713 (A vulnerability in the Play Framework of Cisco Elastic Services Contro ...) + NOT-FOR-US: Cisco +CVE-2017-6712 (A vulnerability in certain commands of Cisco Elastic Services Controll ...) + NOT-FOR-US: Cisco +CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the Cisco Ult ...) + NOT-FOR-US: Cisco +CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF) Element Ma ...) + NOT-FOR-US: Cisco +CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra Services Frame ...) + NOT-FOR-US: Cisco +CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation functionality ...) + NOT-FOR-US: Cisco +CVE-2017-6707 (A vulnerability in the CLI command-parsing code of the Cisco StarOS op ...) + NOT-FOR-US: Cisco +CVE-2017-6706 (A vulnerability in the logging subsystem of the Cisco Prime Collaborat ...) + NOT-FOR-US: Cisco +CVE-2017-6705 (A vulnerability in the filesystem of the Cisco Prime Collaboration Pro ...) + NOT-FOR-US: Cisco +CVE-2017-6704 (A vulnerability in the web application in the Cisco Prime Collaboratio ...) + NOT-FOR-US: Cisco +CVE-2017-6703 (A vulnerability in the web application in the Cisco Prime Collaboratio ...) + NOT-FOR-US: Cisco +CVE-2017-6702 (A vulnerability in the web framework of Cisco SocialMiner could allow ...) + NOT-FOR-US: Cisco +CVE-2017-6701 (A vulnerability in the web application interface of the Cisco Identity ...) + NOT-FOR-US: Cisco +CVE-2017-6700 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2017-6699 (A vulnerability in the web-based management interface of Cisco Prime I ...) + NOT-FOR-US: Cisco +CVE-2017-6698 (A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved Pro ...) + NOT-FOR-US: Cisco +CVE-2017-6697 (A vulnerability in the web interface of Cisco Elastic Services Control ...) + NOT-FOR-US: Cisco +CVE-2017-6696 (A vulnerability in the file system of Cisco Elastic Services Controlle ...) + NOT-FOR-US: Cisco +CVE-2017-6695 (A vulnerability in the ConfD server in Cisco Ultra Services Platform c ...) + NOT-FOR-US: Cisco +CVE-2017-6694 (A vulnerability in the Virtual Network Function Manager's (VNFM) loggi ...) + NOT-FOR-US: Cisco +CVE-2017-6693 (A vulnerability in the ConfD server component of Cisco Elastic Service ...) + NOT-FOR-US: Cisco +CVE-2017-6692 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) + NOT-FOR-US: Cisco +CVE-2017-6691 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) + NOT-FOR-US: Cisco +CVE-2017-6690 (A vulnerability in the file check operation of Cisco ASR 5000 Series A ...) + NOT-FOR-US: Cisco +CVE-2017-6689 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) + NOT-FOR-US: Cisco +CVE-2017-6688 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...) + NOT-FOR-US: Cisco +CVE-2017-6687 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) + NOT-FOR-US: Cisco +CVE-2017-6686 (A vulnerability in Cisco Ultra Services Framework Element Manager coul ...) + NOT-FOR-US: Cisco +CVE-2017-6685 (A vulnerability in Cisco Ultra Services Framework Staging Server could ...) + NOT-FOR-US: Cisco +CVE-2017-6684 (A vulnerability in Cisco Elastic Services Controllers could allow an a ...) + NOT-FOR-US: Cisco +CVE-2017-6683 (A vulnerability in the esc_listener.py script of Cisco Elastic Service ...) + NOT-FOR-US: Cisco +CVE-2017-6682 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...) + NOT-FOR-US: Cisco +CVE-2017-6681 (A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Ser ...) + NOT-FOR-US: Cisco +CVE-2017-6680 (A vulnerability in the AutoVNF logging function of Cisco Ultra Service ...) + NOT-FOR-US: Cisco +CVE-2017-6679 (The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained ...) + NOT-FOR-US: Cisco +CVE-2017-6678 (A vulnerability in the ingress UDP packet processing functionality of ...) + NOT-FOR-US: Cisco +CVE-2017-6677 + RESERVED +CVE-2017-6676 + RESERVED +CVE-2017-6675 (A vulnerability in the web interface of Cisco Industrial Network Direc ...) + NOT-FOR-US: Cisco +CVE-2017-6674 (A vulnerability in the feature-license management functionality of Cis ...) + NOT-FOR-US: Cisco +CVE-2017-6673 (A vulnerability in Cisco Firepower Management Center could allow an au ...) + NOT-FOR-US: Cisco +CVE-2017-6672 (A vulnerability in certain filtering mechanisms of access control list ...) + NOT-FOR-US: Cisco +CVE-2017-6671 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...) + NOT-FOR-US: Cisco +CVE-2017-6670 (A vulnerability in the web-based GUI of Cisco Unified Communications D ...) + NOT-FOR-US: Cisco +CVE-2017-6669 (Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Netw ...) + NOT-FOR-US: Cisco +CVE-2017-6668 (Vulnerabilities in the web-based GUI of Cisco Unified Communications D ...) + NOT-FOR-US: Cisco +CVE-2017-6667 (A vulnerability in the update process for the dynamic JAR file of the ...) + NOT-FOR-US: Cisco +CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software f ...) + NOT-FOR-US: Cisco +CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...) + NOT-FOR-US: Cisco +CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE So ...) + NOT-FOR-US: Cisco +CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS Softw ...) + NOT-FOR-US: Cisco +CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime Infrast ...) + NOT-FOR-US: Cisco +CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email S ...) + NOT-FOR-US: Cisco +CVE-2017-6660 + RESERVED +CVE-2017-6659 (A vulnerability in the web-based management interface of Cisco Prime C ...) + NOT-FOR-US: Cisco +CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread rela ...) + NOT-FOR-US: Cisco +CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type Vali ...) + NOT-FOR-US: Cisco +CVE-2017-6656 (A vulnerability in Session Initiation Protocol (SIP) call handling of ...) + NOT-FOR-US: Cisco +CVE-2017-6655 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol imp ...) + NOT-FOR-US: Cisco +CVE-2017-6654 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-6653 (A vulnerability in the TCP throttling process for the GUI of the Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence IX5000 ...) + NOT-FOR-US: Cisco +CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow unauthentic ...) + NOT-FOR-US: Cisco +CVE-2017-6650 (A vulnerability in the Telnet CLI command of Cisco NX-OS System Softwa ...) + NOT-FOR-US: Cisco +CVE-2017-6649 (A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through ...) + NOT-FOR-US: Cisco +CVE-2017-6648 (A vulnerability in the Session Initiation Protocol (SIP) of the Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-6647 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6646 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6645 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6644 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6643 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6642 (A vulnerability in the web interface of Cisco Remote Expert Manager So ...) + NOT-FOR-US: Cisco +CVE-2017-6641 (A vulnerability in the TCP connection handling functionality of Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-6640 (A vulnerability in Cisco Prime Data Center Network Manager (DCNM) Soft ...) + NOT-FOR-US: Cisco +CVE-2017-6639 (A vulnerability in the role-based access control (RBAC) functionality ...) + NOT-FOR-US: Cisco +CVE-2017-6638 (A vulnerability in how DLL files are loaded with Cisco AnyConnect Secu ...) + NOT-FOR-US: Cisco +CVE-2017-6637 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) + NOT-FOR-US: Cisco +CVE-2017-6636 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) + NOT-FOR-US: Cisco +CVE-2017-6635 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) + NOT-FOR-US: Cisco +CVE-2017-6634 (A vulnerability in the Device Manager web interface of Cisco Industria ...) + NOT-FOR-US: Cisco +CVE-2017-6633 (A vulnerability in the TCP throttling process of Cisco UCS C-Series Ra ...) + NOT-FOR-US: Cisco +CVE-2017-6632 (A vulnerability in the logging configuration of Secure Sockets Layer ( ...) + NOT-FOR-US: Cisco +CVE-2017-6631 (A vulnerability in the HTTP remote procedure call (RPC) service of set ...) + NOT-FOR-US: Cisco +CVE-2017-6630 (A vulnerability in the Session Initiation Protocol (SIP) implementatio ...) + NOT-FOR-US: Cisco +CVE-2017-6629 (A vulnerability in the ImageID parameter of Cisco Unity Connection 10. ...) + NOT-FOR-US: Cisco +CVE-2017-6628 (A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide ...) + NOT-FOR-US: Cisco +CVE-2017-6627 (A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, an ...) + NOT-FOR-US: Cisco +CVE-2017-6626 (A vulnerability in the Cisco Finesse Notification Service for Cisco Un ...) + NOT-FOR-US: Cisco +CVE-2017-6625 (A "Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA wi ...) + NOT-FOR-US: Cisco +CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager E ...) + NOT-FOR-US: Cisco +CVE-2017-6623 (A vulnerability in a script file that is installed as part of the Cisc ...) + NOT-FOR-US: Cisco +CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime Collaboration Pro ...) + NOT-FOR-US: Cisco +CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime Collaboration Prov ...) + NOT-FOR-US: Cisco +CVE-2017-6620 (A vulnerability in the remote management access control list (ACL) fea ...) + NOT-FOR-US: Cisco +CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) + NOT-FOR-US: Cisco +CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) + NOT-FOR-US: Cisco +CVE-2017-6617 (A vulnerability in the session identification management functionality ...) + NOT-FOR-US: Cisco +CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management Co ...) + NOT-FOR-US: Cisco +CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) + NOT-FOR-US: Cisco +CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...) + NOT-FOR-US: Cisco +CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime Netw ...) + NOT-FOR-US: Cisco +CVE-2017-6612 (A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR 5 ...) + NOT-FOR-US: Cisco +CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructur ...) + NOT-FOR-US: Cisco +CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH c ...) + NOT-FOR-US: Cisco +CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...) + NOT-FOR-US: Cisco +CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer ...) + NOT-FOR-US: Cisco +CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an u ...) + NOT-FOR-US: Cisco +CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could all ...) + NOT-FOR-US: Cisco +CVE-2017-6605 (A vulnerability in the web-based management interface of Cisco Identit ...) + NOT-FOR-US: Cisco +CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management Co ...) + NOT-FOR-US: Cisco +CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running wit ...) + NOT-FOR-US: Cisco +CVE-2017-6602 (A vulnerability in the CLI of Cisco Unified Computing System (UCS) Man ...) + NOT-FOR-US: Cisco +CVE-2017-6601 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...) + NOT-FOR-US: Cisco +CVE-2017-6600 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...) + NOT-FOR-US: Cisco +CVE-2017-6599 (A vulnerability in Google-defined remote procedure call (gRPC) handlin ...) + NOT-FOR-US: Cisco +CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco Unifie ...) + NOT-FOR-US: Cisco +CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified Com ...) + NOT-FOR-US: Cisco +CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer o ...) + {DLA-923-1} + [experimental] - partclone 0.2.90-1 + - partclone 0.2.89-3 (bug #857966) + [jessie] - partclone (Minor issue) + NOTE: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md + NOTE: https://github.com/Thomas-Tsai/partclone/issues/91 + NOTE: https://github.com/Thomas-Tsai/partclone/commit/2d6bcfd8016dc6090090934bab71c663d9a4d36d + NOTE: https://github.com/Thomas-Tsai/partclone/commit/96401fb5b7221fc5f44df7079485c395f9c3a428 +CVE-2017-6595 + RESERVED +CVE-2017-6594 (The transit path validation code in Heimdal before 7.3 might allow att ...) + - heimdal 7.1.0+dfsg-12 + [wheezy] - heimdal (Minor issue) + NOTE: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837 + NOTE: See https://lists.debian.org/debian-lts/2017/05/msg00010.html +CVE-2017-6593 + RESERVED +CVE-2017-6592 + RESERVED +CVE-2017-6591 (There is a cross-site scripting vulnerability in django-epiceditor 0.2 ...) + NOT-FOR-US: django-epiceditor +CVE-2017-6590 (An issue was discovered in network-manager-applet (aka network-manager ...) + - network-manager-applet (unimportant) + NOTE: Marked as 'unimportant', since not exploitable in Debian, although the source + NOTE: would be affected as well for Debian. + NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321 +CVE-2017-6589 (EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecu ...) + NOT-FOR-US: django-epiceditor +CVE-2017-6588 + RESERVED +CVE-2017-6587 + RESERVED +CVE-2017-6586 + RESERVED +CVE-2017-6585 + RESERVED +CVE-2017-6584 + RESERVED +CVE-2017-6583 + RESERVED +CVE-2017-6582 + RESERVED +CVE-2017-6581 + RESERVED +CVE-2017-6580 + RESERVED +CVE-2017-6579 + RESERVED +CVE-2017-6578 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6577 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6576 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6575 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6574 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6573 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6572 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6571 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6570 (A SQL injection issue is exploitable, with WordPress admin access, in ...) + NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress +CVE-2017-6569 + RESERVED +CVE-2017-6568 + RESERVED +CVE-2017-6567 + RESERVED +CVE-2017-6566 + RESERVED +CVE-2017-6565 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDia ...) + NOT-FOR-US: Franklin Fueling Systems TS-550 evo +CVE-2017-6564 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest u ...) + NOT-FOR-US: Franklin Fueling Systems TS-550 evo +CVE-2017-6563 + RESERVED +CVE-2017-6562 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetOb ...) + NOT-FOR-US: Agora-Project +CVE-2017-6561 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action ...) + NOT-FOR-US: Agora-Project +CVE-2017-6560 (XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[ ...) + NOT-FOR-US: Agora-Project +CVE-2017-6559 (XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNo ...) + NOT-FOR-US: Agora-Project +CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n ...) + NOT-FOR-US: iball Baton +CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the p ...) + NOT-FOR-US: ArrayOS +CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2. ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...) + NOT-FOR-US: Quest Privilege Manager +CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix befor ...) + NOT-FOR-US: Quest One Identity Privilege Manager for Unix +CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...) + NOT-FOR-US: Livebox 3 Sagemcom +CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a denial o ...) + NOT-FOR-US: Pexip Infinity +CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerl ...) + NOT-FOR-US: Kinsey Infor-Lawson +CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC6 ...) + NOT-FOR-US: ASUS +CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, RT- ...) + NOT-FOR-US: ASUS +CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT- ...) + NOT-FOR-US: ASUS +CVE-2017-6546 + RESERVED +CVE-2017-6545 + RESERVED +CVE-2017-6544 (Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuh ...) + NOT-FOR-US: wuhu +CVE-2017-6543 (Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance be ...) + NOT-FOR-US: Nessus +CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...) + - putty 0.67-3 (bug #857642) + [jessie] - putty (Minor issue) + [wheezy] - putty (Minor issue) + NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html + NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68) + NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if + NOTE: the attacker can already be able to connect to the Unix-domain socket + NOTE: representing the forwarded agent connection. +CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) + NOT-FOR-US: webpagetest +CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) + NOT-FOR-US: webpagetest +CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) + NOT-FOR-US: webpagetest +CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + NOT-FOR-US: webpagetest +CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + NOT-FOR-US: webpagetest +CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) + NOT-FOR-US: webpagetest +CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in webpaget ...) + NOT-FOR-US: webpagetest +CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + NOT-FOR-US: webpagetest +CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...) + NOT-FOR-US: webpagetest +CVE-2017-6532 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ha ...) + NOT-FOR-US: Televes COAXDATA GATEWAY +CVE-2017-6531 (On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ...) + NOT-FOR-US: Televes COAXDATA GATEWAY +CVE-2017-6530 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do ...) + NOT-FOR-US: Televes COAXDATA GATEWAY +CVE-2017-6529 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) + NOT-FOR-US: dnaLIMS +CVE-2017-6528 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affe ...) + NOT-FOR-US: dnaLIMS +CVE-2017-6527 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) + NOT-FOR-US: dnaLIMS +CVE-2017-6526 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vuln ...) + NOT-FOR-US: dnaLIMS +CVE-2017-6525 + RESERVED +CVE-2017-6524 + RESERVED +CVE-2017-6523 + RESERVED +CVE-2017-6522 + RESERVED +CVE-2017-6521 + RESERVED +CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvert ...) + NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 +CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to ...) + - avahi 0.7-5 (unimportant; bug #917047) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712 + NOTE: https://github.com/lathiat/avahi/issues/203 + NOTE: https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f +CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...) + NOT-FOR-US: SanaCMS +CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow a ...) + NOT-FOR-US: Microsoft +CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo befo ...) + NOT-FOR-US: MagniComp +CVE-2017-6515 + RESERVED +CVE-2017-6514 (WordPress 4.7.2 mishandles listings of post authors, which allows remo ...) + - wordpress (unimportant) + NOTE: No security impact +CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2 ...) + NOT-FOR-US: Softaculous Virtualizor +CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the File-Pat ...) + {DSA-3873-1 DLA-978-1} + - perl 5.24.1-3 (bug #863870) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951 + NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2 +CVE-2016-10245 (Insufficient sanitization of the query parameter in templates/html/sea ...) + {DLA-1812-1} + - doxygen 1.8.12-1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762934 + NOTE: https://github.com/doxygen/doxygen/commit/1cc1adad2de03a0f013881b8960daf89aa155081 (Release_1_8_12) +CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in ...) + NOT-FOR-US: FineCMS +CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a directory ...) + NOT-FOR-US: Easy File Sharing FTP Server +CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XS ...) + NOT-FOR-US: burgundy-cms +CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect handling of ...) + - apparmor 2.11.0-3 (bug #858768) + [jessie] - apparmor (Minor issue) + [wheezy] - apparmor (Experimental/unsupported feature) + NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647 + NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648 + NOTE: https://bugs.launchpad.net/apparmor/+bug/1668892 + NOTE: affects only third-party rules, e.g. from Docker or LXC + NOTE: LXC in wheezy doesn't support proper isolation +CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...) + {DSA-3815-1 DLA-860-1} + - wordpress 4.7.3+dfsg-1 (bug #857026) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7 +CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control charact ...) + {DSA-3815-1 DLA-860-1} + - wordpress 4.7.3+dfsg-1 (bug #857026) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e +CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...) + {DSA-3815-1 DLA-860-1} + - wordpress 4.7.3+dfsg-1 (bug #857026) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663 +CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is authentica ...) + {DSA-3815-1} + - wordpress 4.7.3+dfsg-1 (bug #857026) + [wheezy] - wordpress (vulnerable code was introduced later) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8 +CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-si ...) + - wordpress 4.7.3+dfsg-1 (bug #857026) + [jessie] - wordpress (Only affects 4.7.x) + [wheezy] - wordpress (Only affects 4.7.x) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9 +CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...) + - wordpress 4.7.3+dfsg-1 (bug #857026) + [jessie] - wordpress (Only affects 4.2 and later) + [wheezy] - wordpress (Only affects 4.2 and later) + NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/ + NOTE: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829 +CVE-2017-6508 (CRLF injection vulnerability in the url_parse function in url.c in Wge ...) + {DLA-851-1} + - wget 1.19.1-2 (bug #857073) + [buster] - wget 1.18-5 + [stretch] - wget 1.18-5 + [jessie] - wget 1.16-1+deb8u2 + NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html + NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4 +CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function s ...) + NOT-FOR-US: Azure Data Expert Ultimate +CVE-2017-6505 (The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka Qu ...) + {DLA-1497-1 DLA-1071-1 DLA-1070-1} + - qemu 1:2.8+dfsg-4 (bug #856969) + - qemu-kvm + NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb +CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options hea ...) + {DLA-897-1} + - qbittorrent 3.3.7-3 (low; bug #856978) + [jessie] - qbittorrent (Minor issue) + NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d + NOTE: Fixed upstream in 3.3.11 +CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which c ...) + {DLA-897-1} + - qbittorrent 3.3.7-3 (low; bug #856977) + [jessie] - qbittorrent (Minor issue) + NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16 + NOTE: Fixed upstream in 3.3.11 +CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...) + - imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #856883) + NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df +CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf ...) + - imagemagick 8:6.9.7.4+dfsg-2 (bug #856881) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751 +CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun ...) + {DSA-3808-1 DLA-868-1} + - imagemagick 8:6.9.7.4+dfsg-2 (bug #856879) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/375 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/376 +CVE-2017-6499 (An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially ...) + {DSA-3808-1} + - imagemagick 8:6.9.7.4+dfsg-2 (bug #856880) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543 +CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files coul ...) + {DSA-3808-1 DLA-868-1} + - imagemagick 8:6.9.7.4+dfsg-2 (bug #856878) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9 + NOTE: https://github.com/ImageMagick/ImageMagick/pull/359 +CVE-2017-6497 (An issue was discovered in ImageMagick 6.9.7. A specially crafted psd ...) + - imagemagick 8:6.9.7.4+dfsg-2 (bug #856882) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94 +CVE-2017-6496 + RESERVED +CVE-2017-6495 + RESERVED +CVE-2017-6494 + RESERVED +CVE-2017-6493 + RESERVED +CVE-2017-6492 (SQL Injection was discovered in adm_program/modules/dates/dates_functi ...) + NOT-FOR-US: Admidio +CVE-2017-6491 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) + NOT-FOR-US: EPESI +CVE-2017-6490 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) + NOT-FOR-US: EPESI +CVE-2017-6489 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) + NOT-FOR-US: EPESI +CVE-2017-6488 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) + NOT-FOR-US: EPESI +CVE-2017-6487 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1. ...) + NOT-FOR-US: EPESI +CVE-2017-6486 (A Cross-Site Scripting (XSS) issue was discovered in reasoncms before ...) + NOT-FOR-US: reasoncms +CVE-2017-6485 (A Cross-Site Scripting (XSS) issue was discovered in php-calendar befo ...) + NOT-FOR-US: PHP-Calendar +CVE-2017-6484 (Multiple Cross-Site Scripting (XSS) issues were discovered in INTER-Me ...) + NOT-FOR-US: INTER-Mediator +CVE-2017-6483 (Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor 2 ...) + NOT-FOR-US: ATutor +CVE-2017-6482 + REJECTED +CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam ...) + - phpipam (bug #731713) +CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS ...) + NOT-FOR-US: cmsgroovel +CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a re ...) + NOT-FOR-US: FenixHosting (different than fenix game engine) +CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...) + NOT-FOR-US: MaNGOSWebV4 +CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...) + {DSA-3839-1 DLA-848-1} + [experimental] - freetype 2.7.1-0.1 + - freetype 2.6.3-3.1 (bug #856971) + NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7 + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7) +CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by leve ...) + {DSA-3803-1 DLA-847-1} + - texlive-bin 2019.20190605.51237-2 (unimportant) + - texlive-base 2016.20161130-1 + NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/ + NOTE: http://www.tug.org/svn/texlive?view=revision&revision=42605 +CVE-2017-6477 + RESERVED +CVE-2017-6476 + RESERVED +CVE-2017-6475 + RESERVED +CVE-2017-6474 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-07.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429 +CVE-2017-6473 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file p ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-09.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7edc761a01cda8e1b37677f673985582330317d2 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431 +CVE-2017-6472 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dis ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-04.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b3a0909beff8963b390034c594e0b6be6a4e531 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347 +CVE-2017-6471 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infini ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-05.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348 +CVE-2017-6470 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infi ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-10.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432 +CVE-2017-6469 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS diss ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-03.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7 + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346 +CVE-2017-6468 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-08.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430 +CVE-2017-6467 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.5+g440fd4d-2 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-11.html + NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=284ad58d288722a8725401967bff0c4455488f0c + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083 +CVE-2017-6466 (F-Secure Software Updater 2.20, as distributed in several F-Secure pro ...) + NOT-FOR-US: F-Secure +CVE-2017-6465 (Remote Code Execution was discovered in FTPShell Client 6.53. By defau ...) + NOT-FOR-US: FTPShell Client +CVE-2017-6464 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...) + - ntp 1:4.2.8p10+dfsg-1 (low) + [jessie] - ntp (Minor issue) + [wheezy] - ntp (Minor issue) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3389 + NOTE: https://cure53.de/pentest-report_ntp.pdf +CVE-2017-6463 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticate ...) + - ntp 1:4.2.8p10+dfsg-1 + [jessie] - ntp (Minor issue) + [wheezy] - ntp (Minor issue) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387 + NOTE: https://cure53.de/pentest-report_ntp.pdf +CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server (DPTS) re ...) + - ntp 1:4.2.8p10+dfsg-1 (unimportant) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388 + NOTE: https://cure53.de/pentest-report_ntp.pdf + NOTE: Obscure legacy feature, no real impact +CVE-2017-6461 + REJECTED +CVE-2017-6460 (Stack-based buffer overflow in the reslist function in ntpq in NTP bef ...) + - ntp 1:4.2.8p10+dfsg-1 + [jessie] - ntp (Vulnerable code not present) + [wheezy] - ntp (Vulnerable code not present) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3377 + NOTE: https://cure53.de/pentest-report_ntp.pdf +CVE-2017-6459 (The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...) + - ntp (NTP on Windows) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3382 +CVE-2017-6458 (Multiple buffer overflows in the ctl_put* functions in NTP before 4.2. ...) + - ntp 1:4.2.8p10+dfsg-1 (unimportant) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379 + NOTE: https://cure53.de/pentest-report_ntp.pdf + NOTE: This is not a vulnerability per se, but a weakness in an internal helper function +CVE-2017-6457 + REJECTED +CVE-2017-6456 + REJECTED +CVE-2017-6455 (NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...) + - ntp (NTP on Windows) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3384 +CVE-2017-6454 + REJECTED +CVE-2017-6453 + REJECTED +CVE-2017-6452 (Stack-based buffer overflow in the Windows installer for NTP before 4. ...) + - ntp (NTP on Windows) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3383 +CVE-2017-6451 (The mx4200_send function in the legacy MX4200 refclock in NTP before 4 ...) + - ntp (Vulnerable code not enabled at build time) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3378 +CVE-2017-6450 + RESERVED +CVE-2017-6449 + RESERVED +CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...) + {DLA-901-1} + [experimental] - radare2 1.3.0+dfsg-1 + - radare2 1.1.0+dfsg-4 (bug #859447) + [jessie] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257 (1.3.0-git) + NOTE: https://github.com/radare/radare2/issues/6885 +CVE-2017-6447 + RESERVED +CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and ...) + - dotclear +CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment Center (O ...) + NOT-FOR-US: OpenELEC +CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism for unso ...) + NOT-FOR-US: MikroTik Router hAP Lite +CVE-2017-6443 (Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 ...) + NOT-FOR-US: EPSON TMNet WebConfig +CVE-2002-2447 + RESERVED +CVE-2017-XXXX [dns: out of bound memory read] + - suricata 3.2.1-1 (bug #856648) + [jessie] - suricata 2.0.7-2+deb8u3 + [wheezy] - suricata (vulnerable code not present) + NOTE: https://redmine.openinfosecfoundation.org/issues/2022 + NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1) +CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...) + {DLA-1603-1 DLA-865-1} + - suricata 3.2.1-1 (bug #856649) + NOTE: https://redmine.openinfosecfoundation.org/issues/2019 + NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1) +CVE-2017-6442 + RESERVED +CVE-2017-6441 (The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allow ...) + NOTE: PHP bug without security relevance +CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist ...) + - libplist 1.12+git+1+e37ca00-0.2 (bug #858055) + [jessie] - libplist (Minor issue) + [wheezy] - libplist (vulnerable code not present) + NOTE: https://github.com/libimobiledevice/libplist/issues/99 + NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b +CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in bplist ...) + {DLA-2168-1 DLA-870-1} + - libplist 1.12+git+1+e37ca00-0.1 + NOTE: https://github.com/libimobiledevice/libplist/issues/95 + NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd +CVE-2017-6438 (Heap-based buffer overflow in the parse_unicode_node function in bplis ...) + - libplist 1.12+git+1+e37ca00-0.2 (bug #858786) + [jessie] - libplist (Minor issue) + [wheezy] - libplist (vulnerable code not present) + NOTE: https://github.com/libimobiledevice/libplist/issues/98 + NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b +CVE-2017-6437 (The base64encode function in base64.c in libimobiledevice libplist 1.1 ...) + - libplist 1.12+git+1+e37ca00-0.2 (bug #858787) + [jessie] - libplist (Minor issue) + [wheezy] - libplist (vulnerable code not present) + NOTE: https://github.com/libimobiledevice/libplist/issues/100 + NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b +CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice libplis ...) + {DLA-2168-1 DLA-870-1} + - libplist 1.12+git+1+e37ca00-0.1 + NOTE: https://github.com/libimobiledevice/libplist/issues/94 + NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd +CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice libplis ...) + {DLA-2168-1 DLA-870-1} + - libplist 1.12+git+1+e37ca00-0.1 + NOTE: https://github.com/libimobiledevice/libplist/issues/93 + NOTE: https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56 +CVE-2017-6434 + RESERVED +CVE-2017-6433 + RESERVED +CVE-2017-6432 (An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build ...) + NOT-FOR-US: Dahua DVR +CVE-2017-6431 + RESERVED +CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter utility ...) + {DSA-3874-1} + - ettercap 1:0.8.2-4 (bug #857035) + NOTE: https://github.com/Ettercap/ettercap/issues/782 + NOTE: Patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 +CVE-2017-6429 (Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Be ...) + - tcpreplay (Vulnerable code not present) + NOTE: https://github.com/appneta/tcpreplay/issues/278 + NOTE: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9 +CVE-2017-6428 + RESERVED +CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A cr ...) + NOT-FOR-US: EvoStream Media Server +CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in Po ...) + - libpodofo 0.9.5-9 (bug #861566) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/10 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp + NOTE: https://sourceforge.net/p/podofo/tickets/8/ + NOTE: Same fix as for CVE-2017-6845 +CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in PoDoF ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #861565) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/9 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 +CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #861564) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/8 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846 +CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace fun ...) + - libpodofo 0.9.5-9 (bug #861563) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/7 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/ + NOTE: https://sourceforge.net/p/podofo/tickets/9/ + NOTE: Same fix as for CVE-2017-6845 +CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9. ...) + - libpodofo 0.9.5-9 (bug #861562) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: The motivation for no-dsa in wheezy is that there are no known + NOTE: services that use this library (apart from desktop applications) + NOTE: and the worst case is a DoS. + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/6 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892 +CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...) + {DLA-929-1} + - libpodofo 0.9.4-5 (bug #861561) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/5 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ +CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad func ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #861560) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/4 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 +CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #861559) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/3 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 +CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement funct ...) + - libpodofo 0.9.5-9 (bug #861558) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/2 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h + NOTE: https://sourceforge.net/p/podofo/tickets/10/ + NOTE: Same fix as for CVE-2017-6845 +CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in Po ...) + {DLA-968-1} + - libpodofo 0.9.4-6 (bug #861557) + [jessie] - libpodofo (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/02/1 + NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845 +CVE-2017-6426 (An information disclosure vulnerability in the Qualcomm SPMI driver. P ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-6425 (An information disclosure vulnerability in the Qualcomm video driver. ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-6424 (An elevation of privilege vulnerability in the Qualcomm WiFi driver. P ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-6423 (An elevation of privilege vulnerability in the Qualcomm kyro L2 driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in ...) + NOT-FOR-US: Qualcomm component/driver for Android +CVE-2016-10241 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10240 + RESERVED + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10237 (If shared content protection memory were passed as the secure camera m ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. Pr ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. Product ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. Pr ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver. ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver. ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec dr ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. P ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to execut ...) + - linux 4.5.1-1 (bug #808293) + [jessie] - linux 3.16.7-ckt20-1+deb8u2 + [wheezy] - linux 3.2.73-2+deb7u2 + NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1) +CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all Androi ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can potentia ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9001 (In TrustZone an information exposure vulnerability can potentially occ ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can potent ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially occur i ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could potentia ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could potentia ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially occur i ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...) + - git 1:2.0.0~rc2-1 + [wheezy] - git (Vulnerable code introduced in 1.8.1-rc0) + NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f + NOTE: https://github.com/njhartwell/pw3nage + NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250 +CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could potentia ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ove ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases f ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a Us ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a Bu ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a Buff ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a Buff ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a Signe ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a Buff ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local us ...) + - linux 4.0.2-1 + [jessie] - linux 3.16.39-1 + [wheezy] - linux 3.2.82-1 + NOTE: Fixed by: https://git.kernel.org/linus/69c433ed2ecd2d3264efd7afec4439524b319121 (v3.18-rc2) +CVE-2017-6422 + RESERVED +CVE-2017-6421 (In the touch controller function in all Qualcomm products with Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...) + {DLA-1261-1 DLA-1105-1} + - clamav 0.99.3~beta1+dfsg-1 + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11798 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc + NOTE: https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98 +CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...) + {DSA-3946-1 DLA-1279-1} + - libmspack 0.6-1 (bug #871263) + - clamav 0.99.3~beta1+dfsg-1 (unimportant) + [stretch] - clamav 0.99.4+dfsg-1+deb9u1 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1 + NOTE: ClamAV uses the libmspack system library when available. This is the + NOTE: case from starting from Debian Jessie. Debian Wheezy does not have + NOTE: have libmspack and thus need to have the fix as well in the + NOTE: src:clamav source package. + NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229 +CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause ...) + {DLA-1261-1 DLA-1105-1} + - clamav 0.99.3~beta1+dfsg-1 + [stretch] - clamav 0.99.2+dfsg-6+deb9u1 + [jessie] - clamav 0.99.2+dfsg-0+deb8u3 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11797 + NOTE: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c +CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and e ...) + NOT-FOR-US: Avira Total Security Suite +CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerab ...) + NOT-FOR-US: SysGauge +CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...) + - radare2 1.1.0+dfsg-3 (bug #856572) + [jessie] - radare2 (Vulnerable code introduced in 1.1.0) + [wheezy] - radare2 (Vulnerable code introduced in 1.1.0) + NOTE: https://github.com/radare/radare2/issues/6872 + NOTE: https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308 +CVE-2017-6414 (Memory leak in the vcard_apdu_new function in card_7816.c in libcacard ...) + - libcacard 1:2.5.0-3 (bug #856501) + NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c +CVE-2017-6413 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) + - libapache2-mod-auth-openidc 2.1.6-1 + [jessie] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e +CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could o ...) + NOT-FOR-US: Sophos +CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devic ...) + NOT-FOR-US: D-Link +CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 call ...) + {DSA-3849-1 DLA-952-1} + - kio 5.28.0-2 (bug #856889) + - kde4libs 4:4.14.26-2 (bug #856890) + NOTE: https://www.kde.org/info/security/advisory-20170228-1.txt + NOTE: Patch for kio: https://commits.kde.org/kio/f9d0cb47cf94e209f6171ac0e8d774e68156a6e4 + NOTE: Patch for kde4libs: https://commits.kde.org/kdelibs/1804c2fde7bf4e432c6cf5bb8cce5701c7010559 +CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBa ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and NetBackup ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBacku ...) + NOT-FOR-US: Veritas NetBackup +CVE-2017-6398 (An issue was discovered in Trend Micro InterScan Messaging Security (V ...) + NOT-FOR-US: Trend Micro +CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerabilit ...) + NOT-FOR-US: FlightAirMap +CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnera ...) + NOT-FOR-US: WPO-Foundation WebPageTest +CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability exists due ...) + NOT-FOR-US: HashOveer +CVE-2017-6394 (Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR ...) + NOT-FOR-US: OpenEMR +CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability exists due ...) + - nagvis (Vulnerable code introduced in nagvis-1.8.0) + NOTE: https://github.com/NagVis/nagvis/issues/91 +CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...) + NOT-FOR-US: Kaltura server +CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerabil ...) + NOT-FOR-US: Kaltura server +CVE-2017-6390 (An issue was discovered in whatanime.ga before c334dd8499a681587dd4199 ...) + NOT-FOR-US: whatanime.ga +CVE-2017-6389 + RESERVED +CVE-2017-6388 + RESERVED +CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 all ...) + - radare2 1.1.0+dfsg-3 (bug #856574) + [jessie] - radare2 (Vulnerable code not present) + [wheezy] - radare2 (Vulnerable code not present) + NOTE: https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb + NOTE: https://github.com/radare/radare2/issues/6857 +CVE-2017-6386 (Memory leak in the vrend_create_vertex_elements_state function in vren ...) + - virglrenderer 0.6.0-2 (bug #858255; bug #872884) + NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920 +CVE-2017-6385 + RESERVED +CVE-2017-6383 + REJECTED +CVE-2017-6382 + RESERVED +CVE-2017-6381 (A 3rd party development library including with Drupal 8 development de ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-2017-001 +CVE-2017-6380 + RESERVED +CVE-2017-6379 (Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-2017-001 +CVE-2017-6378 + RESERVED +CVE-2017-6377 (When adding a private file via the editor in Drupal 8.2.x before 8.2.7 ...) + - drupal8 (bug #756305) + NOTE: https://www.drupal.org/SA-2017-001 +CVE-2017-6376 + RESERVED +CVE-2017-6375 + RESERVED +CVE-2017-6374 + RESERVED +CVE-2017-6373 + RESERVED +CVE-2017-6372 + RESERVED +CVE-2017-6371 (Synchronet BBS 3.16c for Windows allows remote attackers to cause a de ...) + NOT-FOR-US: Synchronet BBS +CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI i ...) + NOT-FOR-US: TYPO3 +CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5. ...) + {DSA-3824-1 DLA-879-1} + - firebird2.5 (bug #858641) + - firebird3.0 3.0.1.32609.ds4-14 (bug #858644) + NOTE: http://tracker.firebirdsql.org/browse/CORE-5474 + NOTE: Fixed by: https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375 (3.0) + NOTE: https://github.com/FirebirdSQL/firebird/commit/9d9b9e0c94e201da489d1da81f858c570d3ca6ef (2.5) + NOTE: https://github.com/FirebirdSQL/firebird/commit/a802126cd501f641f00d6cda12d5d9ee3ecda6f5 (2.5) +CVE-2017-6368 + RESERVED +CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Win ...) + NOT-FOR-US: Cerberus FTP Server +CVE-2017-6366 (Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 rou ...) + NOT-FOR-US: Netgear +CVE-2017-6365 + RESERVED +CVE-2017-6364 + RESERVED +CVE-2017-6363 (In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap- ...) + - libgd2 2.3.0-1 + [buster] - libgd2 (Minor issue) + [stretch] - libgd2 (Minor issue) + [jessie] - libgd2 (Minor issue) + NOTE: https://github.com/libgd/libgd/commit/0be86e1926939a98afbd2f3a23c673dfc4df2a7c + NOTE: https://github.com/libgd/libgd/commit/2dbd8f6e66b73ed43d9b81a45350922b80f75397 + NOTE: https://github.com/libgd/libgd/issues/383 +CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 befo ...) + {DSA-3961-1 DLA-1106-1} + - libgd2 2.2.5-1 + NOTE: https://github.com/libgd/libgd/issues/381 + NOTE: https://github.com/libgd/libgd/commit/56ce6ef068b954ad28379e83cca04feefc51320c +CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbit ...) + NOT-FOR-US: QNAP +CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...) + NOT-FOR-US: QNAP +CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administ ...) + NOT-FOR-US: QNAP +CVE-2017-6358 + RESERVED +CVE-2017-6357 + RESERVED +CVE-2017-6356 (Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 ...) + NOT-FOR-US: Palo Alto Networks Terminal Services +CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration use ...) + - php7.1 (Fixed before initial upload to Debian) + - php7.0 7.0.14-1 + - php5 + [jessie] - php5 5.6.29+dfsg-0+deb8u1 + [wheezy] - php5 (vulnerable code not present) + NOTE: Fixed in 7.1.0, 7.0.14, 5.6.29 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=69090 +CVE-2015-8993 (Malicious file execution vulnerability in Intel Security CloudAV (Beta ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8992 (Malicious file execution vulnerability in Intel Security WebAdvisor be ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8991 (Malicious file execution vulnerability in Intel Security McAfee Securi ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8990 (Detection bypass vulnerability in Intel Security Advanced Threat Defen ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8989 (Unsalted password vulnerability in the Enterprise Manager (web portal) ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8988 (Unquoted executable path vulnerability in Client Management and Gatewa ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8987 (Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in ...) + NOT-FOR-US: Intel antivirus +CVE-2015-8986 (Sandbox detection evasion vulnerability in hardware appliances in McAf ...) + NOT-FOR-US: Intel antivirus +CVE-2014-9921 (Information disclosure vulnerability in McAfee (now Intel Security) Cl ...) + NOT-FOR-US: Intel antivirus +CVE-2014-9920 (Unauthorized execution of binary vulnerability in McAfee (now Intel Se ...) + NOT-FOR-US: Intel antivirus +CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ( ...) + NOT-FOR-US: Intel antivirus +CVE-2013-7461 (A write protection and execution bypass vulnerability in McAfee (now I ...) + NOT-FOR-US: Intel antivirus +CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now I ...) + NOT-FOR-US: Intel antivirus +CVE-2017-6355 (Integer overflow in the vrend_create_shader function in vrend_renderer ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (0.6.0) +CVE-2017-6354 + RESERVED +CVE-2017-6352 + RESERVED +CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacture ...) + NOT-FOR-US: WePresent WiPG-1500 +CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...) + {DLA-850-1} + - vim 2:8.0.0197-3 (bug #856266) + [jessie] - vim 2:7.4.488-7+deb8u3 + - neovim 0.1.7-4 + NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75 +CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occu ...) + {DLA-850-1} + - vim 2:8.0.0197-3 (bug #856266) + [jessie] - vim 2:7.4.488-7+deb8u3 + - neovim 0.1.7-4 + NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c +CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allow ...) + NOT-FOR-US: Grails PDF plugin +CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...) + NOT-FOR-US: Dahua devices +CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Fir ...) + NOT-FOR-US: Dahua devices +CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06 ...) + NOT-FOR-US: Dahua devices +CVE-2017-6340 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...) + NOT-FOR-US: Trend Micro +CVE-2017-6339 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 befor ...) + NOT-FOR-US: Trend Micro +CVE-2017-6338 (Multiple Access Control issues in Trend Micro InterScan Web Security V ...) + NOT-FOR-US: Trend Micro +CVE-2017-6337 + RESERVED +CVE-2017-6336 + RESERVED +CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0. ...) + NOT-FOR-US: NETGEAR +CVE-2017-6333 + RESERVED +CVE-2017-6332 + RESERVED +CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter ...) + NOT-FOR-US: Symantec +CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote atta ...) + NOT-FOR-US: Symantec +CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...) + NOT-FOR-US: Symantec +CVE-2017-6328 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...) + NOT-FOR-US: Symantec +CVE-2017-6327 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an issu ...) + NOT-FOR-US: Symantec +CVE-2017-6326 (The Symantec Messaging Gateway can encounter an issue of remote code e ...) + NOT-FOR-US: Symantec +CVE-2017-6325 (The Symantec Messaging Gateway can encounter a file inclusion vulnerab ...) + NOT-FOR-US: Symantec +CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific email attac ...) + NOT-FOR-US: Symantec +CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_H ...) + NOT-FOR-US: Symantec +CVE-2017-6322 + RESERVED +CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)] + - pax-utils 1.2.3-1 (unimportant; bug #856196) + NOTE: https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/ + NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d + NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559 +CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2 +CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788 +CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Li ...) + - linux 4.9.13-1 + [jessie] - linux (Vulnerable code introduced in 4.0) + [wheezy] - linux (Vulnerable code introduced in 4.0) + NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32 +CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before 4. ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b +CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure th ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762 +CVE-2017-6321 + RESERVED +CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...) + NOT-FOR-US: Barracuda +CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 1 ...) + - radare2 1.1.0+dfsg-3 (bug #856579) + [jessie] - radare2 (Vulnerable code introduced in 1.1.0) + [wheezy] - radare2 (Vulnerable code introduced in 1.1.0) + NOTE: https://github.com/radare/radare2/issues/6836 + NOTE: https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431 +CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain sensit ...) + {DLA-940-1} + - sane-backends 1.0.25-4 (low; bug #854804) + [jessie] - sane-backends 1.0.24-8+deb8u2 + NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d +CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...) + NOT-FOR-US: Citrix +CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...) + NOT-FOR-US: Astaro +CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick 1. ...) + {DLA-1456-1} + - graphicsmagick 1.3.25-8 + [wheezy] - graphicsmagick (vulnerable code not present) + NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/ +CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.c in ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0) +CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...) + {DLA-2043-1} + - gdk-pixbuf 2.36.11-2 (low; bug #856448) + [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 + [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020 + NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html + NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f +CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in gdk-p ...) + {DLA-2043-1} + - gdk-pixbuf 2.36.11-2 (low; bug #856445) + [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 + [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016 + NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html + NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4 + NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8 +CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent at ...) + {DLA-2043-1} + - gdk-pixbuf 2.36.11-2 (low; bug #856444) + [stretch] - gdk-pixbuf 2.36.5-2+deb9u2 + [wheezy] - gdk-pixbuf (Minor issue, can be fixed in next update) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012 + NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html + NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dec9ca22d70c0f0d4492333b4e8147afb038afd2 + NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d +CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attack ...) + - gdk-pixbuf 2.36.10-1 (bug #858491; unimportant) + [stretch] - gdk-pixbuf (thumbnailer not installed before 2.36.5-3) + [jessie] - gdk-pixbuf (Code introduced in 2.36.1) + [wheezy] - gdk-pixbuf (Code introduced in 2.36.1) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204 + NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html + NOTE: Upload of gdk-pixbuf 2.36.5-3 to experimental added a new binary package containing + NOTE: the thumbnailer. + NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=57362ed4c1f37c05723e25e136327e262f32d35f + NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=758655315bc3760c2d646e1e935f7448847073af + NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=67a02e1bfef1ae8f7fa50ca36f6d922c1b6d3ed6 +CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ha ...) + {DSA-3798-1 DLA-839-1} + - tnef 1.4.12-1.1 (bug #856117) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ + NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d + NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/9c4015433ecd3177976f820f7aa524c7e64c7c92 + NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/c0b99164d14dcc61348a2ddffd47dfe31d087bad +CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions hav ...) + {DSA-3798-1 DLA-839-1} + - tnef 1.4.12-1.1 (bug #856117) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ + NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d +CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer Overflo ...) + {DSA-3798-1 DLA-839-1} + - tnef 1.4.12-1.1 (bug #856117) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ + NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176 +CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have bee ...) + {DSA-3798-1 DLA-839-1} + - tnef 1.4.12-1.1 (bug #856117) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/ + NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a +CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1} + - libytnef 1.9.1-1 + [wheezy] - libytnef (vulnerable code not present) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a pa ...) + {DSA-3846-1 DLA-878-1} + - libytnef 1.9.1-1 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/15/4 + NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910 +CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does n ...) + NOT-FOR-US: MikroTik RouterOS +CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM applicati ...) + NOT-FOR-US: NVIDIA +CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster im ...) + NOT-FOR-US: NVIDIA +CVE-2017-6294 (In Android before the 2018-06-05 security patch level, NVIDIA Tegra X1 ...) + NOT-FOR-US: NVIDIA +CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6292 (In Android before the 2018-06-05 security patch level, NVIDIA TLZ Trus ...) + NOT-FOR-US: NVIDIA +CVE-2017-6291 + RESERVED +CVE-2017-6290 (In Android before the 2018-06-05 security patch level, NVIDIA TLK Trus ...) + NOT-FOR-US: NVIDIA +CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a missi ...) + NOT-FOR-US: NVIDIA +CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic R ...) + NOT-FOR-US: NVIDIA +CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function wh ...) + NOT-FOR-US: NVIDIA +CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...) + NOT-FOR-US: NVIDIA +CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a impro ...) + NOT-FOR-US: NVIDIA +CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal ...) + NOT-FOR-US: NVIDIA Tegra +CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...) + NOT-FOR-US: NVIDIA +CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...) + NOT-FOR-US: NVIDIA components for Android +CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...) + NOT-FOR-US: NVIDIA components for Android +CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader compo ...) + NOT-FOR-US: NVIDIA ADSP Firmware +CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) + [experimental] - nvidia-graphics-drivers 384.90-1 + - nvidia-graphics-drivers 384.98-2 (bug #876414) + [stretch] - nvidia-graphics-drivers 384.130-1 + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 +CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6270 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6269 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) + [experimental] - nvidia-graphics-drivers 384.90-1 + - nvidia-graphics-drivers 384.98-2 (bug #876414) + [stretch] - nvidia-graphics-drivers 384.130-1 + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 +CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) + [experimental] - nvidia-graphics-drivers 384.90-1 + - nvidia-graphics-drivers 384.98-2 (bug #876414) + [stretch] - nvidia-graphics-drivers 384.130-1 + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx + [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) + [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544 +CVE-2017-6265 + RESERVED +CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU drive ...) + NOT-FOR-US: NVIDIA components for Android +CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use afte ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use afte ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-6261 (NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerabili ...) + NOT-FOR-US: NVIDIA Vibrante Linux +CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) + - nvidia-graphics-drivers 375.82-1 (bug #869783) + [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1 + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (Limited to E384 and E375) + - nvidia-graphics-drivers-legacy-304xx (Limited to E384 and E375) +CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege vulnera ...) + NOT-FOR-US: Nvidia component for Android +CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...) + - nvidia-graphics-drivers 375.82-1 (bug #869783) + [stretch] - nvidia-graphics-drivers 375.82-1~deb9u1 + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (Limited to E384 and E375) + - nvidia-graphics-drivers-legacy-304xx (Limited to E384 and E375) +CVE-2017-6256 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6255 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6254 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6253 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the kern ...) + NOT-FOR-US: NVIDIA Windows GPU Display Driver +CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helpe ...) + NOT-FOR-US: NVIDIA GeForce Experience +CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver cou ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-6246 + RESERVED +CVE-2017-6245 + RESERVED +CVE-2017-6244 + RESERVED +CVE-2017-6243 + RESERVED +CVE-2017-6242 + RESERVED +CVE-2017-6241 + RESERVED +CVE-2017-6240 + RESERVED +CVE-2017-6239 + RESERVED +CVE-2017-6238 + RESERVED +CVE-2017-6237 + RESERVED +CVE-2017-6236 + RESERVED +CVE-2017-6235 + RESERVED +CVE-2017-6234 + RESERVED +CVE-2017-6233 + RESERVED +CVE-2017-6232 + RESERVED +CVE-2017-6231 + RESERVED +CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...) + NOT-FOR-US: Ruckus Networks firmware +CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...) + NOT-FOR-US: Ruckus Networks firmware +CVE-2017-6228 + RESERVED +CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN product ...) + NOT-FOR-US: Brocade +CVE-2017-6226 + RESERVED +CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management i ...) + NOT-FOR-US: Brocade +CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ZD10 ...) + NOT-FOR-US: Ruckus +CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD ...) + NOT-FOR-US: Ruckus +CVE-2017-6222 + RESERVED +CVE-2017-6221 + RESERVED +CVE-2017-6220 + RESERVED +CVE-2017-6219 + RESERVED +CVE-2017-6218 + RESERVED +CVE-2017-6217 (paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XS ...) + NOT-FOR-US: paypal/adaptivepayments-sdk-php +CVE-2017-6216 (novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a ref ...) + NOT-FOR-US: novaksolutions/infusionsoft-php-sdk +CVE-2017-6215 (paypal/permissions-sdk-php is vulnerable to reflected XSS in the sampl ...) + NOT-FOR-US: PayPal permissions-sdk-php +CVE-2017-6213 (paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permi ...) + NOT-FOR-US: PayPal invoice-sdk-php +CVE-2017-6212 + REJECTED +CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...) + NOT-FOR-US: Qualcomm components for Android +CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel bef ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8) +CVE-2017-6210 (The vrend_decode_reset function in vrend_decode.c in virglrenderer bef ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (0.6.0) +CVE-2017-6209 (Stack-based buffer overflow in the parse_identifier function in tgsi_t ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (0.6.0) +CVE-2017-6208 + RESERVED +CVE-2017-6207 + REJECTED +CVE-2017-6206 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...) + NOT-FOR-US: D-Link +CVE-2017-6205 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-15 ...) + NOT-FOR-US: D-Link +CVE-2017-6204 + RESERVED +CVE-2017-6203 + RESERVED +CVE-2017-6202 + RESERVED +CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app ...) + NOT-FOR-US: Sandstorm +CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any speci ...) + NOT-FOR-US: Sandstorm +CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction ...) + NOT-FOR-US: Sandstorm +CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource limit ...) + NOT-FOR-US: Sandstorm +CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 all ...) + {DLA-837-1} + - radare2 1.1.0+dfsg-2 (bug #856063) + [jessie] - radare2 (Minor issue) + NOTE: https://github.com/radare/radare2/issues/6816 + NOTE: Fixed by: https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989 + NOTE: Although the respective new versions were only introduced in 0.10.3 + NOTE: The NULL pointer dereferences are still triggerable, via the shown + NOTE: vector and seen under valgrind. It might be disputable if that is the + NOTE: same vulnerability though. +CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin fun ...) + - ghostscript (Issue introduced later, cf. bug #856142) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596 + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283 + NOTE: Possibly introduced only after https://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784 +CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blin ...) + NOT-FOR-US: Ipswitch MOVEit Transfer +CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows r ...) + [experimental] - radare2 1.3.0+dfsg-1 + - radare2 1.1.0+dfsg-4 (bug #859448) + [jessie] - radare2 (Vulnerable code not present) + [wheezy] - radare2 (Vulnerable code not present) + NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git) + NOTE: https://github.com/radare/radare2/issues/6829 +CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...) + NOT-FOR-US: APNGDis +CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers t ...) + NOT-FOR-US: APNGDis +CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to e ...) + NOT-FOR-US: APNGDis +CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link D ...) + NOT-FOR-US: D-Link +CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before 1.1 ...) + NOT-FOR-US: Amazon Kindle +CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise 9.4 ...) + NOT-FOR-US: DiskSavvy Enterprise +CVE-2017-6186 (Code injection vulnerability in Bitdefender Total Security 12.0 (and e ...) + NOT-FOR-US: Bitdefender +CVE-2017-6185 + RESERVED +CVE-2017-6184 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) + NOT-FOR-US: Sophos +CVE-2017-6183 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) + NOT-FOR-US: Sophos +CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine ...) + NOT-FOR-US: Sophos +CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka Oniguru ...) + - ruby2.3 (Introduced in v2_4_0_rc1) + - ruby2.1 (Introduced in v2_4_0_rc1) + NOTE: Introduced by: https://github.com/ruby/ruby/commit/2873edeafb6f6df1fc99bb9b1167591b99dd378c + NOTE: Fixed by: https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c345d7015eda0bf06671f87e9 + NOTE: https://bugs.ruby-lang.org/issues/13234 +CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery Vuln ...) + NOT-FOR-US: Keekoon KK002 devices +CVE-2017-6179 + RESERVED +CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ga ...) + NOT-FOR-US: USBPcap +CVE-2017-6177 + REJECTED +CVE-2017-6176 + REJECTED +CVE-2017-6175 + REJECTED +CVE-2017-6174 + REJECTED +CVE-2017-6173 + REJECTED +CVE-2017-6172 + REJECTED +CVE-2017-6171 + REJECTED +CVE-2017-6170 + REJECTED +CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP virt ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...) + NOT-FOR-US: F5 BIG-IP + NOTE: https://support.f5.com/csp/article/K21905460 + NOTE: https://robotattack.org/ +CVE-2017-6167 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PE ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6164 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM softwa ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controlle ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6158 (In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 th ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6156 (When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6153 (Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...) + NOT-FOR-US: F5 BIG-IQ Centralized Management +CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1 ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6149 + REJECTED +CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP version 13.0. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6146 + REJECTED +CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Li ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Alloc ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6143 (X509 certificate verification was not correctly implemented in the IP ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ear ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSaf ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6139 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare condit ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6138 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GT ...) + NOT-FOR-US: F5 +CVE-2017-6136 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6135 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6134 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6133 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6132 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6131 (In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0. ...) + NOT-FOR-US: F5 +CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulner ...) + NOT-FOR-US: F5 +CVE-2017-6129 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some circumsta ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-6128 (An attacker may be able to cause a denial-of-service (DoS) attack agai ...) + NOT-FOR-US: F5 +CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when CGI gra ...) + {DSA-3794-1 DLA-836-1} + - munin 2.0.31-1 (bug #855705) + NOTE: https://github.com/munin-monitoring/munin/issues/721 +CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in the acce ...) + NOT-FOR-US: DIGISOL DG-HR1400 Wireless Router +CVE-2017-6126 + RESERVED +CVE-2017-6125 + RESERVED +CVE-2017-6124 + RESERVED +CVE-2017-6123 + RESERVED +CVE-2017-6122 + RESERVED +CVE-2017-6121 + RESERVED +CVE-2017-6120 + RESERVED +CVE-2017-6119 + RESERVED +CVE-2017-6118 + RESERVED +CVE-2017-6117 + RESERVED +CVE-2017-6116 + RESERVED +CVE-2017-6115 + RESERVED +CVE-2017-6114 + RESERVED +CVE-2017-6113 + RESERVED +CVE-2017-6112 + RESERVED +CVE-2017-6111 + RESERVED +CVE-2017-6110 + RESERVED +CVE-2017-6109 + RESERVED +CVE-2017-6108 + RESERVED +CVE-2017-6107 + RESERVED +CVE-2017-6106 + RESERVED +CVE-2017-6105 + RESERVED +CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...) + NOT-FOR-US: WordPress plugin +CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1.) + NOT-FOR-US: WordPress plugin +CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2.) + NOT-FOR-US: WordPress plugin +CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in saslserv/ ...) + - atheme-services 7.2.9-1 (bug #855588) + [jessie] - atheme-services (versions prior to 7.2.7 not vulnerable) + NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another DOS, fixed in 7.2.9 + NOTE: (Possibly) introduced in https://github.com/atheme/atheme/commit/8ac7aa8d007331ae694f099c288e27f911e8cad1 (v7.2.7) +CVE-2017-6101 + RESERVED +CVE-2017-6099 (Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in ...) + NOT-FOR-US: PayPal PHP Merchant SDK +CVE-2017-6098 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) + NOT-FOR-US: Mail Masta plugin for Wordpress +CVE-2017-6097 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) + NOT-FOR-US: Mail Masta plugin for Wordpress +CVE-2017-6096 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) + NOT-FOR-US: Mail Masta plugin for Wordpress +CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta ...) + NOT-FOR-US: Mail Masta plugin for Wordpress +CVE-2017-6094 (CPEs used by subscribers on the access network receive their individua ...) + NOT-FOR-US: Genexis GASP +CVE-2017-6093 + RESERVED +CVE-2017-6092 + RESERVED +CVE-2017-6091 + RESERVED +CVE-2017-6090 (Unrestricted file upload vulnerability in clients/editclient.php in Ph ...) + NOT-FOR-US: PhpCollab +CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remo ...) + NOT-FOR-US: PhpCollab +CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 ...) + NOT-FOR-US: EyesOfNetwork +CVE-2017-6087 (EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated user ...) + NOT-FOR-US: EyesOfNetwork +CVE-2017-6086 (Multiple cross-site request forgery (CSRF) vulnerabilities in the addA ...) + NOT-FOR-US: ViMbAdmin +CVE-2017-6085 + RESERVED +CVE-2017-6084 + RESERVED +CVE-2017-6083 + RESERVED +CVE-2017-6082 + RESERVED +CVE-2017-6081 (A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...) + - zammad (bug #841355) +CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) + - zammad (bug #841355) +CVE-2017-6079 (The HTTP web-management application on Edgewater Networks Edgemarc app ...) + NOT-FOR-US: Edgewater +CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause ...) + NOT-FOR-US: FastStone MaxView +CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 al ...) + NOT-FOR-US: NETGEAR +CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...) + {DLA-3152-1} + - glibc 2.31-3 (low; bug #856503) + - eglibc + [wheezy] - eglibc (Minor issue) + NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519 + NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=91927b7c76437db860cd86a7714476b56bb39d07 +CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...) + NOT-FOR-US: Zyxel +CVE-2017-6076 (In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes i ...) + - wolfssl 3.10.2+dfsg-1 (bug #856114) + NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable + NOTE: https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d +CVE-2017-6075 + RESERVED +CVE-2017-6074 (The dccp_rcv_state_process function in net/dccp/input.c in the Linux k ...) + {DSA-3791-1 DLA-833-1} + - linux 4.9.13-1 + NOTE: Fixed by: https://git.kernel.org/linus/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 +CVE-2017-6073 + RESERVED +CVE-2017-6072 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-6071 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-6070 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...) + NOT-FOR-US: CMS Made Simple +CVE-2017-6069 (Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add an ...) + NOT-FOR-US: Subrion CMS +CVE-2017-6068 (Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can crea ...) + NOT-FOR-US: Subrion CMS +CVE-2017-6067 (Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom ...) + NOT-FOR-US: Symphony CMS +CVE-2017-6066 (Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker ca ...) + NOT-FOR-US: Subrion CMS +CVE-2017-6065 (SQL injection vulnerability in inc/lib/Control/Backend/menus.control.p ...) + NOT-FOR-US: GenixCMS +CVE-2017-6064 + RESERVED +CVE-2017-6063 + RESERVED +CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) + - webkitgtk (unimportant) + NOTE: Not covered by security support +CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...) + NOT-FOR-US: SAP +CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex So ...) + {DLA-2765-1} + - mupdf 1.12.0+ds1-1 (unimportant) + [wheezy] - mupdf (Vulnerable code not present) + NOTE: Although jstest_main.c compiled during build and mujstest is created + NOTE: it is not included in the produced binary packages + NOTE: https://www.openwall.com/lists/oss-security/2017/02/18/1 +CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ( ...) + - qemu 1:2.8+dfsg-3 (bug #855616) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1423358 +CVE-2017-6057 + RESERVED +CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3. ...) + NOT-FOR-US: eParakstitajs and eParaksts Java lib +CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...) + NOT-FOR-US: Hyundai +CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada Versi ...) + NOT-FOR-US: Trihedral VTScada +CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...) + NOT-FOR-US: Hyundai +CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech L ...) + NOT-FOR-US: BLF-Tech LLC VisualView HMI +CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2. ...) + NOT-FOR-US: Ecava IntegraXor +CVE-2017-6049 (Detcon Sitewatch Gateway, all versions without cellular, an attacker c ...) + NOT-FOR-US: Detcon Sitewatch Gateway +CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data L ...) + NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters +CVE-2017-6047 (Detcon Sitewatch Gateway, all versions without cellular, Passwords are ...) + NOT-FOR-US: Detcon Sitewatch Gateway +CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in Sierra ...) + NOT-FOR-US: Sierra Wireless AirLink Raven +CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada Vers ...) + NOT-FOR-US: Trihedral VTScada +CVE-2017-6044 (An Improper Authorization issue was discovered in Sierra Wireless AirL ...) + NOT-FOR-US: Sierra Wireless AirLink Raven +CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada Versi ...) + NOT-FOR-US: Trihedral VTScada +CVE-2017-6042 (A Cross-Site Request Forgery issue was discovered in Sierra Wireless A ...) + NOT-FOR-US: Sierra Wireless AirLink Raven +CVE-2017-6041 (An Unrestricted Upload issue was discovered in Marel Food Processing S ...) + NOT-FOR-US: Marel +CVE-2017-6040 (An Information Exposure issue was discovered in Belden Hirschmann GECK ...) + NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch +CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...) + NOT-FOR-US: Phoenix +CVE-2017-6038 (A Cross-Site Request Forgery issue was discovered in Belden Hirschmann ...) + NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch +CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologie ...) + NOT-FOR-US: Wecon +CVE-2017-6036 (A Server-Side Request Forgery issue was discovered in Belden Hirschman ...) + NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch +CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon Technologi ...) + NOT-FOR-US: Wecon +CVE-2017-6034 (An Authentication Bypass by Capture-Replay issue was discovered in Sch ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric Interactive ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6032 (A Violation of Secure Design Principles issue was discovered in Schnei ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6031 (A Header Injection issue was discovered in Certec EDV GmbH atvise scad ...) + NOT-FOR-US: Certec EDV GmbH atvise scada +CVE-2017-6030 (A Predictable Value Range from Previous Values issue was discovered in ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6029 (A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise ...) + NOT-FOR-US: Certec EDV GmbH atvise scada +CVE-2017-6028 (An Insufficiently Protected Credentials issue was discovered in Schnei ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6027 (An Arbitrary File Upload issue was discovered in 3S-Smart Software Sol ...) + NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server +CVE-2017-6026 (A Use of Insufficiently Random Values issue was discovered in Schneide ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6025 (A Stack Buffer Overflow issue was discovered in 3S-Smart Software Solu ...) + NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server +CVE-2017-6024 (A Resource Exhaustion issue was discovered in Rockwell Automation Cont ...) + NOT-FOR-US: Rockwell +CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. The a ...) + NOT-FOR-US: Fatek +CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and Co ...) + NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications +CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 20 ...) + NOT-FOR-US: Schneider +CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis S ...) + NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software +CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model 865 ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6018 (An open redirect issue was discovered in B. Braun Medical SpaceCom mod ...) + NOT-FOR-US: SpaceCom / SpaceStation +CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric Modic ...) + NOT-FOR-US: Schneider Electric +CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao Consult ...) + NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA) +CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell ...) + NOT-FOR-US: Rockwell +CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 cap ...) + {DSA-3811-1 DLA-826-1} + - wireshark 2.2.5+g440fd4d-2 (bug #855408) + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416 +CVE-2017-6013 (Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the quer ...) + NOT-FOR-US: Subrion CMS +CVE-2017-6012 + RESERVED +CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read lead ...) + {DSA-3807-1 DLA-854-1} + - icoutils 0.31.2-1 (bug #854054) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74 + NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393 +CVE-2017-6010 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...) + {DSA-3807-1 DLA-854-1} + - icoutils 0.31.2-1 (bug #854054) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74 + NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393 +CVE-2017-6009 (An issue was discovered in icoutils 0.31.1. A buffer overflow was obse ...) + {DSA-3807-1 DLA-854-1} + - icoutils 0.31.2-1 (bug #854050) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e + NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407 +CVE-2017-6008 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...) + NOT-FOR-US: Sophos +CVE-2017-6007 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRig ...) + NOT-FOR-US: Sophos +CVE-2017-6006 + REJECTED +CVE-2017-6005 (Waves MaxxAudio, as installed on Dell laptops, adds a "WavesSysSvc" Wi ...) + NOT-FOR-US: Waves MaxxAudio +CVE-2017-6004 (The compile_bracket_matchingpath function in pcre_jit_compile.c in PCR ...) + - pcre3 2:8.39-2.1 (bug #855405) + [jessie] - pcre3 (Vulnerable code introduced later) + [wheezy] - pcre3 (Vulnerable code introduced later) + NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch + NOTE: https://bugs.exim.org/show_bug.cgi?id=2035 +CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_languag ...) + NOT-FOR-US: dotCMS +CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...) + NOT-FOR-US: Subrion CMS +CVE-2014-9919 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the f ...) + NOT-FOR-US: Bilboplanet +CVE-2014-9918 (An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the u ...) + NOT-FOR-US: Bilboplanet +CVE-2014-9917 (An issue was discovered in Bilboplanet 2.0. There is a stored XSS vuln ...) + NOT-FOR-US: Bilboplanet +CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...) + NOT-FOR-US: Bilboplanet +CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before 4.9. ...) + {DSA-3791-1 DLA-833-1} + - linux 4.9.10-1 + NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290 +CVE-2017-6000 + REJECTED +CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an algorit ...) + NOT-FOR-US: sysPass +CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE E ...) + NOT-FOR-US: InterSect Alliance SNARE Epilog +CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows remo ...) + NOT-FOR-US: SAP Message Server +CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before ...) + NOT-FOR-US: Bomgar Remote Support +CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through 2.2. ...) + NOT-FOR-US: NetApp ONTAP Select Deploy administration utility +CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a ...) + {DLA-1493-1} + - xen 4.8.1-1 (bug #856229) + [wheezy] - xen (Minor issue) + NOTE: https://xenbits.xen.org/xsa/advisory-207.html +CVE-2017-XXXX [XSA-206: xenstore denial of service via repeated update] + - xen 4.8.1-1 (bug #860565) + [jessie] - xen 4.4.4lts1-0+deb8u1 + [wheezy] - xen (Too intrusive to backport) + NOTE: https://xenbits.xen.org/xsa/advisory-206.html +CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state f ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422452 +CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blit ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438 +CVE-2017-5991 (An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9 ...) + {DSA-3797-1} + - mupdf 1.9a+ds1-4 (low) + [wheezy] - mupdf (vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500 + NOTE: https://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465 +CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The vulner ...) + NOT-FOR-US: PhreeBooksERP +CVE-2017-5989 + RESERVED +CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is enab ...) + NOT-FOR-US: NetApp +CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-3 (bug #855159) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html +CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.10-1 + NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90 +CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-u ...) + - lxc 1:2.0.7-2 (bug #857295) + [jessie] - lxc 1:1.0.6-6+deb8u6 + [wheezy] - lxc (vulnerable code not present) + NOTE: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html + NOTE: https://launchpad.net/bugs/1654676 + NOTE: master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9 + NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3 + NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec +CVE-2017-5984 (In libavcodec in Libav 9.21, ff_h264_execute_ref_pic_marking() has a h ...) + - libav + [jessie] - libav (Vulnerable code introduced later) + - ffmpeg (ffmpeg not affected) + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1019 + NOTE: https://patches.libav.org/patch/62534/ +CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3. ...) + NOT-FOR-US: JIRA Workflow Designer Plugin +CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...) + - kodi 2:18.6+dfsg1-1 (bug #855225) + [buster] - kodi (Minor issue) + [stretch] - kodi (Minor issue) + [jessie] - kodi (Minor issue) + - xbmc (bug #861274) + [jessie] - xbmc (Minor issue) + [wheezy] - xbmc (Minor issue) + NOTE: http://seclists.org/fulldisclosure/2017/Feb/27 + NOTE: http://trac.kodi.tv/ticket/17314 + NOTE: https://lists.debian.org/debian-lts/2017/04/msg00025.html + NOTE: https://lists.debian.org/debian-lts/2017/04/msg00055.html (and followups) + NOTE: https://lists.debian.org/debian-lts/2017/05/msg00006.html +CVE-2017-5681 (The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) E ...) + NOT-FOR-US: Intel QuickAssist Technology (QAT) Engine +CVE-2017-6056 (It was discovered that a programming error in the processing of HTTPS ...) + {DSA-3788-1 DSA-3787-1 DLA-823-1} + - tomcat8 8.0.21-2 (bug #851304) + - tomcat7 7.0.72-3 (bug #854551) + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544 +CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial o ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/ +CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/ +CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62 allows remot ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/ +CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/ +CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib 0.13.6 ...) + {DSA-3878-1} + - zziplib 0.13.62-3.1 (bug #864150; bug #854727) + [jessie] - zziplib (Minor issue) + [wheezy] - zziplib (Minor issue) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/ +CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block function ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/ +CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in fetch.c in ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/ + NOTE: https://github.com/gdraheim/zziplib/commit/33d6e9c52fcf1a8983896a512033994dc2ca5734 (v0.13.63) + NOTE: https://github.com/gdraheim/zziplib/commit/64e745f8a3604ba1c444febed86b5e142ce03dd7 (v0.13.63) +CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in fetch.c in ...) + {DSA-3878-1 DLA-994-1} + - zziplib 0.13.62-3.1 (bug #854727) + NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/ +CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick E ...) + {DLA-1497-1 DLA-845-1 DLA-842-1} + - qemu 1:2.8+dfsg-3 (bug #855611) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html + NOTE: https://www.openwall.com/lists/oss-security/2017/02/13/11 +CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a SY ...) + - linux 4.4.2-1 + [jessie] - linux (Known perfomance limitation) + [wheezy] - linux (Known perfomance limitation) +CVE-2016-10225 (The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and ...) + NOT-FOR-US: sunxi-debug driver in Allwinner kernel +CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application use ...) + NOT-FOR-US: Sauter NovaWeb +CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerabilit ...) + NOT-FOR-US: BigTree CMS +CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to e ...) + NOT-FOR-US: NewsBee CMS +CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Lin ...) + {DSA-3791-1 DLA-922-1} + - linux 4.9.10-1 + NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8) + NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1) +CVE-2017-5969 (libxml2 2.9.4, when used in recover mode, allows remote attackers to c ...) + {DLA-2972-1} + - libxml2 2.9.4+dfsg1-5.1 (bug #855001) + [jessie] - libxml2 (Minor issue, only a denial-of-service when using recover mode) + [wheezy] - libxml2 (Minor issue, only a denial-of-service when using recover mode) + NOTE: https://www.openwall.com/lists/oss-security/2016/11/05/3 + NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519 + NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/94691dc884d1a8ada39f073408b4bb92fe7fe882 +CVE-2017-5968 + RESERVED +CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when CONFIG_TIME ...) + - linux 4.9.13-1 (low) +CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...) + NOT-FOR-US: Sitecore +CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authe ...) + NOT-FOR-US: Sitecore +CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ex ...) + NOT-FOR-US: Emoncms +CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulner ...) + NOT-FOR-US: TYPO3 extension +CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. Th ...) + NOT-FOR-US: TYPO3 extension +CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability exi ...) + NOT-FOR-US: ionize +CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerabilit ...) + NOT-FOR-US: Phalcon Eye +CVE-2017-5959 (CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation ...) + NOT-FOR-US: GenixCMS +CVE-2017-5958 + RESERVED +CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126 +CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...) + - virglrenderer 0.6.0-1 (bug #858255) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073 + NOTE: The original fix opens a memory leak: https://www.openwall.com/lists/oss-security/2017/02/24/2 + NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395 +CVE-2017-5955 + RESERVED +CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for Node. ...) + NOT-FOR-US: serialize-to-js Node package +CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree l ...) + {DSA-3786-1 DLA-822-1} + - vim 2:8.0.0197-2 (bug #854969) + - neovim 0.1.7-4 + NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d +CVE-2017-5952 + RESERVED +CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Softw ...) + {DSA-3838-1 DLA-905-1} + - ghostscript 9.20~dfsg-3.1 (bug #859696) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548 + NOTE: Fixed by: https://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 +CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...) + - yaml-cpp 0.6.3-1 (low; bug #859891) + [buster] - yaml-cpp (Minor issue) + [stretch] - yaml-cpp (Minor issue) + [jessie] - yaml-cpp (Minor issue) + [wheezy] - yaml-cpp (Minor issue) + - yaml-cpp0.3 (low; bug #859892) + [stretch] - yaml-cpp0.3 (Minor issue) + [jessie] - yaml-cpp0.3 (Minor issue) + NOTE: https://github.com/jbeder/yaml-cpp/issues/459 + NOTE: possible fix: https://github.com/jbeder/yaml-cpp/pull/489 +CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...) + - webkitgtk (unimportant) + NOTE: Not covered by security support +CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Oxyge ...) + NOT-FOR-US: OnePlus One +CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices wit ...) + NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS +CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...) + {DSA-3801-1 DLA-846-1} + - ruby-zip 1.2.0-1.1 (bug #856269) + - libzip-ruby + NOTE: https://github.com/rubyzip/rubyzip/issues/315 +CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...) + NOT-FOR-US: Moodle plugin +CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT) 4.x befor ...) + {DSA-3882-1 DLA-987-1} + - request-tracker4 4.4.1-4 +CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...) + {DSA-3882-1 DLA-987-1} + - request-tracker4 4.4.1-4 +CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress ...) + NOT-FOR-US: WordPress plugin +CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...) + - webkitgtk (unimportant) + NOTE: Not covered by security support +CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. Mu ...) + - mupdf (Vulnerable code not yet present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400 +CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Soft ...) + {DSA-3838-1 DLA-905-1} + - ghostscript 9.20~dfsg-3.1 (bug #859694) + NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450 +CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. Ghos ...) + {DSA-3838-1 DLA-905-1} + - ghostscript 9.20~dfsg-3.1 (bug #859666) + NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453 +CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...) + - ghostscript (Vulnerable code introduced later) + NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4 + NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444 +CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. Gh ...) + - ghostscript 9.20~dfsg-3.1 (bug #859662) + [jessie] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) + [wheezy] - ghostscript (pdf14_cleanup_parent_color_profiles not yet present) + NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456 +CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...) + NOT-FOR-US: IT ITems DataBase +CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder befor ...) + NOT-FOR-US: Fastspot BigTree bigtree-form-builder +CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for Node.j ...) + NOT-FOR-US: node-serialize +CVE-2017-5939 + RESERVED +CVE-2017-5936 (OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pair ...) + NOT-FOR-US: Nova-LXD +CVE-2017-5937 (The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d ...) + - virglrenderer 0.6.0-1 (bug #854728) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246 +CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in virglrend ...) + - virglrenderer 0.6.0-1 (bug #854728) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266 +CVE-2017-5935 + RESERVED +CVE-2017-5934 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...) + {DSA-4318-1 DLA-1546-1} + - moin 1.9.9-1+deb9u1 (bug #910776) + NOTE: https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024 +CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, 11 ...) + NOT-FOR-US: Citrix +CVE-2016-10213 (A10 AX1030 and possibly other devices with software before 2.7.2-P8 us ...) + NOT-FOR-US: A10 +CVE-2016-10212 (Radware devices use the same value for the first two GCM nonces, which ...) + NOT-FOR-US: Radware devices +CVE-2017-5932 (The path autocompletion feature in Bash 4.4 allows local users to gain ...) + - bash 4.4-3 + [jessie] - bash (Introduced in 4.4) + [wheezy] - bash (Introduced in 4.4) + NOTE: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf + NOTE: Fix http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715 +CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick Emula ...) + - qemu 1:2.8+dfsg-3 (bug #854730) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html + NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/8 +CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote ...) + - postfixadmin 3.0.2-1 (bug #854742) + [jessie] - postfixadmin (Vulnerable code not present) + [wheezy] - postfixadmin (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/6 +CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affectin ...) + {DLA-888-1} + - logback 1:1.1.9-3 (bug #857343) + [jessie] - logback 1:1.1.2-1+deb8u1 + NOTE: https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8 + NOTE: https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9 + NOTE: https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5 + NOTE: https://github.com/qos-ch/logback/commit/3b4f605454534b304770eeee3cb343521fcd6968 + NOTE: Information asked about complete patchset to fix CVE-2017-5929: http://mailman.qos.ch/pipermail/logback-user/2017-March/004875.html +CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web browse ...) + NOT-FOR-US: Design limitation of W3C High Resolution Time API +CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical addre ...) + NOT-FOR-US: Hardware issue in some Intel CPUs +CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical addre ...) + NOT-FOR-US: Hardware issue in some Intel CPUs +CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical addre ...) + NOT-FOR-US: Hardware issue in some Intel CPUs +CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) + - yara 3.5.0+dfsg-9 (bug #859821) + [jessie] - yara 3.1.0-2+deb8u1 + NOTE: https://github.com/VirusTotal/yara/issues/593 +CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) + - yara 3.5.0+dfsg-9 (bug #859821) + [jessie] - yara 3.1.0-2+deb8u1 + NOTE: https://github.com/VirusTotal/yara/issues/597 +CVE-2017-5922 + RESERVED +CVE-2017-5921 + RESERVED +CVE-2017-5920 + RESERVED +CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a den ...) + - yara 3.5.0+dfsg-9 (bug #859821) + [jessie] - yara 3.1.0-2+deb8u1 + NOTE: https://github.com/VirusTotal/yara/issues/575 +CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denia ...) + - yara 3.5.0+dfsg-9 (bug #859821) + [jessie] - yara 3.1.0-2+deb8u1 + NOTE: https://github.com/VirusTotal/yara/issues/576 +CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in li ...) + {DSA-4360-1 DLA-1600-1 DLA-1006-1} + - libarchive 3.2.2-3.1 (low; bug #859456) + NOTE: https://github.com/libarchive/libarchive/issues/842 + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0) +CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ce ...) + NOT-FOR-US: 21st Century Insurance app for iOS +CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.50 ...) + NOT-FOR-US: Banco de Costa Rica BCR Movil app for iOS +CVE-2017-5917 + REJECTED +CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1. ...) + NOT-FOR-US: America's First Federal Credit Union (FCU) Mobile Banking app +CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10 ...) + NOT-FOR-US: Emirates NBD Bank P.J.S.C Emirates NBD KSA app +CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certif ...) + NOT-FOR-US: DOT IT Banque Zitouna app +CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...) + NOT-FOR-US: TradeKing Forex for iPhone app +CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...) + NOT-FOR-US: FOREX.com FOREXTrader for iPhone app +CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS d ...) + NOT-FOR-US: Banco Santander Mexico SA Supermovil app +CVE-2017-5910 + RESERVED +CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...) + NOT-FOR-US: Electronic Funds Source (EFS) Mobile Driver Source app +CVE-2017-5908 + REJECTED +CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...) + NOT-FOR-US: Great Southern Bank Great Southern Mobile Banking app +CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker ap ...) + NOT-FOR-US: Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app +CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certifi ...) + NOT-FOR-US: Dollar Bank Mobile app +CVE-2017-5904 + RESERVED +CVE-2017-5903 + RESERVED +CVE-2017-5902 (The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates fr ...) + NOT-FOR-US: PayQuicker app +CVE-2017-5901 (The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not ...) + NOT-FOR-US: State Bank of India State Bank Anywhere app +CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 rout ...) + NOT-FOR-US: NetComm +CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in fitz ...) + {DSA-3797-1} + - mupdf 1.9a+ds1-3 (bug #854734) + [wheezy] - mupdf (vulnerable code not present) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515 + NOTE: Fix https://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27 + NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/ + NOTE: https://www.openwall.com/lists/oss-security/2017/02/10/1 +CVE-2017-5895 + RESERVED +CVE-2017-5894 + RESERVED +CVE-2017-5893 + RESERVED +CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 al ...) + NOT-FOR-US: ASUS +CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ha ...) + NOT-FOR-US: ASUS +CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in usb/dev-s ...) + {DLA-845-1 DLA-842-1} + - qemu 1:2.8+dfsg-3 (bug #854729) + [jessie] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1419699 + NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a +CVE-2017-5897 (The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allo ...) + {DSA-3791-1} + - linux 4.9.13-1 + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756 + NOTE: Introduced by: https://github.com/torvalds/linux/commit/c12b395a46646bab69089ce7016ac78177f6001f (3.7-rc1) +CVE-2017-5890 + RESERVED +CVE-2017-5889 + RESERVED +CVE-2017-5888 + RESERVED +CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypas ...) + NOT-FOR-US: Starscream +CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message an ...) + {DLA-831-1} + - gtk-vnc 0.6.0-3 (bug #854450) + [jessie] - gtk-vnc (Minor issue) + NOTE: http://openwall.com/lists/oss-security/2017/02/05/5 +CVE-2017-5884 (gtk-vnc before 0.7.0 does not properly check boundaries of subrectangl ...) + {DLA-831-1} + - gtk-vnc 0.6.0-3 (bug #854450) + [jessie] - gtk-vnc (Minor issue) + NOTE: Scope of the CVE is all of https://bugzilla.gnome.org/show_bug.cgi?id=778048#c1 + NOTE: http://openwall.com/lists/oss-security/2017/02/05/5 +CVE-2017-5883 + RESERVED +CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in SANADATA Sana ...) + NOT-FOR-US: SanaCMS +CVE-2017-5881 (GOM Player 2.3.10.5266 allows remote attackers to cause a denial of se ...) + NOT-FOR-US: GOM Player +CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x bef ...) + NOT-FOR-US: Splunk +CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL inj ...) + NOT-FOR-US: Exponent CMS +CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restric ...) + NOT-FOR-US: AMF unmarshallers in Red5 Media Server +CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial ...) + - tigervnc 1.7.0-1 + NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012 +CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ker ...) + {DLA-922-1} + - linux 4.8.15-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7) +CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in l ...) + {DSA-3784-1 DLA-820-1} + - viewvc 1.1.26-1 (bug #854681) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/08/7 + NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad +CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows rem ...) + - openpyxl 2.3.0-3 (bug #854442) + [jessie] - openpyxl (vulnerable code not present) + [wheezy] - openpyxl (vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/07/5 + NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749 + NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 +CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...) + - libapache2-mod-auth-openidc 2.1.5-1 + [jessie] - libapache2-mod-auth-openidc (Minor issue) + NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212 +CVE-2017-6062 (The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka ...) + - libapache2-mod-auth-openidc 2.1.5-1 + [jessie] - libapache2-mod-auth-openidc (support for OIDCUnAuthAction added in 1.8.5rc1) + NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222 +CVE-2017-XXXX [irssi memory leak] + - irssi 1.0.1-1 (bug #855108) + [jessie] - irssi (support for sasl not present) + [wheezy] - irssi (support for sasl not present) + NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144 + NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8 +CVE-2017-XXXX [irssi missing null terminator] + - irssi 1.0.1-1 (unimportant) + NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6 + NOTE: CVE Request: https://www.openwall.com/lists/oss-security/2017/02/05/8 +CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows r ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows remo ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlie ...) + - zoneminder 1.30.4+dfsg-1 (bug #854272) + [jessie] - zoneminder (Minor issue) + [wheezy] - zoneminder (Minor issue) +CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel th ...) + {DLA-1200-1} + - linux 4.9.10-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1) + NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1) +CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken f ...) + {DLA-929-1} + - libpodofo 0.9.4-5 (bug #854604) + [jessie] - libpodofo (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837 +CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...) + NOT-FOR-US: dotCMS +CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack aga ...) + NOT-FOR-US: dotCMS +CVE-2017-5875 (XSS was discovered in dotCMS 3.7.0, with an authenticated attack again ...) + NOT-FOR-US: dotCMS +CVE-2017-5874 (CSRF exists on D-Link DIR-600M Rev. Cx devices before v3.05ENB01_beta_ ...) + NOT-FOR-US: D-Link +CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service in Uni ...) + NOT-FOR-US: Unisys +CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with TCP- ...) + NOT-FOR-US: Unisys ClearPath +CVE-2017-5871 (Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Op ...) + - odoo (Fixed before initial upload to Debian) +CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin 3.0.1 ...) + NOT-FOR-US: ViMbAdmin +CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...) + NOT-FOR-US: Nuxeo +CVE-2017-5868 (CRLF injection vulnerability in the web interface in OpenVPN Access Se ...) + NOT-FOR-US: OpenVPN Access Server +CVE-2017-5867 (ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, ...) + - owncloud +CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud Server ...) + - owncloud +CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, 8.2 ...) + - owncloud +CVE-2017-5864 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5863 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incor ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5862 + RESERVED +CVE-2017-5861 + REJECTED +CVE-2017-5860 + RESERVED +CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a vu ...) + NOT-FOR-US: Cambium Networks cnPilot +CVE-2017-5858 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + NOT-FOR-US: converse.js +CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers t ...) + - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) + [jessie] - libplist (Minor issue) + [wheezy] - libplist (pointers are not incorrectly freed and non-string key nodes are officially allowed) + NOTE: https://github.com/libimobiledevice/libplist/issues/86 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 +CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory a ...) + {DLA-2168-1 DLA-840-1} + - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) + NOTE: https://github.com/libimobiledevice/libplist/issues/88 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 +CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers ...) + {DLA-2168-1 DLA-840-1} + - libplist 1.12+git+1+e37ca00-0.1 (bug #854000) + NOTE: https://github.com/libimobiledevice/libplist/issues/89 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/6 +CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass Poli ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass Po ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5827 (A reflected cross site scripting vulnerability in HPE Aruba ClearPass ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5826 (An authenticated remote code execution vulnerability in HPE Aruba Clea ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5825 (A privilege escalation vulnerability in HPE Aruba ClearPass Policy Man ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5824 (An unauthenticated remote code execution vulnerability in HPE Aruba Cl ...) + NOT-FOR-US: HPE Aruba ClearPass Policy Manager +CVE-2017-5823 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5822 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5821 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5820 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5819 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5818 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...) + NOT-FOR-US: HPE +CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network Automatio ...) + NOT-FOR-US: HPE +CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network Autom ...) + NOT-FOR-US: HPE +CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation versio ...) + NOT-FOR-US: HPE +CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...) + NOT-FOR-US: HPE +CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) + NOT-FOR-US: HPE +CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) + NOT-FOR-US: HPE +CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...) + NOT-FOR-US: HPE +CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop Server ...) + NOT-FOR-US: HPE NonStop Servers +CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...) + NOT-FOR-US: HPE Vertica Analytics Platform +CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business Pro ...) + NOT-FOR-US: HPE Business Process Monitor +CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations Br ...) + NOT-FOR-US: HPE Operations Bridge Analytics +CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...) + NOT-FOR-US: HPE OpenCall Media Platform +CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ( ...) + NOT-FOR-US: HPE OpenCall Media Platform +CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in HP ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 S ...) + NOT-FOR-US: HPE 2620 Series Network Switches +CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent Manag ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent Mana ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent Man ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management Ce ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent Manageme ...) + NOT-FOR-US: HPE Intelligent Management Center + NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200 +CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE Intell ...) + NOT-FOR-US: HPE Intelligent Management Center +CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before ...) + NOT-FOR-US: HPE LoadRunner + NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200 +CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE NonSt ...) + NOT-FOR-US: HPE NonStop Software Essentials +CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control Reposi ...) + NOT-FOR-US: HPE Version Control Manager +CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE OfficeConn ...) + NOT-FOR-US: HPE OfficeConnect Network Switches +CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating Environmen ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating Environmen ...) + NOT-FOR-US: HPE Matrix Operating Environment +CVE-2017-5779 + REJECTED +CVE-2017-5778 + REJECTED +CVE-2017-5777 + REJECTED +CVE-2017-5776 + REJECTED +CVE-2017-5775 + REJECTED +CVE-2017-5774 + REJECTED +CVE-2017-5773 + REJECTED +CVE-2017-5772 + REJECTED +CVE-2017-5771 + REJECTED +CVE-2017-5770 + REJECTED +CVE-2017-5769 + REJECTED +CVE-2017-5768 + REJECTED +CVE-2017-5767 + REJECTED +CVE-2017-5766 + REJECTED +CVE-2017-5765 + REJECTED +CVE-2017-5764 + REJECTED +CVE-2017-5763 + REJECTED +CVE-2017-5762 + REJECTED +CVE-2017-5761 + REJECTED +CVE-2017-5760 + REJECTED +CVE-2017-5759 + REJECTED +CVE-2017-5758 + REJECTED +CVE-2017-5757 + REJECTED +CVE-2017-5756 + REJECTED +CVE-2017-5755 + REJECTED +CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and indir ...) + {DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1} + - linux 4.14.12-1 + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 + [jessie] - nvidia-graphics-drivers 340.106-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + - linux-grsec + - xen 4.11.1~pre+1.733450b39b-1 + [stretch] - xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u4 + [jessie] - xen (Too intrusive to backport) + NOTE: https://meltdownattack.com/ + NOTE: https://xenbits.xen.org/xsa/advisory-254.html + NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html + NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html + NOTE: Paper: https://meltdownattack.com/meltdown.pdf + NOTE: https://01.org/security/advisories/intel-oss-10003 +CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and branc ...) + {DSA-4188-1 DSA-4187-1 DLA-1731-1 DLA-1423-1 DLA-1422-1} + - linux 4.15.11-1 + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 + [jessie] - nvidia-graphics-drivers 340.106-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + - linux-grsec + NOTE: https://spectreattack.com/ + NOTE: https://xenbits.xen.org/xsa/advisory-254.html + NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html + NOTE: Paper: https://spectreattack.com/spectre.pdf + NOTE: https://01.org/security/advisories/intel-oss-10002 +CVE-2017-5752 + REJECTED +CVE-2017-5751 + REJECTED +CVE-2017-5750 + REJECTED +CVE-2017-5749 + REJECTED +CVE-2017-5748 + REJECTED +CVE-2017-5747 + REJECTED +CVE-2017-5746 + REJECTED +CVE-2017-5745 + REJECTED +CVE-2017-5744 + REJECTED +CVE-2017-5743 + REJECTED +CVE-2017-5742 + REJECTED +CVE-2017-5741 + REJECTED +CVE-2017-5740 + REJECTED +CVE-2017-5739 + REJECTED +CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite ...) + NOT-FOR-US: Intel Unite App +CVE-2017-5737 + REJECTED +CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...) + NOT-FOR-US: Intel +CVE-2017-5735 + REJECTED +CVE-2017-5734 + REJECTED +CVE-2017-5733 + REJECTED +CVE-2017-5732 + REJECTED +CVE-2017-5731 (Bounds checking in Tianocompress before November 7, 2017 may allow an ...) + NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=686 + NOTE: https://bugzilla.tianocore.org/attachment.cgi?id=150 + NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/edk-ii-tianocompress-bounds-checking-issues.html +CVE-2017-5730 + REJECTED +CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and T ...) + NOT-FOR-US: Intel +CVE-2017-5728 + REJECTED +CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 1 ...) + NOT-FOR-US: Intel +CVE-2017-5726 + REJECTED +CVE-2017-5725 + REJECTED +CVE-2017-5724 + REJECTED +CVE-2017-5723 + REJECTED +CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, N ...) + NOT-FOR-US: Intel +CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...) + NOT-FOR-US: Intel +CVE-2017-5720 + REJECTED +CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...) + NOT-FOR-US: Intel +CVE-2017-5718 + REJECTED +CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics Dr ...) + NOT-FOR-US: Intel graphics driver +CVE-2017-5716 + REJECTED +CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...) + {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-2743-1 DLA-2148-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} + - linux 4.15.11-1 + - intel-microcode 3.20180425.1 + [stretch] - intel-microcode 3.20180425.1~deb9u1 + [jessie] - intel-microcode 3.20180425.1~deb8u1 + - amd64-microcode 3.20180515.1 + NOTE: https://spectreattack.com/ + NOTE: https://xenbits.xen.org/xsa/advisory-254.html + NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html + NOTE: Paper: https://spectreattack.com/spectre.pdf + NOTE: https://www.suse.com/de-de/support/kb/doc/?id=7022512 + NOTE: https://www.suse.com/support/update/announcement/2018/suse-su-20180009-1/ + NOTE: For the required microcode updates in advance: + NOTE: intel-microcode: https://bugs.debian.org/886367 + NOTE: intel-microcode: Some microcode updates to partially adress CVE-2017-5715 included in 3.20171215.1 + NOTE: Further updates in 3.20180312.1 + NOTE: amd64-microcode: https://bugs.debian.org/886382 + NOTE: amd64-microcode updates in 3.20180515.1 + - qemu 1:2.12~rc3+dfsg-1 (bug #886532) + - qemu-kvm + NOTE: Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html + NOTE: to pass thorugh new MSR and CPUID flags from the host VM to the CPU, to + NOTE: allow (future) enabling/disabling ranch prediction features in the Intel + NOTE: CPU. + - virtualbox 5.2.6-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) + - nvidia-graphics-drivers 384.111-1 (bug #886852) + [stretch] - nvidia-graphics-drivers 384.111-4~deb9u1 + [jessie] - nvidia-graphics-drivers 340.106-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.106-1 + [stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1 + - nvidia-graphics-drivers-legacy-304xx + [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) + - linux-grsec + - xen 4.11.1~pre+1.733450b39b-1 + [jessie] - xen (Too intrusive to backport) +CVE-2017-5714 + REJECTED +CVE-2017-5713 + REJECTED +CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel Managea ...) + NOT-FOR-US: Intel +CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in Int ...) + NOT-FOR-US: Intel +CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted Execution En ...) + NOT-FOR-US: Intel +CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server Platform Serv ...) + NOT-FOR-US: Intel +CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability Engine ...) + NOT-FOR-US: Intel +CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution Engine ...) + NOT-FOR-US: Intel +CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Services ...) + NOT-FOR-US: Intel +CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine Firm ...) + NOT-FOR-US: Intel +CVE-2017-5704 (Platform sample code firmware included with 4th Gen Intel Core Process ...) + NOT-FOR-US: Intel +CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel platfo ...) + NOT-FOR-US: Intel +CVE-2017-5702 + REJECTED +CVE-2017-5701 (Insecure platform configuration in system firmware for Intel NUC7i3BNK ...) + NOT-FOR-US: Intel +CVE-2017-5700 (Insufficient protection of password storage in system firmware for Int ...) + NOT-FOR-US: Intel +CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior ...) + NOT-FOR-US: Intel MinnowBoard 3 Firmware + NOTE: https://edk2-docs.gitbooks.io/security-advisory/content/uefi-variable-deletioncorruption.html +CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...) + NOT-FOR-US: Intel +CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of Inte ...) + NOT-FOR-US: Intel +CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, a ...) + NOT-FOR-US: Intel +CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Drive C ...) + NOT-FOR-US: Intel +CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive P ...) + NOT-FOR-US: Intel +CVE-2017-5693 (Firmware in the Intel Puma 5, 6, and 7 Series might experience resourc ...) + NOT-FOR-US: Intel Puma +CVE-2017-5692 (Out-of-bounds read condition in older versions of some Intel Graphics ...) + NOT-FOR-US: Intel Graphics Driver for Windows +CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...) + NOT-FOR-US: Intel CPUs +CVE-2017-5690 + REJECTED +CVE-2017-5689 (An unprivileged network attacker could gain system privileges to provi ...) + NOT-FOR-US: Intel AMT +CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid S ...) + NOT-FOR-US: Intel Solid State Drive Toolbox +CVE-2017-5687 + REJECTED +CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) + NOT-FOR-US: BIOS in Intel NUC systems +CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors p ...) + NOT-FOR-US: BIOS in Intel NUC systems +CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core pr ...) + NOT-FOR-US: BIOS in Intel NUC systems +CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Acc ...) + NOT-FOR-US: Intel Hardware Accelerated Execution Manager +CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, In ...) + NOT-FOR-US: Intel PSET +CVE-2017-5680 + REJECTED +CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6-beta ...) + {DSA-3789-1 DLA-824-1} + - libevent 2.0.21-stable-3 (bug #854092) + NOTE: https://github.com/libevent/libevent/issues/332 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 +CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...) + {DSA-3789-1 DLA-824-1} + - libevent 2.0.21-stable-3 (bug #854092) + NOTE: https://github.com/libevent/libevent/issues/318 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 +CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta allow ...) + {DSA-3789-1 DLA-824-1} + - libevent 2.0.21-stable-3 (bug #854092) + NOTE: https://github.com/libevent/libevent/issues/317 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/17 +CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...) + {DSA-3818-1 DLA-2164-1 DLA-830-1} + - gst-plugins-bad1.0 1.10.4-1 (low) + - gst-plugins-bad0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957 + NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3 +CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gs ...) + {DSA-3821-1 DLA-2226-1 DLA-829-1} + - gst-plugins-ugly1.0 1.10.4-1 (low) + - gst-plugins-ugly0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955 + NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37 +CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in gst/asfdemux/gs ...) + {DSA-3821-1 DLA-2226-1 DLA-829-1} + - gst-plugins-ugly1.0 1.10.3-1 (low) + - gst-plugins-ugly0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937 +CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...) + {DSA-3820-1} + - gst-plugins-good1.0 1.10.3-1 (low) + - gst-plugins-good0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532 +CVE-2017-5844 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) + {DSA-3819-1 DLA-2126-1 DLA-827-1} + - gst-plugins-base1.0 1.10.3-1 (low) + - gst-plugins-base0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525 +CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unr ...) + {DSA-3818-1 DLA-2164-1 DLA-830-1} + - gst-plugins-bad1.0 1.10.3-1 + - gst-plugins-bad0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503 +CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c i ...) + {DSA-3819-1} + - gst-plugins-base1.0 1.10.3-1 + - gst-plugins-base0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502 +CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst- ...) + {DSA-3820-1} + - gst-plugins-good1.0 1.10.3-1 (low) + - gst-plugins-good0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500 +CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plug ...) + {DSA-3820-1 DLA-2225-1 DLA-828-1} + - gst-plugins-good1.0 1.10.3-1 (low) + - gst-plugins-good0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469 +CVE-2017-5839 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) + {DSA-3819-1} + - gst-plugins-base1.0 1.10.3-1 + - gst-plugins-base0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265 +CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in gst/gstdatetime. ...) + {DSA-3822-1} + - gstreamer1.0 1.10.3-1 (low) + - gstreamer0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263 +CVE-2017-5837 (The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-medi ...) + {DSA-3819-1 DLA-2126-1 DLA-827-1} + - gst-plugins-base1.0 1.10.3-1 (low) + - gst-plugins-base0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262 +CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-p ...) + {DSA-3820-1} + - gst-plugins-good1.0 1.10.3-1 (low) + - gst-plugins-good0.10 (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451 +CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacpars ...) + {DSA-3820-1 DLA-2225-1 DLA-828-1} + - gst-plugins-good1.0 1.10.3-1 (low) + - gst-plugins-good0.10 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/7 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450 +CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy] + - iio-sensor-proxy 2.0-4 (bug #853951) +CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0. ...) + - ffmpeg 7:3.2.2-1 + - libav (Vulnerable code not present in libav, only in ffmpeg) + NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 +CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2 ...) + {DLA-1611-1} + - ffmpeg 7:3.2.2-1 + - libav + NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 +CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8. ...) + {DLA-1611-1} + - ffmpeg 7:3.2.2-1 + - libav + NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa + NOTE: https://www.openwall.com/lists/oss-security/2017/01/31/12 +CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...) + - mp3splt (unimportant) + NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options + NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c + NOTE: No security impact, crash in CLI tool +CVE-2017-5679 + RESERVED +CVE-2017-5678 + REJECTED +CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerab ...) + NOT-FOR-US: PEAR HTML_AJAX + NOTE: http://karmainsecurity.com/KIS-2017-01 +CVE-2017-5676 + RESERVED +CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in hw/display/vir ...) + - qemu 1:2.8+dfsg-3 (bug #853996; unimportant) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382 + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/21 +CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c i ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-3 (bug #853996) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/01/19 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342 +CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to e ...) + NOT-FOR-US: espeak-ruby Ruby gem +CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute arbi ...) + NOT-FOR-US: festivaltts4r +CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection functi ...) + {DLA-929-1} + - libpodofo 0.9.4-1 (bug #854599) + [jessie] - libpodofo (Minor issue) + NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/ + NOTE: https://sourceforge.net/p/podofo/code/1672 +CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...) + - libpodofo 0.9.4-6 (bug #854603) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843 +CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ca ...) + - libpodofo 0.9.5-9 (bug #854602) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + [wheezy] - libpodofo (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876 + NOTE: duplicate CVE: CVE-2018-5308 +CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote a ...) + {DLA-929-1} + - libpodofo 0.9.4-5 (bug #854601) + [jessie] - libpodofo (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/ + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/ +CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in base/PdfVar ...) + {DLA-929-1} + - libpodofo 0.9.5-7 (low; bug #854600) + [stretch] - libpodofo (Minor issue) + [jessie] - libpodofo (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp + NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1838 + NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1841 + NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/ +CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRG ...) + - netpbm-free (vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/02/02/2 + NOTE: Debian uses an unaffected fork: + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8 +CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service ...) + NOT-FOR-US: OpenBSD httpd +CVE-2017-5833 (Cross-site scripting (XSS) vulnerability in the invocation code genera ...) + NOT-FOR-US: Revive Adserver +CVE-2017-5832 (Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0 ...) + NOT-FOR-US: Revive Adserver +CVE-2017-5831 (Session fixation vulnerability in the forgot password mechanism in Rev ...) + NOT-FOR-US: Revive Adserver +CVE-2017-5830 (Revive Adserver before 4.0.1 allows remote attackers to execute arbitr ...) + NOT-FOR-US: Revive Adserver +CVE-2017-5675 (A command-injection vulnerability exists in a web application on a cus ...) + NOT-FOR-US: GoAhead Web Server +CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, V ...) + NOT-FOR-US: GoAhead Web Server +CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum mes ...) + NOT-FOR-US: Joomla extension +CVE-2017-5672 (Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnera ...) + NOT-FOR-US: Kony Enterprise Mobile Management +CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 indust ...) + NOT-FOR-US: Honeywell +CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm progr ...) + NOT-FOR-US: Riverbed RiOS +CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.13-1 + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931 +CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...) + - mp3splt (unimportant; bug #854278) + NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c + NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ + NOTE: Negligable security impact +CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allo ...) + - mp3splt (unimportant) + NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c + NOTE: https://sourceforge.net/p/mp3splt/bugs/209/ + NOTE: No security impact, crash in CLI tool +CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requires th ...) + {DSA-3892-1 DSA-3891-1 DLA-996-1} + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.14-2 (bug #864447) + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 6.0.41-3 + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie + [wheezy] - tomcat6 (Not supported in Wheezy) + NOTE: https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E + NOTE: Fixed by: http://svn.apache.org/r1793469 (8.5.x) + NOTE: Fixed by: http://svn.apache.org/r1793488 (8.5.x) + NOTE: Fixed by: http://svn.apache.org/r1793489 (8.0.x) + NOTE: Fixed by: http://svn.apache.org/r1793470 (8.0.x) + NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x) + NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x) +CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incub ...) + NOT-FOR-US: Apache Fineract +CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the serve ...) + {DSA-4215-1 DLA-926-1} + - batik 1.9-1 (bug #860566) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/1 + NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139 + NOTE: Fixed by: http://svn.apache.org/r1743326 + NOTE: Similar issue to CVE-2015-0250 +CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server ...) + {DSA-3864-1 DLA-927-1} + - fop 1:2.1-6 (bug #860567) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/18/2 + NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668 + NOTE: Fixed by: http://svn.apache.org/r1769967 + NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6) +CVE-2017-5660 (There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and prio ...) + {DSA-4128-1} + - trafficserver 7.1.2+ds-1 + [wheezy] - trafficserver (Vulnerable code not present) + NOTE: https://github.com/apache/trafficserver/pull/1657 + NOTE: https://issues.apache.org/jira/browse/TS-4930 +CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...) + - trafficserver 7.0.0-1 + [wheezy] - trafficserver (PoC doesn't crash the server, fix too hard to backport) + NOTE: https://issues.apache.org/jira/browse/TS-4507 + NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above) + NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb + NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153 +CVE-2017-5658 (The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to b ...) + NOT-FOR-US: Apache Pony Mail +CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected aga ...) + NOT-FOR-US: Apache Archiva +CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of c ...) + NOT-FOR-US: Apache CXF +CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be ...) + NOT-FOR-US: Apache Ambari +CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of ...) + NOT-FOR-US: Apache Ambari +CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...) + NOT-FOR-US: Apache CXF +CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...) + NOT-FOR-US: Impala +CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...) + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.11-2 (bug #860071) + [jessie] - tomcat8 (Only affects 8.5 and later) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/21 + NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x) +CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...) + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.11-2 (bug #860070) + [jessie] - tomcat8 (Only affects 8.5 and later) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/22 + NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x) +CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by sett ...) + NOT-FOR-US: Apache Geode +CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to appli ...) + {DSA-3843-1 DSA-3842-1 DLA-924-1} + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.11-2 (bug #860069) + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 (Only affects 7.0 an later) + NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/23 + NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x) + NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x) + NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x) +CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...) + {DSA-3843-1 DSA-3842-1 DLA-924-1} + - tomcat9 (Fixed before initial upload to Debian) + - tomcat8 8.5.11-2 (bug #860068) + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 6.0.41-3 + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie + NOTE: https://www.openwall.com/lists/oss-security/2017/04/10/24 + NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x) + NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x) + NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x) + NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x) + NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x) + NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x) +CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated us ...) + NOT-FOR-US: Apache Knox +CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...) + - apache-log4j2 2.7-2 (bug #860489) + [jessie] - apache-log4j2 (Minor issue, no consumers of liblog4j2-java in Jessie) + NOTE: https://issues.apache.org/jira/browse/LOG4J2-1863 + NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d +CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers t ...) + - libapache-poi-java 3.17-1 (bug #858301) + [stretch] - libapache-poi-java (Minor issue) + [jessie] - libapache-poi-java (Minor issue) + [wheezy] - libapache-poi-java (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2017/03/20/9 +CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via rem ...) + NOT-FOR-US: Apache Camel +CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artif ...) + NOT-FOR-US: Apache Ambari +CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not r ...) + NOT-FOR-US: Apache Flex BlazeDS +CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...) + NOT-FOR-US: Impala +CVE-2017-5639 + REJECTED +CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 an ...) + - libstruts1.2-java (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10) + NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045 +CVE-2017-5637 (Two four letter word commands "wchp/wchc" are CPU intensive and could ...) + {DSA-3871-1 DLA-986-1} + - zookeeper 3.4.9-3 (bug #863811) + NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693 +CVE-2017-5636 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...) + NOT-FOR-US: Apache NiFi +CVE-2017-5635 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environm ...) + NOT-FOR-US: Apache NiFi +CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows phy ...) + NOT-FOR-US: Norwegian +CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Li ...) + NOT-FOR-US: D-Link +CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with Firmw ...) + NOT-FOR-US: Asus router +CVE-2017-5631 (An issue was discovered in KMCIS CaseAware. Reflected cross site scrip ...) + NOT-FOR-US: KMCIS CaseAware +CVE-2017-5630 (PECL in the download utility class in the Installer in PEAR Base Syste ...) + - php5 (unimportant) + - php-pear (unimportant) + NOTE: https://pear.php.net/bugs/bug.php?id=21171 + NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway +CVE-2017-5629 + RESERVED +CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fas ...) + NOT-FOR-US: OxygenOS +CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized ...) + NOT-FOR-US: OxygenOS +CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...) + NOT-FOR-US: OxygenOS +CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T d ...) + NOT-FOR-US: OxygenOS +CVE-2017-5622 (With OxygenOS before 4.0.3, when a charger is connected to a powered-o ...) + NOT-FOR-US: OxygenOS +CVE-2017-5621 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) + - zammad (bug #841355) +CVE-2017-5620 (An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3 ...) + - zammad (bug #841355) +CVE-2017-5619 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, an ...) + - zammad (bug #841355) +CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in Se ...) + - serendipity +CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x befo ...) + NOT-FOR-US: Splunk +CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + NOT-FOR-US: Xabber +CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + NOT-FOR-US: Movim +CVE-2017-5604 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - mcabber 1.0.4-1.1 (bug #854738) + [jessie] - mcabber (XEP-0280: Message Carbons not implemented) + [wheezy] - mcabber (XEP-0280: Message Carbons not implemented) +CVE-2017-5603 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - jitsi (bug #854737) +CVE-2017-5602 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - jappix (bug #619347) +CVE-2017-5601 (An error in the lha_read_file_header_1() function (archive_read_suppor ...) + {DLA-1600-1 DLA-810-1} + - libarchive 3.2.1-6 (bug #853278) + NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 + NOTE: https://secunia.com/secunia_research/2017-3/ +CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. /var/miniupnpd. ...) + NOT-FOR-US: D-Link +CVE-2016-10185 (An issue was discovered on the D-Link DWR-932B router. A secure_mode=n ...) + NOT-FOR-US: D-Link +CVE-2016-10184 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows f ...) + NOT-FOR-US: D-Link +CVE-2016-10183 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows d ...) + NOT-FOR-US: D-Link +CVE-2016-10182 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows c ...) + NOT-FOR-US: D-Link +CVE-2016-10181 (An issue was discovered on the D-Link DWR-932B router. qmiweb provides ...) + NOT-FOR-US: D-Link +CVE-2016-10180 (An issue was discovered on the D-Link DWR-932B router. WPS PIN generat ...) + NOT-FOR-US: D-Link +CVE-2016-10179 (An issue was discovered on the D-Link DWR-932B router. There is a hard ...) + NOT-FOR-US: D-Link +CVE-2016-10178 (An issue was discovered on the D-Link DWR-932B router. HELODBG on port ...) + NOT-FOR-US: D-Link +CVE-2016-10177 (An issue was discovered on the D-Link DWR-932B router. Undocumented TE ...) + NOT-FOR-US: D-Link +CVE-2016-10176 (The NETGEAR WNR2000v5 router allows an administrator to perform sensit ...) + NOT-FOR-US: Netgear +CVE-2016-10175 (The NETGEAR WNR2000v5 router leaks its serial number when performing a ...) + NOT-FOR-US: Netgear +CVE-2016-10174 (The NETGEAR WNR2000v5 router contains a buffer overflow in the hidden_ ...) + NOT-FOR-US: Netgear +CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending o ...) + NOT-FOR-US: Gentoo ebuilds dir permissions at install time +CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-3 (bug #853996) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/2 +CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a deni ...) + - bitlbee 3.5.1-1 (bug #853282) + [jessie] - bitlbee (Incomplete fix for CVE-2016-10189 not applied) + [wheezy] - bitlbee (Incomplete fix for CVE-2016-10189 not applied) + NOTE: https://bugs.bitlbee.org/ticket/1282 + NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 + NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189 +CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of servic ...) + {DSA-3853-1 DLA-832-1} + - bitlbee 3.5-1 + NOTE: https://bugs.bitlbee.org/ticket/1282 + NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 + NOTE: When fixing this CVE make sure to apply as well + NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 + NOTE: to not open CVE-2017-5668 +CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows re ...) + {DSA-3853-1 DLA-832-1} + - bitlbee 3.5-1 + NOTE: https://bugs.bitlbee.org/ticket/1281 + NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/30/4 +CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does no ...) + - firejail 0.9.44.6-1 + NOTE: Changelog mentions the new fix for CVE-2017-5180 in RELNOTES for 0.9.44.6 + NOTE: an needs series of commits after 0.9.44.4 + NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES + NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6) + NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/4 +CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to re ...) + {DLA-859-1} + - calibre 2.75.1+dfsg-1 (low; bug #853004) + [jessie] - calibre (Minor issue) + NOTE: Upstream report: https://launchpad.net/bugs/1651728 + NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c + NOTE: https://www.openwall.com/lists/oss-security/2017/01/29/8 +CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in ...) + - s-nail 14.8.16-1 (bug #852934) + NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html + NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160 + NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf + NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/7 +CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10 ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=8f62ea10a0af68e56d5c00720523ebcba13c2e6a + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697496 +CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before 4006739a ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=4006739a28367c708dea19aeb19b8a1a9326ce08 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697497 +CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web app ...) + {DSA-3781-1 DLA-816-1} + - svgsalamander 1.1.1+dfsg-2 (bug #853134) + NOTE: https://github.com/blackears/svgSalamander/issues/11 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/3 +CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function ...) + - piwigo +CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 ...) + NOT-FOR-US: NetApp OnCommand Insight +CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + NOT-FOR-US: eClinicalWorks +CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. Thi ...) + NOT-FOR-US: eClinicalWorks +CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in wp-admin/includes/class-wp ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.2+dfsg-1 (bug #852767) + NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 +CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Qu ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.2+dfsg-1 (bug #852767) + NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb + NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 +CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress b ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.2+dfsg-1 (bug #852767) + NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/27/2 +CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in web/views/file ...) + {DLA-1145-1} + - zoneminder 1.30.4+dfsg-1 (bug #854733) + NOTE: Check https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3 +CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this vulnerab ...) + NOT-FOR-US: Pagekit CMS +CVE-2017-5593 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - psi-plus (vulnerable code not present, XEP-0280 not implemented) +CVE-2017-5592 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - profanity 0.5.1-1 (bug #854735) + [jessie] - profanity (Vulnerable code not present) +CVE-2017-5591 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + - sleekxmpp 1.3.1-6 (bug #854739) + [jessie] - sleekxmpp (vulnerable code not present, XEP-0280 not implemented) + [wheezy] - sleekxmpp (vulnerable code not present, XEP-0280 not implemented) + - slixmpp 1.2.2-1.1 (bug #854740) +CVE-2017-5590 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + NOT-FOR-US: ChatSecure / Zom +CVE-2017-5589 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...) + NOT-FOR-US: yaxim / Bruno +CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and archiv ...) + {DSA-3778-1 DLA-808-1} + - ruby-minitar 0.5.4-3.1 (bug #853075) + - ruby-archive-tar-minitar (bug #853249) + NOTE: https://github.com/halostatue/minitar/issues/16 + NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4 + NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740 +CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before 5. ...) + - wavpack 5.0.0-2 (bug #853076) + [jessie] - wavpack (Vulnerable code not present) + [wheezy] - wavpack (Vulnerable code not present) + NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/ + NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) +CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before 5. ...) + - wavpack 5.0.0-2 (bug #853076) + [jessie] - wavpack (Vulnerable code not present) + [wheezy] - wavpack (Vulnerable code not present) + NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/ + NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) +CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 all ...) + - wavpack 5.0.0-2 (bug #853076) + [jessie] - wavpack (Vulnerable code not present) + [wheezy] - wavpack (Vulnerable code not present) + NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/ + NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) +CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...) + - wavpack 5.0.0-2 (bug #853076) + [wheezy] - wavpack (Minor issue) + NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/ + NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0) +CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in gd_interpol ...) + {DSA-3777-1} + - libgd2 2.2.4-1 + [wheezy] - libgd2 (Vulnerable code not present) + NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 +CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics Li ...) + {DSA-3777-1 DLA-804-1} + - php7.1 7.1.1-1 (unimportant) + - php7.0 7.0.15-1 (unimportant) + - php5 (unimportant) + [jessie] - php5 5.6.30+dfsg-0+deb8u1 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73868 + NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30 + - libgd2 2.2.4-1 + NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f + NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 +CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) bef ...) + {DSA-3777-1 DLA-804-1} + - php7.1 7.1.1-1 (unimportant) + - php7.0 7.0.15-1 (unimportant) + - php5 (unimportant) + [jessie] - php5 5.6.30+dfsg-0+deb8u1 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73869 + NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30 + - libgd2 2.2.4-1 + NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/26/1 +CVE-2017-5588 + RESERVED +CVE-2017-5587 + RESERVED +CVE-2017-5586 (OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote ...) + NOT-FOR-US: OpenText Documentum D2 +CVE-2017-5585 (OpenText Documentum Content Server (formerly EMC Documentum Content Se ...) + NOT-FOR-US: OpenText Documentum Content Server +CVE-2017-5584 (Cross-site scripting (XSS) vulnerability in the Management Web Interfa ...) + NOT-FOR-US: Palo Alto Networks +CVE-2017-5583 (The Management Web Interface in Palo Alto Networks PAN-OS before 6.1.1 ...) + NOT-FOR-US: Palo Alto Networks +CVE-2017-5582 + RESERVED +CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2 ...) + - jasper + [jessie] - jasper (Minor issue) + [wheezy] - jasper (Minor issue) + NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/10 + NOTE: The POC only triggers an assertion failure but an overflow cannot be observed. +CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 all ...) + - jasper (unimportant) + NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/8 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows r ...) + - jasper (unimportant) + NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/25/9 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files a ...) + - screen 4.5.0-3 (bug #852484) + [stretch] - screen (Vulnerable code not present/never migrated to stretch) + [jessie] - screen (Vulnerable code not present) + [wheezy] - screen (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html + NOTE: https://savannah.gnu.org/bugs/?50142 + NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58 + NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/24/10 +CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector c ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.4+gcc3dc1b-1 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345 +CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector ...) + {DSA-3811-1 DLA-858-1} + - wireshark 2.2.4+gcc3dc1b-1 + NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html + NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344 +CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) all ...) + {DSA-3774-1 DLA-803-1} + - lcms2 2.8-4 (bug #852627) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357 + NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2 +CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program req ...) + {DSA-3772-1 DLA-801-1} + - libxpm 1:3.5.12-1 + NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/22/2 +CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in ...) + - virglrenderer 0.6.0-1 (bug #852603) + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944 +CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in Tig ...) + - tigervnc 1.7.0+dfsg-3 (bug #852213) + NOTE: https://github.com/TigerVNC/tigervnc/pull/399 + NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba +CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c i ...) + - virglrenderer 0.6.0-1 (bug #852604) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986 + NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=28894a30a17a84529be102b21118e55d6c9f23fa (0.6.0) + NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html +CVE-2017-5579 (Memory leak in the serial_exit_core function in hw/char/serial.c in QE ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-3 (bug #853002) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157 +CVE-2017-5578 (Memory leak in the virtio_gpu_resource_attach_backing function in hw/d ...) + - qemu 1:2.10.0-1 (unimportant) + [jessie] - qemu (Vulnerable code introduced later) + [wheezy] - qemu (Vulnerable code introduced later) + - qemu-kvm (Vulnerable code introduced later) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b (v2.9.0-rc0) + NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=62232bf48456bda4058ceae05851bc58c1032338 (v2.4.0) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795 + NOTE: Marked as unimportant, since 1:2.8+dfsg-2 upload reverts + NOTE: enable virtio gpu (virglrenderer) and opengl support +CVE-2017-5577 (The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the Video ...) + - linux 4.9.6-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/6b8ac63847bc2f958dd93c09edc941a0118992d9 + NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1) +CVE-2017-5576 (Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc ...) + - linux 4.9.6-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/0f2ff82e11c86c05d051cae32b58226392d33bbf + NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1) +CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS b ...) + NOT-FOR-US: GenixCMS +CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...) + NOT-FOR-US: GenixCMS +CVE-2017-5573 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...) + NOT-FOR-US: Citrix +CVE-2017-5572 (An issue was discovered in Linux Foundation xapi in Citrix XenServer t ...) + NOT-FOR-US: Citrix +CVE-2017-5571 (Open redirect vulnerability in the lmadmin component in Flexera FlexNe ...) + NOT-FOR-US: Flexera FlexNet Publisher +CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + NOT-FOR-US: eClinicalWorks +CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...) + NOT-FOR-US: eClinicalWorks +CVE-2017-5568 + RESERVED +CVE-2017-5567 (Code injection vulnerability in Avast Premier 12.3 (and earlier), Inte ...) + NOT-FOR-US: Avast +CVE-2017-5566 (Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG I ...) + NOT-FOR-US: AVG +CVE-2017-5565 (Code injection vulnerability in Trend Micro Maximum Security 11.0 (and ...) + NOT-FOR-US: Trend Micro +CVE-2017-5564 + RESERVED +CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read i ...) + - tiff (unimportant) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2664 + NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2 +CVE-2017-5562 + RESERVED +CVE-2017-5561 + RESERVED +CVE-2017-5560 + RESERVED +CVE-2017-5559 + RESERVED +CVE-2017-5558 + RESERVED +CVE-2017-5557 + RESERVED +CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF befo ...) + NOT-FOR-US: Foxit Reader +CVE-2017-5555 + RESERVED +CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4 ...) + NOT-FOR-US: OnePlus 3 / 3T OxygenOS +CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_m ...) + - b2evolution +CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...) + {DLA-2168-1 DLA-811-1} + - libplist 1.12+git+1+e37ca00-0.1 (low; bug #852385) + NOTE: https://github.com/libimobiledevice/libplist/issues/87 + NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee +CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches V210R240. ...) + NOT-FOR-US: FiberHome switches +CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote ...) + NOT-FOR-US: Subrion CMS +CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in template/usererror.missing ...) + NOT-FOR-US: Symphony CMS +CVE-2017-5541 (Directory traversal vulnerability in template/usererror.missing_extens ...) + NOT-FOR-US: Symphony CMS +CVE-2017-5540 + RESERVED +CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in b2evolution versi ...) + - b2evolution +CVE-2017-5536 (The GridServer Broker, and GridServer Director components of TIBCO Sof ...) + NOT-FOR-US: TIBCO GridServer +CVE-2017-5535 (The GridServer Broker, GridServer Driver, and GridServer Engine compon ...) + NOT-FOR-US: TIBCO GridServer +CVE-2017-5534 (The tibbr user profiles components of tibbr Community, and tibbr Enter ...) + NOT-FOR-US: tibbr +CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports Ser ...) + - jasperreports (bug #884131) + [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) + [wheezy] - jasperreports (cannot be supported due to lack of information) + NOTE: http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017 +CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO JasperReport ...) + - jasperreports (bug #884131) + [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) + [wheezy] - jasperreports (cannot be supported due to lack of information) + NOTE: https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532 +CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions 8.0 ...) + NOT-FOR-US: TIBCO +CVE-2017-5530 (The tibbr web server components of tibbr Community, and tibbr Enterpri ...) + NOT-FOR-US: tibbr +CVE-2017-5529 (JasperReports library components contain an information disclosure vul ...) + - jasperreports (bug #880467) + [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) + [wheezy] - jasperreports (cannot be supported due to lack of information) + NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 +CVE-2017-5528 (Multiple JasperReports Server components contain vulnerabilities which ...) + - jasperreports (bug #880467) + [jessie] - jasperreports (no detailed information available, only needed as build-dependency for Spring) + [wheezy] - jasperreports (cannot be supported due to lack of information) + NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 +CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x be ...) + NOT-FOR-US: TIBCO Spotfire Server +CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...) + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + NOTE: PHP Bug: https://bugs.php.net/73831 + NOTE: Fixed in 7.0.15, 7.1.1 +CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...) + {DSA-3783-1 DLA-818-1} + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/73825 + NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 +CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...) + {DSA-3783-1 DLA-818-1} + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/73768 + NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 +CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...) + {DSA-3783-1 DLA-818-1} + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/73764 + NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 +CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...) + {DSA-3783-1 DLA-818-1} + - php7.1 7.1.1-1 + - php7.0 7.0.15-1 + - php5 + NOTE: PHP Bug: https://bugs.php.net/73737 + NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1 +CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...) + NOT-FOR-US: Akamai NetSession +CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable s ...) + - systemd 229-1 + [jessie] - systemd (Vulnerability introduced in v228) + [wheezy] - systemd (Vulnerability introduced in v228) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601 + NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229) + NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228) +CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allow ...) + {DLA-869-1} + - cgiemail (bug #852031) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 +CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...) + {DLA-869-1} + - cgiemail (bug #852031) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 +CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote atta ...) + {DLA-869-1} + - cgiemail (bug #852031) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 +CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote atta ...) + {DLA-869-1} + - cgiemail (bug #852031) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/20/6 +CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-2 (low; bug #852232) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e +CVE-2016-10154 (The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x ...) + - linux 4.9.2-1 + [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1) +CVE-2016-10153 (The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 inte ...) + - linux 4.9.6-1 + [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1) +CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ba ...) + {DLA-796-1} + - hesiod 3.2.1-3.1 (low; bug #852093) + [stretch] - hesiod (Minor issue) + [jessie] - hesiod (Minor issue) + NOTE: https://github.com/achernya/hesiod/pull/10 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493 +CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...) + {DLA-796-1} + - hesiod 3.2.1-3.1 (low; bug #852094) + [stretch] - hesiod (Minor issue) + [jessie] - hesiod (Minor issue) + NOTE: https://github.com/achernya/hesiod/pull/9 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508 +CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function i ...) + - linux 4.8.15-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 (v4.9-rc8) + NOTE: Introduced by: https://git.kernel.org/linus/a28ebea2adc4a2bef5989a5a181ec238f59fbcad (v4.8-rc2) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414506 +CVE-2016-10148 (The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.p ...) + - wordpress 4.6.1+dfsg-1 + [jessie] - wordpress (wp_ajax_update_plugin function introduced in 4.2) + [wheezy] - wordpress (wp_ajax_update_plugin function introduced in 4.2) + NOTE: https://core.trac.wordpress.org/ticket/37490 + NOTE: https://core.trac.wordpress.org/changeset/38168 +CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in hw/displa ...) + - qemu 1:2.10.0-1 (bug #852119; unimportant) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 (v2.9.0-rc0) + NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for + NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is + NOTE: still present. +CVE-2017-5551 (The simple_set_acl function in fs/posix_acl.c in the Linux kernel befo ...) + {DSA-3791-1} + - linux 4.9.6-1 + [wheezy] - linux 3.2.84-1 + NOTE: Backported fix for CVE-2016-7097 already covered this CVE for wheezy + NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4) +CVE-2017-5550 (Off-by-one error in the pipe_advance function in lib/iov_iter.c in the ...) + - linux 4.9.6-1 + [jessie] - linux (Introduced in 4.9) + [wheezy] - linux (Introduced in 4.9) + NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4) + NOTE: Introduced by: https://github.com/torvalds/linux/commit/241699cd72a8489c9446ae3910ddd243e9b9061b (4.9-rc1) +CVE-2017-5549 (The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105. ...) + {DSA-3791-1 DLA-833-1} + - linux 4.9.6-1 + NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4) +CVE-2017-5548 (drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 ...) + - linux 4.9.6-1 + [jessie] - linux (Introduced in 4.9 in combination with VMAP_STACK) + [wheezy] - linux (Introduced in 4.9 in combination with VMAP_STACK) + NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655 +CVE-2017-5547 (drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 inter ...) + - linux 4.9.6-1 + [jessie] - linux (Vulnerable code introduced in v4.4-rc1) + [wheezy] - linux (Vulnerable code introduced in v4.4-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d +CVE-2017-5546 (The freelist-randomization feature in mm/slab.c in the Linux kernel 4. ...) + - linux 4.9.6-1 + [jessie] - linux (freelist randomisation introduced in 4.7) + [wheezy] - linux (freelist randomisation introduced in 4.7) + NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4) +CVE-2017-5538 (The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c i ...) + NOT-FOR-US: Samsung Exynos +CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers ...) + NOT-FOR-US: Plone +CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different er ...) + - weblate (bug #745661) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/18/11 +CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows l ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-2 (bug #851910) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da + NOTE: Sound device hotplug not supported by libvirt +CVE-2017-5525 (Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows loc ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-2 (bug #852021) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401 + NOTE: Sound device hotplug not supported by libvirt +CVE-2017-5523 + RESERVED +CVE-2017-5522 (Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6. ...) + {DSA-3766-1 DLA-790-1} + - mapserver 7.0.4-1 + NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html + NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df +CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page.) + - moodle 2.7.18+dfsg-1 + NOTE: https://moodle.org/mod/forum/discuss.php?d=345915 +CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of attributes i ...) + - moodle 2.7.18+dfsg-1 + NOTE: https://moodle.org/mod/forum/discuss.php?d=345912 +CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, ...) + NOT-FOR-US: NETGEAR +CVE-2017-5520 (The media rename feature in GeniXCMS through 0.0.8 does not consider a ...) + NOT-FOR-US: GenixCMS +CVE-2017-5519 (SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0 ...) + NOT-FOR-US: GenixCMS +CVE-2017-5518 (The media-file upload feature in GeniXCMS through 0.0.8 allows remote ...) + NOT-FOR-US: GenixCMS +CVE-2017-5517 (SQL injection vulnerability in author.control.php in GeniXCMS through ...) + NOT-FOR-US: GenixCMS +CVE-2017-5516 (Multiple cross-site scripting (XSS) vulnerabilities in the user forms ...) + NOT-FOR-US: GenixCMS +CVE-2017-5515 (Cross-site scripting (XSS) vulnerability in the user prompt function i ...) + NOT-FOR-US: GenixCMS +CVE-2017-5514 + RESERVED +CVE-2017-5513 + RESERVED +CVE-2017-5512 + RESERVED +CVE-2017-5497 + RESERVED +CVE-2017-5496 (Sawmill Enterprise 8.7.9 allows remote attackers to gain login access ...) + NOT-FOR-US: Sawmill Enterprise +CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbou ...) + - quagga 1.1.1-1 (bug #852454) + [jessie] - quagga (Minor issue) + [wheezy] - quagga (Minor issue) + NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783 + NOTE: http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=b7ceefea77a246fe5c1dcd1b91bf6079d1b97c02 + NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7d66284a5817a1613b1e4d64a0775ec04fdf8c01 +CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file types ...) + - b2evolution +CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in a ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print- ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in prin ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5481 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 a ...) + NOT-FOR-US: Trend Micro +CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php in b2evo ...) + - b2evolution +CVE-2017-5479 + RESERVED +CVE-2017-5478 + RESERVED +CVE-2017-5477 + RESERVED +CVE-2017-5476 (Serendipity through 2.0.5 allows CSRF for the installation of an event ...) + - serendipity +CVE-2017-5475 (comment.php in Serendipity through 2.0.5 allows CSRF in deleting any c ...) + - serendipity +CVE-2017-5474 (Open redirect vulnerability in comment.php in Serendipity through 2.0. ...) + - serendipity +CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 ...) + - ntopng 2.4+dfsg1-3 (bug #852109) + [jessie] - ntopng (Minor issue) + NOTE: https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3 + NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15 +CVE-2017-5472 (A use-after-free vulnerability with the frameloader during tree recons ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472 +CVE-2017-5471 (Memory safety bugs were reported in Firefox 53. Some of these bugs sho ...) + - firefox 54.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471 +CVE-2017-5470 (Memory safety bugs were reported in Firefox 53 and Firefox ESR 52.1. S ...) + {DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1} + - firefox 54.0-1 + - firefox-esr 52.2.0esr-1 + - icedove 1:52.2.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470 +CVE-2017-5469 (Fixed potential buffer overflows in generated Firefox code due to CVE- ...) + {DSA-3831-1 DLA-906-1} + - firefox-esr 45.9.0esr-1 + - firefox 52.0.1-1 +CVE-2017-5468 (An issue with incorrect ownership model of "privateBrowsing" informati ...) + - firefox 52.0.1-1 +CVE-2017-5467 (A potential memory corruption and crash when using Skia content when d ...) + - firefox 52.0.1-1 +CVE-2017-5466 (If a page is loaded from an original site through a hyperlink and cont ...) + - firefox 52.0.1-1 +CVE-2017-5465 (An out-of-bounds read while processing SVG content in "ConvolvePixel". ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5464 (During DOM manipulations of the accessibility tree through script, the ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5463 (Android intents can be used to launch Firefox for Android in reader mo ...) + - firefox (Only affects Firefox on Android) +CVE-2017-5462 (A flaw in DRBG number generation within the Network Security Services ...) + {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 + [experimental] - nss 2:3.30-1 + - nss 2:3.26.2-1.1 (bug #862958) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462 + NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5 +CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...) + {DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 + [experimental] - nss 2:3.30.1-1 + - nss 2:3.26.2-1.1 (bug #862958) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380 + NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa +CVE-2017-5460 (A use-after-free vulnerability in frame selection triggered by a combi ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5459 (A buffer overflow in WebGL triggerable by web content, resulting in a ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5458 (When a "javascript:" URL is drag and dropped by a user into the addres ...) + - firefox 52.0.1-1 +CVE-2017-5457 + RESERVED +CVE-2017-5456 (A mechanism to bypass file system access protections in the sandbox us ...) + - firefox 52.0.1-1 +CVE-2017-5455 (The internal feed reader APIs that crossed the sandbox barrier allowed ...) + - firefox 52.0.1-1 +CVE-2017-5454 (A mechanism to bypass file system access protections in the sandbox to ...) + - firefox 52.0.1-1 +CVE-2017-5453 (A mechanism to inject static HTML into the RSS reader preview page due ...) + - firefox 52.0.1-1 +CVE-2017-5452 (Malicious sites can display a spoofed addressbar on a page when the ex ...) + - firefox (Only affects Firefox on Android) +CVE-2017-5451 (A mechanism to spoof the addressbar through the user interaction on th ...) + - firefox 52.0.1-1 +CVE-2017-5450 (A mechanism to spoof the Firefox for Android addressbar using a "javas ...) + - firefox 52.0.1-1 +CVE-2017-5449 (A possibly exploitable crash triggered during layout and manipulation ...) + - firefox 52.0.1-1 +CVE-2017-5448 (An out-of-bounds write in "ClearKeyDecryptor" while decrypting some Cl ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5447 (An out-of-bounds read during the processing of glyph widths during tex ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5446 (An out-of-bounds read when an HTTP/2 connection to a servers sends "DA ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5445 (A vulnerability while parsing "application/http-index-format" format c ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5444 (A buffer overflow vulnerability while parsing "application/http-index- ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5443 (An out-of-bounds write vulnerability while decoding improperly formed ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5442 (A use-after-free vulnerability during changes in style when manipulati ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5441 (A use-after-free vulnerability when holding a selection during scroll ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5440 (A use-after-free vulnerability during XSLT processing due to a failure ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5439 (A use-after-free vulnerability during XSLT processing due to poor hand ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5438 (A use-after-free vulnerability during XSLT processing due to the resul ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5437 + REJECTED +CVE-2017-5436 (An out-of-bounds write in the Graphite 2 library triggered with a mali ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5435 (A use-after-free vulnerability occurs during transaction processing in ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5434 (A use-after-free vulnerability occurs when redirecting focus handling ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5433 (A use-after-free vulnerability in SMIL animation functions occurs when ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5432 (A use-after-free vulnerability occurs during certain text input select ...) + {DSA-3831-1 DLA-906-1} + - firefox 52.0.1-1 + - firefox-esr 45.9.0esr-1 +CVE-2017-5431 + RESERVED +CVE-2017-5430 (Memory safety bugs were reported in Firefox 52, Firefox ESR 52, and Th ...) + - firefox 52.0.1-1 + - firefox-esr (Only affects ESR52 and Firefox) +CVE-2017-5429 (Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Fire ...) + {DSA-3831-1 DLA-906-1} + - firefox-esr 45.9.0esr-1 + - firefox 52.0.1-1 +CVE-2017-5428 (An integer overflow in "createImageBitmap()" was reported through the ...) + - firefox-esr (Only affects 52 ESR, which isn't packaged yet except experimental where it's fixed) + - firefox 52.0.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428 +CVE-2017-5427 (A non-existent chrome.manifest file will attempt to be loaded during s ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427 +CVE-2017-5426 (On Linux, if the secure computing mode BPF (seccomp-bpf) filter is run ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426 +CVE-2017-5425 (The Gecko Media Plugin sandbox allows access to local files that match ...) + - firefox (Only Firefox on OS X) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425 +CVE-2017-5424 + RESERVED +CVE-2017-5423 + RESERVED +CVE-2017-5422 (If a malicious site uses the "view-source:" protocol in a series withi ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422 +CVE-2017-5421 (A malicious site could spoof the contents of the print preview window ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421 +CVE-2017-5420 (A "javascript:" url loaded by a malicious page can obfuscate its locat ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420 +CVE-2017-5419 (If a malicious site repeatedly triggers a modal authentication prompt, ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419 +CVE-2017-5418 (An out of bounds read error occurs when parsing some HTTP digest autho ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418 +CVE-2017-5417 (When dragging content from the primary browser pane to the addressbar ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417 +CVE-2017-5416 (In certain circumstances a networking event listener can be prematurel ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416 +CVE-2017-5415 (An attack can use a blob URL and script to spoof an arbitrary addressb ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415 +CVE-2017-5414 (The file picker dialog can choose and display the wrong local default ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414 +CVE-2017-5413 (A segmentation fault can occur during some bidirectional layout operat ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413 +CVE-2017-5412 (A buffer overflow read during SVG filter color value operations, resul ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412 +CVE-2017-5411 (A use-after-free can occur during buffer storage operations within the ...) + - firefox (Only Firefox on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411 +CVE-2017-5410 (Memory corruption resulting in a potentially exploitable crash during ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410 +CVE-2017-5409 (The Mozilla Windows updater can be called by a non-privileged user to ...) + - firefox (Only Firefox on Windows) + - firefox-esr (Only Firefox on Windows) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409 +CVE-2017-5408 (Video files loaded video captions cross-origin without checking for th ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408 +CVE-2017-5407 (Using SVG filters that don't use the fixed point math implementation o ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407 +CVE-2017-5406 (A segmentation fault can occur in the Skia graphics library during som ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406 +CVE-2017-5405 (Certain response codes in FTP connections can result in the use of uni ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405 +CVE-2017-5404 (A use-after-free error can occur when manipulating ranges in selection ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404 +CVE-2017-5403 (When adding a range to an object in the DOM, it is possible to use "ad ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403 +CVE-2017-5402 (A use-after-free can occur when events are fired for a "FontFace" obje ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402 +CVE-2017-5401 (A crash triggerable by web content in which an "ErrorResult" reference ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401 +CVE-2017-5400 (JIT-spray targeting asm.js combined with a heap spray allows for a byp ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400 +CVE-2017-5399 (Memory safety bugs were reported in Firefox 51. Some of these bugs sho ...) + - firefox 52.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399 +CVE-2017-5398 (Memory safety bugs were reported in Thunderbird 45.7. Some of these bu ...) + {DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1} + - firefox 52.0-1 + - firefox-esr 45.8.0esr-1 + - icedove 1:45.8.0-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398 +CVE-2017-5397 (The cache directory on the local file system is set to be world writab ...) + - firefox (Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397 +CVE-2017-5396 (A use-after-free vulnerability in the Media Decoder when working with ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396 +CVE-2017-5395 (Malicious sites can display a spoofed location bar on a subsequently l ...) + - firefox (Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395 +CVE-2017-5394 (A location bar spoofing attack where the location bar of loaded page w ...) + - firefox (Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394 +CVE-2017-5393 (The "mozAddonManager" allows for the installation of extensions from t ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393 +CVE-2017-5392 (Weak proxy objects have weak references on multiple threads when they ...) + - firefox (Firefox on Android) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392 +CVE-2017-5391 (Special "about:" pages used by web content, such as RSS feeds, can loa ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391 +CVE-2017-5390 (The JSON viewer in the Developer Tools uses insecure methods to create ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390 +CVE-2017-5389 (WebExtensions could use the "mozAddonManager" API by modifying the CSP ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389 +CVE-2017-5388 (A STUN server in conjunction with a large number of "webkitRTCPeerConn ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388 +CVE-2017-5387 (The existence of a specifically requested local file can be found due ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387 +CVE-2017-5386 (WebExtension scripts can use the "data:" protocol to affect pages load ...) + {DSA-3771-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386 +CVE-2017-5385 (Data sent with in multipart channels, such as the multipart/x-mixed-re ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385 +CVE-2017-5384 (Proxy Auto-Config (PAC) files can specify a JavaScript function called ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384 +CVE-2017-5383 (URLs containing certain unicode glyphs for alternative hyphens and quo ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383 +CVE-2017-5382 (Feed preview for RSS feeds can be used to capture errors and exception ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382 +CVE-2017-5381 (The "export" function in the Certificate Viewer can force local filesy ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381 +CVE-2017-5380 (A potential use-after-free found through fuzzing during DOM manipulati ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380 +CVE-2017-5379 (Use-after-free vulnerability in Web Animations when interacting with c ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379 +CVE-2017-5378 (Hashed codes of JavaScript objects are shared between pages. This allo ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378 +CVE-2017-5377 (A memory corruption vulnerability in Skia that can occur when using tr ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377 +CVE-2017-5376 (Use-after-free while manipulating XSL in XSLT documents. This vulnerab ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376 +CVE-2017-5375 (JIT code allocation can allow for a bypass of ASLR and DEP protections ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375 +CVE-2017-5374 (Memory safety bugs were reported in Firefox 50.1. Some of these bugs s ...) + - firefox 51.0-1 + - firefox-esr (Does not affect Firefox ESR) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374 +CVE-2017-5373 (Memory safety bugs were reported in Firefox 50.1 and Firefox ESR 45.6. ...) + {DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1} + - firefox 51.0-1 + - firefox-esr 45.7.0esr-1 + - icedove 1:45.7.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5373 +CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE compon ...) + NOT-FOR-US: SAP +CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote ...) + NOT-FOR-US: SAP +CVE-2017-5370 + RESERVED +CVE-2017-5369 + RESERVED +CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application ...) + - zoneminder 1.30.4+dfsg-1 (bug #854733) + [wheezy] - zoneminder (Too intrusive to backport) + NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1822 +CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link inpu ...) + - zoneminder 1.30.4+dfsg-1 (bug #854733) + [wheezy] - zoneminder (Minor issue) +CVE-2017-5366 + RESERVED +CVE-2017-5365 + RESERVED +CVE-2017-5364 (Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an at ...) + NOT-FOR-US: Foxit PDF Toolkit +CVE-2017-5363 + RESERVED +CVE-2017-5362 + RESERVED +CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...) + {DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1} + - request-tracker4 4.4.1-4 + - rt-authen-externalauth + NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9 +CVE-2017-5360 + RESERVED +CVE-2017-5359 (EasyCom SQL iPlug allows remote attackers to cause a denial of service ...) + NOT-FOR-US: EasyCom +CVE-2017-5358 (Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for PH ...) + NOT-FOR-US: EasyCom +CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...) + - linux 4.8.15-1 + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9) +CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...) + - tikiwiki +CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...) + NOTE: Generic IPv6 issue +CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) + NOT-FOR-US: BLU +CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with ...) + NOT-FOR-US: BLU +CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) + NOT-FOR-US: BLU +CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai Adups softw ...) + NOT-FOR-US: BLU +CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset with L(5.0 ...) + NOT-FOR-US: LG +CVE-2017-5505 (The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows rem ...) + - jasper (unimportant) + NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c + NOTE: https://github.com/mdadams/jasper/issues/88 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2017-5504 (The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer 1.900.2 ...) + - jasper (unimportant) + NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c + NOTE: https://github.com/mdadams/jasper/issues/89 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2017-5503 (The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900. ...) + - jasper (Vulnerable code introduced later) + NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c + NOTE: https://github.com/mdadams/jasper/issues/90 +CVE-2017-5502 (libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...) + - jasper (unimportant) + NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c + NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ + NOTE: https://github.com/mdadams/jasper/issues/76 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2017-5501 (Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...) + - jasper (unimportant) + NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c + NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ + NOTE: https://github.com/mdadams/jasper/issues/70 + NOTE: Only crashes with debug builds using ubsan +CVE-2017-5500 (libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...) + - jasper (unimportant) + NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service + NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c + NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ + NOTE: https://github.com/mdadams/jasper/issues/64 +CVE-2017-5499 (Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...) + - jasper (unimportant) + NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c + NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ + NOTE: https://github.com/mdadams/jasper/issues/63 + NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service +CVE-2017-5498 (libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote a ...) + - jasper (unimportant) + NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service + NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h + NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ + NOTE: https://github.com/mdadams/jasper/issues/62 +CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allows re ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851383) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/354 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb +CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x befo ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851382) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 +CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ImageMa ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851381) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4 +CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ImageM ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.0+dfsg-2 (bug #851380) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 +CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists ...) + {DLA-806-1} + - zoneminder 1.30.4+dfsg-1 (bug #851710) + NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697 + NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63 + NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4 +CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851377) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/350 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 +CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851376) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/348 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9 +CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have unspecifie ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851374) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/347 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790 +CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851485) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 +CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote attacker ...) + {DSA-3799-1 DLA-807-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #851483) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/16/6 +CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in t ...) + - wordpress 4.7.1+dfsg-1 (bug #851310) + [jessie] - wordpress (vulnerable code not present) + [wheezy] - wordpress (vulnerable code not present) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8715 + NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60 +CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8716 + NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php +CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before 4. ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8717 +CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback fu ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8718 + NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359 +CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8719 + NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a +CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8720 + NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 +CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in WordPre ...) + {DSA-3779-1 DLA-813-1} + - wordpress 4.7.1+dfsg-1 (bug #851310) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/14/1 + NOTE: https://wpvulndb.com/vulnerabilities/8721 + NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 +CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of servi ...) + {DLA-1217-1} + - irssi 0.8.21-1 (low) + [jessie] - irssi 0.8.17-1+deb8u3 + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html + NOTE: https://irssi.org/security/irssi_sa_2017_01.txt +CVE-2017-5355 + RESERVED +CVE-2017-5354 + RESERVED +CVE-2017-5353 + RESERVED +CVE-2017-5352 + RESERVED +CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software all ...) + NOT-FOR-US: Samsung +CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allo ...) + NOT-FOR-US: Samsung +CVE-2017-5349 + RESERVED +CVE-2017-5348 + RESERVED +CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php in GeniX ...) + NOT-FOR-US: GeniXMS +CVE-2017-5346 (SQL injection vulnerability in inc/lib/Control/Backend/posts.control.p ...) + NOT-FOR-US: GeniXMS +CVE-2017-5345 (SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control. ...) + NOT-FOR-US: GeniXMS +CVE-2017-5344 (An issue was discovered in dotCMS through 3.6.1. The findChildrenByFil ...) + NOT-FOR-US: dotCMS +CVE-2017-5343 + RESERVED +CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, G ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print- ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697448 +CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697401 +CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a de ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569 + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697381 +CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote a ...) + - codeigniter (bug #471583) +CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...) + - ed (Vulnerable code not present, cf #851159) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/5 + NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream + NOTE: changed a malloc'ed buffer for a static one. + NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html +CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local u ...) + NOT-FOR-US: Palo Alto Networks Terminal Services Agent +CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows attacke ...) + NOT-FOR-US: Palo Alto Networks Terminal Services Agent +CVE-2017-5327 + RESERVED +CVE-2017-5326 + RESERVED +CVE-2017-5325 + RESERVED +CVE-2017-5324 + RESERVED +CVE-2017-5323 + RESERVED +CVE-2017-5322 + RESERVED +CVE-2017-5321 + RESERVED +CVE-2017-5320 + RESERVED +CVE-2017-5319 + RESERVED +CVE-2017-5318 + RESERVED +CVE-2017-5317 + RESERVED +CVE-2017-5316 + RESERVED +CVE-2017-5315 + RESERVED +CVE-2017-5314 + RESERVED +CVE-2017-5313 + RESERVED +CVE-2017-5312 + RESERVED +CVE-2017-5311 + RESERVED +CVE-2017-5310 + RESERVED +CVE-2017-5309 + RESERVED +CVE-2017-5308 + RESERVED +CVE-2017-5307 + RESERVED +CVE-2017-5306 + RESERVED +CVE-2017-5305 + RESERVED +CVE-2017-5304 + RESERVED +CVE-2017-5303 + RESERVED +CVE-2017-5302 + RESERVED +CVE-2017-5301 + RESERVED +CVE-2017-5300 + RESERVED +CVE-2017-5299 + RESERVED +CVE-2017-5298 + RESERVED +CVE-2017-5297 + RESERVED +CVE-2017-5296 + RESERVED +CVE-2017-5295 + RESERVED +CVE-2017-5294 + RESERVED +CVE-2017-5293 + RESERVED +CVE-2017-5292 + RESERVED +CVE-2017-5291 + RESERVED +CVE-2017-5290 + RESERVED +CVE-2017-5289 + RESERVED +CVE-2017-5288 + RESERVED +CVE-2017-5287 + RESERVED +CVE-2017-5286 + RESERVED +CVE-2017-5285 + RESERVED +CVE-2017-5284 + RESERVED +CVE-2017-5283 + RESERVED +CVE-2017-5282 + RESERVED +CVE-2017-5281 + RESERVED +CVE-2017-5280 + RESERVED +CVE-2017-5279 + RESERVED +CVE-2017-5278 + RESERVED +CVE-2017-5277 + RESERVED +CVE-2017-5276 + RESERVED +CVE-2017-5275 + RESERVED +CVE-2017-5274 + RESERVED +CVE-2017-5273 + RESERVED +CVE-2017-5272 + RESERVED +CVE-2017-5271 + RESERVED +CVE-2017-5270 + RESERVED +CVE-2017-5269 + RESERVED +CVE-2017-5268 + RESERVED +CVE-2017-5267 + RESERVED +CVE-2017-5266 + RESERVED +CVE-2017-5265 + RESERVED +CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate the so ...) + NOT-FOR-US: Nexpose +CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack ...) + NOT-FOR-US: Cambium Networks cnPilot firmware +CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...) + NOT-FOR-US: Cambium Networks cnPilot firmware +CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, t ...) + NOT-FOR-US: Cambium Networks cnPilot firmware +CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...) + NOT-FOR-US: Cambium Networks cnPilot firmware +CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, a ...) + NOT-FOR-US: Cambium Networks cnPilot firmware +CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...) + NOT-FOR-US: Cambium Networks ePMP firmware +CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an attacke ...) + NOT-FOR-US: Cambium Networks ePMP firmware +CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all authen ...) + NOT-FOR-US: Cambium Networks ePMP firmware +CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of ...) + NOT-FOR-US: Cambium Networks ePMP firmware +CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the non-ad ...) + NOT-FOR-US: Cambium Networks ePMP firmware +CVE-2017-5253 + RESERVED +CVE-2017-5252 + RESERVED +CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio transmis ...) + NOT-FOR-US: Insteon +CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, t ...) + NOT-FOR-US: Insteon +CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...) + NOT-FOR-US: Wink +CVE-2017-5248 + RESERVED +CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in t ...) + NOT-FOR-US: Biscom Secure File Transfer +CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression inje ...) + NOT-FOR-US: Biscom Secure File Transfer +CVE-2017-5245 + REJECTED +CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones o ...) + NOT-FOR-US: Metasploit +CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances sh ...) + NOT-FOR-US: Rapid7 Nexpose hardware appliances +CVE-2017-5242 (Nexpose and InsightVM virtual appliances downloaded between April 5th, ...) + NOT-FOR-US: Nexpose and InsightVM virtual appliances +CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...) + NOT-FOR-US: Biscom Secure File Transfer +CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...) + NOT-FOR-US: Rapid7 AppSpider Pro +CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive infor ...) + NOT-FOR-US: Eview GPS trackers +CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields f ...) + NOT-FOR-US: Eview GPS trackers +CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...) + NOT-FOR-US: Eview GPS trackers +CVE-2017-5236 (Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 ...) + NOT-FOR-US: Rapid7 AppSpider Pro +CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 co ...) + NOT-FOR-US: Rapid7 +CVE-2017-5234 (Rapid7 Insight Collector installers prior to version 1.0.16 contain a ...) + NOT-FOR-US: Rapid7 +CVE-2017-5233 (Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a DL ...) + NOT-FOR-US: Rapid7 +CVE-2017-5232 (All editions of Rapid7 Nexpose installers prior to version 6.4.24 cont ...) + NOT-FOR-US: Rapid7 +CVE-2017-5231 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) + NOT-FOR-US: Rapid7 +CVE-2017-5230 (The Java keystore in all versions and editions of Rapid7 Nexpose prior ...) + NOT-FOR-US: Rapid7 +CVE-2017-5229 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) + NOT-FOR-US: Rapid7 +CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 c ...) + NOT-FOR-US: Rapid7 +CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sens ...) + NOT-FOR-US: QNAP +CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the t ...) + {DSA-3844-1 DLA-795-1} + - tiff 4.0.7-5 (bug #851297) + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656 + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2657 +CVE-2017-5224 + RESERVED +CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTM ...) + {DLA-1591-1 DLA-817-1} + - libphp-phpmailer 5.2.14+dfsg-2.3 (bug #853232) + NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 (v5.2.22) + NOTE: http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/ +CVE-2017-5222 + RESERVED +CVE-2017-5221 + RESERVED +CVE-2017-5220 + RESERVED +CVE-2017-5219 (An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component M ...) + NOT-FOR-US: SageCRM +CVE-2017-5218 (A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. Th ...) + NOT-FOR-US: SageCRM +CVE-2017-5217 (Installing a zero-permission Android application on certain Samsung An ...) + NOT-FOR-US: Samsung +CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control vers ...) + NOT-FOR-US: Netop Remote Control +CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) + NOT-FOR-US: Joomla extension +CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 f ...) + NOT-FOR-US: Joomla extension +CVE-2017-5213 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Cross ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5212 (Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5211 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Conte ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5210 (Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Infor ...) + NOT-FOR-US: Open-Xchange GmbH OX App Suite +CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist thr ...) + {DLA-2168-1 DLA-811-1} + - libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196) + NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84 + NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957 +CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in pri ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in prin ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in p ...) + {DSA-3775-1 DLA-809-1} + - tcpdump 4.9.0-1 +CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow rem ...) + NOT-FOR-US: NetApp +CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...) + - salt 2016.11.2+ds-1 + [jessie] - salt (Vulnerable code not present) + NOTE: https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e +CVE-2017-5339 + REJECTED +CVE-2017-5338 + REJECTED +CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before 0.24. ...) + - libgit2 0.25.1+really0.24.6-1 (bug #851406) + [jessie] - libgit2 (Vulnerable code not present) + [experimental] - cargo 0.17.0-1~exp1 + - cargo 0.17.0-1 (bug #860990) + NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1) + NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6) +CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x bef ...) + - libgit2 0.25.1+really0.24.6-1 (bug #851406) + [jessie] - libgit2 (Minor issue) + [experimental] - cargo 0.17.0-1~exp1 + - cargo 0.17.0-1 (bug #860990) + NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1) + NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6) +CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in transports/smart ...) + - libgit2 0.25.1+really0.24.6-1 (bug #851406) + [jessie] - libgit2 (Minor issue) + [experimental] - cargo 0.17.0-1~exp1 + - cargo 0.17.0-1 (bug #860990) + NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1) + NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6) +CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0. ...) + NOT-FOR-US: Splunk +CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...) + NOT-FOR-US: D-Link +CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) a ...) + - python-pysaml2 (unimportant; bug #859135) + NOTE: https://github.com/rohe/pysaml2/issues/366 + NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/19/5 (for the scope of the CVE) +CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier a ...) + {DSA-3759-1} + - python-pysaml2 3.0.0-5 (bug #850716) + NOTE: https://github.com/rohe/pysaml2/pull/379 + NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b +CVE-2017-XXXX [multiple new security issues] + - w3m 0.5.3-34 (bug #850432) + [jessie] - w3m 0.5.3-19+deb8u2 + [wheezy] - w3m (Minor issues) +CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0 ...) + {DSA-3802-1} + - zabbix 1:3.0.4+dfsg-1 (bug #850936) + NOTE: https://support.zabbix.com/browse/ZBX-11023 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/12/4 +CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...) + - gnutls28 3.5.8-1 + [jessie] - gnutls28 3.3.8-6+deb8u5 + - gnutls26 + [wheezy] - gnutls26 (Minor issue) + NOTE: OpenPGP-related issue + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 + NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a +CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/op ...) + - gnutls28 3.5.8-1 + [jessie] - gnutls28 3.3.8-6+deb8u5 + - gnutls26 + [wheezy] - gnutls26 (Minor issue) + NOTE: OpenPGP-related issue + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 + NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732 +CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS be ...) + - gnutls28 3.5.8-1 + [jessie] - gnutls28 3.3.8-6+deb8u5 + - gnutls26 + [wheezy] - gnutls26 (Minor issue) + NOTE: OpenPGP-related issue + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2 + NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a +CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...) + - gnutls28 3.5.8-1 + [jessie] - gnutls28 3.3.8-6+deb8u5 + NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1 + NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b +CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitrary c ...) + - ark 4:16.08.3-2 (bug #850874) + [jessie] - ark (Vulnerable code introduced later) + [wheezy] - ark (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/KDE/ark/commit/82fdfd24d46966a117fa625b68784735a40f9065 + NOTE: "Open File" action introduced in https://github.com/KDE/ark/commit/f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80) +CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv sessi ...) + - bubblewrap 0.1.5-2 (bug #850702) + NOTE: https://github.com/projectatomic/bubblewrap/issues/142 +CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows loc ...) + - firejail 0.9.44.4-1 (bug #850528) + NOTE: https://github.com/netblue30/firejail/issues/1023 + NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc + NOTE: https://www.openwall.com/lists/oss-security/2017/01/07/3 +CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, a ...) + - firejail 0.9.44.4-1 (bug #850558) + NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e +CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allo ...) + NOT-FOR-US: SolarWinds LEM +CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configura ...) + NOT-FOR-US: SolarWinds LEM +CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...) + NOT-FOR-US: SilverStripe +CVE-2017-5192 (When using the local_batch client from salt-api in SaltStack Salt befo ...) + - salt 2016.11.2+ds-1 + [jessie] - salt (Vulnerable code not present) +CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when c ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a Java appl ...) + NOT-FOR-US: NetIQ iManager +CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed rela ...) + - open-build-service 2.7.4-3 (low; bug #900133) + [stretch] - open-build-service (Minor issue) + NOTE: Fixed by: https://github.com/openSUSE/open-build-service/commit/00ec3c6f4132422f00d5c15e854755c331ef1661 (2.7.x) + NOTE: https://github.com/openSUSE/open-build-service/commit/8595d06570ded81d8514c8c5a147b250541bf388 (2.9.x) + NOTE: A followup https://bugzilla.suse.com/show_bug.cgi?id=1029824 shows + NOTE: it might be wise to disallow as well other types (devices, sockets, + NOTE: directories, symlinks, ...) and needs: + NOTE: https://github.com/openSUSE/open-build-service/commit/ba27c91351878bc297ec4baba0bd488a2f3b568d +CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Serv ...) + NOT-FOR-US: Micro Focus +CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before 3.0. ...) + NOT-FOR-US: Novell iManager +CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...) + NOT-FOR-US: NetIQ Sentinel +CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0 ...) + NOT-FOR-US: NetIQ Sentinel +CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...) + NOT-FOR-US: NetIQ Access Manager +CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...) + NOT-FOR-US: Open Enterprise Server +CVE-2017-5181 + REJECTED +CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial o ...) + - irssi 0.8.21-1 (bug #850403) + [jessie] - irssi (Affects only 0.8.18 and later) + [wheezy] - irssi (Affects only 0.8.18 and later) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + NOTE: https://irssi.org/security/irssi_sa_2017_01.txt +CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial o ...) + - irssi 0.8.21-1 (bug #850403) + [jessie] - irssi 0.8.17-1+deb8u3 + [wheezy] - irssi (Affects only 0.8.17 and later) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + NOTE: https://irssi.org/security/irssi_sa_2017_01.txt +CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote atta ...) + {DLA-1217-1} + - irssi 0.8.21-1 (bug #850403) + [jessie] - irssi 0.8.17-1+deb8u3 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + NOTE: https://irssi.org/security/irssi_sa_2017_01.txt +CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...) + {DLA-1217-1} + - irssi 0.8.21-1 (bug #850403) + [jessie] - irssi 0.8.17-1+deb8u3 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/2 + NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d + NOTE: https://irssi.org/security/irssi_sa_2017_01.txt +CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...) + NOT-FOR-US: Nessus +CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop V ...) + NOT-FOR-US: Schneider +CVE-2017-5177 (A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 ...) + NOT-FOR-US: VIPA Controls WinPLC7 +CVE-2017-5176 (A DLL Hijack issue was discovered in Rockwell Automation Connected Com ...) + NOT-FOR-US: Rockwell Automation Connected Components Workbench +CVE-2017-5175 (Advantech WebAccess 8.1 and earlier contains a DLL hijacking vulnerabi ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-5174 (An Authentication Bypass issue was discovered in Geutebruck IP Camera ...) + NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250 +CVE-2017-5173 (An Improper Neutralization of Special Elements (in an OS command) issu ...) + NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250 +CVE-2017-5172 + RESERVED +CVE-2017-5171 + RESERVED +CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa SoftN ...) + NOT-FOR-US: Moxa +CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...) + NOT-FOR-US: Hanwha Techwin +CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager Versi ...) + NOT-FOR-US: Hanwha Techwin +CVE-2017-5167 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) + NOT-FOR-US: BINOM3 +CVE-2017-5166 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) + NOT-FOR-US: BINOM3 +CVE-2017-5165 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) + NOT-FOR-US: BINOM3 +CVE-2017-5164 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) + NOT-FOR-US: BINOM3 +CVE-2017-5163 (An issue was discovered in Belden Hirschmann GECKO Lite Managed switch ...) + NOT-FOR-US: Belden Hirschmann +CVE-2017-5162 (An issue was discovered in BINOM3 Universal Multifunctional Electric P ...) + NOT-FOR-US: BINOM3 +CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, ...) + NOT-FOR-US: Sielco Sistemi +CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider El ...) + NOT-FOR-US: Schneider Electric +CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have be ...) + NOT-FOR-US: Phoenix Contact mGuard +CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric Won ...) + NOT-FOR-US: Schneider Electric +CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, LSS ...) + NOT-FOR-US: Schneider +CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electri ...) + NOT-FOR-US: Schneider Electric +CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 201 ...) + NOT-FOR-US: Schneider +CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-5153 (An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier ve ...) + NOT-FOR-US: OSIsoft PI Coresight +CVE-2017-5152 (An issue was discovered in Advantech WebAccess Version 8.1. By accessi ...) + NOT-FOR-US: Advantech WebAccess +CVE-2017-5151 (An issue was discovered in VideoInsight Web Client Version 6.3.5.11 an ...) + NOT-FOR-US: VideoInsight Web Client +CVE-2017-5150 + RESERVED +CVE-2017-5149 (An issue was discovered in St. Jude Medical Merlin@home, versions prio ...) + NOT-FOR-US: St. Jude Medical Merlin@home +CVE-2017-5148 + RESERVED +CVE-2017-5147 (An Uncontrolled Search Path Element issue was discovered in AzeoTech D ...) + NOT-FOR-US: AzeoTech DAQFactory +CVE-2017-5146 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) + NOT-FOR-US: Carlo Gavazzi +CVE-2017-5145 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) + NOT-FOR-US: Carlo Gavazzi +CVE-2017-5144 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Ve ...) + NOT-FOR-US: Carlo Gavazzi +CVE-2017-5143 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) + NOT-FOR-US: Honeywell +CVE-2017-5142 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) + NOT-FOR-US: Honeywell +CVE-2017-5141 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) + NOT-FOR-US: Honeywell +CVE-2017-5140 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) + NOT-FOR-US: Honeywell +CVE-2017-5139 (An issue was discovered in Honeywell XL Web II controller XL1000C500 X ...) + NOT-FOR-US: Honeywell +CVE-2017-5138 + RESERVED +CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) + NOT-FOR-US: SendQuick Entera and Avera devices +CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) + NOT-FOR-US: SendQuick Entera and Avera devices +CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. W ...) + - lxc 1:2.0.0-1 + [jessie] - lxc (Minor issue) + [wheezy] - lxc (Minor issue) + NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6 + NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2) +CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might al ...) + - firejail 0.9.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1) +CVE-2016-10122 (Firejail does not properly clean environment variables, which allows l ...) + - firejail 0.9.44.2-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f + NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc + NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2) + NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2) +CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly othe ...) + - firejail 0.9.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38) +CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ( ...) + - firejail 0.9.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1) +CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local ...) + - firejail 0.9.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38) +CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot ...) + - firejail 0.9.44.2-1 (low) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e + NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2) +CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...) + - firejail 0.9.38-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/05/4 + NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1) +CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo ...) + NOT-FOR-US: NETGEAR +CVE-2016-10115 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo ...) + NOT-FOR-US: NETGEAR +CVE-2016-10114 (SQL injection vulnerability in the "aWeb Cart Watching System for Virt ...) + NOT-FOR-US: Joomla extension +CVE-2016-10113 + RESERVED +CVE-2016-10112 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin bef ...) + NOT-FOR-US: WordPress plugin woocommerce +CVE-2016-10111 + RESERVED +CVE-2016-10110 + RESERVED +CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...) + - firejail 0.9.44.2-3 (bug #850160) + NOTE: https://www.openwall.com/lists/oss-security/2017/01/04/1 + NOTE: https://github.com/netblue30/firejail/issues/1020 +CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, possib ...) + NOT-FOR-US: Technicolor +CVE-2017-5134 + RESERVED +CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to 6 ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to 62.0.3202 ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 all ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...) + {DLA-2972-1 DLA-1188-1} + - libxml2 2.9.4+dfsg1-5.1 (bug #880000) + [jessie] - libxml2 (Minor issue) + - chromium-browser 62.0.3202.75-1 (unimportant) + NOTE: chromium-browser uses system libxml2. + NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public) + NOTE: xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked + NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc. + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/897dffbae322b46b83f99a607d527058a72c51ed + NOTE: Needs follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ed48d65b4d6c5cec7be035ad5eebeba873b4b955 +CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to 62.0.3 ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 a ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowe ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 allo ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 al ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...) + {DSA-4020-1} + - chromium-browser 62.0.3202.75-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5123 (Insufficient data validation in waitid allowed an user to escape sandb ...) + - linux 4.13.4-2 + [stretch] - linux (Vulnerable code not present) + [jessie] - linux (Vulnerable code not present) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/96ca579a1ecc943b75beba58bebb0356f6cc4b51 +CVE-2017-5122 (Inappropriate use of table size handling in V8 in Google Chrome prior ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5121 (Inappropriate use of JIT optimisation in V8 in Google Chrome prior to ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5120 (Inappropriate use of www mismatch redirects in browser navigation in G ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5119 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5118 (Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Lin ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5117 (Use of an uninitialized value in Skia in Google Chrome prior to 61.0.3 ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5116 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, W ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5115 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Window ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5114 (Inappropriate use of partition alloc in PDFium in Google Chrome prior ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5113 (Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5112 (Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 f ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5111 (A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for ...) + {DSA-3985-1} + - chromium-browser 61.0.3163.100-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5110 (Inappropriate implementation of the web payments API on blob: and data ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5109 (Inappropriate implementation of unload handler handling in permission ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5108 (Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Ma ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5107 (A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.7 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5106 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5105 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 6 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5104 (Inappropriate implementation in interstitials in Google Chrome prior t ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5103 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5102 (Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5101 (Inappropriate implementation in Omnibox in Google Chrome prior to 60.0 ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5100 (A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Wi ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5099 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5098 (A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5097 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5096 (Insufficient policy enforcement during navigation between different sc ...) + - chromium-browser (Android-specific) +CVE-2017-5095 (Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Li ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5094 (Type confusion in extensions JavaScript bindings in Google Chrome prio ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5093 (Inappropriate implementation in modal dialog handling in Blink in Goog ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5092 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5091 (A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 f ...) + {DSA-3926-1} + - chromium-browser 60.0.3112.78-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5090 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) + - chromium-browser (Chrome on Mac) +CVE-2017-5089 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) + {DSA-3926-1} + - chromium-browser 59.0.3071.104-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5088 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) + {DSA-3926-1} + - chromium-browser 59.0.3071.104-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5087 (A use after free in Blink in Google Chrome prior to 59.0.3071.104 for ...) + {DSA-3926-1} + - chromium-browser 59.0.3071.104-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5086 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5085 (Inappropriate implementation in Bookmarks in Google Chrome prior to 59 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5084 (Inappropriate implementation in image-burner in Google Chrome OS prior ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5083 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5082 (Failure to take advantage of available mitigations in credit card auto ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5081 (Lack of verification of an extension's locale folder in Google Chrome ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5080 (A use after free in credit card autofill in Google Chrome prior to 59. ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5079 (Inappropriate implementation in Blink in Google Chrome prior to 59.0.3 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5078 (Insufficient validation of untrusted input in Blink's mailto: handling ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5077 (Insufficient validation of untrusted input in Skia in Google Chrome pr ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5076 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5075 (Inappropriate implementation in CSP reporting in Blink in Google Chrom ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5074 (A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5073 (Use after free in print preview in Blink in Google Chrome prior to 59. ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5072 (Inappropriate implementation in Omnibox in Google Chrome prior to 59.0 ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5071 (Insufficient validation of untrusted input in V8 in Google Chrome prio ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5070 (Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, ...) + - chromium-browser 59.0.3071.86-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5069 (Incorrect MIME type of XSS-Protection reports in Blink in Google Chrom ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5068 (Incorrect handling of picture ID in WebRTC in Google Chrome prior to 5 ...) + - chromium-browser 58.0.3029.96-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5067 (An insufficient watchdog timer in navigation in Google Chrome prior to ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5066 (Insufficient consistency checks in signature handling in the networkin ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5065 (Lack of an appropriate action on page navigation in Blink in Google Ch ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5064 (Incorrect handling of DOM changes in Blink in Google Chrome prior to 5 ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5063 (A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5062 (A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5061 (A race condition in navigation in Google Chrome prior to 58.0.3029.81 ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5060 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 5 ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5059 (Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Lin ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5058 (A use after free in PrintPreview in Google Chrome prior to 58.0.3029.8 ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5057 (Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Ma ...) + - chromium-browser 58.0.3029.81-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5056 (A use after free in Blink in Google Chrome prior to 57.0.2987.133 for ...) + - chromium-browser 57.0.2987.133-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5055 (A use after free in printing in Google Chrome prior to 57.0.2987.133 f ...) + - chromium-browser 57.0.2987.133-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5054 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...) + - chromium-browser 57.0.2987.133-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5053 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 fo ...) + - chromium-browser 57.0.2987.133-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5052 (An incorrect assumption about block structure in Blink in Google Chrom ...) + - chromium-browser 57.0.2987.133-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + - chromium-browser 57.0.2987.98-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: https://codereview.chromium.org/2654913002 +CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + - chromium-browser 57.0.2987.98-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: https://codereview.chromium.org/2654913002 +CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + - chromium-browser 57.0.2987.98-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: https://codereview.chromium.org/2654913002 +CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + - chromium-browser 57.0.2987.98-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: https://codereview.chromium.org/2654913002 +CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + - chromium-browser 57.0.2987.98-1 + [jessie] - chromium-browser (End of life, see DSA 4020) + [wheezy] - chromium-browser (Not supported in Wheezy) + NOTE: https://codereview.chromium.org/2654913002 +CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, a ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google Chrome pri ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linu ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 f ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race con ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Lin ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be mad ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for W ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome prior to ...) + {DSA-3810-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29, as us ...) + {DSA-3810-1 DLA-866-1} + - chromium-browser 57.0.2987.98-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - libxslt 1.1.29-2.1 (bug #858546) + [jessie] - libxslt 1.1.28-2+deb8u3 + NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5 +CVE-2017-5028 (Insufficient data validation in V8 in Google Chrome prior to 56.0.2924 ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 +CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5026 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5025 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) + {DSA-3776-1} + - chromium-browser 44.0.2403.157-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - ffmpeg 7:3.2.4-1 +CVE-2017-5024 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) + {DSA-3776-1} + - chromium-browser 44.0.2403.157-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - ffmpeg 7:3.2.4-1 +CVE-2017-5023 (Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5022 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5021 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5020 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5019 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Win ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5018 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5017 (Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5016 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5015 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56 ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5014 (Heap buffer overflow during image processing in Skia in Google Chrome ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5013 (Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5012 (A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 fo ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2017-5011 (Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitiz ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5010 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5009 (WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and M ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5008 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5007 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5006 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Ma ...) + {DSA-3776-1} + - chromium-browser 56.0.2924.76-3 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-5005 (Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 ...) + NOT-FOR-US: Quickheal +CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the Western ...) + NOT-FOR-US: Western Digital MyCloud NAS +CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the Western ...) + NOT-FOR-US: Western Digital MyCloud NAS +CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR ...) + NOT-FOR-US: NETGEAR devices +CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...) + - piwigo +CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software' ...) + NOT-FOR-US: Hitek +CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek So ...) + NOT-FOR-US: Hitek +CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when encry ...) + NOT-FOR-US: Hitek +CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...) + NOT-FOR-US: Hitek +CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate arc ...) + - borgbackup 1.0.9-1 + NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability +CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic pro ...) + - borgbackup 1.0.9-1 + NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability +CVE-2017-5333 (Integer overflow in the extract_group_icon_cursor_resource function in ...) + {DSA-3765-1 DLA-789-1} + - icoutils 0.31.1-1 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a + NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in + NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a" + NOTE: http://seclists.org/oss-sec/2017/q1/56 +CVE-2017-5332 (The extract_group_icon_cursor_resource in wrestool/extract.c in icouti ...) + {DSA-3765-1 DLA-789-1} + - icoutils 0.31.1-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a + NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4 + NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in + NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a." +CVE-2017-5331 (Integer overflow in the check_offset function in b/wrestool/fileread.c ...) + {DSA-3765-1 DLA-789-1} + - icoutils 0.31.1-1 + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/10/4 +CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 all ...) + {DSA-3756-1 DLA-789-1} + - icoutils 0.31.0-4 (bug #850017) + NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/08/1 +CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandle ...) + - php7.1 7.1.1-1 (bug #852022) + - php7.0 7.0.15-1 (bug #850158) + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73832 + NOTE: Fixed in PHP 7.1.1, 7.0.15 +CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a remot ...) + {DSA-3752-1 DLA-778-1} + - pcsc-lite 1.8.20-1 + NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22 + NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b + NOTE: https://www.openwall.com/lists/oss-security/2017/01/03/2 +CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before 2 ...) + NOT-FOR-US: SendQuick Entera and Avera devices +CVE-2016-10097 (XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/ ...) + NOT-FOR-US: OpenAM +CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 a ...) + NOT-FOR-US: GenixCMS +CVE-2016-10090 + RESERVED +CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service De ...) + NOT-FOR-US: CA Service Desk Manager +CVE-2017-5004 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...) + NOT-FOR-US: RSA Identity Governance and Lifecycle +CVE-2017-5003 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all p ...) + NOT-FOR-US: RSA Identity Governance and Lifecycle +CVE-2017-5002 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) + NOT-FOR-US: EMC +CVE-2017-5001 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) + NOT-FOR-US: EMC +CVE-2017-5000 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) + NOT-FOR-US: EMC +CVE-2017-4999 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) + NOT-FOR-US: EMC +CVE-2017-4998 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...) + NOT-FOR-US: EMC +CVE-2017-4997 (EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an un ...) + NOT-FOR-US: EMC +CVE-2017-4996 + REJECTED +CVE-2017-4995 (An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE throu ...) + - libspring-security-java (bug #582181) + NOTE: https://pivotal.io/security/cve-2017-4995 +CVE-2017-4994 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4993 + REJECTED +CVE-2017-4992 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-23 ...) + NOT-FOR-US: EMC +CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-3 ...) + NOT-FOR-US: EMC +CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is a ...) + NOT-FOR-US: EMC +CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + NOT-FOR-US: EMC +CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...) + NOT-FOR-US: EMC +CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + NOT-FOR-US: EMC +CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...) + NOT-FOR-US: EMC +CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1 ...) + NOT-FOR-US: EMC Data Domain OS +CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1 ...) + NOT-FOR-US: EMC Mainframe +CVE-2017-4981 (EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper cert ...) + NOT-FOR-US: EMC +CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that ma ...) + NOT-FOR-US: EMC +CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2 ...) + NOT-FOR-US: EMC +CVE-2017-4978 (EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 ...) + NOT-FOR-US: EMC +CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified Collect ...) + NOT-FOR-US: EMC +CVE-2017-4976 (EMC ESRS Policy Manager prior to 6.8 contains an undocumented account ...) + NOT-FOR-US: EMC +CVE-2017-4975 (An issue was discovered in Pivotal PCF Tile Generator versions prior t ...) + NOT-FOR-US: Pivotal PCF Tile Generator +CVE-2017-4974 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4973 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4972 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4971 (An issue was discovered in Pivotal Spring Web Flow through 2.4.4. Appl ...) + NOT-FOR-US: Spring Web Flow +CVE-2017-4970 (An issue was discovered in Cloud Foundry Foundation cf-release v255 an ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v25 ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4968 + REJECTED +CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} + - rabbitmq-server 3.6.10-1 (low; bug #863586) + [jessie] - rabbitmq-server (Minor issue) + [wheezy] - rabbitmq-server (Minor issue) +CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} + - rabbitmq-server 3.6.10-1 (low; bug #863586) + [jessie] - rabbitmq-server (Vulnerable code introduced later) + [wheezy] - rabbitmq-server (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9) + NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0) +CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...) + {DLA-2710-1} + - rabbitmq-server 3.6.10-1 (low; bug #863586) + [jessie] - rabbitmq-server (Minor issue) + [wheezy] - rabbitmq-server (Minor issue) +CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry rele ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4962 + REJECTED +CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UA ...) + NOT-FOR-US: Cloud Foundry +CVE-2017-4959 (An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions ...) + NOT-FOR-US: Pivotal PCF Elastic Runtime +CVE-2017-4958 + REJECTED +CVE-2017-4957 + REJECTED +CVE-2017-4956 + REJECTED +CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...) + NOT-FOR-US: Pivotal PCF Elastic Runtime +CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in tif_dir. ...) + {DLA-984-1 DLA-983-1} + - tiff 4.0.8-2 (bug #850316) + [jessie] - tiff 4.0.3-12.3+deb8u4 + - tiff3 + NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit + NOTE: While the _TIFFVGetField function is a generic function, CVE IDs seem to be + NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095 refers to the + NOTE: tiffsplit tool + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625 + NOTE: Fixes as per http://bugzilla.maptools.org/show_bug.cgi?id=2580 +CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in tools ...) + {DSA-3762-1} + - tiff 4.0.7-4 + [wheezy] - tiff (vulnerable code introduced later) + - tiff3 (vulnerable code introduced later) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c +CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9 ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (libtiff-tools not shipped by this source package) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec +CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-2 + - tiff3 + [wheezy] - tiff3 (libtiff-tools not shipped by this source package) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620 + NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a +CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote att ...) + - unrtf 0.21.9-clean-3 (bug #849705) + [jessie] - unrtf 0.21.5-3+deb8u1 + [wheezy] - unrtf (Minor issue) + NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406 +CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote authenticate ...) + - piwigo +CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenti ...) + - piwigo +CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo ...) + - piwigo +CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through 2.0.5 is vu ...) + - serendipity +CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...) + - shutter 0.93.1-1.3 (bug #849777) + [jessie] - shutter 0.92-0.1+deb8u2 + [wheezy] - shutter (Minor issue) + NOTE: https://bugs.launchpad.net/shutter/+bug/1652600 +CVE-2016-10080 + RESERVED +CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...) + NOT-FOR-US: SAPlpd +CVE-2016-10078 + RESERVED +CVE-2016-10077 + RESERVED +CVE-2016-10076 + RESERVED +CVE-2017-4954 + RESERVED +CVE-2017-4953 + RESERVED +CVE-2017-4952 (VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR ...) + NOT-FOR-US: VMware Xenon +CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) co ...) + NOT-FOR-US: VMware AirWatch Console +CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow vulnerabilit ...) + NOT-FOR-US: VMware +CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability i ...) + NOT-FOR-US: VMware +CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Clie ...) + NOT-FOR-US: VMware +CVE-2017-4947 (VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Contai ...) + NOT-FOR-US: VMware Realize Automation +CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a pr ...) + NOT-FOR-US: VMware +CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...) + NOT-FOR-US: VMware +CVE-2017-4944 + RESERVED +CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...) + NOT-FOR-US: VMware +CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control vulnera ...) + NOT-FOR-US: VMware +CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG ...) + NOT-FOR-US: VMware +CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...) + NOT-FOR-US: VMware +CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL hijac ...) + NOT-FOR-US: VMware +CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) + NOT-FOR-US: VMware +CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) + NOT-FOR-US: VMware +CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) + NOT-FOR-US: VMware +CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for Wi ...) + NOT-FOR-US: VMware +CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...) + NOT-FOR-US: VMware +CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x befor ...) + NOT-FOR-US: VMware +CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnera ...) + NOT-FOR-US: VMware +CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...) + NOT-FOR-US: VMware +CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability th ...) + NOT-FOR-US: VMware +CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...) + NOT-FOR-US: VMware +CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...) + NOT-FOR-US: VMware +CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) d ...) + NOT-FOR-US: VMware +CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability t ...) + NOT-FOR-US: VMware +CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without p ...) + NOT-FOR-US: VMware +CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...) + NOT-FOR-US: VMware +CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...) + NOT-FOR-US: VMware +CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information di ...) + NOT-FOR-US: VMware +CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure libra ...) + NOT-FOR-US: VMware +CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x pri ...) + NOT-FOR-US: VMware +CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...) + NOT-FOR-US: VMware vCenter Server +CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...) + NOT-FOR-US: VMware +CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x lo ...) + NOT-FOR-US: VMware +CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference vuln ...) + NOT-FOR-US: VMware +CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading vul ...) + NOT-FOR-US: VMware +CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x co ...) + NOT-FOR-US: VMware +CVE-2017-4913 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4912 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4911 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4910 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4909 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4908 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...) + NOT-FOR-US: VMware +CVE-2017-4907 (VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and ...) + NOT-FOR-US: VMware +CVE-2017-4906 + RESERVED +CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...) + NOT-FOR-US: VMware +CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410 ...) + NOT-FOR-US: VMware +CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without pat ...) + NOT-FOR-US: VMware +CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without pat ...) + NOT-FOR-US: VMware +CVE-2017-4901 (The drag-and-drop (DnD) function in VMware Workstation 12.x before ver ...) + NOT-FOR-US: VMware +CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL point ...) + NOT-FOR-US: VMware +CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security v ...) + NOT-FOR-US: VMware +CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL loadin ...) + NOT-FOR-US: VMware +CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists ...) + NOT-FOR-US: VMware Horizon DaaS +CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a r ...) + NOT-FOR-US: Airwatch Inbox for Android +CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a d ...) + NOT-FOR-US: Airwatch Inbox for Android +CVE-2017-4894 + REJECTED +CVE-2017-4893 + REJECTED +CVE-2017-4892 + REJECTED +CVE-2017-4891 + REJECTED +CVE-2017-4890 + REJECTED +CVE-2017-4889 + REJECTED +CVE-2017-4888 + REJECTED +CVE-2017-4887 + REJECTED +CVE-2017-4886 + REJECTED +CVE-2017-4885 + REJECTED +CVE-2017-4884 + REJECTED +CVE-2017-4883 + REJECTED +CVE-2017-4882 + REJECTED +CVE-2017-4881 + REJECTED +CVE-2017-4880 + REJECTED +CVE-2017-4879 + REJECTED +CVE-2017-4878 + REJECTED +CVE-2017-4877 + REJECTED +CVE-2017-4876 + REJECTED +CVE-2017-4875 + REJECTED +CVE-2017-4874 + REJECTED +CVE-2017-4873 + REJECTED +CVE-2017-4872 + REJECTED +CVE-2017-4871 + REJECTED +CVE-2017-4870 + REJECTED +CVE-2017-4869 + REJECTED +CVE-2017-4868 + REJECTED +CVE-2017-4867 + REJECTED +CVE-2017-4866 + REJECTED +CVE-2017-4865 + REJECTED +CVE-2017-4864 + REJECTED +CVE-2017-4863 + REJECTED +CVE-2017-4862 + REJECTED +CVE-2017-4861 + REJECTED +CVE-2017-4860 + REJECTED +CVE-2017-4859 + REJECTED +CVE-2017-4858 + REJECTED +CVE-2017-4857 + REJECTED +CVE-2017-4856 + REJECTED +CVE-2017-4855 + REJECTED +CVE-2017-4854 + REJECTED +CVE-2017-4853 + REJECTED +CVE-2017-4852 + REJECTED +CVE-2017-4851 + REJECTED +CVE-2017-4850 + REJECTED +CVE-2017-4849 + REJECTED +CVE-2017-4848 + REJECTED +CVE-2017-4847 + REJECTED +CVE-2017-4846 + REJECTED +CVE-2017-4845 + REJECTED +CVE-2017-4844 + REJECTED +CVE-2017-4843 + REJECTED +CVE-2017-4842 + REJECTED +CVE-2017-4841 + REJECTED +CVE-2017-4840 + REJECTED +CVE-2017-4839 + REJECTED +CVE-2017-4838 + REJECTED +CVE-2017-4837 + REJECTED +CVE-2017-4836 + REJECTED +CVE-2017-4835 + REJECTED +CVE-2017-4834 + REJECTED +CVE-2017-4833 + REJECTED +CVE-2017-4832 + REJECTED +CVE-2017-4831 + REJECTED +CVE-2017-4830 + REJECTED +CVE-2017-4829 + REJECTED +CVE-2017-4828 + REJECTED +CVE-2017-4827 + REJECTED +CVE-2017-4826 + REJECTED +CVE-2017-4825 + REJECTED +CVE-2017-4824 + REJECTED +CVE-2017-4823 + REJECTED +CVE-2017-4822 + REJECTED +CVE-2017-4821 + REJECTED +CVE-2017-4820 + REJECTED +CVE-2017-4819 + REJECTED +CVE-2017-4818 + REJECTED +CVE-2017-4817 + REJECTED +CVE-2017-4816 + REJECTED +CVE-2017-4815 + REJECTED +CVE-2017-4814 + REJECTED +CVE-2017-4813 + REJECTED +CVE-2017-4812 + REJECTED +CVE-2017-4811 + REJECTED +CVE-2017-4810 + REJECTED +CVE-2017-4809 + REJECTED +CVE-2017-4808 + REJECTED +CVE-2017-4807 + REJECTED +CVE-2017-4806 + REJECTED +CVE-2017-4805 + REJECTED +CVE-2017-4804 + REJECTED +CVE-2017-4803 + REJECTED +CVE-2017-4802 + REJECTED +CVE-2017-4801 + REJECTED +CVE-2017-4800 + REJECTED +CVE-2017-4799 + REJECTED +CVE-2017-4798 + REJECTED +CVE-2017-4797 + REJECTED +CVE-2017-4796 + REJECTED +CVE-2017-4795 + REJECTED +CVE-2017-4794 + REJECTED +CVE-2017-4793 + REJECTED +CVE-2017-4792 + REJECTED +CVE-2017-4791 + REJECTED +CVE-2017-4790 + REJECTED +CVE-2017-4789 + REJECTED +CVE-2017-4788 + REJECTED +CVE-2017-4787 + REJECTED +CVE-2017-4786 + REJECTED +CVE-2017-4785 + REJECTED +CVE-2017-4784 + REJECTED +CVE-2017-4783 + REJECTED +CVE-2017-4782 + REJECTED +CVE-2017-4781 + REJECTED +CVE-2017-4780 + REJECTED +CVE-2017-4779 + REJECTED +CVE-2017-4778 + REJECTED +CVE-2017-4777 + REJECTED +CVE-2017-4776 + REJECTED +CVE-2017-4775 + REJECTED +CVE-2017-4774 + REJECTED +CVE-2017-4773 + REJECTED +CVE-2017-4772 + REJECTED +CVE-2017-4771 + REJECTED +CVE-2017-4770 + REJECTED +CVE-2017-4769 + REJECTED +CVE-2017-4768 + REJECTED +CVE-2017-4767 + REJECTED +CVE-2017-4766 + REJECTED +CVE-2017-4765 + REJECTED +CVE-2017-4764 + REJECTED +CVE-2017-4763 + REJECTED +CVE-2017-4762 + REJECTED +CVE-2017-4761 + REJECTED +CVE-2017-4760 + REJECTED +CVE-2017-4759 + REJECTED +CVE-2017-4758 + REJECTED +CVE-2017-4757 + REJECTED +CVE-2017-4756 + REJECTED +CVE-2017-4755 + REJECTED +CVE-2017-4754 + REJECTED +CVE-2017-4753 + REJECTED +CVE-2017-4752 + REJECTED +CVE-2017-4751 + REJECTED +CVE-2017-4750 + REJECTED +CVE-2017-4749 + REJECTED +CVE-2017-4748 + REJECTED +CVE-2017-4747 + REJECTED +CVE-2017-4746 + REJECTED +CVE-2017-4745 + REJECTED +CVE-2017-4744 + REJECTED +CVE-2017-4743 + REJECTED +CVE-2017-4742 + REJECTED +CVE-2017-4741 + REJECTED +CVE-2017-4740 + REJECTED +CVE-2017-4739 + REJECTED +CVE-2017-4738 + REJECTED +CVE-2017-4737 + REJECTED +CVE-2017-4736 + REJECTED +CVE-2017-4735 + REJECTED +CVE-2017-4734 + REJECTED +CVE-2017-4733 + REJECTED +CVE-2017-4732 + REJECTED +CVE-2017-4731 + REJECTED +CVE-2017-4730 + REJECTED +CVE-2017-4729 + REJECTED +CVE-2017-4728 + REJECTED +CVE-2017-4727 + REJECTED +CVE-2017-4726 + REJECTED +CVE-2017-4725 + REJECTED +CVE-2017-4724 + REJECTED +CVE-2017-4723 + REJECTED +CVE-2017-4722 + REJECTED +CVE-2017-4721 + REJECTED +CVE-2017-4720 + REJECTED +CVE-2017-4719 + REJECTED +CVE-2017-4718 + REJECTED +CVE-2017-4717 + REJECTED +CVE-2017-4716 + REJECTED +CVE-2017-4715 + REJECTED +CVE-2017-4714 + REJECTED +CVE-2017-4713 + REJECTED +CVE-2017-4712 + REJECTED +CVE-2017-4711 + REJECTED +CVE-2017-4710 + REJECTED +CVE-2017-4709 + REJECTED +CVE-2017-4708 + REJECTED +CVE-2017-4707 + REJECTED +CVE-2017-4706 + REJECTED +CVE-2017-4705 + REJECTED +CVE-2017-4704 + REJECTED +CVE-2017-4703 + REJECTED +CVE-2017-4702 + REJECTED +CVE-2017-4701 + REJECTED +CVE-2017-4700 + REJECTED +CVE-2017-4699 + REJECTED +CVE-2017-4698 + REJECTED +CVE-2017-4697 + REJECTED +CVE-2017-4696 + REJECTED +CVE-2017-4695 + REJECTED +CVE-2017-4694 + REJECTED +CVE-2017-4693 + REJECTED +CVE-2017-4692 + REJECTED +CVE-2017-4691 + REJECTED +CVE-2017-4690 + REJECTED +CVE-2017-4689 + REJECTED +CVE-2017-4688 + REJECTED +CVE-2017-4687 + REJECTED +CVE-2017-4686 + REJECTED +CVE-2017-4685 + REJECTED +CVE-2017-4684 + REJECTED +CVE-2017-4683 + REJECTED +CVE-2017-4682 + REJECTED +CVE-2017-4681 + REJECTED +CVE-2017-4680 + REJECTED +CVE-2017-4679 + REJECTED +CVE-2017-4678 + REJECTED +CVE-2017-4677 + REJECTED +CVE-2017-4676 + REJECTED +CVE-2017-4675 + REJECTED +CVE-2017-4674 + REJECTED +CVE-2017-4673 + REJECTED +CVE-2017-4672 + REJECTED +CVE-2017-4671 + REJECTED +CVE-2017-4670 + REJECTED +CVE-2017-4669 + REJECTED +CVE-2017-4668 + REJECTED +CVE-2017-4667 + REJECTED +CVE-2017-4666 + REJECTED +CVE-2017-4665 + REJECTED +CVE-2017-4664 + REJECTED +CVE-2017-4663 + REJECTED +CVE-2017-4662 + REJECTED +CVE-2017-4661 + REJECTED +CVE-2017-4660 + REJECTED +CVE-2017-4659 + REJECTED +CVE-2017-4658 + REJECTED +CVE-2017-4657 + REJECTED +CVE-2017-4656 + REJECTED +CVE-2017-4655 + REJECTED +CVE-2017-4654 + REJECTED +CVE-2017-4653 + REJECTED +CVE-2017-4652 + REJECTED +CVE-2017-4651 + REJECTED +CVE-2017-4650 + REJECTED +CVE-2017-4649 + REJECTED +CVE-2017-4648 + REJECTED +CVE-2017-4647 + REJECTED +CVE-2017-4646 + REJECTED +CVE-2017-4645 + REJECTED +CVE-2017-4644 + REJECTED +CVE-2017-4643 + REJECTED +CVE-2017-4642 + REJECTED +CVE-2017-4641 + REJECTED +CVE-2017-4640 + REJECTED +CVE-2017-4639 + REJECTED +CVE-2017-4638 + REJECTED +CVE-2017-4637 + REJECTED +CVE-2017-4636 + REJECTED +CVE-2017-4635 + REJECTED +CVE-2017-4634 + REJECTED +CVE-2017-4633 + REJECTED +CVE-2017-4632 + REJECTED +CVE-2017-4631 + REJECTED +CVE-2017-4630 + REJECTED +CVE-2017-4629 + REJECTED +CVE-2017-4628 + REJECTED +CVE-2017-4627 + REJECTED +CVE-2017-4626 + REJECTED +CVE-2017-4625 + REJECTED +CVE-2017-4624 + REJECTED +CVE-2017-4623 + REJECTED +CVE-2017-4622 + REJECTED +CVE-2017-4621 + REJECTED +CVE-2017-4620 + REJECTED +CVE-2017-4619 + REJECTED +CVE-2017-4618 + REJECTED +CVE-2017-4617 + REJECTED +CVE-2017-4616 + REJECTED +CVE-2017-4615 + REJECTED +CVE-2017-4614 + REJECTED +CVE-2017-4613 + REJECTED +CVE-2017-4612 + REJECTED +CVE-2017-4611 + REJECTED +CVE-2017-4610 + REJECTED +CVE-2017-4609 + REJECTED +CVE-2017-4608 + REJECTED +CVE-2017-4607 + REJECTED +CVE-2017-4606 + REJECTED +CVE-2017-4605 + REJECTED +CVE-2017-4604 + REJECTED +CVE-2017-4603 + REJECTED +CVE-2017-4602 + REJECTED +CVE-2017-4601 + REJECTED +CVE-2017-4600 + REJECTED +CVE-2017-4599 + REJECTED +CVE-2017-4598 + REJECTED +CVE-2017-4597 + REJECTED +CVE-2017-4596 + REJECTED +CVE-2017-4595 + REJECTED +CVE-2017-4594 + REJECTED +CVE-2017-4593 + REJECTED +CVE-2017-4592 + REJECTED +CVE-2017-4591 + REJECTED +CVE-2017-4590 + REJECTED +CVE-2017-4589 + REJECTED +CVE-2017-4588 + REJECTED +CVE-2017-4587 + REJECTED +CVE-2017-4586 + REJECTED +CVE-2017-4585 + REJECTED +CVE-2017-4584 + REJECTED +CVE-2017-4583 + REJECTED +CVE-2017-4582 + REJECTED +CVE-2017-4581 + REJECTED +CVE-2017-4580 + REJECTED +CVE-2017-4579 + REJECTED +CVE-2017-4578 + REJECTED +CVE-2017-4577 + REJECTED +CVE-2017-4576 + REJECTED +CVE-2017-4575 + REJECTED +CVE-2017-4574 + REJECTED +CVE-2017-4573 + REJECTED +CVE-2017-4572 + REJECTED +CVE-2017-4571 + REJECTED +CVE-2017-4570 + REJECTED +CVE-2017-4569 + REJECTED +CVE-2017-4568 + REJECTED +CVE-2017-4567 + REJECTED +CVE-2017-4566 + REJECTED +CVE-2017-4565 + REJECTED +CVE-2017-4564 + REJECTED +CVE-2017-4563 + REJECTED +CVE-2017-4562 + REJECTED +CVE-2017-4561 + REJECTED +CVE-2017-4560 + REJECTED +CVE-2017-4559 + REJECTED +CVE-2017-4558 + REJECTED +CVE-2017-4557 + REJECTED +CVE-2017-4556 + REJECTED +CVE-2017-4555 + REJECTED +CVE-2017-4554 + REJECTED +CVE-2017-4553 + REJECTED +CVE-2017-4552 + REJECTED +CVE-2017-4551 + REJECTED +CVE-2017-4550 + REJECTED +CVE-2017-4549 + REJECTED +CVE-2017-4548 + REJECTED +CVE-2017-4547 + REJECTED +CVE-2017-4546 + REJECTED +CVE-2017-4545 + REJECTED +CVE-2017-4544 + REJECTED +CVE-2017-4543 + REJECTED +CVE-2017-4542 + REJECTED +CVE-2017-4541 + REJECTED +CVE-2017-4540 + REJECTED +CVE-2017-4539 + REJECTED +CVE-2017-4538 + REJECTED +CVE-2017-4537 + REJECTED +CVE-2017-4536 + REJECTED +CVE-2017-4535 + REJECTED +CVE-2017-4534 + REJECTED +CVE-2017-4533 + REJECTED +CVE-2017-4532 + REJECTED +CVE-2017-4531 + REJECTED +CVE-2017-4530 + REJECTED +CVE-2017-4529 + REJECTED +CVE-2017-4528 + REJECTED +CVE-2017-4527 + REJECTED +CVE-2017-4526 + REJECTED +CVE-2017-4525 + REJECTED +CVE-2017-4524 + REJECTED +CVE-2017-4523 + REJECTED +CVE-2017-4522 + REJECTED +CVE-2017-4521 + REJECTED +CVE-2017-4520 + REJECTED +CVE-2017-4519 + REJECTED +CVE-2017-4518 + REJECTED +CVE-2017-4517 + REJECTED +CVE-2017-4516 + REJECTED +CVE-2017-4515 + REJECTED +CVE-2017-4514 + REJECTED +CVE-2017-4513 + REJECTED +CVE-2017-4512 + REJECTED +CVE-2017-4511 + REJECTED +CVE-2017-4510 + REJECTED +CVE-2017-4509 + REJECTED +CVE-2017-4508 + REJECTED +CVE-2017-4507 + REJECTED +CVE-2017-4506 + REJECTED +CVE-2017-4505 + REJECTED +CVE-2017-4504 + REJECTED +CVE-2017-4503 + REJECTED +CVE-2017-4502 + REJECTED +CVE-2017-4501 + REJECTED +CVE-2017-4500 + REJECTED +CVE-2017-4499 + REJECTED +CVE-2017-4498 + REJECTED +CVE-2017-4497 + REJECTED +CVE-2017-4496 + REJECTED +CVE-2017-4495 + REJECTED +CVE-2017-4494 + REJECTED +CVE-2017-4493 + REJECTED +CVE-2017-4492 + REJECTED +CVE-2017-4491 + REJECTED +CVE-2017-4490 + REJECTED +CVE-2017-4489 + REJECTED +CVE-2017-4488 + REJECTED +CVE-2017-4487 + REJECTED +CVE-2017-4486 + REJECTED +CVE-2017-4485 + REJECTED +CVE-2017-4484 + REJECTED +CVE-2017-4483 + REJECTED +CVE-2017-4482 + REJECTED +CVE-2017-4481 + REJECTED +CVE-2017-4480 + REJECTED +CVE-2017-4479 + REJECTED +CVE-2017-4478 + REJECTED +CVE-2017-4477 + REJECTED +CVE-2017-4476 + REJECTED +CVE-2017-4475 + REJECTED +CVE-2017-4474 + REJECTED +CVE-2017-4473 + REJECTED +CVE-2017-4472 + REJECTED +CVE-2017-4471 + REJECTED +CVE-2017-4470 + REJECTED +CVE-2017-4469 + REJECTED +CVE-2017-4468 + REJECTED +CVE-2017-4467 + REJECTED +CVE-2017-4466 + REJECTED +CVE-2017-4465 + REJECTED +CVE-2017-4464 + REJECTED +CVE-2017-4463 + REJECTED +CVE-2017-4462 + REJECTED +CVE-2017-4461 + REJECTED +CVE-2017-4460 + REJECTED +CVE-2017-4459 + REJECTED +CVE-2017-4458 + REJECTED +CVE-2017-4457 + REJECTED +CVE-2017-4456 + REJECTED +CVE-2017-4455 + REJECTED +CVE-2017-4454 + REJECTED +CVE-2017-4453 + REJECTED +CVE-2017-4452 + REJECTED +CVE-2017-4451 + REJECTED +CVE-2017-4450 + REJECTED +CVE-2017-4449 + REJECTED +CVE-2017-4448 + REJECTED +CVE-2017-4447 + REJECTED +CVE-2017-4446 + REJECTED +CVE-2017-4445 + REJECTED +CVE-2017-4444 + REJECTED +CVE-2017-4443 + REJECTED +CVE-2017-4442 + REJECTED +CVE-2017-4441 + REJECTED +CVE-2017-4440 + REJECTED +CVE-2017-4439 + REJECTED +CVE-2017-4438 + REJECTED +CVE-2017-4437 + REJECTED +CVE-2017-4436 + REJECTED +CVE-2017-4435 + REJECTED +CVE-2017-4434 + REJECTED +CVE-2017-4433 + REJECTED +CVE-2017-4432 + REJECTED +CVE-2017-4431 + REJECTED +CVE-2017-4430 + REJECTED +CVE-2017-4429 + REJECTED +CVE-2017-4428 + REJECTED +CVE-2017-4427 + REJECTED +CVE-2017-4426 + REJECTED +CVE-2017-4425 + REJECTED +CVE-2017-4424 + REJECTED +CVE-2017-4423 + REJECTED +CVE-2017-4422 + REJECTED +CVE-2017-4421 + REJECTED +CVE-2017-4420 + REJECTED +CVE-2017-4419 + REJECTED +CVE-2017-4418 + REJECTED +CVE-2017-4417 + REJECTED +CVE-2017-4416 + REJECTED +CVE-2017-4415 + REJECTED +CVE-2017-4414 + REJECTED +CVE-2017-4413 + REJECTED +CVE-2017-4412 + REJECTED +CVE-2017-4411 + REJECTED +CVE-2017-4410 + REJECTED +CVE-2017-4409 + REJECTED +CVE-2017-4408 + REJECTED +CVE-2017-4407 + REJECTED +CVE-2017-4406 + REJECTED +CVE-2017-4405 + REJECTED +CVE-2017-4404 + REJECTED +CVE-2017-4403 + REJECTED +CVE-2017-4402 + REJECTED +CVE-2017-4401 + REJECTED +CVE-2017-4400 + REJECTED +CVE-2017-4399 + REJECTED +CVE-2017-4398 + REJECTED +CVE-2017-4397 + REJECTED +CVE-2017-4396 + REJECTED +CVE-2017-4395 + REJECTED +CVE-2017-4394 + REJECTED +CVE-2017-4393 + REJECTED +CVE-2017-4392 + REJECTED +CVE-2017-4391 + REJECTED +CVE-2017-4390 + REJECTED +CVE-2017-4389 + REJECTED +CVE-2017-4388 + REJECTED +CVE-2017-4387 + REJECTED +CVE-2017-4386 + REJECTED +CVE-2017-4385 + REJECTED +CVE-2017-4384 + REJECTED +CVE-2017-4383 + REJECTED +CVE-2017-4382 + REJECTED +CVE-2017-4381 + REJECTED +CVE-2017-4380 + REJECTED +CVE-2017-4379 + REJECTED +CVE-2017-4378 + REJECTED +CVE-2017-4377 + REJECTED +CVE-2017-4376 + REJECTED +CVE-2017-4375 + REJECTED +CVE-2017-4374 + REJECTED +CVE-2017-4373 + REJECTED +CVE-2017-4372 + REJECTED +CVE-2017-4371 + REJECTED +CVE-2017-4370 + REJECTED +CVE-2017-4369 + REJECTED +CVE-2017-4368 + REJECTED +CVE-2017-4367 + REJECTED +CVE-2017-4366 + REJECTED +CVE-2017-4365 + REJECTED +CVE-2017-4364 + REJECTED +CVE-2017-4363 + REJECTED +CVE-2017-4362 + REJECTED +CVE-2017-4361 + REJECTED +CVE-2017-4360 + REJECTED +CVE-2017-4359 + REJECTED +CVE-2017-4358 + REJECTED +CVE-2017-4357 + REJECTED +CVE-2017-4356 + REJECTED +CVE-2017-4355 + REJECTED +CVE-2017-4354 + REJECTED +CVE-2017-4353 + REJECTED +CVE-2017-4352 + REJECTED +CVE-2017-4351 + REJECTED +CVE-2017-4350 + REJECTED +CVE-2017-4349 + REJECTED +CVE-2017-4348 + REJECTED +CVE-2017-4347 + REJECTED +CVE-2017-4346 + REJECTED +CVE-2017-4345 + REJECTED +CVE-2017-4344 + REJECTED +CVE-2017-4343 + REJECTED +CVE-2017-4342 + REJECTED +CVE-2017-4341 + REJECTED +CVE-2017-4340 + REJECTED +CVE-2017-4339 + REJECTED +CVE-2017-4338 + REJECTED +CVE-2017-4337 + REJECTED +CVE-2017-4336 + REJECTED +CVE-2017-4335 + REJECTED +CVE-2017-4334 + REJECTED +CVE-2017-4333 + REJECTED +CVE-2017-4332 + REJECTED +CVE-2017-4331 + REJECTED +CVE-2017-4330 + REJECTED +CVE-2017-4329 + REJECTED +CVE-2017-4328 + REJECTED +CVE-2017-4327 + REJECTED +CVE-2017-4326 + REJECTED +CVE-2017-4325 + REJECTED +CVE-2017-4324 + REJECTED +CVE-2017-4323 + REJECTED +CVE-2017-4322 + REJECTED +CVE-2017-4321 + REJECTED +CVE-2017-4320 + REJECTED +CVE-2017-4319 + REJECTED +CVE-2017-4318 + REJECTED +CVE-2017-4317 + REJECTED +CVE-2017-4316 + REJECTED +CVE-2017-4315 + REJECTED +CVE-2017-4314 + REJECTED +CVE-2017-4313 + REJECTED +CVE-2017-4312 + REJECTED +CVE-2017-4311 + REJECTED +CVE-2017-4310 + REJECTED +CVE-2017-4309 + REJECTED +CVE-2017-4308 + REJECTED +CVE-2017-4307 + REJECTED +CVE-2017-4306 + REJECTED +CVE-2017-4305 + REJECTED +CVE-2017-4304 + REJECTED +CVE-2017-4303 + REJECTED +CVE-2017-4302 + REJECTED +CVE-2017-4301 + REJECTED +CVE-2017-4300 + REJECTED +CVE-2017-4299 + REJECTED +CVE-2017-4298 + REJECTED +CVE-2017-4297 + REJECTED +CVE-2017-4296 + REJECTED +CVE-2017-4295 + REJECTED +CVE-2017-4294 + REJECTED +CVE-2017-4293 + REJECTED +CVE-2017-4292 + REJECTED +CVE-2017-4291 + REJECTED +CVE-2017-4290 + REJECTED +CVE-2017-4289 + REJECTED +CVE-2017-4288 + REJECTED +CVE-2017-4287 + REJECTED +CVE-2017-4286 + REJECTED +CVE-2017-4285 + REJECTED +CVE-2017-4284 + REJECTED +CVE-2017-4283 + REJECTED +CVE-2017-4282 + REJECTED +CVE-2017-4281 + REJECTED +CVE-2017-4280 + REJECTED +CVE-2017-4279 + REJECTED +CVE-2017-4278 + REJECTED +CVE-2017-4277 + REJECTED +CVE-2017-4276 + REJECTED +CVE-2017-4275 + REJECTED +CVE-2017-4274 + REJECTED +CVE-2017-4273 + REJECTED +CVE-2017-4272 + REJECTED +CVE-2017-4271 + REJECTED +CVE-2017-4270 + REJECTED +CVE-2017-4269 + REJECTED +CVE-2017-4268 + REJECTED +CVE-2017-4267 + REJECTED +CVE-2017-4266 + REJECTED +CVE-2017-4265 + REJECTED +CVE-2017-4264 + REJECTED +CVE-2017-4263 + REJECTED +CVE-2017-4262 + REJECTED +CVE-2017-4261 + REJECTED +CVE-2017-4260 + REJECTED +CVE-2017-4259 + REJECTED +CVE-2017-4258 + REJECTED +CVE-2017-4257 + REJECTED +CVE-2017-4256 + REJECTED +CVE-2017-4255 + REJECTED +CVE-2017-4254 + REJECTED +CVE-2017-4253 + REJECTED +CVE-2017-4252 + REJECTED +CVE-2017-4251 + REJECTED +CVE-2017-4250 + REJECTED +CVE-2017-4249 + REJECTED +CVE-2017-4248 + REJECTED +CVE-2017-4247 + REJECTED +CVE-2017-4246 + REJECTED +CVE-2017-4245 + REJECTED +CVE-2017-4244 + REJECTED +CVE-2017-4243 + REJECTED +CVE-2017-4242 + REJECTED +CVE-2017-4241 + REJECTED +CVE-2017-4240 + REJECTED +CVE-2017-4239 + REJECTED +CVE-2017-4238 + REJECTED +CVE-2017-4237 + REJECTED +CVE-2017-4236 + REJECTED +CVE-2017-4235 + REJECTED +CVE-2017-4234 + REJECTED +CVE-2017-4233 + REJECTED +CVE-2017-4232 + REJECTED +CVE-2017-4231 + REJECTED +CVE-2017-4230 + REJECTED +CVE-2017-4229 + REJECTED +CVE-2017-4228 + REJECTED +CVE-2017-4227 + REJECTED +CVE-2017-4226 + REJECTED +CVE-2017-4225 + REJECTED +CVE-2017-4224 + REJECTED +CVE-2017-4223 + REJECTED +CVE-2017-4222 + REJECTED +CVE-2017-4221 + REJECTED +CVE-2017-4220 + REJECTED +CVE-2017-4219 + REJECTED +CVE-2017-4218 + REJECTED +CVE-2017-4217 + REJECTED +CVE-2017-4216 + REJECTED +CVE-2017-4215 + REJECTED +CVE-2017-4214 + REJECTED +CVE-2017-4213 + REJECTED +CVE-2017-4212 + REJECTED +CVE-2017-4211 + REJECTED +CVE-2017-4210 + REJECTED +CVE-2017-4209 + REJECTED +CVE-2017-4208 + REJECTED +CVE-2017-4207 + REJECTED +CVE-2017-4206 + REJECTED +CVE-2017-4205 + REJECTED +CVE-2017-4204 + REJECTED +CVE-2017-4203 + REJECTED +CVE-2017-4202 + REJECTED +CVE-2017-4201 + REJECTED +CVE-2017-4200 + REJECTED +CVE-2017-4199 + REJECTED +CVE-2017-4198 + REJECTED +CVE-2017-4197 + REJECTED +CVE-2017-4196 + REJECTED +CVE-2017-4195 + REJECTED +CVE-2017-4194 + REJECTED +CVE-2017-4193 + REJECTED +CVE-2017-4192 + REJECTED +CVE-2017-4191 + REJECTED +CVE-2017-4190 + REJECTED +CVE-2017-4189 + REJECTED +CVE-2017-4188 + REJECTED +CVE-2017-4187 + REJECTED +CVE-2017-4186 + REJECTED +CVE-2017-4185 + REJECTED +CVE-2017-4184 + REJECTED +CVE-2017-4183 + REJECTED +CVE-2017-4182 + REJECTED +CVE-2017-4181 + REJECTED +CVE-2017-4180 + REJECTED +CVE-2017-4179 + REJECTED +CVE-2017-4178 + REJECTED +CVE-2017-4177 + REJECTED +CVE-2017-4176 + REJECTED +CVE-2017-4175 + REJECTED +CVE-2017-4174 + REJECTED +CVE-2017-4173 + REJECTED +CVE-2017-4172 + REJECTED +CVE-2017-4171 + REJECTED +CVE-2017-4170 + REJECTED +CVE-2017-4169 + REJECTED +CVE-2017-4168 + REJECTED +CVE-2017-4167 + REJECTED +CVE-2017-4166 + REJECTED +CVE-2017-4165 + REJECTED +CVE-2017-4164 + REJECTED +CVE-2017-4163 + REJECTED +CVE-2017-4162 + REJECTED +CVE-2017-4161 + REJECTED +CVE-2017-4160 + REJECTED +CVE-2017-4159 + REJECTED +CVE-2017-4158 + REJECTED +CVE-2017-4157 + REJECTED +CVE-2017-4156 + REJECTED +CVE-2017-4155 + REJECTED +CVE-2017-4154 + REJECTED +CVE-2017-4153 + REJECTED +CVE-2017-4152 + REJECTED +CVE-2017-4151 + REJECTED +CVE-2017-4150 + REJECTED +CVE-2017-4149 + REJECTED +CVE-2017-4148 + REJECTED +CVE-2017-4147 + REJECTED +CVE-2017-4146 + REJECTED +CVE-2017-4145 + REJECTED +CVE-2017-4144 + REJECTED +CVE-2017-4143 + REJECTED +CVE-2017-4142 + REJECTED +CVE-2017-4141 + REJECTED +CVE-2017-4140 + REJECTED +CVE-2017-4139 + REJECTED +CVE-2017-4138 + REJECTED +CVE-2017-4137 + REJECTED +CVE-2017-4136 + REJECTED +CVE-2017-4135 + REJECTED +CVE-2017-4134 + REJECTED +CVE-2017-4133 + REJECTED +CVE-2017-4132 + REJECTED +CVE-2017-4131 + REJECTED +CVE-2017-4130 + REJECTED +CVE-2017-4129 + REJECTED +CVE-2017-4128 + REJECTED +CVE-2017-4127 + REJECTED +CVE-2017-4126 + REJECTED +CVE-2017-4125 + REJECTED +CVE-2017-4124 + REJECTED +CVE-2017-4123 + REJECTED +CVE-2017-4122 + REJECTED +CVE-2017-4121 + REJECTED +CVE-2017-4120 + REJECTED +CVE-2017-4119 + REJECTED +CVE-2017-4118 + REJECTED +CVE-2017-4117 + REJECTED +CVE-2017-4116 + REJECTED +CVE-2017-4115 + REJECTED +CVE-2017-4114 + REJECTED +CVE-2017-4113 + REJECTED +CVE-2017-4112 + REJECTED +CVE-2017-4111 + REJECTED +CVE-2017-4110 + REJECTED +CVE-2017-4109 + REJECTED +CVE-2017-4108 + REJECTED +CVE-2017-4107 + REJECTED +CVE-2017-4106 + REJECTED +CVE-2017-4105 + REJECTED +CVE-2017-4104 + REJECTED +CVE-2017-4103 + REJECTED +CVE-2017-4102 + REJECTED +CVE-2017-4101 + REJECTED +CVE-2017-4100 + REJECTED +CVE-2017-4099 + REJECTED +CVE-2017-4098 + REJECTED +CVE-2017-4097 + REJECTED +CVE-2017-4096 + REJECTED +CVE-2017-4095 + REJECTED +CVE-2017-4094 + REJECTED +CVE-2017-4093 + REJECTED +CVE-2017-4092 + REJECTED +CVE-2017-4091 + REJECTED +CVE-2017-4090 + REJECTED +CVE-2017-4089 + REJECTED +CVE-2017-4088 + REJECTED +CVE-2017-4087 + REJECTED +CVE-2017-4086 + REJECTED +CVE-2017-4085 + REJECTED +CVE-2017-4084 + REJECTED +CVE-2017-4083 + REJECTED +CVE-2017-4082 + REJECTED +CVE-2017-4081 + REJECTED +CVE-2017-4080 + REJECTED +CVE-2017-4079 + REJECTED +CVE-2017-4078 + REJECTED +CVE-2017-4077 + REJECTED +CVE-2017-4076 + REJECTED +CVE-2017-4075 + REJECTED +CVE-2017-4074 + REJECTED +CVE-2017-4073 + REJECTED +CVE-2017-4072 + REJECTED +CVE-2017-4071 + REJECTED +CVE-2017-4070 + REJECTED +CVE-2017-4069 + REJECTED +CVE-2017-4068 + REJECTED +CVE-2017-4067 + REJECTED +CVE-2017-4066 + REJECTED +CVE-2017-4065 + REJECTED +CVE-2017-4064 + REJECTED +CVE-2017-4063 + REJECTED +CVE-2017-4062 + REJECTED +CVE-2017-4061 + REJECTED +CVE-2017-4060 + REJECTED +CVE-2017-4059 + REJECTED +CVE-2017-4058 + REJECTED +CVE-2017-4057 (Privilege Escalation vulnerability in the web interface in McAfee Adva ...) + NOT-FOR-US: McAfee +CVE-2017-4056 + REJECTED +CVE-2017-4055 (Exploitation of Authentication vulnerability in the web interface in M ...) + NOT-FOR-US: McAfee +CVE-2017-4054 (Command Injection vulnerability in the web interface in McAfee Advance ...) + NOT-FOR-US: McAfee +CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee Advance ...) + NOT-FOR-US: McAfee +CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee Adv ...) + NOT-FOR-US: McAfee +CVE-2017-4051 + REJECTED +CVE-2017-4050 + REJECTED +CVE-2017-4049 + REJECTED +CVE-2017-4048 + REJECTED +CVE-2017-4047 + REJECTED +CVE-2017-4046 + REJECTED +CVE-2017-4045 + REJECTED +CVE-2017-4044 + REJECTED +CVE-2017-4043 + REJECTED +CVE-2017-4042 + REJECTED +CVE-2017-4041 + REJECTED +CVE-2017-4040 + REJECTED +CVE-2017-4039 + REJECTED +CVE-2017-4038 + REJECTED +CVE-2017-4037 + REJECTED +CVE-2017-4036 + REJECTED +CVE-2017-4035 + REJECTED +CVE-2017-4034 + REJECTED +CVE-2017-4033 + REJECTED +CVE-2017-4032 + REJECTED +CVE-2017-4031 + REJECTED +CVE-2017-4030 + REJECTED +CVE-2017-4029 + REJECTED +CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft Wind ...) + NOT-FOR-US: MacAfee +CVE-2017-4027 + REJECTED +CVE-2017-4026 + REJECTED +CVE-2017-4025 + REJECTED +CVE-2017-4024 + REJECTED +CVE-2017-4023 + REJECTED +CVE-2017-4022 + REJECTED +CVE-2017-4021 + REJECTED +CVE-2017-4020 + REJECTED +CVE-2017-4019 + REJECTED +CVE-2017-4018 + REJECTED +CVE-2017-4017 (User Name Disclosure in the server in McAfee Network Data Loss Prevent ...) + NOT-FOR-US: McAfee +CVE-2017-4016 (Web Server method disclosure in the server in McAfee Network Data Loss ...) + NOT-FOR-US: McAfee +CVE-2017-4015 (Clickjacking vulnerability in the server in McAfee Network Data Loss P ...) + NOT-FOR-US: McAfee +CVE-2017-4014 (Session Side jacking vulnerability in the server in McAfee Network Dat ...) + NOT-FOR-US: McAfee +CVE-2017-4013 (Banner Disclosure in the server in McAfee Network Data Loss Prevention ...) + NOT-FOR-US: McAfee +CVE-2017-4012 (Privilege Escalation vulnerability in the server in McAfee Network Dat ...) + NOT-FOR-US: McAfee +CVE-2017-4011 (Embedding Script (XSS) in HTTP Headers vulnerability in the server in ...) + NOT-FOR-US: McAfee +CVE-2017-4010 + REJECTED +CVE-2017-4009 + REJECTED +CVE-2017-4008 + REJECTED +CVE-2017-4007 + REJECTED +CVE-2017-4006 + REJECTED +CVE-2017-4005 + REJECTED +CVE-2017-4004 + REJECTED +CVE-2017-4003 + REJECTED +CVE-2017-4002 + REJECTED +CVE-2017-4001 + REJECTED +CVE-2017-4000 + REJECTED +CVE-2017-3999 + REJECTED +CVE-2017-3998 + REJECTED +CVE-2017-3997 + REJECTED +CVE-2017-3996 + REJECTED +CVE-2017-3995 + REJECTED +CVE-2017-3994 + REJECTED +CVE-2017-3993 + REJECTED +CVE-2017-3992 + REJECTED +CVE-2017-3991 + REJECTED +CVE-2017-3990 + REJECTED +CVE-2017-3989 + REJECTED +CVE-2017-3988 + REJECTED +CVE-2017-3987 + REJECTED +CVE-2017-3986 + REJECTED +CVE-2017-3985 + REJECTED +CVE-2017-3984 + REJECTED +CVE-2017-3983 + REJECTED +CVE-2017-3982 + REJECTED +CVE-2017-3981 + REJECTED +CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in McAfee ePo ...) + NOT-FOR-US: McAfee ePolicy Orchestrator +CVE-2017-3979 + REJECTED +CVE-2017-3978 + REJECTED +CVE-2017-3977 + REJECTED +CVE-2017-3976 + REJECTED +CVE-2017-3975 + REJECTED +CVE-2017-3974 + REJECTED +CVE-2017-3973 + REJECTED +CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...) + NOT-FOR-US: McAfee +CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network Sec ...) + NOT-FOR-US: McAfee +CVE-2017-3970 + REJECTED +CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...) + NOT-FOR-US: McAfee +CVE-2017-3968 (Session fixation vulnerability in the web interface in McAfee Network ...) + NOT-FOR-US: McAfee +CVE-2017-3967 (Target influence via framing vulnerability in the web interface in McA ...) + NOT-FOR-US: McAfee +CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted cred ...) + NOT-FOR-US: McAfee +CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability i ...) + NOT-FOR-US: McAfee +CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web interfa ...) + NOT-FOR-US: McAfee +CVE-2017-3963 + REJECTED +CVE-2017-3962 (Password recovery exploitation vulnerability in the non-certificate-ba ...) + NOT-FOR-US: McAfee +CVE-2017-3961 (Cross-Site Scripting (XSS) vulnerability in the web interface in McAfe ...) + NOT-FOR-US: McAfee +CVE-2017-3960 (Exploitation of Authorization vulnerability in the web interface in Mc ...) + NOT-FOR-US: McAfee +CVE-2017-3959 + REJECTED +CVE-2017-3958 + REJECTED +CVE-2017-3957 + REJECTED +CVE-2017-3956 + REJECTED +CVE-2017-3955 + REJECTED +CVE-2017-3954 + REJECTED +CVE-2017-3953 + REJECTED +CVE-2017-3952 + REJECTED +CVE-2017-3951 + REJECTED +CVE-2017-3950 + REJECTED +CVE-2017-3949 + REJECTED +CVE-2017-3948 (Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee ...) + NOT-FOR-US: McAfee +CVE-2017-3947 + REJECTED +CVE-2017-3946 + REJECTED +CVE-2017-3945 + REJECTED +CVE-2017-3944 + REJECTED +CVE-2017-3943 + REJECTED +CVE-2017-3942 + REJECTED +CVE-2017-3941 + REJECTED +CVE-2017-3940 + REJECTED +CVE-2017-3939 + REJECTED +CVE-2017-3938 + REJECTED +CVE-2017-3937 + REJECTED +CVE-2017-3936 (OS Command Injection vulnerability in McAfee ePolicy Orchestrator (ePO ...) + NOT-FOR-US: McAfee +CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...) + NOT-FOR-US: McAfee Network Data Loss Prevention +CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...) + NOT-FOR-US: McAfee Network Data Loss Prevention +CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...) + NOT-FOR-US: McAfee Network Data Loss Prevention +CVE-2017-3932 + REJECTED +CVE-2017-3931 + REJECTED +CVE-2017-3930 + REJECTED +CVE-2017-3929 + REJECTED +CVE-2017-3928 + REJECTED +CVE-2017-3927 + REJECTED +CVE-2017-3926 + REJECTED +CVE-2017-3925 + REJECTED +CVE-2017-3924 + REJECTED +CVE-2017-3923 + REJECTED +CVE-2017-3922 + REJECTED +CVE-2017-3921 + REJECTED +CVE-2017-3920 + REJECTED +CVE-2017-3919 + REJECTED +CVE-2017-3918 + REJECTED +CVE-2017-3917 + REJECTED +CVE-2017-3916 + REJECTED +CVE-2017-3915 + REJECTED +CVE-2017-3914 + REJECTED +CVE-2017-3913 + REJECTED +CVE-2017-3912 (Bypassing password security vulnerability in McAfee Application and Ch ...) + NOT-FOR-US: McAfee +CVE-2017-3911 + REJECTED +CVE-2017-3910 + REJECTED +CVE-2017-3909 + REJECTED +CVE-2017-3908 + REJECTED +CVE-2017-3907 (Code Injection vulnerability in the ePolicy Orchestrator (ePO) extensi ...) + NOT-FOR-US: McAfee +CVE-2017-3906 + REJECTED +CVE-2017-3905 + REJECTED +CVE-2017-3904 + REJECTED +CVE-2017-3903 + REJECTED +CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface (UI ...) + NOT-FOR-US: Intel Security ePO +CVE-2017-3901 + REJECTED +CVE-2017-3900 + REJECTED +CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...) + NOT-FOR-US: Intel antivirus +CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...) + NOT-FOR-US: McAfee +CVE-2017-3897 (A Code Injection vulnerability in the non-certificate-based authentica ...) + NOT-FOR-US: McAfee +CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing capabili ...) + NOT-FOR-US: Intel McAfee +CVE-2017-3895 + REJECTED +CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...) + - libpng1.6 1.6.27-1 (bug #849799) + - libpng + [jessie] - libpng 1.2.50-2+deb8u3 + [wheezy] - libpng (Minor issue) + NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27 + NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba + NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16) + NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12) +CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local ...) + - tqdm 4.11.2-1 (bug #849632) + NOTE: https://github.com/tqdm/tqdm/issues/328 +CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...) + {DSA-3769-1 DLA-792-1} + - libphp-swiftmailer 5.4.2-1.1 (bug #849626) + NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html + NOTE: https://github.com/swiftmailer/swiftmailer/issues/844 + NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86 +CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums befo ...) + NOT-FOR-US: Vanilla Forums +CVE-2016-10072 (WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000. ...) + NOT-FOR-US: WampServer +CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 do ...) + - linux 4.7.8-1 + [jessie] - linux 3.16.43-1 + [wheezy] - linux (Changes required are too invasive) +CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM ...) + NOT-FOR-US: Radisys MRF Web Panel +CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (ak ...) + NOT-FOR-US: Arcadyan SLT-00 Star* devices +CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service Progr ...) + NOT-FOR-US: Sprecher Automation SPRECON-E Service +CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows rem ...) + - qt4-x11 4:4.8.7+dfsg-1 (low; bug #851058) + [jessie] - qt4-x11 (Minor issue) + [wheezy] - qt4-x11 (Minor issue) + - qtbase-opensource-src 5.2.0+dfsg-7 + NOTE: CVE assignment specific to https://www.openwall.com/lists/oss-security/2016/12/24/2 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/24/1 + NOTE: https://github.com/qt/qtbase/commit/f1053d94f59f053ce4acad9320df14f1fbe4faac +CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...) + NOT-FOR-US: MODX Revolution +CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...) + NOT-FOR-US: MODX Revolution +CVE-2016-10037 (Directory traversal in /connectors/index.php in MODX Revolution before ...) + NOT-FOR-US: MODX Revolution +CVE-2016-10036 (Unrestricted file upload vulnerability in ui/artifact/upload in JFrog ...) + NOT-FOR-US: JFrog Artifactory +CVE-2016-10035 + RESERVED +CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail componen ...) + - zendframework (Vulnerable code not present in ZF1, cf. #850215) + NOTE: https://framework.zend.com/security/advisory/ZF2016-04 + NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0 + NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html +CVE-2014-9914 (Race condition in the ip4_datagram_release_cb function in net/ipv4/dat ...) + - linux 3.16.2-1 + [wheezy] - linux (Vulnerable code introduced later) +CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote att ...) + - libphp-phpmailer (Incomplete fix not applied) + NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html +CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before 5.2. ...) + {DSA-3750-1 DLA-770-1} + - libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365) + NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html + NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449 + NOTE: Fix potentially incomplete, cf https://www.openwall.com/lists/oss-security/2016/12/28/1 + NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the + NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045. + NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html + NOTE: Needs followup: https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae + NOTE: Another followup: https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0 +CVE-2016-10032 + RESERVED +CVE-2016-10031 (WampServer 3.0.6 installs two services called 'wampapache' and 'wampmy ...) + NOT-FOR-US: WampServer +CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 1 ...) + {DLA-921-1} + - slurm-llnl 16.05.8-1 (bug #850491) + [jessie] - slurm-llnl 14.03.9-5+deb8u1 + NOTE: https://www.schedmd.com/news.php?id=178 + NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee +CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...) + NOT-FOR-US: BlackBerry +CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the defau ...) + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) +CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an inform ...) + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) +CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevat ...) + NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP) +CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry Watch ...) + NOT-FOR-US: BlackBerry +CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope ...) + NOT-FOR-US: Cisco +CVE-2017-3888 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-3887 (A vulnerability in the detection engine that handles Secure Sockets La ...) + NOT-FOR-US: Cisco +CVE-2017-3886 (A vulnerability in the Cisco Unified Communications Manager web interf ...) + NOT-FOR-US: Cisco +CVE-2017-3885 (A vulnerability in the detection engine reassembly of Secure Sockets L ...) + NOT-FOR-US: Cisco +CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...) + NOT-FOR-US: Cisco +CVE-2017-3883 (A vulnerability in the authentication, authorization, and accounting ( ...) + NOT-FOR-US: Cisco +CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation i ...) + NOT-FOR-US: Cisco +CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) process ...) + NOT-FOR-US: Cisco +CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings Server ...) + NOT-FOR-US: Cisco +CVE-2017-3879 (A Denial of Service vulnerability in the remote login functionality fo ...) + NOT-FOR-US: Cisco +CVE-2017-3878 (A Denial of Service vulnerability in the Telnet remote login functiona ...) + NOT-FOR-US: Cisco +CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...) + NOT-FOR-US: Cisco +CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco Airo ...) + NOT-FOR-US: Cisco +CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...) + NOT-FOR-US: Cisco +CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network management ...) + NOT-FOR-US: Cisco +CVE-2017-3870 (A vulnerability in the URL filtering feature of Cisco AsyncOS Software ...) + NOT-FOR-US: Cisco +CVE-2017-3869 (An API Credentials Management vulnerability in the APIs for Cisco Prim ...) + NOT-FOR-US: Cisco +CVE-2017-3868 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) + NOT-FOR-US: Cisco +CVE-2017-3867 (A vulnerability in the Border Gateway Protocol (BGP) Bidirectional For ...) + NOT-FOR-US: Cisco +CVE-2017-3866 (A vulnerability in the web framework code of Cisco Prime Service Catal ...) + NOT-FOR-US: Cisco +CVE-2017-3865 (A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR 5 ...) + NOT-FOR-US: Cisco +CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...) + NOT-FOR-US: Cisco +CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) + NOT-FOR-US: Cisco +CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) + NOT-FOR-US: Cisco +CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) + NOT-FOR-US: Cisco +CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 a ...) + NOT-FOR-US: Cisco +CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning featu ...) + NOT-FOR-US: Cisco +CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could al ...) + NOT-FOR-US: Cisco +CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing funct ...) + NOT-FOR-US: Cisco +CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through ...) + NOT-FOR-US: Cisco +CVE-2017-3855 + RESERVED +CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC ...) + NOT-FOR-US: Cisco +CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...) + NOT-FOR-US: Cisco +CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) compo ...) + NOT-FOR-US: Cisco +CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the C ...) + NOT-FOR-US: Cisco +CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) featu ...) + NOT-FOR-US: Cisco +CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) regis ...) + NOT-FOR-US: Cisco +CVE-2017-3848 (A vulnerability in the HTTP web-based management interface of Cisco Pr ...) + NOT-FOR-US: Cisco +CVE-2017-3847 (A vulnerability in the web framework of Cisco Firepower Management Cen ...) + NOT-FOR-US: Cisco +CVE-2017-3846 (A vulnerability in the Client Manager Server of Cisco Workload Automat ...) + NOT-FOR-US: Cisco +CVE-2017-3845 (A vulnerability in the web-based management interface of Cisco Prime C ...) + NOT-FOR-US: Cisco +CVE-2017-3844 (A vulnerability in exporting functions of the user interface for Cisco ...) + NOT-FOR-US: Cisco +CVE-2017-3843 (A vulnerability in the file download functions for Cisco Prime Collabo ...) + NOT-FOR-US: Cisco +CVE-2017-3842 (A vulnerability in the web-based management interface of the Cisco Int ...) + NOT-FOR-US: Cisco +CVE-2017-3841 (A vulnerability in the web interface of the Cisco Secure Access Contro ...) + NOT-FOR-US: Cisco +CVE-2017-3840 (A vulnerability in the web interface of the Cisco Secure Access Contro ...) + NOT-FOR-US: Cisco +CVE-2017-3839 (An XML External Entity vulnerability in the web-based user interface o ...) + NOT-FOR-US: Cisco +CVE-2017-3838 (A vulnerability in Cisco Secure Access Control System (ACS) could allo ...) + NOT-FOR-US: Cisco +CVE-2017-3837 (An HTTP Packet Processing vulnerability in the Web Bridge interface of ...) + NOT-FOR-US: Cisco +CVE-2017-3836 (A vulnerability in the web framework Cisco Unified Communications Mana ...) + NOT-FOR-US: Cisco +CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engin ...) + NOT-FOR-US: Cisco +CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 Se ...) + NOT-FOR-US: Cisco +CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN ...) + NOT-FOR-US: Cisco +CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Se ...) + NOT-FOR-US: Cisco +CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) c ...) + NOT-FOR-US: Cisco +CVE-2017-3829 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-3828 (A vulnerability in the web-based management interface of Cisco Unified ...) + NOT-FOR-US: Cisco +CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) + NOT-FOR-US: Cisco +CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) dec ...) + NOT-FOR-US: Cisco +CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco TelePre ...) + NOT-FOR-US: Cisco +CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series Co ...) + NOT-FOR-US: Cisco +CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on G ...) + NOT-FOR-US: Cisco +CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower Threat ...) + NOT-FOR-US: Cisco Firepower Threat Defense +CVE-2017-3821 (A vulnerability in the serviceability page of Cisco Unified Communicat ...) + NOT-FOR-US: Cisco +CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) functions ...) + NOT-FOR-US: Cisco IOS XE +CVE-2017-3819 (A privilege escalation vulnerability in the Secure Shell (SSH) subsyst ...) + NOT-FOR-US: Cisco +CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) sc ...) + NOT-FOR-US: Cisco Email Security Appliances +CVE-2017-3817 (A vulnerability in the role-based resource checking functionality of C ...) + NOT-FOR-US: Cisco +CVE-2017-3816 + RESERVED +CVE-2017-3815 (An API Privilege vulnerability in Cisco TelePresence Server Software c ...) + NOT-FOR-US: Cisco +CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow an unau ...) + NOT-FOR-US: Cisco Firepower System Software +CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco AnyCon ...) + NOT-FOR-US: Cisco +CVE-2017-3812 (A vulnerability in the implementation of Common Industrial Protocol (C ...) + NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches +CVE-2017-3811 (An XML External Entity vulnerability in Cisco WebEx Meetings Server co ...) + NOT-FOR-US: Cisco +CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service Catalog co ...) + NOT-FOR-US: Cisco Prime Service Catalog +CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...) + NOT-FOR-US: Cisco Firepower Management Center +CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttlin ...) + NOT-FOR-US: Cisco +CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the Clien ...) + NOT-FOR-US: Cisco +CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...) + NOT-FOR-US: Cisco Firepower +CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...) + NOT-FOR-US: Cisco IOS +CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS) ...) + NOT-FOR-US: Cisco +CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of Cisco 29 ...) + NOT-FOR-US: Cisco +CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...) + NOT-FOR-US: Cisco +CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...) + NOT-FOR-US: Cisco +CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS Softwa ...) + NOT-FOR-US: Cisco Email Security Appliance +CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...) + NOT-FOR-US: Cisco +CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the web-ba ...) + NOT-FOR-US: Cisco +CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an authenti ...) + NOT-FOR-US: Cisco +CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security Appli ...) + NOT-FOR-US: Cisco +CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...) + NOT-FOR-US: Cisco TelePresence +CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow a ...) + NOT-FOR-US: Cisco +CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway Seri ...) + NOT-FOR-US: Cisco Expressway +CVE-2016-5103 + REJECTED +CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the Sec ...) + - libsmack-java (bug #640873) +CVE-2016-10023 + REJECTED +CVE-2016-10022 + REJECTED +CVE-2016-10021 + REJECTED +CVE-2016-10020 + REJECTED +CVE-2016-10019 + REJECTED +CVE-2016-10018 + REJECTED +CVE-2016-10017 + REJECTED +CVE-2016-10016 + REJECTED +CVE-2016-10015 + REJECTED +CVE-2016-10014 + REJECTED +CVE-2016-9645 (The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in edi ...) + - ikiwiki 3.20161229 + [jessie] - ikiwiki (Incomplete fix for CVE-2016-10026 not applied) + [wheezy] - ikiwiki (Incomplete fix for CVE-2016-10026 not applied) + NOTE: https://ikiwiki.info/security/#cve-2016-9645 +CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes the a ...) + {DSA-3760-1 DLA-812-1} + - ikiwiki 3.20161219 + NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ + NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/7 + NOTE: When fixing this issue make sure to apply the complete correct fix to + NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645. +CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD v ...) + - xen 4.8.0-1 + [jessie] - xen (Vulnerable code introduced later) + [wheezy] - xen (Vulnerable code introduced later) + NOTE: https://xenbits.xen.org/xsa/advisory-203.html +CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators t ...) + {DSA-3847-1 DLA-783-1} + - xen 4.8.0-1 + NOTE: https://xenbits.xen.org/xsa/advisory-202.html +CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEM ...) + - qemu 1:2.10.0-1 (bug #849798; unimportant) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/1 + NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for + NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is + NOTE: still present. + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31 (v2.9.0-rc0) +CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...) + - qemu 1:2.7+dfsg-1 + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0) + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/2 +CVE-2017-3789 + REJECTED +CVE-2017-3788 + REJECTED +CVE-2017-3787 + REJECTED +CVE-2017-3786 + REJECTED +CVE-2017-3785 + REJECTED +CVE-2017-3784 + REJECTED +CVE-2017-3783 + REJECTED +CVE-2017-3782 + REJECTED +CVE-2017-3781 + REJECTED +CVE-2017-3780 + REJECTED +CVE-2017-3779 + REJECTED +CVE-2017-3778 + REJECTED +CVE-2017-3777 + REJECTED +CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowe ...) + NOT-FOR-US: Lenovo Help Android mobile app +CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode ...) + NOT-FOR-US: Lenovo +CVE-2017-3774 (A stack overflow vulnerability was discovered within the web administr ...) + NOT-FOR-US: IBM +CVE-2017-3773 + REJECTED +CVE-2017-3772 + RESERVED +CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and ThinkC ...) + NOT-FOR-US: Lenovo +CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...) + NOT-FOR-US: Lenovo LXCA +CVE-2017-3769 + RESERVED +CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could cause a d ...) + NOT-FOR-US: IBM System x / IMM2 +CVE-2017-3767 (A local privilege escalation vulnerability was identified in the Realt ...) + NOT-FOR-US: Lenovo +CVE-2017-3766 + RESERVED +CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and IBM Rac ...) + NOT-FOR-US: IBM RackSwitch and BladeCenter products +CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...) + NOT-FOR-US: Lenovo XClarity Administrator +CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file sys ...) + NOT-FOR-US: Lenovo LXCA +CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01. ...) + NOT-FOR-US: Lenovo Fingerprint Manager Pro +CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...) + NOT-FOR-US: Lenovo +CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of nonsecu ...) + NOT-FOR-US: Lenovo +CVE-2017-3759 (The Lenovo Service Framework Android application accepts some response ...) + NOT-FOR-US: Lenovo +CVE-2017-3758 (Improper access controls on several Android components in the Lenovo S ...) + NOT-FOR-US: Lenovo +CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver fo ...) + NOT-FOR-US: Lenovo +CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active P ...) + NOT-FOR-US: Lenovo +CVE-2017-3755 + RESERVED +CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections prope ...) + NOT-FOR-US: Lenovo +CVE-2017-3753 (A vulnerability has been identified in some Lenovo products that use U ...) + NOT-FOR-US: Lenovo +CVE-2017-3752 (An industry-wide vulnerability has been identified in the implementati ...) + NOT-FOR-US: Lenovo +CVE-2017-3751 (An unquoted service path vulnerability was identified in the driver fo ...) + NOT-FOR-US: driver for the ThinkPad Compact USB Keyboard with TrackPoint +CVE-2017-3750 (On Lenovo VIBE mobile phones, the Lenovo Security Android application ...) + NOT-FOR-US: Lenovo +CVE-2017-3749 (On Lenovo VIBE mobile phones, the Idea Friend Android application allo ...) + NOT-FOR-US: Lenovo +CVE-2017-3748 (On Lenovo VIBE mobile phones, improper access controls on the nac_serv ...) + NOT-FOR-US: Lenovo +CVE-2017-3747 (Privilege escalation vulnerability in Lenovo Nerve Center for Windows ...) + NOT-FOR-US: Lenovo +CVE-2017-3746 (ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, var ...) + NOT-FOR-US: Lenovo +CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data ...) + NOT-FOR-US: Lenovo +CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands issue ...) + NOT-FOR-US: Lenovo +CVE-2017-3743 (If multiple users are concurrently logged into a single system where o ...) + NOT-FOR-US: Lenovo +CVE-2017-3742 (In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4. ...) + NOT-FOR-US: Lenovo +CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user ...) + NOT-FOR-US: Lenovo +CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with ...) + NOT-FOR-US: Lenovo +CVE-2017-3739 + REJECTED +CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication procedu ...) + {DSA-4065-1} + - openssl 1.1.0h-1 (low) + [stretch] - openssl 1.1.0f-3+deb9u2 + [jessie] - openssl (Vulnerable code not present) + [wheezy] - openssl (Vulnerable code not present) + - openssl1.0 1.0.2n-1 (low) + NOTE: https://www.openssl.org/news/secadv/20171207.txt + NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76 +CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error stat ...) + {DSA-4065-1} + - openssl 1.1.0b-2 + [jessie] - openssl (Issue introduced in 1.0.2b) + [wheezy] - openssl (Issue introduced in 1.0.2b) + - openssl1.0 1.0.2n-1 + NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0 + NOTE: thus mark as fixed in the first 1.1.0 version which entered unstable. + NOTE: https://www.openssl.org/news/secadv/20171207.txt + NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc + NOTE: 1.0.2b introduced a hardening mechanism designed to protect against bugs + NOTE: in application code. This CVE applies to the hardening mechanism being + NOTE: incomplete. OpenSSL versions older than 1.0.2b don't have the hardening + NOTE: mechanism at all. + NOTE: Hardening mechanism introduced in: + NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 +CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...) + {DSA-4017-1} + - openssl 1.1.0g-1 + [stretch] - openssl 1.1.0f-3+deb9u1 + [jessie] - openssl (Vulnerable code not present) + [wheezy] - openssl (Vulnerable code not present) + - openssl1.0 1.0.2m-1 + NOTE: https://www.openssl.org/news/secadv/20171102.txt + NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b + NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871 +CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...) + {DSA-4018-1 DSA-4017-1 DLA-1157-1} + - openssl 1.1.0g-1 + - openssl1.0 1.0.2m-1 + NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db + NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822 +CVE-2017-3734 + REJECTED +CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...) + - openssl 1.1.0e-1 + [jessie] - openssl (Only affects 1.1) + [wheezy] - openssl (Only affects 1.1) + - openssl1.0 (Only affects 1.1) + NOTE: https://www.openssl.org/news/secadv/20170216.txt +CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring pro ...) + - openssl 1.1.0d-1 + [jessie] - openssl (Only affects 1.0.2 and 1.1.0) + [wheezy] - openssl (Only affects 1.0.2 and 1.1.0) + - openssl1.0 1.0.2k-1 + NOTE: https://www.openssl.org/news/secadv/20170126.txt +CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a spec ...) + {DSA-3773-1 DLA-814-1} + - openssl 1.1.0d-1 + - openssl1.0 1.0.2k-1 + NOTE: https://www.openssl.org/news/secadv/20170126.txt + NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9 + NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0 + NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21 +CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad par ...) + - openssl 1.1.0d-1 + [jessie] - openssl (Only affects OpenSSL 1.1) + [wheezy] - openssl (Only affects OpenSSL 1.1) + - openssl1.0 (Only affects OpenSSL 1.1) + NOTE: https://www.openssl.org/news/secadv/20170126.txt +CVE-2016-9999 + RESERVED +CVE-2016-9996 + REJECTED +CVE-2016-9995 + REJECTED +CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) + NOT-FOR-US: IBM +CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) + NOT-FOR-US: IBM +CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...) + NOT-FOR-US: IBM +CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-s ...) + NOT-FOR-US: IBM +CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...) + NOT-FOR-US: IBM +CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authentic ...) + NOT-FOR-US: IBM +CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) + NOT-FOR-US: IBM +CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) + NOT-FOR-US: IBM +CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerabili ...) + NOT-FOR-US: IBM +CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an a ...) + NOT-FOR-US: IBM +CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...) + NOT-FOR-US: IBM +CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote att ...) + NOT-FOR-US: IBM +CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to cro ...) + NOT-FOR-US: IBM +CVE-2016-9974 + RESERVED +CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...) + NOT-FOR-US: IBM +CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensiti ...) + NOT-FOR-US: IBM +CVE-2016-9971 + RESERVED +CVE-2016-9970 + RESERVED +CVE-2016-9969 (In libwebp 0.5.1, there is a double free bug in libwebpmux.) + - libwebp 0.5.2-1 + [jessie] - libwebp (Vulnerable code not present; introduced later) + NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=322 + NOTE: https://chromium.googlesource.com/webm/libwebp/+/5ab6d9de1fb690dc20a27e5120e4d976b96502aa +CVE-2016-9968 + RESERVED +CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Teleco ...) + NOT-FOR-US: Samsung +CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the Teleco ...) + NOT-FOR-US: Samsung +CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Teleco ...) + NOT-FOR-US: Samsung +CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ptra ...) + - docker.io 1.13.1~ds1-2 (bug #850952) + - runc 0.1.1+dfsg1-2 (bug #850951) + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568 + NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6 + NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5 +CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular E ...) + - chicken 4.12.0-0.2 (low; bug #851278) + [stretch] - chicken (Minor issue) + [jessie] - chicken (Minor issue) + [wheezy] - chicken (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/18 + NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1 + NOTE: For chicken vulnerable code in ./irregex-core.scm +CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...) + - curl (Windows CE specific issue) + NOTE: https://curl.haxx.se/docs/adv_20161221C.html +CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30 ...) + - curl (Windows CE specific issue) + NOTE: https://curl.haxx.se/docs/adv_20161221B.html +CVE-2016-10008 (SQL injection vulnerability in the "Content Types > Content Types" scr ...) + NOT-FOR-US: dotCMS +CVE-2016-10007 (SQL injection vulnerability in the "Marketing > Forms" screen in dotCM ...) + NOT-FOR-US: dotCMS +CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted inpu ...) + - libowasp-antisamy-java 1.7.4-1 (bug #1014981) + [bookworm] - libowasp-antisamy-java (Minor issue) + [bullseye] - libowasp-antisamy-java (Minor issue) + [buster] - libowasp-antisamy-java (Minor issue) + [stretch] - libowasp-antisamy-java (Minor issue) + NOTE: https://github.com/nahsra/antisamy/issues/2 +CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ob ...) + NOT-FOR-US: SAP +CVE-2016-10004 + RESERVED +CVE-2016-10001 + RESERVED +CVE-2016-10000 + RESERVED +CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain p ...) + {DSA-3847-1 DLA-783-1} + - xen 4.8.0-1 (bug #848713) + NOTE: https://xenbits.xen.org/xsa/advisory-204.html +CVE-2016-10012 (The shared memory manager (associated with pre-authentication compress ...) + {DLA-1500-1} + - openssh 1:7.4p1-1 (low; bug #848717) + [wheezy] - openssh (Minor issue) + NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 + NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166 + NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20 +CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider th ...) + {DLA-1500-1} + - openssh 1:7.4p1-1 (low; bug #848716) + [wheezy] - openssh (Minor issue) + NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 + NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122 +CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not used, cre ...) + - openssh 1:7.4p1-1 (unimportant; bug #848715) + NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 + NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189 + NOTE: Privilege separation is enabled in the Debian package +CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in Ope ...) + {DLA-1500-1} + - openssh 1:7.4p1-1 (low; bug #848714) + [wheezy] - openssh (Minor issue) + NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4 + NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215 +CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...) + {DLA-760-1} + - spip 3.1.4-2 (bug #848641) + [jessie] - spip 3.0.17-2+deb8u3 + NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 +CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...) + {DLA-760-1} + - spip 3.1.4-2 (bug #848641) + [jessie] - spip 3.0.17-2+deb8u3 + NOTE: https://core.spip.net/projects/spip/repository/revisions/23288 +CVE-2015-8980 (The plural form formula in ngettext family of calls in php-gettext bef ...) + - php-gettext 1.0.12-0.1 (bug #851770) + [jessie] - php-gettext (Minor issue) + [wheezy] - php-gettext (Minor issue) + - phpmyadmin 4:4.6.6-1 (unimportant) + NOTE: For phpmyadmin, unimportant, since embeds lib but does not use in exploitable way + NOTE: http://seclists.org/fulldisclosure/2016/Aug/76 + NOTE: Upstream patch: https://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/61 +CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext function i ...) + {DSA-3749-1 DLA-755-1} + - dcmtk 3.6.1~20160216-2 (bug #848830) + NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix + NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php + NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/2 +CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 t ...) + - squid3 3.5.23-1 (bug #848491) + [jessie] - squid3 (Does not affect Squid versions before 3.5.0.1) + [wheezy] - squid3 (Does not affect Squid versions before 3.5.0.1) + NOTE: Marked as not-affected, vulnerable vulnerability not present due to + NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt + NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22) + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only) + NOTE: Vulnerable Squid Versions: + NOTE: 3.5.0.1 up to and including 3.5.22 + NOTE: 4.0.1 up to and including 4.0.16 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1 +CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...) + {DSA-3745-1 DLA-763-1} + - squid3 3.5.23-1 (bug #848493) + NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt + NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169 + NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch + NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch + NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch + NOTE: Vulnerable squid versions: + NOTE: 3.1.10 up to and including 3.1.23 + NOTE: 3.2.0.3 up to and including 3.5.22 + NOTE: 4.0.1 up to and including 4.0.16 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/17/1 +CVE-2016-582384 + REJECTED +CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a "\r\n" sequ ...) + {DSA-3743-1 DLA-761-1} + - python-bottle 0.12.11-1 (bug #848392) + NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913 + NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54 +CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private ...) + {DSA-3747-1 DLA-762-1} + - exim4 4.88~RC6-2 + NOTE: https://bugs.exim.org/show_bug.cgi?id=1996 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/16/1 + NOTE: https://exim.org/static/doc/CVE-2016-9963.txt +CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values.) + {DSA-3735-1 DLA-750-1} + - game-music-emu 0.6.0-4 (bug #848071) + NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 +CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of se ...) + {DSA-3735-1 DLA-750-1} + - game-music-emu 0.6.0-4 (bug #848071) + NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 +CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...) + {DSA-3735-1 DLA-750-1} + - game-music-emu 0.6.0-4 (bug #848071) + NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 +CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to arbitr ...) + {DSA-3735-1 DLA-750-1} + - game-music-emu 0.6.0-4 (bug #848071) + NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 +CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1.) + {DSA-3735-1 DLA-750-1} + - game-music-emu 0.6.0-4 (bug #848071) + NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/1 +CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote attacker ...) + {DSA-3742-1} + - flightgear 1:2016.4.3+dfsg-1 (bug #848114) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/11 +CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport cr ...) + NOT-FOR-US: Apport +CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path trave ...) + NOT-FOR-US: Apport +CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, Appo ...) + NOT-FOR-US: Apport +CVE-2016-9948 + RESERVED +CVE-2016-9947 + RESERVED +CVE-2016-9946 + RESERVED +CVE-2016-9945 + RESERVED +CVE-2016-9944 + RESERVED +CVE-2016-9943 + RESERVED +CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...) + {DSA-3753-1 DLA-1979-1 DLA-777-1} + - libvncserver 0.9.11+dfsg-1 (bug #850008) + - italc 1:3.0.2+dfsg1-1 + - veyon 4.1.4+repack1-1 + NOTE: https://github.com/LibVNC/libvncserver/pull/137 + NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb +CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in LibVNCServ ...) + {DSA-3753-1 DLA-1979-1 DLA-777-1} + - libvncserver 0.9.11+dfsg-1 (bug #850007) + - italc 1:3.0.2+dfsg1-1 + - veyon 4.1.4+repack1-1 + NOTE: https://github.com/LibVNC/libvncserver/pull/137 + NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2 +CVE-2016-9940 + RESERVED +CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...) + {DLA-1298-1} + - simplesamlphp 1.14.11-1 (low) + [jessie] - simplesamlphp (Minor issue) + NOTE: https://simplesamlphp.org/security/201612-02 + NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/14/7 +CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its A ...) + {DSA-3748-1 DLA-766-1} + - libcrypto++ 5.6.4-5 (bug #848009) + NOTE: https://github.com/weidai11/cryptopp/issues/346 +CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows l ...) + {DSA-3847-1 DLA-964-1} + - xen 4.8.0~rc3-1 (bug #848081) + NOTE: https://xenbits.xen.org/xsa/advisory-200.html +CVE-2016-9931 + RESERVED +CVE-2016-9930 + RESERVED +CVE-2016-9929 + RESERVED +CVE-2016-9927 + RESERVED +CVE-2016-9926 + RESERVED +CVE-2016-9925 + RESERVED +CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers ...) + NOT-FOR-US: Zimbra +CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...) + - php7.0 7.0.14-1 + NOTE: Fixed in PHP 7.0.14 and 7.1.0 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978 + NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 +CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5. ...) + {DSA-3737-1 DLA-818-1} + - php7.0 7.0.14-1 + - php5 + NOTE: Fixed in PHP 5.6.29 and 7.0.14 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631 + NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 +CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remo ...) + {DSA-3732-1 DLA-818-1} + - php7.0 7.0.13-1 + - php5 + NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331 + NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d + NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 +CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...) + {DSA-3751-1 DSA-3732-1 DLA-758-1} + - libgd2 2.2.2-29-g3c2b605-1 (bug #849038) + NOTE: This problem could be seen as a programmer fault but the fix is easy and + NOTE: the effect is rather dramatic so it should be fixed anyway. + NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2) + NOTE: Scope of CVE is only the missing "color < 0" test in older versions. + NOTE: GD release info: https://libgd.github.io/release-2.2.2.html + - php7.0 7.0.13-1 (unimportant) + - php5 (unimportant) + NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696 + NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 + NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd + NOTE: https://www.openwall.com/lists/oss-security/2016/12/12/2 +CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x be ...) + - asterisk (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1) + NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable + NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending + NOTE: function. Thus Debian was never vulnerable. + NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html + NOTE: Cf. https://bugs.debian.org/847666 +CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 1 ...) + - asterisk 1:13.13.1~dfsg-1 (bug #847668) + [jessie] - asterisk 1:11.13.1~dfsg-2+deb8u2 + [wheezy] - asterisk (Minor issue) + NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html + NOTE: Only applicable if a proxy is in use. +CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is vuln ...) + - qemu 1:2.8+dfsg-1 (bug #847957) + [jessie] - qemu (Minor issue; too complex to backport) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480 (v2.8.0-rc0) +CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka Qu ...) + {DLA-1497-1 DLA-765-1 DLA-764-1} + - qemu 1:2.8+dfsg-1 (bug #847960) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) + NOTE: CVE for the "blit pitch values" issue. + NOTE: Should be fixed along with CVE-2014-8106 +CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator sup ...) + {DLA-1497-1 DLA-765-1 DLA-764-1} + - qemu 1:2.8+dfsg-1 (bug #847960) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3) + NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue. +CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html + NOTE: Crash in btmon CLI tool, no security impact +CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in "read_n" function in ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in hcidump CLI tool, no security impact +CVE-2016-9906 + REJECTED +CVE-2016-9905 (A potentially exploitable crash in "EnumerateSubDocuments" while addin ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox (Only affects Firefox 45 ESR series) + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905 +CVE-2016-9904 (An attacker could use a JavaScript Map/Set timing attack to determine ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904 +CVE-2016-9903 (Mozilla's add-ons SDK had a world-accessible resource with an HTML inj ...) + - firefox 50.1.0-1 + - firefox-esr (Only affects Firefox 50.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903 +CVE-2016-9902 (The Pocket toolbar button, once activated, listens for events fired fr ...) + {DSA-3734-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902 +CVE-2016-9901 (HTML tags received from the Pocket server will be processed without sa ...) + {DSA-3734-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901 +CVE-2016-9900 (External resources that should be blocked when loaded by SVG images ca ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900 +CVE-2016-9899 (Use-after-free while manipulating DOM events and removing audio elemen ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899 +CVE-2016-9898 (Use-after-free resulting in potentially exploitable crash when manipul ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898 +CVE-2016-9897 (Memory corruption resulting in a potentially exploitable crash during ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897 +CVE-2016-9896 (Use-after-free while manipulating the "navigator" object within WebVR. ...) + - firefox 50.1.0-1 + - firefox-esr (Only affects Firefox 50.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896 +CVE-2016-9895 (Event handlers on "marquee" elements were executed despite a strict Co ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895 +CVE-2016-9894 (A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated duri ...) + - firefox 50.1.0-1 + - firefox-esr (Only affects Firefox 50.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894 +CVE-2016-9893 (Memory safety bugs were reported in Thunderbird 45.5. Some of these bu ...) + {DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1} + - firefox 50.1.0-1 + - firefox-esr 45.6.0esr-1 + - icedove 1:45.6.0-2 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893 +CVE-2017-3729 + RESERVED +CVE-2017-3728 + RESERVED +CVE-2017-3727 + RESERVED +CVE-2017-3726 + RESERVED +CVE-2017-3725 + RESERVED +CVE-2017-3724 + RESERVED +CVE-2017-3723 + RESERVED +CVE-2017-3722 + RESERVED +CVE-2017-3721 + RESERVED +CVE-2017-3720 + RESERVED +CVE-2017-3719 + RESERVED +CVE-2017-3718 (Improper setting of device configuration in system firmware for Intel( ...) + NOT-FOR-US: Intel +CVE-2017-3717 + RESERVED +CVE-2017-3716 + RESERVED +CVE-2017-3715 + RESERVED +CVE-2017-3714 + RESERVED +CVE-2017-3713 + RESERVED +CVE-2017-3712 + RESERVED +CVE-2017-3711 + RESERVED +CVE-2017-3710 + RESERVED +CVE-2017-3709 + RESERVED +CVE-2017-3708 + RESERVED +CVE-2017-3707 + RESERVED +CVE-2017-3706 + RESERVED +CVE-2017-3705 + RESERVED +CVE-2017-3704 + RESERVED +CVE-2017-3703 + RESERVED +CVE-2017-3702 + RESERVED +CVE-2017-3701 + RESERVED +CVE-2017-3700 + RESERVED +CVE-2017-3699 + RESERVED +CVE-2017-3698 + RESERVED +CVE-2017-3697 + RESERVED +CVE-2017-3696 + RESERVED +CVE-2017-3695 + RESERVED +CVE-2017-3694 + RESERVED +CVE-2017-3693 + RESERVED +CVE-2017-3692 + RESERVED +CVE-2017-3691 + RESERVED +CVE-2017-3690 + RESERVED +CVE-2017-3689 + RESERVED +CVE-2017-3688 + RESERVED +CVE-2017-3687 + RESERVED +CVE-2017-3686 + RESERVED +CVE-2017-3685 + RESERVED +CVE-2017-3684 + RESERVED +CVE-2017-3683 + RESERVED +CVE-2017-3682 + RESERVED +CVE-2017-3681 + RESERVED +CVE-2017-3680 + RESERVED +CVE-2017-3679 + RESERVED +CVE-2017-3678 + RESERVED +CVE-2017-3677 + RESERVED +CVE-2017-3676 + RESERVED +CVE-2017-3675 + RESERVED +CVE-2017-3674 + RESERVED +CVE-2017-3673 + RESERVED +CVE-2017-3672 + RESERVED +CVE-2017-3671 + RESERVED +CVE-2017-3670 + RESERVED +CVE-2017-3669 + RESERVED +CVE-2017-3668 + RESERVED +CVE-2017-3667 + RESERVED +CVE-2017-3666 + RESERVED +CVE-2017-3665 + RESERVED +CVE-2017-3664 + RESERVED +CVE-2017-3663 + RESERVED +CVE-2017-3662 + RESERVED +CVE-2017-3661 + RESERVED +CVE-2017-3660 + RESERVED +CVE-2017-3659 + RESERVED +CVE-2017-3658 + RESERVED +CVE-2017-3657 + RESERVED +CVE-2017-3656 + RESERVED +CVE-2017-3655 + RESERVED +CVE-2017-3654 + RESERVED +CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.26-1 + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3652 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3922-1 DLA-1043-1} + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3651 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3922-1 DLA-1043-1} + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3650 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3649 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3648 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3922-1 DLA-1043-1} + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3647 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3646 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3645 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3644 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3643 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3642 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.26-1 + - mariadb-10.0 + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3640 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3639 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3638 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3637 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.26-1 + - mariadb-10.0 + - mysql-5.7 (Only affects MySQL 5.5 and 5.6) + - mysql-5.5 (bug #868788) +CVE-2017-3635 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + {DSA-3922-1 DLA-1043-1} + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (bug #868788) +CVE-2017-3634 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3633 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3632 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Oracle Solaris +CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3628 + RESERVED +CVE-2017-3627 + RESERVED +CVE-2017-3626 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Only affects 3.x) +CVE-2017-3625 (Vulnerability in the Oracle WebCenter Content component of Oracle Fusi ...) + NOT-FOR-US: Oracle +CVE-2017-3624 + RESERVED +CVE-2017-3623 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3622 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3621 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Solaris +CVE-2017-3620 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3619 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3618 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3617 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3616 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3615 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3614 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3613 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3612 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3611 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3610 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3609 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3608 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3607 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3606 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3605 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3604 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + NOT-FOR-US: Oracle +CVE-2017-3603 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3602 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion Mid ...) + NOT-FOR-US: Oracle +CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mariadb-10.1 (Fixed before initial upload to Debian) + - mariadb-10.0 10.0.28-1 + [jessie] - mariadb-10.0 10.0.28-0+deb8u1 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) + NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/ + NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1 + NOTE: Per MariaDB Security fixed with the following three commits: + NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d + NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e + NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e +CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (ONly affects MySQL 5.6 and 5.7) +CVE-2017-3598 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3597 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3596 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3595 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3594 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3593 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3592 (Vulnerability in the Oracle Payables component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-3591 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + - mysql-connector-python 2.1.6-1 (bug #861511) + [jessie] - mysql-connector-python (Minor issue) + [wheezy] - mysql-connector-python (Minor issue, can be fixed along in a future update) +CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + {DSA-3857-1 DLA-945-1} + - mysql-connector-java 5.1.42-1 +CVE-2017-3588 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems P ...) + NOT-FOR-US: Oracle +CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + {DSA-3857-1 DLA-945-1} + - mysql-connector-java 5.1.42-1 +CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Solaris +CVE-2017-3584 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Solaris +CVE-2017-3583 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-3582 (Vulnerability in the Oracle SuperCluster Specific Software component o ...) + NOT-FOR-US: Solaris +CVE-2017-3581 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3580 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Solaris +CVE-2017-3579 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-3578 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of O ...) + NOT-FOR-US: Solaris +CVE-2017-3577 (Vulnerability in the PeopleSoft Enterprise CS Campus Community compone ...) + NOT-FOR-US: Oracle +CVE-2017-3576 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3575 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3574 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3573 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3572 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + NOT-FOR-US: Oracle +CVE-2017-3571 (Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component ...) + NOT-FOR-US: Oracle +CVE-2017-3570 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle Pe ...) + NOT-FOR-US: Oracle +CVE-2017-3569 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3568 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3567 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) + NOT-FOR-US: Oracle +CVE-2017-3566 + RESERVED +CVE-2017-3565 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3564 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3563 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3562 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3560 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3559 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3558 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3557 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3556 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3555 (Vulnerability in the Oracle iReceivables component of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2017-3554 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3553 (Vulnerability in the Oracle Identity Manager component of Oracle Fusio ...) + NOT-FOR-US: Oracle +CVE-2017-3552 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services comp ...) + NOT-FOR-US: Oracle +CVE-2017-3551 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3550 (Vulnerability in the Oracle Customer Interaction History component of ...) + NOT-FOR-US: Oracle +CVE-2017-3549 (Vulnerability in the Oracle Scripting component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3548 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3547 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3546 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3543 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3542 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3541 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3538 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.16-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3537 (Vulnerability in the Oracle Real-Time Scheduler component of Oracle Ut ...) + NOT-FOR-US: Oracle +CVE-2017-3536 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3535 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3532 (Vulnerability in the Oracle Retail Warehouse Management System compone ...) + NOT-FOR-US: Oracle +CVE-2017-3531 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3530 (Vulnerability in the Oracle Transportation Manager component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3529 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.20-1 (bug #868798) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3528 (Vulnerability in the Oracle Applications Framework component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3525 (Vulnerability in the PeopleSoft Enterprise SCM Service Procurement com ...) + NOT-FOR-US: Oracle +CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing comp ...) + NOT-FOR-US: Oracle +CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL (subco ...) + {DSA-3840-1 DLA-945-1} + - mysql-connector-java 5.1.41-1 + NOTE: https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt +CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection co ...) + NOT-FOR-US: Oracle +CVE-2017-3521 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...) + NOT-FOR-US: Oracle +CVE-2017-3520 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3519 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3518 (Vulnerability in the Enterprise Manager Base Platform component of Ora ...) + NOT-FOR-US: Oracle +CVE-2017-3517 (Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-3516 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3515 (Vulnerability in the Oracle User Management component of Oracle E-Busi ...) + NOT-FOR-US: Oracle +CVE-2017-3514 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (Windows builds only) + - openjdk-7 (Windows builds only) + NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/95fd1952637b +CVE-2017-3513 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.20-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3512 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (MacOSX builds only) + - openjdk-7 (MacOSX builds only) + NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a +CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3858-1 DLA-954-1} + - openjdk-8 8u131-b11-1 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3508 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...) + NOT-FOR-US: Oracle +CVE-2017-3507 (Vulnerability in the Oracle Service Bus component of Oracle Fusion Mid ...) + NOT-FOR-US: Oracle +CVE-2017-3506 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3505 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3504 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3503 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle +CVE-2017-3502 (Vulnerability in the PeopleSoft Enterprise FIN Receivables component o ...) + NOT-FOR-US: Oracle +CVE-2017-3501 (Vulnerability in the Primavera Unifier component of Oracle Primavera P ...) + NOT-FOR-US: Oracle +CVE-2017-3500 (Vulnerability in the Primavera Gateway component of Oracle Primavera P ...) + NOT-FOR-US: Oracle +CVE-2017-3499 (Vulnerability in the Oracle Social Network component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3498 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3497 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3496 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3495 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-3494 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3493 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3492 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3491 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3490 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3489 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3488 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3487 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3486 (Vulnerability in the SQL*Plus component of Oracle Database Server. Sup ...) + NOT-FOR-US: Oracle +CVE-2017-3485 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3484 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3483 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...) + NOT-FOR-US: Oracle +CVE-2017-3482 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3481 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3480 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3479 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3478 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3477 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3476 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3475 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3474 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3473 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3472 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3471 (Vulnerability in the Oracle FLEXCUBE Private Banking component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component ...) + NOT-FOR-US: Oracle +CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL (subcom ...) + - mysql-workbench 6.3.10+dfsg-1 (low; bug #861487) + [stretch] - mysql-workbench (Minor issue) + [jessie] - mysql-workbench (Minor issue) + [wheezy] - mysql-workbench (Minor issue) +CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3467 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3466 + RESERVED +CVE-2017-3465 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1 DSA-3834-1 DLA-916-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3459 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3458 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3457 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1 DSA-3834-1 DLA-916-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3454 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1 DSA-3834-1 DLA-916-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 (Only affects MySQL 5.6) + - mysql-5.5 (Only affects MySQL 5.6) +CVE-2017-3451 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...) + NOT-FOR-US: Oracle +CVE-2017-3450 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3449 + RESERVED +CVE-2017-3448 + RESERVED +CVE-2017-3447 + REJECTED +CVE-2017-3446 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3445 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3444 (Vulnerability in the Oracle Trade Management component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of ...) + NOT-FOR-US: Oracle +CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History component of ...) + NOT-FOR-US: Oracle +CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History component of ...) + NOT-FOR-US: Oracle +CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3393 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business Su ...) + NOT-FOR-US: Oracle +CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle E-Busin ...) + NOT-FOR-US: Oracle +CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3337 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business S ...) + NOT-FOR-US: Oracle +CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.14-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3331 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle Siebel +CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of Oracle E- ...) + NOT-FOR-US: Oracle +CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle Siebel +CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle Primavera +CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) + NOT-FOR-US: MySQL Cluster +CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) + NOT-FOR-US: MySQL Cluster +CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) + NOT-FOR-US: MySQL Cluster +CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.14-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3315 (Vulnerability in the PeopleSoft Enterprise HCM ePerformance component ...) + NOT-FOR-US: Oracle PeopleSoft +CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle FLEXCUBE +CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3809-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3311 (Vulnerability in the Application Testing Suite component of Oracle Ent ...) + NOT-FOR-US: Oracle +CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. Support ...) + NOT-FOR-US: Oracle +CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1 DSA-3834-1 DLA-916-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3944-1 DSA-3834-1 DLA-916-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 5.7.18-1 (bug #860547) + - mysql-5.5 (bug #860544) +CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) + NOT-FOR-US: MySQL Enterprise Monitor +CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQ ...) + NOT-FOR-US: MySQL Enterprise Monitor +CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3834-1 DLA-916-1} + - mysql-5.7 (Fixed before the initial release to Debian) + - mysql-5.5 (bug #860544) + NOTE: The issue arises because of an improper fix for the issue known under + NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only + NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not + NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding + NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in + NOTE: opening CVE-2017-3305. + NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22 + NOTE: https://www.openwall.com/lists/oss-security/2017/03/17/4 +CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL (subcompo ...) + - mysql-cluster (bug #833356) +CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...) + NOT-FOR-US: Oracle +CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x bef ...) + {DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1} + - mariadb-10.1 10.1.23-1 + - mariadb-10.0 + - mysql-5.7 (Fixed before initial release in Debian) + - mysql-5.6 (Fixed before initial release in Debian) + - mysql-5.5 (bug #854713; bug #860544) + NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93 + NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5 + NOTE: https://bugs.mysql.com/bug.php?id=70429 + NOTE: https://bugs.mysql.com/bug.php?id=63363 + NOTE: https://www.openwall.com/lists/oss-security/2017/01/28/1 +CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle PeopleSoft +CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle PeopleSoft +CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle PeopleSoft +CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) + NOT-FOR-US: Oracle FLEXCUBE +CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of Oracle Comm ...) + NOT-FOR-US: Oracle Commerce +CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of Or ...) + NOT-FOR-US: Oracle PeopleSoft +CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle Virtuali ...) + - virtualbox 5.1.14-dfsg-1 + [jessie] - virtualbox (DSA-3699-1) + [wheezy] - virtualbox (DSA 3454) +CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 +CVE-2017-3288 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business Suit ...) + NOT-FOR-US: Oracle +CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager component of O ...) + NOT-FOR-US: Oracle +CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of Oracle E-B ...) + NOT-FOR-US: Oracle +CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of Oracle E-Bus ...) + NOT-FOR-US: Oracle +CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of Oracle E ...) + NOT-FOR-US: Oracle +CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...) + NOT-FOR-US: Solaris +CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle E-Busines ...) + NOT-FOR-US: Oracle +CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of Oracle ...) + NOT-FOR-US: Oracle +CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel CR ...) + NOT-FOR-US: Oracle Siebel +CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + NOT-FOR-US: Oracle Primavera +CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (specific to Oracle Java) +CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 +CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE (subcomponent ...) + - openjdk-8 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-7 (Deployment components not part of OpenJDK, only present in Oracle Java) + - openjdk-6 (Deployment components not part of OpenJDK, only present in Oracle Java) +CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1} + - mariadb-10.2 (bug #884065) + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (Only affects MySQL 5.6 and 5.7) +CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion Midd ...) + NOT-FOR-US: Oracle +CVE-2017-3254 (Vulnerability in the Oracle Retail Invoice Matching component of Oracl ...) + NOT-FOR-US: Oracle +CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 (Only affects MySQL 5.7) + - mysql-5.5 (Only affects MySQL 5.7) +CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...) + NOT-FOR-US: Oracle +CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Vulnerable code not included, see bug #853998) +CVE-2017-3246 (Vulnerability in the Oracle Application Object Library component of Or ...) + NOT-FOR-US: Oracle +CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracl ...) + NOT-FOR-US: Oracle FLEXCUBE +CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 (Only affects MySQL 5.5) + - mysql-5.6 (Only affects MySQL 5.5) + - mysql-5.5 (bug #851233) +CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of Oracle Su ...) + NOT-FOR-US: Solaris +CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of O ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) + NOT-FOR-US: Oracle +CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of Oracle Fusio ...) + - glassfish (Only affects 3.x) +CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL (subcompon ...) + {DSA-3770-1 DSA-3767-1 DLA-797-1} + - mariadb-10.1 10.1.21-1 (bug #851759) + - mariadb-10.0 (bug #851755) + - mysql-5.7 5.7.17-1 (bug #851235) + - mysql-5.6 5.6.35-1 (bug #851234) + - mysql-5.5 (bug #851233) +CVE-2017-3237 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle FLEXCUBE +CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of Or ...) + NOT-FOR-US: Oracle FLEXCUBE +CVE-2017-3234 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3233 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3232 (Vulnerability in the Automatic Service Request (ASR) component of Orac ...) + NOT-FOR-US: Oracle +CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle Jav ...) + {DSA-3782-1 DLA-821-1} + - openjdk-8 8u121-b13-1 + [experimental] - openjdk-7 7u121-2.6.8-2 + - openjdk-7 + - openjdk-6 + [wheezy] - openjdk-6 +CVE-2017-3230 (Vulnerability in the Oracle Fusion Middleware MapViewer component of O ...) + NOT-FOR-US: Oracle +CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before 6 ...) + NOT-FOR-US: ESET +CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and admin/ ...) + - dotclear +CVE-2016-9890 + RESERVED +CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...) + - tikiwiki +CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...) + {DLA-2183-1 DLA-740-1} + - libgsf 1.14.41-1 + NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5 +CVE-2016-9887 + RESERVED +CVE-2016-9886 + REJECTED +CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prio ...) + NOT-FOR-US: Pivotal GemFire for PCF +CVE-2016-9884 + REJECTED +CVE-2016-9883 + REJECTED +CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release version ...) + NOT-FOR-US: Cloud Foundry Foundation cf-release +CVE-2016-9881 + REJECTED +CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x befo ...) + NOT-FOR-US: Cloud Foundry +CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1. ...) + - libspring-security-java (bug #582181) + NOTE: https://pivotal.io/security/cve-2016-9879 +CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2 ...) + {DLA-1853-1} + - libspring-java 4.3.5-1 (bug #849167) + [wheezy] - libspring-java (Minor issue) + NOTE: https://pivotal.io/security/cve-2016-9878 + NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch) + NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch) + NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch) + NOTE: https://jira.spring.io/browse/SPR-14946 +CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...) + {DSA-3761-1} + - rabbitmq-server 3.6.6-1 (bug #849849) + [wheezy] - rabbitmq-server (Vulnerable code introduced later) + NOTE: https://pivotal.io/security/cve-2016-9877 + NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96 + NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98 +CVE-2016-9876 + REJECTED +CVE-2016-9875 + REJECTED +CVE-2016-9874 + REJECTED +CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a ...) + NOT-FOR-US: EMC Documentum +CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Re ...) + NOT-FOR-US: EMC Documentum +CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isil ...) + NOT-FOR-US: EMC Isilon +CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isil ...) + NOT-FOR-US: EMC +CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. Incorr ...) + NOT-FOR-US: EMC ScaleIO +CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...) + NOT-FOR-US: EMC ScaleIO +CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low- ...) + NOT-FOR-US: EMC ScaleIO +CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through ...) + - linux 4.8.15-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851 + NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8) +CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...) + - qemu 1:2.8+dfsg-1 (bug #847391) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/12 +CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-1 (bug #847496) + [wheezy] - qemu (Minor issue, virtfs-proxy-helper not present) + - qemu-kvm + [wheezy] - qemu-kvm (Minor issue, virtfs-proxy-helper not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2) + NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 +CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-1 (bug #847496) + [wheezy] - qemu (handle driver not included during compilation) + - qemu-kvm + [wheezy] - qemu-kvm (handle driver not included during compilation) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2) + NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 + NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html +CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-1 (bug #847496) + [wheezy] - qemu (proxy and handle drivers not included during compilation) + - qemu-kvm + [wheezy] - qemu-kvm (proxy and handle drivers not included during compilation) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 + NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented: + NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html +CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in hw/9pfs/9p ...) + - qemu 1:2.8+dfsg-1 (bug #847496) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/11 +CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is vul ...) + {DLA-1497-1 DLA-765-1 DLA-764-1} + - qemu 1:2.8+dfsg-1 (bug #847951) + - qemu-kvm + NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/10 +CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-1 (bug #847953) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm + [wheezy] - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/3 + NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776 +CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator suppor ...) + - qemu 1:2.8+dfsg-1 (bug #847400) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/2 +CVE-2017-3229 + REJECTED +CVE-2017-3228 + REJECTED +CVE-2017-3227 + RESERVED +CVE-2017-3226 (Das U-Boot is a device bootloader that can read its configuration from ...) + - u-boot (unimportant) + [wheezy] - u-boot (Vulnerable code do not exist) + NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv + NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove + NOTE: it in future versions. + NOTE: https://www.kb.cert.org/vuls/id/166743 + NOTE: Negligible security impact +CVE-2017-3225 (Das U-Boot is a device bootloader that can read its configuration from ...) + - u-boot (unimportant) + [wheezy] - u-boot (Vulnerable code do not exist) + NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv + NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove + NOTE: it in future versions. + NOTE: https://www.kb.cert.org/vuls/id/166743 + NOTE: Negligible security impact +CVE-2017-3224 (Open Shortest Path First (OSPF) protocol implementations may improperl ...) + - quagga (low; bug #871617) + [buster] - quagga (Minor issue) + [stretch] - quagga (Minor issue) + [jessie] - quagga (Minor issue) + [wheezy] - quagga (Minor issue) + - frr (Fixed before initial upload to Debian) + NOTE: http://www.kb.cert.org/vuls/id/793496 + NOTE: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681 +CVE-2017-3223 (Dahua IP camera products using firmware versions prior to V2.400.0000. ...) + NOT-FOR-US: Dahua IP camera products +CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...) + NOT-FOR-US: AmosConnect +CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...) + NOT-FOR-US: AmosConnect +CVE-2017-3220 + RESERVED +CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 perform ...) + NOT-FOR-US: Acronis True Image +CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS soft ...) + NOT-FOR-US: Samsung +CVE-2017-3217 (CalAmp LMU 3030 series OBD-II CDMA and GSM devices has an SMS (text me ...) + NOT-FOR-US: CalAmp LMU 3030 series OBD-II CDMA and GSM devices +CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom htt ...) + NOT-FOR-US: WiMAX routers +CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens wi ...) + NOT-FOR-US: Milwaukee ONE-KEY Android mobile application +CVE-2017-3214 (The Milwaukee ONE-KEY Android mobile application stores the master tok ...) + NOT-FOR-US: Milwaukee ONE-KEY Android mobile application +CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...) + NOT-FOR-US: Think Mutual Bank Mobile Banking app +CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...) + NOT-FOR-US: Space Coast Credit Union Mobile app +CVE-2017-3211 (Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks ...) + NOT-FOR-US: Yopify (e-commerce notification plugin) +CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 t ...) + NOT-FOR-US: Portrait Display SDK +CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its o ...) + NOT-FOR-US: DBPOWER U818A WIFI quadcopter drone +CVE-2017-3208 (The Java implementation of AMF3 deserializers used by WebORB for Java ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3207 (The Java implementations of AMF3 deserializers in WebORB for Java by M ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3206 (The Java implementation of AMF3 deserializers used by Flamingo amf-ser ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3205 + RESERVED +CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host keys ...) + - golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (bug #859655) + [jessie] - golang-go.crypto (In jessie no rdeps using SSH, that version doesn't even support host key validation) + NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991 + NOTE: https://github.com/golang/go/issues/19767 +CVE-2017-3203 (The Java implementations of AMF3 deserializers in Pivotal/Spring Sprin ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3202 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3201 (The Java implementation of AMF3 deserializers used in Flamingo amf-ser ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3200 (The Java implementation of AMF3 deserializers used in GraniteDS, versi ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3199 (The Java implementation of GraniteDS, version 3.1.1.GA, AMF3 deseriali ...) + NOT-FOR-US: AMF3 deserialisers +CVE-2017-3198 (GIGABYTE BRIX UEFI firmware does not cryptographically validate images ...) + NOT-FOR-US: GIGABYTE +CVE-2017-3197 (GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB- ...) + NOT-FOR-US: GIGABYTE +CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, allowin ...) + NOT-FOR-US: PCAUSA Rawether +CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or ...) + NOT-FOR-US: Commvault Edge Communication Service +CVE-2017-3194 (Pandora iOS app prior to version 8.3.2 fails to properly validate SSL ...) + NOT-FOR-US: Pandora iOS app +CVE-2017-3193 (Multiple D-Link devices including the DIR-850L firmware versions 1.14B ...) + NOT-FOR-US: D-Link +CVE-2017-3192 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...) + NOT-FOR-US: D-Link +CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...) + NOT-FOR-US: D-Link +CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for i ...) + NOT-FOR-US: Flash Seats Mobile App +CVE-2017-3189 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...) + NOT-FOR-US: dotCMS +CVE-2017-3188 (The dotCMS administration panel, versions 3.7.1 and earlier, "Push Pub ...) + NOT-FOR-US: dotCMS +CVE-2017-3187 (The dotCMS administration panel, versions 3.7.1 and earlier, are vulne ...) + NOT-FOR-US: dotCMS +CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware versio ...) + NOT-FOR-US: ACTi cameras +CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware versio ...) + NOT-FOR-US: ACTi cameras +CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware versio ...) + NOT-FOR-US: ACTi cameras +CVE-2017-3183 (Sage XRT Treasury, version 3, fails to properly restrict database acce ...) + NOT-FOR-US: Sage XRT Treasury +CVE-2017-3182 (On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail t ...) + NOT-FOR-US: ThreatMetrix SDK +CVE-2017-3181 (Multiple TIBCO Products are prone to multiple unspecified SQL-injectio ...) + NOT-FOR-US: TIBCO +CVE-2017-3180 (Multiple TIBCO Products are prone to multiple unspecified cross-site s ...) + NOT-FOR-US: TIBCO +CVE-2017-3179 + REJECTED +CVE-2017-3178 + REJECTED +CVE-2017-3177 + REJECTED +CVE-2017-3176 + REJECTED +CVE-2017-3175 + REJECTED +CVE-2017-3174 + REJECTED +CVE-2017-3173 + REJECTED +CVE-2017-3172 + REJECTED +CVE-2017-3171 + REJECTED +CVE-2017-3170 + REJECTED +CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl m ...) + {DSA-3896-1 DLA-1009-1} + - apache2 2.4.25-4 +CVE-2017-3168 + REJECTED +CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of th ...) + {DSA-3896-1 DLA-1009-1} + - apache2 2.4.25-4 +CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-al ...) + - hadoop (bug #793644) +CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cro ...) + NOT-FOR-US: Apache Brooklyn +CVE-2017-3164 (Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (in ...) + - lucene-solr (unimportant; bug #922242) + NOTE: https://issues.apache.org/jira/browse/SOLR-12770 +CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull i ...) + {DSA-4124-1 DLA-1046-1} + - lucene-solr 3.6.2+dfsg-11 (bug #867712) + NOTE: https://issues.apache.org/jira/browse/SOLR-10031 + NOTE: https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db +CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the HDF ...) + - hadoop (bug #793644) +CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross ...) + - hadoop (bug #793644) +CVE-2017-3160 (After the Android platform is added to Cordova the first time, or afte ...) + NOT-FOR-US: Apache Cordova +CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...) + NOT-FOR-US: Apache Camel +CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 th ...) + - guacamole-client (bug #891798) + [stretch] - guacamole-client (Minor issue) + [jessie] - guacamole-client (Minor issue) + - guacamole + [wheezy] - guacamole (Version not vulnerable) +CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...) + {DSA-3792-1 DLA-910-1} + - libreoffice 1:5.2.3-1 + NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/ +CVE-2017-3156 (The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3. ...) + NOT-FOR-US: Apache CXF +CVE-2017-3155 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) + NOT-FOR-US: Apache Atlas +CVE-2017-3154 (Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0- ...) + NOT-FOR-US: Apache Atlas +CVE-2017-3153 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) + NOT-FOR-US: Apache Atlas +CVE-2017-3152 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) + NOT-FOR-US: Apache Atlas +CVE-2017-3151 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...) + NOT-FOR-US: Apache Atlas +CVE-2017-3150 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookie ...) + NOT-FOR-US: Apache Atlas +CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2 ...) + {DLA-737-1} + - roundcube 1.2.3+dfsg.1-1 (bug #847287) + NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ + NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1 + NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f +CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote attack ...) + - html5lib 0.999999999-1 + [jessie] - html5lib (Minor issue) + [wheezy] - html5lib (Minor issue) + NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 + NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5 +CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote attack ...) + - html5lib 0.999999999-1 + [jessie] - html5lib (Minor issue) + [wheezy] - html5lib (Minor issue) + NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7 + NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/06/5 +CVE-2017-3149 + REJECTED +CVE-2017-3148 + REJECTED +CVE-2017-3147 + REJECTED +CVE-2017-3146 + REJECTED +CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream recursio ...) + {DSA-4089-1 DLA-1255-1} + - bind9 1:9.11.2.P1-1 + NOTE: https://kb.isc.org/article/AA-01542 + NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d + NOTE: Fixed by (9.10.6-P1): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=55baf7d7e25c0e6444cb7e415f14d9e0819b5508 +CVE-2017-3144 (A vulnerability stemming from failure to properly clean up closed OMAP ...) + {DSA-4133-1} + - isc-dhcp 4.3.5-3.1 (bug #887413) + [wheezy] - isc-dhcp (Minor issue) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918 + NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767 + NOTE: https://gitlab.isc.org/isc-projects/dhcp/-/commit/1a6b62fe17a42b00fa234d06b6dfde3d03451894 + NOTE: Fixes for 4.3.6p1: https://gitlab.isc.org/isc-projects/dhcp/-/commit/99a25aedea02d9c259cb8fabf4be700fb32571a3 +CVE-2017-3143 (An attacker who is able to send and receive messages to an authoritati ...) + {DSA-3904-1 DLA-1025-1} + - bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564) + NOTE: https://kb.isc.org/article/AA-01503 + NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 +CVE-2017-3142 (An attacker who is able to send and receive messages to an authoritati ...) + {DSA-3904-1 DLA-1025-1} + - bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564) + NOTE: https://kb.isc.org/article/AA-01504 + NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669 +CVE-2017-3141 (The BIND installer on Windows uses an unquoted service path which can ...) + - bind9 (Affects only Windows systems) + NOTE: https://kb.isc.org/article/AA-01496 +CVE-2017-3140 (If named is configured to use Response Policy Zones (RPZ) an error pro ...) + - bind9 (Upstream change #4377 not backported/included) + NOTE: https://kb.isc.org/article/AA-01495 + NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7 + NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7 + NOTE: CVE-2017-3140 is introduced by the upstream change #4377 + NOTE: https://www.openwall.com/lists/oss-security/2017/06/14/4 +CVE-2017-3139 (A denial of service flaw was found in the way BIND handled DNSSEC vali ...) + - bind9 (RHEL6 specific) +CVE-2017-3138 (named contains a feature which allows operators to issue commands to a ...) + {DSA-3854-1 DLA-957-1} + - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226) + NOTE: https://kb.isc.org/article/AA-01471 + NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610 + NOTE: In practice for any Debian version applying this commit is merely + NOTE: hardening, since the feature to allow only a subset of "read only" + NOTE: commands was added only in 9.11.0 and before existing commands permitted + NOTE: over the control channel were already be given to cause the server to stop. + NOTE: The CVE-2017-3138 is barely an issue in practice anyway. +CVE-2017-3137 (Mistaken assumptions about the ordering of records in the answer secti ...) + {DSA-3854-1 DLA-957-1} + - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225) + NOTE: https://kb.isc.org/article/AA-01466 + NOTE: Additional information for backporting patch: https://www.openwall.com/lists/oss-security/2017/04/17/5 + NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988 + NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation) + NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix) +CVE-2017-3136 (A query with a specific set of characteristics could cause a server us ...) + {DSA-3854-1 DLA-957-1} + - bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224) + NOTE: https://kb.isc.org/article/AA-01465 + NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a +CVE-2017-3135 (Under some conditions when using both DNS64 and RPZ to rewrite query r ...) + {DSA-3795-1 DLA-843-1} + - bind9 1:9.10.3.dfsg.P4-12 (bug #855520) + NOTE: https://kb.isc.org/article/AA-01453 + NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434 +CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD versi ...) + NOT-FOR-US: Fortinet FortiWLC-SD +CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4. ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, 5.4 ...) + NOT-FOR-US: Fortinet +CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions 5.7 ...) + NOT-FOR-US: Fortinet FortiWeb +CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...) + NOT-FOR-US: Fortinet FortiOS +CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 throu ...) + NOT-FOR-US: Fortinet +CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...) + NOT-FOR-US: Fortinet FortiAnalyzer +CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...) + NOT-FOR-US: FortiMail +CVE-2017-3124 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3123 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3122 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3121 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3120 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3119 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3118 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3117 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3116 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3115 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3114 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) + NOT-FOR-US: Adobe +CVE-2017-3113 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3112 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier v ...) + NOT-FOR-US: Adobe +CVE-2017-3111 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) + NOT-FOR-US: Adobe +CVE-2017-3110 (Adobe Experience Manager 6.1 and earlier has a sensitive data exposure ...) + NOT-FOR-US: Adobe +CVE-2017-3109 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0 ...) + NOT-FOR-US: Adobe +CVE-2017-3108 (Adobe Experience Manager 6.2 and earlier has a malicious file executio ...) + NOT-FOR-US: Adobe +CVE-2017-3107 (Adobe Experience Manager 6.3 and earlier has a misconfiguration vulner ...) + NOT-FOR-US: Adobe +CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects versio ...) + NOT-FOR-US: Adobe +CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This af ...) + NOT-FOR-US: Adobe +CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site scri ...) + NOT-FOR-US: Adobe Connect +CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site s ...) + NOT-FOR-US: Adobe Connect +CVE-2017-3101 (Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerabi ...) + NOT-FOR-US: Adobe Connect +CVE-2017-3100 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3099 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3098 (Adobe Captivate versions 9 and earlier have a remote code execution vu ...) + NOT-FOR-US: Adobe +CVE-2017-3097 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) + NOT-FOR-US: Adobe +CVE-2017-3096 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3095 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3094 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3093 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3092 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) + NOT-FOR-US: Adobe +CVE-2017-3091 (Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier ha ...) + NOT-FOR-US: Adobe +CVE-2017-3090 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...) + NOT-FOR-US: Adobe +CVE-2017-3089 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3088 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-3087 (Adobe Captivate versions 9 and earlier have an information disclosure ...) + NOT-FOR-US: Adobe +CVE-2017-3086 (Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable me ...) + NOT-FOR-US: Adobe +CVE-2017-3085 (Adobe Flash Player versions 26.0.0.137 and earlier have a security byp ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3084 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3083 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3082 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3081 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3080 (Adobe Flash Player versions 26.0.0.131 and earlier have a security byp ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3079 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3078 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3077 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3076 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3075 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an informat ...) + NOT-FOR-US: Adobe +CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...) + NOT-FOR-US: Adobe +CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3063 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3062 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3061 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3060 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3059 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3058 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3057 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3056 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3055 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3054 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3053 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3052 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3051 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3050 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3049 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3048 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3047 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3046 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3045 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3044 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3043 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3042 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3041 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3040 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3039 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3038 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3037 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3036 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3035 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3034 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3033 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3032 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3031 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3030 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3029 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3028 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3027 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3026 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3025 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3024 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3023 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3022 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3021 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3020 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3019 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3018 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3017 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3016 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3015 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3014 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3013 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3012 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3011 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ea ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe +CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe +CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 an ...) + NOT-FOR-US: Adobe +CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the ...) + NOT-FOR-US: Adobe Thor +CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related ...) + NOT-FOR-US: Adobe Thor +CVE-2017-3005 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...) + NOT-FOR-US: Adobe Photoshop +CVE-2017-3004 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17 ...) + NOT-FOR-US: Adobe Photoshop +CVE-2017-3003 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3002 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3001 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-3000 (Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerabilit ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2999 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2998 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2997 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2989 (Adobe Campaign versions Build 8770 and earlier have an input validatio ...) + NOT-FOR-US: Adobe +CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2983 (Adobe Shockwave versions 12.2.7.197 and earlier have an insecure libra ...) + NOT-FOR-US: Adobe +CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...) + NOT-FOR-US: Adobe +CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site ...) + NOT-FOR-US: Adobe +CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code inject ...) + NOT-FOR-US: Adobe +CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 a ...) + NOT-FOR-US: Adobe Acrobat Reader +CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a security byp ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM ...) + NOT-FOR-US: Adobe Acrobat Chrome extension +CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...) + NOT-FOR-US: Adobe Flash Player +CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose a ...) + {DLA-734-1} + - mapserver 7.0.3-1 + [jessie] - mapserver 6.4.1-5+deb8u1 + NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html + NOTE: https://github.com/mapserver/mapserver/pull/4928 + NOTE: https://github.com/mapserver/mapserver/pull/5356 +CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.ph ...) + NOT-FOR-US: Joomla! +CVE-2016-9837 (An issue was discovered in templates/beez3/html/com_content/article/de ...) + NOT-FOR-US: Joomla! +CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! C ...) + NOT-FOR-US: Joomla! +CVE-2016-9835 (Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x b ...) + NOT-FOR-US: Zikula +CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary clie ...) + NOT-FOR-US: Sophos +CVE-2016-9833 + RESERVED +CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...) + NOT-FOR-US: ACE-ABAP +CVE-2016-9805 + RESERVED +CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs i ...) + NOT-FOR-US: Alcatel-Lucent OmniVista +CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client Automat ...) + NOT-FOR-US: CA Common Services +CVE-2016-9792 + REJECTED +CVE-2016-9791 + REJECTED +CVE-2016-9790 + REJECTED +CVE-2016-9789 + REJECTED +CVE-2016-9788 + REJECTED +CVE-2016-9787 + REJECTED +CVE-2016-9786 + REJECTED +CVE-2016-9785 + REJECTED +CVE-2016-9784 + REJECTED +CVE-2016-9783 + REJECTED +CVE-2016-9782 + REJECTED +CVE-2016-9781 + REJECTED +CVE-2016-9780 + REJECTED +CVE-2016-9779 + REJECTED +CVE-2016-9778 (An error in handling certain queries can cause an assertion failure wh ...) + - bind9 (Only Supported Preview Edition/Subscription Edition and 9.11.x) + NOTE: https://kb.isc.org/article/AA-01442/0 +CVE-2016-9771 + REJECTED +CVE-2016-9770 + REJECTED +CVE-2016-9769 + REJECTED +CVE-2016-9768 + REJECTED +CVE-2016-9767 + REJECTED +CVE-2016-9766 + REJECTED +CVE-2016-9765 + REJECTED +CVE-2016-9764 + REJECTED +CVE-2016-9763 + REJECTED +CVE-2016-9762 + REJECTED +CVE-2016-9761 + REJECTED +CVE-2016-9760 + REJECTED +CVE-2016-9759 + REJECTED +CVE-2016-9758 + REJECTED +CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user inte ...) + NOT-FOR-US: Rapid7 Nexpose +CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...) + - qemu 1:2.8+dfsg-1 (bug #847382) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html +CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator su ...) + - qemu 1:2.8+dfsg-1 (bug #847381) + [jessie] - qemu (Vulnerable code not present) + [wheezy] - qemu (Vulnerable code not present) + - qemu-kvm (Vulnerable code not present) + NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html +CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...) + {DLA-2085-1 DLA-1725-1} + - zlib 1:1.2.8.dfsg-3 (bug #847275) + [wheezy] - zlib (Minor issue) + - rsync 3.1.3-6 (bug #924509) + [stretch] - rsync 3.1.2-1+deb9u2 + NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 + NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf +CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...) + {DLA-2085-1 DLA-1725-1} + - zlib 1:1.2.8.dfsg-3 (bug #847274) + [wheezy] - zlib (Minor issue) + - rsync 3.1.3-6 (bug #924509) + [stretch] - rsync 3.1.2-1+deb9u2 + NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 + NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf +CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...) + {DLA-2085-1 DLA-1725-1} + - zlib 1:1.2.8.dfsg-4 (bug #847270) + [wheezy] - zlib (Minor issue) + - rsync 3.1.3-6 (bug #924509) + [stretch] - rsync 3.1.2-1+deb9u2 + NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb + NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf +CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...) + {DLA-2085-1 DLA-1725-1} + - zlib 1:1.2.8.dfsg-3 (bug #847270) + [wheezy] - zlib (Minor issue) + - rsync 3.1.3-6 (bug #924509) + [stretch] - rsync 3.1.2-1+deb9u2 + NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 + NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf +CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZi ...) + {DLA-741-1} + - unzip 6.0-21 (bug #847486) + [jessie] - unzip 6.0-16+deb8u3 + NOTE: https://launchpad.net/bugs/1643750 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/05/13 + NOTE: Proposed patch in https://www.openwall.com/lists/oss-security/2016/12/05/19 +CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...) + {DLA-741-1} + - unzip 6.0-21 (bug #847485) + [jessie] - unzip 6.0-16+deb8u3 + NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 + NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750 + NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash + NOTE: in different areas of the unzip codebase) + NOTE: https://www.openwall.com/lists/oss-security/2014/11/03/5 +CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing] + - tiff 4.0.7-2 (unimportant; bug #846838) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619 +CVE-2016-9831 (Heap-based buffer overflow in the parseSWF_RGBA function in parser.c i ...) + {DLA-799-1} + - ming + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c +CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows ...) + {DSA-3746-1} + - graphicsmagick 1.3.25-6 (bug #847055) + [wheezy] - graphicsmagick (fix too intrusive, depends on jan 15th magickresources changes) + NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at + NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c + NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc +CVE-2016-9829 (Heap-based buffer overflow in the parseSWF_DEFINEFONT function in pars ...) + {DLA-799-1} + - ming + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c +CVE-2016-9828 (The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 ...) + {DLA-799-1} + - ming + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c +CVE-2016-9827 (The _iprintf function in outputtxt.c in the listswf tool in libming 0. ...) + {DLA-799-1} + - ming + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c +CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...) + - libav (unimportant) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=985 +CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause a de ...) + - libav (unimportant) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=984 +CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows remo ...) + - libav + [jessie] - libav (Minor issue, usan-only no-crash warning, no patch) + [wheezy] - libav (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983 +CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ca ...) + - libav + [jessie] - libav (Minor issue, usan-only no-crash warning, no patch) + [wheezy] - libav (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982 +CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...) + {DSA-3833-1 DLA-791-1} + - libav + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9) + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9) +CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...) + {DSA-3833-1 DLA-791-1} + - libav + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9) + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9) +CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...) + {DLA-791-1} + - libav (unimportant) + [jessie] - libav (The fixing patches are included in the upstream version) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9) + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9) +CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause ...) + {DLA-791-1} + - libav (unimportant) + [jessie] - libav (The fixing patches are included in the upstream version) + NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer + NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo + NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980 + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9) + NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9) +CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) + - xen 4.8.0-1 + [jessie] - xen (Minor issue) + [wheezy] - xen (ARM support introduced in 4.4) + NOTE: https://xenbits.xen.org/xsa/advisory-201.html + NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch +CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) + - xen 4.8.0-1 + [jessie] - xen (Minor issue) + [wheezy] - xen (ARM support introduced in 4.4) + NOTE: https://xenbits.xen.org/xsa/advisory-201.html + NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch + NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch +CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) + - xen 4.8.0-1 + [jessie] - xen (Minor issue) + [wheezy] - xen (ARM support introduced in 4.4) + NOTE: https://xenbits.xen.org/xsa/advisory-201.html + NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch +CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...) + - xen 4.8.0-1 + [jessie] - xen (Minor issue) + [wheezy] - xen (ARM support introduced in 4.4) + NOTE: https://xenbits.xen.org/xsa/advisory-201.html + NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch +CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...) + {DLA-1298-1} + - simplesamlphp 1.14.10-1 (low) + [jessie] - simplesamlphp (Minor issue) + NOTE: https://simplesamlphp.org/security/201612-01 + NOTE: https://github.com/simplesamlphp/saml2/pull/81 + NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c + NOTE: only exploitable in hard to achieve conditions + NOTE: https://www.openwall.com/lists/oss-security/2016/12/03/5 +CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists in the ...) + {DSA-3976-1 DLA-1098-1} + - freexl 1.0.4-1 (bug #875691) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431 + NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 +CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists in the ...) + {DSA-3976-1 DLA-1098-1} + - freexl 1.0.4-1 (bug #875690) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430 + NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8 +CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the Websocket ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Websocket ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing function ...) + NOT-FOR-US: Computerinsel Photoline +CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 (bug #895564) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426 +CVE-2017-2918 (An exploitable integer overflow exists in the Image loading functional ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: :https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425 +CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration function ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in the API d ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2913 (An exploitable vulnerability exists in the filtering functionality of ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2912 (An exploitable vulnerability exists in the remote control functionalit ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2911 (An exploitable vulnerability exists in the remote control functionalit ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2910 (An exploitable Out-of-bounds Write vulnerability exists in the xls_add ...) + - r-cran-readxl (Vulnerable code not present) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0417 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1927234 +CVE-2017-2909 (An infinite loop programming error exists in the DNS server functional ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415 +CVE-2017-2907 (An exploitable integer overflow exists in the animation playing functi ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414 +CVE-2017-2906 (An exploitable integer overflow exists in the animation playing functi ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413 +CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading functionalit ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412 +CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading functio ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411 +CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading functionalit ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410 +CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading functionalit ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409 +CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading functionali ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20 + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408 +CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading functionalit ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407 +CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading functionali ...) + {DSA-4248-1 DLA-1465-1} + - blender 2.79.a+dfsg0-1 + [wheezy] - blender (Vulnerable but not ignored) + NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406 +CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of t ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the read_MS ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 (bug #895564) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404 +CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the xls_mer ...) + {DSA-4173-1} + - r-cran-readxl 1.0.0-2 (bug #895564) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403 +CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in the MQTT ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in the MQ ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP server ...) + - smplayer 18.5.0~ds1-1 (bug #898943) + [stretch] - smplayer (Vulnerable code not present) + [jessie] - smplayer (Vulnerable code not present) + [wheezy] - smplayer (Vulnerable code not present) + NOTE: 18.5.0~ds1-1 isn't fixed on the source level, but no longer builds the Chromecast support +CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore functio ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API daemo ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a n ...) + {DLA-2803-1 DLA-1714-2} + - libsdl2 2.0.6+dfsg1-4 (bug #878264) + [jessie] - libsdl2 (Minor issue) + - libsdl1.2 (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395 + NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5 + NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0 +CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF propert ...) + {DSA-4184-1 DSA-4177-1 DLA-1134-1} + - libsdl2-image 2.0.1+dfsg-4 (bug #878266) + - sdl-image1.2 1.2.12-7 (bug #878267) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394 + NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705 +CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing functiona ...) + NOT-FOR-US: ACDSee Ultimate +CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists in the ...) + {DSA-3929-1} + - libsoup2.4 2.56.1-1 (bug #871650) + [wheezy] - libsoup2.4 (Vulnerable code not present) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774 +CVE-2017-2884 (An exploitable vulnerability exists in the user photo update functiona ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2883 (An exploitable vulnerability exists in the database update functionali ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2882 (An exploitable vulnerability exists in the servers update functionalit ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2881 (An exploitable vulnerability exists in the torlist update functionalit ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing function ...) + NOT-FOR-US: Computerinsel Photoline +CVE-2017-2879 (An exploitable buffer overflow vulnerability exists in the UPnP implem ...) + NOT-FOR-US: Foscam +CVE-2017-2878 (An exploitable buffer overflow vulnerability exists in the web managem ...) + NOT-FOR-US: Foscam +CVE-2017-2877 (A missing error check exists in the Multi-Camera interface used by the ...) + NOT-FOR-US: Foscam +CVE-2017-2876 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...) + NOT-FOR-US: Foscam +CVE-2017-2875 (An exploitable buffer overflow vulnerability exists in the Multi-Camer ...) + NOT-FOR-US: Foscam +CVE-2017-2874 (An information disclosure vulnerability exists in the Multi-Camera int ...) + NOT-FOR-US: Foscam +CVE-2017-2873 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam +CVE-2017-2872 (Insufficient security checks exist in the recovery procedure used by t ...) + NOT-FOR-US: Foscam +CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used by t ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the tiff_image ...) + {DLA-2043-1} + - gdk-pixbuf 2.36.10-1 (unimportant; bug #873787) + [stretch] - gdk-pixbuf (Built with GCC in Debian) + NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269 + NOTE: Built with GCC in Debian, which doesn't remove the check +CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2868 (An exploitable code execution vulnerability exists in the NewProducerS ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2867 (An exploitable code execution vulnerability exists in the SavePatientM ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup function ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2865 (An exploitable vulnerability exists in the firmware update functionali ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2864 (An exploitable vulnerability exists in the generation of authenticatio ...) + NOT-FOR-US: Circle with Disney +CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing functio ...) + NOT-FOR-US: Iceni Infix +CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the gdk_pixbuf__j ...) + {DSA-3978-1 DLA-1100-1} + - gdk-pixbuf 2.36.10-1 (bug #874552) + NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926 + NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366 +CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2860 (An exploitable denial-of-service vulnerability exists in the lookup en ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2859 + REJECTED +CVE-2017-2858 (An exploitable denial-of-service vulnerability exists in the traversal ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2857 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) + NOT-FOR-US: Foscam +CVE-2017-2856 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) + NOT-FOR-US: Foscam +CVE-2017-2855 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) + NOT-FOR-US: Foscam +CVE-2017-2854 (An exploitable buffer overflow vulnerability exists in the DDNS client ...) + NOT-FOR-US: Foscam +CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the RequestForPa ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2852 (An exploitable denial-of-service vulnerability exists in the unseriali ...) + NOT-FOR-US: Natus Xltek NeuroWorks +CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2849 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2848 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2847 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2846 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2845 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2844 (In the web management interface in Foscam C1 Indoor HD cameras with ap ...) + NOT-FOR-US: Foscam C1 Indoor HD cameras +CVE-2017-2843 (In the web management interface in Foscam C1 Indoor HD Camera running ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera running ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2841 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing functionalit ...) + NOT-FOR-US: EZB Systems UltraISO +CVE-2017-2839 (An exploitable denial of service vulnerability exists within the handl ...) + {DSA-3923-1 DLA-1095-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2838 (An exploitable denial of service vulnerability exists within the handl ...) + {DSA-3923-1 DLA-1095-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2837 (An exploitable denial of service vulnerability exists within the handl ...) + {DSA-3923-1 DLA-1095-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2836 (An exploitable denial of service vulnerability exists within the readi ...) + {DSA-3923-1 DLA-1095-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP receive ...) + {DSA-3923-1 DLA-1095-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2834 (An exploitable code execution vulnerability exists in the authenticati ...) + {DSA-3923-1} + - freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880) + [wheezy] - freerdp (vulnerable code not present) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 + NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html + NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1) +CVE-2017-2833 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2832 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web managem ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web managem ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web man ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2828 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2827 (An exploitable command injection vulnerability exists in the web manag ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy re ...) + - zabbix 1:4.0.0+dfsg-1 (low) + [stretch] - zabbix (Minor issue, workaround exists) + [jessie] - zabbix (Minor issue, workaround exists) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327 + NOTE: Relates to the information disclosure as mentioned in (but is not the same issue) + NOTE: https://support.zabbix.com/browse/ZBX-12076 + NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration + NOTE: using encrypted connections with the proxy. +CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically craf ...) + {DSA-3937-1} + - zabbix 1:3.0.7+dfsg-3 (bug #863584) + NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/ + NOTE: https://support.zabbix.com/browse/ZBX-12076 +CVE-2017-2824 (An exploitable code execution vulnerability exists in the trapper comm ...) + {DSA-3937-1} + - zabbix 1:3.0.7+dfsg-3 (bug #863584) + NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/ + NOTE: https://support.zabbix.com/browse/ZBX-12075 +CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing functionalit ...) + NOT-FOR-US: PowerISO +CVE-2017-2822 (An exploitable code execution vulnerability exists in the image render ...) + NOT-FOR-US: Lexmark +CVE-2017-2821 (An exploitable use-after-free exists in the PDF parsing functionality ...) + NOT-FOR-US: Lexmark +CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) + - poppler (unimportant) + NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is + NOTE: against Ubuntu, which disables openjpeg due to being in universe + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321 +CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word Pr ...) + NOT-FOR-US: Hancom Thinkfree Office NEO +CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image renderi ...) + - poppler (unimportant) + NOTE: Debian links against libjpeg which is unaffected + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 +CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing functi ...) + NOT-FOR-US: PowerISO +CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) + {DLA-1192-1} + - libofx 1:0.9.11-4 (bug #875801) + [stretch] - libofx 1:0.9.10-2+deb9u1 + [jessie] - libofx 1:0.9.10-1+deb8u1 + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317 + NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d + NOTE: https://github.com/libofx/libofx/issues/9 +CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire U ...) + NOT-FOR-US: OpenFire User Import Export Plugin +CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image renderi ...) + - poppler (unimportant) + NOTE: Debian links against libjpeg which is unaffected + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319 +CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...) + NOT-FOR-US: IrfanView +CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand funct ...) + NOT-FOR-US: Kakadu +CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing ...) + NOT-FOR-US: Kakadu +CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading functional ...) + - python-tablib 0.9.11-3 (bug #864818) + [stretch] - python-tablib 0.9.11-2+deb8u1 + [jessie] - python-tablib 0.9.11-2+deb8u1 + NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307 +CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...) + NOT-FOR-US: Ansible Vault +CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account pars ...) + - ledger 3.1.2+dfsg1-1 (low; bug #876659) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) + [wheezy] - ledger (Minor issue) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304 + NOTE: https://github.com/ledger/ledger/issues/1723 + NOTE: https://github.com/ledger/ledger/commit/f3bad93db256db07b6cb831d4d24f47543f57e4a +CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...) + - ledger 3.1.2+dfsg1-1 (low; bug #876660) + [stretch] - ledger (Minor issue) + [jessie] - ledger (Minor issue) + [wheezy] - ledger (Minor issue) + NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303 + NOTE: https://github.com/ledger/ledger/issues/1722 + NOTE: https://github.com/ledger/ledger/commit/5682f377aed5b0db6b6c4a44b1d8868103b7e9f7 +CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...) + NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality +CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...) + NOT-FOR-US: Foscam C1 Indoor HD Camera +CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing f ...) + NOT-FOR-US: Core PHOTO-PAINT X8 +CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing f ...) + NOT-FOR-US: Core PHOTO-PAINT X8 +CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the poaService.ex ...) + NOT-FOR-US: Dell +CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic libr ...) + {DSA-3939-1 DLA-915-1} + - botan1.10 1.10.16-1 (bug #860072) + NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16) + NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16 +CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of bounds ...) + - wolfssl 3.12.0+dfsg-1 (bug #862154) + NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/ +CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the AddSst func ...) + NOT-FOR-US: Antenna House DMC HTMLFilter +CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the GetIndexArr ...) + NOT-FOR-US: Antenna House DMC HTMLFilter +CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ParseEnvironm ...) + NOT-FOR-US: Antenna House +CVE-2017-2796 + RESERVED +CVE-2017-2795 (An exploitable heap corruption vulnerability exists in the Txo functio ...) + NOT-FOR-US: Antenna House +CVE-2017-2794 (An exploitable stack-based buffer overflow vulnerability exists in the ...) + NOT-FOR-US: Antenna House +CVE-2017-2793 (An exploitable heap corruption vulnerability exists in the UnCompressU ...) + NOT-FOR-US: Antenna House +CVE-2017-2792 (An exploitable heap corruption vulnerability exists in the iBldDirInfo ...) + NOT-FOR-US: Antenna House +CVE-2017-2791 (JustSystems Ichitaro 2016 Trial contains a vulnerability that exists w ...) + NOT-FOR-US: JustSystems Ichitaro 2016 Trial +CVE-2017-2790 (When processing a record type of 0x3c from a Workbook stream from an E ...) + NOT-FOR-US: JustSystems Ichitaro Office +CVE-2017-2789 (When copying filedata into a buffer, JustSystems Ichitaro Office 2016 ...) + NOT-FOR-US: JustSystems Ichitaro Office 2016 Trial +CVE-2017-2788 (A buffer overflows exists in the psnotifyd application of the Pharos P ...) + NOT-FOR-US: Pharos PopUp Printer Client +CVE-2017-2787 (A buffer overflows exists in the psnotifyd application of the Pharos P ...) + NOT-FOR-US: Pharos PopUp Printer Client +CVE-2017-2786 (A denial of service vulnerability exists in the psnotifyd application ...) + NOT-FOR-US: Pharos PopUp Printer Client +CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of ...) + NOT-FOR-US: Pharos PopUp Printer Client +CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the x50 ...) + - mbedtls 2.4.2-1 (bug #857560) + - polarssl (bug #857561) + [jessie] - polarssl 1.3.9-2.1+deb8u2 + [wheezy] - polarssl (Vulnerable code not present) + NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01 + NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however. +CVE-2017-2783 (An exploitable heap corruption vulnerability exists in the FillRowForm ...) + NOT-FOR-US: AntennaHouse +CVE-2017-2782 (An integer overflow vulnerability exists in the X509 certificate parsi ...) + - matrixssl + [wheezy] - matrixssl (not supported in Wheezy) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278 +CVE-2017-2781 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...) + - matrixssl + [wheezy] - matrixssl (not supported in Wheezy) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277 +CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X509 c ...) + - matrixssl + [wheezy] - matrixssl (not supported in Wheezy) + NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276 +CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC segm ...) + NOT-FOR-US: Labview +CVE-2017-2778 + REJECTED +CVE-2017-2777 (An exploitable heap overflow vulnerability exists in the ipStringCreat ...) + NOT-FOR-US: Iceni Argus +CVE-2017-2776 + REJECTED +CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the LvVariant ...) + NOT-FOR-US: Labview +CVE-2017-2774 + REJECTED +CVE-2017-2773 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...) + NOT-FOR-US: Pivotal PCF Elastic Runtime +CVE-2017-2772 + REJECTED +CVE-2017-2771 + REJECTED +CVE-2017-2770 + REJECTED +CVE-2017-2769 + REJECTED +CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...) + NOT-FOR-US: EMC Network Configuration Manager +CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network Configurati ...) + NOT-FOR-US: EMC Network Configuration Manager +CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 ...) + NOT-FOR-US: EMC Documentum eRoom +CVE-2017-2765 (EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, ...) + NOT-FOR-US: EMC Isilon InsightIQ +CVE-2017-2764 + RESERVED +CVE-2017-2763 + RESERVED +CVE-2017-2762 + RESERVED +CVE-2017-2761 + RESERVED +CVE-2017-2760 + RESERVED +CVE-2017-2759 + RESERVED +CVE-2017-2758 + RESERVED +CVE-2017-2757 + RESERVED +CVE-2017-2756 + RESERVED +CVE-2017-2755 + RESERVED +CVE-2017-2754 + RESERVED +CVE-2017-2753 + RESERVED +CVE-2017-2752 (A potential security vulnerability caused by incomplete obfuscation of ...) + NOT-FOR-US: Tommy Hilfiger TH24/7 Android app +CVE-2017-2751 (A BIOS password extraction vulnerability has been reported on certain ...) + NOT-FOR-US: firmware on HP notebooks +CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential execut ...) + NOT-FOR-US: HP printers +CVE-2017-2749 + RESERVED +CVE-2017-2748 (A potential security vulnerability caused by the use of insecure (http ...) + NOT-FOR-US: Isaac Mizrahi Smartwatch mobile app +CVE-2017-2747 (HP has identified a potential security vulnerability before IG_11_00_0 ...) + NOT-FOR-US: HP printers +CVE-2017-2746 (Potential security vulnerabilities have been identified with HP JetAdv ...) + NOT-FOR-US: HP JetAdvantage Security Manager +CVE-2017-2745 (Potential security vulnerabilities have been identified with HP JetAdv ...) + NOT-FOR-US: HP JetAdvantage Security Manager +CVE-2017-2744 (The vulnerability allows attacker to extract binaries into protected f ...) + NOT-FOR-US: HP Support Assistant +CVE-2017-2743 (HP has identified a potential security vulnerability with HP Enterpris ...) + NOT-FOR-US: HP printers +CVE-2017-2742 (A potential security vulnerability has been identified with HP Web Jet ...) + NOT-FOR-US: HP Web JetAdmin +CVE-2017-2741 (A potential security vulnerability has been identified with HP PageWid ...) + NOT-FOR-US: HP printers +CVE-2017-2740 (A potential security vulnerability has been identified with the comman ...) + NOT-FOR-US: HP ThinPro +CVE-2017-2739 (The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 v ...) + NOT-FOR-US: Huawei +CVE-2017-2738 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...) + NOT-FOR-US: Huawei +CVE-2017-2737 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...) + NOT-FOR-US: Huawei +CVE-2017-2736 (VCM5010 with software versions earlier before V100R002C50SPC100 has a ...) + NOT-FOR-US: Huawei +CVE-2017-2735 (TIT-AL00 smartphones with software versions earlier before TIT-AL00C58 ...) + NOT-FOR-US: Huawei +CVE-2017-2734 (P9 Plus smartphones with software versions earlier before VIE-AL10BC00 ...) + NOT-FOR-US: Huawei +CVE-2017-2733 (Honor 6X smartphones with software versions earlier than BLN-AL10C00B3 ...) + NOT-FOR-US: Huawei +CVE-2017-2732 (Huawei Hilink APP Versions earlier before 5.0.25.306 has an informatio ...) + NOT-FOR-US: Huawei +CVE-2017-2731 (The vibrator service in P9 Plus smart phones with software versions ea ...) + NOT-FOR-US: Huawei +CVE-2017-2730 (HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and HUA ...) + NOT-FOR-US: Huawei +CVE-2017-2729 (The boot loaders in Honor 5A smart phones with software Versions earli ...) + NOT-FOR-US: Huawei +CVE-2017-2728 (Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier vers ...) + NOT-FOR-US: Huawei +CVE-2017-2727 (Huawei P9 smart phones with software versions earlier before EVA-AL00C ...) + NOT-FOR-US: Huawei +CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) + NOT-FOR-US: Huawei +CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) + NOT-FOR-US: Huawei +CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software earlier than VKY ...) + NOT-FOR-US: Huawei +CVE-2017-2723 (The Files APP 7.1.1.308 and earlier versions in some Huawei mobile pho ...) + NOT-FOR-US: Huawei +CVE-2017-2722 (DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, V100R00 ...) + NOT-FOR-US: Huawei +CVE-2017-2721 (Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C18 ...) + NOT-FOR-US: Huawei +CVE-2017-2720 (FusionSphere OpenStack V100R006C00 has an information exposure vulnera ...) + NOT-FOR-US: Huawei +CVE-2017-2719 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...) + NOT-FOR-US: Huawei +CVE-2017-2718 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ha ...) + NOT-FOR-US: Huawei +CVE-2017-2717 (honor 8 Pro with software Duke-L09C10B120 and earlier versions,Duke-L0 ...) + NOT-FOR-US: Huawei +CVE-2017-2716 (The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 h ...) + NOT-FOR-US: Huawei +CVE-2017-2715 (The Files APP 7.1.1.309 and earlier versions in some Huawei mobile pho ...) + NOT-FOR-US: Huawei +CVE-2017-2714 (The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier ve ...) + NOT-FOR-US: Huawei +CVE-2017-2713 (HUAWEI P9 smartphones with software versions earlier before EVA-L09C43 ...) + NOT-FOR-US: Huawei +CVE-2017-2712 (S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping vu ...) + NOT-FOR-US: Huawei +CVE-2017-2711 (P9 Plus smartphones with software earlier than VIE-AL10C00B352 version ...) + NOT-FOR-US: Huawei +CVE-2017-2710 (BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B ...) + NOT-FOR-US: Huawei +CVE-2017-2709 (HiGame with software earlier than 7.3.0 versions, SkyTone with softwar ...) + NOT-FOR-US: Huawei +CVE-2017-2708 (The 'Find Phone' function in Nice smartphones with software versions e ...) + NOT-FOR-US: Huawei +CVE-2017-2707 (Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege esc ...) + NOT-FOR-US: Huawei +CVE-2017-2706 (Mate 9 smartphones with software MHA-AL00AC00B125 have a directory tra ...) + NOT-FOR-US: Huawei +CVE-2017-2705 (Huawei P9 smartphones with software versions earlier before EVA-AL10C0 ...) + NOT-FOR-US: Huawei +CVE-2017-2704 (Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier v ...) + NOT-FOR-US: Huawei +CVE-2017-2703 (Phone Finder in versions earlier before MHA-AL00BC00B156,Versions earl ...) + NOT-FOR-US: Huawei +CVE-2017-2702 (Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. ...) + NOT-FOR-US: Huawei +CVE-2017-2701 (Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) vu ...) + NOT-FOR-US: Huawei +CVE-2017-2700 (AC6005 with software V200R006C10, AC6605 with software V200R006C10 hav ...) + NOT-FOR-US: Huawei +CVE-2017-2699 (The Huawei Themes APP in versions earlier than PLK-UL00C17B385, versio ...) + NOT-FOR-US: Huawei +CVE-2017-2698 (The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has bu ...) + NOT-FOR-US: Huawei +CVE-2017-2697 (The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C4 ...) + NOT-FOR-US: Huawei +CVE-2017-2696 (The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C ...) + NOT-FOR-US: Huawei +CVE-2017-2695 (TIT-AL00C583B211 has a directory traversal vulnerability which allows ...) + NOT-FOR-US: Huawei +CVE-2017-2694 (The AlarmService component in HwVmall with software earlier than 1.5.2 ...) + NOT-FOR-US: Huawei +CVE-2017-2693 (ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versi ...) + NOT-FOR-US: Huawei +CVE-2017-2692 (The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L ...) + NOT-FOR-US: Huawei +CVE-2017-2691 (Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier be ...) + NOT-FOR-US: Huawei +CVE-2017-2690 (SoftCo with software V200R003C20,eSpace U1910 with software V200R003C0 ...) + NOT-FOR-US: Huawei +CVE-2017-2689 (Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to ...) + NOT-FOR-US: Siemens +CVE-2017-2688 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...) + NOT-FOR-US: Siemens +CVE-2017-2687 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the ...) + NOT-FOR-US: Siemens +CVE-2017-2686 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that co ...) + NOT-FOR-US: Siemens +CVE-2017-2685 (Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 (incl ...) + NOT-FOR-US: Siemens +CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attack ...) + NOT-FOR-US: Siemens +CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NMS < V ...) + NOT-FOR-US: Siemens +CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and ...) + NOT-FOR-US: Siemens +CVE-2017-2681 (Specially crafted PROFINET DCP packets sent on a local Ethernet segmen ...) + NOT-FOR-US: Siemens +CVE-2017-2680 (Specially crafted PROFINET DCP broadcast packets could cause a denial ...) + NOT-FOR-US: Siemens +CVE-2017-2679 + REJECTED +CVE-2017-2678 + REJECTED +CVE-2017-2677 + REJECTED +CVE-2017-2676 + REJECTED +CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege ...) + NOT-FOR-US: Little Snitch +CVE-2017-2674 (JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored X ...) + NOT-FOR-US: Red Hat business central +CVE-2017-2673 (An authorization-check flaw was discovered in federation configuration ...) + - keystone 2:10.0.0-9 (bug #861189) + [jessie] - keystone (Vulnerable code not present) + [wheezy] - keystone (Vulnerable code not present) + NOTE: https://bugs.launchpad.net/keystone/+bug/1677723 +CVE-2017-2672 (A flaw was found in foreman before version 1.15 in the logging of addi ...) + - foreman (bug #663101) +CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel throug ...) + {DLA-922-1} + - linux 4.9.25-1 + [jessie] - linux 3.16.43-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/03/24/6 + NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893 +CVE-2017-2670 (It was found in Undertow before 1.3.28 that with non-clean TCP close, ...) + {DSA-3906-1} + - undertow 1.4.18-1 (bug #864405) + NOTE: Fixed by https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d + NOTE: https://issues.jboss.org/browse/UNDERTOW-1035 +CVE-2017-2669 (Dovecot before version 2.2.29 is vulnerable to a denial of service. Wh ...) + - dovecot 1:2.2.27-3 (bug #860049) + [jessie] - dovecot (Vulnerable code not present) + [wheezy] - dovecot (Vulnerable code not present) + NOTE: Fixed by: https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735 + NOTE: Introduced by: https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22 +CVE-2017-2668 (389-ds-base before versions 1.3.5.17 and 1.3.6.10 is vulnerable to an ...) + - 389-ds-base 1.3.5.17-1 (bug #860125) + [jessie] - 389-ds-base (Vulnerable code not present) + NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575 +CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...) + - foreman (bug #663101) +CVE-2017-2666 (It was discovered in Undertow that the code that parsed the HTTP reque ...) + {DSA-3906-1} + - undertow 1.4.18-1 (bug #864405) + NOTE: https://issues.jboss.org/browse/UNDERTOW-1101 + NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f +CVE-2017-2665 (The skyring-setup command creates random password for mongodb skyring ...) + NOT-FOR-US: Red Hat Storage / skyring +CVE-2017-2664 (CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8. ...) + NOT-FOR-US: Red Hat CloudForms +CVE-2017-2663 (It was found that subscription-manager's DBus interface before 1.19.4 ...) + NOT-FOR-US: candlepin / subscription-manager +CVE-2017-2662 (A flaw was found in Foreman's katello plugin version 3.4.5. After sett ...) + - foreman (bug #663101) +CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site s ...) + - pcs 0.9.155+dfsg-2 (bug #858379) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948 + NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f + NOTE: https://www.openwall.com/lists/oss-security/2017/03/23/2 +CVE-2017-2660 + REJECTED +CVE-2017-2659 (It was found that dropbear before version 2013.59 with GSSAPI leaks wh ...) + - dropbear 2013.60-1 + NOTE: https://hg.ucc.asn.au/dropbear/rev/d7784616409a#l1.86 +CVE-2017-2658 (It was discovered that the Dashbuilder login page as used in Red Hat J ...) + NOT-FOR-US: JBoss BPMS +CVE-2017-2657 + REJECTED +CVE-2017-2656 + REJECTED +CVE-2017-2655 + REJECTED +CVE-2017-2654 (jenkins-email-ext before version 2.57.1 is vulnerable to an Informatio ...) + NOT-FOR-US: jenkins-email-ext +CVE-2017-2653 (A number of unused delete routes are present in CloudForms before 5.7. ...) + NOT-FOR-US: Red Hat CloudForms +CVE-2017-2652 (It was found that there were no permission checks performed in the Dis ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-2651 (jenkins-mailer-plugin before version 1.20 is vulnerable to an informat ...) + NOT-FOR-US: jenkins-mailer-plugin +CVE-2017-2650 (It was found that the use of Pipeline: Classpath Step Jenkins plugin e ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-2649 (It was found that the Active Directory Plugin for Jenkins up to and in ...) + NOT-FOR-US: Jenkins plugin +CVE-2017-2648 (It was found that jenkins-ssh-slaves-plugin before version 1.15 did no ...) + NOT-FOR-US: jenkins-ssh-slaves-plugin +CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users ...) + {DLA-922-1} + - linux 4.0.2-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (v3.18-rc1) +CVE-2017-2646 (It was found that when Keycloak before 2.5.5 receives a Logout request ...) + NOT-FOR-US: Keycloak +CVE-2017-2645 (In Moodle 3.x, XSS can occur via attachments to evidence of prior lear ...) + - moodle (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4) + NOTE: https://tracker.moodle.org/browse/MDL-57597 + NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57597 +CVE-2017-2644 (In Moodle 3.x, XSS can occur via evidence of prior learning.) + - moodle (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4) + NOTE: https://tracker.moodle.org/browse/MDL-57596 + NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57596 +CVE-2017-2643 (In Moodle 3.2.x, global search displays user names for unauthenticated ...) + - moodle (Only affects 3.2 to 3.2.1) + NOTE: https://tracker.moodle.org/browse/MDL-56526 + NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526 +CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page.) + - moodle + NOTE: https://moodle.org/mod/forum/discuss.php?d=355554 +CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences.) + - moodle 2.7.19+dfsg-1 + NOTE: https://tracker.moodle.org/browse/MDL-58010 + NOTE: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010 +CVE-2017-2640 (An out-of-bounds write flaw was found in the way Pidgin before 2.12.0 ...) + {DSA-3806-1 DLA-853-1} + - pidgin 2.12.0-1 (bug #859159) + NOTE: https://www.pidgin.im/news/security/?id=109 + NOTE: https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9 +CVE-2017-2639 (It was found that CloudForms does not verify that the server hostname ...) + NOT-FOR-US: Red Hat CloudForms Management Engine +CVE-2017-2638 (It was found that the REST API in Infinispan before version 9.0.0 did ...) + NOT-FOR-US: infinispan +CVE-2017-2637 (A design flaw issue was found in the Red Hat OpenStack Platform direct ...) + NOT-FOR-US: Red Hat OpenStack Platform director +CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.1 ...) + {DSA-3804-1 DLA-849-1} + - linux 4.9.16-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/03/07/6 + NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2) + NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html +CVE-2017-2635 (A NULL pointer deference flaw was found in the way libvirt from 2.5.0 ...) + - libvirt 3.0.0-3 (bug #856313) + [jessie] - libvirt (Vulnerable code introduced later) + [wheezy] - libvirt (Vulnerable code introduced later) + NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390ff0a8e65014172bb8c0a8d312c3353 (v3.0.0-rc1) + NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 (v3.1.0-rc1) +CVE-2017-2634 (It was found that the Linux kernel's Datagram Congestion Control Proto ...) + - linux (Fixed before initial rename to src:linux) + NOTE: Fixed by: https://git.kernel.org/linus/f53dc67c5e7babafe239b93a11678b0e05bead51 (2.6.25-rc1) +CVE-2017-2633 (An out-of-bounds memory access issue was found in Quick Emulator (QEMU ...) + - qemu 2.1+dfsg-1 + [wheezy] - qemu (Can be fixed along when more severe issues are being fixed) + - qemu-kvm + [wheezy] - qemu-kvm (Can be fixed along when more severe issues are being fixed) + NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef + NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7 +CVE-2017-2632 (A logic error in valid_role() in CloudForms role validation before 5.7 ...) + NOT-FOR-US: Red Hat CloudForms Management Engine +CVE-2017-2631 + REJECTED +CVE-2017-2630 (A stack buffer overflow flaw was found in the Quick Emulator (QEMU) be ...) + - qemu 1:2.8+dfsg-3 (bug #855227) + [jessie] - qemu (Vulnerable code introduced in v2.8.0-rc0) + [wheezy] - qemu (Vulnerable code introduced in v2.8.0-rc0) + - qemu-kvm (Vulnerable code introduced later) + NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422415 +CVE-2017-2629 (curl before 7.53.0 has an incorrect TLS Certificate Status Request ext ...) + - curl 7.52.1-3 + [jessie] - curl (Vulnerable code introduced later) + [wheezy] - curl (Vulnerable code introduced later) + NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0 + NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch + NOTE: https://curl.haxx.se/docs/adv_20170222.html +CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-5 ...) + - curl (Red Hat specific backport issue) +CVE-2017-2627 (A flaw was found in openstack-tripleo-common as shipped with Red Hat O ...) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917 + NOT-FOR-US: RHEL packaging flaw for openstack +CVE-2017-2626 (It was discovered that libICE before 1.0.9-8 used a weak entropy to ge ...) + {DLA-2002-1} + - libice 2:1.0.9-2 (bug #856400) + [wheezy] - libice (Minor issue, can be fixed in a point update or next DSA) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ +CVE-2017-2625 (It was discovered that libXdmcp before 1.1.2 including used weak entro ...) + - libxdmcp 1:1.1.2-2 (bug #856399) + [wheezy] - libxdmcp (Minor issue, can be fixed in a point update or next DSA) + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ +CVE-2017-2624 (It was found that xorg-x11-server before 1.19.0 including uses memcmp( ...) + {DLA-1186-1} + - xorg-server 2:1.19.2-1 (low; bug #856398) + [jessie] - xorg-server 2:1.16.4-1+deb8u2 + NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/ +CVE-2017-2623 (It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 ...) + NOT-FOR-US: Red Hat rpm-ostree +CVE-2017-2622 (An accessibility flaw was found in the OpenStack Workflow (mistral) se ...) + - mistral (Red Hat-specific) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992 + NOTE: tracing the installation shows that mkdir -p /var/log/mistral + NOTE: is executed, which depending on the umask might end in wrong + NOTE: permissions. But for Debian the final permissions seem to end + NOTE: to 0750, despite, owned by mistral:adm. Thus might need more + NOTE: investigation to determine the affected status. +CVE-2017-2621 (An access-control flaw was found in the OpenStack Orchestration (heat) ...) + - heat (heat-common postinst chmod's 0750 /var/log/heat) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990 +CVE-2017-2620 (Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA E ...) + {DLA-1497-1 DLA-1270-1 DLA-845-1 DLA-842-1} + - qemu 1:2.8+dfsg-3 (bug #855791) + - qemu-kvm + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: https://xenbits.xen.org/xsa/advisory-209.html + NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html +CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a mali ...) + {DSA-3816-1 DLA-894-1} + - samba 2:4.5.6+dfsg-2 + NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html +CVE-2017-2618 (A flaw was found in the Linux kernel's handling of clearing SELinux at ...) + {DSA-3791-1} + - linux 4.9.10-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125 +CVE-2017-2617 (hawtio before version 1.5.5 is vulnerable to remote code execution via ...) + NOT-FOR-US: hawtio +CVE-2017-2616 (A race condition was found in util-linux before 2.32.1 in the way su h ...) + {DSA-3793-1 DLA-838-1} + - shadow 1:4.4-4 (bug #855943) + NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686 + - util-linux 2.29.2-1 (unimportant) + NOTE: https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891 + - coreutils 8.20-1 (unimportant) + NOTE: Coreutils: Removed from source in https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737 + NOTE: and not installed by default since 2007. +CVE-2017-2615 (Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator sup ...) + {DLA-1497-1 DLA-845-1 DLA-842-1} + - qemu 1:2.8+dfsg-3 (low; bug #854731) + NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106) + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64 +CVE-2017-2614 (When updating a password in the rhvm database the ovirt-aaa-jdbc-tool ...) + NOT-FOR-US: Red Hat ovirt-aaa-jdbc-tool tools +CVE-2017-2613 (jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2612 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2609 (jenkins before versions 2.44, 2.32.2 is vulnerable to an information d ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ex ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2607 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information e ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2605 + REJECTED +CVE-2017-2604 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2603 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2602 (jenkins before versions 2.44, 2.32.2 is vulnerable to an improper blac ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cros ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could be vie ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an insufficie ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2598 (Jenkins before versions 2.44, 2.32.2 uses AES ECB block cipher mode wi ...) + - jenkins + NOTE: https://jenkins.io/security/advisory/2017-02-01/ +CVE-2017-2597 + REJECTED +CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux ...) + {DSA-3791-1} + - linux 4.9.13-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: https://www.spinics.net/lists/kvm/msg144319.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417812 +CVE-2017-2595 (It was found that the log file viewer in Red Hat JBoss Enterprise Appl ...) + - wildfly (bug #752018) +CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, ...) + NOT-FOR-US: hawtio +CVE-2017-2593 + REJECTED +CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulner ...) + - python-oslo.middleware 3.19.0-3 (bug #852742) + NOTE: https://launchpad.net/bugs/1628031 +CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL t ...) + - 389-ds-base 1.3.5.15-2 (bug #851769) + [jessie] - 389-ds-base (Only affects 1.3.4.0 and later) + NOTE: https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/ +CVE-2017-2590 (A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, ...) + - freeipa (ca plugin introduced in 4.4) + NOTE: https://pagure.io/freeipa/issue/6713 + NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master + NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4 +CVE-2017-2589 (It was discovered that the hawtio servlet 1.4 uses a single HttpClient ...) + NOT-FOR-US: hawtio +CVE-2017-2588 + REJECTED +CVE-2017-2587 (A memory allocation vulnerability was found in netpbm before 10.61. A ...) + - netpbm-free (vulnerable code not present) + NOTE: Debian uses an old fork of netpbm + NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328 +CVE-2017-2586 (A null pointer dereference vulnerability was found in netpbm before 10 ...) + - netpbm-free (vulnerable code not present) + NOTE: Debian uses an old fork of netpbm + NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328 +CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ve ...) + NOT-FOR-US: Keycloak +CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...) + {DSA-3791-1} + - linux 4.9.6-1 + [wheezy] - linux (Vulnerable code introduced in 3.6-rc1) + NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html + NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d +CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulate.c i ...) + {DSA-3791-1} + - linux 4.9.6-1 + [wheezy] - linux (Vulnerable code introduced in 3.6-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3 +CVE-2017-2582 (It was found that while parsing the SAML messages the StaxParserUtil c ...) + NOT-FOR-US: Keycloak +CVE-2017-2581 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...) + - netpbm-free 2:10.97.00-1 (bug #854978) + [bullseye] - netpbm-free (Legacy fork not affected) + [buster] - netpbm-free (Legacy fork not affected) + [stretch] - netpbm-free (Legacy fork not affected) + NOTE: Debian uses an old fork of netpbm, switched to current releases as of 2:10.97.00-1 + NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 + NOTE: PoC+report attached to #854978 + NOTE: Similar code path seems protected by earlier stricter size checks ("object too large") + NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2989/ (10.78.05) +CVE-2017-2580 (An out-of-bounds write vulnerability was found in netpbm before 10.61. ...) + - netpbm-free 2:10.97.00-1 (bug #854978) + [bullseye] - netpbm-free (Legacy fork not affected) + [buster] - netpbm-free (Legacy fork not affected) + [stretch] - netpbm-free (Legacy fork not affected) + [jessie] - netpbm-free (pnm/giftopnm.c and bpm/libpm.c rewritten, PoC triggers clean check "Zero byte allocation" missing in later versions) + NOTE: Debian uses an old fork of netpbm + NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 + NOTE: PoC+report attached to #854978 + NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821 (10.47.63) +CVE-2017-2579 (An out-of-bounds read vulnerability was found in netpbm before 10.61. ...) + - netpbm-free 2:10.97.00-1 (bug #854978) + [bullseye] - netpbm-free (Legacy fork not affected) + [buster] - netpbm-free (Legacy fork not affected) + [stretch] - netpbm-free (Legacy fork not affected) + [jessie] - netpbm-free (pnm/giftopnm.c rewritten, PoC triggers clean application error handling) + NOTE: Debian uses an old fork of netpbm + NOTE: https://www.openwall.com/lists/oss-security/2017/02/05/7 + NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1024288 (reproducer) + NOTE: Possible fix: https://sourceforge.net/p/netpbm/code/2821 (10.47.63) +CVE-2017-2577 + REJECTED +CVE-2017-2575 (A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL poi ...) + NOT-FOR-US: libbpg +CVE-2017-2574 + RESERVED +CVE-2017-2573 + RESERVED +CVE-2017-2572 + RESERVED +CVE-2017-2571 + RESERVED +CVE-2017-2570 + RESERVED +CVE-2017-2569 + RESERVED +CVE-2017-2568 + RESERVED +CVE-2017-2567 + RESERVED +CVE-2017-2566 + RESERVED +CVE-2017-2565 + RESERVED +CVE-2017-2564 + RESERVED +CVE-2017-2563 + RESERVED +CVE-2017-2562 + RESERVED +CVE-2017-2561 + RESERVED +CVE-2017-2560 + RESERVED +CVE-2017-2559 + RESERVED +CVE-2017-2558 + RESERVED +CVE-2017-2557 + RESERVED +CVE-2017-2556 + RESERVED +CVE-2017-2555 + RESERVED +CVE-2017-2554 + RESERVED +CVE-2017-2553 + RESERVED +CVE-2017-2552 + RESERVED +CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possib ...) + NOT-FOR-US: WordPress plugin BackWPup +CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a cop ...) + NOT-FOR-US: Easy Joomla Backup +CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2548 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2547 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2546 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2545 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2544 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2543 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2542 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2541 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2540 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2539 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2538 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.4-1 (unimportant) + [stretch] - webkit2gtk 2.16.6-0+deb9u1 + NOTE: Not covered by security support +CVE-2017-2537 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2536 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2535 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2534 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2533 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2532 + RESERVED +CVE-2017-2531 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2530 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2529 + RESERVED +CVE-2017-2528 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2527 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2526 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2525 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2524 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2523 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2522 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + {DLA-1633-1} + - sqlite3 3.16.2-1 + [wheezy] - sqlite3 (Vulnerable code not present) + - sqlite (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384 + NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016 + NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1 +CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + {DLA-1633-1} + - sqlite3 3.16.0-1 + [wheezy] - sqlite3 (Vulnerable code not present) + - sqlite (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288 + NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632 + NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6 +CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + {DLA-1633-1} + - sqlite3 3.15.2-1 + [wheezy] - sqlite3 (Minor issue) + - sqlite (Vulnerable code introduced later) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199 + NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936 + NOTE: Fixed by: https://www.sqlite.org/src/info/0a98c8d76ac86412 + NOTE: Introduced by: https://www.sqlite.org/src/info/0d2e258e1a3276e5 (v3.5.9) +CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 10.3.3 i ...) + NOT-FOR-US: Apple Safari +CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2515 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2514 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2513 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - sqlite3 3.15.2-1 + [jessie] - sqlite3 (Vulnerable code not present) + [wheezy] - sqlite3 (Vulnerable code not present) + - sqlite (Vulnerable code not present) + NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171 + NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544 + NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a +CVE-2017-2512 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2511 (An issue was discovered in certain Apple products. Safari before 10.1. ...) + NOT-FOR-US: Apple Safari +CVE-2017-2510 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2509 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2508 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2507 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2506 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2505 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2504 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2503 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2502 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2501 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2500 (An issue was discovered in certain Apple products. Safari before 10.1. ...) + NOT-FOR-US: Apple Safari +CVE-2017-2499 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2498 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2497 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple +CVE-2017-2496 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + - webkit2gtk 2.16.3-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2495 (An issue was discovered in certain Apple products. iOS before 10.3.2 i ...) + NOT-FOR-US: Apple Safari +CVE-2017-2494 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2493 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2492 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2491 (Use after free vulnerability in the String.replace method JavaScriptCo ...) + NOT-FOR-US: Apple Safari +CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple involving Intel Graphics Driver +CVE-2017-2488 (A cryptographic weakness existed in the authentication protocol of Rem ...) + NOT-FOR-US: Apple +CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving FontParser component +CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2485 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Security component +CVE-2017-2484 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Phone component +CVE-2017-2483 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2482 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2481 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2480 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Potentially src:libxslt, but Apple doesn't play by the rules +CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2475 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2474 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2473 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2472 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2471 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2470 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2469 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2468 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2467 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving ImageIO component +CVE-2017-2466 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2465 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2464 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2463 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2462 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2461 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving CoreText component +CVE-2017-2460 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2459 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2458 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2457 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2456 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2455 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2454 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2453 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple Safari +CVE-2017-2452 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple Siri +CVE-2017-2451 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Security component +CVE-2017-2450 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving CoreText component +CVE-2017-2449 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple invovling Bluetooth component +CVE-2017-2448 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Keychain component +CVE-2017-2447 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2446 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2445 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2444 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving CoreGraphics component +CVE-2017-2443 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple involving Intel Graphics Driver +CVE-2017-2442 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2441 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple libc++abi component +CVE-2017-2440 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving Kernel component +CVE-2017-2439 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving FontParser component +CVE-2017-2438 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple involving AppleRAID component +CVE-2017-2437 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple involving IOFireWireAVC component +CVE-2017-2436 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple involving IOFireWireAVC component +CVE-2017-2435 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving CoreText component +CVE-2017-2434 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving HomeKit component +CVE-2017-2433 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2432 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple involving ImageIO component +CVE-2017-2431 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2430 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2429 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2428 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2427 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2426 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2425 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2424 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2423 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2422 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2421 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2420 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2419 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2418 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2417 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2416 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2415 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2414 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2413 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2411 (In iOS before 11.2, exchange rates were retrieved from HTTP rather tha ...) + NOT-FOR-US: Apple +CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2408 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2407 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2406 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2405 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2404 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2403 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2402 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2401 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2400 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2399 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2398 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2397 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2396 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2395 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2394 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2393 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2392 (An issue was discovered in certain Apple products. Safari before 10.1 ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, N ...) + NOT-FOR-US: Apple +CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple / libarchive + NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate +CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2387 (The Apple Music (aka com.apple.android.music) application before 2.0 f ...) + NOT-FOR-US: Apple Music application for Android +CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2385 (An issue was discovered in certain Apple products. Safari before 10.1 ...) + NOT-FOR-US: Apple +CVE-2017-2384 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2383 (An issue was discovered in certain Apple products. iCloud before 6.2 o ...) + NOT-FOR-US: Apple +CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...) + NOT-FOR-US: Apple +CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple, that's likely just a broken sudo config +CVE-2017-2380 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Apple +CVE-2017-2378 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix +CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkit2gtk 2.16.3-2 (unimportant) + NOTE: Not covered by security support +CVE-2017-2375 (An issue existed in preventing the uploading of CallKit call history t ...) + NOT-FOR-US: Apple +CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before 1 ...) + NOT-FOR-US: Apple +CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2372 (An issue was discovered in certain Apple products. GarageBand before 1 ...) + NOT-FOR-US: Apple +CVE-2017-2371 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2370 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-2369 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2368 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-2367 (An issue was discovered in certain Apple products. iOS before 10.3 is ...) + - webkitgtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2366 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2365 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2364 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2363 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2362 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2361 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2360 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-2359 (An issue was discovered in certain Apple products. Safari before 10.0. ...) + NOT-FOR-US: Apple +CVE-2017-2358 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2357 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2356 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2355 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2354 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2353 (An issue was discovered in certain Apple products. macOS before 10.12. ...) + NOT-FOR-US: Apple +CVE-2017-2352 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-2351 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + NOT-FOR-US: Apple +CVE-2017-2350 (An issue was discovered in certain Apple products. iOS before 10.2.1 i ...) + - webkit2gtk 2.14.4-1 (unimportant) + NOTE: Not covered by security support +CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper Networ ...) + NOT-FOR-US: Juniper +CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU utilization ...) + NOT-FOR-US: Juniper +CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper Networks Ju ...) + NOT-FOR-US: Juniper +CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented packet ...) + NOT-FOR-US: Juniper +CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker with u ...) + NOT-FOR-US: Juniper +CVE-2017-2344 (A routine within an internal Junos OS sockets library is vulnerable to ...) + NOT-FOR-US: Juniper +CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in Junos ...) + NOT-FOR-US: Juniper +CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to 15.1X49-D ...) + NOT-FOR-US: Juniper +CVE-2017-2341 (An insufficient authentication vulnerability on platforms where Junos ...) + NOT-FOR-US: Juniper +CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...) + NOT-FOR-US: Juniper +CVE-2017-2339 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) + NOT-FOR-US: Juniper +CVE-2017-2338 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) + NOT-FOR-US: Juniper +CVE-2017-2337 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) + NOT-FOR-US: Juniper +CVE-2017-2336 (A reflected cross site scripting vulnerability in NetScreen WebUI of J ...) + NOT-FOR-US: Juniper +CVE-2017-2335 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...) + NOT-FOR-US: Juniper +CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks North ...) + NOT-FOR-US: Juniper +CVE-2017-2332 (An insufficient authentication vulnerability in Juniper Networks North ...) + NOT-FOR-US: Juniper +CVE-2017-2331 (A firewall bypass vulnerability in Juniper Networks NorthStar Controll ...) + NOT-FOR-US: Juniper +CVE-2017-2330 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2329 (An insufficient authentication vulnerability in Juniper Networks North ...) + NOT-FOR-US: Juniper +CVE-2017-2328 (An information leak vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2327 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2326 (An information disclosure vulnerability in Juniper Networks NorthStar ...) + NOT-FOR-US: Juniper +CVE-2017-2325 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...) + NOT-FOR-US: Juniper +CVE-2017-2324 (A command injection vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2323 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2322 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2321 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) + NOT-FOR-US: Juniper +CVE-2017-2320 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) + NOT-FOR-US: Juniper +CVE-2017-2319 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) + NOT-FOR-US: Juniper +CVE-2017-2318 (A vulnerability in Juniper Networks NorthStar Controller Application p ...) + NOT-FOR-US: Juniper +CVE-2017-2317 (A denial of service vulnerability in Juniper Networks NorthStar Contro ...) + NOT-FOR-US: Juniper +CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar Controll ...) + NOT-FOR-US: Juniper +CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...) + NOT-FOR-US: Juniper +CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing protocol ...) + NOT-FOR-US: Juniper +CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be imp ...) + NOT-FOR-US: Juniper +CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and wit ...) + NOT-FOR-US: Juniper +CVE-2017-2311 (On Juniper Networks Junos Space versions prior to 16.1R1, an unauthent ...) + NOT-FOR-US: Juniper +CVE-2017-2310 (A firewall bypass vulnerability in the host based firewall of Juniper ...) + NOT-FOR-US: Juniper +CVE-2017-2309 (On Juniper Networks Junos Space versions prior to 16.1R1 when certific ...) + NOT-FOR-US: Juniper +CVE-2017-2308 (An XML External Entity Injection vulnerability in Juniper Networks Jun ...) + NOT-FOR-US: Juniper +CVE-2017-2307 (A reflected cross site scripting vulnerability in the administrative i ...) + NOT-FOR-US: Juniper +CVE-2017-2306 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...) + NOT-FOR-US: Juniper +CVE-2017-2305 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an in ...) + NOT-FOR-US: Juniper +CVE-2017-2304 (Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 ...) + NOT-FOR-US: Juniper +CVE-2017-2303 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...) + NOT-FOR-US: Juniper +CVE-2017-2302 (On Juniper Networks products or platforms running Junos OS 12.1X46 pri ...) + NOT-FOR-US: Juniper +CVE-2017-2301 (On Juniper Networks products or platforms running Junos OS 11.4 prior ...) + NOT-FOR-US: Juniper +CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis clusters runn ...) + NOT-FOR-US: Juniper +CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 mak ...) + - puppet-module-puppetlabs-apache 3.0.0-1 (bug #875983) + [stretch] - puppet-module-puppetlabs-apache (Minor issue) + [jessie] - puppet-module-puppetlabs-apache (Minor issue) + NOTE: https://puppet.com/security/cve/CVE-2017-2299 + NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/7bb35c2293c12ce52329a4391fe1f20389efef06 +CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...) + NOT-FOR-US: mcollective-sshkey-security plugin +CVE-2017-2297 (Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not corr ...) + - puppet (Specific to Puppet Enterprise) +CVE-2017-2296 (In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...) + - puppet (Specific to Puppet Enterprise) +CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...) + {DSA-3862-1 DLA-1012-1} + - puppet 4.8.2-5 (bug #863212) + NOTE: https://puppet.com/security/cve/cve-2017-2295 + NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea +CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...) + - puppet (Doesn't affect Puppet as shipped in Debian) + NOTE: Puppet as shipped in Debian doesn't provide puppetdb yet +CVE-2017-2293 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped wi ...) + - puppet (Specific to Puppet Enterprise) +CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...) + - mcollective 2.12.0+dfsg-1 (bug #866711) + [jessie] - mcollective (Minor issue) + [wheezy] - mcollective (Minor issue) + NOTE: https://puppet.com/security/cve/cve-2017-2292 + NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0 +CVE-2017-2291 + RESERVED +CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, versi ...) + NOT-FOR-US: mcollective-puppet-agent plugin on Windows +CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station connec ...) + NOT-FOR-US: Installer of Qua station connection tool for Windows +CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...) + NOT-FOR-US: LhaForge +CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover Ver.1 ...) + NOT-FOR-US: NFC Port Software remover +CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software Version 5.5.0 ...) + NOT-FOR-US: NFC Port Software +CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS prior t ...) + NOT-FOR-US: Simple Custom CSS and JS +CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to version 1.6 ...) + NOT-FOR-US: Popup Maker +CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credential ...) + NOT-FOR-US: WN-G300R3 firmware +CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allow ...) + NOT-FOR-US: WN-AX1167GR firmware +CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an attacker to ex ...) + NOT-FOR-US: WN-AX1167GR firmware +CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded credentia ...) + NOT-FOR-US: WN-AX1167GR firmware +CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier al ...) + NOT-FOR-US: Tween +CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEE ...) + NOT-FOR-US: RBB SPEED TEST App +CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access restric ...) + NOT-FOR-US: WG-C10 +CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ex ...) + NOT-FOR-US: WG-C10 +CVE-2017-2275 (WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS ...) + NOT-FOR-US: WG-C10 +CVE-2017-2274 (Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and ea ...) + NOT-FOR-US: WMR-433* firmware +CVE-2017-2273 (Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ve ...) + NOT-FOR-US: WMR-433* firmware +CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...) + NOT-FOR-US: AttacheCase +CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...) + NOT-FOR-US: AttacheCase +CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in self-decrypt ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver ...) + NOT-FOR-US: FileCapsule Deluxe Portable +CVE-2017-2264 + RESERVED +CVE-2017-2263 + RESERVED +CVE-2017-2262 + RESERVED +CVE-2017-2261 + RESERVED +CVE-2017-2260 + RESERVED +CVE-2017-2259 + RESERVED +CVE-2017-2258 (Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 allo ...) + NOT-FOR-US: Cybozu +CVE-2017-2257 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...) + NOT-FOR-US: Cybozu +CVE-2017-2256 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 all ...) + NOT-FOR-US: Cybozu +CVE-2017-2255 (Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 all ...) + NOT-FOR-US: Cybozu +CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of s ...) + NOT-FOR-US: Cybozu +CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar (fo ...) + NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer) +CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files c ...) + NOT-FOR-US: File Compact +CVE-2017-2251 + RESERVED +CVE-2017-2250 + RESERVED +CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive files c ...) + NOT-FOR-US: Lhaz+ +CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+ version 3.4. ...) + NOT-FOR-US: Lhaz+ +CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive files c ...) + NOT-FOR-US: Lhaz +CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 ...) + NOT-FOR-US: Lhaz +CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to vers ...) + NOT-FOR-US: Shortcodes Ultimate +CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN firmwar ...) + NOT-FOR-US: MFC-J960DWN firmware +CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ver ...) + NOT-FOR-US: Responsive Lightbox +CVE-2017-2242 (Untrusted search path vulnerability in Flets Setsuzoku Tool for Window ...) + NOT-FOR-US: Flets Setsuzoku Tool for Windows +CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and e ...) + NOT-FOR-US: AssetView for MacOS +CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and ...) + NOT-FOR-US: AssetView for MacOS +CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access loca ...) + NOT-FOR-US: Marp +CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home gatewa ...) + NOT-FOR-US: Toshiba Home gateway HEM-GW16A +CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) + NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware +CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) + NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware +CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) + NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware +CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and earlie ...) + NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware +CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital Signat ...) + NOT-FOR-US: PDF Digital Signature Plugin +CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo Sof ...) + NOT-FOR-US: Installer of Shinseiyo Sogo Soft +CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT DenshiSei ...) + NOT-FOR-US: installer of MLIT DenshiSeikabutsuSakuseiShienKensa system +CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check P ...) + NOT-FOR-US: Douro Kouji Kanseizutou Check Program +CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...) + NOT-FOR-US: Douroshisetu Kihon Data Sakusei System +CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien To ...) + NOT-FOR-US: Teikihoukokusho Sakuseishien Tool +CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP V ...) + NOT-FOR-US: installer of Charamin OMP +CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance preparati ...) + NOT-FOR-US: e-Tax +CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...) + NOT-FOR-US: EbidSettingChecker.exe +CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to versi ...) + NOT-FOR-US: Event Calendar WD +CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM ...) + NOT-FOR-US: TS-WPTCAM +CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version 3.1. ...) + NOT-FOR-US: WP-Members +CVE-2017-2221 (Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1 ...) + NOT-FOR-US: Installer of Baidu IME +CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator ...) + NOT-FOR-US: Installer of CASL II simulator +CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] instal ...) + NOT-FOR-US: Simeji +CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for Wind ...) + NOT-FOR-US: Installer of QuickTime for Windows +CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ver ...) + NOT-FOR-US: WordPress Download Manager +CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...) + NOT-FOR-US: WordPress Download Manager +CVE-2017-2215 (Untrusted search path vulnerability in Installer of "Setup file of adv ...) + NOT-FOR-US: Installer of "Setup file of advance preparation" +CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...) + NOT-FOR-US: AppCheck +CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EX ...) + NOT-FOR-US: SemiDynaEXE +CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. ...) + NOT-FOR-US: TKY2JGD +CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101. ...) + NOT-FOR-US: PatchJGD +CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...) + NOT-FOR-US: PatchJGD +CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo Sak ...) + NOT-FOR-US: Houkokusyo Sakusei Shien Tool +CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic tenderi ...) + NOT-FOR-US: Installer of Electronic tendering and bid opening system +CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...) + NOT-FOR-US: SaAT Personal +CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen v ...) + NOT-FOR-US: SaAT Netizen +CVE-2017-2205 + RESERVED +CVE-2017-2204 + RESERVED +CVE-2017-2203 + RESERVED +CVE-2017-2202 + RESERVED +CVE-2017-2201 + RESERVED +CVE-2017-2200 + RESERVED +CVE-2017-2199 + RESERVED +CVE-2017-2198 + RESERVED +CVE-2017-2197 + RESERVED +CVE-2017-2196 + RESERVED +CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...) + NOT-FOR-US: Multi Feed Reader plugin for wordpress +CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying to ...) + NOT-FOR-US: iCodeChecker +CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...) + NOT-FOR-US: Tera Term +CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify executio ...) + NOT-FOR-US: RW5100 installer +CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for Wi ...) + NOT-FOR-US: RW5100 installer +CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify executio ...) + NOT-FOR-US: RW4040 +CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for Wi ...) + NOT-FOR-US: RW4040 +CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...) + NOT-FOR-US: Installer of Denshinouhin Check System +CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ve ...) + NOT-FOR-US: WP Live Chat +CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...) + NOT-FOR-US: HOME SPOT CUBE2 firmware +CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...) + NOT-FOR-US: HOME SPOT CUBE2 firmware +CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...) + NOT-FOR-US: HOME SPOT CUBE2 firmware +CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attacke ...) + NOT-FOR-US: HOME SPOT CUBE2 firmware +CVE-2017-2182 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool +CVE-2017-2181 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool +CVE-2017-2180 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool +CVE-2017-2179 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool +CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic tenderi ...) + NOT-FOR-US: electronic tendering and bid opening system +CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki Densh ...) + NOT-FOR-US: Shogyo Touki Denshi Ninsho +CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers (jasdf_0 ...) + NOT-FOR-US: screensaver installers for Windows +CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - eXt ...) + NOT-FOR-US: Empirical Project Monitor - eXtended +CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...) + NOT-FOR-US: Empirical Project Monitor - eXtended +CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - eXte ...) + NOT-FOR-US: Empirical Project Monitor - eXtended +CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 t ...) + NOT-FOR-US: Cybozu +CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...) + NOT-FOR-US: WordPress plugins provided by BestWebSoft +CVE-2017-2170 + RESERVED +CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to version 6.19 ...) + NOT-FOR-US: MaxButtons plugin for WordPress +CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free version p ...) + NOT-FOR-US: WP Booking System +CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive Deskto ...) + NOT-FOR-US: PrimeDrive +CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...) + NOT-FOR-US: GroupSession +CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated at ...) + NOT-FOR-US: GroupSession +CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 an ...) + NOT-FOR-US: SOY CMS +CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 a ...) + NOT-FOR-US: SOY CMS +CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier ...) + NOT-FOR-US: FlashAirTM +CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series ) V3.00.02 and earlier ...) + NOT-FOR-US: FlashAirTM +CVE-2017-2160 + RESERVED +CVE-2017-2159 + RESERVED +CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus version ...) + NOT-FOR-US: Lhaplus +CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public Certi ...) + NOT-FOR-US: The Public Certification Service +CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows p ...) + NOT-FOR-US: Vivaldi installer Windows +CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...) + NOT-FOR-US: Hoozin Viewer +CVE-2017-2154 (Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanak ...) + NOT-FOR-US: Booking Calendar +CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5. ...) + NOT-FOR-US: SEIL +CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...) + NOT-FOR-US: WNC01WH firmware +CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...) + NOT-FOR-US: Booking Calendar +CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and ...) + NOT-FOR-US: Booking Calendar +CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for ...) + NOT-FOR-US: installers of the software for SDHC/SDXC Memory Cards +CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.0 ...) + NOT-FOR-US: WN-AC1167GR firmware +CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) + NOT-FOR-US: WP Statistics +CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 all ...) + NOT-FOR-US: Cybozu Garoon +CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows ...) + NOT-FOR-US: Cybozu Garoon +CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another use ...) + NOT-FOR-US: Cybozu Garoon +CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...) + NOT-FOR-US: CS-Cart +CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remo ...) + NOT-FOR-US: WN-G300R3 firmware +CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with administrato ...) + NOT-FOR-US: WN-G300R3 firmware +CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be e ...) + NOT-FOR-US: Tablacus Explorer +CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS ...) + NOT-FOR-US: CS-Cart +CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese Ed ...) + NOT-FOR-US: CS-Cart +CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attac ...) + NOT-FOR-US: ProSAFE Plus Configuration Utility +CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...) + NOT-FOR-US: WP Statistics +CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...) + NOT-FOR-US: WP Statistics +CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...) + NOT-FOR-US: ASSETBASE +CVE-2017-2133 (SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices ...) + NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices +CVE-2017-2132 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...) + NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices +CVE-2017-2131 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or H ...) + NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices +CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall Clie ...) + NOT-FOR-US: installer of PhishWall Client Internet Explorer +CVE-2017-2129 + RESERVED +CVE-2017-2128 (Security guide for website operators allows remote attackers to execut ...) + NOT-FOR-US: Security guide for website operators +CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...) + NOT-FOR-US: YOP Poll +CVE-2017-2126 (WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1 ...) + NOT-FOR-US: WAPM-* firmware +CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote authe ...) + NOT-FOR-US: CentreCOM AR260S +CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) + NOT-FOR-US: OneThird CMS +CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...) + NOT-FOR-US: OneThird CMS +CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6. ...) + NOT-FOR-US: Nessus +CVE-2017-2121 + RESERVED +CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...) + NOT-FOR-US: WBCE CMS +CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allow ...) + NOT-FOR-US: WBCE CMS +CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allo ...) + NOT-FOR-US: WBCE CMS +CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5 ...) + NOT-FOR-US: CubeCart +CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...) + NOT-FOR-US: Cybozu +CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers t ...) + NOT-FOR-US: Cybozu +CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 a ...) + NOT-FOR-US: Cybozu +CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPT ...) + NOT-FOR-US: firmware in network cameras by I-O DATA +CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware versi ...) + NOT-FOR-US: firmware in network cameras by I-O DATA +CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...) + NOT-FOR-US: firmware in network cameras by I-O DATA +CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2. ...) + NOT-FOR-US: CX App for Android +CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ob ...) + NOT-FOR-US: Cybozu +CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application ...) + NOT-FOR-US: PrimeDrive Desktop Application +CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files c ...) + NOT-FOR-US: 7-ZIP32.DLL +CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...) + - webmin +CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 certi ...) + NOT-FOR-US: TVer App for Android +CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not veri ...) + NOT-FOR-US: Business LaLa Call App for Android +CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...) + NOT-FOR-US: LaLa Call App for Android +CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerabil ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application +CVE-2017-2101 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application +CVE-2017-2100 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application +CVE-2017-2099 (Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3. ...) + NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application +CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) + NOT-FOR-US: CubeCart +CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...) + NOT-FOR-US: Knowledge +CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...) + NOT-FOR-US: smalruby-editor +CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu +CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu +CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens u ...) + NOT-FOR-US: Cybozu +CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 all ...) + NOT-FOR-US: Cybozu +CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...) + NOT-FOR-US: Cybozu +CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...) + NOT-FOR-US: CubeCart +CVE-2017-2089 + REJECTED +CVE-2017-2088 + REJECTED +CVE-2017-2087 + REJECTED +CVE-2017-2086 + REJECTED +CVE-2017-2085 + REJECTED +CVE-2017-2084 + REJECTED +CVE-2017-2083 + REJECTED +CVE-2017-2082 + REJECTED +CVE-2017-2081 + REJECTED +CVE-2017-2080 + REJECTED +CVE-2017-2079 + REJECTED +CVE-2017-2078 + REJECTED +CVE-2017-2077 + REJECTED +CVE-2017-2076 + REJECTED +CVE-2017-2075 + REJECTED +CVE-2017-2074 + REJECTED +CVE-2017-2073 + REJECTED +CVE-2017-2072 + REJECTED +CVE-2017-2071 + REJECTED +CVE-2017-2070 + REJECTED +CVE-2017-2069 + REJECTED +CVE-2017-2068 + REJECTED +CVE-2017-2067 + REJECTED +CVE-2017-2066 + REJECTED +CVE-2017-2065 + REJECTED +CVE-2017-2064 + REJECTED +CVE-2017-2063 + REJECTED +CVE-2017-2062 + REJECTED +CVE-2017-2061 + REJECTED +CVE-2017-2060 + REJECTED +CVE-2017-2059 + REJECTED +CVE-2017-2058 + REJECTED +CVE-2017-2057 + REJECTED +CVE-2017-2056 + REJECTED +CVE-2017-2055 + REJECTED +CVE-2017-2054 + REJECTED +CVE-2017-2053 + REJECTED +CVE-2017-2052 + REJECTED +CVE-2017-2051 + REJECTED +CVE-2017-2050 + REJECTED +CVE-2017-2049 + REJECTED +CVE-2017-2048 + REJECTED +CVE-2017-2047 + REJECTED +CVE-2017-2046 + REJECTED +CVE-2017-2045 + REJECTED +CVE-2017-2044 + REJECTED +CVE-2017-2043 + REJECTED +CVE-2017-2042 + REJECTED +CVE-2017-2041 + REJECTED +CVE-2017-2040 + REJECTED +CVE-2017-2039 + REJECTED +CVE-2017-2038 + REJECTED +CVE-2017-2037 + REJECTED +CVE-2017-2036 + REJECTED +CVE-2017-2035 + REJECTED +CVE-2017-2034 + REJECTED +CVE-2017-2033 + REJECTED +CVE-2017-2032 + REJECTED +CVE-2017-2031 + REJECTED +CVE-2017-2030 + REJECTED +CVE-2017-2029 + REJECTED +CVE-2017-2028 + REJECTED +CVE-2017-2027 + REJECTED +CVE-2017-2026 + REJECTED +CVE-2017-2025 + REJECTED +CVE-2017-2024 + REJECTED +CVE-2017-2023 + REJECTED +CVE-2017-2022 + REJECTED +CVE-2017-2021 + REJECTED +CVE-2017-2020 + REJECTED +CVE-2017-2019 + REJECTED +CVE-2017-2018 + REJECTED +CVE-2017-2017 + REJECTED +CVE-2017-2016 + REJECTED +CVE-2017-2015 + REJECTED +CVE-2017-2014 + REJECTED +CVE-2017-2013 + REJECTED +CVE-2017-2012 + REJECTED +CVE-2017-2011 + REJECTED +CVE-2017-2010 + REJECTED +CVE-2017-2009 + REJECTED +CVE-2017-2008 + REJECTED +CVE-2017-2007 + REJECTED +CVE-2017-2006 + REJECTED +CVE-2017-2005 + REJECTED +CVE-2017-2004 + REJECTED +CVE-2017-2003 + REJECTED +CVE-2017-2002 + REJECTED +CVE-2017-2001 + REJECTED +CVE-2017-2000 + REJECTED +CVE-2017-1999 + REJECTED +CVE-2017-1998 + REJECTED +CVE-2017-1997 + REJECTED +CVE-2017-1996 + REJECTED +CVE-2017-1995 + REJECTED +CVE-2017-1994 + REJECTED +CVE-2017-1993 + REJECTED +CVE-2017-1992 + REJECTED +CVE-2017-1991 + REJECTED +CVE-2017-1990 + REJECTED +CVE-2017-1989 + REJECTED +CVE-2017-1988 + REJECTED +CVE-2017-1987 + REJECTED +CVE-2017-1986 + REJECTED +CVE-2017-1985 + REJECTED +CVE-2017-1984 + REJECTED +CVE-2017-1983 + REJECTED +CVE-2017-1982 + REJECTED +CVE-2017-1981 + REJECTED +CVE-2017-1980 + REJECTED +CVE-2017-1979 + REJECTED +CVE-2017-1978 + REJECTED +CVE-2017-1977 + REJECTED +CVE-2017-1976 + REJECTED +CVE-2017-1975 + REJECTED +CVE-2017-1974 + REJECTED +CVE-2017-1973 + REJECTED +CVE-2017-1972 + REJECTED +CVE-2017-1971 + REJECTED +CVE-2017-1970 + REJECTED +CVE-2017-1969 + REJECTED +CVE-2017-1968 + REJECTED +CVE-2017-1967 + REJECTED +CVE-2017-1966 + REJECTED +CVE-2017-1965 + REJECTED +CVE-2017-1964 + REJECTED +CVE-2017-1963 + REJECTED +CVE-2017-1962 + REJECTED +CVE-2017-1961 + REJECTED +CVE-2017-1960 + REJECTED +CVE-2017-1959 + REJECTED +CVE-2017-1958 + REJECTED +CVE-2017-1957 + REJECTED +CVE-2017-1956 + REJECTED +CVE-2017-1955 + REJECTED +CVE-2017-1954 + REJECTED +CVE-2017-1953 + REJECTED +CVE-2017-1952 + REJECTED +CVE-2017-1951 + REJECTED +CVE-2017-1950 + REJECTED +CVE-2017-1949 + REJECTED +CVE-2017-1948 + REJECTED +CVE-2017-1947 + REJECTED +CVE-2017-1946 + REJECTED +CVE-2017-1945 + REJECTED +CVE-2017-1944 + REJECTED +CVE-2017-1943 + REJECTED +CVE-2017-1942 + REJECTED +CVE-2017-1941 + REJECTED +CVE-2017-1940 + REJECTED +CVE-2017-1939 + REJECTED +CVE-2017-1938 + REJECTED +CVE-2017-1937 + REJECTED +CVE-2017-1936 + REJECTED +CVE-2017-1935 + REJECTED +CVE-2017-1934 + REJECTED +CVE-2017-1933 + REJECTED +CVE-2017-1932 + REJECTED +CVE-2017-1931 + REJECTED +CVE-2017-1930 + REJECTED +CVE-2017-1929 + REJECTED +CVE-2017-1928 + REJECTED +CVE-2017-1927 + REJECTED +CVE-2017-1926 + REJECTED +CVE-2017-1925 + REJECTED +CVE-2017-1924 + REJECTED +CVE-2017-1923 + REJECTED +CVE-2017-1922 + REJECTED +CVE-2017-1921 + REJECTED +CVE-2017-1920 + REJECTED +CVE-2017-1919 + REJECTED +CVE-2017-1918 + REJECTED +CVE-2017-1917 + REJECTED +CVE-2017-1916 + REJECTED +CVE-2017-1915 + REJECTED +CVE-2017-1914 + REJECTED +CVE-2017-1913 + REJECTED +CVE-2017-1912 + REJECTED +CVE-2017-1911 + REJECTED +CVE-2017-1910 + REJECTED +CVE-2017-1909 + REJECTED +CVE-2017-1908 + REJECTED +CVE-2017-1907 + REJECTED +CVE-2017-1906 + REJECTED +CVE-2017-1905 + REJECTED +CVE-2017-1904 + REJECTED +CVE-2017-1903 + REJECTED +CVE-2017-1902 + REJECTED +CVE-2017-1901 + REJECTED +CVE-2017-1900 + REJECTED +CVE-2017-1899 + REJECTED +CVE-2017-1898 + REJECTED +CVE-2017-1897 + REJECTED +CVE-2017-1896 + REJECTED +CVE-2017-1895 + REJECTED +CVE-2017-1894 + REJECTED +CVE-2017-1893 + REJECTED +CVE-2017-1892 + REJECTED +CVE-2017-1891 + REJECTED +CVE-2017-1890 + REJECTED +CVE-2017-1889 + REJECTED +CVE-2017-1888 + REJECTED +CVE-2017-1887 + REJECTED +CVE-2017-1886 + REJECTED +CVE-2017-1885 + REJECTED +CVE-2017-1884 + REJECTED +CVE-2017-1883 + REJECTED +CVE-2017-1882 + REJECTED +CVE-2017-1881 + REJECTED +CVE-2017-1880 + REJECTED +CVE-2017-1879 + REJECTED +CVE-2017-1878 + REJECTED +CVE-2017-1877 + REJECTED +CVE-2017-1876 + REJECTED +CVE-2017-1875 + REJECTED +CVE-2017-1874 + REJECTED +CVE-2017-1873 + REJECTED +CVE-2017-1872 + REJECTED +CVE-2017-1871 + REJECTED +CVE-2017-1870 + REJECTED +CVE-2017-1869 + REJECTED +CVE-2017-1868 + REJECTED +CVE-2017-1867 + REJECTED +CVE-2017-1866 + REJECTED +CVE-2017-1865 + REJECTED +CVE-2017-1864 + REJECTED +CVE-2017-1863 + REJECTED +CVE-2017-1862 + REJECTED +CVE-2017-1861 + REJECTED +CVE-2017-1860 + REJECTED +CVE-2017-1859 + REJECTED +CVE-2017-1858 + REJECTED +CVE-2017-1857 + REJECTED +CVE-2017-1856 + REJECTED +CVE-2017-1855 + REJECTED +CVE-2017-1854 + REJECTED +CVE-2017-1853 + REJECTED +CVE-2017-1852 + REJECTED +CVE-2017-1851 + REJECTED +CVE-2017-1850 + REJECTED +CVE-2017-1849 + REJECTED +CVE-2017-1848 + REJECTED +CVE-2017-1847 + REJECTED +CVE-2017-1846 + REJECTED +CVE-2017-1845 + REJECTED +CVE-2017-1844 + REJECTED +CVE-2017-1843 + REJECTED +CVE-2017-1842 + REJECTED +CVE-2017-1841 + REJECTED +CVE-2017-1840 + REJECTED +CVE-2017-1839 + REJECTED +CVE-2017-1838 + REJECTED +CVE-2017-1837 + REJECTED +CVE-2017-1836 + REJECTED +CVE-2017-1835 + REJECTED +CVE-2017-1834 + REJECTED +CVE-2017-1833 + REJECTED +CVE-2017-1832 + REJECTED +CVE-2017-1831 + REJECTED +CVE-2017-1830 + REJECTED +CVE-2017-1829 + REJECTED +CVE-2017-1828 + REJECTED +CVE-2017-1827 + REJECTED +CVE-2017-1826 + REJECTED +CVE-2017-1825 + REJECTED +CVE-2017-1824 + REJECTED +CVE-2017-1823 + REJECTED +CVE-2017-1822 + REJECTED +CVE-2017-1821 + REJECTED +CVE-2017-1820 + REJECTED +CVE-2017-1819 + REJECTED +CVE-2017-1818 + REJECTED +CVE-2017-1817 + REJECTED +CVE-2017-1816 + REJECTED +CVE-2017-1815 + REJECTED +CVE-2017-1814 + REJECTED +CVE-2017-1813 + REJECTED +CVE-2017-1812 + REJECTED +CVE-2017-1811 + REJECTED +CVE-2017-1810 + RESERVED +CVE-2017-1809 + RESERVED +CVE-2017-1808 + RESERVED +CVE-2017-1807 + RESERVED +CVE-2017-1806 + RESERVED +CVE-2017-1805 + RESERVED +CVE-2017-1804 + RESERVED +CVE-2017-1803 + RESERVED +CVE-2017-1802 + RESERVED +CVE-2017-1801 + RESERVED +CVE-2017-1800 + RESERVED +CVE-2017-1799 + RESERVED +CVE-2017-1798 + RESERVED +CVE-2017-1797 + RESERVED +CVE-2017-1796 + RESERVED +CVE-2017-1795 (IBM WebSphere MQ 7.5, 8.0, and 9.0 through 9.0.4 could allow a local u ...) + NOT-FOR-US: IBM WebSphere MQ +CVE-2017-1794 (IBM Tivoli Monitoring 6.2.3 through 6.2.3.5 and 6.3.0 through 6.3.0.7 ...) + NOT-FOR-US: IBM +CVE-2017-1793 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) + NOT-FOR-US: IBM +CVE-2017-1792 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) + NOT-FOR-US: IBM +CVE-2017-1791 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) + NOT-FOR-US: IBM +CVE-2017-1790 (IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through ...) + NOT-FOR-US: IBM DOORS Next Generation +CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticate ...) + NOT-FOR-US: IBM +CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login coul ...) + NOT-FOR-US: IBM +CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerab ...) + NOT-FOR-US: IBM Publishing Engine +CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under speci ...) + NOT-FOR-US: IBM +CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote us ...) + NOT-FOR-US: IBM API Connect +CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files tha ...) + NOT-FOR-US: IBM Cognos Analytics +CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change parameter ...) + NOT-FOR-US: IBM Cognos Analytics +CVE-2017-1782 + RESERVED +CVE-2017-1781 + RESERVED +CVE-2017-1780 + RESERVED +CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that ...) + NOT-FOR-US: IBM Cognos Analytics +CVE-2017-1778 + RESERVED +CVE-2017-1777 + RESERVED +CVE-2017-1776 + RESERVED +CVE-2017-1775 + RESERVED +CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses sen ...) + NOT-FOR-US: IBM Security Guardium Big Data Intelligence +CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...) + NOT-FOR-US: IBM DataPower Gateways +CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and ...) + NOT-FOR-US: IBM +CVE-2017-1771 + RESERVED +CVE-2017-1770 + RESERVED +CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request f ...) + NOT-FOR-US: IBM Business Process Manager +CVE-2017-1768 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 generates an ...) + NOT-FOR-US: IBM +CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM +CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...) + NOT-FOR-US: IBM +CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user wit ...) + NOT-FOR-US: IBM +CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, u ...) + NOT-FOR-US: IBM +CVE-2017-1763 + RESERVED +CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) + NOT-FOR-US: IBM +CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM WebSphere Portal +CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash t ...) + NOT-FOR-US: IBM WebSphere MQ +CVE-2017-1759 + RESERVED +CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform +CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote at ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...) + NOT-FOR-US: IBM +CVE-2017-1755 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1754 + RESERVED +CVE-2017-1753 (Multiple IBM Rational products are vulnerable to HTML injection. A rem ...) + NOT-FOR-US: IBM +CVE-2017-1752 (IBM UrbanCode Deploy 6.1 and 6.2 could allow an authenticated privileg ...) + NOT-FOR-US: IBM UrbanCode Deploy +CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vuln ...) + NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere +CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through 6.0 ...) + NOT-FOR-US: IBM Jazz Reporting Service +CVE-2017-1749 (IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker ...) + NOT-FOR-US: IBM UrbanCode Deploy +CVE-2017-1748 (IBM Connections 5.0, 5.5, and 6.0 could allow a remote attacker to con ...) + NOT-FOR-US: IBM +CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM Web ...) + NOT-FOR-US: IBM +CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...) + NOT-FOR-US: IBM Jazz for Service Management +CVE-2017-1745 + RESERVED +CVE-2017-1744 + RESERVED +CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + NOT-FOR-US: IBM +CVE-2017-1742 + RESERVED +CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + NOT-FOR-US: IBM +CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7. ...) + NOT-FOR-US: IBM Curam Social Program Management +CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...) + NOT-FOR-US: IBM Curam Social Program Management +CVE-2017-1738 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 c ...) + NOT-FOR-US: IBM +CVE-2017-1737 + RESERVED +CVE-2017-1736 + RESERVED +CVE-2017-1735 + RESERVED +CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) + NOT-FOR-US: IBM +CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files t ...) + NOT-FOR-US: IBM +CVE-2017-1732 (IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does n ...) + NOT-FOR-US: IBM +CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...) + NOT-FOR-US: IBM WebSphere Application Server +CVE-2017-1730 + RESERVED +CVE-2017-1729 (IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 a ...) + NOT-FOR-US: IBM +CVE-2017-1728 + RESERVED +CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1726 + RESERVED +CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) + NOT-FOR-US: IBM +CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scrip ...) + NOT-FOR-US: IBM Security QRadar SIEM +CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to ...) + NOT-FOR-US: IBM Security QRadar SIEM +CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...) + NOT-FOR-US: IBM Security QRadar SIEM +CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated us ...) + NOT-FOR-US: IBM Security QRadar SIEM +CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrar ...) + NOT-FOR-US: IBM Notes +CVE-2017-1719 + RESERVED +CVE-2017-1718 + RESERVED +CVE-2017-1717 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose s ...) + NOT-FOR-US: IBM Tivoli Workload Scheduler +CVE-2017-1715 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated loca ...) + NOT-FOR-US: IBM Notes and Domino NSD +CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...) + NOT-FOR-US: IBM +CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the Domino serv ...) + NOT-FOR-US: IBM +CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...) + NOT-FOR-US: IBM iNotes +CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (20 ...) + NOT-FOR-US: IBM +CVE-2017-1709 + RESERVED +CVE-2017-1708 + RESERVED +CVE-2017-1707 + RESERVED +CVE-2017-1706 + RESERVED +CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, sen ...) + NOT-FOR-US: IBM +CVE-2017-1704 + RESERVED +CVE-2017-1703 + RESERVED +CVE-2017-1702 + RESERVED +CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, 6. ...) + NOT-FOR-US: IBM +CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: Co ...) + NOT-FOR-US: IBM +CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure permissio ...) + NOT-FOR-US: IBM MQ Managed File Transfer Agent +CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive inf ...) + NOT-FOR-US: IBM WebSphere Portal +CVE-2017-1697 + RESERVED +CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...) + NOT-FOR-US: IBM QRadar +CVE-2017-1695 (IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic al ...) + NOT-FOR-US: IBM +CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain i ...) + NOT-FOR-US: IBM Integration Bus +CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has capt ...) + NOT-FOR-US: IBM Integration Bus +CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability t ...) + NOT-FOR-US: IBM AIX +CVE-2017-1691 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1690 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1689 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2017-1688 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2017-1687 + RESERVED +CVE-2017-1686 + RESERVED +CVE-2017-1685 + RESERVED +CVE-2017-1684 + RESERVED +CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site scri ...) + NOT-FOR-US: IBM Connections Engagement Center +CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM Connections +CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...) + NOT-FOR-US: IBM WebSphere Application Server +CVE-2017-1680 + RESERVED +CVE-2017-1679 (IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attac ...) + NOT-FOR-US: IBM +CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...) + NOT-FOR-US: IBM +CVE-2017-1676 + RESERVED +CVE-2017-1675 + RESERVED +CVE-2017-1674 + RESERVED +CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cr ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to cross-si ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQ ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive in ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remot ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1667 + RESERVED +CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ex ...) + NOT-FOR-US: IBM Tivoli Key Lifecycle Manager +CVE-2017-1663 + RESERVED +CVE-2017-1662 + RESERVED +CVE-2017-1661 + RESERVED +CVE-2017-1660 + RESERVED +CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerabili ...) + NOT-FOR-US: HCL iNotes +CVE-2017-1658 + RESERVED +CVE-2017-1657 + RESERVED +CVE-2017-1656 + RESERVED +CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) + NOT-FOR-US: IBM +CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local unprivi ...) + NOT-FOR-US: IBM +CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 6 ...) + NOT-FOR-US: IBM Jazz Foundation +CVE-2017-1652 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1651 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2017-1649 (IBM Rational Quality Manager (RQM) 5.0 through 5.02 and 6.0 through 6. ...) + NOT-FOR-US: IBM +CVE-2017-1648 + RESERVED +CVE-2017-1647 + RESERVED +CVE-2017-1646 + RESERVED +CVE-2017-1645 + RESERVED +CVE-2017-1644 + RESERVED +CVE-2017-1643 + RESERVED +CVE-2017-1642 + RESERVED +CVE-2017-1641 + RESERVED +CVE-2017-1640 + RESERVED +CVE-2017-1639 + RESERVED +CVE-2017-1638 + RESERVED +CVE-2017-1637 + RESERVED +CVE-2017-1636 + RESERVED +CVE-2017-1635 (IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to exec ...) + NOT-FOR-US: IBM Tivoli Monitoring +CVE-2017-1634 + RESERVED +CVE-2017-1633 (IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authentic ...) + NOT-FOR-US: IBM +CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM Sterling File Gateway +CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is vulne ...) + NOT-FOR-US: IBM Jazz for Service Management +CVE-2017-1630 + RESERVED +CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) + NOT-FOR-US: IBM +CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to sto ...) + NOT-FOR-US: IBM +CVE-2017-1627 + RESERVED +CVE-2017-1626 + RESERVED +CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...) + NOT-FOR-US: IBM +CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...) + NOT-FOR-US: IBM +CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM QRadar +CVE-2017-1622 (IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly valida ...) + NOT-FOR-US: IBM +CVE-2017-1621 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1620 + RESERVED +CVE-2017-1619 + RESERVED +CVE-2017-1618 + RESERVED +CVE-2017-1617 + RESERVED +CVE-2017-1616 + RESERVED +CVE-2017-1615 + RESERVED +CVE-2017-1614 + RESERVED +CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...) + NOT-FOR-US: IBM Connections +CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module coul ...) + NOT-FOR-US: IBM WebSphere MQ +CVE-2017-1611 + RESERVED +CVE-2017-1610 + RESERVED +CVE-2017-1609 (IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are ...) + NOT-FOR-US: IBM +CVE-2017-1608 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) 3.0.0. ...) + NOT-FOR-US: IBM Financial Transaction Manager +CVE-2017-1605 + RESERVED +CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM Maximo Anywhere +CVE-2017-1603 + RESERVED +CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6. ...) + NOT-FOR-US: IBM +CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database A ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1599 + RESERVED +CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1597 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...) + NOT-FOR-US: IBM +CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a loc ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1594 + RESERVED +CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1592 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1590 + RESERVED +CVE-2017-1589 + RESERVED +CVE-2017-1588 + RESERVED +CVE-2017-1587 + RESERVED +CVE-2017-1586 + RESERVED +CVE-2017-1585 + RESERVED +CVE-2017-1584 + RESERVED +CVE-2017-1583 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix 3.1 ...) + NOT-FOR-US: IBM +CVE-2017-1582 + RESERVED +CVE-2017-1581 + RESERVED +CVE-2017-1580 + RESERVED +CVE-2017-1579 + RESERVED +CVE-2017-1578 + RESERVED +CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attac ...) + NOT-FOR-US: IBM +CVE-2017-1576 + RESERVED +CVE-2017-1575 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...) + NOT-FOR-US: IBM +CVE-2017-1574 + RESERVED +CVE-2017-1573 + RESERVED +CVE-2017-1572 + RESERVED +CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + NOT-FOR-US: IBM +CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to obta ...) + NOT-FOR-US: IBM +CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerabili ...) + NOT-FOR-US: IBM +CVE-2017-1568 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1567 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1566 + RESERVED +CVE-2017-1565 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1564 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1563 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1562 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1561 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1560 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1559 (Multiple IBM Rational products could disclose sensitive information by ...) + NOT-FOR-US: IBM +CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...) + NOT-FOR-US: IBM Maximo Asset Management +CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with au ...) + NOT-FOR-US: IBM WebSphere MQ +CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular exp ...) + NOT-FOR-US: IBM +CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated u ...) + NOT-FOR-US: IBM +CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attack ...) + NOT-FOR-US: IBM +CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injec ...) + NOT-FOR-US: IBM +CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2017-1550 (IBM Sterling File Gateway 2.2 could allow an authenticated user to cha ...) + NOT-FOR-US: IBM Sterling File Gateway +CVE-2017-1549 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM Sterling File Gateway +CVE-2017-1548 (IBM Sterling File Gateway 2.2 could allow a remote attacker to travers ...) + NOT-FOR-US: IBM Sterling File Gateway +CVE-2017-1547 + RESERVED +CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable t ...) + NOT-FOR-US: IBM DOORS Next Generation +CVE-2017-1545 (IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1544 (IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gatewa ...) + NOT-FOR-US: IBM +CVE-2017-1543 + RESERVED +CVE-2017-1542 + RESERVED +CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...) + NOT-FOR-US: IBM +CVE-2017-1540 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to privil ...) + NOT-FOR-US: IBM +CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + NOT-FOR-US: IBM +CVE-2017-1537 + RESERVED +CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 an ...) + NOT-FOR-US: IBM Support Tools for Lotus WCM +CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a re ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1532 (IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vuln ...) + NOT-FOR-US: IBM DOORS +CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...) + NOT-FOR-US: IBM +CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross- ...) + NOT-FOR-US: IBM +CVE-2017-1529 + RESERVED +CVE-2017-1528 + RESERVED +CVE-2017-1527 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML ...) + NOT-FOR-US: IBM +CVE-2017-1526 + RESERVED +CVE-2017-1525 + RESERVED +CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5 ...) + NOT-FOR-US: IBM +CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 cou ...) + NOT-FOR-US: IBM +CVE-2017-1522 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1521 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized com ...) + NOT-FOR-US: IBM +CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A re ...) + NOT-FOR-US: IBM +CVE-2017-1518 + RESERVED +CVE-2017-1517 + RESERVED +CVE-2017-1516 (IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hija ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1515 (IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to ...) + NOT-FOR-US: IBM Doors Web Access +CVE-2017-1514 + RESERVED +CVE-2017-1513 + RESERVED +CVE-2017-1512 + RESERVED +CVE-2017-1511 + RESERVED +CVE-2017-1510 + RESERVED +CVE-2017-1509 (IBM Jazz Foundation products could allow an authenticated user to obta ...) + NOT-FOR-US: IBM +CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in wi ...) + NOT-FOR-US: IBM +CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information duri ...) + NOT-FOR-US: IBM Jazz Foundation Products +CVE-2017-1506 (IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM Cognos TM1 +CVE-2017-1505 + RESERVED +CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide weaker ...) + NOT-FOR-US: IBM +CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2017-1502 (IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weake ...) + NOT-FOR-US: IBM +CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the aut ...) + NOT-FOR-US: IBM +CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...) + NOT-FOR-US: IBM Maximo Asset Management +CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This vulner ...) + NOT-FOR-US: IBM +CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...) + NOT-FOR-US: IBM +CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a pr ...) + NOT-FOR-US: IBM +CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM Business Process Manager +CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated us ...) + NOT-FOR-US: IBM UrbanCode Deploy +CVE-2017-1492 + RESERVED +CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...) + NOT-FOR-US: IBM +CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jazz Rep ...) + NOT-FOR-US: IBM +CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configu ...) + NOT-FOR-US: IBM +CVE-2017-1488 (An undisclosed vulnerability in Jazz common products exists with poten ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...) + NOT-FOR-US: IBM +CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...) + NOT-FOR-US: IBM +CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) + NOT-FOR-US: IBM +CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...) + NOT-FOR-US: IBM +CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...) + NOT-FOR-US: IBM +CVE-2017-1480 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1479 + RESERVED +CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be sto ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML Ext ...) + NOT-FOR-US: IBM +CVE-2017-1476 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1475 + RESERVED +CVE-2017-1474 (IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, an ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...) + NOT-FOR-US: IBM +CVE-2017-1472 + RESERVED +CVE-2017-1471 + RESERVED +CVE-2017-1470 + RESERVED +CVE-2017-1469 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...) + NOT-FOR-US: IBM +CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a lo ...) + NOT-FOR-US: IBM +CVE-2017-1467 (A network layer security vulnerability in InfoSphere Information Serve ...) + NOT-FOR-US: IBM +CVE-2017-1466 + RESERVED +CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to hi ...) + NOT-FOR-US: IBM +CVE-2017-1464 + RESERVED +CVE-2017-1463 + RESERVED +CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...) + NOT-FOR-US: IBM Rhapsody DM +CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router sp ...) + NOT-FOR-US: IBM +CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permis ...) + NOT-FOR-US: IBM Security Access Manager Appliance +CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity ...) + NOT-FOR-US: IBM +CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM +CVE-2017-1456 + RESERVED +CVE-2017-1455 + RESERVED +CVE-2017-1454 + RESERVED +CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a remote authe ...) + NOT-FOR-US: IBM +CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...) + NOT-FOR-US: IBM +CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to co ...) + NOT-FOR-US: IBM +CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could all ...) + NOT-FOR-US: IBM +CVE-2017-1447 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2017-1444 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2017-1441 (IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to ...) + NOT-FOR-US: IBM +CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote attack ...) + NOT-FOR-US: IBM +CVE-2017-1439 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1438 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1437 + RESERVED +CVE-2017-1436 + RESERVED +CVE-2017-1435 + RESERVED +CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...) + NOT-FOR-US: IBM +CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user t ...) + NOT-FOR-US: IBM +CVE-2017-1432 + RESERVED +CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site s ...) + NOT-FOR-US: IBM +CVE-2017-1430 + RESERVED +CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the ...) + NOT-FOR-US: IBM +CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1426 + RESERVED +CVE-2017-1425 (IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross- ...) + NOT-FOR-US: IBM +CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripti ...) + NOT-FOR-US: IBM +CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are ...) + NOT-FOR-US: IBM WebSphere Portal +CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper verifi ...) + NOT-FOR-US: IBM +CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability a ...) + NOT-FOR-US: IBM iNotes +CVE-2017-1420 + RESERVED +CVE-2017-1419 + RESERVED +CVE-2017-1418 (IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (includ ...) + NOT-FOR-US: IBM +CVE-2017-1417 + RESERVED +CVE-2017-1416 + RESERVED +CVE-2017-1415 + RESERVED +CVE-2017-1414 + RESERVED +CVE-2017-1413 + RESERVED +CVE-2017-1412 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1411 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1410 + RESERVED +CVE-2017-1409 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1408 + RESERVED +CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allo ...) + NOT-FOR-US: IBM +CVE-2017-1406 + RESERVED +CVE-2017-1405 (IBM Security Identity Manager Virtual Appliance 7.0 processes patches, ...) + NOT-FOR-US: IBM Security Identity Manager Virtual Appliance +CVE-2017-1404 + RESERVED +CVE-2017-1403 + RESERVED +CVE-2017-1402 + RESERVED +CVE-2017-1401 + RESERVED +CVE-2017-1400 + RESERVED +CVE-2017-1399 + RESERVED +CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) + NOT-FOR-US: IBM +CVE-2017-1397 + RESERVED +CVE-2017-1396 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1395 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...) + NOT-FOR-US: IBM +CVE-2017-1394 + RESERVED +CVE-2017-1393 + RESERVED +CVE-2017-1392 + RESERVED +CVE-2017-1391 + RESERVED +CVE-2017-1390 + RESERVED +CVE-2017-1389 + RESERVED +CVE-2017-1388 + RESERVED +CVE-2017-1387 + RESERVED +CVE-2017-1386 (IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictio ...) + NOT-FOR-US: IBM +CVE-2017-1385 + RESERVED +CVE-2017-1384 + RESERVED +CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create f ...) + NOT-FOR-US: IBM +CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router (ODR ...) + NOT-FOR-US: IBM +CVE-2017-1380 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) dis ...) + NOT-FOR-US: IBM +CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error messages ...) + NOT-FOR-US: IBM +CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to disabl ...) + NOT-FOR-US: IBM JDK +CVE-2017-1375 (IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses we ...) + NOT-FOR-US: IBM +CVE-2017-1374 (Sensitive data can be exposed in the IBM TRIRIGA Application Platform ...) + NOT-FOR-US: IBM +CVE-2017-1373 (Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and ...) + NOT-FOR-US: IBM +CVE-2017-1372 (IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4 ...) + NOT-FOR-US: IBM +CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive ...) + NOT-FOR-US: IBM +CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1368 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1367 (IBM Security Identity Governance and Intelligence Virtual Appliance 5. ...) + NOT-FOR-US: IBM +CVE-2017-1366 (IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 ...) + NOT-FOR-US: IBM +CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle M ...) + NOT-FOR-US: IBM Team Concert +CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credent ...) + NOT-FOR-US: IBM +CVE-2017-1361 + RESERVED +CVE-2017-1360 + RESERVED +CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1358 + RESERVED +CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...) + NOT-FOR-US: IBM +CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL inj ...) + NOT-FOR-US: IBM +CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive informa ...) + NOT-FOR-US: IBM +CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to cross-s ...) + NOT-FOR-US: IBM +CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an authentic ...) + NOT-FOR-US: IBM +CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated u ...) + NOT-FOR-US: IBM +CVE-2017-1351 + RESERVED +CVE-2017-1350 (IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allo ...) + NOT-FOR-US: IBM InfoSphere Information Server +CVE-2017-1349 (IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially se ...) + NOT-FOR-US: IBM +CVE-2017-1348 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...) + NOT-FOR-US: IBM +CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores file ...) + NOT-FOR-US: IBM +CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2017-1344 + RESERVED +CVE-2017-1343 + RESERVED +CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive informat ...) + NOT-FOR-US: IBM +CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, ...) + NOT-FOR-US: IBM +CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated us ...) + NOT-FOR-US: IBM +CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) Ser ...) + NOT-FOR-US: IBM +CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...) + NOT-FOR-US: IBM +CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject cod ...) + NOT-FOR-US: IBM +CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenti ...) + NOT-FOR-US: IBM +CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site scri ...) + NOT-FOR-US: IBM +CVE-2017-1330 + RESERVED +CVE-2017-1329 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) + NOT-FOR-US: IBM Quality Manager +CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to byp ...) + NOT-FOR-US: IBM +CVE-2017-1327 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests bas ...) + NOT-FOR-US: IBM +CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2017-1323 + RESERVED +CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity Inject ...) + NOT-FOR-US: IBM +CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerabili ...) + NOT-FOR-US: IBM +CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ad ...) + NOT-FOR-US: IBM +CVE-2017-1317 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1316 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1315 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1314 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1313 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1312 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. ...) + NOT-FOR-US: IBM +CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...) + NOT-FOR-US: IBM +CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user c ...) + NOT-FOR-US: IBM +CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 cou ...) + NOT-FOR-US: IBM +CVE-2017-1307 + RESERVED +CVE-2017-1306 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to c ...) + NOT-FOR-US: IBM +CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS utiliz ...) + NOT-FOR-US: IBM +CVE-2017-1303 (IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is ...) + NOT-FOR-US: IBM +CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local u ...) + NOT-FOR-US: IBM +CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launc ...) + NOT-FOR-US: IBM +CVE-2017-1300 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2017-1299 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1298 + REJECTED +CVE-2017-1297 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1296 + RESERVED +CVE-2017-1295 (IBM RSA DM contains unspecified vulnerability in CLM Applications with ...) + NOT-FOR-US: IBM +CVE-2017-1294 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1293 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that ...) + NOT-FOR-US: IBM +CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...) + NOT-FOR-US: IBM +CVE-2017-1290 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity Inj ...) + NOT-FOR-US: IBM JDK +CVE-2017-1288 + RESERVED +CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct p ...) + NOT-FOR-US: IBM +CVE-2017-1286 (Sensitive information about the configuration of the IBM UrbanCode Dep ...) + NOT-FOR-US: IBM UrbanCode Deploy +CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user wit ...) + NOT-FOR-US: IBM +CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...) + NOT-FOR-US: IBM +CVE-2017-1283 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...) + NOT-FOR-US: IBM +CVE-2017-1282 (IBM Content Navigator & CMIS 2.0 and 3.0 is vulnerable to cross-site s ...) + NOT-FOR-US: IBM +CVE-2017-1281 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1280 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1279 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remo ...) + NOT-FOR-US: IBM Tealeaf Customer Experience +CVE-2017-1278 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1277 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1276 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1275 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in t ...) + NOT-FOR-US: IBM +CVE-2017-1273 + RESERVED +CVE-2017-1272 (IBM Security Guardium 10.0 and 10.5 stores sensitive information in UR ...) + NOT-FOR-US: IBM +CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between m ...) + NOT-FOR-US: IBM +CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a s ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...) + NOT-FOR-US: IBM +CVE-2017-1268 (IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash ag ...) + NOT-FOR-US: IBM +CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups a ...) + NOT-FOR-US: IBM +CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a security-critic ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1265 (IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and ...) + NOT-FOR-US: IBM +CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves tha ...) + NOT-FOR-US: IBM +CVE-2017-1263 + RESERVED +CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response splitting at ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive information in ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1260 + RESERVED +CVE-2017-1259 + RESERVED +CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to unauthor ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weake ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity Inje ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...) + NOT-FOR-US: IBM Security Guardium +CVE-2017-1252 + RESERVED +CVE-2017-1251 (An undisclosed vulnerability in CLM applications may result in some ad ...) + NOT-FOR-US: IBM +CVE-2017-1250 (IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle ...) + NOT-FOR-US: IBM +CVE-2017-1249 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. Thi ...) + NOT-FOR-US: IBM +CVE-2017-1248 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) + NOT-FOR-US: IBM Quality Manager +CVE-2017-1247 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1246 + RESERVED +CVE-2017-1245 (IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerab ...) + NOT-FOR-US: IBM +CVE-2017-1244 + RESERVED +CVE-2017-1243 + RESERVED +CVE-2017-1242 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) + NOT-FOR-US: IBM Quality Manager +CVE-2017-1241 (An unspecified vulnerability in IBM Jazz Foundation based applications ...) + NOT-FOR-US: IBM +CVE-2017-1240 (IBM Rhapsody DM products could reveal sensitive information in HTTP 50 ...) + NOT-FOR-US: IBM +CVE-2017-1239 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sen ...) + NOT-FOR-US: IBM Quality Manager +CVE-2017-1238 (IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable t ...) + NOT-FOR-US: IBM Quality Manager +CVE-2017-1237 (IBM Jazz based applications are vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentiall ...) + NOT-FOR-US: IBM +CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a prem ...) + NOT-FOR-US: IBM +CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vul ...) + NOT-FOR-US: IBM +CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the component to ...) + NOT-FOR-US: IBM Remote Control +CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) transmit ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1231 (IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in cl ...) + NOT-FOR-US: IBM +CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ins ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a rem ...) + NOT-FOR-US: IBM +CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could al ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...) + NOT-FOR-US: IBM +CVE-2017-1226 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) generate ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1225 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores s ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic al ...) + NOT-FOR-US: IBM +CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct p ...) + NOT-FOR-US: IBM +CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require ...) + NOT-FOR-US: IBM +CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) disclose ...) + NOT-FOR-US: IBM Tivoli Endpoint Manager +CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Inj ...) + NOT-FOR-US: IBM +CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request forger ...) + NOT-FOR-US: IBM +CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM +CVE-2017-1216 + RESERVED +CVE-2017-1215 + RESERVED +CVE-2017-1214 (IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a malform ...) + NOT-FOR-US: IBM +CVE-2017-1213 + RESERVED +CVE-2017-1212 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 i ...) + NOT-FOR-US: IBM +CVE-2017-1211 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 c ...) + NOT-FOR-US: IBM +CVE-2017-1210 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 c ...) + NOT-FOR-US: IBM +CVE-2017-1209 (IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 i ...) + NOT-FOR-US: IBM +CVE-2017-1208 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-s ...) + NOT-FOR-US: IBM +CVE-2017-1207 (IBM WebSphere Message Broker stores user credentials in plain in clear ...) + NOT-FOR-US: IBM +CVE-2017-1206 + RESERVED +CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...) + NOT-FOR-US: IBM +CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-code ...) + NOT-FOR-US: IBM Tealeaf Customer Experience +CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and A ...) + NOT-FOR-US: IBM +CVE-2017-1202 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulne ...) + NOT-FOR-US: IBM +CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores use ...) + NOT-FOR-US: IBM +CVE-2017-1200 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not ...) + NOT-FOR-US: IBM +CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 1 ...) + NOT-FOR-US: IBM +CVE-2017-1198 (IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores s ...) + NOT-FOR-US: IBM +CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...) + NOT-FOR-US: IBM +CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require tha ...) + NOT-FOR-US: IBM +CVE-2017-1195 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow ...) + NOT-FOR-US: IBM +CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to o ...) + NOT-FOR-US: IBM +CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External Entit ...) + NOT-FOR-US: IBM +CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM Ration ...) + NOT-FOR-US: IBM Rational Collaborative Lifecycle Management +CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could ...) + NOT-FOR-US: IBM +CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vuln ...) + NOT-FOR-US: IBM +CVE-2017-1188 + RESERVED +CVE-2017-1187 + RESERVED +CVE-2017-1186 + RESERVED +CVE-2017-1185 + RESERVED +CVE-2017-1184 + RESERVED +CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...) + NOT-FOR-US: IBM +CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...) + NOT-FOR-US: Oracle Primavera +CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local attacker to ...) + NOT-FOR-US: IBM +CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could a ...) + NOT-FOR-US: IBM TRIRIGA Document Manager +CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected crypt ...) + NOT-FOR-US: IBM +CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...) + NOT-FOR-US: IBM +CVE-2017-1177 (IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive informati ...) + NOT-FOR-US: IBM +CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...) + NOT-FOR-US: IBM +CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL inj ...) + NOT-FOR-US: IBM +CVE-2017-1174 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...) + NOT-FOR-US: IBM +CVE-2017-1173 + RESERVED +CVE-2017-1172 + RESERVED +CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a vulne ...) + NOT-FOR-US: IBM +CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and Develope ...) + NOT-FOR-US: IBM +CVE-2017-1169 (IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site script ...) + NOT-FOR-US: IBM +CVE-2017-1168 (IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulner ...) + NOT-FOR-US: IBM +CVE-2017-1167 + RESERVED +CVE-2017-1166 + RESERVED +CVE-2017-1165 + RESERVED +CVE-2017-1164 (IBM Jazz Foundation is vulnerable to cross-site scripting. This vulner ...) + NOT-FOR-US: IBM +CVE-2017-1163 + RESERVED +CVE-2017-1162 (IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized ...) + NOT-FOR-US: IBM +CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbit ...) + NOT-FOR-US: IBM +CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...) + NOT-FOR-US: IBM +CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker ...) + NOT-FOR-US: IBM +CVE-2017-1158 + RESERVED +CVE-2017-1157 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an authentica ...) + NOT-FOR-US: IBM +CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to cond ...) + NOT-FOR-US: IBM +CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) + NOT-FOR-US: IBM +CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...) + NOT-FOR-US: IBM +CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability th ...) + NOT-FOR-US: IBM +CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly up ...) + NOT-FOR-US: IBM +CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...) + NOT-FOR-US: IBM +CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1 ...) + NOT-FOR-US: IBM +CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...) + NOT-FOR-US: IBM +CVE-2017-1148 (IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry ...) + NOT-FOR-US: IBM +CVE-2017-1147 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scr ...) + NOT-FOR-US: IBM +CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents wh ...) + NOT-FOR-US: IBM +CVE-2017-1144 (IBM WebSphere Message Broker could allow a local user with specialized ...) + NOT-FOR-US: IBM +CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...) + NOT-FOR-US: IBM +CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote att ...) + NOT-FOR-US: IBM +CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an au ...) + NOT-FOR-US: IBM +CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site ...) + NOT-FOR-US: IBM +CVE-2017-1139 + RESERVED +CVE-2017-1138 + RESERVED +CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker th ...) + NOT-FOR-US: IBM +CVE-2017-1136 + RESERVED +CVE-2017-1135 + RESERVED +CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to e ...) + NOT-FOR-US: IBM +CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...) + NOT-FOR-US: IBM +CVE-2017-1132 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2017-1131 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authen ...) + NOT-FOR-US: IBM +CVE-2017-1130 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...) + NOT-FOR-US: IBM +CVE-2017-1129 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...) + NOT-FOR-US: IBM +CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to c ...) + NOT-FOR-US: IBM +CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...) + NOT-FOR-US: IBM +CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...) + NOT-FOR-US: IBM +CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local atta ...) + NOT-FOR-US: IBM +CVE-2017-1123 + RESERVED +CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...) + NOT-FOR-US: IBM +CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to cr ...) + NOT-FOR-US: IBM +CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting ...) + NOT-FOR-US: IBM +CVE-2017-1119 (IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote a ...) + NOT-FOR-US: IBM +CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...) + NOT-FOR-US: IBM +CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to caus ...) + NOT-FOR-US: IBM +CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive ...) + NOT-FOR-US: IBM +CVE-2017-1115 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A rem ...) + NOT-FOR-US: IBM +CVE-2017-1114 (IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. ...) + NOT-FOR-US: IBM +CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cros ...) + NOT-FOR-US: IBM +CVE-2017-1112 + RESERVED +CVE-2017-1111 + RESERVED +CVE-2017-1110 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an ...) + NOT-FOR-US: IBM +CVE-2017-1109 + RESERVED +CVE-2017-1108 + RESERVED +CVE-2017-1107 (IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive ...) + NOT-FOR-US: IBM +CVE-2017-1106 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...) + NOT-FOR-US: IBM +CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (include ...) + NOT-FOR-US: IBM +CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM +CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...) + NOT-FOR-US: IBM +CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM +CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM +CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-sit ...) + NOT-FOR-US: IBM +CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to ...) + NOT-FOR-US: IBM +CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to c ...) + NOT-FOR-US: IBM +CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10. ...) + NOT-FOR-US: IBM +CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-si ...) + NOT-FOR-US: IBM +CVE-2017-1095 + RESERVED +CVE-2017-1094 + RESERVED +CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulner ...) + NOT-FOR-US: IBM AIX +CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unaut ...) + NOT-FOR-US: IBM +CVE-2017-1091 + RESERVED +CVE-2017-1090 + REJECTED +CVE-2017-1089 + REJECTED +CVE-2017-1088 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...) + - kfreebsd-10 (unimportant) + NOTE: kfreebsd not covered by security support +CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE- ...) + - kfreebsd-10 (unimportant) + NOTE: kfreebsd not covered by security support +CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4 ...) + - kfreebsd-10 (unimportant) + NOTE: kfreebsd not covered by security support +CVE-2017-1085 (In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() ...) + - kfreebsd-10 (unimportant) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + NOTE: kfreebsd not covered by security support +CVE-2017-1084 (In FreeBSD before 11.2-RELEASE, multiple issues with the implementatio ...) + - kfreebsd-10 (unimportant) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + NOTE: kfreebsd not covered by security support +CVE-2017-1083 (In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is ...) + - kfreebsd-10 (unimportant) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + NOTE: kfreebsd not covered by security support +CVE-2017-1082 (In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the ...) + - kfreebsd-10 (unimportant) + NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt + NOTE: kfreebsd not covered by security support +CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3 ...) + - kfreebsd-10 (unimportant) + NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc + NOTE: kfreebsd not covered by security support +CVE-2017-1080 + REJECTED +CVE-2017-1079 + REJECTED +CVE-2017-1078 + REJECTED +CVE-2017-1077 + REJECTED +CVE-2017-1076 + REJECTED +CVE-2017-1075 + REJECTED +CVE-2017-1074 + REJECTED +CVE-2017-1073 + REJECTED +CVE-2017-1072 + REJECTED +CVE-2017-1071 + REJECTED +CVE-2017-1070 + REJECTED +CVE-2017-1069 + REJECTED +CVE-2017-1068 + REJECTED +CVE-2017-1067 + REJECTED +CVE-2017-1066 + REJECTED +CVE-2017-1065 + REJECTED +CVE-2017-1064 + REJECTED +CVE-2017-1063 + REJECTED +CVE-2017-1062 + REJECTED +CVE-2017-1061 + REJECTED +CVE-2017-1060 + REJECTED +CVE-2017-1059 + REJECTED +CVE-2017-1058 + REJECTED +CVE-2017-1057 + REJECTED +CVE-2017-1056 + REJECTED +CVE-2017-1055 + REJECTED +CVE-2017-1054 + REJECTED +CVE-2017-1053 + REJECTED +CVE-2017-1052 + REJECTED +CVE-2017-1051 + REJECTED +CVE-2017-1050 + REJECTED +CVE-2017-1049 + REJECTED +CVE-2017-1048 + REJECTED +CVE-2017-1047 + REJECTED +CVE-2017-1046 + REJECTED +CVE-2017-1045 + REJECTED +CVE-2017-1044 + REJECTED +CVE-2017-1043 + REJECTED +CVE-2017-1042 + REJECTED +CVE-2017-1041 + REJECTED +CVE-2017-1040 + REJECTED +CVE-2017-1039 + REJECTED +CVE-2017-1038 + REJECTED +CVE-2017-1037 + REJECTED +CVE-2017-1036 + REJECTED +CVE-2017-1035 + REJECTED +CVE-2017-1034 + REJECTED +CVE-2017-1033 + REJECTED +CVE-2017-1032 + REJECTED +CVE-2017-1031 + REJECTED +CVE-2017-1030 + REJECTED +CVE-2017-1029 + REJECTED +CVE-2017-1028 + REJECTED +CVE-2017-1027 + REJECTED +CVE-2017-1026 + REJECTED +CVE-2017-1025 + REJECTED +CVE-2017-1024 + REJECTED +CVE-2017-1023 + REJECTED +CVE-2017-1022 + REJECTED +CVE-2017-1021 + REJECTED +CVE-2017-1020 + REJECTED +CVE-2017-1019 + REJECTED +CVE-2017-1018 + REJECTED +CVE-2017-1017 + REJECTED +CVE-2017-1016 + REJECTED +CVE-2017-1015 + REJECTED +CVE-2017-1014 + REJECTED +CVE-2017-1013 + REJECTED +CVE-2017-1012 + REJECTED +CVE-2017-1011 + REJECTED +CVE-2017-1010 + REJECTED +CVE-2017-1009 + REJECTED +CVE-2017-1008 + REJECTED +CVE-2017-1007 + REJECTED +CVE-2017-1006 + REJECTED +CVE-2017-1005 + REJECTED +CVE-2017-1004 + REJECTED +CVE-2017-1003 + REJECTED +CVE-2017-1002 + REJECTED +CVE-2017-1001 + REJECTED +CVE-2017-1000 + REJECTED +CVE-2017-0999 + REJECTED +CVE-2017-0998 + REJECTED +CVE-2017-0997 + REJECTED +CVE-2017-0996 + REJECTED +CVE-2017-0995 + REJECTED +CVE-2017-0994 + REJECTED +CVE-2017-0993 + REJECTED +CVE-2017-0992 + REJECTED +CVE-2017-0991 + REJECTED +CVE-2017-0990 + REJECTED +CVE-2017-0989 + REJECTED +CVE-2017-0988 + REJECTED +CVE-2017-0987 + REJECTED +CVE-2017-0986 + REJECTED +CVE-2017-0985 + REJECTED +CVE-2017-0984 + REJECTED +CVE-2017-0983 + REJECTED +CVE-2017-0982 + REJECTED +CVE-2017-0981 + REJECTED +CVE-2017-0980 + RESERVED +CVE-2017-0979 + RESERVED +CVE-2017-0978 + RESERVED +CVE-2017-0977 + RESERVED +CVE-2017-0976 + RESERVED +CVE-2017-0975 + RESERVED +CVE-2017-0974 + RESERVED +CVE-2017-0973 + RESERVED +CVE-2017-0972 + RESERVED +CVE-2017-0971 + RESERVED +CVE-2017-0970 + RESERVED +CVE-2017-0969 + RESERVED +CVE-2017-0968 + RESERVED +CVE-2017-0967 + RESERVED +CVE-2017-0966 + RESERVED +CVE-2017-0965 + RESERVED +CVE-2017-0964 + RESERVED +CVE-2017-0963 + RESERVED +CVE-2017-0962 + RESERVED +CVE-2017-0961 + RESERVED +CVE-2017-0960 + RESERVED +CVE-2017-0959 + RESERVED +CVE-2017-0958 + RESERVED +CVE-2017-0957 + RESERVED +CVE-2017-0956 + RESERVED +CVE-2017-0955 + RESERVED +CVE-2017-0954 + RESERVED +CVE-2017-0953 + RESERVED +CVE-2017-0952 + RESERVED +CVE-2017-0951 + RESERVED +CVE-2017-0950 + RESERVED +CVE-2017-0949 + RESERVED +CVE-2017-0948 + RESERVED +CVE-2017-0947 + RESERVED +CVE-2017-0946 + RESERVED +CVE-2017-0945 + RESERVED +CVE-2017-0944 + RESERVED +CVE-2017-0943 + RESERVED +CVE-2017-0942 + RESERVED +CVE-2017-0941 + RESERVED +CVE-2017-0940 + RESERVED +CVE-2017-0939 + RESERVED +CVE-2017-0938 (Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMA ...) + NOT-FOR-US: airMAX +CVE-2017-0937 + RESERVED +CVE-2017-0936 (Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorizatio ...) + - nextcloud (bug #835086) +CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...) + NOT-FOR-US: Ubiquiti Networks EdgeOS +CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improp ...) + NOT-FOR-US: Ubiquiti Networks EdgeOS +CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-S ...) + NOT-FOR-US: Ubiquiti Networks EdgeOS +CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Impr ...) + NOT-FOR-US: Ubiquiti Networks EdgeOS +CVE-2017-0931 (html-janitor node module suffers from a Cross-Site Scripting (XSS) vul ...) + NOT-FOR-US: html-janitor node module +CVE-2017-0930 (augustine node module suffers from a Path Traversal vulnerability due ...) + NOT-FOR-US: augustine node module +CVE-2017-0929 (DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request F ...) + NOT-FOR-US: DNN (aka DotNetNuke) +CVE-2017-0928 (html-janitor node module suffers from an External Control of Critical ...) + NOT-FOR-US: html-janitor node module +CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...) + - gitlab 10.5.5+dfsg-1 (bug #888508) + [stretch] - gitlab (Doesn't affect 8.x) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper aut ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insuffici ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) + - gitlab 10.5.5+dfsg-1 + [stretch] - gitlab (Only affects 9.0 and later) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input va ...) + - gitlab 10.5.5+dfsg-1 (bug #888508) + [stretch] - gitlab (Doesn't affect 8.x) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an authorizati ...) + - gitlab 10.5.5+dfsg-1 + [stretch] - gitlab (Only affects 9.1 and later) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...) + {DSA-4206-1} + - gitlab 10.5.5+dfsg-1 + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0919 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10 ...) + - gitlab 10.5.5+dfsg-1 + NOTE: https://hackerone.com/reports/301137 + NOTE: Fixed in 10.1.6, 10.2.6, and 10.3.4 +CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path traversa ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82 +CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of inp ...) + {DSA-4145-1} + - gitlab 10.5.5+dfsg-1 (bug #888508) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2. ...) + - gitlab 10.5.5+dfsg-1 + [stretch] - gitlab (Only affects 9.4 and later) + NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/ +CVE-2017-0913 (Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to r ...) + NOT-FOR-US: Ubiquiti UCRM +CVE-2017-0912 (Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-s ...) + NOT-FOR-US: Ubiquiti UCRM +CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...) + NOT-FOR-US: Twitter Kit for iOS +CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a vuln ...) + - zulip-server (bug #800052) +CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a byp ...) + NOT-FOR-US: private_address_check ruby gem +CVE-2017-0908 + REJECTED +CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1. ...) + NOT-FOR-US: Recurly Client .NET Library +CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...) + NOT-FOR-US: Recurly Client Python Library +CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...) + NOT-FOR-US: Recurly Client Ruby Library +CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a byp ...) + NOT-FOR-US: private_address_check ruby gem +CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possibl ...) + {DSA-4031-1 DLA-1421-1} + - ruby2.3 2.3.5-1 (bug #879231) + - ruby2.1 + - ruby1.9.1 + [wheezy] - ruby1.9.1 (Vulnerable code introduced later) + - rubygems 3.2.0~rc.1-1 + [wheezy] - rubygems (Vulnerable code introduced later) + NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2 + NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html + NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49 +CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking v ...) + {DSA-3966-1 DLA-1421-1} + - ruby2.3 2.3.3-1+deb9u1 (bug #873802) + - ruby2.1 + - ruby1.9.1 + [wheezy] - ruby1.9.1 (Vulnerable code introduced later) + - rubygems 3.2.0~rc.1-1 + [wheezy] - rubygems (Vulnerable code introduced later) + NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html + NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch + NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch +CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification na ...) + {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1} + - ruby2.3 2.3.3-1+deb9u1 (bug #873802) + - ruby2.1 + - ruby1.9.1 + - rubygems 3.2.0~rc.1-1 + NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html + NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch + NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch +CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...) + {DSA-3966-1 DLA-1421-1 DLA-1114-1 DLA-1112-1} + - ruby2.3 2.3.3-1+deb9u1 (bug #873802) + - ruby2.1 + - ruby1.9.1 + - rubygems 3.2.0~rc.1-1 + NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html + NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch + NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch +CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously craft ...) + {DSA-3966-1 DLA-1421-1 DLA-1114-1} + - ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802) + - ruby2.1 (unimportant) + - ruby1.9.1 (unimportant) + - rubygems 3.2.0~rc.1-1 (unimportant) + NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/ + NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html + NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch + NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch + NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there +CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious forma ...) + {DSA-4031-1 DLA-1421-1 DLA-1114-1 DLA-1113-1} + - ruby2.3 2.3.5-1 (bug #875936) + - ruby2.1 + - ruby1.9.1 + - ruby1.8 + NOTE: https://github.com/mruby/mruby/issues/3722 + NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/ + NOTE: https://bugs.ruby-lang.org/issues/13499 +CVE-2017-0897 (ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create a ...) + NOT-FOR-US: ExpressionEngine +CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the implementatio ...) + - zulip-server (bug #800052) +CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...) + - nextcloud (bug #835086) +CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid sh ...) + - nextcloud (bug #835086) +CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vu ...) + - nextcloud (bug #835086) +CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ha ...) + - nextcloud (bug #835086) +CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...) + - nextcloud (bug #835086) +CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...) + - nextcloud (bug #835086) +CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...) + NOT-FOR-US: paperclip ruby gem +CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoof ...) + - nextcloud (bug #835086) +CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of Ser ...) + - nextcloud (bug #835086) +CVE-2017-0885 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message ...) + - nextcloud (bug #835086) +CVE-2017-0884 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of f ...) + - nextcloud (bug #835086) +CVE-2017-0883 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission in ...) + - nextcloud (bug #835086) +CVE-2017-0882 (Multiple versions of GitLab expose sensitive user credentials when ass ...) + - gitlab 8.13.11+dfsg-7 (bug #858410) + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661 + NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/ +CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the chec ...) + NOT-FOR-US: Zulip +CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the p ...) + - linux 4.6.1-1 + [jessie] - linux 3.16.39-1 + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1) +CVE-2016-9753 + RESERVED +CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...) + - serendipity +CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front e ...) + - piwigo + [squeeze] - piwigo (Unsupported in squeeze-lts) + NOTE: Request to mark the package as unsupported in #779104 +CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text ...) + NOT-FOR-US: IBM +CVE-2016-9749 (IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated ...) + NOT-FOR-US: IBM +CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive inf ...) + NOT-FOR-US: IBM +CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM +CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2016-9745 + RESERVED +CVE-2016-9744 + RESERVED +CVE-2016-9743 + RESERVED +CVE-2016-9742 + RESERVED +CVE-2016-9741 + RESERVED +CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resources ...) + NOT-FOR-US: IBM +CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user credential ...) + NOT-FOR-US: IBM +CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong ...) + NOT-FOR-US: IBM +CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. T ...) + NOT-FOR-US: IBM +CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could a ...) + NOT-FOR-US: IBM +CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain sensit ...) + NOT-FOR-US: IBM +CVE-2016-9734 + RESERVED +CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site sc ...) + NOT-FOR-US: IBM +CVE-2016-9732 (IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerabl ...) + NOT-FOR-US: IBM +CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. Th ...) + NOT-FOR-US: IBM +CVE-2016-9730 (IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request ...) + NOT-FOR-US: IBM +CVE-2016-9729 (IBM QRadar 7.2 does not perform an authentication check for a critical ...) + NOT-FOR-US: IBM +CVE-2016-9728 (IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could ...) + NOT-FOR-US: IBM +CVE-2016-9727 (IBM QRadar 7.2 could allow a remote authenticated attacker to execute ...) + NOT-FOR-US: IBM +CVE-2016-9726 (IBM QRadar Incident Forensics 7.2 could allow a remote authenticated a ...) + NOT-FOR-US: IBM +CVE-2016-9725 (IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sha ...) + NOT-FOR-US: IBM +CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML ...) + NOT-FOR-US: IBM +CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerabili ...) + NOT-FOR-US: IBM +CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical r ...) + NOT-FOR-US: IBM QRadar +CVE-2016-9721 + RESERVED +CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users. ...) + NOT-FOR-US: IBM +CVE-2016-9719 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...) + NOT-FOR-US: IBM +CVE-2016-9718 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 1 ...) + NOT-FOR-US: IBM +CVE-2016-9717 (HTTP Parameter Override is identified in the IBM Infosphere Master Dat ...) + NOT-FOR-US: IBM +CVE-2016-9716 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...) + NOT-FOR-US: IBM +CVE-2016-9715 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, a ...) + NOT-FOR-US: IBM +CVE-2016-9714 (IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 1 ...) + NOT-FOR-US: IBM +CVE-2016-9713 + RESERVED +CVE-2016-9712 + RESERVED +CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) reveal ...) + NOT-FOR-US: IBM +CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a remot ...) + NOT-FOR-US: IBM +CVE-2016-9709 + RESERVED +CVE-2016-9708 + RESERVED +CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...) + NOT-FOR-US: IBM +CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP FLO ...) + NOT-FOR-US: IBM +CVE-2016-9705 + RESERVED +CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to cross ...) + NOT-FOR-US: IBM +CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate se ...) + NOT-FOR-US: IBM +CVE-2016-9702 + RESERVED +CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scriptin ...) + NOT-FOR-US: IBM +CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain se ...) + NOT-FOR-US: IBM +CVE-2016-9699 + RESERVED +CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service ...) + NOT-FOR-US: IBM +CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 coul ...) + NOT-FOR-US: IBM +CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A r ...) + NOT-FOR-US: IBM +CVE-2016-9695 + RESERVED +CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scriptin ...) + NOT-FOR-US: IBM +CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download cap ...) + NOT-FOR-US: IBM +CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to Ex ...) + NOT-FOR-US: IBM +CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...) + NOT-FOR-US: IBM +CVE-2016-9690 + REJECTED +CVE-2016-9689 + REJECTED +CVE-2016-9688 + REJECTED +CVE-2016-9687 + REJECTED +CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...) + - puppet (Only affects Puppet Enterprise) +CVE-2017-0880 (A denial of service vulnerability in the Android media framework (libs ...) + - skia (bug #818180) +CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0875 + RESERVED +CVE-2017-0874 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0873 (A denial of service vulnerability in the Android media framework (libm ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework (fram ...) + NOT-FOR-US: Android +CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework (libm ...) + NOT-FOR-US: Android +CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could c ...) + NOT-FOR-US: NVIDIA components for Android +CVE-2017-0868 + RESERVED +CVE-2017-0867 + RESERVED +CVE-2017-0866 (An elevation of privilege vulnerability in the Direct rendering infras ...) + NOT-FOR-US: NVIDIA components for Android +CVE-2017-0865 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0864 (An elevation of privilege vulnerability in the MediaTek ioctl (flashli ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0863 (An elevation of privilege vulnerability in the Upstream kernel video d ...) + NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) +CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...) + NOT-FOR-US: Android driver (proprietary, not part of upstream kernel) +CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...) + {DSA-4187-1 DLA-1369-1} + - linux 4.13.4-1 + [stretch] - linux 4.9.80-1 + NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229 + NOTE: UAF actually already removed in https://git.kernel.org/linus/e11f0f90a626f93899687b1cc909ee37dd6c5809 +CVE-2017-0860 (An elevation of privilege vulnerability in the Android system (inputdi ...) + NOT-FOR-US: Android +CVE-2017-0859 (Another vulnerability in the Android media framework (n/a). Product: A ...) + NOT-FOR-US: Android media framework +CVE-2017-0858 (Another vulnerability in the Android media framework (n/a). Product: A ...) + NOT-FOR-US: Android media framework +CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Product: A ...) + NOT-FOR-US: Android media framework +CVE-2017-0856 + RESERVED +CVE-2017-0855 (In MPEG4Extractor.cpp, there are several places where functions return ...) + NOT-FOR-US: Android media framework +CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0852 (A denial of service vulnerability in the Android media framework (libh ...) + NOT-FOR-US: Android media framework +CVE-2017-0851 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0850 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0849 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0848 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0847 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0846 (An information disclosure vulnerability in the Android framework (clip ...) + NOT-FOR-US: Android +CVE-2017-0845 (A denial of service vulnerability in the Android framework (syncstorag ...) + NOT-FOR-US: Android +CVE-2017-0844 + RESERVED +CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...) + NOT-FOR-US: MediaTek component for Android +CVE-2017-0842 (An elevation of privilege vulnerability in the Android system (bluetoo ...) + NOT-FOR-US: Fluoride Bluetooth stack in Android +CVE-2017-0841 (A remote code execution vulnerability in the Android system (libutils) ...) + - android-platform-system-core (unimportant) + NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/ +CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0834 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0833 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework (wind ...) + NOT-FOR-US: Android +CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework (devi ...) + NOT-FOR-US: Android +CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. Pr ...) + NOT-FOR-US: Motorola bootloader +CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. Prod ...) + NOT-FOR-US: Huawei bootloader +CVE-2017-0827 (An elevation of privilege vulnerability in the MediaTek soc driver. Pr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0826 (An elevation of privilege vulnerability in the HTC bootloader. Product ...) + NOT-FOR-US: HTC bootloader +CVE-2017-0825 (An information disclosure vulnerability in the Broadcom wifi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild). ...) + NOT-FOR-US: Android (rild) +CVE-2017-0822 (An elevation of privilege vulnerability in the Android system (camera) ...) + - android-framework-23 (unimportant) + NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a +CVE-2017-0821 + RESERVED +CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: Android ...) + NOT-FOR-US: Android media framework +CVE-2017-0819 (A vulnerability in the Android media framework (n/a). Product: Android ...) + NOT-FOR-US: Android media framework +CVE-2017-0818 (A vulnerability in the Android media framework (n/a). Product: Android ...) + NOT-FOR-US: Android media framework +CVE-2017-0817 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0816 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0815 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0814 (An information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0813 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: Android media framework +CVE-2017-0812 (An elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0811 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0810 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0809 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0808 (An information disclosure vulnerability in the Android framework (file ...) + NOT-FOR-US: Android +CVE-2017-0807 (An elevation of privilege vulnerability in the Android framework (ui f ...) + NOT-FOR-US: Android +CVE-2017-0806 (An elevation of privilege vulnerability in the Android framework (gate ...) + NOT-FOR-US: Android +CVE-2017-0805 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc driver. Pro ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei. Product: ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus. Produc ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel. Product ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc driver. ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek accessory detec ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel scsi dri ...) + NOT-FOR-US: Android kernel on Nexus (probably) + NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't link a public patch, so probably related to some binary-only component on Nexus +CVE-2017-0793 (A information disclosure vulnerability in the N/A memory subsystem. Pr ...) + NOT-FOR-US: Imagetech driver for Android +CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + - linux 4.13.4-2 + [stretch] - linux 4.9.65-1 + [jessie] - linux 3.16.51-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/17df6453d4be17910456e99c5a85025aa1b7a246 (v4.14-rc4) +CVE-2017-0785 (A information disclosure vulnerability in the Android system (bluetoot ...) + NOT-FOR-US: Android + NOTE: https://www.armis.com/blueborne/ +CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). Pr ...) + NOT-FOR-US: Android +CVE-2017-0783 (A information disclosure vulnerability in the Android system (bluetoot ...) + NOT-FOR-US: Android + NOTE: https://www.armis.com/blueborne/ +CVE-2017-0782 (A remote code execution vulnerability in the Android system (bluetooth ...) + NOT-FOR-US: Android + NOTE: https://www.armis.com/blueborne/ +CVE-2017-0781 (A remote code execution vulnerability in the Android system (bluetooth ...) + NOT-FOR-US: Android + NOTE: https://www.armis.com/blueborne/ +CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android mess ...) + NOT-FOR-US: Android messaging +CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0777 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0776 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0775 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0774 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0773 (A denial of service vulnerability in the Android media framework (libh ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0772 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0771 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0770 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0769 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0768 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0767 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0766 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0765 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0764 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0763 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0762 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0761 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0760 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0759 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0758 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0757 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0756 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android Media Framework +CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries (libmi ...) + NOT-FOR-US: Android +CVE-2017-0754 + RESERVED +CVE-2017-0753 (A remote code execution vulnerability in the Android libraries (libgdx ...) + NOT-FOR-US: Android (libgdx) +CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework (windo ...) + - android-framework-23 (unimportant) + NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/ +CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE driver. Pr ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file syst ...) + - linux (Android-specific change) + NOTE: https://source.android.com/security/bulletin/2017-08-01 +CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux linux ker ...) + - linux (Android-specific change) + NOTE: https://source.android.com/security/bulletin/2017-08-01 +CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio driver. ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm proprietary com ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0746 (A elevation of privilege vulnerability in the Qualcomm ipa driver. Pro ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0745 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: libstagefright +CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware process ...) + NOT-FOR-US: Google drivers for Android +CVE-2017-0743 + RESERVED +CVE-2017-0742 (A elevation of privilege vulnerability in the MediaTek video driver. P ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0741 (A elevation of privilege vulnerability in the MediaTek gpu driver. Pro ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0740 (A remote code execution vulnerability in the Broadcom networking drive ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0739 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0738 (A information disclosure vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0737 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: libstagefright +CVE-2017-0736 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android media framework +CVE-2017-0735 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android media framework +CVE-2017-0734 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android media framework +CVE-2017-0733 (A denial of service vulnerability in the Android media framework (libm ...) + NOT-FOR-US: Android media framework +CVE-2017-0732 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: libstagefright +CVE-2017-0731 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: libstagefright +CVE-2017-0730 (A denial of service vulnerability in the Android media framework (h264 ...) + NOT-FOR-US: Android media framework +CVE-2017-0729 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0728 (A denial of service vulnerability in the Android media framework (hevc ...) + NOT-FOR-US: Android media framework +CVE-2017-0727 (A elevation of privilege vulnerability in the Android media framework ...) + NOT-FOR-US: Android media framework +CVE-2017-0726 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: libstagefright +CVE-2017-0725 (A denial of service vulnerability in the Android media framework (libs ...) + NOT-FOR-US: Android media framework +CVE-2017-0724 (A denial of service vulnerability in the Android media framework (libm ...) + NOT-FOR-US: Android media framework +CVE-2017-0723 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0722 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: libstagefright +CVE-2017-0721 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0720 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0719 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0718 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0717 + RESERVED +CVE-2017-0716 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0715 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0714 (A remote code execution vulnerability in the Android media framework ( ...) + NOT-FOR-US: Android media framework +CVE-2017-0713 (A remote code execution vulnerability in the Android libraries (sfntly ...) + NOT-FOR-US: Android +CVE-2017-0712 (A elevation of privilege vulnerability in the Android framework (wi-fi ...) + NOT-FOR-US: Android +CVE-2017-0711 (A elevation of privilege vulnerability in the MediaTek networking driv ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0710 (A elevation of privilege vulnerability in the Upstream Linux tcb. Prod ...) + NOT-FOR-US: Android Trusted Computing Base +CVE-2017-0709 (A information disclosure vulnerability in the HTC sensor hub driver. P ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0708 (A information disclosure vulnerability in the HTC sound driver. Produc ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0707 (A elevation of privilege vulnerability in the HTC led driver. Product: ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0706 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0705 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. P ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0704 (A elevation of privilege vulnerability in the Android system ui. Produ ...) + NOT-FOR-US: Android +CVE-2017-0703 (A elevation of privilege vulnerability in the Android system ui. Produ ...) + NOT-FOR-US: Android +CVE-2017-0702 (A remote code execution vulnerability in the Android system ui. Produc ...) + NOT-FOR-US: Android +CVE-2017-0701 (A remote code execution vulnerability in the Android system ui. Produc ...) + NOT-FOR-US: Android +CVE-2017-0700 (A remote code execution vulnerability in the Android system ui. Produc ...) + NOT-FOR-US: Android +CVE-2017-0699 (A information disclosure vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0698 (A information disclosure vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0697 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0696 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0695 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0694 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0693 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0692 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0691 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0690 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0689 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0688 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0687 (A denial of service vulnerability in the Android media framework (liba ...) + NOT-FOR-US: Android media framework +CVE-2017-0686 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0685 (A denial of service vulnerability in the Android media framework. Prod ...) + NOT-FOR-US: Android media framework +CVE-2017-0684 (A elevation of privilege vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0683 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0682 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0681 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0680 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0679 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0678 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0677 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0676 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0675 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0674 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...) + NOT-FOR-US: Android media framework +CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: A ...) + NOT-FOR-US: Android +CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. Produc ...) + NOT-FOR-US: Android + NOTE: Not publicly available +CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: A ...) + NOT-FOR-US: Android +CVE-2017-0669 (A information disclosure vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0668 (A information disclosure vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0667 (A elevation of privilege vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0666 (A elevation of privilege vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0665 (A elevation of privilege vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. Produ ...) + NOT-FOR-US: Android +CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an attac ...) + {DSA-3952-1 DLA-1060-1} + - libxml2 2.9.4+dfsg1-3.1 (bug #870870) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public) + NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/92b9e8c8b3787068565a1820ba575d042f9eec66 +CVE-2017-0662 + RESERVED +CVE-2017-0661 + RESERVED +CVE-2017-0660 + RESERVED +CVE-2017-0659 + RESERVED +CVE-2017-0658 + RESERVED +CVE-2017-0657 + RESERVED +CVE-2017-0656 + RESERVED +CVE-2017-0655 + RESERVED +CVE-2017-0654 + RESERVED +CVE-2017-0653 + RESERVED +CVE-2017-0652 + RESERVED +CVE-2017-0651 (An information disclosure vulnerability in the kernel ION subsystem co ...) + NOT-FOR-US: Android +CVE-2017-0650 (An information disclosure vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0649 (An elevation of privilege vulnerability in the MediaTek sound driver c ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0648 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...) + NOT-FOR-US: Android +CVE-2017-0647 (An information disclosure vulnerability in libziparchive could enable ...) + - android-platform-system-core 1:7.0.0+r33-2 (unimportant; bug #867229) + [jessie] - android-platform-system-core (Vulnerable code not present) + NOTE: No impact on SDK usage +CVE-2017-0646 (An information disclosure vulnerability in Bluetooth component could e ...) + NOT-FOR-US: Android +CVE-2017-0645 (An elevation of privilege vulnerability in Bluetooth could enable a lo ...) + NOT-FOR-US: Android +CVE-2017-0644 (A remote denial of service vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0643 (A remote denial of service vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0642 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0641 (A remote denial of service vulnerability in libvpx in Mediaserver coul ...) + - libvpx (unimportant; bug #871931) + NOTE: https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb + NOTE: Debian builds configures with --size-limit=16384x16384, Android lowered + NOTE: the limit to something more aligned for smart phones +CVE-2017-0640 (A remote denial of service vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0639 (An information disclosure vulnerability in Bluetooth component could e ...) + NOT-FOR-US: Android +CVE-2017-0638 (A remote code execution vulnerability in System UI component could ena ...) + NOT-FOR-US: Android +CVE-2017-0637 (A remote code execution vulnerability in libhevc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0636 (An elevation of privilege vulnerability in the MediaTek command queue ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in libstagef ...) + NOT-FOR-US: libstagefright +CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec dr ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...) + - linux (unimportant) + NOTE: https://lore.kernel.org/lkml/20180725202238.165314-1-salyzyn@android.com/ + NOTE: Negligible security impact +CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...) + NOT-FOR-US: Android kernel +CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could en ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen driv ...) + NOT-FOR-US: Goodix driver for Android +CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver c ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system managem ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver c ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure Executi ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0605 + REJECTED +CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power d ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver cou ...) + NOT-FOR-US: libstagefright +CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a loc ...) + NOT-FOR-US: Android +CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...) + NOT-FOR-US: Android +CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in Mediaser ...) + NOT-FOR-US: libstagefright +CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...) + NOT-FOR-US: libstagefright +CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in Mediaserv ...) + NOT-FOR-US: libstagefright +CVE-2017-0594 (An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncode ...) + NOT-FOR-US: libstagefright +CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in libstage ...) + NOT-FOR-US: Android +CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could e ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...) + NOT-FOR-US: libstagefright +CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...) + NOT-FOR-US: libstagefright +CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0584 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0583 (An elevation of privilege vulnerability in the Qualcomm CP access driv ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0582 (An elevation of privilege vulnerability in the HTC OEM fastboot comman ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0581 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0580 (An elevation of privilege vulnerability in the Synaptics Touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0579 (An elevation of privilege vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0578 (An elevation of privilege vulnerability in the DTS sound driver could ...) + NOT-FOR-US: DTS driver for Android +CVE-2017-0577 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0576 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0575 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0574 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0573 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0572 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0571 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0570 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0569 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0568 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0567 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0566 (An elevation of privilege vulnerability in the MediaTek camera driver ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0565 (An elevation of privilege vulnerability in the MediaTek thermal driver ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0564 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) + NOT-FOR-US: Android ION subsystem + NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no + NOTE: patch has been made available it's likely some closed-source addon +CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen dr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware c ...) + {DLA-1573-1} + - firmware-nonfree 20180518-1 (bug #869639) + [stretch] - firmware-nonfree 20161130-4 + [jessie] - firmware-nonfree (non-free not supported) +CVE-2017-0560 (An information disclosure vulnerability in the factory reset process c ...) + NOT-FOR-US: Android +CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a loca ...) + - skia (bug #818180) +CVE-2017-0558 (An information disclosure vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0557 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0556 (An information disclosure vulnerability in libmpeg2 in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0555 (An information disclosure vulnerability in libavc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver/ libavc +CVE-2017-0554 (An elevation of privilege vulnerability in the Telephony component cou ...) + NOT-FOR-US: Android +CVE-2017-0553 (An elevation of privilege vulnerability in libnl could enable a local ...) + {DLA-892-1 DLA-891-1} + - libnl3 3.2.27-2 (unimportant; bug #859948) + - libnl (unimportant) + NOTE: Fixed by: http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb + NOTE: Fix via Android: https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0 + NOTE: Not a security issue by itself, the upstream patch protects against API misuse, + NOTE: this still requires missing input validation in the application using libnl +CVE-2017-0552 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) + NOT-FOR-US: Android Mediaserver / libavc +CVE-2017-0551 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) + NOT-FOR-US: Android Mediaserver / libavc +CVE-2017-0550 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) + NOT-FOR-US: Android Mediaserver / libavc +CVE-2017-0549 (A remote denial of service vulnerability in libavc in Mediaserver coul ...) + NOT-FOR-US: Android Mediaserver / libavc +CVE-2017-0548 (A remote denial of service vulnerability in libskia could enable an at ...) + - skia (bug #818180) +CVE-2017-0547 (An information disclosure vulnerability in libmedia in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0546 (An elevation of privilege vulnerability in SurfaceFlinger could enable ...) + NOT-FOR-US: Android +CVE-2017-0545 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android +CVE-2017-0544 (An elevation of privilege vulnerability in CameraBase could enable a l ...) + NOT-FOR-US: Android +CVE-2017-0543 (A remote code execution vulnerability in libavc in Mediaserver could e ...) + NOT-FOR-US: Android Mediaserver/ libavc +CVE-2017-0542 (A remote code execution vulnerability in libavc in Mediaserver could e ...) + NOT-FOR-US: Android Mediaserver/ libavc +CVE-2017-0541 (A remote code execution vulnerability in sonivox in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0540 (A remote code execution vulnerability in libhevc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0539 (A remote code execution vulnerability in libhevc in Mediaserver could ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0538 (A remote code execution vulnerability in libavc in Mediaserver could e ...) + NOT-FOR-US: Android Mediaserver / libavc +CVE-2017-0537 (An information disclosure vulnerability in the kernel USB gadget drive ...) + NOT-FOR-US: Nvidia driver for Android + NOTE: https://source.android.com/security/bulletin/2017-03-01.html + NOTE: Android bulletin lists as affecting only Pixel C (Tegra X1) and Tegra USB gadget mode is not in mainline Linux +CVE-2017-0536 (An information disclosure vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0535 (An information disclosure vulnerability in the HTC sound codec driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0534 (An information disclosure vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0533 (An information disclosure vulnerability in the Qualcomm video driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0532 (An information disclosure vulnerability in the MediaTek video codec dr ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0531 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0530 + RESERVED +CVE-2017-0529 (An information disclosure vulnerability in the MediaTek driver could e ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0528 (An elevation of privilege vulnerability in the kernel security subsyst ...) + NOT-FOR-US: Android bulletin lists as affecting only Pixel and Pixel XL (Qualcomm Snapdragon) so probably relates to Qualcomm driver + NOTE: https://source.android.com/security/bulletin/2017-03-01.html +CVE-2017-0527 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0526 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver c ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0525 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0524 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0523 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0522 (An elevation of privilege vulnerability in a MediaTek APK could enable ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0521 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0520 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0519 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0518 (An elevation of privilege vulnerability in the Qualcomm fingerprint se ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0517 (An elevation of privilege vulnerability in the MediaTek hardware senso ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0516 (An elevation of privilege vulnerability in the Qualcomm input hardware ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0515 + RESERVED +CVE-2017-0514 + RESERVED +CVE-2017-0513 + RESERVED +CVE-2017-0512 + RESERVED +CVE-2017-0511 + RESERVED +CVE-2017-0510 (An elevation of privilege vulnerability in the kernel FIQ debugger cou ...) + - linux (Android-specific patch) +CVE-2017-0509 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0508 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) + NOT-FOR-US: Android ION subsystem + NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no + NOTE: patch has been made available it's likely some closed-source addon +CVE-2017-0507 (An elevation of privilege vulnerability in the kernel ION subsystem co ...) + NOT-FOR-US: Android ION subsystem + NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no + NOTE: patch has been made available it's likely some closed-source addon +CVE-2017-0506 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0505 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0504 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0503 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0502 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0501 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0500 (An elevation of privilege vulnerability in MediaTek components, includ ...) + NOT-FOR-US: MediaTek driver for Android +CVE-2017-0499 (A denial of service vulnerability in Audioserver could enable a local ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0498 (A denial of service vulnerability in Setup Wizard could allow a local ...) + NOT-FOR-US: Android +CVE-2017-0497 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0496 (A denial of service vulnerability in Setup Wizard could allow a local ...) + NOT-FOR-US: Android +CVE-2017-0495 (An information disclosure vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...) + NOT-FOR-US: Android +CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...) + NOT-FOR-US: Android +CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable ...) + NOT-FOR-US: Android +CVE-2017-0491 (An elevation of privilege vulnerability in Package Manager could enabl ...) + NOT-FOR-US: Android +CVE-2017-0490 (An elevation of privilege vulnerability in Wi-Fi could enable a local ...) + NOT-FOR-US: Android +CVE-2017-0489 (An elevation of privilege vulnerability in Location Manager could enab ...) + NOT-FOR-US: Android +CVE-2017-0488 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0487 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0486 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0485 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0484 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0483 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0482 (A denial of service vulnerability in Mediaserver could enable an attac ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0481 (An elevation of privilege vulnerability in NFC could enable a proximat ...) + NOT-FOR-US: Android +CVE-2017-0480 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0479 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0478 (A remote code execution vulnerability in the Framesequence library cou ...) + NOT-FOR-US: Framesequence library +CVE-2017-0477 (A remote code execution vulnerability in libgdx could enable an attack ...) + - libgdx (bug #686673) +CVE-2017-0476 (A remote code execution vulnerability in AOSP Messaging could enable a ...) + NOT-FOR-US: Android +CVE-2017-0475 (An elevation of privilege vulnerability in the recovery verifier could ...) + NOT-FOR-US: Android +CVE-2017-0474 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0473 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0472 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0471 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0470 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0469 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0468 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0467 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0463 (An elevation of privilege vulnerability in the Qualcomm networking dri ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0462 (An elevation of privilege vulnerability in the Qualcomm Seemp driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0461 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0460 (An elevation of privilege vulnerability in the Qualcomm networking dri ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0459 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0458 (An elevation of privilege vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0457 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0456 (An elevation of privilege vulnerability in the Qualcomm IPA driver cou ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0455 (An information disclosure vulnerability in the Qualcomm bootloader cou ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0454 (An elevation of privilege vulnerability in the Qualcomm audio driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0453 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0452 (An information disclosure vulnerability in the Qualcomm camera driver ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0451 (An information disclosure vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0450 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0449 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0448 (An information disclosure vulnerability in the NVIDIA video driver cou ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0447 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0446 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0445 (An elevation of privilege vulnerability in the HTC touchscreen driver ...) + NOT-FOR-US: HTC driver for Android +CVE-2017-0444 (An elevation of privilege vulnerability in the Realtek sound driver co ...) + NOT-FOR-US: Realtek driver for Android +CVE-2017-0443 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0442 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0441 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0440 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0439 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0438 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0437 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0436 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0435 (An elevation of privilege vulnerability in the Qualcomm sound driver c ...) + NOT-FOR-US: Qualcomm driver for Android +CVE-2017-0434 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscreen d ...) + NOT-FOR-US: Synaptics driver for Android +CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could e ...) + NOT-FOR-US: Mediatek driver for Android +CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source comp ...) + NOT-FOR-US: Qualcomm component for Android +CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Broadcom driver for Android +CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system coul ...) + NOT-FOR-US: Unspecified Android filesystem, apparently not in mainline + NOTE: https://source.android.com/security/bulletin/2017-02-01.html + NOTE: Android bulletin lists all recent devices as affected. + NOTE: No source patch available, so may relate to Apache-licensed sdcardfs. +CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could enable ...) + NOT-FOR-US: Android filesystem layout +CVE-2017-0425 (An information disclosure vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0424 (An information disclosure vulnerability in AOSP Messaging could enable ...) + NOT-FOR-US: Android +CVE-2017-0423 (An elevation of privilege vulnerability in Bluetooth could enable a pr ...) + NOT-FOR-US: Android +CVE-2017-0422 (A denial of service vulnerability in Bionic DNS could enable a remote ...) + NOT-FOR-US: Android +CVE-2017-0421 (An information disclosure vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0420 (An information disclosure vulnerability in AOSP Mail could enable a lo ...) + NOT-FOR-US: Android +CVE-2017-0419 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0418 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0417 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0416 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0415 (An elevation of privilege vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0414 (An information disclosure vulnerability in AOSP Messaging could enable ...) + NOT-FOR-US: Android +CVE-2017-0413 (An information disclosure vulnerability in AOSP Messaging could enable ...) + NOT-FOR-US: Android +CVE-2017-0412 (An elevation of privilege vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0411 (An elevation of privilege vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0410 (An elevation of privilege vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0409 (A remote code execution vulnerability in libstagefright could enable a ...) + NOT-FOR-US: libstagefright +CVE-2017-0408 (A remote code execution vulnerability in libgdx could enable an attack ...) + - libgdx (bug #686673) +CVE-2017-0407 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0406 (A remote code execution vulnerability in Mediaserver could enable an a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0405 (A remote code execution vulnerability in Surfaceflinger could enable a ...) + NOT-FOR-US: Android +CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound subsystem ...) + - linux (Android-specific sound system) +CVE-2017-0403 (An elevation of privilege vulnerability in the kernel performance subs ...) + - linux (Android-specific performance subsystem) +CVE-2017-0402 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0401 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) + NOT-FOR-US: Android Qualcomm audio post processor +CVE-2017-0400 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0399 (An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBu ...) + NOT-FOR-US: Android Qualcomm audio post processor +CVE-2017-0398 (An information disclosure vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in libstagefrig ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0396 (An information disclosure vulnerability in visualizer/EffectVisualizer ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could enable a loc ...) + NOT-FOR-US: Android Contacts +CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote a ...) + NOT-FOR-US: Android Telephony +CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could enabl ...) + - libvpx 1.6.1-1 + [jessie] - libvpx (Minor issue) + [wheezy] - libvpx (Minor issue) + NOTE: probably fixed earlier, but this was the version checked + NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable. + NOTE: https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc +CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...) + NOT-FOR-US: libstagefright +CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in libhev ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver cou ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0389 (A denial of service vulnerability in core networking could enable a re ...) + NOT-FOR-US: Android +CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage Provid ...) + NOT-FOR-US: Android +CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could enable a ...) + NOT-FOR-US: Android Mediaserver +CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library could ena ...) + - libnl3 (Specific to Android's use of libnl) + NOTE: https://github.com/thom311/libnl/issues/124 +CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could enable a ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0384 (An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBu ...) + NOT-FOR-US: Android Audioserver +CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs could en ...) + NOT-FOR-US: Android +CVE-2017-0382 (A remote code execution vulnerability in the Framesequence library cou ...) + NOT-FOR-US: Android +CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c in li ...) + {DLA-793-1} + - opus 1.2~alpha2-1 (bug #851612) + [jessie] - opus (Minor issue, https://bugs.debian.org/851612#10) + NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha) + NOTE: https://github.com/xiph/opus/commit/70a3d641b760b3d313b6025f82aed93a460720e5 +CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in "commands_dump" funct ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in hcidump CLI tool, no security impact +CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in CLI tools, no security impact +CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" fun ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html + NOTE: Crash in btmon CLI tool, no security impact +CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" functi ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in CLI tools, no security impact +CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in CLI tools, no security impact +CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" funct ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html + NOTE: Crash in btmon CLI tool, no security impact +CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in "conf_opt" function ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in hcidump CLI tool, no security impact +CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" functio ...) + - bluez (unimportant; bug #847837) + NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html + NOTE: Crash in hcidump CLI tool, no security impact +CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in sound/core/pc ...) + {DLA-772-1} + - linux 4.7.2-1 + [jessie] - linux 3.16.39-1 + NOTE: https://patchwork.kernel.org/patch/8752621/ + NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1) + NOTE: http://seclists.org/oss-sec/2016/q4/576 +CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel be ...) + {DLA-772-1} + - linux 4.8.15-1 + [jessie] - linux 3.16.39-1 + NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 +CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 o ...) + {DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1} + - tomcat8 8.5.8-2 (bug #845385) + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 6.0.41-3 + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie + NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5 +CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...) + {DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1} + - tomcat8 8.5.8-2 (bug #845393) + - tomcat7 7.0.72-3 + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 6.0.41-3 + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie + NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/5 +CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does ...) + - linux 4.8.15-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804 + NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7) + NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/02/2 +CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet Contro ...) + {DLA-1497-1} + - qemu 1:2.8+dfsg-1 (bug #846797) + [wheezy] - qemu (Minor issue) + - qemu-kvm + [wheezy] - qemu-kvm (Coldfire is not emulated by kvm) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829 +CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not prop ...) + {DLA-772-1} + - linux 4.8.15-1 + [jessie] - linux 3.16.39-1 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468 + NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c +CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...) + - linux 4.8.15-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa (v4.9-rc8) + NOTE: https://groups.google.com/forum/#!topic/syzkaller/GFbGpX7nTEo +CVE-2016-9684 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) + NOT-FOR-US: SonicWall +CVE-2016-9683 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) + NOT-FOR-US: SonicWall +CVE-2016-9682 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vu ...) + NOT-FOR-US: SonicWall +CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity bef ...) + - serendipity +CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...) + NOT-FOR-US: Citrix +CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute a ...) + NOT-FOR-US: Citrix +CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before 7. ...) + NOT-FOR-US: Citrix +CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain se ...) + NOT-FOR-US: Citrix +CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows att ...) + NOT-FOR-US: Citrix +CVE-2016-9674 + REJECTED +CVE-2016-9673 + REJECTED +CVE-2016-9672 + REJECTED +CVE-2016-9671 + REJECTED +CVE-2016-9670 + REJECTED +CVE-2016-9669 + REJECTED +CVE-2016-9668 + REJECTED +CVE-2016-9667 + REJECTED +CVE-2016-9666 + REJECTED +CVE-2016-9665 + REJECTED +CVE-2016-9664 + REJECTED +CVE-2016-9663 + REJECTED +CVE-2016-9662 + REJECTED +CVE-2016-9661 + REJECTED +CVE-2016-9660 + REJECTED +CVE-2016-9659 + REJECTED +CVE-2016-9658 + REJECTED +CVE-2016-9657 + REJECTED +CVE-2016-9656 + REJECTED +CVE-2016-9655 + REJECTED +CVE-2016-9654 + REJECTED +CVE-2016-9653 + REJECTED +CVE-2016-9652 (Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883 ...) + {DSA-3731-1} + - chromium-browser 55.0.2883.75-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2016-9651 (A missing check for whether a property of a JS object is private in V8 ...) + {DSA-3731-1} + - chromium-browser 55.0.2883.75-1 + [wheezy] - chromium-browser (Not supported in Wheezy) + - libv8 (unimportant) + NOTE: libv8 not covered by security support +CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linu ...) + {DSA-3731-1} + - chromium-browser 55.0.2883.75-1 + [wheezy] - chromium-browser (Not supported in Wheezy) +CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...) + {DSA-3993-1} + - tor 0.3.1.7-1 (bug #876221) + [jessie] - tor (Issue introduced in 0.2.7.2-alpha) + [wheezy] - tor (Issue introduced in 0.2.7.2-alpha) + NOTE: https://trac.torproject.org/projects/tor/ticket/23490 + NOTE: https://gitweb.torproject.org/tor.git/commit/?id=09ea89764a4d3a907808ed7d4fe42abfe64bd486 +CVE-2017-0379 (Libgcrypt before 1.8.1 does not properly consider Curve25519 side-chan ...) + {DSA-3959-1} + - libgcrypt20 1.7.9-1 (bug #873383) + [jessie] - libgcrypt20 (Vulnerable code not present, no Curve25519 support) + - libgcrypt11 (Vulnerable code not present, no Curve25519 support) + NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b + NOTE: https://eprint.iacr.org/2017/806 +CVE-2017-0378 (XSS exists in the login_form function in views/helpers.php in Phamm be ...) + - phamm 0.6.8-1 (bug #868988) + [stretch] - phamm (Minor issue) + [jessie] - phamm (Minor issue) + [wheezy] - phamm (Minor issue) + NOTE: https://github.com/lota/phamm/issues/21 + NOTE: https://github.com/lota/phamm/commit/331bdbf0e79632385495fa62e087a6b4cf78857e +CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only con ...) + - tor (Affects only 0.3.x series) + NOTE: https://trac.torproject.org/projects/tor/ticket/22753 + NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients +CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...) + {DSA-3877-1 DLA-982-1} + - tor 0.2.9.11-1 (bug #864424) + NOTE: https://trac.torproject.org/22494 + NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=56a7c5bc15e0447203a491c1ee37de9939ad1dcd + NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha +CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of se ...) + - tor (Introduced in 0.3.0.1-alpha) + NOTE: https://trac.torproject.org/22493 + NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=79b59a2dfcb68897ee89d98587d09e55f07e68d7 + NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha +CVE-2017-0374 (lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before ...) + - libconfig-model-perl 2.097-2 + [jessie] - libconfig-model-perl (Minor issue) + [wheezy] - libconfig-model-perl (Minor issue. Perl itself has to fix this and this can not be done easily) + NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573 +CVE-2017-0373 (The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod ...) + - libconfig-model-perl 2.097-2 + [jessie] - libconfig-model-perl (Minor issue) + [wheezy] - libconfig-model-perl (Vulnerable code do not exist) + NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773 +CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawiki bef ...) + - mediawiki 1:1.27.3-1 (bug #861585) + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T158689 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html +CVE-2017-0371 (MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.2 ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T140591 + NOTE: https://phabricator.wikimedia.org/T68404 +CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam b ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T48143 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0369 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T108138 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0368 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawH ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T156184 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0367 (Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary d ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Vulnerable code not present) + NOTE: https://phabricator.wikimedia.org/T161453 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0366 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T151735 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0365 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerabilit ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T144845 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0364 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Speci ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T122209 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0363 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:Us ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T109140 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0362 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the " ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T150044 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0361 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information dis ...) + - mediawiki 1:1.27.2-1 + [wheezy] - mediawiki (Not supported in Wheezy LTS) + NOTE: https://phabricator.wikimedia.org/T125177 + NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html +CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote authentica ...) + {DSA-3826-1 DLA-882-1} + - tryton-server 4.2.1-2 + NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x) +CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based on th ...) + - diffoscope 77 (bug #854723) +CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...) + {DSA-3780-1 DLA-815-1} + - ntfs-3g 1:2016.2.22AR.1-4 + NOTE: PoC https://www.openwall.com/lists/oss-security/2017/02/04/1 +CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting ...) + - iucode-tool 2.1.1-1 + [jessie] - iucode-tool (Vulnerable code not present) + [wheezy] - iucode-tool (Vulnerable code not present) + NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3 +CVE-2017-0356 (A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.201701 ...) + {DSA-3760-1 DLA-812-1} + - ikiwiki 3.20170111 + NOTE: https://ikiwiki.info/security/#cve-2017-0356 +CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...) + {DLA-733-1} + - openafs 1.6.20-1 (bug #846922) + [jessie] - openafs 1.6.9-2+deb8u6 + NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt + NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master) + NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch + NOTE: https://www.openwall.com/lists/oss-security/2016/12/01/12 +CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the ...) + - linux 4.5.1-1 + [jessie] - linux 3.16.36-1 + [wheezy] - linux 3.2.81-1 + NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1) +CVE-2016-9649 + REJECTED +CVE-2016-9648 + REJECTED +CVE-2016-9647 + REJECTED +CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->fie ...) + {DSA-3760-1 DLA-812-1} + - ikiwiki 3.20161229 + NOTE: https://ikiwiki.info/security/#cve-2016-9646 +CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a den ...) + - webkitgtk 2.14.6-1 (unimportant) + NOTE: Not covered by security support + NOTE: https://www.openwall.com/lists/oss-security/2016/11/26/2 +CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...) + - webkitgtk (unimportant) + NOTE: Not covered by security support +CVE-2016-9641 + RESERVED +CVE-2016-9640 + RESERVED +CVE-2017-0355 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0354 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0353 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0352 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) + - nvidia-graphics-drivers 375.66-1 (bug #863515) + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) + - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) +CVE-2017-0351 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) + - nvidia-graphics-drivers 375.66-1 (bug #863515) + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) + - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) +CVE-2017-0350 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...) + - nvidia-graphics-drivers 375.66-1 (bug #863515) + [jessie] - nvidia-graphics-drivers (Non-free not supported) + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx (Only affects later driver series) + - nvidia-graphics-drivers-legacy-304xx (Only affects later driver series) +CVE-2017-0349 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0348 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0347 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0346 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0345 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0344 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0343 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0342 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a vulner ...) + NOT-FOR-US: NVIDIA Windows drivers +CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser comp ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0337 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0336 (An information disclosure vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0335 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0334 (An information disclosure vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0333 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0332 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0331 (An elevation of privilege vulnerability in the NVIDIA video driver cou ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0330 (An information disclosure vulnerability in the NVIDIA crypto driver co ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0329 (An elevation of privilege vulnerability in the NVIDIA boot and power m ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0328 (An information disclosure vulnerability in the NVIDIA crypto driver co ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver co ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver c ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) + - nvidia-graphics-drivers 375.39-1 (bug #855277) + [jessie] - nvidia-graphics-drivers 340.102-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) + - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) + [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 +CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a vulnerabilit ...) + - nvidia-graphics-drivers 375.39-1 (bug #855277) + [jessie] - nvidia-graphics-drivers 340.102-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) + - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) + [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 +CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0316 (In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer Fra ...) + NOT-FOR-US: NVIDIA Installer Framework +CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...) + - nvidia-graphics-drivers 375.39-1 (bug #855277) + [jessie] - nvidia-graphics-drivers 340.102-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) + - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) + [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 +CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) + - nvidia-graphics-drivers 375.39-1 (bug #855277) + [jessie] - nvidia-graphics-drivers 340.102-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) + - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) + [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 +CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in t ...) + - nvidia-graphics-drivers 375.39-1 (bug #855277) + [jessie] - nvidia-graphics-drivers 340.102-1 + [wheezy] - nvidia-graphics-drivers (Non-free not supported) + - nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278) + - nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279) + [jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1 +CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a vulnerabil ...) + NOT-FOR-US: NVIDIA drivers for Windows +CVE-2017-0307 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2017-0306 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...) + NOT-FOR-US: NVIDIA driver for Android +CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary "listguests64" is configur ...) + NOT-FOR-US: BMC Patrol +CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu i ...) + {DLA-1270-1} + - qemu (Vulnerability specific to Xen) + - qemu-kvm (Vulnerability specific to Xen) + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: https://xenbits.xen.org/xsa/advisory-199.html +CVE-2016-9620 + REJECTED +CVE-2016-9619 + REJECTED +CVE-2016-9618 + REJECTED +CVE-2016-9617 + REJECTED +CVE-2016-9616 + REJECTED +CVE-2016-9615 + REJECTED +CVE-2016-9614 + REJECTED +CVE-2016-9613 + REJECTED +CVE-2016-9612 + REJECTED +CVE-2016-9611 + REJECTED +CVE-2016-9610 + REJECTED +CVE-2016-9609 + REJECTED +CVE-2016-9608 + REJECTED +CVE-2016-9607 + REJECTED +CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a req ...) + - resteasy 3.1.4-1 (bug #851430) + [jessie] - resteasy (Minor issue) + - resteasy3.0 3.0.26-1 + NOTE: See CVE-2018-1051 to address original incomplete fix for CVE-2016-9606 +CVE-2016-9605 (A flaw was found in cobbler software component version 2.6.11-1. It su ...) + - cobbler (bug #858844) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333 +CVE-2016-9604 (It was discovered in the Linux kernel before 4.11-rc8 that root can ga ...) + {DLA-922-1} + - linux 4.9.25-1 + [jessie] - linux 3.16.43-1 + NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f +CVE-2016-9603 (A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA e ...) + {DLA-1497-1 DLA-1270-1 DLA-1035-1 DLA-939-1} + - qemu 1:2.8+dfsg-4 (bug #857744) + - qemu-kvm + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: https://xenbits.xen.org/xsa/advisory-211.html + NOTE: https://www.openwall.com/lists/oss-security/2017/03/14/2 + NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6 +CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following wh ...) + {DLA-1497-1 DLA-1035-1 DLA-965-1} + - qemu 1:2.8+dfsg-3 (bug #853006) + - qemu-kvm + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929 + NOTE: The original proposed patch does not fix the issue, cf. + NOTE: https://www.openwall.com/lists/oss-security/2017/01/17/14 + NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html + NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035 + NOTE: If fixing this issue for older suites, then make sure not to open the + NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e + NOTE: See further details in the CVE-2017-7471 tracker entry. +CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer o ...) + {DSA-3817-1 DLA-874-1} + - jbig2dec 0.13-4 (bug #850497) + NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457 + NOTE: Patch: https://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092 +CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer dereferen ...) + - jasper (unimportant) + NOTE: https://github.com/mdadams/jasper/issues/109 + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846 + NOTE: Not suitable for code injection, hardly denial of service +CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access ...) + NOT-FOR-US: puppet-tripleo +CVE-2016-9598 (libxml2, as used in Red Hat JBoss Core Services, allows context-depend ...) + - libxml2 (Red Hat specific security regressions) +CVE-2016-9597 (It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 f ...) + - libxml2 (Red Hat specific security regressions) +CVE-2016-9596 (libxml2, as used in Red Hat JBoss Core Services and when in recovery m ...) + - libxml2 (Red Hat specific security regressions) +CVE-2016-9595 (A flaw was found in katello-debug before 3.4.0 where certain scripts a ...) + NOT-FOR-US: Katello +CVE-2016-9594 (curl before version 7.52.1 is vulnerable to an uninitialized random in ...) + - curl (Only affects 7.52.0) + NOTE: https://curl.haxx.se/docs/adv_20161223.html +CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman ...) + - foreman (bug #663101) +CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a f ...) + NOT-FOR-US: OpenShift +CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the ...) + {DSA-3827-1 DLA-920-1} + - jasper + NOTE: https://github.com/mdadams/jasper/issues/105 + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c +CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an informat ...) + - puppet-module-swift 9.4.4-1 (bug #851293) +CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...) + NOT-FOR-US: Red Hat specific use of undertow in Wildfly +CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...) + {DSA-3804-1 DLA-849-1} + - linux 4.8.15-2 + NOTE: https://www.spinics.net/lists/kvm/msg142495.html + NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388 +CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper inpu ...) + - ansible 2.2.0.0-3 (bug #850846) + [jessie] - ansible (Vulnerable code not present, way ssh commands was reworked in 2.x branch) + NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3) + NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4) + NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4) + NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3 +CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when doi ...) + {DLA-1568-1 DLA-767-1} + - curl 7.52.1-1 (bug #848958) + NOTE: https://curl.haxx.se/docs/adv_20161221A.html + NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9 + NOTE: There are no known vulnerable applications but as this is a + NOTE: library it should be fixed as we do not know the full impact. +CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untr ...) + NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5 +CVE-2016-9584 (libical allows remote attackers to cause a denial of service (use-afte ...) + {DLA-959-1} + - libical3 3.0.1-1 + - libical (bug #852034) + [stretch] - libical (Minor issue) + [jessie] - libical (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/15/5 + NOTE: Upstream ticket: https://github.com/libical/libical/issues/253 +CVE-2016-9583 (An out-of-bounds heap read vulnerability was found in the jpc_pi_nextp ...) + - jasper (unimportant) + NOTE: https://github.com/mdadams/jasper/issues/103 + NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27 + NOTE: The issue exists due to an overflow check which is not present + NOTE: in Wheezy and Jessie. However it makes sense to implement this check. + NOTE: This can be done when more important issues are found [wheezy]. + NOTE: Not suitable for code injection, hardly denial of service +CVE-2016-9582 + REJECTED +CVE-2016-9581 (An infinite loop vulnerability in tiftoimage that results in heap buff ...) + - openjpeg2 (unimportant) + NOTE: https://github.com/uclouvain/openjpeg/issues/872 + NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 + NOTE: not built into the binary packages +CVE-2016-9580 (An integer overflow vulnerability was found in tiftoimage function in ...) + - openjpeg2 (unimportant) + NOTE: https://github.com/uclouvain/openjpeg/issues/871 + NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255 + NOTE: not built into the binary packages +CVE-2016-9579 (A flaw was found in the way Ceph Object Gateway would process cross-or ...) + - ceph 10.2.5-2 (bug #849048) + [jessie] - ceph 0.80.7-2+deb8u2 + NOTE: http://tracker.ceph.com/issues/18187 +CVE-2016-9578 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...) + {DSA-3790-1 DLA-825-1} + - spice 0.12.8-2.1 (bug #854336) + NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x) + NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x) +CVE-2016-9577 (A vulnerability was discovered in SPICE before 0.13.90 in the server's ...) + {DSA-3790-1 DLA-825-1} + - spice 0.12.8-2.1 (bug #854336) + NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 (0.12.x) +CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not properl ...) + {DLA-772-1} + - linux 4.8.15-2 + [jessie] - linux 3.16.39-1 + NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1) +CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux kerne ...) + {DLA-772-1} + - linux 4.8.15-1 + [jessie] - linux 3.16.39-1 + NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2 + NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt + NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9) +CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...) + - freeipa 4.4.4-1 (bug #849950) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311 + NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15 + NOTE: https://fedorahosted.org/freeipa/ticket/6560 +CVE-2016-9574 (nss before version 3.30 is vulnerable to a remote denial of service du ...) + - nss 2:3.25-1 + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 + NOTE: The CVE is specific to the segfault resulting from the reproducing steps + NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482 + NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735 +CVE-2016-9573 (An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in th ...) + {DSA-3768-1} + - openjpeg2 2.1.2-1.1 (bug #851422) + NOTE: https://github.com/uclouvain/openjpeg/issues/863 + NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d +CVE-2016-9572 (A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 de ...) + {DSA-3768-1} + - openjpeg2 2.1.2-1.1 (bug #851422) + NOTE: https://github.com/uclouvain/openjpeg/issues/863 + NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d +CVE-2016-9571 + REJECTED +CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...) + NOT-FOR-US: Carbon Black +CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...) + NOT-FOR-US: Carbon Black +CVE-2016-9568 (A security design issue can allow an unprivileged user to interact wit ...) + NOT-FOR-US: Carbon Black +CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) soft ...) + NOT-FOR-US: Samsung +CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with acc ...) + {DLA-1615-1 DLA-751-1} + - nagios3 + [wheezy] - nagios3 (Minor issue) + NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4 + NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html + NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile + - icinga 1.13.4-1 + [jessie] - icinga (Minor issue) + [wheezy] - icinga (Minor issue) + NOTE: https://dev.icinga.com/issues/13709 + NOTE: https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65 + NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0 +CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before 4. ...) + {DLA-751-1} + - nagios3 3.5.1-1 + NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html + NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected + NOTE: function was removed. + NOTE: The scope of the CVE is specific to Nagios. + NOTE: impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable +CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remot ...) + - boa (the vuln was removed in 0.93.14) + NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r +CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticate ...) + NOT-FOR-US: SAP +CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...) + NOT-FOR-US: SAP +CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg b ...) + - ffmpeg 7:3.2.4-1 (unimportant) + NOTE: https://www.openwall.com/lists/oss-security/2016/12/08/1 + NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media + NOTE: files, it needs to set resource limits +CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version 4 ...) + NOT-FOR-US: Sophos +CVE-2016-9553 (The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote ...) + NOT-FOR-US: Sophos +CVE-2016-9552 + RESERVED +CVE-2016-9551 + RESERVED +CVE-2016-9550 + RESERVED +CVE-2016-9549 + RESERVED +CVE-2016-9548 + RESERVED +CVE-2016-9547 + RESERVED +CVE-2016-9546 + RESERVED +CVE-2016-9545 + RESERVED +CVE-2016-9544 + RESERVED +CVE-2016-9543 + RESERVED +CVE-2016-9542 + RESERVED +CVE-2016-9541 + RESERVED +CVE-2016-9531 + REJECTED +CVE-2016-9530 + REJECTED +CVE-2016-9529 + REJECTED +CVE-2016-9528 + REJECTED +CVE-2016-9527 + REJECTED +CVE-2016-9526 + REJECTED +CVE-2016-9525 + REJECTED +CVE-2016-9524 + REJECTED +CVE-2016-9523 + REJECTED +CVE-2016-9522 + REJECTED +CVE-2016-9521 + REJECTED +CVE-2016-9520 + REJECTED +CVE-2016-9519 + REJECTED +CVE-2016-9518 + REJECTED +CVE-2016-9517 + REJECTED +CVE-2016-9516 + REJECTED +CVE-2016-9515 + REJECTED +CVE-2016-9514 + REJECTED +CVE-2016-9513 + REJECTED +CVE-2016-9512 + REJECTED +CVE-2016-9511 + REJECTED +CVE-2016-9510 + REJECTED +CVE-2016-9509 + REJECTED +CVE-2016-9508 + REJECTED +CVE-2016-9507 + REJECTED +CVE-2016-9506 + REJECTED +CVE-2016-9505 + REJECTED +CVE-2016-9504 + REJECTED +CVE-2016-9503 + REJECTED +CVE-2016-9502 + REJECTED +CVE-2016-9501 + REJECTED +CVE-2016-9500 (Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft P ...) + NOT-FOR-US: Accellion +CVE-2016-9499 (Accellion FTP server prior to version FTA_9_12_220 only returns the us ...) + NOT-FOR-US: Accellion +CVE-2016-9498 (ManageEngine Applications Manager 12 and 13 before build 13200, allows ...) + NOT-FOR-US: ManageEngine +CVE-2016-9497 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) + NOT-FOR-US: Hughes +CVE-2016-9496 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) + NOT-FOR-US: Hughes +CVE-2016-9495 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) + NOT-FOR-US: Hughes +CVE-2016-9494 (Hughes high-performance broadband satellite modems, models HN7740S DW7 ...) + NOT-FOR-US: Hughes +CVE-2016-9493 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) + NOT-FOR-US: PHP FormMail Generator +CVE-2016-9492 (The code generated by PHP FormMail Generator prior to 17 December 2016 ...) + NOT-FOR-US: PHP FormMail Generator +CVE-2016-9491 (ManageEngine Applications Manager 12 and 13 before build 13690 allows ...) + NOT-FOR-US: ManageEngine +CVE-2016-9490 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...) + NOT-FOR-US: ManageEngine Applications Manager +CVE-2016-9489 (In ManageEngine Applications Manager 12 and 13 before build 13200, an ...) + NOT-FOR-US: ManageEngine +CVE-2016-9488 (ManageEngine Applications Manager versions 12 and 13 before build 1320 ...) + NOT-FOR-US: ManageEngine Applications Manager +CVE-2016-9487 (EpubCheck 4.0.1 does not properly restrict resolving external entities ...) + NOT-FOR-US: EpubCheck +CVE-2016-9486 (On Windows endpoints, the SecureConnector agent must run under the loc ...) + NOT-FOR-US: SecureConnector agent +CVE-2016-9485 (On Windows endpoints, the SecureConnector agent must run under the loc ...) + NOT-FOR-US: SecureConnector agent +CVE-2016-9484 (The generated PHP form code does not properly validate user input fold ...) + NOT-FOR-US: PHP FormMail Generator +CVE-2016-9483 (The PHP form code generated by PHP FormMail Generator deserializes unt ...) + NOT-FOR-US: PHP FormMail Generator +CVE-2016-9482 (Code generated by PHP FormMail Generator may allow a remote unauthenti ...) + NOT-FOR-US: PHP FormMail Generator +CVE-2014-9912 (The get_icu_disp_value_src_php function in ext/intl/locale/locale_meth ...) + - php5 5.6.0+dfsg-1 + [wheezy] - php5 5.4.34-0+deb7u1 + NOTE: Fixed in 5.6.0, 5.5.14, 5.4.30, 5.3.29 + NOTE: PHP Bug: https://bugs.php.net/bug.php?id=67397 + NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest + NOTE: PHP workaround for CVE-2014-9911 in icu +CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into foll ...) + {DLA-757-1} + - phpmyadmin 4:4.1.7-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/ + NOTE: may affect wheezy only. +CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/ + NOTE: Debian packaging generates blowfish secret +CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/ + NOTE: disabled by default, debugging setting required +CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...) + {DLA-1821-1 DLA-757-1} + - phpmyadmin 4:4.6.5.1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/ +CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the allow ...) + {DLA-1821-1 DLA-757-1} + - phpmyadmin 4:4.6.5.1-1 (low) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/ +CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + [jessie] - phpmyadmin (Vulnerable code not present) + [wheezy] - phpmyadmin (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/ +CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ + NOTE: path disclosure not relevant in Debian +CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ + NOTE: path disclosure not relevant in Debian +CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ + NOTE: path disclosure not relevant in Debian +CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ar ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/ + NOTE: path disclosure not relevant in Debian +CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix f ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/ +CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a we ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/ +CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ +CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ +CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can exe ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/ +CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ma ...) + {DLA-1821-1 DLA-757-1} + - phpmyadmin 4:4.6.5.1-1 (low) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/ +CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...) + - phpmyadmin 4:4.6.5.1-1 + [jessie] - phpmyadmin (Vulnerable code not present) + [wheezy] - phpmyadmin (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/ +CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ta ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + [jessie] - phpmyadmin (Vulnerable code not present) + [wheezy] - phpmyadmin (Vulnerable code not present) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/ +CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ta ...) + {DLA-1821-1 DLA-757-1} + - phpmyadmin 4:4.6.5.1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/ +CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized stri ...) + {DLA-1415-1 DLA-757-1} + - phpmyadmin 4:4.6.5.1-1 + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/ + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5) + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d (MAINT_4_4_15) +CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is diffe ...) + - phpmyadmin 4:4.6.5.1-1 (unimportant) + NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/ + NOTE: unlikely PHP configuration required, unclear impact +CVE-2014-9911 (Stack-based buffer overflow in the ures_getByKeyWithFallback function ...) + {DSA-3725-1 DLA-744-1} + - icu 55.1-3 + NOTE: http://bugs.icu-project.org/trac/ticket/10891 + NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699 + NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the + NOTE: first fixed package version uploaded to unstable is 55.1-3 . +CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to minio ...) + - salt 2016.3.0+ds-1 + [jessie] - salt (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2016/11/25/2 +CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before 1.10. ...) + {DSA-3818-1} + - gst-plugins-bad1.0 1.10.2-1 (low) + - gst-plugins-bad0.10 (Vulnerable code introduced in 1.1.1 of 1.0 series) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120 +CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...) + {DSA-3818-1} + - gst-plugins-bad1.0 1.10.2-1 (low) + - gst-plugins-bad0.10 (Vulnerable code introduced in 1.1.1 of 1.0 series) + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048 +CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer be ...) + {DSA-3819-1 DLA-2126-1 DLA-735-1} + - gst-plugins-base1.0 1.10.2-1 + - gst-plugins-base0.10 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902 +CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in g ...) + - gst-plugins-good1.0 1.10.1-2 + [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 + - gst-plugins-good0.10 + [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 + [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897 +CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ...) + {DSA-3818-1 DLA-2164-1 DLA-736-1} + - gst-plugins-bad1.0 1.10.2-1 + - gst-plugins-bad0.10 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896 +CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...) + - gst-plugins-good1.0 1.10.1-2 + [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 + - gst-plugins-good0.10 + [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 + [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859 + NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff + NOTE: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html +CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer bef ...) + - gst-plugins-good1.0 1.10.1-2 + [jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2 + - gst-plugins-good0.10 + [jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2 + [wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1 + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859 + NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff +CVE-2016-9806 (Race condition in the netlink_dump function in net/netlink/af_netlink. ...) + - linux 4.6.3-1 + [jessie] - linux 3.16.39-1 + [wheezy] - linux (Introduced in 3.12) + NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1) +CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) + {DSA-3724-1 DSA-3723-1 DLA-727-1} + - gst-plugins-good1.0 1.10.1-2 (bug #845375) + - gst-plugins-good0.10 + NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff +CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) + {DSA-3724-1 DSA-3723-1 DLA-727-1} + - gst-plugins-good1.0 1.10.1-2 (bug #845375) + - gst-plugins-good0.10 + NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff +CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in gst ...) + {DSA-3724-1 DSA-3723-1 DLA-727-1} + - gst-plugins-good1.0 1.10.1-2 (bug #845375) + - gst-plugins-good0.10 + NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html + NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834 + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9 + NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff +CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/23 +CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/43 +CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/42 +CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/41 +CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/40 +CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/39 +CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/38 + NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189 +CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/37 +CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/36 +CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/35 +CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/33 +CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/32 +CVE-2016-9621 + REJECTED +CVE-2016-9560 (Stack-based buffer overflow in the jpc_tsfb_getbands2 function in jpc_ ...) + {DSA-3785-1 DLA-739-1} + - jasper + NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495 +CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf ...) + - dwarfutils 20161124-1 (bug #845408) + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c + NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5 +CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows remot ...) + - jasper + [jessie] - jasper (There is no application crash unless jasper is built with ASAN) + [wheezy] - jasper (the fix is too invasive) + NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a +CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kern ...) + {DLA-772-1} + - linux 4.8.11-1 + [jessie] - linux 3.16.39-1 + NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4) +CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of Expo ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain sensi ...) + - dwarfutils 20161124-1 + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006 + NOTE: https://sourceforge.net/p/libdwarf/bugs/5/ + NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/ + NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older + NOTE: versions, but there seem to be still back then an unchecked dereference + NOTE: of val_ptr. +CVE-2016-9479 (The "lost password" functionality in b2evolution before 6.7.9 allows r ...) + - b2evolution +CVE-2016-9478 + REJECTED +CVE-2016-9477 + REJECTED +CVE-2016-9476 + REJECTED +CVE-2016-9475 + REJECTED +CVE-2016-9474 + REJECTED +CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and e ...) + - brave-browser (bug #864795) +CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element In ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Dow ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any authentic ...) + - gitlab 8.13.6+dfsg2-2 (bug #847157) + NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/ + NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064 +CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...) + - nextcloud (bug #835086) +CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0 ...) + - nextcloud (bug #835086) +CVE-2016-9466 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...) + - nextcloud (bug #835086) +CVE-2016-9465 (Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1. ...) + - nextcloud (bug #835086) +CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper aut ...) + - nextcloud (bug #835086) +CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1 ...) + - nextcloud (bug #835086) +CVE-2016-9462 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) + - nextcloud (bug #835086) +CVE-2016-9461 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not ...) + - nextcloud (bug #835086) +CVE-2016-9460 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vuln ...) + - nextcloud (bug #835086) +CVE-2016-9459 (Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vuln ...) + - nextcloud (bug #835086) +CVE-2016-9458 + REJECTED +CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/st ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...) + {DSA-3758-1 DLA-805-1} + [experimental] - bind9 1:9.10.4-P5-1 + - bind9 1:9.10.3.dfsg.P4-11 (bug #851062) + NOTE: https://kb.isc.org/article/AA-01441/0 +CVE-2016-9928 (MCabber before 1.0.4 is vulnerable to roster push attacks, which allow ...) + {DLA-2260-1 DLA-724-1} + - mcabber 0.10.2-1.1 (bug #845258) + NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw + NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/09/5 +CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688] + - slixmpp 1.2.2-1 + NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE) +CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory] + - tomcat8 8.0.38-1 (bug #840685) + [jessie] - tomcat8 8.0.14-1+deb8u4 + NOTE: Workaround entry for DSA-3720-1 since no CVE assinged + - tomcat7 7.0.72-3 (bug #841655) + [jessie] - tomcat7 7.0.56-3+deb8u5 + [wheezy] - tomcat7 7.0.28-4+deb7u7 + NOTE: Workaround entry for DSA-3721-1 since no CVE assinged + NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API + - tomcat6 6.0.41-3 + NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie +CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845246) + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/131 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845244) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.5+dfsg-1 (bug #845243) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/298 +CVE-2016-9773 (Heap-based buffer overflow in the IsPixelGray function in MagickCore/p ...) + - imagemagick (Affects only the ImageMagick-7 branch, cf. NOTE) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3 + NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/ + NOTE: https://github.com/ImageMagick/ImageMagick/issues/312 + NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045 +CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.5+dfsg-1 (bug #845242) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/301 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c + NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master) +CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attack ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.5+dfsg-1 (bug #845241) + NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagi ...) + - imagemagick 8:6.9.6.5+dfsg-1 (bug #845239) + [jessie] - imagemagick (Vulnerable code using layer_info[i].info introduced later) + [wheezy] - imagemagick (Vulnerable code using layer_info[i].info introduced later) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in Imag ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845213) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before 7.0. ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845212) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/129 + NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05 + NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845202) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845198) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...) + {DSA-3799-1 DLA-868-1} + - imagemagick 8:6.9.7.4+dfsg-1 (bug #849439) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/352 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 + NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was + NOTE: specifically noted at the beginning of issues/196, but not fixed in + NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor + NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same + NOTE: as the fputc issue in ReadGROUP4Image. + NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd +CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before 7. ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagi ...) + {DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845196) + [jessie] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7 + NOTE: https://github.com/ImageMagick/ImageMagick/issues/196 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows ...) + {DSA-3726-1 DLA-756-1} + - imagemagick 8:6.9.6.2+dfsg-2 (bug #845195) + NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410 + NOTE: https://www.openwall.com/lists/oss-security/2016/12/20/3 +CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...) + - tiff (Vulnerable code introduced by fix for CVE-2016-9297) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593 + NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297 +CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the Ad ...) + NOT-FOR-US: MyBB +CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1 ...) + NOT-FOR-US: MyBB +CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) + NOT-FOR-US: MyBB +CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...) + NOT-FOR-US: MyBB +CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1. ...) + NOT-FOR-US: MyBB +CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka MyB ...) + NOT-FOR-US: MyBB +CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge Syst ...) + NOT-FOR-US: MyBB +CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) + NOT-FOR-US: MyBB +CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) + NOT-FOR-US: MyBB +CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) + NOT-FOR-US: MyBB +CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...) + NOT-FOR-US: MyBB +CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1 ...) + NOT-FOR-US: MyBB +CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...) + NOT-FOR-US: MyBB +CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in M ...) + NOT-FOR-US: MyBB +CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + NOT-FOR-US: MyBB +CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in ...) + NOT-FOR-US: MyBB +CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB ...) + NOT-FOR-US: MyBB +CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + NOT-FOR-US: MyBB +CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...) + NOT-FOR-US: MyBB +CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka MyBull ...) + NOT-FOR-US: MyBB +CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as u ...) + {DSA-3729-1 DLA-720-1} + - xen 4.8.0-1 (bug #845663) + NOTE: https://xenbits.xen.org/xsa/advisory-191.html +CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x throug ...) + {DSA-3729-1} + - xen 4.8.0-1 (bug #845665) + [wheezy] - xen (Only affects Xen >= 4.4) + NOTE: https://xenbits.xen.org/xsa/advisory-193.html +CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host informati ...) + - xen 4.8.0-1 (bug #845667) + [jessie] - xen (Only affects Xen >= 4.7) + [wheezy] - xen (Only affects Xen >= 4.7) + NOTE: https://xenbits.xen.org/xsa/advisory-194.html +CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS us ...) + {DSA-3729-1 DLA-720-1} + - xen 4.8.0-1 (bug #845668) + NOTE: https://xenbits.xen.org/xsa/advisory-195.html +CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, whic ...) + {DSA-3729-1 DLA-720-1} + - xen 4.8.0-1 (bug #845664) + NOTE: https://xenbits.xen.org/xsa/advisory-192.html +CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS administra ...) + {DLA-720-1} + - xen 4.4.0-1 + NOTE: Xen switched to qemu-system in 4.4.0-1 + NOTE: https://xenbits.xen.org/xsa/advisory-197.html +CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output form ...) + {DSA-3729-1 DLA-720-1} + - xen 4.8.0-1 (bug #845670) + NOTE: https://xenbits.xen.org/xsa/advisory-198.html +CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output forma ...) + {DSA-3729-1 DLA-720-1} + - xen 4.8.0-1 (bug #845670) + NOTE: https://xenbits.xen.org/xsa/advisory-198.html +CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...) + - xen 4.8.0-1 (bug #845669) + [jessie] - xen (Only 4.5 onwards vulnerable) + [wheezy] - xen (Only 4.5 onwards vulnerable) + NOTE: https://xenbits.xen.org/xsa/advisory-196.html +CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...) + - xen 4.8.0-1 (bug #845669) + [jessie] - xen (Only 4.5 onwards vulnerable) + [wheezy] - xen (Only 4.5 onwards vulnerable) + NOTE: https://xenbits.xen.org/xsa/advisory-196.html +CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9370 + REJECTED +CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication Inter ...) + NOT-FOR-US: Eaton xComfort Ethernet Communication Interface +CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions ...) + NOT-FOR-US: Moxa +CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (release ...) + NOT-FOR-US: WAGO +CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFI ...) + NOT-FOR-US: General Electric +CVE-2016-9359 + REJECTED +CVE-2016-9358 (A Hard-Coded Passwords issue was discovered in Marel Food Processing S ...) + NOT-FOR-US: Marel +CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected ...) + NOT-FOR-US: legacy Eaton ePDUs +CVE-2016-9356 (An issue was discovered in Moxa DACenter Versions 1.4 and older. The a ...) + NOT-FOR-US: Moxa +CVE-2016-9355 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8 ...) + NOT-FOR-US: Alaris 8015 Point of Care +CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. A spe ...) + NOT-FOR-US: Moxa +CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) + NOT-FOR-US: Advantech SUISAccess Server +CVE-2016-9352 + REJECTED +CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) + NOT-FOR-US: Advantech SUISAccess Server +CVE-2016-9350 + REJECTED +CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...) + NOT-FOR-US: Advantech SUISAccess Server +CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPor ...) + NOT-FOR-US: Moxa +CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O Ca ...) + NOT-FOR-US: Emerson +CVE-2016-9346 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...) + NOT-FOR-US: Moxa +CVE-2016-9345 (An issue was discovered in Emerson DeltaV Easy Security Management Del ...) + NOT-FOR-US: Emerson +CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...) + NOT-FOR-US: Moxa +CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable ...) + NOT-FOR-US: Rockwell +CVE-2016-9342 + REJECTED +CVE-2016-9341 + REJECTED +CVE-2016-9340 + REJECTED +CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versio ...) + NOT-FOR-US: INTERSCHALT Maritime Systems +CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...) + NOT-FOR-US: Rockwell +CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all firmwa ...) + NOT-FOR-US: Tesla car +CVE-2016-9336 + REJECTED +CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red Lio ...) + NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches +CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogi ...) + NOT-FOR-US: Rockwell +CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...) + NOT-FOR-US: Moxa +CVE-2016-9332 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...) + NOT-FOR-US: Moxa +CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...) + {DLA-723-1} + - libsoap-lite-perl 1.19-1 + [jessie] - libsoap-lite-perl (Minor issue) + NOTE: https://github.com/redhotpenguin/soaplite/pull/21 + NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124 +CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and My ...) + NOT-FOR-US: MyBB +CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...) + NOT-FOR-US: MyBB +CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB ...) + NOT-FOR-US: MyBB +CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the admi ...) + NOT-FOR-US: MyBB +CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x befo ...) + NOT-FOR-US: MyBB +CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote att ...) + {DSA-3762-1} + - tiff 4.0.6-3 + [wheezy] - tiff 4.0.2-6+deb7u7 + NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652 + - tiff3 + [wheezy] - tiff3 (Tools not shipped by tiff3) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579 + NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1 + NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652 + NOTE: and included in patches/09-CVE-2016-5652.patch + NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind): + NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order. + NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered. + NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered. + NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample". + NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading. +CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render canva ...) + {DSA-3717-1 DLA-712-1} + - gst-plugins-bad0.10 + - gst-plugins-bad1.0 1.10.1-1 + NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html + NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533 + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe +CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote at ...) + {DSA-3717-1 DLA-712-1} + - gst-plugins-bad0.10 + - gst-plugins-bad1.0 1.10.1-1 + NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html + NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533 + NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe +CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote a ...) + - drupal8 (bug #756305) + - drupal7 (Only affects Drupal 8) + NOTE: https://www.drupal.org/SA-CORE-2016-005 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 +CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...) + {DSA-3718-1 DLA-715-1} + - drupal7 7.52-1 + NOTE: https://www.drupal.org/SA-CORE-2016-005 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 +CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote ...) + - drupal8 (bug #756305) + - drupal7 (Only affects Drupal 8) + NOTE: https://www.drupal.org/SA-CORE-2016-005 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 +CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 mig ...) + {DSA-3718-1 DLA-715-1} + - drupal8 (bug #756305) + - drupal7 7.52-1 + NOTE: https://www.drupal.org/SA-CORE-2016-005 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/18/8 +CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/28 +CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29 +CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/24 +CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/22 +CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-33 (bug #844726) + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/20 +CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/18 +CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/17 +CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly initiali ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/16 + NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd +CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 do ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/16 + NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd +CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/15 +CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/14 +CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/13 +CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/10 +CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/7 +CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/29 +CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/26 +CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows attac ...) + {DLA-2966-1 DLA-721-1} + [experimental] - libgc 1:7.4.4-1 + - libgc 1:7.6.4-0.3 (bug #844771) + [jessie] - libgc (Minor issue) + NOTE: https://github.com/ivmai/bdwgc/issues/135 + NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4 + NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee + NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7 +CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/25 +CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/21 +CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/12 +CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/9 +CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3 ...) + - w3m 0.5.3-30 + [jessie] - w3m 0.5.3-19+deb8u1 + [wheezy] - w3m (Minor issue) + NOTE: https://github.com/tats/w3m/issues/8 +CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell an ...) + {DLA-1726-1} + - bash 4.4-3 (bug #844727) + [wheezy] - bash (Minor issue) + NOTE: Upstream bash considers this issue only to be a bug. + NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html + NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006 +CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows remo ...) + - jasper (unimportant) + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes + NOTE: Negligible security impact +CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 all ...) + - jasper (unimportant) + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2 + NOTE: Negligible security impact +CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows rem ...) + - jasper (unimportant) + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize + NOTE: Negligible security impact +CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0. ...) + - jasper (unimportant) + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN + NOTE: Negligible security impact +CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 a ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t + NOTE: Negligible security impact +CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 a ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t + NOTE: Negligible security impact +CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl + NOTE: Negligible security impact +CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allo ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330 + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes + NOTE: Negligible security impact +CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits + NOTE: Negligible security impact +CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 a ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865 + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t + NOTE: Negligible security impact +CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.90 ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict + NOTE: Negligible security impact +CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823 + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap + NOTE: Negligible security impact +CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in libjasper/jpc/ ...) + - jasper (unimportant) + NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf + NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t + NOTE: Negligible security impact +CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop exc ...) + - wireshark 2.2.2+g9c5aae3-1 + [jessie] - wireshark (Only affects 2.2.x) + [wheezy] - wireshark (Only affects 2.2.x) + NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html +CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector c ...) + {DSA-3719-1 DLA-714-1} + - wireshark 2.2.2+g9c5aae3-1 + NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html +CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector ...) + {DSA-3719-1 DLA-714-1} + - wireshark 2.2.2+g9c5aae3-1 + NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html +CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector coul ...) + {DSA-3719-1 DLA-714-1} + - wireshark 2.2.2+g9c5aae3-1 + NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html +CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...) + {DSA-3719-1 DLA-714-1} + - wireshark 2.2.2+g9c5aae3-1 + NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html + NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html +CVE-2016-9331 + REJECTED +CVE-2016-9330 + REJECTED +CVE-2016-9329 + REJECTED +CVE-2016-9328 + REJECTED +CVE-2016-9327 + REJECTED +CVE-2016-9326 + REJECTED +CVE-2016-9325 + REJECTED +CVE-2016-9324 + REJECTED +CVE-2016-9323 + REJECTED +CVE-2016-9322 + REJECTED +CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...) + - teeworlds 0.6.4+dfsg-1 (bug #844546) + [jessie] - teeworlds (Minor issue; can be fixed via point release) + [wheezy] - teeworlds (Games are not supported in Wheezy) + NOTE: https://www.teeworlds.com/?page=news&id=12086 + NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release) + NOTE: https://www.openwall.com/lists/oss-security/2016/11/16/8 +CVE-2016-9321 + RESERVED +CVE-2016-9320 + RESERVED +CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro Enterpr ...) + NOT-FOR-US: Trend Micro +CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ot ...) + {DLA-2972-1} + [experimental] - libxml2 2.9.8+dfsg-1 + - libxml2 2.9.10+dfsg-2 (bug #844581) + [buster] - libxml2 (Minor issue; intrusive to backport) + [jessie] - libxml2 (Minor issue; intrusive to backport) + [wheezy] - libxml2 (Minor issue) + NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726 + NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/2304078555896cf1638c628f50326aeef6f0e0d0 + NOTE: The patch introduces a new option that can be specified if this + NOTE: behaviour is wanted. Not enforced by default. + NOTE: The option though was reverted in https://gitlab.gnome.org/GNOME/libxml2/-/commit/030b1f7a27c22f9237eddca49ec5e620b6258d7d + NOTE: New proposed/commited fix: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad88b54f1a28a8565964a370b5d387927b633c0d +CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) befo ...) + {DSA-3777-1 DLA-804-1} + - libgd2 2.2.4-1 + NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1 + NOTE: https://github.com/libgd/libgd/issues/340 +CVE-2016-9316 (Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.tren ...) + NOT-FOR-US: Trend Micro +CVE-2016-9315 (Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updat ...) + NOT-FOR-US: Trend Micro +CVE-2016-9314 (Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigB ...) + NOT-FOR-US: Trend Micro +CVE-2016-9313 (security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles un ...) + - linux 4.8.7-1 + [jessie] - linux (Vulnerable code introduced later) + [wheezy] - linux (Vulnerable code introduced later) + NOTE: Fixed by: https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3) + NOTE: Introduced by: https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1) +CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows remote att ...) + - ntp (Only ntpd on Windows) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110 + NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 1:4.2.8p9+dfsg-1 +CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows r ...) + - ntp 1:4.2.8p9+dfsg-1 + [jessie] - ntp (Minor issue) + [wheezy] - ntp (Minor issue, not vulnerable by default) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119 + NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/ + NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction. +CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...) + - ntp 1:4.2.8p9+dfsg-1 + [jessie] - ntp (Minor issue) + [wheezy] - ntp (Minor issue, not vulnerable by default) + NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118 + NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0203/ + NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction. +CVE-2016-9309 + RESERVED +CVE-2016-9308 + RESERVED +CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) + NOT-FOR-US: Autodesk +CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) + NOT-FOR-US: Autodesk +CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismat ...) + NOT-FOR-US: Autodesk +CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) + NOT-FOR-US: Autodesk +CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can al ...) + NOT-FOR-US: Autodesk +CVE-2016-9295 + RESERVED +CVE-2016-9293 + RESERVED +CVE-2016-9292 + RESERVED +CVE-2016-9291 + RESERVED +CVE-2016-9290 + RESERVED +CVE-2016-9289 + RESERVED +CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php i ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of E ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CM ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in Exp ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9284 (getUsersByJSON in framework/modules/users/controllers/usersController. ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent C ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9282 (SQL Injection in framework/modules/search/controllers/searchController ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9281 + RESERVED +CVE-2016-9280 + RESERVED +CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...) + NOT-FOR-US: Samsung +CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows loca ...) + NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches) +CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, wit ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9271 (Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x bef ...) + NOT-FOR-US: Cloudera +CVE-2016-9270 + RESERVED +CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches i ...) + NOT-FOR-US: Trend Micro +CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the " ...) + - dotclear + NOTE: http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2 + NOTE: http://dev.dotclear.org/2.0/ticket/2214 +CVE-2016-9267 + RESERVED +CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf sandb ...) + {DLA-1151-1} + - wordpress 4.1+dfsg-1 + NOTE: https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/ + NOTE: flashmediaelement.swf removed from source tree starting in 4.1+dfsg-1 +CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote a ...) + {DSA-3713-1 DLA-712-1} + - gst-plugins-bad0.10 + NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html +CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allow ...) + - jenkins + NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/4 +CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c i ...) + - imagemagick 8:6.9.6.5+dfsg-1 (bug #844211) + [jessie] - imagemagick (Vulnerable code not present) + [wheezy] - imagemagick (Vulnerable code not present) + NOTE: https://github.com/ImageMagick/ImageMagick/issues/296 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/13/1 +CVE-2016-9300 + REJECTED +CVE-2016-9301 + REJECTED +CVE-2016-9302 + REJECTED +CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attacke ...) + {DSA-3762-1 DLA-716-1} + - tiff 4.0.7-1 (bug #844226) + - tiff3 + [wheezy] - tiff3 (Unreproducible) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/12/2 + NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed + NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7 + NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1 + NOTE: When fixing this CVE make sure to make the fix complete and not + NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593 + NOTE: Fix in 4.0.7 is complete. + NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e +CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled im ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 (tiff3 not shipping tools) + NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 +CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in readCon ...) + - tiff 4.0.7-1 (unimportant) + - tiff3 (tiff3 not shipping tools) + NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53 + NOTE: Crash in CLI tool, no security impact +CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in readCon ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 (tiff3 not shipping tools) + NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f +CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 (tiff3 not shipping tools) + NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f +CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write vulnerabilit ...) + {DSA-3762-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 (tiff3 not shipping tools) + NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e +CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...) + {DSA-3844-1 DLA-880-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 + NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 +CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of TI ...) + {DSA-3762-1 DLA-880-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba +CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilitie ...) + {DSA-3762-1 DLA-880-1 DLA-795-1} + - tiff 4.0.7-1 + - tiff3 + NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef +CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in tiffcr ...) + {DSA-3762-1 DLA-716-1} + - tiff 4.0.7-1 (bug #844057) + - tiff3 + [wheezy] - tiff3 (Tools not shipped by tiff3) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592 + NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad + NOTE: https://www.openwall.com/lists/oss-security/2016/11/11/14 +CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...) + - p7zip 16.02+dfsg-2 (unimportant; bug #844344) + [jessie] - p7zip (Vulnerable code with potential NULL pointer dereference introduced later) + [wheezy] - p7zip (Vulnerable code with potential NULL pointer dereference introduced later) + NOTE: https://sourceforge.net/p/p7zip/bugs/185/ + NOTE: no security impact +CVE-2016-9294 (Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225 ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697172 + NOTE: http://git.ghostscript.com/?p=mujs.git;a=commit;h=5008105780c0b0182ea6eda83ad5598f225be3ee +CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for A ...) + NOT-FOR-US: Samsung Exynos fimg2d driver for Android +CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, o ...) + NOT-FOR-US: Samsung Exynos fimg2d driver for Android +CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf bef ...) + - dwarfutils 20161124-1 (bug #844011) + [jessie] - dwarfutils (Minor issue) + [wheezy] - dwarfutils (Minor issue) + NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ + NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c + NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit. +CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in libdwa ...) + - dwarfutils 20161124-1 (bug #844012) + [jessie] - dwarfutils (Vulnerable code not present) + [wheezy] - dwarfutils (Vulnerable code not present) + NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ + NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c + NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit. +CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial o ...) + {DSA-3762-1 DLA-716-1} + - tiff 4.0.7-1 (bug #844013) + - tiff3 + [wheezy] - tiff3 (Unreproducible) + NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587 + NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7 + NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7 + NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1 +CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation En ...) + NOT-FOR-US: Tenable Log Correlation Engine +CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...) + NOT-FOR-US: Nessus +CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9. ...) + NOT-FOR-US: Nessus +CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauth ...) + NOT-FOR-US: F5 +CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM management UI o ...) + NOT-FOR-US: F5 BIG-IP +CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Contro ...) + NOT-FOR-US: F5 +CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated us ...) + NOT-FOR-US: F5 +CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11. ...) + NOT-FOR-US: F5 BIG-IP +CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified impa ...) + {DLA-799-1} + - ming (bug #843928) + NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c + NOTE: https://github.com/libming/libming/issues/53 +CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remo ...) + {DLA-799-1} + - ming (bug #843928) + NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list + NOTE: https://github.com/libming/libming/issues/52 +CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in Libmin ...) + {DLA-799-1} + - ming (bug #843928) + NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c + NOTE: https://github.com/libming/libming/issues/51 +CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in base/jas ...) + - jasper + [jessie] - jasper (Vulnerable code introduced later) + [wheezy] - jasper (Vulnerable code introduced later) + NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735 + NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the + NOTE: CVE is assigned for everything fixed in the above commit, a such seems till + NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected + NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c +CVE-2016-9258 + REJECTED +CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...) + NOT-FOR-US: F5 +CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl c ...) + NOT-FOR-US: F5 +CVE-2016-9255 + REJECTED +CVE-2016-9254 + REJECTED +CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic pattern ...) + NOT-FOR-US: F5 +CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 HF ...) + NOT-FOR-US: F5 BIG-IP +CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be a ...) + NOT-FOR-US: F5 +CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...) + NOT-FOR-US: F5 +CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server wit ...) + NOT-FOR-US: F5 +CVE-2016-9248 + REJECTED +CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server wit ...) + NOT-FOR-US: F5 +CVE-2016-9246 + REJECTED +CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to virtu ...) + NOT-FOR-US: F5 +CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has ...) + NOT-FOR-US: F5 TLS stack + NOTE: https://ticketbleed.com/ +CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...) + - python-cryptography 1.5.3-1 + [jessie] - python-cryptography 0.6.1-1+deb8u1 + NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211 + NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/08/6 +CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in framewo ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9241 + REJECTED +CVE-2016-9240 + REJECTED +CVE-2016-9239 + REJECTED +CVE-2016-9238 + REJECTED +CVE-2016-9237 + REJECTED +CVE-2016-9236 + REJECTED +CVE-2016-9235 + REJECTED +CVE-2016-9234 + REJECTED +CVE-2016-9233 + REJECTED +CVE-2016-9232 + REJECTED +CVE-2016-9231 + REJECTED +CVE-2016-9230 + REJECTED +CVE-2016-9229 + REJECTED +CVE-2016-9228 + REJECTED +CVE-2016-9227 + REJECTED +CVE-2016-9226 + REJECTED +CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco Ada ...) + NOT-FOR-US: Cisco Adaptive Security Appliance +CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an unauth ...) + NOT-FOR-US: Cisco +CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco CloudCente ...) + NOT-FOR-US: Cisco +CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...) + NOT-FOR-US: Cisco +CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection authent ...) + NOT-FOR-US: Cisco +CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...) + NOT-FOR-US: Cisco +CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco Wirel ...) + NOT-FOR-US: Cisco +CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an unauthen ...) + NOT-FOR-US: Cisco +CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco Inte ...) + NOT-FOR-US: Cisco +CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr ...) + NOT-FOR-US: Cisco ASR 5000 +CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...) + NOT-FOR-US: Cisco +CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that cou ...) + NOT-FOR-US: Cisco +CVE-2016-9213 + REJECTED +CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...) + NOT-FOR-US: Cisco +CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series Multi ...) + NOT-FOR-US: Cisco +CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool accessed vi ...) + NOT-FOR-US: Cisco +CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system software c ...) + NOT-FOR-US: Cisco +CVE-2016-9208 (A vulnerability in the File Management Utility, the Download File form ...) + NOT-FOR-US: Cisco +CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco Expressw ...) + NOT-FOR-US: Cisco +CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified Communications M ...) + NOT-FOR-US: Cisco +CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR ...) + NOT-FOR-US: Cisco +CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director could al ...) + NOT-FOR-US: Cisco +CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature ...) + NOT-FOR-US: Cisco +CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco Email S ...) + NOT-FOR-US: Cisco +CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS and Ci ...) + NOT-FOR-US: Cisco +CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime Collaboration ...) + NOT-FOR-US: Cisco +CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework (CAF) of Ci ...) + NOT-FOR-US: Cisco +CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...) + NOT-FOR-US: Cisco +CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Expres ...) + NOT-FOR-US: Cisco +CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet 18 ...) + NOT-FOR-US: Cisco +CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request proces ...) + NOT-FOR-US: Cisco +CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...) + NOT-FOR-US: Cisco +CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...) + NOT-FOR-US: Cisco +CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...) + NOT-FOR-US: Cisco +CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in frontend/m ...) + - gnuchess 6.2.4-1 (unimportant) + NOTE: Built with hardening flags, no security impact + NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html + NOTE: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134 +CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary command ...) + {DSA-3712-1} + - terminology 0.7.0-2 (bug #843434) + NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/04/12 +CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 m ...) + {DSA-3791-1} + - linux 4.9.6-1 + [wheezy] - linux (Vulnerable code introduced in 3.11-rc1) + NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4) + NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1) +CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute arbi ...) + {DSA-3710-1 DLA-705-1} + - pillow 3.4.2-1 + - python-imaging + NOTE: https://github.com/python-pillow/Pillow/issues/2105 + NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af +CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain sensi ...) + {DSA-3710-1 DLA-705-1} + - pillow 3.4.2-1 + - python-imaging + NOTE: https://github.com/python-pillow/Pillow/issues/2105 + NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f +CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before ...) + NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter + NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 +CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...) + NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter + NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 +CVE-2016-9186 (Unrestricted file upload vulnerability in the "legacy course files" an ...) + NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter + NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405 +CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an a ...) + - heat 1:7.0.0-2 (bug #843232) + [jessie] - heat (Minor issue) + NOTE: https://bugs.launchpad.net/ossa/+bug/1606500 +CVE-2016-9184 (In /framework/modules/core/controllers/expHTMLEditorController.php of ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php of Exp ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a controller ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote attackers ...) + NOT-FOR-US: Spark (sparkjava) +CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of Mi ...) + NOT-FOR-US: Micro Focus Rumba +CVE-2016-9175 + REJECTED +CVE-2016-9174 + REJECTED +CVE-2016-9173 + REJECTED +CVE-2016-9172 + REJECTED +CVE-2016-9171 + REJECTED +CVE-2016-9170 + REJECTED +CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Documen ...) + NOT-FOR-US: Novell +CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...) + NOT-FOR-US: Novell +CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...) + NOT-FOR-US: Novell +CVE-2016-9166 (NetIQ eDirectory versions prior to 9.0.2, under some circumstances, co ...) + NOT-FOR-US: Novell +CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management (form ...) + NOT-FOR-US: CA Unified Infrastructure Management +CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified Infra ...) + NOT-FOR-US: CA Unified Infrastructure Management +CVE-2016-9163 + REJECTED +CVE-2016-9162 + REJECTED +CVE-2016-9161 + REJECTED +CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions < SIMATIC WinCC ...) + NOT-FOR-US: Siemens SIMATIC WinCC +CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) + NOT-FOR-US: Siemens SIMATIC +CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family (All ...) + NOT-FOR-US: Siemens SIMATIC +CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) + NOT-FOR-US: Siemens SICAM PAS +CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...) + NOT-FOR-US: Siemens SICAM PAS +CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, ...) + NOT-FOR-US: Siemens +CVE-2016-9154 (Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo ...) + NOT-FOR-US: Siemens Desigo PX +CVE-2016-9153 + RESERVED +CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...) + {DLA-738-1} + - spip 3.1.4-2 (bug #847156) + [jessie] - spip 3.0.17-2+deb8u3 + NOTE: https://core.spip.net/projects/spip/repository/revisions/23290 +CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x be ...) + NOT-FOR-US: PAN-OS +CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks ...) + NOT-FOR-US: PAN-OS +CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20 ...) + NOT-FOR-US: PAN-OS +CVE-2016-9148 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (f ...) + NOT-FOR-US: CA Service Desk Manager +CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...) + {DSA-3758-1 DLA-805-1} + [experimental] - bind9 1:9.10.4-P5-1 + - bind9 1:9.10.3.dfsg.P4-11 (bug #851063) + NOTE: https://kb.isc.org/article/AA-01440/0 +CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to ...) + NOT-FOR-US: git-fastclone +CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution f ...) + NOT-FOR-US: git-fastclone +CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not veri ...) + - linux 4.4.2-1 + [jessie] - linux 3.16.7-ckt25-1 + [wheezy] - linux 3.2.78-1 + NOTE: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1386286 + NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1) + NOTE: Followed by a complete set of related upstrema commits. See kernel-sec + NOTE: triage for details. + NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/6 +CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority component of ...) + {DLA-719-1} + - lynx 2.8.9dev11-1 (bug #843258) + - lynx-cur + [jessie] - lynx-cur (Minor issue) + NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/4 + NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream + NOTE: the uplaod to unstable as 2.8.9dev10-1 +CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...) + - linux (Vulnerable code not present) + NOTE: No incorrect backport of CVE-2016-9178 done in Debian + NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af + NOTE: (added in 4.8) is backported without also backporting + NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such + NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to + NOTE: the 3.2 and 3.16 LTS series + NOTE: https://www.openwall.com/lists/oss-security/2016/11/03/2 +CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the L ...) + {DLA-772-1} + - linux 4.7.5-1 + [jessie] - linux 3.16.39-1 + NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7) + NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644 +CVE-2016-9146 + RESERVED +CVE-2016-9145 + REJECTED +CVE-2016-9144 + REJECTED +CVE-2016-9143 + REJECTED +CVE-2016-9142 + REJECTED +CVE-2016-9141 + REJECTED +CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ( ...) + - libimage-info-perl 1.39-1 (bug #842891) + [jessie] - libimage-info-perl (Minor issue) + [wheezy] - libimage-info-perl (Minor issue) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556 + NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1 + NOTE: Older versions of libimage-info-perl only can use XML::Simple. + NOTE: Controlling XXE processing behavior in XML::Simple is not really + NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794), + NOTE: so as a workaround the underlying SAX parser is fixed to + NOTE: XML::SAX::PurePerl which is uncapable of processing external entities + NOTE: but unfortunately it is also a slow parser. +CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as con ...) + - libxml-twig-perl 1:3.50-1.1 (low; bug #842893) + [stretch] - libxml-twig-perl (Minor issue; can be fixed via point release) + [jessie] - libxml-twig-perl (Minor issue; can be fixed via point release) + [wheezy] - libxml-twig-perl (Minor issue, new flag would require changes to applications too, not worth the effort) + NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097 + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553 + NOTE: https://www.openwall.com/lists/oss-security/2016/11/02/1 + NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities. + NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master +CVE-2016-9136 (Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8 ...) + - mujs (Fixed before initial upload to Debian) + NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697244 +CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/fra ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/exp ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9133 + RESERVED +CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer over ...) + {DLA-786-1} + - botan1.10 1.10.14-1 + [jessie] - botan1.10 (Minor issue, not believed to be exploitable in practice) + NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected. + NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f +CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9. ...) + {DSA-3758-1 DLA-805-1} + [experimental] - bind9 1:9.10.4-P5-1 + - bind9 1:9.10.3.dfsg.P4-11 (bug #851065) + NOTE: https://kb.isc.org/article/AA-01439/0 +CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ( ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames ar ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by allowin ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of Exce ...) + NOT-FOR-US: Revive Adserver +CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bi ...) + - golang-gopkg-square-go-jose.v1 1.0.5-1 +CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. Th ...) + - golang-gopkg-square-go-jose.v1 1.0.5-1 +CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH ...) + - golang-gopkg-square-go-jose.v1 1.0.5-1 +CVE-2016-9140 + REJECTED +CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...) + {DLA-787-1} + - otrs2 5.0.14-1 (bug #843091) + [jessie] - otrs2 3.3.18-1+deb8u1 + NOTE: https://community.otrs.com/security-advisory-2016-02-security-update-otrs + NOTE: https://www.openwall.com/lists/oss-security/2016/11/01/5 + NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a +CVE-2016-9120 (Race condition in the ion_ioctl function in drivers/staging/android/io ...) + - linux 4.6.1-1 (unimportant) + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1) +CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI e ...) + {DSA-3715-1 DLA-717-1} + - moin 1.9.9-1 (bug #844338) + NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd +CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of conve ...) + {DSA-4013-1} + - openjpeg2 2.1.2-1.2 (bug #844557) + NOTE: https://github.com/uclouvain/openjpeg/issues/861 + NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41 +CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in O ...) + - openjpeg2 (unimportant; bug #844556) + NOTE: https://github.com/uclouvain/openjpeg/issues/860 + NOTE: No code injection, function only exposed in the CLI tool +CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in O ...) + - openjpeg2 (unimportant; bug #844555) + NOTE: https://github.com/uclouvain/openjpeg/issues/859 + NOTE: No code injection, function only exposed in the CLI tool +CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...) + - openjpeg2 (unimportant; bug #844554) + NOTE: https://github.com/uclouvain/openjpeg/issues/858 + NOTE: No code injection, function only exposed in the CLI tool +CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of convert.c:194 ...) + - openjpeg2 (unimportant; bug #844553) + NOTE: https://github.com/uclouvain/openjpeg/issues/857 + NOTE: No code injection, function only exposed in the CLI tool +CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of convertb ...) + - openjpeg2 (unimportant; bug #844552) + NOTE: https://github.com/uclouvain/openjpeg/issues/856 + NOTE: No code injection, function only exposed in the CLI tool +CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cp ...) + {DLA-1851-1} + - openjpeg2 2.1.2-1.2 (bug #844551) + [stretch] - openjpeg2 2.1.2-1.1+deb9u4 + NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b + NOTE: https://github.com/uclouvain/openjpeg/issues/855 +CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4. ...) + NOT-FOR-US: Citrix +CVE-2016-9110 + RESERVED +CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...) + NOT-FOR-US: Symantec +CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...) + NOT-FOR-US: Symantec +CVE-2016-9098 + REJECTED +CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, Proxy ...) + NOT-FOR-US: Symantec +CVE-2016-9096 + REJECTED +CVE-2016-9095 + REJECTED +CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in quarant ...) + NOT-FOR-US: Symantec +CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec Endpoint P ...) + NOT-FOR-US: Symantec +CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail ...) + NOT-FOR-US: Symantec +CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...) + NOT-FOR-US: Blue Coat Advanced Secure Gateway +CVE-2016-9090 + RESERVED +CVE-2016-9089 + RESERVED +CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local us ...) + - linux 4.0.2-1 (unimportant) + NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1) + NOTE: Missing security mitigation, not a vulnerability per se +CVE-2015-8966 (arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allow ...) + - linux 4.4.2-1 + [jessie] - linux 3.16.7-ckt25-1 + [wheezy] - linux (Vulnerable code not present) + NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8) +CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service (c ...) + - mujs (Fixed before initial upload to Debian) +CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex Sof ...) + - mujs (Fixed before initial upload to Debian) +CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using XHT ...) + - gajim-otr (bug #722130) + NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145 + NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae + NOTE: https://www.openwall.com/lists/oss-security/2016/10/30/2 +CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Android Broadcom driver +CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver c ...) + NOT-FOR-US: Android Broadcom driver +CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka Qu ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842463) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html + NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/4 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9 +CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka Qui ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842463) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html + NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/3 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c +CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) v9fs_xat ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842463) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html + NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/2 +CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick Emula ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842463) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html + NOTE: https://www.openwall.com/lists/oss-security/2016/10/28/1 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d +CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ( ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842463) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550 + NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/15 + NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06 +CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows l ...) + {DLA-1599-1 DLA-698-1 DLA-689-1} + - qemu 1:2.8+dfsg-1 (bug #842455) + - qemu-kvm + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538 + NOTE: https://www.openwall.com/lists/oss-security/2016/10/27/14 + NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0) +CVE-2016-9088 + RESERVED +CVE-2016-9087 (SQL injection vulnerability in framework/modules/filedownloads/control ...) + NOT-FOR-US: Exponent CMS +CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw in th ...) + - gitlab 8.13.3+dfsg1-2 (bug #843519) + NOTE: https://hackerone.com/reports/178152 + NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/ +CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, passwo ...) + NOT-FOR-US: Joomla! +CVE-2016-9080 (Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs ...) + - firefox 50.1.0-1 + - firefox-esr (Only affects Firefox 50.x) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080 +CVE-2016-9079 (A use-after-free vulnerability in SVG Animation has been discovered. A ...) + {DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1} + - firefox 50.0.2-1 + - firefox-esr 45.5.1esr-1 + - icedove 1:45.5.1-1 + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079 +CVE-2016-9078 (Redirection from an HTTP connection to a "data:" URL assigns the refer ...) + - firefox 50.0.2-1 + - firefox-esr (Does not affect Firefox 45 ESR release) + NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/ +CVE-2016-9077 (Canvas allows the use of the "feDisplacementMap" filter on images load ...) + - firefox 50.0-1 + - firefox-esr (Does not affect Firefox 45 ESR release) +CVE-2016-9076 (An issue where a "